1 files changed, 8 insertions, 3 deletions

diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp
index 5047fdf7a..b278ade52 100644
--- a/src/pubkey/rsa/rsa.cpp
+++ b/src/pubkey/rsa/rsa.cpp
@@ -80,7 +80,7 @@ RSA_Private_Operation::RSA_Private_Operation(const RSA_PrivateKey& rsa) :
    powermod_d2_q(rsa.get_d2(), rsa.get_q()),
    mod_p(rsa.get_p())
    {
-   BigInt k = Blinder::choose_nonce(rsa.get_d(), n);
+   BigInt k = Blinder::choose_nonce(powermod_e_n(q), n);
    blinder = Blinder(powermod_e_n(k), inverse_mod(k, n), n);
    }
 
@@ -99,8 +99,13 @@ BigInt RSA_Private_Operation::private_op(const BigInt& m) const
 
 SecureVector<byte>
 RSA_Private_Operation::sign(const byte msg[], u32bit msg_len,
-                            RandomNumberGenerator&) const
+                            RandomNumberGenerator& rng)
    {
+   /* We don't check signatures against powermod_e_n here because
+      PK_Signer checks verification consistency for all signature
+      algorithms.
+   */
+
    BigInt m(msg, msg_len);
    BigInt x = blinder.unblind(private_op(blinder.blind(m)));
    return BigInt::encode_1363(x, n.bytes());
@@ -110,7 +115,7 @@ RSA_Private_Operation::sign(const byte msg[], u32bit msg_len,
 * RSA Decryption Operation
 */
 SecureVector<byte>
-RSA_Private_Operation::decrypt(const byte msg[], u32bit msg_len) const
+RSA_Private_Operation::decrypt(const byte msg[], u32bit msg_len)
    {
    BigInt m(msg, msg_len);
    BigInt x = blinder.unblind(private_op(blinder.blind(m)));