commit 97a287953ffc35a17cc67b5697e5856c623f8bb2
author Max Fillinger <maximilian.fillinger@foxcrypto.com> Mon Nov 18 18:22:51 2024 +0100
committer Max Fillinger <maximilian.fillinger@foxcrypto.com> Wed Apr 16 11:24:50 2025 +0200
tree f4ab87f427b76b37a978f563eaf6c8493d04432d
parent c361064dee6d27ff91e14b5259493bd7d76181ae

Document BAD_INPUT_DATA error in key material exporter

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 649dc75..57669a4 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -5800,7 +5800,9 @@
  *       this distinction. If use_context is 0 and TLS 1.3 is used, context and
  *       context_len are ignored and a 0-length context is used.
  *
- * \return            0 on success. An SSL specific error on failure.
+ * \return            0 on success.
+ * \return            MBEDTLS_ERR_SSL_BAD_INPUT_DATA if the handshake is not yet completed.
+ * \return            An SSL-specific error on failure.
  */
 int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,
                                        uint8_t *out, const size_t key_len,

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 32fbe13..0c3fc84 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -10147,6 +10147,7 @@
                                        const int use_context)
 {
     if (!mbedtls_ssl_is_handshake_over(ssl)) {
+        /* TODO: Change this to a more appropriate error code when one is available. */
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }