From aee81764f290b57f49fc3ee159fb32d0a9237902 Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Mon, 5 Sep 2022 16:46:09 +0200
Subject: [PATCH] fix: dtls13: do not negotiate ConnectionID in
 HelloRetryRequest

---
 src/dtls.c  | 13 ++++++++++++-
 src/tls13.c | 16 ++++++++++------
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/src/dtls.c b/src/dtls.c
index e1883663b..5c5869de9 100644
--- a/src/dtls.c
+++ b/src/dtls.c
@@ -240,9 +240,20 @@ int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     }
 
     info = DtlsCidGetInfo(ssl);
-    if (info == NULL || info->tx != NULL)
+    if (info == NULL)
         return BAD_STATE_E;
 
+    /* it may happen if we process two ClientHello because the server sent an
+     * HRR request */
+    if (info->tx != NULL) {
+        if (ssl->options.side != WOLFSSL_SERVER_END &&
+            ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE)
+            return BAD_STATE_E;
+
+        XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX);
+        info->tx = NULL;
+    }
+
     if (length < OPAQUE8_LEN)
         return BUFFER_ERROR;
 
diff --git a/src/tls13.c b/src/tls13.c
index e2d058019..105a2f368 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -4086,7 +4086,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 
 #ifdef WOLFSSL_DTLS_CID
-    if (ssl->options.useDtlsCID)
+    if (ssl->options.useDtlsCID && *extMsgType == server_hello)
         DtlsCIDOnExtensionsParsed(ssl);
 #endif /* WOLFSSL_DTLS_CID */
 
@@ -5522,11 +5522,6 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         goto exit_dch;
     }
 
-#ifdef WOLFSSL_DTLS_CID
-    if (ssl->options.useDtlsCID)
-        DtlsCIDOnExtensionsParsed(ssl);
-#endif /* WOLFSSL_DTLS_CID */
-
 #ifdef HAVE_SNI
         if ((ret = SNI_Callback(ssl)) != 0)
             return ret;
@@ -5722,6 +5717,15 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     }
 #endif /* WOLFSSL_DTLS13 */
 
+#ifdef WOLFSSL_DTLS_CID
+    /* do not modify CID state if we are sending an HRR  */
+    if (ssl->options.useDtlsCID &&
+            ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE)
+        DtlsCIDOnExtensionsParsed(ssl);
+#endif /* WOLFSSL_DTLS_CID */
+
+
+
 exit_dch:
 
     WOLFSSL_LEAVE("DoTls13ClientHello", ret);