From 97692467a1e9f04bf866c8fb5290add7db554dba Mon Sep 17 00:00:00 2001
From: Tianjie Xu <xunchang@google.com>
Date: Sat, 5 Oct 2019 16:59:15 -0700
Subject: Run BORINGSSL_self_test() in updater_main

We need to run the these tests when starting updater to verify the
statically linked libcrypto. The test function is based on the known
answer tests, and it doesn't compute the hash of the libcrypto library.

Bug: 141003171
Test: unit tests pass, run a updater on cuttlefish
Change-Id: I897918a54bca76ea0c928102e7287df27505e1cc
---
 updater/updater_main.cpp | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/updater/updater_main.cpp b/updater/updater_main.cpp
index 055a8ac76..33d5b5b47 100644
--- a/updater/updater_main.cpp
+++ b/updater/updater_main.cpp
@@ -22,6 +22,7 @@
 
 #include <android-base/logging.h>
 #include <android-base/parseint.h>
+#include <openssl/crypto.h>
 #include <selinux/android.h>
 #include <selinux/label.h>
 #include <selinux/selinux.h>
@@ -56,22 +57,28 @@ int main(int argc, char** argv) {
   // (which is redirected to recovery.log).
   android::base::InitLogging(argv, &UpdaterLogger);
 
+  // Run the libcrypto KAT(known answer tests) based self tests.
+  if (BORINGSSL_self_test() != 1) {
+    LOG(ERROR) << "Failed to run the boringssl self tests";
+    return EXIT_FAILURE;
+  }
+
   if (argc != 4 && argc != 5) {
     LOG(ERROR) << "unexpected number of arguments: " << argc;
-    return 1;
+    return EXIT_FAILURE;
   }
 
   char* version = argv[1];
   if ((version[0] != '1' && version[0] != '2' && version[0] != '3') || version[1] != '\0') {
     // We support version 1, 2, or 3.
     LOG(ERROR) << "wrong updater binary API; expected 1, 2, or 3; got " << argv[1];
-    return 1;
+    return EXIT_FAILURE;
   }
 
   int fd;
   if (!android::base::ParseInt(argv[2], &fd)) {
     LOG(ERROR) << "Failed to parse fd in " << argv[2];
-    return 1;
+    return EXIT_FAILURE;
   }
 
   std::string package_name = argv[3];
@@ -82,7 +89,7 @@ int main(int argc, char** argv) {
       is_retry = true;
     } else {
       LOG(ERROR) << "unexpected argument: " << argv[4];
-      return 1;
+      return EXIT_FAILURE;
     }
   }
 
@@ -98,12 +105,12 @@ int main(int argc, char** argv) {
 
   Updater updater(std::make_unique<UpdaterRuntime>(sehandle));
   if (!updater.Init(fd, package_name, is_retry)) {
-    return 1;
+    return EXIT_FAILURE;
   }
 
   if (!updater.RunUpdate()) {
-    return 1;
+    return EXIT_FAILURE;
   }
 
-  return 0;
+  return EXIT_SUCCESS;
 }
\ No newline at end of file
-- 
cgit v1.2.3