Commit Graph

8 Commits

Author SHA1 Message Date
Eneas U de Queiroz
a552ababd4 px5g: support EC keys
This adds an 'eckey' command to generate an EC key, with an optional
curve name argument, with P-256 as default.

For the 'selfsigned' command, it adds an 'ec' algorithm argument to the
'-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option,
mirroring the way openssl specifies the curve name.

Notice that curve names are not necessarily the same in mbedtls and
openssl.  In particular, secp256r1 works for mbedtls, but openssl uses
prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256
and P-384 are specifically supported.

Package size increased by about 900 bytes (arm).

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:34:30 +02:00
Felix Fietkau
1cf64e210f px5g: remove legacy polarssl support
The old polarssl 1.3 branch is EOL since end of 2016, and the package
for it will be removed soon.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-09 14:35:08 +01:00
Daniel Dickinson
a7f6dc9f8b px5g: Create mbedtls variant
px5g has been listed as a blocker for switching to new mbedtls
as the default, therefore make and mbedtls variant of px5g so
that an new mbedtls-only image can be created.

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-07-05 22:59:12 +02:00
Felix Fietkau
7eeb254cc4 treewide: replace nbd@openwrt.org with nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 08:58:42 +02:00
Felix Fietkau
4205078a78 px5g: Use SHA-256 when generating self-signed certificates
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

SVN-Revision: 47391
2015-11-06 10:52:52 +00:00
Jo-Philipp Wich
542b6c30e5 fix subject in generated certificates
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44149
2015-01-25 23:33:49 +00:00
Jo-Philipp Wich
0ceece4c82 px5g: generate unique serial numbers
Generate a random serial from /dev/urandom when creating selfsigned certs.
Fixes "sec_error_reused_issuer_and_serial" with Firefox.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43168
2014-11-03 18:12:42 +00:00
Felix Fietkau
eb225996ee px5g: rename the old package to px5g-standalone, add a new one that links against polarssl
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40000
2014-03-21 15:55:23 +00:00