Deprecate TinyRng

nabetti1720 · nabetti1720 · commit a6a31aae054b · 2026-01-20T21:40:15.000+09:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -26,14 +26,13 @@ der = { version = "0.8.0-rc.10", default-features = false }
 digest = { version = "0.11.0-rc.5", default-features = false }
 ecdsa = { version = "0.17.0-rc.12", default-features = false, features = ["alloc"] }
 ed25519-dalek = { version = "3.0.0-pre.4", default-features = false, features = ["pkcs8"] }
-getrandom = { version = "0.2", default-features = false, features = ["custom"] }
 hmac = { version = "0.13.0-rc.3", default-features = false }
 p256 = { version = "0.14.0-rc.4", default-features = false, features = ["pem", "ecdsa", "ecdh"] }
 p384 = { version = "0.14.0-rc.4", default-features = false, features = ["pem", "ecdsa", "ecdh"] }
 paste = { version = "1", default-features = false }
 pkcs8 = { version = "0.11.0-rc.8", default-features = false }
 pki-types = { package = "rustls-pki-types", version = "1", default-features = false }
-rand_core = { version = "0.10.0-rc-3", default-features = false }
+rand = { version = "=0.10.0-rc.6", default-features = false, features = ["sys_rng"] }
 rsa = { version = "0.10.0-rc.12", default-features = false, features = ["sha2", "encoding"] }
 rustls = { version = "0.23", default-features = false }
 sha2 = { version = "0.11.0-rc.3", default-features = false }
diff --git a/src/kx.rs b/src/kx.rs
@@ -4,6 +4,7 @@ use alloc::boxed::Box;
 use crypto::{SharedSecret, SupportedKxGroup};
 use crypto_common::Generate;
 use paste::paste;
+use rand::TryRngCore;
 use rustls::crypto;
 
 #[derive(Debug)]
@@ -15,7 +16,8 @@ impl crypto::SupportedKxGroup for X25519 {
     }
 
     fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, rustls::Error> {
-        let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(&mut crate::misc::TinyRng);
+        let mut rng = rand::rngs::SysRng.unwrap_err();
+        let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(&mut rng);
         let pub_key = (&priv_key).into();
         Ok(Box::new(X25519KeyExchange { priv_key, pub_key }))
     }
@@ -61,7 +63,8 @@ macro_rules! impl_kx {
                 }
 
                 fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, rustls::Error> {
-                    let priv_key = <$secret>::try_generate_from_rng(&mut crate::misc::TinyRng).map_err(|_| rustls::Error::from(rustls::PeerMisbehaved::InvalidKeyShare))?;
+                    let mut rng = rand::rngs::SysRng.unwrap_err();
+                    let priv_key = <$secret>::try_generate_from_rng(&mut rng).map_err(|_| rustls::Error::from(rustls::PeerMisbehaved::InvalidKeyShare))?;
                     let pub_key: $public_key = (&priv_key).into();
                     Ok(Box::new([<$name KeyExchange>] {
                         priv_key,
diff --git a/src/lib.rs b/src/lib.rs
@@ -41,6 +41,7 @@ extern crate alloc;
 #[cfg(feature = "alloc")]
 use alloc::sync::Arc;
 
+use rand::TryRngCore;
 use rustls::crypto::{
     CipherSuiteCommon, CryptoProvider, GetRandomFailed, KeyProvider, SecureRandom,
 };
@@ -64,7 +65,8 @@ pub fn provider() -> CryptoProvider {
 
 impl SecureRandom for Provider {
     fn fill(&self, bytes: &mut [u8]) -> Result<(), GetRandomFailed> {
-        getrandom::getrandom(bytes).map_err(|_| GetRandomFailed)
+        let mut rng = rand::rngs::SysRng.unwrap_err();
+        rng.try_fill_bytes(bytes).map_err(|_| GetRandomFailed)
     }
 }
 
diff --git a/src/misc.rs b/src/misc.rs
@@ -38,28 +38,3 @@ macro_rules! const_concat_slices {
 }
 
 pub(crate) use const_concat_slices;
-
-/// A tiny RNG adapter that uses `getrandom` directly and implements the
-/// `rand_core::RngCore` and `rand_core::CryptoRng` traits so it can be used
-/// in places that expect those traits without pulling in the `rand` crate.
-pub struct TinyRng;
-
-impl rand_core::CryptoRng for TinyRng {}
-
-impl rand_core::RngCore for TinyRng {
-    fn next_u32(&mut self) -> u32 {
-        let mut b = [0u8; 4];
-        self.fill_bytes(&mut b);
-        u32::from_ne_bytes(b)
-    }
-
-    fn next_u64(&mut self) -> u64 {
-        let mut b = [0u8; 8];
-        self.fill_bytes(&mut b);
-        u64::from_ne_bytes(b)
-    }
-
-    fn fill_bytes(&mut self, dst: &mut [u8]) {
-        getrandom::getrandom(dst).expect("getrandom failure");
-    }
-}
diff --git a/src/sign.rs b/src/sign.rs
@@ -7,6 +7,7 @@ use self::eddsa::Ed25519SigningKey;
 use self::rsa::RsaSigningKey;
 
 use pki_types::PrivateKeyDer;
+use rand::TryRngCore;
 use rustls::sign::{Signer, SigningKey};
 use rustls::{Error, SignatureScheme};
 use signature::{RandomizedSigner, SignatureEncoding};
@@ -28,8 +29,9 @@ where
     T: RandomizedSigner<S> + Send + Sync + core::fmt::Debug,
 {
     fn sign(&self, message: &[u8]) -> Result<Vec<u8>, Error> {
+        let mut rng = rand::rngs::SysRng.unwrap_err();
         self.key
-            .try_sign_with_rng(&mut crate::misc::TinyRng, message)
+            .try_sign_with_rng(&mut rng, message)
             .map_err(|_| rustls::Error::General("signing failed".into()))
             .map(|sig: S| sig.to_vec())
     }
diff --git a/validation/local_ping_pong_openssl/Cargo.lock b/validation/local_ping_pong_openssl/Cargo.lock

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ extern crate alloc;`
`41`	`41`	`#[cfg(feature = "alloc")]`
`42`	`42`	`use alloc::sync::Arc;`
`43`	`43`
	`44`	`+use rand::TryRngCore;`
`44`	`45`	`use rustls::crypto::{`
`45`	`46`	`CipherSuiteCommon, CryptoProvider, GetRandomFailed, KeyProvider, SecureRandom,`
`46`	`47`	`};`
`@@ -64,7 +65,8 @@ pub fn provider() -> CryptoProvider {`
`64`	`65`
`65`	`66`	`impl SecureRandom for Provider {`
`66`	`67`	`fn fill(&self, bytes: &mut [u8]) -> Result<(), GetRandomFailed> {`
`67`		`- getrandom::getrandom(bytes).map_err(\|_\| GetRandomFailed)`
	`68`	`+ let mut rng = rand::rngs::SysRng.unwrap_err();`
	`69`	`+ rng.try_fill_bytes(bytes).map_err(\|_\| GetRandomFailed)`
`68`	`70`	`}`
`69`	`71`	`}`
`70`	`72`