pk-crypto: Work around Libgcrypt bug <https://bugs.g10code.com/gnupg/issue1594>.
* guix/pk-crypto.scm (canonical-sexp-fold): Call 'nth-data' before 'nth' to work around <https://bugs.g10code.com/gnupg/issue1594>. * tests/pk-crypto.scm ("https://bugs.g10code.com/gnupg/issue1594"): New test.
This commit is contained in:
parent
c909dab269
commit
36341854df
|
@ -298,8 +298,11 @@ return #f if not found."
|
||||||
(if (= index len)
|
(if (= index len)
|
||||||
result
|
result
|
||||||
(loop (+ 1 index)
|
(loop (+ 1 index)
|
||||||
(proc (or (canonical-sexp-nth sexp index)
|
;; XXX: Call 'nth-data' *before* 'nth' to work around
|
||||||
(canonical-sexp-nth-data sexp index))
|
;; <https://bugs.g10code.com/gnupg/issue1594>, which
|
||||||
|
;; affects 1.6.0 and earlier versions.
|
||||||
|
(proc (or (canonical-sexp-nth-data sexp index)
|
||||||
|
(canonical-sexp-nth sexp index))
|
||||||
result)))))
|
result)))))
|
||||||
(error "sexp is not a list" sexp)))
|
(error "sexp is not a list" sexp)))
|
||||||
|
|
||||||
|
|
|
@ -209,6 +209,18 @@
|
||||||
(map (compose canonical-sexp->sexp sexp->canonical-sexp)
|
(map (compose canonical-sexp->sexp sexp->canonical-sexp)
|
||||||
lst)))
|
lst)))
|
||||||
|
|
||||||
|
(let ((sexp `(signature
|
||||||
|
(public-key
|
||||||
|
(rsa
|
||||||
|
(n ,(make-bytevector 1024 1))
|
||||||
|
(e ,(base16-string->bytevector "010001")))))))
|
||||||
|
(test-equal "https://bugs.g10code.com/gnupg/issue1594"
|
||||||
|
;; The gcrypt bug above was primarily affecting our uses in
|
||||||
|
;; 'canonical-sexp->sexp', typically when applied to a signature sexp (in
|
||||||
|
;; 'guix authenticate -verify') with a "big" RSA key, such as 4096 bits.
|
||||||
|
sexp
|
||||||
|
(canonical-sexp->sexp (sexp->canonical-sexp sexp))))
|
||||||
|
|
||||||
(test-end)
|
(test-end)
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue