cert-to-efi-sig-list: clear FIPS errors on module load

Signed-off-by: James Bottomley <JBottomley@Parallels.com>
author: James Bottomley <JBottomley@Parallels.com> 2014-12-22 07:23:59 -0800
committer: James Bottomley <JBottomley@Parallels.com> 2014-12-22 07:32:47 -0800
commit: 28055f8ac7e73b649680b3e4b44422c6564afdfb (patch)
tree: fc6e7a1dd5e7180faa073f00d46aca26ff3e80a9
parent: 7c813413f514a26b1e0ffcd696d39e89e9c04391 (diff)
download: efitools-28055f8ac7e73b649680b3e4b44422c6564afdfb.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/cert-to-efi-sig-list.c b/cert-to-efi-sig-list.c
index 365c6fd..e0f294b 100644
--- a/cert-to-efi-sig-list.c
+++ b/cert-to-efi-sig-list.c
@@ -75,6 +75,11 @@ main(int argc, char *argv[])
         ERR_load_crypto_strings();
         OpenSSL_add_all_digests();
         OpenSSL_add_all_ciphers();
+	/* here we may get highly unlikely failures or we'll get a
+	 * complaint about FIPS signatures (usually becuase the FIPS
+	 * module isn't present).  In either case ignore the errors
+	 * (malloc will cause other failures out lower down */
+	ERR_clear_error();
 
         BIO *cert_bio = BIO_new_file(certfile, "r");
         X509 *cert = PEM_read_bio_X509(cert_bio, NULL, NULL, NULL);
author	James Bottomley <JBottomley@Parallels.com>	2014-12-22 07:23:59 -0800
committer	James Bottomley <JBottomley@Parallels.com>	2014-12-22 07:32:47 -0800
commit	28055f8ac7e73b649680b3e4b44422c6564afdfb (patch)
tree	fc6e7a1dd5e7180faa073f00d46aca26ff3e80a9
parent	7c813413f514a26b1e0ffcd696d39e89e9c04391 (diff)
download	efitools-28055f8ac7e73b649680b3e4b44422c6564afdfb.tar.gz