mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 09:30:51 +02:00
35 lines
1.0 KiB
Rust
35 lines
1.0 KiB
Rust
#![cfg(fips)]
|
|
|
|
use crate::sys;
|
|
|
|
/// Enables or disables the ability to read private key data in FIPS mode.
|
|
///
|
|
/// In FIPS mode, private keys are protected and cannot be read by default.
|
|
/// This function allows temporarily enabling private key reads for operations
|
|
/// that require access to the raw key material, such as key export or backup.
|
|
///
|
|
/// # Arguments
|
|
///
|
|
/// * `enabled` - Set to `1` to enable private key reads, or `0` to disable.
|
|
///
|
|
/// # Returns
|
|
///
|
|
/// * `Ok(())` - The operation succeeded.
|
|
/// * `Err(i32)` - The operation failed, returning the wolfSSL error code.
|
|
///
|
|
/// # Note
|
|
///
|
|
/// This function applies to all key types (`WC_KEYTYPE_ALL`). Private key
|
|
/// reading should be disabled again after the required operation is complete
|
|
/// to maintain FIPS compliance.
|
|
pub fn set_private_key_read_enable(enabled: i32) -> Result<(), i32> {
|
|
let rc = unsafe {
|
|
sys::wolfCrypt_SetPrivateKeyReadEnable_fips(enabled, sys::wc_KeyType_WC_KEYTYPE_ALL)
|
|
};
|
|
if rc != 0 {
|
|
Err(rc)
|
|
} else {
|
|
Ok(())
|
|
}
|
|
}
|