mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-31 06:25:31 +00:00
Move the dst__openssl_toresult to isc_tls unit
Since the enable_fips_mode() now resides inside the isc_tls unit, BIND 9 would fail to compile when FIPS mode was enabled as the DST subsystem logging functions were missing. Move the crypto library logging functions from the openssl_link unit to isc_tls unit and enhance it, so it can now be used from both places keeping the old dst__openssl_toresult* macros alive.
This commit is contained in:
Ondřej Surý
@@ -54,90 +54,6 @@
|
||||
goto err; \
|
||||
}
|
||||
|
||||
static isc_result_t
|
||||
toresult(isc_result_t fallback) {
|
||||
isc_result_t result = fallback;
|
||||
unsigned long err = ERR_peek_error();
|
||||
#if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
|
||||
int lib = ERR_GET_LIB(err);
|
||||
#endif /* if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) */
|
||||
int reason = ERR_GET_REASON(err);
|
||||
|
||||
switch (reason) {
|
||||
/*
|
||||
* ERR_* errors are globally unique; others
|
||||
* are unique per sublibrary
|
||||
*/
|
||||
case ERR_R_MALLOC_FAILURE:
|
||||
result = ISC_R_NOMEMORY;
|
||||
break;
|
||||
default:
|
||||
#if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
|
||||
if (lib == ERR_R_ECDSA_LIB &&
|
||||
reason == ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
|
||||
{
|
||||
result = ISC_R_NOENTROPY;
|
||||
break;
|
||||
}
|
||||
#endif /* if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) */
|
||||
break;
|
||||
}
|
||||
|
||||
return (result);
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
dst__openssl_toresult(isc_result_t fallback) {
|
||||
isc_result_t result;
|
||||
|
||||
result = toresult(fallback);
|
||||
|
||||
ERR_clear_error();
|
||||
return (result);
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
dst___openssl_toresult2(const char *funcname, isc_result_t fallback,
|
||||
const char *file, int line) {
|
||||
return (dst___openssl_toresult3(DNS_LOGCATEGORY_GENERAL, funcname,
|
||||
fallback, file, line));
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
dst___openssl_toresult3(isc_logcategory_t *category, const char *funcname,
|
||||
isc_result_t fallback, const char *file, int line) {
|
||||
isc_result_t result;
|
||||
unsigned long err;
|
||||
const char *func, *data;
|
||||
int flags;
|
||||
char buf[256];
|
||||
|
||||
result = toresult(fallback);
|
||||
|
||||
isc_log_write(dns_lctx, category, DNS_LOGMODULE_CRYPTO, ISC_LOG_WARNING,
|
||||
"%s (%s:%d) failed (%s)", funcname, file, line,
|
||||
isc_result_totext(result));
|
||||
|
||||
if (result == ISC_R_NOMEMORY) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
for (;;) {
|
||||
err = ERR_get_error_all(&file, &line, &func, &data, &flags);
|
||||
if (err == 0U) {
|
||||
goto done;
|
||||
}
|
||||
ERR_error_string_n(err, buf, sizeof(buf));
|
||||
isc_log_write(dns_lctx, category, DNS_LOGMODULE_CRYPTO,
|
||||
ISC_LOG_INFO, "%s:%s:%d:%s", buf, file, line,
|
||||
((flags & ERR_TXT_STRING) != 0) ? data : "");
|
||||
}
|
||||
|
||||
done:
|
||||
ERR_clear_error();
|
||||
return (result);
|
||||
}
|
||||
|
||||
static isc_result_t
|
||||
dst__openssl_fromlabel_provider(int key_base_id, const char *label,
|
||||
const char *pin, EVP_PKEY **ppub,
|
||||
|
||||
Reference in New Issue
Block a user