get rid of the getrandom requirement

stevefan1999-personal · stevefan1999-personal · commit 48f3f0731155 · 2024-09-25T16:41:27.000+08:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -32,7 +32,7 @@ p384 = { version = "0.13.0", default-features = false, features = ["pem", "ecdsa
 paste = { version = "1.0.14", default-features = false }
 pkcs8 = { version = "0.10.2", default-features = false, features = ["pem", "pkcs5"] }
 pki-types = { package = "rustls-pki-types", version = "1.0.1", default-features = false }
-rand_core = { version = "0.6.4", default-features = false, features = ["getrandom"] }
+rand_core = { version = "0.6.4", default-features = false }
 rsa = { version = "0.9.2", default-features = false, features = ["sha2"] }
 rustls = { version = "0.23.0", default-features = false }
 sec1 = { version = "0.7.3", default-features = false, features = ["pkcs8", "pem"] }
@@ -45,7 +45,7 @@ x25519-dalek = { version = "2", default-features = false }
 getrandom = { version = "0.2", features = ["custom"] } # workaround to build on no_std targets
 
 [features]
-default = ["std", "tls12", "zeroize"]
+default = ["std", "tls12", "zeroize", "getrandom"]
 logging = ["rustls/logging"]
 tls12 = ["rustls/tls12"]
 
@@ -57,3 +57,5 @@ std = ["alloc", "webpki/std", "pki-types/std", "rustls/std", "ed25519-dalek/std"
 # TODO: go through all of these to ensure to_vec etc. impls are exposed
 alloc = ["webpki/alloc", "pki-types/alloc", "aead/alloc", "ed25519-dalek/alloc"]
 zeroize = ["ed25519-dalek/zeroize", "x25519-dalek/zeroize"]
+
+getrandom = ["alloc", "rand_core/getrandom"]
diff --git a/src/kx.rs b/src/kx.rs
@@ -14,7 +14,7 @@ impl crypto::SupportedKxGroup for X25519 {
     }
 
     fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, rustls::Error> {
-        let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(rand_core::OsRng);
+        let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(crate::Provider);
         let pub_key = (&priv_key).into();
         Ok(Box::new(X25519KeyExchange { priv_key, pub_key }))
     }
@@ -60,7 +60,7 @@ macro_rules! impl_kx {
                 }
 
                 fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, rustls::Error> {
-                    let priv_key = $secret::random(&mut rand_core::OsRng);
+                    let priv_key = $secret::random(&mut crate::Provider);
                     let pub_key: $public_key = (&priv_key).into();
                     Ok(Box::new([<$name KeyExchange>] {
                         priv_key,
diff --git a/src/lib.rs b/src/lib.rs
@@ -38,9 +38,12 @@ compile_error!("Rustls currently does not support alloc-less environments");
 #[cfg(feature = "alloc")]
 extern crate alloc;
 
+use core::{cell::OnceCell, fmt::Debug};
+
 #[cfg(feature = "alloc")]
-use alloc::sync::Arc;
+use alloc::{boxed::Box, sync::Arc};
 
+use rand_core::{CryptoRng, RngCore};
 use rustls::crypto::{
     CipherSuiteCommon, CryptoProvider, GetRandomFailed, KeyProvider, SecureRandom,
 };
@@ -49,7 +52,7 @@ use rustls::{CipherSuite, SupportedCipherSuite, Tls13CipherSuite};
 #[cfg(feature = "tls12")]
 use rustls::SignatureScheme;
 
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub struct Provider;
 
 pub fn provider() -> CryptoProvider {
@@ -62,15 +65,76 @@ pub fn provider() -> CryptoProvider {
     }
 }
 
+// TODO: switch to ThinBox once it is available
+#[cfg(feature = "alloc")]
+static mut RNG: OnceCell<Box<dyn RngCore + Send + Sync>> = OnceCell::new();
+
+#[cfg(feature = "alloc")]
+fn get_rng_danger() -> &'static mut (dyn RngCore + Send + Sync) {
+    #[cfg(feature = "getrandom")]
+    #[allow(static_mut_refs)]
+    // SAFETY: we only init the randomness source if the once cell was not initialized
+    unsafe {
+        // TODO: Add unlikely(...) later when it is stabilized for faster speculative branch
+        if RNG.get().is_none() {
+            // This would either set the randomness source or panic, in other word, infallible
+            init_randomness_source(Box::new(rand_core::OsRng));
+        }
+    }
+
+    // SAFETY: If randomness source is not already set, the whole program panics due to the unwrap
+    // UNSAFETY: If you have a memory corruption (whether stack or heap or not), this could
+    #[allow(static_mut_refs)]
+    unsafe {
+        RNG.get_mut().expect("RNG was not set").as_mut()
+    }
+}
+
+// Initialize an RNG source, and panic if it was already set, which would only happen if two threads set the data at the same time.
+// This ensures the user would have to decide on the RNG source at the very beginning, likely the first function call in main and find way to provide entropy themselves
+// TIP: Use Box::from_raw to prevent having to do real heap allocation if you can assume your program to be single-threaded and your put RNG state as a global variable
+#[cfg(feature = "alloc")]
+pub fn init_randomness_source(rng: Box<dyn RngCore + Send + Sync>) {
+    // SAFETY: If randomness source is already set, the whole program panics
+    #[allow(static_mut_refs)]
+    unsafe {
+        if RNG.set(rng).is_err() {
+            panic!("RNG was set twice")
+        }
+    }
+}
+
+#[cfg(feature = "alloc")]
 impl SecureRandom for Provider {
     fn fill(&self, bytes: &mut [u8]) -> Result<(), GetRandomFailed> {
-        use rand_core::RngCore;
-        rand_core::OsRng
+        get_rng_danger()
             .try_fill_bytes(bytes)
             .map_err(|_| GetRandomFailed)
     }
 }
 
