Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Windows: implement internal verification of Authenticode digital signature for all modules to protect against simple binaries tampering.

Browse Source
This commit is contained in:
Mounir IDRASSI
2018-04-16 00:23:05 +02:00
parent 9e36039630
commit 0a737c8c87
5 changed files with 231 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
src/Common/Dlgcode.c
View File

@@ -75,6 +75,8 @@
#endif #endif
#include <Setupapi.h> #include <Setupapi.h>
#include <Softpub.h>
#include <WinTrust.h>
#include <strsafe.h> #include <strsafe.h>
#pragma comment( lib, "setupapi.lib" ) #pragma comment( lib, "setupapi.lib" )
@@ -266,6 +268,8 @@ HMODULE hbcryptprimitivesdll = NULL;
HMODULE hMsls31 = NULL; HMODULE hMsls31 = NULL;
HMODULE hntmartadll = NULL; HMODULE hntmartadll = NULL;
HMODULE hwinscarddll = NULL; HMODULE hwinscarddll = NULL;
HMODULE hmsvcrtdll = NULL;
HMODULE hWinTrustLib = NULL;
#define FREE_DLL(h) if (h) { FreeLibrary (h); h = NULL;} #define FREE_DLL(h) if (h) { FreeLibrary (h); h = NULL;}
@@ -317,6 +321,29 @@ SHDeleteKeyWPtr SHDeleteKeyWFn = NULL;
SHStrDupWPtr SHStrDupWFn = NULL; SHStrDupWPtr SHStrDupWFn = NULL;
ChangeWindowMessageFilterPtr ChangeWindowMessageFilterFn = NULL; ChangeWindowMessageFilterPtr ChangeWindowMessageFilterFn = NULL;
typedef LONG (WINAPI *WINVERIFYTRUST)(HWND hwnd, GUID *pgActionID, LPVOID pWVTData);
typedef CRYPT_PROVIDER_DATA* (WINAPI *WTHELPERPROVDATAFROMSTATEDATA)(HANDLE hStateData);
typedef CRYPT_PROVIDER_SGNR* (WINAPI *WTHELPERGETPROVSIGNERFROMCHAIN)(CRYPT_PROVIDER_DATA *pProvData,
DWORD idxSigner,
BOOL fCounterSigner,
DWORD idxCounterSigner);
typedef CRYPT_PROVIDER_CERT* (WINAPI *WTHELPERGETPROVCERTFROMCHAIN)(CRYPT_PROVIDER_SGNR *pSgnr,
DWORD idxCert);
static WINVERIFYTRUST WinVerifyTrustFn = NULL;
static WTHELPERPROVDATAFROMSTATEDATA WTHelperProvDataFromStateDataFn = NULL;
static WTHELPERGETPROVSIGNERFROMCHAIN WTHelperGetProvSignerFromChainFn = NULL;
static WTHELPERGETPROVCERTFROMCHAIN WTHelperGetProvCertFromChainFn = NULL;
static unsigned char gpbSha1CodeSignCertFingerprint[64] = {
0xCD, 0xF3, 0x05, 0xAD, 0xAE, 0xD3, 0x91, 0xF2, 0x0D, 0x95, 0x95, 0xAC,
0x76, 0x09, 0x35, 0x53, 0x11, 0x00, 0x4D, 0xDD, 0x56, 0x02, 0xBD, 0x09,
0x76, 0x57, 0xE1, 0xFA, 0xFA, 0xF4, 0x86, 0x09, 0x28, 0xA4, 0x0D, 0x1C,
0x68, 0xE7, 0x68, 0x31, 0xD3, 0xB6, 0x62, 0x9C, 0x75, 0x91, 0xAB, 0xB5,
0x6F, 0x1A, 0x75, 0xE7, 0x13, 0x2F, 0xF1, 0xB1, 0x14, 0xBF, 0x5F, 0x00,
0x40, 0xCE, 0x17, 0x6C
};
/* Windows dialog class */ /* Windows dialog class */
#define WINDOWS_DIALOG_CLASS L"#32770" #define WINDOWS_DIALOG_CLASS L"#32770"
@@ -691,6 +718,7 @@ void AbortProcessDirect (wchar_t *abortMsg)
FREE_DLL (hMsls31); FREE_DLL (hMsls31);
