Force DTLS 1.3 when accepting fragmented CH

src/dtls.c

@@ -882,7 +882,7 @@ static int ClientHelloSanityCheck(WolfSSL_CH* ch, byte isTls13)
 }
 
 int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
-        byte isFirstCHFrag)
+        byte isFirstCHFrag, byte* tls13)
 {
     int ret;
     WolfSSL_CH ch;
@@ -897,6 +897,8 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
                 "WOLFSSL_DTLS_CH_FRAG is not defined. This should not happen.");
 #endif
     }
+    if (tls13 != NULL)
+        *tls13 = 0;
 
     XMEMSET(&ch, 0, sizeof(ch));
 
@@ -910,6 +912,8 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz,
         ret = TlsCheckSupportedVersion(ssl, &ch, &isTls13);
         if (ret != 0)
             return ret;
+        if (tls13 != NULL)
+            *tls13 = isTls13;
         if (isTls13) {
             int tlsxFound;
             ret = FindExtByType(&ch.cookieExt, TLSX_COOKIE, ch.extension,

src/dtls13.c

@@ -1661,10 +1661,12 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size,
 
     if (!isComplete && !Dtls13AcceptFragmented(ssl, handshakeType)) {
 #ifdef WOLFSSL_DTLS_CH_FRAG
+        byte tls13 = 0;
         /* check if the first CH fragment contains a valid cookie */
         if (ssl->options.dtls13ChFrag && !ssl->options.dtlsStateful &&
                 isFirst && handshakeType == client_hello &&
-                DoClientHelloStateless(ssl, input + idx, fragLength, 1) == 0) {
+                DoClientHelloStateless(ssl, input + idx, fragLength, 1, &tls13)
+                    == 0 && tls13) {
             /* We can save this message and continue as stateful. */
             if (ssl->chGoodCb != NULL && !IsSCR(ssl)) {
                 int cbret = ssl->chGoodCb(ssl, ssl->chGoodCtx);

src/internal.c

@@ -34802,7 +34802,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl) &&
                 !ssl->options.dtlsStateful) {
             DtlsSetSeqNumForReply(ssl);
-            ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0);
+            ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0,
+                    NULL);
             if (ret != 0 || !ssl->options.dtlsStateful) {
                 int alertType = TranslateErrorToAlert(ret);
                 if (alertType != invalid_alert) {

src/tls13.c

@@ -6653,7 +6653,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
      * wolfSSL_accept_TLSv13 when changing this one. */
     if (IsDtlsNotSctpMode(ssl) && ssl->options.sendCookie &&
             !ssl->options.dtlsStateful) {
-        ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0);
+        ret = DoClientHelloStateless(ssl, input + *inOutIdx, helloSz, 0, NULL);
         if (ret != 0 || !ssl->options.dtlsStateful) {
             *inOutIdx += helloSz;
             goto exit_dch;

wolfssl/internal.h

@@ -6273,7 +6273,7 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
 
 #if !defined(NO_WOLFSSL_SERVER)
     WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl,
-            const byte* input, word32 helloSz, byte isFirstCHFrag);
+            const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13);
 #endif /* !defined(NO_WOLFSSL_SERVER) */
 #endif /* WOLFSSL_DTLS */