aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
diff options
context:
space:
mode:
authorEneas U de Queiroz <cotequeiroz@gmail.com>2019-08-05 15:34:39 -0300
committerJo-Philipp Wich <jo@mein.io>2019-09-04 13:45:44 +0200
commit882052caae35989001e173f7a4affcb341c54e28 (patch)
tree72ce153a6adb3b96536bec7f11d5f564966d82bd /package/network/services
parentad4af2b8dff7c6786db8b789fd9e138b1c1e0d2b (diff)
downloadupstream-882052caae35989001e173f7a4affcb341c54e28.tar.gz
upstream-882052caae35989001e173f7a4affcb341c54e28.tar.bz2
upstream-882052caae35989001e173f7a4affcb341c54e28.zip
uhttpd: add support to generate EC keys
This adds the key_type and ec_curve options to enable the generation of EC keys during initialization, using openssl or the new options added to px5g. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 7f2b230b3b9d0a7fb758db3a9b1958845506a5a3)
Diffstat (limited to 'package/network/services')
-rw-r--r--package/network/services/uhttpd/Makefile2
-rw-r--r--package/network/services/uhttpd/files/uhttpd.config8
-rwxr-xr-xpackage/network/services/uhttpd/files/uhttpd.init6
3 files changed, 14 insertions, 2 deletions
diff --git a/package/network/services/uhttpd/Makefile b/package/network/services/uhttpd/Makefile
index cc2dc2bd47..85b7be7607 100644
--- a/package/network/services/uhttpd/Makefile
+++ b/package/network/services/uhttpd/Makefile
@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=uhttpd
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/uhttpd.git
diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config
index a3deb9cf04..39089ca25b 100644
--- a/package/network/services/uhttpd/files/uhttpd.config
+++ b/package/network/services/uhttpd/files/uhttpd.config
@@ -118,9 +118,17 @@ config cert defaults
# Validity time
option days 730
+ # key type: rsa or ec
+ option key_type rsa
+
# RSA key size
option bits 2048
+ # EC curve name
+ # Curve names vary between mbedtls/px5g and openssl
+ # P-256 or P-384 are guaranteed to work
+ option ec_curve P-256
+
# Location
option country ZZ
option state Somewhere
diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
index dc496b3e28..6322473b97 100755
--- a/package/network/services/uhttpd/files/uhttpd.init
+++ b/package/network/services/uhttpd/files/uhttpd.init
@@ -43,15 +43,19 @@ generate_keys() {
config_get state "$cfg" state
config_get location "$cfg" location
config_get commonname "$cfg" commonname
+ config_get key_type "$cfg" key_type
+ config_get ec_curve "$cfg" ec_curve
# Prefer px5g for certificate generation (existence evaluated last)
local GENKEY_CMD=""
+ local KEY_OPTS="rsa:${bits:-2048}"
local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
+ [ "$key_type" = "ec" ] && KEY_OPTS="ec -pkeyopt ec_paramgen_curve:${ec_curve:-P-256}"
[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes"
[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
[ -n "$GENKEY_CMD" ] && {
$GENKEY_CMD \
- -days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
+ -days ${days:-730} -newkey ${KEY_OPTS} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
-subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${commonname:-OpenWrt}$UNIQUEID"/CN="${commonname:-OpenWrt}"
sync
mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"