Explicitly call BORINGSSL_self_test() in boringssl_self_test.

Maintains pre-Android 13 behaviour by ensuring any crypto
module failures are detected at boot time.

For the libcrypto in /system this may not be needed and
we can change the behaviour later.

For libcrypto in the Conscrypt APEX, this is needed to maintain
current behaviour on older releases.

Bug: 231946889
Test: Flash and boot.
Change-Id: I7dee7f0bf953ea2c5026881d5acc13698de0626d
(cherry picked from commit c90762593f6490df8f6b13020d91e3466892b106)
Merged-In: I7dee7f0bf953ea2c5026881d5acc13698de0626d

1 files changed, 9 insertions, 5 deletions

diff --git a/selftest/boringssl_self_test.cpp b/selftest/boringssl_self_test.cpp
index 3d2d5209..4776fa1d 100644
--- a/selftest/boringssl_self_test.cpp
+++ b/selftest/boringssl_self_test.cpp
@@ -16,12 +16,16 @@
 
 #include <openssl/crypto.h>
 
+// This program is run early during boot and if it exits with a
+// failure status then the device will reboot to the bootloader.
+// See init.rc for details.
+// It may also exit before reaching main() if BoringSSL fast tests fail.
 int main(int, char**) {
-    // If we get here, then libcrypto is either in FIPS mode (in which case
-    // it doesn't run the self test), or the self test has passed. If the
-    // self test ran and failed, then libcrypto will already have abort()ed.
     if (!FIPS_mode()) {
-        return 1;  // failure
+        return 1;  // Fail: BoringSSL not built in FIPS mode.
     }
-    return 0;  // success
+    if (!BORINGSSL_self_test()) {
+        return 1;  // Fail: One or more self tests failed.
+    }
+    return 0;      // Success
 }