# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1617216197 -10800
# Node ID 0f8565e0fc76e2d5ca90e2929e40fd3fb3bdcb1b
# Parent  f1986657fc26fad65c7d1568fd0e929aab4920a8
QUIC: HKDF API compatibility with OpenSSL master branch.

OpenSSL 3.0 started to require HKDF-Extract output PRK length pointer
used to represent the amount of data written to contain the length of
the key buffer before the call.  EVP_PKEY_derive() documents this.

See HKDF_Extract() internal implementation update in this change:
https://github.com/openssl/openssl/commit/5a285ad

diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -165,6 +165,7 @@ ngx_quic_keys_set_initial_secret(ngx_poo
 
     cipher = EVP_aes_128_gcm();
     digest = EVP_sha256();
+    is_len = SHA256_DIGEST_LENGTH;
 
     if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
                          (version & 0xff000000) ? salt29 : salt, sizeof(salt))
@@ -968,6 +969,7 @@ ngx_quic_derive_key(ngx_log_t *log, cons
     uint8_t        info[20];
 
     digest = EVP_sha256();
+    is_len = SHA256_DIGEST_LENGTH;
 
     if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
                          salt->data, salt->len)