mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

chg: usr: Add new logging module for logging crypto errors in libisc

Browse Source 
Add a new 'crypto' log module that will be used for a low-level
cryptographic operations.  The DNS related cryptography logs
are still logged in the 'dns/crypto' module.

Merge branch 'ondrej/add-ISC_LOGMODULE_CRYPTO' into 'main'

See merge request isc-projects/bind9!9287
This commit is contained in:
Ondřej Surý
2024-11-26 10:23:11 +00:00
parent 76c9522599 a0a1769509
commit cf930c23d0
4 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/isc/crypto.c
View File

@@ -169,6 +169,8 @@ isc__crypto_initialize(void) {
/* Protect ourselves against unseeded PRNG */
if (RAND_status() != 1) {
isc_tlserr2result(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_CRYPTO,
"RAND_status", ISC_R_CRYPTOFAILURE);
FATAL_ERROR("OpenSSL pseudorandom number generator "
"cannot be initialized (see the `PRNG not "
"seeded' message in the OpenSSL FAQ)");
@@ -178,7 +180,7 @@ isc__crypto_initialize(void) {
if (!isc_fips_mode()) {
if (isc_fips_set_mode(1) != ISC_R_SUCCESS) {
isc_tlserr2result(ISC_LOGCATEGORY_GENERAL,
ISC_LOGMODULE_OTHER, "FIPS_mode_set",
ISC_LOGMODULE_CRYPTO, "FIPS_mode_set",
ISC_R_CRYPTOFAILURE);
exit(EXIT_FAILURE);
}

1
lib/isc/include/isc/log.h
View File

@@ -176,6 +176,7 @@ enum isc_logmodule {
ISC_LOGMODULE_FILE,
ISC_LOGMODULE_NETMGR,
ISC_LOGMODULE_OTHER,
ISC_LOGMODULE_CRYPTO,
/* dns modules */
DNS_LOGMODULE_DB,
DNS_LOGMODULE_RBTDB,

1
lib/isc/log.c
View File

@@ -221,6 +221,7 @@ static const char *modules_description[] = {
[ISC_LOGMODULE_FILE] = "file",
[ISC_LOGMODULE_NETMGR] = "netmgr",
[ISC_LOGMODULE_OTHER] = "other",
[ISC_LOGMODULE_CRYPTO] = "crypto",
/* dns modules */
[DNS_LOGMODULE_DB] = "dns/db",
[DNS_LOGMODULE_RBTDB] = "dns/rbtdb",

6
lib/isc/tls.c
View File

@@ -83,7 +83,7 @@ isc_tlsctx_attach(isc_tlsctx_t *src, isc_tlsctx_t **ptarget) {
*/
static void
sslkeylogfile_append(const SSL *ssl ISC_ATTR_UNUSED, const char *line) {
isc_log_write(ISC_LOGCATEGORY_SSLKEYLOG, ISC_LOGMODULE_NETMGR,
isc_log_write(ISC_LOGCATEGORY_SSLKEYLOG, ISC_LOGMODULE_CRYPTO,
ISC_LOG_INFO, "%s", line);
}
@@ -130,7 +130,7 @@ isc_tlsctx_createclient(isc_tlsctx_t **ctxp) {
ssl_error:
err = ERR_get_error();
ERR_error_string_n(err, errbuf, sizeof(errbuf));
isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_CRYPTO,
ISC_LOG_ERROR, "Error initializing TLS context: %s",
errbuf);
@@ -345,7 +345,7 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
ssl_error:
err = ERR_get_error();
ERR_error_string_n(err, errbuf, sizeof(errbuf));
isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_CRYPTO,
ISC_LOG_ERROR, "Error initializing TLS context: %s",
errbuf);