Use imaevm_signhash if available

sign_hash is deprecated in the newest libimaevm Resolves: rpm-software-management#3419
ffesti · Nov 20, 2024 · c227360 · c227360
1 parent 39df85d
commit c227360
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -295,6 +295,7 @@ endif()
 
 if (WITH_IMAEVM)
 	list(APPEND REQFUNCS lsetxattr)
+	list(APPEND OPTFUNCS imaevm_signhash)
 	add_library(IMA::IMA UNKNOWN IMPORTED)
 	find_path(IMA_INCLUDE_DIR NAMES imaevm.h REQUIRED)
 	find_library(IMA_LIBRARY NAMES imaevm REQUIRED)

diff --git a/sign/rpmsignfiles.cc b/sign/rpmsignfiles.cc
@@ -53,7 +53,16 @@ const char *key, char *keypass, uint32_t *siglenp)
     signature[0] = '\x03';
 
     /* calculate file signature */
+#if HAVE_IMAEVM_SIGNHASH
+    imaevm_ossl_access access_info = {
+	.type = IMAEVM_OSSL_ACCESS_TYPE_NONE,
+    };
+    siglen = imaevm_signhash(algo, fdigest, diglen, key, keypass, signature+1, 0, &access_info, 0);
+
+#else
     siglen = sign_hash(algo, fdigest, diglen, key, keypass, signature+1);
+#endif
+
     if (siglen < 0) {
 	rpmlog(RPMLOG_ERR, _("sign_hash failed\n"));
 	return NULL;