diff --git a/CMakeLists.txt b/CMakeLists.txt
index aac2062d2..5de61e5a7 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -266,6 +266,25 @@ if("${FIPS_VERSION}" STREQUAL "v1")
override_cache(WOLFSSL_TLS13 "no")
endif()
+# DTLS v1.3
+add_option("WOLFSSL_DTLS13"
+ "Enable wolfSSL DTLS v1.3 (default: disabled)"
+ "no" "yes;no")
+
+if(WOLFSSL_DTLS13)
+ if (NOT WOLFSSL_DTLS)
+ message(FATAL_ERROR "DTLS13 requires DTLS")
+ endif()
+ if (NOT WOLFSSL_TLS13)
+ message(FATAL_ERROR "DTLS13 requires TLS13")
+ endif()
+ list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS13")
+
+ if (WOLFSSL_AES)
+ list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_DIRECT")
+ endif()
+endif()
+
# Post-handshake authentication
add_option("WOLFSSL_POSTAUTH"
"Enable wolfSSL Post-handshake Authentication (default: disabled)"
@@ -1870,6 +1889,7 @@ if(WOLFSSL_EXAMPLES)
tests/hash.c
tests/srp.c
tests/suites.c
+ tests/w64wrapper.c
tests/unit.c
examples/server/server.c
examples/client/client.c)
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index f7a23dd18..1de003294 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -307,6 +307,8 @@
+
+
diff --git a/IDE/WIN10/wolfssl-fips.vcxproj b/IDE/WIN10/wolfssl-fips.vcxproj
index c88fea693..7f7f2adaa 100644
--- a/IDE/WIN10/wolfssl-fips.vcxproj
+++ b/IDE/WIN10/wolfssl-fips.vcxproj
@@ -278,6 +278,7 @@
+
diff --git a/cmake/functions.cmake b/cmake/functions.cmake
index 3e63810a1..3c839ce37 100644
--- a/cmake/functions.cmake
+++ b/cmake/functions.cmake
@@ -41,6 +41,9 @@ function(generate_build_flags)
if(WOLFSSL_TLS13 OR WOLFSSL_USER_SETTINGS)
set(BUILD_TLS13 "yes" PARENT_SCOPE)
endif()
+ if(WOLFSSL_DTLS13 OR WOLFSSL_USER_SETTINGS)
+ set(BUILD_DTLS13 "yes" PARENT_SCOPE)
+ endif()
if(WOLFSSL_RNG OR WOLFSSL_USER_SETTINGS)
set(BUILD_RNG "yes" PARENT_SCOPE)
endif()
@@ -812,6 +815,10 @@ function(generate_lib_src_list LIB_SOURCES)
list(APPEND LIB_SOURCES src/tls13.c)
endif()
+ if(BUILD_DTLS13)
+ list(APPEND LIB_SOURCES src/dtls13.c)
+ endif()
+
if(BUILD_OCSP)
list(APPEND LIB_SOURCES src/ocsp.c)
endif()
diff --git a/configure.ac b/configure.ac
index 8a6657e86..8deaaa4c2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -876,7 +876,6 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_MTU"
fi
-
# TLS v1.3 Draft 18 (Note: only final TLS v1.3 supported, here for backwards build compatibility)
AC_ARG_ENABLE([tls13-draft18],
[AS_HELP_STRING([--enable-tls13-draft18],[Enable wolfSSL TLS v1.3 Draft 18 (default: disabled)])],
@@ -3513,6 +3512,23 @@ else
fi
fi
+# DTLSv1.3
+AC_ARG_ENABLE([dtls13],
+ [AS_HELP_STRING([--enable-dtls13],[Enable wolfSSL DTLS v1.3 (default: disabled)])],
+ [ ENABLED_DTLS13=$enableval ],
+ [ ENABLED_DTLS13=no ]
+ )
+if test "x$ENABLED_DTLS13" = "xyes"
+then
+ if test "x$ENABLED_DTLS" != "xyes" || test "x$ENABLED_TLS13" != "xyes"
+ then
+ AC_MSG_ERROR([You need to enable both DTLS and TLSv1.3 to use DTLSv1.3])
+ fi
+ if test "x$ENABLED_AES" = "xyes"
+ then
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
+ fi
+fi
# CODING
AC_ARG_ENABLE([coding],
@@ -7850,6 +7866,7 @@ AM_CONDITIONAL([BUILD_HMAC],[test "x$ENABLED_HMAC" = "xyes"])
AM_CONDITIONAL([BUILD_ERROR_STRINGS],[test "x$ENABLED_ERROR_STRINGS" = "xyes"])
AM_CONDITIONAL([BUILD_DO178],[test "x$ENABLED_DO178" = "xyes"])
AM_CONDITIONAL([BUILD_PSA],[test "x$ENABLED_PSA" = "xyes"])
+AM_CONDITIONAL([BUILD_DTLS13],[test "x$ENABLED_DTLS13" = "xyes"])
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
(test "$ax_enable_debug" = "yes" ||
@@ -8169,6 +8186,7 @@ echo " * chrony: $ENABLED_CHRONY"
echo " * strongSwan: $ENABLED_STRONGSWAN"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
+echo " * DTLS v1.3: $ENABLED_DTLS13"
echo " * SCTP: $ENABLED_SCTP"
echo " * SRTP: $ENABLED_SRTP"
echo " * Indefinite Length: $ENABLED_BER_INDEF"
diff --git a/src/dtls13.c b/src/dtls13.c
new file mode 100644
index 000000000..209ce30c8
--- /dev/null
+++ b/src/dtls13.c
@@ -0,0 +1,30 @@
+/* dtls13.c
+ *
+ * Copyright (C) 2006-2022 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include
+#endif
+
+#include
+
+#ifdef WOLFSSL_DTLS13
+
+#endif /* WOLFSSL_DTLS13 */
diff --git a/src/include.am b/src/include.am
index c30935e49..7e3e466aa 100644
--- a/src/include.am
+++ b/src/include.am
@@ -693,6 +693,10 @@ if BUILD_SNIFFER
src_libwolfssl_la_SOURCES += src/sniffer.c
endif
+if BUILD_DTLS13
+src_libwolfssl_la_SOURCES += src/dtls13.c
+endif
+
endif !BUILD_CRYPTONLY
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index cc3e1b204..fc71c3480 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2700,6 +2700,17 @@ extern void uITRON4_free(void *p) ;
#define NO_SESSION_CACHE_REF
#endif
+/* DTLS v1.3 requires AES ECB if using AES */
+#if defined(WOLFSSL_DTLS13) && !defined(NO_AES) && \
+ !defined(WOLFSSL_AES_DIRECT)
+#define WOLFSSL_AES_DIRECT
+#endif
+
+#if defined(WOLFSSL_DTLS13) && (!defined(WOLFSSL_DTLS) || \
+ !defined(WOLFSSL_TLS13))
+#error "DTLS v1.3 requires both WOLFSSL_TLS13 and WOLFSSL_DTLS"
+#endif
+
/* ---------------------------------------------------------------------------
* Depricated Algorithm Handling