diff options
Diffstat (limited to 'doc/cha-internals.texi')
-rw-r--r-- | doc/cha-internals.texi | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi index f188caecc9..9dd1d8b6cc 100644 --- a/doc/cha-internals.texi +++ b/doc/cha-internals.texi @@ -754,3 +754,27 @@ Applications could also switch FIPS140-2 mode explicitly off, by calling @example gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); @end example + +@subheading Service indicator + +The above restrictions may not cover all the requirements in every +usage context, and as the FIPS140 standard evolves (like FIPS140-3), +GnuTLS may not be able to add new restrictions without breaking +compatibility. + +Therefore an additional set of API functions is provided to +communicate with the user whether any approved mode of operations is +performed within a given context. + +@showfuncD{gnutls_fips140_context_init,gnutls_fips140_context_deinit,gnutls_fips140_push_context,gnutls_fips140_pop_context} + +The @code{gnutls_fips140_context_t} represents the FIPS140-2 mode of +operation. It can be attached to the current execution thread with +@funcref{gnutls_fips140_push_context} and its internal state will be +updated until it is detached with +@funcref{gnutls_fips140_pop_context}. Afterwards +@funcref{gnutls_fips140_get_operation_state} allows the user +to examine whether any approved (or non-approved) security function is +invoked. + +@showfuncdesc{gnutls_fips140_get_operation_state} |