Bump rand_core from v0.9 to v0.10.0-rc-2 (#842)

Prior to a final stable release of the @RustCrypto dependencies used by
the dalek crates, we are going to target `rand_core` v0.10.

This updates the `rand` and `rand_core` dependencies as well as the
aforementioned @RustCrypto dependencies to be compatible with
`rand_core` v0.10, which incurred a few API changes:

- `rand_core` no longer includes `OsRng`, so this replaces the `os_rng`
  features with `getrandom` features (same thing we did for @RustCrypto)
  which uses the `getrandom` crate directly
- For `dev-dependencies` it just migrates straight to `rand`, replacing
  `rand_chacha` with the `chacha` feature of `rand` (which pulls in
  `chacha20`), and sourcing `OsRng` from `rand`, its new home (for now)

This PR also switches to using the `rustcrypto-ff`/`rustcrypto-group` crates
(hopefully temporary) which are forks of `ff` and `group` which have crate
releases that have been updated to use  `rand_core` v0.10.0 prereleases.

Author: tarcieri

.github/workflows/workspace.yml

@@ -78,7 +78,7 @@ jobs:
       - name: no_std / no feat ${{ matrix.crate }}
         run: cargo build -p ${{ matrix.crate }} --target thumbv7em-none-eabi --release --no-default-features
       - name: no_std / cargo hack ${{ matrix.crate }}
-        run: cargo hack build -p ${{ matrix.crate }} --target thumbv7em-none-eabi --release --each-feature --exclude-features default,std,os_rng
+        run: cargo hack build -p ${{ matrix.crate }} --target thumbv7em-none-eabi --release --each-feature --exclude-features default,std,getrandom
 
   clippy:
     name: Check that clippy is happy

curve25519-dalek/Cargo.toml

@@ -37,13 +37,12 @@ features = [
 ]
 
 [dev-dependencies]
-sha2 = { version = "0.11.0-rc.2", default-features = false }
+sha2 = { version = "0.11.0-rc.3", default-features = false }
 bincode = "1"
 criterion = { version = "0.5", features = ["html_reports"] }
 hex = "0.4.2"
 proptest = "1"
-rand = "0.9"
-rand_core = { version = "0.9", default-features = false, features = ["os_rng"] }
+rand = "0.10.0-rc.5"
 
 [build-dependencies]
 rustc_version = "0.4.0"
@@ -55,10 +54,10 @@ required-features = ["alloc", "rand_core"]
 
 [dependencies]
 cfg-if = "1"
-ff = { version = "=0.14.0-pre.0", default-features = false, optional = true }
-group = { version = "=0.14.0-pre.0", default-features = false, optional = true }
-rand_core = { version = "0.9", default-features = false, optional = true }
-digest = { version = "0.11.0-rc.1", default-features = false, optional = true, features = [
+ff = { version = "=0.14.0-pre.0", package = "rustcrypto-ff", default-features = false, optional = true }
+group = { version = "=0.14.0-pre.0", package = "rustcrypto-group", default-features = false, optional = true }
+rand_core = { version = "0.10.0-rc-2", default-features = false, optional = true }
+digest = { version = "0.11.0-rc.4", default-features = false, optional = true, features = [
     "block-api",
 ] }
 subtle = { version = "2.6.0", default-features = false, features = [

curve25519-dalek/src/edwards.rs

@@ -117,7 +117,7 @@ use {
     subtle::CtOption,
 };
 
-#[cfg(any(test, feature = "rand_core"))]
+#[cfg(feature = "rand_core")]
 use rand_core::RngCore;
 
 use subtle::Choice;
@@ -751,7 +751,7 @@ impl EdwardsPoint {
     ///
     /// Uses rejection sampling, generating a random `CompressedEdwardsY` and then attempting point
     /// decompression, rejecting invalid points.
-    #[cfg(any(test, feature = "rand_core"))]
+    #[cfg(feature = "rand_core")]
     pub fn random<R: RngCore + ?Sized>(rng: &mut R) -> Self {
         let mut repr = CompressedEdwardsY([0u8; 32]);
         loop {
@@ -1779,7 +1779,7 @@ impl CofactorGroup for EdwardsPoint {
 mod test {
     use super::*;
 
-    use rand_core::TryRngCore;
+    use rand::TryRngCore;
 
     #[cfg(feature = "alloc")]
     use alloc::vec::Vec;
@@ -2068,7 +2068,7 @@ mod test {
     /// Check that mul_base_clamped and mul_clamped agree
     #[test]
     fn mul_base_clamped() {
-        let mut csprng = rand_core::OsRng;
+        let mut csprng = rand::rngs::OsRng;
 
         // Make a random curve point in the curve. Give it torsion to make things interesting.
         #[cfg(feature = "precomputed-tables")]
@@ -2182,7 +2182,7 @@ mod test {
         }
     }
 
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     #[test]
     fn compress_batch() {
         let mut rng = rand::rng();
@@ -2239,7 +2239,7 @@ mod test {
     }
 
     // A single iteration of a consistency check for MSM.
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn multiscalar_consistency_iter(n: usize) {
         let mut rng = rand::rng();
 
@@ -2266,7 +2266,7 @@ mod test {
     // parameters.
 
