@@ -2,7 +2,9 @@
/* Copyright (C) 2024-2025 Linaro Ltd. */
#include <command.h>
+#include <image.h>
#include <net.h>
+#include <lwip/altcp_tls.h>
U_BOOT_CMD(wget, 4, 1, do_wget,
"boot image via network using HTTP/HTTPS protocol"
@@ -24,3 +26,193 @@ U_BOOT_CMD(wget, 4, 1, do_wget,
#endif
#endif
);
+
+#if CONFIG_IS_ENABLED(WGET_CACERT)
+char *cacert;
+size_t cacert_size;
+enum auth_mode cacert_auth_mode = AUTH_OPTIONAL;
+
+static int set_auth(enum auth_mode auth)
+{
+ cacert_auth_mode = auth;
+
+ return CMD_RET_SUCCESS;
+}
+
+#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
+static const char builtin_cacert[];
+static const size_t builtin_cacert_size;
+static bool cacert_initialized;
+#endif
+
+static int _set_cacert(const void *addr, size_t sz)
+{
+ mbedtls_x509_crt crt;
+ void *p;
+ int ret;
+
+ if (cacert)
+ free(cacert);
+
+ if (!addr) {
+ cacert = NULL;
+ cacert_size = 0;
+ return CMD_RET_SUCCESS;
+ }
+
+ p = malloc(sz);
+ if (!p)
+ return CMD_RET_FAILURE;
+ cacert = p;
+ cacert_size = sz;
+
+ memcpy(cacert, (void *)addr, sz);
+
+ mbedtls_x509_crt_init(&crt);
+ ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size);
+ if (ret) {
+ if (!wget_info->silent)
+ printf("Could not parse certificates (%d)\n", ret);
+ free(cacert);
+ cacert = NULL;
+ cacert_size = 0;
+ return CMD_RET_FAILURE;
+ }
+
+#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
+ cacert_initialized = true;
+#endif
+ return CMD_RET_SUCCESS;
+}
+
+#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
+static int set_cacert_builtin(void)
+{
+ return _set_cacert(builtin_cacert, builtin_cacert_size);
+}
+#endif
+
+static int set_cacert(char * const saddr, char * const ssz)
+{
+ ulong addr, sz;
+
+ addr = hextoul(saddr, NULL);
+ sz = hextoul(ssz, NULL);
+
+ return _set_cacert((void *)addr, sz);
+}
+#endif /* CONFIG_WGET_CACERT */
+
+/*
+ * Legacy syntax support
+ * Convert [<server_name_or_ip>:]filename into a URL if needed
+ */
+static int parse_legacy_arg(char *arg, char *nurl, size_t rem)
+{
+ char *p = nurl;
+ size_t n;
+ char *col = strchr(arg, ':');
+ char *env;
+ char *server;
+ char *path;
+
+ if (strstr(arg, "http") == arg) {
+ n = snprintf(nurl, rem, "%s", arg);
+ if (n < 0 || n > rem)
+ return -1;
+ return 0;
+ }
+
+ n = snprintf(p, rem, "%s", "http://");
+ if (n < 0 || n > rem)
+ return -1;
+ p += n;
+ rem -= n;
+
+ if (col) {
+ n = col - arg;
+ server = arg;
+ path = col + 1;
+ } else {
+ env = env_get("httpserverip");
+ if (!env)
+ env = env_get("serverip");
+ if (!env) {
+ log_err("error: httpserver/serverip has to be set\n");
+ return -1;
+ }
+ n = strlen(env);
+ server = env;
+ path = arg;
+ }
+
+ if (rem < n)
+ return -1;
+ strncpy(p, server, n);
+ p += n;
+ rem -= n;
+ if (rem < 1)
+ return -1;
+ *p = '/';
+ p++;
+ rem--;
+ n = strlen(path);
+ if (rem < n)
+ return -1;
+ strncpy(p, path, n);
+ p += n;
+ rem -= n;
+ if (rem < 1)
+ return -1;
+ *p = '\0';
+
+ return 0;
+}
+
+int do_wget(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[])
+{
+ char *end;
+ char *url;
+ ulong dst_addr;
+ char nurl[1024];
+
+#if CONFIG_IS_ENABLED(WGET_CACERT)
+ if (argc == 4 && !strncmp(argv[1], "cacert", strlen("cacert")))
+ return set_cacert(argv[2], argv[3]);
+ if (argc == 3 && !strncmp(argv[1], "cacert", strlen("cacert"))) {
+#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
+ if (!strncmp(argv[2], "builtin", strlen("builtin")))
+ return set_cacert_builtin();
+#endif
+ if (!strncmp(argv[2], "none", strlen("none")))
+ return set_auth(AUTH_NONE);
+ if (!strncmp(argv[2], "optional", strlen("optional")))
+ return set_auth(AUTH_OPTIONAL);
+ if (!strncmp(argv[2], "required", strlen("required")))
+ return set_auth(AUTH_REQUIRED);
+ return CMD_RET_USAGE;
+ }
+#endif
+
+ if (argc < 2 || argc > 3)
+ return CMD_RET_USAGE;
+
+ dst_addr = hextoul(argv[1], &end);
+ if (end == (argv[1] + strlen(argv[1]))) {
+ if (argc < 3)
+ return CMD_RET_USAGE;
+ url = argv[2];
+ } else {
+ dst_addr = image_load_addr;
+ url = argv[1];
+ }
+
+ if (parse_legacy_arg(url, nurl, sizeof(nurl)))
+ return CMD_RET_FAILURE;
+
+ wget_info = &default_wget_info;
+ if (wget_do_request(dst_addr, nurl))
+ return CMD_RET_FAILURE;
+
+ return CMD_RET_SUCCESS;
+}
@@ -6,6 +6,19 @@
#include <lwip/ip4.h>
#include <lwip/netif.h>
+#if CONFIG_IS_ENABLED(WGET_CACERT)
+/* HTTPS authentication mode */
+enum auth_mode {
+ AUTH_NONE,
+ AUTH_OPTIONAL,
+ AUTH_REQUIRED,
+};
+
+extern char *cacert;
+extern size_t cacert_size;
+extern enum auth_mode cacert_auth_mode;
+#endif
+
enum proto_t {
TFTPGET
};
@@ -5,7 +5,6 @@
#include <console.h>
#include <display_options.h>
#include <efi_loader.h>
-#include <image.h>
#include <linux/kconfig.h>
#include <lwip/apps/http_client.h>
#include "lwip/altcp_tls.h"
@@ -137,72 +136,6 @@ static int parse_url(char *url, char *host, u16 *port, char **path,
return 0;
}
-/*
- * Legacy syntax support
- * Convert [<server_name_or_ip>:]filename into a URL if needed
- */
-static int parse_legacy_arg(char *arg, char *nurl, size_t rem)
-{
- char *p = nurl;
- size_t n;
- char *col = strchr(arg, ':');
- char *env;
- char *server;
- char *path;
-
- if (strstr(arg, "http") == arg) {
- n = snprintf(nurl, rem, "%s", arg);
- if (n < 0 || n > rem)
- return -1;
- return 0;
- }
-
- n = snprintf(p, rem, "%s", "http://");
- if (n < 0 || n > rem)
- return -1;
- p += n;
- rem -= n;
-
- if (col) {
- n = col - arg;
- server = arg;
- path = col + 1;
- } else {
- env = env_get("httpserverip");
- if (!env)
- env = env_get("serverip");
- if (!env) {
- log_err("error: httpserver/serverip has to be set\n");
- return -1;
- }
- n = strlen(env);
- server = env;
- path = arg;
- }
-
- if (rem < n)
- return -1;
- strncpy(p, server, n);
- p += n;
- rem -= n;
- if (rem < 1)
- return -1;
- *p = '/';
- p++;
- rem--;
- n = strlen(path);
- if (rem < n)
- return -1;
- strncpy(p, path, n);
- p += n;
- rem -= n;
- if (rem < 1)
- return -1;
- *p = '\0';
-
- return 0;
-}
-
/**
* store_block() - copy received data
*
@@ -337,93 +270,9 @@ static err_t httpc_headers_done_cb(httpc_state_t *connection, void *arg, struct
return ERR_OK;
}
-#if CONFIG_IS_ENABLED(WGET_HTTPS)
-enum auth_mode {
- AUTH_NONE,
- AUTH_OPTIONAL,
- AUTH_REQUIRED,
-};
-
-static char *cacert;
-static size_t cacert_size;
-static enum auth_mode cacert_auth_mode = AUTH_OPTIONAL;
-#endif
-
-#if CONFIG_IS_ENABLED(WGET_CACERT)
-static int set_auth(enum auth_mode auth)
-{
- cacert_auth_mode = auth;
-
- return CMD_RET_SUCCESS;
-}
-#endif
-
-#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
-extern const char builtin_cacert[];
-extern const size_t builtin_cacert_size;
-static bool cacert_initialized;
-#endif
-
-#if CONFIG_IS_ENABLED(WGET_CACERT) || CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
-static int _set_cacert(const void *addr, size_t sz)
-{
- mbedtls_x509_crt crt;
- void *p;
- int ret;
-
- if (cacert)
- free(cacert);
-
- if (!addr) {
- cacert = NULL;
- cacert_size = 0;
- return CMD_RET_SUCCESS;
- }
-
