VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Translations/Language.ar.xml2
-rw-r--r--Translations/Language.be.xml2
-rw-r--r--Translations/Language.bg.xml2
-rw-r--r--Translations/Language.ca.xml2
-rw-r--r--Translations/Language.cs.xml2
-rw-r--r--Translations/Language.da.xml2
-rw-r--r--Translations/Language.de.xml2
-rw-r--r--Translations/Language.el.xml2
-rw-r--r--Translations/Language.es.xml2
-rw-r--r--Translations/Language.et.xml2
-rw-r--r--Translations/Language.eu.xml2
-rw-r--r--Translations/Language.fa.xml2
-rw-r--r--Translations/Language.fi.xml2
-rw-r--r--Translations/Language.fr.xml2
-rw-r--r--Translations/Language.hu.xml2
-rw-r--r--Translations/Language.id.xml2
-rw-r--r--Translations/Language.it.xml2
-rw-r--r--Translations/Language.ja.xml2
-rw-r--r--Translations/Language.ka.xml2
-rw-r--r--Translations/Language.ko.xml6
-rw-r--r--Translations/Language.lv.xml2
-rw-r--r--Translations/Language.my.xml2
-rw-r--r--Translations/Language.nl.xml2
-rw-r--r--Translations/Language.nn.xml2
-rw-r--r--Translations/Language.pl.xml2
-rw-r--r--Translations/Language.pt-br.xml2
-rw-r--r--Translations/Language.ro.xml2
-rw-r--r--Translations/Language.ru.xml2
-rw-r--r--Translations/Language.sk.xml2
-rw-r--r--Translations/Language.sl.xml2
-rw-r--r--Translations/Language.sv.xml2
-rw-r--r--Translations/Language.th.xml2
-rw-r--r--Translations/Language.tr.xml2
-rw-r--r--Translations/Language.uk.xml2
-rw-r--r--Translations/Language.uz.xml2
-rw-r--r--Translations/Language.vi.xml2
-rw-r--r--Translations/Language.zh-cn.xml2
-rw-r--r--Translations/Language.zh-hk.xml2
-rw-r--r--Translations/Language.zh-tw.xml2
-rw-r--r--doc/chm/VeraCrypt User Guide.chmbin1971719 -> 1975631 bytes
-rw-r--r--doc/html/Command Line Usage.html24
-rw-r--r--doc/html/Release Notes.html108
-rw-r--r--doc/html/System Encryption.html3
-rw-r--r--doc/html/Unencrypted Data in RAM.html4
-rw-r--r--doc/html/VeraCrypt Rescue Disk.html16
-rw-r--r--src/Boot/EFI/DcsBoot.efibin24088 -> 24088 bytes
-rw-r--r--src/Boot/EFI/DcsBoot32.efibin20472 -> 20472 bytes
-rw-r--r--src/Boot/EFI/DcsCfg.efibin953400 -> 953528 bytes
-rw-r--r--src/Boot/EFI/DcsCfg32.efibin816024 -> 816152 bytes
-rw-r--r--src/Boot/EFI/DcsInfo.efibin37144 -> 37144 bytes
-rw-r--r--src/Boot/EFI/DcsInfo32.efibin33880 -> 33880 bytes
-rw-r--r--src/Boot/EFI/DcsInt.efibin911864 -> 912184 bytes
-rw-r--r--src/Boot/EFI/DcsInt32.efibin794936 -> 795160 bytes
-rw-r--r--src/Boot/EFI/DcsRe.efibin28472 -> 28472 bytes
-rw-r--r--src/Boot/EFI/DcsRe32.efibin24056 -> 24056 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker.efibin9816 -> 9816 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker32.efibin9560 -> 9560 bytes
-rw-r--r--src/Build/CMakeLists.txt58
-rw-r--r--src/Build/Resources/MacOSX/Info.plist.legacy.xml2
-rw-r--r--src/Build/Resources/MacOSX/Info.plist.xml2
-rwxr-xr-xsrc/Build/build_cmake_deb.sh34
-rw-r--r--src/Build/build_cmake_opensuse.sh4
-rwxr-xr-xsrc/Build/build_veracrypt_macosx.sh2
-rw-r--r--src/Common/Cmdline.c4
-rw-r--r--src/Common/Crypto.c6
-rw-r--r--src/Common/Dlgcode.c59
-rw-r--r--src/Common/Dlgcode.h2
-rw-r--r--src/Common/EncryptionThreadPool.c83
-rw-r--r--src/Common/Fat.c36
-rw-r--r--src/Common/Format.c118
-rw-r--r--src/Common/Format.h1
-rw-r--r--src/Common/Keyfiles.c59
-rw-r--r--src/Common/Password.c20
-rw-r--r--src/Common/Tcdefs.h32
-rw-r--r--src/Core/Unix/CoreUnix.cpp3
-rw-r--r--src/Crypto/Aeskey.c13
-rw-r--r--src/Crypto/Camellia.c2
-rw-r--r--src/Crypto/Camellia.h2
-rw-r--r--src/Crypto/Sha2.c4
-rw-r--r--src/Crypto/Sha2.h2
-rw-r--r--src/Crypto/Twofish.c8
-rw-r--r--src/Crypto/Twofish.h4
-rw-r--r--src/Driver/Driver.rc4
-rw-r--r--src/Driver/Ntdriver.c94
-rw-r--r--src/Driver/Ntdriver.h2
-rw-r--r--src/Driver/Ntvol.c34
-rw-r--r--src/ExpandVolume/ExpandVolume.c81
-rw-r--r--src/ExpandVolume/ExpandVolume.rc8
-rw-r--r--src/ExpandVolume/InitDataArea.c27
-rw-r--r--src/ExpandVolume/WinMain.cpp69
-rw-r--r--src/Format/Format.rc12
-rw-r--r--src/Format/InPlace.c58
-rw-r--r--src/Format/Tcformat.c36
-rw-r--r--src/Format/VeraCrypt_Wizard.bmpbin190998 -> 193446 bytes
-rw-r--r--src/Main/Forms/MainFrame.cpp14
-rw-r--r--src/Main/Forms/MainFrame.h32
-rw-r--r--src/Main/Forms/VolumeSizeWizardPage.cpp2
-rwxr-xr-xsrc/Main/Main.make4
-rw-r--r--src/Main/TextUserInterface.h2
-rw-r--r--src/Makefile3
-rw-r--r--src/Mount/Mount.c101
-rw-r--r--src/Mount/Mount.rc8
-rw-r--r--src/Mount/Mount.vcxproj.user3
-rw-r--r--src/Release/Setup Files/veracrypt-x64.catbin10607 -> 10611 bytes
-rw-r--r--src/Release/Setup Files/veracrypt-x64.sysbin831320 -> 831840 bytes
-rw-r--r--src/Release/Setup Files/veracrypt.Inf4
-rw-r--r--src/Release/Setup Files/veracrypt.catbin10765 -> 10554 bytes
-rw-r--r--src/Release/Setup Files/veracrypt.sysbin768560 -> 798304 bytes
-rwxr-xr-xsrc/Setup/MacOSX/veracrypt.pkgproj4
-rwxr-xr-xsrc/Setup/MacOSX/veracrypt_Legacy.pkgproj4
-rw-r--r--src/Setup/Portable.rc8
-rw-r--r--src/Setup/Setup.rc8
-rw-r--r--src/Signing/sign.bat2
-rw-r--r--src/Signing/sign_test.bat2
-rw-r--r--src/Signing/sign_test_debug.bat2
-rw-r--r--src/Volume/Cipher.cpp16
116 files changed, 1170 insertions, 271 deletions
diff --git a/Translations/Language.ar.xml b/Translations/Language.ar.xml
index 17969d7..ef37b59 100644
--- a/Translations/Language.ar.xml
+++ b/Translations/Language.ar.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="ar" name="العربية" en-name="Arabic" version="0.2.0" translators="Ahmad Gharbeia, Khaled Hosny, Ali Khojah" />
<font lang="ar" class="normal" size="11" face="default" />
<font lang="ar" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.be.xml b/Translations/Language.be.xml
index bc3bae9..48013c5 100644
--- a/Translations/Language.be.xml
+++ b/Translations/Language.be.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="be" name="Беларуская" en-name="Belarusian" version="0.1.0" translators="Aleg Azarousky" />
<font lang="be" class="normal" size="11" face="default" />
<font lang="be" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.bg.xml b/Translations/Language.bg.xml
index b344033..334755a 100644
--- a/Translations/Language.bg.xml
+++ b/Translations/Language.bg.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="bg" name="Български" en-name="Bulgarian" version="0.1.0" translators="Lachezar Gorchev" />
<font lang="bg" class="normal" size="11" face="default" />
<font lang="bg" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.ca.xml b/Translations/Language.ca.xml
index eb2ab44..001a583 100644
--- a/Translations/Language.ca.xml
+++ b/Translations/Language.ca.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="ca" name="Català" en-name="Catalan" version="0.1.0" translators="CESICAT, Centre de Seguretat de la Informació de Catalunya" />
<font lang="ca" class="normal" size="11" face="default" />
<font lang="ca" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.cs.xml b/Translations/Language.cs.xml
index 49eac7a..72ca2f9 100644
--- a/Translations/Language.cs.xml
+++ b/Translations/Language.cs.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="cs" name="Čeština" en-name="Czech" version="1.1.0" translators="Vítek Moser, Lagardere" />
<font lang="cs" class="normal" size="11" face="default" />
<font lang="cs" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.da.xml b/Translations/Language.da.xml
index ac187b9..4c79b12 100644
--- a/Translations/Language.da.xml
+++ b/Translations/Language.da.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="da" name="Dansk" en-name="Danish" version="0.1.0" translators="Lasse Bond" />
<font lang="da" class="normal" size="11" face="default" />
<font lang="da" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.de.xml b/Translations/Language.de.xml
index c704e22..7abea8e 100644
--- a/Translations/Language.de.xml
+++ b/Translations/Language.de.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<!-- Sprachen -->
<language langid="de" name="Deutsch" en-name="German" version="1.1.8" translators="Harry Haller, Alexander Schorg, Simon Frankenberger, David Arndt, H. Sauer, Dulla, Ettore Atalan, Matthias Kolja Miehl, Felix Reichmann" />
<!-- Schriftarten -->
diff --git a/Translations/Language.el.xml b/Translations/Language.el.xml
index 7436ea7..5191c3f 100644
--- a/Translations/Language.el.xml
+++ b/Translations/Language.el.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="el" name="Ελληνικά" en-name="Greek" version="0.1.0" translators="Βασίλης Κοσμίδης" />
<font lang="el" class="normal" size="11" face="default" />
<font lang="el" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.es.xml b/Translations/Language.es.xml
index 7332a36..121767e 100644
--- a/Translations/Language.es.xml
+++ b/Translations/Language.es.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="es" name="Español" en-name="Spanish" version="1.0.0" translators="Juan Antonio Auñón Ochando" />
<font lang="es" class="normal" size="11" face="default" />
<font lang="es" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.et.xml b/Translations/Language.et.xml
index ee9919c..e8fd195 100644
--- a/Translations/Language.et.xml
+++ b/Translations/Language.et.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="et" name="Eesti" en-name="Estonian" version="0.1.0" translators="Maiko Mõtsar" />
<font lang="et" class="normal" size="11" face="vaikimisi" />
<font lang="et" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.eu.xml b/Translations/Language.eu.xml
index 6f8ed7d..72259a7 100644
--- a/Translations/Language.eu.xml
+++ b/Translations/Language.eu.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="eu" name="Euskara" en-name="Basque" version="1.0.0" translators="Ander Genua" />
<font lang="eu" class="normal" size="11" face="default" />
<font lang="eu" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.fa.xml b/Translations/Language.fa.xml
index 8a314d1..21f746e 100644
--- a/Translations/Language.fa.xml
+++ b/Translations/Language.fa.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="fa" name="فارسي" en-name="Persian" version="0.1.0" translators="Ali Bitazar, Rodabeh Sarmadi" />
<font lang="fa" class="normal" size="11" face="default" />
<font lang="fa" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.fi.xml b/Translations/Language.fi.xml
index 43d6754..b93eeeb 100644
--- a/Translations/Language.fi.xml
+++ b/Translations/Language.fi.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="fi" name="Suomi" en-name="Finnish" version="0.3.0" translators="Matti Ruhanen" />
<font lang="fi" class="normal" size="11" face="default" />
<font lang="fi" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.fr.xml b/Translations/Language.fr.xml
index 7258cf8..7748928 100644
--- a/Translations/Language.fr.xml
+++ b/Translations/Language.fr.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="fr" name="Français" en-name="French" version="0.3.0" translators="Stéphane S., Olivier M., Thierry T" />
<font lang="fr" class="normal" size="11" face="default" />
<font lang="fr" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.hu.xml b/Translations/Language.hu.xml
index a0786df..354f760 100644
--- a/Translations/Language.hu.xml
+++ b/Translations/Language.hu.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="hu" name="Magyar" en-name="Hungarian" version="2018.03.06" translators="Nyul Balazs > Szaki" />
<font lang="hu" class="normal" size="11" face="default" />
<font lang="hu" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.id.xml b/Translations/Language.id.xml
index 93716eb..0a0a9fd 100644
--- a/Translations/Language.id.xml
+++ b/Translations/Language.id.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="id" name="Bahasa Indonesia" en-name="Indonesian" version="0.1.0" translators="Tajuddin N. F." />
<font lang="id" class="normal" size="11" face="default" />
<font lang="id" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.it.xml b/Translations/Language.it.xml
index c06e699..4aa4aa3 100644
--- a/Translations/Language.it.xml
+++ b/Translations/Language.it.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="it" name="Italiano" en-name="Italian" version="1.0.1" translators="Maurizio Ballo, Consiglio Gaetano" />
<font lang="it" class="normal" size="11" face="default" />
<font lang="it" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.ja.xml b/Translations/Language.ja.xml
index 203dc44..429d438 100644
--- a/Translations/Language.ja.xml
+++ b/Translations/Language.ja.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="ja" name="日本語" en-name="Japanese" version="1.0.0" translators="OGOSHI Masayuki" />
<font lang="ja" class="normal" size="12" face="MS UI Gothic" />
<font lang="ja" class="bold" size="16" face="MS UI Gothic" />
diff --git a/Translations/Language.ka.xml b/Translations/Language.ka.xml
index 5617d69..1a5679f 100644
--- a/Translations/Language.ka.xml
+++ b/Translations/Language.ka.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="ka" name="ქართული" en-name="Georgian" version="0.1.0" translators="Kakha Lomiashvili" />
<font lang="ka" class="normal" size="12" face="Arial" />
<font lang="ka" class="bold" size="12" face="Arial" />
diff --git a/Translations/Language.ko.xml b/Translations/Language.ko.xml
index 85b1e6f..21fd282 100644
--- a/Translations/Language.ko.xml
+++ b/Translations/Language.ko.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="ko" name="한국어" en-name="Korean" version="0.1.1" translators="Kieaer, Herbert Shin" />
<font lang="ko" class="normal" size="11" face="돋움" />
<font lang="ko" class="bold" size="13" face="맑은 고딕" />
@@ -1403,10 +1403,10 @@
<entry lang="ko" key="RESCUE_DISK_EFI_INFO">파티션을 암호화하려면 먼저 VRD(VeraCrypt 복구 디스크)를 생성해야 합니다. VRD(VeraCrypt 부트로더, 마스터 키 또는 기타 중요 데이터가 손상된 경우 VRD에서 복원할 수 있습니다(그러나 올바른 암호를 입력해야 함).\n\n- Windows가 손상되어 시작할 수 없는 경우 VRD를 사용하여 Windows가 시작되기 전에 영구적으로 파티션을 해독할 수 있습니다.\n\n- VRD에는 현재 EFI 부트 로더의 백업이 포함되어 있으며 필요한 경우 복원할 수 있습니다.\n\nVeraCrypt 복구 디스크 ZIP 이미지가 아래에 지정된 위치에 생성됩니다.</entry>
<entry lang="ko" key="RESCUE_DISK_EFI_EXTRACT_INFO">복구 디스크 ZIP 이미지가 생성되어 이 파일에 저장되었습니다.\n%s\n이제 FAT/FAT32로 포맷된 USB 스틱으로 추출해야 합니다.\n\n%ls 복구 디스크를 생성한 후 다음을 클릭하여 디스크가 올바르게 생성되었는지 확인합니다.</entry>
<entry lang="ko" key="RESCUE_DISK_EFI_EXTRACT_INFO_NO_CHECK">s\n\n응급 복구 디스크 ZIP 이미지가 생성되어 이 파일에 저장되었습니다 :\n%s\n\n이제 FAT/FAT32로 포맷 된 USB 스틱에 이미지를 추출하거나 나중에 사용할 수 있도록 안전한 위치로 옮겨야합니다.\n\n계속하려면 다음을 클릭하세요.</entry>
- <entry lang="ko" key="RESCUE_DISK_EFI_EXTRACT_INFO_NOTE">중요: zip 파일을 USB 스틱의 루트에 직접 추출해야 합니다. 예를 들어 USB 스틱의 드라이브 문자가 E:인 경우 zip 파일을 추출하면 E:\ 폴더가 생성됩니다.USB 스틱에 EFI가 있습니다.\n\n</entry>
+ <entry lang="ko" key="RESCUE_DISK_EFI_EXTRACT_INFO_NOTE">중요: zip 파일을 USB 스틱의 루트에 직접 추출해야 합니다. 예를 들어 USB 스틱의 드라이브 문자가 E:인 경우 zip 파일을 추출하면 E:\\ 폴더가 생성됩니다.USB 스틱에 EFI가 있습니다.\n\n</entry>
<entry lang="ko" key="RESCUE_DISK_EFI_CHECK_FAILED">복구 디스크가 올바르게 추출되었는지 확인할 수 없습니다.\n\n복구 디스크를 추출한 경우 USB 스틱을 꺼내고 다시 삽입한 후 다음을 클릭하여 다시 시도합니다. 도움이 되지 않는 경우 다른 USB 스틱 및/또는 다른 ZIP 소프트웨어를 사용해 주십시오.아직 복구 디스크를 추출하지 않은 경우 압축을 풀고 다음을 클릭합니다.\n\n이 마법사를 시작하기 전에 생성된 VeraCrypt 복구 디스크를 확인하려고 하면 다른 마스터 키에 대해 생성되었기 때문에 해당 복구 디스크를 사용할 수 없습니다. 새로 생성된 복구 디스크 ZIP 이미지를 추출해야 합니다.</entry>
<entry lang="ko" key="RESCUE_DISK_EFI_NON_WIZARD_CHECK_FAILED">복구 디스크가 올바르게 추출되었는지 확인할 수 없습니다.\n\nUSB 스틱에 복구 디스크 이미지를 추출한 경우 꺼내고 다시 삽입한 다음 다시 시도합니다. 도움이 되지 않는 경우 다른 ZIP 소프트웨어 및/또는 매체를 사용해 주십시오.\n\n다른 마스터 키, 암호, 소금 등에 대해 생성된 VeraCrypt 복구 디스크를 확인하려고 하면 해당 복구 디스크가 항상 이 확인에 실패합니다. 현재 구성과 완전히 호환되는 새 복구 디스크를 생성하려면 '시스템' > '복구 디스크 생성'를 선택합니다.</entry>
- <entry lang="ko" key="RESCUE_DISK_EFI_NON_WIZARD_CREATION">복구 디스크 이미지가 생성되어 이 파일에 저장되었습니다.\n%s\n이제 FAT/FAT32로 포맷된 USB 스틱에 복구 디스크 이미지를 추출해야 합니다.\n\nIMPORTANT: zip 파일을 USB 스틱의 루트로 직접 추출해야 합니다. 예를 들어 USB 스틱의 드라이브 문자가 E:인 경우 zip 파일을 추출하면 E:\ 폴더가 생성됩니다.USB 스틱에 EFI가 있습니다.\n\n복구 디스크를 생성한 후 '시스템' > 'Verify 복구 디스크'를 선택하여 올바르게 생성되었는지 확인합니다.</entry>
+ <entry lang="ko" key="RESCUE_DISK_EFI_NON_WIZARD_CREATION">복구 디스크 이미지가 생성되어 이 파일에 저장되었습니다.\n%s\n이제 FAT/FAT32로 포맷된 USB 스틱에 복구 디스크 이미지를 추출해야 합니다.\n\nIMPORTANT: zip 파일을 USB 스틱의 루트로 직접 추출해야 합니다. 예를 들어 USB 스틱의 드라이브 문자가 E:인 경우 zip 파일을 추출하면 E:\\ 폴더가 생성됩니다.USB 스틱에 EFI가 있습니다.\n\n복구 디스크를 생성한 후 '시스템' > 'Verify 복구 디스크'를 선택하여 올바르게 생성되었는지 확인합니다.</entry>
<entry lang="ko" key="IDC_SECURE_DESKTOP_PASSWORD_ENTRY">암호 입력에 보안 데스크톱을 사용합니다.</entry>
<entry lang="ko" key="ERR_REFS_INVALID_VOLUME_SIZE">명령줄에 지정된 볼륨 파일 크기가 선택한 ReFS 파일 시스템과 호환되지 않습니다.</entry>
<entry lang="ko" key="IDC_EDIT_DCSPROP">부트 로더 구성을 편집</entry>
diff --git a/Translations/Language.lv.xml b/Translations/Language.lv.xml
index 56260a6..e39a2c2 100644
--- a/Translations/Language.lv.xml
+++ b/Translations/Language.lv.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="lv" name="Latviešu" en-name="Latvian" version="0.1.0" translators="Edmunds Melkers" />
<font lang="lv" class="normal" size="11" face="default" />
<font lang="lv" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.my.xml b/Translations/Language.my.xml
index c4402e9..f8e50cc 100644
--- a/Translations/Language.my.xml
+++ b/Translations/Language.my.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="my" name="မြန်မာ" en-name="Burmese" version="1.0.0" translators="Zaw Myo Htet" />
<font lang="my" class="normal" size="11" face="Myanmar3" />
<font lang="my" class="bold" size="13" face="Myanmar3" />
diff --git a/Translations/Language.nl.xml b/Translations/Language.nl.xml
index 6ac4f40..5f45260 100644
--- a/Translations/Language.nl.xml
