From 2a2b5133a5ecf2bce11398e17b0ebbe90fa35e99 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Thu, 30 Sep 2010 16:50:37 -0400
Subject: [PATCH 034/150] - ensure that when we encode a bit string, the
 length is right

---
 src/plugins/preauth/pkinit/pkinit_crypto_nss.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 5ccb475..96ef222 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -389,6 +389,9 @@ secitem_to_dh_pubval(SECItem *item, unsigned char **out, unsigned int *len)
 		return ENOMEM;
 	}
 	memset(&bits, 0, sizeof(bits));
+	/* Whenever encoding a bit string, NSS expects the length to be
+	 * measured in bits. */
+	uinteger.len *= 8;
 	if (SEC_ASN1EncodeItem(pool, &bits, &uinteger,
 			       SEC_BitStringTemplate) != &bits) {
 		PORT_FreeArena(pool, PR_TRUE);
-- 
1.7.6.4