net, net-lwip: wget: suppress console output when called by EFI
Functions called from EFI applications should not do console output.
Refactor the wget code to implement this requirement. The wget_http_info
struct is used to hold the boolean that signifies whether the output is
allowed or not.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
diff --git a/doc/usage/cmd/wget.rst b/doc/usage/cmd/wget.rst
index cc82e49..44033aa 100644
--- a/doc/usage/cmd/wget.rst
+++ b/doc/usage/cmd/wget.rst
@@ -141,9 +141,9 @@
Bytes transferred = 1864 (748 hex)
# Another server not signed against Digicert will fail
=> wget https://www.google.com/
- Certificate verification failed
HTTP client error 4
+ Certificate verification failed
# Disable authentication to allow the command to proceed anyways
=> wget cacert none
=> wget https://www.google.com/
diff --git a/include/net-common.h b/include/net-common.h
index e536968..7853612 100644
--- a/include/net-common.h
+++ b/include/net-common.h
@@ -570,6 +570,7 @@
* Filled by client.
* @hdr_cont_len: content length according to headers. Filled by wget
* @headers: buffer for headers. Filled by wget.
+ * @silent: do not print anything to the console. Filled by client.
*/
struct wget_http_info {
enum wget_http_method method;
@@ -580,6 +581,7 @@
bool check_buffer_size;
u32 hdr_cont_len;
char *headers;
+ bool silent;
};
extern struct wget_http_info default_wget_info;
diff --git a/lib/efi_loader/efi_net.c b/lib/efi_loader/efi_net.c
index b3291b4..9ff0b69 100644
--- a/lib/efi_loader/efi_net.c
+++ b/lib/efi_loader/efi_net.c
@@ -51,7 +51,7 @@
static struct wget_http_info efi_wget_info = {
.set_bootdev = false,
.check_buffer_size = true,
-
+ .silent = true,
};
#endif
diff --git a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
index ef51a5a..7459bfa 100644
--- a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
+++ b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
@@ -60,6 +60,8 @@
#if LWIP_ALTCP_TLS && LWIP_ALTCP_TLS_MBEDTLS
+#include "lwip/errno.h"
+
#include "lwip/altcp.h"
#include "lwip/altcp_tls.h"
#include "lwip/priv/altcp_priv.h"
@@ -299,7 +301,8 @@
LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ssl_handshake failed: %d\n", ret));
/* handshake failed, connection has to be closed */
if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
- printf("Certificate verification failed\n");
+ /* provide a cause for why the connection is closed to the called */
+ errno = EPERM;
}
if (conn->err) {
conn->err(conn->arg, ERR_CLSD);
@@ -844,9 +847,6 @@
altcp_mbedtls_free_config(conf);
return NULL;
}
- if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
- printf("WARNING: no CA certificates, HTTPS connections not authenticated\n");
- }
mbedtls_ssl_conf_authmode(&conf->conf, authmode);
mbedtls_ssl_conf_rng(&conf->conf, mbedtls_ctr_drbg_random, &altcp_tls_entropy_rng->ctr_drbg);
diff --git a/net/lwip/wget.c b/net/lwip/wget.c
index 77f55fd..812b3c3 100644
--- a/net/lwip/wget.c
+++ b/net/lwip/wget.c
@@ -8,6 +8,7 @@
#include <image.h>
#include <lwip/apps/http_client.h>
#include "lwip/altcp_tls.h"
+#include <lwip/errno.h>
#include <lwip/timeouts.h>
#include <rng.h>
#include <mapmem.h>
@@ -217,7 +218,8 @@
memcpy((void *)ctx->daddr, buf->payload, buf->len);
ctx->daddr += buf->len;
ctx->size += buf->len;
- if (ctx->size - ctx->prevsize > PROGRESS_PRINT_STEP_BYTES) {
+ if (!wget_info->silent &&
+ ctx->size - ctx->prevsize > PROGRESS_PRINT_STEP_BYTES) {
printf("#");
ctx->prevsize = ctx->size;
}
@@ -255,11 +257,15 @@
elapsed = get_timer(ctx->start_time);
if (!elapsed)
elapsed = 1;
- if (rx_content_len > PROGRESS_PRINT_STEP_BYTES)
