diff --git a/Cargo.lock b/Cargo.lock index a0a002111c6..0de2d66e585 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3153,7 +3153,7 @@ dependencies = [ "omicron-workspace-hack", "oxide-client", "oxide-tokio-rt", - "rand 0.8.5", + "rand 0.9.2", "reqwest", "russh", "russh-keys", @@ -3712,7 +3712,7 @@ dependencies = [ "omicron-uuid-kinds", "omicron-workspace-hack", "progenitor 0.10.0", - "rand 0.8.5", + "rand 0.9.2", "reqwest", "schemars", "serde", @@ -3892,7 +3892,7 @@ dependencies = [ "digest", "omicron-workspace-hack", "proptest", - "rand 0.9.1", + "rand 0.9.2", "secrecy 0.10.3", "serde", "subtle", @@ -4223,7 +4223,7 @@ dependencies = [ "hickory-proto 0.25.2", "once_cell", "radix_trie", - "rand 0.9.1", + "rand 0.9.2", "thiserror 2.0.12", "tokio", "tracing", @@ -4269,7 +4269,7 @@ dependencies = [ "idna", "ipnet", "once_cell", - "rand 0.9.1", + "rand 0.9.2", "ring", "serde", "thiserror 2.0.12", @@ -4313,7 +4313,7 @@ dependencies = [ "moka", "once_cell", "parking_lot 0.12.3", - "rand 0.9.1", + "rand 0.9.2", "resolv-conf", "smallvec 1.15.1", "thiserror 2.0.12", @@ -6426,7 +6426,7 @@ dependencies = [ "oxnet", "parse-display", "pq-sys", - "rand 0.8.5", + "rand 0.9.2", "ref-cast", "regex", "schemars", @@ -6507,7 +6507,7 @@ dependencies = [ "predicates", "pretty_assertions", "qorb", - "rand 0.8.5", + "rand 0.9.2", "rcgen", "ref-cast", "regex", @@ -6552,7 +6552,7 @@ dependencies = [ "omicron-common", "omicron-workspace-hack", "oxnet", - "rand 0.8.5", + "rand 0.9.2", "serde_json", ] @@ -6702,7 +6702,7 @@ dependencies = [ "omicron-uuid-kinds", "omicron-workspace-hack", "qorb", - "rand 0.8.5", + "rand 0.9.2", "repo-depot-api", "repo-depot-client", "reqwest", @@ -6870,7 +6870,7 @@ dependencies = [ "once_cell", "oxnet", "proptest", - "rand 0.8.5", + "rand 0.9.2", "semver 1.0.26", "sled-agent-client", "slog", @@ -7653,7 +7653,7 @@ dependencies = [ "progenitor-client 0.10.0", "proptest", "protocol", - "rand 0.8.5", + "rand 0.9.2", "regress", "reqwest", "schemars", @@ -7957,7 +7957,7 @@ dependencies = [ "progenitor-client 0.10.0", "propolis-client 0.1.0 (git+https://github.com/oxidecomputer/propolis?rev=23b06c2f452a97fac1dc12561d8451ce876d7c5a)", "qorb", - "rand 0.8.5", + "rand 0.9.2", "range-requests", "rcgen", "ref-cast", @@ -8179,7 +8179,7 @@ dependencies = [ "clap", "criterion", "omicron-workspace-hack", - "rand 0.8.5", + "rand 0.9.2", "rust-argon2", "schemars", "secrecy 0.10.3", @@ -8382,7 +8382,7 @@ dependencies = [ "propolis-client 0.1.0 (git+https://github.com/oxidecomputer/propolis?rev=23b06c2f452a97fac1dc12561d8451ce876d7c5a)", "propolis-mock-server", "propolis_api_types", - "rand 0.8.5", + "rand 0.9.2", "range-requests", "rcgen", "repo-depot-api", @@ -8582,7 +8582,7 @@ dependencies = [ "predicates", "proc-macro2", "rand 0.8.5", - "rand 0.9.1", + "rand 0.9.2", "rand_chacha 0.3.1", "rand_chacha 0.9.0", "regex", @@ -8923,7 +8923,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "progenitor-client 0.10.0", - "rand 0.8.5", + "rand 0.9.2", "regress", "reqwest", "serde", @@ -9053,7 +9053,7 @@ dependencies = [ "oximeter-client", "oximeter-db", "qorb", - "rand 0.8.5", + "rand 0.9.2", "reqwest", "schemars", "semver 1.0.26", @@ -9155,7 +9155,7 @@ dependencies = [ "libc", "omicron-workspace-hack", "oximeter 0.1.0", - "rand 0.8.5", + "rand 0.9.2", "schemars", "serde", "slog", @@ -9309,7 +9309,7 @@ dependencies = [ "omicron-workspace-hack", "oximeter-macro-impl 0.1.0", "parse-display", - "rand 0.8.5", + "rand 0.9.2", "rand_distr", "regex", "rstest", @@ -9471,7 +9471,7 @@ name = "parallel-task-set" version = "0.1.0" dependencies = [ "omicron-workspace-hack", - "rand 0.8.5", + "rand 0.9.2", "tokio", ] @@ -10031,7 +10031,7 @@ dependencies = [ "hmac", "md-5", "memchr", - "rand 0.9.1", + "rand 0.9.2", "sha2", "stringprep", ] @@ -10555,7 +10555,7 @@ dependencies = [ "bitflags 2.9.1", "lazy_static", "num-traits", - "rand 0.9.1", + "rand 0.9.2", "rand_chacha 0.9.0", "rand_xorshift", "regex-syntax 0.8.5", @@ -10603,7 +10603,7 @@ dependencies = [ "derive-where", "futures", "hickory-resolver 0.24.4", - "rand 0.9.1", + "rand 0.9.2", "serde", "thiserror 2.0.12", "tokio", @@ -10725,12 +10725,12 @@ dependencies = [ [[package]] name = "rand" -version = "0.9.1" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97" +checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" dependencies = [ "rand_chacha 0.9.0", - "rand_core 0.9.2", + "rand_core 0.9.3", ] [[package]] @@ -10750,7 +10750,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" dependencies = [ "ppv-lite86", - "rand_core 0.9.2", + "rand_core 0.9.3", ] [[package]] @@ -10764,31 +10764,30 @@ dependencies = [ [[package]] name = "rand_core" -version = "0.9.2" +version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a509b1a2ffbe92afab0e55c8fd99dea1c280e8171bd2d88682bb20bc41cbc2c" +checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" dependencies = [ "getrandom 0.3.1", - "zerocopy 0.8.26", ] [[package]] name = "rand_distr" -version = "0.4.3" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32cb0b9bc82b0a0876c2dd994a7e7a2683d3e7390ca40e6886785ef0c7e3ee31" +checksum = "6a8615d50dcf34fa31f7ab52692afec947c4dd0ab803cc87cb3b0b4570ff7463" dependencies = [ "num-traits", - "rand 0.8.5", + "rand 0.9.2", ] [[package]] name = "rand_seeder" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4a9febe641d2842ffc76ee962668a17578767c4e01735e4802b21ed9a24b2e4e" +checksum = "502927fdfc3c9645d53e0c95bb2d53783b5a15bfeaeeb96f7703c21fbb76841e" dependencies = [ - "rand_core 0.6.4", + "rand_core 0.9.3", ] [[package]] @@ -10797,7 +10796,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "513962919efc330f829edb2535844d1b912b0fbe2ca165d613e4e8788bb05a5a" dependencies = [ - "rand_core 0.9.2", + "rand_core 0.9.3", ] [[package]] @@ -11665,7 +11664,7 @@ dependencies = [ "openssl-sys", "pkg-config", "quick-xml", - "rand 0.9.1", + "rand 0.9.2", "serde", "thiserror 2.0.12", "url", @@ -12472,7 +12471,7 @@ dependencies = [ "once_cell", "oxlog", "parallel-task-set", - "rand 0.8.5", + "rand 0.9.2", "regex", "schemars", "serde", @@ -12502,7 +12501,7 @@ dependencies = [ "omicron-test-utils", "omicron-uuid-kinds", "omicron-workspace-hack", - "rand 0.8.5", + "rand 0.9.2", "schemars", "serde", "sled-hardware-types", @@ -12546,7 +12545,7 @@ dependencies = [ "omicron-test-utils", "omicron-uuid-kinds", "omicron-workspace-hack", - "rand 0.8.5", + "rand 0.9.2", "schemars", "serde", "serde_json", @@ -13715,7 +13714,7 @@ dependencies = [ "pin-project-lite", "postgres-protocol", "postgres-types", - "rand 0.9.1", + "rand 0.9.2", "socket2 0.5.10", "tokio", "tokio-util", @@ -14175,7 +14174,7 @@ dependencies = [ "omicron-uuid-kinds", "omicron-workspace-hack", "proptest", - "rand 0.8.5", + "rand 0.9.2", "secrecy 0.10.3", "serde", "serde_with", @@ -14372,8 +14371,8 @@ version = "0.1.0" dependencies = [ "newtype-uuid", "omicron-workspace-hack", - "rand 0.8.5", - "rand_core 0.6.4", + "rand 0.9.2", + "rand_core 0.9.3", "rand_seeder", "uuid", ] @@ -14681,7 +14680,7 @@ dependencies = [ "omicron-common", "omicron-test-utils", "omicron-workspace-hack", - "rand 0.8.5", + "rand 0.9.2", "semver 1.0.26", "sha2", "slog", @@ -15289,7 +15288,7 @@ dependencies = [ "openapiv3", "oxide-tokio-rt", "oxnet", - "rand 0.8.5", + "rand 0.9.2", "reqwest", "schemars", "semver 1.0.26", diff --git a/Cargo.toml b/Cargo.toml index b0827a56737..79c9e20e4a4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -639,12 +639,12 @@ propolis-mock-server = { git = "https://github.com/oxidecomputer/propolis", rev proptest = "1.7.0" qorb = "0.4.1" quote = "1.0" -rand = "0.8.5" -# We're still in the middle of migrating to rand 0.9. -rand09 = { package = "rand", version = "0.9.1" } -rand_core = "0.6.4" -rand_distr = "0.4.3" -rand_seeder = "0.3.0" +# Some dependencies still require rand 0.8.x. +rand08 = { package = "rand", version = "0.8.5" } +rand = "0.9.2" +rand_core = "0.9.3" +rand_distr = "0.5.1" +rand_seeder = "0.4.0" range-requests = { path = "range-requests" } ratatui = "0.29.0" rayon = "1.10" diff --git a/bootstore/Cargo.toml b/bootstore/Cargo.toml index 3dc62159170..0f11f2e32dc 100644 --- a/bootstore/Cargo.toml +++ b/bootstore/Cargo.toml @@ -20,7 +20,8 @@ derive_more.workspace = true hex.workspace = true hkdf.workspace = true omicron-common.workspace = true -rand = { workspace = true, features = ["getrandom"] } +# vsss-rs requires rand 0.8 +rand08 = { workspace = true, features = ["getrandom"] } secrecy.workspace = true serde.workspace = true serde_with.workspace = true diff --git a/bootstore/src/schemes/v0/share_pkg.rs b/bootstore/src/schemes/v0/share_pkg.rs index 663ad44fae6..d781230636d 100644 --- a/bootstore/src/schemes/v0/share_pkg.rs +++ b/bootstore/src/schemes/v0/share_pkg.rs @@ -8,7 +8,7 @@ use crate::Sha3_256Digest; use crate::trust_quorum::{RackSecret, TrustQuorumError}; use chacha20poly1305::{ChaCha20Poly1305, Key, KeyInit, aead::Aead}; use hkdf::Hkdf; -use rand::{RngCore, rngs::OsRng}; +use rand08::{RngCore, rngs::OsRng}; use secrecy::{ExposeSecret, SecretBox}; use serde::{Deserialize, Serialize}; use sha3::{Digest, Sha3_256}; @@ -129,7 +129,7 @@ pub fn create_pkgs( let shares = rack_secret.split(threshold, total_shares)?; let share_digests = share_digests(&shares); let mut salt = [0u8; 32]; - OsRng.fill_bytes(&mut salt); + OsRng.try_fill_bytes(&mut salt).expect("fetched random bytes"); let cipher = derive_encryption_key(&rack_uuid, &rack_secret, &salt); let mut pkgs = Vec::with_capacity(n as usize); for i in 0..n { @@ -181,7 +181,7 @@ pub fn create_pkgs( // a counter. fn new_nonce(i: u8) -> [u8; 12] { let mut nonce = [0u8; 12]; - OsRng.fill_bytes(&mut nonce[..11]); + OsRng.try_fill_bytes(&mut nonce[..11]).expect("fetched random bytes"); nonce[11] = i; nonce } @@ -266,8 +266,7 @@ impl fmt::Debug for SharePkg { #[cfg(test)] mod tests { use super::*; - use rand::seq::SliceRandom; - use rand::thread_rng; + use rand08::seq::SliceRandom; use secrecy::ExposeSecret; #[test] @@ -335,7 +334,7 @@ mod tests { // Grab a threshold of random shares and ensure that we can recompute // the rack secret - let mut rng = &mut thread_rng(); + let mut rng = &mut rand08::thread_rng(); let random_shares: Vec<_> = decrypted_shares.choose_multiple(&mut rng, 3).cloned().collect(); let rack_secret2 = RackSecret::combine_shares(&random_shares).unwrap(); diff --git a/bootstore/src/trust_quorum/rack_secret.rs b/bootstore/src/trust_quorum/rack_secret.rs index b6fa61cc9a7..3b7b4f38962 100644 --- a/bootstore/src/trust_quorum/rack_secret.rs +++ b/bootstore/src/trust_quorum/rack_secret.rs @@ -2,7 +2,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at https://mozilla.org/MPL/2.0/. -use rand::rngs::OsRng; +use rand08::rngs::OsRng; use secrecy::{ExposeSecret, SecretBox}; use std::fmt::Debug; use vsss_rs::curve25519::WrappedScalar; @@ -63,6 +63,7 @@ impl RackSecret { /// Create a secret based on Curve25519 pub fn new() -> RackSecret { let mut rng = OsRng; + RackSecret { secret: SecretBox::new(Box::new(Scalar::random(&mut rng))), } diff --git a/common/src/api/external/mod.rs b/common/src/api/external/mod.rs index b2be2ab0ef7..cdd208f1da7 100644 --- a/common/src/api/external/mod.rs +++ b/common/src/api/external/mod.rs @@ -28,7 +28,6 @@ use oxnet::Ipv4Net; use parse_display::Display; use parse_display::FromStr; use rand::Rng; -use rand::thread_rng; use schemars::JsonSchema; use semver::Version; use serde::Deserialize; @@ -2303,15 +2302,15 @@ impl MacAddr { /// Generate a random MAC address for a guest network interface pub fn random_guest() -> Self { - let value = - thread_rng().gen_range(Self::MIN_GUEST_ADDR..=Self::MAX_GUEST_ADDR); + let value = rand::rng() + .random_range(Self::MIN_GUEST_ADDR..=Self::MAX_GUEST_ADDR); Self::from_i64(value) } /// Generate a random MAC address in the system address range pub fn random_system() -> Self { - let value = thread_rng() - .gen_range((Self::MAX_SYSTEM_RESV + 1)..=Self::MAX_SYSTEM_ADDR); + let value = rand::rng() + .random_range((Self::MAX_SYSTEM_RESV + 1)..=Self::MAX_SYSTEM_ADDR); Self::from_i64(value) } @@ -2455,12 +2454,12 @@ impl Vni { /// Create a new random VNI. pub fn random() -> Self { - Self(rand::thread_rng().gen_range(Self::MIN_GUEST_VNI..=Self::MAX_VNI)) + Self(rand::rng().random_range(Self::MIN_GUEST_VNI..=Self::MAX_VNI)) } /// Create a new random VNI in the Oxide-reserved space. pub fn random_system() -> Self { - Self(rand::thread_rng().gen_range(0..Self::MIN_GUEST_VNI)) + Self(rand::rng().random_range(0..Self::MIN_GUEST_VNI)) } } diff --git a/end-to-end-tests/src/helpers/mod.rs b/end-to-end-tests/src/helpers/mod.rs index 06beb09be9f..2c515561032 100644 --- a/end-to-end-tests/src/helpers/mod.rs +++ b/end-to-end-tests/src/helpers/mod.rs @@ -5,12 +5,12 @@ pub mod icmp; use self::ctx::nexus_addr; use anyhow::{Result, bail}; use oxide_client::types::Name; -use rand::{Rng, thread_rng}; +use rand::Rng; use std::env; use std::net::{IpAddr, Ipv4Addr}; pub fn generate_name(prefix: &str) -> Result { - format!("{}-{:x}", prefix, thread_rng().gen_range(0..0xfff_ffff_ffffu64)) + format!