- Update to 0.4.2.

- Take maintainership.
svn path=/head/; revision=323649
2025-01-05 06:27:37 +00:00 · 2013-07-25 15:30:11 +00:00 · 2013-07-25 15:30:11 +00:00 · a78adc05c2 · 2021-03-31 03:12:20 +00:00
commit a78adc05c2
parent 7dcaf27692
4 changed files with 212 additions and 222 deletions
--- a/security/openssl_tpm_engine/Makefile
+++ b/security/openssl_tpm_engine/Makefile
@ -1,42 +1,42 @@
-# New ports collection makefile for:	openssl_tpm_engine
-# Date created:				18 Sep 2007
-# Whom:					Sebastian Schuetz <sschuetz@fhm.edu>
-#
+# Created by: Sebastian Schuetz <sschuetz@fhm.edu>
 # $FreeBSD$
-#

 PORTNAME=	openssl_tpm_engine
-PORTVERSION=	0.4.1
-PORTREVISION=	1
+PORTVERSION=	0.4.2
 CATEGORIES=	security
 MASTER_SITES=	SF/trousers/OpenSSL%20TPM%20Engine/${PORTVERSION}

-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	hrs@FreeBSD.org
 COMMENT=	OpenSSL TPM engine

-RUN_DEPENDS=	${LOCALBASE}/sbin/tcsd:${PORTSDIR}/security/trousers
-LIB_DEPENDS=	tspi.2:${PORTSDIR}/security/trousers
-
-USE_GMAKE=	YES
-GNU_CONFIGURE=	YES
-MAKE_JOBS_SAFE=	YES
-USE_AUTOTOOLS=	autoconf libtool
-LDFLAGS+=	-L${LOCALBASE}/lib
-
-SUB_FILES=	pkg-message
-
 LICENSE=	GPLv2
-LICENSE_FILE=	${WRKSRC}/LICENSE

-.include <bsd.port.pre.mk>
+RUN_DEPENDS=	${LOCALBASE}/sbin/tcsd:${PORTSDIR}/security/trousers
+LIB_DEPENDS=	tspi:${PORTSDIR}/security/trousers
+
+USES=	gmake
+USE_AUTOTOOLS=	autoconf libtool
+USE_LDCONFIG=	yes
+GNU_CONFIGURE=	yes
+MAKE_JOBS_SAFE=	yes
+LDFLAGS+=	-L${LOCALBASE}/lib
 CFLAGS+=	-I${LOCALBASE}/include
+SUB_FILES=	pkg-message
+PORTEXAMPLES=	openssl.cnf.sample
+
+OPTIONS_DEFINE=	EXAMPLES
+OPTIONS_DEFAULT=EXAMPLES
+
+.include <bsd.port.options.mk>

 post-patch:
 	@${REINPLACE_CMD} 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/openssl.cnf.sample

 post-install:
-	@[ -d ${EXAMPLESDIR} ] || ${MKDIR} ${EXAMPLESDIR}
-	@${INSTALL_DATA} ${WRKSRC}/openssl.cnf.sample ${EXAMPLESDIR}
+.if ${PORT_OPTIONS:MEXAMPLES}
+	${MKDIR} ${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKSRC}/openssl.cnf.sample ${EXAMPLESDIR}
+.endif
 	@${CAT}	${PKGMESSAGE}

