EVP_SIGNATURE-LMS.7ossl - Man Page

The EVP_PKEY LMS signature implementation

Description

The LMS EVP_PKEY implementation supports Leighton-Micali Signatures (LMS) described in [RFC 8554](https://datatracker.ietf.org/doc/html/rfc8854) and [SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final). The OpenSSL providers only support LMS signature verification, as this is a [SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final) requirement for FIPS software modules.

EVP_PKEY_verify_message_init() and EVP_PKEY_verify() are the only supported functions used for LMS signatures. Streaming is not currently supported, and since the signature data contains data related to the digest used, functions that specify the digest name are not necessary.

Notes

LMS support is disabled by default at compile-time. To enable, specify the enable-lms build configuration option.

For backwards compatibility reasons EVP_DigestVerifyInit_ex() and EVP_DigestVerify() may also be used, but the digest passed in mdname must be NULL.

LMS should only be used for older deployments. New deployments should use either EVP_SIGNATURE-ML-DSA(7) or <L/EVP_SIGNATURE-SLH-DSA(7)>.

Examples

Error checking has been omitted from the following examples

LMS signature verification

 /* See L<EVP_PKEY-LMS(7)/EXAMPLES for an example of loading a LMS |pub| key */
 ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, propq);
 sig = EVP_SIGNATURE_fetch(libctx, "LMS", propq);
 EVP_PKEY_verify_message_init(ctx, sig, NULL);
 /*
  * EVP_PKEY_verify_message_update() and EVP_PKEY_verify_message_final()
  * are not supported
  */
 ret = EVP_PKEY_verify(ctx, sigdata, sigdata_len, msg, msglen);
 /*
  * ret == 1 indicates success, 0 verify failure and < 0 for some
  * other error.
  */

EVP_SIGNATURE-LMS.7ossl - Man Page

Description

Notes

Examples

LMS signature verification

See Also

History

Copyright

Referenced By