History log of /openbsd-src/lib/libfido2/Makefile (Results 1 – 9 of 9)
Revision Date Author Comments
# 2b41d92f 13-Nov-2022 tb <tb@openbsd.org>

Avoid symbol collision with libcrypto

libcrypto now provides Ed25519 and the raw public key API, so neuter the
compat implementations. Also link libfido against libcrypto.

The #ifdefs were upstream

Avoid symbol collision with libcrypto

libcrypto now provides Ed25519 and the raw public key API, so neuter the
compat implementations. Also link libfido against libcrypto.

The #ifdefs were upstreamed in https://github.com/Yubico/libfido2/pull/645

no objection djm
ok jsing

show more ...


# ab19a69e 29-Aug-2022 djm <djm@openbsd.org>

update libfido2 to 1.11.0, taking in just over a year of upstream
development. "looks ok" miod@ ok sthen@

NB. libfido2 major bump
# c4a807ed 26-Oct-2021 djm <djm@openbsd.org>

update to libfido2 1.8.0; ok sthen@ "timing is fine" deraadt@
# 739189a3 11-Aug-2020 djm <djm@openbsd.org>

sync with upstream libfido2 rev 2fa20b889, picking up ~7 months
of fixes and a few new APIs that we'd like to use in OpenSSH

ok deraadt@
# 32a20e26 07-Feb-2020 djm <djm@openbsd.org>

update to upstream libfido2 780ad3c25 (20120123)

install manual pages

crank major

feedback & ok jmc@ and naddy@
# 1ba9f8e2 17-Dec-2019 reyk <reyk@openbsd.org>

Add fido(4), a HID driver for FIDO/U2F security keys

While FIDO/U2F keys were already supported by the generic uhid(4)
driver, this driver adds the first step to tighten the security of
FIDO/U2F acc

Add fido(4), a HID driver for FIDO/U2F security keys

While FIDO/U2F keys were already supported by the generic uhid(4)
driver, this driver adds the first step to tighten the security of
FIDO/U2F access. Specifically, users don't need read/write access to
all USB/HID devices anymore and the driver also improves integration
with pledge(2) and unveil(2): It is pledge-friendly because it doesn't
require any ioctls to discover the device and unveil-friendly because
it uses a single /dev/fido/* directory for its device nodes.

It also allows to support FIDO/U2F in firefox without further
weakening the "sandbox" of the browser. Firefox does not have a
proper privsep design and many operations, such as U2F access, are
handled directly by the main process. This means that the browser's
"fat" main process needs direct read/write access to all USB HID
devices, at least on other operating systems. With fido(4) we can
support security keys in Firefox under OpenBSD without such a
compromise.

With this change, libfido2 stops using the ioctl to query the device
vendor/product and just assumes "OpenBSD" "fido(4)" instead. The
ioctl is still supported but there was no benefit in obtaining the
vendor product or name; it also allows to use libfido2 under pledge.

With feedback from deraadt@ and many others
OK kettenis@ djm@ and jmc@ for the manpage bits

show more ...


# 72a2ad3f 15-Nov-2019 deraadt <deraadt@openbsd.org>

our older gcc requires forced -std=c99
# dbec183d 14-Nov-2019 djm <djm@openbsd.org>

LDADD for libcbor and libusbhid
# d75efeb7 14-Nov-2019 djm <djm@openbsd.org>

import libfido2 (git HEAD). This library allows communication with
U2F/FIDO2 devices over USB.

feedback and "start the churn" deraadt@