3354. [func] Improve OpenSSL error logging. [RT #29932]

lib/dns/opensslgost_link.c

@@ -121,10 +121,15 @@ opensslgost_verify(dst_context_t *dctx, const isc_region_t *sig) {
 	EVP_PKEY *pkey = key->keydata.pkey;
 
 	status = EVP_VerifyFinal(evp_md_ctx, sig->base, sig->length, pkey);
-	if (status != 1)
+	switch (status) {
+	case 1:
+		return (ISC_R_SUCCESS);
+	case 0:
 		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
-
-	return (ISC_R_SUCCESS);
+	default:
+		return (dst__openssl_toresult2("EVP_VerifyFinal",
+					       DST_R_VERIFYFAILURE));
+	}
 }
 
 static isc_boolean_t
@@ -168,22 +173,27 @@ opensslgost_generate(dst_key_t *key, int unused, void (*callback)(int)) {
 		void (*fptr)(int);
 	} u;
 	EVP_PKEY *pkey = NULL;
+	isc_result_t ret;
 
 	UNUSED(unused);
 	ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, NULL);
 	if (ctx == NULL)
-		goto err;
+		DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_new_id",
+					       DST_R_OPENSSLFAILURE));
 	if (callback != NULL) {
 		u.fptr = callback;
 		EVP_PKEY_CTX_set_app_data(ctx, u.dptr);
 		EVP_PKEY_CTX_set_cb(ctx, &progress_cb);
 	}
 	if (EVP_PKEY_keygen_init(ctx) <= 0)
-		goto err;
+		DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen_init",
+					       DST_R_OPENSSLFAILURE));
 	if (EVP_PKEY_CTX_ctrl_str(ctx, "paramset", "A") <= 0)
-		goto err;
+		DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_ctrl_str",
+					       DST_R_OPENSSLFAILURE));
 	if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
-		goto err;
+		DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen",
+					       DST_R_OPENSSLFAILURE));
 	key->keydata.pkey = pkey;
 	EVP_PKEY_CTX_free(ctx);
 	return (ISC_R_SUCCESS);
@@ -193,7 +203,7 @@ err:
 		EVP_PKEY_free(pkey);
 	if (ctx != NULL)
 		EVP_PKEY_CTX_free(ctx);
-	return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+	return (ret);
 }
 
 static isc_boolean_t
@@ -267,7 +277,8 @@ opensslgost_fromdns(dst_key_t *key, isc_buffer_t *data) {
 
 	p = der;
 	if (d2i_PUBKEY(&pkey, &p, (long) sizeof(der)) == NULL)
-		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+		return (dst__openssl_toresult2("d2i_PUBKEY",
+					       DST_R_OPENSSLFAILURE));
 	key->keydata.pkey = pkey;
 
 	return (ISC_R_SUCCESS);
@@ -293,7 +304,8 @@ opensslgost_tofile(const dst_key_t *key, const char *directory) {
 
 	p = der;
 	if (i2d_PrivateKey(pkey, &p) != len) {
-		result = dst__openssl_toresult(DST_R_OPENSSLFAILURE);
+		result = dst__openssl_toresult2("i2d_PrivateKey",
+						DST_R_OPENSSLFAILURE);
 		goto fail;
 	}
 
@@ -328,7 +340,8 @@ opensslgost_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
 	p = priv.elements[0].data;
 	if (d2i_PrivateKey(NID_id_GostR3410_2001, &pkey, &p,
 			   (long) priv.elements[0].length) == NULL)
-		DST_RET(DST_R_INVALIDPRIVATEKEY);
+		DST_RET(dst__openssl_toresult2("d2i_PrivateKey",
+					       DST_R_INVALIDPRIVATEKEY));
 	key->keydata.pkey = pkey;
 	key->key_size = EVP_PKEY_bits(pkey);
 	dst__privstruct_free(&priv, mctx);
@@ -378,35 +391,47 @@ static dst_func_t opensslgost_functions = {
 
 isc_result_t
 dst__opensslgost_init(dst_func_t **funcp) {
+	isc_result_t ret;
+
 	REQUIRE(funcp != NULL);
 
 	/* check if the gost engine works properly */
 	e = ENGINE_by_id("gost");
 	if (e == NULL)
-		return (DST_R_OPENSSLFAILURE);
+		return (dst__openssl_toresult2("ENGINE_by_id",
+					       DST_R_OPENSSLFAILURE));
 	if (ENGINE_init(e) <= 0) {
 		ENGINE_free(e);
 		e = NULL;
-		return (DST_R_OPENSSLFAILURE);
+		return (dst__openssl_toresult2("ENGINE_init",
+					       DST_R_OPENSSLFAILURE));
 	}
 	/* better than to rely on digest_gost symbol */
 	opensslgost_digest = ENGINE_get_digest(e, NID_id_GostR3411_94);
+	if (opensslgost_digest == NULL)
+		DST_RET(dst__openssl_toresult2("ENGINE_get_digest",
+					       DST_R_OPENSSLFAILURE));
 	/* from openssl.cnf */
-	if ((opensslgost_digest == NULL) ||
-	    (ENGINE_register_pkey_asn1_meths(e) <= 0) ||
-	    (ENGINE_ctrl_cmd_string(e,
-				    "CRYPT_PARAMS",
-				    "id-Gost28147-89-CryptoPro-A-ParamSet",
-				    0) <= 0)) {
-		ENGINE_finish(e);
-		ENGINE_free(e);
-		e = NULL;
-		return (DST_R_OPENSSLFAILURE);
-	}
+	if (ENGINE_register_pkey_asn1_meths(e) <= 0)
+		DST_RET(dst__openssl_toresult2(
+				"ENGINE_register_pkey_asn1_meths",
+				DST_R_OPENSSLFAILURE));
+	if (ENGINE_ctrl_cmd_string(e,
+				   "CRYPT_PARAMS",
+				   "id-Gost28147-89-CryptoPro-A-ParamSet",
+				   0) <= 0)
+		DST_RET(dst__openssl_toresult2("ENGINE_ctrl_cmd_string",
+					       DST_R_OPENSSLFAILURE));
 
 	if (*funcp == NULL)
 		*funcp = &opensslgost_functions;
 	return (ISC_R_SUCCESS);
+
+ err:
+	ENGINE_finish(e);
+	ENGINE_free(e);
+	e = NULL;
+	return (ret);
 }
 
 #else /* HAVE_OPENSSL_GOST */