From 8e3e60e4e2ad96962326dbfe5d2a8206361a0f3d Mon Sep 17 00:00:00 2001
From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com>
Date: Wed, 12 Mar 2025 16:53:25 -0600
Subject: [PATCH] adds WC_NO_DEFAULT_DEVID to disallow automatic use of
 "default" devId

---
 wolfcrypt/src/cryptocb.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c
index daf9cb99b..548309528 100644
--- a/wolfcrypt/src/cryptocb.c
+++ b/wolfcrypt/src/cryptocb.c
@@ -1882,6 +1882,12 @@ int wc_CryptoCb_DefaultDevID(void)
 {
     int ret;
 
+/* Explicitly disable the "default devId" behavior. Ensures that any devId
+ * will only be used if explicitly passed as an argument to crypto functions,
+ * and never automatically selected. */
+#ifdef WC_NO_DEFAULT_DEVID
+    ret = INVALID_DEVID;
+#else
     /* conditional macro selection based on build */
 #ifdef WOLFSSL_CAAM_DEVID
     ret = WOLFSSL_CAAM_DEVID;
@@ -1893,6 +1899,7 @@ int wc_CryptoCb_DefaultDevID(void)
     /* try first available */
     ret = wc_CryptoCb_GetDevIdAtIndex(0);
 #endif
+#endif /* WC_NO_DEFAULT_DEVID */
 
     return ret;
 }