VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Setup
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2018-04-16 00:23:05 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2018-04-23 16:59:27 +0200
commit0a737c8c87fded05a74cad5232c9c973b3037d61 (patch)
tree44113dbadbb96d90fe7ddfe13136b237d07c911c /src/Setup
parent9e36039630db3935e316ecd378e6826f4e5c3a5c (diff)
downloadVeraCrypt-0a737c8c87fded05a74cad5232c9c973b3037d61.tar.gz
VeraCrypt-0a737c8c87fded05a74cad5232c9c973b3037d61.zip
Windows: implement internal verification of Authenticode digital signature for all modules to protect against simple binaries tampering.
Diffstat (limited to 'src/Setup')
-rw-r--r--src/Setup/SelfExtract.c9
-rw-r--r--src/Setup/Setup.c15
2 files changed, 22 insertions, 2 deletions
diff --git a/src/Setup/SelfExtract.c b/src/Setup/SelfExtract.c
index 9bae2119..7b3fb4fe 100644
--- a/src/Setup/SelfExtract.c
+++ b/src/Setup/SelfExtract.c
@@ -396,6 +396,15 @@ BOOL VerifyPackageIntegrity (void)
GetModuleFileName (NULL, path, ARRAYSIZE (path));
+#ifdef NDEBUG
+ // verify Authenticode digital signature of the exe file
+ if (!VerifyModuleSignature (path))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", NULL);
+ return FALSE;
+ }
+#endif
+
fileDataEndPos = (int) FindStringInFile (path, MagEndMarker, strlen (MagEndMarker));
if (fileDataEndPos < 0)
{
diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c
index a1f27f41..cedd9f61 100644
--- a/src/Setup/Setup.c
+++ b/src/Setup/Setup.c
@@ -1051,7 +1051,7 @@ err:
FindClose (h);
}
-
+
SetCurrentDirectory (SetupFilesDir);
}
@@ -2571,7 +2571,18 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz
#ifndef PORTABLE
SetInstallationPath (NULL);
#endif
- if (!bUninstall)
+ if (bUninstall)
+ {
+ wchar_t path [TC_MAX_PATH];
+
+ GetModuleFileName (NULL, path, ARRAYSIZE (path));
+ if (!VerifyModuleSignature (path))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", NULL);
+ exit (1);
+ }
+ }
+ else
{
if (IsSelfExtractingPackage())
{