From 443dcdad5f9ff842777b5b94a596b219771ae2d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michele=20Orr=C3=B9?= <m@orru.net>
Date: Tue, 22 Oct 2024 15:33:26 +0200
Subject: [PATCH] ROS Audit: fix for sec. 3.2.

---
 nimue/src/plugins/ark/common.rs | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/nimue/src/plugins/ark/common.rs b/nimue/src/plugins/ark/common.rs
index 884c167..df7bd91 100644
--- a/nimue/src/plugins/ark/common.rs
+++ b/nimue/src/plugins/ark/common.rs
@@ -227,18 +227,24 @@ where
     R: CryptoRng + rand::RngCore,
 {
     fn fill_challenge_bytes(&mut self, output: &mut [u8]) -> Result<(), IOPatternError> {
-        let len_good = usize::min(
-            crate::plugins::random_bytes_in_random_modp(Fp::<C, N>::MODULUS),
-            output.len(),
-        );
-        let len = crate::plugins::bytes_modp(Fp::<C, N>::MODULUS_BIT_SIZE);
-        let mut tmp = [Fp::from(0); 1];
-        let mut buf = vec![0u8; len];
-        self.fill_challenge_units(&mut tmp)?;
-        tmp[0].serialize_compressed(&mut buf).unwrap();
+        if output == &[] {
+            Ok(())
+        } else {
+            let len_good = usize::min(
+                crate::plugins::random_bytes_in_random_modp(Fp::<C, N>::MODULUS),
+                output.len(),
+            );
+            let len = crate::plugins::bytes_modp(Fp::<C, N>::MODULUS_BIT_SIZE);
+            let mut tmp = [Fp::from(0); 1];
+            let mut buf = vec![0u8; len];
+            self.fill_challenge_units(&mut tmp)?;
+            tmp[0].serialize_compressed(&mut buf).unwrap();
 
-        output[..len_good].copy_from_slice(&buf[..len_good]);
-        Ok(())
+            output[..len_good].copy_from_slice(&buf[..len_good]);
+
+            // recursively fill the rest of the buffer
+            self.fill_challenge_bytes(&mut output[len_good..])
+        }
     }
 }