SharkSSL™ Embedded SSL/TLS Stack
SharkSSL_cfg.h
1/*
2 * ____ _________ __ _
3 * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____
4 * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/
5 * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__
6 * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/
7 * /____/
8 *
9 * SharkSSL Embedded SSL/TLS Stack
10 ****************************************************************************
11 * PROGRAM MODULE
12 *
13 * $Id: SharkSSL_cfg.h 5817 2026-06-20 22:00:16Z gianluca $
14 *
15 * COPYRIGHT: Real Time Logic LLC, 2010 - 2022
16 *
17 * This software is copyrighted by and is the sole property of Real
18 * Time Logic LLC. All rights, title, ownership, or other interests in
19 * the software remain the property of Real Time Logic LLC. This
20 * software may only be used in accordance with the terms and
21 * conditions stipulated in the corresponding license agreement under
22 * which the software has been supplied. Any unauthorized use,
23 * duplication, transmission, distribution, or disclosure of this
24 * software is expressly forbidden.
25 *
26 * This Copyright notice may not be removed or modified without prior
27 * written consent of Real Time Logic LLC.
28 *
29 * Real Time Logic LLC. reserves the right to modify this software
30 * without notice.
31 *
32 * http://www.realtimelogic.com
33 * http://www.sharkssl.com
34 ****************************************************************************
35
36
37 Do not directly edit the options in this file. Instead, add your
38 custom options in SharkSSL_opts.h
39
40 */
41#ifndef _SharkSsl_cfg_h
42#define _SharkSsl_cfg_h
43
44#include "SharkSSL_opts.h"
45
53#ifndef SHARKSSL_TLS_1_3
54#define SHARKSSL_TLS_1_3 1
55#endif
56
60#ifndef SHARKSSL_TLS_1_2
61#define SHARKSSL_TLS_1_2 1
62#endif
63
66#ifndef SHARKSSL_USE_AES_256
67#define SHARKSSL_USE_AES_256 1
68#endif
69
72#ifndef SHARKSSL_USE_AES_128
73#define SHARKSSL_USE_AES_128 1
74#endif
75
80#ifndef SHARKSSL_USE_AES_192
81#define SHARKSSL_USE_AES_192 0
82#endif
83
88#ifndef SHARKSSL_ENABLE_AES_GCM
89#define SHARKSSL_ENABLE_AES_GCM 1
90#endif
91
96#ifndef SHARKSSL_ENABLE_AES_CCM
97#define SHARKSSL_ENABLE_AES_CCM 0
98#endif
99
105#ifndef SHARKSSL_ENABLE_AES_CBC
106#define SHARKSSL_ENABLE_AES_CBC 0
107#endif
108
113#ifndef SHARKSSL_USE_CHACHA20
114#define SHARKSSL_USE_CHACHA20 1
115#endif
116
117
127#ifndef SHARKSSL_USE_SHA_256
128#define SHARKSSL_USE_SHA_256 1
129#endif
130
134#ifndef SHARKSSL_USE_SHA_384
135#define SHARKSSL_USE_SHA_384 1
136#endif
137
141#ifndef SHARKSSL_USE_SHA_512
142#define SHARKSSL_USE_SHA_512 0
143#endif
144
145
150#ifndef SHARKSSL_USE_SHA1
151#define SHARKSSL_USE_SHA1 0
152#endif
153
156#ifndef SHARKSSL_USE_MD5
157#define SHARKSSL_USE_MD5 0
158#endif
159
164#ifndef SHARKSSL_USE_POLY1305
165#define SHARKSSL_USE_POLY1305 1
166#endif
167 /* end group SharkSslCfgHash */
169
170
173#ifndef SHARKSSL_SSL_SERVER_CODE
174#define SHARKSSL_SSL_SERVER_CODE 1
175#endif
176
177
180#ifndef SHARKSSL_ENABLE_CLIENT_AUTH
181#define SHARKSSL_ENABLE_CLIENT_AUTH 1
182#endif
183
184
192#ifndef SHARKSSL_ENABLE_POST_HANDSHAKE_AUTH
193#define SHARKSSL_ENABLE_POST_HANDSHAKE_AUTH 0
194#endif
195
196
199#ifndef SHARKSSL_SSL_CLIENT_CODE
200#define SHARKSSL_SSL_CLIENT_CODE 1
201#endif
202
203
206#ifndef SHARKSSL_RANDOMIZE_EXTENSIONS
207#define SHARKSSL_RANDOMIZE_EXTENSIONS 1
208#endif
209
210
213#ifndef SHARKSSL_ENABLE_SNI
214#define SHARKSSL_ENABLE_SNI 1
215#endif
216
217
222#ifndef SHARKSSL_ENABLE_CA_EXTENSION
223#define SHARKSSL_ENABLE_CA_EXTENSION 1
224#endif
225
226
229#ifndef SHARKSSL_ENABLE_RSA
230#define SHARKSSL_ENABLE_RSA 1
231#endif
232
233
236#ifndef SHARKSSL_ENABLE_SESSION_CACHE
237#define SHARKSSL_ENABLE_SESSION_CACHE 1
238#endif
239
240
247#ifndef SHARKSSL_ENABLE_SECURE_RENEGOTIATION
248#define SHARKSSL_ENABLE_SECURE_RENEGOTIATION SHARKSSL_TLS_1_2
249#endif
250
251
256#ifndef SHARKSSL_ENABLE_DHE_RSA
257#define SHARKSSL_ENABLE_DHE_RSA SHARKSSL_TLS_1_2
258#endif
259
260
264#undef SHARKSSL_USE_SHA_256
265#define SHARKSSL_USE_SHA_256 1
266
267
270#ifndef SHARKSSL_ENABLE_SELECT_CIPHERSUITE
271#define SHARKSSL_ENABLE_SELECT_CIPHERSUITE 1
272#endif
273
274
279#ifndef SHARKSSL_SELECT_CIPHERSUITE_LIST_DEPTH
280#define SHARKSSL_SELECT_CIPHERSUITE_LIST_DEPTH 8
281#endif
282
283
286#ifndef SHARKSSL_ENABLE_ALPN_EXTENSION
287#define SHARKSSL_ENABLE_ALPN_EXTENSION 1
288#endif
289
290
295#ifndef SHARKSSL_ENABLE_RSA_API
296#define SHARKSSL_ENABLE_RSA_API 1
297#endif
298
299
304#ifndef SHARKSSL_ENABLE_RSA_PKCS1
305#define SHARKSSL_ENABLE_RSA_PKCS1 1
306#endif
307
308
314#ifndef SHARKSSL_ENABLE_RSASSA_PSS
315#define SHARKSSL_ENABLE_RSASSA_PSS SHARKSSL_TLS_1_3
316#endif
317
321#ifndef SHARKSSL_ENABLE_RSA_OAEP
322#define SHARKSSL_ENABLE_RSA_OAEP 0
323#endif
324
325
329#ifndef SHARKSSL_ENABLE_ECDSA_API
330#define SHARKSSL_ENABLE_ECDSA_API 1
331#endif
332
333
340#ifndef SHARKSSL_ECDSA_ONLY_VERIFY
341#define SHARKSSL_ECDSA_ONLY_VERIFY 0
342#endif
343
344
351#ifndef SHARKSSL_ENABLE_PEM_API
352#define SHARKSSL_ENABLE_PEM_API 1
353#endif
