Merge pull request #10345 from douzzer/20260428-SLHDSA-fixes

Frauschi · web-flow · commit 71a8a55654ad · 2026-04-29T16:44:02.000+02:00
20260428-SLHDSA-fixes
diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
@@ -910,6 +910,7 @@ WOLFSSL_SHA512_HASHTYPE
 WOLFSSL_SHUTDOWNONCE
 WOLFSSL_SILABS_TRNG
 WOLFSSL_SLHDSA_FULL_HASH
+WOLFSSL_SLHDSA_NO_VERIFY_ONLY
 WOLFSSL_SNIFFER_NO_RECOVERY
 WOLFSSL_SP_ARM32_UDIV
 WOLFSSL_SP_FAST_NCT_EXPTMOD
diff --git a/tests/api/test_slhdsa.c b/tests/api/test_slhdsa.c
@@ -42,7 +42,7 @@
 int test_wc_slhdsa(void)
 {
     EXPECT_DECLS;
-#ifdef WOLFSSL_HAVE_SLHDSA
+#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_NO_SHAKE)
     SlhDsaKey key;
 
     /* Test NULL parameter handling for init. */
@@ -84,7 +84,7 @@ int test_wc_slhdsa(void)
     wc_SlhDsaKey_Free(&key);
 #endif
 
-#endif /* WOLFSSL_HAVE_SLHDSA */
+#endif /* WOLFSSL_HAVE_SLHDSA && !WOLFSSL_SLHDSA_NO_SHAKE */
     return EXPECT_RESULT();
 }
 
@@ -94,7 +94,7 @@ int test_wc_slhdsa(void)
 int test_wc_slhdsa_sizes(void)
 {
     EXPECT_DECLS;
-#ifdef WOLFSSL_HAVE_SLHDSA
+#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_NO_SHAKE)
     SlhDsaKey key;
 
     /* Test NULL parameter handling for size functions. */
@@ -226,7 +226,7 @@ int test_wc_slhdsa_sizes(void)
         WC_SLHDSA_SHAKE256F_SIG_LEN);
 #endif
 
-#endif /* WOLFSSL_HAVE_SLHDSA */
+#endif /* WOLFSSL_HAVE_SLHDSA && !WOLFSSL_SLHDSA_NO_SHAKE */
     return EXPECT_RESULT();
 }
 
diff --git a/wolfcrypt/src/wc_slhdsa.c b/wolfcrypt/src/wc_slhdsa.c
@@ -758,6 +758,7 @@ static int slhdsakey_hash_f_sha2(SlhDsaKey* key, const byte* pk_seed,
     return ret;
 }
 
+#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
 /* SHA2 H function.
  *
  * FIPS 205. Section 11.2.
@@ -836,6 +837,7 @@ static int slhdsakey_hash_h_sha2(SlhDsaKey* key, const byte* pk_seed,
 
     return ret;
 }
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* SHA2 H function with two separate n-byte halves.
  *
@@ -921,6 +923,7 @@ static int slhdsakey_hash_h_2_sha2(SlhDsaKey* key, const byte* pk_seed,
     return ret;
 }
 
+#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
 /* SHA2 PRF function.
  *
  * FIPS 205. Section 11.2.
@@ -969,6 +972,7 @@ static int slhdsakey_hash_prf_sha2(SlhDsaKey* key, const byte* pk_seed,
 
     return ret;
 }
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* SHA2 T_l streaming: start with address.
  *
@@ -1165,6 +1169,7 @@ static int slhdsakey_mgf1_sha2(SlhDsaKey* key, const byte* seed,
     return ret;
 }
 
+#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
 /* SHA2 PRF_msg function.
  *
  * FIPS 205. Section 11.2.
@@ -1226,6 +1231,7 @@ static int slhdsakey_prf_msg_sha2(SlhDsaKey* key, const byte* sk_prf,
 
     return ret;
 }
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* SHA2 H_msg function.
  *
@@ -1370,6 +1376,7 @@ static int slhdsakey_hash_f_shake(SlhDsaKey* key, const byte* pk_seed,
 #endif
 }
 
+#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
 static int slhdsakey_hash_h_shake(SlhDsaKey* key, const byte* pk_seed,
     const word32* adrs, const byte* node, byte n, byte* hash)
 {
@@ -1381,6 +1388,7 @@ static int slhdsakey_hash_h_shake(SlhDsaKey* key, const byte* pk_seed,
         2 * n, NULL, 0, hash, n);
 #endif
 }
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 static int slhdsakey_hash_h_2_shake(SlhDsaKey* key, const byte* pk_seed,
     const word32* adrs, const byte* m1, const byte* m2, byte n, byte* hash)
@@ -1389,6 +1397,7 @@ static int slhdsakey_hash_h_2_shake(SlhDsaKey* key, const byte* pk_seed,
         n, m2, n, hash, n);
 }
 
+#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
 static int slhdsakey_hash_prf_shake(SlhDsaKey* key, const byte* pk_seed,
     const byte* sk_seed, const word32* adrs, byte n, byte* hash)
 {
@@ -1400,6 +1409,7 @@ static int slhdsakey_hash_prf_shake(SlhDsaKey* key, const byte* pk_seed,
         sk_seed, n, NULL, 0, hash, n);
 #endif
 }
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 #define HASH_PRF(k, pk_seed, sk_seed, adrs, n, o)                            \
     (SLHDSA_IS_SHA2((k)->params->param) ?                                    \
@@ -2014,7 +2024,7 @@ static int slhdsakey_shake256_set_seed_ha_hash_x4(word64* state,
 
     return ret;
 }
-#endif
+#endif /* WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* Get the four SHAKE-256 n-byte hash results.
  *
@@ -2049,7 +2059,7 @@ do {                                                                        \
     ((word8*)((state) + (o) - 2))[3] = (a) + 2;                             \
     ((word8*)((state) + (o) - 1))[3] = (a) + 3;                             \
 } while (0)
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* Set the chain address indices into the SHAKE-256 x4 state.
  *
@@ -2093,7 +2103,7 @@ do {                                                                        \
     c32toa((ti) + 2, (byte*)&((word32*)((state) + (o) - 2))[1]);            \
     c32toa((ti) + 3, (byte*)&((word32*)((state) + (o) - 1))[1]);            \
 } while (0)
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* Set the tree indices into the SHAKE-256 x4 state.
  *
@@ -2435,7 +2445,7 @@ static int slhdsakey_chain_x4_16(byte* sk, const byte* pk_seed, byte* addr,
     WC_FREE_VAR_EX(fixed, heap, DYNAMIC_TYPE_SLHDSA);
     return ret;
 }
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 #if !defined(WOLFSSL_SLHDSA_PARAM_NO_192)
 /* Iterate the hash function 15 times with 4 hashes when n=24.
@@ -3979,10 +3989,6 @@ static int slhdsakey_wots_pk_from_sig_x4(SlhDsaKey* key, const byte* sig,
     const byte* msg, const byte* pk_seed, word32* adrs, byte* pk_sig)
 {
     int ret = 0;
-    byte idx[4] = {0};
-    int i;
-    byte ii;
-    sword8 j;
     HashAddress wotspk_adrs;
     byte n = key->params->n;
     byte len = key->params->len;
@@ -3993,7 +3999,10 @@ static int slhdsakey_wots_pk_from_sig_x4(SlhDsaKey* key, const byte* sig,
         DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E);
 #if !defined(WOLFSSL_SLHDSA_PARAM_NO_128)
     if ((ret == 0) && (n == WC_SLHDSA_N_128)) {
-        ii = 0;
+        int i;
+        sword8 j;
+        byte ii = 0;
+        byte idx[4] = {0};
         for (j = 0; j <= SLHDSA_WM1; j++) {
             for (i = 0; i < len; i++) {
                 if ((sword8)msg[i] == j) {
@@ -4020,7 +4029,10 @@ static int slhdsakey_wots_pk_from_sig_x4(SlhDsaKey* key, const byte* sig,
 #endif
 #if !defined(WOLFSSL_SLHDSA_PARAM_NO_192)
     if ((ret == 0) && (n == 24)) {
-        ii = 0;
+        int i;
+        sword8 j;
+        byte ii = 0;
+        byte idx[4] = {0};
         for (j = 0; j <= SLHDSA_WM1; j++) {
             for (i = 0; i < len; i++) {
                 if ((sword8)msg[i] == j) {
@@ -4047,7 +4059,10 @@ static int slhdsakey_wots_pk_from_sig_x4(SlhDsaKey* key, const byte* sig,
 #endif
 #if !defined(WOLFSSL_SLHDSA_PARAM_NO_256)
     if ((ret == 0) && (n == 32)) {
-        ii = 0;
+        int i;
+        sword8 j;
+        byte ii = 0;
+        byte idx[4] = {0};
         for (j = 0; j <= SLHDSA_WM1; j++) {
             for (i = 0; i < len; i++) {
                 if ((sword8)msg[i] == j) {
@@ -4072,9 +4087,14 @@ static int slhdsakey_wots_pk_from_sig_x4(SlhDsaKey* key, const byte* sig,
     }
     else
 #endif
-    if (ret == 0) {
-        ret = NOT_COMPILED_IN;
+    {
+        (void)msg;
+        (void)key;
+        if (ret == 0) {
+            ret = NOT_COMPILED_IN;
+        }
     }
+
     if (ret == 0) {
         HA_Copy(wotspk_adrs, adrs);
         HA_SetTypeAndClearNotKPA(wotspk_adrs, HA_WOTS_PK);
@@ -4565,7 +4585,7 @@ static int slhdsakey_xmss_sign(SlhDsaKey* key, const byte* m,
 
     return ret;
 }
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* Compute XMSS public key from XMSS signature.
  *
@@ -4759,7 +4779,7 @@ static int slhdsakey_ht_sign(SlhDsaKey* key, const byte* pk_fors,
 
     return ret;
 }
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* Verify hypertree signature.
  *
@@ -5788,7 +5808,7 @@ static int slhdsakey_fors_sign(SlhDsaKey* key, const byte* md,
 
     return ret;
 }
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 #if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL)
 /* F hash 4 simultaneously.
@@ -7223,7 +7243,7 @@ int wc_SlhDsaKey_SignMsgWithRandom(SlhDsaKey* key, const byte* mprime,
         addRnd);
 }
 
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* Verify SLH-DSA signature.
  *
@@ -7968,7 +7988,7 @@ int wc_SlhDsaKey_SignHash(SlhDsaKey* key, const byte* ctx, byte ctxSz,
 
     return ret;
 }
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* Verify SLH-DSA signature.
  *
@@ -8155,7 +8175,7 @@ int wc_SlhDsaKey_ImportPrivate(SlhDsaKey* key, const byte* priv, word32 privLen)
 
     return ret;
 }
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* Import public key from data.
  *
@@ -8268,7 +8288,7 @@ int wc_SlhDsaKey_ExportPrivate(SlhDsaKey* key, byte* priv, word32* privLen)
 
     return ret;
 }
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* Export the public key.
  *
@@ -8326,7 +8346,7 @@ int wc_SlhDsaKey_PrivateSize(SlhDsaKey* key)
 
     return ret;
 }
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* Return the size of the public key for the parameters.
  *
@@ -8429,7 +8449,7 @@ int wc_SlhDsaKey_PrivateSizeFromParam(enum SlhDsaParam param)
 
     return ret;
 }
-#endif
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
 /* Return the size of the public key for the parameters.
  *
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -54234,9 +54234,7 @@ static wc_test_ret_t slhdsa_test_param(enum SlhDsaParam param)
 
 wc_test_ret_t slhdsa_test(void)
 {
-#if !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) || defined(WOLFSSL_SLHDSA_PARAM_128S)
-    int ret;
-#endif
+    int ret = 0;
 #ifdef WOLFSSL_SLHDSA_PARAM_128S
     WC_DECLARE_VAR(key_vfy, SlhDsaKey, 1, HEAP_HINT);
 #ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
@@ -55957,9 +55955,7 @@ wc_test_ret_t slhdsa_test(void)
         }
     }
 #endif
-#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
 
