1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

Stop using deprecated OpenSSL::Digest constants

This commit is contained in:
Bart de Water 2020-06-28 14:39:26 -04:00 committed by Hiroshi SHIBATA
parent e7b6e0ff58
commit 8161cf85ba
Notes: git 2020-07-31 21:08:28 +09:00
10 changed files with 40 additions and 43 deletions

View file

@ -358,12 +358,7 @@ EOM
end
algorithms.each do |algorithm|
digester =
if defined?(OpenSSL::Digest)
OpenSSL::Digest.new algorithm
else
Digest.const_get(algorithm).new
end
digester = Gem::Security.create_digest(algorithm)
digester << entry.read(16384) until entry.eof?

View file

@ -140,8 +140,7 @@ class Gem::Package::TarWriter
if digest.respond_to? :name
digest.name
else
/::([^:]+)$/ =~ digest_algorithm.name
$1
digest_algorithm.class.name[/::([^:]+)\z/, 1]
end
[digest_name, digest]
@ -169,7 +168,7 @@ class Gem::Package::TarWriter
def add_file_signed(name, mode, signer)
digest_algorithms = [
signer.digest_algorithm,
Digest::SHA512,
Digest::SHA512.new,
].compact.uniq
digests = add_file_digest name, mode, digest_algorithms do |io|

View file

@ -338,27 +338,16 @@ module Gem::Security
class Exception < Gem::Exception; end
##
# Digest algorithm used to sign gems
DIGEST_ALGORITHM =
if defined?(OpenSSL::Digest::SHA256)
OpenSSL::Digest::SHA256
elsif defined?(OpenSSL::Digest::SHA1)
OpenSSL::Digest::SHA1
else
require 'digest'
Digest::SHA512
end
##
# Used internally to select the signing digest from all computed digests
DIGEST_NAME = # :nodoc:
if DIGEST_ALGORITHM.method_defined? :name
DIGEST_ALGORITHM.new.name
if defined?(OpenSSL::Digest::SHA256)
'SHA256'
elsif defined?(OpenSSL::Digest::SHA1)
'SHA1'
else
DIGEST_ALGORITHM.name[/::([^:]+)\z/, 1]
'SHA512'
end
##
@ -467,6 +456,22 @@ module Gem::Security
sign certificate, key, certificate, age, extensions, serial
end
##
# Creates a new digest instance using the specified +algorithm+. The default
# is SHA256.
if defined?(OpenSSL::Digest)
def self.create_digest(algorithm = DIGEST_NAME)
OpenSSL::Digest.new(algorithm)
end
else
require 'digest'
def self.create_digest(algorithm = DIGEST_NAME)
Digest.const_get(algorithm).new
end
end
##
# Creates a new key pair of the specified +length+ and +algorithm+. The
# default is a 3072 bit RSA key.
@ -528,7 +533,7 @@ module Gem::Security
##
# Sign the public key from +certificate+ with the +signing_key+ and
# +signing_cert+, using the Gem::Security::DIGEST_ALGORITHM. Uses the
# +signing_cert+, using the Gem::Security::DIGEST_NAME. Uses the
# default certificate validity range and extensions.
#
# Returns the newly signed certificate.
@ -555,7 +560,7 @@ module Gem::Security
signed = create_cert signee_subject, signee_key, age, extensions, serial
signed.issuer = signing_cert.subject
signed.sign signing_key, Gem::Security::DIGEST_ALGORITHM.new
signed.sign signing_key, Gem::Security::DIGEST_NAME
end
##

View file

@ -75,7 +75,7 @@ class Gem::Security::Policy
def check_data(public_key, digest, signature, data)
raise Gem::Security::Exception, "invalid signature" unless
public_key.verify digest.new, signature, data.digest
public_key.verify digest, signature, data.digest
true
end
@ -223,7 +223,7 @@ class Gem::Security::Policy
end
opt = @opt
digester = Gem::Security::DIGEST_ALGORITHM
digester = Gem::Security.create_digest
trust_dir = opt[:trust_dir]
time = Time.now

View file

@ -80,8 +80,8 @@ class Gem::Security::Signer
@cert_chain = [default_cert] if File.exist? default_cert
end
@digest_algorithm = Gem::Security::DIGEST_ALGORITHM
@digest_name = Gem::Security::DIGEST_NAME
@digest_algorithm = Gem::Security.create_digest(@digest_name)
if @key && !@key.is_a?(OpenSSL::PKey::RSA)
@key = OpenSSL::PKey::RSA.new(File.read(@key), @passphrase)