-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
--- a/security/openssl_tpm_engine/distinfo
+++ b/security/openssl_tpm_engine/distinfo
@ -1,2 +1,2 @@
-SHA256 (openssl_tpm_engine-0.4.1.tar.gz) = 01d1244f1985d5ba1720a64d04de9080acd9b1c08cc04a2f1b7beb6850deae67
-SIZE (openssl_tpm_engine-0.4.1.tar.gz) = 648249
+SHA256 (openssl_tpm_engine-0.4.2.tar.gz) = 2df697e583053f7047a89daa4585e21fc67cf4397ee34ece94cf2d4b4f7ab49c
+SIZE (openssl_tpm_engine-0.4.2.tar.gz) = 528196
--- a/security/openssl_tpm_engine/files/patch-e_tpm.c
+++ b/security/openssl_tpm_engine/files/patch-e_tpm.c
@ -1,193 +1,128 @@
-http://sourceforge.net/mailarchive/message.php?msg_name=4C0E2D48.20803%40sirrix.com
-http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.camel%40macbook.infradead.org
-
--- e_tpm.c.orig	2007-02-06 05:32:10.000000000 +0900
-+++ e_tpm.c	2010-11-21 06:54:21.792744937 +0900
-@@ -35,9 +35,6 @@
- #include <openssl/bn.h>
- 
- #include <tss/platform.h>
-#include <tss/tcpa_defines.h>
-#include <tss/tcpa_typedef.h>
-#include <tss/tcpa_struct.h>
- #include <tss/tss_defines.h>
- #include <tss/tss_typedef.h>
- #include <tss/tss_structs.h>
-@@ -45,6 +42,7 @@
+--- e_tpm.c.orig	2012-09-20 02:57:45.000000000 +0900
+++ e_tpm.c	2013-07-26 00:25:21.000000000 +0900
+@@ -35,6 +35,7 @@
 #include <tss/tspi.h>
 
 #include <trousers/trousers.h>  // XXX DEBUG
-+#include <trousers/tss.h>  // XXX DEBUG
+#include <trousers/tss.h>
 
 #include "e_tpm.h"
 
-@@ -77,6 +75,11 @@
- static const char *TPM_F_Policy_SetSecret = "Tspi_Policy_SetSecret";
- static const char *TPM_F_Policy_AssignToObject = "Tspi_Policy_AssignToObject";
- 
-+/* Added by c.hol...@sirrix.com */
-+static const char *TPM_F_PcrComposite_SelectPcrIndex = "Tspi_PcrComposite_SelectPcrIndex";
-+static const char *TPM_F_TPM_Quote = "Tspi_TPM_Quote";
-+static const char *TPM_F_NV_ReadValue = "Tspi_NV_ReadValue";
-+
- /* engine specific functions */
- static int tpm_engine_destroy(ENGINE *);
- static int tpm_engine_init(ENGINE *);
-@@ -106,6 +109,8 @@
+@@ -55,10 +56,10 @@
+ /* rsa functions */
+ static int tpm_rsa_init(RSA *rsa);
+ static int tpm_rsa_finish(RSA *rsa);
+-static int tpm_rsa_pub_dec(int, const unsigned char *, unsigned char *, RSA *, int);
+-static int tpm_rsa_pub_enc(int, const unsigned char *, unsigned char *, RSA *, int);
+-static int tpm_rsa_priv_dec(int, const unsigned char *, unsigned char *, RSA *, int);
+-static int tpm_rsa_priv_enc(int, const unsigned char *, unsigned char *, RSA *, int);
+static int tpm_rsa_pub_dec(int, unsigned char *, unsigned char *, RSA *, int);
+static int tpm_rsa_pub_enc(int, unsigned char *, unsigned char *, RSA *, int);
+static int tpm_rsa_priv_dec(int, unsigned char *, unsigned char *, RSA *, int);
+static int tpm_rsa_priv_enc(int, unsigned char *, unsigned char *, RSA *, int);
+ //static int tpm_rsa_sign(int, const unsigned char *, unsigned int, unsigned char *, unsigned int *, const RSA *);
+ static int tpm_rsa_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
+ #endif
+@@ -72,6 +73,7 @@
 #define TPM_CMD_SO_PATH		ENGINE_CMD_BASE
 #define TPM_CMD_PIN		ENGINE_CMD_BASE+1
 #define TPM_CMD_SECRET_MODE	ENGINE_CMD_BASE+2
 +#define TPM_CMD_QUOTE		ENGINE_CMD_BASE+3
-+
 static const ENGINE_CMD_DEFN tpm_cmd_defns[] = {
 	{TPM_CMD_SO_PATH,
 	 "SO_PATH",
-@@ -119,6 +124,10 @@
+@@ -85,6 +87,10 @@
 	 "SECRET_MODE",
 	 "The TSS secret mode for all secrets",
 	 ENGINE_CMD_FLAG_NUMERIC},
 +	{TPM_CMD_QUOTE,
-+	 "QUOTE",
-+	 "Perform a TPM_Quote() with the given structure",
-+	 ENGINE_CMD_FLAG_NUMERIC},
+	"QUOTE",
+	"Perform a TPM_Quote() with the given structure",
+	ENGINE_CMD_FLAG_NUMERIC},
 	{0, NULL, NULL, 0}
 };
 
