From 483723014e76d380c255ab95cbccded7a17af9a1 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Aug 17 2022 08:06:13 +0000
Subject: Port patches from CentOS - RSAMinSize


Related: rhbz#2117264

---

diff --git a/openssh-8.7p1-minrsabits.patch b/openssh-8.7p1-minrsabits.patch
index 4f11491..259129f 100644
--- a/openssh-8.7p1-minrsabits.patch
+++ b/openssh-8.7p1-minrsabits.patch
@@ -265,6 +265,19 @@ index 67f8e0309..d050c1656 100644
  	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey,
  	    xxx_conn_info) == -1)
  		fatal("Host key verification failed.");
+@@ -1762,6 +1762,12 @@ load_identity_file(Identity *id)
+ 			private = NULL;
+ 			quit = 1;
+ 		}
++		if (r = sshkey_check_rsa_length(private, options.rsa_min_size) != 0) {
++			debug_fr(r, "Skipping key %s", id->filename);
++			sshkey_free(private);
++			private = NULL;
++			quit = 1;
++		}
+ 		if (!quit && private != NULL && id->agent_fd == -1 &&
+ 		    !(id->key && id->isprivate))
+ 			maybe_add_key_to_agent(id->filename, private, comment,
 @@ -1747,6 +1751,12 @@ pubkey_prepare(struct ssh *ssh, Authctxt *authctxt)
 	/* list of keys supported by the agent */
 	if ((r = get_agent_identities(ssh, &agent_fd, &idlist)) == 0) {
diff --git a/openssh.spec b/openssh.spec
index c5abcf3..6d78eb9 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -51,7 +51,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 9.0p1
-%global openssh_rel 1
+%global openssh_rel 2
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 7
 
@@ -718,6 +718,9 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Wed Aug 17 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-2
+- Port patches from CentOS - RSAMinSize (rhbz#2117264)
+
 * Thu Aug 11 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-1 + 0.10.4-7
 - Rebase OpenSSH to 9.0p1 (rhbz#2057466)