#ifndef BORINGSSL_HEADER_FIPS_H
#define BORINGSSL_HEADER_FIPS_H

#include <openssl/base.h>

#if defined(__cplusplus)
extern "C" {
#endif

/* Return 1 if the module is in FIPS approved mode, o.w, return 0 */
OPENSSL_EXPORT int FIPS_status(void);

/* Return a version text string */
OPENSSL_EXPORT const char *FIPS_bssl_module_version_text(void);

#define FIPS_BSSL_POST_DEFAULT   0
#define FIPS_BSSL_POST_ON_DEMAND 1

/* FIPS Power-On-Self-Test.
 *
 * - |on_demand| is 0 (FIPS_BSSL_POST_DEFAULT)
 * Do both algorithm and integrity test if vold.post_fs_data_done is 0 or non-exist.
 * Only integrity test will be done if vold.post_fs_data_done is 1
 * (See, IG 9.11 Reducing the Number of Known Answer Tests)
 * The module invokes exit() to block crypto services, if any tests are failed.
 *
 * - |on_demand| is 1 (FIPS_BSSL_POST_ON_DEMAND)
 * Do both algorithm and integrity always
 * In this case the module also invokes exit() to block crypto services, if any tests are failed. */
OPENSSL_EXPORT void	FIPS_bssl_post(int on_demand);

/* FIPS algorithm selftest, return 1 if success, o.w, return 0 */
OPENSSL_EXPORT int FIPS_bssl_selftest_kat(void);

/* FIPS integrity selftest, return 1 if success, o.w, return 0 */
OPENSSL_EXPORT int FIPS_bssl_selftest_integrity(void);

#if defined(__cplusplus)
}
#endif

#endif // END of BORINGSSL_HEADER_FIPS_H