1 files changed, 23 insertions, 3 deletions

diff --git a/third_party/rust/neqo-crypto/src/p11.rs b/third_party/rust/neqo-crypto/src/p11.rs
index 5552882e2e..c235bb869c 100644
--- a/third_party/rust/neqo-crypto/src/p11.rs
+++ b/third_party/rust/neqo-crypto/src/p11.rs
@@ -13,7 +13,7 @@ use std::{
     cell::RefCell,
     mem,
     ops::{Deref, DerefMut},
-    os::raw::{c_int, c_uint},
+    os::raw::c_uint,
     ptr::null_mut,
 };
 
@@ -290,14 +290,31 @@ impl Item {
     }
 }
 
+#[cfg(feature = "disable-random")]
+thread_local! {
+    static CURRENT_VALUE: std::cell::Cell<u8> = const { std::cell::Cell::new(0) };
+}
+
+#[cfg(feature = "disable-random")]
+/// Fill a buffer with a predictable sequence of bytes.
+pub fn randomize<B: AsMut<[u8]>>(mut buf: B) -> B {
+    let m_buf = buf.as_mut();
+    for v in m_buf.iter_mut() {
+        *v = CURRENT_VALUE.get();
+        CURRENT_VALUE.set(v.wrapping_add(1));
+    }
+    buf
+}
+
 /// Fill a buffer with randomness.
 ///
 /// # Panics
 ///
 /// When `size` is too large or NSS fails.
+#[cfg(not(feature = "disable-random"))]
 pub fn randomize<B: AsMut<[u8]>>(mut buf: B) -> B {
     let m_buf = buf.as_mut();
-    let len = c_int::try_from(m_buf.len()).unwrap();
+    let len = std::os::raw::c_int::try_from(m_buf.len()).unwrap();
     secstatus_to_res(unsafe { PK11_GenerateRandom(m_buf.as_mut_ptr(), len) }).unwrap();
     buf
 }
@@ -359,10 +376,13 @@ mod test {
     use test_fixture::fixture_init;
 
     use super::RandomCache;
-    use crate::{random, randomize};
+    use crate::random;
 
+    #[cfg(not(feature = "disable-random"))]
     #[test]
     fn randomness() {
+        use crate::randomize;
+
         fixture_init();
         // If any of these ever fail, there is either a bug, or it's time to buy a lottery ticket.
         assert_ne!(random::<16>(), randomize([0; 16]));