+++ b/Translations/Language.nl.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="nl" name="Nederlands" en-name="Dutch" version="0.2.3" translators="Jan van der Wal, Peter Tak" />
<font lang="nl" class="normal" size="11" face="default" />
diff --git a/Translations/Language.nn.xml b/Translations/Language.nn.xml
index 2e7ae6d..0d106a4 100644
--- a/Translations/Language.nn.xml
+++ b/Translations/Language.nn.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="nn" name="Norsk Nynorsk" en-name="Norwegian (Nynorsk)" version="0.1.0" translators="Kjell Rune Helland" />
<font lang="nn" class="normal" size="11" face="default" />
<font lang="nn" class="bold" size="13" face="Arial " />
diff --git a/Translations/Language.pl.xml b/Translations/Language.pl.xml
index 28a9bb7..1750a30 100644
--- a/Translations/Language.pl.xml
+++ b/Translations/Language.pl.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="pl" name="Polski" en-name="Polish" version="1.0.0" translators="Mirek Druchowicz, Janusz Zamecki, Sobiesław Antolak, Begina Felicysym" />
<font lang="pl" class="normal" size="11" face="default" />
<font lang="pl" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.pt-br.xml b/Translations/Language.pt-br.xml
index 6ae66f0..dc54762 100644
--- a/Translations/Language.pt-br.xml
+++ b/Translations/Language.pt-br.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="pt-br" name="Português-Brasil" en-name="Portuguese (Brazil)" version="0.1.0" translators="Thiago C. L. Mendes, Lecidio S. Alencar , Lucas C. Ferreira" />
<font lang="pt-br" class="normal" size="11" face="padrão" />
<font lang="pt-br" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.ro.xml b/Translations/Language.ro.xml
index 9875b88..670cdda 100644
--- a/Translations/Language.ro.xml
+++ b/Translations/Language.ro.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version="1.24-Hotfix2">
+ <localization prog-version="1.24-Update5">
<language langid="ro" name="Română" en-name="Romanian" version="1.0.0" translators="Barna Cosmin Marian" />
<font lang="ro" class="normal" size="11" face="default" />
<font lang="ro" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.ru.xml b/Translations/Language.ru.xml
index 7ac2b09..0a05874 100644
--- a/Translations/Language.ru.xml
+++ b/Translations/Language.ru.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="ru" name="Русский" en-name="Russian" version="1.0.7" translators="Dmitry Yerokhin" />
<font lang="ru" class="normal" size="11" face="default" />
<font lang="ru" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.sk.xml b/Translations/Language.sk.xml
index 7ad9434..9037ce6 100644
--- a/Translations/Language.sk.xml
+++ b/Translations/Language.sk.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="sk" name="Slovenčina" en-name="Slovak" version="0.1.0" translators="Kamil David" />
<font lang="sk" class="normal" size="11" face="default" />
<font lang="sk" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.sl.xml b/Translations/Language.sl.xml
index 47c4e47..28b389e 100644
--- a/Translations/Language.sl.xml
+++ b/Translations/Language.sl.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="sl" name="Slovenščina" en-name="Slovenian" version="0.1.0" translators="Erik David Salam" />
<font lang="sl" class="normal" size="11" face="default" />
<font lang="sl" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.sv.xml b/Translations/Language.sv.xml
index 1932166..4717a60 100644
--- a/Translations/Language.sv.xml
+++ b/Translations/Language.sv.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="sv" name="Svenska" en-name="Swedish" version="1.0.0" translators="Peter Runesson" />
<font lang="sv" class="normal" size="11" face="default" />
<font lang="sv" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.th.xml b/Translations/Language.th.xml
index 319062e..bb7c178 100644
--- a/Translations/Language.th.xml
+++ b/Translations/Language.th.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="th" name="ภาษาไทย" en-name="Thai" version="0.0.0" translators=""/>
<font lang="th" class="normal" size="11" face="default" />
<font lang="th" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.tr.xml b/Translations/Language.tr.xml
index f84528b..dd9650c 100644
--- a/Translations/Language.tr.xml
+++ b/Translations/Language.tr.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="tr" name="Türkçe" en-name="Turkish" version="0.1.0" translators="Ali İskender Turan, Zeynel Abidin Öztürk" />
<font lang="tr" class="normal" size="11" face="default" />
<font lang="tr" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.uk.xml b/Translations/Language.uk.xml
index a5fbdaf..56079b0 100644
--- a/Translations/Language.uk.xml
+++ b/Translations/Language.uk.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="uk" name="Українська" en-name="Ukrainian" version="1.0.0" translators="Kravchuk Olexandr, Babchuk Volodymyr" />
<font lang="uk" class="normal" size="11" face="default" />
<font lang="uk" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.uz.xml b/Translations/Language.uz.xml
index 2b6e528..ed4ef8a 100644
--- a/Translations/Language.uz.xml
+++ b/Translations/Language.uz.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="uz" name="Ўзбекча" en-name="Uzbek (Cyrillic)" version="0.1.0" translators="Abdurauf Azizov, Dmitry Yerokhin" />
<font lang="uz" class="normal" size="11" face="default" />
<font lang="uz" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.vi.xml b/Translations/Language.vi.xml
index 9922d44..3e82bc3 100644
--- a/Translations/Language.vi.xml
+++ b/Translations/Language.vi.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="vi" name="Tiếng Việt" en-name="Vietnamese" version="0.1.0" translators="Nguyễn Kim Huy" />
<font lang="vi" class="normal" size="11" face="default" />
<font lang="vi" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.zh-cn.xml b/Translations/Language.zh-cn.xml
index ab73fae..49716bd 100644
--- a/Translations/Language.zh-cn.xml
+++ b/Translations/Language.zh-cn.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="zh-cn" name="简体中文" en-name="Chinese (Simplified)" version="1.0.0" translators="Barney Li and Zhangjintao" />
<font lang="zh-cn" class="normal" size="11" face="Tahoma" />
<font lang="zh-cn" class="bold" size="14" face="Tahoma" />
diff --git a/Translations/Language.zh-hk.xml b/Translations/Language.zh-hk.xml
index 9de2cf1..ee28639 100644
--- a/Translations/Language.zh-hk.xml
+++ b/Translations/Language.zh-hk.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="zh-hk" name="繁體中文" en-name="Chinese (Hong Kong)" version="0.1.0" translators="PUN Chi Ho" />
<font lang="zh-hk" class="normal" size="11" face="Arial" />
<font lang="zh-hk" class="bold" size="14" face="Arial" />
diff --git a/Translations/Language.zh-tw.xml b/Translations/Language.zh-tw.xml
index 549bc5e..970e856 100644
--- a/Translations/Language.zh-tw.xml
+++ b/Translations/Language.zh-tw.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update5">
<language langid="zh-tw" name="繁體中文" en-name="Chinese (Taiwan)" version="0.1.0" translators="Barney Li, Simon Ma, ChangMing Hsu" />
<font lang="zh-tw" class="normal" size="12" face="MingLiU" />
<font lang="zh-tw" class="bold" size="15" face="MingLiU" />
diff --git a/doc/chm/VeraCrypt User Guide.chm b/doc/chm/VeraCrypt User Guide.chm
index 036958d..f40f115 100644
--- a/doc/chm/VeraCrypt User Guide.chm
+++ b/doc/chm/VeraCrypt User Guide.chm
Binary files differ
diff --git a/doc/html/Command Line Usage.html b/doc/html/Command Line Usage.html
index 8c86460..9152927 100644
--- a/doc/html/Command Line Usage.html
+++ b/doc/html/Command Line Usage.html
@@ -180,6 +180,16 @@ Note that turning the password cache off will not clear it (use /w to clear the
<td><em>/DisableDeviceUpdate</em>&nbsp;</td>
<td>Disables periodic internel check on devices connected to the system that is used for handling favorites identified with VolumeID and replace it with on-demande checks.</td>
</tr>
+<tr>
+<td><em>/protectMemory</em>&nbsp;</td>
+<td>Activates a mechanism that protects VeraCrypt process memory from being accessed by other non-admin processes.</td>
+</tr>
+<tr>
+<td><em>/signalExit</em>&nbsp;</td>
+<td>It must be followed by a parameter specifying the name of the signal to send to unblock a waiting <a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/waitfor" target="_blank">WAITFOR.EXE</a> command when VeraCrypt exists.<br>
+The name of signal must be the same as the one specified to WAITFOR.EXE command (e.g."veracrypt.exe /q /v test.hc /l Z /signal SigName" followed by "waitfor.exe SigName"<br>
+This switch is ignored if /q is not specified</td>
+</tr>
</tbody>
</table>
<h4>VeraCrypt Format.exe (VeraCrypt Volume Creation Wizard):</h4>
@@ -259,13 +269,25 @@ It has no parameters and it indicates that no message box or dialog will be disp
<td>/nosizecheck</td>
<td>Don't check that the given size of the file container is smaller than the available disk free. This applies to both UI and command line.</td>
</tr>
+<tr>
+<td>/quick</td>
+<td>Perform quick formatting of volumes instead of full formatting. This applies to both UI and command line.</td>
+</tr>
+<tr>
+<td>/FastCreateFile</td>
+<td>Use a faster but potentially insecure way to create file containers. This applies to both UI and command line.</td>
+</tr>
+<tr>
+<td><em>/protectMemory</em>&nbsp;</td>
+<td>Activates a mechanism that protects VeraCrypt Format process memory from being accessed by other non-admin processes.</td>
+</tr>
</tbody>
</table>
<h4>Syntax</h4>
<p>VeraCrypt.exe [/tc] [/hash {sha256|sha-256|sha512|sha-512|whirlpool |ripemd160|ripemd-160}][/a [devices|favorites]] [/b] [/c [y|n|f]] [/d [drive letter]] [/e] [/f] [/h [y|n]] [/k keyfile or search path] [tryemptypass [y|n]] [/l drive letter] [/m {bk|rm|recovery|ro|sm|ts|noattach}]
[/p password] [/pim pimvalue] [/q [background|preferences]] [/s] [/tokenlib path] [/v volume] [/w]</p>
<p>&quot;VeraCrypt Format.exe&quot; [/n] [/create] [/size number[{K|M|G|T}]] [/p password]&nbsp; [/encryption {AES | Serpent | Twofish | Camellia | Kuznyechik | AES(Twofish) | AES(Twofish(Serpent)) | Serpent(AES) | Serpent(Twofish(AES)) | Twofish(Serpent) | Camellia(Kuznyechik) | Kuznyechik(Twofish) | Camellia(Serpent) | Kuznyechik(AES) | Kuznyechik(Serpent(Camellia))}] [/hash {sha256|sha-256|sha512|sha-512|whirlpool|ripemd160|ripemd-160}]
- [/filesystem {None|FAT|NTFS|ExFAT|ReFS}] [/dynamic] [/force] [/silent]</p>
+ [/filesystem {None|FAT|NTFS|ExFAT|ReFS}] [/dynamic] [/force] [/silent] [/noisocheck] [FastCreateFile] [/quick]</p>
<p>Note that the order in which options are specified does not matter.</p>
<h4>Examples</h4>
<p>Mount the volume <em>d:\myvolume</em> as the first free drive letter, using the password prompt (the main program window will not be displayed):</p>
diff --git a/doc/html/Release Notes.html b/doc/html/Release Notes.html
index 09e5d1e..3a0287a 100644
--- a/doc/html/Release Notes.html
+++ b/doc/html/Release Notes.html
@@ -40,6 +40,114 @@
<span style="color:#ff0000;">To avoid hinting whether your volumes contain a hidden volume or not, or if you depend on plausible deniability when using hidden volumes/OS, then you must recreate both the outer and hidden volumes including system encryption and hidden OS, discarding existing volumes created prior to 1.18a version of VeraCrypt.</span></li>
</p>
+<p><strong style="text-align:left">1.24-Update5 </strong>(XXXXXX XX<sup>XX</sup>, 2020):</p>
+<ul>
+<li><strong>Windows:</strong>
+<ul>
+<li>Optimize performance for CPUs that have more than 64 logical processors (contributed by Sachin Keswani from AMD)</li>
+</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.24-Update4 </strong>(January 23<sup>rd</sup>, 2020):</p>
+<ul>
+<li><strong>Windows:</strong>
+<ul>
+<li>Fix regression in Expander and Format when RAM encryption is enable that was causing volume headers to be corrupted.</li>
+<li>Fix failure of Screen Readers (Accessibility support) to read UI by disabling newly introduced memory protection by default and adding a CLI switch (/protectMemory) to enable it when needed.</li>
+<li>Fix side effects related to the fix for CVE-2019-19501 which caused links in UI not to open.</li>
+<li>Add switch /signalExit to support notifying <a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/waitfor" target="_blank">WAITFOR</a> Windows command when VeraCrypt.exe exits if /q was specified in CLI (cf documentation for usage).</li>
+<li>Don't display mount/dismount examples in help dialog for command line in Format and Expander.</li>
+<li>Documentation and translation updates.</li>
+</ul>
+</li>
+<li><strong>Linux:</strong>
+<ul>
+<li>Fix regression that limited the size available for hidden volumes created on disk or partition.</li>
+</ul>
+</li>
+<li><strong>MacOSX:</strong>
+<ul>
+<li>Fix regression that limited the size available for hidden volumes created on disk or partition.</li>
+</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.24-Update3 </strong>(December 21<sup>nd</sup>, 2019):</p>
+<ul>
+<li><strong>Linux:</strong>
+<ul>
+<li>Fix console-only build to remove dependency on GTK that is not wanted on headless servers.</li>
+</ul>
+</li>
+</ul>
+
+<p><strong style="text-align:left">1.24-Update2 </strong>(December 16<sup>th</sup>, 2019):</p>
+<ul>
+<li><strong>All OSes:</strong>
+<ul>
+<li>clear AES key from stack memory when using non-optimized implementation. Doesn't apply to VeraCrypt official build (Reported and fixed by Hanno Böck)</li>
+<li>Update Jitterentropy RNG Library to version 2.2.0</li>
+<li>Start following IEEE 1541 agreed naming of bytes (KiB, MiB, GiB, TiB, PiB).</li>
+<li>Various documentation enhancements.</li>
+</ul>
+</li>
+<li><strong>Windows:</strong>
+<ul>
+<li>Fix possible local privilege escalation vulnerability during execution of VeraCrypt Expander (CVE-2019-19501)</li>
+<li>MBR bootloader:
+<ul>
+<li>workaround for SSD disks that don't allow write operations in BIOS mode with buffers less than 4096 bytes.</li>
+<li>Don't restore MBR to VeraCrypt value if it is coming from a loader different from us or different from Microsoft one.</li>
+</ul>
+</li>
+<li>EFI bootloader:
+<ul>
+<li>Fix "ActionFailed" not working and add "ActionCancelled" to customize handling of user hitting ESC on password prompt</li>
+<li>Fix F5 showing previous password after failed authentication attempt. Ensure that even wrong password value are cleared from memory.</li>
+</ul>
+</li>
+<li>Fix multi-OS boot compatibility by only setting VeraCrypt as first bootloader of the system if the current first bootloader is Windows one.</li>
+<li>Add new registry flags for SystemFavoritesService to control updating of EFI BIOS boot menu on shutdown.</li>
+<li>Allow system encrypted drive to be mounted in WindowsPE even if changing keyboard layout fails (reported and fixed by Sven Strickroth)</li>
+<li>Enhancements to the mechanism preserving file timestamps, especially for keyfiles.</li>
+<li>Fix RDRAND instruction not detected on AMD CPUs.</li>
+<li>Detect cases where RDRAND is flawed (e.g. AMD Ryzen) to avoid using it if enabled by user.</li>
+<li>Don't write extra 0x00 byte at the end of DcsProp file when modifying it through UI</li>
+<li>Reduce memory usage of IOCTL_DISK_VERIFY handler used in disk verification by Windows.</li>
+<li>Add switch /FastCreateFile for VeraCrypt Format.exe to speedup creation of large file container if quick format is selected.</li>
+<li>Fix the checkbox for skipping verification of Rescue Disk not reflecting the value of /noisocheck switch specified in VeraCrypt Format command line.</li>
+<li>check "TrueCrypt Mode" in password dialog when mounting a file container with .tc extension</li>
+<li>Update XML languages files.</li>
+</ul>
+</li>
+<li><strong>Linux:</strong>
+<ul>
+<li>Fix regression causing admin password to be requested too many times in some cases</li>
+<li>Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck)</li>
+<li>Make sure password gets deleted in case of internal error when mounting volume (Reported and fixed by Hanno Böck)</li>
+<li>Fix passwords using Unicode characters not recognized in text mode.</li>
+<li>Fix failure to run VeraCrypt binary built for console mode on headless machines.</li>
+<li>Add switch to force the use of legacy maximum password length (64 UTF8 bytes)</li>
+<li>Add CLI switch (--use-dummy-sudo-password) to force use of old sudo behavior of sending a dummy password</li>
+<li>During uninstall, output error message to STDERR instead of STDOUT for better compatibility with package managers.</li>
+<li>Make sector size mismatch error when mounting disks more verbose.</li>
+<li>Speedup SHA256 in 64-bit mode by using assembly code.</li>
+</ul>
+</li>
+<li><strong>MacOSX:</strong>
+<ul>
+<li>Add switch to force the use of legacy maximum password length (64 UTF8 bytes)</li>
+<li>Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck)</li>
+<li>Fix passwords using Unicode characters not recognized in text mode.</li>
+<li>Make sector size mismatch error when mounting disks more verbose.</li>
+<li>Speedup SHA256 in 64-bit mode by using assembly code.</li>
+<li>Link against latest wxWidgets version 3.1.3</li>
+</ul>
+</li>
+</ul>
+
+
<p><strong style="text-align:left">1.24-Hotfix1 </strong>(October 27<sup>rd</sup>, 2019):</p>
