diff options
author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2011-11-29 12:36:47 +0100 |
---|---|---|
committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2011-11-29 12:36:47 +0100 |
commit | 29800377a38349c04e3744aa736fc9e70c2bf16a (patch) | |
tree | ab00fde9b27760febeeeda86ff6b348a58803d90 /lasso | |
parent | 92ebef91f584d3afd72ded1747c09981b4476c14 (diff) | |
parent | b785881e531116da7250190e632bd205212a9bdf (diff) | |
download | lasso-29800377a38349c04e3744aa736fc9e70c2bf16a.tar.gz lasso-29800377a38349c04e3744aa736fc9e70c2bf16a.tar.xz lasso-29800377a38349c04e3744aa736fc9e70c2bf16a.zip |
Merge branch 'multi-certificates'
Diffstat (limited to 'lasso')
-rw-r--r-- | lasso/errors.c | 2 | ||||
-rw-r--r-- | lasso/errors.h | 7 | ||||
-rw-r--r-- | lasso/id-ff/login.c | 11 | ||||
-rw-r--r-- | lasso/id-ff/provider.c | 24 | ||||
-rw-r--r-- | lasso/id-ff/server.c | 41 | ||||
-rw-r--r-- | lasso/id-ff/serverprivate.h | 4 | ||||
-rw-r--r-- | lasso/id-wsf-2.0/saml2_login.c | 2 | ||||
-rw-r--r-- | lasso/saml-2.0/login.c | 27 | ||||
-rw-r--r-- | lasso/saml-2.0/profile.c | 37 | ||||
-rw-r--r-- | lasso/saml-2.0/provider.c | 2 | ||||
-rw-r--r-- | lasso/saml-2.0/saml2_helper.c | 16 | ||||
-rw-r--r-- | lasso/saml-2.0/server.c | 4 | ||||
-rw-r--r-- | lasso/xml/tools.c | 7 | ||||
-rw-r--r-- | lasso/xml/xml.c | 1 |
14 files changed, 118 insertions, 67 deletions
diff --git a/lasso/errors.c b/lasso/errors.c index af772c14..2a38f3dd 100644 --- a/lasso/errors.c +++ b/lasso/errors.c @@ -359,6 +359,8 @@ lasso_strerror(int error_code) return "The known password does not match the UsernameToken"; case LASSO_WSSEC_ERROR_MISSING_SECURITY_TOKEN: return "The request miss a WS-Security token."; + case LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA: + return "The EncryptedData node is invalid, look at the logs."; case LASSO_XML_ERROR_ATTR_NOT_FOUND: return "Unable to get attribute of element."; case LASSO_XML_ERROR_ATTR_VALUE_NOT_FOUND: diff --git a/lasso/errors.h b/lasso/errors.h index 8cc114fb..10d91818 100644 --- a/lasso/errors.h +++ b/lasso/errors.h @@ -1076,3 +1076,10 @@ LASSO_EXPORT const char* lasso_strerror(int error_code); * The current assertion query does not contain an attribute query. */ #define LASSO_ASSERTION_QUERY_ERROR_NOT_AN_ATTRIBUTE_QUERY 1902 + +/** + * LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA + * + * The EncryptedData node is invalid, look at the logs. + */ +#define LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA -2001 diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 9e914002..31cb94bc 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -384,12 +384,13 @@ lasso_login_build_assertion(LassoLogin *login, /* Encrypt NameID */ provider = lasso_server_get_provider(profile->server, profile->remote_providerID); ss = LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT(as); - if (provider && provider->private_data->encryption_mode & LASSO_ENCRYPTION_MODE_NAMEID - && lasso_provider_get_encryption_public_key(provider) != NULL) { + if (provider + && (lasso_provider_get_encryption_mode(provider) & LASSO_ENCRYPTION_MODE_NAMEID)) { encrypted_element = LASSO_SAML2_ENCRYPTED_ELEMENT(lasso_node_encrypt( - LASSO_NODE(ss->Subject->NameIdentifier), - lasso_provider_get_encryption_public_key(provider), - provider->private_data->encryption_sym_key_type, provider->ProviderID)); + LASSO_NODE(ss->Subject->NameIdentifier), + lasso_provider_get_encryption_public_key(provider), + lasso_provider_get_encryption_sym_key_type(provider), + provider->ProviderID)); if (encrypted_element != NULL) { lasso_assign_new_gobject(ss->Subject->EncryptedNameIdentifier, encrypted_element); lasso_release_gobject(ss->Subject->NameIdentifier); diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c index 8df653de..c90819a3 100644 --- a/lasso/id-ff/provider.c +++ b/lasso/id-ff/provider.c @@ -548,16 +548,16 @@ xmlSecKey* lasso_provider_get_encryption_public_key(const LassoProvider *provider) { g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL); - GList *public_keys; + GList *keys; - if (provider->private_data->encryption_public_keys) { - return provider->private_data->encryption_public_keys->data; + keys = provider->private_data->encryption_public_keys; + /* encrypt using the first given key, multiple encryption key in the metadata is generally + * useless. roll-over of the encryption key is done mainly at the receiving side, by trying + * to decipher using the two private keys, the old and the new. */ + if (keys && keys->data) { + return (xmlSecKey*)keys->data; } - public_keys = lasso_provider_get_public_keys(provider); - if (! public_keys) { - return NULL; - } - return (xmlSecKey*)public_keys->data; + return NULL; } static void @@ -859,9 +859,7 @@ dispose(GObject *object) provider->private_data->encryption_public_key_str = NULL; } - if (provider->private_data->encryption_public_keys) { - lasso_release_list_of_sec_key(provider->private_data->encryption_public_keys); - } + lasso_release_list_of_sec_key(provider->private_data->encryption_public_keys); lasso_release(provider->private_data->affiliation_id); provider->private_data->affiliation_id = NULL; @@ -1289,8 +1287,8 @@ lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType publi list_of_sec_key); break; case LASSO_PUBLIC_KEY_ENCRYPTION: - lasso_transfer_full(provider->private_data->encryption_public_keys, - keys, list_of_sec_key); + lasso_transfer_full(provider->private_data->encryption_public_keys, keys, + list_of_sec_key); break; default: lasso_release_list_of_sec_key(keys); diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c index 882a50b0..9d3b7365 100644 --- a/lasso/id-ff/server.c +++ b/lasso/id-ff/server.c @@ -182,10 +182,7 @@ lasso_server_set_encryption_private_key_with_password(LassoServer *server, if (! key || ! (xmlSecKeyGetType(key) & xmlSecKeyDataTypePrivate)) { return LASSO_SERVER_ERROR_SET_ENCRYPTION_PRIVATE_KEY_FAILED; } - lasso_release_sec_key(server->private_data->encryption_private_key); - server->private_data->encryption_private_key = key; - } else { - lasso_release_sec_key(server->private_data->encryption_private_key); + lasso_list_add_new_sec_key(server->private_data->encryption_private_keys, key); } return 0; @@ -289,8 +286,8 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode) rc = parent_class->init_from_xml(node, xmlnode); if (server->private_key) { - server->private_data->encryption_private_key = - lasso_xmlsec_load_private_key(server->private_key, server->private_key_password); + lasso_server_set_encryption_private_key_with_password(server, server->private_key, + server->private_key_password); } if (rc) return rc; @@ -481,7 +478,7 @@ dispose(GObject *object) } server->private_data->dispose_has_run = TRUE; - lasso_release_sec_key(server->private_data->encryption_private_key); + lasso_release_list_of_sec_key(server->private_data->encryption_private_keys); lasso_release_list_of_gobjects(server->private_data->svc_metadatas); @@ -523,7 +520,7 @@ instance_init(LassoServer *server) { server->private_data = g_new0(LassoServerPrivate, 1); server->private_data->dispose_has_run = FALSE; - server->private_data->encryption_private_key = NULL; + server->private_data->encryption_private_keys = NULL; server->private_data->svc_metadatas = NULL; server->providers = g_hash_table_new_full( @@ -610,7 +607,7 @@ lasso_server_new(const gchar *metadata, if (lasso_provider_load_metadata(LASSO_PROVIDER(server), metadata) == FALSE) { message(G_LOG_LEVEL_CRITICAL, "Failed to load metadata from %s.", metadata); - lasso_node_destroy(LASSO_NODE(server)); + lasso_release_gobject(server); return NULL; } } @@ -619,11 +616,11 @@ lasso_server_new(const gchar *metadata, if (private_key) { lasso_assign_string(server->private_key, private_key); lasso_assign_string(server->private_key_password, private_key_password); - server->private_data->encryption_private_key = lasso_xmlsec_load_private_key(private_key, - private_key_password); - if (! server->private_data->encryption_private_key) { + if (lasso_server_set_encryption_private_key_with_password(server, private_key, + private_key_password) != 0) { message(G_LOG_LEVEL_WARNING, "Cannot load the private key"); lasso_release_gobject(server); + return NULL; } } lasso_provider_load_public_key(&server->parent, LASSO_PUBLIC_KEY_SIGNING); @@ -657,7 +654,7 @@ lasso_server_new_from_buffers(const char *metadata, const char *private_key_cont if (lasso_provider_load_metadata_from_buffer(LASSO_PROVIDER(server), metadata) == FALSE) { message(G_LOG_LEVEL_CRITICAL, "Failed to load metadata from preloaded buffer"); - lasso_node_destroy(LASSO_NODE(server)); + lasso_release_gobject(server); return NULL; } } @@ -665,12 +662,12 @@ lasso_server_new_from_buffers(const char *metadata, const char *private_key_cont if (private_key_content) { lasso_assign_string(server->private_key, private_key_content); lasso_assign_string(server->private_key_password, private_key_password); - server->private_data->encryption_private_key = - lasso_xmlsec_load_private_key_from_buffer(private_key_content, - strlen(private_key_content), private_key_password); - if (! server->private_data->encryption_private_key) { + + if (lasso_server_set_encryption_private_key_with_password(server, private_key_content, + private_key_password) != 0) { message(G_LOG_LEVEL_WARNING, "Cannot load the private key"); lasso_release_gobject(server); + return NULL; } } lasso_provider_load_public_key(&server->parent, LASSO_PUBLIC_KEY_SIGNING); @@ -731,14 +728,14 @@ lasso_server_get_private_key(LassoServer *server) } /** - * lasso_server_get_encryption_private_key: + * lasso_server_get_encryption_private_keys: * @server: a #LassoServer object * - * Return:(transfer none): a xmlSecKey object, it is owned by the #LassoServer object, so do not + * Return:(transfer none)(element-type xmlSecKeyPtr): a GList of xmlSecKey object, it is owned by the #LassoServer object, so do not * free it. */ -xmlSecKey* -lasso_server_get_encryption_private_key(LassoServer *server) +GList* +lasso_server_get_encryption_private_keys(LassoServer *server) { if (! LASSO_IS_SERVER(server)) return NULL; @@ -746,7 +743,7 @@ lasso_server_get_encryption_private_key(LassoServer *server) if (! server->private_data) return NULL; - return server->private_data->encryption_private_key; + return server->private_data->encryption_private_keys; } /** diff --git a/lasso/id-ff/serverprivate.h b/lasso/id-ff/serverprivate.h index 8375fc2e..c800edc2 100644 --- a/lasso/id-ff/serverprivate.h +++ b/lasso/id-ff/serverprivate.h @@ -32,7 +32,7 @@ extern "C" { struct _LassoServerPrivate { gboolean dispose_has_run; - xmlSecKey *encryption_private_key; + GList *encryption_private_keys; GList *svc_metadatas; }; @@ -40,7 +40,7 @@ gchar* lasso_server_get_first_providerID(LassoServer *server); gchar* lasso_server_get_first_providerID_by_role(const LassoServer *server, LassoProviderRole role); gchar* lasso_server_get_providerID_from_hash(LassoServer *server, gchar *b64_hash); xmlSecKey* lasso_server_get_private_key(LassoServer *server); -xmlSecKey* lasso_server_get_encryption_private_key(LassoServer *server); +GList* lasso_server_get_encryption_private_keys(LassoServer *server); #ifdef __cplusplus } diff --git a/lasso/id-wsf-2.0/saml2_login.c b/lasso/id-wsf-2.0/saml2_login.c index fc0f074b..6f86ff8e 100644 --- a/lasso/id-wsf-2.0/saml2_login.c +++ b/lasso/id-wsf-2.0/saml2_login.c @@ -91,7 +91,7 @@ lasso_server_create_assertion_as_idwsf2_security_token(LassoServer *server, lasso_release_gobject(assertion); goto cleanup; } - lasso_assign_gobject(assertion->Subject->EncryptedID, encrypted_id); + lasso_assign_new_gobject(assertion->Subject->EncryptedID, encrypted_id); } else { lasso_assign_new_gobject(assertion->Subject->NameID, name_id); } diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 3955b62c..acc9125a 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -1160,16 +1160,16 @@ _lasso_check_assertion_issuer(LassoSaml2Assertion *assertion, const gchar *provi static gint _lasso_saml20_login_decrypt_assertion(LassoLogin *login, LassoSamlp2Response *samlp2_response) { - xmlSecKey *encryption_private_key; - GList *it; + GList *encryption_private_keys = NULL; + GList *it = NULL; gboolean at_least_one_decryption_failture = FALSE; gboolean at_least_one_malformed_element = FALSE; if (! samlp2_response->EncryptedAssertion) return 0; /* nothing to do */ - encryption_private_key = lasso_server_get_encryption_private_key(login->parent.server); - if (! encryption_private_key) { + encryption_private_keys = lasso_server_get_encryption_private_keys(login->parent.server); + if (! encryption_private_keys) { message(G_LOG_LEVEL_WARNING, "Missing private encryption key, cannot decrypt assertions."); return LASSO_DS_ERROR_DECRYPTION_FAILED_MISSING_PRIVATE_KEY; } @@ -1185,9 +1185,19 @@ _lasso_saml20_login_decrypt_assertion(LassoLogin *login, LassoSamlp2Response *sa continue; } encrypted_assertion = (LassoSaml2EncryptedElement*)it->data; - rc1 = lasso_saml2_encrypted_element_decrypt(encrypted_assertion, encryption_private_key, (LassoNode**)&assertion); - - if (rc1) { + lasso_foreach_full_begin(xmlSecKey*, encryption_private_key, it, + encryption_private_keys) + { + rc1 = lasso_saml2_encrypted_element_decrypt(encrypted_assertion, encryption_private_key, (LassoNode**)&assertion); + if (rc1 == 0) + break; + } + lasso_foreach_full_end(); + if (rc1 == LASSO_DS_ERROR_DECRYPTION_FAILED) { + message(G_LOG_LEVEL_WARNING, "Could not decrypt the EncryptedKey"); + at_least_one_decryption_failture |= TRUE; + continue; + } else if (rc1) { message(G_LOG_LEVEL_WARNING, "Could not decrypt an assertion: %s", lasso_strerror(rc1)); at_least_one_decryption_failture |= TRUE; continue; @@ -1429,6 +1439,7 @@ lasso_saml20_login_build_authn_response_msg(LassoLogin *login) lasso_check_good_rc(lasso_saml20_profile_build_response_msg(profile, NULL, http_method, url)); cleanup: + lasso_release_string(url); return rc; } @@ -1486,7 +1497,7 @@ lasso_saml20_login_init_idp_initiated_authn_request(LassoLogin *login, return LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND; lasso_assign_string(profile->remote_providerID, remote_providerID); - lasso_assign_gobject(profile->request, lasso_samlp2_authn_request_new()); + lasso_assign_new_gobject(profile->request, lasso_samlp2_authn_request_new()); lasso_assign_new_gobject(LASSO_SAMLP2_AUTHN_REQUEST(profile->request)->NameIDPolicy, lasso_samlp2_name_id_policy_new()); lasso_assign_new_gobject(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->Issuer, diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c