diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 32e2b16d7e..53d50f23c1 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -986,7 +986,7 @@ struct mbedtls_ssl_handshake_params
     mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
 #if defined(MBEDTLS_SSL_EARLY_DATA)
     mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
-    /** TLS 1.3 transform for 0-RTT application and handshake messages. */
+    /** TLS 1.3 transform for early data and handshake messages. */
     mbedtls_ssl_transform *transform_earlydata;
 #endif
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 8f2a74e87d..da4e5da35e 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1082,11 +1082,18 @@ static int ssl_tls13_get_cipher_key_info(
 }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-/* ssl_tls13_generate_early_keys() generates keys necessary for protecting the
-   early application and handshake messages described in section 7 RFC 8446. */
+/*
+ * ssl_tls13_generate_early_key() generates the key necessary for protecting
+ * the early application data and the EndOfEarlyData handshake message
+ * as described in section 7 of RFC 8446.
+ *
+ * NOTE: That only one key is generated, the key for the traffic from the
+ * client to the server. The TLS 1.3 specification does not define a secret
+ * and thus a key for server early traffic.
+ */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_generate_early_keys( mbedtls_ssl_context *ssl,
-                                          mbedtls_ssl_key_set *traffic_keys )
+static int ssl_tls13_generate_early_key( mbedtls_ssl_context *ssl,
+                                         mbedtls_ssl_key_set *traffic_keys )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -1104,7 +1111,7 @@ static int ssl_tls13_generate_early_keys( mbedtls_ssl_context *ssl,
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
     mbedtls_ssl_tls13_early_secrets *tls13_early_secrets = &handshake->tls13_early_secrets;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_tls13_generate_early_keys" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_tls13_generate_early_key" ) );
 
     ret = ssl_tls13_get_cipher_key_info( ciphersuite_info, &key_len, &iv_len );
     if( ret != 0 )
@@ -1170,16 +1177,15 @@ static int ssl_tls13_generate_early_keys( mbedtls_ssl_context *ssl,
         goto exit;
     }
 
-    MBEDTLS_SSL_DEBUG_BUF( 5, "client_handshake write_key",
+    MBEDTLS_SSL_DEBUG_BUF( 4, "client early write_key",
                            traffic_keys->client_write_key,
                            traffic_keys->key_len);
 
-    MBEDTLS_SSL_DEBUG_BUF( 5, "client_handshake write_iv",
+    MBEDTLS_SSL_DEBUG_BUF( 4, "client early write_iv",
                            traffic_keys->client_write_iv,
                            traffic_keys->iv_len);
 
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_tls13_generate_early_keys" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_tls13_generate_early_key" ) );
 
 exit:
 
@@ -1195,10 +1201,10 @@ int mbedtls_ssl_tls13_compute_early_transform( mbedtls_ssl_context *ssl )
 
     /* Next evolution in key schedule: Establish early_data secret and
      * key material. */
-    ret = ssl_tls13_generate_early_keys( ssl, &traffic_keys );
+    ret = ssl_tls13_generate_early_key( ssl, &traffic_keys );
     if( ret != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_generate_early_keys",
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_generate_early_key",
                                ret );
         goto cleanup;
     }
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 5d9b570ac1..fc64737cd3 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -676,9 +676,13 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl,
  * \returns    \c 0 on success.
  * \returns    A negative error code on failure.
  *
- * \warning   `early_secrets` is not computed before this function. Call
- *            mbedtls_ssl_tls13_key_schedule_stage_early() to generate early
- *            secrets.
+ * \warning    The function does not compute the early master secret. Call
+ *             mbedtls_ssl_tls13_key_schedule_stage_early() before to
+ *             call this function to generate the early master secret.
+ * \note       For a client/server endpoint, the function computes only the
+ *             encryption/decryption part of the transform as the decryption/
+ *             encryption part is not defined by the specification (no early
+ *             traffic from the server to the client).
  */
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_tls13_compute_early_transform( mbedtls_ssl_context *ssl );