From 436d318c806003352b916f637ceb68f3bfde72de Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Sat, 13 Feb 1999 12:39:50 +0000
Subject: [PATCH] In the absence of feedback either way, commit the fix that
 looks right for wrong keylength with export null ciphers.

---
 CHANGES      | 4 ++++
 ssl/s3_enc.c | 7 ++++---
 ssl/t1_enc.c | 6 ++++--
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 697252b160..c6b9e894fe 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Correct caclulation of key length for export ciphers (too much space was
+     allocated for null ciphers). This has not been tested!
+     [Ben Laurie]
+
   *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
      message is now correct (it understands "crypto" and "ssl" on its
      command line). There is also now an "update" option. This will update
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index f498093ba0..c5c9a3be42 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -139,7 +139,7 @@ int which;
 	COMP_METHOD *comp;
 	EVP_MD *m;
 	MD5_CTX md;
-	int exp,n,i,j,k;
+	int exp,n,i,j,k,cl;
 
 	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
 	c=s->s3->tmp.new_sym_enc;
@@ -208,8 +208,9 @@ int which;
 
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
-	/* Should be 	j=exp?min(5,EVP_CIPHER_key_length(c)):EVP_CIPHER_key_length(c); ?? - Ben 30/12/98 */
-	j=(exp)?5:EVP_CIPHER_key_length(c);
+	cl=EVP_CIPHER_key_length(c);
+	j=exp ? (cl < 5 ? cl : 5) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
 		(which == SSL3_CHANGE_CIPHER_SERVER_READ))
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 893c0bc73b..ac9da4da3a 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -177,7 +177,7 @@ int which;
 	EVP_CIPHER *c;
 	COMP_METHOD *comp;
 	EVP_MD *m;
-	int exp,n,i,j,k,exp_label_len;
+	int exp,n,i,j,k,exp_label_len,cl;
 
 	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
 	c=s->s3->tmp.new_sym_enc;
@@ -244,7 +244,9 @@ int which;
 
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
-	j=(exp)?5:EVP_CIPHER_key_length(c);
+	cl=EVP_CIPHER_key_length(c);
+	j=exp ? (cl < 5 ? cl : 5) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	er1= &(s->s3->client_random[0]);
 	er2= &(s->s3->server_random[0]);
-- 
2.25.1