diff --git a/ChangeLog b/ChangeLog
index 46d73e8e6e9c17f0ac284d2afb7c3345cc9f0836..b69559c61854591e1807816dc176e29f2f151f7c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2008-11-22  Niels M�ller  <nisse@lysator.liu.se>
+
+	* yarrow256.c (yarrow256_fast_reseed): Set ctx->seeded = 1, so
+	that it is set if and only if the aes context has been initialized
+	with aes_set_encrypt_key.
+	(yarrow256_seed): No need to set ctx->seeded here.
+	(yarrow256_update): Likewise.
+
 2008-11-04  Niels M�ller  <nisse@lysator.liu.se>
 
 	* examples/next-prime.c (main): Avoid using gmp_fprintf, to stay
diff --git a/yarrow256.c b/yarrow256.c
index e1ae77c14c331cd2b6032177b87aba1e2c85eadd..0a5f8a091bea6e43b3be608680185d0fae405884 100644
--- a/yarrow256.c
+++ b/yarrow256.c
@@ -108,8 +108,6 @@ yarrow256_seed(struct yarrow256_ctx *ctx,
 
   sha256_update(&ctx->pools[YARROW_FAST], length, seed_file);
   yarrow256_fast_reseed(ctx);
-
-  ctx->seeded = 1;
 }
 
 /* FIXME: Generalize so that it generates a few more blocks at a
@@ -193,6 +191,7 @@ yarrow256_fast_reseed(struct yarrow256_ctx *ctx)
   yarrow_iterate(digest);
 
   aes_set_encrypt_key(&ctx->key, sizeof(digest), digest);
+  ctx->seeded = 1;
 
   /* Derive new counter value */
   memset(ctx->counter, 0, sizeof(ctx->counter));
@@ -294,8 +293,6 @@ yarrow256_update(struct yarrow256_ctx *ctx,
         if (!yarrow256_needed_sources(ctx))
 	  {
 	    yarrow256_slow_reseed(ctx);
-	    ctx->seeded = 1;
-
 	    return 1;
 	  }
 	else