libfido2: update to 1.13.0

Some highlights from NEWS entries: ** Improved OpenSSL 3.0 compatibility. ** Support for hidraw(4) on FreeBSD; gh#597. ** Improved support for FIDO 2.1 authenticators. PR: 273596 Relnotes: Yes Sponsored by: The FreeBSD Foundation
brooksdavis · Sep 19, 2023 · 2ccfa85 · 2ccfa85
2 parents 1843dfb + 00db45a
commit 2ccfa85
Show file tree

Hide file tree

Showing 196 changed files with 7,592 additions and 1,733 deletions.
diff --git a/contrib/libfido2/CMakeLists.txt b/contrib/libfido2/CMakeLists.txt
@@ -1,6 +1,7 @@
-# Copyright (c) 2018-2021 Yubico AB. All rights reserved.
+# Copyright (c) 2018-2022 Yubico AB. All rights reserved.
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.
+# SPDX-License-Identifier: BSD-2-Clause
 
 # detect AppleClang; needs to come before project()
 cmake_policy(SET CMP0025 NEW)
@@ -28,25 +29,34 @@ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 set(CMAKE_COLOR_MAKEFILE OFF)
 set(CMAKE_VERBOSE_MAKEFILE ON)
 set(FIDO_MAJOR "1")
-set(FIDO_MINOR "10")
+set(FIDO_MINOR "13")
 set(FIDO_PATCH "0")
 set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH})
 
+option(BUILD_TESTS       "Build the regress tests"                 ON)
 option(BUILD_EXAMPLES    "Build example programs"                  ON)
 option(BUILD_MANPAGES    "Build man pages"                         ON)
-option(BUILD_SHARED_LIBS "Build the shared library"                ON)
-option(BUILD_STATIC_LIBS "Build the static library"                ON)
+option(BUILD_SHARED_LIBS "Build a shared library"                  ON)
+option(BUILD_STATIC_LIBS "Build a static library"                  ON)
 option(BUILD_TOOLS       "Build tool programs"                     ON)
 option(FUZZ              "Enable fuzzing instrumentation"          OFF)
-option(LIBFUZZER         "Build libfuzzer harnesses"               OFF)
 option(USE_HIDAPI        "Use hidapi as the HID backend"           OFF)
+option(USE_PCSC          "Enable experimental PCSC support"        OFF)
 option(USE_WINHELLO      "Abstract Windows Hello as a FIDO device" ON)
 option(NFC_LINUX         "Enable NFC support on Linux"             ON)
 
 add_definitions(-D_FIDO_MAJOR=${FIDO_MAJOR})
 add_definitions(-D_FIDO_MINOR=${FIDO_MINOR})
 add_definitions(-D_FIDO_PATCH=${FIDO_PATCH})
 
+if(BUILD_SHARED_LIBS)
+	set(_FIDO2_LIBRARY fido2_shared)
+elseif(BUILD_STATIC_LIBS)
+	set(_FIDO2_LIBRARY fido2)
+else()
+	message(FATAL_ERROR "Nothing to build (BUILD_*_LIBS=OFF)")
+endif()
+
 if(CYGWIN OR MSYS OR MINGW)
 	set(WIN32 1)
 endif()
@@ -66,7 +76,7 @@ if(NOT MSVC)
 	if(APPLE)
 		set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DARWIN_C_SOURCE")
 		set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__STDC_WANT_LIB_EXT1__=1")
-	elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+	elseif((CMAKE_SYSTEM_NAME STREQUAL "Linux") OR MINGW OR CYGWIN)
 		set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_GNU_SOURCE")
 		set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DEFAULT_SOURCE")
 	elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR
@@ -91,6 +101,7 @@ check_include_files(sys/random.h HAVE_SYS_RANDOM_H)
 check_include_files(unistd.h HAVE_UNISTD_H)
 
