1.背景
由于安全漏洞原因,需要升级当前RK3308 buildroot 中libopenssl 为最新版本3.2.0
2.openssl latest stable version
从openssl官网可以查看当前支持的最新 [ Downloads ] - /source/index.html 可以查看当前支持的最新latest stable version。
本次更新为最新的3.2.0
3.注意事项
LIBOPENSSL_TARGET_ARCH的选择
+++ b/buildroot/package/libopenssl/libopenssl.mk
@@ -12,7 +12,8 @@ LIBOPENSSL_LICENSE_FILES = LICENSE.txt
LIBOPENSSL_INSTALL_STAGING = YES
LIBOPENSSL_DEPENDENCIES = zlib
HOST_LIBOPENSSL_DEPENDENCIES = host-zlib
-LIBOPENSSL_TARGET_ARCH = $(call qstrip,$(BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH))
+#LIBOPENSSL_TARGET_ARCH = $(call qstrip,$(BR2_PACKAGE_LIBOPENSSL_TARGET_ARCH))
+LIBOPENSSL_TARGET_ARCH = linux-generic32
LIBOPENSSL_TARGET_ARCH 此处必须设置为 linux-generic32 ,否则由于recovery 编译使用的是32bit位CPU配置,recovery中的libopenssl编译时会出现不支持aarch64 汇编指令的错误,引起整个buildroot 构建过成失败。
更新hostapd
由于hostapd依赖于libopenssl,安全起见hostapd同步升级为当前最新版本2.10,升级后编译会出现如下问题
CC ../src/ap/ndisc_snoop.c
CC ../src/drivers/driver_common.c
../src/crypto/crypto_openssl.c: In function ‘md4_vector’:
../src/crypto/crypto_openssl.c:156:31: warning: implicit declaration of function ‘EVP_md4’ [-Wimplicit-function-declaration]
return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac);
^~~~~~~
../src/crypto/crypto_openssl.c:156:31: warning: passing argument 1 of ‘openssl_digest_vector’ makes pointer from integer without a cast [-Wint-conversion]
../src/crypto/crypto_openssl.c:113:12: note: expected ‘const EVP_MD * {aka const struct evp_md_st *}’ but argument is of type ‘int’
static int openssl_digest_vector(const EVP_MD *type, size_t num_elem,
^~~~~~~~~~~~~~~~~~~~~
../src/crypto/crypto_openssl.c: In function ‘des_encrypt’:
../src/crypto/crypto_openssl.c:165:2: error: unknown type name ‘DES_key_schedule’
DES_key_schedule ks;
^~~~~~~~~~~~~~~~
../src/crypto/crypto_openssl.c:176:2: warning: implicit declaration of function ‘DES_set_key’ [-Wimplicit-function-declaration]
DES_set_key((DES_cblock *) &pkey, &ks);
^~~~~~~~~~~
../src/crypto/crypto_openssl.c:176:15: error: ‘DES_cblock’ undeclared (first use in this function)
DES_set_key((DES_cblock *) &pkey, &ks);
^~~~~~~~~~
../src/crypto/crypto_openssl.c:176:15: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/crypto_openssl.c:176:27: error: expected expression before ‘)’ token
DES_set_key((DES_cblock *) &pkey, &ks);
更新如下修复编译问题
diff --git a/buildroot/package/openssl/Config.in b/buildroot/package/openssl/Config.in
index d84033141..db8c361d4 100644
--- a/buildroot/package/openssl/Config.in
+++ b/buildroot/package/openssl/Config.in
@@ -30,7 +30,7 @@ config BR2_PACKAGE_LIBOPENSSL
Note: Some helper scripts need perl.
if BR2_PACKAGE_LIBOPENSSL
-
+source "package/libopenssl/Config.in"
config BR2_PACKAGE_LIBOPENSSL_BIN
bool "openssl binary"
help
openssh
openssh 也依赖于libopenssl 因此同步也更新为当前最新版本9.6p1