We are establishing a timeline to deprecate our legacy math backend, which is called “normal” or “heap” math. It will be removed from the wolfSSL/wolfCrypt library by the end of this year.
Currently, our library includes three different math backends that can be used to support public cryptography:
- Normal math (integer.c) which can be enabled with –enable-heapmath or CFLAGS=-DUSE_INTEGER_HEAP_MATH
- Fast math (tfm.c) which can be enabled with –enable-fastmath or CFLAGS=-DUSE_FAST_MATH
- SP math** (sp_int.c, Default) which can be enabled with –enable-sp-math-all or CFLAGS=-DWOLFSSL_SP_MATH_ALL
** Note: SP math comes with MANY tunable features including combinations of fastmath with sp or sp-math and key size toggles and heap/stack tuning knobs for nearly every use-case!
You can refer to https://www.wolfssl.com/wolfssl-math-library-comparison-matrix/ to see a comparison.
The SP math has been the default configuration math backend since wolfSSL release 5.4.0 (see https://github.com/wolfSSL/wolfssl/pull/4759).
The latest version of our SP math can do everything its predecessor can and then some! It also has constant-time and cache access safe algorithm implementations to prevent side-channels. (see https://www.wolfssl.com/wolfssl-hardened-default/)
Prior to wolfSSL release 5.4.0, if you build with –disable-fastmath (or #undef USE_FAST_MATH), normal math was utilized as a default backend.
Post release 5.4.0, you were required to use –enable-heapmath ( #define USE_INTEGER_HEAP_MATH) to be able to use the normal math.
Additionally, we are changing the math library for our FIPS users.
- We are moving all of our normal math customers to use Fast math for users of –enable-fips=v2 or HAVE_FIPS_VERSION <= 2
- We are moving all of our customers to use SP math for users of –enable-fips=v5 (FIPS 140-3) or HAVE_FIPS_VERSION > 2 (Also includes fips-ready and v5-dev)
If you have not done so already, we recommend migrating to the new SP math backend as early as possible. It offers far superior performance, security, and longevity.
If you have questions on any of the above, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247.