In the absence of feedback either way, commit the fix that looks right for

wrong keylength with export null ciphers.
author: Ben Laurie <ben@openssl.org> 1999-02-13 12:39:50 +0000
committer: Ben Laurie <ben@openssl.org> 1999-02-13 12:39:50 +0000
commit: 436d318c806003352b916f637ceb68f3bfde72de (patch)
tree: ffbfaaec1c18362a8379c33c66027133fa2f9538 /ssl/s3_enc.c
parent: be560e7b67fef773895b6321b55f2d1630ce7861 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index f498093ba0..c5c9a3be42 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -139,7 +139,7 @@ int which;
 	COMP_METHOD *comp;
 	EVP_MD *m;
 	MD5_CTX md;
-	int exp,n,i,j,k;
+	int exp,n,i,j,k,cl;
 
 	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
 	c=s->s3->tmp.new_sym_enc;
@@ -208,8 +208,9 @@ int which;
 
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
-	/* Should be 	j=exp?min(5,EVP_CIPHER_key_length(c)):EVP_CIPHER_key_length(c); ?? - Ben 30/12/98 */
-	j=(exp)?5:EVP_CIPHER_key_length(c);
+	cl=EVP_CIPHER_key_length(c);
+	j=exp ? (cl < 5 ? cl : 5) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
 		(which == SSL3_CHANGE_CIPHER_SERVER_READ))
author	Ben Laurie <ben@openssl.org>	1999-02-13 12:39:50 +0000
committer	Ben Laurie <ben@openssl.org>	1999-02-13 12:39:50 +0000
commit	436d318c806003352b916f637ceb68f3bfde72de (patch)
tree	ffbfaaec1c18362a8379c33c66027133fa2f9538 /ssl/s3_enc.c
parent	be560e7b67fef773895b6321b55f2d1630ce7861 (diff)