Code review and jenkins fixes

doc/dox_comments/header_files/ssl.h

@@ -3971,7 +3971,8 @@ int  wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
     \sa wolfSSL_dtls_got_timeout
     \sa wolfSSL_dtls
 */
-int  wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz);
+int  wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer,
+                                   unsigned int peerSz);
 
 /*!
     \brief This function gets the sockaddr_in (of size peerSz) of the current
@@ -4042,7 +4043,8 @@ int  wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz);
     \sa wolfSSL_dtls_set_peer
     \sa wolfSSL_dtls
 */
-int  wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer, unsigned int* peerSz);
+int  wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer,
+                            unsigned int* peerSz);
 
 /*!
     \ingroup Debug
@@ -14286,9 +14288,13 @@ int  wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
 /*!
     \ingroup IO
 
-    \brief
+    \brief This function is called to inject data into the WOLFSSL object. This
+    is useful when data needs to be read from a single place and demultiplexed
+    into multiple connections. The caller should then call wolfSSL_read() to
+    extract the plaintext data from the WOLFSSL object.
 
-    \param [in] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
+    \param [in] ssl a pointer to a WOLFSSL structure, created using
+                    wolfSSL_new().
     \param [in] data data to inject into the ssl object.
     \param [in] sz number of bytes of data to inject.
 
@@ -15145,8 +15151,7 @@ int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer,
 \brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC
 9147.
 
- \return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code
- otherwise
+ \return WOLFSSL_SUCCESS if ConnectionID was correctly set in cid.
 
  \param ssl A WOLFSSL object pointern
  \param cid Pointer that will be set to the internal memory that holds the CID

src/dtls.c

@@ -1416,29 +1416,27 @@ int wolfSSL_dtls_cid_max_size(void)
     return DTLS_CID_MAX_SIZE;
 }
 
-void wolfSSL_dtls_cid_parse(const unsigned char* msg, unsigned int msgSz,
-        const unsigned char** cid, unsigned int cidSz)
+const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
+        unsigned int msgSz, unsigned int cidSz)
 {
-    if (cid == NULL)
-        return;
-    *cid = NULL;
     /* we need at least the first byte to check version */
     if (msg == NULL || cidSz == 0 || msgSz < OPAQUE8_LEN + cidSz)
-        return;
+        return NULL;
     if (msg[0] == dtls12_cid) {
         /* DTLS 1.2 CID packet */
         if (msgSz < DTLS_RECORD_HEADER_SZ + cidSz)
-            return;
+            return NULL;
         /* content type(1) + version(2) + epoch(2) + sequence(6) */
-        *cid = msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN +
+        return msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN +
                 OPAQUE32_LEN;
     }
     else if (Dtls13UnifiedHeaderCIDPresent(msg[0])) {
         /* DTLS 1.3 CID packet */
         if (msgSz < OPAQUE8_LEN + cidSz)
-            return;
-        *cid = msg + OPAQUE8_LEN;
+            return NULL;
+        return msg + OPAQUE8_LEN;
     }
+    return NULL;
 }
 #endif /* WOLFSSL_DTLS_CID */
 

src/internal.c

@@ -11523,8 +11523,7 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
         if (ssl->buffers.inputBuffer.length - *inOutIdx <
                 (word32)cidSz + LENGTH_SZ)
             return LENGTH_ERROR;
-        if (cidSz != DtlsGetCidRxSize(ssl) ||
-                wolfSSL_dtls_cid_get0_rx(ssl, &ourCid)   != WOLFSSL_SUCCESS)
+        if (wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS)
             return DTLS_CID_ERROR;
         if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, ourCid, cidSz)
                 != 0)

src/ssl.c

@@ -1923,14 +1923,16 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
 int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
 {
 #ifdef WOLFSSL_DTLS
-    int ret = WOLFSSL_FAILURE;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
 
     if (ssl == NULL)
         return WOLFSSL_FAILURE;
 
     if (ssl->buffers.dtlsCtx.peer.sa != NULL &&
             ssl->buffers.dtlsCtx.peer.sz == peerSz &&
-            XMEMCMP(ssl->buffers.dtlsCtx.peer.sa, peer, peerSz) == 0) {
+            sockAddrEqual((SOCKADDR_S*)ssl->buffers.dtlsCtx.peer.sa,
+                    (XSOCKLENT)ssl->buffers.dtlsCtx.peer.sz, (SOCKADDR_S*)peer,
+                    (XSOCKLENT)peerSz)) {
         /* Already the current peer. */
         if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) {
             /* Clear any other pendingPeer */
@@ -2963,7 +2965,7 @@ int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz)
     int maxLength;
     int usedLength;
 
