RK3308 平台升级libopenssl的方法

1.背景

由于安全漏洞原因，需要升级当前RK3308 buildroot 中libopenssl 为最新版本3.2.0

2.openssl latest stable version

从openssl官网可以查看当前支持的最新  [ Downloads ] - /source/index.html  可以查看当前支持的最新latest stable version。

本次更新为最新的3.2.0

3.注意事项

LIBOPENSSL_TARGET_ARCH的选择

+++ b/buildroot/package/libopenssl/libopenssl.mk
@@ -12,7 +12,8 @@ LIBOPENSSL_LICENSE_FILES = LICENSE.txt
 LIBOPENSSL_INSTALL_STAGING = YES
 LIBOPENSSL_DEPENDENCIES = zlib
 HOST_LIBOPENSSL_DEPENDENCIES = host-zlib
-LIBOPENSSL_TARGET_ARCH = $(call qstrip,$(BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH))
+#LIBOPENSSL_TARGET_ARCH = $(call qstrip,$(BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH))
+LIBOPENSSL_TARGET_ARCH = linux-generic32

LIBOPENSSL_TARGET_ARCH 此处必须设置为 linux-generic32 ，否则由于recovery 编译使用的是32bit位CPU配置，recovery中的libopenssl编译时会出现不支持aarch64 汇编指令的错误，引起整个buildroot 构建过成失败。

更新hostapd

由于hostapd依赖于libopenssl，安全起见hostapd同步升级为当前最新版本2.10，升级后编译会出现如下问题

  CC  ../src/ap/ndisc_snoop.c
  CC  ../src/drivers/driver_common.c
../src/crypto/crypto_openssl.c: In function ‘md4_vector’:
../src/crypto/crypto_openssl.c:156:31: warning: implicit declaration of function ‘EVP_md4’ [-Wimplicit-function-declaration]
  return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
                               ^~~~~~~
../src/crypto/crypto_openssl.c:156:31: warning: passing argument 1 of ‘openssl_digest_vector’ makes pointer from integer without a cast [-Wint-conversion]
../src/crypto/crypto_openssl.c:113:12: note: expected ‘const EVP_MD * {aka const struct evp_md_st *}’ but argument is of type ‘int’
 static int openssl_digest_vector(const EVP_MD *type, size_t num_elem,
            ^~~~~~~~~~~~~~~~~~~~~
../src/crypto/crypto_openssl.c: In function ‘des_encrypt’:
../src/crypto/crypto_openssl.c:165:2: error: unknown type name ‘DES_key_schedule’
  DES_key_schedule ks;
  ^~~~~~~~~~~~~~~~
../src/crypto/crypto_openssl.c:176:2: warning: implicit declaration of function ‘DES_set_key’ [-Wimplicit-function-declaration]
  DES_set_key((DES_cblock *) &pkey, &ks);
  ^~~~~~~~~~~
../src/crypto/crypto_openssl.c:176:15: error: ‘DES_cblock’ undeclared (first use in this function)
  DES_set_key((DES_cblock *) &pkey, &ks);
               ^~~~~~~~~~
../src/crypto/crypto_openssl.c:176:15: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/crypto_openssl.c:176:27: error: expected expression before ‘)’ token
  DES_set_key((DES_cblock *) &pkey, &ks);

更新如下修复编译问题 

diff --git a/buildroot/package/openssl/Config.in b/buildroot/package/openssl/Config.in
index d84033141..db8c361d4 100644
--- a/buildroot/package/openssl/Config.in
+++ b/buildroot/package/openssl/Config.in
@@ -30,7 +30,7 @@ config BR2_PACKAGE_LIBOPENSSL
          Note: Some helper scripts need perl.
 
 if BR2_PACKAGE_LIBOPENSSL
-
+source "package/libopenssl/Config.in"
 config BR2_PACKAGE_LIBOPENSSL_BIN
        bool "openssl binary"
        help

openssh

openssh 也依赖于libopenssl 因此同步也更新为当前最新版本9.6p1