bcrypt 3.1.17-java → 3.1.19-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 982723920ec5f97cff8b34987babf6a5f1ee632e8f942e40cf28246940e067d6
-  data.tar.gz: ab2bb1ace746eb5efa5b2ce1d9b1bcc9fe5445899ae3c78510198a6df19152d0
+  metadata.gz: 636cc94d86701d3d34c7ba884587e9ff5429d78eb055f15d88104c3b2f006e9a
+  data.tar.gz: 9f67d235f53ea00410bcc0abfec5cb42a6bd22e7c52ae43923e161828d18e43c
 SHA512:
-  metadata.gz: 79951a4c7612737f25550f701d387d7c7325798eae87d898cccefd83762cf713d9817a19ca29d95b950ed85b32915efbdf7dd93e146a08230135309876a26a27
-  data.tar.gz: d3618098d76210298bb5e05b39f75469cc4f64dfea5e55cc5cebf0372eb8a529b076d771f184e311c564a6d08932b7160fb46355e09188592f7de1608dd65d83
+  metadata.gz: 4d78ea03482ec52e987617f94a0b5a9108369585961e29746ab8ed65f035b1b40eca0e14137c10dd0a49072312c945e4ecbd91327e21c573d7b7dcd3428e83cf
+  data.tar.gz: f46639b8366442dfbe2ea6db81f56784f4b99443b790392d3e41bd4c6a06f8e16ab26f94fcc9bdca584eee80a1461fcc632eb4ab979a37378808c99a3ce13b47

data/.github/workflows/ruby.yml

@@ -30,8 +30,6 @@ jobs:
           - truffleruby-head
           - mingw
         exclude:
-          - { os: ubuntu,  ruby: jruby }
-          - { os: ubuntu,  ruby: jruby-head }
           - { os: ubuntu,  ruby: mingw }
           - { os: macos,   ruby: mingw }
           - { os: windows, ruby: truffleruby }
@@ -46,8 +44,12 @@ jobs:
         with:
           ruby-version: ${{ matrix.ruby }}
           bundler-cache: true
+        env:
+          JAVA_OPTS: -Djdk.io.File.enableADS=true
       - name: Run tests
         run: bundle exec rake default
+        env:
+          JAVA_OPTS: -Djdk.io.File.enableADS=true
 
   finish:
     runs-on: ubuntu-latest

data/CHANGELOG

@@ -1,3 +1,11 @@
+3.1.19 June 22 2023
+  - Deprecate passing the third argument to `BCrypt::Engine.hash_secret` [GH #207 by @sergey-alekseev]
+  - Add GC guards so the C compiler won't optimize out references [GH #270]
+
+3.1.18 May 16 2022
+  - Unlock GVL when calculating hashes and salts [GH #260]
+  - Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261]
+
 3.1.17 Mar 14 2022
 - Fix regex in validators to use \A and \z instead of ^ and $ [GH #121]
 - Truncate secrets greater than 72 bytes in hash_secret [GH #255]

data/README.md

@@ -5,7 +5,6 @@ An easy way to keep your users' passwords secure.
 * https://github.com/bcrypt-ruby/bcrypt-ruby/tree/master
 
 [![Github Actions Build Status](https://github.com/bcrypt-ruby/bcrypt-ruby/actions/workflows/ruby.yml/badge.svg?branch=master)](https://github.com/bcrypt-ruby/bcrypt-ruby/actions/workflows/ruby.yml)
-[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/6fplerx9lnaf0hyo?svg=true)](https://ci.appveyor.com/project/TJSchuck35975/bcrypt-ruby)
 
 ## Why you should use `bcrypt()`
 

data/Rakefile

@@ -50,8 +50,8 @@ end
 if RUBY_PLATFORM =~ /java/
   Rake::JavaExtensionTask.new('bcrypt_ext', GEMSPEC) do |ext|
     ext.ext_dir = 'ext/jruby'
-    ext.source_version = "1.7"
-    ext.target_version = "1.7"
+    ext.source_version = "1.8"
+    ext.target_version = "1.8"
   end
 else
   Rake::ExtensionTask.new("bcrypt_ext", GEMSPEC) do |ext|

data/bcrypt.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = 'bcrypt'
-  s.version = '3.1.17'
+  s.version = '3.1.19'
 
   s.summary = "OpenBSD's bcrypt() password hashing algorithm."
   s.description = <<-EOF
@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
   s.files = `git ls-files`.split("\n")
   s.require_path = 'lib'
 
