1 files changed, 46 insertions, 158 deletions
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
index 1411fd8333..f128ee5a68 100644
--- a/src/lib/libcrypto/engine/hw_cswift.c
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -90,7 +90,6 @@ static int cswift_destroy(ENGINE *e);
 static int cswift_init(ENGINE *e);
 static int cswift_finish(ENGINE *e);
 static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
-static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
 /* BIGNUM stuff */
 static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -404,10 +403,7 @@ static int cswift_init(ENGINE *e)
        return 1;
 err:
        if(cswift_dso)
-        {
                DSO_free(cswift_dso);
-                cswift_dso = NULL;
-        }
        p_CSwift_AcquireAccContext = NULL;
        p_CSwift_AttachKeyParam = NULL;
        p_CSwift_SimpleRequest = NULL;
@@ -557,29 +553,6 @@ err:
        return to_return;
        }
-int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
-{
-        int mod;
-        int numbytes = BN_num_bytes(in);
-        mod = 0;
-        while( ((out->nbytes = (numbytes+mod)) % 32) )
-        {
-                mod++;
-        }
-        out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
-        if(!out->value)
-        {
-                return 0;
-        }
-        BN_bn2bin(in, &out->value[mod]);
-        if(mod)
-                memset(out->value, 0, mod);
-        return 1;
-}
 /* Un petit mod_exp chinois */
 static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                        const BIGNUM *q, const BIGNUM *dmp1,
@@ -589,16 +562,15 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        SW_LARGENUMBER arg, res;
        SW_PARAM sw_param;
        SW_CONTEXT_HANDLE hac;
-        BIGNUM *result = NULL;
+        BIGNUM *rsa_p = NULL;
+        BIGNUM *rsa_q = NULL;
+        BIGNUM *rsa_dmp1 = NULL;
+        BIGNUM *rsa_dmq1 = NULL;
+        BIGNUM *rsa_iqmp = NULL;
        BIGNUM *argument = NULL;
+        BIGNUM *result = NULL;
        int to_return = 0; /* expect failure */
        int acquired = 0;
-        sw_param.up.crt.p.value = NULL;
-        sw_param.up.crt.q.value = NULL;
-        sw_param.up.crt.dmp1.value = NULL;
-        sw_param.up.crt.dmq1.value = NULL;
-        sw_param.up.crt.iqmp.value = NULL;
 
        if(!get_context(&hac))
                {
@@ -606,55 +578,44 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                goto err;
                }
        acquired = 1;
        /* Prepare the params */
-        argument = BN_new();
+        BN_CTX_start(ctx);
-        result = BN_new();
+        rsa_p = BN_CTX_get(ctx);
-        if(!result || !argument)
+        rsa_q = BN_CTX_get(ctx);
+        rsa_dmp1 = BN_CTX_get(ctx);
+        rsa_dmq1 = BN_CTX_get(ctx);
+        rsa_iqmp = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if(!result)
                {
                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
                goto err;
                }
+        if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
+                        !bn_wexpand(rsa_dmp1, dmp1->top) ||
-        sw_param.type = SW_ALG_CRT;
+                        !bn_wexpand(rsa_dmq1, dmq1->top) ||
-        /************************************************************************/
+                        !bn_wexpand(rsa_iqmp, iqmp->top) ||
-        /* 04/02/2003                                                           */
+                        !bn_wexpand(argument, a->top) ||
-        /* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
-        /* limitation of cswift with values not a multiple of 32                */
-        /************************************************************************/
-        if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
-        {
-                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
-                goto err;
-        }
-        if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
-        {
-                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
-                goto err;
-        }
-        if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
-        {
-                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
-                goto err;
-        }
-        if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
-        {
-                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
-                goto err;
-        }
-        if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
-        {
-                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
-                goto err;
-        }
