CHANGES.md

@@ -23,6 +23,13 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Add filter BIO BIO_f_readbuffer() that allows BIO_tell() and BIO_seek() to
+   work on read only BIO source/sinks that do not support these functions.
+   This allows piping or redirection of a file BIO using stdin to be buffered
+   into memory. This is used internally in OSSL_DECODER_from_bio().
+
+   *Shane Lontis*
+
  * OSSL_STORE_INFO_get_type() may now return an additional value. In 1.1.1
    this function would return one of the values OSSL_STORE_INFO_NAME,
    OSSL_STORE_INFO_PKEY, OSSL_STORE_INFO_PARAMS, OSSL_STORE_INFO_CERT or

crypto/bio/bf_readbuff.c

+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is a read only BIO filter that can be used to add BIO_tell() and
+ * BIO_seek() support to source/sink BIO's (such as a file BIO that uses stdin).
+ * It does this by caching ALL data read from the BIO source/sink into a
+ * resizable memory buffer.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+
+#define DEFAULT_BUFFER_SIZE     4096
+
+static int readbuffer_write(BIO *h, const char *buf, int num);
+static int readbuffer_read(BIO *h, char *buf, int size);
+static int readbuffer_puts(BIO *h, const char *str);
+static int readbuffer_gets(BIO *h, char *str, int size);
+static long readbuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int readbuffer_new(BIO *h);
+static int readbuffer_free(BIO *data);
+static long readbuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+static const BIO_METHOD methods_readbuffer = {
+    BIO_TYPE_BUFFER,
+    "readbuffer",
+    bwrite_conv,
+    readbuffer_write,
+    bread_conv,
+    readbuffer_read,
+    readbuffer_puts,
+    readbuffer_gets,
+    readbuffer_ctrl,
+    readbuffer_new,
+    readbuffer_free,
+    readbuffer_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_readbuffer(void)
+{
+    return &methods_readbuffer;
+}
+
+static int readbuffer_new(BIO *bi)
+{
+    BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        return 0;
+    ctx->ibuf_size = DEFAULT_BUFFER_SIZE;
+    ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+    if (ctx->ibuf == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+
+    bi->init = 1;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return 1;
+}
+
+static int readbuffer_free(BIO *a)
+{
+    BIO_F_BUFFER_CTX *b;
+
+    if (a == NULL)
+        return 0;
+    b = (BIO_F_BUFFER_CTX *)a->ptr;
+    OPENSSL_free(b->ibuf);
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return 1;
+}
+
+static int readbuffer_resize(BIO_F_BUFFER_CTX *ctx, int sz)
+{
+    char *tmp;
+
+    /* Figure out how many blocks are required */
+    sz += (ctx->ibuf_off + DEFAULT_BUFFER_SIZE - 1);
+    sz = DEFAULT_BUFFER_SIZE * (sz / DEFAULT_BUFFER_SIZE);
+
+    /* Resize if the buffer is not big enough */
+    if (sz > ctx->ibuf_size) {
+        tmp = OPENSSL_realloc(ctx->ibuf, sz);
+        if (tmp == NULL)
+            return 0;
+        ctx->ibuf = tmp;
+        ctx->ibuf_size = sz;
+    }
+    return 1;
+}
+
+static int readbuffer_read(BIO *b, char *out, int outl)
+{
+    int i, num = 0;
+    BIO_F_BUFFER_CTX *ctx;
+
+    if (out == NULL || outl == 0)
+        return 0;
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return 0;
+    BIO_clear_retry_flags(b);
+
+    for (;;) {
+        i = ctx->ibuf_len;
+        /* If there is something in the buffer just read it. */
+        if (i != 0) {
+            if (i > outl)
+                i = outl;
+            memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i);
+            ctx->ibuf_off += i;
+            ctx->ibuf_len -= i;
+            num += i;
+            /* Exit if we have read the bytes required out of the buffer */
+            if (outl == i)
+                return num;
+            outl -= i;
+            out += i;
+        }
+
+        /* Only gets here if the buffer has been consumed */
+        if (!readbuffer_resize(ctx, outl))
+            return 0;
+
+        /* Do some buffering by reading from the next bio */
+        i = BIO_read(b->next_bio, ctx->ibuf + ctx->ibuf_off, outl);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            if (i < 0)
+                return ((num > 0) ? num : i);
+            else
+                return num; /* i == 0 */
+        }
+        ctx->ibuf_len = i;
+    }
+}
+
+static int readbuffer_write(BIO *b, const char *in, int inl)
+{
+    return 0;
+}
+static int readbuffer_puts(BIO *b, const char *str)
+{
+    return 0;
+}
+
+static long readbuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO_F_BUFFER_CTX *ctx;
+    long ret = 1, sz;
+
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_EOF:
+        if (ctx->ibuf_len > 0)
+            return 0;
+        if (b->next_bio == NULL)
+            return 1;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+
+    case BIO_C_FILE_SEEK:
+    case BIO_CTRL_RESET:
+        sz = ctx->ibuf_off + ctx->ibuf_len;
+        /* Assume it can only seek backwards */
+        if (num < 0 || num > sz)
+            return 0;
+        ctx->ibuf_off = num;
+        ctx->ibuf_len = sz - num;
+        break;
+
+    case BIO_C_FILE_TELL:
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->ibuf_off;
+        break;
+    case BIO_CTRL_PENDING:
+        ret = (long)ctx->ibuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return 0;
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static long readbuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    if (b->next_bio == NULL)
+        return 0;
+    return BIO_callback_ctrl(b->next_bio, cmd, fp);
+}
+
+static int readbuffer_gets(BIO *b, char *buf, int size)
+{
+    BIO_F_BUFFER_CTX *ctx;
+    int num = 0, num_chars, found_newline;
+    char *p;
+
+    if (size == 0)
+        return 0;
+    --size; /* the passed in size includes the terminator - so remove it here */
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+    BIO_clear_retry_flags(b);
+
+    for (;;) {
+        if (ctx->ibuf_len > 0) {
+            p = &(ctx->ibuf[ctx->ibuf_off]);
+            found_newline = 0;
+            for (num_chars = 0;
+                 (num_chars < ctx->ibuf_len) && (num_chars < size);
+                 num_chars++) {
+                *(buf++) = p[num_chars];
+                if (p[num_chars] == '\n') {
+                    found_newline = 1;
+                    num_chars++;
+                    break;
+                }
+            }
+            num += num_chars;
+            size -= num_chars;
+            ctx->ibuf_len -= num_chars;
+            ctx->ibuf_off += num_chars;
+            if (found_newline || size == 0) {
+                *buf = '\0';
+                return num;
+            }
+        } else {
+            /* read another line and resize if we have to */
+            if (!readbuffer_resize(ctx, size))
+                return 0;
+
+            /* Read another line from the next bio using BIO_gets */
+            num_chars = BIO_gets(b->next_bio, ctx->ibuf + ctx->ibuf_off,
+                                 1 + size);
+            if (num_chars <= 0) {
+                BIO_copy_next_retry(b);
+                *buf = '\0';
+                return num > 0 ? num : num_chars;
+            }
+            ctx->ibuf_len = num_chars;
+        }
+    }
+}

crypto/bio/build.info

@@ -15,4 +15,4 @@ SOURCE[../../libcrypto]=\
 
 # Filters
 SOURCE[../../libcrypto]=\
-        bf_null.c bf_buff.c bf_lbuf.c bf_nbio.c bf_prefix.c
+        bf_null.c bf_buff.c bf_lbuf.c bf_nbio.c bf_prefix.c bf_readbuff.c

crypto/encode_decode/decoder_lib.c

@@ -39,7 +39,14 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
 {
     struct decoder_process_data_st data;
     int ok = 0;
+    BIO *new_bio = NULL;
 
