dtlsv13: fix: send correct CH2 when server do not send HRR

[rizlik]

Description

Wolfssl wrongly discriminate between CH1 and CH2 by the Cookie looking at cookie extension, that is optional in HRR.

ZD#22000

[Copilot]

Pull request overview

Fixes DTLS 1.3 ClientHello (CH1 vs CH2) handling when the server sends a HelloRetryRequest (HRR) without the (optional) cookie extension, ensuring the client sends the correct CH2 key_share (and allows CH2 fragmentation) instead of mistakenly treating it like CH1.

Changes:

• Update SendTls13ClientHello() to decide “CH1 vs CH2” based on serverState (HRR completion) rather than presence of the cookie extension.
• Add a DTLS 1.3 API test that disables HRR cookies on the server and verifies CH2 still carries the real (large) PQ key share and can fragment.
• Register the new test in the DTLS 1.3 API test group.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
tests/api/test_dtls13.h	Adds prototype and registers the new DTLS 1.3 fragmentation/no-cookie test.
tests/api/test_dtls13.c	Implements test_dtls13_frag_ch_pq_no_cookie() to cover HRR without cookie extension.
src/tls13.c	Fixes CH1/CH2 discrimination for DTLS CH fragmentation logic by using HRR state instead of cookie extension presence.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

MemBrowse Memory Report

No memory changes detected for:

• gcc-arm-cortex-m0plus
• gcc-arm-cortex-m3
• gcc-arm-cortex-m4
• gcc-arm-cortex-m4-baremetal
• gcc-arm-cortex-m4-crypto-only
• gcc-arm-cortex-m4-dtls13
• gcc-arm-cortex-m4-min-ecc
• gcc-arm-cortex-m4-openssl-compat
• gcc-arm-cortex-m4-pkcs7
• gcc-arm-cortex-m4-pq
• gcc-arm-cortex-m4-rsa-only
• gcc-arm-cortex-m4-sp-math
• gcc-arm-cortex-m4-tls12
• gcc-arm-cortex-m4-tls13
• gcc-arm-cortex-m7
• gcc-arm-cortex-m7-pq
• gcc-arm-cortex-m7-tls13
• linuxkm-pie
• linuxkm-standard
• stm32-sim-stm32h753