VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Boot/EFI/DcsBoot.efibin24088 -> 24088 bytes
-rw-r--r--src/Boot/EFI/DcsBoot32.efibin20472 -> 20472 bytes
-rw-r--r--src/Boot/EFI/DcsCfg.efibin953400 -> 953528 bytes
-rw-r--r--src/Boot/EFI/DcsCfg32.efibin816024 -> 816152 bytes
-rw-r--r--src/Boot/EFI/DcsInfo.efibin37144 -> 37144 bytes
-rw-r--r--src/Boot/EFI/DcsInfo32.efibin33880 -> 33880 bytes
-rw-r--r--src/Boot/EFI/DcsInt.efibin911864 -> 912184 bytes
-rw-r--r--src/Boot/EFI/DcsInt32.efibin794936 -> 795160 bytes
-rw-r--r--src/Boot/EFI/DcsRe.efibin28472 -> 28472 bytes
-rw-r--r--src/Boot/EFI/DcsRe32.efibin24056 -> 24056 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker.efibin9816 -> 9816 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker32.efibin9560 -> 9560 bytes
-rw-r--r--src/Build/CMakeLists.txt58
-rw-r--r--src/Build/Resources/MacOSX/Info.plist.legacy.xml2
-rw-r--r--src/Build/Resources/MacOSX/Info.plist.xml2
-rwxr-xr-xsrc/Build/build_cmake_deb.sh34
-rw-r--r--src/Build/build_cmake_opensuse.sh4
-rwxr-xr-xsrc/Build/build_veracrypt_macosx.sh2
-rw-r--r--src/Common/Cmdline.c4
-rw-r--r--src/Common/Crypto.c6
-rw-r--r--src/Common/Dlgcode.c48
-rw-r--r--src/Common/Dlgcode.h2
-rw-r--r--src/Common/EncryptionThreadPool.c83
-rw-r--r--src/Common/Fat.c36
-rw-r--r--src/Common/Format.c97
-rw-r--r--src/Common/Format.h1
-rw-r--r--src/Common/Tcdefs.h23
-rw-r--r--src/Core/Unix/CoreUnix.cpp2
-rw-r--r--src/Crypto/Aeskey.c13
-rw-r--r--src/Crypto/Camellia.c2
-rw-r--r--src/Crypto/Camellia.h2
-rw-r--r--src/Crypto/Sha2.c4
-rw-r--r--src/Crypto/Sha2.h2
-rw-r--r--src/Crypto/Twofish.c8
-rw-r--r--src/Crypto/Twofish.h4
-rw-r--r--src/Driver/Driver.rc4
-rw-r--r--src/Driver/Ntdriver.c94
-rw-r--r--src/Driver/Ntdriver.h2
-rw-r--r--src/ExpandVolume/ExpandVolume.c46
-rw-r--r--src/ExpandVolume/ExpandVolume.rc8
-rw-r--r--src/ExpandVolume/InitDataArea.c27
-rw-r--r--src/ExpandVolume/WinMain.cpp69
-rw-r--r--src/Format/Format.rc12
-rw-r--r--src/Format/InPlace.c58
-rw-r--r--src/Format/Tcformat.c24
-rw-r--r--src/Format/VeraCrypt_Wizard.bmpbin190998 -> 193446 bytes
-rw-r--r--src/Main/Forms/MainFrame.cpp14
-rw-r--r--src/Main/Forms/MainFrame.h32
-rw-r--r--src/Main/Forms/VolumeSizeWizardPage.cpp2
-rwxr-xr-xsrc/Main/Main.make4
-rw-r--r--src/Main/TextUserInterface.h2
-rw-r--r--src/Makefile3
-rw-r--r--src/Mount/Mount.c77
-rw-r--r--src/Mount/Mount.rc8
-rw-r--r--src/Mount/Mount.vcxproj.user3
-rw-r--r--src/Release/Setup Files/veracrypt-x64.catbin10607 -> 10611 bytes
-rw-r--r--src/Release/Setup Files/veracrypt-x64.sysbin831320 -> 831840 bytes
-rw-r--r--src/Release/Setup Files/veracrypt.Inf4
-rw-r--r--src/Release/Setup Files/veracrypt.catbin10765 -> 10554 bytes
-rw-r--r--src/Release/Setup Files/veracrypt.sysbin768560 -> 798304 bytes
-rwxr-xr-xsrc/Setup/MacOSX/veracrypt.pkgproj4
-rwxr-xr-xsrc/Setup/MacOSX/veracrypt_Legacy.pkgproj4
-rw-r--r--src/Setup/Portable.rc8
-rw-r--r--src/Setup/Setup.rc8
-rw-r--r--src/Signing/sign.bat2
-rw-r--r--src/Signing/sign_test.bat2
-rw-r--r--src/Signing/sign_test_debug.bat2
-rw-r--r--src/Volume/Cipher.cpp16
68 files changed, 836 insertions, 142 deletions
diff --git a/src/Boot/EFI/DcsBoot.efi b/src/Boot/EFI/DcsBoot.efi
index 185c6a0..0fcd48e 100644
--- a/src/Boot/EFI/DcsBoot.efi
+++ b/src/Boot/EFI/DcsBoot.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsBoot32.efi b/src/Boot/EFI/DcsBoot32.efi
index 0e95330..48db0ca 100644
--- a/src/Boot/EFI/DcsBoot32.efi
+++ b/src/Boot/EFI/DcsBoot32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg.efi b/src/Boot/EFI/DcsCfg.efi
index 32e2051..03c9761 100644
--- a/src/Boot/EFI/DcsCfg.efi
+++ b/src/Boot/EFI/DcsCfg.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg32.efi b/src/Boot/EFI/DcsCfg32.efi
index ace6379..22cc0d5 100644
--- a/src/Boot/EFI/DcsCfg32.efi
+++ b/src/Boot/EFI/DcsCfg32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInfo.efi b/src/Boot/EFI/DcsInfo.efi
index 73ee873..6be1cb8 100644
--- a/src/Boot/EFI/DcsInfo.efi
+++ b/src/Boot/EFI/DcsInfo.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInfo32.efi b/src/Boot/EFI/DcsInfo32.efi
index f0ca687..006adfb 100644
--- a/src/Boot/EFI/DcsInfo32.efi
+++ b/src/Boot/EFI/DcsInfo32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt.efi b/src/Boot/EFI/DcsInt.efi
index 8ba5c28..a0c2975 100644
--- a/src/Boot/EFI/DcsInt.efi
+++ b/src/Boot/EFI/DcsInt.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt32.efi b/src/Boot/EFI/DcsInt32.efi
index 85fa724..991885f 100644
--- a/src/Boot/EFI/DcsInt32.efi
+++ b/src/Boot/EFI/DcsInt32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsRe.efi b/src/Boot/EFI/DcsRe.efi
index 8e9ae8c..070cc97 100644
--- a/src/Boot/EFI/DcsRe.efi
+++ b/src/Boot/EFI/DcsRe.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsRe32.efi b/src/Boot/EFI/DcsRe32.efi
index 081c19d..c4f2013 100644
--- a/src/Boot/EFI/DcsRe32.efi
+++ b/src/Boot/EFI/DcsRe32.efi
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker.efi b/src/Boot/EFI/LegacySpeaker.efi
index 7c9f2d8..a1d14eb 100644
--- a/src/Boot/EFI/LegacySpeaker.efi
+++ b/src/Boot/EFI/LegacySpeaker.efi
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker32.efi b/src/Boot/EFI/LegacySpeaker32.efi
index 8c4c8ca..1ec5ba6 100644
--- a/src/Boot/EFI/LegacySpeaker32.efi
+++ b/src/Boot/EFI/LegacySpeaker32.efi
Binary files differ
diff --git a/src/Build/CMakeLists.txt b/src/Build/CMakeLists.txt
index 4724339..b0f2843 100644
--- a/src/Build/CMakeLists.txt
+++ b/src/Build/CMakeLists.txt
@@ -11,8 +11,8 @@ elseif ( NOT DEFINED NOGUI )
endif()
# - Set version of the package
-set( FULL_VERSION "1.24-Hotfix2" )
-set( VERSION "1.24.8" )
+set( FULL_VERSION "1.24-Update5" )
+set( VERSION "1.24.14" )
set( RELEASE "1" )
# - Set PROJECT_NAME and CONFLICT_PACKAGE values
@@ -242,19 +242,29 @@ if ( ( PLATFORM STREQUAL "Debian" ) OR ( PLATFORM STREQUAL "Ubuntu" ) )
set( CPACK_DEBIAN_PACKAGE_RELEASE ${CPACK_PACKAGE_RELEASE} )
set( CPACK_DEBIAN_PACKAGE_ARCHITECTURE ${ARCHITECTURE} ) # mandatory
- # Link against gtk3 version of wxWidgets if >= Debian 10 or >= Ubuntu 18.04
- # Otherwise, link against gtk2 version of wxWidgets
- if ( ( ( PLATFORM STREQUAL "Debian" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "10" ) )
- OR ( ( PLATFORM STREQUAL "Ubuntu" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "18.04" ) ) )
-
- set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-gtk3-0v5, libfuse2, dmsetup, sudo" )
-
+ if (NOGUI)
+ # Link against statically built wxWidgets so that we don't depend on any GTK library
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libfuse2, dmsetup, sudo" )
else ()
-
- set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-0v5, libfuse2, dmsetup, sudo" )
-
+ # Link against gtk3 version of wxWidgets if >= Debian 10 or >= Ubuntu 18.04
+ # Otherwise, link against gtk2 version of wxWidgets
+ if ( ( ( PLATFORM STREQUAL "Debian" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "10" ) )
+ OR ( ( PLATFORM STREQUAL "Ubuntu" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "18.04" ) ) )
+
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-gtk3-0v5, libfuse2, dmsetup, sudo" )
+
+ else ()
+ # Link against statically built wxWidgets on Ubuntu 14.04 and older, and Debian 8 and older
+ if ( ( ( PLATFORM STREQUAL "Debian" ) AND ( PLATFORM_VERSION VERSION_LESS_EQUAL "8" ) )
+ OR ( ( PLATFORM STREQUAL "Ubuntu" ) AND ( PLATFORM_VERSION VERSION_LESS_EQUAL "14.04" ) ) )
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libgtk2.0-0, libfuse2, dmsetup, sudo" )
+ else ()
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-0v5, libfuse2, dmsetup, sudo" )
+ endif ()
+
+ endif()
endif()
-
+
set( CPACK_DEBIAN_PACKAGE_MAINTAINER ${CONTACT} ) # mandatory
set( CPACK_DEBIAN_PACKAGE_DESCRIPTION ${CPACK_PACKAGE_DESCRIPTION_SUMMARY} ) # mandatory
set( CPACK_DEBIAN_ARCHIVE_TYPE "gnutar") # mandatory
@@ -284,19 +294,23 @@ elseif ( ( PLATFORM STREQUAL "CentOS" ) OR ( PLATFORM STREQUAL "openSUSE" ) )
set( CPACK_RPM_PACKAGE_VENDOR ${CPACK_PACKAGE_VENDOR} ) # mandatory
set( CPACK_RPM_PACKAGE_AUTOREQ "no" ) # disable automatic shared libraries dependency detection (most of the time buggy)
- if ( PLATFORM STREQUAL "CentOS" )
+ if (NOGUI)
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, sudo" )
+ else ()
+ if ( PLATFORM STREQUAL "CentOS" )
+
+ if ( DEFINED WITHGTK3 AND WITHGTK3 )
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk3, sudo" )
+ else ()
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk2, sudo" )
+ endif()
+
+ elseif ( PLATFORM STREQUAL "openSUSE" )
- if ( DEFINED WITHGTK3 AND WITHGTK3 )
- set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk3, sudo" )
- else ()
set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk2, sudo" )
endif()
-
- elseif ( PLATFORM STREQUAL "openSUSE" )
-
- set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk2, sudo" )
endif()
-
+
set( CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${RPM_PRERM}) # optional
# Prevents CPack from generating file conflicts
diff --git a/src/Build/Resources/MacOSX/Info.plist.legacy.xml b/src/Build/Resources/MacOSX/Info.plist.legacy.xml
index 7ecb3c2..4fd3345 100644
--- a/src/Build/Resources/MacOSX/Info.plist.legacy.xml
+++ b/src/Build/Resources/MacOSX/Info.plist.legacy.xml
@@ -74,7 +74,7 @@
<string>TRUE</string>
<key>CFBundleVersion</key>
- <string>1.24.8</string>
+ <string>1.24.14</string>
<key>CFBundleShortVersionString</key>
<string>_VERSION_</string>
diff --git a/src/Build/Resources/MacOSX/Info.plist.xml b/src/Build/Resources/MacOSX/Info.plist.xml
index 4df84a0..9a7c2a8 100644
--- a/src/Build/Resources/MacOSX/Info.plist.xml
+++ b/src/Build/Resources/MacOSX/Info.plist.xml
@@ -74,7 +74,7 @@
<string>TRUE</string>
<key>CFBundleVersion</key>
- <string>1.24.8</string>
+ <string>1.24.14</string>
<key>CFBundleShortVersionString</key>
<string>_VERSION_</string>
diff --git a/src/Build/build_cmake_deb.sh b/src/Build/build_cmake_deb.sh
index 3be23dd..a9fdc3b 100755
--- a/src/Build/build_cmake_deb.sh
+++ b/src/Build/build_cmake_deb.sh
@@ -12,22 +12,48 @@ export SOURCEPATH=$(readlink -f "$SCRIPTPATH/..")
# Directory where the VeraCrypt has been checked out
export PARENTDIR=$(readlink -f "$SCRIPTPATH/../../..")
+# The sources of wxWidgets 3.0.4 must be extracted to the parent directory
+export WX_ROOT=$PARENTDIR/wxWidgets-3.0.4
+echo "Using wxWidgets sources in $WX_ROOT"
+
cd $SOURCEPATH
+if [ "$#" = "1" ] && [ "$1" = "WXSTATIC" ]
+then
+echo "Building GUI version of VeraCrypt for DEB using wxWidgets static libraries"
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildGUI
+
+# To build wxWidgets without GUI
+make WXSTATIC=1 wxbuild || exit 1
+make WXSTATIC=1 clean || exit 1
+make WXSTATIC=1 || exit 1
+make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+else
+
echo "Building GUI version of VeraCrypt for DEB using system wxWidgets"
make clean || exit 1
make || exit 1
make install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
-echo "Building console version of VeraCrypt for DEB using system wxWidgets"
+fi
+
+echo "Building console version of VeraCrypt for DEB using wxWidgets static libraries"
# This is to avoid " Error: Unable to initialize GTK+, is DISPLAY set properly?"
# when building over SSH without X11 Forwarding
# export DISPLAY=:0.0
-make NOGUI=1 clean || exit 1
-make NOGUI=1 || exit 1
-make NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildConsole
+
+# To build wxWidgets without GUI
+make WXSTATIC=1 NOGUI=1 wxbuild || exit 1
+make WXSTATIC=1 NOGUI=1 clean || exit 1
+make WXSTATIC=1 NOGUI=1 || exit 1
+make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
echo "Creating VeraCrypt DEB packages"
diff --git a/src/Build/build_cmake_opensuse.sh b/src/Build/build_cmake_opensuse.sh
index 340440a..e7898f0 100644
--- a/src/Build/build_cmake_opensuse.sh
+++ b/src/Build/build_cmake_opensuse.sh
@@ -65,7 +65,7 @@ mkdir -p $PARENTDIR/VeraCrypt_Packaging/GUI
mkdir -p $PARENTDIR/VeraCrypt_Packaging/Console
# wxWidgets was built using GTK-2
-cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DWITHGTK3=TRUE -DNOGUI=FALSE || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DWITHGTK3=FALSE -DNOGUI=FALSE || exit 1
cpack --config $PARENTDIR/VeraCrypt_Packaging/GUI/CPackConfig.cmake || exit 1
-cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DWITHGTK3=TRUE -DNOGUI=TRUE || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DWITHGTK3=FALSE -DNOGUI=TRUE || exit 1
cpack --config $PARENTDIR/VeraCrypt_Packaging/Console/CPackConfig.cmake|| exit 1
diff --git a/src/Build/build_veracrypt_macosx.sh b/src/Build/build_veracrypt_macosx.sh
index 70a94c4..6b3707e 100755
--- a/src/Build/build_veracrypt_macosx.sh
+++ b/src/Build/build_veracrypt_macosx.sh
@@ -22,7 +22,7 @@ export WX_BUILD_DIR=$PARENTDIR/wxBuild-3.1.2
# define the SDK version to use and OSX minimum target. We target 10.9 by default
export VC_OSX_TARGET=10.9
export VC_OSX_SDK=10.14
-echo "Using MacOSX SDK $VC_OSX_SDK"
+echo "Using MacOSX SDK $VC_OSX_SDK with target set to $VC_OSX_TARGET"
cd $SOURCEPATH
diff --git a/src/Common/Cmdline.c b/src/Common/Cmdline.c
index d205673..f0dcf7c 100644
--- a/src/Common/Cmdline.c
+++ b/src/Common/Cmdline.c
@@ -70,9 +70,9 @@ BOOL CALLBACK CommandHelpDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
StringCchCatW(tmp, 8192, tmp2);
}
}
-
+#if defined(TCMOUNT) && !defined(VCEXPANDER)
StringCchCatW (tmp, 8192, L"\nExamples:\n\nMount a volume as X:\tveracrypt.exe /q /v volume.hc /l X\nDismount a volume X:\tveracrypt.exe /q /d X");
-
+#endif
SetWindowTextW (GetDlgItem (hwndDlg, IDC_COMMANDHELP_TEXT), tmp);
TCfree(tmp);
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index 89ce250..913495f 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -252,7 +252,7 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
else if (cipher == TWOFISH) {
twofish_encrypt_blocks(ks, data, data, (uint32) blockCount);
}
@@ -369,7 +369,7 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
else if (cipher == TWOFISH) {
twofish_decrypt_blocks(ks, data, data, (uint32) blockCount);
}
@@ -464,7 +464,7 @@ BOOL CipherSupportsIntraDataUnitParallelization (int cipher)
|| (cipher == SERPENT && HasSSE2())
|| (cipher == KUZNYECHIK && HasSSE2())
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
|| (cipher == TWOFISH)
|| (cipher == CAMELLIA)
#endif
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 5a83786..5a2ed52 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -190,6 +190,7 @@ BOOL MultipleMountOperationInProgress = FALSE;
volatile BOOL NeedPeriodicDeviceListUpdate = FALSE;
BOOL DisablePeriodicDeviceListUpdate = FALSE;
+BOOL EnableMemoryProtection = FALSE;
BOOL WaitDialogDisplaying = FALSE;
@@ -2919,9 +2920,6 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
char langId[6];
InitCommonControlsPtr InitCommonControlsFn = NULL;
wchar_t modPath[MAX_PATH];
-
- /* Protect this process memory from being accessed by non-admin users */
- EnableProcessProtection ();
GetModuleFileNameW (NULL, modPath, ARRAYSIZE (modPath));
@@ -5531,11 +5529,11 @@ static void DisplayBenchmarkResults (HWND hwndDlg)
SendMessageW (hList, LVM_SETITEMW, 0, (LPARAM)&LvItem);
break;
case BENCHMARK_TYPE_PRF:
- swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d ms", benchmarkTable[i].meanBytesPerSec);
+ swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d ms", (int) benchmarkTable[i].meanBytesPerSec);
LvItem.iSubItem = 1;
LvItem.pszText = item1;
SendMessageW (hList, LVM_SETITEMW, 0, (LPARAM)&LvItem);
- swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d", benchmarkTable[i].decSpeed);
+ swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d", (int) benchmarkTable[i].decSpeed);
LvItem.iSubItem = 2;
LvItem.pszText = item1;
SendMessageW (hList, LVM_SETITEMW, 0, (LPARAM)&LvItem);
@@ -7392,6 +7390,15 @@ BOOL CheckFileExtension (wchar_t *fileName)
return FALSE;
}
+BOOL IsTrueCryptFileExtension (wchar_t *fileName)
+{
+ wchar_t *ext = wcsrchr (fileName, L'.');
+ if (ext && !_wcsicmp (ext, L".tc"))
+ return TRUE;
+ else
+ return FALSE;
+}
+
void CorrectFileName (wchar_t* fileName)
{
/* replace '/' by '\' */
@@ -7523,7 +7530,10 @@ int GetLastAvailableDrive ()
BOOL IsDriveAvailable (int driveNo)
{
- return (GetUsedLogicalDrives() & (1 << driveNo)) == 0;
+ if (driveNo >= 0 && driveNo < 26)
+ return (GetUsedLogicalDrives() & (1 << driveNo)) == 0;
+ else
+ return FALSE;
}
@@ -13050,7 +13060,7 @@ BOOL IsApplicationInstalled (const wchar_t *appName, BOOL b32bitApp)
}
wchar_t regName[1024];
- DWORD regNameSize = sizeof (regName);
+ DWORD regNameSize = ARRAYSIZE (regName);
DWORD index = 0;
while (RegEnumKeyEx (unistallKey, index++, regName, &regNameSize, NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
{
@@ -14236,11 +14246,33 @@ cleanup:
return retval;
}
+// This function checks if the process is running with elevated privileges or not
+BOOL IsElevated()
+{
+ DWORD dwSize = 0;
+ HANDLE hToken = NULL;
+ TOKEN_ELEVATION tokenInformation;
+ BOOL bReturn = FALSE;
+
+ if(OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
+ {
+ if(GetTokenInformation(hToken, TokenElevation, &tokenInformation, sizeof(TOKEN_ELEVATION), &dwSize))
+ {
+ if (tokenInformation.TokenIsElevated)
+ bReturn = TRUE;
+ }
+
+ CloseHandle(hToken);
+ }
+ return bReturn;
+}
+
// This function always loads a URL in a non-privileged mode
// If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated
+// Use this security mechanism only starting from Windows Vista
void SafeOpenURL (LPCWSTR szUrl)
{
- if (IsAdmin ())
+ if (IsOSAtLeast (WIN_VISTA) && IsAdmin () && IsElevated())
{
WCHAR szRunDllPath[TC_MAX_PATH];
WCHAR szUrlDllPath[TC_MAX_PATH];
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 5da717f..b2324b1 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -167,6 +167,7 @@ extern BOOL MultipleMountOperationInProgress;
extern volatile BOOL NeedPeriodicDeviceListUpdate;
extern BOOL DisablePeriodicDeviceListUpdate;
+extern BOOL EnableMemoryProtection;
#ifndef SETUP
extern BOOL bLanguageSetInSetup;
@@ -351,6 +352,7 @@ BOOL CloseVolumeExplorerWindows (HWND hwnd, int driveNo);
BOOL UpdateDriveCustomLabel (int driveNo, wchar_t* effectiveLabel, BOOL bSetValue);
BOOL CheckCapsLock (HWND hwnd, BOOL quiet);
BOOL CheckFileExtension (wchar_t *fileName);
