From 53cc6c589b6482158138728442445379ce63c2d5 Mon Sep 17 00:00:00 2001
From: tnn <tnn@pkgsrc.org>
Date: Tue, 12 Apr 2022 22:27:58 +0000
Subject: libfido2: update to 1.10.0

Major changes include:
- Upstreamed NetBSD support
- NFC on Linux
- OpenSSL 3 compatibility
---
 security/libfido2/Makefile                         |   6 +-
 security/libfido2/PLIST                            | 117 +++++-
 security/libfido2/buildlink3.mk                    |  16 +-
 security/libfido2/distinfo                         |  10 +-
 security/libfido2/patches/patch-src_CMakeLists.txt |  15 -
 security/libfido2/patches/patch-src_hid__netbsd.c  | 430 ---------------------
 6 files changed, 132 insertions(+), 462 deletions(-)
 delete mode 100644 security/libfido2/patches/patch-src_CMakeLists.txt
 delete mode 100644 security/libfido2/patches/patch-src_hid__netbsd.c

diff --git a/security/libfido2/Makefile b/security/libfido2/Makefile
index 2bb6b46c02f..67df13f28aa 100644
--- a/security/libfido2/Makefile
+++ b/security/libfido2/Makefile
@@ -1,7 +1,6 @@
-#	$NetBSD: Makefile,v 1.3 2020/11/20 05:55:02 riastradh Exp $
+#	$NetBSD: Makefile,v 1.4 2022/04/12 22:27:58 tnn Exp $
 
-DISTNAME=	libfido2-1.5.0
-PKGREVISION=	1
+DISTNAME=	libfido2-1.10.0
 CATEGORIES=	security devel
 MASTER_SITES=	${MASTER_SITE_GITHUB:=Yubico/}
 GITHUB_PROJECT=	${PKGBASE}
@@ -24,5 +23,6 @@ pre-configure:
 	${MKDIR} ${WRKSRC}/build
 
 .include "../../devel/libcbor/buildlink3.mk"
+.include "../../devel/zlib/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff --git a/security/libfido2/PLIST b/security/libfido2/PLIST
index 29512de7886..45e6c7b4dd7 100644
--- a/security/libfido2/PLIST
+++ b/security/libfido2/PLIST
@@ -1,9 +1,10 @@
-@comment $NetBSD: PLIST,v 1.2 2020/10/22 20:29:44 tnn Exp $
+@comment $NetBSD: PLIST,v 1.3 2022/04/12 22:27:58 tnn Exp $
 bin/fido2-assert
 bin/fido2-cred
 bin/fido2-token
 include/fido.h
 include/fido/bio.h
+include/fido/config.h
 include/fido/credman.h
 include/fido/eddsa.h
 include/fido/err.h
@@ -20,17 +21,21 @@ man/man1/fido2-assert.1
 man/man1/fido2-cred.1
 man/man1/fido2-token.1
 man/man3/eddsa_pk_free.3
+man/man3/eddsa_pk_from_EVP_PKEY.3
 man/man3/eddsa_pk_from_ptr.3
 man/man3/eddsa_pk_new.3
 man/man3/eddsa_pk_to_EVP_PKEY.3
 man/man3/es256_pk_free.3
 man/man3/es256_pk_from_EC_KEY.3
+man/man3/es256_pk_from_EVP_PKEY.3
 man/man3/es256_pk_from_ptr.3
 man/man3/es256_pk_new.3
 man/man3/es256_pk_to_EVP_PKEY.3
 man/man3/fido_assert_allow_cred.3
 man/man3/fido_assert_authdata_len.3
 man/man3/fido_assert_authdata_ptr.3
+man/man3/fido_assert_blob_len.3
+man/man3/fido_assert_blob_ptr.3
 man/man3/fido_assert_clientdata_hash_len.3
 man/man3/fido_assert_clientdata_hash_ptr.3
 man/man3/fido_assert_count.3
@@ -40,13 +45,18 @@ man/man3/fido_assert_hmac_secret_len.3
 man/man3/fido_assert_hmac_secret_ptr.3
 man/man3/fido_assert_id_len.3
 man/man3/fido_assert_id_ptr.3
+man/man3/fido_assert_largeblob_key_len.3
+man/man3/fido_assert_largeblob_key_ptr.3
 man/man3/fido_assert_new.3
 man/man3/fido_assert_rp_id.3
 man/man3/fido_assert_set_authdata.3
+man/man3/fido_assert_set_authdata_raw.3
+man/man3/fido_assert_set_clientdata.3
 man/man3/fido_assert_set_clientdata_hash.3
 man/man3/fido_assert_set_count.3
 man/man3/fido_assert_set_extensions.3
 man/man3/fido_assert_set_hmac_salt.3
+man/man3/fido_assert_set_hmac_secret.3
 man/man3/fido_assert_set_rp.3
 man/man3/fido_assert_set_sig.3
 man/man3/fido_assert_set_up.3
@@ -88,10 +98,14 @@ man/man3/fido_bio_template_set_id.3
 man/man3/fido_bio_template_set_name.3
 man/man3/fido_cbor_info_aaguid_len.3
 man/man3/fido_cbor_info_aaguid_ptr.3
+man/man3/fido_cbor_info_algorithm_cose.3
+man/man3/fido_cbor_info_algorithm_count.3
+man/man3/fido_cbor_info_algorithm_type.3
 man/man3/fido_cbor_info_extensions_len.3
 man/man3/fido_cbor_info_extensions_ptr.3
 man/man3/fido_cbor_info_free.3
 man/man3/fido_cbor_info_fwversion.3
+man/man3/fido_cbor_info_maxcredbloblen.3
 man/man3/fido_cbor_info_maxcredcntlst.3
 man/man3/fido_cbor_info_maxcredidlen.3
 man/man3/fido_cbor_info_maxmsgsiz.3
@@ -101,12 +115,18 @@ man/man3/fido_cbor_info_options_name_ptr.3
 man/man3/fido_cbor_info_options_value_ptr.3
