-
Notifications
You must be signed in to change notification settings - Fork 132
Using liboqs algorithms not in the fork
If an algorithm is provided by liboqs but has not been listed as being supported by OQS-OpenSSL, it can still be used through either one of the two following methods:
liboqs can be configured at compile-time to use any of its algorithms as the "default" algorithm. If OpenSSL 1.1.1 is told to use oqs_kem_default or oqs_sig_default, then it will respectively use whichever KEM or signature algorithm was set as the default in liboqs at compile time. To set the default algorithm:
-
Follow the instructions to set OQS_KEM_DEFAULT and OQS_SIG_DEFAULT in liboqs and proceed to build the project.
-
Recompile OpenSSL against the newly built liboqs as in the Quickstart section here
The oqs-template folder contains a mechanism by which the code to add a new key-exchange or digital signature algorithm is automatically generated and inserted at the appropriate locations in the OpenSSL code base.
If support for a new algorithm/variant is required, add the algorithm to oqs-template/generate.yml, following the conventions by which the other algorithms have been specified. Then, proceed to step 2 of this section.
If a signature algorithm variant that is disabled by default is to be enabled, simply change the enable value of that variant in oqs-template/generate.yml from false to true, keeping in mind that at most 64 variants can be enabled at a time. Then, proceed to step 2 of this section.