1 files changed, 24 insertions, 0 deletions

diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi
index f188caecc9..9dd1d8b6cc 100644
--- a/doc/cha-internals.texi
+++ b/doc/cha-internals.texi
@@ -754,3 +754,27 @@ Applications could also switch FIPS140-2 mode explicitly off, by calling
 @example
 gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0);
 @end example
+
+@subheading Service indicator
+
+The above restrictions may not cover all the requirements in every
+usage context, and as the FIPS140 standard evolves (like FIPS140-3),
+GnuTLS may not be able to add new restrictions without breaking
+compatibility.
+
+Therefore an additional set of API functions is provided to
+communicate with the user whether any approved mode of operations is
+performed within a given context.
+
+@showfuncD{gnutls_fips140_context_init,gnutls_fips140_context_deinit,gnutls_fips140_push_context,gnutls_fips140_pop_context}
+
+The @code{gnutls_fips140_context_t} represents the FIPS140-2 mode of
+operation.  It can be attached to the current execution thread with
+@funcref{gnutls_fips140_push_context} and its internal state will be
+updated until it is detached with
+@funcref{gnutls_fips140_pop_context}.  Afterwards
+@funcref{gnutls_fips140_get_operation_state} allows the user
+to examine whether any approved (or non-approved) security function is
+invoked.
+
+@showfuncdesc{gnutls_fips140_get_operation_state}