cryptsetup: initialize variable

Fixup for cde2f8605e0c3842f9a87785dd758f955f2d04ba. Use PIN+PV because the
status quo ante was that we turned off "uv" and left "up" and "clientPin" in
its default values, which with yubikeys (i.e. the most popular hardware) meant
both "up" and "clientPin" were enabled by default.

Coverity CID#1453085.

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index e8e5b6dbfc2163362ba1ee02c7ec6527eaef2149..5ae2aaa06036356090b03d614383e4edce23c408 100644 (file)
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -747,11 +747,14 @@ static int attach_luks_or_plain_or_bitlk_by_fido2(
 
         if (arg_fido2_cid) {
                 if (!key_file && !key_data)
-                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "FIDO2 mode selected but no key file specified, refusing.");
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                               "FIDO2 mode with manual parameters selected, but no keyfile specified, refusing.");
 
                 rp_id = arg_fido2_rp_id;
                 cid = arg_fido2_cid;
                 cid_size = arg_fido2_cid_size;
+
+                required = FIDO2ENROLL_PIN | FIDO2ENROLL_UP; /* For backwards compatibility, PIN+presence is required by default. */
         } else {
                 r = find_fido2_auto_data(
                                 cd,