-@@ -201,6 +210,11 @@
+@@ -167,6 +173,9 @@
+ static unsigned int (*p_tspi_GetPolicyObject)();
 static unsigned int (*p_tspi_Policy_SetSecret)();
 static unsigned int (*p_tspi_Policy_AssignToObject)();
- 
-+/* Added by c.hol...@sirrix.com */
 +static unsigned int (*p_tspi_PcrComposite_SelectPcrIndex)();
 +static unsigned int (*p_tspi_TPM_Quote)();
 +static unsigned int (*p_tspi_NV_ReadValue)();
-+
+ 
+ /* Override the real function calls to use our indirect pointers */
+ #define Tspi_Context_Create p_tspi_Context_Create
+@@ -193,6 +202,9 @@
+ #define Tspi_Hash_SetHashValue p_tspi_Hash_SetHashValue
+ #define Tspi_Policy_SetSecret p_tspi_Policy_SetSecret
+ #define Tspi_Policy_AssignToObject p_tspi_Policy_AssignToObject
+#define	Tspi_PcrComposite_SelectPcrIndex p_tspi_PcrComposite_SelectPcrIndex
+#define	Tspi_TPM_Quote p_tspi_TPM_Quote
+#define	Tspi_NV_ReadValue p_tspi_NV_ReadValue
+ #endif /* DLOPEN_TSPI */
+ 
 /* This internal function is used by ENGINE_tpm() and possibly by the
-  * "dynamic" ENGINE support too */
- static int bind_helper(ENGINE * e)
-@@ -255,6 +269,9 @@
+@@ -248,6 +260,7 @@
+ 	TSS_RESULT result;
 	UINT32 authusage;
 	BYTE *auth;
- 
-+	/* Added by c.hol...@sirrix.com */
 +	BYTE well_known[TPM_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET;
-+
+ 
 	if (hSRK != NULL_HKEY) {
 		DBGFN("SRK is already loaded.");
- 		return 1;
-@@ -300,29 +317,37 @@
+@@ -294,6 +307,7 @@
 		return 0;
 	}
 
-	if ((auth = calloc(1, 128)) == NULL) {
-		TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-+	/* c.hol...@sirrix.com: If the UI method is NULL, use TSS_WELL_KNOWN_SECRET */
 +	if (ui) {
-+		if ((auth = calloc(1, 128)) == NULL) {
-+			TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
-+			return 0;
-+		}
+ 	if ((auth = calloc(1, 128)) == NULL) {
+ 		TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
+ 		return 0;
+@@ -319,6 +333,15 @@
 
-	if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ")) {
-		p_tspi_Context_CloseObject(hContext, hSRK);
-		free(auth);
-		TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
-	}
-+		if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ")) {
-+			p_tspi_Context_CloseObject(hContext, hSRK);
-+			free(auth);
-+			TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
-+		}
-+		/* secret_mode is a global that may be set by engine ctrl
-+		 * commands.  By default, its set to TSS_SECRET_MODE_PLAIN */
-+		if ((result = p_tspi_Policy_SetSecret(hSRKPolicy, secret_mode,
-+						      strlen((char *)auth), auth))) {
-+			p_tspi_Context_CloseObject(hContext, hSRK);
-+			free(auth);
-+			TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
-+			return 0;
-+		}
+ 	free(auth);
 
-	/* secret_mode is a global that may be set by engine ctrl
-	 * commands.  By default, its set to TSS_SECRET_MODE_PLAIN */
-	if ((result = p_tspi_Policy_SetSecret(hSRKPolicy, secret_mode,
-					      strlen((char *)auth), auth))) {
-		p_tspi_Context_CloseObject(hContext, hSRK);
- 		free(auth);
-		TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
-		return 0;
 +	} else {
-+		if (result = p_tspi_Policy_SetSecret(hSRKPolicy, TSS_SECRET_MODE_SHA1, 20, well_known)) {
-+			p_tspi_Context_CloseObject(hContext, hSRK);
+		if ((result = Tspi_Policy_SetSecret(hSRKPolicy, TSS_SECRET_MODE_SHA1, 20, well_known))) {
+			Tspi_Context_CloseObject(hContext, hSRK);
+			free(auth);
 +			TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
 +			return 0;
 +		}
- 	}
- 
-	free(auth);
-
+	}
+
 	return 1;
 }
 
-@@ -363,6 +388,12 @@
- 	void (*p22) ();
- 	void (*p23) ();
- 	void (*p24) ();
-+
-+	/* Added by c.hol...@sirrix.com */
-+	void (*p25) ();
-+	void (*p26) ();
-+	void (*p27) ();
-+
- 	TSS_RESULT result;
- 
- 	DBG("%s", __FUNCTION__);
-@@ -400,6 +431,12 @@
- 	    !(p21 = DSO_bind_func(tpm_dso, TPM_F_Context_GetTpmObject)) ||
- 	    !(p22 = DSO_bind_func(tpm_dso, TPM_F_GetAttribUint32)) ||
- 	    !(p23 = DSO_bind_func(tpm_dso, TPM_F_SetAttribData)) ||
-+
-+	    /* Added by c.hol...@sirrix.com */
-+	    !(p25 = DSO_bind_func(tpm_dso, TPM_F_TPM_Quote)) ||
-+	    !(p26 = DSO_bind_func(tpm_dso, TPM_F_PcrComposite_SelectPcrIndex)) ||
-+	    !(p27 = DSO_bind_func(tpm_dso, TPM_F_NV_ReadValue)) ||
-+
- 	    !(p24 = DSO_bind_func(tpm_dso, TPM_F_Policy_AssignToObject))
+@@ -376,7 +399,10 @@
+ 	    !bind_tspi_func(tpm_dso, Context_GetTpmObject) ||
+ 	    !bind_tspi_func(tpm_dso, GetAttribUint32) ||
+ 	    !bind_tspi_func(tpm_dso, SetAttribData) ||
+-	    !bind_tspi_func(tpm_dso, Policy_AssignToObject)
+	    !bind_tspi_func(tpm_dso, Policy_AssignToObject) ||
+	    !bind_tspi_func(tpm_dso, PcrComposite_SelectPcrIndex) ||
+	    !bind_tspi_func(tpm_dso, TPM_Quote) ||
+	    !bind_tspi_func(tpm_dso, NV_ReadValue)
 	    ) {
 		TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_DSO_FAILURE);
-@@ -432,6 +469,11 @@
- 	p_tspi_SetAttribData = (unsigned int (*) ()) p23;
- 	p_tspi_Policy_AssignToObject = (unsigned int (*) ()) p24;
- 
-+	/* Added by c.hol...@sirrix.com */
-+	p_tspi_TPM_Quote = (unsigned int (*) ()) p25;
-+	p_tspi_PcrComposite_SelectPcrIndex = (unsigned int (*) ()) p26;
-+	p_tspi_NV_ReadValue = (unsigned int (*) ()) p27;
-+
- 	if ((result = p_tspi_Context_Create(&hContext))) {
- 		TSSerr(TPM_F_TPM_ENGINE_INIT, TPM_R_UNIT_FAILURE);
 		goto err;
-@@ -487,6 +529,11 @@
+@@ -438,6 +464,9 @@
+ 	p_tspi_Policy_AssignToObject = NULL;
 	p_tspi_TPM_StirRandom = NULL;
 	p_tspi_TPM_GetRandom = NULL;
- 
-+	/* Added by c.hol...@sirrix.com */
-+	p_tspi_TPM_Quote = NULL;
 +	p_tspi_PcrComposite_SelectPcrIndex = NULL;
+	p_tspi_TPM_Quote = NULL;
 +	p_tspi_NV_ReadValue = NULL;
-+
+ #endif
 	return 0;
 }
- 
-@@ -612,6 +659,55 @@
+@@ -566,6 +595,55 @@
 	return 1;
 }
 
