From de35f31091b7e6cb20ebc8d8c0afc3b20bc57098 Mon Sep 17 00:00:00 2001 From: Mihai Moldovan Date: Thu, 16 Jan 2020 08:59:39 +0100 Subject: [PATCH] Avoid overwriting tls headers in submodule mode When crypto is embedded as a submodule and the cmake build system is used, it would previously overwrite some header files installed by tls. Most of them are harmless (since they should be identical), but config.h is a special case. tls's and crypto's config.h files differ widely in scope and overwriting the more general, bigger config.h file from tls with crypto's smaller one will make a lot of features unavailable in programs using tls. Let's just avoid overwriting any tls header in submodule mode. Note that this will not fix the potential issue that crypto might be using a different configuration than tls in the submodule case. Fixes ARMmbed/mbedtls#2965 --- include/CMakeLists.txt | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index 02f924df4..92229a221 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -5,6 +5,19 @@ if(INSTALL_MBEDTLS_HEADERS) file(GLOB headers "mbedtls/*.h") file(GLOB psa_headers "psa/*.h") + if(USE_CRYPTO_SUBMODULE) + # Don't overwrite mbedtls's header files! + # config.h is supposed to be automatically checked for compatibility + # in automatic builds, while the other files should not just be + # compatible, but also identical in theory. + # Practically, we don't check that in crypto but just assume that the + # submodule configuration is sane and trust tls's headers. + list(REMOVE_ITEM headers "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/compat-1.3.h" + "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/config.h" + "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/error.h" + "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/version.h") + endif(USE_CRYPTO_SUBMODULE) + install(FILES ${headers} DESTINATION include/mbedtls PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)