VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Boot/EFI/DcsBoot.efibin22840 -> 24088 bytes
-rw-r--r--src/Boot/EFI/DcsBoot32.efibin19672 -> 20472 bytes
-rw-r--r--src/Boot/EFI/DcsCfg.efibin952568 -> 953528 bytes
-rw-r--r--src/Boot/EFI/DcsCfg32.efibin815512 -> 816152 bytes
-rw-r--r--src/Boot/EFI/DcsInfo.efibin37144 -> 37144 bytes
-rw-r--r--src/Boot/EFI/DcsInfo32.efibin33880 -> 33880 bytes
-rw-r--r--src/Boot/EFI/DcsInt.efibin911032 -> 912184 bytes
-rw-r--r--src/Boot/EFI/DcsInt32.efibin794360 -> 795160 bytes
-rw-r--r--src/Boot/EFI/DcsRe.efibin28344 -> 28472 bytes
-rw-r--r--src/Boot/EFI/DcsRe32.efibin23960 -> 24056 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker.efibin9816 -> 9816 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker32.efibin9560 -> 9560 bytes
-rw-r--r--src/Boot/Windows/Bios.h3
-rw-r--r--src/Boot/Windows/BootCommon.h2
-rw-r--r--src/Boot/Windows/BootDiskIo.cpp4
-rw-r--r--src/Boot/Windows/BootDiskIo.h1
-rw-r--r--src/Boot/Windows/BootEncryptedIo.cpp14
-rw-r--r--src/Build/CMakeLists.txt330
-rw-r--r--src/Build/Include/Makefile.inc12
-rw-r--r--src/Build/Packaging/debian-control/prerm9
-rw-r--r--src/Build/Packaging/rpm-control/prerm.sh9
-rw-r--r--src/Build/Resources/MacOSX/Info.plist.legacy.xml106
-rw-r--r--src/Build/Resources/MacOSX/Info.plist.xml10
-rwxr-xr-xsrc/Build/build_cmake_deb.sh69
-rw-r--r--src/Build/build_cmake_opensuse.sh71
-rw-r--r--src/Build/build_cmake_rpm_gtk2.sh69
-rw-r--r--src/Build/build_cmake_rpm_gtk3.sh69
-rwxr-xr-xsrc/Build/build_veracrypt_macosx.sh20
-rwxr-xr-xsrc/Build/build_veracrypt_macosx_legacy.sh33
-rw-r--r--src/Common/BootEncryption.cpp826
-rw-r--r--src/Common/BootEncryption.h28
-rw-r--r--src/Common/Cmdline.c4
-rw-r--r--src/Common/Common.rc49
-rw-r--r--src/Common/Crypto.c8
-rw-r--r--src/Common/Crypto.h2
-rw-r--r--src/Common/Dlgcode.c506
-rw-r--r--src/Common/Dlgcode.h11
-rw-r--r--src/Common/EncryptionThreadPool.c83
-rw-r--r--src/Common/Fat.c36
-rw-r--r--src/Common/Format.c118
-rw-r--r--src/Common/Format.h1
-rw-r--r--src/Common/Keyfiles.c59
-rw-r--r--src/Common/Language.c1
-rw-r--r--src/Common/Language.xml93
-rw-r--r--src/Common/Password.c20
-rw-r--r--src/Common/Random.c27
-rw-r--r--src/Common/Random.h1
-rw-r--r--src/Common/Tcdefs.h34
-rw-r--r--src/Common/Zip.vcxproj1
-rw-r--r--src/Common/Zip.vcxproj.filters3
-rw-r--r--src/Common/libzip/NEWS.md8
-rw-r--r--src/Common/libzip/compat.h19
-rw-r--r--src/Common/libzip/config.h2
-rw-r--r--src/Common/libzip/zip.h78
-rw-r--r--src/Common/libzip/zip_add.c2
-rw-r--r--src/Common/libzip/zip_add_dir.c2
-rw-r--r--src/Common/libzip/zip_add_entry.c2
-rw-r--r--src/Common/libzip/zip_algorithm_deflate.c3
-rw-r--r--src/Common/libzip/zip_buffer.c2
-rw-r--r--src/Common/libzip/zip_close.c60
-rw-r--r--src/Common/libzip/zip_delete.c2
-rw-r--r--src/Common/libzip/zip_dir_add.c2
-rw-r--r--src/Common/libzip/zip_dirent.c28
-rw-r--r--src/Common/libzip/zip_discard.c2
-rw-r--r--src/Common/libzip/zip_entry.c2
-rw-r--r--src/Common/libzip/zip_err_str.c72
-rw-r--r--src/Common/libzip/zip_error.c2
-rw-r--r--src/Common/libzip/zip_error_clear.c2
-rw-r--r--src/Common/libzip/zip_error_get.c2
-rw-r--r--src/Common/libzip/zip_error_get_sys_type.c2
-rw-r--r--src/Common/libzip/zip_error_strerror.c2
-rw-r--r--src/Common/libzip/zip_error_to_str.c2
-rw-r--r--src/Common/libzip/zip_extra_field.c2
-rw-r--r--src/Common/libzip/zip_extra_field_api.c2
-rw-r--r--src/Common/libzip/zip_fclose.c2
-rw-r--r--src/Common/libzip/zip_fdopen.c4
-rw-r--r--src/Common/libzip/zip_file_add.c2
-rw-r--r--src/Common/libzip/zip_file_error_clear.c2
-rw-r--r--src/Common/libzip/zip_file_error_get.c2
-rw-r--r--src/Common/libzip/zip_file_get_comment.c2
-rw-r--r--src/Common/libzip/zip_file_get_external_attributes.c2
-rw-r--r--src/Common/libzip/zip_file_get_offset.c2
-rw-r--r--src/Common/libzip/zip_file_rename.c2
-rw-r--r--src/Common/libzip/zip_file_replace.c2
-rw-r--r--src/Common/libzip/zip_file_set_comment.c2
-rw-r--r--src/Common/libzip/zip_file_set_external_attributes.c2
-rw-r--r--src/Common/libzip/zip_file_set_mtime.c36
-rw-r--r--src/Common/libzip/zip_file_strerror.c2
-rw-r--r--src/Common/libzip/zip_filerange_crc.c14
-rw-r--r--src/Common/libzip/zip_fopen.c2
-rw-r--r--src/Common/libzip/zip_fopen_encrypted.c2
-rw-r--r--src/Common/libzip/zip_fopen_index.c2
-rw-r--r--src/Common/libzip/zip_fopen_index_encrypted.c2
-rw-r--r--src/Common/libzip/zip_fread.c2
-rw-r--r--src/Common/libzip/zip_get_archive_comment.c2
-rw-r--r--src/Common/libzip/zip_get_archive_flag.c2
-rw-r--r--src/Common/libzip/zip_get_encryption_implementation.c2
-rw-r--r--src/Common/libzip/zip_get_file_comment.c2
-rw-r--r--src/Common/libzip/zip_get_name.c2
-rw-r--r--src/Common/libzip/zip_get_num_entries.c2
-rw-r--r--src/Common/libzip/zip_get_num_files.c2
-rw-r--r--src/Common/libzip/zip_hash.c2
-rw-r--r--src/Common/libzip/zip_io_util.c2
-rw-r--r--src/Common/libzip/zip_memdup.c2
-rw-r--r--src/Common/libzip/zip_name_locate.c2
-rw-r--r--src/Common/libzip/zip_new.c2
-rw-r--r--src/Common/libzip/zip_open.c34
-rw-r--r--src/Common/libzip/zip_progress.c172
-rw-r--r--src/Common/libzip/zip_rename.c2
-rw-r--r--src/Common/libzip/zip_replace.c2
-rw-r--r--src/Common/libzip/zip_set_archive_comment.c2
-rw-r--r--src/Common/libzip/zip_set_archive_flag.c2
-rw-r--r--src/Common/libzip/zip_set_default_password.c2
-rw-r--r--src/Common/libzip/zip_set_file_comment.c2
-rw-r--r--src/Common/libzip/zip_set_file_compression.c2
-rw-r--r--src/Common/libzip/zip_set_name.c2
-rw-r--r--src/Common/libzip/zip_source_accept_empty.c52
-rw-r--r--src/Common/libzip/zip_source_begin_write.c2
-rw-r--r--src/Common/libzip/zip_source_begin_write_cloning.c2
-rw-r--r--src/Common/libzip/zip_source_buffer.c18
-rw-r--r--src/Common/libzip/zip_source_call.c2
-rw-r--r--src/Common/libzip/zip_source_close.c2
-rw-r--r--src/Common/libzip/zip_source_commit_write.c2
-rw-r--r--src/Common/libzip/zip_source_compress.c12
-rw-r--r--src/Common/libzip/zip_source_crc.c3
-rw-r--r--src/Common/libzip/zip_source_error.c2
-rw-r--r--src/Common/libzip/zip_source_file.c2
-rw-r--r--src/Common/libzip/zip_source_filep.c114
-rw-r--r--src/Common/libzip/zip_source_free.c2
-rw-r--r--src/Common/libzip/zip_source_function.c2
-rw-r--r--src/Common/libzip/zip_source_get_compression_flags.c2
-rw-r--r--src/Common/libzip/zip_source_is_deleted.c2
-rw-r--r--src/Common/libzip/zip_source_layered.c2
-rw-r--r--src/Common/libzip/zip_source_open.c2
-rw-r--r--src/Common/libzip/zip_source_pkware.c2
-rw-r--r--src/Common/libzip/zip_source_read.c4
-rw-r--r--src/Common/libzip/zip_source_remove.c2
-rw-r--r--src/Common/libzip/zip_source_rollback_write.c2
-rw-r--r--src/Common/libzip/zip_source_seek.c9
-rw-r--r--src/Common/libzip/zip_source_seek_write.c2
-rw-r--r--src/Common/libzip/zip_source_stat.c2
-rw-r--r--src/Common/libzip/zip_source_supports.c2
-rw-r--r--src/Common/libzip/zip_source_tell.c2
-rw-r--r--src/Common/libzip/zip_source_tell_write.c2
-rw-r--r--src/Common/libzip/zip_source_win32a.c12
-rw-r--r--src/Common/libzip/zip_source_win32handle.c9
-rw-r--r--src/Common/libzip/zip_source_win32utf8.c2
-rw-r--r--src/Common/libzip/zip_source_win32w.c12
-rw-r--r--src/Common/libzip/zip_source_window.c17
-rw-r--r--src/Common/libzip/zip_source_write.c2
-rw-r--r--src/Common/libzip/zip_source_zip.c2
-rw-r--r--src/Common/libzip/zip_source_zip_new.c2
-rw-r--r--src/Common/libzip/zip_stat.c2
-rw-r--r--src/Common/libzip/zip_stat_index.c11
-rw-r--r--src/Common/libzip/zip_stat_init.c2
-rw-r--r--src/Common/libzip/zip_strerror.c2
-rw-r--r--src/Common/libzip/zip_string.c2
-rw-r--r--src/Common/libzip/zip_unchange.c2
-rw-r--r--src/Common/libzip/zip_unchange_all.c2
-rw-r--r--src/Common/libzip/zip_unchange_archive.c2
-rw-r--r--src/Common/libzip/zip_unchange_data.c2
-rw-r--r--src/Common/libzip/zip_utf-8.c4
-rw-r--r--src/Common/libzip/zipint.h41
-rw-r--r--src/Common/libzip/zipwin32.h2
-rw-r--r--src/Core/CoreBase.cpp3
-rw-r--r--src/Core/CoreBase.h7
-rw-r--r--src/Core/RandomNumberGenerator.cpp23
-rw-r--r--src/Core/RandomNumberGenerator.h2
-rw-r--r--src/Core/Unix/CoreService.cpp50
-rw-r--r--src/Core/Unix/CoreUnix.cpp7
-rw-r--r--src/Core/VolumeCreator.h1
-rw-r--r--src/Crypto/Aeskey.c13
-rw-r--r--src/Crypto/Camellia.c2
-rw-r--r--src/Crypto/Camellia.h2
-rw-r--r--src/Crypto/Crypto.vcxproj15
-rw-r--r--src/Crypto/Crypto.vcxproj.filters3
-rw-r--r--src/Crypto/Makefile.inc4
-rw-r--r--src/Crypto/Sha2.c6
-rw-r--r--src/Crypto/Sha2.h2
-rw-r--r--src/Crypto/Sources1
-rw-r--r--src/Crypto/Twofish.c8
-rw-r--r--src/Crypto/Twofish.h4
-rw-r--r--src/Crypto/Whirlpool.c14
-rw-r--r--src/Crypto/cpu.c33
-rw-r--r--src/Crypto/cpu.h4
-rw-r--r--src/Crypto/jitterentropy-base-user.h52
-rw-r--r--src/Crypto/jitterentropy-base.c468
-rw-r--r--src/Crypto/jitterentropy.h53
-rw-r--r--src/Crypto/rdrand_ml.asm266
-rw-r--r--src/Crypto/rdseed_ml.asm230
-rw-r--r--src/Driver/DriveFilter.c6
-rw-r--r--src/Driver/Driver.rc4
-rw-r--r--src/Driver/Ntdriver.c399
-rw-r--r--src/Driver/Ntdriver.h2
-rw-r--r--src/Driver/Ntvol.c71
-rw-r--r--src/ExpandVolume/DlgExpandVolume.cpp72
-rw-r--r--src/ExpandVolume/ExpandVolume.c121
-rw-r--r--src/ExpandVolume/ExpandVolume.h2
-rw-r--r--src/ExpandVolume/ExpandVolume.rc17
-rw-r--r--src/ExpandVolume/InitDataArea.c27
-rw-r--r--src/ExpandVolume/WinMain.cpp71
-rw-r--r--src/ExpandVolume/resource.h5
-rw-r--r--src/Format/Format.rc550
-rw-r--r--src/Format/InPlace.c58
-rw-r--r--src/Format/Tcformat.c96
-rw-r--r--src/Format/VeraCrypt_Wizard.bmpbin166518 -> 193446 bytes
-rw-r--r--src/Main/CommandLineInterface.cpp41
-rw-r--r--src/Main/CommandLineInterface.h9
-rw-r--r--src/Main/Forms/AboutDialog.cpp6
-rw-r--r--src/Main/Forms/DeviceSelectionDialog.cpp40
-rw-r--r--src/Main/Forms/EncryptionOptionsWizardPage.cpp18
-rw-r--r--src/Main/Forms/EncryptionOptionsWizardPage.h6
-rw-r--r--src/Main/Forms/Forms.cpp21
-rw-r--r--src/Main/Forms/KeyfilesPanel.cpp2
-rw-r--r--src/Main/Forms/MainFrame.cpp16
-rw-r--r--src/Main/Forms/MainFrame.h32
-rw-r--r--src/Main/Forms/TrueCrypt.fbp24
-rw-r--r--src/Main/Forms/VolumeCreationWizard.cpp3
-rw-r--r--src/Main/Forms/VolumeFormatOptionsWizardPage.cpp4
-rw-r--r--src/Main/Forms/VolumePasswordPanel.cpp16
-rw-r--r--src/Main/Forms/VolumeSizeWizardPage.cpp10
-rw-r--r--src/Main/Forms/VolumeSizeWizardPage.h1
-rw-r--r--src/Main/Forms/WaitDialog.cpp2
-rwxr-xr-xsrc/Main/GraphicUserInterface.cpp2
-rw-r--r--src/Main/LanguageStrings.cpp2
-rwxr-xr-xsrc/Main/Main.make146
-rw-r--r--src/Main/TextUserInterface.cpp29
-rw-r--r--src/Main/UserInterface.cpp13
-rw-r--r--src/Makefile64
-rw-r--r--src/Mount/Favorites.cpp132
-rw-r--r--src/Mount/Mount.c280
-rw-r--r--src/Mount/Mount.rc12
-rw-r--r--src/Mount/Mount.vcxproj.user5
-rw-r--r--src/Platform/Exception.h1
-rw-r--r--src/Platform/Unix/Process.cpp2
-rw-r--r--src/Readme.txt8
-rw-r--r--src/Release/Setup Files/veracrypt-x64.catbin10793 -> 10637 bytes
-rw-r--r--src/Release/Setup Files/veracrypt-x64.sysbin827816 -> 831664 bytes
-rw-r--r--src/Release/Setup Files/veracrypt.Inf4
-rw-r--r--src/Release/Setup Files/veracrypt.catbin10740 -> 10573 bytes
-rw-r--r--src/Release/Setup Files/veracrypt.sysbin765992 -> 798128 bytes
-rw-r--r--src/Setup/FreeBSD/veracrypt-uninstall.sh1
-rw-r--r--src/Setup/Linux/veracrypt-uninstall.sh3
-rwxr-xr-xsrc/Setup/MacOSX/veracrypt.pkgproj117
-rwxr-xr-xsrc/Setup/MacOSX/veracrypt_Legacy.pkgproj1079
-rw-r--r--src/Setup/Portable.rc8
-rw-r--r--src/Setup/Setup.rc8
-rw-r--r--src/Signing/DigiCert_High_Assurance_Code_Signing_CA.cerbin0 -> 1734 bytes
-rw-r--r--src/Signing/DigiCert_High_Assurance_MS_Cross_Cert.crt30
-rw-r--r--src/Signing/GlobalSign_R3Cross.cer30
-rw-r--r--src/Signing/Thawt_CodeSigning_CA.crt27
-rw-r--r--src/Signing/sign.bat14
-rw-r--r--src/Signing/sign_test.bat6
-rw-r--r--src/Signing/sign_test_debug.bat6
-rw-r--r--src/Signing/thawte_Primary_MS_Cross_Cert.cer32
-rw-r--r--src/Volume/Cipher.cpp16
-rw-r--r--src/Volume/Hash.cpp2
-rw-r--r--src/Volume/Volume.make3
-rw-r--r--src/Volume/VolumePassword.cpp4
-rw-r--r--src/Volume/VolumePassword.h7
260 files changed, 6796 insertions, 2086 deletions
diff --git a/src/Boot/EFI/DcsBoot.efi b/src/Boot/EFI/DcsBoot.efi
index f66be23..0fcd48e 100644
--- a/src/Boot/EFI/DcsBoot.efi
+++ b/src/Boot/EFI/DcsBoot.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsBoot32.efi b/src/Boot/EFI/DcsBoot32.efi
index cdf37a8..48db0ca 100644
--- a/src/Boot/EFI/DcsBoot32.efi
+++ b/src/Boot/EFI/DcsBoot32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg.efi b/src/Boot/EFI/DcsCfg.efi
index 0885b7e..03c9761 100644
--- a/src/Boot/EFI/DcsCfg.efi
+++ b/src/Boot/EFI/DcsCfg.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg32.efi b/src/Boot/EFI/DcsCfg32.efi
index 9486f4e..22cc0d5 100644
--- a/src/Boot/EFI/DcsCfg32.efi
+++ b/src/Boot/EFI/DcsCfg32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInfo.efi b/src/Boot/EFI/DcsInfo.efi
index 6da62b8..6be1cb8 100644
--- a/src/Boot/EFI/DcsInfo.efi
+++ b/src/Boot/EFI/DcsInfo.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInfo32.efi b/src/Boot/EFI/DcsInfo32.efi
index b0f0d48..006adfb 100644
--- a/src/Boot/EFI/DcsInfo32.efi
+++ b/src/Boot/EFI/DcsInfo32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt.efi b/src/Boot/EFI/DcsInt.efi
index 56f574a..a0c2975 100644
--- a/src/Boot/EFI/DcsInt.efi
+++ b/src/Boot/EFI/DcsInt.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt32.efi b/src/Boot/EFI/DcsInt32.efi
index 09fb32e..991885f 100644
--- a/src/Boot/EFI/DcsInt32.efi
+++ b/src/Boot/EFI/DcsInt32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsRe.efi b/src/Boot/EFI/DcsRe.efi
index 69afe14..070cc97 100644
--- a/src/Boot/EFI/DcsRe.efi
+++ b/src/Boot/EFI/DcsRe.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsRe32.efi b/src/Boot/EFI/DcsRe32.efi
index 0dc3e9c..c4f2013 100644
--- a/src/Boot/EFI/DcsRe32.efi
+++ b/src/Boot/EFI/DcsRe32.efi
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker.efi b/src/Boot/EFI/LegacySpeaker.efi
index 13f0c51..a1d14eb 100644
--- a/src/Boot/EFI/LegacySpeaker.efi
+++ b/src/Boot/EFI/LegacySpeaker.efi
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker32.efi b/src/Boot/EFI/LegacySpeaker32.efi
index 45d4200..1ec5ba6 100644
--- a/src/Boot/EFI/LegacySpeaker32.efi
+++ b/src/Boot/EFI/LegacySpeaker32.efi
Binary files differ
diff --git a/src/Boot/Windows/Bios.h b/src/Boot/Windows/Bios.h
index 4e1cec5..7085e7a 100644
--- a/src/Boot/Windows/Bios.h
+++ b/src/Boot/Windows/Bios.h
@@ -24,7 +24,8 @@
enum
{
BiosResultSuccess = 0x00,
- BiosResultInvalidFunction = 0x01
+ BiosResultInvalidFunction = 0x01,
+ BiosResultTimeout = 0x80
};
typedef byte BiosResult;
diff --git a/src/Boot/Windows/BootCommon.h b/src/Boot/Windows/BootCommon.h
index 3bbd09b..b77b880 100644
--- a/src/Boot/Windows/BootCommon.h
+++ b/src/Boot/Windows/BootCommon.h
@@ -17,7 +17,7 @@
#include "BootDefs.h"
// The user will be advised to upgrade the rescue disk if upgrading from the following or any previous version
-#define TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION 0x0122
+#define TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION 0x0123
#define TC_BOOT_LOADER_AREA_SIZE (TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS)
diff --git a/src/Boot/Windows/BootDiskIo.cpp b/src/Boot/Windows/BootDiskIo.cpp
index ea808dd..437c462 100644
--- a/src/Boot/Windows/BootDiskIo.cpp
+++ b/src/Boot/Windows/BootDiskIo.cpp
@@ -105,7 +105,7 @@ void Print (const ChsAddress &chs)
void PrintSectorCountInMB (const uint64 &sectorCount)
{
- Print (sectorCount >> (TC_LB_SIZE_BIT_SHIFT_DIVISOR + 2)); Print (" MB ");
+ Print (sectorCount >> (TC_LB_SIZE_BIT_SHIFT_DIVISOR + 2)); Print (" MiB ");
}
@@ -237,7 +237,7 @@ static BiosResult ReadWriteSectors (bool write, BiosLbaPacket &dapPacket, byte d
}
-static BiosResult ReadWriteSectors (bool write, byte *buffer, byte drive, const uint64 &sector, uint16 sectorCount, bool silent)
+BiosResult ReadWriteSectors (bool write, byte *buffer, byte drive, const uint64 &sector, uint16 sectorCount, bool silent)
{
BiosLbaPacket dapPacket;
dapPacket.Buffer = (uint32) buffer;
diff --git a/src/Boot/Windows/BootDiskIo.h b/src/Boot/Windows/BootDiskIo.h
index d4e8cf0..621acd8 100644
--- a/src/Boot/Windows/BootDiskIo.h
+++ b/src/Boot/Windows/BootDiskIo.h
@@ -112,6 +112,7 @@ BiosResult ReadSectors (uint16 bufferSegment, uint16 bufferOffset, byte drive, c
BiosResult ReadSectors (byte *buffer, byte drive, const uint64 &sector, uint16 sectorCount, bool silent = false);
BiosResult ReadSectors (byte *buffer, byte drive, const ChsAddress &chs, byte sectorCount, bool silent = false);
BiosResult ReadWriteSectors (bool write, uint16 bufferSegment, uint16 bufferOffset, byte drive, const uint64 &sector, uint16 sectorCount, bool silent);
+BiosResult ReadWriteSectors (bool write, byte *buffer, byte drive, const uint64 &sector, uint16 sectorCount, bool silent);
BiosResult WriteSectors (byte *buffer, byte drive, const uint64 &sector, uint16 sectorCount, bool silent = false);
BiosResult WriteSectors (byte *buffer, byte drive, const ChsAddress &chs, byte sectorCount, bool silent = false);
diff --git a/src/Boot/Windows/BootEncryptedIo.cpp b/src/Boot/Windows/BootEncryptedIo.cpp
index 25fe1dc..8ca5563 100644
--- a/src/Boot/Windows/BootEncryptedIo.cpp
+++ b/src/Boot/Windows/BootEncryptedIo.cpp
@@ -108,10 +108,22 @@ BiosResult WriteEncryptedSectors (uint16 sourceSegment, uint16 sourceOffset, byt
EncryptDataUnits (SectorBuffer, &dataUnitNo, 1, BootCryptoInfo);
}
- result = WriteSectors (SectorBuffer, drive, sector + writeOffset, 1);
+ result = ReadWriteSectors (true, SectorBuffer, drive, sector + writeOffset, 1, true);
+ if (BiosResultTimeout == result)
+ {
+ if (BiosResultSuccess == ReadWriteSectors (false, TC_BOOT_LOADER_BUFFER_SEGMENT, 0, drive, sector + writeOffset, 8, false))
+ {
+ CopyMemory (SectorBuffer, TC_BOOT_LOADER_BUFFER_SEGMENT,0, TC_LB_SIZE);
+ result = ReadWriteSectors (true, TC_BOOT_LOADER_BUFFER_SEGMENT, 0, drive, sector + writeOffset, 8, true);
+ }
+ }
if (result != BiosResultSuccess)
+ {
+ sector += writeOffset;
+ PrintDiskError (result, true, drive, &sector);
break;
+ }
++sector;
++dataUnitNo;
diff --git a/src/Build/CMakeLists.txt b/src/Build/CMakeLists.txt
new file mode 100644
index 0000000..3d11c82
--- /dev/null
+++ b/src/Build/CMakeLists.txt
@@ -0,0 +1,330 @@
+# - Minimum CMake version
+cmake_minimum_required(VERSION 2.8.0)
+
+# - Obligatory parameters
+# -DVERACRYPT_BUILD_DIR : folder that contains 'usr' folder
+# -DNOGUI : TRUE if building 'Console' version, 'FALSE' if building 'GUI' version
+if ( NOT DEFINED VERACRYPT_BUILD_DIR )
+ MESSAGE(FATAL_ERROR "VERACRYPT_BUILD_DIR variable MUST BE set to the path of the folder which contains 'usr' folder")
+elseif ( NOT DEFINED NOGUI )
+ MESSAGE(FATAL_ERROR "NOGUI variable MUST BE set to TRUE if building 'Console' version, 'FALSE' otherwise")
+endif()
+
+# - Set version of the package
+set( FULL_VERSION "1.24-Update6" )
+set( VERSION "1.24.15" )
+set( RELEASE "1" )
+
+# - Set PROJECT_NAME and CONFLICT_PACKAGE values
+if (NOGUI)
+ set( PROJECT_NAME "veracrypt-console" )
+ set( CONFLICT_PACKAGE "veracrypt" )
+else()
+ set( PROJECT_NAME "veracrypt" )
+ set( CONFLICT_PACKAGE "veracrypt-console" )
+endif()
+project(${PROJECT_NAME})
+
+# - Check whether 'Tcdefs.h' and 'License.txt' exist
+if(NOT EXISTS "$ENV{SOURCEPATH}/Common/Tcdefs.h")
+ MESSAGE(FATAL_ERROR "Tcdefs.h does not exist.")
+elseif(NOT EXISTS "$ENV{SOURCEPATH}/License.txt")
+ MESSAGE(FATAL_ERROR "License.txt does not exist.")
+endif()
+
+# - Detect build system bitness
+# The following variable will be set
+# $SUFFIX 32 64
+# $CMAKE_SYSTEM_NAME Windows Linux Darwin
+# N.B :
+# To build for 32-bit under 64-bit, set 'CMAKE_SIZEOF_VOID_P' to '4'
+if( CMAKE_SIZEOF_VOID_P EQUAL 8 )
+
+ # Build System is under 64-bit arch
+ set (SUFFIX "64")
+ MESSAGE(STATUS "Build System = ${CMAKE_SYSTEM_NAME} - Bitness : 64-bit - Compiler : ${CMAKE_CXX_COMPILER_ID}")
+
+elseif( CMAKE_SIZEOF_VOID_P EQUAL 4 )
+
+ # Build System is under 32-bit arch
+ set (SUFFIX "32")
+ MESSAGE(STATUS "Build System = ${CMAKE_SYSTEM_NAME} - Bitness : 32-bit - Compiler : ${CMAKE_CXX_COMPILER_ID}")
+
+else( )
+
+ MESSAGE(FATAL_ERROR "Could not detect system bitness")
+
+endif( )
+
+# - Detect OSX, CentOS, Debian, Ubuntu or openSUSE platform of the build system
+# The following variable(s) will be set
+# $PLATFORM Debian Ubuntu CentOS openSUSE (TODO)
+# $PLATFORM_VERSION
+# 9.x 16.04 7.X 42.3
+# 10.X 18.04 8.X 15.0
+# ... ... ... ...
+# $DISTRO_NAME ${PLATFORM}-${PLATFORM_VERSION}
+if ( UNIX )
+
+ # /etc/debian_version exists for both Debian and Ubuntu
+ if(EXISTS "/etc/debian_version")
+
+ set ( PLATFORM "Debian" )
+
+ # Read lsb-release to get flavour name and flavour release version (only supported one for now is Ubuntu)
+ if(EXISTS "/etc/lsb-release")
+
+ file(READ "/etc/lsb-release" LSB_RELEASE_ID)
+ string(REGEX MATCH "DISTRIB_ID=([a-zA-Z0-9 /\\.]+)" _ ${LSB_RELEASE_ID})
+ set(FULL_FLAVOUR ${CMAKE_MATCH_1})
+
+ if (FULL_FLAVOUR MATCHES "^.*Ubuntu.*$")
+
+ set ( PLATFORM "Ubuntu" )
+
+ file(READ "/etc/lsb-release" UBUNTU_RELEASE)
+ string(REGEX MATCH "DISTRIB_RELEASE=([0-9 /\\.]+)" _ ${UBUNTU_RELEASE})
+ set(PLATFORM_VERSION ${CMAKE_MATCH_1})
+
+ else()
+
+ file(READ "/etc/debian_version" DEBIAN_RELEASE)
+ string(REGEX MATCH "([0-9]+\\.[0-9]+)" _ ${DEBIAN_RELEASE})
+ set(PLATFORM_VERSION ${CMAKE_MATCH_1})
+
+ endif()
+
+ # Get debian release version
+ elseif(EXISTS "/etc/debian_version")
+
+ file(READ "/etc/debian_version" DEBIAN_RELEASE)
+ string(REGEX MATCH "([0-9]+\\.[0-9]+)" _ ${DEBIAN_RELEASE})
+ set(PLATFORM_VERSION ${CMAKE_MATCH_1})
+
+ endif()
+
+ # Get centos release version
+ elseif(EXISTS "/etc/centos-release")
+
+ set ( PLATFORM "CentOS" )
+
+ file(READ "/etc/centos-release" CENTOS_RELEASE)
+ string(REGEX MATCH "release ([0-9 /\\.]+)" _ ${CENTOS_RELEASE})
+ set(PLATFORM_VERSION ${CMAKE_MATCH_1})
+
+ # Only if distribution uses systemd and if all previous files didn't exist
+ # i.e OpenSUSE
+ elseif(EXISTS "/etc/os-release")
+
+ file(READ "/etc/os-release" OS_RELEASE_NAME)
+ string(REGEX MATCH "NAME=\"([a-zA-Z0-9 /\\.]+)\"" _ ${OS_RELEASE_NAME})
+ set(FULL_PLATFORM ${CMAKE_MATCH_1})
+
+ if (FULL_PLATFORM MATCHES "^.*openSUSE.*$")
+ set ( PLATFORM "openSUSE" )
+ elseif ( FULL_PLATFORM MATCHES "^.*Ubuntu.*$")
+ set ( PLATFORM "Ubuntu" )
+ elseif ( FULL_PLATFORM MATCHES "^.*Debian.*$")
+ set ( PLATFORM "Debian" )
+ elseif ( FULL_PLATFORM MATCHES "^.*CentOS.*$" )
+ set ( PLATFORM "CentOS" )
+ endif ( )
+
+ # Get ditribution release version
+ file(READ "/etc/os-release" OS_RELEASE)
+ string(REGEX MATCH "VERSION=\"([a-zA-Z0-9 /\\.]+)\"" _ ${OS_RELEASE})
+ set(PLATFORM_VERSION ${CMAKE_MATCH_1})
+
+ endif()
+
+endif ( )
+string(REGEX REPLACE " $" "" PLATFORM_VERSION "${PLATFORM_VERSION}") # Trim the last trailing whitespace
+set ( DISTRO_NAME ${PLATFORM}-${PLATFORM_VERSION} )
+MESSAGE ( STATUS "Platform = ${PLATFORM}" )
+MESSAGE ( STATUS "Platform Version = ${PLATFORM_VERSION}" )
+MESSAGE ( STATUS "Distribution name = ${DISTRO_NAME}" )
+
+# - Detect the architecture under OSX, Debian, CentOS and OpenSUSE platforms
+# The following variable will be set
+# $ARCHITECTURE
+if ( PLATFORM STREQUAL "Debian" OR PLATFORM STREQUAL "Ubuntu" )
+
+ # There is no such thing as i686 architecture on debian, i386 is to be used instead
+ # dpkg --print-architecture
+ find_program(DPKG_CMD dpkg)
+ if(NOT DPKG_CMD)
+ # Cannot find dpkg in path
+ # Try best guess following SUFFIX value calculated from CMAKE_SIZEOF_VOID_P
+ if (SUFFIX STREQUAL "32")
+ SET(ARCHITECTURE i386)
+ elseif (SUFFIX STREQUAL "64")
+ SET(ARCHITECTURE amd64)
+ endif()
+ else( )
+ execute_process(COMMAND dpkg --print-architecture OUTPUT_VARIABLE ARCHITECTURE OUTPUT_STRIP_TRAILING_WHITESPACE)
+ endif( )
+
+elseif ( ( PLATFORM STREQUAL "CentOS" ) OR ( PLATFORM STREQUAL "openSUSE" ) )
+
+ execute_process(COMMAND arch OUTPUT_VARIABLE ARCHITECTURE OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+else ()
+
+ MESSAGE(FATAL_ERROR "Unrecognized / unsupported distribution")
+
+endif ( )
+MESSAGE ( STATUS "Architecture = ${ARCHITECTURE}" )
+
+# - Create installation folder directory at install time
+# This won't lead to the files being actually installed (in CMAKE_INSTALL_PREFIX)
+# unless "cmake --build . --target install" is executed, which is not the case here.
+#
+# Doing things like the following
+# - install(DIRECTORY ${VERACRYPT_BUILD_DIR}/usr DESTINATION /)
+# - install(DIRECTORY ${VERACRYPT_BUILD_DIR}/usr/bin DESTINATION /usr)
+# lead to conflicts despite the usage of CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION
+# because install() forces CpackRPM to create the DESTINATION folders.
+#
+# We fix this by installing ALL directories inside '/usr' in '.', and setting
+# CPACK_PACKAGING_INSTALL_PREFIX to '/usr'.
+# This way, during the packaging, 'bin' and 'share' folders will be installed
+# inside '${CPACK_PACKAGE_DIRECTORY}/_CPack_Packages/<system_name>/DEB,RPM/${CPACK_PACKAGE_NAME}/${CPACK_PACKAGING_INSTALL_PREFIX}'.
+#
+# Also, we use USE_SOURCE_PERMISSIONS to save the permissions
+install(DIRECTORY ${VERACRYPT_BUILD_DIR}/usr/bin
+ DESTINATION .
+ USE_SOURCE_PERMISSIONS)
+install(DIRECTORY ${VERACRYPT_BUILD_DIR}/usr/share
+ DESTINATION .
+ USE_SOURCE_PERMISSIONS)
+set(CPACK_PACKAGING_INSTALL_PREFIX "/usr")
+
+# For packaging
+# CPack will first install into ${CPACK_PACKAGE_DIRECTORY}/_CPack_Packages/<system_name>/DEB,RPM/${CPACK_PACKAGE_NAME}/${CPACK_PACKAGING_INSTALL_PREFIX}
+# See https://gitlab.kitware.com/cmake/community/wikis/doc/cpack/PackageGenerators
+# See https://cmake.org/cmake/help/latest/cpack_gen/deb.html
+# See https://cmake.org/cmake/help/latest/cpack_gen/rpm.html
+#
+
+# Installation scripts should be provided in this order
+# PREINST;POSTINST;PRERM;POSTRM
+
+file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/Packaging) # creates the Packaging directory under build directory when CMake generates the build system
+
+set( VENDOR "IDRIX" )
+set( LICENSE "VeraCrypt License" )
+set( CONTACT "VeraCrypt Team <veracrypt@idrix.fr>" )
+set( CPACK_PACKAGE_DESCRIPTION_SUMMARY "Disk encryption with strong security based on TrueCrypt." )
+set( CPACK_PACKAGE_DESCRIPTION "This package contains binaries for VeraCrypt, a disk encryption with strong security based on TrueCrypt." )
+set( CPACK_PACKAGE_NAME ${PROJECT_NAME} )
+set( CPACK_PACKAGE_VERSION ${VERSION} )
+set( CPACK_PACKAGE_RELEASE ${RELEASE} )
+set( CPACK_PACKAGE_VENDOR ${VENDOR} )
+set( CPACK_PACKAGE_LICENSE ${LICENSE} )
+set( CPACK_RESOURCE_FILE_LICENSE "$ENV{SOURCEPATH}/License.txt")
+set( CPACK_PACKAGE_CONTACT ${CONTACT} )
+set( CPACK_PACKAGE_FILE_NAME ${CPACK_PACKAGE_NAME}-${FULL_VERSION}-${DISTRO_NAME}-${ARCHITECTURE} )
+set( CPACK_PACKAGE_CHECKSUM SHA256 )
+set( CPACK_PACKAGE_RELOCATABLE "OFF") # Disable package relocation (especially for rpm)
+set( CPACK_PACKAGE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/Packaging )
+
+if ( ( PLATFORM STREQUAL "Debian" ) OR ( PLATFORM STREQUAL "Ubuntu" ) )
+
+ # Debian control script(s)
+ file( MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/Packaging/debian-control)
+ configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/Packaging/debian-control/prerm ${CMAKE_CURRENT_BINARY_DIR}/Packaging/debian-control/prerm)
+ set( DEBIAN_PRERM ${CMAKE_CURRENT_BINARY_DIR}/Packaging/debian-control/prerm)
+
+ set( CPACK_GENERATOR "DEB" ) # mandatory
+ set( CPACK_DEBIAN_PACKAGE_NAME ${CPACK_PACKAGE_NAME} ) # mandatory
+ set( CPACK_DEBIAN_FILE_NAME ${CPACK_PACKAGE_FILE_NAME}.deb ) # mandatory
+ set( CPACK_DEBIAN_PACKAGE_VERSION ${CPACK_PACKAGE_VERSION} ) # mandatory
+ set( CPACK_DEBIAN_PACKAGE_RELEASE ${CPACK_PACKAGE_RELEASE} )
+ set( CPACK_DEBIAN_PACKAGE_ARCHITECTURE ${ARCHITECTURE} ) # mandatory
+
+ if (NOGUI)
+ # Link against statically built wxWidgets so that we don't depend on any GTK library
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libfuse2, dmsetup, sudo" )
+ else ()
+ # Link against gtk3 version of wxWidgets if >= Debian 10 or >= Ubuntu 18.04
+ # Otherwise, link against gtk2 version of wxWidgets
+ if ( ( ( PLATFORM STREQUAL "Debian" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "10" ) )
+ OR ( ( PLATFORM STREQUAL "Ubuntu" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "18.04" ) ) )
+
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-gtk3-0v5, libfuse2, dmsetup, sudo" )
+
+ else ()
+ # Link against statically built wxWidgets on Ubuntu 14.04 and older, and Debian 8 and older
+ if ( ( ( PLATFORM STREQUAL "Debian" ) AND ( PLATFORM_VERSION VERSION_LESS_EQUAL "8" ) )
+ OR ( ( PLATFORM STREQUAL "Ubuntu" ) AND ( PLATFORM_VERSION VERSION_LESS_EQUAL "14.04" ) ) )
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libgtk2.0-0, libfuse2, dmsetup, sudo" )
+ else ()
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-0v5, libfuse2, dmsetup, sudo" )
+ endif ()
+
+ endif()
+ endif()
+
+ set( CPACK_DEBIAN_PACKAGE_MAINTAINER ${CONTACT} ) # mandatory
+ set( CPACK_DEBIAN_PACKAGE_DESCRIPTION ${CPACK_PACKAGE_DESCRIPTION_SUMMARY} ) # mandatory
+ set( CPACK_DEBIAN_ARCHIVE_TYPE "gnutar") # mandatory
+ set( CPACK_DEBIAN_COMPRESSION_TYPE "gzip") # mandatory
+ set( CPACK_DEBIAN_PACKAGE_PRIORITY "optional" ) # mandatory
+ set( CPACK_DEBIAN_PACKAGE_SECTION "libs" ) # recommended, Section relative to Debian sections (https://www.debian.org/doc/debian-policy/ch-archive.html#s-subsections)
+ set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA ${DEBIAN_PREINST};${DEBIAN_POSTINST};${DEBIAN_PRERM};${DEBIAN_POSTRM})
+ set(CPACK_DEBIAN_PACKAGE_CONFLICTS "${CONFLICT_PACKAGE}")
+
+elseif ( ( PLATFORM STREQUAL "CentOS" ) OR ( PLATFORM STREQUAL "openSUSE" ) )
+
+ # RPM control script(s)
+ file( MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/Packaging/rpm-control)
+ configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/Packaging/rpm-control/prerm.sh ${CMAKE_CURRENT_BINARY_DIR}/Packaging/rpm-control/prerm.sh)
+ set( RPM_PRERM ${CMAKE_CURRENT_BINARY_DIR}/Packaging/rpm-control/prerm.sh)
+
+ set( CPACK_GENERATOR "RPM" ) # mandatory
+ set( CPACK_RPM_PACKAGE_SUMMARY ${CPACK_PACKAGE_SUMMARY} ) # mandatory
+ set( CPACK_RPM_PACKAGE_DESCRIPTION ${CPACK_PACKAGE_DESCRIPTION} ) # mandatory
+ set( CPACK_RPM_PACKAGE_NAME ${CPACK_PACKAGE_NAME} ) # mandatory
+ set( CPACK_RPM_FILE_NAME ${CPACK_PACKAGE_FILE_NAME}.rpm ) # mandatory
+ set( CPACK_RPM_PACKAGE_VERSION ${CPACK_PACKAGE_VERSION} ) # mandatory
+ set( CPACK_RPM_PACKAGE_ARCHITECTURE ${ARCHITECTURE} ) # mandatory
+ set( CPACK_RPM_PACKAGE_RELEASE ${CPACK_PACKAGE_RELEASE} ) # mandatory
+ set( CPACK_RPM_PACKAGE_LICENSE ${CPACK_PACKAGE_LICENSE} ) # mandatory
+ set( CPACK_RPM_PACKAGE_GROUP "Applications/System" ) # mandatory, https://fedoraproject.org/wiki/RPMGroups
+ set( CPACK_RPM_PACKAGE_VENDOR ${CPACK_PACKAGE_VENDOR} ) # mandatory
+ set( CPACK_RPM_PACKAGE_AUTOREQ "no" ) # disable automatic shared libraries dependency detection (most of the time buggy)
+
+ if (NOGUI)
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, sudo" )
+ else ()
+ if ( PLATFORM STREQUAL "CentOS" )
+
+ if ( DEFINED WITHGTK3 AND WITHGTK3 )
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk3, sudo" )
+ else ()
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk2, sudo" )
+ endif()
+
+ elseif ( PLATFORM STREQUAL "openSUSE" )
+
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk2, sudo" )
+ endif()
+ endif()
+
+ set( CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${RPM_PRERM}) # optional
+
+ # Prevents CPack from generating file conflicts
+ # This is to avoid having %dir of these directories in the .spec file
+ set( CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr" )
+ list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr/bin" )
+ list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr/share" )
+ list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr/share/applications" )
+ list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr/share/doc" )
+ list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr/share/pixmaps" )
+
+ set( CPACK_RPM_PACKAGE_RELOCATABLE "OFF" )
+ set( CPACK_RPM_PACKAGE_CONFLICTS "${CONFLICT_PACKAGE}")
+
+endif()
+
+include(CPack)
diff --git a/src/Build/Include/Makefile.inc b/src/Build/Include/Makefile.inc
index b39021d..ba166b6 100644
--- a/src/Build/Include/Makefile.inc
+++ b/src/Build/Include/Makefile.inc
@@ -14,12 +14,16 @@ $(NAME): $(NAME).a
clean:
@echo Cleaning $(NAME)
- rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJS:.o=.d) *.gch
+ rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) *.gch
%.o: %.c
@echo Compiling $(<F)
$(CC) $(CFLAGS) -c $< -o $@
+%.o0: %.c
+ @echo Compiling $(<F)
+ $(CC) $(CFLAGS) -O0 -c $< -o $@
+
%.o: %.cpp
@echo Compiling $(<F)
$(CXX) $(CXXFLAGS) -c $< -o $@
@@ -64,10 +68,10 @@ TR_SED_BIN := tr '\n' ' ' | tr -s ' ' ',' | sed -e 's/^,//g' -e 's/,$$/n/' | tr
# Dependencies
--include $(OBJS:.o=.d) $(OBJSEX:.oo=.d)
+-include $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d)
-$(NAME).a: $(OBJS) $(OBJSEX)
+$(NAME).a: $(OBJS) $(OBJSEX) $(OBJSNOOPT)
@echo Updating library $@
- $(AR) $(AFLAGS) -rcu $@ $(OBJS) $(OBJSEX)
+ $(AR) $(AFLAGS) -rcu $@ $(OBJS) $(OBJSEX) $(OBJSNOOPT)
$(RANLIB) $@
diff --git a/src/Build/Packaging/debian-control/prerm b/src/Build/Packaging/debian-control/prerm
new file mode 100644
index 0000000..d2e3894
--- /dev/null
+++ b/src/Build/Packaging/debian-control/prerm
@@ -0,0 +1,9 @@
+#!/bin/sh
+V="$(mount | grep veracrypt_aux_mnt)"
+if [ ! -z "$V" ]
+then
+ echo "Error: All VeraCrypt volumes must be dismounted first." >&2
+ exit 1
+else
+ exit 0
+fi \ No newline at end of file
diff --git a/src/Build/Packaging/rpm-control/prerm.sh b/src/Build/Packaging/rpm-control/prerm.sh
new file mode 100644
index 0000000..d2e3894
--- /dev/null
+++ b/src/Build/Packaging/rpm-control/prerm.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+V="$(mount | grep veracrypt_aux_mnt)"
+if [ ! -z "$V" ]
+then
+ echo "Error: All VeraCrypt volumes must be dismounted first." >&2
+ exit 1
+else
+ exit 0
+fi \ No newline at end of file
diff --git a/src/Build/Resources/MacOSX/Info.plist.legacy.xml b/src/Build/Resources/MacOSX/Info.plist.legacy.xml
new file mode 100644
index 0000000..1977516
--- /dev/null
+++ b/src/Build/Resources/MacOSX/Info.plist.legacy.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+
+ <key>CFBundleIdentifier</key>
+ <string>org.idrix.VeraCrypt</string>
+
+ <key>UTExportedTypeDeclarations</key>
+ <array>
+ <dict>
+ <key>UTTypeIdentifier</key>
+ <string>org.idrix.veracrypt.hc</string>
+
+ <key>UTTypeDescription</key>
+ <string>VeraCrypt Container File</string>
+
+ <key>UTTypeConformsTo</key>
+ <array>
+ <string>public.data</string>
+ </array>
+
+ <key>UTTypeTagSpecification</key>
+ <dict>
+ <key>public.filename-extension</key>
+ <array>
+ <string>hc</string>
+ <string>tc</string>
+ </array>
+
+ <key>public.mime-type</key>
+ <string>application/veracrypt</string>
+ </dict>
+ </dict>
+ </array>
+
+ <key>CFBundleDocumentTypes</key>
+ <array>
+ <dict>
+ <key>CFBundleTypeIconFile</key>
+ <string>VeraCrypt_Volume.icns</string>
+ <key>CFBundleTypeName</key>
+ <string>VeraCrypt Container File</string>
+ <key>CFBundleTypeRole</key>
+ <string>Viewer</string>
+ <key>LSHandlerRank</key>
+ <string>Owner</string>
+ <key>LSItemContentTypes</key>
+ <array>
+ <!-- my app supports files with my custom extension (see UTExportedTypeDeclarations) -->
+ <string>org.idrix.veracrypt.hc</string>
+ </array>
+ </dict>
+ </array>
+
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+
+ <key>CFBundleExecutable</key>
+ <string>VeraCrypt</string>
+
+ <key>CFBundleIconFile</key>
+ <string>VeraCrypt.icns</string>
+
+ <key>CFBundleName</key>
+ <string>VeraCrypt</string>
+
+ <key>CFBundlePackageType</key>
+ <string>APPL</string>
+
+ <key>CFBundleSignature</key>
+ <string>TRUE</string>
+
+ <key>CFBundleVersion</key>
+ <string>1.24.15</string>
+
+ <key>CFBundleShortVersionString</key>
+ <string>_VERSION_</string>
+
+ <key>CFBundleLongVersionString</key>
+ <string>VeraCrypt _VERSION_</string>
+
+ <key>LSArchitecturePriority</key>
+ <array>
+ <string>x86_64</string>
+ <string>i386</string>
+ </array>
+
+ <key>LSMinimumSystemVersion</key>
+ <string>10.7.0</string>
+
+ <key>LSRequiresCarbon</key>
+ <false/>
+
+ <key>CSResourcesFileMapped</key>
+ <true/>
+
+ <key>NSHighResolutionCapable</key>
+ <true/>
+
+ <key>NSPrincipalClass</key>
+ <string>NSApplication</string>
+</dict>
+</plist>
diff --git a/src/Build/Resources/MacOSX/Info.plist.xml b/src/Build/Resources/MacOSX/Info.plist.xml
index b5b5a85..b03d916 100644
--- a/src/Build/Resources/MacOSX/Info.plist.xml
+++ b/src/Build/Resources/MacOSX/Info.plist.xml
@@ -74,7 +74,7 @@
<string>TRUE</string>
<key>CFBundleVersion</key>
- <string>1.24.5</string>
+ <string>1.24.15</string>
<key>CFBundleShortVersionString</key>
<string>_VERSION_</string>
@@ -82,14 +82,8 @@
<key>CFBundleLongVersionString</key>
<string>VeraCrypt _VERSION_</string>
- <key>LSArchitecturePriority</key>
- <array>
- <string>x86_64</string>
- <string>i386</string>
- </array>
-
<key>LSMinimumSystemVersion</key>
- <string>10.7.0</string>
+ <string>10.9.0</string>
<key>LSRequiresCarbon</key>
<false/>
diff --git a/src/Build/build_cmake_deb.sh b/src/Build/build_cmake_deb.sh
new file mode 100755
index 0000000..a9fdc3b
--- /dev/null
+++ b/src/Build/build_cmake_deb.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+# Errors should cause script to exit
+set -e
+
+# Absolute path to this script
+export SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in
+export SCRIPTPATH=$(dirname "$SCRIPT")
+# Source directory which contains the Makefile
+export SOURCEPATH=$(readlink -f "$SCRIPTPATH/..")
+# Directory where the VeraCrypt has been checked out
+export PARENTDIR=$(readlink -f "$SCRIPTPATH/../../..")
+
+# The sources of wxWidgets 3.0.4 must be extracted to the parent directory
+export WX_ROOT=$PARENTDIR/wxWidgets-3.0.4
+echo "Using wxWidgets sources in $WX_ROOT"
+
+cd $SOURCEPATH
+
+if [ "$#" = "1" ] && [ "$1" = "WXSTATIC" ]
+then
+echo "Building GUI version of VeraCrypt for DEB using wxWidgets static libraries"
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildGUI
+
+# To build wxWidgets without GUI
+make WXSTATIC=1 wxbuild || exit 1
+make WXSTATIC=1 clean || exit 1
+make WXSTATIC=1 || exit 1
+make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+else
+
+echo "Building GUI version of VeraCrypt for DEB using system wxWidgets"
+make clean || exit 1
+make || exit 1
+make install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+fi
+
+echo "Building console version of VeraCrypt for DEB using wxWidgets static libraries"
+
+# This is to avoid " Error: Unable to initialize GTK+, is DISPLAY set properly?"
+# when building over SSH without X11 Forwarding
+# export DISPLAY=:0.0
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildConsole
+
+# To build wxWidgets without GUI
+make WXSTATIC=1 NOGUI=1 wxbuild || exit 1
+make WXSTATIC=1 NOGUI=1 clean || exit 1
+make WXSTATIC=1 NOGUI=1 || exit 1
+make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+echo "Creating VeraCrypt DEB packages"
+
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack DEB
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack DEB
+
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/GUI
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/Console
+
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DNOGUI=FALSE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/GUI/CPackConfig.cmake || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DNOGUI=TRUE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/Console/CPackConfig.cmake || exit 1
diff --git a/src/Build/build_cmake_opensuse.sh b/src/Build/build_cmake_opensuse.sh
new file mode 100644
index 0000000..e7898f0
--- /dev/null
+++ b/src/Build/build_cmake_opensuse.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+
+# Errors should cause script to exit
+set -e
+
+# Absolute path to this script
+export SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in
+export SCRIPTPATH=$(dirname "$SCRIPT")
+# Source directory which contains the Makefile
+export SOURCEPATH=$(readlink -f "$SCRIPTPATH/..")
+# Directory where the VeraCrypt has been checked out
+export PARENTDIR=$(readlink -f "$SCRIPTPATH/../../..")
+
+# The sources of wxWidgets 3.0.4 must be extracted to the parent directory
+export WX_ROOT=$PARENTDIR/wxWidgets-3.0.4
+echo "Using wxWidgets sources in $WX_ROOT"
+
+cd $SOURCEPATH
+
+echo "Building GUI version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildGui
+
+# To build wxWidgets using GTK-2
+make WXSTATIC=1 wxbuild || exit 1
+ln -s $WX_BUILD_DIR/lib $WX_BUILD_DIR/lib64
+make WXSTATIC=1 clean || exit 1
+make WXSTATIC=1 || exit 1
+make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 clean || exit 1
+# make WXSTATIC=1 || exit 1
+# make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+echo "Building console version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This is to avoid " Error: Unable to initialize GTK+, is DISPLAY set properly?"
+# when building over SSH without X11 Forwarding
+# export DISPLAY=:0.0
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildConsole
+
+# To build wxWidgets using GTK-2
+make WXSTATIC=1 NOGUI=1 wxbuild || exit 1
+ln -s $WX_BUILD_DIR/lib $WX_BUILD_DIR/lib64
+make WXSTATIC=1 NOGUI=1 clean || exit 1
+make WXSTATIC=1 NOGUI=1 || exit 1
+make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 NOGUI=1 clean || exit 1
+# make WXSTATIC=1 NOGUI=1 || exit 1
+# make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+echo "Creating VeraCrypt RPM packages "
+
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/GUI
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/Console
+
+# wxWidgets was built using GTK-2
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DWITHGTK3=FALSE -DNOGUI=FALSE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/GUI/CPackConfig.cmake || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DWITHGTK3=FALSE -DNOGUI=TRUE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/Console/CPackConfig.cmake|| exit 1
diff --git a/src/Build/build_cmake_rpm_gtk2.sh b/src/Build/build_cmake_rpm_gtk2.sh
new file mode 100644
index 0000000..38c66a9
--- /dev/null
+++ b/src/Build/build_cmake_rpm_gtk2.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+# Errors should cause script to exit
+set -e
+
+# Absolute path to this script
+export SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in
+export SCRIPTPATH=$(dirname "$SCRIPT")
+# Source directory which contains the Makefile
+export SOURCEPATH=$(readlink -f "$SCRIPTPATH/..")
