Fix certificate read from stdin on Windows

On Windows, reading certificate from stdin could fail like

    > type cert.der| openssl.exe x509 -inform DER -outform PEM
    Could not find or decode certificate from <stdin>

The decoder already tries to insert BIO_f_readbuffer
in this case, unfortunately it depends on undefined behavior
of ftell() on Windows.

Fix it by adding check for non-seekable input case
to BIO file control.

Note, the added testcase tests binary input certificate,
but does not trigger this issue explicitly.

Fixes: https://github.com/openssl/openssl/issues/19508
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue Mar 31 01:38:21 2026
(Merged from https://github.com/openssl/openssl/pull/30559)

diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index 75f163148e91daff72740ea4d7ad8077d130fe1c..963d9dad79b0f14fa23cb81627b6b1630f446e60 100644 (file)
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -218,8 +218,19 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_INFO:
         if (b->flags & BIO_FLAGS_UPLINK_INTERNAL)
             ret = UP_ftell(b->ptr);
-        else
+        else {
+#if defined(OPENSSL_SYS_WINDOWS)
+            /*
+             * On Windows, for non-seekable files (stdin), ftell() is undefined.
+             */
+            if (GetFileType((HANDLE)_get_osfhandle(_fileno(fp))) != FILE_TYPE_DISK)
+                ret = -1;
+            else
+                ret = ftell(fp);
+#else
             ret = ftell(fp);
+#endif
+        }
         break;
     case BIO_C_SET_FILE_PTR:
         file_free(b);

diff --git a/test/recipes/61-test_bio_readbuffer.t b/test/recipes/61-test_bio_readbuffer.t
index e10ab746ae38f36d23f3daa779eec539d70cbd5e..72027f722f690f6a2cd6c2f386ae2eda8676b782 100644 (file)
--- a/test/recipes/61-test_bio_readbuffer.t
+++ b/test/recipes/61-test_bio_readbuffer.t
@@ -16,7 +16,7 @@ setup('test_bio_readbuffer');
 my $pemfile = srctop_file("test", "certs", "leaf.pem");
 my $derfile = 'readbuffer_leaf.der';
 
-plan tests => 3;
+plan tests => 4;
 
 ok(run(app([ 'openssl', 'x509', '-inform', 'PEM', '-in', $pemfile,
              '-outform', 'DER', '-out', $derfile])),
@@ -27,3 +27,7 @@ ok(run(test(["bio_readbuffer_test", $derfile])),
 
 ok(run(test(["bio_readbuffer_test", $pemfile])),
    "Running bio_readbuffer_test $pemfile");
+
+ok(run(app([ 'openssl', 'x509', '-inform', 'DER', '-outform', 'PEM',
+             '-noout' ], stdin => $derfile)),
+   "Test stdin read buffer in openssl app");