GENERATE[html/man7/EVP_SIGNATURE-HMAC.html]=man7/EVP_SIGNATURE-HMAC.pod
DEPEND[man/man7/EVP_SIGNATURE-HMAC.7]=man7/EVP_SIGNATURE-HMAC.pod
GENERATE[man/man7/EVP_SIGNATURE-HMAC.7]=man7/EVP_SIGNATURE-HMAC.pod
+DEPEND[html/man7/EVP_SIGNATURE-LMS.html]=man7/EVP_SIGNATURE-LMS.pod
+GENERATE[html/man7/EVP_SIGNATURE-LMS.html]=man7/EVP_SIGNATURE-LMS.pod
+DEPEND[man/man7/EVP_SIGNATURE-LMS.7]=man7/EVP_SIGNATURE-LMS.pod
+GENERATE[man/man7/EVP_SIGNATURE-LMS.7]=man7/EVP_SIGNATURE-LMS.pod
DEPEND[html/man7/EVP_SIGNATURE-ML-DSA.html]=man7/EVP_SIGNATURE-ML-DSA.pod
GENERATE[html/man7/EVP_SIGNATURE-ML-DSA.html]=man7/EVP_SIGNATURE-ML-DSA.pod
DEPEND[man/man7/EVP_SIGNATURE-ML-DSA.7]=man7/EVP_SIGNATURE-ML-DSA.pod
html/man7/EVP_SIGNATURE-ECDSA.html \
html/man7/EVP_SIGNATURE-ED25519.html \
html/man7/EVP_SIGNATURE-HMAC.html \
+html/man7/EVP_SIGNATURE-LMS.html \
html/man7/EVP_SIGNATURE-ML-DSA.html \
html/man7/EVP_SIGNATURE-RSA.html \
html/man7/EVP_SIGNATURE-SLH-DSA.html \
man/man7/EVP_SIGNATURE-ECDSA.7 \
man/man7/EVP_SIGNATURE-ED25519.7 \
man/man7/EVP_SIGNATURE-HMAC.7 \
+man/man7/EVP_SIGNATURE-LMS.7 \
man/man7/EVP_SIGNATURE-ML-DSA.7 \
man/man7/EVP_SIGNATURE-RSA.7 \
man/man7/EVP_SIGNATURE-SLH-DSA.7 \
L<EVP_PKEY-DH(7)/DH key generation parameters>
L<EVP_PKEY-EC(7)/Common EC parameters>
L<EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>
+L<EVP_PKEY-LMS(7)/Common LMS parameters>
L<EVP_PKEY-ML-DSA(7)/Common parameters>
L<EVP_PKEY-ML-KEM(7)/Common parameters>
for success and 0 or a negative value for failure. In particular a return value
of -2 indicates the operation is not supported by the public key algorithm.
+=head1 NOTES
+
+LMS support is disabled by default at compile-time.
+To enable, specify the B<enable-lms> build configuration option.
+
=head1 SEE ALSO
L<EVP_PKEY_CTX_new(3)>,
Support for B<ML-DSA>> and B<ML-KEM> was added in OpenSSL 3.5.
+Support for B<LMS> was added in OpenSSL 3.6.
+
=head1 COPYRIGHT
Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
These functions only work with key management methods coming from a provider.
This is the mirror function to L<EVP_PKEY_todata(3)>.
+LMS support is disabled by default at compile-time.
+To enable, specify the B<enable-lms> build configuration option.
+
=for comment We may choose to make this available for legacy methods too...
=head1 RETURN VALUES
L<EVP_PKEY-EC(7)>,
L<EVP_PKEY-ED25519(7)>,
L<EVP_PKEY-ED448(7)>,
+L<EVP_PKEY-LMS(7)>,
L<EVP_PKEY-DSA(7)>,
L<EVP_PKEY-DH(7)>,
L<EVP_PKEY-X25519(7)>,
Support for B<ML-DSA>, B<ML-KEM> and B<SLH-DSA> was added in OpenSSL 3.5.
+Support for B<LMS> was added in OpenSSL 3.6.
+
=head1 COPYRIGHT
Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
These functions only work with key management methods coming from a provider.
This is the mirror function to L<EVP_PKEY_fromdata(3)>.
+LMS support is disabled by default at compile-time.
+To enable, specify the B<enable-lms> build configuration option.
+
=head1 RETURN VALUES
EVP_PKEY_todata() and EVP_PKEY_export() return 1 for success and 0 for failure.
L<EVP_PKEY-DH(7)>,
L<EVP_PKEY-X25519(7)>,
L<EVP_PKEY-X448(7)>,
+L<EVP_PKEY-LMS(7)>,
L<EVP_PKEY-ML-DSA(7)>,
L<EVP_PKEY-ML-KEM(7)>,
L<EVP_PKEY-SLH-DSA(7)>.
Support for B<ML-DSA>, B<ML-KEM> and B<SLH-DSA> was added in OpenSSL 3.5.
