bcrypt 3.1.21 → 3.1.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +3 -0
  3. data/ext/jruby/bcrypt_jruby/BCrypt.java +4 -3
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa13e8b4f6aac23de3fcc9d21adc4e4b4044062bf4ba2f018c1f5c93d8b5cdcb
4
- data.tar.gz: 8b21ad83d2cee9300bdb473be06e0279d362abe9208611d93e95b1705e952924
3
+ metadata.gz: 521c5039d4a683bdf17faa98c3fddc47318f415597bd7575615c1f309ba65a4d
4
+ data.tar.gz: 9abdb8766bcfdc8cfeacbe41eb66fd0a8436ad5b1e9ff67b18239019387be3a1
5
5
  SHA512:
6
- metadata.gz: a8438676f67091b255eac5db57fb4b4834207ab674952a4e78609327f9fc305cbdc9eff5e39e26171ca312308f578bcb5a75907d9afebf8030bdd868cd3141af
7
- data.tar.gz: 4939905ff2bdcf4b4ac7dd7081bbab59a712f271a1a2edc04c001602fcba45f43cc853843743012fd573729e08e281bc1cd54653f14ba76e98795b1483e6dc9e
6
+ metadata.gz: 6ce98e4f36915b8fb3dc2cc5a0dadb7624914bbfabd8d5e804ac1c945c8fe23794c1a3652841634766c5fe8876cd06ccb04b737c84f54e6b4bca82701d529c07
7
+ data.tar.gz: 9a2eddcb94fa016dfae3e46901df0cd5f9afd30c63789eb4682cf9fc7b55cc3348e1822663a4c4cff9f277d26a6f907ba139d2578fb1510b58559ee76d58d2ce
data/CHANGELOG CHANGED
@@ -1,3 +1,6 @@
1
+ 3.1.22 Mar 18 2026
2
+ - [CVE-2026-33306] Fix integer overflow in Java extension
3
+
1
4
  3.1.21 Dec 31 2025
2
5
  - Use constant time comparisons
3
6
  - Mark as Ractor safe
data/ext/jruby/bcrypt_jruby/BCrypt.java CHANGED
@@ -688,20 +688,21 @@ public class BCrypt {
688
688
  */
689
689
  private byte[] crypt_raw(byte password[], byte salt[], int log_rounds,
690
690
  boolean sign_ext_bug, int safety) {
691
- int rounds, i, j;
691
+ long rounds;
692
+ int i, j;
692
693
  int cdata[] = bf_crypt_ciphertext.clone();
693
694
  int clen = cdata.length;
694
695
  byte ret[];
695
696
 
696
697
  if (log_rounds < 4 || log_rounds > 31)
697
698
  throw new IllegalArgumentException ("Bad number of rounds");
698
- rounds = 1 << log_rounds;
699
+ rounds = roundsForLogRounds(log_rounds);
699
700
  if (salt.length != BCRYPT_SALT_LEN)
700
701
  throw new IllegalArgumentException ("Bad salt length");
701
702
 
702
703
  init_key();
703
704
  ekskey(salt, password, sign_ext_bug, safety);
704
- for (i = 0; i < rounds; i++) {
705
+ for (long r = 0; r < rounds; r++) {
705
706
  key(password, sign_ext_bug, safety);
706
707
  key(salt, false, safety);
707
708
  }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bcrypt
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.21
4
+ version: 3.1.22
5
5
  platform: ruby
6
6
  authors:
7
7
  - Coda Hale
@@ -126,7 +126,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
126
126
  - !ruby/object:Gem::Version
127
127
  version: '0'
128
128
  requirements: []
129
- rubygems_version: 4.0.3
129
+ rubygems_version: 4.0.6
130
130
  specification_version: 4
131
131
  summary: OpenBSD's bcrypt() password hashing algorithm.
132
132
  test_files: []