Bug#511519: Bug in libcrypt-openssl-dsa-perl fixed in revision 29567
Kurt Roeckx
kurt at roeckx.be
Mon Jan 12 00:10:00 UTC 2009
On Sun, Jan 11, 2009 at 09:56:07PM +0000, pkg-perl-maintainers at lists.alioth.debian.org wrote:
> tag 511519 + pending
> thanks
>
> Some bugs are closed in revision 29567
> by Ryan Niebur (ryan52-guest)
>
> Commit message:
>
> check the return code of DSA_do_verify, and croak on error (Closes:
> #511519)
I'm not really sure what changed here. But where DSA_verify() is called
now, it already calls croak() in case of -1. But it should probably
also complain that it was an incorrect signature in case it returns 0
and change the RETVAL to 0 in case it was -1.
The documentation isn't really clear, it just says:
my $valid = $dsa_pub->do_verify($message, $sig_obj);
And:
my $valid = $dsa_pub->verify($message, $sig);
It doesn't document the possible return codes, so when I read
that I assume it will be != 0 in case it's valid. Either it
needs to be documented properly that it can return -1 and then
check all the code that might be using it wrong, or it needs
to change the -1 to 0.
Kurt
More information about the pkg-perl-maintainers
mailing list