1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-12-22 18:17:52 -05:00

fix: Replace "math/rand" with "crypto/rand" in padding generation(#2032)

This commit is contained in:
NaLan ZeYu 2022-10-06 18:21:09 +08:00 committed by GitHub
parent 5e8f5b38b6
commit a4a3f4deec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -2,8 +2,8 @@ package crypto
import ( import (
"crypto/cipher" "crypto/cipher"
"crypto/rand"
"io" "io"
"math/rand"
"github.com/v2fly/v2ray-core/v5/common" "github.com/v2fly/v2ray-core/v5/common"
"github.com/v2fly/v2ray-core/v5/common/buf" "github.com/v2fly/v2ray-core/v5/common/buf"
@ -262,7 +262,8 @@ func (w *AuthenticationWriter) seal(b []byte) (*buf.Buffer, error) {
return nil, err return nil, err
} }
if paddingSize > 0 { if paddingSize > 0 {
// With size of the chunk and padding length encrypted, the content of padding doesn't matter much. // These paddings will send in clear text.
// To avoid leakage of PRNG internal state, a cryptographically secure PRNG should be used.
paddingBytes := eb.Extend(paddingSize) paddingBytes := eb.Extend(paddingSize)
common.Must2(rand.Read(paddingBytes)) common.Must2(rand.Read(paddingBytes))
} }