From 116a812d5916437765834f71d53a7b40dd9cd1b5 Mon Sep 17 00:00:00 2001
From: hanabi1224 <harlowmoo@gmail.com>
Date: Fri, 4 Jul 2025 20:25:09 +0800
Subject: [PATCH] chore(deps): bump rand in identity and core

---
 Cargo.lock                | 10 +++++-----
 Cargo.toml                |  9 +++++----
 core/CHANGELOG.md         |  4 ++++
 core/Cargo.toml           |  4 ++--
 identity/CHANGELOG.md     |  5 +++++
 identity/Cargo.toml       |  4 ++--
 identity/src/ecdsa.rs     | 20 +++++++++++++++++++-
 identity/src/ed25519.rs   |  2 +-
 identity/src/peer_id.rs   |  2 +-
 identity/src/secp256k1.rs | 20 +++++++++++++++++++-
 10 files changed, 63 insertions(+), 17 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index a56e9958f1e..953ea6f9375 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2542,7 +2542,7 @@ dependencies = [
  "libp2p-swarm-derive",
  "libp2p-swarm-test",
  "quickcheck-ext",
- "rand 0.8.5",
+ "rand 0.9.0",
  "tokio",
 ]
 
@@ -2563,7 +2563,7 @@ dependencies = [
  "parking_lot",
  "pin-project",
  "quick-protobuf",
- "rand 0.8.5",
+ "rand 0.9.0",
  "rw-stream-sink",
  "thiserror 2.0.12",
  "tokio",
@@ -2694,7 +2694,7 @@ dependencies = [
 
 [[package]]
 name = "libp2p-identity"
-version = "0.2.12"
+version = "0.2.13"
 dependencies = [
  "asn1_der",
  "bs58",
@@ -2707,7 +2707,7 @@ dependencies = [
  "p256",
  "quick-protobuf",
  "quickcheck-ext",
- "rand 0.8.5",
+ "rand 0.9.0",
  "ring",
  "rmp-serde",
  "sec1",
@@ -6662,7 +6662,7 @@ version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
 dependencies = [
- "windows-sys 0.59.0",
+ "windows-sys 0.48.0",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 9d164a6a1af..5c49dceceb0 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -78,13 +78,13 @@ libp2p = { version = "0.56.0", path = "libp2p" }
 libp2p-allow-block-list = { version = "0.6.0", path = "misc/allow-block-list" }
 libp2p-autonat = { version = "0.15.0", path = "protocols/autonat" }
 libp2p-connection-limits = { version = "0.6.0", path = "misc/connection-limits" }
-libp2p-core = { version = "0.43.1", path = "core" }
+libp2p-core = { version = "0.43.2", path = "core" }
 libp2p-dcutr = { version = "0.14.0", path = "protocols/dcutr" }
 libp2p-dns = { version = "0.44.0", path = "transports/dns" }
 libp2p-floodsub = { version = "0.47.0", path = "protocols/floodsub" }
 libp2p-gossipsub = { version = "0.49.0", path = "protocols/gossipsub" }
 libp2p-identify = { version = "0.47.0", path = "protocols/identify" }
-libp2p-identity = { version = "0.2.12" }
+libp2p-identity = { version = "0.2.13" }
 libp2p-kad = { version = "0.48.1", path = "protocols/kad" }
 libp2p-mdns = { version = "0.48.0", path = "protocols/mdns" }
 libp2p-memory-connection-limits = { version = "0.5.0", path = "misc/memory-connection-limits" }
@@ -124,15 +124,17 @@ futures = "0.3.30"
 futures-bounded = { version = "0.2.4" }
 futures-rustls = { version = "0.26.0", default-features = false }
 getrandom = "0.2"
-if-watch = "3.2.1"
+hashlink = "0.9.0"
 hickory-proto = { version = "0.25.2", default-features = false }
 hickory-resolver = { version = "0.25.2", default-features = false }
+if-watch = "3.2.1"
 multiaddr = "0.18.1"
 multihash = "0.19.1"
 multistream-select = { version = "0.13.0", path = "misc/multistream-select" }
 prometheus-client = "0.23"
 quick-protobuf-codec = { version = "0.3.1", path = "misc/quick-protobuf-codec" }
 quickcheck = { package = "quickcheck-ext", path = "misc/quickcheck-ext" }
+rand = { version = "0.9", default-features = false }
 rcgen = "0.13"
 ring = "0.17.12"
 rw-stream-sink = { version = "0.4.0", path = "misc/rw-stream-sink" }
@@ -142,7 +144,6 @@ tracing = "0.1.41"
 tracing-subscriber = "0.3.19"
 unsigned-varint = { version = "0.8.0" }
 web-time = "1.1.0"
-hashlink = "0.9.0"
 
 [patch.crates-io]
 
diff --git a/core/CHANGELOG.md b/core/CHANGELOG.md
index 90d26e75608..7e5c600f226 100644
--- a/core/CHANGELOG.md
+++ b/core/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.43.2
+- Upgrade `rand` to `0.9`.
+  See [PR 6092](https://github.com/libp2p/rust-libp2p/pull/6092)
+
 ## 0.43.1
 - Remove `once_cell` dependency.
   See [PR 5913](https://github.com/libp2p/rust-libp2p/pull/5913)
diff --git a/core/Cargo.toml b/core/Cargo.toml
index 8c6018adb16..5aa43e413af 100644
--- a/core/Cargo.toml
+++ b/core/Cargo.toml
@@ -3,7 +3,7 @@ name = "libp2p-core"
 edition.workspace = true
 rust-version = { workspace = true }
 description = "Core traits and structs of libp2p"
-version = "0.43.1"
+version = "0.43.2"
 authors = ["Parity Technologies <admin@parity.io>"]
 license = "MIT"
 repository = "https://github.com/libp2p/rust-libp2p"
@@ -23,7 +23,7 @@ multistream-select = { workspace = true }
 parking_lot = "0.12.3"
 pin-project = "1.1.5"
 quick-protobuf = "0.8"
-rand = "0.8"
+rand = { workspace = true }
 rw-stream-sink = { workspace = true }
 thiserror = { workspace = true }
 tracing = { workspace = true }
diff --git a/identity/CHANGELOG.md b/identity/CHANGELOG.md
index 6c58a32af3f..eb75f1ff043 100644
--- a/identity/CHANGELOG.md
+++ b/identity/CHANGELOG.md
@@ -1,3 +1,8 @@
+## 0.2.13
+
+- Upgrade `rand` to `0.9`.
+  See [PR 6092](https://github.com/libp2p/rust-libp2p/pull/6092)
+
 ## 0.2.12
 
