This commit checks that ATT MTU value returned by `bt_gatt_get_mtu` is
greater or equal to 3 to prevent integer overflow.
Fixes#84693
Coverity-CID: 487743
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
Ensure that ~(link.rx.seg) & SEG_NVAL doesn't result in 0.
Fixes#84804
Coverity-CID: 393090
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
Fixed the following issues:
1) Missing guard before accessing parameters
2) Fixed bad sizeof when resetting
3) Fixed several bad offsets when removing attributes
Added tests to verify that it works now.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
When we receive a response from a server we do not have an
outstanding request with, we disconnect the connection
rather than just ignoring it.
The reason for this is that the remote server is
not ensuring correct ATT flow control, which means
that we cannot trust future responses from the
server.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
psa_crypto_init was bounded to CONFIG_BT_HOST_CRYPTO_PRNG and
used to be called under prng_init. Updating the ifdef condition
and appropriating the function name for crypto init.
Also it is better to make sure psa_crypto_init called by host.
Signed-off-by: alperen sener <alperen.sener@nordicsemi.no>
This fixes out of scope IRQ lock key by using SEGGER_RTT_Write
version that locks the IRQ by itself.
Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
Add check that the command buffer claimed in `bt_le_create_conn_cancel`
is not `NULL`. Fixes a fault caused by providing the `NULL` buffer to
`bt_hci_cmd_state_set_init`.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Adds API for Advertising Coding Selection.
Introduces two new advertising options to configure the advertiser's
requirement concerning coding scheme when LE Coded PHY is configured.
While the Bluetooth v6.0 specification makes a distinction betweeen
preferred and required advertising PHY options, a simplification is
made to only expose the required PHY options. Inline with how LE Coded
PHY is implemented; this API will set both the primary and secondary
advertising PHY's to the same coding scheme.
The support is enabled by CONFIG_BT_EXT_ADV_CODING_SELECTION, and requires
a controller that selects CONFIG_BT_CTLR_ADV_EXT_CODING_SELECTION_SUPPORT.
Signed-off-by: Thomas Deppe <thomas.deppe@nordicsemi.no>
Building sample.bluetooth.tmap_central with clang warns:
subsys/bluetooth/host/iso.c:2194:6: error: variable 'rsp' is used
uninitialized whenever 'if' condition is false
[-Werror,-Wsometimes-uninitialized]
if (!advanced) {
^~~~~~~~~
subsys/bluetooth/host/iso.c:2202:6: note: uninitialized use occurs here
if (rsp == NULL) {
^~~
subsys/bluetooth/host/iso.c:2194:2: note: remove the 'if' if its
condition is always true
if (!advanced) {
^~~~~~~~~~~~~~~
subsys/bluetooth/host/iso.c:2137:21: note: initialize the variable 'rsp'
to silence this warning
struct net_buf *rsp;
^
= NULL
subsys/bluetooth/host/iso.c:2295:6: error: variable 'rsp' is used
uninitialized whenever 'if' condition is false
[-Werror,-Wsometimes-uninitialized]
if (!advanced) {
^~~~~~~~~
subsys/bluetooth/host/iso.c:2303:6: note: uninitialized use occurs here
if (rsp == NULL) {
^~~
subsys/bluetooth/host/iso.c:2295:2: note: remove the 'if' if its
condition is always true
if (!advanced) {
^~~~~~~~~~~~~~~
subsys/bluetooth/host/iso.c:2258:21: note: initialize the variable 'rsp'
to silence this warning
struct net_buf *rsp;
^
= NULL
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
The function may return a BT_GATT_ERR which is a negative
value that cannot be returned as uint8_t. Change the function
to use int instead and document the return values.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The encryption functions should document the expect byte order of
inputs and the byte order of the outputs.
The sef and sdf functions were also using an older, and incorrect,
description of the input, as it only takes the LTK as per CSIP 1.0.0
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Added warning to the BT_RECV_WORKQ_SYS description
to explain the dangers by using this option.
Signed-off-by: Ingar Kulbrandstad <ingar.kulbrandstad@nordicsemi.no>
There was a bug in pa_decode_base that would would spent time
parsing incoming BASEs and also update the receive
states, which caused some tests to fail.
This commit adds a simply check to verify that the BASE is
different before spending parsing the content and updating
the receive states.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Coverity was unhappy that
`struct ll_conn_iso_stream *cis = NULL;` was never assigned to
a non-NULL value, which is due to the assignment being
guarded by `#if defined(CONFIG_BT_CTLR_CONN_ISO)`.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Several advertising data function could return -1 in case of
errors, which could mess up the advertising data since they are
intended to increment a counter.
Instead of returning an error we use bt_shell_error to inform
the user and then just return with no data changes, so that if
any of them fails, the failing data is just omitted rather
than causing major issues.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Fix incorrect event_count use in CIG events when the next
CIG interval's prepare overlaps with the current CIG event.
Use separate event_count_prepare variable in ULL and copy
the value in LLL event.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix incorrect elapsed events value when event prepare are
aborted in the pipeline. This can caused premature
supervision timeouts.
Relates to commit 247037bd3e ("Bluetooth: Controller: Fix
incorrect elapsed events value").
