From dd7073740b933fbb6e480659388ef8b0addce56d Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Thu, 30 Jun 2022 16:58:41 +0200
Subject: [PATCH] DTLS 1.3: tie cookie to peer address

---
 src/tls13.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/tls13.c b/src/tls13.c
index b8ec8a130..b11515f44 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -2832,6 +2832,13 @@ static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz)
         return ret;
     if ((ret = wc_HmacUpdate(&cookieHmac, hash, hashSz)) != 0)
         return ret;
+#ifdef WOLFSSL_DTLS13
+    /* Tie cookie to peer address */
+    if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0 &&
+            (ret = wc_HmacUpdate(&cookieHmac, ssl->buffers.dtlsCtx.peer.sa,
+                    ssl->buffers.dtlsCtx.peer.sz)) != 0)
+        return ret;
+#endif
     if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0)
         return ret;
 
@@ -4775,6 +4782,13 @@ static int CheckCookie(WOLFSSL* ssl, byte* cookie, byte cookieSz)
         return ret;
     if ((ret = wc_HmacUpdate(&cookieHmac, cookie, cookieSz)) != 0)
         return ret;
+#ifdef WOLFSSL_DTLS13
+    /* Tie cookie to peer address */
+    if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0 &&
+            (ret = wc_HmacUpdate(&cookieHmac, ssl->buffers.dtlsCtx.peer.sa,
+                    ssl->buffers.dtlsCtx.peer.sz)) != 0)
+        return ret;
+#endif
     if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0)
         return ret;