fixup rand 0.9 migration

Author: baloo

Cargo.toml

@@ -11,4 +11,13 @@ resolver = "2"
 opt-level = 2
 
 [patch.crates-io]
+digest    = { git = "https://github.com/RustCrypto/traits.git", branch = "digest/newtype" }
+signature = { git = "https://github.com/RustCrypto/traits.git" }
+
 ed25519 = { git = "https://github.com/RustCrypto/signatures.git" }
+
+blake2 = { git = "https://github.com/RustCrypto/hashes.git", branch = "newtype" }
+sha2   = { git = "https://github.com/RustCrypto/hashes.git", branch = "newtype" }
+sha3   = { git = "https://github.com/RustCrypto/hashes.git", branch = "newtype" }
+
+merlin = { git = "https://github.com/nresare/merlin.git", branch = "bump_to_rand_0.9" }

curve25519-dalek/Cargo.toml

@@ -30,7 +30,7 @@ rustdoc-args = [
 features = ["serde", "rand_core", "digest", "legacy_compatibility", "group-bits"]
 
 [dev-dependencies]
-sha2 = { version = "=0.11.0-pre.4", default-features = false }
+sha2 = { version = "=0.11.0-pre.5", default-features = false }
 bincode = "1"
 criterion = { version = "0.5", features = ["html_reports"] }
 hex = "0.4.2"
@@ -47,10 +47,10 @@ required-features = ["alloc", "rand_core"]
 
 [dependencies]
 cfg-if = "1"
-ff = { version = "0.13", default-features = false, optional = true }
-group = { version = "0.13", default-features = false, optional = true }
+ff = { version = "=0.14.0-pre.0", default-features = false, optional = true }
+group = { version = "=0.14.0-pre.0", default-features = false, optional = true }
 rand_core = { version = "0.9", default-features = false, optional = true }
-digest = { version = "=0.11.0-pre.9", default-features = false, optional = true }
+digest = { version = "=0.11.0-pre.10", default-features = false, optional = true }
 subtle = { version = "2.6.0", default-features = false }
 serde = { version = "1.0", default-features = false, optional = true, features = ["derive"] }
 zeroize = { version = "1", default-features = false, optional = true }

curve25519-dalek/benches/dalek_benchmarks.rs

@@ -1,6 +1,6 @@
 #![allow(non_snake_case)]
 
-use rand::{rngs::OsRng, thread_rng};
+use rand::{TryRngCore, rng, rngs::OsRng};
 
 use criterion::{
     criterion_main, measurement::Measurement, BatchSize, BenchmarkGroup, BenchmarkId, Criterion,
@@ -46,7 +46,7 @@ mod edwards_benches {
 
     fn vartime_double_base_scalar_mul<M: Measurement>(c: &mut BenchmarkGroup<M>) {
         c.bench_function("Variable-time aA+bB, A variable, B fixed", |bench| {
-            let mut rng = thread_rng();
+            let mut rng = rng();
             let A = EdwardsPoint::mul_base(&Scalar::random(&mut rng));
             bench.iter_batched(
                 || (Scalar::random(&mut rng), Scalar::random(&mut rng)),
@@ -78,12 +78,12 @@ mod multiscalar_benches {
     use curve25519_dalek::traits::VartimePrecomputedMultiscalarMul;
 
     fn construct_scalars(n: usize) -> Vec<Scalar> {
-        let mut rng = thread_rng();
+        let mut rng = rng();
         (0..n).map(|_| Scalar::random(&mut rng)).collect()
     }
 
     fn construct_points(n: usize) -> Vec<EdwardsPoint> {
-        let mut rng = thread_rng();
+        let mut rng = rng();
         (0..n)
             .map(|_| EdwardsPoint::mul_base(&Scalar::random(&mut rng)))
             .collect()
@@ -251,7 +251,7 @@ mod ristretto_benches {
                 |b, &&size| {
                     let mut rng = OsRng;
                     let points: Vec<RistrettoPoint> = (0..size)
-                        .map(|_| RistrettoPoint::random(&mut rng))
+                        .map(|_| RistrettoPoint::try_from_rng(&mut rng).unwrap())
                         .collect();
                     b.iter(|| RistrettoPoint::double_and_compress_batch(&points));
                 },
@@ -301,7 +301,7 @@ mod scalar_benches {
     use super::*;
 
     fn scalar_arith<M: Measurement>(c: &mut BenchmarkGroup<M>) {
-        let mut rng = thread_rng();
+        let mut rng = rng();
 
         c.bench_function("Scalar inversion", |b| {
             let s = Scalar::from(897987897u64).invert();
@@ -336,7 +336,7 @@ mod scalar_benches {
                 BenchmarkId::new("Batch scalar inversion", *batch_size),
                 &batch_size,
                 |b, &&size| {
-                    let mut rng = OsRng;
+                    let mut rng = OsRng.unwrap_err();
                     let scalars: Vec<Scalar> =
                         (0..size).map(|_| Scalar::random(&mut rng)).collect();
                     b.iter(|| {

curve25519-dalek/src/edwards.rs

@@ -113,7 +113,7 @@ use {
 };
 
 #[cfg(feature = "group")]
-use rand_core::RngCore;
+use rand_core::TryRngCore;
 
 use subtle::Choice;
 use subtle::ConditionallyNegatable;
@@ -1283,13 +1283,13 @@ impl Debug for EdwardsPoint {
 impl group::Group for EdwardsPoint {
     type Scalar = Scalar;
 
-    fn random(mut rng: impl RngCore) -> Self {
+    fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Self, R::Error> {
         let mut repr = CompressedEdwardsY([0u8; 32]);
         loop {
-            rng.fill_bytes(&mut repr.0);
+            rng.try_fill_bytes(&mut repr.0)?;
             if let Some(p) = repr.decompress() {
                 if !IsIdentity::is_identity(&p) {
-                    break p;
+                    break Ok(p);
                 }
             }
         }
@@ -1514,20 +1514,20 @@ define_mul_assign_variants!(LHS = SubgroupPoint, RHS = Scalar);
 impl group::Group for SubgroupPoint {
     type Scalar = Scalar;
 
-    fn random(mut rng: impl RngCore) -> Self {
+    fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Self, R::Error> {
         use group::ff::Field;
 
         // This will almost never loop, but `Group::random` is documented as returning a
         // non-identity element.
         let s = loop {
-            let s: Scalar = Field::random(&mut rng);
+            let s: Scalar = Field::try_from_rng(rng)?;
             if !s.is_zero_vartime() {
                 break s;
             }
         };
 
         // This gives an element of the prime-order subgroup.
-        Self::generator() * s
+        Ok(Self::generator() * s)
     }
 
     fn identity() -> Self {
@@ -1593,9 +1593,7 @@ impl CofactorGroup for EdwardsPoint {
 mod test {
     use super::*;
 
-    // If `group` is set, then this is already imported in super
-    #[cfg(not(feature = "group"))]
-    use rand_core::RngCore;
+    use rand_core::TryRngCore;
 
     #[cfg(feature = "alloc")]
     use alloc::vec::Vec;
@@ -1890,7 +1888,7 @@ mod test {
         #[cfg(feature = "precomputed-tables")]
         let random_point = {
             let mut b = [0u8; 32];
-            csprng.fill_bytes(&mut b);
+            csprng.try_fill_bytes(&mut b).unwrap();
             EdwardsPoint::mul_base_clamped(b) + constants::EIGHT_TORSION[1]
         };
         // Make a basepoint table from the random point. We'll use this with mul_base_clamped
@@ -1916,7 +1914,7 @@ mod test {
         for _ in 0..100 {
             // This will be reduced mod l with probability l / 2^256 ≈ 6.25%
             let mut a_bytes = [0u8; 32];
-            csprng.fill_bytes(&mut a_bytes);
+            csprng.try_fill_bytes(&mut a_bytes).unwrap();
 
             assert_eq!(
                 EdwardsPoint::mul_base_clamped(a_bytes),
@@ -2032,7 +2030,7 @@ mod test {
     // A single iteration of a consistency check for MSM.
     #[cfg(feature = "alloc")]
     fn multiscalar_consistency_iter(n: usize) {
-        let mut rng = rand::thread_rng();
+        let mut rng = rand::rng();
 
         // Construct random coefficients x0, ..., x_{n-1},
         // followed by some extra hardcoded ones.
@@ -2095,7 +2093,7 @@ mod test {
     #[test]
     #[cfg(feature = "alloc")]
     fn vartime_precomputed_vs_nonprecomputed_multiscalar() {
-        let mut rng = rand::thread_rng();
+        let mut rng = rand::rng();
 
         let static_scalars = (0..128)
             .map(|_| Scalar::random(&mut rng))

curve25519-dalek/src/montgomery.rs

@@ -431,7 +431,7 @@ mod test {
     #[cfg(feature = "alloc")]
     use alloc::vec::Vec;
 
-    use rand_core::{CryptoRng, RngCore};
+    use rand_core::{CryptoRng, RngCore, TryRngCore};
 
     #[test]
     fn identity_in_different_coordinates() {
@@ -515,8 +515,8 @@ mod test {
     }
 
     /// Returns a random point on the prime-order subgroup
-    fn rand_prime_order_point(mut rng: impl RngCore + CryptoRng) -> EdwardsPoint {
-        let s: Scalar = Scalar::random(&mut rng);
+    fn rand_prime_order_point<R: CryptoRng + ?Sized>(rng: &mut R) -> EdwardsPoint {
+        let s: Scalar = Scalar::random(rng);
         EdwardsPoint::mul_base(&s)
     }
 
@@ -534,7 +534,7 @@ mod test {
 
     #[test]
     fn montgomery_ladder_matches_edwards_scalarmult() {
-        let mut csprng = rand_core::OsRng;
+        let mut csprng = rand_core::OsRng.unwrap_err();
 
         for _ in 0..100 {
             let p_edwards = rand_prime_order_point(&mut csprng);
@@ -552,7 +552,7 @@ mod test {
     // multiplying by the Scalar representation of the same bits
     #[test]
     fn montgomery_mul_bits_be() {
-        let mut csprng = rand_core::OsRng;
+        let mut csprng = rand_core::OsRng.unwrap_err();
 
         for _ in 0..100 {
             // Make a random prime-order point P
@@ -577,7 +577,7 @@ mod test {
     // integers b₁, b₂ and random (curve or twist) point P.
     #[test]
     fn montgomery_mul_bits_be_twist() {
-        let mut csprng = rand_core::OsRng;
+        let mut csprng = rand_core::OsRng.unwrap_err();
 
         for _ in 0..100 {
             // Make a random point P on the curve or its twist
@@ -623,7 +623,7 @@ mod test {
         for _ in 0..100 {
             // This will be reduced mod l with probability l / 2^256 ≈ 6.25%
             let mut a_bytes = [0u8; 32];
-            csprng.fill_bytes(&mut a_bytes);
+            csprng.try_fill_bytes(&mut a_bytes).unwrap();
 
             assert_eq!(
                 MontgomeryPoint::mul_base_clamped(a_bytes),

curve25519-dalek/src/ristretto.rs

@@ -169,8 +169,8 @@ use core::ops::{Add, Neg, Sub};
 use core::ops::{AddAssign, SubAssign};
 use core::ops::{Mul, MulAssign};
 
-#[cfg(any(test, feature = "rand_core"))]
-use rand_core::CryptoRngCore;
+#[cfg(feature = "rand_core")]
+use rand_core::TryCryptoRng;
 
 #[cfg(feature = "digest")]
 use digest::array::typenum::U64;
@@ -183,7 +183,7 @@ use crate::field::FieldElement;
 #[cfg(feature = "group")]
 use {
     group::{cofactor::CofactorGroup, prime::PrimeGroup, GroupEncoding},
-    rand_core::RngCore,
+    rand_core::TryRngCore,
     subtle::CtOption,
 };
 
