From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Wed, 25 Jun 2025 13:19:13 +0000 (+0200)
Subject: lwip: split net/lwip/wget.c
X-Git-Tag: v2025.10-rc1~132^2~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d3761a31ef094596361624b73d56479a2fe1e573;p=thirdparty%2Fu-boot.git

lwip: split net/lwip/wget.c

Split net/lwip/wget.c in two: one part which implements CONFIG_WGET
stays in net/ while the part that implements CONFIG_CMD_WGET is moved
into cmd/.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
---

diff --git a/cmd/lwip/wget.c b/cmd/lwip/wget.c
index 3f5b9952c93..fc9bc11cd83 100644
--- a/cmd/lwip/wget.c
+++ b/cmd/lwip/wget.c
@@ -2,7 +2,10 @@
 /* Copyright (C) 2024-2025 Linaro Ltd. */
 
 #include <command.h>
+#include <env.h>
+#include <image.h>
 #include <net.h>
+#include <lwip/altcp_tls.h>
 
 U_BOOT_CMD(wget, 4, 1, do_wget,
 	   "boot image via network using HTTP/HTTPS protocol"
@@ -24,3 +27,196 @@ U_BOOT_CMD(wget, 4, 1, do_wget,
 #endif
 #endif
 );
+
+#if CONFIG_IS_ENABLED(WGET_CACERT) || CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
+char *cacert;
+size_t cacert_size;
+enum auth_mode cacert_auth_mode = AUTH_OPTIONAL;
+
+#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
+extern const char builtin_cacert[];
+extern const size_t builtin_cacert_size;
+bool cacert_initialized;
+#endif
+
+static int _set_cacert(const void *addr, size_t sz)
+{
+	mbedtls_x509_crt crt;
+	void *p;
+	int ret;
+
+	if (cacert)
+		free(cacert);
+
+	if (!addr) {
+		cacert = NULL;
+		cacert_size = 0;
+		return CMD_RET_SUCCESS;
+	}
+
+	p = malloc(sz);
+	if (!p)
+		return CMD_RET_FAILURE;
+	cacert = p;
+	cacert_size = sz;
+
+	memcpy(cacert, (void *)addr, sz);
+
+	mbedtls_x509_crt_init(&crt);
+	ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size);
+	if (ret) {
+		if (!wget_info->silent)
+			printf("Could not parse certificates (%d)\n", ret);
+		free(cacert);
+		cacert = NULL;
+		cacert_size = 0;
+		return CMD_RET_FAILURE;
+	}
+
+#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
+	cacert_initialized = true;
+#endif
+	return CMD_RET_SUCCESS;
+}
+
+#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
+int set_cacert_builtin(void)
+{
+	cacert_auth_mode = AUTH_REQUIRED;
+	return _set_cacert(builtin_cacert, builtin_cacert_size);
+}
+#endif
+#endif  /* CONFIG_WGET_CACERT || CONFIG_WGET_BUILTIN_CACERT */
+
+#if CONFIG_IS_ENABLED(WGET_CACERT)
+static int set_auth(enum auth_mode auth)
+{
+	cacert_auth_mode = auth;
+
+	return CMD_RET_SUCCESS;
+}
+
+static int set_cacert(char * const saddr, char * const ssz)
+{
+	ulong addr, sz;
+
+	addr = hextoul(saddr, NULL);
+	sz = hextoul(ssz, NULL);
+
+	return _set_cacert((void *)addr, sz);
+}
+#endif
+
+/*
+ * Legacy syntax support
+ * Convert [<server_name_or_ip>:]filename into a URL if needed
+ */
+static int parse_legacy_arg(char *arg, char *nurl, size_t rem)
+{
+	char *p = nurl;
+	size_t n;
+	char *col = strchr(arg, ':');
+	char *env;
+	char *server;
+	char *path;
+
+	if (strstr(arg, "http") == arg) {
+		n = snprintf(nurl, rem, "%s", arg);
+		if (n < 0 || n > rem)
+			return -1;
+		return 0;
+	}
+
+	n = snprintf(p, rem, "%s", "http://");
+	if (n < 0 || n > rem)
+		return -1;
+	p += n;
+	rem -= n;
+
+	if (col) {
+		n = col - arg;
+		server = arg;
+		path = col + 1;
+	} else {
+		env = env_get("httpserverip");
+		if (!env)
+			env = env_get("serverip");
+		if (!env) {
+			log_err("error: httpserver/serverip has to be set\n");
+			return -1;
+		}
+		n = strlen(env);
+		server = env;
+		path = arg;
+	}
+
+	if (rem < n)
+		return -1;
+	strncpy(p, server, n);
+	p += n;
+	rem -= n;
+	if (rem < 1)
+		return -1;
+	*p = '/';
+	p++;
+	rem--;
+	n = strlen(path);
+	if (rem < n)
+		return -1;
+	strncpy(p, path, n);
+	p += n;
+	rem -= n;
+	if (rem < 1)
+		return -1;
+	*p = '\0';
+
+	return 0;
+}
+
+int do_wget(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[])
+{
+	char *end;
+	char *url;
+	ulong dst_addr;
+	char nurl[1024];
+
+#if CONFIG_IS_ENABLED(WGET_CACERT)
+	if (argc == 4 && !strncmp(argv[1], "cacert", strlen("cacert")))
+		return set_cacert(argv[2], argv[3]);
+	if (argc == 3 && !strncmp(argv[1], "cacert", strlen("cacert"))) {
+#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
+		if (!strncmp(argv[2], "builtin", strlen("builtin")))
+			return set_cacert_builtin();
+#endif
+		if (!strncmp(argv[2], "none", strlen("none")))
+			return set_auth(AUTH_NONE);
+		if (!strncmp(argv[2], "optional", strlen("optional")))
+			return set_auth(AUTH_OPTIONAL);
+		if (!strncmp(argv[2], "required", strlen("required")))
+			return set_auth(AUTH_REQUIRED);
+		return CMD_RET_USAGE;
+	}
+#endif
+
+	if (argc < 2 || argc > 3)
+		return CMD_RET_USAGE;
+
+	dst_addr = hextoul(argv[1], &end);
+	if (end == (argv[1] + strlen(argv[1]))) {
+		if (argc < 3)
+			return CMD_RET_USAGE;
+		url = argv[2];
+	} else {
+		dst_addr = image_load_addr;
+		url = argv[1];
+	}
+
+	if (parse_legacy_arg(url, nurl, sizeof(nurl)))
+		return CMD_RET_FAILURE;
+
+	wget_info = &default_wget_info;
+	if (wget_do_request(dst_addr, nurl))
+		return CMD_RET_FAILURE;
+
+	return CMD_RET_SUCCESS;
+}
diff --git a/include/net-lwip.h b/include/net-lwip.h
index 6b5eb1990fb..58cd38423f8 100644
--- a/include/net-lwip.h
+++ b/include/net-lwip.h
@@ -6,6 +6,20 @@
 #include <lwip/ip4.h>
 #include <lwip/netif.h>
 
