Benchmark BORINGSSL_self_test in FIPS mode.
Probably worth benchmarking this, given it slows down every process
startup.
Change-Id: I603c79a445203f87e26fa23d9afc4450688f2929
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45245
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/tool/speed.cc b/tool/speed.cc
index 8aa8f85..1b89b42 100644
--- a/tool/speed.cc
+++ b/tool/speed.cc
@@ -28,6 +28,7 @@
#include <openssl/aes.h>
#include <openssl/bn.h>
#include <openssl/curve25519.h>
+#include <openssl/crypto.h>
#include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/ec.h>
@@ -1221,6 +1222,24 @@
return true;
}
+#if defined(BORINGSSL_FIPS)
+static bool SpeedSelfTest(const std::string &selected) {
+ if (!selected.empty() && selected.find("self-test") == std::string::npos) {
+ return true;
+ }
+
+ TimeResults results;
+ if (!TimeFunction(&results, []() -> bool { return BORINGSSL_self_test(); })) {
+ fprintf(stderr, "BORINGSSL_self_test faileid.\n");
+ ERR_print_errors_fp(stderr);
+ return false;
+ }
+
+ results.Print("self-test");
+ return true;
+}
+#endif
+
static const struct argument kArguments[] = {
{
"-filter",
@@ -1367,6 +1386,11 @@
TRUST_TOKEN_experiment_v2_pmb(), 10, selected)) {
return false;
}
+#if defined(BORINGSSL_FIPS)
+ if (!SpeedSelfTest(selected)) {
+ return false;
+ }
+#endif
if (g_print_json) {
puts("\n]");
}
