Rename Rng adapter types and add some static tests for them; add/update some comments. Pacify clippy and cargo vet.

ImplOfAnImpl · ImplOfAnImpl · commit 7bd4b091ffae · 2026-04-23T13:11:30.000+03:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -169,7 +169,11 @@ enumflags2 = "0.7"
 expect-test = "1.3"
 file-rotate = "0.7"
 fix-hidden-lifetime-bug = "0.2"
-fixed-hash = { version = "0.8", default-features = false, features = ["byteorder", "rustc-hex"] } # FIXME docs
+# Note: we deliberately don't enable the `rand` feature of `fixed-hash` because it still uses
+# the `rand` crate v0.8.x, so the `random_using` calls generated by `construct_fixed_hash!` would
+# require to use an adapter, which is inconvenient (we wrap the macro and provide our own implementation
+# of `random_using` instead).
+fixed-hash = { version = "0.8", default-features = false, features = ["byteorder", "rustc-hex"] }
 flate2 = "1.0"
 fs4 = "0.12"
 futures = { version = "0.3", default-features = false }
diff --git a/crypto/src/ephemeral_e2e/mod.rs b/crypto/src/ephemeral_e2e/mod.rs
@@ -17,7 +17,7 @@ pub mod error;
 
 use zeroize::Zeroize;
 
-use randomness::{adapters::RngCore08Adapter, CryptoRng};
+use randomness::{adapters::Rng08Adapter, CryptoRng};
 use serialization::{Decode, DecodeAll, Encode};
 
 use crate::symkey;
@@ -48,7 +48,7 @@ pub struct EndToEndPrivateKey {
 impl EndToEndPrivateKey {
     pub fn new_from_rng<R: CryptoRng>(rng: &mut R) -> EndToEndPrivateKey {
         EndToEndPrivateKey {
-            key: x25519_dalek::ReusableSecret::random_from_rng(&mut RngCore08Adapter(rng)),
+            key: x25519_dalek::ReusableSecret::random_from_rng(Rng08Adapter(rng)),
         }
     }
 
diff --git a/crypto/src/key/secp256k1/extended_keys.rs b/crypto/src/key/secp256k1/extended_keys.rs
@@ -19,7 +19,7 @@ use hmac::{Hmac, Mac};
 use secp256k1;
 use sha2::Sha512;
 
-use randomness::{adapters::RngCore09Adapter, CryptoRng};
+use randomness::{adapters::Rng09Adapter, CryptoRng};
 use serialization::{Decode, Encode};
 
 use crate::{
@@ -92,7 +92,7 @@ impl Secp256k1ExtendedPrivateKey {
         let mut chain_code = [0u8; 32];
         rng.fill_bytes(&mut chain_code);
         let chain_code = chain_code.into();
-        let private_key = secp256k1::SecretKey::new(&mut RngCore09Adapter(rng)).into();
+        let private_key = secp256k1::SecretKey::new(&mut Rng09Adapter(rng)).into();
         // Generate a new private key
         let ext_priv = Secp256k1ExtendedPrivateKey {
             derivation_path: DerivationPath::empty(),
diff --git a/crypto/src/key/secp256k1/mod.rs b/crypto/src/key/secp256k1/mod.rs
@@ -18,7 +18,7 @@ pub mod extended_keys;
 use secp256k1;
 use zeroize::Zeroize;
 
-use randomness::{adapters::RngCore09Adapter, CryptoRng};
+use randomness::{adapters::Rng09Adapter, CryptoRng};
 use serialization::{Decode, Encode};
 
 use crate::{
@@ -63,7 +63,7 @@ impl From<secp256k1::SecretKey> for Secp256k1PrivateKey {
 impl Secp256k1PrivateKey {
     pub fn new<R: CryptoRng>(rng: &mut R) -> (Secp256k1PrivateKey, Secp256k1PublicKey) {
         let secp = secp256k1::Secp256k1::new();
-        let (secret, public) = secp.generate_keypair(&mut RngCore09Adapter(rng));
+        let (secret, public) = secp.generate_keypair(&mut Rng09Adapter(rng));
         (
             Secp256k1PrivateKey::from_native(secret),
             Secp256k1PublicKey::from_native(public),
diff --git a/crypto/src/vrf/schnorrkel/data.rs b/crypto/src/vrf/schnorrkel/data.rs
@@ -150,15 +150,15 @@ mod tests {
     use hex::FromHex;
     use schnorrkel::{signing_context, Keypair, PublicKey, SecretKey};
 
