Skip to content

Fix aead negotation failure response#474

Merged
davidv1992 merged 3 commits intomainfrom
fix-disagreement-responses
Mar 26, 2026
Merged

Fix aead negotation failure response#474
davidv1992 merged 3 commits intomainfrom
fix-disagreement-responses

Conversation

@davidv1992
Copy link
Copy Markdown
Member

@davidv1992 davidv1992 commented Mar 12, 2026

We used to return the same response for aead negotiation failures, as we did for next protocol negotiation failures. This makes those responses different.

As a side-effect, the error reporting for similar failures during monitoring is also improved.

Closes #408

@codecov
Copy link
Copy Markdown

codecov Bot commented Mar 12, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 95.34884% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 70.67%. Comparing base (bc3afde) to head (c8d3796).
⚠️ Report is 8 commits behind head on main.

Files with missing lines Patch % Lines
nts-pool-monitor/src/nts.rs 0.00% 4 Missing ⚠️
nts-pool-ke/src/pool_ke.rs 98.44% 2 Missing ⚠️
pool-nts/src/lib.rs 94.87% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #474      +/-   ##
==========================================
+ Coverage   70.32%   70.67%   +0.35%     
==========================================
  Files          68       68              
  Lines       14569    14732     +163     
==========================================
+ Hits        10245    10412     +167     
+ Misses       4324     4320       -4
Flag Coverage Δ
beta 70.90% <95.34%> (+0.34%) ⬆️
fuzz 60.48% <11.11%> (-1.13%) ⬇️
fuzz-client_request 35.39% <0.00%> (-1.13%) ⬇️
fuzz-key_exchange_response 40.66% <11.11%> (-1.11%) ⬇️
fuzz-record 35.28% <0.00%> (-0.66%) ⬇️
fuzz-server_information_response 24.51% <0.00%> (-0.93%) ⬇️
msrv 70.57% <95.34%> (+0.34%) ⬆️
stable 70.88% <95.34%> (+0.31%) ⬆️
test 70.60% <95.34%> (+0.35%) ⬆️
x86_64-unknown-linux-gnu 70.60% <95.34%> (+0.35%) ⬆️
x86_64-unknown-linux-musl 70.87% <95.34%> (+0.30%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@squell squell self-assigned this Mar 23, 2026
squell
squell reviewed Mar 23, 2026
View reviewed changes
Comment thread nts-pool-ke/src/pool_ke.rs
client_request: &ClientRequest<'_>,
server: &S::Server<'_>,
) -> Result<Option<(ProtocolId, AlgorithmDescription)>, PoolError> {
) -> Result<SelectionOutcome, PoolError> {
Copy link
Copy Markdown
Member

@squell squell Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would there be a benefit in using Result<Result<(ProtocolId, AlgorithmDecription), NegotiationError>, PoolError>?

@squell
Copy link
Copy Markdown
Member

squell commented Mar 23, 2026

This fixes the issue:


$ ./demo localhost 256_GCM_SIV
GnuTLS: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA512)-(AES-256-GCM)
NTS error: NO_AEAD (read: 14 bytes)

@squell squell removed their assignment Mar 23, 2026
@davidv1992 davidv1992 added this pull request to the merge queue Mar 23, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Mar 23, 2026
@davidv1992 davidv1992 added this pull request to the merge queue Mar 26, 2026
Merged via the queue into main with commit f42b283 Mar 26, 2026
16 checks passed
@davidv1992 davidv1992 deleted the fix-disagreement-responses branch March 26, 2026 14:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@squell squell squell approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

KELB always returns NO_PROTOCOL on negotiation failure

2 participants

@davidv1992 @squell