Merge pull request #5518 from CallumMcLoughlin/master

Allow Post Quantum Keyshare for DTLS 1.3

examples/client/client.c

@@ -2838,8 +2838,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             fprintf(stderr,
                    "WARNING: If a TLS 1.3 connection is not negotiated, you "
                    "will not be using a post-quantum group.\n");
-        else if (version != 4)
+        else if (version != 4 && version != -4)
-            err_sys("can only use post-quantum groups with TLS 1.3");
+            err_sys("can only use post-quantum groups with TLS 1.3 or DTLS 1.3");
     }
 #endif
 

examples/server/server.c

@@ -2368,8 +2368,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             fprintf(stderr,
                    "WARNING: If a TLS 1.3 connection is not negotiated, you "
                    "will not be using a post-quantum group.\n");
-        } else if (version != 4) {
+        } else if (version != 4 && version != -4) {
-            err_sys("can only use post-quantum groups with TLS 1.3");
+            err_sys("can only use post-quantum groups with TLS 1.3 or DTLS 1.3");
         }
     }
 #endif
@@ -3104,7 +3104,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
     #endif
 
     #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
-        if (version >= 4) {
+        if (version >= 4 || version == -4) {
             #ifdef CAN_FORCE_CURVE
             if (force_curve_group_id > 0) {
                 do {

src/tls13.c

@@ -10659,7 +10659,7 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group)
     if (WOLFSSL_NAMED_GROUP_IS_PQC(group)) {
 
         if (ssl->ctx != NULL && ssl->ctx->method != NULL &&
-            ssl->ctx->method->version.minor != TLSv1_3_MINOR) {
+            !IsAtLeastTLSv1_3(ssl->version)) {
             return BAD_FUNC_ARG;
         }