There is a problem with the cswift engine:
- in cswift_mod_exp_crt, it expects the length of "dmp1" and "dmq1" to be a multiple of 32, which is not always the case, the patch complements the datas with '\0' until the length is a multiple of 32.
- in cswift_rand_bytes, it expects "num" to be a multiple of 32, which is not always the case, the patch make sure le length passed to p_CSwift_SimpleRequest is always a multiple of 32, by optionnaly using an intermetiade buffer.
These problems have been notified to Rainbow, which has been able to reproduce the problem. The patch has been validated by their support service.
Regards, -- Fr�d�ric Giudicelli [EMAIL PROTECTED]
Tel : +33 (0)1 40 07 47 20 Fax : +33 (0)1 40 07 47 27 deny all - 5, rue Scribe - 75009 Paris - France www.deny-all.com
--- hw_cswift.c 2004-02-05 14:32:24.000000000 +0100
+++ openssl-0.9.7c/crypto/engine/hw_cswift.c 2004-02-05 13:55:44.000000000 +0100
@@ -90,6 +90,7 @@
static int cswift_init(ENGINE *e);
static int cswift_finish(ENGINE *e);
static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
/* BIGNUM stuff */
static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -553,6 +554,29 @@
return to_return;
}
+
+int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
+{
+ int mod;
+ int numbytes = BN_num_bytes(in);
+
+ mod = 0;
+ while( ((out->nbytes = (numbytes+mod)) % 32) )
+ {
+ mod++;
+ }
+ out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
+ if(!out->value)
+ {
+ return 0;
+ }
+ BN_bn2bin(in, &out->value[mod]);
+ if(mod)
+ memset(out->value, 0, mod);
+
+ return 1;
+}
+
/* Un petit mod_exp chinois */
static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
@@ -562,15 +586,16 @@
SW_LARGENUMBER arg, res;
SW_PARAM sw_param;
SW_CONTEXT_HANDLE hac;
- BIGNUM *rsa_p = NULL;
- BIGNUM *rsa_q = NULL;
- BIGNUM *rsa_dmp1 = NULL;
- BIGNUM *rsa_dmq1 = NULL;
- BIGNUM *rsa_iqmp = NULL;
- BIGNUM *argument = NULL;
- BIGNUM *result = NULL;
+ BIGNUM *result = NULL;
+ BIGNUM *argument = NULL;
int to_return = 0; /* expect failure */
int acquired = 0;
+
+ sw_param.up.crt.p.value = NULL;
+ sw_param.up.crt.q.value = NULL;
+ sw_param.up.crt.dmp1.value = NULL;
+ sw_param.up.crt.dmq1.value = NULL;
+ sw_param.up.crt.iqmp.value = NULL;
if(!get_context(&hac))
{
@@ -578,44 +603,55 @@
goto err;
}
acquired = 1;
+
/* Prepare the params */
- BN_CTX_start(ctx);
- rsa_p = BN_CTX_get(ctx);
- rsa_q = BN_CTX_get(ctx);
- rsa_dmp1 = BN_CTX_get(ctx);
- rsa_dmq1 = BN_CTX_get(ctx);
- rsa_iqmp = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if(!result)
+ argument = BN_new();
+ result = BN_new();
+ if(!result || !argument)
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
goto err;
- }
- if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
- !bn_wexpand(rsa_dmp1, dmp1->top) ||
- !bn_wexpand(rsa_dmq1, dmq1->top) ||
- !bn_wexpand(rsa_iqmp, iqmp->top) ||
- !bn_wexpand(argument, a->top) ||
- !bn_wexpand(result, p->top + q->top))
- {
+ }
+
+
+ sw_param.type = SW_ALG_CRT;
+ /************************************************************************/
+ /* 04/02/2003 */
+ /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
+ /* limitation of cswift with values not a multiple of 32 */
+ /************************************************************************/
+ if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
+ {
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
- }
- sw_param.type = SW_ALG_CRT;
- sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
- sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
- sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
- sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
- sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
- (unsigned char *)rsa_dmp1->d);
- sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
- sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
- (unsigned char *)rsa_dmq1->d);
- sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
- sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
- (unsigned char *)rsa_iqmp->d);
- sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
+ }
+ if( !bn_wexpand(argument, a->top) ||
+ !bn_wexpand(result, p->top + q->top))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
@@ -653,10 +689,23 @@
/* Convert the response */
BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
to_return = 1;
-err:
+err:
+ if(sw_param.up.crt.p.value)
+ OPENSSL_free(sw_param.up.crt.p.value);
+ if(sw_param.up.crt.q.value)
+ OPENSSL_free(sw_param.up.crt.q.value);
+ if(sw_param.up.crt.dmp1.value)
+ OPENSSL_free(sw_param.up.crt.dmp1.value);
+ if(sw_param.up.crt.dmq1.value)
+ OPENSSL_free(sw_param.up.crt.dmq1.value);
+ if(sw_param.up.crt.iqmp.value)
+ OPENSSL_free(sw_param.up.crt.iqmp.value);
+ if(result)
+ BN_free(result);
+ if(argument)
+ BN_free(argument);
if(acquired)
release_context(hac);
- BN_CTX_end(ctx);
return to_return;
}
@@ -706,6 +755,8 @@
DSA_SIG *to_return = NULL;
int acquired = 0;
+ sw_param.up.crt.dmp1.value = NULL;
+
if((ctx = BN_CTX_new()) == NULL)
goto err;
if(!get_context(&hac))
@@ -791,6 +842,8 @@
to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
err:
+ if(sw_param.up.crt.dmp1.value)
+ free(sw_param.up.crt.dmp1.value);
if(acquired)
release_context(hac);
if(ctx)
@@ -927,49 +980,69 @@
/* Random bytes are good */
static int cswift_rand_bytes(unsigned char *buf, int num)
{
- SW_CONTEXT_HANDLE hac;
- SW_STATUS swrc;
- SW_LARGENUMBER largenum;
- size_t nbytes = 0;
- int acquired = 0;
- int to_return = 0; /* assume failure */
-
- if (!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
-
- while (nbytes < (size_t)num)
- {
- /* tell CryptoSwift how many bytes we want and where we want it.
- * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
- * - CryptoSwift can only do multiple of 32-bits. */
- largenum.value = (SW_BYTE *) buf + nbytes;
- if (4096 > num - nbytes)
- largenum.nbytes = num - nbytes;
- else
- largenum.nbytes = 4096;
-
- swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
- if (swrc != SW_OK)
- {
- char tmpbuf[20];
- CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", swrc);
- ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
- goto err;
- }
-
- nbytes += largenum.nbytes;
- }
- to_return = 1; /* success */
-
-err:
- if (acquired)
- release_context(hac);
- return to_return;
+ SW_CONTEXT_HANDLE hac;
+ SW_STATUS swrc;
+ SW_LARGENUMBER largenum;
+ size_t nbytes = 0;
+ int acquired = 0;
+ int to_return = 0; /* assume failure */
+ unsigned char buf32[1024];
+
+
+ if (!get_context(&hac))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ acquired = 1;
+
+ /************************************************************************/
+ /* 04/02/2003 */
+ /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
+ /* limitation of cswift with values not a multiple of 32 */
+ /************************************************************************/
+
+ while(num >= sizeof(buf32))
+ {
+ largenum.value = buf;
+ largenum.nbytes = sizeof(buf32);
+ /* tell CryptoSwift how many bytes we want and where we want it.
+ * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
+ * - CryptoSwift can only do multiple of 32-bits. */
+ swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+ if (swrc != SW_OK)
+ {
+ char tmpbuf[20];
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", swrc);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ buf += sizeof(buf32);
+ num -= sizeof(buf32);
+ }
+ if(num)
+ {
+ largenum.nbytes = sizeof(buf32);
+ largenum.value = buf32;
+ swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+ if (swrc != SW_OK)
+ {
+ char tmpbuf[20];
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", swrc);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ memcpy(buf, largenum.value, num);
+ }
+
+ to_return = 1; /* success */
+err:
+ if (acquired)
+ release_context(hac);
+
+ return to_return;
}
static int cswift_rand_status(void)
