Skip to content
Browse files

Bluetooth: controller: Fix unknown rsp received during enc procedure

Port fix for #14044 from legacy LL to split LL.

The master is using unknown rsp to terminate slave side initiated
procedures that has collided with the encryption procedure initiated by
the master.
We need to handle an unknown response that is sent in unencrypted during
the encryption procedure, even though we have already set up to receive
encrypted packets.

Signed-off-by: Joakim Andersson <>
  • Loading branch information...
joerchan authored and aescolar committed May 14, 2019
1 parent 289eab6 commit 172dcec23604cb7bb30aa40922bedee8779e7b7f
Showing with 34 additions and 1 deletion.
  1. +34 −1 subsys/bluetooth/controller/ll_sw/nordic/lll/lll_conn.c
@@ -690,6 +690,13 @@ static void isr_race(void *param)

static inline bool ctrl_pdu_len_check(u8_t len)
return len <= (offsetof(struct pdu_data, llctrl) +
sizeof(struct pdu_data_llctrl));


static int isr_rx_pdu(struct lll_conn *lll, struct pdu_data *pdu_data_rx,
struct node_tx **tx_release, u8_t *is_rx_enqueue)
@@ -766,7 +773,33 @@ static int isr_rx_pdu(struct lll_conn *lll, struct pdu_data *pdu_data_rx,
done = radio_ccm_is_done();

if (!radio_ccm_mic_is_valid()) {
bool mic_failure = !radio_ccm_mic_is_valid();

if (mic_failure &&
lll->ccm_rx.counter == 0 &&
(pdu_data_rx->ll_id ==
/* Received an LL control packet in the
* middle of the LL encryption procedure
* with MIC failure.
* This could be an unencrypted packet
struct pdu_data *scratch_pkt =

if (ctrl_pdu_len_check(
scratch_pkt->len)) {
scratch_pkt->len +
offsetof(struct pdu_data,
mic_failure = false;

if (mic_failure) {
/* Record MIC invalid */
mic_state = LLL_CONN_MIC_FAIL;

0 comments on commit 172dcec

Please sign in to comment.
You can’t perform that action at this time.