mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-03 08:05:21 +00:00
Code Issues Releases Wiki Activity

improve logging of ecdsa errors

Browse Source 
3384.	[bug]		Improved logging of crypto errors. [RT #30963]
This commit is contained in:
Evan Hunt
2012-09-28 13:46:47 -07:00
parent 6d69393ea4
commit d1ac7adb3e
2 changed files with 37 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,3 +1,5 @@
3384. [bug] Improved logging of crypto errors. [RT #30963]
3383. [security] A certain combination of records in the RBT could 3383. [security] A certain combination of records in the RBT could
cause named to hang while populating the additional cause named to hang while populating the additional
section of a response. [RT #31090] section of a response. [RT #31090]

47
lib/dns/openssl_link.c
View File

@@ -286,40 +286,63 @@ dst__openssl_destroy() {
} }
} }
isc_result_t static isc_result_t
dst__openssl_toresult(isc_result_t fallback) { toresult(isc_result_t fallback) {
isc_result_t result = fallback; isc_result_t result = fallback;
unsigned long err = ERR_get_error(); unsigned long err = ERR_get_error();
int lib = ERR_GET_LIB(err);
int reason = ERR_GET_REASON(err);
switch (ERR_GET_REASON(err)) { switch (reason) {
/*
* ERR_* errors are globally unique; others
* are unique per sublibrary
*/
case ERR_R_MALLOC_FAILURE: case ERR_R_MALLOC_FAILURE:
result = ISC_R_NOMEMORY; result = ISC_R_NOMEMORY;
break; break;
default: default:
#ifdef ERR_R_ECDSA_LIB
if (lib == ERR_R_ECDSA_LIB &&
reason == ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) {
result = ISC_R_NOENTROPY;
break;
}
#endif
break; break;
} }
return (result);
}
isc_result_t
dst__openssl_toresult(isc_result_t fallback) {
isc_result_t result;
result = toresult(fallback);
ERR_clear_error(); ERR_clear_error();
return (result); return (result);
} }
isc_result_t isc_result_t
dst__openssl_toresult2(const char *funcname, isc_result_t fallback) { dst__openssl_toresult2(const char *funcname, isc_result_t fallback) {
isc_result_t result = fallback; isc_result_t result;
unsigned long err = ERR_peek_error(); unsigned long err = ERR_peek_error();
const char *file, *data; const char *file, *data;
int line, flags; int line, flags;
char buf[256]; char buf[256];
switch (ERR_GET_REASON(err)) { result = toresult(fallback);
case ERR_R_MALLOC_FAILURE:
result = ISC_R_NOMEMORY;
goto done;
default:
break;
}
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_CRYPTO, ISC_LOG_WARNING, DNS_LOGMODULE_CRYPTO, ISC_LOG_WARNING,
"%s failed", funcname); "%s failed (%s)", funcname,
isc_result_totext(result));
if (result == ISC_R_NOMEMORY)
goto done;
for (;;) { for (;;) {
err = ERR_get_error_line_data(&file, &line, &data, &flags); err = ERR_get_error_line_data(&file, &line, &data, &flags);
if (err == 0U) if (err == 0U)