+    if (BIO_tell(in) < 0) {
+        new_bio = BIO_new(BIO_f_readbuffer());
+        if (new_bio == NULL)
+            return 0;
+        in = BIO_push(new_bio, in);
+    }
     memset(&data, 0, sizeof(data));
     data.ctx = ctx;
     data.bio = in;
@@ -52,6 +59,10 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
     /* Clear any internally cached passphrase */
     (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
 
+    if (new_bio != NULL) {
+        BIO_pop(new_bio);
+        BIO_free(new_bio);
+    }
     return ok;
 }
 

doc/build.info

@@ -570,6 +570,10 @@ DEPEND[html/man3/BIO_f_prefix.html]=man3/BIO_f_prefix.pod
 GENERATE[html/man3/BIO_f_prefix.html]=man3/BIO_f_prefix.pod
 DEPEND[man/man3/BIO_f_prefix.3]=man3/BIO_f_prefix.pod
 GENERATE[man/man3/BIO_f_prefix.3]=man3/BIO_f_prefix.pod
+DEPEND[html/man3/BIO_f_readbuffer.html]=man3/BIO_f_readbuffer.pod
+GENERATE[html/man3/BIO_f_readbuffer.html]=man3/BIO_f_readbuffer.pod
+DEPEND[man/man3/BIO_f_readbuffer.3]=man3/BIO_f_readbuffer.pod
+GENERATE[man/man3/BIO_f_readbuffer.3]=man3/BIO_f_readbuffer.pod
 DEPEND[html/man3/BIO_f_ssl.html]=man3/BIO_f_ssl.pod
 GENERATE[html/man3/BIO_f_ssl.html]=man3/BIO_f_ssl.pod
 DEPEND[man/man3/BIO_f_ssl.3]=man3/BIO_f_ssl.pod
@@ -2772,6 +2776,7 @@ html/man3/BIO_f_cipher.html \
 html/man3/BIO_f_md.html \
 html/man3/BIO_f_null.html \
 html/man3/BIO_f_prefix.html \
+html/man3/BIO_f_readbuffer.html \
 html/man3/BIO_f_ssl.html \
 html/man3/BIO_find_type.html \
 html/man3/BIO_get_data.html \
@@ -3342,6 +3347,7 @@ man/man3/BIO_f_cipher.3 \
 man/man3/BIO_f_md.3 \
 man/man3/BIO_f_null.3 \
 man/man3/BIO_f_prefix.3 \
+man/man3/BIO_f_readbuffer.3 \
 man/man3/BIO_f_ssl.3 \
 man/man3/BIO_find_type.3 \
 man/man3/BIO_get_data.3 \

doc/man3/BIO_f_readbuffer.pod

+=pod
+
+=head1 NAME
+
+BIO_f_readbuffer
+- read only buffering BIO that supports BIO_tell() and BIO_seek()
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ const BIO_METHOD *BIO_f_readbuffer(void);
+
+=head1 DESCRIPTION
+
+BIO_f_readbuffer() returns the read buffering BIO method.
+
+This BIO filter can be inserted on top of BIO's that do not support BIO_tell()
+or BIO_seek() (e.g. A file BIO that uses stdin).
+
+Data read from a read buffering BIO comes from an internal buffer which is
+filled from the next BIO in the chain.
+
+BIO_gets() is supported for read buffering BIOs.
+Writing data to a read buffering BIO is not supported.
+
+Calling BIO_reset() on a read buffering BIO does not clear any buffered data.
+
+=head1 NOTES
+
+Read buffering BIOs implement BIO_read_ex() by using BIO_read_ex() operations
+on the next BIO (e.g. a file BIO) in the chain and storing the result in an
+internal buffer, from which bytes are given back to the caller as appropriate
+for the call. BIO_read_ex() is guaranteed to give the caller the number of bytes
+it asks for, unless there's an error or end of communication is reached in the
+next BIO. The internal buffer can grow to cache the entire contents of the next
+BIO in the chain. BIO_seek() uses the internal buffer, so that it can only seek
+into data that is already read.
+
+=head1 RETURN VALUES
+
+BIO_f_readbuffer() returns the read buffering BIO method.
+
+=head1 SEE ALSO
+
+L<bio(7)>,
+L<BIO_read(3)>,
+L<BIO_gets(3)>,
+L<BIO_reset(3)>,
+L<BIO_ctrl(3)>.
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut

doc/man7/bio.pod

@@ -64,6 +64,7 @@ L<BIO_ctrl(3)>,
 L<BIO_f_base64(3)>, L<BIO_f_buffer(3)>,
 L<BIO_f_cipher(3)>, L<BIO_f_md(3)>,
 L<BIO_f_null(3)>, L<BIO_f_ssl(3)>,
+L<BIO_f_readbuffer(3)>,
 L<BIO_find_type(3)>, L<BIO_new(3)>,
 L<BIO_new_bio_pair(3)>,
 L<BIO_push(3)>, L<BIO_read_ex(3)>,
@@ -76,7 +77,7 @@ L<BIO_should_retry(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

include/openssl/bio.h.in

@@ -647,6 +647,7 @@ const BIO_METHOD *BIO_s_bio(void);
 const BIO_METHOD *BIO_s_null(void);
 const BIO_METHOD *BIO_f_null(void);
 const BIO_METHOD *BIO_f_buffer(void);
+const BIO_METHOD *BIO_f_readbuffer(void);
 const BIO_METHOD *BIO_f_linebuffer(void);
 const BIO_METHOD *BIO_f_nbio_test(void);
 const BIO_METHOD *BIO_f_prefix(void);

providers/implementations/storemgmt/file_store.c

@@ -8,30 +8,26 @@
  */
 
 #include "e_os.h"                /* To get strncasecmp() on Windows */
+
 #include <string.h>
 #include <sys/stat.h>
-#include <ctype.h>
+#include <ctype.h>  /* isdigit */
 #include <assert.h>
 
-#include <openssl/core.h>
 #include <openssl/core_dispatch.h>
 #include <openssl/core_names.h>
 #include <openssl/core_object.h>
-#include <openssl/crypto.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
-#include <openssl/buffer.h>
 #include <openssl/params.h>
 #include <openssl/decoder.h>
-#include <openssl/store.h>       /* The OSSL_STORE_INFO type numbers */
 #include <openssl/proverr.h>
+#include <openssl/store.h>       /* The OSSL_STORE_INFO type numbers */
 #include "internal/cryptlib.h"
 #include "internal/o_dir.h"
-#include "crypto/pem.h"          /* For PVK and "blob" PEM headers */
 #include "crypto/decoder.h"
 #include "prov/implementations.h"
 #include "prov/bio.h"
-#include "prov/provider_ctx.h"
 #include "file_store_local.h"
 
 DEFINE_STACK_OF(OSSL_STORE_INFO)
@@ -74,10 +70,6 @@ struct file_ctx_st {
         IS_DIR                   /* Pass directory entry names */
     } type;
 
-    /* Flag bits */
-    unsigned int flag_attached:1;
-    unsigned int flag_buffered:1;
-
     union {
         /* Used with |IS_FILE| */
         struct {
@@ -299,139 +291,18 @@ static void *file_open(void *provctx, const char *uri)
     return ctx;
 }
 
