Skip to content

Adapt to chacha20#1642

Merged
dhardy merged 7 commits into
rust-random:masterfrom
hpenne:adapt_to_chacha20
Sep 10, 2025
Merged

Adapt to chacha20#1642
dhardy merged 7 commits into
rust-random:masterfrom
hpenne:adapt_to_chacha20

Conversation

@hpenne

@hpenne hpenne commented Jun 15, 2025

Copy link
Copy Markdown
Contributor
  • Added a CHANGELOG.md entry

Summary

Replaced the dependency on rand_chacha with one on chacha20. Added some tests to std.rs to ensure that the output of StdRng did not change.

Fixes #934.

Motivation

Reduces total code size and the total amount of unsafe code.

Details

Changes to config.toml and some replacement of rand_chacha:: with chacha20::.

Added three new unit tests to std.rs. These were based on tests of IETF test vectors from rand_chacha, but the actual expected values had to be replaced, as the IETF test vectors are for ChaCha20 while rand uses ChaCha12. The expected values were generated by using rand_chacha (before chacha20 was used) to verify that the algorithm change did not affect the output.

Comment thread Cargo.toml
This was referenced Jun 16, 2025
@dhardy

dhardy commented Jun 17, 2025

Copy link
Copy Markdown
Member

I opened #1643. This PR is useful as a draft but won't be merged in its current form (likely we'll want the MSRV/edition bump first as its own PR).

I'm not certain on the timeline yet; the main blocker is the chacha20 release; we also need to decide whether we are ready to merge breaking changes to rand yet.

Comment thread CHANGELOG.md Outdated
@dhardy

dhardy commented Sep 8, 2025

Copy link
Copy Markdown
Member

@hpenne could you rebase now that #1653 and #1654 are merged please?

@hpenne

hpenne commented Sep 8, 2025

Copy link
Copy Markdown
Contributor Author

@dhardy I've rebased and the new tests failed as expected (the default ChaCha12 in chacha20 is the IETF variant). I tried to change to the "Legacy" variant, but chacha20 only exports ChaCha20Legacy, not the 12 round variant that we will need here. The ChaCha20Legacy type is just an alias, so I tried to use the underlying type directly to make a 12 round variant (ChaChaCore<R12, Legacy>) but that needs the Legacy struct which turns out to be private.

@tarcieri It seems that I might stuck here until someone either exports Legacy or adds a ChaCha12Legacy. It might be useful to do both, just in case.

@newpavlov

Copy link
Copy Markdown
Member

that needs the Legacy struct which turns out to be private.

It's an oversight, we should export it. Could you create a PR? It also may be worth to add aliases for the legacy variants as well.

@tarcieri

tarcieri commented Sep 8, 2025

Copy link
Copy Markdown
Contributor

@hpenne I'm confused, why do you need a ChaCha12Legacy instead of just ChaCha12Rng?

@hpenne

hpenne commented Sep 8, 2025

Copy link
Copy Markdown
Contributor Author

@hpenne I'm confused, why do you need a ChaCha12Legacy instead of just ChaCha12Rng?

@tarcieri It seemed to me that the Legacy types were the ones with a 64 bit counter, which is what is needed here. One of us is confused, I suppose. It might also be me.

@hpenne

hpenne commented Sep 8, 2025

Copy link
Copy Markdown
Contributor Author

@tarcieri When I add the "legacy" feature to the chacha20 crate dependency in the rand cargo.toml, the chacha20 crate fails to build:

error[E0432]: unresolved import `cipher::StreamCipherCoreWrapper`
 --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.0/src/chacha.rs:2:41
  |
2 |     IvSizeUser, KeyIvInit, KeySizeUser, StreamCipherCoreWrapper,
  |                                         ^^^^^^^^^^^^^^^^^^^^^^^
  |                                         |
  |                                         no `StreamCipherCoreWrapper` in the root
  |                                         help: a similar name exists in the module: `StreamCipherCore`

Seems to work fine when i build run tests in chacha20 itself. Odd.

