Stop using deprecated OpenSSL::Digest constants

author: Bart de Water <496367+bdewater@users.noreply.github.com> 2020-06-28 14:39:26 -0400
committer: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2020-07-31 21:07:19 +0900
commit: 8161cf85ba4f9091176536bcac9107879e4293a1 (patch)
tree: d737649bae49f26bff646e2868608e2aa91ef2bb /lib
parent: e7b6e0ff5823c422cd3e508d2b7104a91a2e36f6 (diff)
6 files changed, 30 insertions, 31 deletions
diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb
index 426d33cdcf..53ae696e97 100644
--- a/lib/rubygems/package.rb
+++ b/lib/rubygems/package.rb
@@ -358,12 +358,7 @@ EOM
                  end
 
     algorithms.each do |algorithm|
-      digester =
-        if defined?(OpenSSL::Digest)
-          OpenSSL::Digest.new algorithm
-        else
-          Digest.const_get(algorithm).new
-        end
+      digester = Gem::Security.create_digest(algorithm)
 
       digester << entry.read(16384) until entry.eof?
 
diff --git a/lib/rubygems/package/tar_writer.rb b/lib/rubygems/package/tar_writer.rb
index 87c7dc6076..3abfb0ca2c 100644
--- a/lib/rubygems/package/tar_writer.rb
+++ b/lib/rubygems/package/tar_writer.rb
@@ -140,8 +140,7 @@ class Gem::Package::TarWriter
         if digest.respond_to? :name
           digest.name
         else
-          /::([^:]+)$/ =~ digest_algorithm.name
-          $1
+          digest_algorithm.class.name[/::([^:]+)\z/, 1]
         end
 
       [digest_name, digest]
@@ -169,7 +168,7 @@ class Gem::Package::TarWriter
   def add_file_signed(name, mode, signer)
     digest_algorithms = [
       signer.digest_algorithm,
-      Digest::SHA512,
+      Digest::SHA512.new,
     ].compact.uniq
 
     digests = add_file_digest name, mode, digest_algorithms do |io|
diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb
index 8c86896fef..64fb4c0f83 100644
--- a/lib/rubygems/security.rb
+++ b/lib/rubygems/security.rb
@@ -339,26 +339,15 @@ module Gem::Security
   class Exception < Gem::Exception; end
 
   ##
-  # Digest algorithm used to sign gems
-
-  DIGEST_ALGORITHM =
-    if defined?(OpenSSL::Digest::SHA256)
-      OpenSSL::Digest::SHA256
-    elsif defined?(OpenSSL::Digest::SHA1)
-      OpenSSL::Digest::SHA1
-    else
-      require 'digest'
-      Digest::SHA512
-    end
-
-  ##
   # Used internally to select the signing digest from all computed digests
 
   DIGEST_NAME = # :nodoc:
-    if DIGEST_ALGORITHM.method_defined? :name
-      DIGEST_ALGORITHM.new.name
+    if defined?(OpenSSL::Digest::SHA256)
+      'SHA256'
+    elsif defined?(OpenSSL::Digest::SHA1)
+      'SHA1'
     else
-      DIGEST_ALGORITHM.name[/::([^:]+)\z/, 1]
+      'SHA512'
     end
 
   ##
@@ -468,6 +457,22 @@ module Gem::Security
   end
 
   ##
+  # Creates a new digest instance using the specified +algorithm+. The default
+  # is SHA256.
+
+  if defined?(OpenSSL::Digest)
+    def self.create_digest(algorithm = DIGEST_NAME)
+      OpenSSL::Digest.new(algorithm)
+    end
+  else
+    require 'digest'
+
+    def self.create_digest(algorithm = DIGEST_NAME)
+      Digest.const_get(algorithm).new
+    end
+  end
+
+  ##
   # Creates a new key pair of the specified +length+ and +algorithm+.  The
   # default is a 3072 bit RSA key.
 
@@ -528,7 +533,7 @@ module Gem::Security
 
   ##
   # Sign the public key from +certificate+ with the +signing_key+ and
-  # +signing_cert+, using the Gem::Security::DIGEST_ALGORITHM.  Uses the
+  # +signing_cert+, using the Gem::Security::DIGEST_NAME.  Uses the
   # default certificate validity range and extensions.
   #
   # Returns the newly signed certificate.
@@ -555,7 +560,7 @@ module Gem::Security
     signed = create_cert signee_subject, signee_key, age, extensions, serial
     signed.issuer = signing_cert.subject
 
-    signed.sign signing_key, Gem::Security::DIGEST_ALGORITHM.new
+    signed.sign signing_key, Gem::Security::DIGEST_NAME
   end
 
   ##
diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb
index 0783fe326f..db457f1ff9 100644
--- a/lib/rubygems/security/policy.rb
+++ b/lib/rubygems/security/policy.rb
@@ -75,7 +75,7 @@ class Gem::Security::Policy
 
   def check_data(public_key, digest, signature, data)
     raise Gem::Security::Exception, "invalid signature" unless
-      public_key.verify digest.new, signature, data.digest
+      public_key.verify digest, signature, data.digest
 
     true
   end
@@ -223,7 +223,7 @@ class Gem::Security::Policy
     end
 
     opt       = @opt
-    digester  = Gem::Security::DIGEST_ALGORITHM
+    digester  = Gem::Security.create_digest
     trust_dir = opt[:trust_dir]
     time      = Time.now
 
diff --git a/lib/rubygems/security/signer.rb b/lib/rubygems/security/signer.rb
index d1da3f2766..89200f9e38 100644
--- a/lib/rubygems/security/signer.rb
+++ b/lib/rubygems/security/signer.rb
@@ -80,8 +80,8 @@ class Gem::Security::Signer
       @cert_chain = [default_cert] if File.exist? default_cert
     end
 
-    @digest_algorithm = Gem::Security::DIGEST_ALGORITHM
     @digest_name      = Gem::Security::DIGEST_NAME
+    @digest_algorithm = Gem::Security.create_digest(@digest_name)
 
     if @key && !@key.is_a?(OpenSSL::PKey::RSA)
       @key = OpenSSL::PKey::RSA.new(File.read(@key), @passphrase)
diff --git a/lib/rubygems/security/trust_dir.rb b/lib/rubygems/security/trust_dir.rb
index 9016b0c92e..1d93ceabd1 100644
--- a/lib/rubygems/security/trust_dir.rb
+++ b/lib/rubygems/security/trust_dir.rb
@@ -25,7 +25,7 @@ class Gem::Security::TrustDir
     @dir = dir
     @permissions = permissions
 
-    @digester = Gem::Security::DIGEST_ALGORITHM
+    @digester = Gem::Security.create_digest
   end
 
   ##
author	Bart de Water <496367+bdewater@users.noreply.github.com>	2020-06-28 14:39:26 -0400
committer	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2020-07-31 21:07:19 +0900
commit	8161cf85ba4f9091176536bcac9107879e4293a1 (patch)
tree	d737649bae49f26bff646e2868608e2aa91ef2bb /lib
parent	e7b6e0ff5823c422cd3e508d2b7104a91a2e36f6 (diff)