chore: add Awslc fips next to CI (#5349)

dougch · web-flow · commit ff60fc737386 · 2025-07-29T17:17:19.000Z
diff --git a/codebuild/bin/s2n_setup_env.sh b/codebuild/bin/s2n_setup_env.sh
@@ -48,6 +48,7 @@ source codebuild/bin/s2n_set_build_preset.sh
 : "${AWSLC_INSTALL_DIR:=$TEST_DEPS_DIR/awslc}"
 : "${AWSLC_FIPS_2022_INSTALL_DIR:=$TEST_DEPS_DIR/awslc-fips-2022}"
 : "${AWSLC_FIPS_2024_INSTALL_DIR:=$TEST_DEPS_DIR/awslc-fips-2024}"
+: "${AWSLC_FIPS_NEXT_INSTALL_DIR:=$TEST_DEPS_DIR/awslc-fips-next}"
 : "${LIBRESSL_INSTALL_DIR:=$TEST_DEPS_DIR/libressl}"
 : "${CPPCHECK_INSTALL_DIR:=$TEST_DEPS_DIR/cppcheck}"
 : "${CTVERIF_INSTALL_DIR:=$TEST_DEPS_DIR/ctverif}"
@@ -139,6 +140,8 @@ if [[ "$S2N_LIBCRYPTO" == "boringssl" ]]; then export LIBCRYPTO_ROOT=$BORINGSSL_
 if [[ "$S2N_LIBCRYPTO" == "awslc" ]]; then export LIBCRYPTO_ROOT=$AWSLC_INSTALL_DIR ; fi
 if [[ "$S2N_LIBCRYPTO" == "awslc-fips" ]]; then export LIBCRYPTO_ROOT=$AWSLC_FIPS_INSTALL_DIR ; fi
 if [[ "$S2N_LIBCRYPTO" == "awslc-fips-2022" ]]; then export LIBCRYPTO_ROOT=$AWSLC_FIPS_2022_INSTALL_DIR ; fi
+if [[ "$S2N_LIBCRYPTO" == "awslc-fips-2024" ]]; then export LIBCRYPTO_ROOT=$AWSLC_FIPS_2024_INSTALL_DIR ; fi
+if [[ "$S2N_LIBCRYPTO" == "awslc-fips-next" ]]; then export LIBCRYPTO_ROOT=$AWSLC_FIPS_NEXT_INSTALL_DIR ; fi
 if [[ "$S2N_LIBCRYPTO" == "libressl" ]]; then export LIBCRYPTO_ROOT=$LIBRESSL_INSTALL_DIR ; fi
 
 if [[ -n "${LIBCRYPTO_ROOT:-}" ]]; then
@@ -151,6 +154,8 @@ fi
 export LIBFUZZER_ROOT=$LIBFUZZER_INSTALL_DIR
 
 #check if the path contains test dep X, if not and X exists, add to path
+# The AWSLC binary(bssl) is only used for the PQ test, with the integration BoringSSL provider, and does not need to match the libcrypto used to build s2n.
+# The OpenSSL 1.1.1 binary is used by the integ tests, and does not need to match the libcrypto used to build s2n.
 path_overrides="$AWSLC_INSTALL_DIR/bin
 $PYTHON_INSTALL_DIR/bin
 $OPENSSL_1_1_1_INSTALL_DIR/bin
diff --git a/codebuild/spec/buildspec_sanitizer.yml b/codebuild/spec/buildspec_sanitizer.yml
@@ -75,6 +75,18 @@ batch:
         variables:
           S2N_LIBCRYPTO: awslc
           COMPILER: gcc
+    - identifier: gcc_awslc_fips_2024
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          S2N_LIBCRYPTO: awslc-fips-2024
+          COMPILER: gcc
+    - identifier: gcc_awslc_fips_next
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          S2N_LIBCRYPTO: awslc-fips-next
+          COMPILER: gcc
     - identifier: gcc_openssl_3_0
       env:
         compute-type: BUILD_GENERAL1_LARGE
diff --git a/tests/unit/s2n_build_test.c b/tests/unit/s2n_build_test.c
@@ -79,6 +79,7 @@ S2N_RESULT s2n_check_supported_libcrypto(const char *s2n_libcrypto)
         { .libcrypto = "awslc-fips", .is_openssl = false },
         { .libcrypto = "awslc-fips-2022", .is_openssl = false },
         { .libcrypto = "awslc-fips-2024", .is_openssl = false },
+        { .libcrypto = "awslc-fips-next", .is_openssl = false },
         { .libcrypto = "boringssl", .is_openssl = false },
         { .libcrypto = "libressl", .is_openssl = false },
         { .libcrypto = "openssl-1.0.2", .is_openssl = true },
