From 49221900b0c8edd214902014281203f297290fbb Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 21 Feb 2024 13:39:14 +0100
Subject: [PATCH] tls13: write_early_data: Add endpoint check

Return in error of the API is not called
from a client endpoint.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/ssl_msg.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index f3bb323605..68f5cf10d6 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -6072,6 +6072,10 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
     }
 
+    if (conf->endpoint != MBEDTLS_SSL_IS_CLIENT) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+
     if ((!mbedtls_ssl_conf_is_tls13_enabled(conf)) ||
         (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) ||
         (conf->early_data_enabled != MBEDTLS_SSL_EARLY_DATA_ENABLED)) {