diff options
| -rw-r--r-- | guix/pk-crypto.scm | 7 | ||||
| -rw-r--r-- | tests/pk-crypto.scm | 12 |
2 files changed, 17 insertions, 2 deletions
diff --git a/guix/pk-crypto.scm b/guix/pk-crypto.scm index 0e7affcce8..cf18faea04 100644 --- a/guix/pk-crypto.scm +++ b/guix/pk-crypto.scm @@ -298,8 +298,11 @@ return #f if not found." (if (= index len) result (loop (+ 1 index) - (proc (or (canonical-sexp-nth sexp index) - (canonical-sexp-nth-data sexp index)) + ;; XXX: Call 'nth-data' *before* 'nth' to work around + ;; <https://bugs.g10code.com/gnupg/issue1594>, which + ;; affects 1.6.0 and earlier versions. + (proc (or (canonical-sexp-nth-data sexp index) + (canonical-sexp-nth sexp index)) result))))) (error "sexp is not a list" sexp))) diff --git a/tests/pk-crypto.scm b/tests/pk-crypto.scm index a894a60531..de775d2e19 100644 --- a/tests/pk-crypto.scm +++ b/tests/pk-crypto.scm @@ -209,6 +209,18 @@ (map (compose canonical-sexp->sexp sexp->canonical-sexp) lst))) +(let ((sexp `(signature + (public-key + (rsa + (n ,(make-bytevector 1024 1)) + (e ,(base16-string->bytevector "010001"))))))) + (test-equal "https://bugs.g10code.com/gnupg/issue1594" + ;; The gcrypt bug above was primarily affecting our uses in + ;; 'canonical-sexp->sexp', typically when applied to a signature sexp (in + ;; 'guix authenticate -verify') with a "big" RSA key, such as 4096 bits. + sexp + (canonical-sexp->sexp (sexp->canonical-sexp sexp)))) + (test-end) |