openssl/openssl-CVE-2013-0169.7.patch

From 3cdaca2436643908863c6a62918b0d9703477655 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Fri, 1 Feb 2013 09:55:43 +0100
Subject: [PATCH] ssl/s3_cbc.c: uint64_t portability fix.

Break dependency on uint64_t. It's possible to declare bits as
unsigned int, because TLS packets are limited in size and 32-bit
value can't overflow.
(cherry picked from commit cab13fc8473856a43556d41d8dac5605f4ba1f91)
---
 ssl/s3_cbc.c |   17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 6c5d43e..a2995c0 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -53,8 +53,6 @@
  *
  */
 
-#include <stdint.h>
-
 #include "ssl_locl.h"
 
 #include <openssl/md5.h>
@@ -419,7 +417,7 @@ void ssl3_cbc_digest_record(
 	unsigned sslv3_pad_length = 40, header_length, variance_blocks,
 		 len, max_mac_bytes, num_blocks,
 		 num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
-	uint64_t bits;
+	unsigned int bits;	/* at most 18 bits */
 	unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
 	/* hmac_pad is the masked HMAC key. */
 	unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
@@ -579,14 +577,11 @@ void ssl3_cbc_digest_record(
 		md_transform(md_state, hmac_pad);
 		}
 
-	j = 0;
-	if (md_length_size == 16)
-		{
-		memset(length_bytes, 0, 8);
-		j = 8;
-		}
-	for (i = 0; i < 8; i++)
-		length_bytes[i+j] = bits >> (8*(7-i));
+	memset(length_bytes,0,md_length_size-4);
+	length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
+	length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
+	length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
+	length_bytes[md_length_size-1] = (unsigned char)bits;
 
 	if (k > 0)
 		{
-- 
1.7.9.5