/ 
Crypt-Perl-0.21
/ Crypt::Perl::ECDSA::EC::DB
Security Advisories (2)
CVE-2020-17478 (2020-08-10)

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.

CVE-2020-13895 (2020-06-07)

Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.

NAME

Crypt::Perl::ECDSA::EC::DB - Interface to this module’s CurvesDB datastore

SYNOPSIS

my $oid = Crypt::Perl::ECDSA::EC::DB::get_oid_for_curve_name('prime256v1');

my $data_hr = Crypt::Perl::ECDSA::EC::DB::get_curve_data_by_oid('1.2.840.10045.3.1.7');

my $name = Crypt::Perl::ECDSA::EC::DB::get_curve_name_by_data(
    p => ...,   #isa Crypt::Perl::BigInt
    a => ...,   #isa Crypt::Perl::BigInt
    b => ...,   #isa Crypt::Perl::BigInt
    n => ...,   #isa Crypt::Perl::BigInt
    h => ...,   #isa Crypt::Perl::BigInt
    gx => ...,   #isa Crypt::Perl::BigInt
    gy => ...,   #isa Crypt::Perl::BigInt
    seed => ..., #isa Crypt::Perl::BigInt, optional
);

#The opposite query from the preceding.
my $data_hr = Crypt::Perl::ECDSA::EC::DB::get_curve_data_by_name('prime256v1');

DISCUSSION

This interface is undocumented for now.