Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	lib/libcrypto/crypto/../../libssl/src/crypto/x509/x509_trs.c	Lines:	21	110	19.1 %
Date:	2016-12-06	Branches:	8	70	11.4 %


/* $OpenBSD: x509_trs.c,v 1.20 2015/02/10 11:22:21 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include <string.h>

#include <openssl/err.h>
#include <openssl/x509v3.h>

static int tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b);
static void trtable_free(X509_TRUST *p);

static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
static int trust_compat(X509_TRUST *trust, X509 *x, int flags);

static int obj_trust(int id, X509 *x, int flags);
static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;

/* WARNING: the following table should be kept in order of trust
 * and without any gaps so we can just subtract the minimum trust
 * value to get an index into the table
 */

static X509_TRUST trstandard[] = {
	{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
	{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
	{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
	{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
	{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
	{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
	{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},
	{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
};

#define X509_TRUST_COUNT	(sizeof(trstandard)/sizeof(X509_TRUST))

static STACK_OF(X509_TRUST) *trtable = NULL;

static int
tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b)
{
	return (*a)->trust - (*b)->trust;
}

int
(*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
{
	int (*oldtrust)(int , X509 *, int);

	oldtrust = default_trust;
	default_trust = trust;
	return oldtrust;
}

int
X509_check_trust(X509 *x, int id, int flags)
{
	X509_TRUST *pt;
	int idx;

	if (id == -1)
		return 1;
	idx = X509_TRUST_get_by_id(id);
	if (idx == -1)
		return default_trust(id, x, flags);
	pt = X509_TRUST_get0(idx);
	return pt->check_trust(pt, x, flags);
}

int
X509_TRUST_get_count(void)
{
	if (!trtable)
		return X509_TRUST_COUNT;
	return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
}

X509_TRUST *
X509_TRUST_get0(int idx)
{
	if (idx < 0)
		return NULL;
	if (idx < (int)X509_TRUST_COUNT)
		return trstandard + idx;
	return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
}

int
X509_TRUST_get_by_id(int id)
{
	X509_TRUST tmp;
	int idx;

	if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
		return id - X509_TRUST_MIN;
	tmp.trust = id;
	if (!trtable)
		return -1;
	idx = sk_X509_TRUST_find(trtable, &tmp);
	if (idx == -1)
		return -1;
	return idx + X509_TRUST_COUNT;
}

int
X509_TRUST_set(int *t, int trust)
{
	if (X509_TRUST_get_by_id(trust) == -1) {
		X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
		return 0;
	}
	*t = trust;
	return 1;
}

int
X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
    char *name, int arg1, void *arg2)
{
	int idx;
	X509_TRUST *trtmp;
	char *name_dup;

	/* This is set according to what we change: application can't set it */
	flags &= ~X509_TRUST_DYNAMIC;
	/* This will always be set for application modified trust entries */
	flags |= X509_TRUST_DYNAMIC_NAME;
	/* Get existing entry if any */
	idx = X509_TRUST_get_by_id(id);
	/* Need a new entry */
	if (idx == -1) {
		if (!(trtmp = malloc(sizeof(X509_TRUST)))) {
			X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		trtmp->flags = X509_TRUST_DYNAMIC;
	} else {
		trtmp = X509_TRUST_get0(idx);
		if (trtmp == NULL) {
			X509err(X509_F_X509_TRUST_ADD, X509_R_INVALID_TRUST);
			return 0;
		}
	}

	if ((name_dup = strdup(name)) == NULL)
		goto err;

	/* free existing name if dynamic */
	if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
		free(trtmp->name);
	/* dup supplied name */
	trtmp->name = name_dup;
	/* Keep the dynamic flag of existing entry */
	trtmp->flags &= X509_TRUST_DYNAMIC;
	/* Set all other flags */
	trtmp->flags |= flags;

	trtmp->trust = id;
	trtmp->check_trust = ck;
	trtmp->arg1 = arg1;
	trtmp->arg2 = arg2;

