traits icon indicating copy to clipboard operation
traits copied to clipboard
verified publisher icon RustCrypto

rand_core v0.9 support

Open tarcieri opened this issue 1 year ago • 2 comments

I tried bumping this repo to rand_core v0.9.0-alpha.2 and ran into the following problem:

This release gets rid of CryptoRngCore and instead changes CryptoRng to have RngCore as a supertrait.

It also splits out TryRngCore into a separate trait, so we can't simply replace CryptoRngCore with CryptoRng and still have access to try_fill_bytes.

What should we do?

  1. Request upstream change to CryptoRng to have a supertrait bound on TryRngCore
  2. Switch to CryptoRng and fill_bytes and get rid of fallible errors when using rand_core-based APIs (we still have fallibility for getrandom-based APIs)
  3. Switch from CryptoRngCore to bounds of CryptoRng + TryRngCore

tarcieri avatar Aug 08 '24 17:08 tarcieri

Edit: see original version of toplevel description for context

~~I think option 2 is probably the most straightforward. It's pretty much where we were before, and we have also added getrandom-based fallible APIs.~~

tarcieri avatar Aug 08 '24 17:08 tarcieri

I think we can have two sets of methods: one set based on CryptoRng and another set of try_* methods based on TryCryptoRng. Note that fallible RNGs should implement the Try* traits, while potentially fallible ones can be converted to "infallible" using the UnwrapErr wrapper. Users then can decide what to use by themselves.

newpavlov avatar Aug 08 '24 18:08 newpavlov

rand_core v0.9 is out

tarcieri avatar Jan 30 '25 00:01 tarcieri

kem will need to be excluded from the workspace for a little while. It depends on x3dh-ke which depends on ecdsa. There is a bit of a release dance that will need to happen.

baloo avatar Feb 14 '25 23:02 baloo

@rozbb perhaps we can get rid of the dev-dependencies of the kem crate now that its API has been massively simplified?

tarcieri avatar Feb 14 '25 23:02 tarcieri

Ya lemme try

rozbb avatar Feb 19 '25 05:02 rozbb

Ok frankly, I'm not sure the tests are really useful. They're not testing anything per se, they're just using the API in a somewhat plausible way. I wouldn't mind if we just deleted them.

rozbb avatar Feb 19 '25 05:02 rozbb

I also ran into this today when I tried porting nacl-compat to rand_core 0.9, which isn't possible due to:

 note: there are multiple different versions of crate `rand_core` in the dependency graph

which is pulled in by this crate (exclusively):

[[package]]
name = "crypto-common"
version = "0.1.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
dependencies = [
 "generic-array",
 "rand_core 0.6.4",
 "typenum",
]

kpcyrd avatar Apr 20 '25 15:04 kpcyrd

I think the crate that pulls crypto-common should be bumped. You shouldn’t have generic-array in your tree (should be hybrid-array now).

baloo avatar Apr 20 '25 15:04 baloo

It's the current latest version of crypto-common: https://crates.io/crates/crypto-common/0.1.6/dependencies

The change to hybrid-array was done in 6bbf1a4a67a52c5863e3101b232e7f3f33bb47a5 but isn't yet released.

kpcyrd avatar Apr 20 '25 18:04 kpcyrd

We have v0.2 pre-releases with rand_core v0.9 support. Changing rand_core version is a breaking change, so we can not do it in v0.1.

newpavlov avatar Apr 21 '25 03:04 newpavlov

hello ! any news on this ?

lovasoa avatar May 21 '25 10:05 lovasoa

I think we can close this issue and track remaining work in #1571

tarcieri avatar May 21 '25 12:05 tarcieri