FREE_DLL (hntmartadll); FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll); FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
exit (1); exit (1);
} }
@@ -740,6 +768,7 @@ void AbortProcessSilent (void)
FREE_DLL (hMsls31); FREE_DLL (hMsls31);
FREE_DLL (hntmartadll); FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll); FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
// Note that this function also causes localcleanup() to be called (see atexit()) // Note that this function also causes localcleanup() to be called (see atexit())
exit (1); exit (1);
@@ -2701,6 +2730,9 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
WNDCLASSW wc; WNDCLASSW wc;
char langId[6]; char langId[6];
InitCommonControlsPtr InitCommonControlsFn = NULL; InitCommonControlsPtr InitCommonControlsFn = NULL;
wchar_t modPath[MAX_PATH];
GetModuleFileNameW (NULL, modPath, ARRAYSIZE (modPath));
/* remove current directory from dll search path */ /* remove current directory from dll search path */
SetDllDirectoryFn = (SetDllDirectoryPtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetDllDirectoryW"); SetDllDirectoryFn = (SetDllDirectoryPtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetDllDirectoryW");
@@ -2720,6 +2752,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
InitGlobalLocks (); InitGlobalLocks ();
LoadSystemDll (L"msvcrt.dll", &hmsvcrtdll, TRUE, SRC_POS);
LoadSystemDll (L"ntmarta.dll", &hntmartadll, TRUE, SRC_POS); LoadSystemDll (L"ntmarta.dll", &hntmartadll, TRUE, SRC_POS);
LoadSystemDll (L"MPR.DLL", &hmprdll, TRUE, SRC_POS); LoadSystemDll (L"MPR.DLL", &hmprdll, TRUE, SRC_POS);
#ifdef SETUP #ifdef SETUP
@@ -2770,22 +2803,24 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
LoadSystemDll (L"vsstrace.dll", &hvsstracedll, TRUE, SRC_POS); LoadSystemDll (L"vsstrace.dll", &hvsstracedll, TRUE, SRC_POS);
LoadSystemDll (L"vssapi.dll", &vssapidll, TRUE, SRC_POS); LoadSystemDll (L"vssapi.dll", &vssapidll, TRUE, SRC_POS);
LoadSystemDll (L"spp.dll", &hsppdll, TRUE, SRC_POS); LoadSystemDll (L"spp.dll", &hsppdll, TRUE, SRC_POS);
}
#endif
if (IsOSAtLeast (WIN_7)) LoadSystemDll (L"crypt32.dll", &hcrypt32dll, TRUE, SRC_POS);
{
LoadSystemDll (L"CryptSP.dll", &hCryptSpDll, TRUE, SRC_POS); if (IsOSAtLeast (WIN_7))
{
LoadSystemDll (L"CryptSP.dll", &hCryptSpDll, TRUE, SRC_POS);
LoadSystemDll (L"cfgmgr32.dll", &hcfgmgr32dll, TRUE, SRC_POS); LoadSystemDll (L"cfgmgr32.dll", &hcfgmgr32dll, TRUE, SRC_POS);
LoadSystemDll (L"devobj.dll", &hdevobjdll, TRUE, SRC_POS); LoadSystemDll (L"devobj.dll", &hdevobjdll, TRUE, SRC_POS);
LoadSystemDll (L"powrprof.dll", &hpowrprofdll, TRUE, SRC_POS); LoadSystemDll (L"powrprof.dll", &hpowrprofdll, TRUE, SRC_POS);
LoadSystemDll (L"crypt32.dll", &hcrypt32dll, TRUE, SRC_POS); LoadSystemDll (L"bcrypt.dll", &hbcryptdll, TRUE, SRC_POS);
LoadSystemDll (L"bcryptprimitives.dll", &hbcryptprimitivesdll, TRUE, SRC_POS);
LoadSystemDll (L"bcrypt.dll", &hbcryptdll, TRUE, SRC_POS);
LoadSystemDll (L"bcryptprimitives.dll", &hbcryptprimitivesdll, TRUE, SRC_POS);
}
} }
#else
#ifndef SETUP
LoadSystemDll (L"WINSCARD.DLL", &hwinscarddll, TRUE, SRC_POS); LoadSystemDll (L"WINSCARD.DLL", &hwinscarddll, TRUE, SRC_POS);
#endif #endif
@@ -2805,6 +2840,10 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
LoadSystemDll (L"Riched20.dll", &hRichEditDll, FALSE, SRC_POS); LoadSystemDll (L"Riched20.dll", &hRichEditDll, FALSE, SRC_POS);
#if defined(NDEBUG) && !defined(SETUP)
if (!VerifyModuleSignature (modPath))
AbortProcess ("DIST_PACKAGE_CORRUPTED");
#endif
// Get SetupAPI functions pointers // Get SetupAPI functions pointers
SetupCloseInfFileFn = (SetupCloseInfFilePtr) GetProcAddress (hSetupDll, "SetupCloseInfFile"); SetupCloseInfFileFn = (SetupCloseInfFilePtr) GetProcAddress (hSetupDll, "SetupCloseInfFile");
SetupDiOpenClassRegKeyFn = (SetupDiOpenClassRegKeyPtr) GetProcAddress (hSetupDll, "SetupDiOpenClassRegKey"); SetupDiOpenClassRegKeyFn = (SetupDiOpenClassRegKeyPtr) GetProcAddress (hSetupDll, "SetupDiOpenClassRegKey");
@@ -2876,7 +2915,6 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
// A new instance of the application must be created with elevated privileges. // A new instance of the application must be created with elevated privileges.
if (IsNonInstallMode () && !IsAdmin () && IsUacSupported ()) if (IsNonInstallMode () && !IsAdmin () && IsUacSupported ())
{ {
wchar_t modPath[MAX_PATH];
if (wcsstr (lpszCommandLine, L"/q UAC ") == lpszCommandLine) if (wcsstr (lpszCommandLine, L"/q UAC ") == lpszCommandLine)
{ {
@@ -2884,7 +2922,6 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
exit (1); exit (1);
} }
GetModuleFileNameW (NULL, modPath, ARRAYSIZE (modPath));
if (LaunchElevatedProcess (NULL, modPath, lpszCommandLine)) if (LaunchElevatedProcess (NULL, modPath, lpszCommandLine))
exit (0); exit (0);
@@ -3027,6 +3064,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
FREE_DLL (hMsls31); FREE_DLL (hMsls31);
FREE_DLL (hntmartadll); FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll); FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
exit (1); exit (1);
} }
#endif #endif
@@ -3071,6 +3109,7 @@ void FinalizeApp (void)
FREE_DLL (hMsls31); FREE_DLL (hMsls31);
FREE_DLL (hntmartadll); FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll); FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
} }
void InitHelpFileName (void) void InitHelpFileName (void)
