Topic: encrypted handshake message

Hey all,
could anyone please point me to where in sniffer application the validation of the encrypted handshake message is performed? I tempered a bit with the library and noticed that theoretically, even if the key derivation process fails (meaning, a wrong key is derived in the ProcessClientKeyExchange function), the sniffer application will still attempt on decrypting the session the session (unsuccessfully of course)...