diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index e2af254015..197aa19b85 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -167,6 +167,10 @@ int RAND_load_file(const char *file, long bytes)
         /* If given a bytecount, and we did it, break. */
         if (bytes > 0 && (bytes -= i) <= 0)
             break;
+
+        /* We can hit a signed integer overflow on the next iteration */
+        if (ret > INT_MAX - RAND_LOAD_BUF_SIZE)
+            break;
     }
 
     OPENSSL_cleanse(buf, sizeof(buf));
diff --git a/doc/man3/RAND_load_file.pod b/doc/man3/RAND_load_file.pod
index baca54cb3c..fd00bf883d 100644
--- a/doc/man3/RAND_load_file.pod
+++ b/doc/man3/RAND_load_file.pod
@@ -20,6 +20,8 @@ RAND_load_file() reads a number of bytes from file B<filename> and
 adds them to the PRNG. If B<max_bytes> is nonnegative,
 up to B<max_bytes> are read;
 if B<max_bytes> is -1, the complete file is read.
+RAND_load_file() can read less than the complete file or the requested number
+of bytes if it doesn't fit in the return value type.
 Do not load the same file multiple times unless its contents have
 been updated by RAND_write_file() between reads.
 Also, note that B<filename> should be adequately protected so that an