Clear ssl errors after loading everyting
This prevents a FIPS failure message if no FIPS module is loaded.
Plus add -v as short form for --verbose in sbverify
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
diff --git a/src/sbattach.c b/src/sbattach.c
index a363d83..012a422 100644
--- a/src/sbattach.c
+++ b/src/sbattach.c
@@ -218,6 +218,11 @@
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
+ /* here we may get highly unlikely failures or we'll get a
+ * complaint about FIPS signatures (usually becuase the FIPS
+ * module isn't present). In either case ignore the errors
+ * (malloc will cause other failures out lower down */
+ ERR_clear_error();
image = image_load(image_filename);
if (!image) {
diff --git a/src/sbkeysync.c b/src/sbkeysync.c
index a63d3b8..46235d2 100644
--- a/src/sbkeysync.c
+++ b/src/sbkeysync.c
@@ -932,6 +932,11 @@
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
+ /* here we may get highly unlikely failures or we'll get a
+ * complaint about FIPS signatures (usually becuase the FIPS
+ * module isn't present). In either case ignore the errors
+ * (malloc will cause other failures out lower down */
+ ERR_clear_error();
ctx->filesystem_keys = init_keyset(ctx);
ctx->firmware_keys = init_keyset(ctx);
diff --git a/src/sbsign.c b/src/sbsign.c
index dcf6eed..58c6894 100644
--- a/src/sbsign.c
+++ b/src/sbsign.c
@@ -183,7 +183,11 @@
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
-
+ /* here we may get highly unlikely failures or we'll get a
+ * complaint about FIPS signatures (usually becuase the FIPS
+ * module isn't present). In either case ignore the errors
+ * (malloc will cause other failures out lower down */
+ ERR_clear_error();
EVP_PKEY *pkey = fileio_read_pkey(keyfilename);
if (!pkey)
return EXIT_FAILURE;
diff --git a/src/sbvarsign.c b/src/sbvarsign.c
index d0cf2ed..fbfe81a 100644
--- a/src/sbvarsign.c
+++ b/src/sbvarsign.c
@@ -506,6 +506,11 @@
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
ERR_load_crypto_strings();
+ /* here we may get highly unlikely failures or we'll get a
+ * complaint about FIPS signatures (usually becuase the FIPS
+ * module isn't present). In either case ignore the errors
+ * (malloc will cause other failures out lower down */
+ ERR_clear_error();
/* set up the variable signing context */
varname = argv[optind];
diff --git a/src/sbverify.c b/src/sbverify.c
index fb03d21..2e3a75b 100644
--- a/src/sbverify.c
+++ b/src/sbverify.c
@@ -233,10 +233,15 @@
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
+ /* here we may get highly unlikely failures or we'll get a
+ * complaint about FIPS signatures (usually becuase the FIPS
+ * module isn't present). In either case ignore the errors
+ * (malloc will cause other failures out lower down */
+ ERR_clear_error();
for (;;) {
int idx;
- c = getopt_long(argc, argv, "c:d:nVh", options, &idx);
+ c = getopt_long(argc, argv, "c:d:nvVh", options, &idx);
if (c == -1)
break;
