Top 10 wolfSSL Library Configurations

Here at wolfSSL, we strive to support our customers’ needs for customization and finding the right trade-offs. The following table is a list of the top 10 things you can do with wolfSSL’s configuration flags.

Task Configure Flag(s) Details
Get Ready for Your First FIPS Customer –enable-fips=ready You will need to have a fips-ready bundle which is available as both an open source code bundle or under a proprietary license.
Become DO-178 Compliant –enable-sp-math We have taken ECC in sp_c32.c in the SP-Math Library through DO-178C certification.
Make Your Application Secure from Side-Channel Attacks –enable-sp-math –enable-sp-math-all

CFLAGS=”WOLFSSL_SP_CACHE_RESISTANT”

or

–enable-fastmath –enable-harden 

Our SP-Math Library is always timing resistant and runs private key operations in constant time.  Our Fast Math Library can be made timing resistant by enabling the hardened build.
Reduce Your Stack Usage –enable-smallstack and –enable-smallstackcache Allocating memory on the heap will be favored over the stack.
Reduce Your Heap Usage –enable-static-memory All memory that wolfSSL LIbrary allocates will be on the stack as local variables.
Reduce Your Code Size –enable-sha3=small –enable-aesgcm=small –enable-lowresource

CFLAGS=”-DNO_ERROR_STRINGS -DNO_INLINE -DCURVED25519_SMALL -DUSE_SLOW_SHA” -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA612”

This will come at a cost of algorithm speed and memory usage.
Make a Really Small PSK-Only wolfSSL Library –enable-leanpsk PSK stands for pre-shared key. Approximate build size for wolfSSL on an embedded system with this enabled is 21kB.
Make a Really Small Client-Only wolfSSL Library –enable-leantls This produces a small footprint TLS client that supports TLS 1.2 client only, ECC256, AES128 and SHA256.
Use Only wolfCrypt –enable-cryptonly This enables a wolfCrypt-only build, greatly reducing the size. No TLS, no SSL.
Figure Out What is Going on Under the Hood –enable-debug This will build the wolfSSL Library with debug symbols so you can use your debugger to step through the code as it executes.  Also, if you call wolfSSL_Debugging_ON() lots of debugging messages will be printed to stderr.

 

Note that some of these flags can be combined while others are mutually exclusive. Please feel free to experiment with different combinations.

Want more? You can see a full list of our configuration flags by downloading our latest release and executing the following command:  ./configure –help

Still hungry? You can get detailed documentation about our configuration flags from “Chapter 2: Building wolfSSL” in the wolfSSL  Manual which can be found here: https://www.wolfssl.com/documentation/wolfSSL-Manual.pdf.  Need some expert advice? 

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.