Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: tlyu@mit.edu Subject: SVN Commit RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 1565 Pull up r25725 from trunk, along with backport of r25703. ------------------------------------------------------------------------ r25725 | tlyu | 2012-03-02 17:24:38 -0500 (Fri, 02 Mar 2012) | 4 lines ticket: 7092 Add test cases for Windows RODC kvno compatibility ------------------------------------------------------------------------ r25703 | ghudson | 2012-02-21 13:57:44 -0500 (Tue, 21 Feb 2012) | 15 lines ticket: 7092 subject: kvno ASN.1 encoding interop with Windows RODCs RFC 4120 defines the EncryptedData kvno field as an integer in the range of unsigned 32-bit numbers. Windows encodes and decodes the field as a signed 32-bit integer. Historically we do the same in our encoder in 1.6 and prior, and in our decoder through 1.10. (Actually, our decoder through 1.10 decoded the value as a long and then cast the result to unsigned int, so it would accept positive values >= 2^31 on 64-bit platforms but not on 32-bit platforms.) kvno values that large (or negative) are only likely to appear in the context of Windows read-only domain controllers. So do what Windows does instead of what RFC 4120 says. https://github.com/krb5/krb5/commit/adda449cadb58f6ab9aee5a9a15ee2b0d6702e8c Commit By: tlyu Revision: 25739 Changed Files: U branches/krb5-1-10/src/lib/krb5/asn.1/asn1_k_encode.c U branches/krb5-1-10/src/tests/asn.1/krb5_decode_test.c U branches/krb5-1-10/src/tests/asn.1/krb5_encode_test.c U branches/krb5-1-10/src/tests/asn.1/reference_encode.out U branches/krb5-1-10/src/tests/asn.1/trval_reference.out