In the absence of feedback either way, commit the fix that looks right for

wrong keylength with export null ciphers.

CHANGES

@@ -5,6 +5,10 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Correct caclulation of key length for export ciphers (too much space was
+     allocated for null ciphers). This has not been tested!
+     [Ben Laurie]
+
   *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
      message is now correct (it understands "crypto" and "ssl" on its
      command line). There is also now an "update" option. This will update

ssl/s3_enc.c

@@ -139,7 +139,7 @@ int which;
 	COMP_METHOD *comp;
 	EVP_MD *m;
 	MD5_CTX md;
-	int exp,n,i,j,k;
+	int exp,n,i,j,k,cl;
 
 	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
 	c=s->s3->tmp.new_sym_enc;
@@ -208,8 +208,9 @@ int which;
 
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
-	/* Should be 	j=exp?min(5,EVP_CIPHER_key_length(c)):EVP_CIPHER_key_length(c); ?? - Ben 30/12/98 */
-	j=(exp)?5:EVP_CIPHER_key_length(c);
+	cl=EVP_CIPHER_key_length(c);
+	j=exp ? (cl < 5 ? cl : 5) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
 		(which == SSL3_CHANGE_CIPHER_SERVER_READ))

ssl/t1_enc.c

@@ -177,7 +177,7 @@ int which;
 	EVP_CIPHER *c;
 	COMP_METHOD *comp;
 	EVP_MD *m;
-	int exp,n,i,j,k,exp_label_len;
+	int exp,n,i,j,k,exp_label_len,cl;
 
 	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
 	c=s->s3->tmp.new_sym_enc;
@@ -244,7 +244,9 @@ int which;
 
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
-	j=(exp)?5:EVP_CIPHER_key_length(c);
+	cl=EVP_CIPHER_key_length(c);
+	j=exp ? (cl < 5 ? cl : 5) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	er1= &(s->s3->client_random[0]);
 	er2= &(s->s3->server_random[0]);