From c2273603a53753ecf81bf9ec6bceea0dbe2d18b6 Mon Sep 17 00:00:00 2001
From: Florian Festi <ffesti@redhat.com>
Date: Thu, 31 Oct 2024 15:36:41 +0100
Subject: [PATCH] Use imaevm_signhash if available

sign_hash is deprecated in the newest libimaevm

Resolves: #3419
---
 CMakeLists.txt       | 1 +
 sign/rpmsignfiles.cc | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index dfb0997d8c..dd29676e0e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -295,6 +295,7 @@ endif()
 
 if (WITH_IMAEVM)
 	list(APPEND REQFUNCS lsetxattr)
+	list(APPEND OPTFUNCS imaevm_signhash)
 	add_library(IMA::IMA UNKNOWN IMPORTED)
 	find_path(IMA_INCLUDE_DIR NAMES imaevm.h REQUIRED)
 	find_library(IMA_LIBRARY NAMES imaevm REQUIRED)
diff --git a/sign/rpmsignfiles.cc b/sign/rpmsignfiles.cc
index 05c6db6e43..939d7bb2a1 100644
--- a/sign/rpmsignfiles.cc
+++ b/sign/rpmsignfiles.cc
@@ -53,7 +53,16 @@ const char *key, char *keypass, uint32_t *siglenp)
     signature[0] = '\x03';
 
     /* calculate file signature */
+#if HAVE_IMAEVM_SIGNHASH
+    imaevm_ossl_access access_info = {
+	.type = IMAEVM_OSSL_ACCESS_TYPE_NONE,
+    };
+    siglen = imaevm_signhash(algo, fdigest, diglen, key, keypass, signature+1, 0, &access_info, 0);
+
+#else
     siglen = sign_hash(algo, fdigest, diglen, key, keypass, signature+1);
+#endif
+
     if (siglen < 0) {
 	rpmlog(RPMLOG_ERR, _("sign_hash failed\n"));
 	return NULL;