Add openssl_tpm_engine 0.4.1, is a OpenSSL TPM engine.

Obtained from: http://bsssd.sourceforge.net/
author: nork <nork@FreeBSD.org> 2010-11-07 20:11:13 +0800
committer: nork <nork@FreeBSD.org> 2010-11-07 20:11:13 +0800
commit: cfe8fc664dad077602a36d8cde45401a8e32277a (patch)
tree: 96076659cc9dd98bc4e1c233f81a098d55b34d2f
parent: 76eb40af8474fe8a9568a47f5b48c0a0b9c42b82 (diff)
download: freebsd-ports-gnome-cfe8fc664dad077602a36d8cde45401a8e32277a.tar.gz
freebsd-ports-gnome-cfe8fc664dad077602a36d8cde45401a8e32277a.tar.zst
freebsd-ports-gnome-cfe8fc664dad077602a36d8cde45401a8e32277a.zip
10 files changed, 524 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index f30ed7acf4c2..694b4f4e176e 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -345,6 +345,7 @@
     SUBDIR += openssh-askpass
     SUBDIR += openssh-portable
     SUBDIR += openssl
+    SUBDIR += openssl_tpm_engine
     SUBDIR += openvas-client
     SUBDIR += openvas-libnasl
     SUBDIR += openvas-libraries
diff --git a/security/openssl_tpm_engine/Makefile b/security/openssl_tpm_engine/Makefile
new file mode 100644
index 000000000000..02e6dfa6243b
--- /dev/null
+++ b/security/openssl_tpm_engine/Makefile
@@ -0,0 +1,41 @@
+# New ports collection makefile for:	openssl_tpm_engine
+# Date created:				18 Sep 2007
+# Whom:					Sebastian Schuetz <sschuetz@fhm.edu>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	openssl_tpm_engine
+PORTVERSION=	0.4.1
+CATEGORIES=	security
+MASTER_SITES=	SF/trousers/OpenSSL%20TPM%20Engine/${PORTVERSION}
+
+MAINTAINER=	nork@freebsd.org
+COMMENT=	OpenSSL TPM engine
+
+RUN_DEPENDS=	${LOCALBASE}/sbin/tcsd:${PORTSDIR}/security/trousers
+LIB_DEPENDS=	tspi.2:${PORTSDIR}/security/trousers
+
+USE_GMAKE=	YES
+GNU_CONFIGURE=	YES
+MAKE_JOBS_SAFE=	YES
+USE_AUTOTOOLS=	autoconf:268 libtool:22
+CONFIGURE_ENV=	LDFLAGS="-L${LOCALBASE}/lib"
+
+SUB_FILES=	pkg-message
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+.include <bsd.port.pre.mk>
+CFLAGS+=	-I${LOCALBASE}/include
+
+post-patch:
+	@${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/openssl.cnf.sample
+
+post-install:
+	@[ -d ${EXAMPLESDIR} ] || ${MKDIR} ${EXAMPLESDIR}
+	@${INSTALL_DATA} ${WRKSRC}/openssl.cnf.sample ${EXAMPLESDIR}
+	@${CAT}	${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/security/openssl_tpm_engine/distinfo b/security/openssl_tpm_engine/distinfo
new file mode 100644
index 000000000000..63a7efe1946d
--- /dev/null
+++ b/security/openssl_tpm_engine/distinfo
@@ -0,0 +1,2 @@
+SHA256 (openssl_tpm_engine-0.4.1.tar.gz) = 01d1244f1985d5ba1720a64d04de9080acd9b1c08cc04a2f1b7beb6850deae67
+SIZE (openssl_tpm_engine-0.4.1.tar.gz) = 648249
diff --git a/security/openssl_tpm_engine/files/patch-e_tpm.c b/security/openssl_tpm_engine/files/patch-e_tpm.c
new file mode 100644
index 000000000000..03f31cd1a973
--- /dev/null
+++ b/security/openssl_tpm_engine/files/patch-e_tpm.c
@@ -0,0 +1,373 @@
+http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com
+http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.camel%40macbook.infradead.org
+
+--- e_tpm.c.orig	2007-02-06 05:32:10.000000000 +0900
++++ e_tpm.c	2010-11-01 00:13:51.370858197 +0900
+@@ -35,9 +35,6 @@
+ #include <openssl/bn.h>
+ 
+ #include <tss/platform.h>
