Fix PQ Integration tests (#2392)

alexw91 · web-flow · commit 4fc362fa285c · 2025-05-05T14:16:12.000-07:00
The BoringSSL command moved from
`${SCRATCH_FOLDER}/boring-ssl-build/tool/bssl` to
`${SCRATCH_FOLDER}/boring-ssl-build/bssl`.

This PR updates the PQ integration tests to validate that required
binaries are present before attempting to use them.
diff --git a/tests/ci/integration/run_pq_tls_integration.sh b/tests/ci/integration/run_pq_tls_integration.sh
@@ -9,16 +9,20 @@ SCRATCH_FOLDER=${SYS_ROOT}/"pq-tls-scratch"
 
 AWS_LC_BUILD_FOLDER="${SCRATCH_FOLDER}/aws-lc-build"
 AWS_LC_INSTALL_FOLDER="${SCRATCH_FOLDER}/aws-lc-install"
+AWS_LC_CMD="${AWS_LC_BUILD_FOLDER}/tool/bssl"
 
 S2N_URL='https://github.com/aws/s2n-tls.git'
 S2N_BRANCH='main'
 S2N_TLS_SRC_FOLDER="${SCRATCH_FOLDER}/s2n-tls"
 S2N_TLS_BUILD_FOLDER="${SCRATCH_FOLDER}/s2n-tls-build"
+S2NC_CMD=${S2N_TLS_BUILD_FOLDER}/bin/s2nc
+S2ND_CMD=${S2N_TLS_BUILD_FOLDER}/bin/s2nd
 
 BSSL_URL='https://github.com/google/boringssl.git'
 BSSL_BRANCH='main'
 BSSL_SRC_FOLDER="${SCRATCH_FOLDER}/boring-ssl"
 BSSL_BUILD_FOLDER="${SCRATCH_FOLDER}/boring-ssl-build"
+BSSL_CMD="${SCRATCH_FOLDER}/boring-ssl-build/bssl"
 
 rm -rf "${SCRATCH_FOLDER:?}"
 mkdir -p "$SCRATCH_FOLDER"
@@ -27,6 +31,9 @@ echo "build and install aws-lc"
 # Using Debug build as it uses the '-g' compiler flag with gcc without any optimization
 aws_lc_build "$SRC_ROOT" "$AWS_LC_BUILD_FOLDER" "$AWS_LC_INSTALL_FOLDER" -DCMAKE_BUILD_TYPE=Debug -DBUILD_TESTING=OFF
 
+[[ -f ${AWS_LC_CMD} ]] || ( echo "Error building AWS-LC. ${AWS_LC_CMD} not found." && exit 1 )
+echo "AWS-LC build succeeded. Found ${AWS_LC_CMD}"
+
 echo "clone s2n-tls"
 git clone --depth 1 --branch "$S2N_BRANCH" "$S2N_URL" "$S2N_TLS_SRC_FOLDER"
 
@@ -38,14 +45,18 @@ cmake . "-B$S2N_TLS_BUILD_FOLDER" -GNinja \
 # Suppress stdout for build
 ninja -C "$S2N_TLS_BUILD_FOLDER" -j "$NUM_CPU_THREADS" > /dev/null
 
+[[ -f ${S2NC_CMD} ]] || ( echo "Error building s2nc. ${S2NC_CMD} not found." && exit 1 )
+[[ -f ${S2ND_CMD} ]] || ( echo "Error building s2nd. ${S2ND_CMD} not found." && exit 1 )
+echo "s2n build succeeded. Found: ${S2NC_CMD} ${S2ND_CMD}"
+
 for GROUP in X25519MLKEM768 SecP256r1MLKEM768; do
   echo "TLS Handshake: aws-lc server (bssl) with s2n-tls client (s2nc) for group $GROUP"
-  "$AWS_LC_BUILD_FOLDER"/tool/bssl s_server -curves $GROUP -accept 45000 -debug \
+  ${AWS_LC_CMD} s_server -curves $GROUP -accept 45000 -debug \
     &> "$AWS_LC_BUILD_FOLDER"/s_server_out &
   sleep 5 # to allow for the server to startup in the background thread
   S_PID=$!
   # Relying on s2nc behavior that it exits after the first handshake
-  "$S2N_TLS_BUILD_FOLDER"/bin/s2nc -c default_pq -i localhost 45000 &> "$S2N_TLS_BUILD_FOLDER"/s2nc_out
+  ${S2NC_CMD} -c default_pq -i localhost 45000 &> "$S2N_TLS_BUILD_FOLDER"/s2nc_out
   wait $S_PID || true
   cat "$AWS_LC_BUILD_FOLDER"/s_server_out
   cat "$S2N_TLS_BUILD_FOLDER"/s2nc_out
@@ -54,12 +65,12 @@ for GROUP in X25519MLKEM768 SecP256r1MLKEM768; do
   grep "KEM Group" "$S2N_TLS_BUILD_FOLDER"/s2nc_out | grep "$GROUP"
 
