6494306 need single source for bignum code

--HG--
rename : usr/src/uts/sun4u/rsa/Makefile => deleted_files/usr/src/uts/sun4u/rsa/Makefile
rename : usr/src/uts/sun4u/rsa/mont_mulf.s => usr/src/common/bignum/sun4u/mont_mulf_kernel_v9.s
rename : usr/src/uts/intel/rsa/Makefile.32 => usr/src/uts/intel/bignum/Makefile.32
rename : usr/src/uts/intel/rsa/Makefile.64 => usr/src/uts/intel/bignum/Makefile.64

7 files changed, 122 insertions, 121 deletions

diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c
index 7124957347..d09d10f84c 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c
@@ -1862,7 +1862,6 @@ soft_build_private_key_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
 
 		/* Private Key Object Attributes */
 		switch (template[i].type) {
-
 		/* common key attributes */
 		case CKA_KEY_TYPE:
 			keytype = *((CK_KEY_TYPE*)template[i].pValue);
@@ -2248,30 +2247,28 @@ soft_build_private_key_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum,
 		if (isPrime && isSubprime && isBase && isValue) {
 			/*
 			 * The private value x must be less than subprime q.
-			 * Size for big_init is in (32-bit) words.
+			 * Size for big_init is in BIG_CHUNK_TYPE words.
 			 */
 #ifdef	__sparcv9
-			/* LINTED */
-			if (big_init(&x, ((int)value.big_value_len +
-			    (int)sizeof (uint32_t) - 1) /
-			    (int)sizeof (uint32_t)) != BIG_OK) {
+			if (big_init(&x,
+			    (int)CHARLEN2BIGNUMLEN(value.big_value_len))
+			    != BIG_OK) {
 #else	/* !__sparcv9 */
-			if (big_init(&x, (value.big_value_len +
-			    (int)sizeof (uint32_t) - 1) /
-			    (int)sizeof (uint32_t)) != BIG_OK) {
+			if (big_init(&x,
+			    CHARLEN2BIGNUMLEN(value.big_value_len))
+			    != BIG_OK) {
 #endif	/* __sparcv9 */
 				rv = CKR_HOST_MEMORY;
 				goto fail_cleanup;
 			}
 #ifdef	__sparcv9
-			/* LINTED */
-			if (big_init(&q, ((int)subprime.big_value_len +
-			    (int)sizeof (uint32_t) - 1) /
-			    (int)sizeof (uint32_t)) != BIG_OK) {
+			if (big_init(&q,
+			    (int)CHARLEN2BIGNUMLEN(subprime.big_value_len))
+			    != BIG_OK) {
 #else	/* !__sparcv9 */
-			if (big_init(&q, (subprime.big_value_len +
-			    (int)sizeof (uint32_t) - 1) /
-			    (int)sizeof (uint32_t)) != BIG_OK) {
+			if (big_init(&q,
+			    CHARLEN2BIGNUMLEN(subprime.big_value_len))
+			    != BIG_OK) {
 #endif	/* __sparcv9 */
 				rv = CKR_HOST_MEMORY;
 				goto fail_cleanup;
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c
index fb373d77b2..1143ee8f73 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDH.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -62,12 +61,13 @@ soft_genDHkey_set_attribute(soft_object_t *key, BIGNUM *bn,
 	 * whose size is multiple of 4, prime_len is rounded up to be
 	 * multiple of 4.
 	 */
-	if ((buf = malloc((prime_len + 3) & ~3)) == NULL) {
+	if ((buf = malloc((prime_len + sizeof (BIG_CHUNK_TYPE) - 1) &
+	    ~(sizeof (BIG_CHUNK_TYPE) - 1))) == NULL) {
 		rv = CKR_HOST_MEMORY;
 		goto cleanexit;
 	}
 
-	buflen = bn->len * (int)sizeof (uint32_t);
+	buflen = bn->len * (int)sizeof (BIG_CHUNK_TYPE);
 	bignum2bytestring(buf, bn, buflen);
 
 	switch (type) {
@@ -125,14 +125,15 @@ soft_dh_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey)
 	BIGNUM		bnpubval;
 	CK_ATTRIBUTE 	template;
 
-
 	if ((pubkey->class != CKO_PUBLIC_KEY) ||
-	    (pubkey->key_type != CKK_DH))
+	    (pubkey->key_type != CKK_DH)) {
 		return (CKR_KEY_TYPE_INCONSISTENT);
+	}
 
 	if ((prikey->class != CKO_PRIVATE_KEY) ||
-	    (prikey->key_type != CKK_DH))
+	    (prikey->key_type != CKK_DH)) {
 		return (CKR_KEY_TYPE_INCONSISTENT);
+	}
 
 	/*
 	 * The input to the first phase shall be the Diffie-Hellman
@@ -150,7 +151,8 @@ soft_dh_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey)
 		goto ret0;
 	}
 
-	if ((brv = big_init(&bnprime, (prime_len + 3)/4)) != BIG_OK) {
+	if ((brv = big_init(&bnprime, CHARLEN2BIGNUMLEN(prime_len))) !=
+	    BIG_OK) {
 		rv = convert_rv(brv);
 		goto ret0;
 	}
@@ -164,7 +166,7 @@ soft_dh_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey)
 		goto ret1;
 	}
 
-	if ((brv = big_init(&bnbase, (base_len + 3)/4)) != BIG_OK) {
+	if ((brv = big_init(&bnbase, CHARLEN2BIGNUMLEN(base_len))) != BIG_OK) {
 		rv = convert_rv(brv);
 		goto ret1;
 	}
@@ -214,12 +216,14 @@ soft_dh_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey)
 	}
 
 	/* Generate DH key pair private and public values. */
-	if ((brv = big_init(&bnprival, (prime_len + 3)/4)) != BIG_OK) {
+	if ((brv = big_init(&bnprival, CHARLEN2BIGNUMLEN(prime_len)))
+	    != BIG_OK) {
 		rv = convert_rv(brv);
 		goto ret3;
 	}
 
-	if ((brv = big_init(&bnpubval, (prime_len + 3)/4)) != BIG_OK) {
+	if ((brv = big_init(&bnpubval, CHARLEN2BIGNUMLEN(prime_len)))
+	    != BIG_OK) {
 		rv = convert_rv(brv);
 		goto ret4;
 	}
@@ -310,7 +314,6 @@ soft_dh_key_derive(soft_object_t *basekey, soft_object_t *secretkey,
 	BIGNUM		bnprivate;
 	BIGNUM		bnsecret;
 
-
 	rv = soft_get_private_attr(basekey, CKA_VALUE, privatevalue,
 	    &privatevaluelen);
 	if (rv != CKR_OK) {
@@ -323,14 +326,16 @@ soft_dh_key_derive(soft_object_t *basekey, soft_object_t *secretkey,
 		goto ret0;
 	}
 
-	if ((brv = big_init(&bnprime, (privateprimelen + 3)/4)) != BIG_OK) {
+	if ((brv = big_init(&bnprime, CHARLEN2BIGNUMLEN(privateprimelen))) !=
+	    BIG_OK) {
 		rv = convert_rv(brv);
 		goto ret0;
 	}
 
 	bytestring2bignum(&bnprime, privateprime, privateprimelen);
 
-	if ((brv = big_init(&bnprivate, (privatevaluelen + 3)/4)) != BIG_OK) {
+	if ((brv = big_init(&bnprivate, CHARLEN2BIGNUMLEN(privatevaluelen))) !=
+	    BIG_OK) {
 		rv = convert_rv(brv);
 		goto ret1;
 	}
@@ -338,11 +343,11 @@ soft_dh_key_derive(soft_object_t *basekey, soft_object_t *secretkey,
 	bytestring2bignum(&bnprivate, privatevalue, privatevaluelen);
 
 #ifdef	__sparcv9
-	/* LINTED */
-	if ((brv = big_init(&bnpublic, (int)(publicvaluelen + 3)/4)) !=
-	    BIG_OK) {
+	if ((brv = big_init(&bnpublic,
+	    (int)CHARLEN2BIGNUMLEN(publicvaluelen))) != BIG_OK) {
 #else	/* !__sparcv9 */
-	if ((brv = big_init(&bnpublic, (publicvaluelen + 3)/4)) != BIG_OK) {
+	if ((brv = big_init(&bnpublic,
+	    CHARLEN2BIGNUMLEN(publicvaluelen))) != BIG_OK) {
 #endif	/* __sparcv9 */
 		rv = convert_rv(brv);
 		goto ret2;
@@ -350,7 +355,8 @@ soft_dh_key_derive(soft_object_t *basekey, soft_object_t *secretkey,
 
 	bytestring2bignum(&bnpublic, (uchar_t *)publicvalue, publicvaluelen);
 