+#[cfg(feature = "alloc")]
+impl RngCore for Provider {
+    fn next_u32(&mut self) -> u32 {
+        get_rng_danger().next_u32()
+    }
+
+    fn next_u64(&mut self) -> u64 {
+        get_rng_danger().next_u64()
+    }
+
+    fn fill_bytes(&mut self, dest: &mut [u8]) {
+        get_rng_danger().fill_bytes(dest)
+    }
+
+    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand_core::Error> {
+        get_rng_danger().try_fill_bytes(dest)
+    }
+}
+
+#[cfg(feature = "alloc")]
+impl CryptoRng for Provider {}
+
 impl KeyProvider for Provider {
     fn load_private_key(
         &self,
@@ -81,15 +145,15 @@ impl KeyProvider for Provider {
 }
 
 #[cfg(feature = "tls12")]
-const TLS12_ECDSA_SCHEMES: [SignatureScheme; 4] = [
+pub const TLS12_ECDSA_SCHEMES: [SignatureScheme; 4] = [
     SignatureScheme::ECDSA_NISTP256_SHA256,
     SignatureScheme::ECDSA_NISTP384_SHA384,
     SignatureScheme::ECDSA_NISTP521_SHA512,
     SignatureScheme::ED25519,
 ];
 
 #[cfg(feature = "tls12")]
-const TLS12_RSA_SCHEMES: [SignatureScheme; 6] = [
+pub const TLS12_RSA_SCHEMES: [SignatureScheme; 6] = [
     SignatureScheme::RSA_PKCS1_SHA256,
     SignatureScheme::RSA_PKCS1_SHA384,
     SignatureScheme::RSA_PKCS1_SHA512,
@@ -190,21 +254,21 @@ pub const TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
     });
 
 #[cfg(feature = "tls12")]
-const TLS_ECDHE_RSA_SUITES: &[SupportedCipherSuite] = &[
+pub const TLS_ECDHE_RSA_SUITES: &[SupportedCipherSuite] = &[
     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 ];
 
 #[cfg(feature = "tls12")]
-const TLS12_SUITES: &[SupportedCipherSuite] = misc::const_concat_slices!(
+pub const TLS12_SUITES: &[SupportedCipherSuite] = misc::const_concat_slices!(
     SupportedCipherSuite,
     TLS_ECDHE_ECDSA_SUITES,
     TLS_ECDHE_RSA_SUITES
 );
 
 #[cfg(not(feature = "tls12"))]
-const TLS12_SUITES: &[SupportedCipherSuite] = &[];
+pub const TLS12_SUITES: &[SupportedCipherSuite] = &[];
 
 pub const TLS13_AES_128_GCM_SHA256: SupportedCipherSuite =
     SupportedCipherSuite::Tls13(&Tls13CipherSuite {
@@ -230,7 +294,7 @@ pub const TLS13_AES_256_GCM_SHA384: SupportedCipherSuite =
         quic: None,
     });
 
-const TLS13_AES_SUITES: &[SupportedCipherSuite] =
+pub const TLS13_AES_SUITES: &[SupportedCipherSuite] =
     &[TLS13_AES_128_GCM_SHA256, TLS13_AES_256_GCM_SHA384];
 
 pub const TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
@@ -245,13 +309,13 @@ pub const TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
         quic: None,
     });
 
-const TLS13_SUITES: &[SupportedCipherSuite] = misc::const_concat_slices!(
+pub const TLS13_SUITES: &[SupportedCipherSuite] = misc::const_concat_slices!(
     SupportedCipherSuite,
     TLS13_AES_SUITES,
     &[TLS13_CHACHA20_POLY1305_SHA256]
 );
 
-static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = misc::const_concat_slices!(
+pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = misc::const_concat_slices!(
     SupportedCipherSuite,
     if cfg!(feature = "tls12") {
         TLS12_SUITES
diff --git a/src/sign.rs b/src/sign.rs
@@ -2,6 +2,8 @@
 use alloc::{sync::Arc, vec::Vec};
 use core::marker::PhantomData;
 
+use crate::Provider;
+
 use self::ecdsa::{EcdsaSigningKeyP256, EcdsaSigningKeyP384};
 use self::eddsa::Ed25519SigningKey;
 use self::rsa::RsaSigningKey;
@@ -29,7 +31,7 @@ where
 {
     fn sign(&self, message: &[u8]) -> Result<Vec<u8>, Error> {
         self.key
-            .try_sign_with_rng(&mut rand_core::OsRng, message)
+            .try_sign_with_rng(&mut Provider, message)
             .map_err(|_| rustls::Error::General("signing failed".into()))
             .map(|sig: S| sig.to_vec())
     }

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ impl crypto::SupportedKxGroup for X25519 {`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, rustls::Error> {`
`17`		`- let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(rand_core::OsRng);`
	`17`	`+ let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(crate::Provider);`
`18`	`18`	`let pub_key = (&priv_key).into();`
`19`	`19`	`Ok(Box::new(X25519KeyExchange { priv_key, pub_key }))`
`20`	`20`	`}`
`@@ -60,7 +60,7 @@ macro_rules! impl_kx {`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, rustls::Error> {`
`63`		`- let priv_key = $secret::random(&mut rand_core::OsRng);`
	`63`	`+ let priv_key = $secret::random(&mut crate::Provider);`
`64`	`64`	`let pub_key: $public_key = (&priv_key).into();`
`65`	`65`	`Ok(Box::new([<$name KeyExchange>] {`
`66`	`66`	`priv_key,`