bcrypt 3.1.17-java → 3.1.19-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 982723920ec5f97cff8b34987babf6a5f1ee632e8f942e40cf28246940e067d6
4
- data.tar.gz: ab2bb1ace746eb5efa5b2ce1d9b1bcc9fe5445899ae3c78510198a6df19152d0
3
+ metadata.gz: 636cc94d86701d3d34c7ba884587e9ff5429d78eb055f15d88104c3b2f006e9a
4
+ data.tar.gz: 9f67d235f53ea00410bcc0abfec5cb42a6bd22e7c52ae43923e161828d18e43c
5
5
  SHA512:
6
- metadata.gz: 79951a4c7612737f25550f701d387d7c7325798eae87d898cccefd83762cf713d9817a19ca29d95b950ed85b32915efbdf7dd93e146a08230135309876a26a27
7
- data.tar.gz: d3618098d76210298bb5e05b39f75469cc4f64dfea5e55cc5cebf0372eb8a529b076d771f184e311c564a6d08932b7160fb46355e09188592f7de1608dd65d83
6
+ metadata.gz: 4d78ea03482ec52e987617f94a0b5a9108369585961e29746ab8ed65f035b1b40eca0e14137c10dd0a49072312c945e4ecbd91327e21c573d7b7dcd3428e83cf
7
+ data.tar.gz: f46639b8366442dfbe2ea6db81f56784f4b99443b790392d3e41bd4c6a06f8e16ab26f94fcc9bdca584eee80a1461fcc632eb4ab979a37378808c99a3ce13b47
@@ -30,8 +30,6 @@ jobs:
30
30
  - truffleruby-head
31
31
  - mingw
32
32
  exclude:
33
- - { os: ubuntu, ruby: jruby }
34
- - { os: ubuntu, ruby: jruby-head }
35
33
  - { os: ubuntu, ruby: mingw }
36
34
  - { os: macos, ruby: mingw }
37
35
  - { os: windows, ruby: truffleruby }
@@ -46,8 +44,12 @@ jobs:
46
44
  with:
47
45
  ruby-version: ${{ matrix.ruby }}
48
46
  bundler-cache: true
47
+ env:
48
+ JAVA_OPTS: -Djdk.io.File.enableADS=true
49
49
  - name: Run tests
50
50
  run: bundle exec rake default
51
+ env:
52
+ JAVA_OPTS: -Djdk.io.File.enableADS=true
51
53
 
52
54
  finish:
53
55
  runs-on: ubuntu-latest
data/CHANGELOG CHANGED
@@ -1,3 +1,11 @@
1
+ 3.1.19 June 22 2023
2
+ - Deprecate passing the third argument to `BCrypt::Engine.hash_secret` [GH #207 by @sergey-alekseev]
3
+ - Add GC guards so the C compiler won't optimize out references [GH #270]
4
+
5
+ 3.1.18 May 16 2022
6
+ - Unlock GVL when calculating hashes and salts [GH #260]
7
+ - Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261]
8
+
1
9
  3.1.17 Mar 14 2022
2
10
  - Fix regex in validators to use \A and \z instead of ^ and $ [GH #121]
3
11
  - Truncate secrets greater than 72 bytes in hash_secret [GH #255]
data/README.md CHANGED
@@ -5,7 +5,6 @@ An easy way to keep your users' passwords secure.
5
5
  * https://github.com/bcrypt-ruby/bcrypt-ruby/tree/master
6
6
 
7
7
  [![Github Actions Build Status](https://github.com/bcrypt-ruby/bcrypt-ruby/actions/workflows/ruby.yml/badge.svg?branch=master)](https://github.com/bcrypt-ruby/bcrypt-ruby/actions/workflows/ruby.yml)
8
- [![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/6fplerx9lnaf0hyo?svg=true)](https://ci.appveyor.com/project/TJSchuck35975/bcrypt-ruby)
9
8
 
10
9
  ## Why you should use `bcrypt()`
11
10
 
data/Rakefile CHANGED
@@ -50,8 +50,8 @@ end
50
50
  if RUBY_PLATFORM =~ /java/
51
51
  Rake::JavaExtensionTask.new('bcrypt_ext', GEMSPEC) do |ext|
52
52
  ext.ext_dir = 'ext/jruby'
53
- ext.source_version = "1.7"
54
- ext.target_version = "1.7"
53
+ ext.source_version = "1.8"
54
+ ext.target_version = "1.8"
55
55
  end
56
56
  else
57
57
  Rake::ExtensionTask.new("bcrypt_ext", GEMSPEC) do |ext|
data/bcrypt.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'bcrypt'
3
- s.version = '3.1.17'
3
+ s.version = '3.1.19'
4
4
 
5
5
  s.summary = "OpenBSD's bcrypt() password hashing algorithm."
6
6
  s.description = <<-EOF
@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
12
12
  s.files = `git ls-files`.split("\n")
13
13
  s.require_path = 'lib'
14
14
 
15
- s.add_development_dependency 'rake-compiler', '~> 0.9.2'
15
+ s.add_development_dependency 'rake-compiler', '~> 1.2.0'
16
16
  s.add_development_dependency 'rspec', '>= 3'
17
17
 
18
18
  s.rdoc_options += ['--title', 'bcrypt-ruby', '--line-numbers', '--inline-source', '--main', 'README.md']
data/ext/mri/bcrypt_ext.c CHANGED
@@ -1,53 +1,110 @@
1
1
  #include <ruby.h>
2
2
  #include <ow-crypt.h>
3
3
 
4
+ #ifdef HAVE_RUBY_THREAD_H
5
+ #include <ruby/thread.h>
6
+ #endif
7
+
4
8
  static VALUE mBCrypt;
5
9
  static VALUE cBCryptEngine;
6
10
 
11
+ struct bc_salt_args {
12
+ const char * prefix;
13
+ unsigned long count;
14
+ const char * input;
15
+ int size;
16
+ };
17
+
18
+ static void * bc_salt_nogvl(void * ptr) {
19
+ struct bc_salt_args * args = ptr;
20
+
21
+ return crypt_gensalt_ra(args->prefix, args->count, args->input, args->size);
22
+ }
23
+
7
24
  /* Given a logarithmic cost parameter, generates a salt for use with +bc_crypt+.
8
25
  */
9
26
  static VALUE bc_salt(VALUE self, VALUE prefix, VALUE count, VALUE input) {
10
27
  char * salt;
11
28
  VALUE str_salt;
12
-
13
- salt = crypt_gensalt_ra(
14
- StringValuePtr(prefix),
15
- NUM2ULONG(count),
16
- NIL_P(input) ? NULL : StringValuePtr(input),
17
- NIL_P(input) ? 0 : RSTRING_LEN(input));
29
+ struct bc_salt_args args;
30
+
31
+ /* duplicate the parameters for thread safety. If another thread has a
32
+ * reference to the parameters and mutates them while we are working,
33
+ * that would be very bad. Duping the strings means that the reference
34
+ * isn't shared. */
35
+ prefix = rb_str_new_frozen(prefix);
36
+ input = rb_str_new_frozen(input);
37
+
38
+ args.prefix = StringValueCStr(prefix);
39
+ args.count = NUM2ULONG(count);
40
+ args.input = NIL_P(input) ? NULL : StringValuePtr(input);
41
+ args.size = NIL_P(input) ? 0 : RSTRING_LEN(input);
42
+
43
+ #ifdef HAVE_RUBY_THREAD_H
44
+ salt = rb_thread_call_without_gvl(bc_salt_nogvl, &args, NULL, NULL);
45
+ #else
46
+ salt = bc_salt_nogvl((void *)&args);
47
+ #endif
18
48
 
19
49
  if(!salt) return Qnil;
20
50
 
21
51
  str_salt = rb_str_new2(salt);
52
+
53
+ RB_GC_GUARD(prefix);
54
+ RB_GC_GUARD(input);
22
55
  free(salt);
23
56
 
24
57
  return str_salt;
25
58
  }
26
59
 
60
+ struct bc_crypt_args {
61
+ const char * key;
62
+ const char * setting;
63
+ void * data;
64
+ int size;
65
+ };
66
+
67
+ static void * bc_crypt_nogvl(void * ptr) {
68
+ struct bc_crypt_args * args = ptr;
69
+
70
+ return crypt_ra(args->key, args->setting, &args->data, &args->size);
71
+ }
72
+
27
73
  /* Given a secret and a salt, generates a salted hash (which you can then store safely).
28
74
  */
29
75
  static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
30
76
  char * value;
31
- void * data;
32
- int size;
33
77
  VALUE out;
34
78
 
35
- data = NULL;
36
- size = 0xDEADBEEF;
79
+ struct bc_crypt_args args;
37
80
 
38
81
  if(NIL_P(key) || NIL_P(setting)) return Qnil;
39
82
 
40
- value = crypt_ra(
41
- NIL_P(key) ? NULL : StringValuePtr(key),
42
- NIL_P(setting) ? NULL : StringValuePtr(setting),
43
- &data,
44
- &size);
83
+ /* duplicate the parameters for thread safety. If another thread has a
84
+ * reference to the parameters and mutates them while we are working,
85
+ * that would be very bad. Duping the strings means that the reference
86
+ * isn't shared. */
87
+ key = rb_str_new_frozen(key);
88
+ setting = rb_str_new_frozen(setting);
89
+
90
+ args.data = NULL;
91
+ args.size = 0xDEADBEEF;
92
+ args.key = NIL_P(key) ? NULL : StringValueCStr(key);
93
+ args.setting = NIL_P(setting) ? NULL : StringValueCStr(setting);
94
+
95
+ #ifdef HAVE_RUBY_THREAD_H
96
+ value = rb_thread_call_without_gvl(bc_crypt_nogvl, &args, NULL, NULL);
97
+ #else
98
+ value = bc_crypt_nogvl((void *)&args);
99
+ #endif
45
100
 