-  s.add_development_dependency 'rake-compiler', '~> 0.9.2'
+  s.add_development_dependency 'rake-compiler', '~> 1.2.0'
   s.add_development_dependency 'rspec', '>= 3'
 
   s.rdoc_options += ['--title', 'bcrypt-ruby', '--line-numbers', '--inline-source', '--main', 'README.md']

data/ext/mri/bcrypt_ext.c

@@ -1,53 +1,110 @@
 #include <ruby.h>
 #include <ow-crypt.h>
 
+#ifdef HAVE_RUBY_THREAD_H
+#include <ruby/thread.h>
+#endif
+
 static VALUE mBCrypt;
 static VALUE cBCryptEngine;
 
+struct bc_salt_args {
+    const char * prefix;
+    unsigned long count;
+    const char * input;
+    int size;
+};
+
+static void * bc_salt_nogvl(void * ptr) {
+    struct bc_salt_args * args = ptr;
+
+    return crypt_gensalt_ra(args->prefix, args->count, args->input, args->size);
+}
+
 /* Given a logarithmic cost parameter, generates a salt for use with +bc_crypt+.
 */
 static VALUE bc_salt(VALUE self, VALUE prefix, VALUE count, VALUE input) {
     char * salt;
     VALUE str_salt;
-
-    salt = crypt_gensalt_ra(
-	    StringValuePtr(prefix),
-	    NUM2ULONG(count),
-	    NIL_P(input) ? NULL : StringValuePtr(input),
-	    NIL_P(input) ? 0 : RSTRING_LEN(input));
+    struct bc_salt_args args;
+
+    /* duplicate the parameters for thread safety.  If another thread has a
+     * reference to the parameters and mutates them while we are working,
+     * that would be very bad.  Duping the strings means that the reference
+     * isn't shared. */
+    prefix = rb_str_new_frozen(prefix);
+    input  = rb_str_new_frozen(input);
+
+    args.prefix = StringValueCStr(prefix);
+    args.count  = NUM2ULONG(count);
+    args.input  = NIL_P(input) ? NULL : StringValuePtr(input);
+    args.size   = NIL_P(input) ? 0 : RSTRING_LEN(input);
+
+#ifdef HAVE_RUBY_THREAD_H
+    salt = rb_thread_call_without_gvl(bc_salt_nogvl, &args, NULL, NULL);
+#else
+    salt = bc_salt_nogvl((void *)&args);
+#endif
 
     if(!salt) return Qnil;
 
     str_salt = rb_str_new2(salt);
+
+    RB_GC_GUARD(prefix);
+    RB_GC_GUARD(input);
     free(salt);
 
     return str_salt;
 }
 
+struct bc_crypt_args {
+    const char * key;
+    const char * setting;
+    void * data;
+    int size;
+};
+
+static void * bc_crypt_nogvl(void * ptr) {
+    struct bc_crypt_args * args = ptr;
+
+    return crypt_ra(args->key, args->setting, &args->data, &args->size);
+}
+
 /* Given a secret and a salt, generates a salted hash (which you can then store safely).
 */
 static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
     char * value;
-    void * data;
-    int size;
     VALUE out;
 
-    data = NULL;
-    size = 0xDEADBEEF;
+    struct bc_crypt_args args;
 
     if(NIL_P(key) || NIL_P(setting)) return Qnil;
 
-    value = crypt_ra(
-	    NIL_P(key) ? NULL : StringValuePtr(key),
-	    NIL_P(setting) ? NULL : StringValuePtr(setting),
-	    &data,
-	    &size);
+    /* duplicate the parameters for thread safety.  If another thread has a
+     * reference to the parameters and mutates them while we are working,
+     * that would be very bad.  Duping the strings means that the reference
+     * isn't shared. */
+    key     = rb_str_new_frozen(key);
+    setting = rb_str_new_frozen(setting);
+
+    args.data    = NULL;
+    args.size    = 0xDEADBEEF;
+    args.key     = NIL_P(key)     ? NULL : StringValueCStr(key);
+    args.setting = NIL_P(setting) ? NULL : StringValueCStr(setting);
+
+#ifdef HAVE_RUBY_THREAD_H
+    value = rb_thread_call_without_gvl(bc_crypt_nogvl, &args, NULL, NULL);
+#else
+    value = bc_crypt_nogvl((void *)&args);
+#endif
 
