grsecurity 4.9.24 entropy patch

1. --- drivers/char/random.c.orig  2017-04-22 10:20:37.288090151 -0500
2. +++ drivers/char/random.c   2017-04-22 10:20:43.472090276 -0500
3. @@ -278,10 +278,10 @@
4.  /*
5.   * Configuration information
6.   */
7. -#define INPUT_POOL_SHIFT   12
8. -#define INPUT_POOL_WORDS   (1 << (INPUT_POOL_SHIFT-5))
9. -#define OUTPUT_POOL_SHIFT  10
10. -#define OUTPUT_POOL_WORDS  (1 << (OUTPUT_POOL_SHIFT-5))
11. +#define INPUT_POOL_SHIFT   16
12. +#define INPUT_POOL_WORDS   (1 << INPUT_POOL_SHIFT)
13. +#define OUTPUT_POOL_SHIFT  14
14. +#define OUTPUT_POOL_WORDS  (1 << OUTPUT_POOL_SHIFT)
15.  #define SEC_XFER_SIZE      512
16.  #define EXTRACT_SIZE       10
17.  
18. @@ -364,15 +364,17 @@ static int random_min_urandom_seed = 60;
19.  static struct poolinfo {
20.     int poolbitshift, poolwords, poolbytes, poolbits, poolfracbits;
21.  #define S(x) ilog2(x)+5, (x), (x)*4, (x)*32, (x) << (ENTROPY_SHIFT+5)
22. -   int tap1, tap2, tap3, tap4, tap5;
23. +   unsigned long tap[5];
24.  } poolinfo_table[] = {
25. +   { S(8192), { 6459, 4921, 3273, 1641, 362 }},
26. +   { S(2048), { 1638, 1231, 819, 411, 91 }}
27. +#if 0
28.     /* was: x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 */
29.     /* x^128 + x^104 + x^76 + x^51 +x^25 + x + 1 */
30.     { S(128),   104,    76, 51, 25, 1 },
31.     /* was: x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 */
32.     /* x^32 + x^26 + x^19 + x^14 + x^7 + x + 1 */
33.     { S(32),    26, 19, 14, 7,  1 },
34. -#if 0
35.     /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1  -- 115 */
36.     { S(2048),  1638,   1231,   819,    411,    1 },
37.  
38. @@ -451,7 +453,7 @@ struct entropy_store;
39.  struct entropy_store {
40.     /* read-only data: */
41.     const struct poolinfo *poolinfo;
42. -   __u32 *pool;
43. +   __u64 *pool;
44.     const char *name;
45.     struct entropy_store *pull;
46.     struct work_struct push_work;
47. @@ -476,8 +478,8 @@ static ssize_t _extract_entropy(struct e
48.  
49.  static void crng_reseed(struct crng_state *crng, struct entropy_store *r);
50.  static void push_to_pool(struct work_struct *work);
51. -static __u32 input_pool_data[INPUT_POOL_WORDS] __latent_entropy;
52. -static __u32 blocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy;
53. +static __u64 input_pool_data[INPUT_POOL_WORDS] __latent_entropy;
54. +static __u64 blocking_pool_data[OUTPUT_POOL_WORDS] __latent_entropy;
55.  
56.  static struct entropy_store input_pool = {
57.     .poolinfo = &poolinfo_table[0],
58. @@ -498,9 +500,72 @@ static struct entropy_store blocking_poo
59.                     push_to_pool),
60.  };
61.  
