You must configure the TOE to perform cryptographic operations using FIPS. To configure the FIPS mode setting, use the set fips_mode command. Enter y to enable and confirm the setting and another y to confirm that you are ready to continue.
Note: Infoblox does not recommend upgrade from a non FIPS system to a FIPS system.
Following are the events that are logged and examples of their corresponding syslog messages:
GSS-TSIG
Event: ISC library in BIND sources: Definition of element hsha (of type pk11_context_t) in the union ctx in function sign()
Message: ./fipscc_nios/bind9/lib/isccc/cc.c:242: isc_hmacsha1_t hsha;
Event: ISC library in BIND sources: A HMAC-SHA1 case in algorithm switch block in the function sign()
Message: ./fipscc_nios/bind9/lib/isccc/cc.c:264: case ISCCC_ALG_HMACSHA1:
Event: ISC library in BIND sources: aHMAC-SHA1 context initialized
Message: ./fipscc_nios/bind9/lib/isccc/cc.c:265: isc_hmacsha1_init(&ctx.hsha, secret->rstart,
Event: ISC library in BIND sources: a HMAC-SHA1 context updated
Message: ./fipscc_nios/bind9/lib/isccc/cc.c:267: isc_hmacsha1_update(&ctx.hsha, data, length);
Event: ISC library in BIND sources: a HMAC-SHA1 context signed
Message:./fipscc_nios/bind9/lib/isccc/cc.c:268: isc_hmacsha1_sign(&ctx.hsha, digest, .
Event: ISC library in BIND sources: macro name .
Message:./fipscc_nios/bind9/lib/isccc/cc.c:269: ISC_SHA1_DIGESTLENGTH);
Event: ISC library in BIND sources:
Message: ./fipscc_nios/bind9/lib/isccc/cc.c:270: source.rend = digest + ISC_SHA1_DIGESTLENGTH; macro name
Event: ISC library in BIND sources: definition of element hsha (of type pk11_context_t) in the union ctx in function verify()
Message: ./fipscc_nios/bind9/lib/isccc/cc.c:389: isc_hmacsha1_t hsha;
Event: ISC library in BIND sources: a HMAC-SHA1 case in algorithm switch block in the function verify()
Message:./fipscc_nios/bind9/lib/isccc/cc.c:428: case ISCCC_ALG_HMACSHA1:
Event: ISC library in BIND sources: a HMAC-SHA1 context initialized
Message: ./fipscc_nios/bind9/lib/isccc/cc.c:429: isc_hmacsha1_init(&ctx.hsha, secret->rstart,
Event: ISC library in BIND sources: a HMAC-SHA1 context updated
Message: ./fipscc_nios/bind9/lib/isccc/cc.c:431: isc_hmacsha1_update(&ctx.hsha, data, length);
Event: ISC library in BIND sources: a HMAC-SHA1 context signed
Message: ./fipscc_nios/bind9/lib/isccc/cc.c:432: isc_hmacsha1_sign(&ctx.hsha, digest,
Event: ISC library in BIND sources: macro name
Message: ./fipscc_nios/bind9/lib/isccc/cc.c:433: ISC_SHA1_DIGESTLENGTH);
Event: ISC library in BIND sources: macro name
Message: ./fipscc_nios/bind9/lib/isccc/cc.c:434: source.rend = digest + ISC_SHA1_DIGESTLENGTH;
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isccc/include/isccc/cc.h:48:#define ISCCC_ALG_HMACSHA1 161
Event: BIND sources macro usage
Message: ./fipscc_nios/bind9/lib/bind9/check.c:44:#ifdef HMAC_SHA1_SIT
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/bind9/check.c:45:#include <isc/sha1.h>
Event: BIND sources macro usage
Message: ./fipscc_nios/bind9/lib/bind9/check.c:1195:#ifdef HMAC_SHA1_SIT
Event: BIND sources macro usage
Message: ./fipscc_nios/bind9/lib/bind9/check.c:1197: isc_buffer_usedlength(&b) != ISC_SHA1_DIGESTLENGTH) {
Event: BIND sources string literal
Message: ./fipscc_nios/bind9/lib/bind9/check.c:1199: "SHA1 sit-secret must be on 160 bits");
Event: BIND sources: element of static constant array (definition) of algorithm names
Message: ./fipscc_nios/bind9/lib/bind9/check.c:2179: { "hmac-sha1", 160 },
Event: BIND sources macro usage
Message: ./fipscc_nios/bind9/lib/bind9/check.c:2603: if ((alg == DST_ALG_RSASHA1 || alg == DST_ALG_RSAMD5) &&
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:20: * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:31:#include
Event: ISC library in BIND: HMAC-SHA1 hash init function isc_hmacsha1_init() which is a wrapper for HMAC_Init()
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:44:isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
Event:ISC library in BIND: HMAC-SHA1 context gets initialized in function isc_hmacsha1_init() by calling HAMC_Init() using hash function EVP_sha1() as an argument
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:49: (int) len, EVP_sha1()) == 1);
Event: ISC library in BIND: HMAC-SHA1 context gets initialized in function isc_hmacsha1_init() by calling HAMC_Init() using hash function EVP_sha1() as an argument
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:51: HMAC_Init(ctx, (const void *) key, (int) len, EVP_sha1());
Event: ISC library in BIND: definition of the function isc_hmacsha1_invalidate() (which is a wrapper for HMAC_CTX_cleanup()) with an argument of type isc_hmacsha1_t (which is a type defined for pk11_context_t, which in turn is struct pk11_context )
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:56:isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
Event: ISC library in BIND: definition of the function isc_hmacsha1_update() (which is a wrapper for HMAC_Update()) with argument of type isc_hmacsha1_t (which is a type defined for pk11_context_t, which in turn is struct pk11_context)
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:61:isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
Event: ISC library in BIND: definition of the function isc_hmacsha1_sign() (which is an extension for HMAC_Final())
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:72:isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:73: unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:75: REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
Event: ISC library in BIND: HMAC-SHA1 hash init function isc_hmacsha1_init() with an argument *ctx of type isc_hmacsha1_t (which is a type defined for pk11_context_t, which in turn is struct pk11_context )
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:269:isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
Event: ISC library in BIND: HMAC-SHA1 hash invalidate function isc_hmacsha1_invalidate() with an argument *ctx of type isc_hmacsha1_t (which is a type defined for pk11_context_t, which in turn is struct pk11_context)
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:298:isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:299: CK_BYTE garbage[ISC_SHA1_DIGESTLENGTH];
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:300: CK_ULONG len = ISC_SHA1_DIGESTLENGTH;
Event: ISC library in BIND: HMAC-SHA1 hash update function isc_hmacsha1_update() with an argument *ctx of type isc_hmacsha1_t (which is a type defined for pk11_context_t, which in turn is struct pk11_context )
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:313:isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
Event: ISC library in BIND: HMAC-SHA1 hash sign function isc_hmacsha1_sign() with an argument *ctx of type isc_hmacsha1_t (which is a type defined for pk11_context_t, which in turn is struct pk11_context )
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:325:isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:327: CK_BYTE newdigest[ISC_SHA1_DIGESTLENGTH];
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:328: CK_ULONG psl = ISC_SHA1_DIGESTLENGTH;
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:330: REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:639: * Start HMAC-SHA1 process. Initialize an sha1 context and digest the key.
Event: ISC library in BIND: HMAC-SHA1 hash init function isc_hmacsha1_invalidate() with an argument *ctx of type isc_hmacsha1_t (which is a type defined for pk11_context_t, which in turn is struct pk11_context )
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:642:isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:645: unsigned char ipad[ISC_SHA1_BLOCK_LENGTH];
Event: ISC library in BIND: declared variable sha1ctx of type isc_sha1_t (which is defined for type EVP_MD_CTX) for usage within the function isc_hmacsha1_init
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:650: isc_sha1_t sha1ctx;
Event: ISC library in BIND: in the function isc_hmacsha1_init(): calling the function isc_sha1_init() of the same library with an argument named sha1ctx
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:651: isc_sha1_init(&sha1ctx);
Event: ISC library in BIND: in the function isc_hmacsha1_init(): calling the function isc_sha1_update() of the same library with an argument named sha1ctx
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:652: isc_sha1_update(&sha1ctx, key, len);
Event: ISC library in BIND: in the function isc_hmacsha1_init(): calling the function isc_sha1_final() of the same library with an argument named sha1ctx
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:653: isc_sha1_final(&sha1ctx, ctx→key);
Event: ISC library in BIND: from the function isc_hmacsha1_init(): calling the function isc_sha1_init() to initialize the HMAC-SHA1 context
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:657: isc_sha1_init(&ctx->sha1ctx);
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:659: for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++)
Event: ISC library in BIND: update the HMAC-SHA1 context by calling the function isc_sha1_update() (it will descend in call of EVP_DigestUpdate())
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:661: isc_sha1_update(&ctx->sha1ctx, ipad, sizeof(ipad));
Event: ISC library in BIND: definition of function isc_hmacsha1_invalidate() which has an argument of type isc_hmacsha1_t (which is struct pk11context in the end)
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:665:isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
Event: ISC library in BIND: from the function isc_hmacsha1_invalidate(): calling isc_sha1_invalidate() with an argument that has "sha1" in its name
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:666: isc_sha1_invalidate(&ctx->sha1ctx);
Event: ISC library in BIND: definition of the function isc_hmacsha1_update() which is a wrapper for isc_sha1_update() and updates the HMAC-SHA1 context by another buffer of bytes
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:675:isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
Event: ISC library in BIND: from the function isc_hmacsha1_sign(): call isc_sha1_update() to update the HMAC-SHA1 context by another buffer of bytes
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:678: isc_sha1_update(&ctx->sha1ctx, buf, len);
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:682: * Compute signature - finalize SHA1 operation and reapply SHA1.
Event: ISC library in BIND: definition of the function isc_hmacsha1_sign() which computes the signature by finalizing SHA1 operation
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:685:isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:686: unsigned char opad[ISC_SHA1_BLOCK_LENGTH];
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:687: unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:690: REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
Event: ISC library in BIND: from the function isc_hmacsha1_sign(): call isc_sha1_final() to compute the signature by finalizing SHA1 operation
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:691: isc_sha1_final(&ctx->sha1ctx, newdigest);
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:694: for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++)
Event: ISC library in BIND: from the function isc_hmacsha1_sign(): call isc_sha1_init() to initialize HMAC-SHA1 context
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:697: isc_sha1_init(&ctx->sha1ctx);
Event: ISC library in BIND: from the function isc_hmacsha1_sign(): call isc_sha1_update() to update HMAC-SHA1 context with new bytes
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:698: isc_sha1_update(&ctx->sha1ctx, opad, sizeof(opad));
Event: ISC library in BIND: from the function isc_hmacsha1_sign(): call isc_sha1_update() to update HMAC-SHA1 context with new bytes
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:699: isc_sha1_update(&ctx->sha1ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
Event: ISC library in BIND: from the function isc_hmacsha1_sign(): call isc_sha1_final() to finalize HMAC-SHA1 context
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:700: isc_sha1_final(&ctx->sha1ctx, newdigest);
Event: ISC library in BIND: from the function isc_hmacsha1_sign(): call isc_sha1_invalidate() to invalidate HMAC-SHA1 context (i.e. call HMAC_CTX_cleanup() underneath)
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:701: isc_hmacsha1_invalidate(ctx);
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:972: * Verify signature - finalize SHA1 operation and reapply SHA1, then
Event: ISC library in BIND: definition of the function isc_hmacsha1_verify() which verifies signatures
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:976:isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:977: unsigned char newdigest[ISC_SHA1_DIGESTLENGTH];
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:979: REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/hmacsha.c:980: isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/isc/entropy.c:44:#include <isc/sha1.h>
Event: ISC library in BIND sources: declaration of a variable of type isc_sha1_t (i.e. EVP_MD_CTX)
Message: ./fipscc_nios/bind9/lib/isc/entropy.c:537: isc_sha1_t hash;
Event: ISC library in BIND sources: macro name
Message: ./fipscc_nios/bind9/lib/isc/entropy.c:538: unsigned char digest[ISC_SHA1_DIGESTLENGTH];
Event: ISC library in BIND sources: a HMAC-SHA1 context initialized in function isc_entropy_getdata()
Message: ./fipscc_nios/bind9/lib/isc/entropy.c:612: isc_sha1_init(&hash);
Event: ISC library in BIND sources: a HMAC-SHA1 context updated in function isc_entropy_getdata()
Message: ./fipscc_nios/bind9/lib/isc/entropy.c:613: isc_sha1_update(&hash, (void *)(ent->pool.pool),
Event: ISC library in BIND sources: a HMAC-SHA1 context finalized in function isc_entropy_getdata()
Message: ./fipscc_nios/bind9/lib/isc/entropy.c:615: isc_sha1_final(&hash, digest);
Event: ISC library in BIND sources: macro name
Message: ./fipscc_nios/bind9/lib/isc/entropy.c:620: entropypool_adddata(ent, digest, ISC_SHA1_DIGESTLENGTH, 0);
Event: ISC win32 library in BIND: list of e[ported functions from libisc has literal "isc_hmacsha1_init" listed
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.def.in:279:isc_hmacsha1_init
Event: ISC win32 library in BIND: list of e[ported functions from libisc has literal "isc_hmacsha1_invalidate" listed
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.def.in:280:isc_hmacsha1_invalidate
Event: ISC win32 library in BIND: list of e[ported functions from libisc has literal "isc_hmacsha1_sign" listed
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.def.in:281:isc_hmacsha1_sign
Event: ISC win32 library in BIND: list of e[ported functions from libisc has literal "isc_hmacsha1_update" listed
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.def.in:282:isc_hmacsha1_update
Event: ISC win32 library in BIND: list of e[ported functions from libisc has literal "isc_hmacsha1_verify" listed
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.def.in:283:isc_hmacsha1_verify
Event: ISC win32 library in BIND: list of e[ported functions from libisc has literal "isc_sha1_final" listed
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.def.in:540:isc_sha1_final
Event: ISC win32 library in BIND: list of e[ported functions from libisc has literal "isc_sha1_init" listed
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.def.in:541:isc_sha1_init
Event: ./fipscc_nios/bind9/lib/isc/win32/libisc.def.in:542:isc_sha1_invalidate
Message: ISC win32 library in BIND: list of e[ported functions from libisc has literal "isc_sha1_invalidate" listed
Event: ./fipscc_nios/bind9/lib/isc/win32/libisc.def.in:543:isc_sha1_update
Message: ISC win32 library in BIND: list of e[ported functions from libisc has literal "isc_sha1_update" listed
Event: BIND sources, MS libs dev studio project file lists sha1.h
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.dsp.in:550:SOURCE=..\include\isc\sha1.h
Event: BIND sources, MS libs dev studio project file lists sha1.c
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.dsp.in:866:SOURCE=..\sha1.c
Event: ISC win32 library in BIND: list of library included headers has sha1.h listed
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.vcxproj.filters.in:220:
Event: ISC win32 library in BIND: list of library sources includes sha1.c
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.vcxproj.filters.in:615:
Event: ISC win32 library in BIND: list of library included headers has sha1.h listed
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.vcxproj.in:336:
Event: ISC win32 library in BIND: list of library sources includes sha1.c
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.vcxproj.in:448:
Event: Literal in NMAKE file generated from libisc.dsp by MS Studio
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.mak.in:189: -@erase "$(INTDIR)\sha1.obj"
Event: Literal in NMAKE file generated from libisc.dsp by MS Studio
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.mak.in:310: "$(INTDIR)\sha1.obj" \
Event: Literal in NMAKE file generated from libisc.dsp by MS Studio
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.mak.in:481: -@erase "$(INTDIR)\sha1.obj"
Event: Literal in NMAKE file generated from libisc.dsp by MS Studio
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.mak.in:482: -@erase "$(INTDIR)\sha1.sbr"
Event: Literal in NMAKE file generated from libisc.dsp by MS Studio
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.mak.in:620: "$(INTDIR)\sha1.sbr" \
Event: Literal in NMAKE file generated from libisc.dsp by MS Studio
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.mak.in:724: "$(INTDIR)\sha1.obj" \
Event: Literal in NMAKE file generated from libisc.dsp by MS Studio
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.mak.in:2127:SOURCE=..\sha1.c
Event: Literal in NMAKE file generated from libisc.dsp by MS Studio
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.mak.in:2132:"$(INTDIR)\sha1.obj" : $(SOURCE) "$(INTDIR)"
Event: Literal in NMAKE file generated from libisc.dsp by MS Studio
Message: ./fipscc_nios/bind9/lib/isc/win32/libisc.mak.in:2139:"$(INTDIR)\sha1.obj" "$(INTDIR)\sha1.sbr" : $(SOURCE) "$(INTDIR)"
Event: ISC library in BIND: PKCS11 related macro usage
Message: ./fipscc_nios/bind9/lib/isc/pk11.c:713: rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA1_RSA_PKCS,
Event: ISC library in BIND: PKCS11 related macro usage
Message: ./fipscc_nios/bind9/lib/isc/pk11.c:745: rv = pkcs_C_GetMechanismInfo(slot, CKM_DSA_SHA1, &mechInfo);
Event: BIND Makefile object list
Message: ./fipscc_nios/bind9/lib/isc/Makefile.in:86: safe.@O@ serial.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
Event: BIND Makefile object list
Message: ./fipscc_nios/bind9/lib/isc/Makefile.in:105: safe.@O@ serial.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
Event: BIND Makefile sources list
Message: ./fipscc_nios/bind9/lib/isc/Makefile.in:122: safe.c serial.c sha1.c sha2.c sockaddr.c stats.c string.c \
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/isc/iterated_hash.c:23:#include <isc/sha1.h>
Event: ISC library in BIND sources: macro name
Message: ./fipscc_nios/bind9/lib/isc/iterated_hash.c:27:isc_iterated_hash(unsigned char out[ISC_SHA1_DIGESTLENGTH],
Event: ISC library in BIND sources: declaration of a variable of type isc_sha1_t (i.e. EVP_MD_CTX)
Message: ./fipscc_nios/bind9/lib/isc/iterated_hash.c:32: isc_sha1_t ctx;
Event: ISC library in BIND sources: a SHA1 context gets initialized in function isc_iterated_hash()
Message: ./fipscc_nios/bind9/lib/isc/iterated_hash.c:39: isc_sha1_init(&ctx);
Event: ISC library in BIND sources: a SHA1 context gets updated in function isc_iterated_hash()
Message: ./fipscc_nios/bind9/lib/isc/iterated_hash.c:40: isc_sha1_update(&ctx, in, inlength);
Event: ISC library in BIND sources: a SHA1 context gets updated in function isc_iterated_hash()
Message: ./fipscc_nios/bind9/lib/isc/iterated_hash.c:41: isc_sha1_update(&ctx, salt, saltlength);
Event: ISC library in BIND sources: a SHA1 context gets finalized in function isc_iterated_hash()
Message: ./fipscc_nios/bind9/lib/isc/iterated_hash.c:42: isc_sha1_final(&ctx, out);
Event: ISC library in BIND sources: macro name
Message: ./fipscc_nios/bind9/lib/isc/iterated_hash.c:44: inlength = ISC_SHA1_DIGESTLENGTH;
Event: ISC library in BIND sources: macro name
Message: ./fipscc_nios/bind9/lib/isc/iterated_hash.c:47: return (ISC_SHA1_DIGESTLENGTH);
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:671:/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:675:#define CKM_SHA1_RSA_PKCS 0x00000006 Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:683:/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:684: * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:687:#define CKM_SHA1_RSA_X9_31 0x0000000C
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:689:#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:693:#define CKM_DSA_SHA1 0x00000012
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:888:#define CKM_SSL3_SHA1_MAC 0x00000381
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:891:#define CKM_SHA1_KEY_DERIVATION 0x00000392
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:907:#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:908:#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:909:#define CKM_PBE_SHA1_RC4_128 0x000003A6
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:910:#define CKM_PBE_SHA1_RC4_40 0x000003A7
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:911:#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:912:#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:913:#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:914:#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:919:#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:1000:#define CKM_ECDSA_SHA1 0x00001042
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:1378:#define CKG_MGF1_SHA1 0x00000001
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:1425:#define CKD_SHA1_KDF 0x00000002
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:1482:#define CKD_SHA1_KDF_ASN1 0x00000003
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:1483:#define CKD_SHA1_KDF_CONCATENATE 0x00000004
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/pkcs11/pkcs11t.h:1857:#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:20: * This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:29:#include <isc/sha1.h>
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:33:#define ISC_HMACSHA1_KEYLENGTH ISC_SHA1_BLOCK_LENGTH
Event: ISC BIND header defines an internal type for HMAC_CTX
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:42:typedef HMAC_CTX isc_hmacsha1_t;
Event: ISC BIND header defines an internal type for struct pk11_context
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:51:typedef pk11_context_t isc_hmacsha1_t;
Event: ISC library in BIND sources: declatation of a variable of type isc_sha1_t (i.e. EVP_MD_CTX)
Message:./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:60: isc_sha1_t sha1ctx;
Event: ISC library in BIND: a macro with SHA1 in its name is used as an array length
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:61: unsigned char key[ISC_HMACSHA1_KEYLENGTH];
Event: ISC library in BIND: a type with name isc_hmacsha1_t is defined
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:62:} isc_hmacsha1_t;
Event: ISC library in BIND: a function isc_hmacsha1_init() is declared
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:88:isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
Event: ISC library in BIND: a function isc_hmacsha1_invalidate() is declared
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:92:isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx);
Event: ISC library in BIND: a function isc_hmacsha1_update() is declared
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:95:isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf,
Event: ISC library in BIND: a function isc_hmacsha1_sign() is declared
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:99:isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len);
Event: ISC library in BIND: a function isc_hmacsha1_verify() is declared
Message: ./fipscc_nios/bind9/lib/isc/include/isc/hmacsha.h:102:isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len);
Event: ISC library in BIND: macro usage
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:18:#ifndef ISC_SHA1_H
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:19:#define ISC_SHA1_H 1
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:21:/* $Id: //IB/proj/fipscc_nios/bind9/lib/isc/include/isc/sha1.h#1 $ */
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:23:/* $NetBSD: sha1.h,v 1.2 1998/05/29 22:55:44 thorpej Exp $ */
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:25:/*! \file isc/sha1.h
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:26: * \brief SHA-1 in C
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:35:#define ISC_SHA1_DIGESTLENGTH 20U
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:36:#define ISC_SHA1_BLOCK_LENGTH 64U
Event: ISC BIND header: definition of type isc_sha1_t (i.e. EVP_MD_CTX)
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:41:typedef EVP_MD_CTX isc_sha1_t;
Event: ISC library in BIND: type pk11_context_t definition (which is essentially a struct pk11_context)
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:46:typedef pk11_context_t isc_sha1_t;
Event: ISC lib in BIND headers: macro usage
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:53: unsigned char buffer[ISC_SHA1_BLOCK_LENGTH];
Event: ISC library headers in BIND, type isc_sha1_t definition as structure that is used in case of undefined PKCS11CRYPTO macro which probably means absence of pk11/pk11.h
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:54:} isc_sha1_t;
Event: ISC library headers in BIND, declaration of the function isc_sha1_init()
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:60:isc_sha1_init(isc_sha1_t *ctx);
Event: ISC library headers in BIND, declaration of the function isc_sha1_invalidate()
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:63:isc_sha1_invalidate(isc_sha1_t *ctx);
Event: ISC library headers in BIND, declaration of the function isc_sha1_update()
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:66:isc_sha1_update(isc_sha1_t *ctx, const unsigned char *data, unsigned int len);
Event: ISC library headers in BIND, declaration of the function isc_sha1_final()
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:69:isc_sha1_final(isc_sha1_t *ctx, unsigned char *digest);
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/include/isc/sha1.h:73:#endif /* ISC_SHA1_H */
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/isc/include/isc/iterated_hash.h:23:#include <isc/sha1.h>
Event: BIND sources Makefile
Message: ./fipscc_nios/bind9/lib/isc/include/isc/Makefile.in:39: safe.h serial.h sha1.h sha2.h sockaddr.h socket.h \
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:18:/* $Id: //IB/proj/fipscc_nios/bind9/lib/isc/sha1.c#1 $ */
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:20:/* $NetBSD: sha1.c,v 1.5 2000/01/22 22:19:14 mycroft Exp $ */
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:21:/* $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ */
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:24: * SHA-1 in C
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:42:#include <isc/sha1.h>
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:18:/* $Id: //IB/proj/fipscc_nios/bind9/lib/isc/sha1.c#1 $ */
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:20:/* $NetBSD: sha1.c,v 1.5 2000/01/22 22:19:14 mycroft Exp $ */
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:21:/* $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ */
Event: .BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:24: * SHA-1 in C
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:42:#include <isc/sha1.h>
Event: Function isc_sha1_init definition
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:54:isc_sha1_init(isc_sha1_t *context)
Event: Argument of EVP_DigestInit call
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:58: RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha1()) == 1);
Event: Function isc_sha1_invalidate definition
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:62:isc_sha1_invalidate(isc_sha1_t *context) {
Event: Function isc_sha1_update definition
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:67:isc_sha1_update(isc_sha1_t *context, const unsigned char *data,
Event: Function isc_sha1_final definition
Message:./fipscc_nios/bind9/lib/isc/sha1.c:79:isc_sha1_final(isc_sha1_t *context, unsigned char *digest) {
Event: Function isc_sha1_init definition
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:89:isc_sha1_init(isc_sha1_t *ctx) {
Event: Function isc_sha1_invalidate definition
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:99:isc_sha1_invalidate(isc_sha1_t *ctx) {
Event: Local variables in function isc_sha1_invalidate
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:
100: CK_BYTE garbage[ISC_SHA1_DIGESTLENGTH];
101: CK_ULONG len = ISC_SHA1_DIGESTLENGTH;
Event: Function isc_sha1_update definition
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:111:isc_sha1_update(isc_sha1_t *ctx, const unsigned char *buf, unsigned int len) {
Event: Function isc_sha1_final definition
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:121:isc_sha1_final(isc_sha1_t *ctx, unsigned char *digest) {
Event: Local variable in function isc_sha1_final
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:123: CK_ULONG len = ISC_SHA1_DIGESTLENGTH;
Event: Comment to macros R0, R1, R2, R3, R4
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:155: * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1
Event: Comment to function isc_sha1_init
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:315: * isc_sha1_init - Initialize new context
Event: ISC BIND library function to init SHA-1
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:318:isc_sha1_init(isc_sha1_t *context)
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:322: /* SHA1 initialization constants */
Event: Function isc_sha1_invalidate definition
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:333:isc_sha1_invalidate(isc_sha1_t *context) {
Event: Code of function isc_sha1_invalidate
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:334: memset(context, 0, sizeof(isc_sha1_t));
Event: Function isc_sha1_update definition
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:341:isc_sha1_update(isc_sha1_t *context, const unsigned char *data,
Event: Function isc_sha1_final definition
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:375:isc_sha1_final(isc_sha1_t *context, unsigned char *digest) {
Event: Function isc_sha1_update definition
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:389: isc_sha1_update(context, &final_200, 1);
Event: Code in function isc_sha1_update
Message: ./fipscc_nios/bind9/lib/isc/sha1.c:
391: isc_sha1_update(context, &final_0, 1);
393: isc_sha1_update(context, finalcount, 8);
402: memset(context, 0, sizeof(isc_sha1_t));
Event: Assign local variable alg in function set_key
Message: ./fipscc_nios/bind9/lib/samples/resolve.c:136: alg = DNS_KEYALG_RSASHA1;
Event: Part of macro algname_is_allocated(algname)
Message: ./fipscc_nios/bind9/lib/dns/tsig.c:81: (algname) != dns_tsig_hmacsha1_name && \
Event: Module variables definition
Message: ./fipscc_nios/bind9/lib/dns/tsig.c:
133:static unsigned char hmacsha1_ndata[] = "\011hmac-sha1";
134:static unsigned char hmacsha1_offsets[] = { 0, 10 };
Event: hmacsha1 - instance of struct dns_name
Message: ./fipscc_nios/bind9/lib/dns/tsig.c:
136:static dns_name_t hmacsha1 = {
138: hmacsha1_ndata, 11, 2,
140: hmacsha1_offsets, NULL,
Event: Module variable definition
Message: ./fipscc_nios/bind9/lib/dns/tsig.c:145:LIBDNS_EXTERNAL_DATA dns_name_t *dns_tsig_hmacsha1_name = &hmacsha1;
Event: Code of function ib_dns_tsigkey_createfromkey
Message: ./fipscc_nios/bind9/lib/dns/tsig.c:
448: } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA1_NAME)) {
449: tkey->algorithm = DNS_TSIG_HMACSHA1_NAME;
450: if (dstkey != NULL && dst_key_alg(dstkey) != DST_ALG_HMACSHA1) {
Event: Code in function dst_alg_fromname
Message: ./fipscc_nios/bind9/lib/dns/tsig.c:
699: } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA1_NAME)) {
700: return (DST_ALG_HMACSHA1);
Event: Code in function dns_tsigkey_create
Message: ./fipscc_nios/bind9/lib/dns/tsig.c:
896: } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA1_NAME)) {
902: result = dst_key_frombuffer(name, DST_ALG_HMACSHA1,
Event: Check algorithm type in function dns_tsig_verify
Message: ./fipscc_nios/bind9/lib/dns/tsig.c:1523: if (alg == DST_ALG_HMACMD5 || alg == DST_ALG_HMACSHA1 ||
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/dns/openssldsa_link.c:45:#include <isc/sha1.h>
Event: Code of function openssldsa_createctx
Message: ./fipscc_nios/bind9/lib/dns/openssldsa_link.c:
78: isc_sha1_t *sha1ctx;
82: sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
83: isc_sha1_init(sha1ctx);
84: dctx->ctxdata.sha1ctx = sha1ctx;
Event: Code of function openssldsa_destroyctx
Message: ./fipscc_nios/bind9/lib/dns/openssldsa_link.c:
99: isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
101: if (sha1ctx != NULL) {
102: isc_sha1_invalidate(sha1ctx);
103: isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t));
104: dctx->ctxdata.sha1ctx = NULL;
Event: Code of function openssldsa_adddata
Message: ./fipscc_nios/bind9/lib/dns/openssldsa_link.c:
118: isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
120: isc_sha1_update(sha1ctx, data->base, data->length);
Event: Code of function openssldsa_sign
Message: ./fipscc_nios/bind9/lib/dns/openssldsa_link.c:
148: isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
149: unsigned char digest[ISC_SHA1_DIGESTLENGTH];
153: if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
200: dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
206: isc_sha1_final(sha1ctx, digest);
208: dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
221: BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
222: isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
223: BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH);
224: isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
226: isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
Event: Code of function openssldsa_verify
Message: ./fipscc_nios/bind9/lib/dns/openssldsa_link.c:
246: isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
248: unsigned char digest[ISC_SHA1_DIGESTLENGTH];
259: isc_sha1_final(sha1ctx, digest);
262: if (sig->length != 2 * ISC_SHA1_DIGESTLENGTH + 1) {
270: dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
271: cp += ISC_SHA1_DIGESTLENGTH;
272: dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
294: status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
Event: Using ISC_SHA1_DIGESTLENGTH in function openssldsa_generate
Message: ./fipscc_nios/bind9/lib/dns/openssldsa_link.c:
360: unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
402: ISC_SHA1_DIGESTLENGTH, NULL, NULL,
413: ISC_SHA1_DIGESTLENGTH, NULL, NULL,
Event: Using ISC_SHA1_DIGESTLENGTH in function openssldsa_todns
Message: ./fipscc_nios/bind9/lib/dns/openssldsa_link.c:
464: dnslen = 1 + (key->key_size * 3)/8 + ISC_SHA1_DIGESTLENGTH;
470: BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH);
471: isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
Event: Using ISC_SHA1_DIGESTLENGTH in function openssldsa_fromdns
Message: ./fipscc_nios/bind9/lib/dns/openssldsa_link.c:
516: if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
521: dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL);
522: isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
535: isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes);
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/dns/validator.c:1827: * it over DNS_DSDIGEST_SHA1.
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/dns/validator.c:1828: * need to ignore DNS_DSDIGEST_SHA1 if a DNS_DSDIGEST_SHA256
Event: BIND sources macro name
Message: ./fipscc_nios/bind9/lib/dns/validator.c:1847: digest_types[DNS_DSDIGEST_SHA1] = 0;
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/dns/validator.c:2179: * it over DNS_DSDIGEST_SHA1.
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/dns/validator.c:2180: * need to ignore DNS_DSDIGEST_SHA1 if a DNS_DSDIGEST_SHA256
Event: BIND sources macro name
Message: ./fipscc_nios/bind9/lib/dns/validator.c:2199: digest_types[DNS_DSDIGEST_SHA1] = 0;
Event: Items of struct parse_map in array map
Message: ./fipscc_nios/bind9/lib/dns/dst_parse.c:
118: {TAG_HMACSHA1_KEY, "Key:"},
119: {TAG_HMACSHA1_BITS, "Bits:"},
Event: Cases of switch (alg) in function check_data
Message: ./fipscc_nios/bind9/lib/dns/dst_parse.c:
356: case DST_ALG_RSASHA1:
357: case DST_ALG_NSEC3RSASHA1:
373: case DST_ALG_HMACSHA1:
374: return (check_hmac_sha(priv, HMACSHA1_NTAGS, alg));
Event: Cases of switch (dst_key_alg(key)) in function dst__privstruct_writefile
Message: ./fipscc_nios/bind9/lib/dns/dst_parse.c:
682: case DST_ALG_RSASHA1:
683: fprintf(fp, "(RSASHA1)\n");
685: case DST_ALG_NSEC3RSASHA1:
686: fprintf(fp, "(NSEC3RSASHA1)\n");
709: case DST_ALG_HMACSHA1:
710: fprintf(fp, "(HMAC_SHA1)\n");
Event: Code in function dst_lib_init2
Message: ./fipscc_nios/bind9/lib/dns/dst_api.c:
207: RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]));
216: RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1],
217: DST_ALG_RSASHA1));
218: RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1],
219: DST_ALG_NSEC3RSASHA1));
239: RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_RSASHA1]));
240: RETERR(dst__pkcs11rsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1]));
Event: Code in function dst_ds_digest_supported
Message: ./fipscc_nios/bind9/lib/dns/dst_api.c:
299: return (ISC_TF(digest_type == DNS_DSDIGEST_SHA1 ||
304: return (ISC_TF(digest_type == DNS_DSDIGEST_SHA1 ||
Event: Cases of switch (key->key_alg) in function dst_key_sigsize
Message: ./fipscc_nios/bind9/lib/dns/dst_api.c:
1254: case DST_ALG_RSASHA1:
1255: case DST_ALG_NSEC3RSASHA1:
1276: case DST_ALG_HMACSHA1:
1277: *n = ISC_SHA1_DIGESTLENGTH;
Event: Cases of switch (key->key_alg) in function issymmetric
Message: ./fipscc_nios/bind9/lib/dns/dst_api.c:
1596: case DST_ALG_RSASHA1:
1597: case DST_ALG_NSEC3RSASHA1:
Event: Check algorithm type in function algorithm_status
Message: ./fipscc_nios/bind9/lib/dns/dst_api.c:
1884: if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 ||
1887: alg == DST_ALG_NSEC3RSASHA1 ||
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/dns/pkcs11dsa_link.c:25:#include <isc/sha1.h>
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/dns/pkcs11dsa_link.c:39: * CKM_DSA_SHA1,
Event: Setting local variable mech in function pkcs11dsa_createctx_sign
Message: ./fipscc_nios/bind9/lib/dns/pkcs11dsa_link.c:79: CK_MECHANISM mech = { CKM_DSA_SHA1, NULL, 0 };
Event: Setting local variable mech in function pkcs11dsa_createctx_verify
Message: ./fipscc_nios/bind9/lib/dns/pkcs11dsa_link.c:210: CK_MECHANISM mech = { CKM_DSA_SHA1, NULL, 0 };
Event: Code in function pkcs11dsa_sign
Message: ./fipscc_nios/bind9/lib/dns/pkcs11dsa_link.c:
385: CK_ULONG siglen = ISC_SHA1_DIGESTLENGTH * 2;
392: if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
398: if (siglen != ISC_SHA1_DIGESTLENGTH * 2)
405: isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
Event: Code in function pkcs11dsa_todns
Message: ./fipscc_nios/bind9/lib/dns/pkcs11dsa_link.c:
749: dnslen = 1 + (key->key_size * 3)/8 + ISC_SHA1_DIGESTLENGTH;
758: memmove(r.base + ISC_SHA1_DIGESTLENGTH - subprime->ulValueLen,
760: isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
Event: Code in function pkcs11dsa_fromdns
Message: ./fipscc_nios/bind9/lib/dns/pkcs11dsa_link.c:
805: if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
812: isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
825: isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes);
842: attr[1].pValue = isc_mem_get(key->mctx, ISC_SHA1_DIGESTLENGTH);
845: memmove(attr[1].pValue, subprime, ISC_SHA1_DIGESTLENGTH);
846: attr[1].ulValueLen = ISC_SHA1_DIGESTLENGTH;
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:36:#include <isc/sha1.h>
Event: Require Assertion in function opensslrsa_createctx
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
134: dctx->key->key_alg == DST_ALG_RSASHA1 ||
135: dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
Event: Cases of switch (dctx->key->key_alg) in function opensslrsa_createctx
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
148: case DST_ALG_RSASHA1:
149: case DST_ALG_NSEC3RSASHA1:
150: type = EVP_sha1(); /* SHA1 + RSA */
Event: Cases of switch (dctx->key->key_alg) in function opensslrsa_createctx
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
186: case DST_ALG_RSASHA1:
187: case DST_ALG_NSEC3RSASHA1:
189: isc_sha1_t *sha1ctx;
191: sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
192: if (sha1ctx == NULL)
194: isc_sha1_init(sha1ctx);
195: dctx->ctxdata.sha1ctx = sha1ctx;
Event: Require Assertion in function opensslrsa_destroyctx
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
237: dctx->key->key_alg == DST_ALG_RSASHA1 ||
238: dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
Event: Cases of switch (dctx->key->key_alg) in function opensslrsa_destroyctx
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
261: case DST_ALG_RSASHA1:
262: case DST_ALG_NSEC3RSASHA1:
264: isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
266: if (sha1ctx != NULL) {
267: isc_sha1_invalidate(sha1ctx);
268: isc_mem_put(dctx->mctx, sha1ctx,
269: sizeof(isc_sha1_t));
270: dctx->ctxdata.sha1ctx = NULL;
Event: Require Assertion in function opensslrsa_adddata
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
311: dctx->key->key_alg == DST_ALG_RSASHA1 ||
312: dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
Event: Cases of switch (dctx->key->key_alg) in function opensslrsa_adddata
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
331: case DST_ALG_RSASHA1:
332: case DST_ALG_NSEC3RSASHA1:
334: isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
336: isc_sha1_update(sha1ctx, data->base, data->length);
Event: Require Assertion in function opensslrsa_sign
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
397: dctx->key->key_alg == DST_ALG_RSASHA1 ||
398: dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
Event: Cases of switch (dctx->key->key_alg) in function opensslrsa_sign
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
427: case DST_ALG_RSASHA1:
428: case DST_ALG_NSEC3RSASHA1:
430: isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
432: isc_sha1_final(sha1ctx, digest);
433: type = NID_sha1;
434: digestlen = ISC_SHA1_DIGESTLENGTH;
Event: Cases of switch (dctx->key->key_alg) in function opensslrsa_sign
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
472: case DST_ALG_RSASHA1:
473: case DST_ALG_NSEC3RSASHA1:
Event: Require Assertion in function opensslrsa_verify2
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
536: dctx->key->key_alg == DST_ALG_RSASHA1 ||
537: dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
Event: Cases of switch (dctx->key->key_alg) in function opensslrsa_verify2
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
575: case DST_ALG_RSASHA1:
576: case DST_ALG_NSEC3RSASHA1:
578: isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
580: isc_sha1_final(sha1ctx, digest);
581: type = NID_sha1;
582: digestlen = ISC_SHA1_DIGESTLENGTH;
Event: Cases of switch (dctx->key->key_alg) in function opensslrsa_verify2
Message: ./fipscc_nios/bind9/lib/dns/opensslrsa_link.c:
623: case DST_ALG_RSASHA1:
624: case DST_ALG_NSEC3RSASHA1:
Event: Code in function compute_cc
Message: ./fipscc_nios/bind9/lib/dns/resolver.c:
2318:#ifdef HMAC_SHA1_SIT
2319: unsigned char digest[ISC_SHA1_DIGESTLENGTH];
2321: isc_hmacsha1_t hmacsha1;
2325: isc_hmacsha1_init(&hmacsha1, query->fctx->res->view->secret,
2326: ISC_SHA1_DIGESTLENGTH);
2330: isc_hmacsha1_update(&hmacsha1,
2334: isc_hmacsha1_update(&hmacsha1,
2338: isc_hmacsha1_sign(&hmacsha1, digest, sizeof(digest));
2340: isc_hmacsha1_invalidate(&hmacsha1);
Event: Case of switch (dst_key_alg(key)) in function dns_tsec_create
Message: ./fipscc_nios/bind9/lib/dns/tsec.c:
71: case DST_ALG_HMACSHA1:
72: algname = dns_tsig_hmacsha1_name;
Event: Check and set algorithm type in function zone_check_dnskeys
Message: ./fipscc_nios/bind9/lib/dns/zone.c:
5247: if ((dnskey.algorithm == DST_ALG_RSASHA1 ||
5252: if (dnskey.algorithm == DST_ALG_RSASHA1) {
5255: algorithm = "RSASHA1";
Event: Check algorithm type in function dnskey_sane
Message: ./fipscc_nios/bind9/lib/dns/zone.c:21643: if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 ||
Event: Check algorithm type in function dns_nsec_nseconly
Message: ./fipscc_nios/bind9/lib/dns/nsec.c:249: dnskey.algorithm == DST_ALG_RSASHA1 ||
Event: Items of enum gssd_etype_t
Message: ./fipscc_nios/bind9/lib/dns/infoblox_gssdiag_counters.h:
16: GSSD_ETYPE_AES128_CTS_HMAC_SHA1_96,
17: GSSD_ETYPE_AES256_CTS_HMAC_SHA1_96,
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/dns/dst_internal.h:45:#include <isc/sha1.h>
Event: Type dst_hmacsha1_key_t definition
Message: ./fipscc_nios/bind9/lib/dns/dst_internal.h:81:typedef struct dst_hmacsha1_key dst_hmacsha1_key_t;
Event: Field in struct dst_key
Message: ./fipscc_nios/bind9/lib/dns/dst_internal.h:125: dst_hmacsha1_key_t *hmacsha1;
Event: Fields of union ctxdata in struct dst_context
Message: ./fipscc_nios/bind9/lib/dns/dst_internal.h:
158: isc_sha1_t *sha1ctx;
162: isc_hmacsha1_t *hmacsha1ctx;
Event: dst__hmacsha1_init function declaration
Message: ./fipscc_nios/bind9/lib/dns/dst_internal.h:228:isc_result_t dst__hmacsha1_init(struct dst_func **funcp);
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/dns/ds.c:28:#include <isc/sha1.h>
Event: Local variable in function dns_ds_buildrdata
Message: ./fipscc_nios/bind9/lib/dns/ds.c:56: isc_sha1_t sha1;
Event: Case of switch (digest_type) in function dns_ds_buildrdata
Message: ./fipscc_nios/bind9/lib/dns/ds.c:
77: case DNS_DSDIGEST_SHA1:
78: isc_sha1_init(&sha1);
80: isc_sha1_update(&sha1, r.base, r.length);
83: isc_sha1_update(&sha1, r.base, r.length);
84: isc_sha1_final(&sha1, digest);
Event: Case of switch (digest_type) in function dns_ds_buildrdata
Message: ./fipscc_nios/bind9/lib/dns/ds.c:
136: case DNS_DSDIGEST_SHA1:
137: ds.length = ISC_SHA1_DIGESTLENGTH;
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/dns/dst_parse.h:54:/* These are used by both RSA-MD5 and RSA-SHA1 */
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/dst_parse.h:94:#define HMACSHA1_NTAGS 2
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/dst_parse.h:95:#define TAG_HMACSHA1_KEY ((DST_ALG_HMACSHA1 << TAG_SHIFT) + 0)
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/dst_parse.h:96:#define TAG_HMACSHA1_BITS ((DST_ALG_HMACSHA1 << TAG_SHIFT) + 1)
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/rcode.c:109: { DNS_KEYALG_RSASHA1, "RSASHA1", 0 }, \
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/rcode.c:110: { DNS_KEYALG_NSEC3RSASHA1, "NSEC3RSASHA1", 0 }, \
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/rcode.c:133: { 1, "SHA-1", 0 }, \
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/rcode.c:139: { DNS_DSDIGEST_SHA1, "SHA-1", 0 }, \
Event: Cases of switch(tsd->etype) in function gssd_format_crypto
Message: ./fipscc_nios/bind9/lib/dns/infoblox_gssdiag.c:
256: case ETYPE_AES128_CTS_HMAC_SHA1_96: etype = "aes128-cts-hmac-sha1-96"; break;
257: case ETYPE_AES256_CTS_HMAC_SHA1_96: etype = "aes256-cts-hmac-sha1-96"; break;
Event: Cases of switch(tsd->etype) in function gssd_end_reporting
Message: ./fipscc_nios/bind9/lib/dns/infoblox_gssdiag.c:
329: GSSD_ETYPE(ETYPE_AES128_CTS_HMAC_SHA1_96);
330: GSSD_ETYPE(ETYPE_AES256_CTS_HMAC_SHA1_96);
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/dns/pkcs11rsa_link.c:25:#include <isc/sha1.h>
Event: Require Assertion in function pkcs11rsa_createctx_sign
Message: ./fipscc_nios/bind9/lib/dns/pkcs11rsa_link.c:
87: key->key_alg == DST_ALG_RSASHA1 ||
88: key->key_alg == DST_ALG_NSEC3RSASHA1 ||
Event: Cases of switch (dctx->key->key_alg) in function pkcs11rsa_createctx_sign
Message: ./fipscc_nios/bind9/lib/dns/pkcs11rsa_link.c:
213: case DST_ALG_RSASHA1:
214: case DST_ALG_NSEC3RSASHA1:
215: mech.mechanism = CKM_SHA1_RSA_PKCS;
Event: Require Assertion in function pkcs11rsa_createctx_verify
Message: ./fipscc_nios/bind9/lib/dns/pkcs11rsa_link.c:
287: key->key_alg == DST_ALG_RSASHA1 ||
288: key->key_alg == DST_ALG_NSEC3RSASHA1 ||
Event: Cases of switch (dctx->key->key_alg) in function pkcs11rsa_createctx_verify
Message: ./fipscc_nios/bind9/lib/dns/pkcs11rsa_link.c:
345: case DST_ALG_RSASHA1:
346: case DST_ALG_NSEC3RSASHA1:
347: mech.mechanism = CKM_SHA1_RSA_PKCS;
Event: Case of switch (hashalg) in function dns_nsec3_buildrdat
Message: ./fipscc_nios/bind9/lib/dns/nsec3.c:
92: case dns_hash_sha1:
93: REQUIRE(hash_length == ISC_SHA1_DIGESTLENGTH); a
Event: Case of switch (hash) in function dns_nsec3_hashlength
Message: ./fipscc_nios/bind9/lib/dns/nsec3.c:
285: case dns_hash_sha1:
286: return(ISC_SHA1_DIGESTLENGTH);
Event: Case of switch (hash) in function dns_nsec3_supportedhash
Message: ./fipscc_nios/bind9/lib/dns/nsec3.c:294: case dns_hash_sha1:
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:43:#include <isc/sha1.h>
Event: Function hmacsha1_fromdns declaration
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:350:static isc_result_t hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data);
Event: struct dst_hmacsha1_key definition
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
352:struct dst_hmacsha1_key {
353: unsigned char key[ISC_SHA1_BLOCK_LENGTH];
Event: Code of function hmacsha1_createctx
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
357:hmacsha1_createctx(dst_key_t *key, dst_context_t *dctx) {
358: isc_hmacsha1_t *hmacsha1ctx;
359: dst_hmacsha1_key_t *hkey = key->keydata.hmacsha1;
361: hmacsha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha1_t));
362: if (hmacsha1ctx == NULL)
364: isc_hmacsha1_init(hmacsha1ctx, hkey->key, ISC_SHA1_BLOCK_LENGTH);
365: dctx->ctxdata.hmacsha1ctx = hmacsha1ctx;
Event: Code of function hmacsha1_destroyctx
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
370:hmacsha1_destroyctx(dst_context_t *dctx) {
371: isc_hmacsha1_t *hmacsha1ctx = dctx->ctxdata.hmacsha1ctx;
373: if (hmacsha1ctx != NULL) {
374: isc_hmacsha1_invalidate(hmacsha1ctx);
375: isc_mem_put(dctx->mctx, hmacsha1ctx, sizeof(isc_hmacsha1_t));
376: dctx->ctxdata.hmacsha1ctx = NULL;
Event: Code of function hmacsha1_adddata
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
381:hmacsha1_adddata(dst_context_t *dctx, const isc_region_t *data) {
382: isc_hmacsha1_t *hmacsha1ctx = dctx->ctxdata.hmacsha1ctx;
384: isc_hmacsha1_update(hmacsha1ctx, data->base, data->length);
Event: Code of function hmacsha1_sign
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
389:hmacsha1_sign(dst_context_t *dctx, isc_buffer_t *sig) {
390: isc_hmacsha1_t *hmacsha1ctx = dctx->ctxdata.hmacsha1ctx;
393: if (isc_buffer_availablelength(sig) < ISC_SHA1_DIGESTLENGTH)
396: isc_hmacsha1_sign(hmacsha1ctx, digest, ISC_SHA1_DIGESTLENGTH);
397: isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH);
Event: Code of function hmacsha1_verify
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
403:hmacsha1_verify(dst_context_t *dctx, const isc_region_t *sig) {
404: isc_hmacsha1_t *hmacsha1ctx = dctx->ctxdata.hmacsha1ctx;
406: if (sig->length > ISC_SHA1_DIGESTLENGTH || sig->length == 0)
409: if (isc_hmacsha1_verify(hmacsha1ctx, sig->base, sig->length))
Event: Code of function hmacsha1_compare
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
416:hmacsha1_compare(const dst_key_t *key1, const dst_key_t *key2) {
417: dst_hmacsha1_key_t *hkey1, *hkey2;
419: hkey1 = key1->keydata.hmacsha1;
420: hkey2 = key2->keydata.hmacsha1;
427: if (isc_safe_memequal(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
Event: Code of function hmacsha1_generate
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
434:hmacsha1_generate(dst_key_t *key, int pseudorandom_ok, void (*callback)(int)) {
438: unsigned char data[ISC_SHA1_BLOCK_LENGTH];
443: if (bytes > ISC_SHA1_BLOCK_LENGTH) {
444: bytes = ISC_SHA1_BLOCK_LENGTH;
445: key->key_size = ISC_SHA1_BLOCK_LENGTH * 8;
448: memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
456: ret = hmacsha1_fromdns(key, &b);
457: memset(data, 0, ISC_SHA1_BLOCK_LENGTH);
Event: Function hmacsha1_isprivate definition
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:463:hmacsha1_isprivate(const dst_key_t *key) {
Event: Code of function hmacsha1_destroy
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
469:hmacsha1_destroy(dst_key_t *key) {
470: dst_hmacsha1_key_t *hkey = key->keydata.hmacsha1;
472: memset(hkey, 0, sizeof(dst_hmacsha1_key_t));
473: isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha1_key_t));
474: key->keydata.hmacsha1 = NULL;
Event: Code of function hmacsha1_todns
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
478:hmacsha1_todns(const dst_key_t *key, isc_buffer_t *data) {
479: dst_hmacsha1_key_t *hkey;
482: REQUIRE(key->keydata.hmacsha1 != NULL);
484: hkey = key->keydata.hmacsha1;
Event: Code of function hmacsha1_fromdns
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
495:hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data) {
496: dst_hmacsha1_key_t *hkey;
499: isc_sha1_t sha1ctx;
505: hkey = isc_mem_get(key->mctx, sizeof(dst_hmacsha1_key_t));
511: if (r.length > ISC_SHA1_BLOCK_LENGTH) {
512: isc_sha1_init(&sha1ctx);
513: isc_sha1_update(&sha1ctx, r.base, r.length);
514: isc_sha1_final(&sha1ctx, hkey->key);
515: keylen = ISC_SHA1_DIGESTLENGTH;
522: key->keydata.hmacsha1 = hkey;
Event: Code of function hmacsha1_tofile
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
530:hmacsha1_tofile(const dst_key_t *key, const char *directory) {
532: dst_hmacsha1_key_t *hkey;
537: if (key->keydata.hmacsha1 == NULL)
543: hkey = key->keydata.hmacsha1;
545: priv.elements[cnt].tag = TAG_HMACSHA1_KEY;
551: priv.elements[cnt].tag = TAG_HMACSHA1_BITS;
Event: Code of function hmacsha1_parse
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
560:hmacsha1_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
569: result = dst__privstruct_parse(key, DST_ALG_HMACSHA1, lexer, mctx,
580: case TAG_HMACSHA1_KEY:
584: tresult = hmacsha1_fromdns(key, &b);
588: case TAG_HMACSHA1_BITS:
Event: hmacsha1_functions - instance of struct dst_func_t /* Context functions */
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
603:static dst_func_t hmacsha1_functions = {
604: hmacsha1_createctx,
606: hmacsha1_destroyctx,
607: hmacsha1_adddata,
608: hmacsha1_sign,
609: hmacsha1_verify,
612: hmacsha1_compare,
614: hmacsha1_generate,
615: hmacsha1_isprivate,
616: hmacsha1_destroy,
617: hmacsha1_todns,
618: hmacsha1_fromdns,
619: hmacsha1_tofile,
620: hmacsha1_parse,
Event: Code of function dst__hmacsha1_init
Message: ./fipscc_nios/bind9/lib/dns/hmac_link.c:
628:dst__hmacsha1_init(dst_func_t **funcp) {
631: *funcp = &hmacsha1_functions;
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/dlv_32769.c:26:#include <isc/sha1.h>
Event: Case of switch (c) /*Digest*/ in function fromtext_dlv
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/dlv_32769.c:
79: case DNS_DSDIGEST_SHA1:
80: length = ISC_SHA1_DIGESTLENGTH;
Event: Check and copy digest lengths if we know them in function fromwire_dlv
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/dlv_32769.c:
173: (sr.base[3] == DNS_DSDIGEST_SHA1 &&
174: sr.length < 4 + ISC_SHA1_DIGESTLENGTH) ||
190: if (sr.base[3] == DNS_DSDIGEST_SHA1)
191: sr.length = 4 + ISC_SHA1_DIGESTLENGTH;
Event: Case of switch (dlv->digest_type) in function fromstruct_dlv
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/dlv_32769.c:
243: case DNS_DSDIGEST_SHA1:
244: REQUIRE(dlv->length == ISC_SHA1_DIGESTLENGTH);
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/cds_59.c:24:#include <isc/sha1.h>
Event: Case of switch (c) in function fromtext_cds
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/cds_59.c:
74: case DNS_DSDIGEST_SHA1:
75: length = ISC_SHA1_DIGESTLENGTH;
Event: Check and copy digest lengths if we know them in function fromwire_cds
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/cds_59.c:
168: (sr.base[3] == DNS_DSDIGEST_SHA1 &&
169: sr.length < 4 + ISC_SHA1_DIGESTLENGTH) ||
185: if (sr.base[3] == DNS_DSDIGEST_SHA1)
186: sr.length = 4 + ISC_SHA1_DIGESTLENGTH;
Event: Case of switch (ds->digest_type) in function fromstruct_cds
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/cds_59.c:
238: case DNS_DSDIGEST_SHA1:
239: REQUIRE(ds->length == ISC_SHA1_DIGESTLENGTH);
Event: Require Assertion
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/nsec3_50.c:357: REQUIRE(nsec3->hash == dns_hash_sha1);
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/ds_43.c:28:#include <isc/sha1.h>
Event: Case of switch (c) in function fromtext_ds
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/ds_43.c:
78: case DNS_DSDIGEST_SHA1:
79: length = ISC_SHA1_DIGESTLENGTH;
Event: Check and copy digest lengths if we know them in function fromwire_ds
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/ds_43.c:
172: (sr.base[3] == DNS_DSDIGEST_SHA1 &&
173: sr.length < 4 + ISC_SHA1_DIGESTLENGTH) ||
189: if (sr.base[3] == DNS_DSDIGEST_SHA1)
190: sr.length = 4 + ISC_SHA1_DIGESTLENGTH;
Event: Case of switch (ds->digest_type) in function fromstruct_ds
Message: ./fipscc_nios/bind9/lib/dns/rdata/generic/ds_43.c:
242: case DNS_DSDIGEST_SHA1:
243: REQUIRE(ds->length == ISC_SHA1_DIGESTLENGTH);
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/include/dst/dst.h:59:#define DST_ALG_RSASHA1 5
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/include/dst/dst.h:61:#define DST_ALG_NSEC3RSASHA1 7
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/include/dst/dst.h:69:#define DST_ALG_HMACSHA1 161 /* XXXMPA */
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/include/dns/ds.h:27:#define DNS_DSDIGEST_SHA1 (1)
Event: BIND sources: part (name dns_hash_sha1) of enumerated type dns_hash_t being defined
Message: ./fipscc_nios/bind9/lib/dns/include/dns/types.h:170: dns_hash_sha1 = 1
Event: BIND sources comment
Message: ./fipscc_nios/bind9/lib/dns/include/dns/nsec3.h:44: * Test "unknown" algorithm. Is mapped to dns_hash_sha1.
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/include/dns/keyvalues.h:69:#define DNS_KEYALG_RSASHA1 5
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/include/dns/keyvalues.h:70:#define DNS_KEYALG_NSEC3RSASHA1 7
Event: BIND sources: external type declaration
Message: ./fipscc_nios/bind9/lib/dns/include/dns/tsig.h:45:LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_tsig_hmacsha1_name;
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/lib/dns/include/dns/tsig.h:46:#define DNS_TSIG_HMACSHA1_NAME dns_tsig_hmacsha1_name
Event: BIND sources comment
Message: ./fipscc_nios/bind9/config.h.in:467:/* Use HMAC-SHA1 for Source Identity Token generation */
Event: BIND sources: clear definition of HMAC_SHA1_SIT
Message: ./fipscc_nios/bind9/config.h.in:468:#undef HMAC_SHA1_SIT
Event: BIND sources comment
Message: ./fipscc_nios/bind9/config.h.win32:366:/* Use HMAC-SHA1 for Source Identity Token generation */
Event: BIND sources: literal in Win32 configuration file
Message: ./fipscc_nios/bind9/config.h.win32:367:@HMAC_SHA1_SIT@
Event: BIND configure script argument help
Message: ./fipscc_nios/bind9/configure.in:1377: [ --with-sit-alg=ALG choose the algorithm for SIT [[aes|sha1|sha256]]],
Event: BIND configure script internal variable set with "sha-1" literal
Message: ./fipscc_nios/bind9/configure.in:1384: with_sit_alg="sha1"
Event: BIND configure script internal variable value check
Message: ./fipscc_nios/bind9/configure.in:1845: sha1)
Event: BIND configure script parameter set
Message: ./fipscc_nios/bind9/configure.in:1850: AC_MSG_RESULT(sha1)
Event: BIND configure script parameter definition
Message: ./fipscc_nios/bind9/configure.in:1858: AC_DEFINE(HMAC_SHA1_SIT, 1,
Event: BIND configure script parameter definition
Message: ./fipscc_nios/bind9/configure.in:1859: [Use HMAC-SHA1 for Source Identity Token generation])
Event: BIND configure script help string
Message: ./fipscc_nios/bind9/win32utils/Configure:369: "HMAC_SHA1_SIT", literal
Event: BIND configure script help literal
Message: ./fipscc_nios/bind9/win32utils/Configure:556:" with-sit-alg choose the algorithm for SIT aes|sha1|sha256\n",
Event: BIND configure script literal in IF-statement to define the configuration
Message: ./fipscc_nios/bind9/win32utils/Configure:1865: if ($sit_algorithm eq "sha1") {
Event: BIND configure script literal in IF-statement to define the configuration
Message: ./fipscc_nios/bind9/win32utils/Configure:1866: $configdefh{"HMAC_SHA1_SIT"} = 1;
Event: BIND documentation
Message: ./fipscc_nios/bind9/doc/rfc/index:70:3110: RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)
Event: BIND documentation
Message: ./fipscc_nios/bind9/doc/misc/SIT:73:HMAC SHA1
Event: BIND documentation
Message: ./fipscc_nios/bind9/doc/misc/SIT:75: hash = trunc(hmacsha1(secret, client|nonce|when|address), 8);
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/contrib/dnsperf-2.1.0.0-1/dns.c:79:#define TSIG_HMACSHA1_NAME "\011hmac-sha1"
Event: Item of enum hmac_type_t
Message: ./fipscc_nios/bind9/contrib/dnsperf-2.1.0.0-1/dns.c:87: TSIG_HMACSHA1,
Event: Item of union hmac_ctx_t
Message: ./fipscc_nios/bind9/contrib/dnsperf-2.1.0.0-1/dns.c:96: isc_hmacsha1_t hmacsha1;
Event: Check algorithm type and set key in function perf_dns_parsetsigkey
Message: ./fipscc_nios/bind9/contrib/dnsperf-2.1.0.0-1/dns.c:
244: } else if (strncasecmp(alg, "hmac-sha1:", 10) == 0) {
245: SET_KEY(tsigkey, SHA1);
Event: Case of switch (tsigkey->hmactype) in function hmac_init
Message: ./fipscc_nios/bind9/contrib/dnsperf-2.1.0.0-1/dns.c:
342: case TSIG_HMACSHA1:
343: isc_hmacsha1_init(&ctx->hmacsha1, secret, length);
Event: Case of switch (tsigkey->hmactype) in function hmac_update
Message: ./fipscc_nios/bind9/contrib/dnsperf-2.1.0.0-1/dns.c:
368: case TSIG_HMACSHA1:
369: isc_hmacsha1_update(&ctx->hmacsha1, data, length);
Event: Case of switch (tsigkey->hmactype) in function hmac_sign
Message: ./fipscc_nios/bind9/contrib/dnsperf-2.1.0.0-1/dns.c:
394: case TSIG_HMACSHA1:
395: isc_hmacsha1_sign(&ctx->hmacsha1, digest, digestlen);
Event: BIND sources comment
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/zconf.h:70:/* # define KSK_ALGO (DK_ALGO_RSASHA1) KSK_ALGO renamed to KEY_ALGO (v0.99) */
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/zconf.h:71:# define KEY_ALGO (DK_ALGO_RSASHA1) /* general KEY_ALGO used for both ksk and zsk */
Event: BIND sources comment
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/zconf.h:75:/* # define ZSK_ALGO (DK_ALGO_RSASHA1) ZSK_ALGO has to be the same as KSK, so this is no longer used (v0.99) */
Event: Check algorithm type in function dki_new which creates new keyfile
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/dki.c:255: if ( algo == DK_ALGO_RSA || algo == DK_ALGO_RSASHA1 || algo == DK_ALGO_RSASHA256 || algo == DK_ALGO_RSASHA512 )
Event: Cases of switch ( algo ) in function dki_algo2str which returns a string describing the key algorithm
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/dki.c:
632: case DK_ALGO_RSASHA1: return ("RSASHA1");
634: case DK_ALGO_NSEC3RSASHA1: return ("NSEC3RSASHA1");
Event: Cases of switch ( algo ) in function dki_algo2sstr which returns a short string describing the key algorithm
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/dki.c:
653: case DK_ALGO_RSASHA1: return ("RSASHA1");
655: case DK_ALGO_NSEC3RSASHA1: return ("N3RSA1");
Event: Code in function genkey which generates a DNSKEY key
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/rollover.c:
103: if ( confalgo == DK_ALGO_RSASHA1 )
104: algo = DK_ALGO_NSEC3RSASHA1;
Event: Code in case CONF_ALGO of switch ( c->type ) in function parseconfigline
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/zconf.c:
430: strcasecmp (val, "rsasha1") == 0 )
431: *((int *)c->var) = DK_ALGO_RSASHA1;
437: strcasecmp (val, "nsec3rsasha1") == 0 ||
438: strcasecmp (val, "n3rsasha1") == 0 )
439: *((int *)c->var) = DK_ALGO_NSEC3RSASHA1;
Event: BIND dnssec config example
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/views/dnssec-intern.conf:22:KSK_algo: RSASHA1 # (Algorithm ID 5)
Event: BIND dnssec config example
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/views/dnssec-intern.conf:26:ZSK_algo: RSASHA1 # (Algorithm ID 5)
Event: BIND dnsec config example
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/views/dnssec-extern.conf:22:KSK_algo: RSASHA1 # (Algorithm ID 5)
Event: BIND dnsec config example
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/views/dnssec-extern.conf:26:ZSK_algo: RSASHA1 # (Algorithm ID 5)
Event: BIND dnssec config example
Message:./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf:10:key_algo RSASHA1
Event: BIND dnssec config example
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/hierarchical/dnssec.conf:21:Key_Algo: RSASHA1 # (Algorithm ID 5)
Event: Comment in BIND dnssec zone key tool example
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/flat/sub.example.net/zone.db.signed:39: ) ; ZSK; alg = NSEC3RSASHA1; key id = 6419
Event: Comment in BIND dnssec zone key tool example
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/flat/sub.example.net/zone.db.signed:60: ) ; KSK; alg = NSEC3RSASHA1; key id = 33936
Event: Comment in BIND dnssec zone key tool example
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/flat/sub.example.net/dnskey.db:17:; sub.example.net. tag=33936 algo=NSEC3RSASHA1 generated Nov 14 2014 18:11:13
Event: Comment in BIND dnssec zone key tool example
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/flat/sub.example.net/dnskey.db:34:; sub.example.net. tag=6419 algo=NSEC3RSASHA1 generated Nov 14 2014 18:11:13
Event: Comment in BIND dnssec zone key tool example
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/flat/keysets/keyset-sub.example.net.:8: ) ; KSK; alg = NSEC3RSASHA1; key id = 33936
Event: BIND dnssec zone key tool config example
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/examples/flat/dyn.example.net/dnssec.conf:1:Key_Algo: NSEC3RSASHA1 # (Algorithm ID 7)
Event: BIND sources: in the function sign_zone(): a macro usage which has SHA1 in its name to determine configured algorithm in if block
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/zkt-signer.c:883: if ( conf->k_algo == DK_ALGO_NSEC3DSA || conf->k_algo == DK_ALGO_NSEC3RSASHA1 ||
Event: BIND dnssec zone key tool changelog
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/CHANGELOG:61:* bug If nsec3 is turned on and KeyAlgo (or AddKeyAlgo) is RSHASHA1
Event: BIND dnssec zone key tool changelog
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/CHANGELOG:62: or DSA, genkey() uses algorithm type NSECRSASHA1 or NSEC3DSA instead.