 check_symbol_exists(arc4random_buf stdlib.h HAVE_ARC4RANDOM_BUF)
+check_symbol_exists(asprintf stdio.h HAVE_ASPRINTF)
 check_symbol_exists(clock_gettime time.h HAVE_CLOCK_GETTIME)
 check_symbol_exists(explicit_bzero string.h HAVE_EXPLICIT_BZERO)
 check_symbol_exists(freezero stdlib.h HAVE_FREEZERO)
@@ -116,6 +127,7 @@ try_compile(HAVE_POSIX_IOCTL
 
 list(APPEND CHECK_VARIABLES
 	HAVE_ARC4RANDOM_BUF
+	HAVE_ASPRINTF
 	HAVE_CBOR_H
 	HAVE_CLOCK_GETTIME
 	HAVE_ENDIAN_H
@@ -147,27 +159,38 @@ foreach(v ${CHECK_VARIABLES})
 	endif()
 endforeach()
 
-if(HAVE_EXPLICIT_BZERO AND NOT LIBFUZZER)
+if(HAVE_EXPLICIT_BZERO AND NOT FUZZ)
 	add_definitions(-DHAVE_EXPLICIT_BZERO)
 endif()
 
 if(UNIX)
 	add_definitions(-DHAVE_DEV_URANDOM)
 endif()
 
+
 if(MSVC)
 	if((NOT CBOR_INCLUDE_DIRS) OR (NOT CBOR_LIBRARY_DIRS) OR
-	   (NOT CBOR_BIN_DIRS) OR (NOT CRYPTO_INCLUDE_DIRS) OR
-	   (NOT CRYPTO_LIBRARY_DIRS) OR (NOT CRYPTO_BIN_DIRS) OR
-	   (NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS) OR
-	   (NOT ZLIB_BIN_DIRS))
+	   (NOT CRYPTO_INCLUDE_DIRS) OR (NOT CRYPTO_LIBRARY_DIRS) OR
+	   (NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS))
 		message(FATAL_ERROR "please define "
-		   "{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY,BIN}_DIRS when "
+		   "{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY}_DIRS when "
 		   "building under msvc")
 	endif()
-	set(CBOR_LIBRARIES cbor)
-	set(ZLIB_LIBRARIES zlib)
-	set(CRYPTO_LIBRARIES crypto-47)
+	if(BUILD_TESTS AND BUILD_SHARED_LIBS AND
+	   ((NOT CBOR_BIN_DIRS) OR (NOT ZLIB_BIN_DIRS) OR (NOT CRYPTO_BIN_DIRS)))
+		message(FATAL_ERROR "please define {CBOR,CRYPTO,ZLIB}_BIN_DIRS "
+		   "when building tests")
+	endif()
+	if(NOT CBOR_LIBRARIES)
+		set(CBOR_LIBRARIES cbor)
+	endif()
+	if(NOT ZLIB_LIBRARIES)
+		set(ZLIB_LIBRARIES zlib1)
+	endif()
+	if(NOT CRYPTO_LIBRARIES)
+		set(CRYPTO_LIBRARIES crypto)
+	endif()
+
 	set(MSVC_DISABLED_WARNINGS_LIST
 		"C4152" # nonstandard extension used: function/data pointer
 			# conversion in expression;
@@ -209,8 +232,12 @@ else()
 		message(FATAL_ERROR "could not find zlib")
 	endif()
 
-	set(CBOR_LIBRARIES "cbor")
-	set(CRYPTO_LIBRARIES "crypto")
+	if(NOT CBOR_LIBRARIES)
+		set(CBOR_LIBRARIES "cbor")
+	endif()
+	if(NOT CRYPTO_LIBRARIES)
+		set(CRYPTO_LIBRARIES "crypto")
+	endif()
 
 	if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
 		pkg_search_module(UDEV libudev REQUIRED)
@@ -237,14 +264,25 @@ else()
 		add_compile_options(-Wno-unused-parameter)
 	endif()
 
