SharkSSL™ Embedded SSL/TLS Stack
SharkSSL_cfg.h
1/*
2 * ____ _________ __ _
3 * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____
4 * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/
5 * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__
6 * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/
7 * /____/
8 *
9 * SharkSSL Embedded SSL/TLS Stack
10 ****************************************************************************
11 * PROGRAM MODULE
12 *
13 * $Id: SharkSSL_cfg.h 5796 2026-06-02 14:01:17Z gianluca $
14 *
15 * COPYRIGHT: Real Time Logic LLC, 2010 - 2022
16 *
17 * This software is copyrighted by and is the sole property of Real
18 * Time Logic LLC. All rights, title, ownership, or other interests in
19 * the software remain the property of Real Time Logic LLC. This
20 * software may only be used in accordance with the terms and
21 * conditions stipulated in the corresponding license agreement under
22 * which the software has been supplied. Any unauthorized use,
23 * duplication, transmission, distribution, or disclosure of this
24 * software is expressly forbidden.
25 *
26 * This Copyright notice may not be removed or modified without prior
27 * written consent of Real Time Logic LLC.
28 *
29 * Real Time Logic LLC. reserves the right to modify this software
30 * without notice.
31 *
32 * http://www.realtimelogic.com
33 * http://www.sharkssl.com
34 ****************************************************************************
35
36
37 Do not directly edit the options in this file. Instead, add your
38 custom options in SharkSSL_opts.h
39
40 */
41#ifndef _SharkSsl_cfg_h
42#define _SharkSsl_cfg_h
43
44#include "SharkSSL_opts.h"
45
53#ifndef SHARKSSL_TLS_1_3
54#define SHARKSSL_TLS_1_3 1
55#endif
56
60#ifndef SHARKSSL_TLS_1_2
61#define SHARKSSL_TLS_1_2 1
62#endif
63
66#ifndef SHARKSSL_USE_AES_256
67#define SHARKSSL_USE_AES_256 1
68#endif
69
72#ifndef SHARKSSL_USE_AES_128
73#define SHARKSSL_USE_AES_128 1
74#endif
75
80#ifndef SHARKSSL_USE_AES_192
81#define SHARKSSL_USE_AES_192 0
82#endif
83
88#ifndef SHARKSSL_ENABLE_AES_GCM
89#define SHARKSSL_ENABLE_AES_GCM 1
90#endif
91
96#ifndef SHARKSSL_ENABLE_AES_CCM
97#define SHARKSSL_ENABLE_AES_CCM 0
98#endif
99
105#ifndef SHARKSSL_ENABLE_AES_CBC
106#define SHARKSSL_ENABLE_AES_CBC 0
107#endif
108
113#ifndef SHARKSSL_USE_CHACHA20
114#define SHARKSSL_USE_CHACHA20 1
115#endif
116
117
127#ifndef SHARKSSL_USE_SHA_256
128#define SHARKSSL_USE_SHA_256 1
129#endif
130
134#ifndef SHARKSSL_USE_SHA_384
135#define SHARKSSL_USE_SHA_384 1
