@@ -106,7 +106,8 @@ The exception `error:notsup` signifies that the algorithm is known but is not
106106supported by current underlying libcrypto or explicitly disabled when building
107107that.
108108
109- For a list of supported algorithms, see [supports(ciphers)](`supports/1`).
109+ For a list of supported algorithms, see [supports(ciphers)](`supports/1`)
110+ and [supports()](`supports/0`).
110111
111112[](){: #error_3tup }
112113
151152"""
152153
153154
154- -export ([start /0 , stop /0 , info /0 , info_lib /0 , info_fips /0 , supports / 0 , enable_fips_mode /1 ,
155+ -export ([start /0 , stop /0 , info /0 , info_lib /0 , info_fips /0 , enable_fips_mode /1 ,
155156 version /0 , bytes_to_integer /1 ]).
156157-export ([cipher_info /1 , hash_info /1 ]).
157158-export ([hash /2 , hash_xof /3 , hash_init /1 , hash_update /2 , hash_final /1 , hash_final_xof /2 ]).
238239
239240 hash_equals /2 ,
240241
241- supports /1 ,
242+ supports /0 , supports / 1 ,
242243 mac /3 , mac /4 , macN /4 , macN /5 ,
243244 mac_init /2 , mac_init /3 , mac_update /2 , mac_final /1 , mac_finalN /2
244245 ]).
@@ -836,15 +837,32 @@ Get a collection of all supported crypto algorithms, grouped per type.
836837
837838If FIPS mode is enabled and supported, the return value will also include an additional key:
838839`fips_forbidden`, containing lists of algorithms which are not allowed to use under FIPS mode.
839- Each algorithm is tried once on the `crypto` application startup.
840- The `fips_forbidden` results are also grouped in the same way as the results. The `rsa_opts` key in
841- `fips_forbidden` is returned for completeness and is always an empty list, because validity of
842- `rsa_opts` under FIPS can only be determined based on multiple other `rsa_opts` passed together.
840+ Each algorithm is tried once during the `crypto` application startup.
841+
842+ The `rsa_opts` key in `fips_forbidden` is returned for completeness and is always an empty list,
843+ because the validity of each `rsa_opts` option under FIPS can only be determined based on
844+ multiple other `rsa_opts` passed together.
845+
846+ Example response with FIPS enabled:
847+ ```erlang
848+ [{hashs, [...
849+ {ciphers, ...
850+ {kems, []},
851+ {public_keys, ...
852+ {macs, ...
853+ {curves, ...
854+ {rsa_opts, ...
855+ {fips_forbidden,[{hashs,[blake2s,blake2b,sm3,ripemd160,md5,md4]},
856+ {ciphers,[chacha20,sm4_ctr,sm4_ofb,sm4_cfb,sm4_ecb,sm4_cbc,...]},
857+ {kems,[mlkem1024,mlkem768,mlkem512]},
858+ {public_keys,[srp,eddh,eddsa,ecdh,ecdsa,ec_gf2m,dss]},
859+ {macs,[hmac,poly1305]},
860+ {curves,[secp256r1]},
861+ {rsa_opts,[]}]}]
862+ ```
843863"""
844- -spec supports () -> [
845- supported_result_item ()
846- | {fips_forbidden , [supported_result_item ()]}
847- ].
864+ -doc (#{group => <<" Utility Functions"
865+ -spec supports () -> [supported_result_item () | {fips_forbidden , [supported_result_item ()]}].
848866supports () ->
849867 % % Add FIPS-disabled algorithms separately for the users to see
850868 FIPSForbidden = case application :get_env (crypto , fips_mode , false ) of
0 commit comments