test: add hkdf_add1 test

The EVP_PKEY_CTX_add1_hkdf_info implementation had a bug in the past
which made it behave like a set instead of add function. When linking
against external builds warn about it. The libnvme implementation works
around this problem, but it's better to have this logged during the
configure step, so there is chance to debug this.

Signed-off-by: Daniel Wagner <[email protected]>

Author: igaw

meson.build

@@ -252,6 +252,22 @@ else
   conf.set('fallthrough', 'do {} while (0) /* fallthrough */')
 endif
 
+if openssl_dep.found()
+  if openssl_dep.type_name() != 'internal'
+    # Check for a bug in the EVP_PKEY_CTX_add1_hkdf_info implementation
+    res = cc.run(
+        files('test/hkdf_add1.c'),
+        dependencies: [openssl_dep],
+        name: 'check hkdf_add1'
+    )
+    if res.returncode() == 1
+      warning('EVP_PKEY_CTX_add1_hkdf_info bahaves incorrectly')
+    else
+      message('EVP_PKEY_CTX_add1_hkdf_info behaves sanely')
+    endif
+  endif
+endif
+
 ################################################################################
 substs = configuration_data()
 substs.set('NAME',    meson.project_name())

test/hkdf_add1.c

@@ -0,0 +1,91 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
+/**
+ * This file is part of libnvme.
+ * Copyright (c) 2025 SUSE LLC.
+ *
+ * Authors: Daniel Wagner <[email protected]>
+ */
+
+#include <openssl/core_names.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/kdf.h>
+#include <openssl/params.h>
+#include <stdio.h>
+#include <string.h>
+
+#define SHA256_LEN 32
+
+static EVP_PKEY_CTX *setup_ctx(void)
+{
+	EVP_PKEY_CTX *ctx = NULL;
+	const char *salt = "salt";
+	const char *key = "key";
+
+	ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+	if (!ctx)
+		return NULL;
+	if (EVP_PKEY_derive_init(ctx) <= 0)
+		goto free_ctx;
+	if (EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()) <= 0)
+		goto free_ctx;
+	if (EVP_PKEY_CTX_set1_hkdf_salt(ctx,
+			(unsigned char *)salt, strlen(salt)) <= 0)
+		goto free_ctx;
+	if (EVP_PKEY_CTX_set1_hkdf_key(ctx,
+			(unsigned char *)key, strlen(key)) <= 0)
+		goto free_ctx;
+
+	return ctx;
+
+free_ctx:
+	EVP_PKEY_CTX_free(ctx);
+	return NULL;
+}
+
+int main(void)
+{
+	unsigned char out[SHA256_LEN], out2[SHA256_LEN];
+	size_t len = sizeof(out);
+	const char *a = "a";
+	const char *b = "b";
+	EVP_PKEY_CTX *ctx;
+
+	/* out = A + B */
+	ctx = setup_ctx();
+	if (!ctx)
+		return 1;
+	if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
+			(unsigned char *)a, strlen(a)) <= 0)
+		goto free_ctx;
+	if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
+			(unsigned char *)b, strlen(b)) <= 0)
+		goto free_ctx;
+	if (EVP_PKEY_derive(ctx, out, &len) <= 0)
+		goto free_ctx;
+	EVP_PKEY_CTX_free(ctx);
+
+	/* out = B */
+	ctx = setup_ctx();
+	if (!ctx)
+		return 1;
+	if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
+			(unsigned char *)b, strlen(b)) <= 0)
+		goto free_ctx;
+	if (EVP_PKEY_derive(ctx, out2, &len) <= 0)
+		goto free_ctx;
+	EVP_PKEY_CTX_free(ctx);
+
+	printf("EVP_PKEY_CTX_add1_hkdf_info behavior: ");
+	if (!memcmp(out, out2, len)) {
+		printf("set\n");
+		return 1;
+	}
+
+	printf("add\n");
+	return 0;
+
+free_ctx:
+	EVP_PKEY_CTX_free(ctx);
+	return 1;
+}

test/meson.build

@@ -131,3 +131,11 @@ if json_c_dep.found()
     subdir('sysfs')
     subdir('config')
 endif
+
+if openssl_dep.found()
+  hkdf_add1 = executable(
+      'hkdf_add1',
+      ['hkdf_add1.c'],
+      dependencies: openssl_dep,
+  )
+endif