uhttpd: add support to generate EC keys

[openwrt/openwrt.git] / package / network / services / uhttpd / files / uhttpd.init

diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
index dc496b3e28295e330969a4fa764673cfa3270eb1..6322473b97001eb75b236db0e613ef137a83698b 100755 (executable)
--- a/package/network/services/uhttpd/files/uhttpd.init
+++ b/package/network/services/uhttpd/files/uhttpd.init
@@ -43,15 +43,19 @@ generate_keys() {
        config_get state      "$cfg" state
        config_get location   "$cfg" location
        config_get commonname "$cfg" commonname
+       config_get key_type   "$cfg" key_type
+       config_get ec_curve   "$cfg" ec_curve
 
        # Prefer px5g for certificate generation (existence evaluated last)
        local GENKEY_CMD=""
+       local KEY_OPTS="rsa:${bits:-2048}"
        local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
+       [ "$key_type" = "ec" ] && KEY_OPTS="ec -pkeyopt ec_paramgen_curve:${ec_curve:-P-256}"
        [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes"
        [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
        [ -n "$GENKEY_CMD" ] && {
                $GENKEY_CMD \
-                       -days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
+                       -days ${days:-730} -newkey ${KEY_OPTS} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
                        -subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${commonname:-OpenWrt}$UNIQUEID"/CN="${commonname:-OpenWrt}"
                sync
                mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"