static void _gnutls_global_deinit(unsigned destructor) { GNUTLS_STATIC_MUTEX_LOCK(global_init_mutex); if (_gnutls_init == 1) { _gnutls_init = 0; gnutls_crypto_deinit(); _gnutls_rnd_deinit(); _gnutls_ext_deinit(); asn1_delete_structure(&_gnutls_gnutls_asn); asn1_delete_structure(&_gnutls_pkix1_asn); _gnutls_crypto_deregister(); gnutls_system_global_deinit(); _gnutls_cryptodev_deinit(); #ifdef ENABLE_PKCS11 /* Do not try to deinitialize the PKCS #11 libraries * from the destructor. If we do and the PKCS #11 modules * are already being unloaded, we may crash. */ if (destructor == 0) { gnutls_pkcs11_deinit(); } #endif gnutls_mutex_deinit(&_gnutls_file_mutex); gnutls_mutex_deinit(&_gnutls_pkcs11_mutex); } else { if (_gnutls_init > 0) _gnutls_init--; } GNUTLS_STATIC_MUTEX_UNLOCK(global_init_mutex); }
static void _gnutls_global_deinit(unsigned destructor) { if (!destructor) { GNUTLS_STATIC_MUTEX_LOCK(global_init_mutex); } if (_gnutls_init == 1) { _gnutls_init = 0; if (_gnutls_init_ret < 0) { /* only deinitialize if gnutls_global_init() has * succeeded */ gnutls_assert(); goto fail; } _gnutls_system_key_deinit(); gnutls_crypto_deinit(); _gnutls_rnd_deinit(); _gnutls_ext_deinit(); asn1_delete_structure(&_gnutls_gnutls_asn); asn1_delete_structure(&_gnutls_pkix1_asn); _gnutls_crypto_deregister(); gnutls_system_global_deinit(); _gnutls_cryptodev_deinit(); _gnutls_supplemental_deinit(); _gnutls_unload_system_priorities(); #ifdef ENABLE_PKCS11 /* Do not try to deinitialize the PKCS #11 libraries * from the destructor. If we do and the PKCS #11 modules * are already being unloaded, we may crash. */ if (destructor == 0) { gnutls_pkcs11_deinit(); } #endif #ifdef HAVE_TROUSERS _gnutls_tpm_global_deinit(); #endif gnutls_mutex_deinit(&_gnutls_file_mutex); gnutls_mutex_deinit(&_gnutls_pkcs11_mutex); } else { if (_gnutls_init > 0) _gnutls_init--; } fail: if (!destructor) { GNUTLS_STATIC_MUTEX_UNLOCK(global_init_mutex); } }
/** * gnutls_global_deinit: * * This function deinitializes the global data, that were initialized * using gnutls_global_init(). * * Note! This function is not thread safe. See the discussion for * gnutls_global_init() for more information. **/ void gnutls_global_deinit (void) { if (_gnutls_init == 1) { gl_sockets_cleanup (); gnutls_crypto_deinit(); _gnutls_rnd_deinit (); _gnutls_ext_deinit (); asn1_delete_structure (&_gnutls_gnutls_asn); asn1_delete_structure (&_gnutls_pkix1_asn); _gnutls_crypto_deregister (); _gnutls_cryptodev_deinit (); gnutls_system_global_deinit (); #ifdef ENABLE_PKCS11 gnutls_pkcs11_deinit (); #endif gnutls_mutex_deinit(&_gnutls_file_mutex); } _gnutls_init--; }
static void cmd_parser(int argc, char **argv) { int ret, privkey_op = 0; common_info_st cinfo; const char *proto = "tcp"; unsigned int port = 443; optionProcess(&danetoolOptions, argc, argv); if (HAVE_OPT(OUTFILE)) { outfile = safe_open_rw(OPT_ARG(OUTFILE), privkey_op); if (outfile == NULL) { fprintf(stderr, "%s", OPT_ARG(OUTFILE)); exit(1); } } else outfile = stdout; default_dig = GNUTLS_DIG_UNKNOWN; if (HAVE_OPT(HASH)) { if (strcasecmp(OPT_ARG(HASH), "md5") == 0) { fprintf(stderr, "Warning: MD5 is broken, and should not be used any more for digital signatures.