3354. [func] Improve OpenSSL error logging. [RT #29932]

lib/dns/openssl_link.c

@@ -45,6 +45,8 @@
 #include <isc/thread.h>
 #include <isc/util.h>
 
+#include <dns/log.h>
+
 #include <dst/result.h>
 
 #include "dst_internal.h"
@@ -172,6 +174,8 @@ dst__openssl_init(const char *engine) {
 	CRYPTO_set_locking_callback(lock_callback);
 	CRYPTO_set_id_callback(id_callback);
 
+	ERR_load_crypto_strings();
+
 	rm = mem_alloc(sizeof(RAND_METHOD));
 	if (rm == NULL) {
 		result = ISC_R_NOMEMORY;
@@ -285,7 +289,7 @@ dst__openssl_destroy() {
 isc_result_t
 dst__openssl_toresult(isc_result_t fallback) {
 	isc_result_t result = fallback;
-	int err = ERR_get_error();
+	unsigned long err = ERR_get_error();
 
 	switch (ERR_GET_REASON(err)) {
 	case ERR_R_MALLOC_FAILURE:
@@ -298,6 +302,40 @@ dst__openssl_toresult(isc_result_t fallback) {
 	return (result);
 }
 
+isc_result_t
+dst__openssl_toresult2(const char *funcname, isc_result_t fallback) {
+	isc_result_t result = fallback;
+	unsigned long err = ERR_peek_error();
+	const char *file, *data;
+	int line, flags;
+	char buf[256];
+
+	switch (ERR_GET_REASON(err)) {
+	case ERR_R_MALLOC_FAILURE:
+		result = ISC_R_NOMEMORY;
+		goto done;
+	default:
+		break;
+	}
+	isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
+		      DNS_LOGMODULE_CRYPTO, ISC_LOG_WARNING,
+		      "%s failed", funcname);
+	for (;;) {
+		err = ERR_get_error_line_data(&file, &line, &data, &flags);
+		if (err == 0)
+			goto done;
+		ERR_error_string_n(err, buf, sizeof(buf));
+		isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
+			      DNS_LOGMODULE_CRYPTO, ISC_LOG_INFO,
+			      "%s:%s:%d:%s", buf, file, line,
+			      (flags & ERR_TXT_STRING) ? data : "");
+	}
+
+    done:
+	ERR_clear_error();
+	return (result);
+}
+
 #if defined(USE_ENGINE)
 ENGINE *
 dst__openssl_getengine(const char *engine) {