@@ -2902,6 +2902,7 @@ static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status,
const struct hci_rp_read_enc_key_size *rp;
struct hci_conn *conn;
u16 handle;
+ u8 rp_status = rp->status;
BT_DBG("%s status 0x%02x", hdev->name, status);
@@ -2923,15 +2924,30 @@ static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status,
* (which is the same we do also when this HCI command isn't
* supported.
*/
- if (rp->status) {
+ if (rp_status) {
bt_dev_err(hdev, "failed to read key size for handle %u",
handle);
conn->enc_key_size = HCI_LINK_KEY_SIZE;
} else {
conn->enc_key_size = rp->key_size;
+ rp_status = 0;
+
+ if (conn->enc_key_size < hdev->min_enc_key_size) {
+ /* As slave role, the conn->state has been set to
+ * BT_CONNECTED and l2cap conn req might not be received
+ * yet, at this moment the l2cap layer almost does
+ * nothing with the non-zero status.
+ * So we also clear encrypt related bits, and then the
+ * handler of l2cap conn req will get the right secure
+ * state at a later time.
+ */
+ rp_status = HCI_ERROR_AUTH_FAILURE;
+ clear_bit(HCI_CONN_ENCRYPT, &conn->flags);
+ clear_bit(HCI_CONN_AES_CCM, &conn->flags);
+ }
}
- hci_encrypt_cfm(conn, 0);
+ hci_encrypt_cfm(conn, rp_status);
unlock:
hci_dev_unlock(hdev);