Here at wolfSSL, we strive to support our customers’ needs for customization and finding the right trade-offs. The following table is a list of the top 10 things you can do with wolfSSL’s configuration flags.
|Get Ready for Your First FIPS Customer||–enable-fips=ready||You will need to have a fips-ready bundle which is available as both an open source code bundle or under a proprietary license.|
|Become DO-178 Compliant||–enable-sp-math||We have taken ECC in sp_c32.c in the SP-Math Library through DO-178C certification.|
|Make Your Application Secure from Side-Channel Attacks||–enable-sp-math –enable-sp-math-all
|Our SP-Math Library is always timing resistant and runs private key operations in constant time. Our Fast Math Library can be made timing resistant by enabling the hardened build.|
|Reduce Your Stack Usage||–enable-smallstack and –enable-smallstackcache||Allocating memory on the heap will be favored over the stack.|
|Reduce Your Heap Usage||–enable-static-memory||All memory that wolfSSL LIbrary allocates will be on the stack as local variables.|
|Reduce Your Code Size||–enable-sha3=small –enable-aesgcm=small –enable-lowresource
CFLAGS=”-DNO_ERROR_STRINGS -DNO_INLINE -DCURVED25519_SMALL -DUSE_SLOW_SHA” -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA612”
|This will come at a cost of algorithm speed and memory usage.|
|Make a Really Small PSK-Only wolfSSL Library||–enable-leanpsk||PSK stands for pre-shared key. Approximate build size for wolfSSL on an embedded system with this enabled is 21kB.|
|Make a Really Small Client-Only wolfSSL Library||–enable-leantls||This produces a small footprint TLS client that supports TLS 1.2 client only, ECC256, AES128 and SHA256.|
|Use Only wolfCrypt||–enable-cryptonly||This enables a wolfCrypt-only build, greatly reducing the size. No TLS, no SSL.|
|Figure Out What is Going on Under the Hood||–enable-debug||This will build the wolfSSL Library with debug symbols so you can use your debugger to step through the code as it executes. Also, if you call wolfSSL_Debugging_ON() lots of debugging messages will be printed to stderr.|
Note that some of these flags can be combined while others are mutually exclusive. Please feel free to experiment with different combinations.
Want more? You can see a full list of our configuration flags by downloading our latest release and executing the following command: ./configure –help
Still hungry? You can get detailed documentation about our configuration flags from “Chapter 2: Building wolfSSL” in the wolfSSL Manual which can be found here: https://www.wolfssl.com/documentation/wolfSSL-Manual.pdf. Need some expert advice? You can get in touch with your sales representative or email us at email@example.com to start a consulting session with the expert engineers on the wolfSSL Inc. team.