9 files changed, 51 insertions, 29 deletions
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index d3510052..0da212f6 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -988,6 +988,7 @@ static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilte
 
 	// Dismount the system drive on shutdown on Windows 7 and later
 	if (DriverShuttingDown
+		&& EraseKeysOnShutdown
 		&& IsOSAtLeast (WIN_7)
 		&& Extension->BootDrive
 		&& Extension->DriveMounted
diff --git a/src/Driver/Driver.rc b/src/Driver/Driver.rc
index 3af073ce..b61ce330 100644
--- a/src/Driver/Driver.rc
+++ b/src/Driver/Driver.rc
@@ -27,8 +27,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,25,6,1
- PRODUCTVERSION 1,25,6,1
+ FILEVERSION 1,26,0,0
+ PRODUCTVERSION 1,26,0,0
  FILEFLAGSMASK 0x17L
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -45,11 +45,11 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "IDRIX"
             VALUE "FileDescription", "VeraCrypt Driver"
-            VALUE "FileVersion", "1.25"
+            VALUE "FileVersion", "1.26"
             VALUE "LegalTrademarks", "VeraCrypt"
             VALUE "OriginalFilename", "veracrypt.sys"
             VALUE "ProductName", "VeraCrypt"
-            VALUE "ProductVersion", "1.25"
+            VALUE "ProductVersion", "1.26"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/src/Driver/Driver.vcxproj b/src/Driver/Driver.vcxproj
index 58a21d3d..7c92f05b 100644
--- a/src/Driver/Driver.vcxproj
+++ b/src/Driver/Driver.vcxproj
@@ -192,6 +192,10 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry
   <ItemDefinitionGroup>
   </ItemDefinitionGroup>
   <ItemGroup>
+    <ClCompile Include="..\Crypto\blake2s.c" />
+    <ClCompile Include="..\Crypto\blake2s_SSE2.c" />
+    <ClCompile Include="..\Crypto\blake2s_SSE41.c" />
+    <ClCompile Include="..\Crypto\blake2s_SSSE3.c" />
     <ClCompile Include="..\Crypto\Camellia.c" />
     <ClCompile Include="..\Crypto\chacha-xmm.c" />
     <ClCompile Include="..\Crypto\chacha256.c" />
@@ -223,7 +227,6 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry
     <ClCompile Include="..\Common\Xts.c" />
     <ClCompile Include="..\Crypto\Aeskey.c" />
     <ClCompile Include="..\Crypto\Aestab.c" />
-    <ClCompile Include="..\Crypto\Rmd160.c" />
     <ClCompile Include="..\Crypto\Sha2.c" />
     <ClCompile Include="..\Crypto\Twofish.c" />
     <ClCompile Include="..\Crypto\Whirlpool.c" />
diff --git a/src/Driver/Driver.vcxproj.filters b/src/Driver/Driver.vcxproj.filters
index f260fb56..41d7a8c4 100644
--- a/src/Driver/Driver.vcxproj.filters
+++ b/src/Driver/Driver.vcxproj.filters
@@ -87,9 +87,6 @@
     <ClCompile Include="..\Crypto\Aestab.c">
       <Filter>Source Files\Crypto</Filter>
     </ClCompile>
-    <ClCompile Include="..\Crypto\Rmd160.c">
-      <Filter>Source Files\Crypto</Filter>
-    </ClCompile>
     <ClCompile Include="..\Crypto\Sha2.c">
       <Filter>Source Files\Crypto</Filter>
     </ClCompile>
@@ -135,6 +132,18 @@
     <ClCompile Include="..\Crypto\t1ha2_selfcheck.c">
       <Filter>Source Files\Crypto</Filter>
     </ClCompile>
+    <ClCompile Include="..\Crypto\blake2s.c">
+      <Filter>Source Files\Crypto</Filter>
+    </ClCompile>
+    <ClCompile Include="..\Crypto\blake2s_SSE2.c">
+      <Filter>Source Files\Crypto</Filter>
+    </ClCompile>
+    <ClCompile Include="..\Crypto\blake2s_SSE41.c">
+      <Filter>Source Files\Crypto</Filter>
+    </ClCompile>
+    <ClCompile Include="..\Crypto\blake2s_SSSE3.c">
+      <Filter>Source Files\Crypto</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <None Include="..\Crypto\Aes_hw_cpu.asm">
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 6f068a8f..e70c0463 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -135,6 +135,7 @@ BOOL CacheBootPim = FALSE;
 BOOL NonAdminSystemFavoritesAccessDisabled = FALSE;
 BOOL BlockSystemTrimCommand = FALSE;
 BOOL AllowWindowsDefrag = FALSE;
+BOOL EraseKeysOnShutdown = TRUE; // by default, we erase encryption keys on system shutdown
 static size_t EncryptionThreadPoolFreeCpuCountLimit = 0;
 static BOOL SystemFavoriteVolumeDirty = FALSE;
 static BOOL PagingFileCreationPrevented = FALSE;
@@ -4856,6 +4857,19 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
 		
 	}
 
+	if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ERASE_KEYS_SHUTDOWN, &data)))
+	{
+		if (data->Type == REG_DWORD)
+		{
+			if (*((uint32 *) data->Data))
+				EraseKeysOnShutdown = TRUE;
+			else
+				EraseKeysOnShutdown = FALSE;
+		}
+
+		TCfree (data);
+	}
+
 
 	return status;
 }
diff --git a/src/Driver/Ntdriver.h b/src/Driver/Ntdriver.h
index b7e2d56e..3bbeb457 100644
--- a/src/Driver/Ntdriver.h
+++ b/src/Driver/Ntdriver.h
@@ -128,6 +128,7 @@ extern BOOL AllowWindowsDefrag;
 extern int EncryptionIoRequestCount;
 extern int EncryptionItemCount;
 extern int EncryptionFragmentSize;
+extern BOOL EraseKeysOnShutdown;
 /* Helper macro returning x seconds in units of 100 nanoseconds */
 #define WAIT_SECONDS(x) ((x)*10000000)
 
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c
index 45a07cdb..ebef6c37 100644
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -58,6 +58,8 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 	BOOL forceAccessCheck = !bRawDevice;
 	BOOL disableBuffering = TRUE;
 	BOOL exclusiveAccess = mount->bExclusiveAccess;
+	/* when mounting with hidden volume protection, we cache the passwords after both outer and hidden volumes are mounted successfully*/
+	BOOL bAutoCachePassword = mount->bProtectHiddenVolume? FALSE : mount->bCache;
 
 	Extension->pfoDeviceFile = NULL;
 	Extension->hDeviceFile = NULL;
@@ -602,7 +604,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 		{
 			mount->nReturnCode = ReadVolumeHeaderWCache (
 				FALSE,
-				mount->bCache,
+				bAutoCachePassword,
 				mount->bCachePim,
 				readBuffer,
 				&mount->ProtectedHidVolPassword,
@@ -615,7 +617,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 		{
 			mount->nReturnCode = ReadVolumeHeaderWCache (
 				mount->bPartitionInInactiveSysEncScope && volumeType == TC_VOLUME_TYPE_NORMAL,
-				mount->bCache,
+				bAutoCachePassword,
 				mount->bCachePim,
 				readBuffer,
 				&mount->VolumePassword,
@@ -826,6 +828,13 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 			// decrypt the hidden volume header.
 			if (!(volumeType == TC_VOLUME_TYPE_NORMAL && mount->bProtectHiddenVolume))
 			{
+				/* in case of mounting with hidden volume protection, we cache both passwords manually after bother outer and hidden volumes are mounted*/
+				if (mount->bProtectHiddenVolume && mount->bCache)
+				{
+					AddPasswordToCache(&mount->VolumePassword, mount->VolumePim, mount->bCachePim);
+					AddPasswordToCache(&mount->ProtectedHidVolPassword, mount->ProtectedHidVolPim, mount->bCachePim);
+				}
+
 				TCfree (readBuffer);
 