 - Avoid depending on the `rand_core` feature in `ed25519-dalek` crate.
diff --git a/identity/Cargo.toml b/identity/Cargo.toml
index b5120efe078..1f34442b84a 100644
--- a/identity/Cargo.toml
+++ b/identity/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "libp2p-identity"
-version = "0.2.12"
+version = "0.2.13"
 edition = "2021" # MUST NOT inherit from workspace because we don't want to publish breaking changes to `libp2p-identity`.
 description = "Data structures and algorithms for identifying peers in libp2p."
 rust-version = "1.73.0" # MUST NOT inherit from workspace because we don't want to publish breaking changes to `libp2p-identity`.
@@ -21,7 +21,7 @@ tracing = { workspace = true }
 multihash = { version = "0.19.1", optional = true }
 p256 = { version = "0.13", default-features = false, features = ["ecdsa", "std", "pem"], optional = true }
 quick-protobuf = "0.8.1"
-rand = { version = "0.8", optional = true }
+rand = { workspace = true, optional = true, features = ["thread_rng"]}
 sec1 = { version = "0.7", default-features = false, optional = true }
 serde = { version = "1", optional = true, features = ["derive"] }
 sha2 = { version = "0.10.8", optional = true }
diff --git a/identity/src/ecdsa.rs b/identity/src/ecdsa.rs
index 11cdaced795..d5ecbeffe50 100644
--- a/identity/src/ecdsa.rs
+++ b/identity/src/ecdsa.rs
@@ -96,7 +96,25 @@ impl SecretKey {
     /// Generate a new random ECDSA secret key.
     #[cfg(feature = "rand")]
     pub fn generate() -> SecretKey {
-        SecretKey(SigningKey::random(&mut rand::thread_rng()))
+        use k256::elliptic_curve::PrimeField as _;
+        use rand::RngCore as _;
+
+        let mut rng = rand::rng();
+        let non_zero_scalar = loop {
+            let scalar: p256::Scalar = {
+                let mut bytes = k256::FieldBytes::default();
+                loop {
+                    rng.fill_bytes(&mut bytes);
+                    if let Some(scalar) = p256::Scalar::from_repr(bytes).into() {
+                        break scalar;
+                    }
+                }
+            };
+            if let Some(non_zero_scalar) = p256::NonZeroScalar::new(scalar).into_option() {
+                break non_zero_scalar;
+            }
+        };
+        SecretKey(non_zero_scalar.into())
     }
 
     /// Sign a message with this secret key, producing a DER-encoded ECDSA signature.
diff --git a/identity/src/ed25519.rs b/identity/src/ed25519.rs
index ff1ff082306..6c8e156d636 100644
--- a/identity/src/ed25519.rs
+++ b/identity/src/ed25519.rs
@@ -187,7 +187,7 @@ impl SecretKey {
         use rand::RngCore as _;
 
         let mut secret = ed25519::SecretKey::default();
-        rand::rngs::OsRng.fill_bytes(&mut secret);
+        rand::rng().fill_bytes(&mut secret);
         SecretKey(secret)
     }
 
diff --git a/identity/src/peer_id.rs b/identity/src/peer_id.rs
index 7f6d1f44eab..27802391ae2 100644
--- a/identity/src/peer_id.rs
+++ b/identity/src/peer_id.rs
@@ -106,7 +106,7 @@ impl PeerId {
     /// This is useful for randomly walking on a DHT, or for testing purposes.
     #[cfg(feature = "rand")]
     pub fn random() -> PeerId {
-        let peer_id = rand::thread_rng().gen::<[u8; 32]>();
+        let peer_id = rand::rng().random::<[u8; 32]>();
         PeerId {
             multihash: Multihash::wrap(0x0, &peer_id).expect("The digest size is never too large"),
         }
diff --git a/identity/src/secp256k1.rs b/identity/src/secp256k1.rs
index c56b52f035e..ce9bf6a0852 100644
--- a/identity/src/secp256k1.rs
+++ b/identity/src/secp256k1.rs
@@ -94,7 +94,25 @@ impl SecretKey {
     /// Generate a new random Secp256k1 secret key.
     #[cfg(feature = "rand")]
     pub fn generate() -> SecretKey {
-        SecretKey(k256::ecdsa::SigningKey::random(&mut rand::thread_rng()))
+        use k256::elliptic_curve::PrimeField as _;
+        use rand::RngCore as _;
+
+        let mut rng = rand::rng();
+        let non_zero_scalar = loop {
+            let scalar: k256::Scalar = {
+                let mut bytes = k256::FieldBytes::default();
+                loop {
+                    rng.fill_bytes(&mut bytes);
+                    if let Some(scalar) = k256::Scalar::from_repr(bytes).into() {
+                        break scalar;
+                    }
+                }
+            };
+            if let Some(non_zero_scalar) = k256::NonZeroScalar::new(scalar).into_option() {
+                break non_zero_scalar;
+            }
+        };
+        SecretKey(non_zero_scalar.into())
     }
 
     /// Create a secret key from a byte slice, zeroing the slice on success.