rustls · cpu · Feb 27, 2024 · Oct 5, 2023 · Dec 6, 2023 · Oct 5, 2023
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -108,11 +108,19 @@ jobs:
 
       - name: Install stable toolchain
         uses: dtolnay/rust-toolchain@stable
+        with:
+          target: x86_64-unknown-none
 
       - name: cargo build (debug; default features)
         run: cargo build --locked
         working-directory: rustls
 
+        # this target does _not_ include the libstd crate in its sysroot
+        # it will catch unwanted usage of libstd in _dependencies_
+      - name: cargo build (debug; default features; no-std)
+        run: cargo build --locked --no-default-features --target x86_64-unknown-none
+        working-directory: rustls
+
       - name: cargo test (debug; default features)
         run: cargo test --locked
         working-directory: rustls

diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml
@@ -18,7 +18,7 @@ p256 = { version = "0.13.2", default-features = false, features = ["alloc", "ecd
 pkcs8 = "0.10.2"
 pki-types = { package = "rustls-pki-types", version = "1" }
 rand_core = { version = "0.6", features = ["getrandom"] }
-rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] }
+rustls = { path = "../rustls", default-features = false, features = ["logging", "std", "tls12"] }
 rsa = { version = "0.9", features = ["sha2"], default-features = false }
 sha2 = { version = "0.10", default-features = false }
 signature = "2"

diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml
@@ -19,20 +19,21 @@ rustversion = { version = "1.0.6", optional = true }
 aws-lc-rs = { version = "1.6", optional = true, default-features = false, features = ["aws-lc-sys"] }
 log = { version = "0.4.4", optional = true }
 # remove once our MSRV is >= 1.70
-once_cell = "1"
+once_cell = { version = "1.16", default-features = false, features = ["alloc", "race"] }
 ring = { version = "0.17", optional = true }
 subtle = { version = "2.5.0", default-features = false }
-webpki = { package = "rustls-webpki", version = "0.102.2", features = ["std"], default-features = false }
-pki-types = { package = "rustls-pki-types", version = "1.2", features = ["std"] }
+webpki = { package = "rustls-webpki", version = "0.102.2", features = ["alloc"], default-features = false }
+pki-types = { package = "rustls-pki-types", version = "1.2", features = ["alloc"] }
 zeroize = "1.7"
 
 [features]
-default = ["aws_lc_rs", "logging", "tls12"]
+default = ["logging", "std", "tls12"]
+std = ["aws_lc_rs", "webpki/std", "pki-types/std", "once_cell/std"]
 logging = ["log"]
-aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs"]
+aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs", "std"]
 ring = ["dep:ring", "webpki/ring"]
 tls12 = []
-read_buf = ["rustversion"]
+read_buf = ["rustversion", "std"]
 fips = ["aws_lc_rs", "aws-lc-rs?/fips"]
 
 [dev-dependencies]

diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs
@@ -1,12 +1,13 @@
 use crate::error::Error;
+use crate::time_provider::TimeProvider;
 use crate::versions;
 use crate::{crypto::CryptoProvider, msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS};
 
 use alloc::format;
+use alloc::sync::Arc;
 use alloc::vec::Vec;
 use core::fmt;
 use core::marker::PhantomData;
-use std::sync::Arc;
 
 #[cfg(doc)]
 use crate::{ClientConfig, ServerConfig};
@@ -184,6 +185,7 @@ impl<Side: ConfigSide, State: fmt::Debug> fmt::Debug for ConfigBuilder<Side, Sta
 #[derive(Clone, Debug)]
 pub struct WantsVersions {
     pub(crate) provider: Arc<CryptoProvider>,
+    pub(crate) time_provider: Arc<dyn TimeProvider>,
 }
 
 impl<S: ConfigSide> ConfigBuilder<S, WantsVersions> {
@@ -248,6 +250,7 @@ impl<S: ConfigSide> ConfigBuilder<S, WantsVersions> {
             state: WantsVerifier {
                 provider: self.state.provider,
                 versions: versions::EnabledVersions::new(versions),
+                time_provider: self.state.time_provider,
             },
             side: self.side,
         })
@@ -261,6 +264,7 @@ impl<S: ConfigSide> ConfigBuilder<S, WantsVersions> {
 pub struct WantsVerifier {
     pub(crate) provider: Arc<CryptoProvider>,
     pub(crate) versions: versions::EnabledVersions,
+    pub(crate) time_provider: Arc<dyn TimeProvider>,
 }
 
 /// Helper trait to abstract [`ConfigBuilder`] over building a [`ClientConfig`] or [`ServerConfig`].

diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs
@@ -5,6 +5,7 @@ use crate::crypto::CryptoProvider;
 use crate::error::Error;
 use crate::key_log::NoKeyLog;
 use crate::msgs::handshake::CertificateChain;
+use crate::time_provider::TimeProvider;
 use crate::webpki::{self, WebPkiServerVerifier};
 use crate::{verify, versions};
 
@@ -56,6 +57,7 @@ impl ConfigBuilder<ClientConfig, WantsVerifier> {
                 provider: self.state.provider,
                 versions: self.state.versions,
                 verifier,
+                time_provider: self.state.time_provider,
             },
             side: PhantomData,
         }
@@ -94,6 +96,7 @@ pub(super) mod danger {
                     provider: self.cfg.state.provider,
                     versions: self.cfg.state.versions,
                     verifier,
+                    time_provider: self.cfg.state.time_provider,
                 },
                 side: PhantomData,
             }
@@ -110,6 +113,7 @@ pub struct WantsClientCert {
     provider: Arc<CryptoProvider>,
     versions: versions::EnabledVersions,
     verifier: Arc<dyn verify::ServerCertVerifier>,
+    time_provider: Arc<dyn TimeProvider>,
 }
 
 impl ConfigBuilder<ClientConfig, WantsClientCert> {
@@ -161,6 +165,7 @@ impl ConfigBuilder<ClientConfig, WantsClientCert> {
             enable_early_data: false,
             #[cfg(feature = "tls12")]
             require_ems: cfg!(feature = "fips"),
+            time_provider: self.state.time_provider,
         }
     }
 }