From 01b1f024ed85609fbd2fe11aaa018ff5787c3ace Mon Sep 17 00:00:00 2001 From: Bulat Gaifullin Date: Fri, 21 Jul 2017 00:57:10 +0100 Subject: [PATCH 1/5] Fix segfault if load key from binary fails --- src/keys.c | 2 +- tests/test_keys.py | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/src/keys.c b/src/keys.c index d21507e2..f7618296 100644 --- a/src/keys.c +++ b/src/keys.c @@ -253,7 +253,7 @@ static PyObject* PyXmlSec_KeyFromBinaryFile(PyObject* self, PyObject* args, PyOb ON_FAIL: PYXMLSEC_DEBUG("load symmetric key - fail"); Py_XDECREF(key); - Py_DECREF(filepath); + Py_XDECREF(filepath); return NULL; } diff --git a/tests/test_keys.py b/tests/test_keys.py index 081b85d5..d75e44d1 100644 --- a/tests/test_keys.py +++ b/tests/test_keys.py @@ -13,10 +13,18 @@ def test_key_from_memory(self): key = xmlsec.Key.from_memory(self.load("rsakey.pem"), format=consts.KeyDataFormatPem) self.assertIsNotNone(key) + def test_key_from_memory_with_bad_args(self): + with self.assertRaises(TypeError): + xmlsec.Key.from_memory(1, format="") + def test_key_from_file(self): key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem) self.assertIsNotNone(key) + def test_key_from_file_with_bad_args(self): + with self.assertRaises(TypeError): + xmlsec.Key.from_file(1, format="") + def test_key_from_fileobj(self): with open(self.path("rsakey.pem"), "rb") as fobj: key = xmlsec.Key.from_file(fobj, format=consts.KeyDataFormatPem) @@ -26,15 +34,29 @@ def test_generate(self): key = xmlsec.Key.generate(klass=consts.KeyDataAes, size=256, type=consts.KeyDataTypeSession) self.assertIsNotNone(key) + def test_generate_with_bad_args(self): + with self.assertRaises(TypeError): + xmlsec.Key.generate(klass="", size="", type="") + def test_from_binary_file(self): key = xmlsec.Key.from_binary_file(klass=consts.KeyDataDes, filename=self.path("deskey.bin")) self.assertIsNotNone(key) + def test_from_binary_file_with_bad_args(self): + with self.assertRaises(TypeError): + xmlsec.Key.from_binary_file(klass="", filename=1) + def test_load_cert_from_file(self): key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem) self.assertIsNotNone(key) key.load_cert_from_file(self.path("rsacert.pem"), format=consts.KeyDataFormatPem) + def test_load_cert_from_file_with_bad_args(self): + key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem) + self.assertIsNotNone(key) + with self.assertRaises(TypeError): + key.load_cert_from_file(1, format="") + def test_load_cert_from_fileobj(self): key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem) self.assertIsNotNone(key) @@ -46,8 +68,15 @@ def test_load_cert_from_memory(self): self.assertIsNotNone(key) key.load_cert_from_memory(self.load("rsacert.pem"), format=consts.KeyDataFormatPem) + def test_load_cert_from_memory_with_bad_args(self): + key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem) + self.assertIsNotNone(key) + with self.assertRaises(TypeError): + key.load_cert_from_memory(1, format="") + def test_name(self): key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem) + self.assertIsNone(key.name) key.name = "rsakey" self.assertEqual("rsakey", key.name) @@ -64,16 +93,33 @@ def test_add_key(self): mngr = xmlsec.KeysManager() mngr.add_key(key) + def test_add_key_with_bad_args(self): + mngr = xmlsec.KeysManager() + with self.assertRaises(TypeError): + mngr.add_key("") + def test_load_cert(self): mngr = xmlsec.KeysManager() mngr.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)) mngr.load_cert(self.path("rsacert.pem"), format=consts.KeyDataFormatPem, type=consts.KeyDataTypeTrusted) + def test_load_cert_with_bad_args(self): + mngr = xmlsec.KeysManager() + mngr.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)) + with self.assertRaises(TypeError): + mngr.load_cert(1, format="", type="") + def test_load_cert_from_memory(self): mngr = xmlsec.KeysManager() mngr.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)) mngr.load_cert_from_memory(self.load("rsacert.pem"), format=consts.KeyDataFormatPem, type=consts.KeyDataTypeTrusted) + def test_load_cert_from_memory_with_bad_args(self): + mngr = xmlsec.KeysManager() + mngr.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)) + with self.assertRaises(TypeError): + mngr.load_cert_from_memory(1, format="", type="") + def test_load_invalid_key(self): mngr = xmlsec.KeysManager() with self.assertRaises(ValueError): From ace3571048e6342a00efc987c8a6a717dd5e7ec3 Mon Sep 17 00:00:00 2001 From: Bulat Gaifullin Date: Fri, 21 Jul 2017 00:59:34 +0100 Subject: [PATCH 2/5] Add method to load symmetric key from memory --- src/keys.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++ tests/test_keys.py | 8 ++++++++ 2 files changed, 57 insertions(+) diff --git a/src/keys.c b/src/keys.c index f7618296..0d0d0d3e 100644 --- a/src/keys.c +++ b/src/keys.c @@ -257,6 +257,49 @@ static PyObject* PyXmlSec_KeyFromBinaryFile(PyObject* self, PyObject* args, PyOb return NULL; } +static const char PyXmlSec_KeyFromBinaryData__doc__[] = \ + "Loads (symmetric) key of kind *klass* from *data*.\n\n" + ":param klass: the key value data klass\n" + ":param data: the key binary data\n" + ":return: pointer to newly created key\n"; +static PyObject* PyXmlSec_KeyFromBinaryData(PyObject* self, PyObject* args, PyObject* kwargs) { + static char *kwlist[] = { "klass", "data", NULL}; + + PyXmlSec_KeyData* keydata = NULL; + const char* data = NULL; + Py_ssize_t data_size = 0; + + PyXmlSec_Key* key = NULL; + + PYXMLSEC_DEBUG("load symmetric key from memory - start"); + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O!s#:from_binary_data", kwlist, + PyXmlSec_KeyDataType, &keydata, &data, &data_size)) + { + goto ON_FAIL; + } + + if ((key = PyXmlSec_NewKey1((PyTypeObject*)self)) == NULL) goto ON_FAIL; + + Py_BEGIN_ALLOW_THREADS; + key->handle = xmlSecKeyReadMemory(keydata->id, (const xmlSecByte*)data, (xmlSecSize)data_size); + Py_END_ALLOW_THREADS; + + if (key->handle == NULL) { + PyXmlSec_SetLastError("cannot read key"); + goto ON_FAIL; + } + + key->is_own = 1; + + PYXMLSEC_DEBUG("load symmetric key from memory - ok"); + return (PyObject*)key; + +ON_FAIL: + PYXMLSEC_DEBUG("load symmetric key from memory - fail"); + Py_XDECREF(key); + return NULL; +} + static const char PyXmlSec_KeyCertFromMemory__doc__[] = \ "Loads certificate from memory.\n\n" ":param data: the certificate binary data\n" @@ -413,6 +456,12 @@ static PyMethodDef PyXmlSec_KeyMethods[] = { METH_CLASS|METH_VARARGS|METH_KEYWORDS, PyXmlSec_KeyFromBinaryFile__doc__ }, + { + "from_binary_data", + (PyCFunction)PyXmlSec_KeyFromBinaryData, + METH_CLASS|METH_VARARGS|METH_KEYWORDS, + PyXmlSec_KeyFromBinaryData__doc__ + }, { "load_cert_from_memory", (PyCFunction)PyXmlSec_KeyCertFromMemory, diff --git a/tests/test_keys.py b/tests/test_keys.py index d75e44d1..add11e41 100644 --- a/tests/test_keys.py +++ b/tests/test_keys.py @@ -46,6 +46,14 @@ def test_from_binary_file_with_bad_args(self): with self.assertRaises(TypeError): xmlsec.Key.from_binary_file(klass="", filename=1) + def test_from_binary_data(self): + key = xmlsec.Key.from_binary_data(klass=consts.KeyDataDes, data=self.load("deskey.bin")) + self.assertIsNotNone(key) + + def test_from_binary_data_with_bad_args(self): + with self.assertRaises(TypeError): + xmlsec.Key.from_binary_data(klass="", data=1) + def test_load_cert_from_file(self): key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem) self.assertIsNotNone(key) From 2276d516f36d794d601480208bc91e437561108a Mon Sep 17 00:00:00 2001 From: Bulat Gaifullin Date: Fri, 21 Jul 2017 01:03:47 +0100 Subject: [PATCH 3/5] Add support to decrypt separated EncryptedKey --- src/enc.c | 42 ++++++++++++++++++++++++++++------------- tests/data/enc3-in.xml | 4 ++++ tests/data/enc3-out.xml | 20 ++++++++++++++++++++ tests/test_enc.py | 20 +++++++++++++++++++- 4 files changed, 72 insertions(+), 14 deletions(-) create mode 100644 tests/data/enc3-in.xml create mode 100644 tests/data/enc3-out.xml diff --git a/src/enc.c b/src/enc.c index 176511d9..258856db 100644 --- a/src/enc.c +++ b/src/enc.c @@ -15,6 +15,7 @@ #include "lxml.h" #include +#include typedef struct { PyObject_HEAD @@ -105,6 +106,18 @@ static int PyXmlSec_EncryptionContextKeySet(PyObject* self, PyObject* value, voi return 0; } +static const char PyXmlSec_EncryptionContextReset__doc__[] = \ + "Resets *context*, user settings are not touched.\n"; +static PyObject* PyXmlSec_EncryptionContextReset(PyObject* self, PyObject* args, PyObject* kwargs) { + PYXMLSEC_DEBUGF("%p: reset context - start", self); + xmlSecEncCtxPtr ctx = ((PyXmlSec_EncryptionContext*)self)->handle; + Py_BEGIN_ALLOW_THREADS; + xmlSecEncCtxReset(ctx); + Py_END_ALLOW_THREADS; + PYXMLSEC_DEBUGF("%p: reset context - ok", self); + Py_RETURN_NONE; +} + static const char PyXmlSec_EncryptionContextEncryptBinary__doc__[] = \ "Encrypts binary *data* according to `EncryptedData` template *template*\n"\ "Note: *template* is modified in place.