diff options
author | Jack Lloyd <[email protected]> | 2017-01-06 10:32:22 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-01-06 10:32:22 -0500 |
commit | b1c7212e2e5bfaf6cc4aac7ce4eb5aba5158bfcd (patch) | |
tree | d5aee6598097f91b8caa83d954d5d7a29457970a | |
parent | 4bf0ef759c87225deb97a39580f25450a87d6cc7 (diff) | |
parent | eb1ff608cc119564eb48d33dbb8fe567bddab9f0 (diff) |
Merge GH #815 Add NIST build policy
-rw-r--r-- | .travis.yml | 5 | ||||
-rw-r--r-- | src/build-data/policy/nist.txt | 153 | ||||
-rwxr-xr-x | src/scripts/ci/travis/build.sh | 2 |
3 files changed, 159 insertions, 1 deletions
diff --git a/.travis.yml b/.travis.yml index 80b176fc8..d62305f93 100644 --- a/.travis.yml +++ b/.travis.yml @@ -29,6 +29,7 @@ env: - BUILD_MODE="shared" - BUILD_MODE="static" - BUILD_MODE="bsi" + - BUILD_MODE="nist" - BUILD_MODE="sanitizer" - BUILD_MODE="coverage" - BUILD_MODE="cross-arm32" @@ -50,7 +51,7 @@ matrix: - os: osx compiler: gcc - # Run docs, bsi, coverage, valgrind, sonarqube, sanitizer, + # Run docs, bsi, nist, coverage, valgrind, sonarqube, sanitizer, # minimized and non-ARM cross builds on Linux/gcc only. The # sanitizer builds under Clang run the tests very slowly and cause # CI timeouts. @@ -58,6 +59,8 @@ matrix: - compiler: clang env: BUILD_MODE="bsi" - compiler: clang + env: BUILD_MODE="nist" + - compiler: clang env: BUILD_MODE="docs" - compiler: clang env: BUILD_MODE="coverage" diff --git a/src/build-data/policy/nist.txt b/src/build-data/policy/nist.txt new file mode 100644 index 000000000..0a14dc8a4 --- /dev/null +++ b/src/build-data/policy/nist.txt @@ -0,0 +1,153 @@ +<required> +des +aes + +gcm +ccm +ctr +cbc +mode_pad + +# hash +sha2_32 +sha2_64 +sha3 + +# mac +cmac +hmac +gmac + +# kdf +sp800_108 +sp800_56c + +# pk_pad +eme_oaep +emsa_pssr +emsa1 + +# pubkey +dh +rsa +dsa +ecdsa +ecdh + +# rng +auto_rng +hmac_drbg + +# keywrap +rfc3394 +</required> + +<if_available> +# block +aes_ni +aes_ssse3 + +# modes +clmul + +# entropy sources +cryptoapi_rng +darwin_secrandom +dev_random +proc_walk +rdrand +rdseed +win32_stats + +# rng +rdrand_rng +system_rng + +# utils +locking_allocator +simd +</if_available> + +<prohibited> +# block +blowfish +camellia +cascade +cast +gost_28147 +idea +idea_sse2 +kasumi +lion +misty1 +noekeon +noekeon_simd +seed +serpent +serpent_simd +threefish +threefish_avx2 +twofish +xtea + +# modes +chacha20poly1305 +eax +ocb +siv +cfb + +# stream +chacha +chacha_sse2 +ofb +rc4 +salsa20 + +# kdf +hkdf +kdf1 +kdf2 +prf_x942 + +# pubkey +curve25519 +ecgdsa +eckcdsa +elgamal +gost_3410 +mce +mceies +rfc6979 +newhope +cecpq1 +xmss + +# pk_pad +#eme_pkcs1 // needed for tls +#emsa_pkcs1 // needed for tls +emsa_raw +emsa_x931 + +# hash +blake2 +comb4p +gost_3411 +md4 +#md5 // needed for tls +rmd160 +#sha1 // needed for tls +#sha1_sse2 // needed for tls +skein +tiger +whirlpool + +# mac +cbc_mac +poly1305 +siphash +x919_mac + +# misc +bcrypt +</prohibited> diff --git a/src/scripts/ci/travis/build.sh b/src/scripts/ci/travis/build.sh index df80dd52e..bda049576 100755 --- a/src/scripts/ci/travis/build.sh +++ b/src/scripts/ci/travis/build.sh @@ -20,6 +20,8 @@ elif [ "$BUILD_MODE" = "shared" ] || [ "$BUILD_MODE" = "mini-shared" ]; then CFG_FLAGS+=() elif [ "$BUILD_MODE" = "bsi" ]; then CFG_FLAGS+=(--module-policy=bsi) +elif [ "$BUILD_MODE" = "nist" ]; then + CFG_FLAGS+=(--module-policy=nist) elif [ "$BUILD_MODE" = "sonarqube" ]; then # No special flags required CFG_FLAGS+=() |