VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Translations/Language.ar.xml2
-rw-r--r--Translations/Language.be.xml2
-rw-r--r--Translations/Language.bg.xml2
-rw-r--r--Translations/Language.ca.xml2
-rw-r--r--Translations/Language.cs.xml2
-rw-r--r--Translations/Language.da.xml2
-rw-r--r--Translations/Language.de.xml2
-rw-r--r--Translations/Language.el.xml2
-rw-r--r--Translations/Language.es.xml2
-rw-r--r--Translations/Language.et.xml2
-rw-r--r--Translations/Language.eu.xml2
-rw-r--r--Translations/Language.fa.xml2
-rw-r--r--Translations/Language.fi.xml2
-rw-r--r--Translations/Language.fr.xml2
-rw-r--r--Translations/Language.hu.xml2
-rw-r--r--Translations/Language.id.xml2
-rw-r--r--Translations/Language.it.xml2
-rw-r--r--Translations/Language.ja.xml2
-rw-r--r--Translations/Language.ka.xml2
-rw-r--r--Translations/Language.ko.xml2
-rw-r--r--Translations/Language.lv.xml2
-rw-r--r--Translations/Language.my.xml2
-rw-r--r--Translations/Language.nl.xml2
-rw-r--r--Translations/Language.nn.xml2
-rw-r--r--Translations/Language.pl.xml2
-rw-r--r--Translations/Language.pt-br.xml2
-rw-r--r--Translations/Language.ro.xml2
-rw-r--r--Translations/Language.ru.xml2
-rw-r--r--Translations/Language.sk.xml2
-rw-r--r--Translations/Language.sl.xml2
-rw-r--r--Translations/Language.sv.xml2
-rw-r--r--Translations/Language.th.xml2
-rw-r--r--Translations/Language.tr.xml2
-rw-r--r--Translations/Language.uk.xml2
-rw-r--r--Translations/Language.uz.xml2
-rw-r--r--Translations/Language.vi.xml2
-rw-r--r--Translations/Language.zh-cn.xml2
-rw-r--r--Translations/Language.zh-hk.xml2
-rw-r--r--Translations/Language.zh-tw.xml2
-rw-r--r--doc/chm/VeraCrypt User Guide.chmbin1971361 -> 1973753 bytes
-rw-r--r--doc/html/Favorite Volumes.html5
-rw-r--r--doc/html/Release Notes.html66
-rw-r--r--doc/html/VeraCrypt Rescue Disk.html34
-rw-r--r--src/Boot/EFI/DcsBoot.efibin23928 -> 24088 bytes
-rw-r--r--src/Boot/EFI/DcsBoot32.efibin20440 -> 20472 bytes
-rw-r--r--src/Boot/EFI/DcsCfg.efibin953272 -> 953528 bytes
-rw-r--r--src/Boot/EFI/DcsCfg32.efibin815928 -> 816152 bytes
-rw-r--r--src/Boot/EFI/DcsInfo.efibin37144 -> 37144 bytes
-rw-r--r--src/Boot/EFI/DcsInfo32.efibin33880 -> 33880 bytes
-rw-r--r--src/Boot/EFI/DcsInt.efibin911672 -> 912184 bytes
-rw-r--r--src/Boot/EFI/DcsInt32.efibin794712 -> 795160 bytes
-rw-r--r--src/Boot/EFI/DcsRe.efibin28472 -> 28472 bytes
-rw-r--r--src/Boot/EFI/DcsRe32.efibin24056 -> 24056 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker.efibin9816 -> 9816 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker32.efibin9560 -> 9560 bytes
-rw-r--r--src/Build/CMakeLists.txt4
-rw-r--r--src/Build/Resources/MacOSX/Info.plist.legacy.xml2
-rw-r--r--src/Build/Resources/MacOSX/Info.plist.xml2
-rwxr-xr-xsrc/Build/build_veracrypt_macosx.sh6
-rw-r--r--src/Common/BootEncryption.cpp94
-rw-r--r--src/Common/BootEncryption.h8
-rw-r--r--src/Common/Crypto.c6
-rw-r--r--src/Common/Dlgcode.c310
-rw-r--r--src/Common/Dlgcode.h4
-rw-r--r--src/Common/Format.c46
-rw-r--r--src/Common/Format.h1
-rw-r--r--src/Common/Keyfiles.c59
-rw-r--r--src/Common/Password.c20
-rw-r--r--src/Common/Tcdefs.h15
-rw-r--r--src/Core/Unix/CoreUnix.cpp7
-rw-r--r--src/Crypto/Aeskey.c13
-rw-r--r--src/Crypto/Camellia.c2
-rw-r--r--src/Crypto/Camellia.h2
-rw-r--r--src/Crypto/Sha2.c4
-rw-r--r--src/Crypto/Sha2.h2
-rw-r--r--src/Crypto/Twofish.c8
-rw-r--r--src/Crypto/Twofish.h4
-rw-r--r--src/Driver/Driver.rc4
-rw-r--r--src/Driver/Ntdriver.c28
-rw-r--r--src/Driver/Ntvol.c34
-rw-r--r--src/ExpandVolume/ExpandVolume.c35
-rw-r--r--src/ExpandVolume/ExpandVolume.rc8
-rw-r--r--src/ExpandVolume/WinMain.cpp2
-rw-r--r--src/Format/Format.rc10
-rw-r--r--src/Format/Tcformat.c23
-rw-r--r--src/Main/Forms/VolumeCreationWizard.cpp2
-rw-r--r--src/Main/Forms/WaitDialog.cpp1
-rwxr-xr-xsrc/Main/Main.make8
-rw-r--r--src/Main/TextUserInterface.h2
-rw-r--r--src/Main/UserInterface.cpp2
-rw-r--r--src/Makefile2
-rw-r--r--src/Mount/Mount.c44
-rw-r--r--src/Mount/Mount.rc8
-rw-r--r--src/Platform/Exception.h1
-rw-r--r--src/Release/Setup Files/veracrypt-x64.catbin10607 -> 10615 bytes
-rw-r--r--src/Release/Setup Files/veracrypt-x64.sysbin831320 -> 831328 bytes
-rw-r--r--src/Release/Setup Files/veracrypt.Inf4
-rw-r--r--src/Release/Setup Files/veracrypt.catbin10765 -> 10559 bytes
-rw-r--r--src/Release/Setup Files/veracrypt.sysbin768560 -> 768864 bytes
-rwxr-xr-xsrc/Setup/MacOSX/veracrypt.pkgproj4
-rwxr-xr-xsrc/Setup/MacOSX/veracrypt_Legacy.pkgproj4
-rw-r--r--src/Setup/Portable.rc8
-rw-r--r--src/Setup/Setup.rc8
-rw-r--r--src/Signing/sign.bat2
-rw-r--r--src/Signing/sign_test.bat2
-rw-r--r--src/Signing/sign_test_debug.bat2
-rw-r--r--src/Volume/Cipher.cpp16
107 files changed, 787 insertions, 279 deletions
diff --git a/Translations/Language.ar.xml b/Translations/Language.ar.xml
index 17969d7..b301208 100644
--- a/Translations/Language.ar.xml
+++ b/Translations/Language.ar.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="ar" name="العربية" en-name="Arabic" version="0.2.0" translators="Ahmad Gharbeia, Khaled Hosny, Ali Khojah" />
<font lang="ar" class="normal" size="11" face="default" />
<font lang="ar" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.be.xml b/Translations/Language.be.xml
index bc3bae9..8f1437a 100644
--- a/Translations/Language.be.xml
+++ b/Translations/Language.be.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="be" name="Беларуская" en-name="Belarusian" version="0.1.0" translators="Aleg Azarousky" />
<font lang="be" class="normal" size="11" face="default" />
<font lang="be" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.bg.xml b/Translations/Language.bg.xml
index b344033..8af058c 100644
--- a/Translations/Language.bg.xml
+++ b/Translations/Language.bg.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="bg" name="Български" en-name="Bulgarian" version="0.1.0" translators="Lachezar Gorchev" />
<font lang="bg" class="normal" size="11" face="default" />
<font lang="bg" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.ca.xml b/Translations/Language.ca.xml
index eb2ab44..8a9d9a5 100644
--- a/Translations/Language.ca.xml
+++ b/Translations/Language.ca.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="ca" name="Català" en-name="Catalan" version="0.1.0" translators="CESICAT, Centre de Seguretat de la Informació de Catalunya" />
<font lang="ca" class="normal" size="11" face="default" />
<font lang="ca" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.cs.xml b/Translations/Language.cs.xml
index 49eac7a..3093f13 100644
--- a/Translations/Language.cs.xml
+++ b/Translations/Language.cs.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="cs" name="Čeština" en-name="Czech" version="1.1.0" translators="Vítek Moser, Lagardere" />
<font lang="cs" class="normal" size="11" face="default" />
<font lang="cs" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.da.xml b/Translations/Language.da.xml
index ac187b9..4d1db49 100644
--- a/Translations/Language.da.xml
+++ b/Translations/Language.da.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="da" name="Dansk" en-name="Danish" version="0.1.0" translators="Lasse Bond" />
<font lang="da" class="normal" size="11" face="default" />
<font lang="da" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.de.xml b/Translations/Language.de.xml
index c704e22..00c4b90 100644
--- a/Translations/Language.de.xml
+++ b/Translations/Language.de.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<!-- Sprachen -->
<language langid="de" name="Deutsch" en-name="German" version="1.1.8" translators="Harry Haller, Alexander Schorg, Simon Frankenberger, David Arndt, H. Sauer, Dulla, Ettore Atalan, Matthias Kolja Miehl, Felix Reichmann" />
<!-- Schriftarten -->
diff --git a/Translations/Language.el.xml b/Translations/Language.el.xml
index 7436ea7..02da833 100644
--- a/Translations/Language.el.xml
+++ b/Translations/Language.el.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="el" name="Ελληνικά" en-name="Greek" version="0.1.0" translators="Βασίλης Κοσμίδης" />
<font lang="el" class="normal" size="11" face="default" />
<font lang="el" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.es.xml b/Translations/Language.es.xml
index 7332a36..0013f69 100644
--- a/Translations/Language.es.xml
+++ b/Translations/Language.es.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="es" name="Español" en-name="Spanish" version="1.0.0" translators="Juan Antonio Auñón Ochando" />
<font lang="es" class="normal" size="11" face="default" />
<font lang="es" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.et.xml b/Translations/Language.et.xml
index ee9919c..0c4dbd8 100644
--- a/Translations/Language.et.xml
+++ b/Translations/Language.et.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="et" name="Eesti" en-name="Estonian" version="0.1.0" translators="Maiko Mõtsar" />
<font lang="et" class="normal" size="11" face="vaikimisi" />
<font lang="et" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.eu.xml b/Translations/Language.eu.xml
index 6f8ed7d..cb53872 100644
--- a/Translations/Language.eu.xml
+++ b/Translations/Language.eu.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="eu" name="Euskara" en-name="Basque" version="1.0.0" translators="Ander Genua" />
<font lang="eu" class="normal" size="11" face="default" />
<font lang="eu" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.fa.xml b/Translations/Language.fa.xml
index 8a314d1..a92a321 100644
--- a/Translations/Language.fa.xml
+++ b/Translations/Language.fa.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="fa" name="فارسي" en-name="Persian" version="0.1.0" translators="Ali Bitazar, Rodabeh Sarmadi" />
<font lang="fa" class="normal" size="11" face="default" />
<font lang="fa" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.fi.xml b/Translations/Language.fi.xml
index 43d6754..d639587 100644
--- a/Translations/Language.fi.xml
+++ b/Translations/Language.fi.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="fi" name="Suomi" en-name="Finnish" version="0.3.0" translators="Matti Ruhanen" />
<font lang="fi" class="normal" size="11" face="default" />
<font lang="fi" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.fr.xml b/Translations/Language.fr.xml
index 7258cf8..d213a75 100644
--- a/Translations/Language.fr.xml
+++ b/Translations/Language.fr.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="fr" name="Français" en-name="French" version="0.3.0" translators="Stéphane S., Olivier M., Thierry T" />
<font lang="fr" class="normal" size="11" face="default" />
<font lang="fr" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.hu.xml b/Translations/Language.hu.xml
index a0786df..45290d0 100644
--- a/Translations/Language.hu.xml
+++ b/Translations/Language.hu.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="hu" name="Magyar" en-name="Hungarian" version="2018.03.06" translators="Nyul Balazs > Szaki" />
<font lang="hu" class="normal" size="11" face="default" />
<font lang="hu" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.id.xml b/Translations/Language.id.xml
index 93716eb..2c546bc 100644
--- a/Translations/Language.id.xml
+++ b/Translations/Language.id.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="id" name="Bahasa Indonesia" en-name="Indonesian" version="0.1.0" translators="Tajuddin N. F." />
<font lang="id" class="normal" size="11" face="default" />
<font lang="id" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.it.xml b/Translations/Language.it.xml
index c06e699..8c46c2f 100644
--- a/Translations/Language.it.xml
+++ b/Translations/Language.it.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="it" name="Italiano" en-name="Italian" version="1.0.1" translators="Maurizio Ballo, Consiglio Gaetano" />
<font lang="it" class="normal" size="11" face="default" />
<font lang="it" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.ja.xml b/Translations/Language.ja.xml
index 203dc44..2fcf396 100644
--- a/Translations/Language.ja.xml
+++ b/Translations/Language.ja.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="ja" name="日本語" en-name="Japanese" version="1.0.0" translators="OGOSHI Masayuki" />
<font lang="ja" class="normal" size="12" face="MS UI Gothic" />
<font lang="ja" class="bold" size="16" face="MS UI Gothic" />
diff --git a/Translations/Language.ka.xml b/Translations/Language.ka.xml
index 5617d69..a057023 100644
--- a/Translations/Language.ka.xml
+++ b/Translations/Language.ka.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="ka" name="ქართული" en-name="Georgian" version="0.1.0" translators="Kakha Lomiashvili" />
<font lang="ka" class="normal" size="12" face="Arial" />
<font lang="ka" class="bold" size="12" face="Arial" />
diff --git a/Translations/Language.ko.xml b/Translations/Language.ko.xml
index 85b1e6f..c5db4fa 100644
--- a/Translations/Language.ko.xml
+++ b/Translations/Language.ko.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="ko" name="한국어" en-name="Korean" version="0.1.1" translators="Kieaer, Herbert Shin" />
<font lang="ko" class="normal" size="11" face="돋움" />
<font lang="ko" class="bold" size="13" face="맑은 고딕" />
diff --git a/Translations/Language.lv.xml b/Translations/Language.lv.xml
index 56260a6..9beebb5 100644
--- a/Translations/Language.lv.xml
+++ b/Translations/Language.lv.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="lv" name="Latviešu" en-name="Latvian" version="0.1.0" translators="Edmunds Melkers" />
<font lang="lv" class="normal" size="11" face="default" />
<font lang="lv" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.my.xml b/Translations/Language.my.xml
index c4402e9..4668aeb 100644
--- a/Translations/Language.my.xml
+++ b/Translations/Language.my.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="my" name="မြန်မာ" en-name="Burmese" version="1.0.0" translators="Zaw Myo Htet" />
<font lang="my" class="normal" size="11" face="Myanmar3" />
<font lang="my" class="bold" size="13" face="Myanmar3" />
diff --git a/Translations/Language.nl.xml b/Translations/Language.nl.xml
index 6ac4f40..0dc97cf 100644
--- a/Translations/Language.nl.xml
+++ b/Translations/Language.nl.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="nl" name="Nederlands" en-name="Dutch" version="0.2.3" translators="Jan van der Wal, Peter Tak" />
<font lang="nl" class="normal" size="11" face="default" />
diff --git a/Translations/Language.nn.xml b/Translations/Language.nn.xml
index 2e7ae6d..e3d9e86 100644
--- a/Translations/Language.nn.xml
+++ b/Translations/Language.nn.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="nn" name="Norsk Nynorsk" en-name="Norwegian (Nynorsk)" version="0.1.0" translators="Kjell Rune Helland" />
<font lang="nn" class="normal" size="11" face="default" />
<font lang="nn" class="bold" size="13" face="Arial " />
diff --git a/Translations/Language.pl.xml b/Translations/Language.pl.xml
index 28a9bb7..185a74d 100644
--- a/Translations/Language.pl.xml
+++ b/Translations/Language.pl.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="pl" name="Polski" en-name="Polish" version="1.0.0" translators="Mirek Druchowicz, Janusz Zamecki, Sobiesław Antolak, Begina Felicysym" />
<font lang="pl" class="normal" size="11" face="default" />
<font lang="pl" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.pt-br.xml b/Translations/Language.pt-br.xml
index 6ae66f0..2b8cff7 100644
--- a/Translations/Language.pt-br.xml
+++ b/Translations/Language.pt-br.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="pt-br" name="Português-Brasil" en-name="Portuguese (Brazil)" version="0.1.0" translators="Thiago C. L. Mendes, Lecidio S. Alencar , Lucas C. Ferreira" />
<font lang="pt-br" class="normal" size="11" face="padrão" />
<font lang="pt-br" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.ro.xml b/Translations/Language.ro.xml
index 9875b88..b4682f9 100644
--- a/Translations/Language.ro.xml
+++ b/Translations/Language.ro.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version="1.24-Hotfix2">
+ <localization prog-version="1.24-Update2">
<language langid="ro" name="Română" en-name="Romanian" version="1.0.0" translators="Barna Cosmin Marian" />
<font lang="ro" class="normal" size="11" face="default" />
<font lang="ro" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.ru.xml b/Translations/Language.ru.xml
index 7ac2b09..f1aeadb 100644
--- a/Translations/Language.ru.xml
+++ b/Translations/Language.ru.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="ru" name="Русский" en-name="Russian" version="1.0.7" translators="Dmitry Yerokhin" />
<font lang="ru" class="normal" size="11" face="default" />
<font lang="ru" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.sk.xml b/Translations/Language.sk.xml
index 7ad9434..5fd6952 100644
--- a/Translations/Language.sk.xml
+++ b/Translations/Language.sk.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="sk" name="Slovenčina" en-name="Slovak" version="0.1.0" translators="Kamil David" />
<font lang="sk" class="normal" size="11" face="default" />
<font lang="sk" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.sl.xml b/Translations/Language.sl.xml
index 47c4e47..ff2be15 100644
--- a/Translations/Language.sl.xml
+++ b/Translations/Language.sl.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="sl" name="Slovenščina" en-name="Slovenian" version="0.1.0" translators="Erik David Salam" />
<font lang="sl" class="normal" size="11" face="default" />
<font lang="sl" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.sv.xml b/Translations/Language.sv.xml
index 1932166..fd122e5 100644
--- a/Translations/Language.sv.xml
+++ b/Translations/Language.sv.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="sv" name="Svenska" en-name="Swedish" version="1.0.0" translators="Peter Runesson" />
<font lang="sv" class="normal" size="11" face="default" />
<font lang="sv" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.th.xml b/Translations/Language.th.xml
index 319062e..d09550c 100644
--- a/Translations/Language.th.xml
+++ b/Translations/Language.th.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="th" name="ภาษาไทย" en-name="Thai" version="0.0.0" translators=""/>
<font lang="th" class="normal" size="11" face="default" />
<font lang="th" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.tr.xml b/Translations/Language.tr.xml
index f84528b..82cb500 100644
--- a/Translations/Language.tr.xml
+++ b/Translations/Language.tr.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="tr" name="Türkçe" en-name="Turkish" version="0.1.0" translators="Ali İskender Turan, Zeynel Abidin Öztürk" />
<font lang="tr" class="normal" size="11" face="default" />
<font lang="tr" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.uk.xml b/Translations/Language.uk.xml
index a5fbdaf..b44735b 100644
--- a/Translations/Language.uk.xml
+++ b/Translations/Language.uk.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="uk" name="Українська" en-name="Ukrainian" version="1.0.0" translators="Kravchuk Olexandr, Babchuk Volodymyr" />
<font lang="uk" class="normal" size="11" face="default" />
<font lang="uk" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.uz.xml b/Translations/Language.uz.xml
index 2b6e528..01d368e 100644
--- a/Translations/Language.uz.xml
+++ b/Translations/Language.uz.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="uz" name="Ўзбекча" en-name="Uzbek (Cyrillic)" version="0.1.0" translators="Abdurauf Azizov, Dmitry Yerokhin" />
<font lang="uz" class="normal" size="11" face="default" />
<font lang="uz" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.vi.xml b/Translations/Language.vi.xml
index 9922d44..16b3767 100644
--- a/Translations/Language.vi.xml
+++ b/Translations/Language.vi.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="vi" name="Tiếng Việt" en-name="Vietnamese" version="0.1.0" translators="Nguyễn Kim Huy" />
<font lang="vi" class="normal" size="11" face="default" />
<font lang="vi" class="bold" size="13" face="Arial" />
diff --git a/Translations/Language.zh-cn.xml b/Translations/Language.zh-cn.xml
index ab73fae..7ed3096 100644
--- a/Translations/Language.zh-cn.xml
+++ b/Translations/Language.zh-cn.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="zh-cn" name="简体中文" en-name="Chinese (Simplified)" version="1.0.0" translators="Barney Li and Zhangjintao" />
<font lang="zh-cn" class="normal" size="11" face="Tahoma" />
<font lang="zh-cn" class="bold" size="14" face="Tahoma" />
diff --git a/Translations/Language.zh-hk.xml b/Translations/Language.zh-hk.xml
index 9de2cf1..332f1ff 100644
--- a/Translations/Language.zh-hk.xml
+++ b/Translations/Language.zh-hk.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="zh-hk" name="繁體中文" en-name="Chinese (Hong Kong)" version="0.1.0" translators="PUN Chi Ho" />
<font lang="zh-hk" class="normal" size="11" face="Arial" />
<font lang="zh-hk" class="bold" size="14" face="Arial" />
diff --git a/Translations/Language.zh-tw.xml b/Translations/Language.zh-tw.xml
index 549bc5e..7e646c2 100644
--- a/Translations/Language.zh-tw.xml
+++ b/Translations/Language.zh-tw.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
- <localization prog-version= "1.24-Hotfix2">
+ <localization prog-version= "1.24-Update2">
<language langid="zh-tw" name="繁體中文" en-name="Chinese (Taiwan)" version="0.1.0" translators="Barney Li, Simon Ma, ChangMing Hsu" />
<font lang="zh-tw" class="normal" size="12" face="MingLiU" />
<font lang="zh-tw" class="bold" size="15" face="MingLiU" />
diff --git a/doc/chm/VeraCrypt User Guide.chm b/doc/chm/VeraCrypt User Guide.chm
index 697b62b..eb30f15 100644
--- a/doc/chm/VeraCrypt User Guide.chm
+++ b/doc/chm/VeraCrypt User Guide.chm
Binary files differ
diff --git a/doc/html/Favorite Volumes.html b/doc/html/Favorite Volumes.html
index a813f84..c2eb2ad 100644
--- a/doc/html/Favorite Volumes.html
+++ b/doc/html/Favorite Volumes.html
@@ -35,7 +35,7 @@
</p></div>
<div class="wikidoc">
-<h2 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:14px; margin-bottom:17px">
+<h2 style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; margin-bottom:17px">
Favorite Volumes</h2>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<p>Favorite volumes are useful, for example, in any the following cases:</p>
@@ -46,6 +46,9 @@ Favorite Volumes</h2>
</li><li>You have a volume that needs to be <strong>automatically mounted when you log on
</strong>to the operating system. </li><li>You have a volume that always needs to be <strong>mounted as read-only </strong>
or removable medium. </li></ul>
+<p>
+<strong>Note: </strong>Please refer to <a href="Issues%20and%20Limitations.html">Known Issues and Limitations</a> section for issues that may affect favorite volumes when Windows "Fast Startup" feature is enabled.
+</p>
<h3>To configure a VeraCrypt volume as a favorite volume, follow these steps:</h3>
<ol>
<li>Mount the volume (to the drive letter to which you want it to be mounted every time).
diff --git a/doc/html/Release Notes.html b/doc/html/Release Notes.html
index 09e5d1e..f7354e2 100644
--- a/doc/html/Release Notes.html
+++ b/doc/html/Release Notes.html
@@ -40,6 +40,72 @@
<span style="color:#ff0000;">To avoid hinting whether your volumes contain a hidden volume or not, or if you depend on plausible deniability when using hidden volumes/OS, then you must recreate both the outer and hidden volumes including system encryption and hidden OS, discarding existing volumes created prior to 1.18a version of VeraCrypt.</span></li>
</p>
+<p><strong style="text-align:left">1.24-Update2-RC </strong>(December 12<sup>th</sup>, 2019):</p>
+<ul>
+<li><strong>All OSes:</strong>
+<ul>
+<li>clear AES key from stack memory when using non-optimized implementation. Doesn't apply to VeraCrypt official build (Reported and fixed by Hanno Böck)</li>
+<li>Update Jitterentropy RNG Library to version 2.2.0</li>
+<li>Start following IEEE 1541 agreed naming of bytes (KiB, MiB, GiB, TiB, PiB).</li>
+<li>Various documentation enhancements.</li>
+</ul>
+</li>
+<li><strong>Windows:</strong>
+<ul>
+<li>Fix possible local privilege escalation vulnerability during execution of VeraCrypt Expander (CVE-2019-19501)</li>
+<li>MBR bootloader:
+<ul>
+<li>workaround for SSD disks that don't allow write operations in BIOS mode with buffers less than 4096 bytes.</li>
+<li>Don't restore MBR to VeraCrypt value if it is coming from a loader different from us or different from Microsoft one.</li>
+</ul>
+</li>
+<li>EFI bootloader:
+<ul>
+<li>Fix "ActionFailed" not working and add "ActionCancelled" to customize handling of user hitting ESC on password prompt</li>
+<li>Fix F5 showing previous password after failed authentication attempt. Ensure that even wrong password value are cleared from memory.</li>
+</ul>
+</li>
+<li>Fix multi-OS boot compatibility by only setting VeraCrypt as first bootloader of the system if the current first bootloader is Windows one.</li>
+<li>Add new registry flags for SystemFavoritesService to control updating of EFI BIOS boot menu on shutdown.</li>
+<li>Allow system encrypted drive to be mounted in WindowsPE even if changing keyboard layout fails (reported and fixed by Sven Strickroth)</li>
+<li>Enhancements to the mechanism preserving file timestamps, especially for keyfiles.</li>
+<li>Fix RDRAND instruction not detected on AMD CPUs.</li>
+<li>Detect cases where RDRAND is flawed (e.g. AMD Ryzen) to avoid using it if enabled by user</li>.
+<li>Don't write extra 0x00 byte at the end of DcsProp file when modifying it through UI</li>
+<li>Reduce memory usage of IOCTL_DISK_VERIFY handler used in disk verification by Windows.</li>
+<li>Add switch /FastCreateFile for VeraCrypt Format.exe to speedup creation of large file container if quick format is selected.</li>
+<li>Fix the checkbox for skipping verification of Rescue Disk not reflecting the value of /noisocheck switch specified in VeraCrypt Format command line.</li>
+<li>check "TrueCrypt Mode" in password dialog when mounting a file container with .tc extension</li>
+<li>Update XML languages files.</li>
+</ul>
+</li>
+<li><strong>Linux:</strong>
+<ul>
+<li>Fix regression causing admin password to be requested too many times in some cases</li>
+<li>Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck)</li>
+<li>Make sure password gets deleted in case of internal error when mounting volume (Reported and fixed by Hanno Böck)</li>
+<li>Fix passwords using Unicode characters not recognized in text mode.</li>
+<li>Fix failure to run VeraCrypt binary built for console mode on headless machines.</li>
+<li>Add switch to force the use of legacy maximum password length (64 UTF8 bytes)</li>
+<li>Add CLI switch (--use-dummy-sudo-password) to force use of old sudo behavior of sending a dummy password</li>
+<li>During uninstall, output error message to STDERR instead of STDOUT for better compatibility with package managers.</li>
+<li>Make sector size mismatch error when mounting disks more verbose.</li>
+<li>Speedup SHA256 in 64-bit mode by using assembly code.</li>
+</ul>
+</li>
+<li><strong>MacOSX:</strong>
+<ul>
+<li>Add switch to force the use of legacy maximum password length (64 UTF8 bytes)</li>
+<li>Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck)</li>
+<li>Fix passwords using Unicode characters not recognized in text mode.</li>
+<li>Make sector size mismatch error when mounting disks more verbose.</li>
+<li>Speedup SHA256 in 64-bit mode by using assembly code.</li>
+<li>Link against latest wxWidgets version 3.1.3</li>
+</ul>
+</li>
+</ul>
+
+
<p><strong style="text-align:left">1.24-Hotfix1 </strong>(October 27<sup>rd</sup>, 2019):</p>
<ul>
<li><strong>Windows:</strong>
diff --git a/doc/html/VeraCrypt Rescue Disk.html b/doc/html/VeraCrypt Rescue Disk.html
index b7710d5..529344a 100644
--- a/doc/html/VeraCrypt Rescue Disk.html
+++ b/doc/html/VeraCrypt Rescue Disk.html
@@ -37,24 +37,24 @@
<div class="wikidoc">
<h1>VeraCrypt Rescue Disk</h1>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-During the process of preparing the encryption of a system partition/drive, VeraCrypt requires that you create a so-called VeraCrypt Rescue Disk (CD/DVD), which serves the following purposes:</div>
+During the process of preparing the encryption of a system partition/drive, VeraCrypt requires that you create a so-called VeraCrypt Rescue Disk (USB disk in EFI boot mode, CD/DVD in MBR legacy boot mode), which serves the following purposes:</div>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If the VeraCrypt Boot Loader screen does not appear after you start your computer (or if Windows does not boot), the
<strong style="text-align:left">VeraCrypt Boot Loader may be damaged</strong>. The VeraCrypt Rescue Disk allows you restore it and thus to regain access to your encrypted system and data (however, note that you will still have to enter the correct password
- then). In the Rescue Disk screen, select <em style="text-align:left">Repair Options</em> &gt;
-<em style="text-align:left">Restore VeraCrypt Boot Loader</em>. Then press 'Y' to confirm the action, remove the Rescue Disk from your CD/DVD drive and restart your computer.