-    if(!value || !data) return Qnil;
+    if(!value || !args.data) return Qnil;
 
     out = rb_str_new2(value);
 
-    xfree(data);
+    RB_GC_GUARD(key);
+    RB_GC_GUARD(setting);
+    free(args.data);
 
     return out;
 }

data/lib/bcrypt/engine.rb

@@ -53,6 +53,13 @@ module BCrypt
     # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
     # a bcrypt() password hash. Secrets longer than 72 bytes are truncated.
     def self.hash_secret(secret, salt, _ = nil)
+      unless _.nil?
+        warn "[DEPRECATION] Passing the third argument to " \
+             "`BCrypt::Engine.hash_secret` is deprecated. " \
+             "Please do not pass the third argument which " \
+             "is currently not used."
+      end
+
       if valid_secret?(secret)
         if valid_salt?(salt)
           if RUBY_PLATFORM == "java"

data/spec/bcrypt/password_spec.rb

@@ -31,6 +31,12 @@ describe "Creating a hashed password" do
   specify "should tolerate very long string secrets" do
     expect { BCrypt::Password.create("abcd"*1024) }.not_to raise_error
   end
+
+  specify "blows up when null bytes are in the string" do
+    # JRuby can handle the null bytes
+    skip if RUBY_ENGINE == 'jruby'
+    expect { BCrypt::Password.create( "foo\0bar".chop  ) }.to raise_error
+  end
 end
 
 describe "Reading a hashed password" do

metadata

@@ -1,21 +1,21 @@
 --- !ruby/object:Gem::Specification
 name: bcrypt
 version: !ruby/object:Gem::Version
-  version: 3.1.17
+  version: 3.1.19
 platform: java
 authors:
 - Coda Hale
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-14 00:00:00.000000000 Z
+date: 2023-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: 1.2.0
   name: rake-compiler
   prerelease: false
   type: :development
@@ -23,7 +23,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -62,7 +62,6 @@ files:
 - Gemfile
 - README.md
 - Rakefile
-- appveyor.yml
 - bcrypt.gemspec
 - ext/jruby/bcrypt_jruby/BCrypt.java
 - ext/mri/bcrypt_ext.c

data/appveyor.yml

@@ -1,50 +0,0 @@
-version: "{branch}-{build}"
-build: off
-clone_depth: 1
-
-init:
-  # Install Ruby head
-  - if %RUBY_VERSION%==head (
-      appveyor DownloadFile https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-head/rubyinstaller-head-x86.exe -FileName C:\head_x86.exe &
-      C:\head_x86.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
-    )
-  - if %RUBY_VERSION%==head-x64 (
-      appveyor DownloadFile https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-head/rubyinstaller-head-x64.exe -FileName C:\head_x64.exe &
-      C:\head_x64.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
-    )
-
-  # Add Ruby to the path
-  - set PATH=C:\Ruby%RUBY_VERSION%\bin;%PATH%
-
-environment:
-  matrix:
-    - RUBY_VERSION: "head"
-    - RUBY_VERSION: "head-x64"
-    - RUBY_VERSION: "25"
-    - RUBY_VERSION: "25-x64"
-    - RUBY_VERSION: "24"
-    - RUBY_VERSION: "24-x64"
-    - RUBY_VERSION: "23"
-    - RUBY_VERSION: "23-x64"
-    - RUBY_VERSION: "22"
-    - RUBY_VERSION: "22-x64"
-    - RUBY_VERSION: "21"
-    - RUBY_VERSION: "21-x64"
-    - RUBY_VERSION: "200"
-    - RUBY_VERSION: "200-x64"
-
-install:
-  - ps: "Set-Content -Value 'gem: --no-ri --no-rdoc ' -Path C:\\ProgramData\\gemrc"
-  - if %RUBY_VERSION%==head     ( gem install bundler -v'< 2' )
-  - if %RUBY_VERSION%==head-x64 ( gem install bundler -v'< 2' )
-  - bundle install
-
-before_build:
-  - ruby -v
-  - gem -v
-
-build_script:
-  - bundle exec rake compile -rdevkit
-
-test_script:
-  - bundle exec rake spec