Windows: implement internal verification of Authenticode digital signature for all modules to protect against simple binaries tampering.

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2018-04-16 00:23:05 +0200
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2018-04-23 16:59:27 +0200
commit: 0a737c8c87fded05a74cad5232c9c973b3037d61 (patch)
tree: 44113dbadbb96d90fe7ddfe13136b237d07c911c /src/Setup/SelfExtract.c
parent: 9e36039630db3935e316ecd378e6826f4e5c3a5c (diff)
download: VeraCrypt-0a737c8c87fded05a74cad5232c9c973b3037d61.tar.gz
VeraCrypt-0a737c8c87fded05a74cad5232c9c973b3037d61.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/src/Setup/SelfExtract.c b/src/Setup/SelfExtract.c
index 9bae2119..7b3fb4fe 100644
--- a/src/Setup/SelfExtract.c
+++ b/src/Setup/SelfExtract.c
@@ -396,6 +396,15 @@ BOOL VerifyPackageIntegrity (void)
 
 	GetModuleFileName (NULL, path, ARRAYSIZE (path));
 
+#ifdef NDEBUG
+	// verify Authenticode digital signature of the exe file
+	if (!VerifyModuleSignature (path))
+	{
+		Error ("DIST_PACKAGE_CORRUPTED", NULL);
+		return FALSE;
+	}
+#endif
+
 	fileDataEndPos = (int) FindStringInFile (path, MagEndMarker, strlen (MagEndMarker));
 	if (fileDataEndPos < 0)
 	{
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2018-04-16 00:23:05 +0200
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2018-04-23 16:59:27 +0200
commit	0a737c8c87fded05a74cad5232c9c973b3037d61 (patch)
tree	44113dbadbb96d90fe7ddfe13136b237d07c911c /src/Setup/SelfExtract.c
parent	9e36039630db3935e316ecd378e6826f4e5c3a5c (diff)
download	VeraCrypt-0a737c8c87fded05a74cad5232c9c973b3037d61.tar.gz VeraCrypt-0a737c8c87fded05a74cad5232c9c973b3037d61.zip