Real Time Logic LLC
This package includes the SharkSSL lite library and header files.
Dependents: WebSocket-Client-Example SharkMQ-LED-Demo
SharkSSL-Lite
Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.
Features
- SSL|TLS v1.2
- Size: 21kB
- Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
- SharkSSL Online Documentation
- SMQ (Simple Message Queues) Client and SMQ Documentation
- Secure WebSocket Client
- Secure MQTT Client
Examples
- SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
- WebSocket Client: Connect to ELIZA the Psychotherapist
Limitations
SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.
ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.
SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.
Creating ECC Certificates for SharkSSL-Lite
The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.
Diff: inc/SharkSSL_cfg.h
- Revision:
- 0:e0adec41ad6b
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/inc/SharkSSL_cfg.h Wed Apr 06 00:46:36 2016 +0000
@@ -0,0 +1,658 @@
+/*
+ * ____ _________ __ _
+ * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____
+ * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/
+ * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__
+ * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/
+ * /____/
+ *
+ * SharkSSL Embedded SSL/TLS Stack
+ ****************************************************************************
+ * PROGRAM MODULE
+ *
+ * $Id: SharkSSL_cfg.h 3764 2015-09-16 19:37:09Z gianluca $
+ *
+ * COPYRIGHT: Real Time Logic LLC, 2010 - 2016
+ *
+ * This software is copyrighted by and is the sole property of Real
+ * Time Logic LLC. All rights, title, ownership, or other interests in
+ * the software remain the property of Real Time Logic LLC. This
+ * software may only be used in accordance with the terms and
+ * conditions stipulated in the corresponding license agreement under
+ * which the software has been supplied. Any unauthorized use,
+ * duplication, transmission, distribution, or disclosure of this
+ * software is expressly forbidden.
+ *
+ * This Copyright notice may not be removed or modified without prior
+ * written consent of Real Time Logic LLC.
+ *
+ * Real Time Logic LLC. reserves the right to modify this software
+ * without notice.
+ *
+ * http://www.realtimelogic.com
+ * http://www.sharkssl.com
+ ****************************************************************************
+
+
+ Do not directly edit the options in this file. Instead, add your
+ custom options in SharkSSL_opts.h
+
+ */
+#ifndef _SharkSsl_cfg_h
+#define _SharkSsl_cfg_h
+
+#include "SharkSSL_opts.h"
+
+/** @addtogroup SharkSslCfg
+@{
+*/
+
+/** Enable/disable AES 256
+ */
+#ifndef SHARKSSL_USE_AES_256
+#define SHARKSSL_USE_AES_256 1
+#endif
+
+/** Enable/disable AES 128
+ */
+#ifndef SHARKSSL_USE_AES_128
+#define SHARKSSL_USE_AES_128 1
+#endif
+
+/**
+ * AES-192 is not used in SSL/TLS
+ * enable only if needed in application using the crypto API
+ */
+#ifndef SHARKSSL_USE_AES_192
+#define SHARKSSL_USE_AES_192 0
+#endif
+
+
+/**
+ * AES-GCM require AES:
+ * relevant ciphersuites supported only by TLS 1.2
+ */
+#ifndef SHARKSSL_ENABLE_AES_GCM
+#define SHARKSSL_ENABLE_AES_GCM 1
+#endif
+
+/**
+ * AES-CCM require AES:
+ * relevant ciphersuites supported only by TLS 1.2
+ */
+#ifndef SHARKSSL_ENABLE_AES_CCM
+#define SHARKSSL_ENABLE_AES_CCM 1
+#endif
+
+/** Enable/disable CHACHA20 support and also include
+ POLY1305-CHACHA20 ciphersuites when TLS1.2 and POLY1305 are enabled
+ (#SHARKSSL_ENABLE_TLS_1_2, #SHARKSSL_USE_POLY1305)
+ */
+#ifndef SHARKSSL_USE_CHACHA20
+#define SHARKSSL_USE_CHACHA20 1
+#endif
+
+/** Enable/disable 3DES
+ */
+#ifndef SHARKSSL_USE_3DES
+#define SHARKSSL_USE_3DES 1
+#endif
+
+/** Enable/disable ARC4. ARC4 is deemed insecure.
