argon2id 0.8.0.rc1-java → 0.10.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f3e4f92843ded78b7740f56525faee59bc2666047c786efce664f20fe651563
-  data.tar.gz: a03c928369e5d060d6809f813c94d3b269713f68a24026dfe7dd79eb3270a46a
+  metadata.gz: c752158cef0854ab64c00cd3346cc664f71f165cd020d66a7c89e7d1fc94cf95
+  data.tar.gz: ba733bbd6d58a4f0d38ce903fcb6394e4b3779d45351d6c4ba9a3b0833ad837d
 SHA512:
-  metadata.gz: 9de337063948c1bef73e0ec6519d831f11e53d94c47ab5524796c46d32973dc41f617dab908314143dfdebe3dbe393214facd5955af624d258129e6bb87b8a0c
-  data.tar.gz: dc7ab66fbff2737565eaa592d18ac3d9cbfa8e22b3edac8d3070e629f753cd69baad28ed6ebcee0d1a9a9de3434be861c5c60ea131971b5a88f2efacf08fe4c0
+  metadata.gz: 01a4ca3f615bbf4a524892e1ec5ed168d01ba77624901488bf324ca23a2d2fc605d449cc7c5686b0a220d2999ef72b772e3c059802ea2a8dab8f5052a45f89c0
+  data.tar.gz: d5f4be4cb26348d7163a92dd1ee1fe9ff5a7064e5d3cc30c3ad0e689550f9325f482aa9afbe4bcbec7c44c6c4216274ea87a9148ff2cf5130e92e7132fd8c136

data/CHANGELOG.md

@@ -5,6 +5,42 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.10.0] - 2026-04-06
+
+### Changed
+
+- Hashing and verifying passwords no longer holds the Ruby Global VM Lock
+  during the intentionally expensive computation of the Argon2id hash, allowing
+  other threads to do work at the same time.
+- Argon2id::Password objects, their encoded password hash, salt, and hash
+  output strings are now all frozen to prevent mutation. Inputs are also now
+  frozen ASAP during hashing and verification to prevent mutation before
+  passing to the internal C/Java implementation of Argon2.
+- The extension is now flagged as safe to use with Ractors.
+
+## [0.9.0] - 2025-12-30
+
+### Added
+- Add support for Ruby 4.0 in precompiled, native gems.
+
+### Removed
+- Remove support and native gems for Ruby 2.6, 2.7, and 3.0.
+- Remove native gems for 32-bit platforms, specifically x86-linux-gnu,
+  x86-linux-musl, and x86-mingw32
+
+## [0.8.0] - 2024-12-29
+
+### Added
+
+- Add Ruby 3.4 support to the precompiled, native gems
+- Restored support for Ruby 2.6, 2.7, and 3.0 after dropping them in 0.8.0.rc1
+
+### Changed
+
+- Provide separate precompiled, native gems for GNU and Musl
+- Require glibc 2.29+ for x86-linux-gnu and x86_64-linux-gnu (and recommend
+  RubyGems 3.3.22+ and Bundler 2.3.21+)
+
 ## [0.8.0.rc1] - 2024-12-16
 
 ### Added
@@ -128,6 +164,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   reference C implementation of Argon2, the password-hashing function that won
   the Password Hashing Competition.
 
+[0.10.0]: https://github.com/mudge/argon2id/releases/tag/v0.10.0
+[0.9.0]: https://github.com/mudge/argon2id/releases/tag/v0.9.0
+[0.8.0]: https://github.com/mudge/argon2id/releases/tag/v0.8.0
 [0.8.0.rc1]: https://github.com/mudge/argon2id/releases/tag/v0.8.0.rc1
 [0.7.0]: https://github.com/mudge/argon2id/releases/tag/v0.7.0
 [0.6.0]: https://github.com/mudge/argon2id/releases/tag/v0.6.0

data/README.md

@@ -5,7 +5,7 @@ Ruby bindings to [Argon2][], the password-hashing function that won the 2015
 
 [![Build Status](https://github.com/mudge/argon2id/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/mudge/argon2id/actions)
 
-**Current version:** 0.8.0.rc1  
+**Current version:** 0.10.0  
 **Bundled Argon2 version:** libargon2.1 (20190702)
 
 ```ruby
@@ -257,8 +257,8 @@ User.find_by(name: "alice")&.authenticate("password") #=> user
 
 This gem requires any of the following to run:
 
-* [Ruby](https://www.ruby-lang.org/en/) 3.1 to 3.4.0-rc1
-* [JRuby](https://www.jruby.org) 9.4
+* [Ruby](https://www.ruby-lang.org/en/) 3.1 to 4.0
+* [JRuby](https://www.jruby.org) 9.4 to 10.0
 * [TruffleRuby](https://www.graalvm.org/ruby/) 24.1
 
 > [!NOTE]
@@ -271,10 +271,10 @@ This gem requires any of the following to run:
 Where possible, a pre-compiled native gem will be provided for the following platforms:
 
 * Linux
-    * `aarch64-linux`, `arm-linux`, `x86-linux`, `x86_64-linux` (requires [glibc](https://www.gnu.org/software/libc/) 2.29+, RubyGems 3.3.22+ and Bundler 2.3.21+)
+    * `aarch64-linux`, `arm-linux`, `x86_64-linux` (requires [glibc](https://www.gnu.org/software/libc/) 2.29+, RubyGems 3.3.22+ and Bundler 2.3.21+)
     * [musl](https://musl.libc.org/)-based systems such as [Alpine](https://alpinelinux.org) are supported with Bundler 2.5.6+
 * macOS `x86_64-darwin` and `arm64-darwin`
-* Windows `x64-mingw-ucrt`
+* Windows 2022+ `x64-mingw-ucrt`
 * Java: any platform running JRuby 9.4 or higher
 
 ### Verifying the gems

data/Rakefile

@@ -11,16 +11,12 @@ cross_platforms = %w[
   arm-linux-musl
   arm64-darwin
   x64-mingw-ucrt
-  x64-mingw32
-  x86-linux-gnu
-  x86-linux-musl
-  x86-mingw32
   x86_64-darwin
   x86_64-linux-gnu
   x86_64-linux-musl
 ].freeze
 
-ENV["RUBY_CC_VERSION"] = %w[3.4.0 3.3.5 3.2.0 3.1.0].join(":")
+RakeCompilerDock.set_ruby_cc_version("~> 3.1", "~> 4.0")
 
 gemspec = Gem::Specification.load("argon2id.gemspec")
 
@@ -31,7 +27,6 @@ namespace :java do
   java_gemspec.files.reject! { |path| File.fnmatch?("ext/*", path) }
   java_gemspec.extensions.clear
   java_gemspec.platform = Gem::Platform.new("java")
-  java_gemspec.required_ruby_version = ">= 3.1.0"
 
   Gem::PackageTask.new(java_gemspec).define
 end
@@ -60,7 +55,7 @@ namespace :gem do
     task platform do
       RakeCompilerDock.sh <<~SCRIPT, platform: platform, verbose: true
         gem install bundler --no-document &&
-        bundle &&
+        bundle install &&
         bundle exec rake native:#{platform} pkg/#{gemspec.full_name}-#{Gem::Platform.new(platform)}.gem PATH="/usr/local/bin:$PATH"
       SCRIPT
     end

data/argon2id.gemspec

@@ -53,7 +53,7 @@ Gem::Specification.new do |s|
   ]
   s.rdoc_options = ["--main", "README.md"]
 
-  s.add_development_dependency("rake-compiler", "~> 1.2")
-  s.add_development_dependency("rake-compiler-dock", "~> 1.7.0.rc1")
+  s.add_development_dependency("rake-compiler", "~> 1.3")
+  s.add_development_dependency("rake-compiler-dock", "~> 1.11")
   s.add_development_dependency("minitest", "~> 5.25")
 end

data/lib/argon2id/extension.rb

@@ -10,6 +10,7 @@ if RUBY_PLATFORM == "java"
     class Password
       def self.hash_encoded(t_cost, m_cost, parallelism, pwd, salt, hashlen)
         raise Error, "Salt is too short" if salt.empty?
+        raise Error, "Memory cost is too small" if m_cost < 8
 
         salt_bytes = salt.to_java_bytes
         output = Java::byte[hashlen].new

data/lib/argon2id/password.rb

@@ -115,13 +115,14 @@ module Argon2id
     def initialize(encoded)
       raise ArgumentError, "invalid hash" unless PATTERN =~ String(encoded)
 
