[PATCH] mkimage: ecdsa: resolve duplicate symbol error on macOS
Nick Hainke
vincent at systemli.org
Sun Nov 17 17:57:04 CET 2024
When building `mkimage` with LibreSSL version 3.7.3 or higher on macOS,
CI tests in OpenWrt encounter linker errors caused by duplicate symbols.
Specifically, the `_ecdsa_verify` and `_ecdsa_sign` symbols appear in both
`ecdsa-libcrypto.o` and `libcrypto.a`, leading to errors such as:
```
duplicate symbol '_ecdsa_verify' in:
openwrt/build_dir/host/u-boot-2024.01/tools/generated/lib/ecdsa/ecdsa-libcrypto.o
openwrt/staging_dir/host/lib/libcrypto.a[249](libcrypto_la-ecdsa.o)
duplicate symbol '_ecdsa_sign' in:
openwrt/build_dir/host/u-boot-2024.01/tools/generated/lib/ecdsa/ecdsa-libcrypto.o
openwrt/staging_dir/host/lib/libcrypto.a[249](libcrypto_la-ecdsa.o)
ld: 2 duplicate symbols
```
The changes in this commit that address this issue were originally written
by another developer, Linhui Liu, who decided not to send them upstream,
instead submitting a downstream patch as a PR for OpenWrt.
Given the sensitive nature of cryptographic code, I sought feedback from
the project maintainers to ensure correctness and encourage the author to
submit the fix upstream.
Because no action was taken and the original author has been absent for
several months, the OpenWrt project worked around the issue by holding
back LibreSSL at a version below 3.7.3. However, we now aim to bump
LibreSSL to a newer version, making it necessary to apply and upstream
this fix.
Link: https://github.com/openwrt/openwrt/pull/12799
Link: https://github.com/openwrt/openwrt/pull/16901
Signed-off-by: Nick Hainke <vincent at systemli.org>
Cc: Alexandru Gagniuc <mr.nuke.me at gmail.com>
Cc: Matthias Pritschet <matthias.pritschet at itk-engineering.de>
Cc: Simon Glass <sjg at chromium.org>
---
include/u-boot/ecdsa.h | 6 ++++++
lib/ecdsa/ecdsa-libcrypto.c | 6 ++++++
2 files changed, 12 insertions(+)
diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h
index f0ac0f327e..f576c79c8f 100644
--- a/include/u-boot/ecdsa.h
+++ b/include/u-boot/ecdsa.h
@@ -9,6 +9,8 @@
#include <errno.h>
#include <image.h>
+#ifndef __ECDSA_SIGN__
+#define __ECDSA_SIGN__
/**
* crypto_algo API impementation for ECDSA;
* @see "struct crypto_algo"
@@ -33,6 +35,7 @@
*/
int ecdsa_sign(struct image_sign_info *info, const struct image_region region[],
int region_count, uint8_t **sigp, uint *sig_len);
+#endif
/**
* add_verify_data() - Add verification information to FDT
@@ -49,6 +52,8 @@ int ecdsa_sign(struct image_sign_info *info, const struct image_region region[],
*/
int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest);
+#ifndef __ECDSA_VERIFY__
+#define __ECDSA_VERIFY__
/**
* verify() - Verify a signature against some data
*
@@ -63,6 +68,7 @@ int ecdsa_verify(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t *sig, uint sig_len);
/** @} */
+#endif
#define ECDSA256_BYTES (256 / 8)
#define ECDSA384_BYTES (384 / 8)
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 1c5dde6069..9a5b7745fc 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -238,6 +238,8 @@ static int do_verify(struct signer *ctx, struct image_sign_info *info,
return ecdsa_check_signature(ctx, info);
}
+#ifndef __ECDSA_SIGN__
+#define __ECDSA_SIGN__
int ecdsa_sign(struct image_sign_info *info, const struct image_region region[],
int region_count, uint8_t **sigp, uint *sig_len)
{
@@ -256,7 +258,10 @@ int ecdsa_sign(struct image_sign_info *info, const struct image_region region[],
free_ctx(&ctx);
return ret;
}
+#endif
+#ifndef __ECDSA_VERIFY__
+#define __ECDSA_VERIFY__
int ecdsa_verify(struct image_sign_info *info,
const struct image_region region[], int region_count,
uint8_t *sig, uint sig_len)
@@ -271,6 +276,7 @@ int ecdsa_verify(struct image_sign_info *info,
free_ctx(&ctx);
return ret;
}
+#endif
static int do_add(struct signer *ctx, void *fdt, const char *key_node_name,
struct image_sign_info *info)
--
2.47.0
More information about the U-Boot
mailing list