7 files changed, 244 insertions, 125 deletions
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
index cdf670901a..4225760af1 100644
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ b/src/lib/libcrypto/engine/eng_cnf.c
@@ -158,7 +158,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                         */
                        if (!strcmp(ctrlvalue, "EMPTY"))
                                ctrlvalue = NULL;
-                        else if (!strcmp(ctrlname, "init"))
+                        if (!strcmp(ctrlname, "init"))
                                {
                                if (!NCONF_get_number_e(cnf, value, "init", &do_init))
                                        goto err;
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
index 814d95ee32..fdc0e7be0f 100644
--- a/src/lib/libcrypto/engine/eng_err.c
+++ b/src/lib/libcrypto/engine/eng_err.c
@@ -1,6 +1,6 @@
 /* crypto/engine/eng_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -64,87 +64,91 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
 static ERR_STRING_DATA ENGINE_str_functs[]=
        {
-{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0),   "DYNAMIC_CTRL"},
+{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL),       "DYNAMIC_CTRL"},
-{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0),   "DYNAMIC_GET_DATA_CTX"},
+{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX),       "DYNAMIC_GET_DATA_CTX"},
-{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0),   "DYNAMIC_LOAD"},
+{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD),       "DYNAMIC_LOAD"},
-{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0),     "ENGINE_add"},
+{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
-{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0),   "ENGINE_by_id"},
+{ERR_FUNC(ENGINE_F_ENGINE_BY_ID),       "ENGINE_by_id"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0),       "ENGINE_cmd_is_executable"},
+{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE),   "ENGINE_cmd_is_executable"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0),    "ENGINE_ctrl"},
+{ERR_FUNC(ENGINE_F_ENGINE_CTRL),        "ENGINE_ctrl"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0),        "ENGINE_ctrl_cmd"},
+{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD),    "ENGINE_ctrl_cmd"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"},
+{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING),     "ENGINE_ctrl_cmd_string"},
-{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0),  "ENGINE_finish"},
+{ERR_FUNC(ENGINE_F_ENGINE_FINISH),      "ENGINE_finish"},
-{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0),    "ENGINE_free"},
+{ERR_FUNC(ENGINE_F_ENGINE_FREE),        "ENGINE_free"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0),      "ENGINE_get_cipher"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER),  "ENGINE_get_cipher"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0),        "ENGINE_GET_DEFAULT_TYPE"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),    "ENGINE_GET_DEFAULT_TYPE"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0),      "ENGINE_get_digest"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),  "ENGINE_get_digest"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0),        "ENGINE_get_next"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT),    "ENGINE_get_next"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0),        "ENGINE_get_prev"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV),    "ENGINE_get_prev"},
-{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0),    "ENGINE_init"},
+{ERR_FUNC(ENGINE_F_ENGINE_INIT),        "ENGINE_init"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),        "ENGINE_LIST_ADD"},
+{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD),    "ENGINE_LIST_ADD"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),     "ENGINE_LIST_REMOVE"},
+{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0),        "ENGINE_load_private_key"},
+{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY),    "ENGINE_load_private_key"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"},
+{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY),     "ENGINE_load_public_key"},
-{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0),     "ENGINE_MODULE_INIT"},
+{ERR_FUNC(ENGINE_F_ENGINE_MODULE_INIT), "ENGINE_MODULE_INIT"},
-{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0),     "ENGINE_new"},
+{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
-{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0),  "ENGINE_remove"},
