src/racoon/prsa_par.y - platform/external/ipsec-tools - Git at Google

 /*	$NetBSD: prsa_par.y,v 1.4 2006/09/09 16:22:10 manu Exp $	*/

 /* Id: prsa_par.y,v 1.3 2004/11/08 12:04:23 ludvigm Exp */

 %{
 /*
  * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
  * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. Neither the name of the project nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */

 /* This file contains a parser for FreeS/WAN-style ipsec.secrets RSA keys. */

 #include "config.h"

 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
 #include <errno.h>
 #include <unistd.h>

 #ifdef HAVE_STDARG_H
 #include <stdarg.h>
 #else
 #include <varargs.h>
 #endif

 #include <netdb.h>
 #include <netinet/in.h>
 #include <sys/socket.h>
 #include <arpa/inet.h>
 #include <sys/types.h>

 #include <sys/stat.h>
 #include <unistd.h>

 #include <openssl/bn.h>
 #include <openssl/rsa.h>

 #include "misc.h"
 #include "vmbuf.h"
 #include "plog.h"
 #include "oakley.h"
 #include "isakmp_var.h"
 #include "handler.h"
 #include "crypto_openssl.h"
 #include "sockmisc.h"
 #include "rsalist.h"

 extern void prsaerror(const char *str, ...);
 extern int prsawrap (void);
 extern int prsalex (void);

 extern char *prsatext;
 extern int prsa_cur_lineno;
 extern char *prsa_cur_fname;
 extern FILE *prsain;

 int prsa_cur_lineno = 0;
 char *prsa_cur_fname = NULL;
 struct genlist *prsa_cur_list = NULL;
 enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY;

 static RSA *rsa_cur;

 void
 prsaerror(const char *s, ...)
 {
 	char fmt[512];

 	va_list ap;
 #ifdef HAVE_STDARG_H
 	va_start(ap, s);
 #else
 	va_start(ap);
 #endif
 	snprintf(fmt, sizeof(fmt), "%s:%d: %s",
 		prsa_cur_fname, prsa_cur_lineno, s);
 	plogv(LLV_ERROR, LOCATION, NULL, fmt, ap);
 	va_end(ap);
 }

 void
 prsawarning(const char *s, ...)
 {
 	char fmt[512];

 	va_list ap;
 #ifdef HAVE_STDARG_H
 	va_start(ap, s);
 #else
 	va_start(ap);
 #endif
 	snprintf(fmt, sizeof(fmt), "%s:%d: %s",
 		prsa_cur_fname, prsa_cur_lineno, s);
 	plogv(LLV_WARNING, LOCATION, NULL, fmt, ap);
 	va_end(ap);
 }

 int
 prsawrap()
 {
 	return 1;
 }
 %}
 %union {
 	BIGNUM *bn;
 	RSA *rsa;
 	char *chr;
 	long num;
 	struct netaddr *naddr;
 }

 %token COLON HEX
 %token OBRACE EBRACE COLON HEX
 %token TAG_RSA TAG_PUB TAG_PSK
 %token MODULUS PUBLIC_EXPONENT PRIVATE_EXPONENT
 %token PRIME1 PRIME2 EXPONENT1 EXPONENT2 COEFFICIENT
 %token ADDR4 ADDR6 ADDRANY SLASH NUMBER BASE64

 %type <bn>	HEX
 %type <num>	NUMBER
 %type <chr>	ADDR4 ADDR6 BASE64

 %type <rsa>	rsa_statement
 %type <num>	prefix
 %type <naddr>	addr4 addr6 addr

 %%
 statements:
 	statements statement
 	| statement
 	;

 statement:
 	addr addr COLON rsa_statement
 	{
 		rsa_key_insert(prsa_cur_list, $1, $2, $4);
 	}
 	| addr COLON rsa_statement
 	{
 		rsa_key_insert(prsa_cur_list, NULL, $1, $3);
 	}
 	| COLON rsa_statement
 	{
 		rsa_key_insert(prsa_cur_list, NULL, NULL, $2);
 	}
 	;

