Indent ssl/ (a230b26e) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

ssl/d1_lib.c

+13 −12

Original line number	Diff line number	Diff line
		@@ -338,8 +338,7 @@ int dtls1_check_timeout_num(SSL *s)
		if (s->d1->timeout.num_alerts > 2
		&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
		mtu =
		BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0,
		NULL);
		BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
		if (mtu < s->d1->mtu)
		s->d1->mtu = mtu;
		}
		@@ -391,10 +390,13 @@ static void get_current_time(struct timeval *t)

		GetSystemTime(&st);
		SystemTimeToFileTime(&st, &now.ft);
		/* re-bias to 1/1/1970 */
		# ifdef __MINGW32__
		now.ul -= 116444736000000000ULL;
		# else
		now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
		/* INDENT-OFF */
		now.ul -= 116444736000000000UI64;
		/* INDENT-ON */
		# endif
		t->tv_sec = (long)(now.ul / 10000000);
		t->tv_usec = ((int)(now.ul % 10000000)) / 10;
		@@ -408,7 +410,6 @@ static void get_current_time(struct timeval *t)
		#endif
		}


		#define LISTEN_SUCCESS 2
		#define LISTEN_SEND_VERIFY_REQUEST 1

		@@ -744,7 +745,6 @@ int DTLSv1_listen(SSL s, BIO_ADDR client)
		s->msg_callback(1, 0, SSL3_RT_HEADER, buf,
		DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);


		if ((tmpclient = BIO_ADDR_new()) == NULL) {
		SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
		goto end;
		@@ -805,7 +805,9 @@ int DTLSv1_listen(SSL s, BIO_ADDR client)
		*/
		ossl_statem_set_hello_verify_done(s);

		/* Some BIOs may not support this. If we fail we clear the client address */
		/*
		* Some BIOs may not support this. If we fail we clear the client address
		*/
		if (BIO_dgram_get_peer(rbio, client) <= 0)
		BIO_ADDR_clear(client);

		@@ -987,8 +989,7 @@ int dtls1_heartbeat(SSL *s)
		if (ret >= 0) {
		if (s->msg_callback)
		s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT,
		buf, size,
		s, s->msg_callback_arg);
		buf, size, s, s->msg_callback_arg);

		dtls1_start_timer(s);
		s->tlsext_hb_pending = 1;

ssl/d1_srtp.c

+9 −12

Original line number	Diff line number	Diff line
		@@ -30,11 +30,11 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
		},
		{
		"SRTP_AEAD_AES_128_GCM",
		SRTP_AEAD_AES_128_GCM
		SRTP_AEAD_AES_128_GCM,
		},
		{
		"SRTP_AEAD_AES_256_GCM",
		SRTP_AEAD_AES_256_GCM
		SRTP_AEAD_AES_256_GCM,
		},
		{0}
		};
		@@ -76,8 +76,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
		do {
		col = strchr(ptr, ':');

		if (!find_profile_by_name(ptr, &p,
		col ? col - ptr : (int)strlen(ptr))) {
		if (!find_profile_by_name(ptr, &p, col ? col - ptr : (int)strlen(ptr))) {
		if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
		SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
		SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		@@ -190,8 +189,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL s, PACKET pkt, int *al)

		/* Pull off the length of the cipher suite list and check it is even */
		if (!PACKET_get_net_2(pkt, &ct)
		\|\| (ct & 1) != 0
		\|\| !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
		\|\| (ct & 1) != 0 \|\| !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
		SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
		*al = SSL_AD_DECODE_ERROR;
		@@ -281,8 +279,7 @@ int ssl_parse_serverhello_use_srtp_ext(SSL s, PACKET pkt, int *al)
		SRTP_PROTECTION_PROFILE *prof;

		if (!PACKET_get_net_2(pkt, &ct)
		\|\| ct != 2
		\|\| !PACKET_get_net_2(pkt, &id)
		\|\| ct != 2 \|\| !PACKET_get_net_2(pkt, &id)
		\|\| !PACKET_get_1(pkt, &mki)
		\|\| PACKET_remaining(pkt) != 0) {
		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,

ssl/methods.c

+27 −81

Original line number	Diff line number	Diff line
		@@ -11,7 +11,7 @@
		#include <openssl/objects.h>
		#include "ssl_locl.h"