-/*
- * Attached input streams must be treated very very carefully to avoid
- * nasty surprises.
- *
- * This implementation tries to support input streams that can't be reset,
- * such as standard input.  However, OSSL_DECODER assumes resettable streams,
- * and because the PEM decoder may read quite a bit of the input file to skip
- * past any non-PEM text that precedes the PEM block, we may need to detect
- * if the input stream is a PEM file early.
- *
- * If the input stream supports BIO_tell(), we assume that it also supports
- * BIO_seek(), making it a resettable stream and therefore safe to fully
- * unleash OSSL_DECODER.
- *
- * If the input stream doesn't support BIO_tell(), we must assume that we
- * have a non-resettable stream, and must tread carefully.  We do so by
- * trying to detect if the input is PEM, MSBLOB or PVK, and if not, we
- * assume that it's DER.
- *
- * To detect if an input stream is PEM, MSBLOB or PVK, we use the buffer BIO
- * filter, which allows us a 4KiB resettable read-ahead.  We *hope* that 4KiB
- * will be enough to find the start of the PEM block.
- *
- * It should be possible to use this same technique to detect other file
- * types as well.
- *
- * An alternative technique would be to have an endlessly caching BIO filter.
- * That would take away the need for all the detection here, and simply leave
- * it for OSSL_DECODER to find out on its own while supporting its demand for
- * resettable input streams.
- * That's a possible future development.
- */
-
-# define INPUT_TYPE_ANY         NULL
-# define INPUT_TYPE_DER         "DER"
-# define INPUT_TYPE_PEM         "PEM"
-# define INPUT_TYPE_MSBLOB      "MSBLOB"
-# define INPUT_TYPE_PVK         "PVK"
-
 void *file_attach(void *provctx, OSSL_CORE_BIO *cin)
 {
+    struct file_ctx_st *ctx;
     BIO *new_bio = bio_new_from_core_bio(provctx, cin);
-    BIO *new_bio_tmp = NULL;
-    BIO *buff = NULL;
-    char peekbuf[4096] = { 0, };
-    int loc;
-    const char *input_type = NULL;
-    unsigned int flag_attached = 1;
-    unsigned int flag_buffered = 0;
-    struct file_ctx_st *ctx = NULL;
 
     if (new_bio == NULL)
-        return 0;
-
-    /* Try to get the current position */
-    loc = BIO_tell(new_bio);
-
-    if ((buff = BIO_new(BIO_f_buffer())) == NULL
-        || (new_bio_tmp = BIO_push(buff, new_bio)) == NULL)
-        goto err;
-
-    /* Assumption, if we can't detect PEM */
-    input_type = INPUT_TYPE_DER;
-    flag_buffered = 1;
-    new_bio = new_bio_tmp;
-
-    if (BIO_buffer_peek(new_bio, peekbuf, sizeof(peekbuf) - 1) > 0) {
-#ifndef OPENSSL_NO_DSA
-        const unsigned char *p = NULL;
-        unsigned int magic = 0, bitlen = 0;
-        int isdss = 0, ispub = -1;
-# ifndef OPENSSL_NO_RC4
-        unsigned int saltlen = 0, keylen = 0;
-# endif
-#endif
-
-        peekbuf[sizeof(peekbuf) - 1] = '\0';
-        if (strstr(peekbuf, "-----BEGIN ") != NULL)
-            input_type = INPUT_TYPE_PEM;
-#ifndef OPENSSL_NO_DSA
-        else if (p = (unsigned char *)peekbuf,
-                 ossl_do_blob_header(&p, sizeof(peekbuf), &magic, &bitlen,
-                                     &isdss, &ispub))
-            input_type = INPUT_TYPE_MSBLOB;
-# ifndef OPENSSL_NO_RC4
-        else if (p = (unsigned char *)peekbuf,
-                 ossl_do_PVK_header(&p, sizeof(peekbuf), 0, &saltlen, &keylen))
-            input_type = INPUT_TYPE_PVK;
-# endif
-#endif
-    }
-
-    /*
-     * After peeking, we know that the underlying source BIO has moved ahead
-     * from its earlier position and that if it supports BIO_tell(), that
-     * should be a number that differs from |loc|.  Otherwise, we will get
-     * the same value, which may one of:
-     *
-     * -   zero (the source BIO doesn't support BIO_tell() / BIO_seek() /
-     *     BIO_reset())
-     * -   -1 (the underlying operating system / C library routines do not
-     *     support BIO_tell() / BIO_seek() / BIO_reset())
-     *
-     * If it turns out that the source BIO does support BIO_tell(), we pop
-     * the buffer BIO filter and mark this input as |INPUT_TYPE_ANY|, which
-     * fully unleashes OSSL_DECODER to do its thing.
-     */
-    if (BIO_tell(new_bio) != loc) {
-        /* In this case, anything goes */
-        input_type = INPUT_TYPE_ANY;
-
-        /* Restore the source BIO like it was when entering this function */
-        new_bio = BIO_pop(buff);
-        BIO_free(buff);
-        (void)BIO_seek(new_bio, loc);
-
-        flag_buffered = 0;
-    }
-
-    if ((ctx = file_open_stream(new_bio, NULL, input_type, provctx)) == NULL)
-        goto err;
-
-    ctx->flag_attached = flag_attached;
-    ctx->flag_buffered = flag_buffered;
+        return NULL;
 
