Hello libacvp team,
I’m trying to run ACVP testing for LMS (SP 800-208) using libacvp with the OpenSSL 3.x implementation, but LMS capabilities are not being registered, even though LMS is supported by the underlying crypto provider.
Environment
libacvp version: 2.2.0
OpenSSL version: 3.6.0 (built with default + FIPS providers)
OS: Linux x86_64
ACVP server: demo.acvts.nist.gov
Provider status:
openssl list -providers -verbose
→ default + fips providers active
LMS available in OpenSSL:
openssl list -signature-algorithms | grep -i lms
→ LMS is listed under both default and fips providers
What Works
./app/acvp_app --rsa
✅ RSA capabilities register successfully
./app/acvp_app --ecdsa
✅ ECDSA capabilities register successfully
What Does NOT Work
./app/acvp_app --lms
Output:
[ACVP]: Building registration of capabilities...
[ACVP][ERROR]: No capabilities added to ctx
[ACVP][ERROR]: Unable to build registration
Debugging shows:
ctx->capabilities == NULL
Investigation Findings
However, No LMS capability is added to ctx
acvp_build_registration_json() fails because no capabilities exist
Searching the OpenSSL registration code:
app/implementations/openssl/3/registrations/
shows:
No calls to:
- acvp_cap_lms_enable()
- acvp_cap_lms_set_*()
The only LMS handler found is:
app/implementations/stubs/stub_lms.c
which appears unused by the OpenSSL implementation.
Expected Behavior
When running: ./app/acvp_app --lms
I would expect:
- LMS KeyGen / SigGen / SigVer capabilities to be registered
- ACVP registration JSON to include LMS algorithms
- Registration request to succeed
Actual Behavior
LMS is silently ignored
No capabilities are added
Registration fails with: No capabilities added to ctx
Question / Request
- Is LMS intentionally not wired in the OpenSSL 3.x implementation?
- Is LMS support currently stub-only in libacvp?-
- Are there plans or guidance for implementing: enable_lms() in fp_3xx / fp_4x registration files?-
- Is there an example or reference implementation for LMS capability registration?
Thanks for your time and for maintaining libacvp.
Best regards,
Rakesh
Hello libacvp team,
I’m trying to run ACVP testing for LMS (SP 800-208) using libacvp with the OpenSSL 3.x implementation, but LMS capabilities are not being registered, even though LMS is supported by the underlying crypto provider.
Environment
libacvp version: 2.2.0
OpenSSL version: 3.6.0 (built with default + FIPS providers)
OS: Linux x86_64
ACVP server: demo.acvts.nist.gov
Provider status:
openssl list -providers -verbose
→ default + fips providers active
LMS available in OpenSSL:
openssl list -signature-algorithms | grep -i lms
→ LMS is listed under both default and fips providers
What Works
./app/acvp_app --rsa
✅ RSA capabilities register successfully
./app/acvp_app --ecdsa
✅ ECDSA capabilities register successfully
What Does NOT Work
./app/acvp_app --lms
Output:
[ACVP]: Building registration of capabilities...
[ACVP][ERROR]: No capabilities added to ctx
[ACVP][ERROR]: Unable to build registration
Debugging shows:
ctx->capabilities == NULL
Investigation Findings
CLI parsing does set cfg->lms = 1
iut_register_capabilities() is called successfully
However, No LMS capability is added to ctx
acvp_build_registration_json() fails because no capabilities exist
Searching the OpenSSL registration code:
app/implementations/openssl/3/registrations/
shows:
enable_rsa(), enable_ecdsa() are implemented
No enable_lms() implementation exists
No calls to:
The only LMS handler found is:
app/implementations/stubs/stub_lms.c
which appears unused by the OpenSSL implementation.
Expected Behavior
When running: ./app/acvp_app --lms
I would expect:
Actual Behavior
LMS is silently ignored
No capabilities are added
Registration fails with: No capabilities added to ctx
Question / Request
Thanks for your time and for maintaining libacvp.
Best regards,
Rakesh