-    use randomness::{adapters::RngCore08Adapter, make_pseudo_rng, make_true_rng, RngExt as _};
+    use randomness::{adapters::Rng08Adapter, make_pseudo_rng, make_true_rng, RngExt as _};
     use serialization::{DecodeAll, Encode};
 
     use super::*;
 
     #[test]
     fn serialization_of_result() {
         let mut csprng = make_true_rng();
-        let keypair = Keypair::generate_with(&mut RngCore08Adapter(&mut csprng));
+        let keypair = Keypair::generate_with(&mut Rng08Adapter(&mut csprng));
 
         let mut rng = make_pseudo_rng();
 
diff --git a/crypto/src/vrf/schnorrkel/mod.rs b/crypto/src/vrf/schnorrkel/mod.rs
@@ -15,7 +15,7 @@
 
 use schnorrkel::{derive::Derivation, Keypair};
 
-use randomness::{adapters::RngCore08Adapter, CryptoRng};
+use randomness::{adapters::Rng08Adapter, CryptoRng};
 use serialization::{Decode, Encode};
 
 use crate::key::hdkd::{
@@ -123,7 +123,7 @@ pub struct SchnorrkelPrivateKey {
 
 impl SchnorrkelPrivateKey {
     pub fn new<R: CryptoRng>(rng: &mut R) -> (SchnorrkelPrivateKey, SchnorrkelPublicKey) {
-        let sk = schnorrkel::SecretKey::generate_with(&mut RngCore08Adapter(rng));
+        let sk = schnorrkel::SecretKey::generate_with(&mut Rng08Adapter(rng));
         let pk = sk.to_public();
         let sk = Self { key: sk };
         let pk = SchnorrkelPublicKey { key: pk };
@@ -265,7 +265,7 @@ mod tests {
     fn vrf_internal_simple() {
         let mut csprng = make_true_rng();
 
-        let keypair1 = Keypair::generate_with(&mut RngCore08Adapter(&mut csprng));
+        let keypair1 = Keypair::generate_with(&mut Rng08Adapter(&mut csprng));
 
         let ctx = signing_context(b"yoo!");
         let msg = b"meow";
@@ -299,7 +299,7 @@ mod tests {
             "VRF verification with incorrect message passed!"
         );
 
-        let keypair2 = Keypair::generate_with(&mut RngCore08Adapter(&mut csprng));
+        let keypair2 = Keypair::generate_with(&mut Rng08Adapter(&mut csprng));
         assert!(
             keypair2.public.vrf_verify(ctx.bytes(msg), out1, &proof1).is_err(),
             "VRF verification with incorrect signer passed!"
diff --git a/crypto/src/vrf/transcript/mod.rs b/crypto/src/vrf/transcript/mod.rs
@@ -21,7 +21,7 @@ pub mod with_rng;
 mod tests {
     use rstest::rstest;
 
-    use randomness::adapters::RngCore08Adapter;
+    use randomness::adapters::Rng08Adapter;
     use test_utils::random::{make_seedable_rng, Seed};
 
     use crate::vrf::transcript::with_rng::VRFTranscriptWithRng;
@@ -41,10 +41,8 @@ mod tests {
                 .attach_raw_data(b"abc", b"xyz")
                 .attach_u64(b"rx42", 424242);
 
-            let mut generator = assembled_transcript
-                .take()
-                .build_rng()
-                .finalize(&mut RngCore08Adapter(&mut rng));
+            let mut generator =
+                assembled_transcript.take().build_rng().finalize(&mut Rng08Adapter(&mut rng));
 
             (0..100).map(|_| generator.gen::<u64>()).collect::<Vec<_>>()
         };
@@ -57,10 +55,8 @@ mod tests {
                 .attach_raw_data(b"abc", b"xyz")
                 .attach_u64(b"rx42", 424242);
 
