ITAR

If someone writes a piece of software, a networking layer, or anything else with support for later cryptographic enhancement but doesn't actually include the cryptographic implementation and it is later added by somebody outside of the United States does this fall under ITAR? In other words the original U.S. authors wrote the software with support for crypto, function hooks, etc. They didn't include any crypto at all. Somebody outside the United States uses these hooks and writes strong cryptography. These modifications are kept as patches and never exported from the U.S.. Is this allowed? What if the U.S. authors are actively collaborating with the non-US authors?