+ then). For EFI boot mode, select <em style="text-align:left">Restore VeraCrypt loader binaries to system disk</em> in the Rescue Disk screen. For MBR legacy boot mode, select instead <em style="text-align:left">Repair Options</em> &gt;
+<em style="text-align:left">Restore VeraCrypt Boot Loader</em>. Then press 'Y' to confirm the action, remove the Rescue Disk from your USB port or CD/DVD drive and restart your computer.
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If the <strong style="text-align:left">VeraCrypt Boot Loader is frequently damaged
</strong>(for example, by inappropriately designed activation software) or if <strong style="text-align:left">
you do not want the VeraCrypt boot loader </strong><strong style="text-align:left">to reside on the hard drive
</strong>(for example, if you want to use an alternative boot loader/manager for other operating systems), you can boot directly from the VeraCrypt Rescue Disk (as it contains the VeraCrypt boot loader too) without restoring the boot loader to the hard drive.
- Just insert your Rescue Disk into your CD/DVD drive and then enter your password in the Rescue Disk screen.
+ For EFI boot mode, just insert your Rescue Disk into a USB port, boot your computer on it and then select <em style="text-align:left">Boot VeraCrypt loader from rescue disk</em> on the Rescue Disk screen. For MBR legacy boot mode, you need to insert the Rescue Disk in your CD/DVD drive and then enter your password in the Rescue Disk screen.
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
If you repeatedly enter the correct password but VeraCrypt says that the password is incorrect, it is possible that the
<strong style="text-align:left">master key or other critical data are damaged</strong>. The VeraCrypt Rescue Disk allows you to restore them and thus to regain access to your encrypted system and data (however, note that you will still have to enter the correct
- password then). In the Rescue Disk screen, select <em style="text-align:left">Repair Options</em> &gt;
-<em style="text-align:left">Restore key data</em>. Then enter your password, press 'Y' to confirm the action, remove the Rescue Disk from your CD/DVD drive, and restart your computer.<br style="text-align:left">
+ password then). For EFI boot mode, select <em style="text-align:left">Restore OS header keys</em> in the Rescue Disk screen. For MBR legacy boot mode, select instead <em style="text-align:left">Repair Options</em> &gt;
+<em style="text-align:left">Restore VeraCrypt Boot Loader</em>. Then enter your password, press 'Y' to confirm the action, remove the Rescue Disk from the USB port or CD/DVD drive, and restart your computer.<br style="text-align:left">
<br style="text-align:left">
Note: This feature cannot be used to restore the header of a hidden volume within which a
<a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
@@ -68,19 +68,19 @@ WARNING: By restoring key data using a VeraCrypt Rescue Disk, you also restore t
one (select <em style="text-align:left">System</em> -&gt; <em style="text-align:left">
Create Rescue Disk</em>). Otherwise, if an attacker knows your old password (for example, captured by a keystroke logger) and if he then finds your old VeraCrypt Rescue Disk, he could use it to restore the key data (the master key encrypted with the old password)
and thus decrypt your system partition/drive </li><li id="WindowsDamaged" style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
-If <strong style="text-align:left">Windows is damaged and cannot start</strong>, the VeraCrypt Rescue Disk allows you to permanently decrypt the partition/drive before Windows starts. In the Rescue Disk screen, select
-<em style="text-align:left">Repair Options</em> &gt; <em style="text-align:left">
+If <strong style="text-align:left">Windows is damaged and cannot start</strong> after typing the correct password on VeraCrypt password prompt, the VeraCrypt Rescue Disk allows you to permanently decrypt the partition/drive before Windows starts. For EFI boot, select
+<em style="text-align:left">Decrypt OS</em> in the Rescue Disk screen. For MBR legacy boot mode, select instead <em style="text-align:left">Repair Options</em> &gt; <em style="text-align:left">
Permanently decrypt system partition/drive</em>. Enter the correct password and wait until decryption is complete. Then you can e.g. boot your MS Windows setup CD/DVD to repair your Windows installation. Note that this feature cannot be used to decrypt a hidden
volume within which a <a href="Hidden%20Operating%20System.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
hidden operating system</a> resides (see the section <a href="Hidden%20Operating%20System.html">
Hidden Operating System</a>).<br style="text-align:left">
<br style="text-align:left">
Note: Alternatively, if Windows is damaged (cannot start) and you need to repair it (or access files on it), you can avoid decrypting the system partition/drive by following these steps:&nbsp;If you have multiple operating systems installed on your computer,
- boot the one that does not require pre-boot authentication. If you do not have multiple operating systems installed on your computer, you can boot a WinPE or BartPE CD/DVD or you can connect your system drive as a secondary or external drive to another computer
+ boot the one that does not require pre-boot authentication. If you do not have multiple operating systems installed on your computer, you can boot a WinPE or BartPE CD/DVD or a Linux Live CD/DVD/USB. You can also connect your system drive as a secondary or external drive to another computer
and then boot the operating system installed on the computer. After you boot a system, run VeraCrypt, click Select Device, select the affected system partition, click OK , select System &gt; Mount Without Pre-Boot Authentication, enter your pre-boot-authentication
password and click OK. The partition will be mounted as a regular VeraCrypt volume (data will be on-the-fly decrypted/encrypted in RAM on access, as usual).
</li><li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
-Your VeraCrypt Rescue Disk contains a <strong style="text-align:left">backup of the original content of the first drive track</strong> (made before the VeraCrypt Boot Loader was written to it) and allows you to restore it if necessary. The first track typically
+In case of MBR legacy boot mode, your VeraCrypt Rescue Disk contains a <strong style="text-align:left">backup of the original content of the first drive track</strong> (made before the VeraCrypt Boot Loader was written to it) and allows you to restore it if necessary. The first track typically
contains a system loader or boot manager. In the Rescue Disk screen, select Repair Options &gt; Restore original system loader.
</li></ul>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
@@ -89,20 +89,20 @@ Your VeraCrypt Rescue Disk contains a <strong style="text-align:left">backup of
<em style="text-align:left">Note that even if you lose your VeraCrypt Rescue Disk and an attacker finds it, he or she will
<strong style="text-align:left">not</strong> be able to decrypt the system partition or drive without the correct password.</em></div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-To boot a VeraCrypt Rescue Disk, insert it into your CD/DVD drive and restart your computer. If the VeraCrypt Rescue Disk screen does not appear (or if you do not see the 'Repair Options' item in the 'Keyboard Controls' section of the screen), it is possible
- that your BIOS is configured to attempt to boot from hard drives before CD/DVD drives. If that is the case, restart your computer, press F2 or Delete (as soon as you see a BIOS start-up screen), and wait until a BIOS configuration screen appears. If no BIOS
- configuration screen appears, restart (reset) the computer again and start pressing F2 or Delete repeatedly as soon as you restart (reset) the computer. When a BIOS configuration screen appears, configure your BIOS to boot from the CD/DVD drive first (for
+To boot a VeraCrypt Rescue Disk, insert it into a USB port or your CD/DVD drive depending on its type and restart your computer. If the VeraCrypt Rescue Disk screen does not appear (or in case of MBR legacy boot mode if you do not see the 'Repair Options' item in the 'Keyboard Controls' section of the screen), it is possible
+ that your BIOS is configured to attempt to boot from hard drives before USB drivers and CD/DVD drives. If that is the case, restart your computer, press F2 or Delete (as soon as you see a BIOS start-up screen), and wait until a BIOS configuration screen appears. If no BIOS
+ configuration screen appears, restart (reset) the computer again and start pressing F2 or Delete repeatedly as soon as you restart (reset) the computer. When a BIOS configuration screen appears, configure your BIOS to boot from the USB drive and CD/DVD drive first (for
information on how to do so, please refer to the documentation for your BIOS/motherboard or contact your computer vendor's technical support team for assistance). Then restart your computer. The VeraCrypt Rescue Disk screen should appear now. Note: In the
- VeraCrypt Rescue Disk screen, you can select 'Repair Options' by pressing F8 on your keyboard.</div>
+ case of MBR legacy boot mode, you can select 'Repair Options' on the VeraCrypt Rescue Disk screen by pressing F8 on your keyboard.</div>
<p>If your VeraCrypt Rescue Disk is damaged, you can create a new one by selecting
-<em style="text-align:left">System</em> &gt; <em style="text-align:left">Create Rescue Disk</em>. To find out whether your VeraCrypt Rescue Disk is damaged, insert it into your CD/DVD drive and select
+<em style="text-align:left">System</em> &gt; <em style="text-align:left">Create Rescue Disk</em>. To find out whether your VeraCrypt Rescue Disk is damaged, insert it into a USB port (or into your CD/DVD drive in case of MBR legacy boot mode) and select
<em style="text-align:left">System</em> &gt; <em style="text-align:left">Verify Rescue Disk</em>.</p>
</div><div class="ClearBoth"></div>
-<h2>VeraCrypt Rescue Disk on USB Stick</h2>
+<h2>VeraCrypt Rescue Disk for MBR legacy boot mode on USB Stick</h2>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-It is also possible to create a VeraCrypt Rescue Disk on a USB drive, in case your machine does not have a CD/DVD drive. <strong style="text-align:left">Please note that you must ensure that the data on the USB stick is not overwritten! If you lose the USB drive or your data is damaged, you will not be able to recover your system in case of a problem!</strong>
+It is also possible to create a VeraCrypt Rescue Disk for MBR legacy boot mode on a USB drive, in case your machine does not have a CD/DVD drive. <strong style="text-align:left">Please note that you must ensure that the data on the USB stick is not overwritten! If you lose the USB drive or your data is damaged, you will not be able to recover your system in case of a problem!</strong>
</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
To create a bootable VeraCrypt Rescue USB drive you have to create a bootable USB drive which bootloader runs up the iso image. Solutions like Unetbootin, which try to copy the data inside the iso image to the usb drive do not work yet. On Windows please follow the steps below:
diff --git a/src/Boot/EFI/DcsBoot.efi b/src/Boot/EFI/DcsBoot.efi
index 45155ec..0fcd48e 100644
--- a/src/Boot/EFI/DcsBoot.efi
+++ b/src/Boot/EFI/DcsBoot.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsBoot32.efi b/src/Boot/EFI/DcsBoot32.efi
index 5145976..48db0ca 100644
--- a/src/Boot/EFI/DcsBoot32.efi
+++ b/src/Boot/EFI/DcsBoot32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg.efi b/src/Boot/EFI/DcsCfg.efi
index cae8622..03c9761 100644
--- a/src/Boot/EFI/DcsCfg.efi
+++ b/src/Boot/EFI/DcsCfg.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg32.efi b/src/Boot/EFI/DcsCfg32.efi
index a23e62d..22cc0d5 100644
--- a/src/Boot/EFI/DcsCfg32.efi
+++ b/src/Boot/EFI/DcsCfg32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInfo.efi b/src/Boot/EFI/DcsInfo.efi
index 2ba215b..6be1cb8 100644
--- a/src/Boot/EFI/DcsInfo.efi
+++ b/src/Boot/EFI/DcsInfo.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInfo32.efi b/src/Boot/EFI/DcsInfo32.efi
index 8b7c921..006adfb 100644
--- a/src/Boot/EFI/DcsInfo32.efi
+++ b/src/Boot/EFI/DcsInfo32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt.efi b/src/Boot/EFI/DcsInt.efi
index 9732abe..a0c2975 100644
--- a/src/Boot/EFI/DcsInt.efi
+++ b/src/Boot/EFI/DcsInt.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt32.efi b/src/Boot/EFI/DcsInt32.efi
index b5e6709..991885f 100644
--- a/src/Boot/EFI/DcsInt32.efi
+++ b/src/Boot/EFI/DcsInt32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsRe.efi b/src/Boot/EFI/DcsRe.efi
index 2f77228..070cc97 100644
--- a/src/Boot/EFI/DcsRe.efi
+++ b/src/Boot/EFI/DcsRe.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsRe32.efi b/src/Boot/EFI/DcsRe32.efi
index ad9e12f..c4f2013 100644
--- a/src/Boot/EFI/DcsRe32.efi
+++ b/src/Boot/EFI/DcsRe32.efi
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker.efi b/src/Boot/EFI/LegacySpeaker.efi
index f09ea57..a1d14eb 100644
--- a/src/Boot/EFI/LegacySpeaker.efi
+++ b/src/Boot/EFI/LegacySpeaker.efi
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker32.efi b/src/Boot/EFI/LegacySpeaker32.efi
index 4786b47..1ec5ba6 100644
--- a/src/Boot/EFI/LegacySpeaker32.efi
+++ b/src/Boot/EFI/LegacySpeaker32.efi
Binary files differ
diff --git a/src/Build/CMakeLists.txt b/src/Build/CMakeLists.txt
index 4724339..47a1547 100644
