chore: update rand from 0.8.5 to 0.9.0

New rand crate changes
- sub module distributions renamed to distr
- api thread_rng renamed to rng
- OsRng now only supports TryRngCore (probably catch an error)

Signed-off-by: Xynnn007 <[email protected]>

Cargo.toml

@@ -43,7 +43,7 @@ nix = "0.29"
 openssl = "0.10"
 prost = "0.13"
 protobuf = "3.5.1"
-rand = "0.8.5"
+rand = "0.9.0"
 reqwest = { version = "0.12", default-features = false }
 resource_uri = { path = "attestation-agent/deps/resource_uri" }
 ring = "0.17"

attestation-agent/coco_keyprovider/src/enc_mods/mod.rs

@@ -9,7 +9,7 @@ use anyhow::*;
 use base64::Engine;
 use jwt_simple::prelude::Ed25519KeyPair;
 use log::{debug, info};
-use rand::RngCore;
+use rand::TryRngCore;
 use reqwest::Url;
 use serde::{Deserialize, Serialize};
 use tokio::fs;
@@ -113,7 +113,7 @@ async fn generate_key_parameters(input_params: &InputParams) -> Result<(Vec<u8>,
                 debug!("use given key from: {kpath}");
                 let key = fs::read(kpath).await.context("read Key file failed")?;
                 let mut iv = [0; 12];
-                rand::rngs::OsRng.fill_bytes(&mut iv);
+                rand::rngs::OsRng.try_fill_bytes(&mut iv)?;
                 let kid = match &input_params.keyid {
                     Some(kid) => kid.to_string(),
                     None => {
@@ -129,10 +129,10 @@ async fn generate_key_parameters(input_params: &InputParams) -> Result<(Vec<u8>,
                 debug!("no key input, generate a random key");
 
                 let mut iv = [0; 12];
-                rand::rngs::OsRng.fill_bytes(&mut iv);
+                rand::rngs::OsRng.try_fill_bytes(&mut iv)?;
 
                 let mut key = [0; 32];
-                rand::rngs::OsRng.fill_bytes(&mut key);
+                rand::rngs::OsRng.try_fill_bytes(&mut key)?;
 
                 let kid = match &input_params.keyid {
                     Some(kid) => kid.to_string(),

attestation-agent/deps/crypto/src/rust/rsa.rs

@@ -24,7 +24,7 @@ pub struct RSAKeyPair {
 
 impl RSAKeyPair {
     pub fn new() -> Result<RSAKeyPair> {
-        let mut rng = rand::thread_rng();
+        let mut rng = rand::rng();
 
         let private_key = RsaPrivateKey::new(&mut rng, RSA_PUBKEY_LENGTH)?;
         let public_key = RsaPublicKey::from(&private_key);

confidential-data-hub/hub/src/bin/secret_cli.rs

@@ -225,9 +225,9 @@ async fn seal_secret(seal_args: &SealArgs) {
             let (mut encrypter, provider_settings, provider) =
                 handle_envelope_provider(&env.command).await;
             let mut iv = [0u8; 12];
-            rand::thread_rng().fill(&mut iv);
+            rand::rng().fill(&mut iv);
             let mut key = [0u8; 32];
-            rand::thread_rng().fill(&mut key);
+            rand::rng().fill(&mut key);
             let encrypted_data = crypto::encrypt(
                 Zeroizing::new(key.to_vec()),
                 blob,

confidential-data-hub/hub/src/kms/plugins/aliyun/client/sts_token_client/mod.rs

@@ -14,7 +14,7 @@ use anyhow::bail;
 use chrono::Utc;
 use credential::StsCredential;
 use log::error;
-use rand::{distributions::Alphanumeric, Rng};
+use rand::{distr::Alphanumeric, Rng};
 use reqwest::{header::HeaderMap, ClientBuilder};
 use serde::Deserialize;
 use serde_json::Value;
@@ -194,10 +194,7 @@ impl StsTokenClient {
             "SignatureVersion".to_string(),
             Self::SIGNATURE_VERSION.to_string(),
         );
-        let bytes: Vec<u8> = rand::thread_rng()
-            .sample_iter(&Alphanumeric)
-            .take(16)
-            .collect();
+        let bytes: Vec<u8> = rand::rng().sample_iter(&Alphanumeric).take(16).collect();
         let hex_nonce: String = bytes.iter().fold(String::new(), |mut output, b| {
             let _ = write!(output, "{b:02X}");
             output

confidential-data-hub/hub/src/secret/tests/test_hsm_secrets.rs

@@ -121,7 +121,7 @@ fn create_random_secret() -> Vec<u8> {
 
     let data_length = 10;
 
-    let mut rng = rand::thread_rng();
+    let mut rng = rand::rng();
 
     let data: Vec<u8> = (0..data_length)
         .map(|_| rng.sample(Uniform::new_inclusive(0, 255)))

confidential-data-hub/hub/src/storage/volume_type/aliyun/mod.rs

@@ -11,7 +11,7 @@ use std::{collections::HashMap, os::unix::fs::PermissionsExt};
 use anyhow::Context;
 use async_trait::async_trait;
 use log::{debug, error};
-use rand::{distributions::Alphanumeric, Rng};
+use rand::{distr::Alphanumeric, Rng};
 use serde::{Deserialize, Serialize};
 use tokio::{
     fs,
@@ -78,7 +78,7 @@ async fn get_plaintext_secret(secret: &str) -> anyhow::Result<String> {
 async fn create_random_dir() -> anyhow::Result<String> {
     const NAME_LENGTH: usize = 10;
 
-    let name: String = rand::thread_rng()
+    let name: String = rand::rng()
         .sample_iter(&Alphanumeric)
         .take(NAME_LENGTH)
         .map(char::from)

confidential-data-hub/hub/src/storage/volume_type/blockdevice/luks/mod.rs

@@ -6,7 +6,7 @@ use super::Interpreter;
 use super::{get_plaintext_key, BlockDeviceError, BlockDeviceParameters, Result};
 use async_trait::async_trait;
 use log::error;
-use rand::{distributions::Alphanumeric, Rng};
+use rand::{distr::Alphanumeric, Rng};
 use tokio::{
     fs,
     io::{AsyncReadExt, AsyncWriteExt},
@@ -18,7 +18,7 @@ const LUKS_ENCRYPT_STORAGE_BIN: &str = "/usr/local/bin/luks-encrypt-storage";
 
 async fn random_encrypt_key() -> Vec<u8> {
     let mut buffer = vec![0u8; 4096];
-    rand::thread_rng().fill(&mut buffer[..]);
+    rand::rng().fill(&mut buffer[..]);
     buffer
 }
 
@@ -47,7 +47,7 @@ impl Interpreter for LuksInterpreter {
         parameters: BlockDeviceParameters,
         mount_point: &str,
     ) -> Result<()> {
-        let random_string: String = rand::thread_rng()
+        let random_string: String = rand::rng()
             .sample_iter(&Alphanumeric)
             .take(5)
             .map(char::from)