diff options
Diffstat (limited to 'comm/third_party/botan/src/build-data/policy')
-rw-r--r-- | comm/third_party/botan/src/build-data/policy/bsi.txt | 188 | ||||
-rw-r--r-- | comm/third_party/botan/src/build-data/policy/modern.txt | 131 | ||||
-rw-r--r-- | comm/third_party/botan/src/build-data/policy/nist.txt | 187 |
3 files changed, 506 insertions, 0 deletions
diff --git a/comm/third_party/botan/src/build-data/policy/bsi.txt b/comm/third_party/botan/src/build-data/policy/bsi.txt new file mode 100644 index 0000000000..719afc8368 --- /dev/null +++ b/comm/third_party/botan/src/build-data/policy/bsi.txt @@ -0,0 +1,188 @@ +<required> +# block +aes + +# modes +ccm +gcm +cbc +mode_pad + +# stream +ctr + +# hash +sha2_32 +sha2_64 +sha3 + +# mac +cmac +hmac +gmac + +# kdf +kdf1_iso18033 +sp800_108 +sp800_56c + +# pk_pad +eme_oaep +emsa_pssr +emsa1 +iso9796 + +# pubkey +dlies +dh +rsa +dsa +ecdsa +ecgdsa +ecies +eckcdsa +ecdh +xmss + +# rng +auto_rng +hmac_drbg +</required> + +<if_available> +# block +aes_ni +aes_vperm +aes_armv8 +aes_power8 + +# modes +ghash_cpu +ghash_vperm + +# hash +sha2_32_x86 +sha2_32_armv8 +sha2_32_bmi2 +sha2_64_bmi2 +sha3_bmi2 + +# entropy sources +dev_random +proc_walk +rdseed +win32_stats + +# rng +processor_rng +system_rng + +# utils +http_util # needed by x509 for OCSP online checks +locking_allocator +simd +</if_available> + +<prohibited> +# block +aria +blowfish +camellia +cascade +cast128 +cast256 +des +gost_28147 +idea +idea_sse2 +kasumi +lion +misty1 +noekeon +noekeon_simd +seed +serpent +serpent_simd +serpent_avx2 +shacal2 +shacal2_x86 +shacal2_simd +sm4 +threefish_512 +threefish_512_avx2 +twofish +xtea + +# modes +chacha20poly1305 +eax +ocb +siv +cfb + +# stream +chacha +chacha_simd32 +chacha_avx2 +ofb +rc4 +salsa20 +shake_cipher + +# kdf +hkdf +kdf1 +kdf2 +prf_x942 +sp800_56a + +# pubkey +cecpq1 +curve25519 +ed25519 +elgamal +gost_3410 +mce +mceies +rfc6979 +newhope +sm2 + +# pk_pad +#eme_pkcs1 // needed for tls +#emsa_pkcs1 // needed for tls +emsa_raw +emsa_x931 + +# hash +blake2 +comb4p +gost_3411 +md4 +md5 +rmd160 +shake +skein +#sha1 // needed for x509 +sm3 +streebog +tiger +whirlpool +keccak + +# rng +chacha_rng + +# mac +cbc_mac +poly1305 +siphash +x919_mac + +# misc +bcrypt + +# tls +tls_10 + +</prohibited> diff --git a/comm/third_party/botan/src/build-data/policy/modern.txt b/comm/third_party/botan/src/build-data/policy/modern.txt new file mode 100644 index 0000000000..ce2b3fd2ab --- /dev/null +++ b/comm/third_party/botan/src/build-data/policy/modern.txt @@ -0,0 +1,131 @@ +<required> +aes +serpent +threefish_512 +chacha + +sha2_32 +sha2_64 +blake2 +skein +keccak +sha3 + +gcm +ocb +chacha20poly1305 + +kdf2 +hkdf +cmac +hmac +poly1305 +siphash + +pbkdf2 +bcrypt + +# required for private key encryption +pbes2 + +ed25519 +curve25519 +ecdh +ecdsa +rsa +rfc6979 + +eme_oaep +emsa_pssr +emsa1 + +auto_rng +hmac_drbg +</required> + +<if_available> +ffi + +tls +prf_tls +newhope +ed25519 + +ghash_cpu +ghash_vperm + +locking_allocator +http_util # needed by x509 for OCSP online checks + +aes_ni +aes_vperm +aes_armv8 +aes_power8 +serpent_simd +serpent_avx2 +threefish_512_avx2 +chacha_simd32 +chacha_avx2 + +sha1_sse2 +sha1_x86 +sha1_armv8 +sha2_32_x86 +sha2_32_armv8 +sha2_32_bmi2 +sha2_64_bmi2 +sha3_bmi2 + +simd + +sessions_sql +certstor_sql + +system_rng +processor_rng + +# entropy sources +dev_random +proc_walk +rdseed +win32_stats +</if_available> + +<prohibited> +# Just say no to TLS 1.0 +tls_cbc + +cast128 +cast256 +des +gost_28147 +idea +idea_sse2 +kasumi +lion +misty1 +rc4 +seed +xtea + +cbc_mac +x919_mac + +# MD5 and SHA1 are broken but not prohibited. They are widely in use +# in non-crypto contexts and are required by TLS currently +md4 +gost_3411 + +cfb +ofb + +elgamal +gost_3410 + +emsa_x931 +pbkdf1 +prf_x942 + +passhash9 +cryptobox +</prohibited> diff --git a/comm/third_party/botan/src/build-data/policy/nist.txt b/comm/third_party/botan/src/build-data/policy/nist.txt new file mode 100644 index 0000000000..e4a19b4fea --- /dev/null +++ b/comm/third_party/botan/src/build-data/policy/nist.txt @@ -0,0 +1,187 @@ +<required> +des +aes + +gcm +ccm +ctr +cbc +mode_pad + +# hash +sha2_32 +sha2_64 +sha3 + +# mac +cmac +hmac +gmac + +# kdf +sp800_108 +sp800_56a +sp800_56c + +shake + +# pk_pad +eme_oaep +emsa_pssr +emsa1 + +# pubkey +dh +rsa +dsa +ecdsa +ecdh + +# rng +auto_rng +hmac_drbg + +# keywrap +rfc3394 +</required> + +<if_available> +# block +aes_ni +aes_vperm +aes_armv8 +aes_power8 + +# hash +sha2_32_x86 +sha2_32_armv8 +sha2_32_bmi2 +sha2_64_bmi2 +sha3_bmi2 + +# modes +ghash_cpu +ghash_vperm + +# hash +sha2_32_x86 +sha2_32_armv8 + +# entropy sources +dev_random +proc_walk +rdseed +win32_stats + +# rng +system_rng + +# utils +http_util # needed by x509 for OCSP online checks +locking_allocator +simd +</if_available> + +<prohibited> +# block +aria +blowfish +camellia +cascade +cast128 +cast256 +gost_28147 +idea +idea_sse2 +kasumi +lion +misty1 +noekeon +noekeon_simd +seed +serpent +serpent_simd +serpent_avx2 +sm4 +shacal2 +shacal2_x86 +shacal2_simd +threefish_512 +threefish_512_avx2 +twofish +xtea + +# modes +chacha20poly1305 +eax +ocb +siv +cfb + +# stream +chacha +chacha_simd32 +chacha_avx2 +shake_cipher +ofb +rc4 +salsa20 + +# kdf +hkdf +kdf1 +kdf2 +prf_x942 + +# pubkey +curve25519 +ed25519 +ecgdsa +eckcdsa +elgamal +gost_3410 +mce +mceies +rfc6979 +newhope +cecpq1 +xmss +sm2 + +# pk_pad +#eme_pkcs1 // needed for tls +#emsa_pkcs1 // needed for tls +emsa_raw +emsa_x931 + +# hash +blake2 +comb4p +gost_3411 +md5 +md4 +rmd160 +skein +#sha1 // needed for x509 +sm3 +streebog +tiger +whirlpool + +# rng +chacha_rng + +# mac +cbc_mac +poly1305 +siphash +x919_mac + +# misc +bcrypt + +# tls +tls_10 +tls_cbc + +</prohibited> |