Merge branch 'next'
Note that this undoes the changes of commit cf6d4535cc ("x86:
emulation: Disable bloblist for now") as that was intended only for the
release due to time.
This commit is contained in:
Tom Rini
@@ -10,6 +10,12 @@ config LWIP_DEBUG
|
||||
Prints messages to the console regarding network packets that go in
|
||||
and out of the lwIP library.
|
||||
|
||||
config LWIP_DEBUG_RXTX
|
||||
bool "Dump packets sent and received by lwIP"
|
||||
help
|
||||
Performs an hexadecimal & ASCII dump of the data received and sent by
|
||||
the lwIP network stack.
|
||||
|
||||
config LWIP_ASSERT
|
||||
bool "Enable assertions in the lwIP library"
|
||||
help
|
||||
|
||||
@@ -6,3 +6,9 @@ obj-$(CONFIG_CMD_DNS) += dns.o
|
||||
obj-$(CONFIG_CMD_PING) += ping.o
|
||||
obj-$(CONFIG_CMD_TFTPBOOT) += tftp.o
|
||||
obj-$(CONFIG_WGET) += wget.o
|
||||
|
||||
ifeq (y,$(CONFIG_WGET_BUILTIN_CACERT))
|
||||
$(obj)/builtin_cacert.c: $(CONFIG_WGET_BUILTIN_CACERT_PATH:"%"=%) FORCE
|
||||
$(call if_changed,bin2c,builtin_cacert)
|
||||
obj-y += builtin_cacert.o
|
||||
endif
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
#include <command.h>
|
||||
#include <dm/device.h>
|
||||
#include <dm/uclass.h>
|
||||
#include <hexdump.h>
|
||||
#include <lwip/ip4_addr.h>
|
||||
#include <lwip/err.h>
|
||||
#include <lwip/netif.h>
|
||||
@@ -30,12 +31,18 @@ char *pxelinux_configfile;
|
||||
struct in_addr net_ip;
|
||||
char net_boot_file_name[1024];
|
||||
|
||||
static err_t linkoutput(struct netif *netif, struct pbuf *p)
|
||||
static err_t net_lwip_tx(struct netif *netif, struct pbuf *p)
|
||||
{
|
||||
struct udevice *udev = netif->state;
|
||||
void *pp = NULL;
|
||||
int err;
|
||||
|
||||
if (CONFIG_IS_ENABLED(LWIP_DEBUG_RXTX)) {
|
||||
printf("net_lwip_tx: %u bytes, udev %s\n", p->len, udev->name);
|
||||
print_hex_dump("net_lwip_tx: ", 0, 16, 1, p->payload, p->len,
|
||||
true);
|
||||
}
|
||||
|
||||
if ((unsigned long)p->payload % PKTALIGN) {
|
||||
/*
|
||||
* Some net drivers have strict alignment requirements and may
|
||||
@@ -60,7 +67,7 @@ static err_t linkoutput(struct netif *netif, struct pbuf *p)
|
||||
static err_t net_lwip_if_init(struct netif *netif)
|
||||
{
|
||||
netif->output = etharp_output;
|
||||
netif->linkoutput = linkoutput;
|
||||
netif->linkoutput = net_lwip_tx;
|
||||
netif->mtu = 1500;
|
||||
netif->flags = NETIF_FLAG_BROADCAST | NETIF_FLAG_ETHARP | NETIF_FLAG_LINK_UP;
|
||||
|
||||
@@ -265,6 +272,13 @@ int net_lwip_rx(struct udevice *udev, struct netif *netif)
|
||||
flags = 0;
|
||||
|
||||
if (len > 0) {
|
||||
if (CONFIG_IS_ENABLED(LWIP_DEBUG_RXTX)) {
|
||||
printf("net_lwip_tx: %u bytes, udev %s \n", len,
|
||||
udev->name);
|
||||
print_hex_dump("net_lwip_rx: ", 0, 16, 1,
|
||||
packet, len, true);
|
||||
}
|
||||
|
||||
pbuf = alloc_pbuf_and_copy(packet, len);
|
||||
if (pbuf)
|
||||
netif->input(pbuf, netif);
|
||||
|
||||
141
net/lwip/wget.c
141
net/lwip/wget.c
@@ -285,9 +285,96 @@ static err_t httpc_headers_done_cb(httpc_state_t *connection, void *arg, struct
|
||||
return ERR_OK;
|
||||
}
|
||||
|
||||
#if CONFIG_IS_ENABLED(WGET_HTTPS)
|
||||
enum auth_mode {
|
||||
AUTH_NONE,
|
||||
AUTH_OPTIONAL,
|
||||
AUTH_REQUIRED,
|
||||
};
|
||||
|
||||
static char *cacert;
|
||||
static size_t cacert_size;
|
||||
static enum auth_mode cacert_auth_mode = AUTH_OPTIONAL;
|
||||
#endif
|
||||
|
||||
#if CONFIG_IS_ENABLED(WGET_CACERT)
|
||||
static int set_auth(enum auth_mode auth)
|
||||
{
|
||||
cacert_auth_mode = auth;
|
||||
|
||||
return CMD_RET_SUCCESS;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
|
||||
extern const char builtin_cacert[];
|
||||
extern const size_t builtin_cacert_size;
|
||||
static bool cacert_initialized;
|
||||
#endif
|
||||
|
||||
#if CONFIG_IS_ENABLED(WGET_CACERT) || CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
|
||||
static int _set_cacert(const void *addr, size_t sz)
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
void *p;
|
||||
int ret;
|
||||
|
||||
if (cacert)
|
||||
free(cacert);
|
||||
|
||||
if (!addr) {
|
||||
cacert = NULL;
|
||||
cacert_size = 0;
|
||||
return CMD_RET_SUCCESS;
|
||||
}
|
||||
|
||||
p = malloc(sz);
|
||||
if (!p)
|
||||
return CMD_RET_FAILURE;
|
||||
cacert = p;
|
||||
cacert_size = sz;
|
||||
|
||||
memcpy(cacert, (void *)addr, sz);
|
||||
|
||||
mbedtls_x509_crt_init(&crt);
|
||||
ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size);
|
||||
if (ret) {
|
||||
printf("Could not parse certificates (%d)\n", ret);
|
||||
free(cacert);
|
||||
cacert = NULL;
|
||||
cacert_size = 0;
|
||||
return CMD_RET_FAILURE;
|
||||
}
|
||||
|
||||
#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
|
||||
cacert_initialized = true;
|
||||
#endif
|
||||
return CMD_RET_SUCCESS;
|
||||
}
|
||||
|
||||
#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
|
||||
static int set_cacert_builtin(void)
|
||||
{
|
||||
return _set_cacert(builtin_cacert, builtin_cacert_size);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if CONFIG_IS_ENABLED(WGET_CACERT)
|
||||
static int set_cacert(char * const saddr, char * const ssz)
|
||||
{
|
||||
ulong addr, sz;
|
||||
|
||||
addr = hextoul(saddr, NULL);
|
||||
sz = hextoul(ssz, NULL);
|
||||
|
||||
return _set_cacert((void *)addr, sz);
|
||||
}
|
||||
#endif
|
||||
#endif /* CONFIG_WGET_CACERT || CONFIG_WGET_BUILTIN_CACERT */
|
||||
|
||||
static int wget_loop(struct udevice *udev, ulong dst_addr, char *uri)
|
||||
{
|
||||
#if defined CONFIG_WGET_HTTPS
|
||||
#if CONFIG_IS_ENABLED(WGET_HTTPS)
|
||||
altcp_allocator_t tls_allocator;
|
||||
#endif
|
||||
httpc_connection_t conn;
|
||||
@@ -312,11 +399,41 @@ static int wget_loop(struct udevice *udev, ulong dst_addr, char *uri)
|
||||
return -1;
|
||||
|
||||
memset(&conn, 0, sizeof(conn));
|
||||
#if defined CONFIG_WGET_HTTPS
|
||||
#if CONFIG_IS_ENABLED(WGET_HTTPS)
|
||||
if (is_https) {
|
||||
char *ca;
|
||||
size_t ca_sz;
|
||||
|
||||
#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
|
||||
if (!cacert_initialized)
|
||||
set_cacert_builtin();
|
||||
#endif
|
||||
ca = cacert;
|
||||
ca_sz = cacert_size;
|
||||
|
||||
if (cacert_auth_mode == AUTH_REQUIRED) {
|
||||
if (!ca || !ca_sz) {
|
||||
printf("Error: cacert authentication mode is "
|
||||
"'required' but no CA certificates "
|
||||
"given\n");
|
||||
return CMD_RET_FAILURE;
|
||||
}
|
||||
} else if (cacert_auth_mode == AUTH_NONE) {
|
||||
ca = NULL;
|
||||
ca_sz = 0;
|
||||
} else if (cacert_auth_mode == AUTH_OPTIONAL) {
|
||||
/*
|
||||
* Nothing to do, this is the default behavior of
|
||||
* altcp_tls to check server certificates against CA
|
||||
* certificates when the latter are provided and proceed
|
||||
* with no verification if not.
|
||||
*/
|
||||
}
|
||||
|
||||
tls_allocator.alloc = &altcp_tls_alloc;
|
||||
tls_allocator.arg =
|
||||
altcp_tls_create_config_client(NULL, 0, ctx.server_name);
|
||||
altcp_tls_create_config_client(ca, ca_sz,
|
||||
ctx.server_name);
|
||||
|
||||
if (!tls_allocator.arg) {
|
||||
log_err("error: Cannot create a TLS connection\n");
|
||||
@@ -369,6 +486,24 @@ int do_wget(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[])
|
||||
ulong dst_addr;
|
||||
char nurl[1024];
|
||||
|
||||
#if CONFIG_IS_ENABLED(WGET_CACERT)
|
||||
if (argc == 4 && !strncmp(argv[1], "cacert", strlen("cacert")))
|
||||
return set_cacert(argv[2], argv[3]);
|
||||
if (argc == 3 && !strncmp(argv[1], "cacert", strlen("cacert"))) {
|
||||
#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
|
||||
if (!strncmp(argv[2], "builtin", strlen("builtin")))
|
||||
return set_cacert_builtin();
|
||||
#endif
|
||||
if (!strncmp(argv[2], "none", strlen("none")))
|
||||
return set_auth(AUTH_NONE);
|
||||
if (!strncmp(argv[2], "optional", strlen("optional")))
|
||||
return set_auth(AUTH_OPTIONAL);
|
||||
if (!strncmp(argv[2], "required", strlen("required")))
|
||||
return set_auth(AUTH_REQUIRED);
|
||||
return CMD_RET_USAGE;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (argc < 2 || argc > 3)
|
||||
return CMD_RET_USAGE;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user