crypto/tls: Fix c.in.decrypt error handling.

readRecord was not returning early if c.in.decrypt failed and ran
through the rest of the function. It does set c.in.err, so the various
checks in the callers do ultimately notice before acting on the result,
but we should avoid running the rest of the function at all.

Also rename 'err' to 'alertValue' since it isn't actually an error.

Change-Id: I6660924716a85af704bd3fe81521b34766238695
Reviewed-on: https://go-review.googlesource.com/24709
Run-TryBot: Adam Langley <[email protected]>
TryBot-Result: Gobot Gobot <[email protected]>
Reviewed-by: Adam Langley <[email protected]>

Author: davidben

src/crypto/tls/conn.go

@@ -632,9 +632,10 @@ Again:
 
 	// Process message.
 	b, c.rawInput = c.in.splitBlock(b, recordHeaderLen+n)
-	ok, off, err := c.in.decrypt(b)
+	ok, off, alertValue := c.in.decrypt(b)
 	if !ok {
-		c.in.setErrorLocked(c.sendAlert(err))
+		c.in.freeBlock(b)
+		return c.in.setErrorLocked(c.sendAlert(alertValue))
 	}
 	b.off = off
 	data := b.data[b.off:]