diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-09-08 09:19:59 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-09-08 09:19:59 +0200 |
| commit | ff691b4d8a26c08dcf9555c70a071cdebd1266e6 (patch) | |
| tree | bf978f2f50d473c1a6de8fade6b7b47fece291de /lib/private | |
| parent | cdfe538452b709dd181ac11fcfca72a5221c79ad (diff) | |
| parent | 9d00f367f9a00722cf64ee519397c8ed66769af2 (diff) | |
| download | nextcloud-server-ff691b4d8a26c08dcf9555c70a071cdebd1266e6.tar.gz nextcloud-server-ff691b4d8a26c08dcf9555c70a071cdebd1266e6.zip | |
Merge pull request #836 from nextcloud/php7.1
Add PHP 7.1 drone tests
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/App/InfoParser.php | 2 | ||||
| -rw-r--r-- | lib/private/IntegrityCheck/Checker.php | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/lib/private/App/InfoParser.php b/lib/private/App/InfoParser.php index 734f5c2c6af..e975ad6f096 100644 --- a/lib/private/App/InfoParser.php +++ b/lib/private/App/InfoParser.php @@ -156,7 +156,7 @@ class InfoParser { $totalElement = count($xml->{$element}); if (!isset($array[$element])) { - $array[$element] = ""; + $array[$element] = $totalElement > 1 ? [] : ""; } /** @var \SimpleXMLElement $node */ // Has attributes diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php index e6eeaec7349..1db20772b4e 100644 --- a/lib/private/IntegrityCheck/Checker.php +++ b/lib/private/IntegrityCheck/Checker.php @@ -249,6 +249,8 @@ class Checker { $privateKey->setSignatureMode(RSA::SIGNATURE_PSS); $privateKey->setMGFHash('sha512'); + // See https://tools.ietf.org/html/rfc3447#page-38 + $privateKey->setSaltLength(0); $signature = $privateKey->sign(json_encode($hashes)); return [ @@ -343,7 +345,7 @@ class Checker { // Verify if certificate has proper CN. "core" CN is always trusted. if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') { throw new InvalidSignatureException( - sprintf('Certificate is not valid for required scope. (Requested: %s, current: %s)', $certificateCN, $x509->getDN(true)) + sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN']) ); } @@ -352,6 +354,8 @@ class Checker { $rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']); $rsa->setSignatureMode(RSA::SIGNATURE_PSS); $rsa->setMGFHash('sha512'); + // See https://tools.ietf.org/html/rfc3447#page-38 + $rsa->setSaltLength(0); if(!$rsa->verify(json_encode($expectedHashes), $signature)) { throw new InvalidSignatureException('Signature could not get verified.'); } |