Skip to content

Commit 5579609

Browse files
lealem47lealem47
committed
Change default --enable-linuxkm entropy source to wolfentropy.ko
1 parent 5125a3e commit 5579609

1 file changed

Lines changed: 16 additions & 12 deletions

File tree

configure.ac

Lines changed: 16 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6048,20 +6048,10 @@ AC_ARG_ENABLE([pwdbased],
60486048
# MemUse Entropy
60496049
# wolfEntropy Software Jitter SP800-90B certifiable entropy source
60506050

6051-
if test "$KERNEL_MODE_DEFAULTS" = "yes" && \
6052-
test "$ENABLED_AMDRDSEED" != "yes" && \
6053-
test "$ENABLED_INTELRDRAND" != "yes" && \
6054-
test "$ENABLED_INTELRDSEED" != "yes"
6055-
then
6056-
ENABLED_ENTROPY_MEMUSE_DEFAULT=yes
6057-
else
6058-
ENABLED_ENTROPY_MEMUSE_DEFAULT=no
6059-
fi
6060-
60616051
AC_ARG_ENABLE([wolfEntropy],
60626052
[AS_HELP_STRING([--enable-wolfEntropy],[Enable memuse entropy support (default: disabled)])],
60636053
[ ENABLED_ENTROPY_MEMUSE=$enableval ],
6064-
[ ENABLED_ENTROPY_MEMUSE=$ENABLED_ENTROPY_MEMUSE_DEFAULT ]
6054+
[ ENABLED_ENTROPY_MEMUSE=no ]
60656055
)
60666056
AC_ARG_ENABLE([wolfentropy],
60676057
[AS_HELP_STRING([--enable-wolfentropy],[Alias for --enable-wolfEntropy])],
@@ -6072,6 +6062,20 @@ AC_ARG_ENABLE([entropy-memuse],
60726062
[ ENABLED_ENTROPY_MEMUSE=$enableval ]
60736063
)
60746064

6065+
# Default --enable-linuxkm to seed its FIPS DRBG from a separately-built
6066+
# wolfentropy.ko module via WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER (resolved
6067+
# at module load time via a weak extern on wc_Entropy_Get). Skipped if
6068+
# wolfEntropy is being compiled into libwolfssl.ko itself, or if Intel/AMD
6069+
# RDSEED/RDRAND was explicitly requested as the entropy source.
6070+
if test "$KERNEL_MODE_DEFAULTS" = "yes" && \
6071+
test "x$ENABLED_ENTROPY_MEMUSE" = "xno" && \
6072+
test "$ENABLED_AMDRDSEED" != "yes" && \
6073+
test "$ENABLED_INTELRDRAND" != "yes" && \
6074+
test "$ENABLED_INTELRDSEED" != "yes"
6075+
then
6076+
AM_CFLAGS="$AM_CFLAGS -DWC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER"
6077+
fi
6078+
60756079
# AES key wrap
60766080
AC_ARG_ENABLE([aeskeywrap],
60776081
[AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
@@ -11621,7 +11625,7 @@ AM_CONDITIONAL([BUILD_PKCS7],[test "x$ENABLED_PKCS7" = "xyes" || test "x$ENABLED
1162111625
AM_CONDITIONAL([BUILD_SMIME],[test "x$ENABLED_SMIME" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
1162211626
AM_CONDITIONAL([BUILD_HASHFLAGS],[test "x$ENABLED_HASHFLAGS" = "xyes"])
1162311627
AM_CONDITIONAL([BUILD_LINUXKM],[test "$ENABLED_LINUXKM" = "yes"])
11624-
AM_CONDITIONAL([BUILD_WOLFENTROPY_KO],[test "$ENABLED_LINUXKM" = "yes" && test "x$ENABLED_ENTROPY_MEMUSE" != "xno"])
11628+
AM_CONDITIONAL([BUILD_WOLFENTROPY_KO],[test "$ENABLED_LINUXKM" = "yes"])
1162511629
AM_CONDITIONAL([BUILD_KERNEL_MODE_DEFAULTS],[test "$KERNEL_MODE_DEFAULTS" != "no"])
1162611630
AM_CONDITIONAL([BUILD_BSDKM],[test "$ENABLED_BSDKM" = "yes"])
1162711631
AM_CONDITIONAL([BUILD_KERNEL_MODULE],[test "$ENABLED_BSDKM" = "yes" || test "$ENABLED_LINUXKM" = "yes"])

0 commit comments

Comments
 (0)