Change to use getrandom directly

Author: nabetti1720

Cargo.lock

@@ -32,7 +32,7 @@ p384 = { version = "=0.14.0-rc.4", default-features = false, features = ["pem",
 paste = { version = "1", default-features = false }
 pkcs8 = { version = "=0.11.0-rc.8", default-features = false }
 pki-types = { package = "rustls-pki-types", version = "1", default-features = false }
-rand = { version = "=0.10.0-rc.6", default-features = false, features = ["sys_rng"] }
+getrandom = { version = "=0.4.0-rc.0", default-features = false, features = ["sys_rng"] }
 rsa = { version = "=0.10.0-rc.12", default-features = false, features = ["sha2", "encoding"] }
 rustls = { version = "0.23", default-features = false }
 sha2 = { version = "=0.11.0-rc.3", default-features = false }

Cargo.toml

@@ -3,8 +3,8 @@ use alloc::boxed::Box;
 
 use crypto::{SharedSecret, SupportedKxGroup};
 use crypto_common::Generate;
+use getrandom::rand_core::TryRngCore;
 use paste::paste;
-use rand::TryRngCore;
 use rustls::crypto;
 
 #[derive(Debug)]
@@ -16,7 +16,7 @@ impl crypto::SupportedKxGroup for X25519 {
     }
 
     fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, rustls::Error> {
-        let mut rng = rand::rngs::SysRng.unwrap_err();
+        let mut rng = getrandom::SysRng.unwrap_err();
         let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(&mut rng);
         let pub_key = (&priv_key).into();
         Ok(Box::new(X25519KeyExchange { priv_key, pub_key }))
@@ -63,7 +63,7 @@ macro_rules! impl_kx {
                 }
 
                 fn start(&self) -> Result<Box<dyn crypto::ActiveKeyExchange>, rustls::Error> {
-                    let mut rng = rand::rngs::SysRng.unwrap_err();
+                    let mut rng = getrandom::SysRng.unwrap_err();
                     let priv_key = <$secret>::try_generate_from_rng(&mut rng).map_err(|_| rustls::Error::from(rustls::PeerMisbehaved::InvalidKeyShare))?;
                     let pub_key: $public_key = (&priv_key).into();
                     Ok(Box::new([<$name KeyExchange>] {

src/kx.rs

@@ -64,8 +64,8 @@ pub fn provider() -> CryptoProvider {
 
 impl SecureRandom for Provider {
     fn fill(&self, bytes: &mut [u8]) -> Result<(), GetRandomFailed> {
-        use rand::TryRngCore;
-        let mut rng = rand::rngs::SysRng.unwrap_err();
+        use getrandom::rand_core::TryRngCore;
+        let mut rng = getrandom::SysRng.unwrap_err();
         rng.try_fill_bytes(bytes).map_err(|_| GetRandomFailed)
     }
 }

src/lib.rs

@@ -6,8 +6,8 @@ use self::ecdsa::{EcdsaSigningKeyP256, EcdsaSigningKeyP384};
 use self::eddsa::Ed25519SigningKey;
 use self::rsa::RsaSigningKey;
 
+use getrandom::rand_core::TryRngCore;
 use pki_types::PrivateKeyDer;
-use rand::TryRngCore;
 use rustls::sign::{Signer, SigningKey};
 use rustls::{Error, SignatureScheme};
 use signature::{RandomizedSigner, SignatureEncoding};
@@ -29,7 +29,7 @@ where
     T: RandomizedSigner<S> + Send + Sync + core::fmt::Debug,
 {
     fn sign(&self, message: &[u8]) -> Result<Vec<u8>, Error> {
-        let mut rng = rand::rngs::SysRng.unwrap_err();
+        let mut rng = getrandom::SysRng.unwrap_err();
         self.key
             .try_sign_with_rng(&mut rng, message)
             .map_err(|_| rustls::Error::General("signing failed".into()))