From 82d7ccfdedc63bfe5e454332688f211090341f99 Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <pavol@rusnak.io>
Date: Tue, 3 Mar 2020 13:01:09 +0100
Subject: [PATCH 1/2] libfido2: change dependency from libressl to openssl

libressl does not enable EdDSA functionality in libfido2
see https://github.com/Yubico/libfido2/issues/144
---
 pkgs/development/libraries/libfido2/default.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/libraries/libfido2/default.nix b/pkgs/development/libraries/libfido2/default.nix
index 01a73f4a130..498df6a583f 100644
--- a/pkgs/development/libraries/libfido2/default.nix
+++ b/pkgs/development/libraries/libfido2/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, cmake, pkgconfig, libcbor, libressl, udev, IOKit }:
+{ stdenv, fetchurl, cmake, pkgconfig, libcbor, openssl, udev, IOKit }:
 
 stdenv.mkDerivation rec {
   pname = "libfido2";
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [ cmake pkgconfig ];
-  buildInputs = [ libcbor libressl ]
+  buildInputs = [ libcbor openssl ]
     ++ stdenv.lib.optionals stdenv.isLinux [ udev ]
     ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit ];
 
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
     '';
     homepage = https://github.com/Yubico/libfido2;
     license = licenses.bsd2;
-    maintainers = with maintainers; [ dtzWill ];
+    maintainers = with maintainers; [ dtzWill prusnak ];
     platforms = platforms.unix;
   };
 }

From c1d66a5588c023e85a7f2d31cf0f8d36f36ca9c9 Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <pavol@rusnak.io>
Date: Tue, 10 Mar 2020 15:40:37 +0100
Subject: [PATCH 2/2] libfido2: use upstreamed patches

---
 .../libraries/libfido2/default.nix            | 35 ++++++++++++++++---
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/libraries/libfido2/default.nix b/pkgs/development/libraries/libfido2/default.nix
index 498df6a583f..d5d2b18e5ed 100644
--- a/pkgs/development/libraries/libfido2/default.nix
+++ b/pkgs/development/libraries/libfido2/default.nix
@@ -1,4 +1,12 @@
-{ stdenv, fetchurl, cmake, pkgconfig, libcbor, openssl, udev, IOKit }:
+{ stdenv
+, fetchurl
+, fetchpatch
+, cmake
+, pkgconfig
+, libcbor
+, openssl
+, udev
+, IOKit }:
 
 stdenv.mkDerivation rec {
   pname = "libfido2";
@@ -9,14 +17,33 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [ cmake pkgconfig ];
+
   buildInputs = [ libcbor openssl ]
     ++ stdenv.lib.optionals stdenv.isLinux [ udev ]
     ++ stdenv.lib.optionals stdenv.isDarwin [ IOKit ];
 
-  patches = [ ./detect_apple_ld.patch ];
+  patches = [
+    # fix build on darwin
+    (fetchpatch {
+      url = "https://github.com/Yubico/libfido2/commit/916ebd18a89e4028de203d603726805339be7a5b.patch";
+      sha256 = "07f0xpxnq02cccmqcric87b6pms7k7ssvdw722zr970a6qs8p6i7";
+    })
+    # allow attestation using any supported algorithm
+    (fetchpatch {
+      url = "https://github.com/Yubico/libfido2/commit/f7a9471fa0588cb91cbefffb13c1e4d06c2179b7.patch";
+      sha256 = "02qbw9bqy3sixvwig6az7v3vimgznxnfikn9p1jczm3d7mn8asw2";
+    })
+    # fix EdDSA attestation signature verification bug
+    (fetchpatch {
+      url = "https://github.com/Yubico/libfido2/commit/95126eea52294419515e6540dfd7220f35664c48.patch";
+      sha256 = "076mwpl9xndjhy359jdv2drrwyq7wd3pampkn28mn1rlwxfgf0d0";
+    })
+  ];
 
-  cmakeFlags = [ "-DUDEV_RULES_DIR=${placeholder "out"}/etc/udev/rules.d"
-                 "-DCMAKE_INSTALL_LIBDIR=lib" ];
+  cmakeFlags = [
+    "-DUDEV_RULES_DIR=${placeholder "out"}/etc/udev/rules.d"
+    "-DCMAKE_INSTALL_LIBDIR=lib"
+  ];
 
   meta = with stdenv.lib; {
     description = ''