aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-01-06 10:32:22 -0500
committerJack Lloyd <[email protected]>2017-01-06 10:32:22 -0500
commitb1c7212e2e5bfaf6cc4aac7ce4eb5aba5158bfcd (patch)
treed5aee6598097f91b8caa83d954d5d7a29457970a
parent4bf0ef759c87225deb97a39580f25450a87d6cc7 (diff)
parenteb1ff608cc119564eb48d33dbb8fe567bddab9f0 (diff)
Merge GH #815 Add NIST build policy
-rw-r--r--.travis.yml5
-rw-r--r--src/build-data/policy/nist.txt153
-rwxr-xr-xsrc/scripts/ci/travis/build.sh2
3 files changed, 159 insertions, 1 deletions
diff --git a/.travis.yml b/.travis.yml
index 80b176fc8..d62305f93 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -29,6 +29,7 @@ env:
- BUILD_MODE="shared"
- BUILD_MODE="static"
- BUILD_MODE="bsi"
+ - BUILD_MODE="nist"
- BUILD_MODE="sanitizer"
- BUILD_MODE="coverage"
- BUILD_MODE="cross-arm32"
@@ -50,7 +51,7 @@ matrix:
- os: osx
compiler: gcc
- # Run docs, bsi, coverage, valgrind, sonarqube, sanitizer,
+ # Run docs, bsi, nist, coverage, valgrind, sonarqube, sanitizer,
# minimized and non-ARM cross builds on Linux/gcc only. The
# sanitizer builds under Clang run the tests very slowly and cause
# CI timeouts.
@@ -58,6 +59,8 @@ matrix:
- compiler: clang
env: BUILD_MODE="bsi"
- compiler: clang
+ env: BUILD_MODE="nist"
+ - compiler: clang
env: BUILD_MODE="docs"
- compiler: clang
env: BUILD_MODE="coverage"
diff --git a/src/build-data/policy/nist.txt b/src/build-data/policy/nist.txt
new file mode 100644
index 000000000..0a14dc8a4
--- /dev/null
+++ b/src/build-data/policy/nist.txt
@@ -0,0 +1,153 @@
+<required>
+des
+aes
+
+gcm
+ccm
+ctr
+cbc
+mode_pad
+
+# hash
+sha2_32
+sha2_64
+sha3
+
+# mac
+cmac
+hmac
+gmac
+
+# kdf
+sp800_108
+sp800_56c
+
+# pk_pad
+eme_oaep
+emsa_pssr
+emsa1
+
+# pubkey
+dh
+rsa
+dsa
+ecdsa
+ecdh
+
+# rng
+auto_rng
+hmac_drbg
+
+# keywrap
+rfc3394
+</required>
+
+<if_available>
+# block
+aes_ni
+aes_ssse3
+
+# modes
+clmul
+
+# entropy sources
+cryptoapi_rng
+darwin_secrandom
+dev_random
+proc_walk
+rdrand
+rdseed
+win32_stats
+
+# rng
+rdrand_rng
+system_rng
+
+# utils
+locking_allocator
+simd
+</if_available>
+
+<prohibited>
+# block
+blowfish
+camellia
+cascade
+cast
+gost_28147
+idea
+idea_sse2
+kasumi
+lion
+misty1
+noekeon
+noekeon_simd
+seed
+serpent
+serpent_simd
+threefish
+threefish_avx2
+twofish
+xtea
+
+# modes
+chacha20poly1305
+eax
+ocb
+siv
+cfb
+
+# stream
+chacha
+chacha_sse2
+ofb
+rc4
+salsa20
+
+# kdf
+hkdf
+kdf1
+kdf2
+prf_x942
+
+# pubkey
+curve25519
+ecgdsa
+eckcdsa
+elgamal
+gost_3410
+mce
+mceies
+rfc6979
+newhope
+cecpq1
+xmss
+
+# pk_pad
+#eme_pkcs1 // needed for tls
+#emsa_pkcs1 // needed for tls
+emsa_raw
+emsa_x931
+
+# hash
+blake2
+comb4p
+gost_3411
+md4
+#md5 // needed for tls
+rmd160
+#sha1 // needed for tls
+#sha1_sse2 // needed for tls
+skein
+tiger
+whirlpool
+
+# mac
+cbc_mac
+poly1305
+siphash
+x919_mac
+
+# misc
+bcrypt
+</prohibited>
diff --git a/src/scripts/ci/travis/build.sh b/src/scripts/ci/travis/build.sh
index df80dd52e..bda049576 100755
--- a/src/scripts/ci/travis/build.sh
+++ b/src/scripts/ci/travis/build.sh
@@ -20,6 +20,8 @@ elif [ "$BUILD_MODE" = "shared" ] || [ "$BUILD_MODE" = "mini-shared" ]; then
CFG_FLAGS+=()
elif [ "$BUILD_MODE" = "bsi" ]; then
CFG_FLAGS+=(--module-policy=bsi)
+elif [ "$BUILD_MODE" = "nist" ]; then
+ CFG_FLAGS+=(--module-policy=nist)
elif [ "$BUILD_MODE" = "sonarqube" ]; then
# No special flags required
CFG_FLAGS+=()