-        if(     !bn_wexpand(argument, a->top) ||
                        !bn_wexpand(result, p->top + q->top))
                {
                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
                goto err;
                }
+        sw_param.type = SW_ALG_CRT;
+        sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
+        sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
+        sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
+        sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
+        sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
+                (unsigned char *)rsa_dmp1->d);
+        sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
+        sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
+                (unsigned char *)rsa_dmq1->d);
+        sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
+        sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
+                (unsigned char *)rsa_iqmp->d);
+        sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
        /* Attach the key params */
        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
        switch(sw_status)
@@ -693,22 +654,9 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
        to_return = 1;
 err:
-        if(sw_param.up.crt.p.value)
-                OPENSSL_free(sw_param.up.crt.p.value);
-        if(sw_param.up.crt.q.value)
-                OPENSSL_free(sw_param.up.crt.q.value);
-        if(sw_param.up.crt.dmp1.value)
-                OPENSSL_free(sw_param.up.crt.dmp1.value);
-        if(sw_param.up.crt.dmq1.value)
-                OPENSSL_free(sw_param.up.crt.dmq1.value);
-        if(sw_param.up.crt.iqmp.value)
-                OPENSSL_free(sw_param.up.crt.iqmp.value);
-        if(result)
-                BN_free(result);
-        if(argument)
-                BN_free(argument);
        if(acquired)
                release_context(hac);
+        BN_CTX_end(ctx);
        return to_return;
        }
 
@@ -717,27 +665,6 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
        {
        BN_CTX *ctx;
        int to_return = 0;
-        const RSA_METHOD * def_rsa_method;
-        /* Try the limits of RSA (2048 bits) */
-        if(BN_num_bytes(rsa->p) > 128 ||
-                BN_num_bytes(rsa->q) > 128 ||
-                BN_num_bytes(rsa->dmp1) > 128 ||
-                BN_num_bytes(rsa->dmq1) > 128 ||
-                BN_num_bytes(rsa->iqmp) > 128)
-        {
-#ifdef RSA_NULL
-                def_rsa_method=RSA_null_method();
-#else
-#if 0
-                def_rsa_method=RSA_PKCS1_RSAref();
-#else
-                def_rsa_method=RSA_PKCS1_SSLeay();
-#endif
-#endif
-                if(def_rsa_method)
-                        return def_rsa_method->rsa_mod_exp(r0, I, rsa);
-        }
        if((ctx = BN_CTX_new()) == NULL)
                goto err;
@@ -759,26 +686,6 @@ err:
 static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
        {
-        const RSA_METHOD * def_rsa_method;
-        /* Try the limits of RSA (2048 bits) */
-        if(BN_num_bytes(r) > 256 ||
-                BN_num_bytes(a) > 256 ||
-                BN_num_bytes(m) > 256)
-        {
-#ifdef RSA_NULL
-                def_rsa_method=RSA_null_method();
-#else
-#if 0
-                def_rsa_method=RSA_PKCS1_RSAref();
-#else
-                def_rsa_method=RSA_PKCS1_SSLeay();
-#endif
-#endif
-                if(def_rsa_method)
-                        return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
-        }
        return cswift_mod_exp(r, a, p, m, ctx);
        }
@@ -1023,10 +930,9 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
        SW_CONTEXT_HANDLE hac;
        SW_STATUS swrc;
        SW_LARGENUMBER largenum;
+        size_t nbytes = 0;
        int acquired = 0;
        int to_return = 0; /* assume failure */
-        unsigned char buf32[1024];
        if (!get_context(&hac))
        {
@@ -1035,19 +941,17 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
        }
        acquired = 1;
-        /************************************************************************/
+        while (nbytes < (size_t)num)
-        /* 04/02/2003                                                           */
-        /* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
-        /* limitation of cswift with values not a multiple of 32                */
-        /************************************************************************/
-        while(num >= sizeof(buf32))
        {
-                largenum.value = buf;
-                largenum.nbytes = sizeof(buf32);
                /* tell CryptoSwift how many bytes we want and where we want it.
                 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
                 *       - CryptoSwift can only do multiple of 32-bits. */
+                largenum.value = (SW_BYTE *) buf + nbytes;
+                if (4096 > num - nbytes)
+                        largenum.nbytes = num - nbytes;
+                else
+                        largenum.nbytes = 4096;
                swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
                if (swrc != SW_OK)
                {
@@ -1057,30 +961,14 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
                        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
                        goto err;
                }
-                buf += sizeof(buf32);
-                num -= sizeof(buf32);
-        }
-        if(num)
-        {
-                largenum.nbytes = sizeof(buf32);
-                largenum.value = buf32;
-                swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
-                if (swrc != SW_OK)
-                {
-                        char tmpbuf[20];
-                        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
-                        sprintf(tmpbuf, "%ld", swrc);
-                        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
-                        goto err;
-                }
-                memcpy(buf, largenum.value, num);
-        }
+                nbytes += largenum.nbytes;
+        }
        to_return = 1;  /* success */
 err:
        if (acquired)
                release_context(hac);
        return to_return;
 }

diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c index 1411fd8333..f128ee5a68 100644 --- a/src/lib/libcrypto/engine/hw_cswift.c +++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -90,7 +90,6 @@ static int cswift_destroy(ENGINE *e);
90	static int cswift_init(ENGINE *e);	90	static int cswift_init(ENGINE *e);
91	static int cswift_finish(ENGINE *e);	91	static int cswift_finish(ENGINE *e);
92	static int cswift_ctrl(ENGINE e, int cmd, long i, void p, void (*f)());	92	static int cswift_ctrl(ENGINE e, int cmd, long i, void p, void (*f)());
93	static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
94		93
95	/* BIGNUM stuff */	94	/* BIGNUM stuff */
96	static int cswift_mod_exp(BIGNUM r, const BIGNUM a, const BIGNUM *p,	95	static int cswift_mod_exp(BIGNUM r, const BIGNUM a, const BIGNUM *p,
@@ -404,10 +403,7 @@ static int cswift_init(ENGINE *e)
404	return 1;	403	return 1;
405	err:	404	err:
406	if(cswift_dso)	405	if(cswift_dso)
407	{
408	DSO_free(cswift_dso);	406	DSO_free(cswift_dso);
409	cswift_dso = NULL;
410	}
411	p_CSwift_AcquireAccContext = NULL;	407	p_CSwift_AcquireAccContext = NULL;
412	p_CSwift_AttachKeyParam = NULL;	408	p_CSwift_AttachKeyParam = NULL;
413	p_CSwift_SimpleRequest = NULL;	409	p_CSwift_SimpleRequest = NULL;
@@ -557,29 +553,6 @@ err:
557	return to_return;	553	return to_return;
558	}	554	}
559		555
560
561	int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
562	{
563	int mod;
564	int numbytes = BN_num_bytes(in);
565
566	mod = 0;
567	while( ((out->nbytes = (numbytes+mod)) % 32) )
568	{
569	mod++;
570	}
571	out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
572	if(!out->value)
573	{
574	return 0;
575	}
576	BN_bn2bin(in, &out->value[mod]);
577	if(mod)
578	memset(out->value, 0, mod);
579
580	return 1;
581	}
582
583	/* Un petit mod_exp chinois */	556	/* Un petit mod_exp chinois */
584	static int cswift_mod_exp_crt(BIGNUM r, const BIGNUM a, const BIGNUM *p,	557	static int cswift_mod_exp_crt(BIGNUM r, const BIGNUM a, const BIGNUM *p,
585	const BIGNUM q, const BIGNUM dmp1,	558	const BIGNUM q, const BIGNUM dmp1,
@@ -589,16 +562,15 @@ static int cswift_mod_exp_crt(BIGNUM r, const BIGNUM a, const BIGNUM *p,
589	SW_LARGENUMBER arg, res;	562	SW_LARGENUMBER arg, res;
590	SW_PARAM sw_param;	563	SW_PARAM sw_param;
591	SW_CONTEXT_HANDLE hac;	564	SW_CONTEXT_HANDLE hac;
592	BIGNUM *result = NULL;	565	BIGNUM *rsa_p = NULL;
		566	BIGNUM *rsa_q = NULL;
		567	BIGNUM *rsa_dmp1 = NULL;
		568	BIGNUM *rsa_dmq1 = NULL;
		569	BIGNUM *rsa_iqmp = NULL;
593	BIGNUM *argument = NULL;	570	BIGNUM *argument = NULL;
		571	BIGNUM *result = NULL;
594	int to_return = 0; /* expect failure */	572	int to_return = 0; /* expect failure */
595	int acquired = 0;	573	int acquired = 0;
596
597	sw_param.up.crt.p.value = NULL;
598	sw_param.up.crt.q.value = NULL;
599	sw_param.up.crt.dmp1.value = NULL;
600	sw_param.up.crt.dmq1.value = NULL;
601	sw_param.up.crt.iqmp.value = NULL;
602		574
603	if(!get_context(&hac))	575	if(!get_context(&hac))
604	{	576	{
@@ -606,55 +578,44 @@ static int cswift_mod_exp_crt(BIGNUM r, const BIGNUM a, const BIGNUM *p,
606	goto err;	578	goto err;
607	}	579	}
608	acquired = 1;	580	acquired = 1;
609
610	/* Prepare the params */	581	/* Prepare the params */
611	argument = BN_new();	582	BN_CTX_start(ctx);
612	result = BN_new();	583	rsa_p = BN_CTX_get(ctx);
613	if(!result \|\| !argument)	584	rsa_q = BN_CTX_get(ctx);
		585	rsa_dmp1 = BN_CTX_get(ctx);
		586	rsa_dmq1 = BN_CTX_get(ctx);
		587	rsa_iqmp = BN_CTX_get(ctx);
		588	argument = BN_CTX_get(ctx);
		589	result = BN_CTX_get(ctx);
		590	if(!result)
614	{	591	{
615	CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);	592	CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
616	goto err;	593	goto err;
617	}	594	}
618		595	if(!bn_wexpand(rsa_p, p->top) \|\| !bn_wexpand(rsa_q, q->top) \|\|
619		596	!bn_wexpand(rsa_dmp1, dmp1->top) \|\|
620	sw_param.type = SW_ALG_CRT;	597	!bn_wexpand(rsa_dmq1, dmq1->top) \|\|
621	/************************************************************************/	598	!bn_wexpand(rsa_iqmp, iqmp->top) \|\|
622	/* 04/02/2003 */	599	!bn_wexpand(argument, a->top) \|\|
623	/* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
624	/* limitation of cswift with values not a multiple of 32 */
625	/************************************************************************/
626	if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
627	{
628	CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
629	goto err;
630	}
631	if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
632	{
633	CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
634	goto err;
635	}
636	if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
637	{
638	CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
639	goto err;
640	}
641	if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
642	{
643	CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
644	goto err;
645	}
646	if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
647	{
648	CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
649	goto err;
650	}
651	if( !bn_wexpand(argument, a->top) \|\|
652	!bn_wexpand(result, p->top + q->top))	600	!bn_wexpand(result, p->top + q->top))
653	{	601	{
654	CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);	602	CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
655	goto err;	603	goto err;
656	}	604	}
657		605	sw_param.type = SW_ALG_CRT;
		606	sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
		607	sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
		608	sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
		609	sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
		610	sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
		611	(unsigned char *)rsa_dmp1->d);
		612	sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
		613	sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
		614	(unsigned char *)rsa_dmq1->d);
		615	sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
		616	sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
		617	(unsigned char *)rsa_iqmp->d);
		618	sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
658	/* Attach the key params */	619	/* Attach the key params */
659	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);	620	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
660	switch(sw_status)	621	switch(sw_status)
@@ -693,22 +654,9 @@ static int cswift_mod_exp_crt(BIGNUM r, const BIGNUM a, const BIGNUM *p,
693	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);	654	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
694	to_return = 1;	655	to_return = 1;
695	err:	656	err:
696	if(sw_param.up.crt.p.value)
697	OPENSSL_free(sw_param.up.crt.p.value);
698	if(sw_param.up.crt.q.value)
699	OPENSSL_free(sw_param.up.crt.q.value);
700	if(sw_param.up.crt.dmp1.value)
701	OPENSSL_free(sw_param.up.crt.dmp1.value);
702	if(sw_param.up.crt.dmq1.value)
703	OPENSSL_free(sw_param.up.crt.dmq1.value);
704	if(sw_param.up.crt.iqmp.value)
705	OPENSSL_free(sw_param.up.crt.iqmp.value);
706	if(result)
707	BN_free(result);
708	if(argument)
709	BN_free(argument);
710	if(acquired)	657	if(acquired)
711	release_context(hac);	658	release_context(hac);
		659	BN_CTX_end(ctx);
712	return to_return;	660	return to_return;
713	}	661	}
714		662
@@ -717,27 +665,6 @@ static int cswift_rsa_mod_exp(BIGNUM r0, const BIGNUM I, RSA *rsa)
717	{	665	{
718	BN_CTX *ctx;	666	BN_CTX *ctx;
719	int to_return = 0;	667	int to_return = 0;
720	const RSA_METHOD * def_rsa_method;
721
722	/* Try the limits of RSA (2048 bits) */
723	if(BN_num_bytes(rsa->p) > 128 \|\|
724	BN_num_bytes(rsa->q) > 128 \|\|
725	BN_num_bytes(rsa->dmp1) > 128 \|\|
726	BN_num_bytes(rsa->dmq1) > 128 \|\|
727	BN_num_bytes(rsa->iqmp) > 128)
728	{
729	#ifdef RSA_NULL
730	def_rsa_method=RSA_null_method();
731	#else
732	#if 0
733	def_rsa_method=RSA_PKCS1_RSAref();
734	#else
735	def_rsa_method=RSA_PKCS1_SSLeay();
736	#endif
737	#endif
738	if(def_rsa_method)
739	return def_rsa_method->rsa_mod_exp(r0, I, rsa);
740	}
741		668
742	if((ctx = BN_CTX_new()) == NULL)	669	if((ctx = BN_CTX_new()) == NULL)
743	goto err;	670	goto err;
@@ -759,26 +686,6 @@ err:
759	static int cswift_mod_exp_mont(BIGNUM r, const BIGNUM a, const BIGNUM *p,	686	static int cswift_mod_exp_mont(BIGNUM r, const BIGNUM a, const BIGNUM *p,
760	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *m_ctx)	687	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *m_ctx)
761	{	688	{
762	const RSA_METHOD * def_rsa_method;
763
764	/* Try the limits of RSA (2048 bits) */
765	if(BN_num_bytes(r) > 256 \|\|
766	BN_num_bytes(a) > 256 \|\|
767	BN_num_bytes(m) > 256)
768	{
769	#ifdef RSA_NULL
770	def_rsa_method=RSA_null_method();
771	#else
772	#if 0
773	def_rsa_method=RSA_PKCS1_RSAref();
774	#else
775	def_rsa_method=RSA_PKCS1_SSLeay();
776	#endif
777	#endif
778	if(def_rsa_method)
779	return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
780	}
781
782	return cswift_mod_exp(r, a, p, m, ctx);	689	return cswift_mod_exp(r, a, p, m, ctx);
783	}	690	}
784		691
@@ -1023,10 +930,9 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
1023	SW_CONTEXT_HANDLE hac;	930	SW_CONTEXT_HANDLE hac;
1024	SW_STATUS swrc;	931	SW_STATUS swrc;
1025	SW_LARGENUMBER largenum;	932	SW_LARGENUMBER largenum;
		933	size_t nbytes = 0;
1026	int acquired = 0;	934	int acquired = 0;
1027	int to_return = 0; /* assume failure */	935	int to_return = 0; /* assume failure */
1028	unsigned char buf32[1024];
1029
1030		936
1031	if (!get_context(&hac))	937	if (!get_context(&hac))
1032	{	938	{
@@ -1035,19 +941,17 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
1035	}	941	}
1036	acquired = 1;	942	acquired = 1;
1037		943
1038	/************************************************************************/	944	while (nbytes < (size_t)num)
1039	/* 04/02/2003 */
1040	/* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
1041	/* limitation of cswift with values not a multiple of 32 */
1042	/************************************************************************/
1043
1044	while(num >= sizeof(buf32))
1045	{	945	{
1046	largenum.value = buf;
1047	largenum.nbytes = sizeof(buf32);
1048	/* tell CryptoSwift how many bytes we want and where we want it.	946	/* tell CryptoSwift how many bytes we want and where we want it.
1049	* Note: - CryptoSwift cannot do more than 4096 bytes at a time.	947	* Note: - CryptoSwift cannot do more than 4096 bytes at a time.
1050	* - CryptoSwift can only do multiple of 32-bits. */	948	* - CryptoSwift can only do multiple of 32-bits. */
		949	largenum.value = (SW_BYTE *) buf + nbytes;
		950	if (4096 > num - nbytes)
		951	largenum.nbytes = num - nbytes;
		952	else
		953	largenum.nbytes = 4096;
		954
1051	swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);	955	swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
1052	if (swrc != SW_OK)	956	if (swrc != SW_OK)
1053	{	957	{
@@ -1057,30 +961,14 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
1057	ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);	961	ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
1058	goto err;	962	goto err;
1059	}	963	}
1060	buf += sizeof(buf32);
1061	num -= sizeof(buf32);
1062	}
1063	if(num)
1064	{
1065	largenum.nbytes = sizeof(buf32);
1066	largenum.value = buf32;
1067	swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
1068	if (swrc != SW_OK)
1069	{
1070	char tmpbuf[20];
1071	CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
1072	sprintf(tmpbuf, "%ld", swrc);
1073	ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
1074	goto err;
1075	}
1076	memcpy(buf, largenum.value, num);
1077	}
1078		964
		965	nbytes += largenum.nbytes;
		966	}
1079	to_return = 1; /* success */	967	to_return = 1; /* success */
		968
1080	err:	969	err:
1081	if (acquired)	970	if (acquired)
1082	release_context(hac);	971	release_context(hac);
1083
1084	return to_return;	972	return to_return;
1085	}	973	}
1086		974