pk-crypto: Work around Libgcrypt bug <https://bugs.g10code.com/gnupg/issue1594>.

* guix/pk-crypto.scm (canonical-sexp-fold): Call 'nth-data' before
  'nth' to work around <https://bugs.g10code.com/gnupg/issue1594>.
* tests/pk-crypto.scm ("https://bugs.g10code.com/gnupg/issue1594"): New
  test.
This commit is contained in:
Ludovic Courtès 2013-12-30 22:19:19 +01:00
parent c909dab269
commit 36341854df
2 changed files with 17 additions and 2 deletions

View File

@ -298,8 +298,11 @@ return #f if not found."
(if (= index len)
result
(loop (+ 1 index)
(proc (or (canonical-sexp-nth sexp index)
(canonical-sexp-nth-data sexp index))
;; XXX: Call 'nth-data' *before* 'nth' to work around
;; <https://bugs.g10code.com/gnupg/issue1594>, which
;; affects 1.6.0 and earlier versions.
(proc (or (canonical-sexp-nth-data sexp index)
(canonical-sexp-nth sexp index))
result)))))
(error "sexp is not a list" sexp)))

View File

@ -209,6 +209,18 @@
(map (compose canonical-sexp->sexp sexp->canonical-sexp)
lst)))
(let ((sexp `(signature
(public-key
(rsa
(n ,(make-bytevector 1024 1))
(e ,(base16-string->bytevector "010001")))))))
(test-equal "https://bugs.g10code.com/gnupg/issue1594"
;; The gcrypt bug above was primarily affecting our uses in
;; 'canonical-sexp->sexp', typically when applied to a signature sexp (in
;; 'guix authenticate -verify') with a "big" RSA key, such as 4096 bits.
sexp
(canonical-sexp->sexp (sexp->canonical-sexp sexp))))
(test-end)