+-#include <tss/tcpa_defines.h>
+-#include <tss/tcpa_typedef.h>
+-#include <tss/tcpa_struct.h>
+ #include <tss/tss_defines.h>
+ #include <tss/tss_typedef.h>
+ #include <tss/tss_structs.h>
+@@ -45,6 +42,7 @@
+ #include <tss/tspi.h>
+ 
+ #include <trousers/trousers.h>  // XXX DEBUG
++#include <trousers/tss.h>  // XXX DEBUG
+ 
+ #include "e_tpm.h"
+ 
+@@ -77,6 +75,11 @@
+ static const char *TPM_F_Policy_SetSecret = "Tspi_Policy_SetSecret";
+ static const char *TPM_F_Policy_AssignToObject = "Tspi_Policy_AssignToObject";
+ 
++/* Added by c.hol...@sirrix.com */
++static const char *TPM_F_PcrComposite_SelectPcrIndex = "Tspi_PcrComposite_SelectPcrIndex";
++static const char *TPM_F_TPM_Quote = "Tspi_TPM_Quote";
++static const char *TPM_F_NV_ReadValue = "Tspi_NV_ReadValue";
++
+ /* engine specific functions */
+ static int tpm_engine_destroy(ENGINE *);
+ static int tpm_engine_init(ENGINE *);
+@@ -106,6 +109,8 @@
+ #define TPM_CMD_SO_PATH		ENGINE_CMD_BASE
+ #define TPM_CMD_PIN		ENGINE_CMD_BASE+1
+ #define TPM_CMD_SECRET_MODE	ENGINE_CMD_BASE+2
++#define TPM_CMD_QUOTE		ENGINE_CMD_BASE+3
++
+ static const ENGINE_CMD_DEFN tpm_cmd_defns[] = {
+ 	{TPM_CMD_SO_PATH,
+ 	 "SO_PATH",
+@@ -119,6 +124,10 @@
+ 	 "SECRET_MODE",
+ 	 "The TSS secret mode for all secrets",
+ 	 ENGINE_CMD_FLAG_NUMERIC},
++	{TPM_CMD_QUOTE,
++	 "QUOTE",
++	 "Perform a TPM_Quote() with the given structure",
++	 ENGINE_CMD_FLAG_NUMERIC},
+ 	{0, NULL, NULL, 0}
+ };
+ 
+@@ -201,6 +210,11 @@
+ static unsigned int (*p_tspi_Policy_SetSecret)();
+ static unsigned int (*p_tspi_Policy_AssignToObject)();
+ 
++/* Added by c.hol...@sirrix.com */
++static unsigned int (*p_tspi_PcrComposite_SelectPcrIndex)();
++static unsigned int (*p_tspi_TPM_Quote)();
++static unsigned int (*p_tspi_NV_ReadValue)();
++
+ /* This internal function is used by ENGINE_tpm() and possibly by the
+  * "dynamic" ENGINE support too */
+ static int bind_helper(ENGINE * e)
+@@ -255,6 +269,9 @@
+ 	UINT32 authusage;
+ 	BYTE *auth;
+ 
++	/* Added by c.hol...@sirrix.com */
++	BYTE well_known[TPM_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
++
+ 	if (hSRK != NULL_HKEY) {
+ 		DBGFN("SRK is already loaded.");
+ 		return 1;
+@@ -300,25 +317,33 @@
+ 		return 0;
+ 	}
+ 
+-	if ((auth = calloc(1, 128)) == NULL) {
+-		TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
+-		return 0;
+-	}
+-
+-	if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ")) {
+-		p_tspi_Context_CloseObject(hContext, hSRK);
+-		free(auth);
+-		TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
+-	}
++	/* c.hol...@sirrix.com: If the UI method is NULL, use TSS_WELL_KNOWN_SECRET */
++	if (ui) {
++		if ((auth = calloc(1, 128)) == NULL) {
++			TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
++			return 0;
++		}
+ 
+-	/* secret_mode is a global that may be set by engine ctrl
+-	 * commands.  By default, its set to TSS_SECRET_MODE_PLAIN */
+-	if ((result = p_tspi_Policy_SetSecret(hSRKPolicy, secret_mode,
+-					      strlen((char *)auth), auth))) {
+-		p_tspi_Context_CloseObject(hContext, hSRK);
+-		free(auth);
+-		TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
+-		return 0;
++		if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ")) {
++			p_tspi_Context_CloseObject(hContext, hSRK);
