From c3ed12b4fd63af15c0daed5996f25c1139a02a2c Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 10 Dec 2024 14:29:46 +0100
Subject: [PATCH] Code review

---
 doc/dox_comments/header_files/ssl.h |  8 +++++---
 src/internal.c                      |  3 +--
 src/ssl.c                           |  6 ++++--
 src/wolfio.c                        | 10 +++++++---
 wolfssl/internal.h                  |  2 ++
 5 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h
index 4d816fc936..4d1ed9255f 100644
--- a/doc/dox_comments/header_files/ssl.h
+++ b/doc/dox_comments/header_files/ssl.h
@@ -14286,7 +14286,10 @@ int  wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz,
 /*!
     \ingroup IO
 
-    \brief
+    \brief This function is called to inject data into the WOLFSSL object. This
+    is useful when data needs to be read from a single place and demultiplexed
+    into multiple connections. The caller should then call wolfSSL_read() to
+    extract the plaintext data from the WOLFSSL object.
 
     \param [in] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
     \param [in] data data to inject into the ssl object.
@@ -15145,8 +15148,7 @@ int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer,
 \brief Get the ConnectionID used by the other peer. See RFC 9146 and RFC
 9147.
 
- \return WOLFSSL_SUCCESS if ConnectionID was correctly copied, error code
- otherwise
+ \return WOLFSSL_SUCCESS if ConnectionID was correctly set in cid.
 
  \param ssl A WOLFSSL object pointern
  \param cid Pointer that will be set to the internal memory that holds the CID
diff --git a/src/internal.c b/src/internal.c
index 4dc92f165d..166c1da234 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -11523,8 +11523,7 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx,
         if (ssl->buffers.inputBuffer.length - *inOutIdx <
                 (word32)cidSz + LENGTH_SZ)
             return LENGTH_ERROR;
-        if (cidSz != DtlsGetCidRxSize(ssl) ||
-                wolfSSL_dtls_cid_get0_rx(ssl, &ourCid)   != WOLFSSL_SUCCESS)
+        if (wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS)
             return DTLS_CID_ERROR;
         if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, ourCid, cidSz)
                 != 0)
diff --git a/src/ssl.c b/src/ssl.c
index ad59a0e470..012941ec46 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1930,7 +1930,9 @@ int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
 
     if (ssl->buffers.dtlsCtx.peer.sa != NULL &&
             ssl->buffers.dtlsCtx.peer.sz == peerSz &&
-            XMEMCMP(ssl->buffers.dtlsCtx.peer.sa, peer, peerSz) == 0) {
+            sockAddrEqual((SOCKADDR_S*)ssl->buffers.dtlsCtx.peer.sa,
+                    (XSOCKLENT)ssl->buffers.dtlsCtx.peer.sz, (SOCKADDR_S*)peer,
+                    (XSOCKLENT)peerSz)) {
         /* Already the current peer. */
         if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) {
             /* Clear any other pendingPeer */
@@ -2963,7 +2965,7 @@ int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz)
     int maxLength;
     int usedLength;
 
-    WOLFSSL_ENTER("wolfSSL_read_internal");
+    WOLFSSL_ENTER("wolfSSL_inject");
 
     if (ssl == NULL || data == NULL || sz <= 0)
         return BAD_FUNC_ARG;
diff --git a/src/wolfio.c b/src/wolfio.c
index 3aed642675..1e31f7304f 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -569,7 +569,7 @@ STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags,
     #define DTLS_RECVFROM_FUNCTION recvfrom
 #endif
 
-static int sockAddrEqual(
+int sockAddrEqual(
     SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen)
 {
     if (aLen != bLen)
@@ -690,6 +690,10 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
             newPeer = 1;
             peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
         }
+        else if (!ssl->options.dtlsStateful) {
+            newPeer = 1;
+            peer = (SOCKADDR_S*)dtlsCtx->peer.sa;
+        }
         else {
             peer = &lclPeer;
             XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer));
@@ -853,8 +857,8 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
                 dtlsCtx->peer.sz = peerSz;
             }
 #ifndef WOLFSSL_PEER_ADDRESS_CHANGES
-            else if ((dtlsCtx->peer.sz != (unsigned int)peerSz) ||
-                     (XMEMCMP(peer, dtlsCtx->peer.sa, peerSz) != 0)) {
+            else if (!sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa,
+                                    dtlsCtx->peer.sz)) {
                 return WOLFSSL_CBIO_ERR_GENERAL;
             }
 #endif
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index f2c63eeeb3..de262ffbae 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -6717,6 +6717,8 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl);
     WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl,
             const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13);
 #endif /* !defined(NO_WOLFSSL_SERVER) */
+    WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen,
+                                    SOCKADDR_S *b, XSOCKLENT bLen);
 #endif /* WOLFSSL_DTLS */
 
 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)