git: 128bace5102e - stable/14 - libfido2: update to 1.14.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 01 Aug 2024 16:07:20 UTC
The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=128bace5102e5871fc0a139bb0a3448a08ea3c13 commit 128bace5102e5871fc0a139bb0a3448a08ea3c13 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2024-05-04 16:51:08 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2024-08-01 15:11:45 +0000 libfido2: update to 1.14.0 Sponsored by: The FreeBSD Foundation (cherry picked from commit 60a517b66a69b8c011b04063ef63a938738719bd) --- contrib/libfido2/.actions/build-bsd | 97 +++++++++++ contrib/libfido2/.actions/build-linux-clang | 21 +++ contrib/libfido2/.actions/build-linux-gcc | 23 +++ .../.actions/build-linux-i686-w64-mingw32-gcc | 58 +++++++ .../libfido2/.actions/build-linux-openssl3-clang | 33 ++++ contrib/libfido2/.actions/build-linux-openssl3-gcc | 28 ++++ .../build-linux-openssl3-i686-w64-mingw32-gcc | 59 +++++++ contrib/libfido2/.actions/build-osx-clang | 19 +++ contrib/libfido2/.actions/fuzz-linux | 93 +++++++++++ contrib/libfido2/.actions/llvm.gpg | 52 ++++++ contrib/libfido2/.actions/setup_clang | 17 ++ contrib/libfido2/.gitattributes | 1 + .../libfido2/.github/ISSUE_TEMPLATE/bug_report.md | 80 ++++++++++ contrib/libfido2/.github/ISSUE_TEMPLATE/config.yml | 8 + .../libfido2/.github/workflows/alpine_builds.yml | 39 +++++ contrib/libfido2/.github/workflows/bsd_builds.yml | 32 ++++ contrib/libfido2/.github/workflows/cifuzz_oss.yml | 46 ++++++ .../libfido2/.github/workflows/codeql-analysis.yml | 42 +++++ .../libfido2/.github/workflows/cygwin_builds.yml | 30 ++++ .../libfido2/.github/workflows/linux_builds.yml | 57 +++++++ contrib/libfido2/.github/workflows/linux_fuzz.yml | 41 +++++ .../libfido2/.github/workflows/macos_builds.yml | 32 ++++ contrib/libfido2/.github/workflows/openssl3.yml | 51 ++++++ .../libfido2/.github/workflows/windows_builds.yml | 32 ++++ contrib/libfido2/.gitignore | 9 ++ contrib/libfido2/CMakeLists.txt | 4 +- contrib/libfido2/NEWS | 10 ++ contrib/libfido2/README.adoc | 2 +- contrib/libfido2/examples/README.adoc | 5 +- contrib/libfido2/examples/cred.c | 30 +++- contrib/libfido2/fuzz/Dockerfile | 2 +- contrib/libfido2/fuzz/Makefile | 2 +- contrib/libfido2/fuzz/export.gnu | 2 + contrib/libfido2/fuzz/functions.txt | 63 ++++---- contrib/libfido2/fuzz/fuzz_assert.c | 4 +- contrib/libfido2/fuzz/report.tgz | Bin 357005 -> 361946 bytes contrib/libfido2/fuzz/summary.txt | 18 +-- contrib/libfido2/man/CMakeLists.txt | 3 + contrib/libfido2/man/fido2-assert.1 | 13 +- contrib/libfido2/man/fido2-cred.1 | 13 +- contrib/libfido2/man/fido_assert_new.3 | 14 +- contrib/libfido2/man/fido_assert_set_authdata.3 | 59 ++++++- contrib/libfido2/regress/assert.c | 50 +++++- contrib/libfido2/regress/cred.c | 18 ++- contrib/libfido2/regress/eddsa.c | 2 +- contrib/libfido2/src/assert.c | 68 +++++++- contrib/libfido2/src/export.gnu | 3 + contrib/libfido2/src/export.llvm | 3 + contrib/libfido2/src/export.msvc | 3 + contrib/libfido2/src/fido.h | 4 + contrib/libfido2/src/fido/types.h | 2 + contrib/libfido2/src/webauthn.h | 177 +++++++++++++++++++-- contrib/libfido2/src/winhello.c | 63 +++++++- contrib/libfido2/tools/assert_get.c | 19 ++- contrib/libfido2/tools/cred_make.c | 20 ++- contrib/libfido2/tools/extern.h | 19 +-- contrib/libfido2/tools/fido2-assert.c | 4 +- contrib/libfido2/tools/fido2-cred.c | 4 +- contrib/libfido2/udev/70-u2f.rules | 32 +++- contrib/libfido2/udev/fidodevs | 16 +- contrib/libfido2/windows/build.ps1 | 1 + contrib/libfido2/windows/const.ps1 | 16 +- lib/libfido2/Makefile | 2 +- 63 files changed, 1646 insertions(+), 124 deletions(-) diff --git a/contrib/libfido2/.actions/build-bsd b/contrib/libfido2/.actions/build-bsd new file mode 100755 index 000000000000..66fc4e3ba281 --- /dev/null +++ b/contrib/libfido2/.actions/build-bsd @@ -0,0 +1,97 @@ +#!