 man/man3/fido_cbor_info_protocols_len.3
 man/man3/fido_cbor_info_protocols_ptr.3
+man/man3/fido_cbor_info_transports_len.3
+man/man3/fido_cbor_info_transports_ptr.3
 man/man3/fido_cbor_info_versions_len.3
 man/man3/fido_cbor_info_versions_ptr.3
 man/man3/fido_cred_aaguid_len.3
 man/man3/fido_cred_aaguid_ptr.3
+man/man3/fido_cred_attstmt_len.3
+man/man3/fido_cred_attstmt_ptr.3
 man/man3/fido_cred_authdata_len.3
 man/man3/fido_cred_authdata_ptr.3
+man/man3/fido_cred_authdata_raw_len.3
+man/man3/fido_cred_authdata_raw_ptr.3
 man/man3/fido_cred_clientdata_hash_len.3
 man/man3/fido_cred_clientdata_hash_ptr.3
 man/man3/fido_cred_display_name.3
@@ -116,17 +136,25 @@ man/man3/fido_cred_fmt.3
 man/man3/fido_cred_free.3
 man/man3/fido_cred_id_len.3
 man/man3/fido_cred_id_ptr.3
+man/man3/fido_cred_largeblob_key_len.3
+man/man3/fido_cred_largeblob_key_ptr.3
 man/man3/fido_cred_new.3
+man/man3/fido_cred_pin_minlen.3
 man/man3/fido_cred_prot.3
 man/man3/fido_cred_pubkey_len.3
 man/man3/fido_cred_pubkey_ptr.3
 man/man3/fido_cred_rp_id.3
 man/man3/fido_cred_rp_name.3
+man/man3/fido_cred_set_attstmt.3
 man/man3/fido_cred_set_authdata.3
 man/man3/fido_cred_set_authdata_raw.3
+man/man3/fido_cred_set_blob.3
+man/man3/fido_cred_set_clientdata.3
 man/man3/fido_cred_set_clientdata_hash.3
 man/man3/fido_cred_set_extensions.3
 man/man3/fido_cred_set_fmt.3
+man/man3/fido_cred_set_id.3
+man/man3/fido_cred_set_pin_minlen.3
 man/man3/fido_cred_set_prot.3
 man/man3/fido_cred_set_rk.3
 man/man3/fido_cred_set_rp.3
@@ -137,11 +165,13 @@ man/man3/fido_cred_set_uv.3
 man/man3/fido_cred_set_x509.3
 man/man3/fido_cred_sig_len.3
 man/man3/fido_cred_sig_ptr.3
+man/man3/fido_cred_sigcount.3
 man/man3/fido_cred_type.3
 man/man3/fido_cred_user_id_len.3
 man/man3/fido_cred_user_id_ptr.3
 man/man3/fido_cred_user_name.3
 man/man3/fido_cred_verify.3
+man/man3/fido_cred_verify_self.3
 man/man3/fido_cred_x5c_len.3
 man/man3/fido_cred_x5c_ptr.3
 man/man3/fido_credman_del_dev_rk.3
@@ -163,17 +193,24 @@ man/man3/fido_credman_rp_id_hash_len.3
 man/man3/fido_credman_rp_id_hash_ptr.3
 man/man3/fido_credman_rp_name.3
 man/man3/fido_credman_rp_new.3
+man/man3/fido_credman_set_dev_rk.3
 man/man3/fido_dev_build.3
 man/man3/fido_dev_cancel.3
 man/man3/fido_dev_close.3
+man/man3/fido_dev_enable_entattest.3
 man/man3/fido_dev_flags.3
 man/man3/fido_dev_force_fido2.3
+man/man3/fido_dev_force_pin_change.3
 man/man3/fido_dev_force_u2f.3
 man/man3/fido_dev_free.3
 man/man3/fido_dev_get_assert.3
 man/man3/fido_dev_get_cbor_info.3
 man/man3/fido_dev_get_retry_count.3
 man/man3/fido_dev_get_touch_begin.3
+man/man3/fido_dev_get_touch_status.3
+man/man3/fido_dev_get_uv_retry_count.3
+man/man3/fido_dev_has_pin.3
+man/man3/fido_dev_has_uv.3
 man/man3/fido_dev_info_free.3
 man/man3/fido_dev_info_manifest.3
 man/man3/fido_dev_info_manufacturer_string.3
@@ -182,32 +219,55 @@ man/man3/fido_dev_info_path.3
 man/man3/fido_dev_info_product.3
 man/man3/fido_dev_info_product_string.3
 man/man3/fido_dev_info_ptr.3
+man/man3/fido_dev_info_set.3
 man/man3/fido_dev_info_vendor.3
+man/man3/fido_dev_io_handle.3
 man/man3/fido_dev_is_fido2.3
+man/man3/fido_dev_is_winhello.3
+man/man3/fido_dev_largeblob_get.3
+man/man3/fido_dev_largeblob_get_array.3
+man/man3/fido_dev_largeblob_remove.3
+man/man3/fido_dev_largeblob_set.3
+man/man3/fido_dev_largeblob_set_array.3
 man/man3/fido_dev_major.3
 man/man3/fido_dev_make_cred.3
 man/man3/fido_dev_minor.3
 man/man3/fido_dev_new.3
+man/man3/fido_dev_new_with_info.3
 man/man3/fido_dev_open.3
+man/man3/fido_dev_open_with_info.3
 man/man3/fido_dev_protocol.3
 man/man3/fido_dev_reset.3
 man/man3/fido_dev_set_io_functions.3
 man/man3/fido_dev_set_pin.3
+man/man3/fido_dev_set_pin_minlen.3
+man/man3/fido_dev_set_pin_minlen_rpid.3
+man/man3/fido_dev_set_sigmask.3
+man/man3/fido_dev_set_timeout.3
+man/man3/fido_dev_set_transport_functions.3
 man/man3/fido_dev_supports_cred_prot.3
+man/man3/fido_dev_supports_credman.3
+man/man3/fido_dev_supports_permissions.3
 man/man3/fido_dev_supports_pin.3
+man/man3/fido_dev_supports_uv.3
+man/man3/fido_dev_toggle_always_uv.3
 man/man3/fido_init.3
