summaryrefslogtreecommitdiff
path: root/recipes-support
diff options
context:
space:
mode:
authorMax Krummenacher <max.krummenacher@toradex.com>2017-02-17 14:22:04 +0100
committerMarcel Ziswiler <marcel.ziswiler@toradex.com>2017-12-22 15:37:01 +0100
commita412758a4482552c15bb662ef95a8c9e7aa0b813 (patch)
tree13cd6e775c2c1cf55d7876376cf6f91478b02168 /recipes-support
parent9113c40373bd3a865aa947d032a8b82cbd1021c2 (diff)
gnutls: remove backported patches no longer needed
The patches are part of gnutls 3.5.7 Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com> Acked-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Diffstat (limited to 'recipes-support')
-rw-r--r--recipes-support/gnutls/files/libpthreadhack.patch34
-rw-r--r--recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch105
-rw-r--r--recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch261
-rw-r--r--recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch315
-rw-r--r--recipes-support/gnutls/gnutls_3.5.3.bbappend8
5 files changed, 0 insertions, 723 deletions
diff --git a/recipes-support/gnutls/files/libpthreadhack.patch b/recipes-support/gnutls/files/libpthreadhack.patch
deleted file mode 100644
index 0086a3a..0000000
--- a/recipes-support/gnutls/files/libpthreadhack.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-diff -Naur gnutls-2.12.23.orig/lib/configure.ac gnutls-2.12.23/lib/configure.ac
---- gnutls-2.12.23.orig/lib/configure.ac 2014-08-01 19:01:35.243966651 +0200
-+++ gnutls-2.12.23/lib/configure.ac 2014-08-01 19:01:49.398773492 +0200
-@@ -124,7 +124,18 @@
- lgl_INIT
-
- AC_CHECK_FUNCS(getrusage,,)
--AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock (0);])
-+
-+#hack: the cross compile here thinks libpthread is not available.
-+#AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock (0);])
-+HAVE_LIBPTHREAD=yes
-+LIBPTHREAD=-lpthread
-+LTLIBPTHREAD=-lpthread
-+LIBPTHREAD_PREFIX=/mnt/sdc2/oe-disk/oe-core_V2.3/build/out-eglibc/sysroots/colibri-t30/usr
-+AC_DEFINE([HAVE_LIBPTHREAD], 1, [Define if you have the $1 library.])
-+AC_SUBST([HAVE_LIBPTHREAD])
-+AC_SUBST([LIBPTHREAD])
-+AC_SUBST([LTLIBPTHREAD])
-+AC_SUBST([LIBPTHREAD_PREFIX])
-
- LIBGNUTLS_LIBS="-lgnutls $LIBS"
- LIBGNUTLS_CFLAGS=""
-diff -Naur gnutls-2.12.23.orig/lib/gnutls_int.h gnutls-2.12.23/lib/gnutls_int.h
---- gnutls-2.12.23.orig/lib/gnutls_int.h 2012-11-08 17:11:15.000000000 +0100
-+++ gnutls-2.12.23/lib/gnutls_int.h 2014-08-01 20:58:48.406146057 +0200
-@@ -28,6 +28,7 @@
-
- #ifdef HAVE_CONFIG_H
- #include <config.h>
-+#include "config.h"
- #endif
-
- #include <stddef.h>
diff --git a/recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch b/recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch
deleted file mode 100644
index 91251cf..0000000
--- a/recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From 4d49e06e8850ed3ffb89f6856555a2435962fedd Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Mon, 31 Oct 2016 11:40:12 +0100
-Subject: [PATCH 1/3] _gnutls_rnd_check: call _rnd_system_entropy_check
- directly
-
-Upstream-Status: Backport
-
-diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
-index 3d979d8..6f4b743 100644
---- a/lib/crypto-backend.h
-+++ b/lib/crypto-backend.h
-@@ -73,8 +73,7 @@ typedef struct {
- } gnutls_crypto_digest_st;
-
- typedef struct gnutls_crypto_rnd {
-- int (*init) (void **ctx);
-- int (*check) (void **ctx);
-+ int (*init) (void **ctx); /* called prior to first usage of randomness */
- int (*rnd) (void *ctx, int level, void *data, size_t datasize);
- void (*rnd_refresh) (void *ctx);
- void (*deinit) (void *ctx);
-diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c
-index ef64649..59795a9 100644
---- a/lib/nettle/rnd-fips.c
-+++ b/lib/nettle/rnd-fips.c
-@@ -226,15 +226,6 @@ static void _rngfips_deinit(void *_ctx)
- free(ctx);
- }
-
--/* This is called when gnutls_global_init() is called for second time.
