diff options
| author | Jack Lloyd <[email protected]> | 2016-03-06 06:31:02 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-03-06 06:31:02 -0500 |
| commit | dd40d492fc8c76954909445e1af6e32a3e03600e (patch) | |
| tree | f8b041df0d69011ac90ae8a72c047375a5e4a8de /src/build-data | |
| parent | 7827c50cbddec094412745d877dcf3ea118ad4d7 (diff) | |
| parent | 028a5126095e4eecd4dd213218f241a990fcbddd (diff) | |
Merge GH #446 add --module-policy option
Diffstat (limited to 'src/build-data')
| -rw-r--r-- | src/build-data/policy/bsi.txt | 156 | ||||
| -rw-r--r-- | src/build-data/policy/sane.txt | 120 |
2 files changed, 276 insertions, 0 deletions
diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt new file mode 100644 index 000000000..9ab68a921 --- /dev/null +++ b/src/build-data/policy/bsi.txt @@ -0,0 +1,156 @@ +<required> +# block +aes + +# modes +gcm +cbc +mode_pad + +# stream +ctr + +# hash +sha2_32 +sha2_64 +keccak + +# mac +cmac +hmac + +# pk_pad +eme_oaep +emsa_pssr + +# pubkey +dlies +dh +rsa +dsa +ecdsa +ecdh + +# rng +auto_rng +hmac_rng +hmac_drbg +</required> + +<if_available> +# block +aes_ni +aes_ssse3 + +# modes +clmul + +# entropy sources +beos_stats +darwin_secrandom +egd +proc_walk +unix_procs +rdrand +rdseed +hres_timer +dev_random +system_rng +cryptoapi_rng +win32_stats + +# utils +locking_allocator +simd_altivec +simd_scalar +simd_sse2 +</if_available> + +<prohibited> +# block +blowfish +camellia +cascade +cast +gost_28147 +idea +idea_sse2 +kasumi +lion +mars +misty1 +noekeon +noekeon_simd +rc2 +rc5 +rc6 +safer +seed +serpent +serpent_simd +tea +threefish +threefish_avx2 +twofish +xtea +xtea_simd + +# modes +ccm +chacha20poly1305 +eax +ocb +siv +cfb +ecb + +# stream +chacha +ofb +rc4 +salsa20 + +# pubkey +curve25519 +elgamal +gost_3410 +mce +mceies +nr +rw + +# pk_pad +#eme_pkcs1 // needed for tls +eme_raw +#emsa_pkcs1 // needed for tls +emsa_raw +emsa_x931 +emsa1 +emsa1_bsi + +# hash +blake2 +comb4p +gost_3411 +has160 +md2 +md4 +#md5 // needed for tls +rmd128 +rmd160 +#sha1 // needed for tls +#sha1_sse2 // needed for tls +skein +tiger +whirlpool + +# mac +cbc_mac +poly1305 +siphash +x919_mac + +# rng +x931_rng + +</prohibited> diff --git a/src/build-data/policy/sane.txt b/src/build-data/policy/sane.txt new file mode 100644 index 000000000..3482296d6 --- /dev/null +++ b/src/build-data/policy/sane.txt @@ -0,0 +1,120 @@ +<required> +aes +serpent +threefish +chacha + +sha2_32 +sha2_64 +blake2 +skein +keccak + +gcm +ocb +chacha20poly1305 + +kdf2 +hkdf +cmac +hmac +poly1305 +siphash + +pbkdf2 + +# required for private key encryption +pbes2 + +# required for TLS +prf_tls + +curve25519 +ecdh +ecdsa +rsa + +eme_oaep +emsa_pssr +emsa1 + +auto_rng +hmac_rng + +ffi +</required> + +<prohibited> +cast +des +gost_28147 +idea +idea_sse2 +kasumi +lion +mars +misty1 +rc2 +rc4 +rc5 +rc6 +safer +seed +tea +xtea +xtea_simd + +cbc_mac +x919_mac + +# MD5 and SHA1 are broken but not prohibited. They are widely in use +# in non-crypto contexts and are required by TLS currently +md2 +md4 +rmd128 +has160 +gost_3411 + +cfb +ecb +ofb + +elgamal +rw +nr +gost_3410 + +emsa_x931 +pbkdf1 +prf_x942 +x931_rng + +passhash9 +cryptobox +unix_procs +</prohibited> + +<if_available> +clmul +locking_allocator + +sha1_sse2 +aes_ni +aes_ssse3 +noekeon_simd +serpent_simd +threefish_avx2 + +simd_scalar +simd_sse2 +simd_altivec + +# entropy sources +rdrand +rdseed +hres_timer +dev_random +system_rng +cryptoapi_rng +win32_stats +</if_available> |