~ruther/guix-local: pk-crypto: Work around Libgcrypt bug <https://bugs.g10code.com/gnupg/issue1594>.

36341854dfedc3d173d09e686ffc3e255c102b01 — Ludovic Courtès 12 years ago c909dab

pk-crypto: Work around Libgcrypt bug <https://bugs.g10code.com/gnupg/issue1594>.

* guix/pk-crypto.scm (canonical-sexp-fold): Call 'nth-data' before
  'nth' to work around <https://bugs.g10code.com/gnupg/issue1594>.
* tests/pk-crypto.scm ("https://bugs.g10code.com/gnupg/issue1594"): New
  test.

patch browse .tar.gz

2 files changed, 17 insertions(+), 2 deletions(-)

M guix/pk-crypto.scm
M tests/pk-crypto.scm

M guix/pk-crypto.scm => guix/pk-crypto.scm +5 -2

@@ 298,8 298,11 @@ return #f if not found."
           (if (= index len)
               result
               (loop (+ 1 index)
-                    (proc (or (canonical-sexp-nth sexp index)
-                              (canonical-sexp-nth-data sexp index))
+                    ;; XXX: Call 'nth-data' *before* 'nth' to work around
+                    ;; <https://bugs.g10code.com/gnupg/issue1594>, which
+                    ;; affects 1.6.0 and earlier versions.
+                    (proc (or (canonical-sexp-nth-data sexp index)
+                              (canonical-sexp-nth sexp index))
                           result)))))
       (error "sexp is not a list" sexp)))

M tests/pk-crypto.scm => tests/pk-crypto.scm +12 -0

@@ 209,6 209,18 @@
     (map (compose canonical-sexp->sexp sexp->canonical-sexp)
          lst)))
 
+(let ((sexp `(signature
+              (public-key
+               (rsa
+                (n ,(make-bytevector 1024 1))
+                (e ,(base16-string->bytevector "010001")))))))
+  (test-equal "https://bugs.g10code.com/gnupg/issue1594"
+    ;; The gcrypt bug above was primarily affecting our uses in
+    ;; 'canonical-sexp->sexp', typically when applied to a signature sexp (in
+    ;; 'guix authenticate -verify') with a "big" RSA key, such as 4096 bits.
+    sexp
+    (canonical-sexp->sexp (sexp->canonical-sexp sexp))))
+
 (test-end)