RAND_load_file(): return error if reseeding failed

The failure of RAND_load_file was only noticed because of the heap corruption which was reported in #7499 and fixed in commit 5b4cb385c18a. To prevent this in the future, RAND_load_file() now explicitly checks RAND_status() and reports an error if it fails. Related-to: #7449 Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7456)

RAND_load_file(): return error if reseeding failed
The failure of RAND_load_file was only noticed because of the heap corruption which was reported in #7499 and fixed in commit 5b4cb385c18a. To prevent this in the future, RAND_load_file() now explicitly checks RAND_status() and reports an error if it fails. Related-to: #7449 Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7456)
13ce8625 · Dr. Matthias St. Pierre · 85299451 · 13ce8625
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

crypto/rand/randfile.c crypto/rand/randfile.c +6 -0

未找到文件。
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -148,6 +148,12 @@ int RAND_load_file(const char *file, long bytes)

    OPENSSL_cleanse(buf, sizeof(buf));
    fclose(in);
+    if (!RAND_status()) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
+
    return ret;
 }