<ul>
<li><strong>Windows:</strong>
diff --git a/doc/html/System Encryption.html b/doc/html/System Encryption.html
index 676c2e1..ed92c71 100644
--- a/doc/html/System Encryption.html
+++ b/doc/html/System Encryption.html
@@ -65,7 +65,8 @@ Because of BIOS requirement, the pre-boot password is typed using <strong>US key
</strong>During the system encryption process, VeraCrypt automatically and transparently switches the keyboard to US layout in order to ensure that the password value typed will match the one typed in pre-boot mode. Thus, in order to avoid wrong password errors,
one must type the password using the same keys as when creating the system encryption.</div>
<p>Note: By default, Windows 7 and later boot from a special small partition. The partition contains files that are required to boot the system. Windows allows only applications that have administrator privileges to write to the partition (when the system is
- running). VeraCrypt encrypts the partition only if you choose to encrypt the whole system drive (as opposed to choosing to encrypt only the partition where Windows is installed).</p>
+ running). In EFI boot mode, which is the default on modern PCs, VeraCrypt can not encrypt this partition since it must remain unencrypted so that the BIOS can load the EFI bootloader from it. This in turn implies that in EFI boot mode, VeraCrypt offers only to encrypt the system partition where Windows is installed (the user can later manualy encrypt other data partitions using VeraCrypt).
+ In MBR legacy boot mode, VeraCrypt encrypts the partition only if you choose to encrypt the whole system drive (as opposed to choosing to encrypt only the partition where Windows is installed).</p>
<p>&nbsp;</p>
<p><a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section &gt;&gt;</a></p>
</div>
diff --git a/doc/html/Unencrypted Data in RAM.html b/doc/html/Unencrypted Data in RAM.html
index 8917867..74651c0 100644
--- a/doc/html/Unencrypted Data in RAM.html
+++ b/doc/html/Unencrypted Data in RAM.html
@@ -48,6 +48,10 @@ Inherently, unencrypted master keys have to be stored in RAM too. When a non-sys
cleanly restarted), or when the system crashes, <strong style="text-align:left">
VeraCrypt naturally stops running and therefore cannot </strong>erase any keys or any other sensitive data. Furthermore, as Microsoft does not provide any appropriate API for handling hibernation and shutdown, master keys used for system encryption cannot be
reliably (and are not) erased from RAM when the computer hibernates, is shut down or restarted.**</div>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+Starting from version 1.24, VeraCrypt introduces a mechanism to encrypt master keys and cached passwords in RAM. This RAM encryption mechanism must be activated manually in "Performance/Driver Configuration" dialog. RAM encryption comes with a performance overhead (between 5% and 15% depending on the CPU speed) and it disables Windows hibernate. <br>
+Moreover, VeraCrypt 1.24 and above provide an additional security mechanism when system encryption is used that makes VeraCrypt erase master keys from RAM when a new device is connected to the PC. This additional mechanism can be activated using an option in System Settings dialog.<br/>
+Even though both above mechanisms provides strong protection for masterskeys and cached password, users should still take usual precautions related for the safery of sensitive data in RAM.</div>
<table style="border-collapse:separate; border-spacing:0px; text-align:left; font-size:11px; line-height:13px; font-family:Verdana,Arial,Helvetica,sans-serif">
<tbody style="text-align:left">
<tr style="text-align:left">
diff --git a/doc/html/VeraCrypt Rescue Disk.html b/doc/html/VeraCrypt Rescue Disk.html
index 53e6cec..529344a 100644
--- a/doc/html/VeraCrypt Rescue Disk.html
+++ b/doc/html/VeraCrypt Rescue Disk.html
@@ -42,19 +42,19 @@ During the process of preparing the encryption of a system partition/drive, Vera
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If the VeraCrypt Boot Loader screen does not appear after you start your computer (or if Windows does not boot), the
<strong style="text-align:left">VeraCrypt Boot Loader may be damaged</strong>. The VeraCrypt Rescue Disk allows you restore it and thus to regain access to your encrypted system and data (however, note that you will still have to enter the correct password
- then). In the Rescue Disk screen, select <em style="text-align:left">Restore OS header keys</em> (or <em style="text-align:left">Repair Options</em> &gt;
-<em style="text-align:left">Restore VeraCrypt Boot Loader</em> in case of MBR legacy boot mode). Then press 'Y' to confirm the action, remove the Rescue Disk from your USB port or CD/DVD drive and restart your computer.
+ then). For EFI boot mode, select <em style="text-align:left">Restore VeraCrypt loader binaries to system disk</em> in the Rescue Disk screen. For MBR legacy boot mode, select instead <em style="text-align:left">Repair Options</em> &gt;
+<em style="text-align:left">Restore VeraCrypt Boot Loader</em>. Then press 'Y' to confirm the action, remove the Rescue Disk from your USB port or CD/DVD drive and restart your computer.
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If the <strong style="text-align:left">VeraCrypt Boot Loader is frequently damaged
</strong>(for example, by inappropriately designed activation software) or if <strong style="text-align:left">
you do not want the VeraCrypt boot loader </strong><strong style="text-align:left">to reside on the hard drive
</strong>(for example, if you want to use an alternative boot loader/manager for other operating systems), you can boot directly from the VeraCrypt Rescue Disk (as it contains the VeraCrypt boot loader too) without restoring the boot loader to the hard drive.
- In case of EFI boot mode, just insert your Rescue Disk into a USB port, boot your computer on it and then select <em style="text-align:left">Boot VeraCrypt loader from rescue disk</em> on the Rescue Disk screen. In case of MBR legacy boot mode, you need to insert the Rescue Disk in your CD/DVD drive and then enter your password in the Rescue Disk screen.
+ For EFI boot mode, just insert your Rescue Disk into a USB port, boot your computer on it and then select <em style="text-align:left">Boot VeraCrypt loader from rescue disk</em> on the Rescue Disk screen. For MBR legacy boot mode, you need to insert the Rescue Disk in your CD/DVD drive and then enter your password in the Rescue Disk screen.
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If you repeatedly enter the correct password but VeraCrypt says that the password is incorrect, it is possible that the
<strong style="text-align:left">master key or other critical data are damaged</strong>. The VeraCrypt Rescue Disk allows you to restore them and thus to regain access to your encrypted system and data (however, note that you will still have to enter the correct
- password then). In the Rescue Disk screen, select <em style="text-align:left">Restore OS header keys</em> (or <em style="text-align:left">Repair Options</em> &gt;
-<em style="text-align:left">Restore VeraCrypt Boot Loader</em> in case of MBR legacy boot mode). Then enter your password, press 'Y' to confirm the action, remove the Rescue Disk from the USB port or CD/DVD drive, and restart your computer.<br style="text-align:left">
+ password then). For EFI boot mode, select <em style="text-align:left">Restore OS header keys</em> in the Rescue Disk screen. For MBR legacy boot mode, select instead <em style="text-align:left">Repair Options</em> &gt;
+<em style="text-align:left">Restore VeraCrypt Boot Loader</em>. Then enter your password, press 'Y' to confirm the action, remove the Rescue Disk from the USB port or CD/DVD drive, and restart your computer.<br style="text-align:left">
<br style="text-align:left">
Note: This feature cannot be used to restore the header of a hidden volume within which a
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
@@ -68,9 +68,9 @@ WARNING: By restoring key data using a VeraCrypt Rescue Disk, you also restore t
one (select <em style="text-align:left">System</em> -&gt; <em style="text-align:left">
Create Rescue Disk</em>). Otherwise, if an attacker knows your old password (for example, captured by a keystroke logger) and if he then finds your old VeraCrypt Rescue Disk, he could use it to restore the key data (the master key encrypted with the old password)
and thus decrypt your system partition/drive </li><li id="WindowsDamaged" style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
-If <strong style="text-align:left">Windows is damaged and cannot start</strong> after typing the correct password on VeraCrypt password prompt, the VeraCrypt Rescue Disk allows you to permanently decrypt the partition/drive before Windows starts. In the Rescue Disk screen, select
-<em style="text-align:left">Decrypt OS</em> (or <em style="text-align:left">Repair Options</em> &gt; <em style="text-align:left">
-Permanently decrypt system partition/drive</em> in case of MBR legacy boot mode). Enter the correct password and wait until decryption is complete. Then you can e.g. boot your MS Windows setup CD/DVD to repair your Windows installation. Note that this feature cannot be used to decrypt a hidden
+If <strong style="text-align:left">Windows is damaged and cannot start</strong> after typing the correct password on VeraCrypt password prompt, the VeraCrypt Rescue Disk allows you to permanently decrypt the partition/drive before Windows starts. For EFI boot, select
+<em style="text-align:left">Decrypt OS</em> in the Rescue Disk screen. For MBR legacy boot mode, select instead <em style="text-align:left">Repair Options</em> &gt; <em style="text-align:left">
+Permanently decrypt system partition/drive</em>. Enter the correct password and wait until decryption is complete. Then you can e.g. boot your MS Windows setup CD/DVD to repair your Windows installation. Note that this feature cannot be used to decrypt a hidden
volume within which a <a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
hidden operating system</a> resides (see the section <a href="Hidden%20Operating%20System.html">
Hidden Operating System</a>).<br style="text-align:left">
diff --git a/src/Boot/EFI/DcsBoot.efi b/src/Boot/EFI/DcsBoot.efi
index 185c6a0..0fcd48e 100644
--- a/src/Boot/EFI/DcsBoot.efi
+++ b/src/Boot/EFI/DcsBoot.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsBoot32.efi b/src/Boot/EFI/DcsBoot32.efi
index 0e95330..48db0ca 100644
--- a/src/Boot/EFI/DcsBoot32.efi
+++ b/src/Boot/EFI/DcsBoot32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg.efi b/src/Boot/EFI/DcsCfg.efi
index 32e2051..03c9761 100644
--- a/src/Boot/EFI/DcsCfg.efi
+++ b/src/Boot/EFI/DcsCfg.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg32.efi b/src/Boot/EFI/DcsCfg32.efi
index ace6379..22cc0d5 100644
--- a/src/Boot/EFI/DcsCfg32.efi
+++ b/src/Boot/EFI/DcsCfg32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInfo.efi b/src/Boot/EFI/DcsInfo.efi
index 73ee873..6be1cb8 100644
--- a/src/Boot/EFI/DcsInfo.efi
+++ b/src/Boot/EFI/DcsInfo.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInfo32.efi b/src/Boot/EFI/DcsInfo32.efi
index f0ca687..006adfb 100644
--- a/src/Boot/EFI/DcsInfo32.efi
+++ b/src/Boot/EFI/DcsInfo32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt.efi b/src/Boot/EFI/DcsInt.efi
index 8ba5c28..a0c2975 100644
--- a/src/Boot/EFI/DcsInt.efi
+++ b/src/Boot/EFI/DcsInt.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt32.efi b/src/Boot/EFI/DcsInt32.efi
index 85fa724..991885f 100644
--- a/src/Boot/EFI/DcsInt32.efi
+++ b/src/Boot/EFI/DcsInt32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsRe.efi b/src/Boot/EFI/DcsRe.efi
index 8e9ae8c..070cc97 100644
--- a/src/Boot/EFI/DcsRe.efi
+++ b/src/Boot/EFI/DcsRe.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsRe32.efi b/src/Boot/EFI/DcsRe32.efi
index 081c19d..c4f2013 100644
--- a/src/Boot/EFI/DcsRe32.efi
+++ b/src/Boot/EFI/DcsRe32.efi
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker.efi b/src/Boot/EFI/LegacySpeaker.efi
index 7c9f2d8..a1d14eb 100644
--- a/src/Boot/EFI/LegacySpeaker.efi
+++ b/src/Boot/EFI/LegacySpeaker.efi
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker32.efi b/src/Boot/EFI/LegacySpeaker32.efi
index 8c4c8ca..1ec5ba6 100644
--- a/src/Boot/EFI/LegacySpeaker32.efi
+++ b/src/Boot/EFI/LegacySpeaker32.efi
Binary files differ
diff --git a/src/Build/CMakeLists.txt b/src/Build/CMakeLists.txt
index 4724339..b0f2843 100644
--- a/src/Build/CMakeLists.txt
+++ b/src/Build/CMakeLists.txt
@@ -11,8 +11,8 @@ elseif ( NOT DEFINED NOGUI )
endif()
# - Set version of the package
-set( FULL_VERSION "1.24-Hotfix2" )
-set( VERSION "1.24.8" )
+set( FULL_VERSION "1.24-Update5" )
+set( VERSION "1.24.14" )
set( RELEASE "1" )
# - Set PROJECT_NAME and CONFLICT_PACKAGE values
@@ -242,19 +242,29 @@ if ( ( PLATFORM STREQUAL "Debian" ) OR ( PLATFORM STREQUAL "Ubuntu" ) )
set( CPACK_DEBIAN_PACKAGE_RELEASE ${CPACK_PACKAGE_RELEASE} )
set( CPACK_DEBIAN_PACKAGE_ARCHITECTURE ${ARCHITECTURE} ) # mandatory
- # Link against gtk3 version of wxWidgets if >= Debian 10 or >= Ubuntu 18.04
- # Otherwise, link against gtk2 version of wxWidgets
- if ( ( ( PLATFORM STREQUAL "Debian" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "10" ) )
- OR ( ( PLATFORM STREQUAL "Ubuntu" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "18.04" ) ) )
-
- set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-gtk3-0v5, libfuse2, dmsetup, sudo" )
-
+ if (NOGUI)
+ # Link against statically built wxWidgets so that we don't depend on any GTK library
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libfuse2, dmsetup, sudo" )
else ()
-
- set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-0v5, libfuse2, dmsetup, sudo" )
-
+ # Link against gtk3 version of wxWidgets if >= Debian 10 or >= Ubuntu 18.04
+ # Otherwise, link against gtk2 version of wxWidgets
+ if ( ( ( PLATFORM STREQUAL "Debian" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "10" ) )
+ OR ( ( PLATFORM STREQUAL "Ubuntu" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "18.04" ) ) )
+
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-gtk3-0v5, libfuse2, dmsetup, sudo" )
+
+ else ()
+ # Link against statically built wxWidgets on Ubuntu 14.04 and older, and Debian 8 and older
+ if ( ( ( PLATFORM STREQUAL "Debian" ) AND ( PLATFORM_VERSION VERSION_LESS_EQUAL "8" ) )
+ OR ( ( PLATFORM STREQUAL "Ubuntu" ) AND ( PLATFORM_VERSION VERSION_LESS_EQUAL "14.04" ) ) )
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libgtk2.0-0, libfuse2, dmsetup, sudo" )
+ else ()
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-0v5, libfuse2, dmsetup, sudo" )
+ endif ()
+
+ endif()
endif()
-
+
set( CPACK_DEBIAN_PACKAGE_MAINTAINER ${CONTACT} ) # mandatory
set( CPACK_DEBIAN_PACKAGE_DESCRIPTION ${CPACK_PACKAGE_DESCRIPTION_SUMMARY} ) # mandatory
set( CPACK_DEBIAN_ARCHIVE_TYPE "gnutar") # mandatory
@@ -284,19 +294,23 @@ elseif ( ( PLATFORM STREQUAL "CentOS" ) OR ( PLATFORM STREQUAL "openSUSE" ) )
set( CPACK_RPM_PACKAGE_VENDOR ${CPACK_PACKAGE_VENDOR} ) # mandatory
set( CPACK_RPM_PACKAGE_AUTOREQ "no" ) # disable automatic shared libraries dependency detection (most of the time buggy)
- if ( PLATFORM STREQUAL "CentOS" )
+ if (NOGUI)
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, sudo" )
+ else ()
+ if ( PLATFORM STREQUAL "CentOS" )
+
+ if ( DEFINED WITHGTK3 AND WITHGTK3 )
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk3, sudo" )
+ else ()
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk2, sudo" )
+ endif()
+
+ elseif ( PLATFORM STREQUAL "openSUSE" )
- if ( DEFINED WITHGTK3 AND WITHGTK3 )
- set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk3, sudo" )
- else ()
set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk2, sudo" )
endif()
-
- elseif ( PLATFORM STREQUAL "openSUSE" )
-
- set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk2, sudo" )
endif()
-
+
set( CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${RPM_PRERM}) # optional
# Prevents CPack from generating file conflicts
diff --git a/src/Build/Resources/MacOSX/Info.plist.legacy.xml b/src/Build/Resources/MacOSX/Info.plist.legacy.xml
index 7ecb3c2..4fd3345 100644
--- a/src/Build/Resources/MacOSX/Info.plist.legacy.xml
+++ b/src/Build/Resources/MacOSX/Info.plist.legacy.xml
@@ -74,7 +74,7 @@
<string>TRUE</string>
<key>CFBundleVersion</key>
- <string>1.24.8</string>
+ <string>1.24.14</string>
<key>CFBundleShortVersionString</key>
<string>_VERSION_</string>
diff --git a/src/Build/Resources/MacOSX/Info.plist.xml b/src/Build/Resources/MacOSX/Info.plist.xml
index 4df84a0..9a7c2a8 100644
--- a/src/Build/Resources/MacOSX/Info.plist.xml
+++ b/src/Build/Resources/MacOSX/Info.plist.xml
@@ -74,7 +74,7 @@
<string>TRUE</string>
<key>CFBundleVersion</key>
- <string>1.24.8</string>
+ <string>1.24.14</string>
<key>CFBundleShortVersionString</key>
<string>_VERSION_</string>
diff --git a/src/Build/build_cmake_deb.sh b/src/Build/build_cmake_deb.sh
index 3be23dd..a9fdc3b 100755
--- a/src/Build/build_cmake_deb.sh
+++ b/src/Build/build_cmake_deb.sh
@@ -12,22 +12,48 @@ export SOURCEPATH=$(readlink -f "$SCRIPTPATH/..")
