From 0a1979c12855fa9d033e7d59c28ee0974286009a Mon Sep 17 00:00:00 2001
From: Jorge Aparicio <jorge.aparicio@ferrous-systems.com>
Date: Mon, 16 Oct 2023 13:27:58 +0200
Subject: [PATCH 1/2] add an opt-in less-safe-getrandom-custom feature

This Cargo feature treats a user-provided `getrandom` implementation as
a secure random number generator (`SecureRandom`). The feature only has
effect on targets not supported by `getrandom`.

I agree to license my contributions to each file under the terms given
at the top of each file I changed.
---
 Cargo.toml  | 1 +
 src/lib.rs  | 8 ++++++++
 src/rand.rs | 4 ++++
 3 files changed, 13 insertions(+)

diff --git a/Cargo.toml b/Cargo.toml
index 0297fb68a7..1b4a2dd533 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -197,6 +197,7 @@ cc = { version = "1.0.83", default-features = false }
 default = ["alloc", "dev_urandom_fallback"]
 alloc = []
 dev_urandom_fallback = []
+less-safe-getrandom-custom = ["getrandom/custom"]
 slow_tests = []
 std = ["alloc"]
 unstable-testing-arm-no-hw = []
diff --git a/src/lib.rs b/src/lib.rs
index c7ff22efeb..ba0081160c 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -22,6 +22,14 @@
 //!     <th>Description
 //! <tr><td><code>alloc (default)</code>
 //!     <td>Enable features that require use of the heap, RSA in particular.
+//! <tr><td><code>less-safe-getrandom-custom</code>
+//!     <td>Treat a user-provided ("custom") <code>getrandom</code>
+//!         implementation as a secure random number generator (see
+//!         <code>SecureRandom</code>). Only has effect on targets
+//!         <strong>not</strong> supported by <code>getrandom</code>.
+//!         See <a href="https://docs.rs/getrandom/0.2.10/getrandom/macro.register_custom_getrandom.html">
+//!             <code>register_custom_getrandom</code>
+//!         </a> for details.
 //! <tr><td><code>std</code>
 //!     <td>Enable features that use libstd, in particular
 //!         <code>std::error::Error</code> integration. Implies `alloc`.
diff --git a/src/rand.rs b/src/rand.rs
index 603b01450b..bd22440729 100644
--- a/src/rand.rs
+++ b/src/rand.rs
@@ -125,6 +125,10 @@ impl crate::sealed::Sealed for SystemRandom {}
 // system's) CSPRNG. Avoid using it on targets where it uses the `rdrand`
 // implementation.
 #[cfg(any(
+    // NOTE `getrandom`'s (v0.2.10) docs state that a custom implementation will
+    // NOT override the implementation of supported targets, like the ones
+    // listed below.
+    feature = "less-safe-getrandom-custom",
     target_os = "aix",
     target_os = "android",
     target_os = "dragonfly",

From 2756989abd60318b87d8657b2c8a4d3a17fc2d44 Mon Sep 17 00:00:00 2001
From: Jorge Aparicio <jorge.aparicio@ferrous-systems.com>
Date: Fri, 3 Nov 2023 14:02:10 +0100
Subject: [PATCH 2/2] rename feature

and have it apply only when `target_os = "none"`
---
 Cargo.toml  |  2 +-
 src/lib.rs  | 16 +++++++++-------
 src/rand.rs |  5 +----
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 1b4a2dd533..32dc5edd0c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -197,7 +197,7 @@ cc = { version = "1.0.83", default-features = false }
 default = ["alloc", "dev_urandom_fallback"]
 alloc = []
 dev_urandom_fallback = []
-less-safe-getrandom-custom = ["getrandom/custom"]
+less-safe-getrandom-custom-or-rdrand = []
 slow_tests = []
 std = ["alloc"]
 unstable-testing-arm-no-hw = []
diff --git a/src/lib.rs b/src/lib.rs
index ba0081160c..8f0b4e49d7 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -22,14 +22,16 @@
 //!     <th>Description
 //! <tr><td><code>alloc (default)</code>
 //!     <td>Enable features that require use of the heap, RSA in particular.
-//! <tr><td><code>less-safe-getrandom-custom</code>
-//!     <td>Treat a user-provided ("custom") <code>getrandom</code>
-//!         implementation as a secure random number generator (see
-//!         <code>SecureRandom</code>). Only has effect on targets
-//!         <strong>not</strong> supported by <code>getrandom</code>.
-//!         See <a href="https://docs.rs/getrandom/0.2.10/getrandom/macro.register_custom_getrandom.html">
+//! <tr><td><code>less-safe-getrandom-custom-or-rdrand</code>
+//!     <td>Treat user-provided ("custom") and RDRAND-based <code>getrandom</code>
+//!         implementations as secure random number generators (see
+//!         <code>SecureRandom</code>). This feature only works with
+//!         <code>os = "none"</code> targets. See
+//!         <a href="https://docs.rs/getrandom/0.2.10/getrandom/macro.register_custom_getrandom.html">
 //!             <code>register_custom_getrandom</code>
-//!         </a> for details.
+//!         </a> and <a href="https://docs.rs/getrandom/0.2.10/getrandom/#rdrand-on-x86">
+//!             RDRAND on x86
+//!         </a> for additional details.
 //! <tr><td><code>std</code>
 //!     <td>Enable features that use libstd, in particular
 //!         <code>std::error::Error</code> integration. Implies `alloc`.
diff --git a/src/rand.rs b/src/rand.rs
index bd22440729..809791c79c 100644
--- a/src/rand.rs
+++ b/src/rand.rs
@@ -125,10 +125,7 @@ impl crate::sealed::Sealed for SystemRandom {}
 // system's) CSPRNG. Avoid using it on targets where it uses the `rdrand`
 // implementation.
 #[cfg(any(
-    // NOTE `getrandom`'s (v0.2.10) docs state that a custom implementation will
-    // NOT override the implementation of supported targets, like the ones
-    // listed below.
-    feature = "less-safe-getrandom-custom",
+    all(feature = "less-safe-getrandom-custom-or-rdrand", target_os = "none"),
     target_os = "aix",
     target_os = "android",
     target_os = "dragonfly",