62. -static __u32 const twist_table[8] = {
63. -   0x00000000, 0x3b6e20c8, 0x76dc4190, 0x4db26158,
64. -   0xedb88320, 0xd6d6a3e8, 0x9b64c2b0, 0xa00ae278 };
65. +static __u64 const twist_table[64][4] = {
66. +    { 0x0706050403020100, 0x0E0D0C0B0A090807, 0x090B090F090B0907, 0x4858487848584838 },
67. +    { 0xB7A7B787B7A7B7C7, 0x8706860585048403, 0x30A1318232A333C4, 0x85098C1195199E21 },
68. +    { 0x7AF673EE6AE661DE, 0xC3834302C2824201, 0xB97530ECA86423DF, 0xCBA9876543211EFD },
69. +    { 0x3456789ABCDEE102, 0xE1C1A18161412100, 0xD597D91BDD9FC002, 0xACBEC8DEECFE0016 },
70. +    { 0x534137211301FFE9, 0x70E0D0C0B0A09080, 0x23A1E7E1A3A16F69, 0x1D0F3F0D1D0B7B49 },
71. +    { 0xE2F0C0F2E2F484B6, 0x3870686058504840, 0xDA80A892BAA4CCF6, 0xD4054495D52667B6 },
72. +    { 0x2BFABB6A2AD99849, 0x1C3834302C282420, 0x37C28F5A06F1BC69, 0xBE147AD0378DE349 },
73. +    { 0x41EB852FC8721CB6, 0x0E1C1A1816141210, 0x4FF79F37DE660EA6, 0x7FBCF9BEF3307532 },
74. +    { 0x804306410CCF8ACD, 0x070E0D0C0B0A0908, 0x874D0B4D07C583C5, 0x3A685A683E2C1E2C },
75. +    { 0xC597A597C1D3E1D3, 0x0387068605850484, 0xC610A311C456E557, 0x3085188E22B72ABE },
76. +    { 0xCF7AE771DD48D541, 0x01C3834302C28242, 0xCEB96432DF8A5703, 0x75CB2196FC52B81E },
77. +    { 0x8A34DE6903AD47E1, 0x00E1C1A181614121, 0x8AD51FC882CC06C0, 0x56A8FE4416603604 },
78. +    { 0xA95701BBE99FC9FB, 0x8070E0D0C0B0A090, 0x2927E16B292F696B, 0x493F0B59497B4B59 },
79. +    { 0xB6C0F4A6B684B4A6, 0x4038706860585048, 0xF6F884CED6DCE4EE, 0xB7C42676B6E72777 },
80. +    { 0x483BD9894918D888, 0x201C3834302C2824, 0x6827E1BD7934F0AC, 0x413F0DEBC9A78563 },
81. +    { 0xBEC0F21436587A9C, 0x100E1C1A18161412, 0xAECEEE0E2E4E6E8E, 0x7677707172737475 },
82. +    { 0x89888F8E8D8C8B8A, 0x08070E0D0C0B0A09, 0x818F818381878183, 0x0C7C0C1C0C3C0C1C },
83. +    { 0xF383F3E3F3C3F3E3, 0x8403870686058504, 0x778074E575C676E7, 0xBC03A72BAE33B73B },
84. +    { 0x43FC58D451CC48C4, 0x4201C3834302C282, 0x01FD9B5712CE8A46, 0x0FECDAB896745230 },
85. +    { 0xF0132547698BADCF, 0x2100E1C1A1816141, 0xD113C486C80ACC8E, 0x889E243640566476 },
86. +    { 0x7761DBC9BFA99B89, 0x908070E0D0C0B0A0, 0xE7E1AB296F692B29, 0x3F0D594B7B49594F },
87. +    { 0xC0F2A6B484B6A6B0, 0x4840387068605850, 0x88B29EC4ECD6FEE0, 0x4594F62766B7F704 },
88. +    { 0xBA6B09D8994808FB, 0x24201C3834302C28, 0x9E4B15E0AD7824D3, 0xF258AF056BC1269C },
89. +    { 0x0DA750FA943ED963, 0x12100E1C1A181614, 0x1FB75EE68E26CF77, 0xFDBAF73471367BB8 },
90. +    { 0x024508CB8EC98447, 0x0908070E0D0C0B0A, 0x0B4D0FC583C58F4D, 0x5A687E2C1E2C7A68 },
91. +    { 0xA59781D3E1D38597, 0x0484038706860585, 0xA1138254E7558012, 0x089C12A73AAC0095 },
92. +    { 0xF763ED58C553FF6A, 0x824201C3834302C2, 0x7521EC9B4610FDA8, 0xA90F64DA3087ED43 },
93. +    { 0x56F09B25CF7812BC, 0x412100E1C1A18161, 0x17D19BC40ED993DD, 0xBE8CDE2076CC9EE8 },
94. +    { 0x417321DF89336117, 0xA0908070E0D0C0B0, 0xE1E3A1AF69E3A1A7, 0x0F1D0D7B4F1D0D3F },
95. +    { 0xF0E2F284B0E2F2C0, 0x5048403870686058, 0xA0AAB2BCC08A9298, 0x055595E6045494C5 },
96. +    { 0xFAAA6A19FBAB6B3A, 0x2824201C3834302C, 0xD28E4A05C39F5B16, 0x9472502E1CFAD8B6 },
97. +    { 0x6B8DAFD1E3052749, 0x1412100E1C1A1816, 0x7F9FBFDFFF1F3F5F, 0xFCFDFEFFF8F9FAFB },
98. +    { 0x0302010007060504, 0x0A0908070E0D0C0B, 0x090B0907090B090F, 0x4858483848584878 },
99. +    { 0xB7A7B7C7B7A7B787, 0x8504840387068605, 0x32A333C430A13182, 0x95199E2185098C11 },
100. +    { 0x6AE661DE7AF673EE, 0xC2824201C3834302, 0xA86423DFB97530EC, 0x43211EFDCBA98765 },
101. +    { 0xBCDEE1023456789A, 0x61412100E1C1A181, 0xDD9FC002D597D91B, 0xECFE0016ACBEC8DE },
102. +    { 0x1301FFE953413721, 0xB0A0908070E0D0C0, 0xA3A16F6923A1E7E1, 0x1D0B7B491D0F3F0D },
103. +    { 0xE2F484B6E2F0C0F2, 0x5850484038706860, 0xBAA4CCF6DA80A892, 0xD52667B6D4054495 },
104. +    { 0x2AD998492BFABB6A, 0x2C2824201C383430, 0x06F1BC6937C28F5A, 0x378DE349BE147AD0 },
105. +    { 0xC8721CB641EB852F, 0x161412100E1C1A18, 0xDE660EA64FF79F37, 0xF33075327FBCF9BE },
106. +    { 0x0CCF8ACD80430641, 0x0B0A0908070E0D0C, 0x07C583C5874D0B4D, 0x3E2C1E2C3A685A68 },
107. +    { 0xC1D3E1D3C597A597, 0x0585048403870686, 0xC456E557C610A311, 0x22B72ABE3085188E },
108. +    { 0xDD48D541CF7AE771, 0x02C2824201C38343, 0xDF8A5703CEB96432, 0xFC52B81E75CB2196 },
109. +    { 0x03AD47E18A34DE69, 0x8161412100E1C1A1, 0x82CC06C08AD51FC8, 0x1660360456A8FE44 },
110. +    { 0xE99FC9FBA95701BB, 0xC0B0A0908070E0D0, 0x292F696B2927E16B, 0x497B4B59493F0B59 },
111. +    { 0xB684B4A6B6C0F4A6, 0x6058504840387068, 0xD6DCE4EEF6F884CE, 0xB6E72777B7C42676 },
112. +    { 0x4918D888483BD989, 0x302C2824201C3834, 0x7934F0AC6827E1BD, 0xC9A78563413F0DEB },
113. +    { 0x36587A9CBEC0F214, 0x18161412100E1C1A, 0x2E4E6E8EAECEEE0E, 0x7273747576777071 },
114. +    { 0x8D8C8B8A89888F8E, 0x0C0B0A0908070E0D, 0x81878183818F8183, 0x0C3C0C1C0C7C0C1C },
115. +    { 0xF3C3F3E3F383F3E3, 0x8605850484038706, 0x75C676E7778074E5, 0xAE33B73BBC03A72B },
