bcrypt 3.1.20 → 3.1.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +4 -0
- data/README.md +2 -2
- data/ext/mri/bcrypt_ext.c +4 -0
- data/lib/bcrypt/password.rb +10 -1
- metadata +36 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fa13e8b4f6aac23de3fcc9d21adc4e4b4044062bf4ba2f018c1f5c93d8b5cdcb
|
|
4
|
+
data.tar.gz: 8b21ad83d2cee9300bdb473be06e0279d362abe9208611d93e95b1705e952924
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a8438676f67091b255eac5db57fb4b4834207ab674952a4e78609327f9fc305cbdc9eff5e39e26171ca312308f578bcb5a75907d9afebf8030bdd868cd3141af
|
|
7
|
+
data.tar.gz: 4939905ff2bdcf4b4ac7dd7081bbab59a712f271a1a2edc04c001602fcba45f43cc853843743012fd573729e08e281bc1cd54653f14ba76e98795b1483e6dc9e
|
data/CHANGELOG
CHANGED
data/README.md
CHANGED
|
@@ -30,8 +30,8 @@ re-hash those passwords. This vulnerability only affected the JRuby gem.
|
|
|
30
30
|
The bcrypt gem is available on the following Ruby platforms:
|
|
31
31
|
|
|
32
32
|
* JRuby
|
|
33
|
-
* RubyInstaller
|
|
34
|
-
* Any
|
|
33
|
+
* RubyInstaller builds on Windows with the DevKit
|
|
34
|
+
* Any modern Ruby on a BSD/OS X/Linux system with a compiler
|
|
35
35
|
|
|
36
36
|
## How to use `bcrypt()` in your Rails application
|
|
37
37
|
|
data/ext/mri/bcrypt_ext.c
CHANGED
|
@@ -111,6 +111,10 @@ static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
|
|
|
111
111
|
|
|
112
112
|
/* Create the BCrypt and BCrypt::Engine modules, and populate them with methods. */
|
|
113
113
|
void Init_bcrypt_ext(){
|
|
114
|
+
#ifdef HAVE_RB_EXT_RACTOR_SAFE
|
|
115
|
+
rb_ext_ractor_safe(true);
|
|
116
|
+
#endif
|
|
117
|
+
|
|
114
118
|
mBCrypt = rb_define_module("BCrypt");
|
|
115
119
|
cBCryptEngine = rb_define_class_under(mBCrypt, "Engine", rb_cObject);
|
|
116
120
|
|
data/lib/bcrypt/password.rb
CHANGED
|
@@ -73,8 +73,17 @@ module BCrypt
|
|
|
73
73
|
# @password == @password.to_s # => False
|
|
74
74
|
# @password.to_s == @password # => True
|
|
75
75
|
# @password.to_s == @password.to_s # => True
|
|
76
|
+
#
|
|
77
|
+
# secret == @password # => probably False, because the secret is not a BCrypt::Password instance.
|
|
76
78
|
def ==(secret)
|
|
77
|
-
|
|
79
|
+
hash = BCrypt::Engine.hash_secret(secret, @salt)
|
|
80
|
+
|
|
81
|
+
return false if hash.strip.empty? || strip.empty? || hash.bytesize != bytesize
|
|
82
|
+
|
|
83
|
+
# Constant time comparison so they can't tell the length.
|
|
84
|
+
res = 0
|
|
85
|
+
bytesize.times { |i| res |= getbyte(i) ^ hash.getbyte(i) }
|
|
86
|
+
res == 0
|
|
78
87
|
end
|
|
79
88
|
alias_method :is_password?, :==
|
|
80
89
|
|
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bcrypt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.1.
|
|
4
|
+
version: 3.1.21
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Coda Hale
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: rake-compiler
|
|
@@ -38,6 +37,34 @@ dependencies:
|
|
|
38
37
|
- - ">="
|
|
39
38
|
- !ruby/object:Gem::Version
|
|
40
39
|
version: '3'
|
|
40
|
+
- !ruby/object:Gem::Dependency
|
|
41
|
+
name: rdoc
|
|
42
|
+
requirement: !ruby/object:Gem::Requirement
|
|
43
|
+
requirements:
|
|
44
|
+
- - ">="
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: 7.0.3
|
|
47
|
+
type: :development
|
|
48
|
+
prerelease: false
|
|
49
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
50
|
+
requirements:
|
|
51
|
+
- - ">="
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: 7.0.3
|
|
54
|
+
- !ruby/object:Gem::Dependency
|
|
55
|
+
name: benchmark
|
|
56
|
+
requirement: !ruby/object:Gem::Requirement
|
|
57
|
+
requirements:
|
|
58
|
+
- - ">="
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
version: 0.5.0
|
|
61
|
+
type: :development
|
|
62
|
+
prerelease: false
|
|
63
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
64
|
+
requirements:
|
|
65
|
+
- - ">="
|
|
66
|
+
- !ruby/object:Gem::Version
|
|
67
|
+
version: 0.5.0
|
|
41
68
|
description: |2
|
|
42
69
|
bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project
|
|
43
70
|
for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling
|
|
@@ -47,13 +74,13 @@ executables: []
|
|
|
47
74
|
extensions:
|
|
48
75
|
- ext/mri/extconf.rb
|
|
49
76
|
extra_rdoc_files:
|
|
50
|
-
- README.md
|
|
51
|
-
- COPYING
|
|
52
77
|
- CHANGELOG
|
|
78
|
+
- COPYING
|
|
79
|
+
- README.md
|
|
80
|
+
- lib/bcrypt.rb
|
|
53
81
|
- lib/bcrypt/engine.rb
|
|
54
82
|
- lib/bcrypt/error.rb
|
|
55
83
|
- lib/bcrypt/password.rb
|
|
56
|
-
- lib/bcrypt.rb
|
|
57
84
|
files:
|
|
58
85
|
- CHANGELOG
|
|
59
86
|
- COPYING
|
|
@@ -77,8 +104,8 @@ files:
|
|
|
77
104
|
homepage: https://github.com/bcrypt-ruby/bcrypt-ruby
|
|
78
105
|
licenses:
|
|
79
106
|
- MIT
|
|
80
|
-
metadata:
|
|
81
|
-
|
|
107
|
+
metadata:
|
|
108
|
+
changelog_uri: https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG
|
|
82
109
|
rdoc_options:
|
|
83
110
|
- "--title"
|
|
84
111
|
- bcrypt-ruby
|
|
@@ -99,8 +126,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
99
126
|
- !ruby/object:Gem::Version
|
|
100
127
|
version: '0'
|
|
101
128
|
requirements: []
|
|
102
|
-
rubygems_version:
|
|
103
|
-
signing_key:
|
|
129
|
+
rubygems_version: 4.0.3
|
|
104
130
|
specification_version: 4
|
|
105
131
|
summary: OpenBSD's bcrypt() password hashing algorithm.
|
|
106
132
|
test_files: []
|