/bin/sh -eux + +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +BASE_URL="https://builds.sr.ht" +MANIFEST="$(mktemp)" +LOGFILE="$(mktemp)" +trap '[ -f "${LOGFILE}" ] && cat -- "${LOGFILE}"' EXIT + +# construct the sourcehut build manifest +cat > "${MANIFEST}" <<- EOF +image: ${IMAGE} +packages: + - cmake + - llvm + - pcsc-lite +EOF + +case "${IMAGE}" in + freebsd*) +cat >> "${MANIFEST}" <<- EOF + - libcbor + - pkgconf +EOF + ;; +esac + +cat >> "${MANIFEST}" <<- EOF +sources: + - ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}#$(git rev-parse HEAD) +tasks: + - build: | + if [ "\$(uname)" = "OpenBSD" ]; then + SUDO="doas -u root" + else + SUDO=sudo + fi + SCAN="/usr/local/bin/scan-build --use-cc=/usr/bin/cc --status-bugs" + cd libfido2 + for T in Debug Release; do + mkdir build-\$T + (cd build-\$T && \${SCAN} cmake -DCMAKE_BUILD_TYPE=\$T ..) + \${SCAN} make -j"\$(sysctl -n hw.ncpu)" -C build-\$T + make -C build-\$T regress + \${SUDO} make -C build-\$T install + done +EOF + +q() { + curl \ + --silent \ + --oauth2-bearer "${SOURCEHUT_TOKEN}" \ + --header "Content-Type: application/json" \ + --data @- -- \ + "${BASE_URL}/query" \ + | tee -a -- "${LOGFILE}" +} + +submit_job() { + local manifest="$1" + jq \ + --compact-output --null-input \ + '{ query: $body, variables: { var: $var } }' \ + --arg body 'mutation($var: String!) { submit(manifest: $var) { id } }' \ + --rawfile var "${manifest}" \ + | q \ + | jq --exit-status --raw-output '.data.submit.id' +} + +job_status() { + local id="$1" + jq \ + --compact-output --null-input \ + '{ query: $body, variables: { var: $var } }' \ + --arg body 'query($var: Int!) { job(id: $var) { status } }' \ + --argjson var "${id}" \ + | q \ + | jq --exit-status --raw-output '.data.job.status' +} + +JOB_ID="$(submit_job "${MANIFEST}")" || exit 1 +[ -z "${JOB_ID}" ] && exit 1 +echo "Job '${JOB_ID}' running at ${BASE_URL}/~yubico-libfido2/job/${JOB_ID}" + +while true; do + JOB_STATUS="$(job_status "${JOB_ID}")" || exit 1 + case "${JOB_STATUS}" in + SUCCESS) exit 0;; + FAILED) exit 1;; + PENDING|QUEUED|RUNNING) ;; + *) exit 1;; + esac + sleep 60 +done diff --git a/contrib/libfido2/.actions/build-linux-clang b/contrib/libfido2/.actions/build-linux-clang new file mode 100755 index 000000000000..ba20f1279ec9 --- /dev/null +++ b/contrib/libfido2/.actions/build-linux-clang @@ -0,0 +1,21 @@ +#!/bin/sh -eux + +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +${CC} --version +SCAN=scan-build${CC#clang} + +# Check exports. +(cd src && ./diff_exports.sh) + +# Build, analyze, and install libfido2. +for T in Debug Release; do + mkdir build-$T + (cd build-$T && ${SCAN} --use-cc="${CC}" cmake -DCMAKE_BUILD_TYPE=$T ..) + ${SCAN} --use-cc="${CC}" --status-bugs make -j"$(nproc)" -C build-$T + make -C build-$T regress + sudo make -C build-$T install +done diff --git a/contrib/libfido2/.actions/build-linux-gcc b/contrib/libfido2/.actions/build-linux-gcc new file mode 100755 index 000000000000..cd42b5eb7bed --- /dev/null +++ b/contrib/libfido2/.actions/build-linux-gcc @@ -0,0 +1,23 @@ +#!