Get the MAC secret size from the cipher, rather than reaching into libssl internals. This effectively takes the OpenSSL 1.1 code path instead of the OpenSSL 1.0 code path, and will allow for further libssl clean up.
ok? P.S. There is more functionality that could be enabled for LibreSSL, which is currently being explicitly disabled... Index: Makefile =================================================================== RCS file: /cvs/ports/security/p5-Net_SSLeay/Makefile,v retrieving revision 1.69 diff -u -p -u -p -r1.69 Makefile --- Makefile 18 Mar 2018 16:47:58 -0000 1.69 +++ Makefile 22 Oct 2018 16:14:48 -0000 @@ -3,6 +3,7 @@ COMMENT = perl module for using OpenSSL DISTNAME = Net-SSLeay-1.85 +REVISION = 0 CATEGORIES = security Index: patches/patch-SSLeay_xs =================================================================== RCS file: patches/patch-SSLeay_xs diff -N patches/patch-SSLeay_xs --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-SSLeay_xs 22 Oct 2018 16:14:48 -0000 @@ -0,0 +1,25 @@ +$OpenBSD$ + +Index: SSLeay.xs +--- SSLeay.xs.orig ++++ SSLeay.xs +@@ -5612,7 +5612,8 @@ SSL_get_client_random(s) + + #endif + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL) + + void + SSL_get_server_random(s) +@@ -5643,7 +5644,8 @@ int + SSL_get_keyblock_size(s) + SSL * s + CODE: +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L || \ ++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL) + const SSL_CIPHER *ssl_cipher; + int cipher = NID_undef, digest = NID_undef, mac_secret_size = 0; + const EVP_CIPHER *c = NULL;
