OpenSSL 3.0 started to require HKDF-Extract output PRK length pointer
used to represent the amount of data written to contain the length of
the key buffer before the call. EVP_PKEY_derive() documents this.
See HKDF_Extract() internal implementation update in this change:
https://github.com/openssl/openssl/commit/
5a285ad
cipher = EVP_aes_128_gcm();
digest = EVP_sha256();
+ is_len = SHA256_DIGEST_LENGTH;
if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
(version & 0xff000000) ? salt29 : salt, sizeof(salt))
uint8_t info[20];
digest = EVP_sha256();
+ is_len = SHA256_DIGEST_LENGTH;
if (ngx_hkdf_extract(is, &is_len, digest, secret->data, secret->len,
salt->data, salt->len)