	/* If it's a new entry, manage the dynamic table */
	if (idx == -1) {
		if (trtable == NULL &&
		    (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL)
			goto err;
		if (sk_X509_TRUST_push(trtable, trtmp) == 0)
			goto err;
	}
	return 1;

err:
	free(name_dup);
	if (idx == -1)
		free(trtmp);
	X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
	return 0;
}

static void
trtable_free(X509_TRUST *p)
{
	if (!p)
		return;
	if (p->flags & X509_TRUST_DYNAMIC) {
		if (p->flags & X509_TRUST_DYNAMIC_NAME)
			free(p->name);
		free(p);
	}
}

void
X509_TRUST_cleanup(void)
{
	unsigned int i;

	for (i = 0; i < X509_TRUST_COUNT; i++)
		trtable_free(trstandard + i);
	sk_X509_TRUST_pop_free(trtable, trtable_free);
	trtable = NULL;
}

int
X509_TRUST_get_flags(X509_TRUST *xp)
{
	return xp->flags;
}

char *
X509_TRUST_get0_name(X509_TRUST *xp)
{
	return xp->name;
}

int
X509_TRUST_get_trust(X509_TRUST *xp)
{
	return xp->trust;
}

static int
trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
{
	if (x->aux && (x->aux->trust || x->aux->reject))
		return obj_trust(trust->arg1, x, flags);
	/* we don't have any trust settings: for compatibility
	 * we return trusted if it is self signed
	 */
	return trust_compat(trust, x, flags);
}

static int
trust_1oid(X509_TRUST *trust, X509 *x, int flags)
{
	if (x->aux)
		return obj_trust(trust->arg1, x, flags);
	return X509_TRUST_UNTRUSTED;
}

static int
trust_compat(X509_TRUST *trust, X509 *x, int flags)
{
	X509_check_purpose(x, -1, 0);
	if (x->ex_flags & EXFLAG_SS)
		return X509_TRUST_TRUSTED;
	else
		return X509_TRUST_UNTRUSTED;
}

static int
obj_trust(int id, X509 *x, int flags)
{
	ASN1_OBJECT *obj;
	int i;
	X509_CERT_AUX *ax;

