gh-mirrors/openwrt-packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2026-01-10 03:41:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
32,256 Commits 14 Branches 1 Tag
0d0afff918e0c1b8b681ee2a85811cb353e3e58b
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Sean Khan 0d0afff918 nginx-util: fix deprecated openssl 3.0 functions 
Since upstream openwrt has been using openssl 3.0 for quite some time,
figured we could clean up some of the legacy code.

This PR updates the code for EC/RSA key generation.

nginx-util currently only generates 'ecc' keys, even though the
framework is there for rsa as well.

In order properly test the changes, I created two binaries:

'nginx-util-ssl'     (generates ec keys)
'nginx-util-ssl-rsa' (generates rsa keys)

where I would change line:455 in `src/nginx-ssl-util.hpp`

`auto pkey = gen_eckey(NID_secp384r1)` to `auto pkey = gen_rsakey(2048)`

Example with UCI config

```
config server '_rsa'
	list listen '443 ssl default_server'
	list listen '[::]:443 ssl default_server'
	option server_name '_rsa'
	list include 'restrict_locally'
	list include 'conf.d/*.locations'
	option uci_manage_ssl 'self-signed'
	option key_type 'rsa'
	option ssl_certificate '/etc/nginx/conf.d/_rsa.crt'
	option ssl_certificate_key '/etc/nginx/conf.d/_rsa.key'
	option ssl_session_cache 'shared:SSL:32k'
	option ssl_session_timeout '64m'
	option access_log 'off; # logd openwrt'
```

➤ /opt/bin/nginx-ssl-util-rsa add_ssl _rsa
Adding SSL directives to UCI server: nginx._rsa
	uci_manage_ssl='self-signed'
Created self-signed SSL certificate '/etc/nginx/conf.d/_rsa.crt' with key '/etc/nginx/conf.d/_rsa.key'.