/bin/sh -eux + +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +${CC} --version + +# Build and install libfido2. +for T in Debug Release; do + mkdir build-$T + (cd build-$T && cmake -DCMAKE_BUILD_TYPE=$T ..) + make -j"$(nproc)" -C build-$T + make -C build-$T regress + sudo make -C build-$T install +done + +# Check udev/fidodevs. +[ -x "$(which update-alternatives)" ] && { + sudo update-alternatives --set awk "$(which original-awk)" +} +udev/check.sh udev/fidodevs diff --git a/contrib/libfido2/.actions/build-linux-i686-w64-mingw32-gcc b/contrib/libfido2/.actions/build-linux-i686-w64-mingw32-gcc new file mode 100755 index 000000000000..a89578da0886 --- /dev/null +++ b/contrib/libfido2/.actions/build-linux-i686-w64-mingw32-gcc @@ -0,0 +1,58 @@ +#!/bin/sh -eux + +# Copyright (c) 2022-2023 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +# XXX defining CC and cross-compiling confuses OpenSSL's build. +unset CC + +sudo mkdir /fakeroot +sudo chmod 755 /fakeroot + +cat << EOF > /tmp/mingw.cmake +SET(CMAKE_SYSTEM_NAME Windows) +SET(CMAKE_C_COMPILER i686-w64-mingw32-gcc) +SET(CMAKE_CXX_COMPILER i686-w64-mingw32-g++) +SET(CMAKE_RC_COMPILER i686-w64-mingw32-windres) +SET(CMAKE_FIND_ROOT_PATH /fakeroot) +SET(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) +SET(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) +SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) +EOF + +# Build and install libcbor. +git clone --depth=1 https://github.com/pjk/libcbor -b v0.10.1 +cd libcbor +mkdir build +(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \ + -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=/fakeroot ..) +make -j"$(nproc)" -C build +sudo make -C build install +cd .. + +# Build and install OpenSSL 1.1.1w. +git clone --depth=1 https://github.com/openssl/openssl -b OpenSSL_1_1_1w +cd openssl +./Configure mingw --prefix=/fakeroot --openssldir=/fakeroot/openssl \ + --cross-compile-prefix=i686-w64-mingw32- +make -j"$(nproc)" +sudo make install_sw +cd .. + +# Build and install zlib. +git clone --depth=1 https://github.com/madler/zlib -b v1.3 +cd zlib +make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- +sudo make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- DESTDIR=/fakeroot \ + INCLUDE_PATH=/include LIBRARY_PATH=/lib BINARY_PATH=/bin install +cd .. + +# Build and install libfido2. +export PKG_CONFIG_PATH=/fakeroot/lib/pkgconfig +mkdir build +(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \ + -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=/fakeroot ..) +make -j"$(nproc)" -C build +sudo make -C build install diff --git a/contrib/libfido2/.actions/build-linux-openssl3-clang b/contrib/libfido2/.actions/build-linux-openssl3-clang new file mode 100755 index 000000000000..2383e51ad8f5 --- /dev/null +++ b/contrib/libfido2/.actions/build-linux-openssl3-clang @@ -0,0 +1,33 @@ +#!/bin/sh -eux + +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +${CC} --version +SCAN=scan-build${CC#clang} +FAKEROOT="$(mktemp -d)" + +# Check exports. +(cd src && ./diff_exports.sh) + +# Build and install OpenSSL 3.0.12. +git clone --branch openssl-3.0.12 \ + --depth=1 https://github.com/openssl/openssl +cd openssl +./Configure linux-x86_64-clang --prefix="${FAKEROOT}" \ + --openssldir="${FAKEROOT}/openssl" --libdir=lib +make install_sw +cd .. + +# Build, analyze, and install libfido2. +for T in Debug Release; do + mkdir build-$T + export PKG_CONFIG_PATH="${FAKEROOT}/lib/pkgconfig" + (cd build-$T && ${SCAN} --use-cc="${CC}" \ + cmake -DCMAKE_BUILD_TYPE=$T ..) + ${SCAN} --use-cc="${CC}" --status-bugs make -C build-$T + make -C build-$T regress + sudo make -C build-$T install +done diff --git a/contrib/libfido2/.actions/build-linux-openssl3-gcc b/contrib/libfido2/.actions/build-linux-openssl3-gcc new file mode 100755 index 000000000000..344fc12bce8c --- /dev/null +++ b/contrib/libfido2/.actions/build-linux-openssl3-gcc @@ -0,0 +1,28 @@ +#!