+Support for B<LMS> was added in OpenSSL 3.6.
+
=head1 COPYRIGHT
Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
=head1 DESCRIPTION
-The B<LMS> keytype is implemented in OpenSSL's default provider.
+The B<LMS> keytype is implemented in OpenSSL's default and FIPS providers.
+The OpenSSL providers only support LMS signature verification, as this is a
+[SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final) requirement for
+software modules.
=head2 Common LMS parameters
-LMS public keys are encoded in XDR format (i.e. not ANS1 format),
+LMS public keys are encoded in XDR format (i.e. not ASN1 format).
The following parameters are used by EVP_PKEY_fromdata() and by the
LMS keymanager for import and export.
Leighton-Micali Hash-Based Signatures
-=item NIST SP 800-208
+=item NIST SP800-208
Recommendation for Stateful Hash-Based Signature Schemes
=back
+=head1 NOTES
+
+LMS support is disabled by default at compile-time.
+To enable it, specify the B<enable-lms> build configuration option.
+
=head1 EXAMPLES
NOTE error checking has been omitted in these examples
L<EVP_KEYMGMT(3)>,
L<EVP_PKEY(3)>,
+L<EVP_SIGNATURE-LMS(7)>,
L<provider-keymgmt(7)>
=head1 HISTORY
-This functionality was added in OpenSSL 3.5.0
+This functionality was added in OpenSSL 3.6.
=head1 COPYRIGHT
-Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
--- /dev/null
+=pod
+
+=head1 NAME
+
+EVP_SIGNATURE-LMS
+- The EVP_PKEY Leighton-Micali Signature (LMS) implementation
+
+=head1 DESCRIPTION
+
+The B<LMS> EVP_PKEY implementation supports Leighton-Micali Signatures (LMS)
+described in [RFC 8554](https://datatracker.ietf.org/doc/html/rfc8854)
+and [SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final).
+
+The OpenSSL providers only support LMS signature verification, as this is a
+SP 800-208 requirement for software modules.
+
+EVP_PKEY_verify_message_init() and EVP_PKEY_verify() are the only supported
+functions used for LMS signatures. Streaming is not currently supported,
+and since the signature data contains data related to the digest used, functions
+that specify the digest name are not necessary.
+
+=head1 NOTES
+
+LMS support is disabled by default at compile-time.
+To enable, specify the B<enable-lms> build configuration option.
+
+=head1 EXAMPLES
+
+Error checking has been omitted from the following examples
+
+=head2 LMS signature verification
+
+ /* See L<EVP_PKEY-LMS(7)/EXAMPLES for an example of loading a LMS |pub| key */
+ ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, propq);
+ sig = EVP_SIGNATURE_fetch(libctx, "LMS", propq);
+ EVP_PKEY_verify_message_init(ctx, sig, NULL);
+ /*
+ * EVP_PKEY_verify_message_update() and EVP_PKEY_verify_message_final()
+ * are not supported
+ */
+ ret = EVP_PKEY_verify(ctx, sigdata, sigdata_len, msg, msglen);
+ /*
+ * ret == 1 indicates success, 0 verify failure and < 0 for some
+ * other error.
+ */
+
+=head1 SEE ALSO
+
+L<EVP_PKEY-LMS(7)>,
+L<provider-signature(7)>,
+
+=head1 HISTORY
+
+This functionality was added in OpenSSL 3.6.
+
+=head1 COPYRIGHT
+
+Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
=item CMAC, see L<EVP_SIGNATURE-CMAC(7)>
+=item LMS, see L<EVP_SIGNATURE-LMS(7)>
+
=back
=head2 Asymmetric Cipher
=item SM2
+=item LMS, see L<EVP_SIGNATURE-LMS(7)>
+
=item ML-DSA-44, see L<EVP_SIGNATURE-ML-DSA(7)>
=item ML-DSA-65, see L<EVP_SIGNATURE-ML-DSA(7)>
should
always return a constant L<OSSL_PARAM(3)> array.
+=head1 NOTES
+
+LMS support is disabled by default at compile-time.
+To enable, specify the B<enable-lms> build configuration option.
+
=head1 SEE ALSO
L<EVP_PKEY_get_size(3)>,
L<EVP_PKEY-RSA(7)>,
L<EVP_PKEY-DSA(7)>,
L<EVP_PKEY-DH(7)>,
+L<EVP_PKEY-LMS(7)>,
L<EVP_PKEY-ML-DSA(7)>,
L<EVP_PKEY-ML-KEM(7)>,
L<EVP_PKEY-SLH-DSA(7)>.
Support for the B<ML-DSA>, B<ML-KEM> and B<SLH-DSA> algorithms was added in OpenSSL 3.5.
+Support for the B<LMS> algorithm was added in OpenSSL 3.6.
+
=head1 COPYRIGHT
Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
projects / thirdparty / openssl.git / commitdiff
