Blame SOURCES/pam_ssh_agent_auth-0.10.4-rsasha2.patch

07d1ba
diff -up openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2 openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c
07d1ba
--- openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2	2022-07-15 15:08:12.865585410 +0200
07d1ba
+++ openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c	2022-07-15 15:16:25.164282372 +0200
07d1ba
@@ -87,8 +87,13 @@ userauth_pubkey_from_id(const char *ruse
07d1ba
         (r = sshbuf_put_string(b, pkblob, blen)) != 0)
07d1ba
         fatal("%s: buffer error: %s", __func__, ssh_err(r));
07d1ba
 
07d1ba
-    if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
07d1ba
-        goto user_auth_clean_exit;
07d1ba
+    if (sshkey_type_plain(id->key->type) == KEY_RSA
07d1ba
+	&& ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), "rsa-sha2-256", 0) == 0) {
07d1ba
+	/* Do nothing */
07d1ba
+    } else {
07d1ba
+        if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
07d1ba
+            goto user_auth_clean_exit;
07d1ba
+    }
07d1ba
 
07d1ba
     /* test for correct signature */
07d1ba
     if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0, NULL) == 0)