@@ -13364,3 +13403,105 @@ INT_PTR SecureDesktopDialogBoxParam(
} }
#endif #endif
static BOOL InitializeWintrust()
{
if (!hWinTrustLib)
{
wchar_t szPath[MAX_PATH] = {0};
if (GetSystemDirectory(szPath, MAX_PATH))
StringCchCatW (szPath, MAX_PATH, L"\\Wintrust.dll");
else
StringCchCopyW (szPath, MAX_PATH, L"C:\\Windows\\System32\\Wintrust.dll");
hWinTrustLib = LoadLibrary (szPath);
if (hWinTrustLib)
{
WinVerifyTrustFn = (WINVERIFYTRUST) GetProcAddress (hWinTrustLib, "WinVerifyTrust");
WTHelperProvDataFromStateDataFn = (WTHELPERPROVDATAFROMSTATEDATA) GetProcAddress (hWinTrustLib, "WTHelperProvDataFromStateData");
WTHelperGetProvSignerFromChainFn = (WTHELPERGETPROVSIGNERFROMCHAIN) GetProcAddress (hWinTrustLib, "WTHelperGetProvSignerFromChain");
WTHelperGetProvCertFromChainFn = (WTHELPERGETPROVCERTFROMCHAIN) GetProcAddress (hWinTrustLib, "WTHelperGetProvCertFromChain");
if ( !WinVerifyTrustFn
|| !WTHelperProvDataFromStateDataFn
|| !WTHelperGetProvSignerFromChainFn
|| !WTHelperGetProvCertFromChainFn)
{
FreeLibrary (hWinTrustLib);
hWinTrustLib = NULL;
}
}
}
if (hWinTrustLib)
return TRUE;
else
return FALSE;
}
static void FinalizeWintrust()
{
if (hWinTrustLib)
{
FreeLibrary (hWinTrustLib);
hWinTrustLib = NULL;
}
}
BOOL VerifyModuleSignature (const wchar_t* path)
{
BOOL bResult = FALSE;
HRESULT hResult;
GUID gActionID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
WINTRUST_FILE_INFO fileInfo = {0};
WINTRUST_DATA WVTData = {0};
if (!InitializeWintrust ())
return FALSE;
fileInfo.cbStruct = sizeof(WINTRUST_FILE_INFO);
fileInfo.pcwszFilePath = path;
fileInfo.hFile = NULL;
WVTData.cbStruct = sizeof(WINTRUST_DATA);
WVTData.dwUIChoice = WTD_UI_NONE;
WVTData.fdwRevocationChecks = WTD_REVOKE_NONE;
WVTData.dwUnionChoice = WTD_CHOICE_FILE;
WVTData.pFile = &fileInfo;
WVTData.dwStateAction = WTD_STATEACTION_VERIFY;
WVTData.dwProvFlags = WTD_REVOCATION_CHECK_NONE | WTD_CACHE_ONLY_URL_RETRIEVAL;
hResult = WinVerifyTrustFn(0, &gActionID, &WVTData);
if (SUCCEEDED (hResult))
{
PCRYPT_PROVIDER_DATA pProviderData = WTHelperProvDataFromStateDataFn (WVTData.hWVTStateData);
if (pProviderData)
{
PCRYPT_PROVIDER_SGNR pProviderSigner = WTHelperGetProvSignerFromChainFn (pProviderData, 0, FALSE, 0);
if (pProviderSigner)
{
PCRYPT_PROVIDER_CERT pProviderCert = WTHelperGetProvCertFromChainFn (pProviderSigner, 0);
if (pProviderCert && (pProviderCert->pCert))
{
BYTE hashVal[64];
sha512 (hashVal, pProviderCert->pCert->pbCertEncoded, pProviderCert->pCert->cbCertEncoded);
if (0 == memcmp (hashVal, gpbSha1CodeSignCertFingerprint, 64))
{
bResult = TRUE;
}
}
}
}
}
WVTData.dwUIChoice = WTD_UI_NONE;
WVTData.dwStateAction = WTD_STATEACTION_CLOSE;
WinVerifyTrustFn(0, &gActionID, &WVTData);
FinalizeWintrust ();
return bResult;
}

