tweak back-compat for older libfido2

author: Damien Miller <djm@mindrot.org> 2020-08-27 20:01:52 +1000
committer: Damien Miller <djm@mindrot.org> 2020-08-27 20:01:52 +1000
commit: ce178be0d954b210c958bc2b9e998cd6a7aa73a9 (patch)
tree: b972bde075746c3508c2074c2ca247c812e3269d
parent: d6f45cdde031acdf434bbb27235a1055621915f4 (diff)
2 files changed, 21 insertions, 6 deletions
diff --git a/configure.ac b/configure.ac
index 756e2657..7386d742 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3183,6 +3183,7 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
 	saved_LIBS="$LIBS"
 	LIBS="$LIBS $LIBFIDO2"
 	AC_CHECK_FUNCS([ \
+		fido_cred_prot \
 		fido_cred_set_prot \
 		fido_dev_get_touch_status \
 		fido_dev_supports_cred_prot \
diff --git a/sk-usbhid.c b/sk-usbhid.c
index 98e8ccf1..9b1f4b70 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -42,6 +42,12 @@
 #include <fido/credman.h>
 
 /* backwards compat for libfido2 */
+#ifndef HAVE_FIDO_CRED_PROD
+#define fido_cred_prot(x) (0)
+#endif
+#ifndef HAVE_FIDO_CRED_SET_PROT
+#define fido_cred_set_prot(x, y) (FIDO_ERR_UNSUPPORTED_OPTION)
+#endif
 #ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT
 #define fido_dev_supports_cred_prot(x) (0)
 #endif
@@ -51,6 +57,12 @@
 #ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
 #define fido_dev_get_touch_status(x, y, z) (FIDO_ERR_UNSUPPORTED_OPTION)
 #endif
+#ifndef FIDO_CRED_PROT_UV_REQUIRED
+#define FIDO_CRED_PROT_UV_REQUIRED 0
+#endif
+#ifndef FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID
+#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0
+#endif
 
 #ifndef SK_STANDALONE
 # include "log.h"
@@ -395,11 +407,6 @@ sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs)
 	size_t skvcnt, idx;
 	int touch, ms_remain;
 
-#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
-	skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0");
-	return NULL;
-#endif
-
 	if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) {
 		skdebug(__func__, "sk_openv failed");
 		return NULL;
@@ -413,6 +420,11 @@ sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs)
 		}
 		goto out;
 	}
+#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
+	skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0");
+	goto out;
+#endif
+
 	if (sk_touch_begin(skv, skvcnt) == -1) {
 		skdebug(__func__, "sk_touch_begin failed");
 		goto out;
@@ -728,10 +740,12 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len,
 		goto out;
 	}
 	if ((flags & (SSH_SK_RESIDENT_KEY|SSH_SK_USER_VERIFICATION_REQD)) != 0) {
-#ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT
+#if !defined(HAVE_FIDO_DEV_SUPPORTS_CRED_PROT) || \
+    !defined(HAVE_FIDO_CRED_SET_PROT)
 		skdebug(__func__, "libfido2 version does not support a feature required for this operation. Please upgrade to >=1.5.0");
 		ret = SSH_SK_ERR_UNSUPPORTED;
 		goto out;
+		credprot = 0; (void)credprot; /* avoid warning */
 #endif
 		if (!fido_dev_supports_cred_prot(sk->dev)) {
 			skdebug(__func__, "%s does not support credprot, "
author	Damien Miller <djm@mindrot.org>	2020-08-27 20:01:52 +1000
committer	Damien Miller <djm@mindrot.org>	2020-08-27 20:01:52 +1000
commit	ce178be0d954b210c958bc2b9e998cd6a7aa73a9 (patch)
tree	b972bde075746c3508c2074c2ca247c812e3269d
parent	d6f45cdde031acdf434bbb27235a1055621915f4 (diff)