Make LMS disabled by default

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)

diff --git a/Configure b/Configure
index fb2a43d9b2f095be9ddb17078985c0436cade3a3..d1586e60a7e0f7a98db71671dfc148d2be31a72d 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -606,6 +606,7 @@ our %disabled = ( # "what"         => "comment"
                   "pie"                 => "default",
                   "jitter"              => "default",
                   "ktls"                => "default",
+                  "lms"                 => "default",
                   "md2"                 => "default",
                   "msan"                => "default",
                   "rc5"                 => "default",

diff --git a/INSTALL.md b/INSTALL.md
index cbf9da1de2b56e78be51a064add82648fa1972cc..a4b5fadf55b8c760e75a8299fedb06f84bc9218c 100644 (file)
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -895,9 +895,9 @@ Don't build the legacy provider.
 
 Disabling this also disables the legacy algorithms: MD2 (already disabled by default).
 
-### no-lms
+### enable-lms
 
-Disable Leighton-Micali Signatures (LMS) support.
+Enable Leighton-Micali Signatures (LMS) support.
 Support is currently limited to verification only as per
 [SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final).