Event: BIND dnssec zone key tool sources define
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/dki.h:62:# define DK_ALGO_RSASHA1 5 /* RFC3110 */
Event: BIND dnssec zone key tool sources define
Message: ./fipscc_nios/bind9/contrib/zkt-1.1.3/dki.h:64:# define DK_ALGO_NSEC3RSASHA1 7 /* symlink to alg 5 RFC5155 */
Event: BIND configure script help
Message: ./fipscc_nios/bind9/configure:1765: --with-sit-alg=ALG choose the algorithm for SIT [aes|sha1|sha256]
Event: BIND configure script
Message: ./fipscc_nios/bind9/configure:19940: with_sit_alg="sha1"
Event: BIND configure script literal
Message: ./fipscc_nios/bind9/configure:20970: sha1)
Event: BIND configure script literal
Message: ./fipscc_nios/bind9/configure:20977: { $as_echo "$as_me:$LINENO: result: sha1" >&5
Event: BIND configure script literal
Message: ./fipscc_nios/bind9/configure:20978:$as_echo "sha1" >&6; }
Event: BIND configure script define
Message: ./fipscc_nios/bind9/configure:20988:#define HMAC_SHA1_SIT 1
Event: BIND changelog
Message: ./fipscc_nios/bind9/CHANGES:1943:3562. [func] Update map file header format to include a SHA-1 hash
Event: BIND changelog
Message: ./fipscc_nios/bind9/CHANGES:2061: hmac-sha1, -sha224, -sha256, -sha384, and -sha512.
Event: BIND changelog
Message: ./fipscc_nios/bind9/CHANGES:3334: for the hashing algorithms (md5, sha1 - sha512,
Event: BIND changelog
Message: ./fipscc_nios/bind9/CHANGES:4837: (i.e., RSASHA1, or NSEC3RSASHA1 if -3 is used).
Event: BIND changelog
Message: ./fipscc_nios/bind9/CHANGES:5164: generate a 1024-bit RSASHA1 zone-signing key,
Event: BIND changelog
Message: ./fipscc_nios/bind9/CHANGES:5165: or with the -f KSK option, a 2048-bit RSASHA1
Event: BIND changelog
Message: ./fipscc_nios/bind9/CHANGES:6425:2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
Event: BIND changelog
Message: ./fipscc_nios/bind9/CHANGES:7199:1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384
Event: BIND changelog
Message: ./fipscc_nios/bind9/CHANGES:10111: 997. [func] Add support for RSA-SHA1 keys (RFC3110).
Event: Code in function parse_hmac which parses HMAC algorithm specification
Message: ./fipscc_nios/bind9/bin/dig/dighost.c:
1196: } else if (strcasecmp(buf, "hmac-sha1") == 0) {
1197: hmacname = DNS_TSIG_HMACSHA1_NAME;
1199: } else if (strncasecmp(buf, "hmac-sha1-", 10) == 0) {
1200: hmacname = DNS_TSIG_HMACSHA1_NAME;
Event: Case of switch (dst_key_alg(dstkey)) in function setup_file_key
Message: ./fipscc_nios/bind9/bin/dig/dighost.c:
1312: case DST_ALG_HMACSHA1:
1313: hmacname = DNS_TSIG_HMACSHA1_NAME;
Event: BIND sources include file named sha1.h
Message: ./fipscc_nios/bind9/bin/tools/isc-hmac-fixup.c:26:#include <isc/sha1.h>
Event: Part of usage code in function main
Message: ./fipscc_nios/bind9/bin/tools/isc-hmac-fixup.c:44: fprintf(stderr, "\talgorithm: (MD5 | SHA1 | SHA224 | "
Event: Code in function main
Message: ./fipscc_nios/bind9/bin/tools/isc-hmac-fixup.c:
68: } else if (!strcasecmp(argv[1], "sha1") ||
69: !strcasecmp(argv[1], "hmac-sha1")) {
70: if (r.length > ISC_SHA1_DIGESTLENGTH) {
71: isc_sha1_t sha1ctx;
72: isc_sha1_init(&sha1ctx);
73: isc_sha1_update(&sha1ctx, r.base, r.length);
74: isc_sha1_final(&sha1ctx, key);
77: r.length = ISC_SHA1_DIGESTLENGTH;
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/tools/nsec3hash.docbook:80: only supported hash algorithm for NSEC3 is SHA-1,
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/tools/isc-hmac-fixup.docbook:58: hash algorithm (i.e., SHA1 keys longer than 160 bits, SHA256 keys
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/tools/isc-hmac-fixup.docbook:73: for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512),
Event: BIND manual for isc-hmac-fixup (i.e. man 8 isc-hmac-fixup)
Message: ./fipscc_nios/bind9/bin/tools/isc-hmac-fixup.8:
38:Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC\-SHA* TSIG keys which were longer than the digest length of the hash algorithm (i.e., SHA1 keys longer than 160 bits, SHA256 keys longer than 256 bits, etc) to be used incorrectly, generating a message authentication code that was incompatible with other DNS implementations.
46:and specify the key's algorithm and secret on the command line. If the secret is longer than the digest length of the algorithm (64 bytes for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a new secret will be generated consisting of a hash digest of the old secret. (If the secret did not require conversion, then it will be printed without modification.)
Event: BIND manual for rndc-confgen (i.e. man 8 rndc-confgen)
Message: ./fipscc_nios/bind9/bin/confgen/rndc-confgen.8:108:Specifies the algorithm to use for the TSIG key. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac\-sha512. The default is hmac\-md5.
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/confgen/rndc-confgen.docbook:138: choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/confgen/ddns-confgen.docbook:115: choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
Event: Cases of switch (alg) in function alg_totext which converts algorithm type to string
Message: ./fipscc_nios/bind9/bin/confgen/keygen.c:
52: case DST_ALG_HMACSHA1:
53: return "hmac-sha1";
Event: Code in function alg_fromtext which converts string to algorithm type
Message: ./fipscc_nios/bind9/bin/confgen/keygen.c:
78: if (strcasecmp(p, "sha1") == 0)
79: return DST_ALG_HMACSHA1;
Event: Case of switch (alg) in function alg_bits which returns default keysize for a given algorithm type
Message: ./fipscc_nios/bind9/bin/confgen/keygen.c:99: case DST_ALG_HMACSHA1:
Event: Case of switch (alg) in function generate_key which generates a key of size 'keysize'
Message: ./fipscc_nios/bind9/bin/confgen/keygen.c:133: case DST_ALG_HMACSHA1:
Event: BIND manual for ddns-confgen (i.e. man 8 ddns-confgen)
Message: ./fipscc_nios/bind9/bin/confgen/ddns-confgen.8:75:Specifies the algorithm to use for the TSIG key. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac \-sha512. The default is hmac\-sha256. Options are case\-insensitive, and the "hmac\-" prefix may be omitted.
Event: diff -u openssl/Configure:1.9.2.1.2.1.4.1.2.1 openssl/Configure:1.11.2.2
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:220:+ AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
Event: diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.30.4.2
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:
1127:+ PK11_SHA1,
1216:+ {PK11_SHA1, NID_sha1, CKM_SHA_1, },
1486:+static const EVP_MD pk11_sha1 =
1488:+ NID_sha1,
1489:+ NID_sha1WithRSAEncryption,
3691:+ case NID_sha1:
3692:+ *digest = &pk11_sha1;
Event: diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.38.2.3
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:
6108:+/* Size of an SSL signature: MD5+SHA1 */
6670:+ if (type == NID_md5_sha1)
6715:+ if (type != NID_md5_sha1)
6764:+ if ((type != NID_md5_sha1) && (s != NULL))
6799:+ if (type == NID_md5_sha1)
6842:+ if (type != NID_md5_sha1)
6889:+ if ((type != NID_md5_sha1) && (s != NULL))
Event: diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.8.2.2
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:
11395:+/* Size of an SSL signature: MD5+SHA1 */
11425:+ if (type == NID_md5_sha1)
11470:+ if (type != NID_md5_sha1)
11519:+ if ((type != NID_md5_sha1) && (s != NULL))
Event: BIND sources comment
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14538:+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14542:+#define CKM_SHA1_RSA_PKCS 0x00000006
Event: BIND sources comment
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14550:+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
Event: BIND sources comment
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14551:+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14554:+#define CKM_SHA1_RSA_X9_31 0x0000000C
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14556:+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14560:+#define CKM_DSA_SHA1 0x00000012
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14746:+#define CKM_SSL3_SHA1_MAC 0x00000381
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14749:+#define CKM_SHA1_KEY_DERIVATION 0x00000392
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14765:+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14766:+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14767:+#define CKM_PBE_SHA1_RC4_128 0x000003A6
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14768:+#define CKM_PBE_SHA1_RC4_40 0x000003A7
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14769:+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14770:+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14771:+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14772:+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14777:+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:14848:+#define CKM_ECDSA_SHA1 0x00001042 Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:15187:+#define CKG_MGF1_SHA1 0x00000001
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:15234:+#define CKD_SHA1_KDF 0x00000002
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:15291:+#define CKD_SHA1_KDF_ASN1 0x00000003
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:15292:+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.0o-patch:15666:+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
Event: diff -u /dev/null openssl/README.pkcs11:1.8
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:220:+ AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
Event: diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.33
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:
1103:+ PK11_SHA1,
1189:+ {PK11_SHA1, NID_sha1, CKM_SHA_1, },
1452:+static const EVP_MD pk11_sha1 =
1454:+ NID_sha1,
1455:+ NID_sha1WithRSAEncryption,
3640:+ case NID_sha1:
3641:+ *digest = &pk11_sha1;
Event: diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.42
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:
6003:+/* Size of an SSL signature: MD5+SHA1 */
6565:+ if (type == NID_md5_sha1)
6610:+ if (type != NID_md5_sha1)
6659:+ if ((type != NID_md5_sha1) && (s != NULL))
6694:+ if (type == NID_md5_sha1)
6737:+ if (type != NID_md5_sha1)
6784:+ if ((type != NID_md5_sha1) && (s != NULL))
Event: diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.10
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:
11290:+/* Size of an SSL signature: MD5+SHA1 */
11320:+ if (type == NID_md5_sha1)
11365:+ if (type != NID_md5_sha1)
11414:+ if ((type != NID_md5_sha1) && (s != NULL))
Event: BIND sources comment
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14433:+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14437:+#define CKM_SHA1_RSA_PKCS 0x00000006
Event: BIND sources comment
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14445:+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
Event: BIND sources comment
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14446:+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14449:+#define CKM_SHA1_RSA_X9_31 0x0000000C
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14451:+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14455:+#define CKM_DSA_SHA1 0x00000012
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14641:+#define CKM_SSL3_SHA1_MAC 0x00000381
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14644:+#define CKM_SHA1_KEY_DERIVATION 0x00000392
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14660:+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14661:+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14662:+#define CKM_PBE_SHA1_RC4_128 0x000003A6
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14663:+#define CKM_PBE_SHA1_RC4_40 0x000003A7
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14664:+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14665:+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14666:+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14667:+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14672:+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:14743:+#define CKM_ECDSA_SHA1 0x00001042
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:15082:+#define CKG_MGF1_SHA1 0x00000001
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:15129:+#define CKD_SHA1_KDF 0x00000002
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:15186:+#define CKD_SHA1_KDF_ASN1 0x00000003
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:15187:+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-1.0.1j-patch:15561:+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
Event: BIND sources comment
Message: ./fipscc_nios/bind9/bin/pkcs11/pkcs11-keygen.8:50:can be specified as a DNSSEC signing algorithm that will be used with this key; for example, NSEC3RSASHA1 maps to RSA, and ECDSAP256SHA256 maps to ECC. The default class is "RSA".
Event: BIND sources comment
Message: ./fipscc_nios/bind9/bin/pkcs11/pkcs11-keygen.c:231: * NSEC3RSASHA1 maps to RSA.
Event: diff -u /dev/null openssl/README.pkcs11:1.6.4.2
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:220:+ AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
Event: diff -u /dev/null openssl/crypto/engine/hw_pk11.c:1.26.4.4
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:
1146:+ PK11_SHA1,
1235:+ {PK11_SHA1, NID_sha1, CKM_SHA_1, },
1505:+static const EVP_MD pk11_sha1 =
1507:+ NID_sha1,
1508:+ NID_sha1WithRSAEncryption,
3710:+ case NID_sha1:
3711:+ *digest = &pk11_sha1;
Event: diff -u /dev/null openssl/crypto/engine/hw_pk11_pub.c:1.32.4.7
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:
6127:+/* Size of an SSL signature: MD5+SHA1 */
6689:+ if (type == NID_md5_sha1)
6734:+ if (type != NID_md5_sha1)
6783:+ if ((type != NID_md5_sha1) && (s != NULL))
6818:+ if (type == NID_md5_sha1)
6861:+ if (type != NID_md5_sha1)
6908:+ if ((type != NID_md5_sha1) && (s != NULL))
Event: diff -u /dev/null openssl/crypto/engine/hw_pk11so_pub.c:1.2.4.6
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:
11414:+/* Size of an SSL signature: MD5+SHA1 */
11444:+ if (type == NID_md5_sha1)
11489:+ if (type != NID_md5_sha1)
11538:+ if ((type != NID_md5_sha1) && (s != NULL))
Event: BIND sources comment
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:14557:+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:14561:+#define CKM_SHA1_RSA_PKCS 0x00000006
Event: BIND sources comment
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:14569:+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
Event: BIND sources: a literal in comments in the patch file openssl-0.9.8zc-patch
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:14570:+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:14573:+#define CKM_SHA1_RSA_X9_31 0x0000000C
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:14789:+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9 BIND sources macro definition
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:14790:+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:14791:+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:14796:+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:14867:+#define CKM_ECDSA_SHA1 0x00001042
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:15206:+#define CKG_MGF1_SHA1 0x00000001
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:15253:+#define CKD_SHA1_KDF 0x00000002 BIND sources macro definition
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:15310:+#define CKD_SHA1_KDF_ASN1 0x00000003
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:15311:+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/pkcs11/openssl-0.9.8zc-patch:15685:+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/pkcs11/pkcs11-keygen.docbook:81: example, NSEC3RSASHA1 maps to RSA, and ECDSAP256SHA256 maps
Event: Code in function check_dnssec
Message: ./fipscc_nios/bind9/bin/named/update.c:2284: if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 ||
Event: Code in function dstkey_fromconfig
Message: ./fipscc_nios/bind9/bin/named/server.c:795: if ((keystruct.algorithm == DST_ALG_RSASHA1 ||
Event: Code in function load_configuration
Message: ./fipscc_nios/bind9/bin/named/server.c:
8172:#ifdef HMAC_SHA1_SIT
8173: if (isc_buffer_usedlength(&b) != ISC_SHA1_DIGESTLENGTH)
8175: "SHA1 sit-secret must be on 160 bits");
Event: Code in function compute_sit
Message: ./fipscc_nios/bind9/bin/named/client.c:
2460:#ifdef HMAC_SHA1_SIT
2461: unsigned char digest[ISC_SHA1_DIGESTLENGTH];
2464: isc_hmacsha1_t hmacsha1;
2471: isc_hmacsha1_init(&hmacsha1,
2473: ISC_SHA1_DIGESTLENGTH);
2474: isc_hmacsha1_update(&hmacsha1, cp, 16);
2478: isc_hmacsha1_update(&hmacsha1,
2482: isc_hmacsha1_update(&hmacsha1,
2486: isc_hmacsha1_update(&hmacsha1, client->cookie, sizeof(client->cookie));
2487: isc_hmacsha1_sign(&hmacsha1, digest, sizeof(digest));
2489: isc_hmacsha1_invalidate(&hmacsha1);
Event: Items of enum hmac inside struct keyalgorithms
Message: ./fipscc_nios/bind9/bin/named/config.c:1148: enum { hmacnone, hmacmd5, hmacsha1, hmacsha224,
Event: Item of array algorithms of structs keyalgorithms
Message: ./fipscc_nios/bind9/bin/named/config.c:1156: { "hmac-sha1", hmacsha1, DST_ALG_HMACSHA1, 160 },
Event: Case of switch (algorithms[i].hmac) in function ns_config_getkeyalgorithm2
Message: ./fipscc_nios/bind9/bin/named/config.c:1231: case hmacsha1: *name = dns_tsig_hmacsha1_name; break;
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/nsupdate/nsupdate.docbook:166: hmac-sha1, hmac-sha224,
Event: BIND manual for nsupdate (i.e. man 1 nsupdate)
Message: ./fipscc_nios/bind9/bin/nsupdate/nsupdate.1:104:hmac\-sha1,
Event: Code in function parse_hmac
Message: ./fipscc_nios/bind9/bin/nsupdate/nsupdate.c:
477: } else if (strcasecmp(buf, "hmac-sha1") == 0) {
478: *hmac = DNS_TSIG_HMACSHA1_NAME;
479: } else if (strncasecmp(buf, "hmac-sha1-", 10) == 0) {
480: *hmac = DNS_TSIG_HMACSHA1_NAME;
Event: Case of switch (dst_key_alg(dstkey))in function setup_keyfile
Message: ./fipscc_nios/bind9/bin/nsupdate/nsupdate.c:
702: case DST_ALG_HMACSHA1:
703: hmacname = DNS_TSIG_HMACSHA1_NAME;
Event: BIND manual for rndc (i.e. man 8 rndc)
Message: ./fipscc_nios/bind9/bin/rndc/rndc.8:50:\fBnamed\fR, the only supported authentication algorithms are HMAC\-MD5 (for compatibility), HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256 (default), HMAC\-SHA384 and HMAC\-SHA512. They use a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
Event: Code in function parse_config
Message: ./fipscc_nios/bind9/bin/rndc/rndc.c:
609: else if (strcasecmp(algorithmstr, "hmac-sha1") == 0)
610: algorithm = ISCCC_ALG_HMACSHA1;
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/rndc/rndc.docbook:85: (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/rndc/rndc.docbook:718: is 1, representing SHA-1.
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/rndc/rndc.docbook:733: the SHA-1 hash algorithm, no opt-out flag,
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/rndc/rndc.conf.docbook:125: (for compatibility), HMAC-SHA1, HMAC-SHA224, HMAC-SHA256
Event: BIND manual for rndc.conf (i.e. man 5 rndc.conf)
Message: ./fipscc_nios/bind9/bin/rndc/rndc.conf.5:103:to use; currently only HMAC\-MD5 (for compatibility), HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256 (default), HMAC\-SHA384 and HMAC\-SHA512 are supported. This is followed by a secret clause which contains the base\-64 encoding of the algorithm's authentication key. The base\-64 string is enclosed in double quotes.
Event: BIND sources, variable (Python dict) with hash algorithms gets initialized
Message: ./fipscc_nios/bind9/bin/python/dnssec-checkds.py.in:60: hashalgs = {1: 'SHA-1', 2: 'SHA-256', 3: 'GOST', 4: 'SHA-384' }
Event: BIND sources, variable (Python dict) with hash algorithms gets initialized
Message: ./fipscc_nios/bind9/bin/python/dnssec-checkds.py.in:110: hashalgs = {1: 'SHA-1', 2: 'SHA-256', 3: 'GOST', 4: 'SHA-384' }
Event: BIND sources, variable (Python tuple) with mnemonic names for algorithms gets initialized
Message: ./fipscc_nios/bind9/bin/python/dnssec-coverage.py.in:437: names = (None, 'RSAMD5', 'DH', 'DSA', 'ECC', 'RSASHA1',
Event: BIND sources, variable (Python tuple) with mnemonic names for algorithms gets initialized
Message: ./fipscc_nios/bind9/bin/python/dnssec-coverage.py.in:438: 'NSEC3DSA', 'NSEC3RSASHA1', 'RSASHA256', None,
Event: BIND manual for dnssec-dsfromkey (i.e. man 8 dnssec-dsfromkey)
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-dsfromkey.8:60:must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384). These values are case insensitive.
Event: Argument in call dns_ds_buildrdata in function loadds
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-signzone.c:1093: result = dns_ds_buildrdata(name, &key, DNS_DSDIGEST_SHA1,
Event: Code in function addnsec3param
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-signzone.c:2033: nsec3param.hash = unknownalg ? DNS_NSEC3_UNKNOWNALG : dns_hash_sha1;
Event: Code in function addnsec3
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-signzone.c:
2099: name, gorigin, dns_hash_sha1, iterations,
2105: DNS_NSEC3_UNKNOWNALG : dns_hash_sha1,
2108: nexthash, ISC_SHA1_DIGESTLENGTH,
Event: Argument in call dns_nsec3_hashname in function set_nsec3params
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-signzone.c:3156: gorigin, gorigin, dns_hash_sha1,
Event: Argument in call dns_ds_buildrdata in function writeset
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-signzone.c:3298: DNS_DSDIGEST_SHA1,
Event: Argument in call nsec3ify in function nsec3ify
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-signzone.c:3545: nsec3ify(dns_hash_sha1, nsec3iter, gsalt, salt_length,
Event: Argument in call dns_nsec3_hashlength in function main
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-signzone.c:4463: hash_length = dns_nsec3_hashlength(dns_hash_sha1);
Event: Argument in call nsec3ify in function main
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-signzone.c:4531: nsec3ify(dns_hash_sha1, nsec3iter, gsalt, salt_length,
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-dsfromkey.docbook:98: Use SHA-1 as the digest algorithm
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-dsfromkey.docbook:99: both SHA-1 and SHA-256).
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-dsfromkey.docbook:118: must be one of SHA-1 (SHA1),
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.docbook:120: of must be one of RSAMD5, RSASHA1,
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.docbook:121: DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.docbook:124: be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.docbook:129: If no algorithm is specified, then RSASHA1 will be used
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.docbook:131: in which case NSEC3RSASHA1 will be used instead.
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.docbook:136: Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.docbook:141: Note 2: DH, HMAC-MD5, and HMAC-SHA1 through HMAC-SHA512
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.docbook:192: set on the command line, NSEC3RSASHA1 will be used
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.c:55:#define DEFAULT_ALGORITHM "RSASHA1"
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.c:56:#define DEFAULT_NSEC3_ALGORITHM "NSEC3RSASHA1"
Event: algs - algorithms string
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.c:
58:static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
59: " NSEC3DSA | NSEC3RSASHA1 |"
Event: Code of function usage
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.c:
77: fprintf(stderr, " (default: RSASHA1, or "
78: "NSEC3RSASHA1 if using -3)\n");
Event: Code in function main
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.c:400: alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
Event: BIND manual for dnssec-keygen (i.e. man 8 dnssec-keygen)
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.8:
51:must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
53:If no algorithm is specified, then RSASHA1 will be used by default, unless the
55:option is specified, in which case NSEC3RSASHA1 will be used instead. (If
59:Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
61:Note 2: DH, HMAC\-MD5, and HMAC\-SHA1 through HMAC\-SHA512 automatically set the \-T KEY option.
84:Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 and ECDSAP384SHA384 algorithms are NSEC3\-capable.
Event: BIND manual for dnssec-keyfromlabel (i.e. man 8 dnssec-keyfromlabel)
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.8:
51:must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384. These values are case insensitive.
53:If no algorithm is specified, then RSASHA1 will be used by default, unless the
55:option is specified, in which case NSEC3RSASHA1 will be used instead. (If
59:Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended.
66:Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, N SEC3RSASHA1 will be used by default.
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.docbook:104: must be one of RSAMD5, RSASHA1,
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.docbook:105: DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.docbook:110: If no algorithm is specified, then RSASHA1 will be used
Event: BIND documentation
Message:
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.docbook:112: in which case NSEC3RSASHA1 will be used instead.
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.docbook:117: Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
Event: BIND documentation
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keyfromlabel.docbook:132: set on the command line, NSEC3RSASHA1 will be used
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:82:#define DEFAULT_ALGORITHM "RSASHA1"
Event: BIND sources macro definition
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:83:#define DEFAULT_NSEC3_ALGORITHM "NSEC3RSASHA1"
Event: BIND sources string literal
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:99: fprintf(stderr, " RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1"
Event: BIND sources string literal
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:103: fprintf(stderr, " DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | "
Event: BIND sources string literal
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:106: fprintf(stderr, " (default: RSASHA1, or "
Event: BIND sources string literal
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:107: "NSEC3RSASHA1 if using -3)\n");
Event: BIND sources string literal
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:111: fprintf(stderr, " RSASHA1:\t[512..%d]\n", MAX_RSA);
Event: BIND sources string literal
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:112: fprintf(stderr, " NSEC3RSASHA1:\t[512..%d]\n", MAX_RSA);
Event: BIND sources string literal
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:123: fprintf(stderr, " HMAC-SHA1:\t[1..160]\n");
Event: BIND sources string literal
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:563: else if (strcasecmp(algname, "HMAC-SHA1") == 0)
Event: Code in function main
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:
564: alg = DST_ALG_HMACSHA1;
587: alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
Event: Cases of switch (alg) in function main
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:
733: case DNS_KEYALG_RSASHA1:
734: case DNS_KEYALG_NSEC3RSASHA1:
771: case DST_ALG_HMACSHA1:
774: fatal("HMAC-SHA1 key size %d out of range", size);
776: fatal("HMAC-SHA1 digest bits %d out of range", dbits);
778: fatal("HMAC-SHA1 digest bits %d not divisible by 8",
Event: Code in function main
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:870: alg == DST_ALG_HMACSHA1 || alg == DST_ALG_HMACSHA224 ||
Event: Cases of switch (alg) in function main
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-keygen.c:
878: case DNS_KEYALG_RSASHA1:
879: case DNS_KEYALG_NSEC3RSASHA1:
898: case DST_ALG_HMACSHA1:
Event: Code in function usage
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-dsfromkey.c:
336: "(SHA-1, SHA-256, GOST or SHA-384)\n");
337: fprintf(stderr, " -1: use SHA-1\n");
Event: Initializing local variable dtype in function main
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-dsfromkey.c:358: unsigned int dtype = DNS_DSDIGEST_SHA1;
Event: Setting variable dtype in function main
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-dsfromkey.c:388: dtype = DNS_DSDIGEST_SHA1;
Event: Code in function main
Message: ./fipscc_nios/bind9/bin/dnssec/dnssec-dsfromkey.c:
458: if (strcasecmp(algname, "SHA1") == 0 ||
459: strcasecmp(algname, "SHA-1") == 0)
460: dtype = DNS_DSDIGEST_SHA1;
535: emit(DNS_DSDIGEST_SHA1, showall, lookaside,
549: emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata);
Event: Calculate fingerprint of VMWare config and disk of the product image
Message: ./fipscc_nios/vnios/vnios-build:707: openssl sha1 ${input_file}*.{ovf,vmdk} ${name}*.vmdk > ${input_file}.mf
Event: Calculate fingerprint of VMWare config and disk of the product image
Message: ./fipscc_nios/vnios/vnios-build:709: openssl sha1 ${input_file_standalone}.ovf ${input_file}*.vmdk GuideVM-disk.vmdk ${name}*.vmdk > ${input_file_standalone}.mf
Event: Comment in NIOS build scripts
Message: ./fipscc_nios/vnios/vnios-build:1221:# Generates an mf file. Pretty simple, just dumps the SHA1 fingerprints
Event: Calculate fingerprint of VMWare config and disk of the product image
Message: ./fipscc_nios/vnios/vnios-build:1236: openssl sha1 ${name}*.{ovf,vmdk} > ${output}.mf
Event: OpenSSL binary library
Message: Binary file ./fipscc_nios/vnios/libdir/lib/libcrypto.so.0.9.8/libcrypto.so.0.9.8 matches
Event: OpenSSL binary library
Message: Binary file ./fipscc_nios/vnios/libdir/lib/libssl.so.0.9.8/libssl.so.0.9.8 matches
Event: Comment in .ova packaging script
Message: ./fipscc_nios/vnios/build-ova.sh:48:# Generates an mf file. Pretty simple, just dumps the SHA1 fingerprints
Event: Calculate fingerprint of VMWare .ova file of the product image
Message: ./fipscc_nios/vnios/build-ova.sh:66: openssl sha1 "${baseFile}" >${mfFile}
Event: Calculate fingerprint of VMWare .ova file of the product image
Message: ./fipscc_nios/vnios/build-ova.sh:73: openssl sha1 "${baseFile}" >>${mfFile}
Event: Check algorithm name and set algorithm code in function isclib_make_dst_key
Message: ./fipscc_nios/dhcp3/omapip/isclib.c:
344: } else if (strcasecmp(algorithm, DHCP_HMAC_SHA1_NAME) == 0) {
345: algorithm_code = DST_ALG_HMACSHA1;
Event: ISC DCHP macro define
Message: ./fipscc_nios/dhcp3/includes/isc-dhcp/dst.h:117:#define KEY_HMAC_SHA1 158
Event: ISC DCHP macro define
Message: ./fipscc_nios/dhcp3/includes/isc-dhcp/dst.h:119:#define DST_MAX_ALGS KEY_HMAC_SHA1
Event: ISC DCHP macro define
Message: ./fipscc_nios/dhcp3/includes/omapip/isclib.h:109:#define DHCP_HMAC_SHA1_NAME "HMAC-SHA1.SIG-ALG.REG.INT."
Event: ISC DCHP config sample
Message: ./fipscc_nios/dhcp3/server/dhcpd.conf.5:1321: HMAC-SHA1
Event: ISC DCHP documentation
Message: ./fipscc_nios/dhcp3/RELNOTES:271: additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
Event: OpenSSL binary library
Message: Binary file ./fipscc_nios/ipamvm/libcrypto.so.0.9.8 matches
Event: OpenSSL binary library
Message: Binary file ./fipscc_nios/ipamvm/libssl.so.0.9.8 matches
Event: Argument of call MemBufferWriteString in function LogTlsLogExtended
Message: ./fipscc_nios/sw_atp/suricata/src/log-tlslog.c:89: MemBufferWriteString(aft->buffer, " SHA1='%s'", state->server_connp.cert0_fingerprint);
Event: Assigning field desc of sigmatch_table in function DetectTlsRegister
Message: ./fipscc_nios/sw_atp/suricata/src/detect-tls.c:117: sigmatch_table[DETECT_AL_TLS_FINGERPRINT].desc = "match TLS/SSL certificate SHA1 fingerprint";
Event: Call of ComputeSHA1 in function DecodeTLSHandshakeServerCertificate
Message: ./fipscc_nios/sw_atp/suricata/src/app-layer-tls-handshake.c:172: hash = ComputeSHA1((unsigned char *) input, (int) msg_len);
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.h:67:typedef struct Sha1State_ {
Event: typedef struct Sha1State_ {...} Sha1State;
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.h:
71:} Sha1State;
75: Sha1State sha1;
Event: Function ComputeSHA1 declaration
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.h:81:unsigned char* ComputeSHA1(unsigned char* buff, int bufflen);
Event: Function Sha1Compress definition
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:44:static int Sha1Compress(HashState *md, unsigned char *buf)
Event: Copy state in function Sha1Compress
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:
53: a = md->sha1.state[0];
54: b = md->sha1.state[1];
55: c = md->sha1.state[2];
56: d = md->sha1.state[3];
57: e = md->sha1.state[4];
Event: Store state in function Sha1Compress
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:
112: md->sha1.state[0] = md->sha1.state[0] + a;
113: md->sha1.state[1] = md->sha1.state[1] + b;
114: md->sha1.state[2] = md->sha1.state[2] + c;
115: md->sha1.state[3] = md->sha1.state[3] + d;
116: md->sha1.state[4] = md->sha1.state[4] + e;
Event: Function Sha1Init definition
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:121:static int Sha1Init(HashState * md)
Event: State initialization in function Sha1Init
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:
127: md->sha1.state[0] = 0x67452301UL;
128: md->sha1.state[1] = 0xefcdab89UL;
129: md->sha1.state[2] = 0x98badcfeUL;
130: md->sha1.state[3] = 0x10325476UL;
131: md->sha1.state[4] = 0xc3d2e1f0UL;
132: md->sha1.curlen = 0;
133: md->sha1.length = 0;
Event: Function Sha1Process definition
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:137:static int Sha1Process (HashState * md, const unsigned char *in, unsigned long inlen)
Event: Code in function Sha1Process
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:
146: if (md->sha1.curlen > sizeof(md->sha1.buf)) {
150: if (md-> sha1.curlen == 0 && inlen >= 64) {
151: if ((err = Sha1Compress(md, (unsigned char *)in)) != SC_SHA_1_OK) {
154: md-> sha1 .length += 64 * 8;
158: n = MIN(inlen, (64 - md-> sha1 .curlen));
159: memcpy(md-> sha1 .buf + md-> sha1.curlen, in, (size_t)n);
160: md-> sha1 .curlen += n;
163: if (md-> sha1 .curlen == 64) {
164: if ((err = Sha1Compress(md, md-> sha1 .buf)) != SC_SHA_1_OK) {
167: md-> sha1 .length += 8*64;
168: md-> sha1 .curlen = 0;
Event: Function Sha1Done definition
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:177:static int Sha1Done(HashState * md, unsigned char *out)
Event: Code in function Sha1Done
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:
186: if (md->sha1.curlen >= sizeof(md->sha1.buf)) {
191: md->sha1.length += md->sha1.curlen * 8;
194: md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;
200: if (md->sha1.curlen > 56) {
201: while (md->sha1.curlen < 64) {
202: md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
204: Sha1Compress(md, md->sha1.buf);
205: md->sha1.curlen = 0;
209: while (md->sha1.curlen < 56) {
210: md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
214: STORE64H(md->sha1.length, md->sha1.buf+56);
215: Sha1Compress(md, md->sha1.buf);
219: STORE32H(md->sha1.state[i], out+(4*i));
Event: ComputeSHA1 definition
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:227:unsigned char* ComputeSHA1(unsigned char* buff, int bufflen) Function
Event: Code in function ComputeSHA1
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:
233: Sha1Init(&md);
234: Sha1Process(&md, buff, bufflen);
235: Sha1Done(&md, lResult);
Event: Function ComputeSHA1 definition if HAVE_NSS is defined
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:241:unsigned char* ComputeSHA1(unsigned char* buff, int bufflen)
Event: Code in function ComputeSHA1
Message: ./fipscc_nios/sw_atp/suricata/src/util-crypt.c:
243: HASHContext *sha1_ctx = HASH_Create(HASH_AlgSHA1);
246: if (sha1_ctx == NULL) {
252: HASH_Destroy(sha1_ctx);
255: HASH_Begin(sha1_ctx);
256: HASH_Update(sha1_ctx, buff, bufflen);
257: HASH_End(sha1_ctx, lResult, &rlen, (sizeof(unsigned char) * 20));
258: HASH_Destroy(sha1_ctx);
Event: Code in function process
Message: ./fipscc_nios/sw_atp/suricata/contrib/file_processor/Processor/ShadowServer.pm:32: my @meta_cols = qw(md5 sha1 first_date last_date type ssdeep);
Event: atp rule
Message: ./fipscc_nios/sw_atp/suricata/prod_suricata/suricata/rules.orig/emerging-scan.rules:265:alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN Possible Mysqloit Operating System Fingerprint/SQL Injection Test Scan Detected"; flow:established,to_server; content:"+UNION+select+'BENCHMARK(10000000,SHA1(1))"; http_uri; reference:url,code.google.com/p/mysqloit/; reference:url,doc.emergingthreats.net/2009883; classtype:attempted-recon; sid:2009883; rev:6;)
Event: sid-msg.map items
Message: ./fipscc_nios/sw_atp/suricata/prod_suricata/suricata/rules.orig/sid-msg.map:
14240:2017120 || ET POLICY Possible IPMI 2.0 RAKP Remote SHA1 Password Hash Retreival RAKP message 1 with default BMC usernames (Admin|root|Administrator|USERID)
14241:2017121 || ET ATTACK_RESPONSE Possible IPMI 2.0 RAKP Remote SHA1 Password Hash Retreival RAKP message 2 status code Unauthorized Name
Event: atp rule
Message: ./fipscc_nios/sw_atp/suricata/prod_suricata/suricata/rules.orig/emerging-policy.rules:2342:alert udp $EXTERNAL_NET any -> $HOME_NET 623 (msg:"ET POLICY Possible IPMI 2.0 RAKP Remote SHA1 Password Hash Retreival RAKP message 1 with default BMC usernames (Admin|root|Administrator|USERID)"; content:"|06 12|"; offset:4; depth:2; pcre:"/((\x0d|\x05)Admin(istrator)?|\x04root|\x06USERID)/Ri"; classtype:protocol-command-decode; sid:2017120; rev:2;)
Event: atp rule
Message:./fipscc_nios/sw_atp/suricata/prod_suricata/suricata/rules.orig/emerging-attack_response.rules:481:alert udp $HOME_NET 623 -> $EXTERNAL_NET any (msg:"ET ATTACK_RESPONSE Possible IPMI 2.0 RAKP Remote SHA1 Password Hash Retreival RAKP message 2 status code Unauthorized Name"; content:"|06 13|"; offset:4; depth:2; content:"|0d|"; distance:11; within:1; classtype:protocol-command-decode; sid:2017121; rev:2;)
Event: Argument of call EVP_BytesToKey which makes 3DES key out of the password in function generateDESKey
Message: ./fipscc_nios/common/server/src/lib/security/security_functions.c:64: EVP_sha1(),
Event: Code in function ib_bin_SHAHash - SHA hash function which returns the digest data in a buffer with length 20
Message: ./fipscc_nios/common/server/src/lib/security/security_functions.c:
305: SHA1_Init(&c);
306: SHA1_Update(&c, inputValue, inputLength);
307: SHA1_Final(sha, &c);
Event: Comment to function ib_ssha_pwd
Message: ./fipscc_nios/common/server/src/lib/security/security_functions.c:544: * This routine implements the salted SHA1 for password hashing.
Event: Comment to function ib_ssha_pwd
Message: ./fipscc_nios/common/server/include/infoblox/security_functions.h:298: * This routine implements the salted SHA1 for password hashing.
Event: Cases of switch ((sldns_algorithm)alg) in function sldns_rr_dnskey_key_size_raw
Message: ./fipscc_nios/unbound/ldns/keyraw.c:
50: case LDNS_RSASHA1:
51: case LDNS_RSASHA1_NSEC3:
Event: Items of sldns_lookup_table sldns_algorithms_data - lookup table for standard DNS stuff
Message: ./fipscc_nios/unbound/ldns/wire2str.c:
42: { LDNS_RSASHA1, "RSASHA1" },
43: { LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" },
44: { LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" },
Event: Item of sldns_lookup_table sldns_hashes_data - hash algorithms in DS record
Message: ./fipscc_nios/unbound/ldns/wire2str.c:59: { LDNS_SHA1, "SHA1" },
Event: Argument in call sldns_str_print in function sldns_wire2str_edns_n3u_print
Message: ./fipscc_nios/unbound/ldns/wire2str.c:1766: w += sldns_str_print(s, sl, " SHA1");
Event: Items of enum sldns_enum_algorithm - algorithms used in dns
Message: ./fipscc_nios/unbound/ldns/rrdef.h:
364: LDNS_RSASHA1 = 5,
366: LDNS_RSASHA1_NSEC3 = 7,
Event: Item of enum sldns_enum_hash - hashing algorithms used in the DS record
Message: ./fipscc_nios/unbound/ldns/rrdef.h:383: LDNS_SHA1 = 1, /* RFC 4034 */
Event: Content of autoconf file
Message: ./fipscc_nios/unbound/configure.ac:573:AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode])
Event: Case of switch(d->rr_data[r][2+0]) in function nsec3_known_algo which returns if nsec3 RR has known algorithm
Message: ./fipscc_nios/unbound/validator/val_nsec3.c:171: case NSEC3_HASH_SHA1:
Event: Code in case NSEC3_HASH_SHA1 of switch(algo) in function nsec3_get_hashed
Message: ./fipscc_nios/unbound/validator/val_nsec3.c:
549:#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
550: case NSEC3_HASH_SHA1:
554: hash_len = SHA1_LENGTH;
559: (void)SHA1((unsigned char*)sldns_buffer_begin(buf),
563: (void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)res,
573: (void)SHA1(
578: (void)HASH_HashBuf(HASH_AlgSHA1,
Event: Unbound sources comment
Message: ./fipscc_nios/unbound/validator/val_nsec3.c:585:#endif /* HAVE_EVP_SHA1 or NSS */
Event: Code in case NSEC3_HASH_SHA1 of switch(algo) in function nsec3_calc_hash which performs hash of name
Message: ./fipscc_nios/unbound/validator/val_nsec3.c:
611:#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
612: case NSEC3_HASH_SHA1:
616: c->hash_len = SHA1_LENGTH;
623: (void)SHA1((unsigned char*)sldns_buffer_begin(buf),
627: (void)HASH_HashBuf(HASH_AlgSHA1,
638: (void)SHA1(
643: (void)HASH_HashBuf(HASH_AlgSHA1,
Event: Unbound sources comment
Message: ./fipscc_nios/unbound/validator/val_nsec3.c:650:#endif /* HAVE_EVP_SHA1 or NSS */
Event: Case of switch(algo) in function ds_digest_size_supported(int algo) which returns size of DS digest according to its hash algorithm
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:
82:#ifdef HAVE_EVP_SHA1
83: case LDNS_SHA1:
Event: Case of switch(algo) in function secalgo_ds_digest
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:
122:#ifdef HAVE_EVP_SHA1
123: case LDNS_SHA1:
124: (void)SHA1(buf, len, res);
Event: Cases of switch(id) in function dnskey_algo_id_is_supported which returns true if DNSKEY algorithm id is supported
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:
161: case LDNS_RSASHA1:
162: case LDNS_RSASHA1_NSEC3:
Event: Cases of switch(algo) in function setup_key_digest which setups key and digest for verification
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:
323: case LDNS_RSASHA1:
324: case LDNS_RSASHA1_NSEC3:
Event: Code in case LDNS_RSASHA512 of switch(algo)in function setup_key_digest
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:359: *digest_type = EVP_sha1();
Event: Case of switch(algo) in function ds_digest_size_supported
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:
572: case LDNS_SHA1:
573: return SHA1_LENGTH;
Event: Case of switch(algo) in function secalgo_ds_digest
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:
595: case LDNS_SHA1:
596: return HASH_HashBuf(HASH_AlgSHA1, res, buf, len)
Event: Cases of switch(id) in function dnskey_algo_id_is_supported
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:
627: case LDNS_RSASHA1:
628: case LDNS_RSASHA1_NSEC3:
Event: Code in function SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len)
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:
743: if(len < (size_t)1 + SHA1_LENGTH + 3*length)
747: Q.len = SHA1_LENGTH;
748: offset += SHA1_LENGTH;
Event: hash prefix to prepend to hash output, from RFC3110
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:853: static unsigned char p_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B,
Event: Code in case LDNS_DSA, case LDNS_DSA_NSEC3 of switch(algo) in function nss_setup_key_digest
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:874: *htype = HASH_AlgSHA1;
Event: Cases of switch(algo) in function nss_setup_key_digest
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:
877: case LDNS_RSASHA1:
878: case LDNS_RSASHA1_NSEC3:
Event: Code in case LDNS_RSASHA512 of switch(algo) in function nss_setup_key_digest which setups key and digest for verification
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:
906: *htype = HASH_AlgSHA1;
907: *prefix = p_sha1;
908: *prefixlen = sizeof(p_sha1);
Event: Code in function verify_canonrrset which checks a canonical sig+rrset and signature against a dnskey
Message: ./fipscc_nios/unbound/validator/val_secalgo.c:995: if(sigblock_len == 1+2*SHA1_LENGTH) {
Event: Unbound sources macro definition
Message: ./fipscc_nios/unbound/validator/val_nsec3.h:
96:/** The SHA1 hash algorithm for NSEC3 */
97:#define NSEC3_HASH_SHA1 0x01
Event: Unbound sources macro undefinition
Message: ./fipscc_nios/unbound/config.h.in:
116:/* Define to 1 if you have the `EVP_sha1' function. */
117:#undef HAVE_EVP_SHA1
Event: Argument of call verifytest_file in function verify_test
Message: ./fipscc_nios/unbound/testcode/unitverify.c:509: verifytest_file("testdata/test_sigs.sha1_and_256", "20070829144150");
Event: Argument of call dstest_file in function verify_test
Message: ./fipscc_nios/unbound/testcode/unitverify.c:530: dstest_file("testdata/test_ds.sha1");
Event: Unbound documentation
Message: ./fipscc_nios/unbound/doc/Changelog:2185: - change unbound-control-setup from 1024(sha1) to 1536(sha256).
Event: Unbound documentation
Message: ./fipscc_nios/unbound/doc/Changelog:3396: - fixup SHA256 DS downgrade, no longer possible to downgrade to SHA1.
Event: Content of diff file for validator/val_secalgo.c
Message: ./fipscc_nios/unbound/contrib/patch_rsamd5_enable.diff:
13: case LDNS_RSASHA1:
22: case LDNS_RSASHA1:
Event: Code in bash script configure
Message: ./fipscc_nios/unbound/configure:16735:for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode
Event: Binary JAR file for our Web UI
Message: Binary file ./fipscc_nios/webui/target/com.infoblox.client.generator/cxf/lib/jaxb-xjc-2.1.12.jar
Event: Encryption types
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.util.localization/src/com/infoblox/util/localization/messages.properties:
3338:EncType.AES_128_CTS_HMAC_SHA_1_96=aes128-cts-hmac-sha1-96
3339:EncType.AES_256_CTS_HMAC_SHA_1_96=aes256-cts-hmac-sha1-96
Event: Algorithm key enumeration items
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.util.localization/src/com/infoblox/util/localization/messages.properties:
3743:AlgorithmKeyEnum.SHA_1_1024=SHA-1 1024
3744:AlgorithmKeyEnum.SHA_1_2048=SHA-1 2048
Event: Pre-defined authentication types in BFD template
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.util.localization/src/com/infoblox/util/localization/messages.properties:
4023:BFDTemplatesAuthType.SHA1 = SHA-1
4024:BFDTemplatesAuthType.METICULOUS-SHA1 = Meticulous SHA-1
Event: Algorithm types
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.dns/src/com/infoblox/module/dns/localization/messages.properties:
47:AlgorithmType.RsaSha1.5=RSA/SHA1 (5)
48:AlgorithmType.RsaSha1Nsec3.7=RSA/SHA1/NSEC3 (7)
Event: Algorithm types
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.dns/src/com/infoblox/nios/ui/widget/editor/zone/auth/dnssec/AbstractSigningKeysTablePanel.properties:
7:AlgorithmType.5=RSA/SHA-1
9:AlgorithmType.7=RSA/SHA-1(NSEC3)
Event: Algorithm types
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.dns/src/com/infoblox/nios/ui/widget/editor/common/panel/dnssec/DnsSecTablePanel.properties:
8:AlgorithmType.RsaSha1.5=RSA/SHA1 (5)
9:AlgorithmType.RsaSha1Nsec3.7=RSA/SHA1/NSEC3 (7)
Event: Algorithm type
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.dns/src/com/infoblox/nios/ui/widget/editor/common/panel/dnssec/key/KeySigningTable.java:60: private final String RSA_SHA1_5 = new StringResourceModel("AlgorithmType."+DnssecSupportedAlgorithm.RSASHA_1, this, null).getObject(); //$NON-NLS-1$
Event: Check algorithm type in function createEditorComponent.setObject
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.dns/src/com/infoblox/nios/ui/widget/editor/common/panel/dnssec/key/KeySigningTable.java:360: else if (o.equals(RSA_SHA1_5)) {
Event: Return algorithm type in function createEditorComponent.getObject
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.dns/src/com/infoblox/nios/ui/widget/editor/common/panel/dnssec/key/KeySigningTable.java:382: return RSA_SHA1_5;
Event: Return list of algorithm types in function getAlgorithmList
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.dns/src/com/infoblox/nios/ui/widget/editor/common/panel/dnssec/key/KeySigningTable.java:
533: return new String [] {DSA_3,RSA_MD5_1,RSA_SHA1_5,RSA_SHA2_8_256,RSA_SHA2_10_512};
535: return new String [] {DSA_3,RSA_SHA1_5,RSA_SHA2_8_256,RSA_SHA2_10_512};
Event: Algorithm type
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.dns/src/com/infoblox/nios/ui/widget/editor/common/panel/dnssec/key/KeySigningTable.properties:6:AlgorithmType.RSASHA_1=RSA/SHA-1
Event: Items of choices array
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.dns/src/com/infoblox/nios/ui/widget/editor/common/panel/dnssec/DnsSecTablePanel.java:
251: new StringResourceModel("AlgorithmType.RsaSha1.5", this, null).getString(), //$NON-NLS-1$
252: new StringResourceModel("AlgorithmType.RsaSha1Nsec3.7", this, null).getString(), //$NON-NLS-1$
Event: Toolbar item
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module/src/com/infoblox/nios/ui/page/IBExtMainPage.properties:354:ToolbarItem.RSASHA1.Text=RSASHA1
Event: Pre-defined authentication types in BFD template
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module/src/com/infoblox/nios/ui/widget/bfdtemplate/BFDTemplatesTable.properties:
17:BFDTemplatesTable.SHA_1 = SHA-1
18:BFDTemplatesTable.METICULOUS_SHA_1 = Meticulous SHA-1
Event: NIOS Web UI source comment to class PasswordLengthValidator
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module/src/com/infoblox/nios/ui/widget/bfdtemplate/BFDTemplateWidget.java:283: * and 4-20 characters for SHA1 and Meticulous-SHA1
Event: Comments to class AlgorithmKeyModel
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module/src/com/infoblox/nios/ui/dialog/AlgorithmKeyModel.java:
22: * SHA-1 1024
23: * SHA-1 2048
Event: Item of generateItems IToolbarMenuItem list in function createClientCertificateDropDownMenu
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.grid/src/com/infoblox/nios/ui/page/gridmanager/GridManagerVerticalToolbarContent.java:766: new StringResourceModel("ToolbarItem.RSASHA1.Text", container, null), //$NON-NLS-1$
Event: Item of viewItems IToolbarMenuItem list in function createClientCertificateDropDownMenu
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.grid/src/com/infoblox/nios/ui/page/gridmanager/GridManagerVerticalToolbarContent.java:780: new StringResourceModel("ToolbarItem.RSASHA1.Text", container, null), //$NON-NLS-1$
Event: Item of downloadItems IToolbarMenuItem list in function createClientCertificateDropDownMenu
Message:./fipscc_nios/webui/platform/src/plugins/com.infoblox.module.grid/src/com/infoblox/nios/ui/page/gridmanager/GridManagerVerticalToolbarContent.java:794: new StringResourceModel("ToolbarItem.RSASHA1.Text", container, null), //$NON-NLS-1$
Event: Python documentation
Message: ./fipscc_nios/docs/python-notes/valgrind-python.supp:343: fun:SHA1_Update Valgrind/
Event: Python documentation
Message: ./fipscc_nios/docs/python-notes/valgrind-python.supp:349: fun:SHA1_Update Valgrind/
Event: Check algorithm type in function gen_hsm_client_cert
Message: ./fipscc_nios/products/one/script/Infoblox/Session.pm:1501: if ($args{'algorithm'} !~ /^(RSASHA1|RSASHA256)$/) {
Event: Error message in function gen_hsm_client_cert
Message: ./fipscc_nios/products/one/script/Infoblox/Session.pm:1502: set_error_codes(1103, $args{'algorithm'} . ' is an unsupported algorithm, valid values are: RSASHA1 or RSASHA256', $self);
Event: Check algorithm type in function export_data
Message: ./fipscc_nios/products/one/script/Infoblox/Session.pm:5950: if ($args{'algorithm'} !~ /^(RSASHA1|RSASHA256)$/) {
Event: Error message in function export_data
Message: ./fipscc_nios/products/one/script/Infoblox/Session.pm:5951: return set_error_codes(1103, $args{'algorithm'} . ' is an unsupported algorithm, valid values are: RSASHA1 or RSASHA256', $self);
Event: Algorithm type in _allowed_members
Message: ./fipscc_nios/products/one/script/Infoblox/IBAP/DNS_Zone.pm:4449: 'algorithm' => {simple => 'asis', enum => ['RSAMD5', 'DSA', 'RSASHA1', 'RSASHA256', 'RSASHA512']},
Event: Enum items in function enctype
Message: ./fipscc_nios/products/one/script/Infoblox/IBAP/Grid_Misc.pm:
469: 'aes128-cts-hmac-sha1-96',
470: 'aes256-cts-hmac-sha1-96',
Event: Authentication type in %_allowed_members
Message: ./fipscc_nios/products/one/script/Infoblox/IBAP/Grid_Misc.pm:1655: 'authentication_type' => {simple => 'asis', enum => ['NONE', 'MD5', 'METICULOUS-MD5', 'SHA1', 'METICULOUS-SHA1']},
Event: Digest type in _allowed_members
Message: ./fipscc_nios/products/one/script/Infoblox/IBAP/DNS_RecordsDNSSec.pm:350: 'digest_type' => {readonly => 1, enum => ['SHA1', 'SHA256', '1', '2']},
Event: Item of digest type mappings
Message: ./fipscc_nios/products/one/script/Infoblox/IBAP/DNS_RecordsDNSSec.pm:390: 'SHA1' => 'SHA_1',
Event: Item of reverse digest type mappings
Message: ./fipscc_nios/products/one/script/Infoblox/IBAP/DNS_RecordsDNSSec.pm:397: 'SHA_1' => 'SHA1',
Event: Items of _alg_hash_ mappings
Message: ./fipscc_nios/products/one/script/Infoblox/Util.pm:
7675: 5 => 'RSASHA1',
7677: 7 => 'NSEC3RSASHA1',
Event: Algorithm mappings for dnssec KSK and ZSK algorithms
Message: ./fipscc_nios/products/one/script/Infoblox/Util.pm:
7795: | RSASHA1 | RSASHA1 | NSEC |
7797: | NSEC3RSASHA1 | RSASHA1 | NSEC3 |
7804: | 5 | RSASHA1 | NSEC |
7808: | 7 | RSASHA1 | NSEC3 |
Event: Items of mappings _nsec3_algorithm_mappings
Message: ./fipscc_nios/products/one/script/Infoblox/Util.pm:
7816: NSEC3RSASHA1 => 'RSASHA1',
7818: 7 => 'RSASHA1',
Event: Items of mappings _nsec_algorithm_mappings
Message: ./fipscc_nios/products/one/script/Infoblox/Util.pm:
7827: RSASHA1 => 'RSASHA1',
7832: 5 => 'RSASHA1',
Event: Comments in function dnssec_key_algorithms_list_update
Message: ./fipscc_nios/products/one/script/Infoblox/Util.pm:
7984: # dnssec_ksk_algorithm -> NSEC3RSASHA1, next_secure_type -> NSEC3
7985: # if we change dnssec_ksk_algorithm -> RSASHA1,
Event: Dictionary of possible authentication types in NIOS IBAP for BFD
Message: ./fipscc_nios/products/one/server/src/ibap/bfdobj.py:22: ['NONE', 'MD5', 'METICULOUS-MD5', 'SHA1', 'METICULOUS-SHA1'],
Event: Constant definitions
Message: ./fipscc_nios/products/one/server/src/lib/one_safenet/cryptoki.h:
391:#define CKA_FINGERPRINT_SHA1 (CKA_VENDOR_DEFINED | 0x0002):
423:#define CKM_SHA1_RSA_PKCS 0x00000006
427:#define CKM_SHA1_RSA_X9_31 0x0000000C
429:#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
433:#define CKM_DSA_SHA1 0x00000012
549:#define CKM_SSL3_SHA1_MAC 0x00000381
552:#define CKM_SHA1_KEY_DERIVATION 0x00000392
563:#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
563:#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
564:#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
565:#define CKM_PBE_SHA1_RC4_128 0x000003A6
566:#define CKM_PBE_SHA1_RC4_40 0x000003A7
567:#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
568:#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
569:#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
570:#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
606:#define CKM_ECDSA_SHA1 0x00001042
659:#define CKM_SHA1_KEY_DERIVATION_OLD_XXX CKM_VENDOR_DEFINED_OLD_XXX + 20 // SPKM & SLL added capabilities
665:#define CKM_PBE_SHA1_CAST5_CBC_OLD_XXX CKM_VENDOR_DEFINED_OLD_XXX + 26 // Entrust added capabilities
674:#define CKM_PBE_SHA1_DES3_EDE_CBC_OLD CKM_VENDOR_DEFINED_OLD_XXX + 30
675:#define CKM_PBE_SHA1_DES2_EDE_CBC_OLD CKM_VENDOR_DEFINED_OLD_XXX + 31
687:#define CKM_KCDSA_SHA1 (CKM_VENDOR_DEFINED + 0x109)
785:#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
808:#define CKD_SHA1_KDF 0x00000002
816:#define CKD_SHA1_NIST_KDF 0x00000012
823:#define CKD_SHA1_SES_KDF 0x82000000
835:#define CKD_SHA1_KDF_ASN1 0x00000003
836:#define CKD_SHA1_KDF_CONCATENATE 0x00000004
838:#define CKD_SHA1_KDF_CONCATENATE_X9_42 CKD_SHA1_KDF_CONCATENATE
839:#define CKD_SHA1_KDF_CONCATENATE_NIST 0x80000001
841:#define CKD_SHA1_KDF_ASN1_X9_42 CKD_SHA1_KDF_ASN1 // not supported
842:#define CKD_SHA1_KDF_ASN1_NIST 0x80000002 // not supported
899:#define CKMS_HMAC_SHA1 0x00000001
900:#define CKMS_SHA1 0x00000002
954:#define CKG_MGF1_SHA1 0x00000001
Event: Commented out items in bitmap kerb_EncTypes
Message: ./fipscc_nios/products/one/server/src/lib/msrpc/idl/security.idl:
413:// KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008,
414:// KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010
Event: Code to assign digest_algo in function ipki_regenerate_csr_from_db
Message: ./fipscc_nios/products/one/server/src/lib/pki/ipki_api.c:
392: if (strcasecmp(csr.algorithm, "SHA-1") == 0)
393: digest_algo = IB_ALG_SHA1;
Event: Case of switch (a_digest) in function ipki_build_csr
Message: ./fipscc_nios/products/one/server/src/lib/pki/ipki_gen.c:
823: case IB_ALG_SHA1:
824: IPKICALL(X509_REQ_sign(csr, a_key, EVP_sha1()));
Event: Case of switch (a_digest) in function ipki_create_selfsigned_cert
Message: ./fipscc_nios/products/one/server/src/lib/pki/ipki_gen.c:
1091: case IB_ALG_SHA1:
1092: IPKICALL(X509_sign(cert, privkey, EVP_sha1()));
Event: Argument of call X509_sign in function ipki_sign_cert
Message: ./fipscc_nios/products/one/server/src/lib/pki/ipki_gen.c:1189: IPKICALL(X509_sign(cert, privkey, EVP_sha1()));
Event: Comment to the module
Message: ./fipscc_nios/products/one/server/src/admin_conn/cookie.py:15:common hashes. Note that the recent vulerabilities in md5 (and sha1)
Event: Module variables
Message: ./fipscc_nios/products/one/server/src/admin_conn/cookie.py:
40:SHA1 = 'sha1'
45:_SHA1_LEN_B64 = 27
Event: Comments to class IBCookie
Message: ./fipscc_nios/products/one/server/src/admin_conn/cookie.py:
66: - The hmac is an md5 or sha1 hmac over the data and the salt,
68: md5, 27 chars for sha1). There is no separator between salt
Event: Code in function load
Message: ./fipscc_nios/products/one/server/src/admin_conn/cookie.py:
117: if len(cookie) - cookie.rfind(',') == _SHA1_LEN_B64 + _SALT_LEN_B64 + 1:
118: hlen = _SHA1_LEN_B64
119: hmactype = SHA1
Event: Assigning digestmod in function _hmac
Message: ./fipscc_nios/products/one/server/src/admin_conn/cookie.py:139: digestmod = hashlib.sha1 if hmactype == SHA1 else hashlib.md5
Event: Argument of call cookie.IBCookie in function _encode_ticket
Message: ./fipscc_nios/products/one/server/src/admin_conn/objcalls.py:1425: hmactype=cookie.SHA1)
Event: Argument of call cookie.IBCookie in function _decode_ticket
Message: ./fipscc_nios/products/one/server/src/admin_conn/objcalls.py:1431: c = cookie.IBCookie(hmactype=cookie.SHA1)
Event: Comments to the module
Message: ./fipscc_nios/products/one/server/src/admin_conn/cryptfuncs.py:13:# base64(, <20 bytes sha1(password+salt)>
Event: Comments to function _getsshasalt
Message: ./fipscc_nios/products/one/server/src/admin_conn/cryptfuncs.py:48: '''Extract the salt from a special IB sha1 passwd hash. hashepsw should be
Event: Comments to function _compute_ssha
Message: ./fipscc_nios/products/one/server/src/admin_conn/cryptfuncs.py:55: '''Compute the special IB sha1 passwd hash, not including the prefix
Event: Function call hashlib.sha1 in function _compute_ssha
Message: ./fipscc_nios/products/one/server/src/admin_conn/cryptfuncs.py:57: h = hashlib.sha1(clearpsw.encode('utf-8') + salt).digest()
Event: Import variable = SHA1= from module cookie
Message: ./fipscc_nios/products/one/server/src/admin_conn/userauth.py:42:from infoblox.one.admin_conn.cookie import (IBCookie, getsecret, SHA1,
Event: Assigning hmactype in function get_cookie
Message: ./fipscc_nios/products/one/server/src/admin_conn/userauth.py:346: hmactype = SHA1
Event: Assigning hmactype in function _check_cookie
Message: ./fipscc_nios/products/one/server/src/admin_conn/userauth.py:
1144: hmactype = SHA1
1150: hmactype = SHA1
Event: Commented out item in list TSIG_KEY_ALGORITHMS
Message: ./fipscc_nios/products/one/server/src/admin_conn/objtype.py:124:#'HMAC-SHA1',
Event: Comment in PagingPageID.__init__
Message: ./fipscc_nios/products/one/server/src/admin_conn/wapibase.py:1041: '''Create a paging cookie container, it will use SHA1
Event: Argument of call hmac.HMAC in function _hmac
Message: ./fipscc_nios/products/one/server/src/admin_conn/wapibase.py:1068: h = hmac.HMAC(self.secret, msg=data, digestmod=hashlib.sha1)
Event: Assign hmactype in function generateIAC which generates extended time cookie for PAPI jobs from NetMRI
Message: ./fipscc_nios/products/one/server/src/pyutil/tae_util.py:476: hmactype = 'sha1'
Event: Part of the code to verify the private key matches the public key in the certificate in function _check_join_info
Message: ./fipscc_nios/products/one/server/src/pyutil/subgrid.py:
140: signature = RSA_key_pair.sign(digest, 'sha1')
143: if user_pub_rsa.verify(digest, signature, 'sha1') != 1:
Event: Assign local variable digest_algo in function util_generate_and_encode_csr
Message: ./fipscc_nios/products/one/server/src/pyutil/ibutil.c:5917: IB_DIGEST_ALGORITHM digest_algo = IB_ALG_SHA1;
Event: Assign local variable digest_algo in function util_sign_csr
Message: ./fipscc_nios/products/one/server/src/pyutil/ibutil.c:6086: IB_DIGEST_ALGORITHM digest_algo = IB_ALG_SHA1;
Event: Authentication type mapping for one.bfd_template
Message: ./fipscc_nios/products/one/server/src/pyutil/installdbmappings.py:
1603: 'sha1': 'SHA1',
1604: 'meticulous-sha1': 'METICULOUS-SHA1'},
Event: Comment to function _set_old_default_grid_dnssec_algorithm
Message: ./fipscc_nios/products/one/server/src/pyutil/testutils/dnssec_test_mixin.py:372: """Set grid level DNSSEC algorithm to RSASHA1
Event: Arguments of function call self._change_grid_dnssec_settings
Message: ./fipscc_nios/products/one/server/src/pyutil/testutils/dnssec_test_mixin.py:
378: self._change_grid_dnssec_settings(ksk_algorithm='RSASHA1',
379: zsk_algorithm='RSASHA1',
Event: Item of enumlist of field algorithm in class WAPIStruct_dnsseckeyalgorithm_2_0
Message: ./fipscc_nios/products/one/server/src/wapi/grid.py:118: enumlist=['RSAMD5', 'DSA', 'RSASHA1', 'RSASHA256',
Event: Assign algorithm type in WFEnumAlgorithm.w2i
Message: ./fipscc_nios/products/one/server/src/wapi/grid.py:
155: algorithm = 'RSASHA1'
161: algorithm = 'RSASHA1'
Event: Assign algorithm type in WFEnumAlgorithm.i2w
Message: ./fipscc_nios/products/one/server/src/wapi/grid.py:180: elif algorithm == 'RSASHA1':
Event: Item of enumlist of field algorithm in class WAPIStruct_generatecsr_2_6
Message: ./fipscc_nios/products/one/server/src/wapi/fileops.py:2651: enumlist=['SHA-1', 'SHA-256'],
Event: Dictionary of possible authentication types in NIOS WAPI for BFD
Message: ./fipscc_nios/products/one/server/src/wapi/bfdtemplate.py:44: enumlist=['NONE', 'MD5', 'METICULOUS-MD5', 'SHA1',
Event: Dictionary of possible authentication types in NIOS IBAP for BFD
Message: ./fipscc_nios/products/one/server/src/wapi/bfdtemplate.py:45: 'METICULOUS-SHA1'],
Event: Item of list SFNT_SIG_ALGORITHMS
Message: ./fipscc_nios/products/one/server/src/pyabs/one_include.py:460:SFNT_SIG_ALGORITHMS = ['RSASHA1', 'RSASHA256']
Event: Item of list ONE_SIG_ALGORITHMS
Message: ./fipscc_nios/products/one/server/src/pyabs/one_include.py:461:ONE_SIG_ALGORITHMS = ['SHA-1', 'SHA-256']
Event: Item of dictionary HSM_VER_SIGN_DICT
Message: ./fipscc_nios/products/one/server/src/pyabs/hsm_safenet_group.py:91:HSM_VER_SIGN_DICT = {'LunaSA_4': 'sha1WithRSAEncryption',
Event: Setting db_algorithm and digest in function insert
Message: ./fipscc_nios/products/one/server/src/pyabs/self_signed_cert.py:
88: elif self['algorithm'] in ('RSASHA1', 'SHA-1'):
89: db_algorithm = 'SHA-1'
90: digest = 'sha1'
Event: Assign default algorithm type in function one_assign_self_signed_certificate
Message: ./fipscc_nios/products/one/server/src/pyabs/certificate.py:243: algorithm = "RSASHA1"
Event: Check key size and algorithm type in function generate_csr
Message: ./fipscc_nios/products/one/server/src/pyabs/certificate.py:1045: (args['key_size'] == 4096 and args['algorithm'] == 'SHA-1'):
Event: Setting algorithm type in function generate_csr
Message: ./fipscc_nios/products/one/server/src/pyabs/certificate.py:1053: args['algorithm'] = 'SHA-1'
Event: Check key size and algorithm type in function generate_self_signed_cert
Message: ./fipscc_nios/products/one/server/src/pyabs/certificate.py:1102: (args['key_size'] == 4096 and args['algorithm'] == 'SHA-1'):
Event: Setting algorithm type in function generate_self_signed_cert
Message: ./fipscc_nios/products/one/server/src/pyabs/certificate.py:1110: args['algorithm'] = 'SHA-1'
Event: Key length definition
Message: ./fipscc_nios/products/one/server/src/bin/ib_prngd/main.c:36:#define RESULT_LEN 20 // As per hash engine, i.e. SHA1 needs 20 characters. Moreover, SP 800-90A suggests 160 bits either
Event: Comments to function hmac_sha1
Message: ./fipscc_nios/products/one/server/src/bin/ib_prngd/main.c:
463: * SHA-1 in one go. It will make all of the other much easier to read.
467: * @param a_output (ib_dstring *) output to return the result back to caller, for SHA-1 it must be 20 characters of length
Event: Definition of function hmac_sha1
Message: ./fipscc_nios/products/one/server/src/bin/ib_prngd/main.c:472:hmac_sha1(const ib_dstring *a_key, const ib_dstring *a_v, ib_dstring *a_output)
Event: Call of EVP_sha1() in function hmac_sha1
Message: ./fipscc_nios/products/one/server/src/bin/ib_prngd/main.c:486: HMAC_Init_ex(&ctx, a_key->m_str, a_key->m_len, EVP_sha1(), NULL);
Event: Call of hmac_sha1 in function hmac_drbg_update
Message: ./fipscc_nios/products/one/server/src/bin/ib_prngd/main.c:
538: ICALL(hmac_sha1(key, buf, key));
545: ICALL(hmac_sha1(key, v, v));
562: ICALL(hmac_sha1(key, buf, key));
568: ICALL(hmac_sha1(key, v, v));
Event: Call of hmac_sha1 in function hmac_drbg_generate
Message: ./fipscc_nios/products/one/server/src/bin/ib_prngd/main.c:773: ICALL(hmac_sha1(key, v, v_out));
Event: TBD comment in function main
Message: ./fipscc_nios/products/one/server/src/bin/ib_prngd/main.c:1086: * Suggested to just concatenate (i.e. use buf, no hmac_sha1) and send to instantiate.
Event: Items of enum ssh_macs_setting_t
Message: ./fipscc_nios/products/one/server/src/bin/make_sshd_conf/main.c:
31: SSH_SHA1 = 1,
32: SSH_SHA1_ETM = 2,
Event: Item of mapping tls_ssh_mapping_t g_macs_mapping[]
Message: ./fipscc_nios/products/one/server/src/bin/make_sshd_conf/main.c:76: {"SHA", "hmac-sha1,hmac-sha1-etm@openssh.com", SSH_SHA1 | SSH_SHA1_ETM},
Event: Argument of function ipki_generate_csr
Message: ./fipscc_nios/products/one/server/src/bin/make_default_apache_cert/main.c:163: a_data->m_db_pool, &name_list, IB_IPKI_PUB_KEY_SIZE_2048, IB_ALG_SHA1,
Event: Argument of function ipki_create_selfsigned_cert
Message: ./fipscc_nios/products/one/server/src/bin/make_default_apache_cert/main.c:167: a_data->m_db_pool, IB_ALG_SHA1, NULL,
Event: Check optarg to set usage_flag in function mhc_process_command_line
Message: ./fipscc_nios/products/one/server/src/bin/sfnt_client_cert_changed/main.c:86: if (strcmp(optarg, "RSASHA1") &&
Event: Print usage in function mhc_process_command_line
Message: ./fipscc_nios/products/one/server/src/bin/sfnt_client_cert_changed/main.c:116: fprintf (stderr, "Usage: %s -a "
Event: Mechanism types
Message: ./fipscc_nios/products/one/server/src/bin/show_safenet_keylabel/e_gem.h:
72:#define CKM_SHA1_RSA_PKCS 0x00000006
74:#define CKM_SHA1_RSA_X9_31 0x0000000C
84:#define CKM_ECDSA_SHA1 0x00001042
Event: Attribute type
Message: ./fipscc_nios/products/one/server/src/bin/show_safenet_keylabel/e_gem.h:152:#define CKA_FINGERPRINT_SHA1 (CKA_VENDOR_DEFINED | 0x0002)
Event: Definition for OAEP
Message: ./fipscc_nios/products/one/server/src/bin/show_safenet_keylabel/e_gem.h:601:#define CKG_MGF1_SHA1 0x00000001
Event: The argument of command /usr/sbin/openvpn in function cd_start_replica_vpn
Message: ./fipscc_nios/products/one/server/src/bin/clusterd/util.c:3452: args[argno++] = "SHA1";
Event: The argument of command /usr/sbin/openvpn in function cd_start_master_vpn
Message: ./fipscc_nios/products/one/server/src/bin/clusterd/util.c:3636: args[argno++] = "SHA1";
Event: Part of the code to derive a serial number from a string in function cd_derive_serial
Message: ./fipscc_nios/products/one/server/src/bin/clusterd/util.c:4915: ITEST(EVP_DigestInit(&ctx, EVP_sha1()) == 1, IERR_FAILURE);
Event: Setting options in CC mode
Message: ./fipscc_nios/products/one/server/src/bin/util/upload_backup_scp.pl:
76: $options .= ' -o MACs=hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96';
77: $options .= ' -o KexAlgorithms=diffie-hellman-group14-sha1';
Event: Item in dictionary SFNET_FACT_CONF_DICT - backup configuration file name
Message: ./fipscc_nios/products/one/server/src/bin/util/hsm_safenet_reset_client_cert.py:14: 'RSASHA1':
Event: Setting options in CC mode
Message: ./fipscc_nios/products/one/server/src/bin/util/download_hotfix_scp.pl:
74: $options .= ' -o MACs=hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96';
75: $options .= ' -o KexAlgorithms=diffie-hellman-group14-sha1';
Event: Input parameters
Message: ./fipscc_nios/products/one/server/src/bin/util/hsm_safenet_generate_client_cert.sh:12:# $1: RSASHA1 | RSASHA256
Event: Check type of the input parameter
Message: ./fipscc_nios/products/one/server/src/bin/util/hsm_safenet_generate_client_cert.sh:21: if [ "$1" == "RSASHA1" ];
Event: Check type of the input parameter
Message: ./fipscc_nios/products/one/server/src/bin/util/hsm_safenet_generate_client_cert.sh:72: if [ "$1" == "RSASHA1" ];
Event: Print GSSD encrypt types in function show_dns_gss_tsig_counters
Message: ./fipscc_nios/products/one/server/src/bin/serial_console/show.c:
10245: PCRYPTO("aes128-cts-hmac-sha1-96", GSSD_ETYPE_AES128_CTS_HMAC_SHA1_96);
10246: PCRYPTO("aes256-cts-hmac-sha1-96", GSSD_ETYPE_AES256_CTS_HMAC_SHA1_96);
Event: Item of enum IB_DIGEST_ALGORITHM
Message: ./fipscc_nios/products/one/server/include/infoblox/one/ipki_gen.h:118: IB_ALG_SHA1,
Event: Create public key in function create_temp_cert
Message: ./fipscc_nios/products/gog/server/src/pyutil/cert_util.py:346: public_key = M2Crypto.EVP.PKey(md='sha1')
Event: Create sign key in function create_temp_cert
Message: ./fipscc_nios/products/gog/server/src/pyutil/cert_util.py:355: sign_key = M2Crypto.EVP.PKey(md='sha1')
Event: Sign X509 certificate request in function m2_generate_and_encode_csr
Message: ./fipscc_nios/products/gog/server/src/pyutil/cert_util.py:429: req.sign(pkey, 'sha1')
Event: Sign X509 certificate in function m2_create_cert_and_sign
Message: ./fipscc_nios/products/gog/server/src/pyutil/cert_util.py:550: cert.sign(sign_key, 'sha1')
Event: The argument of command /usr/sbin/openvpn in function anp_vpn_client
Message: ./fipscc_nios/products/netmri/server/src/bin/util/anp_vpn_client.py:101: '--auth', 'SHA1',
Event: The argument of command /usr/sbin/openvpn in function anm_vpn_server
Message: ./fipscc_nios/products/netmri/server/src/bin/util/anm_vpn_server.py:97: '--auth', 'SHA1',
Event: Assigning authentication protocol in function snmp_task_data_init
Message: ./fipscc_nios/products/bind/server/src/bin/idns_healthd/snmp_monitor.c:752: ss.securityAuthProto = usmHMACSHA1AuthProtocol;
Event: Cases of switch ((unsigned int)mech) in function const char *NFC_mechanism2name(CK_MECHANISM_TYPE mech), macros M: #define M(MECH) case MECH: return #MECH
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/ckerrcode.c:
259:#ifdef CKM_SHA1_RSA_PKCS
260: M(CKM_SHA1_RSA_PKCS);
277:#ifdef CKM_SHA1_RSA_X9_31
278: M(CKM_SHA1_RSA_X9_31);
283:#ifdef CKM_SHA1_RSA_PKCS_PSS
284: M(CKM_SHA1_RSA_PKCS_PSS);
292:#ifdef CKM_DSA_SHA1
293: M(CKM_DSA_SHA1);
643:#ifdef CKM_SSL3_SHA1_MAC
644: M(CKM_SSL3_SHA1_MAC);
652:#ifdef CKM_SHA1_KEY_DERIVATION
653: M(CKM_SHA1_KEY_DERIVATION);
679:#ifdef CKM_PBE_SHA1_CAST128_CBC
680: M(CKM_PBE_SHA1_CAST128_CBC);
682:#ifdef CKM_PBE_SHA1_DES3_EDE_CBC
683: M(CKM_PBE_SHA1_DES3_EDE_CBC);
685:#ifdef CKM_PBE_SHA1_DES2_EDE_CBC
686: M(CKM_PBE_SHA1_DES2_EDE_CBC);
688:#ifdef CKM_PBE_SHA1_RC2_128_CBC
689: M(CKM_PBE_SHA1_RC2_128_CBC);
691:#ifdef CKM_PBE_SHA1_RC2_40_CBC
692: M(CKM_PBE_SHA1_RC2_40_CBC);
697:#ifdef CKM_PBA_SHA1_WITH_SHA1_HMAC
698: M(CKM_PBA_SHA1_WITH_SHA1_HMAC);
796:#ifdef CKM_ECDSA_SHA1
797: M(CKM_ECDSA_SHA1);
884: M(CKM_PBE_SHA1_ARCFOUR_128);
885: M(CKM_PBE_SHA1_ARCFOUR_40);
889: M(CKM_PBE_SHA1_RC4_128);
890: M(CKM_PBE_SHA1_RC4_40);
918: case CKM_KCDSA_SHA1:
919: return "CKM_KCDSA_SHA1";
Event: Constant definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/pkcs11/pkcs11extra.h:58:#define CKM_KCDSA_SHA1 (CKM_NCIPHER + 0x4UL)
Event: Constant definition
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/pkcs11/pkcs11extra.h:
168:#ifndef CKD_SHA1_KDF
182:#define CKD_SHA1_KDF 0x00000002
Event: Thales sources comment
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/pkcs11/pkcs11t.h:637:/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
Event: Constant definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/pkcs11/pkcs11t.h:641:#define CKM_SHA1_RSA_PKCS 0x00000006
Event: Thales sources comment
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/pkcs11/pkcs11t.h:649:/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
Event: Thales sources comment
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/pkcs11/pkcs11t.h:650: * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
Event: Constant definitions
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/pkcs11/pkcs11t.h:
653:#define CKM_SHA1_RSA_X9_31 0x0000000C
655:#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
659:#define CKM_DSA_SHA1 0x00000012
845:#define CKM_SSL3_SHA1_MAC 0x00000381
848:#define CKM_SHA1_KEY_DERIVATION 0x00000392
864:#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
865:#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
866:#define CKM_PBE_SHA1_RC4_128 0x000003A6
867:#define CKM_PBE_SHA1_RC4_40 0x000003A7
868:#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
869:#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
870:#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
871:#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
876:#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
947:#define CKM_ECDSA_SHA1 0x00001042
1286:#define CKG_MGF1_SHA1 0x00000001
1333:#define CKD_SHA1_KDF 0x00000002
1390:#define CKD_SHA1_KDF_ASN1 0x00000003
1391:#define CKD_SHA1_KDF_CONCATENATE 0x00000004
1765:#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
Event: Items of enum M_KeyType and comments to them
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-en.h:
1251: ** by hashing seed using SHA-1 to generate q. For other
1280: /** A key usable with the HMACSHA1 mechanism
1282: * See \ref KeyType_HMACSHA1 for more information.
1284: KeyType_HMACSHA1 = 27,
1487: ** a hash algorithm other than SHA-1.
Event: Items of enum M_Mech and comments to them
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-en.h:
1590: ** plaintext. A Bytes plaintext is hashed using SHA-1 before
1631: /** The SHA-1 hash function as standardized in FIPS180-1
1633: * See \ref Mech_SHA1Hash for more information.
1635: Mech_SHA1Hash = 44,
1651: /** The HMAC construction using the SHA-1 hash function
1653: * See \ref Mech_HMACSHA1 for more information.
1655: Mech_HMACSHA1 = 55,
1678: ** A Bytes plaintext is hashed using SHA-1 to form a Hash plaintext. A
1683: * See \ref Mech_RSAhSHA1pPKCS1 for more information.
1685: Mech_RSAhSHA1pPKCS1 = 59,
1689: ** A Bytes plaintext is hashed using SHA-1 to form a Hash plaintext. A
1698: ** MGF1 with SHA-1 is used as the mask generation function.
1800: Mech_DES3wSHA1 = 102,
1811: Mech_KCDSASHA1 = 111,
1827: ** - KDF2 key derivation function, using SHA-1 as the underlying hash function
1828: ** - Triple-DES-CBC-IV0 with 24-byte keys (@ref Mech_DLIESe3DEShSHA1) as the symmetric
1830: ** - MAC1 based on SHA-1 as the message authentication scheme, with 160-bit output
1833: * See \ref Mech_DLIESe3DEShSHA1 for more information.
1835: Mech_DLIESe3DEShSHA1 = 124,
1839: ** - KDF2 key derivation function, using SHA-1 as the underlying hash function
1840: ** - AES256-CBC-IV0 with 16-byte keys (@ref Mech_DLIESeAEShSHA1) as the symmetric
1842: ** - MAC1 based on SHA-1 as the message authentication scheme, with 160-bit output
1845: * See \ref Mech_DLIESeAEShSHA1 for more information.
1847: Mech_DLIESeAEShSHA1 = 125,
1871: Mech_BlobCryptv2kHasheRijndaelCBC0hSHA1mSHA1HMAC = 141,
1872: Mech_BlobCryptv2kRSAeRijndaelCBC0hSHA1mSHA1HMAC = 142,
1873: Mech_BlobCryptv2kDHeRijndaelCBC0hSHA1mSHA1HMAC = 143,
1875: Mech_BlobCryptv2kHasheDES3CBC0hSHA1mSHA1HMAC = 145,
1876: Mech_BlobCryptv2kRSAeDES3CBC0hSHA1mSHA1HMAC = 146,
1877: Mech_BlobCryptv2kDHeDES3CBC0hSHA1mSHA1HMAC = 147,
1885: ** or Bytes plaintext. A Bytes plaintext is hashed using SHA-1 before
1907: ** Bytes or Hash plaintext. A Bytes plaintext is hashed using SHA-1.
1908: ** SHA-1 is also used for mask generation. This mechanism assumes a
1914: * See \ref Mech_RSAhSHA1pPSS for more information.
