michaelh/zephyr
1
0
Fork 0
Code Releases Activity

jwt: mbedTLS requires csprng

Browse source 
Newer version of mbedTLS requires a csprng source now in some APIs.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2021-08-18 16:02:18 -07:00 committed by Kumar Gala
commit 0a555377ef
2 changed files with 13 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
subsys/jwt/Kconfig
View file

@ -16,6 +16,7 @@ choice
config JWT_SIGN_RSA
bool "Use RSA signature (RS-256)"
depends on CSPRING_ENABLED
select MBEDTLS
config JWT_SIGN_ECDSA

15
subsys/jwt/jwt.c
View file

@ -15,6 +15,7 @@
#include <mbedtls/pk.h>
#include <mbedtls/rsa.h>
#include <mbedtls/sha256.h>
#include <random/rand32.h>
#endif
#ifdef CONFIG_JWT_SIGN_ECDSA
@ -190,6 +191,14 @@ int jwt_add_payload(struct jwt_builder *builder,
}
#ifdef CONFIG_JWT_SIGN_RSA
static int csprng_wrapper(void *ctx, unsigned char *dest, size_t size)
{
ARG_UNUSED(ctx);
return sys_csrand_get((void *)dest, size);
}
int jwt_sign(struct jwt_builder *builder,
const char *der_key,
size_t der_key_len)
@ -200,7 +209,7 @@ int jwt_sign(struct jwt_builder *builder,
mbedtls_pk_init(&ctx);
res = mbedtls_pk_parse_key(&ctx, der_key, der_key_len,
NULL, 0);
NULL, 0, csprng_wrapper, NULL);
if (res != 0) {
return res;
}
@ -217,8 +226,8 @@ int jwt_sign(struct jwt_builder *builder,
res = mbedtls_pk_sign(&ctx, MBEDTLS_MD_SHA256,
hash, sizeof(hash),
sig, &sig_len,
NULL, NULL);
sig, sig_len, &sig_len,
csprng_wrapper, NULL);
if (res != 0) {
return res;
}