Correctly check for export size limit

        }

        }

    }

    }

    /* /8 because it's 1024 bits we look for, not bytes */

    if (EVP_PKEY_size(pk) <= 1024 / 8)

        ret |= EVP_PKT_EXP;

    if (pkey == NULL)

    if (pkey == NULL)

        EVP_PKEY_free(pk);

        EVP_PKEY_free(pk);

    return (ret);

    return (ret);

# define EVP_PKS_RSA     0x0100

# define EVP_PKS_RSA     0x0100

# define EVP_PKS_DSA     0x0200

# define EVP_PKS_DSA     0x0200

# define EVP_PKS_EC      0x0400

# define EVP_PKS_EC      0x0400

# define EVP_PKT_EXP     0x1000 /* <= 512 bit key */

# define EVP_PKEY_NONE   NID_undef

# define EVP_PKEY_NONE   NID_undef

# define EVP_PKEY_RSA    NID_rsaEncryption

# define EVP_PKEY_RSA    NID_rsaEncryption

    int i, idx;

    int i, idx;

    long alg_k, alg_a;

    long alg_k, alg_a;

    EVP_PKEY *pkey = NULL;

    EVP_PKEY *pkey = NULL;

    int pkey_bits;

    SESS_CERT *sc;

    SESS_CERT *sc;

#ifndef OPENSSL_NO_RSA

#ifndef OPENSSL_NO_RSA

    RSA *rsa;

    RSA *rsa;

    }

    }

#endif

#endif

    pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);

    pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);

    pkey_bits = EVP_PKEY_bits(pkey);

    i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);

    i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);

    EVP_PKEY_free(pkey);

    EVP_PKEY_free(pkey);

# endif

# endif

#endif

#endif

    if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) {

    if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&

        pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {

#ifndef OPENSSL_NO_RSA

#ifndef OPENSSL_NO_RSA

        if (alg_k & SSL_kRSA) {

        if (alg_k & SSL_kRSA) {

            if (rsa == NULL

            if (rsa == NULL