Merge pull request #9408 from anhu/stateful_integ_deprecate

dgarske · web-flow · commit 967f520c28e9 · 2025-11-10T15:17:51.000-08:00
Deprecate LMS and XMSS integrations.
diff --git a/INSTALL b/INSTALL
@@ -295,63 +295,7 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl.
 
 17. Building with hash-sigs lib for LMS/HSS support [EXPERIMENTAL]
 
-    Using LMS/HSS requires that the hash-sigs lib has been built on
-    your system. We support hash-sigs lib at this git commit:
-      b0631b8891295bf2929e68761205337b7c031726
-    At the time of writing this, this is the HEAD of the master
-    branch of the hash-sigs project.
-
-    Currently the hash-sigs project only builds static libraries:
-      - hss_verify.a: a single-threaded verify-only static lib.
-      - hss_lib.a: a single-threaded static lib.
-      - hss_lib_thread.a: a multi-threaded static lib.
-
-    The multi-threaded version will mainly have speedups for key
-    generation and signing.
-
-    The default LMS build (--enable-lms) will look for
-    hss_lib.a first, and hss_lib_thread.a second, in a specified
-    hash-sigs dir.
-
-    The LMS verify-only build (--enable-lms=verify-only) will look
-    for hss_verify.a only, which is a slimmer library that includes
-    only the minimal functions necessary for signature verification.
-
-    How to get and build the hash-sigs library:
-      $ mkdir ~/hash_sigs
-      $ cd ~/hash_sigs
-      $ git clone https://github.com/cisco/hash-sigs.git src
-      $ cd src
-      $ git checkout b0631b8891295bf2929e68761205337b7c031726
-
-    In sha256.h, set USE_OPENSSL to 0:
-      #define USE_OPENSSL 0
-
-    To build the single-threaded version:
-      $ make hss_lib.a
-      $ ls *.a
-      hss_lib.a
-
-    To build multi-threaded:
-      $ make hss_lib_thread.a
-      $ ls *.a
-      hss_lib_thread.a
-
-    To build verify-only:
-      $ make hss_verify.a
-      $ ls *.a
-      hss_verify.a
-
-    Build wolfSSL with
-    $ ./configure \
-        --enable-static \
-        --disable-shared \
-        --enable-lms \
-        --with-liblms=<path to dir containing hss_lib.a or hss_lib_thread.a>
-    $ make
-
-    Run the benchmark against LMS/HSS with:
-    $ ./wolfcrypt/benchmark/benchmark -lms_hss
+    Deprecated. wolfSSL now has its own LMS/HSS implementation in wolfCrypt.
 
 18. Building for Debian, Ubuntu, Linux Mint, and derivatives
 
@@ -373,49 +317,5 @@ We also have vcpkg ports for wolftpm, wolfmqtt and curl.
 
 20. Building with xmss-reference lib for XMSS/XMSS^MT support [EXPERIMENTAL]
 
-    Experimental support for XMSS/XMSS^MT has been achieved by integration
-    with the xmss-reference implementation from RFC 8391 (XMSS: eXtended
-    Merkle Signature Scheme). We support a patched version of xmss-reference
-    based on this git commit:
-      171ccbd26f098542a67eb5d2b128281c80bd71a6
-    At the time of writing this, this is the HEAD of the master branch of
-    the xmss-reference project.
-
-    How to get the xmss-reference library:
-      $ mkdir ~/xmss
-      $ cd ~/xmss
-      $ git clone https://github.com/XMSS/xmss-reference.git src
-      $ cd src
-      $ git checkout 171ccbd26f098542a67eb5d2b128281c80bd71a6
-      $ git apply <path to xmss reference patch>
-
-    The patch may be found in the wolfssl-examples repo here:
-      pq/stateful_hash_sig/0001-Patch-to-support-wolfSSL-xmss-reference-integration.patch
-
-    To build patched xmss-reference:
-      $ make xmss_lib.a
-
-    To build verify-only patched xmss-reference:
-      $ make xmss_verify_lib.a
-
-    Note that this patch changes xmss-reference to use wolfCrypt SHA256 hashing,
-    by registering a SHA callback function in xmss-reference. It
-    thus benefits from all the same asm speedups as wolfCrypt SHA hashing.
-    Depending on architecture you may build with --enable-intelasm, or
-    --enable-armasm, and see 30-40% speedups in XMSS/XMSS^MT.
-
-    For full keygen, signing, verifying, and benchmarking support, build
-    wolfSSL with:
-      $ ./configure \
-          --enable-xmss \
-          --with-libxmss=<path to xmss src dir>
-      $ make
-
-    Run the benchmark against XMSS/XMSS^MT with:
-      $ ./wolfcrypt/benchmark/benchmark -xmss_xmssmt
-
-    For a leaner xmss verify-only build, build with
-      $ ./configure \
-          --enable-xmss=verify-only \
-          --with-libxmss=<path to xmss src dir>
-      $ make
+    Deprecated. wolfSSL now has its own XMMS/XMSS^MT implementation in
+    wolfCrypt.
