diff --git a/src/libopensc/card-epass2003.c b/src/libopensc/card-epass2003.c
index 4594e366..98f9fbae 100644
--- a/src/libopensc/card-epass2003.c
+++ b/src/libopensc/card-epass2003.c
@@ -1606,12 +1606,12 @@ epass2003_set_security_env(struct sc_card *card, const sc_security_env_t * env,
 	{
 		apdu.p2 = 0xB6;
 		exdata->currAlg = SC_ALGORITHM_EC;
-		if(env->algorithm_flags | SC_ALGORITHM_ECDSA_HASH_SHA1)
+		if(env->algorithm_flags & SC_ALGORITHM_ECDSA_HASH_SHA1)
 		{
 			sbuf[2] = 0x91;
 			exdata->ecAlgFlags = SC_ALGORITHM_ECDSA_HASH_SHA1;
 		}
-		else if (env->algorithm_flags | SC_ALGORITHM_ECDSA_HASH_SHA256)
+		else if (env->algorithm_flags & SC_ALGORITHM_ECDSA_HASH_SHA256)
 		{
 			sbuf[2] = 0x92;
 			exdata->ecAlgFlags = SC_ALGORITHM_ECDSA_HASH_SHA256;
@@ -1694,7 +1694,7 @@ static int epass2003_decipher(struct sc_card *card, const u8 * data, size_t data
 
 	if(exdata->currAlg == SC_ALGORITHM_EC)
 	{
-		if(exdata->ecAlgFlags | SC_ALGORITHM_ECDSA_HASH_SHA1)
+		if(exdata->ecAlgFlags & SC_ALGORITHM_ECDSA_HASH_SHA1)
 		{
 			r = hash_data(data, datalen, sbuf, SC_ALGORITHM_ECDSA_HASH_SHA1);
 			LOG_TEST_RET(card->ctx, r, "hash_data failed"); 
@@ -1703,7 +1703,7 @@ static int epass2003_decipher(struct sc_card *card, const u8 * data, size_t data
 			apdu.lc = 0x14;
 			apdu.datalen = 0x14;
 		}
-		else if (exdata->ecAlgFlags | SC_ALGORITHM_ECDSA_HASH_SHA256)
+		else if (exdata->ecAlgFlags & SC_ALGORITHM_ECDSA_HASH_SHA256)
 		{
 			r = hash_data(data, datalen, sbuf, SC_ALGORITHM_ECDSA_HASH_SHA256);
 			LOG_TEST_RET(card->ctx, r, "hash_data failed");
@@ -2250,7 +2250,7 @@ hash_data(const unsigned char *data, size_t datalen, unsigned char *hash, unsign
 	if ((NULL == data) || (NULL == hash))
 		return SC_ERROR_INVALID_ARGUMENTS;
 
-	if(mechanismType | SC_ALGORITHM_ECDSA_HASH_SHA1)
+	if(mechanismType & SC_ALGORITHM_ECDSA_HASH_SHA1)
 	{
 		unsigned char data_hash[24] = { 0 };
 		size_t len = 0;
@@ -2260,7 +2260,7 @@ hash_data(const unsigned char *data, size_t datalen, unsigned char *hash, unsign
 		memcpy(&data_hash[20], &len, 4);
 		memcpy(hash, data_hash, 24);
 	}
-	else if(mechanismType | SC_ALGORITHM_ECDSA_HASH_SHA256)
+	else if(mechanismType & SC_ALGORITHM_ECDSA_HASH_SHA256)
 	{
 		unsigned char data_hash[36] = { 0 };
 		size_t len = 0;