summaryrefslogtreecommitdiff
path: root/recipes-support
diff options
context:
space:
mode:
authorMax Krummenacher <max.krummenacher@toradex.com>2016-12-30 15:48:19 +0100
committerMax Krummenacher <max.krummenacher@toradex.com>2017-01-11 20:18:11 +0100
commita4c62af62750a8c33ed1b8bee7d2f8b8d707d3cc (patch)
tree4d47bdb191b4fcbc48034e7fbb92ea57b6123011 /recipes-support
parentdc4caf1f337ea524a786a7c956af71e3934fe4c1 (diff)
gnutls: backport split initialization in preinit and init
From https://bugzilla.redhat.com/show_bug.cgi?id=1387141: Description of problem: GnuTLS initializes its random generator on the library constructor. That has the side effect that applications which load early on boot process may block for significant time even when they wouldn't otherwise use the random generator. connmand is hit by the above issue. Backport the relevant patches. Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com> Acked-by: Stefan Agner <stefan.agner@toradex.com>
Diffstat (limited to 'recipes-support')
-rw-r--r--recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch105
-rw-r--r--recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch261
-rw-r--r--recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch315
-rw-r--r--recipes-support/gnutls/gnutls_3.5.3.bbappend8
4 files changed, 689 insertions, 0 deletions
diff --git a/recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch b/recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch
new file mode 100644
index 0000000..91251cf
--- /dev/null
+++ b/recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch
@@ -0,0 +1,105 @@
+From 4d49e06e8850ed3ffb89f6856555a2435962fedd Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 31 Oct 2016 11:40:12 +0100
+Subject: [PATCH 1/3] _gnutls_rnd_check: call _rnd_system_entropy_check
+ directly
+
+Upstream-Status: Backport
+
+diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
+index 3d979d8..6f4b743 100644
+--- a/lib/crypto-backend.h
++++ b/lib/crypto-backend.h
+@@ -73,8 +73,7 @@ typedef struct {
+ } gnutls_crypto_digest_st;
+
+ typedef struct gnutls_crypto_rnd {
+- int (*init) (void **ctx);
+- int (*check) (void **ctx);
++ int (*init) (void **ctx); /* called prior to first usage of randomness */
+ int (*rnd) (void *ctx, int level, void *data, size_t datasize);
+ void (*rnd_refresh) (void *ctx);
+ void (*deinit) (void *ctx);
+diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c
+index ef64649..59795a9 100644
+--- a/lib/nettle/rnd-fips.c
++++ b/lib/nettle/rnd-fips.c
+@@ -226,15 +226,6 @@ static void _rngfips_deinit(void *_ctx)
+ free(ctx);
+ }
+
+-/* This is called when gnutls_global_init() is called for second time.
+- * It must check whether any resources are still available.
+- * The particular problem it solves is to verify that the urandom fd is still
+- * open (for applications that for some reason closed all fds */
+-static int _rndfips_check(void **ctx)
+-{
+- return _rnd_system_entropy_check();
+-}
+-
+ static void _rngfips_refresh(void *_ctx)
+ {
+ /* this is predictable RNG. Don't refresh */
+@@ -260,7 +251,6 @@ static int selftest_kat(void)
+
+ gnutls_crypto_rnd_st _gnutls_fips_rnd_ops = {
+ .init = _rngfips_init,
+- .check = _rndfips_check,
+ .deinit = _rngfips_deinit,
+ .rnd = _rngfips_rnd,
+ .rnd_refresh = _rngfips_refresh,
+diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
+index 8a5a762..39b99e1 100644
+--- a/lib/nettle/rnd.c
++++ b/lib/nettle/rnd.c
+@@ -257,15 +257,6 @@ static int wrap_nettle_rnd_init(void **ctx)
+ return 0;
+ }
+
+-/* This is called when gnutls_global_init() is called for second time.
+- * It must check whether any resources are still available.
