/ 
Crypt-Perl-0.31
/ Crypt::Perl::PKCS10::Attributes
Security Advisories (2)
CVE-2020-17478 (2020-08-10)

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.

CVE-2020-13895 (2020-06-07)

Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.

NAME

Crypt::Perl::PKCS10::Attributes - CSR “attributes” collection

SYNOPSIS

#Each object passed should be an instance of a subclass of
#Crypt::Perl::PKCS10::Attribute (NB: not this class!)
my $attrs = Crypt::Perl::PKCS10::Attributes->new( @ATTR_OBJS );

#...or:

my $attrs = Crypt::Perl::PKCS10::Attributes->new(
    [ $attr_type1 => \@args1 ],
    [ $attr_type2 => \@args2 ],
);

#...for example:

my $attrs = Crypt::Perl::PKCS10::Attributes->new(
    [ challengePassword => 'iNsEcUrE' ],
);

DESCRIPTION

Instances of this class represent the “attributes” collection in a PKCS #10 Certificate Signing Request.

You probably don’t need to instantiate this class directly; instead, you can instantiate it implicitly by listing out arguments to Crypt::Perl::PKCS10’s constructor. See that module’s SYNOPSIS for an example.

The following X.509 extensions are supported: