Commit 035ad621 authored by Johan Hedberg's avatar Johan Hedberg Committed by Marcel Holtmann

Bluetooth: Move SC-only check outside of BT_CONFIG branch

Checking for SC-only mode requirements when we get an encrypt change
event shouldn't be limited to the BT_CONFIG state but done any time
encryption changes.
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent b1f663c9
...@@ -2650,22 +2650,22 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb) ...@@ -2650,22 +2650,22 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
goto unlock; goto unlock;
} }
/* In Secure Connections Only mode, do not allow any connections
* that are not encrypted with AES-CCM using a P-256 authenticated
* combination key.
*/
if (hci_dev_test_flag(hdev, HCI_SC_ONLY) &&
(!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
hci_conn_drop(conn);
goto unlock;
}
if (conn->state == BT_CONFIG) { if (conn->state == BT_CONFIG) {
if (!ev->status) if (!ev->status)
conn->state = BT_CONNECTED; conn->state = BT_CONNECTED;
/* In Secure Connections Only mode, do not allow any
* connections that are not encrypted with AES-CCM
* using a P-256 authenticated combination key.
*/
if (hci_dev_test_flag(hdev, HCI_SC_ONLY) &&
(!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
hci_conn_drop(conn);
goto unlock;
}
hci_connect_cfm(conn, ev->status); hci_connect_cfm(conn, ev->status);
hci_conn_drop(conn); hci_conn_drop(conn);
} else } else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment