Fix c.in.decrypt error handling in runner.
Part of this was we messed up the TLS 1.3 logic slightly, though the
root bug is https://go-review.googlesource.com/#/c/24709/.
Change-Id: I0a99b935f0e9a9c8edd5aa6cc56f3b2cb594703b
Reviewed-on: https://boringssl-review.googlesource.com/8583
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 6c127e6..551c6bc 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -765,17 +765,18 @@
// Process message.
b, c.rawInput = c.in.splitBlock(b, recordHeaderLen+n)
- ok, off, encTyp, err := c.in.decrypt(b)
+ ok, off, encTyp, alertValue := c.in.decrypt(b)
+ if !ok {
+ return 0, nil, c.in.setErrorLocked(c.sendAlert(alertValue))
+ }
+ b.off = off
+
if c.vers >= VersionTLS13 && c.in.cipher != nil {
if typ != recordTypeApplicationData {
return 0, nil, c.in.setErrorLocked(fmt.Errorf("tls: outer record type is not application data"))
}
typ = encTyp
}
- if !ok {
- c.in.setErrorLocked(c.sendAlert(err))
- }
- b.off = off
return typ, b, nil
}