Replace std::random_shuffle with std::shuffle

According to [1], std::random_shuffle is deprecated in C++14 and removed
in C++17. Since std::shuffle is available since C++11 as a replacement
and monero already requires C++11, this is a good replacement.

A cryptographically secure random number generator is used in all cases
to prevent people from perhaps copying an insecure std::shuffle call
over to a place where a secure one would be warranted. A form of
defense-in-depth.

[1]: https://en.cppreference.com/w/cpp/algorithm/random_shuffle
This commit is contained in:
Tom Smeding 2019-07-03 11:05:01 +02:00
parent 1bb4ae3b5e
commit 7b9a420787
5 changed files with 7 additions and 7 deletions

View file

@ -354,7 +354,7 @@ namespace cryptonote
if (shuffle_outs) if (shuffle_outs)
{ {
std::shuffle(destinations.begin(), destinations.end(), std::default_random_engine(crypto::rand<unsigned int>())); std::shuffle(destinations.begin(), destinations.end(), crypto::random_device{});
} }
// sort ins by their key image // sort ins by their key image

View file

@ -290,7 +290,7 @@ namespace nodetool
if (anonymize) if (anonymize)
{ {
std::random_shuffle(bs_head.begin(), bs_head.end()); std::shuffle(bs_head.begin(), bs_head.end(), crypto::random_device{});
if (bs_head.size() > depth) if (bs_head.size() > depth)
bs_head.resize(depth); bs_head.resize(depth);
for (auto &e: bs_head) for (auto &e: bs_head)

View file

@ -7448,7 +7448,7 @@ void wallet2::light_wallet_get_outs(std::vector<std::vector<tools::wallet2::get_
order.resize(light_wallet_requested_outputs_count); order.resize(light_wallet_requested_outputs_count);
for (size_t n = 0; n < order.size(); ++n) for (size_t n = 0; n < order.size(); ++n)
order[n] = n; order[n] = n;
std::shuffle(order.begin(), order.end(), std::default_random_engine(crypto::rand<unsigned>())); std::shuffle(order.begin(), order.end(), crypto::random_device{});
LOG_PRINT_L2("Looking for " << (fake_outputs_count+1) << " outputs with amounts " << print_money(td.is_rct() ? 0 : td.amount())); LOG_PRINT_L2("Looking for " << (fake_outputs_count+1) << " outputs with amounts " << print_money(td.is_rct() ? 0 : td.amount()));
@ -8023,7 +8023,7 @@ void wallet2::get_outs(std::vector<std::vector<tools::wallet2::get_outs_entry>>
order.resize(requested_outputs_count); order.resize(requested_outputs_count);
for (size_t n = 0; n < order.size(); ++n) for (size_t n = 0; n < order.size(); ++n)
order[n] = n; order[n] = n;
std::shuffle(order.begin(), order.end(), std::default_random_engine(crypto::rand<unsigned>())); std::shuffle(order.begin(), order.end(), crypto::random_device{});
LOG_PRINT_L2("Looking for " << (fake_outputs_count+1) << " outputs of size " << print_money(td.is_rct() ? 0 : td.amount())); LOG_PRINT_L2("Looking for " << (fake_outputs_count+1) << " outputs of size " << print_money(td.is_rct() ? 0 : td.amount()));
for (size_t o = 0; o < requested_outputs_count && outs.back().size() < fake_outputs_count + 1; ++o) for (size_t o = 0; o < requested_outputs_count && outs.back().size() < fake_outputs_count + 1; ++o)

View file

@ -779,8 +779,8 @@ TEST(ringct, range_proofs_accept_very_long_simple)
inputs[n] = n; inputs[n] = n;
outputs[n] = n; outputs[n] = n;
} }
std::random_shuffle(inputs, inputs + N); std::shuffle(inputs, inputs + N, crypto::random_device{});
std::random_shuffle(outputs, outputs + N); std::shuffle(outputs, outputs + N, crypto::random_device{});
EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true)); EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
} }

View file

@ -143,7 +143,7 @@ TEST(rolling_median, order)
m.insert(random[i]); m.insert(random[i]);
ASSERT_EQ(med, m.median()); ASSERT_EQ(med, m.median());
std::shuffle(random.begin(), random.end(), std::default_random_engine(crypto::rand<unsigned>())); std::shuffle(random.begin(), random.end(), crypto::random_device{});
m.clear(); m.clear();
for (int i = 0; i < 1000; ++i) for (int i = 0; i < 1000; ++i)
m.insert(random[i]); m.insert(random[i]);