+	if(FUZZ)
+		set(USE_PCSC ON)
+		add_definitions(-DFIDO_FUZZ)
+	endif()
+
+	# If building with PCSC, look for pcsc-lite.
+	if(USE_PCSC AND NOT (APPLE OR CYGWIN OR MSYS OR MINGW))
+		pkg_search_module(PCSC libpcsclite REQUIRED)
+		set(PCSC_LIBRARIES pcsclite)
+	endif()
+
 	if(USE_HIDAPI)
 		add_definitions(-DUSE_HIDAPI)
 		pkg_search_module(HIDAPI hidapi${HIDAPI_SUFFIX} REQUIRED)
 		set(HIDAPI_LIBRARIES hidapi${HIDAPI_SUFFIX})
 	endif()
 
 	if(NFC_LINUX)
-		add_definitions(-DNFC_LINUX)
+		add_definitions(-DUSE_NFC)
 	endif()
 
 	if(WIN32)
@@ -263,16 +301,21 @@ else()
 	add_compile_options(-Wwrite-strings)
 	add_compile_options(-Wmissing-prototypes)
 	add_compile_options(-Wbad-function-cast)
+	add_compile_options(-Wimplicit-fallthrough)
 	add_compile_options(-pedantic)
 	add_compile_options(-pedantic-errors)
 
+	set(EXTRA_CFLAGS "-Wconversion -Wsign-conversion")
+
 	if(WIN32)
 		add_compile_options(-Wno-type-limits)
 		add_compile_options(-Wno-cast-function-type)
 	endif()
+
 	if(HAVE_SHORTEN_64_TO_32)
 		add_compile_options(-Wshorten-64-to-32)
 	endif()
+
 	if(HAVE_STACK_PROTECTOR_ALL)
 		add_compile_options(-fstack-protector-all)
 	endif()
@@ -285,12 +328,8 @@ else()
 		add_definitions(-DOPENSSL_API_COMPAT=0x10100000L)
 	endif()
 
-	if(FUZZ)
-		add_definitions(-DFIDO_FUZZ)
-	endif()
-
-	if(LIBFUZZER)
-		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer-no-link")
+	if(NOT FUZZ)
+		set(EXTRA_CFLAGS "${EXTRA_CFLAGS} -Wframe-larger-than=2047")
 	endif()
 endif()
 
@@ -309,6 +348,10 @@ elseif(WIN32)
 endif()
 add_definitions(-DTLS=${TLS})
 
+if(USE_PCSC)
+	add_definitions(-DUSE_PCSC)
+endif()
+
 # export list
 if(APPLE AND (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
    CMAKE_C_COMPILER_ID STREQUAL "AppleClang"))
@@ -345,16 +388,18 @@ else()
 	    " /def:\"${CMAKE_CURRENT_SOURCE_DIR}/src/export.msvc\"")
 endif()
 
-include_directories(${CMAKE_SOURCE_DIR}/src)
+include_directories(${PROJECT_SOURCE_DIR}/src)
 include_directories(${CBOR_INCLUDE_DIRS})
 include_directories(${CRYPTO_INCLUDE_DIRS})
 include_directories(${HIDAPI_INCLUDE_DIRS})
+include_directories(${PCSC_INCLUDE_DIRS})
 include_directories(${UDEV_INCLUDE_DIRS})
 include_directories(${ZLIB_INCLUDE_DIRS})
 
 link_directories(${CBOR_LIBRARY_DIRS})
 link_directories(${CRYPTO_LIBRARY_DIRS})
 link_directories(${HIDAPI_LIBRARY_DIRS})
+link_directories(${PCSC_LIBRARY_DIRS})
 link_directories(${UDEV_LIBRARY_DIRS})
 link_directories(${ZLIB_LIBRARY_DIRS})
 
@@ -367,62 +412,87 @@ message(STATUS "BUILD_TOOLS: ${BUILD_TOOLS}")
 message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}")
 message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}")
 message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}")
+if(BUILD_TESTS)
+	message(STATUS "CBOR_BIN_DIRS: ${CBOR_BIN_DIRS}")
+endif()
 message(STATUS "CBOR_VERSION: ${CBOR_VERSION}")
 message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}")
 message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}")
 message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}")
 message(STATUS "CMAKE_C_FLAGS: ${CMAKE_C_FLAGS}")
+message(STATUS "CMAKE_CROSSCOMPILING: ${CMAKE_CROSSCOMPILING}")
+message(STATUS "CMAKE_GENERATOR_PLATFORM: ${CMAKE_GENERATOR_PLATFORM}")
+message(STATUS "CMAKE_HOST_SYSTEM_NAME: ${CMAKE_HOST_SYSTEM_NAME}")
+message(STATUS "CMAKE_HOST_SYSTEM_PROCESSOR: ${CMAKE_HOST_SYSTEM_PROCESSOR}")
 message(STATUS "CMAKE_INSTALL_LIBDIR: ${CMAKE_INSTALL_LIBDIR}")
 message(STATUS "CMAKE_INSTALL_PREFIX: ${CMAKE_INSTALL_PREFIX}")
 message(STATUS "CMAKE_SYSTEM_NAME: ${CMAKE_SYSTEM_NAME}")
+message(STATUS "CMAKE_SYSTEM_PROCESSOR: ${CMAKE_SYSTEM_PROCESSOR}")
 message(STATUS "CMAKE_SYSTEM_VERSION: ${CMAKE_SYSTEM_VERSION}")
 message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}")
 message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}")
 message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}")
+if(BUILD_TESTS)
+	message(STATUS "CRYPTO_BIN_DIRS: ${CRYPTO_BIN_DIRS}")
+endif()
 message(STATUS "CRYPTO_VERSION: ${CRYPTO_VERSION}")
 message(STATUS "FIDO_VERSION: ${FIDO_VERSION}")
 message(STATUS "FUZZ: ${FUZZ}")
+if(FUZZ)
+	message(STATUS "FUZZ_LDFLAGS: ${FUZZ_LDFLAGS}")
+endif()
 message(STATUS "ZLIB_INCLUDE_DIRS: ${ZLIB_INCLUDE_DIRS}")
 message(STATUS "ZLIB_LIBRARIES: ${ZLIB_LIBRARIES}")
 message(STATUS "ZLIB_LIBRARY_DIRS: ${ZLIB_LIBRARY_DIRS}")
+if(BUILD_TESTS)
+	message(STATUS "ZLIB_BIN_DIRS: ${ZLIB_BIN_DIRS}")
+endif()
 message(STATUS "ZLIB_VERSION: ${ZLIB_VERSION}")
 if(USE_HIDAPI)
 	message(STATUS "HIDAPI_INCLUDE_DIRS: ${HIDAPI_INCLUDE_DIRS}")
 	message(STATUS "HIDAPI_LIBRARIES: ${HIDAPI_LIBRARIES}")
 	message(STATUS "HIDAPI_LIBRARY_DIRS: ${HIDAPI_LIBRARY_DIRS}")
 	message(STATUS "HIDAPI_VERSION: ${HIDAPI_VERSION}")
 endif()
-message(STATUS "LIBFUZZER: ${LIBFUZZER}")
+message(STATUS "PCSC_INCLUDE_DIRS: ${PCSC_INCLUDE_DIRS}")
+message(STATUS "PCSC_LIBRARIES: ${PCSC_LIBRARIES}")
+message(STATUS "PCSC_LIBRARY_DIRS: ${PCSC_LIBRARY_DIRS}")
+message(STATUS "PCSC_VERSION: ${PCSC_VERSION}")
 message(STATUS "TLS: ${TLS}")
 message(STATUS "UDEV_INCLUDE_DIRS: ${UDEV_INCLUDE_DIRS}")
 message(STATUS "UDEV_LIBRARIES: ${UDEV_LIBRARIES}")
 message(STATUS "UDEV_LIBRARY_DIRS: ${UDEV_LIBRARY_DIRS}")
 message(STATUS "UDEV_RULES_DIR: ${UDEV_RULES_DIR}")
 message(STATUS "UDEV_VERSION: ${UDEV_VERSION}")
 message(STATUS "USE_HIDAPI: ${USE_HIDAPI}")
+message(STATUS "USE_PCSC: ${USE_PCSC}")
 message(STATUS "USE_WINHELLO: ${USE_WINHELLO}")
 message(STATUS "NFC_LINUX: ${NFC_LINUX}")
 
