From 1db036eb758a23ec27f5de4217b15898f5a9b503 Mon Sep 17 00:00:00 2001
From: Daniele Lacamera <dan@danielinux.net>
Date: Thu, 30 Aug 2018 11:47:02 +0200
Subject: [PATCH 1/4] RIOT-OS support with GNRC UDP/IP sockets

---
 src/wolfio.c                 | 74 ++++++++++++++++++++++++++++++++++++
 wolfssl/wolfcrypt/settings.h |  1 -
 wolfssl/wolfio.h             | 34 ++++++++++++++++-
 3 files changed, 107 insertions(+), 2 deletions(-)

diff --git a/src/wolfio.c b/src/wolfio.c
index 3462e2b3e..f7e35d9a8 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -2225,4 +2225,78 @@ int uIPGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
 
 #endif /* WOLFSSL_UIP */
 
+#ifdef WOLFSSL_GNRC
+
+#include <net/sock.h>
+#include <net/sock/tcp.h>
+#include <stdio.h>
+
+/* GNRC TCP/IP port, using the native tcp/udp socket api.
+ * TCP and UDP are currently supported with the callbacks below.
+ *
+ */
+/* The GNRC tcp send callback
+ * return : bytes sent, or error
+ */
+
+int GNRC_SendTo(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
+{
+    sock_tls_t *ctx = (sock_tls_t *)_ctx;
+    int ret = 0;
+    (void)ssl;
+    ret = sock_udp_send(&ctx->conn.udp, (unsigned char *)buf, sz, &ctx->peer_addr);
+    if (ret <= 0)
+        return 0;
+    return ret;
+}
+
+/* The GNRC TCP/IP receive callback
+ *  return : nb bytes read, or error
+ */
+int GNRC_Receive(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
+{
+    sock_udp_ep_t ep;
+    int ret;
+    uint32_t timeout = wolfSSL_dtls_get_current_timeout(ssl) * 1000000;
+    sock_tls_t *ctx = (sock_tls_t *)_ctx;
+    if (!ctx)
+        return -1;
+    (void)ssl;
+    if (wolfSSL_get_using_nonblock(ctx->ssl)) {
+        timeout = 0;
+    }
+    ret = sock_udp_recv(&ctx->conn.udp, buf, sz, timeout, &ep);
+    if (ret > 0) {
+        if (ctx->peer_addr.port == 0)
+            XMEMCPY(&ctx->peer_addr, &ep, sizeof(sock_udp_ep_t));
+    }
+    if (ret == -ETIMEDOUT) {
+        return WOLFSSL_CBIO_ERR_WANT_READ;
+    }
+    return ret;
+}
+
+/* GNRC DTLS Generate Cookie callback
+ *  return : number of bytes copied into buf, or error
+ */
+int GNRC_GenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
+{
+    sock_tls_t *ctx = (sock_tls_t *)_ctx;
+    byte token[32];
+    byte digest[WC_SHA_DIGEST_SIZE];
+    int  ret = 0;
+    (void)ssl;
+    XMEMSET(token, 0, sizeof(token));
+    XMEMCPY(token, &ctx->peer_addr, sizeof(sock_udp_ep_t));
+    ret = wc_ShaHash(token, sizeof(sock_udp_ep_t), digest);
+    if (ret != 0)
+        return ret;
+    if (sz > WC_SHA_DIGEST_SIZE)
+        sz = WC_SHA_DIGEST_SIZE;
+    XMEMCPY(buf, digest, sz);
+    return sz;
+}
+
+#endif /* WOLFSSL_GNRC */
+
 #endif /* WOLFCRYPT_ONLY */
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 6d7c283dc..34e2be78a 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -527,7 +527,6 @@
 #ifdef WOLFSSL_RIOT_OS
     #define NO_WRITEV
     #define TFM_NO_ASM
-    #define USE_FAST_MATH
     #define NO_FILESYSTEM
     #define USE_CERT_BUFFERS_2048
 #endif
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index 27290d0dc..fb50dc603 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -133,7 +133,8 @@
             #include "rtipapi.h"  /* errno */
             #include "socket.h"
         #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \
-                && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED)
+                && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \
+                && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS)
             #include <sys/socket.h>
             #include <arpa/inet.h>
             #include <netinet/in.h>
@@ -491,6 +492,37 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
 #endif
 
+#ifdef WOLFSSL_GNRC
+    #include <sock_types.h>
+    #include <net/gnrc.h>
+    #include <net/af.h>
+    #include <net/sock.h>
+    #include <net/gnrc/tcp.h>
+    #include <net/gnrc/udp.h>
+
+    struct gnrc_wolfssl_ctx {
+        union socket_connector {
+        #ifdef MODULE_SOCK_TCP
+            sock_tcp_t tcp;
+        #endif
+            sock_udp_t udp;
+        } conn;
+        WOLFSSL_CTX *ctx;
+        WOLFSSL *ssl;
+
+        int closing;
+        struct _sock_tl_ep peer_addr;
+    };
+
+    typedef struct gnrc_wolfssl_ctx sock_tls_t;
+
+    WOLFSSL_LOCAL int GNRC_Receive(WOLFSSL* ssl, char* buf, int sz,
+                                     void* ctx);
+    WOLFSSL_LOCAL int GNRC_SendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+
+#endif
+
+
 #ifdef WOLFSSL_DTLS
     typedef int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz,
                                      void* ctx);