[04/14/24 18:37:15](K-6.6.27)
root@WRX36 ~
➤ openssl x509 -in /etc/nginx/conf.d/_rsa.crt -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:55:a6:cd:52:25:31:fd:3c:78:66:24:82:5f:bb:b6:a6:fe:8f:c7
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = ZZ, ST = Somewhere, L = None, CN = OpenWrt, O = OpenWrtBF399B64ACF71BC3
        Validity
            Not Before: Apr 14 22:37:15 2024 GMT
            Not After : Jul 16 22:37:15 2027 GMT
        Subject: C = ZZ, ST = Somewhere, L = None, CN = OpenWrt, O = OpenWrtBF399B64ACF71BC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ac:52:71:af:25:e9:05:0a:a5:d7:86:d3:8d:0b:
                    66:e0:09:cf:2a:cd:a1:63:57:36:46:61:04:16:fe:
                    94:84:d0:20:ab:01:15:55:aa:a1:89:c2:85:a9:84:
                    47:ba:84:d7:1f:a9:0c:c0:f0:67:2f:81:1d:1b:3b:
                    31:d5:94:6e:a0:f0:e6:ec:26:91:4a:e2:fd:58:4c:
                    ac:b5:9e:a1:cd:7d:91:51:29:81:1d:3e:4a:d9:d1:
                    d5:f1:2f:34:2f:ca:95:dc:42:d5:c4:d3:d6:b2:91:
                    d5:19:61:a2:b5:b1:90:f0:83:88:ef:92:c9:bf:a4:
                    59:a9:d6:00:6f:1c:0d:70:16:40:cc:cb:c0:de:c4:
                    8f:00:83:a3:2f:77:ca:18:cd:7b:d4:77:96:47:78:
                    1b:c1:ff:08:86:93:79:91:8f:a7:95:71:46:06:69:
                    fc:cc:65:64:e7:99:11:cc:82:bb:39:6b:12:27:73:
                    0e:d1:e7:65:51:9e:ad:dc:b3:ff:3f:ba:b0:72:4f:
                    22:ad:7e:41:bb:3c:c7:80:30:81:5f:8b:32:f4:7f:
                    22:48:3f:3d:a9:eb:28:27:12:db:a9:63:c9:7e:e2:
                    ed:36:de:e7:68:31:4e:9c:c0:36:e8:f2:d9:3f:50:
                    09:50:a3:e8:7a:03:00:4f:8d:e1:10:eb:a1:87:44:
                    be:23
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        06:7d:84:00:ac:8f:8b:a6:b6:b7:b5:ed:ee:7f:61:76:6d:ee:
        11:53:f6:d1:f8:95:ad:6c:d7:d0:3e:01:ac:bb:d7:7a:8d:59:
        80:ec:ba:b2:7b:78:5c:4f:5e:3f:f1:74:ad:d9:8c:a2:6b:08:
        9c:bf:b1:42:fd:8d:a6:35:48:4d:a7:2d:92:c9:45:66:77:32:
        a4:e0:ea:eb:e0:4a:42:f5:dd:ea:a2:c0:0a:66:5a:32:03:1d:
        e7:87:3a:7f:1e:00:ed:d0:21:01:d5:f9:e2:b1:e6:b7:cb:1c:
        67:11:de:69:7f:a2:ce:d0:fc:2d:f2:6c:33:84:4c:3d:f4:f6:
        60:6b:2e:31:b7:0c:41:2c:73:31:7e:94:19:a2:2b:6a:56:3f:
        07:37:71:97:28:58:91:63:b2:58:97:b2:aa:1e:d5:d9:6d:af:
        6f:a0:02:e0:06:39:b0:c9:f5:50:41:b5:58:41:6a:30:72:89:
        9a:67:7e:a1:7a:a5:02:b9:2a:f3:f8:93:4f:59:6e:b1:27:54:
        86:d1:ec:96:7a:dd:d1:44:6b:1e:3b:17:cf:15:64:ad:83:6b:
        63:20:2d:42:c3:28:68:14:de:12:4e:8a:c3:f3:10:c8:4b:4f:
        c7:d8:2b:a8:45:fb:3a:bd:9d:bd:08:71:08:09:ed:ea:9b:b9:
        3b:33:a6:a6

[04/14/24 18:37:27](K-6.6.27)
root@WRX36 ~
➤ /opt/bin/nginx-ssl-util add_ssl _ec
Adding SSL directives to UCI server: nginx._ec
	uci_manage_ssl='self-signed'
Created self-signed SSL certificate '/etc/nginx/conf.d/_ec.crt' with key '/etc/nginx/conf.d/_ec.key'.