-#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
 #ifdef WOLFSSL_SLHDSA_PARAM_128S
     ret = slhdsa_test_param(SLHDSA_SHAKE128S);
     if (ret != 0) {
@@ -56044,17 +56040,25 @@ wc_test_ret_t slhdsa_test(void)
         goto out;
     }
 #endif
-#endif
+
+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
+
+#if defined(WOLFSSL_SLHDSA_VERIFY_ONLY) || \
+    defined(WOLFSSL_SLHDSA_PARAM_128S)
 
 out:
 
+#endif
+
+#ifdef WOLFSSL_SLHDSA_PARAM_128S
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (key_vfy)
 #endif
     {
         wc_SlhDsaKey_Free(key_vfy);
     }
     WC_FREE_VAR_EX(key_vfy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 #ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
 #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
     if (key)
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
@@ -4042,6 +4042,14 @@ extern void uITRON4_free(void *p) ;
         #undef WOLFSSL_GENERAL_ALIGNMENT
         #define WOLFSSL_GENERAL_ALIGNMENT SIZEOF_LONG
     #endif
+
+    /* SLH-DSA signature generation is too computationally intensive to be
+     * appropriate in typical kernel deployments.
+     */
+    #if !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) && \
+        !defined(WOLFSSL_SLHDSA_NO_VERIFY_ONLY)
+        #define WOLFSSL_SLHDSA_VERIFY_ONLY
+    #endif
 #endif /* WOLFSSL_KERNEL_MODE */
 
 #if defined(WC_SYM_RELOC_TABLES) && defined(HAVE_FIPS) && \
diff --git a/wolfssl/wolfcrypt/wc_slhdsa.h b/wolfssl/wolfcrypt/wc_slhdsa.h