# Directory where the VeraCrypt has been checked out
export PARENTDIR=$(readlink -f "$SCRIPTPATH/../../..")
+# The sources of wxWidgets 3.0.4 must be extracted to the parent directory
+export WX_ROOT=$PARENTDIR/wxWidgets-3.0.4
+echo "Using wxWidgets sources in $WX_ROOT"
+
cd $SOURCEPATH
+if [ "$#" = "1" ] && [ "$1" = "WXSTATIC" ]
+then
+echo "Building GUI version of VeraCrypt for DEB using wxWidgets static libraries"
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildGUI
+
+# To build wxWidgets without GUI
+make WXSTATIC=1 wxbuild || exit 1
+make WXSTATIC=1 clean || exit 1
+make WXSTATIC=1 || exit 1
+make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+else
+
echo "Building GUI version of VeraCrypt for DEB using system wxWidgets"
make clean || exit 1
make || exit 1
make install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
-echo "Building console version of VeraCrypt for DEB using system wxWidgets"
+fi
+
+echo "Building console version of VeraCrypt for DEB using wxWidgets static libraries"
# This is to avoid " Error: Unable to initialize GTK+, is DISPLAY set properly?"
# when building over SSH without X11 Forwarding
# export DISPLAY=:0.0
-make NOGUI=1 clean || exit 1
-make NOGUI=1 || exit 1
-make NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildConsole
+
+# To build wxWidgets without GUI
+make WXSTATIC=1 NOGUI=1 wxbuild || exit 1
+make WXSTATIC=1 NOGUI=1 clean || exit 1
+make WXSTATIC=1 NOGUI=1 || exit 1
+make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
echo "Creating VeraCrypt DEB packages"
diff --git a/src/Build/build_cmake_opensuse.sh b/src/Build/build_cmake_opensuse.sh
index 340440a..e7898f0 100644
--- a/src/Build/build_cmake_opensuse.sh
+++ b/src/Build/build_cmake_opensuse.sh
@@ -65,7 +65,7 @@ mkdir -p $PARENTDIR/VeraCrypt_Packaging/GUI
mkdir -p $PARENTDIR/VeraCrypt_Packaging/Console
# wxWidgets was built using GTK-2
-cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DWITHGTK3=TRUE -DNOGUI=FALSE || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DWITHGTK3=FALSE -DNOGUI=FALSE || exit 1
cpack --config $PARENTDIR/VeraCrypt_Packaging/GUI/CPackConfig.cmake || exit 1
-cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DWITHGTK3=TRUE -DNOGUI=TRUE || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DWITHGTK3=FALSE -DNOGUI=TRUE || exit 1
cpack --config $PARENTDIR/VeraCrypt_Packaging/Console/CPackConfig.cmake|| exit 1
diff --git a/src/Build/build_veracrypt_macosx.sh b/src/Build/build_veracrypt_macosx.sh
index 70a94c4..6b3707e 100755
--- a/src/Build/build_veracrypt_macosx.sh
+++ b/src/Build/build_veracrypt_macosx.sh
@@ -22,7 +22,7 @@ export WX_BUILD_DIR=$PARENTDIR/wxBuild-3.1.2
# define the SDK version to use and OSX minimum target. We target 10.9 by default
export VC_OSX_TARGET=10.9
export VC_OSX_SDK=10.14
-echo "Using MacOSX SDK $VC_OSX_SDK"
+echo "Using MacOSX SDK $VC_OSX_SDK with target set to $VC_OSX_TARGET"
cd $SOURCEPATH
diff --git a/src/Common/Cmdline.c b/src/Common/Cmdline.c
index d205673..f0dcf7c 100644
--- a/src/Common/Cmdline.c
+++ b/src/Common/Cmdline.c
@@ -70,9 +70,9 @@ BOOL CALLBACK CommandHelpDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
StringCchCatW(tmp, 8192, tmp2);
}
}
-
+#if defined(TCMOUNT) && !defined(VCEXPANDER)
StringCchCatW (tmp, 8192, L"\nExamples:\n\nMount a volume as X:\tveracrypt.exe /q /v volume.hc /l X\nDismount a volume X:\tveracrypt.exe /q /d X");
-
+#endif
SetWindowTextW (GetDlgItem (hwndDlg, IDC_COMMANDHELP_TEXT), tmp);
TCfree(tmp);
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index 89ce250..913495f 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -252,7 +252,7 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
else if (cipher == TWOFISH) {
twofish_encrypt_blocks(ks, data, data, (uint32) blockCount);
}
@@ -369,7 +369,7 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
else if (cipher == TWOFISH) {
twofish_decrypt_blocks(ks, data, data, (uint32) blockCount);
}
@@ -464,7 +464,7 @@ BOOL CipherSupportsIntraDataUnitParallelization (int cipher)
|| (cipher == SERPENT && HasSSE2())
|| (cipher == KUZNYECHIK && HasSSE2())
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
|| (cipher == TWOFISH)
|| (cipher == CAMELLIA)
#endif
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 47578b2..5a2ed52 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -190,6 +190,7 @@ BOOL MultipleMountOperationInProgress = FALSE;
volatile BOOL NeedPeriodicDeviceListUpdate = FALSE;
BOOL DisablePeriodicDeviceListUpdate = FALSE;
+BOOL EnableMemoryProtection = FALSE;
BOOL WaitDialogDisplaying = FALSE;
@@ -2919,9 +2920,6 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
char langId[6];
InitCommonControlsPtr InitCommonControlsFn = NULL;
wchar_t modPath[MAX_PATH];
-
- /* Protect this process memory from being accessed by non-admin users */
- EnableProcessProtection ();
GetModuleFileNameW (NULL, modPath, ARRAYSIZE (modPath));
@@ -5531,11 +5529,11 @@ static void DisplayBenchmarkResults (HWND hwndDlg)
SendMessageW (hList, LVM_SETITEMW, 0, (LPARAM)&LvItem);
break;
case BENCHMARK_TYPE_PRF:
- swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d ms", benchmarkTable[i].meanBytesPerSec);
+ swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d ms", (int) benchmarkTable[i].meanBytesPerSec);
LvItem.iSubItem = 1;
LvItem.pszText = item1;
SendMessageW (hList, LVM_SETITEMW, 0, (LPARAM)&LvItem);
- swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d", benchmarkTable[i].decSpeed);
+ swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d", (int) benchmarkTable[i].decSpeed);
LvItem.iSubItem = 2;
LvItem.pszText = item1;
SendMessageW (hList, LVM_SETITEMW, 0, (LPARAM)&LvItem);
@@ -7392,6 +7390,15 @@ BOOL CheckFileExtension (wchar_t *fileName)
return FALSE;
}
+BOOL IsTrueCryptFileExtension (wchar_t *fileName)
+{
+ wchar_t *ext = wcsrchr (fileName, L'.');
+ if (ext && !_wcsicmp (ext, L".tc"))
+ return TRUE;
+ else
+ return FALSE;
+}
+
void CorrectFileName (wchar_t* fileName)
{
/* replace '/' by '\' */
@@ -7523,7 +7530,10 @@ int GetLastAvailableDrive ()
BOOL IsDriveAvailable (int driveNo)
{
- return (GetUsedLogicalDrives() & (1 << driveNo)) == 0;
+ if (driveNo >= 0 && driveNo < 26)
+ return (GetUsedLogicalDrives() & (1 << driveNo)) == 0;
+ else
+ return FALSE;
}
@@ -11238,10 +11248,8 @@ int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password
else
StringCbCopyW (szCFDevice, sizeof(szCFDevice), szDiskFile);
- if (preserveTimestamps)
- write = TRUE;
- context->HostFileHandle = CreateFile (szCFDevice, GENERIC_READ | (write ? GENERIC_WRITE : 0), FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
+ context->HostFileHandle = CreateFile (szCFDevice, GENERIC_READ | (write ? GENERIC_WRITE : (!context->IsDevice && preserveTimestamps? FILE_WRITE_ATTRIBUTES : 0)), FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (context->HostFileHandle == INVALID_HANDLE_VALUE)
{
@@ -11263,6 +11271,13 @@ int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password
// Remember the container modification/creation date and time
if (!context->IsDevice && preserveTimestamps)
{
+ // ensure that Last Access and Last Write timestamps are not modified
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (context->HostFileHandle, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (context->HostFileHandle, &context->CreationTime, &context->LastAccessTime, &context->LastWriteTime) == 0)
context->TimestampsValid = FALSE;
else
@@ -13045,7 +13060,7 @@ BOOL IsApplicationInstalled (const wchar_t *appName, BOOL b32bitApp)
}
wchar_t regName[1024];
- DWORD regNameSize = sizeof (regName);
+ DWORD regNameSize = ARRAYSIZE (regName);
DWORD index = 0;
while (RegEnumKeyEx (unistallKey, index++, regName, &regNameSize, NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
{
@@ -14231,11 +14246,33 @@ cleanup:
return retval;
}
+// This function checks if the process is running with elevated privileges or not
+BOOL IsElevated()
+{
+ DWORD dwSize = 0;
+ HANDLE hToken = NULL;
+ TOKEN_ELEVATION tokenInformation;
+ BOOL bReturn = FALSE;
+
+ if(OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
+ {
+ if(GetTokenInformation(hToken, TokenElevation, &tokenInformation, sizeof(TOKEN_ELEVATION), &dwSize))
+ {
+ if (tokenInformation.TokenIsElevated)
+ bReturn = TRUE;
+ }
+
+ CloseHandle(hToken);
+ }
+ return bReturn;
+}
+
// This function always loads a URL in a non-privileged mode
// If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated
+// Use this security mechanism only starting from Windows Vista
void SafeOpenURL (LPCWSTR szUrl)
{
- if (IsAdmin ())
+ if (IsOSAtLeast (WIN_VISTA) && IsAdmin () && IsElevated())
{
WCHAR szRunDllPath[TC_MAX_PATH];
WCHAR szUrlDllPath[TC_MAX_PATH];
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 5da717f..b2324b1 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -167,6 +167,7 @@ extern BOOL MultipleMountOperationInProgress;
extern volatile BOOL NeedPeriodicDeviceListUpdate;
extern BOOL DisablePeriodicDeviceListUpdate;
+extern BOOL EnableMemoryProtection;
#ifndef SETUP
extern BOOL bLanguageSetInSetup;
@@ -351,6 +352,7 @@ BOOL CloseVolumeExplorerWindows (HWND hwnd, int driveNo);
BOOL UpdateDriveCustomLabel (int driveNo, wchar_t* effectiveLabel, BOOL bSetValue);
BOOL CheckCapsLock (HWND hwnd, BOOL quiet);
BOOL CheckFileExtension (wchar_t *fileName);
+BOOL IsTrueCryptFileExtension (wchar_t *fileName);
void CorrectFileName (wchar_t* fileName);
void CorrectURL (wchar_t* fileName);
void IncreaseWrongPwdRetryCount (int count);
diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c
index 461f284..0dbaec5 100644
--- a/src/Common/EncryptionThreadPool.c
+++ b/src/Common/EncryptionThreadPool.c
@@ -16,7 +16,8 @@
#include "Driver/Ntdriver.h"
#endif
-#define TC_ENC_THREAD_POOL_MAX_THREAD_COUNT 64
+//Increasing the maximum number of threads
+#define TC_ENC_THREAD_POOL_MAX_THREAD_COUNT 256 //64
#define TC_ENC_THREAD_POOL_QUEUE_SIZE (TC_ENC_THREAD_POOL_MAX_THREAD_COUNT * 2)
#ifdef DEVICE_DRIVER
@@ -43,6 +44,18 @@
#define TC_ACQUIRE_MUTEX(MUTEX) WaitForSingleObject (*(MUTEX), INFINITE)
#define TC_RELEASE_MUTEX(MUTEX) ReleaseMutex (*(MUTEX))
+typedef BOOL (WINAPI *SetThreadGroupAffinityFn)(
+ HANDLE hThread,
+ const GROUP_AFFINITY *GroupAffinity,
+ PGROUP_AFFINITY PreviousGroupAffinity
+);
+
+typedef WORD (WINAPI* GetActiveProcessorGroupCountFn)();
+
+typedef DWORD (WINAPI *GetActiveProcessorCountFn)(
+ WORD GroupNumber
+);
+
#endif // !DEVICE_DRIVER
@@ -99,6 +112,7 @@ static volatile BOOL StopPending = FALSE;
static uint32 ThreadCount;
static TC_THREAD_HANDLE ThreadHandles[TC_ENC_THREAD_POOL_MAX_THREAD_COUNT];
+static WORD ThreadProcessorGroups[TC_ENC_THREAD_POOL_MAX_THREAD_COUNT];
static EncryptionThreadPoolWorkItem WorkItemQueue[TC_ENC_THREAD_POOL_QUEUE_SIZE];
@@ -164,6 +178,20 @@ static void SetWorkItemState (EncryptionThreadPoolWorkItem *workItem, WorkItemSt
static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
{
EncryptionThreadPoolWorkItem *workItem;
+#ifdef DEVICE_DRIVER
+ SetThreadCpuGroupAffinity ((USHORT) *(WORD*)(threadArg));
+#else
+ SetThreadGroupAffinityFn SetThreadGroupAffinityPtr = (SetThreadGroupAffinityFn) GetProcAddress (GetModuleHandle (L"kernel32.dll"), "SetThreadGroupAffinity");
+ if (SetThreadGroupAffinityPtr && threadArg)
+ {
+ GROUP_AFFINITY groupAffinity = {0};
+ groupAffinity.Mask = ~0ULL;
+ groupAffinity.Group = *(WORD*)(threadArg);
+ SetThreadGroupAffinityPtr(GetCurrentThread(), &groupAffinity, NULL);
+ }
+
+#endif
+
while (!StopPending)
{
@@ -263,21 +291,33 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount)
{
- size_t cpuCount, i;
-
- if (ThreadPoolRunning)
- return TRUE;
-
+ size_t cpuCount = 0, i = 0;
#ifdef DEVICE_DRIVER
cpuCount = GetCpuCount();
#else
+ SYSTEM_INFO sysInfo;
+ GetActiveProcessorGroupCountFn GetActiveProcessorGroupCountPtr = (GetActiveProcessorGroupCountFn) GetProcAddress (GetModuleHandle (L"Kernel32.dll"), "GetActiveProcessorGroupCount");
+ GetActiveProcessorCountFn GetActiveProcessorCountPtr = (GetActiveProcessorCountFn) GetProcAddress (GetModuleHandle (L"Kernel32.dll"), "GetActiveProcessorCount");
+ if (GetActiveProcessorGroupCountPtr && GetActiveProcessorCountPtr)
+ {
+ WORD j, groupCount = GetActiveProcessorGroupCountPtr();
+ size_t totalProcessors = 0;
+ for (j = 0; j < groupCount; ++j)
+ {
+ totalProcessors += (size_t) GetActiveProcessorCountPtr(j);
+ }
+ cpuCount = totalProcessors;
+ }
+ else
{
- SYSTEM_INFO sysInfo;
- GetSystemInfo (&sysInfo);
+ GetSystemInfo(&sysInfo);
cpuCount = sysInfo.dwNumberOfProcessors;
}
#endif
+ if (ThreadPoolRunning)
+ return TRUE;
+
if (cpuCount > encryptionFreeCpuCount)
cpuCount -= encryptionFreeCpuCount;
@@ -338,10 +378,33 @@ BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount)
for (ThreadCount = 0; ThreadCount < cpuCount; ++ThreadCount)
{
#ifdef DEVICE_DRIVER
- if (!NT_SUCCESS (TCStartThread (EncryptionThreadProc, NULL, &ThreadHandles[ThreadCount])))
+ ThreadProcessorGroups[ThreadCount] = GetCpuGroup ((size_t) ThreadCount);
#else
- if (!(ThreadHandles[ThreadCount] = (HANDLE) _beginthreadex (NULL, 0, EncryptionThreadProc, NULL, 0, NULL)))
+ // Determine which processor group to bind the thread to.
+ if (GetActiveProcessorGroupCountPtr && GetActiveProcessorCountPtr)
+ {
+ WORD j, groupCount = GetActiveProcessorGroupCountPtr();
+ uint32 totalProcessors = 0U;
+ for (j = 0U; j < groupCount; j++)
+ {
+ totalProcessors += (uint32) GetActiveProcessorCountPtr(j);
+ if (totalProcessors >= ThreadCount)
+ {
+ ThreadProcessorGroups[ThreadCount] = j;
+ break;
+ }
+ }
+ }
+ else
+ ThreadProcessorGroups[ThreadCount] = 0;
#endif
+
+#ifdef DEVICE_DRIVER
+ if (!NT_SUCCESS(TCStartThread(EncryptionThreadProc, (void*)(&ThreadProcessorGroups[ThreadCount]), &ThreadHandles[ThreadCount])))
+#else
+ if (!(ThreadHandles[ThreadCount] = (HANDLE)_beginthreadex(NULL, 0, EncryptionThreadProc, (void*)(&ThreadProcessorGroups[ThreadCount]), 0, NULL)))
+#endif
+
{
EncryptionThreadPoolStop();
return FALSE;
diff --git a/src/Common/Fat.c b/src/Common/Fat.c
index b47e531..8d4cc7d 100644
--- a/src/Common/Fat.c
+++ b/src/Common/Fat.c
@@ -394,6 +394,8 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
if(!quickFormat)
{
+ CRYPTO_INFO tmpCI;
+
if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
goto fail;
@@ -402,23 +404,41 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
deniability of hidden volumes (and also reduces the amount of predictable plaintext
within the volume). */
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ cryptoInfo = &tmpCI;
+
// Temporary master key
if (!RandgetBytes (hwndDlg, temporaryKey, EAGetKeySize (cryptoInfo->ea), FALSE))
+ {
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
goto fail;
+ }
// Temporary secondary key (XTS mode)
if (!RandgetBytes (hwndDlg, cryptoInfo->k2, sizeof cryptoInfo->k2, FALSE))
+ {
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
goto fail;
+ }
retVal = EAInit (cryptoInfo->ea, temporaryKey, cryptoInfo->ks);
if (retVal != ERR_SUCCESS)
{
+ TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey));
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
return retVal;
}
if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
+ TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey));
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
return ERR_MODE_INIT_FAILED;
}
@@ -430,12 +450,24 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
goto fail;
}
UpdateProgressBar (nSecNo * ft->sector_size);
+
+ if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
+ {
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ goto fail;
+ }
+
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
else
+ {
UpdateProgressBar ((uint64) ft->num_sectors * ft->sector_size);
- if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
- goto fail;
+ if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
+ goto fail;
+ }
TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey));
diff --git a/src/Common/Format.c b/src/Common/Format.c
index bd33f75..1edbdf9 100644
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -100,6 +100,10 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
LARGE_INTEGER offset;
BOOL bFailedRequiredDASD = FALSE;
HWND hwndDlg = volParams->hwndDlg;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+ PCRYPTO_INFO cryptoInfoBackup = NULL;
+#endif
FormatSectorSize = volParams->sectorSize;
@@ -350,14 +354,32 @@ begin_format:
nStatus = ERR_OS_ERROR;
goto error;
}
+ else if (volParams->hiddenVol && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Write timestamps are not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
DisableFileCompression (dev);
if (!volParams->hiddenVol && !bInstantRetryOtherFilesys)
{
LARGE_INTEGER volumeSize;
+ BOOL speedupFileCreation = FALSE;
volumeSize.QuadPart = dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE;
+ // speedup for file creation only makes sens when using quick format
+ if (volParams->quickFormat && volParams->fastCreateFile)
+ speedupFileCreation = TRUE;
+
if (volParams->sparseFileSwitch && volParams->quickFormat)
{
// Create as sparse file container
@@ -371,21 +393,29 @@ begin_format:
// Preallocate the file
if (!SetFilePointerEx (dev, volumeSize, NULL, FILE_BEGIN)
- || !SetEndOfFile (dev)
- || SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ || !SetEndOfFile (dev))
{
nStatus = ERR_OS_ERROR;
goto error;
}
- }
- }
- if (volParams->hiddenVol && !volParams->bDevice && bPreserveTimestamp)
- {
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
+ if (speedupFileCreation)
+ {
+ // accelerate file creation by telling Windows not to fill all file content with zeros
+ // this has security issues since it will put existing disk content into file container
+ // We use this mechanism only when switch /fastCreateFile specific and when quick format
+ // also specified and which is documented to have security issues.
+ // we don't check returned status because failure is not issue for us
+ SetFileValidData (dev, volumeSize.QuadPart);
+ }
+
+ if (SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
+
+ }
}
if (volParams->hwndDlg && volParams->bGuiMode) KillTimer (volParams->hwndDlg, TIMER_ID_RANDVIEW);
@@ -548,6 +578,17 @@ begin_format:
goto error;
}
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
header,
volParams->ea,
@@ -566,6 +607,15 @@ begin_format:
FormatSectorSize,
FALSE);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
+
if (!WriteEffectiveVolumeHeader (volParams->bDevice, dev, header))
{
nStatus = ERR_OS_ERROR;
@@ -577,8 +627,28 @@ begin_format:
{
BOOL bUpdateBackup = FALSE;
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
+
if (nStatus != ERR_SUCCESS)
goto error;
@@ -768,6 +838,10 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
LARGE_INTEGER startOffset;
LARGE_INTEGER newOffset;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+#endif
+
// Seek to start sector
startOffset.QuadPart = startSector * FormatSectorSize;
if (!SetFilePointerEx ((HANDLE) dev, startOffset, &newOffset, FILE_BEGIN)
@@ -785,6 +859,16 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
memset (sector, 0, sizeof (sector));
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
// Remember the original secondary key (XTS mode) before generating a temporary one
memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2));
@@ -847,6 +931,13 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
return 0;
@@ -858,6 +949,13 @@ fail:
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
SetLastError (err);
return (retVal ? retVal : ERR_OS_ERROR);
diff --git a/src/Common/Format.h b/src/Common/Format.h
index 961ece7..4ce1b8c 100644
--- a/src/Common/Format.h
+++ b/src/Common/Format.h
@@ -38,6 +38,7 @@ typedef struct
unsigned int clusterSize;
BOOL sparseFileSwitch;
BOOL quickFormat;
+ BOOL fastCreateFile;
DWORD sectorSize;
int *realClusterSize;
Password *password;
diff --git a/src/Common/Keyfiles.c b/src/Common/Keyfiles.c
index 686f3ca..174aed9 100644
--- a/src/Common/Keyfiles.c
+++ b/src/Common/Keyfiles.c
@@ -149,50 +149,41 @@ void KeyFileCloneAll (KeyFile *firstKeyFile, KeyFile **outputKeyFile)
static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSize, KeyFile *keyFile)
{
- FILE *f;
unsigned __int8 buffer[64 * 1024];
unsigned __int32 crc = 0xffffffff;
unsigned __int32 writePos = 0;
- size_t bytesRead, totalRead = 0;
+ DWORD bytesRead, totalRead = 0;
int status = TRUE;
-
HANDLE src;
- FILETIME ftCreationTime;
- FILETIME ftLastWriteTime;
- FILETIME ftLastAccessTime;
-
- BOOL bTimeStampValid = FALSE;
+ BOOL bReadStatus = FALSE;
- /* Remember the last access time of the keyfile. It will be preserved in order to prevent
- an adversary from determining which file may have been used as keyfile. */
src = CreateFile (keyFile->FileName,
- GENERIC_READ | GENERIC_WRITE,
+ GENERIC_READ | FILE_WRITE_ATTRIBUTES,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (src != INVALID_HANDLE_VALUE)
{
- if (GetFileTime ((HANDLE) src, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime))
- bTimeStampValid = TRUE;
- }
+ /* We tell Windows not to update the Last Access timestamp in order to prevent
+ an adversary from determining which file may have been used as keyfile. */
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
- finally_do_arg (HANDLE, src,
+ SetFileTime (src, NULL, &ftLastAccessTime, NULL);
+ }
+ else
{
- if (finally_arg != INVALID_HANDLE_VALUE)
- CloseHandle (finally_arg);
- });
-
- f = _wfopen (keyFile->FileName, L"rb");
- if (f == NULL) return FALSE;
+ /* try to open without FILE_WRITE_ATTRIBUTES in case we are in a ReadOnly filesystem (e.g. CD) */
+ src = CreateFile (keyFile->FileName,
+ GENERIC_READ,
+ FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
+ if (src == INVALID_HANDLE_VALUE)
+ return FALSE;
+ }
- while ((bytesRead = fread (buffer, 1, sizeof (buffer), f)) > 0)
+ while ((bReadStatus = ReadFile (src, buffer, sizeof (buffer), &bytesRead, NULL)) && (bytesRead > 0))
{
- size_t i;
-
- if (ferror (f))
- {
- status = FALSE;
- goto close;
- }
+ DWORD i;
for (i = 0; i < bytesRead; i++)
{
@@ -211,7 +202,7 @@ static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSi
}
}
- if (ferror (f))
+ if (!bReadStatus)
{
status = FALSE;
}
@@ -223,13 +214,9 @@ static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSi
close:
DWORD err = GetLastError();
- fclose (f);
- if (bTimeStampValid && !IsFileOnReadOnlyFilesystem (keyFile->FileName))
- {
- // Restore the keyfile timestamp
- SetFileTime (src, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime);
- }
+ CloseHandle (src);
+ burn (buffer, sizeof (buffer));
SetLastError (err);
return status;
diff --git a/src/Common/Password.c b/src/Common/Password.c
index ca0dd46..f2413b6 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -224,6 +224,19 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
if (dev == INVALID_HANDLE_VALUE)
goto error;
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Write timestamps are not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
if (bDevice)
{
@@ -313,13 +326,6 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
SetRandomPoolEnrichedByUserStatus (FALSE); /* force the display of the random enriching dialog */
- if (!bDevice && bPreserveTimestamp)
- {
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
- }
for (volumeType = TC_VOLUME_TYPE_NORMAL; volumeType < TC_VOLUME_TYPE_COUNT; volumeType++)
{
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index 4e8cfa4..5a02bc5 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -55,7 +55,7 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
#define TC_APP_NAME "VeraCrypt"
// Version displayed to user
-#define VERSION_STRING "1.24-Hotfix2"
+#define VERSION_STRING "1.24-Update5"
#ifdef VC_EFI_CUSTOM_MODE
#define VERSION_STRING_SUFFIX "-CustomEFI"
@@ -67,9 +67,9 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
#define VERSION_NUM 0x0124
// Release date
-#define TC_STR_RELEASE_DATE L"November 4, 2019"
-#define TC_RELEASE_DATE_YEAR 2019
-#define TC_RELEASE_DATE_MONTH 11
+#define TC_STR_RELEASE_DATE L"February 11, 2020"
+#define TC_RELEASE_DATE_YEAR 2020
+#define TC_RELEASE_DATE_MONTH 2
#define BYTES_PER_KB 1024LL
#define BYTES_PER_MB 1048576LL
@@ -263,6 +263,14 @@ extern ULONG AllocTag;
typedef int BOOL;
#endif
+#ifndef WORD
+typedef USHORT WORD;
+#endif
+
+#ifndef BOOLEAN
+typedef unsigned char BOOLEAN;
+#endif
+
#ifndef TRUE
#define TRUE 1
#endif
@@ -289,6 +297,19 @@ typedef NTSTATUS (NTAPI *ExGetFirmwareEnvironmentVariableFn) (
PULONG Attributes
);
+typedef BOOLEAN (NTAPI *KeAreAllApcsDisabledFn) ();
+
+typedef void (NTAPI *KeSetSystemGroupAffinityThreadFn)(
+ PGROUP_AFFINITY Affinity,
+ PGROUP_AFFINITY PreviousAffinity
+);
+
+typedef USHORT (NTAPI *KeQueryActiveGroupCountFn)();
+
+typedef ULONG (NTAPI *KeQueryActiveProcessorCountExFn)(
+ USHORT GroupNumber
+);
+
extern NTSTATUS NTAPI KeSaveExtendedProcessorState (
__in ULONG64 Mask,
PXSTATE_SAVE XStateSave
@@ -299,6 +320,9 @@ extern VOID NTAPI KeRestoreExtendedProcessorState (
PXSTATE_SAVE XStateSave
);
+extern BOOLEAN VC_KeAreAllApcsDisabled (VOID);
+
+
#else /* !TC_WINDOWS_DRIVER */
#if !defined(_UEFI)
#define TCalloc malloc
diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp
index 423b565..a648520 100644
--- a/src/Core/Unix/CoreUnix.cpp
+++ b/src/Core/Unix/CoreUnix.cpp
@@ -465,6 +465,7 @@ namespace VeraCrypt
continue;
}
+ options.Password.reset();
throw;
}
@@ -476,7 +477,7 @@ namespace VeraCrypt
const uint32 devSectorSize = volume->GetFile()->GetDeviceSectorSize();
const size_t volSectorSize = volume->GetSectorSize();
if (devSectorSize != volSectorSize)
- throw DeviceSectorSizeMismatch (SRC_POS, StringConverter::ToWide(devSectorSize) + L" != " + StringConverter::ToWide(volSectorSize));
+ throw DeviceSectorSizeMismatch (SRC_POS, StringConverter::ToWide(devSectorSize) + L" != " + StringConverter::ToWide((uint32) volSectorSize));
}
// Find a free mount point for FUSE service
diff --git a/src/Crypto/Aeskey.c b/src/Crypto/Aeskey.c
index c9ab026..9b7bfd1 100644
--- a/src/Crypto/Aeskey.c
+++ b/src/Crypto/Aeskey.c
@@ -27,6 +27,7 @@
#include "Aesopt.h"
#include "Aestab.h"
+#include "Common/Tcdefs.h"
#ifdef USE_VIA_ACE_IF_PRESENT
# include "aes_via_ace.h"
@@ -95,6 +96,8 @@ AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -147,6 +150,8 @@ AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -202,6 +207,8 @@ AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -352,6 +359,8 @@ AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -439,6 +448,8 @@ AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -538,6 +549,8 @@ AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
diff --git a/src/Crypto/Camellia.c b/src/Crypto/Camellia.c
index 49bc767..b3a3578 100644
--- a/src/Crypto/Camellia.c
+++ b/src/Crypto/Camellia.c
@@ -3,7 +3,7 @@
#include "Crypto/cpu.h"
#include "Crypto/misc.h"
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
/* camellia.c ver 1.2.0-x86_64_asm1.1
*
diff --git a/src/Crypto/Camellia.h b/src/Crypto/Camellia.h
index 988203d..a1cb832 100644
--- a/src/Crypto/Camellia.h
+++ b/src/Crypto/Camellia.h
@@ -17,7 +17,7 @@ void camellia_set_key(const unsigned __int8 userKey[], unsigned __int8 *ks);
void camellia_encrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
void camellia_decrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
void camellia_encrypt_blocks(unsigned __int8 *ks, const byte* in_blk, byte* out_blk, uint32 blockCount);
void camellia_decrypt_blocks(unsigned __int8 *ks, const byte* in_blk, byte* out_blk, uint32 blockCount);
#endif
diff --git a/src/Crypto/Sha2.c b/src/Crypto/Sha2.c
index f214f6d..31cba7f 100644
--- a/src/Crypto/Sha2.c
+++ b/src/Crypto/Sha2.c
@@ -10,7 +10,7 @@ and released into public domain.
#include "Crypto/cpu.h"
#include "Crypto/misc.h"
-#ifdef _UEFI
+#if defined(_UEFI) || defined(CRYPTOPP_DISABLE_ASM)
#define NO_OPTIMIZED_VERSIONS
#endif
@@ -774,7 +774,7 @@ void sha256_begin(sha256_ctx* ctx)
if (!sha256transfunc)
{
#ifndef NO_OPTIMIZED_VERSIONS
-#ifdef _M_X64
+#if CRYPTOPP_BOOL_X64
if (g_isIntel && HasSAVX2() && HasSBMI2())
sha256transfunc = Avx2Sha256Transform;
else if (g_isIntel && HasSAVX())
diff --git a/src/Crypto/Sha2.h b/src/Crypto/Sha2.h
index 37625ce..7e90abf 100644
--- a/src/Crypto/Sha2.h
+++ b/src/Crypto/Sha2.h
@@ -22,7 +22,7 @@ extern "C" {
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(32)
#else
#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(16)
diff --git a/src/Crypto/Twofish.c b/src/Crypto/Twofish.c
index 8ab5908..f0906f1 100644
--- a/src/Crypto/Twofish.c
+++ b/src/Crypto/Twofish.c
@@ -54,7 +54,7 @@
#define UNROLL_TWOFISH
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
/* these are 64-bit assembly implementation taken from https://github.com/jkivilin/supercop-blockciphers
Copyright 2011-2013 Jussi Kivilinna <jussi.kivilinna@iki.fi>
@@ -630,7 +630,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])
uint32 b = rotl32(MDSQ[0][Q[0][Q[0][Q[1][Q[1][i + 1] ^ key[28]] ^ key[20]] ^ key[12]] ^ key[4]] ^ MDSQ[1][Q[0][Q[1][Q[1][Q[0][i + 1] ^ key[29]] ^ key[21]] ^ key[13]] ^ key[5]]
^ MDSQ[2][Q[1][Q[0][Q[0][Q[0][i + 1] ^ key[30]] ^ key[22]] ^ key[14]] ^ key[6]] ^ MDSQ[3][Q[1][Q[1][Q[0][Q[1][i + 1] ^ key[31]] ^ key[23]] ^ key[15]] ^ key[7]], 8);
a += b;
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
if (i < 8)
{
instance->w[i] = a;
@@ -998,7 +998,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])
#ifndef TC_MINIMIZE_CODE_SIZE
-#if (CRYPTOPP_BOOL_X64 == 0)
+#if (CRYPTOPP_BOOL_X64 == 0) || defined(CRYPTOPP_DISABLE_ASM)
void twofish_encrypt(TwofishInstance *ks, const u4byte in_blk[4], u4byte out_blk[4])
{
uint32* rk = ks->l_key;
@@ -1071,7 +1071,7 @@ void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte o
#ifndef TC_MINIMIZE_CODE_SIZE
-#if (CRYPTOPP_BOOL_X64 == 0)
+#if (CRYPTOPP_BOOL_X64 == 0) || defined(CRYPTOPP_DISABLE_ASM)
void twofish_decrypt(TwofishInstance *ks, const u4byte in_blk[4], u4byte out_blk[4])
{
uint32* rk = ks->l_key;
diff --git a/src/Crypto/Twofish.h b/src/Crypto/Twofish.h
index cec99c7..e74826e 100644
--- a/src/Crypto/Twofish.h
+++ b/src/Crypto/Twofish.h
@@ -35,7 +35,7 @@ extern "C"
#endif
typedef struct
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
u4byte mk_tab[4][256], w[8], k[32];
#else
u4byte l_key[40];
@@ -54,7 +54,7 @@ typedef struct
/* in_key must be 32-bytes long */
void twofish_set_key(TwofishInstance *instance, const u4byte in_key[]);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
void twofish_encrypt_blocks(TwofishInstance *instance, const byte* in_blk, byte* out_blk, uint32 blockCount);
void twofish_decrypt_blocks(TwofishInstance *instance, const byte* in_blk, byte* out_blk, uint32 blockCount);
#define twofish_encrypt(instance,in_blk,out_blk) twofish_encrypt_blocks(instance, (const byte*) in_blk, (byte*) out_blk, 1)
diff --git a/src/Driver/Driver.rc b/src/Driver/Driver.rc
index f992ece..b1573e7 100644
--- a/src/Driver/Driver.rc
+++ b/src/Driver/Driver.rc
@@ -27,8 +27,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,1
- PRODUCTVERSION 1,24,8,1
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 1327c12..2ae17f5 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -143,6 +143,9 @@ static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL;
static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL;
static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL;
static KeAreAllApcsDisabledFn KeAreAllApcsDisabledPtr = NULL;
+static KeSetSystemGroupAffinityThreadFn KeSetSystemGroupAffinityThreadPtr = NULL;
+static KeQueryActiveGroupCountFn KeQueryActiveGroupCountPtr = NULL;
+static KeQueryActiveProcessorCountExFn KeQueryActiveProcessorCountExPtr = NULL;
POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool;
ULONG ExDefaultMdlProtection = 0;
@@ -283,13 +286,20 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
}
// KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState are available starting from Windows 7
+ // KeQueryActiveGroupCount/KeQueryActiveProcessorCountEx/KeSetSystemGroupAffinityThread are available starting from Windows 7
if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))
{
- UNICODE_STRING saveFuncName, restoreFuncName;
+ UNICODE_STRING saveFuncName, restoreFuncName, groupCountFuncName, procCountFuncName, setAffinityFuncName;
RtlInitUnicodeString(&saveFuncName, L"KeSaveExtendedProcessorState");
RtlInitUnicodeString(&restoreFuncName, L"KeRestoreExtendedProcessorState");
+ RtlInitUnicodeString(&groupCountFuncName, L"KeQueryActiveGroupCount");
+ RtlInitUnicodeString(&procCountFuncName, L"KeQueryActiveProcessorCountEx");
+ RtlInitUnicodeString(&setAffinityFuncName, L"KeSetSystemGroupAffinityThread");
KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName);
KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName);
+ KeSetSystemGroupAffinityThreadPtr = (KeSetSystemGroupAffinityThreadFn) MmGetSystemRoutineAddress(&setAffinityFuncName);
+ KeQueryActiveGroupCountPtr = (KeQueryActiveGroupCountFn) MmGetSystemRoutineAddress(&groupCountFuncName);
+ KeQueryActiveProcessorCountExPtr = (KeQueryActiveProcessorCountExFn) MmGetSystemRoutineAddress(&procCountFuncName);
}
// ExGetFirmwareEnvironmentVariable is available starting from Windows 8
@@ -1384,7 +1394,8 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
else
{
IO_STATUS_BLOCK ioStatus;
- PVOID buffer = TCalloc (max (pVerifyInformation->Length, PAGE_SIZE));
+ DWORD dwBuffersize = min (pVerifyInformation->Length, 16 * PAGE_SIZE);
+ PVOID buffer = TCalloc (dwBuffersize);
if (!buffer)
{
@@ -1392,14 +1403,29 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
}
else
{
- LARGE_INTEGER offset = pVerifyInformation->StartingOffset;
+ LARGE_INTEGER offset;
+ DWORD dwRemainingBytes = pVerifyInformation->Length, dwReadCount;
offset.QuadPart = ullNewOffset;
- Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, pVerifyInformation->Length, &offset, NULL);
- TCfree (buffer);
+ while (dwRemainingBytes)
+ {
+ dwReadCount = min (dwBuffersize, dwRemainingBytes);
+ Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, dwReadCount, &offset, NULL);
- if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != pVerifyInformation->Length)
- Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != dwReadCount)
+ {
+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ break;
+ }
+ else if (!NT_SUCCESS (Irp->IoStatus.Status))
+ break;
+
+ dwRemainingBytes -= dwReadCount;
+ offset.QuadPart += (ULONGLONG) dwReadCount;
+ }
+
+ burn (buffer, dwBuffersize);
+ TCfree (buffer);
}
}
@@ -4472,16 +4498,27 @@ NTSTATUS TCCompleteDiskIrp (PIRP irp, NTSTATUS status, ULONG_PTR information)
size_t GetCpuCount ()
{
- KAFFINITY activeCpuMap = KeQueryActiveProcessors();
- size_t mapSize = sizeof (activeCpuMap) * 8;
size_t cpuCount = 0;
-
- while (mapSize--)
+ if (KeQueryActiveGroupCountPtr && KeQueryActiveProcessorCountExPtr)
+ {
+ USHORT i, groupCount = KeQueryActiveGroupCountPtr ();
+ for (i = 0; i < groupCount; i++)
+ {
+ cpuCount += (size_t) KeQueryActiveProcessorCountExPtr (i);
+ }
+ }
+ else
{
- if (activeCpuMap & 1)
- ++cpuCount;
+ KAFFINITY activeCpuMap = KeQueryActiveProcessors();
+ size_t mapSize = sizeof (activeCpuMap) * 8;
+
+ while (mapSize--)
+ {
+ if (activeCpuMap & 1)
+ ++cpuCount;
- activeCpuMap >>= 1;
+ activeCpuMap >>= 1;
+ }
}
if (cpuCount == 0)
@@ -4490,6 +4527,35 @@ size_t GetCpuCount ()
return cpuCount;
}
+USHORT GetCpuGroup (size_t index)
+{
+ if (KeQueryActiveGroupCountPtr && KeQueryActiveProcessorCountExPtr)
+ {
+ USHORT i, groupCount = KeQueryActiveGroupCountPtr ();
+ size_t cpuCount = 0;
+ for (i = 0; i < groupCount; i++)
+ {
+ cpuCount += (size_t) KeQueryActiveProcessorCountExPtr (i);
+ if (cpuCount >= index)
+ {
+ return i;
+ }
+ }
+ }
+
+ return 0;
+}
+
+void SetThreadCpuGroupAffinity (USHORT index)
+{
+ if (KeSetSystemGroupAffinityThreadPtr)
+ {
+ GROUP_AFFINITY groupAffinity = {0};
+ groupAffinity.Mask = ~0ULL;
+ groupAffinity.Group = index;
+ KeSetSystemGroupAffinityThreadPtr (&groupAffinity, NULL);
+ }
+}
void EnsureNullTerminatedString (wchar_t *str, size_t maxSizeInBytes)
{
diff --git a/src/Driver/Ntdriver.h b/src/Driver/Ntdriver.h
index 2e4d655..25ee64e 100644
--- a/src/Driver/Ntdriver.h
+++ b/src/Driver/Ntdriver.h
@@ -174,6 +174,8 @@ NTSTATUS TCCompleteDiskIrp (PIRP irp, NTSTATUS status, ULONG_PTR information);
NTSTATUS ProbeRealDriveSize (PDEVICE_OBJECT driveDeviceObject, LARGE_INTEGER *driveSize);
BOOL UserCanAccessDriveDevice ();
size_t GetCpuCount ();
+USHORT GetCpuGroup (size_t index);
+void SetThreadCpuGroupAffinity (USHORT index);
void EnsureNullTerminatedString (wchar_t *str, size_t maxSizeInBytes);
void *AllocateMemoryWithTimeout (size_t size, int retryDelay, int timeout);
BOOL IsDriveLetterAvailable (int nDosDriveNo, DeviceNamespaceType namespaceType);
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c
index c3344fd..e88105c 100644
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -303,7 +303,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
if (mount->bMountReadOnly || ntStatus == STATUS_ACCESS_DENIED)
{
ntStatus = ZwCreateFile (&Extension->hDeviceFile,
- GENERIC_READ | SYNCHRONIZE,
+ GENERIC_READ | (!bRawDevice && mount->bPreserveTimestamp? FILE_WRITE_ATTRIBUTES : 0) | SYNCHRONIZE,
&oaFileAttributes,
&IoStatusBlock,
NULL,
@@ -318,6 +318,26 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
NULL,
0);
+ if (!NT_SUCCESS (ntStatus) && !bRawDevice && mount->bPreserveTimestamp)
+ {
+ /* try again without FILE_WRITE_ATTRIBUTES */
+ ntStatus = ZwCreateFile (&Extension->hDeviceFile,
+ GENERIC_READ | SYNCHRONIZE,
+ &oaFileAttributes,
+ &IoStatusBlock,
+ NULL,
+ FILE_ATTRIBUTE_NORMAL |
+ FILE_ATTRIBUTE_SYSTEM,
+ exclusiveAccess ? FILE_SHARE_READ : FILE_SHARE_READ | FILE_SHARE_WRITE,
+ FILE_OPEN,
+ FILE_RANDOM_ACCESS |
+ FILE_WRITE_THROUGH |
+ (disableBuffering ? FILE_NO_INTERMEDIATE_BUFFERING : 0) |
+ FILE_SYNCHRONOUS_IO_NONALERT,
+ NULL,
+ 0);
+ }
+
if (NT_SUCCESS (ntStatus) && !mount->bMountReadOnly)
mount->VolumeMountedReadOnlyAfterAccessDenied = TRUE;
@@ -362,6 +382,18 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
Extension->fileLastWriteTime = FileBasicInfo.LastWriteTime;
Extension->fileLastChangeTime = FileBasicInfo.ChangeTime;
Extension->bTimeStampValid = TRUE;
+
+ // we tell the system not to update LastAccessTime, LastWriteTime, and ChangeTime
+ FileBasicInfo.CreationTime.QuadPart = 0;
+ FileBasicInfo.LastAccessTime.QuadPart = -1;
+ FileBasicInfo.LastWriteTime.QuadPart = -1;
+ FileBasicInfo.ChangeTime.QuadPart = -1;
+
+ ZwSetInformationFile (Extension->hDeviceFile,
+ &IoStatusBlock,
+ &FileBasicInfo,
+ sizeof (FileBasicInfo),
+ FileBasicInformation);
}
ntStatus = ZwQueryInformationFile (Extension->hDeviceFile,
diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c
index ec78a36..e340a8b 100644
--- a/src/ExpandVolume/ExpandVolume.c
+++ b/src/ExpandVolume/ExpandVolume.c
@@ -512,6 +512,11 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
BOOL backupHeader;
byte *wipeBuffer = NULL;
uint32 workChunkSize = TC_VOLUME_HEADER_GROUP_SIZE;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+ PCRYPTO_INFO cryptoInfoBackup = NULL;
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
if (pVolumePassword->Length == 0) return -1;
@@ -535,6 +540,27 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
if (dev == INVALID_HANDLE_VALUE)
goto error;
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Time timestamps are not modified
+ // in order to preserve plausible deniability of hidden volumes (last password change time is stored in the volume header).
