From b28e11574a1dd575059adfb5d39813c780adf1f4 Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Thu, 7 Jan 2021 12:32:38 +0000 Subject: [PATCH 1/2] BLE: Regenerate CSRK if it is all zeroes. --- connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.cpp b/connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.cpp index 57112de5b8..8da87324e8 100644 --- a/connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.cpp +++ b/connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.cpp @@ -1054,7 +1054,7 @@ ble_error_t SecurityManager::init_signing() sign_count_t local_sign_counter = _db->get_local_sign_counter(); csrk_t csrk; - if (!pcsrk) { + if (!pcsrk || *pcsrk == csrk_t{}) { ble_error_t ret = get_random_data(csrk.data(), csrk.size()); if (ret != BLE_ERROR_NONE) { return ret; From 4cfcadd9e9616a477d3b23e16bb8c3e44c8685ea Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Thu, 7 Jan 2021 12:38:47 +0000 Subject: [PATCH 2/2] BLE: Fix SM random number generation. Ensure the more than 8 random bytes are fetched from the stack. --- connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.cpp b/connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.cpp index 8da87324e8..13a6027506 100644 --- a/connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.cpp +++ b/connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.cpp @@ -1125,7 +1125,7 @@ ble_error_t SecurityManager::get_random_data(uint8_t *buffer, size_t size) while (size) { /* fill out the buffer by reading the random data in chunks * and copying it until reaching the set size */ - size_t copy_size = std::max(size, random_data.size()); + size_t copy_size = std::min(size, random_data.size()); ble_error_t ret = _pal.get_random_data(random_data); if (ret != BLE_ERROR_NONE) { return ret;