From 4997138a0687f0468e3ca70a81ad80a3ee864ffd Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Wed, 21 Apr 1999 13:24:58 +0000
Subject: [PATCH] Fix DES export ciphersuites.

---
 CHANGES        | 7 ++++++-
 ssl/ssl_locl.h | 3 ++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index daebe649e6..602165cd49 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,12 +5,17 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
+     8 of keying material. Merlin has also confirmed interop with this fix
+     between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
+     [Merlin Hughes <merlin@baltimore.ie>]
+
   *) Fix lots of warnings.
      [Richard Levitte <levitte@stacken.kth.se>]
  
   *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
      the directory spec didn't end with a LIST_SEPARATOR_CHAR.
-	 [Richard Levitte <levitte@stacken.kth.se>]
+     [Richard Levitte <levitte@stacken.kth.se>]
  
   *) Fix problems with sizeof(long) == 8.
      [Andy Polyakov <appro@fy.chalmers.se>]
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 870dcf27de..b5f25588fd 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -201,7 +201,8 @@
 #define SSL_C_IS_EXPORT(c)	SSL_IS_EXPORT((c)->algorithms)
 #define SSL_C_IS_EXPORT56(c)	SSL_IS_EXPORT56((c)->algorithms)
 #define SSL_C_IS_EXPORT40(c)	SSL_IS_EXPORT40((c)->algorithms)
-#define SSL_EXPORT_KEYLENGTH(a)	(SSL_IS_EXPORT40(a) ? 5 : 7)
+#define SSL_EXPORT_KEYLENGTH(a)	(SSL_IS_EXPORT40(a) ? 5 : \
+				 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
 #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
 #define SSL_C_EXPORT_KEYLENGTH(c)	SSL_EXPORT_KEYLENGTH((c)->algorithms)
 #define SSL_C_EXPORT_PKEYLENGTH(c)	SSL_EXPORT_PKEYLENGTH((c)->algorithms)
-- 
GitLab