+*/
+#ifndef SHARKSSL_USE_ARC4
+#define SHARKSSL_USE_ARC4 0
+#endif
+
+/** DES is DEPRECATED */
+#ifndef SHARKSSL_USE_DES
+#define SHARKSSL_USE_DES 0
+#endif
+
+/** For testing only */
+#ifndef SHARKSSL_USE_NULL_CIPHER
+#define SHARKSSL_USE_NULL_CIPHER 0
+#endif
+
+
+/** \defgroup SharkSslCfgHash HASH algorithms
+\ingroup SharkSslCfg
+@{
+*/
+
+/** Enable/disable SHA256 support for certificate signatures (SHA256
+ ciphersuites are not included).
+
+ SHA256 is included if TLS 1.2 is enabled by setting
+ #SHARKSSL_ENABLE_TLS_1_2.
+ */
+#ifndef SHARKSSL_USE_SHA_256
+#define SHARKSSL_USE_SHA_256 1
+#endif
+
+/** Enable/disable SHA384 support and also include
+ SHA384 ciphersuites when TLS 1.2 is enabled (#SHARKSSL_ENABLE_TLS_1_2)
+*/
+#ifndef SHARKSSL_USE_SHA_384
+#define SHARKSSL_USE_SHA_384 1
+#endif
+
+/** Enable/disable SHA512 support: Note SHA512 is not required by SSL/TLS.
+ SHA384 ciphersuites when TLS 1.2 is enabled (#SHARKSSL_ENABLE_TLS_1_2)
+*/
+#ifndef SHARKSSL_USE_SHA_512
+#define SHARKSSL_USE_SHA_512 0
+#endif
+
+/** SHA1 must be enabled unless SharkSSL is used as a crypto library only.
+ */
+#ifndef SHARKSSL_USE_SHA1
+#define SHARKSSL_USE_SHA1 1
+#endif
+
+/** MD5 must be enabled unless SharkSSL is used as a crypto library only.
+ */
+#ifndef SHARKSSL_USE_MD5
+#define SHARKSSL_USE_MD5 1
+#endif
+
+/** Enable/disable POLY1305 support and also include
+ POLY1305-CHACHA20 ciphersuites when TLS1.2 and CHACHA20 are enabled
+ (#SHARKSSL_ENABLE_TLS_1_2, #SHARKSSL_USE_CHACHA20)
+ */
+#ifndef SHARKSSL_USE_POLY1305
+#define SHARKSSL_USE_POLY1305 1
+#endif
+
+
+
+
+/** @} */ /* end group SharkSslCfgHash */
+
+
+/**
+ * select 1 to enable DEPRECATED ciphersuites with MD5 hash:
+ * TLS_RSA_WITH_RC4_128_MD5 (if SHARKSSL_USE_ARC4 is 1)
+ * TLS_RSA_WITH_NULL_MD5 (if SHARKSSL_USE_NULL_CIPHER is 1)
+ */
+#ifndef SHARKSSL_ENABLE_MD5_CIPHERSUITES
+#define SHARKSSL_ENABLE_MD5_CIPHERSUITES 0
+#endif
+
+
+/*
+ * Do not modify the following #if..#endif
+ */
+#if SHARKSSL_ENABLE_MD5_CIPHERSUITES
+#undef SHARKSSL_USE_MD5
+#define SHARKSSL_USE_MD5 1
+#endif
+
+
+/**
+ * select 1 to enable SERVER side TLS
+ */
+#ifndef SHARKSSL_SSL_SERVER_CODE
+#define SHARKSSL_SSL_SERVER_CODE 1
+#endif
+
+
+/**
+ * select 1 to accept client hello v2.0 format
+ * (DEPRECATED)
+ */
+#ifndef SHARKSSL_ACCEPT_CLIENT_HELLO_2_0
+#define SHARKSSL_ACCEPT_CLIENT_HELLO_2_0 1
+#endif
+
+
+/**
+ * select 1 to enable client authentication from server
+ */
+#ifndef SHARKSSL_ENABLE_CLIENT_AUTH
+#define SHARKSSL_ENABLE_CLIENT_AUTH 1
