diff --git a/security/Makefile b/security/Makefile
--- a/security/Makefile
+++ b/security/Makefile
@@ -408,6 +408,7 @@
     SUBDIR += openssh-askpass
     SUBDIR += openssh-portable
     SUBDIR += openssl
+    SUBDIR += openssl-agent
     SUBDIR += openssl-devel
     SUBDIR += openssl-quictls
     SUBDIR += openssl-unsafe
diff --git a/security/openssl-agent/Makefile b/security/openssl-agent/Makefile
new file mode 100644
--- /dev/null
+++ b/security/openssl-agent/Makefile
@@ -0,0 +1,31 @@
+PORTNAME=	openssl-agent
+PORTVERSION=	0.15.0
+CATEGORIES=	security
+MASTER_SITES=	https://pkg.cppget.org/1/alpha/build2/
+
+MAINTAINER=	fuz@FreeBSD.org
+COMMENT=	OpenSSL key agent and client utilities
+WWW=		https://git.build2.org/cgit/openssl-agent/tree/README
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	build2>=0:devel/build2
+LIB_DEPENDS=	libbutl.so:devel/build2
+
+PLIST_FILES=	bin/openssl-agent-pkcs11 \
+		bin/openssl-client
+
+do-build:
+	cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} b configure \
+		config.cxx=${CXX} \
+		config.cxx.coptions="${CXXFLAGS}" \
+		config.cxx.loptions="${LDFLAGS} ${STRIP}" \
+		config.bin.lib=shared \
+		config.bin.rpath=${PREFIX}/lib \
+		config.install.chroot=${STAGEDIR} \
+		config.install.root=${PREFIX}
+do-install:
+		cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} b install -V -j ${MAKE_JOBS_NUMBER} -J ${MAKE_JOBS_NUMBER}
+
+.include <bsd.port.mk>
diff --git a/security/openssl-agent/distinfo b/security/openssl-agent/distinfo
new file mode 100644
--- /dev/null
+++ b/security/openssl-agent/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1675956504
+SHA256 (openssl-agent-0.15.0.tar.gz) = cad582c8e0bf3dd4fb55aedf502e6b83573a7097eee400fa785ed196c7ddcf42
+SIZE (openssl-agent-0.15.0.tar.gz) = 49819
diff --git a/security/openssl-agent/files/patch-openssl_agent_pkcs11_agent.cxx b/security/openssl-agent/files/patch-openssl_agent_pkcs11_agent.cxx
new file mode 100644
--- /dev/null
+++ b/security/openssl-agent/files/patch-openssl_agent_pkcs11_agent.cxx
@@ -0,0 +1,12 @@
+--- openssl/agent/pkcs11/agent.cxx.orig	2023-02-09 15:36:17 UTC
++++ openssl/agent/pkcs11/agent.cxx
+@@ -24,6 +24,9 @@
+ #include <openssl/agent/pkcs11/options.hxx>
+ #include <openssl/agent/pkcs11/private-key.hxx>
+ 
++#include <sys/signal.h>
++#define _NSIG NSIG
++
+ namespace openssl
+ {
+   namespace agent
diff --git a/security/openssl-agent/pkg-descr b/security/openssl-agent/pkg-descr
new file mode 100644
--- /dev/null
+++ b/security/openssl-agent/pkg-descr
@@ -0,0 +1,5 @@
+OpenSSL key agent and client utilities
+
+The aim of these utilities is to provide an openssl-rsautl(1) drop-in
+replacement for performing cryptographic operations using a private key
+that is unlocked for the session, similar to OpenSSH's ssh-agent(1).