Return an error from mbedtls_ssl_handshake_step() if neither client nor server
This prevents an infinite loop in mbedtls_ssl_handshake(). Fixes #6305.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 12e1c1b..5ea8afa 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3243,6 +3243,10 @@
if( ret != 0 )
goto cleanup;
+ /* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or
+ * MBEDTLS_SSL_IS_SERVER, this is the return code we give */
+ ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+
#if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
{