Original file line number	Diff line number	Diff line change
`@@ -758,6 +758,7 @@ static int slhdsakey_hash_f_sha2(SlhDsaKey* key, const byte* pk_seed,`
`758`	`758`	`return ret;`
`759`	`759`	`}`
`760`	`760`
	`761`	`+#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY`
`761`	`762`	`/* SHA2 H function.`
`762`	`763`	`*`
`763`	`764`	`* FIPS 205. Section 11.2.`
`@@ -836,6 +837,7 @@ static int slhdsakey_hash_h_sha2(SlhDsaKey* key, const byte* pk_seed,`
`836`	`837`
`837`	`838`	`return ret;`
`838`	`839`	`}`
	`840`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`839`	`841`
`840`	`842`	`/* SHA2 H function with two separate n-byte halves.`
`841`	`843`	`*`
`@@ -921,6 +923,7 @@ static int slhdsakey_hash_h_2_sha2(SlhDsaKey* key, const byte* pk_seed,`
`921`	`923`	`return ret;`
`922`	`924`	`}`
`923`	`925`
	`926`	`+#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY`
`924`	`927`	`/* SHA2 PRF function.`
`925`	`928`	`*`
`926`	`929`	`* FIPS 205. Section 11.2.`
`@@ -969,6 +972,7 @@ static int slhdsakey_hash_prf_sha2(SlhDsaKey* key, const byte* pk_seed,`
`969`	`972`
`970`	`973`	`return ret;`
`971`	`974`	`}`
	`975`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`972`	`976`
`973`	`977`	`/* SHA2 T_l streaming: start with address.`
`974`	`978`	`*`
`@@ -1165,6 +1169,7 @@ static int slhdsakey_mgf1_sha2(SlhDsaKey* key, const byte* seed,`
`1165`	`1169`	`return ret;`
`1166`	`1170`	`}`
`1167`	`1171`
	`1172`	`+#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY`
`1168`	`1173`	`/* SHA2 PRF_msg function.`
`1169`	`1174`	`*`
`1170`	`1175`	`* FIPS 205. Section 11.2.`
`@@ -1226,6 +1231,7 @@ static int slhdsakey_prf_msg_sha2(SlhDsaKey* key, const byte* sk_prf,`
`1226`	`1231`
`1227`	`1232`	`return ret;`
`1228`	`1233`	`}`
	`1234`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`1229`	`1235`
`1230`	`1236`	`/* SHA2 H_msg function.`
`1231`	`1237`	`*`
`@@ -1370,6 +1376,7 @@ static int slhdsakey_hash_f_shake(SlhDsaKey* key, const byte* pk_seed,`
`1370`	`1376`	`#endif`
`1371`	`1377`	`}`
`1372`	`1378`
	`1379`	`+#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY`
`1373`	`1380`	`static int slhdsakey_hash_h_shake(SlhDsaKey* key, const byte* pk_seed,`
`1374`	`1381`	`const word32* adrs, const byte* node, byte n, byte* hash)`
`1375`	`1382`	`{`
`@@ -1381,6 +1388,7 @@ static int slhdsakey_hash_h_shake(SlhDsaKey* key, const byte* pk_seed,`
`1381`	`1388`	`2 * n, NULL, 0, hash, n);`
`1382`	`1389`	`#endif`
`1383`	`1390`	`}`
	`1391`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`1384`	`1392`
`1385`	`1393`	`static int slhdsakey_hash_h_2_shake(SlhDsaKey* key, const byte* pk_seed,`
`1386`	`1394`	`const word32* adrs, const byte* m1, const byte* m2, byte n, byte* hash)`
`@@ -1389,6 +1397,7 @@ static int slhdsakey_hash_h_2_shake(SlhDsaKey* key, const byte* pk_seed,`
`1389`	`1397`	`n, m2, n, hash, n);`
`1390`	`1398`	`}`
`1391`	`1399`
	`1400`	`+#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY`
`1392`	`1401`	`static int slhdsakey_hash_prf_shake(SlhDsaKey* key, const byte* pk_seed,`
`1393`	`1402`	`const byte* sk_seed, const word32* adrs, byte n, byte* hash)`
`1394`	`1403`	`{`
`@@ -1400,6 +1409,7 @@ static int slhdsakey_hash_prf_shake(SlhDsaKey* key, const byte* pk_seed,`
`1400`	`1409`	`sk_seed, n, NULL, 0, hash, n);`
`1401`	`1410`	`#endif`
`1402`	`1411`	`}`
	`1412`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`1403`	`1413`
`1404`	`1414`	`#define HASH_PRF(k, pk_seed, sk_seed, adrs, n, o) \`
`1405`	`1415`	`(SLHDSA_IS_SHA2((k)->params->param) ? \`
