Page Comparison

A config maker, cipher suites are configurable via serial console

SSL options are made available in below conf files like SSLCipherSuite,SSLCertificateFile,SSLCertificateKeyFile etc

./products/one/server/bloxtools/bloxtools_apache/conf/httpd_simple.conf

./products/one/server/tmpl-captive-portal-common-httpd.conf

./products/one/server/tmpl-bloxtools-httpd.conf

./products/one/server/tmpl-one-httpd.conf

./products/tests/server/src/bin/harness/datasets/httpd-ibdelay.conf

./webui/httpd.conf

OpenSSL C-functions

A config maker, cipher suites are configurable via serial console

./products/one/server/src/bin/make_httpd_conf/db.c

set_tls_protocols --- will enable "enable_tlsv1"," enable_tlsv1_1" and "enable_tlsv1_2","ALL" in db based on its param

set_tls_ciphers --- validates "cipher_suite" param

OpenSSL C-functions

     A config maker, cipher suites are configurable via serial console

./products/one/server/src/bin/serial_console/set.c

check_ssl_connection()--- To check ssl connection

download_gm_certificate ---Download certificate from GM

printf_certificate() --- To print certificate

OpenSSL C-functions

SSL_CTX_new,SSL_new,SSL_set_bio,

SSL_connect,SSL_CTX_free,BIO_free,SSL_library_init,

TLSv1_client_method,BIO_new_socket,SSL_get_peer_certificate

PEM_write_bio_X509,BIO_new,BIO_read,X509_free,SSL_CTX_free

BIO_puts,PEM_read_bio_X509,BIO_new_fp,BIO_printf,

X509_NAME_print,X509_get_pubkey,EVP_PKEY_print_public

EVP_PKEY_free,X509_signature_print,X509_free

./products/one/server/src/bin/clusterd/util.c

Functions cd_start_replica_vpn, cd_start_master_vpn run command /usr/sbin/openvpn with arguments including:

--ca /infoblox/security/keys/vpn_CaCerts.pem,

--cert /infoblox/security/keys/node.crt,

--key /infoblox/security/keys/node.key,

--cipher AES-128-CB,

--tls-cipher DHE-RSA-AES256-SHA,

--auth SHA1

./products/one/server/src/bin/clusterd/sendmsg_handshake.c

This module uses functions cd_derive_serial, cd_sign_msg from module ./products/one/server/src/bin/clusterd/util.c

Function cd_derive_serial derives a serial number from a string using SHA1 digest algorithm,

it is used in function cd_sendmsg_handshake_resp_req

Function cd_sign_msg signs a message with HMAC-SHA256,

it is used in functions cd_sendmsg_handshake_approval, cd_sendmsg_handshake_request_tunnel, cd_sendmsg_handshake_tunnel_approved, cd_sendmsg_handshake_new_master, cd_sendmsg_handshake_restart

This module uses functions ib_generate_authn_challenge, ib_generate_authn_response, ib_generate_authn_response_2 from module ./common/server/src/lib/security/security_functions.c

Function ib_generate_authn_challenge generates auth challenge, it performes base64 encoding with OpenSSL function EVP_EncodeBlock,

it is used in function cd_sendmsg_handshake_challenge,

Function ib_generate_authn_response generates auth response computing MD5 hash, it is used in NIOS versions less than 6.3,

Function ib_generate_authn_response_2 generates auth response using HMAC_SHA256 algorithm, it is used in NIOS versions equal or greater than 6.3

they are used in function cd_sendmsg_handshake_resp_req

Functions cd_derive_serial, cd_sign_msg from module ./products/one/server/src/bin/clusterd/util.c

Functions ib_generate_authn_challenge, ib_generate_authn_response, ib_generate_authn_response_2 from module ./common/server/src/lib/security/security_functions.c

./products/one/server/src/bin/clusterd/handshake.c

This module uses functions cd_derive_serial, cd_verify_msg from module ./products/one/server/src/bin/clusterd/util.c

Function cd_derive_serial derives a serial number from a string using SHA1 digest algorithm,

it is used in functions cd_master_handshake_chal, cd_potential_master_handshake_chal, cd_master_handshake_resp_chal, cd_master_handshake_resp_req, Function cd_potential_master_handshake_resp_req, cd_replica_handshake_resp_chal

Function cd_verify_msg verifies a message signed by HMAC-SHA256,

it is used in functions cd_master_handshake_approval_verify, cd_master_handshake_tunnel_request_verify, cd_master_handshake_new_master_verify, cd_potential_master_handshake_new_master, cd_replica_handshake_approval, cd_replica_handshake_tunnel_approved, cd_replica_handshake_restart

This module uses functions ib_generate_authn_challenge, ib_generate_authn_response, ib_generate_authn_response_2 from module ./common/server/src/lib/security/security_functions.c

Function ib_generate_authn_challenge generates auth challenge, it performes base64 encoding with OpenSSL function EVP_EncodeBlock,

it is used in functions cd_master_handshake_chal, cd_potential_master_handshake_chal

Function ib_generate_authn_response generates auth response computing MD5 hash, it is used in NIOS versions less than 6.3,

Function ib_generate_authn_response_2 generates auth response using HMAC_SHA256 algorithm, it is used in NIOS versions equal or greater than 6.3,

they are used in functions cd_master_handshake_chal, cd_potential_master_handshake_chal, cd_master_handshake_resp_chal, cd_master_handshake_resp_req, cd_potential_master_handshake_resp_req, cd_replica_handshake_resp_chal

Functions cd_derive_serial, cd_verify_msg from module ./products/one/server/src/bin/clusterd/util.c

Functions ib_generate_authn_challenge, ib_generate_authn_response, ib_generate_authn_response_2 from module ./common/server/src/lib/security/security_functions.c

A config maker

./products/one/server/src/bin/util/check_sshd_conf.sh

To generate host keys

ssh-keygen -t rsa -f $SSHD_HOST_RSA_KEY -N "" >/dev/null

ssh-keygen -t dsa -f $SSHD_HOST_DSA_KEY -N "" >/dev/null

No OpenSSL function calls

No OpenSSL function calls

RADIUIS Services

./products/one/server/src/pyabs/radius_auth_service.py

Function RadiusAuthService.authenticate does RADIUS authentication,

it uses functions from module ./products/one/server/src/lib/one_rtxml_functions/radius.c

No OpenSSL function calls

Remote authentication

RADIUIS Services

./products/one/server/src/lib/one_rtxml_functions/radius.c

Function radius_generate_acct_request_authenticator generates Accounting Request Authenticator (RequestAuth = MD5),

it is used in this module, functions radius_accounting_start, admin_radius_accounting_test

Function radius_verify_message_authenticator recalculates the Message-Authenticator and compares with the received Message-Authenticator (MD5),

it is used in this module, function radius_verify_response_packet

Function radius_verify_response_authenticator verifies the Received response authenticator (MD5),

Function radius_generate_message_authenticator generates a message authenticator (Message-Authenticator = HMAC-MD5),

Function radius_encrypt_user_password encrypts User-Password (MD5),

Function radius_encode_chap_password encodes CHAP-Password (MD5),

they are used in this module, functions radius_access_request, radius_redo_access_request

OpenSSL C-functions:

MD5_Init, MD5_Update, MD5_Final used in functions radius_generate_acct_request_authenticator, radius_verify_response_authenticator, radius_encrypt_user_password, radius_encode_chap_password

HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup, HMAC_CTX_cleanup used in functions radius_generate_message_authenticator, adius_verify_message_authenticator

Remote authentication

RADIUIS Services

./products/one/server/src/bin/admin_radius_acct/admin_radius_acct.c

Function radius_generate_acct_request_authenticator generates Accounting Request Authenticator (RequestAuth = MD5),

it is used in this module, function radius_redo_accounting_request

Function radius_generate_acct_response_authenticator generates Accounting response authenticator (MD5),

it is used in this module, function radius_acct_response_packet

Function radius_verify_acct_request_authenticator verifies the Received Acct request authenticator (MD5),

it is used in this module, function radius_verify_request_packet

Function radius_verify_response_authenticator verifies the Received response authenticator (MD5),

Function radius_verify_message_authenticator recalculates the Message-Authenticator and compares with the received Message-Authenticator (HMAC-MD5),

they are used in this module, function radius_verify_response_packet

OpenSSL C-functions:

MD5_Init, MD5_Update, MD5_Final used in functions radius_generate_acct_request_authenticator, radius_generate_acct_response_authenticator, radius_verify_acct_request_authenticator, radius_verify_response_authenticator

HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup used in function radius_verify_message_authenticator

No OpenSSL function calls

Certificate Authentication Services ./products/one/server/src/pyabs/ocsp_auth.py

Function OcspAuthService.authenticate does OCSP verification, it uses functions from module ./products/one/server/src/lib/one_ocsp/ocsp.c, see ocsp in this table

Function OcspAuthService.__get_responders_from_aia gets OCSP responder address(es) from aia, used in class function _get_effective_responders

Openssl command: openssl x509 -in cert_file -noout -ocsp_uri used in function OcspAuthService.__get_responders_from_aia

Config maker ./products/one/server/src/pyabs/syslog_config.py get_certificate_hash_from_fil

openssl -x509 -noout -hash -in "filename"

./products/one/server/src/lib/pki/ipki_store.c

Function calculate_certificate_sha_512_fingerprint calculates SHA512 fingerprint of the certificate,

it is used in modules:

this module, function convert_crypto_cert_to_cert_db,

./products/one/server/src/lib/pki/ipki_api.c, function ipki_get_cert_data

Function convert_crypto_cert_to_cert_db converts a cert from openssl X509 handle to a cert stored in db,

it is used in this module, function convert_cert_buf_to_cert_db

Function convert_csr_buf_to_csr_db converts a CSR in DER binary to a CSR stored in db,

it is used in this module, function store_csr_only

Function ipki_check_ca_cert_among_csrs checks to see if the cert has a common name in all pending CSRs,

it is used in module ./products/one/server/src/lib/one_rtxml_functions/system_administration.c, function one_import_ca_certificate

Function ipki_find_csr_with_cert finds a matching CSR for a given app cert,

it is used in this module, function ipki_import_app_cert

OpenSSL C-functions:

X509_digest with digest type=SHA512 used in function calculate_certificate_sha_512_fingerprint,

X509_get_issuer_name, X509_get_serialNumber, X509_get_subject_name, X509_get_pubkey, X509_free used in functions convert_crypto_cert_to_cert_db, ipki_check_ca_cert_among_csrs,

ipki_find_csr_with_cert, X509_REQ_get_subject_name, X509_REQ_get_pubkey, EVP_PKEY_bits, X509_REQ_free used in function convert_csr_buf_to_csr_db

infoblox pki lib

./products/one/server/src/lib/pki/ipki_api.c

Function ipki_parse_cert_info returns cert info back to caller from a binary cert

Function ipki_parse_csr_info returns csr info back to caller from a binary csr,

it is used in this module, function ipki_generate_and_encode_csr

Function ipki_get_cert_data returns cert attributes and base64 encoded DB writable content,

it is used in module ./products/one/server/src/pyutil/ibutil.c, function util_get_cert_data

Function ipki_sign_csr_and_encode_cert - a thin wrapper for ipki_create_selfsigned_cert,

it is used in module ./products/one/server/src/pyutil/ibutil.c, function util_sign_csr

Function ipki_sign_csr_by_ca - a thin wrapper for ipki_sign_cert,

it is used in module ./products/one/server/src/pyutil/ibutil.c, function util_sign_csr_by_ca

OpenSSL C-functions:

X509_get_subject_name, X509_get_pubkey, EVP_PKEY_bits, X509_get_notBefore, X509_get_notAfter, X509_free used in function ipki_parse_cert_info,

X509_REQ_get_subject_name, X509_REQ_get_pubkey, EVP_PKEY_bits, X509_REQ_free used in function ipki_parse_csr_info,

PEM_read_bio_X509_AUX, PEM_read_bio_X50, X509_get_subject_name, X509_get_issuer_name, X509_get_pubkey, X509_check_ca, EVP_PKEY_bits, X509_get_notBefore, X509_get_notAfter used in function ipki_get_cert_data,

PEM_read_bio_X509_REQ, X509_REQ_free used in functions ipki_sign_csr_and_encode_cert, ipki_sign_csr_by_ca

./products/one/server/src/lib/pki/ipki_util.c

Macro #define DEFAULT_KEY_CIPHER>>EVP_des_ede3_cbc(), it is used in function ipki_key_bin_to_pem as an argument of call PEM_write_bio_PrivateKey

Function ipki_init initializes openssl context,

it is used in modules:

./products/one/server/src/lib/one_rtxml_functions/system_administration.c, functions one_import_ca_certificate, one_import_app_certificate, one_import_pkcs12

./products/one/server/src/pyutil/ibutil.c, function util_one_import_https_certificate

Function ipki_cert_bin_to_pem writes DER encoded cert to the given file in PEM format,

it is used in modules:

./products/dns/server/src/bin/make_dtc_conf/make_healthd_conf.c, function mdc_healthd_certificates

./products/dns/server/src/bin/ciscoise_syncd/ciscoise_onedb.c, function _fill_srv_properties

./products/one/server/src/lib/one_rtxml_functions/system_administration.c, function one_export_any_cert

./products/one/server/src/pyutil/ibutil.c, function util_ipki_cert_bin_to_pem

./products/one/server/src/bin/make_default_apache_cert/main.c, function mhc_write_default_https_cert_files

ipki_cert_bin_to_pem which is used in the following python modules:

./products/one/server/src/bin/make_syslog_conf/main.c, function msc_write_syslog_ng_conf

./products/one/server/src/bin/make_https_cert/main.c, function mhc_write_https_cert_files

./products/ifmap/server/src/bin/ifmapcd/client.c, ./ifmap/server/src/bin/ifmapcd/client.c, function ifmap_get_config

./products/one/server/src/pyutil/util.py, function

./products/one/server/src/pyabs/tae_ca_certificate.py, function

TaeCACertificate._check_cert

./products/one/server/src/bin/util/make_certs.py, function make_cert_and_key

./products/ifmap/server/src/pyabs/ifmap_ca_certificate.py, function IfmapCACertificate._check_cert

Function ipki_cert_pem_to_bin - given a file that contains a PEM formatted cert, returns its DER encoded data,

it is used in modules:

./products/one/server/src/lib/one_rtxml_functions/system_administration.c, functions one_import_ca_certificate, one_import_app_certificate, one_import_https_certificate

./products/one/server/src/pyutil/ibutil.c, function util_one_import_https_certificate

./products/one/server/src/bin/make_default_apache_cert/main.c, function mhc_read_https_cert_files

Function ipki_csr_bin_to_pem writes DER encoded CSR to the given file in PEM format

it is used in module ./products/one/server/src/lib/pki/ipki_api.c, functions ipki_generate_and_store_csr,

ipki_regenerate_csr_from_db

Function ipki_csr_pem_to_bin - given a file that contains a PEM formatted CSR, returns its DER encoded data, it is used in UTs

za

Function ipki_key_bin_to_pem writes DER encoded private key to the given file in PEM format,

it is used in modules:

./products/one/server/src/pyutil/ibutil.c, function util_ipki_key_bin_to_pem

./products/one/server/src/bin/make_default_apache_cert/main.c, function mhc_write_default_https_cert_files

./products/one/server/src/bin/make_https_cert/main.c, function mhc_write_https_cert_files

./products/ifmap/server/src/bin/ifmapcd/client.c, ./ifmap/server/src/bin/ifmapcd/client.c, function ifmap_get_config

./products/one/server/src/pyutil/util.py, function ipki_key_bin_to_pem which is used in the following python module:

./products/one/server/src/bin/util/make_certs.py, function make_cert_and_key

Function ipki_key_pem_to_bin - given a file that contains a PEM formatted private key, returns its DER encoded data,

it is used in module:

./products/one/server/src/bin/make_default_apache_cert/main.c, function mhc_read_https_cert_files

OpenSSL C-functions:

OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, ERR_load_crypto_strings used in function ipki_init

PEM_write_bio_X509, PEM_read_bio_X509, X509_free used in functions ipki_cert_bin_to_pem, ipki_cert_pem_to_bin

PEM_write_bio_X509_REQ, PEM_read_bio_X509_REQ, X509_free used in functions ipki_csr_bin_to_pem, ipki_csr_pem_to_bin

PEM_write_bio_PrivateKey, PEM_read_bio_PrivateKey, EVP_PKEY_free used in functions ipki_key_bin_to_pem, ipki_key_pem_to_bin, one_import_https_certificate

EVP_des_ede3_cbc used in macro DEFAULT_KEY_CIPHER

infoblox pki lib    

./products/one/server/src/lib/pki/ipki_gen.c

Function ipki_set_serial_number sets a certificate serial number,

it is used in this module, functions ipki_create_selfsigned_cert, ipki_sign_cert

Function ipki_create_key creates a public/private key pair,

it is used in this module, function ipki_generate_csr

Function ipki_build_csr builds a CSR from given info,

it is used in this module, functions ipki_generate_csr, ipki_resign_csr

Function ipki_check_selfsigned_cert checks if a cert is self-signed,

it is used in module ./products/one/server/src/lib/one_rtxml_functions/system_administration.c, function one_get_https_cert

Function ipki_create_selfsigned_cert generates a self signed cert,

it is used in modules:

./products/one/server/src/lib/pki/ipki_api.c, functions ipki_generate_and_store_server_cert, ipki_sign_csr_and_encode_cert

./products/one/server/src/bin/make_default_apache_cert/main.c, function mhc_write_default_https_cert_files

Function ipki_sign_cert signs a cert with a CA and returns the binary cert in a buffer,

it is used in module ./products/one/server/src/lib/pki/ipki_api.c, function ipki_sign_csr_by_ca

OpenSSL C-functions:

X509_get_pubkey, X509_get_subject_name, X509_get_issuer_name, X509_set_serialNumber, X509_free used in functions ipki_set_serial_number, ipki_check_selfsigned_cert

EVP_PKEY_new, RSA_generate_key, EVP_PKEY_assign_RSA, RSA_free used in function ipki_create_key,

X509_REQ_new, X509_REQ_sign (with SHA1/SHA256), X509_REQ_free used in function ipki_build_csr

X509_REQ_to_X509, X509_set_version, X509_set_issuer_name, X509_sign (with SHA1/SHA256), X509_free, X509_REQ_free used in functions ipki_create_selfsigned_cert, ipki_sign_cert

https, sip monitors communication:

./products/dns/server/src/pyabs/idns_util.py

Function

add_idns_certificate()

List of SSL ciphers in an OpenSSL format

./products/dns/server/src/pyabs/idns_util.py

openssl x509 -in "pem_path" -out "crt_path" -text

openssl pkey -in "pem_path" -out "key_path" -text

openssl pkey -in "pem_path" -out "key_path"

openssl rsa -nout -modulus -in "key_path"

openssl x509 -nout -modulus -in "crt_path"

./products/dns/server/src/pyabs/idns_util.py

Function

add_idns_certificate()

Certificates in PEM or PKCS#12 format associated with HTTP and SIP health monitors

./products/dns/server/src/pyabs/idns_util.py

openssl pkcs12 -in "cert_and_key_path" -info -noout -passin pass:

openssl pkcs12 -in "cert_and_key_path" -nodes -out "pem_path" -passin pass:

The below files doesnt have any crypthographic function

./products/dns/server/src/pyabs/idns_common.py

./products/dns/server/src/pyabs/idns_certificate.py

./products/dns/server/src/pyabs/idns_monitor_http.py

./products/dns/server/src/pyabs/idns_monitor_sip.py

./products/one/server/src/outbound/lib/ssl_wrapper.py

Function:

WrapSSLSocket class is defined and called for WrapHTTPSConnection.

A generate certificate button on DXL endpoint creation:

Upload and validate DXL endpoint certificate

./products/one/server/src/outbound/lib/worker.py

The above mentioned file doesn't exists now.

In the below files encryption algorithms are not used

./products/one/server/src/outbound/lib/records.py

./products/one/server/src/outbound/lib/service_manager.py

./products/one/server/src/outbound/lib/ssl_requests.py

A generate certificate button on DXL endpoint creation:

Upload and validate DXL endpoint certificate

./bind9/lib/dns/openssldsa_link.c

Function

Function openssldsa_createctx() creates,initializes and setup Digest context.

Function openssldsa_destroyctx() cleans up digest context ctx and frees up the space allocated to it.

Function openssldsa_adddata() hashes cnt data to digest context ctx.

Function openssldsa_sign()signs the data in ctx using the private key pkey and places the signature in sig.

Function openssldsa_verify() verifies the data

Function openssldsa_destroy() DSA_free() is called.

openssldsa_fromdns()

Function openssldsa_parse() is used to parse private key

OpenSSL C-functions

EVP_MD_CTX_create,EVP_DigestInit_ex,EVP_MD_CTX_destroy,

EVP_DigestUpdate,EVP_PKEY_new,EVP_PKEY_set1_DSA,EVP_PKEY_free,

EVP_DigestFinal_ex,DSA_SIG_new,

DSA_do_verify,DSA_SIG_free,DSA_free

./bind9/lib/dns/tests/gost_test.c

Function ATF_TC_BODY() is used to generate OPENSSL_GOST private key

OpenSSL C-functions

EVP_PKEY_bits,EVP_PKEY_get0,EC_KEY_set_private_key,EC_KEY_get0_private_key,

pk11_get_session,pkcs_C_CreateObject,pkcs_C_SignInit,pkcs_C_Sign

./bind9/lib/dns/opensslrsa_link.c

Function opensslrsa_createctx() creates,initializes and setup Digest context based on algorithm

Function opensslrsa_destroyctx() cleans up digest context ctx and frees up the space allocated to it.

Function opensslrsa_adddata() hashes cnt data to digest context ctx.

Function opensslrsa_sign()signs the data in ctx using the private key pkey and places the signature in sig.

Function opensslrsa_verify2() verifies the data

Function opensslrsa_generate() generates keys.

Function opensslrsa_isprivate() RSA private key verified.

Function opensslrsa_destroy()RSA_free() is called

Function opensslrsa_todns(),opensslrsa_fromdns(),opensslrsa_tofile(),

Function opensslrsa_parse() is used to parse private key

Function opensslrsa_fromlabel() public key generation

OpenSSL C-functions

EVP_MD_CTX_create,EVP_md5,EVP_sha1,EVP_sha256,EVP_sha512,

EVP_DigestInit_ex,EVP_MD_CTX_destroy,EVP_MD_CTX_destroy,

EVP_DigestUpdate,EVP_SignFinal,RSA_sign,EVP_PKEY_get1_RSA,RSA_free,

RSA_size,RSA_public_decrypt,EVP_PKEY_set1_RSA,RSA_generate_key_ex,

RSA_generate_key,EVP_PKEY_free, EVP_PKEY_get1_RSA,EVP_PKEY_new

./bind9/lib/dns/openssldh_link.c

Function openssldh_computesecret() to generate secret key

Function openssldh_generate() is used to generate DH key.

Function openssldh_destroy() DH_free is called

Function openssldh_fromdns()

Function openssldh_parse()is used to parse private key

OpenSSL C-functions

DH_size,DH_compute_key,DH_new,DH_free,DH_generate_parameters_ex,DH_generate_parameters,DH_free

./bind9/lib/dns/pkcs11rsa_link.c

Function pkcs11rsa_createctx_sign() creates and signs pkcs objects with algorithms specified

Function pkcs11rsa_createctx_verify() pk11_ctx object is verified with its algorithm mechanism

Function pkcs11rsa_destroyctx() Destroys pkcs object.

Function pkcs11rsa_adddata() sign/Data update to pkcs object

Function pkcs11rsa_sign() pkcs_C_SignFinal() is called fron here

Function pkcs11rsa_verify() verify pk11_ctx

Function pkcs11rsa_compare() comparing two keys passed to it.

Function pkcs11rsa_generate() generate PKCS keypairs.

Function pkcs11rsa_isprivate() get the attribute by type from it.

Function pkcs11rsa_destroy() destroying pkey and its data from dst_key_t

Function pkcs11rsa_todns()

Function pkcs11rsa_fromdns()

Function pkcs11rsa_tofile()

Function pkcs11rsa_fetch()

Function rsa_check() check for private and public attributes in pk11 object.

Function pkcs11rsa_parse() parsing public and private key

Function pkcs11rsa_fromlabel() find the objects and its attribute values.

OpenSSL C-functions

pk11_get_best_token,pk11_get_session,pk11_attribute_next,pk11_attribute_first

pkcs_C_CreateObject,pkcs_C_SignInit,pk11_numbits,pkcs_C_VerifyInit,

pkcs_C_DestroyObject,pk11_return_session,pkcs_C_DestroyObject,

pk11_return_session,pkcs_C_SignUpdate,pkcs_C_VerifyUpdate

pkcs_C_SignFinal,pkcs_C_VerifyFinal,pk11_attribute_bytype,pkcs_C_GenerateKeyPair

pkcs_C_GetAttributeValue,pkcs11rsa_destroy,pk11_numbits,pk11_parse_uri,

pkcs11rsa_destroy,pkcs_C_FindObjectsInit,pkcs_C_FindObjects,pkcs_C_FindObjectsFinal,pkcs_C_GetAttributeValue

./bind9/lib/dns/opensslgost_link.c

Function isc_gost_init() creates,initializes and setup Digest

Function isc_gost_invalidate() cleanup of ctx

Function isc_gost_update() does Digestupdate

Function isc_gost_final() digest final

Function opensslgost_createctx() creates,initializes and setup Digest

Function opensslgost_destroyctx() destroys the setup digest.

Function opensslgost_adddata() perform Digest update.

Function opensslgost_sign() sign the private key.

Function opensslgost_verify() verifies the EVP_MD_CTX

Function opensslgost_compare() compares two keys

Function progress_cb() private key generation info.

Function opensslgost_generate() initialize and gost key generation

Function opensslgost_isprivate() get private key

Function opensslgost_destroy() free the private key

Function opensslgost_tofile()

function opensslgost_parse()parsing public and private key

OpenSSL C-functions

EVP_gost,EVP_MD_CTX_init,EVP_DigestInit,EVP_DigestFinal

EVP_MD_CTX_cleanup,EVP_DigestUpdate,EVP_MD_CTX_create,

EVP_DigestInit_ex,EVP_MD_CTX_destroy,EVP_SignFinal,

EVP_VerifyFinal,EVP_PKEY_cmp,EVP_PKEY_CTX_get_app_data,EVP_PKEY_CTX_get_keygen_info<

EVP_PKEY_CTX_new_id,EVP_PKEY_CTX_set_cb,EVP_PKEY_CTX_set_app_data,EVP_PKEY_keygen_init

EVP_PKEY_CTX_ctrl_str,EVP_PKEY_keygen,EVP_PKEY_get0,EVP_PKEY_free,EC_KEY_get0_private_key

EC_KEY_set_private_key,EC_KEY_set_public_key,EVP_PKEY_free

./bind9/lib/dns/openssl_link.c

dst__openssl_destroy --- connection termination of openssl

OpenSSL C-functions

EVP_cleanup

./bind9/lib/dns/opensslecdsa_link.c

Function opensslecdsa_createctx() creates,initializes and setup Digest context.

Function opensslecdsa_destroyctx() cleans up digest context ctx and frees up the space allocated to it.

Function opensslecdsa_adddata() hashes cnt data to digest context ctx.

Function opensslecdsa_sign()signs the data in ctx using the private key pkey and places the signature in sig.

Function opensslecdsa_verify() verifies the data

Function opensslecdsa_compare() compares the keys

Function opensslecdsa_generate() generates ecdsa key

Function opensslecdsa_isprivate() get ecdsa private key

Function opensslecdsa_todns()

Function opensslecdsa_fromdns()

Function opensslecdsa_tofile()

Function ecdsa_check() check for the public key

Function opensslecdsa_parse() is used to parse private key

OpenSSL C-functions

EVP_MD_CTX_create,EVP_sha256,EVP_sha384,EVP_DigestInit_ex,EVP_MD_CTX_destroy,

EVP_DigestUpdate,EVP_PKEY_get1_EC_KEY,EVP_DigestFinal,ECDSA_do_sign,ECDSA_SIG_free

EC_KEY_free,EVP_PKEY_get1_EC_KEY,EVP_DigestFinal_ex,ECDSA_SIG_new,ECDSA_do_verify,

EVP_PKEY_get1_EC_KEY,EVP_PKEY_cmp,EC_KEY_get0_private_key,EC_KEY_new_by_curve_name,

EC_KEY_generate_key,EVP_PKEY_new,EVP_PKEY_set1_EC_KEY,EVP_PKEY_free,EC_KEY_free,

EC_KEY_check_key,EVP_PKEY_new,EC_KEY_set_public_key,EC_KEY_check_key,EC_KEY_set_private_key

./bind9/lib/isc/sha2.c

Function isc_sha224_init() --Context is initialised to EVP_sha224

Function isc_sha224_invalidate() -- cleans up the context.

Function isc_sha224_update -- calls EVP_DigestUpdate()

Function isc_sha224_final -- checks for the context with digest

Function isc_sha256_init--Context is initialised to EVP_sha224

Function isc_sha256_invalidate -- cleans up the context.

Function isc_sha256_update -- calls EVP_DigestUpdate()

Function isc_sha256_final -- checks for the context with digest

Function isc_sha512_init --Context is initialised to EVP_sha224

Function isc_sha512_invalidate -- cleans up the context.

Function isc_sha512_update -- calls EVP_DigestUpdate()

Function isc_sha512_final-- checks for the context with digest

Function isc_sha384_init --Context is initialised to EVP_sha224

Function isc_sha384_invalidate -- cleans up the context.

Function isc_sha384_update -- calls EVP_DigestUpdate()

Function isc_sha384_final-- checks for the context with digest

Function isc_sha224_end -- Converts the digest to readable format and cleans up

Function isc_sha256_end-- Converts the digest to readable format and cleans up

Function isc_sha512_end-- Converts the digest to readable

format and cleans up

Function isc_sha384_end-- Converts the digest to readable format and cleans up

OpenSSL C-functions

EVP_DigestInit,EVP_MD_CTX_cleanup,EVP_DigestUpdate,

EVP_DigestFinal

./bind9/lib/isc/hmacmd5.c

Function isc_hmacmd5_init --- Initialize the context to HMAC

Function isc_hmacmd5_invalidate -- clean up the context

Function isc_hmacmd5_update -- update the context with buffer.

Function isc_hmacmd5_sign --- To verify the sign

OpenSSL C-functions

HMAC_Init,EVP_md5,HMAC_CTX_cleanup,

HMAC_Update,HMAC_Final

pkcs_C_CreateObject,pkcs_C_SignInit,pkcs_C_SignFinal

pkcs_C_DestroyObject,pkcs_C_SignUpdate,pkcs_C_DigestInit,

pkcs_C_DigestUpdate,pkcs_C_DigestFinal

./bind9/lib/isc/sha1.c

Function isc_sha1_init -- context is initialised to EVP_sha1

Function isc_sha1_invalidate -- clean up the context

Function isc_sha1_update -- calls EVP_DigestUpdate

OpenSSL C-functions

EVP_DigestInit,EVP_MD_CTX_cleanup,EVP_DigestFinal

pkcs_C_DigestInit,pkcs_C_DigestFinal,pkcs_C_DigestFinal

pkcs_C_DigestInit,pkcs_C_DigestFinal,pkcs_C_DigestUpdate

./bind9/lib/isc/md5.c

Function isc_md5_init --context is initialised to EVP_md5

Function isc_md5_invalidate --clean up the context

Function isc_md5_update --calls EVP_DigestUpdate

Function isc_md5_final -- calls EVP_DigestFinal

OpenSSL C-functions

EVP_DigestInit,EVP_MD_CTX_cleanup,EVP_DigestUpdate,EVP_MD_CTX_cleanup

./bind9/lib/isc/hmacsha.c

Function isc_hmacsha1_init -- Context is initialised to EVP_sha1

Function isc_hmacsha1_invalidate --Cleans up the context

Function isc_hmacsha1_update --- calls HMAC_Update

Function isc_hmacsha1_sign --- Check for the digest signature

Function isc_hmacsha224_init-- Context is initialised to EVP_sha224

Function isc_hmacsha224_invalidate--Cleans up the context

Function isc_hmacsha224_update--- calls HMAC_Update

Function isc_hmacsha224_sign--- Check for the digest signature

Function isc_hmacsha256_init-- Context is initialised to EVP_sha256

Function isc_hmacsha256_invalidate--Cleans up the context

Function isc_hmacsha256_update--- calls HMAC_Update

Function isc_hmacsha256_sign--- Check for the digest signature

Function isc_hmacsha384_init-- Context is initialised to EVP_sha384

Function isc_hmacsha384_invalidate--Cleans up the context

Function isc_hmacsha384_update--- calls HMAC_Update

Function isc_hmacsha384_sign--- Check for the digest signature

Function isc_hmacsha512_init-- Context is initialised to EVP_sha512

Function isc_hmacsha512_invalidate--Cleans up the context

Function isc_hmacsha512_update--- calls HMAC_Update

Function isc_hmacsha512_sign -- Check for the digest signature

OpenSSL C-functions

HMAC_Init,HMAC_CTX_cleanup,HMAC_Update,

HMAC_Final,

./bind9/lib/isc/aes.c

Function isc_aes128_crypt -- encrypts the data with EVP_aes_128_ecb

Function isc_aes192_crypt -- encrypts the data with EVP_aes_192_ecb

Function isc_aes256_crypt --encrypts the data with EVP_aes_256_ecb

Function isc_aes_crypt -- encrypts the data in pkcs

OpenSSL C-functions

EVP_CIPHER_CTX_init,EVP_EncryptInit,EVP_CIPHER_CTX_set_padding

EVP_EncryptUpdate,EVP_CIPHER_CTX_cleanup,AES_set_encrypt_key,AES_encrypt

pkcs_C_CreateObject,pkcs_C_EncryptInit,pkcs_C_Encrypt

pkcs_C_DestroyObject

./bind9/configure

OpenSSL C-functions HMAC_Init,HMAC_Update,HMAC_Final

./bind9/config.h.win32

Below are the literal constants

HAVE_EVP_SHA384,HAVE_EVP_SHA256,HAVE_EVP_SHA512,

HAVE_OPENSSL_DSA,HAVE_OPENSSL_ECDSA,HAVE_OPENSSL_GOST

HAVE_PKCS11_ECDSA,HAVE_PKCS11_GOST,PREFER_GOSTASN1,

HAVE_OPENSSL_EVP_AES,HAVE_OPENSSL_AES,HMAC_RETURN_INT,

AES_SIT,HMAC_SHA1_SIT,HMAC_SHA256_SIT,HAVE_READLINE,

HAVE_GEOIP,HAVE_GEOIP_CITY_V6

OpenSSL C-functions

./bind9/bin/pkcs11/pkcs11-keygen.c

Function main()

OpenSSL C-functions

pkcs_C_GetMechanismInfo,pk11_set_lib_name,pk11_get_session,

pkcs_C_GenerateKey,pkcs_C_GetAttributeValue,pkcs_C_GenerateKeyPair,

pkcs_C_DestroyObject,pkcs_C_FindObjectsFinal,pk11_return_session

./bind9/bin/pkcs11/openssl-1.0.1j-patch

OpenSSL C-functions

pk11_active_delete,pk11_destroy_object,pk11_destroy_rsa_key_objects

pk11_destroy_dsa_key_objects,pk11_destroy_dh_key_objects,pk11_free_session_list

pk11_library_init,OPENSSL_assert,OPENSSL_free,pk11_destroy_rsa_object_priv

pk11_cipher_final,pk11_digest_final,pk11_find_digests,pk11_get_digest,

pk11_active_remove,pk11_active_delete,pk11_DH_generate_key,

pk11_free_active_list,pk11_token_login,RSA_get_ex_new_index,

RSA_set_ex_data,PEM_read_PrivateKey,EVP_PKEY_get1_RSA,EVP_PKEY_free,

RSA_free,EVP_PKEY_new,EVP_PKEY_assign_RSA,RSA_free

OpenSSL C-functions

pk11_have_dsa,pk11_destroy_dsa_object_pub,pk11_destroy_dsa_object_priv,

pk11_destroy_dh_object,pk11_digest_final,pk11_destroy_cipher_key_objects,

pk11_RSA_verify,pk11_RSA_private_encrypt,pk11_RSA_private_decrypt,

pk11_RSA_init,pk11_RSA_finish,pk11_RSA_sign,pk11_RSA_verify,

pk11_load_privkey,pk11_RSA_public_encrypt_low,pk11_RSA_private_encrypt_low,

pk11_RSA_public_decrypt_low,pk11_RSA_private_decrypt_low,check_new_rsa_key_pub,

check_new_rsa_key_priv,pk11_DSA_init,pk11_DSA_finish,pk11_dsa_do_sign,

pk11_dsa_do_verify,check_new_dsa_key_pub,check_new_dsa_key_priv,

pk11_DH_init,pk11_DH_finish,pk11_DH_generate_key,pk11_DH_compute_key,pk11_active_add,

pk11_active_find,pk11_RSA_private_encrypt_low,pk11_destroy_rsa_object_priv,

EVP_PKEY_get1_RSA,EVP_PKEY_assign_RSA,PEM_read_PrivateKey,EVP_PKEY_new,

EVP_PKEY_assign_RSA,DSA_SIG_new,pk11_destroy_dh_object,EVP_PKEY_assign_RSA,EVP_PKEY_get1_RSA

