chore(deps): bump rand in identity and core

Cargo.toml

@@ -78,13 +78,13 @@ libp2p = { version = "0.56.0", path = "libp2p" }
 libp2p-allow-block-list = { version = "0.6.0", path = "misc/allow-block-list" }
 libp2p-autonat = { version = "0.15.0", path = "protocols/autonat" }
 libp2p-connection-limits = { version = "0.6.0", path = "misc/connection-limits" }
-libp2p-core = { version = "0.43.1", path = "core" }
+libp2p-core = { version = "0.43.2", path = "core" }
 libp2p-dcutr = { version = "0.14.0", path = "protocols/dcutr" }
 libp2p-dns = { version = "0.44.0", path = "transports/dns" }
 libp2p-floodsub = { version = "0.47.0", path = "protocols/floodsub" }
 libp2p-gossipsub = { version = "0.49.0", path = "protocols/gossipsub" }
 libp2p-identify = { version = "0.47.0", path = "protocols/identify" }
-libp2p-identity = { version = "0.2.12" }
+libp2p-identity = { version = "0.2.13" }
 libp2p-kad = { version = "0.48.1", path = "protocols/kad" }
 libp2p-mdns = { version = "0.48.0", path = "protocols/mdns" }
 libp2p-memory-connection-limits = { version = "0.5.0", path = "misc/memory-connection-limits" }
@@ -124,15 +124,17 @@ futures = "0.3.30"
 futures-bounded = { version = "0.2.4" }
 futures-rustls = { version = "0.26.0", default-features = false }
 getrandom = "0.2"
-if-watch = "3.2.1"
+hashlink = "0.9.0"
 hickory-proto = { version = "0.25.2", default-features = false }
 hickory-resolver = { version = "0.25.2", default-features = false }
+if-watch = "3.2.1"
 multiaddr = "0.18.1"
 multihash = "0.19.1"
 multistream-select = { version = "0.13.0", path = "misc/multistream-select" }
 prometheus-client = "0.23"
 quick-protobuf-codec = { version = "0.3.1", path = "misc/quick-protobuf-codec" }
 quickcheck = { package = "quickcheck-ext", path = "misc/quickcheck-ext" }
+rand = { version = "0.9", default-features = false }
 rcgen = "0.13"
 ring = "0.17.12"
 rw-stream-sink = { version = "0.4.0", path = "misc/rw-stream-sink" }
@@ -142,7 +144,6 @@ tracing = "0.1.41"
 tracing-subscriber = "0.3.19"
 unsigned-varint = { version = "0.8.0" }
 web-time = "1.1.0"
-hashlink = "0.9.0"
 
 [patch.crates-io]
 

core/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.43.2
+- Upgrade `rand` to `0.9`.
+  See [PR 6092](https://github.com/libp2p/rust-libp2p/pull/6092)
+
 ## 0.43.1
 - Remove `once_cell` dependency.
   See [PR 5913](https://github.com/libp2p/rust-libp2p/pull/5913)

core/Cargo.toml

@@ -3,7 +3,7 @@ name = "libp2p-core"
 edition.workspace = true
 rust-version = { workspace = true }
 description = "Core traits and structs of libp2p"
-version = "0.43.1"
+version = "0.43.2"
 authors = ["Parity Technologies <admin@parity.io>"]
 license = "MIT"
 repository = "https://github.com/libp2p/rust-libp2p"
@@ -23,7 +23,7 @@ multistream-select = { workspace = true }
 parking_lot = "0.12.3"
 pin-project = "1.1.5"
 quick-protobuf = "0.8"
-rand = "0.8"
+rand = { workspace = true }
 rw-stream-sink = { workspace = true }
 thiserror = { workspace = true }
 tracing = { workspace = true }

identity/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 0.2.13
+
+- Upgrade `rand` to `0.9`.
+  See [PR 6092](https://github.com/libp2p/rust-libp2p/pull/6092)
+
 ## 0.2.12
 
 - Avoid depending on the `rand_core` feature in `ed25519-dalek` crate.

