Fix #52093: openssl_csr_sign truncates $serial

We use `ASN1_INTEGER_set_int64()` if supported[1], to avoid the truncation of the integer. [1] <https://www.openssl.org/docs/man1.1.0/man3/ASN1_INTEGER_set_int64.html#HISTORY> Closes GH-7209.
php · Jul 1, 2021 · 334387b · 334387b
1 parent d7db570
commit 334387b
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 2 deletions.
diff --git a/NEWS b/NEWS
@@ -17,6 +17,9 @@ PHP                                                                        NEWS
     (cmb)
   . Fixed bug #68471 (IntlDateFormatter fails for "GMT+00:00" timezone). (cmb)
 
+- OpenSSL:
+  . Fixed bug #52093 (openssl_csr_sign truncates $serial). (cmb)
+
 - PCRE:
   . Fixed bug #81101 (PCRE2 10.37 shows unexpected result). (Anatol)
 

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -3524,8 +3524,11 @@ PHP_FUNCTION(openssl_csr_sign)
 		goto cleanup;
 	}
 
-
-	ASN1_INTEGER_set(X509_get_serialNumber(new_cert), (long)serial);
+#if PHP_OPENSSL_API_VERSION >= 0x10100
+	ASN1_INTEGER_set_int64(X509_get_serialNumber(new_cert), serial);
+#else
+	ASN1_INTEGER_set(X509_get_serialNumber(new_cert), serial);
+#endif
 
 	X509_set_subject_name(new_cert, X509_REQ_get_subject_name(csr));
 

diff --git a/ext/openssl/tests/bug52093.phpt b/ext/openssl/tests/bug52093.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #52093 (openssl_csr_sign truncates $serial)
+--SKIPIF--
+<?php
+if (!extension_loaded("openssl")) print "skip";
+if (PHP_INT_SIZE !== 8) die("skip this test is for 64bit platforms only");
+?>
+--FILE--
+<?php
+$dn = array(
+    "countryName" => "BR",
+    "stateOrProvinceName" => "Rio Grande do Sul",
+    "localityName" => "Porto Alegre",
+    "commonName" => "Henrique do N. Angelo",
+    "emailAddress" => "hnangelo@php.net"
+);
+
+$privkey = openssl_pkey_new();
+$csr = openssl_csr_new($dn, $privkey);
+$cert = openssl_csr_sign($csr, null, $privkey, 365, [], PHP_INT_MAX);
+var_dump(openssl_x509_parse($cert)['serialNumber']);
+?>
+--EXPECT--
+string(19) "9223372036854775807"