summaryrefslogtreecommitdiffstats
path: root/comm/third_party/botan/src/build-data/policy/modern.txt
diff options
context:
space:
mode:
Diffstat (limited to 'comm/third_party/botan/src/build-data/policy/modern.txt')
-rw-r--r--comm/third_party/botan/src/build-data/policy/modern.txt131
1 files changed, 131 insertions, 0 deletions
diff --git a/comm/third_party/botan/src/build-data/policy/modern.txt b/comm/third_party/botan/src/build-data/policy/modern.txt
new file mode 100644
index 0000000000..ce2b3fd2ab
--- /dev/null
+++ b/comm/third_party/botan/src/build-data/policy/modern.txt
@@ -0,0 +1,131 @@
+<required>
+aes
+serpent
+threefish_512
+chacha
+
+sha2_32
+sha2_64
+blake2
+skein
+keccak
+sha3
+
+gcm
+ocb
+chacha20poly1305
+
+kdf2
+hkdf
+cmac
+hmac
+poly1305
+siphash
+
+pbkdf2
+bcrypt
+
+# required for private key encryption
+pbes2
+
+ed25519
+curve25519
+ecdh
+ecdsa
+rsa
+rfc6979
+
+eme_oaep
+emsa_pssr
+emsa1
+
+auto_rng
+hmac_drbg
+</required>
+
+<if_available>
+ffi
+
+tls
+prf_tls
+newhope
+ed25519
+
+ghash_cpu
+ghash_vperm
+
+locking_allocator
+http_util # needed by x509 for OCSP online checks
+
+aes_ni
+aes_vperm
+aes_armv8
+aes_power8
+serpent_simd
+serpent_avx2
+threefish_512_avx2
+chacha_simd32
+chacha_avx2
+
+sha1_sse2
+sha1_x86
+sha1_armv8
+sha2_32_x86
+sha2_32_armv8
+sha2_32_bmi2
+sha2_64_bmi2
+sha3_bmi2
+
+simd
+
+sessions_sql
+certstor_sql
+
+system_rng
+processor_rng
+
+# entropy sources
+dev_random
+proc_walk
+rdseed
+win32_stats
+</if_available>
+
+<prohibited>
+# Just say no to TLS 1.0
+tls_cbc
+
+cast128
+cast256
+des
+gost_28147
+idea
+idea_sse2
+kasumi
+lion
+misty1
+rc4
+seed
+xtea
+
+cbc_mac
+x919_mac
+
+# MD5 and SHA1 are broken but not prohibited. They are widely in use
+# in non-crypto contexts and are required by TLS currently
+md4
+gost_3411
+
+cfb
+ofb
+
+elgamal
+gost_3410
+
+emsa_x931
+pbkdf1
+prf_x942
+
+passhash9
+cryptobox
+</prohibited>
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-02 20:24:20 +0000