From fd7af65e910b5aa2f5710863eb8ffb86b9f7ca2f Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 22 Nov 2011 16:55:30 +0100 Subject: [PATCH] [core] do not emit a warning for expected decryption errors The only expected decryption error is on decryption of the symetric key used to crypt the data. All other errors are critical and must be logged. Client of lasso_node_decrypt_xmlnode can then log the decryption failure of the symetric if they tried with all possible keys (key rollover case). --- lasso/saml-2.0/login.c | 7 +++++-- lasso/xml/tools.c | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 864750cb..acc9125a 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -1193,8 +1193,11 @@ _lasso_saml20_login_decrypt_assertion(LassoLogin *login, LassoSamlp2Response *sa break; } lasso_foreach_full_end(); - - if (rc1) { + if (rc1 == LASSO_DS_ERROR_DECRYPTION_FAILED) { + message(G_LOG_LEVEL_WARNING, "Could not decrypt the EncryptedKey"); + at_least_one_decryption_failture |= TRUE; + continue; + } else if (rc1) { message(G_LOG_LEVEL_WARNING, "Could not decrypt an assertion: %s", lasso_strerror(rc1)); at_least_one_decryption_failture |= TRUE; continue; diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c index 0eeb8d2f..b4afba91 100644 --- a/lasso/xml/tools.c +++ b/lasso/xml/tools.c @@ -1574,7 +1574,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, xmlChar *algorithm = NULL; xmlSecKeyDataId key_type; GList *i = NULL; - int rc = LASSO_DS_ERROR_DECRYPTION_FAILED; + int rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA; if (encryption_private_key == NULL || !xmlSecKeyIsValid(encryption_private_key)) { message(G_LOG_LEVEL_WARNING, "Invalid decryption key"); @@ -1582,6 +1582,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, goto cleanup; } + xmlSetGenericErrorFunc(NULL, lasso_xml_generic_error_func); + /* Need to duplicate it because xmlSecEncCtxDestroy(encCtx); will destroy it */ encryption_private_key = xmlSecKeyDuplicate(encryption_private_key); @@ -1655,8 +1657,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, if (key_buffer != NULL) { sym_key = xmlSecKeyReadBuffer(key_type, key_buffer); } + rc = LASSO_DS_ERROR_ENCRYPTION_FAILED; if (sym_key == NULL) { - message(G_LOG_LEVEL_WARNING, "EncryptedKey decryption failed"); goto cleanup; } @@ -1673,6 +1675,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, /* decrypt the EncryptedData */ if ((xmlSecEncCtxDecrypt(encCtx, encrypted_data_node) < 0) || (encCtx->result == NULL)) { + rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA; message(G_LOG_LEVEL_WARNING, "EncryptedData decryption failed"); goto cleanup; }