-            let mut generator = assembled_transcript
-                .take()
-                .build_rng()
-                .finalize(&mut RngCore08Adapter(&mut rng2));
+            let mut generator =
+                assembled_transcript.take().build_rng().finalize(&mut Rng08Adapter(&mut rng2));
 
             (0..100).map(|_| generator.gen::<u64>()).collect::<Vec<_>>()
         };
diff --git a/crypto/src/vrf/transcript/no_rng.rs b/crypto/src/vrf/transcript/no_rng.rs
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use randomness::adapters::RngCore08Adapter;
+use randomness::adapters::Rng08Adapter;
 
 use super::{traits::SignableTranscript, with_rng::VRFTranscriptWithRng};
 
@@ -80,7 +80,7 @@ impl schnorrkel::context::SigningTranscript for VRFTranscript {
             label,
             dest,
             nonce_seeds,
-            RngCore08Adapter(randomness::make_true_rng()),
+            Rng08Adapter(randomness::make_true_rng()),
         )
     }
 }
@@ -110,11 +110,11 @@ mod tests {
         // build a random number generator using each transcript and ensure they both arrive to the same values
         let mut g1 = manual_transcript
             .build_rng()
-            .finalize(&mut RngCore08Adapter(&mut ChaChaRng::from_seed([0u8; 32])));
+            .finalize(&mut Rng08Adapter(&mut ChaChaRng::from_seed([0u8; 32])));
         let mut g2 = assembled_transcript
             .0
             .build_rng()
-            .finalize(&mut RngCore08Adapter(&mut ChaChaRng::from_seed([0u8; 32])));
+            .finalize(&mut Rng08Adapter(&mut ChaChaRng::from_seed([0u8; 32])));
 
         for _ in 0..100 {
             assert_eq!(g1.gen::<u64>(), g2.gen::<u64>());
diff --git a/crypto/src/vrf/transcript/with_rng.rs b/crypto/src/vrf/transcript/with_rng.rs
@@ -15,7 +15,7 @@
 
 use std::sync::{Arc, Mutex};
 
-use randomness::{adapters::RngCore08Adapter, CryptoRng};
+use randomness::{adapters::Rng08Adapter, CryptoRng};
 
 use super::{no_rng::VRFTranscript, traits::SignableTranscript};
 
@@ -78,7 +78,7 @@ impl schnorrkel::context::SigningTranscript for VRFTranscriptWithRng<'_> {
 
     fn witness_bytes(&self, label: &'static [u8], dest: &mut [u8], nonce_seeds: &[&[u8]]) {
         let mut r = self.1.lock().expect("Poisoned mutex");
-        self.witness_bytes_rng(label, dest, nonce_seeds, &mut RngCore08Adapter(&mut *r))
+        self.witness_bytes_rng(label, dest, nonce_seeds, Rng08Adapter(&mut *r))
     }
 }
 
@@ -113,11 +113,11 @@ mod tests {
         // build a random number generator using each transcript and ensure they both arrive to the same values
         let mut g1 = manual_transcript
             .build_rng()
-            .finalize(&mut RngCore08Adapter(&mut ChaChaRng::from_seed([0u8; 32])));
+            .finalize(&mut Rng08Adapter(&mut ChaChaRng::from_seed([0u8; 32])));
         let mut g2 = assembled_transcript
             .0
             .build_rng()
-            .finalize(&mut RngCore08Adapter(&mut ChaChaRng::from_seed([0u8; 32])));
+            .finalize(&mut Rng08Adapter(&mut ChaChaRng::from_seed([0u8; 32])));
 
         for _ in 0..100 {
             assert_eq!(g1.gen::<u64>(), g2.gen::<u64>());
diff --git a/deny.toml b/deny.toml
@@ -50,9 +50,9 @@ ignore = [
     # "bincode" is no longer maintained.
     "RUSTSEC-2025-0141",
 
