From e2a5eb6349242fe8c0617013ed0e1adeacc70d8d Mon Sep 17 00:00:00 2001
From: Matthias Ringwald <matthias@ringwald.ch>
Date: Fri, 1 Mar 2024 10:38:01 +0100
Subject: [PATCH] sm: ignore Security Request after re-encryption has started

---
 CHANGELOG.md | 1 +
 src/ble/sm.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index eeee68308..236a6607f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
 - GAP: allow use of own address type different from gap_random_set_mode() incl. RPA in LE Extended Advertising
 - SM: abort pairing with invalid parameter error for encryption key size > 16
+- SM: ignore Security Request after re-encryption has started
 - ATT Server: support delayed read responses for registered services
 - ATT Server: allow to start crypto operation from delayed att read/write request
 - HFP HF: send HF Indicator update only if enabled by AG
diff --git a/src/ble/sm.c b/src/ble/sm.c
index 00c4eb076..b29ace68a 100644
--- a/src/ble/sm.c
+++ b/src/ble/sm.c
@@ -4516,6 +4516,7 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin
             sm_conn->sm_engine_state = SM_PH2_C1_GET_ENC_C;
             break;
 
+        case SM_INITIATOR_PH4_HAS_LTK:
         case SM_PH4_W4_CONNECTION_ENCRYPTED:
             // ignore Security Request, see SM_INITIATOR_PH1_W4_PAIRING_RESPONSE above
             if (sm_pdu_code != SM_CODE_SECURITY_REQUEST){