commit 53d91685024d0e999cac045cdf30c63a9431b0b7
author Max Fillinger <maximilian.fillinger@foxcrypto.com> Mon Nov 18 18:22:51 2024 +0100
committer Max Fillinger <maximilian.fillinger@foxcrypto.com> Fri Mar 28 17:08:12 2025 +0100
tree 79bbe1e5f3a5699bc4403c383db36450ed03044c
parent d23579c746b636160f2ca0cd251da4705b22236f

Document BAD_INPUT_DATA error in key material exporter

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 7304a3b..a0e6074 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -5421,7 +5421,9 @@
  *       this distinction. If use_context is 0 and TLS 1.3 is used, context and
  *       context_len are ignored and a 0-length context is used.
  *
- * \return            0 on success. An SSL specific error on failure.
+ * \return            0 on success.
+ * \return            MBEDTLS_ERR_SSL_BAD_INPUT_DATA if the handshake is not yet completed.
+ * \return            An SSL-specific error on failure.
  */
 int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,
                                        uint8_t *out, const size_t key_len,

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 46197c9..7ea8e32 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -9023,6 +9023,7 @@
                                        const int use_context)
 {
     if (!mbedtls_ssl_is_handshake_over(ssl)) {
+        /* TODO: Change this to a more appropriate error code when one is available. */
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }