src - FreeBSD source tree

diff options


context:
space:
mode:

author	Wojciech Macek <wma@FreeBSD.org>	2021-11-06 16:46:01 +0000
committer	Wojciech Macek <wma@FreeBSD.org>	2021-11-06 16:46:01 +0000
commit	200bc58953f0f5403d5ae57691f34500afe4c614 (patch)
tree	c8a301a09bc22dbff8a994fcc42044937d46f3fd
parent	0dedcdaa1a023d46c8951f03cd2f9df7ae025675 (diff)
download	src-200bc58953f0f5403d5ae57691f34500afe4c614.tar.gz src-200bc58953f0f5403d5ae57691f34500afe4c614.zip

Revert "ossl: Add support for AES-CBC cipher"

This reverts commit 849faf4e0ba9a8b8f24ff34da93a0fd46c14eda9.

Diffstat

-rw-r--r--

share/man/man4/ossl.4

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

sys/crypto/openssl/ossl.c

-rw-r--r--

sys/crypto/openssl/ossl.h

-rw-r--r--

sys/crypto/openssl/ossl_aarch64.c

-rw-r--r--

sys/crypto/openssl/ossl_aarch64.h

-rw-r--r--

sys/crypto/openssl/ossl_aes.c

153

-rw-r--r--

sys/crypto/openssl/ossl_chacha20.c

-rw-r--r--

sys/crypto/openssl/ossl_cipher.h

-rw-r--r--

sys/crypto/openssl/ossl_x86.c

-rw-r--r--

sys/crypto/openssl/ossl_x86.h

-rw-r--r--

sys/modules/ossl/Makefile

-rw-r--r--

tests/sys/opencrypto/cryptotest.py

16 files changed, 34 insertions, 436 deletions

diff --git a/share/man/man4/ossl.4 b/share/man/man4/ossl.4
index 039ce301ac29..5929e46e9fe3 100644
--- a/share/man/man4/ossl.4
+++ b/share/man/man4/ossl.4

@@ -26,7 +26,7 @@

.\"

.\" $FreeBSD$

.\"

-.Dd September 24, 2021

+.Dd March 3, 2021

.Dt OSSL 4

.Os

.Sh NAME

@@ -74,8 +74,6 @@ driver includes support for the following algorithms:

.Pp

.Bl -bullet -compact

.It

-AES-CBC

-.It

ChaCha20

.It

ChaCha20-Poly1305 (RFC 8439)

diff --git a/sys/conf/files b/sys/conf/files
index 9743341f6e45..f2663fd1c6c0 100644
--- a/sys/conf/files
+++ b/sys/conf/files

@@ -716,7 +716,6 @@ crypto/chacha20/chacha-sw.c optional crypto | ipsec | ipsec_support

crypto/des/des_ecb.c optional netsmb

crypto/des/des_setkey.c optional netsmb

crypto/openssl/ossl.c optional ossl

-crypto/openssl/ossl_aes.c optional ossl

crypto/openssl/ossl_chacha20.c optional ossl

crypto/openssl/ossl_poly1305.c optional ossl

crypto/openssl/ossl_sha1.c optional ossl

diff --git a/sys/conf/files.amd64 b/sys/conf/files.amd64
index 6b51c1a5a55d..37ff6404cdba 100644
--- a/sys/conf/files.amd64
+++ b/sys/conf/files.amd64

@@ -88,7 +88,6 @@ cddl/dev/dtrace/amd64/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"

cddl/dev/dtrace/amd64/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"

crypto/aesni/aeskeys_amd64.S optional aesni

crypto/des/des_enc.c optional netsmb

-crypto/openssl/amd64/aesni-x86_64.S optional ossl

crypto/openssl/amd64/chacha-x86_64.S optional ossl

crypto/openssl/amd64/poly1305-x86_64.S optional ossl

crypto/openssl/amd64/sha1-x86_64.S optional ossl

diff --git a/sys/conf/files.arm64 b/sys/conf/files.arm64
index e718e9b93847..a0bdaeb475d6 100644
--- a/sys/conf/files.arm64
+++ b/sys/conf/files.arm64

@@ -128,8 +128,6 @@ ghashv8-armx.o optional armv8crypto \

crypto/des/des_enc.c optional netsmb

crypto/openssl/ossl_aarch64.c optional ossl

-crypto/openssl/aarch64/aesv8-armx.S optional ossl \

- compile-with "${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} -march=armv8-a+crypto ${.IMPSRC}"

crypto/openssl/aarch64/chacha-armv8.S optional ossl \

compile-with "${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} ${.IMPSRC}"

crypto/openssl/aarch64/poly1305-armv8.S optional ossl \

@@ -140,8 +138,6 @@ crypto/openssl/aarch64/sha256-armv8.S optional ossl \

compile-with "${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} ${.IMPSRC}"

crypto/openssl/aarch64/sha512-armv8.S optional ossl \

compile-with "${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} ${.IMPSRC}"

