|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52093 openssl_csr_sign truncates $serial
Submitted: 2010-06-16 11:34 UTC Modified: 2021-06-30 13:51 UTC
Avg. Score:3.3 ± 1.2
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: dreuzel at belgacom dot net Assigned: cmb (profile)
Status: Closed Package: OpenSSL related
PHP Version: 5.3.2 OS: win7
Private report: No CVE-ID: None
 [2010-06-16 11:34 UTC] dreuzel at belgacom dot net
The  Certificat  defintion OpenSSL   allows for  numerical serial numbers up to 
20 positions or more..    
In PHP  there is  build  in integer   rerstriction only allowing  half the serial
numbers .....   higher  numbers  have a cleared  part......

The serial needs to be  numerical no problem  but it need not be an integer
or limited by that  (allow  higher numbers)


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-08-02 14:27 UTC] narf at devilix dot net
There's a worse problem with this ... It's not even supposed to be a decimal number.
 [2018-02-28 19:52 UTC]
-Package: Unknown/Other Function +Package: OpenSSL related
 [2019-08-18 20:35 UTC] hunterr83 at hotmail dot com
Not sure if the same thing, but very related.

When I do print(PHP_INT_MAX), I get a value of 9223372036854775807. However, when I try to pass in that value to the serial number parameter, the certificate that is generated shows a serial value of ff, which is 255.

Similarly, if I go down one count in value and pass in 9223372036854775806, then I get a final serial number of fe, which is 254.

If I pass in 4294967290, then I get fa, which is 250.

Some rough testing shows that the maximum value the function is willing to accept is something a bit higher than 4,000,000,000. Once you go above whatever the actual cap is, you start to see some really strange serial numbers. I feel if it's too difficult to support the PHP_INT_MAX value, then we could at least throw an error if the integer being passed in is more than the function can support.
 [2021-06-30 12:37 UTC]
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2021-06-30 12:37 UTC]
The following pull request has been associated:

Patch Name: Fix #52093: openssl_csr_sign silently truncates $serial
On GitHub:
 [2021-06-30 13:51 UTC]
-Summary: Openssl_csr_sign (serial) +Summary: openssl_csr_sign truncates $serial
 [2021-07-01 13:46 UTC]
Automatic comment on behalf of cmb69
Log: Fix #52093: openssl_csr_sign truncates $serial
 [2021-07-01 13:46 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri Jul 30 10:01:23 2021 UTC