- printf("\n");
- printf("%u bytes transferred in %lu ms (", rx_content_len, elapsed);
- print_size(rx_content_len / elapsed * 1000, "/s)\n");
- printf("Bytes transferred = %lu (%lx hex)\n", ctx->size, ctx->size);
+ if (!wget_info->silent) {
+ if (rx_content_len > PROGRESS_PRINT_STEP_BYTES)
+ printf("\n");
+ printf("%u bytes transferred in %lu ms (", rx_content_len,
+ elapsed);
+ print_size(rx_content_len / elapsed * 1000, "/s)\n");
+ printf("Bytes transferred = %lu (%lx hex)\n", ctx->size,
+ ctx->size);
+ }
if (wget_info->set_bootdev)
efi_set_bootdev("Http", ctx->server_name, ctx->path, map_sysmem(ctx->saved_daddr, 0),
rx_content_len);
@@ -339,7 +345,8 @@
mbedtls_x509_crt_init(&crt);
ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size);
if (ret) {
- printf("Could not parse certificates (%d)\n", ret);
+ if (!wget_info->silent)
+ printf("Could not parse certificates (%d)\n", ret);
free(cacert);
cacert = NULL;
cacert_size = 0;
@@ -422,9 +429,10 @@
if (cacert_auth_mode == AUTH_REQUIRED) {
if (!ca || !ca_sz) {
- printf("Error: cacert authentication mode is "
- "'required' but no CA certificates "
- "given\n");
+ if (!wget_info->silent)
+ printf("Error: cacert authentication "
+ "mode is 'required' but no CA "
+ "certificates given\n");
return CMD_RET_FAILURE;
}
} else if (cacert_auth_mode == AUTH_NONE) {
@@ -439,6 +447,10 @@
*/
}
+ if (!ca && !wget_info->silent) {
+ printf("WARNING: no CA certificates, ");
+ printf("HTTPS connections not authenticated\n");
+ }
tls_allocator.alloc = &altcp_tls_alloc;
tls_allocator.arg =
altcp_tls_create_config_client(ca, ca_sz,
@@ -463,6 +475,8 @@
return CMD_RET_FAILURE;
}
+ errno = 0;
+
while (!ctx.done) {
net_lwip_rx(udev, netif);
sys_check_timeouts();
@@ -475,6 +489,9 @@
if (ctx.done == SUCCESS)
return 0;
+ if (errno == EPERM && !wget_info->silent)
+ printf("Certificate verification failed\n");
+
return -1;
}
diff --git a/net/wget.c b/net/wget.c
index c73836c..3c0fff4 100644
--- a/net/wget.c
+++ b/net/wget.c
@@ -59,8 +59,10 @@
if (CONFIG_IS_ENABLED(LMB) && wget_info->set_bootdev) {
if (store_addr < image_load_addr ||
lmb_read_check(store_addr, len)) {
- printf("\nwget error: ");
- printf("trying to overwrite reserved memory...\n");
+ if (!wget_info->silent) {
+ printf("\nwget error: ");
+ printf("trying to overwrite reserved memory\n");
+ }
return -1;
}
}
@@ -76,6 +78,9 @@
{
int cnt;
+ if (wget_info->silent)
+ return;
+
if (content_length != -1) {
if (net_boot_file_size > content_length)
content_length = net_boot_file_size;
@@ -101,11 +106,15 @@
net_set_state(wget_loop_state);
if (wget_loop_state != NETLOOP_SUCCESS) {
net_boot_file_size = 0;
- printf("\nwget: Transfer Fail, TCP status - %d\n", tcp->status);
+ if (!wget_info->silent)
+ printf("\nwget: Transfer Fail, TCP status - %d\n",
+ tcp->status);
return;
}
- printf("\nPackets received %d, Transfer Successful\n", tcp->rx_packets);
+ if (!wget_info->silent)
+ printf("\nPackets received %d, Transfer Successful\n",
+ tcp->rx_packets);
wget_info->file_size = net_boot_file_size;
if (wget_info->method == WGET_HTTP_METHOD_GET && wget_info->set_bootdev) {
efi_set_bootdev("Http", NULL, image_url,
@@ -139,7 +148,8 @@
tcp->state == TCP_ESTABLISHED)
goto end;
- printf("ERROR: misssed HTTP header\n");
+ if (!wget_info->silent)
+ printf("ERROR: misssed HTTP header\n");
tcp_stream_close(tcp);
goto end;
}
@@ -346,7 +356,8 @@
tcp_stream_set_on_create_handler(tcp_stream_on_create);
tcp = tcp_stream_connect(web_server_ip, server_port);
if (!tcp) {
- printf("No free tcp streams\n");
+ if (!wget_info->silent)
+ printf("No free tcp streams\n");
net_set_state(NETLOOP_FAIL);
return;
}