Fix the alias checks in dtls_record.c.
I forgot to save this file.
Change-Id: I8540839fac2a7f426aebd7f2cb85baba337efd37
Reviewed-on: https://boringssl-review.googlesource.com/8234
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/dtls_record.c b/ssl/dtls_record.c
index 76ae8e5..e784e55 100644
--- a/ssl/dtls_record.c
+++ b/ssl/dtls_record.c
@@ -118,6 +118,7 @@
#include <openssl/err.h>
#include "internal.h"
+#include "../crypto/internal.h"
/* to_u64_be treats |in| as a 8-byte big-endian integer and returns the value as
@@ -251,6 +252,11 @@
int dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
uint8_t type, const uint8_t *in, size_t in_len,
enum dtls1_use_epoch_t use_epoch) {
+ if (buffers_alias(in, in_len, out, max_out)) {
+ OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT);
+ return 0;
+ }
+
/* Determine the parameters for the current epoch. */
uint16_t epoch = ssl->d1->w_epoch;
SSL_AEAD_CTX *aead = ssl->s3->aead_write_ctx;
@@ -268,12 +274,6 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
return 0;
}
- /* Check the record header does not alias any part of the input.
- * |SSL_AEAD_CTX_seal| will internally enforce other aliasing requirements. */
- if (in < out + DTLS1_RT_HEADER_LENGTH && out < in + in_len) {
- OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT);
- return 0;
- }
out[0] = type;