From e03830977dc1b9eb6d91f4a9d306c62ca442165a Mon Sep 17 00:00:00 2001
From: Fabian Albert <fabian.albert@rohde-schwarz.com>
Date: Thu, 6 Apr 2023 10:08:34 +0200
Subject: [PATCH] Update of the BSI policy for BSI guidelines 2023

---
 src/build-data/policy/bsi.txt | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt
index 0034a1c27ea..745d57f81b8 100644
--- a/src/build-data/policy/bsi.txt
+++ b/src/build-data/policy/bsi.txt
@@ -38,6 +38,8 @@ iso9796
 # pubkey
 dlies
 dh
+#dilithium // not (yet) recommended
+#dilithium_aes // not (yet) recommended
 rsa
 dsa
 ecdsa
@@ -45,8 +47,8 @@ ecgdsa
 ecies
 eckcdsa
 ecdh
-kyber
-kyber_90s
+#kyber // not (yet) recommended
+#kyber_90s // not (yet) recommended
 xmss
 
 # rng
@@ -73,10 +75,12 @@ sha2_64_bmi2
 sha3_bmi2
 
 # entropy sources
+getentropy
 rdseed
 win32_stats
 
 # pbkdf
+argon2_avx2
 argon2_ssse3
 
 # rng
@@ -134,7 +138,7 @@ salsa20
 #shake_cipher # not recommended, but needed for kyber
 
 # kdf
-hkdf
+#hkdf // needed for tls 1.3
 kdf1
 kdf2
 prf_x942
@@ -153,6 +157,7 @@ sm2
 # pk_pad
 #eme_pkcs1 // needed for tls
 #emsa_pkcs1 // needed for tls
+#eme_raw // allows custom paddings
 emsa_raw
 emsa_x931