From 4e7151f8800bd4f7b94509b1eca2d71ea5e3d15b Mon Sep 17 00:00:00 2001
From: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Date: Mon, 27 Feb 2023 16:45:58 +0100
Subject: DTLS1_3: server support

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
---
 lib/handshake.c         | 16 +++++++++++-----
 lib/tls13/hello_retry.c |  9 ++++++++-
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/lib/handshake.c b/lib/handshake.c
index 72f531da13..46df6c5e9e 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -471,12 +471,12 @@ _gnutls_negotiate_version(gnutls_session_t session,
 	if (aversion == NULL ||
 	    _gnutls_nversion_is_supported(session, major, minor) == 0) {
 
-		if (aversion && aversion->id == GNUTLS_TLS1_2) {
+		if (aversion && (aversion->id == GNUTLS_TLS1_2 || aversion->id == GNUTLS_DTLS1_2)) {
 			vers = _gnutls_version_max(session);
 			if (unlikely(vers == NULL))
 				return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES);
 
-			if (vers->id >= GNUTLS_TLS1_2) {
+			if (vers->id >= GNUTLS_TLS1_2 || vers->id >= GNUTLS_DTLS1_2) {
 				session->security_parameters.pversion = aversion;
 				return 0;
 			}
@@ -2481,8 +2481,13 @@ int _gnutls_send_server_hello(gnutls_session_t session, int again)
 			return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
 		if (vers->tls13_sem) {
-			vbytes[0] = 0x03; /* TLS1.2 */
-			vbytes[1] = 0x03;
+			if (IS_DTLS(session)) {
+				vbytes[0] = 0xfe; /* DTLS1.2 */
+				vbytes[1] = 0xfd;
+			} else {
+				vbytes[0] = 0x03; /* TLS1.2 */
+				vbytes[1] = 0x03;
+			}
 			extflag |= GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO;
 		} else {
 			vbytes[0] = vers->major;
@@ -3572,7 +3577,8 @@ static int handshake_server(gnutls_session_t session)
 			STATE = STATE1;
 		}
 
-		if (ret == GNUTLS_E_NO_COMMON_KEY_SHARE) {
+		ver = _gnutls_version_max(session);
+		if (ret == GNUTLS_E_NO_COMMON_KEY_SHARE || (ver->tls13_sem && IS_DTLS(session))) {
 			STATE = STATE90;
 			session->internals.hsk_flags |= HSK_HRR_SENT;
 			goto reset;
diff --git a/lib/tls13/hello_retry.c b/lib/tls13/hello_retry.c
index 1226733329..e20cbed210 100644
--- a/lib/tls13/hello_retry.c
+++ b/lib/tls13/hello_retry.c
@@ -35,7 +35,14 @@ int _gnutls13_send_hello_retry_request(gnutls_session_t session, unsigned again)
 	mbuffer_st *bufel = NULL;
 	gnutls_buffer_st buf;
 	const version_entry_st *ver;
-	const uint8_t vbuf[2] = {0x03, 0x03};
+	uint8_t vbuf[2];
+	if (IS_DTLS(session)) {
+		vbuf[0] = 0xfe;
+		vbuf[1] = 0xfd;
+	} else {
+		vbuf[0] = 0x03;
+		vbuf[1] = 0x03;
+	}
 
 	if (again == 0) {
 		ver = get_version(session);
-- 
cgit v1.2.1