Skip to content

Commit

Permalink
fix: Correctly check result of function
Browse files Browse the repository at this point in the history
Signed-off-by: Joas Schilling <coding@schilljs.com>
  • Loading branch information
nickvergessen committed May 15, 2024
1 parent 2b2a866 commit 2e0e79e
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion lib/private/Installer.php
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,7 @@ public function downloadApp(string $appId, bool $allowUnstable = false): void {

// Check if the signature actually matches the downloaded content
$certificate = openssl_get_publickey($app['certificate']);
$verified = (bool)openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512);
$verified = openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512) === 1;

if ($verified === true) {
// Seems to match, let's proceed
Expand Down
4 changes: 2 additions & 2 deletions lib/private/Security/IdentityProof/Signer.php
Original file line number Diff line number Diff line change
Expand Up @@ -74,12 +74,12 @@ public function verify(array $data): bool {
$user = $this->userManager->get($userId);
if ($user !== null) {
$key = $this->keyManager->getKey($user);
return (bool)openssl_verify(
return openssl_verify(
json_encode($data['message']),
base64_decode($data['signature']),
$key->getPublic(),
OPENSSL_ALGO_SHA512
);
) === 1;
}
}

Expand Down

0 comments on commit 2e0e79e

Please sign in to comment.