++			free(auth);
++			TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
++		}
++		/* secret_mode is a global that may be set by engine ctrl
++		 * commands.  By default, its set to TSS_SECRET_MODE_PLAIN */
++		if ((result = p_tspi_Policy_SetSecret(hSRKPolicy, secret_mode,
++						      strlen((char *)auth), auth))) {
++			p_tspi_Context_CloseObject(hContext, hSRK);
++			free(auth);
++			TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
++			return 0;
++		}
++	} else {
++		if (result = p_tspi_Policy_SetSecret(hSRKPolicy, TSS_SECRET_MODE_SHA1, 20, well_known)) {
++			p_tspi_Context_CloseObject(hContext, hSRK);
++			TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
++			return 0;
++		}
+ 	}
+ 
+ 	free(auth);
+@@ -363,6 +388,12 @@
+ 	void (*p22) ();
+ 	void (*p23) ();
+ 	void (*p24) ();
++
++	/* Added by c.hol...@sirrix.com */
++	void (*p25) ();
++	void (*p26) ();
++	void (*p27) ();
++
+ 	TSS_RESULT result;
+ 
+ 	DBG("%s", __FUNCTION__);
+@@ -400,6 +431,12 @@
+ 	    !(p21 = DSO_bind_func(tpm_dso, TPM_F_Context_GetTpmObject)) ||
+ 	    !(p22 = DSO_bind_func(tpm_dso, TPM_F_GetAttribUint32)) ||
+ 	    !(p23 = DSO_bind_func(tpm_dso, TPM_F_SetAttribData)) ||
++
++	    /* Added by c.hol...@sirrix.com */
++	    !(p25 = DSO_bind_func(tpm_dso, TPM_F_TPM_Quote)) ||
++	    !(p26 = DSO_bind_func(tpm_dso, TPM_F_PcrComposite_SelectPcrIndex)) ||
++	    !(p27 = DSO_bind_func(tpm_dso, TPM_F_NV_ReadValue)) ||
++
+ 	    !(p24 = DSO_bind_func(tpm_dso, TPM_F_Policy_AssignToObject))
+ 	    ) {
+ 		TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE);
+@@ -432,6 +469,11 @@
+ 	p_tspi_SetAttribData = (unsigned int (*) ()) p23;
+ 	p_tspi_Policy_AssignToObject = (unsigned int (*) ()) p24;
+ 
++	/* Added by c.hol...@sirrix.com */
++	p_tspi_TPM_Quote = (unsigned int (*) ()) p25;
++	p_tspi_PcrComposite_SelectPcrIndex = (unsigned int (*) ()) p26;
++	p_tspi_NV_ReadValue = (unsigned int (*) ()) p27;
++
+ 	if ((result = p_tspi_Context_Create(&hContext))) {
+ 		TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE);
+ 		goto err;
+@@ -487,6 +529,11 @@
+ 	p_tspi_TPM_StirRandom = NULL;
+ 	p_tspi_TPM_GetRandom = NULL;
+ 
++	/* Added by c.hol...@sirrix.com */
++	p_tspi_TPM_Quote = NULL;
++	p_tspi_PcrComposite_SelectPcrIndex = NULL;
++	p_tspi_NV_ReadValue = NULL;
++
+ 	return 0;
+ }
+ 
+@@ -612,6 +659,55 @@
+ 	return 1;
+ }
+ 
++/*
++ *	Read a keyblob from NVRAM into an OpenSSL memory BIO
++ *		by Christian Holler (c.hol...@sirrix.com), Sirrix AG
++ */
++int BIO_from_nvram(unsigned int index, unsigned int length, BIO** bio)
++{
++	TSS_RESULT result;
++	TSS_HNVSTORE hNVStore;
++	BYTE *dataRead = NULL;
++
++	//unsigned int blobLength = 559;
++
++	BIO *mem = BIO_new(BIO_s_mem());
++
++	/* Create TPM NV object */
++	result = p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,
++				  &hNVStore);
++	
++	if (result != TSS_SUCCESS) {
++		TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
++		       TPM_R_REQUEST_FAILED);
++		return 0;
++	}
++	
++	/* Set the index to be read */
++	result = p_tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,
++			     (UINT32) index);
++
++	if (result != TSS_SUCCESS) {
++		TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
++		       TPM_R_REQUEST_FAILED);