-      @encoded = $&
+      @encoded = $&.freeze
       @version = Integer($1 || 0x10)
       @m_cost = Integer($2)
       @t_cost = Integer($3)
       @parallelism = Integer($4)
-      @salt = $5.unpack1("m")
-      @output = $6.unpack1("m")
+      @salt = $5.unpack1("m").freeze
+      @output = $6.unpack1("m").freeze
+      freeze
     end
 
     # Return the encoded password hash.

data/lib/argon2id/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Argon2id
-  VERSION = "0.8.0.rc1"
+  VERSION = "0.10.0"
 end

data/test/argon2id/test_password.rb

@@ -188,6 +188,42 @@ class TestPassword < Minitest::Test
     assert password == "password"
   end
 
+  def test_new_password_is_frozen
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert password.frozen?
+  end
+
+  def test_encoded_is_frozen
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert password.encoded.frozen?
+  end
+
+  def test_salt_is_frozen
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert password.salt.frozen?
+  end
+
+  def test_output_is_frozen
+    password = Argon2id::Password.new(
+      "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
+      "$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4"
+    )
+
+    assert password.output.frozen?
+  end
+
   def test_encoded_returns_the_full_encoded_hash
     password = Argon2id::Password.new(
       "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ" \
@@ -526,6 +562,12 @@ class TestPassword < Minitest::Test
     Argon2id.output_len = Argon2id::DEFAULT_OUTPUT_LEN
   end
 
+  def test_create_password_is_frozen
+    password = Argon2id::Password.create("password")
+
+    assert password.frozen?
+  end
+
   def test_create_password_equals_correct_password
     password = Argon2id::Password.create("password")
 
@@ -538,6 +580,31 @@ class TestPassword < Minitest::Test
     refute password == "differentpassword"
   end
 
+  def test_create_is_thread_safe
+    threads = 10.times.map do |i|
+      Thread.new(i) do |n|
+        password = Argon2id::Password.create("password-#{n}", t_cost: 2, m_cost: 256, parallelism: 1)
+        assert password == "password-#{n}"
+      end
+    end
+
+    threads.each(&:value)
+  end
+
+  def test_verify_is_thread_safe
+    hash = Argon2id::Password.create("password", t_cost: 2, m_cost: 256, parallelism: 1).to_s
+
+    threads = 10.times.map do |i|
+      Thread.new do
+        password = Argon2id::Password.new(hash)
+        assert password == "password"
+        refute password == "wrong"
+      end
+    end
+
+    threads.each(&:value)
+  end
+
   def test_hashing_password_verifies_correct_password
     hash = Argon2id::Password.create("password").to_s
     password = Argon2id::Password.new(hash)

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: argon2id
 version: !ruby/object:Gem::Version
-  version: 0.8.0.rc1
+  version: 0.10.0
 platform: java
 authors:
 - Paul Mucur
 bindir: bin
 cert_chain: []
-date: 2024-12-16 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake-compiler
@@ -15,28 +15,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rake-compiler-dock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0.rc1
+        version: '1.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0.rc1
+        version: '1.11'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -95,7 +95,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.0.dev
+rubygems_version: 4.0.6
 specification_version: 4
 summary: Ruby bindings to Argon2
 test_files: []