136#endif
137
141#ifndef SHARKSSL_USE_SHA_512
142#define SHARKSSL_USE_SHA_512 0
143#endif
144
145
150#ifndef SHARKSSL_USE_SHA1
151#define SHARKSSL_USE_SHA1 0
152#endif
153
156#ifndef SHARKSSL_USE_MD5
157#define SHARKSSL_USE_MD5 0
158#endif
159
164#ifndef SHARKSSL_USE_POLY1305
165#define SHARKSSL_USE_POLY1305 1
166#endif
167 /* end group SharkSslCfgHash */
169
170
173#ifndef SHARKSSL_SSL_SERVER_CODE
174#define SHARKSSL_SSL_SERVER_CODE 1
175#endif
176
177
180#ifndef SHARKSSL_ENABLE_CLIENT_AUTH
181#define SHARKSSL_ENABLE_CLIENT_AUTH 1
182#endif
183
184
189#ifndef SHARKSSL_ENABLE_POST_HANDSHAKE_AUTH
190#define SHARKSSL_ENABLE_POST_HANDSHAKE_AUTH 1
191#endif
192
193
196#ifndef SHARKSSL_SSL_CLIENT_CODE
197#define SHARKSSL_SSL_CLIENT_CODE 1
198#endif
199
200
203#ifndef SHARKSSL_RANDOMIZE_EXTENSIONS
204#define SHARKSSL_RANDOMIZE_EXTENSIONS 1
205#endif
206
207
210#ifndef SHARKSSL_ENABLE_SNI
211#define SHARKSSL_ENABLE_SNI 1
212#endif
213
214
219#ifndef SHARKSSL_ENABLE_CA_EXTENSION
220#define SHARKSSL_ENABLE_CA_EXTENSION 1
221#endif
222
223
226#ifndef SHARKSSL_ENABLE_RSA
227#define SHARKSSL_ENABLE_RSA 1
228#endif
229
230
233#ifndef SHARKSSL_ENABLE_SESSION_CACHE
234#define SHARKSSL_ENABLE_SESSION_CACHE 1
235#endif
236
237
244#ifndef SHARKSSL_ENABLE_SECURE_RENEGOTIATION
245#define SHARKSSL_ENABLE_SECURE_RENEGOTIATION SHARKSSL_TLS_1_2
246#endif
247
248
253#ifndef SHARKSSL_ENABLE_DHE_RSA
254#define SHARKSSL_ENABLE_DHE_RSA SHARKSSL_TLS_1_2
255#endif
256
257
261#undef SHARKSSL_USE_SHA_256
262#define SHARKSSL_USE_SHA_256 1
263
264
267#ifndef SHARKSSL_ENABLE_SELECT_CIPHERSUITE
268#define SHARKSSL_ENABLE_SELECT_CIPHERSUITE 1
269#endif
270
271
276#ifndef SHARKSSL_SELECT_CIPHERSUITE_LIST_DEPTH
277#define SHARKSSL_SELECT_CIPHERSUITE_LIST_DEPTH 8
278#endif
279
280
283#ifndef SHARKSSL_ENABLE_ALPN_EXTENSION
284#define SHARKSSL_ENABLE_ALPN_EXTENSION 1
285#endif
286
287
292#ifndef SHARKSSL_ENABLE_RSA_API
293#define SHARKSSL_ENABLE_RSA_API 1
294#endif
295
296
301#ifndef SHARKSSL_ENABLE_RSA_PKCS1
302#define SHARKSSL_ENABLE_RSA_PKCS1 1
303#endif
304
305
311#ifndef SHARKSSL_ENABLE_RSASSA_PSS
312#define SHARKSSL_ENABLE_RSASSA_PSS SHARKSSL_TLS_1_3
313#endif
314
318#ifndef SHARKSSL_ENABLE_RSA_OAEP
319#define SHARKSSL_ENABLE_RSA_OAEP 0
320#endif
321
322
326#ifndef SHARKSSL_ENABLE_ECDSA_API
327#define SHARKSSL_ENABLE_ECDSA_API 1
328#endif
329
330
337#ifndef SHARKSSL_ECDSA_ONLY_VERIFY
338#define SHARKSSL_ECDSA_ONLY_VERIFY 0
339#endif
340
341
348#ifndef SHARKSSL_ENABLE_PEM_API
349#define SHARKSSL_ENABLE_PEM_API 1
350#endif
