Back in commit
d6fab4f6ae209afd6799a2974ce2849123965170, I rearranged
the cryptography to use plain SHA256 rather than RIPEMD160-HMAC for
determining the cipher key for churning the generator state.
I also managed to remove all the points at which the key actually
influences the behaviour of the generator!
This was four years ago, and I can't remember exactly why, but my guess
is that the key was previously inserted as part of `rmd160_macinit',
which was replaced by the unheyed `HASH_INIT' function.
HASH_INIT(&hc);
STORE32(g, r->gen); HASH(&hc, g, sizeof(g));
HASH_INIT(&hc);
STORE32(g, r->gen); HASH(&hc, g, sizeof(g));
+ HASH(&hc, r->k.k, RAND_KEYSZ);
HASH(&hc, r->pool, RAND_POOLSZ);
HASH(&hc, r->buf, RAND_BUFSZ);
HASH_DONE(&hc, h);
HASH(&hc, r->pool, RAND_POOLSZ);
HASH(&hc, r->buf, RAND_BUFSZ);
HASH_DONE(&hc, h);
HASH_INIT(&hc);
STORE32(g, r->gen); HASH(&hc, g, sizeof(g));
HASH_INIT(&hc);
STORE32(g, r->gen); HASH(&hc, g, sizeof(g));
+ HASH(&hc, r->k.k, RAND_KEYSZ);
HASH(&hc, r->pool, RAND_POOLSZ);
HASH(&hc, r->buf, RAND_BUFSZ);
HASH_DONE(&hc, h);
HASH(&hc, r->pool, RAND_POOLSZ);
HASH(&hc, r->buf, RAND_BUFSZ);
HASH_DONE(&hc, h);