Index: crypto/openssh/config.h =================================================================== --- crypto/openssh/config.h +++ crypto/openssh/config.h @@ -137,7 +137,7 @@ #define ENABLE_SK /**/ /* Enable for built-in U2F/FIDO support */ -/* #undef ENABLE_SK_INTERNAL */ +#define ENABLE_SK_INTERNAL 1 /* define if fflush(NULL) does not work */ /* #undef FFLUSH_NULL_BUG */ Index: crypto/openssh/ssh_namespace.h =================================================================== --- crypto/openssh/ssh_namespace.h +++ crypto/openssh/ssh_namespace.h @@ -87,6 +87,10 @@ #define chacha_encrypt_bytes Fssh_chacha_encrypt_bytes #define chacha_ivsetup Fssh_chacha_ivsetup #define chacha_keysetup Fssh_chacha_keysetup +#define chachapoly_crypt Fssh_chachapoly_crypt +#define chachapoly_free Fssh_chachapoly_free +#define chachapoly_get_length Fssh_chachapoly_get_length +#define chachapoly_new Fssh_chachapoly_new #define chan_ibuf_empty Fssh_chan_ibuf_empty #define chan_is_dead Fssh_chan_is_dead #define chan_mark_dead Fssh_chan_mark_dead @@ -553,8 +557,10 @@ #define ssh_dss_sign Fssh_ssh_dss_sign #define ssh_dss_verify Fssh_ssh_dss_verify #define ssh_ecdsa_sign Fssh_ssh_ecdsa_sign +#define ssh_ecdsa_sk_verify Fssh_ssh_ecdsa_sk_verify #define ssh_ecdsa_verify Fssh_ssh_ecdsa_verify #define ssh_ed25519_sign Fssh_ssh_ed25519_sign +#define ssh_ed25519_sk_verify Fssh_ssh_ed25519_sk_verify #define ssh_ed25519_verify Fssh_ssh_ed25519_verify #define ssh_err Fssh_ssh_err #define ssh_fetch_identitylist Fssh_ssh_fetch_identitylist @@ -871,6 +877,12 @@ #define sshpkt_start Fssh_sshpkt_start #define sshpkt_vfatal Fssh_sshpkt_vfatal #define sshsigdie Fssh_sshsigdie +#define sshsk_add_option Fssh_sshsk_add_option +#define sshsk_enroll Fssh_sshsk_enroll +#define sshsk_key_from_response Fssh_sshsk_key_from_response +#define sshsk_load_resident Fssh_sshsk_load_resident +#define sshsk_open Fssh_sshsk_open +#define sshsk_sign Fssh_sshsk_sign #define start_progress_meter Fssh_start_progress_meter #define stdfd_devnull Fssh_stdfd_devnull #define stop_progress_meter Fssh_stop_progress_meter Index: secure/libexec/Makefile =================================================================== --- secure/libexec/Makefile +++ secure/libexec/Makefile @@ -4,7 +4,7 @@ SUBDIR= .if ${MK_OPENSSH} != "no" -SUBDIR+=sftp-server ssh-keysign ssh-pkcs11-helper +SUBDIR+=sftp-server ssh-keysign ssh-pkcs11-helper ssh-sk-helper .endif SUBDIR.${MK_TESTS}+= tests Index: secure/libexec/ssh-sk-helper/Makefile =================================================================== --- /dev/null +++ secure/libexec/ssh-sk-helper/Makefile @@ -0,0 +1,14 @@ +# $FreeBSD$ + +PROG= ssh-sk-helper +SRCS= ssh-sk-helper.c ssh-sk.c sk-usbhid.c +MAN= ssh-sk-helper.8 +CFLAGS+=-I${SSHDIR} -include ssh_namespace.h +CFLAGS+=-I${.CURDIR}/../../../contrib/libfido2/src +SRCS+= ssh_namespace.h + +LIBADD= ssh fido2 cbor crypto z + +.include + +.PATH: ${SSHDIR} Index: tools/build/mk/OptionalObsoleteFiles.inc =================================================================== --- tools/build/mk/OptionalObsoleteFiles.inc +++ tools/build/mk/OptionalObsoleteFiles.inc @@ -7142,6 +7142,7 @@ OLD_FILES+=usr/libexec/sftp-server OLD_FILES+=usr/libexec/ssh-keysign OLD_FILES+=usr/libexec/ssh-pkcs11-helper +OLD_FILES+=usr/libexec/ssh-sk-helper OLD_FILES+=usr/sbin/sshd OLD_FILES+=usr/share/man/man1/scp.1.gz OLD_FILES+=usr/share/man/man1/sftp.1.gz @@ -7158,6 +7159,7 @@ OLD_FILES+=usr/share/man/man8/sftp-server.8.gz OLD_FILES+=usr/share/man/man8/ssh-keysign.8.gz OLD_FILES+=usr/share/man/man8/ssh-pkcs11-helper.8.gz +OLD_FILES+=usr/share/man/man8/ssh-sk-helper.8.gz OLD_FILES+=usr/share/man/man8/sshd.8.gz .endif