Rename policy 'sane' to 'modern' which better reflects intent.

Add RFC 6979 which became optional along the line. Also add bcrypt and compression,
and add TLS by default. Prohibit EGD.

1 files changed, 129 insertions, 0 deletions

diff --git a/src/build-data/policy/modern.txt b/src/build-data/policy/modern.txt
new file mode 100644
index 000000000..f0b6934f0
--- /dev/null
+++ b/src/build-data/policy/modern.txt
@@ -0,0 +1,129 @@
+<required>
+aes
+serpent
+threefish
+chacha
+
+sha2_32
+sha2_64
+blake2
+skein
+keccak
+
+gcm
+ocb
+chacha20poly1305
+
+kdf2
+hkdf
+cmac
+hmac
+poly1305
+siphash
+
+pbkdf2
+bcrypt
+compression
+
+# required for private key encryption
+pbes2
+
+curve25519
+ecdh
+ecdsa
+rsa
+rfc6979
+
+eme_oaep
+emsa_pssr
+emsa1
+
+auto_rng
+hmac_rng
+
+ffi
+</required>
+
+<if_available>
+tls
+prf_tls
+
+clmul
+locking_allocator
+
+aes_ni
+aes_ssse3
+serpent_simd
+threefish_avx2
+
+simd_scalar
+simd_sse2
+simd_altivec
+
+system_rng
+
+# entropy sources
+beos_stats
+cryptoapi_rng
+darwin_secrandom
+dev_random
+hres_timer
+proc_walk
+rdrand
+rdseed
+win32_stats
+</if_available>
+
+<prohibited>
+cast
+des
+gost_28147
+idea
+idea_sse2
+kasumi
+lion
+mars
+misty1
+rc2
+rc4
+rc5
+rc6
+safer
+seed
+tea
+xtea
+xtea_simd
+
+cbc_mac
+x919_mac
+
+# MD5 and SHA1 are broken but not prohibited. They are widely in use
+# in non-crypto contexts and are required by TLS currently
+md2
+md4
+rmd128
+has160
+gost_3411
+
+cfb
+ecb
+ofb
+
+elgamal
+rw
+nr
+gost_3410
+
+emsa_x931
+pbkdf1
+prf_x942
+x931_rng
+
+passhash9
+cryptobox
+
+# questionable entropy sources
+egd
+unix_procs
+</prohibited>
+