-	if ((brv = big_init(&bnsecret, (privateprimelen + 3)/4)) != BIG_OK) {
+	if ((brv = big_init(&bnsecret,
+	    CHARLEN2BIGNUMLEN(privateprimelen))) != BIG_OK) {
 		rv = convert_rv(brv);
 		goto ret3;
 	}
@@ -361,13 +367,14 @@ soft_dh_key_derive(soft_object_t *basekey, soft_object_t *secretkey,
 		goto ret4;
 	}
 
-	if ((buf = malloc((privateprimelen + 3) & ~3)) == NULL) {
+	if ((buf = malloc((privateprimelen + sizeof (BIG_CHUNK_TYPE) - 1) &
+	    ~(sizeof (BIG_CHUNK_TYPE) - 1))) == NULL) {
 		rv = CKR_HOST_MEMORY;
 		goto ret4;
 	}
 
 	value = buf;
-	valuelen = bnsecret.len * (int)sizeof (uint32_t);
+	valuelen = bnsecret.len * (int)sizeof (BIG_CHUNK_TYPE);
 	bignum2bytestring(value, &bnsecret, valuelen);
 
 	switch (secretkey->key_type) {
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c
index a682abeec3..2c652e820e 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -115,31 +115,34 @@ soft_dsa_sign_verify_init_common(soft_session_t *session_p,
 	return (CKR_OK);
 }
 
+
+/* size is in bits */
 BIG_ERR_CODE
 DSA_key_init(DSAkey *key, int size)
 {
 	BIG_ERR_CODE err;
-	int len;
+	int len, len160;
 
-	len = size / 32;
+	len = BITLEN2BIGNUMLEN(size);
+	len160 = BIG_CHUNKS_FOR_160BITS;
 	key->size = size;
-	if ((err = big_init1(&(key->q), 5, NULL, 0)) != BIG_OK)
+	if ((err = big_init1(&(key->q), len160, NULL, 0)) != BIG_OK)
 		return (err);
 	if ((err = big_init1(&(key->p), len, NULL, 0)) != BIG_OK)
 		goto ret1;
 	if ((err = big_init1(&(key->g), len, NULL, 0)) != BIG_OK)
 		goto ret2;
-	if ((err = big_init1(&(key->x), 5, NULL, 0)) != BIG_OK)
+	if ((err = big_init1(&(key->x), len160, NULL, 0)) != BIG_OK)
 		goto ret3;
 	if ((err = big_init1(&(key->y), len, NULL, 0)) != BIG_OK)
 		goto ret4;
-	if ((err = big_init1(&(key->k), 5, NULL, 0)) != BIG_OK)
+	if ((err = big_init1(&(key->k), len160, NULL, 0)) != BIG_OK)
 		goto ret5;
-	if ((err = big_init1(&(key->r), 5, NULL, 0)) != BIG_OK)
+	if ((err = big_init1(&(key->r), len160, NULL, 0)) != BIG_OK)
 		goto ret6;
-	if ((err = big_init1(&(key->s), 5, NULL, 0)) != BIG_OK)
+	if ((err = big_init1(&(key->s), len160, NULL, 0)) != BIG_OK)
 		goto ret7;
-	if ((err = big_init1(&(key->v), 5, NULL, 0)) != BIG_OK)
+	if ((err = big_init1(&(key->v), len160, NULL, 0)) != BIG_OK)
 		goto ret8;
 
 	return (BIG_OK);
@@ -236,16 +239,17 @@ dsa_sign(soft_object_t *key, CK_BYTE_PTR in, CK_ULONG inlen, CK_BYTE_PTR out)
 		goto clean1;
 	}
 
-	if ((err = big_init(&msg, 5)) != BIG_OK) {
+	if ((err = big_init(&msg, BIG_CHUNKS_FOR_160BITS)) != BIG_OK) {
 		goto clean6;
 	}
-	if ((err = big_init(&tmp, plen / 4 + 11)) != BIG_OK) {
+	if ((err = big_init(&tmp, CHARLEN2BIGNUMLEN(plen) +
+	    2 * BIG_CHUNKS_FOR_160BITS + 1)) != BIG_OK) {
 		goto clean7;
 	}
-	if ((err = big_init(&tmp1, 11)) != BIG_OK) {
+	if ((err = big_init(&tmp1, 2 * BIG_CHUNKS_FOR_160BITS + 1)) != BIG_OK) {
 		goto clean8;
 	}
-	if ((err = big_init(&tmp2, 5)) != BIG_OK) {
+	if ((err = big_init(&tmp2, BIG_CHUNKS_FOR_160BITS)) != BIG_OK) {
 		goto clean9;
 	}
 
@@ -374,16 +378,16 @@ dsa_verify(soft_object_t *key, CK_BYTE_PTR data, CK_BYTE_PTR sig)
 	}
 
 	rv = CKR_HOST_MEMORY;
-	if (big_init(&msg, 5) != BIG_OK) {
+	if (big_init(&msg, BIG_CHUNKS_FOR_160BITS) != BIG_OK) {
 		goto clean6;
 	}
-	if (big_init(&tmp1, plen / 2) != BIG_OK) {
+	if (big_init(&tmp1, 2 * CHARLEN2BIGNUMLEN(plen)) != BIG_OK) {
 		goto clean7;
 	}
-	if (big_init(&tmp2, plen / 4) != BIG_OK) {
+	if (big_init(&tmp2, CHARLEN2BIGNUMLEN(plen)) != BIG_OK) {
 		goto clean8;
 	}
-	if (big_init(&tmp3, 10) != BIG_OK) {
+	if (big_init(&tmp3, 2 * BIG_CHUNKS_FOR_160BITS) != BIG_OK) {
 		goto clean9;
 	}
 
@@ -415,12 +419,10 @@ dsa_verify(soft_object_t *key, CK_BYTE_PTR data, CK_BYTE_PTR sig)
 	if (big_div_pos(NULL, &tmp2, &tmp2, &(dsakey.q)) != BIG_OK)
 		goto clean10;				/* tmp2 <- u_2 */
 
-	if (big_modexp(&tmp1, &(dsakey.g), &tmp1, &(dsakey.p), NULL) !=
-	    BIG_OK)
+	if (big_modexp(&tmp1, &(dsakey.g), &tmp1, &(dsakey.p), NULL) != BIG_OK)
 		goto clean10;
 
-	if (big_modexp(&tmp2, &(dsakey.y), &tmp2, &(dsakey.p), NULL) !=
-	    BIG_OK)
+	if (big_modexp(&tmp2, &(dsakey.y), &tmp2, &(dsakey.p), NULL) != BIG_OK)
 		goto clean10;
 
 	if (big_mul(&tmp1, &tmp1, &tmp2) != BIG_OK)
@@ -781,21 +783,24 @@ soft_dsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey)
 		goto cleanexit;
 	}
 
-	if ((brv = big_extend(&dsakey.p, (prime_len + 3) / 4)) != BIG_OK) {
+	if ((brv = big_extend(&dsakey.p,
+	    CHARLEN2BIGNUMLEN(prime_len))) != BIG_OK) {
 		rv = convert_rv(brv);
 		goto cleanexit;
 	}
 
 	bytestring2bignum(&dsakey.p, prime, prime_len);
 
-	if ((brv = big_extend(&dsakey.q, (subprime_len + 3) / 4)) != BIG_OK) {
+	if ((brv = big_extend(&dsakey.q, CHARLEN2BIGNUMLEN(subprime_len))) !=
+	    BIG_OK) {
 		rv = convert_rv(brv);
 		goto cleanexit;
 	}
 
 	bytestring2bignum(&dsakey.q, subprime, subprime_len);
 
-	if ((brv = big_extend(&dsakey.g, (base_len + 3) / 4)) != BIG_OK) {
+	if ((brv = big_extend(&dsakey.g, CHARLEN2BIGNUMLEN(base_len))) !=
+	    BIG_OK) {
 		rv = convert_rv(brv);
 		goto cleanexit;
 	}
@@ -811,14 +816,14 @@ soft_dsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey)
 		goto cleanexit;
 	}
 
