Upgrade openssl version to 1.1.1n to address CVE-2022-0778

.github/build.sh

@@ -3,6 +3,7 @@
 compileMode="default"
 stMode=false
 sharedLibs=false
+OPENSSL_VERSION=1.1.1n
 
 # Check if first argument is compile mode
 compileModeArgument=$(echo "$1" | cut -c3-14)
@@ -111,10 +112,10 @@ case $compileMode in
     apt-get install --assume-yes g++-arm-linux-gnueabihf
     apt-get install --assume-yes gcc-arm-linux-gnueabihf
     apt-get install --assume-yes gdb-multiarch
-    wget https://www.openssl.org/source/openssl-1.1.1.tar.gz
-    tar -xvzf openssl-1.1.1.tar.gz
+    wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz
+    tar -xvzf openssl-${OPENSSL_VERSION}.tar.gz
     export INSTALL_DIR=/usr/lib/arm-linux-gnueabihf
-    cd openssl-1.1.1
+    cd openssl-${OPENSSL_VERSION}
     ./Configure linux-generic32 shared \
       --prefix=$INSTALL_DIR --openssldir=$INSTALL_DIR/openssl \
       --cross-compile-prefix=/usr/bin/arm-linux-gnueabihf-
@@ -149,10 +150,10 @@ case $compileMode in
     apt-get install --assume-yes g++-mips-linux-gnu
     apt-get install --assume-yes gcc-mips-linux-gnu
     apt-get install --assume-yes gdb-multiarch
-    wget https://www.openssl.org/source/openssl-1.1.1.tar.gz
-    tar -xvzf openssl-1.1.1.tar.gz
+    wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz
+    tar -xvzf openssl-${OPENSSL_VERSION}.tar.gz
     export INSTALL_DIR=/usr/lib/mips-linux-gnu
-    cd openssl-1.1.1
+    cd openssl-${OPENSSL_VERSION}
     ./Configure linux-mips32 shared \
       --prefix=$INSTALL_DIR --openssldir=$INSTALL_DIR/openssl \
       --cross-compile-prefix=/usr/bin/mips-linux-gnu-
@@ -182,10 +183,10 @@ case $compileMode in
     apt-get install --assume-yes g++-aarch64-linux-gnu
     apt-get install --assume-yes gcc-aarch64-linux-gnu
     apt-get install --assume-yes gdb-multiarch
-    wget https://www.openssl.org/source/openssl-1.1.1.tar.gz
-    tar -xvzf openssl-1.1.1.tar.gz
+    wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz
+    tar -xvzf openssl-${OPENSSL_VERSION}.tar.gz
     export INSTALL_DIR=/usr/lib/aarch64-linux-gnu
-    cd openssl-1.1.1
+    cd openssl-${OPENSSL_VERSION}
     ./Configure linux-aarch64 shared \
       --prefix=$INSTALL_DIR --openssldir=$INSTALL_DIR/openssl \
       --cross-compile-prefix=/usr/bin/aarch64-linux-gnu-

.github/docker-images/amazonlinux/Dockerfile

@@ -1,5 +1,7 @@
 FROM amazonlinux:latest
 
+ARG OPENSSL_VERSION=1.1.1n
+
 ###############################################################################
 # Install prereqs
 ###############################################################################
@@ -31,9 +33,9 @@ RUN curl -sSL https://github.com/Kitware/CMake/releases/download/v3.10.0/cmake-3
 # Install OpenSSL 1.1.1
 ###############################################################################
 WORKDIR /tmp
-RUN wget https://www.openssl.org/source/openssl-1.1.1i.tar.gz \
-    && tar -zxvf openssl-1.1.1i.tar.gz \
-    && cd openssl-1.1.1i \
+RUN wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \
+    && tar -zxvf openssl-${OPENSSL_VERSION}.tar.gz \
+    && cd openssl-${OPENSSL_VERSION} \
     && ./config \
     && make \
     && sudo make install
@@ -60,7 +62,7 @@ RUN mkdir sdk-cpp-workspace \
     && cd sdk-cpp-workspace \
     && git clone https://github.com/aws/aws-iot-device-sdk-cpp-v2.git \
     && cd aws-iot-device-sdk-cpp-v2 \
-    && git checkout 15bb0b2123b0ab0a85e866c6e8d5b2713a923370 \
+    && git checkout 3223ce81919bff882014bcc57fd5348f758397bc \
     && git submodule update --init --recursive \
     && cd .. \
     && mkdir aws-iot-device-sdk-cpp-v2-build \

.github/docker-images/ubi8/Dockerfile

@@ -1,5 +1,7 @@
 FROM registry.redhat.io/ubi8/ubi
 
+ARG OPENSSL_VERSION=1.1.1n
+
 ###############################################################################
 # Install prereqs
 ###############################################################################
@@ -32,9 +34,9 @@ RUN curl -sSL https://github.com/Kitware/CMake/releases/download/v3.10.0/cmake-3
 # Install OpenSSL 1.1.1
 ###############################################################################
 WORKDIR /tmp
-RUN wget https://www.openssl.org/source/openssl-1.1.1i.tar.gz \
-    && tar -zxvf openssl-1.1.1i.tar.gz \
-    && cd openssl-1.1.1i \
+RUN wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \
+    && tar -zxvf openssl-${OPENSSL_VERSION}.tar.gz \
+    && cd openssl-${OPENSSL_VERSION} \
     && ./config \
     && make \
     && sudo make install
@@ -61,7 +63,7 @@ RUN mkdir sdk-cpp-workspace \
     && cd sdk-cpp-workspace \
     && git clone https://github.com/aws/aws-iot-device-sdk-cpp-v2.git \
     && cd aws-iot-device-sdk-cpp-v2 \
-    && git checkout 15bb0b2123b0ab0a85e866c6e8d5b2713a923370 \
+    && git checkout 3223ce81919bff882014bcc57fd5348f758397bc \
     && git submodule update --init --recursive \
     && cd .. \
     && mkdir aws-iot-device-sdk-cpp-v2-build \

.github/docker-images/ubuntu-16-x64/Dockerfile

@@ -2,6 +2,8 @@ FROM ubuntu:16.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
+ARG OPENSSL_VERSION=1.1.1n
+
 ###############################################################################
 # Install prereqs
 ###############################################################################
@@ -17,9 +19,9 @@ RUN apt-get update -qq \
 # Install OpenSSL 1.1.1
 ###############################################################################
 WORKDIR /tmp
-RUN wget https://www.openssl.org/source/openssl-1.1.1.tar.gz \
-    && tar -zxvf openssl-1.1.1.tar.gz \
-    && cd openssl-1.1.1 \
+RUN wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz \
+    && tar -zxvf openssl-${OPENSSL_VERSION}.tar.gz \
+    && cd openssl-${OPENSSL_VERSION} \
     && ./config \
     && make \
     && make install \
@@ -57,7 +59,7 @@ RUN mkdir sdk-cpp-workspace \
     && cd sdk-cpp-workspace \
     && git clone https://github.com/aws/aws-iot-device-sdk-cpp-v2.git \
     && cd aws-iot-device-sdk-cpp-v2 \
-    && git checkout 15bb0b2123b0ab0a85e866c6e8d5b2713a923370 \
+    && git checkout 3223ce81919bff882014bcc57fd5348f758397bc \
     && git submodule update --init --recursive \
     && cd .. \
     && mkdir aws-iot-device-sdk-cpp-v2-build \

.version

@@ -1 +1 @@
-v1.5.0-e9691f7*v1.5*1*5*0*0*e9691f7
+v1.5.14-a1659ad*v1.5*1*5*14*14*a1659ad

CMakeLists.txt.awssdk

@@ -5,7 +5,7 @@ project(aws-iot-device-sdk-cpp-v2-download NONE)
 include(ExternalProject)
 ExternalProject_Add(aws-iot-device-sdk-cpp-v2
         GIT_REPOSITORY          https://github.com/aws/aws-iot-device-sdk-cpp-v2.git
-        GIT_TAG                 15bb0b2123b0ab0a85e866c6e8d5b2713a923370
+        GIT_TAG                 3223ce81919bff882014bcc57fd5348f758397bc
         SOURCE_DIR              "${CMAKE_BINARY_DIR}/aws-iot-device-sdk-cpp-v2-src"
         BINARY_DIR              "${CMAKE_BINARY_DIR}/aws-iot-device-sdk-cpp-v2-build"
         CONFIGURE_COMMAND       ""

cmake-toolchain/README.md

@@ -23,10 +23,10 @@ cmake ../ -DCMAKE_TOOLCHAIN_FILE=<Path/To/Build/Toolchain/File>
 ```
 The last dependency you'll need cross compiled is **openssl**.  This one is slightly more complicated but can be done as follows:  *(This example is from our build process, replace the information in carets.  While we happen to be linking against OpenSSL 1.1.1 in this example since our target device uses OpenSSL 1.1.1 for its TLS implementation, you'll want to replace this with whatever TLS implementation is present on your target device.)*
 ```
-wget https://www.openssl.org/source/openssl-1.1.1.tar.gz
-tar -xvzf openssl-1.1.1.tar.gz
+wget https://www.openssl.org/source/openssl-1.1.1n.tar.gz
+tar -xvzf openssl-1.1.1n.tar.gz
 export INSTALL_DIR=</Path/To/Install/Dir>
-cd openssl-1.1.1
+cd openssl-1.1.1n
 ./Configure <Platform> shared \
     --prefix=$INSTALL_DIR --openssldir=$INSTALL_DIR/openssl \
     --cross-compile-prefix=</Compiler/Prefix/Path>