Run BORINGSSL_self_test() in updater_main
We need to run the these tests when starting updater to verify the
statically linked libcrypto. The test function is based on the known
answer tests, and it doesn't compute the hash of the libcrypto library.
Bug: 141003171
Test: unit tests pass, run a updater on cuttlefish
Change-Id: I897918a54bca76ea0c928102e7287df27505e1cc
diff --git a/updater/updater_main.cpp b/updater/updater_main.cpp
index 055a8ac..33d5b5b 100644
--- a/updater/updater_main.cpp
+++ b/updater/updater_main.cpp
@@ -22,6 +22,7 @@
#include <android-base/logging.h>
#include <android-base/parseint.h>
+#include <openssl/crypto.h>
#include <selinux/android.h>
#include <selinux/label.h>
#include <selinux/selinux.h>
@@ -56,22 +57,28 @@
// (which is redirected to recovery.log).
android::base::InitLogging(argv, &UpdaterLogger);
+ // Run the libcrypto KAT(known answer tests) based self tests.
+ if (BORINGSSL_self_test() != 1) {
+ LOG(ERROR) << "Failed to run the boringssl self tests";
+ return EXIT_FAILURE;
+ }
+
if (argc != 4 && argc != 5) {
LOG(ERROR) << "unexpected number of arguments: " << argc;
- return 1;
+ return EXIT_FAILURE;
}
char* version = argv[1];
if ((version[0] != '1' && version[0] != '2' && version[0] != '3') || version[1] != '\0') {
// We support version 1, 2, or 3.
LOG(ERROR) << "wrong updater binary API; expected 1, 2, or 3; got " << argv[1];
- return 1;
+ return EXIT_FAILURE;
}
int fd;
if (!android::base::ParseInt(argv[2], &fd)) {
LOG(ERROR) << "Failed to parse fd in " << argv[2];
- return 1;
+ return EXIT_FAILURE;
}
std::string package_name = argv[3];
@@ -82,7 +89,7 @@
is_retry = true;
} else {
LOG(ERROR) << "unexpected argument: " << argv[4];
- return 1;
+ return EXIT_FAILURE;
}
}
@@ -98,12 +105,12 @@
Updater updater(std::make_unique<UpdaterRuntime>(sehandle));
if (!updater.Init(fd, package_name, is_retry)) {
- return 1;
+ return EXIT_FAILURE;
}
if (!updater.RunUpdate()) {
- return 1;
+ return EXIT_FAILURE;
}
- return 0;
+ return EXIT_SUCCESS;
}
\ No newline at end of file