 +/*
-+ *	Read a keyblob from NVRAM into an OpenSSL memory BIO
-+ *		by Christian Holler (c.hol...@sirrix.com), Sirrix AG
+ *     Read a keyblob from NVRAM into an OpenSSL memory BIO
+ *             by Christian Holler (c.hol...@sirrix.com), Sirrix AG
 + */
 +int BIO_from_nvram(unsigned int index, unsigned int length, BIO** bio)
 +{
@ -201,22 +136,22 @@ http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.cam
 +
 +	/* Create TPM NV object */
 +	result = p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,
-+				  &hNVStore);
-+	
-+	if (result != TSS_SUCCESS) {
-+		TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
-+		       TPM_R_REQUEST_FAILED);
-+		return 0;
-+	}
-+	
-+	/* Set the index to be read */
-+	result = p_tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,
-+			     (UINT32) index);
+				     &hNVStore);
 +
 +	if (result != TSS_SUCCESS) {
-+		TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
-+		       TPM_R_REQUEST_FAILED);
-+		return 0;
+		 TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
+			 TPM_R_REQUEST_FAILED);
+		 return 0;
+	}
+
+	/* Set the index to be read */
+	result = p_tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,
+				(UINT32) index);
+
+	if (result != TSS_SUCCESS) {
+		 TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
+			 TPM_R_REQUEST_FAILED);
+		 return 0;
 +	}
 +
 +	result = p_tspi_NV_ReadValue(hNVStore, 0, &length, &dataRead);
@ -224,9 +159,9 @@ http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.cam
 +	p_tspi_Context_FreeMemory(hContext, dataRead);
 +
 +	if (result != TSS_SUCCESS ) {
-+		TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
-+		       TPM_R_REQUEST_FAILED);
-+		return 0;
+		 TSSerr(TPM_F_TPM_BIO_FROM_NVRAM,
+			 TPM_R_REQUEST_FAILED);
+		 return 0;
 +	}
 +
 +	*bio = mem;
@ -237,7 +172,7 @@ http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.cam
 static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id,
 				     UI_METHOD *ui, void *cb_data)
 {
-@@ -627,7 +723,7 @@
+@@ -580,7 +658,7 @@
 
 	DBG("%s", __FUNCTION__);
 
@ -246,42 +181,64 @@ http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.cam
 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER);
 		return NULL;
 	}
-@@ -637,10 +733,21 @@
+@@ -590,17 +668,27 @@
 		return NULL;
 	}
 