\n"); default_dig = GNUTLS_DIG_MD5; } else if (strcasecmp(OPT_ARG(HASH), "sha1") == 0) default_dig = GNUTLS_DIG_SHA1; else if (strcasecmp(OPT_ARG(HASH), "sha256") == 0) default_dig = GNUTLS_DIG_SHA256; else if (strcasecmp(OPT_ARG(HASH), "sha224") == 0) default_dig = GNUTLS_DIG_SHA224; else if (strcasecmp(OPT_ARG(HASH), "sha384") == 0) default_dig = GNUTLS_DIG_SHA384; else if (strcasecmp(OPT_ARG(HASH), "sha512") == 0) default_dig = GNUTLS_DIG_SHA512; else if (strcasecmp(OPT_ARG(HASH), "rmd160") == 0) default_dig = GNUTLS_DIG_RMD160; else { fprintf(stderr, "invalid hash: %s", OPT_ARG(HASH)); exit(1); } } gnutls_global_set_log_function(tls_log_func); if (HAVE_OPT(DEBUG)) { gnutls_global_set_log_level(OPT_VALUE_DEBUG); printf("Setting log level to %d\n", (int) OPT_VALUE_DEBUG); } if ((ret = gnutls_global_init()) < 0) { fprintf(stderr, "global_init: %s", gnutls_strerror(ret)); exit(1); } #ifdef ENABLE_PKCS11 pkcs11_common(NULL); #endif memset(&cinfo, 0, sizeof(cinfo)); if (HAVE_OPT(INDER) || HAVE_OPT(INRAW)) cinfo.incert_format = GNUTLS_X509_FMT_DER; else cinfo.incert_format = GNUTLS_X509_FMT_PEM; if (HAVE_OPT(VERBOSE)) cinfo.verbose = 1; if (HAVE_OPT(LOAD_PUBKEY)) cinfo.pubkey = OPT_ARG(LOAD_PUBKEY); if (HAVE_OPT(LOAD_CERTIFICATE)) cinfo.cert = OPT_ARG(LOAD_CERTIFICATE); if (HAVE_OPT(PORT)) { port = OPT_VALUE_PORT; } else { if (HAVE_OPT(STARTTLS_PROTO)) port = starttls_proto_to_port(OPT_ARG(STARTTLS_PROTO)); } if (HAVE_OPT(PROTO)) proto = OPT_ARG(PROTO); if (HAVE_OPT(TLSA_RR)) dane_info(OPT_ARG(HOST), proto, port, HAVE_OPT(CA), ENABLED_OPT(DOMAIN), &cinfo); else if (HAVE_OPT(CHECK)) dane_check(OPT_ARG(CHECK), proto, port, &cinfo); else USAGE(1); fclose(outfile); #ifdef ENABLE_PKCS11 gnutls_pkcs11_deinit(); #endif gnutls_global_deinit(); }
void doit(void) { int ret; const char *lib; gnutls_privkey_t key; gnutls_pkcs11_obj_t obj; gnutls_datum_t sig = {NULL, 0}, data; unsigned flags = 0; lib = getenv("P11MOCKLIB1"); if (lib == NULL) lib = P11LIB; { void *dl; unsigned int *pflags; dl = dlopen(lib, RTLD_NOW); if (dl == NULL) { fail("could not dlopen %s\n", lib); exit(1); } pflags = dlsym(dl, "pkcs11_mock_flags"); if (pflags == NULL) { fail("could find pkcs11_mock_flags\n"); exit(1); } *pflags = MOCK_FLAG_ALWAYS_AUTH; } data.data = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb"; data.size = 20; ret = global_init(); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(4711); ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pkcs11_add_provider(lib, NULL); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pkcs11_obj_init(&obj); assert(ret>=0); gnutls_pkcs11_obj_set_pin_function(obj, pin_func, NULL); ret = gnutls_pkcs11_obj_import_url(obj, "pkcs11:object=test;type=private", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); assert(ret>=0); ret = gnutls_pkcs11_obj_get_flags(obj, &flags); assert(ret>=0); if (!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH)) { fail("key object doesn't have the always authenticate flag\n"); } gnutls_pkcs11_obj_deinit(obj); ret = gnutls_privkey_init(&key); assert(ret>=0); gnutls_privkey_set_pin_function(key, pin_func, NULL); ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } pin_called = 0; ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } if (pin_called == 0) { fail("PIN function wasn't called!\n"); } pin_called = 0; gnutls_free(sig.data); /* call again - should re-authenticate */ ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } if (pin_called == 0) { fail("PIN function wasn't called twice!\n"); } pin_called = 0; gnutls_free(sig.data); if (debug) printf("done\n\n\n"); gnutls_privkey_deinit(key); gnutls_pkcs11_deinit(); gnutls_global_deinit(); }
