Security Advisories (2)

CVE-2020-17478 (2020-08-10)

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.

https://github.com/FGasper/p5-Crypt-Perl/compare/0.32...0.33

CVE-2020-13895 (2020-06-07)

Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.

NAME

Crypt::Perl::PK - Public-key cryptography logic

SYNOPSIS

#Will be an instance of the appropriate Crypt::Perl key class,
#i.e., one of:
#
#   Crypt::Perl::RSA::PrivateKey
#   Crypt::Perl::RSA::PublicKey
#   Crypt::Perl::ECDSA::PrivateKey
#   Crypt::Perl::ECDSA::PublicKey
#
my $key_obj = Crypt::Perl::PK::parse_jwk( { .. } );

#Likewise. Feed it public or private, DER or PEM format,
#RSA or ECDSA.
my $key_obj = Crypt::Perl::PK::parse_key( $octet_string );

DISCUSSION

As of now there’s not much of interest to find here except parsing of JWKs.

To install Crypt::Perl, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::Perl

CPAN shell

perl -MCPAN -e shell
install Crypt::Perl

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DISCUSSION

Module Install Instructions