Skip to content

Commit

Permalink
minidriver: Fix wrong hash selection in CardSignData if pszAlgId is NULL
Browse files Browse the repository at this point in the history 
According to CardSignData docs, if pszAlgId is NULL, OID should not be added to signature,
but minidriver erroneously selects SC_ALGORITHM_RSA_HASH_MD5_SHA1.

See:
https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_pkcs1_padding_info
  • Loading branch information
Luka Logar committed Nov 9, 2023
1 parent 8fc2c20 commit afe3e55
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/minidriver/minidriver.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4865,11 +4865,11 @@ DWORD WINAPI CardSignData(__in PCARD_DATA pCardData, __inout PCARD_SIGNING_INFO
opt_crypt_flags = SC_ALGORITHM_RSA_PAD_PKCS1;
BCRYPT_PKCS1_PADDING_INFO *pkcs1_pinf = (BCRYPT_PKCS1_PADDING_INFO *)pInfo->pPaddingInfo;

if (!pkcs1_pinf->pszAlgId || wcscmp(pkcs1_pinf->pszAlgId, L"SHAMD5") == 0) {
/* hashAlg = CALG_SSL3_SHAMD5; */
logprintf(pCardData, 3, "Using CALG_SSL3_SHAMD5 hashAlg\n");
if (!pkcs1_pinf->pszAlgId)
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_NONE;
else if (wcscmp(pkcs1_pinf->pszAlgId, L"SHAMD5") == 0)
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_MD5_SHA1;
} else if (wcscmp(pkcs1_pinf->pszAlgId, BCRYPT_MD5_ALGORITHM) == 0)
else if (wcscmp(pkcs1_pinf->pszAlgId, BCRYPT_MD5_ALGORITHM) == 0)
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_MD5;
else if (wcscmp(pkcs1_pinf->pszAlgId, BCRYPT_SHA1_ALGORITHM) == 0)
opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_SHA1;
Expand Down

0 comments on commit afe3e55

Please sign in to comment.