From: Josh Cooper <joshcooper@users.noreply.github.com>
Date: Wed, 16 Oct 2024 22:06:16 +0000 (-0700)
Subject: Open pem files in binary mode
X-Git-Tag: openssl-3.5.0-alpha1~675
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4f20de0c8adc9cdcd1475155d467f66980915ab3;p=thirdparty%2Fopenssl.git

Open pem files in binary mode

In order to avoid an MSVCRT bug affecting ftell and text mode[1], open PEM files
in binary mode. The PEM parser already handles CRLF translation[2].

[1] https://github.com/openssl/openssl/commit/8300a8742b2abc487594a09b5e6ee726dbd30771
[2] https://github.com/openssl/openssl/pull/24249#issuecomment-2192025429

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25716)
---

diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 8b39e3dec74..94c2294fdf7 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -422,7 +422,11 @@ static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
     EVP_PKEY *key;
     fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
             key_id);
+# if defined(OPENSSL_SYS_WINDOWS)
+    in = BIO_new_file(key_id, "rb");
+# else
     in = BIO_new_file(key_id, "r");
+# endif
     if (!in)
         return NULL;
     key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
index 158e1c42425..d94866f1f42 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -50,7 +50,11 @@ X509 *TS_CONF_load_cert(const char *file)
     BIO *cert = NULL;
     X509 *x = NULL;
 
+#if defined(OPENSSL_SYS_WINDOWS)
+    if ((cert = BIO_new_file(file, "rb")) == NULL)
+#else
     if ((cert = BIO_new_file(file, "r")) == NULL)
+#endif
         goto end;
     x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
  end:
@@ -67,7 +71,11 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)
     STACK_OF(X509_INFO) *allcerts = NULL;
     int i;
 
+#if defined(OPENSSL_SYS_WINDOWS)
+    if ((certs = BIO_new_file(file, "rb")) == NULL)
+#else
     if ((certs = BIO_new_file(file, "r")) == NULL)
+#endif
         goto end;
     if ((othercerts = sk_X509_new_null()) == NULL)
         goto end;
@@ -98,7 +106,11 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
     BIO *key = NULL;
     EVP_PKEY *pkey = NULL;
 
+#if defined(OPENSSL_SYS_WINDOWS)
+    if ((key = BIO_new_file(file, "rb")) == NULL)
+#else
     if ((key = BIO_new_file(file, "r")) == NULL)
+#endif
         goto end;
     pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);
  end:
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index ad70cca30a9..e2c7147d23c 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -238,7 +238,11 @@ int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type,
 
     if (type != X509_FILETYPE_PEM)
         return X509_load_cert_file_ex(ctx, file, type, libctx, propq);
+#if defined(OPENSSL_SYS_WINDOWS)
+    in = BIO_new_file(file, "rb");
+#else
     in = BIO_new_file(file, "r");
+#endif
     if (in == NULL) {
         ERR_raise(ERR_LIB_X509, ERR_R_BIO_LIB);
         return 0;