351
352
357#ifndef SHARKSSL_ENABLE_ENCRYPTED_PKCS8_SUPPORT
358#define SHARKSSL_ENABLE_ENCRYPTED_PKCS8_SUPPORT 0
359#endif
360
361
364#ifndef SHARKSSL_ENABLE_INFO_API
365#define SHARKSSL_ENABLE_INFO_API 1
366#endif
367
368
371#ifndef SHARKSSL_ENABLE_CERT_CHAIN
372#define SHARKSSL_ENABLE_CERT_CHAIN 1
373#endif
374
375
379#ifndef SHARKSSL_ENABLE_CA_LIST
380#define SHARKSSL_ENABLE_CA_LIST 1
381#endif
382
383
386#ifndef SHARKSSL_ENABLE_CERTSTORE_API
387#define SHARKSSL_ENABLE_CERTSTORE_API 1
388#endif
389
390
393#ifdef SHARKSSL_ENABLE_CLONE_CERTINFO
394#if !SHARKSSL_ENABLE_CLONE_CERTINFO
395#error SHARKSSL_ENABLE_CLONE_CERTINFO is now enabled by default - please remove its #define
396#endif
397#endif
398
399
403#ifndef SHARKSSL_ENABLE_CERT_KEYUSAGE
404#define SHARKSSL_ENABLE_CERT_KEYUSAGE 0
405#endif
406
407
414#ifndef SHARKSSL_MD5_SMALL_FOOTPRINT
415#define SHARKSSL_MD5_SMALL_FOOTPRINT 0
416#endif
417
418#ifndef SHARKSSL_SHA1_SMALL_FOOTPRINT
419#define SHARKSSL_SHA1_SMALL_FOOTPRINT 0
420#endif
421
424#ifndef SHARKSSL_SHA256_SMALL_FOOTPRINT
425#define SHARKSSL_SHA256_SMALL_FOOTPRINT 0
426#endif
427
428
431#ifndef SHARKSSL_BIGINT_EXP_SLIDING_WINDOW_K
432#define SHARKSSL_BIGINT_EXP_SLIDING_WINDOW_K 4
433#endif
434
435
438#ifndef SHARKSSL_BIGINT_MULT_LOOP_UNROLL
439#define SHARKSSL_BIGINT_MULT_LOOP_UNROLL 1
440#endif
441
442
445#ifndef SHARKSSL_ENABLE_AES_CTR_MODE
446#define SHARKSSL_ENABLE_AES_CTR_MODE 1
447#endif
448
449
452#ifndef SHARKSSL_AES_CIPHER_LOOP_UNROLL
453#define SHARKSSL_AES_CIPHER_LOOP_UNROLL 1
454#endif
455
456
460#ifndef SHARKSSL_UNALIGNED_ACCESS
461#ifdef UNALIGNED_ACCESS
462#define SHARKSSL_UNALIGNED_ACCESS 1
463#else
464#define SHARKSSL_UNALIGNED_ACCESS 0
465#endif
466#endif
467
468
471#ifndef SHARKSSL_BIGINT_WORDSIZE
472#define SHARKSSL_BIGINT_WORDSIZE 32
473#endif
474
475
478#ifndef SHARKSSL_USE_ECC
479#define SHARKSSL_USE_ECC 1
480#endif
481
482
486#ifndef SHARKSSL_ENABLE_ECDSA
487#define SHARKSSL_ENABLE_ECDSA 1
488#endif
489
490
496#ifndef SHARKSSL_ECC_VERIFY_POINT
497#define SHARKSSL_ECC_VERIFY_POINT 1
498#endif
499
500
504#ifndef SHARKSSL_ENABLE_EDDSA
505#define SHARKSSL_ENABLE_EDDSA 1
506#endif
507
508
512#ifndef SHARKSSL_ECC_TIMING_RESISTANT
513#define SHARKSSL_ECC_TIMING_RESISTANT 1
514#endif
515
516
521#ifndef SHARKSSL_BIGINT_TIMING_RESISTANT
522#define SHARKSSL_BIGINT_TIMING_RESISTANT 1
523#endif
524
525
528#ifndef SHARKSSL_ECC_USE_SECP256R1
529#define SHARKSSL_ECC_USE_SECP256R1 1
530#endif
531
534#ifndef SHARKSSL_ECC_USE_SECP384R1
535#define SHARKSSL_ECC_USE_SECP384R1 1
