From bb40e6224f03156303fff134fcc7816afa0503e8 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sat, 11 Jan 2025 20:39:41 +0100 Subject: [PATCH] Remove mbedtls on 6.12 --- 6.12/package/libs/mbedtls/Config.in | 200 ------------------ 6.12/package/libs/mbedtls/Makefile | 164 -------------- .../100-x509-crt-verify-SAN-iPAddress.patch | 197 ----------------- .../mbedtls/patches/101-remove-test.patch | 15 -- 4 files changed, 576 deletions(-) delete mode 100644 6.12/package/libs/mbedtls/Config.in delete mode 100644 6.12/package/libs/mbedtls/Makefile delete mode 100644 6.12/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch delete mode 100644 6.12/package/libs/mbedtls/patches/101-remove-test.patch diff --git a/6.12/package/libs/mbedtls/Config.in b/6.12/package/libs/mbedtls/Config.in deleted file mode 100644 index ad0ecb6e..00000000 --- a/6.12/package/libs/mbedtls/Config.in +++ /dev/null @@ -1,200 +0,0 @@ -if PACKAGE_libmbedtls - -comment "Option details in source code: include/mbedtls/mbedtls_config.h" - -comment "Ciphers - unselect old or less-used ciphers to reduce binary size" - -config MBEDTLS_AES_C - bool "MBEDTLS_AES_C" - default y - -config MBEDTLS_CAMELLIA_C - bool "MBEDTLS_CAMELLIA_C" - default n - -config MBEDTLS_CCM_C - bool "MBEDTLS_CCM_C" - default n - -config MBEDTLS_CMAC_C - bool "MBEDTLS_CMAC_C (old but used by hostapd)" - default y - -config MBEDTLS_DES_C - bool "MBEDTLS_DES_C (old but used by hostapd)" - default y - -config MBEDTLS_GCM_C - bool "MBEDTLS_GCM_C" - default y - -config MBEDTLS_NIST_KW_C - bool "MBEDTLS_NIST_KW_C (old but used by hostapd)" - default y - -config MBEDTLS_RIPEMD160_C - bool "MBEDTLS_RIPEMD160_C" - default n - -config MBEDTLS_XTEA_C - bool "MBEDTLS_XTEA_C" - default n - -config MBEDTLS_RSA_NO_CRT - bool "MBEDTLS_RSA_NO_CRT" - default y - -config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED" - default y - -config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED" - default n - -config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED" - default y - -config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED" - default n - -config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED" - default n - -config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED" - default n - -config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED" - default y - -config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" - default y - -config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" - default n - -config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED" - default n - -comment "Curves - unselect old or less-used curves to reduce binary size" - -config MBEDTLS_ECP_DP_SECP192R1_ENABLED - bool "MBEDTLS_ECP_DP_SECP192R1_ENABLED" - default n - -config MBEDTLS_ECP_DP_SECP224R1_ENABLED - bool "MBEDTLS_ECP_DP_SECP224R1_ENABLED" - default n - -config MBEDTLS_ECP_DP_SECP256R1_ENABLED - bool "MBEDTLS_ECP_DP_SECP256R1_ENABLED" - default y - -config MBEDTLS_ECP_DP_SECP384R1_ENABLED - bool "MBEDTLS_ECP_DP_SECP384R1_ENABLED" - default y - -config MBEDTLS_ECP_DP_SECP521R1_ENABLED - bool "MBEDTLS_ECP_DP_SECP521R1_ENABLED" - default y - -config MBEDTLS_ECP_DP_SECP192K1_ENABLED - bool "MBEDTLS_ECP_DP_SECP192K1_ENABLED" - default n - -config MBEDTLS_ECP_DP_SECP224K1_ENABLED - bool "MBEDTLS_ECP_DP_SECP224K1_ENABLED" - default n - -config MBEDTLS_ECP_DP_SECP256K1_ENABLED - bool "MBEDTLS_ECP_DP_SECP256K1_ENABLED" - default y - -config MBEDTLS_ECP_DP_BP256R1_ENABLED - bool "MBEDTLS_ECP_DP_BP256R1_ENABLED" - default n - -config MBEDTLS_ECP_DP_BP384R1_ENABLED - bool "MBEDTLS_ECP_DP_BP384R1_ENABLED" - default n - -config MBEDTLS_ECP_DP_BP512R1_ENABLED - bool "MBEDTLS_ECP_DP_BP512R1_ENABLED" - default n - -config MBEDTLS_ECP_DP_CURVE25519_ENABLED - bool "MBEDTLS_ECP_DP_CURVE25519_ENABLED" - default y - -config MBEDTLS_ECP_DP_CURVE448_ENABLED - bool "MBEDTLS_ECP_DP_CURVE448_ENABLED" - default n - -comment "Build Options - unselect features to reduce binary size" - -config MBEDTLS_CERTS_C - bool "MBEDTLS_CERTS_C" - default n - -config MBEDTLS_CIPHER_MODE_OFB - bool "MBEDTLS_CIPHER_MODE_OFB" - default n - -config MBEDTLS_CIPHER_MODE_XTS - bool "MBEDTLS_CIPHER_MODE_XTS" - default n - -config MBEDTLS_DEBUG_C - bool "MBEDTLS_DEBUG_C" - default n - -config MBEDTLS_HKDF_C - bool "MBEDTLS_HKDF_C" - default n - -config MBEDTLS_PLATFORM_C - bool "MBEDTLS_PLATFORM_C" - default n - -config MBEDTLS_SELF_TEST - bool "MBEDTLS_SELF_TEST" - default n - -config MBEDTLS_SSL_TRUNCATED_HMAC - bool "MBEDTLS_SSL_TRUNCATED_HMAC" - default n - -config MBEDTLS_THREADING_C - bool "MBEDTLS_THREADING_C" - default y - -config MBEDTLS_THREADING_PTHREAD - def_bool MBEDTLS_THREADING_C - -config MBEDTLS_VERSION_C - bool "MBEDTLS_VERSION_C" - default n - -config MBEDTLS_VERSION_FEATURES - bool "MBEDTLS_VERSION_FEATURES" - default n - -comment "Build Options" - -config MBEDTLS_ENTROPY_FORCE_SHA256 - bool "MBEDTLS_ENTROPY_FORCE_SHA256" - default y - -config MBEDTLS_SSL_RENEGOTIATION - bool "MBEDTLS_SSL_RENEGOTIATION" - default n - -endif diff --git a/6.12/package/libs/mbedtls/Makefile b/6.12/package/libs/mbedtls/Makefile deleted file mode 100644 index 502bf65f..00000000 --- a/6.12/package/libs/mbedtls/Makefile +++ /dev/null @@ -1,164 +0,0 @@ -# -# Copyright (C) 2011-2015 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=mbedtls -PKG_VERSION:=2.28.7 -PKG_RELEASE:=2 -PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=1df6073f0cf6a4e1953890bf5e0de2a8c7e6be50d6d6c69fa9fefcb1d14e981a - -PKG_LICENSE:=GPL-2.0-or-later -PKG_LICENSE_FILES:=gpl-2.0.txt -PKG_CPE_ID:=cpe:/a:arm:mbed_tls - -MBEDTLS_BUILD_OPTS_CURVES= \ - CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED - -MBEDTLS_BUILD_OPTS_CIPHERS= \ - CONFIG_MBEDTLS_AES_C \ - CONFIG_MBEDTLS_CAMELLIA_C \ - CONFIG_MBEDTLS_CCM_C \ - CONFIG_MBEDTLS_CMAC_C \ - CONFIG_MBEDTLS_DES_C \ - CONFIG_MBEDTLS_GCM_C \ - CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ - CONFIG_MBEDTLS_NIST_KW_C \ - CONFIG_MBEDTLS_RIPEMD160_C \ - CONFIG_MBEDTLS_RSA_NO_CRT \ - CONFIG_MBEDTLS_XTEA_C - -MBEDTLS_BUILD_OPTS= \ - $(MBEDTLS_BUILD_OPTS_CURVES) \ - $(MBEDTLS_BUILD_OPTS_CIPHERS) \ - CONFIG_MBEDTLS_CERTS_C \ - CONFIG_MBEDTLS_CIPHER_MODE_OFB \ - CONFIG_MBEDTLS_CIPHER_MODE_XTS \ - CONFIG_MBEDTLS_DEBUG_C \ - CONFIG_MBEDTLS_ENTROPY_FORCE_SHA256 \ - CONFIG_MBEDTLS_HKDF_C \ - CONFIG_MBEDTLS_PLATFORM_C \ - CONFIG_MBEDTLS_SELF_TEST \ - CONFIG_MBEDTLS_SSL_RENEGOTIATION \ - CONFIG_MBEDTLS_SSL_TRUNCATED_HMAC \ - CONFIG_MBEDTLS_THREADING_C \ - CONFIG_MBEDTLS_THREADING_PTHREAD \ - CONFIG_MBEDTLS_VERSION_C \ - CONFIG_MBEDTLS_VERSION_FEATURES - -PKG_CONFIG_DEPENDS := $(MBEDTLS_BUILD_OPTS) - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/cmake.mk - -define Package/mbedtls/Default - TITLE:=Embedded SSL - URL:=https://tls.mbed.org -endef - -define Package/mbedtls/Default/description -The aim of the mbedtls project is to provide a quality, open-source -cryptographic library written in C and targeted at embedded systems. -endef - -define Package/libmbedtls -$(call Package/mbedtls/Default) - SECTION:=libs - CATEGORY:=Libraries - SUBMENU:=SSL - TITLE+= (library) - ABI_VERSION:=13 - MENU:=1 -endef - -define Package/libmbedtls/config - source "$(SOURCE)/Config.in" -endef - -define Package/mbedtls-util -$(call Package/mbedtls/Default) - SECTION:=utils - CATEGORY:=Utilities - TITLE+= (utilities) - DEPENDS:=+libmbedtls -endef - -define Package/libmbedtls/description -$(call Package/mbedtls/Default/description) -This package contains the mbedtls library. -endef - -define Package/mbedtls-util/description -$(call Package/mbedtls/Default/description) -This package contains mbedtls helper programs for private key and -CSR generation (gen_key, cert_req) -endef - -TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) - -CMAKE_OPTIONS += \ - -DCMAKE_POSITION_INDEPENDENT_CODE=ON \ - -DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \ - -DENABLE_TESTING:Bool=OFF \ - -DENABLE_PROGRAMS:Bool=ON - -define Build/Prepare - $(call Build/Prepare/Default) - - $(if $(strip $(foreach opt,$(MBEDTLS_BUILD_OPTS),$($(opt)))), - $(foreach opt,$(MBEDTLS_BUILD_OPTS), - $(PKG_BUILD_DIR)/scripts/config.py \ - -f $(PKG_BUILD_DIR)/include/mbedtls/config.h \ - $(if $($(opt)),set,unset) $(patsubst CONFIG_%,%,$(opt))),) -endef - -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include - $(CP) $(PKG_INSTALL_DIR)/usr/include/mbedtls $(1)/usr/include/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so* $(1)/usr/lib/ - $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.a $(1)/usr/lib/ -endef - -define Package/libmbedtls/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so.* $(1)/usr/lib/ -endef - -define Package/mbedtls-util/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gen_key $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/cert_req $(1)/usr/bin/ -endef - -$(eval $(call BuildPackage,libmbedtls)) -$(eval $(call BuildPackage,mbedtls-util)) diff --git a/6.12/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch b/6.12/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch deleted file mode 100644 index 4ad2e8c7..00000000 --- a/6.12/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch +++ /dev/null @@ -1,197 +0,0 @@ -From eb9d4fdf1846e688d51d86a9a50f0312aca2af25 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Sun, 23 Oct 2022 19:48:18 -0400 -Subject: [PATCH] x509 crt verify SAN iPAddress - -Signed-off-by: Glenn Strauss ---- - include/mbedtls/x509_crt.h | 2 +- - library/x509_crt.c | 126 ++++++++++++++++++++++++++++++------- - 2 files changed, 103 insertions(+), 25 deletions(-) - ---- a/include/mbedtls/x509_crt.h -+++ b/include/mbedtls/x509_crt.h -@@ -608,7 +608,7 @@ int mbedtls_x509_crt_verify_info(char *b - * \param cn The expected Common Name. This will be checked to be - * present in the certificate's subjectAltNames extension or, - * if this extension is absent, as a CN component in its -- * Subject name. Currently only DNS names are supported. This -+ * Subject name. DNS names and IP addresses are supported. This - * may be \c NULL if the CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is ---- a/library/x509_crt.c -+++ b/library/x509_crt.c -@@ -57,6 +57,10 @@ - - #if defined(MBEDTLS_HAVE_TIME) - #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) -+#define WIN32_LEAN_AND_MEAN -+#ifndef _WIN32_WINNT -+#define _WIN32_WINNT 0x0600 -+#endif - #include - #else - #include -@@ -3002,6 +3006,61 @@ find_parent: - } - } - -+#ifdef _WIN32 -+#ifdef _MSC_VER -+#pragma comment(lib, "ws2_32.lib") -+#include -+#include -+#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600 -+#include -+#include -+#endif -+#elif defined(__sun) -+/* Solaris requires -lsocket -lnsl for inet_pton() */ -+#elif defined(__has_include) -+#if __has_include() -+#include -+#endif -+#if __has_include() -+#include -+#endif -+#endif -+ -+/* Use whether or not AF_INET6 is defined to indicate whether or not to use -+ * the platform inet_pton() or a local implementation (below). The local -+ * implementation may be used even in cases where the platform provides -+ * inet_pton(), e.g. when there are different includes required and/or the -+ * platform implementation requires dependencies on additional libraries. -+ * Specifically, Windows requires custom includes and additional link -+ * dependencies, and Solaris requires additional link dependencies. -+ * Also, as a coarse heuristic, use the local implementation if the compiler -+ * does not support __has_include(), or if the definition of AF_INET6 is not -+ * provided by headers included (or not) via __has_include() above. */ -+#ifndef AF_INET6 -+ -+#define