RAND_load_file(): return error if reseeding failed

The failure of RAND_load_file was only noticed because of the
heap corruption which was reported in #7499 and fixed in commit
5b4cb385c18a. To prevent this in the future, RAND_load_file()
now explicitly checks RAND_status() and reports an error if it
fails.

Related-to: #7449
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7456)

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 89720eb5cf6bb16267b1d5b5920ad91faa7512c3..028c1281c0ed947ba4168342c7d2bd1ce705c220 100644 (file)
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -148,6 +148,12 @@ int RAND_load_file(const char *file, long bytes)
 
     OPENSSL_cleanse(buf, sizeof(buf));
     fclose(in);
 
     OPENSSL_cleanse(buf, sizeof(buf));
     fclose(in);

+    if (!RAND_status()) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
+

     return ret;
 }
 
     return ret;
 }