git: c437ff145cbe - stable/13 - Add libfido2 to the build
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 09 Feb 2022 23:58:18 UTC
The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=c437ff145cbe5a6173f49472fe5f1ae4c686f121 commit c437ff145cbe5a6173f49472fe5f1ae4c686f121 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2021-10-07 01:52:05 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2022-02-09 21:24:54 +0000 Add libfido2 to the build From https://github.com/Yubico/libfido2: libfido2 provides library functionality and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures. libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols. libfido2 will be used by ssh to support FIDO/U2F keys. It is currently intended only for use by ssh, and so is installed as a PRIVATELIB and is placed in the ssh pkgbase package. This is currently disabled for the 32-bit library build as libfido2 is not compatible with the COMPAT_32BIT hack in usb_ioctl.h. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32448 (cherry picked from commit 7b1e19ad78c6a3f84f81cb1a16a39500f0337062) (cherry picked from commit 93942379cced89ad4ac653f262ac8277a8550853) --- lib/Makefile | 4 +- lib/libfido2/Makefile | 73 ++++++++++++++++++++++++++++++++ share/mk/src.libnames.mk | 3 ++ tools/build/mk/OptionalObsoleteFiles.inc | 3 ++ 4 files changed, 81 insertions(+), 2 deletions(-) diff --git a/lib/Makefile b/lib/Makefile index 8b1365e3e59e..5e740edc78a5 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -211,8 +211,8 @@ SUBDIR.${MK_BHYVE}+= libvmmapi .if ${MACHINE_ARCH} != "powerpc" SUBDIR.${MK_OPENMP}+= libomp .endif -.if !defined(COMPAT_32BIT) -SUBDIR.${MK_OPENSSH}+= libcbor +.if !defined(COMPAT_32BIT) && ${MK_USB} != "no" +SUBDIR.${MK_OPENSSH}+= libcbor libfido2 .endif SUBDIR.${MK_OPENSSL}+= libmp SUBDIR.${MK_PF}+= libpfctl diff --git a/lib/libfido2/Makefile b/lib/libfido2/Makefile new file mode 100644 index 000000000000..edf737b9dafc --- /dev/null +++ b/lib/libfido2/Makefile @@ -0,0 +1,73 @@ +PACKAGE=ssh +LIB= fido2 +PRIVATELIB= +DIST= ${SRCTOP}/contrib/libfido2 + +.PATH: ${DIST}/src ${DIST} + +SRCS+= aes256.c +SRCS+= assert.c +SRCS+= authkey.c +SRCS+= bio.c +SRCS+= blob.c +SRCS+= buf.c +SRCS+= cbor.c +SRCS+= compress.c +SRCS+= config.c +SRCS+= cred.c +SRCS+= credman.c +SRCS+= dev.c +SRCS+= ecdh.c +SRCS+= eddsa.c +SRCS+= err.c +SRCS+= es256.c +SRCS+= hid_freebsd.c +SRCS+= hid_unix.c +SRCS+= hid.c +SRCS+= info.c +SRCS+= io.c +SRCS+= iso7816.c +SRCS+= largeblob.c +SRCS+= log.c +SRCS+= pin.c +SRCS+= random.c +SRCS+= reset.c +SRCS+= rs256.c +SRCS+= u2f.c + +SRCS+= openbsd-compat/freezero.c +SRCS+= openbsd-compat/recallocarray.c + +CFLAGS+= -I ${DIST}/src -I${SRCTOP}/contrib/libcbor/src -I${.CURDIR}/../libcbor +CFLAGS+= -D_FIDO_INTERNAL +CFLAGS+= -DHAVE_ARC4RANDOM_BUF +CFLAGS+= -DHAVE_CLOCK_GETTIME +CFLAGS+= -DHAVE_DEV_URANDOM +CFLAGS+= -DHAVE_ERR_H +CFLAGS+= -DHAVE_EXPLICIT_BZERO +CFLAGS+= -DHAVE_GETLINE +CFLAGS+= -DHAVE_GETOPT +CFLAGS+= -DHAVE_GETPAGESIZE +CFLAGS+= -DHAVE_GETRANDOM +CFLAGS+= -DHAVE_OPENSSLV_H +CFLAGS+= -DHAVE_READPASSPHRASE +CFLAGS+= -DHAVE_SIGNAL_H +CFLAGS+= -DHAVE_STRLCAT +CFLAGS+= -DHAVE_STRLCPY +CFLAGS+= -DHAVE_STRSEP +CFLAGS+= -DHAVE_SYSCONF +CFLAGS+= -DHAVE_SYS_RANDOM_H +CFLAGS+= -DHAVE_TIMESPECSUB +CFLAGS+= -DHAVE_TIMINGSAFE_BCMP +CFLAGS+= -DHAVE_UNISTD_H +CFLAGS+= -DTLS=__thread +CFLAGS+= -D_FIDO_MAJOR=1 +CFLAGS+= -D_FIDO_MINOR=9 +CFLAGS+= -D_FIDO_PATCH=0 + +LIBADD= crypto z + +WARNS=2 +MAN= + +.include <bsd.lib.mk> diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk index ef21399af7b6..99d416556b54 100644 --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -20,6 +20,7 @@ _PRIVATELIBS= \ cbor \ devdctl \ event1 \ + fido2 \ gmock \ gtest \ gmock_main \ @@ -349,6 +350,7 @@ _DP_pam= radius tacplus opie md util _DP_pam+= krb5 .endif .if ${MK_OPENSSH} != "no" +_DP_fido2+= crypto z _DP_pam+= ssh .endif .if ${MK_NIS} != "no" @@ -707,6 +709,7 @@ LIBCAP_SYSCTLDIR= ${OBJTOP}/lib/libcasper/services/cap_sysctl LIBCAP_SYSLOGDIR= ${OBJTOP}/lib/libcasper/services/cap_syslog LIBCBORDIR= ${OBJTOP}/lib/libcbor LIBBSDXMLDIR= ${OBJTOP}/lib/libexpat +LIBFIDO2DIR= ${OBJTOP}/lib/libfido2 LIBKVMDIR= ${OBJTOP}/lib/libkvm LIBPTHREADDIR= ${OBJTOP}/lib/libthr LIBMDIR= ${OBJTOP}/lib/msun diff --git a/tools/build/mk/OptionalObsoleteFiles.inc b/tools/build/mk/OptionalObsoleteFiles.inc index 02b239f33a8e..972a58a330dc 100644 --- a/tools/build/mk/OptionalObsoleteFiles.inc +++ b/tools/build/mk/OptionalObsoleteFiles.inc @@ -7200,6 +7200,9 @@ OLD_FILES+=usr/bin/ssh-keyscan OLD_FILES+=usr/lib/libprivatecbor.a OLD_FILES+=usr/lib/libprivatecbor.so OLD_LIBS+=usr/lib/libprivatecbor.so.5 +OLD_FILES+=/usr/lib/libprivatefido2.a +OLD_FILES+=/usr/lib/libprivatefido2.so +OLD_LIBS+=/usr/lib/libprivatefido2.so.5 OLD_FILES+=usr/lib/pam_ssh.so OLD_LIBS+=usr/lib/pam_ssh.so.6 OLD_FILES+=usr/lib/libprivatessh.a