This series deprecates the sign_hash function and introduces imaevm_signhash that requires the necessary parameters to be passed rather than relying on the global imaevm_params variable. This way we can get rid of the usage of imaevm_params for the OpenSSL engine and the keyid. Then add support for an OpenSSL provider. The choice of engine versus provider is implemented using a struct imaevm_ossl_access that wraps the engine or provider parameters. It also provides a type field where the user can choose on or the other. imaevm_signhash takes this structure as an optional parameter to support engines and providers. Also extend existing test cases with tests with a pkcs11 provider. Regards, Stefan Stefan Berger (6): headers: Remove usage of CONFIG_IMA_EVM_ENGINE from public header Pass ENGINE and keyid through to function using them evmctl: Replace deprecated sign_hash with imaevm_signhash Add support for OpenSSL provider to the library and evmctl tests: Add pkcs11 test using provider ci: Install pkcs11-provider where available ci/alt.sh | 2 + ci/debian.sh | 1 + ci/fedora.sh | 1 + ci/tumbleweed.sh | 2 + configure.ac | 6 ++ src/Makefile.am | 21 +++- src/evmctl.c | 124 ++++++++++++++++++------ src/imaevm.h | 39 +++++++- src/libimaevm.c | 215 ++++++++++++++++++++++++++++++++++------- tests/functions.sh | 1 - tests/sign_verify.test | 19 +++- 11 files changed, 354 insertions(+), 77 deletions(-) -- 2.43.0
