fix(tpm2_loadexternal): check return value of RAND_bytes

RAND_bytes() can fail with return code 0 or -1 when the OpenSSL CSPRNG has
not been sufficiently seeded.

If RAND_bytes() fails, seed->buffer is left uninitialised. This seed value
is stored in ctx.priv.sensitiveArea.seedValue and used in the consistency
checks by TPM.

Check the return value and return tool_rc_general_error on failure so that
the operation is aborted rather than proceeding with a bad seed.

Signed-off-by: Takuma IMAMURA <209989118+hyperfinitism@users.noreply.github.com>

Author: hyperfinitism

tools/tpm2_loadexternal.c

@@ -284,7 +284,11 @@ static tool_rc process_inputs(ESYS_CONTEXT *ectx) {
         TPM2B_DIGEST *seed = &ctx.priv.sensitiveArea.seedValue;
         seed->size = tpm2_alg_util_get_hash_size(ctx.pub.publicArea.nameAlg);
         if (seed->size != 0) {
-            RAND_bytes(seed->buffer, seed->size);
+            tmp_rc = RAND_bytes(seed->buffer, seed->size);
+            if (tmp_rc != 1) {
+                LOG_ERR("Failed to generate random seed value");
+                return tool_rc_general_error;
+            }
         }
 
         tpm2_openssl_load_rc load_status = tpm2_openssl_load_private(