Created attachment 244678 [details] Patch to stable/14 for teaching libfido2 to enumeration hidraw(4) dev nodes contrib/libfido2 in base (impacts -CURRENT + stable/14) is currently 1.10 and does not support the hidraw(4) device enumeration properly, just the legacy uhid(4) in the current tree. Request update to latest libfido2 release (as of writing seems to be 1.13), and eventual MFC to stable/14 at least. My failcase is enabling hidraw devices via /boot/loader.conf, then attempting to use base OpenSSH with the built-in SK provider to talk to a FIDO key (e.g. Yubikey). This will fail by default as this version of libfido2 does not know to look for the /dev/hidrawXX entries, just /dev/uhidYY device nodes. Cherry picking just hid_freebsd.c with required changes from upstream will also fix the issue, but probably best to get the full release. https://raw.githubusercontent.com/Yubico/libfido2/f1a74c8f2792e269a0c47f156e13e6ddb457b1d3/src/hid_freebsd.c From what I can tell, the contrib/libfido2 module installs as libprivatefido2.a/libprivatefido2.so which means that users are unable to workaround this limitation by just installing libfido2 from ports. I'm glad to assist in testing this as either a patch, or in -CURRENT/stable tree.
For those that find this issue in the future, or are impacted by a different codebase there is a temporary workaround that I found to pass in an explicit device to the necessary ssh command using the `-O device=/dev/hidrawXX` syntax. e.g.: ssh-keygen -v -K -O device=/dev/hidraw3 Using the -v (verbose) flag give much better error messages. There are also instructions for enabling Yubikey hidraw(4) support in the port security/py-yubikey-manager `pkg-message` file for reference.
libfido2 1.13 is imported in a vendor branch already, but still needs to be merged to main (and MFC'd). It should be pretty straightforward and I expect to do it soon.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=1843dfb05ed80149f5a412180af882e3cb8f451b commit 1843dfb05ed80149f5a412180af882e3cb8f451b Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-09-19 16:50:13 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-09-19 16:53:47 +0000 libfido2: backport hidraw(4) support PR: 273596 Submitted by: David Horn Obtained from: libfido2 2c9dfaae2a56, 930160388700 contrib/libfido2/src/hid_freebsd.c | 97 ++++++++++++++++++++++++++++++++++---- 1 file changed, 87 insertions(+), 10 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=2ccfa855b2fc331819953e3de1b1c15ce5b95a7e commit 2ccfa855b2fc331819953e3de1b1c15ce5b95a7e Merge: 1843dfb05ed8 00db45a65823 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-09-19 17:06:12 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-09-19 17:06:12 +0000 libfido2: update to 1.13.0 Some highlights from NEWS entries: ** Improved OpenSSL 3.0 compatibility. ** Support for hidraw(4) on FreeBSD; gh#597. ** Improved support for FIDO 2.1 authenticators. PR: 273596 Relnotes: Yes Sponsored by: The FreeBSD Foundation contrib/libfido2/CMakeLists.txt | 142 ++++++-- contrib/libfido2/LICENSE | 4 +- contrib/libfido2/NEWS | 41 +++ contrib/libfido2/README.adoc | 114 ++++-- contrib/libfido2/examples/CMakeLists.txt | 12 +- contrib/libfido2/examples/README.adoc | 17 +- contrib/libfido2/examples/assert.c | 33 +- contrib/libfido2/examples/cred.c | 29 +- contrib/libfido2/examples/extern.h | 8 +- contrib/libfido2/examples/info.c | 101 +++++- contrib/libfido2/examples/manifest.c | 1 + contrib/libfido2/examples/reset.c | 1 + contrib/libfido2/examples/retries.c | 3 +- contrib/libfido2/examples/select.c | 5 +- contrib/libfido2/examples/setpin.c | 3 +- contrib/libfido2/examples/util.c | 65 +++- contrib/libfido2/fuzz/CMakeLists.txt | 55 ++- contrib/libfido2/fuzz/Dockerfile | 22 +- contrib/libfido2/fuzz/Makefile | 35 +- contrib/libfido2/fuzz/README | 22 +- contrib/libfido2/fuzz/build-coverage | 7 +- contrib/libfido2/fuzz/clock.c | 1 + contrib/libfido2/fuzz/dummy.h | 5 +- contrib/libfido2/fuzz/export.gnu | 32 +- contrib/libfido2/fuzz/functions.txt | 404 ++++++++++++--------- contrib/libfido2/fuzz/fuzz_assert.c | 43 ++- contrib/libfido2/fuzz/fuzz_bio.c | 5 +- contrib/libfido2/fuzz/fuzz_cred.c | 10 +- contrib/libfido2/fuzz/fuzz_credman.c | 5 +- contrib/libfido2/fuzz/fuzz_hid.c | 5 +- contrib/libfido2/fuzz/fuzz_largeblob.c | 5 +- contrib/libfido2/fuzz/fuzz_mgmt.c | 34 +- contrib/libfido2/fuzz/fuzz_netlink.c | 5 +- contrib/libfido2/fuzz/fuzz_pcsc.c (new) | 269 ++++++++++++++ contrib/libfido2/fuzz/libfuzzer.c | 61 +++- contrib/libfido2/fuzz/mutator_aux.c | 21 +- contrib/libfido2/fuzz/mutator_aux.h | 22 +- contrib/libfido2/fuzz/pcsc.c (new) | 153 ++++++++ contrib/libfido2/fuzz/preload-fuzz.c | 1 + contrib/libfido2/fuzz/preload-snoop.c | 1 + contrib/libfido2/fuzz/report.tgz | Bin 323706 -> 357005 bytes contrib/libfido2/fuzz/summary.txt | 77 ++-- contrib/libfido2/fuzz/udev.c | 3 +- contrib/libfido2/fuzz/wiredata_fido2.h | 77 +++- contrib/libfido2/fuzz/wiredata_u2f.h | 1 + contrib/libfido2/fuzz/wrap.c | 67 +++- contrib/libfido2/fuzz/wrapped.sym | 10 + contrib/libfido2/man/CMakeLists.txt | 53 ++- contrib/libfido2/man/check.sh | 1 + contrib/libfido2/man/eddsa_pk_new.3 | 32 +- contrib/libfido2/man/es256_pk_new.3 | 32 +- contrib/libfido2/man/es384_pk_new.3 (new) | 164 +++++++++ contrib/libfido2/man/fido2-assert.1 | 27 +- contrib/libfido2/man/fido2-cred.1 | 27 +- contrib/libfido2/man/fido2-token.1 | 51 ++- contrib/libfido2/man/fido_assert_allow_cred.3 | 45 ++- contrib/libfido2/man/fido_assert_new.3 | 37 +- contrib/libfido2/man/fido_assert_set_authdata.3 | 33 +- contrib/libfido2/man/fido_assert_verify.3 | 33 +- contrib/libfido2/man/fido_bio_dev_get_info.3 | 27 +- contrib/libfido2/man/fido_bio_enroll_new.3 | 27 +- contrib/libfido2/man/fido_bio_info_new.3 | 27 +- contrib/libfido2/man/fido_bio_template.3 | 27 +- contrib/libfido2/man/fido_cbor_info_new.3 | 169 ++++++++- contrib/libfido2/man/fido_cred_exclude.3 | 45 ++- contrib/libfido2/man/fido_cred_new.3 | 29 +- contrib/libfido2/man/fido_cred_set_authdata.3 | 46 ++- contrib/libfido2/man/fido_cred_verify.3 | 27 +- contrib/libfido2/man/fido_credman_metadata_new.3 | 27 +- contrib/libfido2/man/fido_dev_enable_entattest.3 | 38 +- contrib/libfido2/man/fido_dev_get_assert.3 | 27 +- contrib/libfido2/man/fido_dev_get_touch_begin.3 | 27 +- contrib/libfido2/man/fido_dev_info_manifest.3 | 31 +- contrib/libfido2/man/fido_dev_largeblob_get.3 | 34 +- contrib/libfido2/man/fido_dev_make_cred.3 | 27 +- contrib/libfido2/man/fido_dev_open.3 | 27 +- contrib/libfido2/man/fido_dev_set_io_functions.3 | 27 +- contrib/libfido2/man/fido_dev_set_pin.3 | 29 +- contrib/libfido2/man/fido_init.3 | 27 +- contrib/libfido2/man/fido_strerr.3 | 27 +- contrib/libfido2/man/rs256_pk_new.3 | 32 +- .../libfido2/openbsd-compat/bsd-asprintf.c (new) | 88 +++++ contrib/libfido2/openbsd-compat/clock_gettime.c | 1 + contrib/libfido2/openbsd-compat/endian_win32.c | 1 + contrib/libfido2/openbsd-compat/openbsd-compat.h | 5 + contrib/libfido2/regress/CMakeLists.txt | 57 ++- contrib/libfido2/regress/assert.c | 14 +- contrib/libfido2/regress/compress.c (new) | 268 ++++++++++++++ contrib/libfido2/regress/cred.c | 15 +- contrib/libfido2/regress/dev.c | 43 ++- contrib/libfido2/regress/eddsa.c (new) | 159 ++++++++ contrib/libfido2/regress/es256.c (new) | 199 ++++++++++ contrib/libfido2/regress/es384.c (new) | 213 +++++++++++ contrib/libfido2/regress/rs256.c (new) | 201 ++++++++++ contrib/libfido2/src/CMakeLists.txt | 31 +- contrib/libfido2/src/aes256.c | 1 + contrib/libfido2/src/assert.c | 206 +++++++---- contrib/libfido2/src/authkey.c | 26 +- contrib/libfido2/src/bio.c | 116 ++++-- contrib/libfido2/src/blob.c | 1 + contrib/libfido2/src/blob.h | 1 + contrib/libfido2/src/buf.c | 1 + contrib/libfido2/src/cbor.c | 52 ++- contrib/libfido2/src/compress.c | 145 +++++++- contrib/libfido2/src/config.c | 28 +- contrib/libfido2/src/cred.c | 45 ++- contrib/libfido2/src/credman.c | 162 ++++++--- contrib/libfido2/src/dev.c | 229 ++---------- contrib/libfido2/src/diff_exports.sh | 1 + contrib/libfido2/src/ecdh.c | 1 + contrib/libfido2/src/eddsa.c | 14 +- contrib/libfido2/src/err.c | 1 + contrib/libfido2/src/es256.c | 66 +++- contrib/libfido2/src/es384.c (new) | 296 +++++++++++++++ contrib/libfido2/src/export.gnu | 22 +- contrib/libfido2/src/export.llvm | 22 +- contrib/libfido2/src/export.msvc | 22 +- contrib/libfido2/src/extern.h | 30 +- contrib/libfido2/src/fallthrough.h (new) | 21 ++ contrib/libfido2/src/fido.h | 46 ++- contrib/libfido2/src/fido/bio.h | 26 +- contrib/libfido2/src/fido/config.h | 26 +- contrib/libfido2/src/fido/credman.h | 26 +- contrib/libfido2/src/fido/eddsa.h | 28 +- contrib/libfido2/src/fido/err.h | 26 +- contrib/libfido2/src/fido/es256.h | 26 +- contrib/libfido2/src/fido/es384.h (new) | 59 +++ contrib/libfido2/src/fido/param.h | 57 ++- contrib/libfido2/src/fido/rs256.h | 26 +- contrib/libfido2/src/fido/types.h | 78 +++- contrib/libfido2/src/hid.c | 1 + contrib/libfido2/src/hid_freebsd.c | 1 + contrib/libfido2/src/hid_hidapi.c | 13 +- contrib/libfido2/src/hid_linux.c | 50 ++- contrib/libfido2/src/hid_netbsd.c | 1 + contrib/libfido2/src/hid_openbsd.c | 101 +++--- contrib/libfido2/src/hid_osx.c | 26 +- contrib/libfido2/src/hid_unix.c | 1 + contrib/libfido2/src/hid_win.c | 5 +- contrib/libfido2/src/info.c | 171 ++++++++- contrib/libfido2/src/io.c | 26 +- contrib/libfido2/src/iso7816.c | 1 + contrib/libfido2/src/iso7816.h | 1 + contrib/libfido2/src/largeblob.c | 34 +- contrib/libfido2/src/log.c | 1 + contrib/libfido2/src/netlink.c | 1 + contrib/libfido2/src/netlink.h | 1 + contrib/libfido2/src/nfc.c (new) | 350 ++++++++++++++++++ contrib/libfido2/src/nfc_linux.c | 387 +++----------------- contrib/libfido2/src/packed.h | 1 + contrib/libfido2/src/pcsc.c (new) | 394 ++++++++++++++++++++ contrib/libfido2/src/pin.c | 77 ++-- contrib/libfido2/src/random.c | 1 + contrib/libfido2/src/reset.c | 1 + contrib/libfido2/src/rs1.c | 3 +- contrib/libfido2/src/rs256.c | 29 +- contrib/libfido2/src/time.c | 1 + contrib/libfido2/src/touch.c (new) | 109 ++++++ contrib/libfido2/src/tpm.c | 3 +- contrib/libfido2/src/types.c | 17 +- contrib/libfido2/src/u2f.c | 93 +++-- contrib/libfido2/src/util.c (new) | 31 ++ contrib/libfido2/src/webauthn.h | 75 +++- contrib/libfido2/src/winhello.c | 122 +++++-- contrib/libfido2/tools/CMakeLists.txt | 12 +- contrib/libfido2/tools/assert_get.c | 7 +- contrib/libfido2/tools/assert_verify.c | 30 +- contrib/libfido2/tools/base64.c | 1 + contrib/libfido2/tools/bio.c | 1 + contrib/libfido2/tools/config.c | 1 + contrib/libfido2/tools/cred_make.c | 7 +- contrib/libfido2/tools/cred_verify.c | 1 + contrib/libfido2/tools/credman.c | 1 + contrib/libfido2/tools/extern.h | 4 +- contrib/libfido2/tools/fido2-assert.c | 1 + contrib/libfido2/tools/fido2-attach.sh | 1 + contrib/libfido2/tools/fido2-cred.c | 1 + contrib/libfido2/tools/fido2-detach.sh | 1 + contrib/libfido2/tools/fido2-token.c | 1 + contrib/libfido2/tools/fido2-unprot.sh | 1 + contrib/libfido2/tools/include_check.sh | 1 + contrib/libfido2/tools/largeblob.c | 59 ++- contrib/libfido2/tools/pin.c | 26 +- contrib/libfido2/tools/test.sh | 46 ++- contrib/libfido2/tools/token.c | 159 +++++++- contrib/libfido2/tools/util.c | 70 +++- contrib/libfido2/udev/70-u2f.rules | 39 +- contrib/libfido2/udev/CMakeLists.txt | 1 + contrib/libfido2/udev/check.sh | 1 + contrib/libfido2/udev/fidodevs | 3 + contrib/libfido2/udev/genrules.awk | 32 +- contrib/libfido2/windows/build.ps1 | 32 +- contrib/libfido2/windows/const.ps1 | 14 +- contrib/libfido2/windows/cygwin.ps1 | 2 + contrib/libfido2/windows/release.ps1 | 30 +- lib/libfido2/Makefile | 6 +- 196 files changed, 7592 insertions(+), 1733 deletions(-)
I split the update into two parts so that we can decide for 14.0 whether to cherry-pick just the hid_freebsd.c change or the whole update to 1.13.0. I will merge both of these to stable/14 soon. Any testing or feedback you can provide is greatly appreciated.
I am staging a fresh build for 15-CURRENT amd64 test now. Will also test after MFC to stable/14. I will try an aarch64 via QEMU test once a 14BETA/RC or snapshot ISO is available since I'm not setup for cross-compile at the moment on my test machine. Will report back once some tests are complete. Thanks for the commit.
I am now successfully using the updated version of libfido2 on -CURRENT with the base OpenSSH_9.4p1, OpenSSL 3.0.10 1 Aug 2023. FreeBSD freebsd14 15.0-CURRENT FreeBSD 15.0-CURRENT #3 main-n265425-2a78083fc2a1: Wed Sep 20 07:13:42 EDT 2023 root@freebsd14:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 Original failcase of using `ssh-keygen -K` to extract FIDO keys from a hidraw(4) usb device now works seemlessly. If other are interested in testing OpenSSH's SK Support with hidraw device kldload hidraw sysctl hw.usb.usbhid.enable="1" remove and re-insert FIDO USB device This should result in console demesg output with the new usb device names (/dev/hidraw0 and /dev/hidraw1) Perform any OpenSSH action that requires access to SK (FIDO) device on /dev/hidrawX. e.g.: ssh-keygen -v -K Should now work properly. If you have not done this before, test as root, then install the u2f-devd package to allow users in the 'u2f' group to access u2f/FIDO devices without being root. Will re-test amd64/aarch64 after MFC to stable/14. Only thing that I make look into in the mean time is if we can easily add any unit tests to cover this functionality.
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3df74eecfdecbafe55838b45141c275754d526bb commit 3df74eecfdecbafe55838b45141c275754d526bb Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-09-19 16:50:13 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-09-22 11:03:35 +0000 libfido2: backport hidraw(4) support PR: 273596 Submitted by: David Horn Obtained from: libfido2 2c9dfaae2a56, 930160388700 (cherry picked from commit 1843dfb05ed80149f5a412180af882e3cb8f451b) contrib/libfido2/src/hid_freebsd.c | 97 ++++++++++++++++++++++++++++++++++---- 1 file changed, 87 insertions(+), 10 deletions(-)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=5bfbde817cdedbd7309c38a361cd1211bdcdd70e commit 5bfbde817cdedbd7309c38a361cd1211bdcdd70e Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-09-19 17:06:12 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-09-22 11:03:36 +0000 libfido2: update to 1.13.0 Some highlights from NEWS entries: ** Improved OpenSSL 3.0 compatibility. ** Support for hidraw(4) on FreeBSD; gh#597. ** Improved support for FIDO 2.1 authenticators. PR: 273596 Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit 2ccfa855b2fc331819953e3de1b1c15ce5b95a7e) contrib/libfido2/CMakeLists.txt | 142 ++++++-- contrib/libfido2/LICENSE | 4 +- contrib/libfido2/NEWS | 41 +++ contrib/libfido2/README.adoc | 114 ++++-- contrib/libfido2/examples/CMakeLists.txt | 12 +- contrib/libfido2/examples/README.adoc | 17 +- contrib/libfido2/examples/assert.c | 33 +- contrib/libfido2/examples/cred.c | 29 +- contrib/libfido2/examples/extern.h | 8 +- contrib/libfido2/examples/info.c | 101 +++++- contrib/libfido2/examples/manifest.c | 1 + contrib/libfido2/examples/reset.c | 1 + contrib/libfido2/examples/retries.c | 3 +- contrib/libfido2/examples/select.c | 5 +- contrib/libfido2/examples/setpin.c | 3 +- contrib/libfido2/examples/util.c | 65 +++- contrib/libfido2/fuzz/CMakeLists.txt | 55 ++- contrib/libfido2/fuzz/Dockerfile | 22 +- contrib/libfido2/fuzz/Makefile | 35 +- contrib/libfido2/fuzz/README | 22 +- contrib/libfido2/fuzz/build-coverage | 7 +- contrib/libfido2/fuzz/clock.c | 1 + contrib/libfido2/fuzz/dummy.h | 5 +- contrib/libfido2/fuzz/export.gnu | 32 +- contrib/libfido2/fuzz/functions.txt | 404 ++++++++++++--------- contrib/libfido2/fuzz/fuzz_assert.c | 43 ++- contrib/libfido2/fuzz/fuzz_bio.c | 5 +- contrib/libfido2/fuzz/fuzz_cred.c | 10 +- contrib/libfido2/fuzz/fuzz_credman.c | 5 +- contrib/libfido2/fuzz/fuzz_hid.c | 5 +- contrib/libfido2/fuzz/fuzz_largeblob.c | 5 +- contrib/libfido2/fuzz/fuzz_mgmt.c | 34 +- contrib/libfido2/fuzz/fuzz_netlink.c | 5 +- contrib/libfido2/fuzz/fuzz_pcsc.c (new) | 269 ++++++++++++++ contrib/libfido2/fuzz/libfuzzer.c | 61 +++- contrib/libfido2/fuzz/mutator_aux.c | 21 +- contrib/libfido2/fuzz/mutator_aux.h | 22 +- contrib/libfido2/fuzz/pcsc.c (new) | 153 ++++++++ contrib/libfido2/fuzz/preload-fuzz.c | 1 + contrib/libfido2/fuzz/preload-snoop.c | 1 + contrib/libfido2/fuzz/report.tgz | Bin 323706 -> 357005 bytes contrib/libfido2/fuzz/summary.txt | 77 ++-- contrib/libfido2/fuzz/udev.c | 3 +- contrib/libfido2/fuzz/wiredata_fido2.h | 77 +++- contrib/libfido2/fuzz/wiredata_u2f.h | 1 + contrib/libfido2/fuzz/wrap.c | 67 +++- contrib/libfido2/fuzz/wrapped.sym | 10 + contrib/libfido2/man/CMakeLists.txt | 53 ++- contrib/libfido2/man/check.sh | 1 + contrib/libfido2/man/eddsa_pk_new.3 | 32 +- contrib/libfido2/man/es256_pk_new.3 | 32 +- contrib/libfido2/man/es384_pk_new.3 (new) | 164 +++++++++ contrib/libfido2/man/fido2-assert.1 | 27 +- contrib/libfido2/man/fido2-cred.1 | 27 +- contrib/libfido2/man/fido2-token.1 | 51 ++- contrib/libfido2/man/fido_assert_allow_cred.3 | 45 ++- contrib/libfido2/man/fido_assert_new.3 | 37 +- contrib/libfido2/man/fido_assert_set_authdata.3 | 33 +- contrib/libfido2/man/fido_assert_verify.3 | 33 +- contrib/libfido2/man/fido_bio_dev_get_info.3 | 27 +- contrib/libfido2/man/fido_bio_enroll_new.3 | 27 +- contrib/libfido2/man/fido_bio_info_new.3 | 27 +- contrib/libfido2/man/fido_bio_template.3 | 27 +- contrib/libfido2/man/fido_cbor_info_new.3 | 169 ++++++++- contrib/libfido2/man/fido_cred_exclude.3 | 45 ++- contrib/libfido2/man/fido_cred_new.3 | 29 +- contrib/libfido2/man/fido_cred_set_authdata.3 | 46 ++- contrib/libfido2/man/fido_cred_verify.3 | 27 +- contrib/libfido2/man/fido_credman_metadata_new.3 | 27 +- contrib/libfido2/man/fido_dev_enable_entattest.3 | 38 +- contrib/libfido2/man/fido_dev_get_assert.3 | 27 +- contrib/libfido2/man/fido_dev_get_touch_begin.3 | 27 +- contrib/libfido2/man/fido_dev_info_manifest.3 | 31 +- contrib/libfido2/man/fido_dev_largeblob_get.3 | 34 +- contrib/libfido2/man/fido_dev_make_cred.3 | 27 +- contrib/libfido2/man/fido_dev_open.3 | 27 +- contrib/libfido2/man/fido_dev_set_io_functions.3 | 27 +- contrib/libfido2/man/fido_dev_set_pin.3 | 29 +- contrib/libfido2/man/fido_init.3 | 27 +- contrib/libfido2/man/fido_strerr.3 | 27 +- contrib/libfido2/man/rs256_pk_new.3 | 32 +- .../libfido2/openbsd-compat/bsd-asprintf.c (new) | 88 +++++ contrib/libfido2/openbsd-compat/clock_gettime.c | 1 + contrib/libfido2/openbsd-compat/endian_win32.c | 1 + contrib/libfido2/openbsd-compat/openbsd-compat.h | 5 + contrib/libfido2/regress/CMakeLists.txt | 57 ++- contrib/libfido2/regress/assert.c | 14 +- contrib/libfido2/regress/compress.c (new) | 268 ++++++++++++++ contrib/libfido2/regress/cred.c | 15 +- contrib/libfido2/regress/dev.c | 43 ++- contrib/libfido2/regress/eddsa.c (new) | 159 ++++++++ contrib/libfido2/regress/es256.c (new) | 199 ++++++++++ contrib/libfido2/regress/es384.c (new) | 213 +++++++++++ contrib/libfido2/regress/rs256.c (new) | 201 ++++++++++ contrib/libfido2/src/CMakeLists.txt | 31 +- contrib/libfido2/src/aes256.c | 1 + contrib/libfido2/src/assert.c | 206 +++++++---- contrib/libfido2/src/authkey.c | 26 +- contrib/libfido2/src/bio.c | 116 ++++-- contrib/libfido2/src/blob.c | 1 + contrib/libfido2/src/blob.h | 1 + contrib/libfido2/src/buf.c | 1 + contrib/libfido2/src/cbor.c | 52 ++- contrib/libfido2/src/compress.c | 145 +++++++- contrib/libfido2/src/config.c | 28 +- contrib/libfido2/src/cred.c | 45 ++- contrib/libfido2/src/credman.c | 162 ++++++--- contrib/libfido2/src/dev.c | 229 ++---------- contrib/libfido2/src/diff_exports.sh | 1 + contrib/libfido2/src/ecdh.c | 1 + contrib/libfido2/src/eddsa.c | 14 +- contrib/libfido2/src/err.c | 1 + contrib/libfido2/src/es256.c | 66 +++- contrib/libfido2/src/es384.c (new) | 296 +++++++++++++++ contrib/libfido2/src/export.gnu | 22 +- contrib/libfido2/src/export.llvm | 22 +- contrib/libfido2/src/export.msvc | 22 +- contrib/libfido2/src/extern.h | 30 +- contrib/libfido2/src/fallthrough.h (new) | 21 ++ contrib/libfido2/src/fido.h | 46 ++- contrib/libfido2/src/fido/bio.h | 26 +- contrib/libfido2/src/fido/config.h | 26 +- contrib/libfido2/src/fido/credman.h | 26 +- contrib/libfido2/src/fido/eddsa.h | 28 +- contrib/libfido2/src/fido/err.h | 26 +- contrib/libfido2/src/fido/es256.h | 26 +- contrib/libfido2/src/fido/es384.h (new) | 59 +++ contrib/libfido2/src/fido/param.h | 57 ++- contrib/libfido2/src/fido/rs256.h | 26 +- contrib/libfido2/src/fido/types.h | 78 +++- contrib/libfido2/src/hid.c | 1 + contrib/libfido2/src/hid_freebsd.c | 1 + contrib/libfido2/src/hid_hidapi.c | 13 +- contrib/libfido2/src/hid_linux.c | 50 ++- contrib/libfido2/src/hid_netbsd.c | 1 + contrib/libfido2/src/hid_openbsd.c | 101 +++--- contrib/libfido2/src/hid_osx.c | 26 +- contrib/libfido2/src/hid_unix.c | 1 + contrib/libfido2/src/hid_win.c | 5 +- contrib/libfido2/src/info.c | 171 ++++++++- contrib/libfido2/src/io.c | 26 +- contrib/libfido2/src/iso7816.c | 1 + contrib/libfido2/src/iso7816.h | 1 + contrib/libfido2/src/largeblob.c | 34 +- contrib/libfido2/src/log.c | 1 + contrib/libfido2/src/netlink.c | 1 + contrib/libfido2/src/netlink.h | 1 + contrib/libfido2/src/nfc.c (new) | 350 ++++++++++++++++++ contrib/libfido2/src/nfc_linux.c | 387 +++----------------- contrib/libfido2/src/packed.h | 1 + contrib/libfido2/src/pcsc.c (new) | 394 ++++++++++++++++++++ contrib/libfido2/src/pin.c | 77 ++-- contrib/libfido2/src/random.c | 1 + contrib/libfido2/src/reset.c | 1 + contrib/libfido2/src/rs1.c | 3 +- contrib/libfido2/src/rs256.c | 29 +- contrib/libfido2/src/time.c | 1 + contrib/libfido2/src/touch.c (new) | 109 ++++++ contrib/libfido2/src/tpm.c | 3 +- contrib/libfido2/src/types.c | 17 +- contrib/libfido2/src/u2f.c | 93 +++-- contrib/libfido2/src/util.c (new) | 31 ++ contrib/libfido2/src/webauthn.h | 75 +++- contrib/libfido2/src/winhello.c | 122 +++++-- contrib/libfido2/tools/CMakeLists.txt | 12 +- contrib/libfido2/tools/assert_get.c | 7 +- contrib/libfido2/tools/assert_verify.c | 30 +- contrib/libfido2/tools/base64.c | 1 + contrib/libfido2/tools/bio.c | 1 + contrib/libfido2/tools/config.c | 1 + contrib/libfido2/tools/cred_make.c | 7 +- contrib/libfido2/tools/cred_verify.c | 1 + contrib/libfido2/tools/credman.c | 1 + contrib/libfido2/tools/extern.h | 4 +- contrib/libfido2/tools/fido2-assert.c | 1 + contrib/libfido2/tools/fido2-attach.sh | 1 + contrib/libfido2/tools/fido2-cred.c | 1 + contrib/libfido2/tools/fido2-detach.sh | 1 + contrib/libfido2/tools/fido2-token.c | 1 + contrib/libfido2/tools/fido2-unprot.sh | 1 + contrib/libfido2/tools/include_check.sh | 1 + contrib/libfido2/tools/largeblob.c | 59 ++- contrib/libfido2/tools/pin.c | 26 +- contrib/libfido2/tools/test.sh | 46 ++- contrib/libfido2/tools/token.c | 159 +++++++- contrib/libfido2/tools/util.c | 70 +++- contrib/libfido2/udev/70-u2f.rules | 39 +- contrib/libfido2/udev/CMakeLists.txt | 1 + contrib/libfido2/udev/check.sh | 1 + contrib/libfido2/udev/fidodevs | 3 + contrib/libfido2/udev/genrules.awk | 32 +- contrib/libfido2/windows/build.ps1 | 32 +- contrib/libfido2/windows/const.ps1 | 14 +- contrib/libfido2/windows/cygwin.ps1 | 2 + contrib/libfido2/windows/release.ps1 | 30 +- lib/libfido2/Makefile | 6 +- 196 files changed, 7592 insertions(+), 1733 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3e85eb3c5ef0c08ae3a7db543d72713c365ca3a4 commit 3e85eb3c5ef0c08ae3a7db543d72713c365ca3a4 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-09-19 16:50:13 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-09-22 11:07:25 +0000 libfido2: backport hidraw(4) support PR: 273596 Submitted by: David Horn Obtained from: libfido2 2c9dfaae2a56, 930160388700 (cherry picked from commit 1843dfb05ed80149f5a412180af882e3cb8f451b) (cherry picked from commit 3df74eecfdecbafe55838b45141c275754d526bb) contrib/libfido2/src/hid_freebsd.c | 97 ++++++++++++++++++++++++++++++++++---- 1 file changed, 87 insertions(+), 10 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=d79e0d1735e3e68aee782cc676dea99c71cdbbfb commit d79e0d1735e3e68aee782cc676dea99c71cdbbfb Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-09-19 17:06:12 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-09-22 11:07:25 +0000 libfido2: update to 1.13.0 Some highlights from NEWS entries: ** Improved OpenSSL 3.0 compatibility. ** Support for hidraw(4) on FreeBSD; gh#597. ** Improved support for FIDO 2.1 authenticators. PR: 273596 Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit 2ccfa855b2fc331819953e3de1b1c15ce5b95a7e) (cherry picked from commit 5bfbde817cdedbd7309c38a361cd1211bdcdd70e) contrib/libfido2/CMakeLists.txt | 142 ++++++-- contrib/libfido2/LICENSE | 4 +- contrib/libfido2/NEWS | 41 +++ contrib/libfido2/README.adoc | 114 ++++-- contrib/libfido2/examples/CMakeLists.txt | 12 +- contrib/libfido2/examples/README.adoc | 17 +- contrib/libfido2/examples/assert.c | 33 +- contrib/libfido2/examples/cred.c | 29 +- contrib/libfido2/examples/extern.h | 8 +- contrib/libfido2/examples/info.c | 101 +++++- contrib/libfido2/examples/manifest.c | 1 + contrib/libfido2/examples/reset.c | 1 + contrib/libfido2/examples/retries.c | 3 +- contrib/libfido2/examples/select.c | 5 +- contrib/libfido2/examples/setpin.c | 3 +- contrib/libfido2/examples/util.c | 65 +++- contrib/libfido2/fuzz/CMakeLists.txt | 55 ++- contrib/libfido2/fuzz/Dockerfile | 22 +- contrib/libfido2/fuzz/Makefile | 35 +- contrib/libfido2/fuzz/README | 22 +- contrib/libfido2/fuzz/build-coverage | 7 +- contrib/libfido2/fuzz/clock.c | 1 + contrib/libfido2/fuzz/dummy.h | 5 +- contrib/libfido2/fuzz/export.gnu | 32 +- contrib/libfido2/fuzz/functions.txt | 404 ++++++++++++--------- contrib/libfido2/fuzz/fuzz_assert.c | 43 ++- contrib/libfido2/fuzz/fuzz_bio.c | 5 +- contrib/libfido2/fuzz/fuzz_cred.c | 10 +- contrib/libfido2/fuzz/fuzz_credman.c | 5 +- contrib/libfido2/fuzz/fuzz_hid.c | 5 +- contrib/libfido2/fuzz/fuzz_largeblob.c | 5 +- contrib/libfido2/fuzz/fuzz_mgmt.c | 34 +- contrib/libfido2/fuzz/fuzz_netlink.c | 5 +- contrib/libfido2/fuzz/fuzz_pcsc.c (new) | 269 ++++++++++++++ contrib/libfido2/fuzz/libfuzzer.c | 61 +++- contrib/libfido2/fuzz/mutator_aux.c | 21 +- contrib/libfido2/fuzz/mutator_aux.h | 22 +- contrib/libfido2/fuzz/pcsc.c (new) | 153 ++++++++ contrib/libfido2/fuzz/preload-fuzz.c | 1 + contrib/libfido2/fuzz/preload-snoop.c | 1 + contrib/libfido2/fuzz/report.tgz | Bin 323706 -> 357005 bytes contrib/libfido2/fuzz/summary.txt | 77 ++-- contrib/libfido2/fuzz/udev.c | 3 +- contrib/libfido2/fuzz/wiredata_fido2.h | 77 +++- contrib/libfido2/fuzz/wiredata_u2f.h | 1 + contrib/libfido2/fuzz/wrap.c | 67 +++- contrib/libfido2/fuzz/wrapped.sym | 10 + contrib/libfido2/man/CMakeLists.txt | 53 ++- contrib/libfido2/man/check.sh | 1 + contrib/libfido2/man/eddsa_pk_new.3 | 32 +- contrib/libfido2/man/es256_pk_new.3 | 32 +- contrib/libfido2/man/es384_pk_new.3 (new) | 164 +++++++++ contrib/libfido2/man/fido2-assert.1 | 27 +- contrib/libfido2/man/fido2-cred.1 | 27 +- contrib/libfido2/man/fido2-token.1 | 51 ++- contrib/libfido2/man/fido_assert_allow_cred.3 | 45 ++- contrib/libfido2/man/fido_assert_new.3 | 37 +- contrib/libfido2/man/fido_assert_set_authdata.3 | 33 +- contrib/libfido2/man/fido_assert_verify.3 | 33 +- contrib/libfido2/man/fido_bio_dev_get_info.3 | 27 +- contrib/libfido2/man/fido_bio_enroll_new.3 | 27 +- contrib/libfido2/man/fido_bio_info_new.3 | 27 +- contrib/libfido2/man/fido_bio_template.3 | 27 +- contrib/libfido2/man/fido_cbor_info_new.3 | 169 ++++++++- contrib/libfido2/man/fido_cred_exclude.3 | 45 ++- contrib/libfido2/man/fido_cred_new.3 | 29 +- contrib/libfido2/man/fido_cred_set_authdata.3 | 46 ++- contrib/libfido2/man/fido_cred_verify.3 | 27 +- contrib/libfido2/man/fido_credman_metadata_new.3 | 27 +- contrib/libfido2/man/fido_dev_enable_entattest.3 | 38 +- contrib/libfido2/man/fido_dev_get_assert.3 | 27 +- contrib/libfido2/man/fido_dev_get_touch_begin.3 | 27 +- contrib/libfido2/man/fido_dev_info_manifest.3 | 31 +- contrib/libfido2/man/fido_dev_largeblob_get.3 | 34 +- contrib/libfido2/man/fido_dev_make_cred.3 | 27 +- contrib/libfido2/man/fido_dev_open.3 | 27 +- contrib/libfido2/man/fido_dev_set_io_functions.3 | 27 +- contrib/libfido2/man/fido_dev_set_pin.3 | 29 +- contrib/libfido2/man/fido_init.3 | 27 +- contrib/libfido2/man/fido_strerr.3 | 27 +- contrib/libfido2/man/rs256_pk_new.3 | 32 +- .../libfido2/openbsd-compat/bsd-asprintf.c (new) | 88 +++++ contrib/libfido2/openbsd-compat/clock_gettime.c | 1 + contrib/libfido2/openbsd-compat/endian_win32.c | 1 + contrib/libfido2/openbsd-compat/openbsd-compat.h | 5 + contrib/libfido2/regress/CMakeLists.txt | 57 ++- contrib/libfido2/regress/assert.c | 14 +- contrib/libfido2/regress/compress.c (new) | 268 ++++++++++++++ contrib/libfido2/regress/cred.c | 15 +- contrib/libfido2/regress/dev.c | 43 ++- contrib/libfido2/regress/eddsa.c (new) | 159 ++++++++ contrib/libfido2/regress/es256.c (new) | 199 ++++++++++ contrib/libfido2/regress/es384.c (new) | 213 +++++++++++ contrib/libfido2/regress/rs256.c (new) | 201 ++++++++++ contrib/libfido2/src/CMakeLists.txt | 31 +- contrib/libfido2/src/aes256.c | 1 + contrib/libfido2/src/assert.c | 206 +++++++---- contrib/libfido2/src/authkey.c | 26 +- contrib/libfido2/src/bio.c | 116 ++++-- contrib/libfido2/src/blob.c | 1 + contrib/libfido2/src/blob.h | 1 + contrib/libfido2/src/buf.c | 1 + contrib/libfido2/src/cbor.c | 52 ++- contrib/libfido2/src/compress.c | 145 +++++++- contrib/libfido2/src/config.c | 28 +- contrib/libfido2/src/cred.c | 45 ++- contrib/libfido2/src/credman.c | 162 ++++++--- contrib/libfido2/src/dev.c | 229 ++---------- contrib/libfido2/src/diff_exports.sh | 1 + contrib/libfido2/src/ecdh.c | 1 + contrib/libfido2/src/eddsa.c | 14 +- contrib/libfido2/src/err.c | 1 + contrib/libfido2/src/es256.c | 66 +++- contrib/libfido2/src/es384.c (new) | 296 +++++++++++++++ contrib/libfido2/src/export.gnu | 22 +- contrib/libfido2/src/export.llvm | 22 +- contrib/libfido2/src/export.msvc | 22 +- contrib/libfido2/src/extern.h | 30 +- contrib/libfido2/src/fallthrough.h (new) | 21 ++ contrib/libfido2/src/fido.h | 46 ++- contrib/libfido2/src/fido/bio.h | 26 +- contrib/libfido2/src/fido/config.h | 26 +- contrib/libfido2/src/fido/credman.h | 26 +- contrib/libfido2/src/fido/eddsa.h | 28 +- contrib/libfido2/src/fido/err.h | 26 +- contrib/libfido2/src/fido/es256.h | 26 +- contrib/libfido2/src/fido/es384.h (new) | 59 +++ contrib/libfido2/src/fido/param.h | 57 ++- contrib/libfido2/src/fido/rs256.h | 26 +- contrib/libfido2/src/fido/types.h | 78 +++- contrib/libfido2/src/hid.c | 1 + contrib/libfido2/src/hid_freebsd.c | 1 + contrib/libfido2/src/hid_hidapi.c | 13 +- contrib/libfido2/src/hid_linux.c | 50 ++- contrib/libfido2/src/hid_netbsd.c | 1 + contrib/libfido2/src/hid_openbsd.c | 101 +++--- contrib/libfido2/src/hid_osx.c | 26 +- contrib/libfido2/src/hid_unix.c | 1 + contrib/libfido2/src/hid_win.c | 5 +- contrib/libfido2/src/info.c | 171 ++++++++- contrib/libfido2/src/io.c | 26 +- contrib/libfido2/src/iso7816.c | 1 + contrib/libfido2/src/iso7816.h | 1 + contrib/libfido2/src/largeblob.c | 34 +- contrib/libfido2/src/log.c | 1 + contrib/libfido2/src/netlink.c | 1 + contrib/libfido2/src/netlink.h | 1 + contrib/libfido2/src/nfc.c (new) | 350 ++++++++++++++++++ contrib/libfido2/src/nfc_linux.c | 387 +++----------------- contrib/libfido2/src/packed.h | 1 + contrib/libfido2/src/pcsc.c (new) | 394 ++++++++++++++++++++ contrib/libfido2/src/pin.c | 77 ++-- contrib/libfido2/src/random.c | 1 + contrib/libfido2/src/reset.c | 1 + contrib/libfido2/src/rs1.c | 3 +- contrib/libfido2/src/rs256.c | 29 +- contrib/libfido2/src/time.c | 1 + contrib/libfido2/src/touch.c (new) | 109 ++++++ contrib/libfido2/src/tpm.c | 3 +- contrib/libfido2/src/types.c | 17 +- contrib/libfido2/src/u2f.c | 93 +++-- contrib/libfido2/src/util.c (new) | 31 ++ contrib/libfido2/src/webauthn.h | 75 +++- contrib/libfido2/src/winhello.c | 122 +++++-- contrib/libfido2/tools/CMakeLists.txt | 12 +- contrib/libfido2/tools/assert_get.c | 7 +- contrib/libfido2/tools/assert_verify.c | 30 +- contrib/libfido2/tools/base64.c | 1 + contrib/libfido2/tools/bio.c | 1 + contrib/libfido2/tools/config.c | 1 + contrib/libfido2/tools/cred_make.c | 7 +- contrib/libfido2/tools/cred_verify.c | 1 + contrib/libfido2/tools/credman.c | 1 + contrib/libfido2/tools/extern.h | 4 +- contrib/libfido2/tools/fido2-assert.c | 1 + contrib/libfido2/tools/fido2-attach.sh | 1 + contrib/libfido2/tools/fido2-cred.c | 1 + contrib/libfido2/tools/fido2-detach.sh | 1 + contrib/libfido2/tools/fido2-token.c | 1 + contrib/libfido2/tools/fido2-unprot.sh | 1 + contrib/libfido2/tools/include_check.sh | 1 + contrib/libfido2/tools/largeblob.c | 59 ++- contrib/libfido2/tools/pin.c | 26 +- contrib/libfido2/tools/test.sh | 46 ++- contrib/libfido2/tools/token.c | 159 +++++++- contrib/libfido2/tools/util.c | 70 +++- contrib/libfido2/udev/70-u2f.rules | 39 +- contrib/libfido2/udev/CMakeLists.txt | 1 + contrib/libfido2/udev/check.sh | 1 + contrib/libfido2/udev/fidodevs | 3 + contrib/libfido2/udev/genrules.awk | 32 +- contrib/libfido2/windows/build.ps1 | 32 +- contrib/libfido2/windows/const.ps1 | 14 +- contrib/libfido2/windows/cygwin.ps1 | 2 + contrib/libfido2/windows/release.ps1 | 30 +- lib/libfido2/Makefile | 6 +- 196 files changed, 7592 insertions(+), 1733 deletions(-)
A commit in branch releng/14.0 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=c782cf6f13fcc7b7c57acdeca6f13d624434bdec commit c782cf6f13fcc7b7c57acdeca6f13d624434bdec Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-09-19 16:50:13 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-09-23 13:08:56 +0000 libfido2: backport hidraw(4) support PR: 273596 Submitted by: David Horn Obtained from: libfido2 2c9dfaae2a56, 930160388700 (cherry picked from commit 1843dfb05ed80149f5a412180af882e3cb8f451b) (cherry picked from commit 3df74eecfdecbafe55838b45141c275754d526bb) Approved by: re (gjb) contrib/libfido2/src/hid_freebsd.c | 97 ++++++++++++++++++++++++++++++++++---- 1 file changed, 87 insertions(+), 10 deletions(-)
A commit in branch releng/14.0 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=95321fff46ec680708dc9c1ffe116757bee8ad78 commit 95321fff46ec680708dc9c1ffe116757bee8ad78 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-09-19 17:06:12 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-09-23 13:09:06 +0000 libfido2: update to 1.13.0 Some highlights from NEWS entries: ** Improved OpenSSL 3.0 compatibility. ** Support for hidraw(4) on FreeBSD; gh#597. ** Improved support for FIDO 2.1 authenticators. PR: 273596 Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit 2ccfa855b2fc331819953e3de1b1c15ce5b95a7e) (cherry picked from commit 5bfbde817cdedbd7309c38a361cd1211bdcdd70e) Approved by: re (gjb) contrib/libfido2/CMakeLists.txt | 142 ++++++-- contrib/libfido2/LICENSE | 4 +- contrib/libfido2/NEWS | 41 +++ contrib/libfido2/README.adoc | 114 ++++-- contrib/libfido2/examples/CMakeLists.txt | 12 +- contrib/libfido2/examples/README.adoc | 17 +- contrib/libfido2/examples/assert.c | 33 +- contrib/libfido2/examples/cred.c | 29 +- contrib/libfido2/examples/extern.h | 8 +- contrib/libfido2/examples/info.c | 101 +++++- contrib/libfido2/examples/manifest.c | 1 + contrib/libfido2/examples/reset.c | 1 + contrib/libfido2/examples/retries.c | 3 +- contrib/libfido2/examples/select.c | 5 +- contrib/libfido2/examples/setpin.c | 3 +- contrib/libfido2/examples/util.c | 65 +++- contrib/libfido2/fuzz/CMakeLists.txt | 55 ++- contrib/libfido2/fuzz/Dockerfile | 22 +- contrib/libfido2/fuzz/Makefile | 35 +- contrib/libfido2/fuzz/README | 22 +- contrib/libfido2/fuzz/build-coverage | 7 +- contrib/libfido2/fuzz/clock.c | 1 + contrib/libfido2/fuzz/dummy.h | 5 +- contrib/libfido2/fuzz/export.gnu | 32 +- contrib/libfido2/fuzz/functions.txt | 404 ++++++++++++--------- contrib/libfido2/fuzz/fuzz_assert.c | 43 ++- contrib/libfido2/fuzz/fuzz_bio.c | 5 +- contrib/libfido2/fuzz/fuzz_cred.c | 10 +- contrib/libfido2/fuzz/fuzz_credman.c | 5 +- contrib/libfido2/fuzz/fuzz_hid.c | 5 +- contrib/libfido2/fuzz/fuzz_largeblob.c | 5 +- contrib/libfido2/fuzz/fuzz_mgmt.c | 34 +- contrib/libfido2/fuzz/fuzz_netlink.c | 5 +- contrib/libfido2/fuzz/fuzz_pcsc.c (new) | 269 ++++++++++++++ contrib/libfido2/fuzz/libfuzzer.c | 61 +++- contrib/libfido2/fuzz/mutator_aux.c | 21 +- contrib/libfido2/fuzz/mutator_aux.h | 22 +- contrib/libfido2/fuzz/pcsc.c (new) | 153 ++++++++ contrib/libfido2/fuzz/preload-fuzz.c | 1 + contrib/libfido2/fuzz/preload-snoop.c | 1 + contrib/libfido2/fuzz/report.tgz | Bin 323706 -> 357005 bytes contrib/libfido2/fuzz/summary.txt | 77 ++-- contrib/libfido2/fuzz/udev.c | 3 +- contrib/libfido2/fuzz/wiredata_fido2.h | 77 +++- contrib/libfido2/fuzz/wiredata_u2f.h | 1 + contrib/libfido2/fuzz/wrap.c | 67 +++- contrib/libfido2/fuzz/wrapped.sym | 10 + contrib/libfido2/man/CMakeLists.txt | 53 ++- contrib/libfido2/man/check.sh | 1 + contrib/libfido2/man/eddsa_pk_new.3 | 32 +- contrib/libfido2/man/es256_pk_new.3 | 32 +- contrib/libfido2/man/es384_pk_new.3 (new) | 164 +++++++++ contrib/libfido2/man/fido2-assert.1 | 27 +- contrib/libfido2/man/fido2-cred.1 | 27 +- contrib/libfido2/man/fido2-token.1 | 51 ++- contrib/libfido2/man/fido_assert_allow_cred.3 | 45 ++- contrib/libfido2/man/fido_assert_new.3 | 37 +- contrib/libfido2/man/fido_assert_set_authdata.3 | 33 +- contrib/libfido2/man/fido_assert_verify.3 | 33 +- contrib/libfido2/man/fido_bio_dev_get_info.3 | 27 +- contrib/libfido2/man/fido_bio_enroll_new.3 | 27 +- contrib/libfido2/man/fido_bio_info_new.3 | 27 +- contrib/libfido2/man/fido_bio_template.3 | 27 +- contrib/libfido2/man/fido_cbor_info_new.3 | 169 ++++++++- contrib/libfido2/man/fido_cred_exclude.3 | 45 ++- contrib/libfido2/man/fido_cred_new.3 | 29 +- contrib/libfido2/man/fido_cred_set_authdata.3 | 46 ++- contrib/libfido2/man/fido_cred_verify.3 | 27 +- contrib/libfido2/man/fido_credman_metadata_new.3 | 27 +- contrib/libfido2/man/fido_dev_enable_entattest.3 | 38 +- contrib/libfido2/man/fido_dev_get_assert.3 | 27 +- contrib/libfido2/man/fido_dev_get_touch_begin.3 | 27 +- contrib/libfido2/man/fido_dev_info_manifest.3 | 31 +- contrib/libfido2/man/fido_dev_largeblob_get.3 | 34 +- contrib/libfido2/man/fido_dev_make_cred.3 | 27 +- contrib/libfido2/man/fido_dev_open.3 | 27 +- contrib/libfido2/man/fido_dev_set_io_functions.3 | 27 +- contrib/libfido2/man/fido_dev_set_pin.3 | 29 +- contrib/libfido2/man/fido_init.3 | 27 +- contrib/libfido2/man/fido_strerr.3 | 27 +- contrib/libfido2/man/rs256_pk_new.3 | 32 +- .../libfido2/openbsd-compat/bsd-asprintf.c (new) | 88 +++++ contrib/libfido2/openbsd-compat/clock_gettime.c | 1 + contrib/libfido2/openbsd-compat/endian_win32.c | 1 + contrib/libfido2/openbsd-compat/openbsd-compat.h | 5 + contrib/libfido2/regress/CMakeLists.txt | 57 ++- contrib/libfido2/regress/assert.c | 14 +- contrib/libfido2/regress/compress.c (new) | 268 ++++++++++++++ contrib/libfido2/regress/cred.c | 15 +- contrib/libfido2/regress/dev.c | 43 ++- contrib/libfido2/regress/eddsa.c (new) | 159 ++++++++ contrib/libfido2/regress/es256.c (new) | 199 ++++++++++ contrib/libfido2/regress/es384.c (new) | 213 +++++++++++ contrib/libfido2/regress/rs256.c (new) | 201 ++++++++++ contrib/libfido2/src/CMakeLists.txt | 31 +- contrib/libfido2/src/aes256.c | 1 + contrib/libfido2/src/assert.c | 206 +++++++---- contrib/libfido2/src/authkey.c | 26 +- contrib/libfido2/src/bio.c | 116 ++++-- contrib/libfido2/src/blob.c | 1 + contrib/libfido2/src/blob.h | 1 + contrib/libfido2/src/buf.c | 1 + contrib/libfido2/src/cbor.c | 52 ++- contrib/libfido2/src/compress.c | 145 +++++++- contrib/libfido2/src/config.c | 28 +- contrib/libfido2/src/cred.c | 45 ++- contrib/libfido2/src/credman.c | 162 ++++++--- contrib/libfido2/src/dev.c | 229 ++---------- contrib/libfido2/src/diff_exports.sh | 1 + contrib/libfido2/src/ecdh.c | 1 + contrib/libfido2/src/eddsa.c | 14 +- contrib/libfido2/src/err.c | 1 + contrib/libfido2/src/es256.c | 66 +++- contrib/libfido2/src/es384.c (new) | 296 +++++++++++++++ contrib/libfido2/src/export.gnu | 22 +- contrib/libfido2/src/export.llvm | 22 +- contrib/libfido2/src/export.msvc | 22 +- contrib/libfido2/src/extern.h | 30 +- contrib/libfido2/src/fallthrough.h (new) | 21 ++ contrib/libfido2/src/fido.h | 46 ++- contrib/libfido2/src/fido/bio.h | 26 +- contrib/libfido2/src/fido/config.h | 26 +- contrib/libfido2/src/fido/credman.h | 26 +- contrib/libfido2/src/fido/eddsa.h | 28 +- contrib/libfido2/src/fido/err.h | 26 +- contrib/libfido2/src/fido/es256.h | 26 +- contrib/libfido2/src/fido/es384.h (new) | 59 +++ contrib/libfido2/src/fido/param.h | 57 ++- contrib/libfido2/src/fido/rs256.h | 26 +- contrib/libfido2/src/fido/types.h | 78 +++- contrib/libfido2/src/hid.c | 1 + contrib/libfido2/src/hid_freebsd.c | 1 + contrib/libfido2/src/hid_hidapi.c | 13 +- contrib/libfido2/src/hid_linux.c | 50 ++- contrib/libfido2/src/hid_netbsd.c | 1 + contrib/libfido2/src/hid_openbsd.c | 101 +++--- contrib/libfido2/src/hid_osx.c | 26 +- contrib/libfido2/src/hid_unix.c | 1 + contrib/libfido2/src/hid_win.c | 5 +- contrib/libfido2/src/info.c | 171 ++++++++- contrib/libfido2/src/io.c | 26 +- contrib/libfido2/src/iso7816.c | 1 + contrib/libfido2/src/iso7816.h | 1 + contrib/libfido2/src/largeblob.c | 34 +- contrib/libfido2/src/log.c | 1 + contrib/libfido2/src/netlink.c | 1 + contrib/libfido2/src/netlink.h | 1 + contrib/libfido2/src/nfc.c (new) | 350 ++++++++++++++++++ contrib/libfido2/src/nfc_linux.c | 387 +++----------------- contrib/libfido2/src/packed.h | 1 + contrib/libfido2/src/pcsc.c (new) | 394 ++++++++++++++++++++ contrib/libfido2/src/pin.c | 77 ++-- contrib/libfido2/src/random.c | 1 + contrib/libfido2/src/reset.c | 1 + contrib/libfido2/src/rs1.c | 3 +- contrib/libfido2/src/rs256.c | 29 +- contrib/libfido2/src/time.c | 1 + contrib/libfido2/src/touch.c (new) | 109 ++++++ contrib/libfido2/src/tpm.c | 3 +- contrib/libfido2/src/types.c | 17 +- contrib/libfido2/src/u2f.c | 93 +++-- contrib/libfido2/src/util.c (new) | 31 ++ contrib/libfido2/src/webauthn.h | 75 +++- contrib/libfido2/src/winhello.c | 122 +++++-- contrib/libfido2/tools/CMakeLists.txt | 12 +- contrib/libfido2/tools/assert_get.c | 7 +- contrib/libfido2/tools/assert_verify.c | 30 +- contrib/libfido2/tools/base64.c | 1 + contrib/libfido2/tools/bio.c | 1 + contrib/libfido2/tools/config.c | 1 + contrib/libfido2/tools/cred_make.c | 7 +- contrib/libfido2/tools/cred_verify.c | 1 + contrib/libfido2/tools/credman.c | 1 + contrib/libfido2/tools/extern.h | 4 +- contrib/libfido2/tools/fido2-assert.c | 1 + contrib/libfido2/tools/fido2-attach.sh | 1 + contrib/libfido2/tools/fido2-cred.c | 1 + contrib/libfido2/tools/fido2-detach.sh | 1 + contrib/libfido2/tools/fido2-token.c | 1 + contrib/libfido2/tools/fido2-unprot.sh | 1 + contrib/libfido2/tools/include_check.sh | 1 + contrib/libfido2/tools/largeblob.c | 59 ++- contrib/libfido2/tools/pin.c | 26 +- contrib/libfido2/tools/test.sh | 46 ++- contrib/libfido2/tools/token.c | 159 +++++++- contrib/libfido2/tools/util.c | 70 +++- contrib/libfido2/udev/70-u2f.rules | 39 +- contrib/libfido2/udev/CMakeLists.txt | 1 + contrib/libfido2/udev/check.sh | 1 + contrib/libfido2/udev/fidodevs | 3 + contrib/libfido2/udev/genrules.awk | 32 +- contrib/libfido2/windows/build.ps1 | 32 +- contrib/libfido2/windows/const.ps1 | 14 +- contrib/libfido2/windows/cygwin.ps1 | 2 + contrib/libfido2/windows/release.ps1 | 30 +- lib/libfido2/Makefile | 6 +- 196 files changed, 7592 insertions(+), 1733 deletions(-)