("{}-{:x}", prefix, rand::rng().random_range(0..0xfff_ffff_ffffu64)) .try_into() .map_err(anyhow::Error::msg) } diff --git a/nexus/db-model/src/device_auth.rs b/nexus/db-model/src/device_auth.rs index e2d8d7ce7df..05db1d8afdb 100644 --- a/nexus/db-model/src/device_auth.rs +++ b/nexus/db-model/src/device_auth.rs @@ -12,7 +12,7 @@ use nexus_db_schema::schema::{device_access_token, device_auth_request}; use chrono::{DateTime, Duration, Utc}; use nexus_types::external_api::views; use omicron_uuid_kinds::{AccessTokenKind, GenericUuid, TypedUuid}; -use rand::{Rng, RngCore, SeedableRng, distributions::Slice, rngs::StdRng}; +use rand::{Rng, RngCore, SeedableRng, rngs::StdRng}; use std::num::NonZeroU32; use uuid::Uuid; @@ -68,7 +68,7 @@ const TOKEN_LENGTH: usize = 20; // and probably also the key generation in the disk creation saga. fn generate_token() -> String { let mut bytes: [u8; TOKEN_LENGTH] = [0; TOKEN_LENGTH]; - let mut rng = StdRng::from_entropy(); + let mut rng = StdRng::from_os_rng(); rng.fill_bytes(&mut bytes); hex::encode(bytes) } @@ -88,8 +88,9 @@ const USER_CODE_WORD_LENGTH: usize = 4; /// Generate a short random user code like `BQPX-FGQR`. fn generate_user_code() -> String { - let rng = StdRng::from_entropy(); - let dist = Slice::new(&USER_CODE_ALPHABET[..]).expect("non-empty slice"); + let rng = StdRng::from_os_rng(); + let dist = rand::distr::slice::Choose::new(&USER_CODE_ALPHABET[..]) + .expect("non-empty slice"); let chars: Vec = rng .sample_iter(dist) .take(USER_CODE_LENGTH) diff --git a/nexus/db-model/src/ipv6net.rs b/nexus/db-model/src/ipv6net.rs index 128be268735..ac5d2b73a0a 100644 --- a/nexus/db-model/src/ipv6net.rs +++ b/nexus/db-model/src/ipv6net.rs @@ -58,7 +58,7 @@ impl Ipv6Net { let mut rng = if cfg!(test) { StdRng::seed_from_u64(0) } else { - StdRng::from_entropy() + StdRng::from_os_rng() }; let random = (u128::from(rng.next_u64()) << 64) | u128::from(rng.next_u64()); diff --git a/nexus/db-queries/src/db/datastore/deployment.rs b/nexus/db-queries/src/db/datastore/deployment.rs index 4c797fee4ac..1f9c022ce4d 100644 --- a/nexus/db-queries/src/db/datastore/deployment.rs +++ b/nexus/db-queries/src/db/datastore/deployment.rs @@ -3011,7 +3011,6 @@ mod tests { use oxnet::IpNet; use pretty_assertions::assert_eq; use rand::Rng; - use rand::thread_rng; use std::collections::BTreeSet; use std::mem; use std::net::IpAddr; @@ -3146,7 +3145,7 @@ mod tests { ) }) .collect(); - let ip = ip.unwrap_or_else(|| thread_rng().gen::().into()); + let ip = ip.unwrap_or_else(|| rand::rng().random::().into()); let resources = SledResources { zpools, subnet: Ipv6Subnet::new(ip) }; SledDetails { policy: SledPolicy::provisionable(), diff --git a/nexus/db-queries/src/db/datastore/nat_entry.rs b/nexus/db-queries/src/db/datastore/nat_entry.rs index d0a7b5f242a..5300ba38aec 100644 --- a/nexus/db-queries/src/db/datastore/nat_entry.rs +++ b/nexus/db-queries/src/db/datastore/nat_entry.rs @@ -822,9 +822,7 @@ mod test { } // delete a subset of the entries - for entry in - db_records.iter().choose_multiple(&mut rand::thread_rng(), 50) - { + for entry in db_records.iter().choose_multiple(&mut rand::rng(), 50) { datastore.nat_delete(&opctx, entry).await.unwrap(); } diff --git a/nexus/db-queries/src/db/datastore/saga.rs b/nexus/db-queries/src/db/datastore/saga.rs index 9ebdc007248..ccc6a92b27b 100644 --- a/nexus/db-queries/src/db/datastore/saga.rs +++ b/nexus/db-queries/src/db/datastore/saga.rs @@ -297,7 +297,7 @@ mod test { // Shuffle these sagas into a random order to check that the pagination // order is working as intended on the read path, which we'll do later // in this test. - inserted_sagas.shuffle(&mut rand::thread_rng()); + inserted_sagas.shuffle(&mut rand::rng()); // Insert the batches of unfinished sagas into the database let conn = datastore @@ -380,7 +380,7 @@ mod test { // Shuffle these nodes into a random order to check that the pagination // order is working as intended on the read path, which we'll do later // in this test. - inserted_nodes.shuffle(&mut rand::thread_rng()); + inserted_nodes.shuffle(&mut rand::rng()); // Insert them into the database let conn = datastore diff --git a/nexus/db-queries/src/db/datastore/support_bundle.rs b/nexus/db-queries/src/db/datastore/support_bundle.rs index 05195def6df..9f740364390 100644 --- a/nexus/db-queries/src/db/datastore/support_bundle.rs +++ b/nexus/db-queries/src/db/datastore/support_bundle.rs @@ -608,7 +608,7 @@ mod test { SledBaseboard { serial_number: format!( "test-{}", - rand::thread_rng().gen::() + rand::rng().random::() ), part_number: "test-pn".to_string(), revision: 0, diff --git a/nexus/db-queries/src/transaction_retry.rs b/nexus/db-queries/src/transaction_retry.rs index a57d0de2fa1..dde66c0c8d9 100644 --- a/nexus/db-queries/src/transaction_retry.rs +++ b/nexus/db-queries/src/transaction_retry.rs @@ -9,7 +9,7 @@ use chrono::Utc; use diesel::result::Error as DieselError; use nexus_db_lookup::DbConnection; use oximeter::{MetricsError, types::Sample}; -use rand::{Rng, thread_rng}; +use rand::Rng; use slog::{Logger, info, warn}; use std::sync::{Arc, Mutex}; use std::time::Duration; @@ -158,8 +158,8 @@ impl RetryHelper { // will keep track of the failing transaction and identify that it's a // high-priority target for CTE conversion. let duration = { - let mut rng = thread_rng(); - rng.gen_range(MIN_RETRY_BACKOFF..MAX_RETRY_BACKOFF) + let mut rng = rand::rng(); + rng.random_range(MIN_RETRY_BACKOFF..MAX_RETRY_BACKOFF) }; warn!( diff --git a/nexus/defaults/src/lib.rs b/nexus/defaults/src/lib.rs index 6f6afe171f5..7ac164e9665 100644 --- a/nexus/defaults/src/lib.rs +++ b/nexus/defaults/src/lib.rs @@ -19,6 +19,7 @@ use omicron_common::api::external::VpcFirewallRuleUpdate; use omicron_common::api::external::VpcFirewallRuleUpdateParams; use oxnet::Ipv4Net; use oxnet::Ipv6Net; +use rand::TryRngCore; use std::net::Ipv4Addr; use std::net::Ipv6Addr; use std::sync::LazyLock; @@ -93,10 +94,9 @@ pub static DEFAULT_FIREWALL_RULES: LazyLock = /// Generate a random VPC IPv6 prefix, in the range `fd00::/48`. pub fn random_vpc_ipv6_prefix() -> Result { - use rand::Rng; let mut bytes = [0u8; 16]; bytes[0] = 0xfd; - rand::thread_rng().try_fill(&mut bytes[1..6]).map_err(|_| { + rand::rng().try_fill_bytes(&mut bytes[1..6]).map_err(|_| { external::Error::internal_error( "Unable to allocate random IPv6 address range", ) diff --git a/nexus/reconfigurator/planning/src/planner/rng.rs b/nexus/reconfigurator/planning/src/planner/rng.rs index cdab48d1c88..74424975c84 100644 --- a/nexus/reconfigurator/planning/src/planner/rng.rs +++ b/nexus/reconfigurator/planning/src/planner/rng.rs @@ -41,7 +41,7 @@ pub struct PlannerRng { impl PlannerRng { pub fn from_entropy() -> Self { - Self::new_from_parent(StdRng::from_entropy()) + Self::new_from_parent(StdRng::from_os_rng()) } pub fn from_seed(seed: H) -> Self { diff --git a/nexus/src/app/background/tasks/tuf_artifact_replication.rs b/nexus/src/app/background/tasks/tuf_artifact_replication.rs index c8247073ec7..9f1e85d1086 100644 --- a/nexus/src/app/background/tasks/tuf_artifact_replication.rs +++ b/nexus/src/app/background/tasks/tuf_artifact_replication.rs @@ -79,7 +79,7 @@ use nexus_types::internal_api::background::{ }; use omicron_common::api::external::Generation; use omicron_uuid_kinds::{GenericUuid, SledUuid}; -use rand::seq::SliceRandom; +use rand::seq::{IndexedRandom, SliceRandom}; use serde_json::json; use sled_agent_client::types::ArtifactConfig; use slog_error_chain::InlineErrorChain; @@ -509,7 +509,7 @@ impl BackgroundTask for ArtifactReplication { ); let requests = inventory.into_requests( &sleds, - &mut rand::thread_rng(), + &mut rand::rng(), self.min_sled_replication, ); requests @@ -797,7 +797,7 @@ mod tests { (0..n) .map(|_| Sled { id: SledUuid::from_untyped_uuid( - uuid::Builder::from_random_bytes(rng.gen()).into_uuid(), + uuid::Builder::from_random_bytes(rng.random()).into_uuid(), ), client: sled_agent_client::Client::new( "http://invalid.test", @@ -895,7 +895,7 @@ mod tests { let mut inventory = BTreeMap::new(); for _ in 0..2 { inventory.insert( - ArtifactHash(rng.gen()), + ArtifactHash(rng.random()), ArtifactPresence { sleds: BTreeMap::new(), local: Some(ArtifactHandle::Fake), @@ -931,7 +931,7 @@ mod tests { let mut inventory = BTreeMap::new(); for _ in 0..10 { inventory.insert( - ArtifactHash(rng.gen()), + ArtifactHash(rng.random()), ArtifactPresence { sleds: sled_presence.clone(), local: None }, ); } @@ -958,7 +958,7 @@ mod tests { let sleds = fake_sleds(4, &mut rng); let mut inventory = BTreeMap::new(); inventory.insert( - ArtifactHash(rng.gen()), + ArtifactHash(rng.random()), ArtifactPresence { sleds: sleds .iter() @@ -991,7 +991,7 @@ mod tests { let sleds = fake_sleds(4, &mut rng); let mut inventory = BTreeMap::new(); inventory.insert( - ArtifactHash(rng.gen()), + ArtifactHash(rng.random()), ArtifactPresence { sleds: sleds.iter().map(|sled| (sled.id, 2)).collect(), local: None, diff --git a/nexus/src/app/sagas/disk_create.rs b/nexus/src/app/sagas/disk_create.rs index 582b74aed92..7483452e0f8 100644 --- a/nexus/src/app/sagas/disk_create.rs +++ b/nexus/src/app/sagas/disk_create.rs @@ -481,7 +481,7 @@ async fn sdc_regions_ensure( } // Create volume construction request for this disk - let mut rng = StdRng::from_entropy(); + let mut rng = StdRng::from_os_rng(); let volume_construction_request = VolumeConstructionRequest::Volume { id: disk_id, block_size, diff --git a/nexus/src/app/sagas/snapshot_create.rs b/nexus/src/app/sagas/snapshot_create.rs index c6d019becb7..abd4969a388 100644 --- a/nexus/src/app/sagas/snapshot_create.rs +++ b/nexus/src/app/sagas/snapshot_create.rs @@ -519,7 +519,7 @@ async fn ssc_regions_ensure( let extent_count = datasets_and_regions[0].1.extent_count; // Create volume construction request - let mut rng = StdRng::from_entropy(); + let mut rng = StdRng::from_os_rng(); let volume_construction_request = VolumeConstructionRequest::Volume { id: *destination_volume_id.as_untyped_uuid(), block_size, diff --git a/nexus/src/app/session.rs b/nexus/src/app/session.rs index 36bedf393ac..d5eb2ab3b7c 100644 --- a/nexus/src/app/session.rs +++ b/nexus/src/app/session.rs @@ -27,7 +27,7 @@ fn generate_session_token() -> String { // TODO: "If getrandom is unable to provide secure entropy this method will panic." // Should we explicitly handle that? // TODO: store generator somewhere so we don't reseed every time - let mut rng = StdRng::from_entropy(); + let mut rng = StdRng::from_os_rng(); // OWASP recommends at least 64 bits of entropy, OAuth 2 spec 128 minimum, 160 recommended // 20 bytes = 160 bits of entropy // TODO: the size should be a constant somewhere, maybe even in config? diff --git a/nexus/tests/integration_tests/volume_management.rs b/nexus/tests/integration_tests/volume_management.rs index 57c41d80163..d9cdb6a16cb 100644 --- a/nexus/tests/integration_tests/volume_management.rs +++ b/nexus/tests/integration_tests/volume_management.rs @@ -965,7 +965,7 @@ async fn test_multiple_layers_of_snapshots_random_delete_order( DeleteObject::Snapshot("layer-3-snapshot".to_string()), ]; - let mut rng = StdRng::from_entropy(); + let mut rng = StdRng::from_os_rng(); objects.shuffle(&mut rng); objects diff --git a/nexus/tests/tuf-replication/new_sled.txt b/nexus/tests/tuf-replication/new_sled.txt index 925322104a6..a512300a142 100644 --- a/nexus/tests/tuf-replication/new_sled.txt +++ b/nexus/tests/tuf-replication/new_sled.txt @@ -1,30 +1,30 @@ -- COPY 6b0a41403276437b25f0ffbe897cf476c0777e9d246ff3974ac5f1b350aa16c4 - from b24b8ec1-68fe-4896-b5b7-0ccb10f1a705 +- COPY 9d075952b58036f2a7b561446592403c672f0dbe129f1e39113f9f6164ea2867 + from e061d0fd-fa18-4618-928b-0d44efef92cb to f44b581f-2322-4c10-916b-17a369b4da03 - COPY 91e0e00df6c012cded9ef9ba5e5bf042464b5ca6488b897c005b2e17f00fc0bc from 0b20868c-c619-454c-82a1-c61be9902717 to f44b581f-2322-4c10-916b-17a369b4da03 -- COPY f8deccf3c3c518f146de9554f03f27a83d5b1185f39e71ef357e2bd9e1396251 - from 9b07815f-0449-4e2e-85d2-2cac3aa06141 - to f44b581f-2322-4c10-916b-17a369b4da03 - COPY 83fa4146c34e4d5ca8f7f7dfaa083b1c11af4b844ff94b3fbef6e36b518da3ad - from 9b07815f-0449-4e2e-85d2-2cac3aa06141 - to f44b581f-2322-4c10-916b-17a369b4da03 -- COPY 4c5856fa686464524a876b463d1297603568c40e814d9d5396d23087a0fd641e from 0b20868c-c619-454c-82a1-c61be9902717 to f44b581f-2322-4c10-916b-17a369b4da03 - COPY 20b28cdd32138ae34d22e6397af3a9a71e4efa1fbad16cb0cfafde5b2884858e from e061d0fd-fa18-4618-928b-0d44efef92cb to f44b581f-2322-4c10-916b-17a369b4da03 -- COPY 2ea0d7117b30c8c8436ce7a9254b30d253e4567ccafa5f36ce84c80aa8bc9be6 +- COPY 4e0d5ae796884274aef3005ae6733809c8ec1d5b84dd6289e193b9f88de4a994 from 0b20868c-c619-454c-82a1-c61be9902717 to f44b581f-2322-4c10-916b-17a369b4da03 +- COPY 6b0a41403276437b25f0ffbe897cf476c0777e9d246ff3974ac5f1b350aa16c4 + from b24b8ec1-68fe-4896-b5b7-0ccb10f1a705 + to f44b581f-2322-4c10-916b-17a369b4da03 +- COPY 2ea0d7117b30c8c8436ce7a9254b30d253e4567ccafa5f36ce84c80aa8bc9be6 + from e061d0fd-fa18-4618-928b-0d44efef92cb + to f44b581f-2322-4c10-916b-17a369b4da03 - COPY 358c9f856135236c3e75a925e1c77ac34127c8baefbea0939f1524712b4d37a0 from 0b20868c-c619-454c-82a1-c61be9902717 to f44b581f-2322-4c10-916b-17a369b4da03 -- COPY 4e0d5ae796884274aef3005ae6733809c8ec1d5b84dd6289e193b9f88de4a994 - from e061d0fd-fa18-4618-928b-0d44efef92cb +- COPY f8deccf3c3c518f146de9554f03f27a83d5b1185f39e71ef357e2bd9e1396251 + from b24b8ec1-68fe-4896-b5b7-0ccb10f1a705 to f44b581f-2322-4c10-916b-17a369b4da03 -- COPY 9d075952b58036f2a7b561446592403c672f0dbe129f1e39113f9f6164ea2867 - from e061d0fd-fa18-4618-928b-0d44efef92cb +- COPY 4c5856fa686464524a876b463d1297603568c40e814d9d5396d23087a0fd641e + from 9b07815f-0449-4e2e-85d2-2cac3aa06141 to f44b581f-2322-4c10-916b-17a369b4da03 diff --git a/nexus/tests/tuf-replication/simple_replicate.txt b/nexus/tests/tuf-replication/simple_replicate.txt index 7f409ddf87a..38d891e385e 100644 --- a/nexus/tests/tuf-replication/simple_replicate.txt +++ b/nexus/tests/tuf-replication/simple_replicate.txt @@ -1,90 +1,90 @@ - PUT 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c - to c8ec1d5b-84dd-4289-a193-b9f88de4a994 -- PUT 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - to 2ea0d711-7b30-48c8-836c-e7a9254b30d2 + to 672f0dbe-129f-4e39-913f-9f6164ea2867 - PUT 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c to 0b20868c-c619-454c-82a1-c61be9902717 - PUT 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c - to 53e4567c-cafa-4f36-8e84-c80aa8bc9be6 + to 2ea0d711-7b30-48c8-836c-e7a9254b30d2 - PUT 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - to f44b581f-2322-4c10-916b-17a369b4da03 + to c0777e9d-246f-4397-8ac5-f1b350aa16c4 +- PUT 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 + to e061d0fd-fa18-4618-928b-0d44efef92cb - PUT 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - to 0b20868c-c619-454c-82a1-c61be9902717 -- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - from 0b20868c-c619-454c-82a1-c61be9902717 to 53e4567c-cafa-4f36-8e84-c80aa8bc9be6 - COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - from f44b581f-2322-4c10-916b-17a369b4da03 + from 53e4567c-cafa-4f36-8e84-c80aa8bc9be6 + to 6b0a4140-3276-437b-a5f0-ffbe897cf476 +- COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c + from 672f0dbe-129f-4e39-913f-9f6164ea2867 to b24b8ec1-68fe-4896-b5b7-0ccb10f1a705 -- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - from 0b20868c-c619-454c-82a1-c61be9902717 - to f8deccf3-c3c5-48f1-86de-9554f03f27a8 -- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - from f44b581f-2322-4c10-916b-17a369b4da03 +- COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c + from 2ea0d711-7b30-48c8-836c-e7a9254b30d2 to e061d0fd-fa18-4618-928b-0d44efef92cb - COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - from f44b581f-2322-4c10-916b-17a369b4da03 - to 6b0a4140-3276-437b-a5f0-ffbe897cf476 -- COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c from 53e4567c-cafa-4f36-8e84-c80aa8bc9be6 - to 4e0d5ae7-9688-4274-aef3-005ae6733809 -- COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c - from 0b20868c-c619-454c-82a1-c61be9902717 - to 6b0a4140-3276-437b-a5f0-ffbe897cf476 + to 2ea0d711-7b30-48c8-836c-e7a9254b30d2 +- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 + from c0777e9d-246f-4397-8ac5-f1b350aa16c4 + to b24b8ec1-68fe-4896-b5b7-0ccb10f1a705 - COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c from 0b20868c-c619-454c-82a1-c61be9902717 + to 3d5b1185-f39e-41ef-b57e-2bd9e1396251 +- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 + from 53e4567c-cafa-4f36-8e84-c80aa8bc9be6 + to 358c9f85-6135-436c-be75-a925e1c77ac3 +- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 + from e061d0fd-fa18-4618-928b-0d44efef92cb to f44b581f-2322-4c10-916b-17a369b4da03 - COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c - from c8ec1d5b-84dd-4289-a193-b9f88de4a994 - to 3d5b1185-f39e-41ef-b57e-2bd9e1396251 + from 672f0dbe-129f-4e39-913f-9f6164ea2867 + to 4e0d5ae7-9688-4274-aef3-005ae6733809 - COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - from 2ea0d711-7b30-48c8-836c-e7a9254b30d2 + from c0777e9d-246f-4397-8ac5-f1b350aa16c4 to 4e0d5ae7-9688-4274-aef3-005ae6733809 -- COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c +- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 from 53e4567c-cafa-4f36-8e84-c80aa8bc9be6 - to 9b07815f-0449-4e2e-85d2-2cac3aa06141 -- COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c + to 3d5b1185-f39e-41ef-b57e-2bd9e1396251 +- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 from 53e4567c-cafa-4f36-8e84-c80aa8bc9be6 - to c0777e9d-246f-4397-8ac5-f1b350aa16c4 + to c8ec1d5b-84dd-4289-a193-b9f88de4a994 - COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c - from 0b20868c-c619-454c-82a1-c61be9902717 - to b24b8ec1-68fe-4896-b5b7-0ccb10f1a705 -- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - from 2ea0d711-7b30-48c8-836c-e7a9254b30d2 - to 358c9f85-6135-436c-be75-a925e1c77ac3 + from 672f0dbe-129f-4e39-913f-9f6164ea2867 + to 9d075952-b580-46f2-a7b5-61446592403c - COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - from 0b20868c-c619-454c-82a1-c61be9902717 - to 9b07815f-0449-4e2e-85d2-2cac3aa06141 + from e061d0fd-fa18-4618-928b-0d44efef92cb + to f8deccf3-c3c5-48f1-86de-9554f03f27a8 - COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c - from c8ec1d5b-84dd-4289-a193-b9f88de4a994 - to 672f0dbe-129f-4e39-913f-9f6164ea2867 -- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - from 2ea0d711-7b30-48c8-836c-e7a9254b30d2 - to c0777e9d-246f-4397-8ac5-f1b350aa16c4 + from 672f0dbe-129f-4e39-913f-9f6164ea2867 + to 53e4567c-cafa-4f36-8e84-c80aa8bc9be6 - COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c - from 0b20868c-c619-454c-82a1-c61be9902717 - to f8deccf3-c3c5-48f1-86de-9554f03f27a8 -- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 - from 0b20868c-c619-454c-82a1-c61be9902717 - to 672f0dbe-129f-4e39-913f-9f6164ea2867 -- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 from 0b20868c-c619-454c-82a1-c61be9902717 to c8ec1d5b-84dd-4289-a193-b9f88de4a994 - COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c - from 53e4567c-cafa-4f36-8e84-c80aa8bc9be6 - to e061d0fd-fa18-4618-928b-0d44efef92cb -- COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c - from c8ec1d5b-84dd-4289-a193-b9f88de4a994 + from 672f0dbe-129f-4e39-913f-9f6164ea2867 + to 6b0a4140-3276-437b-a5f0-ffbe897cf476 +- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 + from e061d0fd-fa18-4618-928b-0d44efef92cb to 9d075952-b580-46f2-a7b5-61446592403c +- COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 + from c0777e9d-246f-4397-8ac5-f1b350aa16c4 + to 672f0dbe-129f-4e39-913f-9f6164ea2867 - COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c - from 0b20868c-c619-454c-82a1-c61be9902717 - to 2ea0d711-7b30-48c8-836c-e7a9254b30d2 + from 672f0dbe-129f-4e39-913f-9f6164ea2867 + to c0777e9d-246f-4397-8ac5-f1b350aa16c4 - COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c - from 0b20868c-c619-454c-82a1-c61be9902717 + from 672f0dbe-129f-4e39-913f-9f6164ea2867 + to f8deccf3-c3c5-48f1-86de-9554f03f27a8 +- COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c + from 672f0dbe-129f-4e39-913f-9f6164ea2867 to 358c9f85-6135-436c-be75-a925e1c77ac3 - COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 + from c0777e9d-246f-4397-8ac5-f1b350aa16c4 + to 9b07815f-0449-4e2e-85d2-2cac3aa06141 +- COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c from 2ea0d711-7b30-48c8-836c-e7a9254b30d2 - to 3d5b1185-f39e-41ef-b57e-2bd9e1396251 + to 9b07815f-0449-4e2e-85d2-2cac3aa06141 - COPY 4127c8baefbea0939f1524712b4d37a020b28cdd32138ae34d22e6397af3a9a7 + from c0777e9d-246f-4397-8ac5-f1b350aa16c4 + to 0b20868c-c619-454c-82a1-c61be9902717 +- COPY 1e4efa1fbad16cb0cfafde5b2884858e83fa4146c34e4d5ca8f7f7dfaa083b1c from 0b20868c-c619-454c-82a1-c61be9902717 - to 9d075952-b580-46f2-a7b5-61446592403c + to f44b581f-2322-4c10-916b-17a369b4da03 diff --git a/oximeter/collector/src/standalone.rs b/oximeter/collector/src/standalone.rs index 954d9904fca..4ea8f5918bf 100644 --- a/oximeter/collector/src/standalone.rs +++ b/oximeter/collector/src/standalone.rs @@ -57,7 +57,7 @@ impl Inner { fn random_collector(&self) -> Option<(Uuid, OximeterInfo)> { self.collectors .iter() - .choose(&mut rand::thread_rng()) + .choose(&mut rand::rng()) .map(|(id, info)| (*id, *info)) } } diff --git a/oximeter/instruments/src/kstat/link.rs b/oximeter/instruments/src/kstat/link.rs index 24c59dac42c..ecaa2dfd97b 100644 --- a/oximeter/instruments/src/kstat/link.rs +++ b/oximeter/instruments/src/kstat/link.rs @@ -186,7 +186,7 @@ mod tests { use kstat_rs::Ctl; use oximeter::Producer; use rand::Rng; - use rand::distributions::Uniform; + use rand::distr::Uniform; use slog::Drain; use slog::Logger; use slog::info; @@ -228,8 +228,10 @@ mod tests { fn new() -> Self { let name = format!( "kstest{}0", - rand::thread_rng() - .sample_iter(Uniform::new('a', 'z')) + rand::rng() + .sample_iter( + Uniform::new('a', 'z').expect("a < z so this is valid") + ) .take(5) .collect::(), ); diff --git a/oximeter/types/benches/quantile.rs b/oximeter/types/benches/quantile.rs index bc092ccfefe..c14d7572e71 100644 --- a/oximeter/types/benches/quantile.rs +++ b/oximeter/types/benches/quantile.rs @@ -20,7 +20,7 @@ fn normal_distribution_quantile(size: i32, p: f64) -> f64 { let mut q = Quantile::new(p).unwrap(); let normal = Normal::new(mu, sigma).unwrap(); for _ in 0..size { - q.append(normal.sample(&mut rand::thread_rng())).unwrap(); + q.append(normal.sample(&mut rand::rng())).unwrap(); } q.estimate().unwrap() } diff --git a/oximeter/types/src/quantile.rs b/oximeter/types/src/quantile.rs index 40777217e57..eb677e139de 100644 --- a/oximeter/types/src/quantile.rs +++ b/oximeter/types/src/quantile.rs @@ -492,7 +492,7 @@ mod tests { let mut estimator = Quantile::new(0.6).unwrap(); for _ in 0..100 { - let x: f64 = rng.gen(); + let x: f64 = rng.random(); estimator.append(x).unwrap(); } diff --git a/parallel-task-set/src/lib.rs b/parallel-task-set/src/lib.rs index 26aa12794ef..8f16efcd283 100644 --- a/parallel-task-set/src/lib.rs +++ b/parallel-task-set/src/lib.rs @@ -160,7 +160,7 @@ mod test { // The tasks should all execute for a short but variable // amount of time. - let duration_ms = rand::thread_rng().gen_range(0..10); + let duration_ms = rand::rng().random_range(0..10); tokio::time::sleep(tokio::time::Duration::from_millis( duration_ms, )) diff --git a/passwords/benches/argon2.rs b/passwords/benches/argon2.rs index 4c07e9d3773..3921de9fbf8 100644 --- a/passwords/benches/argon2.rs +++ b/passwords/benches/argon2.rs @@ -54,7 +54,7 @@ fn password_benchmark(c: &mut Criterion) { let mut group = c.benchmark_group("Password verify"); for c in &configs { - let mut hasher = Hasher::new(c.params.clone(), rand::thread_rng()); + let mut hasher = Hasher::new(c.params.clone(), rand::rng()); let hash_str = hasher.create_password(&password).unwrap(); group.bench_function(c.name, |b| { b.iter(|| { @@ -66,7 +66,7 @@ fn password_benchmark(c: &mut Criterion) { let mut group = c.benchmark_group("Password create"); for c in configs { - let mut hasher = Hasher::new(c.params, rand::thread_rng()); + let mut hasher = Hasher::new(c.params, rand::rng()); group.bench_function(c.name, |b| { b.iter(|| { hasher.create_password(&password).unwrap(); diff --git a/passwords/examples/argon2.rs b/passwords/examples/argon2.rs index 7ef7dc794a7..a6af41de609 100644 --- a/passwords/examples/argon2.rs +++ b/passwords/examples/argon2.rs @@ -49,7 +49,7 @@ fn main() -> anyhow::Result<()> { Params::new(cli.m_cost, cli.t_cost, cli.p_cost, OUTPUT_SIZE_OVERRIDE) .context("unsupported Argon2 parameters")?; let argon = Argon2::new(ALGORITHM, version, params); - let mut hasher = Hasher::new(argon.clone(), rand::thread_rng()); + let mut hasher = Hasher::new(argon.clone(), rand::rng()); let password = Password::new(&cli.input).unwrap(); let password_hash = hasher.create_password(&password).unwrap(); diff --git a/passwords/src/lib.rs b/passwords/src/lib.rs index 7b0660514c6..93fa0644649 100644 --- a/passwords/src/lib.rs +++ b/passwords/src/lib.rs @@ -9,6 +9,7 @@ use argon2::Argon2; use argon2::PasswordHasher; use argon2::PasswordVerifier; use argon2::password_hash; +use argon2::password_hash::Salt; pub use password_hash::PasswordHashString; use password_hash::SaltString; use password_hash::errors::Error as PasswordHashError; @@ -207,7 +208,7 @@ pub struct Hasher { impl Default for Hasher { fn default() -> Self { - Hasher::new(external_password_argon(), rand::thread_rng()) + Hasher::new(external_password_argon(), rand::rng()) } } @@ -220,7 +221,8 @@ impl Hasher { &mut self, password: &Password, ) -> Result { - let salt = SaltString::generate(&mut self.rng); + let salt = generate_salt_string(&mut self.rng); + Ok(self .argon2 .hash_password(password.0.expose_secret().as_bytes(), &salt)? @@ -244,6 +246,17 @@ impl Hasher { } } +fn generate_salt_string(rng: &mut R) -> SaltString +where + R: RngCore + CryptoRng, +{ + // Hand-write the code to fill the salt bytes because we're on rand 0.9 + // while password-hash 0.5.0 is on an older version of rand. + let mut bytes = [0u8; Salt::RECOMMENDED_LENGTH]; + rng.fill_bytes(&mut bytes); + SaltString::encode_b64(&bytes).expect("salt string invariant violated") +} + /// Parses the given PHC-format password hash string and returns it only if it /// meets some basic requirements (which match the way we generate password /// hashes). @@ -326,10 +339,10 @@ mod test { use super::PasswordTooLongError; use super::external_password_argon; use crate::MIN_EXPECTED_PASSWORD_VERIFY_TIME; + use crate::generate_salt_string; use crate::parse_phc_hash; use crate::verify_strength; use argon2::password_hash::PasswordHashString; - use argon2::password_hash::SaltString; use rand::SeedableRng; // A well-known password. @@ -371,7 +384,7 @@ mod test { // Verify that salt strings are at least as long as we think they are // (16 bytes). - assert!