From: Sean Khan <redacted>
Date: Wed, 24 Apr 2024 22:02:02 +0000 (-0400)
Subject: nginx: QUIC: Fix SSL 3.0 deprecated function
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=97082f12a6de70625e21bc22fe2d0c1f65797f52;p=openwrt-packages.git

nginx: QUIC: Fix SSL 3.0 deprecated function

`EVP_CIPHER_CTX_cipher()` function was deprecated in OpenSSL 3.0.
As per OpenSSL's recommendation (https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_get0_cipher.html)
switch to using `EVP_CIPHER_CTX_get0_cipher()` instead.

With this change and recent commit to nginx-util #23935. We should now
be able to build nginx + modules with fully compliant calls to OpenSSL
3.0+ with legacy features disabled.

Signed-off-by: Sean Khan <redacted>
Link: https://github.com/openwrt/packages/pull/24005
Signed-off-by: Christian Marangi <redacted>
---

diff --git a/net/nginx/Makefile b/net/nginx/Makefile
index 9c7c36b8c..3135fab7e 100644
--- a/net/nginx/Makefile
+++ b/net/nginx/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nginx
 PKG_VERSION:=1.25.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://nginx.org/download/
diff --git a/net/nginx/patches/nginx/300-fix-deprecated-openssl-3_0.patch b/net/nginx/patches/nginx/300-fix-deprecated-openssl-3_0.patch
new file mode 100644
index 000000000..6055df490
--- /dev/null
+++ b/net/nginx/patches/nginx/300-fix-deprecated-openssl-3_0.patch
@@ -0,0 +1,12 @@
+--- a/src/event/quic/ngx_event_quic_protection.c
++++ b/src/event/quic/ngx_event_quic_protection.c
+@@ -510,7 +510,7 @@ ngx_quic_crypto_common(ngx_quic_secret_t
+         }
+     }
+ 
+-    if (EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(ctx)) == EVP_CIPH_CCM_MODE
++    if (EVP_CIPHER_mode(EVP_CIPHER_CTX_get0_cipher(ctx)) == EVP_CIPH_CCM_MODE
+         && EVP_CipherUpdate(ctx, NULL, &len, NULL, in->len) != 1)
+     {
+         ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed");
+