10 files changed, 38 insertions, 24 deletions

diff --git a/src/lib/alloc/locking_allocator/locking_allocator.cpp b/src/lib/alloc/locking_allocator/locking_allocator.cpp
index 4b66ea018..9ea1235e9 100644
--- a/src/lib/alloc/locking_allocator/locking_allocator.cpp
+++ b/src/lib/alloc/locking_allocator/locking_allocator.cpp
@@ -158,6 +158,12 @@ bool mlock_allocator::deallocate(void* p, size_t num_elems, size_t elem_size)
    if(!m_pool)
       return false;
 
+   /*
+   We do not have to zero the memory here, as
+   secure_allocator::deallocate does that for all arguments before
+   invoking the deallocator (us or delete[])
+   */
+
    size_t n = num_elems * elem_size;
 
    /*
diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp
index f56014ab7..db43ab175 100644
--- a/src/lib/cert/x509/x509_ext.cpp
+++ b/src/lib/cert/x509/x509_ext.cpp
@@ -63,6 +63,8 @@ Extensions& Extensions::operator=(const Extensions& other)
          std::make_pair(other.extensions[i].first->copy(),
                         other.extensions[i].second));
 
+   m_throw_on_unknown_critical = other.m_throw_on_unknown_critical;
+
    return (*this);
    }
 
diff --git a/src/lib/cert/x509/x509path.h b/src/lib/cert/x509/x509path.h
index f7e57759e..05ed43a2e 100644
--- a/src/lib/cert/x509/x509path.h
+++ b/src/lib/cert/x509/x509path.h
@@ -122,7 +122,7 @@ class BOTAN_DLL Path_Validation_Result
       Path_Validation_Result(Certificate_Status_Code status) : m_overall(status) {}
 
    private:
-      friend Path_Validation_Result x509_path_validate(
+      friend Path_Validation_Result BOTAN_DLL x509_path_validate(
          const std::vector<X509_Certificate>& end_certs,
          const Path_Validation_Restrictions& restrictions,
          const std::vector<Certificate_Store*>& certstores);
diff --git a/src/lib/entropy/egd/es_egd.cpp b/src/lib/entropy/egd/es_egd.cpp
index c04acb4f3..e61d4ef82 100644
--- a/src/lib/entropy/egd/es_egd.cpp
+++ b/src/lib/entropy/egd/es_egd.cpp
@@ -43,7 +43,7 @@ int EGD_EntropySource::EGD_Socket::open_socket(const std::string& path)
       std::memset(&addr, 0, sizeof(addr));
       addr.sun_family = PF_LOCAL;
 
-      if(sizeof(addr.sun_path) < path.length() + 1)
+      if(path.length() >= sizeof(addr.sun_path))
          throw std::invalid_argument("EGD socket path is too long");
 
       std::strncpy(addr.sun_path, path.c_str(), sizeof(addr.sun_path));
@@ -109,7 +109,7 @@ size_t EGD_EntropySource::EGD_Socket::read(byte outbuf[], size_t length)
 
 void EGD_EntropySource::EGD_Socket::close()
    {
-   if(m_fd > 0)
+   if(m_fd >= 0)
       {
       ::close(m_fd);
       m_fd = -1;
diff --git a/src/lib/entropy/proc_walk/proc_walk.cpp b/src/lib/entropy/proc_walk/proc_walk.cpp
index 5a72f46e5..f459a7e32 100644
--- a/src/lib/entropy/proc_walk/proc_walk.cpp
+++ b/src/lib/entropy/proc_walk/proc_walk.cpp
@@ -106,7 +106,7 @@ int Directory_Walker::next_fd()
          {
          int fd = ::open(full_path.c_str(), O_RDONLY | O_NOCTTY);
 
-         if(fd > 0)
+         if(fd >= 0)
             return fd;
          }
       }
diff --git a/src/lib/entropy/unix_procs/unix_procs.cpp b/src/lib/entropy/unix_procs/unix_procs.cpp
index c36941f43..7925741bb 100644
--- a/src/lib/entropy/unix_procs/unix_procs.cpp
+++ b/src/lib/entropy/unix_procs/unix_procs.cpp
@@ -11,6 +11,7 @@
 #include <botan/internal/unix_procs.h>
 #include <botan/parsing.h>
 #include <algorithm>
+#include <atomic>
 