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Add verification of the parameter struct, so that it returns
-EINVAL if the values are invalid.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Instead of using the bt_conn struct directly, only
access the field via the public API. This ensures that
changes to the struct won't affect PACS, unless it also
affects the public API.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Workaround HCTO calculation for BabbleSIM due to need of
addition timeout value required to have anchor point sync.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix incorrect peripheral drift compensation when connection
events are overlapping and a PHY update causes the currently
used PHY to change.
Incorrect preamble to address that is calculated using
updated PHY was used causing supervision timeout.
Fixed by storing the PHY used in the current connection
event and using that for drift compensation calculation.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix connection event busy check when peripheral role is
using minimal time reservation.
Peripheral and Central have a anchor point sync if the
Peripheral has successfully transmitted once to the Central.
Fixes commit cadef5a64f ("Bluetooth: Controller: Introduce
BT_CTLR_PERIPHERAL_RESERVE_MAX")'.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Recently I have had to debug issues with PSA and having
the returns values from PSA is very useful in order to
find the root cause of the issue.
Signed-off-by: Sean Madigan <sean.madigan@nordicsemi.no>
In https://github.com/zephyrproject-rtos/zephyr/pull/84268
the ability to use the controller for ECDH was removed from
the host.
This means that BT_CTLR_ECDH is now only useful when using
BT_HCI_RAW.
Signed-off-by: Sean Madigan <sean.madigan@nordicsemi.no>
In the function `bt_l2cap_br_server_register()`, the PSM cannot be
dynamic allocated. And only pre-set PSM is supported.
Improve the function `bt_l2cap_br_server_register()` to support the
dynamic PSM allocation if the passed PSM is zero.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
This is a follow-up to commit 12eee61533.
Explicitly enable "PSA_WANT_ALG_ECB_NO_PADDING" to select the AES ECB
mode that it is used in CMAC operation.
This is done because CMAC uses AES-ECB, so both AES and ECB must
be explicitly enabled. Previously it worked because Mbed TLS is
not currently performing any check internally on this and it's
just enabling ECB automatically.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
The function used to write the value of the GAP Device Name
characteristic now ensure that the string passed to `bt_set_name` is
null terminated.
Also fix a wrong offset calculation.
The function used to write the value of the GAP Device Name
characteristic was returning an error when the offset + the length of
data to write was superior **or equal** to the maximum size of the
device name.
This caused the actual maximum device name size to be reduced by 1 byte.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
The PACS flags were incorrectly defined without
ATOMIC_DEFINE and then it treated the atomit_t as an
array with the atomic functions.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Added initial CCP client implementation that simply
does discovery of TBS on a remote CCP server.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Jump straight to the exit portion of the function in the case that
psa_destroy_key() failed and we set err to a non-zero value. This also
fixes Coverity CID 487701 "Code maintainability issues (UNUSED_VALUE)".
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
The code shouldn't be checking for HCI command support anymore, rather in
the case of debug keys we can just start immediately using them.
Fixes commit 09e86f3b69.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
The BT Host module also uses import/export PSA functions alongside the
generate one, so these PSA_WANT should be added as well.
Previously it happened to work only because Mbed TLS is enabling
IMPORT/EXPORT internally whenever GENERATE/DERIVE is set. However the
same might not be true for all PSA Crypto providers.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The commit fixes issue where flash_area_flatten has been used where
code was only supposed to erase devices by hardware requirement prior
to write, by replacing the call with flash_area_erase and supporting
logic to select proper path.
There have been following Kconfig options added:
- CONFIG_BT_MESH_BLOB_IO_FLASH_WITHOUT_ERASE
- CONFIG_BT_MESH_BLOB_IO_FLASH_WITH_ERASE
that are available for user depending on devices in the system and allow
to turn off paths that are not used by BLOB IO; for example if user
never writes to device with erase CONFIG_BT_MESH_BLOB_IO_FLASH_WITH_ERASE
will disable the path.
Both Kconfig options are y by default and enable all paths.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This option only exposes internal APIs, so there should be no need to allow
applications to set an explicit value. Instead, users of the API should
select it through Kconfig.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
Remove the HCI command & event emulation layer for ECDH commands and
events. This means that we always do the necessary operations in the host.
The existing BT_ECC Kconfig option stays, but now gets automatically
enabled when necessary (e.g. based on the BT_SMP option), which is why this
commit removes so many explicit assignments in prj.conf files.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
Fix regression in Coded PHY S2 reception to any other PHY Tx
in the s/w switch implementation.
Regression in commit 55b7dba8ec ("Bluetooth: Controller:
Refactor sw_switch hal interface use").
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Use the new entropy driver for 54L devices and therefore
claim BT_CTLR_ENTROPY_SUPPORT is always supported
(note 54H remains unsuported)
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Let's default to this new driver.
And therefore change the conditions in the BT controller kconfig
which were selecting the native_posix fake entropy driver
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Added option to set the PACS Characteristics through the bap API,
making PACS configuration runtime available. Source and Sink PAC, as
well as Source/Sink PAC Location is can be set through a register
function in the PACS api.
Signed-off-by: Fredrik Danebjer <frdn@demant.com>