+{ERR_FUNC(ENGINE_F_ENGINE_REMOVE),      "ENGINE_remove"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0),      "ENGINE_set_default_string"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),  "ENGINE_set_default_string"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),        "ENGINE_SET_DEFAULT_TYPE"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE),    "ENGINE_SET_DEFAULT_TYPE"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0),  "ENGINE_set_id"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_ID),      "ENGINE_set_id"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),        "ENGINE_set_name"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME),    "ENGINE_set_name"},
-{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0),  "ENGINE_TABLE_REGISTER"},
+{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER),      "ENGINE_TABLE_REGISTER"},
-{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),      "ENGINE_UNLOAD_KEY"},
+{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY),  "ENGINE_UNLOAD_KEY"},
-{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0),  "ENGINE_up_ref"},
+{ERR_FUNC(ENGINE_F_ENGINE_UP_REF),      "ENGINE_up_ref"},
-{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0),        "INT_CTRL_HELPER"},
+{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER),    "INT_CTRL_HELPER"},
-{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0),   "INT_ENGINE_CONFIGURE"},
+{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE),       "INT_ENGINE_CONFIGURE"},
-{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),    "LOG_MESSAGE"},
+{ERR_FUNC(ENGINE_F_LOG_MESSAGE),        "LOG_MESSAGE"},
-{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0),   "SET_DATA_CTX"},
+{ERR_FUNC(ENGINE_F_SET_DATA_CTX),       "SET_DATA_CTX"},
 {0,NULL}
        };
 static ERR_STRING_DATA ENGINE_str_reasons[]=
        {
-{ENGINE_R_ALREADY_LOADED                 ,"already loaded"},
+{ERR_REASON(ENGINE_R_ALREADY_LOADED)     ,"already loaded"},
-{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER       ,"argument is not a number"},
+{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
-{ENGINE_R_CMD_NOT_EXECUTABLE             ,"cmd not executable"},
+{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
-{ENGINE_R_COMMAND_TAKES_INPUT            ,"command takes input"},
+{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
-{ENGINE_R_COMMAND_TAKES_NO_INPUT         ,"command takes no input"},
+{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
-{ENGINE_R_CONFLICTING_ENGINE_ID          ,"conflicting engine id"},
+{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
-{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ENGINE_R_DH_NOT_IMPLEMENTED             ,"dh not implemented"},
+{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
-{ENGINE_R_DSA_NOT_IMPLEMENTED            ,"dsa not implemented"},
+{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
-{ENGINE_R_DSO_FAILURE                    ,"DSO failure"},
+{ERR_REASON(ENGINE_R_DSO_FAILURE)        ,"DSO failure"},
-{ENGINE_R_DSO_NOT_FOUND                  ,"dso not found"},
+{ERR_REASON(ENGINE_R_DSO_NOT_FOUND)      ,"dso not found"},
-{ENGINE_R_ENGINES_SECTION_ERROR          ,"engines section error"},
+{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
-{ENGINE_R_ENGINE_IS_NOT_IN_LIST          ,"engine is not in the list"},
+{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
-{ENGINE_R_ENGINE_SECTION_ERROR           ,"engine section error"},
+{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
-{ENGINE_R_FAILED_LOADING_PRIVATE_KEY     ,"failed loading private key"},
+{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
-{ENGINE_R_FAILED_LOADING_PUBLIC_KEY      ,"failed loading public key"},
+{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
-{ENGINE_R_FINISH_FAILED                  ,"finish failed"},
+{ERR_REASON(ENGINE_R_FINISH_FAILED)      ,"finish failed"},
-{ENGINE_R_GET_HANDLE_FAILED              ,"could not obtain hardware handle"},
+{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED)  ,"could not obtain hardware handle"},
-{ENGINE_R_ID_OR_NAME_MISSING             ,"'id' or 'name' missing"},
+{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
-{ENGINE_R_INIT_FAILED                    ,"init failed"},
+{ERR_REASON(ENGINE_R_INIT_FAILED)        ,"init failed"},
-{ENGINE_R_INTERNAL_LIST_ERROR            ,"internal list error"},
+{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
-{ENGINE_R_INVALID_ARGUMENT               ,"invalid argument"},
+{ERR_REASON(ENGINE_R_INVALID_ARGUMENT)   ,"invalid argument"},
-{ENGINE_R_INVALID_CMD_NAME               ,"invalid cmd name"},
+{ERR_REASON(ENGINE_R_INVALID_CMD_NAME)   ,"invalid cmd name"},
-{ENGINE_R_INVALID_CMD_NUMBER             ,"invalid cmd number"},
+{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
-{ENGINE_R_INVALID_INIT_VALUE             ,"invalid init value"},
+{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
-{ENGINE_R_INVALID_STRING                 ,"invalid string"},
+{ERR_REASON(ENGINE_R_INVALID_STRING)     ,"invalid string"},
-{ENGINE_R_NOT_INITIALISED                ,"not initialised"},
+{ERR_REASON(ENGINE_R_NOT_INITIALISED)    ,"not initialised"},
-{ENGINE_R_NOT_LOADED                     ,"not loaded"},
+{ERR_REASON(ENGINE_R_NOT_LOADED)         ,"not loaded"},
-{ENGINE_R_NO_CONTROL_FUNCTION            ,"no control function"},
+{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
-{ENGINE_R_NO_INDEX                       ,"no index"},
+{ERR_REASON(ENGINE_R_NO_INDEX)           ,"no index"},
-{ENGINE_R_NO_LOAD_FUNCTION               ,"no load function"},
+{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION)   ,"no load function"},
-{ENGINE_R_NO_REFERENCE                   ,"no reference"},
+{ERR_REASON(ENGINE_R_NO_REFERENCE)       ,"no reference"},
-{ENGINE_R_NO_SUCH_ENGINE                 ,"no such engine"},
+{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE)     ,"no such engine"},
-{ENGINE_R_NO_UNLOAD_FUNCTION             ,"no unload function"},
+{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
-{ENGINE_R_PROVIDE_PARAMETERS             ,"provide parameters"},
+{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
-{ENGINE_R_RSA_NOT_IMPLEMENTED            ,"rsa not implemented"},
+{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
-{ENGINE_R_UNIMPLEMENTED_CIPHER           ,"unimplemented cipher"},
+{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
-{ENGINE_R_UNIMPLEMENTED_DIGEST           ,"unimplemented digest"},
+{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
-{ENGINE_R_VERSION_INCOMPATIBILITY        ,"version incompatibility"},
+{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
 {0,NULL}
        };
@@ -158,8 +162,8 @@ void ERR_load_ENGINE_strings(void)
                {
                init=0;
 #ifndef OPENSSL_NO_ERR
-                ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
+                ERR_load_strings(0,ENGINE_str_functs);
-                ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
+                ERR_load_strings(0,ENGINE_str_reasons);
 #endif
                }
diff --git a/src/lib/libcrypto/engine/hw_aep.c b/src/lib/libcrypto/engine/hw_aep.c
index 8b8380a582..5f1772ea99 100644
--- a/src/lib/libcrypto/engine/hw_aep.c
+++ b/src/lib/libcrypto/engine/hw_aep.c
@@ -474,6 +474,7 @@ static int aep_init(ENGINE *e)
        if(aep_dso)
                DSO_free(aep_dso);
+        aep_dso = NULL;
                
        p_AEP_OpenConnection    = NULL;
        p_AEP_ModExp            = NULL;
diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c
index e9eff9fad1..2b8342bbdd 100644
--- a/src/lib/libcrypto/engine/hw_atalla.c
+++ b/src/lib/libcrypto/engine/hw_atalla.c
@@ -375,6 +375,7 @@ static int atalla_init(ENGINE *e)
 err:
        if(atalla_dso)
                DSO_free(atalla_dso);
+        atalla_dso = NULL;
        p_Atalla_GetHardwareConfig = NULL;
        p_Atalla_RSAPrivateKeyOpFn = NULL;
        p_Atalla_GetPerformanceStatistics = NULL;
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
index f128ee5a68..1411fd8333 100644
--- a/src/lib/libcrypto/engine/hw_cswift.c
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -90,6 +90,7 @@ static int cswift_destroy(ENGINE *e);
 static int cswift_init(ENGINE *e);
 static int cswift_finish(ENGINE *e);
 static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
 /* BIGNUM stuff */
 static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -403,7 +404,10 @@ static int cswift_init(ENGINE *e)
        return 1;
 err:
        if(cswift_dso)
+        {
                DSO_free(cswift_dso);
+                cswift_dso = NULL;
+        }
        p_CSwift_AcquireAccContext = NULL;
        p_CSwift_AttachKeyParam = NULL;
        p_CSwift_SimpleRequest = NULL;
@@ -553,6 +557,29 @@ err:
        return to_return;
        }
+int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
+{
+        int mod;
+        int numbytes = BN_num_bytes(in);
+        mod = 0;
+        while( ((out->nbytes = (numbytes+mod)) % 32) )
+        {
+                mod++;
+        }
+        out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
+        if(!out->value)
+        {
+                return 0;
+        }
+        BN_bn2bin(in, &out->value[mod]);
+        if(mod)
+                memset(out->value, 0, mod);
+        return 1;
+}
 /* Un petit mod_exp chinois */
 static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                        const BIGNUM *q, const BIGNUM *dmp1,
@@ -562,15 +589,16 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        SW_LARGENUMBER arg, res;
        SW_PARAM sw_param;
        SW_CONTEXT_HANDLE hac;
-        BIGNUM *rsa_p = NULL;
-        BIGNUM *rsa_q = NULL;
-        BIGNUM *rsa_dmp1 = NULL;
-        BIGNUM *rsa_dmq1 = NULL;
-        BIGNUM *rsa_iqmp = NULL;
-        BIGNUM *argument = NULL;
        BIGNUM *result = NULL;
+        BIGNUM *argument = NULL;
        int to_return = 0; /* expect failure */
        int acquired = 0;
+        sw_param.up.crt.p.value = NULL;
+        sw_param.up.crt.q.value = NULL;
+        sw_param.up.crt.dmp1.value = NULL;
+        sw_param.up.crt.dmq1.value = NULL;
+        sw_param.up.crt.iqmp.value = NULL;
 
        if(!get_context(&hac))
                {
@@ -578,44 +606,55 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                goto err;
                }
        acquired = 1;
        /* Prepare the params */
-        BN_CTX_start(ctx);
+        argument = BN_new();
-        rsa_p = BN_CTX_get(ctx);
+        result = BN_new();
-        rsa_q = BN_CTX_get(ctx);
+        if(!result || !argument)
-        rsa_dmp1 = BN_CTX_get(ctx);
-        rsa_dmq1 = BN_CTX_get(ctx);
-        rsa_iqmp = BN_CTX_get(ctx);
-        argument = BN_CTX_get(ctx);
-        result = BN_CTX_get(ctx);
-        if(!result)
                {
                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
                goto err;
                }
-        if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
-                        !bn_wexpand(rsa_dmp1, dmp1->top) ||
-                        !bn_wexpand(rsa_dmq1, dmq1->top) ||
+        sw_param.type = SW_ALG_CRT;
-                        !bn_wexpand(rsa_iqmp, iqmp->top) ||
+        /************************************************************************/
-                        !bn_wexpand(argument, a->top) ||
+        /* 04/02/2003                                                           */
+        /* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
+        /* limitation of cswift with values not a multiple of 32                */
+        /************************************************************************/
+        if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        if(     !bn_wexpand(argument, a->top) ||
                        !bn_wexpand(result, p->top + q->top))
                {
                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
                goto err;
                }
-        sw_param.type = SW_ALG_CRT;
-        sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
-        sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
-        sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
-        sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
-        sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
-                (unsigned char *)rsa_dmp1->d);
-        sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
-        sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
-                (unsigned char *)rsa_dmq1->d);
-        sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
-        sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
-                (unsigned char *)rsa_iqmp->d);
-        sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
        /* Attach the key params */
        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
        switch(sw_status)
@@ -654,9 +693,22 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
        to_return = 1;
 err:
+        if(sw_param.up.crt.p.value)
+                OPENSSL_free(sw_param.up.crt.p.value);
+        if(sw_param.up.crt.q.value)
+                OPENSSL_free(sw_param.up.crt.q.value);
+        if(sw_param.up.crt.dmp1.value)
+                OPENSSL_free(sw_param.up.crt.dmp1.value);
+        if(sw_param.up.crt.dmq1.value)
+                OPENSSL_free(sw_param.up.crt.dmq1.value);
+        if(sw_param.up.crt.iqmp.value)
+                OPENSSL_free(sw_param.up.crt.iqmp.value);
+        if(result)
+                BN_free(result);
+        if(argument)
+                BN_free(argument);
        if(acquired)
                release_context(hac);
-        BN_CTX_end(ctx);
        return to_return;
        }
 
@@ -665,6 +717,27 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
        {
        BN_CTX *ctx;
        int to_return = 0;
+        const RSA_METHOD * def_rsa_method;
+        /* Try the limits of RSA (2048 bits) */
+        if(BN_num_bytes(rsa->p) > 128 ||
+                BN_num_bytes(rsa->q) > 128 ||
+                BN_num_bytes(rsa->dmp1) > 128 ||
+                BN_num_bytes(rsa->dmq1) > 128 ||
+                BN_num_bytes(rsa->iqmp) > 128)
+        {
+#ifdef RSA_NULL
+                def_rsa_method=RSA_null_method();
+#else