-- * It must check whether any resources are still available.
-- * The particular problem it solves is to verify that the urandom fd is still
-- * open (for applications that for some reason closed all fds */
--static int _rndfips_check(void **ctx)
--{
-- return _rnd_system_entropy_check();
--}
--
- static void _rngfips_refresh(void *_ctx)
- {
- /* this is predictable RNG. Don't refresh */
-@@ -260,7 +251,6 @@ static int selftest_kat(void)
-
- gnutls_crypto_rnd_st _gnutls_fips_rnd_ops = {
- .init = _rngfips_init,
-- .check = _rndfips_check,
- .deinit = _rngfips_deinit,
- .rnd = _rngfips_rnd,
- .rnd_refresh = _rngfips_refresh,
-diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
-index 8a5a762..39b99e1 100644
---- a/lib/nettle/rnd.c
-+++ b/lib/nettle/rnd.c
-@@ -257,15 +257,6 @@ static int wrap_nettle_rnd_init(void **ctx)
- return 0;
- }
-
--/* This is called when gnutls_global_init() is called for second time.
-- * It must check whether any resources are still available.
-- * The particular problem it solves is to verify that the urandom fd is still
-- * open (for applications that for some reason closed all fds */
--static int wrap_nettle_rnd_check(void **ctx)
--{
-- return _rnd_system_entropy_check();
--}
--
- static int
- wrap_nettle_rnd_nonce(void *_ctx, void *data, size_t datasize)
- {
-@@ -373,7 +364,6 @@ int crypto_rnd_prio = INT_MAX;
-
- gnutls_crypto_rnd_st _gnutls_rnd_ops = {
- .init = wrap_nettle_rnd_init,
-- .check = wrap_nettle_rnd_check,
- .deinit = wrap_nettle_rnd_deinit,
- .rnd = wrap_nettle_rnd,
- .rnd_refresh = wrap_nettle_rnd_refresh,
-diff --git a/lib/random.h b/lib/random.h
-index 59e3f3c..1538ec8 100644
---- a/lib/random.h
-+++ b/lib/random.h
-@@ -25,6 +25,7 @@
-
- #include <gnutls/crypto.h>
- #include <crypto-backend.h>
-+#include "nettle/rnd-common.h"
-
- extern int crypto_rnd_prio;
- extern void *gnutls_rnd_ctx;
-@@ -50,10 +51,7 @@ int _gnutls_rnd_init(void);
-
- inline static int _gnutls_rnd_check(void)
- {
-- if (_gnutls_rnd_ops.check)
-- return _gnutls_rnd_ops.check(gnutls_rnd_ctx);
-- else
-- return 0;
-+ return _rnd_system_entropy_check();
- }
-
- #ifndef _WIN32
---
-2.6.6
-
diff --git a/recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch b/recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch
deleted file mode 100644
index 29bcf5f..0000000
--- a/recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch
+++ /dev/null
@@ -1,261 +0,0 @@
-From 834e8fc03cb27ae437a2044cfaf265752c3e6a26 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Fri, 14 Oct 2016 14:16:51 +0200
-Subject: [PATCH 2/3] rng: split initialization in preinit and init
-
-This makes gnutls to initialize its random generator on the
-first call to gnutls_rnd(). That prevents blocking due to
-getrandom() on a constructor; that change allows to use gnutls-linked
-applications even in early boot in systems where getrandom() blocks
-waiting for entropy.
-
-Upstream-Status: Backport
-
-diff --git a/configure.ac b/configure.ac
-index 0ba2230..f842e26 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -186,6 +186,7 @@ AM_SUBST_NOTMAKE([DEFINE_IOVEC_T])
-
- dnl Need netinet/tcp.h for TCP_FASTOPEN
- AC_CHECK_HEADERS([netinet/tcp.h])
-+AC_CHECK_HEADERS([stdatomic.h])
-
- AC_ARG_ENABLE(padlock,
- AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]),
-diff --git a/lib/global.c b/lib/global.c
-index d75cea8..bdc3c1f 100644
---- a/lib/global.c
-+++ b/lib/global.c
-@@ -304,7 +304,7 @@ static int _gnutls_global_init(unsigned constructor)
- }
-
- /* Initialize the random generator */
-- ret = _gnutls_rnd_init();
-+ ret = _gnutls_rnd_preinit();
- if (ret < 0) {
- gnutls_assert();
- goto out;
-diff --git a/lib/locks.h b/lib/locks.h
-index 5807754..b1efbb5 100644
---- a/lib/locks.h
-+++ b/lib/locks.h
-@@ -27,6 +27,10 @@
- #include "gnutls_int.h"
- #include <system.h>
-
-+#ifdef HAVE_STDATOMIC_H
-+# include <stdatomic.h>
-+#endif
-+
- extern mutex_init_func gnutls_mutex_init;
- extern mutex_deinit_func gnutls_mutex_deinit;
- extern mutex_lock_func gnutls_mutex_lock;
-diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c
-index 59795a9..0807701 100644
---- a/lib/nettle/rnd-fips.c
-+++ b/lib/nettle/rnd-fips.c
-@@ -172,10 +172,6 @@ static int _rngfips_init(void **_ctx)
- struct fips_ctx *ctx;
- int ret;
-
-- ret = _rnd_system_entropy_init();
-- if (ret < 0)
-- return gnutls_assert_val(ret);
--
- ctx = gnutls_calloc(1, sizeof(*ctx));
- if (ctx == NULL)
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
-diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
-index 39b99e1..c4fbc48 100644
---- a/lib/nettle/rnd.c
-+++ b/lib/nettle/rnd.c
-@@ -218,12 +218,6 @@ static int wrap_nettle_rnd_init(void **ctx)
- return ret;
- }
-
-- ret = _rnd_system_entropy_init();
-- if (ret < 0) {
-- gnutls_assert();
-- return ret;
-- }
--
- /* initialize the main RNG */
- yarrow256_init(&rnd_ctx.yctx, SOURCES, rnd_ctx.ysources);
-
-diff --git a/lib/random.c b/lib/random.c
-index d7f18f2..977d7aa 100644
---- a/lib/random.c
-+++ b/lib/random.c
-@@ -26,30 +26,80 @@
- #include "gnutls_int.h"
- #include "errors.h"
- #include <random.h>
-+#include "locks.h"
- #include <fips.h>
-
- void *gnutls_rnd_ctx;
-+GNUTLS_STATIC_MUTEX(gnutls_rnd_init_mutex);
-
--int _gnutls_rnd_init(void)
-+#ifdef HAVE_STDATOMIC_H
-+static atomic_uint rnd_initialized = 0;
-+
-+inline static int _gnutls_rnd_init(void)
-+{
-+ if (unlikely(!rnd_initialized)) {
-+ if (_gnutls_rnd_ops.init == NULL) {
-+ rnd_initialized = 1;
-+ return 0;
-+ }
-+
-+ GNUTLS_STATIC_MUTEX_LOCK(gnutls_rnd_init_mutex);
-+ if (!rnd_initialized) {
-+ if (_gnutls_rnd_ops.init(&gnutls_rnd_ctx) < 0) {
-+ gnutls_assert();
-+ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex);
-+ return GNUTLS_E_RANDOM_FAILED;
-+ }
-+ rnd_initialized = 1;
-+ }
-+ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex);
-+ }
-+ return 0;
-+}
-+#else
-+static unsigned rnd_initialized = 0;
-+
-+inline static int _gnutls_rnd_init(void)
-+{
-+ GNUTLS_STATIC_MUTEX_LOCK(gnutls_rnd_init_mutex);
-+ if (unlikely(!rnd_initialized)) {
-+ if (_gnutls_rnd_ops.init == NULL) {
-+ rnd_initialized = 1;
-+ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex);
-+ return 0;
-+ }
-+
-+ if (_gnutls_rnd_ops.init(&gnutls_rnd_ctx) < 0) {
-+ gnutls_assert();
-+ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex);
-+ return GNUTLS_E_RANDOM_FAILED;
-+ }
-+ rnd_initialized = 1;
-+ }
-+ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex);
-+ return 0;
-+}
-+#endif
-+
-+int _gnutls_rnd_preinit(void)
- {
-+ int ret;
-+
- #ifdef ENABLE_FIPS140
- /* The FIPS140 random generator is only enabled when we are compiled
- * with FIPS support, _and_ the system requires FIPS140.
- */
- if (_gnutls_fips_mode_enabled() == 1) {
-- int ret;
--
- ret = gnutls_crypto_rnd_register(100, &_gnutls_fips_rnd_ops);
- if (ret < 0)
- return ret;
- }
- #endif
-
-- if (_gnutls_rnd_ops.init != NULL) {
-- if (_gnutls_rnd_ops.init(&gnutls_rnd_ctx) < 0) {
-- gnutls_assert();
-- return GNUTLS_E_RANDOM_FAILED;
-- }
-+ ret = _rnd_system_entropy_init();
-+ if (ret < 0) {
-+ gnutls_assert();
-+ return GNUTLS_E_RANDOM_FAILED;
- }
-
- return 0;
-@@ -57,9 +107,12 @@ int _gnutls_rnd_init(void)
-
- void _gnutls_rnd_deinit(void)
- {
-- if (_gnutls_rnd_ops.deinit != NULL) {
-+ if (rnd_initialized && _gnutls_rnd_ops.deinit != NULL) {
- _gnutls_rnd_ops.deinit(gnutls_rnd_ctx);
- }
-+ rnd_initialized = 0;
-+
-+ _rnd_system_entropy_deinit();
-
- return;
- }
-@@ -81,8 +134,17 @@ void _gnutls_rnd_deinit(void)
- **/
- int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
- {
-+ int ret;
- FAIL_IF_LIB_ERROR;
-- return _gnutls_rnd(level, data, len);
-+
-+ if (unlikely((ret=_gnutls_rnd_init()) < 0))
-+ return gnutls_assert_val(ret);
-+
-+ if (likely(len > 0)) {
-+ return _gnutls_rnd_ops.rnd(gnutls_rnd_ctx, level, data,
-+ len);
-+ }
-+ return 0;
- }
-
- /**
-@@ -98,5 +160,6 @@ int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
- **/
- void gnutls_rnd_refresh(void)
- {
-- _gnutls_rnd_refresh();
-+ if (rnd_initialized && _gnutls_rnd_ops.rnd_refresh)
-+ _gnutls_rnd_ops.rnd_refresh(gnutls_rnd_ctx);
- }
-diff --git a/lib/random.h b/lib/random.h
-index 1538ec8..2ef7bc4 100644
---- a/lib/random.h
-+++ b/lib/random.h
-@@ -31,31 +31,15 @@ extern int crypto_rnd_prio;
- extern void *gnutls_rnd_ctx;
- extern gnutls_crypto_rnd_st _gnutls_rnd_ops;
-
--inline static int
--_gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
--{
-- if (len > 0) {
-- return _gnutls_rnd_ops.rnd(gnutls_rnd_ctx, level, data,
-- len);
-- }
-- return 0;
--}
--
--inline static void _gnutls_rnd_refresh(void)
--{
-- _gnutls_rnd_ops.rnd_refresh(gnutls_rnd_ctx);
--}
-+#define _gnutls_rnd gnutls_rnd
-+#define _gnutls_rnd_refresh gnutls_rnd_refresh
-
- void _gnutls_rnd_deinit(void);
--int _gnutls_rnd_init(void);
-+int _gnutls_rnd_preinit(void);
-
- inline static int _gnutls_rnd_check(void)
- {
- return _rnd_system_entropy_check();
- }
-
--#ifndef _WIN32
--extern int _gnutls_urandom_fd;
--#endif
--
- #endif
---
-2.6.6
-
diff --git a/recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch b/recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch
deleted file mode 100644
index f6c4f84..0000000
--- a/recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch
+++ /dev/null
@@ -1,315 +0,0 @@
-From e146eedb13d94752609553bceb13c70cb7c05a4d Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Mon, 17 Oct 2016 14:10:08 +0200
-Subject: [PATCH 3/3] deprecated _gnutls_rnd() in favor of exported
- gnutls_rnd()
-
-Conflict:
-code from lib/x509/privkey_pkcs8.c refactored into lib/x509/pkcs7-crypt.c
-
-Upstream-Status: Backport
-
-diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c
-index 2ef2c9c..0412b04 100644
---- a/lib/auth/psk_passwd.c
-+++ b/lib/auth/psk_passwd.c
-@@ -94,7 +94,7 @@ static int _randomize_psk(gnutls_datum_t * psk)
-
- psk->size = 16;
-
-- ret = _gnutls_rnd(GNUTLS_RND_NONCE, (char *) psk->data, 16);
-+ ret = gnutls_rnd(GNUTLS_RND_NONCE, (char *) psk->data, 16);
- if (ret < 0) {
- gnutls_assert();
- return ret;
-diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
-index 505fbee..b54d415 100644
---- a/lib/auth/rsa.c
-+++ b/lib/auth/rsa.c
-@@ -178,7 +178,7 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
-
- /* we do not need strong random numbers here.
- */
-- ret = _gnutls_rnd(GNUTLS_RND_NONCE, rndkey.data,
-+ ret = gnutls_rnd(GNUTLS_RND_NONCE, rndkey.data,
- rndkey.size);
- if (ret < 0) {
- gnutls_assert();
-@@ -265,7 +265,7 @@ _gnutls_gen_rsa_client_kx(gnutls_session_t session,
- return GNUTLS_E_MEMORY_ERROR;
- }
-
-- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, session->key.key.data,
-+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, session->key.key.data,
- session->key.key.size);
- if (ret < 0) {
- gnutls_assert();
-diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
-index a14baa1..151e88d 100644
---- a/lib/auth/rsa_psk.c
-+++ b/lib/auth/rsa_psk.c
-@@ -156,7 +156,7 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
- }
-
- /* Generate random */
-- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, premaster_secret.data,
-+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, premaster_secret.data,
- premaster_secret.size);
- if (ret < 0) {
- gnutls_assert();
-@@ -370,7 +370,7 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
-
- /* we do not need strong random numbers here.
- */
-- ret = _gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
-+ ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
- premaster_secret.size);
- if (ret < 0) {
- gnutls_assert();
-diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c
-index 4e00f88..8ebcdfa 100644
---- a/lib/auth/srp_passwd.c
-+++ b/lib/auth/srp_passwd.c
-@@ -400,7 +400,7 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry,
- return GNUTLS_E_MEMORY_ERROR;
- }
-
-- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, entry->v.data, 20);
-+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, entry->v.data, 20);
- if (ret < 0) {
- gnutls_assert();
- return ret;
-diff --git a/lib/cipher.c b/lib/cipher.c
-index 50096df..73e18ad 100644
---- a/lib/cipher.c
-+++ b/lib/cipher.c
-@@ -323,9 +323,9 @@ compressed_to_ciphertext(gnutls_session_t session,
- /* Calculate the encrypted length (padding etc.)
- */
- if (algo_type == CIPHER_BLOCK) {
-- /* Call _gnutls_rnd() once. Get data used for the IV
-+ /* Call gnutls_rnd() once. Get data used for the IV
- */
-- ret = _gnutls_rnd(GNUTLS_RND_NONCE, nonce, blocksize);
-+ ret = gnutls_rnd(GNUTLS_RND_NONCE, nonce, blocksize);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
-diff --git a/lib/crypto-api.c b/lib/crypto-api.c
-index 7d3d5ed..71bf935 100644
---- a/lib/crypto-api.c
-+++ b/lib/crypto-api.c
-@@ -608,7 +608,7 @@ int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size)
- return GNUTLS_E_MEMORY_ERROR;
- }
-
-- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, key->data, key->size);
-+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, key->data, key->size);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(key);
-diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c
-index 180d59a..26a0928 100644
---- a/lib/ext/heartbeat.c
-+++ b/lib/ext/heartbeat.c
-@@ -194,7 +194,7 @@ gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
- return gnutls_assert_val(ret);
-
- ret =
-- _gnutls_rnd(GNUTLS_RND_NONCE,
-+ gnutls_rnd(GNUTLS_RND_NONCE,
- session->internals.hb_local_data.data,
- data_size);
- if (ret < 0)
-diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
-index 5a957f0..feb6507 100644
---- a/lib/ext/session_ticket.c
