Re: [Hackmeeting] maledetto php buggato (openssl)

Borrar esta mensaxe

Responder a esta mensaxe
Autor: megabug
Data:  
Para: hackmeeting
Asunto: Re: [Hackmeeting] maledetto php buggato (openssl)
On Thursday 26 November 2009 19:51:04 Gufo Rosso wrote:
> qualcuno me lo conferma ?


No.

Stai sbagliando qualcosa con le chiavi, a me va.
(l'esempio che ti allego non stampa "errore")

ciao
--
megabug




$fp=fopen("/etc/ssl/certs/ssl-cert-snakeoil.pem","r");
$pub_key=fread($fp,8192);
fclose($fp);
openssl_get_publickey($pub_key);

$fp=fopen("/etc/ssl/private/ssl-cert-snakeoil.key","r");
$priv_key=fread($fp,8192);
fclose($fp);

$test1_src = 'prova dwwwwwwwwwwwwwwwwwi qqq111111111111111111111111';
$test2_src = 'prova dwwwwwwwwwwwwwwwwwwi qqq111111111111111111111111';

openssl_public_encrypt($test1_src, $crypttext, $pub_key);
openssl_private_decrypt($crypttext, $test1_plain, $priv_key);
openssl_public_encrypt($test2_src, $crypttext, $pub_key);
openssl_private_decrypt($crypttext, $test2_plain, $priv_key);

if ($test1_src !== $test1_plain) {
echo "errore";
}
if ($test2_src !== $test2_plain) {
echo "errore";
}

echo $test1_src." -> ".$test1_plain."\n";
echo $test2_src." -> ".$test2_plain."\n";