From a412758a4482552c15bb662ef95a8c9e7aa0b813 Mon Sep 17 00:00:00 2001 From: Max Krummenacher Date: Fri, 17 Feb 2017 14:22:04 +0100 Subject: gnutls: remove backported patches no longer needed The patches are part of gnutls 3.5.7 Signed-off-by: Max Krummenacher Acked-by: Marcel Ziswiler --- recipes-support/gnutls/files/libpthreadhack.patch | 34 --- ..._check-call-_rnd_system_entropy_check-dir.patch | 105 ------- ...-split-initialization-in-preinit-and-init.patch | 261 ----------------- ..._gnutls_rnd-in-favor-of-exported-gnutls_r.patch | 315 --------------------- recipes-support/gnutls/gnutls_3.5.3.bbappend | 8 - 5 files changed, 723 deletions(-) delete mode 100644 recipes-support/gnutls/files/libpthreadhack.patch delete mode 100644 recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch delete mode 100644 recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch delete mode 100644 recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch delete mode 100644 recipes-support/gnutls/gnutls_3.5.3.bbappend (limited to 'recipes-support') diff --git a/recipes-support/gnutls/files/libpthreadhack.patch b/recipes-support/gnutls/files/libpthreadhack.patch deleted file mode 100644 index 0086a3a..0000000 --- a/recipes-support/gnutls/files/libpthreadhack.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff -Naur gnutls-2.12.23.orig/lib/configure.ac gnutls-2.12.23/lib/configure.ac ---- gnutls-2.12.23.orig/lib/configure.ac 2014-08-01 19:01:35.243966651 +0200 -+++ gnutls-2.12.23/lib/configure.ac 2014-08-01 19:01:49.398773492 +0200 -@@ -124,7 +124,18 @@ - lgl_INIT - - AC_CHECK_FUNCS(getrusage,,) --AC_LIB_HAVE_LINKFLAGS(pthread,, [#include ], [pthread_mutex_lock (0);]) -+ -+#hack: the cross compile here thinks libpthread is not available. -+#AC_LIB_HAVE_LINKFLAGS(pthread,, [#include ], [pthread_mutex_lock (0);]) -+HAVE_LIBPTHREAD=yes -+LIBPTHREAD=-lpthread -+LTLIBPTHREAD=-lpthread -+LIBPTHREAD_PREFIX=/mnt/sdc2/oe-disk/oe-core_V2.3/build/out-eglibc/sysroots/colibri-t30/usr -+AC_DEFINE([HAVE_LIBPTHREAD], 1, [Define if you have the $1 library.]) -+AC_SUBST([HAVE_LIBPTHREAD]) -+AC_SUBST([LIBPTHREAD]) -+AC_SUBST([LTLIBPTHREAD]) -+AC_SUBST([LIBPTHREAD_PREFIX]) - - LIBGNUTLS_LIBS="-lgnutls $LIBS" - LIBGNUTLS_CFLAGS="" -diff -Naur gnutls-2.12.23.orig/lib/gnutls_int.h gnutls-2.12.23/lib/gnutls_int.h ---- gnutls-2.12.23.orig/lib/gnutls_int.h 2012-11-08 17:11:15.000000000 +0100 -+++ gnutls-2.12.23/lib/gnutls_int.h 2014-08-01 20:58:48.406146057 +0200 -@@ -28,6 +28,7 @@ - - #ifdef HAVE_CONFIG_H - #include -+#include "config.h" - #endif - - #include diff --git a/recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch b/recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch deleted file mode 100644 index 91251cf..0000000 --- a/recipes-support/gnutls/gnutls-3.5.3/0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 4d49e06e8850ed3ffb89f6856555a2435962fedd Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Mon, 31 Oct 2016 11:40:12 +0100 -Subject: [PATCH 1/3] _gnutls_rnd_check: call _rnd_system_entropy_check - directly - -Upstream-Status: Backport - -diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h -index 3d979d8..6f4b743 100644 ---- a/lib/crypto-backend.h -+++ b/lib/crypto-backend.h -@@ -73,8 +73,7 @@ typedef struct { - } gnutls_crypto_digest_st; - - typedef struct gnutls_crypto_rnd { -- int (*init) (void **ctx); -- int (*check) (void **ctx); -+ int (*init) (void **ctx); /* called prior