OpenSSL C-functions

pk11_destroy_object,pk11_get_symmetric_cipher,pk11_find_digests,

pk11_get_digest,pk11_active_add,pk11_active_find,RSA_padding_add_PKCS1_type_1,

RSA_padding_add_none,pk11_RSA_private_encrypt_low,RSA_padding_check_PKCS1_type_1,

RSA_padding_check_none,RSA_free,EVP_PKEY_free,pk11_DSA_init,pk11_DSA_finish,

pk11_dsa_do_sign,DSA_SIG_new,pk11_finish,pk11_destroy,pk11_ctrl,

PEM_read_PrivateKey

./bind9/bin/tests/system/rsabigexponent/bigkey.c

Function

main()

OpenSSL C-functions

RSA_new,EVP_PKEY_new,EVP_PKEY_set1_RSA

RSA_generate_key_ex

OpenSSL C-functions

./unbound/testcode/streamtcp.c

write_q()-- write a query over the TCP fd

recv_one()-- receive DNS datagram over TCP and print it

send_em()-- send the TCP queries

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

SSL_write(),SSL_read(),connect_sslctx_create()

SSL_do_handshake(),SSL_get_error(),SSL_get_peer_certificate()

SSL_shutdown,SSL_freeSSL_CTX_free

./unbound/testcode/petal.c

read_ssl_line---Read one line from SSL

setup_ctx --- setup SSL context

setup_ssl --- setup SSL connection to the client

provide_file_10---provide file in transfer

provide_file_chunked---

do_service --- provide ssl service

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

SSL_read,SSL_get_error,SSL_CTX_new,SSL_CTX_set_options

SSL_CTX_use_PrivateKey_file,SSL_CTX_use_certificate_file

SSL_CTX_check_private_key,SSL_CTX_load_verify_locations

SSL_new,SSL_set_accept_state,SSL_set_mode,SSL_set_fd

SSL_free,SSL_write,setup_ssl,service_ssl,SSL_shutdown,

SSL_CTX_free

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

EVP_PKEY_asn1_find_str,EVP_PKEY_asn1_get0_info,EVP_PKEY_asn1_get0_info

EVP_MD_CTX_create,EVP_DigestInit_ex,EVP_DigestUpdate,

EVP_DigestFinal_ex

./unbound/configure load_gost_id()

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

EVP_PKEY_asn1_find_str,EVP_PKEY_asn1_get0_info,EVP_get_digestbyname

EVP_DigestInit_ex,EVP_DigestUpdate,EVP_DigestFinal_ex

./unbound/smallapp/unbound-anchor.c

read_cert_bio()---read certificates from a PEM

read_cert_file---read the certificate file

read_builtin_cert --- read certificates from the builtin certificate

read_cert_or_builtin --- read update cert file or use builtin

setup_sslctx --- create SSL context

TLS_initiate ---initiate TLS on a connection

TLS_shutdown ---perform neat TLS shutdown

write_ssl_line--- write a line over SSL

read_ssl_line --- Read one line from SSL

read_data_chunk--- Read chunk data

do_chunked_read ---read chunked data from connection

write_http_get-- transaction on SSL

read_chunked_zero_terminate ---read chunked data and zero terminate

read_http_result --- read HTTP result from SSL

https_to_ip---https to an IP addr

free_file_bio ---free up a downloaded file BIO

xml_charhandle ---XML handle character data

handle_keydigest ---XML handle the KeyDigest start

xml_is_zone_name --See if XML element equals the zone name

xml_append_bio ---Append bio to bio

xml_append_ds --- write the parsed xml-DS

xml_parse_setup --- XML parser setup of the callbacks

xml_parse ---Perform XML parsing of the root-anchors file

get_usage_of_ex ---get key usage out of its extension

get_valid_signers ---get valid signers from the list of signers

verify_p7sig --- verify a PKCS7 signature

write_root_anchor --- write root anchor file

verify_and_update_anchor --- Perform the verification and update of the trustanchor

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

PEM_read_bio_X509,PEM_read_X509,BIO_new_mem_buf,BIO_free

SSL_CTX_new,SSL_new,SSL_set_connect_state,SSL_free,BIO_get_mem_data

write_ssl_line,BIO_reset,BIO_write,SSL_write,X509_get_ext_d2i,

PKCS7_get0_signers,X509_get_subject_name,X509_NAME_get_text_by_NID,

BIO_SEEK

X509_STORE_set1_param,d2i_PKCS7_bio,PKCS7_verify

X509V3_EXT_print_fp,

SSL_set_mode,SSL_set_fd,SSL_do_handshake,SSL_get_error,BIO_reset

SSL_read,SSL_get_error,BIO_new_mem_buf,TLS_initiate,SSL_CTX_free,

xml_append_bio,xml_append_str

BIO_get_mem_data,SSL_shutdown,SSL_CTX_free,

BIO_seek,BIO_get_mem_data,SSL_get_peer_certificate,X509_free

./unbound/smallapp/unbound-control.c

setup_ctx(),

setup_ssl--- setup SSL on the connection

send_file --- send stdin to server

go_cmd --- send command and display result

go ---read config

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

SSL_CTX_new,SSL_CTX_set_options,SSL_CTX_use_PrivateKey_file

SSL_CTX_check_private_key,SSL_CTX_load_verify_locations,

SSL_set_connect_state,SSL_set_mode,SSL_set_fd,SSL_do_handshake,

setup_ssl,SSL_free,SSL_library_initSSL_get_error,

SSL_get_verify_result,SSL_get_peer_certificate,SSL_write,

X509_free,SSL_CTX_set_verify

./unbound/libunbound/libworker.c

libworker_delete_env --- delete libworker env

libworker_setup --- setup fresh libworker struct

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

./unbound/ldns/keyraw.c

sldns_key_EVP_load_gost_id() --- store GOST engine reference loaded into OpenSSL library

sldns_ecdsa2pkey_raw() --- ECDSA Key

sldns_digest_evp ---

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

EVP_PKEY_asn1_find_str,EVP_PKEY_asn1_get0_info,EC_KEY_new_by_curve_name

o2i_ECPublicKey,EC_KEY_free,EVP_PKEY_new,EVP_PKEY_assign_EC_KEY,

EVP_PKEY_free,EVP_MD_CTX_create,EVP_DigestInit_ex,EVP_DigestUpdate

EVP_DigestFinal_ex,EVP_MD_CTX_destroy

./unbound/daemon/daemon.c

daemon_delete() --- Freeing the daemon process resource

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

SSL_CTX_free,EVP_cleanup

./unbound/daemon/remote.c

daemon_remote_create -- Create a remote daemon

daemon_remote_delete -- Delete a remote daemon

remote_accept_callback -- Remote call back

clean_point --- decrease active count

ssl_print_text --- print ssl text

ssl_printf --- printf style printing to the ssl connection

ssl_read_line -- read line from ssl connection

do_verbosity -- Do the verbosity of command

print_stats -- statistics info

print_longnum -- prints the long num

print_uptime -- print uptime stats

print_ext -- print extended stats

parse_arg_name --parse commandline argument domain name

find_arg2 -- find second argument

do_flush_zone -- remove all rrsets and keys from zone

do_flush_bogus --remove all bogus rrsets

do_flush_negative -- remove all negative(NODATA,NXDOMAIN)

ssl_print_name_dp -- printout a delegation point info

print_root_fwds -- print root forwards

parse_delegpt -- parse args into delegpt

do_forward -- do the status command

parse_fs_args -- pass the arguments

do_dump_requestlist --do the dump_requestlist

dump_infra_host --- callback for every host element

remote_get_opt_ssl -- routine to printout option values over SSL

do_get_option --- do the get_option command

do_list_forwards -- do the list_forwards command

do_list_local_zones -- do the list_local_zones

handle_req -- handle remote control request

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

SSL_CTX_new,SSL_CTX_set_options,SSL_CTX_use_certificate_file

SSL_CTX_use_PrivateKey_file,SSL_CTX_check_private_key,

SSL_CTX_load_verify_locations,SSL_CTX_set_client_CA_list,

SSL_CTX_set_verify,SSL_CTX_free,SSL_new,SSL_set_accept_state,

ssl_printf,SSL_read,ssl_read_line,SSL_get_error

SSL_set_mode,SSL_set_fd,SSL_free,SSL_shutdown,SSL_write,

SSL_get_error,ssl_print_vmsg,SSL_read,ssl_printf,

SSL_get_verify_result,SSL_get_peer_certificate,X509_free

./unbound/validator/val_secalgo.c

ds_digest_size_supported -- Return size of DS digest according to its hash algorithm

do_gost94 -- Perform GOST hash

secalgo_ds_digest

setup_dsa_sig -- Setup DSA key digest in DER encoding

setup_ecdsa_sig -- Setup the ECDSA signature

setup_key_digest -- Setup key and digest for verification

verify_canonrrset -- Check a canonical sig+rrset

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

SHA_DIGEST_LENGTH,SHA256_DIGEST_LENGTH,EVP_get_digestbyname,

sldns_digest_evp,SHA1,SHA256,do_gost94,SHA384

SHA384_DIGEST_LENGTH,DSA_SIG_new,i2d_DSA_SIG,EVP_PKEY_new

DSA_SIG_free,ECDSA_SIG_new,i2d_ECDSA_SIG,

ECDSA_SIG_free,EVP_PKEY_assign_RSA,EVP_sha256,EVP_sha512,

EVP_sha1,EVP_sha256,EVP_sha384,EVP_PKEY_free,EVP_MD_CTX_init,

EVP_VerifyInit, EVP_PKEY_free,EVP_VerifyUpdate,EVP_VerifyFinal,

EVP_MD_CTX_cleanup,PK11_Verify,

./unbound/util/alloc.c unbound_lite_i2d_DSA_SIG

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

i2d_DSA_SIG

/unbound/util/net_help.c

listen_sslctx_create ---creates sslctx

connect_sslctx_create-- connect ssl

outgoing_ssl_fd--- outgoing ssl descriptor

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

SSL_CTX_new,SSL_CTX_set_options,SSL_CTX_use_certificate_file,

SSL_CTX_free,SSL_CTX_use_PrivateKey_file,SSL_CTX_check_private_key,

SSL_CTX_load_verify_locations,SSL_CTX_free,SSL_CTX_set_client_CA_list,

SSL_CTX_set_verify,SSL_CTX_use_certificate_file,SSL_CTX_load_verify_locations

SSL_set_accept_state,SSL_set_mode,SSL_set_fd

OpenSSL C-functions (names begin with CRYPTO_, TLSv1_, SSLv23_, SSL_CTX_, X509_, PEM_, EVP_, HMAC_, DH_, DSA_, RSA_)

./common/server/src/lib/security/security_functions.c

Function generateDESKey makes 3DES key out of the password using SHA1 digest algorithm

Function ibDecrypt, ibEncrypt do decryption/encryption using EVP_des_ede3_ofb or EVP_bf_ofb if key is null

Function isecurity_base64_encode[_raw] performs the base64 encoding of the input byte stream

Function isecurity_base64_decode[_raw] performs the base64 decoding of the input byte stream

Function ib_bin_SHAHash calculates a hash using SHA1 digest algorithm

Function ib_bin_sha256hmac signs data with HMAC-SHA256

Function ib_bin_md5Hash calculates a hash using MD5 digest algorithm

Function ib_md5Hash calls ib_bin_md5Hash and formats hash into hex string

Function ib_generate_authn_challenge generates auth challenge, calls ib_get_random_buffer, isecurity_base64_encode

Function ib_generate_authn_response generates auth response, calls ib_md5Hash

Function ib_generate_authn_response_2 generates auth response, calls ib_bin_sha256hmac

Function ib_cra_authentication does CRA authentication, calls ib_generate_authn_response

Function ib_get_random_buffer fills a buffer by /dev/urandom

Function ib_ssha_pwd implements the salted SHA1 for password hashing, calls ib_get_random_buffer, ib_bin_SHAHash, isecurity_base64_encode

Function ib_nthash_pwd calculates a password NT hash using MD4 digest algorithm

Function ib_validate_ssha_pwd performs the comparision for a unhashed password against a hashed password, calls ib_is_hashed_pwd, isecurity_base64_decode, ib_ssha_pwd

Function ib_is_hashed_pwd checks to see a password is in hashed format

Function ib_is_nthashed_pwd checks to see a password is in NT hashed format

Function check_ccmode writes to logs that an item is unsupported in Common Criteria mode if CC mode is enabled, it is called in function ib_encrypt_with_fixed_key, ib_decrypt_with_fixed_key in case of 3DES cipher

Function decrypt_with_fixed_key performs the decrytion of secrets using a hardcoded key and hardcoded IV

Function encrypt_with_fixed_key performs the encryption of secrets using a hardcoded key and hardcoded IV

Function ib_is_fixed_key_encrypted_data check to see a string is in encrypted data format

Function ib_encrypt_with_fixed_key implements the fixed key encryption using EVP_aes_128_cbc or EVP_des_ede3_cbc ciphers, calls check_ccmode, encrypt_with_fixed_key, isecurity_base64_encode

Function ib_decrypt_with_fixed_key implements the fixed key decryption using EVP_aes_128_cbc or EVP_des_ede3_cbc ciphers, calls check_ccmode, isecurity_base64_decode, decrypt_with_fixed_key

They are used in the following modules:

./products/dns/server/src/lib/msdnsonedbsync/common.c

./products/dns/server/src/lib/dns_rtxml_functions/dns_keytab.c

./products/dns/server/src/pyutil/fixed_key_encrypt.c

./products/dns/server/src/bin/make_dtc_conf/make_healthd_conf.c

./products/dns/server/src/bin/make_dhcpd_conf/mdc_common_global_handler.c

./products/dns/server/src/bin/make_bind_conf/mbc_zone_handler.c

./products/dns/server/src/bin/make_bind_conf/mbc_global_handler.c

./products/dns/server/src/bin/util/response_log_normalizer.c

./products/dns/server/src/bin

/util/set_dns_logging_anon_key.c

./products/one/server/src/lib/one_authenticate/one_authenticate.c

./products/one/server/src/lib/onedb_util/db_dump.c

./products/one/server/src/lib/pki/ipki_store.c

./products/one/server/src/lib/pki/ipki_api.c

./products/one/server/src/lib/pki/ipki_gen.c

./products/one/server/src/lib/one_rtxml_functions/radius.c

./products/one/server/src/pyabs/auto_provision.py

./products/one/server/src/pydb/onedbmodule.c

./products/one/server/src/pyutil/ibutil.c

./products/one/server/src/bin/clusterd/db_ops.c

./products/one/server/src/bin/clusterd/sendmsg_handshake.c

./products/one/server/src/bin/clusterd/handshake.c

./products/one/server/src/bin/serial_console/main.c

./products/one/server/src/bin/show_safenet_keylabel/show_safenet_keylabel.c

./products/one/server/src/bin/util/autoprov_admin_passwd_change.c

./products/one/server/src/bin/util/auto_prov_ssl_server.c

./dhcp3/server/infoblox_gss_tsig.c

./common/server/src/lib/rtxml-query/rtxml.c

./common/server/src/lib/kerberos/keytab.c

./common/server/src/lib/onedb/trashcan.c

./common/server/src/lib/onedb/onedb_validation_cache.c

./common/server/src/lib/onedb/sqlengine.c

./common/server/src/lib/onedb/obscured_bin.c

./common/server/src/lib/db/object.c

./common/server/src/lib/security/security_functions.c

./common/server/src/lib/security/license.c

./common/server/src/lib/security/supacc.c

./common/server/src/lib/mdxml/mdxml_struct_callback.c

./common/server/src/pyutil/ibutil.c

./common/server/src/pyutil/util.py

OpenSSL C-functions:

Symmeric cryptography functions:

EVP_BytesToKey, EVP_des_ede3_cbc, EVP_sha1 used in function generateDESKey

EVP_aes_128_cbc, EVP_des_ede3_cbc used in functions ib_encrypt_with_fixed_key, ib_decrypt_with_fixed_key

EVP_CIPHER_CTX_init, EVP_CIPHER_CTX_cleanup, EVP_DecryptInit[_ex], EVP_DecryptUpdate, EVP_DecryptFinal[_ex]

used in functions ibDecrypt, decrypt_with_fixed_key

EVP_CIPHER_CTX_init, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit[_ex], EVP_EncryptUpdate, EVP_EncryptFinal[_ex]

used in functions ibEncrypt, encrypt_with_fixed_key

EVP_EncodeBlock used in functions isecurity_base64_encode, isecurity_base64_encode_raw

EVP_DecodeBlock used in functions isecurity_base64_decode, isecurity_base64_decode_raw

Hmac and hash functions:

SHA1_Init, SHA1_Update, SHA1_Final used in function ib_bin_SHAHash

HMAC, EVP_sha256 used in function ib_bin_sha256hmac

MD5_Init, MD5_Update, MD5_Final used in function ib_bin_md5Hash

MD4_Init, MD4_Update, MD4_Final used in function ib_nthash_pwd

./common/server/src/lib/mdxml/mdxml_struct_callback.c

function get_new_hash - helper function which does a lazy calculation of a SHA512 fingerprint of a given certificate,

it is finally used in function mdxml_convert_keys_for_certificates - final processing for certificates: one.ca_cert, one.app_certificate and one.x509_certificate will use a SHA512 fingerprint as a key instead of MD5 on issuer+serial.

OpenSSL C-functions EVP_sha512, X509_digest, X509_free

./products/dns/server/src/bin/ciscoise_syncd/ciscoise_sync.c

Functions _bulkdownload_ssl_ctx_cb, _user_ssl_ctx_cb load and verify a certificate

./products/dns/server/src/bin/ciscoise_syncd/ciscoise_onedb.c

Function _fill_srv_properties fills-in a cisco_onedb_server_properties_t structure from a CISCO ISE server, it uses EVP_DecodeBlock to decrypt a private key

./products/bind/server/src/lib/healthd_private/openssl_common.c

Function openssl_install_locks installs openssl thread locks

Function openssl_uninstall_locks uninstalls openssl thread locks

Function x509_cache_certificate reads the certificate from a file to X509 structure and stores the certificate in the cache

Function x509_cache_private_key reads the private key from a file to X509 structure and stores the private key in the cache

Function openssl_setup_context loads into ctx a certificate, private key, cipher list and sets message callback functions

Function openssl_set_verify_context verifies a certificate and optionally hostname

Function x509_free_cache frees certificatea and private keys cache

These functions are used in the following modules:

./products/bind/server/src/lib/healthd_private/healthd_conf.c

./products/bind/server/src/bin/idns_healthd/healthd.c

./products/bind/server/src/bin/idns_healthd/sip_monitor.c

./products/bind/server/src/bin/idns_healthd/http_monitor.c

./products/bind/server/src/bin/idns_healthd/healthd.c

Function init_openssl initializes SSL library, calls function openssl_install_locks, it is used by sip, http monitors

OpenSSL C-functions: SSL_load_error_strings, SSL_library_init, OpenSSL_add_all_algorithms

./products/bind/server/src/bin/idns_healthd/sip_monitor.c

./products/bind/server/src/bin/idns_healthd/http_monitor.c

Functions sip_task_data_init, http_task_data_init initialize OpenSSL context, calls functions

openssl_set_verify_context, openssl_setup_context

Functions sip_task_data_free, http_task_data_free frees OpenSSL context, calls function simple_connection_shutdown

They are used in module ./products/bind/server/src/bin/idns_healthd/monitor_common.c, functions custom_task_data_init, custom_task_data_free

OpenSSL C-functions: SSL_CTX_new, SSL_CTX_free

./products/bind/server/src/bin/idns_healthd/simple_connection.c

Function bufferevent_event_callback makes post-connection certificate verification, it closes the connection in case of error

Functions functions simple_connection_init, simple_connection_start, simple_connection_close, simple_connection_check_closed, simple_connection_free, simple_connection_shutdown

are used in modules

./products/bind/server/src/bin/idns_healthd/sip_udp_monitor.c

./products/bind/server/src/bin/idns_healthd/sip_monitor.c

./products/bind/server/src/bin/idns_healthd/sip_tcp_monitor.c

./products/bind/server/src/bin/idns_healthd/http_monitor.c

OpenSSL C-functions:

SSL_get_verify_mode, SSL_get_verify_result, X509_verify_cert_error_string used in function bufferevent_event_callback,

SSL_free used in function cleanup_connection,

SSL_new, SSL_set_tlsext_host_name, SSL_set_shutdown, bufferevent_openssl_socket_new, bufferevent_openssl_get_ssl used in functions simple_connection_start, simple_connection_close

./products/one/server/src/lib/one_ocsp/ocsp.c

Function ocsp_connect_sock connects to a socket and returns a socket BIO, it is called in ocsp_connect

Function ocsp_verify_via_ocsp establishes a connection to the OCSP responder, sends the request, gets a response, verifies the response

Function ib_ocsp_validate_against_responder validates a certificate against a responder, it calls ocsp_verify_via_ocsp

Function ib_ocsp_add_ca_cert_to_store adds a CA certificate to a store

Function ib_ocsp_init_context initializes X509 store

Function ib_ocsp_release_context releases X509 store

Function ib_x509_verify_certificate_against_ca_cert_store decodes X509 structure and calls verify_cert_agains_ca_store

Function verify_cert_agains_ca_store verifies a certificate against a CA store

Function ib_x509_validate_cert_against_ca_store validates a certificate against a CA store, it calls ocsp_load_ca_store, ib_x509_verify_certificate_against_ca_cert_store

They are used in the following modules:

./products/one/server/src/lib/one_ocsp/ocsp.c

./products/one/server/src/pyutil/ibocsp.c

./products/one/server/src/module/mod_cert.c

OpenSSL C-functions:

Socket functions:

BIO_socket_nbio, BIO_sock_should_retry, BIO_new_socket, BIO_get_fd, BIO_should_read, BIO_should_write, BIO_free_all

OCSP functions:

OCSP_REQUEST_new, OCSP_cert_to_id, OCSP_request_add0_id, OCSP_request_add1_nonce, OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_response_get1_basic, OCSP_check_nonce, OCSP_basic_verify, OCSP_resp_find_status, OCSP_check_validity, OCSP_REQ_CTX_free, OCSP_REQUEST_free, OCSP_RESPONSE_free, OCSP_BASICRESP_free

X509 certificate functions:

sk_X509_new_null, sk_X509_push, sk_X509_free, d2i_X509_AUX, X509_verify_cert, X509_free, X509_verify_cert_error_string, X509_STORE_add_cert, X509_STORE_new, X509_STORE_free, X509_STORE_set_flags, X509_STORE_CTX_new, X509_STORE_CTX_init, X509_STORE_CTX_get_error, X509_STORE_CTX_free

