From 0c74e18eaf17018cc847cdccc0e32e6bda6ef0ff Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 10 Aug 2021 16:32:41 -0700
Subject: [PATCH] Fix early data max size handling. Fixes issue with size
 checking around `wolfSSL_CTX_set_max_early_data` and
 `wolfSSL_set_max_early_data`, which was checking against the padded size.
 Also was adding to the `earlyDataSz` and checking against it with un-padded
 data size. ZD 12632.

---
 src/internal.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 6d38b5e34..5262027c0 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -15838,20 +15838,15 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
         int process = 0;
 
         if (ssl->options.side == WOLFSSL_SERVER_END) {
-            ssl->earlyDataSz += ssl->curSize;
             if ((ssl->earlyData != no_early_data) &&
                           (ssl->options.clientState == CLIENT_HELLO_COMPLETE)) {
                 process = 1;
             }
-            if (!process && (ssl->earlyDataSz <= ssl->options.maxEarlyDataSz)) {
+            if (!process) {
                 WOLFSSL_MSG("Ignoring EarlyData!");
                 *inOutIdx = ssl->buffers.inputBuffer.length;
                 return 0;
             }
-            if (ssl->earlyDataSz > ssl->options.maxEarlyDataSz) {
-                WOLFSSL_MSG("Too much EarlyData!");
-                process = 0;
-            }
         }
         if (!process) {
             WOLFSSL_MSG("Received App data before a handshake completed");