[v3,05/13] lwip: split net/lwip/wget.c

Message ID	20250617100720.2544758-6-jerome.forissier@linaro.org
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; From: Jerome Forissier <jerome.forissier@linaro.org> To: U-Boot mailing list <u-boot@lists.denx.de> Cc: Jerome Forissier <jerome.forissier@linaro.org>, Adriano Cordova <adrianox@gmail.com>, Heinrich Schuchardt <xypron.glpk@gmx.de>, Ilias Apalodimas <ilias.apalodimas@linaro.org>, Joe Hershberger <joe.hershberger@ni.com>, Michael Walle <mwalle@kernel.org>, Ramon Fried <rfried.dev@gmail.com>, Simon Glass <sjg@chromium.org>, Tom Rini <trini@konsulko.com> Subject: [PATCH v3 05/13] lwip: split net/lwip/wget.c Date: Tue, 17 Jun 2025 12:03:55 +0200 Message-ID: <20250617100720.2544758-6-jerome.forissier@linaro.org> In-Reply-To: <20250617100720.2544758-1-jerome.forissier@linaro.org> References: <20250617100720.2544758-1-jerome.forissier@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	sntp for NET_LWIP \| expand [v3,00/13] sntp for NET_LWIP [v3,01/13] lwip: remove net/lwip/eth_internal.h [v3,02/13] lwip: move net/lwip/dns.c to cmd/lwip [v3,03/13] lwip: move net/lwip/ping.c to cmd/lwip [v3,04/13] lwip: split cmd/net-lwip.c into one file per command [v3,05/13] lwip: split net/lwip/wget.c [v3,06/13] lwip: dns: do not return CMD_RET_FAILURE on successful resolution [v3,07/13] lwip: dns: do not print IP address when a variable is specified [v3,08/13] lwip: add net_lwip_dns_resolve() [v3,09/13] lwip: ping: accept host name when CONFIG_CMD_DNS=y [v3,10/13] net: extract function net_sntp_set_rtc() from sntp_handler() [v3,11/13] lwip: add sntp command [v3,12/13] doc: add doc/cmd/sntp.rst and remove doc/README.SNTP [v3,13/13] configs: qemu_arm64_lwip_defconfig: enable CMD_SNTP

