diff --git a/ChangeLog b/ChangeLog
index bf670de5a..5954eeaa5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,9 @@
    - markus@cvs.openbsd.org 2001/03/26 23:23:24
      [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
      try to read private f-secure ssh v2 rsa keys.
+   - markus@cvs.openbsd.org 2001/03/27 10:34:08
+     [ssh-rsa.c sshd.c]
+     use EVP_get_digestbynid, reorder some calls and fix missing free.
 
 20010328
  - (djm) Reorder tests and library inclusion for Krb4/AFS to try to 
@@ -4747,4 +4750,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1028 2001/03/29 00:29:54 mouring Exp $
+$Id: ChangeLog,v 1.1029 2001/03/29 00:31:20 mouring Exp $
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 9de0e7b08..a2153bd1a 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.6 2001/02/08 19:30:52 itojun Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.7 2001/03/27 10:34:08 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -42,27 +42,32 @@ ssh_rsa_sign(
     u_char **sigp, int *lenp,
     u_char *data, int datalen)
 {
-	EVP_MD *evp_md = EVP_sha1();
+	const EVP_MD *evp_md;
 	EVP_MD_CTX md;
 	u_char *digest, *sig, *ret;
 	u_int slen, dlen, len;
-	int ok;
+	int ok, nid;
 	Buffer b;
 
 	if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) {
 		error("ssh_rsa_sign: no RSA key");
 		return -1;
 	}
-	slen = RSA_size(key->rsa);
-	sig = xmalloc(slen);
-
+	nid = NID_sha1;
+	if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
+		error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
+		return -1;
+	}
 	dlen = evp_md->md_size;
 	digest = xmalloc(dlen);
 	EVP_DigestInit(&md, evp_md);
 	EVP_DigestUpdate(&md, data, datalen);
 	EVP_DigestFinal(&md, digest, NULL);
 
-	ok = RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa);
+	slen = RSA_size(key->rsa);
+	sig = xmalloc(slen);
+
+	ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
 	memset(digest, 'd', dlen);
 	xfree(digest);
 
@@ -108,13 +113,12 @@ ssh_rsa_verify(
     u_char *data, int datalen)
 {
 	Buffer b;
-	EVP_MD *evp_md = EVP_sha1();
+	const EVP_MD *evp_md;
 	EVP_MD_CTX md;
 	char *ktype;
 	u_char *sigblob, *digest;
 	u_int len, dlen;
-	int rlen;
-	int ret;
+	int rlen, ret, nid;
 
 	if (key == NULL || key->type != KEY_RSA || key->rsa == NULL) {
 		error("ssh_rsa_verify: no RSA key");
@@ -139,17 +143,23 @@ ssh_rsa_verify(
 	rlen = buffer_len(&b);
 	buffer_free(&b);
 	if(rlen != 0) {
+		xfree(sigblob);
 		error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
 		return -1;
 	}
-
+	nid = NID_sha1;
+	if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
+		xfree(sigblob);
+		error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
+		return -1;
+	}
 	dlen = evp_md->md_size;
 	digest = xmalloc(dlen);
 	EVP_DigestInit(&md, evp_md);
 	EVP_DigestUpdate(&md, data, datalen);
 	EVP_DigestFinal(&md, digest, NULL);
 
-	ret = RSA_verify(NID_sha1, digest, dlen, sigblob, len, key->rsa);
+	ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
 	memset(digest, 'd', dlen);
 	xfree(digest);
 	memset(sigblob, 's', len);
diff --git a/sshd.c b/sshd.c
index 67bef9f43..961aeeaa0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.179 2001/03/26 08:07:09 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.180 2001/03/27 10:34:08 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -648,6 +648,7 @@ main(int ac, char **av)
 			exit(1);
 		}
 	}
+	SSLeay_add_all_algorithms();
 
 	/*
 	 * Force logging to stderr until we have loaded the private host