[xml] validating xmld:dsig schema with a large size serial number

[Jean-Marc Desperrier <xs04 jmdesp free org>]

Hi,

I found a limitation in libxml2 schema validation that is really 
annoying in the context of xml:dsig.
(after writing the first version of this bug, I found out it's already 
reported in bug 350248)
The xs:integer type is limited to handling at most 24 digit integers.
The trouble is that that the X509SerialNumber field in the xml dsig 
schema uses that type ( 
http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd ), and x509 
certificate serial number can have a size of up to 20 byte (in 
2-complement binary representation).

A generic solution to handle integers of any size would probably be 
hard, but would it be possible to have a work around just for that case 
? Currently, libxml2 hard codes the the size limit to 24 digits because 
it then stores the value in 3 long integer variables. Using 5 variables 
might be enough to handle the values X509SerialNumber will take.

What would be the consequences of removing the test for the 24 digits on 
a local instance of libxml2 ? Just making facets applied to integer 
larger than the limit buggy ?

I see Daniel complains in the bug that using integer for this field is 
just a bad choice, but the trouble is that it's in the xml:dsig norm, 
that has been accepted as a W3C Recommendation.
http://www.w3.org/TR/xmldsig-core/
I approve it's been badly conceived, another point that shows that is 
that almost all X509 experts don't understand why that field uses 
decimal, and think it should be using hexadecimal instead.