(SaltString::generate(rand::thread_rng()).len() >= 16); + assert!(generate_salt_string(&mut rand::rng()).len() >= 16); // Verify that the output length produced by this crate hasn't changed // unexpectedly. It may not be a big deal if this does change, but we diff --git a/sled-agent/Cargo.toml b/sled-agent/Cargo.toml index 7bbcc7495ae..cfa202b4d1f 100644 --- a/sled-agent/Cargo.toml +++ b/sled-agent/Cargo.toml @@ -71,7 +71,7 @@ oxnet.workspace = true propolis_api_types.workspace = true propolis-client.workspace = true propolis-mock-server.workspace = true # Only used by the simulated sled agent -rand = { workspace = true, features = ["getrandom"] } +rand = { workspace = true, features = ["os_rng"] } range-requests.workspace = true repo-depot-api.workspace = true repo-depot-client.workspace = true diff --git a/sled-agent/src/instance.rs b/sled-agent/src/instance.rs index 5db96e404f6..12e1c39adf1 100644 --- a/sled-agent/src/instance.rs +++ b/sled-agent/src/instance.rs @@ -1990,7 +1990,7 @@ impl InstanceRunner { // Create a zone for the propolis instance, using the previously // configured VNICs. let zname = propolis_zone_name(&self.propolis_id); - let mut rng = rand::rngs::StdRng::from_entropy(); + let mut rng = rand::rngs::StdRng::from_os_rng(); let root = self .available_datasets_rx diff --git a/sled-agent/src/probe_manager.rs b/sled-agent/src/probe_manager.rs index 4121474383f..3f139af3429 100644 --- a/sled-agent/src/probe_manager.rs +++ b/sled-agent/src/probe_manager.rs @@ -314,7 +314,7 @@ impl ProbeManagerInner { /// such as storage and networking. Then it configures, installs and /// boots the probe zone. async fn add_probe(self: &Arc, probe: &ProbeState) -> Result<()> { - let mut rng = rand::rngs::StdRng::from_entropy(); + let mut rng = rand::rngs::StdRng::from_os_rng(); let zone_root_path = self .available_datasets_rx .all_mounted_zone_root_datasets() diff --git a/sled-agent/src/rack_setup/plan/service.rs b/sled-agent/src/rack_setup/plan/service.rs index 37c74805c3c..f7941e9724c 100644 --- a/sled-agent/src/rack_setup/plan/service.rs +++ b/sled-agent/src/rack_setup/plan/service.rs @@ -48,7 +48,7 @@ use omicron_uuid_kinds::{ DatasetUuid, ExternalIpUuid, GenericUuid, OmicronZoneUuid, PhysicalDiskUuid, SledUuid, ZpoolUuid, }; -use rand::prelude::SliceRandom; +use rand::seq::IndexedRandom; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; use sled_agent_client::{ @@ -874,7 +874,7 @@ impl SledInfo { fn alloc_zpool_from_u2s(&self) -> Result { self.u2_zpools - .choose(&mut rand::thread_rng()) + .choose(&mut rand::rng()) .map(|z| *z) .ok_or_else(|| PlanError::NotEnoughSleds) } diff --git a/sled-agent/src/sim/server.rs b/sled-agent/src/sim/server.rs index f252e327834..acf58a5d92e 100644 --- a/sled-agent/src/sim/server.rs +++ b/sled-agent/src/sim/server.rs @@ -52,6 +52,7 @@ use omicron_uuid_kinds::OmicronZoneUuid; use omicron_uuid_kinds::PhysicalDiskUuid; use omicron_uuid_kinds::ZpoolUuid; use oxnet::Ipv6Net; +use rand::seq::IndexedRandom; use sled_agent_types::rack_init::RecoverySiloConfig; use slog::{Drain, Logger, info}; use std::collections::BTreeMap; @@ -378,9 +379,8 @@ pub async fn run_standalone_server( let all_u2_zpools = server.sled_agent.get_zpools(); let get_random_zpool = || { - use rand::seq::SliceRandom; let pool = all_u2_zpools - .choose(&mut rand::thread_rng()) + .choose(&mut rand::rng()) .expect("No external zpools found, but we need one"); ZpoolName::new_external(ZpoolUuid::from_untyped_uuid(pool.id)) }; diff --git a/sled-agent/src/zone_bundle.rs b/sled-agent/src/zone_bundle.rs index a27ece58eda..f6d675b1b1c 100644 --- a/sled-agent/src/zone_bundle.rs +++ b/sled-agent/src/zone_bundle.rs @@ -2328,7 +2328,7 @@ mod illumos_tests { // Inject some ~incompressible ballast to ensure the bundles are, though // fake, not also microscopic: let mut ballast = vec![0; 64 * 1024]; - rand::thread_rng().fill_bytes(&mut ballast); + rand::rng().fill_bytes(&mut ballast); super::insert_data(&mut builder, "ballast.bin", &ballast)?; let _ = builder.into_inner().context("failed to finish tarball")?; diff --git a/sled-diagnostics/src/logs.rs b/sled-diagnostics/src/logs.rs index 7b5100142d3..daa6b00b283 100644 --- a/sled-diagnostics/src/logs.rs +++ b/sled-diagnostics/src/logs.rs @@ -18,7 +18,7 @@ use illumos_utils::zfs::{ }; use oxlog::LogFile; use oxlog::SvcLogs; -use rand::{Rng, distributions::Alphanumeric, thread_rng}; +use rand::{Rng, distr::Alphanumeric}; use regex::Regex; use slog::Logger; use std::collections::BTreeMap; @@ -91,7 +91,7 @@ impl DiagnosticsSnapshot { ) -> Result { let snap_name = format!( "{SLED_DIAGNOSTICS_SNAPSHOT_PREFIX}{}", - thread_rng() + rand::rng() .sample_iter(Alphanumeric) .take(12) .map(char::from) diff --git a/sled-storage/src/dataset.rs b/sled-storage/src/dataset.rs index d711ceb2ef1..d2e839843b5 100644 --- a/sled-storage/src/dataset.rs +++ b/sled-storage/src/dataset.rs @@ -18,7 +18,7 @@ use omicron_common::api::internal::shared::DatasetKind; use omicron_common::disk::{ CompressionAlgorithm, DatasetName, DiskIdentity, DiskVariant, GzipLevel, }; -use rand::distributions::{Alphanumeric, DistString}; +use rand::distr::{Alphanumeric, SampleString}; use slog::{Logger, debug, info, warn}; use slog_error_chain::InlineErrorChain; use std::process::Stdio; @@ -303,9 +303,8 @@ pub(crate) async fn ensure_zpool_has_datasets( // If this value comes from a prior iteration of the sled agent, // we opt to remove the corresponding dataset. static AGENT_LOCAL_VALUE: OnceLock = OnceLock::new(); - let agent_local_value = AGENT_LOCAL_VALUE.get_or_init(|| { - Alphanumeric.sample_string(&mut rand::thread_rng(), 20) - }); + let agent_local_value = AGENT_LOCAL_VALUE + .get_or_init(|| Alphanumeric.sample_string(&mut rand::rng(), 20)); if dataset.wipe { match Zfs::get_oxide_value(name, "agent").await { diff --git a/trust-quorum/Cargo.toml b/trust-quorum/Cargo.toml index 07c50319d2e..8a897cff503 100644 --- a/trust-quorum/Cargo.toml +++ b/trust-quorum/Cargo.toml @@ -18,7 +18,7 @@ hex.workspace = true hkdf.workspace = true iddqd.workspace = true omicron-uuid-kinds.workspace = true -rand = { workspace = true, features = ["getrandom"] } +rand = { workspace = true, features = ["os_rng"] } secrecy.workspace = true serde.workspace = true serde_with.workspace = true diff --git a/trust-quorum/gfss/Cargo.toml b/trust-quorum/gfss/Cargo.toml index 8513300b890..5802654f80e 100644 --- a/trust-quorum/gfss/Cargo.toml +++ b/trust-quorum/gfss/Cargo.toml @@ -10,7 +10,7 @@ workspace = true [dependencies] digest.workspace = true -rand09.workspace = true +rand.workspace = true secrecy.workspace = true serde.workspace = true subtle.workspace = true diff --git a/trust-quorum/gfss/src/gf256.rs b/trust-quorum/gfss/src/gf256.rs index 41e39e1b819..235cf37265c 100644 --- a/trust-quorum/gfss/src/gf256.rs +++ b/trust-quorum/gfss/src/gf256.rs @@ -24,8 +24,8 @@ use core::fmt::{self, Binary, Display, Formatter, LowerHex, UpperHex}; use core::ops::{Add, AddAssign, Div, Mul, MulAssign, Sub}; -use rand09::Rng; -use rand09::distr::{Distribution, StandardUniform}; +use rand::Rng; +use rand::distr::{Distribution, StandardUniform}; use serde::{Deserialize, Serialize}; use subtle::ConstantTimeEq; use zeroize::Zeroize; diff --git a/trust-quorum/gfss/src/polynomial.rs b/trust-quorum/gfss/src/polynomial.rs index 54fcdf72de0..d3a7b304e01 100644 --- a/trust-quorum/gfss/src/polynomial.rs +++ b/trust-quorum/gfss/src/polynomial.rs @@ -4,7 +4,7 @@ //! Generated polynomials over GF(2^8) used for secret splitting -use rand09::{Rng, distr}; +use rand::{Rng, distr}; use std::fmt::Display; use subtle::ConstantTimeEq; use zeroize::{Zeroize, ZeroizeOnDrop}; diff --git a/trust-quorum/gfss/src/shamir.rs b/trust-quorum/gfss/src/shamir.rs index 41f09a3b7cd..091e2040c91 100644 --- a/trust-quorum/gfss/src/shamir.rs +++ b/trust-quorum/gfss/src/shamir.rs @@ -5,8 +5,8 @@ //! Shamir secret sharing over GF(2^8) use digest::Digest; -use rand09::TryRngCore; -use rand09::{Rng, rngs::OsRng}; +use rand::TryRngCore; +use rand::{Rng, rngs::OsRng}; use secrecy::SecretBox; use serde::{Deserialize, Serialize}; use subtle::ConstantTimeEq; diff --git a/trust-quorum/src/crypto.rs b/trust-quorum/src/crypto.rs index fae0f6e0886..8ae9e8d11a1 100644 --- a/trust-quorum/src/crypto.rs +++ b/trust-quorum/src/crypto.rs @@ -10,7 +10,7 @@ use derive_more::From; use gfss::shamir::{self, CombineError, SecretShares, Share, SplitError}; use hkdf::Hkdf; use omicron_uuid_kinds::RackUuid; -use rand::RngCore; +use rand::TryRngCore; use rand::rngs::OsRng; use secrecy::{ExposeSecret, SecretBox}; use serde::{Deserialize, Serialize}; @@ -201,7 +201,8 @@ impl RackSecret { let mut rng = OsRng; let mut data = Box::new([0u8; SECRET_LEN]); while data.ct_eq(&[0u8; SECRET_LEN]).into() { - rng.fill_bytes(&mut *data); + rng.try_fill_bytes(&mut *data) + .expect("fetched random bytes from OsRng"); } RackSecret { secret: RackSecretData(SecretBox::new(data)) } } @@ -247,7 +248,7 @@ impl Salt { pub fn new() -> Salt { let mut rng = OsRng; let mut salt = [0u8; 32]; - rng.fill_bytes(&mut salt); + rng.try_fill_bytes(&mut salt).expect("fetched random bytes from OsRng"); Salt(salt) } } diff --git a/typed-rng/src/lib.rs b/typed-rng/src/lib.rs index f45b24c62f9..7c7603417b4 100644 --- a/typed-rng/src/lib.rs +++ b/typed-rng/src/lib.rs @@ -82,7 +82,7 @@ where // be more correct. let mut seeder = rand_seeder::Seeder::from((seed, extra)); - seeder.make_rng::() + seeder.into_rng::() } /// Generates a new RNG from a parent RNG and a hashable seed. @@ -95,7 +95,7 @@ where let rng_seed = parent_rng.next_u64(); let mut seeder = rand_seeder::Seeder::from((rng_seed, seed)); - seeder.make_rng::() + seeder.into_rng::() } /// An RNG that can be used to generate values of a single type. @@ -114,7 +114,7 @@ pub struct TypedRng { impl TypedRng { /// Returns a new typed RNG from entropy. pub fn from_entropy() -> Self { - Self::new(StdRng::from_entropy()) + Self::new(StdRng::from_os_rng()) } } @@ -162,7 +162,7 @@ where H2: Hash, { let mut seeder = rand_seeder::Seeder::from((seed, extra)); - Self::new(seeder.make_rng::()) + Self::new(seeder.into_rng::()) } /// Sets the seed for this RNG to the given value. @@ -176,7 +176,7 @@ where H2: Hash, { let mut seeder = rand_seeder::Seeder::from((seed, extra)); - self.rng = seeder.make_rng::(); + self.rng = seeder.into_rng::(); } /// Returns a mutable reference to the RNG inside. diff --git a/update-common/src/artifacts/update_plan.rs b/update-common/src/artifacts/update_plan.rs index 5250ac155a0..3c539d9782c 100644 --- a/update-common/src/artifacts/update_plan.rs +++ b/update-common/src/artifacts/update_plan.rs @@ -1387,7 +1387,7 @@ mod tests { use flate2::{Compression, write::GzEncoder}; use futures::StreamExt; use omicron_test_utils::dev::test_setup_log; - use rand::{Rng, distributions::Standard, thread_rng}; + use rand::{Rng, distr::StandardUniform}; use sha2::{Digest, Sha256}; use tufaceous_brand_metadata::{ArchiveType, LayerInfo, Metadata}; use tufaceous_lib::{ @@ -1395,7 +1395,7 @@ mod tests { }; fn make_random_bytes() -> Vec { - thread_rng().sample_iter(Standard).take(128).collect() + rand::rng().sample_iter(StandardUniform).take(128).collect() } struct RandomHostOsImage { diff --git a/workspace-hack/Cargo.toml b/workspace-hack/Cargo.toml index dd0b3ebe25b..2d974fcc6cb 100644 --- a/workspace-hack/Cargo.toml +++ b/workspace-hack/Cargo.toml @@ -100,7 +100,7 @@ postgres-types = { version = "0.2.9", default-features = false, features = ["wit ppv-lite86 = { version = "0.2.20", default-features = false, features = ["simd", "std"] } predicates = { version = "3.1.3" } proc-macro2 = { version = "1.0.95" } -rand-274715c4dabd11b0 = { package = "rand", version = "0.9.1" } +rand-274715c4dabd11b0 = { package = "rand", version = "0.9.2" } rand-c38e5c1d305a1b54 = { package = "rand", version = "0.8.5" } rand_chacha-274715c4dabd11b0 = { package = "rand_chacha", version = "0.9.0", default-features = false, features = ["std"] } rand_chacha-468e82937335b1c9 = { package = "rand_chacha", version = "0.3.1", default-features = false, features = ["std"] } @@ -237,7 +237,7 @@ postgres-types = { version = "0.2.9", default-features = false, features = ["wit ppv-lite86 = { version = "0.2.20", default-features = false, features = ["simd", "std"] } predicates = { version = "3.1.3" } proc-macro2 = { version = "1.0.95" } -rand-274715c4dabd11b0 = { package = "rand", version = "0.9.1" } +rand-274715c4dabd11b0 = { package = "rand", version = "0.9.2" } rand-c38e5c1d305a1b54 = { package = "rand", version = "0.8.5" } rand_chacha-274715c4dabd11b0 = { package = "rand_chacha", version = "0.9.0", default-features = false, features = ["std"] } rand_chacha-468e82937335b1c9 = { package = "rand_chacha", version = "0.3.1", default-features = false, features = ["std"] }