From 0a555377ef5f79b6dcd6ef8b49658a9520b0c98f Mon Sep 17 00:00:00 2001
From: Flavio Ceolin <flavio.ceolin@intel.com>
Date: Wed, 18 Aug 2021 16:02:18 -0700
Subject: [PATCH] jwt: mbedTLS requires csprng

Newer version of mbedTLS requires a csprng source now in some APIs.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
---
 subsys/jwt/Kconfig |  1 +
 subsys/jwt/jwt.c   | 15 ++++++++++++---
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/subsys/jwt/Kconfig b/subsys/jwt/Kconfig
index ac1261c6989..dfbdbc3c889 100644
--- a/subsys/jwt/Kconfig
+++ b/subsys/jwt/Kconfig
@@ -16,6 +16,7 @@ choice
 
 config JWT_SIGN_RSA
 	bool "Use RSA signature (RS-256)"
+	depends on CSPRING_ENABLED
 	select MBEDTLS
 
 config JWT_SIGN_ECDSA
diff --git a/subsys/jwt/jwt.c b/subsys/jwt/jwt.c
index e5411fc6267..d5abd1c2f00 100644
--- a/subsys/jwt/jwt.c
+++ b/subsys/jwt/jwt.c
@@ -15,6 +15,7 @@
 #include <mbedtls/pk.h>
 #include <mbedtls/rsa.h>
 #include <mbedtls/sha256.h>
+#include <random/rand32.h>
 #endif
 
 #ifdef CONFIG_JWT_SIGN_ECDSA
@@ -190,6 +191,14 @@ int jwt_add_payload(struct jwt_builder *builder,
 }
 
 #ifdef CONFIG_JWT_SIGN_RSA
+
+static int csprng_wrapper(void *ctx, unsigned char *dest, size_t size)
+{
+	ARG_UNUSED(ctx);
+
+	return sys_csrand_get((void *)dest, size);
+}
+
 int jwt_sign(struct jwt_builder *builder,
 	     const char *der_key,
 	     size_t der_key_len)
@@ -200,7 +209,7 @@ int jwt_sign(struct jwt_builder *builder,
 	mbedtls_pk_init(&ctx);
 
 	res = mbedtls_pk_parse_key(&ctx, der_key, der_key_len,
-				       NULL, 0);
+			       NULL, 0, csprng_wrapper, NULL);
 	if (res != 0) {
 		return res;
 	}
@@ -217,8 +226,8 @@ int jwt_sign(struct jwt_builder *builder,
 
 	res = mbedtls_pk_sign(&ctx, MBEDTLS_MD_SHA256,
 			      hash, sizeof(hash),
-			      sig, &sig_len,
-			      NULL, NULL);
+			      sig, sig_len, &sig_len,
+			      csprng_wrapper, NULL);
 	if (res != 0) {
 		return res;
 	}