From 70e7bf5eaba5f07b147960f6de29d03df5455500 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Sat, 13 Jun 2026 10:26:50 -0500
Subject: [PATCH] linuxkm/linuxkm_wc_port.h: fix entropy source setup for FIPS:
 use in-boundary wc_GenerateSeed() unless FIPS < 5.2.4 or explicit
 WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER / WC_LINUXKM_RDSEED_IN_GLUE_LAYER.

---
 linuxkm/linuxkm_wc_port.h | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h
index 596835c790..28fb5a4de4 100644
--- a/linuxkm/linuxkm_wc_port.h
+++ b/linuxkm/linuxkm_wc_port.h
@@ -217,15 +217,17 @@
         #endif
     #endif
 
-    #if defined(HAVE_HASHDRBG) && defined(HAVE_FIPS) && \
+    #if defined(HAVE_FIPS) && FIPS_VERSION3_LT(5, 2, 4)
+        #if defined(HAVE_HASHDRBG) && \
             defined(HAVE_ENTROPY_MEMUSE) && \
             !defined(WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER)
-        #define WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER
-    #elif defined(HAVE_HASHDRBG) && defined(HAVE_FIPS) && \
-            (defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)) && \
-            !defined(HAVE_ENTROPY_MEMUSE) && \
-            !defined(WC_LINUXKM_RDSEED_IN_GLUE_LAYER)
-        #define WC_LINUXKM_RDSEED_IN_GLUE_LAYER
+            #define WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER
+        #elif defined(HAVE_HASHDRBG) && \
+              (defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)) && \
+              !defined(HAVE_ENTROPY_MEMUSE) && \
+              !defined(WC_LINUXKM_RDSEED_IN_GLUE_LAYER)
+            #define WC_LINUXKM_RDSEED_IN_GLUE_LAYER
+        #endif
     #endif
     #if defined(WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER)
         struct OS_Seed;