Reducing wolfSSH Footprint: Logging Optimization and Other Size-Saving Options
Embedded and resource-constrained systems often demand tight control over code size, memory usage, and runtime overhead. A recent improvement to wolfSSH directly addresses this need by reducing logging overhead when debugging is disabled.
Eliminating Logging Overhead with a No-Op WLOG
Historically, even when debugging was disabled, calls to `WLOG()` could still incur some overhead due to argument evaluation and function-like macro expansion. Although most linkers would be able to optimize out the unused functions in some embedded use cases it would result in larger code sizes. In GitHub pull request [#839](https://github.com/wolfSSL/wolfssh/pull/839), this was improved by defining `WLOG` as a true no-op when debugging is not enabled. This change is available in wolfSSH version 1.4.22 and newer.
When debug logging is disabled, `WLOG` now compiles out entirely, meaning:
- No logging code is emitted into the binary
- No format strings or logging-related data are retained
- No runtime cost is paid for unused logging calls
For production builds where logging is not required, this provides a straightforward and automatic size and performance win with no application changes required. Thanks to @AxlLind for the enhancement suggestion.
Additional Options for Reducing wolfSSH Size
The logging optimization pairs well with other configuration options designed to minimize wolfSSH’s footprint:
SSH Window Size
The SSH protocol has a window size used with the connection. By default this is set to 131,072 bytes in wolfSSH. Which is enough to handle a couple SSH packets at once. This window is a buffer that gets malloc’d on the creation of a new SSH channel and held for the lifetime of the channel. Setting the macro DEFAULT_WINDOW_SZ allows for using smaller window sizes, which has the trade off of reducing heap usage at the cost of performance for smaller window sizes.
Small Stack Build
wolfSSH supports a small stack configuration that reduces per-function stack usage by minimizing large local buffers and favoring heap or shared workspace usage where possible. This is especially useful on microcontrollers or RTOS-based systems with limited stack allocation per task. It can be enabled by using the configure flag –enable-smallstack.
Selective Algorithm Enablement
Disabling unused key exchange methods, ciphers, MACs, and public key algorithms can significantly reduce both code size and static data. wolfSSH allows fine-grained control over enabled algorithms at build time, ensuring only what is required for the target deployment is included.
Disable Unused Features
Features such as SCP, SFTP, agent forwarding, or extended authentication methods can be excluded entirely if not needed. Each removed feature reduces code size and simplifies the resulting binary.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 2452 8247.
Download wolfSSL Now