From 97a287953ffc35a17cc67b5697e5856c623f8bb2 Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Mon, 18 Nov 2024 18:22:51 +0100 Subject: [PATCH] Document BAD_INPUT_DATA error in key material exporter Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 4 +++- library/ssl_tls.c | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 649dc75a7d..57669a4db5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5800,7 +5800,9 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, * this distinction. If use_context is 0 and TLS 1.3 is used, context and * context_len are ignored and a 0-length context is used. * - * \return 0 on success. An SSL specific error on failure. + * \return 0 on success. + * \return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if the handshake is not yet completed. + * \return An SSL-specific error on failure. */ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 32fbe132cd..0c3fc8415f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -10147,6 +10147,7 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, const int use_context) { if (!mbedtls_ssl_is_handshake_over(ssl)) { + /* TODO: Change this to a more appropriate error code when one is available. */ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; }