From: slontis <shane.lontis@oracle.com>
Date: Thu, 3 Oct 2024 01:10:01 +0000 (+1000)
Subject: Add Configurable "lms" option
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bfffa8bc02eca0aaad743d3e5bc5fb41dcedc23a;p=thirdparty%2Fopenssl.git

Add Configurable "lms" option

This option will be used by the base code for enabling
Leighton-Micali Signatures (LMS)

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25598)
---

diff --git a/Configure b/Configure
index 2dd6234d1cc..846a3200c66 100755
--- a/Configure
+++ b/Configure
@@ -481,6 +481,7 @@ my @disablables = (
     "jitter",
     "ktls",
     "legacy",
+    "lms",
     "loadereng",
     "makedepend",
     "md2",
@@ -621,7 +622,7 @@ my @disable_cascades = (
                              "des", "dgram", "dh", "dsa",
                              "ec", "engine",
                              "filenames",
-                             "idea", "ktls",
+                             "idea", "ktls", "lms",
                              "md4", "multiblock", "nextprotoneg",
                              "ocsp", "ocb", "poly1305", "psk",
                              "rc2", "rc4", "rmd160",
diff --git a/INSTALL.md b/INSTALL.md
index 0f686532d3d..0e7df254526 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -881,6 +881,12 @@ Don't build the legacy provider.
 
 Disabling this also disables the legacy algorithms: MD2 (already disabled by default).
 
+### no-lms
+
+Disable Leighton-Micali Signatures (LMS) support.
+Support is currently limited to verification only as per
+[SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final).
+
 ### no-makedepend
 
 Don't generate dependencies.