--- a/src/Build/CMakeLists.txt
+++ b/src/Build/CMakeLists.txt
@@ -11,8 +11,8 @@ elseif ( NOT DEFINED NOGUI )
endif()
# - Set version of the package
-set( FULL_VERSION "1.24-Hotfix2" )
-set( VERSION "1.24.8" )
+set( FULL_VERSION "1.24-Update2" )
+set( VERSION "1.24.9" )
set( RELEASE "1" )
# - Set PROJECT_NAME and CONFLICT_PACKAGE values
diff --git a/src/Build/Resources/MacOSX/Info.plist.legacy.xml b/src/Build/Resources/MacOSX/Info.plist.legacy.xml
index 7ecb3c2..f0e9282 100644
--- a/src/Build/Resources/MacOSX/Info.plist.legacy.xml
+++ b/src/Build/Resources/MacOSX/Info.plist.legacy.xml
@@ -74,7 +74,7 @@
<string>TRUE</string>
<key>CFBundleVersion</key>
- <string>1.24.8</string>
+ <string>1.24.9</string>
<key>CFBundleShortVersionString</key>
<string>_VERSION_</string>
diff --git a/src/Build/Resources/MacOSX/Info.plist.xml b/src/Build/Resources/MacOSX/Info.plist.xml
index 4df84a0..fbd9c21 100644
--- a/src/Build/Resources/MacOSX/Info.plist.xml
+++ b/src/Build/Resources/MacOSX/Info.plist.xml
@@ -74,7 +74,7 @@
<string>TRUE</string>
<key>CFBundleVersion</key>
- <string>1.24.8</string>
+ <string>1.24.9</string>
<key>CFBundleShortVersionString</key>
<string>_VERSION_</string>
diff --git a/src/Build/build_veracrypt_macosx.sh b/src/Build/build_veracrypt_macosx.sh
index 70a94c4..e22f2df 100755
--- a/src/Build/build_veracrypt_macosx.sh
+++ b/src/Build/build_veracrypt_macosx.sh
@@ -13,16 +13,16 @@ SOURCEPATH=$(cd "$(dirname "$SCRIPTPATH/../.")"; pwd)
PARENTDIR=$(cd "$(dirname "$SCRIPTPATH/../../../.")"; pwd)
# the sources of wxWidgets 3.1.2 must be extracted to the parent directory (for night mode)
-export WX_ROOT=$PARENTDIR/wxWidgets-3.1.2
+export WX_ROOT=$PARENTDIR/wxWidgets-3.1.3
echo "Using wxWidgets sources in $WX_ROOT"
# this will be the temporary wxWidgets directory
-export WX_BUILD_DIR=$PARENTDIR/wxBuild-3.1.2
+export WX_BUILD_DIR=$PARENTDIR/wxBuild-3.1.3
# define the SDK version to use and OSX minimum target. We target 10.9 by default
export VC_OSX_TARGET=10.9
export VC_OSX_SDK=10.14
-echo "Using MacOSX SDK $VC_OSX_SDK"
+echo "Using MacOSX SDK $VC_OSX_SDK with target set to $VC_OSX_TARGET"
cd $SOURCEPATH
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 583a8cb..e956695 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -275,6 +275,27 @@ bool ZipAdd (zip_t *z, const char* name, const unsigned char* pbData, DWORD cbDa
return true;
}
+static BOOL IsWindowsMBR (const byte *buffer, size_t bufferSize)
+{
+ BOOL bRet = FALSE;
+ byte g_pbMsSignature[4] = {0x33, 0xc0, 0x8e, 0xd0};
+ const char* g_szStr1 = "Invalid partition table";
+ const char* g_szStr2 = "Error loading operating system";
+ const char* g_szStr3 = "Missing operating system";
+
+ if ((0 == memcmp (buffer, g_pbMsSignature, 4)) &&
+ (BufferContainsString (buffer, bufferSize, g_szStr1)
+ || BufferContainsString (buffer, bufferSize, g_szStr2)
+ || BufferContainsString (buffer, bufferSize, g_szStr3)
+ )
+ )
+ {
+ bRet = TRUE;
+ }
+
+ return bRet;
+}
+
namespace VeraCrypt
{
#if !defined (SETUP)
@@ -1030,7 +1051,7 @@ namespace VeraCrypt
static EfiBoot EfiBootInst;
- BootEncryption::BootEncryption (HWND parent, bool postOOBE, bool setBootNext)
+ BootEncryption::BootEncryption (HWND parent, bool postOOBE, bool setBootEntry, bool forceFirstBootEntry, bool setBootNext)
: DriveConfigValid (false),
ParentWindow (parent),
RealSystemDriveSizeValid (false),
@@ -1042,7 +1063,9 @@ namespace VeraCrypt
SelectedPrfAlgorithmId (0),
VolumeHeaderValid (false),
PostOOBEMode (postOOBE),
- SetBootNext (setBootNext)
+ SetBootNext (setBootNext),
+ SetBootEntry (setBootEntry),
+ ForceFirstBootEntry (forceFirstBootEntry)
{
HiddenOSCandidatePartition.IsGPT = FALSE;
HiddenOSCandidatePartition.Number = (size_t) -1;
@@ -2682,7 +2705,7 @@ namespace VeraCrypt
}
}
- void EfiBoot::SetStartExec(wstring description, wstring execPath, bool setBootNext, uint16 statrtOrderNum , wchar_t* type, uint32 attr) {
+ void EfiBoot::SetStartExec(wstring description, wstring execPath, bool setBootEntry, bool forceFirstBootEntry, bool setBootNext, uint16 statrtOrderNum , wchar_t* type, uint32 attr) {
SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE);
// Check EFI
if (!IsEfiBoot()) {
@@ -2799,27 +2822,56 @@ namespace VeraCrypt
}
}
- // Create new entry if absent
- if (startOrderNumPos == UINT_MAX) {
- if (bDeviceInfoValid)
+ if (setBootEntry)
+ {
+ // check if first entry in BootOrder is Windows one
+ bool bFirstEntryIsWindows = false;
+ if (startOrderNumPos != 0)
{
- for (uint32 i = startOrderLen / 2; i > 0; --i) {
+ wchar_t varName[256];
+ StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, startOrder[0]);
+
+ byte* existingVar = new byte[512];
+ DWORD existingVarLen = GetFirmwareEnvironmentVariableW (varName, EfiVarGuid, existingVar, 512);
+ if (existingVarLen > 0)
+ {
+ if (BufferContainsWideString (existingVar, existingVarLen, L"EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+ bFirstEntryIsWindows = true;
+ }
+
+ delete [] existingVar;
+ }
+
+
+ // Create new entry if absent
+ if (startOrderNumPos == UINT_MAX) {
+ if (bDeviceInfoValid)
+ {
+ if (forceFirstBootEntry && bFirstEntryIsWindows)
+ {
+ for (uint32 i = startOrderLen / 2; i > 0; --i) {
+ startOrder[i] = startOrder[i - 1];
+ }
+ startOrder[0] = statrtOrderNum;
+ }
+ else
+ {
+ startOrder[startOrderLen/2] = statrtOrderNum;
+ }
+ startOrderLen += 2;
+ startOrderUpdate = true;
+ }
+ } else if ((startOrderNumPos > 0) && forceFirstBootEntry && bFirstEntryIsWindows) {
+ for (uint32 i = startOrderNumPos; i > 0; --i) {
startOrder[i] = startOrder[i - 1];
}
startOrder[0] = statrtOrderNum;
- startOrderLen += 2;
startOrderUpdate = true;
}
- } else if (startOrderNumPos > 0) {
- for (uint32 i = startOrderNumPos; i > 0; --i) {
- startOrder[i] = startOrder[i - 1];
- }
- startOrder[0] = statrtOrderNum;
- startOrderUpdate = true;
- }
- if (startOrderUpdate) {
- SetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, startOrder, startOrderLen);
+ if (startOrderUpdate) {
+ SetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, startOrder, startOrderLen);
+ }
}
if (setBootNext)
@@ -3333,7 +3385,7 @@ namespace VeraCrypt
// restore boot menu entry in case of PostOOBE
if (PostOOBEMode)
- EfiBootInst.SetStartExec(L"VeraCrypt BootLoader (DcsBoot)", L"\\EFI\\VeraCrypt\\DcsBoot.efi", SetBootNext);
+ EfiBootInst.SetStartExec(L"VeraCrypt BootLoader (DcsBoot)", L"\\EFI\\VeraCrypt\\DcsBoot.efi", SetBootEntry, ForceFirstBootEntry, SetBootNext);
if (EfiBootInst.FileExists (L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc"))
{
@@ -3534,8 +3586,10 @@ namespace VeraCrypt
}
}
- // perform actual write only if content is different
- if (memcmp (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE))
+ // perform actual write only if content is different and either we are not in PostOOBE mode or the MBR contains VeraCrypt/Windows signature.
+ // this last check is done to avoid interfering with multi-boot configuration where MBR belongs to a boot manager like Grub
+ if (memcmp (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE)
+ && (!PostOOBEMode || BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME) || IsWindowsMBR (mbr, sizeof (mbr))))
{
memcpy (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE);
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h
index a94f191..decacb8 100644
--- a/src/Common/BootEncryption.h
+++ b/src/Common/BootEncryption.h
@@ -209,7 +209,7 @@ namespace VeraCrypt
bool IsEfiBoot();
void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);
- void SetStartExec(wstring description, wstring execPath, bool setBootNext = true, uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL, uint32 attr = 1);
+ void SetStartExec(wstring description, wstring execPath, bool setBootEntry = true, bool forceFirstBootEntry = true, bool setBootNext = true, uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL, uint32 attr = 1);
void SaveFile(const wchar_t* name, byte* data, DWORD size);
void GetFileSize(const wchar_t* name, unsigned __int64& size);
void ReadFile(const wchar_t* name, byte* data, DWORD size);
@@ -240,7 +240,7 @@ namespace VeraCrypt
class BootEncryption
{
public:
- BootEncryption (HWND parent, bool postOOBE = false, bool setBootNext = false);
+ BootEncryption (HWND parent, bool postOOBE = false, bool setBootEntry = true, bool forceFirstBootEntry = true, bool setBootNext = false);
~BootEncryption ();
enum FilterType
@@ -353,6 +353,8 @@ namespace VeraCrypt
bool VolumeHeaderValid;
bool PostOOBEMode;
bool SetBootNext;
+ bool SetBootEntry;
+ bool ForceFirstBootEntry;
};
}
@@ -371,6 +373,8 @@ namespace VeraCrypt
#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER 0x1
#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT 0x2
+#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY 0x4
+#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY 0x8
#define VC_WINDOWS_UPGRADE_POSTOOBE_CMDLINE_OPTION L"/PostOOBE"
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index 89ce250..913495f 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -252,7 +252,7 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
else if (cipher == TWOFISH) {
twofish_encrypt_blocks(ks, data, data, (uint32) blockCount);
}
@@ -369,7 +369,7 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
else if (cipher == TWOFISH) {
twofish_decrypt_blocks(ks, data, data, (uint32) blockCount);
}
@@ -464,7 +464,7 @@ BOOL CipherSupportsIntraDataUnitParallelization (int cipher)
|| (cipher == SERPENT && HasSSE2())
|| (cipher == KUZNYECHIK && HasSSE2())
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
|| (cipher == TWOFISH)
|| (cipher == CAMELLIA)
#endif
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 376a1b2..350e3f4 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -300,6 +300,7 @@ HMODULE hntmartadll = NULL;
HMODULE hwinscarddll = NULL;
HMODULE hmsvcrtdll = NULL;
HMODULE hWinTrustLib = NULL;
+HMODULE hAdvapi32Dll = NULL;
#define FREE_DLL(h) if (h) { FreeLibrary (h); h = NULL;}
@@ -336,6 +337,18 @@ typedef HRESULT (STDAPICALLTYPE *SHStrDupWPtr)(LPCWSTR psz, LPWSTR *ppwsz);
// ChangeWindowMessageFilter
typedef BOOL (WINAPI *ChangeWindowMessageFilterPtr) (UINT, DWORD);
+typedef BOOL (WINAPI *CreateProcessWithTokenWFn)(
+ __in HANDLE hToken,
+ __in DWORD dwLogonFlags,
+ __in_opt LPCWSTR lpApplicationName,
+ __inout_opt LPWSTR lpCommandLine,
+ __in DWORD dwCreationFlags,
+ __in_opt LPVOID lpEnvironment,
+ __in_opt LPCWSTR lpCurrentDirectory,
+ __in LPSTARTUPINFOW lpStartupInfo,
+ __out LPPROCESS_INFORMATION lpProcessInformation
+ );
+
SetDllDirectoryPtr SetDllDirectoryFn = NULL;
SetSearchPathModePtr SetSearchPathModeFn = NULL;
SetDefaultDllDirectoriesPtr SetDefaultDllDirectoriesFn = NULL;
@@ -350,6 +363,7 @@ SetupOpenInfFileWPtr SetupOpenInfFileWFn = NULL;
SHDeleteKeyWPtr SHDeleteKeyWFn = NULL;
SHStrDupWPtr SHStrDupWFn = NULL;
ChangeWindowMessageFilterPtr ChangeWindowMessageFilterFn = NULL;
+CreateProcessWithTokenWFn CreateProcessWithTokenWPtr = NULL;
typedef LONG (WINAPI *WINVERIFYTRUST)(HWND hwnd, GUID *pgActionID, LPVOID pWVTData);
typedef CRYPT_PROVIDER_DATA* (WINAPI *WTHELPERPROVDATAFROMSTATEDATA)(HANDLE hStateData);
@@ -758,6 +772,7 @@ void AbortProcessDirect (wchar_t *abortMsg)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
exit (1);
}
@@ -808,6 +823,7 @@ void AbortProcessSilent (void)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
// Note that this function also causes localcleanup() to be called (see atexit())
exit (1);
@@ -3014,6 +3030,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
AbortProcess ("INIT_DLL");
LoadSystemDll (L"Riched20.dll", &hRichEditDll, FALSE, SRC_POS);
+ LoadSystemDll (L"Advapi32.dll", &hAdvapi32Dll, FALSE, SRC_POS);
#if !defined(SETUP)
if (!VerifyModuleSignature (modPath))
@@ -3047,6 +3064,9 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
#endif
}
+ // Get CreateProcessWithTokenW function pointer
+ CreateProcessWithTokenWPtr = (CreateProcessWithTokenWFn) GetProcAddress(hAdvapi32Dll, "CreateProcessWithTokenW");
+
/* Save the instance handle for later */
hInst = hInstance;
@@ -3271,6 +3291,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
exit (1);
}
#endif
@@ -3316,6 +3337,7 @@ void FinalizeApp (void)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
}
void InitHelpFileName (void)
@@ -5101,7 +5123,7 @@ void OpenVolumeExplorerWindow (int driveNo)
// Force explorer to discover the drive
SHGetFileInfo (dosName, 0, &fInfo, sizeof (fInfo), 0);
- ShellExecute (NULL, L"open", dosName, NULL, NULL, SW_SHOWNORMAL);
+ SafeOpenURL (dosName);
}
static BOOL explorerCloseSent;
@@ -7370,6 +7392,15 @@ BOOL CheckFileExtension (wchar_t *fileName)
return FALSE;
}
+BOOL IsTrueCryptFileExtension (wchar_t *fileName)
+{
+ wchar_t *ext = wcsrchr (fileName, L'.');
+ if (ext && !_wcsicmp (ext, L".tc"))
+ return TRUE;
+ else
+ return FALSE;
+}
+
void CorrectFileName (wchar_t* fileName)
{
/* replace '/' by '\' */
@@ -10499,25 +10530,37 @@ void ConfigReadCompareString (char *configKey, char *defaultValue, char *str, in
void OpenPageHelp (HWND hwndDlg, int nPage)
{
- int r = (int)ShellExecuteW (NULL, L"open", szHelpFile, NULL, NULL, SW_SHOWNORMAL);
-
- if (r == ERROR_FILE_NOT_FOUND)
+ if (IsAdmin ())
+ {
+ if (FileExists (szHelpFile))
+ SafeOpenURL (szHelpFile);
+ else if (FileExists (szHelpFile2))
+ SafeOpenURL (szHelpFile2);
+ else
+ Applink ("help");
+ }
+ else
{
- // Try the secondary help file
- r = (int)ShellExecuteW (NULL, L"open", szHelpFile2, NULL, NULL, SW_SHOWNORMAL);
+ int r = (int)ShellExecuteW (NULL, L"open", szHelpFile, NULL, NULL, SW_SHOWNORMAL);
if (r == ERROR_FILE_NOT_FOUND)
{
- // Open local HTML help. It will fallback to online help if not found.
