Get the MAC secret size from the cipher, rather than reaching into

libssl internals. This effectively takes the OpenSSL 1.1 code path instead of the OpenSSL 1.0 code path, and will allow for further libssl clean up. with and OK jsing@
2018-10-23 19:42:47 +00:00 · 2018-10-23 19:42:47 +00:00 · e2328564b1
commit e2328564b1
parent d984c0b20b
2 changed files with 25 additions and 1 deletions
--- a/security/p5-Net_SSLeay/Makefile
+++ b/security/p5-Net_SSLeay/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.69 2018/03/18 16:47:58 bluhm Exp $
+# $OpenBSD: Makefile,v 1.70 2018/10/23 19:42:47 bluhm Exp $

 COMMENT =	perl module for using OpenSSL

 DISTNAME =	Net-SSLeay-1.85
+REVISION =	0

 CATEGORIES =	security

--- a/security/p5-Net_SSLeay/patches/patch-SSLeay_xs
+++ b/security/p5-Net_SSLeay/patches/patch-SSLeay_xs
@ -0,0 +1,23 @@
+$OpenBSD: patch-SSLeay_xs,v 1.14 2018/10/23 19:42:47 bluhm Exp $
+
+Index: SSLeay.xs
+--- SSLeay.xs.orig
+++ SSLeay.xs
+@@ -5612,7 +5612,7 @@ SSL_get_client_random(s)
+ 
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
+ 
+ void
+ SSL_get_server_random(s)
+@@ -5643,7 +5643,7 @@ int
+ SSL_get_keyblock_size(s)
+      SSL *   s
+      CODE:
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) || (LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
+         const SSL_CIPHER *ssl_cipher;
+ 	int cipher = NID_undef, digest = NID_undef, mac_secret_size = 0;
+ 	const EVP_CIPHER *c = NULL;