[04/14/24 18:37:43](K-6.6.27)
root@WRX36 ~
➤ openssl x509 -in /etc/nginx/conf.d/_ec.crt -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:32:fe:07:09:79:d1:40:d7:43:2e:45:3d:98:4a:77:65:d0:29:41
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C = ZZ, ST = Somewhere, L = None, CN = OpenWrt, O = OpenWrt2EDD40F41960C8C1
        Validity
            Not Before: Apr 14 22:37:43 2024 GMT
            Not After : Jul 16 22:37:43 2027 GMT
        Subject: C = ZZ, ST = Somewhere, L = None, CN = OpenWrt, O = OpenWrt2EDD40F41960C8C1
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    04:97:d2:b2:f0:c9:60:60:89:7e:ea:6f:48:1c:90:
                    8e:6d:1d:d8:58:46:8c:de:e9:50:e2:74:ea:d8:dd:
                    8c:d9:ed:f4:4c:b7:41:95:55:98:38:5a:9e:66:83:
                    b9:7c:79:71:9b:ec:18:ed:d9:09:3c:f7:64:32:ae:
                    59:ad:92:de:d7:c4:15:2e:e5:89:65:f4:29:8a:62:
                    a0:85:21:95:22:3a:38:e3:11:e6:f2:01:f6:50:62:
                    01:ed:68:0d:d0:0c:d4
                ASN1 OID: secp384r1
                NIST CURVE: P-384
    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:
        30:65:02:30:78:af:d1:4f:57:b1:97:2b:87:aa:7f:a2:26:39:
        19:30:5c:4f:9c:f0:d7:ee:24:8e:a2:39:ec:70:af:16:eb:a6:
        72:96:d4:a7:2f:c1:38:f4:65:ed:ed:bf:22:c6:a4:6d:02:31:
        00:bc:ec:19:0e:3d:6a:d1:5a:ae:6d:5c:a3:ec:96:60:32:f9:
        6a:88:06:92:ed:c1:a7:44:2c:33:7a:22:72:0f:2a:ce:83:f0:
        f2:04:9e:49:60:ef:83:b4:7f:8b:af:61:c9

```

Maintainer: Peter Stadler <peter.stadler@student.uibk.ac.at>
Compile tested: aarch64, qualcommax, Master Branch
Run tested: aarch64, Dynalink DL-WRX36, Master Branch

Signed-off-by: Sean Khan <datapronix@protonmail.com>
2024-06-23 11:27:05 -07:00
.github
Revert "ci: no longer require real name"
2024-06-05 10:42:08 +02:00
.keys
build: move gpg keys into .keys directory
2018-04-30 13:14:25 -07:00
admin
monit: update to 5.34.0
2024-06-23 11:05:02 -07:00
devel
delve: Remove maintainership
2024-06-21 02:31:30 +08:00
fonts/dejavu-fonts-ttf
[dejavu-fonts] add license info and myself as maintainer
2017-02-22 18:39:54 +01:00
ipv6
treewide: remove AUTORELEASE
2023-04-21 22:46:58 +02:00
kernel
mtd-rw: update version to latest master
2024-04-21 13:44:49 -07:00
lang
lua-ffi: Add package
2024-06-23 11:15:50 -07:00
libs
libjwt: add package
2024-06-23 11:16:25 -07:00
mail
msmtp: add test.sh
2024-05-24 00:05:20 +02:00
multimedia
yt-dlp: Update to 2024.5.27
2024-06-20 14:21:39 -07:00
net
nginx-util: fix deprecated openssl 3.0 functions
2024-06-23 11:27:05 -07:00
sound
shairport-sync: fixed diagnostics settings
2024-06-23 11:17:49 -07:00
utils
sane-backends: update to 1.3.1
2024-06-23 11:13:39 -07:00
.gitignore
.gitignore: add initial version
2024-05-10 23:34:46 +02:00
CONTRIBUTING.md
CONTRIBUTING.md: clarify pull request commit requirements
2024-02-04 16:33:58 -08:00
LICENSE
Add GPLv2 pro-forma license
2014-06-16 08:14:04 +02:00
README.md
Update the SDK URL in the README.
2020-05-24 14:50:30 -07:00

README.md

OpenWrt packages feed

Description

This is the OpenWrt "packages"-feed containing community-maintained build scripts, options and patches for applications, modules and libraries used within OpenWrt.

Installation of pre-built packages is handled directly by the opkg utility within your running OpenWrt system or by using the OpenWrt SDK on a build system.

Usage

This repository is intended to be layered on-top of an OpenWrt buildroot. If you do not have an OpenWrt buildroot installed, see the documentation at: OpenWrt Buildroot Installation on the OpenWrt support site.

This feed is enabled by default. To install all its package definitions, run:

./scripts/feeds update packages
./scripts/feeds install -a -p packages

License

See LICENSE file.

Package Guidelines

See CONTRIBUTING.md file.

Reference in New Issue View Git Blame Copy Permalink
Description
Community maintained packages for OpenWrt. Documentation for submitting pull requests is in CONTRIBUTING.md
hacktoberfest
Readme GPL-2.0 169 MiB
Languages
Makefile 54.5%
Shell 31.4%
C 8.1%
C++ 1.9%
Lua 1.4%
Other 2.5%