Open pem files in binary mode

In order to avoid an MSVCRT bug affecting ftell and text mode[1], open PEM files
in binary mode. The PEM parser already handles CRLF translation[2].

[1] https://github.com/openssl/openssl/commit/8300a8742b2abc487594a09b5e6ee726dbd30771
[2] https://github.com/openssl/openssl/pull/24249#issuecomment-2192025429

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25716)

diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 8b39e3dec7482d5bae377e29f75b5e8f3776219d..94c2294fdf7cf469eeeb805464928e7456e0c4f8 100644 (file)
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -422,7 +422,11 @@ static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
     EVP_PKEY *key;
     fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
             key_id);
+# if defined(OPENSSL_SYS_WINDOWS)
+    in = BIO_new_file(key_id, "rb");
+# else
     in = BIO_new_file(key_id, "r");
+# endif
     if (!in)
         return NULL;
     key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);

diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
index 158e1c424258d8f2212ce2d2588d3becf8eca024..d94866f1f42895b36b651c0a0a8b477e17f27213 100644 (file)
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -50,7 +50,11 @@ X509 *TS_CONF_load_cert(const char *file)
     BIO *cert = NULL;
     X509 *x = NULL;
 
+#if defined(OPENSSL_SYS_WINDOWS)
+    if ((cert = BIO_new_file(file, "rb")) == NULL)
+#else
     if ((cert = BIO_new_file(file, "r")) == NULL)
+#endif
         goto end;
     x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
  end:
@@ -67,7 +71,11 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)
     STACK_OF(X509_INFO) *allcerts = NULL;
     int i;
 
+#if defined(OPENSSL_SYS_WINDOWS)
+    if ((certs = BIO_new_file(file, "rb")) == NULL)
+#else
     if ((certs = BIO_new_file(file, "r")) == NULL)
+#endif
         goto end;
     if ((othercerts = sk_X509_new_null()) == NULL)
         goto end;
@@ -98,7 +106,11 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
     BIO *key = NULL;
     EVP_PKEY *pkey = NULL;
 
+#if defined(OPENSSL_SYS_WINDOWS)
+    if ((key = BIO_new_file(file, "rb")) == NULL)
+#else
     if ((key = BIO_new_file(file, "r")) == NULL)
+#endif
         goto end;
     pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);
  end:

diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index ad70cca30a9da20c86ad11348527dd7adc42d71d..e2c7147d23c0acc3a0069950dbb9cef3c69da357 100644 (file)
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -238,7 +238,11 @@ int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type,
 
     if (type != X509_FILETYPE_PEM)
         return X509_load_cert_file_ex(ctx, file, type, libctx, propq);
+#if defined(OPENSSL_SYS_WINDOWS)
+    in = BIO_new_file(file, "rb");
+#else
     in = BIO_new_file(file, "r");
+#endif
     if (in == NULL) {
         ERR_raise(ERR_LIB_X509, ERR_R_BIO_LIB);
         return 0;