+    ctx = file_open_stream(new_bio, NULL, NULL, provctx);
+    if (ctx == NULL)
+        BIO_free(new_bio);
     return ctx;
- err:
-    if (flag_buffered) {
-        new_bio = BIO_pop(buff);
-        BIO_free(buff);
-    }
-    BIO_free(new_bio);           /* Removes the provider BIO filter */
-    return NULL;
 }
 
 /*-
@@ -854,30 +725,11 @@ static int file_close_dir(struct file_ctx_st *ctx)
 
 static int file_close_stream(struct file_ctx_st *ctx)
 {
-    if (ctx->flag_buffered) {
-        /*
-         * file_attach() pushed a BIO_f_buffer() on top of the regular BIO.
-         * Drop it.
-         */
-        BIO *buff = ctx->_.file.file;
-
-        /* Detach buff */
-        ctx->_.file.file = BIO_pop(ctx->_.file.file);
-
-        BIO_free(buff);
-    }
-
     /*
-     * If it was attached, we only free the top, as that's the provider BIO
-     * filter.  Otherwise, it was entirely allocated by this implementation,
-     * and can safely be completely freed.
+     * This frees either the provider BIO filter (for file_attach()) OR
+     * the allocated file BIO (for file_open()).
      */
-    if (ctx->flag_attached)
-        BIO_free(ctx->_.file.file);
-    else
-        BIO_free_all(ctx->_.file.file);
-
-    /* To avoid double free */
+    BIO_free(ctx->_.file.file);
     ctx->_.file.file = NULL;
 
     free_file_ctx(ctx);

test/recipes/20-test_dhparam.t

@@ -19,7 +19,7 @@ setup("test_dhparam");
 
 plan skip_all => "DH is not supported in this build"
     if disabled("dh");
-plan tests => 16;
+plan tests => 17;
 
 sub checkdhparams {
     my $file = shift; #Filename containing params
@@ -171,3 +171,7 @@ SKIP: {
         checkdhparams("gen-x942-0-512.der", "X9.42", 0, "DER", 512);
     };
 }
+
+ok(run(app(["openssl", "dhparam", "-noout", "-text"],
+           stdin => data_file("pkcs3-2-1024.pem"))),
+   "stdinbuffer input test that uses BIO_gets");

util/libcrypto.num

@@ -5313,3 +5313,4 @@ EVP_RAND_CTX_gettable_params            ?	3_0_0	EXIST::FUNCTION:
 EVP_RAND_CTX_settable_params            ?	3_0_0	EXIST::FUNCTION:
 RAND_set_DRBG_type                      ?	3_0_0	EXIST::FUNCTION:
 RAND_set_seed_source_type               ?	3_0_0	EXIST::FUNCTION:
+BIO_f_readbuffer                        ?	3_0_0	EXIST::FUNCTION: