From c2d6022e6e9b16daf59551fa280654f3334946d7 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 7 Dec 2023 11:40:42 -0800
Subject: [PATCH] Fix for ECC sign with key that is marked for sign and decrypt
 detect the ECDSA hash algorithm.

---
 src/tpm2_wrap.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
index 15ecb552..c2b95ea4 100644
--- a/src/tpm2_wrap.c
+++ b/src/tpm2_wrap.c
@@ -3510,11 +3510,21 @@ int wolfTPM2_SignHash(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
     }
 
     if (key->pub.publicArea.type == TPM_ALG_ECC) {
+        /* Keys that are created with sign and decrypt require scheme to be NULL,
+         * but we must supply ECDSA and Hash Algorithm for signing */
         sigAlg = key->pub.publicArea.parameters.eccDetail.scheme.scheme;
         hashAlg = key->pub.publicArea.parameters.eccDetail.scheme.details.any.hashAlg;
-        if (sigAlg == TPM_ALG_NULL) {
+        if (sigAlg == 0 || sigAlg == TPM_ALG_NULL) {
             sigAlg = TPM_ALG_ECDSA;
         }
+        if (hashAlg == 0 || hashAlg == TPM_ALG_NULL) {
+            if (digestSz == 64)
+                hashAlg = TPM_ALG_SHA512;
+            else if (digestSz == 48)
+                hashAlg = TPM_ALG_SHA384;
+            else if (digestSz == 32)
+                hashAlg = TPM_ALG_SHA256;
+        }
     }
     else if (key->pub.publicArea.type == TPM_ALG_RSA) {
         sigAlg = key->pub.publicArea.parameters.rsaDetail.scheme.scheme;