		/*
		/*-
		* TLS/SSLv3 methods
		*/

		@@ -19,201 +19,148 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
		TLS_method,
		ossl_statem_accept,
		ossl_statem_connect, TLSv1_2_enc_data)

		#ifndef OPENSSL_NO_TLS1_2_METHOD
		IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
		tlsv1_2_method,
		ossl_statem_accept,
		ossl_statem_connect, TLSv1_2_enc_data)
		#endif

		#ifndef OPENSSL_NO_TLS1_1_METHOD
		IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
		tlsv1_1_method,
		ossl_statem_accept,
		ossl_statem_connect, TLSv1_1_enc_data)
		#endif

		#ifndef OPENSSL_NO_TLS1_METHOD
		IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
		tlsv1_method,
		ossl_statem_accept,
		ossl_statem_connect, TLSv1_enc_data)
		ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data)
		#endif

		#ifndef OPENSSL_NO_SSL3_METHOD
		IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect)
		#endif


		/*
		/*-
		* TLS/SSLv3 server methods
		*/

		IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
		TLS_server_method,
		ossl_statem_accept,
		ssl_undefined_function,
		TLSv1_2_enc_data)

		ssl_undefined_function, TLSv1_2_enc_data)
		#ifndef OPENSSL_NO_TLS1_2_METHOD
		IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
		tlsv1_2_server_method,
		ossl_statem_accept,
		ssl_undefined_function,
		TLSv1_2_enc_data)
		ssl_undefined_function, TLSv1_2_enc_data)
		#endif

		#ifndef OPENSSL_NO_TLS1_1_METHOD
		IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
		tlsv1_1_server_method,
		ossl_statem_accept,
		ssl_undefined_function,
		TLSv1_1_enc_data)
		ssl_undefined_function, TLSv1_1_enc_data)
		#endif

		#ifndef OPENSSL_NO_TLS1_METHOD
		IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
		tlsv1_server_method,
		ossl_statem_accept,
		ssl_undefined_function,
		TLSv1_enc_data)
		ssl_undefined_function, TLSv1_enc_data)
		#endif

		#ifndef OPENSSL_NO_SSL3_METHOD
		IMPLEMENT_ssl3_meth_func(sslv3_server_method,
		ossl_statem_accept,
		ssl_undefined_function)
		ossl_statem_accept, ssl_undefined_function)
		#endif


		/*
		/*-
		* TLS/SSLv3 client methods
		*/

		IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
		TLS_client_method,
		ssl_undefined_function,
		ossl_statem_connect,
		TLSv1_2_enc_data)

		ossl_statem_connect, TLSv1_2_enc_data)
		#ifndef OPENSSL_NO_TLS1_2_METHOD
		IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
		tlsv1_2_client_method,
		ssl_undefined_function,
		ossl_statem_connect,
		TLSv1_2_enc_data)
		ossl_statem_connect, TLSv1_2_enc_data)
		#endif

		#ifndef OPENSSL_NO_TLS1_1_METHOD
		IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
		tlsv1_1_client_method,
		ssl_undefined_function,
		ossl_statem_connect,
		TLSv1_1_enc_data)
		ossl_statem_connect, TLSv1_1_enc_data)
		#endif

		#ifndef OPENSSL_NO_TLS1_METHOD
		IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
		tlsv1_client_method,
		ssl_undefined_function,
		ossl_statem_connect,
		TLSv1_enc_data)
		ossl_statem_connect, TLSv1_enc_data)
		#endif

		#ifndef OPENSSL_NO_SSL3_METHOD
		IMPLEMENT_ssl3_meth_func(sslv3_client_method,
		ssl_undefined_function,
		ossl_statem_connect)
		ssl_undefined_function, ossl_statem_connect)
		#endif


		/*
		/*-
		* DTLS methods
		*/

		#ifndef OPENSSL_NO_DTLS1_METHOD
		IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
		dtlsv1_method,
		ossl_statem_accept,
		ossl_statem_connect,
		DTLSv1_enc_data)
		ossl_statem_connect, DTLSv1_enc_data)
		#endif

		#ifndef OPENSSL_NO_DTLS1_2_METHOD
		IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
		dtlsv1_2_method,
		ossl_statem_accept,
		ossl_statem_connect,
		DTLSv1_2_enc_data)
		ossl_statem_connect, DTLSv1_2_enc_data)
		#endif

		IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
		DTLS_method,
		ossl_statem_accept,
		ossl_statem_connect,
		DTLSv1_2_enc_data)
		ossl_statem_connect, DTLSv1_2_enc_data)

		/*
		/*-
		* DTLS server methods
		*/

		#ifndef OPENSSL_NO_DTLS1_METHOD
		IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
		dtlsv1_server_method,
		ossl_statem_accept,
		ssl_undefined_function,
		DTLSv1_enc_data)
		ssl_undefined_function, DTLSv1_enc_data)
		#endif

		#ifndef OPENSSL_NO_DTLS1_2_METHOD
		IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
		dtlsv1_2_server_method,
		ossl_statem_accept,
		ssl_undefined_function,
		DTLSv1_2_enc_data)
		ssl_undefined_function, DTLSv1_2_enc_data)
		#endif

		IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
		DTLS_server_method,
		ossl_statem_accept,
		ssl_undefined_function,
		DTLSv1_2_enc_data)

		ssl_undefined_function, DTLSv1_2_enc_data)

		/*
		/*-
		* DTLS client methods
		*/

		#ifndef OPENSSL_NO_DTLS1_METHOD
		IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
		dtlsv1_client_method,
		ssl_undefined_function,
		ossl_statem_connect,
		DTLSv1_enc_data)
		ossl_statem_connect, DTLSv1_enc_data)
		IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
		dtls_bad_ver_client_method,
		ssl_undefined_function,
		ossl_statem_connect,
		DTLSv1_enc_data)
		ossl_statem_connect, DTLSv1_enc_data)
		#endif

		#ifndef OPENSSL_NO_DTLS1_2_METHOD
		IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
		dtlsv1_2_client_method,
		ssl_undefined_function,
		ossl_statem_connect,
		DTLSv1_2_enc_data)
		ossl_statem_connect, DTLSv1_2_enc_data)
		#endif

		IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
		DTLS_client_method,
		ssl_undefined_function,
		ossl_statem_connect,
		DTLSv1_2_enc_data)

		ossl_statem_connect, DTLSv1_2_enc_data)
		#if OPENSSL_API_COMPAT < 0x10100000L

		# ifndef OPENSSL_NO_TLS1_2_METHOD
		const SSL_METHOD *TLSv1_2_method(void)
		{
		@@ -317,4 +264,3 @@ const SSL_METHOD *DTLSv1_client_method(void)
		# endif

		#endif

ssl/packet_locl.h

+34 −38

Original line number	Diff line number	Diff line
		@@ -54,6 +54,7 @@ static ossl_inline const unsigned char PACKET_end(const PACKET pkt)
		{
		return pkt->curr + pkt->remaining;
		}

		/*
		* Returns a pointer to the PACKET's current position.
		* For use in non-PACKETized APIs.
		@@ -107,8 +108,7 @@ __owur static ossl_inline int PACKET_equal(const PACKET pkt, const void ptr,
		* the original \|pkt\|, so data wrapped by \|pkt\| must outlive the \|subpkt\|.
		*/
		__owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt,
		PACKET *subpkt,
		size_t len)
		PACKET *subpkt, size_t len)
		{
		if (PACKET_remaining(pkt) < len)
		return 0;
		@@ -122,8 +122,7 @@ __owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt,
		* original \|pkt\|, so data wrapped by \|pkt\| must outlive the \|subpkt\|.
		*/
		__owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt,
		PACKET *subpkt,
		size_t len)
		PACKET *subpkt, size_t len)
		{
		if (!PACKET_peek_sub_packet(pkt, subpkt, len))
		return 0;
		@@ -151,8 +150,7 @@ __owur static ossl_inline int PACKET_peek_net_2(const PACKET *pkt,

		/* Equivalent of n2s */
		/* Get 2 bytes in network order from \|pkt\| and store the value in \|data\| /
		__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt,
		unsigned int *data)
		__owur static ossl_inline int PACKET_get_net_2(PACKET pkt, unsigned int data)
		{
		if (!PACKET_peek_net_2(pkt, data))
		return 0;
		@@ -181,8 +179,7 @@ __owur static ossl_inline int PACKET_peek_net_3(const PACKET *pkt,

		/* Equivalent of n2l3 */
		/* Get 3 bytes in network order from \|pkt\| and store the value in \|data\| /
		__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt,
		unsigned long *data)
		__owur static ossl_inline int PACKET_get_net_3(PACKET pkt, unsigned long data)
		{
		if (!PACKET_peek_net_3(pkt, data))
		return 0;
		@@ -212,8 +209,7 @@ __owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt,

		/* Equivalent of n2l */
		/* Get 4 bytes in network order from \|pkt\| and store the value in \|data\| /
		__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt,
		unsigned long *data)
		__owur static ossl_inline int PACKET_get_net_4(PACKET pkt, unsigned long data)
		{
		if (!PACKET_peek_net_4(pkt, data))
		return 0;
		@@ -333,8 +329,7 @@ __owur static ossl_inline int PACKET_peek_copy_bytes(const PACKET *pkt,
		* The caller is responsible for ensuring that \|data\| can hold \|len\| bytes.
		*/
		__owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt,
		unsigned char *data,
		size_t len)
		unsigned char *data, size_t len)
		{
		if (!PACKET_peek_copy_bytes(pkt, data, len))
		return 0;
		@@ -460,7 +455,8 @@ __owur static ossl_inline int PACKET_get_length_prefixed_1(PACKET *pkt,
		* Like PACKET_get_length_prefixed_1, but additionally, fails when there are
		* leftover bytes in \|pkt\|.
		*/
		__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET pkt, PACKET subpkt)
		__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt,
		PACKET *subpkt)
		{
		unsigned int length;
		const unsigned char *data;

ssl/record/rec_layer_d1.c

+23 −33

Original line number	Diff line number	Diff line
		@@ -22,7 +22,6 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
		if ((d = OPENSSL_malloc(sizeof(*d))) == NULL)
		return (0);


		rl->d = d;

		d->unprocessed_rcds.q = pqueue_new();
		@@ -97,18 +96,14 @@ void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e)
		{
		if (e == rl->d->w_epoch - 1) {
		memcpy(rl->d->curr_write_sequence,
		rl->write_sequence,
		sizeof(rl->write_sequence));
		rl->write_sequence, sizeof(rl->write_sequence));
		memcpy(rl->write_sequence,
		rl->d->last_write_sequence,
		sizeof(rl->write_sequence));
		rl->d->last_write_sequence, sizeof(rl->write_sequence));
		} else if (e == rl->d->w_epoch + 1) {
		memcpy(rl->d->last_write_sequence,
		rl->write_sequence,
		sizeof(unsigned char[8]));
		rl->write_sequence, sizeof(unsigned char[8]));
		memcpy(rl->write_sequence,
		rl->d->curr_write_sequence,
		sizeof(rl->write_sequence));
		rl->d->curr_write_sequence, sizeof(rl->write_sequence));
		}
		rl->d->w_epoch = e;
		}
		@@ -118,7 +113,6 @@ void DTLS_RECORD_LAYER_resync_write(RECORD_LAYER *rl)
		memcpy(rl->write_sequence, rl->read_sequence, sizeof(rl->write_sequence));
		}


