diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-01-22 18:24:33 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-01-24 00:12:24 +0100 |
commit | fc41f439f573fce3efdd37017f072f86cb7828ff (patch) | |
tree | 1889c42f4a4dc5190c88c87ec2a05d172a396459 /version/official_windows.go | |
parent | embeddable-dll-service: add more robust example for .NET 5 (diff) | |
download | wireguard-windows-fc41f439f573fce3efdd37017f072f86cb7828ff.tar.xz wireguard-windows-fc41f439f573fce3efdd37017f072f86cb7828ff.zip |
global: move certain win32 APIs to x/sys/windows
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
-rw-r--r-- | version/official_windows.go | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/version/official_windows.go b/version/official_windows.go index 12b95e3b..1bfcf90b 100644 --- a/version/official_windows.go +++ b/version/official_windows.go @@ -10,8 +10,6 @@ import ( "unsafe" "golang.org/x/sys/windows" - - "golang.zx2c4.com/wireguard/windows/version/wintrust" ) const ( @@ -25,19 +23,18 @@ func VerifyAuthenticode(path string) bool { if err != nil { return false } - file := &wintrust.WinTrustFileInfo{ - CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustFileInfo{})), - FilePath: path16, - } - data := &wintrust.WinTrustData{ - CbStruct: uint32(unsafe.Sizeof(wintrust.WinTrustData{})), - UIChoice: wintrust.WTD_UI_NONE, - RevocationChecks: wintrust.WTD_REVOKE_WHOLECHAIN, // Full revocation checking, as this is called with network connectivity. - UnionChoice: wintrust.WTD_CHOICE_FILE, - StateAction: wintrust.WTD_STATEACTION_VERIFY, - FileOrCatalogOrBlobOrSgnrOrCert: uintptr(unsafe.Pointer(file)), + data := &windows.WinTrustData{ + Size: uint32(unsafe.Sizeof(windows.WinTrustData{})), + UIChoice: windows.WTD_UI_NONE, + RevocationChecks: windows.WTD_REVOKE_WHOLECHAIN, // Full revocation checking, as this is called with network connectivity. + UnionChoice: windows.WTD_CHOICE_FILE, + StateAction: windows.WTD_STATEACTION_VERIFY, + FileOrCatalogOrBlobOrSgnrOrCert: unsafe.Pointer(&windows.WinTrustFileInfo{ + Size: uint32(unsafe.Sizeof(windows.WinTrustFileInfo{})), + FilePath: path16, + }), } - return wintrust.WinVerifyTrust(windows.InvalidHandle, &wintrust.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) == nil + return windows.WinVerifyTrustEx(windows.InvalidHWND, &windows.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) == nil } // These are easily by-passable checks, which do not serve serve security purposes. Do not place security-sensitive @@ -49,7 +46,7 @@ func IsRunningOfficialVersion() bool { return false } - names, err := wintrust.ExtractCertificateNames(path) + names, err := extractCertificateNames(path) if err != nil { return false } @@ -67,7 +64,7 @@ func IsRunningEVSigned() bool { return false } - policies, err := wintrust.ExtractCertificatePolicies(path, policyExtensionOid) + policies, err := extractCertificatePolicies(path, policyExtensionOid) if err != nil { return false } |