From 9349fc2e9c76d042f424edfa69cf421225bf0fcc Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Thu, 17 Apr 2025 15:26:58 +0200
Subject: [PATCH] net, net-lwip: wget: suppress console output when called by
 EFI

Functions called from EFI applications should not do console output.
Refactor the wget code to implement this requirement. The wget_http_info
struct is used to hold the boolean that signifies whether the output is
allowed or not.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 doc/usage/cmd/wget.rst                        |  2 +-
 include/net-common.h                          |  2 +
 lib/efi_loader/efi_net.c                      |  2 +-
 .../src/apps/altcp_tls/altcp_tls_mbedtls.c    |  8 ++--
 net/lwip/wget.c                               | 37 ++++++++++++++-----
 net/wget.c                                    | 23 +++++++++---
 6 files changed, 52 insertions(+), 22 deletions(-)

diff --git a/doc/usage/cmd/wget.rst b/doc/usage/cmd/wget.rst
index cc82e495a29..44033aaff39 100644
--- a/doc/usage/cmd/wget.rst
+++ b/doc/usage/cmd/wget.rst
@@ -141,9 +141,9 @@ https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt.
    Bytes transferred = 1864 (748 hex)
    # Another server not signed against Digicert will fail
    => wget https://www.google.com/
-   Certificate verification failed
 
    HTTP client error 4
+   Certificate verification failed
    # Disable authentication to allow the command to proceed anyways
    => wget cacert none
    => wget https://www.google.com/
diff --git a/include/net-common.h b/include/net-common.h
index e536968a92b..7853612b237 100644
--- a/include/net-common.h
+++ b/include/net-common.h
@@ -570,6 +570,7 @@ enum wget_http_method {
  *			Filled by client.
  * @hdr_cont_len:	content length according to headers. Filled by wget
  * @headers:		buffer for headers. Filled by wget.
+ * @silent:		do not print anything to the console. Filled by client.
  */
 struct wget_http_info {
 	enum wget_http_method method;
@@ -580,6 +581,7 @@ struct wget_http_info {
 	bool check_buffer_size;
 	u32 hdr_cont_len;
 	char *headers;
+	bool silent;
 };
 
 extern struct wget_http_info default_wget_info;
diff --git a/lib/efi_loader/efi_net.c b/lib/efi_loader/efi_net.c
index b3291b4f1d5..9ff0b691ee1 100644
--- a/lib/efi_loader/efi_net.c
+++ b/lib/efi_loader/efi_net.c
@@ -51,7 +51,7 @@ static int next_dp_entry;
 static struct wget_http_info efi_wget_info = {
 	.set_bootdev = false,
 	.check_buffer_size = true,
-
+	.silent = true,
 };
 #endif
 
diff --git a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
index ef51a5ac168..7459bfa468f 100644
--- a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
+++ b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c
@@ -60,6 +60,8 @@
 
 #if LWIP_ALTCP_TLS && LWIP_ALTCP_TLS_MBEDTLS
 
+#include "lwip/errno.h"
+
 #include "lwip/altcp.h"
 #include "lwip/altcp_tls.h"
 #include "lwip/priv/altcp_priv.h"
@@ -299,7 +301,8 @@ altcp_mbedtls_lower_recv_process(struct altcp_pcb *conn, altcp_mbedtls_state_t *
       LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ssl_handshake failed: %d\n", ret));
       /* handshake failed, connection has to be closed */
       if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
-        printf("Certificate verification failed\n");
+	/* provide a cause for why the connection is closed to the called */
+        errno = EPERM;
       }
       if (conn->err) {
         conn->err(conn->arg, ERR_CLSD);
@@ -844,9 +847,6 @@ altcp_tls_create_config(int is_server, u8_t cert_count, u8_t pkey_count, int hav
     altcp_mbedtls_free_config(conf);
     return NULL;
   }
-  if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
-     printf("WARNING: no CA certificates, HTTPS connections not authenticated\n");
-  }
   mbedtls_ssl_conf_authmode(&conf->conf, authmode);
 
   mbedtls_ssl_conf_rng(&conf->conf, mbedtls_ctr_drbg_random, &altcp_tls_entropy_rng->ctr_drbg);
diff --git a/net/lwip/wget.c b/net/lwip/wget.c
index 77f55fddfac..812b3c3e8e6 100644
--- a/net/lwip/wget.c
+++ b/net/lwip/wget.c
@@ -8,6 +8,7 @@
 #include <image.h>
 #include <lwip/apps/http_client.h>
 #include "lwip/altcp_tls.h"
+#include <lwip/errno.h>
 #include <lwip/timeouts.h>
 #include <rng.h>
 #include <mapmem.h>
@@ -217,7 +218,8 @@ static err_t httpc_recv_cb(void *arg, struct altcp_pcb *pcb, struct pbuf *pbuf,
 		memcpy((void *)ctx->daddr, buf->payload, buf->len);
 		ctx->daddr += buf->len;
 		ctx->size += buf->len;
-		if (ctx->size - ctx->prevsize > PROGRESS_PRINT_STEP_BYTES) {
+		if (!wget_info->silent &&
+		    ctx->size - ctx->prevsize > PROGRESS_PRINT_STEP_BYTES) {
 			printf("#");
 			ctx->prevsize = ctx->size;
 		}
@@ -255,11 +257,15 @@ static void httpc_result_cb(void *arg, httpc_result_t httpc_result,
 	elapsed = get_timer(ctx->start_time);
 	if (!elapsed)
 		elapsed = 1;
-	if (rx_content_len > PROGRESS_PRINT_STEP_BYTES)
-		printf("\n");
-	printf("%u bytes transferred in %lu ms (", rx_content_len, elapsed);
-	print_size(rx_content_len / elapsed * 1000, "/s)\n");
-	printf("Bytes transferred = %lu (%lx hex)\n", ctx->size, ctx->size);
+	if (!wget_info->silent) {
+		if (rx_content_len > PROGRESS_PRINT_STEP_BYTES)
+			printf("\n");
+		printf("%u bytes transferred in %lu ms (", rx_content_len,
+		       elapsed);
+		print_size(rx_content_len / elapsed * 1000, "/s)\n");
+		printf("Bytes transferred = %lu (%lx hex)\n", ctx->size,
+		       ctx->size);
+	}
 	if (wget_info->set_bootdev)
 		efi_set_bootdev("Http", ctx->server_name, ctx->path, map_sysmem(ctx->saved_daddr, 0),
 				rx_content_len);
@@ -339,7 +345,8 @@ static int _set_cacert(const void *addr, size_t sz)
 	mbedtls_x509_crt_init(&crt);
 	ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size);
 	if (ret) {
-		printf("Could not parse certificates (%d)\n", ret);
+		if (!wget_info->silent)
+			printf("Could not parse certificates (%d)\n", ret);
 		free(cacert);
 		cacert = NULL;
 		cacert_size = 0;
@@ -422,9 +429,10 @@ int wget_do_request(ulong dst_addr, char *uri)
 
 		if (cacert_auth_mode == AUTH_REQUIRED) {
 			if (!ca || !ca_sz) {
-				printf("Error: cacert authentication mode is "
-				       "'required' but no CA certificates "
-				       "given\n");
+				if (!wget_info->silent)
+					printf("Error: cacert authentication "
+					       "mode is 'required' but no CA "
+					       "certificates given\n");
 				return CMD_RET_FAILURE;
 		       }
 		} else if (cacert_auth_mode == AUTH_NONE) {
@@ -439,6 +447,10 @@ int wget_do_request(ulong dst_addr, char *uri)
 			 */
 		}
 
+		if (!ca && !wget_info->silent) {
+			printf("WARNING: no CA certificates, ");
+			printf("HTTPS connections not authenticated\n");
+		}
 		tls_allocator.alloc = &altcp_tls_alloc;
 		tls_allocator.arg =
 			altcp_tls_create_config_client(ca, ca_sz,
@@ -463,6 +475,8 @@ int wget_do_request(ulong dst_addr, char *uri)
 		return CMD_RET_FAILURE;
 	}
 
+	errno = 0;
+
 	while (!ctx.done) {
 		net_lwip_rx(udev, netif);
 		sys_check_timeouts();
@@ -475,6 +489,9 @@ int wget_do_request(ulong dst_addr, char *uri)
 	if (ctx.done == SUCCESS)
 		return 0;
 
+	if (errno == EPERM && !wget_info->silent)
+		printf("Certificate verification failed\n");
+
 	return -1;
 }
 
diff --git a/net/wget.c b/net/wget.c
index c73836cbc9d..3c0fff488eb 100644
--- a/net/wget.c
+++ b/net/wget.c
@@ -59,8 +59,10 @@ static inline int store_block(uchar *src, unsigned int offset, unsigned int len)
 	if (CONFIG_IS_ENABLED(LMB) && wget_info->set_bootdev) {
 		if (store_addr < image_load_addr ||
 		    lmb_read_check(store_addr, len)) {
-			printf("\nwget error: ");
-			printf("trying to overwrite reserved memory...\n");
+			if (!wget_info->silent) {
+				printf("\nwget error: ");
+				printf("trying to overwrite reserved memory\n");
+			}
 			return -1;
 		}
 	}
@@ -76,6 +78,9 @@ static void show_block_marker(u32 packets)
 {
 	int cnt;
 
+	if (wget_info->silent)
+		return;
+
 	if (content_length != -1) {
 		if (net_boot_file_size > content_length)
 			content_length = net_boot_file_size;
@@ -101,11 +106,15 @@ static void tcp_stream_on_closed(struct tcp_stream *tcp)
 	net_set_state(wget_loop_state);
 	if (wget_loop_state != NETLOOP_SUCCESS) {
 		net_boot_file_size = 0;
-		printf("\nwget: Transfer Fail, TCP status - %d\n", tcp->status);
+		if (!wget_info->silent)
+			printf("\nwget: Transfer Fail, TCP status - %d\n",
+			       tcp->status);
 		return;
 	}
 
-	printf("\nPackets received %d, Transfer Successful\n", tcp->rx_packets);
+	if (!wget_info->silent)
+		printf("\nPackets received %d, Transfer Successful\n",
+		       tcp->rx_packets);
 	wget_info->file_size = net_boot_file_size;
 	if (wget_info->method == WGET_HTTP_METHOD_GET && wget_info->set_bootdev) {
 		efi_set_bootdev("Http", NULL, image_url,
@@ -139,7 +148,8 @@ static void tcp_stream_on_rcv_nxt_update(struct tcp_stream *tcp, u32 rx_bytes)
 		    tcp->state == TCP_ESTABLISHED)
 			goto end;
 
-		printf("ERROR: misssed HTTP header\n");
+		if (!wget_info->silent)
+			printf("ERROR: misssed HTTP header\n");
 		tcp_stream_close(tcp);
 		goto end;
 	}
@@ -346,7 +356,8 @@ void wget_start(void)
 	tcp_stream_set_on_create_handler(tcp_stream_on_create);
 	tcp = tcp_stream_connect(web_server_ip, server_port);
 	if (!tcp) {
-		printf("No free tcp streams\n");
+		if (!wget_info->silent)
+			printf("No free tcp streams\n");
 		net_set_state(NETLOOP_FAIL);
 		return;
 	}
-- 
2.39.5