-+++ b/lib/ext/session_ticket.c
-@@ -234,7 +234,7 @@ encrypt_ticket(gnutls_session_t session, session_ticket_ext_st * priv,
-
- t = gnutls_time(0);
- memcpy(iv, &t, 4);
-- ret = _gnutls_rnd(GNUTLS_RND_NONCE, iv+4, IV_SIZE-4);
-+ ret = gnutls_rnd(GNUTLS_RND_NONCE, iv+4, IV_SIZE-4);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
-diff --git a/lib/handshake.c b/lib/handshake.c
-index 7dccae6..f8d7b2d 100644
---- a/lib/handshake.c
-+++ b/lib/handshake.c
-@@ -204,7 +204,7 @@ static int create_tls_random(uint8_t * dst)
- _gnutls_write_uint32(tim, dst);
-
- ret =
-- _gnutls_rnd(GNUTLS_RND_NONCE, &dst[3], GNUTLS_RANDOM_SIZE - 3);
-+ gnutls_rnd(GNUTLS_RND_NONCE, &dst[3], GNUTLS_RANDOM_SIZE - 3);
- if (ret < 0) {
- gnutls_assert();
- return ret;
-@@ -3349,7 +3349,7 @@ int _gnutls_generate_session_id(uint8_t * session_id, uint8_t * len)
- *len = GNUTLS_MAX_SESSION_ID_SIZE;
-
- ret =
-- _gnutls_rnd(GNUTLS_RND_NONCE, session_id,
-+ gnutls_rnd(GNUTLS_RND_NONCE, session_id,
- GNUTLS_MAX_SESSION_ID_SIZE);
- if (ret < 0) {
- gnutls_assert();
-diff --git a/lib/mpi.c b/lib/mpi.c
-index 828a0b8..491a8ef 100644
---- a/lib/mpi.c
-+++ b/lib/mpi.c
-@@ -60,7 +60,7 @@ _gnutls_mpi_random_modp(bigint_t r, bigint_t p,
- buf_release = 1;
- }
-
-- ret = _gnutls_rnd(level, buf, size);
-+ ret = gnutls_rnd(level, buf, size);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
-diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
-index b41ebfb..34688d2 100644
---- a/lib/nettle/pk.c
-+++ b/lib/nettle/pk.c
-@@ -54,7 +54,7 @@ static inline const struct ecc_curve *get_supported_nist_curve(int curve);
-
- static void rnd_func(void *_ctx, size_t length, uint8_t * data)
- {
-- if (_gnutls_rnd(GNUTLS_RND_RANDOM, data, length) < 0) {
-+ if (gnutls_rnd(GNUTLS_RND_RANDOM, data, length) < 0) {
- #ifdef ENABLE_FIPS140
- _gnutls_switch_lib_state(LIB_STATE_ERROR);
- #else
-@@ -1454,7 +1454,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
- goto fail;
- }
-
-- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, params->raw_priv.data, size);
-+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, params->raw_priv.data, size);
- if (ret < 0) {
- ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- goto fail;
-diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c
-index 391bd09..7c41168 100644
---- a/lib/opencdk/misc.c
-+++ b/lib/opencdk/misc.c
-@@ -161,7 +161,7 @@ FILE *_cdk_tmpfile(void)
- FILE *fp;
- int fd, i;
-
-- _gnutls_rnd(GNUTLS_RND_NONCE, rnd, DIM(rnd));
-+ gnutls_rnd(GNUTLS_RND_NONCE, rnd, DIM(rnd));
- for (i = 0; i < DIM(rnd) - 1; i++) {
- char c = letters[(unsigned char) rnd[i] % 26];
- rnd[i] = c;
-diff --git a/lib/pkcs11_secret.c b/lib/pkcs11_secret.c
-index aa3e5ce..b9a8854 100644
---- a/lib/pkcs11_secret.c
-+++ b/lib/pkcs11_secret.c
-@@ -72,7 +72,7 @@ gnutls_pkcs11_copy_secret_key(const char *token_url, gnutls_datum_t * key,
- }
-
- /* generate a unique ID */
-- ret = _gnutls_rnd(GNUTLS_RND_NONCE, id, sizeof(id));
-+ ret = gnutls_rnd(GNUTLS_RND_NONCE, id, sizeof(id));
- if (ret < 0) {
- gnutls_assert();
- return ret;
-diff --git a/lib/random.h b/lib/random.h
-index 2ef7bc4..e89efb9 100644
---- a/lib/random.h
-+++ b/lib/random.h
-@@ -31,9 +31,6 @@ extern int crypto_rnd_prio;
- extern void *gnutls_rnd_ctx;
- extern gnutls_crypto_rnd_st _gnutls_rnd_ops;
-