/bin/sh -eux + +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +${CC} --version +FAKEROOT="$(mktemp -d)" + +# Build and install OpenSSL 3.0.12. +git clone --branch openssl-3.0.12 \ + --depth=1 https://github.com/openssl/openssl +cd openssl +./Configure linux-x86_64 --prefix="${FAKEROOT}" \ + --openssldir="${FAKEROOT}/openssl" --libdir=lib +make install_sw +cd .. + +# Build and install libfido2. +for T in Debug Release; do + mkdir build-$T + export PKG_CONFIG_PATH="${FAKEROOT}/lib/pkgconfig" + (cd build-$T && cmake -DCMAKE_BUILD_TYPE=$T ..) + make -j"$(nproc)" -C build-$T + make -C build-$T regress + sudo make -C build-$T install +done diff --git a/contrib/libfido2/.actions/build-linux-openssl3-i686-w64-mingw32-gcc b/contrib/libfido2/.actions/build-linux-openssl3-i686-w64-mingw32-gcc new file mode 100755 index 000000000000..3bbb141dad0d --- /dev/null +++ b/contrib/libfido2/.actions/build-linux-openssl3-i686-w64-mingw32-gcc @@ -0,0 +1,59 @@ +#!/bin/sh -eux + +# Copyright (c) 2022-2023 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +# XXX defining CC and cross-compiling confuses OpenSSL's build. +unset CC + +sudo mkdir /fakeroot +sudo chmod 755 /fakeroot + +cat << EOF > /tmp/mingw.cmake +SET(CMAKE_SYSTEM_NAME Windows) +SET(CMAKE_C_COMPILER i686-w64-mingw32-gcc) +SET(CMAKE_CXX_COMPILER i686-w64-mingw32-g++) +SET(CMAKE_RC_COMPILER i686-w64-mingw32-windres) +SET(CMAKE_FIND_ROOT_PATH /fakeroot) +SET(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) +SET(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) +SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) +EOF + +# Build and install libcbor. +git clone --depth=1 https://github.com/pjk/libcbor -b v0.10.1 +cd libcbor +mkdir build +(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \ + -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=/fakeroot ..) +make -j"$(nproc)" -C build +sudo make -C build install +cd .. + +# Build and install OpenSSL 3.0.11. +git clone --branch openssl-3.0.12 \ + --depth=1 https://github.com/openssl/openssl +cd openssl +./Configure mingw --prefix=/fakeroot --openssldir=/fakeroot/openssl \ + --cross-compile-prefix=i686-w64-mingw32- --libdir=lib +make -j"$(nproc)" +sudo make install_sw +cd .. + +# Build and install zlib. +git clone --depth=1 https://github.com/madler/zlib -b v1.3 +cd zlib +make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- +sudo make -fwin32/Makefile.gcc PREFIX=i686-w64-mingw32- DESTDIR=/fakeroot \ + INCLUDE_PATH=/include LIBRARY_PATH=/lib BINARY_PATH=/bin install +cd .. + +# Build and install libfido2. +export PKG_CONFIG_PATH=/fakeroot/lib/pkgconfig +mkdir build +(cd build && cmake -DCMAKE_TOOLCHAIN_FILE=/tmp/mingw.cmake \ + -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=/fakeroot ..) +make -C build 2>&1 +sudo make -C build install diff --git a/contrib/libfido2/.actions/build-osx-clang b/contrib/libfido2/.actions/build-osx-clang new file mode 100755 index 000000000000..b4beea221315 --- /dev/null +++ b/contrib/libfido2/.actions/build-osx-clang @@ -0,0 +1,19 @@ +#!/bin/sh -eux + +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +export PKG_CONFIG_PATH="$(brew --prefix openssl@3.0)/lib/pkgconfig" +SCAN="$(brew --prefix llvm)/bin/scan-build" + +# Build, analyze, and install libfido2. +for T in Debug Release; do + mkdir build-$T + (cd build-$T && ${SCAN} cmake -DCMAKE_BUILD_TYPE=$T ..) + ${SCAN} --status-bugs make -j"$(sysctl -n hw.ncpu)" -C build-$T + make -C build-$T man_symlink_html + make -C build-$T regress + sudo make -C build-$T install +done diff --git a/contrib/libfido2/.actions/fuzz-linux b/contrib/libfido2/.actions/fuzz-linux new file mode 100755 index 000000000000..3f57ac40ff4b --- /dev/null +++ b/contrib/libfido2/.actions/fuzz-linux @@ -0,0 +1,93 @@ +#!