diff options
| author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2011-11-22 16:55:30 +0100 |
|---|---|---|
| committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2011-11-22 18:51:49 +0100 |
| commit | fd7af65e910b5aa2f5710863eb8ffb86b9f7ca2f (patch) | |
| tree | b066f898189d6283259b3cf6afd48baf10ea7851 | |
| parent | 5957f3e230d04703888910bb3fc3ca48afb4acc9 (diff) | |
| download | lasso-fd7af65e910b5aa2f5710863eb8ffb86b9f7ca2f.tar.gz lasso-fd7af65e910b5aa2f5710863eb8ffb86b9f7ca2f.tar.xz lasso-fd7af65e910b5aa2f5710863eb8ffb86b9f7ca2f.zip | |
[core] do not emit a warning for expected decryption errors
The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.
Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).
| -rw-r--r-- | lasso/saml-2.0/login.c | 7 | ||||
| -rw-r--r-- | lasso/xml/tools.c | 7 |
2 files changed, 10 insertions, 4 deletions
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 864750cb..acc9125a 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -1193,8 +1193,11 @@ _lasso_saml20_login_decrypt_assertion(LassoLogin *login, LassoSamlp2Response *sa break; } lasso_foreach_full_end(); - - if (rc1) { + if (rc1 == LASSO_DS_ERROR_DECRYPTION_FAILED) { + message(G_LOG_LEVEL_WARNING, "Could not decrypt the EncryptedKey"); + at_least_one_decryption_failture |= TRUE; + continue; + } else if (rc1) { message(G_LOG_LEVEL_WARNING, "Could not decrypt an assertion: %s", lasso_strerror(rc1)); at_least_one_decryption_failture |= TRUE; continue; diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c index 0eeb8d2f..b4afba91 100644 --- a/lasso/xml/tools.c +++ b/lasso/xml/tools.c @@ -1574,7 +1574,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, xmlChar *algorithm = NULL; xmlSecKeyDataId key_type; GList *i = NULL; - int rc = LASSO_DS_ERROR_DECRYPTION_FAILED; + int rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA; if (encryption_private_key == NULL || !xmlSecKeyIsValid(encryption_private_key)) { message(G_LOG_LEVEL_WARNING, "Invalid decryption key"); @@ -1582,6 +1582,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, goto cleanup; } + xmlSetGenericErrorFunc(NULL, lasso_xml_generic_error_func); + /* Need to duplicate it because xmlSecEncCtxDestroy(encCtx); will destroy it */ encryption_private_key = xmlSecKeyDuplicate(encryption_private_key); @@ -1655,8 +1657,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, if (key_buffer != NULL) { sym_key = xmlSecKeyReadBuffer(key_type, key_buffer); } + rc = LASSO_DS_ERROR_ENCRYPTION_FAILED; if (sym_key == NULL) { - message(G_LOG_LEVEL_WARNING, "EncryptedKey decryption failed"); goto cleanup; } @@ -1673,6 +1675,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, /* decrypt the EncryptedData */ if ((xmlSecEncCtxDecrypt(encCtx, encrypted_data_node) < 0) || (encCtx->result == NULL)) { + rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA; message(G_LOG_LEVEL_WARNING, "EncryptedData decryption failed"); goto cleanup; } |