Re: [Hackmeeting] maledetto php buggato (openssl)

Delete this message

Reply to this message
Author: Gufo Rosso
Date:  
To: hackmeeting
Subject: Re: [Hackmeeting] maledetto php buggato (openssl)

----- Original Message -----
From: "megabug" <megabug@???>
To: <hackmeeting@???>
Sent: Friday, November 27, 2009 10:28 AM
Subject: Re: [Hackmeeting] maledetto php buggato (openssl)


On Thursday 26 November 2009 19:51:04 Gufo Rosso wrote:
> qualcuno me lo conferma ?


No.

Stai sbagliando qualcosa con le chiavi, a me va.
(l'esempio che ti allego non stampa "errore")

se la stringa da cifrare decifrare e' corta lo esegue correttamente



os ?
mi sembra di capire ch abbiamo una differenza sostanziale di OS (a me piace
avere lo stesso script che
va dappertutto sia in windows ch in linux (probabilmente php win 32 ha un
errore grave nella gestione di questa cosa)

il tuo script su WAMP non va da degli errori (anche correggendo i path)
sempre lo stesso errore mi stampa 2 errore

gerero il certificato, lo testo
se la stringa e' corta ok altrimenti ciccia


<?
/* if(empty($appl['APPL'])){
header("Location: http://".$_SERVER['SERVER_NAME']);
exit;
} */

error_reporting(E_ALL | E_NOTICE);
date_default_timezone_set('Europe/Rome');


$POST = array();

$POST['algo'] = "OPENSSL_ALGO_MD5";
$POST['keys'] = 512;
$POST['pv0'] = $POST['pv1'] = '1234567890987654321234567';
$POST['dat'] = 'TEST';


$POST['natio'] = 'IT';
$POST['countr'] = 'ITALY';
$POST['prv'] = 'BAGANZOLA (PR)';
$POST['unit'] = 'localunit';
$POST['mail'] = 'prove@???';
$POST['yars'] = '5';
$POST['fp'] = '2';

$table['user'] = 'table';


         if(in_array($POST['algo'], array("OPENSSL_ALGO_SHA1",
               "OPENSSL_ALGO_MD5",
               "OPENSSL_ALGO_MD4",
               "OPENSSL_ALGO_MD2",
               "OPENSSL_ALGO_DSS1"))){
               $algo = $POST['algo'];


         }else{


               $algo = "OPENSSL_ALGO_MD5";
         }


if(in_array($POST['keys'], 
array("512","1024","1536","2048","3072","4096","4608","6656","8192"))){
               $key = (int) $POST['keys'];
}else{
               $key = (int) 4096;
}



if($POST['pv0']===$POST['pv1']){
    $pass = $POST['pv0'];
}else{
    echo "{\"pass\": \"false\"}";
}



// echo dirname(__FILE__);

define('OPEN_SSL_CONF_PATH', dirname(__FILE__).'./openssl.cnf');

// function OpenSSL() { $this->config = array("config" =>
OPEN_SSL_CONF_PATH); }


$ssl_configargs = array(
"config" => OPEN_SSL_CONF_PATH,
"digest_alg" => $algo,
"private_key_bits" => $key,
"basicConstraints" => "critical,CA:true",
"keyUsage" => "cRLSign, keyCertSign",
"nsCertType" => "sslCA, emailCA",
'x509_extensions' => 'v3_ca',
'req_extensions' => 'v3_req',
'name_opt' => $POST['dat']
);


$dn = array("countryName" => $POST['natio'],
"stateOrProvinceName" => $POST['countr'],
"localityName" => $POST['prv'],
"organizationName" => $POST['dat'],
"organizationalUnitName" => $POST['unit'],
"commonName" => $POST['dat'] ,
"emailAddress" => $POST['mail']);

// $ssl_configargs


$numberofdays = $POST['yars'] * 365;

$pkey = openssl_pkey_new($ssl_configargs);
var_dump($pkey);

$csr = openssl_csr_new( $dn, $privkey,$ssl_configargs);
openssl_pkey_export($privkey, $pkeyout,$pass,$ssl_configargs);
var_dump($csr);


$sscert = openssl_csr_sign( $csr, null, $privkey, $numberofdays,
$ssl_configargs);

var_dump($sscert);


openssl_csr_export( $csr, $csrout );
openssl_x509_export( $sscert, $certout );


$detail = openssl_x509_parse ($certout);
$res = openssl_get_publickey($certout);

$source = 'vbebvuweb vgh 8g2h528ghv 24gh v745hv g87vh4g28 vh2847';

// herror here !!!!!!! uncomment source

// $source .= 'vbebvuweb vgh 8g2h528ghv 24gh v745hv g87vh4g28 vh2847';
// $source .= 'vbebvuweb vgh 8g2h528ghv 24gh v745hv g87vh4g28 vh2847';

openssl_public_encrypt($source,$crypttext,$res);
echo $crypttext;
openssl_private_decrypt($crypttext,$plain, $privkey);


echo "<br>";
echo $plain;
echo "<br>";

$f = true;
if($plain!==$source){
echo '{"certificate":"false"}';
$f = false;
}

echo date('s');




echo $sql1 = "INSERT INTO ".$table['user']."certificate SET cr_root='S',
cr_fp='".$POST["fp"]."',
cr_s_c='".$detail["subject"]["C"]."',
cr_s_st='".$detail["subject"]["ST"]."',
cr_s_l='".$detail["subject"]["L"]."',
cr_s_o='".$detail["subject"]["O"]."',
cr_s_ou='".$detail["subject"]["OU"]."',
cr_s_cn='".$detail["subject"]["CN"]."',
cr_s_mail='".$detail["subject"]["emailAddress"]."',
cr_i_c='".$detail["issuer"]["C"]."',
cr_i_st='".$detail["issuer"]["ST"]."',
cr_i_l='".$detail["issuer"]["L"]."',
cr_i_o='".$detail["issuer"]["O"]."',
cr_i_ou='".$detail["issuer"]["OU"]."',
cr_i_cn='".$detail["issuer"]["CN"]."',
cr_i_mail='".$detail["issuer"]["emailAddress"]."',
cr_hash='".$detail["hash"]."',
cr_ver='".$detail["version"]."',
cr_serial='".$detail["serialNumber"]."',
cr_start='".date('Y-m-d H:i:s',$detail["validFrom_time_t"])."',
cr_end='".date('Y-m-d H:i:s',$detail["validTo_time_t"])."',
cr_subjectkeyi='".$detail["extensions"]["subjectKeyIdentifier"]."',
cr_authoritykeyi='".$detail["extensions"]["authorityKeyIdentifier"]."',
cr_basicc='".$detail["extensions"]["basicConstraints"]."',
cr_critical='S',
cr_pws='S',
cr_keysiz='".$key."',
cr_cer='".addslashes($certout)."',
cr_csr='".addslashes($csrout)."',
cr_key='".addslashes($pkeyout)."'
";

$result1 = true;
// $result1 = $db->sql_query($sql1);

if($result1==true AND $f==true){
    echo '{"certificate":"true"}';
}



// var_dump($detail);


file_put_contents('certificate.cer',$certout);

file_put_contents('certificate.csr',$csrout);



file_put_contents('certificate.key',$pkeyout);


?>