Here at wolfSSL, we strive to support our customers’ needs for customization and finding the right trade-offs. The following table is a list of the top 10 things you can do with wolfSSL’s configuration flags.
| Task | Configure Flag(s) | Details |
| Get Ready for Your First FIPS Customer | –enable-fips=ready | You will need to have a fips-ready bundle which is available as both an open source code bundle or under a proprietary license. |
| Become DO-178 Compliant | –enable-sp-math | We have taken ECC in sp_c32.c in the SP-Math Library through DO-178C certification. |
| Make Your Application Secure from Side-Channel Attacks | –enable-sp-math –enable-sp-math-all
CFLAGS=”WOLFSSL_SP_CACHE_RESISTANT” or –enable-fastmath –enable-harden |
Our SP-Math Library is always timing resistant and runs private key operations in constant time. Our Fast Math Library can be made timing resistant by enabling the hardened build. |
| Reduce Your Stack Usage | –enable-smallstack and –enable-smallstackcache | Allocating memory on the heap will be favored over the stack. |
| Reduce Your Heap Usage | –enable-static-memory | All memory that wolfSSL LIbrary allocates will be on the stack as local variables. |
| Reduce Your Code Size | –enable-sha3=small –enable-aesgcm=small –enable-lowresource
CFLAGS=”-DNO_ERROR_STRINGS -DNO_INLINE -DCURVED25519_SMALL -DUSE_SLOW_SHA” -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA612” |
This will come at a cost of algorithm speed and memory usage. |
| Make a Really Small PSK-Only wolfSSL Library | –enable-leanpsk | PSK stands for pre-shared key. Approximate build size for wolfSSL on an embedded system with this enabled is 21kB. |
| Make a Really Small Client-Only wolfSSL Library | –enable-leantls | This produces a small footprint TLS client that supports TLS 1.2 client only, ECC256, AES128 and SHA256. |
| Use Only wolfCrypt | –enable-cryptonly | This enables a wolfCrypt-only build, greatly reducing the size. No TLS, no SSL. |
| Figure Out What is Going on Under the Hood | –enable-debug | This will build the wolfSSL Library with debug symbols so you can use your debugger to step through the code as it executes. Also, if you call wolfSSL_Debugging_ON() lots of debugging messages will be printed to stderr. |
Note that some of these flags can be combined while others are mutually exclusive. Please feel free to experiment with different combinations.
Want more? You can see a full list of our configuration flags by downloading our latest release and executing the following command: ./configure –help
Still hungry? You can get detailed documentation about our configuration flags from “Chapter 2: Building wolfSSL” in the wolfSSL Manual which can be found here: https://www.wolfssl.com/documentation/wolfSSL-Manual.pdf. Need some expert advice?
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.