Fortunately, it's not giving a distinctive error, and always runs both the MAC and the decryption so timing won't distinguish, either. The big problem with this pattern is how disastrous it is in every other language (coupled with the lack of any rationale for decrypting on MAC failure).