Functions called from EFI applications should not do console output.
Refactor the wget code to implement this requirement. The wget_http_info
struct is used to hold the boolean that signifies whether the output is
allowed or not.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Bytes transferred = 1864 (748 hex)
# Another server not signed against Digicert will fail
=> wget https://www.google.com/
- Certificate verification failed
HTTP client error 4
+ Certificate verification failed
# Disable authentication to allow the command to proceed anyways
=> wget cacert none
=> wget https://www.google.com/
* Filled by client.
* @hdr_cont_len: content length according to headers. Filled by wget
* @headers: buffer for headers. Filled by wget.
+ * @silent: do not print anything to the console. Filled by client.
*/
struct wget_http_info {
enum wget_http_method method;
bool check_buffer_size;
u32 hdr_cont_len;
char *headers;
+ bool silent;
};
extern struct wget_http_info default_wget_info;
static struct wget_http_info efi_wget_info = {
.set_bootdev = false,
.check_buffer_size = true,
-
+ .silent = true,
};
#endif
#if LWIP_ALTCP_TLS && LWIP_ALTCP_TLS_MBEDTLS
+#include "lwip/errno.h"
+
#include "lwip/altcp.h"
#include "lwip/altcp_tls.h"
#include "lwip/priv/altcp_priv.h"
LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ssl_handshake failed: %d\n", ret));
/* handshake failed, connection has to be closed */
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
- printf("Certificate verification failed\n");
+ /* provide a cause for why the connection is closed to the called */
+ errno = EPERM;
}
if (conn->err) {
conn->err(conn->arg, ERR_CLSD);
altcp_mbedtls_free_config(conf);
return NULL;
}
- if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
- printf("WARNING: no CA certificates, HTTPS connections not authenticated\n");
- }
mbedtls_ssl_conf_authmode(&conf->conf, authmode);
mbedtls_ssl_conf_rng(&conf->conf, mbedtls_ctr_drbg_random, &altcp_tls_entropy_rng->ctr_drbg);
#include <image.h>
#include <lwip/apps/http_client.h>
#include "lwip/altcp_tls.h"
+#include <lwip/errno.h>
#include <lwip/timeouts.h>
#include <rng.h>
#include <mapmem.h>
memcpy((void *)ctx->daddr, buf->payload, buf->len);
ctx->daddr += buf->len;
ctx->size += buf->len;
- if (ctx->size - ctx->prevsize > PROGRESS_PRINT_STEP_BYTES) {
+ if (!wget_info->silent &&
+ ctx->size - ctx->prevsize > PROGRESS_PRINT_STEP_BYTES) {
printf("#");
ctx->prevsize = ctx->size;
}
elapsed = get_timer(ctx->start_time);
if (!elapsed)
elapsed = 1;
- if (rx_content_len > PROGRESS_PRINT_STEP_BYTES)
- printf("\n");
- printf("%u bytes transferred in %lu ms (", rx_content_len, elapsed);
- print_size(rx_content_len / elapsed * 1000, "/s)\n");
- printf("Bytes transferred = %lu (%lx hex)\n", ctx->size, ctx->size);
+ if (!wget_info->silent) {
+ if (rx_content_len > PROGRESS_PRINT_STEP_BYTES)
+ printf("\n");
+ printf("%u bytes transferred in %lu ms (", rx_content_len,
+ elapsed);
+ print_size(rx_content_len / elapsed * 1000, "/s)\n");
+ printf("Bytes transferred = %lu (%lx hex)\n", ctx->size,
+ ctx->size);
+ }
if (wget_info->set_bootdev)
efi_set_bootdev("Http", ctx->server_name, ctx->path, map_sysmem(ctx->saved_daddr, 0),
rx_content_len);
mbedtls_x509_crt_init(&crt);
ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size);
if (ret) {
- printf("Could not parse certificates (%d)\n", ret);
+ if (!wget_info->silent)
+ printf("Could not parse certificates (%d)\n", ret);
free(cacert);
cacert = NULL;
cacert_size = 0;
if (cacert_auth_mode == AUTH_REQUIRED) {
if (!ca || !ca_sz) {
- printf("Error: cacert authentication mode is "
- "'required' but no CA certificates "
- "given\n");
+ if (!wget_info->silent)
+ printf("Error: cacert authentication "
+ "mode is 'required' but no CA "
+ "certificates given\n");
return CMD_RET_FAILURE;
}
} else if (cacert_auth_mode == AUTH_NONE) {
*/
}
+ if (!ca && !wget_info->silent) {
+ printf("WARNING: no CA certificates, ");
+ printf("HTTPS connections not authenticated\n");
+ }
tls_allocator.alloc = &altcp_tls_alloc;
tls_allocator.arg =
altcp_tls_create_config_client(ca, ca_sz,
return CMD_RET_FAILURE;
}
+ errno = 0;
+
while (!ctx.done) {
net_lwip_rx(udev, netif);
sys_check_timeouts();
if (ctx.done == SUCCESS)
return 0;
+ if (errno == EPERM && !wget_info->silent)
+ printf("Certificate verification failed\n");
+
return -1;
}
if (CONFIG_IS_ENABLED(LMB) && wget_info->set_bootdev) {
if (store_addr < image_load_addr ||
lmb_read_check(store_addr, len)) {
- printf("\nwget error: ");
- printf("trying to overwrite reserved memory...\n");
+ if (!wget_info->silent) {
+ printf("\nwget error: ");
+ printf("trying to overwrite reserved memory\n");
+ }
return -1;
}
}
{
int cnt;
+ if (wget_info->silent)
+ return;
+
if (content_length != -1) {
if (net_boot_file_size > content_length)
content_length = net_boot_file_size;
net_set_state(wget_loop_state);
if (wget_loop_state != NETLOOP_SUCCESS) {
net_boot_file_size = 0;
- printf("\nwget: Transfer Fail, TCP status - %d\n", tcp->status);
+ if (!wget_info->silent)
+ printf("\nwget: Transfer Fail, TCP status - %d\n",
+ tcp->status);
return;
}
- printf("\nPackets received %d, Transfer Successful\n", tcp->rx_packets);
+ if (!wget_info->silent)
+ printf("\nPackets received %d, Transfer Successful\n",
+ tcp->rx_packets);
wget_info->file_size = net_boot_file_size;
if (wget_info->method == WGET_HTTP_METHOD_GET && wget_info->set_bootdev) {
efi_set_bootdev("Http", NULL, image_url,
tcp->state == TCP_ESTABLISHED)
goto end;
- printf("ERROR: misssed HTTP header\n");
+ if (!wget_info->silent)
+ printf("ERROR: misssed HTTP header\n");
tcp_stream_close(tcp);
goto end;
}
tcp_stream_set_on_create_handler(tcp_stream_on_create);
tcp = tcp_stream_connect(web_server_ip, server_port);
if (!tcp) {
- printf("No free tcp streams\n");
+ if (!wget_info->silent)
+ printf("No free tcp streams\n");
net_set_state(NETLOOP_FAIL);
return;
}
projects / thirdparty / u-boot.git / commitdiff
