Skip to content

Commit

Permalink
minidriver: Fix wrong hash selection in CardSignData if pszAlgId is NULL
Browse files Browse the repository at this point in the history 
According to CardSignData docs, if pszAlgId is NULL, OID should not be added to signature,
but minidriver erroneously selects SC_ALGORITHM_RSA_HASH_MD5_SHA1.

See:
https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_pkcs1_padding_info
  • Loading branch information
@frankmorgner
Luka Logar authored and frankmorgner committed Feb 13, 2024
1 parent d01ee3d commit 3d725ed
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/minidriver/minidriver.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4874,11 +4874,11 @@ DWORD WINAPI CardSignData(__in PCARD_DATA pCardData, __inout PCARD_SIGNING_INFO
opt_crypt_flags = SC_ALGORITHM_RSA_PAD_PKCS1_TYPE_01;
BCRYPT_PKCS1_PADDING_INFO *pkcs1_pinf = (BCRYPT_PKCS1_PADDING_INFO *)pInfo->pPaddingInfo;

if (!pkcs1_pinf->pszAlgId || wcscmp(pkcs1_pinf->pszAlgId, L"SHAMD5") == 0) {
/* hashAlg = CALG_SSL3_SHAMD5; */
logprintf(pCardData, 3, "Using CALG_SSL3_SHAMD5 hashAlg\n");
if (!pkcs1_pinf->pszAlgId)
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_NONE;
else if (wcscmp(pkcs1_pinf->pszAlgId, L"SHAMD5") == 0)
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_MD5_SHA1;
} else if (wcscmp(pkcs1_pinf->pszAlgId, BCRYPT_MD5_ALGORITHM) == 0)
else if (wcscmp(pkcs1_pinf->pszAlgId, BCRYPT_MD5_ALGORITHM) == 0)
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_MD5;
else if (wcscmp(pkcs1_pinf->pszAlgId, BCRYPT_SHA1_ALGORITHM) == 0)
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_SHA1;
Expand Down

0 comments on commit 3d725ed

Please sign in to comment.