/ 
Crypt-Perl-0.31_01
/ Crypt::Perl::RSA::PKCS1_v1_5
Security Advisories (2)
CVE-2020-17478 (2020-08-10)

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.

CVE-2020-13895 (2020-06-07)

Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.

NAME

Crypt::Perl::RSA::PKCS1_v1_5 - PKCS1 v1.5 signature padding

SYNOPSIS

my $digest = Digest::SHA::sha256('This is my message.');

my $sig = Crypt::Perl::RSA::PKCS1_v1_5::encode(
    $digest,
    'sha256',   #digest OID; see below
    2048,       #the bit length of the key’s modulus
);

#This value should match $digest.
my $digest_dec = Crypt::Perl::RSA::PKCS1_v1_5::decode(
    $sig,
    'sha256',
);

LIST OF DIGEST OIDs

  • sha512

  • sha384

  • sha256

The following are considered too weak for good security now; they’re included for historical interest.

  • sha1

  • md5

  • md2