diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 4d816fc936..710fd3cb61 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -3971,7 +3971,8 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz); \sa wolfSSL_dtls_got_timeout \sa wolfSSL_dtls */ -int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz); +int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, + unsigned int peerSz); /*! \brief This function gets the sockaddr_in (of size peerSz) of the current @@ -4042,7 +4043,8 @@ int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz); \sa wolfSSL_dtls_set_peer \sa wolfSSL_dtls */ -int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer, unsigned int* peerSz); +int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer, + unsigned int* peerSz); /*! \ingroup Debug @@ -14286,7 +14288,10 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, /*! \ingroup IO - \brief + \brief This function is called to inject data into the WOLFSSL object. This + is useful when data needs to be read from a single place and demultiplexed + into multiple connections. The caller should then call wolfSSL_read() to + extract the plaintext data from the WOLFSSL object. \param [in] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). \param [in] data data to inject into the ssl object. @@ -15145,8 +15150,7 @@ int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer, \brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC 9147. - \return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code - otherwise + \return WOLFSSL_SUCCESS if ConnectionID was correctly set in cid. \param ssl A WOLFSSL object pointern \param cid Pointer that will be set to the internal memory that holds the CID diff --git a/src/internal.c b/src/internal.c index 4dc92f165d..166c1da234 100644 --- a/src/internal.c +++ b/src/internal.c @@ -11523,8 +11523,7 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, if (ssl->buffers.inputBuffer.length - *inOutIdx < (word32)cidSz + LENGTH_SZ) return LENGTH_ERROR; - if (cidSz != DtlsGetCidRxSize(ssl) || - wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS) + if (wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS) return DTLS_CID_ERROR; if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, ourCid, cidSz) != 0) diff --git a/src/ssl.c b/src/ssl.c index ad59a0e470..012941ec46 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1930,7 +1930,9 @@ int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz) if (ssl->buffers.dtlsCtx.peer.sa != NULL && ssl->buffers.dtlsCtx.peer.sz == peerSz && - XMEMCMP(ssl->buffers.dtlsCtx.peer.sa, peer, peerSz) == 0) { + sockAddrEqual((SOCKADDR_S*)ssl->buffers.dtlsCtx.peer.sa, + (XSOCKLENT)ssl->buffers.dtlsCtx.peer.sz, (SOCKADDR_S*)peer, + (XSOCKLENT)peerSz)) { /* Already the current peer. */ if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) { /* Clear any other pendingPeer */ @@ -2963,7 +2965,7 @@ int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz) int maxLength; int usedLength; - WOLFSSL_ENTER("wolfSSL_read_internal"); + WOLFSSL_ENTER("wolfSSL_inject"); if (ssl == NULL || data == NULL || sz <= 0) return BAD_FUNC_ARG; diff --git a/src/wolfio.c b/src/wolfio.c index 3aed642675..1e31f7304f 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -569,7 +569,7 @@ STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags, #define DTLS_RECVFROM_FUNCTION recvfrom #endif -static int sockAddrEqual( +int sockAddrEqual( SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen) { if (aLen != bLen) @@ -690,6 +690,10 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) newPeer = 1; peer = (SOCKADDR_S*)dtlsCtx->peer.sa; } + else if (!ssl->options.dtlsStateful) { + newPeer = 1; + peer = (SOCKADDR_S*)dtlsCtx->peer.sa; + } else { peer = &lclPeer; XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer)); @@ -853,8 +857,8 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) dtlsCtx->peer.sz = peerSz; } #ifndef WOLFSSL_PEER_ADDRESS_CHANGES - else if ((dtlsCtx->peer.sz != (unsigned int)peerSz) || - (XMEMCMP(peer, dtlsCtx->peer.sa, peerSz) != 0)) { + else if (!sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa, + dtlsCtx->peer.sz)) { return WOLFSSL_CBIO_ERR_GENERAL; } #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index f2c63eeeb3..b01c1e7c2e 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -6717,6 +6717,10 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl); WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13); #endif /* !defined(NO_WOLFSSL_SERVER) */ +#if !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO) + WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen, + SOCKADDR_S *b, XSOCKLENT bLen); +#endif #endif /* WOLFSSL_DTLS */ #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)