Add new logging category for logging crypto errors in libisc

The libisc now includes sizeable chunks of cryptography, but the crypto log module was missing. Add the new ISC_LOGMODULE_CRYPTO to libisc and use it in the isc_tls error logging.
2025-09-03 16:15:27 +00:00 · 2024-08-08 11:26:27 +02:00
parent 76c9522599
commit a0a1769509
4 changed files with 8 additions and 4 deletions
--- a/lib/isc/crypto.c
+++ b/lib/isc/crypto.c
@@ -169,6 +169,8 @@ isc__crypto_initialize(void) {

 	/* Protect ourselves against unseeded PRNG */
 	if (RAND_status() != 1) {
+		isc_tlserr2result(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_CRYPTO,
+				  "RAND_status", ISC_R_CRYPTOFAILURE);
 		FATAL_ERROR("OpenSSL pseudorandom number generator "
 			    "cannot be initialized (see the `PRNG not "
 			    "seeded' message in the OpenSSL FAQ)");
@@ -178,7 +180,7 @@ isc__crypto_initialize(void) {
 	if (!isc_fips_mode()) {
 		if (isc_fips_set_mode(1) != ISC_R_SUCCESS) {
 			isc_tlserr2result(ISC_LOGCATEGORY_GENERAL,
-					  ISC_LOGMODULE_OTHER, "FIPS_mode_set",
+					  ISC_LOGMODULE_CRYPTO, "FIPS_mode_set",
 					  ISC_R_CRYPTOFAILURE);
 			exit(EXIT_FAILURE);
 		}
--- a/lib/isc/include/isc/log.h
+++ b/lib/isc/include/isc/log.h
@@ -176,6 +176,7 @@ enum isc_logmodule {
 	ISC_LOGMODULE_FILE,
 	ISC_LOGMODULE_NETMGR,
 	ISC_LOGMODULE_OTHER,
+	ISC_LOGMODULE_CRYPTO,
 	/* dns modules */
 	DNS_LOGMODULE_DB,
 	DNS_LOGMODULE_RBTDB,
--- a/lib/isc/log.c
+++ b/lib/isc/log.c
@@ -221,6 +221,7 @@ static const char *modules_description[] = {
 	[ISC_LOGMODULE_FILE] = "file",
 	[ISC_LOGMODULE_NETMGR] = "netmgr",
 	[ISC_LOGMODULE_OTHER] = "other",
+	[ISC_LOGMODULE_CRYPTO] = "crypto",
 	/* dns modules */
 	[DNS_LOGMODULE_DB] = "dns/db",
 	[DNS_LOGMODULE_RBTDB] = "dns/rbtdb",
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -83,7 +83,7 @@ isc_tlsctx_attach(isc_tlsctx_t *src, isc_tlsctx_t **ptarget) {
 */
 static void
 sslkeylogfile_append(const SSL *ssl ISC_ATTR_UNUSED, const char *line) {
-	isc_log_write(ISC_LOGCATEGORY_SSLKEYLOG, ISC_LOGMODULE_NETMGR,
+	isc_log_write(ISC_LOGCATEGORY_SSLKEYLOG, ISC_LOGMODULE_CRYPTO,
 		      ISC_LOG_INFO, "%s", line);
 }

@@ -130,7 +130,7 @@ isc_tlsctx_createclient(isc_tlsctx_t **ctxp) {
 ssl_error:
 	err = ERR_get_error();
 	ERR_error_string_n(err, errbuf, sizeof(errbuf));
-	isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
+	isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_CRYPTO,
 		      ISC_LOG_ERROR, "Error initializing TLS context: %s",
 		      errbuf);

@@ -345,7 +345,7 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
 ssl_error:
 	err = ERR_get_error();
 	ERR_error_string_n(err, errbuf, sizeof(errbuf));
-	isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
+	isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_CRYPTO,
 		      ISC_LOG_ERROR, "Error initializing TLS context: %s",
 		      errbuf);