diff options
author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2019-08-05 15:34:39 -0300 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2019-09-04 13:45:44 +0200 |
commit | 882052caae35989001e173f7a4affcb341c54e28 (patch) | |
tree | 72ce153a6adb3b96536bec7f11d5f564966d82bd /package/network/services | |
parent | ad4af2b8dff7c6786db8b789fd9e138b1c1e0d2b (diff) | |
download | upstream-882052caae35989001e173f7a4affcb341c54e28.tar.gz upstream-882052caae35989001e173f7a4affcb341c54e28.tar.bz2 upstream-882052caae35989001e173f7a4affcb341c54e28.zip |
uhttpd: add support to generate EC keys
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7f2b230b3b9d0a7fb758db3a9b1958845506a5a3)
Diffstat (limited to 'package/network/services')
-rw-r--r-- | package/network/services/uhttpd/Makefile | 2 | ||||
-rw-r--r-- | package/network/services/uhttpd/files/uhttpd.config | 8 | ||||
-rwxr-xr-x | package/network/services/uhttpd/files/uhttpd.init | 6 |
3 files changed, 14 insertions, 2 deletions
diff --git a/package/network/services/uhttpd/Makefile b/package/network/services/uhttpd/Makefile index cc2dc2bd47..85b7be7607 100644 --- a/package/network/services/uhttpd/Makefile +++ b/package/network/services/uhttpd/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uhttpd -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/uhttpd.git diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config index a3deb9cf04..39089ca25b 100644 --- a/package/network/services/uhttpd/files/uhttpd.config +++ b/package/network/services/uhttpd/files/uhttpd.config @@ -118,9 +118,17 @@ config cert defaults # Validity time option days 730 + # key type: rsa or ec + option key_type rsa + # RSA key size option bits 2048 + # EC curve name + # Curve names vary between mbedtls/px5g and openssl + # P-256 or P-384 are guaranteed to work + option ec_curve P-256 + # Location option country ZZ option state Somewhere diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init index dc496b3e28..6322473b97 100755 --- a/package/network/services/uhttpd/files/uhttpd.init +++ b/package/network/services/uhttpd/files/uhttpd.init @@ -43,15 +43,19 @@ generate_keys() { config_get state "$cfg" state config_get location "$cfg" location config_get commonname "$cfg" commonname + config_get key_type "$cfg" key_type + config_get ec_curve "$cfg" ec_curve # Prefer px5g for certificate generation (existence evaluated last) local GENKEY_CMD="" + local KEY_OPTS="rsa:${bits:-2048}" local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"') + [ "$key_type" = "ec" ] && KEY_OPTS="ec -pkeyopt ec_paramgen_curve:${ec_curve:-P-256}" [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes" [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der" [ -n "$GENKEY_CMD" ] && { $GENKEY_CMD \ - -days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \ + -days ${days:-730} -newkey ${KEY_OPTS} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \ -subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${commonname:-OpenWrt}$UNIQUEID"/CN="${commonname:-OpenWrt}" sync mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}" |