+- * The particular problem it solves is to verify that the urandom fd is still
+- * open (for applications that for some reason closed all fds */
+-static int wrap_nettle_rnd_check(void **ctx)
+-{
+- return _rnd_system_entropy_check();
+-}
+-
+ static int
+ wrap_nettle_rnd_nonce(void *_ctx, void *data, size_t datasize)
+ {
+@@ -373,7 +364,6 @@ int crypto_rnd_prio = INT_MAX;
+
+ gnutls_crypto_rnd_st _gnutls_rnd_ops = {
+ .init = wrap_nettle_rnd_init,
+- .check = wrap_nettle_rnd_check,
+ .deinit = wrap_nettle_rnd_deinit,
+ .rnd = wrap_nettle_rnd,
+ .rnd_refresh = wrap_nettle_rnd_refresh,
+diff --git a/lib/random.h b/lib/random.h
+index 59e3f3c..1538ec8 100644
+--- a/lib/random.h
++++ b/lib/random.h
+@@ -25,6 +25,7 @@
+
+ #include <gnutls/crypto.h>
+ #include <crypto-backend.h>
++#include "nettle/rnd-common.h"
+
+ extern int crypto_rnd_prio;
+ extern void *gnutls_rnd_ctx;
+@@ -50,10 +51,7 @@ int _gnutls_rnd_init(void);
+
+ inline static int _gnutls_rnd_check(void)
+ {
+- if (_gnutls_rnd_ops.check)
+- return _gnutls_rnd_ops.check(gnutls_rnd_ctx);
+- else
+- return 0;
++ return _rnd_system_entropy_check();
+ }
+
+ #ifndef _WIN32
+--
+2.6.6
+
diff --git a/recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch b/recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch
new file mode 100644
index 0000000..29bcf5f
--- /dev/null
+++ b/recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch
@@ -0,0 +1,261 @@
+From 834e8fc03cb27ae437a2044cfaf265752c3e6a26 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Fri, 14 Oct 2016 14:16:51 +0200
+Subject: [PATCH 2/3] rng: split initialization in preinit and init
+
+This makes gnutls to initialize its random generator on the
+first call to gnutls_rnd(). That prevents blocking due to
+getrandom() on a constructor; that change allows to use gnutls-linked
+applications even in early boot in systems where getrandom() blocks
+waiting for entropy.
+
+Upstream-Status: Backport
+
+diff --git a/configure.ac b/configure.ac
+index 0ba2230..f842e26 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -186,6 +186,7 @@ AM_SUBST_NOTMAKE([DEFINE_IOVEC_T])
+
+ dnl Need netinet/tcp.h for TCP_FASTOPEN
+ AC_CHECK_HEADERS([netinet/tcp.h])
++AC_CHECK_HEADERS([stdatomic.h])
+
+ AC_ARG_ENABLE(padlock,
+ AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]),
+diff --git a/lib/global.c b/lib/global.c
+index d75cea8..bdc3c1f 100644
+--- a/lib/global.c
++++ b/lib/global.c
+@@ -304,7 +304,7 @@ static int _gnutls_global_init(unsigned constructor)
+ }
+
+ /* Initialize the random generator */
+- ret = _gnutls_rnd_init();
++ ret = _gnutls_rnd_preinit();
+ if (ret < 0) {
+ gnutls_assert();
+ goto out;
+diff --git a/lib/locks.h b/lib/locks.h
+index 5807754..b1efbb5 100644
+--- a/lib/locks.h
++++ b/lib/locks.h
+@@ -27,6 +27,10 @@
+ #include "gnutls_int.h"
+ #include <system.h>
+
++#ifdef HAVE_STDATOMIC_H
++# include <stdatomic.h>
++#endif
++
+ extern mutex_init_func gnutls_mutex_init;
+ extern mutex_deinit_func gnutls_mutex_deinit;
+ extern mutex_lock_func gnutls_mutex_lock;
+diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c
+index 59795a9..0807701 100644
+--- a/lib/nettle/rnd-fips.c
++++ b/lib/nettle/rnd-fips.c
+@@ -172,10 +172,6 @@ static int _rngfips_init(void **_ctx)
+ struct fips_ctx *ctx;
+ int ret;
+
+- ret = _rnd_system_entropy_init();
+- if (ret < 0)
+- return gnutls_assert_val(ret);
+-
+ ctx = gnutls_calloc(1, sizeof(*ctx));
+ if (ctx == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
+index 39b99e1..c4fbc48 100644
+--- a/lib/nettle/rnd.c
++++ b/lib/nettle/rnd.c
+@@ -218,12 +218,6 @@ static int wrap_nettle_rnd_init(void **ctx)
+ return ret;
+ }
+
+- ret = _rnd_system_entropy_init();
+- if (ret < 0) {
+- gnutls_assert();
+- return ret;
+- }
+-
+ /* initialize the main RNG */
+ yarrow256_init(&rnd_ctx.yctx, SOURCES, rnd_ctx.ysources);
+
+diff --git a/lib/random.c b/lib/random.c
+index d7f18f2..977d7aa 100644
+--- a/lib/random.c
++++ b/lib/random.c
+@@ -26,30 +26,80 @@
+ #include "gnutls_int.h"
+ #include "errors.h"
+ #include <random.h>
++#include "locks.h"
+ #include <fips.h>
+
+ void *gnutls_rnd_ctx;
++GNUTLS_STATIC_MUTEX(gnutls_rnd_init_mutex);
+
+-int _gnutls_rnd_init(void)
++#ifdef HAVE_STDATOMIC_H
++static atomic_uint rnd_initialized = 0;
++
++inline static int _gnutls_rnd_init(void)
++{
++ if (unlikely(!rnd_initialized)) {
++ if (_gnutls_rnd_ops.init == NULL) {
++ rnd_initialized = 1;
++ return 0;
++ }
++
++ GNUTLS_STATIC_MUTEX_LOCK(gnutls_rnd_init_mutex);
++ if (!rnd_initialized) {
++ if (_gnutls_rnd_ops.init(&gnutls_rnd_ctx) < 0) {
++ gnutls_assert();
++ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex);
++ return GNUTLS_E_RANDOM_FAILED;
++ }
++ rnd_initialized = 1;
++ }
++ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex);
++ }
++ return 0;
++}
++#else
++static unsigned rnd_initialized = 0;
++
++inline static int _gnutls_rnd_init(void)
++{
++ GNUTLS_STATIC_MUTEX_LOCK(gnutls_rnd_init_mutex);
++ if (unlikely(!rnd_initialized)) {
++ if (_gnutls_rnd_ops.init == NULL) {
++ rnd_initialized = 1;
++ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex);
++ return 0;
++ }
++
++ if (_gnutls_rnd_ops.init(&gnutls_rnd_ctx) < 0) {
++ gnutls_assert();
++ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex);
++ return GNUTLS_E_RANDOM_FAILED;
++ }
++ rnd_initialized = 1;
++ }
++ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex);
++ return 0;
++}
++#endif
++
++int _gnutls_rnd_preinit(void)
+ {
++ int ret;
++
+ #ifdef ENABLE_FIPS140
+ /* The FIPS140 random generator is only enabled when we are compiled
+ * with FIPS support, _and_ the system requires FIPS140.
