Google Git
Sign in
boringssl/boringssl.git/ff26f09a059dc45337b3e20517960a86e2682165^!/./ssl/test/runner/conn.go
commit
ff26f09a059dc45337b3e20517960a86e2682165
[log]
author
David Benjamin <davidben@google.com>
Fri Jul 01 16:13:42 2016 -0400
committer
Adam Langley <agl@google.com>
Thu Jul 07 17:28:36 2016 +0000
tree
267cf789c601491cb7813bee5691b9386bd3eb98
parent
95c69563dc5422c3b3cd3a0bf435944a7530a12d [diff] [blame]
Fix c.in.decrypt error handling in runner.

Part of this was we messed up the TLS 1.3 logic slightly, though the
root bug is https://go-review.googlesource.com/#/c/24709/.

Change-Id: I0a99b935f0e9a9c8edd5aa6cc56f3b2cb594703b
Reviewed-on: https://boringssl-review.googlesource.com/8583
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 6c127e6..551c6bc 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go

@@ -765,17 +765,18 @@
 
 	// Process message.
 	b, c.rawInput = c.in.splitBlock(b, recordHeaderLen+n)
-	ok, off, encTyp, err := c.in.decrypt(b)
+	ok, off, encTyp, alertValue := c.in.decrypt(b)
+	if !ok {
+		return 0, nil, c.in.setErrorLocked(c.sendAlert(alertValue))
+	}
+	b.off = off
+
 	if c.vers >= VersionTLS13 && c.in.cipher != nil {
 		if typ != recordTypeApplicationData {
 			return 0, nil, c.in.setErrorLocked(fmt.Errorf("tls: outer record type is not application data"))
 		}
 		typ = encTyp
 	}
-	if !ok {
-		c.in.setErrorLocked(c.sendAlert(err))
-	}
-	b.off = off
 	return typ, b, nil
 }