index 7921e04a..97b5ac69 100644 --- a/lasso/saml-2.0/profile.c +++ b/lasso/saml-2.0/profile.c @@ -506,10 +506,23 @@ lasso_saml20_profile_set_session_from_dump_decrypt( assertion->Subject->EncryptedID->original_data); lasso_release_gobject(assertion->Subject->EncryptedID); } else { /* decrypt */ - int rc = 0; - rc = lasso_saml2_encrypted_element_decrypt(assertion->Subject->EncryptedID, - lasso_server_get_encryption_private_key(profile->server), - (LassoNode**) &assertion->Subject->NameID); + int rc; + GList *encryption_private_keys = + lasso_server_get_encryption_private_keys(profile->server); + + rc = LASSO_PROFILE_ERROR_MISSING_ENCRYPTION_PRIVATE_KEY; + lasso_foreach_full_begin(xmlSecKey*, encryption_private_key, it, + encryption_private_keys); + { + rc = lasso_saml2_encrypted_element_decrypt( + assertion->Subject->EncryptedID, + encryption_private_key, + (LassoNode**)&assertion->Subject->NameID); + if (rc == 0) + break; + } + lasso_foreach_full_end(); + if (rc == 0) { lasso_release_gobject(assertion->Subject->EncryptedID); } else { @@ -560,7 +573,6 @@ lasso_saml20_profile_process_name_identifier_decryption(LassoProfile *profile, LassoSaml2NameID **name_id, LassoSaml2EncryptedElement **encrypted_id) { - xmlSecKey *encryption_private_key = NULL; int rc = 0; lasso_bad_param(PROFILE, profile); @@ -568,15 +580,20 @@ lasso_saml20_profile_process_name_identifier_decryption(LassoProfile *profile, lasso_null_param(encrypted_id); if (*name_id == NULL && *encrypted_id != NULL) { - encryption_private_key = profile->server->private_data->encryption_private_key; if (! LASSO_IS_SAML2_ENCRYPTED_ELEMENT(*encrypted_id)) { return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER; } - if (encrypted_id != NULL && encryption_private_key == NULL) { - return LASSO_PROFILE_ERROR_MISSING_ENCRYPTION_PRIVATE_KEY; + rc = LASSO_PROFILE_ERROR_MISSING_ENCRYPTION_PRIVATE_KEY; + lasso_foreach_full_begin(xmlSecKey*, encryption_private_key, it, + lasso_server_get_encryption_private_keys(profile->server)); + { + rc = lasso_saml2_encrypted_element_decrypt(*encrypted_id, encryption_private_key, + &profile->nameIdentifier); + if (rc == 0) + break; } - rc = lasso_saml2_encrypted_element_decrypt(*encrypted_id, encryption_private_key, - &profile->nameIdentifier); + lasso_foreach_full_end(); + if (rc) goto cleanup; if (! LASSO_IS_SAML2_NAME_ID(profile->nameIdentifier)) { diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c index 747ca2e5..66293c3f 100644 --- a/lasso/saml-2.0/provider.c +++ b/lasso/saml-2.0/provider.c @@ -287,7 +287,6 @@ load_endpoint_type(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole } else { name = g_strdup_printf("%s %s", xmlnode->name, binding_s); } - lasso_release_xml_string(binding); /* Response endpoint ? */ response_value = getSaml2MdProp(xmlnode, LASSO_SAML2_METADATA_ATTRIBUTE_RESPONSE_LOCATION); @@ -301,6 +300,7 @@ load_endpoint_type(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole _lasso_provider_add_metadata_value_for_role(provider, role, name, (char*)value); cleanup: + lasso_release_xml_string(binding); lasso_release_xml_string(value); lasso_release_xml_string(response_value); lasso_release_string(name); diff --git a/lasso/saml-2.0/saml2_helper.c b/lasso/saml-2.0/saml2_helper.c index 3d835962..4151a7b4 100644 --- a/lasso/saml-2.0/saml2_helper.c +++ b/lasso/saml-2.0/saml2_helper.c @@ -776,8 +776,22 @@ int