+#endif
+
+
+/**
+ * select 1 to enable CLIENT side TLS
+ */
+#ifndef SHARKSSL_SSL_CLIENT_CODE
+#define SHARKSSL_SSL_CLIENT_CODE 1
+#endif
+
+
+/**
+ * select 1 to enable support for Server Name Indication (client only)
+ */
+#ifndef SHARKSSL_ENABLE_SNI
+#define SHARKSSL_ENABLE_SNI 1
+#endif
+
+
+/**
+ * select 0 to disable RSA ciphersuites
+ */
+#ifndef SHARKSSL_ENABLE_RSA
+#define SHARKSSL_ENABLE_RSA 1
+#endif
+
+
+/**
+ * select 1 to enable RSA blinding (more secure, more ROM, more RAM)
+ */
+#ifndef SHARKSSL_ENABLE_RSA_BLINDING
+#define SHARKSSL_ENABLE_RSA_BLINDING 1
+#endif
+
+
+/**
+ * select 1 to enable session caching
+ */
+#ifndef SHARKSSL_ENABLE_SESSION_CACHE
+#define SHARKSSL_ENABLE_SESSION_CACHE 1
+#endif
+
+
+/**
+ * select 1 to enable renegotiation
+ * only secure renegotiation (RFC5746) is supported
+ */
+#ifndef SHARKSSL_ENABLE_SECURE_RENEGOTIATION
+#define SHARKSSL_ENABLE_SECURE_RENEGOTIATION 1
+#endif
+
+
+/**
+ * meaningful only if renegotiation is enabled (see above)
+ * select 1 to allow client-initiated renegotiation
+ * BEWARE: may expose servers to DoS attacks
+ */
+#ifndef SHARKSSL_ENABLE_CLIENT_INITIATED_RENEGOTIATION
+#define SHARKSSL_ENABLE_CLIENT_INITIATED_RENEGOTIATION 0
+#endif
+
+
+/**
+ * select 1 to enable TLS 1.2 (supporting AES-GCM ciphesuites,
+ * SHA-256+ ciphesuites and signatures)
+ * enabling TLS 1.2 will enable also TLS 1.1
+ */
+#ifndef SHARKSSL_ENABLE_TLS_1_2
+#define SHARKSSL_ENABLE_TLS_1_2 1
+#endif
+
+
+/*
+ * TLS 1.2 requires SHA-256, do not modify the following settings
+ * DES and ClientHello v2.0 are deprecated in TLS 1.2 - RFC5246
+ */
+#if SHARKSSL_ENABLE_TLS_1_2
+#undef SHARKSSL_USE_SHA_256
+#define SHARKSSL_USE_SHA_256 1
+#endif
+
+
+/**
+ * select 1 to enable TLS 1.1 (more secure, slower than TLS 1.0)
+ */
+#ifndef SHARKSSL_ENABLE_TLS_1_1
+#define SHARKSSL_ENABLE_TLS_1_1 1
+#endif
+
+
+/**
+ * select 1 to enable SSL 3.0 (backward compatibility)
+ */
+#ifndef SHARKSSL_ENABLE_SSL_3_0
+#define SHARKSSL_ENABLE_SSL_3_0 0
+#endif
+
+
+/**
+ * select 1 to enable DHE_RSA ciphersuites
+ */
+#ifndef SHARKSSL_ENABLE_DHE_RSA
+#define SHARKSSL_ENABLE_DHE_RSA 1
+#endif
+
+
+/** Enable/disable the SharkSslCon_selectCiphersuite API
+ */
+#ifndef SHARKSSL_ENABLE_SELECT_CIPHERSUITE
+#define SHARKSSL_ENABLE_SELECT_CIPHERSUITE 1
+#endif
+
+
+/** Determine the number of ciphersuites that can be selected, in
+ decreasing order of preference; this value is only in effect if the
+ #SHARKSSL_ENABLE_SELECT_CIPHERSUITE is selected.
+ */
+#ifndef SHARKSSL_SELECT_CIPHERSUITE_LIST_DEPTH
+#define SHARKSSL_SELECT_CIPHERSUITE_LIST_DEPTH 8
+#endif
+
+
+/**
+ * select 1 to enable PSK ciphersuites - client SSL only
+ */
+#ifndef SHARKSSL_ENABLE_PSK
+#define SHARKSSL_ENABLE_PSK 0
+#endif
+
+
+/** Enable/disable RSA API (sharkssl_RSA_public_encrypt,
+ * sharkssl_RSA_private_decrypt, sharkssl_RSA_private_encrypt,
+ * sharkssl_RSA_public_decrypt, SharkSslRSAKey_size)
+ */
+#ifndef SHARKSSL_ENABLE_RSA_API
+#define SHARKSSL_ENABLE_RSA_API 1
+#endif
+
+
+/** Enable/disable PKCS1 padding in RSA API
+ * (#SHARKSSL_ENABLE_RSA_API must be enabled)
+ * note: always enabled when SSL client or server enabled
+ */
+#ifndef SHARKSSL_ENABLE_RSA_PKCS1
+#define SHARKSSL_ENABLE_RSA_PKCS1 1
+#endif
+
+
+/** Enable/disable ECDSA API (sharkssl_ECDSA_sign,
+ * sharkssl_ECDSA_verify, SharkSslECDSA_siglen)
+ */
+#ifndef SHARKSSL_ENABLE_ECDSA_API
+#define SHARKSSL_ENABLE_ECDSA_API 1
+#endif
+
+
+/** Disable ECDSA sign API functions (sharkssl_ECDSA_sign,
+ * SharkSslECDSA_siglen) - effective only if ECDSA API is
+ * compiled (#SHARKSSL_ENABLE_ECDSA_API must be enabled)
+ * and no SSL/TLS library used (only RayCrypto); used to
+ * achieve minimum code size
+ */
+#ifndef SHARKSSL_ECDSA_ONLY_VERIFY
+#define SHARKSSL_ECDSA_ONLY_VERIFY 0
+#endif
+
+
+/**
+ * select 1 to enable PEM certs/keys decoding
+ * if RSA_API is enabled, then also the functions
+ * sharkssl_PEM_to_RSAKey and SharkSslRSAKey_free are available
+ * if ECDSA_API is enabled, then also the functions
+ * sharkssl_PEM_to_ECCKey and SharkSslECCKey_free are available
+ */
+#ifndef SHARKSSL_ENABLE_PEM_API
+#define SHARKSSL_ENABLE_PEM_API 1
+#endif
+
+
+/** Enable/disable #SharkSslCon_getCiphersuite and #SharkSslCon_getProtocol
+ */
+#ifndef SHARKSSL_ENABLE_INFO_API
+#define SHARKSSL_ENABLE_INFO_API 1
+#endif
+
+
+/**
+ * select 1 to enable certificate chain support
+ */
+#ifndef SHARKSSL_ENABLE_CERT_CHAIN
+#define SHARKSSL_ENABLE_CERT_CHAIN 1
+#endif
+
+
+/**
+ * select 1 to enable CA check
+ * (client or server with client auth)
+ */
+#ifndef SHARKSSL_ENABLE_CA_LIST
+#define SHARKSSL_ENABLE_CA_LIST 1
+#endif
+
+
+/**
+ * select 1 to enable certificate storage
+ */
+#ifndef SHARKSSL_ENABLE_CERTSTORE_API
+#define SHARKSSL_ENABLE_CERTSTORE_API 1
+#endif
+
+
+/**
+ * select 1 to enable automatic certificate cloning
+ */
+#ifndef SHARKSSL_ENABLE_CLONE_CERTINFO
+#define SHARKSSL_ENABLE_CLONE_CERTINFO 1
+#endif
+
+
+/**
+ * select 1 to enable parsing KeyUsage and ExtendedKeyUsage