static void cmd_parser (int argc, char **argv) { int ret, debug = 0; common_info_st cinfo; unsigned int pkcs11_type = -1, key_type = GNUTLS_PK_UNKNOWN; const char* url = NULL; unsigned int detailed_url = 0, optct; unsigned int login = 0, bits = 0; const char* label = NULL, *sec_param = NULL; optct = optionProcess( &p11toolOptions, argc, argv); argc += optct; argv += optct; if (url == NULL && argc > 0) url = argv[0]; else url = "pkcs11:"; if (HAVE_OPT(DEBUG)) debug = OPT_VALUE_DEBUG; gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (debug); if (debug > 1) printf ("Setting log level to %d\n", debug); if ((ret = gnutls_global_init ()) < 0) error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret)); if (HAVE_OPT(PROVIDER)) { ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret < 0) fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); else { ret = gnutls_pkcs11_add_provider (OPT_ARG(PROVIDER), NULL); if (ret < 0) error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", gnutls_strerror (ret)); } } else { ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL); if (ret < 0) fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); } if (HAVE_OPT(OUTFILE)) { outfile = safe_open_rw (OPT_ARG(OUTFILE), 0); if (outfile == NULL) error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE)); } else outfile = stdout; memset (&cinfo, 0, sizeof (cinfo)); if (HAVE_OPT(SECRET_KEY)) cinfo.secret_key = OPT_ARG(SECRET_KEY); if (HAVE_OPT(LOAD_PRIVKEY)) cinfo.privkey = OPT_ARG(LOAD_PRIVKEY); if (HAVE_OPT(PKCS8)) cinfo.pkcs8 = 1; if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW)) cinfo.incert_format = GNUTLS_X509_FMT_DER; else cinfo.incert_format = GNUTLS_X509_FMT_PEM; if (HAVE_OPT(LOAD_CERTIFICATE)) cinfo.cert = OPT_ARG(LOAD_CERTIFICATE); if (HAVE_OPT(LOAD_PUBKEY)) cinfo.pubkey = OPT_ARG(LOAD_PUBKEY); if (ENABLED_OPT(DETAILED_URL)) detailed_url = 1; if (ENABLED_OPT(LOGIN)) login = 1; if (HAVE_OPT(LABEL)) { label = OPT_ARG(LABEL); } if (HAVE_OPT(BITS)) { bits = OPT_VALUE_BITS; } if (HAVE_OPT(SEC_PARAM)) { sec_param = OPT_ARG(SEC_PARAM); } if (debug > 0) { if (HAVE_OPT(PRIVATE)) fprintf(stderr, "Private: %s\n", ENABLED_OPT(PRIVATE)?"yes":"no"); fprintf(stderr, "Trusted: %s\n", ENABLED_OPT(TRUSTED)?"yes":"no"); fprintf(stderr, "Login: %s\n", ENABLED_OPT(LOGIN)?"yes":"no"); fprintf(stderr, "Detailed URLs: %s\n", ENABLED_OPT(DETAILED_URL)?"yes":"no"); fprintf(stderr, "\n"); } /* handle actions */ if (HAVE_OPT(LIST_TOKENS)) pkcs11_token_list (outfile, detailed_url, &cinfo); else if (HAVE_OPT(LIST_MECHANISMS)) pkcs11_mechanism_list (outfile, url, login, &cinfo); else if (HAVE_OPT(LIST_ALL)) { pkcs11_type = PKCS11_TYPE_ALL; pkcs11_list (outfile, url, pkcs11_type, login, detailed_url, &cinfo); } else if (HAVE_OPT(LIST_ALL_CERTS)) { pkcs11_type = PKCS11_TYPE_CRT_ALL; pkcs11_list (outfile, url, pkcs11_type, login, detailed_url, &cinfo); } else if (HAVE_OPT(LIST_CERTS)) { pkcs11_type = PKCS11_TYPE_PK; pkcs11_list (outfile, url, pkcs11_type, login, detailed_url, &cinfo); } else if (HAVE_OPT(LIST_ALL_PRIVKEYS)) { pkcs11_type = PKCS11_TYPE_PRIVKEY; pkcs11_list (outfile, url, pkcs11_type, login, detailed_url, &cinfo); } else if (HAVE_OPT(LIST_ALL_TRUSTED)) { pkcs11_type = PKCS11_TYPE_TRUSTED; pkcs11_list (outfile, url, pkcs11_type, login, detailed_url, &cinfo); } else if (HAVE_OPT(EXPORT)) { pkcs11_export (outfile, url, login, &cinfo); } else if (HAVE_OPT(WRITE)) { int priv; if (HAVE_OPT(PRIVATE)) priv = ENABLED_OPT(PRIVATE); else priv = -1; pkcs11_write (outfile, url, label, ENABLED_OPT(TRUSTED), priv, login, &cinfo); } else if (HAVE_OPT(INITIALIZE)) pkcs11_init (outfile, url, label, &cinfo); else if (HAVE_OPT(DELETE)) pkcs11_delete (outfile, url, 0, login, &cinfo); else if (HAVE_OPT(GENERATE_ECC)) { key_type = GNUTLS_PK_EC; pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param), label, ENABLED_OPT(PRIVATE), detailed_url, login, &cinfo); } else if (HAVE_OPT(GENERATE_RSA)) { key_type = GNUTLS_PK_RSA; pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param), label, ENABLED_OPT(PRIVATE), detailed_url, login, &cinfo); } else if (HAVE_OPT(GENERATE_DSA)) { key_type = GNUTLS_PK_DSA; pkcs11_generate (outfile, url, key_type, get_bits(key_type, bits, sec_param), label, ENABLED_OPT(PRIVATE), detailed_url, login, &cinfo); } else { USAGE(1); } fclose (outfile); #ifdef ENABLE_PKCS11 gnutls_pkcs11_deinit (); #endif gnutls_global_deinit (); }
void doit(void) { int ret; const char *lib; gnutls_privkey_t key; gnutls_pubkey_t pub; gnutls_datum_t m1, e1; gnutls_datum_t m2, e2; ret = global_init(); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(4711); lib = getenv("P11MOCKLIB1"); if (lib == NULL) lib = P11LIB; ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pkcs11_add_provider(lib, NULL); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_privkey_init(&key); assert(ret>=0); ret = gnutls_pubkey_init(&pub); assert(ret>=0); gnutls_privkey_set_pin_function(key, pin_func, NULL); ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pubkey_import_privkey(pub, key, 0, 0); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pubkey_export_rsa_raw(pub, &m1, &e1); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } gnutls_pubkey_deinit(pub); gnutls_privkey_deinit(key); /* try again using gnutls_pubkey_import_url */ ret = gnutls_pubkey_init(&pub); assert(ret>=0); ret = gnutls_pubkey_import_url(pub, "pkcs11:object=test;type=public", 0); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pubkey_export_rsa_raw(pub, &m2, &e2); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } assert(m1.size == m2.size); assert(e1.size == e2.size); assert(memcmp(e1.data, e2.data, e2.size)==0); assert(memcmp(m1.data, m2.data, m2.size)==0); gnutls_pubkey_deinit(pub); gnutls_free(m1.data); gnutls_free(e1.data); gnutls_free(m2.data); gnutls_free(e2.data); gnutls_pkcs11_deinit(); gnutls_global_deinit(); }
