diff --git a/src/internal.c b/src/internal.c
index 439917b87..d4a30402c 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1706,6 +1706,9 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
 #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
     ctx->CBIORecv = Mynewt_Receive;
     ctx->CBIOSend = Mynewt_Send;
+#elif defined(WOLFSSL_GNRC)
+    ctx->CBIORecv = GNRC_Receive;
+    ctx->CBIOSend = GNRC_Send;
 #endif
 
 #ifdef HAVE_NTRU
@@ -5021,8 +5024,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     }
     ssl->IOCB_ReadCtx  = ssl->mnCtx;  /* default Mynewt IO ctx, same for read */
     ssl->IOCB_WriteCtx = ssl->mnCtx;  /* and write */
+#elif defined (WOLFSSL_GNRC)
+    ssl->IOCB_ReadCtx = ssl->gnrcCtx;
+    ssl->IOCB_WriteCtx = ssl->gnrcCtx;
 #endif
-
     /* initialize states */
     ssl->options.serverState = NULL_STATE;
     ssl->options.clientState = NULL_STATE;
diff --git a/src/wolfio.c b/src/wolfio.c
index f7e35d9a8..2fbb5d643 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -2164,6 +2164,8 @@ int uIPSend(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
             break;
         total_written += ret;
     } while(total_written < sz);
+    if (total_written == 0)
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
     return total_written;
 }
 
@@ -2173,8 +2175,8 @@ int uIPSendTo(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
     int ret = 0;
     (void)ssl;
     ret = udp_socket_sendto(&ctx->conn.udp, (unsigned char *)buf, sz, &ctx->peer_addr, ctx->peer_port );
-    if (ret <= 0)
-        return 0;
+    if (ret == 0)
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
     return ret;
 }
 
@@ -2239,14 +2241,14 @@ int uIPGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
  * return : bytes sent, or error
  */
 
-int GNRC_SendTo(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
+int GNRC_Send(WOLFSSL* ssl, char* buf, int sz, void* _ctx)
 {
     sock_tls_t *ctx = (sock_tls_t *)_ctx;
     int ret = 0;
     (void)ssl;
     ret = sock_udp_send(&ctx->conn.udp, (unsigned char *)buf, sz, &ctx->peer_addr);
-    if (ret <= 0)
-        return 0;
+    if (ret == 0)
+        return WOLFSSL_CBIO_ERR_WANT_WRITE;
     return ret;
 }
 
@@ -2260,7 +2262,7 @@ int GNRC_Receive(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
     uint32_t timeout = wolfSSL_dtls_get_current_timeout(ssl) * 1000000;
     sock_tls_t *ctx = (sock_tls_t *)_ctx;
     if (!ctx)
-        return -1;
+        return WOLFSSL_CBIO_ERR_GENERAL;
     (void)ssl;
     if (wolfSSL_get_using_nonblock(ctx->ssl)) {
         timeout = 0;
@@ -2279,16 +2281,22 @@ int GNRC_Receive(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
 /* GNRC DTLS Generate Cookie callback
  *  return : number of bytes copied into buf, or error
  */
+#define GNRC_MAX_TOKEN_SIZE (32)
 int GNRC_GenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
 {
     sock_tls_t *ctx = (sock_tls_t *)_ctx;
-    byte token[32];
+    if (!ctx)
+        return WOLFSSL_CBIO_ERR_GENERAL;
+    byte token[GNRC_MAX_TOKEN_SIZE];
     byte digest[WC_SHA_DIGEST_SIZE];
     int  ret = 0;
+    size_t token_size = sizeof(sock_udp_ep_t);
     (void)ssl;
-    XMEMSET(token, 0, sizeof(token));
-    XMEMCPY(token, &ctx->peer_addr, sizeof(sock_udp_ep_t));
-    ret = wc_ShaHash(token, sizeof(sock_udp_ep_t), digest);
+    if (token_size > GNRC_MAX_TOKEN_SIZE)
+        token_size = GNRC_MAX_TOKEN_SIZE;
+    XMEMSET(token, 0, GNRC_MAX_TOKEN_SIZE);
+    XMEMCPY(token, &ctx->peer_addr, token_size);
+    ret = wc_ShaHash(token, token_size, digest);
     if (ret != 0)
         return ret;
     if (sz > WC_SHA_DIGEST_SIZE)
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 85d2ac1f8..9ee111a64 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -3924,6 +3924,9 @@ struct WOLFSSL {
 #if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
     void*           mnCtx;             /* mynewt mn_socket IO Context */
 #endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */
+#ifdef WOLFSSL_GNRC
+    struct gnrc_wolfssl_ctx *gnrcCtx;  /* Riot-OS GNRC UDP/IP context */
+#endif
 #ifdef SESSION_INDEX
     int sessionIndex;                  /* Session's location in the cache. */
 #endif
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 34e2be78a..897792d90 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -529,6 +529,9 @@
     #define TFM_NO_ASM
     #define NO_FILESYSTEM
     #define USE_CERT_BUFFERS_2048
+    #if defined(WOLFSSL_GNRC) && !defined(WOLFSSL_DTLS)
+        #define WOLFSSL_DTLS
+    #endif
 #endif
 
 #ifdef WOLFSSL_CHIBIOS
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index fb50dc603..428e893a6 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -518,7 +518,7 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
 
     WOLFSSL_LOCAL int GNRC_Receive(WOLFSSL* ssl, char* buf, int sz,
                                      void* ctx);
-    WOLFSSL_LOCAL int GNRC_SendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
+    WOLFSSL_LOCAL int GNRC_Send(WOLFSSL* ssl, char* buf, int sz, void* ctx);
 
 #endif