Submitted By: Robert Connolly (ashes) Date: 2006-06-04 Initial Package Version: 2.6.16.19 Upstream Status: Rejected Origin: This patch is based on a portion of the Grsecurity kernel patch: http://www.grsecurity.net/ Description: This patch adds configuration options to increase the entropy pool size of the Linux kernel. Also see: http://www.linuxfromscratch.org/hints/downloads/files/entropy.txt diff -Naur linux-2.6.16.19.orig/drivers/char/Kconfig linux-2.6.16.19/drivers/char/Kconfig --- linux-2.6.16.19.orig/drivers/char/Kconfig 2006-05-31 00:31:44.000000000 +0000 +++ linux-2.6.16.19/drivers/char/Kconfig 2006-06-04 06:43:45.000000000 +0000 @@ -653,6 +653,34 @@ If you're not sure, say N. +config SELECT_ENTROPY_POOL_SIZE + def_bool y +choice + prompt "Entropy pool size" + default SMALL_ENTROPY_POOL + +config SMALL_ENTROPY_POOL_SIZE + bool "Small size entropy pool" + help + This option keeps entropy DEFAULT_POOL_SIZE at the default of + 512 bytes. + +config MEDIUM_ENTROPY_POOL_SIZE + bool "Medium size entropy pool" + help + The option increases the DEFAULT_POOL_SIZE from 512 to 1024 bytes, + the SECONDARY_POOL_SIZE from 128 to 256 bytes, and BATCH_ENTROPY_SIZE + from 256 to 512 bytes. + +config LARGE_ENTROPY_POOL_SIZE + bool "Large size entropy pool" + help + The option increases the DEFAULT_POOL_SIZE from 512 to 2048 bytes, + the SECONDARY_POOL_SIZE from 128 to 256 bytes, and BATCH_ENTROPY_SIZE + from 256 to 512 bytes. + +endchoice + config HW_RANDOM tristate "Intel/AMD/VIA HW Random Number Generator support" depends on (X86 || IA64) && PCI diff -Naur linux-2.6.16.19.orig/drivers/char/random.c linux-2.6.16.19/drivers/char/random.c --- linux-2.6.16.19.orig/drivers/char/random.c 2006-05-31 00:31:44.000000000 +0000 +++ linux-2.6.16.19/drivers/char/random.c 2006-06-04 06:45:33.000000000 +0000 @@ -249,8 +249,17 @@ /* * Configuration information */ +#if defined(CONFIG_MEDIUM_ENTROPY_POOL_SIZE) +#define INPUT_POOL_WORDS 256 +#define OUTPUT_POOL_WORDS 64 +#elif defined(CONFIG_LARGE_ENTROPY_POOL_SIZE) +#define INPUT_POOL_WORDS 512 +#define OUTPUT_POOL_WORDS 128 +#else +/* Default to vanilla pool size. */ #define INPUT_POOL_WORDS 128 #define OUTPUT_POOL_WORDS 32 +#endif #define SEC_XFER_SIZE 512 /*