+BOOL IsTrueCryptFileExtension (wchar_t *fileName);
void CorrectFileName (wchar_t* fileName);
void CorrectURL (wchar_t* fileName);
void IncreaseWrongPwdRetryCount (int count);
diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c
index 461f284..0dbaec5 100644
--- a/src/Common/EncryptionThreadPool.c
+++ b/src/Common/EncryptionThreadPool.c
@@ -16,7 +16,8 @@
#include "Driver/Ntdriver.h"
#endif
-#define TC_ENC_THREAD_POOL_MAX_THREAD_COUNT 64
+//Increasing the maximum number of threads
+#define TC_ENC_THREAD_POOL_MAX_THREAD_COUNT 256 //64
#define TC_ENC_THREAD_POOL_QUEUE_SIZE (TC_ENC_THREAD_POOL_MAX_THREAD_COUNT * 2)
#ifdef DEVICE_DRIVER
@@ -43,6 +44,18 @@
#define TC_ACQUIRE_MUTEX(MUTEX) WaitForSingleObject (*(MUTEX), INFINITE)
#define TC_RELEASE_MUTEX(MUTEX) ReleaseMutex (*(MUTEX))
+typedef BOOL (WINAPI *SetThreadGroupAffinityFn)(
+ HANDLE hThread,
+ const GROUP_AFFINITY *GroupAffinity,
+ PGROUP_AFFINITY PreviousGroupAffinity
+);
+
+typedef WORD (WINAPI* GetActiveProcessorGroupCountFn)();
+
+typedef DWORD (WINAPI *GetActiveProcessorCountFn)(
+ WORD GroupNumber
+);
+
#endif // !DEVICE_DRIVER
@@ -99,6 +112,7 @@ static volatile BOOL StopPending = FALSE;
static uint32 ThreadCount;
static TC_THREAD_HANDLE ThreadHandles[TC_ENC_THREAD_POOL_MAX_THREAD_COUNT];
+static WORD ThreadProcessorGroups[TC_ENC_THREAD_POOL_MAX_THREAD_COUNT];
static EncryptionThreadPoolWorkItem WorkItemQueue[TC_ENC_THREAD_POOL_QUEUE_SIZE];
@@ -164,6 +178,20 @@ static void SetWorkItemState (EncryptionThreadPoolWorkItem *workItem, WorkItemSt
static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
{
EncryptionThreadPoolWorkItem *workItem;
+#ifdef DEVICE_DRIVER
+ SetThreadCpuGroupAffinity ((USHORT) *(WORD*)(threadArg));
+#else
+ SetThreadGroupAffinityFn SetThreadGroupAffinityPtr = (SetThreadGroupAffinityFn) GetProcAddress (GetModuleHandle (L"kernel32.dll"), "SetThreadGroupAffinity");
+ if (SetThreadGroupAffinityPtr && threadArg)
+ {
+ GROUP_AFFINITY groupAffinity = {0};
+ groupAffinity.Mask = ~0ULL;
+ groupAffinity.Group = *(WORD*)(threadArg);
+ SetThreadGroupAffinityPtr(GetCurrentThread(), &groupAffinity, NULL);
+ }
+
+#endif
+
while (!StopPending)
{
@@ -263,21 +291,33 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount)
{
- size_t cpuCount, i;
-
- if (ThreadPoolRunning)
- return TRUE;
-
+ size_t cpuCount = 0, i = 0;
#ifdef DEVICE_DRIVER
cpuCount = GetCpuCount();
#else
+ SYSTEM_INFO sysInfo;
+ GetActiveProcessorGroupCountFn GetActiveProcessorGroupCountPtr = (GetActiveProcessorGroupCountFn) GetProcAddress (GetModuleHandle (L"Kernel32.dll"), "GetActiveProcessorGroupCount");
+ GetActiveProcessorCountFn GetActiveProcessorCountPtr = (GetActiveProcessorCountFn) GetProcAddress (GetModuleHandle (L"Kernel32.dll"), "GetActiveProcessorCount");
+ if (GetActiveProcessorGroupCountPtr && GetActiveProcessorCountPtr)
+ {
+ WORD j, groupCount = GetActiveProcessorGroupCountPtr();
+ size_t totalProcessors = 0;
+ for (j = 0; j < groupCount; ++j)
+ {
+ totalProcessors += (size_t) GetActiveProcessorCountPtr(j);
+ }
+ cpuCount = totalProcessors;
+ }
+ else
{
- SYSTEM_INFO sysInfo;
- GetSystemInfo (&sysInfo);
+ GetSystemInfo(&sysInfo);
cpuCount = sysInfo.dwNumberOfProcessors;
}
#endif
+ if (ThreadPoolRunning)
+ return TRUE;
+
if (cpuCount > encryptionFreeCpuCount)
cpuCount -= encryptionFreeCpuCount;
@@ -338,10 +378,33 @@ BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount)
for (ThreadCount = 0; ThreadCount < cpuCount; ++ThreadCount)
{
#ifdef DEVICE_DRIVER
- if (!NT_SUCCESS (TCStartThread (EncryptionThreadProc, NULL, &ThreadHandles[ThreadCount])))
+ ThreadProcessorGroups[ThreadCount] = GetCpuGroup ((size_t) ThreadCount);
#else
- if (!(ThreadHandles[ThreadCount] = (HANDLE) _beginthreadex (NULL, 0, EncryptionThreadProc, NULL, 0, NULL)))
+ // Determine which processor group to bind the thread to.
+ if (GetActiveProcessorGroupCountPtr && GetActiveProcessorCountPtr)
+ {
+ WORD j, groupCount = GetActiveProcessorGroupCountPtr();
+ uint32 totalProcessors = 0U;
+ for (j = 0U; j < groupCount; j++)
+ {
+ totalProcessors += (uint32) GetActiveProcessorCountPtr(j);
+ if (totalProcessors >= ThreadCount)
+ {
+ ThreadProcessorGroups[ThreadCount] = j;
+ break;
+ }
+ }
+ }
+ else
+ ThreadProcessorGroups[ThreadCount] = 0;
#endif
+
+#ifdef DEVICE_DRIVER
+ if (!NT_SUCCESS(TCStartThread(EncryptionThreadProc, (void*)(&ThreadProcessorGroups[ThreadCount]), &ThreadHandles[ThreadCount])))
+#else
+ if (!(ThreadHandles[ThreadCount] = (HANDLE)_beginthreadex(NULL, 0, EncryptionThreadProc, (void*)(&ThreadProcessorGroups[ThreadCount]), 0, NULL)))
+#endif
+
{
EncryptionThreadPoolStop();
return FALSE;
diff --git a/src/Common/Fat.c b/src/Common/Fat.c
index b47e531..8d4cc7d 100644
--- a/src/Common/Fat.c
+++ b/src/Common/Fat.c
@@ -394,6 +394,8 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
if(!quickFormat)
{
+ CRYPTO_INFO tmpCI;
+
if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
goto fail;
@@ -402,23 +404,41 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
deniability of hidden volumes (and also reduces the amount of predictable plaintext
within the volume). */
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ cryptoInfo = &tmpCI;
+
// Temporary master key
if (!RandgetBytes (hwndDlg, temporaryKey, EAGetKeySize (cryptoInfo->ea), FALSE))
+ {
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
goto fail;
+ }
// Temporary secondary key (XTS mode)
if (!RandgetBytes (hwndDlg, cryptoInfo->k2, sizeof cryptoInfo->k2, FALSE))
+ {
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
goto fail;
+ }
retVal = EAInit (cryptoInfo->ea, temporaryKey, cryptoInfo->ks);
if (retVal != ERR_SUCCESS)
{
+ TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey));
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
return retVal;
}
if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
+ TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey));
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
return ERR_MODE_INIT_FAILED;
}
@@ -430,12 +450,24 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
goto fail;
}
UpdateProgressBar (nSecNo * ft->sector_size);
+
+ if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
+ {
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ goto fail;
+ }
+
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
else
+ {
UpdateProgressBar ((uint64) ft->num_sectors * ft->sector_size);
- if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
- goto fail;
+ if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
+ goto fail;
+ }
TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey));
diff --git a/src/Common/Format.c b/src/Common/Format.c
index 82c4df5..1edbdf9 100644
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -100,6 +100,10 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
LARGE_INTEGER offset;
BOOL bFailedRequiredDASD = FALSE;
HWND hwndDlg = volParams->hwndDlg;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+ PCRYPTO_INFO cryptoInfoBackup = NULL;
+#endif
FormatSectorSize = volParams->sectorSize;
@@ -369,8 +373,13 @@ begin_format:
if (!volParams->hiddenVol && !bInstantRetryOtherFilesys)
{
LARGE_INTEGER volumeSize;
+ BOOL speedupFileCreation = FALSE;
volumeSize.QuadPart = dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE;
+ // speedup for file creation only makes sens when using quick format
+ if (volParams->quickFormat && volParams->fastCreateFile)
+ speedupFileCreation = TRUE;
+
if (volParams->sparseFileSwitch && volParams->quickFormat)
{
// Create as sparse file container
@@ -384,12 +393,28 @@ begin_format:
// Preallocate the file
if (!SetFilePointerEx (dev, volumeSize, NULL, FILE_BEGIN)
- || !SetEndOfFile (dev)
- || SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ || !SetEndOfFile (dev))
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
+
+ if (speedupFileCreation)
+ {
+ // accelerate file creation by telling Windows not to fill all file content with zeros
+ // this has security issues since it will put existing disk content into file container
+ // We use this mechanism only when switch /fastCreateFile specific and when quick format
+ // also specified and which is documented to have security issues.
