Topic: Overriding signature algorithms (not ciphers!)

Greetings,

I wonder whether wolfSSL allows for overriding the list of supported signature algorithms. My use case is integration of a crypto device that doesn't support RSA-PSS, and also the same device doesn't support signing sha512 hashes (don't ask why smile ). So I need to exclude psa_pss_rsae_sha256 and rsa_pkcs1_sha512 from the list of advertised algorithms. What would be the best way to do that?

Thanks in advance!

Share

Re: Overriding signature algorithms (not ciphers!)

Hi Oytis,

Just disable them and they won't be broadcast for example:


./configure --disable-rsapss --disable-sha512 --disable-sha384

(sha384 is truncated sha512 so should be disabled also).

Cheers,

KH

Re: Overriding signature algorithms (not ciphers!)

Hi Kaleb,

thank you for your answer. That is the option I've been using so far. I believe it could be beneficial to be able to set the list in runtime instead of build time. This solves the problem in the short term though.

Thanks!

Share

Re: Overriding signature algorithms (not ciphers!)

Hi Oytis,

I see, unfortunately at this time we do not have a run time option. Can you provide a brief summary of your use case and why it would be beneficial to have a run time option? I would happy to add it to our list of internal feature requests and just need something to put in the notes for why it would be useful to have an optional run-time switch as opposed to just supported/not supported build time option.


Warmest Regards,

KH