security/openssl_tpm_engine: Remove expired port

2023-07-02 security/openssl_tpm_engine: Requires older openssl and upstream unmaintained since 2017

10 files changed, 1 insertions, 533 deletions

diff --git a/MOVED b/MOVED
index b9479552a3b0..7cb4791c98aa 100644
--- a/MOVED
+++ b/MOVED
@@ -7757,3 +7757,4 @@ print/ghostscript8-x11||2023-06-30|Has expired: Obsolete and unsupported upstrea
 textproc/py-transifex-client|textproc/go-transifex-client|2023-06-30|Has expired: Upstream switched to go based api client (textproc/go-transifex-client)
 devel/google-cloud-cpp117|devel/google-cloud-cpp|2023-07-01|Has expired: Newer version is in the tree
 math/py-gmpy|math/py-gmpy2|2023-07-01|Has expired: EOLd, use math/py-gmpy2 instead
+security/openssl_tpm_engine||2023-07-02|Has expired: Requires older openssl and upstream unmaintained since 2017
diff --git a/security/Makefile b/security/Makefile
index 3665e5951e4d..6993f1a1dbc3 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -417,7 +417,6 @@
     SUBDIR += openssl-unsafe
     SUBDIR += openssl30
     SUBDIR += openssl31
-    SUBDIR += openssl_tpm_engine
     SUBDIR += openvas
     SUBDIR += openvpn
     SUBDIR += openvpn-admin
diff --git a/security/openssl_tpm_engine/Makefile b/security/openssl_tpm_engine/Makefile
deleted file mode 100644
index 587074e17f56..000000000000
--- a/security/openssl_tpm_engine/Makefile
+++ /dev/null
@@ -1,64 +0,0 @@
-PORTNAME=	openssl_tpm_engine
-PORTVERSION=	0.5.0
-DISTVERSIONPREFIX=	v
-PORTREVISION=	2
-CATEGORIES=	security
-
-MAINTAINER=	hrs@FreeBSD.org
-COMMENT=	OpenSSL TPM engine
-WWW=		https://github.com/mgerstner/openssl_tpm_engine
-
-LICENSE=	OpenSSL
-LICENSE_FILE=	${WRKSRC}/LICENSE
-
-DEPRECATED=	Requires older openssl and upstream unmaintained since 2017
-EXPIRATION_DATE=	2023-07-02
-BROKEN_SSL=		openssl30 openssl31
-BROKEN_SSL_REASON=	Requires openssl 1.0.x or 1.1.x
-IGNORE_SSL=		libressl libressl-devel
-IGNORE_SSL_REASON=	Detected LibreSSL (RAND_METHOD structure unsupported)
-
-LIB_DEPENDS=	libtspi.so:security/trousers
-RUN_DEPENDS=	${LOCALBASE}/sbin/tcsd:security/trousers
-
-USES=		autoreconf gmake libtool localbase ssl pkgconfig
-USE_GITHUB=	yes
-USE_LDCONFIG=	yes
-
-GH_ACCOUNT=	mgerstner
-GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--with-openssl="${OPENSSLBASE}" \
-		--with-enginedir="${PREFIX}/lib/openssl/engines"
-SUB_FILES=	pkg-message
-PLIST_FILES=	bin/create_tpm_key
-INSTALL_TARGET=	install-strip
-PORTEXAMPLES=	openssl.cnf.sample
-
-OPTIONS_DEFINE=	EXAMPLES
-
-post-patch:
-	(${CAT} ${OPENSSLINC}/openssl/opensslv.h; \
-	 ${ECHO_CMD} "#if OPENSSL_VERSION_NUMBER < 0x10100000L"; \
-	 ${ECHO_CMD} "lib/openssl/engines/libtpm.so"; \
-	 ${ECHO_CMD} "#else"; \
-	 ${ECHO_CMD} "lib/openssl/engines/tpm.so"; \
-	 ${ECHO_CMD} "#endif"; \
-	) | ${CPP} | ${GREP} -v \# > ${WRKDIR}/.tpmso; \
-	${REINPLACE_CMD} "s|%%TPMSO%%|${PREFIX}/$$(cat ${WRKDIR}/.tpmso)|g" \
-	    ${WRKSRC}/dist/openssl.cnf.sample
-
-.if defined(INSTALL_AS_USER)
-_T=|| ${TRUE}
-.endif
-post-install:
-	(${CAT} ${WRKDIR}/.tpmso; \
-	${ECHO_CMD} "@postexec /usr/sbin/service ldconfig restart > /dev/null ${_T}" >> ${TMPPLIST}; \
-	${ECHO_CMD} "@postunexec /usr/sbin/service ldconfig restart > /dev/null ${_T}" >> ${TMPPLIST}; \
-	) >> ${TMPPLIST}
-
-post-install-EXAMPLES-on:
-	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
-	${INSTALL_DATA} ${WRKSRC}/dist/openssl.cnf.sample \
-	    ${STAGEDIR}${EXAMPLESDIR}
-
-.include <bsd.port.mk>
diff --git a/security/openssl_tpm_engine/distinfo b/security/openssl_tpm_engine/distinfo
deleted file mode 100644
index 9c4d910bf172..000000000000
--- a/security/openssl_tpm_engine/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-TIMESTAMP = 1551568882
-SHA256 (mgerstner-openssl_tpm_engine-v0.5.0_GH0.tar.gz) = 328cc0ce0c1fd816c284efb79234be6157bb995d24a5e8065750f162aa72c060
-SIZE (mgerstner-openssl_tpm_engine-v0.5.0_GH0.tar.gz) = 25305
diff --git a/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample b/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample
deleted file mode 100644
index d6cdfb1fcb34..000000000000
--- a/security/openssl_tpm_engine/files/patch-dist-openssl.cnf.sample
+++ /dev/null
@@ -1,11 +0,0 @@
---- dist/openssl.cnf.sample.orig	2017-12-18 15:45:34 UTC
-+++ dist/openssl.cnf.sample
-@@ -18,7 +18,7 @@ engines = engine_section
- foo = tpm_section
- 
- [tpm_section]
--dynamic_path = /usr/local/ssl/lib/engines/libtpm.so
-+dynamic_path = %%TPMSO%%
- engine_id = tpm
- default_algorithms = ALL
- #default_algorithms = RAND,RSA
diff --git a/security/openssl_tpm_engine/files/patch-src-e_tpm.c b/security/openssl_tpm_engine/files/patch-src-e_tpm.c
deleted file mode 100644
index 69a7dac3dede..000000000000
--- a/security/openssl_tpm_engine/files/patch-src-e_tpm.c
+++ /dev/null
@@ -1,368 +0,0 @@
---- src/e_tpm.c.orig	2017-12-18 15:45:34 UTC
-+++ src/e_tpm.c
-@@ -34,6 +34,7 @@
- #include <tss/tspi.h>
- 
- #include <trousers/trousers.h>  // XXX DEBUG
-+#include <trousers/tss.h>
- 
- #include "e_tpm.h"
- #include "ssl_compat.h"
-@@ -55,10 +56,10 @@ static char *tpm_engine_get_auth(UI_METHOD *, char *, 
- /* rsa functions */
- static int tpm_rsa_init(RSA *rsa);
- static int tpm_rsa_finish(RSA *rsa);
--static int tpm_rsa_pub_dec(int, const unsigned char *, unsigned char *, RSA *, int);
--static int tpm_rsa_pub_enc(int, const unsigned char *, unsigned char *, RSA *, int);
--static int tpm_rsa_priv_dec(int, const unsigned char *, unsigned char *, RSA *, int);
--static int tpm_rsa_priv_enc(int, const unsigned char *, unsigned char *, RSA *, int);
-+static int tpm_rsa_pub_dec(int, unsigned char *, unsigned char *, RSA *, int);
-+static int tpm_rsa_pub_enc(int, unsigned char *, unsigned char *, RSA *, int);
-+static int tpm_rsa_priv_dec(int, unsigned char *, unsigned char *, RSA *, int);
-+static int tpm_rsa_priv_enc(int, unsigned char *, unsigned char *, RSA *, int);
- //static int tpm_rsa_sign(int, const unsigned char *, unsigned int, unsigned char *, unsigned int *, const RSA *);
- static int tpm_rsa_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
- #endif
-@@ -72,6 +73,7 @@ static RAND_SEED_RET_TYPE tpm_rand_seed(const void *, 
- #define TPM_CMD_SO_PATH		ENGINE_CMD_BASE
- #define TPM_CMD_PIN		ENGINE_CMD_BASE+1
- #define TPM_CMD_SECRET_MODE	ENGINE_CMD_BASE+2
-+#define TPM_CMD_QUOTE		ENGINE_CMD_BASE+3
- static const ENGINE_CMD_DEFN tpm_cmd_defns[] = {
- 	{TPM_CMD_SO_PATH,
- 	 "SO_PATH",
-@@ -85,6 +87,10 @@ static const ENGINE_CMD_DEFN tpm_cmd_defns[] = {
- 	 "SECRET_MODE",
- 	 "The TSS secret mode for all secrets",
- 	 ENGINE_CMD_FLAG_NUMERIC},
-+	{TPM_CMD_QUOTE,
-+	"QUOTE",
-+	"Perform a TPM_Quote() with the given structure",
-+	ENGINE_CMD_FLAG_NUMERIC},
- 	{0, NULL, NULL, 0}
- };
- 
-@@ -151,6 +157,9 @@ static unsigned int (*p_tspi_Hash_SetHashValue)();
- static unsigned int (*p_tspi_GetPolicyObject)();
- static unsigned int (*p_tspi_Policy_SetSecret)();
- static unsigned int (*p_tspi_Policy_AssignToObject)();
-+static unsigned int (*p_tspi_PcrComposite_SelectPcrIndex)();
-+static unsigned int (*p_tspi_TPM_Quote)();
-+static unsigned int (*p_tspi_NV_ReadValue)();
- 
- /* Override the real function calls to use our indirect pointers */
- #define Tspi_Context_Create p_tspi_Context_Create
-@@ -177,6 +186,9 @@ static unsigned int (*p_tspi_Policy_AssignToObject)();
- #define Tspi_Hash_SetHashValue p_tspi_Hash_SetHashValue
- #define Tspi_Policy_SetSecret p_tspi_Policy_SetSecret
- #define Tspi_Policy_AssignToObject p_tspi_Policy_AssignToObject
-+#define	Tspi_PcrComposite_SelectPcrIndex p_tspi_PcrComposite_SelectPcrIndex
-+#define	Tspi_TPM_Quote p_tspi_TPM_Quote
-+#define	Tspi_NV_ReadValue p_tspi_NV_ReadValue
- #endif /* DLOPEN_TSPI */
- 
- static int setup_rsa_method()
-@@ -262,6 +274,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
- 	TSS_RESULT result;
- 	UINT32 authusage;
- 	BYTE *auth;
-+	BYTE well_known[TPM_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
- 
- 	if (hSRK != NULL_HKEY) {
- 		DBGFN("SRK is already loaded.");
-@@ -308,6 +321,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
- 		return 0;
- 	}
- 
-+	if (ui) {
- 	if ((auth = calloc(1, 128)) == NULL) {
- 		TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
- 		return 0;
-@@ -333,6 +347,15 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
- 
- 	free(auth);
- 
-+	} else {
-+		if ((result = Tspi_Policy_SetSecret(hSRKPolicy, TSS_SECRET_MODE_SHA1, 20, well_known))) {
-+			Tspi_Context_CloseObject(hContext, hSRK);
-+			free(auth);
-+			TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
-+			return 0;
-+		}
-+	}
-+
- 	return 1;
- }
- 
-@@ -390,7 +413,10 @@ static int tpm_engine_init(ENGINE * e)
- 	    !bind_tspi_func(tpm_dso, Context_GetTpmObject) ||
- 	    !bind_tspi_func(tpm_dso, GetAttribUint32) ||
- 	    !bind_tspi_func(tpm_dso, SetAttribData) ||
--	    !bind_tspi_func(tpm_dso, Policy_AssignToObject)
-+	    !bind_tspi_func(tpm_dso, Policy_AssignToObject) ||
-+	    !bind_tspi_func(tpm_dso, PcrComposite_SelectPcrIndex) ||
-+	    !bind_tspi_func(tpm_dso, TPM_Quote) ||
-+	    !bind_tspi_func(tpm_dso, NV_ReadValue)
- 	    ) {
- 		TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE);
- 		goto err;
-@@ -452,6 +478,9 @@ err:
- 	p_tspi_Policy_AssignToObject = NULL;
- 	p_tspi_TPM_StirRandom = NULL;
- 	p_tspi_TPM_GetRandom = NULL;
-+	p_tspi_PcrComposite_SelectPcrIndex = NULL;
-+	p_tspi_TPM_Quote = NULL;
-+	p_tspi_NV_ReadValue = NULL;
- #endif
- 	return 0;
- }
-@@ -590,6 +619,55 @@ err:
- 	return 0;
- }
- 
-+/*
-+ *     Read a keyblob from NVRAM into an OpenSSL memory BIO
-+ *             by Christian Holler (c.hol...@sirrix.com), Sirrix AG
-+ */
-+int BIO_from_nvram(unsigned int index, unsigned int length, BIO** bio)
-+{
-+	TSS_RESULT result;
-+	TSS_HNVSTORE hNVStore;
-+	BYTE *dataRead = NULL;
-+
-+	//unsigned int blobLength = 559;
-+
-+	BIO *mem = BIO_new(BIO_s_mem());
-+
-+	/* Create TPM NV object */
-+	result = p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,
-+				     &hNVStore);
-+
-+	if (result != TSS_SUCCESS) {
-+		 TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
-+			 TPM_R_REQUEST_FAILED);
-+		 return 0;
-+	}
-+
-+	/* Set the index to be read */
-+	result = p_tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,
-+				(UINT32) index);
-+
-+	if (result != TSS_SUCCESS) {
-+		 TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
-+			 TPM_R_REQUEST_FAILED);
-+		 return 0;
-+	}
-+
-+	result = p_tspi_NV_ReadValue(hNVStore, 0, &length, &dataRead);
-+	BIO_write(mem, dataRead, length);
-+	p_tspi_Context_FreeMemory(hContext, dataRead);
-+
-+	if (result != TSS_SUCCESS ) {
-+		 TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
-+			 TPM_R_REQUEST_FAILED);
-+		 return 0;
-+	}
-+
-+	*bio = mem;
-+
-+	return 1;
-+}
-+
- static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id,
- 				     UI_METHOD *ui, void *cb_data)
- {
-@@ -604,7 +682,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
- 
- 	DBG("%s", __FUNCTION__);
- 
--	if (!key_id) {
-+	if (!key_id && !cb_data) {
- 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER);
- 		return NULL;
- 	}
-@@ -614,17 +692,27 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
- 		return NULL;
- 	}
- 
-+	if (cb_data) {
-+		struct nvram_request *nvreq = cb_data;
-+
-+		if (!BIO_from_nvram(nvreq->index, nvreq->length, &bf)) {
-+			TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
-+			    TPM_R_NVRAM_FAILED);
-+			return NULL;
-+		}
-+	} else {
- 	if ((bf = BIO_new_file(key_id, "r")) == NULL) {
- 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
--		       TPM_R_FILE_NOT_FOUND);
-+			TPM_R_FILE_NOT_FOUND);
- 		return NULL;
- 	}
-+	}
- 
- 	blobstr = PEM_ASN1_read_bio((void *)d2i_ASN1_OCTET_STRING,
- 				    "TSS KEY BLOB", bf, NULL, NULL, NULL);
- 	if (!blobstr) {
- 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
--		       TPM_R_FILE_READ_FAILED);
-+			TPM_R_FILE_READ_FAILED);
- 		BIO_free(bf);
- 		return NULL;
- 	}
-@@ -635,7 +723,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
- 						   blobstr->length,
- 						   blobstr->data, &hKey))) {
- 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
--		       TPM_R_REQUEST_FAILED);
-+			TPM_R_REQUEST_FAILED);
- 		return NULL;
- 	}
- 	ASN1_OCTET_STRING_free(blobstr);
-@@ -645,7 +733,7 @@ static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const 
- 					     &authusage))) {
- 		Tspi_Context_CloseObject(hContext, hKey);
- 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
--		       TPM_R_REQUEST_FAILED);
-+			TPM_R_REQUEST_FAILED);
- 		return NULL;
- 	}
- 
-@@ -747,7 +835,7 @@ static int tpm_create_srk_policy(void *secret)
- 							  TSS_POLICY_USAGE,
- 							  &hSRKPolicy))) {
- 			TSSerr(TPM_F_TPM_CREATE_SRK_POLICY,
--			       TPM_R_REQUEST_FAILED);
-+				TPM_R_REQUEST_FAILED);
- 			return 0;
- 		}
- 	}
-@@ -761,6 +849,70 @@ static int tpm_create_srk_policy(void *secret)
- 	return 1;
- }
- 
-+static int tpm_quote(void* p) {
-+	TSS_RESULT result;
-+	TSS_HPCRS hPcrComposite;
-+	TSS_VALIDATION tssVal;
-+
-+	unsigned int i = 0;
-+
-+	struct quote_request *request = p;
-+
-+	struct rsa_app_data *app_data = RSA_get_ex_data(request->rsa, ex_app_data);
-+
-+	/* No app_data, this is not a TPM Key and we cannot use it for quote */
-+	if (!app_data) {
-+		 return 0;
-+	}
-+
-+	/* Key is invalid */
-+	if (app_data->hKey == NULL_HKEY) {
-+		 TSSerr(TPM_F_TPM_QUOTE, TPM_R_INVALID_KEY);
-+		 return 0;
-+	}
-+
-+	/* Set up PcrComposite Structure, this is a set
-+	 * of PCRs which will be used for the quote */
-+	result =
-+		 p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS,
-+				   TSS_PCRS_STRUCT_INFO, &hPcrComposite);
-+	if (result != TSS_SUCCESS) {
-+		TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED);
-+		 return 0;
-+	}
-+
-+	/* Add all PCR values to be used to PcrComposite structure */
-+	for (i = 0; i < request->PCRSelLength; i++) {
-+		 if (request->PCRSel[i]) {
-+			  result = p_tspi_PcrComposite_SelectPcrIndex(hPcrComposite, i);
-+
-+			  if (result != TSS_SUCCESS) {
-+				   TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED);
-+				   return 0;
-+			  }
-+		 }
-+	}
-+
-+	/* Set the nonce */
-+	tssVal.rgbExternalData = request->nonce;
-+	tssVal.ulExternalDataLength = SHA_DIGEST_LENGTH;
-+
-+	result = p_tspi_TPM_Quote(hTPM, app_data->hKey, hPcrComposite, &tssVal);
-+
-+	if (result != TSS_SUCCESS) {
-+		 TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED);
-+		 return 0;
-+	}
-+
-+	request->rgbData = tssVal.rgbData;
-+	request->ulValidationDataLength = tssVal.ulValidationDataLength;
-+	request->rgbValidationData = tssVal.rgbValidationData;
-+
-+	p_tspi_Context_CloseObject(hContext, hPcrComposite);
-+
-+	return 1;
-+}
-+
- static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
- {
- 	int initialised = !!hContext;
-@@ -799,6 +951,8 @@ static int tpm_engine_ctrl(ENGINE * e, int cmd, long i
- 			return 1;
- 		case TPM_CMD_PIN:
- 			return tpm_create_srk_policy(p);
-+		case TPM_CMD_QUOTE:
-+			return tpm_quote(p);
- 		default:
- 			break;
- 	}
-@@ -853,7 +1007,7 @@ static int tpm_rsa_finish(RSA *rsa)
- }
- 
- static int tpm_rsa_pub_dec(int flen,
--			   const unsigned char *from,
-+			   unsigned char *from,
- 			   unsigned char *to,
- 			   RSA *rsa,
- 			   int padding)
-@@ -872,7 +1026,7 @@ static int tpm_rsa_pub_dec(int flen,
- }
- 
- static int tpm_rsa_priv_dec(int flen,
--			    const unsigned char *from,
-+			    unsigned char *from,
- 			    unsigned char *to,
- 			    RSA *rsa,
- 			    int padding)
-@@ -949,7 +1103,7 @@ static int tpm_rsa_priv_dec(int flen,
- }
- 
- static int tpm_rsa_pub_enc(int flen,
--			   const unsigned char *from,
-+			   unsigned char *from,
- 			   unsigned char *to,
- 			   RSA *rsa,
- 			   int padding)
-@@ -1056,7 +1210,7 @@ static int tpm_rsa_pub_enc(int flen,
- }
- 
- static int tpm_rsa_priv_enc(int flen,
--			    const unsigned char *from,
-+			    unsigned char *from,
- 			    unsigned char *to,
- 			    RSA *rsa,
- 			    int padding)
-@@ -1101,7 +1255,10 @@ static int tpm_rsa_priv_enc(int flen,
- 	}
- 
- 	if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) {
--		if (flen != SHA_DIGEST_LENGTH) {
-+		if (flen == SHA_DIGEST_LENGTH+15) {
-+			from += 15;
-+			flen = SHA_DIGEST_LENGTH;
-+		} else if (flen != SHA_DIGEST_LENGTH) {
- 			TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE);
- 			return 0;
- 		}
diff --git a/security/openssl_tpm_engine/files/patch-src-e_tpm.h b/security/openssl_tpm_engine/files/patch-src-e_tpm.h
deleted file mode 100644
index f4d003e77a49..000000000000
--- a/security/openssl_tpm_engine/files/patch-src-e_tpm.h
+++ /dev/null
@@ -1,45 +0,0 @@
---- src/e_tpm.h.orig	2017-12-18 15:45:34 UTC
-+++ src/e_tpm.h
-@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int reason, char *fil
- #define TPM_F_TPM_FILL_RSA_OBJECT		116
- #define TPM_F_TPM_ENGINE_GET_AUTH		117
- #define TPM_F_TPM_CREATE_SRK_POLICY		118
-+#define TPM_F_TPM_BIO_FROM_NVRAM		119
-+#define TPM_F_TPM_QUOTE				120
- 
- /* Reason codes. */
- #define TPM_R_ALREADY_LOADED			100
-@@ -96,6 +98,7 @@ void ERR_TSS_error(int function, int reason, char *fil
- #define TPM_R_ID_INVALID			125
- #define TPM_R_UI_METHOD_FAILED			126
- #define TPM_R_UNKNOWN_SECRET_MODE		127
-+#define TPM_R_NVRAM_FAILED			128
- 
- /* structure pointed to by the RSA object's app_data pointer */
- struct rsa_app_data
-@@ -105,6 +108,25 @@ struct rsa_app_data
- 	TSS_HENCDATA hEncData;
- 	UINT32 encScheme;
- 	UINT32 sigScheme;
-+};
-+
-+/* Added by c.hol...@sirrix.com */
-+struct quote_request
-+{
-+	RSA* rsa;
-+	unsigned int PCRSel[256];
-+	unsigned int PCRSelLength;
-+	const unsigned char* nonce;
-+	unsigned int nonceLen;
-+	unsigned char* rgbData;
-+	unsigned int ulValidationDataLength;
-+	unsigned char* rgbValidationData;
-+};
-+
-+struct nvram_request
-+{
-+	unsigned int index;
-+	unsigned int length;
- };
- 
- #define TPM_ENGINE_EX_DATA_UNINIT		-1
diff --git a/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c b/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c
deleted file mode 100644
index 754885dde0e0..000000000000
--- a/security/openssl_tpm_engine/files/patch-src-e_tpm_err.c
+++ /dev/null
@@ -1,18 +0,0 @@
---- src/e_tpm_err.c.orig	2017-12-18 15:45:34 UTC
-+++ src/e_tpm_err.c
-@@ -234,6 +234,7 @@ static ERR_STRING_DATA TPM_str_functs[] = {
- 	{ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"},
- 	{ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"},
- 	{ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"},
-+	{ERR_PACK(0, TPM_F_TPM_BIO_FROM_NVRAM, 0), "TPM_BIO_FROM_NVRAM"},
- 	{0, NULL}
- };
- 
-@@ -264,6 +265,7 @@ static ERR_STRING_DATA TPM_str_reasons[] = {
- 	{TPM_R_FILE_READ_FAILED, "failed reading the key file"},
- 	{TPM_R_ID_INVALID, "engine id doesn't match"},
- 	{TPM_R_UI_METHOD_FAILED, "ui function failed"},
-+	{TPM_R_NVRAM_FAILED, "nvram failure"},
- 	{0, NULL}
- };
- 
diff --git a/security/openssl_tpm_engine/files/pkg-message.in b/security/openssl_tpm_engine/files/pkg-message.in
deleted file mode 100644
index 991b707e091f..000000000000
--- a/security/openssl_tpm_engine/files/pkg-message.in
+++ /dev/null
@@ -1,17 +0,0 @@
-[
-{ type: install
-  message: <<EOM
-A sample configuration which has to be added into /etc/ssl/openssl.cnf
-to enable "tpm" engine in OpenSSL can be found at
-%%EXAMPLESDIR%%/openssl.cnf.sample.
-Note that tcsd daemon in security/trousers must be running.  If not,
-you might get the following error messages:
-
- | Auto configuration failed
- | 65738:error:80066070:tpm engine:TPM_ENGINE_INIT:unit failure:e_tpm.c:484:
- | 65738:error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_table.c:161:
- | 65738:error:260BC065:engine routines:INT_ENGINE_CONFIGURE:engine configuration error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_cnf.c:204:section=tpm_section, name=default_algorithms, value=ALL
- | 65738:error:0E07606D:configuration file routines:MODULE_RUN:module initialization error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_mod.c:235:module=engines, value=engine_section, retcode=-1
-EOM
-}
-]
diff --git a/security/openssl_tpm_engine/pkg-descr b/security/openssl_tpm_engine/pkg-descr
deleted file mode 100644
index 911b99d733f7..000000000000
--- a/security/openssl_tpm_engine/pkg-descr
+++ /dev/null
@@ -1,6 +0,0 @@
-This is a forked version of OpenSSL TPM engine from the original
-upstream, TrouSerS project.
-
-This package contains two sets of code, a command-line utility used to
-generate a TSS key blob and write it to disk and an OpenSSL engine which
-interfaces with the TSS API.