	ax = x->aux;
	if (!ax)
		return X509_TRUST_UNTRUSTED;
	if (ax->reject) {
		for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
			obj = sk_ASN1_OBJECT_value(ax->reject, i);
			if (OBJ_obj2nid(obj) == id)
				return X509_TRUST_REJECTED;
		}
	}
	if (ax->trust) {
		for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
			obj = sk_ASN1_OBJECT_value(ax->trust, i);
			if (OBJ_obj2nid(obj) == id)
				return X509_TRUST_TRUSTED;
		}
	}
	return X509_TRUST_UNTRUSTED;
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: x509_trs.c,v 1.20 2015/02/10 11:22:21 jsing Exp $ */
2			/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3			* project 1999.
4			*/
5			/* ====================================================================
6			* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7			*
8			* Redistribution and use in source and binary forms, with or without
9			* modification, are permitted provided that the following conditions
10			* are met:
11			*
12			* 1. Redistributions of source code must retain the above copyright
13			* notice, this list of conditions and the following disclaimer.
14			*
15			* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19			*
20			* 3. All advertising materials mentioning features or use of this
21			* software must display the following acknowledgment:
22			* "This product includes software developed by the OpenSSL Project
23			* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24			*
25			* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* licensing@OpenSSL.org.
29			*
30			* 5. Products derived from this software may not be called "OpenSSL"
31			* nor may "OpenSSL" appear in their names without prior written
32			* permission of the OpenSSL Project.
33			*
34			* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36			* "This product includes software developed by the OpenSSL Project
37			* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38			*
39			* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50			* OF THE POSSIBILITY OF SUCH DAMAGE.
51			* ====================================================================
52			*
53			* This product includes cryptographic software written by Eric Young
54			* (eay@cryptsoft.com). This product includes software written by Tim
55			* Hudson (tjh@cryptsoft.com).
56			*
57			*/
58
59			#include <stdio.h>
60			#include <string.h>
61
62			#include <openssl/err.h>
63			#include <openssl/x509v3.h>
64
65			static int tr_cmp(const X509_TRUST * const a, const X509_TRUST const *b);
66			static void trtable_free(X509_TRUST *p);
67
68			static int trust_1oidany(X509_TRUST trust, X509 x, int flags);
69			static int trust_1oid(X509_TRUST trust, X509 x, int flags);
70			static int trust_compat(X509_TRUST trust, X509 x, int flags);
71
72			static int obj_trust(int id, X509 *x, int flags);
73			static int (default_trust)(int id, X509 x, int flags) = obj_trust;
74
75			/* WARNING: the following table should be kept in order of trust
76			* and without any gaps so we can just subtract the minimum trust
77			* value to get an index into the table
78			*/
79
80			static X509_TRUST trstandard[] = {
81			{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
82			{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
83			{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
84			{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
85			{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
86			{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
87			{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},
88			{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
89			};
90
91			#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
92
93			static STACK_OF(X509_TRUST) *trtable = NULL;
94
95			static int
96			tr_cmp(const X509_TRUST * const a, const X509_TRUST const *b)
97			{
98			return (a)->trust - (b)->trust;
99			}
100
101			int
102			(X509_TRUST_set_default(int (trust)(int , X509 , int)))(int, X509 , int)
103			{
104			int (oldtrust)(int , X509 , int);
105
106			oldtrust = default_trust;
107			default_trust = trust;
108			return oldtrust;
109			}
110
111			int
112			X509_check_trust(X509 *x, int id, int flags)
113		6	{
114			X509_TRUST *pt;
115			int idx;
116
117	✗✓	6	if (id == -1)
118			return 1;
119		6	idx = X509_TRUST_get_by_id(id);
120	✗✓	6	if (idx == -1)
121			return default_trust(id, x, flags);
122		6	pt = X509_TRUST_get0(idx);
123		6	return pt->check_trust(pt, x, flags);
124			}
125
126			int
127			X509_TRUST_get_count(void)
128			{
129			if (!trtable)
130			return X509_TRUST_COUNT;
131			return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
132			}
133
134			X509_TRUST *
135			X509_TRUST_get0(int idx)
136		6	{
137	✗✓	6	if (idx < 0)
138			return NULL;
139	✓✗	6	if (idx < (int)X509_TRUST_COUNT)
140		6	return trstandard + idx;
