Update key management

emhttp/plugins/dynamix/include/OpenSSL.php

@@ -1,17 +0,0 @@
-<?PHP
-/* Copyright 2005-2025, Lime Technology
- * Copyright 2012-2025, Bergware International.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License version 2,
- * as published by the Free Software Foundation.
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- */
-?>
-<?
-$cipher = 'aes-256-cbc';
-$key    = 'UnraidEncryptionKey';
-$iv     = '12345678910111213';
-?>

emhttp/plugins/dynamix/include/Wireless.php

@@ -114,7 +114,7 @@ case 'list':
   echo json_encode($echo);
   break;
 case 'join':
-  require_once "$docroot/webGui/include/OpenSSL.php";
+  extract(parse_ini_file("/etc/rc.d/rc.ssl.input"));
   $token   = parse_ini_file($var)['csrf_token'];
   $ssid    = rawurldecode($_POST['ssid']);
   $drop    = $_POST['task']==1;

emhttp/plugins/dynamix/include/update.wireless.php

@@ -11,8 +11,7 @@
  */
 ?>
 <?
-$docroot ??= ($_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp');
-require_once "$docroot/webGui/include/OpenSSL.php";
+extract(parse_ini_file("/etc/rc.d/rc.ssl.input"));
 
 // encrypt username and password before saving (if existing)
 if (!empty($_POST['USERNAME'])) $_POST['USERNAME'] = openssl_encrypt($_POST['USERNAME'],$cipher,$key,0,$iv);

etc/rc.d/rc.ssl.input

@@ -0,0 +1,3 @@
+cipher=aes-256-cbc
+key=UnraidEncryptionKey
+iv=12345678910111213

etc/rc.d/rc.wireless

@@ -10,7 +10,7 @@ DAEMON="WiFi network"
 CALLER="wifi"
 INI="/var/local/emhttp/wireless.ini"
 CFG="/boot/config/wireless.cfg"
-SSL="/usr/local/emhttp/webGui/include/OpenSSL.php"
+SSLINPUT="/etc/rc.d/rc.ssl.input"
 STARTWIFI="/usr/local/emhttp/webGui/scripts/wireless"
 WPA="/etc/wpa_supplicant.conf"
 
@@ -41,15 +41,9 @@ unzero6(){
   echo -n $(for Q in ${A//:/ }; do [[ $Q != - ]] && printf "$M%x" "0x$Q" || printf ":"; M=:; done)
 }
 
-# function to get openSSL settings
-get(){
-  local KEY=$1
-  [[ -r $SSL ]] && awk "\$1==\"\$$KEY\" {print \$3}" $SSL | sed -r "s/[';]//g"
-}
-
 # function to convert text to hex
 hex(){
-  echo -n $(get $1) | od -An -tx1 | tr -d ' \n'
+  echo -n $1 | od -An -tx1 | tr -d ' \n'
 }
 
 # function to wait for carrier of interface
@@ -226,8 +220,10 @@ wifi_join(){
     log "$DAEMON...  No configuration."
     return
   fi
-  [[ -n $USERNAME ]] && USERNAME=$(echo $USERNAME | openssl $(get cipher) -a -d -K $(hex key) -iv $(hex iv) 2>/dev/null)
-  [[ -n $PASSWORD ]] && PASSWORD=$(echo $PASSWORD | openssl $(get cipher) -a -d -K $(hex key) -iv $(hex iv) 2>/dev/null)
+# get SSL keys
+  . $SSLINPUT
+  [[ -n $USERNAME ]] && USERNAME=$(echo $USERNAME | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
+  [[ -n $PASSWORD ]] && PASSWORD=$(echo $PASSWORD | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
   SECURITY=${SECURITY:-$ATTR3}
   if [[ -z $SECURITY || ${SECURITY^^} == "OPEN" ]]; then
     # open network