+ // we don't check returned status because failure is not issue for us
+ SetFileValidData (dev, volumeSize.QuadPart);
+ }
+
+ if (SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
{
nStatus = ERR_OS_ERROR;
goto error;
}
+
}
}
@@ -553,6 +578,17 @@ begin_format:
goto error;
}
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
header,
volParams->ea,
@@ -571,6 +607,15 @@ begin_format:
FormatSectorSize,
FALSE);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
+
if (!WriteEffectiveVolumeHeader (volParams->bDevice, dev, header))
{
nStatus = ERR_OS_ERROR;
@@ -582,8 +627,28 @@ begin_format:
{
BOOL bUpdateBackup = FALSE;
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
+
if (nStatus != ERR_SUCCESS)
goto error;
@@ -773,6 +838,10 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
LARGE_INTEGER startOffset;
LARGE_INTEGER newOffset;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+#endif
+
// Seek to start sector
startOffset.QuadPart = startSector * FormatSectorSize;
if (!SetFilePointerEx ((HANDLE) dev, startOffset, &newOffset, FILE_BEGIN)
@@ -790,6 +859,16 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
memset (sector, 0, sizeof (sector));
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
// Remember the original secondary key (XTS mode) before generating a temporary one
memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2));
@@ -852,6 +931,13 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
return 0;
@@ -863,6 +949,13 @@ fail:
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
SetLastError (err);
return (retVal ? retVal : ERR_OS_ERROR);
diff --git a/src/Common/Format.h b/src/Common/Format.h
index 961ece7..4ce1b8c 100644
--- a/src/Common/Format.h
+++ b/src/Common/Format.h
@@ -38,6 +38,7 @@ typedef struct
unsigned int clusterSize;
BOOL sparseFileSwitch;
BOOL quickFormat;
+ BOOL fastCreateFile;
DWORD sectorSize;
int *realClusterSize;
Password *password;
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index 79180c1..5a02bc5 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -55,7 +55,7 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
#define TC_APP_NAME "VeraCrypt"
// Version displayed to user
-#define VERSION_STRING "1.24-Hotfix2"
+#define VERSION_STRING "1.24-Update5"
#ifdef VC_EFI_CUSTOM_MODE
#define VERSION_STRING_SUFFIX "-CustomEFI"
@@ -67,9 +67,9 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
#define VERSION_NUM 0x0124
// Release date
-#define TC_STR_RELEASE_DATE L"November 4, 2019"
-#define TC_RELEASE_DATE_YEAR 2019
-#define TC_RELEASE_DATE_MONTH 11
+#define TC_STR_RELEASE_DATE L"February 11, 2020"
+#define TC_RELEASE_DATE_YEAR 2020
+#define TC_RELEASE_DATE_MONTH 2
#define BYTES_PER_KB 1024LL
#define BYTES_PER_MB 1048576LL
@@ -263,6 +263,10 @@ extern ULONG AllocTag;
typedef int BOOL;
#endif
+#ifndef WORD
+typedef USHORT WORD;
+#endif
+
#ifndef BOOLEAN
typedef unsigned char BOOLEAN;
#endif
@@ -295,6 +299,17 @@ typedef NTSTATUS (NTAPI *ExGetFirmwareEnvironmentVariableFn) (
typedef BOOLEAN (NTAPI *KeAreAllApcsDisabledFn) ();
+typedef void (NTAPI *KeSetSystemGroupAffinityThreadFn)(
+ PGROUP_AFFINITY Affinity,
+ PGROUP_AFFINITY PreviousAffinity
+);
+
+typedef USHORT (NTAPI *KeQueryActiveGroupCountFn)();
+
+typedef ULONG (NTAPI *KeQueryActiveProcessorCountExFn)(
+ USHORT GroupNumber
+);
+
extern NTSTATUS NTAPI KeSaveExtendedProcessorState (
__in ULONG64 Mask,
PXSTATE_SAVE XStateSave
diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp
index 499ea43..a648520 100644
--- a/src/Core/Unix/CoreUnix.cpp
+++ b/src/Core/Unix/CoreUnix.cpp
@@ -477,7 +477,7 @@ namespace VeraCrypt
const uint32 devSectorSize = volume->GetFile()->GetDeviceSectorSize();
const size_t volSectorSize = volume->GetSectorSize();
if (devSectorSize != volSectorSize)
- throw DeviceSectorSizeMismatch (SRC_POS, StringConverter::ToWide(devSectorSize) + L" != " + StringConverter::ToWide(volSectorSize));
+ throw DeviceSectorSizeMismatch (SRC_POS, StringConverter::ToWide(devSectorSize) + L" != " + StringConverter::ToWide((uint32) volSectorSize));
}
// Find a free mount point for FUSE service
diff --git a/src/Crypto/Aeskey.c b/src/Crypto/Aeskey.c
index c9ab026..9b7bfd1 100644
--- a/src/Crypto/Aeskey.c
+++ b/src/Crypto/Aeskey.c
@@ -27,6 +27,7 @@
#include "Aesopt.h"
#include "Aestab.h"
+#include "Common/Tcdefs.h"
#ifdef USE_VIA_ACE_IF_PRESENT
# include "aes_via_ace.h"
@@ -95,6 +96,8 @@ AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -147,6 +150,8 @@ AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -202,6 +207,8 @@ AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -352,6 +359,8 @@ AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -439,6 +448,8 @@ AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -538,6 +549,8 @@ AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
diff --git a/src/Crypto/Camellia.c b/src/Crypto/Camellia.c
index 49bc767..b3a3578 100644
--- a/src/Crypto/Camellia.c
+++ b/src/Crypto/Camellia.c
@@ -3,7 +3,7 @@
#include "Crypto/cpu.h"
#include "Crypto/misc.h"
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
/* camellia.c ver 1.2.0-x86_64_asm1.1
*
diff --git a/src/Crypto/Camellia.h b/src/Crypto/Camellia.h
index 988203d..a1cb832 100644
--- a/src/Crypto/Camellia.h
+++ b/src/Crypto/Camellia.h
@@ -17,7 +17,7 @@ void camellia_set_key(const unsigned __int8 userKey[], unsigned __int8 *ks);
void camellia_encrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
void camellia_decrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
void camellia_encrypt_blocks(unsigned __int8 *ks, const byte* in_blk, byte* out_blk, uint32 blockCount);
void camellia_decrypt_blocks(unsigned __int8 *ks, const byte* in_blk, byte* out_blk, uint32 blockCount);
#endif
diff --git a/src/Crypto/Sha2.c b/src/Crypto/Sha2.c
index f214f6d..31cba7f 100644
--- a/src/Crypto/Sha2.c
+++ b/src/Crypto/Sha2.c
@@ -10,7 +10,7 @@ and released into public domain.
#include "Crypto/cpu.h"
#include "Crypto/misc.h"
-#ifdef _UEFI
+#if defined(_UEFI) || defined(CRYPTOPP_DISABLE_ASM)
#define NO_OPTIMIZED_VERSIONS
#endif
@@ -774,7 +774,7 @@ void sha256_begin(sha256_ctx* ctx)
if (!sha256transfunc)
{
#ifndef NO_OPTIMIZED_VERSIONS
-#ifdef _M_X64
+#if CRYPTOPP_BOOL_X64
if (g_isIntel && HasSAVX2() && HasSBMI2())
sha256transfunc = Avx2Sha256Transform;
else if (g_isIntel && HasSAVX())
diff --git a/src/Crypto/Sha2.h b/src/Crypto/Sha2.h
index 37625ce..7e90abf 100644
--- a/src/Crypto/Sha2.h
+++ b/src/Crypto/Sha2.h
@@ -22,7 +22,7 @@ extern "C" {
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(32)
#else
#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(16)
diff --git a/src/Crypto/Twofish.c b/src/Crypto/Twofish.c
index 8ab5908..f0906f1 100644
--- a/src/Crypto/Twofish.c
+++ b/src/Crypto/Twofish.c
@@ -54,7 +54,7 @@
#define UNROLL_TWOFISH
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
/* these are 64-bit assembly implementation taken from https://github.com/jkivilin/supercop-blockciphers
Copyright 2011-2013 Jussi Kivilinna <jussi.kivilinna@iki.fi>
@@ -630,7 +630,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])
uint32 b = rotl32(MDSQ[0][Q[0][Q[0][Q[1][Q[1][i + 1] ^ key[28]] ^ key[20]] ^ key[12]] ^ key[4]] ^ MDSQ[1][Q[0][Q[1][Q[1][Q[0][i + 1] ^ key[29]] ^ key[21]] ^ key[13]] ^ key[5]]
^ MDSQ[2][Q[1][Q[0][Q[0][Q[0][i + 1] ^ key[30]] ^ key[22]] ^ key[14]] ^ key[6]] ^ MDSQ[3][Q[1][Q[1][Q[0][Q[1][i + 1] ^ key[31]] ^ key[23]] ^ key[15]] ^ key[7]], 8);
a += b;
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
if (i < 8)
{
instance->w[i] = a;
@@ -998,7 +998,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])
#ifndef TC_MINIMIZE_CODE_SIZE
-#if (CRYPTOPP_BOOL_X64 == 0)
+#if (CRYPTOPP_BOOL_X64 == 0) || defined(CRYPTOPP_DISABLE_ASM)
void twofish_encrypt(TwofishInstance *ks, const u4byte in_blk[4], u4byte out_blk[4])
{
uint32* rk = ks->l_key;
@@ -1071,7 +1071,7 @@ void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte o
#ifndef TC_MINIMIZE_CODE_SIZE
-#if (CRYPTOPP_BOOL_X64 == 0)
+#if (CRYPTOPP_BOOL_X64 == 0) || defined(CRYPTOPP_DISABLE_ASM)
void twofish_decrypt(TwofishInstance *ks, const u4byte in_blk[4], u4byte out_blk[4])
{
uint32* rk = ks->l_key;
diff --git a/src/Crypto/Twofish.h b/src/Crypto/Twofish.h
index cec99c7..e74826e 100644
--- a/src/Crypto/Twofish.h
+++ b/src/Crypto/Twofish.h
@@ -35,7 +35,7 @@ extern "C"
#endif
typedef struct
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
u4byte mk_tab[4][256], w[8], k[32];
#else
u4byte l_key[40];
@@ -54,7 +54,7 @@ typedef struct
/* in_key must be 32-bytes long */
void twofish_set_key(TwofishInstance *instance, const u4byte in_key[]);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
void twofish_encrypt_blocks(TwofishInstance *instance, const byte* in_blk, byte* out_blk, uint32 blockCount);
void twofish_decrypt_blocks(TwofishInstance *instance, const byte* in_blk, byte* out_blk, uint32 blockCount);
#define twofish_encrypt(instance,in_blk,out_blk) twofish_encrypt_blocks(instance, (const byte*) in_blk, (byte*) out_blk, 1)
diff --git a/src/Driver/Driver.rc b/src/Driver/Driver.rc
index f992ece..b1573e7 100644
--- a/src/Driver/Driver.rc
+++ b/src/Driver/Driver.rc
@@ -27,8 +27,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,1
- PRODUCTVERSION 1,24,8,1
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 1327c12..2ae17f5 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -143,6 +143,9 @@ static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL;
static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL;
static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL;
static KeAreAllApcsDisabledFn KeAreAllApcsDisabledPtr = NULL;
+static KeSetSystemGroupAffinityThreadFn KeSetSystemGroupAffinityThreadPtr = NULL;
+static KeQueryActiveGroupCountFn KeQueryActiveGroupCountPtr = NULL;
+static KeQueryActiveProcessorCountExFn KeQueryActiveProcessorCountExPtr = NULL;
POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool;
ULONG ExDefaultMdlProtection = 0;
@@ -283,13 +286,20 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
}
// KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState are available starting from Windows 7
+ // KeQueryActiveGroupCount/KeQueryActiveProcessorCountEx/KeSetSystemGroupAffinityThread are available starting from Windows 7
if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))
{
- UNICODE_STRING saveFuncName, restoreFuncName;
+ UNICODE_STRING saveFuncName, restoreFuncName, groupCountFuncName, procCountFuncName, setAffinityFuncName;
RtlInitUnicodeString(&saveFuncName, L"KeSaveExtendedProcessorState");
RtlInitUnicodeString(&restoreFuncName, L"KeRestoreExtendedProcessorState");
+ RtlInitUnicodeString(&groupCountFuncName, L"KeQueryActiveGroupCount");
+ RtlInitUnicodeString(&procCountFuncName, L"KeQueryActiveProcessorCountEx");
+ RtlInitUnicodeString(&setAffinityFuncName, L"KeSetSystemGroupAffinityThread");
KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName);
KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName);
+ KeSetSystemGroupAffinityThreadPtr = (KeSetSystemGroupAffinityThreadFn) MmGetSystemRoutineAddress(&setAffinityFuncName);
+ KeQueryActiveGroupCountPtr = (KeQueryActiveGroupCountFn) MmGetSystemRoutineAddress(&groupCountFuncName);
+ KeQueryActiveProcessorCountExPtr = (KeQueryActiveProcessorCountExFn) MmGetSystemRoutineAddress(&procCountFuncName);
}
// ExGetFirmwareEnvironmentVariable is available starting from Windows 8
@@ -1384,7 +1394,8 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
else
{
IO_STATUS_BLOCK ioStatus;
- PVOID buffer = TCalloc (max (pVerifyInformation->Length, PAGE_SIZE));
+ DWORD dwBuffersize = min (pVerifyInformation->Length, 16 * PAGE_SIZE);
+ PVOID buffer = TCalloc (dwBuffersize);
if (!buffer)
{
@@ -1392,14 +1403,29 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
}
else
{
- LARGE_INTEGER offset = pVerifyInformation->StartingOffset;
+ LARGE_INTEGER offset;
+ DWORD dwRemainingBytes = pVerifyInformation->Length, dwReadCount;
offset.QuadPart = ullNewOffset;
- Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, pVerifyInformation->Length, &offset, NULL);
- TCfree (buffer);
+ while (dwRemainingBytes)
+ {
+ dwReadCount = min (dwBuffersize, dwRemainingBytes);
+ Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, dwReadCount, &offset, NULL);
- if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != pVerifyInformation->Length)
- Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != dwReadCount)
+ {
+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ break;
+ }
+ else if (!NT_SUCCESS (Irp->IoStatus.Status))
+ break;
+
+ dwRemainingBytes -= dwReadCount;
+ offset.QuadPart += (ULONGLONG) dwReadCount;
+ }
+
+ burn (buffer, dwBuffersize);
+ TCfree (buffer);
}
}
@@ -4472,16 +4498,27 @@ NTSTATUS TCCompleteDiskIrp (PIRP irp, NTSTATUS status, ULONG_PTR information)
size_t GetCpuCount ()
{
- KAFFINITY activeCpuMap = KeQueryActiveProcessors();
- size_t mapSize = sizeof (activeCpuMap) * 8;
size_t cpuCount = 0;
-
- while (mapSize--)
+ if (KeQueryActiveGroupCountPtr && KeQueryActiveProcessorCountExPtr)
+ {
+ USHORT i, groupCount = KeQueryActiveGroupCountPtr ();
+ for (i = 0; i < groupCount; i++)
+ {
+ cpuCount += (size_t) KeQueryActiveProcessorCountExPtr (i);
+ }
+ }
+ else
{
- if (activeCpuMap & 1)
- ++cpuCount;
+ KAFFINITY activeCpuMap = KeQueryActiveProcessors();
+ size_t mapSize = sizeof (activeCpuMap) * 8;
+
+ while (mapSize--)
+ {
+ if (activeCpuMap & 1)
+ ++cpuCount;
- activeCpuMap >>= 1;
+ activeCpuMap >>= 1;
+ }
}
if (cpuCount == 0)
@@ -4490,6 +4527,35 @@ size_t GetCpuCount ()
return cpuCount;
}
+USHORT GetCpuGroup (size_t index)
+{
+ if (KeQueryActiveGroupCountPtr && KeQueryActiveProcessorCountExPtr)
+ {
+ USHORT i, groupCount = KeQueryActiveGroupCountPtr ();
+ size_t cpuCount = 0;
+ for (i = 0; i < groupCount; i++)
+ {
+ cpuCount += (size_t) KeQueryActiveProcessorCountExPtr (i);
+ if (cpuCount >= index)
+ {
+ return i;
+ }
+ }
+ }
+
+ return 0;
+}
+
+void SetThreadCpuGroupAffinity (USHORT index)
+{
+ if (KeSetSystemGroupAffinityThreadPtr)
+ {
+ GROUP_AFFINITY groupAffinity = {0};
+ groupAffinity.Mask = ~0ULL;
+ groupAffinity.Group = index;
+ KeSetSystemGroupAffinityThreadPtr (&groupAffinity, NULL);
+ }
+}
void EnsureNullTerminatedString (wchar_t *str, size_t maxSizeInBytes)
{
diff --git a/src/Driver/Ntdriver.h b/src/Driver/Ntdriver.h
index 2e4d655..25ee64e 100644
--- a/src/Driver/Ntdriver.h
+++ b/src/Driver/Ntdriver.h
@@ -174,6 +174,8 @@ NTSTATUS TCCompleteDiskIrp (PIRP irp, NTSTATUS status, ULONG_PTR information);
NTSTATUS ProbeRealDriveSize (PDEVICE_OBJECT driveDeviceObject, LARGE_INTEGER *driveSize);
BOOL UserCanAccessDriveDevice ();
size_t GetCpuCount ();
+USHORT GetCpuGroup (size_t index);
+void SetThreadCpuGroupAffinity (USHORT index);
void EnsureNullTerminatedString (wchar_t *str, size_t maxSizeInBytes);
void *AllocateMemoryWithTimeout (size_t size, int retryDelay, int timeout);
BOOL IsDriveLetterAvailable (int nDosDriveNo, DeviceNamespaceType namespaceType);
diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c
index 8db2b57..e340a8b 100644
--- a/src/ExpandVolume/ExpandVolume.c
+++ b/src/ExpandVolume/ExpandVolume.c
@@ -512,6 +512,11 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
BOOL backupHeader;
byte *wipeBuffer = NULL;
uint32 workChunkSize = TC_VOLUME_HEADER_GROUP_SIZE;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+ PCRYPTO_INFO cryptoInfoBackup = NULL;
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
if (pVolumePassword->Length == 0) return -1;
@@ -680,7 +685,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
}
#ifdef _WIN64
- if (IsRamEncryptionEnabled())
+ if (bIsRamEncryptionEnabled)
{
VcProtectKeys (cryptoInfo, VcGetEncryptionID (cryptoInfo));
}
@@ -851,6 +856,17 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
else
DebugAddProgressDlgStatus(hwndDlg, L"Writing re-encrypted primary header ...\r\n");
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof (CRYPTO_INFO));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
// Prepare new volume header
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
buffer,
@@ -870,6 +886,15 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
cryptoInfo->SectorSize,
FALSE ); // use slow poll
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (CRYPTO_INFO));
+ }
+#endif
+
if (ci != NULL)
crypto_close (ci);
@@ -901,7 +926,26 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
PCRYPTO_INFO dummyInfo = NULL;
LARGE_INTEGER hiddenOffset;
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof (CRYPTO_INFO));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, newDataAreaSize, !backupHeader, backupHeader);
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (CRYPTO_INFO));
+ }
+#endif
if (nStatus != ERR_SUCCESS)
goto error;
diff --git a/src/ExpandVolume/ExpandVolume.rc b/src/ExpandVolume/ExpandVolume.rc
index 860130e..4726012 100644
--- a/src/ExpandVolume/ExpandVolume.rc
+++ b/src/ExpandVolume/ExpandVolume.rc
@@ -193,8 +193,8 @@ IDR_MOUNT_RSRC_HEADER HEADER "resource.h"
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -211,11 +211,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Expander"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update5"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCryptExpander.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update5"
END
END
BLOCK "VarFileInfo"
diff --git a/src/ExpandVolume/InitDataArea.c b/src/ExpandVolume/InitDataArea.c
index afca230..618358d 100644
--- a/src/ExpandVolume/InitDataArea.c
+++ b/src/ExpandVolume/InitDataArea.c
@@ -56,6 +56,9 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
LARGE_INTEGER startOffset;
LARGE_INTEGER newOffset;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+#endif
// Seek to start sector
startOffset.QuadPart = startSector * FormatSectorSize;
@@ -74,6 +77,16 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
memset (sector, 0, sizeof (sector));
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
// Remember the original secondary key (XTS mode) before generating a temporary one
memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2));
@@ -136,6 +149,13 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
return 0;
@@ -147,6 +167,13 @@ fail:
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
SetLastError (err);