		void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER rl, unsigned char seq)
		{
		memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE);
		@@ -232,7 +226,6 @@ int dtls1_retrieve_buffered_record(SSL s, record_pqueue queue)
		dtls1_retrieve_buffered_record((s), \
		&((s)->rlayer.d->unprocessed_rcds))


		int dtls1_process_buffered_records(SSL *s)
		{
		pitem *item;
		@@ -249,7 +242,8 @@ int dtls1_process_buffered_records(SSL *s)
		if (!dtls1_process_record(s))
		return (0);
		if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
		SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0)
		SSL3_RECORD_get_seq_num(s->rlayer.rrec)) <
		0)
		return -1;
		}
		}
		@@ -264,7 +258,6 @@ int dtls1_process_buffered_records(SSL *s)
		return (1);
		}


		/*-
		* Return up to 'len' payload bytes received in 'type' records.
		* 'type' is one of the following:
		@@ -570,7 +563,7 @@ int dtls1_read_bytes(SSL s, int type, int recvd_type, unsigned char *buf,
		* dest_maxlen is 7 if we were to handle this
		* non-existing alert...
		*/
		FIX ME
		FIX ME;
		#endif
		s->rlayer.rstate = SSL_ST_READ_HEADER;
		SSL3_RECORD_set_length(rr, 0);
		@@ -628,8 +621,7 @@ int dtls1_read_bytes(SSL s, int type, int recvd_type, unsigned char *buf,
		if (i < 0)
		return (i);
		if (i == 0) {
		SSLerr(SSL_F_DTLS1_READ_BYTES,
		SSL_R_SSL_HANDSHAKE_FAILURE);
		SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
		return (-1);
		}

		@@ -734,8 +726,7 @@ int dtls1_read_bytes(SSL s, int type, int recvd_type, unsigned char *buf,

		s->rwstate = SSL_NOTHING;
		s->s3->fatal_alert = alert_descr;
		SSLerr(SSL_F_DTLS1_READ_BYTES,
		SSL_AD_REASON_OFFSET + alert_descr);
		SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
		BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
		ERR_add_error_data(2, "SSL alert number ", tmp);
		s->shutdown \|= SSL_RECEIVED_SHUTDOWN;
		@@ -874,7 +865,6 @@ int dtls1_read_bytes(SSL s, int type, int recvd_type, unsigned char *buf,
		return (-1);
		}


		/*
		* this only happens when a client hello is received and a handshake
		* is started.
		@@ -1040,7 +1030,8 @@ int do_dtls1_write(SSL s, int type, const unsigned char buf,

		if (mac_size != 0) {
		if (s->method->ssl3_enc->mac(s, &wr,
		&(p[SSL3_RECORD_get_length(&wr) + eivlen]), 1) < 0)
		&(p[SSL3_RECORD_get_length(&wr) + eivlen]),
		1) < 0)
		goto err;
		SSL3_RECORD_add_length(&wr, mac_size);
		}
		@@ -1144,8 +1135,7 @@ void dtls1_reset_seq_numbers(SSL *s, int rw)
		s->rlayer.d->r_epoch++;
		memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap,
		sizeof(s->rlayer.d->bitmap));
		memset(&s->rlayer.d->next_bitmap, 0,
		sizeof(s->rlayer.d->next_bitmap));
		memset(&s->rlayer.d->next_bitmap, 0, sizeof(s->rlayer.d->next_bitmap));
		} else {
		seq = s->rlayer.write_sequence;
		memcpy(s->rlayer.d->last_write_sequence, seq,