Significant improvements to the C-only implementation of Single Precision math for P-256 and P-384 have been made in wolfSSL 5.1.1. Previously the Montgomery reduction implementation was performed generically. This function makes up a significant proportion of the time to perform ECC operations. By adding an optimised implementation the performance of the 32-bit C code improved by up to 80%! The 64-bit C code saw similar improvements.
Also the Aarch64 implementation of P-384 got an optimised version of the Montgomery reduction operation too. This improved its performance by up to 150%!
From fuzz testing, it was found that the implementation finding the square root modulo a prime (used in uncompressing a point) was not handling a value of zero correctly and resulted in the function not returning. This corner case will not occur with valid points. Compressed points are not recommended and disabled by default, but the fix was required to protect against potential attacks.
Bug fixes for the SP general math library were made for 5.1.1. These included fixes to sanity check values passed to sp_gcd (used in but not affecting RSA key generation) and better checking of maximum size of numbers when dividing. Also, when compiling for MIPS 32-bit, some compilers didn’t like the register names ‘$lo’ and ‘$hi’. These have been changed to ‘%lo’ and ‘%hi’ respectively.
The Single Precision code was also fixed around modular exponentiation. When the modulus is even or the exponent is 0 then we now error out. These are not use cases that are hit in normal operation.
A couple of bug fixes were made in the TFM implementation of our math library as well. An improved Montgomery reduction for Intel x86_64 was added in 5.0.0 and fixed to work reliably in this release. Also some out of memory error handling was improved around this same function.
A full list of what was changed can be found in the wolfSSL ChangeLog (https://www.wolfssl.com/docs/wolfssl-changelog/).
For questions about wolfSSL or about the latest release contact us at facts@wolfssl.com