-    # `rand` is unsound. Note that this has been patched in versions 0.10.1, 0.9.3 and 0.8.6, but we still have
-    # one place where 0.7.x is technically used - it's a dependency of `probabilistic-collections` v0.7.0.
-    # But in that crate the actual RNG is only created in `SipHasherBuilder::from_entropy`, which we do not use,
-    # so our code is still sound.
+    # `rand` is unsound. Note that this has been patched in versions 0.10.1, 0.9.3 and 0.8.6, but we still
+    # have one place where `rand` 0.7.x is used - it's a dependency of `probabilistic-collections` v0.7.0.
+    # But we don't use any code from `probabilistic-collections` that actually creates an RNG, so our code
+    # is still sound.
     "RUSTSEC-2026-0097"
 ]
diff --git a/randomness/src/adapters.rs b/randomness/src/adapters.rs
@@ -13,10 +13,11 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// FIXME rename?
-pub struct RngCore08Adapter<R>(pub R);
+/// An adapter that implements `rand` v0.8's `RngCore` and `CryptoRng` if the wrapped type implements
+/// `Rng` and `CryptoRng` respectively.
+pub struct Rng08Adapter<R>(pub R);
 
-impl<R: crate::Rng> rand_0_8::RngCore for RngCore08Adapter<R> {
+impl<R: crate::Rng> rand_0_8::RngCore for Rng08Adapter<R> {
     fn next_u32(&mut self) -> u32 {
         self.0.next_u32()
     }
@@ -35,11 +36,13 @@ impl<R: crate::Rng> rand_0_8::RngCore for RngCore08Adapter<R> {
     }
 }
 
-impl<R: crate::CryptoRng> rand_0_8::CryptoRng for RngCore08Adapter<R> {}
+impl<R: crate::CryptoRng> rand_0_8::CryptoRng for Rng08Adapter<R> {}
 
-pub struct RngCore09Adapter<R>(pub R);
+/// An adapter that implements `rand` v0.9's `RngCore` and `CryptoRng` if the wrapped type implements
+/// `Rng` and `CryptoRng` respectively.
+pub struct Rng09Adapter<R>(pub R);
 
-impl<R: crate::Rng> rand_0_9::RngCore for RngCore09Adapter<R> {
+impl<R: crate::Rng> rand_0_9::RngCore for Rng09Adapter<R> {
     fn next_u32(&mut self) -> u32 {
         self.0.next_u32()
     }
@@ -53,4 +56,4 @@ impl<R: crate::Rng> rand_0_9::RngCore for RngCore09Adapter<R> {
     }
 }
 
-impl<R: crate::CryptoRng> rand_0_9::CryptoRng for RngCore09Adapter<R> {}
+impl<R: crate::CryptoRng> rand_0_9::CryptoRng for Rng09Adapter<R> {}
diff --git a/randomness/src/lib.rs b/randomness/src/lib.rs
@@ -80,7 +80,8 @@ impl<'a, R: rand::Rng + ?Sized> rand::TryRng for BoxedRngMutexWrapper<'a, R> {
     }
 
     fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Self::Error> {
-        Ok(self.0.lock().expect("poisoned mutex").fill_bytes(dest))
+        self.0.lock().expect("poisoned mutex").fill_bytes(dest);
+        Ok(())
     }
 }
 
@@ -94,13 +95,15 @@ impl<'a, R: rand::TryCryptoRng<Error = std::convert::Infallible>> rand::TryCrypt
 mod tests {
     use static_assertions::{assert_impl_all, assert_not_impl_any};
 
+    use crate::adapters::*;
+
     use super::*;
 
-    // `DumbRng` implements `Rng` but not `CryptoRng`.
+    // `NonCryptoRngType` implements `Rng` but not `CryptoRng`.
     #[allow(dead_code)]
-    struct DumbRng;
+    struct NonCryptoRngType;
 
-    impl TryRng for DumbRng {
+    impl TryRng for NonCryptoRngType {
         type Error = std::convert::Infallible;
 
         fn try_next_u32(&mut self) -> Result<u32, Self::Error> {
@@ -117,9 +120,22 @@ mod tests {
         }
     }
 