+# Directory where the VeraCrypt has been checked out
+export PARENTDIR=$(readlink -f "$SCRIPTPATH/../../..")
+
+# The sources of wxWidgets 3.0.4 must be extracted to the parent directory
+export WX_ROOT=$PARENTDIR/wxWidgets-3.0.4
+echo "Using wxWidgets sources in $WX_ROOT"
+
+cd $SOURCEPATH
+
+echo "Building GUI version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildGui
+
+# To build wxWidgets using GTK-2
+make WXSTATIC=1 wxbuild || exit 1
+make WXSTATIC=1 clean || exit 1
+make WXSTATIC=1 || exit 1
+make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 clean || exit 1
+# make WXSTATIC=1 || exit 1
+# make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+echo "Building console version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This is to avoid " Error: Unable to initialize GTK+, is DISPLAY set properly?"
+# when building over SSH without X11 Forwarding
+# export DISPLAY=:0.0
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildConsole
+
+# To build wxWidgets using GTK-2
+make WXSTATIC=1 NOGUI=1 wxbuild || exit 1
+make WXSTATIC=1 NOGUI=1 clean || exit 1
+make WXSTATIC=1 NOGUI=1 || exit 1
+make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 NOGUI=1 clean || exit 1
+# make WXSTATIC=1 NOGUI=1 || exit 1
+# make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+echo "Creating VeraCrypt RPM packages "
+
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/GUI
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/Console
+
+# wxWidgets was built using GTK-2
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DWITHGTK3=FALSE -DNOGUI=FALSE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/GUI/CPackConfig.cmake || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DWITHGTK3=FALSE -DNOGUI=TRUE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/Console/CPackConfig.cmake || exit 1
diff --git a/src/Build/build_cmake_rpm_gtk3.sh b/src/Build/build_cmake_rpm_gtk3.sh
new file mode 100644
index 0000000..97091ce
--- /dev/null
+++ b/src/Build/build_cmake_rpm_gtk3.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+# Errors should cause script to exit
+set -e
+
+# Absolute path to this script
+export SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in
+export SCRIPTPATH=$(dirname "$SCRIPT")
+# Source directory which contains the Makefile
+export SOURCEPATH=$(readlink -f "$SCRIPTPATH/..")
+# Directory where the VeraCrypt has been checked out
+export PARENTDIR=$(readlink -f "$SCRIPTPATH/../../..")
+
+# The sources of wxWidgets 3.0.4 must be extracted to the parent directory
+export WX_ROOT=$PARENTDIR/wxWidgets-3.0.4
+echo "Using wxWidgets sources in $WX_ROOT"
+
+cd $SOURCEPATH
+
+echo "Building GUI version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildGui
+
+# To build wxWidgets using GTK-3
+make WXSTATIC=1 WITHGTK3=1 wxbuild || exit 1
+make WXSTATIC=1 clean || exit 1
+make WXSTATIC=1 || exit 1
+make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 clean || exit 1
+# make WXSTATIC=1 || exit 1
+# make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+echo "Building console version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This is to avoid " Error: Unable to initialize GTK+, is DISPLAY set properly?"
+# when building over SSH without X11 Forwarding
+# export DISPLAY=:0.0
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildConsole
+
+# To build wxWidgets using GTK-3
+make WXSTATIC=1 WITHGTK3=1 NOGUI=1 wxbuild || exit 1
+make WXSTATIC=1 NOGUI=1 clean || exit 1
+make WXSTATIC=1 NOGUI=1 || exit 1
+make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 NOGUI=1 clean || exit 1
+# make WXSTATIC=1 NOGUI=1 || exit 1
+# make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+echo "Creating VeraCrypt RPM packages "
+
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/GUI
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/Console
+
+# wxWidgets was built using GTK-3
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DWITHGTK3=TRUE -DNOGUI=FALSE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/GUI/CPackConfig.cmake || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DWITHGTK3=TRUE -DNOGUI=TRUE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/Console/CPackConfig.cmake|| exit 1
diff --git a/src/Build/build_veracrypt_macosx.sh b/src/Build/build_veracrypt_macosx.sh
index 233afb2..6b3707e 100755
--- a/src/Build/build_veracrypt_macosx.sh
+++ b/src/Build/build_veracrypt_macosx.sh
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2017 IDRIX
+# Copyright (c) 2013-2019 IDRIX
# Governed by the Apache License 2.0 the full text of which is contained
# in the file License.txt included in VeraCrypt binary and source
# code distribution packages.
@@ -12,22 +12,22 @@ SOURCEPATH=$(cd "$(dirname "$SCRIPTPATH/../.")"; pwd)
# directory where the VeraCrypt project has been checked out
PARENTDIR=$(cd "$(dirname "$SCRIPTPATH/../../../.")"; pwd)
-# the sources of wxWidgets 3.0.3 must be extracted to the parent directory
-export WX_ROOT=$PARENTDIR/wxWidgets-3.0.4
+# the sources of wxWidgets 3.1.2 must be extracted to the parent directory (for night mode)
+export WX_ROOT=$PARENTDIR/wxWidgets-3.1.2
echo "Using wxWidgets sources in $WX_ROOT"
# this will be the temporary wxWidgets directory
-export WX_BUILD_DIR=$PARENTDIR/wxBuild
-
-# define the SDK version to use. We use 10.7 by default
-export VC_OSX_TARGET=10.7
-echo "Using MacOSX SDK $VC_OSX_TARGET"
+export WX_BUILD_DIR=$PARENTDIR/wxBuild-3.1.2
+# define the SDK version to use and OSX minimum target. We target 10.9 by default
+export VC_OSX_TARGET=10.9
+export VC_OSX_SDK=10.14
+echo "Using MacOSX SDK $VC_OSX_SDK with target set to $VC_OSX_TARGET"
cd $SOURCEPATH
echo "Building VeraCrypt"
-make WXSTATIC=1 wxbuild && make WXSTATIC=1 clean && make WXSTATIC=1 && make WXSTATIC=1 package
+make WXSTATIC=FULL wxbuild && make WXSTATIC=FULL clean && make WXSTATIC=FULL && make WXSTATIC=FULL package
# Uncomment below and comment line above to reuse existing wxWidgets build
-# make WXSTATIC=1 clean && make WXSTATIC=1 && make WXSTATIC=1 package \ No newline at end of file
+# make WXSTATIC=FULL clean && make WXSTATIC=FULL && make WXSTATIC=FULL package \ No newline at end of file
diff --git a/src/Build/build_veracrypt_macosx_legacy.sh b/src/Build/build_veracrypt_macosx_legacy.sh
new file mode 100755
index 0000000..70226f2
--- /dev/null
+++ b/src/Build/build_veracrypt_macosx_legacy.sh
@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2013-2017 IDRIX
+# Governed by the Apache License 2.0 the full text of which is contained
+# in the file License.txt included in VeraCrypt binary and source
+# code distribution packages.
+#
+
+# Absolute path this script is in
+SCRIPTPATH=$(cd "$(dirname "$0")"; pwd)
+# source directory which contains the Makefile
+SOURCEPATH=$(cd "$(dirname "$SCRIPTPATH/../.")"; pwd)
+# directory where the VeraCrypt project has been checked out
+PARENTDIR=$(cd "$(dirname "$SCRIPTPATH/../../../.")"; pwd)
+
+# the sources of wxWidgets 3.1.2 must be extracted to the parent directory
+export WX_ROOT=$PARENTDIR/wxWidgets-3.1.2
+echo "Using wxWidgets sources in $WX_ROOT"
+# this will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuild
+
+# define the SDK version to use. We use 10.7 by default
+export VC_OSX_TARGET=10.7
+export VC_OSX_SDK=10.9
+echo "Using MacOSX SDK $VC_OSX_TARGET"
+
+
+cd $SOURCEPATH
+
+echo "Building VeraCrypt"
+make WXSTATIC=FULL wxbuild && make WXSTATIC=FULL clean && make WXSTATIC=FULL && make WXSTATIC=FULL package
+
+# Uncomment below and comment line above to reuse existing wxWidgets build
+# make WXSTATIC=FULL clean && make WXSTATIC=FULL && make WXSTATIC=FULL package
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 4061bde..e956695 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -275,6 +275,27 @@ bool ZipAdd (zip_t *z, const char* name, const unsigned char* pbData, DWORD cbDa
return true;
}
+static BOOL IsWindowsMBR (const byte *buffer, size_t bufferSize)
+{
+ BOOL bRet = FALSE;
+ byte g_pbMsSignature[4] = {0x33, 0xc0, 0x8e, 0xd0};
+ const char* g_szStr1 = "Invalid partition table";
+ const char* g_szStr2 = "Error loading operating system";
+ const char* g_szStr3 = "Missing operating system";
+
+ if ((0 == memcmp (buffer, g_pbMsSignature, 4)) &&
+ (BufferContainsString (buffer, bufferSize, g_szStr1)
+ || BufferContainsString (buffer, bufferSize, g_szStr2)
+ || BufferContainsString (buffer, bufferSize, g_szStr3)
+ )
+ )
+ {
+ bRet = TRUE;
+ }
+
+ return bRet;
+}
+
namespace VeraCrypt
{
#if !defined (SETUP)
@@ -1030,7 +1051,7 @@ namespace VeraCrypt
static EfiBoot EfiBootInst;
- BootEncryption::BootEncryption (HWND parent, bool postOOBE)
+ BootEncryption::BootEncryption (HWND parent, bool postOOBE, bool setBootEntry, bool forceFirstBootEntry, bool setBootNext)
: DriveConfigValid (false),
ParentWindow (parent),
RealSystemDriveSizeValid (false),
@@ -1041,7 +1062,10 @@ namespace VeraCrypt
SelectedEncryptionAlgorithmId (0),
SelectedPrfAlgorithmId (0),
VolumeHeaderValid (false),
- PostOOBEMode (postOOBE)
+ PostOOBEMode (postOOBE),
+ SetBootNext (setBootNext),
+ SetBootEntry (setBootEntry),
+ ForceFirstBootEntry (forceFirstBootEntry)
{
HiddenOSCandidatePartition.IsGPT = FALSE;
HiddenOSCandidatePartition.Number = (size_t) -1;
@@ -2364,6 +2388,35 @@ namespace VeraCrypt
WriteConfigInteger (configFile, configContent, "AuthorizeRetry", authorizeRetry);
WriteConfigInteger (configFile, configContent, "DcsBmlLockFlags", bmlLockFlags);
WriteConfigInteger (configFile, configContent, "DcsBmlDriver", bmlDriverEnabled);
+
+ string fieldValue;
+ if (IsPostExecFileField(actionSuccessValue, fieldValue) && (0 == _stricmp(fieldValue.c_str(), "\\EFI\\Microsoft\\Boot\\bootmgfw.efi")))
+ {
+ // fix wrong configuration file since bootmgfw.efi is now a copy of VeraCrypt and if we don't fix the DcsProp
+ // file, veraCrypt bootloader will call itself
+ // We first check if bootmgfw.efi is original Microsoft one. If yes, we don't do anything, otherwise we set the field to bootmgfw_ms.vc
+ unsigned __int64 loaderSize = 0;
+ bool bModifiedMsBoot = true;
+ EfiBootInst.GetFileSize(L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", loaderSize);
+
+ if (loaderSize > 32768)
+ {
+ std::vector<byte> bootLoaderBuf ((size_t) loaderSize);
+
+ EfiBootInst.ReadFile(L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", &bootLoaderBuf[0], (DWORD) loaderSize);
+
+ // look for bootmgfw.efi identifiant string
+ const char* g_szMsBootString = "bootmgfw.pdb";
+ if (BufferHasPattern (bootLoaderBuf.data (), (size_t) loaderSize, g_szMsBootString, strlen (g_szMsBootString)))
+ {
+ bModifiedMsBoot = false;
+ }
+ }
+
+ if (bModifiedMsBoot)
+ actionSuccessValue = "postexec file(EFI\\Microsoft\\Boot\\bootmgfw_ms.vc)";
+ }
+
WriteConfigString (configFile, configContent, "ActionSuccess", actionSuccessValue.c_str());
// Write unmodified values
@@ -2396,12 +2449,62 @@ namespace VeraCrypt
return bRet;
}
+ BOOL EfiBootConf::IsPostExecFileField (const string& fieldValue, string& filePath)
+ {
+ BOOL bRet = FALSE;
+ filePath = "";
+
+ if (!fieldValue.empty() && strlen (fieldValue.c_str()))
+ {
+ string copieValue = fieldValue;
+ std::transform(copieValue.begin(), copieValue.end(), copieValue.begin(), ::tolower);
+
+ if (strstr (copieValue.c_str(), "postexec") && strstr (copieValue.c_str(), "file("))
+ {
+ char c;
+ const char* ptr = strstr (copieValue.c_str(), "file(");
+
+ filePath = "\\";
+ ptr += 5;
+ while ((c = *ptr))
+ {
+ if (c == ')')
+ break;
+ if (c == '/')
+ c = '\\';
+ filePath += c;
+ ptr++;
+ }
+
+ if (c == ')')
+ bRet = TRUE;
+ else
+ filePath = "";
+ }
+ }
+
+ return bRet;
+ }
+
+ BOOL EfiBootConf::IsPostExecFileField (const string& fieldValue, wstring& filePath)
+ {
+ string aPath;
+ BOOL bRet = IsPostExecFileField (fieldValue, aPath);
+ if (bRet)
+ filePath = wstring(aPath.begin(), aPath.end());
+ else
+ filePath = L"";
+
+ return bRet;
+ }
+
static const wchar_t* EfiVarGuid = L"{8BE4DF61-93CA-11D2-AA0D-00E098032B8C}";
void
- GetVolumeESP(wstring& path)
+ GetVolumeESP(wstring& path, wstring& bootVolumePath)
{
static wstring g_EspPath;
+ static wstring g_BootVolumePath;
static bool g_EspPathInitialized = false;
if (!g_EspPathInitialized)
@@ -2422,17 +2525,29 @@ namespace VeraCrypt
res = NtQuerySystemInformationPtr((SYSTEM_INFORMATION_CLASS)SYSPARTITIONINFORMATION, tempBuf, sizeof(tempBuf), &len);
if (res != S_OK)
{
+ /* try to convert the returned NTSTATUS to a WIN32 system error using RtlNtStatusToDosError */
+ RtlNtStatusToDosErrorFn RtlNtStatusToDosErrorPtr = (RtlNtStatusToDosErrorFn) GetProcAddress (GetModuleHandle (L"ntdll.dll"), "RtlNtStatusToDosError");
+ if (RtlNtStatusToDosErrorPtr)
+ {
+ ULONG win32err = RtlNtStatusToDosErrorPtr (res);
+ if (win32err != ERROR_MR_MID_NOT_FOUND)
+ res = (NTSTATUS) win32err;
+ }
+
SetLastError (res);
throw SystemException (SRC_POS);
}
PUNICODE_STRING pStr = (PUNICODE_STRING) tempBuf;
+
+ g_BootVolumePath = pStr->Buffer;
g_EspPath = L"\\\\?";
g_EspPath += &pStr->Buffer[7];
g_EspPathInitialized = true;
}
path = g_EspPath;
+ bootVolumePath = g_BootVolumePath;
}
std::string ReadESPFile (LPCWSTR szFilePath, bool bSkipUTF8BOM)
@@ -2442,9 +2557,9 @@ namespace VeraCrypt
ByteArray fileContent;
DWORD dwSize = 0, dwOffset = 0;
- std::wstring pathESP;
+ std::wstring pathESP, bootVolumePath;
- GetVolumeESP(pathESP);
+ GetVolumeESP(pathESP, bootVolumePath);
if (szFilePath[0] != L'\\')
pathESP += L"\\";
File f(pathESP + szFilePath, true);
@@ -2473,7 +2588,7 @@ namespace VeraCrypt
ByteArray fileContent;
DWORD dwSize = dwDataLen, dwOffset = 0;
- std::wstring pathESP;
+ std::wstring pathESP, bootVolumePath;
if (bAddUTF8BOM)
{
@@ -2481,7 +2596,7 @@ namespace VeraCrypt
dwOffset = 3;
}
- GetVolumeESP(pathESP);
+ GetVolumeESP(pathESP, bootVolumePath);
if (szFilePath[0] != L'\\')
pathESP += L"\\";
@@ -2500,42 +2615,13 @@ namespace VeraCrypt
ZeroMemory (&sdn, sizeof (sdn));
ZeroMemory (&partInfo, sizeof (partInfo));
m_bMounted = false;
- bBootVolumePathSelected = false;
+ bDeviceInfoValid = false;
}
- void EfiBoot::SelectBootVolumeESP() {
- NTSTATUS res;
- ULONG len;
- memset(tempBuf, 0, sizeof(tempBuf));
-
- // Load NtQuerySystemInformation function point
- if (!NtQuerySystemInformationPtr)
- {
- NtQuerySystemInformationPtr = (NtQuerySystemInformationFn) GetProcAddress (GetModuleHandle (L"ntdll.dll"), "NtQuerySystemInformation");
- if (!NtQuerySystemInformationPtr)
- throw SystemException (SRC_POS);
- }
-
- res = NtQuerySystemInformationPtr((SYSTEM_INFORMATION_CLASS)SYSPARTITIONINFORMATION, tempBuf, sizeof(tempBuf), &len);
- if (res != S_OK)
- {
- SetLastError (res);
- throw SystemException (SRC_POS);
- }
-
- PUNICODE_STRING pStr = (PUNICODE_STRING) tempBuf;
- BootVolumePath = pStr->Buffer;
-
- EfiBootPartPath = L"\\\\?";
- EfiBootPartPath += &pStr->Buffer[7];
-
- bBootVolumePathSelected = true;
- }
+ void EfiBoot::PrepareBootPartition(bool bDisableException) {
+
+ GetVolumeESP (EfiBootPartPath, BootVolumePath);
- void EfiBoot::PrepareBootPartition() {
- if (!bBootVolumePathSelected) {
- SelectBootVolumeESP();
- }
std::wstring devicePath = L"\\\\?\\GLOBALROOT";
devicePath += BootVolumePath;
Device dev(devicePath.c_str(), TRUE);
@@ -2546,18 +2632,22 @@ namespace VeraCrypt
}
catch (...)
{
- throw;
+ if (!bDisableException)
+ throw;
}
- bool bSuccess = dev.IoCtl(IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, &sdn, sizeof(sdn))
- && dev.IoCtl(IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &partInfo, sizeof(partInfo));
- DWORD dwLastError = GetLastError ();
- dev.Close();
- if (!bSuccess)
+ if (dev.IsOpened())
{
- SetLastError (dwLastError);
- throw SystemException(SRC_POS);
- }
+ bDeviceInfoValid = dev.IoCtl(IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, &sdn, sizeof(sdn))
+ && dev.IoCtl(IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &partInfo, sizeof(partInfo));
+ DWORD dwLastError = GetLastError ();
+ dev.Close();
+ if (!bDeviceInfoValid && !bDisableException)
+ {
+ SetLastError (dwLastError);
+ throw SystemException(SRC_POS);
+ }
+ }
}
bool EfiBoot::IsEfiBoot() {
@@ -2615,98 +2705,107 @@ namespace VeraCrypt
}
}
- void EfiBoot::SetStartExec(wstring description, wstring execPath, uint16 statrtOrderNum , wchar_t* type, uint32 attr) {
+ void EfiBoot::SetStartExec(wstring description, wstring execPath, bool setBootEntry, bool forceFirstBootEntry, bool setBootNext, uint16 statrtOrderNum , wchar_t* type, uint32 attr) {
SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE);
// Check EFI
if (!IsEfiBoot()) {
throw ErrorException(L"can not detect EFI environment", SRC_POS);
}
- uint32 varSize = 56;
- varSize += ((uint32) description.length()) * 2 + 2;
- varSize += ((uint32) execPath.length()) * 2 + 2;
- byte *startVar = new byte[varSize];
- byte *pVar = startVar;
-
- // Attributes (1b Active, 1000b - Hidden)
- *(uint32 *)pVar = attr;
- pVar += sizeof(uint32);
-
- // Size Of device path + file path
- *(uint16 *)pVar = (uint16)(50 + execPath.length() * 2 + 2);
- pVar += sizeof(uint16);
-
- // description
- for (uint32 i = 0; i < description.length(); i++) {
- *(uint16 *)pVar = description[i];
+ if (bDeviceInfoValid)
+ {
+ uint32 varSize = 56;
+ varSize += ((uint32) description.length()) * 2 + 2;
+ varSize += ((uint32) execPath.length()) * 2 + 2;
+ byte *startVar = new byte[varSize];
+ byte *pVar = startVar;
+
+ // Attributes (1b Active, 1000b - Hidden)
+ *(uint32 *)pVar = attr;
+ pVar += sizeof(uint32);
+
+ // Size Of device path + file path
+ *(uint16 *)pVar = (uint16)(50 + execPath.length() * 2 + 2);
+ pVar += sizeof(uint16);
+
+ // description
+ for (uint32 i = 0; i < description.length(); i++) {
+ *(uint16 *)pVar = description[i];
+ pVar += sizeof(uint16);
+ }
+ *(uint16 *)pVar = 0;
pVar += sizeof(uint16);
- }
- *(uint16 *)pVar = 0;
- pVar += sizeof(uint16);
- /* EFI_DEVICE_PATH_PROTOCOL (HARDDRIVE_DEVICE_PATH \ FILE_PATH \ END) */
+ /* EFI_DEVICE_PATH_PROTOCOL (HARDDRIVE_DEVICE_PATH \ FILE_PATH \ END) */
- // Type
- *(byte *)pVar = 0x04;
- pVar += sizeof(byte);
+ // Type
+ *(byte *)pVar = 0x04;
+ pVar += sizeof(byte);
- // SubType
- *(byte *)pVar = 0x01;
- pVar += sizeof(byte);
+ // SubType
+ *(byte *)pVar = 0x01;
+ pVar += sizeof(byte);
- // HDD dev path length
- *(uint16 *)pVar = 0x2A; // 42
- pVar += sizeof(uint16);
+ // HDD dev path length
+ *(uint16 *)pVar = 0x2A; // 42
+ pVar += sizeof(uint16);
- // PartitionNumber
- *(uint32 *)pVar = (uint32)partInfo.PartitionNumber;
- pVar += sizeof(uint32);
+ // PartitionNumber
+ *(uint32 *)pVar = (uint32)partInfo.PartitionNumber;
+ pVar += sizeof(uint32);
- // PartitionStart
- *(uint64 *)pVar = partInfo.StartingOffset.QuadPart >> 9;
- pVar += sizeof(uint64);
+ // PartitionStart
+ *(uint64 *)pVar = partInfo.StartingOffset.QuadPart >> 9;
+ pVar += sizeof(uint64);
- // PartitiontSize
- *(uint64 *)pVar = partInfo.PartitionLength.QuadPart >> 9;
- pVar += sizeof(uint64);
+ // PartitiontSize
+ *(uint64 *)pVar = partInfo.PartitionLength.QuadPart >> 9;
+ pVar += sizeof(uint64);
- // GptGuid
- memcpy(pVar, &partInfo.Gpt.PartitionId, 16);
- pVar += 16;
+ // GptGuid
+ memcpy(pVar, &partInfo.Gpt.PartitionId, 16);
+ pVar += 16;
- // MbrType
- *(byte *)pVar = 0x02;
- pVar += sizeof(byte);
+ // MbrType
+ *(byte *)pVar = 0x02;
+ pVar += sizeof(byte);
- // SigType
- *(byte *)pVar = 0x02;
- pVar += sizeof(byte);
+ // SigType
+ *(byte *)pVar = 0x02;
+ pVar += sizeof(byte);
- // Type and sub type 04 04 (file path)
- *(uint16 *)pVar = 0x0404;
- pVar += sizeof(uint16);
+ // Type and sub type 04 04 (file path)
+ *(uint16 *)pVar = 0x0404;
+ pVar += sizeof(uint16);
- // SizeOfFilePath ((CHAR16)FullPath.length + sizeof(EndOfrecord marker) )
- *(uint16 *)pVar = (uint16)(execPath.length() * 2 + 2 + sizeof(uint32));
- pVar += sizeof(uint16);
+ // SizeOfFilePath ((CHAR16)FullPath.length + sizeof(EndOfrecord marker) )
+ *(uint16 *)pVar = (uint16)(execPath.length() * 2 + 2 + sizeof(uint32));
+ pVar += sizeof(uint16);
- // FilePath
- for (uint32 i = 0; i < execPath.length(); i++) {
- *(uint16 *)pVar = execPath[i];
+ // FilePath
+ for (uint32 i = 0; i < execPath.length(); i++) {
+ *(uint16 *)pVar = execPath[i];
+ pVar += sizeof(uint16);
+ }
+ *(uint16 *)pVar = 0;
pVar += sizeof(uint16);
- }
- *(uint16 *)pVar = 0;
- pVar += sizeof(uint16);
- // EndOfrecord
- *(uint32 *)pVar = 0x04ff7f;
- pVar += sizeof(uint32);
+ // EndOfrecord
+ *(uint32 *)pVar = 0x04ff7f;
+ pVar += sizeof(uint32);
- // Set variable
- wchar_t varName[256];
- StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum);
- SetFirmwareEnvironmentVariable(varName, EfiVarGuid, startVar, varSize);
- delete [] startVar;
+ // Set variable
+ wchar_t varName[256];
+ StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum);
+
+ // only set value if it doesn't already exist
+ byte* existingVar = new byte[varSize];
+ DWORD existingVarLen = GetFirmwareEnvironmentVariableW (varName, EfiVarGuid, existingVar, varSize);
+ if ((existingVarLen != varSize) || (0 != memcmp (existingVar, startVar, varSize)))
+ SetFirmwareEnvironmentVariable(varName, EfiVarGuid, startVar, varSize);
+ delete [] startVar;
+ delete [] existingVar;
+ }
// Update order
wstring order = L"Order";
@@ -2723,42 +2822,183 @@ namespace VeraCrypt
}
}
- // Create new entry if absent
- if (startOrderNumPos == UINT_MAX) {
- for (uint32 i = startOrderLen / 2; i > 0; --i) {
- startOrder[i] = startOrder[i - 1];
+ if (setBootEntry)
+ {
+ // check if first entry in BootOrder is Windows one
+ bool bFirstEntryIsWindows = false;
+ if (startOrderNumPos != 0)
+ {
+ wchar_t varName[256];
+ StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, startOrder[0]);
+
+ byte* existingVar = new byte[512];
+ DWORD existingVarLen = GetFirmwareEnvironmentVariableW (varName, EfiVarGuid, existingVar, 512);
+ if (existingVarLen > 0)
+ {
+ if (BufferContainsWideString (existingVar, existingVarLen, L"EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+ bFirstEntryIsWindows = true;
+ }
+
+ delete [] existingVar;
}
- startOrder[0] = statrtOrderNum;
- startOrderLen += 2;
- startOrderUpdate = true;
- } else if (startOrderNumPos > 0) {
- for (uint32 i = startOrderNumPos; i > 0; --i) {
- startOrder[i] = startOrder[i - 1];
+
+
+ // Create new entry if absent
+ if (startOrderNumPos == UINT_MAX) {
+ if (bDeviceInfoValid)
+ {
+ if (forceFirstBootEntry && bFirstEntryIsWindows)
+ {
+ for (uint32 i = startOrderLen / 2; i > 0; --i) {
+ startOrder[i] = startOrder[i - 1];
+ }
+ startOrder[0] = statrtOrderNum;
+ }
+ else
+ {
+ startOrder[startOrderLen/2] = statrtOrderNum;
+ }
+ startOrderLen += 2;
+ startOrderUpdate = true;
+ }
+ } else if ((startOrderNumPos > 0) && forceFirstBootEntry && bFirstEntryIsWindows) {
+ for (uint32 i = startOrderNumPos; i > 0; --i) {
+ startOrder[i] = startOrder[i - 1];
+ }
+ startOrder[0] = statrtOrderNum;
+ startOrderUpdate = true;
+ }
+
+ if (startOrderUpdate) {
+ SetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, startOrder, startOrderLen);
}
- startOrder[0] = statrtOrderNum;
- startOrderUpdate = true;
}
- if (startOrderUpdate) {
- SetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, startOrder, startOrderLen);
+ if (setBootNext)
+ {
+ // set BootNext value
+ wstring next = L"Next";
+ next.insert(0, type == NULL ? L"Boot" : type);
+
+ SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, &statrtOrderNum, 2);
+
+ }
+ }
+
+ bool EfiBoot::CompareFiles (const wchar_t* fileName1, const wchar_t* fileName2)
+ {
+ bool bRet = false;
+ File f1 (fileName1, true);
+ File f2 (fileName2, true);
+
+ if (f1.IsOpened() && f2.IsOpened())
+ {
+ try
+ {
+ DWORD size1, size2;
+ f1.GetFileSize (size1);
+ f2.GetFileSize (size2);
+
+ if (size1 == size2)
+ {
+ // same size, so now we compare content
+ std::vector<byte> file1Buf (8096);
+ std::vector<byte> file2Buf (8096);
+ DWORD remainingBytes = size1, dataToRead;
+
+ while (remainingBytes)
+ {
+ dataToRead = VC_MIN (remainingBytes, (DWORD) file1Buf.size());
+ DWORD f1Bytes = f1.Read (file1Buf.data(), dataToRead);
+ DWORD f2Bytes = f2.Read (file2Buf.data(), dataToRead);
+
+ if ((f1Bytes != f2Bytes) || memcmp (file1Buf.data(), file2Buf.data(), (size_t) f1Bytes))
+ {
+ break;
+ }
+ else
+ {
+ remainingBytes -= f1Bytes;
+ }
+ }
+
+ if (0 == remainingBytes)
+ {
+ // content is the same
+ bRet = true;
+ }
+ }
+ }
+ catch (...) {}
}
- // set BootNext value
- wstring next = L"Next";
- next.insert(0, type == NULL ? L"Boot" : type);
+ f1.Close();
+ f2.Close();
+
+ return bRet;
+ }
+
+ bool EfiBoot::CompareFileData (const wchar_t* fileName, const byte* data, DWORD size)
+ {
+ bool bRet = false;
+
+ File f(fileName, true);
+ if (f.IsOpened ())
+ {
+ try
+ {
+ // check if the file has the same content
+ // if yes, don't perform any write operation to avoid changing its timestamp
+ DWORD existingSize = 0;
- SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, &statrtOrderNum, 2);
+ f.GetFileSize(existingSize);
+
+ if (existingSize == size)
+ {
+ std::vector<byte> fileBuf (8096);
+ DWORD remainingBytes = size, dataOffset = 0, dataToRead;
+
+ while (remainingBytes)
+ {
+ dataToRead = VC_MIN (remainingBytes, (DWORD) fileBuf.size());
+ dataToRead = f.Read (fileBuf.data(), dataToRead);
+ if (memcmp (data + dataOffset, fileBuf.data(), (size_t) dataToRead))
+ {
+ break;
+ }
+ else
+ {
+ dataOffset += dataToRead;
+ remainingBytes -= dataToRead;
+ }
+ }
+
+ if (0 == remainingBytes)
+ {
+ // content is the same
+ bRet = true;
+ }
+ }
+ }
+ catch (...){}
+ }
+
+ f.Close();
+
+ return bRet;
}
void EfiBoot::SaveFile(const wchar_t* name, byte* data, DWORD size) {
wstring path = EfiBootPartPath;
path += name;
- File f(path, false, true);
- f.Write(data, size);
- f.Close();
-
+ if (!CompareFileData (path.c_str(), data, size))
+ {
+ File f(path, false, true);
+ f.Write(data, size);
+ f.Close();
+ }
}
bool EfiBoot::FileExists(const wchar_t* name) {
@@ -2797,7 +3037,10 @@ namespace VeraCrypt
}
else
targetPath = targetName;
- throw_sys_if (!::CopyFileW (path.c_str(), targetPath.c_str(), FALSE));
+
+ // if both files are the same, we don't perform copy operation
+ if (!CompareFiles (path.c_str(), targetPath.c_str()))
+ throw_sys_if (!::CopyFileW (path.c_str(), targetPath.c_str(), FALSE));
}
BOOL EfiBoot::RenameFile(const wchar_t* name, const wchar_t* nameNew, BOOL bForce) {
@@ -2805,7 +3048,16 @@ namespace VeraCrypt
path += name;
wstring pathNew = EfiBootPartPath;
pathNew += nameNew;
- return MoveFileExW(path.c_str(), pathNew.c_str(), bForce? MOVEFILE_REPLACE_EXISTING : 0);
+
+ BOOL bRet;
+ if (CompareFiles (path.c_str(), pathNew.c_str()))
+ {
+ // files identical. Delete source file only
+ bRet = DeleteFile (path.c_str());
+ }
+ else
+ bRet = MoveFileExW(path.c_str(), pathNew.c_str(), bForce? MOVEFILE_REPLACE_EXISTING : 0);
+ return bRet;
}
BOOL EfiBoot::DelFile(const wchar_t* name) {
@@ -2955,20 +3207,69 @@ namespace VeraCrypt
if (bForInstall)
{
+ /* Before updating files, we check first if they already have the expected content. If yes, then we don't perform
+ * any write operation to avoid modifying file timestamps Unnecessarily.
+ */
+ bool bSkipWrite = false;
+ wchar_t wszBuffer [2 * TC_MAX_PATH] = {0};
wstring szPathParam = L"\"";
szPathParam += szInstallPath;
szPathParam += L"\"";
- WritePrivateProfileStringW (L"SetupConfig", L"ReflectDrivers", szPathParam.c_str(), szSetupconfigLocation);
+ if ( (0 < GetPrivateProfileStringW (L"SetupConfig", L"ReflectDrivers", L"", wszBuffer, ARRAYSIZE (wszBuffer), szSetupconfigLocation))
+ && (_wcsicmp (wszBuffer, szInstallPath) == 0)
+ )
+ {
+ bSkipWrite = true;
+ }
+
+ if (!bSkipWrite)
+ WritePrivateProfileStringW (L"SetupConfig", L"ReflectDrivers", szPathParam.c_str(), szSetupconfigLocation);
+
+ bSkipWrite = false;
szPathParam = GetProgramConfigPath (L"SetupComplete.cmd");
- FILE* scriptFile = _wfopen (szPathParam.c_str(), L"w");
+
+ wstring wszExpectedValue = L"\"";
+ wszExpectedValue += szInstallPath;
+ wszExpectedValue += L"\\VeraCrypt.exe\" /PostOOBE";
+
+ FILE* scriptFile = _wfopen (szPathParam.c_str(), L"r");
if (scriptFile)
{
- fwprintf (scriptFile, L"\"%s\\VeraCrypt.exe\" /PostOOBE\n", szInstallPath);
+ long fileSize = _filelength (_fileno (scriptFile));
+ if (fileSize < (2 * TC_MAX_PATH))
+ {
+ fgetws (wszBuffer, ARRAYSIZE (wszBuffer), scriptFile);
+
+ if (wszBuffer[wcslen (wszBuffer) - 1] == L'\n')
+ wszBuffer[wcslen (wszBuffer) - 1] = 0;
+
+ bSkipWrite = (0 == _wcsicmp (wszBuffer, wszExpectedValue.c_str()));
+ }
fclose (scriptFile);
+ }
- WritePrivateProfileStringW (L"SetupConfig", L"PostOOBE", szPathParam.c_str(), szSetupconfigLocation);
+ if (!bSkipWrite)
+ {
+ scriptFile = _wfopen (szPathParam.c_str(), L"w");
+ if (scriptFile)
+ {
+ fwprintf (scriptFile, L"%s\n", wszExpectedValue.c_str());
+ fclose (scriptFile);
+ }
}
+
+ bSkipWrite = false;
+
+ if ( (0 < GetPrivateProfileStringW (L"SetupConfig", L"PostOOBE", L"", wszBuffer, ARRAYSIZE (wszBuffer), szSetupconfigLocation))
+ && (_wcsicmp (wszBuffer, szPathParam.c_str()) == 0)
+ )
+ {
+ bSkipWrite = true;
+ }
+
+ if (!bSkipWrite)
+ WritePrivateProfileStringW (L"SetupConfig", L"PostOOBE", szPathParam.c_str(), szSetupconfigLocation);
}
else
{
@@ -3063,7 +3364,7 @@ namespace VeraCrypt
if (!DcsInfoImg)
throw ErrorException(L"Out of resource DcsInfo", SRC_POS);
- EfiBootInst.PrepareBootPartition();
+ EfiBootInst.PrepareBootPartition(PostOOBEMode);
try
{
@@ -3076,8 +3377,15 @@ namespace VeraCrypt
if (preserveUserConfig)
{
- bool bModifiedMsBoot = true;
- EfiBootInst.GetFileSize(L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", loaderSize);
+ bool bModifiedMsBoot = true, bMissingMsBoot = false;;
+ if (EfiBootInst.FileExists (L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+ EfiBootInst.GetFileSize(L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", loaderSize);
+ else
+ bMissingMsBoot = true;
+
+ // restore boot menu entry in case of PostOOBE
+ if (PostOOBEMode)
+ EfiBootInst.SetStartExec(L"VeraCrypt BootLoader (DcsBoot)", L"\\EFI\\VeraCrypt\\DcsBoot.efi", SetBootEntry, ForceFirstBootEntry, SetBootNext);
if (EfiBootInst.FileExists (L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc"))
{
@@ -3120,37 +3428,40 @@ namespace VeraCrypt
EfiBootConf conf;
if (EfiBootInst.ReadConfig (L"\\EFI\\VeraCrypt\\DcsProp", conf) && strlen (conf.actionSuccessValue.c_str()))
{
- string actionValue = conf.actionSuccessValue;
- std::transform(actionValue.begin(), actionValue.end(), actionValue.begin(), ::tolower);
-
- if (strstr (actionValue.c_str(), "postexec") && strstr (actionValue.c_str(), "file("))
+ wstring loaderPath;
+ if (EfiBootConf::IsPostExecFileField (conf.actionSuccessValue, loaderPath))
{
- char c;
- const char* ptr = strstr (actionValue.c_str(), "file(");
- ptr += 5;
- wstring loaderPath = L"\\";
- while ((c = *ptr))
+ // check that it is not bootmgfw.efi
+ if ( (0 != _wcsicmp (loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+ && (EfiBootInst.FileExists (loaderPath.c_str()))
+ )
{
- if (c == ')' || c == ' ')
- break;
- loaderPath += (wchar_t) c;
- ptr++;
+ // look for bootmgfw.efi identifiant string
+ EfiBootInst.GetFileSize(loaderPath.c_str(), loaderSize);
+ std::vector<byte> bootLoaderBuf ((size_t) loaderSize);
+
+ EfiBootInst.ReadFile(loaderPath.c_str(), &bootLoaderBuf[0], (DWORD) loaderSize);
+
+ // look for bootmgfw.efi identifiant string
+ if (BufferHasPattern (bootLoaderBuf.data (), (size_t) loaderSize, g_szMsBootString, strlen (g_szMsBootString)))
+ {
+ bFound = true;
+ EfiBootInst.RenameFile(loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", TRUE);
+ }
}
- bFound = true;
- EfiBootInst.RenameFile(loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", TRUE);
}
}
- if (!bFound)
+ if (!bFound && !PostOOBEMode)
throw ErrorException ("WINDOWS_EFI_BOOT_LOADER_MISSING", SRC_POS);
}
}
- if (PostOOBEMode)
- {
+ if (PostOOBEMode && EfiBootInst.FileExists (L"\\EFI\\VeraCrypt\\DcsBoot.efi"))
+ {
// check if bootmgfw.efi has been set again to Microsoft version
// if yes, replace it with our bootloader after it was copied to bootmgfw_ms.vc
- if (!bModifiedMsBoot)
+ if (!bModifiedMsBoot || bMissingMsBoot)
EfiBootInst.CopyFile (L"\\EFI\\VeraCrypt\\DcsBoot.efi", L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi");
if (EfiBootInst.FileExists (szStdEfiBootloader))
@@ -3244,50 +3555,67 @@ namespace VeraCrypt
}
else
{
- byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0};
- CreateBootLoaderInMemory (bootLoaderBuf, sizeof (bootLoaderBuf), false, hiddenOSCreation);
+ try
+ {
+ byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0};
+ CreateBootLoaderInMemory (bootLoaderBuf, sizeof (bootLoaderBuf), false, hiddenOSCreation);
- // Write MBR
- byte mbr[TC_SECTOR_SIZE_BIOS];
+ // Write MBR
+ byte mbr[TC_SECTOR_SIZE_BIOS];
- device.SeekAt (0);
- device.Read (mbr, sizeof (mbr));
+ device.SeekAt (0);
+ device.Read (mbr, sizeof (mbr));
- if (preserveUserConfig && BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME))
- {
- uint16 version = BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET));
- if (version != 0)
+ if (preserveUserConfig && BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME))
{
- bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET];
- memcpy (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH);
-
- if (bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)
+ uint16 version = BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET));
+ if (version != 0)
{
- if (pim >= 0)
+ bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET];
+ memcpy (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH);
+
+ if (bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)
{
- memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
+ if (pim >= 0)
+ {
+ memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
+ }
+ else
+ memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
}
- else
- memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
}
}
- }
- memcpy (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE);
+ // perform actual write only if content is different and either we are not in PostOOBE mode or the MBR contains VeraCrypt/Windows signature.
+ // this last check is done to avoid interfering with multi-boot configuration where MBR belongs to a boot manager like Grub
+ if (memcmp (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE)
+ && (!PostOOBEMode || BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME) || IsWindowsMBR (mbr, sizeof (mbr))))
+ {
+ memcpy (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE);
- device.SeekAt (0);
- device.Write (mbr, sizeof (mbr));
+ device.SeekAt (0);
+ device.Write (mbr, sizeof (mbr));
- byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS];
- device.SeekAt (0);
- device.Read (mbrVerificationBuf, sizeof (mbr));
+ byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS];
+ device.SeekAt (0);
+ device.Read (mbrVerificationBuf, sizeof (mbr));
- if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0)
- throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS);
+ if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0)
+ throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS);
+ }
- // Write boot loader
- device.SeekAt (TC_SECTOR_SIZE_BIOS);
- device.Write (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, sizeof (bootLoaderBuf) - TC_SECTOR_SIZE_BIOS);
+ if (!PostOOBEMode)
+ {
+ // Write boot loader
+ device.SeekAt (TC_SECTOR_SIZE_BIOS);
+ device.Write (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, sizeof (bootLoaderBuf) - TC_SECTOR_SIZE_BIOS);
+ }
+ }
+ catch (...)
+ {
+ if (!PostOOBEMode)
+ throw;
+ }
}
if (!IsAdmin() && IsUacSupported())
@@ -3441,16 +3769,23 @@ namespace VeraCrypt
if (!DcsInfoImg)
throw ParameterIncorrect (SRC_POS);
- char szTmpPath[MAX_PATH + 1], szTmpFilePath[MAX_PATH + 1];
- if (!GetTempPathA (MAX_PATH, szTmpPath))
+ WCHAR szTmpPath[MAX_PATH + 1], szTmpFilePath[MAX_PATH + 1];
+ if (!GetTempPathW (MAX_PATH, szTmpPath))
throw SystemException (SRC_POS);
- if (!GetTempFileNameA (szTmpPath, "_vrd", 0, szTmpFilePath))
+ if (!GetTempFileNameW (szTmpPath, L"_vrd", 0, szTmpFilePath))
throw SystemException (SRC_POS);
- finally_do_arg (char*, szTmpFilePath, { DeleteFileA (finally_arg);});
+ finally_do_arg (WCHAR*, szTmpFilePath, { DeleteFileW (finally_arg);});
int ierr;
- zip_t* z = zip_open (szTmpFilePath, ZIP_CREATE | ZIP_TRUNCATE | ZIP_CHECKCONS, &ierr);
+
+ // convert szTmpFilePath to UTF-8 since this is what zip_open expected
+ char szUtf8Path[2*MAX_PATH + 1];
+ int utf8Len = WideCharToMultiByte (CP_UTF8, 0, szTmpFilePath, -1, szUtf8Path, sizeof (szUtf8Path), NULL, NULL);
+ if (utf8Len <= 0)
+ throw SystemException (SRC_POS);
+
+ zip_t* z = zip_open (szUtf8Path, ZIP_CREATE | ZIP_TRUNCATE | ZIP_CHECKCONS, &ierr);
if (!z)
throw ParameterIncorrect (SRC_POS);
@@ -3542,7 +3877,7 @@ namespace VeraCrypt
z = NULL;
// read the zip data from the temporary file
- FILE* ftmpFile = fopen (szTmpFilePath, "rb");
+ FILE* ftmpFile = _wfopen (szTmpFilePath, L"rb");
if (!ftmpFile)
throw ParameterIncorrect (SRC_POS);
@@ -4230,24 +4565,27 @@ namespace VeraCrypt
EfiBootConf conf;
if (EfiBootInst.ReadConfig (L"\\EFI\\VeraCrypt\\DcsProp", conf) && strlen (conf.actionSuccessValue.c_str()))
{
- string actionValue = conf.actionSuccessValue;
- std::transform(actionValue.begin(), actionValue.end(), actionValue.begin(), ::tolower);
-
- if (strstr (actionValue.c_str(), "postexec") && strstr (actionValue.c_str(), "file("))
+ wstring loaderPath;
+ if (EfiBootConf::IsPostExecFileField (conf.actionSuccessValue, loaderPath))
{
- char c;
- const char* ptr = strstr (actionValue.c_str(), "file(");
- ptr += 5;
- wstring loaderPath = L"\\";
- while ((c = *ptr))
+ // check that it is not bootmgfw_ms.vc or bootmgfw.efi
+ if ( (0 != _wcsicmp (loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc"))
+ && (0 != _wcsicmp (loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+ )
{
- if (c == ')' || c == ' ')
- break;
- loaderPath += (wchar_t) c;
- ptr++;
- }
+ const char* g_szMsBootString = "bootmgfw.pdb";
+ unsigned __int64 loaderSize = 0;
+ EfiBootInst.GetFileSize(loaderPath.c_str(), loaderSize);
+ std::vector<byte> bootLoaderBuf ((size_t) loaderSize);
- EfiBootInst.RenameFile(loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", TRUE);
+ EfiBootInst.ReadFile(loaderPath.c_str(), &bootLoaderBuf[0], (DWORD) loaderSize);
+
+ // look for bootmgfw.efi identifiant string
+ if (BufferHasPattern (bootLoaderBuf.data (), (size_t) loaderSize, g_szMsBootString, strlen (g_szMsBootString)))
+ {
+ EfiBootInst.RenameFile(loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", TRUE);
+ }
+ }
}
}
}
@@ -4567,6 +4905,16 @@ namespace VeraCrypt
if (registerService)
{
+ // check if service already exists.
+ // If yes then start it immediatly after reinstalling it
+ bool bAlreadyExists = false;
+ SC_HANDLE service = OpenService (scm, TC_SYSTEM_FAVORITES_SERVICE_NAME, GENERIC_READ);
+ if (service)
+ {
+ bAlreadyExists = true;
+ CloseServiceHandle (service);
+ }
+
try
{
RegisterSystemFavoritesService (FALSE, noFileHandling);
@@ -4577,11 +4925,19 @@ namespace VeraCrypt
{
wchar_t appPath[TC_MAX_PATH];
throw_sys_if (!GetModuleFileName (NULL, appPath, ARRAYSIZE (appPath)));
-
+ /* explicitely specify VeraCrypt.exe as the file to copy and don't rely
+ * on the fact we will be always called by VeraCrypt.exe because it's not
+ * always true.
