I'm implementing ECIES (https://en.wikipedia.org/wiki/Integrate … ion_Scheme) using Wolfcrypt to evaluate whether we can use it in a product that runs an embedded Linux environment with very limited code space available. So the goal is to make the binary as small as possible. I read that wolfSSL can often be built using between 30k and 100k of code space, and since we are only using a subset of the functionality I was hoping that I could get it down to somewhere in that range, but so far with a small test app the smallest binary I have been able to produce is 255K (after running "strip" to remove the symbols).

I used this command to configure before building WolfSSL:
./configure --enable-static --disable-rsa --disable-errorstrings --disable-oldtls --disable-oaep --disable-md5 --disable-sha3 --disable-sha224 --disable-asyncthreads --disable-examples --disable-crypttests --disable-chacha --disable-eccshamir --disable-aescbc --disable-sha512 --disable-poly1305

The libwolfssl.a static library that this produces is 426K when I link this to my small test application the total binary size is 255K. When I link my application dynamically (to the .so) the size is only 20K, so I think the wolfcrypt library code is making up the bulk of the binary size. Is there anything else I can try to make this binary smaller?

The Wolfcrypt/WolfSSL functions I am using are:
wc_ecc_import_point_der
wc_ecc_shared_secret_ex
wc_ecc_get_curve_size_from_id
wc_ecc_make_key_ex
wc_ecc_init
wc_EccPrivateKeyDecode
wc_ecc_export_private_only
wc_ecc_export_public_raw
wolfSSL_Init