Use explicit field to signal that we received a unified hdr

src/dtls.c

@@ -75,6 +75,7 @@ void DtlsResetState(WOLFSSL* ssl)
     ssl->options.connectState = CONNECT_BEGIN;
     ssl->options.acceptState = ACCEPT_BEGIN;
     ssl->options.handShakeState = NULL_STATE;
+    ssl->options.seenUnifiedHdr = 0;
     ssl->msgsReceived.got_client_hello = 0;
     ssl->keys.dtls_handshake_number = 0;
     ssl->keys.dtls_expected_peer_handshake_number = 0;

src/dtls13.c

@@ -820,10 +820,9 @@ static int Dtls13RtxMsgRecvd(WOLFSSL* ssl, enum HandShakeType hs,
            messages. */
         /* We don't want to clear the buffer until we have done version
          * negotiation in the SH or have received a unified header in the
-         * DTLS record (ssl->dtls13Rtx.sendAcks should only be set when that
-         * is true). */
+         * DTLS record. */
         if (ssl->options.serverState >= SERVER_HELLO_COMPLETE ||
-                    ssl->dtls13Rtx.sendAcks)
+                    ssl->options.seenUnifiedHdr)
             /* Use 1.2 API to clear 1.2 buffers too */
             DtlsMsgPoolReset(ssl);
     }
@@ -2491,11 +2490,10 @@ int Dtls13RtxTimeout(WOLFSSL* ssl)
 
     /* We don't want to send acks until we have done version
      * negotiation in the SH or have received a unified header in the
-     * DTLS record (ssl->dtls13Rtx.sendAcks should only be set when that
-     * is true). */
+     * DTLS record. */
     if (ssl->dtls13Rtx.seenRecords != NULL &&
             (ssl->options.serverState >= SERVER_HELLO_COMPLETE ||
-                    ssl->dtls13Rtx.sendAcks)) {
+                    ssl->options.seenUnifiedHdr)) {
         ssl->dtls13Rtx.sendAcks = 0;
         /* reset fast timeout as we are sending ACKs */
         ssl->dtls13FastTimeout = 0;

src/internal.c

@@ -10744,6 +10744,7 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
     int ret;
 
     if (Dtls13IsUnifiedHeader(*(ssl->buffers.inputBuffer.buffer + *inOutIdx))) {
+        ssl->options.seenUnifiedHdr = 1; /* We can send ACKs to the peer */
 
         /* version 1.3 already negotiated */
         if (ssl->options.tls1_3) {

src/ssl.c

@@ -12460,14 +12460,15 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
 
 #ifdef WOLFSSL_DTLS13
                 if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)
-                    && ssl->dtls13Rtx.sendAcks == 1) {
-                    ssl->dtls13Rtx.sendAcks = 0;
+                    && ssl->dtls13Rtx.sendAcks == 1
+                    && ssl->options.seenUnifiedHdr) {
                     /* we aren't negotiated the version yet, so we aren't sure
                      * the other end can speak v1.3. On the other side we have
                      * received a unified records, assuming that the
                      * ServerHello got lost, we will send an empty ACK. In case
                      * the server is a DTLS with version less than 1.3, it
                      * should just ignore the message */
+                    ssl->dtls13Rtx.sendAcks = 0;
                     if ((ssl->error = SendDtls13Ack(ssl)) < 0) {
                         if (ssl->error == WANT_WRITE)
                             ssl->dtls13SendingAckOrRtx = 1;

wolfssl/internal.h

@@ -4610,6 +4610,7 @@ struct Options {
     word16            tls:1;              /* using TLS ? */
     word16            tls1_1:1;           /* using TLSv1.1+ ? */
     word16            tls1_3:1;           /* using TLSv1.3+ ? */
+    word16            seenUnifiedHdr:1;   /* received msg with unified header */
     word16            dtls:1;             /* using datagrams ? */
     word16            dtlsStateful:1;     /* allow stateful processing ? */
     word16            connReset:1;        /* has the peer reset */