`@@ -2014,7 +2024,7 @@ static int slhdsakey_shake256_set_seed_ha_hash_x4(word64* state,`
`2014`	`2024`
`2015`	`2025`	`return ret;`
`2016`	`2026`	`}`
`2017`		`-#endif`
	`2027`	`+#endif /* WOLFSSL_SLHDSA_VERIFY_ONLY */`
`2018`	`2028`
`2019`	`2029`	`/* Get the four SHAKE-256 n-byte hash results.`
`2020`	`2030`	`*`
`@@ -2049,7 +2059,7 @@ do { \`
`2049`	`2059`	`((word8*)((state) + (o) - 2))[3] = (a) + 2; \`
`2050`	`2060`	`((word8*)((state) + (o) - 1))[3] = (a) + 3; \`
`2051`	`2061`	`} while (0)`
`2052`		`-#endif`
	`2062`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`2053`	`2063`
`2054`	`2064`	`/* Set the chain address indices into the SHAKE-256 x4 state.`
`2055`	`2065`	`*`
`@@ -2093,7 +2103,7 @@ do { \`
`2093`	`2103`	`c32toa((ti) + 2, (byte)&((word32)((state) + (o) - 2))[1]); \`
`2094`	`2104`	`c32toa((ti) + 3, (byte)&((word32)((state) + (o) - 1))[1]); \`
`2095`	`2105`	`} while (0)`
`2096`		`-#endif`
	`2106`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`2097`	`2107`
`2098`	`2108`	`/* Set the tree indices into the SHAKE-256 x4 state.`
`2099`	`2109`	`*`
`@@ -2435,7 +2445,7 @@ static int slhdsakey_chain_x4_16(byte* sk, const byte* pk_seed, byte* addr,`
`2435`	`2445`	`WC_FREE_VAR_EX(fixed, heap, DYNAMIC_TYPE_SLHDSA);`
`2436`	`2446`	`return ret;`
`2437`	`2447`	`}`
`2438`		`-#endif`
	`2448`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`2439`	`2449`
`2440`	`2450`	`#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192)`
`2441`	`2451`	`/* Iterate the hash function 15 times with 4 hashes when n=24.`
`@@ -3979,10 +3989,6 @@ static int slhdsakey_wots_pk_from_sig_x4(SlhDsaKey* key, const byte* sig,`
`3979`	`3989`	`const byte* msg, const byte* pk_seed, word32* adrs, byte* pk_sig)`
`3980`	`3990`	`{`
`3981`	`3991`	`int ret = 0;`
`3982`		`- byte idx[4] = {0};`
`3983`		`- int i;`
`3984`		`- byte ii;`
`3985`		`- sword8 j;`
`3986`	`3992`	`HashAddress wotspk_adrs;`
`3987`	`3993`	`byte n = key->params->n;`
`3988`	`3994`	`byte len = key->params->len;`
`@@ -3993,7 +3999,10 @@ static int slhdsakey_wots_pk_from_sig_x4(SlhDsaKey* key, const byte* sig,`
`3993`	`3999`	`DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E);`
`3994`	`4000`	`#if !defined(WOLFSSL_SLHDSA_PARAM_NO_128)`
`3995`	`4001`	`if ((ret == 0) && (n == WC_SLHDSA_N_128)) {`
`3996`		`- ii = 0;`
	`4002`	`+ int i;`
	`4003`	`+ sword8 j;`
	`4004`	`+ byte ii = 0;`
	`4005`	`+ byte idx[4] = {0};`
`3997`	`4006`	`for (j = 0; j <= SLHDSA_WM1; j++) {`
`3998`	`4007`	`for (i = 0; i < len; i++) {`
`3999`	`4008`	`if ((sword8)msg[i] == j) {`
`@@ -4020,7 +4029,10 @@ static int slhdsakey_wots_pk_from_sig_x4(SlhDsaKey* key, const byte* sig,`
`4020`	`4029`	`#endif`
`4021`	`4030`	`#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192)`
`4022`	`4031`	`if ((ret == 0) && (n == 24)) {`
`4023`		`- ii = 0;`
	`4032`	`+ int i;`
	`4033`	`+ sword8 j;`
	`4034`	`+ byte ii = 0;`
	`4035`	`+ byte idx[4] = {0};`
`4024`	`4036`	`for (j = 0; j <= SLHDSA_WM1; j++) {`
`4025`	`4037`	`for (i = 0; i < len; i++) {`
`4026`	`4038`	`if ((sword8)msg[i] == j) {`
`@@ -4047,7 +4059,10 @@ static int slhdsakey_wots_pk_from_sig_x4(SlhDsaKey* key, const byte* sig,`
`4047`	`4059`	`#endif`
`4048`	`4060`	`#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256)`
`4049`	`4061`	`if ((ret == 0) && (n == 32)) {`
`4050`		`- ii = 0;`
	`4062`	`+ int i;`
	`4063`	`+ sword8 j;`
	`4064`	`+ byte ii = 0;`
	`4065`	`+ byte idx[4] = {0};`
`4051`	`4066`	`for (j = 0; j <= SLHDSA_WM1; j++) {`
`4052`	`4067`	`for (i = 0; i < len; i++) {`
