RubyGems - bcrypt - Versions diffs - 3.1.17-java → 3.1.19-java - Mend

bcrypt 3.1.17-java → 3.1.19-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 982723920ec5f97cff8b34987babf6a5f1ee632e8f942e40cf28246940e067d6
-  data.tar.gz: ab2bb1ace746eb5efa5b2ce1d9b1bcc9fe5445899ae3c78510198a6df19152d0
+  metadata.gz: 636cc94d86701d3d34c7ba884587e9ff5429d78eb055f15d88104c3b2f006e9a
+  data.tar.gz: 9f67d235f53ea00410bcc0abfec5cb42a6bd22e7c52ae43923e161828d18e43c
 SHA512:
-  metadata.gz: 79951a4c7612737f25550f701d387d7c7325798eae87d898cccefd83762cf713d9817a19ca29d95b950ed85b32915efbdf7dd93e146a08230135309876a26a27
-  data.tar.gz: d3618098d76210298bb5e05b39f75469cc4f64dfea5e55cc5cebf0372eb8a529b076d771f184e311c564a6d08932b7160fb46355e09188592f7de1608dd65d83
+  metadata.gz: 4d78ea03482ec52e987617f94a0b5a9108369585961e29746ab8ed65f035b1b40eca0e14137c10dd0a49072312c945e4ecbd91327e21c573d7b7dcd3428e83cf
+  data.tar.gz: f46639b8366442dfbe2ea6db81f56784f4b99443b790392d3e41bd4c6a06f8e16ab26f94fcc9bdca584eee80a1461fcc632eb4ab979a37378808c99a3ce13b47

data/.github/workflows/ruby.yml CHANGED Viewed

@@ -30,8 +30,6 @@ jobs:
           - truffleruby-head
           - mingw
         exclude:
-          - { os: ubuntu,  ruby: jruby }
-          - { os: ubuntu,  ruby: jruby-head }
           - { os: ubuntu,  ruby: mingw }
           - { os: macos,   ruby: mingw }
           - { os: windows, ruby: truffleruby }
@@ -46,8 +44,12 @@ jobs:
         with:
           ruby-version: ${{ matrix.ruby }}
           bundler-cache: true
+        env:
+          JAVA_OPTS: -Djdk.io.File.enableADS=true
       - name: Run tests
         run: bundle exec rake default
+        env:
+          JAVA_OPTS: -Djdk.io.File.enableADS=true
   finish:
     runs-on: ubuntu-latest

data/CHANGELOG CHANGED Viewed

@@ -1,3 +1,11 @@
+3.1.19 June 22 2023
+  - Deprecate passing the third argument to `BCrypt::Engine.hash_secret` [GH #207 by @sergey-alekseev]
+  - Add GC guards so the C compiler won't optimize out references [GH #270]
+3.1.18 May 16 2022
+  - Unlock GVL when calculating hashes and salts [GH #260]
+  - Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261]
 3.1.17 Mar 14 2022
 - Fix regex in validators to use \A and \z instead of ^ and $ [GH #121]
 - Truncate secrets greater than 72 bytes in hash_secret [GH #255]

data/README.md CHANGED Viewed

@@ -5,7 +5,6 @@ An easy way to keep your users' passwords secure.
 * https://github.com/bcrypt-ruby/bcrypt-ruby/tree/master
 [![Github Actions Build Status](https://github.com/bcrypt-ruby/bcrypt-ruby/actions/workflows/ruby.yml/badge.svg?branch=master)](https://github.com/bcrypt-ruby/bcrypt-ruby/actions/workflows/ruby.yml)
-[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/6fplerx9lnaf0hyo?svg=true)](https://ci.appveyor.com/project/TJSchuck35975/bcrypt-ruby)
 ## Why you should use `bcrypt()`

data/Rakefile CHANGED Viewed

@@ -50,8 +50,8 @@ end
 if RUBY_PLATFORM =~ /java/
   Rake::JavaExtensionTask.new('bcrypt_ext', GEMSPEC) do |ext|
     ext.ext_dir = 'ext/jruby'
-    ext.source_version = "1.7"
-    ext.target_version = "1.7"
+    ext.source_version = "1.8"
+    ext.target_version = "1.8"
   end
 else
   Rake::ExtensionTask.new("bcrypt_ext", GEMSPEC) do |ext|