536#endif
537
540#ifndef SHARKSSL_ECC_USE_SECP521R1
541#define SHARKSSL_ECC_USE_SECP521R1 1
542#endif
543
544
547#ifndef SHARKSSL_ECC_USE_BRAINPOOLP256R1
548#define SHARKSSL_ECC_USE_BRAINPOOLP256R1 1
549#endif
550
553#ifndef SHARKSSL_ECC_USE_BRAINPOOLP384R1
554#define SHARKSSL_ECC_USE_BRAINPOOLP384R1 1
555#endif
556
559#ifndef SHARKSSL_ECC_USE_BRAINPOOLP512R1
560#define SHARKSSL_ECC_USE_BRAINPOOLP512R1 1
561#endif
562
563
566#ifndef SHARKSSL_ECC_USE_CURVE25519
567#define SHARKSSL_ECC_USE_CURVE25519 1
568#endif
569
570
573#ifndef SHARKSSL_ECC_USE_CURVE448
574#define SHARKSSL_ECC_USE_CURVE448 0
575#endif
576
577
582#ifndef SHARKSSL_ENABLE_ECDHE_RSA
583#define SHARKSSL_ENABLE_ECDHE_RSA 1
584#endif
585
586
591#ifndef SHARKSSL_ENABLE_ECDHE_ECDSA
592#define SHARKSSL_ENABLE_ECDHE_ECDSA 1
593#endif
594
595
598#ifndef SHARKSSL_OPTIMIZED_BIGINT_ASM
599#define SHARKSSL_OPTIMIZED_BIGINT_ASM 0
600#endif
601
604#ifndef SHARKSSL_OPTIMIZED_CHACHA_ASM
605#define SHARKSSL_OPTIMIZED_CHACHA_ASM 0
606#endif
607
610#ifndef SHARKSSL_OPTIMIZED_POLY1305_ASM
611#define SHARKSSL_OPTIMIZED_POLY1305_ASM 0
612#endif
613
614
621#ifndef SHARKSSL_USE_RNG_TINYMT
622#define SHARKSSL_USE_RNG_TINYMT 0
623#endif
624
632#ifndef SHARKSSL_USE_RNG_FORTUNA
633#define SHARKSSL_USE_RNG_FORTUNA 0
634#endif
635
636
642#ifndef SHARKSSL_RNG_MULTITHREADED
643#define SHARKSSL_RNG_MULTITHREADED 1
644#endif
645
646
649#ifndef SHARKSSL_NOPACK
650#define SHARKSSL_NOPACK 0
651#endif
652
658#ifdef __DOXYGEN__
659#define SHARKSSL_CHECK_DATE 0
660#endif
661#ifndef SHARKSSL_CHECK_DATE
662#ifdef SHARKSSL_BA /* if SharkSSL embedded in BAS */
663#define SHARKSSL_CHECK_DATE 1
664#else
665#define SHARKSSL_CHECK_DATE 0
666#endif
667#endif
668
669 /* end group SharkSslCfg */
671
674#if SHARKSSL_ECC_TIMING_RESISTANT
675#undef SHARKSSL_BIGINT_TIMING_RESISTANT
676#define SHARKSSL_BIGINT_TIMING_RESISTANT 1
677#endif
678
681#if SHARKSSL_TLS_1_3
682#if !SHARKSSL_TLS_1_2
683#if SHARKSSL_ENABLE_SECURE_RENEGOTIATION
684#undef SHARKSSL_ENABLE_SECURE_RENEGOTIATION
685#define SHARKSSL_ENABLE_SECURE_RENEGOTIATION 0
686#endif
687#if SHARKSSL_ENABLE_DHE_RSA
688#undef SHARKSSL_ENABLE_DHE_RSA
689#define SHARKSSL_ENABLE_DHE_RSA 0
690#endif
691#endif
692#if (0 == SHARKSSL_ECC_USE_SECP256R1)
693#error TLS 1.3 requires NIST curve secp256r1
694#endif
695#if (0 == SHARKSSL_USE_AES_128)
696#error TLS 1.3 requires AES 128
697#endif
698#if (0 == SHARKSSL_USE_SHA_256)
699#error TLS 1.3 requires SHA 256
700#endif
701#endif /* SHARKSSL_TLS_1_3 */
702
703#endif