In the absence of feedback either way, commit the fix that looks right for

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index f498093ba024d9fe4784c57f67c1aca32d0cb458..c5c9a3be429941e3a3a2fc0cbe5c24cd150c3b8c 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -139,7 +139,7 @@ int which;
        COMP_METHOD *comp;
        EVP_MD *m;
        MD5_CTX md;
-       int exp,n,i,j,k;
+       int exp,n,i,j,k,cl;
 
        exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
        c=s->s3->tmp.new_sym_enc;
@@ -208,8 +208,9 @@ int which;
 
        p=s->s3->tmp.key_block;
        i=EVP_MD_size(m);
-       /* Should be    j=exp?min(5,EVP_CIPHER_key_length(c)):EVP_CIPHER_key_length(c); ?? - Ben 30/12/98 */
-       j=(exp)?5:EVP_CIPHER_key_length(c);
+       cl=EVP_CIPHER_key_length(c);
+       j=exp ? (cl < 5 ? cl : 5) : cl;
+       /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
        k=EVP_CIPHER_iv_length(c);
        if (    (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
                (which == SSL3_CHANGE_CIPHER_SERVER_READ))