ruby-changes:62441
From: Bart <ko1@a...>
Date: Fri, 31 Jul 2020 21:08:02 +0900 (JST)
Subject: [ruby-changes:62441] 8161cf85ba (master): Stop using deprecated OpenSSL::Digest constants
https://git.ruby-lang.org/ruby.git/commit/?id=8161cf85ba From 8161cf85ba4f9091176536bcac9107879e4293a1 Mon Sep 17 00:00:00 2001 From: Bart de Water <496367+bdewater@u...> Date: Sun, 28 Jun 2020 14:39:26 -0400 Subject: Stop using deprecated OpenSSL::Digest constants diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb index 426d33c..53ae696 100644 --- a/lib/rubygems/package.rb +++ b/lib/rubygems/package.rb @@ -358,12 +358,7 @@ EOM https://github.com/ruby/ruby/blob/trunk/lib/rubygems/package.rb#L358 end algorithms.each do |algorithm| - digester = - if defined?(OpenSSL::Digest) - OpenSSL::Digest.new algorithm - else - Digest.const_get(algorithm).new - end + digester = Gem::Security.create_digest(algorithm) digester << entry.read(16384) until entry.eof? diff --git a/lib/rubygems/package/tar_writer.rb b/lib/rubygems/package/tar_writer.rb index 87c7dc6..3abfb0c 100644 --- a/lib/rubygems/package/tar_writer.rb +++ b/lib/rubygems/package/tar_writer.rb @@ -140,8 +140,7 @@ class Gem::Package::TarWriter https://github.com/ruby/ruby/blob/trunk/lib/rubygems/package/tar_writer.rb#L140 if digest.respond_to? :name digest.name else - /::([^:]+)$/ =~ digest_algorithm.name - $1 + digest_algorithm.class.name[/::([^:]+)\z/, 1] end [digest_name, digest] @@ -169,7 +168,7 @@ class Gem::Package::TarWriter https://github.com/ruby/ruby/blob/trunk/lib/rubygems/package/tar_writer.rb#L168 def add_file_signed(name, mode, signer) digest_algorithms = [ signer.digest_algorithm, - Digest::SHA512, + Digest::SHA512.new, ].compact.uniq digests = add_file_digest name, mode, digest_algorithms do |io| diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb index 8c86896..64fb4c0 100644 --- a/lib/rubygems/security.rb +++ b/lib/rubygems/security.rb @@ -339,26 +339,15 @@ module Gem::Security https://github.com/ruby/ruby/blob/trunk/lib/rubygems/security.rb#L339 class Exception < Gem::Exception; end ## - # Digest algorithm used to sign gems - - DIGEST_ALGORITHM = - if defined?(OpenSSL::Digest::SHA256) - OpenSSL::Digest::SHA256 - elsif defined?(OpenSSL::Digest::SHA1) - OpenSSL::Digest::SHA1 - else - require 'digest' - Digest::SHA512 - end - - ## # Used internally to select the signing digest from all computed digests DIGEST_NAME = # :nodoc: - if DIGEST_ALGORITHM.method_defined? :name - DIGEST_ALGORITHM.new.name + if defined?(OpenSSL::Digest::SHA256) + 'SHA256' + elsif defined?(OpenSSL::Digest::SHA1) + 'SHA1' else - DIGEST_ALGORITHM.name[/::([^:]+)\z/, 1] + 'SHA512' end ## @@ -468,6 +457,22 @@ module Gem::Security https://github.com/ruby/ruby/blob/trunk/lib/rubygems/security.rb#L457 end ## + # Creates a new digest instance using the specified +algorithm+. The default + # is SHA256. + + if defined?(OpenSSL::Digest) + def self.create_digest(algorithm = DIGEST_NAME) + OpenSSL::Digest.new(algorithm) + end + else + require 'digest' + + def self.create_digest(algorithm = DIGEST_NAME) + Digest.const_get(algorithm).new + end + end + + ## # Creates a new key pair of the specified +length+ and +algorithm+. The # default is a 3072 bit RSA key. @@ -528,7 +533,7 @@ module Gem::Security https://github.com/ruby/ruby/blob/trunk/lib/rubygems/security.rb#L533 ## # Sign the public key from +certificate+ with the +signing_key+ and - # +signing_cert+, using the Gem::Security::DIGEST_ALGORITHM. Uses the + # +signing_cert+, using the Gem::Security::DIGEST_NAME. Uses the # default certificate validity range and extensions. # # Returns the newly signed certificate. @@ -555,7 +560,7 @@ module Gem::Security https://github.com/ruby/ruby/blob/trunk/lib/rubygems/security.rb#L560 signed = create_cert signee_subject, signee_key, age, extensions, serial signed.issuer = signing_cert.subject - signed.sign signing_key, Gem::Security::DIGEST_ALGORITHM.new + signed.sign signing_key, Gem::Security::DIGEST_NAME end ## diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb index 0783fe3..db457f1 100644 --- a/lib/rubygems/security/policy.rb +++ b/lib/rubygems/security/policy.rb @@ -75,7 +75,7 @@ class Gem::Security::Policy https://github.com/ruby/ruby/blob/trunk/lib/rubygems/security/policy.rb#L75 def check_data(public_key, digest, signature, data) raise Gem::Security::Exception, "invalid signature" unless - public_key.verify digest.new, signature, data.digest + public_key.verify digest, signature, data.digest true end @@ -223,7 +223,7 @@ class Gem::Security::Policy https://github.com/ruby/ruby/blob/trunk/lib/rubygems/security/policy.rb#L223 end opt = @opt - digester = Gem::Security::DIGEST_ALGORITHM + digester = Gem::Security.create_digest trust_dir = opt[:trust_dir] time = Time.now diff --git a/lib/rubygems/security/signer.rb b/lib/rubygems/security/signer.rb index d1da3f2..89200f9 100644 --- a/lib/rubygems/security/signer.rb +++ b/lib/rubygems/security/signer.rb @@ -80,8 +80,8 @@ class Gem::Security::Signer https://github.com/ruby/ruby/blob/trunk/lib/rubygems/security/signer.rb#L80 @cert_chain = [default_cert] if File.exist? default_cert end - @digest_algorithm = Gem::Security::DIGEST_ALGORITHM @digest_name = Gem::Security::DIGEST_NAME + @digest_algorithm = Gem::Security.create_digest(@digest_name) if @key && !@key.is_a?(OpenSSL::PKey::RSA) @key = OpenSSL::PKey::RSA.new(File.read(@key), @passphrase) diff --git a/lib/rubygems/security/trust_dir.rb b/lib/rubygems/security/trust_dir.rb index 9016b0c..1d93cea 100644 --- a/lib/rubygems/security/trust_dir.rb +++ b/lib/rubygems/security/trust_dir.rb @@ -25,7 +25,7 @@ class Gem::Security::TrustDir https://github.com/ruby/ruby/blob/trunk/lib/rubygems/security/trust_dir.rb#L25 @dir = dir @permissions = permissions - @digester = Gem::Security::DIGEST_ALGORITHM + @digester = Gem::Security.create_digest end ## diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb index adf11a1..3a97a85 100644 --- a/test/rubygems/test_gem_package.rb +++ b/test/rubygems/test_gem_package.rb @@ -1018,7 +1018,7 @@ class TestGemPackage < Gem::Package::TarTestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_package.rb#L1018 bogus_data = Gem::Util.gzip 'hello' fake_signer = Class.new do def digest_name; 'SHA512'; end - def digest_algorithm; Digest(:SHA512); end + def digest_algorithm; Digest(:SHA512).new; end def key; 'key'; end def sign(*); 'fake_sig'; end end diff --git a/test/rubygems/test_gem_package_tar_writer.rb b/test/rubygems/test_gem_package_tar_writer.rb index 9a3feca..e31efdd 100644 --- a/test/rubygems/test_gem_package_tar_writer.rb +++ b/test/rubygems/test_gem_package_tar_writer.rb @@ -71,7 +71,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_package_tar_writer.rb#L71 end def test_add_file_digest - digest_algorithms = Digest::SHA1, Digest::SHA512 + digest_algorithms = Digest::SHA1.new, Digest::SHA512.new Time.stub :now, Time.at(1458518157) do digests = @tar_writer.add_file_digest 'x', 0644, digest_algorithms do |io| @@ -94,7 +94,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_package_tar_writer.rb#L94 end def test_add_file_digest_multiple - digest_algorithms = [Digest::SHA1, Digest::SHA512] + digest_algorithms = [Digest::SHA1.new, Digest::SHA512.new] Time.stub :now, Time.at(1458518157) do digests = @tar_writer.add_file_digest 'x', 0644, digest_algorithms do |io| diff --git a/test/rubygems/test_gem_security_policy.rb b/test/rubygems/test_gem_security_policy.rb index 4d5d9bb..86100d7 100644 --- a/test/rubygems/test_gem_security_policy.rb +++ b/test/rubygems/test_gem_security_policy.rb @@ -32,7 +32,7 @@ class TestGemSecurityPolicy < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_security_policy.rb#L32 s.files = %w[lib/code.rb] end - @digest = Gem::Security::DIGEST_ALGORITHM + @digest = OpenSSL::Digest.new Gem::Security::DIGEST_NAME @trust_dir = Gem::Security.trust_dir.dir # HACK use the object @no = Gem::Security::NoSecurity @@ -395,13 +395,11 @@ class TestGemSecurityPolicy < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_security_policy.rb#L395 def test_verify_wrong_digest_type Gem::Security.trust_dir.trust_cert PUBLIC_CERT - sha512 = OpenSSL::Digest::SHA512 - - data = sha512.new + data = OpenSSL::Digest.new('SHA512') data << 'hello' digests = { 'SHA512' => { 0 => data } } - signature = PRIVATE_KEY.sign sha512.new, data.digest + signature = PRIVATE_KEY.sign 'sha512', data.digest signatures = { 0 => signature } e = assert_raises Gem::Security::Exception do @@ -480,7 +478,7 @@ class TestGemSecurityPolicy < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_security_policy.rb#L478 def s.full_name() 'metadata.gz' end digests = package.digest s - digests[Gem::Security::DIGEST_NAME]['data.tar.gz'] = @digest.new 'hello' + digests[Gem::Security::DIGEST_NAME]['data.tar.gz'] = @digest.hexdigest 'hello' metadata_gz_digest = digests[Gem::Security::DIGEST_NAME]['metadata.gz'] @@ -509,7 +507,7 @@ class TestGemSecurityPolicy < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_security_policy.rb#L507 def s.full_name() 'metadata.gz' end digests = package.digest s - digests[Gem::Securi (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/