From 04f8c9f88becdb1e7b2daa9f7014bad6621b071b Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 7 Dec 2023 11:40:42 -0800
Subject: [PATCH] Fix for ECC sign with key that is marked for sign and decrypt
 detect the ECDSA hash algorithm.

---
 src/tpm2_wrap.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
index 95f00cef..31a32a2b 100644
--- a/src/tpm2_wrap.c
+++ b/src/tpm2_wrap.c
@@ -3497,11 +3497,21 @@ int wolfTPM2_SignHash(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
     }
 
     if (key->pub.publicArea.type == TPM_ALG_ECC) {
+        /* Keys that are created with sign and decrypt require scheme to be NULL,
+         * but we must supply ECDSA and Hash Algorithm for signing */
         sigAlg = key->pub.publicArea.parameters.eccDetail.scheme.scheme;
         hashAlg = key->pub.publicArea.parameters.eccDetail.scheme.details.any.hashAlg;
-        if (sigAlg == TPM_ALG_NULL) {
+        if (sigAlg == 0 || sigAlg == TPM_ALG_NULL) {
             sigAlg = TPM_ALG_ECDSA;
         }
+        if (hashAlg == 0 || TPM_ALG_NULL == NULL) {
+            if (digestSz == 64)
+                hashAlg = TPM_ALG_SHA512;
+            else if (digestSz == 48)
+                hashAlg = TPM_ALG_SHA384;
+            else if (digestSz == 32)
+                hashAlg = TPM_ALG_SHA256;
+        }
     }
     else if (key->pub.publicArea.type == TPM_ALG_RSA) {
         sigAlg = key->pub.publicArea.parameters.rsaDetail.scheme.scheme;