141			return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
142			}
143
144			int
145			X509_TRUST_get_by_id(int id)
146		8	{
147			X509_TRUST tmp;
148			int idx;
149
150	✓✗	8	if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
151		8	return id - X509_TRUST_MIN;
152			tmp.trust = id;
153			if (!trtable)
154			return -1;
155			idx = sk_X509_TRUST_find(trtable, &tmp);
156			if (idx == -1)
157			return -1;
158			return idx + X509_TRUST_COUNT;
159			}
160
161			int
162			X509_TRUST_set(int *t, int trust)
163			{
164			if (X509_TRUST_get_by_id(trust) == -1) {
165			X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
166			return 0;
167			}
168			*t = trust;
169			return 1;
170			}
171
172			int
173			X509_TRUST_add(int id, int flags, int (ck)(X509_TRUST , X509 *, int),
174			char name, int arg1, void arg2)
175			{
176			int idx;
177			X509_TRUST *trtmp;
178			char *name_dup;
179
180			/* This is set according to what we change: application can't set it */
181			flags &= ~X509_TRUST_DYNAMIC;
182			/* This will always be set for application modified trust entries */
183			flags \|= X509_TRUST_DYNAMIC_NAME;
184			/* Get existing entry if any */
185			idx = X509_TRUST_get_by_id(id);
186			/* Need a new entry */
187			if (idx == -1) {
188			if (!(trtmp = malloc(sizeof(X509_TRUST)))) {
189			X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
190			return 0;
191			}
192			trtmp->flags = X509_TRUST_DYNAMIC;
193			} else {
194			trtmp = X509_TRUST_get0(idx);
195			if (trtmp == NULL) {
196			X509err(X509_F_X509_TRUST_ADD, X509_R_INVALID_TRUST);
197			return 0;
198			}
199			}
200
201			if ((name_dup = strdup(name)) == NULL)
202			goto err;
203
204			/* free existing name if dynamic */
205			if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
206			free(trtmp->name);
207			/* dup supplied name */
208			trtmp->name = name_dup;
209			/* Keep the dynamic flag of existing entry */
210			trtmp->flags &= X509_TRUST_DYNAMIC;
211			/* Set all other flags */
212			trtmp->flags \|= flags;
213
214			trtmp->trust = id;
215			trtmp->check_trust = ck;
216			trtmp->arg1 = arg1;
217			trtmp->arg2 = arg2;
218
219			/* If it's a new entry, manage the dynamic table */
220			if (idx == -1) {
221			if (trtable == NULL &&
222			(trtable = sk_X509_TRUST_new(tr_cmp)) == NULL)
223			goto err;
224			if (sk_X509_TRUST_push(trtable, trtmp) == 0)
225			goto err;
226			}
227			return 1;
228
229			err:
230			free(name_dup);
231			if (idx == -1)
232			free(trtmp);
233			X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
234			return 0;
235			}
236
237			static void
238			trtable_free(X509_TRUST *p)
239			{
240			if (!p)
241			return;
242			if (p->flags & X509_TRUST_DYNAMIC) {
243			if (p->flags & X509_TRUST_DYNAMIC_NAME)
244			free(p->name);
245			free(p);
246			}
247			}
248
249			void
250			X509_TRUST_cleanup(void)
251			{
252			unsigned int i;
253
254			for (i = 0; i < X509_TRUST_COUNT; i++)
255			trtable_free(trstandard + i);
256			sk_X509_TRUST_pop_free(trtable, trtable_free);
257			trtable = NULL;
258			}
259
260			int
261			X509_TRUST_get_flags(X509_TRUST *xp)
262			{
263			return xp->flags;
264			}
265
266			char *
267			X509_TRUST_get0_name(X509_TRUST *xp)
268			{
269			return xp->name;
270			}
271
272			int
273			X509_TRUST_get_trust(X509_TRUST *xp)
274			{
275			return xp->trust;
276			}
277
278			static int
279			trust_1oidany(X509_TRUST trust, X509 x, int flags)
280		4	{
281	✗✓✗✗ ✗✗	4	if (x->aux && (x->aux->trust \|\| x->aux->reject))
282			return obj_trust(trust->arg1, x, flags);
283			/* we don't have any trust settings: for compatibility
284			* we return trusted if it is self signed
285			*/
286		4	return trust_compat(trust, x, flags);
287			}
288
289			static int
290			trust_1oid(X509_TRUST trust, X509 x, int flags)
291			{
292			if (x->aux)
293			return obj_trust(trust->arg1, x, flags);
294			return X509_TRUST_UNTRUSTED;
295			}
296
297			static int
298			trust_compat(X509_TRUST trust, X509 x, int flags)
299		6	{
300		6	X509_check_purpose(x, -1, 0);
301	✓✓	6	if (x->ex_flags & EXFLAG_SS)
302		4	return X509_TRUST_TRUSTED;
303			else
304		2	return X509_TRUST_UNTRUSTED;
305			}
306
307			static int
308			obj_trust(int id, X509 *x, int flags)
309			{
310			ASN1_OBJECT *obj;
311			int i;
312			X509_CERT_AUX *ax;
313
314			ax = x->aux;
315			if (!ax)
316			return X509_TRUST_UNTRUSTED;
317			if (ax->reject) {
318			for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
319			obj = sk_ASN1_OBJECT_value(ax->reject, i);
320			if (OBJ_obj2nid(obj) == id)
321			return X509_TRUST_REJECTED;
322			}
323			}
324			if (ax->trust) {
325			for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
326			obj = sk_ASN1_OBJECT_value(ax->trust, i);
327			if (OBJ_obj2nid(obj) == id)
328			return X509_TRUST_TRUSTED;
329			}
330			}
331			return X509_TRUST_UNTRUSTED;
332			}