Add Configurable "lms" option

This option will be used by the base code for enabling
Leighton-Micali Signatures (LMS)

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25598)

diff --git a/Configure b/Configure
index 2dd6234d1cca7be28b10b7e5b24c77283d4d1d1b..846a3200c66ddd9d65958d99f17c35ce1e000651 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -481,6 +481,7 @@ my @disablables = (
     "jitter",
     "ktls",
     "legacy",
+    "lms",
     "loadereng",
     "makedepend",
     "md2",
@@ -621,7 +622,7 @@ my @disable_cascades = (
                              "des", "dgram", "dh", "dsa",
                              "ec", "engine",
                              "filenames",
-                             "idea", "ktls",
+                             "idea", "ktls", "lms",
                              "md4", "multiblock", "nextprotoneg",
                              "ocsp", "ocb", "poly1305", "psk",
                              "rc2", "rc4", "rmd160",

diff --git a/INSTALL.md b/INSTALL.md
index 0f686532d3d1f9b7101cf60c33bf42dcc00885f6..0e7df25452643fd836b69770703b5cf0030f5a62 100644 (file)
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -881,6 +881,12 @@ Don't build the legacy provider.
 
 Disabling this also disables the legacy algorithms: MD2 (already disabled by default).
 
+### no-lms
+
+Disable Leighton-Micali Signatures (LMS) support.
+Support is currently limited to verification only as per
+[SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final).
+
 ### no-makedepend
 
 Don't generate dependencies.