Bound EVP_tls_cbc_digest_record at runtime.

This is redundant because these "AEAD"s are not meant to be used outside
of TLS, but since we've moved them into their own layer, they should
check internally.

Change-Id: Ieb3541b2e494902527c2bb56a816cef620cb237b
Reviewed-on: https://boringssl-review.googlesource.com/14310
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

crypto/cipher/tls_cbc.c

@@ -271,9 +271,13 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
    * the hash. */
   unsigned md_length_size = 8;
 
-  /* This is a, hopefully redundant, check that allows us to forget about
-   * many possible overflows later in this function. */
-  assert(data_plus_mac_plus_padding_size < 1024 * 1024);
+  /* Bound the acceptable input so we can forget about many possible overflows
+   * later in this function. This is redundant with the record size limits in
+   * TLS. */
+  if (data_plus_mac_plus_padding_size >= 1024 * 1024) {
+    assert(0);
+    return 0;
+  }
 
   switch (EVP_MD_type(md)) {
     case NID_sha1: