security/openssl-unsafe: Add OpenSSL port for scanning/testing

 - OpenSSL binary and libs for testing and scanning
 - Use with e.g. sslscan or testssl.sh

Differential Revision:	https://reviews.freebsd.org/D9483

1 files changed, 37 insertions, 0 deletions

diff --git a/security/openssl-unsafe/files/patch-RFC-5705 b/security/openssl-unsafe/files/patch-RFC-5705
new file mode 100644
index 000000000000..888e82ab7c7b
--- /dev/null
+++ b/security/openssl-unsafe/files/patch-RFC-5705
@@ -0,0 +1,37 @@
+--- ssl/ssl.h.orig	2017-07-06 01:00:00 UTC
++++ ssl/ssl.h
+@@ -2598,6 +2598,10 @@ const char *SSL_CIPHER_standard_name(con
+ const struct openssl_ssl_test_functions *SSL_test_functions(void);
+ # endif
+ 
++void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
++                           unsigned char *context, int context_len,
++                           unsigned char *out, int olen);
++
+ /* BEGIN ERROR CODES */
+ /*
+  * The following lines are auto generated by the script mkerr.pl. Any changes
+--- ssl/t1_enc.c.orig	2017-07-06 01:00:00 UTC
++++ ssl/t1_enc.c
+@@ -1461,6 +1461,21 @@ int tls1_export_keying_material(SSL *s, 
+     return (rv);
+ }
+ 
++void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
++                           unsigned char *context, int context_len,
++                           unsigned char *out, int olen)
++	{
++	unsigned char tmp[olen];
++	
++	tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
++			 label, label_len,
++			 s->s3->client_random,SSL3_RANDOM_SIZE,
++			 s->s3->server_random,SSL3_RANDOM_SIZE,
++			 context, context_len, NULL, 0,
++			 s->session->master_key, s->session->master_key_length,
++			 out, tmp, olen);
++	}
++
+ int tls1_alert_code(int code)
+ {
+     switch (code) {