static void gaa_parser (int argc, char **argv) { int ret; common_info_st cinfo; if (gaa (argc, argv, &info) != -1) { fprintf (stderr, "Try `%s --help' for more information.\n", program_name); exit (1); } gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (info.debug); if (info.debug > 1) printf ("Setting log level to %d\n", info.debug); if ((ret = gnutls_global_init ()) < 0) error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret)); if (info.pkcs11_provider != NULL) { ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret < 0) fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); else { ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL); if (ret < 0) error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", gnutls_strerror (ret)); } } else { ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL); if (ret < 0) fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); } if (info.outfile) { outfile = safe_open_rw (info.outfile, 0); if (outfile == NULL) error (EXIT_FAILURE, errno, "%s", info.outfile); } else outfile = stdout; memset (&cinfo, 0, sizeof (cinfo)); cinfo.secret_key = info.secret_key; cinfo.privkey = info.privkey; cinfo.pkcs8 = info.pkcs8; cinfo.incert_format = info.incert_format; cinfo.cert = info.cert; switch (info.action) { case ACTION_PKCS11_LIST: pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type, info.pkcs11_login, info.pkcs11_detailed_url, &cinfo); break; case ACTION_PKCS11_TOKENS: pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo); break; case ACTION_PKCS11_MECHANISMS: pkcs11_mechanism_list (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo); break; case ACTION_PKCS11_EXPORT_URL: pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo); break; case ACTION_PKCS11_WRITE_URL: pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label, info.pkcs11_trusted, info.pkcs11_login, &cinfo); break; case ACTION_PKCS11_TOKEN_INIT: pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo); break; case ACTION_PKCS11_DELETE_URL: pkcs11_delete (outfile, info.pkcs11_url, 0, info.pkcs11_login, &cinfo); break; default: gaa_help (); exit (0); } fclose (outfile); gnutls_pkcs11_deinit (); gnutls_global_deinit (); }
void doit(void) { int ret; const char *lib; gnutls_privkey_t key; gnutls_datum_t sig = {NULL, 0}, data; pid_t pid; data.data = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb"; data.size = 20; ret = global_init(); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(4711); lib = getenv("P11MOCKLIB1"); if (lib == NULL) lib = P11LIB; ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_pkcs11_add_provider(lib, NULL); if (ret != 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_privkey_init(&key); assert(ret>=0); gnutls_privkey_set_pin_function(key, pin_func, NULL); ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } gnutls_free(sig.data); pid = fork(); if (pid != 0) { int status; assert(waitpid(pid, &status, 0) >= 0); if (WEXITSTATUS(status) != 0) { fail("child return status was unexpected: %d\n", WEXITSTATUS(status)); exit(1); } } else { /* child */ ret = gnutls_pkcs11_reinit(); assert(ret == 0); ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); if (ret < 0) { fail("%d: %s\n", ret, gnutls_strerror(ret)); exit(1); } gnutls_free(sig.data); gnutls_privkey_deinit(key); gnutls_pkcs11_deinit(); gnutls_global_deinit(); exit(0); } if (debug) printf("done\n\n\n"); gnutls_privkey_deinit(key); gnutls_pkcs11_deinit(); gnutls_global_deinit(); }