+ */
+ wchar_t* ptr = wcsrchr (appPath, L'\\');
+ if (ptr)
+ ptr[1] = 0;
+ StringCchCatW (appPath, ARRAYSIZE (appPath), _T(TC_APP_NAME) L".exe");
+
throw_sys_if (!CopyFile (appPath, servicePath.c_str(), FALSE));
}
- SC_HANDLE service = CreateService (scm,
+ service = CreateService (scm,
TC_SYSTEM_FAVORITES_SERVICE_NAME,
_T(TC_APP_NAME) L" System Favorites",
SERVICE_ALL_ACCESS,
@@ -4601,6 +4957,10 @@ namespace VeraCrypt
description.lpDescription = L"Mounts VeraCrypt system favorite volumes.";
ChangeServiceConfig2 (service, SERVICE_CONFIG_DESCRIPTION, &description);
+ // start the service immediatly if it already existed before
+ if (bAlreadyExists)
+ StartService (service, 0, NULL);
+
CloseServiceHandle (service);
try
@@ -4642,6 +5002,30 @@ namespace VeraCrypt
}
}
+ bool BootEncryption::IsSystemFavoritesServiceRunning ()
+ {
+ bool bRet = false;
+ SC_HANDLE scm = OpenSCManager (NULL, NULL, SC_MANAGER_CONNECT);
+ if (scm)
+ {
+ SC_HANDLE service = OpenService(scm, TC_SYSTEM_FAVORITES_SERVICE_NAME, GENERIC_READ);
+ if (service)
+ {
+ SERVICE_STATUS status;
+ if (QueryServiceStatus(service, &status))
+ {
+ bRet = (status.dwCurrentState == SERVICE_RUNNING);
+ }
+
+ CloseServiceHandle(service);
+ }
+
+ CloseServiceHandle (scm);
+ }
+
+ return bRet;
+ }
+
void BootEncryption::UpdateSystemFavoritesService ()
{
SC_HANDLE scm = OpenSCManager (NULL, NULL, SC_MANAGER_ALL_ACCESS);
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h
index 0b5fe4f..decacb8 100644
--- a/src/Common/BootEncryption.h
+++ b/src/Common/BootEncryption.h
@@ -29,6 +29,10 @@ typedef NTSTATUS (WINAPI *NtQuerySystemInformationFn)(
PULONG ReturnLength
);
+typedef ULONG (WINAPI *RtlNtStatusToDosErrorFn)(
+ NTSTATUS Status
+);
+
using namespace std;
namespace VeraCrypt
@@ -189,9 +193,11 @@ namespace VeraCrypt
BOOL Load (const wchar_t* fileName);
void Load (char* configContent);
BOOL Save (const wchar_t* fileName, HWND hwnd);
+ static BOOL IsPostExecFileField (const string& szFieldValue, string& filePath);
+ static BOOL IsPostExecFileField (const string& szFieldValue, wstring& filePath);
};
- void GetVolumeESP(wstring& path);
+ void GetVolumeESP(wstring& path, wstring& bootVolumePath);
std::string ReadESPFile (LPCWSTR szFilePath, bool bSkipUTF8BOM);
void WriteESPFile (LPCWSTR szFilePath, LPBYTE pbData, DWORD dwDataLen, bool bAddUTF8BOM);
@@ -199,16 +205,18 @@ namespace VeraCrypt
public:
EfiBoot();
- void PrepareBootPartition();
+ void PrepareBootPartition(bool bDisableException = false);
bool IsEfiBoot();
void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);
- void SetStartExec(wstring description, wstring execPath, uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL, uint32 attr = 1);
+ void SetStartExec(wstring description, wstring execPath, bool setBootEntry = true, bool forceFirstBootEntry = true, bool setBootNext = true, uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL, uint32 attr = 1);
void SaveFile(const wchar_t* name, byte* data, DWORD size);
void GetFileSize(const wchar_t* name, unsigned __int64& size);
void ReadFile(const wchar_t* name, byte* data, DWORD size);
void CopyFile(const wchar_t* name, const wchar_t* targetName);
bool FileExists(const wchar_t* name);
+ static bool CompareFiles (const wchar_t* fileName1, const wchar_t* fileName2);
+ static bool CompareFileData (const wchar_t* fileName, const byte* data, DWORD size);
BOOL RenameFile(const wchar_t* name, const wchar_t* nameNew, BOOL bForce);
BOOL DelFile(const wchar_t* name);
@@ -217,23 +225,22 @@ namespace VeraCrypt
BOOL UpdateConfig (const wchar_t* name, int pim, int hashAlgo, HWND hwndDlg);
BOOL WriteConfig (const wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg);
BOOL DelDir(const wchar_t* name);
- void SelectBootVolumeESP();
- PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;}
+ PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { if (bDeviceInfoValid) return &sdn; else { SetLastError (ERROR_INVALID_DRIVE); throw SystemException(SRC_POS);}}
protected:
bool m_bMounted;
std::wstring EfiBootPartPath;
STORAGE_DEVICE_NUMBER sdn;
PARTITION_INFORMATION_EX partInfo;
+ bool bDeviceInfoValid;
WCHAR tempBuf[1024];
- bool bBootVolumePathSelected;
std::wstring BootVolumePath;
};
class BootEncryption
{
public:
- BootEncryption (HWND parent, bool postOOBE = false);
+ BootEncryption (HWND parent, bool postOOBE = false, bool setBootEntry = true, bool forceFirstBootEntry = true, bool setBootNext = false);
~BootEncryption ();
enum FilterType
@@ -285,6 +292,7 @@ namespace VeraCrypt
void RegisterFilterDriver (bool registerDriver, FilterType filterType);
void RegisterSystemFavoritesService (BOOL registerService);
void RegisterSystemFavoritesService (BOOL registerService, BOOL noFileHandling);
+ bool IsSystemFavoritesServiceRunning ();
void UpdateSystemFavoritesService ();
void RenameDeprecatedSystemLoaderBackup ();
bool RestartComputer (BOOL bShutdown = FALSE);
@@ -344,6 +352,9 @@ namespace VeraCrypt
bool RescueVolumeHeaderValid;
bool VolumeHeaderValid;
bool PostOOBEMode;
+ bool SetBootNext;
+ bool SetBootEntry;
+ bool ForceFirstBootEntry;
};
}
@@ -361,6 +372,9 @@ namespace VeraCrypt
#define VC_SYSTEM_FAVORITES_SERVICE_ARG_SKIP_MOUNT L"/SkipMount"
#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER 0x1
+#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT 0x2
+#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY 0x4
+#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY 0x8
#define VC_WINDOWS_UPGRADE_POSTOOBE_CMDLINE_OPTION L"/PostOOBE"
diff --git a/src/Common/Cmdline.c b/src/Common/Cmdline.c
index d205673..f0dcf7c 100644
--- a/src/Common/Cmdline.c
+++ b/src/Common/Cmdline.c
@@ -70,9 +70,9 @@ BOOL CALLBACK CommandHelpDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
StringCchCatW(tmp, 8192, tmp2);
}
}
-
+#if defined(TCMOUNT) && !defined(VCEXPANDER)
StringCchCatW (tmp, 8192, L"\nExamples:\n\nMount a volume as X:\tveracrypt.exe /q /v volume.hc /l X\nDismount a volume X:\tveracrypt.exe /q /d X");
-
+#endif
SetWindowTextW (GetDlgItem (hwndDlg, IDC_COMMANDHELP_TEXT), tmp);
TCfree(tmp);
diff --git a/src/Common/Common.rc b/src/Common/Common.rc
index 60ea0a5..d55e31b 100644
--- a/src/Common/Common.rc
+++ b/src/Common/Common.rc
@@ -65,39 +65,39 @@ BEGIN
PUSHBUTTON "Cancel",IDCANCEL,248,190,50,14
END
-IDD_MOUNT_OPTIONS DIALOGEX 0, 0, 277, 244
+IDD_MOUNT_OPTIONS DIALOGEX 0, 0, 310, 244
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - Mount Options"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Mount volume as read-&only",IDC_MOUNT_READONLY,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,11,194,10
+ CONTROL "Mount volume as read-&only",IDC_MOUNT_READONLY,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,11,231,10
CONTROL "Mount volume as removable &medium",IDC_MOUNT_REMOVABLE,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,25,195,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,25,231,10
CONTROL "Use backup header embedded in &volume if available",IDC_USE_EMBEDDED_HEADER_BAK,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,39,257,11
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,39,295,11
CONTROL "Mount partition &using system encryption without pre-boot authentication",IDC_MOUNT_SYSENC_PART_WITHOUT_PBA,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,53,259,11
- EDITTEXT IDC_VOLUME_LABEL,112,82,150,14,ES_AUTOHSCROLL
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,53,295,11
+ EDITTEXT IDC_VOLUME_LABEL,134,82,167,14,ES_AUTOHSCROLL
CONTROL "&Protect hidden volume against damage caused by writing to outer volume",IDC_PROTECT_HIDDEN_VOL,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,115,252,10
- EDITTEXT IDC_PASSWORD_PROT_HIDVOL,112,133,151,14,ES_PASSWORD | ES_AUTOHSCROLL
- COMBOBOX IDC_PKCS5_PRF_ID,112,154,91,90,CBS_DROPDOWNLIST | WS_TABSTOP
- EDITTEXT IDC_PIM,112,174,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER | NOT WS_VISIBLE
- CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,179,97,10
- LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,158,177,112,8,NOT WS_VISIBLE
- CONTROL "&Display password",IDC_SHOW_PASSWORD_MO,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,192,90,10
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE_HIDVOL_PROT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,205,90,10
- PUSHBUTTON "&Keyfiles...",IDC_KEYFILES_HIDVOL_PROT,204,201,60,14
- DEFPUSHBUTTON "OK",IDOK,211,7,60,14
- PUSHBUTTON "Cancel",IDCANCEL,211,24,60,14
- LTEXT "What is hidden volume protection?",IDC_LINK_HIDVOL_PROTECTION_INFO,16,220,247,10,SS_NOTIFY
- RTEXT "P&assword to hidden volume:\n(if empty, cache is used)",IDT_HIDDEN_PROT_PASSWD,15,132,91,17,0,WS_EX_RIGHT
- GROUPBOX "Hidden Volume Protection",IDT_HIDDEN_VOL_PROTECTION,6,101,265,136
- RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,15,155,91,17
- RTEXT "Volume PIM:",IDT_PIM,15,177,91,17,NOT WS_VISIBLE
- LTEXT "Volume Label in Windows:",IDT_VOLUME_LABEL,12,85,95,8
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,115,283,10
+ EDITTEXT IDC_PASSWORD_PROT_HIDVOL,134,133,167,14,ES_PASSWORD | ES_AUTOHSCROLL
+ COMBOBOX IDC_PKCS5_PRF_ID,134,154,91,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ EDITTEXT IDC_PIM,134,174,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER | NOT WS_VISIBLE
+ CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,134,179,97,10
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,181,177,121,8,NOT WS_VISIBLE
+ CONTROL "&Display password",IDC_SHOW_PASSWORD_MO,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,134,192,90,10
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE_HIDVOL_PROT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,134,205,90,10
+ PUSHBUTTON "&Keyfiles...",IDC_KEYFILES_HIDVOL_PROT,239,201,60,14
+ DEFPUSHBUTTON "OK",IDOK,246,7,60,14
+ PUSHBUTTON "Cancel",IDCANCEL,246,24,60,14
+ LTEXT "What is hidden volume protection?",IDC_LINK_HIDVOL_PROTECTION_INFO,16,220,279,10,SS_NOTIFY
+ RTEXT "P&assword to hidden volume:\n(if empty, cache is used)",IDT_HIDDEN_PROT_PASSWD,15,132,115,17,0,WS_EX_RIGHT
+ GROUPBOX "Hidden Volume Protection",IDT_HIDDEN_VOL_PROTECTION,6,101,299,136
+ RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,15,155,115,17
+ RTEXT "Volume PIM:",IDT_PIM,15,177,115,17,NOT WS_VISIBLE
+ LTEXT "Volume Label in Windows:",IDT_VOLUME_LABEL,12,85,115,8
CONTROL "Only create virtual device without mounting on selected drive letter",IDC_DISABLE_MOUNT_MANAGER,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,67,231,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,67,297,10
END
IDD_KEYFILES DIALOGEX 0, 0, 363, 251
@@ -375,6 +375,7 @@ BEGIN
IDD_MOUNT_OPTIONS, DIALOG
BEGIN
LEFTMARGIN, 7
+ RIGHTMARGIN, 309
TOPMARGIN, 7
BOTTOMMARGIN, 238
END
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index 501cd16..913495f 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -252,7 +252,7 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
else if (cipher == TWOFISH) {
twofish_encrypt_blocks(ks, data, data, (uint32) blockCount);
}
@@ -369,7 +369,7 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
else if (cipher == TWOFISH) {
twofish_decrypt_blocks(ks, data, data, (uint32) blockCount);
}
@@ -464,7 +464,7 @@ BOOL CipherSupportsIntraDataUnitParallelization (int cipher)
|| (cipher == SERPENT && HasSSE2())
|| (cipher == KUZNYECHIK && HasSSE2())
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
|| (cipher == TWOFISH)
|| (cipher == CAMELLIA)
#endif
@@ -1217,7 +1217,7 @@ BOOL IsHwEncryptionEnabled ()
#endif // !TC_WINDOWS_BOOT
-#ifndef TC_WINDOWS_BOOT
+#if !defined (TC_WINDOWS_BOOT) && !defined (_UEFI)
static BOOL CpuRngDisabled = TRUE;
static BOOL RamEncryptionEnabled = FALSE;
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index 600fee9..a31152f 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -208,10 +208,12 @@ typedef struct
# include "GostCipher.h"
# include "kuznyechik.h"
# include "Camellia.h"
+#if !defined (_UEFI)
# include "chachaRng.h"
# ifdef _WIN64
# include "t1ha.h"
# endif
+#endif
#else
# include "CamelliaSmall.h"
#endif
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 64c1147..3c4928e 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -179,7 +179,7 @@ BOOL bInPlaceEncNonSysPending = FALSE; // TRUE if the non-system in-place encry
BOOL PimEnable = FALSE;
BOOL KeyFilesEnable = FALSE;
KeyFile *FirstKeyFile = NULL;
-KeyFilesDlgParam defaultKeyFilesParam;
+KeyFilesDlgParam defaultKeyFilesParam = {0};
BOOL IgnoreWmDeviceChange = FALSE;
BOOL DeviceChangeBroadcastDisabled = FALSE;
@@ -188,6 +188,10 @@ BOOL MountVolumesAsSystemFavorite = FALSE;
BOOL FavoriteMountOnArrivalInProgress = FALSE;
BOOL MultipleMountOperationInProgress = FALSE;
+volatile BOOL NeedPeriodicDeviceListUpdate = FALSE;
+BOOL DisablePeriodicDeviceListUpdate = FALSE;
+BOOL EnableMemoryProtection = FALSE;
+
BOOL WaitDialogDisplaying = FALSE;
/* Handle to the device driver */
@@ -221,6 +225,9 @@ static std::vector<HostDevice> rawHostDeviceList;
/* Critical section used to ensure that only one thread at a time can create a secure desktop */
CRITICAL_SECTION csSecureDesktop;
+/* Boolean that indicates if our Secure Desktop is active and being used or not */
+BOOL bSecureDesktopOngoing = FALSE;
+
HINSTANCE hInst = NULL;
HCURSOR hCursor = NULL;
@@ -294,6 +301,7 @@ HMODULE hntmartadll = NULL;
HMODULE hwinscarddll = NULL;
HMODULE hmsvcrtdll = NULL;
HMODULE hWinTrustLib = NULL;
+HMODULE hAdvapi32Dll = NULL;
#define FREE_DLL(h) if (h) { FreeLibrary (h); h = NULL;}
@@ -330,6 +338,18 @@ typedef HRESULT (STDAPICALLTYPE *SHStrDupWPtr)(LPCWSTR psz, LPWSTR *ppwsz);
// ChangeWindowMessageFilter
typedef BOOL (WINAPI *ChangeWindowMessageFilterPtr) (UINT, DWORD);
+typedef BOOL (WINAPI *CreateProcessWithTokenWFn)(
+ __in HANDLE hToken,
+ __in DWORD dwLogonFlags,
+ __in_opt LPCWSTR lpApplicationName,
+ __inout_opt LPWSTR lpCommandLine,
+ __in DWORD dwCreationFlags,
+ __in_opt LPVOID lpEnvironment,
+ __in_opt LPCWSTR lpCurrentDirectory,
+ __in LPSTARTUPINFOW lpStartupInfo,
+ __out LPPROCESS_INFORMATION lpProcessInformation
+ );
+
SetDllDirectoryPtr SetDllDirectoryFn = NULL;
SetSearchPathModePtr SetSearchPathModeFn = NULL;
SetDefaultDllDirectoriesPtr SetDefaultDllDirectoriesFn = NULL;
@@ -344,6 +364,7 @@ SetupOpenInfFileWPtr SetupOpenInfFileWFn = NULL;
SHDeleteKeyWPtr SHDeleteKeyWFn = NULL;
SHStrDupWPtr SHStrDupWFn = NULL;
ChangeWindowMessageFilterPtr ChangeWindowMessageFilterFn = NULL;
+CreateProcessWithTokenWFn CreateProcessWithTokenWPtr = NULL;
typedef LONG (WINAPI *WINVERIFYTRUST)(HWND hwnd, GUID *pgActionID, LPVOID pWVTData);
typedef CRYPT_PROVIDER_DATA* (WINAPI *WTHELPERPROVDATAFROMSTATEDATA)(HANDLE hStateData);
@@ -360,12 +381,12 @@ static WTHELPERGETPROVSIGNERFROMCHAIN WTHelperGetProvSignerFromChainFn = NULL;
static WTHELPERGETPROVCERTFROMCHAIN WTHelperGetProvCertFromChainFn = NULL;
static unsigned char gpbSha1CodeSignCertFingerprint[64] = {
- 0xCD, 0xF3, 0x05, 0xAD, 0xAE, 0xD3, 0x91, 0xF2, 0x0D, 0x95, 0x95, 0xAC,
- 0x76, 0x09, 0x35, 0x53, 0x11, 0x00, 0x4D, 0xDD, 0x56, 0x02, 0xBD, 0x09,
- 0x76, 0x57, 0xE1, 0xFA, 0xFA, 0xF4, 0x86, 0x09, 0x28, 0xA4, 0x0D, 0x1C,
- 0x68, 0xE7, 0x68, 0x31, 0xD3, 0xB6, 0x62, 0x9C, 0x75, 0x91, 0xAB, 0xB5,
- 0x6F, 0x1A, 0x75, 0xE7, 0x13, 0x2F, 0xF1, 0xB1, 0x14, 0xBF, 0x5F, 0x00,
- 0x40, 0xCE, 0x17, 0x6C
+ 0x64, 0x4C, 0x59, 0x15, 0xC5, 0xD4, 0x31, 0x2A, 0x73, 0x12, 0xC4, 0xA6,
+ 0xF2, 0x2C, 0xE8, 0x7E, 0xA8, 0x05, 0x53, 0xB5, 0x99, 0x9A, 0xF5, 0xD1,
+ 0xBE, 0x57, 0x56, 0x3D, 0x2F, 0xCA, 0x0B, 0x2F, 0xEF, 0x57, 0xFB, 0xA0,
+ 0x03, 0xEF, 0x66, 0x4D, 0xBF, 0xEE, 0x25, 0xBC, 0x22, 0xDD, 0x5C, 0x15,
+ 0x47, 0xD6, 0x6F, 0x57, 0x94, 0xBB, 0x65, 0xBC, 0x5C, 0xAA, 0xE8, 0x80,
+ 0xFB, 0xD0, 0xEF, 0x00
};
typedef HRESULT (WINAPI *SHGETKNOWNFOLDERPATH) (
@@ -466,6 +487,10 @@ void FinalizeGlobalLocks ()
void cleanup ()
{
burn (&CmdTokenPin, sizeof (CmdTokenPin));
+#ifndef SETUP
+ KeyFileRemoveAll (&FirstKeyFile);
+ KeyFileRemoveAll (&defaultKeyFilesParam.FirstKeyFile);
+#endif
/* Cleanup the GDI fonts */
if (hFixedFont != NULL)
@@ -752,6 +777,7 @@ void AbortProcessDirect (wchar_t *abortMsg)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
exit (1);
}
@@ -802,6 +828,7 @@ void AbortProcessSilent (void)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
// Note that this function also causes localcleanup() to be called (see atexit())
exit (1);
@@ -1460,7 +1487,7 @@ BOOL CALLBACK AboutDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam
L"Based on TrueCrypt 7.1a, freely available at http://www.truecrypt.org/ .\r\n\r\n"
L"Portions of this software:\r\n"
- L"Copyright \xA9 2013-2019 IDRIX. All rights reserved.\r\n"
+ L"Copyright \xA9 2013-2020 IDRIX. All rights reserved.\r\n"
L"Copyright \xA9 2003-2012 TrueCrypt Developers Association. All Rights Reserved.\r\n"
L"Copyright \xA9 1998-2000 Paul Le Roux. All Rights Reserved.\r\n"
L"Copyright \xA9 1998-2008 Brian Gladman. All Rights Reserved.\r\n"
@@ -1469,10 +1496,10 @@ BOOL CALLBACK AboutDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam
L"Copyright \xA9 1999-2017 Dieter Baron and Thomas Klausner.\r\n"
L"Copyright \xA9 2013, Alexey Degtyarev. All rights reserved.\r\n"
L"Copyright \xA9 1999-2016 Jack Lloyd. All rights reserved.\r\n"
- L"Copyright \xA9 2013-2018 Stephan Mueller <smueller@chronox.de>\r\n\r\n"
+ L"Copyright \xA9 2013-2019 Stephan Mueller <smueller@chronox.de>\r\n\r\n"
L"This software as a whole:\r\n"
- L"Copyright \xA9 2013-2019 IDRIX. All rights reserved.\r\n\r\n"
+ L"Copyright \xA9 2013-2020 IDRIX. All rights reserved.\r\n\r\n"
L"An IDRIX Release");
@@ -2897,9 +2924,6 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
char langId[6];
InitCommonControlsPtr InitCommonControlsFn = NULL;
wchar_t modPath[MAX_PATH];
-
- /* Protect this process memory from being accessed by non-admin users */
- EnableProcessProtection ();
GetModuleFileNameW (NULL, modPath, ARRAYSIZE (modPath));
@@ -3008,6 +3032,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
AbortProcess ("INIT_DLL");
LoadSystemDll (L"Riched20.dll", &hRichEditDll, FALSE, SRC_POS);
+ LoadSystemDll (L"Advapi32.dll", &hAdvapi32Dll, FALSE, SRC_POS);
#if !defined(SETUP)
if (!VerifyModuleSignature (modPath))
@@ -3041,6 +3066,9 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
#endif
}
+ // Get CreateProcessWithTokenW function pointer
+ CreateProcessWithTokenWPtr = (CreateProcessWithTokenWFn) GetProcAddress(hAdvapi32Dll, "CreateProcessWithTokenW");
+
/* Save the instance handle for later */
hInst = hInstance;
@@ -3265,6 +3293,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
exit (1);
}
#endif
@@ -3310,6 +3339,7 @@ void FinalizeApp (void)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
}
void InitHelpFileName (void)
@@ -5095,7 +5125,7 @@ void OpenVolumeExplorerWindow (int driveNo)
// Force explorer to discover the drive
SHGetFileInfo (dosName, 0, &fInfo, sizeof (fInfo), 0);
- ShellExecute (NULL, L"open", dosName, NULL, NULL, SW_SHOWNORMAL);
+ SafeOpenURL (dosName);
}
static BOOL explorerCloseSent;
@@ -5503,11 +5533,11 @@ static void DisplayBenchmarkResults (HWND hwndDlg)
SendMessageW (hList, LVM_SETITEMW, 0, (LPARAM)&LvItem);
break;
case BENCHMARK_TYPE_PRF:
- swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d ms", benchmarkTable[i].meanBytesPerSec);
+ swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d ms", (int) benchmarkTable[i].meanBytesPerSec);
LvItem.iSubItem = 1;
LvItem.pszText = item1;
SendMessageW (hList, LVM_SETITEMW, 0, (LPARAM)&LvItem);
- swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d", benchmarkTable[i].decSpeed);
+ swprintf_s (item1, sizeof(item1) / sizeof(item1[0]), L"%d", (int) benchmarkTable[i].decSpeed);
LvItem.iSubItem = 2;
LvItem.pszText = item1;
SendMessageW (hList, LVM_SETITEMW, 0, (LPARAM)&LvItem);
@@ -7364,6 +7394,15 @@ BOOL CheckFileExtension (wchar_t *fileName)
return FALSE;
}
+BOOL IsTrueCryptFileExtension (wchar_t *fileName)
+{
+ wchar_t *ext = wcsrchr (fileName, L'.');
+ if (ext && !_wcsicmp (ext, L".tc"))
+ return TRUE;
+ else
+ return FALSE;
+}
+
void CorrectFileName (wchar_t* fileName)
{
/* replace '/' by '\' */
@@ -7495,7 +7534,10 @@ int GetLastAvailableDrive ()
BOOL IsDriveAvailable (int driveNo)
{
- return (GetUsedLogicalDrives() & (1 << driveNo)) == 0;
+ if (driveNo >= 0 && driveNo < 26)
+ return (GetUsedLogicalDrives() & (1 << driveNo)) == 0;
+ else
+ return FALSE;
}
@@ -10493,25 +10535,37 @@ void ConfigReadCompareString (char *configKey, char *defaultValue, char *str, in
void OpenPageHelp (HWND hwndDlg, int nPage)
{
- int r = (int)ShellExecuteW (NULL, L"open", szHelpFile, NULL, NULL, SW_SHOWNORMAL);
-
- if (r == ERROR_FILE_NOT_FOUND)
+ if (IsAdmin ())
+ {
+ if (FileExists (szHelpFile))
+ SafeOpenURL (szHelpFile);
+ else if (FileExists (szHelpFile2))
+ SafeOpenURL (szHelpFile2);
+ else
+ Applink ("help");
+ }
+ else
{
- // Try the secondary help file
- r = (int)ShellExecuteW (NULL, L"open", szHelpFile2, NULL, NULL, SW_SHOWNORMAL);
+ int r = (int)ShellExecuteW (NULL, L"open", szHelpFile, NULL, NULL, SW_SHOWNORMAL);
if (r == ERROR_FILE_NOT_FOUND)
{
- // Open local HTML help. It will fallback to online help if not found.
- Applink ("help");
- return;
+ // Try the secondary help file
+ r = (int)ShellExecuteW (NULL, L"open", szHelpFile2, NULL, NULL, SW_SHOWNORMAL);
+
+ if (r == ERROR_FILE_NOT_FOUND)
+ {
+ // Open local HTML help. It will fallback to online help if not found.
+ Applink ("help");
+ return;
+ }
}
- }
- if (r == SE_ERR_NOASSOC)
- {
- if (AskYesNo ("HELP_READER_ERROR", MainDlg) == IDYES)
- OpenOnlineHelp ();
+ if (r == SE_ERR_NOASSOC)
+ {
+ if (AskYesNo ("HELP_READER_ERROR", MainDlg) == IDYES)
+ OpenOnlineHelp ();
+ }
}
}
@@ -11015,14 +11069,30 @@ void Applink (const char *dest)
CorrectURL (url);
}
- r = (int) ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
-
- if (((r == ERROR_FILE_NOT_FOUND) || (r == ERROR_PATH_NOT_FOUND)) && buildUrl)
+ if (IsAdmin ())
{
- // fallbacl to online resources
- StringCbPrintfW (url, sizeof (url), L"https://www.veracrypt.fr/en/%s", page);
- ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
- }
+ if (buildUrl && !FileExists (url))
+ {
+ // fallbacl to online resources
+ StringCbPrintfW (url, sizeof (url), L"https://www.veracrypt.fr/en/%s", page);
+ SafeOpenURL (url);
+ }
+ else
+ {
+ SafeOpenURL (url);
+ }
+ }
+ else
+ {
+ r = (int) ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
+
+ if (((r == ERROR_FILE_NOT_FOUND) || (r == ERROR_PATH_NOT_FOUND)) && buildUrl)
+ {
+ // fallbacl to online resources
+ StringCbPrintfW (url, sizeof (url), L"https://www.veracrypt.fr/en/%s", page);
+ ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
+ }
+ }
Sleep (200);
NormalCursor ();
@@ -11136,7 +11206,7 @@ void InconsistencyResolved (char *techInfo)
}
-void ReportUnexpectedState (char *techInfo)
+void ReportUnexpectedState (const char *techInfo)
{
wchar_t finalMsg[8024];
@@ -11182,10 +11252,8 @@ int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password
else
StringCbCopyW (szCFDevice, sizeof(szCFDevice), szDiskFile);
- if (preserveTimestamps)
- write = TRUE;
- context->HostFileHandle = CreateFile (szCFDevice, GENERIC_READ | (write ? GENERIC_WRITE : 0), FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
+ context->HostFileHandle = CreateFile (szCFDevice, GENERIC_READ | (write ? GENERIC_WRITE : (!context->IsDevice && preserveTimestamps? FILE_WRITE_ATTRIBUTES : 0)), FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (context->HostFileHandle == INVALID_HANDLE_VALUE)
{
@@ -11207,6 +11275,13 @@ int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password
// Remember the container modification/creation date and time
if (!context->IsDevice && preserveTimestamps)
{
+ // ensure that Last Access and Last Write timestamps are not modified
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (context->HostFileHandle, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (context->HostFileHandle, &context->CreationTime, &context->LastAccessTime, &context->LastWriteTime) == 0)
context->TimestampsValid = FALSE;
else
@@ -12556,6 +12631,8 @@ wstring FindDeviceByVolumeID (const BYTE volumeID [VOLUME_ID_SIZE], BOOL bFromSe
static std::vector<HostDevice> volumeIdCandidates;
EnterCriticalSection (&csMountableDevices);
+ if (!NeedPeriodicDeviceListUpdate)
+ UpdateMountableHostDeviceList ();
std::vector<HostDevice> newDevices = mountableDevices;
LeaveCriticalSection (&csMountableDevices);
@@ -12677,19 +12754,16 @@ void CheckFilesystem (HWND hwndDlg, int driveNo, BOOL fixErrors)
ShellExecuteW (NULL, (!IsAdmin() && IsUacSupported()) ? L"runas" : L"open", cmdPath, param, NULL, SW_SHOW);
}
-
-BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str)
+BOOL BufferContainsPattern (const byte *buffer, size_t bufferSize, const byte *pattern, size_t patternSize)
{
- size_t strLen = strlen (str);
-
- if (bufferSize < strLen)
+ if (bufferSize < patternSize)
return FALSE;
- bufferSize -= strLen;
+ bufferSize -= patternSize;
for (size_t i = 0; i < bufferSize; ++i)
{
- if (memcmp (buffer + i, str, strLen) == 0)
+ if (memcmp (buffer + i, pattern, patternSize) == 0)
return TRUE;
}
@@ -12697,6 +12771,17 @@ BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *st
}
+BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str)
+{
+ return BufferContainsPattern (buffer, bufferSize, (const byte*) str, strlen (str));
+}
+
+BOOL BufferContainsWideString (const byte *buffer, size_t bufferSize, const wchar_t *str)
+{
+ return BufferContainsPattern (buffer, bufferSize, (const byte*) str, 2 * wcslen (str));
+}
+
+
#ifndef SETUP
int AskNonSysInPlaceEncryptionResume (HWND hwndDlg, BOOL *pbDecrypt)
@@ -12979,7 +13064,7 @@ BOOL IsApplicationInstalled (const wchar_t *appName, BOOL b32bitApp)
}
wchar_t regName[1024];
- DWORD regNameSize = sizeof (regName);
+ DWORD regNameSize = ARRAYSIZE (regName);
DWORD index = 0;
while (RegEnumKeyEx (unistallKey, index++, regName, &regNameSize, NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
{
@@ -13096,7 +13181,7 @@ BOOL GetPassword (HWND hwndDlg, UINT ctrlID, char* passValue, int bufSize, BOOL
{
SetFocus (GetDlgItem(hwndDlg, ctrlID));
if (GetLastError () == ERROR_INSUFFICIENT_BUFFER)
- Error ("PASSWORD_UTF8_TOO_LONG", hwndDlg);
+ Error ((bufSize == (MAX_LEGACY_PASSWORD + 1))? "LEGACY_PASSWORD_UTF8_TOO_LONG": "PASSWORD_UTF8_TOO_LONG", hwndDlg);
else
Error ("PASSWORD_UTF8_INVALID", hwndDlg);
}
@@ -13384,7 +13469,8 @@ BOOL DeleteDirectory (const wchar_t* szDirName)
static BOOL GenerateRandomString (HWND hwndDlg, LPTSTR szName, DWORD maxCharsCount)
{
BOOL bRet = FALSE;
- if (Randinit () != ERR_SUCCESS)
+ int alreadyInitialized = 0;
+ if (RandinitWithCheck (&alreadyInitialized) != ERR_SUCCESS)
{
handleError (hwndDlg, (CryptoAPILastError == ERROR_SUCCESS)? ERR_RAND_INIT_FAILED : ERR_CAPI_INIT_FAILED, SRC_POS);
}
@@ -13408,6 +13494,19 @@ static BOOL GenerateRandomString (HWND hwndDlg, LPTSTR szName, DWORD maxCharsCou
}
burn (indexes, maxCharsCount + 1);
free (indexes);
+
+ /* If RNG was not initialized before us, then stop it in order to
+ * stop the fast poll thread which consumes CPU. Next time a critical operation
+ * that requires RNG is performed, it will be initialized again.
+ *
+ * We do this because since the addition of secure desktop support, every time
+ * secure desktop is displayed, the RNG fast poll thread was started even if the
+ * user will never perform any critical operation that requires random bytes.
+ */
+ if (!alreadyInitialized)
+ {
+ RandStop (FALSE);
+ }
}
return bRet;
@@ -13575,75 +13674,79 @@ INT_PTR SecureDesktopDialogBoxParam(
INT_PTR retValue = 0;
BOOL bEffectiveUseSecureDesktop = bCmdUseSecureDesktopValid? bCmdUseSecureDesktop : bUseSecureDesktop;
- if (bEffectiveUseSecureDesktop && GenerateRandomString (hWndParent, szDesktopName, 64))
+ if (bEffectiveUseSecureDesktop)
{
- map<DWORD, BOOL> ctfmonBeforeList, ctfmonAfterList;
- DWORD desktopAccess = DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS;
- HDESK hSecureDesk;
+ EnterCriticalSection (&csSecureDesktop);
+ bSecureDesktopOngoing = TRUE;
+ finally_do ({ bSecureDesktopOngoing = FALSE; LeaveCriticalSection (&csSecureDesktop); });
- HDESK hInputDesk = NULL;
+ if (GenerateRandomString (hWndParent, szDesktopName, 64))
+ {
+ map<DWORD, BOOL> ctfmonBeforeList, ctfmonAfterList;
+ DWORD desktopAccess = DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS;
+ HDESK hSecureDesk;
- EnterCriticalSection (&csSecureDesktop);
- finally_do ({ LeaveCriticalSection (&csSecureDesktop); });
+ HDESK hInputDesk = NULL;
- // wait for the input desktop to be available before switching to
- // secure desktop. Under Windows 10, the user session can be started
- // in the background even before the user has authenticated and in this
- // case, we wait for the user to be really authenticated before starting
- // secure desktop mechanism
+ // wait for the input desktop to be available before switching to
+ // secure desktop. Under Windows 10, the user session can be started
+ // in the background even before the user has authenticated and in this
+ // case, we wait for the user to be really authenticated before starting
+ // secure desktop mechanism
- while (!(hInputDesk = OpenInputDesktop (0, TRUE, GENERIC_READ)))
- {
- Sleep (SECUREDESKTOP_MONOTIR_PERIOD);
- }
+ while (!(hInputDesk = OpenInputDesktop (0, TRUE, GENERIC_READ)))
+ {
+ Sleep (SECUREDESKTOP_MONOTIR_PERIOD);
+ }
- CloseDesktop (hInputDesk);
+ CloseDesktop (hInputDesk);
- // get the initial list of ctfmon.exe processes before creating new desktop
- GetCtfMonProcessIdList (ctfmonBeforeList);
+ // get the initial list of ctfmon.exe processes before creating new desktop
+ GetCtfMonProcessIdList (ctfmonBeforeList);
- hSecureDesk = CreateDesktop (szDesktopName, NULL, NULL, 0, desktopAccess, NULL);
- if (hSecureDesk)
- {
- SecureDesktopThreadParam param;
-
- param.hDesk = hSecureDesk;
- param.szDesktopName = szDesktopName;
- param.hInstance = hInstance;
- param.lpTemplateName = lpTemplateName;
- param.lpDialogFunc = lpDialogFunc;
- param.dwInitParam = dwInitParam;
- param.retValue = 0;
-
- HANDLE hThread = ::CreateThread (NULL, 0, SecureDesktopThread, (LPVOID) &param, 0, NULL);
- if (hThread)
+ hSecureDesk = CreateDesktop (szDesktopName, NULL, NULL, 0, desktopAccess, NULL);
+ if (hSecureDesk)
{
- WaitForSingleObject (hThread, INFINITE);
- CloseHandle (hThread);
+ SecureDesktopThreadParam param;
+
+ param.hDesk = hSecureDesk;
+ param.szDesktopName = szDesktopName;
+ param.hInstance = hInstance;
+ param.lpTemplateName = lpTemplateName;
+ param.lpDialogFunc = lpDialogFunc;
+ param.dwInitParam = dwInitParam;
+ param.retValue = 0;
+
+ HANDLE hThread = ::CreateThread (NULL, 0, SecureDesktopThread, (LPVOID) &param, 0, NULL);
+ if (hThread)
+ {
+ WaitForSingleObject (hThread, INFINITE);
+ CloseHandle (hThread);
- retValue = param.retValue;
- bSuccess = TRUE;
- }
+ retValue = param.retValue;
+ bSuccess = TRUE;
+ }
- CloseDesktop (hSecureDesk);
+ CloseDesktop (hSecureDesk);
- // get the new list of ctfmon.exe processes in order to find the ID of the
- // ctfmon.exe instance that corresponds to the desktop we create so that
- // we can kill it, otherwise it would remain running
- GetCtfMonProcessIdList (ctfmonAfterList);
+ // get the new list of ctfmon.exe processes in order to find the ID of the
+ // ctfmon.exe instance that corresponds to the desktop we create so that
+ // we can kill it, otherwise it would remain running
+ GetCtfMonProcessIdList (ctfmonAfterList);
- for (map<DWORD, BOOL>::iterator It = ctfmonAfterList.begin();
- It != ctfmonAfterList.end(); It++)
- {
- if (ctfmonBeforeList[It->first] != TRUE)
+ for (map<DWORD, BOOL>::iterator It = ctfmonAfterList.begin();
+ It != ctfmonAfterList.end(); It++)
{
- // Kill process
- KillProcess (It->first);
+ if (ctfmonBeforeList[It->first] != TRUE)
+ {
+ // Kill process
+ KillProcess (It->first);
+ }
}
}
- }
- burn (szDesktopName, sizeof (szDesktopName));
+ burn (szDesktopName, sizeof (szDesktopName));
+ }
}
if (!bSuccess)
@@ -13933,6 +14036,17 @@ BOOL EnableProcessProtection()
PACL pACL = NULL;
DWORD cbACL = 0;
+ // Acces mask
+ DWORD dwAccessMask = SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE; // same as protected process
+
+ if (IsAdmin ())
+ {
+ // if we are running elevated, we allow CreateProcessXXX calls alongside PROCESS_DUP_HANDLE and PROCESS_QUERY_INFORMATION in order to be able
+ // to implement secure way to open URLs (cf RunAsDesktopUser)
+ // we are still protecting against memory access from non-admon processes
+ dwAccessMask |= PROCESS_CREATE_PROCESS | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION;
+ }
+
// Open the access token associated with the calling process
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) {
goto Cleanup;
@@ -13971,7 +14085,7 @@ BOOL EnableProcessProtection()
if (!AddAccessAllowedAce(
pACL,
ACL_REVISION,
- SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE, // same as protected process
+ dwAccessMask,
pTokenUser->User.Sid // pointer to the trustee's SID
)) {
goto Cleanup;
@@ -14002,6 +14116,190 @@ Cleanup:
return bSuccess;
}
+// Based on sample code from:
+// https://blogs.msdn.microsoft.com/aaron_margosis/2009/06/06/faq-how-do-i-start-a-program-as-the-desktop-user-from-an-elevated-app/
+// start a program non-elevated as the desktop user from an elevated app
+
+static bool RunAsDesktopUser(
+ __in const wchar_t * szApp,
+ __in wchar_t * szCmdLine)
+{
+ HANDLE hThreadToken = NULL, hShellProcess = NULL, hShellProcessToken = NULL, hPrimaryToken = NULL;
+ HWND hwnd = NULL;
+ DWORD dwPID = 0;
+ BOOL ret;
+ DWORD dwLastErr;
+ STARTUPINFOW si;
+ PROCESS_INFORMATION pi;
+ bool retval = false;
+ SecureZeroMemory(&si, sizeof(si));
+ SecureZeroMemory(&pi, sizeof(pi));
+ si.cb = sizeof(si);
+
+ // locate CreateProcessWithTokenW in Advapi32.dll
+ if (!CreateProcessWithTokenWPtr)
+ {
+ return false;
+ }
+
+ if (!ImpersonateSelf (SecurityImpersonation))
+ {
+ return false;
+ }
+
+ if (!OpenThreadToken (GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES, TRUE, &hThreadToken))
+ {
+ return false;
+ }
+ else
+ {
+ TOKEN_PRIVILEGES tkp;
+ tkp.PrivilegeCount = 1;
+ LookupPrivilegeValueW(NULL, SE_INCREASE_QUOTA_NAME, &tkp.Privileges[0].Luid);
+ tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+
+ SetThreadToken (NULL, NULL);
+
+ AdjustTokenPrivileges(hThreadToken, FALSE, &tkp, 0, NULL, NULL);
+ dwLastErr = GetLastError();
+ if (ERROR_SUCCESS != dwLastErr)
+ {
+ goto cleanup;
+ }
+ }
+
+ // From this point down, we have handles to close, so make sure to clean up.
+
+ // Get an HWND representing the desktop shell.
+ // CAVEATS: This will fail if the shell is not running (crashed or terminated), or the default shell has been
+ // replaced with a custom shell. This also won't return what you probably want if Explorer has been terminated and
+ // restarted elevated.
+ hwnd = GetShellWindow();
+ if (NULL == hwnd)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Get the PID of the desktop shell process.
+ GetWindowThreadProcessId(hwnd, &dwPID);
+ if (0 == dwPID)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Open the desktop shell process in order to query it (get the token)
+ hShellProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwPID);
+ if (!hShellProcess)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Get the process token of the desktop shell.
+ ret = OpenProcessToken(hShellProcess, TOKEN_DUPLICATE, &hShellProcessToken);
+ if (!ret)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Duplicate the shell's process token to get a primary token.
+ // Based on experimentation, this is the minimal set of rights required for CreateProcessWithTokenW (contrary to current documentation).
+ const DWORD dwTokenRights = TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID;
+ ret = DuplicateTokenEx(hShellProcessToken, dwTokenRights, NULL, SecurityImpersonation, TokenPrimary, &hPrimaryToken);
+ if (!ret)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Start the target process with the new token.
+ ret = CreateProcessWithTokenWPtr(
+ hPrimaryToken,
+ 0,
+ szApp,
+ szCmdLine,
+ 0,
+ NULL,
+ NULL,
+ &si,
+ &pi);
+ if (!ret)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Make sure to close HANDLEs return in the PROCESS_INFORMATION.
+ CloseHandle(pi.hProcess);
+ CloseHandle(pi.hThread);
+
+ retval = true;
+
+cleanup:
+ // Clean up resources
+ if (hShellProcessToken) CloseHandle(hShellProcessToken);
+ if (hPrimaryToken) CloseHandle(hPrimaryToken);
+ if (hShellProcess) CloseHandle(hShellProcess);
+ if (hThreadToken) CloseHandle(hThreadToken);
+ RevertToSelf ();
+ if (!retval)
+ SetLastError (dwLastErr);
+ return retval;
+}
+
+// This function checks if the process is running with elevated privileges or not
+BOOL IsElevated()
+{
+ DWORD dwSize = 0;
+ HANDLE hToken = NULL;
+ TOKEN_ELEVATION tokenInformation;
+ BOOL bReturn = FALSE;
+
+ if(OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
+ {
+ if(GetTokenInformation(hToken, TokenElevation, &tokenInformation, sizeof(TOKEN_ELEVATION), &dwSize))
+ {
+ if (tokenInformation.TokenIsElevated)
+ bReturn = TRUE;
+ }
+
+ CloseHandle(hToken);
+ }
+ return bReturn;
+}
+
+// This function always loads a URL in a non-privileged mode
+// If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated
+// Use this security mechanism only starting from Windows Vista
+void SafeOpenURL (LPCWSTR szUrl)
+{
+ if (IsOSAtLeast (WIN_VISTA) && IsAdmin () && IsElevated())
+ {
+ WCHAR szRunDllPath[TC_MAX_PATH];
+ WCHAR szUrlDllPath[TC_MAX_PATH];
+ WCHAR szSystemPath[TC_MAX_PATH];
+ LPWSTR szCommandLine = new WCHAR[1024];
+
+ if (!GetSystemDirectory(szSystemPath, MAX_PATH))
+ StringCbCopyW(szSystemPath, sizeof(szSystemPath), L"C:\\Windows\\System32");
+
+ StringCbPrintfW(szRunDllPath, sizeof(szRunDllPath), L"%s\\%s", szSystemPath, L"rundll32.exe");
+ StringCbPrintfW(szUrlDllPath, sizeof(szUrlDllPath), L"%s\\%s", szSystemPath, L"url.dll");
+ StringCchPrintfW(szCommandLine, 1024, L"%s %s,FileProtocolHandler %s", szRunDllPath, szUrlDllPath, szUrl);
+
+ RunAsDesktopUser (NULL, szCommandLine);
+
+ delete [] szCommandLine;
+ }
+ else
+ {
+ ShellExecuteW (NULL, L"open", szUrl, NULL, NULL, SW_SHOWNORMAL);
+ }
+}
+
#if !defined(SETUP) && defined(_WIN64)
#define RtlGenRandom SystemFunction036
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 54475cb..b2324b1 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -124,6 +124,7 @@ extern BOOL bHideWaitingDialog;
extern BOOL bCmdHideWaitingDialog;
extern BOOL bCmdHideWaitingDialogValid;
extern BOOL bUseSecureDesktop;
+extern BOOL bSecureDesktopOngoing;
extern BOOL bUseLegacyMaxPasswordLength;
extern BOOL bCmdUseSecureDesktop;
extern BOOL bCmdUseSecureDesktopValid;
@@ -164,6 +165,10 @@ extern BOOL MountVolumesAsSystemFavorite;
extern BOOL FavoriteMountOnArrivalInProgress;
extern BOOL MultipleMountOperationInProgress;
+extern volatile BOOL NeedPeriodicDeviceListUpdate;
+extern BOOL DisablePeriodicDeviceListUpdate;
+extern BOOL EnableMemoryProtection;
+
#ifndef SETUP
extern BOOL bLanguageSetInSetup;
#endif
@@ -347,6 +352,7 @@ BOOL CloseVolumeExplorerWindows (HWND hwnd, int driveNo);
BOOL UpdateDriveCustomLabel (int driveNo, wchar_t* effectiveLabel, BOOL bSetValue);
BOOL CheckCapsLock (HWND hwnd, BOOL quiet);
BOOL CheckFileExtension (wchar_t *fileName);
+BOOL IsTrueCryptFileExtension (wchar_t *fileName);
void CorrectFileName (wchar_t* fileName);
void CorrectURL (wchar_t* fileName);
void IncreaseWrongPwdRetryCount (int count);
@@ -469,7 +475,7 @@ BOOL CALLBACK CloseTCWindowsEnum( HWND hwnd, LPARAM lParam);
BOOL CALLBACK FindTCWindowEnum (HWND hwnd, LPARAM lParam);
BYTE *MapResource (wchar_t *resourceType, int resourceId, PDWORD size);
void InconsistencyResolved (char *msg);
-void ReportUnexpectedState (char *techInfo);
+void ReportUnexpectedState (const char *techInfo);
BOOL SelectMultipleFiles (HWND hwndDlg, const char *stringId, wchar_t *lpszFileName, size_t cbFileName, BOOL keepHistory);
BOOL SelectMultipleFilesNext (wchar_t *lpszFileName, size_t cbFileName);
void OpenOnlineHelp ();
@@ -505,7 +511,9 @@ BOOL InitSecurityTokenLibrary (HWND hwndDlg);
BOOL FileHasReadOnlyAttribute (const wchar_t *path);
BOOL IsFileOnReadOnlyFilesystem (const wchar_t *path);
void CheckFilesystem (HWND hwndDlg, int driveNo, BOOL fixErrors);
+BOOL BufferContainsPattern (const byte *buffer, size_t bufferSize, const byte *pattern, size_t patternSize);
BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str);
+BOOL BufferContainsWideString (const byte *buffer, size_t bufferSize, const wchar_t *str);
int AskNonSysInPlaceEncryptionResume (HWND hwndDlg, BOOL* pbDecrypt);
BOOL RemoveDeviceWriteProtection (HWND hwndDlg, wchar_t *devicePath);
void EnableElevatedCursorChange (HWND parent);
@@ -539,6 +547,7 @@ void GetInstallationPath (HWND hwndDlg, wchar_t* szInstallPath, DWORD cchSize, B
BOOL GetSetupconfigLocation (wchar_t* path, DWORD cchSize);
BOOL BufferHasPattern (const unsigned char* buffer, size_t bufferLen, const void* pattern, size_t patternLen);
BOOL EnableProcessProtection();
+void SafeOpenURL (LPCWSTR szUrl);
#ifdef _WIN64
void GetAppRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed);
#endif
diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c
index 461f284..0dbaec5 100644
--- a/src/Common/EncryptionThreadPool.c
+++ b/src/Common/EncryptionThreadPool.c
@@ -16,7 +16,8 @@
#include "Driver/Ntdriver.h"
#endif
-#define TC_ENC_THREAD_POOL_MAX_THREAD_COUNT 64
+//Increasing the maximum number of threads
+#define TC_ENC_THREAD_POOL_MAX_THREAD_COUNT 256 //64
#define TC_ENC_THREAD_POOL_QUEUE_SIZE (TC_ENC_THREAD_POOL_MAX_THREAD_COUNT * 2)
#ifdef DEVICE_DRIVER
@@ -43,6 +44,18 @@
#define TC_ACQUIRE_MUTEX(MUTEX) WaitForSingleObject (*(MUTEX), INFINITE)
#define TC_RELEASE_MUTEX(MUTEX) ReleaseMutex (*(MUTEX))
+typedef BOOL (WINAPI *SetThreadGroupAffinityFn)(
+ HANDLE hThread,
+ const GROUP_AFFINITY *GroupAffinity,
+ PGROUP_AFFINITY PreviousGroupAffinity
+);
+
+typedef WORD (WINAPI* GetActiveProcessorGroupCountFn)();
+
+typedef DWORD (WINAPI *GetActiveProcessorCountFn)(
+ WORD GroupNumber
+);
+
#endif // !DEVICE_DRIVER
@@ -99,6 +112,7 @@ static volatile BOOL StopPending = FALSE;
static uint32 ThreadCount;
static TC_THREAD_HANDLE ThreadHandles[TC_ENC_THREAD_POOL_MAX_THREAD_COUNT];
+static WORD ThreadProcessorGroups[TC_ENC_THREAD_POOL_MAX_THREAD_COUNT];
static EncryptionThreadPoolWorkItem WorkItemQueue[TC_ENC_THREAD_POOL_QUEUE_SIZE];
@@ -164,6 +178,20 @@ static void SetWorkItemState (EncryptionThreadPoolWorkItem *workItem, WorkItemSt
static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
{
EncryptionThreadPoolWorkItem *workItem;
+#ifdef DEVICE_DRIVER
+ SetThreadCpuGroupAffinity ((USHORT) *(WORD*)(threadArg));
+#else
+ SetThreadGroupAffinityFn SetThreadGroupAffinityPtr = (SetThreadGroupAffinityFn) GetProcAddress (GetModuleHandle (L"kernel32.dll"), "SetThreadGroupAffinity");
+ if (SetThreadGroupAffinityPtr && threadArg)
+ {
+ GROUP_AFFINITY groupAffinity = {0};
+ groupAffinity.Mask = ~0ULL;
+ groupAffinity.Group = *(WORD*)(threadArg);
+ SetThreadGroupAffinityPtr(GetCurrentThread(), &groupAffinity, NULL);
+ }
+
+#endif
+
while (!StopPending)
{
@@ -263,21 +291,33 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount)
{
- size_t cpuCount, i;
-
- if (ThreadPoolRunning)
- return TRUE;
-
+ size_t cpuCount = 0, i = 0;
#ifdef DEVICE_DRIVER
cpuCount = GetCpuCount();
#else
+ SYSTEM_INFO sysInfo;
+ GetActiveProcessorGroupCountFn GetActiveProcessorGroupCountPtr = (GetActiveProcessorGroupCountFn) GetProcAddress (GetModuleHandle (L"Kernel32.dll"), "GetActiveProcessorGroupCount");
+ GetActiveProcessorCountFn GetActiveProcessorCountPtr = (GetActiveProcessorCountFn) GetProcAddress (GetModuleHandle (L"Kernel32.dll"), "GetActiveProcessorCount");
+ if (GetActiveProcessorGroupCountPtr && GetActiveProcessorCountPtr)
+ {
+ WORD j, groupCount = GetActiveProcessorGroupCountPtr();
+ size_t totalProcessors = 0;
+ for (j = 0; j < groupCount; ++j)
+ {
+ totalProcessors += (size_t) GetActiveProcessorCountPtr(j);
+ }
+ cpuCount = totalProcessors;
+ }
+ else
{
- SYSTEM_INFO sysInfo;
- GetSystemInfo (&sysInfo);
+ GetSystemInfo(&sysInfo);
cpuCount = sysInfo.dwNumberOfProcessors;
}
#endif
+ if (ThreadPoolRunning)
+ return TRUE;
+
if (cpuCount > encryptionFreeCpuCount)
cpuCount -= encryptionFreeCpuCount;
@@ -338,10 +378,33 @@ BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount)
for (ThreadCount = 0; ThreadCount < cpuCount; ++ThreadCount)
{
#ifdef DEVICE_DRIVER
- if (!NT_SUCCESS (TCStartThread (EncryptionThreadProc, NULL, &ThreadHandles[ThreadCount])))
+ ThreadProcessorGroups[ThreadCount] = GetCpuGroup ((size_t) ThreadCount);
#else
- if (!(ThreadHandles[ThreadCount] = (HANDLE) _beginthreadex (NULL, 0, EncryptionThreadProc, NULL, 0, NULL)))
+ // Determine which processor group to bind the thread to.
+ if (GetActiveProcessorGroupCountPtr && GetActiveProcessorCountPtr)
+ {
+ WORD j, groupCount = GetActiveProcessorGroupCountPtr();
+ uint32 totalProcessors = 0U;
+ for (j = 0U; j < groupCount; j++)
+ {
+ totalProcessors += (uint32) GetActiveProcessorCountPtr(j);
+ if (totalProcessors >= ThreadCount)
+ {
+ ThreadProcessorGroups[ThreadCount] = j;
+ break;
+ }
+ }
+ }
+ else
+ ThreadProcessorGroups[ThreadCount] = 0;
#endif
+
+#ifdef DEVICE_DRIVER
+ if (!NT_SUCCESS(TCStartThread(EncryptionThreadProc, (void*)(&ThreadProcessorGroups[ThreadCount]), &ThreadHandles[ThreadCount])))
+#else
+ if (!(ThreadHandles[ThreadCount] = (HANDLE)_beginthreadex(NULL, 0, EncryptionThreadProc, (void*)(&ThreadProcessorGroups[ThreadCount]), 0, NULL)))
+#endif
+
{
EncryptionThreadPoolStop();
return FALSE;
diff --git a/src/Common/Fat.c b/src/Common/Fat.c
index b47e531..8d4cc7d 100644
--- a/src/Common/Fat.c
+++ b/src/Common/Fat.c
@@ -394,6 +394,8 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
if(!quickFormat)
{
+ CRYPTO_INFO tmpCI;
+
if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
goto fail;
@@ -402,23 +404,41 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
deniability of hidden volumes (and also reduces the amount of predictable plaintext
within the volume). */
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ cryptoInfo = &tmpCI;
+
// Temporary master key
if (!RandgetBytes (hwndDlg, temporaryKey, EAGetKeySize (cryptoInfo->ea), FALSE))
+ {
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
goto fail;
+ }
// Temporary secondary key (XTS mode)
if (!RandgetBytes (hwndDlg, cryptoInfo->k2, sizeof cryptoInfo->k2, FALSE))
+ {
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
goto fail;
+ }
retVal = EAInit (cryptoInfo->ea, temporaryKey, cryptoInfo->ks);
if (retVal != ERR_SUCCESS)
{
+ TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey));
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
return retVal;
}
if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
+ TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey));
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
return ERR_MODE_INIT_FAILED;
}
@@ -430,12 +450,24 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
goto fail;
}
UpdateProgressBar (nSecNo * ft->sector_size);
+
+ if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
+ {
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ goto fail;
+ }
+
+ burn (&tmpCI, sizeof (tmpCI));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
else
+ {
UpdateProgressBar ((uint64) ft->num_sectors * ft->sector_size);
- if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
- goto fail;
+ if (!FlushFormatWriteBuffer (dev, write_buf, &write_buf_cnt, &nSecNo, cryptoInfo))
+ goto fail;
+ }
TCfree (write_buf);
burn (temporaryKey, sizeof(temporaryKey));
diff --git a/src/Common/Format.c b/src/Common/Format.c
index bd33f75..1edbdf9 100644
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -100,6 +100,10 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
LARGE_INTEGER offset;
BOOL bFailedRequiredDASD = FALSE;
HWND hwndDlg = volParams->hwndDlg;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+ PCRYPTO_INFO cryptoInfoBackup = NULL;
+#endif
FormatSectorSize = volParams->sectorSize;
@@ -350,14 +354,32 @@ begin_format:
nStatus = ERR_OS_ERROR;
goto error;
}
+ else if (volParams->hiddenVol && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Write timestamps are not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
DisableFileCompression (dev);
if (!volParams->hiddenVol && !bInstantRetryOtherFilesys)
{
LARGE_INTEGER volumeSize;
+ BOOL speedupFileCreation = FALSE;
volumeSize.QuadPart = dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE;
+ // speedup for file creation only makes sens when using quick format
+ if (volParams->quickFormat && volParams->fastCreateFile)
+ speedupFileCreation = TRUE;
+
if (volParams->sparseFileSwitch && volParams->quickFormat)
{
// Create as sparse file container
@@ -371,21 +393,29 @@ begin_format:
// Preallocate the file
if (!SetFilePointerEx (dev, volumeSize, NULL, FILE_BEGIN)
- || !SetEndOfFile (dev)
- || SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ || !SetEndOfFile (dev))
{
nStatus = ERR_OS_ERROR;
goto error;
}
- }
- }
- if (volParams->hiddenVol && !volParams->bDevice && bPreserveTimestamp)
- {
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
+ if (speedupFileCreation)
+ {
+ // accelerate file creation by telling Windows not to fill all file content with zeros
+ // this has security issues since it will put existing disk content into file container
+ // We use this mechanism only when switch /fastCreateFile specific and when quick format
+ // also specified and which is documented to have security issues.
