Merge with master and update CHANGELOG

Author: dhardy

.github/workflows/benches.yml

@@ -5,13 +5,11 @@ on:
     branches: [ master ]
     paths-ignore:
       - "**.md"
-      - "distr_test/**"
       - "examples/**"
   pull_request:
     branches: [ master ]
     paths-ignore:
       - "**.md"
-      - "distr_test/**"
       - "examples/**"
 
 defaults:

.github/workflows/distr_test.yml

@@ -6,13 +6,11 @@ on:
     paths-ignore:
       - "**.md"
       - "benches/**"
-      - "distr_test/**"
   pull_request:
     branches: [ master, '0.[0-9]+' ]
     paths-ignore:
       - "**.md"
       - "benches/**"
-      - "distr_test/**"
 
 permissions:
   contents: read #  to fetch code (actions/checkout)
@@ -47,8 +45,6 @@ jobs:
         run: cargo doc --all-features --no-deps
       - name: rand_core
         run: cargo doc --all-features --package rand_core --no-deps
-      - name: rand_distr
-        run: cargo doc --all-features --package rand_distr --no-deps
       - name: rand_chacha
         run: cargo doc --all-features --package rand_chacha --no-deps
       - name: rand_pcg
@@ -122,11 +118,6 @@ jobs:
           cargo test --target ${{ matrix.target }} --manifest-path rand_core/Cargo.toml
           cargo test --target ${{ matrix.target }} --manifest-path rand_core/Cargo.toml --no-default-features
           cargo test --target ${{ matrix.target }} --manifest-path rand_core/Cargo.toml --no-default-features --features=os_rng
-      - name: Test rand_distr
-        run: |
-          cargo test --target ${{ matrix.target }} --manifest-path rand_distr/Cargo.toml --features=serde
-          cargo test --target ${{ matrix.target }} --manifest-path rand_distr/Cargo.toml --no-default-features
-          cargo test --target ${{ matrix.target }} --manifest-path rand_distr/Cargo.toml --no-default-features --features=std,std_math
       - name: Test rand_pcg
         run: cargo test --target ${{ matrix.target }} --manifest-path rand_pcg/Cargo.toml --features=serde
       - name: Test rand_chacha
@@ -162,7 +153,6 @@ jobs:
           cross test --no-fail-fast --target ${{ matrix.target }} --features=serde,log,small_rng
           cross test --no-fail-fast --target ${{ matrix.target }} --examples
           cross test --no-fail-fast --target ${{ matrix.target }} --manifest-path rand_core/Cargo.toml
-          cross test --no-fail-fast --target ${{ matrix.target }} --manifest-path rand_distr/Cargo.toml --features=serde
           cross test --no-fail-fast --target ${{ matrix.target }} --manifest-path rand_pcg/Cargo.toml --features=serde
           cross test --no-fail-fast --target ${{ matrix.target }} --manifest-path rand_chacha/Cargo.toml
 
@@ -182,7 +172,6 @@ jobs:
           cargo miri test --manifest-path rand_core/Cargo.toml
           cargo miri test --manifest-path rand_core/Cargo.toml --features=serde
           cargo miri test --manifest-path rand_core/Cargo.toml --no-default-features
-          #cargo miri test --manifest-path rand_distr/Cargo.toml # no unsafe and lots of slow tests
           cargo miri test --manifest-path rand_pcg/Cargo.toml --features=serde
           cargo miri test --manifest-path rand_chacha/Cargo.toml --no-default-features
 

.github/workflows/test.yml

@@ -8,6 +8,11 @@ A [separate changelog is kept for rand_core](rand_core/CHANGELOG.md).
 
 You may also find the [Upgrade Guide](https://rust-random.github.io/book/update.html) useful.
 
+## [Unreleased]
+- Fix feature `simd_support` for recent nightly rust (#1586)
+- Add `Alphabetic` distribution. (#1587)
+- Re-export `rand_core` (#1602)
+
 ## [0.9.0] - 2025-01-27
 ### Security and unsafe
 - Policy: "rand is not a crypto library" (#1514)

CHANGELOG.md

@@ -65,7 +65,6 @@ log = ["dep:log"]
 [workspace]
 members = [
     "rand_core",
-    "rand_distr",
     "rand_chacha",
     "rand_pcg",
 ]

Cargo.toml

@@ -39,12 +39,11 @@ Rand **is not**:
     not simplicity. If you prefer a small-and-simple library, there are
     alternatives including [fastrand](https://crates.io/crates/fastrand)
     and [oorandom](https://crates.io/crates/oorandom).
--   A cryptography library. Rand provides functionality for generating
-    unpredictable random data (potentially applicable depending on requirements)
-    but does not provide high-level cryptography functionality.
-
-Rand is a community project and cannot provide legally-binding guarantees of
-security.
+-   Primarily a cryptographic library. `rand` does provide some generators which
+    aim to support unpredictable value generation under certain constraints;
+    see [SECURITY.md](SECURITY.md) for details.
+    Users are expected to determine for themselves
+    whether `rand`'s functionality meets their own security requirements.
 
 Documentation:
 
@@ -97,16 +96,13 @@ Many (but not all) algorithms are intended to have reproducible output. Read mor
 
 The Rand library supports a variety of CPU architectures. Platform integration is outsourced to [getrandom].
 
-### WASM support
+### WebAssembly support
 
-Seeding entropy from OS on WASM target `wasm32-unknown-unknown` is not
-*automatically* supported by `rand` or `getrandom`. If you are fine with
-seeding the generator manually, you can disable the `os_rng` feature
-and use the methods on the `SeedableRng` trait. To enable seeding from OS,
-either use a different target such as `wasm32-wasi` or add a direct
-dependency on [getrandom] with the `js` feature (if the target supports
-JavaScript). See
-[getrandom#WebAssembly support](https://docs.rs/getrandom/latest/getrandom/#webassembly-support).
+The [WASI](https://github.com/WebAssembly/WASI/tree/main) and Emscripten
+targets are directly supported. The `wasm32-unknown-unknown` target is not
+*automatically* supported. To enable support for this target, refer to the
+[`getrandom` documentation for WebAssembly](https://docs.rs/getrandom/latest/getrandom/#webassembly-support).
+Alternatively, the `os_rng` feature may be disabled.
 
 # License
 

README.md

@@ -10,12 +10,24 @@ security.
 ### Marker traits
 
 Rand provides the marker traits `CryptoRng`, `TryCryptoRng` and
-`CryptoBlockRng`. Generators implementing one of these traits and used in a way
-which meets the following additional constraints:
-
--   Instances of seedable RNGs (those implementing `SeedableRng`) are
-    constructed with cryptographically secure seed values
--   The state (memory) of the RNG and its seed value are not exposed
+`CryptoBlockRng`. Generators (RNGs) implementing one of these traits which are
+used according to these additional constraints:
+
+-   The generator may be constructed using `std::default::Default` where the
+    generator supports this trait. Note that generators should *only* support
+    `Default` where the `default()` instance is appropriately seeded: for
+    example `OsRng` has no state and thus has a trivial `default()` instance
+    while `ThreadRng::default()` returns a handle to a thread-local instance
+    seeded using `OsRng`.
+-   The generator may be constructed using `rand_core::SeedableRng` in any of
+    the following ways where the generator supports this trait:
+
+    -   Via `SeedableRng::from_seed` using a cryptographically secure seed value
+    -   Via `SeedableRng::from_rng` or `try_from_rng` using a cryptographically
+        secure source `rng`
+    -   Via `SeedableRng::from_os_rng` or `try_from_os_rng`
+-   The state (memory) of the generator and its seed value (or source `rng`) are
+    not exposed
 
 are expected to provide the following:
 
@@ -34,48 +46,44 @@ are expected to provide the following:
 `OsRng` is a stateless "generator" implemented via [getrandom]. As such, it has
 no possible state to leak and cannot be improperly seeded.
 
-`ThreadRng` will periodically reseed itself, thus placing an upper bound on the
-number of bits of output from an instance before any advantage an attacker may
-have gained through state-compromising side-channel attacks is lost.
+`StdRng` is a `CryptoRng` and `SeedableRng` using a pseudo-random algorithm
+selected for good security and performance qualities. Since it does not offer
+reproducibility of output, its algorithm may be changed in any release version.
+
+`ChaCha12Rng` and `ChaCha20Rng` are selected pseudo-random generators
+distributed by the `rand` project which meet the requirements of the `CryptoRng`
+trait and implement `SeedableRng` with a commitment to reproducibility of
+results.
+
+`ThreadRng` is a conveniently-packaged generator over `StdRng` offering
+automatic seeding from `OsRng`, periodic reseeding and thread locality.
+This random source is intended to offer a good compromise between cryptographic
+security, fast generation with reasonably low memory and initialization cost
+overheads, and robustness against misuse.
 
 [getrandom]: https://crates.io/crates/getrandom
 
 ### Distributions
 
-Additionally, derivations from such an RNG (including the `Rng` trait,
-implementations of the `Distribution` trait, and `seq` algorithms) should not
-introduce significant bias other than that expected from the operation in
-question (e.g. bias from a weighted distribution).
+Methods of the `Rng` trait, functionality of the `rand::seq` module and
+implementators of the `Distribution` trait are expected, while using a
+cryptographically secure `CryptoRng` instance meeting the above constraints,
+to not introduce significant bias to their operation beyond what would be
+expected of the operation. Note that the usage of 'significant' here permits
+some bias, as noted for example in the documentation of the `Uniform`
+distribution.
 
 ## Supported Versions
 
-We will attempt to uphold these premises in the following crate versions,
-provided that only the latest patch version is used, and with potential
-exceptions for theoretical issues without a known exploit:
-
-| Crate | Versions | Exceptions |
-| ----- | -------- | ---------- |
-| `rand` | 0.8 |  |
-| `rand` | 0.7 |  |
-| `rand` | 0.5, 0.6 | Jitter |
-| `rand` | 0.4 | Jitter, ISAAC |
-| `rand_core` | 0.2 - 0.6 | |
-| `rand_chacha` | 0.1 - 0.3 | |
+We aim to provide security fixes in the form of a new patch version for the
+latest release version of `rand` and its dependencies `rand_core` and
+`rand_chacha`, as well as for prior major and minor releases which were, at some
+time during the previous 12 months, the latest release version.
 
-Explanation of exceptions:
-
--   Jitter: `JitterRng` is used as an entropy source when the primary source
-    fails; this source may not be secure against side-channel attacks, see #699.
--   ISAAC: the [ISAAC](https://burtleburtle.net/bob/rand/isaacafa.html) RNG used
-    to implement `ThreadRng` is difficult to analyse and thus cannot provide
-    strong assertions of security.
-
-## Known issues
+## Reporting a Vulnerability
 
-In `rand` version 0.3 (0.3.18 and later), if `OsRng` fails, `ThreadRng` is
-seeded from the system time in an insecure manner.
+If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.
 
-## Reporting a Vulnerability
+Please disclose it at [security advisory](https://github.com/rust-random/rand/security/advisories/new).
 
-To report a vulnerability, [open a new issue](https://github.com/rust-random/rand/issues/new).
-Once the issue is resolved, the vulnerability should be [reported to RustSec](https://github.com/RustSec/advisory-db/blob/master/CONTRIBUTING.md).
+This project is maintained by a team of volunteers on a reasonable-effort basis. As such, please give us at least 90 days to work on a fix before public exposure.

SECURITY.md

@@ -10,7 +10,6 @@ publish = false
 rand = { path = "..", features = ["small_rng", "nightly"] }
 rand_pcg = { path = "../rand_pcg" }
 rand_chacha = { path = "../rand_chacha" }
-rand_distr = { path = "../rand_distr" }
 criterion = "0.5"
 criterion-cycles-per-byte = "0.6"
 
@@ -22,10 +21,6 @@ harness = false
 name = "bool"
 harness = false
 
-[[bench]]
-name = "distr"
-harness = false
-
 [[bench]]
 name = "generators"
 harness = false