Hi Andrew,

>> So is this just a UCS2BE conversion?  If so, then using l_utf8_to_ucs2be might
>> be clearer.
> 
> Basically yes.  But with l_utf8_to_ucs2be this will look something like:
> 
>    uint8_t *usc2;
> 
>    if (!l_utf8_validate(utf))
>      return false;

You'll potentially need this step in either version actually. 
utf8_get_codepoint isn't really enough to tell whether the entire string is 
valid utf8.  Where is the password coming from?

Also, I would think you'd pre-validate utf8 validity before ever getting to this 
point?

> 
>    ucs2 = l_utf8_to_ucs2be(utf, out_len);
>    if (!str)
>      return false;
> 
>    memcpy(out_buf, ucs2, *out_len);
>    explicit_bzero(ucs2);
>    l_free(ucs2);
> 
> I can do that but it seems we're doing less work without using
> l_utf8_to_ucs2be here.

You could add an own buffer version of utf8_to_ucs2be.  But even this memcpy 
version seems to be cleaner than open-coding it.

Regards,
-Denis