diff options
author | Damien Miller <djm@mindrot.org> | 2020-08-27 20:01:52 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-08-27 20:01:52 +1000 |
commit | ce178be0d954b210c958bc2b9e998cd6a7aa73a9 (patch) | |
tree | b972bde075746c3508c2074c2ca247c812e3269d | |
parent | d6f45cdde031acdf434bbb27235a1055621915f4 (diff) |
tweak back-compat for older libfido2
-rw-r--r-- | configure.ac | 1 | ||||
-rw-r--r-- | sk-usbhid.c | 26 |
2 files changed, 21 insertions, 6 deletions
diff --git a/configure.ac b/configure.ac index 756e2657..7386d742 100644 --- a/configure.ac +++ b/configure.ac @@ -3183,6 +3183,7 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then saved_LIBS="$LIBS" LIBS="$LIBS $LIBFIDO2" AC_CHECK_FUNCS([ \ + fido_cred_prot \ fido_cred_set_prot \ fido_dev_get_touch_status \ fido_dev_supports_cred_prot \ diff --git a/sk-usbhid.c b/sk-usbhid.c index 98e8ccf1..9b1f4b70 100644 --- a/sk-usbhid.c +++ b/sk-usbhid.c @@ -42,6 +42,12 @@ #include <fido/credman.h> /* backwards compat for libfido2 */ +#ifndef HAVE_FIDO_CRED_PROD +#define fido_cred_prot(x) (0) +#endif +#ifndef HAVE_FIDO_CRED_SET_PROT +#define fido_cred_set_prot(x, y) (FIDO_ERR_UNSUPPORTED_OPTION) +#endif #ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT #define fido_dev_supports_cred_prot(x) (0) #endif @@ -51,6 +57,12 @@ #ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS #define fido_dev_get_touch_status(x, y, z) (FIDO_ERR_UNSUPPORTED_OPTION) #endif +#ifndef FIDO_CRED_PROT_UV_REQUIRED +#define FIDO_CRED_PROT_UV_REQUIRED 0 +#endif +#ifndef FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID +#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0 +#endif #ifndef SK_STANDALONE # include "log.h" @@ -395,11 +407,6 @@ sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs) size_t skvcnt, idx; int touch, ms_remain; -#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS - skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0"); - return NULL; -#endif - if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) { skdebug(__func__, "sk_openv failed"); return NULL; @@ -413,6 +420,11 @@ sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs) } goto out; } +#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS + skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0"); + goto out; +#endif + if (sk_touch_begin(skv, skvcnt) == -1) { skdebug(__func__, "sk_touch_begin failed"); goto out; @@ -728,10 +740,12 @@ sk_enroll(uint32_t alg, const uint8_t *challenge, size_t challenge_len, goto out; } if ((flags & (SSH_SK_RESIDENT_KEY|SSH_SK_USER_VERIFICATION_REQD)) != 0) { -#ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT +#if !defined(HAVE_FIDO_DEV_SUPPORTS_CRED_PROT) || \ + !defined(HAVE_FIDO_CRED_SET_PROT) skdebug(__func__, "libfido2 version does not support a feature required for this operation. Please upgrade to >=1.5.0"); ret = SSH_SK_ERR_UNSUPPORTED; goto out; + credprot = 0; (void)credprot; /* avoid warning */ #endif if (!fido_dev_supports_cred_prot(sk->dev)) { skdebug(__func__, "%s does not support credprot, " |