116. +    { 0x51CC48C443FC58D4, 0x4302C2824201C383, 0x12CE8A4601FD9B57, 0x967452300FECDAB8 },
117. +    { 0x698BADCFF0132547, 0xA18161412100E1C1, 0xC80ACC8ED113C486, 0x40566476889E2436 },
118. +    { 0xBFA99B897761DBC9, 0xD0C0B0A0908070E0, 0x6F692B29E7E1AB29, 0x7B49594F3F0D594B },
119. +    { 0x84B6A6B0C0F2A6B4, 0x6860585048403870, 0xECD6FEE088B29EC4, 0x66B7F7044594F627 },
120. +    { 0x994808FBBA6B09D8, 0x34302C2824201C38, 0xAD7824D39E4B15E0, 0x6BC1269CF258AF05 },
121. +    { 0x943ED9630DA750FA, 0x1A18161412100E1C, 0x8E26CF771FB75EE6, 0x71367BB8FDBAF734 },
122. +    { 0x8EC98447024508CB, 0x0D0C0B0A0908070E, 0x83C58F4D0B4D0FC5, 0x1E2C7A685A687E2C },
123. +    { 0xE1D38597A59781D3, 0x0686058504840387, 0xE7558012A1138254, 0x3AAC0095089C12A7 },
124. +    { 0xC553FF6AF763ED58, 0x834302C2824201C3, 0x4610FDA87521EC9B, 0x3087ED43A90F64DA },
125. +    { 0xCF7812BC56F09B25, 0xC1A18161412100E1, 0x0ED993DD17D19BC4, 0x76CC9EE8BE8CDE20 },
126. +    { 0x89336117417321DF, 0xE0D0C0B0A0908070, 0x69E3A1A7E1E3A1AF, 0x4F1D0D3F0F1D0D7B },
127. +    { 0xB0E2F2C0F0E2F284, 0x7068605850484038, 0xC08A9298A0AAB2BC, 0x045494C5055595E6 },
128. +    { 0xFBAB6B3AFAAA6A19, 0x3834302C2824201C, 0xC39F5B16D28E4A05, 0x1CFAD8B69472502E },
129. +    { 0xE30527496B8DAFD1, 0x1C1A18161412100E, 0xFF1F3F5F7F9FBFDF, 0xF8F9FAFBFCFDFEFF }
130. + };
131.  
132.  /*
133.   * This function adds bytes into the entropy "pool".  It does not
134. @@ -515,36 +580,34 @@ static __u32 const twist_table[8] = {
135.  static void _mix_pool_bytes(struct entropy_store *r, const void *in,
136.                 int nbytes)
137.  {
138. -   unsigned long i, tap1, tap2, tap3, tap4, tap5;
139. +   unsigned long i, tap[5], n;
140.     int input_rotate;
141. +   unsigned short t1, t2;
142.     int wordmask = r->poolinfo->poolwords - 1;
143.     const char *bytes = in;
144. -   __u32 w;
145. +   __u64 w;
146.  
147. -   tap1 = r->poolinfo->tap1;
148. -   tap2 = r->poolinfo->tap2;
149. -   tap3 = r->poolinfo->tap3;
150. -   tap4 = r->poolinfo->tap4;
151. -   tap5 = r->poolinfo->tap5;
152. +   for (n=0; n<5; n++)
153. +       tap[n] = r->poolinfo->tap[n];
154.  
155.     input_rotate = r->input_rotate;
156.     i = r->add_ptr;
157.  
158.     /* mix one byte at a time to simplify size handling and churn faster */
159.     while (nbytes--) {
160. -       w = rol32(*bytes++, input_rotate);
161. +       w = rol64(*bytes++, input_rotate);
162.         i = (i - 1) & wordmask;
163.  
164.         /* XOR in the various taps */
165. -       w ^= r->pool[i];
166. -       w ^= r->pool[(i + tap1) & wordmask];
167. -       w ^= r->pool[(i + tap2) & wordmask];
168. -       w ^= r->pool[(i + tap3) & wordmask];
169. -       w ^= r->pool[(i + tap4) & wordmask];
170. -       w ^= r->pool[(i + tap5) & wordmask];
171. +       w ^= r->pool[i];
172. +       for (n=0; n<5; n++)
173. +           w ^= r->pool[(i + tap[n]) & wordmask];
174. +
175. +       t1 = rol64(w, 24) & 0x1FFF; // 0-63, 1111111111111
176. +       t2 = rol64(w, t1) & 0x3;    // 0-3, 11
177.  
178.         /* Mix the result back in with a twist */
179. -       r->pool[i] = (w >> 3) ^ twist_table[w & 7];
180. +       r->pool[i] = (w >> 3) ^ twist_table[t1][t2];
181.  
182.         /*
183.          * Normally, we add 7 bits of rotation to the pool.
184. @@ -578,7 +641,7 @@ static void mix_pool_bytes(struct entrop
185.  }
186.  
187.  struct fast_pool {
188. -   __u32       pool[4];
189. +   __u64       pool[4];
190.     unsigned long   last;
191.     unsigned short  reg_idx;
192.     unsigned char   count;
193. @@ -591,23 +654,23 @@ struct fast_pool {
194.   */
195.  static void fast_mix(struct fast_pool *f)
196.  {
197. -   __u32 a = f->pool[0],   b = f->pool[1];
198. -   __u32 c = f->pool[2],   d = f->pool[3];
199. +   __u64 a = f->pool[0],   b = f->pool[1];
200. +   __u64 c = f->pool[2],   d = f->pool[3];
201.  
202.     a += b;         c += d;
203. -   b = rol32(b, 6);    d = rol32(d, 27);
204. +   b = rol64(b, 6);    d = rol64(d, 27);
205.     d ^= a;         b ^= c;
206.  
207.     a += b;         c += d;
208. -   b = rol32(b, 16);   d = rol32(d, 14);
209. +   b = rol64(b, 16);   d = rol64(d, 14);
210.     d ^= a;         b ^= c;
211.  
212.     a += b;         c += d;
213. -   b = rol32(b, 6);    d = rol32(d, 27);
214. +   b = rol64(b, 6);    d = rol64(d, 27);
215.     d ^= a;         b ^= c;
216.  
217.     a += b;         c += d;
218. -   b = rol32(b, 16);   d = rol32(d, 14);
219. +   b = rol64(b, 16);   d = rol64(d, 14);
220.     d ^= a;         b ^= c;
221.  
222.     f->pool[0] = a;  f->pool[1] = b;
223. @@ -1231,7 +1294,7 @@ static void xfer_secondary_pool(struct e
224.  
225.  static void _xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
226.  {
227. -   __u32   tmp[OUTPUT_POOL_WORDS];
228. +   __u32 *tmp = kmalloc(OUTPUT_POOL_WORDS, GFP_NOIO | GFP_KERNEL);
229.  
230.     /* For /dev/random's pool, always leave two wakeups' worth */
231.     int rsvd_bytes = r->limit ? 0 : random_read_wakeup_bits / 4;
232. @@ -1248,6 +1311,7 @@ static void _xfer_secondary_pool(struct
233.                 random_read_wakeup_bits / 8, rsvd_bytes);
234.     mix_pool_bytes(r, tmp, bytes);
235.     credit_entropy_bits(r, bytes*8);
236. +   kfree(tmp);
237.  }
238.  
239.  /*
240. @@ -1773,7 +1837,7 @@ static int
241.  write_pool(struct entropy_store *r, const char __user *buffer, size_t count)
242.  {
243.     size_t bytes;
244. -   __u32 buf[16];
245. +   __u64 buf[16];
246.     const char __user *p = buffer;
247.  
248.     while (count > 0) {