logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git
commit: 33b57a73d408aac6891a4ed8c3281577cc4a54fd
parent ecc7a257aae1de11f4a5ca77402e3d12cf973061
Author: Michael Forney <mforney@mforney.org>
Date:   Wed, 22 Apr 2020 21:42:09 -0700

libfido2: Switch to oasis repository

Diffstat:

M.gitmodules2+-
Dpkg/libfido2/patch/0001-hid_linux-Use-sysfs-instead-of-libudev.patch212-------------------------------------------------------------------------------
Dpkg/libfido2/patch/0002-u2f-Use-nanosleep-instead-of-obsolete-usleep.patch83-------------------------------------------------------------------------------
Dpkg/libfido2/patch/0003-io-avoid-use-of-packed-struct.patch257-------------------------------------------------------------------------------
Dpkg/libfido2/patch/0004-iso7816-avoid-use-of-packed-struct.patch145-------------------------------------------------------------------------------
Dpkg/libfido2/patch/0005-dev-avoid-use-of-packed-struct.patch75---------------------------------------------------------------------------
Dpkg/libfido2/patch/0006-cbor-u2f-avoid-use-of-packed-struct.patch201-------------------------------------------------------------------------------
Dpkg/libfido2/patch/0007-remove-unused-packed.h.patch41-----------------------------------------
Dpkg/libfido2/patch/0008-port-to-BearSSL.patch1803-------------------------------------------------------------------------------
Mpkg/libfido2/ver2+-
10 files changed, 2 insertions(+), 2819 deletions(-)

diff --git a/.gitmodules b/.gitmodules @@ -122,7 +122,7 @@ ignore = all [submodule "pkg/libfido2/src"] path = pkg/libfido2/src - url = https://github.com/Yubico/libfido2.git + url = https://github.com/oasislinux/libfido2.git ignore = all [submodule "pkg/libgpiod/src"] path = pkg/libgpiod/src diff --git a/pkg/libfido2/patch/0001-hid_linux-Use-sysfs-instead-of-libudev.patch b/pkg/libfido2/patch/0001-hid_linux-Use-sysfs-instead-of-libudev.patch @@ -1,212 +0,0 @@ -From eec0c3a3cf1528185c8e1bdcf94733e27d5d8d51 Mon Sep 17 00:00:00 2001 -From: Michael Forney <mforney@mforney.org> -Date: Fri, 1 Nov 2019 19:39:45 -0700 -Subject: [PATCH] hid_linux: Use sysfs instead of libudev - ---- - CMakeLists.txt | 2 - - src/hid_linux.c | 103 ++++++++++++++++++------------------------------ - 2 files changed, 39 insertions(+), 66 deletions(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 0bb2e87..5262ca8 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -100,8 +100,6 @@ else() - endif() - - if(CMAKE_SYSTEM_NAME STREQUAL "Linux") -- pkg_search_module(UDEV libudev REQUIRED) -- set(UDEV_NAME "udev") - # Define be32toh(). - add_definitions(-D_GNU_SOURCE) - # If using hidapi, use hidapi-hidraw. -diff --git a/src/hid_linux.c b/src/hid_linux.c -index 99c5afb..fa30ab2 100644 ---- a/src/hid_linux.c -+++ b/src/hid_linux.c -@@ -9,8 +9,9 @@ - #include <sys/ioctl.h> - #include <linux/hidraw.h> - -+#include <dirent.h> - #include <fcntl.h> --#include <libudev.h> -+#include <stdio.h> - #include <string.h> - #include <unistd.h> - #include <errno.h> -@@ -147,23 +148,20 @@ is_fido(const char *path) - } - - static int --parse_uevent(struct udev_device *dev, int16_t *vendor_id, int16_t *product_id) -+parse_uevent(const char *path, int16_t *vendor_id, int16_t *product_id) - { -- const char *uevent; -- char *cp; -- char *p; -- char *s; -+ FILE *fp; -+ char *p = NULL; -+ size_t n = 0; - int ok = -1; - short unsigned int x; - short unsigned int y; - -- if ((uevent = udev_device_get_sysattr_value(dev, "uevent")) == NULL) -+ fp = fopen(path, "r"); -+ if (!fp) - return (-1); - -- if ((s = cp = strdup(uevent)) == NULL) -- return (-1); -- -- for ((p = strsep(&cp, "\n")); p && *p != '\0'; (p = strsep(&cp, "\n"))) { -+ while (getline(&p, &n, fp) >= 0) { - if (strncmp(p, "HID_ID=", 7) == 0) { - if (sscanf(p + 7, "%*x:%hx:%hx", &x, &y) == 2) { - *vendor_id = (int16_t)x; -@@ -174,50 +172,34 @@ parse_uevent(struct udev_device *dev, int16_t *vendor_id, int16_t *product_id) - } - } - -- free(s); -- -+ free(p); -+ fclose(fp); - return (ok); - } - - static int --copy_info(fido_dev_info_t *di, struct udev *udev, -- struct udev_list_entry *udev_entry) -+copy_info(fido_dev_info_t *di, const char *name) - { -- const char *name; -- const char *path; -- const char *manufacturer; -- const char *product; -- struct udev_device *dev = NULL; -- struct udev_device *hid_parent; -- struct udev_device *usb_parent; -- int ok = -1; -+ char path[PATH_MAX]; -+ int r, ok = -1; - - memset(di, 0, sizeof(*di)); - -- if ((name = udev_list_entry_get_name(udev_entry)) == NULL || -- (dev = udev_device_new_from_syspath(udev, name)) == NULL || -- (path = udev_device_get_devnode(dev)) == NULL || -- is_fido(path) == 0) -+ r = snprintf(path, sizeof(path), "/dev/%s", name); -+ if (r < 0 || (size_t)r >= sizeof(path)) - goto fail; -- -- if ((hid_parent = udev_device_get_parent_with_subsystem_devtype(dev, -- "hid", NULL)) == NULL) -+ if (is_fido(path) == 0) - goto fail; -+ di->path = strdup(path); - -- if ((usb_parent = udev_device_get_parent_with_subsystem_devtype(dev, -- "usb", "usb_device")) == NULL) -+ r = snprintf(path, sizeof(path), "/sys/class/hidraw/%s/device/uevent", name); -+ if (r < 0 || (size_t)r >= sizeof(path)) - goto fail; -- -- if (parse_uevent(hid_parent, &di->vendor_id, &di->product_id) < 0 || -- (manufacturer = udev_device_get_sysattr_value(usb_parent, -- "manufacturer")) == NULL || -- (product = udev_device_get_sysattr_value(usb_parent, -- "product")) == NULL) -+ if (parse_uevent(path, &di->vendor_id, &di->product_id) < 0) - goto fail; - -- di->path = strdup(path); -- di->manufacturer = strdup(manufacturer); -- di->product = strdup(product); -+ di->manufacturer = strdup("unknown"); -+ di->product = strdup("unknown"); - - if (di->path == NULL || - di->manufacturer == NULL || -@@ -226,9 +208,6 @@ copy_info(fido_dev_info_t *di, struct udev *udev, - - ok = 0; - fail: -- if (dev != NULL) -- udev_device_unref(dev); -- - if (ok < 0) { - free(di->path); - free(di->manufacturer); -@@ -239,14 +218,17 @@ fail: - return (ok); - } - -+static int -+filter_hidraw(const struct dirent *d) -+{ -+ return strncmp(d->d_name, "hidraw", 6) == 0; -+} -+ - int - fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen) - { -- struct udev *udev = NULL; -- struct udev_enumerate *udev_enum = NULL; -- struct udev_list_entry *udev_list; -- struct udev_list_entry *udev_entry; -- int r = FIDO_ERR_INTERNAL; -+ struct dirent **entries; -+ int i, n, r = FIDO_ERR_INTERNAL; - - *olen = 0; - -@@ -256,17 +238,11 @@ fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen) - if (devlist == NULL) - return (FIDO_ERR_INVALID_ARGUMENT); - -- if ((udev = udev_new()) == NULL || -- (udev_enum = udev_enumerate_new(udev)) == NULL) -+ n = scandir("/sys/class/hidraw", &entries, filter_hidraw, alphasort); -+ if (n == -1) - goto fail; -- -- if (udev_enumerate_add_match_subsystem(udev_enum, "hidraw") < 0 || -- udev_enumerate_scan_devices(udev_enum) < 0 || -- (udev_list = udev_enumerate_get_list_entry(udev_enum)) == NULL) -- goto fail; -- -- udev_list_entry_foreach(udev_entry, udev_list) { -- if (copy_info(&devlist[*olen], udev, udev_entry) == 0) { -+ for (i = 0; i < n; ++i) { -+ if (copy_info(&devlist[*olen], entries[i]->d_name) == 0) { - devlist[*olen].io = (fido_dev_io_t) { - fido_hid_open, - fido_hid_close, -@@ -276,15 +252,14 @@ fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen) - if (++(*olen) == ilen) - break; - } -+ free(entries[i]); - } -+ for (; i < n; ++i) -+ free(entries[i]); -+ free(entries); - - r = FIDO_OK; - fail: -- if (udev_enum != NULL) -- udev_enumerate_unref(udev_enum); -- if (udev != NULL) -- udev_unref(udev); -- - return (r); - } - --- -2.26.1 - diff --git a/pkg/libfido2/patch/0002-u2f-Use-nanosleep-instead-of-obsolete-usleep.patch b/pkg/libfido2/patch/0002-u2f-Use-nanosleep-instead-of-obsolete-usleep.patch @@ -1,83 +0,0 @@ -From 18e294353b75c7f7006c633b000e780bdb89f0f7 Mon Sep 17 00:00:00 2001 -From: Michael Forney <mforney@mforney.org> -Date: Tue, 26 Nov 2019 13:06:58 -0800 -Subject: [PATCH] u2f: Use nanosleep instead of obsolete usleep - -usleep was declared obsolete in POSIX.1-2001 and removed in -POSIX.1-2008. ---- - src/u2f.c | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/src/u2f.c b/src/u2f.c -index 19a959d..3b01f61 100644 ---- a/src/u2f.c -+++ b/src/u2f.c -@@ -11,19 +11,27 @@ - #ifdef HAVE_UNISTD_H - #include <unistd.h> - #endif -+#include <time.h> - - #include "fido.h" - #include "fido/es256.h" - --#if defined(_MSC_VER) - static int --usleep(unsigned int usec) -+sleep_msec(unsigned int msec) - { -- Sleep(usec / 1000); -+#if defined(_MSC_VER) -+ Sleep(msec); - - return (0); --} -+#else -+ struct timespec ts = { -+ .tv_sec = msec / 1000, -+ .tv_nsec = (msec % 1000) * 1000000, -+ }; -+ -+ return nanosleep(&ts, NULL); - #endif -+} - - static int - sig_get(fido_blob_t *sig, const unsigned char **buf, size_t *len) -@@ -160,8 +168,8 @@ send_dummy_register(fido_dev_t *dev, int ms) - r = FIDO_ERR_RX; - goto fail; - } -- if (usleep((ms == -1 ? 100 : ms) * 1000) < 0) { -- fido_log_debug("%s: usleep", __func__); -+ if (sleep_msec(ms == -1 ? 100 : ms) < 0) { -+ fido_log_debug("%s: sleep_msec", __func__); - r = FIDO_ERR_RX; - goto fail; - } -@@ -336,8 +344,8 @@ do_auth(fido_dev_t *dev, const fido_blob_t *cdh, const char *rp_id, - r = FIDO_ERR_RX; - goto fail; - } -- if (usleep((ms == -1 ? 100 : ms) * 1000) < 0) { -- fido_log_debug("%s: usleep", __func__); -+ if (sleep_msec(ms == -1 ? 100 : ms) < 0) { -+ fido_log_debug("%s: sleep_msec", __func__); - r = FIDO_ERR_RX; - goto fail; - } -@@ -643,8 +651,8 @@ u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms) - r = FIDO_ERR_RX; - goto fail; - } -- if (usleep((ms == -1 ? 100 : ms) * 1000) < 0) { -- fido_log_debug("%s: usleep", __func__); -+ if (sleep_msec(ms == -1 ? 