diff options
author | Bart de Water <496367+bdewater@users.noreply.github.com> | 2020-06-28 14:39:26 -0400 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2020-07-31 21:07:19 +0900 |
commit | 8161cf85ba4f9091176536bcac9107879e4293a1 (patch) | |
tree | d737649bae49f26bff646e2868608e2aa91ef2bb /lib | |
parent | e7b6e0ff5823c422cd3e508d2b7104a91a2e36f6 (diff) |
Stop using deprecated OpenSSL::Digest constants
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/3379
Diffstat (limited to 'lib')
-rw-r--r-- | lib/rubygems/package.rb | 7 | ||||
-rw-r--r-- | lib/rubygems/package/tar_writer.rb | 5 | ||||
-rw-r--r-- | lib/rubygems/security.rb | 41 | ||||
-rw-r--r-- | lib/rubygems/security/policy.rb | 4 | ||||
-rw-r--r-- | lib/rubygems/security/signer.rb | 2 | ||||
-rw-r--r-- | lib/rubygems/security/trust_dir.rb | 2 |
6 files changed, 30 insertions, 31 deletions
diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb index 426d33cdcf..53ae696e97 100644 --- a/lib/rubygems/package.rb +++ b/lib/rubygems/package.rb @@ -358,12 +358,7 @@ EOM end algorithms.each do |algorithm| - digester = - if defined?(OpenSSL::Digest) - OpenSSL::Digest.new algorithm - else - Digest.const_get(algorithm).new - end + digester = Gem::Security.create_digest(algorithm) digester << entry.read(16384) until entry.eof? diff --git a/lib/rubygems/package/tar_writer.rb b/lib/rubygems/package/tar_writer.rb index 87c7dc6076..3abfb0ca2c 100644 --- a/lib/rubygems/package/tar_writer.rb +++ b/lib/rubygems/package/tar_writer.rb @@ -140,8 +140,7 @@ class Gem::Package::TarWriter if digest.respond_to? :name digest.name else - /::([^:]+)$/ =~ digest_algorithm.name - $1 + digest_algorithm.class.name[/::([^:]+)\z/, 1] end [digest_name, digest] @@ -169,7 +168,7 @@ class Gem::Package::TarWriter def add_file_signed(name, mode, signer) digest_algorithms = [ signer.digest_algorithm, - Digest::SHA512, + Digest::SHA512.new, ].compact.uniq digests = add_file_digest name, mode, digest_algorithms do |io| diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb index 8c86896fef..64fb4c0f83 100644 --- a/lib/rubygems/security.rb +++ b/lib/rubygems/security.rb @@ -339,26 +339,15 @@ module Gem::Security class Exception < Gem::Exception; end ## - # Digest algorithm used to sign gems - - DIGEST_ALGORITHM = - if defined?(OpenSSL::Digest::SHA256) - OpenSSL::Digest::SHA256 - elsif defined?(OpenSSL::Digest::SHA1) - OpenSSL::Digest::SHA1 - else - require 'digest' - Digest::SHA512 - end - - ## # Used internally to select the signing digest from all computed digests DIGEST_NAME = # :nodoc: - if DIGEST_ALGORITHM.method_defined? :name - DIGEST_ALGORITHM.new.name + if defined?(OpenSSL::Digest::SHA256) + 'SHA256' + elsif defined?(OpenSSL::Digest::SHA1) + 'SHA1' else - DIGEST_ALGORITHM.name[/::([^:]+)\z/, 1] + 'SHA512' end ## @@ -468,6 +457,22 @@ module Gem::Security end ## + # Creates a new digest instance using the specified +algorithm+. The default + # is SHA256. + + if defined?(OpenSSL::Digest) + def self.create_digest(algorithm = DIGEST_NAME) + OpenSSL::Digest.new(algorithm) + end + else + require 'digest' + + def self.create_digest(algorithm = DIGEST_NAME) + Digest.const_get(algorithm).new + end + end + + ## # Creates a new key pair of the specified +length+ and +algorithm+. The # default is a 3072 bit RSA key. @@ -528,7 +533,7 @@ module Gem::Security ## # Sign the public key from +certificate+ with the +signing_key+ and - # +signing_cert+, using the Gem::Security::DIGEST_ALGORITHM. Uses the + # +signing_cert+, using the Gem::Security::DIGEST_NAME. Uses the # default certificate validity range and extensions. # # Returns the newly signed certificate. @@ -555,7 +560,7 @@ module Gem::Security signed = create_cert signee_subject, signee_key, age, extensions, serial signed.issuer = signing_cert.subject - signed.sign signing_key, Gem::Security::DIGEST_ALGORITHM.new + signed.sign signing_key, Gem::Security::DIGEST_NAME end ## diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb index 0783fe326f..db457f1ff9 100644 --- a/lib/rubygems/security/policy.rb +++ b/lib/rubygems/security/policy.rb @@ -75,7 +75,7 @@ class Gem::Security::Policy def check_data(public_key, digest, signature, data) raise Gem::Security::Exception, "invalid signature" unless - public_key.verify digest.new, signature, data.digest + public_key.verify digest, signature, data.digest true end @@ -223,7 +223,7 @@ class Gem::Security::Policy end opt = @opt - digester = Gem::Security::DIGEST_ALGORITHM + digester = Gem::Security.create_digest trust_dir = opt[:trust_dir] time = Time.now diff --git a/lib/rubygems/security/signer.rb b/lib/rubygems/security/signer.rb index d1da3f2766..89200f9e38 100644 --- a/lib/rubygems/security/signer.rb +++ b/lib/rubygems/security/signer.rb @@ -80,8 +80,8 @@ class Gem::Security::Signer @cert_chain = [default_cert] if File.exist? default_cert end - @digest_algorithm = Gem::Security::DIGEST_ALGORITHM @digest_name = Gem::Security::DIGEST_NAME + @digest_algorithm = Gem::Security.create_digest(@digest_name) if @key && !@key.is_a?(OpenSSL::PKey::RSA) @key = OpenSSL::PKey::RSA.new(File.read(@key), @passphrase) diff --git a/lib/rubygems/security/trust_dir.rb b/lib/rubygems/security/trust_dir.rb index 9016b0c92e..1d93ceabd1 100644 --- a/lib/rubygems/security/trust_dir.rb +++ b/lib/rubygems/security/trust_dir.rb @@ -25,7 +25,7 @@ class Gem::Security::TrustDir @dir = dir @permissions = permissions - @digester = Gem::Security::DIGEST_ALGORITHM + @digester = Gem::Security.create_digest end ## |