- Applink ("help");
- return;
+ // Try the secondary help file
+ r = (int)ShellExecuteW (NULL, L"open", szHelpFile2, NULL, NULL, SW_SHOWNORMAL);
+
+ if (r == ERROR_FILE_NOT_FOUND)
+ {
+ // Open local HTML help. It will fallback to online help if not found.
+ Applink ("help");
+ return;
+ }
}
- }
- if (r == SE_ERR_NOASSOC)
- {
- if (AskYesNo ("HELP_READER_ERROR", MainDlg) == IDYES)
- OpenOnlineHelp ();
+ if (r == SE_ERR_NOASSOC)
+ {
+ if (AskYesNo ("HELP_READER_ERROR", MainDlg) == IDYES)
+ OpenOnlineHelp ();
+ }
}
}
@@ -11021,14 +11064,30 @@ void Applink (const char *dest)
CorrectURL (url);
}
- r = (int) ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
-
- if (((r == ERROR_FILE_NOT_FOUND) || (r == ERROR_PATH_NOT_FOUND)) && buildUrl)
+ if (IsAdmin ())
{
- // fallbacl to online resources
- StringCbPrintfW (url, sizeof (url), L"https://www.veracrypt.fr/en/%s", page);
- ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
- }
+ if (buildUrl && !FileExists (url))
+ {
+ // fallbacl to online resources
+ StringCbPrintfW (url, sizeof (url), L"https://www.veracrypt.fr/en/%s", page);
+ SafeOpenURL (url);
+ }
+ else
+ {
+ SafeOpenURL (url);
+ }
+ }
+ else
+ {
+ r = (int) ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
+
+ if (((r == ERROR_FILE_NOT_FOUND) || (r == ERROR_PATH_NOT_FOUND)) && buildUrl)
+ {
+ // fallbacl to online resources
+ StringCbPrintfW (url, sizeof (url), L"https://www.veracrypt.fr/en/%s", page);
+ ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
+ }
+ }
Sleep (200);
NormalCursor ();
@@ -11188,10 +11247,8 @@ int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password
else
StringCbCopyW (szCFDevice, sizeof(szCFDevice), szDiskFile);
- if (preserveTimestamps)
- write = TRUE;
- context->HostFileHandle = CreateFile (szCFDevice, GENERIC_READ | (write ? GENERIC_WRITE : 0), FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
+ context->HostFileHandle = CreateFile (szCFDevice, GENERIC_READ | (write ? GENERIC_WRITE : (!context->IsDevice && preserveTimestamps? FILE_WRITE_ATTRIBUTES : 0)), FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (context->HostFileHandle == INVALID_HANDLE_VALUE)
{
@@ -11213,6 +11270,13 @@ int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password
// Remember the container modification/creation date and time
if (!context->IsDevice && preserveTimestamps)
{
+ // ensure that Last Access and Last Write timestamps are not modified
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (context->HostFileHandle, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (context->HostFileHandle, &context->CreationTime, &context->LastAccessTime, &context->LastWriteTime) == 0)
context->TimestampsValid = FALSE;
else
@@ -12685,19 +12749,16 @@ void CheckFilesystem (HWND hwndDlg, int driveNo, BOOL fixErrors)
ShellExecuteW (NULL, (!IsAdmin() && IsUacSupported()) ? L"runas" : L"open", cmdPath, param, NULL, SW_SHOW);
}
-
-BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str)
+BOOL BufferContainsPattern (const byte *buffer, size_t bufferSize, const byte *pattern, size_t patternSize)
{
- size_t strLen = strlen (str);
-
- if (bufferSize < strLen)
+ if (bufferSize < patternSize)
return FALSE;
- bufferSize -= strLen;
+ bufferSize -= patternSize;
for (size_t i = 0; i < bufferSize; ++i)
{
- if (memcmp (buffer + i, str, strLen) == 0)
+ if (memcmp (buffer + i, pattern, patternSize) == 0)
return TRUE;
}
@@ -12705,6 +12766,17 @@ BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *st
}
+BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str)
+{
+ return BufferContainsPattern (buffer, bufferSize, (const byte*) str, strlen (str));
+}
+
+BOOL BufferContainsWideString (const byte *buffer, size_t bufferSize, const wchar_t *str)
+{
+ return BufferContainsPattern (buffer, bufferSize, (const byte*) str, 2 * wcslen (str));
+}
+
+
#ifndef SETUP
int AskNonSysInPlaceEncryptionResume (HWND hwndDlg, BOOL *pbDecrypt)
@@ -13959,6 +14031,17 @@ BOOL EnableProcessProtection()
PACL pACL = NULL;
DWORD cbACL = 0;
+ // Acces mask
+ DWORD dwAccessMask = SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE; // same as protected process
+
+ if (IsAdmin ())
+ {
+ // if we are running elevated, we allow CreateProcessXXX calls alongside PROCESS_DUP_HANDLE and PROCESS_QUERY_INFORMATION in order to be able
+ // to implement secure way to open URLs (cf RunAsDesktopUser)
+ // we are still protecting against memory access from non-admon processes
+ dwAccessMask |= PROCESS_CREATE_PROCESS | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION;
+ }
+
// Open the access token associated with the calling process
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) {
goto Cleanup;
@@ -13997,7 +14080,7 @@ BOOL EnableProcessProtection()
if (!AddAccessAllowedAce(
pACL,
ACL_REVISION,
- SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE, // same as protected process
+ dwAccessMask,
pTokenUser->User.Sid // pointer to the trustee's SID
)) {
goto Cleanup;
@@ -14028,6 +14111,169 @@ Cleanup:
return bSuccess;
}
+// Based on sample code from:
+// https://blogs.msdn.microsoft.com/aaron_margosis/2009/06/06/faq-how-do-i-start-a-program-as-the-desktop-user-from-an-elevated-app/
+// start a program non-elevated as the desktop user from an elevated app
+
+static bool RunAsDesktopUser(
+ __in const wchar_t * szApp,
+ __in wchar_t * szCmdLine)
+{
+ HANDLE hThreadToken = NULL, hShellProcess = NULL, hShellProcessToken = NULL, hPrimaryToken = NULL;
+ HWND hwnd = NULL;
+ DWORD dwPID = 0;
+ BOOL ret;
+ DWORD dwLastErr;
+ STARTUPINFOW si;
+ PROCESS_INFORMATION pi;
+ bool retval = false;
+ SecureZeroMemory(&si, sizeof(si));
+ SecureZeroMemory(&pi, sizeof(pi));
+ si.cb = sizeof(si);
+
+ // locate CreateProcessWithTokenW in Advapi32.dll
+ if (!CreateProcessWithTokenWPtr)
+ {
+ return false;
+ }
+
+ if (!ImpersonateSelf (SecurityImpersonation))
+ {
+ return false;
+ }
+
+ if (!OpenThreadToken (GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES, TRUE, &hThreadToken))
+ {
+ return false;
+ }
+ else
+ {
+ TOKEN_PRIVILEGES tkp;
+ tkp.PrivilegeCount = 1;
+ LookupPrivilegeValueW(NULL, SE_INCREASE_QUOTA_NAME, &tkp.Privileges[0].Luid);
+ tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+
+ SetThreadToken (NULL, NULL);
+
+ AdjustTokenPrivileges(hThreadToken, FALSE, &tkp, 0, NULL, NULL);
+ dwLastErr = GetLastError();
+ if (ERROR_SUCCESS != dwLastErr)
+ {
+ goto cleanup;
+ }
+ }
+
+ // From this point down, we have handles to close, so make sure to clean up.
+
+ // Get an HWND representing the desktop shell.
+ // CAVEATS: This will fail if the shell is not running (crashed or terminated), or the default shell has been
+ // replaced with a custom shell. This also won't return what you probably want if Explorer has been terminated and
+ // restarted elevated.
+ hwnd = GetShellWindow();
+ if (NULL == hwnd)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Get the PID of the desktop shell process.
+ GetWindowThreadProcessId(hwnd, &dwPID);
+ if (0 == dwPID)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Open the desktop shell process in order to query it (get the token)
+ hShellProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwPID);
+ if (!hShellProcess)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Get the process token of the desktop shell.
+ ret = OpenProcessToken(hShellProcess, TOKEN_DUPLICATE, &hShellProcessToken);
+ if (!ret)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Duplicate the shell's process token to get a primary token.
+ // Based on experimentation, this is the minimal set of rights required for CreateProcessWithTokenW (contrary to current documentation).
+ const DWORD dwTokenRights = TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID;
+ ret = DuplicateTokenEx(hShellProcessToken, dwTokenRights, NULL, SecurityImpersonation, TokenPrimary, &hPrimaryToken);
+ if (!ret)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Start the target process with the new token.
+ ret = CreateProcessWithTokenWPtr(
+ hPrimaryToken,
+ 0,
+ szApp,
+ szCmdLine,
+ 0,
+ NULL,
+ NULL,
+ &si,
+ &pi);
+ if (!ret)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Make sure to close HANDLEs return in the PROCESS_INFORMATION.
+ CloseHandle(pi.hProcess);
+ CloseHandle(pi.hThread);
+
+ retval = true;
+
+cleanup:
+ // Clean up resources
+ if (hShellProcessToken) CloseHandle(hShellProcessToken);
+ if (hPrimaryToken) CloseHandle(hPrimaryToken);
+ if (hShellProcess) CloseHandle(hShellProcess);
+ if (hThreadToken) CloseHandle(hThreadToken);
+ RevertToSelf ();
+ if (!retval)
+ SetLastError (dwLastErr);
+ return retval;
+}
+
+// This function always loads a URL in a non-privileged mode
+// If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated
+// Use this security mechanism only starting from Windows Vista
+void SafeOpenURL (LPCWSTR szUrl)
+{
+ if (IsAdmin () && IsOSAtLeast (WIN_VISTA))
+ {
+ WCHAR szRunDllPath[TC_MAX_PATH];
+ WCHAR szUrlDllPath[TC_MAX_PATH];
+ WCHAR szSystemPath[TC_MAX_PATH];
+ LPWSTR szCommandLine = new WCHAR[1024];
+
+ if (!GetSystemDirectory(szSystemPath, MAX_PATH))
+ StringCbCopyW(szSystemPath, sizeof(szSystemPath), L"C:\\Windows\\System32");
+
+ StringCbPrintfW(szRunDllPath, sizeof(szRunDllPath), L"%s\\%s", szSystemPath, L"rundll32.exe");
+ StringCbPrintfW(szUrlDllPath, sizeof(szUrlDllPath), L"%s\\%s", szSystemPath, L"url.dll");
+ StringCchPrintfW(szCommandLine, 1024, L"%s %s,FileProtocolHandler %s", szRunDllPath, szUrlDllPath, szUrl);
+
+ RunAsDesktopUser (NULL, szCommandLine);
+
+ delete [] szCommandLine;
+ }
+ else
+ {
+ ShellExecuteW (NULL, L"open", szUrl, NULL, NULL, SW_SHOWNORMAL);
+ }
+}
+
#if !defined(SETUP) && defined(_WIN64)
#define RtlGenRandom SystemFunction036
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index f17ce22..f387bf7 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -351,6 +351,7 @@ BOOL CloseVolumeExplorerWindows (HWND hwnd, int driveNo);
BOOL UpdateDriveCustomLabel (int driveNo, wchar_t* effectiveLabel, BOOL bSetValue);
BOOL CheckCapsLock (HWND hwnd, BOOL quiet);
BOOL CheckFileExtension (wchar_t *fileName);
+BOOL IsTrueCryptFileExtension (wchar_t *fileName);
void CorrectFileName (wchar_t* fileName);
void CorrectURL (wchar_t* fileName);
void IncreaseWrongPwdRetryCount (int count);
@@ -509,7 +510,9 @@ BOOL InitSecurityTokenLibrary (HWND hwndDlg);
BOOL FileHasReadOnlyAttribute (const wchar_t *path);
BOOL IsFileOnReadOnlyFilesystem (const wchar_t *path);
void CheckFilesystem (HWND hwndDlg, int driveNo, BOOL fixErrors);
+BOOL BufferContainsPattern (const byte *buffer, size_t bufferSize, const byte *pattern, size_t patternSize);
BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str);
+BOOL BufferContainsWideString (const byte *buffer, size_t bufferSize, const wchar_t *str);
int AskNonSysInPlaceEncryptionResume (HWND hwndDlg, BOOL* pbDecrypt);
BOOL RemoveDeviceWriteProtection (HWND hwndDlg, wchar_t *devicePath);
void EnableElevatedCursorChange (HWND parent);
@@ -543,6 +546,7 @@ void GetInstallationPath (HWND hwndDlg, wchar_t* szInstallPath, DWORD cchSize, B
BOOL GetSetupconfigLocation (wchar_t* path, DWORD cchSize);
BOOL BufferHasPattern (const unsigned char* buffer, size_t bufferLen, const void* pattern, size_t patternLen);
BOOL EnableProcessProtection();
+void SafeOpenURL (LPCWSTR szUrl);
#ifdef _WIN64
void GetAppRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed);
#endif
diff --git a/src/Common/Format.c b/src/Common/Format.c
index bd33f75..4aaf8b3 100644
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -350,14 +350,32 @@ begin_format:
nStatus = ERR_OS_ERROR;
goto error;
}
+ else if (volParams->hiddenVol && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Write timestamps are not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
DisableFileCompression (dev);
if (!volParams->hiddenVol && !bInstantRetryOtherFilesys)
{
LARGE_INTEGER volumeSize;
+ BOOL speedupFileCreation = FALSE;
volumeSize.QuadPart = dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE;
+ // speedup for file creation only makes sens when using quick format
+ if (volParams->quickFormat && volParams->fastCreateFile)
+ speedupFileCreation = TRUE;
+
if (volParams->sparseFileSwitch && volParams->quickFormat)
{
// Create as sparse file container
@@ -371,21 +389,29 @@ begin_format:
// Preallocate the file
if (!SetFilePointerEx (dev, volumeSize, NULL, FILE_BEGIN)
- || !SetEndOfFile (dev)
- || SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ || !SetEndOfFile (dev))
{
nStatus = ERR_OS_ERROR;
goto error;
}
- }
- }
- if (volParams->hiddenVol && !volParams->bDevice && bPreserveTimestamp)
- {
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
+ if (speedupFileCreation)
+ {
+ // accelerate file creation by telling Windows not to fill all file content with zeros
+ // this has security issues since it will put existing disk content into file container
+ // We use this mechanism only when switch /fastCreateFile specific and when quick format
+ // also specified and which is documented to have security issues.
+ // we don't check returned status because failure is not issue for us
+ SetFileValidData (dev, volumeSize.QuadPart);
+ }
+
+ if (SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
+
+ }
}
if (volParams->hwndDlg && volParams->bGuiMode) KillTimer (volParams->hwndDlg, TIMER_ID_RANDVIEW);
diff --git a/src/Common/Format.h b/src/Common/Format.h
index 961ece7..4ce1b8c 100644
--- a/src/Common/Format.h
+++ b/src/Common/Format.h
@@ -38,6 +38,7 @@ typedef struct
unsigned int clusterSize;
BOOL sparseFileSwitch;
BOOL quickFormat;
+ BOOL fastCreateFile;
DWORD sectorSize;
int *realClusterSize;
Password *password;
diff --git a/src/Common/Keyfiles.c b/src/Common/Keyfiles.c
index 686f3ca..174aed9 100644
--- a/src/Common/Keyfiles.c
+++ b/src/Common/Keyfiles.c
@@ -149,50 +149,41 @@ void KeyFileCloneAll (KeyFile *firstKeyFile, KeyFile **outputKeyFile)
static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSize, KeyFile *keyFile)
{
- FILE *f;
unsigned __int8 buffer[64 * 1024];
unsigned __int32 crc = 0xffffffff;
unsigned __int32 writePos = 0;
- size_t bytesRead, totalRead = 0;
+ DWORD bytesRead, totalRead = 0;
int status = TRUE;
-
HANDLE src;
- FILETIME ftCreationTime;
- FILETIME ftLastWriteTime;
- FILETIME ftLastAccessTime;
-
- BOOL bTimeStampValid = FALSE;
+ BOOL bReadStatus = FALSE;
- /* Remember the last access time of the keyfile. It will be preserved in order to prevent
- an adversary from determining which file may have been used as keyfile. */
src = CreateFile (keyFile->FileName,
- GENERIC_READ | GENERIC_WRITE,
+ GENERIC_READ | FILE_WRITE_ATTRIBUTES,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (src != INVALID_HANDLE_VALUE)
{
- if (GetFileTime ((HANDLE) src, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime))
- bTimeStampValid = TRUE;
- }
+ /* We tell Windows not to update the Last Access timestamp in order to prevent
+ an adversary from determining which file may have been used as keyfile. */
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
- finally_do_arg (HANDLE, src,
+ SetFileTime (src, NULL, &ftLastAccessTime, NULL);
+ }
+ else
{
- if (finally_arg != INVALID_HANDLE_VALUE)
- CloseHandle (finally_arg);
- });
-
- f = _wfopen (keyFile->FileName, L"rb");
- if (f == NULL) return FALSE;
+ /* try to open without FILE_WRITE_ATTRIBUTES in case we are in a ReadOnly filesystem (e.g. CD) */
+ src = CreateFile (keyFile->FileName,
+ GENERIC_READ,
+ FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
+ if (src == INVALID_HANDLE_VALUE)
+ return FALSE;
+ }
- while ((bytesRead = fread (buffer, 1, sizeof (buffer), f)) > 0)
+ while ((bReadStatus = ReadFile (src, buffer, sizeof (buffer), &bytesRead, NULL)) && (bytesRead > 0))
{
- size_t i;
-
- if (ferror (f))
- {
- status = FALSE;
- goto close;
- }
+ DWORD i;
for (i = 0; i < bytesRead; i++)
{
@@ -211,7 +202,7 @@ static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSi
}
}
- if (ferror (f))
+ if (!bReadStatus)
{
status = FALSE;
}
@@ -223,13 +214,9 @@ static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSi
close:
DWORD err = GetLastError();
- fclose (f);
- if (bTimeStampValid && !IsFileOnReadOnlyFilesystem (keyFile->FileName))
- {
- // Restore the keyfile timestamp
- SetFileTime (src, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime);
- }
+ CloseHandle (src);
+ burn (buffer, sizeof (buffer));
SetLastError (err);
return status;
diff --git a/src/Common/Password.c b/src/Common/Password.c
index ca0dd46..f2413b6 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -224,6 +224,19 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
if (dev == INVALID_HANDLE_VALUE)
goto error;
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Write timestamps are not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
if (bDevice)
{
@@ -313,13 +326,6 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
SetRandomPoolEnrichedByUserStatus (FALSE); /* force the display of the random enriching dialog */
- if (!bDevice && bPreserveTimestamp)
- {
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
- }
for (volumeType = TC_VOLUME_TYPE_NORMAL; volumeType < TC_VOLUME_TYPE_COUNT; volumeType++)
{
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index 4e8cfa4..3a0f522 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -55,7 +55,7 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
#define TC_APP_NAME "VeraCrypt"
// Version displayed to user
-#define VERSION_STRING "1.24-Hotfix2"
+#define VERSION_STRING "1.24-Update2"
#ifdef VC_EFI_CUSTOM_MODE
#define VERSION_STRING_SUFFIX "-CustomEFI"
@@ -67,9 +67,9 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
#define VERSION_NUM 0x0124
// Release date
-#define TC_STR_RELEASE_DATE L"November 4, 2019"
+#define TC_STR_RELEASE_DATE L"December 9, 2019"
#define TC_RELEASE_DATE_YEAR 2019
-#define TC_RELEASE_DATE_MONTH 11
+#define TC_RELEASE_DATE_MONTH 12
#define BYTES_PER_KB 1024LL
#define BYTES_PER_MB 1048576LL
@@ -263,6 +263,10 @@ extern ULONG AllocTag;
typedef int BOOL;
#endif
+#ifndef BOOLEAN
+typedef unsigned char BOOLEAN;
+#endif
+
#ifndef TRUE
#define TRUE 1
#endif
@@ -289,6 +293,8 @@ typedef NTSTATUS (NTAPI *ExGetFirmwareEnvironmentVariableFn) (
PULONG Attributes
);
+typedef BOOLEAN (NTAPI *KeAreAllApcsDisabledFn) ();
+
extern NTSTATUS NTAPI KeSaveExtendedProcessorState (
__in ULONG64 Mask,
PXSTATE_SAVE XStateSave
@@ -299,6 +305,9 @@ extern VOID NTAPI KeRestoreExtendedProcessorState (
PXSTATE_SAVE XStateSave
);
+extern BOOLEAN VC_KeAreAllApcsDisabled (VOID);
+
+
#else /* !TC_WINDOWS_DRIVER */
#if !defined(_UEFI)
#define TCalloc malloc
diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp
index 372c450..499ea43 100644
--- a/src/Core/Unix/CoreUnix.cpp
+++ b/src/Core/Unix/CoreUnix.cpp
@@ -465,6 +465,7 @@ namespace VeraCrypt
continue;
}
+ options.Password.reset();
throw;
}
@@ -473,8 +474,10 @@ namespace VeraCrypt
if (options.Path->IsDevice())
{
- if (volume->GetFile()->GetDeviceSectorSize() != volume->GetSectorSize())
- throw ParameterIncorrect (SRC_POS);
+ const uint32 devSectorSize = volume->GetFile()->GetDeviceSectorSize();
+ const size_t volSectorSize = volume->GetSectorSize();
+ if (devSectorSize != volSectorSize)
+ throw DeviceSectorSizeMismatch (SRC_POS, StringConverter::ToWide(devSectorSize) + L" != " + StringConverter::ToWide(volSectorSize));
}
// Find a free mount point for FUSE service
diff --git a/src/Crypto/Aeskey.c b/src/Crypto/Aeskey.c
index c9ab026..9b7bfd1 100644
--- a/src/Crypto/Aeskey.c
+++ b/src/Crypto/Aeskey.c
@@ -27,6 +27,7 @@
#include "Aesopt.h"
#include "Aestab.h"
+#include "Common/Tcdefs.h"
#ifdef USE_VIA_ACE_IF_PRESENT
# include "aes_via_ace.h"
@@ -95,6 +96,8 @@ AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -147,6 +150,8 @@ AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -202,6 +207,8 @@ AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -352,6 +359,8 @@ AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -439,6 +448,8 @@ AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -538,6 +549,8 @@ AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
diff --git a/src/Crypto/Camellia.c b/src/Crypto/Camellia.c
index 49bc767..b3a3578 100644
--- a/src/Crypto/Camellia.c
+++ b/src/Crypto/Camellia.c
@@ -3,7 +3,7 @@
#include "Crypto/cpu.h"
#include "Crypto/misc.h"
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
/* camellia.c ver 1.2.0-x86_64_asm1.1
*
diff --git a/src/Crypto/Camellia.h b/src/Crypto/Camellia.h
index 988203d..a1cb832 100644
--- a/src/Crypto/Camellia.h
+++ b/src/Crypto/Camellia.h
@@ -17,7 +17,7 @@ void camellia_set_key(const unsigned __int8 userKey[], unsigned __int8 *ks);
void camellia_encrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
void camellia_decrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
void camellia_encrypt_blocks(unsigned __int8 *ks, const byte* in_blk, byte* out_blk, uint32 blockCount);
void camellia_decrypt_blocks(unsigned __int8 *ks, const byte* in_blk, byte* out_blk, uint32 blockCount);
#endif
diff --git a/src/Crypto/Sha2.c b/src/Crypto/Sha2.c
index f214f6d..31cba7f 100644
--- a/src/Crypto/Sha2.c
+++ b/src/Crypto/Sha2.c
@@ -10,7 +10,7 @@ and released into public domain.
