===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keysign.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- src/usr.bin/ssh/ssh-keysign.c	2002/06/26 22:27:32	1.5
+++ src/usr.bin/ssh/ssh-keysign.c	2002/07/03 09:55:38	1.6
@@ -22,9 +22,11 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.5 2002/06/26 22:27:32 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.6 2002/07/03 09:55:38 markus Exp $");
 
 #include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
 
 #include "log.h"
 #include "key.h"
@@ -134,6 +136,7 @@
 	u_char *signature, *data;
 	char *host;
 	u_int slen, dlen;
+	u_int32_t rnd[256];
 
 	key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
 	key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
@@ -153,6 +156,9 @@
 	pw = pwcopy(pw);
 
 	SSLeay_add_all_algorithms();
+	for (i = 0; i < 256; i++)
+		rnd[i] = arc4random();
+	RAND_seed(rnd, sizeof(rnd));
 
 	found = 0;
 	for (i = 0; i < 2; i++) {
@@ -162,6 +168,13 @@
 		keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
 		    NULL, NULL);
 		close(key_fd[i]);
+		if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
+			if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
+				error("RSA_blinding_on failed");
+				key_free(keys[i]);
+				keys[i] = NULL;
+			}
+		}
 		if (keys[i] != NULL)
 			found = 1;
 	}