Consistently open files in binary mode on Windows

davidben · justsmth · commit 280d4c2b627c · 2024-11-11T09:23:41.000-05:00
BIO_*_filename, in upstream OpenSSL, opens in binary mode on Windows, not text mode. We seem to have lost those ifdefs in the fork. But since C mandates the 'b' suffix (POSIX just ignores it), apply it consistently to all OSes for simplicity. This fixes X509_FILETYPE_ASN1 in X509_STORE's file-based machinery on Windows. Also fix the various BIO_new_file calls to all specify binary mode. Looking through them, I don't think any of them care (they're all parsing PEM), but let's just apply it across the board so we don't have to think about this. Update-Note: BIO_read_filename, etc., now open in binary mode on Windows. This matches OpenSSL behavior. Change-Id: I7e555085d5c66ad2f205b476d0317570075bbadb Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66009 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Bob Beck <bbe@google.com> (cherry picked from commit cadebfd6398e017addaae4878662aadb42f60bda)
diff --git a/crypto/bio/bio_test.cc b/crypto/bio/bio_test.cc
@@ -749,19 +749,25 @@ TEST(BIOTest, Gets) {
         SCOPED_TRACE("file");
 
         // Test |BIO_new_file|.
-        bssl::UniquePtr<BIO> bio(BIO_new_file(file.path().c_str(), "r"));
+        bssl::UniquePtr<BIO> bio(BIO_new_file(file.path().c_str(), "rb"));
         ASSERT_TRUE(bio);
         check_bio_gets(bio.get());
 
+        // Test |BIO_read_filename|.
+        bio.reset(BIO_new(BIO_s_file()));
+        ASSERT_TRUE(bio);
+        ASSERT_TRUE(BIO_read_filename(bio.get(), file.path().c_str()));
+        check_bio_gets(bio.get());
+
         // Test |BIO_NOCLOSE|.
-        ScopedFILE file_obj = file.Open("r");
+        ScopedFILE file_obj = file.Open("rb");
         ASSERT_TRUE(file_obj);
         bio.reset(BIO_new_fp(file_obj.get(), BIO_NOCLOSE));
         ASSERT_TRUE(bio);
         check_bio_gets(bio.get());
 
         // Test |BIO_CLOSE|.
-        file_obj = file.Open("r");
+        file_obj = file.Open("rb");
         ASSERT_TRUE(file_obj);
         bio.reset(BIO_new_fp(file_obj.get(), BIO_CLOSE));
         ASSERT_TRUE(bio);
@@ -825,6 +831,24 @@ TEST(BIOTest, ExternalData) {
   EXPECT_EQ(retrieved_data->custom_data, 123);
 }
 
+// Test that, on Windows, |BIO_read_filename| opens files in binary mode.
+TEST(BIOTest, BinaryMode) {
+  if (SkipTempFileTests()) {
+    GTEST_SKIP();
+  }
+
+  TemporaryFile file;
+  ASSERT_TRUE(file.Init("\r\n"));
+
+  // Reading from the file should give back the exact bytes we put in.
+  bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
+  ASSERT_TRUE(bio);
+  ASSERT_TRUE(BIO_read_filename(bio.get(), file.path().c_str()));
+  char buf[2];
+  ASSERT_EQ(2, BIO_read(bio.get(), buf, 2));
+  EXPECT_EQ(Bytes(buf, 2), Bytes("\r\n"));
+}
+
 // Run through the tests twice, swapping |bio1| and |bio2|, for symmetry.
 class BIOPairTest : public testing::TestWithParam<bool> {};
 
diff --git a/crypto/bio/file.c b/crypto/bio/file.c
@@ -218,16 +218,16 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) {
       const char *mode;
       if (num & BIO_FP_APPEND) {
         if (num & BIO_FP_READ) {
-          mode = "a+";
+          mode = "ab+";
         } else {
-          mode = "a";
+          mode = "ab";
         }
       } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) {
-        mode = "r+";
+        mode = "rb+";
       } else if (num & BIO_FP_WRITE) {
-        mode = "w";
+        mode = "wb";
       } else if (num & BIO_FP_READ) {
-        mode = "r";
+        mode = "rb";
       } else {
         OPENSSL_PUT_ERROR(BIO, BIO_R_BAD_FOPEN_MODE);
         ret = 0;
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
@@ -228,7 +228,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) {
   if (type != X509_FILETYPE_PEM) {
     return X509_load_cert_file(ctx, file, type);
   }
-  in = BIO_new_file(file, "r");
+  in = BIO_new_file(file, "rb");
   if (!in) {
     OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB);
     return 0;
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
@@ -567,22 +567,26 @@ OPENSSL_EXPORT int BIO_set_fp(BIO *bio, FILE *file, int close_flag);
 
 // BIO_read_filename opens |filename| for reading and sets the result as the
 // |FILE| for |bio|. It returns one on success and zero otherwise. The |FILE|
-// will be closed when |bio| is freed.
+// will be closed when |bio| is freed. On Windows, the file is opened in binary
+// mode.
 OPENSSL_EXPORT int BIO_read_filename(BIO *bio, const char *filename);
 
 // BIO_write_filename opens |filename| for writing and sets the result as the
 // |FILE| for |bio|. It returns one on success and zero otherwise. The |FILE|
-// will be closed when |bio| is freed.
+// will be closed when |bio| is freed. On Windows, the file is opened in binary
+// mode.
 OPENSSL_EXPORT int BIO_write_filename(BIO *bio, const char *filename);
 
 // BIO_append_filename opens |filename| for appending and sets the result as
 // the |FILE| for |bio|. It returns one on success and zero otherwise. The
-// |FILE| will be closed when |bio| is freed.
+// |FILE| will be closed when |bio| is freed. On Windows, the file is opened in
+// binary mode.
 OPENSSL_EXPORT int BIO_append_filename(BIO *bio, const char *filename);
 
 // BIO_rw_filename opens |filename| for reading and writing and sets the result
 // as the |FILE| for |bio|. It returns one on success and zero otherwise. The
-// |FILE| will be closed when |bio| is freed.
+// |FILE| will be closed when |bio| is freed. On Windows, the file is opened in
+// binary mode.
 OPENSSL_EXPORT int BIO_rw_filename(BIO *bio, const char *filename);
 
 // BIO_tell returns the file offset of |bio|, or a negative number on error or
diff --git a/ssl/ssl_file.cc b/ssl/ssl_file.cc
@@ -204,7 +204,7 @@ int SSL_add_bio_cert_subjects_to_stack(STACK_OF(X509_NAME) *out, BIO *bio) {
 }
 
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) {
-  bssl::UniquePtr<BIO> in(BIO_new_file(file, "r"));
+  bssl::UniquePtr<BIO> in(BIO_new_file(file, "rb"));
   if (in == nullptr) {
     return nullptr;
   }
@@ -219,7 +219,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) {
 
 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *out,
                                         const char *file) {
-  bssl::UniquePtr<BIO> in(BIO_new_file(file, "r"));
+  bssl::UniquePtr<BIO> in(BIO_new_file(file, "rb"));
   if (in == nullptr) {
     return 0;
   }

Original file line number	Diff line number	Diff line change
`@@ -228,7 +228,7 @@ int X509_load_cert_crl_file(X509_LOOKUP ctx, const char file, int type) {`
`228`	`228`	`if (type != X509_FILETYPE_PEM) {`
`229`	`229`	`return X509_load_cert_file(ctx, file, type);`
`230`	`230`	`}`
`231`		`- in = BIO_new_file(file, "r");`
	`231`	`+ in = BIO_new_file(file, "rb");`
`232`	`232`	`if (!in) {`
`233`	`233`	`OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB);`
`234`	`234`	`return 0;`
Original file line number	Diff line number	Diff line change
`@@ -204,7 +204,7 @@ int SSL_add_bio_cert_subjects_to_stack(STACK_OF(X509_NAME) out, BIO bio) {`
`204`	`204`	`}`
`205`	`205`
`206`	`206`	`STACK_OF(X509_NAME) SSL_load_client_CA_file(const char file) {`
`207`		`- bssl::UniquePtr<BIO> in(BIO_new_file(file, "r"));`
	`207`	`+ bssl::UniquePtr<BIO> in(BIO_new_file(file, "rb"));`
`208`	`208`	`if (in == nullptr) {`
`209`	`209`	`return nullptr;`
`210`	`210`	`}`
`@@ -219,7 +219,7 @@ STACK_OF(X509_NAME) SSL_load_client_CA_file(const char file) {`
`219`	`219`
`220`	`220`	`int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *out,`
`221`	`221`	`const char *file) {`
`222`		`- bssl::UniquePtr<BIO> in(BIO_new_file(file, "r"));`
	`222`	`+ bssl::UniquePtr<BIO> in(BIO_new_file(file, "rb"));`
`223`	`223`	`if (in == nullptr) {`
`224`	`224`	`return 0;`
`225`	`225`	`}`