OpenSSL backend: incorrect RAND_load_file() return value check

[botovq]

Description

OpenSSL documents the return value of RAND_load_file() as

RETURN VALUES
     RAND_load_file() returns the number of bytes read or -1 on error.

(from code inspection this happens to be correct).

The error check in php_openssl_load_rand_file() will however interpret an error as success. People relying on seeding the PRNG might therefore proceed without having added any entropy to the pool. These days the RAND(7) of OpenSSL is claimed to be robust enough without explicit seeding, so there should be no security impact to this, but it would probably still be good to fix it since it goes against expectations:

php-src/ext/openssl/openssl_backend_common.c

Lines 443 to 452 in 4a98b36

	if (file == NULL || !RAND_load_file(file, -1)) {
	if (RAND_status() == 0) {
	php_openssl_store_errors();
	php_error_docref(NULL, E_WARNING, "Unable to load random state; not enough random data!");
	return FAILURE;
	}
	return FAILURE;
	}
	*seeded = 1;
	return SUCCESS;

PHP Version

PHP 8.4

Operating System

No response

[nielsdos]

You appear to be correct, as that's also what my static analyzer inferred (albeit on an older openssl version) (https://raw.githubusercontent.com/csl-ugent/ESSS/refs/heads/main/evaluation/my-openssl-output, CTRL+F for RAND_load_file).
Feel free to open a PR.

[nielsdos]

Same issue for RAND_write_file btw