 rsa_statement:
 	TAG_RSA OBRACE params EBRACE
 	{
 		if (prsa_cur_type == RSA_TYPE_PUBLIC) {
 			prsawarning("Using private key for public key purpose.\n");
 			if (!rsa_cur->n || !rsa_cur->e) {
 				prsaerror("Incomplete key. Mandatory parameters are missing!\n");
 				YYABORT;
 			}
 		}
 		else {
 			if (!rsa_cur->n || !rsa_cur->e || !rsa_cur->d) {
 				prsaerror("Incomplete key. Mandatory parameters are missing!\n");
 				YYABORT;
 			}
 			if (!rsa_cur->p || !rsa_cur->q || !rsa_cur->dmp1
 			    || !rsa_cur->dmq1 || !rsa_cur->iqmp) {
 				if (rsa_cur->p) BN_clear_free(rsa_cur->p);
 				if (rsa_cur->q) BN_clear_free(rsa_cur->q);
 				if (rsa_cur->dmp1) BN_clear_free(rsa_cur->dmp1);
 				if (rsa_cur->dmq1) BN_clear_free(rsa_cur->dmq1);
 				if (rsa_cur->iqmp) BN_clear_free(rsa_cur->iqmp);

 				rsa_cur->p = NULL;
 				rsa_cur->q = NULL;
 				rsa_cur->dmp1 = NULL;
 				rsa_cur->dmq1 = NULL;
 				rsa_cur->iqmp = NULL;
 			}
 		}
 		$$ = rsa_cur;
 		rsa_cur = RSA_new();
 	}
 	| TAG_PUB BASE64
 	{
 		if (prsa_cur_type == RSA_TYPE_PRIVATE) {
 			prsaerror("Public key in private-key file!\n");
 			YYABORT;
 		}
 		$$ = base64_pubkey2rsa($2);
 	}
 	| TAG_PUB HEX
 	{
 		if (prsa_cur_type == RSA_TYPE_PRIVATE) {
 			prsaerror("Public key in private-key file!\n");
 			YYABORT;
 		}
 		$$ = bignum_pubkey2rsa($2);
 	}
 	;

 addr:
 	addr4
 	| addr6
 	| ADDRANY
 	{
 		$$ = NULL;
 	}
 	;

 addr4:
 	ADDR4 prefix
 	{
 		int err;
 		struct sockaddr_in *sap;

 		if ($2 == -1) $2 = 32;
 		if ($2 < 0 || $2 > 32) {
 			prsaerror ("Invalid IPv4 prefix\n");
 			YYABORT;
 		}
 		$$ = calloc (sizeof(struct netaddr), 1);
 		$$->prefix = $2;
 		sap = (struct sockaddr_in *)(&$$->sa);
 		sap->sin_family = AF_INET;
 		err = inet_pton(AF_INET, $1, (struct in_addr*)(&sap->sin_addr));
 		if (err <= 0) {
 			prsaerror("inet_pton(%s): %s\n", $1, strerror(errno));
 			YYABORT;
 		}
 	}
 	;

 addr6:
 	ADDR6 prefix
 	{
 		int err;
 		struct sockaddr_in6 *sap;

 		if ($2 == -1) $2 = 128;
 		if ($2 < 0 || $2 > 128) {
 			prsaerror ("Invalid IPv6 prefix\n");
 			YYABORT;
 		}
 		$$ = calloc (sizeof(struct netaddr), 1);
 		$$->prefix = $2;
 		sap = (struct sockaddr_in6 *)(&$$->sa);
 		sap->sin6_family = AF_INET6;
 		err = inet_pton(AF_INET6, $1, (struct in6_addr*)(&sap->sin6_addr));
 		if (err <= 0) {
 			prsaerror("inet_pton(%s): %s\n", $1, strerror(errno));
 			YYABORT;
 		}
 	}
 	;

 prefix:
 	/* nothing */ { $$ = -1; }
 	| SLASH NUMBER { $$ = $2; }
 	;
 params:
 	params param
 	| param
 	;

 param:
 	MODULUS COLON HEX
 	{ if (!rsa_cur->n) rsa_cur->n = $3; else { prsaerror ("Modulus already defined\n"); YYABORT; } }
 	| PUBLIC_EXPONENT COLON HEX
 	{ if (!rsa_cur->e) rsa_cur->e = $3; else { prsaerror ("PublicExponent already defined\n"); YYABORT; } }
 	| PRIVATE_EXPONENT COLON HEX
 	{ if (!rsa_cur->d) rsa_cur->d = $3; else { prsaerror ("PrivateExponent already defined\n"); YYABORT; } }
 	| PRIME1 COLON HEX
 	{ if (!rsa_cur->p) rsa_cur->p = $3; else { prsaerror ("Prime1 already defined\n"); YYABORT; } }
 	| PRIME2 COLON HEX
 	{ if (!rsa_cur->q) rsa_cur->q = $3; else { prsaerror ("Prime2 already defined\n"); YYABORT; } }
 	| EXPONENT1 COLON HEX
 	{ if (!rsa_cur->dmp1) rsa_cur->dmp1 = $3; else { prsaerror ("Exponent1 already defined\n"); YYABORT; } }
 	| EXPONENT2 COLON HEX
 	{ if (!rsa_cur->dmq1) rsa_cur->dmq1 = $3; else { prsaerror ("Exponent2 already defined\n"); YYABORT; } }
 	| COEFFICIENT COLON HEX
 	{ if (!rsa_cur->iqmp) rsa_cur->iqmp = $3; else { prsaerror ("Coefficient already defined\n"); YYABORT; } }
 	;
 %%

 int prsaparse(void);

 int
 prsa_parse_file(struct genlist *list, char *fname, enum rsa_key_type type)
 {
 	FILE *fp = NULL;
 	int ret;

 	if (!fname)
 		return -1;
 	if (type == RSA_TYPE_PRIVATE) {
 		struct stat st;
 		if (stat(fname, &st) < 0)
 			return -1;
 		if (st.st_mode & (S_IRWXG | S_IRWXO)) {
 			plog(LLV_ERROR, LOCATION, NULL,
 				"Too slack permissions on private key '%s'\n",
 				fname);
 			plog(LLV_ERROR, LOCATION, NULL,
 				"Should be at most 0600, now is 0%o\n",
 				st.st_mode & 0777);
 			return -1;
 		}
 	}
 	fp = fopen(fname, "r");
 	if (!fp)
 		return -1;
 	prsain = fp;
 	prsa_cur_lineno = 1;
 	prsa_cur_fname = fname;
 	prsa_cur_list = list;
 	prsa_cur_type = type;
 	rsa_cur = RSA_new();
 	ret = prsaparse();
 	if (rsa_cur) {
 		RSA_free(rsa_cur);
 		rsa_cur = NULL;
 	}
 	fclose (fp);
 	prsain = NULL;
 	return ret;
 }
	/* $NetBSD: prsa_par.y,v 1.4 2006/09/09 16:22:10 manu Exp $ */

	/* Id: prsa_par.y,v 1.3 2004/11/08 12:04:23 ludvigm Exp */

	%{
	/*
	* Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
	* Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
	* All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions
	* are met:
	* 1. Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	* 2. Redistributions in binary form must reproduce the above copyright
	* notice, this list of conditions and the following disclaimer in the
	* documentation and/or other materials provided with the distribution.
	* 3. Neither the name of the project nor the names of its contributors
	* may be used to endorse or promote products derived from this software
	* without specific prior written permission.
	*
	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	* SUCH DAMAGE.
	*/

	/* This file contains a parser for FreeS/WAN-style ipsec.secrets RSA keys. */

	#include "config.h"

	#include <stdio.h>
	#include <stdarg.h>
	#include <string.h>
	#include <errno.h>
	#include <unistd.h>

	#ifdef HAVE_STDARG_H
	#include <stdarg.h>
	#else
	#include <varargs.h>
	#endif

	#include <netdb.h>
	#include <netinet/in.h>
	#include <sys/socket.h>
	#include <arpa/inet.h>
	#include <sys/types.h>

	#include <sys/stat.h>
	#include <unistd.h>

	#include <openssl/bn.h>
	#include <openssl/rsa.h>

	#include "misc.h"
	#include "vmbuf.h"
	#include "plog.h"
	#include "oakley.h"
	#include "isakmp_var.h"
	#include "handler.h"
	#include "crypto_openssl.h"
	#include "sockmisc.h"
	#include "rsalist.h"

	extern void prsaerror(const char *str, ...);
	extern int prsawrap (void);
	extern int prsalex (void);

	extern char *prsatext;
	extern int prsa_cur_lineno;
	extern char *prsa_cur_fname;
	extern FILE *prsain;

	int prsa_cur_lineno = 0;
	char *prsa_cur_fname = NULL;
	struct genlist *prsa_cur_list = NULL;
	enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY;

	static RSA *rsa_cur;

	void
	prsaerror(const char *s, ...)
	{
	char fmt[512];

