===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keysign.c,v
retrieving revision 1.7.2.2
retrieving revision 1.8
diff -u -r1.7.2.2 -r1.8
--- src/usr.bin/ssh/ssh-keysign.c	2003/09/16 21:20:28	1.7.2.2
+++ src/usr.bin/ssh/ssh-keysign.c	2002/11/07 22:08:07	1.8
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.7.2.2 2003/09/16 21:20:28 brad Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.8 2002/11/07 22:08:07 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -42,15 +42,14 @@
 #include "pathnames.h"
 #include "readconf.h"
 
-/* XXX readconf.c needs these */
-uid_t original_real_uid;
+uid_t original_real_uid;	/* XXX readconf.c needs this */
 
 static int
 valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
     u_int datalen)
 {
 	Buffer b;
-	Key *key = NULL;
+	Key *key;
 	u_char *pkblob;
 	u_int blen, len;
 	char *pkalg, *p;
@@ -183,6 +182,13 @@
 		keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
 		    NULL, NULL);
 		close(key_fd[i]);
+		if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
+			if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
+				error("RSA_blinding_on failed");
+				key_free(keys[i]);
+				keys[i] = NULL;
+			}
+		}
 		if (keys[i] != NULL)
 			found = 1;
 	}
@@ -190,8 +196,8 @@
 		fatal("no hostkey found");
 
 	buffer_init(&b);
-	if (ssh_msg_recv(STDIN_FILENO, &b) < 0)
-		fatal("ssh_msg_recv failed");
+	if (msg_recv(STDIN_FILENO, &b) < 0)
+		fatal("msg_recv failed");
 	if (buffer_get_char(&b) != version)
 		fatal("bad version");
 	fd = buffer_get_int(&b);
@@ -223,7 +229,7 @@
 	/* send reply */
 	buffer_clear(&b);
 	buffer_put_string(&b, signature, slen);
-	ssh_msg_send(STDOUT_FILENO, version, &b);
+	msg_send(STDOUT_FILENO, version, &b);
 
 	return (0);
 }