-crypto/openssl/aarch64/vpaes-armv8.S optional ossl \

- compile-with "${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} ${.IMPSRC}"

dev/acpica/acpi_bus_if.m optional acpi

dev/acpica/acpi_if.m optional acpi

diff --git a/sys/conf/files.i386 b/sys/conf/files.i386
index 0c681d6a84a0..e83bcd5a3492 100644
--- a/sys/conf/files.i386
+++ b/sys/conf/files.i386

@@ -15,7 +15,6 @@ cddl/dev/dtrace/i386/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}"

cddl/dev/dtrace/i386/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}"

crypto/aesni/aeskeys_i386.S optional aesni

crypto/des/arch/i386/des_enc.S optional netsmb

-crypto/openssl/i386/aesni-x86.S optional ossl

crypto/openssl/i386/chacha-x86.S optional ossl

crypto/openssl/i386/poly1305-x86.S optional ossl

crypto/openssl/i386/sha1-586.S optional ossl

diff --git a/sys/crypto/openssl/ossl.c b/sys/crypto/openssl/ossl.c
index f46b5a966bb1..ad9b93dd960d 100644
--- a/sys/crypto/openssl/ossl.c
+++ b/sys/crypto/openssl/ossl.c

@@ -49,10 +49,24 @@ __FBSDID("$FreeBSD$");

#include <crypto/openssl/ossl.h>

#include <crypto/openssl/ossl_chacha.h>

-#include <crypto/openssl/ossl_cipher.h>

#include "cryptodev_if.h"

+struct ossl_softc {

+ int32_t sc_cid;

+};

+struct ossl_session_hash {

+ struct ossl_hash_context ictx;

+ struct ossl_hash_context octx;

+ struct auth_hash *axf;

+ u_int mlen;

+};

+struct ossl_session {

+ struct ossl_session_hash hash;

+};

static MALLOC_DEFINE(M_OSSL, "ossl", "OpenSSL crypto");

static void

@@ -78,7 +92,7 @@ ossl_attach(device_t dev)

sc = device_get_softc(dev);

- ossl_cpuid(sc);

+ ossl_cpuid();

sc->sc_cid = crypto_get_driverid(dev, sizeof(struct ossl_session),

CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC |

CRYPTOCAP_F_ACCEL_SOFTWARE);

@@ -129,34 +143,9 @@ ossl_lookup_hash(const struct crypto_session_params *csp)

}

-static struct ossl_cipher*

-ossl_lookup_cipher(const struct crypto_session_params *csp)

- switch (csp->csp_cipher_alg) {

- case CRYPTO_AES_CBC:

- switch (csp->csp_cipher_klen * 8) {

- case 128:

- case 192:

- case 256:

- break;

- default:

- return (NULL);

- }

- return (&ossl_cipher_aes_cbc);

- case CRYPTO_CHACHA20:

- if (csp->csp_cipher_klen != CHACHA_KEY_SIZE)

- return (NULL);

- return (&ossl_cipher_chacha20);

- default:

- return (NULL);

- }

static int

ossl_probesession(device_t dev, const struct crypto_session_params *csp)

{

- struct ossl_softc *sc = device_get_softc(dev);

if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) !=

@@ -167,10 +156,14 @@ ossl_probesession(device_t dev, const struct crypto_session_params *csp)

return (EINVAL);

break;

case CSP_MODE_CIPHER:

- if (csp->csp_cipher_alg != CRYPTO_CHACHA20 && !sc->has_aes)

- return (EINVAL);

- if (ossl_lookup_cipher(csp) == NULL)

+ switch (csp->csp_cipher_alg) {

+ case CRYPTO_CHACHA20:

+ if (csp->csp_cipher_klen != CHACHA_KEY_SIZE)

+ return (EINVAL);

+ break;

+ default:

return (EINVAL);

+ }

break;

case CSP_MODE_AEAD:

switch (csp->csp_cipher_alg) {

@@ -221,56 +214,19 @@ ossl_newsession_hash(struct ossl_session *s,

}

static int

-ossl_newsession_cipher(struct ossl_session *s,

- const struct crypto_session_params *csp)

- struct ossl_cipher *cipher;

- int error = 0;

- cipher = ossl_lookup_cipher(csp);

- if (cipher == NULL)

- return (EINVAL);

- s->cipher.cipher = cipher;