354
355
360#ifndef SHARKSSL_ENABLE_ENCRYPTED_PKCS8_SUPPORT
361#define SHARKSSL_ENABLE_ENCRYPTED_PKCS8_SUPPORT 0
362#endif
363
364
367#ifndef SHARKSSL_ENABLE_INFO_API
368#define SHARKSSL_ENABLE_INFO_API 1
369#endif
370
371
374#ifndef SHARKSSL_ENABLE_CERT_CHAIN
375#define SHARKSSL_ENABLE_CERT_CHAIN 1
376#endif
377
378
382#ifndef SHARKSSL_ENABLE_CA_LIST
383#define SHARKSSL_ENABLE_CA_LIST 1
384#endif
385
386
389#ifndef SHARKSSL_ENABLE_CERTSTORE_API
390#define SHARKSSL_ENABLE_CERTSTORE_API 1
391#endif
392
393
396#ifdef SHARKSSL_ENABLE_CLONE_CERTINFO
397#if !SHARKSSL_ENABLE_CLONE_CERTINFO
398#error SHARKSSL_ENABLE_CLONE_CERTINFO is now enabled by default - please remove its #define
399#endif
400#endif
401
402
406#ifndef SHARKSSL_ENABLE_CERT_KEYUSAGE
407#define SHARKSSL_ENABLE_CERT_KEYUSAGE 0
408#endif
409
410
417#ifndef SHARKSSL_MD5_SMALL_FOOTPRINT
418#define SHARKSSL_MD5_SMALL_FOOTPRINT 0
419#endif
420
421#ifndef SHARKSSL_SHA1_SMALL_FOOTPRINT
422#define SHARKSSL_SHA1_SMALL_FOOTPRINT 0
423#endif
424
427#ifndef SHARKSSL_SHA256_SMALL_FOOTPRINT
428#define SHARKSSL_SHA256_SMALL_FOOTPRINT 0
429#endif
430
431
434#ifndef SHARKSSL_BIGINT_EXP_SLIDING_WINDOW_K
435#define SHARKSSL_BIGINT_EXP_SLIDING_WINDOW_K 4
436#endif
437
438
441#ifndef SHARKSSL_BIGINT_MULT_LOOP_UNROLL
442#define SHARKSSL_BIGINT_MULT_LOOP_UNROLL 1
443#endif
444
445
448#ifndef SHARKSSL_ENABLE_AES_CTR_MODE
449#define SHARKSSL_ENABLE_AES_CTR_MODE 1
450#endif
451
452
455#ifndef SHARKSSL_AES_CIPHER_LOOP_UNROLL
456#define SHARKSSL_AES_CIPHER_LOOP_UNROLL 1
457#endif
458
459
463#ifndef SHARKSSL_UNALIGNED_ACCESS
464#ifdef UNALIGNED_ACCESS
465#define SHARKSSL_UNALIGNED_ACCESS 1
466#else
467#define SHARKSSL_UNALIGNED_ACCESS 0
468#endif
469#endif
470
471
474#ifndef SHARKSSL_BIGINT_WORDSIZE
475#define SHARKSSL_BIGINT_WORDSIZE 32
476#endif
477
478
481#ifndef SHARKSSL_USE_ECC
482#define SHARKSSL_USE_ECC 1
483#endif
484
485
489#ifndef SHARKSSL_ENABLE_ECDSA
490#define SHARKSSL_ENABLE_ECDSA 1
491#endif
492
493
499#ifndef SHARKSSL_ECC_VERIFY_POINT
500#define SHARKSSL_ECC_VERIFY_POINT 1
501#endif
502
503
507#ifndef SHARKSSL_ENABLE_EDDSA
508#define SHARKSSL_ENABLE_EDDSA 1
509#endif
510
511
515#ifndef SHARKSSL_ECC_TIMING_RESISTANT
516#define SHARKSSL_ECC_TIMING_RESISTANT 1
517#endif
518
519
524#ifndef SHARKSSL_BIGINT_TIMING_RESISTANT
525#define SHARKSSL_BIGINT_TIMING_RESISTANT 1
526#endif
527
528
531#ifndef SHARKSSL_ECC_USE_SECP256R1
532#define SHARKSSL_ECC_USE_SECP256R1 1
533#endif
534
537#ifndef SHARKSSL_ECC_USE_SECP384R1
538#define SHARKSSL_ECC_USE_SECP384R1 1
