From b238d36c50a177eb8d5fb384e51fe03c9e81001a Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Tue, 24 Mar 2026 14:50:21 +0100 Subject: [PATCH] Fix certificate read from stdin on Windows On Windows, reading certificate from stdin could fail like > type cert.der| openssl.exe x509 -inform DER -outform PEM Could not find or decode certificate from The decoder already tries to insert BIO_f_readbuffer in this case, unfortunately it depends on undefined behavior of ftell() on Windows. Fix it by adding check for non-seekable input case to BIO file control. Note, the added testcase tests binary input certificate, but does not trigger this issue explicitly. Fixes: https://github.com/openssl/openssl/issues/19508 Signed-off-by: Milan Broz Reviewed-by: Tomas Mraz Reviewed-by: Viktor Dukhovni Reviewed-by: Eugene Syromiatnikov MergeDate: Tue Mar 31 01:38:21 2026 (Merged from https://github.com/openssl/openssl/pull/30559) --- crypto/bio/bss_file.c | 13 ++++++++++++- test/recipes/61-test_bio_readbuffer.t | 6 +++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 75f163148e9..963d9dad79b 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -218,8 +218,19 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_INFO: if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) ret = UP_ftell(b->ptr); - else + else { +#if defined(OPENSSL_SYS_WINDOWS) + /* + * On Windows, for non-seekable files (stdin), ftell() is undefined. + */ + if (GetFileType((HANDLE)_get_osfhandle(_fileno(fp))) != FILE_TYPE_DISK) + ret = -1; + else + ret = ftell(fp); +#else ret = ftell(fp); +#endif + } break; case BIO_C_SET_FILE_PTR: file_free(b); diff --git a/test/recipes/61-test_bio_readbuffer.t b/test/recipes/61-test_bio_readbuffer.t index e10ab746ae3..72027f722f6 100644 --- a/test/recipes/61-test_bio_readbuffer.t +++ b/test/recipes/61-test_bio_readbuffer.t @@ -16,7 +16,7 @@ setup('test_bio_readbuffer'); my $pemfile = srctop_file("test", "certs", "leaf.pem"); my $derfile = 'readbuffer_leaf.der'; -plan tests => 3; +plan tests => 4; ok(run(app([ 'openssl', 'x509', '-inform', 'PEM', '-in', $pemfile, '-outform', 'DER', '-out', $derfile])), @@ -27,3 +27,7 @@ ok(run(test(["bio_readbuffer_test", $derfile])), ok(run(test(["bio_readbuffer_test", $pemfile])), "Running bio_readbuffer_test $pemfile"); + +ok(run(app([ 'openssl', 'x509', '-inform', 'DER', '-outform', 'PEM', + '-noout' ], stdin => $derfile)), + "Test stdin read buffer in openssl app"); -- 2.47.3