- p = malloc(sz);
- if (!p)
- return CMD_RET_FAILURE;
- cacert = p;
- cacert_size = sz;
-
- memcpy(cacert, (void *)addr, sz);
-
- mbedtls_x509_crt_init(&crt);
- ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size);
- if (ret) {
- if (!wget_info->silent)
- printf("Could not parse certificates (%d)\n", ret);
- free(cacert);
- cacert = NULL;
- cacert_size = 0;
- return CMD_RET_FAILURE;
- }
-
-#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
- cacert_initialized = true;
-#endif
- return CMD_RET_SUCCESS;
-}
-
-#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
-static int set_cacert_builtin(void)
-{
- return _set_cacert(builtin_cacert, builtin_cacert_size);
-}
-#endif
#if CONFIG_IS_ENABLED(WGET_CACERT)
-static int set_cacert(char * const saddr, char * const ssz)
-{
- ulong addr, sz;
-
- addr = hextoul(saddr, NULL);
- sz = hextoul(ssz, NULL);
-
- return _set_cacert((void *)addr, sz);
-}
#endif
-#endif /* CONFIG_WGET_CACERT || CONFIG_WGET_BUILTIN_CACERT */
int wget_do_request(ulong dst_addr, char *uri)
{
@@ -463,9 +312,10 @@ int wget_do_request(ulong dst_addr, char *uri)
memset(&conn, 0, sizeof(conn));
#if CONFIG_IS_ENABLED(WGET_HTTPS)
if (is_https) {
- char *ca;
- size_t ca_sz;
+ char *ca = NULL;
+ size_t ca_sz = 0;
+#if CONFIG_IS_ENABLED(WGET_CACERT)
#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
if (!cacert_initialized)
set_cacert_builtin();
@@ -492,7 +342,7 @@ int wget_do_request(ulong dst_addr, char *uri)
* with no verification if not.
*/
}
-
+#endif
if (!ca && !wget_info->silent) {
printf("WARNING: no CA certificates, ");
printf("HTTPS connections not authenticated\n");
@@ -541,54 +391,6 @@ int wget_do_request(ulong dst_addr, char *uri)
return -1;
}
-int do_wget(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[])
-{
- char *end;
- char *url;
- ulong dst_addr;
- char nurl[1024];
-
-#if CONFIG_IS_ENABLED(WGET_CACERT)
- if (argc == 4 && !strncmp(argv[1], "cacert", strlen("cacert")))
- return set_cacert(argv[2], argv[3]);
- if (argc == 3 && !strncmp(argv[1], "cacert", strlen("cacert"))) {
-#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
- if (!strncmp(argv[2], "builtin", strlen("builtin")))
- return set_cacert_builtin();
-#endif
- if (!strncmp(argv[2], "none", strlen("none")))
- return set_auth(AUTH_NONE);
- if (!strncmp(argv[2], "optional", strlen("optional")))
- return set_auth(AUTH_OPTIONAL);
- if (!strncmp(argv[2], "required", strlen("required")))
- return set_auth(AUTH_REQUIRED);
- return CMD_RET_USAGE;
- }
-#endif
-
- if (argc < 2 || argc > 3)
- return CMD_RET_USAGE;
-
- dst_addr = hextoul(argv[1], &end);
- if (end == (argv[1] + strlen(argv[1]))) {
- if (argc < 3)
- return CMD_RET_USAGE;
- url = argv[2];
- } else {
- dst_addr = image_load_addr;
- url = argv[1];
- }
-
- if (parse_legacy_arg(url, nurl, sizeof(nurl)))
- return CMD_RET_FAILURE;
-
- wget_info = &default_wget_info;
- if (wget_do_request(dst_addr, nurl))
- return CMD_RET_FAILURE;
-
- return CMD_RET_SUCCESS;
-}
-
/**
* wget_validate_uri() - validate the uri for wget
*
Split net/lwip/wget.c in two: one part which implements CONFIG_WGET stays in net/ while the part that implements CONFIG_CMD_WGET is moved into cmd/. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> --- Changes in v2: - New patch cmd/lwip/wget.c | 192 ++++++++++++++++++++++++++++++++++++++++++ include/net-lwip.h | 13 +++ net/lwip/wget.c | 206 +-------------------------------------------- 3 files changed, 209 insertions(+), 202 deletions(-)