Deprecation of wolfSSL Normal Math Library

We are establishing a timeline to deprecate our legacy math backend, which is called “normal” or “heap” math.  It will be removed  from the wolfSSL/wolfCrypt library by the end of this year.

Currently, our library includes three different math backends that can be used to support public cryptography:

  1. Normal math (integer.c) which can be enabled with –enable-heapmath or CFLAGS=-DUSE_INTEGER_HEAP_MATH
  2. Fast math (tfm.c) which can be enabled with –enable-fastmath or CFLAGS=-DUSE_FAST_MATH
  3. SP math** (sp_int.c, Default) which can be enabled with –enable-sp-math-all or CFLAGS=-DWOLFSSL_SP_MATH_ALL

** Note: SP math comes with MANY tunable features including combinations of fastmath with sp or sp-math and key size toggles and heap/stack tuning knobs for nearly every use-case!

You can refer to to see a comparison.

The SP math has been the default configuration math backend since wolfSSL release 5.4.0  (see

The latest version of our SP math can do everything its predecessor can and then some! It also has constant-time and cache access safe algorithm implementations to prevent side-channels. (see

Prior to wolfSSL release 5.4.0, if you build with –disable-fastmath (or #undef USE_FAST_MATH), normal math was utilized as a default backend.

Post release 5.4.0, you were required to use  –enable-heapmath ( #define USE_INTEGER_HEAP_MATH) to be able to use the normal math. 

Additionally, we are changing the math library for our FIPS users.

  1. We are moving all of our normal math customers to use Fast math for users of –enable-fips=v2 or HAVE_FIPS_VERSION <= 2
  2. We are moving all of our customers to use SP math for users of –enable-fips=v5 (FIPS 140-3) or HAVE_FIPS_VERSION > 2 (Also includes fips-ready and v5-dev)

If you have not done so already, we recommend migrating to the new SP math backend as early as possible.  It offers far superior performance, security, and longevity.

If you have any questions or feedback please reach out to our team at!