From afe3e5504de39bb574b4ef058e6ad61dc80cf439 Mon Sep 17 00:00:00 2001
From: Luka Logar <luka.logar@cifra.si>
Date: Thu, 9 Nov 2023 13:52:54 +0100
Subject: [PATCH] minidriver: Fix wrong hash selection in CardSignData if
 pszAlgId is NULL

According to CardSignData docs, if pszAlgId is NULL, OID should not be added to signature,
but minidriver erroneously selects SC_ALGORITHM_RSA_HASH_MD5_SHA1.

See:
https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_pkcs1_padding_info
---
 src/minidriver/minidriver.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/minidriver/minidriver.c b/src/minidriver/minidriver.c
index 980e82ac8b..8630c96b19 100644
--- a/src/minidriver/minidriver.c
+++ b/src/minidriver/minidriver.c
@@ -4865,11 +4865,11 @@ DWORD WINAPI CardSignData(__in PCARD_DATA pCardData, __inout PCARD_SIGNING_INFO
 				opt_crypt_flags = SC_ALGORITHM_RSA_PAD_PKCS1;
 				BCRYPT_PKCS1_PADDING_INFO *pkcs1_pinf = (BCRYPT_PKCS1_PADDING_INFO *)pInfo->pPaddingInfo;
 
-				if (!pkcs1_pinf->pszAlgId || wcscmp(pkcs1_pinf->pszAlgId, L"SHAMD5") == 0) {
-					/* hashAlg = CALG_SSL3_SHAMD5; */
-					logprintf(pCardData, 3, "Using CALG_SSL3_SHAMD5  hashAlg\n");
+				if (!pkcs1_pinf->pszAlgId)
+					opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_NONE;
+				else if (wcscmp(pkcs1_pinf->pszAlgId, L"SHAMD5") == 0)
 					opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_MD5_SHA1;
-				} else if (wcscmp(pkcs1_pinf->pszAlgId, BCRYPT_MD5_ALGORITHM) == 0)
+				else if (wcscmp(pkcs1_pinf->pszAlgId, BCRYPT_MD5_ALGORITHM) == 0)
 					opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_MD5;
 				else if (wcscmp(pkcs1_pinf->pszAlgId, BCRYPT_SHA1_ALGORITHM) == 0)
 					opt_crypt_flags |= SC_ALGORITHM_RSA_HASH_SHA1;