git: 7b1e19ad78c6 - main - Add libfido2 to the build

Reply: Peter Jeremy : "Re: git: 7b1e19ad78c6 - main - Add libfido2 to the build"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Ed Maste <emaste_at_FreeBSD.org>
Date: Sat, 23 Oct 2021 00:00:19 UTC
The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=7b1e19ad78c6a3f84f81cb1a16a39500f0337062

commit 7b1e19ad78c6a3f84f81cb1a16a39500f0337062
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2021-10-07 01:52:05 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2021-10-22 23:57:57 +0000

    Add libfido2 to the build
    
    From https://github.com/Yubico/libfido2:
    
        libfido2 provides library functionality and command-line tools to
        communicate with a FIDO device over USB, and to verify attestation
        and assertion signatures.
    
        libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
        protocols.
    
    libfido2 will be used by ssh to support FIDO/U2F keys. It is currently
    intended only for use by ssh, and so is installed as a PRIVATELIB and is
    placed in the ssh pkgbase package.
    
    This is currently disabled for the 32-bit library build as libfido2 is
    not compatible with the COMPAT_32BIT hack in usb_ioctl.h.
    
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D32448
---
 lib/Makefile                             |  2 +-
 lib/libfido2/Makefile                    | 73 ++++++++++++++++++++++++++++++++
 share/mk/src.libnames.mk                 |  3 ++
 tools/build/mk/OptionalObsoleteFiles.inc |  3 ++
 4 files changed, 80 insertions(+), 1 deletion(-)

diff --git a/lib/Makefile b/lib/Makefile
index d39bbd37c910..81ace36ba990 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -216,7 +216,7 @@ SUBDIR.${MK_BHYVE}+=	libvmmapi
 SUBDIR.${MK_OPENMP}+=	libomp
 .endif
 .if !defined(COMPAT_32BIT)
-SUBDIR.${MK_OPENSSH}+=	libcbor
+SUBDIR.${MK_OPENSSH}+=	libcbor libfido2
 .endif
 SUBDIR.${MK_OPENSSL}+=	libmp
 SUBDIR.${MK_PF}+=	libpfctl
diff --git a/lib/libfido2/Makefile b/lib/libfido2/Makefile
new file mode 100644
index 000000000000..edf737b9dafc
--- /dev/null
+++ b/lib/libfido2/Makefile
@@ -0,0 +1,73 @@
+PACKAGE=ssh
+LIB=	fido2
+PRIVATELIB=
+DIST=	${SRCTOP}/contrib/libfido2
+
+.PATH:	${DIST}/src ${DIST}
+
+SRCS+=	aes256.c
+SRCS+=	assert.c
+SRCS+=	authkey.c
+SRCS+=	bio.c
+SRCS+=	blob.c
+SRCS+=	buf.c
+SRCS+=	cbor.c
+SRCS+=	compress.c
+SRCS+=	config.c
+SRCS+=	cred.c
+SRCS+=	credman.c
+SRCS+=	dev.c
+SRCS+=	ecdh.c
+SRCS+=	eddsa.c
+SRCS+=	err.c
+SRCS+=	es256.c
+SRCS+=	hid_freebsd.c
+SRCS+=	hid_unix.c
+SRCS+=	hid.c
+SRCS+=	info.c
+SRCS+=	io.c
+SRCS+=	iso7816.c
+SRCS+=	largeblob.c
+SRCS+=	log.c
+SRCS+=	pin.c
+SRCS+=	random.c
+SRCS+=	reset.c
+SRCS+=	rs256.c
+SRCS+=	u2f.c
+
+SRCS+=	openbsd-compat/freezero.c
+SRCS+=	openbsd-compat/recallocarray.c
+
+CFLAGS+= -I ${DIST}/src -I${SRCTOP}/contrib/libcbor/src -I${.CURDIR}/../libcbor
+CFLAGS+= -D_FIDO_INTERNAL
+CFLAGS+= -DHAVE_ARC4RANDOM_BUF
+CFLAGS+= -DHAVE_CLOCK_GETTIME
+CFLAGS+= -DHAVE_DEV_URANDOM
+CFLAGS+= -DHAVE_ERR_H
+CFLAGS+= -DHAVE_EXPLICIT_BZERO
+CFLAGS+= -DHAVE_GETLINE
+CFLAGS+= -DHAVE_GETOPT
+CFLAGS+= -DHAVE_GETPAGESIZE
+CFLAGS+= -DHAVE_GETRANDOM
+CFLAGS+= -DHAVE_OPENSSLV_H
+CFLAGS+= -DHAVE_READPASSPHRASE
+CFLAGS+= -DHAVE_SIGNAL_H
+CFLAGS+= -DHAVE_STRLCAT
+CFLAGS+= -DHAVE_STRLCPY
+CFLAGS+= -DHAVE_STRSEP
+CFLAGS+= -DHAVE_SYSCONF
+CFLAGS+= -DHAVE_SYS_RANDOM_H
+CFLAGS+= -DHAVE_TIMESPECSUB
+CFLAGS+= -DHAVE_TIMINGSAFE_BCMP
+CFLAGS+= -DHAVE_UNISTD_H
+CFLAGS+= -DTLS=__thread
+CFLAGS+= -D_FIDO_MAJOR=1
+CFLAGS+= -D_FIDO_MINOR=9
+CFLAGS+= -D_FIDO_PATCH=0
+
+LIBADD=	crypto z
+
+WARNS=2
+MAN=
+
+.include <bsd.lib.mk>
diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk
index a3cf355de372..227691804e2a 100644
--- a/share/mk/src.libnames.mk
+++ b/share/mk/src.libnames.mk
@@ -20,6 +20,7 @@ _PRIVATELIBS=	\
 		cbor \
 		devdctl \
 		event1 \
+		fido2 \
 		gmock \
 		gtest \
 		gmock_main \
@@ -339,6 +340,7 @@ _DP_pam=	radius tacplus opie md util
 _DP_pam+=	krb5
 .endif
 .if ${MK_OPENSSH} != "no"
+_DP_fido2+=	crypto z
 _DP_pam+=	ssh
 .endif
 .if ${MK_NIS} != "no"
@@ -690,6 +692,7 @@ LIBCAP_SYSCTLDIR=	${OBJTOP}/lib/libcasper/services/cap_sysctl
 LIBCAP_SYSLOGDIR=	${OBJTOP}/lib/libcasper/services/cap_syslog
 LIBCBORDIR=	${OBJTOP}/lib/libcbor
 LIBBSDXMLDIR=	${OBJTOP}/lib/libexpat
+LIBFIDO2DIR=	${OBJTOP}/lib/libfido2
 LIBKVMDIR=	${OBJTOP}/lib/libkvm
 LIBPTHREADDIR=	${OBJTOP}/lib/libthr
 LIBMDIR=	${OBJTOP}/lib/msun
diff --git a/tools/build/mk/OptionalObsoleteFiles.inc b/tools/build/mk/OptionalObsoleteFiles.inc
index 141f691ba83e..3fd4a00bfb02 100644
--- a/tools/build/mk/OptionalObsoleteFiles.inc
+++ b/tools/build/mk/OptionalObsoleteFiles.inc
@@ -7124,6 +7124,9 @@ OLD_FILES+=usr/bin/ssh-keyscan
 OLD_FILES+=usr/lib/libprivatecbor.a
 OLD_FILES+=usr/lib/libprivatecbor.so
 OLD_LIBS+=usr/lib/libprivatecbor.so.5
+OLD_FILES+=/usr/lib/libprivatefido2.a
+OLD_FILES+=/usr/lib/libprivatefido2.so
+OLD_LIBS+=/usr/lib/libprivatefido2.so.5
 OLD_FILES+=usr/lib/pam_ssh.so
 OLD_LIBS+=usr/lib/pam_ssh.so.6
 OLD_FILES+=usr/lib/libprivatessh.a