ext/openssl: Check that loading/writing to RANDFILE succeeds

Girgias · Girgias · commit 0df4f1af002e · 2025-08-04T16:30:55.000+01:00
diff --git a/ext/openssl/openssl_backend_common.c b/ext/openssl/openssl_backend_common.c
@@ -1452,7 +1452,10 @@ EVP_PKEY *php_openssl_generate_private_key(struct php_x509_request * req)
 
 	int egdsocket, seeded;
 	char *randfile = php_openssl_conf_get_string(req->req_config, req->section_name, "RANDFILE");
-	php_openssl_load_rand_file(randfile, &egdsocket, &seeded);
+	if (php_openssl_load_rand_file(randfile, &egdsocket, &seeded) == FAILURE) {
+		php_error_docref(NULL, E_WARNING, "Failed to load RANDFILE");
+		return NULL;
+	}
 
 	EVP_PKEY *key = NULL;
 	EVP_PKEY *params = NULL;
@@ -1543,7 +1546,9 @@ EVP_PKEY *php_openssl_generate_private_key(struct php_x509_request * req)
 	req->priv_key = key;
 
 cleanup:
-	php_openssl_write_rand_file(randfile, egdsocket, seeded);
+	if (php_openssl_write_rand_file(randfile, egdsocket, seeded) == FAILURE) {
+		php_error_docref(NULL, E_WARNING, "Failed to write to RANDFILE");
+	}
 	EVP_PKEY_free(params);
 	EVP_PKEY_CTX_free(ctx);
 	return key;