+man/man3/fido_set_log_handler.3
 man/man3/fido_strerr.3
 man/man3/rs256_pk_free.3
+man/man3/rs256_pk_from_EVP_PKEY.3
 man/man3/rs256_pk_from_RSA.3
 man/man3/rs256_pk_from_ptr.3
 man/man3/rs256_pk_new.3
 man/man3/rs256_pk_to_EVP_PKEY.3
 share/doc/libfido2/html/eddsa_pk_free.html
+share/doc/libfido2/html/eddsa_pk_from_EVP_PKEY.html
 share/doc/libfido2/html/eddsa_pk_from_ptr.html
 share/doc/libfido2/html/eddsa_pk_new.html
 share/doc/libfido2/html/eddsa_pk_to_EVP_PKEY.html
 share/doc/libfido2/html/es256_pk_free.html
 share/doc/libfido2/html/es256_pk_from_EC_KEY.html
+share/doc/libfido2/html/es256_pk_from_EVP_PKEY.html
 share/doc/libfido2/html/es256_pk_from_ptr.html
 share/doc/libfido2/html/es256_pk_new.html
 share/doc/libfido2/html/es256_pk_to_EVP_PKEY.html
@@ -217,6 +277,8 @@ share/doc/libfido2/html/fido2-token.html
 share/doc/libfido2/html/fido_assert_allow_cred.html
 share/doc/libfido2/html/fido_assert_authdata_len.html
 share/doc/libfido2/html/fido_assert_authdata_ptr.html
+share/doc/libfido2/html/fido_assert_blob_len.html
+share/doc/libfido2/html/fido_assert_blob_ptr.html
 share/doc/libfido2/html/fido_assert_clientdata_hash_len.html
 share/doc/libfido2/html/fido_assert_clientdata_hash_ptr.html
 share/doc/libfido2/html/fido_assert_count.html
@@ -226,13 +288,18 @@ share/doc/libfido2/html/fido_assert_hmac_secret_len.html
 share/doc/libfido2/html/fido_assert_hmac_secret_ptr.html
 share/doc/libfido2/html/fido_assert_id_len.html
 share/doc/libfido2/html/fido_assert_id_ptr.html
+share/doc/libfido2/html/fido_assert_largeblob_key_len.html
+share/doc/libfido2/html/fido_assert_largeblob_key_ptr.html
 share/doc/libfido2/html/fido_assert_new.html
 share/doc/libfido2/html/fido_assert_rp_id.html
 share/doc/libfido2/html/fido_assert_set_authdata.html
+share/doc/libfido2/html/fido_assert_set_authdata_raw.html
+share/doc/libfido2/html/fido_assert_set_clientdata.html
 share/doc/libfido2/html/fido_assert_set_clientdata_hash.html
 share/doc/libfido2/html/fido_assert_set_count.html
 share/doc/libfido2/html/fido_assert_set_extensions.html
 share/doc/libfido2/html/fido_assert_set_hmac_salt.html
+share/doc/libfido2/html/fido_assert_set_hmac_secret.html
 share/doc/libfido2/html/fido_assert_set_rp.html
 share/doc/libfido2/html/fido_assert_set_sig.html
 share/doc/libfido2/html/fido_assert_set_up.html
@@ -274,10 +341,14 @@ share/doc/libfido2/html/fido_bio_template_set_id.html
 share/doc/libfido2/html/fido_bio_template_set_name.html
 share/doc/libfido2/html/fido_cbor_info_aaguid_len.html
 share/doc/libfido2/html/fido_cbor_info_aaguid_ptr.html
+share/doc/libfido2/html/fido_cbor_info_algorithm_cose.html
+share/doc/libfido2/html/fido_cbor_info_algorithm_count.html
+share/doc/libfido2/html/fido_cbor_info_algorithm_type.html
 share/doc/libfido2/html/fido_cbor_info_extensions_len.html
 share/doc/libfido2/html/fido_cbor_info_extensions_ptr.html
 share/doc/libfido2/html/fido_cbor_info_free.html
 share/doc/libfido2/html/fido_cbor_info_fwversion.html
+share/doc/libfido2/html/fido_cbor_info_maxcredbloblen.html
 share/doc/libfido2/html/fido_cbor_info_maxcredcntlst.html
 share/doc/libfido2/html/fido_cbor_info_maxcredidlen.html
 share/doc/libfido2/html/fido_cbor_info_maxmsgsiz.html
@@ -287,12 +358,18 @@ share/doc/libfido2/html/fido_cbor_info_options_name_ptr.html
 share/doc/libfido2/html/fido_cbor_info_options_value_ptr.html
 share/doc/libfido2/html/fido_cbor_info_protocols_len.html
 share/doc/libfido2/html/fido_cbor_info_protocols_ptr.html
+share/doc/libfido2/html/fido_cbor_info_transports_len.html
+share/doc/libfido2/html/fido_cbor_info_transports_ptr.html
 share/doc/libfido2/html/fido_cbor_info_versions_len.html
 share/doc/libfido2/html/fido_cbor_info_versions_ptr.html
 share/doc/libfido2/html/fido_cred_aaguid_len.html
 share/doc/libfido2/html/fido_cred_aaguid_ptr.html
+share/doc/libfido2/html/fido_cred_attstmt_len.html
+share/doc/libfido2/html/fido_cred_attstmt_ptr.html
 share/doc/libfido2/html/fido_cred_authdata_len.html
 share/doc/libfido2/html/fido_cred_authdata_ptr.html
+share/doc/libfido2/html/fido_cred_authdata_raw_len.html
+share/doc/libfido2/html/fido_cred_authdata_raw_ptr.html