./products/one/server/src/lib/one_rtxml_functions/radius.c

These functions use MD5 hash function:

radius_generate_acct_request_authenticator - generates Accounting Request Authenticator,

radius_verify_response_authenticator - verifies the Received response authenticator,

radius_encrypt_user_password - encrypts User-Password,

radius_encode_chap_password - encodes CHAP-Password

These functions use HMAC function:

radius_generate_message_authenticator - generates a message authenticator,

radius_verify_message_authenticator - verifies a message authenticator

they are used in module: ./products/one/server/src/lib/one_rtxml_functions/radius.c, functions radius_verify_response_packet, radius_access_request, radius_redo_access_request, radius_accounting_start, admin_radius_accounting_test

OpenSSL hash and hmac C-functions:

MD5_Init, MD5_Update, MD5_Final

used in functions radius_generate_acct_request_authenticator, radius_verify_response_authenticator, radius_encrypt_user_password, radius_encode_chap_password

EVP_md5, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup, HMAC_cleanup

used in functions radius_generate_message_authenticator, radius_verify_message_authenticator

one/lib

./products/one/server/src/lib/one_ciscoise/one_ciscoise_functions.c

Functions _verify_cert_callback, _user_ssl_ctx_cb

Function _verify_cert_callback verifies a certificate using X509 functions

Function _user_ssl_ctx_cb verifies a certificate using SSL_CTX functions and _verify_cert_callback as callback function,

it is used as an argument in call of openPxGridConnection inside function one_test_cisco_ise_request which tests ise connection

OpenSSL C-functions:

X509 certificate functions:

X509_STORE_CTX_get_error, X509_STORE_CTX_get_current_cert, X509_verify_cert_error_string, X509_STORE_CTX_get_error_depth, X509_NAME_oneline, X509_get_issuer_name, X509_get_subject_name, X509_get_serialNumber

used in function _verify_cert_callback

SSL connection functions:

SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey_file, SSL_CTX_load_verify_locations, SSL_CTX_set_verify

used in function _user_ssl_ctx_cb

./products/one/server/src/module/mod_cert.c

Functions fetch_cas_by_client_cert, get_cert_san_msupn use OpenSSL functions to prepare client certificate in DER

Function fetch_cas_by_client_cert is used in cert_handler function

Function get_cert_san_msupnis used in fetch_user_by_cas_options function

OpenSSL C-functions:

BIO_new_mem_buf, BIO_free, PEM_read_bio_X509, i2d_X509, X509_get_issuer_name, X509_free, OPENSSL_free

used in functions fetch_cas_by_client_cert, get_cert_san_msupn

one/bin

./products/one/server/src/bin/clusterd/util.c

Functions cd_derive_serial, msg_sign256:

Function cd_derive_serial derives a serial number from a string (which should be the response to a handshake challenge) using SHA1 digest algorithm,

it is used in modules:

./products/one/server/src/bin/clusterd/sendmsg_handshake.c,

function cd_sendmsg_handshake_resp_req

./products/one/server/src/bin/clusterd/handshake.c,

functions cd_master_handshake_chal, cd_potential_master_handshake_chal, cd_master_handshake_resp_chal, cd_master_handshake_resp_req, cd_potential_master_handshake_resp_req, cd_replica_handshake_resp_chal

Function msg_sign256 signs a message with HMAC-SHA256,

it is used in functions cd_sign_msg, cd_verify_msg to sign and verify a message, these functions are used in modules:

cd_sign_msg in ./products/one/server/src/bin/clusterd/sendmsg_handshake.c,

functions cd_sendmsg_handshake_approval, cd_sendmsg_handshake_request_tunnel, cd_sendmsg_handshake_tunnel_approved,

cd_sendmsg_handshake_new_master, cd_sendmsg_handshake_restart

cd_verify_msg in ./products/one/server/src/bin/clusterd/handshake.c,

functions cd_master_handshake_approval_verify, cd_master_handshake_tunnel_request_verify, cd_master_handshake_new_master_verify, cd_potential_master_handshake_new_master, cd_replica_handshake_approval, cd_replica_handshake_tunnel_approved, cd_replica_handshake_restart

OpenSSL C-functions:

EVP_MD_CTX_init, EVP_sha1, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, EVP_MD_CTX_cleanup used in function cd_derive_serial

HMAC_CTX_init, EVP_sha256, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup used in function msg_sign256

./products/one/server/src/bin/make_syslog_conf/main.c

Function msc_write_syslog_ng_conf writes to syslog_ng configuration file based on the information fetched from database, it is used in function main,

it uses d2i_X509 to decode a certificate in DER format, X509_subject_name_hash to get hash of the X509 subject

./products/one/server/src/bin/monitor/CHTTPMonitor.c

Function New_CHTTPMonitor initializes a new monitor,

it is used in module ./products/one/server/src/bin/monitor/main.c, function setup_monitor,

it uses SSL_library_init, SSL_load_error_strings, BIO_new_fp to initialize OpenSSL

Function PerformHTTPsTransaction checks to see if the https is really running, it is used in function Monitor_CHTTPMonitor,

it uses SSL/TLS connection functions to send HTTP request and read the server's response

OpenSSL C-functions:

SSL_library_init, SSL_load_error_strings, BIO_new_fp used in function New_CHTTPMonitor

SSLv23_method, SSL_CTX_new, SSL_new, SSL_set_fd, SSL_set_connect_state, SSL_connect, SSL_write, SSL_get_error, SSL_read, SSL_shutdown, SSL_free, SSL_CTX_free

used in function PerformHTTPsTransaction

one/bin

./products/one/server/src/bin/serial_console/set.c

Function check_ssl_connection checks SSL connection using SSL/TLS connection functions with TLSv1 client method

Function download_gm_certificate downloads the GM certificate using SSL/TLS connection functions

Function printf_certificate prints certificate data to stdout

They are used in modules:

./products/one/server/src/bin/serial_console/set.c, function set_token

./products/one/server/src/bin/serial_console/show.c, function show_token (only printf_certificate)

OpenSSL C-functions:

BIO_new_socket, BIO_free, BIO_new, BIO_s_mem, BIO_read, BIO_puts, BIO_new_fp, BIO_printf

TLSv1_client_method, SSL_library_init, SSL_CTX_new, SSL_new, SSL_set_bio, SSL_connect, SSL_CTX_free, SSL_get_peer_certificate

PEM_read_bio_X509, PEM_write_bio_X509

X509_get_version, X509_get_serialNumber, X509_signature_print, X509_NAME_print, X509_get_issuer_name, X509_get_notBefore, X509_get_notAfter, X509_NAME_print, X509_get_subject_name, X509_get_pubkey, X509_free

EVP_PKEY_print_public, EVP_PKEY_free

one/bin

./products/one/server/src/bin/process_manager/pm_check.c

Function query_check checks query using MD5 hash function and callback function objhash_cb

one/bin

./products/one/server/src/bin/ib_prngd/main.c

Function hmac_sha1 does the HMAC(key, v, output) calculation with SHA-1 in one go,

it is used in functions hmac_drbg_generate, hmac_drbg_update

./products/one/server/src/bin/show_safenet_keylabel/show_safenet_keylabel.c

Function luna_getprop reads property value from config file, it is used in function show_label_libname

./products/one/server/src/bin/infoblox_crypt/infoblox_crypt.c

Functions encrypt, decrypt do cryptographic encryption and decryption using EVP_bf_ofb Blowfish or EVP_aes_256_cbc AES cipher in CC mode

Functions sign, verify do a digital signature and verify it using MD5 or SHA256 in CC mode

They are used in function main

OpenSSL C-functions:

EVP_CIPHER_CTX_init, EVP_DecryptInit, EVP_DecryptUpdate, EVP_DecryptFinal, EVP_aes_256_cbc, EVP_bf_ofb, EVP_CIPHER_CTX_cleanup used in function decrypt

EVP_CIPHER_CTX_init, EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal, EVP_aes_256_cbc, EVP_bf_ofb, EVP_CIPHER_CTX_cleanup used in function encrypt

EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal, EVP_sha256, EVP_md5, EVP_PKEY_free, PEM_read_X509, X509_get_pubkey used in function verify

EVP_MD_CTX_init, EVP_SignInit, EVP_SignUpdate, EVP_SignFinal, EVP_sha256, EVP_md5, EVP_MD_CTX_cleanup, EVP_PKEY_free, PEM_read_PrivateKey used in function sign

./products/one/server/src/bin/util/auto_prov_ssl_client.c

./products/one/server/src/bin/util/auto_prov_ssl_server.c

Function select_read reads bytes from a TLS/SSL connection, it is used in functions handshake, main, Servlet

Function handshake does server/client protocol negotiation, it calls function select_read and writes bytes to a TLS/SSL connection, it is used in function main, Servlet

Function LoadCertificates loads the first certificate stored in file into ctx, then checks the consistency of a private key with the corresponding certificate loaded into ctx, it is used in InitCTX, InitServerCTX

Functions InitCTX, InitServerCTX initialize SSL context

Function Servlet makes SSL connection with client, it is used in function main

OpenSSL C-functions:

SSL_get_fd, SSL_read used in function select_read

SSL_write used in function handshake

SSL_accept, SSL_write, SSL_get_fd, SSL_free used in function Servlet

SSL_CTX_use_certificate_file, SSL_CTX_use_PrivateKey_file, SSL_CTX_check_private_key used in function LoadCertificates

OpenSSL_add_all_algorithms, SSL_load_error_strings, TLSv1_client_method, TLSv1_server_method, SSL_CTX_new, SSL_CTX_set_verify, SSL_CTX_set_cipher_list, SSL_CTX_load_verify_locations

used in functions InitCTX, InitServerCTX

SSL_library_init, SSL_new, SSL_set_fd, SSL_connect, SSL_write, SSL_free, SSL_CTX_free used in function main

./products/one/server/src/bin/util/check_and_reset_time.c

Function check_cert checks that a certificate has not expired, it is used in function main

Function asn1_time_str converts time to human readable format, it is used in function check_cert

OpenSSL C-functions:

PEM_read_X509, X509_get_notBefore, X509_cmp_current_time, X509_get_notAfter, X509_cmp_current_time, X509_cmp_time, X509_free

used in function check_cert

BIO_new, BIO_s_mem, BIO_get_mem_data, BIO_free used in function asn1_time_str

one/bin

./products/one/server/src/bin/util/genhotfix.c

Function priv_key_check checks private key size, it should be 1024 bit or 2048 bit in CC mode, it is used in function main

one/bin

./products/one/server/src/bin/admin_radius_acct/admin_radius_acct.c

These functions use MD5 hash function:

radius_generate_acct_request_authenticator - generates Accounting Request Authenticator,

radius_generate_acct_response_authenticator - generates Accounting response authenticator,

radius_verify_acct_request_authenticator - verifies the Received Acct request authenticator,

radius_verify_response_authenticator - verifies the Received response authenticator

This function use HMAC function:

radius_verify_message_authenticator - recalculates the Message-Authenticator and compares with the received Message-Authenticator

they are used in module:

./products/one/server/src/bin/admin_radius_acct/admin_radius_acct.c, functions radius_verify_request_packet, radius_verify_response_packet, radius_redo_accounting_request, radius_acct_response_packet

OpenSSL C-functions:

MD5_Init, MD5_Update, MD5_Final

used in functions radius_generate_acct_request_authenticator, radius_generate_acct_response_authenticator, radius_verify_acct_request_authenticator, radius_verify_response_authenticator

HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup, EVP_md5 used in function radius_verify_message_authenticator

./products/atp/server/src/bin/util/gen_atp_rule_update.c

Function priv_key_checks to ensure that valid 2048 bit key is provided, it is used in the utility to generate signed archive with ATP rules.

./products/ifmap/server/src/lib/gsoap/stdsoap2.c

Function fsend sends data to a socket

Function frecv reads data from a socket

Function soap_ssl_server_context sets the context sid within which a session can be reused for the ctx object

Function soap_ssl_init initializes SSL library

Function soap_ssl_error gets a human-readable string representing the SSL error code

Function ssl_auth_init initializes SSL context including generating ephemeral RSA key

Functions ssl_verify_callback, ssl_verify_callback_allow_expired_certificate - callback functions to verify a certificate

Function soap_ssl_accept accepts SSL connection and verifies a X509 certificate presented by the peer

Function soap_done releases SSL connection and context

Function tcp_connect sets SSL session, connection, checks server credentials when required

Function tcp_disconnect shuts down a SSL connection, releases SSL context

Function soap_poll polls SSL connection socket, it uses SSL_peek which does not remove bytes from the underlying BIO during the read

They are used in modules:

./products/ifmap/server/src/lib/gsoap/stdsoap2.c

./products/ifmap/server/src/lib/gsoap/dom.c

./products/ifmap/server/src/lib/ifmap/client/ifmap20_operations.c

./products/ifmap/server/src/lib/ifmap/client/ifmap_operations.c

./products/ifmap/server/src/lib/ifmap/metadata.c

OpenSSL C-functions:

BIO_write, SSL_write, BIO_read, SSL_read used in functions fsend, frecv

SSL_get_error used in functions fsend, frecv, soap_ssl_error

SSL_CTX_set_session_id_context used in functions soap_ssl_server_context

SSL_library_init, SSL_load_error_strings, RAND_load_file, RAND_seed, RAND_status used in function soap_ssl_init

SSL_new, SSL_clear, SSL_accept, BIO_new_socket, SSL_set_bio, SSL_get_error, SSL_get_verify_result, X509_verify_cert_error_string, SSL_get_peer_certificate, X509_free used in function soap_ssl_accept

SSL_SESSION_free, SSL_free, SSL_CTX_free used in function soap_done

SSL_new, SSL_clear, SSL_connect, SSL_set_session, SSL_SESSION_free, BIO_new_socket, SSL_set_bio, SSL_get_error, SSL_get_verify_result, X509_verify_cert_error_string, SSL_get_peer_certificate, X509_get_ext_count, X509_get_ext, X509_EXTENSION_get_object, X509V3_EXT_get, X509V3_conf_free, X509_get_subject_name, X509_NAME_get_index_by_NID, X509_NAME_get_entry, OPENSSL_free, X509_free

used in function tcp_connect

SSL_SESSION_free, SSL_get1_session, SSL_shutdown, SSL_get_error, SSL_free used in function tcp_disconnect

SSL_peek used in function soap_poll

SSL_CTX_new, SSLv23_method, SSL_CTX_load_verify_locations, SSL_CTX_set_client_CA_list, SSL_load_client_CA_file, SSL_CTX_set_default_verify_paths, SSL_CTX_use_certificate_chain_file, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_set_default_passwd_cb, SSL_CTX_use_PrivateKey_file, SSL_CTX_set_options, SSL_CTX_set_verify, SSL_CTX_set_verify_depth RSA_generate_key(1024, RSA_F4,...), SSL_CTX_set_tmp_rsa, RSA_free, BIO_new_file, BIO_free, PEM_read_bio_DHparams, SSL_CTX_set_tmp_dh, DH_free

used in function ssl_auth_init

X509_STORE_CTX_get_error, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get_error_depth, X509_verify_cert_error_string, X509_NAME_oneline, X509_get_issuer_name, X509_get_subject_name

used in function ssl_verify_callback

X509_STORE_CTX_get_error, X509_STORE_CTX_set_error used in function ssl_verify_callback_allow_expired_certificate

./products/ifmap/server/src/lib/gsoap/th-lock.c

Functions CRYPTO_thread_setup, CRYPTO_thread_cleanup setups and cleanups openssl thread locks

They are used in module ./products/ifmap/server/src/lib/ifmap/client/ifmap_operations.c, functions ifmap_init_client_lib, ifmap_release_client_lib

OpenSSL thread support C-functions: CRYPTO_num_locks, CRYPTO_set_id_callback, CRYPTO_set_locking_callback, CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, CRYPTO_set_dynlock_destroy_callback

./products/ifmap/server/src/lib/ifmap/client/ifmap_operations.c

Function ifmap_init_client - set cipher list for ccmode, it is used in function ifmap_client_connect, modules:

./products/ifmap/server/src/bin/ifmapcd/client.c

./ifmap/server/src/bin/ifmapcd/client.c

OpenSSL C-functions: SSL_CTX_set_cipher_list

Python code

./products/netmri/server/src/pyutil/cert_util.py

Function check_discovery_node checks and regenerate if needed node certificate and node private key file,

it is used in modules:

./products/netmri/server/src/bin/util/anp_vpn_client.py, function start

./products/netmri/server/src/bin/util/anm_vpn_server.py, function start

Package M2Crypto functions: X509.load_cert

./products/netmri/server/src/pyutil/make_discovery_configuration.py

Function cisco_apic_configurations_add_element uses hashlib.md5 to convert 'uuid' (128 bits) to integer of 31 bits,

it is used in function unit_settings_add_element

./products/gog/server/src/pyabs/sso.py

Function sign signs token data, it is used in function get_sso_info

Function _verify verifies SSO Token, it is used in UTs

Package M2Crypto functions:

SMIME.load_key, sign, verify, set_x509_stack, set_x509_store, load_pkcs7_bio

X509.X509_Stack, X509_Store

BIO.MemoryBuffer

./products/gog/server/src/pyutil/cert_util.py

Function create_temp_cert creates a temporary certificate (generates an RSA key pair with key length of 2048 bits, public and sign key with md=SHA1), it is used in function make_join_file

Function make_join_file returns join token,

it is used in module ./products/gog/server/src/pyutil/gog_common.py, function get_join_info

Function m2_generate_and_encode_csr generates signed request, private and public key,

it is used in functions gen_ca_cert, check_mgm_cert, check_node, check_sso

Function m2_sign_csr returns signed certificate, it is used in function gen_ca_cert

Function m2_sign_csr_by_ca returns signed by CA certificate,

it is used in functions check_mgm_cert, check_node, check_sso, sign_csr

Function m2_create_req creates a X509 certificate request,

it is used in functions create_temp_cert, m2_generate_and_encode_csr

Function m2_create_cert_and_sign creates a certificate from a request and sign it,

it is used in functions create_temp_cert, m2_sign_csr, m2_sign_csr_by_ca

Function m2_b64_str_to_rsa feeds a pem string to RSA,

it is used in functions m2_generate_and_encode_csr,

m2_sign_csr, m2_sign_csr_by_ca

and in module ./products/gog/server/src/pyutil/gog_listener_util.py, GoGListenerMsg.__create_digest

Function m2_b64_str_to_x509 converts a string created by m2_x509_to_b64_str() to the corresponging X509 certificate,

it is used in module ./products/gog/server/src/pyutil/sgm_daemon_util.py, function do_join

Package M2Crypto functions:

RSA.gen_key, RSA.load_key, EVP.PKey with md=SHA1 by default

X509.load_cert, load_request_string, load_cert_string, Request, X509_Name, set_serial_number, set_version, set_subject, set_issuer, set_pubkey, set_not_before, set_not_after, sign

ASN1.ASN1_UTCTIME

Python code

./products/gog/server/src/pyutil/sgm_daemon_util.py

Function DBTask.execute_connect handles connect request from subgrid,

it is used in DBTask.__init__ to initialize an action map

Package M2Crypto functions: X509.load_cert_string

./products/gog/server/src/pyutil/gog_listener_util.py

Function GoGListenerMsg.__create_digest signs a digest with the private key using SHA256, it is used in GoGListenerMsg.send_msg

Package hashlib functions: hashlib.sha256

Package M2Crypto functions: RSA.sign

Python code

./products/gog/server/src/pyutil/external_storage_connection.py

Function SignatureWrapper.reset initializes a signature by a new hmac object with digestmod = SHA256,

SignatureWrapper is the base class of classes HTTPResponseWrapper, BufferWrapper, FileWrapper, FileWrapper, BufferWrapper

./products/gog/server/src/pyutil/join_file.py

Function create_password creates a password using the supplied cert and join token,

it is used in modules:

./products/gog/server/src/pyutil/cert_util.py, function make_join_file

./products/one/server/src/pyutil/subgrid.py, function _check_join_info

Package hmac functions: hmac.new

Python code

./products/reporting/server/src/bin/util/splunk_backup.py

Function append_checksum appends checksum SHA256 to the content, it is used in function backup

Package hashlib functions: hashlib.sha256

./products/reporting/server/src/pyabs/reporting_util.py

Function sign_certificate_request signs incoming certificate signing request using CA certificate,

it is used in module ./products/one/server/src/wapi/reporting.py, function signcertificate_funccall

Openssl command:

openssl ca -notext -batch -config os.path.join(dirname,'ca.conf') -in os.path.join(dirname,'csr.pem') -out os.path.join(dirname,'cert.pem')

./products/dns/server/src/pyutil/util.py

Function get_zone_file_name generates zone file name from zonekey using MD5,

it is used in modules:

./products/dns/server/src/pyabs/named_db_files.py, function NamedDBFilesReaderOneDB._add_files

./products/dns/server/src/bin/util/rpz_last_update_time.py, function zone_update

Package hashlib functions: hashlib.new('md5')

./products/dns/server/src/pyabs/idns_util.py

Function add_idns_certificate adds the idns certificate,

it is used in modules:

./products/dns/server/src/wapi/dtc.py, class WAPIObject_dtc_2_6, WFFuncCall('add_certificate',...)

./products/dns/server/src/ibap/idnsfuncs.py, AddIdnsCertificate.execute

Function _unpack_openssl_cipher_list converts an OpenSSL cipher list string to the equivalent list of individual cipher suite strings,

it is used in functions _get_slow_cipher_list, validate_cipher_list

Openssl commands: pkcs12, x509, pkey, rsa

openssl pkcs12 -in cert_and_key_path -info -noout -passin pass:

openssl pkcs12 -in cert_and_key_path -nodes -out pem_path -passin pass:

openssl x509 -in pem_path -out crt_path -text

openssl x509 -noout -modulus -in crt_path

openssl pkey -in pem_path -out key_path -text

openssl pkey -in pem_path -out key_path

openssl rsa -noout -modulus -in key_path

Package M2Crypto functions: SSL.Context('sslv23'), SSL.Connection

./products/one/server/src/cloudinit-gpl/sources/DataSourceIBAzure.py

Function crtfile_to_pubkey extracts a public key from a certificate into format PKCS8,

it is used in function pubkeys_from_crt_files

./products/one/server/src/aws_gateway/aws_out_req.py

Function _get_signed_header returns a header containing a signature, used in function OutRequest.perform

Package hashlib functions: hashlib.sha256

Package hmac functions: hmac.new (digestmod=SHA256)

Python code

./products/one/server/src/aws_gateway/aws_auth.py

Function sign signs a message, used in function getSignatureKey

Function AwsSignatureBase.createStringToSign,

it is used in functions AwsSignatureV4InHdr.parseAmzHdrs, AwsSignatureV4InData.parseAmzHdrs,

Function AwsSignatureBase.verify verifies a signature, used in function authenticate_aws_req

Function AwsSignatureV2InData.verify verifies a signature, used in function authenticate_aws_req

Package hashlib functions: hashlib.sha256

Package hmac functions: hmac.new (digestmod=SHA256)

Python code

./products/one/server/src/admin_conn/wapibase.py

Function PagingPageID._hmac signs data with HMAC-SHA1, used in class functions dump, load

Python code

./products/one/server/src/admin_conn/userauth.py

Function AuthInfo.__sso_verify verifies SSO token, used in class function __check_sso_token

Function AuthInfo.generate_proxy_auth generates the proxy authentication header, used in class function is_proxy_auth_code_valid

Function AuthChallenge.verify verifies auth challenge, used in AuthInfo.checkmac

Package M2Crypto functions:

SMIME.set_x509_stack, set_x509_store, load_pkcs7_bio

X509.X509_Stack, X509_Store

BIO.MemoryBuffer

Package hmac functions: hmac.HMAC (digestmod=SHA256, MD5)

Python code

./products/one/server/src/admin_conn/cookie.py

Function IBCookie._hmac signs data with HMAC-SHA1 or MD5, used in class functions dump, load

Python code

./products/one/server/src/admin_conn/cryptfuncs.py

Function _compute_ssha computes the special IB SHA1 passwd hash, used in function ispasswordsequal

Package hashlib functions: hashlib.sha1

Python code

./products/one/server/src/pyabs/syslog_config.py

Function get_certificate_hash_from_file gets a certificate hash from a file,

it is used in functions make_symlink_to_certificate, create_full_certificate_file_path

