From 88ec118e896cf333e3855dec23364cc9489fcf60 Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Tue, 30 Aug 2022 09:10:37 +0200
Subject: [PATCH] dtls13: drop unencrypted messages after epoch 1

---
 src/internal.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index f4bd65d6c..e08f86a9b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -18870,6 +18870,15 @@ static int DtlsShouldDrop(WOLFSSL* ssl, int retcode)
         return 1;
     }
 
+#ifdef WOLFSSL_DTLS13
+    if (IsAtLeastTLSv1_3(ssl->version) && !w64IsZero(ssl->dtls13Epoch)
+            && w64IsZero(ssl->keys.curEpoch64) && ssl->curRL.type != ack) {
+        WOLFSSL_MSG("Silently dropping plaintext DTLS message "
+                    "during encrypted handshake.");
+        return 1;
+    }
+#endif /* WOLFSSL_DTLS13 */
+
 #ifndef NO_WOLFSSL_SERVER
     if (ssl->options.side == WOLFSSL_SERVER_END
             && ssl->curRL.type != handshake) {