aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/updater
diff options
context:
space:
mode:
Diffstat (limited to 'updater')
-rw-r--r--updater/authenticode.go7
-rw-r--r--updater/constants.go2
-rw-r--r--updater/downloader.go2
-rw-r--r--updater/msirunner.go4
-rw-r--r--updater/signify.go10
-rw-r--r--updater/updater_test.go2
-rw-r--r--updater/versions.go2
-rw-r--r--updater/winhttp/mksyscall.go2
-rw-r--r--updater/winhttp/syscall_windows.go12
-rw-r--r--updater/winhttp/winhttp.go19
-rw-r--r--updater/winhttp/winhttp_test.go2
11 files changed, 46 insertions, 18 deletions
diff --git a/updater/authenticode.go b/updater/authenticode.go
index d6d80df5..1e0a25c0 100644
--- a/updater/authenticode.go
+++ b/updater/authenticode.go
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: MIT
*
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
*/
package updater
@@ -27,5 +27,8 @@ func verifyAuthenticode(path string) bool {
FilePath: path16,
}),
}
- return windows.WinVerifyTrustEx(windows.InvalidHWND, &windows.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) == nil
+ verified := windows.WinVerifyTrustEx(windows.InvalidHWND, &windows.WINTRUST_ACTION_GENERIC_VERIFY_V2, data) == nil
+ data.StateAction = windows.WTD_STATEACTION_CLOSE
+ windows.WinVerifyTrustEx(windows.InvalidHWND, &windows.WINTRUST_ACTION_GENERIC_VERIFY_V2, data)
+ return verified
}
diff --git a/updater/constants.go b/updater/constants.go
index 04b972fe..cf0ced92 100644
--- a/updater/constants.go
+++ b/updater/constants.go
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: MIT
*
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
*/
package updater
diff --git a/updater/downloader.go b/updater/downloader.go
index b8b2763d..bf28db54 100644
--- a/updater/downloader.go
+++ b/updater/downloader.go
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: MIT
*
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
*/
package updater
diff --git a/updater/msirunner.go b/updater/msirunner.go
index 13495f46..ec6b1bd3 100644
--- a/updater/msirunner.go
+++ b/updater/msirunner.go
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: MIT
*
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
*/
package updater
@@ -38,7 +38,7 @@ func (t *tempFile) Delete() error {
if err != nil {
return err
}
- return windows.DeleteFile(name16) //TODO: how does this deal with reparse points?
+ return windows.DeleteFile(name16) // TODO: how does this deal with reparse points?
}
disposition := byte(1)
err := windows.SetFileInformationByHandle(t.originalHandle, windows.FileDispositionInfo, &disposition, 1)
diff --git a/updater/signify.go b/updater/signify.go
index eef9198a..de50fcba 100644
--- a/updater/signify.go
+++ b/updater/signify.go
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: MIT
*
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
*/
package updater
@@ -53,17 +53,17 @@ func readFileList(input []byte) (fileList, error) {
if len(line) == 0 && index == len(fileLines)-1 {
break
}
- components := strings.SplitN(line, " ", 2)
- if len(components) != 2 {
+ first, second, ok := strings.Cut(line, " ")
+ if !ok {
return nil, errors.New("File hash line has too few components")
}
- maybeHash, err := hex.DecodeString(components[0])
+ maybeHash, err := hex.DecodeString(first)
if err != nil || len(maybeHash) != blake2b.Size256 {
return nil, errors.New("File hash is invalid base64 or incorrect number of bytes")
}
var hash [blake2b.Size256]byte
copy(hash[:], maybeHash)
- fileHashes[components[1]] = hash
+ fileHashes[second] = hash
}
if len(fileHashes) == 0 {
return nil, errors.New("No file hashes found in signed input")
diff --git a/updater/updater_test.go b/updater/updater_test.go
index a90b13cb..809262bd 100644
--- a/updater/updater_test.go
+++ b/updater/updater_test.go
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: MIT
*
