10 files changed, 143 insertions, 7 deletions

diff --git a/src/lib/entropy/egd/es_egd.cpp b/src/lib/entropy/egd/es_egd.cpp
index 36ad70e3a..1595935d2 100644
--- a/src/lib/entropy/egd/es_egd.cpp
+++ b/src/lib/entropy/egd/es_egd.cpp
@@ -139,6 +139,8 @@ void EGD_EntropySource::poll(Entropy_Accumulator& accum)
    {
    const size_t READ_ATTEMPT = 32;
 
+   std::lock_guard<std::mutex> lock(m_mutex);
+
    secure_vector<byte>& io_buffer = accum.get_io_buffer(READ_ATTEMPT);
 
    for(size_t i = 0; i != sockets.size(); ++i)
diff --git a/src/lib/entropy/egd/es_egd.h b/src/lib/entropy/egd/es_egd.h
index d6cce8b7c..5afdc5a41 100644
--- a/src/lib/entropy/egd/es_egd.h
+++ b/src/lib/entropy/egd/es_egd.h
@@ -41,6 +41,7 @@ class EGD_EntropySource : public EntropySource
             int m_fd; // cached fd
          };
 
+      std::mutex m_mutex;
       std::vector<EGD_Socket> sockets;
    };
 
diff --git a/src/lib/entropy/egd/info.txt b/src/lib/entropy/egd/info.txt
index b93c4526d..bdf6db71e 100644
--- a/src/lib/entropy/egd/info.txt
+++ b/src/lib/entropy/egd/info.txt
@@ -1,5 +1,7 @@
 define ENTROPY_SRC_EGD 20131128
 
+load_on request
+
 <source>
 es_egd.cpp
 </source>
diff --git a/src/lib/entropy/entropy_src.h b/src/lib/entropy/entropy_src.h
index 77f822bbf..2bd7d42e5 100644
--- a/src/lib/entropy/entropy_src.h
+++ b/src/lib/entropy/entropy_src.h
@@ -84,6 +84,8 @@ class BOTAN_DLL Entropy_Accumulator
 class BOTAN_DLL EntropySource
    {
    public:
+      static void poll_available_sources(class Entropy_Accumulator& accum);
+
       /**
       * @return name identifying this entropy source
       */
diff --git a/src/lib/entropy/entropy_srcs.cpp b/src/lib/entropy/entropy_srcs.cpp
new file mode 100644
index 000000000..67bced409
--- /dev/null
+++ b/src/lib/entropy/entropy_srcs.cpp
@@ -0,0 +1,126 @@
+/*
+* Entropy Source Polling
+* (C) 2008-2010,2015 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/entropy_src.h>
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_HIGH_RESOLUTION_TIMER)
+  #include <botan/internal/hres_timer.h>
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_RDRAND)
+  #include <botan/internal/rdrand.h>
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_DEV_RANDOM)
+  #include <botan/internal/dev_random.h>
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_EGD)
+  #include <botan/internal/es_egd.h>
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_UNIX_PROCESS_RUNNER)
+  #include <botan/internal/unix_procs.h>
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_BEOS)
+  #include <botan/internal/es_beos.h>
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_CAPI)
+  #include <botan/internal/es_capi.h>
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_WIN32)
+  #include <botan/internal/es_win32.h>
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_PROC_WALKER)
+  #include <botan/internal/proc_walk.h>
+#endif
+
+namespace Botan {
+
+namespace {
+
+std::vector<std::unique_ptr<EntropySource>> get_default_entropy_sources()
+   {
+   std::vector<std::unique_ptr<EntropySource>> sources;
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_HIGH_RESOLUTION_TIMER)
+   sources.push_back(std::unique_ptr<EntropySource>(new High_Resolution_Timestamp));
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_RDRAND)
+   sources.push_back(std::unique_ptr<EntropySource>(new Intel_Rdrand));
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_UNIX_PROCESS_RUNNER)
+   sources.push_back(std::unique_ptr<EntropySource>(new UnixProcessInfo_EntropySource));
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_DEV_RANDOM)
+   sources.push_back(std::unique_ptr<EntropySource>(new Device_EntropySource(
+      { "/dev/random", "/dev/srandom", "/dev/urandom" }
+   )));
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_CAPI)
+   sources.push_back(std::unique_ptr<EntropySource>(new Win32_CAPI_EntropySource));
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_PROC_WALKER)
+   sources.push_back(std::unique_ptr<EntropySource>(
+      new ProcWalking_EntropySource("/proc")));
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_WIN32)
+   sources.push_back(std::unique_ptr<EntropySource>(new Win32_EntropySource));
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_BEOS)
+   sources.push_back(std::unique_ptr<EntropySource>(new BeOS_EntropySource));
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_UNIX_PROCESS_RUNNER)
+   sources.push_back(std::unique_ptr<EntropySource>(
+      new Unix_EntropySource(
+         { "/bin", "/sbin", "/usr/bin", "/usr/sbin" }
+      )));
+#endif
+
+#if defined(BOTAN_HAS_ENTROPY_SRC_EGD)
+   sources.push_back(std::unique_ptr<EntropySource>(
+      new EGD_EntropySource({ "/var/run/egd-pool", "/dev/egd-pool" })
+      ));
+#endif
+
+   return sources;
+   }
+
+}
+
+//static
+void EntropySource::poll_available_sources(class Entropy_Accumulator& accum)
+   {
+   static std::vector<std::unique_ptr<EntropySource>> g_sources(get_default_entropy_sources());
+
+   if(g_sources.empty())
+      throw std::runtime_error("No entropy sources enabled at build time, poll failed");
+
+   size_t poll_attempt = 0;
+
+   while(!accum.polling_goal_achieved() && poll_attempt < 16)
+      {
+      const size_t src_idx = poll_attempt % g_sources.size();
+      g_sources[src_idx]->poll(accum);
+      ++poll_attempt;
+      }
+   }
+
+}
+
diff --git a/src/lib/entropy/info.txt b/src/lib/entropy/info.txt
index d991577f7..77c2669e9 100644
--- a/src/lib/entropy/info.txt
+++ b/src/lib/entropy/info.txt
@@ -1,3 +1 @@
-<requires>
-algo_base
-</requires>
+define ENTROPY_SOURCE 20150201
diff --git a/src/lib/entropy/proc_walk/proc_walk.cpp b/src/lib/entropy/proc_walk/proc_walk.cpp
index 95dc4e8e3..616c76ea3 100644
--- a/src/lib/entropy/proc_walk/proc_walk.cpp
+++ b/src/lib/entropy/proc_walk/proc_walk.cpp
@@ -120,6 +120,8 @@ void ProcWalking_EntropySource::poll(Entropy_Accumulator& accum)
    const size_t MAX_FILES_READ_PER_POLL = 2048;
    const double ENTROPY_ESTIMATE = 1.0 / (8*1024);
 
+   std::lock_guard<std::mutex> lock(m_mutex);
+
    if(!m_dir)
       m_dir.reset(new Directory_Walker(m_path));
 
diff --git a/src/lib/entropy/proc_walk/proc_walk.h b/src/lib/entropy/proc_walk/proc_walk.h
index 047fb3bb9..218cd752a 100644
--- a/src/lib/entropy/proc_walk/proc_walk.h
+++ b/src/lib/entropy/proc_walk/proc_walk.h
@@ -34,6 +34,7 @@ class ProcWalking_EntropySource : public EntropySource
 
    private:
       const std::string m_path;
+      std::mutex m_mutex;
       std::unique_ptr<File_Descriptor_Source> m_dir;
    };
 
diff --git a/src/lib/entropy/unix_procs/unix_procs.cpp b/src/lib/entropy/unix_procs/unix_procs.cpp
index 3f4cd3567..f7583cf23 100644
--- a/src/lib/entropy/unix_procs/unix_procs.cpp
+++ b/src/lib/entropy/unix_procs/unix_procs.cpp
@@ -69,7 +69,7 @@ Unix_EntropySource::Unix_EntropySource(const std::vector<std::string>& trusted_p
 void UnixProcessInfo_EntropySource::poll(Entropy_Accumulator& accum)
    {
    static std::atomic<int> last_pid;
- 
+
    int pid = ::getpid();
 
    accum.add(pid, 0.0);
@@ -186,11 +186,12 @@ const std::vector<std::string>& Unix_EntropySource::next_source()
 
 void Unix_EntropySource::poll(Entropy_Accumulator& accum)
    {
-   // refuse to run as root (maybe instead setuid to nobody before exec?)
-   // fixme: this should also check for setgid
-   if(::getuid() == 0 || ::geteuid() == 0)
+   // refuse to run setuid or setgid, or as root
+   if((getuid() != geteuid()) || (getgid() != getegid()) || (geteuid() == 0))
       return;
 
+   std::lock_guard<std::mutex> lock(m_mutex);
+
    if(m_sources.empty())
       {
       auto sources = get_default_sources();
diff --git a/src/lib/entropy/unix_procs/unix_procs.h b/src/lib/entropy/unix_procs/unix_procs.h
index 11dbead65..00ebe13ad 100644
--- a/src/lib/entropy/unix_procs/unix_procs.h
+++ b/src/lib/entropy/unix_procs/unix_procs.h
@@ -67,6 +67,7 @@ class Unix_EntropySource : public EntropySource
 
       const std::vector<std::string>& next_source();
 
+      std::mutex m_mutex;
       const std::vector<std::string> m_trusted_paths;
       const size_t m_concurrent;