-	pubvalue_len = dsakey.y.len * (int)sizeof (uint32_t);
+	pubvalue_len = prime_len;
 	if ((pubvalue = malloc(pubvalue_len)) == NULL) {
 		rv = CKR_HOST_MEMORY;
 		goto cleanexit;
 	}
 	bignum2bytestring(pubvalue, &dsakey.y, pubvalue_len);
 
-	privalue_len = dsakey.x.len * (int)sizeof (uint32_t);
+	privalue_len = DSA_SUBPRIME_BYTES;
 	if ((privalue = malloc(privalue_len)) == NULL) {
 		rv = CKR_HOST_MEMORY;
 		goto cleanexit;
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.h
index 8987a00820..1cee89bc95 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.h
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDSA.h
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -47,9 +46,6 @@ extern "C" {
 #define	DSA_SUBPRIME_BITS	160
 #define	DSA_SUBPRIME_BYTES	(DSA_SUBPRIME_BITS >> 3)
 
-/* defined in bignumimpl.c */
-extern	BIGNUM One, Two;
-
 typedef struct soft_dsa_ctx {
 	soft_object_t *key;
 } soft_dsa_ctx_t;
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c
index e34a0447d7..3568a99657 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -93,9 +92,8 @@ soft_rsa_encrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len,
 		goto clean4;
 	}
 
-	/* Size for big_init is in (32-bit) words. */
-	if (big_init(&msg, (in_len + (int)sizeof (uint32_t) - 1) /
-	    (int)sizeof (uint32_t)) != BIG_OK) {
+	/* Size for big_init is in BIG_CHUNK_TYPE words. */
+	if (big_init(&msg, CHARLEN2BIGNUMLEN(in_len)) != BIG_OK) {
 		rv = CKR_HOST_MEMORY;
 		goto clean5;
 	}
@@ -229,9 +227,8 @@ soft_rsa_decrypt(soft_object_t *key, CK_BYTE_PTR in, uint32_t in_len,
 		goto clean8;
 	}
 
-	/* Size for big_init is in (32-bit) words. */
-	if (big_init(&msg, (in_len + (int)sizeof (uint32_t) - 1) /
-	    (int)sizeof (uint32_t)) != BIG_OK) {
+	/* Size for big_init is in BIG_CHUNK_TYPE words. */
+	if (big_init(&msg, CHARLEN2BIGNUMLEN(in_len)) != BIG_OK) {
 		rv = CKR_HOST_MEMORY;
 		goto clean9;
 	}
@@ -856,10 +853,11 @@ soft_genRSAkey_set_attribute(soft_object_t *key, RSAkey *rsakey,
 	/*
 	 * Allocate the buffer used to store the value of key fields
 	 * for bignum2bytestring. Since bignum only deals with a buffer
-	 * whose size is multiple of 4, modulus_len is rounded up to be
-	 * multiple of 4.
+	 * whose size is multiple of sizeof (BIG_CHUNK_TYPE),
+	 * modulus_len is rounded up to be multiple of that.
 	 */
-	if ((buf1 = malloc((modulus_len + 3) & ~3)) == NULL) {
+	if ((buf1 = malloc((modulus_len + sizeof (BIG_CHUNK_TYPE) - 1) &
+	    ~(sizeof (BIG_CHUNK_TYPE) - 1))) == NULL) {
 		rv = CKR_HOST_MEMORY;
 		goto cleanexit;
 	}
@@ -870,7 +868,7 @@ soft_genRSAkey_set_attribute(soft_object_t *key, RSAkey *rsakey,
 
 	case CKA_MODULUS:
 
-		buflen = rsakey->n.len * (int)sizeof (uint32_t);
+		buflen = rsakey->n.len * (int)sizeof (BIG_CHUNK_TYPE);
 		bignum2bytestring(buf, &rsakey->n, buflen);
 		if (public)
 			dst = OBJ_PUB_RSA_MOD(key);
@@ -880,7 +878,7 @@ soft_genRSAkey_set_attribute(soft_object_t *key, RSAkey *rsakey,
 
 	case CKA_PUBLIC_EXPONENT:
 
-		buflen = rsakey->e.len * (int)sizeof (uint32_t);
+		buflen = rsakey->e.len * (int)sizeof (BIG_CHUNK_TYPE);
 		bignum2bytestring(buf, &rsakey->e, buflen);
 		if (public)
 			dst = OBJ_PUB_RSA_PUBEXPO(key);
@@ -890,42 +888,44 @@ soft_genRSAkey_set_attribute(soft_object_t *key, RSAkey *rsakey,
 
 	case CKA_PRIVATE_EXPONENT:
 
-		buflen = rsakey->d.len * (int)sizeof (uint32_t);
+		buflen = rsakey->d.len * (int)sizeof (BIG_CHUNK_TYPE);
 		bignum2bytestring(buf, &rsakey->d, buflen);
 		dst = OBJ_PRI_RSA_PRIEXPO(key);
 		break;
 
 	case CKA_PRIME_1:
 
-		buflen = rsakey->q.len * (int)sizeof (uint32_t);
+		buflen = rsakey->q.len * (int)sizeof (BIG_CHUNK_TYPE);
 		bignum2bytestring(buf, &rsakey->q, buflen);
 		dst = OBJ_PRI_RSA_PRIME1(key);
 		break;
 
 	case CKA_PRIME_2:
 
-		buflen = rsakey->p.len * (int)sizeof (uint32_t);
+		buflen = rsakey->p.len * (int)sizeof (BIG_CHUNK_TYPE);
 		bignum2bytestring(buf, &rsakey->p, buflen);
 		dst = OBJ_PRI_RSA_PRIME2(key);
 		break;
 
 	case CKA_EXPONENT_1:
 
-		buflen = rsakey->dmodqminus1.len * (int)sizeof (uint32_t);
+		buflen = rsakey->dmodqminus1.len *
+		    (int)sizeof (BIG_CHUNK_TYPE);
 		bignum2bytestring(buf, &rsakey->dmodqminus1, buflen);
 		dst = OBJ_PRI_RSA_EXPO1(key);
 		break;
 
 	case CKA_EXPONENT_2:
 
-		buflen = rsakey->dmodpminus1.len * (int)sizeof (uint32_t);
+		buflen = rsakey->dmodpminus1.len *
+		    (int)sizeof (BIG_CHUNK_TYPE);
 		bignum2bytestring(buf, &rsakey->dmodpminus1, buflen);
 		dst = OBJ_PRI_RSA_EXPO2(key);
 		break;
 
 	case CKA_COEFFICIENT:
 
-		buflen = rsakey->pinvmodq.len * (int)sizeof (uint32_t);
+		buflen = rsakey->pinvmodq.len * (int)sizeof (BIG_CHUNK_TYPE);
 		bignum2bytestring(buf, &rsakey->pinvmodq, buflen);
 		dst = OBJ_PRI_RSA_COEF(key);
 		break;
@@ -967,7 +967,7 @@ generate_rsa_key(RSAkey *key, int psize, int qsize, BIGNUM * pubexp,
 	BIG_ERR_CODE	brv = BIG_OK;
 
 	size = psize + qsize;
-	keylen = (size + 31) / 32;
+	keylen = BITLEN2BIGNUMLEN(size);
 	len = keylen * 2 + 1;
 	key->size = size;
 
@@ -1007,11 +1007,11 @@ nextp:
 	if ((brv = big_nextprime_pos(&b, &a)) != BIG_OK) {
 		goto ret;
 	}
-	(void) big_sub_pos(&a, &b, &One);
+	(void) big_sub_pos(&a, &b, &big_One);
 	if ((brv = big_ext_gcd_pos(&f, &d, &g, pubexp, &a)) != BIG_OK) {
 		goto ret;
 	}
-	if (big_cmp_abs(&f, &One) != 0) {
+	if (big_cmp_abs(&f, &big_One) != 0) {
 		goto nextp;
 	}
 
@@ -1020,7 +1020,7 @@ nextp:
 	}
 
 nextq:
-	(void) big_add(&a, &c, &Two);
+	(void) big_add(&a, &c, &big_Two);
 
 	if (big_bitlength(&a) != qsize) {
 		goto nextp;
@@ -1038,8 +1038,8 @@ nextq:
 		goto nextp;
 	}
 
