src/x509.c: handle streaming BIOs in PEM block reader

The CRL refactor broke nginx's ssl_cache.t (and the wolfSSL/wolfssl
nginx_check matrix on 1.24.0/1.25.0/1.28.1) because nginx loads the test
CRL through a FIFO. wolfSSL_PEM_X509_X509_CRL_X509_PKEY_read_bio() asks
wolfSSL_BIO_get_len() for the BIO size up front; for a FIFO the
underlying ftell() returns ESPIPE, wolfssl_file_len() reports
WOLFSSL_BAD_FILETYPE, and BIO_get_len() returns 0. The function then hit
the l <= pem_struct_min_sz guard and bailed with ASN_NO_PEM_HEADER
before reading a byte, so the caller's loop saw "no CRL" and nginx
emitted "PEM_read_bio_X509_CRL() failed".

Treat l == 0 as "streaming source, size unknown" and allocate up to
MAX_BIO_READ_BUFFER (the same cap ReadPemFromBioToBuffer used for this
case before the refactor). The existing byte-by-byte reader already
stops at the END marker or at EOF, so this is enough; if the upstream
short-reads we still surface ASN_NO_PEM_HEADER from the
pem_struct_min_sz read below. Keep rejecting tiny non-zero lengths
since those are real "buffer too small" cases.

Author: julek-wolfssl

src/x509.c

@@ -13766,7 +13766,11 @@ int wolfSSL_write_X509_CRL(WOLFSSL_X509_CRL* crl, const char* path, int type)
             return WOLFSSL_FAILURE;
         }
 
-        if (l <= pem_struct_min_sz) {
+        if (l == 0) {
+            /* Streaming BIO (pipe/FIFO/socket): size unknown, use the cap. */
+            l = MAX_BIO_READ_BUFFER;
+        }
+        else if (l <= pem_struct_min_sz) {
             /* No certificate in buffer */
             WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
             return WOLFSSL_FAILURE;