From b627e6efe497bcaad6f6696a6141e6ad0b79a1c6 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 15 May 2024 10:11:31 +0200
Subject: [PATCH] fix: Correctly check result of function

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/private/Installer.php                     | 2 +-
 lib/private/Security/IdentityProof/Signer.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/private/Installer.php b/lib/private/Installer.php
index c4df7768d9e..0f9aa404263 100644
--- a/lib/private/Installer.php
+++ b/lib/private/Installer.php
@@ -280,7 +280,7 @@ class Installer {
 
 				// Check if the signature actually matches the downloaded content
 				$certificate = openssl_get_publickey($app['certificate']);
-				$verified = (bool)openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512);
+				$verified = openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512) === 1;
 
 				if ($verified === true) {
 					// Seems to match, let's proceed
diff --git a/lib/private/Security/IdentityProof/Signer.php b/lib/private/Security/IdentityProof/Signer.php
index 1458390c327..63c5d049b74 100644
--- a/lib/private/Security/IdentityProof/Signer.php
+++ b/lib/private/Security/IdentityProof/Signer.php
@@ -74,12 +74,12 @@ class Signer {
 			$user = $this->userManager->get($userId);
 			if ($user !== null) {
 				$key = $this->keyManager->getKey($user);
-				return (bool)openssl_verify(
+				return openssl_verify(
 					json_encode($data['message']),
 					base64_decode($data['signature']),
 					$key->getPublic(),
 					OPENSSL_ALGO_SHA512
-				);
+				) === 1;
 			}
 		}
 
-- 
2.39.5