From 32332fd2bb573ee1ea1dd263a11ee660148fb4ca Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 28 May 2025 19:47:19 -0700
Subject: [PATCH] Fix logic for signing with input digest smaller than key
 size. ZD 19869

---
 src/tpm2_wrap.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
index e935040..4f8d329 100644
--- a/src/tpm2_wrap.c
+++ b/src/tpm2_wrap.c
@@ -3774,8 +3774,22 @@ int wolfTPM2_SignHashScheme(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
 
     XMEMSET(&signIn, 0, sizeof(signIn));
     signIn.keyHandle = key->handle.hndl;
-    signIn.digest.size = digestSz;
-    XMEMCPY(signIn.digest.buffer, digest, signIn.digest.size);
+    signIn.digest.size = TPM2_GetHashDigestSize(hashAlg);
+    if (signIn.digest.size <= 0) {
+        return BAD_FUNC_ARG;
+    }
+    /* truncate if too large */
+    if (signIn.digest.size > curveSize) {
+        signIn.digest.size = curveSize;
+    }
+    /* if digest provided is smaller than key size then zero pad leading */
+    if (signIn.digest.size > digestSz) {
+        XMEMCPY(&signIn.digest.buffer[signIn.digest.size - digestSz], digest,
+            digestSz);
+    }
+    else {
+        XMEMCPY(signIn.digest.buffer, digest, digestSz);
+    }
     signIn.inScheme.scheme = sigAlg;
     signIn.inScheme.details.any.hashAlg = hashAlg;
     signIn.validation.tag = TPM_ST_HASHCHECK;