Autor: megabug
Data:
Para: hackmeeting
Asunto: Re: [Hackmeeting] maledetto php buggato (openssl)
On Thursday 26 November 2009 19:51:04 Gufo Rosso wrote:
> qualcuno me lo conferma ?
No.
Stai sbagliando qualcosa con le chiavi, a me va.
(l'esempio che ti allego non stampa "errore")
ciao
--
megabug
$fp=fopen("/etc/ssl/certs/ssl-cert-snakeoil.pem","r");
$pub_key=fread($fp,8192);
fclose($fp);
openssl_get_publickey($pub_key);
$fp=fopen("/etc/ssl/private/ssl-cert-snakeoil.key","r");
$priv_key=fread($fp,8192);
fclose($fp);
$test1_src = 'prova dwwwwwwwwwwwwwwwwwi qqq111111111111111111111111';
$test2_src = 'prova dwwwwwwwwwwwwwwwwwwi qqq111111111111111111111111';
openssl_public_encrypt($test1_src, $crypttext, $pub_key);
openssl_private_decrypt($crypttext, $test1_plain, $priv_key);
openssl_public_encrypt($test2_src, $crypttext, $pub_key);
openssl_private_decrypt($crypttext, $test2_plain, $priv_key);
if ($test1_src !== $test1_plain) {
echo "errore";
}
if ($test2_src !== $test2_plain) {
echo "errore";
}
echo $test1_src." -> ".$test1_plain."\n";
echo $test2_src." -> ".$test2_plain."\n";