46
- if(!value || !data) return Qnil;
101
+ if(!value || !args.data) return Qnil;
47
102
 
48
103
  out = rb_str_new2(value);
49
104
 
50
- xfree(data);
105
+ RB_GC_GUARD(key);
106
+ RB_GC_GUARD(setting);
107
+ free(args.data);
51
108
 
52
109
  return out;
53
110
  }
data/lib/bcrypt/engine.rb CHANGED
@@ -53,6 +53,13 @@ module BCrypt
53
53
  # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
54
54
  # a bcrypt() password hash. Secrets longer than 72 bytes are truncated.
55
55
  def self.hash_secret(secret, salt, _ = nil)
56
+ unless _.nil?
57
+ warn "[DEPRECATION] Passing the third argument to " \
58
+ "`BCrypt::Engine.hash_secret` is deprecated. " \
59
+ "Please do not pass the third argument which " \
60
+ "is currently not used."
61
+ end
62
+
56
63
  if valid_secret?(secret)
57
64
  if valid_salt?(salt)
58
65
  if RUBY_PLATFORM == "java"
data/lib/bcrypt_ext.jar CHANGED
Binary file
@@ -31,6 +31,12 @@ describe "Creating a hashed password" do
31
31
  specify "should tolerate very long string secrets" do
32
32
  expect { BCrypt::Password.create("abcd"*1024) }.not_to raise_error
33
33
  end
34
+
35
+ specify "blows up when null bytes are in the string" do
36
+ # JRuby can handle the null bytes
37
+ skip if RUBY_ENGINE == 'jruby'
38
+ expect { BCrypt::Password.create( "foo\0bar".chop ) }.to raise_error
39
+ end
34
40
  end
35
41
 
36
42
  describe "Reading a hashed password" do
metadata CHANGED
@@ -1,21 +1,21 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bcrypt
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.17
4
+ version: 3.1.19
5
5
  platform: java
6
6
  authors:
7
7
  - Coda Hale
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-03-14 00:00:00.000000000 Z
11
+ date: 2023-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
15
15
  requirements:
16
16
  - - "~>"
17
17
  - !ruby/object:Gem::Version
18
- version: 0.9.2
18
+ version: 1.2.0
19
19
  name: rake-compiler
20
20
  prerelease: false
21
21
  type: :development
@@ -23,7 +23,7 @@ dependencies:
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.9.2
26
+ version: 1.2.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  requirement: !ruby/object:Gem::Requirement
29
29
  requirements:
@@ -62,7 +62,6 @@ files:
62
62
  - Gemfile
63
63
  - README.md
64
64
  - Rakefile
65
- - appveyor.yml
66
65
  - bcrypt.gemspec
67
66
  - ext/jruby/bcrypt_jruby/BCrypt.java
68
67
  - ext/mri/bcrypt_ext.c
data/appveyor.yml DELETED
@@ -1,50 +0,0 @@
1
- version: "{branch}-{build}"
2
- build: off
3
- clone_depth: 1
4
-
5
- init:
6
- # Install Ruby head
7
- - if %RUBY_VERSION%==head (
8
- appveyor DownloadFile https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-head/rubyinstaller-head-x86.exe -FileName C:\head_x86.exe &
9
- C:\head_x86.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
10
- )
11
- - if %RUBY_VERSION%==head-x64 (
12
- appveyor DownloadFile https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-head/rubyinstaller-head-x64.exe -FileName C:\head_x64.exe &
13
- C:\head_x64.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
14
- )
15
-
16
- # Add Ruby to the path
17
- - set PATH=C:\Ruby%RUBY_VERSION%\bin;%PATH%
18
-
19
- environment:
20
- matrix:
21
- - RUBY_VERSION: "head"
22
- - RUBY_VERSION: "head-x64"
23
- - RUBY_VERSION: "25"
24
- - RUBY_VERSION: "25-x64"
25
- - RUBY_VERSION: "24"
26
- - RUBY_VERSION: "24-x64"
27
- - RUBY_VERSION: "23"
28
- - RUBY_VERSION: "23-x64"
29
- - RUBY_VERSION: "22"
30
- - RUBY_VERSION: "22-x64"
31
- - RUBY_VERSION: "21"
32
- - RUBY_VERSION: "21-x64"
33
- - RUBY_VERSION: "200"
34
- - RUBY_VERSION: "200-x64"
35
-
36
- install:
37
- - ps: "Set-Content -Value 'gem: --no-ri --no-rdoc ' -Path C:\\ProgramData\\gemrc"
38
- - if %RUBY_VERSION%==head ( gem install bundler -v'< 2' )
39
- - if %RUBY_VERSION%==head-x64 ( gem install bundler -v'< 2' )
40
- - bundle install
41
-
42
- before_build:
43
- - ruby -v
44
- - gem -v
45
-
46
- build_script:
47
- - bundle exec rake compile -rdevkit
48
-
49
- test_script:
50
- - bundle exec rake spec