Add libfido2 to the build

From https://github.com/Yubico/libfido2:

    libfido2 provides library functionality and command-line tools to
    communicate with a FIDO device over USB, and to verify attestation
    and assertion signatures.

    libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2)
    protocols.

libfido2 will be used by ssh to support FIDO/U2F keys. It is currently
intended only for use by ssh, and so is installed as a PRIVATELIB and is
placed in the ssh pkgbase package.

This is currently disabled for the 32-bit library build as libfido2 is
not compatible with the COMPAT_32BIT hack in usb_ioctl.h.

Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32448

lib/Makefile

@@ -216,7 +216,7 @@ SUBDIR.${MK_BHYVE}+=	libvmmapi
 SUBDIR.${MK_OPENMP}+=	libomp
 .endif
 .if !defined(COMPAT_32BIT)
-SUBDIR.${MK_OPENSSH}+=	libcbor
+SUBDIR.${MK_OPENSSH}+=	libcbor libfido2
 .endif
 SUBDIR.${MK_OPENSSL}+=	libmp
 SUBDIR.${MK_PF}+=	libpfctl

lib/libfido2/Makefile

@@ -0,0 +1,73 @@
+PACKAGE=ssh
+LIB=	fido2
+PRIVATELIB=
+DIST=	${SRCTOP}/contrib/libfido2
+
+.PATH:	${DIST}/src ${DIST}
+
+SRCS+=	aes256.c
+SRCS+=	assert.c
+SRCS+=	authkey.c
+SRCS+=	bio.c
+SRCS+=	blob.c
+SRCS+=	buf.c
+SRCS+=	cbor.c
+SRCS+=	compress.c
+SRCS+=	config.c
+SRCS+=	cred.c
+SRCS+=	credman.c
+SRCS+=	dev.c
+SRCS+=	ecdh.c
+SRCS+=	eddsa.c
+SRCS+=	err.c
+SRCS+=	es256.c
+SRCS+=	hid_freebsd.c
+SRCS+=	hid_unix.c
+SRCS+=	hid.c
+SRCS+=	info.c
+SRCS+=	io.c
+SRCS+=	iso7816.c
+SRCS+=	largeblob.c
+SRCS+=	log.c
+SRCS+=	pin.c
+SRCS+=	random.c
+SRCS+=	reset.c
+SRCS+=	rs256.c
+SRCS+=	u2f.c
+
+SRCS+=	openbsd-compat/freezero.c
+SRCS+=	openbsd-compat/recallocarray.c
+
+CFLAGS+= -I ${DIST}/src -I${SRCTOP}/contrib/libcbor/src -I${.CURDIR}/../libcbor
+CFLAGS+= -D_FIDO_INTERNAL
+CFLAGS+= -DHAVE_ARC4RANDOM_BUF
+CFLAGS+= -DHAVE_CLOCK_GETTIME
+CFLAGS+= -DHAVE_DEV_URANDOM
+CFLAGS+= -DHAVE_ERR_H
+CFLAGS+= -DHAVE_EXPLICIT_BZERO
+CFLAGS+= -DHAVE_GETLINE
+CFLAGS+= -DHAVE_GETOPT
+CFLAGS+= -DHAVE_GETPAGESIZE
+CFLAGS+= -DHAVE_GETRANDOM
+CFLAGS+= -DHAVE_OPENSSLV_H
+CFLAGS+= -DHAVE_READPASSPHRASE
+CFLAGS+= -DHAVE_SIGNAL_H
+CFLAGS+= -DHAVE_STRLCAT
+CFLAGS+= -DHAVE_STRLCPY
+CFLAGS+= -DHAVE_STRSEP
+CFLAGS+= -DHAVE_SYSCONF
+CFLAGS+= -DHAVE_SYS_RANDOM_H
+CFLAGS+= -DHAVE_TIMESPECSUB
+CFLAGS+= -DHAVE_TIMINGSAFE_BCMP
+CFLAGS+= -DHAVE_UNISTD_H
+CFLAGS+= -DTLS=__thread
+CFLAGS+= -D_FIDO_MAJOR=1
+CFLAGS+= -D_FIDO_MINOR=9
+CFLAGS+= -D_FIDO_PATCH=0
+
+LIBADD=	crypto z
+
+WARNS=2
+MAN=
+
+.include <bsd.lib.mk>

share/mk/src.libnames.mk

@@ -20,6 +20,7 @@ _PRIVATELIBS=	\
 		cbor \
 		devdctl \
 		event1 \
+		fido2 \
 		gmock \
 		gtest \
 		gmock_main \
@@ -339,6 +340,7 @@ _DP_pam=	radius tacplus opie md util
 _DP_pam+=	krb5
 .endif
 .if ${MK_OPENSSH} != "no"
+_DP_fido2+=	crypto z
 _DP_pam+=	ssh
 .endif
 .if ${MK_NIS} != "no"
@@ -690,6 +692,7 @@ LIBCAP_SYSCTLDIR=	${OBJTOP}/lib/libcasper/services/cap_sysctl
 LIBCAP_SYSLOGDIR=	${OBJTOP}/lib/libcasper/services/cap_syslog
 LIBCBORDIR=	${OBJTOP}/lib/libcbor
 LIBBSDXMLDIR=	${OBJTOP}/lib/libexpat
+LIBFIDO2DIR=	${OBJTOP}/lib/libfido2
 LIBKVMDIR=	${OBJTOP}/lib/libkvm
 LIBPTHREADDIR=	${OBJTOP}/lib/libthr
 LIBMDIR=	${OBJTOP}/lib/msun

tools/build/mk/OptionalObsoleteFiles.inc

@@ -7124,6 +7124,9 @@ OLD_FILES+=usr/bin/ssh-keyscan
 OLD_FILES+=usr/lib/libprivatecbor.a
 OLD_FILES+=usr/lib/libprivatecbor.so
 OLD_LIBS+=usr/lib/libprivatecbor.so.5
+OLD_FILES+=/usr/lib/libprivatefido2.a
+OLD_FILES+=/usr/lib/libprivatefido2.so
+OLD_LIBS+=/usr/lib/libprivatefido2.so.5
 OLD_FILES+=usr/lib/pam_ssh.so
 OLD_LIBS+=usr/lib/pam_ssh.so.6
 OLD_FILES+=usr/lib/libprivatessh.a