From 0f66f08632f0a4d05a23fcdde60400943d56cf28 Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Wed, 25 Mar 2026 20:50:59 +0000 Subject: further clarify intentt Signed-off-by: Leah Rowe --- util/libreboot-utils/lib/rand.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'util') diff --git a/util/libreboot-utils/lib/rand.c b/util/libreboot-utils/lib/rand.c index bb142bdc..7b53b6a4 100644 --- a/util/libreboot-utils/lib/rand.c +++ b/util/libreboot-utils/lib/rand.c @@ -54,6 +54,17 @@ * for example must not rely on weak randomness. * We must therefore treat broken randomness as * though the world is broken, and burn accordingly. + * + * Similarly, any invalid input (NULL, zero bytes + * requested) are treated as fatal errors; again, + * cryptographic code must be reliable. If your + * code erroneously requested zero bytes, you might + * then end up with a non-randomised buffer, where + * you likely intended otherwise. + * + * In other words: call rset() correctly, or your + * program dies, and rset will behave correctly, + * or your program dies. */ void -- cgit v1.2.1