From 21f46373f386111dfc3f3b636f75a6bb7d429657 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 24 Sep 2014 11:27:13 -0700
Subject: [PATCH] delay SetKeys() with SetKeysSide() until last possible
 moment, needed for scr

---
 cyassl/internal.h |  9 +++++++++
 src/internal.c    |  7 +++++++
 src/keys.c        | 45 +++++++++++++++++++++++++++++++++++++--------
 src/sniffer.c     | 15 +++++++++++++--
 4 files changed, 66 insertions(+), 10 deletions(-)

diff --git a/cyassl/internal.h b/cyassl/internal.h
index 040a929d1..42679a83c 100644
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -2236,6 +2236,15 @@ CYASSL_LOCAL const char* const* GetCipherNames(void);
 CYASSL_LOCAL int GetCipherNamesSize(void);
 
 
+enum encrypt_side {
+    ENCRYPT_SIDE_ONLY = 1,
+    DECRYPT_SIDE_ONLY,
+    ENCRYPT_AND_DECRYPT_SIDE
+};
+
+CYASSL_LOCAL int SetKeysSide(CYASSL*, enum encrypt_side);
+
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/src/internal.c b/src/internal.c
index 23584c642..d84ed325c 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6260,6 +6260,10 @@ int ProcessReply(CYASSL* ssl)
                     ssl->buffers.inputBuffer.idx++;
                     ssl->keys.encryptionOn = 1;
 
+                    /* setup decrypt keys for following messages */
+                    if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
+                        return ret;
+
                     #ifdef CYASSL_DTLS
                         if (ssl->options.dtls) {
                             DtlsPoolReset(ssl);
@@ -6705,6 +6709,9 @@ int SendFinished(CYASSL* ssl)
         word16 epoch           = ssl->keys.dtls_epoch;
     #endif
 
+    /* setup encrypt keys */
+    if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
+        return ret;
 
     /* check for available size */
     outputSz = sizeof(input) + MAX_MSG_EXTRA;
diff --git a/src/keys.c b/src/keys.c
index b95c64bbe..51a5f16d9 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -2264,9 +2264,10 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
     }
 #endif
 
-    keys->sequence_number      = 0;
-    keys->peer_sequence_number = 0;
-    keys->encryptionOn         = 0;
+    if (enc)
+        keys->sequence_number      = 0;
+    if (dec)
+        keys->peer_sequence_number = 0;
     (void)side;
     (void)heap;
     (void)enc;
@@ -2278,16 +2279,45 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
 }
 
 
-/* TLS can call too */
-int StoreKeys(CYASSL* ssl, const byte* keyData)
+/* Set encrypt/decrypt or both sides of key setup */
+int SetKeysSide(CYASSL* ssl, enum encrypt_side side)
 {
-    int sz, i = 0;
     int devId = NO_CAVIUM_DEVICE;
+    Ciphers* encrypt = NULL;
+    Ciphers* decrypt = NULL;
 
 #ifdef HAVE_CAVIUM
     devId = ssl->devId;
 #endif
 
+    switch (side) {
+        case ENCRYPT_SIDE_ONLY:
+            encrypt = &ssl->encrypt;
+            break;
+
+        case DECRYPT_SIDE_ONLY:
+            decrypt = &ssl->decrypt;
+            break;
+
+        case ENCRYPT_AND_DECRYPT_SIDE:
+            encrypt = &ssl->encrypt;
+            decrypt = &ssl->decrypt;
+            break;
+
+        default:
+            return BAD_FUNC_ARG;
+    }
+
+    return SetKeys(encrypt, decrypt, &ssl->keys, &ssl->specs, ssl->options.side,
+                   ssl->heap, devId);
+}
+
+
+/* TLS can call too */
+int StoreKeys(CYASSL* ssl, const byte* keyData)
+{
+    int sz, i = 0;
+
     if (ssl->specs.cipher_type != aead) {
         sz = ssl->specs.hash_size;
         XMEMCPY(ssl->keys.client_write_MAC_secret,&keyData[i], sz);
@@ -2313,8 +2343,7 @@ int StoreKeys(CYASSL* ssl, const byte* keyData)
     }
 #endif
 
-    return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs,
-                   ssl->options.side, ssl->heap, devId);
+    return 0;
 }
 
 #ifndef NO_OLD_TLS
diff --git a/src/sniffer.c b/src/sniffer.c
index 4328dfd70..20443438b 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -1106,8 +1106,16 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
         return -1;
     }
 
-    MakeMasterSecret(session->sslServer);
-    MakeMasterSecret(session->sslClient);
+    ret  = MakeMasterSecret(session->sslServer);
+    ret += MakeMasterSecret(session->sslClient);
+    ret += SetKeysSide(session->sslServer, ENCRYPT_AND_DECRYPT_SIDE);
+    ret += SetKeysSide(session->sslClient, ENCRYPT_AND_DECRYPT_SIDE);
+
+    if (ret != 0) {
+        SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
+        return -1;
+    }
+
 #ifdef SHOW_SECRETS
     {
         int i;
@@ -1278,6 +1286,9 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
             ret =  DeriveKeys(session->sslServer);
             ret += DeriveKeys(session->sslClient);
         }
+        ret += SetKeysSide(session->sslServer, ENCRYPT_AND_DECRYPT_SIDE);
+        ret += SetKeysSide(session->sslClient, ENCRYPT_AND_DECRYPT_SIDE);
+
         if (ret != 0) {
             SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
             return -1;