min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove boring::fips::enable (fixes #150) 

In boringssl, FIPS_mode_set is more or less useless, and
it doesn't even set an error stack at all on failure,
so there is no point using it instead of FIPS_mode.
This commit is contained in:
Anthony Ramine 2023-10-09 15:07:13 +02:00 committed by Alessandro Ghedini
parent ea96015b66
commit 6c681a409c
1 changed files with 0 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
boring/src/fips.rs
View File

@ -3,17 +3,8 @@
//! See [OpenSSL's documentation] for details.
//!
//! [OpenSSL's documentation]: https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
use crate::cvt;
use crate::error::ErrorStack;
use crate::ffi;
/// Moves the library into or out of the FIPS 140-2 mode of operation.
///
/// This corresponds to `FIPS_mode_set`.
pub fn enable(enabled: bool) -> Result<(), ErrorStack> {
unsafe { cvt(ffi::FIPS_mode_set(enabled as _)).map(|_| ()) }
}
/// Determines if the library is running in the FIPS 140-2 mode of operation.
///
/// This corresponds to `FIPS_mode`.