-	if ((bf = BIO_new_file(key_id, "r")) == NULL) {
-		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
-		       TPM_R_FILE_NOT_FOUND);
-		return NULL;
 +	if (cb_data) {
 +		struct nvram_request *nvreq = cb_data;
 +
 +		if (!BIO_from_nvram(nvreq->index, nvreq->length, &bf)) {
 +			TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
-+				TPM_R_NVRAM_FAILED);
+			    TPM_R_NVRAM_FAILED);
 +			return NULL;
 +		}
 +	} else {
-+
-+		if ((bf = BIO_new_file(key_id, "r")) == NULL) {
-+			TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
-+			       TPM_R_FILE_NOT_FOUND);
-+			return NULL;
-+		}
+ 	if ((bf = BIO_new_file(key_id, "r")) == NULL) {
+ 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
+-		       TPM_R_FILE_NOT_FOUND);
+			TPM_R_FILE_NOT_FOUND);
+ 		return NULL;
 	}
- retry:
- 	if ((rc = BIO_read(bf, &blob_buf[0], 4096)) < 0) {
-@@ -746,6 +853,8 @@
+	}
+ 
+ 	blobstr = PEM_ASN1_read_bio((void *)d2i_ASN1_OCTET_STRING,
+ 				    "TSS KEY BLOB", bf, NULL, NULL, NULL);
+ 	if (!blobstr) {
+ 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
+-		       TPM_R_FILE_READ_FAILED);
+			TPM_R_FILE_READ_FAILED);
+ 		BIO_free(bf);
+ 		return NULL;
+ 	}
+@@ -611,7 +699,7 @@
+ 						   blobstr->length,
+ 						   blobstr->data, &hKey))) {
+ 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
+-		       TPM_R_REQUEST_FAILED);
+			TPM_R_REQUEST_FAILED);
+ 		return NULL;
+ 	}
+ 	ASN1_OCTET_STRING_free(blobstr);
+@@ -621,7 +709,7 @@
+ 					     &authusage))) {
+ 		Tspi_Context_CloseObject(hContext, hKey);
+ 		TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
+-		       TPM_R_REQUEST_FAILED);
+			TPM_R_REQUEST_FAILED);
 		return NULL;
 	}
 
-+	EVP_PKEY_assign_RSA(pkey, rsa);
-+
- 	return pkey;
- }
- 
-@@ -782,6 +891,70 @@
+@@ -726,7 +814,7 @@
+ 							  TSS_POLICY_USAGE,
+ 							  &hSRKPolicy))) {
+ 			TSSerr(TPM_F_TPM_CREATE_SRK_POLICY,
+-			       TPM_R_REQUEST_FAILED);
+				TPM_R_REQUEST_FAILED);
+ 			return 0;
+ 		}
+ 	}
+@@ -740,6 +828,70 @@
 	return 1;
 }
 
@ -289,7 +246,7 @@ http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.cam
 +	TSS_RESULT result;
 +	TSS_HPCRS hPcrComposite;
 +	TSS_VALIDATION tssVal;
-+	
+
 +	unsigned int i = 0;
 +
 +	struct quote_request *request = p;
@ -298,35 +255,35 @@ http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.cam
 +
 +	/* No app_data, this is not a TPM Key and we cannot use it for quote */
 +	if (!app_data) {
-+		return 0;
+		 return 0;
 +	}
 +
 +	/* Key is invalid */
 +	if (app_data->hKey == NULL_HKEY) {
-+		TSSerr(TPM_F_TPM_QUOTE, TPM_R_INVALID_KEY);
-+		return 0;
+		 TSSerr(TPM_F_TPM_QUOTE, TPM_R_INVALID_KEY);
+		 return 0;
 +	}
 +
-+	/* Set up PcrComposite Structure, this is a set 
+	/* Set up PcrComposite Structure, this is a set
 +	 * of PCRs which will be used for the quote */
 +	result =
-+		p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS,
-+				TSS_PCRS_STRUCT_INFO, &hPcrComposite);
+		 p_tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS,
+				   TSS_PCRS_STRUCT_INFO, &hPcrComposite);
 +	if (result != TSS_SUCCESS) {
 +		TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED);
-+		return 0;
+		 return 0;
 +	}
 +
 +	/* Add all PCR values to be used to PcrComposite structure */
 +	for (i = 0; i < request->PCRSelLength; i++) {
-+		if (request->PCRSel[i]) {
-+			result = p_tspi_PcrComposite_SelectPcrIndex(hPcrComposite, i);
+		 if (request->PCRSel[i]) {
+			  result = p_tspi_PcrComposite_SelectPcrIndex(hPcrComposite, i);
 +
-+			if (result != TSS_SUCCESS) {
-+				TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED);
-+				return 0;
-+			}
-+		}
+			  if (result != TSS_SUCCESS) {
+				   TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED);
+				   return 0;
+			  }
+		 }
 +	}
 +
 +	/* Set the nonce */
@ -336,8 +293,8 @@ http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.cam
 +	result = p_tspi_TPM_Quote(hTPM, app_data->hKey, hPcrComposite, &tssVal);
 +
 +	if (result != TSS_SUCCESS) {
-+		TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED);
-+		return 0;
+		 TSSerr(TPM_F_TPM_QUOTE, TPM_R_REQUEST_FAILED);
+		 return 0;
 +	}
 +
 +	request->rgbData = tssVal.rgbData;
@ -351,8 +308,8 @@ http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.cam
 +
 static int tpm_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void (*f) ())
 {
- 	int initialised = ((tpm_dso == NULL) ? 0 : 1);
-@@ -820,6 +993,8 @@
+ 	int initialised = !!hContext;
+@@ -778,6 +930,8 @@
 			return 1;
 		case TPM_CMD_PIN:
 			return tpm_create_srk_policy(p);
@ -361,13 +318,47 @@ http://sourceforge.net/mailarchive/message.php?msg_name=1270748622.4478.6722.cam
 		default:
 			break;
 	}
-@@ -1104,7 +1279,12 @@
+@@ -832,7 +986,7 @@
+ }
+ 
+ static int tpm_rsa_pub_dec(int flen,
+-			   const unsigned char *from,
+			   unsigned char *from,
+ 			   unsigned char *to,
+ 			   RSA *rsa,
+ 			   int padding)
+@@ -851,7 +1005,7 @@
+ }
+ 
+ static int tpm_rsa_priv_dec(int flen,
+-			    const unsigned char *from,
+			    unsigned char *from,
+ 			    unsigned char *to,
+ 			    RSA *rsa,
+ 			    int padding)
+@@ -928,7 +1082,7 @@
+ }
+ 
+ static int tpm_rsa_pub_enc(int flen,
+-			   const unsigned char *from,
+			   unsigned char *from,
+ 			   unsigned char *to,
+ 			   RSA *rsa,
+ 			   int padding)
+@@ -1035,7 +1189,7 @@
+ }
+ 
+ static int tpm_rsa_priv_enc(int flen,
+-			    const unsigned char *from,
+			    unsigned char *from,
+ 			    unsigned char *to,
+ 			    RSA *rsa,
+ 			    int padding)
+@@ -1080,7 +1234,10 @@
 	}
 
 	if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) {
 -		if (flen != SHA_DIGEST_LENGTH) {
-+		/* c.hol...@sirrix.com: Ugly hack, OpenSSL passes PKCS1v1.5 wrapped hash, 
-+		 * original SHA1 is last 20 bytes */
 +		if (flen == SHA_DIGEST_LENGTH+15) {
 +			from += 15;
 +			flen = SHA_DIGEST_LENGTH;
--- a/security/openssl_tpm_engine/pkg-plist
+++ b/security/openssl_tpm_engine/pkg-plist
@ -1,9 +1,8 @@
+@comment $FreeBSD$
 bin/create_tpm_key
 lib/openssl/engines/libtpm.a
 lib/openssl/engines/libtpm.la
 lib/openssl/engines/libtpm.so
 lib/openssl/engines/libtpm.so.0
-%%EXAMPLESDIR%%/openssl.cnf.sample
@dirrm lib/openssl/engines
@dirrm lib/openssl
-@dirrm %%EXAMPLESDIR%%