From e77161ae9a314b44a54d5af50cd1aece216a4b54 Mon Sep 17 00:00:00 2001
From: Daniele Lacamera <dan@danielinux.net>
Date: Tue, 23 Jul 2019 08:47:31 +0200
Subject: [PATCH 2/4] Riot-OS/GNRC support: reworked after reviewers' comments

---
 src/internal.c               |  7 ++++++-
 src/wolfio.c                 | 28 ++++++++++++++++++----------
 wolfssl/internal.h           |  3 +++
 wolfssl/wolfcrypt/settings.h |  3 +++
 wolfssl/wolfio.h             |  2 +-
 5 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 439917b87..d4a30402c 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1706,6 +1706,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
     ctx->CBIORecv = Mynewt_Receive;
     ctx->CBIOSend = Mynewt_Send;
+#elif defined(WOLFSSL_GNRC)
+    ctx->CBIORecv = GNRC_Receive;
+    ctx->CBIOSend = GNRC_Send;
 #endif
 
 #ifdef HAVE_NTRU
@@ -5021,8 +5024,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     }
     ssl->IOCB_ReadCtx  = ssl->mnCtx;  /* default Mynewt IO ctx, same for read */
     ssl->IOCB_WriteCtx = ssl->mnCtx;  /* and write */
+#elif defined (WOLFSSL_GNRC)
+    ssl->IOCB_ReadCtx = ssl->gnrcCtx;
+    ssl->IOCB_WriteCtx = ssl->gnrcCtx;
 #endif
-
     /* initialize states */
     ssl->options.serverState = NULL_STATE;
     ssl->options.clientState = NULL_STATE;
diff --git a/src/wolfio.c b/src/wolfio.c
index f7e35d9a8..2fbb5d643 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -2164,6 +2164,8 @@ int uIPSend(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
             break;
         total_written += ret;
     } while(total_written < sz);
+    if (total_written == 0)
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
     return total_written;
 }
 
@@ -2173,8 +2175,8 @@ int uIPSendTo(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
     int ret = 0;
     (void)ssl;
     ret = udp_socket_sendto(&ctx->conn.udp, (unsigned char *)buf, sz, &ctx->peer_addr, ctx->peer_port );
-    if (ret <= 0)
-        return 0;
+    if (ret == 0)
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
     return ret;
 }
 
@@ -2239,14 +2241,14 @@ int uIPGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
  * return : bytes sent, or error
  */
 
-int GNRC_SendTo(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
+int GNRC_Send(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
 {
     sock_tls_t *ctx = (sock_tls_t *)_ctx;
     int ret = 0;
     (void)ssl;
     ret = sock_udp_send(&ctx->conn.udp, (unsigned char *)buf, sz, &ctx->peer_addr);
-    if (ret <= 0)
-        return 0;
+    if (ret == 0)
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
     return ret;
 }
 
@@ -2260,7 +2262,7 @@ int GNRC_Receive(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
     uint32_t timeout = wolfSSL_dtls_get_current_timeout(ssl) * 1000000;
     sock_tls_t *ctx = (sock_tls_t *)_ctx;
     if (!ctx)
-        return -1;
+        return WOLFSSL_CBIO_ERR_GENERAL;
     (void)ssl;
     if (wolfSSL_get_using_nonblock(ctx->ssl)) {
         timeout = 0;
@@ -2279,16 +2281,22 @@ int GNRC_Receive(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
 /* GNRC DTLS Generate Cookie callback
  *  return : number of bytes copied into buf, or error
  */
+#define GNRC_MAX_TOKEN_SIZE (32)
 int GNRC_GenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
 {
     sock_tls_t *ctx = (sock_tls_t *)_ctx;
-    byte token[32];
+    if (!ctx)
+        return WOLFSSL_CBIO_ERR_GENERAL;
+    byte token[GNRC_MAX_TOKEN_SIZE];
     byte digest[WC_SHA_DIGEST_SIZE];
     int  ret = 0;
+    size_t token_size = sizeof(sock_udp_ep_t);
     (void)ssl;
-    XMEMSET(token, 0, sizeof(token));
-    XMEMCPY(token, &ctx->peer_addr, sizeof(sock_udp_ep_t));
-    ret = wc_ShaHash(token, sizeof(sock_udp_ep_t), digest);
+    if (token_size > GNRC_MAX_TOKEN_SIZE)
+        token_size = GNRC_MAX_TOKEN_SIZE;
+    XMEMSET(token, 0, GNRC_MAX_TOKEN_SIZE);
+    XMEMCPY(token, &ctx->peer_addr, token_size);
+    ret = wc_ShaHash(token, token_size, digest);
     if (ret != 0)
         return ret;
     if (sz > WC_SHA_DIGEST_SIZE)
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 85d2ac1f8..9ee111a64 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -3924,6 +3924,9 @@ struct WOLFSSL {
 #if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
     void*           mnCtx;             /* mynewt mn_socket IO Context */
 #endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */
+#ifdef WOLFSSL_GNRC
+    struct gnrc_wolfssl_ctx *gnrcCtx;  /* Riot-OS GNRC UDP/IP context */
+#endif
 #ifdef SESSION_INDEX
     int sessionIndex;                  /* Session's location in the cache. */
 #endif
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 34e2be78a..897792d90 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -529,6 +529,9 @@
     #define TFM_NO_ASM
     #define NO_FILESYSTEM
     #define USE_CERT_BUFFERS_2048
+    #if defined(WOLFSSL_GNRC) && !defined(WOLFSSL_DTLS)
+        #define WOLFSSL_DTLS
+    #endif
 #endif
 
