Move the temporary fabricSecret bit to be a CASESession member. #7919
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Right now it's a static and our example apps have the CASESession as a static in a different file (via CASEServer). At least on Linux the static initializer for the CASEServer runs first, the CASESession constructor runs, sets up the fabricSecret, then the P256ECDHDerivedSecret constructor runs and sets its length to 0. And then trying to use that fabricSecret later on fails. Making the fabricSecret a member of CASESession ensures its constructor runs before the logic in the CASESession constructor.
Remove mFabricSecret laterconnectedhomeip/src/protocols/secure_channel/CASESession.h Lines 252 to 256 in 5132137 This comment was generated by todo based on a
|
pullapprove
bot
requested review from
andy31415,
chrisdecenzo,
Damian-Nordic,
hawk248,
jepenven-silabs,
msandstedt and
woody-apple
msandstedt
approved these changes
Jun 25, 2021
pan-apple
approved these changes
Jun 25, 2021
mspang
approved these changes
Jun 25, 2021
woody-apple
approved these changes
Jun 25, 2021
nikita-s-wrk
pushed a commit
to nikita-s-wrk/connectedhomeip
that referenced
this pull request
Sep 23, 2021
…ect-chip#7919) Right now it's a static and our example apps have the CASESession as a static in a different file (via CASEServer). At least on Linux the static initializer for the CASEServer runs first, the CASESession constructor runs, sets up the fabricSecret, then the P256ECDHDerivedSecret constructor runs and sets its length to 0. And then trying to use that fabricSecret later on fails. Making the fabricSecret a member of CASESession ensures its constructor runs before the logic in the CASESession constructor.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Right now it's a static and our example apps have the CASESession as a
static in a different file (via CASEServer). At least on Linux the
static initializer for the CASEServer runs first, the CASESession
constructor runs, sets up the fabricSecret, then the
P256ECDHDerivedSecret constructor runs and sets its length to 0. And
then trying to use that fabricSecret later on fails.
Making the fabricSecret a member of CASESession ensures its
constructor runs before the logic in the CASESession constructor.
Problem
all-clusters-app is not able to actually send a SigmaR2 message, because IPK generation fails.
Change overview
Fix things so that IPK generation succeeds.
Testing
Manual for now, but #7896 will end up testing this in CI; this issue is one of the things causing tests there to fail.