I got those for Passwd::Keyring::PwSafe3 but they seem to be caused by your module. Not sure whether they are sufficient to diagnose but mayhaps…

1. Windows problems with temporary file (both practically identical)

http://www.cpantesters.org/cpan/report/c6375bfe-6c15-1014-b28c-64d78ddf5304
http://www.cpantesters.org/cpan/report/3df707a4-6bfe-1014-8823-09d9f6238fb6

(before going deeper: I'd consider using File::Temp instead of your current method, mayhaps the name turns too long, or there is some collision)

2. Integrity failure

http://www.cpantesters.org/cpan/report/0df0824a-9721-11e4-b221-9e126cbd7f71

(this is quite ugly, looks like first save crashed but later on things worked properly)

I saw this when running a unit test. I believe the change happened between Crypt::CBC 2.33 and Crypt::CBC 3.00 from 2021.
It's possible I'm doing something weird to trigger this that other people don't see. Or it's possible that not many people have upgraded Crypt::CBC recently.

I've created a bug report for Crypt::CBC with the same information. https://rt.cpan.org/Ticket/Display.html?id=145836

Error: 'blocksize' is not a recognized argument at /home/runner/work/tel/tel/local/lib/perl5/Crypt/CBC.pm line 312.
 at /home/runner/work/tel/tel/local/lib/perl5/Crypt/PWSafe3.pm line 260.

I created small passwordsafe database (using passwordsafe GUI) with various Polish characters in group or user names. When I was previously using the module (~6 months ago) database was read just fine by Crypt::PWSafe3, unfortunately, no more. Now I get:

'<' allowed only after types sSiIlLqQjJfFdDpP( in unpack at /home/marcink/perl_patches/Crypt--PWSafe3/blib/lib/Crypt/PWSafe3/Field.pm line 79.

You can pull test-case (sample database and test file which reads it) from
Mekk@cfbfcd6

Note: I test on Ubuntu 13.04 Linux, perl 5.14.2

See subject. Some pointers:

• date-sorted list of reports: http://matrix.cpantesters.org/?dist=Crypt-PWSafe3%201.22;reports=1#sl=7,1
• a random fail report: http://www.cpantesters.org/cpan/report/f6581ee4-8414-11eb-a434-19407f78d25b

Attempt to

cpan Crypt::PWSafe3

ends up in

Running make for T/TL/TLINDEN/Crypt-PWSafe3-1.13.tar.gz
(...)
t/run.t .. 1/? 
   Failed test 'use Crypt::PWSafe3;'
   at t/run.t line 18.
   Tried to use 'Crypt::PWSafe3'.
   Error:  Can't locate Crypt/PWSafe3/PasswordPolicy.pm in @INC 

Likely reason: this file (PasswordPolicy.pm) is missing in the MANIFEST (so was not packaged to .tar.gz and was not distributed).

I was investigating why something I wrote was hanging after a few runs and I discoverted it was because I was running out of entropy. I further tracked this to using Crypt::Random and saw that Bytes::Random::Secure seems to be the better option.

However, I was still confused why it needed to generate a random number just to open an existing file. I looked at how things worked and saw that read() was calling stretchpw() which had this line near the end:

$passwd = $this->random(64);

This isn't returned from the sub and doesn't seemed to be referenced anywhere. Commenting the line out seems to fix my issue, but might create problems in other places I don't know about. If the intention is to overwrite the plaintext password in memory can you just zero it instead of using random?

I think my only alternative for my program would be to require Bytes::Random::Secure if they use Crypt::PWSafe3, since Crypt::Random can block silently in places without the user knowing why.

I started distributing my wrapper around Crypt::PWSafe3 ( http://search.cpan.org/~mekk/Passwd-Keyring-PWSafe3-0.20/lib/Passwd/Keyring/PWSafe3.pm - sources at https://bitbucket.org/Mekk/perl-keyring-pwsafe3 ) together with some test suite, and I got some cpantesters reports which seem related more to your module than mine, but could also pinpoint my wrong usage of your code. I'd be grateful if you could take a look and comment on those issues.

1. File integrity errors lik e http://www.cpantesters.org/cpan/report/b1ace1e2-33f2-11e2-8219-b9bba290f8f5 (I got a few such reports)

I distribute some sample password file - created with pwsafe GUI on my Linux - with my tests. In many cases it is used properly, but here we have

File integrity check failed (File integrity check failed at /tmp/loop_over_bdir-TsD8Db/Passwd-Keyring-PWSafe3-0.2001-SjyNqH/blib/lib/Passwd/Keyring/PWSafe3.pm line 277.
) at /tmp/loop_over_bdir-TsD8Db/Passwd-Keyring-PWSafe3-0.2001-SjyNqH/blib/lib/Passwd/Keyring/PWSafe3.pm line 277.

I am not sure whether it happens on first read, or on save after updates. My first doubt is whether it is at all sensible to distribute example file (= expect the format to be cross-platform).

2. Ugly undef warnings http://www.cpantesters.org/cpan/report/ecd74cfc-3452-11e2-a056-9b38e258596b

Leaving apart the exact meaning of tests, do you have any idea what are those undef warnings about?

3. Unpack errors http://www.cpantesters.org/cpan/report/d3f7c37a-3410-11e2-8c57-bbca67d21516

Ditto.

I am not sure whether those are problems in your code at all, but I lack the knowledge to interpret them by myself, so would be glad if you could make some comments.

The following code block looks questionable, after discovering that the default of Crypt::Random is to ensure the highest bit of every generated number is 1.

Which in practice means:

my $i = makerandom( Size => 256, Strength => 1 );

$i can never be an integer lower than 2 ** 255

eg:

use Crypt::Random qw( makerandom );

my $yes = 0; 
my $no = 0;

for ( 1..10000 ) {
  my $bits = makerandom( Size => 256, Strength => 1 );
  if ( $bits < 2 ** 255 ) {
    $yes++
  } else {
    $no++;
  }
}
printf qq[yes: %d, no: %d\n], $yes, $no;
# yes: 0, no: 10000

https://metacpan.org/pod/Crypt::Random#Uniform-0-||-1

When Uniform => 1, the distribution is from 0 .. 2**Size , not 2**(Size-1)+1 .. 2**Size

use Crypt::Random qw( makerandom );

my $yes = 0; 
my $no = 0;

for ( 1..10000 ) {
  my $bits = makerandom( Size => 256, Strength => 1, Uniform => 1);
  if ( $bits < 2 ** 255 ) {
    $yes++
  } else {
    $no++;
  }
}
printf qq[yes: %d, no: %d\n], $yes, $no;
# yes: 5079, no: 4921

It also seems odd that you call the return value of this function $bytes, when that function returns an integer, and doing substr() on an integer is uh. Weird.

https://metacpan.org/source/TLINDEN/Crypt-PWSafe3-1.22/lib/Crypt/PWSafe3.pm#L60-64