	va_list ap;
	#ifdef HAVE_STDARG_H
	va_start(ap, s);
	#else
	va_start(ap);
	#endif
	snprintf(fmt, sizeof(fmt), "%s:%d: %s",
	prsa_cur_fname, prsa_cur_lineno, s);
	plogv(LLV_ERROR, LOCATION, NULL, fmt, ap);
	va_end(ap);
	}

	void
	prsawarning(const char *s, ...)
	{
	char fmt[512];

	va_list ap;
	#ifdef HAVE_STDARG_H
	va_start(ap, s);
	#else
	va_start(ap);
	#endif
	snprintf(fmt, sizeof(fmt), "%s:%d: %s",
	prsa_cur_fname, prsa_cur_lineno, s);
	plogv(LLV_WARNING, LOCATION, NULL, fmt, ap);
	va_end(ap);
	}

	int
	prsawrap()
	{
	return 1;
	}
	%}
	%union {
	BIGNUM *bn;
	RSA *rsa;
	char *chr;
	long num;
	struct netaddr *naddr;
	}

	%token COLON HEX
	%token OBRACE EBRACE COLON HEX
	%token TAG_RSA TAG_PUB TAG_PSK
	%token MODULUS PUBLIC_EXPONENT PRIVATE_EXPONENT
	%token PRIME1 PRIME2 EXPONENT1 EXPONENT2 COEFFICIENT
	%token ADDR4 ADDR6 ADDRANY SLASH NUMBER BASE64

	%type <bn> HEX
	%type <num> NUMBER
	%type <chr> ADDR4 ADDR6 BASE64

	%type <rsa> rsa_statement
	%type <num> prefix
	%type <naddr> addr4 addr6 addr

	%%
	statements:
	statements statement
	\| statement
	;

	statement:
	addr addr COLON rsa_statement
	{
	rsa_key_insert(prsa_cur_list, $1, $2, $4);
	}
	\| addr COLON rsa_statement
	{
	rsa_key_insert(prsa_cur_list, NULL, $1, $3);
	}
	\| COLON rsa_statement
	{
	rsa_key_insert(prsa_cur_list, NULL, NULL, $2);
	}
	;

	rsa_statement:
	TAG_RSA OBRACE params EBRACE
	{
	if (prsa_cur_type == RSA_TYPE_PUBLIC) {
	prsawarning("Using private key for public key purpose.\n");
	if (!rsa_cur->n \|\| !rsa_cur->e) {
	prsaerror("Incomplete key. Mandatory parameters are missing!\n");
	YYABORT;
	}
	}
	else {
	if (!rsa_cur->n \|\| !rsa_cur->e \|\| !rsa_cur->d) {
	prsaerror("Incomplete key. Mandatory parameters are missing!\n");
	YYABORT;
	}
	if (!rsa_cur->p \|\| !rsa_cur->q \|\| !rsa_cur->dmp1
	\|\| !rsa_cur->dmq1 \|\| !rsa_cur->iqmp) {
	if (rsa_cur->p) BN_clear_free(rsa_cur->p);
	if (rsa_cur->q) BN_clear_free(rsa_cur->q);
	if (rsa_cur->dmp1) BN_clear_free(rsa_cur->dmp1);
	if (rsa_cur->dmq1) BN_clear_free(rsa_cur->dmq1);
	if (rsa_cur->iqmp) BN_clear_free(rsa_cur->iqmp);

	rsa_cur->p = NULL;
	rsa_cur->q = NULL;
	rsa_cur->dmp1 = NULL;
	rsa_cur->dmq1 = NULL;
	rsa_cur->iqmp = NULL;
	}
	}
	$$ = rsa_cur;
	rsa_cur = RSA_new();
	}
	\| TAG_PUB BASE64
	{
	if (prsa_cur_type == RSA_TYPE_PRIVATE) {
	prsaerror("Public key in private-key file!\n");
	YYABORT;
	}
	$$ = base64_pubkey2rsa($2);
	}
	\| TAG_PUB HEX
	{
	if (prsa_cur_type == RSA_TYPE_PRIVATE) {
	prsaerror("Public key in private-key file!\n");
	YYABORT;
	}
	$$ = bignum_pubkey2rsa($2);
	}
	;

	addr:
	addr4
	\| addr6
	\| ADDRANY
	{
	$$ = NULL;
	}
	;

	addr4:
	ADDR4 prefix
	{
	int err;
	struct sockaddr_in *sap;