- if (csp->csp_cipher_key == NULL)

- return (0);

- fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX);

- if (cipher->set_encrypt_key != NULL) {

- error = cipher->set_encrypt_key(csp->csp_cipher_key,

- 8 * csp->csp_cipher_klen, &s->cipher.enc_ctx);

- if (error != 0) {

- fpu_kern_leave(curthread, NULL);

- return (error);

- }

- if (cipher->set_decrypt_key != NULL)

- error = cipher->set_decrypt_key(csp->csp_cipher_key,

- 8 * csp->csp_cipher_klen, &s->cipher.dec_ctx);

- fpu_kern_leave(curthread, NULL);

- return (error);

-static int

ossl_newsession(device_t dev, crypto_session_t cses,

const struct crypto_session_params *csp)

{

struct ossl_session *s;

- int error = 0;

s = crypto_get_driver_session(cses);

switch (csp->csp_mode) {

case CSP_MODE_DIGEST:

ossl_newsession_hash(s, csp);

break;

- case CSP_MODE_CIPHER:

- error = ossl_newsession_cipher(s, csp);

- break;

}

- return (error);

+ return (0);

}

static int

@@ -364,7 +320,7 @@ ossl_process(device_t dev, struct cryptop *crp, int hint)

error = ossl_process_hash(s, crp, csp);

break;

case CSP_MODE_CIPHER:

- error = s->cipher.cipher->process(&s->cipher, crp, csp);

+ error = ossl_chacha20(crp, csp);

break;

case CSP_MODE_AEAD:

if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op))

diff --git a/sys/crypto/openssl/ossl.h b/sys/crypto/openssl/ossl.h
index 4f5353818add..11793dca037a 100644
--- a/sys/crypto/openssl/ossl.h
+++ b/sys/crypto/openssl/ossl.h

@@ -36,47 +36,20 @@

struct cryptop;

struct crypto_session_params;

-struct ossl_softc;

-struct ossl_session;

+int ossl_chacha20(struct cryptop *crp,

+ const struct crypto_session_params *csp);

int ossl_chacha20_poly1305_decrypt(struct cryptop *crp,

const struct crypto_session_params *csp);

int ossl_chacha20_poly1305_encrypt(struct cryptop *crp,

const struct crypto_session_params *csp);

-void ossl_cpuid(struct ossl_softc *sc);

-struct ossl_softc {

- int32_t sc_cid;

- bool has_aes;

-};

+void ossl_cpuid(void);

/* Needs to be big enough to hold any hash context. */

struct ossl_hash_context {

uint32_t dummy[61];

} __aligned(32);

-struct ossl_cipher_context {

- uint32_t dummy[61];

-} __aligned(32);

-struct ossl_session_hash {

- struct ossl_hash_context ictx;

- struct ossl_hash_context octx;

- struct auth_hash *axf;

- u_int mlen;

-};

-struct ossl_session_cipher {

- struct ossl_cipher_context dec_ctx;

- struct ossl_cipher_context enc_ctx;

- struct ossl_cipher *cipher;

-};

-struct ossl_session {

- struct ossl_session_cipher cipher;

- struct ossl_session_hash hash;

-};

extern struct auth_hash ossl_hash_poly1305;

extern struct auth_hash ossl_hash_sha1;

extern struct auth_hash ossl_hash_sha224;

@@ -84,7 +57,4 @@ extern struct auth_hash ossl_hash_sha256;

extern struct auth_hash ossl_hash_sha384;

extern struct auth_hash ossl_hash_sha512;

-extern struct ossl_cipher ossl_cipher_aes_cbc;

-extern struct ossl_cipher ossl_cipher_chacha20;

#endif /* !__OSSL_H__ */

diff --git a/sys/crypto/openssl/ossl_aarch64.c b/sys/crypto/openssl/ossl_aarch64.c
index e4b87a75a403..2a45a848808a 100644
--- a/sys/crypto/openssl/ossl_aarch64.c
+++ b/sys/crypto/openssl/ossl_aarch64.c

@@ -36,7 +36,6 @@

#include <machine/md_var.h>

#include <crypto/openssl/ossl.h>

-#include <crypto/openssl/ossl_cipher.h>

#include <crypto/openssl/aarch64/arm_arch.h>

@@ -44,14 +43,8 @@

unsigned int OPENSSL_armcap_P;

-ossl_cipher_setkey_t aes_v8_set_encrypt_key;

-ossl_cipher_setkey_t aes_v8_set_decrypt_key;

-ossl_cipher_setkey_t vpaes_set_encrypt_key;