@@ -696,8 +696,7 @@ impl RistrettoPoint {
     ///
     /// # Inputs
     ///
-    /// * `rng`: any RNG which implements `CryptoRngCore`
-    ///   (i.e. `CryptoRng` + `RngCore`) interface.
+    /// * `rng`: any RNG which implements `CryptoRng` interface.
     ///
     /// # Returns
     ///
@@ -709,11 +708,11 @@ impl RistrettoPoint {
     /// discrete log of the output point with respect to any other
     /// point should be unknown.  The map is applied twice and the
     /// results are added, to ensure a uniform distribution.
-    pub fn random<R: CryptoRngCore + ?Sized>(rng: &mut R) -> Self {
+    pub fn try_from_rng<R: TryCryptoRng + ?Sized>(rng: &mut R) -> Result<Self, R::Error> {
         let mut uniform_bytes = [0u8; 64];
-        rng.fill_bytes(&mut uniform_bytes);
+        rng.try_fill_bytes(&mut uniform_bytes)?;
 
-        RistrettoPoint::from_uniform_bytes(&uniform_bytes)
+        Ok(RistrettoPoint::from_uniform_bytes(&uniform_bytes))
     }
 
     #[cfg(feature = "digest")]
@@ -1181,11 +1180,11 @@ impl Debug for RistrettoPoint {
 impl group::Group for RistrettoPoint {
     type Scalar = Scalar;
 
-    fn random(mut rng: impl RngCore) -> Self {
+    fn try_from_rng<R: TryRngCore + ?Sized>(rng: &mut R) -> Result<Self, R::Error> {
         // NOTE: this is duplicated due to different `rng` bounds
         let mut uniform_bytes = [0u8; 64];
-        rng.fill_bytes(&mut uniform_bytes);
-        RistrettoPoint::from_uniform_bytes(&uniform_bytes)
+        rng.try_fill_bytes(&mut uniform_bytes)?;
+        Ok(RistrettoPoint::from_uniform_bytes(&uniform_bytes))
     }
 
     fn identity() -> Self {
@@ -1278,7 +1277,7 @@ mod test {
     use super::*;
     use crate::edwards::CompressedEdwardsY;
 
-    use rand_core::OsRng;
+    use rand_core::{OsRng, TryRngCore};
 
     #[test]
     #[cfg(feature = "serde")]
@@ -1471,7 +1470,7 @@ mod test {
 
     #[test]
     fn four_torsion_random() {
-        let mut rng = OsRng;
+        let mut rng = OsRng.unwrap_err();
         let P = RistrettoPoint::mul_base(&Scalar::random(&mut rng));
         let P_coset = P.coset4();
         for point in P_coset {
@@ -1796,7 +1795,7 @@ mod test {
 
     #[test]
     fn random_roundtrip() {
-        let mut rng = OsRng;
+        let mut rng = OsRng.unwrap_err();
         for _ in 0..100 {
             let P = RistrettoPoint::mul_base(&Scalar::random(&mut rng));
             let compressed_P = P.compress();
@@ -1806,14 +1805,15 @@ mod test {
     }
 
     #[test]
-    #[cfg(all(feature = "alloc", feature = "rand_core"))]
+    #[cfg(all(feature = "alloc", feature = "rand_core", feature = "group"))]
     fn double_and_compress_1024_random_points() {
+        use group::Group;
         let mut rng = OsRng;
 
         let mut points: Vec<RistrettoPoint> = (0..1024)
-            .map(|_| RistrettoPoint::random(&mut rng))
+            .map(|_| RistrettoPoint::try_from_rng(&mut rng).unwrap())
             .collect();
-        points[500] = RistrettoPoint::identity();
+        points[500] = <RistrettoPoint as Group>::identity();
 
         let compressed = RistrettoPoint::double_and_compress_batch(&points);
 
@@ -1825,7 +1825,7 @@ mod test {
     #[test]
     #[cfg(feature = "alloc")]
     fn vartime_precomputed_vs_nonprecomputed_multiscalar() {
-        let mut rng = rand::thread_rng();
+        let mut rng = rand::rng();
 
         let static_scalars = (0..128)
             .map(|_| Scalar::random(&mut rng))