return (retVal ? retVal : ERR_OS_ERROR);
diff --git a/src/ExpandVolume/WinMain.cpp b/src/ExpandVolume/WinMain.cpp
index ffeabe0..10c1af4 100644
--- a/src/ExpandVolume/WinMain.cpp
+++ b/src/ExpandVolume/WinMain.cpp
@@ -866,6 +866,67 @@ static BOOL SelectPartition (HWND hwndDlg)
return FALSE;
}
+void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
+{
+ wchar_t **lpszCommandLineArgs = NULL; /* Array of command line arguments */
+ int nNoCommandLineArgs; /* The number of arguments in the array */
+
+ /* Extract command line arguments */
+ nNoCommandLineArgs = Win32CommandLine (&lpszCommandLineArgs);
+ if (nNoCommandLineArgs > 0)
+ {
+ int i;
+
+ for (i = 0; i < nNoCommandLineArgs; i++)
+ {
+ enum
+ {
+ OptionEnableMemoryProtection,
+ };
+
+ argument args[]=
+ {
+ { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE },
+ };
+
+ argumentspec as;
+
+ int x;
+
+ if (lpszCommandLineArgs[i] == NULL)
+ continue;
+
+ as.args = args;
+ as.arg_cnt = sizeof(args)/ sizeof(args[0]);
+
+ x = GetArgumentID (&as, lpszCommandLineArgs[i]);
+
+ switch (x)
+ {
+
+ case OptionEnableMemoryProtection:
+ EnableMemoryProtection = TRUE;
+ break;
+
+ default:
+ DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_COMMANDHELP_DLG), hwndDlg, (DLGPROC)
+ CommandHelpDlgProc, (LPARAM) &as);
+
+ exit(0);
+ }
+ }
+ }
+
+ /* Free up the command line arguments */
+ while (--nNoCommandLineArgs >= 0)
+ {
+ free (lpszCommandLineArgs[nNoCommandLineArgs]);
+ }
+
+ if (lpszCommandLineArgs)
+ free (lpszCommandLineArgs);
+}
+
/* Except in response to the WM_INITDIALOG and WM_ENDSESSION messages, the dialog box procedure
should return nonzero if it processes a message, and zero if it does not. */
@@ -890,6 +951,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
bUseSecureDesktop = FALSE;
bUseLegacyMaxPasswordLength = FALSE;
+ VeraCryptExpander::ExtractCommandLine (hwndDlg, (wchar_t *) lParam);
+
if (UsePreferences)
{
// General preferences
@@ -900,6 +963,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
RestoreDefaultKeyFilesParam ();
}
+ if (EnableMemoryProtection)
+ {
+ /* Protect this process memory from being accessed by non-admin users */
+ EnableProcessProtection ();
+ }
+
InitMainDialog (hwndDlg);
// Quit
diff --git a/src/Format/Format.rc b/src/Format/Format.rc
index 01ee4a5..8df40e1 100644
--- a/src/Format/Format.rc
+++ b/src/Format/Format.rc
@@ -28,8 +28,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -46,11 +46,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Format"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update5"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Format.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update5"
END
END
BLOCK "VarFileInfo"
@@ -90,7 +90,7 @@ BEGIN
DEFPUSHBUTTON "",IDC_NEXT,310,234,60,14
PUSHBUTTON "Cancel",IDCANCEL,382,234,60,14
LTEXT "",IDC_BOX_TITLE,160,8,283,17
- GROUPBOX "",IDC_STATIC,51,0,392,230
+ GROUPBOX "",IDC_STATIC,4,0,439,230
CONTROL 116,IDC_BITMAP_WIZARD,"Static",SS_BITMAP | SS_SUNKEN,10,9,137,193
LTEXT "",IDC_POS_BOX,160,24,281,193
END
@@ -129,7 +129,7 @@ IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_SIZEBOX,25,22,71,14,ES_AUTOHSCROLL | ES_NUMBER
+ EDITTEXT IDC_SIZEBOX,0,22,96,14,ES_AUTOHSCROLL | ES_NUMBER
CONTROL "&KB",IDC_KB,"Button",BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,105,25,27,10
CONTROL "&MB",IDC_MB,"Button",BS_AUTORADIOBUTTON,140,25,27,10
CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,175,25,27,10
diff --git a/src/Format/InPlace.c b/src/Format/InPlace.c
index 7117a8a..4a16fd4 100644
--- a/src/Format/InPlace.c
+++ b/src/Format/InPlace.c
@@ -774,6 +774,9 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
int pim = volParams->pim;
DISK_GEOMETRY driveGeometry;
HWND hwndDlg = volParams->hwndDlg;
+#ifdef _WIN64
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
bInPlaceEncNonSysResumed = TRUE;
@@ -870,7 +873,7 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
goto closing_seq;
#ifdef _WIN64
- if (IsRamEncryptionEnabled ())
+ if (bIsRamEncryptionEnabled)
{
VcProtectKeys (masterCryptoInfo, VcGetEncryptionID (masterCryptoInfo));
VcProtectKeys (headerCryptoInfo, VcGetEncryptionID (headerCryptoInfo));
@@ -1097,6 +1100,19 @@ inplace_enc_read:
{
PCRYPTO_INFO dummyInfo = NULL;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+ PCRYPTO_INFO cryptoInfoBackup = NULL;
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof(tmpCI));
+ memcpy (&tmpCI, masterCryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (masterCryptoInfo));
+ cryptoInfoBackup = masterCryptoInfo;
+ masterCryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
header,
headerCryptoInfo->ea,
@@ -1115,6 +1131,15 @@ inplace_enc_read:
masterCryptoInfo->SectorSize,
wipeAlgorithm == TC_WIPE_NONE ? FALSE : (wipePass < PRAND_HEADER_WIPE_PASSES - 1));
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ masterCryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof(tmpCI));
+ }
+#endif
+
if (nStatus != ERR_SUCCESS)
goto closing_seq;
@@ -1128,9 +1153,28 @@ inplace_enc_read:
goto closing_seq;
}
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof(tmpCI));
+ memcpy (&tmpCI, headerCryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (headerCryptoInfo));
+ cryptoInfoBackup = headerCryptoInfo;
+ headerCryptoInfo = &tmpCI;
+ }
+#endif
// Fill the reserved sectors of the header area with random data
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, headerCryptoInfo, masterCryptoInfo->VolumeSize.Value, TRUE, FALSE);
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ headerCryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof(tmpCI));
+ }
+#endif
+
if (nStatus != ERR_SUCCESS)
goto closing_seq;
@@ -1290,6 +1334,9 @@ int DecryptPartitionInPlace (volatile FORMAT_VOL_PARAMETERS *volParams, volatile
int pkcs5_prf = volParams->pkcs5;
int pim = volParams->pim;
DISK_GEOMETRY driveGeometry;
+#ifdef _WIN64
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
buf = (char *) TCalloc (TC_MAX_NONSYS_INPLACE_ENC_WORK_CHUNK_SIZE);
@@ -1397,7 +1444,7 @@ int DecryptPartitionInPlace (volatile FORMAT_VOL_PARAMETERS *volParams, volatile
goto closing_seq;
#ifdef _WIN64
- if (IsRamEncryptionEnabled ())
+ if (bIsRamEncryptionEnabled)
{
VcProtectKeys (masterCryptoInfo, VcGetEncryptionID (masterCryptoInfo));
VcProtectKeys (headerCryptoInfo, VcGetEncryptionID (headerCryptoInfo));
@@ -1799,6 +1846,9 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN
uint32 headerCrc32;
byte *fieldPos;
PCRYPTO_INFO pCryptoInfo = headerCryptoInfo;
+#ifdef _WIN64
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
header = (byte *) TCalloc (TC_VOLUME_HEADER_EFFECTIVE_SIZE);
@@ -1820,7 +1870,7 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN
}
#ifdef _WIN64
- if (IsRamEncryptionEnabled())
+ if (bIsRamEncryptionEnabled)
{
pCryptoInfo = crypto_open();
if (!pCryptoInfo)
@@ -1874,7 +1924,7 @@ closing_seq:
dwError = GetLastError();
#ifdef _WIN64
- if (IsRamEncryptionEnabled() && pCryptoInfo)
+ if (bIsRamEncryptionEnabled && pCryptoInfo)
{
crypto_close(pCryptoInfo);
}
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index 013e27c..3d394c1 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -250,6 +250,7 @@ int CmdVolumeFilesystem = FILESYS_NONE;
unsigned __int64 CmdVolumeFileSize = 0;
BOOL CmdSparseFileSwitch = FALSE;
BOOL CmdQuickFormat = FALSE;
+BOOL CmdFastCreateFile = FALSE;
BOOL bForceOperation = FALSE;
@@ -282,6 +283,7 @@ BOOL bDisplayPoolContents = TRUE;
volatile BOOL bSparseFileSwitch = FALSE;
volatile BOOL quickFormat = FALSE;
+volatile BOOL fastCreateFile = FALSE;
volatile BOOL dynamicFormat = FALSE; /* this variable represents the sparse file flag. */
volatile int fileSystem = FILESYS_NONE;
volatile int clusterSize = 0;
@@ -2635,6 +2637,7 @@ static void __cdecl volTransformThreadFunction (void *hwndDlgArg)
volParams->clusterSize = clusterSize;
volParams->sparseFileSwitch = dynamicFormat;
volParams->quickFormat = quickFormat;
+ volParams->fastCreateFile = fastCreateFile;
volParams->sectorSize = GetFormatSectorSize();
volParams->realClusterSize = &realClusterSize;
volParams->password = &volumePassword;
@@ -4559,6 +4562,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (hwndDlg, IDT_RESCUE_DISK_INFO), bSystemIsGPT? GetString ("RESCUE_DISK_EFI_INFO"): GetString ("RESCUE_DISK_INFO"));
+ SetCheckBox (hwndDlg, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk);
SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
@@ -6141,6 +6145,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
ExtractCommandLine (hwndDlg, (wchar_t *) lParam);
+ if (EnableMemoryProtection)
+ {
+ /* Protect this process memory from being accessed by non-admin users */
+ EnableProcessProtection ();
+ }
+
if (ComServerMode)
{
InitDialog (hwndDlg);
@@ -6153,6 +6163,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
exit (0);
}
+ fastCreateFile = CmdFastCreateFile;
+
if (DirectCreationMode)
{
wchar_t root[TC_MAX_PATH];
@@ -8994,6 +9006,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionForce,
OptionNoSizeCheck,
OptionQuickFormat,
+ OptionFastCreateFile,
+ OptionEnableMemoryProtection,
};
argument args[]=
