Joe Gluck wrote:
> Hi,
> I would like to know if there is a Isomorphism between a serial number
> represented as a ASN1 and if I had that number in int?
> If it is true than i can just use most of the times the original ASN1
> as a unique id, instead of parsing it into a int value. (If I know
> they are from the same issuer & and that he does not give out two
> certs with the same serial number)

The ASN.1 INTEGER type may include integers which are wider or narrower
than the native int type (for example, has 296 bits wide). Thus, one
cannot substitute ASN1_INTEGER by int.

On the other hand, in the X.509 realm comparing ASN1_INTEGER is safe,
as the integer (by DER standard) it encoded in minimum number of octets.

Thus, if two ASN1_INTEGERs contains the same bytes (lengths are
equal and memcmp() over contents gives 0) they contain the same
integer value.

The reverse may not be true in real life. One way this comparison might
bite you is when the issue issues certificate with encoding violating
the DER requirements. For example, the ASN1_INTEGERs with octet
encodings "02" and "00 02" contain the same value 2, but these encodings
will in fact be different if you compare them with memcmp.
The latter ("00 02") is incorrect encoding, violating DER.

You might as well disregard such certificate as non-compliant.

Lev Walkin
__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager