summaryrefslogtreecommitdiffhomepage
path: root/util/winutil/authenticode
AgeCommit message (Collapse)AuthorFilesLines
2024-07-10all: add test for package comments, fix, add comments as neededBrad Fitzpatrick1-0/+1
Updates #cleanup Change-Id: Ic4304e909d2131a95a38b26911f49e7b1729aaef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-08-14util/winutil/authenticode: add missing docs for CertSubjectErrorAaron Klotz1-2/+5
A #cleanup PR. Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2023-08-09util/winutil/authenticode: fix an inaccurate doc commentAaron Klotz1-3/+3
A #cleanup PR Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2023-08-03go.mod, cmd/tailscaled, ipn/localapi, util/osdiag, util/winutil, ↵Aaron Klotz1-0/+3
util/winutil/authenticode: add Windows module list to OS-specific logs that are written upon bugreport * We update wingoes to pick up new version information functionality (See pe/version.go in the https://github.com/dblohm7/wingoes repo); * We move the existing LogSupportInfo code (including necessary syscall stubs) out of util/winutil into a new package, util/osdiag, and implement the public LogSupportInfo function may be implemented for other platforms as needed; * We add a new reason argument to LogSupportInfo and wire that into localapi's bugreport implementation; * We add module information to the Windows implementation of LogSupportInfo when reason indicates a bugreport. We enumerate all loaded modules in our process, and for each one we gather debug, authenticode signature, and version information. Fixes #7802 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2023-08-01cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode supportAaron Klotz3-0/+665
Previously, tailscale upgrade was doing the bare minimum for checking authenticode signatures via `WinVerifyTrustEx`. This is fine, but we can do better: * WinVerifyTrustEx verifies that the binary's signature is valid, but it doesn't determine *whose* signature is valid; tailscale upgrade should also ensure that the binary is actually signed *by us*. * I added the ability to check the signatures of MSI files. * In future PRs I will be adding diagnostic logging that lists details about every module (ie, DLL) loaded into our process. As part of that metadata, I want to be able to extract information about who signed the binaries. This code is modelled on some C++ I wrote for Firefox back in the day. See https://searchfox.org/mozilla-central/rev/27e4816536c891d85d63695025f2549fd7976392/toolkit/xre/dllservices/mozglue/Authenticode.cpp for reference. Fixes #8284 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.