 share/doc/libfido2/html/fido_cred_clientdata_hash_len.html
 share/doc/libfido2/html/fido_cred_clientdata_hash_ptr.html
 share/doc/libfido2/html/fido_cred_display_name.html
@@ -302,17 +379,25 @@ share/doc/libfido2/html/fido_cred_fmt.html
 share/doc/libfido2/html/fido_cred_free.html
 share/doc/libfido2/html/fido_cred_id_len.html
 share/doc/libfido2/html/fido_cred_id_ptr.html
+share/doc/libfido2/html/fido_cred_largeblob_key_len.html
+share/doc/libfido2/html/fido_cred_largeblob_key_ptr.html
 share/doc/libfido2/html/fido_cred_new.html
+share/doc/libfido2/html/fido_cred_pin_minlen.html
 share/doc/libfido2/html/fido_cred_prot.html
 share/doc/libfido2/html/fido_cred_pubkey_len.html
 share/doc/libfido2/html/fido_cred_pubkey_ptr.html
 share/doc/libfido2/html/fido_cred_rp_id.html
 share/doc/libfido2/html/fido_cred_rp_name.html
+share/doc/libfido2/html/fido_cred_set_attstmt.html
 share/doc/libfido2/html/fido_cred_set_authdata.html
 share/doc/libfido2/html/fido_cred_set_authdata_raw.html
+share/doc/libfido2/html/fido_cred_set_blob.html
+share/doc/libfido2/html/fido_cred_set_clientdata.html
 share/doc/libfido2/html/fido_cred_set_clientdata_hash.html
 share/doc/libfido2/html/fido_cred_set_extensions.html
 share/doc/libfido2/html/fido_cred_set_fmt.html
+share/doc/libfido2/html/fido_cred_set_id.html
+share/doc/libfido2/html/fido_cred_set_pin_minlen.html
 share/doc/libfido2/html/fido_cred_set_prot.html
 share/doc/libfido2/html/fido_cred_set_rk.html
 share/doc/libfido2/html/fido_cred_set_rp.html
@@ -323,11 +408,13 @@ share/doc/libfido2/html/fido_cred_set_uv.html
 share/doc/libfido2/html/fido_cred_set_x509.html
 share/doc/libfido2/html/fido_cred_sig_len.html
 share/doc/libfido2/html/fido_cred_sig_ptr.html
+share/doc/libfido2/html/fido_cred_sigcount.html
 share/doc/libfido2/html/fido_cred_type.html
 share/doc/libfido2/html/fido_cred_user_id_len.html
 share/doc/libfido2/html/fido_cred_user_id_ptr.html
 share/doc/libfido2/html/fido_cred_user_name.html
 share/doc/libfido2/html/fido_cred_verify.html
+share/doc/libfido2/html/fido_cred_verify_self.html
 share/doc/libfido2/html/fido_cred_x5c_len.html
 share/doc/libfido2/html/fido_cred_x5c_ptr.html
 share/doc/libfido2/html/fido_credman_del_dev_rk.html
@@ -349,17 +436,24 @@ share/doc/libfido2/html/fido_credman_rp_id_hash_len.html
 share/doc/libfido2/html/fido_credman_rp_id_hash_ptr.html
 share/doc/libfido2/html/fido_credman_rp_name.html
 share/doc/libfido2/html/fido_credman_rp_new.html
+share/doc/libfido2/html/fido_credman_set_dev_rk.html
 share/doc/libfido2/html/fido_dev_build.html
 share/doc/libfido2/html/fido_dev_cancel.html
 share/doc/libfido2/html/fido_dev_close.html
+share/doc/libfido2/html/fido_dev_enable_entattest.html
 share/doc/libfido2/html/fido_dev_flags.html
 share/doc/libfido2/html/fido_dev_force_fido2.html
+share/doc/libfido2/html/fido_dev_force_pin_change.html
 share/doc/libfido2/html/fido_dev_force_u2f.html
 share/doc/libfido2/html/fido_dev_free.html
 share/doc/libfido2/html/fido_dev_get_assert.html
 share/doc/libfido2/html/fido_dev_get_cbor_info.html
 share/doc/libfido2/html/fido_dev_get_retry_count.html
 share/doc/libfido2/html/fido_dev_get_touch_begin.html
+share/doc/libfido2/html/fido_dev_get_touch_status.html
+share/doc/libfido2/html/fido_dev_get_uv_retry_count.html
+share/doc/libfido2/html/fido_dev_has_pin.html
+share/doc/libfido2/html/fido_dev_has_uv.html
 share/doc/libfido2/html/fido_dev_info_free.html
 share/doc/libfido2/html/fido_dev_info_manifest.html
 share/doc/libfido2/html/fido_dev_info_manufacturer_string.html
@@ -368,22 +462,43 @@ share/doc/libfido2/html/fido_dev_info_path.html
 share/doc/libfido2/html/fido_dev_info_product.html
 share/doc/libfido2/html/fido_dev_info_product_string.html
 share/doc/libfido2/html/fido_dev_info_ptr.html
+share/doc/libfido2/html/fido_dev_info_set.html
 share/doc/libfido2/html/fido_dev_info_vendor.html
+share/doc/libfido2/html/fido_dev_io_handle.html
 share/doc/libfido2/html/fido_dev_is_fido2.html
+share/doc/libfido2/html/fido_dev_is_winhello.html
+share/doc/libfido2/html/fido_dev_largeblob_get.html
+share/doc/libfido2/html/fido_dev_largeblob_get_array.html
