From 593fcfbb573ab40a1620e4ba4ce7011fd0eaefcb Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Sun, 19 Mar 2023 12:38:45 -0700
Subject: [PATCH] fscrypt-crypt-util: fix HKDF self-test with latest OpenSSL

In OpenSSL 3.0, EVP_PKEY_derive() fails if the output is zero-length.
Therefore, update test_hkdf_sha512() to not test this case.

This only affects the algorithm self-tests within fscrypt-crypt-util,
which are not compiled by default.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Zorro Lang <zlang@redhat.com>
Signed-off-by: Zorro Lang <zlang@kernel.org>
---
 src/fscrypt-crypt-util.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/fscrypt-crypt-util.c b/src/fscrypt-crypt-util.c
index 087ae09a..81d7d928 100644
--- a/src/fscrypt-crypt-util.c
+++ b/src/fscrypt-crypt-util.c
@@ -975,7 +975,11 @@ static void test_hkdf_sha512(void)
 		size_t ikmlen = 1 + (rand() % sizeof(ikm));
 		size_t saltlen = rand() % (1 + sizeof(salt));
 		size_t infolen = rand() % (1 + sizeof(info));
-		size_t outlen = rand() % (1 + sizeof(actual_output));
+		/*
+		 * Don't test zero-length outputs, since OpenSSL 3.0 and later
+		 * returns an error for those.
+		 */
+		size_t outlen = 1 + (rand() % sizeof(actual_output));
 
 		rand_bytes(ikm, ikmlen);
 		rand_bytes(salt, saltlen);
-- 
2.39.5