++		return 0;
++	}
++
++	result = p_tspi_NV_ReadValue(hNVStore, 0, &length, &dataRead);
++	BIO_write(mem, dataRead, length);
++	p_tspi_Context_FreeMemory(hContext, dataRead);
++
++	if (result != TSS_SUCCESS ) {
++		TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
++		       TPM_R_REQUEST_FAILED);
++		return 0;
++	}
++
++	*bio = mem;
++
++	return 1;
++}
++
+ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id,
+ 				     UI_METHOD *ui, void *cb_data)
+ {
+@@ -627,7 +723,7 @@
+ 
+ 	DBG("%s", __FUNCTION__);
+ 
+-	if (!key_id) {
++	if (!key_id && !cb_data) {
+ 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER);
+ 		return NULL;
+ 	}
+@@ -637,10 +733,21 @@
+ 		return NULL;
+ 	}
+ 
+-	if ((bf = BIO_new_file(key_id, "r")) == NULL) {
+-		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
+-		       TPM_R_FILE_NOT_FOUND);
+-		return NULL;
++	if (cb_data) {
++		struct nvram_request *nvreq = cb_data;
++
++		if (!BIO_from_nvram(nvreq->index, nvreq->length, &bf)) {
++			TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
++				TPM_R_NVRAM_FAILED);
++			return NULL;
++		}
++	} else {
++
++		if ((bf = BIO_new_file(key_id, "r")) == NULL) {
++			TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
++			       TPM_R_FILE_NOT_FOUND);
++			return NULL;
++		}
+ 	}
+ retry:
+ 	if ((rc = BIO_read(bf, &blob_buf[0], 4096)) < 0) {
+@@ -746,6 +853,8 @@
+ 		return NULL;
+ 	}
+ 
++	EVP_PKEY_assign_RSA(pkey, rsa);
++
+ 	return pkey;
+ }
+ 
+@@ -782,6 +891,70 @@
+ 	return 1;
+ }
+ 
++static int tpm_quote(void* p) {
++	TSS_RESULT result;
++	TSS_HPCRS hPcrComposite;
++	TSS_VALIDATION tssVal;
++	
++	unsigned int i = 0;
++
++	struct quote_request *request = p;
++
++	struct rsa_app_data *app_data = RSA_get_ex_data(request->rsa, ex_app_data);
++
++	/* No app_data, this is not a TPM Key and we cannot use it for quote */
++	if (!app_data) {
++		return 0;
++	}
++
++	/* Key is invalid */
++	if (app_data->hKey == NULL_HKEY) {
++		TSSerr(TPM_F_TPM_QUOTE, TPM_R_INVALID_KEY);
++		return 0;
++	}
++
++	/* Set up PcrComposite Structure, this is a set 
++	 * of PCRs which will be used for the quote */
++	result =
++		p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS,
++				TSS_PCRS_STRUCT_INFO, &hPcrComposite);
++	if (result != TSS_SUCCESS) {
++		TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED);
++		return 0;
++	}
++
++	/* Add all PCR values to be used to PcrComposite structure */
++	for (i = 0; i < request->PCRSelLength; i++) {
++		if (request->PCRSel[i]) {
++			result = p_tspi_PcrComposite_SelectPcrIndex(hPcrComposite, i);
++
++			if (result != TSS_SUCCESS) {
++				TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED);
++				return 0;
++			}
++		}
++	}
++
++	/* Set the nonce */
++	tssVal.rgbExternalData = request->nonce;
++	tssVal.ulExternalDataLength = SHA_DIGEST_LENGTH;
++
++	result = p_tspi_TPM_Quote(hTPM, app_data->hKey, hPcrComposite, &tssVal);
++
++	if (result != TSS_SUCCESS) {
++		TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED);
++		return 0;
++	}
++
++	request->rgbData = tssVal.rgbData;
++	request->ulValidationDataLength = tssVal.ulValidationDataLength;
++	request->rgbValidationData = tssVal.rgbValidationData;
++
++	p_tspi_Context_CloseObject(hContext, hPcrComposite);