-ossl_cipher_setkey_t vpaes_set_decrypt_key;

void

-ossl_cpuid(struct ossl_softc *sc)

+ossl_cpuid(void)

{

/* SHA features */

if ((elf_hwcap & HWCAP_SHA1) != 0)

@@ -66,18 +59,4 @@ ossl_cpuid(struct ossl_softc *sc)

OPENSSL_armcap_P |= ARMV8_AES;

if ((elf_hwcap & HWCAP_PMULL) != 0)

OPENSSL_armcap_P |= ARMV8_PMULL;

- if ((OPENSSL_armcap_P & ARMV8_AES) == 0 &&

- (OPENSSL_armcap_P & ARMV7_NEON) == 0) {

- sc->has_aes = false;

- return;

- }

- sc->has_aes = true;

- if (OPENSSL_armcap_P & ARMV8_AES) {

- ossl_cipher_aes_cbc.set_encrypt_key = aes_v8_set_encrypt_key;

- ossl_cipher_aes_cbc.set_decrypt_key = aes_v8_set_decrypt_key;

- } else {

- ossl_cipher_aes_cbc.set_encrypt_key = vpaes_set_encrypt_key;

- ossl_cipher_aes_cbc.set_decrypt_key = vpaes_set_decrypt_key;

- }

}

diff --git a/sys/crypto/openssl/ossl_aarch64.h b/sys/crypto/openssl/ossl_aarch64.h
deleted file mode 100644
index f933f862d009..000000000000
--- a/sys/crypto/openssl/ossl_aarch64.h
+++ /dev/null

@@ -1,31 +0,0 @@

-/*

- *

- * Licensed under the OpenSSL license (the "License"). You may not use

- * this file except in compliance with the License. You can obtain a copy

- * in the file LICENSE in the source distribution or at

- * https://www.openssl.org/source/license.html

- */

-#ifndef __OSSL_AARCH64__

-#define __OSSL_AARCH64__

-#include <crypto/openssl/ossl.h>

-#include <crypto/openssl/ossl_cipher.h>

-#include <crypto/openssl/aarch64/arm_arch.h>

-/* aesv8-armx.S */

-ossl_cipher_encrypt_t aes_v8_cbc_encrypt;

-/* vpaes-armv8.S */

-ossl_cipher_encrypt_t vpaes_cbc_encrypt;

-static void

-AES_CBC_ENCRYPT(const unsigned char *in, unsigned char *out,

- size_t length, const void *key, unsigned char *iv, int encrypt)

- if (OPENSSL_armcap_P & ARMV8_AES)

- aes_v8_cbc_encrypt(in, out, length, key, iv, encrypt);

- else

- vpaes_cbc_encrypt(in, out, length, key, iv, encrypt);

-#endif

diff --git a/sys/crypto/openssl/ossl_aes.c b/sys/crypto/openssl/ossl_aes.c
deleted file mode 100644
index 93f16e7dce55..000000000000
--- a/sys/crypto/openssl/ossl_aes.c
+++ /dev/null

@@ -1,153 +0,0 @@

-/*-

- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD

- *

- * Redistribution and use in source and binary forms, with or without

- * modification, are permitted provided that the following conditions

- * are met:

- * 1. Redistributions of source code must retain the above copyright

- * notice, this list of conditions and the following disclaimer.

- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the

- * documentation and/or other materials provided with the distribution.

- *

- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR

- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,

- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

- */

-#include <sys/cdefs.h>

-__FBSDID("$FreeBSD$");

-#include <sys/param.h>

-#include <sys/malloc.h>

-#include <opencrypto/cryptodev.h>

-#include <crypto/openssl/ossl.h>

-#include <crypto/openssl/ossl_cipher.h>

-#if defined(__amd64__) || defined(__i386__)

-#include <crypto/openssl/ossl_x86.h>

-#elif defined (__aarch64__)

-#include <crypto/openssl/ossl_aarch64.h>

-#endif

-static ossl_cipher_process_t ossl_aes_cbc;

-struct ossl_cipher ossl_cipher_aes_cbc = {

- .type = CRYPTO_AES_CBC,

- .blocksize = AES_BLOCK_LEN,

- .ivsize = AES_BLOCK_LEN,

- /* Filled during initialization based on CPU caps. */

- .set_encrypt_key = NULL,

- .set_decrypt_key = NULL,

- .process = ossl_aes_cbc

-};

-static int

-ossl_aes_cbc(struct ossl_session_cipher *s, struct cryptop *crp,

- const struct crypto_session_params *csp)

- struct crypto_buffer_cursor cc_in, cc_out;

- unsigned char block[EALG_MAX_BLOCK_LEN];

