DTLS 1.3: Don't add HRR to ssl->dtls13Rtx

Signed-off-by: Marco Oliverio <marco@wolfssl.com>

src/dtls13.c

@@ -811,7 +811,7 @@ static int Dtls13SendOneFragmentRtx(WOLFSSL* ssl,
     enum HandShakeType handshakeType, word16 outputSize, byte* message,
     word32 length, int hashOutput)
 {
-    Dtls13RtxRecord* rtxRecord;
+    Dtls13RtxRecord* rtxRecord = NULL;
     word16 recordHeaderLength;
     byte isProtected;
     int ret;
@@ -819,20 +819,23 @@ static int Dtls13SendOneFragmentRtx(WOLFSSL* ssl,
     isProtected = Dtls13TypeIsEncrypted(handshakeType);
     recordHeaderLength = Dtls13GetRlHeaderLength(ssl, isProtected);
 
-    rtxRecord = Dtls13RtxNewRecord(ssl, message + recordHeaderLength,
+    if (handshakeType != hello_retry_request) {
-        (word16)(length - recordHeaderLength), handshakeType,
+        rtxRecord = Dtls13RtxNewRecord(ssl, message + recordHeaderLength,
-        ssl->dtls13EncryptEpoch->nextSeqNumber);
+            (word16)(length - recordHeaderLength), handshakeType,
-
+            ssl->dtls13EncryptEpoch->nextSeqNumber);
-    if (rtxRecord == NULL)
+        if (rtxRecord == NULL)
-        return MEMORY_E;
+            return MEMORY_E;
+    }
 
     ret = Dtls13SendFragment(ssl, message, outputSize, (word16)length,
         handshakeType, hashOutput, Dtls13SendNow(ssl, handshakeType));
 
-    if (ret == 0 || ret == WANT_WRITE)
+    if (rtxRecord != NULL) {
-        Dtls13RtxAddRecord(&ssl->dtls13Rtx, rtxRecord);
+        if (ret == 0 || ret == WANT_WRITE)
-    else
+            Dtls13RtxAddRecord(&ssl->dtls13Rtx, rtxRecord);
-        Dtls13FreeRtxBufferRecord(ssl, rtxRecord);
+        else
+            Dtls13FreeRtxBufferRecord(ssl, rtxRecord);
+    }
 
     return ret;
 }