libfido2: update to 1.14.0

Sponsored by: The FreeBSD Foundation

libfido2: update to 1.13.0

Some highlights from NEWS entries:

** Improved OpenSSL 3.0 compatibility.
** Support for hidraw(4) on FreeBSD; gh#597.
** Improved support for FIDO 2.1 authenticators.

PR: 273596
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

libfido2: specify OpenSSL 1.1 API

OPENSSL_API_COMPAT can be used to specify the OpenSSL API version in
use for the purpose of hiding deprecated interfaces and enabling
the appropriate deprecation notices.

This change is a NFC while we're still using OpenSSL 1.1.1 but will
avoid deprecation warnings upon the switch to OpenSSL 3.0. A future
libfido2 update may switch to use OpenSSL 3.0 APIs.

Sponsored by: The FreeBSD Foundation

libfido2: update to 1.10.0

Some highlights from NEWS:

** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*();
gh#480.
** New API calls:
- fido_dev_info_set;
- fido_dev_io_handle;
- fido_dev_new_with_info;
- fido_dev_open_with_info.
** Documentation and reliability fixes.
** Support for TPM 2.0 attestation of COSE_ES256 credentials.

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

libfido2: update to 1.9.0

Some highlights from NEWS:

** Added OpenSSL 3.0 compatibility.
** Removed OpenSSL 1.0 compatibility.
** Support for FIDO 2.1 "minPinLength" extension.
** Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
** Support for TPM 2.0 attestation.
** Support for device timeouts; see fido_dev_set_timeout().
** New API calls:
- es256_pk_from_EVP_PKEY;
- fido_cred_attstmt_len;
- fido_cred_attstmt_ptr;
- fido_cred_pin_minlen;
- fido_cred_set_attstmt;
- fido_cred_set_pin_minlen;
- fido_dev_set_pin_minlen_rpid;
- fido_dev_set_timeout;
- rs256_pk_from_EVP_PKEY.
** Reliability and portability fixes.
** Better handling of HID devices without identification strings; gh#381.

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

Add libfido2 to the build

From https://github.com/Yubico/libfido2:

libfido2 provides library functionality and command-line tools to
communicate with a FIDO device over USB, and to verify attestation
and assertion signatures.

libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
protocols.

libfido2 will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.

This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h.

Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32448

libfido2: update to 1.13.0

Some highlights from NEWS entries:

** Improved OpenSSL 3.0 compatibility.
** Support for hidraw(4) on FreeBSD; gh#597.
** Improved support for FIDO 2.1 authenticators.

PR: 273596
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

libfido2: specify OpenSSL 1.1 API

OPENSSL_API_COMPAT can be used to specify the OpenSSL API version in
use for the purpose of hiding deprecated interfaces and enabling
the appropriate deprecation notices.

This change is a NFC while we're still using OpenSSL 1.1.1 but will
avoid deprecation warnings upon the switch to OpenSSL 3.0. A future
libfido2 update may switch to use OpenSSL 3.0 APIs.

Sponsored by: The FreeBSD Foundation

libfido2: update to 1.10.0

Some highlights from NEWS:

** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*();
gh#480.
** New API calls:
- fido_dev_info_set;
- fido_dev_io_handle;
- fido_dev_new_with_info;
- fido_dev_open_with_info.
** Documentation and reliability fixes.
** Support for TPM 2.0 attestation of COSE_ES256 credentials.

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

libfido2: update to 1.9.0

Some highlights from NEWS:

** Added OpenSSL 3.0 compatibility.
** Removed OpenSSL 1.0 compatibility.
** Support for FIDO 2.1 "minPinLength" extension.
** Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
** Support for TPM 2.0 attestation.
** Support for device timeouts; see fido_dev_set_timeout().
** New API calls:
- es256_pk_from_EVP_PKEY;
- fido_cred_attstmt_len;
- fido_cred_attstmt_ptr;
- fido_cred_pin_minlen;
- fido_cred_set_attstmt;
- fido_cred_set_pin_minlen;
- fido_dev_set_pin_minlen_rpid;
- fido_dev_set_timeout;
- rs256_pk_from_EVP_PKEY.
** Reliability and portability fixes.
** Better handling of HID devices without identification strings; gh#381.

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

Add libfido2 to the build

From https://github.com/Yubico/libfido2:

libfido2 provides library functionality and command-line tools to
communicate with a FIDO device over USB, and to verify attestation
and assertion signatures.

libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
protocols.

libfido2 will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.

This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h.

Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32448

libfido2: specify OpenSSL 1.1 API

OPENSSL_API_COMPAT can be used to specify the OpenSSL API version in
use for the purpose of hiding deprecated interfaces and enabling
the appropriate deprecation notices.

This change is a NFC while we're still using OpenSSL 1.1.1 but will
avoid deprecation warnings upon the switch to OpenSSL 3.0. A future
libfido2 update may switch to use OpenSSL 3.0 APIs.

Sponsored by: The FreeBSD Foundation

Add libfido2 to the build

From https://github.com/Yubico/libfido2:

libfido2 provides library functionality and command-line tools to
communicate with a FIDO device over USB, and to verify attestation
and assertion signatures.

libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
protocols.

libfido2 will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.

This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h.

Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32448