From: Pauli <ppzgs1@gmail.com>
Date: Mon, 30 Jun 2025 22:20:54 +0000 (+1000)
Subject: Make LMS disabled by default
X-Git-Tag: openssl-3.6.0-alpha1~456
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17a1637a3f002d7f8276947cc151440c64984451;p=thirdparty%2Fopenssl.git

Make LMS disabled by default

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27885)
---

diff --git a/Configure b/Configure
index fb2a43d9b2f..d1586e60a7e 100755
--- a/Configure
+++ b/Configure
@@ -606,6 +606,7 @@ our %disabled = ( # "what"         => "comment"
                   "pie"                 => "default",
                   "jitter"              => "default",
                   "ktls"                => "default",
+                  "lms"                 => "default",
                   "md2"                 => "default",
                   "msan"                => "default",
                   "rc5"                 => "default",
diff --git a/INSTALL.md b/INSTALL.md
index cbf9da1de2b..a4b5fadf55b 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -895,9 +895,9 @@ Don't build the legacy provider.
 
 Disabling this also disables the legacy algorithms: MD2 (already disabled by default).
 
-### no-lms
+### enable-lms
 
-Disable Leighton-Micali Signatures (LMS) support.
+Enable Leighton-Micali Signatures (LMS) support.
 Support is currently limited to verification only as per
 [SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final).