+ // we don't check returned status because failure is not issue for us
+ SetFileValidData (dev, volumeSize.QuadPart);
+ }
+
+ if (SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
+
+ }
}
if (volParams->hwndDlg && volParams->bGuiMode) KillTimer (volParams->hwndDlg, TIMER_ID_RANDVIEW);
@@ -548,6 +578,17 @@ begin_format:
goto error;
}
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
header,
volParams->ea,
@@ -566,6 +607,15 @@ begin_format:
FormatSectorSize,
FALSE);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
+
if (!WriteEffectiveVolumeHeader (volParams->bDevice, dev, header))
{
nStatus = ERR_OS_ERROR;
@@ -577,8 +627,28 @@ begin_format:
{
BOOL bUpdateBackup = FALSE;
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
+
if (nStatus != ERR_SUCCESS)
goto error;
@@ -768,6 +838,10 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
LARGE_INTEGER startOffset;
LARGE_INTEGER newOffset;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+#endif
+
// Seek to start sector
startOffset.QuadPart = startSector * FormatSectorSize;
if (!SetFilePointerEx ((HANDLE) dev, startOffset, &newOffset, FILE_BEGIN)
@@ -785,6 +859,16 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
memset (sector, 0, sizeof (sector));
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
// Remember the original secondary key (XTS mode) before generating a temporary one
memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2));
@@ -847,6 +931,13 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
return 0;
@@ -858,6 +949,13 @@ fail:
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
SetLastError (err);
return (retVal ? retVal : ERR_OS_ERROR);
diff --git a/src/Common/Format.h b/src/Common/Format.h
index 961ece7..4ce1b8c 100644
--- a/src/Common/Format.h
+++ b/src/Common/Format.h
@@ -38,6 +38,7 @@ typedef struct
unsigned int clusterSize;
BOOL sparseFileSwitch;
BOOL quickFormat;
+ BOOL fastCreateFile;
DWORD sectorSize;
int *realClusterSize;
Password *password;
diff --git a/src/Common/Keyfiles.c b/src/Common/Keyfiles.c
index 686f3ca..174aed9 100644
--- a/src/Common/Keyfiles.c
+++ b/src/Common/Keyfiles.c
@@ -149,50 +149,41 @@ void KeyFileCloneAll (KeyFile *firstKeyFile, KeyFile **outputKeyFile)
static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSize, KeyFile *keyFile)
{
- FILE *f;
unsigned __int8 buffer[64 * 1024];
unsigned __int32 crc = 0xffffffff;
unsigned __int32 writePos = 0;
- size_t bytesRead, totalRead = 0;
+ DWORD bytesRead, totalRead = 0;
int status = TRUE;
-
HANDLE src;
- FILETIME ftCreationTime;
- FILETIME ftLastWriteTime;
- FILETIME ftLastAccessTime;
-
- BOOL bTimeStampValid = FALSE;
+ BOOL bReadStatus = FALSE;
- /* Remember the last access time of the keyfile. It will be preserved in order to prevent
- an adversary from determining which file may have been used as keyfile. */
src = CreateFile (keyFile->FileName,
- GENERIC_READ | GENERIC_WRITE,
+ GENERIC_READ | FILE_WRITE_ATTRIBUTES,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (src != INVALID_HANDLE_VALUE)
{
- if (GetFileTime ((HANDLE) src, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime))
- bTimeStampValid = TRUE;
- }
+ /* We tell Windows not to update the Last Access timestamp in order to prevent
+ an adversary from determining which file may have been used as keyfile. */
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
- finally_do_arg (HANDLE, src,
+ SetFileTime (src, NULL, &ftLastAccessTime, NULL);
+ }
+ else
{
- if (finally_arg != INVALID_HANDLE_VALUE)
- CloseHandle (finally_arg);
- });
-
- f = _wfopen (keyFile->FileName, L"rb");
- if (f == NULL) return FALSE;
+ /* try to open without FILE_WRITE_ATTRIBUTES in case we are in a ReadOnly filesystem (e.g. CD) */
+ src = CreateFile (keyFile->FileName,
+ GENERIC_READ,
+ FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
+ if (src == INVALID_HANDLE_VALUE)
+ return FALSE;
+ }
- while ((bytesRead = fread (buffer, 1, sizeof (buffer), f)) > 0)
+ while ((bReadStatus = ReadFile (src, buffer, sizeof (buffer), &bytesRead, NULL)) && (bytesRead > 0))
{
- size_t i;
-
- if (ferror (f))
- {
- status = FALSE;
- goto close;
- }
+ DWORD i;
for (i = 0; i < bytesRead; i++)
{
@@ -211,7 +202,7 @@ static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSi
}
}
- if (ferror (f))
+ if (!bReadStatus)
{
status = FALSE;
}
@@ -223,13 +214,9 @@ static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSi
close:
DWORD err = GetLastError();
- fclose (f);
- if (bTimeStampValid && !IsFileOnReadOnlyFilesystem (keyFile->FileName))
- {
- // Restore the keyfile timestamp
- SetFileTime (src, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime);
- }
+ CloseHandle (src);
+ burn (buffer, sizeof (buffer));
SetLastError (err);
return status;
diff --git a/src/Common/Language.c b/src/Common/Language.c
index 6dbd8b6..ffccd44 100644
--- a/src/Common/Language.c
+++ b/src/Common/Language.c
@@ -209,6 +209,7 @@ static BOOL LoadLanguageData (int resourceid, BOOL bForceSetPreferredLanguage, B
LocalizationActive = FALSE;
ActiveLangPackVersion[0] = 0;
ClearDictionaryPool ();
+ LanguageResource = NULL;
if ((resourceid == 0) && (PreferredLangId[0] != 0))
StringCbCopyA (langId, sizeof(langId), PreferredLangId);
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index fd5ee63..18dbaf1 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -33,14 +33,14 @@
<entry lang="en" key="IDC_DISPLAY_POOL_CONTENTS">Display pool content</entry>
<entry lang="en" key="IDC_DOWNLOAD_CD_BURN_SOFTWARE">Download CD/DVD recording software</entry>
<entry lang="en" key="IDC_FILE_CONTAINER">Create an encrypted file container</entry>
- <entry lang="en" key="IDC_GB">&amp;GB</entry>
- <entry lang="en" key="IDC_TB">&amp;TB</entry>
+ <entry lang="en" key="IDC_GB">&amp;GiB</entry>
+ <entry lang="en" key="IDC_TB">&amp;TiB</entry>
<entry lang="en" key="IDC_HIDDEN_SYSENC_INFO_LINK">More information</entry>
<entry lang="en" key="IDC_HIDDEN_VOL">Hi&amp;dden VeraCrypt volume </entry>
<entry lang="en" key="IDC_HIDDEN_VOL_HELP">More information about hidden volumes</entry>
<entry lang="en" key="IDC_HIDVOL_WIZ_MODE_DIRECT">Direct mode</entry>
<entry lang="en" key="IDC_HIDVOL_WIZ_MODE_FULL">Normal mode</entry>
- <entry lang="en" key="IDC_KB">&amp;KB</entry>
+ <entry lang="en" key="IDC_KB">&amp;KiB</entry>
<entry lang="en" key="IDC_KEYFILES_ENABLE">U&amp;se keyfiles</entry>
<entry lang="en" key="IDC_KEYFILES_TRY_EMPTY_PASSWORD">Try first to mount with an empty password</entry>
<entry lang="en" key="IDC_KEYFILES_RANDOM_SIZE">Random size ( 64 &lt;-&gt; 1048576 )</entry>
@@ -48,7 +48,7 @@
<entry lang="en" key="IDC_LINK_HASH_INFO">Information on hash algorithms</entry>
<entry lang="en" key="IDC_LINK_MORE_INFO_ABOUT_CIPHER">More information</entry>
<entry lang="en" key="IDC_LINK_PIM_INFO">Information on PIM</entry>
- <entry lang="en" key="IDC_MB">&amp;MB</entry>
+ <entry lang="en" key="IDC_MB">&amp;MiB</entry>
<entry lang="en" key="IDC_MORE_INFO_ON_CONTAINERS">More information</entry>
<entry lang="en" key="IDC_MORE_INFO_ON_SYS_ENCRYPTION">More information about system encryption</entry>
<entry lang="en" key="IDC_MORE_INFO_SYS_ENCRYPTION">More information</entry>
@@ -414,11 +414,11 @@
<entry lang="en" key="COMPRESSION_NOT_SUPPORTED">Error: The container has been compressed at the filesystem level. VeraCrypt does not support compressed containers (note that compression of encrypted data is ineffective and redundant).\n\nPlease disable compression for the container by following these steps:\n1) Right-click the container in Windows Explorer (not in VeraCrypt).\n2) Select 'Properties'.\n3) In the 'Properties' dialog box, click 'Advanced'.\n4) In the 'Advanced Attributes' dialog box, disable the option 'Compress contents to save disk space' and click 'OK'.\n5) In the 'Properties' dialog box, click 'OK'.</entry>
<entry lang="en" key="CREATE_FAILED">Failed to create volume %s</entry>
<entry lang="en" key="DEVICE_FREE_BYTES">Size of %s is %.2f bytes</entry>
- <entry lang="en" key="DEVICE_FREE_KB">Size of %s is %.2f KB</entry>
- <entry lang="en" key="DEVICE_FREE_MB">Size of %s is %.2f MB</entry>
- <entry lang="en" key="DEVICE_FREE_GB">Size of %s is %.2f GB</entry>
- <entry lang="en" key="DEVICE_FREE_TB">Size of %s is %.2f TB</entry>
- <entry lang="en" key="DEVICE_FREE_PB">Size of %s is %.2f PB</entry>
+ <entry lang="en" key="DEVICE_FREE_KB">Size of %s is %.2f KiB</entry>
+ <entry lang="en" key="DEVICE_FREE_MB">Size of %s is %.2f MiB</entry>
+ <entry lang="en" key="DEVICE_FREE_GB">Size of %s is %.2f GiB</entry>
+ <entry lang="en" key="DEVICE_FREE_TB">Size of %s is %.2f TiB</entry>
+ <entry lang="en" key="DEVICE_FREE_PB">Size of %s is %.2f PiB</entry>
<entry lang="en" key="DEVICE_IN_USE_FORMAT">WARNING: The device/partition is in use by the operating system or applications. Formatting the device/partition might cause data corruption and system instability.\n\nContinue?</entry>
<entry lang="en" key="DEVICE_IN_USE_INPLACE_ENC">Warning: The partition is in use by the operating system or applications. You should close any applications that might be using the partition (including antivirus software).\n\nContinue?</entry>
<entry lang="en" key="FORMAT_CANT_DISMOUNT_FILESYS">Error: The device/partition contains a file system that could not be dismounted. The file system may be in use by the operating system. Formatting the device/partition would very likely cause data corruption and system instability.\n\nTo solve this issue, we recommend that you first delete the partition and then recreate it without formatting. To do so, follow these steps:\n1) Right-click the 'Computer' (or 'My Computer') icon in the 'Start Menu' and select 'Manage'. The 'Computer Management' window should appear.\n2) In the 'Computer Management' window, select 'Storage' > 'Disk Management'.\n3) Right-click the partition you want to encrypt and select either 'Delete Partition', or 'Delete Volume', or 'Delete Logical Drive'.\n4) Click 'Yes'. If Windows asks you to restart the computer, do so. Then repeat the steps 1 and 2 and continue from the step 5.\n5) Right-click the unallocated/free space area and select either 'New Partition', or 'New Simple Volume', or 'New Logical Drive'.\n6) The 'New Partition Wizard' or 'New Simple Volume Wizard' window should appear now; follow its instructions. On the wizard page entitled 'Format Partition', select either 'Do not format this partition' or 'Do not format this volume'. In the same wizard, click 'Next' and then 'Finish'.\n7) Note that the device path you have selected in VeraCrypt may be wrong now. Therefore, exit the VeraCrypt Volume Creation Wizard (if it is still running) and then start it again.\n8) Try encrypting the device/partition again.\n\nIf VeraCrypt repeatedly fails to encrypt the device/partition, you may want to consider creating a file container instead.</entry>
@@ -436,13 +436,13 @@
<entry lang="en" key="RAW_DEV_NOT_SUPPORTED_FOR_INPLACE_ENC">VeraCrypt can in-place encrypt only a partition, a dynamic volume, or an entire system drive.\n\nIf you want to create an encrypted VeraCrypt volume within the selected non-system device, choose the option "Create encrypted volume and format it" (instead of the option "Encrypt partition in place").</entry>
<entry lang="en" key="INPLACE_ENC_INVALID_PATH">Error: VeraCrypt can in-place encrypt only a partition, a dynamic volume, or an entire system drive. Please make sure the specified path is valid.</entry>
<entry lang="en" key="CANNOT_RESIZE_FILESYS">Error: Cannot shrink the filesystem (the filesystem needs to be shrunk to make space for the volume header and backup header).\n\nPossible causes and solutions:\n\n- Not enough free space on the volume. Please make sure no other application is writing to the filesystem.\n\n- Corrupted file system. Try to check it and fix any errors (right-click the corresponding drive letter in the 'Computer' list, then select Properties > Tools > 'Check Now', make sure the option 'Automatically fix file system errors' is enabled and click Start).\n\nIf the above steps do not help, please follow the below steps.</entry>
- <entry lang="en" key="NOT_ENOUGH_FREE_FILESYS_SPACE_FOR_SHRINK">Error: There is not enough free space on the volume and so the filesystem cannot be shrunk (the filesystem needs to be shrunk to make space for the volume header and backup header).\n\nPlease delete any redundant files and empty the Recycle Bin so as to free at least 256 KB of space and then try again. Note that due to a Windows issue, the amount of free space reported by the Windows Explorer may be incorrect until the operating system is restarted. If restarting the system does not help, the file system may be corrupted. Try to check it and fix any errors (right-click the corresponding drive letter in the 'Computer' list, then select Properties > Tools > 'Check Now', make sure the option 'Automatically fix file system errors' is enabled and click Start).\n\nIf the above steps do not help, please follow the below steps.</entry>
+ <entry lang="en" key="NOT_ENOUGH_FREE_FILESYS_SPACE_FOR_SHRINK">Error: There is not enough free space on the volume and so the filesystem cannot be shrunk (the filesystem needs to be shrunk to make space for the volume header and backup header).\n\nPlease delete any redundant files and empty the Recycle Bin so as to free at least 256 KiB of space and then try again. Note that due to a Windows issue, the amount of free space reported by the Windows Explorer may be incorrect until the operating system is restarted. If restarting the system does not help, the file system may be corrupted. Try to check it and fix any errors (right-click the corresponding drive letter in the 'Computer' list, then select Properties > Tools > 'Check Now', make sure the option 'Automatically fix file system errors' is enabled and click Start).\n\nIf the above steps do not help, please follow the below steps.</entry>
<entry lang="en" key="DISK_FREE_BYTES">Free space on drive %s is %.2f bytes.</entry>
- <entry lang="en" key="DISK_FREE_KB">Free space on drive %s is %.2f KB</entry>
- <entry lang="en" key="DISK_FREE_MB">Free space on drive %s is %.2f MB</entry>
- <entry lang="en" key="DISK_FREE_GB">Free space on drive %s is %.2f GB</entry>
- <entry lang="en" key="DISK_FREE_TB">Free space on drive %s is %.2f TB</entry>
- <entry lang="en" key="DISK_FREE_PB">Free space on drive %s is %.2f PB</entry>
+ <entry lang="en" key="DISK_FREE_KB">Free space on drive %s is %.2f KiB</entry>
+ <entry lang="en" key="DISK_FREE_MB">Free space on drive %s is %.2f MiB</entry>
+ <entry lang="en" key="DISK_FREE_GB">Free space on drive %s is %.2f GiB</entry>
+ <entry lang="en" key="DISK_FREE_TB">Free space on drive %s is %.2f TiB</entry>
+ <entry lang="en" key="DISK_FREE_PB">Free space on drive %s is %.2f PiB</entry>
<entry lang="en" key="DRIVELETTERS">Could not get available drive letters.</entry>
<entry lang="en" key="DRIVER_NOT_FOUND">Error: VeraCrypt driver not found.\n\nPlease copy the files 'veracrypt.sys' and 'veracrypt-x64.sys' to the directory where the main VeraCrypt application (VeraCrypt.exe) is located.</entry>
<entry lang="en" key="DRIVER_VERSION">Error: An incompatible version of the VeraCrypt driver is currently running.\n\nIf you are trying to run VeraCrypt in portable mode (i.e. without installing it) and a different version of VeraCrypt is already installed, you must uninstall it first (or upgrade it using the VeraCrypt installer). To uninstall it, follow these steps: On Windows Vista or later, select 'Start Menu' > Computer > 'Uninstall or change a program' > VeraCrypt > Uninstall; on Windows XP, select 'Start Menu' > Settings > 'Control Panel' > 'Add Or Remove Programs' > VeraCrypt > Remove.\n\nSimilarly, if you are trying to run VeraCrypt in portable mode (i.e. without installing it) and a different version of VeraCrypt is already running in portable mode, you must restart the system first and then run only this new version.</entry>
@@ -456,7 +456,7 @@
<entry lang="en" key="ASK_KEEP_DETECTING_SYSTEM_CRASH">Do you want VeraCrypt to continue detecting system crashes?</entry>
<entry lang="en" key="NO_MINIDUMP_FOUND">VeraCrypt found no system crash minidump file.</entry>
<entry lang="en" key="ASK_DELETE_KERNEL_CRASH_DUMP">Do you want to delete the Windows crash dump file to free up disk space?</entry>
- <entry lang="en" key="ASK_DEBUGGER_INSTALL">In order to analyze the system crash, VeraCrypt needs to install Microsoft Debugging Tools for Windows first.\n\nAfter you click OK, the Windows installer will download the Microsoft Debugging Tools installation package (16 MB) from a Microsoft server and install it (the Windows installer will be forwarded to the Microsoft server URL from the veracrypt.org server, which ensures that this feature works even if Microsoft changes the location of the installation package).</entry>
+ <entry lang="en" key="ASK_DEBUGGER_INSTALL">In order to analyze the system crash, VeraCrypt needs to install Microsoft Debugging Tools for Windows first.\n\nAfter you click OK, the Windows installer will download the Microsoft Debugging Tools installation package (16 MiB) from a Microsoft server and install it (the Windows installer will be forwarded to the Microsoft server URL from the veracrypt.org server, which ensures that this feature works even if Microsoft changes the location of the installation package).</entry>
<entry lang="en" key="SYSTEM_CRASH_ANALYSIS_INFO">After you click OK, VeraCrypt will analyze the system crash. This may take up to several minutes.</entry>
<entry lang="en" key="DEBUGGER_NOT_FOUND">Please make sure the environment variable 'PATH' includes the path to 'kd.exe' (Kernel Debugger).</entry>
<entry lang="en" key="SYSTEM_CRASH_NO_VERACRYPT">It appears that VeraCrypt most likely did not cause the system crash. There are many potential reasons why the system could have crashed (for example, a failing hardware component, a bug in a device driver, etc.)</entry>
@@ -479,9 +479,9 @@
<entry lang="en" key="FILE_OPEN_FAILED">The file could not be opened.</entry>
<entry lang="en" key="FILE_TITLE">Volume Location</entry>
<entry lang="en" key="FILESYS_PAGE_TITLE">Large Files</entry>
- <entry lang="en" key="FILESYS_PAGE_HELP_QUESTION">Do you intend to store files larger than 4 GB in this VeraCrypt volume?</entry>
+ <entry lang="en" key="FILESYS_PAGE_HELP_QUESTION">Do you intend to store files larger than 4 GiB in this VeraCrypt volume?</entry>
<entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION">Depending on your choice above, VeraCrypt will choose a suitable default file system for the VeraCrypt volume (you will be able to select a file system in the next step).</entry>
- <entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION_HIDVOL">As you are creating an outer volume, you should consider choosing 'No'. If you choose 'Yes', the default filesystem will be NTFS, which is not as suitable for outer volumes as FAT/exFAT (for example, the maximum possible size of the hidden volume will be significantly greater if the outer volume is formatted as FAT/exFAT). Normally, FAT is the default for both hidden and normal volumes (so FAT volumes are not suspicious). However, if the user indicates intent to store files larger than 4 GB (which the FAT file system does not allow), then FAT is not the default.</entry>
+ <entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION_HIDVOL">As you are creating an outer volume, you should consider choosing 'No'. If you choose 'Yes', the default filesystem will be NTFS, which is not as suitable for outer volumes as FAT/exFAT (for example, the maximum possible size of the hidden volume will be significantly greater if the outer volume is formatted as FAT/exFAT). Normally, FAT is the default for both hidden and normal volumes (so FAT volumes are not suspicious). However, if the user indicates intent to store files larger than 4 GiB (which the FAT file system does not allow), then FAT is not the default.</entry>
<entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION_HIDVOL_CONFIRM">Are you sure you want to choose 'Yes'?</entry>
<entry lang="en" key="DEVICE_TRANSFORM_MODE_PAGE_TITLE">Volume Creation Mode</entry>
<entry lang="en" key="DEVICE_TRANSFORM_MODE_PAGE_FORMAT_HELP">This is the fastest way to create a partition-hosted or device-hosted VeraCrypt volume (in-place encryption, which is the other option, is slower because content of each sector has to be first read, encrypted, and then written). Any data currently stored on the selected partition/device will be lost (the data will NOT be encrypted; it will be overwritten with random data). If you want to encrypt existing data on a partition, choose the other option.</entry>
@@ -536,7 +536,7 @@
<entry lang="en" key="HIDVOL_PROT_WARN_AFTER_MOUNT">The hidden volume is now protected against damage until the outer volume is dismounted.\n\nWARNING: If any data is attempted to be saved to the hidden volume area, VeraCrypt will start write-protecting the entire volume (both the outer and the hidden part) until it is dismounted. This may cause filesystem corruption on the outer volume, which (if repeated) might adversely affect plausible deniability of the hidden volume. Therefore, you should make every effort to avoid writing to the hidden volume area. Any data being saved to the hidden volume area will not be saved and will be lost. Windows may report this as a write error ("Delayed Write Failed" or "The parameter is incorrect").</entry>
<entry lang="en" key="HIDVOL_PROT_WARN_AFTER_MOUNT_PLURAL">Each of the hidden volumes within the newly mounted volumes is now protected against damage until dismounted.\n\nWARNING: If any data is attempted to be saved to protected hidden volume area of any of these volumes, VeraCrypt will start write-protecting the entire volume (both the outer and the hidden part) until it is dismounted. This may cause filesystem corruption on the outer volume, which (if repeated) might adversely affect plausible deniability of the hidden volume. Therefore, you should make every effort to avoid writing to the hidden volume area. Any data being saved to protected hidden volume areas will not be saved and will be lost. Windows may report this as a write error ("Delayed Write Failed" or "The parameter is incorrect").</entry>
<entry lang="en" key="DAMAGE_TO_HIDDEN_VOLUME_PREVENTED">WARNING: Data were attempted to be saved to the hidden volume area of the volume mounted as %c:! VeraCrypt prevented these data from being saved in order to protect the hidden volume. This may have caused filesystem corruption on the outer volume and Windows may have reported a write error ("Delayed Write Failed" or "The parameter is incorrect"). The entire volume (both the outer and the hidden part) will be write-protected until it is dismounted. If this is not the first time VeraCrypt has prevented data from being saved to the hidden volume area of this volume, plausible deniability of this hidden volume might be adversely affected (due to possible unusual correlated inconsistencies within the outer volume file system). Therefore, you should consider creating a new VeraCrypt volume (with Quick Format disabled) and moving files from this volume to the new volume; this volume should be securely erased (both the outer and the hidden part). We strongly recommend that you restart the operating system now.</entry>
- <entry lang="en" key="CANNOT_SATISFY_OVER_4G_FILE_SIZE_REQ">You have indicated intent to store files larger than 4 GB on the volume. This requires the volume to be formatted as NTFS/exFAT/ReFS, which, however, will not be possible.</entry>
+ <entry lang="en" key="CANNOT_SATISFY_OVER_4G_FILE_SIZE_REQ">You have indicated intent to store files larger than 4 GiB on the volume. This requires the volume to be formatted as NTFS/exFAT/ReFS, which, however, will not be possible.</entry>
<entry lang="en" key="CANNOT_CREATE_NON_HIDDEN_NTFS_VOLUMES_UNDER_HIDDEN_OS">Please note that when a hidden operating system is running, non-hidden VeraCrypt volumes cannot be formatted as NTFS/exFAT/ReFS. The reason is that the volume would need to be temporarily mounted without write protection in order to allow the operating system to format it as NTFS (whereas formatting as FAT is performed by VeraCrypt, not by the operating system, and without mounting the volume). For further technical details, see below. You can create a non-hidden NTFS/exFAT/ReFS volume from within the decoy operating system.</entry>
<entry lang="en" key="HIDDEN_VOL_CREATION_UNDER_HIDDEN_OS_HOWTO">For security reasons, when a hidden operating system is running, hidden volumes can be created only in the 'direct' mode (because outer volumes must always be mounted as read-only). To create a hidden volume securely, follow these steps:\n\n1) Boot the decoy system.\n\n2) Create a normal VeraCrypt volume and, to this volume, copy some sensitive-looking files that you actually do NOT want to hide (the volume will become the outer volume).\n\n3) Boot the hidden system and start the VeraCrypt Volume Creation Wizard. If the volume is file-hosted, move it to the system partition or to another hidden volume (otherwise, the newly created hidden volume would be mounted as read-only and could not be formatted). Follow the instructions in the wizard so as to select the 'direct' hidden volume creation mode.\n\n4) In the wizard, select the volume you created in step 2 and then follow the instructions to create a hidden volume within it.</entry>
<entry lang="en" key="HIDDEN_OS_WRITE_PROTECTION_BRIEF_INFO">For security reasons, when a hidden operating system is running, local unencrypted filesystems and non-hidden VeraCrypt volumes are mounted as read-only (no data can be written to such filesystems or VeraCrypt volumes).\n\nData is allowed to be written to any filesystem that resides within a hidden VeraCrypt volume (provided that the hidden volume is not located in a container stored on an unencrypted filesystem or on any other read-only filesystem).</entry>
@@ -560,10 +560,10 @@
<entry lang="en" key="INIT_RICHEDIT">Error: Failed to load the Rich Edit system library.</entry>
<entry lang="en" key="INTRO_TITLE">VeraCrypt Volume Creation Wizard</entry>
<entry lang="en" key="MAX_HIDVOL_SIZE_BYTES">Maximum possible hidden volume size for this volume is %.2f bytes.</entry>
- <entry lang="en" key="MAX_HIDVOL_SIZE_KB">Maximum possible hidden volume size for this volume is %.2f KB.</entry>
- <entry lang="en" key="MAX_HIDVOL_SIZE_MB">Maximum possible hidden volume size for this volume is %.2f MB.</entry>
- <entry lang="en" key="MAX_HIDVOL_SIZE_GB">Maximum possible hidden volume size for this volume is %.2f GB.</entry>
- <entry lang="en" key="MAX_HIDVOL_SIZE_TB">Maximum possible hidden volume size for this volume is %.2f TB.</entry>
+ <entry lang="en" key="MAX_HIDVOL_SIZE_KB">Maximum possible hidden volume size for this volume is %.2f KiB.</entry>
+ <entry lang="en" key="MAX_HIDVOL_SIZE_MB">Maximum possible hidden volume size for this volume is %.2f MiB.</entry>
+ <entry lang="en" key="MAX_HIDVOL_SIZE_GB">Maximum possible hidden volume size for this volume is %.2f GiB.</entry>
+ <entry lang="en" key="MAX_HIDVOL_SIZE_TB">Maximum possible hidden volume size for this volume is %.2f TiB.</entry>
<entry lang="en" key="MOUNTED_NOPWCHANGE">Volume password/keyfiles cannot be changed while the volume is mounted. Please dismount the volume first.</entry>
<entry lang="en" key="MOUNTED_NO_PKCS5_PRF_CHANGE">The header key derivation algorithm cannot be changed while the volume is mounted. Please dismount the volume first.</entry>
<entry lang="en" key="MOUNT_BUTTON">&amp;Mount</entry>
@@ -666,14 +666,14 @@
<entry lang="en" key="SELECT_KEYFILE_GENERATION_DIRECTORY">Select a directory where to store the keyfiles.</entry>
<entry lang="en" key="SELECTED_KEYFILE_IS_CONTAINER_FILE">The current container file was selected as a keyfile. It will be skipped.</entry>
<entry lang="en" key="SERPENT_HELP">Designed by Ross Anderson, Eli Biham, and Lars Knudsen. Published in 1998. 256-bit key, 128-bit block. Mode of operation is XTS. Serpent was one of the AES finalists.</entry>
- <entry lang="en" key="SIZE_HELP">Please specify the size of the container you want to create.\n\nIf you create a dynamic (sparse-file) container, this parameter will specify its maximum possible size.\n\nNote that the minimum possible size of a FAT volume is 292 KB. The minimum possible size of an exFAT volume is 424 KB. The minimum possible size of an NTFS volume is 3792 KB. The minimum possible size of an ReFS volume is 642 MB.</entry>
- <entry lang="en" key="SIZE_HELP_HIDDEN_HOST_VOL">Please specify the size of the outer volume to be created (you will first create the outer volume and then a hidden volume within it). The minimum possible size of a volume within which a hidden volume is intended to be created is 340 KB.</entry>
- <entry lang="en" key="SIZE_HELP_HIDDEN_VOL">Please specify the size of the hidden volume to create. The minimum possible size of a hidden volume is 40 KB (or 3664 KB if it is formatted as NTFS). The maximum possible size you can specify for the hidden volume is displayed above.</entry>
+ <entry lang="en" key="SIZE_HELP">Please specify the size of the container you want to create.\n\nIf you create a dynamic (sparse-file) container, this parameter will specify its maximum possible size.\n\nNote that the minimum possible size of a FAT volume is 292 KiB. The minimum possible size of an exFAT volume is 424 KiB. The minimum possible size of an NTFS volume is 3792 KiB. The minimum possible size of an ReFS volume is 642 MiB.</entry>
+ <entry lang="en" key="SIZE_HELP_HIDDEN_HOST_VOL">Please specify the size of the outer volume to be created (you will first create the outer volume and then a hidden volume within it). The minimum possible size of a volume within which a hidden volume is intended to be created is 340 KiB.</entry>
+ <entry lang="en" key="SIZE_HELP_HIDDEN_VOL">Please specify the size of the hidden volume to create. The minimum possible size of a hidden volume is 40 KiB (or 3664 KiB if it is formatted as NTFS). The maximum possible size you can specify for the hidden volume is displayed above.</entry>
<entry lang="en" key="SIZE_HIDVOL_HOST_TITLE">Outer Volume Size</entry>
<entry lang="en" key="SIZE_HIDVOL_TITLE">Hidden Volume Size</entry>
<entry lang="en" key="SIZE_PARTITION_HELP">Please verify that the size of the selected device/partition shown above is correct and click Next.</entry>
<entry lang="en" key="SIZE_PARTITION_HIDDEN_SYSENC_HELP">The outer volume and the hidden volume (containing the hidden operating system) will reside within the above partition. It should be the first partition behind the system partition.\n\nPlease verify that the size of the partition and its number shown above are correct, and if they are, click Next.</entry>
- <entry lang="en" key="SIZE_PARTITION_HIDDEN_VOL_HELP">\n\nNote that the minimum possible size of a volume within which a hidden volume is intended to be created is 340 KB.</entry>
+ <entry lang="en" key="SIZE_PARTITION_HIDDEN_VOL_HELP">\n\nNote that the minimum possible size of a volume within which a hidden volume is intended to be created is 340 KiB.</entry>
<entry lang="en" key="SIZE_TITLE">Volume Size</entry>
<entry lang="en" key="SPARSE_FILE">Dynamic</entry>
<entry lang="en" key="TESTS_FAILED">CAUTION: SELF-TEST FAILED!</entry>
@@ -748,7 +748,7 @@
<entry lang="en" key="HIDDEN_VOL_HOST_NTFS">Note: The FAT/exFAT file system is more suitable for outer volumes than the NTFS file system (for example, the maximum possible size of the hidden volume would very likely have been significantly greater if the outer volume had been formatted as FAT/exFAT).</entry>
<entry lang="en" key="HIDDEN_VOL_HOST_NTFS_ASK">Note that the FAT/exFAT file system is more suitable for outer volumes than the NTFS file system. For example, the maximum possible size of the hidden volume will very likely be significantly greater if the outer volume is formatted as FAT/exFAT (the reason is that the NTFS file system always stores internal data exactly in the middle of the volume and, therefore, the hidden volume can reside only in the second half of the outer volume).\n\nAre you sure you want to format the outer volume as NTFS?</entry>
<entry lang="en" key="OFFER_FAT_FORMAT_ALTERNATIVE">Do you want to format the volume as FAT instead?</entry>
- <entry lang="en" key="FAT_NOT_AVAILABLE_FOR_SO_LARGE_VOLUME">Note: This volume cannot be formatted as FAT, because it exceeds the maximum volume size supported by the FAT32 filesystem for the applicable sector size (2 TB for 512-byte sectors and 16 TB for 4096-byte sectors).</entry>
+ <entry lang="en" key="FAT_NOT_AVAILABLE_FOR_SO_LARGE_VOLUME">Note: This volume cannot be formatted as FAT, because it exceeds the maximum volume size supported by the FAT32 filesystem for the applicable sector size (2 TiB for 512-byte sectors and 16 TiB for 4096-byte sectors).</entry>
<entry lang="en" key="PARTITION_TOO_SMALL_FOR_HIDDEN_OS">Error: The partition for the hidden operating system (i.e. the first partition behind the system partition) must be at least 5% larger than the system partition (the system partition is the one where the currently running operating system is installed).</entry>
<entry lang="en" key="PARTITION_TOO_SMALL_FOR_HIDDEN_OS_NTFS">Error: The partition for the hidden operating system (i.e. the first partition behind the system partition) must be at least 110% (2.1 times) larger than the system partition (the system partition is the one where the currently running operating system is installed). The reason is that the NTFS file system always stores internal data exactly in the middle of the volume and, therefore, the hidden volume (which is to contain a clone of the system partition) can reside only in the second half of the partition.</entry>
<entry lang="en" key="OUTER_VOLUME_TOO_SMALL_FOR_HIDDEN_OS_NTFS">Error: If the outer volume is formatted as NTFS, it must be at least 110% (2.1 times) larger than the system partition. The reason is that the NTFS file system always stores internal data exactly in the middle of the volume and, therefore, the hidden volume (which is to contain a clone of the system partition) can reside only in the second half of the outer volume.\n\nNote: The outer volume needs to reside within the same partition as the hidden operating system (i.e. within the first partition behind the system partition).</entry>
@@ -756,7 +756,7 @@
<entry lang="en" key="TWO_SYSTEMS_IN_ONE_PARTITION_REMARK">Remark: It is not practical (and therefore is not supported) to install operating systems in two VeraCrypt volumes that are embedded within a single partition, because using the outer operating system would often require data to be written to the area of the hidden operating system (and if such write operations were prevented using the hidden volume protection feature, it would inherently cause system crashes, i.e. 'Blue Screen' errors).</entry>
<entry lang="en" key="FOR_MORE_INFO_ON_PARTITIONS">For information on how to create and manage partitions, please refer to the documentation supplied with your operating system or contact your computer vendor's technical support team for assistance.</entry>
<entry lang="en" key="SYSTEM_PARTITION_NOT_ACTIVE">Error: The currently running operating system is not installed on the boot partition (first Active partition). This is not supported.</entry>
- <entry lang="en" key="CONFIRM_FAT_FOR_FILES_OVER_4GB">You indicated that you intend to store files larger than 4 GB in this VeraCrypt volume. However, you chose the FAT file system, on which files larger than 4 GB cannot be stored.\n\nAre you sure you want to format the volume as FAT?</entry>
+ <entry lang="en" key="CONFIRM_FAT_FOR_FILES_OVER_4GB">You indicated that you intend to store files larger than 4 GiB in this VeraCrypt volume. However, you chose the FAT file system, on which files larger than 4 GiB cannot be stored.\n\nAre you sure you want to format the volume as FAT?</entry>
<entry lang="en" key="NONSYS_INPLACE_DECRYPTION_BAD_VOL_FORMAT">Error: VeraCrypt does not support in-place decryption of legacy non-system volumes created by VeraCrypt 1.0b or earlier.\n\nNote: You can still decrypt files stored on the volume by copying/moving them to any unencrypted volume.</entry>
<entry lang="en" key="NONSYS_INPLACE_DECRYPTION_CANT_DECRYPT_HID_VOL">Error: VeraCrypt cannot in-place decrypt a hidden VeraCrypt volume.\n\nNote: You can still decrypt files stored on the volume by copying/moving them to any unencrypted volume.</entry>
<entry lang="en" key="CONFIRM_VOL_CONTAINS_NO_HIDDEN_VOL">Warning: Note that VeraCrypt cannot in-place decrypt a volume that contains a hidden VeraCrypt volume (the hidden volume would be overwritten with pseudorandom data).\n\nPlease confirm that the volume you are about to decrypt contains no hidden volume.\n\nNote: If the volume contains a hidden volume but you do not mind losing the hidden volume, you can select Proceed (the outer volume will be safely decrypted).</entry>
@@ -997,11 +997,11 @@
<entry lang="en" key="EXE_FILE_EXTENSION_CONFIRM">WARNING: We strongly recommend that you avoid file extensions that are used for executable files (such as .exe, .sys, or .dll) and other similarly problematic file extensions. Using such file extensions causes Windows and antivirus software to interfere with the container, which adversely affects the performance of the volume and may also cause other serious problems.\n\nWe strongly recommend that you remove the file extension or change it (e.g., to '.hc').\n\nAre you sure you want to use the problematic file extension?</entry>
<entry lang="en" key="EXE_FILE_EXTENSION_MOUNT_WARNING">WARNING: This container has a file extension that is used for executable files (such as .exe, .sys, or .dll) or some other file extension that is similarly problematic. It will very likely cause Windows and antivirus software to interfere with the container, which will adversely affect the performance of the volume and may also cause other serious problems.\n\nWe strongly recommend that you remove the file extension of the container or change it (e.g., to '.hc') after you dismount the volume.</entry>
<entry lang="en" key="HOMEPAGE">Homepage</entry>
- <entry lang="en" key="LARGE_IDE_WARNING_XP">WARNING: It appears that you have not applied any Service Pack to your Windows installation. You should not write to IDE disks larger than 128 GB under Windows XP to which you did not apply Service Pack 1 or later! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a bug in VeraCrypt.</entry>
- <entry lang="en" key="LARGE_IDE_WARNING_2K">WARNING: It appears that you have not applied Service Pack 3 or later to your Windows installation. You should not write to IDE disks larger than 128 GB under Windows 2000 to which you did not apply Service Pack 3 or later! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a bug in VeraCrypt.\n\nNote: You may also need to enable the 48-bit LBA support in the registry; for more information, see http://support.microsoft.com/kb/305098/EN-US</entry>
- <entry lang="en" key="LARGE_IDE_WARNING_2K_REGISTRY">WARNING: 48-bit LBA ATAPI support is disabled on your system. Therefore, you should not write to IDE disks larger than 128 GB! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a limitation of VeraCrypt.\n\nTo enable the 48-bit LBA support, add the 'EnableBigLba' registry value in the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\atapi\\Parameters and set it to 1.\n\nFor more information, see http://support.microsoft.com/kb/305098</entry>
- <entry lang="en" key="VOLUME_TOO_LARGE_FOR_FAT32">Error: Files larger than 4 GB cannot be stored on a FAT32 file system. Therefore, file-hosted VeraCrypt volumes (containers) stored on a FAT32 file system cannot be larger than 4 GB.\n\nIf you need a larger volume, create it on an NTFS file system (or, if you use Windows Vista SP1 or later, on an exFAT file system) or, instead of creating a file-hosted volume, encrypt an entire partition or device.</entry>
- <entry lang="en" key="VOLUME_TOO_LARGE_FOR_WINXP">Warning: Windows XP does not support files larger than 2048 GB (it will report that "Not enough storage is available"). Therefore, you cannot create a file-hosted VeraCrypt volume (container) larger than 2048 GB under Windows XP.\n\nNote that it is still possible to encrypt the entire drive or create a partition-hosted VeraCrypt volume larger than 2048 GB under Windows XP.</entry>
+ <entry lang="en" key="LARGE_IDE_WARNING_XP">WARNING: It appears that you have not applied any Service Pack to your Windows installation. You should not write to IDE disks larger than 128 GiB under Windows XP to which you did not apply Service Pack 1 or later! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a bug in VeraCrypt.</entry>
+ <entry lang="en" key="LARGE_IDE_WARNING_2K">WARNING: It appears that you have not applied Service Pack 3 or later to your Windows installation. You should not write to IDE disks larger than 128 GiB under Windows 2000 to which you did not apply Service Pack 3 or later! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a bug in VeraCrypt.\n\nNote: You may also need to enable the 48-bit LBA support in the registry; for more information, see http://support.microsoft.com/kb/305098/EN-US</entry>
+ <entry lang="en" key="LARGE_IDE_WARNING_2K_REGISTRY">WARNING: 48-bit LBA ATAPI support is disabled on your system. Therefore, you should not write to IDE disks larger than 128 GiB! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a limitation of VeraCrypt.\n\nTo enable the 48-bit LBA support, add the 'EnableBigLba' registry value in the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\atapi\\Parameters and set it to 1.\n\nFor more information, see http://support.microsoft.com/kb/305098</entry>
+ <entry lang="en" key="VOLUME_TOO_LARGE_FOR_FAT32">Error: Files larger than 4 GiB cannot be stored on a FAT32 file system. Therefore, file-hosted VeraCrypt volumes (containers) stored on a FAT32 file system cannot be larger than 4 GiB.\n\nIf you need a larger volume, create it on an NTFS file system (or, if you use Windows Vista SP1 or later, on an exFAT file system) or, instead of creating a file-hosted volume, encrypt an entire partition or device.</entry>
+ <entry lang="en" key="VOLUME_TOO_LARGE_FOR_WINXP">Warning: Windows XP does not support files larger than 2048 GiB (it will report that "Not enough storage is available"). Therefore, you cannot create a file-hosted VeraCrypt volume (container) larger than 2048 GiB under Windows XP.\n\nNote that it is still possible to encrypt the entire drive or create a partition-hosted VeraCrypt volume larger than 2048 GiB under Windows XP.</entry>
<entry lang="en" key="FREE_SPACE_FOR_WRITING_TO_OUTER_VOLUME">WARNING: If you want to be able to add more data/files to the outer volume in future, you should consider choosing a smaller size for the hidden volume.\n\nAre you sure you want to continue with the size you specified?</entry>
<entry lang="en" key="NO_VOLUME_SELECTED">No volume selected.\n\nClick 'Select Device' or 'Select File' to select a VeraCrypt volume.</entry>
<entry lang="en" key="NO_SYSENC_PARTITION_SELECTED">No partition selected.\n\nClick 'Select Device' to select a dismounted partition that normally requires pre-boot authentication (for example, a partition located on the encrypted system drive of another operating system, which is not running, or the encrypted system partition of another operating system).\n\nNote: The selected partition will be mounted as a regular VeraCrypt volume without pre-boot authentication. This is useful e.g. for backup or repair operations.</entry>
@@ -1066,7 +1066,7 @@
<entry lang="en" key="ERR_ACCESS_DENIED">Access was denied by the operating system.\n\nPossible cause: The operating system requires that you have read/write permission (or administrator privileges) for certain folders, files, and devices, in order for you to be allowed to read and write data to/from them. Normally, a user without administrator privileges is allowed to create, read and modify files in his or her Documents folder.</entry>
<entry lang="en" key="SECTOR_SIZE_UNSUPPORTED">Error: The drive uses an unsupported sector size.\n\nIt is currently not possible to create partition/device-hosted volumes on drives that use sectors larger than 4096 bytes. However, note that you can create file-hosted volumes (containers) on such drives.</entry>
<entry lang="en" key="SYSENC_UNSUPPORTED_SECTOR_SIZE_BIOS">It is currently not possible to encrypt a system installed on a disk that uses a sector size other than 512 bytes.</entry>
- <entry lang="en" key="NO_SPACE_FOR_BOOT_LOADER">The VeraCrypt Boot Loader requires at least 32 KBytes of free space at the beginning of the system drive (the VeraCrypt Boot Loader needs to be stored in that area). Unfortunately, your drive does not meet this condition.\n\nPlease do NOT report this as a bug/problem in VeraCrypt. To solve this problem, you will need to repartition your disk and leave the first 32 KBytes of the disk free (in most cases, you will need to delete and recreate the first partition). We recommend that you use the Microsoft partition manager that is available e.g. when you are installing Windows.</entry>
+ <entry lang="en" key="NO_SPACE_FOR_BOOT_LOADER">The VeraCrypt Boot Loader requires at least 32 KibiBytes of free space at the beginning of the system drive (the VeraCrypt Boot Loader needs to be stored in that area). Unfortunately, your drive does not meet this condition.\n\nPlease do NOT report this as a bug/problem in VeraCrypt. To solve this problem, you will need to repartition your disk and leave the first 32 KibiBytes of the disk free (in most cases, you will need to delete and recreate the first partition). We recommend that you use the Microsoft partition manager that is available e.g. when you are installing Windows.</entry>
<entry lang="en" key="FEATURE_UNSUPPORTED_ON_CURRENT_OS">The feature is not supported on the version of the operating system you are currently using.</entry>
<entry lang="en" key="SYS_ENCRYPTION_UNSUPPORTED_ON_CURRENT_OS">VeraCrypt does not support encryption of a system partition/drive on the version of the operating system you are currently using.</entry>
<entry lang="en" key="SYS_ENCRYPTION_UNSUPPORTED_ON_VISTA_SP0">Before you can encrypt the system partition/drive on Windows Vista, you need to install Service Pack 1 or higher for Windows Vista (no such Service Pack has been installed on this system yet).\n\nNote: Service Pack 1 for Windows Vista resolved an issue causing a shortage of free base memory during system boot.</entry>
@@ -1363,17 +1363,17 @@
<entry lang="en" key="VK_ALT">Alt</entry>
<entry lang="en" key="VK_WIN">Win</entry>
<entry lang="en" key="BYTE">B</entry>
- <entry lang="en" key="KB">KB</entry>
- <entry lang="en" key="MB">MB</entry>
- <entry lang="en" key="GB">GB</entry>
- <entry lang="en" key="TB">TB</entry>
- <entry lang="en" key="PB">PB</entry>
+ <entry lang="en" key="KB">KiB</entry>
+ <entry lang="en" key="MB">MiB</entry>
+ <entry lang="en" key="GB">GiB</entry>
+ <entry lang="en" key="TB">TiB</entry>
+ <entry lang="en" key="PB">PiB</entry>
<entry lang="en" key="B_PER_SEC">B/s</entry>
- <entry lang="en" key="KB_PER_SEC">KB/s</entry>
- <entry lang="en" key="MB_PER_SEC">MB/s</entry>
- <entry lang="en" key="GB_PER_SEC">GB/s</entry>
- <entry lang="en" key="TB_PER_SEC">TB/s</entry>
- <entry lang="en" key="PB_PER_SEC">PB/s</entry>
+ <entry lang="en" key="KB_PER_SEC">KiB/s</entry>
+ <entry lang="en" key="MB_PER_SEC">MiB/s</entry>
+ <entry lang="en" key="GB_PER_SEC">GiB/s</entry>
+ <entry lang="en" key="TB_PER_SEC">TiB/s</entry>
+ <entry lang="en" key="PB_PER_SEC">PiB/s</entry>
<entry lang="en" key="TRIPLE_DOT_GLYPH_ELLIPSIS">…</entry>
<entry lang="en" key="IDC_BOOT_LOADER_CACHE_PIM">Include &amp;PIM when caching pre-boot authentication password</entry>
<entry lang="en" key="IDC_PREF_CACHE_PIM">Include PIM when caching a password</entry>
@@ -1435,6 +1435,9 @@
<entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
<entry lang="en" key="IDC_USE_LEGACY_MAX_PASSWORD_LENGTH">Use legacy maximum password length (64 characters)</entry>
<entry lang="en" key="IDC_ENABLE_RAM_ENCRYPTION">Activate encryption of keys and passwords stored in RAM</entry>
+ <entry lang="en" key="IDT_BENCHMARK">Benchmark:</entry>
+ <entry lang="en" key="IDC_DISABLE_MOUNT_MANAGER">Only create virtual device without mounting on selected drive letter</entry>
+ <entry lang="en" key="LEGACY_PASSWORD_UTF8_TOO_LONG">The entered password is too long: its UTF-8 representation exceeds 64 bytes.</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/src/Common/Password.c b/src/Common/Password.c
index ca0dd46..f2413b6 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -224,6 +224,19 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
if (dev == INVALID_HANDLE_VALUE)
goto error;
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Write timestamps are not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
if (bDevice)
{
@@ -313,13 +326,6 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
SetRandomPoolEnrichedByUserStatus (FALSE); /* force the display of the random enriching dialog */
- if (!bDevice && bPreserveTimestamp)
- {
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
- }
for (volumeType = TC_VOLUME_TYPE_NORMAL; volumeType < TC_VOLUME_TYPE_COUNT; volumeType++)
{
diff --git a/src/Common/Random.c b/src/Common/Random.c
index 1c6b953..09c55bf 100644
--- a/src/Common/Random.c
+++ b/src/Common/Random.c
@@ -94,14 +94,21 @@ HCRYPTPROV hCryptProv;
/* Init the random number generator, setup the hooks, and start the thread */
-int Randinit ()
+int RandinitWithCheck ( int* pAlreadyInitialized)
{
DWORD dwLastError = ERROR_SUCCESS;
if (GetMaxPkcs5OutSize() > RNG_POOL_SIZE)
TC_THROW_FATAL_EXCEPTION;
if(bRandDidInit)
+ {
+ if (pAlreadyInitialized)
+ *pAlreadyInitialized = 1;
return 0;
+ }
+
+ if (pAlreadyInitialized)
+ *pAlreadyInitialized = 0;
InitializeCriticalSection (&critRandProt);
@@ -153,6 +160,11 @@ error:
return 1;
}
+int Randinit ()
+{
+ return RandinitWithCheck (NULL);
+}
+
/* Close everything down, including the thread which is closed down by
setting a flag which eventually causes the thread function to exit */
void RandStop (BOOL freePool)
@@ -922,19 +934,6 @@ BOOL FastPoll (void)
return FALSE;
}
- /* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */
- if (0 == jent_entropy_init ())
- {
- struct rand_data *ec = jent_entropy_collector_alloc (1, 0);
- if (ec)
- {
- ssize_t rndLen = jent_read_entropy (ec, (char*) buffer, sizeof (buffer));
- if (rndLen > 0)
- RandaddBuf (buffer, (int) rndLen);
- jent_entropy_collector_free (ec);
- }
- }
-
// use RDSEED or RDRAND from CPU as source of entropy if enabled
if ( IsCpuRngEnabled() &&
( (HasRDSEED() && RDSEED_getBytes (buffer, sizeof (buffer)))
diff --git a/src/Common/Random.h b/src/Common/Random.h
index 46fe59a..88dd041 100644
--- a/src/Common/Random.h
+++ b/src/Common/Random.h
@@ -35,6 +35,7 @@ extern "C" {
void RandAddInt ( unsigned __int32 x );
int Randinit ( void );
+int RandinitWithCheck ( int* pAlreadyInitialized);
void RandStop (BOOL freePool);
BOOL IsRandomNumberGeneratorStarted ();
void RandSetHashFunction ( int hash_algo_id );
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index 6ee154e..e5def35 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -54,21 +54,21 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
#define TC_APP_NAME "VeraCrypt"
+// Version displayed to user
+#define VERSION_STRING "1.24-Update6"
+
#ifdef VC_EFI_CUSTOM_MODE
#define VERSION_STRING_SUFFIX "-CustomEFI"
#else
#define VERSION_STRING_SUFFIX ""
#endif
-// Version displayed to user
-#define VERSION_STRING "1.24-Beta5"
-
// Version number to compare against driver
#define VERSION_NUM 0x0124
// Release date
-#define TC_STR_RELEASE_DATE L"March 8, 2019"
-#define TC_RELEASE_DATE_YEAR 2019
+#define TC_STR_RELEASE_DATE L"March 10, 2020"
+#define TC_RELEASE_DATE_YEAR 2020
#define TC_RELEASE_DATE_MONTH 3
#define BYTES_PER_KB 1024LL
@@ -263,6 +263,14 @@ extern ULONG AllocTag;
typedef int BOOL;
#endif
+#ifndef WORD
+typedef USHORT WORD;
+#endif
+
+#ifndef BOOLEAN
+typedef unsigned char BOOLEAN;
+#endif
+
#ifndef TRUE
#define TRUE 1
#endif
@@ -289,6 +297,19 @@ typedef NTSTATUS (NTAPI *ExGetFirmwareEnvironmentVariableFn) (
PULONG Attributes
);
+typedef BOOLEAN (NTAPI *KeAreAllApcsDisabledFn) ();
+
+typedef void (NTAPI *KeSetSystemGroupAffinityThreadFn)(
+ PGROUP_AFFINITY Affinity,
+ PGROUP_AFFINITY PreviousAffinity
+);
+
+typedef USHORT (NTAPI *KeQueryActiveGroupCountFn)();
+
+typedef ULONG (NTAPI *KeQueryActiveProcessorCountExFn)(
+ USHORT GroupNumber
+);
+
extern NTSTATUS NTAPI KeSaveExtendedProcessorState (
__in ULONG64 Mask,
PXSTATE_SAVE XStateSave
@@ -299,6 +320,9 @@ extern VOID NTAPI KeRestoreExtendedProcessorState (
PXSTATE_SAVE XStateSave
);
+extern BOOLEAN VC_KeAreAllApcsDisabled (VOID);
+
+
#else /* !TC_WINDOWS_DRIVER */
#if !defined(_UEFI)
#define TCalloc malloc
diff --git a/src/Common/Zip.vcxproj b/src/Common/Zip.vcxproj
index 746f771..086657b 100644
--- a/src/Common/Zip.vcxproj
+++ b/src/Common/Zip.vcxproj
@@ -81,6 +81,7 @@
<ClCompile Include="libzip\zip_set_file_comment.c" />
<ClCompile Include="libzip\zip_set_file_compression.c" />
<ClCompile Include="libzip\zip_set_name.c" />
+ <ClCompile Include="libzip\zip_source_accept_empty.c" />
<ClCompile Include="libzip\zip_source_begin_write.c" />
<ClCompile Include="libzip\zip_source_begin_write_cloning.c" />
<ClCompile Include="libzip\zip_source_buffer.c" />
diff --git a/src/Common/Zip.vcxproj.filters b/src/Common/Zip.vcxproj.filters
index fa83631..f274e80 100644
--- a/src/Common/Zip.vcxproj.filters
+++ b/src/Common/Zip.vcxproj.filters
@@ -360,6 +360,9 @@
<ClCompile Include="libzip\zip_source_get_compression_flags.c">
<Filter>libzip</Filter>
</ClCompile>
+ <ClCompile Include="libzip\zip_source_accept_empty.c">
+ <Filter>libzip</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="libzip\compat.h">
diff --git a/src/Common/libzip/NEWS.md b/src/Common/libzip/NEWS.md
index ab2be0a..9d8d2a3 100644
--- a/src/Common/libzip/NEWS.md
+++ b/src/Common/libzip/NEWS.md
@@ -1,3 +1,11 @@
+1.5.2 [2019-03-12]
+==================
+* Fix bug in AES encryption affecting certain file sizes
+* Keep file permissions when modifying zip archives
+* Support systems with small stack size.
+* Support mbed TLS as crypto backend.
+* Add nullability annotations.
+
1.5.1 [2018-04-11]
==================
diff --git a/src/Common/libzip/compat.h b/src/Common/libzip/compat.h
index 7604d96..e0a27be 100644
--- a/src/Common/libzip/compat.h
+++ b/src/Common/libzip/compat.h
@@ -3,7 +3,7 @@
/*
compat.h -- compatibility defines.
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -81,6 +81,11 @@ typedef char bool;
#define EOVERFLOW EFBIG
#endif
+/* not supported on at least Windows */
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
#ifdef _WIN32
#if defined(HAVE__CHMOD)
#define chmod _chmod
@@ -120,9 +125,6 @@ typedef char bool;
#if !defined(HAVE_STRTOULL) && defined(HAVE__STRTOUI64)
#define strtoull _strtoui64
#endif
-#if defined(HAVE__UMASK)
-#define umask _umask
-#endif
#if defined(HAVE__UNLINK)
#define unlink _unlink
#endif
@@ -136,11 +138,6 @@ typedef char bool;
#define ftello(s) ((long)ftell((s)))
#endif
-#ifndef HAVE_MKSTEMP
-int _zip_mkstemp(char *);
-#define mkstemp _zip_mkstemp
-#endif
-
#if !defined(HAVE_STRCASECMP)
#if defined(HAVE__STRICMP)
#define strcasecmp _stricmp
@@ -203,4 +200,8 @@ int _zip_mkstemp(char *);
#define S_ISDIR(mode) (((mode)&S_IFMT) == S_IFDIR)
#endif
+#ifndef S_ISREG
+#define S_ISREG(mode) (((mode)&S_IFMT) == S_IFREG)
+#endif
+
#endif /* compat.h */
diff --git a/src/Common/libzip/config.h b/src/Common/libzip/config.h
index d6134b4..4de10df 100644
--- a/src/Common/libzip/config.h
+++ b/src/Common/libzip/config.h
@@ -76,7 +76,7 @@
#define HAVE_SHARED
/* END DEFINES */
#define PACKAGE "libzip"
-#define VERSION "1.5.0a"
+#define VERSION "1.5.2"
#ifndef HAVE_SSIZE_T_LIBZIP
# if SIZE_T_LIBZIP == INT_LIBZIP
diff --git a/src/Common/libzip/zip.h b/src/Common/libzip/zip.h
index 2d83a99..34b544e 100644
--- a/src/Common/libzip/zip.h
+++ b/src/Common/libzip/zip.h
@@ -3,7 +3,7 @@
/*
zip.h -- exported declarations.
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2020 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -134,6 +134,7 @@ extern "C" {
#define ZIP_ER_INUSE 29 /* N Resource still in use */
#define ZIP_ER_TELL 30 /* S Tell error */
#define ZIP_ER_COMPRESSED_DATA 31 /* N Compressed data invalid */
+#define ZIP_ER_CANCELLED 32 /* N Operation cancelled */
/* type of system error value */
@@ -162,6 +163,7 @@ extern "C" {
/* 15-17 - Reserved by PKWARE */
#define ZIP_CM_TERSE 18 /* compressed using IBM TERSE (new) */
#define ZIP_CM_LZ77 19 /* IBM LZ77 z Architecture (PFS) */
+#define ZIP_CM_LZMA2 33
#define ZIP_CM_XZ 95 /* XZ compressed data */
#define ZIP_CM_JPEG 96 /* Compressed Jpeg data */
#define ZIP_CM_WAVPACK 97 /* WavPack compressed data */
@@ -229,7 +231,8 @@ enum zip_source_cmd {
ZIP_SOURCE_SUPPORTS, /* check whether source supports command */
ZIP_SOURCE_REMOVE, /* remove file */
ZIP_SOURCE_GET_COMPRESSION_FLAGS, /* get compression flags, internal only */
- ZIP_SOURCE_BEGIN_WRITE_CLONING /* like ZIP_SOURCE_BEGIN_WRITE, but keep part of original file */
+ ZIP_SOURCE_BEGIN_WRITE_CLONING, /* like ZIP_SOURCE_BEGIN_WRITE, but keep part of original file */
+ ZIP_SOURCE_ACCEPT_EMPTY /* whether empty files are valid archives */
};
typedef enum zip_source_cmd zip_source_cmd_t;
@@ -290,7 +293,7 @@ struct zip_error {
struct zip_stat {
zip_uint64_t valid; /* which fields have valid values */
- const char *name; /* name of the file */
+ const char * name; /* name of the file */
zip_uint64_t index; /* index within archive */
zip_uint64_t size; /* size of file (uncompressed) */
zip_uint64_t comp_size; /* size of file (compressed) */
@@ -302,7 +305,7 @@ struct zip_stat {
};
struct zip_buffer_fragment {
- zip_uint8_t *data;
+ zip_uint8_t * data;
zip_uint64_t length;
};
@@ -321,6 +324,7 @@ typedef zip_uint32_t zip_flags_t;
typedef zip_int64_t (*zip_source_callback)(void *, void *, zip_uint64_t, zip_source_cmd_t);
typedef void (*zip_progress_callback)(zip_t *, double, void *);
+typedef int (*zip_cancel_callback)(zip_t *, void *);
#ifndef ZIP_DISABLE_DEPRECATED
typedef void (*zip_progress_callback_t)(double);
@@ -328,7 +332,7 @@ ZIP_EXTERN void zip_register_progress_callback(zip_t *, zip_progress_callback_t)
ZIP_EXTERN zip_int64_t zip_add(zip_t *, const char *, zip_source_t *); /* use zip_file_add */
ZIP_EXTERN zip_int64_t zip_add_dir(zip_t *, const char *); /* use zip_dir_add */
-ZIP_EXTERN const char *zip_get_file_comment(zip_t *, zip_uint64_t, int *, int); /* use zip_file_get_comment */
+ZIP_EXTERN const char * zip_get_file_comment(zip_t *, zip_uint64_t, int *, int); /* use zip_file_get_comment */
ZIP_EXTERN int zip_get_num_files(zip_t *); /* use zip_get_num_entries instead */
ZIP_EXTERN int zip_rename(zip_t *, zip_uint64_t, const char *); /* use zip_file_rename */
ZIP_EXTERN int zip_replace(zip_t *, zip_uint64_t, zip_source_t *); /* use zip_file_replace */
@@ -344,7 +348,7 @@ ZIP_EXTERN int zip_delete(zip_t *, zip_uint64_t);
ZIP_EXTERN zip_int64_t zip_dir_add(zip_t *, const char *, zip_flags_t);
ZIP_EXTERN void zip_discard(zip_t *);
-ZIP_EXTERN zip_error_t *zip_get_error(zip_t *);
+ZIP_EXTERN zip_error_t * zip_get_error(zip_t *);
ZIP_EXTERN void zip_error_clear(zip_t *);
ZIP_EXTERN int zip_error_code_zip(const zip_error_t *);
ZIP_EXTERN int zip_error_code_system(const zip_error_t *);
@@ -352,12 +356,12 @@ ZIP_EXTERN void zip_error_fini(zip_error_t *);
ZIP_EXTERN void zip_error_init(zip_error_t *);
ZIP_EXTERN void zip_error_init_with_code(zip_error_t *, int);
ZIP_EXTERN void zip_error_set(zip_error_t *, int, int);
-ZIP_EXTERN const char *zip_error_strerror(zip_error_t *);
+ZIP_EXTERN const char * zip_error_strerror(zip_error_t *);
ZIP_EXTERN int zip_error_system_type(const zip_error_t *);
ZIP_EXTERN zip_int64_t zip_error_to_data(const zip_error_t *, void *, zip_uint64_t);
ZIP_EXTERN int zip_fclose(zip_file_t *);
-ZIP_EXTERN zip_t *zip_fdopen(int, int, int *);
+ZIP_EXTERN zip_t * zip_fdopen(int, int, int *);
ZIP_EXTERN zip_int64_t zip_file_add(zip_t *, const char *, zip_source_t *, zip_flags_t);
ZIP_EXTERN void zip_file_error_clear(zip_file_t *);
ZIP_EXTERN int zip_file_extra_field_delete(zip_t *, zip_uint64_t, zip_uint16_t, zip_flags_t);
@@ -365,54 +369,56 @@ ZIP_EXTERN int zip_file_extra_field_delete_by_id(zip_t *, zip_uint64_t, zip_uint
ZIP_EXTERN int zip_file_extra_field_set(zip_t *, zip_uint64_t, zip_uint16_t, zip_uint16_t, const zip_uint8_t *, zip_uint16_t, zip_flags_t);
ZIP_EXTERN zip_int16_t zip_file_extra_fields_count(zip_t *, zip_uint64_t, zip_flags_t);
ZIP_EXTERN zip_int16_t zip_file_extra_fields_count_by_id(zip_t *, zip_uint64_t, zip_uint16_t, zip_flags_t);
-ZIP_EXTERN const zip_uint8_t *zip_file_extra_field_get(zip_t *, zip_uint64_t, zip_uint16_t, zip_uint16_t *, zip_uint16_t *, zip_flags_t);
-ZIP_EXTERN const zip_uint8_t *zip_file_extra_field_get_by_id(zip_t *, zip_uint64_t, zip_uint16_t, zip_uint16_t, zip_uint16_t *, zip_flags_t);
-ZIP_EXTERN const char *zip_file_get_comment(zip_t *, zip_uint64_t, zip_uint32_t *, zip_flags_t);
-ZIP_EXTERN zip_error_t *zip_file_get_error(zip_file_t *);
+ZIP_EXTERN const zip_uint8_t * zip_file_extra_field_get(zip_t *, zip_uint64_t, zip_uint16_t, zip_uint16_t *, zip_uint16_t *, zip_flags_t);
+ZIP_EXTERN const zip_uint8_t * zip_file_extra_field_get_by_id(zip_t *, zip_uint64_t, zip_uint16_t, zip_uint16_t, zip_uint16_t *, zip_flags_t);
+ZIP_EXTERN const char * zip_file_get_comment(zip_t *, zip_uint64_t, zip_uint32_t *, zip_flags_t);
+ZIP_EXTERN zip_error_t * zip_file_get_error(zip_file_t *);
ZIP_EXTERN int zip_file_get_external_attributes(zip_t *, zip_uint64_t, zip_flags_t, zip_uint8_t *, zip_uint32_t *);
ZIP_EXTERN int zip_file_rename(zip_t *, zip_uint64_t, const char *, zip_flags_t);
ZIP_EXTERN int zip_file_replace(zip_t *, zip_uint64_t, zip_source_t *, zip_flags_t);
ZIP_EXTERN int zip_file_set_comment(zip_t *, zip_uint64_t, const char *, zip_uint16_t, zip_flags_t);
+ZIP_EXTERN int zip_file_set_dostime(zip_t *, zip_uint64_t, zip_uint16_t, zip_uint16_t, zip_flags_t);
ZIP_EXTERN int zip_file_set_encryption(zip_t *, zip_uint64_t, zip_uint16_t, const char *);
ZIP_EXTERN int zip_file_set_external_attributes(zip_t *, zip_uint64_t, zip_flags_t, zip_uint8_t, zip_uint32_t);
ZIP_EXTERN int zip_file_set_mtime(zip_t *, zip_uint64_t, time_t, zip_flags_t);
-ZIP_EXTERN const char *zip_file_strerror(zip_file_t *);
-ZIP_EXTERN zip_file_t *zip_fopen(zip_t *, const char *, zip_flags_t);
-ZIP_EXTERN zip_file_t *zip_fopen_encrypted(zip_t *, const char *, zip_flags_t, const char *);
-ZIP_EXTERN zip_file_t *zip_fopen_index(zip_t *, zip_uint64_t, zip_flags_t);
-ZIP_EXTERN zip_file_t *zip_fopen_index_encrypted(zip_t *, zip_uint64_t, zip_flags_t, const char *);
+ZIP_EXTERN const char * zip_file_strerror(zip_file_t *);
+ZIP_EXTERN zip_file_t * zip_fopen(zip_t *, const char *, zip_flags_t);
+ZIP_EXTERN zip_file_t * zip_fopen_encrypted(zip_t *, const char *, zip_flags_t, const char *);
+ZIP_EXTERN zip_file_t * zip_fopen_index(zip_t *, zip_uint64_t, zip_flags_t);
+ZIP_EXTERN zip_file_t * zip_fopen_index_encrypted(zip_t *, zip_uint64_t, zip_flags_t, const char *);
ZIP_EXTERN zip_int64_t zip_fread(zip_file_t *, void *, zip_uint64_t);
ZIP_EXTERN zip_int8_t zip_fseek(zip_file_t *, zip_int64_t, int);
ZIP_EXTERN zip_int64_t zip_ftell(zip_file_t *);
-ZIP_EXTERN const char *zip_get_archive_comment(zip_t *, int *, zip_flags_t);
+ZIP_EXTERN const char * zip_get_archive_comment(zip_t *, int *, zip_flags_t);
ZIP_EXTERN int zip_get_archive_flag(zip_t *, zip_flags_t, zip_flags_t);
-ZIP_EXTERN const char *zip_get_name(zip_t *, zip_uint64_t, zip_flags_t);
+ZIP_EXTERN const char * zip_get_name(zip_t *, zip_uint64_t, zip_flags_t);
ZIP_EXTERN zip_int64_t zip_get_num_entries(zip_t *, zip_flags_t);
-ZIP_EXTERN const char *zip_libzip_version(void);
+ZIP_EXTERN const char * zip_libzip_version(void);
ZIP_EXTERN zip_int64_t zip_name_locate(zip_t *, const char *, zip_flags_t);
-ZIP_EXTERN zip_t *zip_open(const char *, int, int *);
-ZIP_EXTERN zip_t *zip_open_from_source(zip_source_t *, int, zip_error_t *);
+ZIP_EXTERN zip_t * zip_open(const char *, int, int *);
+ZIP_EXTERN zip_t * zip_open_from_source(zip_source_t *, int, zip_error_t *);
ZIP_EXTERN int zip_register_progress_callback_with_state(zip_t *, double, zip_progress_callback, void (*)(void *), void *);
+ZIP_EXTERN int zip_register_cancel_callback_with_state(zip_t *, zip_cancel_callback, void (*)(void *), void *);
ZIP_EXTERN int zip_set_archive_comment(zip_t *, const char *, zip_uint16_t);
ZIP_EXTERN int zip_set_archive_flag(zip_t *, zip_flags_t, int);
ZIP_EXTERN int zip_set_default_password(zip_t *, const char *);
ZIP_EXTERN int zip_set_file_compression(zip_t *, zip_uint64_t, zip_int32_t, zip_uint32_t);
ZIP_EXTERN int zip_source_begin_write(zip_source_t *);
ZIP_EXTERN int zip_source_begin_write_cloning(zip_source_t *, zip_uint64_t);
-ZIP_EXTERN zip_source_t *zip_source_buffer(zip_t *, const void *, zip_uint64_t, int);
-ZIP_EXTERN zip_source_t *zip_source_buffer_create(const void *, zip_uint64_t, int, zip_error_t *);
-ZIP_EXTERN zip_source_t *zip_source_buffer_fragment(zip_t *, const zip_buffer_fragment_t *, zip_uint64_t, int);
-ZIP_EXTERN zip_source_t *zip_source_buffer_fragment_create(const zip_buffer_fragment_t *, zip_uint64_t, int, zip_error_t *);
+ZIP_EXTERN zip_source_t * zip_source_buffer(zip_t *, const void *, zip_uint64_t, int);
+ZIP_EXTERN zip_source_t * zip_source_buffer_create(const void *, zip_uint64_t, int, zip_error_t *);
+ZIP_EXTERN zip_source_t * zip_source_buffer_fragment(zip_t *, const zip_buffer_fragment_t *, zip_uint64_t, int);
+ZIP_EXTERN zip_source_t * zip_source_buffer_fragment_create(const zip_buffer_fragment_t *, zip_uint64_t, int, zip_error_t *);
ZIP_EXTERN int zip_source_close(zip_source_t *);
ZIP_EXTERN int zip_source_commit_write(zip_source_t *);
-ZIP_EXTERN zip_error_t *zip_source_error(zip_source_t *);
-ZIP_EXTERN zip_source_t *zip_source_file(zip_t *, const char *, zip_uint64_t, zip_int64_t);
-ZIP_EXTERN zip_source_t *zip_source_file_create(const char *, zip_uint64_t, zip_int64_t, zip_error_t *);
-ZIP_EXTERN zip_source_t *zip_source_filep(zip_t *, FILE *, zip_uint64_t, zip_int64_t);
-ZIP_EXTERN zip_source_t *zip_source_filep_create(FILE *, zip_uint64_t, zip_int64_t, zip_error_t *);
+ZIP_EXTERN zip_error_t * zip_source_error(zip_source_t *);
+ZIP_EXTERN zip_source_t * zip_source_file(zip_t *, const char *, zip_uint64_t, zip_int64_t);
+ZIP_EXTERN zip_source_t * zip_source_file_create(const char *, zip_uint64_t, zip_int64_t, zip_error_t *);
+ZIP_EXTERN zip_source_t * zip_source_filep(zip_t *, FILE *, zip_uint64_t, zip_int64_t);
+ZIP_EXTERN zip_source_t * zip_source_filep_create(FILE *, zip_uint64_t, zip_int64_t, zip_error_t *);
ZIP_EXTERN void zip_source_free(zip_source_t *);
-ZIP_EXTERN zip_source_t *zip_source_function(zip_t *, zip_source_callback, void *);
-ZIP_EXTERN zip_source_t *zip_source_function_create(zip_source_callback, void *, zip_error_t *);
+ZIP_EXTERN zip_source_t * zip_source_function(zip_t *, zip_source_callback , void *);
+ZIP_EXTERN zip_source_t * zip_source_function_create(zip_source_callback , void *, zip_error_t *);
ZIP_EXTERN int zip_source_is_deleted(zip_source_t *);
ZIP_EXTERN void zip_source_keep(zip_source_t *);
ZIP_EXTERN zip_int64_t zip_source_make_command_bitmap(zip_source_cmd_t, ...);
@@ -434,11 +440,11 @@ ZIP_EXTERN zip_source_t *zip_source_win32w(zip_t *, const wchar_t *, zip_uint64_
ZIP_EXTERN zip_source_t *zip_source_win32w_create(const wchar_t *, zip_uint64_t, zip_int64_t, zip_error_t *);
#endif
ZIP_EXTERN zip_int64_t zip_source_write(zip_source_t *, const void *, zip_uint64_t);
-ZIP_EXTERN zip_source_t *zip_source_zip(zip_t *, zip_t *, zip_uint64_t, zip_flags_t, zip_uint64_t, zip_int64_t);
+ZIP_EXTERN zip_source_t * zip_source_zip(zip_t *, zip_t *, zip_uint64_t, zip_flags_t, zip_uint64_t, zip_int64_t);
ZIP_EXTERN int zip_stat(zip_t *, const char *, zip_flags_t, zip_stat_t *);
ZIP_EXTERN int zip_stat_index(zip_t *, zip_uint64_t, zip_flags_t, zip_stat_t *);
-ZIP_EXTERN void zip_stat_init(zip_stat_t *);
-ZIP_EXTERN const char *zip_strerror(zip_t *);
+ZIP_EXTERN void zip_stat_init( zip_stat_t *);
+ZIP_EXTERN const char * zip_strerror(zip_t *);
ZIP_EXTERN int zip_unchange(zip_t *, zip_uint64_t);
ZIP_EXTERN int zip_unchange_all(zip_t *);
ZIP_EXTERN int zip_unchange_archive(zip_t *);
diff --git a/src/Common/libzip/zip_add.c b/src/Common/libzip/zip_add.c
index 69966d3..1954235 100644
--- a/src/Common/libzip/zip_add.c
+++ b/src/Common/libzip/zip_add.c
@@ -1,6 +1,6 @@
/*
zip_add.c -- add file via callback function
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_add_dir.c b/src/Common/libzip/zip_add_dir.c
index a0026a7..88fcf53 100644
--- a/src/Common/libzip/zip_add_dir.c
+++ b/src/Common/libzip/zip_add_dir.c
@@ -1,6 +1,6 @@
/*
zip_add_dir.c -- add directory
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_add_entry.c b/src/Common/libzip/zip_add_entry.c
index f1de445..f52e0b5 100644
--- a/src/Common/libzip/zip_add_entry.c
+++ b/src/Common/libzip/zip_add_entry.c
@@ -1,6 +1,6 @@
/*
zip_add_entry.c -- create and init struct zip_entry
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_algorithm_deflate.c b/src/Common/libzip/zip_algorithm_deflate.c
index 2a1c904..30e072a 100644
--- a/src/Common/libzip/zip_algorithm_deflate.c
+++ b/src/Common/libzip/zip_algorithm_deflate.c
@@ -1,6 +1,6 @@
/*
zip_algorithm_deflate.c -- deflate (de)compression routines
- Copyright (C) 2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2017-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -51,6 +51,7 @@ allocate(bool compress, int compression_flags, zip_error_t *error) {
struct ctx *ctx;
if ((ctx = (struct ctx *)malloc(sizeof(*ctx))) == NULL) {
+ zip_error_set(error, ZIP_ET_SYS, errno);
return NULL;
}
diff --git a/src/Common/libzip/zip_buffer.c b/src/Common/libzip/zip_buffer.c
index 96010b2..8c24b27 100644
--- a/src/Common/libzip/zip_buffer.c
+++ b/src/Common/libzip/zip_buffer.c
@@ -1,6 +1,6 @@
/*
zip_buffer.c -- bounds checked access to memory buffer
- Copyright (C) 2014-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_close.c b/src/Common/libzip/zip_close.c
index c46e1b3..2a9fed2 100644
--- a/src/Common/libzip/zip_close.c
+++ b/src/Common/libzip/zip_close.c
@@ -1,6 +1,6 @@
/*
zip_close.c -- close zip archive and update changes
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2020 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -73,8 +73,10 @@ zip_close(zip_t *za) {
if (survivors == 0) {
if ((za->open_flags & ZIP_TRUNCATE) || changed) {
if (zip_source_remove(za->src) < 0) {
- _zip_error_set_from_source(&za->error, za->src);
- return -1;
+ if (!((zip_error_code_zip(zip_source_error(za->src)) == ZIP_ER_REMOVE) && (zip_error_code_system(zip_source_error(za->src)) == ENOENT))) {
+ _zip_error_set_from_source(&za->error, za->src);
+ return -1;
+ }
}
}
zip_discard(za);
@@ -158,14 +160,23 @@ zip_close(zip_t *za) {
}
}
- _zip_progress_start(za->progress);
+ if (_zip_progress_start(za->progress) != 0) {
+ zip_error_set(&za->error, ZIP_ER_CANCELLED, 0);
+ zip_source_rollback_write(za->src);
+ free(filelist);
+ return -1;
+ }
error = 0;
for (j = 0; j < survivors; j++) {
int new_data;
zip_entry_t *entry;
zip_dirent_t *de;
- _zip_progress_subrange(za->progress, (double)j / (double)survivors, (double)(j + 1) / (double)survivors);
+ if (_zip_progress_subrange(za->progress, (double)j / (double)survivors, (double)(j + 1) / (double)survivors) != 0) {
+ zip_error_set(&za->error, ZIP_ER_CANCELLED, 0);
+ error = 1;
+ break;
+ }
i = filelist[j].idx;
entry = za->entry + i;
@@ -256,10 +267,9 @@ zip_close(zip_t *za) {
_zip_error_set_from_source(&za->error, za->src);
error = 1;
}
+ _zip_progress_end(za->progress);
}
- _zip_progress_end(za->progress);
-
if (error) {
zip_source_rollback_write(za->src);
return -1;
@@ -520,32 +530,43 @@ add_data(zip_t *za, zip_source_t *src, zip_dirent_t *de) {
static int
copy_data(zip_t *za, zip_uint64_t len) {
- zip_uint8_t buf[BUFSIZE];
+ DEFINE_BYTE_ARRAY(buf, BUFSIZE);
size_t n;
double total = (double)len;
+ if (!byte_array_init(buf, BUFSIZE)) {
+ zip_error_set(&za->error, ZIP_ER_MEMORY, 0);
+ return -1;
+ }
+
while (len > 0) {
- n = len > sizeof(buf) ? sizeof(buf) : len;
+ n = len > BUFSIZE ? BUFSIZE : len;
if (_zip_read(za->src, buf, n, &za->error) < 0) {
+ byte_array_fini(buf);
return -1;
}
if (_zip_write(za, buf, n) < 0) {
+ byte_array_fini(buf);
return -1;
}
len -= n;
- _zip_progress_update(za->progress, (total - (double)len) / total);
+ if (_zip_progress_update(za->progress, (total - (double)len) / total) != 0) {
+ zip_error_set(&za->error, ZIP_ER_CANCELLED, 0);
+ return -1;
+ }
}
+ byte_array_fini(buf);
return 0;
}
static int
copy_source(zip_t *za, zip_source_t *src, zip_int64_t data_length) {
- zip_uint8_t buf[BUFSIZE];
+ DEFINE_BYTE_ARRAY(buf, BUFSIZE);
zip_int64_t n, current;
int ret;
@@ -554,16 +575,25 @@ copy_source(zip_t *za, zip_source_t *src, zip_int64_t data_length) {
return -1;
}
+ if (!byte_array_init(buf, BUFSIZE)) {
+ zip_error_set(&za->error, ZIP_ER_MEMORY, 0);
+ return -1;
+ }
+
ret = 0;
current = 0;
- while ((n = zip_source_read(src, buf, sizeof(buf))) > 0) {
+ while ((n = zip_source_read(src, buf, BUFSIZE)) > 0) {
if (_zip_write(za, buf, (zip_uint64_t)n) < 0) {
ret = -1;
break;
}
- if (n == sizeof(buf) && za->progress && data_length > 0) {
+ if (n == BUFSIZE && za->progress && data_length > 0) {
current += n;
- _zip_progress_update(za->progress, (double)current / (double)data_length);
+ if (_zip_progress_update(za->progress, (double)current / (double)data_length) != 0) {
+ zip_error_set(&za->error, ZIP_ER_CANCELLED, 0);
+ ret = -1;
+ break;
+ }
}
}
@@ -572,6 +602,8 @@ copy_source(zip_t *za, zip_source_t *src, zip_int64_t data_length) {
ret = -1;
}
+ byte_array_fini(buf);
+
zip_source_close(src);
return ret;
diff --git a/src/Common/libzip/zip_delete.c b/src/Common/libzip/zip_delete.c
index ae8f5a6..97701a0 100644
--- a/src/Common/libzip/zip_delete.c
+++ b/src/Common/libzip/zip_delete.c
@@ -1,6 +1,6 @@
/*
zip_delete.c -- delete file from zip archive
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_dir_add.c b/src/Common/libzip/zip_dir_add.c
index 236b439..c40b1cb 100644
--- a/src/Common/libzip/zip_dir_add.c
+++ b/src/Common/libzip/zip_dir_add.c
@@ -1,6 +1,6 @@
/*
zip_dir_add.c -- add directory
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_dirent.c b/src/Common/libzip/zip_dirent.c
index a6dbfac..2bbb63d 100644
--- a/src/Common/libzip/zip_dirent.c
+++ b/src/Common/libzip/zip_dirent.c
@@ -1,6 +1,6 @@
/*
zip_dirent.c -- read directory entry (local or central), clean dirent
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2020 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -41,7 +41,6 @@
#include "zipint.h"
-static time_t _zip_d2u_time(zip_uint16_t, zip_uint16_t);
static zip_string_t *_zip_dirent_process_ef_utf_8(const zip_dirent_t *de, zip_uint16_t id, zip_string_t *str);
static zip_extra_field_t *_zip_ef_utf8(zip_uint16_t, zip_string_t *, zip_error_t *);
static bool _zip_dirent_process_winzip_aes(zip_dirent_t *de, zip_error_t *error);
@@ -978,7 +977,7 @@ _zip_dirent_write(zip_t *za, zip_dirent_t *de, zip_flags_t flags) {
}
-static time_t
+time_t
_zip_d2u_time(zip_uint16_t dtime, zip_uint16_t ddate) {
struct tm tm;
@@ -1066,15 +1065,26 @@ _zip_get_dirent(zip_t *za, zip_uint64_t idx, zip_flags_t flags, zip_error_t *err
void
_zip_u2d_time(time_t intime, zip_uint16_t *dtime, zip_uint16_t *ddate) {
- struct tm *tm;
+ struct tm *tpm;
- tm = localtime(&intime);
- if (tm->tm_year < 80) {
- tm->tm_year = 80;
+#ifdef HAVE_LOCALTIME_R
+ struct tm tm;
+ tpm = localtime_r(&intime, &tm);
+#else
+ tpm = localtime(&intime);
+#endif
+ if (tpm == NULL) {
+ /* if localtime() fails, return an arbitrary date (1980-01-01 00:00:00) */
+ *ddate = (1 << 5) + 1;
+ *dtime = 0;
+ return;
+ }
+ if (tpm->tm_year < 80) {
+ tpm->tm_year = 80;
}
- *ddate = (zip_uint16_t)(((tm->tm_year + 1900 - 1980) << 9) + ((tm->tm_mon + 1) << 5) + tm->tm_mday);
- *dtime = (zip_uint16_t)(((tm->tm_hour) << 11) + ((tm->tm_min) << 5) + ((tm->tm_sec) >> 1));
+ *ddate = (zip_uint16_t)(((tpm->tm_year + 1900 - 1980) << 9) + ((tpm->tm_mon + 1) << 5) + tpm->tm_mday);
+ *dtime = (zip_uint16_t)(((tpm->tm_hour) << 11) + ((tpm->tm_min) << 5) + ((tpm->tm_sec) >> 1));
return;
}
diff --git a/src/Common/libzip/zip_discard.c b/src/Common/libzip/zip_discard.c
index 5bbf8d6..12f0636 100644
--- a/src/Common/libzip/zip_discard.c
+++ b/src/Common/libzip/zip_discard.c
@@ -1,6 +1,6 @@
/*
zip_discard.c -- discard and free struct zip
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_entry.c b/src/Common/libzip/zip_entry.c
index f083412..52ecaef 100644
--- a/src/Common/libzip/zip_entry.c
+++ b/src/Common/libzip/zip_entry.c
@@ -1,6 +1,6 @@
/*
zip_entry.c -- struct zip_entry helper functions
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_err_str.c b/src/Common/libzip/zip_err_str.c
index 3d9ee54..e0a04a9 100644
--- a/src/Common/libzip/zip_err_str.c
+++ b/src/Common/libzip/zip_err_str.c
@@ -5,16 +5,80 @@
#include "zipint.h"
-const char *const _zip_err_str[] = {
- "No error", "Multi-disk zip archives not supported", "Renaming temporary file failed", "Closing zip archive failed", "Seek error", "Read error", "Write error", "CRC error", "Containing zip archive was closed", "No such file", "File already exists", "Can't open file", "Failure to create temporary file", "Zlib error", "Malloc failure", "Entry has been changed", "Compression method not supported", "Premature end of file", "Invalid argument", "Not a zip archive", "Internal error", "Zip archive inconsistent", "Can't remove file", "Entry has been deleted", "Encryption method not supported", "Read-only archive", "No password provided", "Wrong password provided", "Operation not supported", "Resource still in use", "Tell error", "Compressed data invalid",
+const char * const _zip_err_str[] = {
+ "No error",
+ "Multi-disk zip archives not supported",
+ "Renaming temporary file failed",
+ "Closing zip archive failed",
+ "Seek error",
+ "Read error",
+ "Write error",
+ "CRC error",
+ "Containing zip archive was closed",
+ "No such file",
+ "File already exists",
+ "Can't open file",
+ "Failure to create temporary file",
+ "Zlib error",
+ "Malloc failure",
+ "Entry has been changed",
+ "Compression method not supported",
+ "Premature end of file",
+ "Invalid argument",
+ "Not a zip archive",
+ "Internal error",
+ "Zip archive inconsistent",
+ "Can't remove file",
+ "Entry has been deleted",
+ "Encryption method not supported",
+ "Read-only archive",
+ "No password provided",
+ "Wrong password provided",
+ "Operation not supported",
+ "Resource still in use",
+ "Tell error",
+ "Compressed data invalid",
+ "Operation cancelled",
};
-const int _zip_nerr_str = sizeof(_zip_err_str) / sizeof(_zip_err_str[0]);
+const int _zip_nerr_str = sizeof(_zip_err_str)/sizeof(_zip_err_str[0]);
#define N ZIP_ET_NONE
#define S ZIP_ET_SYS
#define Z ZIP_ET_ZLIB
const int _zip_err_type[] = {
- N, N, S, S, S, S, S, N, N, N, N, S, S, Z, N, N, N, N, N, N, N, N, S, N, N, N, N, N, N, N, S, N,
+ N,
+ N,
+ S,
+ S,
+ S,
+ S,
+ S,
+ N,
+ N,
+ N,
+ N,
+ S,
+ S,
+ Z,
+ N,
+ N,
+ N,
+ N,
+ N,
+ N,
+ N,
+ N,
+ S,
+ N,
+ N,
+ N,
+ N,
+ N,
+ N,
+ N,
+ S,
+ N,
+ N,
};
diff --git a/src/Common/libzip/zip_error.c b/src/Common/libzip/zip_error.c
index 9ccaf91..a0f74f0 100644
--- a/src/Common/libzip/zip_error.c
+++ b/src/Common/libzip/zip_error.c
@@ -1,6 +1,6 @@
/*
zip_error.c -- zip_error_t helper functions
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_error_clear.c b/src/Common/libzip/zip_error_clear.c
index 2cce450..eec1568 100644
--- a/src/Common/libzip/zip_error_clear.c
+++ b/src/Common/libzip/zip_error_clear.c
@@ -1,6 +1,6 @@
/*
zip_error_clear.c -- clear zip error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_error_get.c b/src/Common/libzip/zip_error_get.c
index 1f02ed3..9588b4c 100644
--- a/src/Common/libzip/zip_error_get.c
+++ b/src/Common/libzip/zip_error_get.c
@@ -1,6 +1,6 @@
/*
zip_error_get.c -- get zip error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_error_get_sys_type.c b/src/Common/libzip/zip_error_get_sys_type.c
index d7a594e..3dfe5c2 100644
--- a/src/Common/libzip/zip_error_get_sys_type.c
+++ b/src/Common/libzip/zip_error_get_sys_type.c
@@ -1,6 +1,6 @@
/*
zip_error_get_sys_type.c -- return type of system error code
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_error_strerror.c b/src/Common/libzip/zip_error_strerror.c
index 6baf900..6358577 100644
--- a/src/Common/libzip/zip_error_strerror.c
+++ b/src/Common/libzip/zip_error_strerror.c
@@ -1,6 +1,6 @@
/*
zip_error_sterror.c -- get string representation of struct zip_error
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_error_to_str.c b/src/Common/libzip/zip_error_to_str.c
index 518c0e5..13faf96 100644
--- a/src/Common/libzip/zip_error_to_str.c
+++ b/src/Common/libzip/zip_error_to_str.c
@@ -1,6 +1,6 @@
/*
zip_error_to_str.c -- get string representation of zip error code
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_extra_field.c b/src/Common/libzip/zip_extra_field.c
index 42f97d0..7114a25 100644
--- a/src/Common/libzip/zip_extra_field.c
+++ b/src/Common/libzip/zip_extra_field.c
@@ -1,6 +1,6 @@
/*
zip_extra_field.c -- manipulate extra fields
- Copyright (C) 2012-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_extra_field_api.c b/src/Common/libzip/zip_extra_field_api.c
index 469abd2..605f95d 100644
--- a/src/Common/libzip/zip_extra_field_api.c
+++ b/src/Common/libzip/zip_extra_field_api.c
@@ -1,6 +1,6 @@
/*
zip_extra_field_api.c -- public extra fields API functions
- Copyright (C) 2012-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fclose.c b/src/Common/libzip/zip_fclose.c
index be98cc0..6eb9dc9 100644
--- a/src/Common/libzip/zip_fclose.c
+++ b/src/Common/libzip/zip_fclose.c
@@ -1,6 +1,6 @@
/*
zip_fclose.c -- close file in zip archive
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fdopen.c b/src/Common/libzip/zip_fdopen.c
index b1fc22b..5a732cd 100644
--- a/src/Common/libzip/zip_fdopen.c
+++ b/src/Common/libzip/zip_fdopen.c
@@ -1,6 +1,6 @@
/*
zip_fdopen.c -- open read-only archive from file descriptor
- Copyright (C) 2009-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -67,12 +67,14 @@ zip_fdopen(int fd_orig, int _flags, int *zep) {
zip_error_init(&error);
if ((src = zip_source_filep_create(fp, 0, -1, &error)) == NULL) {
+ fclose(fp);
_zip_set_open_error(zep, &error, 0);
zip_error_fini(&error);
return NULL;
}
if ((za = zip_open_from_source(src, _flags, &error)) == NULL) {
+ zip_source_free(src);
_zip_set_open_error(zep, &error, 0);
zip_error_fini(&error);
return NULL;
diff --git a/src/Common/libzip/zip_file_add.c b/src/Common/libzip/zip_file_add.c
index ec8ef06..c019d8d 100644
--- a/src/Common/libzip/zip_file_add.c
+++ b/src/Common/libzip/zip_file_add.c
@@ -1,6 +1,6 @@
/*
zip_file_add.c -- add file via callback function
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_error_clear.c b/src/Common/libzip/zip_file_error_clear.c
index 666beca..47e5da6 100644
--- a/src/Common/libzip/zip_file_error_clear.c
+++ b/src/Common/libzip/zip_file_error_clear.c
@@ -1,6 +1,6 @@
/*
zip_file_error_clear.c -- clear zip file error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_error_get.c b/src/Common/libzip/zip_file_error_get.c
index d7e0191..1ed68df 100644
--- a/src/Common/libzip/zip_file_error_get.c
+++ b/src/Common/libzip/zip_file_error_get.c
@@ -1,6 +1,6 @@
/*
zip_file_error_get.c -- get zip file error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_get_comment.c b/src/Common/libzip/zip_file_get_comment.c
index 478f3d7..8f68141 100644
--- a/src/Common/libzip/zip_file_get_comment.c
+++ b/src/Common/libzip/zip_file_get_comment.c
@@ -1,6 +1,6 @@
/*
zip_file_get_comment.c -- get file comment
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_get_external_attributes.c b/src/Common/libzip/zip_file_get_external_attributes.c
index e3ede74..ebc2058 100644
--- a/src/Common/libzip/zip_file_get_external_attributes.c
+++ b/src/Common/libzip/zip_file_get_external_attributes.c
@@ -1,6 +1,6 @@
/*
zip_file_get_external_attributes.c -- get opsys/external attributes
- Copyright (C) 2013-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2013-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_get_offset.c b/src/Common/libzip/zip_file_get_offset.c
index 877c179..9ea8909 100644
--- a/src/Common/libzip/zip_file_get_offset.c
+++ b/src/Common/libzip/zip_file_get_offset.c
@@ -1,6 +1,6 @@
/*
zip_file_get_offset.c -- get offset of file data in archive.
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_rename.c b/src/Common/libzip/zip_file_rename.c
index 1eb7fac..7ca428c 100644
--- a/src/Common/libzip/zip_file_rename.c
+++ b/src/Common/libzip/zip_file_rename.c
@@ -1,6 +1,6 @@
/*
zip_file_rename.c -- rename file in zip archive
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_replace.c b/src/Common/libzip/zip_file_replace.c
index e42f5cd..87401f4 100644
--- a/src/Common/libzip/zip_file_replace.c
+++ b/src/Common/libzip/zip_file_replace.c
@@ -1,6 +1,6 @@
/*
zip_file_replace.c -- replace file via callback function
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_set_comment.c b/src/Common/libzip/zip_file_set_comment.c
index 964486b..c309db8 100644
--- a/src/Common/libzip/zip_file_set_comment.c
+++ b/src/Common/libzip/zip_file_set_comment.c
@@ -1,6 +1,6 @@
/*
zip_file_set_comment.c -- set comment for file in archive
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_set_external_attributes.c b/src/Common/libzip/zip_file_set_external_attributes.c
index cd46e88..bb2ea61 100644
--- a/src/Common/libzip/zip_file_set_external_attributes.c
+++ b/src/Common/libzip/zip_file_set_external_attributes.c
@@ -1,6 +1,6 @@
/*
zip_file_set_external_attributes.c -- set external attributes for entry
- Copyright (C) 2013-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2013-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_set_mtime.c b/src/Common/libzip/zip_file_set_mtime.c
index 15316d3..838548e 100644
--- a/src/Common/libzip/zip_file_set_mtime.c
+++ b/src/Common/libzip/zip_file_set_mtime.c
@@ -1,6 +1,6 @@
/*
zip_file_set_mtime.c -- set modification time of entry.
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2020 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -34,9 +34,15 @@
#include "zipint.h"
ZIP_EXTERN int
+zip_file_set_dostime(zip_t *za, zip_uint64_t idx, zip_uint16_t dtime, zip_uint16_t ddate, zip_flags_t flags) {
+ time_t mtime;
+ mtime = _zip_d2u_time(dtime, ddate);
+ return zip_file_set_mtime(za, idx, mtime, flags);
+}
+
+ZIP_EXTERN int
zip_file_set_mtime(zip_t *za, zip_uint64_t idx, time_t mtime, zip_flags_t flags) {
zip_entry_t *e;
- int changed;
if (_zip_get_dirent(za, idx, 0, NULL) == NULL)
return -1;
@@ -48,27 +54,15 @@ zip_file_set_mtime(zip_t *za, zip_uint64_t idx, time_t mtime, zip_flags_t flags)
e = za->entry + idx;
- changed = e->orig == NULL || mtime != e->orig->last_mod;
-
- if (changed) {
- if (e->changes == NULL) {
- if ((e->changes = _zip_dirent_clone(e->orig)) == NULL) {
- zip_error_set(&za->error, ZIP_ER_MEMORY, 0);
- return -1;
- }
- }
- e->changes->last_mod = mtime;
- e->changes->changed |= ZIP_DIRENT_LAST_MOD;
- }
- else {
- if (e->changes) {
- e->changes->changed &= ~ZIP_DIRENT_LAST_MOD;
- if (e->changes->changed == 0) {
- _zip_dirent_free(e->changes);
- e->changes = NULL;
- }
+ if (e->changes == NULL) {
+ if ((e->changes = _zip_dirent_clone(e->orig)) == NULL) {
+ zip_error_set(&za->error, ZIP_ER_MEMORY, 0);
+ return -1;
}
}
+ e->changes->last_mod = mtime;
+ e->changes->changed |= ZIP_DIRENT_LAST_MOD;
+
return 0;
}
diff --git a/src/Common/libzip/zip_file_strerror.c b/src/Common/libzip/zip_file_strerror.c
index fd4008a..1fa7fff 100644
--- a/src/Common/libzip/zip_file_strerror.c
+++ b/src/Common/libzip/zip_file_strerror.c
@@ -1,6 +1,6 @@
/*
zip_file_sterror.c -- get string representation of zip file error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_filerange_crc.c b/src/Common/libzip/zip_filerange_crc.c
index 6c4be27..b887363 100644
--- a/src/Common/libzip/zip_filerange_crc.c
+++ b/src/Common/libzip/zip_filerange_crc.c
@@ -1,6 +1,6 @@
/*
zip_filerange_crc.c -- compute CRC32 for a range of a file
- Copyright (C) 2008-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2008-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -39,7 +39,8 @@
int
_zip_filerange_crc(zip_source_t *src, zip_uint64_t start, zip_uint64_t len, uLong *crcp, zip_error_t *error) {
- Bytef buf[BUFSIZE];
+ DEFINE_BYTE_ARRAY(buf, BUFSIZE);
+
zip_int64_t n;
*crcp = crc32(0L, Z_NULL, 0);
@@ -54,14 +55,21 @@ _zip_filerange_crc(zip_source_t *src, zip_uint64_t start, zip_uint64_t len, uLon
return -1;
}
+ if (!byte_array_init(buf, BUFSIZE)) {
+ zip_error_set(error, ZIP_ER_MEMORY, 0);
+ return -1;
+ }
+
while (len > 0) {
n = (zip_int64_t)(len > BUFSIZE ? BUFSIZE : len);
if ((n = zip_source_read(src, buf, (zip_uint64_t)n)) < 0) {
_zip_error_set_from_source(error, src);
+ byte_array_fini(buf);
return -1;
}
if (n == 0) {
zip_error_set(error, ZIP_ER_EOF, 0);
+ byte_array_fini(buf);
return -1;
}
@@ -70,5 +78,7 @@ _zip_filerange_crc(zip_source_t *src, zip_uint64_t start, zip_uint64_t len, uLon
len -= (zip_uint64_t)n;
}
+ byte_array_fini(buf);
+
return 0;
}
diff --git a/src/Common/libzip/zip_fopen.c b/src/Common/libzip/zip_fopen.c
index cb45cc2..4f1a051 100644
--- a/src/Common/libzip/zip_fopen.c
+++ b/src/Common/libzip/zip_fopen.c
@@ -1,6 +1,6 @@
/*
zip_fopen.c -- open file in zip archive for reading
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fopen_encrypted.c b/src/Common/libzip/zip_fopen_encrypted.c
index abcf6ac..9e9b13e 100644
--- a/src/Common/libzip/zip_fopen_encrypted.c
+++ b/src/Common/libzip/zip_fopen_encrypted.c
@@ -1,6 +1,6 @@
/*
zip_fopen_encrypted.c -- open file for reading with password
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fopen_index.c b/src/Common/libzip/zip_fopen_index.c
index 7dcf1f7..ffca281 100644
--- a/src/Common/libzip/zip_fopen_index.c
+++ b/src/Common/libzip/zip_fopen_index.c
@@ -1,6 +1,6 @@
/*
zip_fopen_index.c -- open file in zip archive for reading by index
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fopen_index_encrypted.c b/src/Common/libzip/zip_fopen_index_encrypted.c
index 6b32008..6712c32 100644
--- a/src/Common/libzip/zip_fopen_index_encrypted.c
+++ b/src/Common/libzip/zip_fopen_index_encrypted.c
@@ -1,6 +1,6 @@
/*
zip_fopen_index_encrypted.c -- open file for reading by index w/ password
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fread.c b/src/Common/libzip/zip_fread.c
index be46cf0..646d712 100644
--- a/src/Common/libzip/zip_fread.c
+++ b/src/Common/libzip/zip_fread.c
@@ -1,6 +1,6 @@
/*
zip_fread.c -- read from file
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_archive_comment.c b/src/Common/libzip/zip_get_archive_comment.c
index a3d5a19..953c6f4 100644
--- a/src/Common/libzip/zip_get_archive_comment.c
+++ b/src/Common/libzip/zip_get_archive_comment.c
@@ -1,6 +1,6 @@
/*
zip_get_archive_comment.c -- get archive comment
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_archive_flag.c b/src/Common/libzip/zip_get_archive_flag.c
index 67fe4f8..fa4dd50 100644
--- a/src/Common/libzip/zip_get_archive_flag.c
+++ b/src/Common/libzip/zip_get_archive_flag.c
@@ -1,6 +1,6 @@
/*
zip_get_archive_flag.c -- get archive global flag
- Copyright (C) 2008-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2008-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_encryption_implementation.c b/src/Common/libzip/zip_get_encryption_implementation.c
index ba459d4..c9d52ad 100644
--- a/src/Common/libzip/zip_get_encryption_implementation.c
+++ b/src/Common/libzip/zip_get_encryption_implementation.c
@@ -1,6 +1,6 @@
/*
zip_get_encryption_implementation.c -- get encryption implementation
- Copyright (C) 2009-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_file_comment.c b/src/Common/libzip/zip_get_file_comment.c
index 44e5917..f800686 100644
--- a/src/Common/libzip/zip_get_file_comment.c
+++ b/src/Common/libzip/zip_get_file_comment.c
@@ -1,6 +1,6 @@
/*
zip_get_file_comment.c -- get file comment
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_name.c b/src/Common/libzip/zip_get_name.c
index d42f14a..4344209 100644
--- a/src/Common/libzip/zip_get_name.c
+++ b/src/Common/libzip/zip_get_name.c
@@ -1,6 +1,6 @@
/*
zip_get_name.c -- get filename for a file in zip file
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_num_entries.c b/src/Common/libzip/zip_get_num_entries.c
index 78f30dc..410d26e 100644
--- a/src/Common/libzip/zip_get_num_entries.c
+++ b/src/Common/libzip/zip_get_num_entries.c
@@ -1,6 +1,6 @@
/*
zip_get_num_entries.c -- get number of entries in archive
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_num_files.c b/src/Common/libzip/zip_get_num_files.c
index 3ccf400..4895eaa 100644
--- a/src/Common/libzip/zip_get_num_files.c
+++ b/src/Common/libzip/zip_get_num_files.c
@@ -1,6 +1,6 @@
/*
zip_get_num_files.c -- get number of files in archive
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_hash.c b/src/Common/libzip/zip_hash.c
index 0d9e996..3206dbf 100644
--- a/src/Common/libzip/zip_hash.c
+++ b/src/Common/libzip/zip_hash.c
@@ -1,6 +1,6 @@
/*
zip_hash.c -- hash table string -> uint64
- Copyright (C) 2015-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2015-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_io_util.c b/src/Common/libzip/zip_io_util.c
index 77be8f0..dd07cbb 100644
--- a/src/Common/libzip/zip_io_util.c
+++ b/src/Common/libzip/zip_io_util.c
@@ -1,6 +1,6 @@
/*
zip_io_util.c -- I/O helper functions
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_memdup.c b/src/Common/libzip/zip_memdup.c
index 9d7949d..05fcb7b 100644
--- a/src/Common/libzip/zip_memdup.c
+++ b/src/Common/libzip/zip_memdup.c
@@ -1,6 +1,6 @@
/*
zip_memdup.c -- internal zip function, "strdup" with len
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_name_locate.c b/src/Common/libzip/zip_name_locate.c
index 6713cab..f7318ec 100644
--- a/src/Common/libzip/zip_name_locate.c
+++ b/src/Common/libzip/zip_name_locate.c
@@ -1,6 +1,6 @@
/*
zip_name_locate.c -- get index by name
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_new.c b/src/Common/libzip/zip_new.c
index 19155f4..4f58ecc 100644
--- a/src/Common/libzip/zip_new.c
+++ b/src/Common/libzip/zip_new.c
@@ -1,6 +1,6 @@
/*
zip_new.c -- create and init struct zip
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_open.c b/src/Common/libzip/zip_open.c
index 1886c9d..4e29c5b 100644
--- a/src/Common/libzip/zip_open.c
+++ b/src/Common/libzip/zip_open.c
@@ -1,6 +1,6 @@
/*
zip_open.c -- open zip archive by name
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -43,8 +43,7 @@
typedef enum {
EXISTS_ERROR = -1,
EXISTS_NOT = 0,
- EXISTS_EMPTY,
- EXISTS_NONEMPTY,
+ EXISTS_OK
} exists_t;
static zip_t *_zip_allocate_new(zip_source_t *src, unsigned int flags, zip_error_t *error);
static zip_int64_t _zip_checkcons(zip_t *za, zip_cdir_t *cdir, zip_error_t *error);
@@ -174,20 +173,16 @@ _zip_open(zip_source_t *src, unsigned int flags, zip_error_t *error) {
}
len = st.size;
- /* treat empty files as empty archives */
- if (len == 0) {
- if ((za = _zip_allocate_new(src, flags, error)) == NULL) {
- zip_source_free(src);
- return NULL;
- }
-
- return za;
- }
if ((za = _zip_allocate_new(src, flags, error)) == NULL) {
return NULL;
}
+ /* treat empty files as empty archives */
+ if (len == 0 && zip_source_accept_empty(src)) {
+ return za;
+ }
+
if ((cdir = _zip_find_central_dir(za, len)) == NULL) {
_zip_error_copy(error, &za->error);
/* keep src so discard does not get rid of it */
@@ -541,7 +536,7 @@ _zip_file_exists(zip_source_t *src, zip_error_t *error) {
return EXISTS_ERROR;
}
- return (st.valid & ZIP_STAT_SIZE) && st.size == 0 ? EXISTS_EMPTY : EXISTS_NONEMPTY;
+ return EXISTS_OK;
}
@@ -726,16 +721,19 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
eocd_disk = _zip_buffer_get_16(buffer);
eocd_offset = _zip_buffer_get_64(buffer);
- if (eocd_offset > ZIP_INT64_MAX || eocd_offset + EOCD64LEN < eocd_offset) {
+ /* valid seek value for start of EOCD */
+ if (eocd_offset > ZIP_INT64_MAX) {
zip_error_set(error, ZIP_ER_SEEK, EFBIG);
return NULL;
}
+ /* does EOCD fit before EOCD locator? */
if (eocd_offset + EOCD64LEN > eocdloc_offset + buf_offset) {
zip_error_set(error, ZIP_ER_INCONS, 0);
return NULL;
}
+ /* make sure current position of buffer is beginning of EOCD */
if (eocd_offset >= buf_offset && eocd_offset + EOCD64LEN <= buf_offset + _zip_buffer_size(buffer)) {
_zip_buffer_set_offset(buffer, eocd_offset - buf_offset);
free_buffer = false;
@@ -759,8 +757,10 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
return NULL;
}
+ /* size of EOCD */
size = _zip_buffer_get_64(buffer);
+ /* is there a hole between EOCD and EOCD locator, or do they overlap? */
if ((flags & ZIP_CHECKCONS) && size + eocd_offset + 12 != buf_offset + eocdloc_offset) {
zip_error_set(error, ZIP_ER_INCONS, 0);
if (free_buffer) {
@@ -812,6 +812,7 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
size = _zip_buffer_get_64(buffer);
offset = _zip_buffer_get_64(buffer);
+ /* did we read past the end of the buffer? */
if (!_zip_buffer_ok(buffer)) {
zip_error_set(error, ZIP_ER_INTERNAL, 0);
if (free_buffer) {
@@ -838,6 +839,11 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
return NULL;
}
+ if (nentry > size / CDENTRYSIZE) {
+ zip_error_set(error, ZIP_ER_INCONS, 0);
+ return NULL;
+ }
+
if ((cd = _zip_cdir_new(nentry, error)) == NULL)
return NULL;
diff --git a/src/Common/libzip/zip_progress.c b/src/Common/libzip/zip_progress.c
index 46c8bb8..d48ae56 100644
--- a/src/Common/libzip/zip_progress.c
+++ b/src/Common/libzip/zip_progress.c
@@ -1,6 +1,6 @@
/*
zip_progress.c -- progress reporting
- Copyright (C) 2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2017-2020 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -40,10 +40,14 @@
struct zip_progress {
zip_t *za;
- zip_progress_callback callback;
- void (*ud_free)(void *);
- void *ud;
+ zip_progress_callback callback_progress;
+ void (*ud_progress_free)(void *);
+ void *ud_progress;
+
+ zip_cancel_callback callback_cancel;
+ void (*ud_cancel_free)(void *);
+ void *ud_cancel;
double precision;
@@ -54,6 +58,11 @@ struct zip_progress {
double end; /* end of sub-progress section */
};
+static void _zip_progress_free_cancel_callback(zip_progress_t *progress);
+static void _zip_progress_free_progress_callback(zip_progress_t *progress);
+static zip_progress_t *_zip_progress_new(zip_t *za);
+static void _zip_progress_set_cancel_callback(zip_progress_t *progress, zip_cancel_callback callback, void (*ud_free)(void *), void *ud);
+static void _zip_progress_set_progress_callback(zip_progress_t *progress, double precision, zip_progress_callback callback, void (*ud_free)(void *), void *ud);
void
_zip_progress_end(zip_progress_t *progress) {
@@ -67,16 +76,15 @@ _zip_progress_free(zip_progress_t *progress) {
return;
}
- if (progress->ud_free) {
- progress->ud_free(progress->ud);
- }
+ _zip_progress_free_progress_callback(progress);
+ _zip_progress_free_cancel_callback(progress);
free(progress);
}
-zip_progress_t *
-_zip_progress_new(zip_t *za, double precision, zip_progress_callback callback, void (*ud_free)(void *), void *ud) {
+static zip_progress_t *
+_zip_progress_new(zip_t *za) {
zip_progress_t *progress = (zip_progress_t *)malloc(sizeof(*progress));
if (progress == NULL) {
@@ -85,52 +93,117 @@ _zip_progress_new(zip_t *za, double precision, zip_progress_callback callback, v
}
progress->za = za;
- progress->callback = callback;
- progress->ud_free = ud_free;
- progress->ud = ud;
- progress->precision = precision;
+
+ progress->callback_progress = NULL;
+ progress->ud_progress_free = NULL;
+ progress->ud_progress = NULL;
+ progress->precision = 0.0;
+
+ progress->callback_cancel = NULL;
+ progress->ud_cancel_free = NULL;
+ progress->ud_cancel = NULL;
return progress;
}
+static void
+_zip_progress_free_progress_callback(zip_progress_t *progress) {
+ if (progress->ud_progress_free) {
+ progress->ud_progress_free(progress->ud_progress);
+ }
+
+ progress->callback_progress = NULL;
+ progress->ud_progress = NULL;
+ progress->ud_progress_free = NULL;
+}
+
+static void
+_zip_progress_free_cancel_callback(zip_progress_t *progress) {
+ if (progress->ud_cancel_free) {
+ progress->ud_cancel_free(progress->ud_cancel);
+ }
+
+ progress->callback_cancel = NULL;
+ progress->ud_cancel = NULL;
+ progress->ud_cancel_free = NULL;
+}
+
+static void
+_zip_progress_set_progress_callback(zip_progress_t *progress, double precision, zip_progress_callback callback, void (*ud_free)(void *), void *ud) {
+ _zip_progress_free_progress_callback(progress);
+
+ progress->callback_progress = callback;
+ progress->ud_progress_free = ud_free;
+ progress->ud_progress = ud;
+ progress->precision = precision;
+}
void
+_zip_progress_set_cancel_callback(zip_progress_t *progress, zip_cancel_callback callback, void (*ud_free)(void *), void *ud) {
+ _zip_progress_free_cancel_callback(progress);
+
+ progress->callback_cancel = callback;
+ progress->ud_cancel_free = ud_free;
+ progress->ud_cancel = ud;
+}
+
+int
_zip_progress_start(zip_progress_t *progress) {
if (progress == NULL) {
- return;
+ return 0;
+ }
+
+ if (progress->callback_progress != NULL) {
+ progress->last_update = 0.0;
+ progress->callback_progress(progress->za, 0.0, progress->ud_progress);
+ }
+
+ if (progress->callback_cancel != NULL) {
+ if (progress->callback_cancel(progress->za, progress->ud_cancel)) {
+ return -1;
+ }
}
- progress->last_update = 0.0;
- progress->callback(progress->za, 0.0, progress->ud);
+ return 0;
}
-void
+int
_zip_progress_subrange(zip_progress_t *progress, double start, double end) {
if (progress == NULL) {
- return;
+ return 0;
}
progress->start = start;
progress->end = end;
- _zip_progress_update(progress, 0.0);
+ return _zip_progress_update(progress, 0.0);
}
-void
+int
_zip_progress_update(zip_progress_t *progress, double sub_current) {
double current;
if (progress == NULL) {
- return;
+ return 0;
}
- current = ZIP_MIN(ZIP_MAX(sub_current, 0.0), 1.0) * (progress->end - progress->start) + progress->start;
+ if (progress->callback_progress != NULL) {
+ current = ZIP_MIN(ZIP_MAX(sub_current, 0.0), 1.0) * (progress->end - progress->start) + progress->start;
- if (current - progress->last_update > progress->precision) {
- progress->callback(progress->za, current, progress->ud);
- progress->last_update = current;
+ if (current - progress->last_update > progress->precision) {
+ progress->callback_progress(progress->za, current, progress->ud_progress);
+ progress->last_update = current;
+ }
}
+
+ if (progress->callback_cancel != NULL) {
+ if (progress->callback_cancel(progress->za, progress->ud_cancel)) {
+ return -1;
+ }
+ }
+
+ return 0;
}
@@ -139,13 +212,54 @@ zip_register_progress_callback_with_state(zip_t *za, double precision, zip_progr
zip_progress_t *progress = NULL;
if (callback != NULL) {
- if ((progress = _zip_progress_new(za, precision, callback, ud_free, ud)) == NULL) {
- return -1;
+ if (za->progress == NULL) {
+ if ((za->progress = _zip_progress_new(za)) == NULL) {
+ return -1;
+ }
}
+
+ _zip_progress_set_progress_callback(za->progress, precision, callback, ud_free, ud);
}
+ else {
+ if (za->progress != NULL) {
+ if (za->progress->callback_cancel == NULL) {
+ _zip_progress_free(za->progress);
+ za->progress = NULL;
+ }
+ else {
+ _zip_progress_free_progress_callback(za->progress);
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+ZIP_EXTERN int
+zip_register_cancel_callback_with_state(zip_t *za, zip_cancel_callback callback, void (*ud_free)(void *), void *ud) {
+ zip_progress_t *progress = NULL;
+
+ if (callback != NULL) {
+ if (za->progress == NULL) {
+ if ((za->progress = _zip_progress_new(za)) == NULL) {
+ return -1;
+ }
+ }
- _zip_progress_free(za->progress);
- za->progress = progress;
+ _zip_progress_set_cancel_callback(za->progress, callback, ud_free, ud);
+ }
+ else {
+ if (za->progress != NULL) {
+ if (za->progress->callback_progress == NULL) {
+ _zip_progress_free(za->progress);
+ za->progress = NULL;
+ }
+ else {
+ _zip_progress_free_cancel_callback(za->progress);
+ }
+ }
+ }
return 0;
}
diff --git a/src/Common/libzip/zip_rename.c b/src/Common/libzip/zip_rename.c
index 0cc81ed..e5f1682 100644
--- a/src/Common/libzip/zip_rename.c
+++ b/src/Common/libzip/zip_rename.c
@@ -1,6 +1,6 @@
/*
zip_rename.c -- rename file in zip archive
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_replace.c b/src/Common/libzip/zip_replace.c
index 34b922e..30a2eb1 100644
--- a/src/Common/libzip/zip_replace.c
+++ b/src/Common/libzip/zip_replace.c
@@ -1,6 +1,6 @@
/*
zip_replace.c -- replace file via callback function
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_archive_comment.c b/src/Common/libzip/zip_set_archive_comment.c
index 221fde5..3f050b3 100644
--- a/src/Common/libzip/zip_set_archive_comment.c
+++ b/src/Common/libzip/zip_set_archive_comment.c
@@ -1,6 +1,6 @@
/*
zip_set_archive_comment.c -- set archive comment
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_archive_flag.c b/src/Common/libzip/zip_set_archive_flag.c
index 6fb1131..e0d5502 100644
--- a/src/Common/libzip/zip_set_archive_flag.c
+++ b/src/Common/libzip/zip_set_archive_flag.c
@@ -1,6 +1,6 @@
/*
zip_get_archive_flag.c -- set archive global flag
- Copyright (C) 2008-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2008-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_default_password.c b/src/Common/libzip/zip_set_default_password.c
index 33c1754..41c7c51 100644
--- a/src/Common/libzip/zip_set_default_password.c
+++ b/src/Common/libzip/zip_set_default_password.c
@@ -1,6 +1,6 @@
/*
zip_set_default_password.c -- set default password for decryption
- Copyright (C) 2009-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_file_comment.c b/src/Common/libzip/zip_set_file_comment.c
index 93594f0..1fa01ae 100644
--- a/src/Common/libzip/zip_set_file_comment.c
+++ b/src/Common/libzip/zip_set_file_comment.c
@@ -1,6 +1,6 @@
/*
zip_set_file_comment.c -- set comment for file in archive
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_file_compression.c b/src/Common/libzip/zip_set_file_compression.c
index 6de2d40..927fbb7 100644
--- a/src/Common/libzip/zip_set_file_compression.c
+++ b/src/Common/libzip/zip_set_file_compression.c
@@ -1,6 +1,6 @@
/*
zip_set_file_compression.c -- set compression for file in archive
- Copyright (C) 2012-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_name.c b/src/Common/libzip/zip_set_name.c
index 33fb4bc..43c772e 100644
--- a/src/Common/libzip/zip_set_name.c
+++ b/src/Common/libzip/zip_set_name.c
@@ -1,6 +1,6 @@
/*
zip_set_name.c -- rename helper function
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_accept_empty.c b/src/Common/libzip/zip_source_accept_empty.c
new file mode 100644
index 0000000..e6d5151
--- /dev/null
+++ b/src/Common/libzip/zip_source_accept_empty.c
@@ -0,0 +1,52 @@
+/*
+ zip_source_accept_empty.c -- if empty source is a valid archive
+ Copyright (C) 2019 Dieter Baron and Thomas Klausner
+
+ This file is part of libzip, a library to manipulate ZIP archives.
+ The authors can be contacted at <libzip@nih.at>
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ 3. The names of the authors may not be used to endorse or promote
+ products derived from this software without specific prior
+ written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS
+ OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+#include "zipint.h"
+
+
+bool
+zip_source_accept_empty(zip_source_t *src) {
+ int ret;
+
+ if ((zip_source_supports(src) & ZIP_SOURCE_MAKE_COMMAND_BITMASK(ZIP_SOURCE_ACCEPT_EMPTY)) == 0) {
+ if (ZIP_SOURCE_IS_LAYERED(src)) {
+ return zip_source_accept_empty(src->src);
+ }
+ return true;
+ }
+
+ ret = (int)_zip_source_call(src, NULL, 0, ZIP_SOURCE_ACCEPT_EMPTY);
+
+ return ret != 0;
+}
diff --git a/src/Common/libzip/zip_source_begin_write.c b/src/Common/libzip/zip_source_begin_write.c
index 0b010df..432c2c1 100644
--- a/src/Common/libzip/zip_source_begin_write.c
+++ b/src/Common/libzip/zip_source_begin_write.c
@@ -1,6 +1,6 @@
/*
zip_source_begin_write.c -- start a new file for writing
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_begin_write_cloning.c b/src/Common/libzip/zip_source_begin_write_cloning.c
index 8c4cf71..41b4c73 100644
--- a/src/Common/libzip/zip_source_begin_write_cloning.c
+++ b/src/Common/libzip/zip_source_begin_write_cloning.c
@@ -1,6 +1,6 @@
/*
zip_source_begin_write_cloning.c -- clone part of file for writing
- Copyright (C) 2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2017-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_buffer.c b/src/Common/libzip/zip_source_buffer.c
index d2bc8ad..0685fb3 100644
--- a/src/Common/libzip/zip_source_buffer.c
+++ b/src/Common/libzip/zip_source_buffer.c
@@ -1,6 +1,6 @@
/*
zip_source_buffer.c -- create zip data source from buffer
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -93,9 +93,13 @@ ZIP_EXTERN zip_source_t *
zip_source_buffer_create(const void *data, zip_uint64_t len, int freep, zip_error_t *error) {
zip_buffer_fragment_t fragment;
- if (data == NULL && len > 0) {
- zip_error_set(error, ZIP_ER_INVAL, 0);
- return NULL;
+ if (data == NULL) {
+ if (len > 0) {
+ zip_error_set(error, ZIP_ER_INVAL, 0);
+ return NULL;
+ }
+
+ return zip_source_buffer_fragment_create(NULL, 0, freep, error);
}
fragment.data = (zip_uint8_t *)data;
@@ -389,8 +393,8 @@ buffer_grow_fragments(buffer_t *buffer, zip_uint64_t capacity, zip_error_t *erro
}
if ((fragments = realloc(buffer->fragments, sizeof(buffer->fragments[0]) * capacity)) == NULL) {
- zip_error_set(error, ZIP_ER_MEMORY, 0);
- return false;
+ zip_error_set(error, ZIP_ER_MEMORY, 0);
+ return false;
}
buffer->fragments = fragments;
if ((offsets = realloc(buffer->fragment_offsets, sizeof(buffer->fragment_offsets[0]) * (capacity + 1))) == NULL) {
@@ -457,7 +461,7 @@ buffer_new(const zip_buffer_fragment_t *fragments, zip_uint64_t nfragments, int
}
buffer->nfragments = j;
buffer->first_owned_fragment = free_data ? 0 : buffer->nfragments;
- buffer->fragment_offsets[nfragments] = offset;
+ buffer->fragment_offsets[buffer->nfragments] = offset;
buffer->size = offset;
}
diff --git a/src/Common/libzip/zip_source_call.c b/src/Common/libzip/zip_source_call.c
index ec54b92..e7c2954 100644
--- a/src/Common/libzip/zip_source_call.c
+++ b/src/Common/libzip/zip_source_call.c
@@ -1,6 +1,6 @@
/*
zip_source_call.c -- invoke callback command on zip_source
- Copyright (C) 2009-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_close.c b/src/Common/libzip/zip_source_close.c
index cbc3bea..ab7898c 100644
--- a/src/Common/libzip/zip_source_close.c
+++ b/src/Common/libzip/zip_source_close.c
@@ -1,6 +1,6 @@
/*
zip_source_close.c -- close zip_source (stop reading)
- Copyright (C) 2009-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_commit_write.c b/src/Common/libzip/zip_source_commit_write.c
index 26c3dd7..d1254bf 100644
--- a/src/Common/libzip/zip_source_commit_write.c
+++ b/src/Common/libzip/zip_source_commit_write.c
@@ -1,6 +1,6 @@
/*
zip_source_commit_write.c -- commit changes to file
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_compress.c b/src/Common/libzip/zip_source_compress.c
index a1ac3e0..59b1212 100644
--- a/src/Common/libzip/zip_source_compress.c
+++ b/src/Common/libzip/zip_source_compress.c
@@ -1,6 +1,6 @@
/*
zip_source_compress.c -- (de)compression routines
- Copyright (C) 2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2017-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -67,6 +67,16 @@ static struct implementation implementations[] = {
#if defined(HAVE_LIBBZ2)
{ZIP_CM_BZIP2, &zip_algorithm_bzip2_compress, &zip_algorithm_bzip2_decompress},
#endif
+#if defined(HAVE_LIBLZMA)
+/* Disabled - because 7z isn't able to unpack ZIP+LZMA ZIP+LZMA2
+ archives made this way - and vice versa.
+
+ {ZIP_CM_LZMA, &zip_algorithm_xz_compress, &zip_algorithm_xz_decompress},
+ {ZIP_CM_LZMA2, &zip_algorithm_xz_compress, &zip_algorithm_xz_decompress},
+*/
+ {ZIP_CM_XZ, &zip_algorithm_xz_compress, &zip_algorithm_xz_decompress},
+#endif
+
};
static size_t implementations_size = sizeof(implementations) / sizeof(implementations[0]);
diff --git a/src/Common/libzip/zip_source_crc.c b/src/Common/libzip/zip_source_crc.c
index 8797dfe..56572c0 100644
--- a/src/Common/libzip/zip_source_crc.c
+++ b/src/Common/libzip/zip_source_crc.c
@@ -1,6 +1,6 @@
/*
zip_source_crc.c -- pass-through source that calculates CRC32 and size
- Copyright (C) 2009-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -148,7 +148,6 @@ crc_read(zip_source_t *src, void *_ctx, void *data, zip_uint64_t len, zip_source
st->comp_method = ZIP_CM_STORE;
st->encryption_method = ZIP_EM_NONE;
st->valid |= ZIP_STAT_SIZE | ZIP_STAT_CRC | ZIP_STAT_COMP_SIZE | ZIP_STAT_COMP_METHOD | ZIP_STAT_ENCRYPTION_METHOD;
- ;
}
return 0;
}
diff --git a/src/Common/libzip/zip_source_error.c b/src/Common/libzip/zip_source_error.c
index 5145169..2257f71 100644
--- a/src/Common/libzip/zip_source_error.c
+++ b/src/Common/libzip/zip_source_error.c
@@ -1,6 +1,6 @@
/*
zip_source_error.c -- get last error from zip_source
- Copyright (C) 2009-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_file.c b/src/Common/libzip/zip_source_file.c
index 77376f4..3fff4e3 100644
--- a/src/Common/libzip/zip_source_file.c
+++ b/src/Common/libzip/zip_source_file.c
@@ -1,6 +1,6 @@
/*
zip_source_file.c -- create data source from file
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_filep.c b/src/Common/libzip/zip_source_filep.c
index 9fc9a01..30e5991 100644
--- a/src/Common/libzip/zip_source_filep.c
+++ b/src/Common/libzip/zip_source_filep.c
@@ -1,6 +1,6 @@
/*
zip_source_filep.c -- create data source from FILE *
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -31,9 +31,11 @@
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/types.h>
#include <sys/stat.h>
#include "zipint.h"
@@ -53,28 +55,6 @@
#define CAN_CLONE
#endif
-#ifdef _WIN32
-/* WIN32 needs <fcntl.h> for _O_BINARY */
-#include <fcntl.h>
-#endif
-
-/* Windows sys/types.h does not provide these */
-#ifndef S_ISREG
-#define S_ISREG(m) (((m)&S_IFMT) == S_IFREG)
-#endif
-#if defined(S_IXUSR) && defined(S_IRWXG) && defined(S_IRWXO)
-#define _SAFE_MASK (S_IXUSR | S_IRWXG | S_IRWXO)
-#elif defined(_S_IWRITE)
-#define _SAFE_MASK (_S_IWRITE)
-#else
-#error do not know safe values for umask, please report this
-#endif
-
-#ifdef _MSC_VER
-/* MSVC doesn't have mode_t */
-typedef int mode_t;
-#endif
-
struct read_file {
zip_error_t error; /* last error information */
zip_int64_t supports;
@@ -98,6 +78,7 @@ static int create_temp_output(struct read_file *ctx);
#ifdef CAN_CLONE
static zip_int64_t create_temp_output_cloning(struct read_file *ctx, zip_uint64_t offset);
#endif
+static FILE *_zip_fopen(const char *name, bool writeable);
static int _zip_fseek_u(FILE *f, zip_uint64_t offset, int whence, zip_error_t *error);
static int _zip_fseek(FILE *f, zip_int64_t offset, int whence, zip_error_t *error);
@@ -224,6 +205,7 @@ _zip_source_file_or_p(const char *fname, FILE *file, zip_uint64_t start, zip_int
}
}
+ ctx->supports |= ZIP_SOURCE_MAKE_COMMAND_BITMASK(ZIP_SOURCE_ACCEPT_EMPTY);
#ifdef CAN_CLONE
if (ctx->supports & ZIP_SOURCE_MAKE_COMMAND_BITMASK(ZIP_SOURCE_BEGIN_WRITE)) {
ctx->supports |= ZIP_SOURCE_MAKE_COMMAND_BITMASK(ZIP_SOURCE_BEGIN_WRITE_CLONING);
@@ -244,23 +226,29 @@ static int
create_temp_output(struct read_file *ctx) {
char *temp;
int tfd;
- mode_t mask;
+ int mode;
FILE *tfp;
+ struct stat st;
if ((temp = (char *)malloc(strlen(ctx->fname) + 8)) == NULL) {
zip_error_set(&ctx->error, ZIP_ER_MEMORY, 0);
return -1;
}
+
+ if (stat(ctx->fname, &st) == 0) {
+ mode = st.st_mode;
+ }
+ else {
+ mode = -1;
+ }
+
sprintf(temp, "%s.XXXXXX", ctx->fname);
- mask = umask(_SAFE_MASK);
- if ((tfd = mkstemp(temp)) == -1) {
+ if ((tfd = _zip_mkstempm(temp, mode)) == -1) {
zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno);
- umask(mask);
free(temp);
return -1;
}
- umask(mask);
if ((tfp = fdopen(tfd, "r+b")) == NULL) {
zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno);
@@ -270,14 +258,6 @@ create_temp_output(struct read_file *ctx) {
return -1;
}
-#ifdef _WIN32
- /*
- According to Pierre Joye, Windows in some environments per
- default creates text files, so force binary mode.
- */
- _setmode(_fileno(tfp), _O_BINARY);
-#endif
-
ctx->fout = tfp;
ctx->tmpname = temp;
@@ -315,7 +295,7 @@ zip_int64_t static create_temp_output_cloning(struct read_file *ctx, zip_uint64_
free(temp);
return -1;
}
- if ((tfp = fopen(temp, "r+b")) == NULL) {
+ if ((tfp = _zip_fopen(temp, true)) == NULL) {
zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno);
(void)remove(temp);
free(temp);
@@ -395,12 +375,19 @@ read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd) {
buf = (char *)data;
switch (cmd) {
+ case ZIP_SOURCE_ACCEPT_EMPTY:
+ return 0;
+
case ZIP_SOURCE_BEGIN_WRITE:
+#ifdef _WIN32
+ return -1;
+#else
if (ctx->fname == NULL) {
zip_error_set(&ctx->error, ZIP_ER_OPNOTSUPP, 0);
return -1;
}
return create_temp_output(ctx);
+#endif
#ifdef CAN_CLONE
case ZIP_SOURCE_BEGIN_WRITE_CLONING:
@@ -411,9 +398,14 @@ read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd) {
return create_temp_output_cloning(ctx, len);
#endif
- case ZIP_SOURCE_COMMIT_WRITE: {
- mode_t mask;
+ case ZIP_SOURCE_CLOSE:
+ if (ctx->fname) {
+ fclose(ctx->f);
+ ctx->f = NULL;
+ }
+ return 0;
+ case ZIP_SOURCE_COMMIT_WRITE: {
if (fclose(ctx->fout) < 0) {
ctx->fout = NULL;
zip_error_set(&ctx->error, ZIP_ER_WRITE, errno);
@@ -423,22 +415,11 @@ read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd) {
zip_error_set(&ctx->error, ZIP_ER_RENAME, errno);
return -1;
}
- mask = umask(022);
- umask(mask);
- /* not much we can do if chmod fails except make the whole commit fail */
- (void)chmod(ctx->fname, 0666 & ~mask);
free(ctx->tmpname);
ctx->tmpname = NULL;
return 0;
}
- case ZIP_SOURCE_CLOSE:
- if (ctx->fname) {
- fclose(ctx->f);
- ctx->f = NULL;
- }
- return 0;
-
case ZIP_SOURCE_ERROR:
return zip_error_to_data(&ctx->error, data, len);
@@ -452,7 +433,7 @@ read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd) {
case ZIP_SOURCE_OPEN:
if (ctx->fname) {
- if ((ctx->f = fopen(ctx->fname, "rb")) == NULL) {
+ if ((ctx->f = _zip_fopen(ctx->fname, false)) == NULL) {
zip_error_set(&ctx->error, ZIP_ER_OPEN, errno);
return -1;
}
@@ -649,3 +630,34 @@ _zip_fseek(FILE *f, zip_int64_t offset, int whence, zip_error_t *error) {
}
return 0;
}
+
+
+/*
+ * fopen replacement that sets the close-on-exec flag
+ * some implementations support an fopen 'e' flag for that,
+ * but e.g. macOS doesn't.
+ */
+static FILE *
+_zip_fopen(const char *name, bool writeable)
+{
+ int fd;
+ int flags;
+ FILE *fp;
+
+ flags = O_CLOEXEC;
+ if (writeable) {
+ flags |= O_RDWR;
+ }
+ else {
+ flags |= O_RDONLY;
+ }
+
+ /* mode argument needed on Windows */
+ if ((fd = open(name, flags, 0666)) < 0) {
+ return NULL;
+ }
+ if ((fp = fdopen(fd, writeable ? "r+b" : "rb")) == NULL) {
+ return NULL;
+ }
+ return fp;
+}
diff --git a/src/Common/libzip/zip_source_free.c b/src/Common/libzip/zip_source_free.c
index 7cb3525..2f10ef8 100644
--- a/src/Common/libzip/zip_source_free.c
+++ b/src/Common/libzip/zip_source_free.c
@@ -1,6 +1,6 @@
/*
zip_source_free.c -- free zip data source
- Copyright (C) 1999-2015 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_function.c b/src/Common/libzip/zip_source_function.c
index 56eb1c5..d5c1b5b 100644
--- a/src/Common/libzip/zip_source_function.c
+++ b/src/Common/libzip/zip_source_function.c
@@ -1,6 +1,6 @@
/*
zip_source_function.c -- create zip data source from callback function
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_get_compression_flags.c b/src/Common/libzip/zip_source_get_compression_flags.c
index e33e43b..7e04bed 100644
--- a/src/Common/libzip/zip_source_get_compression_flags.c
+++ b/src/Common/libzip/zip_source_get_compression_flags.c
@@ -1,6 +1,6 @@
/*
zip_source_get_compression_flags.c -- get compression flags for entry
- Copyright (C) 2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2017-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_is_deleted.c b/src/Common/libzip/zip_source_is_deleted.c
index 1e5d343..edd10ca 100644
--- a/src/Common/libzip/zip_source_is_deleted.c
+++ b/src/Common/libzip/zip_source_is_deleted.c
@@ -1,6 +1,6 @@
/*
zip_source_is_deleted.c -- was archive was removed?
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_layered.c b/src/Common/libzip/zip_source_layered.c
index 5e95bc1..d02bc85 100644
--- a/src/Common/libzip/zip_source_layered.c
+++ b/src/Common/libzip/zip_source_layered.c
@@ -1,6 +1,6 @@
/*
zip_source_layered.c -- create layered source
- Copyright (C) 2009-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_open.c b/src/Common/libzip/zip_source_open.c
index 187001c..414c677 100644
--- a/src/Common/libzip/zip_source_open.c
+++ b/src/Common/libzip/zip_source_open.c
@@ -1,6 +1,6 @@
/*
zip_source_open.c -- open zip_source (prepare for reading)
- Copyright (C) 2009-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_pkware.c b/src/Common/libzip/zip_source_pkware.c
index b466da4..1b59d7a 100644
--- a/src/Common/libzip/zip_source_pkware.c
+++ b/src/Common/libzip/zip_source_pkware.c
@@ -1,6 +1,6 @@
/*
zip_source_pkware.c -- Traditional PKWARE de/encryption routines
- Copyright (C) 2009-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_read.c b/src/Common/libzip/zip_source_read.c
index 83514c6..33088cb 100644
--- a/src/Common/libzip/zip_source_read.c
+++ b/src/Common/libzip/zip_source_read.c
@@ -1,6 +1,6 @@
/*
zip_source_read.c -- read data from zip_source
- Copyright (C) 2009-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -57,7 +57,7 @@ zip_source_read(zip_source_t *src, void *data, zip_uint64_t len) {
}
if (len == 0) {
- return 0;
+ return 0;
}
bytes_read = 0;
diff --git a/src/Common/libzip/zip_source_remove.c b/src/Common/libzip/zip_source_remove.c
index 8e01e24..14eddb8 100644
--- a/src/Common/libzip/zip_source_remove.c
+++ b/src/Common/libzip/zip_source_remove.c
@@ -1,6 +1,6 @@
/*
zip_source_remove.c -- remove empty archive
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_rollback_write.c b/src/Common/libzip/zip_source_rollback_write.c
index bbccaf8..e8259bf 100644
--- a/src/Common/libzip/zip_source_rollback_write.c
+++ b/src/Common/libzip/zip_source_rollback_write.c
@@ -1,6 +1,6 @@
/*
zip_source_rollback_write.c -- discard changes
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_seek.c b/src/Common/libzip/zip_source_seek.c
index aed53b8..163daf1 100644
--- a/src/Common/libzip/zip_source_seek.c
+++ b/src/Common/libzip/zip_source_seek.c
@@ -1,6 +1,6 @@
/*
zip_source_seek.c -- seek to offset
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -50,7 +50,12 @@ zip_source_seek(zip_source_t *src, zip_int64_t offset, int whence) {
args.offset = offset;
args.whence = whence;
- return (_zip_source_call(src, &args, sizeof(args), ZIP_SOURCE_SEEK) < 0 ? -1 : 0);
+ if (_zip_source_call(src, &args, sizeof(args), ZIP_SOURCE_SEEK) < 0) {
+ return -1;
+ }
+
+ src->eof = 0;
+ return 0;
}
diff --git a/src/Common/libzip/zip_source_seek_write.c b/src/Common/libzip/zip_source_seek_write.c
index 4ecbee1..6b0aa78 100644
--- a/src/Common/libzip/zip_source_seek_write.c
+++ b/src/Common/libzip/zip_source_seek_write.c
@@ -1,6 +1,6 @@
/*
zip_source_seek_write.c -- seek to offset for writing
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_stat.c b/src/Common/libzip/zip_source_stat.c
index 987c862..3421d2c 100644
--- a/src/Common/libzip/zip_source_stat.c
+++ b/src/Common/libzip/zip_source_stat.c
@@ -1,6 +1,6 @@
/*
zip_source_stat.c -- get meta information from zip_source
- Copyright (C) 2009-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_supports.c b/src/Common/libzip/zip_source_supports.c
index a47f293..8471559 100644
--- a/src/Common/libzip/zip_source_supports.c
+++ b/src/Common/libzip/zip_source_supports.c
@@ -1,6 +1,6 @@
/*
zip_source_supports.c -- check for supported functions
- Copyright (C) 2014-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_tell.c b/src/Common/libzip/zip_source_tell.c
index ab418fa..772e252 100644
--- a/src/Common/libzip/zip_source_tell.c
+++ b/src/Common/libzip/zip_source_tell.c
@@ -1,6 +1,6 @@
/*
zip_source_tell.c -- report current offset
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_tell_write.c b/src/Common/libzip/zip_source_tell_write.c
index f7a8a3f..96ad7e2 100644
--- a/src/Common/libzip/zip_source_tell_write.c
+++ b/src/Common/libzip/zip_source_tell_write.c
@@ -1,6 +1,6 @@
/*
zip_source_tell_write.c -- report current offset for writing
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_win32a.c b/src/Common/libzip/zip_source_win32a.c
index 0780fa5..257fc6a 100644
--- a/src/Common/libzip/zip_source_win32a.c
+++ b/src/Common/libzip/zip_source_win32a.c
@@ -1,6 +1,6 @@
/*
zip_source_win32a.c -- create data source from Windows file (ANSI)
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -112,8 +112,18 @@ _win32_create_temp_a(_zip_source_win32_read_file_t *ctx, void **temp, zip_uint32
static int
_win32_rename_temp_a(_zip_source_win32_read_file_t *ctx) {
+ DWORD attributes = GetFileAttributesA(ctx->tmpname);
+ if (INVALID_FILE_ATTRIBUTES == attributes)
+ return -1;
+
+ if (FILE_ATTRIBUTE_TEMPORARY & attributes) {
+ if (!SetFileAttributesA(ctx->tmpname, attributes & ~FILE_ATTRIBUTE_TEMPORARY))
+ return -1;
+ }
+
if (!MoveFileExA(ctx->tmpname, ctx->fname, MOVEFILE_REPLACE_EXISTING))
return -1;
+
return 0;
}
diff --git a/src/Common/libzip/zip_source_win32handle.c b/src/Common/libzip/zip_source_win32handle.c
index 8cef919..8746cdd 100644
--- a/src/Common/libzip/zip_source_win32handle.c
+++ b/src/Common/libzip/zip_source_win32handle.c
@@ -1,6 +1,6 @@
/*
zip_source_win32file.c -- create data source from HANDLE (Win32)
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -127,6 +127,8 @@ _zip_source_win32_handle_or_name(const void *fname, HANDLE h, zip_uint64_t start
ctx->supports = ZIP_SOURCE_SUPPORTS_SEEKABLE;
}
+ ctx->supports |= ZIP_SOURCE_MAKE_COMMAND_BITMASK(ZIP_SOURCE_ACCEPT_EMPTY);
+
if ((zs = zip_source_function_create(_win32_read_file, ctx, error)) == NULL) {
free(ctx->fname);
free(ctx);
@@ -148,6 +150,9 @@ _win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd
buf = (char *)data;
switch (cmd) {
+ case ZIP_SOURCE_ACCEPT_EMPTY:
+ return 0;
+
case ZIP_SOURCE_BEGIN_WRITE:
if (ctx->fname == NULL) {
zip_error_set(&ctx->error, ZIP_ER_OPNOTSUPP, 0);
@@ -261,7 +266,7 @@ _win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd
switch (args->whence) {
case SEEK_SET:
- new_current = args->offset;
+ new_current = args->offset + ctx->start;
break;
case SEEK_END:
diff --git a/src/Common/libzip/zip_source_win32utf8.c b/src/Common/libzip/zip_source_win32utf8.c
index 1e279b0..083f5bc 100644
--- a/src/Common/libzip/zip_source_win32utf8.c
+++ b/src/Common/libzip/zip_source_win32utf8.c
@@ -1,6 +1,6 @@
/*
zip_source_win32utf8.c -- create data source from Windows file (UTF-8)
- Copyright (C) 1999-2015 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_win32w.c b/src/Common/libzip/zip_source_win32w.c
index 5583bdf..cb8d64e 100644
--- a/src/Common/libzip/zip_source_win32w.c
+++ b/src/Common/libzip/zip_source_win32w.c
@@ -1,6 +1,6 @@
/*
zip_source_win32w.c -- create data source from Windows file (UTF-16)
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -136,8 +136,18 @@ _win32_create_temp_w(_zip_source_win32_read_file_t *ctx, void **temp, zip_uint32
static int
_win32_rename_temp_w(_zip_source_win32_read_file_t *ctx) {
+ DWORD attributes = GetFileAttributesW(ctx->tmpname);
+ if (INVALID_FILE_ATTRIBUTES == attributes)
+ return -1;
+
+ if (FILE_ATTRIBUTE_TEMPORARY & attributes) {
+ if (!SetFileAttributesW(ctx->tmpname, attributes & ~FILE_ATTRIBUTE_TEMPORARY))
+ return -1;
+ }
+
if (!MoveFileExW(ctx->tmpname, ctx->fname, MOVEFILE_REPLACE_EXISTING))
return -1;
+
return 0;
}
diff --git a/src/Common/libzip/zip_source_window.c b/src/Common/libzip/zip_source_window.c
index f4701a0..1276485 100644
--- a/src/Common/libzip/zip_source_window.c
+++ b/src/Common/libzip/zip_source_window.c
@@ -1,6 +1,6 @@
/*
zip_source_window.c -- return part of lower source
- Copyright (C) 2012-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -121,7 +121,6 @@ window_read(zip_source_t *src, void *_ctx, void *data, zip_uint64_t len, zip_sou
struct window *ctx;
zip_int64_t ret;
zip_uint64_t n, i;
- char b[8192];
ctx = (struct window *)_ctx;
@@ -154,18 +153,30 @@ window_read(zip_source_t *src, void *_ctx, void *data, zip_uint64_t len, zip_sou
}
if (!ctx->needs_seek) {
+ DEFINE_BYTE_ARRAY(b, BUFSIZE);
+
+ if (!byte_array_init(b, BUFSIZE)) {
+ zip_error_set(&ctx->error, ZIP_ER_MEMORY, 0);
+ return -1;
+ }
+
for (n = 0; n < ctx->start; n += (zip_uint64_t)ret) {
- i = (ctx->start - n > sizeof(b) ? sizeof(b) : ctx->start - n);
+ i = (ctx->start - n > BUFSIZE ? BUFSIZE : ctx->start - n);
if ((ret = zip_source_read(src, b, i)) < 0) {
_zip_error_set_from_source(&ctx->error, src);
+ byte_array_fini(b);
return -1;
}
if (ret == 0) {
zip_error_set(&ctx->error, ZIP_ER_EOF, 0);
+ byte_array_fini(b);
return -1;
}
}
+
+ byte_array_fini(b);
}
+
ctx->offset = ctx->start;
return 0;
diff --git a/src/Common/libzip/zip_source_write.c b/src/Common/libzip/zip_source_write.c
index 1646e33..73fc3a3 100644
--- a/src/Common/libzip/zip_source_write.c
+++ b/src/Common/libzip/zip_source_write.c
@@ -1,6 +1,6 @@
/*
zip_source_write.c -- start a new file for writing
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_zip.c b/src/Common/libzip/zip_source_zip.c
index b3f1805..1f77aaa 100644
--- a/src/Common/libzip/zip_source_zip.c
+++ b/src/Common/libzip/zip_source_zip.c
@@ -1,6 +1,6 @@
/*
zip_source_zip.c -- create data source from zip file
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_zip_new.c b/src/Common/libzip/zip_source_zip_new.c
index a5cfee3..f36609b 100644
--- a/src/Common/libzip/zip_source_zip_new.c
+++ b/src/Common/libzip/zip_source_zip_new.c
@@ -1,6 +1,6 @@
/*
zip_source_zip_new.c -- prepare data structures for zip_fopen/zip_source_zip
- Copyright (C) 2012-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_stat.c b/src/Common/libzip/zip_stat.c
index 02cca37..341c6f7 100644
--- a/src/Common/libzip/zip_stat.c
+++ b/src/Common/libzip/zip_stat.c
@@ -1,6 +1,6 @@
/*
zip_stat.c -- get information about file by name
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_stat_index.c b/src/Common/libzip/zip_stat_index.c
index 109c118..71f8049 100644
--- a/src/Common/libzip/zip_stat_index.c
+++ b/src/Common/libzip/zip_stat_index.c
@@ -1,6 +1,6 @@
/*
zip_stat_index.c -- get information about file by index
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2020 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -48,10 +48,17 @@ zip_stat_index(zip_t *za, zip_uint64_t index, zip_flags_t flags, zip_stat_t *st)
if ((flags & ZIP_FL_UNCHANGED) == 0 && ZIP_ENTRY_DATA_CHANGED(za->entry + index)) {
- if (zip_source_stat(za->entry[index].source, st) < 0) {
+ zip_entry_t *entry = za->entry+index;
+
+ if (zip_source_stat(entry->source, st) < 0) {
zip_error_set(&za->error, ZIP_ER_CHANGED, 0);
return -1;
}
+
+ if (entry->changes->changed & ZIP_DIRENT_LAST_MOD) {
+ st->mtime = de->last_mod;
+ st->valid |= ZIP_STAT_MTIME;
+ }
}
else {
zip_stat_init(st);
diff --git a/src/Common/libzip/zip_stat_init.c b/src/Common/libzip/zip_stat_init.c
index 0be5138..6d0903d 100644
--- a/src/Common/libzip/zip_stat_init.c
+++ b/src/Common/libzip/zip_stat_init.c
@@ -1,6 +1,6 @@
/*
zip_stat_init.c -- initialize struct zip_stat.
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_strerror.c b/src/Common/libzip/zip_strerror.c
index 9e6e86c..906c7f7 100644
--- a/src/Common/libzip/zip_strerror.c
+++ b/src/Common/libzip/zip_strerror.c
@@ -1,6 +1,6 @@
/*
zip_sterror.c -- get string representation of zip error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_string.c b/src/Common/libzip/zip_string.c
index 293766c..a6edbc5 100644
--- a/src/Common/libzip/zip_string.c
+++ b/src/Common/libzip/zip_string.c
@@ -1,6 +1,6 @@
/*
zip_string.c -- string handling (with encoding)
- Copyright (C) 2012-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_unchange.c b/src/Common/libzip/zip_unchange.c
index b0bd078..1a78e2c 100644
--- a/src/Common/libzip/zip_unchange.c
+++ b/src/Common/libzip/zip_unchange.c
@@ -1,6 +1,6 @@
/*
zip_unchange.c -- undo changes to file in zip archive
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_unchange_all.c b/src/Common/libzip/zip_unchange_all.c
index 165064b..5e7df80 100644
--- a/src/Common/libzip/zip_unchange_all.c
+++ b/src/Common/libzip/zip_unchange_all.c
@@ -1,6 +1,6 @@
/*
zip_unchange.c -- undo changes to all files in zip archive
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_unchange_archive.c b/src/Common/libzip/zip_unchange_archive.c
index f70dba9..bd223ef 100644
--- a/src/Common/libzip/zip_unchange_archive.c
+++ b/src/Common/libzip/zip_unchange_archive.c
@@ -1,6 +1,6 @@
/*
zip_unchange_archive.c -- undo global changes to ZIP archive
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_unchange_data.c b/src/Common/libzip/zip_unchange_data.c
index 1addaa8..74a429c 100644
--- a/src/Common/libzip/zip_unchange_data.c
+++ b/src/Common/libzip/zip_unchange_data.c
@@ -1,6 +1,6 @@
/*
zip_unchange_data.c -- undo helper function
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_utf-8.c b/src/Common/libzip/zip_utf-8.c
index 8f02f88..099db9b 100644
--- a/src/Common/libzip/zip_utf-8.c
+++ b/src/Common/libzip/zip_utf-8.c
@@ -1,6 +1,6 @@
/*
zip_utf-8.c -- UTF-8 support functions for libzip
- Copyright (C) 2011-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2011-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -39,7 +39,7 @@
static const zip_uint16_t _cp437_to_unicode[256] = {
/* 0x00 - 0x0F */
- 0x2007, 0x263A, 0x263B, 0x2665, 0x2666, 0x2663, 0x2660, 0x2022, 0x25D8, 0x25CB, 0x25D9, 0x2642, 0x2640, 0x266A, 0x266B, 0x263C,
+ 0x0000, 0x263A, 0x263B, 0x2665, 0x2666, 0x2663, 0x2660, 0x2022, 0x25D8, 0x25CB, 0x25D9, 0x2642, 0x2640, 0x266A, 0x266B, 0x263C,
/* 0x10 - 0x1F */
0x25BA, 0x25C4, 0x2195, 0x203C, 0x00B6, 0x00A7, 0x25AC, 0x21A8, 0x2191, 0x2193, 0x2192, 0x2190, 0x221F, 0x2194, 0x25B2, 0x25BC,
diff --git a/src/Common/libzip/zipint.h b/src/Common/libzip/zipint.h
index 3c60ece..721d36e 100644
--- a/src/Common/libzip/zipint.h
+++ b/src/Common/libzip/zipint.h
@@ -3,7 +3,7 @@
/*
zipint.h -- internal declarations.
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2020 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -40,6 +40,10 @@
#include "compat.h"
+#ifdef ZIP_ALLOCATE_BUFFER
+#include <stdlib.h>
+#endif
+
#include <zlib.h>
#ifndef _ZIP_COMPILING_DEPRECATED
@@ -146,6 +150,9 @@ extern zip_compression_algorithm_t zip_algorithm_bzip2_compress;
extern zip_compression_algorithm_t zip_algorithm_bzip2_decompress;
extern zip_compression_algorithm_t zip_algorithm_deflate_compress;
extern zip_compression_algorithm_t zip_algorithm_deflate_decompress;
+extern zip_compression_algorithm_t zip_algorithm_xz_compress;
+extern zip_compression_algorithm_t zip_algorithm_xz_decompress;
+
bool zip_compression_method_supported(zip_int32_t method, bool compress);
@@ -367,6 +374,23 @@ struct zip_string {
};
+/* byte array */
+
+/* For performance, we usually keep 8k byte arrays on the stack.
+ However, there are (embedded) systems with a stack size of 12k;
+ for those, use malloc()/free() */
+
+#ifdef ZIP_ALLOCATE_BUFFER
+#define DEFINE_BYTE_ARRAY(buf, size) zip_uint8_t *buf
+#define byte_array_init(buf, size) (((buf) = (zip_uint8_t *)malloc(size)) != NULL)
+#define byte_array_fini(buf) (free(buf))
+#else
+#define DEFINE_BYTE_ARRAY(buf, size) zip_uint8_t buf[size]
+#define byte_array_init(buf, size) (1)
+#define byte_array_fini(buf) ((void)0)
+#endif
+
+
/* bounds checked access to memory buffer */
struct zip_buffer {
@@ -447,6 +471,7 @@ void _zip_cdir_free(zip_cdir_t *);
bool _zip_cdir_grow(zip_cdir_t *cd, zip_uint64_t additional_entries, zip_error_t *error);
zip_cdir_t *_zip_cdir_new(zip_uint64_t, zip_error_t *);
zip_int64_t _zip_cdir_write(zip_t *za, const zip_filelist_t *filelist, zip_uint64_t survivors);
+time_t _zip_d2u_time(zip_uint16_t, zip_uint16_t);
void _zip_deregister_source(zip_t *za, zip_source_t *src);
zip_dirent_t *_zip_dirent_clone(const zip_dirent_t *);
@@ -502,16 +527,19 @@ zip_hash_t *_zip_hash_new(zip_error_t *error);
bool _zip_hash_reserve_capacity(zip_hash_t *hash, zip_uint64_t capacity, zip_error_t *error);
bool _zip_hash_revert(zip_hash_t *hash, zip_error_t *error);
+int _zip_mkstempm(char *path, int mode);
+
zip_t *_zip_open(zip_source_t *, unsigned int, zip_error_t *);
void _zip_progress_end(zip_progress_t *progress);
void _zip_progress_free(zip_progress_t *progress);
-zip_progress_t *_zip_progress_new(zip_t *za, double precision, zip_progress_callback callback, void (*ud_free)(void *), void *ud);
-void _zip_progress_start(zip_progress_t *progress);
-void _zip_progress_subrange(zip_progress_t *progress, double start, double end);
-void _zip_progress_update(zip_progress_t *progress, double value);
+int _zip_progress_start(zip_progress_t *progress);
+int _zip_progress_subrange(zip_progress_t *progress, double start, double end);
+int _zip_progress_update(zip_progress_t *progress, double value);
-ZIP_EXTERN bool zip_random(zip_uint8_t *buffer, zip_uint16_t length);
+/* this symbol is extern so it can be overridden for regression testing */
+ZIP_EXTERN bool zip_secure_random(zip_uint8_t *buffer, zip_uint16_t length);
+zip_uint32_t zip_random_uint32(void);
int _zip_read(zip_source_t *src, zip_uint8_t *data, zip_uint64_t length, zip_error_t *error);
int _zip_read_at_offset(zip_source_t *src, zip_uint64_t offset, unsigned char *b, size_t length, zip_error_t *error);
@@ -522,6 +550,7 @@ int _zip_register_source(zip_t *za, zip_source_t *src);
void _zip_set_open_error(int *zep, const zip_error_t *err, int ze);
+bool zip_source_accept_empty(zip_source_t *src);
zip_int64_t _zip_source_call(zip_source_t *src, void *data, zip_uint64_t length, zip_source_cmd_t command);
bool _zip_source_eof(zip_source_t *);
zip_source_t *_zip_source_file_or_p(const char *, FILE *, zip_uint64_t, zip_int64_t, const zip_stat_t *, zip_error_t *error);
diff --git a/src/Common/libzip/zipwin32.h b/src/Common/libzip/zipwin32.h
index d2c5d82..870f1d5 100644
--- a/src/Common/libzip/zipwin32.h
+++ b/src/Common/libzip/zipwin32.h
@@ -3,7 +3,7 @@
/*
zipwin32.h -- internal declarations for Windows.
- Copyright (C) 1999-2015 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp
index c22a50c..01d3981 100644
--- a/src/Core/CoreBase.cpp
+++ b/src/Core/CoreBase.cpp
@@ -20,6 +20,9 @@ namespace VeraCrypt
{
CoreBase::CoreBase ()
: DeviceChangeInProgress (false)
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ , UseDummySudoPassword (false)
+#endif
{
}
diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h
index eb830ba..8f41ddd 100644
--- a/src/Core/CoreBase.h
+++ b/src/Core/CoreBase.h
@@ -77,6 +77,10 @@ namespace VeraCrypt
virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0;
virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0;
virtual void WipePasswordCache () const = 0;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;}
+ virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;}
+#endif
Event VolumeDismountedEvent;
Event VolumeMountedEvent;
@@ -87,6 +91,9 @@ namespace VeraCrypt
bool DeviceChangeInProgress;
FilePath ApplicationExecutablePath;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ bool UseDummySudoPassword;
+#endif
private:
CoreBase (const CoreBase &);
diff --git a/src/Core/RandomNumberGenerator.cpp b/src/Core/RandomNumberGenerator.cpp
index fffd948..70c4649 100644
--- a/src/Core/RandomNumberGenerator.cpp
+++ b/src/Core/RandomNumberGenerator.cpp
@@ -46,6 +46,16 @@ namespace VeraCrypt
throw_sys_sub_if (read (random, buffer, buffer.Size()) == -1 && errno != EAGAIN, L"/dev/random");
AddToPool (buffer);
+
+ /* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */
+ if (JitterRngCtx)
+ {
+ ssize_t rndLen = jent_read_entropy (JitterRngCtx, (char*) buffer.Ptr(), buffer.Size());
+ if (rndLen > 0)
+ {
+ AddToPool (buffer);
+ }
+ }
}
#endif
}
@@ -80,6 +90,12 @@ namespace VeraCrypt
ScopeLock lock (AccessMutex);
size_t bufferLen = buffer.Size(), loopLen;
byte* pbBuffer = buffer.Get();
+
+ // Initialize JitterEntropy RNG for this call
+ if (0 == jent_entropy_init ())
+ {
+ JitterRngCtx = jent_entropy_collector_alloc (1, 0);
+ }
// Poll system for data
AddSystemDataToPool (fast);
@@ -127,6 +143,12 @@ namespace VeraCrypt
pbBuffer += loopLen;
}
+
+ if (JitterRngCtx)
+ {
+ jent_entropy_collector_free (JitterRngCtx);
+ JitterRngCtx = NULL;
+ }
}
shared_ptr <Hash> RandomNumberGenerator::GetHash ()
@@ -232,4 +254,5 @@ namespace VeraCrypt
size_t RandomNumberGenerator::ReadOffset;
bool RandomNumberGenerator::Running = false;
size_t RandomNumberGenerator::WriteOffset;
+ struct rand_data *RandomNumberGenerator::JitterRngCtx = NULL;
}
diff --git a/src/Core/RandomNumberGenerator.h b/src/Core/RandomNumberGenerator.h
index 2d1d314..6df31ae 100644
--- a/src/Core/RandomNumberGenerator.h
+++ b/src/Core/RandomNumberGenerator.h
@@ -16,6 +16,7 @@
#include "Platform/Platform.h"
#include "Volume/Hash.h"
#include "Common/Random.h"
+#include "Crypto/jitterentropy.h"
namespace VeraCrypt
{
@@ -53,6 +54,7 @@ namespace VeraCrypt
static size_t ReadOffset;
static bool Running;
static size_t WriteOffset;
+ static struct rand_data *JitterRngCtx;
};
}
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp
index 77d55b2..2a77c90 100644
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -13,6 +13,7 @@
#include "CoreService.h"
#include <fcntl.h>
#include <sys/wait.h>
+#include <stdio.h>
#include "Platform/FileStream.h"
#include "Platform/MemoryStream.h"
#include "Platform/Serializable.h"
@@ -290,6 +291,53 @@ namespace VeraCrypt
while (!ElevatedServiceAvailable)
{
+ // Test if the user has an active "sudo" session.
+ // This is only done under Linux / FreeBSD by executing the command 'sudo -n uptime'.
+ // In case a "sudo" session is active, the result of the command contains the string 'load average'.
+ // Otherwise, the result contains "sudo: a password is required".
+ // This may not work on all OSX versions because of a bug in sudo in its version 1.7.10,
+ // therefore we keep the old behaviour of sending a 'dummy' password under OSX.
+ // See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0
+ //
+ // If for some reason we are getting empty output from pipe, we revert to old behavior
+ // We also use the old way if the user is forcing the use of dummy password for sudo
+
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+
+ if (!Core->GetUseDummySudoPassword ())
+ {
+ std::vector<char> buffer(128, 0);
+ std::string result;
+ bool authCheckDone = false;
+
+ FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command
+ if (pipe)
+ {
+ while (!feof(pipe))
+ {
+ if (fgets(buffer.data(), 128, pipe) != nullptr)
+ result += buffer.data();
+ }
+
+ fflush(pipe);
+ pclose(pipe);
+ pipe = NULL;
+
+ if (!result.empty() && strlen(result.c_str()) != 0)
+ {
+ authCheckDone = true;
+ if (result[0] == '0') // no line found with "load average" text, rerquest admin password
+ (*AdminPasswordCallback) (request.AdminPassword);
+ }
+ }
+
+ if (authCheckDone)
+ {
+ // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
+ request.FastElevation = false;
+ }
+ }
+#endif
try
{
request.Serialize (ServiceInputStream);
@@ -396,6 +444,7 @@ namespace VeraCrypt
vector <char> adminPassword (request.AdminPassword.size() + 1);
int timeout = 6000;
+ // 'request.FastElevation' is always false under Linux / FreeBSD when "sudo -n" works properly
if (request.FastElevation)
{
string dummyPassword = "dummy\n";
@@ -457,6 +506,7 @@ namespace VeraCrypt
outPipe->Close();
errPipe.Close();
+ // 'request.FastElevation' is always false under Linux / FreeBSD
if (request.FastElevation)
{
// Prevent defunct process
diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp
index 372c450..a648520 100644
--- a/src/Core/Unix/CoreUnix.cpp
+++ b/src/Core/Unix/CoreUnix.cpp
@@ -465,6 +465,7 @@ namespace VeraCrypt
continue;
}
+ options.Password.reset();
throw;
}
@@ -473,8 +474,10 @@ namespace VeraCrypt
if (options.Path->IsDevice())
{
- if (volume->GetFile()->GetDeviceSectorSize() != volume->GetSectorSize())
- throw ParameterIncorrect (SRC_POS);
+ const uint32 devSectorSize = volume->GetFile()->GetDeviceSectorSize();
+ const size_t volSectorSize = volume->GetSectorSize();
+ if (devSectorSize != volSectorSize)
+ throw DeviceSectorSizeMismatch (SRC_POS, StringConverter::ToWide(devSectorSize) + L" != " + StringConverter::ToWide((uint32) volSectorSize));
}
// Find a free mount point for FUSE service
diff --git a/src/Core/VolumeCreator.h b/src/Core/VolumeCreator.h
index 4f56308..6b8f143 100644
--- a/src/Core/VolumeCreator.h
+++ b/src/Core/VolumeCreator.h
@@ -45,6 +45,7 @@ namespace VeraCrypt
Ext3,
Ext4,
MacOsExt,
+ APFS,
UFS
};
diff --git a/src/Crypto/Aeskey.c b/src/Crypto/Aeskey.c
index c9ab026..9b7bfd1 100644
--- a/src/Crypto/Aeskey.c
+++ b/src/Crypto/Aeskey.c
@@ -27,6 +27,7 @@
#include "Aesopt.h"
#include "Aestab.h"
+#include "Common/Tcdefs.h"
#ifdef USE_VIA_ACE_IF_PRESENT
# include "aes_via_ace.h"
@@ -95,6 +96,8 @@ AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -147,6 +150,8 @@ AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -202,6 +207,8 @@ AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -352,6 +359,8 @@ AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -439,6 +448,8 @@ AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -538,6 +549,8 @@ AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
diff --git a/src/Crypto/Camellia.c b/src/Crypto/Camellia.c
index 49bc767..b3a3578 100644
--- a/src/Crypto/Camellia.c
+++ b/src/Crypto/Camellia.c
@@ -3,7 +3,7 @@
#include "Crypto/cpu.h"
#include "Crypto/misc.h"
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
/* camellia.c ver 1.2.0-x86_64_asm1.1
*
diff --git a/src/Crypto/Camellia.h b/src/Crypto/Camellia.h
index 988203d..a1cb832 100644
--- a/src/Crypto/Camellia.h
+++ b/src/Crypto/Camellia.h
@@ -17,7 +17,7 @@ void camellia_set_key(const unsigned __int8 userKey[], unsigned __int8 *ks);
void camellia_encrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
void camellia_decrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
void camellia_encrypt_blocks(unsigned __int8 *ks, const byte* in_blk, byte* out_blk, uint32 blockCount);
void camellia_decrypt_blocks(unsigned __int8 *ks, const byte* in_blk, byte* out_blk, uint32 blockCount);
#endif
diff --git a/src/Crypto/Crypto.vcxproj b/src/Crypto/Crypto.vcxproj
index 027a87e..c6e0aac 100644
--- a/src/Crypto/Crypto.vcxproj
+++ b/src/Crypto/Crypto.vcxproj
@@ -403,6 +403,21 @@
<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
</CustomBuild>
+ <CustomBuild Include="rdseed_ml.asm">
+ <FileType>Document</FileType>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">echo %(Filename)%(Extension) &amp; ml64.exe /nologo /D_M_X64 /W3 /Cx /Zi /Fo "$(TargetDir)\%(Filename).obj" /c "%(FullPath)"
+</Command>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">echo %(Filename)%(Extension) &amp; ml64.exe /nologo /D_M_X64 /W3 /Cx /Zi /Fo "$(TargetDir)\%(Filename).obj" /c "%(FullPath)"
+</Command>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">echo %(Filename)%(Extension) &amp; ml.exe /nologo /D_M_X86 /W3 /Cx /Zi /safeseh /Fo "$(TargetDir)\%(Filename).obj" /c "%(FullPath)"
+</Command>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">echo %(Filename)%(Extension) &amp; ml.exe /nologo /D_M_X86 /W3 /Cx /Zi /safeseh /Fo "$(TargetDir)\%(Filename).obj" /c "%(FullPath)"
+</Command>
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
+ </CustomBuild>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
diff --git a/src/Crypto/Crypto.vcxproj.filters b/src/Crypto/Crypto.vcxproj.filters
index e7b3c3a..541a086 100644
--- a/src/Crypto/Crypto.vcxproj.filters
+++ b/src/Crypto/Crypto.vcxproj.filters
@@ -217,5 +217,8 @@
<CustomBuild Include="rdrand_ml.asm">
<Filter>Source Files</Filter>
</CustomBuild>
+ <CustomBuild Include="rdseed_ml.asm">
+ <Filter>Source Files</Filter>
+ </CustomBuild>
</ItemGroup>
</Project> \ No newline at end of file
diff --git a/src/Crypto/Makefile.inc b/src/Crypto/Makefile.inc
index 86b7a6f..c8d2dfd 100644
--- a/src/Crypto/Makefile.inc
+++ b/src/Crypto/Makefile.inc
@@ -60,4 +60,8 @@ TC_ASM_ERR_LOG = ..\Driver\build_errors_asm.log
"$(OBJ_PATH)\$(O)\rdrand_ml.obj": rdrand_ml.asm
$(VC_MLEXE) $(VC_MLFLAGS) /Fo "$@" /c rdrand_ml.asm 2>$(TC_ASM_ERR_LOG)
+
+"$(OBJ_PATH)\$(O)\rdseed_ml.obj": rdseed_ml.asm
+ $(VC_MLEXE) $(VC_MLFLAGS) /Fo "$@" /c rdseed_ml.asm 2>$(TC_ASM_ERR_LOG)
+
diff --git a/src/Crypto/Sha2.c b/src/Crypto/Sha2.c
index 505ebb0..31cba7f 100644
--- a/src/Crypto/Sha2.c
+++ b/src/Crypto/Sha2.c
@@ -10,7 +10,7 @@ and released into public domain.