-    WOLFSSL_ENTER("wolfSSL_read_internal");
+    WOLFSSL_ENTER("wolfSSL_inject");
 
     if (ssl == NULL || data == NULL || sz <= 0)
         return BAD_FUNC_ARG;
@@ -10535,7 +10537,7 @@ static int chGoodDisableReadCB(WOLFSSL* ssl, void* ctx)
 int wolfDTLS_accept_stateless(WOLFSSL* ssl)
 {
     byte disableRead;
-    int ret = WOLFSSL_FATAL_ERROR;
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     struct chGoodDisableReadCbCtx cb;
 
     WOLFSSL_ENTER("wolfDTLS_SetChGoodCb");

src/wolfio.c

@@ -569,7 +569,7 @@ STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags,
     #define DTLS_RECVFROM_FUNCTION recvfrom
 #endif
 
-static int sockAddrEqual(
+int sockAddrEqual(
     SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen)
 {
     if (aLen != bLen)
@@ -690,6 +690,10 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
             newPeer = 1;
             peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
         }
+        else if (!ssl->options.dtlsStateful) {
+            newPeer = 1;
+            peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
+        }
         else {
             peer = &lclPeer;
             XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer));
@@ -853,8 +857,8 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
                 dtlsCtx->peer.sz = peerSz;
             }
 #ifndef WOLFSSL_PEER_ADDRESS_CHANGES
-            else if ((dtlsCtx->peer.sz != (unsigned int)peerSz) ||
-                     (XMEMCMP(peer, dtlsCtx->peer.sa, peerSz) != 0)) {
+            else if (!sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa,
+                                    dtlsCtx->peer.sz)) {
                 return WOLFSSL_CBIO_ERR_GENERAL;
             }
 #endif

tests/api.c

@@ -100255,7 +100255,6 @@ static int test_wolfSSL_dtls_cid_parse(void)
 {
     EXPECT_DECLS;
 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)
-    const unsigned char* cid = NULL;
     /* Taken from Wireshark. Right-click -> copy -> ... as escaped string */
     /* Plaintext ServerHelloDone. No CID. */
     byte noCid[] =
@@ -100273,14 +100272,9 @@ static int test_wolfSSL_dtls_cid_parse(void)
             "\xe7\x23\x2c\xad\x65\x83\xa8\xf4\xbf\xbf\x7b\x25\x16\x80\x19\xc3" \
             "\x81\xda\xf5\x3f";
 
-    wolfSSL_dtls_cid_parse(noCid, sizeof(noCid), &cid, 8);
-    ExpectPtrEq(cid, NULL);
-    wolfSSL_dtls_cid_parse(cid12, sizeof(cid12), &cid, 8);
-    ExpectPtrEq(cid, cid12 + 11);
-    wolfSSL_dtls_cid_parse(cid13, sizeof(cid13), &cid, 8);
-    ExpectPtrEq(cid, cid13 + 1);
-
-
+    ExpectPtrEq(wolfSSL_dtls_cid_parse(noCid, sizeof(noCid), 8), NULL);
+    ExpectPtrEq(wolfSSL_dtls_cid_parse(cid12, sizeof(cid12), 8), cid12 + 11);
+    ExpectPtrEq(wolfSSL_dtls_cid_parse(cid13, sizeof(cid13), 8), cid13 + 1);
 #endif
     return EXPECT_RESULT();
 }

wolfssl/internal.h

@@ -6717,6 +6717,10 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl);
     WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl,
             const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13);
 #endif /* !defined(NO_WOLFSSL_SERVER) */
+#if !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
+    WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen,
+                                    SOCKADDR_S *b, XSOCKLENT bLen);
+#endif
 #endif /* WOLFSSL_DTLS */
 
 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)

wolfssl/ssl.h

@@ -5862,8 +5862,8 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer,
     unsigned int bufferSz);
 WOLFSSL_API int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid);
 WOLFSSL_API int wolfSSL_dtls_cid_max_size(void);
-WOLFSSL_API void wolfSSL_dtls_cid_parse(const unsigned char* msg,
-        unsigned int msgSz, const unsigned char** cid, unsigned int cidSz);
+WOLFSSL_API const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
+        unsigned int msgSz, unsigned int cidSz);
 #endif /* defined(WOLFSSL_DTLS_CID) */
 
 #ifdef WOLFSSL_DTLS_CH_FRAG