-	(void) big_sub_pos(&a, &b, &One);
-	(void) big_sub_pos(&d, &c, &One);
+	(void) big_sub_pos(&a, &b, &big_One);
+	(void) big_sub_pos(&d, &c, &big_One);
 
 	if ((brv = big_mul(&a, &a, &d)) != BIG_OK) {
 		goto ret;
@@ -1047,7 +1047,7 @@ nextq:
 	if ((brv = big_ext_gcd_pos(&f, &d, &h, pubexp, &a)) != BIG_OK) {
 		goto ret;
 	}
-	if (big_cmp_abs(&f, &One) != 0) {
+	if (big_cmp_abs(&f, &big_One) != 0) {
 		goto nextq;
 	} else {
 		(void) big_copy(&e, pubexp);
@@ -1073,12 +1073,12 @@ nextq:
 	}
 	(void) big_copy(&(key->pinvmodq), &f);
 
-	(void) big_sub(&a, &b, &One);
+	(void) big_sub(&a, &b, &big_One);
 	if ((brv = big_div_pos(&a, &f, &d, &a)) != BIG_OK) {
 		goto ret;
 	}
 	(void) big_copy(&(key->dmodpminus1), &f);
-	(void) big_sub(&a, &c, &One);
+	(void) big_sub(&a, &c, &big_One);
 	if ((brv = big_div_pos(&a, &f, &d, &a)) != BIG_OK) {
 		goto ret;
 	}
@@ -1178,7 +1178,8 @@ soft_rsa_genkey_pair(soft_object_t *pubkey, soft_object_t *prikey)
 	}
 
 	/* Create a public exponent in bignum format. */
-	if (big_init(&public_exponent, (modulus_len + 3)/4) != BIG_OK) {
+	if (big_init(&public_exponent, CHARLEN2BIGNUMLEN(modulus_len)) !=
+	    BIG_OK) {
 		rv = CKR_HOST_MEMORY;
 		goto clean0;
 	}
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.h
index 4abe92e816..ffc86f4370 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.h
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRSA.h
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -41,9 +40,6 @@ extern "C" {
 #include "rsa_impl.h"
 
 
-/* defined in bignumimpl.c */
-extern	BIGNUM One, Two;
-
 typedef struct soft_rsa_ctx {
 	soft_object_t *key;
 } soft_rsa_ctx_t;
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRandUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRandUtil.c
index e7f308dd65..1923abac96 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRandUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softRandUtil.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -164,7 +163,7 @@ soft_nzero_random_generator(CK_BYTE *ran_out, CK_ULONG ran_len)
 
 
 /*
- * Generate random number in BIGNUM format.
+ * Generate random number in BIGNUM format. length is in bits
  */
 BIG_ERR_CODE
 random_bignum(BIGNUM *r, int length, boolean_t token_obj)
@@ -173,10 +172,10 @@ random_bignum(BIGNUM *r, int length, boolean_t token_obj)
 	CK_RV rv = CKR_OK;
 
 	/* Convert length of bits to length of word to hold valid data. */
-	r->len = (length-1) / 32 + 1;
+	r->len = (length-1) / BIG_CHUNK_SIZE + 1;
 
 	/* len1 is the byte count. */
-	len1 = r->len * sizeof (uint32_t);
+	len1 = r->len * sizeof (BIG_CHUNK_TYPE);
 
 	/* Generate len1 bytes of data and store in memory pointed by value. */
 	rv = soft_random_generator((CK_BYTE *)(r->value), len1, token_obj);
@@ -185,16 +184,16 @@ random_bignum(BIGNUM *r, int length, boolean_t token_obj)
 		return (convert_brv(rv));
 	}
 
-	/* Turn on the sign bit of big number which is the MSB in last word. */
-	r->value[r->len - 1] |= 0x80000000;
+	r->value[r->len - 1] |= BIG_CHUNK_HIGHBIT;
 
 	/*
 	 * If the bit length is not on word boundary, shift the existing
 	 * bits in last word to right adjusted.
 	 */
-	if ((length % 32) != 0)
+	if ((length % BIG_CHUNK_SIZE) != 0)
 		r->value[r->len - 1] =
-		    r->value[r->len - 1] >> (32 - (length % 32));
+		    r->value[r->len - 1] >>
+		    (BIG_CHUNK_SIZE - (length % BIG_CHUNK_SIZE));
 	r->sign = 1;
 
 	return (BIG_OK);