commit da126214ce27ca37a979c0f5b956397f145c346e
author Gilles Peskine <gilles.peskine@arm.com> Fri Aug 05 11:01:13 2022 +0200
committer GitHub <noreply@github.com> Fri Aug 05 11:01:13 2022 +0200
tree cb6412d8ca5bdd07784446b243a21437a7ab6ade
parent f222b8e0419fd1367dfacdeff3f2535fdc31127a
parent df336842a96e0827a4d247726c3ea67747e2f55b

Merge pull request #6071 from wernerlewis/bignum_test_radix_2.28

[Backport 2.28] Remove radix argument from bignum test functions

ChangeLog.d/fix_psa_crypto_cipher_h_include.txt

diff --git a/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt b/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt
new file mode 100644
index 0000000..bf2e65d
--- /dev/null
+++ b/ChangeLog.d/fix_psa_crypto_cipher_h_include.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Use double quotes to include private header file psa_crypto_cipher.h.
+     Fixes 'file not found with <angled> include' error
+     when building with Xcode.

ChangeLog.d/x509-broken-symlink-handling.txt

diff --git a/ChangeLog.d/x509-broken-symlink-handling.txt b/ChangeLog.d/x509-broken-symlink-handling.txt
new file mode 100644
index 0000000..52288dc
--- /dev/null
+++ b/ChangeLog.d/x509-broken-symlink-handling.txt
@@ -0,0 +1,5 @@
+Bugfix
+   * Fix handling of broken symlinks when loading certificates using
+     mbedtls_x509_crt_parse_path(). Instead of returning an error as soon as a
+     broken link is encountered, skip the broken link and continue parsing
+     other certificate files. Contributed by Eduardo Silva in #2602.

library/psa_crypto_cipher.c

diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 574c184..38962cd 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -22,7 +22,7 @@
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 
-#include <psa_crypto_cipher.h>
+#include "psa_crypto_cipher.h"
 #include "psa_crypto_core.h"
 #include "psa_crypto_random_impl.h"
 

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 911644b..42f1fc2 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -77,6 +77,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <dirent.h>
+#include <errno.h>
 #endif /* !_WIN32 || EFIX64 || EFI32 */
 #endif
 
@@ -1640,8 +1641,22 @@
         }
         else if( stat( entry_name, &sb ) == -1 )
         {
-            ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
-            goto cleanup;
+            if( errno == ENOENT )
+            {
+                /* Broken symbolic link - ignore this entry.
+                    stat(2) will return this error for either (a) a dangling
+                    symlink or (b) a missing file.
+                    Given that we have just obtained the filename from readdir,
+                    assume that it does exist and therefore treat this as a
+                    dangling symlink. */
+                continue;
+            }
+            else
+            {
+                /* Some other file error; report the error. */
+                ret = MBEDTLS_ERR_X509_FILE_IO_ERROR;
+                goto cleanup;
+            }
         }
 
         if( !S_ISREG( sb.st_mode ) )