[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] X.509, RFC4523, RFC3641, big Ints
Howard,
Howard Chu wrote:
Something that we've recently encountered while testing our Certificate
validation rules is certificates whose serial numbers are integers whose
values are larger than 4 octets. I'm wondering how other folks deal with
these things. Integers that occur within the LDAP protocol are generally
constrained to maxInt, 2^31 - 1, but no such constraint applies anywhere
else. Do you use a multi-precision math library to generate the decimal
representation of these integers?
I represent large integers in two's complement as a variable length array
of octets. I wrote my own routines to do the multiply by 10 and divide by 10
that is required to convert to and from decimal. I treat the octet array
as a number in base 256 (so each octet is a "digit") and coded the routines
to perform the operations in the way I would if I were doing it by hand
(with carries and remainders and such). The operations turn out to be
fairly simple because one of the operands is only ever one "digit".
For now we've copied the OpenSSL library's behavior, which is to use
decimal for up to 31 bit numbers, and just output the hexadecimal octets
for anything larger. But this clearly doesn't conform to the GSER
definition of INTEGER.
As an aside, I really wish we were using hex for the canonical Integer
representation; then any system could manipulate integers of any size
independently of any native word size...
It would always be possible to define hexadecimal as an alternative
representation for integers in GSER, perhaps distinguished from decimal
by a leading 0x .
Regards,
Steven
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext