Salamander finalmask: Replace math/rand with crypto/rand in salt generation (#6228)

And https://github.com/XTLS/Xray-core/pull/6228#issuecomment-4612712100

Fixes https://github.com/XTLS/Xray-core/pull/6228#issuecomment-4599037015
This commit is contained in:
IconHHw
2026-06-09 03:55:06 +08:00
committed by GitHub
parent 2249f8b5c6
commit 83cf229909
4 changed files with 18 additions and 21 deletions
@@ -1,11 +1,11 @@
package salamander
import (
"crypto/rand"
"fmt"
"math/rand"
"sync"
"time"
"github.com/xtls/xray-core/common"
"golang.org/x/crypto/blake2b"
)
@@ -21,8 +21,7 @@ var ErrPSKTooShort = fmt.Errorf("PSK must be at least %d bytes", smPSKMinLen)
// the BLAKE2b-256 hash of a pre-shared key combined with a random salt.
// Packet format: [8-byte salt][payload]
type SalamanderObfuscator struct {
PSK []byte
RandSrc *rand.Rand
PSK []byte
lk sync.Mutex
keyInput []byte
@@ -37,7 +36,6 @@ func NewSalamanderObfuscator(psk []byte) (*SalamanderObfuscator, error) {
copy(keyInput, pskCopy)
return &SalamanderObfuscator{
PSK: pskCopy,
RandSrc: rand.New(rand.NewSource(time.Now().UnixNano())),
keyInput: keyInput,
}, nil
}
@@ -47,8 +45,8 @@ func (o *SalamanderObfuscator) Obfuscate(in, out []byte) int {
if len(out) < outLen {
return 0
}
common.Must2(rand.Read(out[:smSaltLen]))
o.lk.Lock()
_, _ = o.RandSrc.Read(out[:smSaltLen])
key := o.keyLocked(out[:smSaltLen])
o.lk.Unlock()
for i, c := range in {