x509_cn_inet_pton(cn, dst) (0) -+ -+#else -+ -+static int x509_inet_pton_ipv6(const char *src, void *dst) -+{ -+ return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1; -+} -+ -+static int x509_inet_pton_ipv4(const char *src, void *dst) -+{ -+ return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1; -+} -+ -+#endif /* AF_INET6 */ -+ -+static size_t x509_cn_inet_pton(const char *cn, void *dst) -+{ -+ return strchr(cn, ':') == NULL -+ ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0 -+ : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0; -+} -+ - /* - * Check for CN match - */ -@@ -3022,24 +3081,51 @@ static int x509_crt_check_cn(const mbedt - return -1; - } - -+static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san, -+ const char *cn, size_t cn_len) -+{ -+ uint32_t ip[4]; -+ cn_len = x509_cn_inet_pton(cn, ip); -+ if (cn_len == 0) { -+ return -1; -+ } -+ -+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { -+ const unsigned char san_type = (unsigned char) cur->buf.tag & -+ MBEDTLS_ASN1_TAG_VALUE_MASK; -+ if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS && -+ cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) { -+ return 0; -+ } -+ } -+ -+ return -1; -+} -+ - /* - * Check for SAN match, see RFC 5280 Section 4.2.1.6 - */ --static int x509_crt_check_san(const mbedtls_x509_buf *name, -+static int x509_crt_check_san(const mbedtls_x509_sequence *san, - const char *cn, size_t cn_len) - { -- const unsigned char san_type = (unsigned char) name->tag & -- MBEDTLS_ASN1_TAG_VALUE_MASK; -- -- /* dNSName */ -- if (san_type == MBEDTLS_X509_SAN_DNS_NAME) { -- return x509_crt_check_cn(name, cn, cn_len); -+ int san_ip = 0; -+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { -+ switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) { -+ case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */ -+ if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) { -+ return 0; -+ } -+ break; -+ case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */ -+ san_ip = 1; -+ break; -+ /* (We may handle other types here later.) */ -+ default: /* Unrecognized type */ -+ break; -+ } - } - -- /* (We may handle other types here later.) */ -- -- /* Unrecognized type */ -- return -1; -+ return san_ip ? x509_crt_check_san_ip(san, cn, cn_len) : -1; - } - - /* -@@ -3050,31 +3136,23 @@ static void x509_crt_verify_name(const m - uint32_t *flags) - { - const mbedtls_x509_name *name; -- const mbedtls_x509_sequence *cur; - size_t cn_len = strlen(cn); - - if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { -- for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) { -- if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) { -- break; -- } -- } -- -- if (cur == NULL) { -- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; -+ if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) { -+ return; - } - } else { - for (name = &crt->subject; name != NULL; name = name->next) { - if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && - x509_crt_check_cn(&name->val, cn, cn_len) == 0) { -- break; -+ return; - } - } - -- if (name == NULL) { -- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; -- } - } -+ -+ *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; - } - - /* diff --git a/6.12/package/libs/mbedtls/patches/101-remove-test.patch b/6.12/package/libs/mbedtls/patches/101-remove-test.patch deleted file mode 100644 index e43f8757..00000000 --- a/6.12/package/libs/mbedtls/patches/101-remove-test.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- a/programs/CMakeLists.txt -+++ b/programs/CMakeLists.txt -@@ -1,12 +1,8 @@ - add_subdirectory(aes) --if (NOT WIN32) -- add_subdirectory(fuzz) --endif() - add_subdirectory(hash) - add_subdirectory(pkey) - add_subdirectory(psa) - add_subdirectory(random) - add_subdirectory(ssl) --add_subdirectory(test) - add_subdirectory(util) - add_subdirectory(x509)