From f1d43f689183fc06505f4d069cbda97f8e1a340b Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 12 Oct 2021 15:59:17 -0700
Subject: [PATCH] Add error code for the private key read lockout.

---
 wolfcrypt/src/error.c           | 3 +++
 wolfssl/wolfcrypt/error-crypt.h | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 55e4ffa67..9d685f811 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -551,6 +551,9 @@ const char* wc_GetErrorString(int error)
     case ECC_PCT_E:
         return "wolfcrypt ECDHE Pairwise Consistency Test Failure";
 
+    case FIPS_PRIVATE_KEY_LOCKED_E:
+        return "Cannot export private key, locked";
+
     default:
         return "unknown error number";
 
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 1e732c012..134ba080e 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -245,8 +245,9 @@ enum {
     KDF_SSH_KAT_FIPS_E  = -284,  /* SSH KDF KAT failure */
     DHE_PCT_E           = -285,  /* DHE Pairwise Consistency Test failure */
     ECC_PCT_E           = -286,  /* ECDHE Pairwise Consistency Test failure */
+    FIPS_PRIVATE_KEY_LOCKED_E = -287, /* Cannot export private key. */
 
-    WC_LAST_E           = -286,  /* Update this to indicate last error */
+    WC_LAST_E           = -287,  /* Update this to indicate last error */
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 
     /* add new companion error id strings for any new error codes