identity/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libp2p-identity"
-version = "0.2.12"
+version = "0.2.13"
 edition = "2021" # MUST NOT inherit from workspace because we don't want to publish breaking changes to `libp2p-identity`.
 description = "Data structures and algorithms for identifying peers in libp2p."
 rust-version = "1.73.0" # MUST NOT inherit from workspace because we don't want to publish breaking changes to `libp2p-identity`.
@@ -21,7 +21,7 @@ tracing = { workspace = true }
 multihash = { version = "0.19.1", optional = true }
 p256 = { version = "0.13", default-features = false, features = ["ecdsa", "std", "pem"], optional = true }
 quick-protobuf = "0.8.1"
-rand = { version = "0.8", optional = true }
+rand = { workspace = true, optional = true, features = ["thread_rng"]}
 sec1 = { version = "0.7", default-features = false, optional = true }
 serde = { version = "1", optional = true, features = ["derive"] }
 sha2 = { version = "0.10.8", optional = true }

identity/src/ecdsa.rs

@@ -96,7 +96,25 @@ impl SecretKey {
     /// Generate a new random ECDSA secret key.
     #[cfg(feature = "rand")]
     pub fn generate() -> SecretKey {
-        SecretKey(SigningKey::random(&mut rand::thread_rng()))
+        use k256::elliptic_curve::PrimeField as _;
+        use rand::RngCore as _;
+
+        let mut rng = rand::rng();
+        let non_zero_scalar = loop {
+            let scalar: p256::Scalar = {
+                let mut bytes = k256::FieldBytes::default();
+                loop {
+                    rng.fill_bytes(&mut bytes);
+                    if let Some(scalar) = p256::Scalar::from_repr(bytes).into() {
+                        break scalar;
+                    }
+                }
+            };
+            if let Some(non_zero_scalar) = p256::NonZeroScalar::new(scalar).into_option() {
+                break non_zero_scalar;
+            }
+        };
+        SecretKey(non_zero_scalar.into())
     }
 
     /// Sign a message with this secret key, producing a DER-encoded ECDSA signature.

identity/src/ed25519.rs

@@ -187,7 +187,7 @@ impl SecretKey {
         use rand::RngCore as _;
 
         let mut secret = ed25519::SecretKey::default();
-        rand::rngs::OsRng.fill_bytes(&mut secret);
+        rand::rng().fill_bytes(&mut secret);
         SecretKey(secret)
     }
 

identity/src/peer_id.rs

@@ -106,7 +106,7 @@ impl PeerId {
     /// This is useful for randomly walking on a DHT, or for testing purposes.
     #[cfg(feature = "rand")]
     pub fn random() -> PeerId {
-        let peer_id = rand::thread_rng().gen::<[u8; 32]>();
+        let peer_id = rand::rng().random::<[u8; 32]>();
         PeerId {
             multihash: Multihash::wrap(0x0, &peer_id).expect("The digest size is never too large"),
         }

identity/src/secp256k1.rs

@@ -94,7 +94,25 @@ impl SecretKey {
     /// Generate a new random Secp256k1 secret key.
     #[cfg(feature = "rand")]
     pub fn generate() -> SecretKey {
-        SecretKey(k256::ecdsa::SigningKey::random(&mut rand::thread_rng()))
+        use k256::elliptic_curve::PrimeField as _;
+        use rand::RngCore as _;
+
+        let mut rng = rand::rng();
+        let non_zero_scalar = loop {
+            let scalar: k256::Scalar = {
+                let mut bytes = k256::FieldBytes::default();
+                loop {
+                    rng.fill_bytes(&mut bytes);
+                    if let Some(scalar) = k256::Scalar::from_repr(bytes).into() {
+                        break scalar;
+                    }
+                }
+            };
+            if let Some(non_zero_scalar) = k256::NonZeroScalar::new(scalar).into_option() {
+                break non_zero_scalar;
+            }
+        };
+        SecretKey(non_zero_scalar.into())
     }
 
     /// Create a secret key from a byte slice, zeroing the slice on success.