Blame SOURCES/pam_ssh_agent_auth-0.10.4-rsasha2.patch

39b801
diff -up openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2 openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c
39b801
--- openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2	2022-07-15 15:08:12.865585410 +0200
39b801
+++ openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c	2022-07-15 15:16:25.164282372 +0200
39b801
@@ -87,8 +87,13 @@ userauth_pubkey_from_id(const char *ruse
39b801
         (r = sshbuf_put_string(b, pkblob, blen)) != 0)
39b801
         fatal("%s: buffer error: %s", __func__, ssh_err(r));
39b801
 
39b801
-    if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
39b801
-        goto user_auth_clean_exit;
39b801
+    if (sshkey_type_plain(id->key->type) == KEY_RSA
39b801
+	&& ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), "rsa-sha2-256", 0) == 0) {
39b801
+	/* Do nothing */
39b801
+    } else {
39b801
+        if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
39b801
+            goto user_auth_clean_exit;
39b801
+    }
39b801
 
39b801
     /* test for correct signature */
39b801
     if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0, NULL) == 0)