 #ifdef WOLFSSL_CHIBIOS
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index fb50dc603..428e893a6 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -518,7 +518,7 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
     WOLFSSL_LOCAL int GNRC_Receive(WOLFSSL* ssl, char* buf, int sz,
                                      void* ctx);
-    WOLFSSL_LOCAL int GNRC_SendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+    WOLFSSL_LOCAL int GNRC_Send(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 #endif
 

From 34b2d257cdc556430bd1bec5558d2b029ed16663 Mon Sep 17 00:00:00 2001
From: Daniele Lacamera <dan@danielinux.net>
Date: Tue, 23 Jul 2019 19:28:03 +0200
Subject: [PATCH 3/4] [RIOT-OS/GNRC] Renamed GNRC callback functions

---
 src/internal.c   | 4 ++--
 src/wolfio.c     | 6 ++++--
 wolfssl/wolfio.h | 4 ++--
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index d4a30402c..87eff77b1 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1707,8 +1707,8 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
     ctx->CBIORecv = Mynewt_Receive;
     ctx->CBIOSend = Mynewt_Send;
 #elif defined(WOLFSSL_GNRC)
-    ctx->CBIORecv = GNRC_Receive;
-    ctx->CBIOSend = GNRC_Send;
+    ctx->CBIORecv = GNRC_ReceiveFrom;
+    ctx->CBIOSend = GNRC_SendTo;
 #endif
 
 #ifdef HAVE_NTRU
diff --git a/src/wolfio.c b/src/wolfio.c
index 2fbb5d643..c53ac57ea 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -2241,11 +2241,13 @@ int uIPGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
  * return : bytes sent, or error
  */
 
-int GNRC_Send(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
+int GNRC_SendTo(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
 {
     sock_tls_t *ctx = (sock_tls_t *)_ctx;
     int ret = 0;
     (void)ssl;
+    if (!ctx)
+        return WOLFSSL_CBIO_ERR_GENERAL;
     ret = sock_udp_send(&ctx->conn.udp, (unsigned char *)buf, sz, &ctx->peer_addr);
     if (ret == 0)
         return WOLFSSL_CBIO_ERR_WANT_WRITE;
@@ -2255,7 +2257,7 @@ int GNRC_Send(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
 /* The GNRC TCP/IP receive callback
  *  return : nb bytes read, or error
  */
-int GNRC_Receive(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
+int GNRC_ReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
 {
     sock_udp_ep_t ep;
     int ret;
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index 428e893a6..d1b97017a 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -516,9 +516,9 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
     typedef struct gnrc_wolfssl_ctx sock_tls_t;
 
-    WOLFSSL_LOCAL int GNRC_Receive(WOLFSSL* ssl, char* buf, int sz,
+    WOLFSSL_LOCAL int GNRC_ReceiveFrom(WOLFSSL* ssl, char* buf, int sz,
                                      void* ctx);
-    WOLFSSL_LOCAL int GNRC_Send(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+    WOLFSSL_LOCAL int GNRC_SendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 #endif
 

From a8d2b6b3c88f21ddf1ce069da24d0607ea5b0d27 Mon Sep 17 00:00:00 2001
From: Daniele Lacamera <dan@danielinux.net>
Date: Thu, 1 Aug 2019 15:31:59 +0200
Subject: [PATCH 4/4] Removed exception for EXIT_TEST in RIOT

---
 wolfssl/wolfcrypt/types.h | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index cc54ada78..f192eef09 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -830,9 +830,7 @@
     #endif
 
 
-    #ifdef WOLFSSL_RIOT_OS
-        #define EXIT_TEST(ret) exit(ret)
-    #elif defined(HAVE_STACK_SIZE)
+    #if defined(HAVE_STACK_SIZE)
         #define EXIT_TEST(ret) return (void*)((size_t)(ret))
     #else
         #define EXIT_TEST(ret) return ret