diff --git a/cmd/lwip/wget.c b/cmd/lwip/wget.c index 3f5b9952c93..902d155727b 100644 --- a/cmd/lwip/wget.c +++ b/cmd/lwip/wget.c @@ -2,7 +2,9 @@ /* Copyright (C) 2024-2025 Linaro Ltd. */ #include <command.h> +#include <image.h> #include <net.h> +#include <lwip/altcp_tls.h> U_BOOT_CMD(wget, 4, 1, do_wget, "boot image via network using HTTP/HTTPS protocol" @@ -24,3 +26,196 @@ U_BOOT_CMD(wget, 4, 1, do_wget, #endif #endif ); + +#if CONFIG_IS_ENABLED(WGET_CACERT) || CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) +char *cacert; +size_t cacert_size; +enum auth_mode cacert_auth_mode = AUTH_OPTIONAL; + +#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) +extern const char builtin_cacert[]; +extern const size_t builtin_cacert_size; +bool cacert_initialized; +#endif + +static int _set_cacert(const void *addr, size_t sz) +{ + mbedtls_x509_crt crt; + void *p; + int ret; + + if (cacert) + free(cacert); + + if (!addr) { + cacert = NULL; + cacert_size = 0; + return CMD_RET_SUCCESS; + } + + p = malloc(sz); + if (!p) + return CMD_RET_FAILURE; + cacert = p; + cacert_size = sz; + + memcpy(cacert, (void *)addr, sz); + + mbedtls_x509_crt_init(&crt); + ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size); + if (ret) { + if (!wget_info->silent) + printf("Could not parse certificates (%d)\n", ret); + free(cacert); + cacert = NULL; + cacert_size = 0; + return CMD_RET_FAILURE; + } + +#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) + cacert_initialized = true; +#endif + return CMD_RET_SUCCESS; +} + +#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) +int set_cacert_builtin(void) +{ + cacert_auth_mode = AUTH_REQUIRED; + return _set_cacert(builtin_cacert, builtin_cacert_size); +} +#endif +#endif /* CONFIG_WGET_CACERT || CONFIG_WGET_BUILTIN_CACERT */ + +#if CONFIG_IS_ENABLED(WGET_CACERT) +static int set_auth(enum auth_mode auth) +{ + cacert_auth_mode = auth; + + return CMD_RET_SUCCESS; +} + +static int set_cacert(char * const saddr, char * const ssz) +{ + ulong addr, sz; + + addr = hextoul(saddr, NULL); + sz = hextoul(ssz, NULL); + + return _set_cacert((void *)addr, sz); +} +#endif + +/* + * Legacy syntax support + * Convert [<server_name_or_ip>:]filename into a URL if needed + */ +static int parse_legacy_arg(char *arg, char *nurl, size_t rem) +{ + char *p = nurl; + size_t n; + char *col = strchr(arg, ':'); + char *env; + char *server; + char *path; + + if (strstr(arg, "http") == arg) { + n = snprintf(nurl, rem, "%s", arg); + if (n < 0 || n > rem) + return -1; + return 0; + } + + n = snprintf(p, rem, "%s", "http://"); + if (n < 0 || n > rem) + return -1; + p += n; + rem -= n; + + if (col) { + n = col - arg; + server = arg; + path = col + 1; + } else { + env = env_get("httpserverip"); + if (!env) + env = env_get("serverip"); + if (!env) { + log_err("error: httpserver/serverip has to be set\n"); + return -1; + } + n = strlen(env); + server = env; + path = arg; + } + + if (rem < n) + return -1; + strncpy(p, server, n); + p += n; + rem -= n; + if (rem < 1) + return -1; + *p = '/'; + p++; + rem--; + n = strlen(path); + if (rem < n) + return -1; + strncpy(p, path, n); + p += n; + rem -= n; + if (rem < 1) + return -1; + *p = '\0'; + + return 0; +} + +int do_wget(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]) +{ + char *end; + char *url; + ulong dst_addr; + char nurl[1024]; + +#if CONFIG_IS_ENABLED(WGET_CACERT) + if (argc == 4 && !strncmp(argv[1], "cacert", strlen("cacert"))) + return set_cacert(argv[2], argv[3]); + if (argc == 3 && !strncmp(argv[1], "cacert", strlen("cacert"))) { +#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) + if (!strncmp(argv[2], "builtin", strlen("builtin"))) + return set_cacert_builtin(); +#endif + if (!strncmp(argv[2], "none", strlen("none"))) + return set_auth(AUTH_NONE); + if (!strncmp(argv[2], "optional", strlen("optional"))) + return set_auth(AUTH_OPTIONAL); + if (!strncmp(argv[2], "required", strlen("required"))) + return set_auth(AUTH_REQUIRED); + return CMD_RET_USAGE; + } +#endif + + if (argc < 2 || argc > 3) + return CMD_RET_USAGE; + + dst_addr = hextoul(argv[1], &end); + if (end == (argv[1] + strlen(argv[1]))) { + if (argc < 3) + return CMD_RET_USAGE; + url = argv[2]; + } else { + dst_addr = image_load_addr; + url = argv[1]; + } + + if (parse_legacy_arg(url, nurl, sizeof(nurl))) + return CMD_RET_FAILURE; + + wget_info = &default_wget_info; + if (wget_do_request(dst_addr, nurl)) + return CMD_RET_FAILURE; + + return CMD_RET_SUCCESS; +} diff --git a/include/net-lwip.h b/include/net-lwip.h index b762956e8fd..9c1167482e9 100644 --- a/include/net-lwip.h +++ b/include/net-lwip.h @@ -6,6 +6,20 @@ #include <lwip/ip4.h> #include <lwip/netif.h> +/* HTTPS authentication mode */ +enum auth_mode { + AUTH_NONE, + AUTH_OPTIONAL, + AUTH_REQUIRED, +}; + +extern char *cacert; +extern size_t cacert_size; +extern enum auth_mode cacert_auth_mode; +extern bool cacert_initialized; + +int set_cacert_builtin(void); + enum proto_t { TFTPGET }; diff --git a/net/lwip/wget.c b/net/lwip/wget.c index ea1113e18b1..539812b68e9 100644 --- a/net/lwip/wget.c +++ b/net/lwip/wget.c @@ -5,7 +5,6 @@ #include <console.h> #include <display_options.h> #include <efi_loader.h> -#include <image.h> #include <linux/kconfig.h> #include <lwip/apps/http_client.h> #include "lwip/altcp_tls.h" @@ -137,72 +136,6 @@ static int parse_url(char *url, char *host, u16 *port, char **path, return 0; } -/* - * Legacy syntax support - * Convert [<server_name_or_ip>:]filename into a URL if needed - */ -static int parse_legacy_arg(char *arg, char *nurl, size_t rem) -{ - char *p = nurl; - size_t n; - char *col = strchr(arg, ':'); - char *env; - char *server; - char *path; - - if (strstr(arg, "http") == arg) { - n = snprintf(nurl, rem, "%s", arg); - if (n < 0 || n > rem) - return -1; - return 0; - } - - n = snprintf(p, rem, "%s", "http://"); - if (n < 0 || n > rem) - return -1; - p += n; - rem -= n; - - if (col) { - n = col - arg; - server = arg; - path = col + 1; - } else { - env = env_get("httpserverip"); - if (!env) - env = env_get("serverip"); - if (!env) { - log_err("error: httpserver/serverip has to be set\n"); - return -1; - } - n = strlen(env); - server = env; - path = arg; - } - - if (rem < n) - return -1; - strncpy(p, server, n); - p += n; - rem -= n; - if (rem < 1) - return -1; - *p = '/'; - p++; - rem--; - n = strlen(path); - if (rem < n) - return -1; - strncpy(p, path, n); - p += n; - rem -= n; - if (rem < 1) - return -1; - *p = '\0'; - - return 0; -} - /** * store_block() - copy received data * @@ -337,93 +270,9 @@ static err_t httpc_headers_done_cb(httpc_state_t *connection, void *arg, struct return ERR_OK; } -#if CONFIG_IS_ENABLED(WGET_HTTPS) -enum auth_mode { - AUTH_NONE, - AUTH_OPTIONAL, - AUTH_REQUIRED, -}; - -static char *cacert; -static size_t cacert_size; -static enum auth_mode cacert_auth_mode = AUTH_OPTIONAL; -#endif - -#if CONFIG_IS_ENABLED(WGET_CACERT) -static int set_auth(enum auth_mode auth) -{ - cacert_auth_mode = auth; - - return CMD_RET_SUCCESS; -} -#endif - -#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) -extern const char builtin_cacert[]; -extern const size_t builtin_cacert_size; -static bool cacert_initialized; -#endif - -#if CONFIG_IS_ENABLED(WGET_CACERT) || CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) -static int _set_cacert(const void *addr, size_t sz) -{ - mbedtls_x509_crt crt; - void *p; - int ret; - - if (cacert) - free(cacert); - - if (!addr) { - cacert = NULL; - cacert_size = 0; - return CMD_RET_SUCCESS; - } - - p = malloc(sz); - if (!p) - return CMD_RET_FAILURE; - cacert = p; - cacert_size = sz; - - memcpy(cacert, (void *)addr, sz); - - mbedtls_x509_crt_init(&crt); - ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size); - if (ret) { - if (!wget_info->silent) - printf("Could not parse certificates (%d)\n", ret); - free(cacert); - cacert = NULL; - cacert_size = 0; - return CMD_RET_FAILURE; - } - -#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) - cacert_initialized = true; -#endif - return CMD_RET_SUCCESS; -} - -#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) -static int set_cacert_builtin(void) -{ - return _set_cacert(builtin_cacert, builtin_cacert_size); -} -#endif #if CONFIG_IS_ENABLED(WGET_CACERT) -static int set_cacert(char * const saddr, char * const ssz) -{ - ulong addr, sz; - - addr = hextoul(saddr, NULL); - sz = hextoul(ssz, NULL); - - return _set_cacert((void *)addr, sz); -} #endif -#endif /* CONFIG_WGET_CACERT || CONFIG_WGET_BUILTIN_CACERT */ int wget_do_request(ulong dst_addr, char *uri) { @@ -466,6 +315,7 @@ int wget_do_request(ulong dst_addr, char *uri) char *ca; size_t ca_sz; +#if CONFIG_IS_ENABLED(WGET_CACERT) || CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) #if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) if (!cacert_initialized) set_cacert_builtin(); @@ -492,7 +342,7 @@ int wget_do_request(ulong dst_addr, char *uri) * with no verification if not. */ } - +#endif if (!ca && !wget_info->silent) { printf("WARNING: no CA certificates, "); printf("HTTPS connections not authenticated\n"); @@ -541,54 +391,6 @@ int wget_do_request(ulong dst_addr, char *uri) return -1; } -int do_wget(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]) -{ - char *end; - char *url; - ulong dst_addr; - char nurl[1024]; - -#if CONFIG_IS_ENABLED(WGET_CACERT) - if (argc == 4 && !strncmp(argv[1], "cacert", strlen("cacert"))) - return set_cacert(argv[2], argv[3]); - if (argc == 3 && !strncmp(argv[1], "cacert", strlen("cacert"))) { -#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT) - if (!strncmp(argv[2], "builtin", strlen("builtin"))) - return set_cacert_builtin(); -#endif - if (!strncmp(argv[2], "none", strlen("none"))) - return set_auth(AUTH_NONE); - if (!strncmp(argv[2], "optional", strlen("optional"))) - return set_auth(AUTH_OPTIONAL); - if (!strncmp(argv[2], "required", strlen("required"))) - return set_auth(AUTH_REQUIRED); - return CMD_RET_USAGE; - } -#endif - - if (argc < 2 || argc > 3) - return CMD_RET_USAGE; - - dst_addr = hextoul(argv[1], &end); - if (end == (argv[1] + strlen(argv[1]))) { - if (argc < 3) - return CMD_RET_USAGE; - url = argv[2]; - } else { - dst_addr = image_load_addr; - url = argv[1]; - } - - if (parse_legacy_arg(url, nurl, sizeof(nurl))) - return CMD_RET_FAILURE; - - wget_info = &default_wget_info; - if (wget_do_request(dst_addr, nurl)) - return CMD_RET_FAILURE; - - return CMD_RET_SUCCESS; -} - /** * wget_validate_uri() - validate the uri for wget *

[v3,05/13] lwip: split net/lwip/wget.c

Commit Message

Patch