/bin/sh -eux + +# Copyright (c) 2020-2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +LIBCBOR_URL="https://github.com/pjk/libcbor" +LIBCBOR_TAG="v0.10.2" +LIBCBOR_ASAN="address alignment bounds" +LIBCBOR_MSAN="memory" +OPENSSL_URL="https://github.com/openssl/openssl" +OPENSSL_TAG="openssl-3.0.12" +ZLIB_URL="https://github.com/madler/zlib" +ZLIB_TAG="v1.3" +ZLIB_ASAN="address alignment bounds undefined" +ZLIB_MSAN="memory" +FIDO2_ASAN="address bounds fuzzer-no-link implicit-conversion leak" +FIDO2_ASAN="${FIDO2_ASAN} pointer-compare pointer-subtract undefined" +FIDO2_MSAN="fuzzer-no-link memory" +COMMON_CFLAGS="-g2 -fno-omit-frame-pointer" +COMMON_CFLAGS="${COMMON_CFLAGS} -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" +UBSAN_OPTIONS="halt_on_error=1:print_stacktrace=1:strict_string_checks=1" +ASAN_OPTIONS="${UBSAN_OPTIONS}:detect_invalid_pointer_pairs=2:detect_leaks=1" +MSAN_OPTIONS="${UBSAN_OPTIONS}" + +case "$1" in +asan) + LIBCBOR_CFLAGS="-fsanitize=$(echo "${LIBCBOR_ASAN}" | tr ' ' ',')" + ZLIB_CFLAGS="-fsanitize=$(echo "${ZLIB_ASAN}" | tr ' ' ',')" + FIDO2_CFLAGS="-fsanitize=$(echo "${FIDO2_ASAN}" | tr ' ' ',')" + FIDO2_CFLAGS="${FIDO2_CFLAGS} -fsanitize-address-use-after-scope" + ;; +msan) + LIBCBOR_CFLAGS="-fsanitize=$(echo "${LIBCBOR_MSAN}" | tr ' ' ',')" + ZLIB_CFLAGS="-fsanitize=$(echo "${ZLIB_MSAN}" | tr ' ' ',')" + FIDO2_CFLAGS="-fsanitize=$(echo "${FIDO2_MSAN}" | tr ' ' ',')" + FIDO2_CFLAGS="${FIDO2_CFLAGS} -fsanitize-memory-track-origins" + ;; +*) + echo "unknown sanitiser \"$1\"" 1>&2 && exit 1 +esac + +${CC} --version +WORKDIR="${WORKDIR:-$(pwd)}" +FAKEROOT="${FAKEROOT:-$(mktemp -d)}" +cd "${FAKEROOT}" + +# libcbor +git clone --depth=1 "${LIBCBOR_URL}" -b "${LIBCBOR_TAG}" +cd libcbor +patch -p0 -s < "${WORKDIR}/fuzz/README" +mkdir build +(cd build && cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_BUILD_TYPE=Debug \ + -DCMAKE_C_FLAGS_DEBUG="${LIBCBOR_CFLAGS} ${COMMON_CFLAGS}" \ + -DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_INSTALL_PREFIX="${FAKEROOT}" \ + -DSANITIZE=OFF ..) +make VERBOSE=1 -j"$(nproc)" -C build all install +cd - + +# openssl +git clone --depth=1 "${OPENSSL_URL}" -b "${OPENSSL_TAG}" +cd openssl +./Configure linux-x86_64-clang "enable-$1" --prefix="${FAKEROOT}" \ + --openssldir="${FAKEROOT}/openssl" --libdir=lib +make install_sw +cd - + +# zlib +git clone --depth=1 "${ZLIB_URL}" -b "${ZLIB_TAG}" +cd zlib +CFLAGS="${ZLIB_CFLAGS}" LDFLAGS="${ZLIB_CFLAGS}" ./configure \ + --prefix="${FAKEROOT}" +make install +cd - + +# libfido2 +mkdir build +export PKG_CONFIG_PATH="${FAKEROOT}/lib/pkgconfig" +(cd build && cmake -DCMAKE_BUILD_TYPE=Debug \ + -DCMAKE_C_FLAGS_DEBUG="${FIDO2_CFLAGS} ${COMMON_CFLAGS}" -DFUZZ=ON \ + -DFUZZ_LDFLAGS="-fsanitize=fuzzer" "${WORKDIR}") +make -j"$(nproc)" -C build + +# fuzz +mkdir corpus +curl -s https://storage.googleapis.com/yubico-libfido2/corpus.tgz | + tar -C corpus -zxf - +export UBSAN_OPTIONS ASAN_OPTIONS MSAN_OPTIONS +for f in assert bio cred credman hid largeblob mgmt netlink pcsc; do + build/fuzz/fuzz_${f} -use_value_profile=1 -reload=30 -print_pcs=1 \ + -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_${f} +done diff --git a/contrib/libfido2/.actions/llvm.gpg b/contrib/libfido2/.actions/llvm.gpg new file mode 100644 index 000000000000..aa6b105aa3d7 --- /dev/null +++ b/contrib/libfido2/.actions/llvm.gpg @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQINBFE9lCwBEADi0WUAApM/mgHJRU8lVkkw0CHsZNpqaQDNaHefD6Rw3S4LxNmM +EZaOTkhP200XZM8lVdbfUW9xSjA3oPldc1HG26NjbqqCmWpdo2fb+r7VmU2dq3NM +R18ZlKixiLDE6OUfaXWKamZsXb6ITTYmgTO6orQWYrnW6ckYHSeaAkW0wkDAryl2 +B5v8aoFnQ1rFiVEMo4NGzw4UX+MelF7rxaaregmKVTPiqCOSPJ1McC1dHFN533FY +Wh/RVLKWo6npu+owtwYFQW+zyQhKzSIMvNujFRzhIxzxR9Gn87MoLAyfgKEzrbbT +DhqqNXTxS4UMUKCQaO93TzetX/EBrRpJj+vP640yio80h4Dr5pAd7+LnKwgpTDk1 +G88bBXJAcPZnTSKu9I2c6KY4iRNbvRz4i+ZdwwZtdW4nSdl2792L7Sl7Nc44uLL/ +ZqkKDXEBF6lsX5XpABwyK89S/SbHOytXv9o4puv+65Ac5/UShspQTMSKGZgvDauU +cs8kE1U9dPOqVNCYq9Nfwinkf6RxV1k1+gwtclxQuY7UpKXP0hNAXjAiA5KS5Crq +7aaJg9q2F4bub0mNU6n7UI6vXguF2n4SEtzPRk6RP+4TiT3bZUsmr+1ktogyOJCc +Ha8G5VdL+NBIYQthOcieYCBnTeIH7D3Sp6FYQTYtVbKFzmMK+36ERreL/wARAQAB +tD1TeWx2ZXN0cmUgTGVkcnUgLSBEZWJpYW4gTExWTSBwYWNrYWdlcyA8c3lsdmVz +dHJlQGRlYmlhbi5vcmc+iQI4BBMBAgAiBQJRPZQsAhsDBgsJCAcDAgYVCAIJCgsE +FgIDAQIeAQIXgAAKCRAVz00Yr090Ibx+EADArS/hvkDF8juWMXxh17CgR0WZlHCC +9CTBWkg5a0bNN/3bb97cPQt/vIKWjQtkQpav6/5JTVCSx2riL4FHYhH0iuo4iAPR +udC7Cvg8g7bSPrKO6tenQZNvQm+tUmBHgFiMBJi92AjZ/Qn1Shg7p9ITivFxpLyX +wpmnF1OKyI2Kof2rm4BFwfSWuf8Fvh7kDMRLHv+MlnK/7j/BNpKdozXxLcwoFBmn +l0WjpAH3OFF7Pvm1LJdf1DjWKH0Dc3sc6zxtmBR/KHHg6kK4BGQNnFKujcP7TVdv +gMYv84kun14pnwjZcqOtN3UJtcx22880DOQzinoMs3Q4w4o05oIF+sSgHViFpc3W +R0v+RllnH05vKZo+LDzc83DQVrdwliV12eHxrMQ8UYg88zCbF/cHHnlzZWAJgftg +hB08v1BKPgYRUzwJ6VdVqXYcZWEaUJmQAPuAALyZESw94hSo28FAn0/gzEc5uOYx +K+xG/lFwgAGYNb3uGM5m0P6LVTfdg6vDwwOeTNIExVk3KVFXeSQef2ZMkhwA7wya +KJptkb62wBHFE+o9TUdtMCY6qONxMMdwioRE5BYNwAsS1PnRD2+jtlI0DzvKHt7B +MWd8hnoUKhMeZ9TNmo+8CpsAtXZcBho0zPGz/R8NlJhAWpdAZ1CmcPo83EW86Yq7 +BxQUKnNHcwj2ebkCDQRRPZQsARAA4jxYmbTHwmMjqSizlMJYNuGOpIidEdx9zQ5g +zOr431/VfWq4S+VhMDhs15j9lyml0y4ok215VRFwrAREDg6UPMr7ajLmBQGau0Fc +bvZJ90l4NjXp5p0NEE/qOb9UEHT7EGkEhaZ1ekkWFTWCgsy7rRXfZLxB6sk7pzLC +DshyW3zjIakWAnpQ5j5obiDy708pReAuGB94NSyb1HoW/xGsGgvvCw4r0w3xPStw +F1PhmScE6NTBIfLliea3pl8vhKPlCh54Hk7I8QGjo1ETlRP4Qll1ZxHJ8u25f/ta +RES2Aw8Hi7j0EVcZ6MT9JWTI83yUcnUlZPZS2HyeWcUj+8nUC8W4N8An+aNps9l/ +21inIl2TbGo3Yn1JQLnA1YCoGwC34g8QZTJhElEQBN0X29ayWW6OdFx8MDvllbBV +ymmKq2lK1U55mQTfDli7S3vfGz9Gp/oQwZ8bQpOeUkc5hbZszYwP4RX+68xDPfn+ +M9udl+qW9wu+LyePbW6HX90LmkhNkkY2ZzUPRPDHZANU5btaPXc2H7edX4y4maQa +xenqD0lGh9LGz/mps4HEZtCI5CY8o0uCMF3lT0XfXhuLksr7Pxv57yue8LLTItOJ +d9Hmzp9G97SRYYeqU+8lyNXtU2PdrLLq7QHkzrsloG78lCpQcalHGACJzrlUWVP/ +fN3Ht3kAEQEAAYkCHwQYAQIACQUCUT2ULAIbDAAKCRAVz00Yr090IbhWEADbr50X +OEXMIMGRLe+YMjeMX9NG4jxs0jZaWHc/WrGR+CCSUb9r6aPXeLo+45949uEfdSsB +pbaEdNWxF5Vr1CSjuO5siIlgDjmT655voXo67xVpEN4HhMrxugDJfCa6z97P0+ML +PdDxim57uNqkam9XIq9hKQaurxMAECDPmlEXI4QT3eu5qw5/knMzDMZj4Vi6hovL +wvvAeLHO/jsyfIdNmhBGU2RWCEZ9uo/MeerPHtRPfg74g+9PPfP6nyHD2Wes6yGd +oVQwtPNAQD6Cj7EaA2xdZYLJ7/jW6yiPu98FFWP74FN2dlyEA2uVziLsfBrgpS4l +tVOlrO2YzkkqUGrybzbLpj6eeHx+Cd7wcjI8CalsqtL6cG8cUEjtWQUHyTbQWAgG +5VPEgIAVhJ6RTZ26i/G+4J8neKyRs4vz+57UGwY6zI4AB1ZcWGEE3Bf+CDEDgmnP +LSwbnHefK9IljT9XU98PelSryUO/5UPw7leE0akXKB4DtekToO226px1VnGp3Bov +1GBGvpHvL2WizEwdk+nfk8LtrLzej+9FtIcq3uIrYnsac47Pf7p0otcFeTJTjSq3 +krCaoG4Hx0zGQG2ZFpHrSrZTVy6lxvIdfi0beMgY6h78p6M9eYZHQHc02DjFkQXN +bXb5c6gCHESH5PXwPU4jQEE7Ib9J6sbk7ZT2Mw== +=j+4q +-----END PGP PUBLIC KEY BLOCK----- diff --git a/contrib/libfido2/.actions/setup_clang b/contrib/libfido2/.actions/setup_clang new file mode 100755 index 000000000000..be06709c88b6 --- /dev/null +++ b/contrib/libfido2/.actions/setup_clang @@ -0,0 +1,17 @@ +#!/bin/sh -eu + +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +CC="$1" +APT="http://apt.llvm.org" +CODENAME="$(lsb_release -cs)" +VERSION="${CC#*-}" +apt-get install -q -y software-properties-common +apt-key add ./.actions/llvm.gpg +add-apt-repository \ + "deb ${APT}/${CODENAME}/ llvm-toolchain-${CODENAME}-${VERSION} main" +apt-get update -q +apt-get install -q -y "${CC}" "clang-tools-${VERSION}" diff --git a/contrib/libfido2/.gitattributes b/contrib/libfido2/.gitattributes new file mode 100644 index 000000000000..998f601da4d0 --- /dev/null +++ b/contrib/libfido2/.gitattributes @@ -0,0 +1 @@ +.