fix(tpm2_loadexternal): check return value of RAND_bytes

hyperfinitism · hyperfinitism · commit 5ee0c7691241 · 2026-03-07T00:02:59.000+09:00
RAND_bytes() can fail with return code 0 or -1 when the OpenSSL CSPRNG has
not been sufficiently seeded.

If RAND_bytes() fails, seed-&gt;buffer is left uninitialised. This seed value
is stored in ctx.priv.sensitiveArea.seedValue and used in the consistency
checks by TPM.

Check the return value and return tool_rc_general_error on failure so that
the operation is aborted rather than proceeding with a bad seed.

Signed-off-by: Takuma IMAMURA &lt;209989118+hyperfinitism@users.noreply.github.com&gt;
diff --git a/tools/tpm2_loadexternal.c b/tools/tpm2_loadexternal.c
@@ -284,7 +284,11 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) {
         TPM2B_DIGEST *seed = &ctx.priv.sensitiveArea.seedValue;
         seed->size = tpm2_alg_util_get_hash_size(ctx.pub.publicArea.nameAlg);
         if (seed->size != 0) {
-            RAND_bytes(seed->buffer, seed->size);
+            int rc = RAND_bytes(seed->buffer, seed->size);
+            if (rc != 1) {
+                LOG_ERR("Failed to generate random seed value");
+                return tool_rc_general_error;
+            }
         }
 
         tpm2_openssl_load_rc load_status = tpm2_openssl_load_private(
