From 63780869fa5dbc3bf47fbd638851335e86d98753 Mon Sep 17 00:00:00 2001
From: Paul Mucur <mudge@mudge.name>
Date: Fri, 28 Feb 2025 13:26:58 +0000
Subject: [PATCH 1/2] Use RakeCompilerDock.set_ruby_cc_version

Note we still use the old rbenv default of Ruby 3.1.6 in the
rake-compiler-dock containers.
---
 Rakefile         | 3 ++-
 argon2id.gemspec | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Rakefile b/Rakefile
index e683e52..15cc102 100644
--- a/Rakefile
+++ b/Rakefile
@@ -20,7 +20,7 @@ cross_platforms = %w[
   x86_64-linux-musl
 ].freeze
 
-ENV["RUBY_CC_VERSION"] = "3.4.1:3.3.5:3.2.6:3.1.6:3.0.7:2.7.8:2.6.10"
+RakeCompilerDock.set_ruby_cc_version("~> 2.6", "~> 3.0")
 
 gemspec = Gem::Specification.load("argon2id.gemspec")
 
@@ -59,6 +59,7 @@ namespace :gem do
     desc "Compile and build native gem for #{platform}"
     task platform do
       RakeCompilerDock.sh <<~SCRIPT, platform: platform, verbose: true
+        rbenv shell 3.1.6 &&
         gem install bundler --no-document &&
         bundle &&
         bundle exec rake native:#{platform} pkg/#{gemspec.full_name}-#{Gem::Platform.new(platform)}.gem PATH="/usr/local/bin:$PATH"
diff --git a/argon2id.gemspec b/argon2id.gemspec
index e970d58..3bbaeff 100644
--- a/argon2id.gemspec
+++ b/argon2id.gemspec
@@ -54,6 +54,6 @@ Gem::Specification.new do |s|
   s.rdoc_options = ["--main", "README.md"]
 
   s.add_development_dependency("rake-compiler", "~> 1.2")
-  s.add_development_dependency("rake-compiler-dock", "~> 1.8")
+  s.add_development_dependency("rake-compiler-dock", "~> 1.9")
   s.add_development_dependency("minitest", "~> 5.25")
 end

From c8b915e828b8daee26da73dc97f51026e95a652b Mon Sep 17 00:00:00 2001
From: Paul Mucur <mudge@mudge.name>
Date: Fri, 28 Feb 2025 14:14:21 +0000
Subject: [PATCH 2/2] Add explicit validation of memory cost on JRuby

Recent versions of Bouncy Castle no longer raise an exception if a
memory cost smaller than the minimum of 8 is given (instead silently
using a minimum based on the number of lanes instead) so enforce this
ourselves for consistency.
---
 lib/argon2id/extension.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/argon2id/extension.rb b/lib/argon2id/extension.rb
index c887f79..937d4c5 100644
--- a/lib/argon2id/extension.rb
+++ b/lib/argon2id/extension.rb
@@ -10,6 +10,7 @@ module Argon2id
     class Password
       def self.hash_encoded(t_cost, m_cost, parallelism, pwd, salt, hashlen)
         raise Error, "Salt is too short" if salt.empty?
+        raise Error, "Memory cost is too small" if m_cost < 8
 
         salt_bytes = salt.to_java_bytes
         output = Java::byte[hashlen].new