Sync EVP_MD_meth removal with what landed upstreamdiscussed with djm
Remove EVP_MD_meth_*() dependencyThis broken API was added for Erlang's otp-test-engine which was disabledfor LibreSSL without explanation shortly afterward. So we can remove thishazard again.U
Remove EVP_MD_meth_*() dependencyThis broken API was added for Erlang's otp-test-engine which was disabledfor LibreSSL without explanation shortly afterward. So we can remove thishazard again.Unfortunately, libfido2 started using EVP_MD_meth_dup(), but for no goodreason: they dup static data into a buffer that is passed unmodified toEVP_PKEY_CTX_set_signature_md() only to be freed right after. This makesno sense.Rework this and the ifdefery to make it clear that it is OpenSSL who brokeAPI contracts (again), not LibreSSL.ok djm jsing
show more ...
crank libfido2 major version, it depends on libcbor and it justcranked. ok tb@
Avoid symbol collision with libcryptolibcrypto now provides Ed25519 and the raw public key API, so neuter thecompat implementations. Also link libfido against libcrypto.The #ifdefs were upstream
Avoid symbol collision with libcryptolibcrypto now provides Ed25519 and the raw public key API, so neuter thecompat implementations. Also link libfido against libcrypto.The #ifdefs were upstreamed in https://github.com/Yubico/libfido2/pull/645no objection djmok jsing
backport Xr fixok djm@
update libfido2 to 1.11.0, taking in just over a year of upstreamdevelopment. "looks ok" miod@ ok sthen@NB. libfido2 major bump
man pages: add missing word, The foo() ... -> The foo() function ...ok jmc@ schwarze@
update to libfido2 1.8.0; ok sthen@ "timing is fine" deraadt@
Back-out USB data toggle fix for HID devices, since we received multiplereports about broken devices, e.g. for ukbd(4) and fido(4).ok mpi@
Remove the terrible_ping_kludge() workaround. We have committed a fix tothe USB stack in the meantime for uhidev(4) and ugen(4) to resolve the datatoggle issue in relation to xhci(4).ok gnezdo@,
Remove the terrible_ping_kludge() workaround. We have committed a fix tothe USB stack in the meantime for uhidev(4) and ugen(4) to resolve the datatoggle issue in relation to xhci(4).ok gnezdo@, djm@
sync a couple of minor fixes (no API/ABI change) to bring libfido2in line with upstream 1.5.0
check errno against EINTR; not return value from poll()spotted by Pedro Martelletto
update to libfido2 46710ac06, picking up a few API changesok tb@ deraadt@NB. major crank
sync with upstream libfido2 rev 2fa20b889, picking up ~7 monthsof fixes and a few new APIs that we'd like to use in OpenSSHok deraadt@
It appears we have come full-circle, where source code starts to useclang / "super new gcc" ism's, in particular ones which are totallypointless as far as language goes.Delete them.
update to upstream libfido2 780ad3c25 (20120123)install manual pagescrank majorfeedback & ok jmc@ and naddy@
Add fido(4), a HID driver for FIDO/U2F security keysWhile FIDO/U2F keys were already supported by the generic uhid(4)driver, this driver adds the first step to tighten the security ofFIDO/U2F acc
Add fido(4), a HID driver for FIDO/U2F security keysWhile FIDO/U2F keys were already supported by the generic uhid(4)driver, this driver adds the first step to tighten the security ofFIDO/U2F access. Specifically, users don't need read/write access toall USB/HID devices anymore and the driver also improves integrationwith pledge(2) and unveil(2): It is pledge-friendly because it doesn'trequire any ioctls to discover the device and unveil-friendly becauseit uses a single /dev/fido/* directory for its device nodes.It also allows to support FIDO/U2F in firefox without furtherweakening the "sandbox" of the browser. Firefox does not have aproper privsep design and many operations, such as U2F access, arehandled directly by the main process. This means that the browser's"fat" main process needs direct read/write access to all USB HIDdevices, at least on other operating systems. With fido(4) we cansupport security keys in Firefox under OpenBSD without such acompromise.With this change, libfido2 stops using the ioctl to query the devicevendor/product and just assumes "OpenBSD" "fido(4)" instead. Theioctl is still supported but there was no benefit in obtaining thevendor product or name; it also allows to use libfido2 under pledge.With feedback from deraadt@ and many othersOK kettenis@ djm@ and jmc@ for the manpage bits
sync upstream commit with manpage fixes from jmc@> commit 437896dcafc67d9596774c3bb9f97bfdb4810bb1> Author: pedro martelletto <pedro@yubico.com>> Date: Wed Nov 20 09:38:22 2019 +0100>> ma
sync upstream commit with manpage fixes from jmc@> commit 437896dcafc67d9596774c3bb9f97bfdb4810bb1> Author: pedro martelletto <pedro@yubico.com>> Date: Wed Nov 20 09:38:22 2019 +0100>> man: mop up dangling .Xr's; Jason McIntyre <jmc@openbsd.org>
Sync documentation fixes from upstream:commit 99c4cb00b50b846e4ba2492f67d44171de8c7066Author: pedro martelletto <pedro@yubico.com>Date: Mon Nov 18 16:55:37 2019 +0100 documentation fixes
Sync documentation fixes from upstream:commit 99c4cb00b50b846e4ba2492f67d44171de8c7066Author: pedro martelletto <pedro@yubico.com>Date: Mon Nov 18 16:55:37 2019 +0100 documentation fixes ensure man pages are named after existing functions; pointed out by Jason McIntyre <jmc@openbsd.org>; thanks!
our older gcc requires forced -std=c99
LDADD for libcbor and libusbhid
extra whitespace
import libfido2 (git HEAD). This library allows communication withU2F/FIDO2 devices over USB.feedback and "start the churn" deraadt@