tls13: write_early_data: Add endpoint check
Return in error of the API is not called
from a client endpoint.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index f3bb323..68f5cf1 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -6072,6 +6072,10 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
+ if (conf->endpoint != MBEDTLS_SSL_IS_CLIENT) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+
if ((!mbedtls_ssl_conf_is_tls13_enabled(conf)) ||
(conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
(conf->early_data_enabled != MBEDTLS_SSL_EARLY_DATA_ENABLED)) {