Add new logging category for logging crypto errors in libisc

The libisc now includes sizeable chunks of cryptography, but the crypto
log module was missing.  Add the new ISC_LOGMODULE_CRYPTO to libisc and
use it in the isc_tls error logging.

diff --git a/lib/isc/crypto.c b/lib/isc/crypto.c
index 7dc870bdd63f343cc30bbabec7ff88488c9fe543..b3ab28c4c570fa46d940043a4aea8fdea2494c1b 100644 (file)
--- a/lib/isc/crypto.c
+++ b/lib/isc/crypto.c
@@ -169,6 +169,8 @@ isc__crypto_initialize(void) {
 
        /* Protect ourselves against unseeded PRNG */
        if (RAND_status() != 1) {
+               isc_tlserr2result(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_CRYPTO,
+                                 "RAND_status", ISC_R_CRYPTOFAILURE);
                FATAL_ERROR("OpenSSL pseudorandom number generator "
                            "cannot be initialized (see the `PRNG not "
                            "seeded' message in the OpenSSL FAQ)");
@@ -178,7 +180,7 @@ isc__crypto_initialize(void) {
        if (!isc_fips_mode()) {
                if (isc_fips_set_mode(1) != ISC_R_SUCCESS) {
                        isc_tlserr2result(ISC_LOGCATEGORY_GENERAL,
-                                         ISC_LOGMODULE_OTHER, "FIPS_mode_set",
+                                         ISC_LOGMODULE_CRYPTO, "FIPS_mode_set",
                                          ISC_R_CRYPTOFAILURE);
                        exit(EXIT_FAILURE);
                }

diff --git a/lib/isc/include/isc/log.h b/lib/isc/include/isc/log.h
index f1c1a47576d1c029f2e08728ecf7cae8abaac324..2919e3ae74be33aacbea3f5da122c028077dfcb4 100644 (file)
--- a/lib/isc/include/isc/log.h
+++ b/lib/isc/include/isc/log.h
@@ -176,6 +176,7 @@ enum isc_logmodule {
        ISC_LOGMODULE_FILE,
        ISC_LOGMODULE_NETMGR,
        ISC_LOGMODULE_OTHER,
+       ISC_LOGMODULE_CRYPTO,
        /* dns modules */
        DNS_LOGMODULE_DB,
        DNS_LOGMODULE_RBTDB,

diff --git a/lib/isc/log.c b/lib/isc/log.c
index b3b437dbcdee63695adfa8d243434d1f54d2a403..37b64bdcd477694f588688f555a12e4a099f951c 100644 (file)
--- a/lib/isc/log.c
+++ b/lib/isc/log.c
@@ -221,6 +221,7 @@ static const char *modules_description[] = {
        [ISC_LOGMODULE_FILE] = "file",
        [ISC_LOGMODULE_NETMGR] = "netmgr",
        [ISC_LOGMODULE_OTHER] = "other",
+       [ISC_LOGMODULE_CRYPTO] = "crypto",
        /* dns modules */
        [DNS_LOGMODULE_DB] = "dns/db",
        [DNS_LOGMODULE_RBTDB] = "dns/rbtdb",

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index 944425c77844ca05ca1645a9ccac07cb7f05b3de..b98c7721eda586cc53dee4949e8390cb14bd7657 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -83,7 +83,7 @@ isc_tlsctx_attach(isc_tlsctx_t *src, isc_tlsctx_t **ptarget) {
  */
 static void
 sslkeylogfile_append(const SSL *ssl ISC_ATTR_UNUSED, const char *line) {
-       isc_log_write(ISC_LOGCATEGORY_SSLKEYLOG, ISC_LOGMODULE_NETMGR,
+       isc_log_write(ISC_LOGCATEGORY_SSLKEYLOG, ISC_LOGMODULE_CRYPTO,
                      ISC_LOG_INFO, "%s", line);
 }
 
@@ -130,7 +130,7 @@ isc_tlsctx_createclient(isc_tlsctx_t **ctxp) {
 ssl_error:
        err = ERR_get_error();
        ERR_error_string_n(err, errbuf, sizeof(errbuf));
-       isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
+       isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_CRYPTO,
                      ISC_LOG_ERROR, "Error initializing TLS context: %s",
                      errbuf);
 
@@ -345,7 +345,7 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
 ssl_error:
        err = ERR_get_error();
        ERR_error_string_n(err, errbuf, sizeof(errbuf));
-       isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
+       isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_CRYPTO,
                      ISC_LOG_ERROR, "Error initializing TLS context: %s",
                      errbuf);