+#if 0
+                def_rsa_method=RSA_PKCS1_RSAref();
+#else
+                def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+                if(def_rsa_method)
+                        return def_rsa_method->rsa_mod_exp(r0, I, rsa);
+        }
        if((ctx = BN_CTX_new()) == NULL)
                goto err;
@@ -686,6 +759,26 @@ err:
 static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
        {
+        const RSA_METHOD * def_rsa_method;
+        /* Try the limits of RSA (2048 bits) */
+        if(BN_num_bytes(r) > 256 ||
+                BN_num_bytes(a) > 256 ||
+                BN_num_bytes(m) > 256)
+        {
+#ifdef RSA_NULL
+                def_rsa_method=RSA_null_method();
+#else
+#if 0
+                def_rsa_method=RSA_PKCS1_RSAref();
+#else
+                def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+                if(def_rsa_method)
+                        return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+        }
        return cswift_mod_exp(r, a, p, m, ctx);
        }
@@ -930,9 +1023,10 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
        SW_CONTEXT_HANDLE hac;
        SW_STATUS swrc;
        SW_LARGENUMBER largenum;
-        size_t nbytes = 0;
        int acquired = 0;
        int to_return = 0; /* assume failure */
+        unsigned char buf32[1024];
        if (!get_context(&hac))
        {
@@ -941,17 +1035,19 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
        }
        acquired = 1;
-        while (nbytes < (size_t)num)
+        /************************************************************************/
+        /* 04/02/2003                                                           */
+        /* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
+        /* limitation of cswift with values not a multiple of 32                */
+        /************************************************************************/
+        while(num >= sizeof(buf32))
        {
+                largenum.value = buf;
+                largenum.nbytes = sizeof(buf32);
                /* tell CryptoSwift how many bytes we want and where we want it.
                 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
                 *       - CryptoSwift can only do multiple of 32-bits. */
-                largenum.value = (SW_BYTE *) buf + nbytes;
-                if (4096 > num - nbytes)
-                        largenum.nbytes = num - nbytes;
-                else
-                        largenum.nbytes = 4096;
                swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
                if (swrc != SW_OK)
                {
@@ -961,14 +1057,30 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
                        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
                        goto err;
                }
+                buf += sizeof(buf32);
-                nbytes += largenum.nbytes;
+                num -= sizeof(buf32);
+        }
+        if(num)
+        {
+                largenum.nbytes = sizeof(buf32);
+                largenum.value = buf32;
+                swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+                if (swrc != SW_OK)
+                {
+                        char tmpbuf[20];
+                        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+                        sprintf(tmpbuf, "%ld", swrc);
+                        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+                        goto err;
+                }
+                memcpy(buf, largenum.value, num);
        }
-        to_return = 1;  /* success */
+        to_return = 1;  /* success */
 err:
        if (acquired)
                release_context(hac);
        return to_return;
 }
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
index 5234a08a07..8fb834af31 100644
--- a/src/lib/libcrypto/engine/hw_ubsec.c
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -454,6 +454,7 @@ static int ubsec_init(ENGINE *e)
 err:
        if(ubsec_dso)
                DSO_free(ubsec_dso);
+        ubsec_dso = NULL;
        p_UBSEC_ubsec_bytes_to_bits = NULL;
        p_UBSEC_ubsec_bits_to_bytes = NULL;
        p_UBSEC_ubsec_open = NULL;
diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c
index 80170591f2..7efe181927 100644
--- a/src/lib/libcrypto/engine/tb_dsa.c
+++ b/src/lib/libcrypto/engine/tb_dsa.c
@@ -94,7 +94,7 @@ int ENGINE_set_default_DSA(ENGINE *e)
        {
        if(e->dsa_meth)
                return engine_table_register(&dsa_table,
-                                engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+                                engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
        return 1;
        }