From 53d91685024d0e999cac045cdf30c63a9431b0b7 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 18 Nov 2024 18:22:51 +0100 Subject: [PATCH] Document BAD_INPUT_DATA error in key material exporter Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 4 +++- library/ssl_tls.c | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7304a3bfc0..a0e6074713 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5421,7 +5421,9 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * this distinction. If use_context is 0 and TLS 1.3 is used, context and * context_len are ignored and a 0-length context is used. * - * \return 0 on success. An SSL specific error on failure. + * \return 0 on success. + * \return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if the handshake is not yet completed. + * \return An SSL-specific error on failure. */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 46197c95ca..7ea8e3217e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9023,6 +9023,7 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, const int use_context) { if (!mbedtls_ssl_is_handshake_over(ssl)) { + /* TODO: Change this to a more appropriate error code when one is available. */ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; }