From 5a4dfc1a29c7338f96a568370822f7e01a76cdd5 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Thu, 14 Jan 2021 09:44:09 +1000
Subject: [PATCH] Don't set encrypt side if sending early data

Make check to see if early data has been or is going to be sent.
Last message encrypted with this key is EndOfEarlyData message.
---
 src/tls13.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/tls13.c b/src/tls13.c
index 08ea1fd5a..8af7c41b3 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -7190,6 +7190,13 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                         ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) {
                     return ret;
                 }
+        #ifdef WOLFSSL_EARLY_DATA
+                if (ssl->earlyData != no_early_data) {
+                    if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
+                        return ret;
+                }
+                else
+        #endif
                 if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0)
                     return ret;
             }