vbatts/sbsigntools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Clear ssl errors after loading everyting

Browse source 
This prevents a FIPS failure message if no FIPS module is loaded.

Plus add -v as short form for --verbose in sbverify

Signed-off-by: James Bottomley <JBottomley@Parallels.com>
This commit is contained in:
James Bottomley 2014-12-19 10:59:05 -08:00
parent 592ec2188f
commit 35e2e074e3
5 changed files with 26 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/sbattach.c
View file

@ -218,6 +218,11 @@ int main(int argc, char **argv)
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
/* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
image = image_load(image_filename); image = image_load(image_filename);
if (!image) { if (!image) {

5
src/sbkeysync.c
View file

@ -932,6 +932,11 @@ int main(int argc, char **argv)
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers(); OpenSSL_add_all_ciphers();
/* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
ctx->filesystem_keys = init_keyset(ctx); ctx->filesystem_keys = init_keyset(ctx);
ctx->firmware_keys = init_keyset(ctx); ctx->firmware_keys = init_keyset(ctx);

6
src/sbsign.c
View file

@ -183,7 +183,11 @@ int main(int argc, char **argv)
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers(); OpenSSL_add_all_ciphers();
/* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
EVP_PKEY *pkey = fileio_read_pkey(keyfilename); EVP_PKEY *pkey = fileio_read_pkey(keyfilename);
if (!pkey) if (!pkey)
return EXIT_FAILURE; return EXIT_FAILURE;

5
src/sbvarsign.c
View file

@ -506,6 +506,11 @@ int main(int argc, char **argv)
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers(); OpenSSL_add_all_ciphers();
ERR_load_crypto_strings(); ERR_load_crypto_strings();
/* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
/* set up the variable signing context */ /* set up the variable signing context */
varname = argv[optind]; varname = argv[optind];

7
src/sbverify.c
View file

@ -233,10 +233,15 @@ int main(int argc, char **argv)
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
ERR_load_crypto_strings(); ERR_load_crypto_strings();
/* here we may get highly unlikely failures or we'll get a
* complaint about FIPS signatures (usually becuase the FIPS
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
for (;;) { for (;;) {
int idx; int idx;
c = getopt_long(argc, argv, "c:d:nVh", options, &idx); c = getopt_long(argc, argv, "c:d:nvVh", options, &idx);
if (c == -1) if (c == -1)
break; break;