From 8e3e60e4e2ad96962326dbfe5d2a8206361a0f3d Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Wed, 12 Mar 2025 16:53:25 -0600 Subject: [PATCH 1/3] adds WC_NO_DEFAULT_DEVID to disallow automatic use of "default" devId --- wolfcrypt/src/cryptocb.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index daf9cb99b..548309528 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -1882,6 +1882,12 @@ int wc_CryptoCb_DefaultDevID(void) { int ret; +/* Explicitly disable the "default devId" behavior. Ensures that any devId + * will only be used if explicitly passed as an argument to crypto functions, + * and never automatically selected. */ +#ifdef WC_NO_DEFAULT_DEVID + ret = INVALID_DEVID; +#else /* conditional macro selection based on build */ #ifdef WOLFSSL_CAAM_DEVID ret = WOLFSSL_CAAM_DEVID; @@ -1893,6 +1899,7 @@ int wc_CryptoCb_DefaultDevID(void) /* try first available */ ret = wc_CryptoCb_GetDevIdAtIndex(0); #endif +#endif /* WC_NO_DEFAULT_DEVID */ return ret; } From b7764e93085295415e578f1e86249652ac7d50ea Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Thu, 13 Mar 2025 13:07:48 -0600 Subject: [PATCH 2/3] add support for WC_NO_DEFAULT_DEVID to configure --- configure.ac | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/configure.ac b/configure.ac index 0fe0a728c..8b5c06165 100644 --- a/configure.ac +++ b/configure.ac @@ -9265,6 +9265,14 @@ then AM_CFLAGS="$AM_CFLAGS -DALT_ECC_SIZE" fi +AC_ARG_ENABLE([default-devid], + [AS_HELP_STRING([--disable-default-devid],[Disable default device ID (default: disabled)])], + [ if test "x$enableval" = "xno" ; then + AM_CFLAGS="$AM_CFLAGS -DWC_NO_DEFAULT_DEVID" + fi + ], + [ENABLED_DEFAULT_DEVID=yes]) + ################################################################################ # Update ENABLE_* variables # ################################################################################ From c7db28ef5a149cebe06d0dcce5441002bd4749dd Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Mon, 17 Mar 2025 12:15:12 -0600 Subject: [PATCH 3/3] merge --no-default-devid configure option into --enable-cryuptocb=no-default-devid --- configure.ac | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/configure.ac b/configure.ac index 8b5c06165..0d60168d1 100644 --- a/configure.ac +++ b/configure.ac @@ -8791,10 +8791,20 @@ AC_ARG_ENABLE([cryptodev], # Support for crypto callbacks AC_ARG_ENABLE([cryptocb], - [AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])], - [ ENABLED_CRYPTOCB=$enableval ], - [ ENABLED_CRYPTOCB=no ] - ) + [AS_HELP_STRING([--enable-cryptocb], + [Enable crypto callbacks (default: disabled). Use 'no-default-devid' to enable without a platform-specific default device ID])], +[ + case "$enableval" in + no-default-devid) + ENABLED_CRYPTOCB=yes + AM_CPPFLAGS="$AM_CPPFLAGS -DWC_NO_DEFAULT_DEVID" + ;; + *) + ENABLED_CRYPTOCB="$enableval" + ;; + esac +], +[ ENABLED_CRYPTOCB=no ]) # Enable testing of cryptoCb using software crypto. On platforms where wolfCrypt tests # are used to test a custom cryptoCb, it may be desired to disable this so wolfCrypt tests @@ -9265,14 +9275,6 @@ then AM_CFLAGS="$AM_CFLAGS -DALT_ECC_SIZE" fi -AC_ARG_ENABLE([default-devid], - [AS_HELP_STRING([--disable-default-devid],[Disable default device ID (default: disabled)])], - [ if test "x$enableval" = "xno" ; then - AM_CFLAGS="$AM_CFLAGS -DWC_NO_DEFAULT_DEVID" - fi - ], - [ENABLED_DEFAULT_DEVID=yes]) - ################################################################################ # Update ENABLE_* variables # ################################################################################