===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/authfile.c,v
retrieving revision 1.50
retrieving revision 1.50.2.1
diff -u -r1.50 -r1.50.2.1
--- src/usr.bin/ssh/authfile.c	2002/06/24 14:55:38	1.50
+++ src/usr.bin/ssh/authfile.c	2003/04/01 00:12:13	1.50.2.1
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.50.2.1 2003/04/01 00:12:13 margarida Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -232,12 +232,17 @@
 {
 	Buffer buffer;
 	Key *pub;
+	struct stat st;
 	char *cp;
 	int i;
 	off_t len;
 
-	len = lseek(fd, (off_t) 0, SEEK_END);
-	lseek(fd, (off_t) 0, SEEK_SET);
+	if (fstat(fd, &st) < 0) {
+		error("fstat for key file %.200s failed: %.100s",
+		    filename, strerror(errno));
+		return NULL;
+	}
+	len = st.st_size;
 
 	buffer_init(&buffer);
 	cp = buffer_append_space(&buffer, len);
@@ -318,9 +323,15 @@
 	CipherContext ciphercontext;
 	Cipher *cipher;
 	Key *prv = NULL;
+	struct stat st;
 
-	len = lseek(fd, (off_t) 0, SEEK_END);
-	lseek(fd, (off_t) 0, SEEK_SET);
+	if (fstat(fd, &st) < 0) {
+		error("fstat for key file %.200s failed: %.100s",
+		    filename, strerror(errno));
+		close(fd);
+		return NULL;
+	}
+	len = st.st_size;
 
 	buffer_init(&buffer);
 	cp = buffer_append_space(&buffer, len);
@@ -410,6 +421,12 @@
 	rsa_generate_additional_parameters(prv->rsa);
 
 	buffer_free(&decrypted);
+
+	/* enable blinding */
+	if (RSA_blinding_on(prv->rsa, NULL) != 1) {
+		error("key_load_private_rsa1: RSA_blinding_on failed");
+		goto fail;
+	}
 	close(fd);
 	return prv;
 
@@ -449,6 +466,11 @@
 #ifdef DEBUG_PK
 		RSA_print_fp(stderr, prv->rsa, 8);
 #endif
+		if (RSA_blinding_on(prv->rsa, NULL) != 1) {
+			error("key_load_private_pem: RSA_blinding_on failed");
+			key_free(prv);
+			prv = NULL;
+		}
 	} else if (pk->type == EVP_PKEY_DSA &&
 	    (type == KEY_UNSPEC||type==KEY_DSA)) {
 		prv = key_new(KEY_UNSPEC);