@@ -9016,6 +9030,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionForce, L"/force", NULL, FALSE },
{ OptionNoSizeCheck, L"/nosizecheck", NULL, FALSE },
{ OptionQuickFormat, L"/quick", NULL, FALSE },
+ { OptionFastCreateFile, L"/fastcreatefile", NULL, FALSE },
+ { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE },
// Internal
{ CommandResumeSysEncLogOn, L"/acsysenc", L"/a", TRUE },
@@ -9372,6 +9388,14 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
CmdQuickFormat = TRUE;
break;
+ case OptionFastCreateFile:
+ CmdFastCreateFile = TRUE;
+ break;
+
+ case OptionEnableMemoryProtection:
+ EnableMemoryProtection = TRUE;
+ break;
+
case OptionHistory:
{
wchar_t szTmp[8] = {0};
diff --git a/src/Format/VeraCrypt_Wizard.bmp b/src/Format/VeraCrypt_Wizard.bmp
index a368a3a..24f3028 100644
--- a/src/Format/VeraCrypt_Wizard.bmp
+++ b/src/Format/VeraCrypt_Wizard.bmp
Binary files differ
diff --git a/src/Main/Forms/MainFrame.cpp b/src/Main/Forms/MainFrame.cpp
index 9abe255..2585319 100644
--- a/src/Main/Forms/MainFrame.cpp
+++ b/src/Main/Forms/MainFrame.cpp
@@ -99,6 +99,9 @@ namespace VeraCrypt
Connect( wxID_ANY, wxEVT_COMMAND_PREF_UPDATED, wxCommandEventHandler( MainFrame::OnPreferencesUpdated ) );
Connect( wxID_ANY, wxEVT_COMMAND_OPEN_VOLUME_REQUEST, wxCommandEventHandler( MainFrame::OnOpenVolumeSystemRequest ) );
+#ifdef TC_MACOSX
+ Connect( wxID_ANY, wxEVT_MOVE, wxMoveEventHandler( MainFrame::OnMoveHandler ) );
+#endif
}
MainFrame::~MainFrame ()
@@ -119,6 +122,9 @@ namespace VeraCrypt
Disconnect( wxID_ANY, wxEVT_COMMAND_UPDATE_VOLUME_LIST, wxCommandEventHandler( MainFrame::OnUpdateVolumeList ) );
Disconnect( wxID_ANY, wxEVT_COMMAND_PREF_UPDATED, wxCommandEventHandler( MainFrame::OnPreferencesUpdated ) );
Disconnect( wxID_ANY, wxEVT_COMMAND_OPEN_VOLUME_REQUEST, wxCommandEventHandler( MainFrame::OnOpenVolumeSystemRequest ) );
+#ifdef TC_MACOSX
+ Disconnect( wxID_ANY, wxEVT_MOVE, wxMoveEventHandler( MainFrame::OnMoveHandler ) );
+#endif
Core->VolumeMountedEvent.Disconnect (this);
Core->VolumeDismountedEvent.Disconnect (this);
Gui->OpenVolumeSystemRequestEvent.Disconnect (this);
@@ -725,6 +731,7 @@ namespace VeraCrypt
#ifdef TC_MACOSX
if (Gui->IsInBackgroundMode())
Gui->SetBackgroundMode (false);
+ EnsureVisible ();
#endif
AboutDialog dialog (this);
dialog.ShowModal();
@@ -1722,4 +1729,11 @@ namespace VeraCrypt
Core->WipePasswordCache();
UpdateWipeCacheButton();
}
+
+#ifdef TC_MACOSX
+ void MainFrame::OnMoveHandler(wxMoveEvent& event)
+ {
+ EnsureVisible (true);
+ }
+#endif
}
diff --git a/src/Main/Forms/MainFrame.h b/src/Main/Forms/MainFrame.h
index 39c411a..414ecca 100644
--- a/src/Main/Forms/MainFrame.h
+++ b/src/Main/Forms/MainFrame.h
@@ -15,6 +15,9 @@
#include "Forms.h"
#include "ChangePasswordDialog.h"
+#ifdef TC_MACOSX
+#include <wx/display.h>
+#endif
namespace VeraCrypt
{
@@ -162,6 +165,35 @@ namespace VeraCrypt
void UpdateWipeCacheButton ();
void WipeCache ();
+#ifdef TC_MACOSX
+ void OnMoveHandler(wxMoveEvent& event);
+
+ void EnsureVisible(bool bOnlyHeadingBar = false)
+ {
+ wxDisplay display (this);
+ wxRect displayRect = display.GetClientArea();
+
+ bool bMove = false;
+ wxPoint p = GetScreenPosition();
+ wxRect r = GetRect ();
+ wxRect rc = GetClientRect ();
+ int titleBarHeight = r.height - rc.height;
+
+ if (!bOnlyHeadingBar && (p.x < displayRect.x))
+ p.x = 0, bMove = true;
+ if (p.y < displayRect.y)
+ p.y = displayRect.y, bMove = true;
+ if (!bOnlyHeadingBar && (p.x + r.width > displayRect.x + displayRect.width))
+ p.x = displayRect.x + displayRect.width - r.width, bMove = true;
+ if (!bOnlyHeadingBar && (p.y + r.height > displayRect.y + displayRect.height))
+ p.y = displayRect.y + displayRect.height - r.height, bMove = true;
+ if (bOnlyHeadingBar && (p.y > (displayRect.y + displayRect.height - titleBarHeight)))
+ p.y = displayRect.y + displayRect.height - titleBarHeight, bMove = true;
+ if (bMove)
+ Move (p);
+ }
+#endif
+
struct VolumeActivityMapEntry
{
VolumeActivityMapEntry () { }
diff --git a/src/Main/Forms/VolumeSizeWizardPage.cpp b/src/Main/Forms/VolumeSizeWizardPage.cpp
index 3781b05..fc045b5 100644
--- a/src/Main/Forms/VolumeSizeWizardPage.cpp
+++ b/src/Main/Forms/VolumeSizeWizardPage.cpp
@@ -103,7 +103,7 @@ namespace VeraCrypt
try
{
uint64 uiVolumeSize = GetVolumeSize();
- if (uiVolumeSize >= MinVolumeSize && (!MaxVolumeSizeValid || uiVolumeSize <= MaxVolumeSize) && (CmdLine->ArgDisableFileSizeCheck || !AvailableDiskSpace || uiVolumeSize <= AvailableDiskSpace))
+ if (uiVolumeSize >= MinVolumeSize && (!MaxVolumeSizeValid || uiVolumeSize <= MaxVolumeSize) && (MaxVolumeSizeValid || CmdLine->ArgDisableFileSizeCheck || !AvailableDiskSpace || uiVolumeSize <= AvailableDiskSpace))
return true;
}
catch (...) { }
diff --git a/src/Main/Main.make b/src/Main/Main.make
index a154a84..18efba6 100755
--- a/src/Main/Main.make
+++ b/src/Main/Main.make
@@ -82,14 +82,10 @@ CXXFLAGS += -I$(BASE_DIR)/Main
#------ wxWidgets configuration ------
ifdef TC_NO_GUI
-ifdef VC_WX_STATIC
WX_CONFIG_LIBS := base
else
WX_CONFIG_LIBS := adv,core,base
endif
-else
-WX_CONFIG_LIBS := adv,core,base
-endif
ifeq "$(TC_BUILD_CONFIG)" "Release"
diff --git a/src/Main/TextUserInterface.h b/src/Main/TextUserInterface.h
index 95db02d..78874b8 100644
--- a/src/Main/TextUserInterface.h
+++ b/src/Main/TextUserInterface.h
@@ -47,7 +47,9 @@ namespace VeraCrypt
virtual void ExportSecurityTokenKeyfile () const;
virtual shared_ptr <GetStringFunctor> GetAdminPasswordRequestHandler ();
virtual void ImportSecurityTokenKeyfiles () const;
+#ifndef TC_NO_GUI
virtual bool Initialize (int &argc, wxChar **argv) { return wxAppBase::Initialize(argc, argv); }
+#endif
virtual void InitSecurityTokenLibrary () const;
virtual void ListSecurityTokenKeyfiles () const;
virtual VolumeInfoList MountAllDeviceHostedVolumes (MountOptions &options) const;
diff --git a/src/Makefile b/src/Makefile
index fe0c143..f881c87 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -69,7 +69,7 @@ endif
ifeq "$(origin NOGUI)" "command line"
export TC_NO_GUI := 1
- C_CXX_FLAGS += -DTC_NO_GUI
+ C_CXX_FLAGS += -DTC_NO_GUI -DwxUSE_GUI=0
WX_CONFIGURE_FLAGS += --disable-gui
endif
@@ -151,6 +151,7 @@ endif
ifeq "$(origin NOASM)" "command line"
CPU_ARCH = unknown
+ C_CXX_FLAGS += -DCRYPTOPP_DISABLE_X86ASM
endif
ifeq "$(CPU_ARCH)" "x86"
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 9130eae..ca32228 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -181,6 +181,8 @@ static int bPrebootPasswordDlgMode = FALSE;
static int NoCmdLineArgs;
static BOOL CmdLineVolumeSpecified;
static int LastDriveListVolumeColumnWidth;
+static BOOL ExitMailSlotSpecified = FALSE;
+static TCHAR ExitMailSlotName[MAX_PATH];
// WTS handling
static HMODULE hWtsLib = NULL;
static WTSREGISTERSESSIONNOTIFICATION fnWtsRegisterSessionNotification = NULL;
@@ -5061,7 +5063,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
else if (!Silent)
{
int GuiPkcs5 = EffectiveVolumePkcs5;
- BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
+ BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode || IsTrueCryptFileExtension (szFileName)? TRUE : FALSE;
int GuiPim = EffectiveVolumePim;
StringCbCopyW (PasswordDlgVolume, sizeof(PasswordDlgVolume), szFileName);
@@ -5155,7 +5157,14 @@ static BOOL Dismount (HWND hwndDlg, int nDosDriveNo)
WaitCursor ();
if (nDosDriveNo == -2)
+ {
nDosDriveNo = (char) (HIWORD (GetSelectedLong (GetDlgItem (hwndDlg, IDC_DRIVELIST))) - L'A');
+ if (nDosDriveNo < 0 || nDosDriveNo >= 26)
+ {
+ NormalCursor ();
+ return FALSE;
+ }
+ }
if (bCloseDismountedWindows)
{
@@ -6780,6 +6789,41 @@ void DisplayDriveListContextMenu (HWND hwndDlg, LPARAM lParam)
}
}
+// broadcast signal to WAITFOR.EXE MailSlot to notify any waiting instance that we are exiting
+static void SignalExitCode (int exitCode)
+{
+ if (ExitMailSlotSpecified)
+ {
+ HANDLE hFile;
+ hFile = CreateFile (ExitMailSlotName,
+ GENERIC_WRITE,
+ FILE_SHARE_READ,
+ (LPSECURITY_ATTRIBUTES) NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ (HANDLE) NULL);
+ if ((hFile == INVALID_HANDLE_VALUE) && (GetLastError () == ERROR_FILE_NOT_FOUND))
+ {
+ // MailSlot not found, wait 1 second and try again in case we exited too quickly
+ Sleep (1000);
+ hFile = CreateFile (ExitMailSlotName,
+ GENERIC_WRITE,
+ FILE_SHARE_READ,
+ (LPSECURITY_ATTRIBUTES) NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ (HANDLE) NULL);
+ }
+ if (hFile != INVALID_HANDLE_VALUE)
+ {
+ char szMsg[64];
+ DWORD cbWritten;
+ StringCbPrintfA (szMsg, sizeof (szMsg), "VeraCrypt Exit %d", exitCode);
+ WriteFile(hFile, szMsg, (DWORD) (strlen (szMsg) +1), &cbWritten, (LPOVERLAPPED) NULL);
+ CloseHandle (hFile);
+ }
+ }
+}
/* Except in response to the WM_INITDIALOG and WM_ENDSESSION messages, the dialog box procedure
should return nonzero if it processes a message, and zero if it does not. */
@@ -6859,6 +6903,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
AbortProcess ("COMMAND_LINE_ERROR");
}
+ if (EnableMemoryProtection)
+ {
+ /* Protect this process memory from being accessed by non-admin users */
+ EnableProcessProtection ();
+ }
+
if (ComServerMode)
{
InitDialog (hwndDlg);
