Add Configurable "lms" option

This option will be used by the base code for enabling
Leighton-Micali Signatures (LMS)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27885)

diff --git a/Configure b/Configure
index d105cfe330726095d5972fbf6fe561807f2b69ef..fb2a43d9b2f095be9ddb17078985c0436cade3a3 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -489,6 +489,7 @@ my @disablables = (
     "jitter",
     "ktls",
     "legacy",
+    "lms",
     "loadereng",
     "makedepend",
     "md2",
@@ -633,7 +634,7 @@ my @disable_cascades = (
                              "des", "dgram", "dh", "dsa",
                              "ec", "engine",
                              "filenames",
-                             "idea", "ktls",
+                             "idea", "ktls", "lms",
                              "md4", "ml-dsa", "ml-kem", "multiblock",
                              "nextprotoneg", "ocsp", "ocb", "poly1305", "psk",
                              "rc2", "rc4", "rmd160",

diff --git a/INSTALL.md b/INSTALL.md
index 731144b67fd06417119dcfc6b3e8c2ace5c859ee..cbf9da1de2b56e78be51a064add82648fa1972cc 100644 (file)
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -895,6 +895,12 @@ Don't build the legacy provider.
 
 Disabling this also disables the legacy algorithms: MD2 (already disabled by default).
 
+### no-lms
+
+Disable Leighton-Micali Signatures (LMS) support.
+Support is currently limited to verification only as per
+[SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final).
+
 ### no-makedepend
 
 Don't generate dependencies.