git: c437ff145cbe - stable/13 - Add libfido2 to the build
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 09 Feb 2022 23:58:18 UTC
The branch stable/13 has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=c437ff145cbe5a6173f49472fe5f1ae4c686f121
commit c437ff145cbe5a6173f49472fe5f1ae4c686f121
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2021-10-07 01:52:05 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-02-09 21:24:54 +0000
Add libfido2 to the build
From https://github.com/Yubico/libfido2:
libfido2 provides library functionality and command-line tools to
communicate with a FIDO device over USB, and to verify attestation
and assertion signatures.
libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
protocols.
libfido2 will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.
This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32448
(cherry picked from commit 7b1e19ad78c6a3f84f81cb1a16a39500f0337062)
(cherry picked from commit 93942379cced89ad4ac653f262ac8277a8550853)
---
lib/Makefile | 4 +-
lib/libfido2/Makefile | 73 ++++++++++++++++++++++++++++++++
share/mk/src.libnames.mk | 3 ++
tools/build/mk/OptionalObsoleteFiles.inc | 3 ++
4 files changed, 81 insertions(+), 2 deletions(-)
diff --git a/lib/Makefile b/lib/Makefile
index 8b1365e3e59e..5e740edc78a5 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -211,8 +211,8 @@ SUBDIR.${MK_BHYVE}+= libvmmapi
.if ${MACHINE_ARCH} != "powerpc"
SUBDIR.${MK_OPENMP}+= libomp
.endif
-.if !defined(COMPAT_32BIT)
-SUBDIR.${MK_OPENSSH}+= libcbor
+.if !defined(COMPAT_32BIT) && ${MK_USB} != "no"
+SUBDIR.${MK_OPENSSH}+= libcbor libfido2
.endif
SUBDIR.${MK_OPENSSL}+= libmp
SUBDIR.${MK_PF}+= libpfctl
diff --git a/lib/libfido2/Makefile b/lib/libfido2/Makefile
new file mode 100644
index 000000000000..edf737b9dafc
--- /dev/null
+++ b/lib/libfido2/Makefile
@@ -0,0 +1,73 @@
+PACKAGE=ssh
+LIB= fido2
+PRIVATELIB=
+DIST= ${SRCTOP}/contrib/libfido2
+
+.PATH: ${DIST}/src ${DIST}
+
+SRCS+= aes256.c
+SRCS+= assert.c
+SRCS+= authkey.c
+SRCS+= bio.c
+SRCS+= blob.c
+SRCS+= buf.c
+SRCS+= cbor.c
+SRCS+= compress.c
+SRCS+= config.c
+SRCS+= cred.c
+SRCS+= credman.c
+SRCS+= dev.c
+SRCS+= ecdh.c
+SRCS+= eddsa.c
+SRCS+= err.c
+SRCS+= es256.c
+SRCS+= hid_freebsd.c
+SRCS+= hid_unix.c
+SRCS+= hid.c
+SRCS+= info.c
+SRCS+= io.c
+SRCS+= iso7816.c
+SRCS+= largeblob.c
+SRCS+= log.c
+SRCS+= pin.c
+SRCS+= random.c
+SRCS+= reset.c
+SRCS+= rs256.c
+SRCS+= u2f.c
+
+SRCS+= openbsd-compat/freezero.c
+SRCS+= openbsd-compat/recallocarray.c
+
+CFLAGS+= -I ${DIST}/src -I${SRCTOP}/contrib/libcbor/src -I${.CURDIR}/../libcbor
+CFLAGS+= -D_FIDO_INTERNAL
+CFLAGS+= -DHAVE_ARC4RANDOM_BUF
+CFLAGS+= -DHAVE_CLOCK_GETTIME
+CFLAGS+= -DHAVE_DEV_URANDOM
+CFLAGS+= -DHAVE_ERR_H
+CFLAGS+= -DHAVE_EXPLICIT_BZERO
+CFLAGS+= -DHAVE_GETLINE
+CFLAGS+= -DHAVE_GETOPT
+CFLAGS+= -DHAVE_GETPAGESIZE
+CFLAGS+= -DHAVE_GETRANDOM
+CFLAGS+= -DHAVE_OPENSSLV_H
+CFLAGS+= -DHAVE_READPASSPHRASE
+CFLAGS+= -DHAVE_SIGNAL_H
+CFLAGS+= -DHAVE_STRLCAT
+CFLAGS+= -DHAVE_STRLCPY
+CFLAGS+= -DHAVE_STRSEP
+CFLAGS+= -DHAVE_SYSCONF
+CFLAGS+= -DHAVE_SYS_RANDOM_H
+CFLAGS+= -DHAVE_TIMESPECSUB
+CFLAGS+= -DHAVE_TIMINGSAFE_BCMP
+CFLAGS+= -DHAVE_UNISTD_H
+CFLAGS+= -DTLS=__thread
+CFLAGS+= -D_FIDO_MAJOR=1
+CFLAGS+= -D_FIDO_MINOR=9
+CFLAGS+= -D_FIDO_PATCH=0
+
+LIBADD= crypto z
+
+WARNS=2
+MAN=
+
+.include <bsd.lib.mk>
diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk
index ef21399af7b6..99d416556b54 100644
--- a/share/mk/src.libnames.mk
+++ b/share/mk/src.libnames.mk
@@ -20,6 +20,7 @@ _PRIVATELIBS= \
cbor \
devdctl \
event1 \
+ fido2 \
gmock \
gtest \
gmock_main \
@@ -349,6 +350,7 @@ _DP_pam= radius tacplus opie md util
_DP_pam+= krb5
.endif
.if ${MK_OPENSSH} != "no"
+_DP_fido2+= crypto z
_DP_pam+= ssh
.endif
.if ${MK_NIS} != "no"
@@ -707,6 +709,7 @@ LIBCAP_SYSCTLDIR= ${OBJTOP}/lib/libcasper/services/cap_sysctl
LIBCAP_SYSLOGDIR= ${OBJTOP}/lib/libcasper/services/cap_syslog
LIBCBORDIR= ${OBJTOP}/lib/libcbor
LIBBSDXMLDIR= ${OBJTOP}/lib/libexpat
+LIBFIDO2DIR= ${OBJTOP}/lib/libfido2
LIBKVMDIR= ${OBJTOP}/lib/libkvm
LIBPTHREADDIR= ${OBJTOP}/lib/libthr
LIBMDIR= ${OBJTOP}/lib/msun
diff --git a/tools/build/mk/OptionalObsoleteFiles.inc b/tools/build/mk/OptionalObsoleteFiles.inc
index 02b239f33a8e..972a58a330dc 100644
--- a/tools/build/mk/OptionalObsoleteFiles.inc
+++ b/tools/build/mk/OptionalObsoleteFiles.inc
@@ -7200,6 +7200,9 @@ OLD_FILES+=usr/bin/ssh-keyscan
OLD_FILES+=usr/lib/libprivatecbor.a
OLD_FILES+=usr/lib/libprivatecbor.so
OLD_LIBS+=usr/lib/libprivatecbor.so.5
+OLD_FILES+=/usr/lib/libprivatefido2.a
+OLD_FILES+=/usr/lib/libprivatefido2.so
+OLD_LIBS+=/usr/lib/libprivatefido2.so.5
OLD_FILES+=usr/lib/pam_ssh.so
OLD_LIBS+=usr/lib/pam_ssh.so.6
OLD_FILES+=usr/lib/libprivatessh.a