Add Openssl-3.0-fips to the CI #5036
Description
Security issue notifications
If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.
Problem:
In order to support Openssl-3.0-fips, we need to be able to test with it in the CI.
Solution:
- Add openssl-3.0-fips to the codebuild images
- Add openssl-3.0-fips to nix: in progress
- Add openssl-3.0-fips to s2n_codebuild.sh and friends: in progress,
- Add openssl-3.0-fips everywhere openssl-3.0 is:
- AddressSanitizer
- Valgrind
- S2nIntegrationV2SmallBatch
- s2nGeneralBatch
- s2nUnitNix (optional until migration)
- Integv2NixBatch (optional until migration)
- (optional) Add openssl-3.0-fips to s2nFuzzBatch
- Does this change what S2N sends over the wire? If yes, explain.
- Does this change any public APIs? If yes, explain.
- Which versions of TLS will this impact?
Requirements / Acceptance Criteria:
What must a solution address in order to solve the problem? How do we know the solution is complete?
- RFC links: Links to relevant RFC(s)
- Related Issues: Link any relevant issues
- Will the Usage Guide or other documentation need to be updated?
- Testing: How will this change be tested? Call out new integration tests, functional tests, or particularly interesting/important unit tests.
- Will this change trigger SAW changes? Changes to the state machine, the s2n_handshake_io code that controls state transitions, the DRBG, or the corking/uncorking logic could trigger SAW failures.
- Should this change be fuzz tested? Will it handle untrusted input? Create a separate issue to track the fuzzing work.
Out of scope:
Is there anything the solution will intentionally NOT address?