Page MenuHomeFreeBSD

ssh: generate SK config file using private cbor and fido2 libs
ClosedPublic

Authored by emaste on Mar 4 2022, 3:14 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Oct 15, 8:45 AM
Unknown Object (File)
Sun, Oct 5, 6:01 AM
Unknown Object (File)
Mon, Sep 22, 1:58 PM
Unknown Object (File)
Thu, Sep 18, 4:48 PM
Unknown Object (File)
Sep 18 2025, 12:35 AM
Unknown Object (File)
Sep 15 2025, 12:50 PM
Unknown Object (File)
Sep 15 2025, 12:48 PM
Unknown Object (File)
Sep 13 2025, 11:28 AM
Subscribers

Details

Summary

Specify -lprivatecbor and -lprivatefido2 in OpenSSH's configure.ac, and pass -I paths to libcbor and libfido2's contrib src location.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste requested review of this revision.Mar 4 2022, 3:14 PM
emaste created this revision.

This will be needed for the 8.9p1 update but doesn't hurt to do now against 8.8p1. This was the least hacky simple approach I could find.

This is not actually a NFC, it adds the following to sk_config.h:

#define HAVE_FIDO_CRED_PROT 1
#define HAVE_FIDO_CRED_SET_PROT 1
#define HAVE_FIDO_DEV_GET_TOUCH_BEGIN 1
#define HAVE_FIDO_DEV_GET_TOUCH_STATUS 1
#define HAVE_FIDO_DEV_SUPPORTS_CRED_PROT 1

Prior to 8.9p1 these are #defined to stubs if the HAVE_* macros are not set but 8.9p1 introduced local implementations, which caused a build failure.

This revision was not accepted when it landed; it landed in state Needs Review.Mar 6 2022, 12:58 AM
This revision was automatically updated to reflect the committed changes.