--#define _gnutls_rnd gnutls_rnd
--#define _gnutls_rnd_refresh gnutls_rnd_refresh
--
- void _gnutls_rnd_deinit(void);
- int _gnutls_rnd_preinit(void);
-
-diff --git a/lib/srp.c b/lib/srp.c
-index 655b4a3..6d111e5 100644
---- a/lib/srp.c
-+++ b/lib/srp.c
-@@ -532,7 +532,7 @@ gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t *
- goto cleanup;
- }
-
-- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, (*sc)->fake_salt_seed.data,
-+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, (*sc)->fake_salt_seed.data,
- DEFAULT_FAKE_SALT_SEED_SIZE);
-
- if (ret < 0) {
-diff --git a/lib/tpm.c b/lib/tpm.c
-index 4ec9a95..5f4c851 100644
---- a/lib/tpm.c
-+++ b/lib/tpm.c
-@@ -768,7 +768,7 @@ static int randomize_uuid(TSS_UUID * uuid)
- uint8_t raw_uuid[16];
- int ret;
-
-- ret = _gnutls_rnd(GNUTLS_RND_NONCE, raw_uuid, sizeof(raw_uuid));
-+ ret = gnutls_rnd(GNUTLS_RND_NONCE, raw_uuid, sizeof(raw_uuid));
- if (ret < 0)
- return gnutls_assert_val(ret);
-
-@@ -1391,7 +1391,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
- }
-
-
-- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
-+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
- if (ret < 0) {
- gnutls_assert();
- goto err_cc;
-diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
-index e39dcde..b3bd287 100644
---- a/lib/x509/pkcs12.c
-+++ b/lib/x509/pkcs12.c
-@@ -880,7 +880,7 @@ int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, gnutls_mac_algorithm_t m
-
- /* Generate the salt.
- */
-- result = _gnutls_rnd(GNUTLS_RND_NONCE, salt, sizeof(salt));
-+ result = gnutls_rnd(GNUTLS_RND_NONCE, salt, sizeof(salt));
- if (result < 0) {
- gnutls_assert();
- return result;
-diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
-index f84d913..acacc91 100644
---- a/lib/x509/privkey_pkcs8.c
-+++ b/lib/x509/privkey_pkcs8.c
-@@ -2094,7 +2094,7 @@ generate_key(schema_id schema,
- if (password)
- pass_len = strlen(password);
-
-- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, rnd, 2);
-+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, rnd, 2);
- if (ret < 0) {
- gnutls_assert();
- return ret;
-@@ -2116,7 +2116,7 @@ generate_key(schema_id schema,
- return GNUTLS_E_INVALID_REQUEST;
- }
-
-- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, kdf_params->salt,
-+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, kdf_params->salt,
- kdf_params->salt_size);
- if (ret < 0) {
- gnutls_assert();
-@@ -2145,7 +2145,7 @@ generate_key(schema_id schema,
- kdf_params->key_size, key->data);
-
- if (enc_params->iv_size) {
-- ret = _gnutls_rnd(GNUTLS_RND_NONCE,
-+ ret = gnutls_rnd(GNUTLS_RND_NONCE,
- enc_params->iv,
- enc_params->iv_size);
- if (ret < 0) {
---
-2.6.6
-
diff --git a/recipes-support/gnutls/gnutls_3.5.3.bbappend b/recipes-support/gnutls/gnutls_3.5.3.bbappend
deleted file mode 100644
index 99ff422..0000000
--- a/recipes-support/gnutls/gnutls_3.5.3.bbappend
+++ /dev/null
@@ -1,8 +0,0 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-${PV}:"
-
-# Backport commits in 3.5.6
-# https://bugzilla.redhat.com/show_bug.cgi?id=1387141
-SRC_URI_append = "file://0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch \
- file://0002-rng-split-initialization-in-preinit-and-init.patch \
- file://0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch \
-" \ No newline at end of file