 				if (tmpCryptoInfo != NULL)
diff --git a/src/Driver/veracrypt_vs2019.vcxproj b/src/Driver/veracrypt_vs2019.vcxproj
index 4c09db94..f06f8974 100644
--- a/src/Driver/veracrypt_vs2019.vcxproj
+++ b/src/Driver/veracrypt_vs2019.vcxproj
@@ -33,12 +33,12 @@
     <ClCompile Include="..\Crypto\Aescrypt.c" />
     <ClCompile Include="..\Crypto\Aeskey.c" />
     <ClCompile Include="..\Crypto\Aestab.c" />
+    <ClCompile Include="..\Crypto\blake2s.c" />
     <ClCompile Include="..\Crypto\Camellia.c" />
     <ClCompile Include="..\Crypto\chacha-xmm.c" />
     <ClCompile Include="..\Crypto\chacha256.c" />
     <ClCompile Include="..\Crypto\chachaRng.c" />
     <ClCompile Include="..\Crypto\cpu.c" />
-    <ClCompile Include="..\Crypto\GostCipher.c" />
     <ClCompile Include="..\Crypto\jitterentropy-base.c" />
     <ClCompile Include="..\Crypto\kuznyechik.c" />
     <ClCompile Include="..\Crypto\kuznyechik_simd.c">
@@ -53,7 +53,6 @@
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
     </ClCompile>
-    <ClCompile Include="..\Crypto\Rmd160.c" />
     <ClCompile Include="..\Crypto\SerpentFast.c" />
     <ClCompile Include="..\Crypto\SerpentFast_simd.cpp">
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
@@ -310,14 +309,6 @@
     </CustomBuild>
   </ItemGroup>
   <ItemGroup>
-    <CustomBuild Include="..\Crypto\Gost89_x64.asm">
-      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
-      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
-      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
-      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
-    </CustomBuild>
-  </ItemGroup>
-  <ItemGroup>
     <CustomBuild Include="..\Crypto\Twofish_x64.S">
       <FileType>Document</FileType>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
diff --git a/src/Driver/veracrypt_vs2019.vcxproj.filters b/src/Driver/veracrypt_vs2019.vcxproj.filters
index 468c686f..2940815c 100644
--- a/src/Driver/veracrypt_vs2019.vcxproj.filters
+++ b/src/Driver/veracrypt_vs2019.vcxproj.filters
@@ -67,9 +67,6 @@
     <ClCompile Include="..\Crypto\cpu.c">
       <Filter>Crypto\Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="..\Crypto\GostCipher.c">
-      <Filter>Crypto\Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="..\Crypto\jitterentropy-base.c">
       <Filter>Crypto\Source Files</Filter>
     </ClCompile>
@@ -82,9 +79,6 @@
     <ClCompile Include="..\Crypto\rdrand.c">
       <Filter>Crypto\Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="..\Crypto\Rmd160.c">
-      <Filter>Crypto\Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="..\Crypto\SerpentFast.c">
       <Filter>Crypto\Source Files</Filter>
     </ClCompile>
@@ -151,6 +145,9 @@
     <ClCompile Include="Ntdriver.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\Crypto\blake2s.c">
+      <Filter>Crypto\Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="DriveFilter.h">
@@ -269,9 +266,6 @@
     <CustomBuild Include="..\Crypto\Aes_x86.asm">
       <Filter>Crypto\Source Files</Filter>
     </CustomBuild>
-    <CustomBuild Include="..\Crypto\Gost89_x64.asm">
-      <Filter>Crypto\Source Files</Filter>
-    </CustomBuild>
     <CustomBuild Include="..\Crypto\Twofish_x64.S">
       <Filter>Crypto\Source Files</Filter>
     </CustomBuild>