From 8205c151b34103728bd2293d7c7df05ab6fa6312 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 10 May 2021 15:02:34 +0200
Subject: [PATCH] cryptsetup: initialize variable

Fixup for cde2f8605e0c3842f9a87785dd758f955f2d04ba. Use PIN+PV because the
status quo ante was that we turned off "uv" and left "up" and "clientPin" in
its default values, which with yubikeys (i.e. the most popular hardware) meant
both "up" and "clientPin" were enabled by default.

Coverity CID#1453085.
---
 src/cryptsetup/cryptsetup.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index e8e5b6dbfc2..5ae2aaa0603 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -747,11 +747,14 @@ static int attach_luks_or_plain_or_bitlk_by_fido2(
 
         if (arg_fido2_cid) {
                 if (!key_file && !key_data)
-                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "FIDO2 mode selected but no key file specified, refusing.");
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                               "FIDO2 mode with manual parameters selected, but no keyfile specified, refusing.");
 
                 rp_id = arg_fido2_rp_id;
                 cid = arg_fido2_cid;
                 cid_size = arg_fido2_cid_size;
+
+                required = FIDO2ENROLL_PIN | FIDO2ENROLL_UP; /* For backwards compatibility, PIN+presence is required by default. */
         } else {
                 r = find_fido2_auto_data(
                                 cd,
-- 
2.47.3