to first usage of randomness */ - int (*rnd) (void *ctx, int level, void *data, size_t datasize); - void (*rnd_refresh) (void *ctx); - void (*deinit) (void *ctx); -diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c -index ef64649..59795a9 100644 ---- a/lib/nettle/rnd-fips.c -+++ b/lib/nettle/rnd-fips.c -@@ -226,15 +226,6 @@ static void _rngfips_deinit(void *_ctx) - free(ctx); - } - --/* This is called when gnutls_global_init() is called for second time. -- * It must check whether any resources are still available. -- * The particular problem it solves is to verify that the urandom fd is still -- * open (for applications that for some reason closed all fds */ --static int _rndfips_check(void **ctx) --{ -- return _rnd_system_entropy_check(); --} -- - static void _rngfips_refresh(void *_ctx) - { - /* this is predictable RNG. Don't refresh */ -@@ -260,7 +251,6 @@ static int selftest_kat(void) - - gnutls_crypto_rnd_st _gnutls_fips_rnd_ops = { - .init = _rngfips_init, -- .check = _rndfips_check, - .deinit = _rngfips_deinit, - .rnd = _rngfips_rnd, - .rnd_refresh = _rngfips_refresh, -diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c -index 8a5a762..39b99e1 100644 ---- a/lib/nettle/rnd.c -+++ b/lib/nettle/rnd.c -@@ -257,15 +257,6 @@ static int wrap_nettle_rnd_init(void **ctx) - return 0; - } - --/* This is called when gnutls_global_init() is called for second time. -- * It must check whether any resources are still available. -- * The particular problem it solves is to verify that the urandom fd is still -- * open (for applications that for some reason closed all fds */ --static int wrap_nettle_rnd_check(void **ctx) --{ -- return _rnd_system_entropy_check(); --} -- - static int - wrap_nettle_rnd_nonce(void *_ctx, void *data, size_t datasize) - { -@@ -373,7 +364,6 @@ int crypto_rnd_prio = INT_MAX; - - gnutls_crypto_rnd_st _gnutls_rnd_ops = { - .init = wrap_nettle_rnd_init, -- .check = wrap_nettle_rnd_check, - .deinit = wrap_nettle_rnd_deinit, - .rnd = wrap_nettle_rnd, - .rnd_refresh = wrap_nettle_rnd_refresh, -diff --git a/lib/random.h b/lib/random.h -index 59e3f3c..1538ec8 100644 ---- a/lib/random.h -+++ b/lib/random.h -@@ -25,6 +25,7 @@ - - #include - #include -+#include "nettle/rnd-common.h" - - extern int crypto_rnd_prio; - extern void *gnutls_rnd_ctx; -@@ -50,10 +51,7 @@ int _gnutls_rnd_init(void); - - inline static int _gnutls_rnd_check(void) - { -- if (_gnutls_rnd_ops.check) -- return _gnutls_rnd_ops.check(gnutls_rnd_ctx); -- else -- return 0; -+ return _rnd_system_entropy_check(); - } - - #ifndef _WIN32 --- -2.6.6 - diff --git a/recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch b/recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch deleted file mode 100644 index 29bcf5f..0000000 --- a/recipes-support/gnutls/gnutls-3.5.3/0002-rng-split-initialization-in-preinit-and-init.patch +++ /dev/null @@ -1,261 +0,0 @@ -From 834e8fc03cb27ae437a2044cfaf265752c3e6a26 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Fri, 14 Oct 2016 14:16:51 +0200 -Subject: [PATCH 2/3] rng: split initialization in preinit and init - -This makes gnutls to initialize its random generator on the -first call to gnutls_rnd(). That prevents blocking due to -getrandom() on a constructor; that change allows to use gnutls-linked -applications even in early boot in systems where getrandom() blocks -waiting for entropy. - -Upstream-Status: Backport - -diff --git a/configure.ac b/configure.ac -index 0ba2230..f842e26 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -186,6 +186,7 @@ AM_SUBST_NOTMAKE([DEFINE_IOVEC_T]) - - dnl Need netinet/tcp.h for TCP_FASTOPEN - AC_CHECK_HEADERS([netinet/tcp.h]) -+AC_CHECK_HEADERS([stdatomic.h]) - - AC_ARG_ENABLE(padlock, - AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]), -diff --git a/lib/global.c b/lib/global.c -index d75cea8..bdc3c1f 100644 ---- a/lib/global.c -+++ b/lib/global.c -@@ -304,7 +304,7 @@ static int _gnutls_global_init(unsigned constructor) - } - - /* Initialize the random generator */ -- ret = _gnutls_rnd_init(); -+ ret = _gnutls_rnd_preinit(); - if (ret < 0) { - gnutls_assert(); - goto out; -diff --git a/lib/locks.h b/lib/locks.h -index 5807754..b1efbb5 100644 ---- a/lib/locks.h -+++ b/lib/locks.h -@@ -27,6 +27,10 @@ - #include "gnutls_int.h" - #include - -+#ifdef HAVE_STDATOMIC_H -+# include -+#endif -+ - extern mutex_init_func gnutls_mutex_init; - extern mutex_deinit_func gnutls_mutex_deinit; - extern mutex_lock_func gnutls_mutex_lock; -diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c -index 59795a9..0807701 100644 ---- a/lib/nettle/rnd-fips.c -+++ b/lib/nettle/rnd-fips.c -@@ -172,10 +172,6 @@ static int _rngfips_init(void **_ctx) - struct fips_ctx *ctx; - int ret; - -- ret = _rnd_system_entropy_init(); -- if (ret < 0) -- return gnutls_assert_val(ret); -- - ctx = gnutls_calloc(1, sizeof(*ctx)); - if (ctx == NULL) - return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); -diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c -index 39b99e1..c4fbc48 100644 ---- a/lib/nettle/rnd.c -+++ b/lib/nettle/rnd.c -@@ -218,12 +218,6 @@ static int wrap_nettle_rnd_init(void **ctx) - return ret; - } - -- ret = _rnd_system_entropy_init(); -- if (ret < 0) { -- gnutls_assert(); -- return ret; -- } -- - /* initialize the main RNG */ - yarrow256_init(&rnd_ctx.yctx, SOURCES, rnd_ctx.ysources); - -diff --git a/lib/random.c b/lib/random.c -index d7f18f2..977d7aa 100644 ---- a/lib/random.c -+++ b/lib/random.c -@@ -26,30 +26,80 @@ - #include "gnutls_int.h" - #include "errors.h" - #include -+#include "locks.h" - #include - - void *gnutls_rnd_ctx; -+GNUTLS_STATIC_MUTEX(gnutls_rnd_init_mutex); - --int _gnutls_rnd_init(void) -+#ifdef HAVE_STDATOMIC_H -+static atomic_uint rnd_initialized = 0; -+ -+inline static int _gnutls_rnd_init(void) -+{ -+ if (unlikely(!rnd_initialized)) { -+ if (_gnutls_rnd_ops.init == NULL) { -+ rnd_initialized = 1; -+ return 0; -+ } -+ -+ GNUTLS_STATIC_MUTEX_LOCK(gnutls_rnd_init_mutex); -+ if (!rnd_initialized) { -+ if (_gnutls_rnd_ops.init(&gnutls_rnd_ctx) < 0) { -+ gnutls_assert(); -+ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex); -+ return GNUTLS_E_RANDOM_FAILED; -+ } -+ rnd_initialized = 1; -+ } -+ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex); -+ } -+ return 0; -+} -+#else -+static unsigned rnd_initialized = 0; -+ -+inline static int _gnutls_rnd_init(void) -+{ -+ GNUTLS_STATIC_MUTEX_LOCK(gnutls_rnd_init_mutex); -+ if (unlikely(!rnd_initialized)) { -+ if (_gnutls_rnd_ops.init == NULL) { -+ rnd_initialized = 1; -+ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex); -+ return 0; -+ } -+ -+ if (_gnutls_rnd_ops.init(&gnutls_rnd_ctx) < 0) { -+ gnutls_assert(); -+ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex); -+ return GNUTLS_E_RANDOM_FAILED; -+ } -+ rnd_initialized = 1; -+ } -+ GNUTLS_STATIC_MUTEX_UNLOCK(gnutls_rnd_init_mutex); -+ return 0; -+} -+#endif -+ -+int _gnutls_rnd_preinit(void) - { -+ int ret; -+ - #ifdef ENABLE_FIPS140 - /* The FIPS140 random generator is only enabled when we are compiled - * with FIPS support, _and_ the system requires FIPS140. - */ - if (_gnutls_fips_mode_enabled() == 1) { -- int ret; -- - ret = gnutls_crypto_rnd_register(100, &_gnutls_fips_rnd_ops); - if (ret < 0) - return ret; - } - #endif - -- if (_gnutls_rnd_ops.init != NULL) { -- if (_gnutls_rnd_ops.init(&gnutls_rnd_ctx) < 0) { -- gnutls_assert(); -- return GNUTLS_E_RANDOM_FAILED; -- } -+ ret = _rnd_system_entropy_init(); -+ if (ret < 0) { -+ gnutls_assert(); -+ return GNUTLS_E_RANDOM_FAILED; - } - - return 0; -@@ -57,9 +107,12 @@ int _gnutls_rnd_init(void) - - void _gnutls_rnd_deinit(void) - { -- if (_gnutls_rnd_ops.deinit != NULL) { -+ if (rnd_initialized && _gnutls_rnd_ops.deinit != NULL) { - _gnutls_rnd_ops.deinit(gnutls_rnd_ctx); - } -+ rnd_initialized = 0; -+ -+ _rnd_system_entropy_deinit(); - - return; - } -@@ -81,8 +134,17 @@ void _gnutls_rnd_deinit(void) - **/ - int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) - { -+ int ret; - FAIL_IF_LIB_ERROR; -- return _gnutls_rnd(level, data, len); -+ -+ if (unlikely((ret=_gnutls_rnd_init()) < 0)) -+ return gnutls_assert_val(ret); -+ -+ if (likely(len > 0)) { -+ return _gnutls_rnd_ops.rnd(gnutls_rnd_ctx, level, data, -+ len); -+ } -+ return 0; - } - - /** -@@ -98,5 +160,6 @@ int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) - **/ - void gnutls_rnd_refresh(void) - { -- _gnutls_rnd_refresh(); -+ if (rnd_initialized && _gnutls_rnd_ops.rnd_refresh) -+ _gnutls_rnd_ops.rnd_refresh(gnutls_rnd_ctx); - } -diff --git a/lib/random.h b/lib/random.h -index 1538ec8..2ef7bc4 100644 ---- a/lib/random.h -+++ b/lib/random.h -@@ -31,31 +31,15 @@ extern int crypto_rnd_prio; - extern void *gnutls_rnd_ctx; - extern gnutls_crypto_rnd_st _gnutls_rnd_ops; - --inline static int --_gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) --{ -- if (len > 0) { -- return _gnutls_rnd_ops.rnd(gnutls_rnd_ctx, level, data, -- len); -- } -- return 0; --} -- --inline static void _gnutls_rnd_refresh(void) --{ -- _gnutls_rnd_ops.rnd_refresh(gnutls_rnd_ctx); --} -+#define _gnutls_rnd gnutls_rnd -+#define _gnutls_rnd_refresh gnutls_rnd_refresh - - void _gnutls_rnd_deinit(void); --int _gnutls_rnd_init(void); -+int _gnutls_rnd_preinit(void); - - inline static int _gnutls_rnd_check(void) - { - return _rnd_system_entropy_check(); - } - --#ifndef _WIN32 --extern int _gnutls_urandom_fd; --#endif -- - #endif --- -2.6.6 - diff --git a/recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch b/recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch deleted file mode 100644 index f6c4f84..0000000 --- a/recipes-support/gnutls/gnutls-3.5.3/0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch +++ /dev/null @@ -1,315 +0,0 @@ -From e146eedb13d94752609553bceb13c70cb7c05a4d Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Mon, 17 Oct 2016 14:10:08 +0200 -Subject: [PATCH 3/3] deprecated _gnutls_rnd() in favor of exported - gnutls_rnd() - -Conflict: -code from lib/x509/privkey_pkcs8.c refactored into lib/x509/pkcs7-crypt.c - -Upstream-Status: Backport - -diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c -index 2ef2c9c..0412b04 100644 ---- a/lib/auth/psk_passwd.c -+++ b/lib/auth/psk_passwd.c -@@ -94,7 +94,7 @@ static int _randomize_psk(gnutls_datum_t * psk) - - psk->size = 16; - -- ret = _gnutls_rnd(GNUTLS_RND_NONCE, (char *) psk->data, 16); -+ ret = gnutls_rnd(GNUTLS_RND_NONCE, (char *) psk->data, 16); - if (ret < 0) { - gnutls_assert(); - return ret; -diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c -index 505fbee..b54d415 100644 ---- a/lib/auth/rsa.c -+++ b/lib/auth/rsa.c -@@ -178,7 +178,7 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, - - /* we do not need strong random numbers here. - */ -- ret = _gnutls_rnd(GNUTLS_RND_NONCE, rndkey.data, -+ ret = gnutls_rnd(GNUTLS_RND_NONCE, rndkey.data, - rndkey.size); - if (ret < 0) { - gnutls_assert(); -@@ -265,7 +265,7 @@ _gnutls_gen_rsa_client_kx(gnutls_session_t session, - return GNUTLS_E_MEMORY_ERROR; - } - -- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, session->key.key.data, -+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, session->key.key.data, - session->key.key.size); - if (ret < 0) { - gnutls_assert(); -diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c -index a14baa1..151e88d 100644 ---- a/lib/auth/rsa_psk.c -+++ b/lib/auth/rsa_psk.c -@@ -156,7 +156,7 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, - } - - /* Generate random */ -- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, premaster_secret.data, -+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, premaster_secret.data, - premaster_secret.size); - if (ret < 0) { - gnutls_assert(); -@@ -370,7 +370,7 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, - - /* we do not need strong random numbers here. - */ -- ret = _gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data, -+ ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data, - premaster_secret.size); - if (ret < 0) { - gnutls_assert(); -diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c -index 4e00f88..8ebcdfa 100644 ---- a/lib/auth/srp_passwd.c -+++ b/lib/auth/srp_passwd.c -@@ -400,7 +400,7 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry, - return GNUTLS_E_MEMORY_ERROR; - } - -- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, entry->v.data, 20); -+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, entry->v.data, 20); - if (ret < 0) { - gnutls_assert(); - return ret; -diff --git a/lib/cipher.c b/lib/cipher.c -index 50096df..73e18ad 100644 ---- a/lib/cipher.c -+++ b/lib/cipher.c -@@ -323,9 +323,9 @@ compressed_to_ciphertext(gnutls_session_t session, - /* Calculate the encrypted length (padding etc.) - */ - if (algo_type == CIPHER_BLOCK) { -- /* Call _gnutls_rnd() once. Get data used for the IV -+ /* Call gnutls_rnd() once. Get data used for the IV - */ -- ret = _gnutls_rnd(GNUTLS_RND_NONCE, nonce, blocksize); -+ ret = gnutls_rnd(GNUTLS_RND_NONCE, nonce, blocksize); - if (ret < 0) - return gnutls_assert_val(ret); - -diff --git a/lib/crypto-api.c b/lib/crypto-api.c -index 7d3d5ed..71bf935 100644 ---- a/lib/crypto-api.c -+++ b/lib/crypto-api.c -@@ -608,7 +608,7 @@ int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size) - return GNUTLS_E_MEMORY_ERROR; - } - -- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, key->data, key->size); -+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, key->data, key->size); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(key); -diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c -index 180d59a..26a0928 100644 ---- a/lib/ext/heartbeat.c -+++ b/lib/ext/heartbeat.c -@@ -194,7 +194,7 @@ gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size, - return gnutls_assert_val(ret); - - ret = -- _gnutls_rnd(GNUTLS_RND_NONCE, -+ gnutls_rnd(GNUTLS_RND_NONCE, - session->internals.hb_local_data.data, - data_size); - if (ret < 0) -diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c -index 5a957f0..feb6507 100644 ---- a/lib/ext/session_ticket.c -+++ b/lib/ext/session_ticket.c -@@ -234,7 +234,7 @@ encrypt_ticket(gnutls_session_t session, session_ticket_ext_st * priv, - - t = gnutls_time(0); - memcpy(iv, &t, 4); -- ret = _gnutls_rnd(GNUTLS_RND_NONCE, iv+4, IV_SIZE-4); -+ ret = gnutls_rnd(GNUTLS_RND_NONCE, iv+4, IV_SIZE-4); - if (ret < 0) { - gnutls_assert(); - goto cleanup; -diff --git a/lib/handshake.c b/lib/handshake.c -index 7dccae6..f8d7b2d 100644 ---- a/lib/handshake.c -+++ b/lib/handshake.c -@@ -204,7 +204,7 @@ static int create_tls_random(uint8_t * dst) - _gnutls_write_uint32(tim, dst); - - ret = -- _gnutls_rnd(GNUTLS_RND_NONCE, &dst[3], GNUTLS_RANDOM_SIZE - 3); -+ gnutls_rnd(GNUTLS_RND_NONCE, &dst[3], GNUTLS_RANDOM_SIZE - 3); - if (ret < 0) { - gnutls_assert(); - return ret; -@@ -3349,7 +3349,7 @@ int _gnutls_generate_session_id(uint8_t * session_id, uint8_t * len) - *len = GNUTLS_MAX_SESSION_ID_SIZE; - - ret = -- _gnutls_rnd(GNUTLS_RND_NONCE, session_id, -+ gnutls_rnd(GNUTLS_RND_NONCE, session_id, - GNUTLS_MAX_SESSION_ID_SIZE); - if (ret < 0) { - gnutls_assert(); -diff --git a/lib/mpi.c b/lib/mpi.c -index 828a0b8..491a8ef 100644 ---- a/lib/mpi.c -+++ b/lib/mpi.c -@@ -60,7 +60,7 @@ _gnutls_mpi_random_modp(bigint_t r, bigint_t p, - buf_release = 1; - } - -- ret = _gnutls_rnd(level, buf, size); -+ ret = gnutls_rnd(level, buf, size); - if (ret < 0) { - gnutls_assert(); - goto cleanup; -diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c -index b41ebfb..34688d2 100644 ---- a/lib/nettle/pk.c -+++ b/lib/nettle/pk.c -@@ -54,7 +54,7 @@ static inline const struct ecc_curve *get_supported_nist_curve(int curve); - - static void rnd_func(void *_ctx, size_t length, uint8_t * data) - { -- if (_gnutls_rnd(GNUTLS_RND_RANDOM, data, length) < 0) { -+ if (gnutls_rnd(GNUTLS_RND_RANDOM, data, length) < 0) { - #ifdef ENABLE_FIPS140 - _gnutls_switch_lib_state(LIB_STATE_ERROR); - #else -@@ -1454,7 +1454,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, - goto fail; - } - -- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, params->raw_priv.data, size); -+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, params->raw_priv.data, size); - if (ret < 0) { - ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - goto fail; -diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c -index 391bd09..7c41168 100644 ---- a/lib/opencdk/misc.c -+++ b/lib/opencdk/misc.c -@@ -161,7 +161,7 @@ FILE *_cdk_tmpfile(void) - FILE *fp; - int fd, i; - -- _gnutls_rnd(GNUTLS_RND_NONCE, rnd, DIM(rnd)); -+ gnutls_rnd(GNUTLS_RND_NONCE, rnd, DIM(rnd)); - for (i = 0; i < DIM(rnd) - 1; i++) { - char c = letters[(unsigned char) rnd[i] % 26]; - rnd[i] = c; -diff --git a/lib/pkcs11_secret.c b/lib/pkcs11_secret.c -index aa3e5ce..b9a8854 100644 ---- a/lib/pkcs11_secret.c -+++ b/lib/pkcs11_secret.c -@@ -72,7 +72,7 @@ gnutls_pkcs11_copy_secret_key(const char *token_url, gnutls_datum_t * key, - } - - /* generate a unique ID */ -- ret = _gnutls_rnd(GNUTLS_RND_NONCE, id, sizeof(id)); -+ ret = gnutls_rnd(GNUTLS_RND_NONCE, id, sizeof(id)); - if (ret < 0) { - gnutls_assert(); - return ret; -diff --git a/lib/random.h b/lib/random.h -index 2ef7bc4..e89efb9 100644 ---- a/lib/random.h -+++ b/lib/random.h -@@ -31,9 +31,6 @@ extern int crypto_rnd_prio; - extern void *gnutls_rnd_ctx; - extern gnutls_crypto_rnd_st _gnutls_rnd_ops; - --#define _gnutls_rnd gnutls_rnd --#define _gnutls_rnd_refresh gnutls_rnd_refresh -- - void _gnutls_rnd_deinit(void); - int _gnutls_rnd_preinit(void); - -diff --git a/lib/srp.c b/lib/srp.c -index 655b4a3..6d111e5 100644 ---- a/lib/srp.c -+++ b/lib/srp.c -@@ -532,7 +532,7 @@ gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t * - goto cleanup; - } - -- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, (*sc)->fake_salt_seed.data, -+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, (*sc)->fake_salt_seed.data, - DEFAULT_FAKE_SALT_SEED_SIZE); - - if (ret < 0) { -diff --git a/lib/tpm.c b/lib/tpm.c -index 4ec9a95..5f4c851 100644 ---- a/lib/tpm.c -+++ b/lib/tpm.c -@@ -768,7 +768,7 @@ static int randomize_uuid(TSS_UUID * uuid) - uint8_t raw_uuid[16]; - int ret; - -- ret = _gnutls_rnd(GNUTLS_RND_NONCE, raw_uuid, sizeof(raw_uuid)); -+ ret = gnutls_rnd(GNUTLS_RND_NONCE, raw_uuid, sizeof(raw_uuid)); - if (ret < 0) - return gnutls_assert_val(ret); - -@@ -1391,7 +1391,7 @@ gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits, - } - - -- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf)); -+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf)); - if (ret < 0) { - gnutls_assert(); - goto err_cc; -diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c -index e39dcde..b3bd287 100644 ---- a/lib/x509/pkcs12.c -+++ b/lib/x509/pkcs12.c -@@ -880,7 +880,7 @@ int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, gnutls_mac_algorithm_t m - - /* Generate the salt. - */ -- result = _gnutls_rnd(GNUTLS_RND_NONCE, salt, sizeof(salt)); -+ result = gnutls_rnd(GNUTLS_RND_NONCE, salt, sizeof(salt)); - if (result < 0) { - gnutls_assert(); - return result; -diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c -index f84d913..acacc91 100644 ---- a/lib/x509/privkey_pkcs8.c -+++ b/lib/x509/privkey_pkcs8.c -@@ -2094,7 +2094,7 @@ generate_key(schema_id schema, - if (password) - pass_len = strlen(password); - -- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, rnd, 2); -+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, rnd, 2); - if (ret < 0) { - gnutls_assert(); - return ret; -@@ -2116,7 +2116,7 @@ generate_key(schema_id schema, - return GNUTLS_E_INVALID_REQUEST; - } - -- ret = _gnutls_rnd(GNUTLS_RND_RANDOM, kdf_params->salt, -+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, kdf_params->salt, - kdf_params->salt_size); - if (ret < 0) { - gnutls_assert(); -@@ -2145,7 +2145,7 @@ generate_key(schema_id schema, - kdf_params->key_size, key->data); - - if (enc_params->iv_size) { -- ret = _gnutls_rnd(GNUTLS_RND_NONCE, -+ ret = gnutls_rnd(GNUTLS_RND_NONCE, - enc_params->iv, - enc_params->iv_size); - if (ret < 0) { --- -2.6.6 - diff --git a/recipes-support/gnutls/gnutls_3.5.3.bbappend b/recipes-support/gnutls/gnutls_3.5.3.bbappend deleted file mode 100644 index 99ff422..0000000 --- a/recipes-support/gnutls/gnutls_3.5.3.bbappend +++ /dev/null @@ -1,8 +0,0 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-${PV}:" - -# Backport commits in 3.5.6 -# https://bugzilla.redhat.com/show_bug.cgi?id=1387141 -SRC_URI_append = "file://0001-_gnutls_rnd_check-call-_rnd_system_entropy_check-dir.patch \ - file://0002-rng-split-initialization-in-preinit-and-init.patch \ - file://0003-deprecated-_gnutls_rnd-in-favor-of-exported-gnutls_r.patch \ -" \ No newline at end of file -- cgit v1.2.3