It is no secret that wolfSSL makes every effort to provide the best tested cryptographic and SSL/TLS solution available on the market.
To that end, wolfSSL is proud to announce that as of today there is a suite of Constant Time Tests evaluating two of the three big integer math libraries wolfCrypt offers that have support for constant time execution.
Big integer math libraries natively available in wolfSSL are:
- Use setting –enable-sp=yes to use this library
- For non-Autoconf builds use setting(s)
- (optional) WOLFSSL_SP_SMALL (reduced footprint)
- Stack based math library with optimized math, faster than tfm.c
- Constant time support for all algorithms: RSA, DH, and ECC
- Default on Linux (no setting needed to use)
- For non-Autoconf builds use setting USE_FAST_MATH to enable this library
- Stack based (large static buffer), enjoys better performance
- Constant time for only two algorithms (RSA and ECC)
- Use setting –disable-fastmath on Linux to use this library
- Avoid the setting USE_FAST_MATH to use this library when building with non-Autoconf solutions (IDEs’, Makefiles, whenever user_settings.h is used etc.)
- Heap based, suffers overhead of alloc/free at the benefit of only the needed resources.
- Not-constant time, avoid if concerned about timing attacks
Note: None of the above applies to externally implemented hardware and/or software solution(s). IE when using the crypto callbacks to offload operations to an external cryptographic module or using external quantum safe solutions such as liboqs etc.
wolfSSL is also evaluating constant time execution for the following algorithms that do NOT depend on any of the three big integer math options: AES-CBC, AES-GCM, ChaCha20, Poly1305, SHA2-256, SHA2-512 and X25519 (AKA “Curve25519”)