+/* HTTPS authentication mode */
+enum auth_mode {
+	AUTH_NONE,
+	AUTH_OPTIONAL,
+	AUTH_REQUIRED,
+};
+
+extern char *cacert;
+extern size_t cacert_size;
+extern enum auth_mode cacert_auth_mode;
+extern bool cacert_initialized;
+
+int set_cacert_builtin(void);
+
 enum proto_t {
 	TFTPGET
 };
diff --git a/net/lwip/wget.c b/net/lwip/wget.c
index f9af2fc0d2b..55bd2b72e26 100644
--- a/net/lwip/wget.c
+++ b/net/lwip/wget.c
@@ -6,7 +6,6 @@
 #include <display_options.h>
 #include <efi_loader.h>
 #include <env.h>
-#include <image.h>
 #include <linux/kconfig.h>
 #include <lwip/apps/http_client.h>
 #include "lwip/altcp_tls.h"
@@ -138,72 +137,6 @@ static int parse_url(char *url, char *host, u16 *port, char **path,
 	return 0;
 }
 
-/*
- * Legacy syntax support
- * Convert [<server_name_or_ip>:]filename into a URL if needed
- */
-static int parse_legacy_arg(char *arg, char *nurl, size_t rem)
-{
-	char *p = nurl;
-	size_t n;
-	char *col = strchr(arg, ':');
-	char *env;
-	char *server;
-	char *path;
-
-	if (strstr(arg, "http") == arg) {
-		n = snprintf(nurl, rem, "%s", arg);
-		if (n < 0 || n > rem)
-			return -1;
-		return 0;
-	}
-
-	n = snprintf(p, rem, "%s", "http://");
-	if (n < 0 || n > rem)
-		return -1;
-	p += n;
-	rem -= n;
-
-	if (col) {
-		n = col - arg;
-		server = arg;
-		path = col + 1;
-	} else {
-		env = env_get("httpserverip");
-		if (!env)
-			env = env_get("serverip");
-		if (!env) {
-			log_err("error: httpserver/serverip has to be set\n");
-			return -1;
-		}
-		n = strlen(env);
-		server = env;
-		path = arg;
-	}
-
-	if (rem < n)
-		return -1;
-	strncpy(p, server, n);
-	p += n;
-	rem -= n;
-	if (rem < 1)
-		return -1;
-	*p = '/';
-	p++;
-	rem--;
-	n = strlen(path);
-	if (rem < n)
-		return -1;
-	strncpy(p, path, n);
-	p += n;
-	rem -= n;
-	if (rem < 1)
-		return -1;
-	*p = '\0';
-
-	return 0;
-}
-
 /**
  * store_block() - copy received data
  *
@@ -338,94 +271,10 @@ static err_t httpc_headers_done_cb(httpc_state_t *connection, void *arg, struct
 	return ERR_OK;
 }
 
-#if CONFIG_IS_ENABLED(WGET_HTTPS)
-enum auth_mode {
-	AUTH_NONE,
-	AUTH_OPTIONAL,
-	AUTH_REQUIRED,
-};
-
-static char *cacert;
-static size_t cacert_size;
-static enum auth_mode cacert_auth_mode = AUTH_OPTIONAL;
-#endif
 
 #if CONFIG_IS_ENABLED(WGET_CACERT)
-static int set_auth(enum auth_mode auth)
-{
-	cacert_auth_mode = auth;
-
-	return CMD_RET_SUCCESS;
-}
-#endif
-
-#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
-extern const char builtin_cacert[];
-extern const size_t builtin_cacert_size;
-static bool cacert_initialized;
 #endif
 
-#if CONFIG_IS_ENABLED(WGET_CACERT) || CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
-static int _set_cacert(const void *addr, size_t sz)
-{
-	mbedtls_x509_crt crt;
-	void *p;
-	int ret;
-
-	if (cacert)
-		free(cacert);
-
-	if (!addr) {
-		cacert = NULL;
-		cacert_size = 0;
-		return CMD_RET_SUCCESS;
-	}
-
-	p = malloc(sz);
-	if (!p)
-		return CMD_RET_FAILURE;
-	cacert = p;
-	cacert_size = sz;
-
-	memcpy(cacert, (void *)addr, sz);
-
-	mbedtls_x509_crt_init(&crt);
-	ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size);
-	if (ret) {
-		if (!wget_info->silent)
-			printf("Could not parse certificates (%d)\n", ret);
-		free(cacert);
-		cacert = NULL;
-		cacert_size = 0;
-		return CMD_RET_FAILURE;
-	}
-
-#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
-	cacert_initialized = true;
-#endif
-	return CMD_RET_SUCCESS;
-}
-
-#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
-static int set_cacert_builtin(void)
-{
-	return _set_cacert(builtin_cacert, builtin_cacert_size);
-}
-#endif
-
-#if CONFIG_IS_ENABLED(WGET_CACERT)
-static int set_cacert(char * const saddr, char * const ssz)
-{
-	ulong addr, sz;
-
-	addr = hextoul(saddr, NULL);
-	sz = hextoul(ssz, NULL);
-
-	return _set_cacert((void *)addr, sz);
-}
-#endif
-#endif  /* CONFIG_WGET_CACERT || CONFIG_WGET_BUILTIN_CACERT */
-
 int wget_do_request(ulong dst_addr, char *uri)
 {
 #if CONFIG_IS_ENABLED(WGET_HTTPS)
@@ -471,6 +320,7 @@ int wget_do_request(ulong dst_addr, char *uri)
 		char *ca;
 		size_t ca_sz;
 
+#if CONFIG_IS_ENABLED(WGET_CACERT) || CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
 #if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
 		if (!cacert_initialized)
 			set_cacert_builtin();
@@ -497,7 +347,7 @@ int wget_do_request(ulong dst_addr, char *uri)
 			 * with no verification if not.
 			 */
 		}
-
+#endif
 		if (!ca && !wget_info->silent) {
 			printf("WARNING: no CA certificates, ");
 			printf("HTTPS connections not authenticated\n");
@@ -545,54 +395,6 @@ int wget_do_request(ulong dst_addr, char *uri)
 	return -1;
 }
 
-int do_wget(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[])
-{
-	char *end;
-	char *url;
-	ulong dst_addr;
-	char nurl[1024];
-
-#if CONFIG_IS_ENABLED(WGET_CACERT)
-	if (argc == 4 && !strncmp(argv[1], "cacert", strlen("cacert")))
-		return set_cacert(argv[2], argv[3]);
-	if (argc == 3 && !strncmp(argv[1], "cacert", strlen("cacert"))) {
-#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
-		if (!strncmp(argv[2], "builtin", strlen("builtin")))
-			return set_cacert_builtin();
-#endif
-		if (!strncmp(argv[2], "none", strlen("none")))
-			return set_auth(AUTH_NONE);
-		if (!strncmp(argv[2], "optional", strlen("optional")))
-			return set_auth(AUTH_OPTIONAL);
-		if (!strncmp(argv[2], "required", strlen("required")))
-			return set_auth(AUTH_REQUIRED);
-		return CMD_RET_USAGE;
-	}
-#endif
-
-	if (argc < 2 || argc > 3)
-		return CMD_RET_USAGE;
-
-	dst_addr = hextoul(argv[1], &end);
-	if (end == (argv[1] + strlen(argv[1]))) {
-		if (argc < 3)
-			return CMD_RET_USAGE;
-		url = argv[2];
-	} else {
-		dst_addr = image_load_addr;
-		url = argv[1];
-	}
-
-	if (parse_legacy_arg(url, nurl, sizeof(nurl)))
-		return CMD_RET_FAILURE;
-
-	wget_info = &default_wget_info;
-	if (wget_do_request(dst_addr, nurl))
-		return CMD_RET_FAILURE;
-
-	return CMD_RET_SUCCESS;
-}
-
 /**
  * wget_validate_uri() - validate the uri for wget
  *