tls13: write_early_data: Add endpoint check

Return in error of the API is not called
from a client endpoint.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-02-21 13:39:14 +01:00
parent 24da9917a6
commit 49221900b0

View file

@ -6072,6 +6072,10 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
if (conf->endpoint != MBEDTLS_SSL_IS_CLIENT) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
if ((!mbedtls_ssl_conf_is_tls13_enabled(conf)) ||
(conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
(conf->early_data_enabled != MBEDTLS_SSL_EARLY_DATA_ENABLED)) {