From d4c827bc5ed905cc27b03006c1612dafc566dc5b Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 23 Jun 2025 11:12:53 -0700
Subject: [PATCH] Fix for building LMS with verify only. Added tests for
 LMS/XMSS verify only. New `wc_LmsKey_GetKid` references `key->priv_raw` that
 is not available.

---
 .github/workflows/os-check.yml | 3 ++-
 wolfcrypt/src/wc_lms.c         | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml
index 30556d02a..f282694d9 100644
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@@ -55,7 +55,8 @@ jobs:
             CPPFLAGS=''-DWC_RNG_SEED_CB -DWOLFSSL_NO_GETPID'' ',
           '--enable-opensslextra CPPFLAGS=''-DWOLFSSL_NO_CA_NAMES'' ',
           '--enable-opensslextra=x509small',
-          'CPPFLAGS=''-DWOLFSSL_EXTRA'' '
+          'CPPFLAGS=''-DWOLFSSL_EXTRA'' ',
+          '--enable-lms=small,verify-only --enable-xmss=small,verify-only'
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'
diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c
index 5b87b7e1f..1b3a1222f 100644
--- a/wolfcrypt/src/wc_lms.c
+++ b/wolfcrypt/src/wc_lms.c
@@ -1258,6 +1258,8 @@ int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz,
     return ret;
 }
 
+#ifndef WOLFSSL_LMS_VERIFY_ONLY
+
 /* Get the Key ID from the LMS key.
  *
  * PRIV = Q | PARAMS | SEED | I
@@ -1310,4 +1312,6 @@ const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz)
     return priv + privSz - LMS_I_LEN;
 }
 
+#endif
+
 #endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */