summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2013-12-30 22:19:19 +0100
committerLudovic Courtès <ludo@gnu.org>2013-12-30 22:19:19 +0100
commit36341854dfedc3d173d09e686ffc3e255c102b01 (patch)
tree28a4e2c8c0501e7e5fae33e2d8f65093b6d793db
parentc909dab2697d90a82c388e5efa8dab0001d09938 (diff)
downloadguix-36341854dfedc3d173d09e686ffc3e255c102b01.tar.gz
pk-crypto: Work around Libgcrypt bug <https://bugs.g10code.com/gnupg/issue1594>.
* guix/pk-crypto.scm (canonical-sexp-fold): Call 'nth-data' before
  'nth' to work around <https://bugs.g10code.com/gnupg/issue1594>.
* tests/pk-crypto.scm ("https://bugs.g10code.com/gnupg/issue1594"): New
  test.
-rw-r--r--guix/pk-crypto.scm7
-rw-r--r--tests/pk-crypto.scm12
2 files changed, 17 insertions, 2 deletions
diff --git a/guix/pk-crypto.scm b/guix/pk-crypto.scm
index 0e7affcce8..cf18faea04 100644
--- a/guix/pk-crypto.scm
+++ b/guix/pk-crypto.scm
@@ -298,8 +298,11 @@ return #f if not found."
           (if (= index len)
               result
               (loop (+ 1 index)
-                    (proc (or (canonical-sexp-nth sexp index)
-                              (canonical-sexp-nth-data sexp index))
+                    ;; XXX: Call 'nth-data' *before* 'nth' to work around
+                    ;; <https://bugs.g10code.com/gnupg/issue1594>, which
+                    ;; affects 1.6.0 and earlier versions.
+                    (proc (or (canonical-sexp-nth-data sexp index)
+                              (canonical-sexp-nth sexp index))
                           result)))))
       (error "sexp is not a list" sexp)))
 
diff --git a/tests/pk-crypto.scm b/tests/pk-crypto.scm
index a894a60531..de775d2e19 100644
--- a/tests/pk-crypto.scm
+++ b/tests/pk-crypto.scm
@@ -209,6 +209,18 @@
     (map (compose canonical-sexp->sexp sexp->canonical-sexp)
          lst)))
 
+(let ((sexp `(signature
+              (public-key
+               (rsa
+                (n ,(make-bytevector 1024 1))
+                (e ,(base16-string->bytevector "010001")))))))
+  (test-equal "https://bugs.g10code.com/gnupg/issue1594"
+    ;; The gcrypt bug above was primarily affecting our uses in
+    ;; 'canonical-sexp->sexp', typically when applied to a signature sexp (in
+    ;; 'guix authenticate -verify') with a "big" RSA key, such as 4096 bits.
+    sexp
+    (canonical-sexp->sexp (sexp->canonical-sexp sexp))))
+
 (test-end)