aboutsummaryrefslogtreecommitdiffstats
path: root/include/crypto.php
Commit message (Collapse)AuthorAgeFilesLines
* harden securityzotlabs2017-04-021-10/+26
|
* use aes-ctr which is slightly/arguably better than a poke in the eye and ↵zotlabs2017-04-011-10/+7
| | | | don't restrict the crypto algorithm by server role.
* aes256gcm is not ready for prime time. Stay tuned. Until it is, we're pretty ↵zotlabs2017-03-301-5/+5
| | | | much stuffed unless we go to 3rd party crypto libs.
* make aes256gcm the primary crypto modezotlabs2017-03-301-1/+14
|
* trim both key and iv on other cipherszotlabs2016-12-011-0/+2
|
* trim iv in STD_encapsulatezotlabs2016-12-011-0/+2
|
* advanced crypto restricted by server rolezotlabs2016-11-301-0/+3
|
* zot 1.2zotlabs2016-11-301-4/+108
|
* zot: specify crypto methodzotlabs2016-11-201-1/+1
|
* redundant dev line from an earlier modification causes issue #404redmatrix2016-05-301-16/+2
|
* kill off mcryptredmatrix2016-05-261-6/+8
|
* issue #319 - NOTE: this does not fix the issue, it only reports it and ↵redmatrix2016-03-301-10/+1
| | | | continues. We need to examine any logger statements that contain 'stack:' as a result of reporting this issue and find and fix the original problem - which is that set_pconfig is being called without a valid $uid. I'm worried that since we will now continue on without throwing a PHP error that nobody will ever notice or find the problem that is causing this.
* rewrite the webfinger discovery logicredmatrix2016-03-221-0/+23
|
* no xchan here if using zot protocolredmatrix2016-03-171-1/+3
|
* stop the PHP warnings from Thomas's buggered sitekeyredmatrix2016-02-281-1/+1
|
* backtrace openssl_verify errors so that we can find bad keys - as there is ↵redmatrix2016-02-251-0/+15
| | | | very little relevant context available at this level.
* retire old Friendica RINO encryption functionsredmatrix2015-06-091-28/+0
|
* issue #941friendica2015-03-281-4/+11
|
* optionally use openssl encryption functions (higher performance over mcrypt, ↵friendica2015-01-111-2/+2
| | | | but potentially more likely to have been compromised)
* allow the use of openssl cryptofriendica2015-01-111-0/+6
|
* make the old personal xrd interface (old webfinger) work againfriendica2014-08-211-2/+3
|
* bring back some friendica crypto stuff including all the key mangling and ↵friendica2014-08-151-1/+164
| | | | translation functions. Also add ability to completely supress email notifications for actitivies with private contents. We'll still pass private mail notifications because often the email notification is the only way infrequently used channels get alerted to these.
* doc updatefriendica2014-08-151-3/+8
|
* pkcs1 to pkcs8 key conversion - this is a lot easier than parsing ASN.1 DER ↵friendica2014-08-141-0/+24
| | | | formats and rebuilding the darn things like we used to do. Check for illegal hex encoded album names in mod/photo so we don't throw php errors. Don't know where they come from but we get a lot of them.
* bloody hell - it isn't defined either.friendica2013-12-151-2/+2
|
* bloody hell... php version incompatibility with openssl - openssl no longer ↵friendica2013-12-151-0/+4
| | | | accepts a string as an algorithm. Earlier versions didn't recognise sha256. So we'll look to see if the algorithm constant for sha256 is defined and if so we'll use that instead of the string.
* post_activity_item issuesfriendica2013-12-071-0/+2
|
* Protocol: now set data['alg'] on all encapsulated encrypted packets, so that ↵friendica2013-11-201-0/+16
| | | | we can more easily retire 'aes256cbc' once it is no longer viable.
* add more siteinfofriendica2013-07-241-2/+0
|
* recover padding functions which are still usedfriendica2013-07-241-0/+15
|
* get rid of legacy (unused) encryption stuff.friendica2013-07-241-174/+1
|
* not quite so much crypto loggingfriendica2013-07-241-1/+2
|
* crypto loggingfriendica2013-07-231-2/+6
|
* start formatting for Doxygenfriendica2013-02-251-1/+1
|
* y'all got mailfriendica2012-12-051-1/+5
|
* more cleanupMike Macgirvin2012-10-231-2/+0
|
* a few minor changesfriendica2012-08-261-2/+0
|
* simplifyfriendica2012-07-211-36/+2
|
* remove obsolete zot encapsulation functionsfriendica2012-07-051-33/+0
|
* rev updatefriendica2012-05-201-1/+35
|
* Merge branch 'master' of https://github.com/friendica/friendicaAlexander Kampmann2012-04-051-0/+0
| | | | | | Conflicts: include/config.php update.php
* add remove_user hook (it looks like dreamhost changed all my file ↵friendica2012-01-181-0/+0
| | | | permissions, this will make a nasty commit)
* login_hookFriendika2011-09-011-6/+9
|
* remove public disclosure riskFriendika2011-08-271-0/+65
|
* diaspora sign/verify requires SHA0 hash algorithmFriendika2011-08-201-2/+2
|
* until algorithm is sorted, ignore D* verification failures so we can debug ↵Friendika2011-08-201-8/+9
| | | | the rest
* move encryption functions to crypto fileFriendika2011-08-201-1/+41
|
* incorrect iv length for blocksizeFriendika2011-08-191-0/+2
|
* crypto stuffFriendika2011-08-091-0/+184