\n\n" @@ -163,12 +176,9 @@ static const char PyXmlSec_EncryptionContextEncryptXml__doc__[] = \ "Note: The `Type` attribute of *template* decides whether *node* itself is encrypted\n"\ "(`http://www.w3.org/2001/04/xmlenc#Element`) or its content (`http://www.w3.org/2001/04/xmlenc#Content`).\n"\ "It must have one of these two values (or an exception is raised).\n"\ - "The operation modifies the tree containing *node* in a way that\n"\ - "`lxml` references to or into this tree may see a surprising state.\n"\ - "You should no longer rely on them. Especially, you should use\n"\ - "`getroottree()` on the result to obtain the encrypted result tree.\n\n" - ":param template: the pointer to template node\n" - ":param node: the pointer to node for encryption\n" + "The operation modifies the tree and removes replaced nodes.\n"\ + ":param template: the pointer to template node\n"\ + ":param node: the pointer to node for encryption\n"\ ":return: the pointer to newly created node\n"; static PyObject* PyXmlSec_EncryptionContextEncryptXml(PyObject* self, PyObject* args, PyObject* kwargs) { static char *kwlist[] = { "template", "node", NULL}; @@ -273,14 +283,12 @@ static PyObject* PyXmlSec_EncryptionContextEncryptUri(PyObject* self, PyObject* } static const char PyXmlSec_EncryptionContextDecrypt__doc__[] = \ - "Decrypts *node* (an `EncryptedData` element) and return the result.\n"\ + "Decrypts *node* (an `EncryptedData` or `EncryptedKey` element) and return the result.\n"\ "The decryption may result in binary data or an XML subtree.\n"\ "In the former case, the binary data is returned. In the latter case,\n"\ "the input tree is modified and a reference to the decrypted XML subtree is returned.\n"\ - "If the operation modifies the tree, `lxml` references to or into this tree may see a surprising state.\n"\ - "You should no longer rely on them. Especially, you should use `getroottree()` on the result\n"\ - "to obtain the decrypted result tree.\n\n" - ":param node: the pointer to node\n" + "If the operation modifies the tree, it removes replaced nodes.\n"\ + ":param node: the pointer to or node\n" ":return: depends on input parameters\n"; static PyObject* PyXmlSec_EncryptionContextDecrypt(PyObject* self, PyObject* args, PyObject* kwargs) { @@ -310,14 +318,16 @@ static PyObject* PyXmlSec_EncryptionContextDecrypt(PyObject* self, PyObject* arg } // get index of node node_num = PyObject_CallMethod(parent, "index", "O", node); - PYXMLSEC_DEBUGF("%p, %p", parent, node_num); + PYXMLSEC_DEBUGF("parent: %p, %p", parent, node_num); } xmlSecEncCtxPtr ctx = ((PyXmlSec_EncryptionContext*)self)->handle; - ctx->flags = XMLSEC_ENC_RETURN_REPLACED_NODE; int rv; Py_BEGIN_ALLOW_THREADS; + ctx->flags = XMLSEC_ENC_RETURN_REPLACED_NODE; + ctx->mode = xmlSecCheckNodeName(node->_c_node, xmlSecNodeEncryptedKey, xmlSecEncNs) ? xmlEncCtxModeEncryptedKey : xmlEncCtxModeEncryptedData; + PYXMLSEC_DEBUGF("mode: %d", ctx->mode); rv = xmlSecEncCtxDecrypt(ctx, node->_c_node); Py_END_ALLOW_THREADS; @@ -385,6 +395,12 @@ static PyGetSetDef PyXmlSec_EncryptionContextGetSet[] = { }; static PyMethodDef PyXmlSec_EncryptionContextMethods[] = { + { + "reset", + (PyCFunction)PyXmlSec_EncryptionContextReset, + METH_NOARGS, + PyXmlSec_EncryptionContextReset__doc__, + }, { "encrypt_binary", (PyCFunction)PyXmlSec_EncryptionContextEncryptBinary, diff --git a/tests/data/enc3-in.xml b/tests/data/enc3-in.xml new file mode 100644 index 00000000..a2695635 --- /dev/null +++ b/tests/data/enc3-in.xml @@ -0,0 +1,4 @@ + + +test + diff --git a/tests/data/enc3-out.xml b/tests/data/enc3-out.xml new file mode 100644 index 00000000..5289d7e9 --- /dev/null +++ b/tests/data/enc3-out.xml @@ -0,0 +1,20 @@ + + + + + +HJwrfL7kOIB0QaldMJdza1HitpLCjw+eoult1C6yExDXJ09zKaSQER+pUL9Vt5fm +d4Oitsf0CUNkjG1xWJdFsftqUIuvYGnkUNhT0vtqoYbdhJkCcB9cCwvTrww2+VTF +NIasTdechlSD1qQOR8uf6+S94Ae4PVSfWU+5YLTJFpMjR+OT7f6BSbYNv1By6Cko +G39WTSKTRcVDzcMxRepAGb59r508yKIJhwabCf3Opu+Ams7ia7BH4oa4ro9YSWwm +hAJ0CN4a6b5odcRbNvuHcwWSxpoysWKbOROQ0H4xC4nGZeL/AXlpSc8eNuNG+g6D +CTBwsOXCAEJYXPkTrnB3qQ== + + + + + +4m5BRKEswOe8JISY7NrPGLBYv7Ay5pBV+nG6it51gz0= + + + diff --git a/tests/test_enc.py b/tests/test_enc.py index c852642a..726520f3 100644 --- a/tests/test_enc.py +++ b/tests/test_enc.py @@ -87,7 +87,25 @@ def test_decrypt1(self): def test_decrypt2(self): self.check_decrypt(2) - def check_decrypt(self, i, ): + def test_decrypt_key(self): + root = self.load_xml('enc3-out.xml') + enc_key = xmlsec.tree.find_child(root, consts.NodeEncryptedKey, consts.EncNs) + self.assertIsNotNone(enc_key) + + manager = xmlsec.KeysManager() + manager.add_key(xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)) + ctx = xmlsec.EncryptionContext(manager) + keydata = ctx.decrypt(enc_key) + ctx.reset() + root.remove(enc_key) + ctx.key = xmlsec.Key.from_binary_data(consts.KeyDataAes, keydata) + enc_data = xmlsec.tree.find_child(root, consts.NodeEncryptedData, consts.EncNs) + self.assertIsNotNone(enc_data) + decrypted = ctx.decrypt(enc_data) + self.assertIsNotNone(decrypted) + self.assertEqual(self.load_xml("enc3-in.xml"), decrypted) + + def check_decrypt(self, i): root = self.load_xml('enc%d-out.xml' % i) enc_data = xmlsec.tree.find_child(root, consts.NodeEncryptedData, consts.EncNs) self.assertIsNotNone(enc_data) From 74331b11241629721c8d2d7421d66e76d0ef5c46 Mon Sep 17 00:00:00 2001 From: Bulat Gaifullin Date: Fri, 21 Jul 2017 01:21:00 +0100 Subject: [PATCH 4/5] Fix debug trace --- src/exception.c | 31 +++++++++++++++++++++++++++++-- src/exception.h | 2 ++ src/main.c | 2 +- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/src/exception.c b/src/exception.c index 64caac70..6e9dce7b 100644 --- a/src/exception.c +++ b/src/exception.c @@ -16,6 +16,8 @@ #include +#include + // default error class PyObject* PyXmlSec_Error; PyObject* PyXmlSec_InternalError; @@ -23,6 +25,8 @@ PyObject* PyXmlSec_VerificationError; static int PyXmlSec_LastErrorKey = 0; +static int PyXmlSec_PrintErrorMessage = 0; + typedef struct { const xmlChar* file; const xmlChar* func; @@ -83,8 +87,27 @@ static void PyXmlSec_ErrorCallback(const char* file, int line, const char* func, // TODO do not allocate error object each time. PyXmlSec_ErrorHolderFree(PyXmlSec_ExchangeLastError(PyXmlSec_ErrorHolderCreate(file, line, func, object, subject, reason, msg))); - // also call default callback - xmlSecErrorsDefaultCallback(file, line, func, object, subject, reason, msg); + if (PyXmlSec_PrintErrorMessage) { + const char* error_msg = NULL; + xmlSecSize i; + for (i = 0; (i < XMLSEC_ERRORS_MAX_NUMBER) && (xmlSecErrorsGetMsg(i) != NULL); ++i) { + if(xmlSecErrorsGetCode(i) == reason) { + error_msg = xmlSecErrorsGetMsg(i); + break; + } + } + + fprintf(stderr, + "func=%s:file=%s:line=%d:obj=%s:subj=%s:error=%d:%s:%s\n", + (func != NULL) ? func : "unknown", + (file != NULL) ? file : "unknown", + line, + (object != NULL) ? object : "unknown", + (subject != NULL) ? subject : "unknown", + reason, + (error_msg != NULL) ? error_msg : "", + (msg != NULL) ? msg : ""); + } } // pops the last error which was occurred in current thread @@ -133,6 +156,10 @@ void PyXmlSec_ClearError(void) { PyXmlSec_ErrorHolderFree(PyXmlSec_ExchangeLastError(NULL)); } +void PyXmlSecEnableDebugTrace(int v) { + PyXmlSec_PrintErrorMessage = v; +} + // initializes errors module int PyXmlSec_ExceptionsModule_Init(PyObject* package) { PyXmlSec_Error = NULL; diff --git a/src/exception.h b/src/exception.h index a94216c6..9dea5ecb 100644 --- a/src/exception.h +++ b/src/exception.h @@ -22,4 +22,6 @@ void PyXmlSec_SetLastError2(PyObject* type, const char* msg); void PyXmlSec_ClearError(void); +void PyXmlSecEnableDebugTrace(int); + #endif //__PYXMLSEC_EXCEPTIONS_H__ diff --git a/src/main.c b/src/main.c index 1a0d3729..c9121fa9 100644 --- a/src/main.c +++ b/src/main.c @@ -106,7 +106,7 @@ static PyObject* PyXmlSec_PyEnableDebugOutput(PyObject *self, PyObject* args, Py if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|O:enable_debug_trace", kwlist, &enabled)) { return NULL; } - xmlSecErrorsDefaultCallbackEnableOutput(PyObject_IsTrue(enabled)); + PyXmlSecEnableDebugTrace(PyObject_IsTrue(enabled)); Py_RETURN_NONE; } From 55f670b56535d8e037e4fd380e51d7729ca841cb Mon Sep 17 00:00:00 2001 From: Bulat Gaifullin Date: Fri, 21 Jul 2017 16:59:04 +0100 Subject: [PATCH 5/5] Add context dump in debug --- src/debug.h | 2 ++ src/ds.c | 11 +++++++---- src/enc.c | 5 +++++ 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/debug.h b/src/debug.h index 0604a462..3f851bdc 100644 --- a/src/debug.h +++ b/src/debug.h @@ -15,9 +15,11 @@ #include #define PYXMLSEC_DEBUG(fmt) fprintf(stderr, "[%s:%d %s] " fmt "\n", __FILE__, __LINE__, __FUNCTION__) #define PYXMLSEC_DEBUGF(fmt, ...) fprintf(stderr, "[%s:%d %s] " fmt "\n", __FILE__, __LINE__, __FUNCTION__, __VA_ARGS__) +#define PYXMLSEC_DUMP(method, obj) method(obj, stderr) #else #define PYXMLSEC_DEBUG(...) #define PYXMLSEC_DEBUGF(...) +#define PYXMLSEC_DUMP(method, obj) #endif // PYXMLSEC_ENABLE_DEBUG #endif // __PYXMLSEC_DEBUG_H__ diff --git a/src/ds.c b/src/ds.c index 70499543..b6bf4152 100644 --- a/src/ds.c +++ b/src/ds.c @@ -172,9 +172,11 @@ static PyObject* PyXmlSec_SignatureContextSign(PyObject* self, PyObject* args, P goto ON_FAIL; } + xmlSecDSigCtxPtr ctx = ((PyXmlSec_SignatureContext*)self)->handle; int rv; Py_BEGIN_ALLOW_THREADS; - rv = xmlSecDSigCtxSign(((PyXmlSec_SignatureContext*)self)->handle, node->_c_node); + rv = xmlSecDSigCtxSign(ctx, node->_c_node); + PYXMLSEC_DUMP(xmlSecDSigCtxDebugDump, ctx); Py_END_ALLOW_THREADS; if (rv < 0) { PyXmlSec_SetLastError("failed to sign"); @@ -202,17 +204,18 @@ static PyObject* PyXmlSec_SignatureContextVerify(PyObject* self, PyObject* args, goto ON_FAIL; } - xmlSecDSigCtxPtr handle = ((PyXmlSec_SignatureContext*)self)->handle; + xmlSecDSigCtxPtr ctx = ((PyXmlSec_SignatureContext*)self)->handle; int rv; Py_BEGIN_ALLOW_THREADS; - rv = xmlSecDSigCtxVerify(handle, node->_c_node); + rv = xmlSecDSigCtxVerify(ctx, node->_c_node); + PYXMLSEC_DUMP(xmlSecDSigCtxDebugDump, ctx); Py_END_ALLOW_THREADS; if (rv < 0) { PyXmlSec_SetLastError("failed to verify"); goto ON_FAIL; } - if (handle->status != xmlSecDSigStatusSucceeded) { + if (ctx->status != xmlSecDSigStatusSucceeded) { PyErr_SetString(PyXmlSec_VerificationError, "Signature is invalid."); goto ON_FAIL; } diff --git a/src/enc.c b/src/enc.c index 258856db..2362ad69 100644 --- a/src/enc.c +++ b/src/enc.c @@ -113,6 +113,7 @@ static PyObject* PyXmlSec_EncryptionContextReset(PyObject* self, PyObject* args, xmlSecEncCtxPtr ctx = ((PyXmlSec_EncryptionContext*)self)->handle; Py_BEGIN_ALLOW_THREADS; xmlSecEncCtxReset(ctx); + PYXMLSEC_DUMP(xmlSecEncCtxDebugDump, ctx); Py_END_ALLOW_THREADS; PYXMLSEC_DEBUGF("%p: reset context - ok", self); Py_RETURN_NONE; @@ -141,6 +142,7 @@ static PyObject* PyXmlSec_EncryptionContextEncryptBinary(PyObject* self, PyObjec int rv; Py_BEGIN_ALLOW_THREADS; rv = xmlSecEncCtxBinaryEncrypt(ctx, template->_c_node, (const xmlSecByte*)data, (xmlSecSize)data_size); + PYXMLSEC_DUMP(xmlSecEncCtxDebugDump, ctx); Py_END_ALLOW_THREADS; if (rv < 0) { @@ -226,6 +228,7 @@ static PyObject* PyXmlSec_EncryptionContextEncryptXml(PyObject* self, PyObject* xnew_node = NULL; } } + PYXMLSEC_DUMP(xmlSecEncCtxDebugDump, ctx); Py_END_ALLOW_THREADS; PyXmlSec_ClearReplacedNodes(ctx, node->_doc); @@ -268,6 +271,7 @@ static PyObject* PyXmlSec_EncryptionContextEncryptUri(PyObject* self, PyObject* int rv; Py_BEGIN_ALLOW_THREADS; rv = xmlSecEncCtxUriEncrypt(ctx, template->_c_node, (const xmlSecByte*)uri); + PYXMLSEC_DUMP(xmlSecEncCtxDebugDump, ctx); Py_END_ALLOW_THREADS; if (rv < 0) { @@ -329,6 +333,7 @@ static PyObject* PyXmlSec_EncryptionContextDecrypt(PyObject* self, PyObject* arg ctx->mode = xmlSecCheckNodeName(node->_c_node, xmlSecNodeEncryptedKey, xmlSecEncNs) ? xmlEncCtxModeEncryptedKey : xmlEncCtxModeEncryptedData; PYXMLSEC_DEBUGF("mode: %d", ctx->mode); rv = xmlSecEncCtxDecrypt(ctx, node->_c_node); + PYXMLSEC_DUMP(xmlSecEncCtxDebugDump, ctx); Py_END_ALLOW_THREADS; PyXmlSec_ClearReplacedNodes(ctx, node->_doc);