From c5875cfc5a4aae3a9745d701d381b3aa2935ef73 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Wed, 16 Feb 2022 10:50:44 +0100
Subject: [PATCH] Detect if we are processing a plaintext alert

---
 src/internal.c | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index f2b992cff..6cc25040b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -16542,20 +16542,19 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type)
                           READ_PROTO, ssl->heap);
     #endif
 
-#ifndef WOLFSSL_AEAD_ONLY
-    if (ssl->specs.cipher_type == block) {
-        if (ssl->options.tls1_1)
-            ivExtra = ssl->specs.block_size;
-    }
-    else
-#endif
-    if (ssl->specs.cipher_type == aead) {
-        if (CipherHasExpIV(ssl))
-            ivExtra = AESGCM_EXP_IV_SZ;
-    }
-    dataSz -= ivExtra;
-
     if (IsEncryptionOn(ssl, 0)) {
+#ifndef WOLFSSL_AEAD_ONLY
+        if (ssl->specs.cipher_type == block) {
+            if (ssl->options.tls1_1)
+                ivExtra = ssl->specs.block_size;
+        }
+        else
+#endif
+        if (ssl->specs.cipher_type == aead) {
+            if (CipherHasExpIV(ssl))
+                ivExtra = AESGCM_EXP_IV_SZ;
+        }
+        dataSz -= ivExtra;
         dataSz -= ssl->keys.padSz;
     #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
         if (ssl->options.startedETMRead)