+share/doc/libfido2/html/fido_dev_largeblob_remove.html
+share/doc/libfido2/html/fido_dev_largeblob_set.html
+share/doc/libfido2/html/fido_dev_largeblob_set_array.html
 share/doc/libfido2/html/fido_dev_major.html
 share/doc/libfido2/html/fido_dev_make_cred.html
 share/doc/libfido2/html/fido_dev_minor.html
 share/doc/libfido2/html/fido_dev_new.html
+share/doc/libfido2/html/fido_dev_new_with_info.html
 share/doc/libfido2/html/fido_dev_open.html
+share/doc/libfido2/html/fido_dev_open_with_info.html
 share/doc/libfido2/html/fido_dev_protocol.html
 share/doc/libfido2/html/fido_dev_reset.html
 share/doc/libfido2/html/fido_dev_set_io_functions.html
 share/doc/libfido2/html/fido_dev_set_pin.html
+share/doc/libfido2/html/fido_dev_set_pin_minlen.html
+share/doc/libfido2/html/fido_dev_set_pin_minlen_rpid.html
+share/doc/libfido2/html/fido_dev_set_sigmask.html
+share/doc/libfido2/html/fido_dev_set_timeout.html
+share/doc/libfido2/html/fido_dev_set_transport_functions.html
 share/doc/libfido2/html/fido_dev_supports_cred_prot.html
+share/doc/libfido2/html/fido_dev_supports_credman.html
+share/doc/libfido2/html/fido_dev_supports_permissions.html
 share/doc/libfido2/html/fido_dev_supports_pin.html
+share/doc/libfido2/html/fido_dev_supports_uv.html
+share/doc/libfido2/html/fido_dev_toggle_always_uv.html
 share/doc/libfido2/html/fido_init.html
+share/doc/libfido2/html/fido_set_log_handler.html
 share/doc/libfido2/html/fido_strerr.html
 share/doc/libfido2/html/rs256_pk_free.html
+share/doc/libfido2/html/rs256_pk_from_EVP_PKEY.html
 share/doc/libfido2/html/rs256_pk_from_RSA.html
 share/doc/libfido2/html/rs256_pk_from_ptr.html
 share/doc/libfido2/html/rs256_pk_new.html
diff --git a/security/libfido2/buildlink3.mk b/security/libfido2/buildlink3.mk
index 2529877f306..68788ec434e 100644
--- a/security/libfido2/buildlink3.mk
+++ b/security/libfido2/buildlink3.mk
@@ -1,14 +1,16 @@
-#	$NetBSD: buildlink3.mk,v 1.2 2020/10/22 20:29:44 tnn Exp $
+# $NetBSD: buildlink3.mk,v 1.3 2022/04/12 22:27:58 tnn Exp $
 
 BUILDLINK_TREE+=	libfido2
 
-.if !defined(LIBFIDO2_BUILDLINK_MK)
-LIBFIDO2_BUILDLINK_MK:=
+.if !defined(LIBFIDO2_BUILDLINK3_MK)
+LIBFIDO2_BUILDLINK3_MK:=
 
-BUILDLINK_API_DEPENDS.libfido2+=	libfido2>=1.4.0
-BUILDLINK_ABI_DEPENDS.libfido2+=	libfido2>=1.5.0
-BUILDLINK_PKGSRCDIR.libfido2?=		../../security/libfido2
+BUILDLINK_API_DEPENDS.libfido2+=	libfido2>=1.10.0
+BUILDLINK_PKGSRCDIR.libfido2?=	../../security/libfido2
 
-.endif # LIBFIDO2_BUILDLINK_MK
+.include "../../devel/libcbor/buildlink3.mk"
+.include "../../devel/zlib/buildlink3.mk"
+.include "../../security/openssl/buildlink3.mk"
+.endif	# LIBFIDO2_BUILDLINK3_MK
 
 BUILDLINK_TREE+=	-libfido2
diff --git a/security/libfido2/distinfo b/security/libfido2/distinfo
index 61002cf0af8..c85f8f6b30c 100644
--- a/security/libfido2/distinfo
+++ b/security/libfido2/distinfo
@@ -1,7 +1,5 @@
-$NetBSD: distinfo,v 1.5 2021/10/26 11:17:13 nia Exp $
+$NetBSD: distinfo,v 1.6 2022/04/12 22:27:58 tnn Exp $
 
-BLAKE2s (libfido2-1.5.0.tar.gz) = 8abdf607588538d6b56c95fbc1cafc50d915e2a730666a46b233b150ecbf57d3
-SHA512 (libfido2-1.5.0.tar.gz) = 240e2368e43846fddf5e98bbcc247468833565bcde4ec27976b88c814d787f1a477241a82b064818aa0eb0a98ff46a65d80b8243f4d0bbd763270e42492354e2
-Size (libfido2-1.5.0.tar.gz) = 407259 bytes
-SHA1 (patch-src_CMakeLists.txt) = ebc7243648b1026f01b4d8ba3572425d7f75264c
-SHA1 (patch-src_hid__netbsd.c) = 7bfc4d66d3046e5fea591a9d79516eb72b479625
+BLAKE2s (libfido2-1.10.0.tar.gz) = e7051c52d0ce83c5393b6e1deb0a4e19c257192b786a6ba1dca761fbab8779ac
+SHA512 (libfido2-1.10.0.tar.gz) = ba03e25d3f42f11cec74dee48c853ae35d03600f24ca06d2b751840408a132290fe22461372ae42ae31419061a63d9908c20a2c0cf3c0c9c8dbc46c34916784f
+Size (libfido2-1.10.0.tar.gz) = 591372 bytes
diff --git a/security/libfido2/patches/patch-src_CMakeLists.txt b/security/libfido2/patches/patch-src_CMakeLists.txt
deleted file mode 100644
index 62b5480f7e8..00000000000
--- a/security/libfido2/patches/patch-src_CMakeLists.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-src_CMakeLists.txt,v 1.3 2020/11/20 05:55:02 riastradh Exp $
-
-Add NetBSD support -- same USB HID API as OpenBSD.
