From ffde1ab30d005505a902c4154f0cad4479b7a295 Mon Sep 17 00:00:00 2001
From: Gina Peter Banyard <girgias@php.net>
Date: Mon, 10 Feb 2025 15:48:41 +0000
Subject: [PATCH] ext/openssl: Check that loading/writing to RANDFILE succeeds

---
 ext/openssl/openssl_backend_common.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
index 8fcb81f9a027e..9c11c90109a99 100644
--- a/ext/openssl/openssl_backend_common.c
+++ b/ext/openssl/openssl_backend_common.c
@@ -1510,6 +1510,10 @@ EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req)
 	int egdsocket, seeded;
 	char *randfile = php_openssl_conf_get_string(req->req_config, req->section_name, "RANDFILE");
 	php_openssl_load_rand_file(randfile, &egdsocket, &seeded);
+	if (php_openssl_load_rand_file(randfile, &egdsocket, &seeded) == FAILURE) {
+		php_error_docref(NULL, E_WARNING, "Failed to load RANDFILE");
+		return NULL;
+	}
 	PHP_OPENSSL_RAND_ADD_TIME();
 
 	EVP_PKEY *key = NULL;
@@ -1601,7 +1605,9 @@ EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req)
 	req->priv_key = key;
 
 cleanup:
-	php_openssl_write_rand_file(randfile, egdsocket, seeded);
+	if (php_openssl_write_rand_file(randfile, egdsocket, seeded) == FAILURE) {
+		php_error_docref(NULL, E_WARNING, "Failed to write to RANDFILE");
+	}
 	EVP_PKEY_free(params);
 	EVP_PKEY_CTX_free(ctx);
 	return key;