-subdirs(src)
+if(BUILD_TESTS)
+	enable_testing()
+endif()
+
+add_subdirectory(src)
+
+if(BUILD_TESTS)
+	add_subdirectory(regress)
+endif()
 if(BUILD_EXAMPLES)
-	subdirs(examples)
+	add_subdirectory(examples)
 endif()
 if(BUILD_TOOLS)
-	subdirs(tools)
+	add_subdirectory(tools)
 endif()
 if(BUILD_MANPAGES)
-	subdirs(man)
+	add_subdirectory(man)
 endif()
 
 if(NOT WIN32)
-	if(CMAKE_BUILD_TYPE STREQUAL "Debug" AND NOT FUZZ)
-		enable_testing()
-		subdirs(regress)
-	endif()
 	if(FUZZ)
-		subdirs(fuzz)
+		add_subdirectory(fuzz)
 	endif()
 	if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
-		subdirs(udev)
+		add_subdirectory(udev)
 	endif()
 endif()
diff --git a/contrib/libfido2/LICENSE b/contrib/libfido2/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2018-2022 Yubico AB. All rights reserved.
+Copyright (c) 2018-2023 Yubico AB. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -22,3 +22,5 @@ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+SPDX-License-Identifier: BSD-2-Clause
diff --git a/contrib/libfido2/NEWS b/contrib/libfido2/NEWS
@@ -1,3 +1,44 @@
+* Version 1.13.0 (2023-02-20)
+ ** Support for linking against OpenSSL on Windows; gh#668.
+ ** New API calls:
+  - fido_assert_empty_allow_list;
+  - fido_cred_empty_exclude_list.
+ ** fido2-token: fix issue when listing large blobs.
+ ** Improved support for different fuzzing engines.
+
+* Version 1.12.0 (2022-09-22)
+ ** Support for COSE_ES384.
+ ** Support for hidraw(4) on FreeBSD; gh#597.
+ ** Improved support for FIDO 2.1 authenticators.
+ ** New API calls:
+  - es384_pk_free;
+  - es384_pk_from_EC_KEY;
+  - es384_pk_from_EVP_PKEY;
+  - es384_pk_from_ptr;
+  - es384_pk_new;
+  - es384_pk_to_EVP_PKEY;
+  - fido_cbor_info_certs_len;
+  - fido_cbor_info_certs_name_ptr;
+  - fido_cbor_info_certs_value_ptr;
+  - fido_cbor_info_maxrpid_minpinlen;
+  - fido_cbor_info_minpinlen;
+  - fido_cbor_info_new_pin_required;
+  - fido_cbor_info_rk_remaining;
+  - fido_cbor_info_uv_attempts;
+  - fido_cbor_info_uv_modality.
+ ** Documentation and reliability fixes.
+
+* Version 1.11.0 (2022-05-03)
+ ** Experimental PCSC support; enable with -DUSE_PCSC.
+ ** Improved OpenSSL 3.0 compatibility.
+ ** Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
+ ** winhello: advertise "uv" instead of "clientPin".
+ ** winhello: support hmac-secret in fido_dev_get_assert().
+ ** New API calls:
+  - fido_cbor_info_maxlargeblob.
+ ** Documentation and reliability fixes.
+ ** Separate build and regress targets.
+
 * Version 1.10.0 (2022-01-17)
  ** hid_osx: handle devices with paths > 511 bytes; gh#462.
  ** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.