+ * in the certificates
+ */
+#ifndef SHARKSSL_ENABLE_CERT_KEYUSAGE
+#define SHARKSSL_ENABLE_CERT_KEYUSAGE 0
+#endif
+
+
+/**
+ * select 1 (small ROM footprint, slow) or 0 (large, fast)
+ *
+ * SHA 384 is only available in small footprint version,
+ * being the fast version only 20% faster at the expense
+ * of an 8x code size (benchmarked on ARM Cortex M3)
+ */
+#ifndef SHARKSSL_MD5_SMALL_FOOTPRINT
+#define SHARKSSL_MD5_SMALL_FOOTPRINT 0
+#endif
+
+#ifndef SHARKSSL_SHA1_SMALL_FOOTPRINT
+#define SHARKSSL_SHA1_SMALL_FOOTPRINT 0
+#endif
+
+/** Select 1 for smaller, but slower SHA256
+ */
+#ifndef SHARKSSL_SHA256_SMALL_FOOTPRINT
+#define SHARKSSL_SHA256_SMALL_FOOTPRINT 0
+#endif
+
+
+/**
+ * select a window size between 1 (slower, less RAM) and 5
+ */
+#ifndef SHARKSSL_BIGINT_EXP_SLIDING_WINDOW_K
+#define SHARKSSL_BIGINT_EXP_SLIDING_WINDOW_K 4
+#endif
+
+
+/**
+ * select 0 (slower, less ROM) or 1 (20% faster, more ROM)
+ */
+#ifndef SHARKSSL_BIGINT_MULT_LOOP_UNROLL
+#define SHARKSSL_BIGINT_MULT_LOOP_UNROLL 1
+#endif
+
+
+/**
+ * select 1 to include AES CTR mode (USE_AES_xxx must be enabled)
+ */
+#ifndef SHARKSSL_ENABLE_AES_CTR_MODE
+#define SHARKSSL_ENABLE_AES_CTR_MODE 1
+#endif
+
+
+/**
+ * select 0 (45% less ROM) or 1 (10-15% faster)
+ */
+#ifndef SHARKSSL_DES_CIPHER_LOOP_UNROLL
+#define SHARKSSL_DES_CIPHER_LOOP_UNROLL 1
+#endif
+
+
+/**
+ * select 0 (35% less ROM) or 1 (10-15% faster)
+ */
+#ifndef SHARKSSL_AES_CIPHER_LOOP_UNROLL
+#define SHARKSSL_AES_CIPHER_LOOP_UNROLL 1
+#endif
+
+
+/**
+ * select 1 if your architecture supports unaligned memory
+ * access (x86, ARM-Cortex-M3, ColdFire)
+ */
+#ifndef SHARKSSL_UNALIGNED_ACCESS
+#ifdef UNALIGNED_ACCESS
+#define SHARKSSL_UNALIGNED_ACCESS 1
+#else
+#define SHARKSSL_UNALIGNED_ACCESS 0
+#endif
+#endif
+
+
+/**
+ * select 8, 16 or 32 according to your architecture
+ */
+#ifndef SHARKSSL_BIGINT_WORDSIZE
+#define SHARKSSL_BIGINT_WORDSIZE 32
+#endif
+
+
+/**
+ * Elliptic Curve Cryptography
+ */
+#ifndef SHARKSSL_USE_ECC
+#define SHARKSSL_USE_ECC 1
+#endif
+
+
+/**
+ * select 1 to enable generation and verification of
+ * elliptic curve digital signatures
+ */
+#ifndef SHARKSSL_ENABLE_ECDSA
+#define SHARKSSL_ENABLE_ECDSA 1
+#endif
+
+
+/**
+ * select 1 to verify that a point lies on a curve
+ * verification in function SharkSslECNISTCurve_setPoint
+ * -larger ROM (parameter B for each curve stored, more code)
+ * -slightly slower execution
+ */
+#ifndef SHARKSSL_ECC_VERIFY_POINT
+#define SHARKSSL_ECC_VERIFY_POINT 1
+#endif