@tarcieri

tarcieri commented Sep 8, 2025

Copy link
Copy Markdown
Contributor

@hpenne all of the RNG types now have a 64-bit counter as of the latest prerelease.

Also looks like you found a bug. Perhaps it was being hidden by feature unification? Strange.

@tarcieri

tarcieri commented Sep 8, 2025

Copy link
Copy Markdown
Contributor

@hpenne oh, you're using an out-of-date version! Please upgrade to v0.10.0-rc.1

@hpenne

hpenne commented Sep 8, 2025

Copy link
Copy Markdown
Contributor Author

@hpenne oh, you're using an out-of-date version! Please upgrade to v0.10.0-rc.1

@tarcieri That was embarrassing. Works much better with the correct version. All tests pass now. The only strangeness that I am left with is that if I do not enable the "legacy" feature (the only enabled feature is "rng"), chacha20 fails to build with:

error[E0432]: unresolved import `crate::variants::Legacy`
  --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.1/src/rng.rs:24:16
   |
24 |     variants::{Legacy, Variant},
   |                ^^^^^^ no `Legacy` in `variants`
   |
note: found an item that was configured out
  --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.1/src/variants.rs:57:10
   |
57 | pub enum Legacy {}
   |          ^^^^^^
note: the item is gated behind the `legacy` feature
  --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.1/src/variants.rs:56:7
   |
56 | #[cfg(feature = "legacy")]
   |       ^^^^^^^^^^^^^^^^^^

I'm not able to reproduce this when I build chacha20 locally from master, so perhaps I've done something wrong or you have already fixed this on master. I'll look closer tomorrow.

@tarcieri

tarcieri commented Sep 8, 2025

Copy link
Copy Markdown
Contributor

@hpenne aah that was RustCrypto/stream-ciphers#454 which has been fixed

I can cut an rc.2 if that helps

@dhardy dhardy left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I did not think to appraise you of the chacha20 changes. I think we have all the pieces to make a rand pre-release now.

Comment thread examples/rayon-monte-carlo.rs Outdated
Comment on lines +59 to +60
rng.set_stream(i);
rng.set_stream(u64::from(i));

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i should be u64 already?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I used to need to convert to u128 with the old chacha20. I had to change u64 when I rebased but failed to notice that I could simply remove the conversion. Will fix.

Comment thread Cargo.toml Outdated
Comment on lines +77 to +82
rand_chacha = { path = "rand_chacha", version = "0.9.0", default-features = false, optional = true }
chacha20 = { version = "=0.10.0-rc.1", default-features = false, features = ["rng", "legacy"], optional = true }

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can depend on the "legacy" feature for now, but add a TODO comment to remove it on the next version.

Comment thread CHANGELOG.md Outdated

## [0.10.0 — Unreleased]
### Changes
- The dependency on `rand_chacha` has been replaced with a dependency on `chacha20`. This changes the implementation behind `StdRng`, but the output remains the same. There may be some API breakage when using the ChaCha-types directly as these are now the ones in `chacha20` instead of `rand_chacha`.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Include the PR # please.

…:from in rayon-monte-carlo.rs. Added a ToDo in Cargo.toml to remove the "legacy" feature of chacha20.
Comment thread Cargo.toml Outdated
Comment on lines +82 to +83
# ToDo: Remove the "legacy" feature from chacha20 when this is not longer necessary
chacha20 = { version = "=0.10.0-rc.1", default-features = false, features = ["rng", "legacy"], optional = true }

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've released an rc.2 with the feature-related bugfix:

Suggested change
# ToDo: Remove the "legacy" feature from chacha20 when this is not longer necessary
chacha20 = { version = "=0.10.0-rc.1", default-features = false, features = ["rng", "legacy"], optional = true }
# ToDo: Remove the "legacy" feature from chacha20 when this is not longer necessary
chacha20 = { version = "=0.10.0-rc.2", default-features = false, features = ["rng"], optional = true }

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. I removed the ToDo-comment as well, now that the "legacy" feature is no longer necessary.

@dhardy dhardy merged commit 4afc333 into rust-random:master Sep 10, 2025
16 checks passed
kodiakhq Bot pushed a commit to pdylanross/fatigue that referenced this pull request Jun 25, 2026
Bumps rand from 0.9.4 to 0.10.1.

Changelog
Sourced from rand's changelog.

[0.10.1] — 2026-02-11
This release includes a fix for a soundness bug; see #1763.
Changes

Document panic behavior of make_rng and add #[track_caller] (#1761)
Deprecate feature log (#1763)

#1761: rust-random/rand#1761
#1763: rust-random/rand#1763
[0.10.0] - 2026-02-08
Changes

The dependency on rand_chacha has been replaced with a dependency on chacha20. This changes the implementation behind StdRng, but the output remains the same. There may be some API breakage when using the ChaCha-types directly as these are now the ones in chacha20 instead of rand_chacha (#1642).
Rename fns IndexedRandom::choose_multiple -> sample, choose_multiple_array -> sample_array, choose_multiple_weighted -> sample_weighted, struct SliceChooseIter -> IndexedSamples and fns IteratorRandom::choose_multiple -> sample, choose_multiple_fill -> sample_fill (#1632)
Use Edition 2024 and MSRV 1.85 (#1653)
Let Fill be implemented for element types, not sliceable types (#1652)
Fix OsError::raw_os_error on UEFI targets by returning Option<usize> (#1665)
Replace fn TryRngCore::read_adapter(..) -> RngReadAdapter with simpler struct RngReader (#1669)
Remove fns SeedableRng::from_os_rng, try_from_os_rng (#1674)
Remove Clone support for StdRng, ReseedingRng (#1677)
Use postcard instead of bincode to test the serde feature (#1693)
Avoid excessive allocation in IteratorRandom::sample when amount is much larger than iterator size (#1695)
Rename os_rng -> sys_rng, OsRng -> SysRng, OsError -> SysError (#1697)
Rename Rng -> RngExt as upstream rand_core has renamed RngCore -> Rng (#1717)

Additions

Add fns IndexedRandom::choose_iter, choose_weighted_iter (#1632)
Pub export Xoshiro128PlusPlus, Xoshiro256PlusPlus prngs (#1649)
Pub export ChaCha8Rng, ChaCha12Rng, ChaCha20Rng behind chacha feature (#1659)
Fn rand::make_rng() -> R where R: SeedableRng (#1734)

Removals

Removed ReseedingRng (#1722)
Removed unused feature "nightly" (#1732)
Removed feature small_rng (#1732)

#1632: rust-random/rand#1632
#1642: rust-random/rand#1642
#1649: rust-random/rand#1649
#1652: rust-random/rand#1652
#1653: rust-random/rand#1653
#1659: rust-random/rand#1659
#1665: rust-random/rand#1665
#1669: rust-random/rand#1669
#1674: rust-random/rand#1674
#1677: rust-random/rand#1677
#1693: rust-random/rand#1693
#1695: rust-random/rand#1695
#1697: rust-random/rand#1697


... (truncated)


Commits

27ff4cb Prepare v0.10.1: deprecate feature log (#1763)
98d0638 make_rng: document panic and add #[track_caller] (#1761)
54e5eaa Fix doc error (#1758)
1ce4c08 Bump itoa from 1.0.17 to 1.0.18 in the all-deps group (#1756)
ccb734b docs: fix typo in doc comment (#1754)
357eb7d Bump libc from 0.2.182 to 0.2.183 in the all-deps group (#1753)
5e77fe5 Fix trait references in documentation (#1752)
da89185 Bump the all-deps group with 3 updates (#1751)
50516ff Bump the all-deps group with 2 updates (#1749)
fd71de9 Bump the all-deps group with 2 updates (#1747)
Additional commits viewable in compare view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Replacing rand_chacha with chacha20

4 participants