View file

@ -25,7 +25,7 @@ class Gem::Security::TrustDir
@dir = dir
@permissions = permissions
@digester = Gem::Security::DIGEST_ALGORITHM
@digester = Gem::Security.create_digest
end
##

View file

@ -1018,7 +1018,7 @@ class TestGemPackage < Gem::Package::TarTestCase
bogus_data = Gem::Util.gzip 'hello'
fake_signer = Class.new do
def digest_name; 'SHA512'; end
def digest_algorithm; Digest(:SHA512); end
def digest_algorithm; Digest(:SHA512).new; end
def key; 'key'; end
def sign(*); 'fake_sig'; end
end

View file

@ -71,7 +71,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
end
def test_add_file_digest
digest_algorithms = Digest::SHA1, Digest::SHA512
digest_algorithms = Digest::SHA1.new, Digest::SHA512.new
Time.stub :now, Time.at(1458518157) do
digests = @tar_writer.add_file_digest 'x', 0644, digest_algorithms do |io|
@ -94,7 +94,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
end
def test_add_file_digest_multiple
digest_algorithms = [Digest::SHA1, Digest::SHA512]
digest_algorithms = [Digest::SHA1.new, Digest::SHA512.new]
Time.stub :now, Time.at(1458518157) do
digests = @tar_writer.add_file_digest 'x', 0644, digest_algorithms do |io|

View file

@ -32,7 +32,7 @@ class TestGemSecurityPolicy < Gem::TestCase
s.files = %w[lib/code.rb]
end
@digest = Gem::Security::DIGEST_ALGORITHM
@digest = OpenSSL::Digest.new Gem::Security::DIGEST_NAME
@trust_dir = Gem::Security.trust_dir.dir # HACK use the object
@no = Gem::Security::NoSecurity
@ -395,13 +395,11 @@ class TestGemSecurityPolicy < Gem::TestCase
def test_verify_wrong_digest_type
Gem::Security.trust_dir.trust_cert PUBLIC_CERT
sha512 = OpenSSL::Digest::SHA512
data = sha512.new
data = OpenSSL::Digest.new('SHA512')
data << 'hello'
digests = { 'SHA512' => { 0 => data } }
signature = PRIVATE_KEY.sign sha512.new, data.digest
signature = PRIVATE_KEY.sign 'sha512', data.digest
signatures = { 0 => signature }
e = assert_raises Gem::Security::Exception do
@ -480,7 +478,7 @@ class TestGemSecurityPolicy < Gem::TestCase
def s.full_name() 'metadata.gz' end
digests = package.digest s
digests[Gem::Security::DIGEST_NAME]['data.tar.gz'] = @digest.new 'hello'
digests[Gem::Security::DIGEST_NAME]['data.tar.gz'] = @digest.hexdigest 'hello'
metadata_gz_digest = digests[Gem::Security::DIGEST_NAME]['metadata.gz']
@ -509,7 +507,7 @@ class TestGemSecurityPolicy < Gem::TestCase
def s.full_name() 'metadata.gz' end
digests = package.digest s
digests[Gem::Security::DIGEST_NAME]['data.tar.gz'] = @digest.new 'hello'
digests[Gem::Security::DIGEST_NAME]['data.tar.gz'] = @digest.hexdigest 'hello'
assert_raises Gem::Security::Exception do
@high.verify_signatures @spec, digests, {}

View file

@ -17,7 +17,7 @@ class TestGemSecurityTrustDir < Gem::TestCase
end
def test_cert_path
digest = Gem::Security::DIGEST_ALGORITHM.hexdigest PUBLIC_CERT.subject.to_s
digest = OpenSSL::Digest.hexdigest Gem::Security::DIGEST_NAME, PUBLIC_CERT.subject.to_s
expected = File.join @dest_dir, "cert-#{digest}.pem"
@ -41,7 +41,7 @@ class TestGemSecurityTrustDir < Gem::TestCase
end
def test_name_path
digest = Gem::Security::DIGEST_ALGORITHM.hexdigest PUBLIC_CERT.subject.to_s
digest = OpenSSL::Digest.hexdigest Gem::Security::DIGEST_NAME, PUBLIC_CERT.subject.to_s
expected = File.join @dest_dir, "cert-#{digest}.pem"