5 files changed, 74 insertions, 12 deletions
diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog
index 2957289273..344a036d23 100644
--- a/src/lib/crypto/ChangeLog
+++ b/src/lib/crypto/ChangeLog
@@ -1,3 +1,10 @@
+2001-11-19  Sam Hartman  <hartmans@mit.edu>
+
+	* t_prng.reseedtest: New test; description in t_prng.reseedtest-comments
+
+	* t_prng.c (main): If we request 0 bytes of output don't try to
+	get output 
+
 2001-11-15  Sam Hartman  <hartmans@mit.edu>
 
 	* t_prng.c: New file for PRNG tests
diff --git a/src/lib/crypto/t_prng.c b/src/lib/crypto/t_prng.c
index 74fc84a9c4..4da6e0f0be 100644
--- a/src/lib/crypto/t_prng.c
+++ b/src/lib/crypto/t_prng.c
@@ -66,20 +66,22 @@ int main () {
     }
     if (scanf ("%u", &i) == EOF)
       break;
-    assert ((output.data = malloc (i)) != NULL);
-    output.length = i;
-    ret = krb5_c_random_make_octets (0, &output);
-    if (ret)
-      printf ("failed\n");
-    else {
-      for (; i > 0; i--) {
-	printf ("%2x",
-		(unsigned int) ((unsigned char ) output.data[output.length-i]));
+    if (i) {
+      assert ((output.data = malloc (i)) != NULL);
+      output.length = i;
+      ret = krb5_c_random_make_octets (0, &output);
+      if (ret)
+	printf ("failed\n");
+      else {
+	for (; i > 0; i--) {
+	  printf ("%02x",
+		  (unsigned int) ((unsigned char ) output.data[output.length-i]));
+	}
+	printf ("\n");
       }
-      printf ("\n");
+      free (output.data);
+      output.data = NULL;
     }
-    free (output.data);
-    output.data = NULL;
   }
   return (0);
 }
diff --git a/src/lib/crypto/t_prng.reseedtest b/src/lib/crypto/t_prng.reseedtest
new file mode 100644
index 0000000000..5eee0c064b
--- /dev/null
+++ b/src/lib/crypto/t_prng.reseedtest
@@ -0,0 +1,31 @@
+1
+160
+ cb 12 70 40 ee fb 76 2e 32 0d f1 0c a7 a9 36 f8
+ c8 f3 35 4e 0f 51 18 cd 25 0f 48 5b e4 97 aa 4f
+ be 7e 93 af dd 15 29 fc 24 4f 0b 9a 9b 1d ad 7f
+ 32 c8 a6 96 d4 34 aa 83 d2 d7 33 b0 2f aa ba f6
+ cf 8c 78 ad 8a 52 e1 48 e4 7c a7 c5 57 49 31 ea
+ db b7 9b 6b ab 13 f3 12 a5 ec 67 db 1e 83 73 be
+ ca 59 fc ed 29 8c f3 ef ca fd 81 55 fa 91 3b 31
+ da 24 d2 8b c1 a5 c1 3a 9c 50 a6 3c a1 60 31 0f
+ 62 c7 88 9b 1a e9 9f 3c 0f 04 d0 35 11 45 f0 8b
+ 84 a2 26 85 67 f1 e6 2b 34 6b ab 9b 3f c1 a1 0e
+0
+1
+40
+ f4 fc ab 98 45 a0 41 e4 4d 65 9c eb c2 c9 74 a4
+ 55 df 6c 78 78 bc db ae e7 63 b8 a7 33 3b d7 50
+ f6 33 c4 a0 1d 14 45 04
+0
+0
+40
+ 16 80 1d 78 39 4b 3a 27 80 87 08 6c a9 37 59 74
+ 60 f8 fc 37 10 4a 8a c4 d6 3e 6a 41 1a e1 5f 69
+ 92 12 5a e1 3b 86 f1 5d
+0
+0
+40
+ a3 c8 78 4a a0 4d ce 3c 2a 8e 34 bf f7 06 dc d7
+ 92 13 bd 74 45 72 40 b6 1c d6 55 28 47 1e f4 70
+ 74 e4 94 d7 17 a6 7e 3b
+20
diff --git a/src/lib/crypto/t_prng.reseedtest-comments b/src/lib/crypto/t_prng.reseedtest-comments
new file mode 100644
index 0000000000..e50e096024
--- /dev/null
+++ b/src/lib/crypto/t_prng.reseedtest-comments
@@ -0,0 +1,21 @@
+The reseedtest is intended to allow confirmation that if sufficient
+entropy is provided then the PRNG will reseed (well initially seed)
+itself before the first random data is requested.  This test is not
+useful to run in an automated manner because the point is to look at
+internal function call order.
+
+To test this, set a break point at krb5int_yarrow_reseed and
+krb5_c_random_make_octets and run the test.  The reseed function
+should be called with a pool of 1 (YARROW_SLOW_POOL) before
+krb5_c_random_make_octets is called.
+
+A slow reseed should require two sources to reach sufficient entropy.
+Sources  start out sending entropy to fast pool then alternate with
+slow pool.  So this test does the following:
+* Seed source 1
+* Seed source 1 (this time to slow pool)
+* Seed source 0
+* Seed source 0 (to slow pool triggering reseed)
+* Output some random data
+
+
diff --git a/src/lib/crypto/t_prng.reseedtest-expected b/src/lib/crypto/t_prng.reseedtest-expected
new file mode 100644
index 0000000000..aa88933840
--- /dev/null
+++ b/src/lib/crypto/t_prng.reseedtest-expected
@@ -0,0 +1 @@
+8466373deab3992f57e7a96624b26973c7b32c51