+ */
+ if (_gnutls_fips_mode_enabled() == 1) {
+- int ret;
+-
+ ret = gnutls_crypto_rnd_register(100, &_gnutls_fips_rnd_ops);
+ if (ret < 0)
+ return ret;
+ }
+ #endif
+
+- if (_gnutls_rnd_ops.init != NULL) {
+- if (_gnutls_rnd_ops.init(&gnutls_rnd_ctx) < 0) {
+- gnutls_assert();
+- return GNUTLS_E_RANDOM_FAILED;
+- }
++ ret = _rnd_system_entropy_init();
++ if (ret < 0) {
++ gnutls_assert();
++ return GNUTLS_E_RANDOM_FAILED;
+ }
+
+ return 0;
+@@ -57,9 +107,12 @@ int _gnutls_rnd_init(void)
+
+ void _gnutls_rnd_deinit(void)
+ {
+- if (_gnutls_rnd_ops.deinit != NULL) {
++ if (rnd_initialized && _gnutls_rnd_ops.deinit != NULL) {
+ _gnutls_rnd_ops.deinit(gnutls_rnd_ctx);
+ }
++ rnd_initialized = 0;
++
++ _rnd_system_entropy_deinit();
+
+ return;
+ }
+@@ -81,8 +134,17 @@ void _gnutls_rnd_deinit(void)
+ **/
+ int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
+ {
++ int ret;
+ FAIL_IF_LIB_ERROR;
+- return _gnutls_rnd(level, data, len);
++
++ if (unlikely((ret=_gnutls_rnd_init()) < 0))
++ return gnutls_assert_val(ret);
++
++ if (likely(len > 0)) {
++ return _gnutls_rnd_ops.rnd(gnutls_rnd_ctx, level, data,
++ len);
++ }
++ return 0;
+ }
+
+ /**
+@@ -98,5 +160,6 @@ int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
+ **/
+ void gnutls_rnd_refresh(void)
+ {
+- _gnutls_rnd_refresh();
++ if (rnd_initialized && _gnutls_rnd_ops.rnd_refresh)
++ _gnutls_rnd_ops.rnd_refresh(gnutls_rnd_ctx);
+ }
+diff --git a/lib/random.h b/lib/random.h
+index 1538ec8..2ef7bc4 100644
+--- a/lib/random.h
++++ b/lib/random.h
+@@ -31,31 +31,15 @@ extern int crypto_rnd_prio;
+ extern void *gnutls_rnd_ctx;
+ extern gnutls_crypto_rnd_st _gnutls_rnd_ops;
+
+-inline static int
+-_gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
+-{
+- if (len > 0) {
+- return _gnutls_rnd_ops.rnd(gnutls_rnd_ctx, level, data,
+- len);
+- }
+- return 0;
+-}
+-
+-inline static void _gnutls_rnd_refresh(void)
+-{
+- _gnutls_rnd_ops.rnd_refresh(gnutls_rnd_ctx);
+-}
++#define _gnutls_rnd gnutls_rnd
++#define _gnutls_rnd_refresh gnutls_rnd_refresh
+
+ void _gnutls_rnd_deinit(void);
+-int _gnutls_rnd_init(void);
++int _gnutls_rnd_preinit(void);
+
+ inline static int _gnutls_rnd_check(void)
+ {
+ return _rnd_system_entropy_check();
+ }
+
+-#ifndef _WIN32
+-extern int _gnutls_urandom_fd;
+-#endif
+-
+ #endif
+--
+2.6.6
+
diff --git a/recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch b/recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch
new file mode 100644
index 0000000..f6c4f84
--- /dev/null
+++ b/recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch
@@ -0,0 +1,315 @@
+From e146eedb13d94752609553bceb13c70cb7c05a4d Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 17 Oct 2016 14:10:08 +0200
+Subject: [PATCH 3/3] deprecated _gnutls_rnd() in favor of exported
+ gnutls_rnd()
+
+Conflict:
+code from lib/x509/privkey_pkcs8.c refactored into lib/x509/pkcs7-crypt.c
+
+Upstream-Status: Backport
+
+diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c
+index 2ef2c9c..0412b04 100644
+--- a/lib/auth/psk_passwd.c
++++ b/lib/auth/psk_passwd.c
+@@ -94,7 +94,7 @@ static int _randomize_psk(gnutls_datum_t * psk)
+
+ psk->size = 16;
+
+- ret = _gnutls_rnd(GNUTLS_RND_NONCE, (char *) psk->data, 16);
++ ret = gnutls_rnd(GNUTLS_RND_NONCE, (char *) psk->data, 16);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
+index 505fbee..b54d415 100644
+--- a/lib/auth/rsa.c
++++ b/lib/auth/rsa.c
+@@ -178,7 +178,7 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
+
+ /* we do not need strong random numbers here.
+ */
+- ret = _gnutls_rnd(GNUTLS_RND_NONCE, rndkey.data,
++ ret = gnutls_rnd(GNUTLS_RND_NONCE, rndkey.data,
+ rndkey.size);
+ if (ret < 0) {
+ gnutls_assert();
+@@ -265,7 +265,7 @@ _gnutls_gen_rsa_client_kx(gnutls_session_t session,
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, session->key.key.data,
++ ret = gnutls_rnd(GNUTLS_RND_RANDOM, session->key.key.data,
+ session->key.key.size);
+ if (ret < 0) {
+ gnutls_assert();
+diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
+index a14baa1..151e88d 100644
+--- a/lib/auth/rsa_psk.c
++++ b/lib/auth/rsa_psk.c
+@@ -156,7 +156,7 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
+ }
+
+ /* Generate random */
+- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, premaster_secret.data,
++ ret = gnutls_rnd(GNUTLS_RND_RANDOM, premaster_secret.data,
+ premaster_secret.size);
+ if (ret < 0) {
+ gnutls_assert();
+@@ -370,7 +370,7 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
+
+ /* we do not need strong random numbers here.
+ */
+- ret = _gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
++ ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
+ premaster_secret.size);
+ if (ret < 0) {
+ gnutls_assert();
+diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c
+index 4e00f88..8ebcdfa 100644
+--- a/lib/auth/srp_passwd.c
++++ b/lib/auth/srp_passwd.c
+@@ -400,7 +400,7 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry,
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, entry->v.data, 20);
++ ret = gnutls_rnd(GNUTLS_RND_RANDOM, entry->v.data, 20);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+diff --git a/lib/cipher.c b/lib/cipher.c
+index 50096df..73e18ad 100644
+--- a/lib/cipher.c
++++ b/lib/cipher.c
+@@ -323,9 +323,9 @@ compressed_to_ciphertext(gnutls_session_t session,
+ /* Calculate the encrypted length (padding etc.)
+ */
+ if (algo_type == CIPHER_BLOCK) {
+- /* Call _gnutls_rnd() once. Get data used for the IV
++ /* Call gnutls_rnd() once. Get data used for the IV
+ */
+- ret = _gnutls_rnd(GNUTLS_RND_NONCE, nonce, blocksize);
++ ret = gnutls_rnd(GNUTLS_RND_NONCE, nonce, blocksize);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+diff --git a/lib/crypto-api.c b/lib/crypto-api.c
+index 7d3d5ed..71bf935 100644
+--- a/lib/crypto-api.c
++++ b/lib/crypto-api.c
+@@ -608,7 +608,7 @@ int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size)
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, key->data, key->size);
++ ret = gnutls_rnd(GNUTLS_RND_RANDOM, key->data, key->size);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_free_datum(key);
+diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c
+index 180d59a..26a0928 100644
+--- a/lib/ext/heartbeat.c
++++ b/lib/ext/heartbeat.c
+@@ -194,7 +194,7 @@ gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
+ return gnutls_assert_val(ret);
+
+ ret =
+- _gnutls_rnd(GNUTLS_RND_NONCE,
++ gnutls_rnd(GNUTLS_RND_NONCE,
+ session->internals.hb_local_data.data,
+ data_size);
+ if (ret < 0)
+diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
+index 5a957f0..feb6507 100644
+--- a/lib/ext/session_ticket.c
++++ b/lib/ext/session_ticket.c