data/bcrypt.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = 'bcrypt'
-  s.version = '3.1.17'
+  s.version = '3.1.19'
   s.summary = "OpenBSD's bcrypt() password hashing algorithm."
   s.description = <<-EOF
@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
   s.files = `git ls-files`.split("\n")
   s.require_path = 'lib'
-  s.add_development_dependency 'rake-compiler', '~> 0.9.2'
+  s.add_development_dependency 'rake-compiler', '~> 1.2.0'
   s.add_development_dependency 'rspec', '>= 3'
   s.rdoc_options += ['--title', 'bcrypt-ruby', '--line-numbers', '--inline-source', '--main', 'README.md']

data/ext/mri/bcrypt_ext.c CHANGED Viewed

@@ -1,53 +1,110 @@
 #include <ruby.h>
 #include <ow-crypt.h>
+#ifdef HAVE_RUBY_THREAD_H
+#include <ruby/thread.h>
+#endif
 static VALUE mBCrypt;
 static VALUE cBCryptEngine;
+struct bc_salt_args {
+    const char * prefix;
+    unsigned long count;
+    const char * input;
+    int size;
+};
+static void * bc_salt_nogvl(void * ptr) {
+    struct bc_salt_args * args = ptr;
+    return crypt_gensalt_ra(args->prefix, args->count, args->input, args->size);
+}
 /* Given a logarithmic cost parameter, generates a salt for use with +bc_crypt+.
 */
 static VALUE bc_salt(VALUE self, VALUE prefix, VALUE count, VALUE input) {
     char * salt;
     VALUE str_salt;
-    salt = crypt_gensalt_ra(
-	    StringValuePtr(prefix),
-	    NUM2ULONG(count),
-	    NIL_P(input) ? NULL : StringValuePtr(input),
-	    NIL_P(input) ? 0 : RSTRING_LEN(input));
+    struct bc_salt_args args;
+    /* duplicate the parameters for thread safety.  If another thread has a
+     * reference to the parameters and mutates them while we are working,
+     * that would be very bad.  Duping the strings means that the reference
+     * isn't shared. */
+    prefix = rb_str_new_frozen(prefix);
+    input  = rb_str_new_frozen(input);
+    args.prefix = StringValueCStr(prefix);
+    args.count  = NUM2ULONG(count);
+    args.input  = NIL_P(input) ? NULL : StringValuePtr(input);
+    args.size   = NIL_P(input) ? 0 : RSTRING_LEN(input);
+#ifdef HAVE_RUBY_THREAD_H
+    salt = rb_thread_call_without_gvl(bc_salt_nogvl, &args, NULL, NULL);
+#else
+    salt = bc_salt_nogvl((void *)&args);
+#endif
     if(!salt) return Qnil;
     str_salt = rb_str_new2(salt);
+    RB_GC_GUARD(prefix);
+    RB_GC_GUARD(input);
     free(salt);
     return str_salt;
 }
+struct bc_crypt_args {
+    const char * key;
+    const char * setting;
+    void * data;
+    int size;
+};
+static void * bc_crypt_nogvl(void * ptr) {
+    struct bc_crypt_args * args = ptr;
+    return crypt_ra(args->key, args->setting, &args->data, &args->size);
+}
 /* Given a secret and a salt, generates a salted hash (which you can then store safely).
 */
 static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
     char * value;
-    void * data;
-    int size;
     VALUE out;
-    data = NULL;
-    size = 0xDEADBEEF;
+    struct bc_crypt_args args;
     if(NIL_P(key) || NIL_P(setting)) return Qnil;
-    value = crypt_ra(
-	    NIL_P(key) ? NULL : StringValuePtr(key),
-	    NIL_P(setting) ? NULL : StringValuePtr(setting),
-	    &data,
-	    &size);
+    /* duplicate the parameters for thread safety.  If another thread has a
+     * reference to the parameters and mutates them while we are working,
+     * that would be very bad.  Duping the strings means that the reference
+     * isn't shared. */
+    key     = rb_str_new_frozen(key);
+    setting = rb_str_new_frozen(setting);
+    args.data    = NULL;
+    args.size    = 0xDEADBEEF;
+    args.key     = NIL_P(key)     ? NULL : StringValueCStr(key);
+    args.setting = NIL_P(setting) ? NULL : StringValueCStr(setting);
+#ifdef HAVE_RUBY_THREAD_H
+    value = rb_thread_call_without_gvl(bc_crypt_nogvl, &args, NULL, NULL);
+#else
+    value = bc_crypt_nogvl((void *)&args);
+#endif
-    if(!value || !data) return Qnil;
+    if(!value || !args.data) return Qnil;
     out = rb_str_new2(value);
-    xfree(data);
+    RB_GC_GUARD(key);
+    RB_GC_GUARD(setting);
+    free(args.data);
     return out;
 }