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ /* Remember the container modification/creation date and time, (used to reset file date and time of
+ file-hosted volumes after password change (or attempt to), in order to preserve plausible deniability
+ of hidden volumes (last password change time is stored in the volume header). */
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ {
+ bTimeStampValid = FALSE;
+ MessageBoxW (hwndDlg, GetString ("GETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
+ }
+ else
+ bTimeStampValid = TRUE;
+ }
if (bDevice)
{
@@ -628,20 +654,6 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
goto error;
}
- if (!bDevice && bPreserveTimestamp)
- {
- /* Remember the container modification/creation date and time, (used to reset file date and time of
- file-hosted volumes after password change (or attempt to), in order to preserve plausible deniability
- of hidden volumes (last password change time is stored in the volume header). */
-
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- {
- bTimeStampValid = FALSE;
- MessageBoxW (hwndDlg, GetString ("GETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
- }
- else
- bTimeStampValid = TRUE;
- }
// Seek the volume header
headerOffset.QuadPart = TC_VOLUME_HEADER_OFFSET;
@@ -673,7 +685,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
}
#ifdef _WIN64
- if (IsRamEncryptionEnabled())
+ if (bIsRamEncryptionEnabled)
{
VcProtectKeys (cryptoInfo, VcGetEncryptionID (cryptoInfo));
}
@@ -844,6 +856,17 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
else
DebugAddProgressDlgStatus(hwndDlg, L"Writing re-encrypted primary header ...\r\n");
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof (CRYPTO_INFO));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
// Prepare new volume header
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
buffer,
@@ -863,6 +886,15 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
cryptoInfo->SectorSize,
FALSE ); // use slow poll
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (CRYPTO_INFO));
+ }
+#endif
+
if (ci != NULL)
crypto_close (ci);
@@ -894,7 +926,26 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
PCRYPTO_INFO dummyInfo = NULL;
LARGE_INTEGER hiddenOffset;
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof (CRYPTO_INFO));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, newDataAreaSize, !backupHeader, backupHeader);
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (CRYPTO_INFO));
+ }
+#endif
if (nStatus != ERR_SUCCESS)
goto error;
diff --git a/src/ExpandVolume/ExpandVolume.rc b/src/ExpandVolume/ExpandVolume.rc
index 860130e..4726012 100644
--- a/src/ExpandVolume/ExpandVolume.rc
+++ b/src/ExpandVolume/ExpandVolume.rc
@@ -193,8 +193,8 @@ IDR_MOUNT_RSRC_HEADER HEADER "resource.h"
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -211,11 +211,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Expander"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update5"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCryptExpander.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update5"
END
END
BLOCK "VarFileInfo"
diff --git a/src/ExpandVolume/InitDataArea.c b/src/ExpandVolume/InitDataArea.c
index afca230..618358d 100644
--- a/src/ExpandVolume/InitDataArea.c
+++ b/src/ExpandVolume/InitDataArea.c
@@ -56,6 +56,9 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
LARGE_INTEGER startOffset;
LARGE_INTEGER newOffset;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+#endif
// Seek to start sector
startOffset.QuadPart = startSector * FormatSectorSize;
@@ -74,6 +77,16 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
memset (sector, 0, sizeof (sector));
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
// Remember the original secondary key (XTS mode) before generating a temporary one
memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2));
@@ -136,6 +149,13 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
return 0;
@@ -147,6 +167,13 @@ fail:
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
SetLastError (err);
return (retVal ? retVal : ERR_OS_ERROR);
diff --git a/src/ExpandVolume/WinMain.cpp b/src/ExpandVolume/WinMain.cpp
index ffeabe0..10c1af4 100644
--- a/src/ExpandVolume/WinMain.cpp
+++ b/src/ExpandVolume/WinMain.cpp
@@ -866,6 +866,67 @@ static BOOL SelectPartition (HWND hwndDlg)
return FALSE;
}
+void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
+{
+ wchar_t **lpszCommandLineArgs = NULL; /* Array of command line arguments */
+ int nNoCommandLineArgs; /* The number of arguments in the array */
+
+ /* Extract command line arguments */
+ nNoCommandLineArgs = Win32CommandLine (&lpszCommandLineArgs);
+ if (nNoCommandLineArgs > 0)
+ {
+ int i;
+
+ for (i = 0; i < nNoCommandLineArgs; i++)
+ {
+ enum
+ {
+ OptionEnableMemoryProtection,
+ };
+
+ argument args[]=
+ {
+ { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE },
+ };
+
+ argumentspec as;
+
+ int x;
+
+ if (lpszCommandLineArgs[i] == NULL)
+ continue;
+
+ as.args = args;
+ as.arg_cnt = sizeof(args)/ sizeof(args[0]);
+
+ x = GetArgumentID (&as, lpszCommandLineArgs[i]);
+
+ switch (x)
+ {
+
+ case OptionEnableMemoryProtection:
+ EnableMemoryProtection = TRUE;
+ break;
+
+ default:
+ DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_COMMANDHELP_DLG), hwndDlg, (DLGPROC)
+ CommandHelpDlgProc, (LPARAM) &as);
+
+ exit(0);
+ }
+ }
+ }
+
+ /* Free up the command line arguments */
+ while (--nNoCommandLineArgs >= 0)
+ {
+ free (lpszCommandLineArgs[nNoCommandLineArgs]);
+ }
+
+ if (lpszCommandLineArgs)
+ free (lpszCommandLineArgs);
+}
+
/* Except in response to the WM_INITDIALOG and WM_ENDSESSION messages, the dialog box procedure
should return nonzero if it processes a message, and zero if it does not. */
@@ -890,6 +951,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
bUseSecureDesktop = FALSE;
bUseLegacyMaxPasswordLength = FALSE;
+ VeraCryptExpander::ExtractCommandLine (hwndDlg, (wchar_t *) lParam);
+
if (UsePreferences)
{
// General preferences
@@ -900,6 +963,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
RestoreDefaultKeyFilesParam ();
}
+ if (EnableMemoryProtection)
+ {
+ /* Protect this process memory from being accessed by non-admin users */
+ EnableProcessProtection ();
+ }
+
InitMainDialog (hwndDlg);
// Quit
diff --git a/src/Format/Format.rc b/src/Format/Format.rc
index 01ee4a5..8df40e1 100644
--- a/src/Format/Format.rc
+++ b/src/Format/Format.rc
@@ -28,8 +28,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -46,11 +46,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Format"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update5"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Format.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update5"
END
END
BLOCK "VarFileInfo"
@@ -90,7 +90,7 @@ BEGIN
DEFPUSHBUTTON "",IDC_NEXT,310,234,60,14
PUSHBUTTON "Cancel",IDCANCEL,382,234,60,14
LTEXT "",IDC_BOX_TITLE,160,8,283,17
- GROUPBOX "",IDC_STATIC,51,0,392,230
+ GROUPBOX "",IDC_STATIC,4,0,439,230
CONTROL 116,IDC_BITMAP_WIZARD,"Static",SS_BITMAP | SS_SUNKEN,10,9,137,193
LTEXT "",IDC_POS_BOX,160,24,281,193
END
@@ -129,7 +129,7 @@ IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_SIZEBOX,25,22,71,14,ES_AUTOHSCROLL | ES_NUMBER
+ EDITTEXT IDC_SIZEBOX,0,22,96,14,ES_AUTOHSCROLL | ES_NUMBER
CONTROL "&KB",IDC_KB,"Button",BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,105,25,27,10
CONTROL "&MB",IDC_MB,"Button",BS_AUTORADIOBUTTON,140,25,27,10
CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,175,25,27,10
diff --git a/src/Format/InPlace.c b/src/Format/InPlace.c
index 7117a8a..4a16fd4 100644
--- a/src/Format/InPlace.c
+++ b/src/Format/InPlace.c
@@ -774,6 +774,9 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
int pim = volParams->pim;
DISK_GEOMETRY driveGeometry;
HWND hwndDlg = volParams->hwndDlg;
+#ifdef _WIN64
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
bInPlaceEncNonSysResumed = TRUE;
@@ -870,7 +873,7 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
goto closing_seq;
#ifdef _WIN64
- if (IsRamEncryptionEnabled ())
+ if (bIsRamEncryptionEnabled)
{
VcProtectKeys (masterCryptoInfo, VcGetEncryptionID (masterCryptoInfo));
VcProtectKeys (headerCryptoInfo, VcGetEncryptionID (headerCryptoInfo));
@@ -1097,6 +1100,19 @@ inplace_enc_read:
{
PCRYPTO_INFO dummyInfo = NULL;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+ PCRYPTO_INFO cryptoInfoBackup = NULL;
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof(tmpCI));
+ memcpy (&tmpCI, masterCryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (masterCryptoInfo));
+ cryptoInfoBackup = masterCryptoInfo;
+ masterCryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
header,
headerCryptoInfo->ea,
@@ -1115,6 +1131,15 @@ inplace_enc_read:
masterCryptoInfo->SectorSize,
wipeAlgorithm == TC_WIPE_NONE ? FALSE : (wipePass < PRAND_HEADER_WIPE_PASSES - 1));
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ masterCryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof(tmpCI));
+ }
+#endif
+
if (nStatus != ERR_SUCCESS)
goto closing_seq;
@@ -1128,9 +1153,28 @@ inplace_enc_read:
goto closing_seq;
}
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof(tmpCI));
+ memcpy (&tmpCI, headerCryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (headerCryptoInfo));
+ cryptoInfoBackup = headerCryptoInfo;
+ headerCryptoInfo = &tmpCI;
+ }
+#endif
// Fill the reserved sectors of the header area with random data
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, headerCryptoInfo, masterCryptoInfo->VolumeSize.Value, TRUE, FALSE);
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ headerCryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof(tmpCI));
+ }
+#endif
+
if (nStatus != ERR_SUCCESS)
goto closing_seq;
@@ -1290,6 +1334,9 @@ int DecryptPartitionInPlace (volatile FORMAT_VOL_PARAMETERS *volParams, volatile
int pkcs5_prf = volParams->pkcs5;
int pim = volParams->pim;
DISK_GEOMETRY driveGeometry;
+#ifdef _WIN64
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
buf = (char *) TCalloc (TC_MAX_NONSYS_INPLACE_ENC_WORK_CHUNK_SIZE);
@@ -1397,7 +1444,7 @@ int DecryptPartitionInPlace (volatile FORMAT_VOL_PARAMETERS *volParams, volatile
goto closing_seq;
#ifdef _WIN64
- if (IsRamEncryptionEnabled ())
+ if (bIsRamEncryptionEnabled)
{
VcProtectKeys (masterCryptoInfo, VcGetEncryptionID (masterCryptoInfo));
VcProtectKeys (headerCryptoInfo, VcGetEncryptionID (headerCryptoInfo));
@@ -1799,6 +1846,9 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN
uint32 headerCrc32;
byte *fieldPos;
PCRYPTO_INFO pCryptoInfo = headerCryptoInfo;
+#ifdef _WIN64
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
header = (byte *) TCalloc (TC_VOLUME_HEADER_EFFECTIVE_SIZE);
@@ -1820,7 +1870,7 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN
}
#ifdef _WIN64
- if (IsRamEncryptionEnabled())
+ if (bIsRamEncryptionEnabled)
{
pCryptoInfo = crypto_open();
if (!pCryptoInfo)
@@ -1874,7 +1924,7 @@ closing_seq:
dwError = GetLastError();
#ifdef _WIN64
- if (IsRamEncryptionEnabled() && pCryptoInfo)
+ if (bIsRamEncryptionEnabled && pCryptoInfo)
{
crypto_close(pCryptoInfo);
}
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index dba64c2..3d394c1 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -250,6 +250,7 @@ int CmdVolumeFilesystem = FILESYS_NONE;
unsigned __int64 CmdVolumeFileSize = 0;
BOOL CmdSparseFileSwitch = FALSE;
BOOL CmdQuickFormat = FALSE;
+BOOL CmdFastCreateFile = FALSE;
BOOL bForceOperation = FALSE;
@@ -282,6 +283,7 @@ BOOL bDisplayPoolContents = TRUE;
volatile BOOL bSparseFileSwitch = FALSE;
volatile BOOL quickFormat = FALSE;
+volatile BOOL fastCreateFile = FALSE;
volatile BOOL dynamicFormat = FALSE; /* this variable represents the sparse file flag. */
volatile int fileSystem = FILESYS_NONE;
volatile int clusterSize = 0;
@@ -2635,6 +2637,7 @@ static void __cdecl volTransformThreadFunction (void *hwndDlgArg)
volParams->clusterSize = clusterSize;
volParams->sparseFileSwitch = dynamicFormat;
volParams->quickFormat = quickFormat;
+ volParams->fastCreateFile = fastCreateFile;
volParams->sectorSize = GetFormatSectorSize();
volParams->realClusterSize = &realClusterSize;
volParams->password = &volumePassword;
@@ -3313,6 +3316,12 @@ BOOL IsSparseFile (HWND hwndDlg)
if (bPreserveTimestamp)
{
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (hFile, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (hFile, NULL, &ftLastAccessTime, NULL) == 0)
bTimeStampValid = FALSE;
else
@@ -3352,6 +3361,12 @@ BOOL GetFileVolSize (HWND hwndDlg, unsigned __int64 *size)
if (bPreserveTimestamp)
{
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (hFile, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (hFile, NULL, &ftLastAccessTime, NULL) == 0)
bTimeStampValid = FALSE;
else
@@ -4547,6 +4562,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (hwndDlg, IDT_RESCUE_DISK_INFO), bSystemIsGPT? GetString ("RESCUE_DISK_EFI_INFO"): GetString ("RESCUE_DISK_INFO"));
+ SetCheckBox (hwndDlg, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk);
SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
@@ -6129,6 +6145,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
ExtractCommandLine (hwndDlg, (wchar_t *) lParam);
+ if (EnableMemoryProtection)
+ {
+ /* Protect this process memory from being accessed by non-admin users */
+ EnableProcessProtection ();
+ }
+
if (ComServerMode)
{
InitDialog (hwndDlg);
@@ -6141,6 +6163,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
exit (0);
}
+ fastCreateFile = CmdFastCreateFile;
+
if (DirectCreationMode)
{
wchar_t root[TC_MAX_PATH];
@@ -8982,6 +9006,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionForce,
OptionNoSizeCheck,
OptionQuickFormat,
+ OptionFastCreateFile,
+ OptionEnableMemoryProtection,
};
argument args[]=
@@ -9004,6 +9030,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionForce, L"/force", NULL, FALSE },
{ OptionNoSizeCheck, L"/nosizecheck", NULL, FALSE },
{ OptionQuickFormat, L"/quick", NULL, FALSE },
+ { OptionFastCreateFile, L"/fastcreatefile", NULL, FALSE },
+ { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE },
// Internal
{ CommandResumeSysEncLogOn, L"/acsysenc", L"/a", TRUE },
@@ -9360,6 +9388,14 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
CmdQuickFormat = TRUE;
break;
+ case OptionFastCreateFile:
+ CmdFastCreateFile = TRUE;
+ break;
+
+ case OptionEnableMemoryProtection:
+ EnableMemoryProtection = TRUE;
+ break;
+
case OptionHistory:
{
wchar_t szTmp[8] = {0};
diff --git a/src/Format/VeraCrypt_Wizard.bmp b/src/Format/VeraCrypt_Wizard.bmp
index a368a3a..24f3028 100644
--- a/src/Format/VeraCrypt_Wizard.bmp
+++ b/src/Format/VeraCrypt_Wizard.bmp
Binary files differ
diff --git a/src/Main/Forms/MainFrame.cpp b/src/Main/Forms/MainFrame.cpp
index 9abe255..2585319 100644
--- a/src/Main/Forms/MainFrame.cpp
+++ b/src/Main/Forms/MainFrame.cpp
@@ -99,6 +99,9 @@ namespace VeraCrypt
Connect( wxID_ANY, wxEVT_COMMAND_PREF_UPDATED, wxCommandEventHandler( MainFrame::OnPreferencesUpdated ) );
Connect( wxID_ANY, wxEVT_COMMAND_OPEN_VOLUME_REQUEST, wxCommandEventHandler( MainFrame::OnOpenVolumeSystemRequest ) );
+#ifdef TC_MACOSX
+ Connect( wxID_ANY, wxEVT_MOVE, wxMoveEventHandler( MainFrame::OnMoveHandler ) );
+#endif
}
MainFrame::~MainFrame ()
@@ -119,6 +122,9 @@ namespace VeraCrypt
Disconnect( wxID_ANY, wxEVT_COMMAND_UPDATE_VOLUME_LIST, wxCommandEventHandler( MainFrame::OnUpdateVolumeList ) );
Disconnect( wxID_ANY, wxEVT_COMMAND_PREF_UPDATED, wxCommandEventHandler( MainFrame::OnPreferencesUpdated ) );
Disconnect( wxID_ANY, wxEVT_COMMAND_OPEN_VOLUME_REQUEST, wxCommandEventHandler( MainFrame::OnOpenVolumeSystemRequest ) );
+#ifdef TC_MACOSX
+ Disconnect( wxID_ANY, wxEVT_MOVE, wxMoveEventHandler( MainFrame::OnMoveHandler ) );
+#endif
Core->VolumeMountedEvent.Disconnect (this);
Core->VolumeDismountedEvent.Disconnect (this);
Gui->OpenVolumeSystemRequestEvent.Disconnect (this);
@@ -725,6 +731,7 @@ namespace VeraCrypt
#ifdef TC_MACOSX
if (Gui->IsInBackgroundMode())
Gui->SetBackgroundMode (false);
+ EnsureVisible ();
#endif
AboutDialog dialog (this);
dialog.ShowModal();
@@ -1722,4 +1729,11 @@ namespace VeraCrypt
Core->WipePasswordCache();
UpdateWipeCacheButton();
}
+
+#ifdef TC_MACOSX
+ void MainFrame::OnMoveHandler(wxMoveEvent& event)
+ {
+ EnsureVisible (true);
+ }
+#endif
}
