Revert change regarding ssl->options.cacheMessages

Frauschi · Frauschi · commit b3b3b2531116 · 2026-03-04T15:39:18.000+01:00
diff --git a/src/internal.c b/src/internal.c
@@ -18566,12 +18566,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                ((defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)) || \
                 (defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \
                 (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
-        if ((ssl->options.resuming || !ssl->options.verifyPeer ||
-               !IsAtLeastTLSv1_2(ssl) || IsAtLeastTLSv1_3(ssl->version))
-        #ifdef WOLFSSL_DTLS
-               && !ssl->options.dtls
-        #endif
-               ) {
+        if (ssl->options.resuming || !ssl->options.verifyPeer || \
+                     !IsAtLeastTLSv1_2(ssl) || IsAtLeastTLSv1_3(ssl->version)) {
         #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
             if (ret != WC_NO_ERR_TRACE(WC_PENDING_E) &&
                 ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))
diff --git a/src/tls13.c b/src/tls13.c
@@ -6436,17 +6436,6 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
     cookieData = cookie->data;
     idx = OPAQUE8_LEN;
 
-#ifdef WOLFSSL_DTLS13
-    /* Restore the HRR key share group from the cookie.
-     * Cookie Data = Hash Len (1B) | Hash | CS (2B) | KS Group (2B, optional)
-     */
-    if (cookieDataSz == hashSz + 5) {
-        word16 keyShareGroup = 0;
-        ato16(cookieData + hashSz + 3, &keyShareGroup);
-        ssl->hrr_keyshare_group = keyShareGroup;
-    }
-#endif /* WOLFSSL_DTLS13 */
-
     /* Restart handshake hash with synthetic message hash. */
     AddTls13HandShakeHeader(header, hashSz, 0, 0, message_hash, ssl);
 
@@ -6513,6 +6502,8 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
         hrrIdx += 2;
         c16toa(OPAQUE16_LEN, hrr + hrrIdx);
         hrrIdx += 2;
+        /* Restore the HRR key share group from the cookie. */
+        ato16(cookieData + idx, &ssl->hrr_keyshare_group);
         hrr[hrrIdx++] = cookieData[idx++];
         hrr[hrrIdx++] = cookieData[idx++];
     }
diff --git a/tests/api.c b/tests/api.c
@@ -24180,6 +24180,12 @@ static word32 test_wolfSSL_dtls_stateless_HashWOLFSSL(const WOLFSSL* ssl)
     sslCopy.keys.dtls_peer_handshake_number = 0;
     XMEMSET(&sslCopy.alert_history, 0, sizeof(sslCopy.alert_history));
     sslCopy.hsHashes = NULL;
+#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
+    ((defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)) || \
+     (defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \
+     (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
+    sslCopy.options.cacheMessages = 0;
+#endif
 #ifdef WOLFSSL_ASYNC_IO
 #ifdef WOLFSSL_ASYNC_CRYPT
     sslCopy.asyncDev = NULL;