`4053`	`4068`	`if ((sword8)msg[i] == j) {`
`@@ -4072,9 +4087,14 @@ static int slhdsakey_wots_pk_from_sig_x4(SlhDsaKey* key, const byte* sig,`
`4072`	`4087`	`}`
`4073`	`4088`	`else`
`4074`	`4089`	`#endif`
`4075`		`- if (ret == 0) {`
`4076`		`- ret = NOT_COMPILED_IN;`
	`4090`	`+ {`
	`4091`	`+ (void)msg;`
	`4092`	`+ (void)key;`
	`4093`	`+ if (ret == 0) {`
	`4094`	`+ ret = NOT_COMPILED_IN;`
	`4095`	`+ }`
`4077`	`4096`	`}`
	`4097`	`+`
`4078`	`4098`	`if (ret == 0) {`
`4079`	`4099`	`HA_Copy(wotspk_adrs, adrs);`
`4080`	`4100`	`HA_SetTypeAndClearNotKPA(wotspk_adrs, HA_WOTS_PK);`
`@@ -4565,7 +4585,7 @@ static int slhdsakey_xmss_sign(SlhDsaKey* key, const byte* m,`
`4565`	`4585`
`4566`	`4586`	`return ret;`
`4567`	`4587`	`}`
`4568`		`-#endif`
	`4588`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`4569`	`4589`
`4570`	`4590`	`/* Compute XMSS public key from XMSS signature.`
`4571`	`4591`	`*`
`@@ -4759,7 +4779,7 @@ static int slhdsakey_ht_sign(SlhDsaKey* key, const byte* pk_fors,`
`4759`	`4779`
`4760`	`4780`	`return ret;`
`4761`	`4781`	`}`
`4762`		`-#endif`
	`4782`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`4763`	`4783`
`4764`	`4784`	`/* Verify hypertree signature.`
`4765`	`4785`	`*`
`@@ -5788,7 +5808,7 @@ static int slhdsakey_fors_sign(SlhDsaKey* key, const byte* md,`
`5788`	`5808`
`5789`	`5809`	`return ret;`
`5790`	`5810`	`}`
`5791`		`-#endif`
	`5811`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`5792`	`5812`
`5793`	`5813`	`#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL)`
`5794`	`5814`	`/* F hash 4 simultaneously.`
`@@ -7223,7 +7243,7 @@ int wc_SlhDsaKey_SignMsgWithRandom(SlhDsaKey* key, const byte* mprime,`
`7223`	`7243`	`addRnd);`
`7224`	`7244`	`}`
`7225`	`7245`
`7226`		`-#endif`
	`7246`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`7227`	`7247`
`7228`	`7248`	`/* Verify SLH-DSA signature.`
`7229`	`7249`	`*`
`@@ -7968,7 +7988,7 @@ int wc_SlhDsaKey_SignHash(SlhDsaKey* key, const byte* ctx, byte ctxSz,`
`7968`	`7988`
`7969`	`7989`	`return ret;`
`7970`	`7990`	`}`
`7971`		`-#endif`
	`7991`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`7972`	`7992`
`7973`	`7993`	`/* Verify SLH-DSA signature.`
`7974`	`7994`	`*`
`@@ -8155,7 +8175,7 @@ int wc_SlhDsaKey_ImportPrivate(SlhDsaKey* key, const byte* priv, word32 privLen)`
`8155`	`8175`
`8156`	`8176`	`return ret;`
`8157`	`8177`	`}`
`8158`		`-#endif`
	`8178`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`8159`	`8179`
`8160`	`8180`	`/* Import public key from data.`
`8161`	`8181`	`*`
`@@ -8268,7 +8288,7 @@ int wc_SlhDsaKey_ExportPrivate(SlhDsaKey* key, byte* priv, word32* privLen)`
`8268`	`8288`
`8269`	`8289`	`return ret;`
`8270`	`8290`	`}`
`8271`		`-#endif`
	`8291`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`8272`	`8292`
`8273`	`8293`	`/* Export the public key.`
`8274`	`8294`	`*`
`@@ -8326,7 +8346,7 @@ int wc_SlhDsaKey_PrivateSize(SlhDsaKey* key)`
`8326`	`8346`
`8327`	`8347`	`return ret;`
`8328`	`8348`	`}`
`8329`		`-#endif`
	`8349`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`8330`	`8350`
`8331`	`8351`	`/* Return the size of the public key for the parameters.`
`8332`	`8352`	`*`
`@@ -8429,7 +8449,7 @@ int wc_SlhDsaKey_PrivateSizeFromParam(enum SlhDsaParam param)`
`8429`	`8449`
`8430`	`8450`	`return ret;`
`8431`	`8451`	`}`
`8432`		`-#endif`
	`8452`	`+#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */`
`8433`	`8453`
`8434`	`8454`	`/* Return the size of the public key for the parameters.`
`8435`	`8455`	`*`