From 8c5d359316ea543845f1ca2d43c35f94ec199a02 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 4 Oct 2024 14:43:41 -0700
Subject: [PATCH] WIP

---
 src/internal.c     | 19 ++++++++++++-------
 src/ssh.c          | 14 +++++++-------
 wolfssh/internal.h |  3 ++-
 3 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index e49437a6b..1e194497c 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1021,7 +1021,7 @@ WOLFSSH* SshInit(WOLFSSH* ssh, WOLFSSH_CTX* ctx)
     ssh->fs            = NULL;
     ssh->acceptState = ACCEPT_BEGIN;
     ssh->clientState = CLIENT_BEGIN;
-    ssh->isKeying    = 1;
+    ssh->keying    = 1;
     ssh->authId      = ID_USERAUTH_PUBLICKEY;
     ssh->supportedAuth[0] = ID_USERAUTH_PUBLICKEY;
     ssh->supportedAuth[1] = ID_USERAUTH_PASSWORD;
@@ -4139,9 +4139,14 @@ static int DoKexInit(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
         byte scratchLen[LENGTH_SZ];
         word32 strSz = 0;
 
-        if (!ssh->isKeying) {
+        ssh->peerKeying = 1;
+
+        if (!ssh->keying) {
             WLOG(WS_LOG_DEBUG, "Keying initiated");
             ret = SendKexInit(ssh);
+            if (ret == WS_SUCCESS) {
+                ssh->keying = 1;
+            }
         }
 
         /* account for possible want write case from SendKexInit */
@@ -5683,7 +5688,7 @@ static int DoNewKeys(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
     if (ret == WS_SUCCESS) {
         ssh->rxCount = 0;
         ssh->highwaterFlag = 0;
-        ssh->isKeying = 0;
+        ssh->peerKeying = 0;
         HandshakeInfoFree(ssh->handshake, ssh->ctx->heap);
         ssh->handshake = NULL;
         WLOG(WS_LOG_DEBUG, "Keying completed");
@@ -8816,7 +8821,7 @@ static int DoPacket(WOLFSSH* ssh, byte* bufferConsumed)
         case MSGID_KEXINIT:
             WLOG(WS_LOG_DEBUG, "Decoding MSGID_KEXINIT");
             ret = DoKexInit(ssh, buf + idx, payloadSz, &payloadIdx);
-            if (ssh->isKeying == 1 &&
+            if (ssh->keying == 1 &&
                     ssh->connectState == CONNECT_SERVER_CHANNEL_REQUEST_DONE) {
                 if (ssh->handshake->kexId == ID_DH_GEX_SHA256) {
 #if !defined(WOLFSSH_NO_DH) && !defined(WOLFSSH_NO_DH_GEX_SHA256)
@@ -9849,7 +9854,7 @@ int SendKexInit(WOLFSSH* ssh)
     }
 
     if (ret == WS_SUCCESS) {
-        ssh->isKeying = 1;
+        ssh->keying = 1;
         if (ssh->handshake == NULL) {
             ssh->handshake = HandshakeInfoNew(ssh->ctx->heap);
             if (ssh->handshake == NULL) {
@@ -14825,7 +14830,7 @@ int SendChannelData(WOLFSSH* ssh, word32 channelId,
         ret = WS_BAD_ARGUMENT;
 
     if (ret == WS_SUCCESS) {
-        if (ssh->isKeying)
+        if (ssh->keying)
             ret = WS_REKEYING;
     }
 
@@ -14931,7 +14936,7 @@ int SendChannelExtendedData(WOLFSSH* ssh, word32 channelId,
         ret = WS_BAD_ARGUMENT;
 
     if (ret == WS_SUCCESS) {
-        if (ssh->isKeying)
+        if (ssh->keying)
             ret = WS_REKEYING;
     }
 
diff --git a/src/ssh.c b/src/ssh.c
index ecfefe727..391ee8f21 100644
--- a/src/ssh.c
+++ b/src/ssh.c
@@ -490,7 +490,7 @@ int wolfSSH_accept(WOLFSSH* ssh)
                 NO_BREAK;
 
             case ACCEPT_SERVER_KEXINIT_SENT:
-                while (ssh->isKeying) {
+                while (ssh->keying) {
                     if (DoReceive(ssh) < WS_SUCCESS) {
                         WLOG(WS_LOG_DEBUG, acceptError,
                              "SERVER_KEXINIT_SENT", ssh->error);
@@ -778,7 +778,7 @@ int wolfSSH_connect(WOLFSSH* ssh)
             NO_BREAK;
 
         case CONNECT_CLIENT_KEXDH_INIT_SENT:
-            while (ssh->isKeying) {
+            while (ssh->keying) {
                 if (DoReceive(ssh) < WS_SUCCESS) {
                     WLOG(WS_LOG_DEBUG, connectError,
                          "CLIENT_KEXDH_INIT_SENT", ssh->error);
@@ -1035,7 +1035,7 @@ int wolfSSH_stream_peek(WOLFSSH* ssh, byte* buf, word32 bufSz)
     if (ssh == NULL || ssh->channelList == NULL)
         return WS_BAD_ARGUMENT;
 
-    if (ssh->isKeying) {
+    if (ssh->keying) {
         ssh->error = WS_REKEYING;
         return WS_REKEYING;
     }
@@ -1140,7 +1140,7 @@ int wolfSSH_stream_send(WOLFSSH* ssh, byte* buf, word32 bufSz)
     if (ssh == NULL || buf == NULL || ssh->channelList == NULL)
         return WS_BAD_ARGUMENT;
 
-    if (ssh->isKeying) {
+    if (ssh->keying) {
         ssh->error = WS_REKEYING;
         return WS_REKEYING;
     }
@@ -1233,7 +1233,7 @@ int wolfSSH_extended_data_send(WOLFSSH* ssh, byte* buf, word32 bufSz)
     if (ssh == NULL || buf == NULL || ssh->channelList == NULL)
         return WS_BAD_ARGUMENT;
 
-    if (ssh->isKeying) {
+    if (ssh->keying) {
         ssh->error = WS_REKEYING;
         return WS_REKEYING;
     }
@@ -2416,14 +2416,14 @@ int wolfSSH_worker(WOLFSSH* ssh, word32* channelId)
             *channelId = ssh->lastRxId;
         }
 
-        if (ssh->isKeying) {
+        if (ssh->keying) {
             ssh->error = WS_REKEYING;
             return WS_REKEYING;
         }
     }
 
     if (ret == WS_CHAN_RXD) {
-        if (ssh->isKeying) {
+        if (ssh->keying) {
             ssh->error = WS_REKEYING;
             return WS_REKEYING;
         }
diff --git a/wolfssh/internal.h b/wolfssh/internal.h
index 7aa36d87b..719e2d46a 100644
--- a/wolfssh/internal.h
+++ b/wolfssh/internal.h
@@ -695,7 +695,8 @@ struct WOLFSSH {
     byte clientState;
     byte serverState;
     byte processReplyState;
-    byte isKeying;
+    byte keying:1;
+    byte peerKeying:1;
     byte authId;           /* if using public key or password */
     byte supportedAuth[3]; /* supported auth IDs public key , password */