Bluetooth: controller: Fix bug in LL encryption.

Fix bug in LL encryption procedure, controller was
using the wrong pointer to connection state.
Function event_enc_prep is called from
slave_event_prepare, where _radio.curr_conn has not
been assigned yet.
The connection ended up sending LL_START_ENC_RSP
unencrypted, resulting in disconnect on the peer
side with reason MIC failure.

Signed-off-by: Joakim Andersson <[email protected]>

Author: joerchan

subsys/bluetooth/controller/ll_sw/ctrl.c

@@ -7467,11 +7467,11 @@ static inline void event_enc_prep(struct connection *conn)
 
 #if !defined(CONFIG_BT_CTLR_FAST_ENC)
 	} else {
-		start_enc_rsp_send(_radio.conn_curr, pdu_ctrl_tx);
+		start_enc_rsp_send(conn, pdu_ctrl_tx);
 
 		/* resume data packet rx and tx */
-		_radio.conn_curr->pause_rx = 0;
-		_radio.conn_curr->pause_tx = 0;
+		conn->pause_rx = 0;
+		conn->pause_tx = 0;
 #endif /* !CONFIG_BT_CTLR_FAST_ENC */
 
 	}
@@ -9961,10 +9961,10 @@ static u8_t feature_rsp_send(struct connection *conn,
 
 	/* AND the feature set to get Feature USED */
 	req = &pdu_data_rx->llctrl.feature_req;
-	_radio.conn_curr->llcp_features &= feat_get(&req->features[0]);
+	conn->llcp_features &= feat_get(&req->features[0]);
 
 	/* features exchanged */
-	_radio.conn_curr->common.fex_valid = 1U;
+	conn->common.fex_valid = 1U;
 
 	/* Enqueue feature response */
 	pdu_ctrl_tx = (void *)node_tx->pdu_data;