+typedef struct {
+ unsigned int self_test_onload : 1;
+ unsigned int conditional_errors : 1;
+ unsigned int security_checks : 1;
+ unsigned int tls_prf_ems_check : 1;
+ unsigned int drgb_no_trunc_dgst : 1;
+} FIPS_OPTS;
+
+/* Pedantic FIPS compliance */
+static const FIPS_OPTS pedantic_opts = {
+ 1, /* self_test_onload */
+ 1, /* conditional_errors */
+ 1, /* security_checks */
+ 1, /* tls_prf_ems_check */
+ 1, /* drgb_no_trunc_dgst */
+};
+
+/* Default FIPS settings for backward compatibility */
+static FIPS_OPTS fips_opts = {
+ 1, /* self_test_onload */
+ 1, /* conditional_errors */
+ 1, /* security_checks */
+ 0, /* tls_prf_ems_check */
+ 0, /* drgb_no_trunc_dgst */
+};
+
+static int check_non_pedantic_fips(int pedantic, const char *name)
+{
+ if (pedantic) {
+ BIO_printf(bio_err, "Cannot specify -%s after -pedantic\n", name);
+ return 0;
+ }
+ return 1;
+}
+