[nrf noup] Revert "net: lib: sockets: tls: do not specify random function to be used"

tomi-font · tomi-font · commit ab308a462732 · 2026-04-13T11:28:41.000+03:00
This reverts commit e9b5feb. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
diff --git a/subsys/net/lib/sockets/sockets_tls.c b/subsys/net/lib/sockets/sockets_tls.c
@@ -331,6 +331,19 @@ bool net_socket_is_tls(void *obj)
 	return PART_OF_ARRAY(tls_contexts, (struct tls_context *)obj);
 }
 
+static int tls_ctr_drbg_random(void *ctx, unsigned char *buf, size_t len)
+{
+	ARG_UNUSED(ctx);
+
+#if defined(CONFIG_CSPRNG_ENABLED)
+	return sys_csrand_get(buf, len);
+#else
+	sys_rand_get(buf, len);
+
+	return 0;
+#endif
+}
+
 #if defined(CONFIG_NET_SOCKETS_ENABLE_DTLS)
 /* mbedTLS-defined function for setting timer. */
 static void dtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms)
@@ -1428,7 +1441,8 @@ static int tls_set_private_key(struct tls_context *tls,
 	int err;
 
 	err = mbedtls_pk_parse_key(&tls->priv_key, priv_key->buf,
-				   priv_key->len, NULL, 0);
+				   priv_key->len, NULL, 0,
+				   tls_ctr_drbg_random, NULL);
 	if (err != 0) {
 		return -EINVAL;
 	}
@@ -1814,7 +1828,9 @@ static int tls_mbedtls_init(struct tls_context *context, bool is_server)
 
 		/* Configure cookie for DTLS server */
 		if (role == MBEDTLS_SSL_IS_SERVER) {
-			ret = mbedtls_ssl_cookie_setup(&context->cookie);
+			ret = mbedtls_ssl_cookie_setup(&context->cookie,
+						       tls_ctr_drbg_random,
+						       NULL);
 			if (ret != 0) {
 				return -ENOMEM;
 			}
@@ -1839,6 +1855,10 @@ static int tls_mbedtls_init(struct tls_context *context, bool is_server)
 					  context->options.verify_level);
 	}
 
+	mbedtls_ssl_conf_rng(&context->config,
+			     tls_ctr_drbg_random,
+			     NULL);
+
 	ret = tls_mbedtls_set_credentials(context);
 	if (ret != 0) {
 		return ret;
@@ -1935,7 +1955,8 @@ static int tls_check_priv_key(struct tls_credential *priv_key)
 	mbedtls_pk_init(&key_ctx);
 
 	err = mbedtls_pk_parse_key(&key_ctx, priv_key->buf,
-				   priv_key->len, NULL, 0);
+				   priv_key->len, NULL, 0,
+				   tls_ctr_drbg_random, NULL);
 	if (err != 0) {
 		NET_ERR("Failed to parse %s on tag %d, err: -0x%x",
 			"private key", priv_key->tag, -err);
