From 605846cfd8bfcd26fda2f5c404dcf7084b6f2a6c Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Wed, 19 Dec 2018 15:56:01 +0630
Subject: [PATCH] don't queue a packet for later decryption of decryption
 already failed

This was an optimization in gQUIC, which relied on trial decryption. In
IETF QUIC, we know with certainty which keys were used to encrypt a
packet, so if decryption fails once, we are certain it will never
succeed.
---
 packet_unpacker.go      | 2 +-
 packet_unpacker_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packet_unpacker.go b/packet_unpacker.go
index 6fa82b22..58d1009f 100644
--- a/packet_unpacker.go
+++ b/packet_unpacker.go
@@ -99,7 +99,7 @@ func (u *packetUnpacker) Unpack(hdr *wire.Header, data []byte) (*unpackedPacket,
 
 	decrypted, err := opener.Open(buf, data, pn, extHdr.Raw)
 	if err != nil {
-		return nil, qerr.Error(qerr.DecryptionFailure, err.Error())
+		return nil, err
 	}
 
 	// Only do this after decrypting, so we are sure the packet is not attacker-controlled
diff --git a/packet_unpacker_test.go b/packet_unpacker_test.go
index bd968daa..8d7e73ee 100644
--- a/packet_unpacker_test.go
+++ b/packet_unpacker_test.go
@@ -147,7 +147,7 @@ var _ = Describe("Packet Unpacker", func() {
 		opener.EXPECT().DecryptHeader(gomock.Any(), gomock.Any(), gomock.Any())
 		opener.EXPECT().Open(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, errors.New("test err"))
 		_, err := unpacker.Unpack(hdr, hdrRaw)
-		Expect(err).To(MatchError(qerr.Error(qerr.DecryptionFailure, "test err")))
+		Expect(err).To(MatchError("test err"))
 	})
 
 	It("decrypts the header", func() {