pk-crypto: Work around Libgcrypt bug <https://bugs.g10code.com/gnupg/issue1594>.

* guix/pk-crypto.scm (canonical-sexp-fold): Call 'nth-data' before 'nth' to work around <https://bugs.g10code.com/gnupg/issue1594>. * tests/pk-crypto.scm ("https://bugs.g10code.com/gnupg/issue1594"): New test.
2013-12-30 22:19:19 +01:00 · 2013-12-30 22:19:19 +01:00 · 36341854df
parent c909dab269
commit 36341854df
2 changed files with 17 additions and 2 deletions
--- a/guix/pk-crypto.scm
+++ b/guix/pk-crypto.scm
@ -298,8 +298,11 @@ return #f if not found."
          (if (= index len)
              result
              (loop (+ 1 index)
-                    (proc (or (canonical-sexp-nth sexp index)
-                              (canonical-sexp-nth-data sexp index))
+                    ;; XXX: Call 'nth-data' *before* 'nth' to work around
+                    ;; <https://bugs.g10code.com/gnupg/issue1594>, which
+                    ;; affects 1.6.0 and earlier versions.
+                    (proc (or (canonical-sexp-nth-data sexp index)
+                              (canonical-sexp-nth sexp index))
                          result)))))
      (error "sexp is not a list" sexp)))

--- a/tests/pk-crypto.scm
+++ b/tests/pk-crypto.scm
@ -209,6 +209,18 @@
    (map (compose canonical-sexp->sexp sexp->canonical-sexp)
         lst)))

+(let ((sexp `(signature
+              (public-key
+               (rsa
+                (n ,(make-bytevector 1024 1))
+                (e ,(base16-string->bytevector "010001")))))))
+  (test-equal "https://bugs.g10code.com/gnupg/issue1594"
+    ;; The gcrypt bug above was primarily affecting our uses in
+    ;; 'canonical-sexp->sexp', typically when applied to a signature sexp (in
+    ;; 'guix authenticate -verify') with a "big" RSA key, such as 4096 bits.
+    sexp
+    (canonical-sexp->sexp (sexp->canonical-sexp sexp))))
+
 (test-end)