2
src/Common/Dlgcode.h
View File

@@ -528,7 +528,7 @@ BOOL GetFreeDriveLetter(WCHAR* pCh);
BOOL RaisePrivileges(void); BOOL RaisePrivileges(void);
BOOL DeleteDirectory (const wchar_t* szDirName); BOOL DeleteDirectory (const wchar_t* szDirName);
INT_PTR SecureDesktopDialogBoxParam (HINSTANCE, LPCWSTR, HWND, DLGPROC, LPARAM); INT_PTR SecureDesktopDialogBoxParam (HINSTANCE, LPCWSTR, HWND, DLGPROC, LPARAM);
BOOL VerifyModuleSignature (const wchar_t* path);
#ifdef __cplusplus #ifdef __cplusplus
} }

62
src/Mount/Mount.c
View File

@@ -1507,6 +1507,10 @@ static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg, BOOL bEle
if (!FileExists(t)) if (!FileExists(t))
Error ("VOL_CREATION_WIZARD_NOT_FOUND", hwndDlg); // Display a user-friendly error message and advise what to do Error ("VOL_CREATION_WIZARD_NOT_FOUND", hwndDlg); // Display a user-friendly error message and advise what to do
else if (!VerifyModuleSignature (t))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
}
else else
{ {
@@ -4425,13 +4429,18 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
goto stop; goto stop;
} }
// Main app 32-bit // Main app 32-bit
if (Is64BitOs () && !IsNonInstallMode ()) if (Is64BitOs () && !IsNonInstallMode ())
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt-x86.exe", appDir); StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt-x86.exe", appDir);
else else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt.exe", appDir); StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt.exe", dstDir); StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt.exe", dstDir);
if (!TCCopyFile (srcPath, dstPath)) if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{ {
handleWin32Error (hwndDlg, SRC_POS); handleWin32Error (hwndDlg, SRC_POS);
goto stop; goto stop;
@@ -4443,7 +4452,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
else else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt-x64.exe", appDir); StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt-x64.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt-x64.exe", dstDir); StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt-x64.exe", dstDir);
if (!TCCopyFile (srcPath, dstPath)) if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{ {
handleWin32Error (hwndDlg, SRC_POS); handleWin32Error (hwndDlg, SRC_POS);
goto stop; goto stop;
@@ -4458,7 +4472,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
else else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Format.exe", appDir); StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Format.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format.exe", dstDir); StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format.exe", dstDir);
if (!TCCopyFile (srcPath, dstPath)) if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{ {
handleWin32Error (hwndDlg, SRC_POS); handleWin32Error (hwndDlg, SRC_POS);
goto stop; goto stop;
@@ -4470,7 +4489,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
else else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Format-x64.exe", appDir); StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Format-x64.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format-x64.exe", dstDir); StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format-x64.exe", dstDir);
if (!TCCopyFile (srcPath, dstPath)) if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{ {
handleWin32Error (hwndDlg, SRC_POS); handleWin32Error (hwndDlg, SRC_POS);
goto stop; goto stop;
@@ -4486,7 +4510,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
else else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCryptExpander.exe", appDir); StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCryptExpander.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander.exe", dstDir); StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander.exe", dstDir);
if (!TCCopyFile (srcPath, dstPath)) if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{ {
handleWin32Error (hwndDlg, SRC_POS); handleWin32Error (hwndDlg, SRC_POS);
goto stop; goto stop;
@@ -4498,7 +4527,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
else else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCryptExpander-x64.exe", appDir); StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCryptExpander-x64.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander-x64.exe", dstDir); StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander-x64.exe", dstDir);
if (!TCCopyFile (srcPath, dstPath)) if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{ {
handleWin32Error (hwndDlg, SRC_POS); handleWin32Error (hwndDlg, SRC_POS);
goto stop; goto stop;
@@ -4508,7 +4542,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
// Driver // Driver
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt.sys", appDir); StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt.sys", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt.sys", dstDir); StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt.sys", dstDir);
if (!TCCopyFile (srcPath, dstPath)) if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{ {
handleWin32Error (hwndDlg, SRC_POS); handleWin32Error (hwndDlg, SRC_POS);
goto stop; goto stop;
@@ -4517,7 +4556,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
// Driver x64 // Driver x64
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt-x64.sys", appDir); StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt-x64.sys", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-x64.sys", dstDir); StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-x64.sys", dstDir);
if (!TCCopyFile (srcPath, dstPath)) if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{ {
handleWin32Error (hwndDlg, SRC_POS); handleWin32Error (hwndDlg, SRC_POS);
goto stop; goto stop;

9
src/Setup/SelfExtract.c
View File

@@ -396,6 +396,15 @@ BOOL VerifyPackageIntegrity (void)
GetModuleFileName (NULL, path, ARRAYSIZE (path)); GetModuleFileName (NULL, path, ARRAYSIZE (path));
#ifdef NDEBUG
// verify Authenticode digital signature of the exe file
if (!VerifyModuleSignature (path))
{
Error ("DIST_PACKAGE_CORRUPTED", NULL);
return FALSE;
}
#endif
fileDataEndPos = (int) FindStringInFile (path, MagEndMarker, strlen (MagEndMarker)); fileDataEndPos = (int) FindStringInFile (path, MagEndMarker, strlen (MagEndMarker));
if (fileDataEndPos < 0) if (fileDataEndPos < 0)
{ {

15
src/Setup/Setup.c
View File

@@ -1051,7 +1051,7 @@ err:
FindClose (h); FindClose (h);
} }
SetCurrentDirectory (SetupFilesDir); SetCurrentDirectory (SetupFilesDir);
} }
@@ -2571,7 +2571,18 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz
#ifndef PORTABLE #ifndef PORTABLE
SetInstallationPath (NULL); SetInstallationPath (NULL);
#endif #endif
if (!bUninstall) if (bUninstall)
{
wchar_t path [TC_MAX_PATH];
GetModuleFileName (NULL, path, ARRAYSIZE (path));
if (!VerifyModuleSignature (path))
{
Error ("DIST_PACKAGE_CORRUPTED", NULL);
exit (1);
}
}
else
{ {
if (IsSelfExtractingPackage()) if (IsSelfExtractingPackage())
{ {