[core] do not emit a warning for expected decryption errors

The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.

Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).

1 files changed, 5 insertions, 2 deletions

diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
index 0eeb8d2f..b4afba91 100644
--- a/lasso/xml/tools.c
+++ b/lasso/xml/tools.c
@@ -1574,7 +1574,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
 	xmlChar *algorithm = NULL;
 	xmlSecKeyDataId key_type;
 	GList *i = NULL;
-	int rc = LASSO_DS_ERROR_DECRYPTION_FAILED;
+	int rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA;
 
 	if (encryption_private_key == NULL || !xmlSecKeyIsValid(encryption_private_key)) {
 		message(G_LOG_LEVEL_WARNING, "Invalid decryption key");
@@ -1582,6 +1582,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
 		goto cleanup;
 	}
 
+	xmlSetGenericErrorFunc(NULL, lasso_xml_generic_error_func);
+
 	/* Need to duplicate it because xmlSecEncCtxDestroy(encCtx); will destroy it */
 	encryption_private_key = xmlSecKeyDuplicate(encryption_private_key);
 
@@ -1655,8 +1657,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
 	if (key_buffer != NULL) {
 		sym_key = xmlSecKeyReadBuffer(key_type, key_buffer);
 	}
+	rc = LASSO_DS_ERROR_ENCRYPTION_FAILED;
 	if (sym_key == NULL) {
-		message(G_LOG_LEVEL_WARNING, "EncryptedKey decryption failed");
 		goto cleanup;
 	}
 
@@ -1673,6 +1675,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
 
 	/* decrypt the EncryptedData */
 	if ((xmlSecEncCtxDecrypt(encCtx, encrypted_data_node) < 0) || (encCtx->result == NULL)) {
+		rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA;
 		message(G_LOG_LEVEL_WARNING, "EncryptedData decryption failed");
 		goto cleanup;
 	}