lasso_saml2_encrypted_element_server_decrypt(LassoSaml2EncryptedElement* encrypted_element, LassoServer *server, LassoNode** decrypted_node) { lasso_bad_param(SERVER, server); + int rc = 0; + GList *encryption_private_keys; - return lasso_saml2_encrypted_element_decrypt(encrypted_element, lasso_server_get_encryption_private_key(server), decrypted_node); + encryption_private_keys = lasso_server_get_encryption_private_keys(server); + if (! encryption_private_keys) { + return LASSO_PROFILE_ERROR_MISSING_ENCRYPTION_PRIVATE_KEY; + } + lasso_foreach_full_begin(xmlSecKey*, encryption_private_key, it, encryption_private_keys) + { + rc = lasso_saml2_encrypted_element_decrypt(encrypted_element, + encryption_private_key, decrypted_node); + if (rc == 0) + break; + } + lasso_foreach_full_end(); + return rc; } /** diff --git a/lasso/saml-2.0/server.c b/lasso/saml-2.0/server.c index f2dc8879..cac2d89b 100644 --- a/lasso/saml-2.0/server.c +++ b/lasso/saml-2.0/server.c @@ -139,7 +139,7 @@ lasso_saml20_server_load_metadata_entity(LassoServer *server, LassoProviderRole provider = lasso_provider_new_from_xmlnode(role, entity); if (provider) { - char *name = g_strdup(provider->ProviderID); + char *name = provider->ProviderID; if (g_list_find_custom(blacklisted_entity_ids, name, (GCompareFunc) g_strcmp0)) { @@ -153,7 +153,7 @@ lasso_saml20_server_load_metadata_entity(LassoServer *server, LassoProviderRole l->next->data = g_strdup(name); *loaded_end = l->next; } - g_hash_table_insert(server->providers, name, provider); + g_hash_table_insert(server->providers, g_strdup(name), provider); return 0; } else { return LASSO_SERVER_ERROR_NO_PROVIDER_LOADED; diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c index 0eeb8d2f..b4afba91 100644 --- a/lasso/xml/tools.c +++ b/lasso/xml/tools.c @@ -1574,7 +1574,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, xmlChar *algorithm = NULL; xmlSecKeyDataId key_type; GList *i = NULL; - int rc = LASSO_DS_ERROR_DECRYPTION_FAILED; + int rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA; if (encryption_private_key == NULL || !xmlSecKeyIsValid(encryption_private_key)) { message(G_LOG_LEVEL_WARNING, "Invalid decryption key"); @@ -1582,6 +1582,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, goto cleanup; } + xmlSetGenericErrorFunc(NULL, lasso_xml_generic_error_func); + /* Need to duplicate it because xmlSecEncCtxDestroy(encCtx); will destroy it */ encryption_private_key = xmlSecKeyDuplicate(encryption_private_key); @@ -1655,8 +1657,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, if (key_buffer != NULL) { sym_key = xmlSecKeyReadBuffer(key_type, key_buffer); } + rc = LASSO_DS_ERROR_ENCRYPTION_FAILED; if (sym_key == NULL) { - message(G_LOG_LEVEL_WARNING, "EncryptedKey decryption failed"); goto cleanup; } @@ -1673,6 +1675,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element, /* decrypt the EncryptedData */ if ((xmlSecEncCtxDecrypt(encCtx, encrypted_data_node) < 0) || (encCtx->result == NULL)) { + rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA; message(G_LOG_LEVEL_WARNING, "EncryptedData decryption failed"); goto cleanup; } diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index 465a6992..9ce3f245 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -916,6 +916,7 @@ _lasso_node_free_custom_element(struct _CustomElement *custom_element) lasso_release_string(custom_element->private_key); lasso_release_string(custom_element->private_key_password); lasso_release_string(custom_element->certificate); + lasso_release_sec_key(custom_element->encryption_public_key); } lasso_release(custom_element); } |