	if ($2 == -1) $2 = 32;
	if ($2 < 0 \|\| $2 > 32) {
	prsaerror ("Invalid IPv4 prefix\n");
	YYABORT;
	}
	$$ = calloc (sizeof(struct netaddr), 1);
	$$->prefix = $2;
	sap = (struct sockaddr_in *)(&$$->sa);
	sap->sin_family = AF_INET;
	err = inet_pton(AF_INET, $1, (struct in_addr*)(&sap->sin_addr));
	if (err <= 0) {
	prsaerror("inet_pton(%s): %s\n", $1, strerror(errno));
	YYABORT;
	}
	}
	;

	addr6:
	ADDR6 prefix
	{
	int err;
	struct sockaddr_in6 *sap;

	if ($2 == -1) $2 = 128;
	if ($2 < 0 \|\| $2 > 128) {
	prsaerror ("Invalid IPv6 prefix\n");
	YYABORT;
	}
	$$ = calloc (sizeof(struct netaddr), 1);
	$$->prefix = $2;
	sap = (struct sockaddr_in6 *)(&$$->sa);
	sap->sin6_family = AF_INET6;
	err = inet_pton(AF_INET6, $1, (struct in6_addr*)(&sap->sin6_addr));
	if (err <= 0) {
	prsaerror("inet_pton(%s): %s\n", $1, strerror(errno));
	YYABORT;
	}
	}
	;

	prefix:
	/* nothing */ { $$ = -1; }
	\| SLASH NUMBER { $$ = $2; }
	;
	params:
	params param
	\| param
	;

	param:
	MODULUS COLON HEX
	{ if (!rsa_cur->n) rsa_cur->n = $3; else { prsaerror ("Modulus already defined\n"); YYABORT; } }
	\| PUBLIC_EXPONENT COLON HEX
	{ if (!rsa_cur->e) rsa_cur->e = $3; else { prsaerror ("PublicExponent already defined\n"); YYABORT; } }
	\| PRIVATE_EXPONENT COLON HEX
	{ if (!rsa_cur->d) rsa_cur->d = $3; else { prsaerror ("PrivateExponent already defined\n"); YYABORT; } }
	\| PRIME1 COLON HEX
	{ if (!rsa_cur->p) rsa_cur->p = $3; else { prsaerror ("Prime1 already defined\n"); YYABORT; } }
	\| PRIME2 COLON HEX
	{ if (!rsa_cur->q) rsa_cur->q = $3; else { prsaerror ("Prime2 already defined\n"); YYABORT; } }
	\| EXPONENT1 COLON HEX
	{ if (!rsa_cur->dmp1) rsa_cur->dmp1 = $3; else { prsaerror ("Exponent1 already defined\n"); YYABORT; } }
	\| EXPONENT2 COLON HEX
	{ if (!rsa_cur->dmq1) rsa_cur->dmq1 = $3; else { prsaerror ("Exponent2 already defined\n"); YYABORT; } }
	\| COEFFICIENT COLON HEX
	{ if (!rsa_cur->iqmp) rsa_cur->iqmp = $3; else { prsaerror ("Coefficient already defined\n"); YYABORT; } }
	;
	%%

	int prsaparse(void);

	int
	prsa_parse_file(struct genlist list, char fname, enum rsa_key_type type)
	{
	FILE *fp = NULL;
	int ret;

	if (!fname)
	return -1;
	if (type == RSA_TYPE_PRIVATE) {
	struct stat st;
	if (stat(fname, &st) < 0)
	return -1;
	if (st.st_mode & (S_IRWXG \| S_IRWXO)) {
	plog(LLV_ERROR, LOCATION, NULL,
	"Too slack permissions on private key '%s'\n",
	fname);
	plog(LLV_ERROR, LOCATION, NULL,
	"Should be at most 0600, now is 0%o\n",
	st.st_mode & 0777);
	return -1;
	}
	}
	fp = fopen(fname, "r");
	if (!fp)
	return -1;
	prsain = fp;
	prsa_cur_lineno = 1;
	prsa_cur_fname = fname;
	prsa_cur_list = list;
	prsa_cur_type = type;
	rsa_cur = RSA_new();
	ret = prsaparse();
	if (rsa_cur) {
	RSA_free(rsa_cur);
	rsa_cur = NULL;
	}
	fclose (fp);
	prsain = NULL;
	return ret;
	}