Commit Graph

3 Commits

Author SHA1 Message Date
Hauke Mehrtens
929c9a58c9 px5g-mbedtls: Fix permission of private key
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.

OpenSSL does this in the same way already.

With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r--    1 root     root           519 Nov  6 22:58 /etc/uhttpd.crt
-rw-------    1 root     root           121 Nov  6 22:58 /etc/uhttpd.key

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-07 21:55:55 +01:00
Hauke Mehrtens
d1893f1c88 px5g-mbedtls: Use getrandom()
Instead of accessing /dev/urandom use the getrandom syscall. This way we
do not have to keep the file open all the time.
This also fixes a compile error with glibc:

--------
px5g-mbedtls.c: In function '_urandom':
px5g-mbedtls.c:48:9: error: ignoring return value of 'read' declared with attribute 'warn_unused_result' [-Werror=unused-result]
   48 |         read(urandom_fd, out, len);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
--------

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 22:26:06 +01:00
Paul Spooren
976d3e2234 px5g: rename to px5g-mbedtls
Two versions of `px5g` exists without sharing code. For clarification
rename the previously existing MbedTLS based version to `px5g-mbedtls`
to exists next to `px5g-wolfssl`.

Rename code file of MbedTLS from `px5g.c` to `px5g-mbedtls.c`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-08-31 10:19:31 +01:00