-
---- src/CMakeLists.txt.orig	2020-09-01 07:17:43.000000000 +0000
-+++ src/CMakeLists.txt
-@@ -44,6 +44,8 @@ elseif(APPLE)
- 	list(APPEND FIDO_SOURCES hid_osx.c)
- elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
- 	list(APPEND FIDO_SOURCES hid_linux.c)
-+elseif(CMAKE_SYSTEM_NAME STREQUAL "NetBSD")
-+	list(APPEND FIDO_SOURCES hid_netbsd.c)
- elseif(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
- 	list(APPEND FIDO_SOURCES hid_openbsd.c)
- else()
diff --git a/security/libfido2/patches/patch-src_hid__netbsd.c b/security/libfido2/patches/patch-src_hid__netbsd.c
deleted file mode 100644
index cb328d2bc00..00000000000
--- a/security/libfido2/patches/patch-src_hid__netbsd.c
+++ /dev/null
@@ -1,430 +0,0 @@
-$NetBSD: patch-src_hid__netbsd.c,v 1.1 2020/11/20 05:55:02 riastradh Exp $
-
-Add NetBSD support.
-
---- src/hid_netbsd.c.orig	2020-11-20 05:15:48.453959989 +0000
-+++ src/hid_netbsd.c
-@@ -0,0 +1,423 @@
-+/*
-+ * Copyright (c) 2020 Yubico AB. All rights reserved.
-+ * Use of this source code is governed by a BSD-style
-+ * license that can be found in the LICENSE file.
-+ */
-+
-+#include <sys/types.h>
-+#include <sys/ioctl.h>
-+
-+#include <dev/usb/usb.h>
-+#include <dev/usb/usbhid.h>
-+
-+#include <errno.h>
-+#include <fcntl.h>
-+#include <poll.h>
-+#include <stdbool.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <usbhid.h>
-+
-+#include "fido.h"
-+
-+#define MAX_UHID	64
-+
-+struct hid_netbsd {
-+	int	fd;
-+	size_t	report_in_len;
-+	size_t	report_out_len;
-+};
-+
-+/* Hack to make this work with newer kernels even if /usr/include is old.  */
-+#if __NetBSD_Version__ < 901000000	/* 9.1 */
-+#define	USB_HID_GET_RAW	_IOR('h', 1, int)
-+#define	USB_HID_SET_RAW	_IOW('h', 2, int)
-+#endif
-+
-+static bool
-+is_fido(int fd)
-+{
-+	report_desc_t			rdesc;
-+	hid_data_t			hdata;
-+	hid_item_t			hitem;
-+	bool				isfido;
-+	int				raw = 1;
-+
-+	if ((rdesc = hid_get_report_desc(fd)) == NULL) {
-+		fido_log_debug("%s: failed to get report descriptor",
-+		    __func__);
-+		return (false);
-+	}
-+	if ((hdata = hid_start_parse(rdesc, 1 << hid_collection, -1))
-+	    == NULL) {
-+		fido_log_debug("%s: failed to parse report descriptor",
-+		    __func__);
-+		hid_dispose_report_desc(rdesc);
-+		return (false);
-+	}
-+	isfido = false;
-+	while ((hid_get_item(hdata, &hitem)) > 0) {
-+		if (HID_PAGE(hitem.usage) == 0xf1d0) {
-+			isfido = true;
-+			break;
-+		}
-+	}
-+	hid_end_parse(hdata);
-+	hid_dispose_report_desc(rdesc);
-+	if (!isfido)
-+		return (false);
-+
-+        /*
-+	 * This step is not strictly necessary -- NetBSD puts fido
-+         * devices into raw mode automatically by default, but in
-+         * principle that might change, and this serves as a test to
-+         * verify that we're running on a kernel with support for raw
-+         * mode at all so we don't get confused issuing writes that try
-+         * to set the report descriptor rather than transfer data on
-+         * the output interrupt pipe as we need.
-+	 */
-+	if (ioctl(fd, USB_HID_SET_RAW, &raw) == -1) {
-+		fido_log_debug("%s: unable to set raw", __func__);
-+		return (false);
-+	}
-+
-+	return (true);
-+}
-+
-+static int
-+copy_info(fido_dev_info_t *di, const char *path)
-+{
-+	int			fd = -1;
-+	int			ok = -1;
-+	struct usb_device_info	udi;
-+
-+	memset(di, 0, sizeof(*di));
-+	memset(&udi, 0, sizeof(udi));
-+
-+	if ((fd = open(path, O_RDWR)) == -1) {
-+		if (errno != EBUSY && errno != ENOENT)
-+			fido_log_debug("%s: open %s: %s", __func__, path,
-+			    strerror(errno));
-+		goto fail;
-+	}
-+	if (!is_fido(fd))
-+		goto fail;
-+
-+	if (ioctl(fd, USB_GET_DEVICEINFO, &udi) == -1)
-+		goto fail;
-+
-+	if ((di->path = strdup(path)) == NULL ||
-+	    (di->manufacturer = strdup(udi.udi_vendor)) == NULL ||
-+	    (di->product = strdup(udi.udi_product)) == NULL)
-+		goto fail;
-+
-+	di->vendor_id = (int16_t)udi.udi_vendorNo;
-+	di->product_id = (int16_t)udi.udi_productNo;
-+
-+	ok = 0;
-+fail:
-+	if (fd != -1)
-+		close(fd);
-+
-+	if (ok < 0) {
-+		free(di->path);
-+		free(di->manufacturer);
-+		free(di->product);
-+		explicit_bzero(di, sizeof(*di));
-+	}
-+
-+	return (ok);
-+}
-+
-+int
-+fido_hid_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen)
-+{
-+	char	path[64];
-+	size_t	i;
-+
-+	*olen = 0;
-+
-+	if (ilen == 0)
-+		return (FIDO_OK); /* nothing to do */
-+
-+	if (devlist == NULL || olen == NULL)
-+		return (FIDO_ERR_INVALID_ARGUMENT);
-+
-+	for (i = *olen = 0; i < MAX_UHID && *olen < ilen; i++) {
-+		snprintf(path, sizeof(path), "/dev/uhid%zu", i);
-+		if (copy_info(&devlist[*olen], path) == 0) {
-+			devlist[*olen].io = (fido_dev_io_t) {
-+				fido_hid_open,
-+				fido_hid_close,
-+				fido_hid_read,
-+				fido_hid_write,
-+			};
-+			++(*olen);
-+		}
-+	}
-+
-+	return (FIDO_OK);
-+}
-+
-+/*
-+ * Workaround for NetBSD (as of 201910) bug that loses
-+ * sync of DATA0/DATA1 sequence bit across uhid open/close.
-+ * Send pings until we get a response - early pings with incorrect
-+ * sequence bits will be ignored as duplicate packets by the device.
-+ */
-+static int
-+terrible_ping_kludge(struct hid_netbsd *ctx)
-+{
-+	u_char data[256];
-+	int i, n;
-+	struct pollfd pfd;
-+
-+	if (sizeof(data) < ctx->report_out_len + 1)
-+		return -1;
-+	for (i = 0; i < 4; i++) {
-+		memset(data, 0, sizeof(data));
-+		/* broadcast channel ID */
-+		data[1] = 0xff;
-+		data[2] = 0xff;
-+		data[3] = 0xff;
-+		data[4] = 0xff;
-+		/* Ping command */
-+		data[5] = 0x81;
-+		/* One byte ping only, Vasili */
-+		data[6] = 0;
-+		data[7] = 1;
-+		fido_log_debug("%s: send ping %d", __func__, i);
-+		if (fido_hid_write(ctx, data, ctx->report_out_len + 1) == -1)
-+			return -1;
-+		fido_log_debug("%s: wait reply", __func__);
-+		memset(&pfd, 0, sizeof(pfd));
-+		pfd.fd = ctx->fd;
-+		pfd.events = POLLIN;
-+		if ((n = poll(&pfd, 1, 100)) == -1) {
-+			fido_log_debug("%s: poll: %d", __func__, errno);
-+			return -1;
-+		} else if (n == 0) {
-+			fido_log_debug("%s: timed out", __func__);
-+			continue;
-+		}
-+		if (fido_hid_read(ctx, data, ctx->report_out_len, 250) == -1)
-+			return -1;
-+		/*
-+		 * Ping isn't always supported on the broadcast channel,
-+		 * so we might get an error, but we don't care - we're
-+		 * synched now.
-+		 */
-+		fido_log_debug("%s: got reply", __func__);
-+		fido_log_xxd(data, ctx->report_out_len);
-+		return 0;
-+	}
-+	fido_log_debug("%s: no response", __func__);
-+	return -1;
-+}
-+
-+void *
-+fido_hid_open(const char *path)
-+{
-+	struct hid_netbsd		*ctx;
-+	report_desc_t			rdesc = NULL;
-+	hid_data_t			hdata;
-+	int				len, report_id = 0;
-+
-+	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
-+		goto fail0;
-+	if ((ctx->fd = open(path, O_RDWR)) == -1)
-+		goto fail1;
-+	if (ioctl(ctx->fd, USB_GET_REPORT_ID, &report_id) == -1) {
-+		fido_log_debug("%s: failed to get report ID: %s", __func__,
-+		    strerror(errno));
-+		goto fail2;
-+	}
-+	if ((rdesc = hid_get_report_desc(ctx->fd)) == NULL) {
-+		fido_log_debug("%s: failed to get report descriptor",
-+		    __func__);
-+		goto fail2;
-+	}
-+	if ((hdata = hid_start_parse(rdesc, 1 << hid_collection, -1))
-+	    == NULL) {
-+		fido_log_debug("%s: failed to parse report descriptor",
-+		    __func__);
-+		goto fail3;
-+	}
-+	if ((len = hid_report_size(rdesc, hid_input, report_id)) <= 0 ||
-+	    (size_t)len > CTAP_MAX_REPORT_LEN) {
-+		fido_log_debug("%s: bad input report size %d", __func__, len);
-+		goto fail3;
-+	}
-+	ctx->report_in_len = (size_t)len;
-+	if ((len = hid_report_size(rdesc, hid_output, report_id)) <= 0 ||
-+	    (size_t)len > CTAP_MAX_REPORT_LEN) {
-+		fido_log_debug("%s: bad output report size %d", __func__, len);
-+		goto fail3;
-+	}
-+	ctx->report_out_len = (size_t)len;
-+	hid_dispose_report_desc(rdesc);
-+
-+	/*
-+	 * NetBSD has a bug that causes it to lose
-+	 * track of the DATA0/DATA1 sequence toggle across uhid device
-+	 * open and close. This is a terrible hack to work around it.