++
++	return 1;
++}
++
+ static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
+ {
+ 	int initialised = ((tpm_dso == NULL) ? 0 : 1);
+@@ -820,6 +993,8 @@
+ 			return 1;
+ 		case TPM_CMD_PIN:
+ 			return tpm_create_srk_policy(p);
++		case TPM_CMD_QUOTE:
++			return tpm_quote(p);
+ 		default:
+ 			break;
+ 	}
+@@ -1104,7 +1279,12 @@
+ 	}
+ 
+ 	if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) {
+-		if (flen != SHA_DIGEST_LENGTH) {
++		/* c.hol...@sirrix.com: Ugly hack, OpenSSL passes PKCS1v1.5 wrapped hash, 
++		 * original SHA1 is last 20 bytes */
++		if (flen == SHA_DIGEST_LENGTH+15) {
++			from += 15;
++			flen = SHA_DIGEST_LENGTH;
++		} else if (flen != SHA_DIGEST_LENGTH) {
+ 			TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE);
+ 			return 0;
+ 		}
diff --git a/security/openssl_tpm_engine/files/patch-e_tpm.h b/security/openssl_tpm_engine/files/patch-e_tpm.h
new file mode 100644
index 000000000000..034bb5e0a1d9
--- /dev/null
+++ b/security/openssl_tpm_engine/files/patch-e_tpm.h
@@ -0,0 +1,47 @@
+http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com
+
+--- e_tpm.h.orig	2006-08-04 04:22:05.000000000 +0900
++++ e_tpm.h	2010-10-31 23:46:45.913856850 +0900
+@@ -74,6 +74,8 @@
+ #define TPM_F_TPM_FILL_RSA_OBJECT		116
+ #define TPM_F_TPM_ENGINE_GET_AUTH		117
+ #define TPM_F_TPM_CREATE_SRK_POLICY		118
++#define TPM_F_TPM_BIO_FROM_NVRAM		119
++#define TPM_F_TPM_QUOTE				120
+ 
+ /* Reason codes. */
+ #define TPM_R_ALREADY_LOADED			100
+@@ -104,6 +106,7 @@
+ #define TPM_R_ID_INVALID			125
+ #define TPM_R_UI_METHOD_FAILED			126
+ #define TPM_R_UNKNOWN_SECRET_MODE		127
++#define TPM_R_NVRAM_FAILED			128
+ 
+ /* structure pointed to by the RSA object's app_data pointer */
+ struct rsa_app_data
+@@ -115,6 +118,25 @@
+ 	UINT32 sigScheme;
+ };
+ 
++/* Added by c.hol...@sirrix.com */
++struct quote_request
++{
++	RSA* rsa;
++	unsigned int PCRSel[256];
++	unsigned int PCRSelLength;
++	const unsigned char* nonce;
++	unsigned int nonceLen;
++	unsigned char* rgbData;
++	unsigned int ulValidationDataLength;
++	unsigned char* rgbValidationData;
++};
++
++struct nvram_request
++{
++	unsigned int index;
++	unsigned int length;
++};
++
+ #define TPM_ENGINE_EX_DATA_UNINIT		-1
+ #define RSA_PKCS1_OAEP_PADDING_SIZE		(2 * SHA_DIGEST_LENGTH + 2)
+ 
diff --git a/security/openssl_tpm_engine/files/patch-e_tpm_err.c b/security/openssl_tpm_engine/files/patch-e_tpm_err.c
new file mode 100644
index 000000000000..847c6a115388
--- /dev/null
+++ b/security/openssl_tpm_engine/files/patch-e_tpm_err.c
@@ -0,0 +1,20 @@
+http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com
+
+--- e_tpm_err.c.orig	2005-10-06 04:02:16.000000000 +0900
++++ e_tpm_err.c	2010-10-31 23:44:32.217860972 +0900
+@@ -246,6 +246,7 @@
+ 	{ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"},
+ 	{ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"},
+ 	{ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"},
++	{ERR_PACK(0, TPM_F_TPM_BIO_FROM_NVRAM, 0), "TPM_BIO_FROM_NVRAM"},
+ 	{0, NULL}
+ };
+ 
+@@ -276,6 +277,7 @@
+ 	{TPM_R_FILE_READ_FAILED, "failed reading the key file"},
+ 	{TPM_R_ID_INVALID, "engine id doesn't match"},
+ 	{TPM_R_UI_METHOD_FAILED, "ui function failed"},
++	{TPM_R_NVRAM_FAILED, "nvram failure"},
+ 	{0, NULL}
+ };
+ 
diff --git a/security/openssl_tpm_engine/files/patch-openssl.cnf.sample b/security/openssl_tpm_engine/files/patch-openssl.cnf.sample
new file mode 100644
index 000000000000..b871fe4c1d86
--- /dev/null
+++ b/security/openssl_tpm_engine/files/patch-openssl.cnf.sample
@@ -0,0 +1,11 @@
+--- openssl.cnf.sample.orig	2005-09-30 00:02:58.000000000 +0900
++++ openssl.cnf.sample	2010-11-07 00:53:39.968569790 +0900
+@@ -18,7 +18,7 @@
+ foo = tpm_section
+ 
+ [tpm_section]
+-dynamic_path = /usr/local/ssl/lib/engines/libtpm.so
++dynamic_path = %%PREFIX%%/lib/openssl/engines/libtpm.so
+ engine_id = tpm
+ default_algorithms = ALL
+ #default_algorithms = RAND,RSA
diff --git a/security/openssl_tpm_engine/files/pkg-message.in b/security/openssl_tpm_engine/files/pkg-message.in
new file mode 100644
index 000000000000..4947c3aa6917
--- /dev/null
+++ b/security/openssl_tpm_engine/files/pkg-message.in
@@ -0,0 +1,17 @@
+A sample openssl.cnf was copied to
+	%%PREFIX%%/share/examples/tpm/openssl.cnf.sample
+
+To use 'tpm' openssl engine, please add above sample configuration
+to /etc/ssl/openssl.cnf.
+
+If you setup tpm engine to openssl.cnf, please start always tcsd
+daemon (ports/security/trousers), or many applications using openssl
+like sshd/httpd doesn't work soon / you get following messages like:
+
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Auto configuration failed
+65738:error:80066070:tpm engine:TPM_ENGINE_INIT:unit failure:e_tpm.c:484:
+65738:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_table.c:161:
+65738:error:260BC065:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_cnf.c:204:section=tpm_section, name=default_algorithms, value=ALL
+65738:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_mod.c:235:module=engines, value=engine_section, retcode=-1      
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/security/openssl_tpm_engine/pkg-descr b/security/openssl_tpm_engine/pkg-descr
new file mode 100644
index 000000000000..d66288fd837d
--- /dev/null
+++ b/security/openssl_tpm_engine/pkg-descr
@@ -0,0 +1,3 @@
+This package contains 2 sets of code, a command-line utility used to
+generate a TSS key blob and write it to disk and an OpenSSL engine
+which interfaces with the TSS API.
diff --git a/security/openssl_tpm_engine/pkg-plist b/security/openssl_tpm_engine/pkg-plist
new file mode 100644
index 000000000000..c582078ae570
--- /dev/null
+++ b/security/openssl_tpm_engine/pkg-plist
@@ -0,0 +1,9 @@
+bin/create_tpm_key
+lib/openssl/engines/libtpm.a
+lib/openssl/engines/libtpm.la
+lib/openssl/engines/libtpm.so
+lib/openssl/engines/libtpm.so.0
+%%EXAMPLESDIR%%/openssl.cnf.sample
+@dirrm lib/openssl/engines
+@dirrm lib/openssl
+@dirrm %%EXAMPLESDIR%%
author	nork <nork@FreeBSD.org>	2010-11-07 20:11:13 +0800
committer	nork <nork@FreeBSD.org>	2010-11-07 20:11:13 +0800
commit	cfe8fc664dad077602a36d8cde45401a8e32277a (patch)
tree	96076659cc9dd98bc4e1c233f81a098d55b34d2f
parent	76eb40af8474fe8a9568a47f5b48c0a0b9c42b82 (diff)
download	freebsd-ports-gnome-cfe8fc664dad077602a36d8cde45401a8e32277a.tar.gz freebsd-ports-gnome-cfe8fc664dad077602a36d8cde45401a8e32277a.tar.zst freebsd-ports-gnome-cfe8fc664dad077602a36d8cde45401a8e32277a.zip