- unsigned char iv[EALG_MAX_BLOCK_LEN];

- const unsigned char *in, *inseg;

- unsigned char *out, *outseg;

- size_t plen, seglen, inlen, outlen;

- struct ossl_cipher_context key;

- struct ossl_cipher *cipher;

- int blocklen, error;

- bool encrypt;

- cipher = s->cipher;

- encrypt = CRYPTO_OP_IS_ENCRYPT(crp->crp_op);

- plen = crp->crp_payload_length;

- blocklen = cipher->blocksize;

- if (plen % blocklen)

- return (EINVAL);

- if (crp->crp_cipher_key != NULL) {

- if (encrypt)

- error = cipher->set_encrypt_key(crp->crp_cipher_key,

- 8 * csp->csp_cipher_klen, &key);

- else

- error = cipher->set_decrypt_key(crp->crp_cipher_key,

- 8 * csp->csp_cipher_klen, &key);

- if (error)

- return (error);

- } else {

- if (encrypt)

- key = s->enc_ctx;

- else

- key = s->dec_ctx;

- }

- crypto_read_iv(crp, iv);

- /* Derived from ossl_chacha20.c */

- crypto_cursor_init(&cc_in, &crp->crp_buf);

- crypto_cursor_advance(&cc_in, crp->crp_payload_start);

- inseg = crypto_cursor_segment(&cc_in, &inlen);

- if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) {

- crypto_cursor_init(&cc_out, &crp->crp_obuf);

- crypto_cursor_advance(&cc_out, crp->crp_payload_output_start);

- } else {

- cc_out = cc_in;

- }

- outseg = crypto_cursor_segment(&cc_out, &outlen);

- while (plen >= blocklen) {

- if (inlen < blocklen) {

- crypto_cursor_copydata(&cc_in, blocklen, block);

- in = block;

- inlen = blocklen;

- } else {

- in = inseg;

- }

- if (outlen < blocklen) {

- out = block;

- outlen = blocklen;

- } else {

- out = outseg;

- }

- /* Figure out how many blocks we can encrypt/decrypt at once. */

- seglen = rounddown(MIN(plen, MIN(inlen, outlen)), blocklen);

- AES_CBC_ENCRYPT(in, out, seglen, &key, iv, encrypt);

- if (out == block) {

- crypto_cursor_copyback(&cc_out, blocklen, block);

- outseg = crypto_cursor_segment(&cc_out, &outlen);

- } else {

- crypto_cursor_advance(&cc_out, seglen);

- outseg += seglen;

- outlen -= seglen;

- }

- if (in == block) {

- inseg = crypto_cursor_segment(&cc_in, &inlen);

- } else {

- crypto_cursor_advance(&cc_in, seglen);

- inseg += seglen;

- inlen -= seglen;

- }

- plen -= seglen;

- }

- explicit_bzero(block, sizeof(block));

- explicit_bzero(iv, sizeof(iv));

- explicit_bzero(&key, sizeof(key));

- return (0);

diff --git a/sys/crypto/openssl/ossl_chacha20.c b/sys/crypto/openssl/ossl_chacha20.c
index c21a28470a26..aa125121e8b4 100644
--- a/sys/crypto/openssl/ossl_chacha20.c
+++ b/sys/crypto/openssl/ossl_chacha20.c

@@ -37,24 +37,10 @@

#include <crypto/openssl/ossl.h>

#include <crypto/openssl/ossl_chacha.h>

-#include <crypto/openssl/ossl_cipher.h>

#include <crypto/openssl/ossl_poly1305.h>

-static ossl_cipher_process_t ossl_chacha20;

-struct ossl_cipher ossl_cipher_chacha20 = {

- .type = CRYPTO_CHACHA20,

- .blocksize = CHACHA_BLK_SIZE,

- .ivsize = CHACHA_CTR_SIZE,

- .set_encrypt_key = NULL,

- .set_decrypt_key = NULL,

- .process = ossl_chacha20

-};

-static int

-ossl_chacha20(struct ossl_session_cipher *s, struct cryptop *crp,

- const struct crypto_session_params *csp)

+int

+ossl_chacha20(struct cryptop *crp, const struct crypto_session_params *csp)

{

_Alignas(8) unsigned int key[CHACHA_KEY_SIZE / 4];

unsigned int counter[CHACHA_CTR_SIZE / 4];

diff --git a/sys/crypto/openssl/ossl_cipher.h b/sys/crypto/openssl/ossl_cipher.h
deleted file mode 100644
index d9e6ec29aafc..000000000000
--- a/sys/crypto/openssl/ossl_cipher.h
+++ /dev/null

@@ -1,53 +0,0 @@