100 : ms) < 0) { -+ fido_log_debug("%s: sleep_msec", __func__); - r = FIDO_ERR_RX; - goto fail; - } --- -2.26.1 - diff --git a/pkg/libfido2/patch/0003-io-avoid-use-of-packed-struct.patch b/pkg/libfido2/patch/0003-io-avoid-use-of-packed-struct.patch @@ -1,257 +0,0 @@ -From 4c52200f4480b8f0491d79df9934918762376d81 Mon Sep 17 00:00:00 2001 -From: Michael Forney <mforney@mforney.org> -Date: Tue, 26 Nov 2019 18:52:13 -0800 -Subject: [PATCH] io: avoid use of packed struct - ---- - src/io.c | 143 ++++++++++++++++++++++++++----------------------------- - 1 file changed, 67 insertions(+), 76 deletions(-) - -diff --git a/src/io.c b/src/io.c -index af2f49a..9e6af3d 100644 ---- a/src/io.c -+++ b/src/io.c -@@ -9,25 +9,19 @@ - #include <string.h> - - #include "fido.h" --#include "packed.h" -- --PACKED_TYPE(frame_t, --struct frame { -- uint32_t cid; /* channel id */ -- union { -- uint8_t type; -- struct { -- uint8_t cmd; -- uint8_t bcnth; -- uint8_t bcntl; -- uint8_t data[CTAP_RPT_SIZE - 7]; -- } init; -- struct { -- uint8_t seq; -- uint8_t data[CTAP_RPT_SIZE - 5]; -- } cont; -- } body; --}) -+ -+/* CTAP section 8.1.4 */ -+enum { -+ CID, -+ -+ INIT_CMD = 4, -+ INIT_BCNTH, -+ INIT_BCNTL, -+ INIT_DATA, -+ -+ CONT_SEQ = 4, -+ CONT_DATA, -+}; - - #ifndef MIN - #define MIN(x, y) ((x) > (y) ? (y) : (x)) -@@ -36,14 +30,11 @@ struct frame { - static int - tx_empty(fido_dev_t *d, uint8_t cmd) - { -- struct frame *fp; -- unsigned char pkt[sizeof(*fp) + 1]; -- int n; -+ uint8_t pkt[1 + CTAP_RPT_SIZE] = {0}; -+ int n; - -- memset(&pkt, 0, sizeof(pkt)); -- fp = (struct frame *)(pkt + 1); -- fp->cid = d->cid; -- fp->body.init.cmd = CTAP_FRAME_INIT | cmd; -+ memcpy(pkt + 1 + CID, &d->cid, 4); -+ pkt[1 + INIT_CMD] = CTAP_FRAME_INIT | cmd; - - n = d->io.write(d->io_handle, pkt, sizeof(pkt)); - if (n < 0 || (size_t)n != sizeof(pkt)) -@@ -55,18 +46,15 @@ tx_empty(fido_dev_t *d, uint8_t cmd) - static size_t - tx_preamble(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count) - { -- struct frame *fp; -- unsigned char pkt[sizeof(*fp) + 1]; -- int n; -- -- memset(&pkt, 0, sizeof(pkt)); -- fp = (struct frame *)(pkt + 1); -- fp->cid = d->cid; -- fp->body.init.cmd = CTAP_FRAME_INIT | cmd; -- fp->body.init.bcnth = (count >> 8) & 0xff; -- fp->body.init.bcntl = count & 0xff; -- count = MIN(count, sizeof(fp->body.init.data)); -- memcpy(&fp->body.init.data, buf, count); -+ uint8_t pkt[1 + CTAP_RPT_SIZE] = {0}; -+ int n; -+ -+ memcpy(pkt + 1 + CID, &d->cid, 4); -+ pkt[1 + INIT_CMD] = CTAP_FRAME_INIT | cmd; -+ pkt[1 + INIT_BCNTH] = (count >> 8) & 0xff; -+ pkt[1 + INIT_BCNTL] = count & 0xff; -+ count = MIN(count, CTAP_RPT_SIZE - INIT_DATA); -+ memcpy(pkt + 1 + INIT_DATA, buf, count); - - n = d->io.write(d->io_handle, pkt, sizeof(pkt)); - if (n < 0 || (size_t)n != sizeof(pkt)) -@@ -78,16 +66,13 @@ tx_preamble(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count) - static size_t - tx_frame(fido_dev_t *d, uint8_t seq, const void *buf, size_t count) - { -- struct frame *fp; -- unsigned char pkt[sizeof(*fp) + 1]; -- int n; -+ uint8_t pkt[1 + CTAP_RPT_SIZE] = {0}; -+ int n; - -- memset(&pkt, 0, sizeof(pkt)); -- fp = (struct frame *)(pkt + 1); -- fp->cid = d->cid; -- fp->body.cont.seq = seq; -- count = MIN(count, sizeof(fp->body.cont.data)); -- memcpy(&fp->body.cont.data, buf, count); -+ memcpy(pkt + 1 + CID, &d->cid, 4); -+ pkt[1 + CONT_SEQ] = seq; -+ count = MIN(count, CTAP_RPT_SIZE - CONT_DATA); -+ memcpy(pkt + 1 + CONT_DATA, buf, count); - - n = d->io.write(d->io_handle, pkt, sizeof(pkt)); - if (n < 0 || (size_t)n != sizeof(pkt)) -@@ -142,39 +127,42 @@ fido_tx(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count) - } - - static int --rx_frame(fido_dev_t *d, struct frame *fp, int ms) -+rx_frame(fido_dev_t *d, uint8_t *fp, int ms) - { - int n; - -- n = d->io.read(d->io_handle, (unsigned char *)fp, sizeof(*fp), ms); -- if (n < 0 || (size_t)n != sizeof(*fp)) -+ n = d->io.read(d->io_handle, (unsigned char *)fp, CTAP_RPT_SIZE, ms); -+ if (n < 0 || (size_t)n != CTAP_RPT_SIZE) - return (-1); - - return (0); - } - - static int --rx_preamble(fido_dev_t *d, uint8_t cmd, struct frame *fp, int ms) -+rx_preamble(fido_dev_t *d, uint8_t cmd, uint8_t *fp, int ms) - { -+ uint32_t cid; -+ - do { - if (rx_frame(d, fp, ms) < 0) - return (-1); -+ memcpy(&cid, &fp[CID], 4); - #ifdef FIDO_FUZZ -- fp->cid = d->cid; -+ cid = d->cid; - #endif -- } while (fp->cid == d->cid && -- fp->body.init.cmd == (CTAP_FRAME_INIT | CTAP_KEEPALIVE)); -+ } while (cid == d->cid && -+ fp[INIT_CMD] == (CTAP_FRAME_INIT | CTAP_KEEPALIVE)); - - fido_log_debug("%s: initiation frame at %p", __func__, (void *)fp); -- fido_log_xxd(fp, sizeof(*fp)); -+ fido_log_xxd(fp, CTAP_RPT_SIZE); - - #ifdef FIDO_FUZZ -- fp->body.init.cmd = (CTAP_FRAME_INIT | cmd); -+ fp[INIT_CMD] = (CTAP_FRAME_INIT | cmd); - #endif - -- if (fp->cid != d->cid || fp->body.init.cmd != (CTAP_FRAME_INIT | cmd)) { -+ if (cid != d->cid || fp[INIT_CMD] != (CTAP_FRAME_INIT | cmd)) { - fido_log_debug("%s: cid (0x%x, 0x%x), cmd (0x%02x, 0x%02x)", -- __func__, fp->cid, d->cid, fp->body.init.cmd, cmd); -+ __func__, cid, d->cid, fp[INIT_CMD], cmd); - return (-1); - } - -@@ -184,15 +172,16 @@ rx_preamble(fido_dev_t *d, uint8_t cmd, struct frame *fp, int ms) - static int - rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int ms) - { -- struct frame f; -- uint16_t r, payload_len; -+ uint8_t f[CTAP_RPT_SIZE]; -+ uint32_t cid; -+ uint16_t r, payload_len; - -- if (rx_preamble(d, cmd, &f, ms) < 0) { -+ if (rx_preamble(d, cmd, f, ms) < 0) { - fido_log_debug("%s: rx_preamble", __func__); - return (-1); - } - -- payload_len = (f.body.init.bcnth << 8) | f.body.init.bcntl; -+ payload_len = (f[INIT_BCNTH] << 8) | f[INIT_BCNTL]; - fido_log_debug("%s: payload_len=%zu", __func__, (size_t)payload_len); - - if (count < (size_t)payload_len) { -@@ -200,16 +189,16 @@ rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int ms) - return (-1); - } - -- if (payload_len < sizeof(f.body.init.data)) { -- memcpy(buf, f.body.init.data, payload_len); -+ if (payload_len < CTAP_RPT_SIZE - INIT_DATA) { -+ memcpy(buf, f + INIT_DATA, payload_len); - return (payload_len); - } - -- memcpy(buf, f.body.init.data, sizeof(f.body.init.data)); -- r = sizeof(f.body.init.data); -+ memcpy(buf, f + INIT_DATA, CTAP_RPT_SIZE - INIT_DATA); -+ r = CTAP_RPT_SIZE - INIT_DATA; - - for (int seq = 0; (size_t)r < payload_len; seq++) { -- if (rx_frame(d, &f, ms) < 0) { -+ if (rx_frame(d, f, ms) < 0) { - fido_log_debug("%s: rx_frame", __func__); - return (-1); - } -@@ -218,23 +207,25 @@ rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int ms) - (void *)&f); - fido_log_xxd(&f, sizeof(f)); - -+ memcpy(&cid, f + CID, 4); -+ - #ifdef FIDO_FUZZ -- f.cid = d->cid; -- f.body.cont.seq = seq; -+ cid = d->cid; -+ f[CONT_SEQ] = seq; - #endif - -- if (f.cid != d->cid || f.body.cont.seq != seq) { -+ if (cid != d->cid || f[CONT_SEQ] != seq) { - fido_log_debug("%s: cid (0x%x, 0x%x), seq (%d, %d)", -- __func__, f.cid, d->cid, f.body.cont.seq, seq); -+ __func__, cid, d->cid, f[CONT_SEQ], seq); - return (-1); - } - -- if ((size_t)(payload_len - r) > sizeof(f.body.cont.data)) { -- memcpy(buf + r, f.body.cont.data, -- sizeof(f.body.cont.data)); -- r += sizeof(f.body.cont.data); -+ if ((size_t)(payload_len - r) > CTAP_RPT_SIZE - CONT_DATA) { -+ memcpy(buf + r, f + CONT_DATA, -+ CTAP_RPT_SIZE - CONT_DATA); -+ r += CTAP_RPT_SIZE - CONT_DATA; - } else { -- memcpy(buf + r, f.body.cont.data, payload_len - r); -+ memcpy(buf + r, f + CONT_DATA, payload_len - r); - r += (payload_len - r); /* break */ - } - } --- -2.26.1 - diff --git a/pkg/libfido2/patch/0004-iso7816-avoid-use-of-packed-struct.patch b/pkg/libfido2/patch/0004-iso7816-avoid-use-of-packed-struct.patch @@ -1,145 +0,0 @@ -From f820cce15621fba6b77daf4c2e1cf3f8bae0a44a Mon Sep 17 00:00:00 2001 -From: Michael Forney <mforney@mforney.org> -Date: Tue, 26 Nov 2019 18:58:05 -0800 -Subject: [PATCH] iso7816: avoid use of packed struct - ---- - src/iso7816.c | 50 ++++++++++++++++++++++++++++++++------------------ - src/iso7816.h | 22 +--------------------- - 2 files changed, 33 insertions(+), 39 deletions(-) - -diff --git a/src/iso7816.c b/src/iso7816.c -index a3fd280..4792443 100644 ---- a/src/iso7816.c -+++ b/src/iso7816.c -@@ -7,24 +7,40 @@ - #include <string.h> - #include "fido.h" - -+struct iso7816_apdu { -+ size_t max_len; -+ size_t len; -+ uint8_t buf[]; -+}; -+ -+enum { -+ CLA, -+ INS, -+ P1, -+ P2, -+ LC1, -+ LC2, -+ LC3, -+ DATA, -+}; -+ - iso7816_apdu_t * - iso7816_new(uint8_t ins, uint8_t p1, uint16_t payload_len) - { - iso7816_apdu_t *apdu; -- size_t alloc_len; -+ size_t max_len; - -- alloc_len = sizeof(iso7816_apdu_t) + payload_len + 2; /* le1 le2 */ -+ max_len = DATA + payload_len + 2; /* le1 le2 */ - -- if ((apdu = calloc(1, alloc_len)) == NULL) -+ if ((apdu = calloc(1, sizeof(*apdu) + max_len)) == NULL) - return (NULL); - -- apdu->alloc_len = alloc_len; -- apdu->payload_len = payload_len; -- apdu->payload_ptr = apdu->payload; -- apdu->header.ins = ins; -- apdu->header.p1 = p1; -- apdu->header.lc2 = (payload_len >> 8) & 0xff; -- apdu->header.lc3 = payload_len & 0xff; -+ apdu->max_len = max_len; -+ apdu->buf[INS] = ins; -+ apdu->buf[P1] = p1; -+ apdu->buf[LC2] = (payload_len >> 8) & 0xff; -+ apdu->buf[LC3] = payload_len & 0xff; -+ apdu->len = DATA; - - return (apdu); - } -@@ -37,7 +53,7 @@ iso7816_free(iso7816_apdu_t **apdu_p) - if (apdu_p == NULL || (apdu = *apdu_p) == NULL) - return; - -- explicit_bzero(apdu, apdu->alloc_len); -+ explicit_bzero(apdu, sizeof(*apdu) + apdu->max_len); - free(apdu); - - *apdu_p = NULL; -@@ -46,12 +62,11 @@ iso7816_free(iso7816_apdu_t **apdu_p) - int - iso7816_add(iso7816_apdu_t *apdu, const void *buf, size_t cnt) - { -- if (cnt > apdu->payload_len || cnt > UINT16_MAX) -+ if (cnt > apdu->max_len - apdu->len) - return (-1); - -- memcpy(apdu->payload_ptr, buf, cnt); -- apdu->payload_ptr += cnt; -- apdu->payload_len -= (uint16_t)cnt; -+ memcpy(apdu->buf + apdu->len, buf, cnt); -+ apdu->len += cnt; - - return (0); - } -@@ -59,12 +74,11 @@ iso7816_add(iso7816_apdu_t *apdu, const void *buf, size_t cnt) - const unsigned char * - iso7816_ptr(const iso7816_apdu_t *apdu) - { -- return ((const unsigned char *)&apdu->header); -+ return ((const unsigned char *)&apdu->buf); - } - - size_t - iso7816_len(const iso7816_apdu_t *apdu) - { -- return (apdu->alloc_len - sizeof(apdu->alloc_len) - -- sizeof(apdu->payload_len) - sizeof(apdu->payload_ptr)); -+ return (apdu->len); - } -diff --git a/src/iso7816.h b/src/iso7816.h -index 563243f..6c4a263 100644 ---- a/src/iso7816.h -+++ b/src/iso7816.h -@@ -10,31 +10,11 @@ - #include <stdint.h> - #include <stdlib.h> - --#include "packed.h" -- - #ifdef __cplusplus - extern "C" { - #endif /* __cplusplus */ - --PACKED_TYPE(iso7816_header_t, --struct iso7816_header { -- uint8_t cla; -- uint8_t ins; -- uint8_t p1; -- uint8_t p2; -- uint8_t lc1; -- uint8_t lc2; -- uint8_t lc3; --}) -- --PACKED_TYPE(iso7816_apdu_t, --struct iso7816_apdu { -- size_t alloc_len; -- uint16_t payload_len; -- uint8_t *payload_ptr; -- iso7816_header_t header; -- uint8_t payload[]; --}) -+typedef struct iso7816_apdu iso7816_apdu_t; - - const unsigned char *iso7816_ptr(const iso7816_apdu_t *); - int iso7816_add(iso7816_apdu_t *, const void *, size_t); --- -2.26.1 - diff --git a/pkg/libfido2/patch/0005-dev-avoid-use-of-packed-struct.patch b/pkg/libfido2/patch/0005-dev-avoid-use-of-packed-struct.patch @@ -1,75 +0,0 @@ -From 99d08a98c903a38ce4ca2f689feb871c1ef01a26 Mon Sep 17 00:00:00 2001 -From: Michael Forney <mforney@mforney.org> -Date: Tue, 26 Nov 2019 19:02:46 -0800 -Subject: [PATCH] dev: avoid use of packed struct - ---- - src/dev.c | 15 ++++++++++++--- - src/fido/types.h | 5 ++--- - 2 files changed, 14 insertions(+), 6 deletions(-) - -diff --git a/src/dev.c b/src/dev.c -index 51b9935..6049cc6 100644 ---- a/src/dev.c -+++ b/src/dev.c -@@ -145,21 +145,30 @@ static int - fido_dev_open_rx(fido_dev_t *dev, int ms) - { - fido_cbor_info_t *info = NULL; -+ uint8_t data[17]; - int reply_len; - int r; - -- if ((reply_len = fido_rx(dev, CTAP_CMD_INIT, &dev->attr, -- sizeof(dev->attr), ms)) < 0) { -+ if ((reply_len = fido_rx(dev, CTAP_CMD_INIT, data, -+ sizeof(data), ms)) < 0) { - fido_log_debug("%s: fido_rx", __func__); - r = FIDO_ERR_RX; - goto fail; - } - -+ memcpy(&dev->attr.nonce, &data[0], 8); -+ memcpy(&dev->attr.cid, &data[8], 4); -+ dev->attr.protocol = data[12]; -+ dev->attr.major = data[13]; -+ dev->attr.minor = data[14]; -+ dev->attr.build = data[15]; -+ dev->attr.flags = data[16]; -+ - #ifdef FIDO_FUZZ - dev->attr.nonce = dev->nonce; - #endif - -- if ((size_t)reply_len != sizeof(dev->attr) || -+ if ((size_t)reply_len != sizeof(data) || - dev->attr.nonce != dev->nonce) { - fido_log_debug("%s: invalid nonce", __func__); - r = FIDO_ERR_RX; -diff --git a/src/fido/types.h b/src/fido/types.h -index 5df5e36..a8ce2ec 100644 ---- a/src/fido/types.h -+++ b/src/fido/types.h -@@ -194,9 +194,8 @@ typedef struct fido_dev_info { - fido_dev_transport_t transport; /* transport functions */ - } fido_dev_info_t; - --PACKED_TYPE(fido_ctap_info_t, - /* defined in section 8.1.9.1.3 (CTAPHID_INIT) of the fido2 ctap spec */ --struct fido_ctap_info { -+typedef struct fido_ctap_info { - uint64_t nonce; /* echoed nonce */ - uint32_t cid; /* channel id */ - uint8_t protocol; /* ctaphid protocol id */ -@@ -204,7 +203,7 @@ struct fido_ctap_info { - uint8_t minor; /* minor version number */ - uint8_t build; /* build version number */ - uint8_t flags; /* capabilities flags; see FIDO_CAP_* */ --}) -+} fido_ctap_info_t; - - typedef struct fido_dev { - uint64_t nonce; /* issued nonce */ --- -2.26.1 - diff --git a/pkg/libfido2/patch/0006-cbor-u2f-avoid-use-of-packed-struct.patch b/pkg/libfido2/patch/0006-cbor-u2f-avoid-use-of-packed-struct.patch @@ -1,201 +0,0 @@ -From 1cb2420a26924ea4b4a5b525a78cdd06e4f9e4fa Mon Sep 17 00:00:00 2001 -From: Michael Forney <mforney@mforney.org> -Date: Tue, 26 Nov 2019 19:30:10 -0800 -Subject: [PATCH] cbor, u2f: avoid use of packed struct - ---- - src/cbor.c | 14 ++++++++-- - src/fido/types.h | 13 ++------- - src/u2f.c | 70 +++++++++++++++++++++++++++++++++--------------- - 3 files changed, 62 insertions(+), 35 deletions(-) - -diff --git a/src/cbor.c b/src/cbor.c -index 3928325..2b3c150 100644 ---- a/src/cbor.c -+++ b/src/cbor.c -@@ -1278,7 +1278,12 @@ cbor_decode_cred_authdata(const cbor_item_t *item, int cose_alg, - fido_log_debug("%s: buf=%p, len=%zu", __func__, (const void *)buf, len); - fido_log_xxd(buf, len); - -- if (fido_buf_read(&buf, &len, authdata, sizeof(*authdata)) < 0) { -+ if (fido_buf_read(&buf, &len, authdata->rp_id_hash, -+ sizeof(authdata->rp_id_hash)) < 0 || -+ fido_buf_read(&buf, &len, &authdata->flags, -+ sizeof(authdata->flags)) < 0 || -+ fido_buf_read(&buf, &len, &authdata->sigcount, -+ sizeof(authdata->sigcount)) < 0) { - fido_log_debug("%s: fido_buf_read", __func__); - return (-1); - } -@@ -1328,7 +1333,12 @@ cbor_decode_assert_authdata(const cbor_item_t *item, fido_blob_t *authdata_cbor, - - fido_log_debug("%s: buf=%p, len=%zu", __func__, (const void *)buf, len); - -- if (fido_buf_read(&buf, &len, authdata, sizeof(*authdata)) < 0) { -+ if (fido_buf_read(&buf, &len, authdata->rp_id_hash, -+ sizeof(authdata->rp_id_hash)) < 0 || -+ fido_buf_read(&buf, &len, &authdata->flags, -+ sizeof(authdata->flags)) < 0 || -+ fido_buf_read(&buf, &len, &authdata->sigcount, -+ sizeof(authdata->sigcount)) < 0) { - fido_log_debug("%s: fido_buf_read", __func__); - return (-1); - } -diff --git a/src/fido/types.h b/src/fido/types.h -index a8ce2ec..814f22c 100644 ---- a/src/fido/types.h -+++ b/src/fido/types.h -@@ -44,7 +44,6 @@ typedef enum { - typedef void fido_log_handler_t(const char *); - - #ifdef _FIDO_INTERNAL --#include "packed.h" - #include "blob.h" - - /* COSE ES256 (ECDSA over P-256 with SHA-256) public key */ -@@ -69,20 +68,12 @@ typedef struct eddsa_pk { - unsigned char x[32]; - } eddsa_pk_t; - --PACKED_TYPE(fido_authdata_t, --struct fido_authdata { -+typedef struct fido_authdata { - unsigned char rp_id_hash[32]; /* sha256 of fido_rp.id */ - uint8_t flags; /* user present/verified */ - uint32_t sigcount; /* signature counter */ - /* actually longer */ --}) -- --PACKED_TYPE(fido_attcred_raw_t, --struct fido_attcred_raw { -- unsigned char aaguid[16]; /* credential's aaguid */ -- uint16_t id_len; /* credential id length */ -- uint8_t body[]; /* credential id + pubkey */ --}) -+} fido_authdata_t; - - typedef struct fido_attcred { - unsigned char aaguid[16]; /* credential's aaguid */ -diff --git a/src/u2f.c b/src/u2f.c -index 3b01f61..848d2fb 100644 ---- a/src/u2f.c -+++ b/src/u2f.c -@@ -16,6 +16,29 @@ - #include "fido.h" - #include "fido/es256.h" - -+/* -+ * Web Authentication section 6.1 -+ * https://www.w3.org/TR/webauthn/#authenticator-data -+ */ -+enum { -+ AUTHDATA_RP_ID_HASH = 0, -+ AUTHDATA_FLAGS = 32, -+ AUTHDATA_SIGN_COUNT = 33, -+ -+ AUTHDATA_BASE_SIZE = 37 -+}; -+ -+/* -+ * Web Authentication section 6.4.1 -+ * https://www.w3.org/TR/webauthn/#sec-attested-credential-data -+ */ -+enum { -+ ATTCRED_AAGUID = 0, -+ ATTCRED_CREDENTIAL_ID_LENGTH = 16, -+ -+ ATTCRED_BASE_SIZE = 18 -+}; -+ - static int - sleep_msec(unsigned int msec) - { -@@ -96,23 +119,24 @@ static int - authdata_fake(const char *rp_id, uint8_t flags, uint32_t sigcount, - fido_blob_t *fake_cbor_ad) - { -- fido_authdata_t ad; -+ uint8_t authdata[AUTHDATA_BASE_SIZE] = {0}; -+ unsigned char *rp_id_hash; - cbor_item_t *item = NULL; - size_t alloc_len; - -- memset(&ad, 0, sizeof(ad)); -+ rp_id_hash = (unsigned char *)&authdata[AUTHDATA_RP_ID_HASH]; - - if (SHA256((const void *)rp_id, strlen(rp_id), -- ad.rp_id_hash) != ad.rp_id_hash) { -+ rp_id_hash) != rp_id_hash) { - fido_log_debug("%s: sha256", __func__); - return (-1); - } - -- ad.flags = flags; /* XXX translate? */ -- ad.sigcount = sigcount; -+ authdata[AUTHDATA_FLAGS] = flags; /* XXX translate? */ -+ memcpy(&authdata[AUTHDATA_SIGN_COUNT], &sigcount, 4); - -- if ((item = cbor_build_bytestring((const unsigned char *)&ad, -- sizeof(ad))) == NULL) { -+ if ((item = cbor_build_bytestring((cbor_data)authdata, -+ sizeof(authdata))) == NULL) { - fido_log_debug("%s: cbor_build_bytestring", __func__); - return (-1); - } -@@ -410,18 +434,18 @@ static int - encode_cred_authdata(const char *rp_id, const uint8_t *kh, uint8_t kh_len, - const uint8_t *pubkey, size_t pubkey_len, fido_blob_t *out) - { -- fido_authdata_t authdata; -- fido_attcred_raw_t attcred_raw; -- fido_blob_t pk_blob; -- fido_blob_t authdata_blob; -- cbor_item_t *authdata_cbor = NULL; -- unsigned char *ptr; -- size_t len; -- size_t alloc_len; -- int ok = -1; -+ uint8_t authdata[AUTHDATA_BASE_SIZE] = {0}; -+ unsigned char *rp_id_hash; -+ uint8_t attcred_raw[ATTCRED_BASE_SIZE] = {0}; -+ fido_blob_t pk_blob; -+ fido_blob_t authdata_blob; -+ cbor_item_t *authdata_cbor = NULL; -+ unsigned char *ptr; -+ size_t len; -+ size_t alloc_len; -+ int ok = -1; - - memset(&pk_blob, 0, sizeof(pk_blob)); -- memset(&authdata, 0, sizeof(authdata)); - memset(&authdata_blob, 0, sizeof(authdata_blob)); - memset(out, 0, sizeof(*out)); - -@@ -435,17 +459,19 @@ encode_cred_authdata(const char *rp_id, const uint8_t *kh, uint8_t kh_len, - goto fail; - } - -+ rp_id_hash = (unsigned char *)&authdata[AUTHDATA_RP_ID_HASH]; -+ - if (SHA256((const void *)rp_id, strlen(rp_id), -- authdata.rp_id_hash) != authdata.rp_id_hash) { -+ rp_id_hash) != rp_id_hash) { - fido_log_debug("%s: sha256", __func__); - goto fail; - } - -- authdata.flags = (CTAP_AUTHDATA_ATT_CRED | CTAP_AUTHDATA_USER_PRESENT); -- authdata.sigcount = 0; -+ authdata[AUTHDATA_FLAGS] = (CTAP_AUTHDATA_ATT_CRED | -+ CTAP_AUTHDATA_USER_PRESENT); - -- memset(&attcred_raw.aaguid, 0, sizeof(attcred_raw.aaguid)); -- attcred_raw.id_len = htobe16(kh_len); -+ /* big-endian, so second byte is LSB */ -+ attcred_raw[ATTCRED_CREDENTIAL_ID_LENGTH + 1] = kh_len; - - len = authdata_blob.len = sizeof(authdata) + sizeof(attcred_raw) + - kh_len + pk_blob.len; --- -2.26.1 - diff --git a/pkg/libfido2/patch/0007-remove-unused-packed.h.patch b/pkg/libfido2/patch/0007-remove-unused-packed.h.patch @@ -1,41 +0,0 @@ -From 5240c76168f9de8683673892e61dea548eda584e Mon Sep 17 00:00:00 2001 -From: Michael Forney <mforney@mforney.org> -Date: Tue, 26 Nov 2019 19:30:28 -0800 -Subject: [PATCH] remove unused packed.h - ---- - src/packed.h | 22 ---------------------- - 1 file changed, 22 deletions(-) - delete mode 100644 src/packed.h - -diff --git a/src/packed.h b/src/packed.h -deleted file mode 100644 -index 3857c22..0000000 ---- a/src/packed.h -+++ /dev/null -@@ -1,22 +0,0 @@ --/* -- * Copyright (c) 2018 Yubico AB. All rights reserved. -- * Use of this source code is governed by a BSD-style -- * license that can be found in the LICENSE file. -- */ -- --#ifndef _PACKED_H --#define _PACKED_H -- --#if defined(__GNUC__) --#define PACKED_TYPE(type, def) \ -- typedef def __attribute__ ((__packed__)) type; --#elif defined(_MSC_VER) --#define PACKED_TYPE(type, def) \ -- __pragma(pack(push, 1)) \ -- typedef def type; \ -- __pragma(pack(pop)) --#else --#error "please provide a way to define packed types on your platform" --#endif -- --#endif /* !_PACKED_H */ --- -2.24.0 - diff --git a/pkg/libfido2/patch/0008-port-to-BearSSL.patch b/pkg/libfido2/patch/0008-port-to-BearSSL.patch @@ -1,1803 +0,0 @@ -From 6d0970678ad7ea140dc895722714ea9851017e0b Mon Sep 17 00:00:00 2001 -From: Michael Forney <mforney@mforney.org> -Date: Mon, 18 Nov 2019 23:46:22 -0800 -Subject: [PATCH] port to BearSSL - ---- - CMakeLists.txt | 42 +++---- - src/CMakeLists.txt | 4 +- - src/aes256.c | 61 +++++------ - src/assert.c | 135 ++++++++--------------- - src/cbor.c | 98 ++++++----------- - src/cred.c | 81 ++++++-------- - src/credman.c | 16 +-- - src/ecdh.c | 55 +++------- - src/eddsa.c | 92 ---------------- - src/es256.c | 268 +++++++-------------------------------------- - src/fido.h | 3 - - src/fido/eddsa.h | 22 ---- - src/fido/es256.h | 5 - - src/fido/rs256.h | 4 - - src/rs256.c | 117 +------------------- - src/u2f.c | 109 +++++++++--------- - 16 files changed, 280 insertions(+), 832 deletions(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 5262ca8..67da04e 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -52,13 +52,13 @@ endif() - - if(MSVC) - if((NOT CBOR_INCLUDE_DIRS) OR (NOT CBOR_LIBRARY_DIRS) OR -- (NOT CRYPTO_INCLUDE_DIRS) OR (NOT CRYPTO_LIBRARY_DIRS)) -+ (NOT BEARSSL_INCLUDE_DIRS) OR (NOT BEARSSL_LIBRARY_DIRS)) - message(FATAL_ERROR "please provide definitions for " -- "{CBOR,CRYPTO}_{INCLUDE,LIBRARY}_DIRS when building " -+ "{CBOR,BEARSSL}_{INCLUDE,LIBRARY}_DIRS when building " - "under msvc") - endif() - set(CBOR_LIBRARIES cbor) -- set(CRYPTO_LIBRARIES crypto-45) -+ set(BEARSSL_LIBRARIES bearssl) - set(MSVC_DISABLED_WARNINGS_LIST - "C4200" # nonstandard extension used: zero-sized array in - # struct/union; -@@ -79,24 +79,20 @@ if(MSVC) - else() - include(FindPkgConfig) - pkg_search_module(CBOR libcbor) -- pkg_search_module(CRYPTO libcrypto) - -- # XXX workaround libcbor's missing .pc file -- if(NOT CBOR_FOUND) -- check_include_files(cbor.h HAVE_CBOR_H) -- if(NOT HAVE_CBOR_H) -- message(FATAL_ERROR "could not find cbor header files") -- endif() -- set(CBOR_LIBRARIES "cbor") -+ find_library(BEARSSL_LIBRARIES bearssl) -+ find_path(BEARSSL_INCLUDE_DIRS bearssl.h) -+ if(NOT BEARSSL_LIBRARIES OR NOT BEARSSL_INCLUDE_DIRS) -+ message(FATAL_ERROR "could not find BearSSL") - endif() - -- # XXX workaround libcrypto's missing .pc file -- if(NOT CRYPTO_FOUND) -- check_include_files(openssl/opensslv.h HAVE_OPENSSLV_H) -- if(NOT HAVE_OPENSSLV_H) -- message(FATAL_ERROR "could not find crypto header files") -+ # XXX workaround libcbor's missing .pc file -+ if(NOT CBOR_FOUND) -+ find_library(CBOR_LIBRARIES cbor) -+ find_path(CBOR_INCLUDE_DIRS cbor.h) -+ if(NOT CBOR_LIBRARIES OR NOT CBOR_INCLUDE_DIRS) -+ message(FATAL_ERROR "could not find libcbor") - endif() -- set(CRYPTO_LIBRARIES "crypto") - endif() - - if(CMAKE_SYSTEM_NAME STREQUAL "Linux") -@@ -369,10 +365,9 @@ endif() - - include_directories(${CMAKE_SOURCE_DIR}/src) - include_directories(${CBOR_INCLUDE_DIRS}) --include_directories(${CRYPTO_INCLUDE_DIRS}) -+include_directories(${BEARSSL_INCLUDE_DIRS}) - - link_directories(${CBOR_LIBRARY_DIRS}) --link_directories(${CRYPTO_LIBRARY_DIRS}) - - message(STATUS "CMAKE_C_COMPILER: ${CMAKE_C_COMPILER}") - message(STATUS "CMAKE_C_COMPILER_ID: ${CMAKE_C_COMPILER_ID}") -@@ -382,9 +377,8 @@ message(STATUS "CMAKE_BUILD_TYPE: ${CMAKE_BUILD_TYPE}") - message(STATUS "CBOR_INCLUDE_DIRS: ${CBOR_INCLUDE_DIRS}") - message(STATUS "CBOR_LIBRARY_DIRS: ${CBOR_LIBRARY_DIRS}") - message(STATUS "CBOR_LIBRARIES: ${CBOR_LIBRARIES}") --message(STATUS "CRYPTO_INCLUDE_DIRS: ${CRYPTO_INCLUDE_DIRS}") --message(STATUS "CRYPTO_LIBRARY_DIRS: ${CRYPTO_LIBRARY_DIRS}") --message(STATUS "CRYPTO_LIBRARIES: ${CRYPTO_LIBRARIES}") -+message(STATUS "BEARSSL_INCLUDE_DIRS: ${BEARSSL_INCLUDE_DIRS}") -+message(STATUS "BEARSSL_LIBRARIES: ${BEARSSL_LIBRARIES}") - message(STATUS "BASE_LIBRARIES: ${BASE_LIBRARIES}") - message(STATUS "HIDAPI_LIBRARIES: ${HIDAPI_LIBRARIES}") - message(STATUS "VERSION: ${FIDO_VERSION}") -@@ -407,8 +401,8 @@ if(CMAKE_SYSTEM_NAME STREQUAL "Linux") - endif() - - subdirs(src) --subdirs(examples) --subdirs(tools) -+#subdirs(examples) -+#subdirs(tools) - subdirs(man) - - if(NOT WIN32) -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index 3cf62e8..1d66728 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -61,7 +61,7 @@ list(APPEND COMPAT_SOURCES - - # static library - add_library(fido2 STATIC ${FIDO_SOURCES} ${COMPAT_SOURCES}) --target_link_libraries(fido2 ${CBOR_LIBRARIES} ${CRYPTO_LIBRARIES} -+target_link_libraries(fido2 ${CBOR_LIBRARIES} ${BEARSSL_LIBRARIES} - ${UDEV_LIBRARIES} ${BASE_LIBRARIES} ${HIDAPI_LIBRARIES}) - if(WIN32) - if (MINGW) -@@ -79,7 +79,7 @@ install(TARGETS fido2 ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} - - # dynamic library - add_library(fido2_shared SHARED ${FIDO_SOURCES} ${COMPAT_SOURCES}) --target_link_libraries(fido2_shared ${CBOR_LIBRARIES} ${CRYPTO_LIBRARIES} -+target_link_libraries(fido2_shared ${CBOR_LIBRARIES} ${BEARSSL_LIBRARIES} - ${UDEV_LIBRARIES} ${BASE_LIBRARIES} ${HIDAPI_LIBRARIES}) - if(WIN32) - if (MINGW) -diff --git a/src/aes256.c b/src/aes256.c -index 767cdb2..baacc0a 100644 ---- a/src/aes256.c -+++ b/src/aes256.c -@@ -4,7 +4,8 @@ - * license that can be found in the LICENSE file. - */ - --#include <openssl/evp.h> -+#include <bearssl.h> -+ - #include <string.h> - - #include "fido.h" -@@ -12,38 +13,33 @@ - int - aes256_cbc_enc(const fido_blob_t *key, const fido_blob_t *in, fido_blob_t *out) - { -- EVP_CIPHER_CTX *ctx = NULL; -- unsigned char iv[32]; -- int len; -- int ok = -1; -+ br_aes_ct64_cbcenc_keys ctx; -+ unsigned char iv[32]; -+ int ok = -1; - - memset(iv, 0, sizeof(iv)); - out->ptr = NULL; - out->len = 0; - - /* sanity check */ -- if (in->len > INT_MAX || (in->len % 16) != 0 || -- (out->ptr = calloc(1, in->len)) == NULL) { -+ if ((in->len % 16) != 0 || (out->ptr = calloc(1, in->len)) == NULL) { - fido_log_debug("%s: in->len=%zu", __func__, in->len); - goto fail; - } -- -- if ((ctx = EVP_CIPHER_CTX_new()) == NULL || key->len != 32 || -- !EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ptr, iv) || -- !EVP_CIPHER_CTX_set_padding(ctx, 0) || -- !EVP_EncryptUpdate(ctx, out->ptr, &len, in->ptr, (int)in->len) || -- len < 0 || (size_t)len != in->len) { -- fido_log_debug("%s: EVP_Encrypt", __func__); -+ if (key->len != 32) { -+ fido_log_debug("%s: key->len=%zu", __func__, key->len); - goto fail; - } - -- out->len = (size_t)len; -+ memcpy(out->ptr, in->ptr, in->len); -+ br_aes_ct64_cbcenc_init(&ctx, key->ptr, key->len); -+ br_aes_ct64_cbcenc_run(&ctx, iv, out->ptr, out->len); -+ explicit_bzero(&ctx, sizeof(ctx)); -+ -+ out->len = in->len; - - ok = 0; - fail: -- if (ctx != NULL) -- EVP_CIPHER_CTX_free(ctx); -- - if (ok < 0) { - free(out->ptr); - out->ptr = NULL; -@@ -56,38 +52,33 @@ fail: - int - aes256_cbc_dec(const fido_blob_t *key, const fido_blob_t *in, fido_blob_t *out) - { -- EVP_CIPHER_CTX *ctx = NULL; -- unsigned char iv[32]; -- int len; -- int ok = -1; -+ br_aes_ct64_cbcdec_keys ctx; -+ unsigned char iv[32]; -+ int ok = -1; - - memset(iv, 0, sizeof(iv)); - out->ptr = NULL; - out->len = 0; - - /* sanity check */ -- if (in->len > INT_MAX || (in->len % 16) != 0 || -- (out->ptr = calloc(1, in->len)) == NULL) { -+ if ((in->len % 16) != 0 || (out->ptr = calloc(1, in->len)) == NULL) { - fido_log_debug("%s: in->len=%zu", __func__, in->len); - goto fail; - } -- -- if ((ctx = EVP_CIPHER_CTX_new()) == NULL || key->len != 32 || -- !EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ptr, iv) || -- !EVP_CIPHER_CTX_set_padding(ctx, 0) || -- !EVP_DecryptUpdate(ctx, out->ptr, &len, in->ptr, (int)in->len) || -- len < 0 || (size_t)len > in->len + 32) { -- fido_log_debug("%s: EVP_Decrypt", __func__); -+ if (key->len != 32) { -+ fido_log_debug("%s: key->len=%zu", __func__, key->len); - goto fail; - } - -- out->len = (size_t)len; -+ memcpy(out->ptr, in->ptr, in->len); -+ br_aes_ct64_cbcdec_init(&ctx, key->ptr, key->len); -+ br_aes_ct64_cbcdec_run(&ctx, iv, out->ptr, out->len); -+ explicit_bzero(&ctx, sizeof(ctx)); -+ -+ out->len = in->len; - - ok = 0; - fail: -- if (ctx != NULL) -- EVP_CIPHER_CTX_free(ctx); -- - if (ok < 0) { - free(out->ptr); - out->ptr = NULL; -diff --git a/src/assert.c b/src/assert.c -index b71d00e..cccc3e1 100644 ---- a/src/assert.c -+++ b/src/assert.c -@@ -4,10 +4,7 @@ - * license that can be found in the LICENSE file. - */ - --#include <openssl/ec.h> --#include <openssl/ecdsa.h> --#include <openssl/evp.h> --#include <openssl/sha.h> -+#include <bearssl.h> - - #include <string.h> - #include "fido.h" -@@ -370,7 +367,7 @@ fido_get_signed_hash(int cose_alg, fido_blob_t *dgst, const fido_blob_t *clientd - unsigned char *authdata_ptr = NULL; - size_t authdata_len; - struct cbor_load_result cbor; -- SHA256_CTX ctx; -+ br_sha256_context ctx; - int ok = -1; - - if ((item = cbor_load(authdata_cbor->ptr, authdata_cbor->len, -@@ -384,14 +381,15 @@ fido_get_signed_hash(int cose_alg, fido_blob_t *dgst, const fido_blob_t *clientd - authdata_len = cbor_bytestring_length(item); - - if (cose_alg != COSE_EDDSA) { -- if (dgst->len < SHA256_DIGEST_LENGTH || SHA256_Init(&ctx) == 0 || -- SHA256_Update(&ctx, authdata_ptr, authdata_len) == 0 || -- SHA256_Update(&ctx, clientdata->ptr, clientdata->len) == 0 || -- SHA256_Final(dgst->ptr, &ctx) == 0) { -+ if (dgst->len < br_sha256_SIZE) { - fido_log_debug("%s: sha256", __func__); - goto fail; - } -- dgst->len = SHA256_DIGEST_LENGTH; -+ br_sha256_init(&ctx); -+ br_sha256_update(&ctx, authdata_ptr, authdata_len); -+ br_sha256_update(&ctx, clientdata->ptr, clientdata->len); -+ br_sha256_out(&ctx, dgst->ptr); -+ dgst->len = br_sha256_SIZE; - } else { - if (SIZE_MAX - authdata_len < clientdata->len || - dgst->len < authdata_len + clientdata->len) { -@@ -416,34 +414,25 @@ int - fido_verify_sig_es256(const fido_blob_t *dgst, const es256_pk_t *pk, - const fido_blob_t *sig) - { -- EVP_PKEY *pkey = NULL; -- EC_KEY *ec = NULL; -- int ok = -1; -- -- /* ECDSA_verify needs ints */ -- if (dgst->len > INT_MAX || sig->len > INT_MAX) { -- fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__, -- dgst->len, sig->len); -- return (-1); -- } -+ unsigned char q[BR_EC_KBUF_PUB_MAX_SIZE]; -+ br_ec_public_key pkey; -+ int ok = -1; - -- if ((pkey = es256_pk_to_EVP_PKEY(pk)) == NULL || -- (ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) { -- fido_log_debug("%s: pk -> ec", __func__); -- goto fail; -- } -+ /* BearSSL needs uncompressed format */ -+ q[0] = 4; -+ memcpy(q + 1, pk->x, 32); -+ memcpy(q + 1 + 32, pk->y, 32); -+ pkey.q = q; -+ pkey.qlen = 1 + 32 + 32; - -- if (ECDSA_verify(0, dgst->ptr, (int)dgst->len, sig->ptr, -- (int)sig->len, ec) != 1) { -- fido_log_debug("%s: ECDSA_verify", __func__); -+ if (br_ecdsa_vrfy_asn1_get_default()(br_ec_get_default(), dgst->ptr, -+ dgst->len, &pkey, sig->ptr, sig->len) == 0) { -+ fido_log_debug("%s: ECDSA verify", __func__); - goto fail; - } - - ok = 0; - fail: -- if (pkey != NULL) -- EVP_PKEY_free(pkey); -- - return (ok); - } - -@@ -451,34 +440,37 @@ int - fido_verify_sig_rs256(const fido_blob_t *dgst, const rs256_pk_t *pk, - const fido_blob_t *sig) - { -- EVP_PKEY *pkey = NULL; -- RSA *rsa = NULL; -- int ok = -1; -- -- /* RSA_verify needs unsigned ints */ -- if (dgst->len > UINT_MAX || sig->len > UINT_MAX) { -- fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__, -- dgst->len, sig->len); -+ br_rsa_public_key pkey; -+ unsigned char hash[br_sha256_SIZE]; -+ int ok = -1; -+ -+ /* RSA verify needs SHA256-sized hash */ -+ if (dgst->len != br_sha256_SIZE) { -+ fido_log_debug("%s: dgst->len=%zu", __func__, dgst->len); - return (-1); - } - -- if ((pkey = rs256_pk_to_EVP_PKEY(pk)) == NULL || -- (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { -- fido_log_debug("%s: pk -> ec", __func__); -- goto fail; -- } -+#ifdef __GNUC__ -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wcast-qual" -+#endif -+ pkey.n = (unsigned char *)pk->n; -+ pkey.nlen = sizeof(pk->n); -+ pkey.e = (unsigned char *)pk->e; -+ pkey.elen = sizeof(pk->e); -+#ifdef __GNUC__ -+#pragma GCC diagnostic pop -+#endif - -- if (RSA_verify(NID_sha256, dgst->ptr, (unsigned int)dgst->len, sig->ptr, -- (unsigned int)sig->len, rsa) != 1) { -+ if (br_rsa_pkcs1_vrfy_get_default()(sig->ptr, sig->len, -+ BR_HASH_OID_SHA256, dgst->len, &pkey, hash) != 1 || -+ memcmp(dgst->ptr, hash, sizeof(hash)) != 0) { - fido_log_debug("%s: RSA_verify", __func__); - goto fail; - } - - ok = 0; - fail: -- if (pkey != NULL) -- EVP_PKEY_free(pkey); -- - return (ok); - } - -@@ -486,47 +478,12 @@ int - fido_verify_sig_eddsa(const fido_blob_t *dgst, const eddsa_pk_t *pk, - const fido_blob_t *sig) - { -- EVP_PKEY *pkey = NULL; -- EVP_MD_CTX *mdctx = NULL; -- int ok = -1; -- -- /* EVP_DigestVerify needs ints */ -- if (dgst->len > INT_MAX || sig->len > INT_MAX) { -- fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__, -- dgst->len, sig->len); -- return (-1); -- } -+ (void)dgst; -+ (void)pk; -+ (void)sig; - -- if ((pkey = eddsa_pk_to_EVP_PKEY(pk)) == NULL) { -- fido_log_debug("%s: pk -> pkey", __func__); -- goto fail; -- } -- -- if ((mdctx = EVP_MD_CTX_new()) == NULL) { -- fido_log_debug("%s: EVP_MD_CTX_new", __func__); -- goto fail; -- } -- -- if (EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, pkey) != 1) { -- fido_log_debug("%s: EVP_DigestVerifyInit", __func__); -- goto fail; -- } -- -- if (EVP_DigestVerify(mdctx, sig->ptr, sig->len, dgst->ptr, -- dgst->len) != 1) { -- fido_log_debug("%s: EVP_DigestVerify", __func__); -- goto fail; -- } -- -- ok = 0; --fail: -- if (mdctx != NULL) -- EVP_MD_CTX_free(mdctx); -- -- if (pkey != NULL) -- EVP_PKEY_free(pkey); -- -- return (ok); -+ fido_log_debug("%s: EdDSA not implemented", __func__); -+ return (-1); - } - - int -diff --git a/src/cbor.c b/src/cbor.c -index 2b3c150..dfe3ddf 100644 ---- a/src/cbor.c -+++ b/src/cbor.c -@@ -4,9 +4,7 @@ - * license that can be found in the LICENSE file. - */ - --#include <openssl/evp.h> --#include <openssl/hmac.h> --#include <openssl/sha.h> -+#include <bearssl.h> - - #include <string.h> - #include "fido.h" -@@ -629,14 +627,16 @@ cbor_encode_assert_options(fido_opt_t up, fido_opt_t uv) - cbor_item_t * - cbor_encode_pin_auth(const fido_blob_t *hmac_key, const fido_blob_t *data) - { -- const EVP_MD *md = NULL; -- unsigned char dgst[SHA256_DIGEST_LENGTH]; -- unsigned int dgst_len; -+ br_hmac_context ctx; -+ br_hmac_key_context kc; -+ unsigned char dgst[br_sha256_SIZE]; - -- if ((md = EVP_sha256()) == NULL || HMAC(md, hmac_key->ptr, -- (int)hmac_key->len, data->ptr, (int)data->len, dgst, -- &dgst_len) == NULL || dgst_len != SHA256_DIGEST_LENGTH) -- return (NULL); -+ br_hmac_key_init(&kc, &br_sha256_vtable, hmac_key->ptr, hmac_key->len); -+ br_hmac_init(&ctx, &kc, 0); -+ br_hmac_update(&ctx, data->ptr, data->len); -+ br_hmac_out(&ctx, dgst); -+ explicit_bzero(&kc, sizeof(kc)); -+ explicit_bzero(&ctx, sizeof(ctx)); - - return (cbor_build_bytestring(dgst, 16)); - } -@@ -665,17 +665,16 @@ cbor_encode_pin_enc(const fido_blob_t *key, const fido_blob_t *pin) - static int - sha256(const unsigned char *data, size_t data_len, fido_blob_t *digest) - { -- if ((digest->ptr = calloc(1, SHA256_DIGEST_LENGTH)) == NULL) -+ br_sha256_context ctx; -+ -+ if ((digest->ptr = calloc(1, br_sha256_SIZE)) == NULL) - return (-1); - -- digest->len = SHA256_DIGEST_LENGTH; -+ digest->len = br_sha256_SIZE; - -- if (SHA256(data, data_len, digest->ptr) != digest->ptr) { -- free(digest->ptr); -- digest->ptr = NULL; -- digest->len = 0; -- return (-1); -- } -+ br_sha256_init(&ctx); -+ br_sha256_update(&ctx, data, data_len); -+ br_sha256_out(&ctx, digest->ptr); - - return (0); - } -@@ -684,15 +683,10 @@ cbor_item_t * - cbor_encode_change_pin_auth(const fido_blob_t *key, const fido_blob_t *new_pin, - const fido_blob_t *pin) - { -- unsigned char dgst[SHA256_DIGEST_LENGTH]; -- unsigned int dgst_len; -+ unsigned char dgst[br_sha256_SIZE]; - cbor_item_t *item = NULL; -- const EVP_MD *md = NULL; --#if OPENSSL_VERSION_NUMBER < 0x10100000L -- HMAC_CTX ctx; --#else -- HMAC_CTX *ctx = NULL; --#endif -+ br_hmac_context ctx; -+ br_hmac_key_context kc; - fido_blob_t *npe = NULL; /* new pin, encrypted */ - fido_blob_t *ph = NULL; /* pin hash */ - fido_blob_t *phe = NULL; /* pin hash, encrypted */ -@@ -720,28 +714,13 @@ cbor_encode_change_pin_auth(const fido_blob_t *key, const fido_blob_t *new_pin, - goto fail; - } - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -- HMAC_CTX_init(&ctx); -- -- if ((md = EVP_sha256()) == NULL || -- HMAC_Init_ex(&ctx, key->ptr, (int)key->len, md, NULL) == 0 || -- HMAC_Update(&ctx, npe->ptr, (int)npe->len) == 0 || -- HMAC_Update(&ctx, phe->ptr, (int)phe->len) == 0 || -- HMAC_Final(&ctx, dgst, &dgst_len) == 0 || dgst_len != 32) { -- fido_log_debug("%s: HMAC", __func__); -- goto fail; -- } --#else -- if ((ctx = HMAC_CTX_new()) == NULL || -- (md = EVP_sha256()) == NULL || -- HMAC_Init_ex(ctx, key->ptr, (int)key->len, md, NULL) == 0 || -- HMAC_Update(ctx, npe->ptr, (int)npe->len) == 0 || -- HMAC_Update(ctx, phe->ptr, (int)phe->len) == 0 || -- HMAC_Final(ctx, dgst, &dgst_len) == 0 || dgst_len != 32) { -- fido_log_debug("%s: HMAC", __func__); -- goto fail; -- } --#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ -+ br_hmac_key_init(&kc, &br_sha256_vtable, key->ptr, key->len); -+ br_hmac_init(&ctx, &kc, 0); -+ br_hmac_update(&ctx, npe->ptr, npe->len); -+ br_hmac_update(&ctx, phe->ptr, phe->len); -+ br_hmac_out(&ctx, dgst); -+ explicit_bzero(&kc, sizeof(kc)); -+ explicit_bzero(&ctx, sizeof(ctx)); - - if ((item = cbor_build_bytestring(dgst, 16)) == NULL) { - fido_log_debug("%s: cbor_build_bytestring", __func__); -@@ -754,11 +733,6 @@ fail: - fido_blob_free(&ph); - fido_blob_free(&phe); - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -- if (ctx != NULL) -- HMAC_CTX_free(ctx); --#endif -- - if (ok < 0) { - if (item != NULL) { - cbor_decref(&item); -@@ -772,9 +746,9 @@ fail: - cbor_item_t * - cbor_encode_set_pin_auth(const fido_blob_t *key, const fido_blob_t *pin) - { -- const EVP_MD *md = NULL; -- unsigned char dgst[SHA256_DIGEST_LENGTH]; -- unsigned int dgst_len; -+ br_hmac_context ctx; -+ br_hmac_key_context kc; -+ unsigned char dgst[br_sha256_SIZE]; - cbor_item_t *item = NULL; - fido_blob_t *pe = NULL; - -@@ -786,12 +760,12 @@ cbor_encode_set_pin_auth(const fido_blob_t *key, const fido_blob_t *pin) - goto fail; - } - -- if ((md = EVP_sha256()) == NULL || key->len != 32 || HMAC(md, key->ptr, -- (int)key->len, pe->ptr, (int)pe->len, dgst, &dgst_len) == NULL || -- dgst_len != SHA256_DIGEST_LENGTH) { -- fido_log_debug("%s: HMAC", __func__); -- goto fail; -- } -+ br_hmac_key_init(&kc, &br_sha256_vtable, key->ptr, key->len); -+ br_hmac_init(&ctx, &kc, 0); -+ br_hmac_update(&ctx, pe->ptr, pe->len); -+ br_hmac_out(&ctx, dgst); -+ explicit_bzero(&kc, sizeof(kc)); -+ explicit_bzero(&ctx, sizeof(ctx)); - - item = cbor_build_bytestring(dgst, 16); - fail: -diff --git a/src/cred.c b/src/cred.c -index 4ecbba8..a3d5898 100644 ---- a/src/cred.c -+++ b/src/cred.c -@@ -4,10 +4,7 @@ - * license that can be found in the LICENSE file. - */ - --#include <openssl/ec.h> --#include <openssl/evp.h> --#include <openssl/sha.h> --#include <openssl/x509.h> -+#include <bearssl.h> - - #include <string.h> - #include "fido.h" -@@ -188,18 +185,17 @@ check_extensions(const fido_cred_ext_t *authdata_ext, const fido_cred_ext_t *ext - int - fido_check_rp_id(const char *id, const unsigned char *obtained_hash) - { -- unsigned char expected_hash[SHA256_DIGEST_LENGTH]; -+ br_sha256_context ctx; -+ unsigned char expected_hash[br_sha256_SIZE]; - - explicit_bzero(expected_hash, sizeof(expected_hash)); - -- if (SHA256((const unsigned char *)id, strlen(id), -- expected_hash) != expected_hash) { -- fido_log_debug("%s: sha256", __func__); -- return (-1); -- } -+ br_sha256_init(&ctx); -+ br_sha256_update(&ctx, id, strlen(id)); -+ br_sha256_out(&ctx, expected_hash); - - return (timingsafe_bcmp(expected_hash, obtained_hash, -- SHA256_DIGEST_LENGTH)); -+ br_sha256_SIZE)); - } - - static int -@@ -209,21 +205,23 @@ get_signed_hash_u2f(fido_blob_t *dgst, const unsigned char *rp_id, - { - const uint8_t zero = 0; - const uint8_t four = 4; /* uncompressed point */ -- SHA256_CTX ctx; -- -- if (dgst->len != SHA256_DIGEST_LENGTH || SHA256_Init(&ctx) == 0 || -- SHA256_Update(&ctx, &zero, sizeof(zero)) == 0 || -- SHA256_Update(&ctx, rp_id, rp_id_len) == 0 || -- SHA256_Update(&ctx, clientdata->ptr, clientdata->len) == 0 || -- SHA256_Update(&ctx, id->ptr, id->len) == 0 || -- SHA256_Update(&ctx, &four, sizeof(four)) == 0 || -- SHA256_Update(&ctx, pk->x, sizeof(pk->x)) == 0 || -- SHA256_Update(&ctx, pk->y, sizeof(pk->y)) == 0 || -- SHA256_Final(dgst->ptr, &ctx) == 0) { -+ br_sha256_context ctx; -+ -+ if (dgst->len != br_sha256_SIZE) { - fido_log_debug("%s: sha256", __func__); - return (-1); - } - -+ br_sha256_init(&ctx); -+ br_sha256_update(&ctx, &zero, sizeof(zero)); -+ br_sha256_update(&ctx, rp_id, rp_id_len); -+ br_sha256_update(&ctx, clientdata->ptr, clientdata->len); -+ br_sha256_update(&ctx, id->ptr, id->len); -+ br_sha256_update(&ctx, &four, sizeof(four)); -+ br_sha256_update(&ctx, pk->x, sizeof(pk->x)); -+ br_sha256_update(&ctx, pk->y, sizeof(pk->y)); -+ br_sha256_out(&ctx, dgst->ptr); -+ - return (0); - } - -@@ -231,42 +229,29 @@ static int - verify_sig(const fido_blob_t *dgst, const fido_blob_t *x5c, - const fido_blob_t *sig) - { -- BIO *rawcert = NULL; -- X509 *cert = NULL; -- EVP_PKEY *pkey = NULL; -- EC_KEY *ec; -- int ok = -1; -- -- /* openssl needs ints */ -- if (dgst->len > INT_MAX || x5c->len > INT_MAX || sig->len > INT_MAX) { -- fido_log_debug("%s: dgst->len=%zu, x5c->len=%zu, sig->len=%zu", -- __func__, dgst->len, x5c->len, sig->len); -- return (-1); -- } -+ br_x509_decoder_context ctx; -+ br_x509_pkey *pkey; -+ int ok = -1; - - /* fetch key from x509 */ -- if ((rawcert = BIO_new_mem_buf(x5c->ptr, (int)x5c->len)) == NULL || -- (cert = d2i_X509_bio(rawcert, NULL)) == NULL || -- (pkey = X509_get_pubkey(cert)) == NULL || -- (ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) { -+ br_x509_decoder_init(&ctx, NULL, NULL); -+ br_x509_decoder_push(&ctx, x5c->ptr, x5c->len); -+ if (br_x509_decoder_last_error(&ctx) != 0 || -+ (pkey = br_x509_decoder_get_pkey(&ctx)) == NULL || -+ pkey->key_type != BR_KEYTYPE_EC) { - fido_log_debug("%s: x509 key", __func__); - goto fail; - } - -- if (ECDSA_verify(0, dgst->ptr, (int)dgst->len, sig->ptr, -- (int)sig->len, ec) != 1) { -- fido_log_debug("%s: ECDSA_verify", __func__); -+ if (br_ecdsa_vrfy_asn1_get_default()(br_ec_get_default(), dgst->ptr, -+ dgst->len, &pkey->key.ec, sig->ptr, sig->len) == 0) { -+ fido_log_debug("%s: ECDSA verify", __func__); - goto fail; - } - - ok = 0; - fail: -- if (rawcert != NULL) -- BIO_free(rawcert); -- if (cert != NULL) -- X509_free(cert); -- if (pkey != NULL) -- EVP_PKEY_free(pkey); -+ explicit_bzero(&ctx, sizeof(ctx)); - - return (ok); - } -@@ -274,7 +259,7 @@ fail: - int - fido_cred_verify(const fido_cred_t *cred) - { -- unsigned char buf[SHA256_DIGEST_LENGTH]; -+ unsigned char buf[br_sha256_SIZE]; - fido_blob_t dgst; - int r; - -diff --git a/src/credman.c b/src/credman.c -index a382185..a6557d3 100644 ---- a/src/credman.c -+++ b/src/credman.c -@@ -4,7 +4,7 @@ - * license that can be found in the LICENSE file. - */ - --#include <openssl/sha.h> -+#include <bearssl.h> - - #include <string.h> - -@@ -369,14 +369,14 @@ static int - credman_get_rk_wait(fido_dev_t *dev, const char *rp_id, fido_credman_rk_t *rk, - const char *pin, int ms) - { -- fido_blob_t rp_dgst; -- uint8_t dgst[SHA256_DIGEST_LENGTH]; -- int r; -+ fido_blob_t rp_dgst; -+ br_sha256_context ctx; -+ uint8_t dgst[br_sha256_SIZE]; -+ int r; - -- if (SHA256((const unsigned char *)rp_id, strlen(rp_id), dgst) != dgst) { -- fido_log_debug("%s: sha256", __func__); -- return (FIDO_ERR_INTERNAL); -- } -+ br_sha256_init(&ctx); -+ br_sha256_update(&ctx, rp_id, strlen(rp_id)); -+ br_sha256_out(&ctx, dgst); - - rp_dgst.ptr = dgst; - rp_dgst.len = sizeof(dgst); -diff --git a/src/ecdh.c b/src/ecdh.c -index 7f25c7b..7576ae4 100644 ---- a/src/ecdh.c -+++ b/src/ecdh.c -@@ -4,8 +4,7 @@ - * license that can be found in the LICENSE file. - */ - --#include <openssl/evp.h> --#include <openssl/sha.h> -+#include <bearssl.h> - - #include "fido.h" - #include "fido/es256.h" -@@ -13,63 +12,43 @@ - static int - do_ecdh(const es256_sk_t *sk, const es256_pk_t *pk, fido_blob_t **ecdh) - { -- EVP_PKEY *pk_evp = NULL; -- EVP_PKEY *sk_evp = NULL; -- EVP_PKEY_CTX *ctx = NULL; -- fido_blob_t *secret = NULL; -- int ok = -1; -+ unsigned char q[65]; -+ br_sha256_context ctx; -+ int ok = -1; - - *ecdh = NULL; - - /* allocate blobs for secret & ecdh */ -- if ((secret = fido_blob_new()) == NULL || -- (*ecdh = fido_blob_new()) == NULL) -+ if ((*ecdh = fido_blob_new()) == NULL) - goto fail; - -- /* wrap the keys as openssl objects */ -- if ((pk_evp = es256_pk_to_EVP_PKEY(pk)) == NULL || -- (sk_evp = es256_sk_to_EVP_PKEY(sk)) == NULL) { -- fido_log_debug("%s: es256_to_EVP_PKEY", __func__); -- goto fail; -- } -- -- /* set ecdh parameters */ -- if ((ctx = EVP_PKEY_CTX_new(sk_evp, NULL)) == NULL || -- EVP_PKEY_derive_init(ctx) <= 0 || -- EVP_PKEY_derive_set_peer(ctx, pk_evp) <= 0) { -- fido_log_debug("%s: EVP_PKEY_derive_init", __func__); -- goto fail; -- } -+ q[0] = 4; -+ memcpy(q + 1, pk->x, 32); -+ memcpy(q + 1 + 32, pk->y, 32); - - /* perform ecdh */ -- if (EVP_PKEY_derive(ctx, NULL, &secret->len) <= 0 || -- (secret->ptr = calloc(1, secret->len)) == NULL || -- EVP_PKEY_derive(ctx, secret->ptr, &secret->len) <= 0) { -- fido_log_debug("%s: EVP_PKEY_derive", __func__); -+ if (br_ec_get_default()->mul(q, sizeof(q), sk->d, sizeof(sk->d), -+ BR_EC_secp256r1) != 1) { -+ fido_log_debug("%s: ECDH", __func__); - goto fail; - } - - /* use sha256 as a kdf on the resulting secret */ -- (*ecdh)->len = SHA256_DIGEST_LENGTH; -- if (((*ecdh)->ptr = calloc(1, (*ecdh)->len)) == NULL || -- SHA256(secret->ptr, secret->len, (*ecdh)->ptr) != (*ecdh)->ptr) { -+ (*ecdh)->len = br_sha256_SIZE; -+ if (((*ecdh)->ptr = calloc(1, (*ecdh)->len)) == NULL) { - fido_log_debug("%s: sha256", __func__); - goto fail; - } -+ br_sha256_init(&ctx); -+ br_sha256_update(&ctx, q + 1, 32); -+ br_sha256_out(&ctx, (*ecdh)->ptr); - - ok = 0; - fail: -- if (pk_evp != NULL) -- EVP_PKEY_free(pk_evp); -- if (sk_evp != NULL) -- EVP_PKEY_free(sk_evp); -- if (ctx != NULL) -- EVP_PKEY_CTX_free(ctx); -+ explicit_bzero(q, sizeof(q)); - if (ok < 0) - fido_blob_free(ecdh); - -- fido_blob_free(&secret); -- - return (ok); - } - -diff --git a/src/eddsa.c b/src/eddsa.c -index 44a5563..252e7ec 100644 ---- a/src/eddsa.c -+++ b/src/eddsa.c -@@ -4,75 +4,10 @@ - * license that can be found in the LICENSE file. - */ - --#include <openssl/bn.h> --#include <openssl/ec.h> --#include <openssl/evp.h> --#include <openssl/obj_mac.h> -- - #include <string.h> - #include "fido.h" - #include "fido/eddsa.h" - --#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10101000L --EVP_PKEY * --EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *key, -- size_t keylen) --{ -- (void)type; -- (void)e; -- (void)key; -- (void)keylen; -- -- fido_log_debug("%s: unimplemented", __func__); -- -- return (NULL); --} -- --int --EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, -- size_t *len) --{ -- (void)pkey; -- (void)pub; -- (void)len; -- -- fido_log_debug("%s: unimplemented", __func__); -- -- return (0); --} -- --int --EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen, -- const unsigned char *tbs, size_t tbslen) --{ -- (void)ctx; -- (void)sigret; -- (void)siglen; -- (void)tbs; -- (void)tbslen; -- -- fido_log_debug("%s: unimplemented", __func__); -- -- return (0); --} --#endif /* LIBRESSL_VERSION_NUMBER || OPENSSL_VERSION_NUMBER < 0x10101000L */ -- --#if OPENSSL_VERSION_NUMBER < 0x10100000L --EVP_MD_CTX * --EVP_MD_CTX_new(void) --{ -- fido_log_debug("%s: unimplemented", __func__); -- -- return (NULL); --} -- --void --EVP_MD_CTX_free(EVP_MD_CTX *ctx) --{ -- (void)ctx; --} --#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ -- - static int - decode_coord(const cbor_item_t *item, void *xy, size_t xy_len) - { -@@ -148,30 +83,3 @@ eddsa_pk_from_ptr(eddsa_pk_t *pk, const void *ptr, size_t len) - - return (FIDO_OK); - } -- --EVP_PKEY * --eddsa_pk_to_EVP_PKEY(const eddsa_pk_t *k) --{ -- EVP_PKEY *pkey = NULL; -- -- if ((pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, k->x, -- sizeof(k->x))) == NULL) -- fido_log_debug("%s: EVP_PKEY_new_raw_public_key", __func__); -- -- return (pkey); --} -- --int --eddsa_pk_from_EVP_PKEY(eddsa_pk_t *pk, const EVP_PKEY *pkey) --{ -- size_t len = 0; -- -- if (EVP_PKEY_get_raw_public_key(pkey, NULL, &len) != 1 || -- len != sizeof(pk->x)) -- return (FIDO_ERR_INTERNAL); -- if (EVP_PKEY_get_raw_public_key(pkey, pk->x, &len) != 1 || -- len != sizeof(pk->x)) -- return (FIDO_ERR_INTERNAL); -- -- return (FIDO_OK); --} -diff --git a/src/es256.c b/src/es256.c -index 020ecaa..49ffd82 100644 ---- a/src/es256.c -+++ b/src/es256.c -@@ -4,10 +4,7 @@ - * license that can be found in the LICENSE file. - */ - --#include <openssl/bn.h> --#include <openssl/ec.h> --#include <openssl/evp.h> --#include <openssl/obj_mac.h> -+#include <bearssl.h> - - #include <string.h> - #include "fido.h" -@@ -208,253 +205,64 @@ es256_pk_set_y(es256_pk_t *pk, const unsigned char *y) - int - es256_sk_create(es256_sk_t *key) - { -- EVP_PKEY_CTX *pctx = NULL; -- EVP_PKEY_CTX *kctx = NULL; -- EVP_PKEY *p = NULL; -- EVP_PKEY *k = NULL; -- const EC_KEY *ec; -- const BIGNUM *d; -- const int nid = NID_X9_62_prime256v1; -- int n; -- int ok = -1; -- -- if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) == NULL || -- EVP_PKEY_paramgen_init(pctx) <= 0 || -- EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid) <= 0 || -- EVP_PKEY_paramgen(pctx, &p) <= 0) { -- fido_log_debug("%s: EVP_PKEY_paramgen", __func__); -- goto fail; -- } -- -- if ((kctx = EVP_PKEY_CTX_new(p, NULL)) == NULL || -- EVP_PKEY_keygen_init(kctx) <= 0 || EVP_PKEY_keygen(kctx, &k) <= 0) { -- fido_log_debug("%s: EVP_PKEY_keygen", __func__); -- goto fail; -- } -- -- if ((ec = EVP_PKEY_get0_EC_KEY(k)) == NULL || -- (d = EC_KEY_get0_private_key(ec)) == NULL || -- (n = BN_num_bytes(d)) < 0 || (size_t)n > sizeof(key->d) || -- (n = BN_bn2bin(d, key->d)) < 0 || (size_t)n > sizeof(key->d)) { -- fido_log_debug("%s: EC_KEY_get0_private_key", __func__); -- goto fail; -- } -- -- ok = 0; --fail: -- if (p != NULL) -- EVP_PKEY_free(p); -- if (k != NULL) -- EVP_PKEY_free(k); -- if (pctx != NULL) -- EVP_PKEY_CTX_free(pctx); -- if (kctx != NULL) -- EVP_PKEY_CTX_free(kctx); -- -- return (ok); --} -- --EVP_PKEY * --es256_pk_to_EVP_PKEY(const es256_pk_t *k) --{ -- BN_CTX *bnctx = NULL; -- EC_KEY *ec = NULL; -- EC_POINT *q = NULL; -- EVP_PKEY *pkey = NULL; -- BIGNUM *x = NULL; -- BIGNUM *y = NULL; -- const EC_GROUP *g = NULL; -- const int nid = NID_X9_62_prime256v1; -- int ok = -1; -- -- if ((bnctx = BN_CTX_new()) == NULL) -- goto fail; -- -- BN_CTX_start(bnctx); -- -- if ((x = BN_CTX_get(bnctx)) == NULL || -- (y = BN_CTX_get(bnctx)) == NULL) -- goto fail; -- -- if (BN_bin2bn(k->x, sizeof(k->x), x) == NULL || -- BN_bin2bn(k->y, sizeof(k->y), y) == NULL) { -- fido_log_debug("%s: BN_bin2bn", __func__); -- goto fail; -- } -+ br_prng_seeder seeder; -+ br_hmac_drbg_context rng; -+ br_ec_private_key skey; -+ unsigned char kbuf[BR_EC_KBUF_PRIV_MAX_SIZE]; -+ int ok = -1; - -- if ((ec = EC_KEY_new_by_curve_name(nid)) == NULL || -- (g = EC_KEY_get0_group(ec)) == NULL) { -- fido_log_debug("%s: EC_KEY init", __func__); -+ if ((seeder = br_prng_seeder_system(NULL)) == NULL) { -+ fido_log_debug("%s: no PRNG seeder", __func__); - goto fail; - } -- -- if ((q = EC_POINT_new(g)) == NULL || -- EC_POINT_set_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 || -- EC_KEY_set_public_key(ec, q) == 0) { -- fido_log_debug("%s: EC_KEY_set_public_key", __func__); -+ br_hmac_drbg_init(&rng, &br_sha256_vtable, NULL, 0); -+ if (seeder(&rng.vtable) == 0) { -+ fido_log_debug("%s: seed PRNG", __func__); - goto fail; - } -- -- if ((pkey = EVP_PKEY_new()) == NULL || -- EVP_PKEY_assign_EC_KEY(pkey, ec) == 0) { -- fido_log_debug("%s: EVP_PKEY_assign_EC_KEY", __func__); -+ if (br_ec_keygen(&rng.vtable, br_ec_get_default(), &skey, kbuf, -+ BR_EC_secp256r1) != sizeof(key->d)) { -+ fido_log_debug("%s: EC keygen", __func__); - goto fail; - } -- -- ec = NULL; /* at this point, ec belongs to evp */ -+ memcpy(key->d, skey.x, sizeof(key->d)); -+ explicit_bzero(&skey, sizeof(skey)); -+ explicit_bzero(kbuf, sizeof(kbuf)); - - ok = 0; - fail: -- if (bnctx != NULL) { -- BN_CTX_end(bnctx); -- BN_CTX_free(bnctx); -- } -- -- if (ec != NULL) -- EC_KEY_free(ec); -- if (q != NULL) -- EC_POINT_free(q); -- -- if (ok < 0 && pkey != NULL) { -- EVP_PKEY_free(pkey); -- pkey = NULL; -- } -- -- return (pkey); --} -- --int --es256_pk_from_EC_KEY(es256_pk_t *pk, const EC_KEY *ec) --{ -- BN_CTX *bnctx = NULL; -- BIGNUM *x = NULL; -- BIGNUM *y = NULL; -- const EC_POINT *q = NULL; -- const EC_GROUP *g = NULL; -- int ok = FIDO_ERR_INTERNAL; -- int n; -- -- if ((q = EC_KEY_get0_public_key(ec)) == NULL || -- (g = EC_KEY_get0_group(ec)) == NULL || -- (bnctx = BN_CTX_new()) == NULL) -- goto fail; -- -- BN_CTX_start(bnctx); -- -- if ((x = BN_CTX_get(bnctx)) == NULL || -- (y = BN_CTX_get(bnctx)) == NULL) -- goto fail; -- -- if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 || -- (n = BN_num_bytes(x)) < 0 || (size_t)n > sizeof(pk->x) || -- (n = BN_num_bytes(y)) < 0 || (size_t)n > sizeof(pk->y)) { -- fido_log_debug("%s: EC_POINT_get_affine_coordinates_GFp", -- __func__); -- goto fail; -- } -- -- if ((n = BN_bn2bin(x, pk->x)) < 0 || (size_t)n > sizeof(pk->x) || -- (n = BN_bn2bin(y, pk->y)) < 0 || (size_t)n > sizeof(pk->y)) { -- fido_log_debug("%s: BN_bn2bin", __func__); -- goto fail; -- } -- -- ok = FIDO_OK; --fail: -- if (bnctx != NULL) { -- BN_CTX_end(bnctx); -- BN_CTX_free(bnctx); -- } -- - return (ok); - } - --EVP_PKEY * --es256_sk_to_EVP_PKEY(const es256_sk_t *k) --{ -- BN_CTX *bnctx = NULL; -- EC_KEY *ec = NULL; -- EVP_PKEY *pkey = NULL; -- BIGNUM *d = NULL; -- const int nid = NID_X9_62_prime256v1; -- int ok = -1; -- -- if ((bnctx = BN_CTX_new()) == NULL) -- goto fail; -- -- BN_CTX_start(bnctx); -- -- if ((d = BN_CTX_get(bnctx)) == NULL || -- BN_bin2bn(k->d, sizeof(k->d), d) == NULL) { -- fido_log_debug("%s: BN_bin2bn", __func__); -- goto fail; -- } -- -- if ((ec = EC_KEY_new_by_curve_name(nid)) == NULL || -- EC_KEY_set_private_key(ec, d) == 0) { -- fido_log_debug("%s: EC_KEY_set_private_key", __func__); -- goto fail; -- } -- -- if ((pkey = EVP_PKEY_new()) == NULL || -- EVP_PKEY_assign_EC_KEY(pkey, ec) == 0) { -- fido_log_debug("%s: EVP_PKEY_assign_EC_KEY", __func__); -- goto fail; -- } -- -- ec = NULL; /* at this point, ec belongs to evp */ -- -- ok = 0; --fail: -- if (bnctx != NULL) { -- BN_CTX_end(bnctx); -- BN_CTX_free(bnctx); -- } -- -- if (ec != NULL) -- EC_KEY_free(ec); -- -- if (ok < 0 && pkey != NULL) { -- EVP_PKEY_free(pkey); -- pkey = NULL; -- } -- -- return (pkey); --} -- - int - es256_derive_pk(const es256_sk_t *sk, es256_pk_t *pk) - { -- BIGNUM *d = NULL; -- EC_KEY *ec = NULL; -- EC_POINT *q = NULL; -- const EC_GROUP *g = NULL; -- const int nid = NID_X9_62_prime256v1; -- int ok = -1; -- -- if ((d = BN_bin2bn(sk->d, (int)sizeof(sk->d), NULL)) == NULL || -- (ec = EC_KEY_new_by_curve_name(nid)) == NULL || -- (g = EC_KEY_get0_group(ec)) == NULL || -- (q = EC_POINT_new(g)) == NULL) { -- fido_log_debug("%s: get", __func__); -- goto fail; -- } -- -- if (EC_POINT_mul(g, q, d, NULL, NULL, NULL) == 0 || -- EC_KEY_set_public_key(ec, q) == 0 || -- es256_pk_from_EC_KEY(pk, ec) != FIDO_OK) { -- fido_log_debug("%s: set", __func__); -+ br_ec_private_key skey; -+ br_ec_public_key pkey; -+ unsigned char kbuf[BR_EC_KBUF_PUB_MAX_SIZE]; -+ int ok = -1; -+ -+ skey.curve = BR_EC_secp256r1; -+#ifdef __GNUC__ -+#pragma GCC diagnostic push -+#pragma GCC diagnostic ignored "-Wcast-qual" -+#endif -+ skey.x = (unsigned char *)sk->d; -+ skey.xlen = sizeof(sk->d); -+#ifdef __GNUC__ -+#pragma GCC diagnostic pop -+#endif -+ if (br_ec_compute_pub(br_ec_get_default(), &pkey, kbuf, &skey) != 65 || -+ pkey.q[0] != 4 || -+ es256_pk_set_x(pk, pkey.q + 1) != 0 || -+ es256_pk_set_y(pk, pkey.q + 1 + 32) != 0) { -+ fido_log_debug("%s: EC compute pub", __func__); - goto fail; - } - - ok = 0; - fail: -- if (d != NULL) -- BN_clear_free(d); -- if (q != NULL) -- EC_POINT_free(q); -- if (ec != NULL) -- EC_KEY_free(ec); -+ explicit_bzero(kbuf, sizeof(kbuf)); - - return (ok); - } -diff --git a/src/fido.h b/src/fido.h -index e41de89..cd613e4 100644 ---- a/src/fido.h -+++ b/src/fido.h -@@ -7,9 +7,6 @@ - #ifndef _FIDO_H - #define _FIDO_H - --#include <openssl/ec.h> --#include <openssl/evp.h> -- - #include <stdbool.h> - #include <stdint.h> - #include <stdlib.h> -diff --git a/src/fido/eddsa.h b/src/fido/eddsa.h -index 4a81017..15e24a6 100644 ---- a/src/fido/eddsa.h -+++ b/src/fido/eddsa.h -@@ -7,8 +7,6 @@ - #ifndef _FIDO_EDDSA_H - #define _FIDO_EDDSA_H - --#include <openssl/ec.h> -- - #include <stdint.h> - #include <stdlib.h> - -@@ -24,29 +22,9 @@ extern "C" { - - eddsa_pk_t *eddsa_pk_new(void); - void eddsa_pk_free(eddsa_pk_t **); --EVP_PKEY *eddsa_pk_to_EVP_PKEY(const eddsa_pk_t *); - --int eddsa_pk_from_EVP_PKEY(eddsa_pk_t *, const EVP_PKEY *); - int eddsa_pk_from_ptr(eddsa_pk_t *, const void *, size_t); - --#ifdef _FIDO_INTERNAL -- --#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10101000L --#define EVP_PKEY_ED25519 EVP_PKEY_NONE --int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *); --EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *, -- size_t); --int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t, -- const unsigned char *, size_t); --#endif /* LIBRESSL_VERSION_NUMBER || OPENSSL_VERSION_NUMBER < 0x10101000L */ -- --#if OPENSSL_VERSION_NUMBER < 0x10100000L --EVP_MD_CTX *EVP_MD_CTX_new(void); --void EVP_MD_CTX_free(EVP_MD_CTX *); --#endif -- --#endif /* _FIDO_INTERNAL */ -- - #ifdef __cplusplus - } /* extern "C" */ - #endif /* __cplusplus */ -diff --git a/src/fido/es256.h b/src/fido/es256.h -index 80f4db3..d0c5b24 100644 ---- a/src/fido/es256.h -+++ b/src/fido/es256.h -@@ -7,8 +7,6 @@ - #ifndef _FIDO_ES256_H - #define _FIDO_ES256_H - --#include <openssl/ec.h> -- - #include <stdint.h> - #include <stdlib.h> - -@@ -24,15 +22,12 @@ extern "C" { - - es256_pk_t *es256_pk_new(void); - void es256_pk_free(es256_pk_t **); --EVP_PKEY *es256_pk_to_EVP_PKEY(const es256_pk_t *); - --int es256_pk_from_EC_KEY(es256_pk_t *, const EC_KEY *); - int es256_pk_from_ptr(es256_pk_t *, const void *, size_t); - - #ifdef _FIDO_INTERNAL - es256_sk_t *es256_sk_new(void); - void es256_sk_free(es256_sk_t **); --EVP_PKEY *es256_sk_to_EVP_PKEY(const es256_sk_t *); - - int es256_derive_pk(const es256_sk_t *, es256_pk_t *); - int es256_sk_create(es256_sk_t *); -diff --git a/src/fido/rs256.h b/src/fido/rs256.h -index 2b08d59..15c456e 100644 ---- a/src/fido/rs256.h -+++ b/src/fido/rs256.h -@@ -7,8 +7,6 @@ - #ifndef _FIDO_RS256_H - #define _FIDO_RS256_H - --#include <openssl/rsa.h> -- - #include <stdint.h> - #include <stdlib.h> - -@@ -24,9 +22,7 @@ extern "C" { - - rs256_pk_t *rs256_pk_new(void); - void rs256_pk_free(rs256_pk_t **); --EVP_PKEY *rs256_pk_to_EVP_PKEY(const rs256_pk_t *); - --int rs256_pk_from_RSA(rs256_pk_t *, const RSA *); - int rs256_pk_from_ptr(rs256_pk_t *, const void *, size_t); - - #ifdef __cplusplus -diff --git a/src/rs256.c b/src/rs256.c -index 9f30163..c9da648 100644 ---- a/src/rs256.c -+++ b/src/rs256.c -@@ -4,41 +4,12 @@ - * license that can be found in the LICENSE file. - */ - --#include <openssl/bn.h> --#include <openssl/rsa.h> --#include <openssl/evp.h> --#include <openssl/obj_mac.h> -+#include <bearssl.h> - - #include <string.h> - #include "fido.h" - #include "fido/rs256.h" - --#if OPENSSL_VERSION_NUMBER < 0x10100000L --static int --RSA_bits(const RSA *r) --{ -- return (BN_num_bits(r->n)); --} -- --static int --RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) --{ -- r->n = n; -- r->e = e; -- r->d = d; -- -- return (1); --} -- --static void --RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) --{ -- *n = r->n; -- *e = r->e; -- *d = r->d; --} --#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ -- - static int - decode_bignum(const cbor_item_t *item, void *ptr, size_t len) - { -@@ -116,89 +87,3 @@ rs256_pk_from_ptr(rs256_pk_t *pk, const void *ptr, size_t len) - - return (FIDO_OK); - } -- --EVP_PKEY * --rs256_pk_to_EVP_PKEY(const rs256_pk_t *k) --{ -- RSA *rsa = NULL; -- EVP_PKEY *pkey = NULL; -- BIGNUM *n = NULL; -- BIGNUM *e = NULL; -- int ok = -1; -- -- if ((n = BN_new()) == NULL || (e = BN_new()) == NULL) -- goto fail; -- -- if (BN_bin2bn(k->n, sizeof(k->n), n) == NULL || -- BN_bin2bn(k->e, sizeof(k->e), e) == NULL) { -- fido_log_debug("%s: BN_bin2bn", __func__); -- goto fail; -- } -- -- if ((rsa = RSA_new()) == NULL || RSA_set0_key(rsa, n, e, NULL) == 0) { -- fido_log_debug("%s: RSA_set0_key", __func__); -- goto fail; -- } -- -- /* at this point, n and e belong to rsa */ -- n = NULL; -- e = NULL; -- -- if ((pkey = EVP_PKEY_new()) == NULL || -- EVP_PKEY_assign_RSA(pkey, rsa) == 0) { -- fido_log_debug("%s: EVP_PKEY_assign_RSA", __func__); -- goto fail; -- } -- -- rsa = NULL; /* at this point, rsa belongs to evp */ -- -- ok = 0; --fail: -- if (n != NULL) -- BN_free(n); -- if (e != NULL) -- BN_free(e); -- if (rsa != NULL) -- RSA_free(rsa); -- if (ok < 0 && pkey != NULL) { -- EVP_PKEY_free(pkey); -- pkey = NULL; -- } -- -- return (pkey); --} -- --int --rs256_pk_from_RSA(rs256_pk_t *pk, const RSA *rsa) --{ -- const BIGNUM *n = NULL; -- const BIGNUM *e = NULL; -- const BIGNUM *d = NULL; -- int k; -- -- if (RSA_bits(rsa) != 2048) { -- fido_log_debug("%s: invalid key length", __func__); -- return (FIDO_ERR_INVALID_ARGUMENT); -- } -- -- RSA_get0_key(rsa, &n, &e, &d); -- -- if (n == NULL || e == NULL) { -- fido_log_debug("%s: RSA_get0_key", __func__); -- return (FIDO_ERR_INTERNAL); -- } -- -- if ((k = BN_num_bytes(n)) < 0 || (size_t)k > sizeof(pk->n) || -- (k = BN_num_bytes(e)) < 0 || (size_t)k > sizeof(pk->e)) { -- fido_log_debug("%s: invalid key", __func__); -- return (FIDO_ERR_INTERNAL); -- } -- -- if ((k = BN_bn2bin(n, pk->n)) < 0 || (size_t)k > sizeof(pk->n) || -- (k = BN_bn2bin(e, pk->e)) < 0 || (size_t)k > sizeof(pk->e)) { -- fido_log_debug("%s: BN_bn2bin", __func__); -- return (FIDO_ERR_INTERNAL); -- } -- -- return (FIDO_OK); --} -diff --git a/src/u2f.c b/src/u2f.c -index 848d2fb..aa73881 100644 ---- a/src/u2f.c -+++ b/src/u2f.c -@@ -4,8 +4,7 @@ - * license that can be found in the LICENSE file. - */ - --#include <openssl/sha.h> --#include <openssl/x509.h> -+#include <bearssl.h> - - #include <string.h> - #ifdef HAVE_UNISTD_H -@@ -78,21 +77,31 @@ sig_get(fido_blob_t *sig, const unsigned char **buf, size_t *len) - static int - x5c_get(fido_blob_t *x5c, const unsigned char **buf, size_t *len) - { -- X509 *cert = NULL; -- int ok = -1; -- -- if (*len > LONG_MAX) { -- fido_log_debug("%s: invalid len %zu", __func__, *len); -- goto fail; -- } -+ br_x509_decoder_context ctx; -+ const unsigned char *seq; -+ size_t len_len; -+ int ok = -1; - - /* find out the certificate's length */ -- const unsigned char *end = *buf; -- if ((cert = d2i_X509(NULL, &end, (long)*len)) == NULL || end <= *buf || -- (x5c->len = (size_t)(end - *buf)) >= *len) { -- fido_log_debug("%s: d2i_X509", __func__); -+ seq = *buf; -+ if (*len < 2 || seq[0] != 0x30 || seq[1] == 0x80) { -+ fido_log_debug("%s: X.509 decode", __func__); - goto fail; - } -+ if ((seq[1] & 0x80) != 0) { -+ len_len = seq[1] & 0x7f; -+ if (len_len > sizeof(size_t) || len_len > *len - 2) { -+ fido_log_debug("%s: X.509 decode", __func__); -+ goto fail; -+ } -+ seq += 2; -+ x5c->len = 0; -+ while (len_len--) -+ x5c->len = x5c->len << 8 | *seq++; -+ x5c->len += seq - *buf; -+ } else { -+ x5c->len = 2 + seq[1]; -+ } - - /* read accordingly */ - if ((x5c->ptr = calloc(1, x5c->len)) == NULL || -@@ -103,8 +112,7 @@ x5c_get(fido_blob_t *x5c, const unsigned char **buf, size_t *len) - - ok = 0; - fail: -- if (cert != NULL) -- X509_free(cert); -+ explicit_bzero(&ctx, sizeof(ctx)); - - if (ok < 0) { - free(x5c->ptr); -@@ -119,6 +127,7 @@ static int - authdata_fake(const char *rp_id, uint8_t flags, uint32_t sigcount, - fido_blob_t *fake_cbor_ad) - { -+ br_sha256_context ctx; - uint8_t authdata[AUTHDATA_BASE_SIZE] = {0}; - unsigned char *rp_id_hash; - cbor_item_t *item = NULL; -@@ -126,11 +135,9 @@ authdata_fake(const char *rp_id, uint8_t flags, uint32_t sigcount, - - rp_id_hash = (unsigned char *)&authdata[AUTHDATA_RP_ID_HASH]; - -- if (SHA256((const void *)rp_id, strlen(rp_id), -- rp_id_hash) != rp_id_hash) { -- fido_log_debug("%s: sha256", __func__); -- return (-1); -- } -+ br_sha256_init(&ctx); -+ br_sha256_update(&ctx, rp_id, strlen(rp_id)); -+ br_sha256_out(&ctx, rp_id_hash); - - authdata[AUTHDATA_FLAGS] = flags; /* XXX translate? */ - memcpy(&authdata[AUTHDATA_SIGN_COUNT], &sigcount, 4); -@@ -158,8 +165,8 @@ static int - send_dummy_register(fido_dev_t *dev, int ms) - { - iso7816_apdu_t *apdu = NULL; -- unsigned char challenge[SHA256_DIGEST_LENGTH]; -- unsigned char application[SHA256_DIGEST_LENGTH]; -+ unsigned char challenge[br_sha256_SIZE]; -+ unsigned char application[br_sha256_SIZE]; - unsigned char reply[FIDO_MAXMSG]; - int r; - -@@ -172,7 +179,7 @@ send_dummy_register(fido_dev_t *dev, int ms) - memset(&application, 0xff, sizeof(application)); - - if ((apdu = iso7816_new(U2F_CMD_REGISTER, 0, 2 * -- SHA256_DIGEST_LENGTH)) == NULL || -+ br_sha256_SIZE)) == NULL || - iso7816_add(apdu, &challenge, sizeof(challenge)) < 0 || - iso7816_add(apdu, &application, sizeof(application)) < 0) { - fido_log_debug("%s: iso7816", __func__); -@@ -210,9 +217,10 @@ static int - key_lookup(fido_dev_t *dev, const char *rp_id, const fido_blob_t *key_id, - int *found, int ms) - { -+ br_sha256_context ctx; - iso7816_apdu_t *apdu = NULL; -- unsigned char challenge[SHA256_DIGEST_LENGTH]; -- unsigned char rp_id_hash[SHA256_DIGEST_LENGTH]; -+ unsigned char challenge[br_sha256_SIZE]; -+ unsigned char rp_id_hash[br_sha256_SIZE]; - unsigned char reply[FIDO_MAXMSG]; - uint8_t key_id_len; - int r; -@@ -227,17 +235,14 @@ key_lookup(fido_dev_t *dev, const char *rp_id, const fido_blob_t *key_id, - memset(&challenge, 0xff, sizeof(challenge)); - memset(&rp_id_hash, 0, sizeof(rp_id_hash)); - -- if (SHA256((const void *)rp_id, strlen(rp_id), -- rp_id_hash) != rp_id_hash) { -- fido_log_debug("%s: sha256", __func__); -- r = FIDO_ERR_INTERNAL; -- goto fail; -- } -+ br_sha256_init(&ctx); -+ br_sha256_update(&ctx, rp_id, strlen(rp_id)); -+ br_sha256_out(&ctx, rp_id_hash); - - key_id_len = (uint8_t)key_id->len; - - if ((apdu = iso7816_new(U2F_CMD_AUTH, U2F_AUTH_CHECK, 2 * -- SHA256_DIGEST_LENGTH + sizeof(key_id_len) + key_id_len)) == NULL || -+ br_sha256_SIZE + sizeof(key_id_len) + key_id_len)) == NULL || - iso7816_add(apdu, &challenge, sizeof(challenge)) < 0 || - iso7816_add(apdu, &rp_id_hash, sizeof(rp_id_hash)) < 0 || - iso7816_add(apdu, &key_id_len, sizeof(key_id_len)) < 0 || -@@ -316,8 +321,9 @@ static int - do_auth(fido_dev_t *dev, const fido_blob_t *cdh, const char *rp_id, - const fido_blob_t *key_id, fido_blob_t *sig, fido_blob_t *ad, int ms) - { -+ br_sha256_context ctx; - iso7816_apdu_t *apdu = NULL; -- unsigned char rp_id_hash[SHA256_DIGEST_LENGTH]; -+ unsigned char rp_id_hash[br_sha256_SIZE]; - unsigned char reply[FIDO_MAXMSG]; - int reply_len; - uint8_t key_id_len; -@@ -327,7 +333,7 @@ do_auth(fido_dev_t *dev, const fido_blob_t *cdh, const char *rp_id, - ms = 0; /* XXX */ - #endif - -- if (cdh->len != SHA256_DIGEST_LENGTH || key_id->len > UINT8_MAX || -+ if (cdh->len != br_sha256_SIZE || key_id->len > UINT8_MAX || - rp_id == NULL) { - r = FIDO_ERR_INVALID_ARGUMENT; - goto fail; -@@ -335,17 +341,14 @@ do_auth(fido_dev_t *dev, const fido_blob_t *cdh, const char *rp_id, - - memset(&rp_id_hash, 0, sizeof(rp_id_hash)); - -- if (SHA256((const void *)rp_id, strlen(rp_id), -- rp_id_hash) != rp_id_hash) { -- fido_log_debug("%s: sha256", __func__); -- r = FIDO_ERR_INTERNAL; -- goto fail; -- } -+ br_sha256_init(&ctx); -+ br_sha256_update(&ctx, rp_id, strlen(rp_id)); -+ br_sha256_out(&ctx, rp_id_hash); - - key_id_len = (uint8_t)key_id->len; - - if ((apdu = iso7816_new(U2F_CMD_AUTH, U2F_AUTH_SIGN, 2 * -- SHA256_DIGEST_LENGTH + sizeof(key_id_len) + key_id_len)) == NULL || -+ br_sha256_SIZE + sizeof(key_id_len) + key_id_len)) == NULL || - iso7816_add(apdu, cdh->ptr, cdh->len) < 0 || - iso7816_add(apdu, &rp_id_hash, sizeof(rp_id_hash)) < 0 || - iso7816_add(apdu, &key_id_len, sizeof(key_id_len)) < 0 || -@@ -434,6 +437,7 @@ static int - encode_cred_authdata(const char *rp_id, const uint8_t *kh, uint8_t kh_len, - const uint8_t *pubkey, size_t pubkey_len, fido_blob_t *out) - { -+ br_sha256_context ctx; - uint8_t authdata[AUTHDATA_BASE_SIZE] = {0}; - unsigned char *rp_id_hash; - uint8_t attcred_raw[ATTCRED_BASE_SIZE] = {0}; -@@ -461,11 +465,9 @@ encode_cred_authdata(const char *rp_id, const uint8_t *kh, uint8_t kh_len, - - rp_id_hash = (unsigned char *)&authdata[AUTHDATA_RP_ID_HASH]; - -- if (SHA256((const void *)rp_id, strlen(rp_id), -- rp_id_hash) != rp_id_hash) { -- fido_log_debug("%s: sha256", __func__); -- goto fail; -- } -+ br_sha256_init(&ctx); -+ br_sha256_update(&ctx, rp_id, strlen(rp_id)); -+ br_sha256_out(&ctx, rp_id_hash); - - authdata[AUTHDATA_FLAGS] = (CTAP_AUTHDATA_ATT_CRED | - CTAP_AUTHDATA_USER_PRESENT); -@@ -607,8 +609,9 @@ fail: - int - u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms) - { -+ br_sha256_context ctx; - iso7816_apdu_t *apdu = NULL; -- unsigned char rp_id_hash[SHA256_DIGEST_LENGTH]; -+ unsigned char rp_id_hash[br_sha256_SIZE]; - unsigned char reply[FIDO_MAXMSG]; - int reply_len; - int found; -@@ -625,7 +628,7 @@ u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms) - } - - if (cred->type != COSE_ES256 || cred->cdh.ptr == NULL || -- cred->rp.id == NULL || cred->cdh.len != SHA256_DIGEST_LENGTH) { -+ cred->rp.id == NULL || cred->cdh.len != br_sha256_SIZE) { - fido_log_debug("%s: type=%d, cdh=(%p,%zu)" , __func__, - cred->type, (void *)cred->cdh.ptr, cred->cdh.len); - return (FIDO_ERR_INVALID_ARGUMENT); -@@ -649,14 +652,12 @@ u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms) - - memset(&rp_id_hash, 0, sizeof(rp_id_hash)); - -- if (SHA256((const void *)cred->rp.id, strlen(cred->rp.id), -- rp_id_hash) != rp_id_hash) { -- fido_log_debug("%s: sha256", __func__); -- return (FIDO_ERR_INTERNAL); -- } -+ br_sha256_init(&ctx); -+ br_sha256_update(&ctx, cred->rp.id, strlen(cred->rp.id)); -+ br_sha256_out(&ctx, rp_id_hash); - - if ((apdu = iso7816_new(U2F_CMD_REGISTER, 0, 2 * -- SHA256_DIGEST_LENGTH)) == NULL || -+ br_sha256_SIZE)) == NULL || - iso7816_add(apdu, cred->cdh.ptr, cred->cdh.len) < 0 || - iso7816_add(apdu, rp_id_hash, sizeof(rp_id_hash)) < 0) { - fido_log_debug("%s: iso7816", __func__); --- -2.26.1 - diff --git a/pkg/libfido2/ver b/pkg/libfido2/ver @@ -1 +1 @@ -1.4.0 r0 +1.4.0 r1