From 05c3adfa9b0b1329b9c685d06ba2914d67dfed7a Mon Sep 17 00:00:00 2001
From: Jakub Wlostowski <j.wlostowski@samsung.com>
Date: Wed, 21 May 2025 11:55:51 +0200
Subject: [PATCH] Check for incorrect digest type during sign

Change-Id: I24d8e7f4a2b7f6fd0f8dd52799263e3feb9f9de9
---
 src/backend/hal_backend_security_certs.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/backend/hal_backend_security_certs.cpp b/src/backend/hal_backend_security_certs.cpp
index 8007e1f..e4dc66b 100644
--- a/src/backend/hal_backend_security_certs.cpp
+++ b/src/backend/hal_backend_security_certs.cpp
@@ -196,7 +196,13 @@ int hal_backend_security_certs::sign_data(hal_security_certs_digest_type_e diges
 		}
 	}
 
-	if (1 != EVP_PKEY_CTX_set_signature_md(ctx.get(), to_openssl_md_type(digest_type))) {
+	auto md_type = to_openssl_md_type(digest_type);
+	if (!md_type) {
+		LOGE("Unsupported digest type");
+		return -ENODATA;
+	}
+
+	if (1 != EVP_PKEY_CTX_set_signature_md(ctx.get(), md_type)) {
 		LOGE("Can't set signature digest");
 		return -EINVAL;
 	}
-- 
2.34.1