-    assert_impl_all!(BoxedRngMutexWrapper<'static, DumbRng>: Rng);
-    assert_not_impl_any!(BoxedRngMutexWrapper<'static, DumbRng>: CryptoRng);
+    type CryptoRngType = rand::rngs::StdRng;
+
+    // Sanity checks
+    assert_impl_all!(CryptoRngType: Rng, CryptoRng);
+    assert_impl_all!(NonCryptoRngType: Rng);
+    assert_not_impl_any!(NonCryptoRngType: CryptoRng);
+
+    assert_impl_all!(BoxedRngMutexWrapper<'static, NonCryptoRngType>: Rng);
+    assert_not_impl_any!(BoxedRngMutexWrapper<'static, NonCryptoRngType>: CryptoRng);
+    assert_impl_all!(BoxedRngMutexWrapper<'static, CryptoRngType>: Rng, CryptoRng);
+
+    assert_impl_all!(Rng08Adapter<NonCryptoRngType>: rand_0_8::RngCore);
+    assert_not_impl_any!(Rng08Adapter<NonCryptoRngType>: rand_0_8::CryptoRng);
+    assert_impl_all!(Rng08Adapter<CryptoRngType>: rand_0_8::Rng, rand_0_8::CryptoRng);
 
-    // Note: `ThreadRng` actually implements `CryptoRng`, even though we use it in `make_pseudo_rng`.
-    assert_impl_all!(BoxedRngMutexWrapper<'static, rand::rngs::ThreadRng>: Rng, CryptoRng);
+    assert_impl_all!(Rng09Adapter<NonCryptoRngType>: rand_0_9::RngCore);
+    assert_not_impl_any!(Rng09Adapter<NonCryptoRngType>: rand_0_9::CryptoRng);
+    assert_impl_all!(Rng09Adapter<CryptoRngType>: rand_0_9::Rng, rand_0_9::CryptoRng);
 }
diff --git a/supply-chain/config.toml b/supply-chain/config.toml
@@ -1005,7 +1005,7 @@ version = "1.0.17"
 criteria = "safe-to-deploy"
 
 [[exemptions.proptest]]
-version = "1.6.0"
+version = "1.11.0"
 criteria = "safe-to-deploy"
 
 [[exemptions.protobuf]]
@@ -1060,14 +1060,30 @@ criteria = "safe-to-deploy"
 version = "0.7.3"
 criteria = "safe-to-deploy"
 
+[[exemptions.rand]]
+version = "0.8.6"
+criteria = "safe-to-deploy"
+
+[[exemptions.rand]]
+version = "0.9.4"
+criteria = "safe-to-deploy"
+
 [[exemptions.rand_chacha]]
 version = "0.2.2"
 criteria = "safe-to-deploy"
 
+[[exemptions.rand_chacha]]
+version = "0.10.0"
+criteria = "safe-to-deploy"
+
 [[exemptions.rand_core]]
 version = "0.5.1"
 criteria = "safe-to-deploy"
 
+[[exemptions.rand_core]]
+version = "0.10.1"
+criteria = "safe-to-deploy"
+
 [[exemptions.rand_hc]]
 version = "0.2.0"
 criteria = "safe-to-deploy"
diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock
diff --git a/utils/src/bloom_filters/bloom_filter.rs b/utils/src/bloom_filters/bloom_filter.rs
diff --git a/utils/src/fixed_hash.rs b/utils/src/fixed_hash.rs

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ pub mod error;`
`17`	`17`
`18`	`18`	`use zeroize::Zeroize;`
`19`	`19`
`20`		`-use randomness::{adapters::RngCore08Adapter, CryptoRng};`
	`20`	`+use randomness::{adapters::Rng08Adapter, CryptoRng};`
`21`	`21`	`use serialization::{Decode, DecodeAll, Encode};`
`22`	`22`
`23`	`23`	`use crate::symkey;`
`@@ -48,7 +48,7 @@ pub struct EndToEndPrivateKey {`
`48`	`48`	`impl EndToEndPrivateKey {`
`49`	`49`	`pub fn new_from_rng<R: CryptoRng>(rng: &mut R) -> EndToEndPrivateKey {`
`50`	`50`	`EndToEndPrivateKey {`
`51`		`- key: x25519_dalek::ReusableSecret::random_from_rng(&mut RngCore08Adapter(rng)),`
	`51`	`+ key: x25519_dalek::ReusableSecret::random_from_rng(Rng08Adapter(rng)),`
`52`	`52`	`}`
`53`	`53`	`}`
`54`	`54`