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
*/
package updater
diff --git a/updater/versions.go b/updater/versions.go
index 5b42a748..dfc4c665 100644
--- a/updater/versions.go
+++ b/updater/versions.go
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: MIT
*
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
*/
package updater
diff --git a/updater/winhttp/mksyscall.go b/updater/winhttp/mksyscall.go
index 1daedb08..54c06e85 100644
--- a/updater/winhttp/mksyscall.go
+++ b/updater/winhttp/mksyscall.go
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: MIT
*
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
*/
package winhttp
diff --git a/updater/winhttp/syscall_windows.go b/updater/winhttp/syscall_windows.go
index 77e733e6..4f967bfa 100644
--- a/updater/winhttp/syscall_windows.go
+++ b/updater/winhttp/syscall_windows.go
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: MIT
*
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
*/
package winhttp
@@ -256,6 +256,16 @@ const (
_INTERNET_SCHEME_FTP = 3
_INTERNET_SCHEME_SOCKS = 4
+ _WINHTTP_FLAG_SECURE_PROTOCOL_SSL2 = 0x00000008
+ _WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 = 0x00000020
+ _WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 = 0x00000080
+ _WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 = 0x00000200
+ _WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 = 0x00000800
+ _WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3 = 0x00002000
+ _WINHTTP_FLAG_SECURE_PROTOCOL_ALL = _WINHTTP_FLAG_SECURE_PROTOCOL_SSL2 | _WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 | _WINHTTP_FLAG_SECURE_PROTOCOL_TLS1
+
+ _WINHTTP_PROTOCOL_FLAG_HTTP2 = 0x1
+
_WINHTTP_ERROR_BASE = 12000
_ERROR_WINHTTP_OUT_OF_HANDLES = Error(12000 + 1)
_ERROR_WINHTTP_TIMEOUT = Error(12000 + 2)
diff --git a/updater/winhttp/winhttp.go b/updater/winhttp/winhttp.go
index ac390a4f..cb19f194 100644
--- a/updater/winhttp/winhttp.go
+++ b/updater/winhttp/winhttp.go
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: MIT
*
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
*/
package winhttp
@@ -21,11 +21,13 @@ import (
type Session struct {
handle _HINTERNET
}
+
type Connection struct {
handle _HINTERNET
session *Session
https bool
}
+
type Response struct {
handle _HINTERNET
connection *Connection
@@ -48,6 +50,11 @@ func isWin7() bool {
return maj < 6 || (maj == 6 && min <= 1)
}
+func isWin8DotZeroOrBelow() bool {
+ maj, min, _ := windows.RtlGetNtVersionNumbers()
+ return maj < 6 || (maj == 6 && min <= 2)
+}
+
func NewSession(userAgent string) (session *Session, err error) {
session = new(Session)
defer convertError(&err)
@@ -69,9 +76,17 @@ func NewSession(userAgent string) (session *Session, err error) {
if err != nil {
return
}
- var enableHttp2 uint32 = 1
+ var enableHttp2 uint32 = _WINHTTP_PROTOCOL_FLAG_HTTP2
_ = winHttpSetOption(session.handle, _WINHTTP_OPTION_ENABLE_HTTP_PROTOCOL, unsafe.Pointer(&enableHttp2), uint32(unsafe.Sizeof(enableHttp2))) // Don't check return value, in case of old Windows
+ if isWin8DotZeroOrBelow() {
+ var enableTLS12 uint32 = _WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2
+ err = winHttpSetOption(session.handle, _WINHTTP_OPTION_SECURE_PROTOCOLS, unsafe.Pointer(&enableTLS12), uint32(unsafe.Sizeof(enableTLS12)))
+ if err != nil {
+ return
+ }
+ }
+
runtime.SetFinalizer(session, func(session *Session) {
session.Close()
})
diff --git a/updater/winhttp/winhttp_test.go b/updater/winhttp/winhttp_test.go
index 41fbeb6b..36017a48 100644
--- a/updater/winhttp/winhttp_test.go
+++ b/updater/winhttp/winhttp_test.go
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: MIT
*
- * Copyright (C) 2019-2021 WireGuard LLC. All Rights Reserved.
+ * Copyright (C) 2019-2022 WireGuard LLC. All Rights Reserved.
*/
package winhttp
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.