#include "Crypto/cpu.h"
#include "Crypto/misc.h"
-#ifdef _UEFI
+#if defined(_UEFI) || defined(CRYPTOPP_DISABLE_ASM)
#define NO_OPTIMIZED_VERSIONS
#endif
@@ -774,7 +774,7 @@ void sha256_begin(sha256_ctx* ctx)
if (!sha256transfunc)
{
#ifndef NO_OPTIMIZED_VERSIONS
-#ifdef _M_X64
+#if CRYPTOPP_BOOL_X64
if (g_isIntel && HasSAVX2() && HasSBMI2())
sha256transfunc = Avx2Sha256Transform;
else if (g_isIntel && HasSAVX())
diff --git a/src/Crypto/Sha2.h b/src/Crypto/Sha2.h
index 37625ce..7e90abf 100644
--- a/src/Crypto/Sha2.h
+++ b/src/Crypto/Sha2.h
@@ -22,7 +22,7 @@ extern "C" {
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(32)
#else
#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(16)
diff --git a/src/Crypto/Twofish.c b/src/Crypto/Twofish.c
index 8ab5908..f0906f1 100644
--- a/src/Crypto/Twofish.c
+++ b/src/Crypto/Twofish.c
@@ -54,7 +54,7 @@
#define UNROLL_TWOFISH
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
/* these are 64-bit assembly implementation taken from https://github.com/jkivilin/supercop-blockciphers
Copyright 2011-2013 Jussi Kivilinna <jussi.kivilinna@iki.fi>
@@ -630,7 +630,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])
uint32 b = rotl32(MDSQ[0][Q[0][Q[0][Q[1][Q[1][i + 1] ^ key[28]] ^ key[20]] ^ key[12]] ^ key[4]] ^ MDSQ[1][Q[0][Q[1][Q[1][Q[0][i + 1] ^ key[29]] ^ key[21]] ^ key[13]] ^ key[5]]
^ MDSQ[2][Q[1][Q[0][Q[0][Q[0][i + 1] ^ key[30]] ^ key[22]] ^ key[14]] ^ key[6]] ^ MDSQ[3][Q[1][Q[1][Q[0][Q[1][i + 1] ^ key[31]] ^ key[23]] ^ key[15]] ^ key[7]], 8);
a += b;
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
if (i < 8)
{
instance->w[i] = a;
@@ -998,7 +998,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])
#ifndef TC_MINIMIZE_CODE_SIZE
-#if (CRYPTOPP_BOOL_X64 == 0)
+#if (CRYPTOPP_BOOL_X64 == 0) || defined(CRYPTOPP_DISABLE_ASM)
void twofish_encrypt(TwofishInstance *ks, const u4byte in_blk[4], u4byte out_blk[4])
{
uint32* rk = ks->l_key;
@@ -1071,7 +1071,7 @@ void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte o
#ifndef TC_MINIMIZE_CODE_SIZE
-#if (CRYPTOPP_BOOL_X64 == 0)
+#if (CRYPTOPP_BOOL_X64 == 0) || defined(CRYPTOPP_DISABLE_ASM)
void twofish_decrypt(TwofishInstance *ks, const u4byte in_blk[4], u4byte out_blk[4])
{
uint32* rk = ks->l_key;
diff --git a/src/Crypto/Twofish.h b/src/Crypto/Twofish.h
index cec99c7..e74826e 100644
--- a/src/Crypto/Twofish.h
+++ b/src/Crypto/Twofish.h
@@ -35,7 +35,7 @@ extern "C"
#endif
typedef struct
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
u4byte mk_tab[4][256], w[8], k[32];
#else
u4byte l_key[40];
@@ -54,7 +54,7 @@ typedef struct
/* in_key must be 32-bytes long */
void twofish_set_key(TwofishInstance *instance, const u4byte in_key[]);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
void twofish_encrypt_blocks(TwofishInstance *instance, const byte* in_blk, byte* out_blk, uint32 blockCount);
void twofish_decrypt_blocks(TwofishInstance *instance, const byte* in_blk, byte* out_blk, uint32 blockCount);
#define twofish_encrypt(instance,in_blk,out_blk) twofish_encrypt_blocks(instance, (const byte*) in_blk, (byte*) out_blk, 1)
diff --git a/src/Driver/Driver.rc b/src/Driver/Driver.rc
index f992ece..2d39980 100644
--- a/src/Driver/Driver.rc
+++ b/src/Driver/Driver.rc
@@ -27,8 +27,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,1
- PRODUCTVERSION 1,24,8,1
+ FILEVERSION 1,24,9,1
+ PRODUCTVERSION 1,24,9,1
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 1327c12..8caf7bf 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -1384,7 +1384,8 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
else
{
IO_STATUS_BLOCK ioStatus;
- PVOID buffer = TCalloc (max (pVerifyInformation->Length, PAGE_SIZE));
+ DWORD dwBuffersize = min (pVerifyInformation->Length, 16 * PAGE_SIZE);
+ PVOID buffer = TCalloc (dwBuffersize);
if (!buffer)
{
@@ -1392,14 +1393,29 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
}
else
{
- LARGE_INTEGER offset = pVerifyInformation->StartingOffset;
+ LARGE_INTEGER offset;
+ DWORD dwRemainingBytes = pVerifyInformation->Length, dwReadCount;
offset.QuadPart = ullNewOffset;
- Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, pVerifyInformation->Length, &offset, NULL);
- TCfree (buffer);
+ while (dwRemainingBytes)
+ {
+ dwReadCount = min (dwBuffersize, dwRemainingBytes);
+ Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, dwReadCount, &offset, NULL);
- if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != pVerifyInformation->Length)
- Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != dwReadCount)
+ {
+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ break;
+ }
+ else if (!NT_SUCCESS (Irp->IoStatus.Status))
+ break;
+
+ dwRemainingBytes -= dwReadCount;
+ offset.QuadPart += (ULONGLONG) dwReadCount;
+ }
+
+ burn (buffer, dwBuffersize);
+ TCfree (buffer);
}
}
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c
index c3344fd..e88105c 100644
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -303,7 +303,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
if (mount->bMountReadOnly || ntStatus == STATUS_ACCESS_DENIED)
{
ntStatus = ZwCreateFile (&Extension->hDeviceFile,
- GENERIC_READ | SYNCHRONIZE,
+ GENERIC_READ | (!bRawDevice && mount->bPreserveTimestamp? FILE_WRITE_ATTRIBUTES : 0) | SYNCHRONIZE,
&oaFileAttributes,
&IoStatusBlock,
NULL,
@@ -318,6 +318,26 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
NULL,
0);
+ if (!NT_SUCCESS (ntStatus) && !bRawDevice && mount->bPreserveTimestamp)
+ {
+ /* try again without FILE_WRITE_ATTRIBUTES */
+ ntStatus = ZwCreateFile (&Extension->hDeviceFile,
+ GENERIC_READ | SYNCHRONIZE,
+ &oaFileAttributes,
+ &IoStatusBlock,
+ NULL,
+ FILE_ATTRIBUTE_NORMAL |
+ FILE_ATTRIBUTE_SYSTEM,
+ exclusiveAccess ? FILE_SHARE_READ : FILE_SHARE_READ | FILE_SHARE_WRITE,
+ FILE_OPEN,
+ FILE_RANDOM_ACCESS |
+ FILE_WRITE_THROUGH |
+ (disableBuffering ? FILE_NO_INTERMEDIATE_BUFFERING : 0) |
+ FILE_SYNCHRONOUS_IO_NONALERT,
+ NULL,
+ 0);
+ }
+
if (NT_SUCCESS (ntStatus) && !mount->bMountReadOnly)
mount->VolumeMountedReadOnlyAfterAccessDenied = TRUE;
@@ -362,6 +382,18 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
Extension->fileLastWriteTime = FileBasicInfo.LastWriteTime;
Extension->fileLastChangeTime = FileBasicInfo.ChangeTime;
Extension->bTimeStampValid = TRUE;
+
+ // we tell the system not to update LastAccessTime, LastWriteTime, and ChangeTime
+ FileBasicInfo.CreationTime.QuadPart = 0;
+ FileBasicInfo.LastAccessTime.QuadPart = -1;
+ FileBasicInfo.LastWriteTime.QuadPart = -1;
+ FileBasicInfo.ChangeTime.QuadPart = -1;
+
+ ZwSetInformationFile (Extension->hDeviceFile,
+ &IoStatusBlock,
+ &FileBasicInfo,
+ sizeof (FileBasicInfo),
+ FileBasicInformation);
}
ntStatus = ZwQueryInformationFile (Extension->hDeviceFile,
diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c
index ec78a36..8db2b57 100644
--- a/src/ExpandVolume/ExpandVolume.c
+++ b/src/ExpandVolume/ExpandVolume.c
@@ -535,6 +535,27 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
if (dev == INVALID_HANDLE_VALUE)
goto error;
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Time timestamps are not modified
+ // in order to preserve plausible deniability of hidden volumes (last password change time is stored in the volume header).
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ /* Remember the container modification/creation date and time, (used to reset file date and time of
+ file-hosted volumes after password change (or attempt to), in order to preserve plausible deniability
+ of hidden volumes (last password change time is stored in the volume header). */
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ {
+ bTimeStampValid = FALSE;
+ MessageBoxW (hwndDlg, GetString ("GETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
+ }
+ else
+ bTimeStampValid = TRUE;
+ }
if (bDevice)
{
@@ -628,20 +649,6 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
goto error;
}
- if (!bDevice && bPreserveTimestamp)
- {
- /* Remember the container modification/creation date and time, (used to reset file date and time of
- file-hosted volumes after password change (or attempt to), in order to preserve plausible deniability
- of hidden volumes (last password change time is stored in the volume header). */
-
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- {
- bTimeStampValid = FALSE;
- MessageBoxW (hwndDlg, GetString ("GETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
- }
- else
- bTimeStampValid = TRUE;
- }
// Seek the volume header
headerOffset.QuadPart = TC_VOLUME_HEADER_OFFSET;
diff --git a/src/ExpandVolume/ExpandVolume.rc b/src/ExpandVolume/ExpandVolume.rc
index 860130e..4eb92ff 100644
--- a/src/ExpandVolume/ExpandVolume.rc
+++ b/src/ExpandVolume/ExpandVolume.rc
@@ -193,8 +193,8 @@ IDR_MOUNT_RSRC_HEADER HEADER "resource.h"
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,9,0
+ PRODUCTVERSION 1,24,9,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -211,11 +211,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Expander"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update2"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCryptExpander.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update2"
END
END
BLOCK "VarFileInfo"
diff --git a/src/ExpandVolume/WinMain.cpp b/src/ExpandVolume/WinMain.cpp
index 2710cc4..ffeabe0 100644
--- a/src/ExpandVolume/WinMain.cpp
+++ b/src/ExpandVolume/WinMain.cpp
@@ -957,7 +957,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (lw == IDM_HOMEPAGE )
{
ArrowWaitCursor ();
- ShellExecute (NULL, L"open", L"https://www.veracrypt.fr", NULL, NULL, SW_SHOWNORMAL);
+ SafeOpenURL (L"https://www.veracrypt.fr");
Sleep (200);
NormalCursor ();
diff --git a/src/Format/Format.rc b/src/Format/Format.rc
index 01ee4a5..f855dcf 100644
--- a/src/Format/Format.rc
+++ b/src/Format/Format.rc
@@ -28,8 +28,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,9,0
+ PRODUCTVERSION 1,24,9,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -46,11 +46,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Format"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update2"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Format.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update2"
END
END
BLOCK "VarFileInfo"
@@ -129,7 +129,7 @@ IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_SIZEBOX,25,22,71,14,ES_AUTOHSCROLL | ES_NUMBER
+ EDITTEXT IDC_SIZEBOX,0,22,96,14,ES_AUTOHSCROLL | ES_NUMBER
CONTROL "&KB",IDC_KB,"Button",BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,105,25,27,10
CONTROL "&MB",IDC_MB,"Button",BS_AUTORADIOBUTTON,140,25,27,10
CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,175,25,27,10
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index dba64c2..f886e0b 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -250,6 +250,7 @@ int CmdVolumeFilesystem = FILESYS_NONE;
unsigned __int64 CmdVolumeFileSize = 0;
BOOL CmdSparseFileSwitch = FALSE;
BOOL CmdQuickFormat = FALSE;
+BOOL CmdFastCreateFile = FALSE;
BOOL bForceOperation = FALSE;
@@ -282,6 +283,7 @@ BOOL bDisplayPoolContents = TRUE;
volatile BOOL bSparseFileSwitch = FALSE;
volatile BOOL quickFormat = FALSE;
+volatile BOOL fastCreateFile = FALSE;
volatile BOOL dynamicFormat = FALSE; /* this variable represents the sparse file flag. */
volatile int fileSystem = FILESYS_NONE;
volatile int clusterSize = 0;
@@ -2635,6 +2637,7 @@ static void __cdecl volTransformThreadFunction (void *hwndDlgArg)
volParams->clusterSize = clusterSize;
volParams->sparseFileSwitch = dynamicFormat;
volParams->quickFormat = quickFormat;
+ volParams->fastCreateFile = fastCreateFile;
volParams->sectorSize = GetFormatSectorSize();
volParams->realClusterSize = &realClusterSize;
volParams->password = &volumePassword;
@@ -3313,6 +3316,12 @@ BOOL IsSparseFile (HWND hwndDlg)
if (bPreserveTimestamp)
{
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (hFile, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (hFile, NULL, &ftLastAccessTime, NULL) == 0)
bTimeStampValid = FALSE;
else
@@ -3352,6 +3361,12 @@ BOOL GetFileVolSize (HWND hwndDlg, unsigned __int64 *size)
if (bPreserveTimestamp)
{
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (hFile, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (hFile, NULL, &ftLastAccessTime, NULL) == 0)
bTimeStampValid = FALSE;
else
@@ -4547,6 +4562,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (hwndDlg, IDT_RESCUE_DISK_INFO), bSystemIsGPT? GetString ("RESCUE_DISK_EFI_INFO"): GetString ("RESCUE_DISK_INFO"));
+ SetCheckBox (hwndDlg, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk);
SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
@@ -6222,6 +6238,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
quickFormat = CmdQuickFormat;
+ fastCreateFile = CmdFastCreateFile;
dynamicFormat = CmdSparseFileSwitch;
if (!GetDiskFreeSpaceEx (root, &free, 0, 0))
@@ -8982,6 +8999,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionForce,
OptionNoSizeCheck,
OptionQuickFormat,
+ OptionFastCreateFile,
};
argument args[]=
@@ -9004,6 +9022,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionForce, L"/force", NULL, FALSE },
{ OptionNoSizeCheck, L"/nosizecheck", NULL, FALSE },
{ OptionQuickFormat, L"/quick", NULL, FALSE },
+ { OptionFastCreateFile, L"/fastcreatefile", NULL, FALSE },
// Internal
{ CommandResumeSysEncLogOn, L"/acsysenc", L"/a", TRUE },
@@ -9360,6 +9379,10 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
CmdQuickFormat = TRUE;
break;
+ case OptionFastCreateFile:
+ CmdFastCreateFile = TRUE;
+ break;
+
case OptionHistory:
{
wchar_t szTmp[8] = {0};
diff --git a/src/Main/Forms/VolumeCreationWizard.cpp b/src/Main/Forms/VolumeCreationWizard.cpp
index c0201b0..b6d60f4 100644
--- a/src/Main/Forms/VolumeCreationWizard.cpp
+++ b/src/Main/Forms/VolumeCreationWizard.cpp
@@ -175,7 +175,7 @@ namespace VeraCrypt
else if (SelectedVolumeType == VolumeType::Hidden)
{
pageTitle = LangString["SIZE_HIDVOL_TITLE"];
- pageText = LangString["SIZE_HELP_HIDDEN_VOL"] + L"\n\n" + _("Please note that if your operating system does not allocate files from the beginning of the free space, the maximum possible hidden volume size may be much smaller than the size of the free space on the outer volume. This not a bug in VeraCrypt but a limitation of the operating system.");
