On 4/10/22 00:30, Jason A. Donenfeld wrote:
Hi Philippe,
On Tue, Oct 4, 2022 at 12:07 AM Philippe Mathieu-Daudé <f4bug@xxxxxxxxx> wrote:
+ add_bootloader_randomness(rng_seed, len);
So we call char/random code with len=0. Is it safe?
Maybe simply safer to check len before calling hex2bin?
add_bootloader_randomness() is safe for all input sizes, and is
written to be callable with len=0 and have no effect. So this function
should be good as-is; there's no need to special case an unlikely
instance that's already handled by add_bootloader_randomness().
OK, thanks for the clarification.
Phil.
