xmlsec: re-enable KeyValue nodes when reading KeyInfo descriptors (#85339)

KeyValue has been disabled in libxmlsec >= 1.3.3, as it can be a security
liability in other settings than SAML:

   (xmlsec-core) Disabled KeyValue and DEREncodedKeyValue XML nodes by default. Use the '--enabled-key-data' option for the xmlsec command line utility or update the 'keyInfoCtx->enabledKeyData' parameter if you need to re-enable these nodes (also see question 3.5 in the FAQ).

lasso/lasso.c

@@ -154,7 +154,7 @@ lasso_xmlsec_errors_callback(const char *file G_GNUC_UNUSED, int line G_GNUC_UNU
 		const char *errorObject G_GNUC_UNUSED, const char *errorSubject G_GNUC_UNUSED, int reason G_GNUC_UNUSED,
 		const char *msg)
 {
-	g_log("libxmlsec", G_LOG_LEVEL_DEBUG, "libxmlsec: %s:%d:%s:%s:%s:%s:%s", file, line, func, errorObject, errorSubject, xmlSecErrorsGetMsg(reason), msg);
+	g_log("libxmlsec", G_LOG_LEVEL_INFO, "libxmlsec: %s:%d:%s:%s:%s:%s:%s", file, line, func, errorObject, errorSubject, xmlSecErrorsGetMsg(reason), msg);
 }
 
 static int

lasso/xml/xml.c

@@ -44,6 +44,7 @@
 #include <xmlsec/openssl/crypto.h>
 #include <xmlsec/openssl/x509.h>
 
+#include <config.h>
 #include "xml.h"
 #include "xml_enc.h"
 #include "saml_name_identifier.h"
@@ -619,9 +620,15 @@ lasso_node_encrypt(LassoNode *lasso_node, xmlSecKey *encryption_public_key,
 		message(G_LOG_LEVEL_WARNING, "Failed to create encryption context");
 		goto cleanup;
 	}
+#define XSTR(x) STR(x)
+#define STR(x) #x
+
+#pragma message "The value of LASSO_XMLSEC_VERSION_NUMBER" LASSO_XMLSEC_VERSION_NUMBER
 
 #if LASSO_XMLSEC_VERSION_NUMBER >= 0x010300
 	enc_ctx->keyInfoWriteCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH;
+	enc_ctx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH;
+	enc_ctx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH;
 #endif
 
 	/* generate a symetric key */