diff options
-rw-r--r-- | lib/private/Installer.php | 2 | ||||
-rw-r--r-- | lib/private/Security/IdentityProof/Signer.php | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/lib/private/Installer.php b/lib/private/Installer.php index f7a2f632a42..76d3ea7e3fa 100644 --- a/lib/private/Installer.php +++ b/lib/private/Installer.php @@ -297,7 +297,7 @@ class Installer { // Check if the signature actually matches the downloaded content $certificate = openssl_get_publickey($app['certificate']); - $verified = (bool)openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512); + $verified = openssl_verify(file_get_contents($tempFile), base64_decode($app['releases'][0]['signature']), $certificate, OPENSSL_ALGO_SHA512) === 1; // PHP 8+ deprecates openssl_free_key and automatically destroys the key instance when it goes out of scope if ((PHP_VERSION_ID < 80000)) { openssl_free_key($certificate); diff --git a/lib/private/Security/IdentityProof/Signer.php b/lib/private/Security/IdentityProof/Signer.php index 7431bfe815f..ab1f62ad6ba 100644 --- a/lib/private/Security/IdentityProof/Signer.php +++ b/lib/private/Security/IdentityProof/Signer.php @@ -93,12 +93,12 @@ class Signer { $user = $this->userManager->get($userId); if ($user !== null) { $key = $this->keyManager->getKey($user); - return (bool)openssl_verify( + return openssl_verify( json_encode($data['message']), base64_decode($data['signature']), $key->getPublic(), OPENSSL_ALGO_SHA512 - ); + ) === 1; } } |