+ pageText = LangString["SIZE_HELP_HIDDEN_VOL"] + L"\n\n" + _("Please note that if your operating system does not allocate files from the beginning of the free space, the maximum possible hidden volume size may be much smaller than the size of the free space on the outer volume. This is not a bug in VeraCrypt but a limitation of the operating system.");
freeSpaceText = StringFormatter (_("Maximum possible hidden volume size for this volume is {0}."), Gui->SizeToString (MaxHiddenVolumeSize));
}
else
diff --git a/src/Main/Forms/WaitDialog.cpp b/src/Main/Forms/WaitDialog.cpp
index 32555d3..2976a6e 100644
--- a/src/Main/Forms/WaitDialog.cpp
+++ b/src/Main/Forms/WaitDialog.cpp
@@ -45,6 +45,7 @@ namespace VeraCrypt
VC_CONVERT_EXCEPTION (RootDeviceUnavailable);
VC_CONVERT_EXCEPTION (DriveLetterUnavailable);
VC_CONVERT_EXCEPTION (DriverError);
+ VC_CONVERT_EXCEPTION (DeviceSectorSizeMismatch);
VC_CONVERT_EXCEPTION (EncryptedSystemRequired);
VC_CONVERT_EXCEPTION (HigherFuseVersionRequired);
VC_CONVERT_EXCEPTION (KernelCryptoServiceTestFailed);
diff --git a/src/Main/Main.make b/src/Main/Main.make
index a154a84..0cb4e15 100755
--- a/src/Main/Main.make
+++ b/src/Main/Main.make
@@ -81,15 +81,7 @@ CXXFLAGS += -I$(BASE_DIR)/Main
#------ wxWidgets configuration ------
-ifdef TC_NO_GUI
-ifdef VC_WX_STATIC
-WX_CONFIG_LIBS := base
-else
-WX_CONFIG_LIBS := adv,core,base
-endif
-else
WX_CONFIG_LIBS := adv,core,base
-endif
ifeq "$(TC_BUILD_CONFIG)" "Release"
diff --git a/src/Main/TextUserInterface.h b/src/Main/TextUserInterface.h
index 78874b8..95db02d 100644
--- a/src/Main/TextUserInterface.h
+++ b/src/Main/TextUserInterface.h
@@ -47,9 +47,7 @@ namespace VeraCrypt
virtual void ExportSecurityTokenKeyfile () const;
virtual shared_ptr <GetStringFunctor> GetAdminPasswordRequestHandler ();
virtual void ImportSecurityTokenKeyfiles () const;
-#ifndef TC_NO_GUI
virtual bool Initialize (int &argc, wxChar **argv) { return wxAppBase::Initialize(argc, argv); }
-#endif
virtual void InitSecurityTokenLibrary () const;
virtual void ListSecurityTokenKeyfiles () const;
virtual VolumeInfoList MountAllDeviceHostedVolumes (MountOptions &options) const;
diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp
index c124d18..35396b4 100644
--- a/src/Main/UserInterface.cpp
+++ b/src/Main/UserInterface.cpp
@@ -444,6 +444,7 @@ namespace VeraCrypt
{
#define EX2MSG(exception, message) do { if (ex == typeid (exception)) return (message); } while (false)
EX2MSG (DriveLetterUnavailable, LangString["DRIVE_LETTER_UNAVAILABLE"]);
+ EX2MSG (DeviceSectorSizeMismatch, _("Storage device and VC volume sector size mismatch"));
EX2MSG (EncryptedSystemRequired, _("This operation must be performed only when the system hosted on the volume is running."));
EX2MSG (ExternalException, LangString["EXCEPTION_OCCURRED"]);
EX2MSG (InsufficientData, _("Not enough data available."));
@@ -1588,6 +1589,7 @@ namespace VeraCrypt
VC_CONVERT_EXCEPTION (RootDeviceUnavailable);
VC_CONVERT_EXCEPTION (DriveLetterUnavailable);
VC_CONVERT_EXCEPTION (DriverError);
+ VC_CONVERT_EXCEPTION (DeviceSectorSizeMismatch);
VC_CONVERT_EXCEPTION (EncryptedSystemRequired);
VC_CONVERT_EXCEPTION (HigherFuseVersionRequired);
VC_CONVERT_EXCEPTION (KernelCryptoServiceTestFailed);
diff --git a/src/Makefile b/src/Makefile
index fe0c143..1b08442 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -70,7 +70,6 @@ endif
ifeq "$(origin NOGUI)" "command line"
export TC_NO_GUI := 1
C_CXX_FLAGS += -DTC_NO_GUI
- WX_CONFIGURE_FLAGS += --disable-gui
endif
ifdef PKCS11_INC
@@ -151,6 +150,7 @@ endif
ifeq "$(origin NOASM)" "command line"
CPU_ARCH = unknown
+ C_CXX_FLAGS += -DCRYPTOPP_DISABLE_X86ASM
endif
ifeq "$(CPU_ARCH)" "x86"
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 9ba4ae8..ac25ba5 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -5061,7 +5061,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
else if (!Silent)
{
int GuiPkcs5 = EffectiveVolumePkcs5;
- BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
+ BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode || IsTrueCryptFileExtension (szFileName)? TRUE : FALSE;
int GuiPim = EffectiveVolumePim;
StringCbCopyW (PasswordDlgVolume, sizeof(PasswordDlgVolume), szFileName);
@@ -9436,9 +9436,16 @@ static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl,
{
// re-install our bootloader again in case the update process has removed it.
bool bForceSetNextBoot = false;
- if (BootEncObj->ReadServiceConfigurationFlags () & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT)
+ bool bSetBootentry = true;
+ bool bForceFirstBootEntry = true;
+ uint32 flags = BootEncObj->ReadServiceConfigurationFlags ();
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT)
bForceSetNextBoot = true;
- BootEncryption bootEnc (NULL, true, bForceSetNextBoot);
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY)
+ bSetBootentry = false;
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY)
+ bForceFirstBootEntry = false;
+ BootEncryption bootEnc (NULL, true, bSetBootentry, bForceFirstBootEntry, bForceSetNextBoot);
bootEnc.InstallBootLoader (true);
}
}
@@ -10854,6 +10861,21 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
nStatus = ERR_OS_ERROR;
goto error;
}
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access timestamp is not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ /* Remember the container modification/creation date and time. */
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
// Determine volume host size
if (bDevice)
@@ -10924,15 +10946,6 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
hostSize = fileSize.QuadPart;
}
- if (!bDevice && bPreserveTimestamp)
- {
- /* Remember the container modification/creation date and time. */
-
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
- }
/* Read the volume header from the backup file */
char buffer[TC_VOLUME_HEADER_GROUP_SIZE];
@@ -11725,13 +11738,14 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
while (TextEditDialogBox(FALSE, hwndDlg, GetString ("BOOT_LOADER_CONFIGURATION_FILE"), dcsprop) == IDOK)
{
- if (0 == strcmp(dcsprop.c_str(), currentDcsprop.c_str()))
+ const char* dcspropContent = dcsprop.c_str();
+ if (0 == strcmp(dcspropContent, currentDcsprop.c_str()))
{
break;
}
- else if (validateDcsPropXml (dcsprop.c_str()))
+ else if (validateDcsPropXml (dcspropContent))
{
- WriteESPFile (L"\\EFI\\VeraCrypt\\DcsProp", (LPBYTE) dcsprop.c_str(), (DWORD) dcsprop.size(), true);
+ WriteESPFile (L"\\EFI\\VeraCrypt\\DcsProp", (LPBYTE) dcspropContent, (DWORD) strlen (dcspropContent), true);
break;
}
else
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index 275559e..8b6006d 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -548,8 +548,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,9,0
+ PRODUCTVERSION 1,24,9,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -566,11 +566,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update2"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update2"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Platform/Exception.h b/src/Platform/Exception.h
index 71cfa1c..b0f04bb 100644
--- a/src/Platform/Exception.h
+++ b/src/Platform/Exception.h
@@ -82,6 +82,7 @@ namespace VeraCrypt
TC_EXCEPTION_NODECL (ExecutedProcessFailed); \
TC_EXCEPTION (AlreadyInitialized); \
TC_EXCEPTION (AssertionFailed); \
+ TC_EXCEPTION (DeviceSectorSizeMismatch); \
TC_EXCEPTION (ExternalException); \
TC_EXCEPTION (InsufficientData); \
TC_EXCEPTION (NotApplicable); \
diff --git a/src/Release/Setup Files/veracrypt-x64.cat b/src/Release/Setup Files/veracrypt-x64.cat
index 3669eb8..f0d8695 100644
--- a/src/Release/Setup Files/veracrypt-x64.cat
+++ b/src/Release/Setup Files/veracrypt-x64.cat
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt-x64.sys b/src/Release/Setup Files/veracrypt-x64.sys
index f0dbae0..0644d96 100644
--- a/src/Release/Setup Files/veracrypt-x64.sys
+++ b/src/Release/Setup Files/veracrypt-x64.sys
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt.Inf b/src/Release/Setup Files/veracrypt.Inf
index e2e1691..ebbd9ab 100644
--- a/src/Release/Setup Files/veracrypt.Inf
+++ b/src/Release/Setup Files/veracrypt.Inf
@@ -2,7 +2,7 @@
;;; VeraCrypt
;;;
;;;
-;;; Copyright (c) 2018, IDRIX
+;;; Copyright (c) 2019, IDRIX
;;;
[Version]
@@ -10,7 +10,7 @@ signature = "$Windows NT$"
Class = "Encryption" ;This is determined by the work this filter driver does
ClassGuid = {a0a701c0-a511-42ff-aa6c-06dc0395576f} ;This value is determined by the Class
Provider = %ProviderString%
-DriverVer = 11/05/2019,1.24.8.1
+DriverVer = 12/09/2019,1.24.9.1
CatalogFile = veracrypt.cat
diff --git a/src/Release/Setup Files/veracrypt.cat b/src/Release/Setup Files/veracrypt.cat
index c7004e9..25693f5 100644
--- a/src/Release/Setup Files/veracrypt.cat
+++ b/src/Release/Setup Files/veracrypt.cat
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt.sys b/src/Release/Setup Files/veracrypt.sys
index 353c41a..8cf659a 100644
--- a/src/Release/Setup Files/veracrypt.sys
+++ b/src/Release/Setup Files/veracrypt.sys
Binary files differ
diff --git a/src/Setup/MacOSX/veracrypt.pkgproj b/src/Setup/MacOSX/veracrypt.pkgproj
index 55a3e0b..80cff11 100755
--- a/src/Setup/MacOSX/veracrypt.pkgproj
+++ b/src/Setup/MacOSX/veracrypt.pkgproj
@@ -555,7 +555,7 @@
<key>USE_HFS+_COMPRESSION</key>
<false/>
<key>VERSION</key>
- <string>1.24.8</string>
+ <string>1.24.9</string>
</dict>
<key>TYPE</key>
<integer>0</integer>
@@ -1059,7 +1059,7 @@ https://osxfuse.github.io/
</dict>
</array>
<key>NAME</key>
- <string>VeraCrypt 1.24-Hotfix2</string>
+ <string>VeraCrypt 1.24-Update2</string>
<key>PAYLOAD_ONLY</key>
<false/>
<key>TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING</key>
diff --git a/src/Setup/MacOSX/veracrypt_Legacy.pkgproj b/src/Setup/MacOSX/veracrypt_Legacy.pkgproj
index d941bf2..bb7e862 100755
--- a/src/Setup/MacOSX/veracrypt_Legacy.pkgproj
+++ b/src/Setup/MacOSX/veracrypt_Legacy.pkgproj
@@ -555,7 +555,7 @@
<key>USE_HFS+_COMPRESSION</key>
<false/>
<key>VERSION</key>
- <string>1.24.8</string>
+ <string>1.24.9</string>
</dict>
<key>TYPE</key>
<integer>0</integer>
@@ -1059,7 +1059,7 @@ https://osxfuse.github.io/
</dict>
</array>
<key>NAME</key>
- <string>VeraCrypt Legacy 1.24-Hotfix2</string>
+ <string>VeraCrypt Legacy 1.24-Update2</string>
<key>PAYLOAD_ONLY</key>
<false/>
<key>TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING</key>
diff --git a/src/Setup/Portable.rc b/src/Setup/Portable.rc
index a866473..76c208b 100644
--- a/src/Setup/Portable.rc
+++ b/src/Setup/Portable.rc
@@ -26,8 +26,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,9,0
+ PRODUCTVERSION 1,24,9,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -44,11 +44,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Portable"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update2"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Portable.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update2"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Setup/Setup.rc b/src/Setup/Setup.rc
index 02957c0..6a407bd 100644
--- a/src/Setup/Setup.rc
+++ b/src/Setup/Setup.rc
@@ -28,8 +28,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,9,0
+ PRODUCTVERSION 1,24,9,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -46,11 +46,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Setup"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update2"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Setup.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update2"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Signing/sign.bat b/src/Signing/sign.bat
index eb40b44..2c46bd6 100644
--- a/src/Signing/sign.bat
+++ b/src/Signing/sign.bat
@@ -1,6 +1,6 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Hotfix2
+set VC_VERSION=1.24-Update2
set SIGNINGPATH=%~dp0
cd %SIGNINGPATH%
diff --git a/src/Signing/sign_test.bat b/src/Signing/sign_test.bat
index 6bf9289..ca99db6 100644
--- a/src/Signing/sign_test.bat
+++ b/src/Signing/sign_test.bat
@@ -1,5 +1,5 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Hotfix2
+set VC_VERSION=1.24-Update2
set PFXNAME=TestCertificate\idrix_codeSign.pfx
set PFXPASSWORD=idrix
set PFXCA=TestCertificate\idrix_TestRootCA.crt
diff --git a/src/Signing/sign_test_debug.bat b/src/Signing/sign_test_debug.bat
index 8c98ebc..d804c38 100644
--- a/src/Signing/sign_test_debug.bat
+++ b/src/Signing/sign_test_debug.bat
@@ -1,5 +1,5 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Hotfix2
+set VC_VERSION=1.24-Update2
set PFXNAME=TestCertificate\idrix_codeSign.pfx
set PFXPASSWORD=idrix
set PFXCA=TestCertificate\idrix_TestRootCA.crt
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp
index 32f61b7..40507a2 100644
--- a/src/Volume/Cipher.cpp
+++ b/src/Volume/Cipher.cpp
@@ -247,7 +247,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
+#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM)
if ((blockCount >= 4)
&& IsHwSupportAvailable())
{
@@ -263,7 +263,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
+#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM)
if ((blockCount >= 4)
&& IsHwSupportAvailable())
{
@@ -318,7 +318,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
twofish_encrypt_blocks ( (TwofishInstance *) ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::EncryptBlocks (data, blockCount);
@@ -330,7 +330,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
twofish_decrypt_blocks ( (TwofishInstance *) ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::DecryptBlocks (data, blockCount);
@@ -339,7 +339,7 @@ namespace VeraCrypt
bool CipherTwofish::IsHwSupportAvailable () const
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
return true;
#else
return false;
@@ -372,7 +372,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
camellia_encrypt_blocks ( ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::EncryptBlocks (data, blockCount);
@@ -384,7 +384,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
camellia_decrypt_blocks ( ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::DecryptBlocks (data, blockCount);
@@ -393,7 +393,7 @@ namespace VeraCrypt
bool CipherCamellia::IsHwSupportAvailable () const
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
return true;
#else
return false;