+@@ -234,7 +234,7 @@ encrypt_ticket(gnutls_session_t session, session_ticket_ext_st * priv,
+
+ t = gnutls_time(0);
+ memcpy(iv, &t, 4);
+- ret = _gnutls_rnd(GNUTLS_RND_NONCE, iv+4, IV_SIZE-4);
++ ret = gnutls_rnd(GNUTLS_RND_NONCE, iv+4, IV_SIZE-4);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+diff --git a/lib/handshake.c b/lib/handshake.c
+index 7dccae6..f8d7b2d 100644
+--- a/lib/handshake.c
++++ b/lib/handshake.c
+@@ -204,7 +204,7 @@ static int create_tls_random(uint8_t * dst)
+ _gnutls_write_uint32(tim, dst);
+
+ ret =
+- _gnutls_rnd(GNUTLS_RND_NONCE, &dst[3], GNUTLS_RANDOM_SIZE - 3);
++ gnutls_rnd(GNUTLS_RND_NONCE, &dst[3], GNUTLS_RANDOM_SIZE - 3);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+@@ -3349,7 +3349,7 @@ int _gnutls_generate_session_id(uint8_t * session_id, uint8_t * len)
+ *len = GNUTLS_MAX_SESSION_ID_SIZE;
+
+ ret =
+- _gnutls_rnd(GNUTLS_RND_NONCE, session_id,
++ gnutls_rnd(GNUTLS_RND_NONCE, session_id,
+ GNUTLS_MAX_SESSION_ID_SIZE);
+ if (ret < 0) {
+ gnutls_assert();
+diff --git a/lib/mpi.c b/lib/mpi.c
+index 828a0b8..491a8ef 100644
+--- a/lib/mpi.c
++++ b/lib/mpi.c
+@@ -60,7 +60,7 @@ _gnutls_mpi_random_modp(bigint_t r, bigint_t p,
+ buf_release = 1;
+ }
+
+- ret = _gnutls_rnd(level, buf, size);
++ ret = gnutls_rnd(level, buf, size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
+index b41ebfb..34688d2 100644
+--- a/lib/nettle/pk.c
++++ b/lib/nettle/pk.c
+@@ -54,7 +54,7 @@ static inline const struct ecc_curve *get_supported_nist_curve(int curve);
+
+ static void rnd_func(void *_ctx, size_t length, uint8_t * data)
+ {
+- if (_gnutls_rnd(GNUTLS_RND_RANDOM, data, length) < 0) {
++ if (gnutls_rnd(GNUTLS_RND_RANDOM, data, length) < 0) {
+ #ifdef ENABLE_FIPS140
+ _gnutls_switch_lib_state(LIB_STATE_ERROR);
+ #else
+@@ -1454,7 +1454,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
+ goto fail;
+ }
+
+- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, params->raw_priv.data, size);
++ ret = gnutls_rnd(GNUTLS_RND_RANDOM, params->raw_priv.data, size);
+ if (ret < 0) {
+ ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+ goto fail;
+diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c
+index 391bd09..7c41168 100644
+--- a/lib/opencdk/misc.c
++++ b/lib/opencdk/misc.c
+@@ -161,7 +161,7 @@ FILE *_cdk_tmpfile(void)
+ FILE *fp;
+ int fd, i;
+
+- _gnutls_rnd(GNUTLS_RND_NONCE, rnd, DIM(rnd));
++ gnutls_rnd(GNUTLS_RND_NONCE, rnd, DIM(rnd));
+ for (i = 0; i < DIM(rnd) - 1; i++) {
+ char c = letters[(unsigned char) rnd[i] % 26];
+ rnd[i] = c;
+diff --git a/lib/pkcs11_secret.c b/lib/pkcs11_secret.c
+index aa3e5ce..b9a8854 100644
+--- a/lib/pkcs11_secret.c
++++ b/lib/pkcs11_secret.c
+@@ -72,7 +72,7 @@ gnutls_pkcs11_copy_secret_key(const char *token_url, gnutls_datum_t * key,
+ }
+
+ /* generate a unique ID */
+- ret = _gnutls_rnd(GNUTLS_RND_NONCE, id, sizeof(id));
++ ret = gnutls_rnd(GNUTLS_RND_NONCE, id, sizeof(id));
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+diff --git a/lib/random.h b/lib/random.h
+index 2ef7bc4..e89efb9 100644
+--- a/lib/random.h
++++ b/lib/random.h
+@@ -31,9 +31,6 @@ extern int crypto_rnd_prio;
+ extern void *gnutls_rnd_ctx;
+ extern gnutls_crypto_rnd_st _gnutls_rnd_ops;