539#endif
540
543#ifndef SHARKSSL_ECC_USE_SECP521R1
544#define SHARKSSL_ECC_USE_SECP521R1 1
545#endif
546
547
550#ifndef SHARKSSL_ECC_USE_BRAINPOOLP256R1
551#define SHARKSSL_ECC_USE_BRAINPOOLP256R1 1
552#endif
553
556#ifndef SHARKSSL_ECC_USE_BRAINPOOLP384R1
557#define SHARKSSL_ECC_USE_BRAINPOOLP384R1 1
558#endif
559
562#ifndef SHARKSSL_ECC_USE_BRAINPOOLP512R1
563#define SHARKSSL_ECC_USE_BRAINPOOLP512R1 1
564#endif
565
566
569#ifndef SHARKSSL_ECC_USE_CURVE25519
570#define SHARKSSL_ECC_USE_CURVE25519 1
571#endif
572
573
576#ifndef SHARKSSL_ECC_USE_CURVE448
577#define SHARKSSL_ECC_USE_CURVE448 0
578#endif
579
580
585#ifndef SHARKSSL_ENABLE_ECDHE_RSA
586#define SHARKSSL_ENABLE_ECDHE_RSA 1
587#endif
588
589
594#ifndef SHARKSSL_ENABLE_ECDHE_ECDSA
595#define SHARKSSL_ENABLE_ECDHE_ECDSA 1
596#endif
597
598
601#ifndef SHARKSSL_OPTIMIZED_BIGINT_ASM
602#define SHARKSSL_OPTIMIZED_BIGINT_ASM 0
603#endif
604
607#ifndef SHARKSSL_OPTIMIZED_CHACHA_ASM
608#define SHARKSSL_OPTIMIZED_CHACHA_ASM 0
609#endif
610
613#ifndef SHARKSSL_OPTIMIZED_POLY1305_ASM
614#define SHARKSSL_OPTIMIZED_POLY1305_ASM 0
615#endif
616
617
624#ifndef SHARKSSL_USE_RNG_TINYMT
625#define SHARKSSL_USE_RNG_TINYMT 0
626#endif
627
635#ifndef SHARKSSL_USE_RNG_FORTUNA
636#define SHARKSSL_USE_RNG_FORTUNA 0
637#endif
638
639
645#ifndef SHARKSSL_RNG_MULTITHREADED
646#define SHARKSSL_RNG_MULTITHREADED 1
647#endif
648
649
652#ifndef SHARKSSL_NOPACK
653#define SHARKSSL_NOPACK 0
654#endif
655
661#ifdef __DOXYGEN__
662#define SHARKSSL_CHECK_DATE 0
663#endif
664#ifndef SHARKSSL_CHECK_DATE
665#ifdef SHARKSSL_BA /* if SharkSSL embedded in BAS */
666#define SHARKSSL_CHECK_DATE 1
667#else
668#define SHARKSSL_CHECK_DATE 0
669#endif
670#endif
671
672 /* end group SharkSslCfg */
674
677#if SHARKSSL_ECC_TIMING_RESISTANT
678#undef SHARKSSL_BIGINT_TIMING_RESISTANT
679#define SHARKSSL_BIGINT_TIMING_RESISTANT 1
680#endif
681
684#if SHARKSSL_TLS_1_3
685#if !SHARKSSL_TLS_1_2
686#if SHARKSSL_ENABLE_SECURE_RENEGOTIATION
687#undef SHARKSSL_ENABLE_SECURE_RENEGOTIATION
688#define SHARKSSL_ENABLE_SECURE_RENEGOTIATION 0
689#endif
690#if SHARKSSL_ENABLE_DHE_RSA
691#undef SHARKSSL_ENABLE_DHE_RSA
692#define SHARKSSL_ENABLE_DHE_RSA 0
693#endif
694#endif
695#if (0 == SHARKSSL_ECC_USE_SECP256R1)
696#error TLS 1.3 requires NIST curve secp256r1
697#endif
698#if (0 == SHARKSSL_USE_AES_128)
699#error TLS 1.3 requires AES 128
700#endif
701#if (0 == SHARKSSL_USE_SHA_256)
702#error TLS 1.3 requires SHA 256
703#endif
704#endif /* SHARKSSL_TLS_1_3 */
705
706#endif