 #include <sys/time.h>
 #include <sys/stat.h>
@@ -67,19 +68,25 @@ Unix_EntropySource::Unix_EntropySource(const std::vector<std::string>& trusted_p
 
 void UnixProcessInfo_EntropySource::poll(Entropy_Accumulator& accum)
    {
-   accum.add(::getpid(),  0.0);
-   accum.add(::getppid(), 0.0);
-   accum.add(::getuid(),  0.0);
-   accum.add(::getgid(),  0.0);
-   accum.add(::getsid(0),  0.0);
-   accum.add(::getpgrp(), 0.0);
+   static std::atomic<int> last_pid;
+ 
+   int pid = ::getpid();
+
+   accum.add(pid, 0.0);
+
+   if(pid != last_pid)
+      {
+      last_pid = pid;
+      accum.add(::getppid(), 0.0);
+      accum.add(::getuid(),  0.0);
+      accum.add(::getgid(),  0.0);
+      accum.add(::getsid(0),  0.0);
+      accum.add(::getpgrp(), 0.0);
+      }
 
    struct ::rusage usage;
    ::getrusage(RUSAGE_SELF, &usage);
    accum.add(usage, 0.0);
-
-   ::getrusage(RUSAGE_CHILDREN, &usage);
-   accum.add(usage, 0.0);
    }
 
 namespace {
diff --git a/src/lib/kdf/info.txt b/src/lib/kdf/info.txt
index e9cbdeb1a..f33a4bc8d 100644
--- a/src/lib/kdf/info.txt
+++ b/src/lib/kdf/info.txt
@@ -2,4 +2,5 @@ define KDF_BASE 20131128
 
 <requires>
 alloc
+libstate
 </requires>
diff --git a/src/lib/rng/hmac_rng/hmac_rng.cpp b/src/lib/rng/hmac_rng/hmac_rng.cpp
index 7d8b54e84..153f85c80 100644
--- a/src/lib/rng/hmac_rng/hmac_rng.cpp
+++ b/src/lib/rng/hmac_rng/hmac_rng.cpp
@@ -95,6 +95,11 @@ void HMAC_RNG::randomize(byte out[], size_t length)
 
    const size_t max_per_prf_iter = m_prf->output_length() / 2;
 
+   m_output_since_reseed += length;
+
+   if(m_output_since_reseed >= BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED)
+      reseed(BOTAN_RNG_RESEED_POLL_BITS);
+
    /*
     HMAC KDF as described in E-t-E, using a CTXinfo of "rng"
    */
@@ -107,11 +112,6 @@ void HMAC_RNG::randomize(byte out[], size_t length)
       copy_mem(out, &m_K[0], copied);
       out += copied;
       length -= copied;
-
-      m_output_since_reseed += copied;
-
-      if(m_output_since_reseed >= BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED)
-         reseed(BOTAN_RNG_RESEED_POLL_BITS);
       }
    }
 
diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h
index 626f6a1cf..a1634c8ad 100644
--- a/src/lib/tls/tls_messages.h
+++ b/src/lib/tls/tls_messages.h
@@ -210,7 +210,7 @@ class Server_Hello : public Handshake_Message
 
       bool secure_renegotiation() const
          {
-         return m_extensions.get<Renegotiation_Extension>();
+         return m_extensions.has<Renegotiation_Extension>();
          }
 
       std::vector<byte> renegotiation_info() const
@@ -222,7 +222,7 @@ class Server_Hello : public Handshake_Message
 
       bool next_protocol_notification() const
          {
-         return m_extensions.get<Next_Protocol_Notification>();
+         return m_extensions.has<Next_Protocol_Notification>();
          }
 
       std::vector<std::string> next_protocols() const
@@ -241,12 +241,12 @@ class Server_Hello : public Handshake_Message
 
       bool supports_session_ticket() const
          {
-         return m_extensions.get<Session_Ticket>();
+         return m_extensions.has<Session_Ticket>();
          }
 
       bool supports_heartbeats() const
          {
-         return m_extensions.get<Heartbeat_Support_Indicator>();
+         return m_extensions.has<Heartbeat_Support_Indicator>();
          }
 
       bool peer_can_send_heartbeats() const
diff --git a/src/lib/utils/sqlite3/sqlite3.h b/src/lib/utils/sqlite3/sqlite3.h
index aef04ab4d..3085ff0e3 100644
--- a/src/lib/utils/sqlite3/sqlite3.h
+++ b/src/lib/utils/sqlite3/sqlite3.h
@@ -56,8 +56,6 @@ class sqlite3_statement
 
       bool step();
 
-      sqlite3_stmt* stmt() { return m_stmt; }
-
       ~sqlite3_statement();
    private:
       sqlite3_stmt* m_stmt;