data/lib/bcrypt/engine.rb CHANGED Viewed

@@ -53,6 +53,13 @@ module BCrypt
     # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
     # a bcrypt() password hash. Secrets longer than 72 bytes are truncated.
     def self.hash_secret(secret, salt, _ = nil)
+      unless _.nil?
+        warn "[DEPRECATION] Passing the third argument to " \
+             "`BCrypt::Engine.hash_secret` is deprecated. " \
+             "Please do not pass the third argument which " \
+             "is currently not used."
+      end
       if valid_secret?(secret)
         if valid_salt?(salt)
           if RUBY_PLATFORM == "java"

data/lib/bcrypt_ext.jar CHANGED Viewed

Binary file

data/spec/bcrypt/password_spec.rb CHANGED Viewed

@@ -31,6 +31,12 @@ describe "Creating a hashed password" do
   specify "should tolerate very long string secrets" do
     expect { BCrypt::Password.create("abcd"*1024) }.not_to raise_error
   end
+  specify "blows up when null bytes are in the string" do
+    # JRuby can handle the null bytes
+    skip if RUBY_ENGINE == 'jruby'
+    expect { BCrypt::Password.create( "foo\0bar".chop  ) }.to raise_error
+  end
 end
 describe "Reading a hashed password" do

metadata CHANGED Viewed

@@ -1,21 +1,21 @@
 --- !ruby/object:Gem::Specification
 name: bcrypt
 version: !ruby/object:Gem::Version
-  version: 3.1.17
+  version: 3.1.19
 platform: java
 authors:
 - Coda Hale
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-14 00:00:00.000000000 Z
+date: 2023-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: 1.2.0
   name: rake-compiler
   prerelease: false
   type: :development
@@ -23,7 +23,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -62,7 +62,6 @@ files:
 - Gemfile
 - README.md
 - Rakefile
-- appveyor.yml
 - bcrypt.gemspec
 - ext/jruby/bcrypt_jruby/BCrypt.java
 - ext/mri/bcrypt_ext.c

data/appveyor.yml DELETED Viewed

@@ -1,50 +0,0 @@
-version: "{branch}-{build}"
-build: off
-clone_depth: 1
-init:
-  # Install Ruby head
-  - if %RUBY_VERSION%==head (
-      appveyor DownloadFile https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-head/rubyinstaller-head-x86.exe -FileName C:\head_x86.exe &
-      C:\head_x86.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
-    )
-  - if %RUBY_VERSION%==head-x64 (
-      appveyor DownloadFile https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-head/rubyinstaller-head-x64.exe -FileName C:\head_x64.exe &
-      C:\head_x64.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
-    )
-  # Add Ruby to the path
-  - set PATH=C:\Ruby%RUBY_VERSION%\bin;%PATH%
-environment:
-  matrix:
-    - RUBY_VERSION: "head"
-    - RUBY_VERSION: "head-x64"
-    - RUBY_VERSION: "25"
-    - RUBY_VERSION: "25-x64"
-    - RUBY_VERSION: "24"
-    - RUBY_VERSION: "24-x64"
-    - RUBY_VERSION: "23"
-    - RUBY_VERSION: "23-x64"
-    - RUBY_VERSION: "22"
-    - RUBY_VERSION: "22-x64"
-    - RUBY_VERSION: "21"
-    - RUBY_VERSION: "21-x64"
-    - RUBY_VERSION: "200"
-    - RUBY_VERSION: "200-x64"
-install:
-  - ps: "Set-Content -Value 'gem: --no-ri --no-rdoc ' -Path C:\\ProgramData\\gemrc"
-  - if %RUBY_VERSION%==head     ( gem install bundler -v'< 2' )
-  - if %RUBY_VERSION%==head-x64 ( gem install bundler -v'< 2' )
-  - bundle install
-before_build:
-  - ruby -v
-  - gem -v
-build_script:
-  - bundle exec rake compile -rdevkit
-test_script:
-  - bundle exec rake spec