wolfDTLS_accept_stateless: Fix handling for early data

- wolfDTLS_accept_stateless now returns before sending any flights. This allows the user to retrieve early data.
- wolfio.c: Clearing `userSet` allows our callback to change the address while in stateless parsing

Author: julek-wolfssl

src/ssl.c

@@ -11012,6 +11012,12 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
             FALL_THROUGH;
 
         case ACCEPT_FIRST_REPLY_DONE :
+            if (ssl->options.returnOnGoodCh) {
+                /* Higher level in stack wants us to return. Simulate a
+                 * WANT_WRITE to accomplish this. */
+                ssl->error = WANT_WRITE;
+                return WOLFSSL_FATAL_ERROR;
+            }
             if ( (ssl->error = SendServerHello(ssl)) != 0) {
             #ifdef WOLFSSL_CHECK_ALERT_ON_ERR
                 ProcessReplyEx(ssl, 1); /* See if an alert was sent. */
@@ -11312,15 +11318,19 @@ int wolfDTLS_accept_stateless(WOLFSSL* ssl)
     if (wolfDTLS_SetChGoodCb(ssl, chGoodDisableReadCB, &cb) != WOLFSSL_SUCCESS)
         return WOLFSSL_FATAL_ERROR;
 
+    ssl->options.returnOnGoodCh = 1;
     ret = wolfSSL_accept(ssl);
+    ssl->options.returnOnGoodCh = 0;
     /* restore user options */
     ssl->options.disableRead = disableRead;
     (void)wolfDTLS_SetChGoodCb(ssl, cb.userCb, cb.userCtx);
     if (ret == WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("should not happen. maybe the user called "
                     "wolfDTLS_accept_stateless instead of wolfSSL_accept");
     }
-    else if (ssl->error == WC_NO_ERR_TRACE(WANT_READ)) {
+    else if (ssl->error == WC_NO_ERR_TRACE(WANT_READ) ||
+             ssl->error == WC_NO_ERR_TRACE(WANT_WRITE)) {
+        ssl->error = 0;
         if (ssl->options.dtlsStateful)
             ret = WOLFSSL_SUCCESS;
         else

src/tls13.c

@@ -14647,6 +14647,12 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
             FALL_THROUGH;
 
         case TLS13_ACCEPT_SECOND_REPLY_DONE :
+            if (ssl->options.returnOnGoodCh) {
+                /* Higher level in stack wants us to return. Simulate a
+                 * WANT_WRITE to accomplish this. */
+                ssl->error = WANT_WRITE;
+                return WOLFSSL_FATAL_ERROR;
+            }
 
             if ((ssl->error = SendTls13ServerHello(ssl, server_hello)) != 0) {
                 WOLFSSL_ERROR(ssl->error);

src/wolfio.c

@@ -686,10 +686,6 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
         /* Store the peer address. It is used to calculate the DTLS cookie. */
         newPeer = dtlsCtx->peer.sa == NULL || !ssl->options.dtlsStateful;
         peer = &lclPeer;
-        if (dtlsCtx->peer.sa != NULL) {
-            XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, MIN(sizeof(lclPeer),
-                    dtlsCtx->peer.sz));
-        }
         peerSz = sizeof(lclPeer);
     }
 
@@ -856,6 +852,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
                 /* Store size of saved address. Locking handled internally. */
                 if (wolfSSL_dtls_set_peer(ssl, peer, peerSz) != WOLFSSL_SUCCESS)
                     return WOLFSSL_CBIO_ERR_GENERAL;
+                dtlsCtx->userSet = 0;
             }
 #ifndef WOLFSSL_PEER_ADDRESS_CHANGES
             else {

wolfssl/internal.h

@@ -5082,6 +5082,7 @@ struct Options {
 #endif
     word16            hrrSentKeyShare:1;  /* HRR sent with key share */
 #endif
+    word16            returnOnGoodCh:1;
     word16            disableRead:1;
 #ifdef WOLFSSL_DTLS
     byte              haveMcast;          /* using multicast ? */