     #[test]
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn multiscalar_consistency_n_100() {
         let iters = 50;
         for _ in 0..iters {
@@ -2275,7 +2275,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn multiscalar_consistency_n_250() {
         let iters = 50;
         for _ in 0..iters {
@@ -2284,7 +2284,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn multiscalar_consistency_n_500() {
         let iters = 50;
         for _ in 0..iters {
@@ -2293,7 +2293,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn multiscalar_consistency_n_1000() {
         let iters = 50;
         for _ in 0..iters {
@@ -2302,7 +2302,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn batch_to_montgomery() {
         let mut rng = rand::rng();
 
@@ -2327,7 +2327,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn vartime_precomputed_vs_nonprecomputed_multiscalar() {
         let mut rng = rand::rng();
 

curve25519-dalek/src/montgomery.rs

@@ -515,7 +515,9 @@ mod test {
     use super::*;
     use crate::constants;
 
-    use rand_core::{CryptoRng, RngCore, TryRngCore};
+    #[cfg(feature = "rand_core")]
+    use rand::CryptoRng;
+    use rand::{RngCore, TryRngCore};
 
     #[test]
     fn identity_in_different_coordinates() {
@@ -599,6 +601,7 @@ mod test {
     }
 
     /// Returns a random point on the prime-order subgroup
+    #[cfg(feature = "rand_core")]
     fn rand_prime_order_point<R: CryptoRng + ?Sized>(rng: &mut R) -> EdwardsPoint {
         let s: Scalar = Scalar::random(rng);
         EdwardsPoint::mul_base(&s)
@@ -616,9 +619,10 @@ mod test {
         })
     }
 
+    #[cfg(feature = "rand_core")]
     #[test]
     fn montgomery_ladder_matches_edwards_scalarmult() {
-        let mut csprng = rand_core::OsRng.unwrap_err();
+        let mut csprng = rand::rngs::OsRng.unwrap_err();
 
         for _ in 0..100 {
             let p_edwards = rand_prime_order_point(&mut csprng);
@@ -634,9 +638,10 @@ mod test {
 
     // Tests that, on the prime-order subgroup, MontgomeryPoint::mul_bits_be is the same as
     // multiplying by the Scalar representation of the same bits
+    #[cfg(feature = "rand_core")]
     #[test]
     fn montgomery_mul_bits_be() {
-        let mut csprng = rand_core::OsRng.unwrap_err();
+        let mut csprng = rand::rngs::OsRng.unwrap_err();
 
         for _ in 0..100 {
             // Make a random prime-order point P
@@ -661,7 +666,7 @@ mod test {
     // integers b₁, b₂ and random (curve or twist) point P.
     #[test]
     fn montgomery_mul_bits_be_twist() {
-        let mut csprng = rand_core::OsRng.unwrap_err();
+        let mut csprng = rand::rngs::OsRng.unwrap_err();
 
         for _ in 0..100 {
             // Make a random point P on the curve or its twist
@@ -694,7 +699,7 @@ mod test {
     /// Check that mul_base_clamped and mul_clamped agree
     #[test]
     fn mul_base_clamped() {
-        let mut csprng = rand_core::OsRng;
+        let mut csprng = rand::rngs::OsRng;
 
         // Test agreement on a large integer. Even after clamping, this is not reduced mod l.
         let a_bytes = [0xff; 32];

curve25519-dalek/src/ristretto.rs

@@ -184,7 +184,7 @@ use {
     subtle::CtOption,
 };
 
-#[cfg(any(test, feature = "rand_core"))]
+#[cfg(feature = "rand_core")]
 use {
     core::convert::Infallible,
     rand_core::{CryptoRng, TryCryptoRng},
@@ -543,7 +543,7 @@ impl RistrettoPoint {
     #[cfg_attr(feature = "rand_core", doc = "```")]
     #[cfg_attr(not(feature = "rand_core"), doc = "```ignore")]
     /// # use curve25519_dalek::ristretto::RistrettoPoint;
-    /// use rand_core::{OsRng, TryRngCore};
+    /// use rand::{rngs::OsRng, TryRngCore};
     ///
     /// # // Need fn main() here in comment so the doctest compiles
     /// # // See https://doc.rust-lang.org/book/documentation.html#documentation-as-tests
@@ -656,7 +656,6 @@ impl RistrettoPoint {
         ]
     }
 
-    #[cfg(any(test, feature = "rand_core"))]
     /// Return a `RistrettoPoint` chosen uniformly at random using a user-provided RNG.
     ///
     /// # Inputs
@@ -673,13 +672,13 @@ impl RistrettoPoint {
     /// discrete log of the output point with respect to any other
     /// point should be unknown.  The map is applied twice and the
     /// results are added, to ensure a uniform distribution.
+    #[cfg(feature = "rand_core")]
     pub fn random<R: CryptoRng + ?Sized>(rng: &mut R) -> Self {
         Self::try_from_rng(rng)
             .map_err(|_: Infallible| {})
             .expect("[bug] unfallible rng failed")
     }
 
-    #[cfg(any(test, feature = "rand_core"))]
     /// Return a `RistrettoPoint` chosen uniformly at random using a user-provided RNG.
     ///
     /// # Inputs
@@ -696,6 +695,7 @@ impl RistrettoPoint {
     /// discrete log of the output point with respect to any other
     /// point should be unknown.  The map is applied twice and the
     /// results are added, to ensure a uniform distribution.
+    #[cfg(feature = "rand_core")]
     pub fn try_from_rng<R: TryCryptoRng + ?Sized>(rng: &mut R) -> Result<Self, R::Error> {
         let mut uniform_bytes = [0u8; 64];
         rng.try_fill_bytes(&mut uniform_bytes)?;
@@ -1277,8 +1277,8 @@ mod test {
     use crate::edwards::CompressedEdwardsY;
     #[cfg(feature = "group")]
     use proptest::prelude::*;
-
-    use rand_core::{OsRng, TryRngCore};
+    #[cfg(feature = "rand_core")]
+    use rand::{TryRngCore, rngs::OsRng};
 
     #[test]
     #[cfg(feature = "serde")]
@@ -1469,6 +1469,7 @@ mod test {
         }
     }
 
+    #[cfg(feature = "rand_core")]
     #[test]
     fn four_torsion_random() {
         let mut rng = OsRng.unwrap_err();
@@ -1479,6 +1480,7 @@ mod test {
         }
     }
 
+    #[cfg(feature = "rand_core")]
     #[test]
     fn random_roundtrip() {
         let mut rng = OsRng.unwrap_err();
@@ -1542,7 +1544,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn vartime_precomputed_vs_nonprecomputed_multiscalar() {
         let mut rng = rand::rng();
 
@@ -1593,7 +1595,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn partial_precomputed_mixed_multiscalar_empty() {
         let mut rng = rand::rng();
 
@@ -1636,7 +1638,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn partial_precomputed_mixed_multiscalar() {
         let mut rng = rand::rng();
 
@@ -1681,7 +1683,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn partial_precomputed_multiscalar() {
         let mut rng = rand::rng();
 
@@ -1710,7 +1712,7 @@ mod test {
     }
 
     #[test]
-    #[cfg(feature = "alloc")]
+    #[cfg(all(feature = "alloc", feature = "rand_core"))]
     fn partial_precomputed_multiscalar_empty() {
         let mut rng = rand::rng();
 

curve25519-dalek/src/scalar.rs

@@ -130,7 +130,7 @@ use group::ff::{FieldBits, PrimeFieldBits};
 #[cfg(feature = "group")]
 use rand_core::TryRngCore;
 
-#[cfg(any(test, feature = "rand_core"))]
+#[cfg(feature = "rand_core")]
 use rand_core::CryptoRng;
 
 #[cfg(feature = "digest")]
@@ -567,7 +567,6 @@ impl Scalar {
         ],
     };
 
-    #[cfg(any(test, feature = "rand_core"))]
     /// Return a `Scalar` chosen uniformly at random using a user-provided RNG.
     ///
     /// # Inputs
@@ -584,11 +583,12 @@ impl Scalar {
     /// # fn main() {
     /// use curve25519_dalek::scalar::Scalar;
     ///
-    /// use rand_core::{OsRng, TryRngCore};
+    /// use rand::{rngs::OsRng, TryRngCore};
     ///
     /// let mut csprng = OsRng.unwrap_err();
     /// let a: Scalar = Scalar::random(&mut csprng);
     /// # }
+    #[cfg(feature = "rand_core")]
     pub fn random<R: CryptoRng + ?Sized>(rng: &mut R) -> Self {
         let mut scalar_bytes = [0u8; 64];
         rng.fill_bytes(&mut scalar_bytes);
@@ -1430,7 +1430,7 @@ pub const fn clamp_integer(mut bytes: [u8; 32]) -> [u8; 32] {
 #[cfg(test)]
 pub(crate) mod test {
     use super::*;
-    use rand_core::RngCore;
+    use rand::RngCore;
 
     #[cfg(feature = "alloc")]
     use alloc::vec::Vec;
@@ -1570,6 +1570,7 @@ pub(crate) mod test {
         }
     }
 
+    #[cfg(feature = "rand_core")]
     fn non_adjacent_form_iter(w: usize, x: &Scalar) {
         let naf = x.non_adjacent_form(w);
 
@@ -1588,6 +1589,7 @@ pub(crate) mod test {
         assert_eq!(*x, y);
     }
 
+    #[cfg(feature = "rand_core")]
     #[test]
     fn non_adjacent_form_random() {
         let mut rng = rand::rng();