TROVE-2021-004: Incorrect error check on RAND_bytes() call
Reported by Jann Horn at Google.
##### incorrect status code check in crypto_rand_unmocked() #####
crypto_rand_unmocked() calls RAND_bytes(), then checks whether that
worked by asserting that `r >= 0`. However,
https://www.openssl.org/docs/man1.0.2/man3/RAND_bytes.html documents
that RAND_bytes() can return 1 (success), 0 (most errors) or -1
(operation not supported). This means that most errors are not
detected.
This seems to have been introduced in
https://gitweb.torproject.org/tor.git/commit/?h=dedea28c2ef59eb86f5d9704e5609ae13fa8b3c2
(from 2015, intended as a refactor).