Openssl command: openssl x509 -noout -hash -in filename

./products/one/server/src/pyabs/ocsp_auth.py

Function OcspAuthService.__get_responders_from_aia gets OCSP responder address(es) from aia, used in class function _get_effective_responders

Openssl command: openssl x509 -in cert_file -noout -ocsp_uri

./products/one/server/src/pyabs/certificate.py

Function import_http_cert imports http certificate, used in function upload_certificate

Function key_len_verify verifies key length is greater than 2048,

it is used in functions one_generate_and_export_csr, one_assign_self_signed_certificate, import_http_cert, import_eap_ca_cert, import_ifmap_ca_cert, import_tae_ca_cert, import_server_cert

Function _substract_public_key extracts a public key from a certificate, used in function _handle_gen_tlsa_certificate_data

./products/one/server/src/pyabs/captive_portal_common.py

Function CaptivePortalHttpConfGen._is_captive_portal_ca_updated checks if the captive portal CA was updated using MD5, used in class function make_conf

./products/one/server/src/pyabs/endpoint_restapi_util.py

Function gen_endpoint_dxl_certificates generates a self-signed CA and use that to sign a client certificate, returns ca_crt, client_pem: self-signed CA and client certificates,

it is used in function gen_endpoint_dxl_certificates_with_export_data_ref which is used in modules:

./products/one/server/src/wapi/fileops.py, function _generatedxlendpointcerts_funccall

./products/one/server/src/ibap/endpointfuncs.py, class function GenEndpointDxlCertificates.execute

Openssl commands: req, ca

openssl req -new -sha256 -nodes -keyout ca_key -subj ca_subj -out ca_csr

openssl req -new -sha256 -nodes -keyout client_key -subj client_subj -out client_csr

openssl ca -config ssl_cfg_file_name -selfsign -keyfile ca_key -in ca_csr -out ca_crt -batch -startdate startdate -enddate enddate

openssl ca -config ssl_cfg_file_name cert ca_crt -keyfile ca_key -in client_csr -out client_crt -batch -startdate startdate enddate enddate

Python code

./products/one/server/src/pyabs/hsm_safenet_group.py

Function HSMSafeNetGroup.validate_sign_algo checks the signature algo from the server certificate, used in class function restore_server_cert

Openssl command: openssl x509 -in cert_path -text

./products/one/server/src/pyutil/util.py

Function generate_member_virtual_ip_md5 generates MD5 string based on member virtual ip list,

Function generate_anycast_member_virtual_ip_md5 generates MD5 string based on member virtual ip list only for anycast enabled

They are used in module ./products/one/server/src/pyabs/member.py, Member.check_member_changes

Function set_unit_serial_number set the serial number of an appliance, it uses MD5 to check secret,

it is used in module ./products/one/server/src/ibap/miscfuncs.py, SetUnitSerialNumber.execute

Function get_spki_hash returns sha256 hash of Subject Public Key Info of the given cert, used in function revoked

Function get_subject_dn returns issuer DN of the given cert, used in function revoked

Function get_ssl_tls_cipher_suites_mapping returns dict with key - cipher_suite name used by DB and value as cipher suite name used by openssl, used in get_default_cipher_suites_httpd_directive

Package hashlib functions: hashlib.md5

Openssl commands: x509, rsa, sha256

openssl x509 -text -noout

openssl x509 -pubkey -noout

openssl x509 -subject -noout

openssl rsa -pubin -outform DER

openssl sha256

./products/one/server/src/pyutil/subgrid.py

Function _check_join_info verifies join_file and join_token, it verifies the private key matches the public key in the certificate and the certificate is signed by the CA (with SHA1)

it is used in function join_gog and module ./products/one/server/src/ibap/subgridfuncs.py, FetchGridNameBeforeJoin.execute

Package M2Crypto functions:

X509.load_cert_string, get_pubkey

RSA.load_key_string, sign, verify

PKey.get_rsa

./products/one/server/src/pyutil/checked_https_handler.py

Function CheckedHTTPSConnection.connect checks server sert against CA List and cert expiry date, server cert purpose, server cert matches hostname being accessed,

the class is used in CheckedHTTPSHandler.https_open

Package ssl functions: wrap_socket

Package M2Crypto functions: X509.load_cert_string, SSL.Checker

./products/one/server/src/pyutil/tae_util.py

Function register registers this system with an associated TAE system for automation, it requires a certificate from the server,

it is used in module ./products/one/server/src/ibap/miscfuncs.py, TaeRegister.execute

./products/one/server/src/bin/util/gog_listener.py

Function AttachHandler.verify_digest verifies MGM certificate with SHA256, used in class function handle

Package hashlib functions: hashlib.sha256().update

Package M2Crypto functions: X509.get_pubkey, PKey.get_rsa, RSA.verify

Python code

./products/one/server/src/bin/util/member_registration_client.py

Function HTTPSServerAuthConnection.connect connects to a host on a given SSL port, the class is used in NodeRegistration.call

Function validate_ssl_certificate validates the certificate contained in the given pem file, used in function main

Package ssl functions: wrap_socket

Package M2Crypto functions: X509.load_cert

Python code

./products/one/server/src/bin/util/startup_integrity_test.py

Function generate_key_and_certificate generates a private key and certificate, used in function main

Function _gen_sha256sums generates a checksum for each executable file, used in function generate_sha256sums which used in main

Function check_sha256sums extracts the public key from the certificate, verifies checksum file signature and checksums, used in function main

Openssl commands: req, dgst, x509

openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout self.private_key_path -out self.certificate_path -batch

openssl dgst -sha256 -sign self.private_key_path -out self.dgst_file self.checksum_file

openssl x509 -in self.certificate_path -pubkey -noout

openssl dgst -sha256 -verify pubkey_path -signature self.dgst_file self.checksum_file

(along with sha256sum --quiet -c self.checksum_file)

Python code

./products/one/server/src/bin/util/check_vpn_cert_expiry.py

Function node_cert_expired returns 'true' if the vpn cert will expire in 120 days from now else 'false', used in function main

Python code

./products/one/server/src/outbound/lib/ssl_wrapper.py

Class WrapSSLSocket is derived from ssl.SSLSocket which provides a socket-like wrapper that also encrypts and decrypts the data going over the socket with SSL,

it is used in WrapHTTPSConnection.connect to connect to a host on a given SSL port

Package ssl class: ssl.SSLSocket

./products/ifmap/server/src/bin/util/check_ifmap_client_conf.py

Function make_ifmap_client_config creates a file holding DHCP IF-MAP client configuration, calculates a password hash by MD5, used in function main

Package hashlib functions: hashlib.md5

./vnios/dnsfw_util/product_activation.py

Function main among other things generates HASH using HMAC_SHA256 algorithm and API_KEY as salt/privateKey

Package hashlib functions: hashlib.sha256

Package hmac functions: hmac.new (digestmod=SHA256)

./common/server/src/pyutil/util.py

Function file_md5_checksum calculates md5 checksum for a file,

it is used in module ./products/gog/server/src/pyabs/nios_image.py, NiosImage.insert

Package hashlib functions: hashlib.md5

Python code

./common/server/src/pyutil/libsguenforce.py

Function GenericParser.init_md5 initializes md5 class member, used in derived class MessageParser, function typedef_struct_state

Python code

./common/server/src/ibpyamz/auth.py

Function payload_digest creates a hash of a payload (http-request body) with SHA256, used in function canonical_request

Function canonical_request_digest creates a hash of a canonical request string with SHA256, used in function string_to_sign

Function _digest digests a message using HMAC_SHA256 algorithm, used in function signature_key

Function signature hexdigests a string using HMAC_SHA256 algorithm, used in function authorize

Package hashlib functions: hashlib.sha256

Package hmac functions: hmac.new (digestmod=SHA256)

./products/reporting/server/src/bin/util/make_splunk_certs.sh

These functions are used to create splunk certificates and pem files

'openssl' command

openssl req -new -keyout tmpkey.pem -out $REQ -newkey rsa:2048 \ -subj "$SUBJECT" -sha256 -days 10958 -passout pass:password

openssl rsa -in tmpkey.pem -out $KEY -passin pass:password

openssl rsa -in $KEY -out tmpkey.pem -passout pass:password -aes128

openssl ca -config ca.conf -in $REQ -out $CERT \ -cert cacert.pem -keyfile cakey.pem -notext -batch

openssl req -x509 -days 10958 -newkey rsa:2048 -sha256 \ -subj "$SUBJECT" \ -out $CERT -keyout tmpkey.pem -passout pass:password

openssl rsa -in tmpkey.pem -out $KEY -passin pass:password

Bash script

./products/reporting/server/src/bin/util/splunk_app_common.sh

Function splunk_app_data_restore() to restore

splunk_app_data_backup() for splunk backup

'openssl' command

openssl dgst -sha256 -hmac $REPORTING_HMAC_KEY $spl_filename

openssl dgst -sha256 -hmac $REPORTING_HMAC_KEY ${TAR_FILE} > ${TAR_FILE}".sha256"

Bash script   

./products/one/server/src/bin/util/check_cert_expire.sh

For certificat expiry check

'openssl' command

openssl x509 -in $ARGV -noout -text

./products/one/server/src/bin/util/check_vpn_cert_dates.sh

To check the vpn certificate date

     'openssl' command

openssl x509 -noout -in $NODE_CRT_FILE -dates

./products/one/server/src/bin/util/sync_files_with_master.sh

1. To get GM end date

2. To get the appliance end date

3. To get GM CaCert.pem end date

4. To get the appliance CaCert.pem end date

'openssl' command

openssl x509 -noout -in /tmp/node.crt -enddate

openssl x509 -noout -in /infoblox/security/keys/node.crt -enddate

openssl x509 -noout -in /tmp/vpn_CaCert.pem -enddate

openssl x509 -noout -in /infoblox/security/keys/vpn_CaCert.pem -enddate

./products/one/server/src/bin/util/validate_server_cert.sh

This function is called through /infoblox/one/bin/check_cert_expire

'openssl' command

openssl x509 -in $ARGV -noout -text

Bash script

./products/one/server/src/bin/util/retrieve_remote_certificate.sh

To retrieve remote certificate

'openssl' command

${OPENSSL} s_client -connect ${remhost}:${remport} 2>&1 > ${tmpfile}

Bash script

./vnios/cloud-init/elastic_scale_iso.sh

Verify certificate() to verify the certificate

'openssl' command

openssl verify ${CERT_FILE} >/dev/null 2>&1

Bash script

./bind9/contrib/dane/mkdane.sh

Generate a DNS RR from an x.509 certificate

'openssl' command

openssl x509 -in "$IN" -inform "$FORM" -outform DER

openssl x509 -in "$IN" -inform "$FORM" -noout -pubkey

openssl dgst -sha256

openssl dgst -sha512

Bash script

./security/tools/build-vpn-cert.sh

Function GenNodeCert()

1.Generating key for node

2.Generating CSR for node

3.signing certificate for node

4.Generating DH key

'openssl' command

1. openssl genrsa -out $KDIR/node${CERTNAME}.key 2048

2. openssl req -new -key $KDIR/node${CERTNAME}.key -out $CDIR/node${CERTNAME}.req -outform PEM -config $CDIR/vpngen${CERTNAME}.conf -batch

3. openssl ca -keyfile $PKEY -batch -notext -in $CDIR/node${CERTNAME}.req \ -cert $PCERT -config $CDIR/vrca.conf -key infoblox \ -out $KDIR/node${CERTNAME}.crt \ -startdate 040101000000Z \ -enddate 371231235959Z

4. openssl dhparam -out $KDIR/dh.pem 2048

Bash script

./vnios/build-ova.sh

generate-mf()

Dumps the SHA1 fingerprints of ovf and vmdk files to the .mf file

'openssl' command

openssl sha1

Bash script

The below files doesnt have openssl command in it

./strip_aslan_root.sh

./remove_packages.sh

./products/one/server/src/bin/util/one_common.sh

'openssl' command

Primarily used for DNSSEC

modules which use OpenSSL functions:

./products/one/server/src/pyabs/hsm_safenet_group.py

Function HSMSafeNetGroup.validate_sign_algo checks the signature algo from the server certificate, it is used in HSMSafeNetGroup.restore_server_cert which is used in insert, update

Openssl command: openssl x509 -in cert_path -text