   echo "TLS Handshake: s2n-tls server (s2nd) with aws-lc client (bssl) for group $GROUP"
-  "$S2N_TLS_BUILD_FOLDER"/bin/s2nd -c default_pq -i localhost 45000 &> "$S2N_TLS_BUILD_FOLDER"/s2nd_out &
+  ${S2ND_CMD} -c default_pq -i localhost 45000 &> "$S2N_TLS_BUILD_FOLDER"/s2nd_out &
   sleep 5 # to allow for the server to startup in the background thread
   S_PID=$!
   # bssl s_client normally does not exit after a handshake, but when run as a background process
   # seems to exit by closing the connection after the first handshake. Relying on that behavior here.
-  "$AWS_LC_BUILD_FOLDER"/tool/bssl s_client -curves $GROUP -connect localhost:45000 -debug \
+  ${AWS_LC_CMD} s_client -curves $GROUP -connect localhost:45000 -debug \
     &> "$AWS_LC_BUILD_FOLDER"/s_client_out &
   wait $S_PID || true
   cat "$S2N_TLS_BUILD_FOLDER"/s2nd_out
@@ -82,14 +93,17 @@ cmake . "-B$BSSL_BUILD_FOLDER" -GNinja -DCMAKE_BUILD_TYPE=Debug
 # Suppress stdout for build
 ninja -C "$BSSL_BUILD_FOLDER" -j "$NUM_CPU_THREADS" >/dev/null
 
+[[ -f ${BSSL_CMD} ]] || ( echo "Error building BoringSSL. ${BSSL_CMD} not found." && exit 1 )
+echo "BoringSSL build succeeded. Found ${BSSL_CMD}"
+
 # BoringSSL supports only X25519MLKEM768 but not SecP256r1MLKEM768 for key exchange
 for GROUP in X25519MLKEM768; do
   echo "TLS Handshake: aws-lc server (bssl) with boring-ssl client (bssl) for group $GROUP"
-  "$AWS_LC_BUILD_FOLDER"/tool/bssl s_server -curves $GROUP -accept 45000 -debug \
+  ${AWS_LC_CMD} s_server -curves $GROUP -accept 45000 -debug \
     &> "$AWS_LC_BUILD_FOLDER"/s_server_out &
   sleep 5 # to allow for the server to startup in the background thread
   S_PID=$!
-  "$BSSL_BUILD_FOLDER"/tool/bssl s_client -curves $GROUP -connect localhost:45000 -debug \
+  ${BSSL_CMD} s_client -curves $GROUP -connect localhost:45000 -debug \
     &> "$BSSL_BUILD_FOLDER"/s_client_out &
   wait $S_PID || true
   cat "$AWS_LC_BUILD_FOLDER"/s_server_out
@@ -101,11 +115,11 @@ for GROUP in X25519MLKEM768; do
   grep "subject" "$BSSL_BUILD_FOLDER"/s_client_out | grep "BoringSSL"
 
   echo "TLS Handshake: boring-ssl server (bssl) with aws-lc client (bssl) for group $GROUP"
-  "$BSSL_BUILD_FOLDER"/tool/bssl s_server -curves $GROUP -accept 45000 -debug \
+  ${BSSL_CMD} s_server -curves $GROUP -accept 45000 -debug \
     &> "$BSSL_BUILD_FOLDER"/s_server_out &
   sleep 5 # to allow for the server to startup in the background thread
   S_PID=$!
-  "$AWS_LC_BUILD_FOLDER"/tool/bssl s_client -curves $GROUP -connect localhost:45000 -debug \
+  ${AWS_LC_CMD} s_client -curves $GROUP -connect localhost:45000 -debug \
     &> "$AWS_LC_BUILD_FOLDER"/s_client_out &
   wait $S_PID || true
   cat "$BSSL_BUILD_FOLDER"/s_server_out