@@ -7120,7 +7170,10 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (Quit)
{
if (TaskBarIconMutex == NULL)
+ {
+ SignalExitCode (exitCode);
exit (exitCode);
+ }
MainWindowHidden = TRUE;
@@ -7132,6 +7185,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
if (TaskBarIconMutex)
TaskBarIconRemove (hwndDlg);
+ SignalExitCode (exitCode);
exit (exitCode);
}
else
@@ -8883,6 +8937,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionNoWaitDlg,
OptionSecureDesktop,
OptionDisableDeviceUpdate,
+ OptionEnableMemoryProtection,
+ OptionSignalExit,
};
argument args[]=
@@ -8912,6 +8968,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionNoWaitDlg, L"/nowaitdlg", NULL, FALSE },
{ OptionSecureDesktop, L"/secureDesktop", NULL, FALSE },
{ OptionDisableDeviceUpdate, L"/disableDeviceUpdate", NULL, FALSE },
+ { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE },
+ { OptionSignalExit, L"/signalExit", NULL, FALSE },
};
argumentspec as;
@@ -9008,6 +9066,23 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
}
break;
+ case OptionEnableMemoryProtection:
+ {
+ EnableMemoryProtection = TRUE;
+ }
+ break;
+
+ case OptionSignalExit:
+ if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs, &i,
+ nNoCommandLineArgs, tmpPath, ARRAYSIZE (tmpPath)))
+ {
+ StringCbPrintfW (ExitMailSlotName, sizeof (ExitMailSlotName), L"\\\\.\\mailslot\\WAITFOR.EXE\\%s", tmpPath);
+ ExitMailSlotSpecified = TRUE;
+ }
+ else
+ AbortProcess ("COMMAND_LINE_ERROR");
+ break;
+
case OptionCache:
{
wchar_t szTmp[16] = {0};
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index 275559e..efa76fe 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -548,8 +548,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -566,11 +566,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update5"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update5"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Mount/Mount.vcxproj.user b/src/Mount/Mount.vcxproj.user
index 75a63e9..9ab5ba9 100644
--- a/src/Mount/Mount.vcxproj.user
+++ b/src/Mount/Mount.vcxproj.user
@@ -1,7 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
- <LocalDebuggerCommandArguments>/DisableDeviceUpdate</LocalDebuggerCommandArguments>
+ <LocalDebuggerCommandArguments>
+ </LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project> \ No newline at end of file
diff --git a/src/Release/Setup Files/veracrypt-x64.cat b/src/Release/Setup Files/veracrypt-x64.cat
index 3669eb8..7572f66 100644
--- a/src/Release/Setup Files/veracrypt-x64.cat
+++ b/src/Release/Setup Files/veracrypt-x64.cat
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt-x64.sys b/src/Release/Setup Files/veracrypt-x64.sys
index f0dbae0..df3a752 100644
--- a/src/Release/Setup Files/veracrypt-x64.sys
+++ b/src/Release/Setup Files/veracrypt-x64.sys
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt.Inf b/src/Release/Setup Files/veracrypt.Inf
index e2e1691..95417cb 100644
--- a/src/Release/Setup Files/veracrypt.Inf
+++ b/src/Release/Setup Files/veracrypt.Inf
@@ -2,7 +2,7 @@
;;; VeraCrypt
;;;
;;;
-;;; Copyright (c) 2018, IDRIX
+;;; Copyright (c) 2020, IDRIX
;;;
[Version]
@@ -10,7 +10,7 @@ signature = "$Windows NT$"
Class = "Encryption" ;This is determined by the work this filter driver does
ClassGuid = {a0a701c0-a511-42ff-aa6c-06dc0395576f} ;This value is determined by the Class
Provider = %ProviderString%
-DriverVer = 11/05/2019,1.24.8.1
+DriverVer = 02/10/2019,1.24.14.0
CatalogFile = veracrypt.cat
diff --git a/src/Release/Setup Files/veracrypt.cat b/src/Release/Setup Files/veracrypt.cat
index c7004e9..98d8bc1 100644
--- a/src/Release/Setup Files/veracrypt.cat
+++ b/src/Release/Setup Files/veracrypt.cat
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt.sys b/src/Release/Setup Files/veracrypt.sys
index 353c41a..7004c01 100644
--- a/src/Release/Setup Files/veracrypt.sys
+++ b/src/Release/Setup Files/veracrypt.sys
Binary files differ
diff --git a/src/Setup/MacOSX/veracrypt.pkgproj b/src/Setup/MacOSX/veracrypt.pkgproj
index 55a3e0b..4bd045b 100755
--- a/src/Setup/MacOSX/veracrypt.pkgproj
+++ b/src/Setup/MacOSX/veracrypt.pkgproj
@@ -555,7 +555,7 @@
<key>USE_HFS+_COMPRESSION</key>
<false/>
<key>VERSION</key>
- <string>1.24.8</string>
+ <string>1.24.14</string>
</dict>
<key>TYPE</key>
<integer>0</integer>
@@ -1059,7 +1059,7 @@ https://osxfuse.github.io/
</dict>
</array>
<key>NAME</key>
- <string>VeraCrypt 1.24-Hotfix2</string>
+ <string>VeraCrypt 1.24-Update5</string>
<key>PAYLOAD_ONLY</key>
<false/>
<key>TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING</key>
diff --git a/src/Setup/MacOSX/veracrypt_Legacy.pkgproj b/src/Setup/MacOSX/veracrypt_Legacy.pkgproj
index d941bf2..19c816a 100755
--- a/src/Setup/MacOSX/veracrypt_Legacy.pkgproj
+++ b/src/Setup/MacOSX/veracrypt_Legacy.pkgproj
@@ -555,7 +555,7 @@
<key>USE_HFS+_COMPRESSION</key>
<false/>
<key>VERSION</key>
- <string>1.24.8</string>
+ <string>1.24.14</string>
</dict>
<key>TYPE</key>
<integer>0</integer>
@@ -1059,7 +1059,7 @@ https://osxfuse.github.io/
</dict>
</array>
<key>NAME</key>
- <string>VeraCrypt Legacy 1.24-Hotfix2</string>
+ <string>VeraCrypt Legacy 1.24-Update5</string>
<key>PAYLOAD_ONLY</key>
<false/>
<key>TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING</key>
diff --git a/src/Setup/Portable.rc b/src/Setup/Portable.rc
index a866473..7a7acfa 100644
--- a/src/Setup/Portable.rc
+++ b/src/Setup/Portable.rc
@@ -26,8 +26,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -44,11 +44,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Portable"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update5"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Portable.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update5"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Setup/Setup.rc b/src/Setup/Setup.rc
index 02957c0..b92e927 100644
--- a/src/Setup/Setup.rc
+++ b/src/Setup/Setup.rc
@@ -28,8 +28,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,8,0
- PRODUCTVERSION 1,24,8,0
+ FILEVERSION 1,24,14,0
+ PRODUCTVERSION 1,24,14,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -46,11 +46,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Setup"
- VALUE "FileVersion", "1.24-Hotfix2"
+ VALUE "FileVersion", "1.24-Update5"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Setup.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Hotfix2"
+ VALUE "ProductVersion", "1.24-Update5"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Signing/sign.bat b/src/Signing/sign.bat
index eb40b44..adf9358 100644
--- a/src/Signing/sign.bat
+++ b/src/Signing/sign.bat
@@ -1,6 +1,6 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Hotfix2
+set VC_VERSION=1.24-Update5
set SIGNINGPATH=%~dp0
cd %SIGNINGPATH%
diff --git a/src/Signing/sign_test.bat b/src/Signing/sign_test.bat
index 6bf9289..74b48c9 100644
--- a/src/Signing/sign_test.bat
+++ b/src/Signing/sign_test.bat
@@ -1,5 +1,5 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Hotfix2
+set VC_VERSION=1.24-Update5
set PFXNAME=TestCertificate\idrix_codeSign.pfx
set PFXPASSWORD=idrix
set PFXCA=TestCertificate\idrix_TestRootCA.crt
diff --git a/src/Signing/sign_test_debug.bat b/src/Signing/sign_test_debug.bat
index 8c98ebc..f44690d 100644
--- a/src/Signing/sign_test_debug.bat
+++ b/src/Signing/sign_test_debug.bat
@@ -1,5 +1,5 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Hotfix2
+set VC_VERSION=1.24-Update5
set PFXNAME=TestCertificate\idrix_codeSign.pfx
set PFXPASSWORD=idrix
set PFXCA=TestCertificate\idrix_TestRootCA.crt
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp
index 32f61b7..40507a2 100644
--- a/src/Volume/Cipher.cpp
+++ b/src/Volume/Cipher.cpp
@@ -247,7 +247,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
+#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM)
if ((blockCount >= 4)
&& IsHwSupportAvailable())
{
@@ -263,7 +263,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
+#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM)
if ((blockCount >= 4)
&& IsHwSupportAvailable())
{
@@ -318,7 +318,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
twofish_encrypt_blocks ( (TwofishInstance *) ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::EncryptBlocks (data, blockCount);
@@ -330,7 +330,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
twofish_decrypt_blocks ( (TwofishInstance *) ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::DecryptBlocks (data, blockCount);
@@ -339,7 +339,7 @@ namespace VeraCrypt
bool CipherTwofish::IsHwSupportAvailable () const
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
return true;
#else
return false;
@@ -372,7 +372,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
camellia_encrypt_blocks ( ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::EncryptBlocks (data, blockCount);
@@ -384,7 +384,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
camellia_decrypt_blocks ( ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::DecryptBlocks (data, blockCount);
@@ -393,7 +393,7 @@ namespace VeraCrypt
bool CipherCamellia::IsHwSupportAvailable () const
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
return true;
#else
return false;