From 54719122698ca2cc8d1753d422520161d1776521 Mon Sep 17 00:00:00 2001
From: Gabor Mezei <gabor.mezei@arm.com>
Date: Tue, 28 Jun 2022 11:34:56 +0200
Subject: [PATCH] Move switching to handshake transform after sending CCS
 record

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
---
 library/ssl_tls13_server.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index d50be5d53..29d4ffdf5 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1239,11 +1239,6 @@ static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl )
         return( ret );
     }
 
-    mbedtls_ssl_set_outbound_transform( ssl,
-                                        ssl->handshake->transform_handshake );
-    MBEDTLS_SSL_DEBUG_MSG(
-        3, ( "switching to handshake transform for outbound data" ) );
-
     return( ret );
 }
 
@@ -1407,6 +1402,11 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl )
     unsigned char *buf;
     size_t buf_len, msg_len;
 
+    mbedtls_ssl_set_outbound_transform( ssl,
+                                        ssl->handshake->transform_handshake );
+    MBEDTLS_SSL_DEBUG_MSG(
+        3, ( "switching to handshake transform for outbound data" ) );
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extensions" ) );
 
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,