+
+-#define _gnutls_rnd gnutls_rnd
+-#define _gnutls_rnd_refresh gnutls_rnd_refresh
+-
+ void _gnutls_rnd_deinit(void);
+ int _gnutls_rnd_preinit(void);
+
+diff --git a/lib/srp.c b/lib/srp.c
+index 655b4a3..6d111e5 100644
+--- a/lib/srp.c
++++ b/lib/srp.c
+@@ -532,7 +532,7 @@ gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t *
+ goto cleanup;
+ }
+
+- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, (*sc)->fake_salt_seed.data,
++ ret = gnutls_rnd(GNUTLS_RND_RANDOM, (*sc)->fake_salt_seed.data,
+ DEFAULT_FAKE_SALT_SEED_SIZE);
+
+ if (ret < 0) {
+diff --git a/lib/tpm.c b/lib/tpm.c
+index 4ec9a95..5f4c851 100644
+--- a/lib/tpm.c
++++ b/lib/tpm.c
+@@ -768,7 +768,7 @@ static int randomize_uuid(TSS_UUID * uuid)
+ uint8_t raw_uuid[16];
+ int ret;
+
+- ret = _gnutls_rnd(GNUTLS_RND_NONCE, raw_uuid, sizeof(raw_uuid));
++ ret = gnutls_rnd(GNUTLS_RND_NONCE, raw_uuid, sizeof(raw_uuid));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+@@ -1391,7 +1391,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
+ }
+
+
+- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
++ ret = gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
+ if (ret < 0) {
+ gnutls_assert();
+ goto err_cc;
+diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
+index e39dcde..b3bd287 100644
+--- a/lib/x509/pkcs12.c
++++ b/lib/x509/pkcs12.c
+@@ -880,7 +880,7 @@ int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, gnutls_mac_algorithm_t m
+
+ /* Generate the salt.
+ */
+- result = _gnutls_rnd(GNUTLS_RND_NONCE, salt, sizeof(salt));
++ result = gnutls_rnd(GNUTLS_RND_NONCE, salt, sizeof(salt));
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
+index f84d913..acacc91 100644
+--- a/lib/x509/privkey_pkcs8.c
++++ b/lib/x509/privkey_pkcs8.c
+@@ -2094,7 +2094,7 @@ generate_key(schema_id schema,
+ if (password)
+ pass_len = strlen(password);
+
+- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, rnd, 2);
++ ret = gnutls_rnd(GNUTLS_RND_RANDOM, rnd, 2);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+@@ -2116,7 +2116,7 @@ generate_key(schema_id schema,
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, kdf_params->salt,
++ ret = gnutls_rnd(GNUTLS_RND_RANDOM, kdf_params->salt,
+ kdf_params->salt_size);
+ if (ret < 0) {
+ gnutls_assert();
+@@ -2145,7 +2145,7 @@ generate_key(schema_id schema,
+ kdf_params->key_size, key->data);
+
+ if (enc_params->iv_size) {
+- ret = _gnutls_rnd(GNUTLS_RND_NONCE,
++ ret = gnutls_rnd(GNUTLS_RND_NONCE,
+ enc_params->iv,
+ enc_params->iv_size);
+ if (ret < 0) {
+--
+2.6.6
+
diff --git a/recipes-support/gnutls/gnutls_3.5.3.bbappend b/recipes-support/gnutls/gnutls_3.5.3.bbappend
new file mode 100644
index 0000000..99ff422
--- /dev/null
+++ b/recipes-support/gnutls/gnutls_3.5.3.bbappend
@@ -0,0 +1,8 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-${PV}:"
+
+# Backport commits in 3.5.6
+# https://bugzilla.redhat.com/show_bug.cgi?id=1387141
+SRC_URI_append = "file://0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch \
+ file://0002-rng-split-initialization-in-preinit-and-init.patch \
+ file://0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch \
+" \ No newline at end of file