diff --git a/src/Main/Forms/MainFrame.h b/src/Main/Forms/MainFrame.h
index 39c411a..414ecca 100644
--- a/src/Main/Forms/MainFrame.h
+++ b/src/Main/Forms/MainFrame.h
@@ -15,6 +15,9 @@
#include "Forms.h"
#include "ChangePasswordDialog.h"
+#ifdef TC_MACOSX
+#include <wx/display.h>
+#endif
namespace VeraCrypt
{
@@ -162,6 +165,35 @@ namespace VeraCrypt
void UpdateWipeCacheButton ();
void WipeCache ();
+#ifdef TC_MACOSX
+ void OnMoveHandler(wxMoveEvent& event);
+
+ void EnsureVisible(bool bOnlyHeadingBar = false)
+ {
+ wxDisplay display (this);
+ wxRect displayRect = display.GetClientArea();
+
+ bool bMove = false;
+ wxPoint p = GetScreenPosition();
+ wxRect r = GetRect ();
+ wxRect rc = GetClientRect ();
+ int titleBarHeight = r.height - rc.height;
+
+ if (!bOnlyHeadingBar && (p.x < displayRect.x))
+ p.x = 0, bMove = true;
+ if (p.y < displayRect.y)
+ p.y = displayRect.y, bMove = true;
+ if (!bOnlyHeadingBar && (p.x + r.width > displayRect.x + displayRect.width))
+ p.x = displayRect.x + displayRect.width - r.width, bMove = true;
+ if (!bOnlyHeadingBar && (p.y + r.height > displayRect.y + displayRect.height))
+ p.y = displayRect.y + displayRect.height - r.height, bMove = true;
+ if (bOnlyHeadingBar && (p.y > (displayRect.y + displayRect.height - titleBarHeight)))
+ p.y = displayRect.y + displayRect.height - titleBarHeight, bMove = true;
+ if (bMove)
+ Move (p);
+ }
+#endif
+
struct VolumeActivityMapEntry
{
VolumeActivityMapEntry () { }
diff --git a/src/Main/Forms/VolumeSizeWizardPage.cpp b/src/Main/Forms/VolumeSizeWizardPage.cpp
index 3781b05..fc045b5 100644
--- a/src/Main/Forms/VolumeSizeWizardPage.cpp
+++ b/src/Main/Forms/VolumeSizeWizardPage.cpp
@@ -103,7 +103,7 @@ namespace VeraCrypt
try
{
uint64 uiVolumeSize = GetVolumeSize();
- if (uiVolumeSize >= MinVolumeSize && (!MaxVolumeSizeValid || uiVolumeSize <= MaxVolumeSize) && (CmdLine->ArgDisableFileSizeCheck || !AvailableDiskSpace || uiVolumeSize <= AvailableDiskSpace))
+ if (uiVolumeSize >= MinVolumeSize && (!MaxVolumeSizeValid || uiVolumeSize <= MaxVolumeSize) && (MaxVolumeSizeValid || CmdLine->ArgDisableFileSizeCheck || !AvailableDiskSpace || uiVolumeSize <= AvailableDiskSpace))
return true;
}
catch (...) { }
diff --git a/src/Main/Main.make b/src/Main/Main.make
index a154a84..18efba6 100755
--- a/src/Main/Main.make
+++ b/src/Main/Main.make
@@ -82,14 +82,10 @@ CXXFLAGS += -I$(BASE_DIR)/Main
#------ wxWidgets configuration ------
ifdef TC_NO_GUI
-ifdef VC_WX_STATIC
WX_CONFIG_LIBS := base
else
WX_CONFIG_LIBS := adv,core,base
endif
-else
-WX_CONFIG_LIBS := adv,core,base
-endif
ifeq "$(TC_BUILD_CONFIG)" "Release"
diff --git a/src/Main/TextUserInterface.h b/src/Main/TextUserInterface.h
index 95db02d..78874b8 100644
--- a/src/Main/TextUserInterface.h
+++ b/src/Main/TextUserInterface.h
@@ -47,7 +47,9 @@ namespace VeraCrypt
virtual void ExportSecurityTokenKeyfile () const;
virtual shared_ptr <GetStringFunctor> GetAdminPasswordRequestHandler ();
virtual void ImportSecurityTokenKeyfiles () const;
+#ifndef TC_NO_GUI
virtual bool Initialize (int &argc, wxChar **argv) { return wxAppBase::Initialize(argc, argv); }
+#endif
virtual void InitSecurityTokenLibrary () const;
virtual void ListSecurityTokenKeyfiles () const;
virtual VolumeInfoList MountAllDeviceHostedVolumes (MountOptions &options) const;
diff --git a/src/Makefile b/src/Makefile
index fe0c143..f881c87 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -69,7 +69,7 @@ endif
ifeq "$(origin NOGUI)" "command line"
export TC_NO_GUI := 1
- C_CXX_FLAGS += -DTC_NO_GUI
+ C_CXX_FLAGS += -DTC_NO_GUI -DwxUSE_GUI=0
WX_CONFIGURE_FLAGS += --disable-gui
endif
@@ -151,6 +151,7 @@ endif
ifeq "$(origin NOASM)" "command line"
CPU_ARCH = unknown
+ C_CXX_FLAGS += -DCRYPTOPP_DISABLE_X86ASM
endif
ifeq "$(CPU_ARCH)" "x86"
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 54dc815..ca32228 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -181,6 +181,8 @@ static int bPrebootPasswordDlgMode = FALSE;
static int NoCmdLineArgs;
static BOOL CmdLineVolumeSpecified;
static int LastDriveListVolumeColumnWidth;
+static BOOL ExitMailSlotSpecified = FALSE;
+static TCHAR ExitMailSlotName[MAX_PATH];
// WTS handling
static HMODULE hWtsLib = NULL;
static WTSREGISTERSESSIONNOTIFICATION fnWtsRegisterSessionNotification = NULL;
@@ -5061,7 +5063,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
else if (!Silent)
{
int GuiPkcs5 = EffectiveVolumePkcs5;
- BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
+ BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode || IsTrueCryptFileExtension (szFileName)? TRUE : FALSE;
int GuiPim = EffectiveVolumePim;
StringCbCopyW (PasswordDlgVolume, sizeof(PasswordDlgVolume), szFileName);
@@ -5155,7 +5157,14 @@ static BOOL Dismount (HWND hwndDlg, int nDosDriveNo)
WaitCursor ();
if (nDosDriveNo == -2)
+ {
nDosDriveNo = (char) (HIWORD (GetSelectedLong (GetDlgItem (hwndDlg, IDC_DRIVELIST))) - L'A');
+ if (nDosDriveNo < 0 || nDosDriveNo >= 26)
+ {
+ NormalCursor ();
+ return FALSE;
+ }
+ }
if (bCloseDismountedWindows)
{
@@ -6780,6 +6789,41 @@ void DisplayDriveListContextMenu (HWND hwndDlg, LPARAM lParam)
}
}
+// broadcast signal to WAITFOR.EXE MailSlot to notify any waiting instance that we are exiting
+static void SignalExitCode (int exitCode)
+{
+ if (ExitMailSlotSpecified)
+ {
+ HANDLE hFile;
+ hFile = CreateFile (ExitMailSlotName,
+ GENERIC_WRITE,
+ FILE_SHARE_READ,
+ (LPSECURITY_ATTRIBUTES) NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ (HANDLE) NULL);
+ if ((hFile == INVALID_HANDLE_VALUE) && (GetLastError () == ERROR_FILE_NOT_FOUND))
+ {
+ // MailSlot not found, wait 1 second and try again in case we exited too quickly
+ Sleep (1000);
+ hFile = CreateFile (ExitMailSlotName,
+ GENERIC_WRITE,
+ FILE_SHARE_READ,
+ (LPSECURITY_ATTRIBUTES) NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ (HANDLE) NULL);
+ }
+ if (hFile != INVALID_HANDLE_VALUE)
+ {
+ char szMsg[64];
+ DWORD cbWritten;
+ StringCbPrintfA (szMsg, sizeof (szMsg), "VeraCrypt Exit %d", exitCode);
+ WriteFile(hFile, szMsg, (DWORD) (strlen (szMsg) +1), &cbWritten, (LPOVERLAPPED) NULL);
+ CloseHandle (hFile);
+ }
+ }
+}
/* Except in response to the WM_INITDIALOG and WM_ENDSESSION messages, the dialog box procedure
should return nonzero if it processes a message, and zero if it does not. */
@@ -6859,6 +6903,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
AbortProcess ("COMMAND_LINE_ERROR");
}
+ if (EnableMemoryProtection)
+ {
+ /* Protect this process memory from being accessed by non-admin users */
+ EnableProcessProtection ();
+ }
+
if (ComServerMode)
{
InitDialog (hwndDlg);
@@ -7120,7 +7170,10 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (Quit)
{
if (TaskBarIconMutex == NULL)
+ {
+ SignalExitCode (exitCode);
exit (exitCode);
+ }
MainWindowHidden = TRUE;
@@ -7132,6 +7185,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
if (TaskBarIconMutex)
TaskBarIconRemove (hwndDlg);
+ SignalExitCode (exitCode);
exit (exitCode);
}
else
@@ -8883,6 +8937,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionNoWaitDlg,
OptionSecureDesktop,
OptionDisableDeviceUpdate,
+ OptionEnableMemoryProtection,
+ OptionSignalExit,
};
argument args[]=
@@ -8912,6 +8968,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionNoWaitDlg, L"/nowaitdlg", NULL, FALSE },
{ OptionSecureDesktop, L"/secureDesktop", NULL, FALSE },
{ OptionDisableDeviceUpdate, L"/disableDeviceUpdate", NULL, FALSE },
+ { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE },
+ { OptionSignalExit, L"/signalExit", NULL, FALSE },
};
argumentspec as;
@@ -9008,6 +9066,23 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
}
break;
+ case OptionEnableMemoryProtection:
+ {
+ EnableMemoryProtection = TRUE;
+ }
+ break;
+
+ case OptionSignalExit:
+ if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs, &i,
+ nNoCommandLineArgs, tmpPath, ARRAYSIZE (tmpPath)))
+ {
+ StringCbPrintfW (ExitMailSlotName, sizeof (ExitMailSlotName), L"\\\\.\\mailslot\\WAITFOR.EXE\\%s", tmpPath);
+ ExitMailSlotSpecified = TRUE;
+ }
+ else
+ AbortProcess ("COMMAND_LINE_ERROR");
+ break;
+
case OptionCache:
{
wchar_t szTmp[16] = {0};
@@ -10861,6 +10936,21 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
nStatus = ERR_OS_ERROR;
goto error;
}
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access timestamp is not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ /* Remember the container modification/creation date and time. */
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
// Determine volume host size
if (bDevice)
@@ -10931,15 +11021,6 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
hostSize = fileSize.QuadPart;
}
- if (!bDevice && bPreserveTimestamp)
- {
- /* Remember the container modification/creation date and time. */
-
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
- }
/* Read the volume header from the backup file */
char buffer[TC_VOLUME_HEADER_GROUP_SIZE];
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index 275559e..efa76fe 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -548,8 +548,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -566,11 +566,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update5"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update5"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Mount/Mount.vcxproj.user b/src/Mount/Mount.vcxproj.user
index 75a63e9..9ab5ba9 100644
--- a/src/Mount/Mount.vcxproj.user
+++ b/src/Mount/Mount.vcxproj.user
@@ -1,7 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
- <LocalDebuggerCommandArguments>/DisableDeviceUpdate</LocalDebuggerCommandArguments>
+ <LocalDebuggerCommandArguments>
+ </LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project> \ No newline at end of file
diff --git a/src/Release/Setup Files/veracrypt-x64.cat b/src/Release/Setup Files/veracrypt-x64.cat
index 3669eb8..7572f66 100644
--- a/src/Release/Setup Files/veracrypt-x64.cat
+++ b/src/Release/Setup Files/veracrypt-x64.cat
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt-x64.sys b/src/Release/Setup Files/veracrypt-x64.sys
index f0dbae0..df3a752 100644
--- a/src/Release/Setup Files/veracrypt-x64.sys
+++ b/src/Release/Setup Files/veracrypt-x64.sys
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt.Inf b/src/Release/Setup Files/veracrypt.Inf
index e2e1691..95417cb 100644
--- a/src/Release/Setup Files/veracrypt.Inf
+++ b/src/Release/Setup Files/veracrypt.Inf
@@ -2,7 +2,7 @@
;;; VeraCrypt
;;;
;;;
-;;; Copyright (c) 2018, IDRIX
+;;; Copyright (c) 2020, IDRIX
;;;
[Version]
@@ -10,7 +10,7 @@ signature = "$Windows NT$"
Class = "Encryption" ;This is determined by the work this filter driver does
ClassGuid = {a0a701c0-a511-42ff-aa6c-06dc0395576f} ;This value is determined by the Class
Provider = %ProviderString%
-DriverVer = 11/05/2019,1.24.8.1
+DriverVer = 02/10/2019,1.24.14.0
CatalogFile = veracrypt.cat
diff --git a/src/Release/Setup Files/veracrypt.cat b/src/Release/Setup Files/veracrypt.cat
index c7004e9..98d8bc1 100644
--- a/src/Release/Setup Files/veracrypt.cat
+++ b/src/Release/Setup Files/veracrypt.cat
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt.sys b/src/Release/Setup Files/veracrypt.sys
index 353c41a..7004c01 100644
--- a/src/Release/Setup Files/veracrypt.sys
+++ b/src/Release/Setup Files/veracrypt.sys
Binary files differ
diff --git a/src/Setup/MacOSX/veracrypt.pkgproj b/src/Setup/MacOSX/veracrypt.pkgproj
index 55a3e0b..4bd045b 100755
--- a/src/Setup/MacOSX/veracrypt.pkgproj
+++ b/src/Setup/MacOSX/veracrypt.pkgproj
@@ -555,7 +555,7 @@
<key>USE_HFS+_COMPRESSION</key>
<false/>
<key>VERSION</key>
- <string>1.24.8</string>
+ <string>1.24.14</string>
</dict>
<key>TYPE</key>
<integer>0</integer>
@@ -1059,7 +1059,7 @@ https://osxfuse.github.io/
</dict>
</array>
<key>NAME</key>
- <string>VeraCrypt 1.24-Hotfix2</string>
+ <string>VeraCrypt 1.24-Update5</string>
<key>PAYLOAD_ONLY</key>
<false/>
<key>TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING</key>
diff --git a/src/Setup/MacOSX/veracrypt_Legacy.pkgproj b/src/Setup/MacOSX/veracrypt_Legacy.pkgproj
index d941bf2..19c816a 100755
--- a/src/Setup/MacOSX/veracrypt_Legacy.pkgproj
+++ b/src/Setup/MacOSX/veracrypt_Legacy.pkgproj
@@ -555,7 +555,7 @@
<key>USE_HFS+_COMPRESSION</key>
<false/>
<key>VERSION</key>
- <string>1.24.8</string>
+ <string>1.24.14</string>
</dict>
<key>TYPE</key>
<integer>0</integer>
@@ -1059,7 +1059,7 @@ https://osxfuse.github.io/
</dict>
</array>
<key>NAME</key>
- <string>VeraCrypt Legacy 1.24-Hotfix2</string>
+ <string>VeraCrypt Legacy 1.24-Update5</string>
<key>PAYLOAD_ONLY</key>
<false/>
<key>TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING</key>
diff --git a/src/Setup/Portable.rc b/src/Setup/Portable.rc
index a866473..7a7acfa 100644
--- a/src/Setup/Portable.rc
+++ b/src/Setup/Portable.rc
@@ -26,8 +26,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -44,11 +44,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Portable"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update5"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Portable.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update5"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Setup/Setup.rc b/src/Setup/Setup.rc
index 02957c0..b92e927 100644
--- a/src/Setup/Setup.rc
+++ b/src/Setup/Setup.rc
@@ -28,8 +28,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -46,11 +46,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Setup"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update5"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Setup.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update5"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Signing/sign.bat b/src/Signing/sign.bat
index eb40b44..adf9358 100644
--- a/src/Signing/sign.bat
+++ b/src/Signing/sign.bat
@@ -1,6 +1,6 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Hotfix2
+set VC_VERSION=1.24-Update5
set SIGNINGPATH=%~dp0
cd %SIGNINGPATH%
diff --git a/src/Signing/sign_test.bat b/src/Signing/sign_test.bat
index 6bf9289..74b48c9 100644
--- a/src/Signing/sign_test.bat
+++ b/src/Signing/sign_test.bat
@@ -1,5 +1,5 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Hotfix2
+set VC_VERSION=1.24-Update5
set PFXNAME=TestCertificate\idrix_codeSign.pfx
set PFXPASSWORD=idrix
set PFXCA=TestCertificate\idrix_TestRootCA.crt
diff --git a/src/Signing/sign_test_debug.bat b/src/Signing/sign_test_debug.bat
index 8c98ebc..f44690d 100644
--- a/src/Signing/sign_test_debug.bat
+++ b/src/Signing/sign_test_debug.bat
@@ -1,5 +1,5 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Hotfix2
+set VC_VERSION=1.24-Update5
set PFXNAME=TestCertificate\idrix_codeSign.pfx
set PFXPASSWORD=idrix
set PFXCA=TestCertificate\idrix_TestRootCA.crt
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp
index 32f61b7..40507a2 100644
--- a/src/Volume/Cipher.cpp
+++ b/src/Volume/Cipher.cpp
@@ -247,7 +247,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
+#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM)
if ((blockCount >= 4)
&& IsHwSupportAvailable())
{
@@ -263,7 +263,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
+#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM)
if ((blockCount >= 4)
&& IsHwSupportAvailable())
{
@@ -318,7 +318,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
twofish_encrypt_blocks ( (TwofishInstance *) ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::EncryptBlocks (data, blockCount);
@@ -330,7 +330,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
twofish_decrypt_blocks ( (TwofishInstance *) ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::DecryptBlocks (data, blockCount);
@@ -339,7 +339,7 @@ namespace VeraCrypt
bool CipherTwofish::IsHwSupportAvailable () const
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
return true;
#else
return false;
@@ -372,7 +372,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
camellia_encrypt_blocks ( ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::EncryptBlocks (data, blockCount);
@@ -384,7 +384,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
camellia_decrypt_blocks ( ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::DecryptBlocks (data, blockCount);
@@ -393,7 +393,7 @@ namespace VeraCrypt
bool CipherCamellia::IsHwSupportAvailable () const
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
return true;
#else
return false;