From 45bc6dd09fb59d78ce9b2bca7125cfc2275f9bd1 Mon Sep 17 00:00:00 2001

From: Ingo Franzki <ifranzki@linux.ibm.com>

Date: Wed, 25 Jan 2023 13:21:44 +0100

Subject: [PATCH 34/34] EP11: Fix setting unknown CPs to ON

The very last control point must also be applied from the queried bits to

the combined bits. Otherwise the very last control point is always treated

as being ON, although it might be OFF, and this can lead to mechanisms being

used that are disabled by that control point.

Fixes https://github.com/opencryptoki/opencryptoki/commit/97248f73495695436f11fafd74c2ec41a5a6f796

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

---

 usr/lib/ep11_stdll/ep11_specific.c | 8 ++++----

 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c

index d5d3de91..25ce82fe 100644

--- a/usr/lib/ep11_stdll/ep11_specific.c

+++ b/usr/lib/ep11_stdll/ep11_specific.c

@@ -11340,8 +11340,8 @@ static CK_RV control_point_handler(uint_32 adapter, uint_32 domain,

     if (data->first) {

         data->first_adapter = adapter;

         data->first_domain = domain;

-        /* Apply CP bits 0 to max_cp_index-1 only */

-        for (i = 0; i < max_cp_index; i++) {

+        /* Apply CP bits 0 to max_cp_index only */

+        for (i = 0; i <= max_cp_index; i++) {

             data->combined_cp[CP_BYTE_NO(i)] &=

                                     (cp[CP_BYTE_NO(i)] | ~CP_BIT_MASK(i));

         }

@@ -11362,8 +11362,8 @@ static CK_RV control_point_handler(uint_32 adapter, uint_32 domain,

                        data->first_domain);

         }

-        for (i = 0; i < max_cp_index; i++) {

-            /* Apply CP bits 0 to max_cp_index-1 only */

+        for (i = 0; i <= max_cp_index; i++) {

+            /* Apply CP bits 0 to max_cp_index only */

             data->combined_cp[CP_BYTE_NO(i)] &=

                                     (cp[CP_BYTE_NO(i)] | ~CP_BIT_MASK(i));

         }

-- 

2.16.2.windows.1