1916: Mech_RSAhSHA1pPSS = 160,
Event: Thales documentation groups for enumeration constants
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-en.h:
5379: * by hashing seed using SHA-1 to generate q. For other
5416:/** \defgroup KeyType_HMACSHA1 KeyType_HMACSHA1
5419: * A key usable with the HMACSHA1 mechanism
5748: * a hash algorithm other than SHA-1.
5779: * plaintext. A Bytes plaintext is hashed using SHA-1 before
5804:/** \defgroup Mech_SHA1Hash Mech_SHA1Hash
5807: * The SHA-1 hash function as standardized in FIPS180-1
5832:/** \defgroup Mech_HMACSHA1 Mech_HMACSHA1
5835: * The HMAC construction using the SHA-1 hash function
5838: * - \ref M_Mech_SHA1Hash_Cipher
5871:/** \defgroup Mech_RSAhSHA1pPKCS1 Mech_RSAhSHA1pPKCS1
5877: * A Bytes plaintext is hashed using SHA-1 to form a Hash plaintext. A
5893: * A Bytes plaintext is hashed using SHA-1 to form a Hash plaintext. A
5907: * MGF1 with SHA-1 is used as the mask generation function.
6042:/** \defgroup Mech_DLIESe3DEShSHA1 Mech_DLIESe3DEShSHA1
6048: * - KDF2 key derivation function, using SHA-1 as the underlying hash function
6049: * - Triple-DES-CBC-IV0 with 24-byte keys (@ref Mech_DLIESe3DEShSHA1) as the symmetric
6051: * - MAC1 based on SHA-1 as the message authentication scheme, with 160-bit output
6055:/** \defgroup Mech_DLIESeAEShSHA1 Mech_DLIESeAEShSHA1
6061: * - KDF2 key derivation function, using SHA-1 as the underlying hash function
6062: * - AES256-CBC-IV0 with 16-byte keys (@ref Mech_DLIESeAEShSHA1) as the symmetric
6064: * - MAC1 based on SHA-1 as the message authentication scheme, with 160-bit output
6068: * - \ref M_Mech_DLIESe3DEShSHA1_Cipher
6101: * or Bytes plaintext. A Bytes plaintext is hashed using SHA-1 before
6121:/** \defgroup Mech_RSAhSHA1pPSS Mech_RSAhSHA1pPSS
6125: * Bytes or Hash plaintext. A Bytes plaintext is hashed using SHA-1.
6126: * SHA-1 is also used for mask generation. This mechanism assumes a
8569: ** default of SHA-1. */
Event: KDPKeyType codes
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-akdp-dh.h:37:#define KDPKeyType_HMACSHA1 161
Event: UserAuthScheme codes
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-akdp-dh.h:69:#define UserAuthScheme_SHA1Passphrase 1
Event: Comments to Data structure formats
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-akdp-dh.h:
96: * DATA for KDPKeyType = HMACSHA1
233: * CREDENTIALS for UserAuthScheme = SHA1Passphrase
234: * HASH sha1passphrase
Event: Comments to function NFast_BuildCmdCert which creates a certificate
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/nfastapp.h:1688: * placed in \a cert_out. The SHA-1 hash of this is calculated
Event: Comments to function NFast_Hash which calculates SHA-1 hash
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/nfastapp.h:
1849:/** Calculate SHA-1 hash
1853: * @param hash_out Where to store SHA-1 hash
Event: Comment to field M_Hash sarfilehash; of struct _sarfileinfo - SAR file information
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/nfastapp.h:1979: /** SHA-1 hash of payload */
Event: Constant definitions
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-tdm.h:
269:extern const NF_StructType NF_Type_Mech_DLIESe3DEShSHA1_Cipher;
297:extern const NF_StructType NF_Type_Mech_SHA1Hash_Cipher;
Event: Comments to struct M_KeyType_Random_GenParams
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:969: * This is the variant of \ref M_KeyType__GenParams chosen where the tag is any of \ref KeyType_Random, \ref KeyType_ArcFour, \ref KeyType_CAST, \ref KeyType_HMACMD5, \ref KeyType_HMACSHA1, \ref KeyType_HMACRIPEMD160, \ref KeyType_Serpent, \ref KeyType_Rijndael, \ref KeyType_Twofish, \ref KeyType_CAST256, \ref KeyType_Blowfish, \ref KeyType_HMACSHA224, \ref KeyType_HMACSHA256, \ref KeyType_HMACSHA384, \ref KeyType_HMACSHA512, \ref KeyType_HMACTiger, \ref KeyType_ARIA or \ref KeyType_Camellia.
Event: Comments to struct M_KeyType_DSACommVariableSeed_GenParams
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:1019: ** a hash algorithm other than SHA-1.
Event: Comments to struct M_KeyType_DSAComm_GenParams
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:1602: ** by hashing seed using SHA-1 to generate q. For other
Event: Comments to struct M_KeyType_Random_Data
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:1887: * This is the variant of \ref M_KeyType__Data chosen where the tag is any of \ref KeyType_Random, \ref KeyType_ArcFour, \ref KeyType_CAST, \ref KeyType_Wrapped, \ref KeyType_HMACMD5, \ref KeyType_HMACSHA1, \ref KeyType_HMACRIPEMD160, \ref KeyType_Serpent, \ref KeyType_Rijndael, \ref KeyType_Twofish, \ref KeyType_CAST256, \ref KeyType_Blowfish, \ref KeyType_HMACSHA224, \ref KeyType_HMACSHA256, \ref KeyType_HMACSHA384, \ref KeyType_HMACSHA512, \ref KeyType_HMACTiger, \ref KeyType_SEED, \ref KeyType_ARIA or \ref KeyType_Camellia.
Event: Comments to struct M_KeyType_DSACommVariableSeed_Data
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:1940: ** a hash algorithm other than SHA-1.
Event: Comments to struct M_KeyType_DSAComm_Data
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:2132: ** by hashing seed using SHA-1 to generate q.
Event: Comments to struct M_Mech_RSApPKCS1OAEP_IV
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:2408: ** MGF1 with SHA-1 is used as the mask generation function.
Event: Comments to struct M_Mech_DSA_Cipher
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:2625: ** plaintext. A Bytes plaintext is hashed using SHA-1 before
Event: Comment to typedef struct M_Mech_DLIESe3DEShSHA1_Cipher M_Mech_DLIESe3DEShSHA1_Cipher;
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:2678:/* --- Structure Mech_DLIESe3DEShSHA1_Cipher --- */
Event: type M_Mech_DLIESe3DEShSHA1_Cipher; definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:2680:typedef struct M_Mech_DLIESe3DEShSHA1_Cipher M_Mech_DLIESe3DEShSHA1_Cipher;
Event: Comments to struct M_Mech_DLIESe3DEShSHA1_Cipher
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:
2682:/* --- Structure Mech_DLIESe3DEShSHA1_Cipher --- */
2684:/** \addtogroup Mech_DLIESe3DEShSHA1
2691: ** - KDF2 key derivation function, using SHA-1 as the underlying hash function
2692: ** - Triple-DES-CBC-IV0 with 24-byte keys (@ref Mech_DLIESe3DEShSHA1) as the symmetric
2694: ** - MAC1 based on SHA-1 as the message authentication scheme, with 160-bit output
2697: * This is the variant of \ref M_Mech__Cipher chosen where the tag is either \ref Mech_DLIESe3DEShSHA1 or \ref Mech_DLIESeAEShSHA1.
Event: struct M_Mech_DLIESe3DEShSHA1_Cipher definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:2699:struct M_Mech_DLIESe3DEShSHA1_Cipher {
Event: Field of struct M_Mech_SSL3FinishedMsg_Cipher
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:2792: M_Hash20 sha1hash;
Event: Comment to struct M_Mech_ECDSA_Cipher
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:2909: ** or Bytes plaintext. A Bytes plaintext is hashed using SHA-1 before
Event: Comment to typedef struct M_Mech_SHA1Hash_Cipher M_Mech_SHA1Hash_Cipher;
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:3092:/* --- Structure Mech_SHA1Hash_Cipher --- */
Event: type M_Mech_SHA1Hash_Cipher definition
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:3094:typedef struct M_Mech_SHA1Hash_Cipher M_Mech_SHA1Hash_Cipher;
Event: Comments to struct M_Mech_SHA1Hash_Cipher
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:
3096:/* --- Structure Mech_SHA1Hash_Cipher --- */
3098:/** \addtogroup Mech_SHA1Hash
3102:/** The SHA-1 hash function as standardized in FIPS180-1
3104: * This is the variant of \ref M_Mech__Cipher chosen where the tag is either \ref Mech_SHA1Hash or \ref Mech_HMACSHA1.
Event: struct M_Mech_SHA1Hash_Cipher definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:3106:struct M_Mech_SHA1Hash_Cipher {
Event: Fields of union M_Mech__Cipher and comments to them
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:
3127: /** if tag is \ref Mech_DLIESe3DEShSHA1 */
3128: M_Mech_DLIESe3DEShSHA1_Cipher dliese3deshsha1;
3183: /** if tag is \ref Mech_SHA1Hash */
3184: M_Mech_SHA1Hash_Cipher sha1hash;
Event: Comment to field M_Mech kdfhash; of struct M_DeriveMech_ECCMQV_DKParams
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-im.h:4039: ** Supported mechanisms are SHA1Hash, SHA224Hash,
Event: Comment to const KeyType_DSAComm definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1140: ** by hashing seed using SHA-1 to generate q.
Event: Const KeyType_HMACSHA1 definition with comments
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:
1169: /** A key usable with the HMACSHA1 mechanism
1171: * See \ref KeyType_HMACSHA1 for more information.
1173:#define KeyType_HMACSHA1 27
Event: Comment to const KeyType_DSACommVariableSeed definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1376: ** a hash algorithm other than SHA-1.
Event: Comment to const Mech_DSA definition (Digital Signature Algorithm)
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1446: ** plaintext. A Bytes plaintext is hashed using SHA-1 before
Event: Const Mech_SHA1Hash definition with comments
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:
1487: /** The SHA-1 hash function as standardized in FIPS180-1
1489: * See \ref Mech_SHA1Hash for more information.
#define Mech_SHA1Hash 44
Event: Const Mech_HMACSHA1 definition with comments
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:
1507: /** The HMAC construction using the SHA-1 hash function
1509: * See \ref Mech_HMACSHA1 for more information.
1511:#define Mech_HMACSHA1 55
Event: Const Mech_RSAhSHA1pPKCS1 definition with comments
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:
1534: ** A Bytes plaintext is hashed using SHA-1 to form a Hash plaintext. A
1539: * See \ref Mech_RSAhSHA1pPKCS1 for more information.
1541:#define Mech_RSAhSHA1pPKCS1 59
Event: Comment to const Mech_RSAhRIPEMD160pPKCS1 definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1545: ** A Bytes plaintext is hashed using SHA-1 to form a Hash plaintext.
Event: Comment to const Mech_RSApPKCS1OAEP definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1554: ** MGF1 with SHA-1 is used as the mask generation function.
Event: Const Mech_DES3wSHA1 definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1656:#define Mech_DES3wSHA1 102
Event: Const Mech_KCDSASHA1 definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1667:#define Mech_KCDSASHA1 111
Event: Const Mech_DLIESe3DEShSHA1 definition with comments
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:
1683: ** - KDF2 key derivation function, using SHA-1 as the underlying hash function
1684: ** - Triple-DES-CBC-IV0 with 24-byte keys (@ref Mech_DLIESe3DEShSHA1) as the symmetric
1686: ** - MAC1 based on SHA-1 as the message authentication scheme, with 160-bit output
1689: * See \ref Mech_DLIESe3DEShSHA1 for more information.
1691:#define Mech_DLIESe3DEShSHA1 124
Event: Const Mech_DLIESeAEShSHA1 definition with comments
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:
1695: ** - KDF2 key derivation function, using SHA-1 as the underlying hash function
1696: ** - AES256-CBC-IV0 with 16-byte keys (@ref Mech_DLIESeAEShSHA1) as the symmetric
1698: ** - MAC1 based on SHA-1 as the message authentication scheme, with 160-bit output
1701: * See \ref Mech_DLIESeAEShSHA1 for more information.
1703:#define Mech_DLIESeAEShSHA1 125
Event: Const Mech_BlobCryptv2kHasheRijndaelCBC0hSHA1mSHA1HMAC definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1727:#define Mech_BlobCryptv2kHasheRijndaelCBC0hSHA1mSHA1HMAC 141
Event: Const Mech_BlobCryptv2kRSAeRijndaelCBC0hSHA1mSHA1HMAC definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1728:#define Mech_BlobCryptv2kRSAeRijndaelCBC0hSHA1mSHA1HMAC 142
Event: Const Mech_BlobCryptv2kDHeRijndaelCBC0hSHA1mSHA1HMAC definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1729:#define Mech_BlobCryptv2kDHeRijndaelCBC0hSHA1mSHA1HMAC 143
Event: Const Mech_BlobCryptv2kHasheDES3CBC0hSHA1mSHA1HMAC definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1731:#define Mech_BlobCryptv2kHasheDES3CBC0hSHA1mSHA1HMAC 145
Event: Const Mech_BlobCryptv2kRSAeDES3CBC0hSHA1mSHA1HMAC definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1732:#define Mech_BlobCryptv2kRSAeDES3CBC0hSHA1mSHA1HMAC 146
Event: Const Mech_BlobCryptv2kDHeDES3CBC0hSHA1mSHA1HMAC definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1733:#define Mech_BlobCryptv2kDHeDES3CBC0hSHA1mSHA1HMAC 147
Event: Comments to const Mech_ECDSA definition
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:1741: ** or Bytes plaintext. A Bytes plaintext is hashed using SHA-1 before
Event: Const Mech_RSAhSHA1pPSS definition with comments
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:
1763: ** Bytes or Hash plaintext. A Bytes plaintext is hashed using SHA-1.
1764: ** SHA-1 is also used for mask generation. This mechanism assumes a
1770: * See \ref Mech_RSAhSHA1pPSS for more information.
1772:#define Mech_RSAhSHA1pPSS 160
Event: Comment to const KeyType_DSAPrivate_GenParams_flags_qhash_present definition Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:4438: ** default of SHA-1. */
Event: Comments to Data structure formats
Message:./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/messages-a-dh.h:
6578: * CIPHER for Mech = DLIESe3DEShSHA1
6595: * HASH20 sha1hash
6668: * CIPHER for Mech = SHA1Hash
9244: * IV for Mech = BlobCryptv2kHasheDES3CBC0hSHA1mSHA1HMAC
9245: * IV for Mech = KCDSASHA1
9252: * IV for Mech = RSAhSHA1pPKCS1
9258: * IV for Mech = BlobCryptv2kRSAeRijndaelCBC0hSHA1mSHA1HMAC
9271: * IV for Mech = DES3wSHA1
9274: * IV for Mech = DLIESe3DEShSHA1
9284: * IV for Mech = HMACSHA1
9297: * IV for Mech = DLIESeAEShSHA1
9324: * IV for Mech = BlobCryptv2kHasheRijndaelCBC0hSHA1mSHA1HMAC
9326: * IV for Mech = RSAhSHA1pPSS
9335: * IV for Mech = BlobCryptv2kDHeDES3CBC0hSHA1mSHA1HMAC
9345: * IV for Mech = SHA1Hash
9346: * IV for Mech = BlobCryptv2kRSAeDES3CBC0hSHA1mSHA1HMAC
9348: * IV for Mech = BlobCryptv2kDHeRijndaelCBC0hSHA1mSHA1HMAC
Event: Comment to function NCH_hexout - Marshaled-hex format routine
Message: ./fipscc_nios/products/dns/server/src/lib/thales_preload/thales/include/hilibs/stdmarshal.h:122:/* Note, if you use these, you must link against the nfast SHA1 implementation;
Event: Options returned by function algname
Message: ./fipscc_nios/products/dns/server/src/lib/dnsdb/zone.c:
112: return ("(RSASHA1)");
116: return ("(NSEC3RSASHA1)");
Event: Items of dictionary enctype_enummap
Message: ./fipscc_nios/products/dns/server/src/wapi/kerberoskey.py:
15: 'AES128-CTS-HMAC-SHA1-96': 'aes128-cts-hmac-sha1-96',
16: 'AES256-CTS-HMAC-SHA1-96': 'aes256-cts-hmac-sha1-96',
Event: Items of dictionary DNSSEC_ALGORITHM_MNEMONICS
Message: ./fipscc_nios/products/dns/server/src/pyabs/dns_include.py:
108: '5' : (' 5', 'RSASHA1', 'RSA/SHA-1'),
110: '7' : (' 7', 'NSEC3RSASHA1', 'RSA/SHA-1/NSEC3'),
Event: Comments to list SUPPORTED_ALGORITHMS
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:62:# algorithms are for internal use only, and DSA and RSASHA1 will be converted
Event: Items of list SUPPORTED_ALGORITHMS
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:64:SUPPORTED_ALGORITHMS = ['RSAMD5', 'DSA', 'RSASHA1', 'RSASHA256', 'RSASHA512']
Event: Items of ALGORITHMS_NAME_DICT
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:
71: '5': 'RSASHA1',
73: '7': 'NSEC3RSASHA1',
Event: Item of DIGEST_TYPES_NAME_DICT
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:83: DIGEST_TYPES_NAME_DICT = { '1': 'SHA_1',
Event: digest_sha1=True is argument of function gen_key_file_and_ds_record which puts the DNSKEY record information into a file, it is called in function common_generate_ds_record
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:765: digest_sha1=True,
Event: digest_sha1=True is the argument of function gen_dsrecord_from_dnskey which generates DSRecord file from DNS key
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:821:def gen_dsrecord_from_dnskey(input_file, output_file, digest_sha1=True,
Event: Using argument digest_sha1 of function gen_dsrecord_from_dnskey
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:826: if digest_sha1 and digest_sha256:
Event: digest_sha1=True is the argument of function gen_key_file_and_ds_record which puts the DNSKEY record information into a file
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:851:def gen_key_file_and_ds_record(fqdn, obj, output_file, digest_sha1=True,
Event: Using digest_sha1 as the argument of function gen_dsrecord_from_dnskey which generates DSRecord file from DNS key
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:866: gen_dsrecord_from_dnskey(dnskey_file, output_file, digest_sha1,
Event: Comments to function common_validate_algorithm_size
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:1161: ''' Only are RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 approved in CC mode
Event: Comments to function common_validate_algorithm_size_obj
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:1193: Only are RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 approved in CC mode
Event: Comments to function DnsSecKeyReader.import_keys
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:1404: Algorithm: 5 (RSASHA1)
Event: Comments in function DnsSecKeyReader._read_private_key
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:1529: m = re.match('(\d+).*', algorithm_str) # e.g. "5 (RSASHA1)"
Event: Comments to function DnsSecKeyWriter.export_keypairs
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:1640: Algorithm: 5 (RSASHA1)
Event: Item in conversion table ui_to_internal in function validate_algorithms_and_convert
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:4326: 'RSASHA1': '5',
Event: Comment in function validate_algorithms_and_convert
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:4374: # Convert DSA and RSASHA1 to NSEC3 versions if NSEC3 selected
Event: Items in conversion table for Internal->UI conversion num_to_str in function get_synthetic_algorithms_field
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:
4402: '5': 'RSASHA1',
4404: '7': 'RSASHA1',
Event: Comments in function get_algorithms_namesize_strings
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_common.py:4493: Such as 'RSASHA1' has code of 5 while 'NSEC3RSASHA1' hash code of 7,
Event: Items of list VALID_ENCTYPES which contains valid encryption types for kerberos key
Message: ./fipscc_nios/products/dns/server/src/pyabs/kerberos_key.py:21: 'aes256-cts-hmac-sha1-96', 'aes128-cts-hmac-sha1-96']
Event: digest_sha1=True is the argument of function dnssec_common.py: gen_key_file_and_ds_record which puts the DNSKEY record information into a file
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_functions.py:409: digest_sha1=True, digest_sha256=True)
Event: Example of forming a string with algorithms and their sizes in function export_keypairs which exports KSK/ZSK key pairs for a zone
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_functions.py:472: # exampe: "5 (RSASHA1): 2048, 3 (DSA): 512"
Event: Items of GSS_TSIG_ALGS_NAME_DICT - dictionary of TSIG algorithm names
Message: ./fipscc_nios/products/dns/server/src/pyabs/dhcp_common.py:
316: 7 : 'OLD-DES3-CBC-SHA1',
320: 16 : 'DES3-CBC-SHA1',
321: 17 : 'AES128-CTS-HMAC-SHA1-96',
322: 18 : 'AES256-CTS-HMAC-SHA1-96',
Event: Comments related to CC_MODE_GSS_TSIG_ALGS - subset of GSS_TSIG_ALGS_NAME_DICT for CC mode
Message: ./fipscc_nios/products/dns/server/src/pyabs/dhcp_common.py:
336:# CC mode alg AES128-CTS-HMAC-SHA1-96 id=17,
337:# AES256-CTS-HMAC-SHA1-96 id=18
Event: Text of error message INVALID_GSS_TSIG_KEY_CC which means invalid encryption type in CC mode
Message: ./fipscc_nios/products/dns/server/src/pyabs/dhcp_common.py:707: "Only AES128_CTS_HMAC_SHA1_96 or AES256_CTS_HMAC_SHA1_96 algorithms are "
Event: digest_sha1=True is the argument of function dnssec_common.py: gen_dsrecord_from_dnskey which generates DSRecord file from DNS key
Message: ./fipscc_nios/products/dns/server/src/pyabs/dnssec_import_keyset.py:207: digest_sha1=True, digest_sha256=False)
Event