+
+
+/**
+ */
+#ifndef SHARKSSL_ECC_TIMING_RESISTANT
+#define SHARKSSL_ECC_TIMING_RESISTANT 0
+#endif
+
+/** Enable/disable the SECP192R1 curve -- deprecated
+ */
+#ifndef SHARKSSL_ECC_USE_SECP192R1
+#define SHARKSSL_ECC_USE_SECP192R1 0
+#endif
+
+/** Enable/disable the SECP224R1 curve -- deprecated
+ */
+#ifndef SHARKSSL_ECC_USE_SECP224R1
+#define SHARKSSL_ECC_USE_SECP224R1 0
+#endif
+
+/** Enable/disable the SECP256R1 curve
+ */
+#ifndef SHARKSSL_ECC_USE_SECP256R1
+#define SHARKSSL_ECC_USE_SECP256R1 1
+#endif
+
+/** Enable/disable the SECP384R1 curve
+ */
+#ifndef SHARKSSL_ECC_USE_SECP384R1
+#define SHARKSSL_ECC_USE_SECP384R1 1
+#endif
+
+/** Enable/disable the SECP521R1 curve
+ */
+#ifndef SHARKSSL_ECC_USE_SECP521R1
+#define SHARKSSL_ECC_USE_SECP521R1 1
+#endif
+
+
+/**
+ * select 1 to enable ECDHE_RSA ciphersuites (RFC 4492)
+ * Elliptic Curve Cryptography (#SHARKSSL_USE_ECC) must be enabled
+ */
+#ifndef SHARKSSL_ENABLE_ECDHE_RSA
+#define SHARKSSL_ENABLE_ECDHE_RSA 1
+#endif
+
+
+/**
+ * select 1 to enable ECDH_RSA ciphersuites (RFC 4492)
+ * Elliptic Curve Cryptography (#SHARKSSL_USE_ECC) must be enabled
+ */
+#ifndef SHARKSSL_ENABLE_ECDH_RSA
+#define SHARKSSL_ENABLE_ECDH_RSA 1
+#endif
+
+
+/**
+ * select 1 to enable ECDHE_ECDSA ciphersuites (RFC 4492)
+ * Elliptic Curve Cryptography (#SHARKSSL_USE_ECC) must be enabled
+ * SHARKSSL_ENABLE_ECDSA must be set
+ */
+#ifndef SHARKSSL_ENABLE_ECDHE_ECDSA
+#define SHARKSSL_ENABLE_ECDHE_ECDSA 1
+#endif
+
+
+/**
+ * select 1 to enable ECDH_ECDSA ciphersuites (RFC 4492)
+ * Elliptic Curve Cryptography (#SHARKSSL_USE_ECC) must be enabled
+ * SHARKSSL_ENABLE_ECDSA must be set
+ */
+#ifndef SHARKSSL_ENABLE_ECDH_ECDSA
+#define SHARKSSL_ENABLE_ECDH_ECDSA 1
+#endif
+
+
+/** Enabling big integer assembler library requires SharkSslBigInt_XX.s
+ */
+#ifndef SHARKSSL_OPTIMIZED_BIGINT_ASM
+#define SHARKSSL_OPTIMIZED_BIGINT_ASM 0
+#endif
+
+/** Enabling assembler optimized CHACHA requires SharkSslCrypto_XX.s
+ */
+#ifndef SHARKSSL_OPTIMIZED_CHACHA_ASM
+#define SHARKSSL_OPTIMIZED_CHACHA_ASM 0
+#endif
+
+/** Enabling assembler optimized POLY requires SharkSslCrypto_XX.s
+ */
+#ifndef SHARKSSL_OPTIMIZED_POLY1305_ASM
+#define SHARKSSL_OPTIMIZED_POLY1305_ASM 0
+#endif
+
+/** Setting this macro to 1 enables TINYMT32 and disables the ISAAC generator
+ */
+#ifndef SHARKSSL_USE_RNG_TINYMT
+#define SHARKSSL_USE_RNG_TINYMT 0
+#endif
+
+#ifndef SHARKSSL_NOPACK
+#define SHARKSSL_NOPACK 0
+#endif
+
+/** @} */ /* end group SharkSslCfg */
+
+#endif