Hi Philippe, On Tue, Oct 4, 2022 at 12:07 AM Philippe Mathieu-Daudé <f4bug@xxxxxxxxx> wrote: > > + add_bootloader_randomness(rng_seed, len); > > So we call char/random code with len=0. Is it safe? > Maybe simply safer to check len before calling hex2bin? add_bootloader_randomness() is safe for all input sizes, and is written to be callable with len=0 and have no effect. So this function should be good as-is; there's no need to special case an unlikely instance that's already handled by add_bootloader_randomness(). Jason