* export-ignore diff --git a/contrib/libfido2/.github/ISSUE_TEMPLATE/bug_report.md b/contrib/libfido2/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000000..6e88c1ff8006 --- /dev/null +++ b/contrib/libfido2/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,80 @@ +--- +name: Bug report +labels: 'bug report' +about: Report a bug in libfido2 + +--- + +<!-- + +Please use the questions below as a template, and review your answers +for potentially sensitive information. + +Thank you! + +--> + +**What version of libfido2 are you using?** + +**What operating system are you running?** + +**What application are you using in conjunction with libfido2?** + +**How does the problem manifest itself?** + +**Is the problem reproducible?** + +**What are the steps that lead to the problem?** + +**Does the problem happen with different authenticators?** + +<!-- + +fido2-token is provided by the fido2-tools package on Debian and Ubuntu, +and shipped with libfido2 in macOS (Homebrew), Arch Linux, and Windows. + +--> + +**Please include the output of `fido2-token -L`.** + +<details> +<summary><code>fido2-token -L</code></summary> +<br> +<pre> +$ fido2-token -L + +</pre> +</details> + +**Please include the output of `fido2-token -I`.** + +<details> +<summary><code>fido2-token -I</code></summary> +<br> +<pre> +$ fido2-token -I <device> + +</pre> +</details> + +<!-- + +You are strongly encouraged to only capture debug output using test +credentials. Failure to do so can disclose sensitive information. + +--> + +**Please include the output of `FIDO_DEBUG=1`.** + +<details> +<summary><code>FIDO_DEBUG=1</code></summary> +<br> +<pre> +$ export FIDO_DEBUG=1 +$ <command1> +$ <command2> +(...) +$ <commandn> + +</pre> +</details> diff --git a/contrib/libfido2/.github/ISSUE_TEMPLATE/config.yml b/contrib/libfido2/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000000..3ecb227ffeb0 --- /dev/null +++ b/contrib/libfido2/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,8 @@ +blank_issues_enabled: false +contact_links: + - name: Feature Request + url: https://github.com/Yubico/libfido2/discussions/new + about: Share ideas for new features + - name: Ask a question about libfido2 + url: https://github.com/Yubico/libfido2/discussions/new + about: Ask the community for help diff --git a/contrib/libfido2/.github/workflows/alpine_builds.yml b/contrib/libfido2/.github/workflows/alpine_builds.yml new file mode 100644 index 000000000000..c6d826f39835 --- /dev/null +++ b/contrib/libfido2/.github/workflows/alpine_builds.yml @@ -0,0 +1,39 @@ +# Copyright (c) 2022-2023 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: alpine + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + build: + runs-on: ubuntu-20.04 + container: alpine:latest + strategy: + fail-fast: false + matrix: + cc: [ gcc, clang ] + steps: + - name: dependencies + run: | + apk -q update + apk add build-base clang clang-analyzer cmake coreutils eudev-dev + apk add git linux-headers openssl-dev sudo zlib-dev pcsc-lite-dev \ + libcbor-dev + - name: fix permissions on workdir + run: chown root:wheel "${GITHUB_WORKSPACE}" + - name: checkout libfido2 + uses: actions/checkout@v4 + - name: build libfido2 + env: + CC: ${{ matrix.cc }} + run: ./.actions/build-linux-${CC} diff --git a/contrib/libfido2/.github/workflows/bsd_builds.yml b/contrib/libfido2/.github/workflows/bsd_builds.yml new file mode 100644 index 000000000000..366ea2141aca --- /dev/null +++ b/contrib/libfido2/.github/workflows/bsd_builds.yml @@ -0,0 +1,32 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: bsd + +on: + push: + branches: + - main + - '*-ci' + +jobs: + build: + if: github.repository == 'Yubico/libfido2' + runs-on: ubuntu-22.04 + strategy: + fail-fast: false + matrix: + image: [freebsd/13.x, openbsd/7.2] + steps: + - uses: actions/checkout@v4 + - name: dependencies + run: | + sudo apt -q update + sudo apt install -q -y curl jq + - name: build + env: + IMAGE: ${{ matrix.image }} + SOURCEHUT_TOKEN: ${{ secrets.SOURCEHUT_TOKEN }} + run: ./.actions/build-bsd diff --git a/contrib/libfido2/.github/workflows/cifuzz_oss.yml b/contrib/libfido2/.github/workflows/cifuzz_oss.yml new file mode 100644 index 000000000000..556d5ad36f7c --- /dev/null +++ b/contrib/libfido2/.github/workflows/cifuzz_oss.yml @@ -0,0 +1,46 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: cifuzz + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + fuzzing: + if: github.repository == 'Yubico/libfido2' + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: + sanitizer: [address, undefined, memory] + steps: + - name: build fuzzers (${{ matrix.sanitizer }}) + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'libfido2' + language: c + sanitizer: ${{ matrix.sanitizer }} + dry-run: false + - name: run fuzzers (${{ matrix.sanitizer }}) + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'libfido2' + language: c + sanitizer: ${{ matrix.sanitizer }} + fuzz-seconds: 600 + dry-run: false + - name: upload crash + uses: actions/upload-artifact@v3 + if: failure() + with: + name: ${{ matrix.sanitizer }}-artifacts + path: ./out/artifacts diff --git a/contrib/libfido2/.github/workflows/codeql-analysis.yml b/contrib/libfido2/.github/workflows/codeql-analysis.yml new file mode 100644 index 000000000000..a3a8d54d2daa --- /dev/null +++ b/contrib/libfido2/.github/workflows/codeql-analysis.yml @@ -0,0 +1,42 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: "codeql" + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + schedule: + - cron: '0 0 * * 0' + +permissions: + security-events: write + +jobs: + codeql-build: + if: github.repository == 'Yubico/libfido2' + runs-on: ubuntu-22.04 + steps: + - name: checkout + uses: actions/checkout@v4 + with: + fetch-depth: 2 + - name: init codeql + uses: github/codeql-action/init@v2 + - name: build + env: + CC: gcc + run: | + sudo apt -q update + sudo apt install -q -y libcbor-dev libudev-dev libz-dev original-awk \ + libpcsclite-dev + ./.actions/build-linux-gcc + - name: perform codeql analysis + uses: github/codeql-action/analyze@v2 diff --git a/contrib/libfido2/.github/workflows/cygwin_builds.yml b/contrib/libfido2/.github/workflows/cygwin_builds.yml new file mode 100644 index 000000000000..d8146c54904e --- /dev/null +++ b/contrib/libfido2/.github/workflows/cygwin_builds.yml @@ -0,0 +1,30 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: cygwin + +on: + pull_request: + branches: + - main + push: + branches: + - main + - '*-ci' + +jobs: + build: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ windows-2022 ] + arch: [ x64 ] + config: [ "Debug", "Release" ] + steps: + - uses: actions/checkout@v4 + - name: build + run: | + .\windows\cygwin.ps1 -Config ${{ matrix.config }} diff --git a/contrib/libfido2/.github/workflows/linux_builds.yml b/contrib/libfido2/.github/workflows/linux_builds.yml new file mode 100644 index 000000000000..ec911cb92d92 --- /dev/null +++ b/contrib/libfido2/.github/workflows/linux_builds.yml @@ -0,0 +1,57 @@ +# Copyright (c) 2022 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. +# SPDX-License-Identifier: BSD-2-Clause + +name: linux + +on: *** 2233 LINES SKIPPED ***