git: 7b1e19ad78c6 - main - Add libfido2 to the build

From: Ed Maste <>
Date: Sat, 23 Oct 2021 00:00:19 UTC
The branch main has been updated by emaste:


commit 7b1e19ad78c6a3f84f81cb1a16a39500f0337062
Author:     Ed Maste <>
AuthorDate: 2021-10-07 01:52:05 +0000
Commit:     Ed Maste <>
CommitDate: 2021-10-22 23:57:57 +0000

    Add libfido2 to the build
        libfido2 provides library functionality and command-line tools to
        communicate with a FIDO device over USB, and to verify attestation
        and assertion signatures.
        libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
    libfido2 will be used by ssh to support FIDO/U2F keys. It is currently
    intended only for use by ssh, and so is installed as a PRIVATELIB and is
    placed in the ssh pkgbase package.
    This is currently disabled for the 32-bit library build as libfido2 is
    not compatible with the COMPAT_32BIT hack in usb_ioctl.h.
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:
 lib/Makefile                             |  2 +-
 lib/libfido2/Makefile                    | 73 ++++++++++++++++++++++++++++++++
 share/mk/                 |  3 ++
 tools/build/mk/ |  3 ++
 4 files changed, 80 insertions(+), 1 deletion(-)

diff --git a/lib/Makefile b/lib/Makefile
index d39bbd37c910..81ace36ba990 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -216,7 +216,7 @@ SUBDIR.${MK_BHYVE}+=	libvmmapi
 SUBDIR.${MK_OPENMP}+=	libomp
 .if !defined(COMPAT_32BIT)
-SUBDIR.${MK_OPENSSH}+=	libcbor
+SUBDIR.${MK_OPENSSH}+=	libcbor libfido2
 SUBDIR.${MK_PF}+=	libpfctl
diff --git a/lib/libfido2/Makefile b/lib/libfido2/Makefile
new file mode 100644
index 000000000000..edf737b9dafc
--- /dev/null
+++ b/lib/libfido2/Makefile
@@ -0,0 +1,73 @@
+LIB=	fido2
+DIST=	${SRCTOP}/contrib/libfido2
+.PATH:	${DIST}/src ${DIST}
+SRCS+=	aes256.c
+SRCS+=	assert.c
+SRCS+=	authkey.c
+SRCS+=	bio.c
+SRCS+=	blob.c
+SRCS+=	buf.c
+SRCS+=	cbor.c
+SRCS+=	compress.c
+SRCS+=	config.c
+SRCS+=	cred.c
+SRCS+=	credman.c
+SRCS+=	dev.c
+SRCS+=	ecdh.c
+SRCS+=	eddsa.c
+SRCS+=	err.c
+SRCS+=	es256.c
+SRCS+=	hid_freebsd.c
+SRCS+=	hid_unix.c
+SRCS+=	hid.c
+SRCS+=	info.c
+SRCS+=	io.c
+SRCS+=	iso7816.c
+SRCS+=	largeblob.c
+SRCS+=	log.c
+SRCS+=	pin.c
+SRCS+=	random.c
+SRCS+=	reset.c
+SRCS+=	rs256.c
+SRCS+=	u2f.c
+SRCS+=	openbsd-compat/freezero.c
+SRCS+=	openbsd-compat/recallocarray.c
+CFLAGS+= -I ${DIST}/src -I${SRCTOP}/contrib/libcbor/src -I${.CURDIR}/../libcbor
+CFLAGS+= -DTLS=__thread
+LIBADD=	crypto z
+.include <>
diff --git a/share/mk/ b/share/mk/
index a3cf355de372..227691804e2a 100644
--- a/share/mk/
+++ b/share/mk/
@@ -20,6 +20,7 @@ _PRIVATELIBS=	\
 		cbor \
 		devdctl \
 		event1 \
+		fido2 \
 		gmock \
 		gtest \
 		gmock_main \
@@ -339,6 +340,7 @@ _DP_pam=	radius tacplus opie md util
 _DP_pam+=	krb5
 .if ${MK_OPENSSH} != "no"
+_DP_fido2+=	crypto z
 _DP_pam+=	ssh
 .if ${MK_NIS} != "no"
@@ -690,6 +692,7 @@ LIBCAP_SYSCTLDIR=	${OBJTOP}/lib/libcasper/services/cap_sysctl
 LIBCAP_SYSLOGDIR=	${OBJTOP}/lib/libcasper/services/cap_syslog
 LIBCBORDIR=	${OBJTOP}/lib/libcbor
 LIBBSDXMLDIR=	${OBJTOP}/lib/libexpat
+LIBFIDO2DIR=	${OBJTOP}/lib/libfido2
 LIBKVMDIR=	${OBJTOP}/lib/libkvm
 LIBMDIR=	${OBJTOP}/lib/msun
diff --git a/tools/build/mk/ b/tools/build/mk/
index 141f691ba83e..3fd4a00bfb02 100644
--- a/tools/build/mk/
+++ b/tools/build/mk/
@@ -7124,6 +7124,9 @@ OLD_FILES+=usr/bin/ssh-keyscan