From b627e6efe497bcaad6f6696a6141e6ad0b79a1c6 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 15 May 2024 10:11:31 +0200 Subject: [PATCH] fix: Correctly check result of function Signed-off-by: Joas Schilling --- lib/private/Installer.php | 2 +- lib/private/Security/IdentityProof/Signer.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/private/Installer.php b/lib/private/Installer.php index c4df7768d9e5b..0f9aa40426356 100644 --- a/lib/private/Installer.php +++ b/lib/private/Installer.php @@ -280,7 +280,7 @@ public function downloadApp(string $appId, bool $allowUnstable = false): void { // Check if the signature actually matches the downloaded content $certificate = openssl_get_publickey($app['certificate']); - $verified = (bool)openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512); + $verified = openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512) === 1; if ($verified === true) { // Seems to match, let's proceed diff --git a/lib/private/Security/IdentityProof/Signer.php b/lib/private/Security/IdentityProof/Signer.php index 1458390c327e9..63c5d049b74c6 100644 --- a/lib/private/Security/IdentityProof/Signer.php +++ b/lib/private/Security/IdentityProof/Signer.php @@ -74,12 +74,12 @@ public function verify(array $data): bool { $user = $this->userManager->get($userId); if ($user !== null) { $key = $this->keyManager->getKey($user); - return (bool)openssl_verify( + return openssl_verify( json_encode($data['message']), base64_decode($data['signature']), $key->getPublic(), OPENSSL_ALGO_SHA512 - ); + ) === 1; } }