-+	 */
-+	if (!is_fido(ctx->fd) || terrible_ping_kludge(ctx) != 0)
-+		goto fail2;
-+
-+	return (ctx);
-+
-+fail3:	hid_dispose_report_desc(rdesc);
-+fail2:	close(ctx->fd);
-+fail1:	free(ctx);
-+fail0:	return (NULL);
-+}
-+
-+void
-+fido_hid_close(void *handle)
-+{
-+	struct hid_netbsd *ctx = handle;
-+
-+	close(ctx->fd);
-+	free(ctx);
-+}
-+
-+static void
-+xstrerror(int errnum, char *buf, size_t len)
-+{
-+	if (len < 1)
-+		return;
-+
-+	memset(buf, 0, len);
-+
-+	if (strerror_r(errnum, buf, len - 1) != 0)
-+		snprintf(buf, len - 1, "error %d", errnum);
-+}
-+
-+static int
-+timespec_to_ms(const struct timespec *ts, int upper_bound)
-+{
-+	int64_t x;
-+	int64_t y;
-+
-+	if (ts->tv_sec < 0 || (uint64_t)ts->tv_sec > INT64_MAX / 1000LL ||
-+	    ts->tv_nsec < 0 || (uint64_t)ts->tv_nsec / 1000000LL > INT64_MAX)
-+		return (upper_bound);
-+
-+	x = ts->tv_sec * 1000LL;
-+	y = ts->tv_nsec / 1000000LL;
-+
-+	if (INT64_MAX - x < y || x + y > upper_bound)
-+		return (upper_bound);
-+
-+	return (int)(x + y);
-+}
-+
-+static int
-+fido_hid_unix_wait(int fd, int ms)
-+{
-+	char		ebuf[128];
-+	struct timespec	ts_start;
-+	struct timespec	ts_now;
-+	struct timespec	ts_delta;
-+	struct pollfd	pfd;
-+	int		ms_remain;
-+	int		r;
-+
-+	if (ms < 0)
-+		return (0);
-+
-+	memset(&pfd, 0, sizeof(pfd));
-+	pfd.events = POLLIN;
-+	pfd.fd = fd;
-+
-+	if (clock_gettime(CLOCK_MONOTONIC, &ts_start) != 0) {
-+		xstrerror(errno, ebuf, sizeof(ebuf));
-+		fido_log_debug("%s: clock_gettime: %s", __func__, ebuf);
-+		return (-1);
-+	}
-+
-+	for (ms_remain = ms; ms_remain > 0;) {
-+		if ((r = poll(&pfd, 1, ms_remain)) > 0)
-+			return (0);
-+		else if (r == 0)
-+			break;
-+		else if (errno != EINTR) {
-+			xstrerror(errno, ebuf, sizeof(ebuf));
-+			fido_log_debug("%s: poll: %s", __func__, ebuf);
-+			return (-1);
-+		}
-+		/* poll interrupted - subtract time already waited */
-+		if (clock_gettime(CLOCK_MONOTONIC, &ts_now) != 0) {
-+			xstrerror(errno, ebuf, sizeof(ebuf));
-+			fido_log_debug("%s: clock_gettime: %s", __func__, ebuf);
-+			return (-1);
-+		}
-+		timespecsub(&ts_now, &ts_start, &ts_delta);
-+		ms_remain = ms - timespec_to_ms(&ts_delta, ms);
-+	}
-+
-+	return (-1);
-+}
-+
-+int
-+fido_hid_read(void *handle, unsigned char *buf, size_t len, int ms)
-+{
-+	struct hid_netbsd	*ctx = handle;
-+	ssize_t			 r;
-+
-+	if (len != ctx->report_in_len) {
-+		fido_log_debug("%s: len %zu", __func__, len);
-+		return (-1);
-+	}
-+
-+	if (fido_hid_unix_wait(ctx->fd, ms) < 0) {
-+		fido_log_debug("%s: fd not ready", __func__);
-+		return (-1);
-+	}
-+
-+	if ((r = read(ctx->fd, buf, len)) == -1 || (size_t)r != len) {
-+		fido_log_debug("%s: read", __func__);
-+		return (-1);
-+	}
-+
-+	return ((int)r);
-+}
-+
-+int
-+fido_hid_write(void *handle, const unsigned char *buf, size_t len)
-+{
-+	struct hid_netbsd	*ctx = handle;
-+	ssize_t			 r;
-+
-+	if (len != ctx->report_out_len + 1) {
-+		fido_log_debug("%s: len %zu", __func__, len);
-+		return (-1);
-+	}
-+
-+	if ((r = write(ctx->fd, buf + 1, len - 1)) == -1 ||
-+	    (size_t)r != len - 1) {
-+		fido_log_debug("%s: write", __func__);
-+		return (-1);
-+	}
-+
-+	return ((int)len);
-+}
-+
-+size_t
-+fido_hid_report_in_len(void *handle)
-+{
-+	struct hid_netbsd *ctx = handle;
-+
-+	return (ctx->report_in_len);
-+}
-+
-+size_t
-+fido_hid_report_out_len(void *handle)
-+{
-+	struct hid_netbsd *ctx = handle;
-+
-+	return (ctx->report_out_len);
-+}
-- 
cgit v1.2.3