#include "Crypto/cpu.h"
#include "Crypto/misc.h"
-#ifdef _UEFI
+#if defined(_UEFI) || defined(CRYPTOPP_DISABLE_ASM)
#define NO_OPTIMIZED_VERSIONS
#endif
@@ -318,7 +318,7 @@ extern "C"
#endif
-CRYPTOPP_ALIGN_DATA(16) uint_32t SHA256_K[64] CRYPTOPP_SECTION_ALIGN16 = {
+CRYPTOPP_ALIGN_DATA(16) static const uint_32t SHA256_K[64] CRYPTOPP_SECTION_ALIGN16 = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
@@ -774,7 +774,7 @@ void sha256_begin(sha256_ctx* ctx)
if (!sha256transfunc)
{
#ifndef NO_OPTIMIZED_VERSIONS
-#ifdef _M_X64
+#if CRYPTOPP_BOOL_X64
if (g_isIntel && HasSAVX2() && HasSBMI2())
sha256transfunc = Avx2Sha256Transform;
else if (g_isIntel && HasSAVX())
diff --git a/src/Crypto/Sha2.h b/src/Crypto/Sha2.h
index 37625ce..7e90abf 100644
--- a/src/Crypto/Sha2.h
+++ b/src/Crypto/Sha2.h
@@ -22,7 +22,7 @@ extern "C" {
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(32)
#else
#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(16)
diff --git a/src/Crypto/Sources b/src/Crypto/Sources
index 2db68a7..9a1bef1 100644
--- a/src/Crypto/Sources
+++ b/src/Crypto/Sources
@@ -25,6 +25,7 @@ SOURCES = \
gost89_$(TC_ARCH).asm \
Aes_hw_cpu.asm \
rdrand_ml.asm \
+ rdseed_ml.asm \
Aeskey.c \
Aestab.c \
chacha-xmm.c \
diff --git a/src/Crypto/Twofish.c b/src/Crypto/Twofish.c
index 8ab5908..f0906f1 100644
--- a/src/Crypto/Twofish.c
+++ b/src/Crypto/Twofish.c
@@ -54,7 +54,7 @@
#define UNROLL_TWOFISH
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
/* these are 64-bit assembly implementation taken from https://github.com/jkivilin/supercop-blockciphers
Copyright 2011-2013 Jussi Kivilinna <jussi.kivilinna@iki.fi>
@@ -630,7 +630,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])
uint32 b = rotl32(MDSQ[0][Q[0][Q[0][Q[1][Q[1][i + 1] ^ key[28]] ^ key[20]] ^ key[12]] ^ key[4]] ^ MDSQ[1][Q[0][Q[1][Q[1][Q[0][i + 1] ^ key[29]] ^ key[21]] ^ key[13]] ^ key[5]]
^ MDSQ[2][Q[1][Q[0][Q[0][Q[0][i + 1] ^ key[30]] ^ key[22]] ^ key[14]] ^ key[6]] ^ MDSQ[3][Q[1][Q[1][Q[0][Q[1][i + 1] ^ key[31]] ^ key[23]] ^ key[15]] ^ key[7]], 8);
a += b;
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
if (i < 8)
{
instance->w[i] = a;
@@ -998,7 +998,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])
#ifndef TC_MINIMIZE_CODE_SIZE
-#if (CRYPTOPP_BOOL_X64 == 0)
+#if (CRYPTOPP_BOOL_X64 == 0) || defined(CRYPTOPP_DISABLE_ASM)
void twofish_encrypt(TwofishInstance *ks, const u4byte in_blk[4], u4byte out_blk[4])
{
uint32* rk = ks->l_key;
@@ -1071,7 +1071,7 @@ void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte o
#ifndef TC_MINIMIZE_CODE_SIZE
-#if (CRYPTOPP_BOOL_X64 == 0)
+#if (CRYPTOPP_BOOL_X64 == 0) || defined(CRYPTOPP_DISABLE_ASM)
void twofish_decrypt(TwofishInstance *ks, const u4byte in_blk[4], u4byte out_blk[4])
{
uint32* rk = ks->l_key;
diff --git a/src/Crypto/Twofish.h b/src/Crypto/Twofish.h
index cec99c7..e74826e 100644
--- a/src/Crypto/Twofish.h
+++ b/src/Crypto/Twofish.h
@@ -35,7 +35,7 @@ extern "C"
#endif
typedef struct
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
u4byte mk_tab[4][256], w[8], k[32];
#else
u4byte l_key[40];
@@ -54,7 +54,7 @@ typedef struct
/* in_key must be 32-bytes long */
void twofish_set_key(TwofishInstance *instance, const u4byte in_key[]);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
void twofish_encrypt_blocks(TwofishInstance *instance, const byte* in_blk, byte* out_blk, uint32 blockCount);
void twofish_decrypt_blocks(TwofishInstance *instance, const byte* in_blk, byte* out_blk, uint32 blockCount);
#define twofish_encrypt(instance,in_blk,out_blk) twofish_encrypt_blocks(instance, (const byte*) in_blk, (byte*) out_blk, 1)
diff --git a/src/Crypto/Whirlpool.c b/src/Crypto/Whirlpool.c
index 35188c6..9452951 100644
--- a/src/Crypto/Whirlpool.c
+++ b/src/Crypto/Whirlpool.c
@@ -643,6 +643,20 @@ static const uint64 Whirlpool_C[8*256+R] = {
void WhirlpoolTransform(uint64 *digest, const uint64 *block)
{
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
+#if defined(__GNUC__) && (CRYPTOPP_GCC_VERSION <= 40407)
+ /* workaround for gcc 4.4.7 bug under CentOS which causes crash
+ * in inline assembly.
+ * This dummy check that is always false since "block" is aligned.
+ */
+ uint64 lb = (uint64) block;
+ if (lb % 16)
+ {
+ TC_THROW_FATAL_EXCEPTION;
+ }
+#endif
+#endif
+
+#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
if (HasISSE())
{
#ifdef __GNUC__
diff --git a/src/Crypto/cpu.c b/src/Crypto/cpu.c
index b831696..4aeb8d3 100644
--- a/src/Crypto/cpu.c
+++ b/src/Crypto/cpu.c
@@ -2,6 +2,9 @@
#include "cpu.h"
#include "misc.h"
+#if defined(_MSC_VER) && !defined(_UEFI)
+#include "rdrand.h"
+#endif
#ifndef EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER 1
@@ -218,8 +221,8 @@ VC_INLINE int IsAMD(const uint32 output[4])
{
// This is the "AuthenticAMD" string
return (output[1] /*EBX*/ == 0x68747541) &&
- (output[2] /*ECX*/ == 0x69746E65) &&
- (output[3] /*EDX*/ == 0x444D4163);
+ (output[2] /*ECX*/ == 0x444D4163) &&
+ (output[3] /*EDX*/ == 0x69746E65);
}
VC_INLINE int IsHygon(const uint32 output[4])
@@ -386,6 +389,32 @@ void DetectX86Features()
}
}
}
+#if defined(_MSC_VER) && !defined(_UEFI)
+ /* Add check fur buggy RDRAND (AMD Ryzen case) even if we always use RDSEED instead of RDRAND when RDSEED available */
+ if (g_hasRDRAND)
+ {
+ if ( RDRAND_getBytes ((unsigned char*) cpuid, sizeof (cpuid))
+ && (cpuid[0] == 0xFFFFFFFF) && (cpuid[1] == 0xFFFFFFFF)
+ && (cpuid[2] == 0xFFFFFFFF) && (cpuid[3] == 0xFFFFFFFF)
+ )
+ {
+ g_hasRDRAND = 0;
+ g_hasRDSEED = 0;
+ }
+ }
+
+ if (g_hasRDSEED)
+ {
+ if ( RDSEED_getBytes ((unsigned char*) cpuid, sizeof (cpuid))
+ && (cpuid[0] == 0xFFFFFFFF) && (cpuid[1] == 0xFFFFFFFF)
+ && (cpuid[2] == 0xFFFFFFFF) && (cpuid[3] == 0xFFFFFFFF)
+ )
+ {
+ g_hasRDRAND = 0;
+ g_hasRDSEED = 0;
+ }
+ }
+#endif
if (!g_cacheLineSize)
g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
diff --git a/src/Crypto/cpu.h b/src/Crypto/cpu.h
index ee8c16a..e7affae 100644
--- a/src/Crypto/cpu.h
+++ b/src/Crypto/cpu.h
@@ -25,7 +25,7 @@
#define ATT_NOPREFIX
#endif
-#ifdef _MSC_VER
+#if defined (_MSC_VER) && !defined (TC_WINDOWS_BOOT)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
#if defined(__cplusplus)
extern "C" {
@@ -144,6 +144,7 @@ extern __m128i _mm_set1_epi64x (__int64 a);
#endif
#if CRYPTOPP_SSSE3_AVAILABLE || defined(__INTEL_COMPILER)
+#if defined (_MSC_VER) && !defined (TC_WINDOWS_BOOT)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
#if defined(__cplusplus)
extern "C" {
@@ -155,6 +156,7 @@ extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b);
#else
#include <tmmintrin.h>
#endif
+#endif
#if defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
diff --git a/src/Crypto/jitterentropy-base-user.h b/src/Crypto/jitterentropy-base-user.h
index cbb2f47..a4f5cb4 100644
--- a/src/Crypto/jitterentropy-base-user.h
+++ b/src/Crypto/jitterentropy-base-user.h
@@ -1,7 +1,7 @@
/*
* Non-physical true random number generator based on timing jitter.
*
- * Copyright Stephan Mueller <smueller@chronox.de>, 2013
+ * Copyright Stephan Mueller <smueller@chronox.de>, 2013 - 2019
*
* License
* =======
@@ -35,7 +35,7 @@
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
- e USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
+ * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
@@ -49,8 +49,6 @@
#include <stdlib.h>
#include <string.h>
-typedef uint64 __u64;
-
#ifdef _MSC_VER
typedef uint64 uint64_t;
@@ -70,17 +68,19 @@ typedef int32 ssize_t;
#endif
#endif
-static VC_INLINE void jent_get_nstime(__u64 *out)
+static VC_INLINE void jent_get_nstime(uint64 *out)
{
*out = __rdtsc();;
}
#else
+#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
+
/* taken from Linux kernel */
#if CRYPTOPP_BOOL_X64
#define DECLARE_ARGS(val, low, high) unsigned low, high
-#define EAX_EDX_VAL(val, low, high) ((low) | ((__u64)(high) << 32))
+#define EAX_EDX_VAL(val, low, high) ((low) | ((uint64)(high) << 32))
#define EAX_EDX_RET(val, low, high) "=a" (low), "=d" (high)
#else
#define DECLARE_ARGS(val, low, high) unsigned long long val
@@ -88,16 +88,42 @@ static VC_INLINE void jent_get_nstime(__u64 *out)
#define EAX_EDX_RET(val, low, high) "=A" (val)
#endif
-static VC_INLINE void jent_get_nstime(__u64 *out)
+VC_INLINE void jent_get_nstime(uint64 *out)
{
DECLARE_ARGS(val, low, high);
asm volatile("rdtsc" : EAX_EDX_RET(val, low, high));
*out = EAX_EDX_VAL(val, low, high);
}
+#else
+
+#include <time.h>
+
+VC_INLINE void jent_get_nstime(uint64 *out)
+{
+ /* we could use CLOCK_MONOTONIC(_RAW), but with CLOCK_REALTIME
+ * we get some nice extra entropy once in a while from the NTP actions
+ * that we want to use as well... though, we do not rely on that
+ * extra little entropy */
+ uint64_t tmp = 0;
+ struct timespec time;
+ if (clock_gettime(CLOCK_REALTIME, &time) == 0)
+ {
+ tmp = time.tv_sec;
+ tmp = tmp << 32;
+ tmp = tmp | time.tv_nsec;
+ }
+ *out = tmp;
+}
+
+#endif
+
#endif
-static VC_INLINE void *jent_zalloc(size_t len)
+#ifdef _MSC_VER
+static
+#endif
+VC_INLINE void *jent_zalloc(size_t len)
{
void *tmp = NULL;
tmp = TCalloc(len);
@@ -111,7 +137,10 @@ static VC_INLINE void *jent_zalloc(size_t len)
return tmp;
}
-static VC_INLINE void jent_zfree(void *ptr, unsigned int len)
+#ifdef _MSC_VER
+static
+#endif
+VC_INLINE void jent_zfree(void *ptr, unsigned int len)
{
if (len % 8)
burn(ptr, len);
@@ -123,7 +152,10 @@ static VC_INLINE void jent_zfree(void *ptr, unsigned int len)
TCfree(ptr);
}
-static VC_INLINE int jent_fips_enabled(void)
+#ifdef _MSC_VER
+static
+#endif
+VC_INLINE int jent_fips_enabled(void)
{
return 0;
}
diff --git a/src/Crypto/jitterentropy-base.c b/src/Crypto/jitterentropy-base.c
index c05f0c3..c3856b4 100644
--- a/src/Crypto/jitterentropy-base.c
+++ b/src/Crypto/jitterentropy-base.c
@@ -1,7 +1,7 @@
/*
* Non-physical true random number generator based on timing jitter.
*
- * Copyright Stephan Mueller <smueller@chronox.de>, 2014 - 2018
+ * Copyright Stephan Mueller <smueller@chronox.de>, 2014 - 2019
*
* Design
* ======
@@ -11,7 +11,7 @@
* Interface
* =========
*
- * See documentation in doc/ folder.
+ * See documentation in jitterentropy(3) man page.
*
* License
* =======
@@ -51,34 +51,44 @@
/* Adapted for VeraCrypt */
+
+#ifdef TC_WINDOWS_DRIVER
+#define UINT64_MAX 0xffffffffffffffffU
+#else
+#include <stdint.h>
+#endif
+
#undef _FORTIFY_SOURCE
#ifdef _MSC_VER
#pragma optimize( "", off )
#pragma warning(disable:4242 4244 4334) /* disable warnings on the original code */
#else
-#pragma GCC optimize ("O0")
+#if defined(__clang__)
+ #pragma clang optimize off
+#elif defined (__GNUC__)
+ #pragma GCC optimize ("O0")
+#endif
#endif
#include "jitterentropy.h"
-#ifndef CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT
- /* only check optimization in a compilation for real work */
- #ifdef __OPTIMIZE__
- #error "The CPU Jitter random number generator must not be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitterentropy-base.c."
- #endif
+#ifdef __OPTIMIZE__
+ #error "The CPU Jitter random number generator must not be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitterentropy-base.c."
#endif
#define MAJVERSION 2 /* API / ABI incompatible changes, functional changes that
* require consumer to be updated (as long as this number
* is zero, the API is not considered stable and can
* change without a bump of the major version) */
-#define MINVERSION 1 /* API compatible, ABI may change, functional
+#define MINVERSION 2 /* API compatible, ABI may change, functional
* enhancements only, consumer can be left unchanged if
* enhancements are not considered */
-#define PATCHLEVEL 2 /* API / ABI compatible, no functional changes, no
+#define PATCHLEVEL 0 /* API / ABI compatible, no functional changes, no
* enhancements, bug fixes only */
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+
/**
* jent_version() - Return machine-usable version number of jent library
*
@@ -90,7 +100,7 @@
* The result of this function can be used in comparing the version number
* in a calling program if version-specific calls need to be make.
*
- * Return: Version number of jitterentropy library
+ * @return Version number of jitterentropy library
*/
JENT_PRIVATE_STATIC
unsigned int jent_version(void)
@@ -104,15 +114,206 @@ unsigned int jent_version(void)
return version;
}
+/***************************************************************************
+ * Adaptive Proportion Test
+ *
+ * This test complies with SP800-90B section 4.4.2.
+ ***************************************************************************/
+
+/**
+ * Reset the APT counter
+ *
+ * @ec [in] Reference to entropy collector
+ */
+static void jent_apt_reset(struct rand_data *ec, unsigned int delta_masked)
+{
+ /* Reset APT counter */
+ ec->apt_count = 0;
+ ec->apt_base = delta_masked;
+ ec->apt_observations = 0;
+}
+
+/**
+ * Insert a new entropy event into APT
+ *
+ * @ec [in] Reference to entropy collector
+ * @delta_masked [in] Masked time delta to process
+ */
+static void jent_apt_insert(struct rand_data *ec, unsigned int delta_masked)
+{
+ /* Initialize the base reference */
+ if (!ec->apt_base_set) {
+ ec->apt_base = delta_masked;
+ ec->apt_base_set = 1;
+ return;
+ }
+
+ if (delta_masked == ec->apt_base) {
+ ec->apt_count++;
+
+ if (ec->apt_count >= JENT_APT_CUTOFF)
+ ec->health_failure = 1;
+ }
+
+ ec->apt_observations++;
+
+ if (ec->apt_observations >= JENT_APT_WINDOW_SIZE)
+ jent_apt_reset(ec, delta_masked);
+}
+
+/***************************************************************************
+ * Stuck Test and its use as Repetition Count Test
+ *
+ * The Jitter RNG uses an enhanced version of the Repetition Count Test
+ * (RCT) specified in SP800-90B section 4.4.1. Instead of counting identical
+ * back-to-back values, the input to the RCT is the counting of the stuck
+ * values during the generation of one Jitter RNG output block.
+ *
+ * The RCT is applied with an alpha of 2^{-30} compliant to FIPS 140-2 IG 9.8.
+ *
+ * During the counting operation, the Jitter RNG always calculates the RCT
+ * cut-off value of C. If that value exceeds the allowed cut-off value,
+ * the Jitter RNG output block will be calculated completely but discarded at
+ * the end. The caller of the Jitter RNG is informed with an error code.
+ ***************************************************************************/
+
+/**
+ * Repetition Count Test as defined in SP800-90B section 4.4.1
+ *
+ * @ec [in] Reference to entropy collector
+ * @stuck [in] Indicator whether the value is stuck
+ */
+static void jent_rct_insert(struct rand_data *ec, int stuck)
+{
+ /*
+ * If we have a count less than zero, a previous RCT round identified
+ * a failure. We will not overwrite it.
+ */
+ if (ec->rct_count < 0)
+ return;
+
+ if (stuck) {
+ ec->rct_count++;
+
+ /*
+ * The cutoff value is based on the following consideration:
+ * alpha = 2^-30 as recommended in FIPS 140-2 IG 9.8.
+ * In addition, we require an entropy value H of 1/OSR as this
+ * is the minimum entropy required to provide full entropy.
+ * Note, we collect 64 * OSR deltas for inserting them into
+ * the entropy pool which should then have (close to) 64 bits
+ * of entropy.
+ *
+ * Note, ec->rct_count (which equals to value B in the pseudo
+ * code of SP800-90B section 4.4.1) starts with zero. Hence
+ * we need to subtract one from the cutoff value as calculated
+ * following SP800-90B.
+ */
+ if ((unsigned int)ec->rct_count >= (30 * ec->osr)) {
+ ec->rct_count = -1;
+ ec->health_failure = 1;
+ }
+ } else {
+ ec->rct_count = 0;
+ }
+}
+
+/**
+ * Is there an RCT health test failure?
+ *
+ * @ec [in] Reference to entropy collector
+ *
+ * @return
+ * 0 No health test failure
+ * 1 Permanent health test failure
+ */
+static int jent_rct_failure(struct rand_data *ec)
+{
+ if (ec->rct_count < 0)
+ return 1;
+ return 0;
+}
+
+#ifdef _MSC_VER
+static
+#endif
+VC_INLINE uint64_t jent_delta(uint64_t prev, uint64_t next)
+{
+ return (prev < next) ? (next - prev) : (UINT64_MAX - prev + 1 + next);
+}
+
+/**
+ * Stuck test by checking the:
+ * 1st derivative of the jitter measurement (time delta)
+ * 2nd derivative of the jitter measurement (delta of time deltas)
+ * 3rd derivative of the jitter measurement (delta of delta of time deltas)
+ *
+ * All values must always be non-zero.
+ *
+ * @ec [in] Reference to entropy collector
+ * @current_delta [in] Jitter time delta
+ *
+ * @return
+ * 0 jitter measurement not stuck (good bit)
+ * 1 jitter measurement stuck (reject bit)
+ */
+static int jent_stuck(struct rand_data *ec, uint64_t current_delta)
+{
+ uint64_t delta2 = jent_delta(ec->last_delta, current_delta);
+ uint64_t delta3 = jent_delta(ec->last_delta2, delta2);
+ unsigned int delta_masked = current_delta & JENT_APT_WORD_MASK;
+
+ ec->last_delta = current_delta;
+ ec->last_delta2 = delta2;
+
+ /*
+ * Insert the result of the comparison of two back-to-back time
+ * deltas.
+ */
+ jent_apt_insert(ec, delta_masked);
+
+ if (!current_delta || !delta2 || !delta3) {
+ /* RCT with a stuck bit */
+ jent_rct_insert(ec, 1);
+ return 1;
+ }
+
+ /* RCT with a non-stuck bit */
+ jent_rct_insert(ec, 0);
+
+ return 0;
+}
+
+/**
+ * Report any health test failures
+ *
+ * @ec [in] Reference to entropy collector
+ *
+ * @return
+ * 0 No health test failure
+ * 1 Permanent health test failure
+ */
+static int jent_health_failure(struct rand_data *ec)
+{
+ /* Test is only enabled in FIPS mode */
+ if (!ec->fips_enabled)
+ return 0;
+
+ return ec->health_failure;
+}
+
+/***************************************************************************
+ * Noise sources
+ ***************************************************************************/
+
/**
* Update of the loop count used for the next round of
* an entropy collection.
*
- * Input:
- * @ec entropy collector struct -- may be NULL
- * @bits is the number of low bits of the timer to consider
- * @min is the number of bits we shift the timer value to the right at
- * the end to make sure we have a guaranteed minimum value
+ * @ec [in] entropy collector struct -- may be NULL
+ * @bits [in] is the number of low bits of the timer to consider
+ * @min [in] is the number of bits we shift the timer value to the right at
+ * the end to make sure we have a guaranteed minimum value
*
* @return Newly calculated loop counter
*/
@@ -147,10 +348,6 @@ static uint64_t jent_loop_shuffle(struct rand_data *ec,
return (shuffle + (1<<min));
}
-/***************************************************************************
- * Noise sources
- ***************************************************************************/
-
/**
* CPU Jitter noise source -- this is the noise source based on the CPU
* execution time jitter
@@ -161,30 +358,27 @@ static uint64_t jent_loop_shuffle(struct rand_data *ec,
* The code is deliberately inefficient with respect to the bit shifting
* and shall stay that way. This function is the root cause why the code
* shall be compiled without optimization. This function not only acts as
- * folding operation, but this function's execution is used to measure
+ * LFSR operation, but this function's execution is used to measure
* the CPU execution time jitter. Any change to the loop in this function
* implies that careful retesting must be done.
*
- * Input:
- * @ec entropy collector struct -- may be NULL
- * @time time stamp to be injected
- * @loop_cnt if a value not equal to 0 is set, use the given value as number of
- * loops to perform the folding
+ * @ec [in] entropy collector struct -- may be NULL
+ * @time [in] time stamp to be injected
+ * @loop_cnt [in] if a value not equal to 0 is set, use the given value as
+ * number of loops to perform the LFSR
*
* Output:
* updated ec->data
- *
- * @return Number of loops the folding operation is performed
*/
-static uint64_t jent_lfsr_time(struct rand_data *ec, uint64_t time,
- uint64_t loop_cnt)
+static void jent_lfsr_time(struct rand_data *ec, uint64_t time,
+ uint64_t loop_cnt, int stuck)
{
unsigned int i;
uint64_t j = 0;
uint64_t new = 0;
#define MAX_FOLD_LOOP_BIT 4
#define MIN_FOLD_LOOP_BIT 0
- uint64_t fold_loop_cnt =
+ uint64_t lfsr_loop_cnt =
jent_loop_shuffle(ec, MAX_FOLD_LOOP_BIT, MIN_FOLD_LOOP_BIT);
/*
@@ -192,8 +386,8 @@ static uint64_t jent_lfsr_time(struct rand_data *ec, uint64_t time,
* needed during runtime
*/
if (loop_cnt)
- fold_loop_cnt = loop_cnt;
- for (j = 0; j < fold_loop_cnt; j++) {
+ lfsr_loop_cnt = loop_cnt;
+ for (j = 0; j < lfsr_loop_cnt; j++) {
new = ec->data;
for (i = 1; (DATA_SIZE_BITS) >= i; i++) {
uint64_t tmp = time << (DATA_SIZE_BITS - i);
@@ -220,9 +414,17 @@ static uint64_t jent_lfsr_time(struct rand_data *ec, uint64_t time,
new ^= tmp;
}
}
- ec->data = new;
- return fold_loop_cnt;
+ /*
+ * If the time stamp is stuck, do not finally insert the value into
+ * the entropy pool. Although this operation should not do any harm
+ * even when the time stamp has no entropy, SP800-90B requires that
+ * any conditioning operation (SP800-90B considers the LFSR to be a
+ * conditioning operation) to have an identical amount of input
+ * data according to section 3.1.5.
+ */
+ if (!stuck)
+ ec->data = new;
}
/**
@@ -243,16 +445,13 @@ static uint64_t jent_lfsr_time(struct rand_data *ec, uint64_t time,
* to reliably access either L3 or memory, the ec->mem memory must be quite
* large which is usually not desirable.
*
- * Input:
- * @ec Reference to the entropy collector with the memory access data -- if
- * the reference to the memory block to be accessed is NULL, this noise
- * source is disabled
- * @loop_cnt if a value not equal to 0 is set, use the given value as number of
- * loops to perform the folding
- *
- * @return Number of memory access operations
+ * @ec [in] Reference to the entropy collector with the memory access data -- if
+ * the reference to the memory block to be accessed is NULL, this noise
+ * source is disabled
+ * @loop_cnt [in] if a value not equal to 0 is set, use the given value as
+ * number of loops to perform the folding
*/
-static unsigned int jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
+static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
{
unsigned int wrap = 0;
uint64_t i = 0;
@@ -262,7 +461,7 @@ static unsigned int jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
jent_loop_shuffle(ec, MAX_ACC_LOOP_BIT, MIN_ACC_LOOP_BIT);
if (NULL == ec || NULL == ec->mem)
- return 0;
+ return;
wrap = ec->memblocksize * ec->memblocks;
/*
@@ -288,43 +487,11 @@ static unsigned int jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
ec->memlocation = ec->memlocation + ec->memblocksize - 1;
ec->memlocation = ec->memlocation % wrap;
}
- return i;
}
/***************************************************************************
* Start of entropy processing logic
***************************************************************************/
-
-/**
- * Stuck test by checking the:
- * 1st derivation of the jitter measurement (time delta)
- * 2nd derivation of the jitter measurement (delta of time deltas)
- * 3rd derivation of the jitter measurement (delta of delta of time deltas)
- *
- * All values must always be non-zero.
- *
- * Input:
- * @ec Reference to entropy collector
- * @current_delta Jitter time delta
- *
- * @return
- * 0 jitter measurement not stuck (good bit)
- * 1 jitter measurement stuck (reject bit)
- */
-static int jent_stuck(struct rand_data *ec, uint64_t current_delta)
-{
- int64_t delta2 = ec->last_delta - current_delta;
- int64_t delta3 = delta2 - ec->last_delta2;
-
- ec->last_delta = current_delta;
- ec->last_delta2 = delta2;
-
- if (!current_delta || !delta2 || !delta3)
- return 1;
-
- return 0;
-}
-
/**
* This is the heart of the entropy generation: calculate time deltas and
* use the CPU jitter in the time deltas. The jitter is injected into the
@@ -334,8 +501,7 @@ static int jent_stuck(struct rand_data *ec, uint64_t current_delta)
* of this function! This can be done by calling this function
* and not using its result.
*
- * Input:
- * @entropy_collector Reference to entropy collector
+ * @ec [in] Reference to entropy collector
*
* @return: result of stuck test
*/
@@ -343,6 +509,7 @@ static int jent_measure_jitter(struct rand_data *ec)
{
uint64_t time = 0;
uint64_t current_delta = 0;
+ int stuck;
/* Invoke one noise source before time measurement to add variations */
jent_memaccess(ec, 0);
@@ -352,22 +519,23 @@ static int jent_measure_jitter(struct rand_data *ec)
* invocation to measure the timing variations
*/
jent_get_nstime(&time);
- current_delta = time - ec->prev_time;
+ current_delta = jent_delta(ec->prev_time, time);
ec->prev_time = time;
+ /* Check whether we have a stuck measurement. */
+ stuck = jent_stuck(ec, current_delta);
+
/* Now call the next noise sources which also injects the data */
- jent_lfsr_time(ec, current_delta, 0);
+ jent_lfsr_time(ec, current_delta, 0, stuck);
- /* Check whether we have a stuck measurement. */
- return jent_stuck(ec, current_delta);
+ return stuck;
}
/**
* Generator of one 64 bit random number
* Function fills rand_data->data
*
- * Input:
- * @ec Reference to entropy collector
+ * @ec [in] Reference to entropy collector
*/
static void jent_gen_entropy(struct rand_data *ec)
{
@@ -391,41 +559,6 @@ static void jent_gen_entropy(struct rand_data *ec)
}
/**
- * The continuous test required by FIPS 140-2 -- the function automatically
- * primes the test if needed.
- *
- * Return:
- * 0 if FIPS test passed
- * < 0 if FIPS test failed
- */
-static int jent_fips_test(struct rand_data *ec)
-{
- if (ec->fips_enabled == -1)
- return 0;
-
- if (ec->fips_enabled == 0) {
- if (!jent_fips_enabled()) {
- ec->fips_enabled = -1;
- return 0;
- } else
- ec->fips_enabled = 1;
- }
-
- /* prime the FIPS test */
- if (!ec->old_data) {
- ec->old_data = ec->data;
- jent_gen_entropy(ec);
- }
-
- if (ec->data == ec->old_data)
- return -1;
-
- ec->old_data = ec->data;
-
- return 0;
-}
-
-/**
* Entry function: Obtain entropy for the caller.
*
* This function invokes the entropy gathering logic as often to generate
@@ -435,18 +568,18 @@ static int jent_fips_test(struct rand_data *ec)
* This function truncates the last 64 bit entropy value output to the exact
* size specified by the caller.
*
- * Input:
- * @ec Reference to entropy collector
- * @data pointer to buffer for storing random data -- buffer must already
- * exist
- * @len size of the buffer, specifying also the requested number of random
- * in bytes
+ * @ec [in] Reference to entropy collector
+ * @data [out] pointer to buffer for storing random data -- buffer must
+ * already exist
+ * @len [in] size of the buffer, specifying also the requested number of random
+ * in bytes
*
* @return number of bytes returned when request is fulfilled or an error
*
* The following error codes can occur:
* -1 entropy_collector is NULL
- * -2 FIPS test failed
+ * -2 RCT failed
+ * -3 Chi-Squared test failed
*/
JENT_PRIVATE_STATIC
ssize_t jent_read_entropy(struct rand_data *ec, char *data, size_t len)
@@ -461,8 +594,13 @@ ssize_t jent_read_entropy(struct rand_data *ec, char *data, size_t len)
size_t tocopy;
jent_gen_entropy(ec);
- if (jent_fips_test(ec))
- return -2;
+
+ if (jent_health_failure(ec)) {
+ if (jent_rct_failure(ec))
+ return -2;
+ else
+ return -3;
+ }
if ((DATA_SIZE_BITS / 8) < len)
tocopy = (DATA_SIZE_BITS / 8);
@@ -529,11 +667,8 @@ struct rand_data *jent_entropy_collector_alloc(unsigned int osr,
osr = 1; /* minimum sampling rate is 1 */
entropy_collector->osr = osr;
- entropy_collector->stir = 1;
- if (flags & JENT_DISABLE_STIR)
- entropy_collector->stir = 0;
- if (flags & JENT_DISABLE_UNBIAS)
- entropy_collector->disable_unbias = 1;
+ if (jent_fips_enabled())
+ entropy_collector->fips_enabled = 1;
/* fill the data pad with non-zero values */
jent_gen_entropy(entropy_collector);
@@ -559,6 +694,7 @@ int jent_entropy_init(void)
int i;
uint64_t delta_sum = 0;
uint64_t old_delta = 0;
+ unsigned int nonstuck = 0;
int time_backwards = 0;
int count_mod = 0;
int count_stuck = 0;
@@ -566,6 +702,11 @@ int jent_entropy_init(void)
memset(&ec, 0, sizeof(ec));
+ /* Required for RCT */
+ ec.osr = 1;
+ if (jent_fips_enabled())
+ ec.fips_enabled = 1;
+
/* We could perform statistical tests here, but the problem is
* that we only have a few loop counts to do testing. These
* loop counts may show some slight skew and we produce
@@ -587,8 +728,10 @@ int jent_entropy_init(void)
/*
* TESTLOOPCOUNT needs some loops to identify edge systems. 100 is
* definitely too little.
+ *
+ * SP800-90B requires at least 1024 initial test cycles.
*/
-#define TESTLOOPCOUNT 300
+#define TESTLOOPCOUNT 1024
#define CLEARCACHE 100
for (i = 0; (TESTLOOPCOUNT + CLEARCACHE) > i; i++) {
uint64_t time = 0;
@@ -600,13 +743,14 @@ int jent_entropy_init(void)
/* Invoke core entropy collection logic */
jent_get_nstime(&time);
ec.prev_time = time;
- jent_lfsr_time(&ec, time, 0);
+ jent_memaccess(&ec, 0);
+ jent_lfsr_time(&ec, time, 0, 0);
jent_get_nstime(&time2);
/* test whether timer works */
if (!time || !time2)
return ENOTIME;
- delta = time2 - time;
+ delta = jent_delta(time, time2);
/*
* test whether timer is fine grained enough to provide
* delta even when called shortly after each other -- this
@@ -629,13 +773,35 @@ int jent_entropy_init(void)
if (stuck)
count_stuck++;
+ else {
+ nonstuck++;
+
+ /*
+ * Ensure that the APT succeeded.
+ *
+ * With the check below that count_stuck must be less
+ * than 10% of the overall generated raw entropy values
+ * it is guaranteed that the APT is invoked at
+ * floor((TESTLOOPCOUNT * 0.9) / 64) == 14 times.
+ */
+ if ((nonstuck % JENT_APT_WINDOW_SIZE) == 0) {
+ jent_apt_reset(&ec,
+ delta & JENT_APT_WORD_MASK);
+ if (jent_health_failure(&ec))
+ return EHEALTH;
+ }
+ }
+
+ /* Validate RCT */
+ if (jent_rct_failure(&ec))
+ return ERCT;
/* test whether we have an increasing timer */
if (!(time2 > time))
time_backwards++;
/* use 32 bit value to ensure compilation on 32 bit arches */
- lowdelta = time2 - time;
+ lowdelta = (uint64_t)time2 - (uint64_t)time;
if (!(lowdelta % 100))
count_mod++;
@@ -682,32 +848,8 @@ int jent_entropy_init(void)
* If we have more than 90% stuck results, then this Jitter RNG is
* likely to not work well.
*/
- if (JENT_STUCK_INIT_THRES(TESTLOOPCOUNT) < count_stuck)
+ if ((TESTLOOPCOUNT/10 * 9) < count_stuck)
return ESTUCK;
return 0;
}
-
-/***************************************************************************
- * Statistical test logic not compiled for regular operation
- ***************************************************************************/
-
-#ifdef CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT
-/*
- * Statistical test: return the time duration for the folding operation. If min
- * is set, perform the given number of LFSR ops. Otherwise, allow the
- * loop count shuffling to define the number of LFSR ops.
- */
-JENT_PRIVATE_STATIC
-uint64_t jent_lfsr_var_stat(struct rand_data *ec, unsigned int min)
-{
- uint64_t time = 0;
- uint64_t time2 = 0;
-
- jent_get_nstime(&time);
- jent_memaccess(ec, min);
- jent_lfsr_time(ec, time, min);
- jent_get_nstime(&time2);
- return ((time2 - time));
-}
-#endif /* CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT */
diff --git a/src/Crypto/jitterentropy.h b/src/Crypto/jitterentropy.h
index b692993..3dd6901 100644
--- a/src/Crypto/jitterentropy.h
+++ b/src/Crypto/jitterentropy.h
@@ -1,7 +1,7 @@
/*
* Non-physical true random number generator based on timing jitter.
*
- * Copyright Stephan Mueller <smueller@chronox.de>, 2014
+ * Copyright Stephan Mueller <smueller@chronox.de>, 2014 - 2019
*
* License
* =======
@@ -53,32 +53,45 @@ struct rand_data
* of the RNG are marked as SENSITIVE. A user must not
* access that information while the RNG executes its loops to
* calculate the next random value. */
- uint64_t data; /* SENSITIVE Actual random number */
- uint64_t old_data; /* SENSITIVE Previous random number */
- uint64_t prev_time; /* SENSITIVE Previous time stamp */
+ uint64_t data; /* SENSITIVE Actual random number */
+ uint64_t prev_time; /* SENSITIVE Previous time stamp */
#define DATA_SIZE_BITS ((sizeof(uint64_t)) * 8)
- uint64_t last_delta; /* SENSITIVE stuck test */
- int64_t last_delta2; /* SENSITIVE stuck test */
- unsigned int osr; /* Oversample rate */
- int fips_enabled; /* FIPS enabled? */
- unsigned int stir:1; /* Post-processing stirring */
- unsigned int disable_unbias:1; /* Deactivate Von-Neuman unbias */
+ uint64_t last_delta; /* SENSITIVE stuck test */
+ uint64_t last_delta2; /* SENSITIVE stuck test */
+ unsigned int osr; /* Oversampling rate */
#define JENT_MEMORY_BLOCKS 64
#define JENT_MEMORY_BLOCKSIZE 32
#define JENT_MEMORY_ACCESSLOOPS 128
#define JENT_MEMORY_SIZE (JENT_MEMORY_BLOCKS*JENT_MEMORY_BLOCKSIZE)
- unsigned char *mem; /* Memory access location with size of
- * memblocks * memblocksize */
- unsigned int memlocation; /* Pointer to byte in *mem */
- unsigned int memblocks; /* Number of memory blocks in *mem */
- unsigned int memblocksize; /* Size of one memory block in bytes */
- unsigned int memaccessloops; /* Number of memory accesses per random
- * bit generation */
+ unsigned char *mem; /* Memory access location with size of
+ * memblocks * memblocksize */
+ unsigned int memlocation; /* Pointer to byte in *mem */
+ unsigned int memblocks; /* Number of memory blocks in *mem */
+ unsigned int memblocksize; /* Size of one memory block in bytes */
+ unsigned int memaccessloops; /* Number of memory accesses per random
+ * bit generation */
+
+ /* Repetition Count Test */
+ int rct_count; /* Number of stuck values */
+
+ /* Adaptive Proportion Test for a significance level of 2^-30 */
+#define JENT_APT_CUTOFF 325 /* Taken from SP800-90B sec 4.4.2 */
+#define JENT_APT_WINDOW_SIZE 512 /* Data window size */
+ /* LSB of time stamp to process */
+#define JENT_APT_LSB 16
+#define JENT_APT_WORD_MASK (JENT_APT_LSB - 1)
+ unsigned int apt_observations; /* Number of collected observations */
+ unsigned int apt_count; /* APT counter */
+ unsigned int apt_base; /* APT base reference */
+ unsigned int apt_base_set:1; /* APT base reference set? */
+
+ unsigned int fips_enabled:1;
+ unsigned int health_failure:1; /* Permanent health failure */
};
/* Flags that can be used to initialize the RNG */
-#define JENT_DISABLE_STIR (1<<0) /* Disable stirring the entropy pool */
-#define JENT_DISABLE_UNBIAS (1<<1) /* Disable the Von-Neuman Unbiaser */
+#define JENT_DISABLE_STIR (1<<0) /* UNUSED */
+#define JENT_DISABLE_UNBIAS (1<<1) /* UNUSED */
#define JENT_DISABLE_MEMORY_ACCESS (1<<2) /* Disable memory access for more
entropy, saves MEMORY_SIZE RAM for
entropy collector */
@@ -137,6 +150,8 @@ unsigned int jent_version(void);
#define EMINVARVAR 6 /* Timer variations of variations is too small */
#define EPROGERR 7 /* Programming error */
#define ESTUCK 8 /* Too many stuck results during init. */
+#define EHEALTH 9 /* Health test failed during initialization */
+#define ERCT 10 /* RCT failed during initialization */
/* -- BEGIN statistical test functions only complied with CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT -- */
diff --git a/src/Crypto/rdrand_ml.asm b/src/Crypto/rdrand_ml.asm
index 1579a15..4b85f7f 100644
--- a/src/Crypto/rdrand_ml.asm
+++ b/src/Crypto/rdrand_ml.asm
@@ -1,9 +1,9 @@
;; rdrand.asm - written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
;; Copyright assigned to the Crypto++ project.
-;; This ASM file provides RDRAND and RDSEED to downlevel Microsoft tool chains.
-;; Everything "just works" under Visual Studio. Other platforms will have to
-;; run MASM/MASM-64 and then link to the object files.
+;; This ASM file provides RDRAND to downlevel Microsoft tool chains.
+;; Everything "just works" under Visual Studio. Other platforms will
+;; have to run MASM/MASM-64 and then link to the object files.
;; set ASFLAGS=/nologo /D_M_X86 /W3 /Cx /Zi /safeseh
;; set ASFLAGS64=/nologo /D_M_X64 /W3 /Cx /Zi
@@ -13,11 +13,10 @@
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-TITLE MASM_RDRAND_GenerateBlock and MASM_RDSEED_GenerateBlock
-SUBTITLE Microsoft specific ASM code to utilize RDRAND and RDSEED for down level Microsoft toolchains
+TITLE MASM_RDRAND_GenerateBlock source file
+SUBTITLE Microsoft specific ASM code to utilize RDRAND for down level Microsoft toolchains
PUBLIC MASM_RDRAND_GenerateBlock
-PUBLIC MASM_RDSEED_GenerateBlock
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -38,7 +37,6 @@ IFDEF _M_X86 ;; Set via the command line
;; Fastcall calling conventions exports
ALIAS <@MASM_RDRAND_GenerateBlock@8> = <MASM_RDRAND_GenerateBlock>
-ALIAS <@MASM_RDSEED_GenerateBlock@8> = <MASM_RDSEED_GenerateBlock>
ENDIF
@@ -63,13 +61,13 @@ MASM_RDRAND_GenerateBlock PROC ;; arg1:DWORD, arg2:DWORD
bsize EQU edx
;; Top of While loop
-GenerateBlock_Top:
+RDRAND_GenerateBlock_Top:
;; Check remaining size
cmp bsize, 0
- je GenerateBlock_Return
+ je RDRAND_GenerateBlock_Return
-Call_RDRAND_EAX:
+RDRAND_Call_EAX:
;; RDRAND is not available prior to VS2012. Just emit
;; the byte codes using DB. This is `rdrand eax`.
DB 0Fh, 0C7h, 0F0h
@@ -78,46 +76,48 @@ Call_RDRAND_EAX:
;; If CF=0, a random number was not available.
;; Retry immediately
- jnc Call_RDRAND_EAX
+ jnc RDRAND_Call_EAX
RDRAND_succeeded:
cmp bsize, MWSIZE
- jb Partial_Machine_Word
+ jb RDRAND_Partial_Machine_Word
-Full_Machine_Word:
+RDRAND_Full_Machine_Word:
mov DWORD PTR [buffer], eax
add buffer, MWSIZE ;; No need for Intel Core 2 slow workarounds, like
sub bsize, MWSIZE ;; `lea buffer,[buffer+MWSIZE]` for faster adds
;; Continue
- jmp GenerateBlock_Top
+ jmp RDRAND_GenerateBlock_Top
;; 1,2,3 bytes remain
-Partial_Machine_Word:
+RDRAND_Partial_Machine_Word:
;; Test bit 1 to see if size is at least 2
test bsize, 2
- jz Bit_1_Not_Set
+ jz RDRAND_Bit_1_Not_Set
mov WORD PTR [buffer], ax
shr eax, 16
add buffer, 2
-Bit_1_Not_Set:
+RDRAND_Bit_1_Not_Set:
;; Test bit 0 to see if size is at least 1
test bsize, 1
- jz Bit_0_Not_Set
+ jz RDRAND_Bit_0_Not_Set
mov BYTE PTR [buffer], al
+ ;; shr ax, 8
+ ;; add buffer, 1
-Bit_0_Not_Set:
+RDRAND_Bit_0_Not_Set:
;; We've hit all the bits
-GenerateBlock_Return:
+RDRAND_GenerateBlock_Return:
;; Clear artifacts
xor eax, eax
@@ -127,9 +127,6 @@ MASM_RDRAND_GenerateBlock ENDP
ENDIF ;; _M_X86
-OPTION PROLOGUE:PrologueDef
-OPTION EPILOGUE:EpilogueDef
-
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -151,13 +148,13 @@ MASM_RDRAND_GenerateBlock PROC ;; arg1:QWORD, arg2:QWORD
bsize EQU rdx
;; Top of While loop
-GenerateBlock_Top:
+RDRAND_GenerateBlock_Top:
;; Check remaining size
cmp bsize, 0
- je GenerateBlock_Return
+ je RDRAND_GenerateBlock_Return
-Call_RDRAND_RAX:
+RDRAND_Call_RAX:
;; RDRAND is not available prior to VS2012. Just emit
;; the byte codes using DB. This is `rdrand rax`.
DB 048h, 0Fh, 0C7h, 0F0h
@@ -166,254 +163,67 @@ Call_RDRAND_RAX:
;; If CF=0, a random number was not available.
;; Retry immediately
- jnc Call_RDRAND_RAX
+ jnc RDRAND_Call_RAX
RDRAND_succeeded:
cmp bsize, MWSIZE
- jb Partial_Machine_Word
-
-Full_Machine_Word:
-
- mov QWORD PTR [buffer], rax
- add buffer, MWSIZE
- sub bsize, MWSIZE
-
- ;; Continue
- jmp GenerateBlock_Top
-
- ;; 1,2,3,4,5,6,7 bytes remain
-Partial_Machine_Word:
-
- ;; Test bit 2 to see if size is at least 4
- test bsize, 4
- jz Bit_2_Not_Set
-
- mov DWORD PTR [buffer], eax
- shr rax, 32
- add buffer, 4
-
-Bit_2_Not_Set:
-
- ;; Test bit 1 to see if size is at least 2
- test bsize, 2
- jz Bit_1_Not_Set
-
- mov WORD PTR [buffer], ax
- shr eax, 16
- add buffer, 2
-
-Bit_1_Not_Set:
-
- ;; Test bit 0 to see if size is at least 1
- test bsize, 1
- jz Bit_0_Not_Set
-
- mov BYTE PTR [buffer], al
-
-Bit_0_Not_Set:
-
- ;; We've hit all the bits
-
-GenerateBlock_Return:
-
- ;; Clear artifacts
- xor rax, rax
- ret
-
-MASM_RDRAND_GenerateBlock ENDP
-
-ENDIF ;; _M_X64
-
-OPTION PROLOGUE:PrologueDef
-OPTION EPILOGUE:EpilogueDef
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-IFDEF _M_X86 ;; Set via the command line
-
-.CODE
-ALIGN 8
-OPTION PROLOGUE:NONE
-OPTION EPILOGUE:NONE
-
-;; No need for Load_Arguments due to fastcall
-;; ECX (in): arg1, byte* buffer
-;; EDX (in): arg2, size_t bsize
-
-MASM_RDSEED_GenerateBlock PROC ;; arg1:DWORD, arg2:DWORD
-
- MWSIZE EQU 04h ;; machine word size
- buffer EQU ecx
- bsize EQU edx
-
- ;; Top of While loop
-GenerateBlock_Top:
-
- ;; Check remaining size
- cmp bsize, 0
- je GenerateBlock_Return
-
-Call_RDSEED_EAX:
- ;; RDSEED is not available prior to VS2012. Just emit
- ;; the byte codes using DB. This is `rdseed eax`.
- DB 0Fh, 0C7h, 0F8h
-
- ;; If CF=1, the number returned by RDSEED is valid.
- ;; If CF=0, a random number was not available.
-
- ;; Retry immediately
- jnc Call_RDSEED_EAX
-
-RDSEED_succeeded:
-
- cmp bsize, MWSIZE
- jb Partial_Machine_Word
-
-Full_Machine_Word:
-
- mov DWORD PTR [buffer], eax
- add buffer, MWSIZE ;; No need for Intel Core 2 slow workarounds, like
- sub bsize, MWSIZE ;; `lea buffer,[buffer+MWSIZE]` for faster adds
-
- ;; Continue
- jmp GenerateBlock_Top
-
- ;; 1,2,3 bytes remain
-Partial_Machine_Word:
-
- ;; Test bit 1 to see if size is at least 2
- test bsize, 2
- jz Bit_1_Not_Set
-
- mov WORD PTR [buffer], ax
- shr eax, 16
- add buffer, 2
-
-Bit_1_Not_Set:
-
- ;; Test bit 0 to see if size is at least 1
- test bsize, 1
- jz Bit_0_Not_Set
-
- mov BYTE PTR [buffer], al
-
-Bit_0_Not_Set:
-
- ;; We've hit all the bits
-
-GenerateBlock_Return:
-
- ;; Clear artifacts
- xor eax, eax
- ret
-
-MASM_RDSEED_GenerateBlock ENDP
-
-ENDIF ;; _M_X86
+ jb RDRAND_Partial_Machine_Word
-OPTION PROLOGUE:PrologueDef
-OPTION EPILOGUE:EpilogueDef
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-IFDEF _M_X64 ;; Set via the command line
-
-.CODE
-ALIGN 16
-OPTION PROLOGUE:NONE
-OPTION EPILOGUE:NONE
-
-;; No need for Load_Arguments due to fastcall
-;; RCX (in): arg1, byte* buffer
-;; RDX (in): arg2, size_t bsize
-
-MASM_RDSEED_GenerateBlock PROC ;; arg1:QWORD, arg2:QWORD
-
- MWSIZE EQU 08h ;; machine word size
- buffer EQU rcx
- bsize EQU rdx
-
- ;; Top of While loop
-GenerateBlock_Top:
-
- ;; Check remaining size
- cmp bsize, 0
- je GenerateBlock_Return
-
-Call_RDSEED_RAX:
- ;; RDSEED is not available prior to VS2012. Just emit
- ;; the byte codes using DB. This is `rdseed rax`.
- DB 048h, 0Fh, 0C7h, 0F8h
-
- ;; If CF=1, the number returned by RDSEED is valid.
- ;; If CF=0, a random number was not available.
-
- ;; Retry immediately
- jnc Call_RDSEED_RAX
-
-RDSEED_succeeded:
-
- cmp bsize, MWSIZE
- jb Partial_Machine_Word
-
-Full_Machine_Word:
+RDRAND_Full_Machine_Word:
mov QWORD PTR [buffer], rax
add buffer, MWSIZE
sub bsize, MWSIZE
;; Continue
- jmp GenerateBlock_Top
+ jmp RDRAND_GenerateBlock_Top
;; 1,2,3,4,5,6,7 bytes remain
-Partial_Machine_Word:
+RDRAND_Partial_Machine_Word:
;; Test bit 2 to see if size is at least 4
test bsize, 4
- jz Bit_2_Not_Set
+ jz RDRAND_Bit_2_Not_Set
mov DWORD PTR [buffer], eax
shr rax, 32
add buffer, 4
-Bit_2_Not_Set:
+RDRAND_Bit_2_Not_Set:
;; Test bit 1 to see if size is at least 2
test bsize, 2
- jz Bit_1_Not_Set
+ jz RDRAND_Bit_1_Not_Set
mov WORD PTR [buffer], ax
shr eax, 16
add buffer, 2
-Bit_1_Not_Set:
+RDRAND_Bit_1_Not_Set:
;; Test bit 0 to see if size is at least 1
test bsize, 1
- jz Bit_0_Not_Set
+ jz RDRAND_Bit_0_Not_Set
mov BYTE PTR [buffer], al
+ ;; shr ax, 8
+ ;; add buffer, 1
-Bit_0_Not_Set:
+RDRAND_Bit_0_Not_Set:
;; We've hit all the bits
-GenerateBlock_Return:
+RDRAND_GenerateBlock_Return:
;; Clear artifacts
xor rax, rax
ret
-MASM_RDSEED_GenerateBlock ENDP
+MASM_RDRAND_GenerateBlock ENDP
ENDIF ;; _M_X64
-OPTION PROLOGUE:PrologueDef
-OPTION EPILOGUE:EpilogueDef
-
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/src/Crypto/rdseed_ml.asm b/src/Crypto/rdseed_ml.asm
new file mode 100644
index 0000000..6070423
--- /dev/null
+++ b/src/Crypto/rdseed_ml.asm
@@ -0,0 +1,230 @@
+;; rdrand.asm - written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
+;; Copyright assigned to the Crypto++ project.
+
+;; This ASM file provides RDSEED to downlevel Microsoft tool chains.
+;; Everything "just works" under Visual Studio. Other platforms will
+;; have to run MASM/MASM-64 and then link to the object files.
+
+;; set ASFLAGS=/nologo /D_M_X86 /W3 /Cx /Zi /safeseh
+;; set ASFLAGS64=/nologo /D_M_X64 /W3 /Cx /Zi
+;; "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\bin\ml.exe" %ASFLAGS% /Fo rdrand-x86.obj /c rdrand.asm
+;; "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\bin\amd64\ml64.exe" %ASFLAGS64% /Fo rdrand-x64.obj /c rdrand.asm
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+TITLE MASM_RDSEED_GenerateBlock source file
+SUBTITLE Microsoft specific ASM code to utilize RDSEED for down level Microsoft toolchains
+
+PUBLIC MASM_RDSEED_GenerateBlock
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;; C/C++ Function prototypes (both are fastcall)
+;; X86:
+;; extern "C" void __fastcall MASM_RDSEED_GenerateBlock(byte* ptr, size_t size);
+;; X64:
+;; extern "C" void __fastcall MASM_RDSEED_GenerateBlock(byte* ptr, size_t size);
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+IFDEF _M_X86 ;; Set via the command line
+
+.486
+.MODEL FLAT
+
+;; Fastcall calling conventions exports
+ALIAS <@MASM_RDSEED_GenerateBlock@8> = <MASM_RDSEED_GenerateBlock>
+
+ENDIF
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+IFDEF _M_X86 ;; Set via the command line
+
+.CODE
+ALIGN 8
+OPTION PROLOGUE:NONE
+OPTION EPILOGUE:NONE
+
+;; No need for Load_Arguments due to fastcall
+;; ECX (in): arg1, byte* buffer
+;; EDX (in): arg2, size_t bsize
+
+MASM_RDSEED_GenerateBlock PROC ;; arg1:DWORD, arg2:DWORD
+
+ MWSIZE EQU 04h ;; machine word size
+ buffer EQU ecx
+ bsize EQU edx
+
+ ;; Top of While loop
+RDSEED_GenerateBlock_Top:
+
+ ;; Check remaining size
+ cmp bsize, 0
+ je RDSEED_GenerateBlock_Return
+
+RDSEED_Call_EAX:
+ ;; RDSEED is not available prior to VS2012. Just emit
+ ;; the byte codes using DB. This is `rdseed eax`.
+ DB 0Fh, 0C7h, 0F8h
+
+ ;; If CF=1, the number returned by RDSEED is valid.
+ ;; If CF=0, a random number was not available.
+
+ ;; Retry immediately
+ jnc RDSEED_Call_EAX
+
+RDSEED_succeeded:
+
+ cmp bsize, MWSIZE
+ jb RDSEED_Partial_Machine_Word
+
+RDSEED_Full_Machine_Word:
+
+ mov DWORD PTR [buffer], eax
+ add buffer, MWSIZE ;; No need for Intel Core 2 slow workarounds, like
+ sub bsize, MWSIZE ;; `lea buffer,[buffer+MWSIZE]` for faster adds
+
+ ;; Continue
+ jmp RDSEED_GenerateBlock_Top
+
+ ;; 1,2,3 bytes remain
+RDSEED_Partial_Machine_Word:
+
+ ;; Test bit 1 to see if size is at least 2
+ test bsize, 2
+ jz RDSEED_Bit_1_Not_Set
+
+ mov WORD PTR [buffer], ax
+ shr eax, 16
+ add buffer, 2
+
+RDSEED_Bit_1_Not_Set:
+
+ ;; Test bit 0 to see if size is at least 1
+ test bsize, 1
+ jz RDSEED_Bit_0_Not_Set
+
+ mov BYTE PTR [buffer], al
+ ;; shr ax, 8
+ ;; add buffer, 1
+
+RDSEED_Bit_0_Not_Set:
+
+ ;; We've hit all the bits
+
+RDSEED_GenerateBlock_Return:
+
+ ;; Clear artifacts
+ xor eax, eax
+ ret
+
+MASM_RDSEED_GenerateBlock ENDP
+
+ENDIF ;; _M_X86
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+IFDEF _M_X64 ;; Set via the command line
+
+.CODE
+ALIGN 16
+OPTION PROLOGUE:NONE
+OPTION EPILOGUE:NONE
+
+;; No need for Load_Arguments due to fastcall
+;; RCX (in): arg1, byte* buffer
+;; RDX (in): arg2, size_t bsize
+
+MASM_RDSEED_GenerateBlock PROC ;; arg1:QWORD, arg2:QWORD
+
+ MWSIZE EQU 08h ;; machine word size
+ buffer EQU rcx
+ bsize EQU rdx
+
+ ;; Top of While loop
+RDSEED_GenerateBlock_Top:
+
+ ;; Check remaining size
+ cmp bsize, 0
+ je RDSEED_GenerateBlock_Return
+
+RDSEED_Call_RAX:
+ ;; RDSEED is not available prior to VS2012. Just emit
+ ;; the byte codes using DB. This is `rdseed rax`.
+ DB 048h, 0Fh, 0C7h, 0F8h
+
+ ;; If CF=1, the number returned by RDSEED is valid.
+ ;; If CF=0, a random number was not available.
+
+ ;; Retry immediately
+ jnc RDSEED_Call_RAX
+
+RDSEED_succeeded:
+
+ cmp bsize, MWSIZE
+ jb RDSEED_Partial_Machine_Word
+
+RDSEED_Full_Machine_Word:
+
+ mov QWORD PTR [buffer], rax
+ add buffer, MWSIZE
+ sub bsize, MWSIZE
+
+ ;; Continue
+ jmp RDSEED_GenerateBlock_Top
+
+ ;; 1,2,3,4,5,6,7 bytes remain
+RDSEED_Partial_Machine_Word:
+
+ ;; Test bit 2 to see if size is at least 4
+ test bsize, 4
+ jz RDSEED_Bit_2_Not_Set
+
+ mov DWORD PTR [buffer], eax
+ shr rax, 32
+ add buffer, 4
+
+RDSEED_Bit_2_Not_Set:
+
+ ;; Test bit 1 to see if size is at least 2
+ test bsize, 2
+ jz RDSEED_Bit_1_Not_Set
+
+ mov WORD PTR [buffer], ax
+ shr eax, 16
+ add buffer, 2
+
+RDSEED_Bit_1_Not_Set:
+
+ ;; Test bit 0 to see if size is at least 1
+ test bsize, 1
+ jz RDSEED_Bit_0_Not_Set
+
+ mov BYTE PTR [buffer], al
+ ;; shr ax, 8
+ ;; add buffer, 1
+
+RDSEED_Bit_0_Not_Set:
+
+ ;; We've hit all the bits
+
+RDSEED_GenerateBlock_Return:
+
+ ;; Clear artifacts
+ xor rax, rax
+ ret
+
+MASM_RDSEED_GenerateBlock ENDP
+
+ENDIF ;; _M_X64
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+END
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index 9700226..3813992 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -660,6 +660,12 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
{
CrashDumpEnabled = TRUE;
HibernationEnabled = TRUE;
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled())
+ {
+ HibernationEnabled = FALSE;
+ }
+#endif
}
else if (!LegacyHibernationDriverFilterActive)
StartLegacyHibernationDriverFilter();
diff --git a/src/Driver/Driver.rc b/src/Driver/Driver.rc
index a27a37b..1dfd7e5 100644
--- a/src/Driver/Driver.rc
+++ b/src/Driver/Driver.rc
@@ -27,8 +27,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,5,0
- PRODUCTVERSION 1,24,5,0
+ FILEVERSION 1,24,15,0
+ PRODUCTVERSION 1,24,15,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 7293de2..2ae17f5 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -142,6 +142,10 @@ static BOOL RamEncryptionActivated = FALSE;
static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL;
static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL;
static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL;
+static KeAreAllApcsDisabledFn KeAreAllApcsDisabledPtr = NULL;
+static KeSetSystemGroupAffinityThreadFn KeSetSystemGroupAffinityThreadPtr = NULL;
+static KeQueryActiveGroupCountFn KeQueryActiveGroupCountPtr = NULL;
+static KeQueryActiveProcessorCountExFn KeQueryActiveProcessorCountExPtr = NULL;
POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool;
ULONG ExDefaultMdlProtection = 0;
@@ -272,14 +276,30 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
ExDefaultMdlProtection = MdlMappingNoExecute;
}
+ // KeAreAllApcsDisabled is available starting from Windows Server 2003
+ if ((OsMajorVersion > 5) || (OsMajorVersion == 5 && OsMinorVersion >= 2))
+ {
+ UNICODE_STRING KeAreAllApcsDisabledFuncName;
+ RtlInitUnicodeString(&KeAreAllApcsDisabledFuncName, L"KeAreAllApcsDisabled");
+
+ KeAreAllApcsDisabledPtr = (KeAreAllApcsDisabledFn) MmGetSystemRoutineAddress(&KeAreAllApcsDisabledFuncName);
+ }
+
// KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState are available starting from Windows 7
+ // KeQueryActiveGroupCount/KeQueryActiveProcessorCountEx/KeSetSystemGroupAffinityThread are available starting from Windows 7
if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))
{
- UNICODE_STRING saveFuncName, restoreFuncName;
+ UNICODE_STRING saveFuncName, restoreFuncName, groupCountFuncName, procCountFuncName, setAffinityFuncName;
RtlInitUnicodeString(&saveFuncName, L"KeSaveExtendedProcessorState");
RtlInitUnicodeString(&restoreFuncName, L"KeRestoreExtendedProcessorState");
+ RtlInitUnicodeString(&groupCountFuncName, L"KeQueryActiveGroupCount");
+ RtlInitUnicodeString(&procCountFuncName, L"KeQueryActiveProcessorCountEx");
+ RtlInitUnicodeString(&setAffinityFuncName, L"KeSetSystemGroupAffinityThread");
KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName);
KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName);
+ KeSetSystemGroupAffinityThreadPtr = (KeSetSystemGroupAffinityThreadFn) MmGetSystemRoutineAddress(&setAffinityFuncName);
+ KeQueryActiveGroupCountPtr = (KeQueryActiveGroupCountFn) MmGetSystemRoutineAddress(&groupCountFuncName);
+ KeQueryActiveProcessorCountExPtr = (KeQueryActiveProcessorCountExFn) MmGetSystemRoutineAddress(&procCountFuncName);
}
// ExGetFirmwareEnvironmentVariable is available starting from Windows 8
@@ -1374,7 +1394,8 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
else
{
IO_STATUS_BLOCK ioStatus;
- PVOID buffer = TCalloc (max (pVerifyInformation->Length, PAGE_SIZE));
+ DWORD dwBuffersize = min (pVerifyInformation->Length, 16 * PAGE_SIZE);
+ PVOID buffer = TCalloc (dwBuffersize);
if (!buffer)
{
@@ -1382,14 +1403,29 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
}
else
{
- LARGE_INTEGER offset = pVerifyInformation->StartingOffset;
+ LARGE_INTEGER offset;
+ DWORD dwRemainingBytes = pVerifyInformation->Length, dwReadCount;
offset.QuadPart = ullNewOffset;
- Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, pVerifyInformation->Length, &offset, NULL);
- TCfree (buffer);
+ while (dwRemainingBytes)
+ {
+ dwReadCount = min (dwBuffersize, dwRemainingBytes);
+ Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, dwReadCount, &offset, NULL);
- if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != pVerifyInformation->Length)
- Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != dwReadCount)
+ {
+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ break;
+ }
+ else if (!NT_SUCCESS (Irp->IoStatus.Status))
+ break;
+
+ dwRemainingBytes -= dwReadCount;
+ offset.QuadPart += (ULONGLONG) dwReadCount;
+ }
+
+ burn (buffer, dwBuffersize);
+ TCfree (buffer);
}
}
@@ -3457,6 +3493,18 @@ void OnShutdownPending ()
while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_WIPE_PASSWORD_CACHE, NULL, 0, NULL, 0) == STATUS_INSUFFICIENT_RESOURCES);
}
+typedef struct
+{
+ PWSTR deviceName; ULONG IoControlCode; void *InputBuffer; ULONG InputBufferSize; void *OutputBuffer; ULONG OutputBufferSize;
+ NTSTATUS Status;
+ KEVENT WorkItemCompletedEvent;
+} TCDeviceIoControlWorkItemArgs;
+
+static VOID TCDeviceIoControlWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, TCDeviceIoControlWorkItemArgs *arg)
+{
+ arg->Status = TCDeviceIoControl (arg->deviceName, arg->IoControlCode, arg->InputBuffer, arg->InputBufferSize, arg->OutputBuffer, arg->OutputBufferSize);
+ KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
+}
NTSTATUS TCDeviceIoControl (PWSTR deviceName, ULONG IoControlCode, void *InputBuffer, ULONG InputBufferSize, void *OutputBuffer, ULONG OutputBufferSize)
{
@@ -3468,6 +3516,30 @@ NTSTATUS TCDeviceIoControl (PWSTR deviceName, ULONG IoControlCode, void *InputBu
KEVENT event;
UNICODE_STRING name;
+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())
+ {
+ TCDeviceIoControlWorkItemArgs args;
+
+ PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);
+ if (!workItem)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ args.deviceName = deviceName;
+ args.IoControlCode = IoControlCode;
+ args.InputBuffer = InputBuffer;
+ args.InputBufferSize = InputBufferSize;
+ args.OutputBuffer = OutputBuffer;
+ args.OutputBufferSize = OutputBufferSize;
+
+ KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);
+ IoQueueWorkItem (workItem, TCDeviceIoControlWorkItemRoutine, DelayedWorkQueue, &args);
+
+ KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);
+ IoFreeWorkItem (workItem);
+
+ return args.Status;
+ }
+
RtlInitUnicodeString(&name, deviceName);
ntStatus = IoGetDeviceObjectPointer (&name, FILE_READ_ATTRIBUTES, &fileObject, &deviceObject);
@@ -3528,7 +3600,7 @@ NTSTATUS SendDeviceIoControlRequest (PDEVICE_OBJECT deviceObject, ULONG ioContro
PIRP irp;
KEVENT event;
- if (KeGetCurrentIrql() > APC_LEVEL)
+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())
{
SendDeviceIoControlRequestWorkItemArgs args;
@@ -3844,6 +3916,136 @@ NTSTATUS MountManagerUnmount (int nDosDriveNo)
return ntStatus;
}
+typedef struct
+{
+ MOUNT_STRUCT* mount; PEXTENSION NewExtension;
+ NTSTATUS Status;
+ KEVENT WorkItemCompletedEvent;
+} UpdateFsVolumeInformationWorkItemArgs;
+
+static NTSTATUS UpdateFsVolumeInformation (MOUNT_STRUCT* mount, PEXTENSION NewExtension);
+
+static VOID UpdateFsVolumeInformationWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, UpdateFsVolumeInformationWorkItemArgs *arg)
+{
+ arg->Status = UpdateFsVolumeInformation (arg->mount, arg->NewExtension);
+ KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
+}
+
+static NTSTATUS UpdateFsVolumeInformation (MOUNT_STRUCT* mount, PEXTENSION NewExtension)
+{
+ HANDLE volumeHandle;
+ PFILE_OBJECT volumeFileObject;
+ ULONG labelLen = (ULONG) wcslen (mount->wszLabel);
+ BOOL bIsNTFS = FALSE;
+ ULONG labelMaxLen, labelEffectiveLen;
+
+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())
+ {
+ UpdateFsVolumeInformationWorkItemArgs args;
+
+ PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);
+ if (!workItem)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ args.mount = mount;
+ args.NewExtension = NewExtension;
+
+ KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);
+ IoQueueWorkItem (workItem, UpdateFsVolumeInformationWorkItemRoutine, DelayedWorkQueue, &args);
+
+ KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);
+ IoFreeWorkItem (workItem);
+
+ return args.Status;
+ }
+
+ __try
+ {
+ if (NT_SUCCESS (TCOpenFsVolume (NewExtension, &volumeHandle, &volumeFileObject)))
+ {
+ __try
+ {
+ ULONG fsStatus;
+
+ if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_IS_VOLUME_DIRTY, NULL, 0, &fsStatus, sizeof (fsStatus)))
+ && (fsStatus & VOLUME_IS_DIRTY))
+ {
+ mount->FilesystemDirty = TRUE;
+ }
+ }
+ __except (EXCEPTION_EXECUTE_HANDLER)
+ {
+ mount->FilesystemDirty = TRUE;
+ }
+
+ // detect if the filesystem is NTFS or FAT
+ __try
+ {
+ NTFS_VOLUME_DATA_BUFFER ntfsData;
+ if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_GET_NTFS_VOLUME_DATA, NULL, 0, &ntfsData, sizeof (ntfsData))))
+ {
+ bIsNTFS = TRUE;
+ }
+ }
+ __except (EXCEPTION_EXECUTE_HANDLER)
+ {
+ bIsNTFS = FALSE;
+ }
+
+ NewExtension->bIsNTFS = bIsNTFS;
+ mount->bIsNTFS = bIsNTFS;
+
+ if (labelLen > 0)
+ {
+ if (bIsNTFS)
+ labelMaxLen = 32; // NTFS maximum label length
+ else
+ labelMaxLen = 11; // FAT maximum label length
+
+ // calculate label effective length
+ labelEffectiveLen = labelLen > labelMaxLen? labelMaxLen : labelLen;
+
+ // correct the label in the device
+ memset (&NewExtension->wszLabel[labelEffectiveLen], 0, 33 - labelEffectiveLen);
+ memcpy (mount->wszLabel, NewExtension->wszLabel, 33);
+
+ // set the volume label
+ __try
+ {
+ IO_STATUS_BLOCK ioblock;
+ ULONG labelInfoSize = sizeof(FILE_FS_LABEL_INFORMATION) + (labelEffectiveLen * sizeof(WCHAR));
+ FILE_FS_LABEL_INFORMATION* labelInfo = (FILE_FS_LABEL_INFORMATION*) TCalloc (labelInfoSize);
+ if (labelInfo)
+ {
+ labelInfo->VolumeLabelLength = labelEffectiveLen * sizeof(WCHAR);
+ memcpy (labelInfo->VolumeLabel, mount->wszLabel, labelInfo->VolumeLabelLength);
+
+ if (STATUS_SUCCESS == ZwSetVolumeInformationFile (volumeHandle, &ioblock, labelInfo, labelInfoSize, FileFsLabelInformation))
+ {
+ mount->bDriverSetLabel = TRUE;
+ NewExtension->bDriverSetLabel = TRUE;
+ }
+
+ TCfree(labelInfo);
+ }
+ }
+ __except (EXCEPTION_EXECUTE_HANDLER)
+ {
+
+ }
+ }
+
+ TCCloseFsVolume (volumeHandle, volumeFileObject);
+ }
+ }
+ __except (EXCEPTION_EXECUTE_HANDLER)
+ {
+
+ }
+
+ return STATUS_SUCCESS;
+}
+
NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
{
@@ -3931,12 +4133,6 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
{
if (mount->nReturnCode == 0)
{
- HANDLE volumeHandle;
- PFILE_OBJECT volumeFileObject;
- ULONG labelLen = (ULONG) wcslen (mount->wszLabel);
- BOOL bIsNTFS = FALSE;
- ULONG labelMaxLen, labelEffectiveLen;
-
Dump ("Mount SUCCESS TC code = 0x%08x READ-ONLY = %d\n", mount->nReturnCode, NewExtension->bReadOnly);
if (NewExtension->bReadOnly)
@@ -3968,81 +4164,13 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
mount->FilesystemDirty = FALSE;
- if (mount->bMountManager && NT_SUCCESS (TCOpenFsVolume (NewExtension, &volumeHandle, &volumeFileObject)))
+ if (mount->bMountManager)
{
- __try
- {
- ULONG fsStatus;
-
- if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_IS_VOLUME_DIRTY, NULL, 0, &fsStatus, sizeof (fsStatus)))
- && (fsStatus & VOLUME_IS_DIRTY))
- {
- mount->FilesystemDirty = TRUE;
- }
- }
- __except (EXCEPTION_EXECUTE_HANDLER)
- {
- mount->FilesystemDirty = TRUE;
- }
-
- // detect if the filesystem is NTFS or FAT
- __try
- {
- NTFS_VOLUME_DATA_BUFFER ntfsData;
- if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_GET_NTFS_VOLUME_DATA, NULL, 0, &ntfsData, sizeof (ntfsData))))
- {
- bIsNTFS = TRUE;
- }
- }
- __except (EXCEPTION_EXECUTE_HANDLER)
- {
- bIsNTFS = FALSE;
- }
-
- NewExtension->bIsNTFS = bIsNTFS;
- mount->bIsNTFS = bIsNTFS;
-
- if (labelLen > 0)
+ NTSTATUS updateStatus = UpdateFsVolumeInformation (mount, NewExtension);
+ if (!NT_SUCCESS (updateStatus))
{
- if (bIsNTFS)
- labelMaxLen = 32; // NTFS maximum label length
- else
- labelMaxLen = 11; // FAT maximum label length
-
- // calculate label effective length
- labelEffectiveLen = labelLen > labelMaxLen? labelMaxLen : labelLen;
-
- // correct the label in the device
- memset (&NewExtension->wszLabel[labelEffectiveLen], 0, 33 - labelEffectiveLen);
- memcpy (mount->wszLabel, NewExtension->wszLabel, 33);
-
- // set the volume label
- __try
- {
- IO_STATUS_BLOCK ioblock;
- ULONG labelInfoSize = sizeof(FILE_FS_LABEL_INFORMATION) + (labelEffectiveLen * sizeof(WCHAR));
- FILE_FS_LABEL_INFORMATION* labelInfo = (FILE_FS_LABEL_INFORMATION*) TCalloc (labelInfoSize);
- if (labelInfo)
- {
- labelInfo->VolumeLabelLength = labelEffectiveLen * sizeof(WCHAR);
- memcpy (labelInfo->VolumeLabel, mount->wszLabel, labelInfo->VolumeLabelLength);
-
- if (STATUS_SUCCESS == ZwSetVolumeInformationFile (volumeHandle, &ioblock, labelInfo, labelInfoSize, FileFsLabelInformation))
- {
- mount->bDriverSetLabel = TRUE;
- NewExtension->bDriverSetLabel = TRUE;
- }
-
- TCfree(labelInfo);
- }
- }
- __except (EXCEPTION_EXECUTE_HANDLER)
- {
-
- }
+ Dump ("MountDevice: UpdateFsVolumeInformation failed with status 0x%08x\n", updateStatus);
}
-
- TCCloseFsVolume (volumeHandle, volumeFileObject);
}
}
else
@@ -4056,6 +4184,20 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
}
}
+typedef struct
+{
+ UNMOUNT_STRUCT *unmountRequest; PDEVICE_OBJECT deviceObject; BOOL ignoreOpenFiles;
+ NTSTATUS Status;
+ KEVENT WorkItemCompletedEvent;
+} UnmountDeviceWorkItemArgs;
+
+
+static VOID UnmountDeviceWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, UnmountDeviceWorkItemArgs *arg)
+{
+ arg->Status = UnmountDevice (arg->unmountRequest, arg->deviceObject, arg->ignoreOpenFiles);
+ KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
+}
+
NTSTATUS UnmountDevice (UNMOUNT_STRUCT *unmountRequest, PDEVICE_OBJECT deviceObject, BOOL ignoreOpenFiles)
{
PEXTENSION extension = deviceObject->DeviceExtension;
@@ -4063,6 +4205,27 @@ NTSTATUS UnmountDevice (UNMOUNT_STRUCT *unmountRequest, PDEVICE_OBJECT deviceObj
HANDLE volumeHandle;
PFILE_OBJECT volumeFileObject;
+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())
+ {
+ UnmountDeviceWorkItemArgs args;
+
+ PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);
+ if (!workItem)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ args.deviceObject = deviceObject;
+ args.unmountRequest = unmountRequest;
+ args.ignoreOpenFiles = ignoreOpenFiles;
+
+ KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);
+ IoQueueWorkItem (workItem, UnmountDeviceWorkItemRoutine, DelayedWorkQueue, &args);
+
+ KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);
+ IoFreeWorkItem (workItem);
+
+ return args.Status;
+ }
+
Dump ("UnmountDevice %d\n", extension->nDosDriveNo);
ntStatus = TCOpenFsVolume (extension, &volumeHandle, &volumeFileObject);
@@ -4335,16 +4498,27 @@ NTSTATUS TCCompleteDiskIrp (PIRP irp, NTSTATUS status, ULONG_PTR information)
size_t GetCpuCount ()
{
- KAFFINITY activeCpuMap = KeQueryActiveProcessors();
- size_t mapSize = sizeof (activeCpuMap) * 8;
size_t cpuCount = 0;
-
- while (mapSize--)
+ if (KeQueryActiveGroupCountPtr && KeQueryActiveProcessorCountExPtr)
+ {
+ USHORT i, groupCount = KeQueryActiveGroupCountPtr ();
+ for (i = 0; i < groupCount; i++)
+ {
+ cpuCount += (size_t) KeQueryActiveProcessorCountExPtr (i);
+ }
+ }
+ else
{
- if (activeCpuMap & 1)
- ++cpuCount;
+ KAFFINITY activeCpuMap = KeQueryActiveProcessors();
+ size_t mapSize = sizeof (activeCpuMap) * 8;
+
+ while (mapSize--)
+ {
+ if (activeCpuMap & 1)
+ ++cpuCount;
- activeCpuMap >>= 1;
+ activeCpuMap >>= 1;
+ }
}
if (cpuCount == 0)
@@ -4353,6 +4527,35 @@ size_t GetCpuCount ()
return cpuCount;
}
+USHORT GetCpuGroup (size_t index)
+{
+ if (KeQueryActiveGroupCountPtr && KeQueryActiveProcessorCountExPtr)
+ {
+ USHORT i, groupCount = KeQueryActiveGroupCountPtr ();
+ size_t cpuCount = 0;
+ for (i = 0; i < groupCount; i++)
+ {
+ cpuCount += (size_t) KeQueryActiveProcessorCountExPtr (i);
+ if (cpuCount >= index)
+ {
+ return i;
+ }
+ }
+ }
+
+ return 0;
+}
+
+void SetThreadCpuGroupAffinity (USHORT index)
+{
+ if (KeSetSystemGroupAffinityThreadPtr)
+ {
+ GROUP_AFFINITY groupAffinity = {0};
+ groupAffinity.Mask = ~0ULL;
+ groupAffinity.Group = index;
+ KeSetSystemGroupAffinityThreadPtr (&groupAffinity, NULL);
+ }
+}
void EnsureNullTerminatedString (wchar_t *str, size_t maxSizeInBytes)
{
@@ -4759,4 +4962,12 @@ VOID NTAPI KeRestoreExtendedProcessorState (
{
(KeRestoreExtendedProcessorStatePtr) (XStateSave);
}
-} \ No newline at end of file
+}
+
+BOOLEAN VC_KeAreAllApcsDisabled (VOID)
+{
+ if (KeAreAllApcsDisabledPtr)
+ return (KeAreAllApcsDisabledPtr) ();
+ else
+ return FALSE;
+}
diff --git a/src/Driver/Ntdriver.h b/src/Driver/Ntdriver.h
index 2e4d655..25ee64e 100644
--- a/src/Driver/Ntdriver.h
+++ b/src/Driver/Ntdriver.h
@@ -174,6 +174,8 @@ NTSTATUS TCCompleteDiskIrp (PIRP irp, NTSTATUS status, ULONG_PTR information);
NTSTATUS ProbeRealDriveSize (PDEVICE_OBJECT driveDeviceObject, LARGE_INTEGER *driveSize);
BOOL UserCanAccessDriveDevice ();
size_t GetCpuCount ();
+USHORT GetCpuGroup (size_t index);
+void SetThreadCpuGroupAffinity (USHORT index);
void EnsureNullTerminatedString (wchar_t *str, size_t maxSizeInBytes);
void *AllocateMemoryWithTimeout (size_t size, int retryDelay, int timeout);
BOOL IsDriveLetterAvailable (int nDosDriveNo, DeviceNamespaceType namespaceType);
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c
index afd3a96..e88105c 100644
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -303,7 +303,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
if (mount->bMountReadOnly || ntStatus == STATUS_ACCESS_DENIED)
{
ntStatus = ZwCreateFile (&Extension->hDeviceFile,
- GENERIC_READ | SYNCHRONIZE,
+ GENERIC_READ | (!bRawDevice && mount->bPreserveTimestamp? FILE_WRITE_ATTRIBUTES : 0) | SYNCHRONIZE,
&oaFileAttributes,
&IoStatusBlock,
NULL,
@@ -318,6 +318,26 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
NULL,
0);
+ if (!NT_SUCCESS (ntStatus) && !bRawDevice && mount->bPreserveTimestamp)
+ {
+ /* try again without FILE_WRITE_ATTRIBUTES */
+ ntStatus = ZwCreateFile (&Extension->hDeviceFile,
+ GENERIC_READ | SYNCHRONIZE,
+ &oaFileAttributes,
+ &IoStatusBlock,
+ NULL,
+ FILE_ATTRIBUTE_NORMAL |
+ FILE_ATTRIBUTE_SYSTEM,
+ exclusiveAccess ? FILE_SHARE_READ : FILE_SHARE_READ | FILE_SHARE_WRITE,
+ FILE_OPEN,
+ FILE_RANDOM_ACCESS |
+ FILE_WRITE_THROUGH |
+ (disableBuffering ? FILE_NO_INTERMEDIATE_BUFFERING : 0) |
+ FILE_SYNCHRONOUS_IO_NONALERT,
+ NULL,
+ 0);
+ }
+
if (NT_SUCCESS (ntStatus) && !mount->bMountReadOnly)
mount->VolumeMountedReadOnlyAfterAccessDenied = TRUE;
@@ -362,6 +382,18 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
Extension->fileLastWriteTime = FileBasicInfo.LastWriteTime;
Extension->fileLastChangeTime = FileBasicInfo.ChangeTime;
Extension->bTimeStampValid = TRUE;
+
+ // we tell the system not to update LastAccessTime, LastWriteTime, and ChangeTime
+ FileBasicInfo.CreationTime.QuadPart = 0;
+ FileBasicInfo.LastAccessTime.QuadPart = -1;
+ FileBasicInfo.LastWriteTime.QuadPart = -1;
+ FileBasicInfo.ChangeTime.QuadPart = -1;
+
+ ZwSetInformationFile (Extension->hDeviceFile,
+ &IoStatusBlock,
+ &FileBasicInfo,
+ sizeof (FileBasicInfo),
+ FileBasicInformation);
}
ntStatus = ZwQueryInformationFile (Extension->hDeviceFile,
@@ -886,6 +918,18 @@ void TCCloseVolume (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension)
}
}
+typedef struct
+{
+ PDEVICE_OBJECT deviceObject; PEXTENSION Extension; ULONG ioControlCode; void *inputBuffer; int inputBufferSize; void *outputBuffer; int outputBufferSize;
+ NTSTATUS Status;
+ KEVENT WorkItemCompletedEvent;
+} TCSendHostDeviceIoControlRequestExWorkItemArgs;
+
+static VOID TCSendHostDeviceIoControlRequestExWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, TCSendHostDeviceIoControlRequestExWorkItemArgs *arg)
+{
+ arg->Status = TCSendHostDeviceIoControlRequestEx (arg->deviceObject, arg->Extension, arg->ioControlCode, arg->inputBuffer, arg->inputBufferSize, arg->outputBuffer, arg->outputBufferSize);
+ KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
+}
NTSTATUS TCSendHostDeviceIoControlRequestEx (PDEVICE_OBJECT DeviceObject,
PEXTENSION Extension,
@@ -901,6 +945,31 @@ NTSTATUS TCSendHostDeviceIoControlRequestEx (PDEVICE_OBJECT DeviceObject,
UNREFERENCED_PARAMETER(DeviceObject); /* Remove compiler warning */
+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())
+ {
+ TCSendHostDeviceIoControlRequestExWorkItemArgs args;
+
+ PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);
+ if (!workItem)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ args.deviceObject = DeviceObject;
+ args.Extension = Extension;
+ args.ioControlCode = IoControlCode;
+ args.inputBuffer = InputBuffer;
+ args.inputBufferSize = InputBufferSize;
+ args.outputBuffer = OutputBuffer;
+ args.outputBufferSize = OutputBufferSize;
+
+ KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);
+ IoQueueWorkItem (workItem, TCSendHostDeviceIoControlRequestExWorkItemRoutine, DelayedWorkQueue, &args);
+
+ KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);
+ IoFreeWorkItem (workItem);
+
+ return args.Status;
+ }
+
KeClearEvent (&Extension->keVolumeEvent);
Irp = IoBuildDeviceIoControlRequest (IoControlCode,
diff --git a/src/ExpandVolume/DlgExpandVolume.cpp b/src/ExpandVolume/DlgExpandVolume.cpp
index c1acd76..ab76d1b 100644
--- a/src/ExpandVolume/DlgExpandVolume.cpp
+++ b/src/ExpandVolume/DlgExpandVolume.cpp
@@ -49,6 +49,8 @@
#define TIMER_ID_RANDVIEW 0xff
#define TIMER_INTERVAL_RANDVIEW 50
+BOOL bSeManageVolumeNameSet = FALSE;
+
// see definition of enum EV_FileSystem
const wchar_t * szFileSystemStr[4] = {L"RAW",L"FAT",L"NTFS",L"EXFAT"};
@@ -117,6 +119,20 @@ uint64 GetSizeBoxMultiplier(HWND hwndDlg)
return Muliplier[i];
}
+void HandleQuickExpanddCheckBox (HWND hwndDlg)
+{
+ if (IsButtonChecked (GetDlgItem (hwndDlg, IDC_INIT_NEWSPACE)))
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_QUICKEXPAND), FALSE);
+ SendDlgItemMessage (hwndDlg, IDC_QUICKEXPAND, BM_SETCHECK, BST_UNCHECKED, 0);
+ }
+ else
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_QUICKEXPAND), TRUE);
+ }
+}
+
+
BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{
static EXPAND_VOL_THREAD_PARAMS *pVolExpandParam;
@@ -164,6 +180,12 @@ BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
SetWindowText (GetDlgItem (hwndDlg, IDT_NEW_SIZE), L"");
GetSpaceString(szHostFreeStr,sizeof(szHostFreeStr),pVolExpandParam->hostSizeFree,FALSE);
StringCbPrintfW (szTemp,sizeof(szTemp),L"%s available on host drive", szHostFreeStr);
+
+ if (!pVolExpandParam->bDisableQuickExpand)
+ {
+ ShowWindow (GetDlgItem (hwndDlg, IDC_QUICKEXPAND), SW_SHOW);
+ HandleQuickExpanddCheckBox (hwndDlg);
+ }
}
SetWindowText (GetDlgItem (hwndDlg, IDC_EXPAND_VOLUME_NEWSIZE), szTemp);
@@ -179,7 +201,7 @@ BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
{
StringCbPrintfW (szTemp, sizeof(szTemp),L"Please specify the new size of the VeraCrypt volume (must be at least %I64u KB larger than the current size).",TC_MINVAL_FS_EXPAND/1024);
}
- SetWindowText (GetDlgItem (hwndDlg, IDC_BOX_HELP), szTemp);
+ SetWindowText (GetDlgItem (hwndDlg, IDC_BOX_HELP), szTemp);
}
return 0;
@@ -197,6 +219,7 @@ BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
wchar_t szTemp[4096];
pVolExpandParam->bInitFreeSpace = IsButtonChecked (GetDlgItem (hwndDlg, IDC_INIT_NEWSPACE));
+ pVolExpandParam->bQuickExpand = IsButtonChecked (GetDlgItem (hwndDlg, IDC_QUICKEXPAND));
if (!pVolExpandParam->bIsDevice) // for devices new size is set by calling function
{
GetWindowText (GetDlgItem (hwndDlg, IDC_SIZEBOX), szTemp, ARRAYSIZE (szTemp));
@@ -207,6 +230,23 @@ BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
return 1;
}
+ if (lw == IDC_INIT_NEWSPACE && !pVolExpandParam->bDisableQuickExpand)
+ {
+ HandleQuickExpanddCheckBox (hwndDlg);
+ return 1;
+ }
+
+ if (lw == IDC_QUICKEXPAND && IsButtonChecked (GetDlgItem (hwndDlg, IDC_QUICKEXPAND)))
+ {
+ // If quick expand selected, then we warn about security issue
+ if (MessageBoxW (hwndDlg, L"WARNING: You should use Quick Expand only in the following cases:\n\n1) The device where the file container is located contains no sensitive data and you do not need plausible deniability.\n2) The device where the file container is located has already been securely and fully encrypted.\n\nAre you sure you want to use Quick Expand?",
+ lpszTitle, YES_NO|MB_ICONWARNING|MB_DEFBUTTON2) == IDNO)
+ {
+ SendDlgItemMessage (hwndDlg, IDC_QUICKEXPAND, BM_SETCHECK, BST_UNCHECKED, 0);
+ return 1;
+ }
+ }
+
return 0;
}
@@ -393,6 +433,7 @@ BOOL CALLBACK ExpandVolProgressDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, L
// tell the volume transform thread to terminate
bVolTransformThreadCancel = TRUE;
}
+ NormalCursor ();
EndDialog (hwndDlg, lw);
return 1;
}
@@ -402,6 +443,7 @@ BOOL CALLBACK ExpandVolProgressDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, L
if (bVolTransformStarted)
{
// TransformThreadFunction finished -> OK button is now exit
+ NormalCursor ();
EndDialog (hwndDlg, lw);
}
else
@@ -561,7 +603,6 @@ void ExpandVolumeWizard (HWND hwndDlg, wchar_t *lpszVolume)
if (KeyFilesEnable && FirstKeyFile)
KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile, lpszVolume);
- WaitCursor ();
OpenVolumeThreadParam threadParam;
threadParam.context = &expandVol;
@@ -691,6 +732,8 @@ void ExpandVolumeWizard (HWND hwndDlg, wchar_t *lpszVolume)
EXPAND_VOL_THREAD_PARAMS VolExpandParam;
VolExpandParam.bInitFreeSpace = (bIsLegacy && bIsDevice) ? FALSE:TRUE;
+ VolExpandParam.bQuickExpand = FALSE;
+ VolExpandParam.bDisableQuickExpand = bIsDevice;
VolExpandParam.szVolumeName = lpszVolume;
VolExpandParam.FileSystem = volFSType;
VolExpandParam.pVolumePassword = &VolumePassword;
@@ -702,6 +745,17 @@ void ExpandVolumeWizard (HWND hwndDlg, wchar_t *lpszVolume)
VolExpandParam.newSize = hostSize;
VolExpandParam.hostSizeFree = hostSizeFree;
+ // disable Quick Expand if the file is sparse or compressed
+ if (!bIsDevice)
+ {
+ DWORD dwFileAttrib = GetFileAttributesW (lpszVolume);
+ if (INVALID_FILE_ATTRIBUTES != dwFileAttrib)
+ {
+ if (dwFileAttrib & (FILE_ATTRIBUTE_COMPRESSED | FILE_ATTRIBUTE_SPARSE_FILE))
+ VolExpandParam.bDisableQuickExpand = TRUE;
+ }
+ }
+
while (1)
{
uint64 newVolumeSize;
@@ -717,7 +771,7 @@ void ExpandVolumeWizard (HWND hwndDlg, wchar_t *lpszVolume)
if ( !bIsDevice )
{
- if ( newVolumeSize < hostSize + TC_MINVAL_FS_EXPAND)
+ if ( (newVolumeSize < hostSize + TC_MINVAL_FS_EXPAND) && ((hostSize == volSize) || (newVolumeSize != hostSize) || ((hostSize - volSize) < TC_MINVAL_FS_EXPAND)))
{
StringCbPrintfW(szTmp,sizeof(szTmp),L"New volume size too small, must be at least %I64u kB larger than the current size.",TC_MINVAL_FS_EXPAND/BYTES_PER_KB);
MessageBoxW (hwndDlg, szTmp, lpszTitle, MB_OK | MB_ICONEXCLAMATION );
@@ -737,6 +791,18 @@ void ExpandVolumeWizard (HWND hwndDlg, wchar_t *lpszVolume)
MessageBoxW (hwndDlg, L"!\n",lpszTitle, MB_OK | MB_ICONEXCLAMATION );
continue;
}
+
+ if (VolExpandParam.bQuickExpand && !bSeManageVolumeNameSet)
+ {
+ if (!SetPrivilege (SE_MANAGE_VOLUME_NAME, TRUE))
+ {
+ MessageBoxW (hwndDlg, L"Error: Failed to get necessary privileges to enable Quick Expand!\nPlease uncheck Quick Expand option and try again.",lpszTitle, MB_OK | MB_ICONEXCLAMATION );
+ VolExpandParam.bQuickExpand = FALSE;
+ continue;
+ }
+
+ bSeManageVolumeNameSet = TRUE;
+ }
}
if ( newVolumeSize > TC_MAX_VOLUME_SIZE )
diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c
index 5a476ba..e340a8b 100644
--- a/src/ExpandVolume/ExpandVolume.c
+++ b/src/ExpandVolume/ExpandVolume.c
@@ -492,7 +492,7 @@ error:
Remarks: a lot of code is from TrueCrypt 'Common\Password.c' :: ChangePwd()
*/
-static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePassword, int VolumePkcs5, int VolumePim, uint64 newHostSize, BOOL initFreeSpace)
+static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePassword, int VolumePkcs5, int VolumePim, uint64 newHostSize, BOOL initFreeSpace, BOOL bQuickExpand)
{
int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;
wchar_t szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
@@ -512,6 +512,11 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
BOOL backupHeader;
byte *wipeBuffer = NULL;
uint32 workChunkSize = TC_VOLUME_HEADER_GROUP_SIZE;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+ PCRYPTO_INFO cryptoInfoBackup = NULL;
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
if (pVolumePassword->Length == 0) return -1;
@@ -535,6 +540,27 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
if (dev == INVALID_HANDLE_VALUE)
goto error;
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Time timestamps are not modified
+ // in order to preserve plausible deniability of hidden volumes (last password change time is stored in the volume header).
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ /* Remember the container modification/creation date and time, (used to reset file date and time of
+ file-hosted volumes after password change (or attempt to), in order to preserve plausible deniability
+ of hidden volumes (last password change time is stored in the volume header). */
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ {
+ bTimeStampValid = FALSE;
+ MessageBoxW (hwndDlg, GetString ("GETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
+ }
+ else
+ bTimeStampValid = TRUE;
+ }
if (bDevice)
{
@@ -628,20 +654,6 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
goto error;
}
- if (!bDevice && bPreserveTimestamp)
- {
- /* Remember the container modification/creation date and time, (used to reset file date and time of
- file-hosted volumes after password change (or attempt to), in order to preserve plausible deniability
- of hidden volumes (last password change time is stored in the volume header). */
-
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- {
- bTimeStampValid = FALSE;
- MessageBoxW (hwndDlg, GetString ("GETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
- }
- else
- bTimeStampValid = TRUE;
- }
// Seek the volume header
headerOffset.QuadPart = TC_VOLUME_HEADER_OFFSET;
@@ -673,7 +685,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
}
#ifdef _WIN64
- if (IsRamEncryptionEnabled())
+ if (bIsRamEncryptionEnabled)
{
VcProtectKeys (cryptoInfo, VcGetEncryptionID (cryptoInfo));
}
@@ -750,13 +762,37 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
liNewSize.QuadPart=(LONGLONG)newHostSize;
- // Preallocate the file
- if (!SetFilePointerEx (dev, liNewSize, NULL, FILE_BEGIN)
- || !SetEndOfFile (dev)
- || SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ if (hostSize != newHostSize)
{
- nStatus = ERR_OS_ERROR;
- goto error;
+ // Preallocate the file
+ if (!SetFilePointerEx (dev, liNewSize, NULL, FILE_BEGIN)
+ || !SetEndOfFile (dev))
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
+
+ if (bQuickExpand)
+ {
+ if (!SetFileValidData (dev, liNewSize.QuadPart))
+ {
+ DebugAddProgressDlgStatus(hwndDlg, L"Warning: Failed to perform Quick Expand. Continuing with standard expanding...\r\n");
+ }
+ }
+
+ if (SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
+ }
+ else
+ {
+ if (SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
}
}
@@ -820,6 +856,17 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
else
DebugAddProgressDlgStatus(hwndDlg, L"Writing re-encrypted primary header ...\r\n");
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof (CRYPTO_INFO));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
// Prepare new volume header
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
buffer,
@@ -839,6 +886,15 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
cryptoInfo->SectorSize,
FALSE ); // use slow poll
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (CRYPTO_INFO));
+ }
+#endif
+
if (ci != NULL)
crypto_close (ci);
@@ -870,7 +926,26 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
PCRYPTO_INFO dummyInfo = NULL;
LARGE_INTEGER hiddenOffset;
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof (CRYPTO_INFO));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, newDataAreaSize, !backupHeader, backupHeader);
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (CRYPTO_INFO));
+ }
+#endif
if (nStatus != ERR_SUCCESS)
goto error;
@@ -1050,7 +1125,7 @@ void __cdecl volTransformThreadFunction (void *pExpandDlgParam)
HWND hwndDlg = (HWND) pParam->hwndDlg;
nStatus = ExpandVolume (hwndDlg, (wchar_t*)pParam->szVolumeName, pParam->pVolumePassword,
- pParam->VolumePkcs5, pParam->VolumePim, pParam->newSize, pParam->bInitFreeSpace );
+ pParam->VolumePkcs5, pParam->VolumePim, pParam->newSize, pParam->bInitFreeSpace, pParam->bQuickExpand );
if (nStatus!=ERR_SUCCESS && nStatus!=ERR_USER_ABORT)
handleError (hwndDlg, nStatus, SRC_POS);
diff --git a/src/ExpandVolume/ExpandVolume.h b/src/ExpandVolume/ExpandVolume.h
index 5f4eb7f..668eb79 100644
--- a/src/ExpandVolume/ExpandVolume.h
+++ b/src/ExpandVolume/ExpandVolume.h
@@ -40,6 +40,8 @@ typedef struct
BOOL bIsDevice;
BOOL bIsLegacy;
BOOL bInitFreeSpace;
+ BOOL bQuickExpand;
+ BOOL bDisableQuickExpand;
Password *pVolumePassword;
int VolumePkcs5;
int VolumePim;
diff --git a/src/ExpandVolume/ExpandVolume.rc b/src/ExpandVolume/ExpandVolume.rc
index 3f5e891..dce4b3b 100644
--- a/src/ExpandVolume/ExpandVolume.rc
+++ b/src/ExpandVolume/ExpandVolume.rc
@@ -38,7 +38,8 @@ BEGIN
CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,248,105,38,10
CONTROL "&TB",IDC_TB,"Button",BS_AUTORADIOBUTTON,288,105,38,10
CONTROL "Fill new space with random data",IDC_INIT_NEWSPACE,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,30,127,118,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,30,120,276,10
+ CONTROL "Quick Expand",IDC_QUICKEXPAND,"Button",BS_AUTOCHECKBOX | NOT WS_VISIBLE | WS_DISABLED | WS_TABSTOP,30,132,276,10
DEFPUSHBUTTON "Continue",IDOK,15,238,84,18
PUSHBUTTON "Cancel",IDCANCEL,277,238,84,18
LTEXT "Help Text",IDC_BOX_HELP,15,165,346,58,0,WS_EX_CLIENTEDGE
@@ -141,7 +142,7 @@ END
//
#ifdef APSTUDIO_INVOKED
-GUIDELINES DESIGNINFO
+GUIDELINES DESIGNINFO
BEGIN
IDD_SIZE_DIALOG, DIALOG
BEGIN
@@ -192,8 +193,8 @@ IDR_MOUNT_RSRC_HEADER HEADER "resource.h"
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,5,0
- PRODUCTVERSION 1,24,5,0
+ FILEVERSION 1,24,15,0
+ PRODUCTVERSION 1,24,15,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -210,11 +211,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Expander"
- VALUE "FileVersion", "1.24-Beta5"
+ VALUE "FileVersion", "1.24-Update6"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCryptExpander.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Beta5"
+ VALUE "ProductVersion", "1.24-Update6"
END
END
BLOCK "VarFileInfo"
@@ -264,7 +265,7 @@ IDB_LOGO_288DPI BITMAP "Logo_288dpi.bmp"
// Menu
//
-IDR_MENU MENUEX
+IDR_MENU MENUEX
BEGIN
MENUITEM "About", IDM_ABOUT,MFT_STRING,MFS_ENABLED
MENUITEM "Homepage", IDM_HOMEPAGE,MFT_STRING | MFT_RIGHTJUSTIFY,MFS_ENABLED
@@ -276,7 +277,7 @@ END
// String Table
//
-STRINGTABLE
+STRINGTABLE
BEGIN
IDS_UACSTRING "VeraCrypt Expander"
END
diff --git a/src/ExpandVolume/InitDataArea.c b/src/ExpandVolume/InitDataArea.c
index afca230..618358d 100644
--- a/src/ExpandVolume/InitDataArea.c
+++ b/src/ExpandVolume/InitDataArea.c
@@ -56,6 +56,9 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
LARGE_INTEGER startOffset;
LARGE_INTEGER newOffset;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+#endif
// Seek to start sector
startOffset.QuadPart = startSector * FormatSectorSize;
@@ -74,6 +77,16 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
memset (sector, 0, sizeof (sector));
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VirtualLock (&tmpCI, sizeof (tmpCI));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
// Remember the original secondary key (XTS mode) before generating a temporary one
memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2));
@@ -136,6 +149,13 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
return 0;
@@ -147,6 +167,13 @@ fail:
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (tmpCI));
+ }
+#endif
SetLastError (err);
return (retVal ? retVal : ERR_OS_ERROR);
diff --git a/src/ExpandVolume/WinMain.cpp b/src/ExpandVolume/WinMain.cpp
index 2710cc4..10c1af4 100644
--- a/src/ExpandVolume/WinMain.cpp
+++ b/src/ExpandVolume/WinMain.cpp
@@ -866,6 +866,67 @@ static BOOL SelectPartition (HWND hwndDlg)
return FALSE;
}
+void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
+{
+ wchar_t **lpszCommandLineArgs = NULL; /* Array of command line arguments */
+ int nNoCommandLineArgs; /* The number of arguments in the array */
+
+ /* Extract command line arguments */
+ nNoCommandLineArgs = Win32CommandLine (&lpszCommandLineArgs);
+ if (nNoCommandLineArgs > 0)
+ {
+ int i;
+
+ for (i = 0; i < nNoCommandLineArgs; i++)
+ {
+ enum
+ {
+ OptionEnableMemoryProtection,
+ };
+
+ argument args[]=
+ {
+ { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE },
+ };
+
+ argumentspec as;
+
+ int x;
+
+ if (lpszCommandLineArgs[i] == NULL)
+ continue;
+
+ as.args = args;
+ as.arg_cnt = sizeof(args)/ sizeof(args[0]);
+
+ x = GetArgumentID (&as, lpszCommandLineArgs[i]);
+
+ switch (x)
+ {
+
+ case OptionEnableMemoryProtection:
+ EnableMemoryProtection = TRUE;
+ break;
+
+ default:
+ DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_COMMANDHELP_DLG), hwndDlg, (DLGPROC)
+ CommandHelpDlgProc, (LPARAM) &as);
+
+ exit(0);
+ }
+ }
+ }
+
+ /* Free up the command line arguments */
+ while (--nNoCommandLineArgs >= 0)
+ {
+ free (lpszCommandLineArgs[nNoCommandLineArgs]);
+ }
+
+ if (lpszCommandLineArgs)
+ free (lpszCommandLineArgs);
+}
+
/* Except in response to the WM_INITDIALOG and WM_ENDSESSION messages, the dialog box procedure
should return nonzero if it processes a message, and zero if it does not. */
@@ -890,6 +951,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
bUseSecureDesktop = FALSE;
bUseLegacyMaxPasswordLength = FALSE;
+ VeraCryptExpander::ExtractCommandLine (hwndDlg, (wchar_t *) lParam);
+
if (UsePreferences)
{
// General preferences
@@ -900,6 +963,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
RestoreDefaultKeyFilesParam ();
}
+ if (EnableMemoryProtection)
+ {
+ /* Protect this process memory from being accessed by non-admin users */
+ EnableProcessProtection ();
+ }
+
InitMainDialog (hwndDlg);
// Quit
@@ -957,7 +1026,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (lw == IDM_HOMEPAGE )
{
ArrowWaitCursor ();
- ShellExecute (NULL, L"open", L"https://www.veracrypt.fr", NULL, NULL, SW_SHOWNORMAL);
+ SafeOpenURL (L"https://www.veracrypt.fr");
Sleep (200);
NormalCursor ();
diff --git a/src/ExpandVolume/resource.h b/src/ExpandVolume/resource.h
index 993c414..99d89dd 100644
--- a/src/ExpandVolume/resource.h
+++ b/src/ExpandVolume/resource.h
@@ -71,6 +71,7 @@
#define IDC_OLD_PIM 1143
#define IDC_OLD_PIM_HELP 1144
#define ID_HOMEPAGE 1145
+#define IDC_QUICKEXPAND 1146
#define IDM_HELP 40001
#define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003
@@ -135,13 +136,13 @@
#define IDM_MANAGE_TOKEN_KEYFILES 40062
// Next default values for new objects
-//
+//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 120
#define _APS_NEXT_COMMAND_VALUE 40064
-#define _APS_NEXT_CONTROL_VALUE 1146
+#define _APS_NEXT_CONTROL_VALUE 1147
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/Format/Format.rc b/src/Format/Format.rc
index a96dcbc..8ebc11a 100644
--- a/src/Format/Format.rc
+++ b/src/Format/Format.rc
@@ -28,8 +28,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,5,0
- PRODUCTVERSION 1,24,5,0
+ FILEVERSION 1,24,15,0
+ PRODUCTVERSION 1,24,15,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -46,11 +46,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Format"
- VALUE "FileVersion", "1.24-Beta5"
+ VALUE "FileVersion", "1.24-Update6"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Format.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Beta5"
+ VALUE "ProductVersion", "1.24-Update6"
END
END
BLOCK "VarFileInfo"
@@ -79,378 +79,378 @@ IDR_FORMAT_TLB TYPELIB "Format.tlb"
// Dialog
//
-IDD_VOL_CREATION_WIZARD_DLG DIALOGEX 0, 0, 400, 229
+IDD_VOL_CREATION_WIZARD_DLG DIALOGEX 0, 0, 450, 250
STYLE DS_SETFONT | DS_SETFOREGROUND | DS_FIXEDSYS | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt Volume Creation Wizard"
CLASS "VeraCryptCustomDlg"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- PUSHBUTTON "&Help",IDHELP,176,209,50,14
- PUSHBUTTON "",IDC_PREV,235,209,50,14
- DEFPUSHBUTTON "",IDC_NEXT,285,209,50,14
- PUSHBUTTON "Cancel",IDCANCEL,343,209,50,14
- LTEXT "",IDC_BOX_TITLE,160,8,233,17
- GROUPBOX "",IDC_STATIC,4,0,392,203
- CONTROL 116,IDC_BITMAP_WIZARD,"Static",SS_BITMAP | SS_SUNKEN,10,9,137,169
- LTEXT "",IDC_POS_BOX,160,24,231,172
+ PUSHBUTTON "&Help",IDHELP,166,234,60,14
+ PUSHBUTTON "",IDC_PREV,238,234,60,14
+ DEFPUSHBUTTON "",IDC_NEXT,310,234,60,14
+ PUSHBUTTON "Cancel",IDCANCEL,382,234,60,14
+ LTEXT "",IDC_BOX_TITLE,160,8,283,17
+ GROUPBOX "",IDC_STATIC,4,0,439,230
+ CONTROL 116,IDC_BITMAP_WIZARD,"Static",SS_BITMAP | SS_SUNKEN,10,9,137,193
+ LTEXT "",IDC_POS_BOX,160,24,281,193
END
-IDD_CIPHER_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_CIPHER_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- COMBOBOX IDC_COMBO_BOX,7,23,137,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
- PUSHBUTTON "&Test",IDC_CIPHER_TEST,149,22,59,14
- PUSHBUTTON "&Benchmark",IDC_BENCHMARK,149,100,59,14
- COMBOBOX IDC_COMBO_BOX_HASH_ALGO,7,137,83,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
- LTEXT "",IDC_BOX_HELP,7,40,205,58
- GROUPBOX "Encryption Algorithm",IDT_ENCRYPTION_ALGO,0,10,217,111
- GROUPBOX "Hash Algorithm",IDT_HASH_ALGO,0,124,217,35
- LTEXT "More information",IDC_LINK_MORE_INFO_ABOUT_CIPHER,7,102,135,10,SS_NOTIFY
- LTEXT "Information on hash algorithms",IDC_LINK_HASH_INFO,97,139,115,8,SS_NOTIFY
+ COMBOBOX IDC_COMBO_BOX,7,23,172,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ PUSHBUTTON "&Test",IDC_CIPHER_TEST,191,22,81,14
+ PUSHBUTTON "&Benchmark",IDC_BENCHMARK,191,122,81,14
+ COMBOBOX IDC_COMBO_BOX_HASH_ALGO,7,169,95,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ LTEXT "",IDC_BOX_HELP,7,40,266,78
+ GROUPBOX "Encryption Algorithm",IDT_ENCRYPTION_ALGO,0,10,273,131
+ GROUPBOX "Hash Algorithm",IDT_HASH_ALGO,0,156,273,35
+ LTEXT "More information",IDC_LINK_MORE_INFO_ABOUT_CIPHER,7,124,176,10,SS_NOTIFY
+ LTEXT "Information on hash algorithms",IDC_LINK_HASH_INFO,121,171,148,8,SS_NOTIFY
END
-IDD_PASSWORD_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_PASSWORD_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_PASSWORD,53,3,170,14,ES_PASSWORD | ES_AUTOHSCROLL
- EDITTEXT IDC_VERIFY,53,19,170,14,ES_PASSWORD | ES_AUTOHSCROLL
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,35,95,10
- PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,152,36,71,14,WS_DISABLED
- CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,45,95,11,WS_EX_TRANSPARENT
- CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,56,97,10
- RTEXT "Password:",IDT_PASSWORD,1,6,50,8
- RTEXT "&Confirm:",IDT_CONFIRM,1,23,50,8
- LTEXT "",IDC_BOX_HELP,0,71,225,97
+ EDITTEXT IDC_PASSWORD,71,3,202,14,ES_PASSWORD | ES_AUTOHSCROLL
+ EDITTEXT IDC_VERIFY,71,19,202,14,ES_PASSWORD | ES_AUTOHSCROLL
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,35,103,10
+ PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,182,36,91,14,WS_DISABLED
+ CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,45,108,11,WS_EX_TRANSPARENT
+ CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,56,114,10
+ RTEXT "Password:",IDT_PASSWORD,1,6,68,8
+ RTEXT "&Confirm:",IDT_CONFIRM,1,23,68,8
+ LTEXT "",IDC_BOX_HELP,0,71,273,121
END
-IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_SIZEBOX,0,22,71,14,ES_AUTOHSCROLL | ES_NUMBER
- CONTROL "&KB",IDC_KB,"Button",BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,80,25,27,10
- CONTROL "&MB",IDC_MB,"Button",BS_AUTORADIOBUTTON,115,25,27,10
- CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,150,25,27,10
- LTEXT "",IDC_BOX_HELP,0,84,214,75
- LTEXT "",IDC_SPACE_LEFT,0,44,214,33
- CONTROL "&TB",IDC_TB,"Button",BS_AUTORADIOBUTTON,185,25,27,10
+ EDITTEXT IDC_SIZEBOX,0,22,96,14,ES_AUTOHSCROLL | ES_NUMBER
+ CONTROL "&KB",IDC_KB,"Button",BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,105,25,27,10
+ CONTROL "&MB",IDC_MB,"Button",BS_AUTORADIOBUTTON,140,25,27,10
+ CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,175,25,27,10
+ LTEXT "",IDC_BOX_HELP,0,65,273,123
+ LTEXT "",IDC_SPACE_LEFT,0,44,273,18
+ CONTROL "&TB",IDC_TB,"Button",BS_AUTORADIOBUTTON,210,25,27,10
END
-IDD_VOLUME_LOCATION_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_VOLUME_LOCATION_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- COMBOBOX IDC_COMBO_BOX,0,9,148,80,CBS_DROPDOWN | CBS_AUTOHSCROLL | WS_VSCROLL | WS_TABSTOP
- CONTROL "&Never save history",IDC_NO_HISTORY,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,3,28,213,10
- PUSHBUTTON "",IDC_SELECT_VOLUME_LOCATION,155,9,62,14
- LTEXT "",IDC_BOX_HELP,0,42,219,125
+ COMBOBOX IDC_COMBO_BOX,0,9,174,80,CBS_DROPDOWN | CBS_AUTOHSCROLL | WS_VSCROLL | WS_TABSTOP
+ CONTROL "&Never save history",IDC_NO_HISTORY,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,3,28,270,10
+ PUSHBUTTON "",IDC_SELECT_VOLUME_LOCATION,181,9,92,14
+ LTEXT "",IDC_BOX_HELP,0,45,273,143
END
-IDD_FORMAT_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_FORMAT_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- COMBOBOX IDC_FILESYS,43,13,36,90,CBS_DROPDOWNLIST | WS_TABSTOP
- COMBOBOX IDC_CLUSTERSIZE,112,13,42,90,CBS_DROPDOWNLIST | WS_TABSTOP
- CONTROL "Quick Format",IDC_QUICKFORMAT,"Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,163,9,60,8
- CONTROL "",IDC_SHOW_KEYS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,214,38,9,8
- PUSHBUTTON "Abort",IDC_ABORT_BUTTON,169,75,50,14
- RTEXT "Header Key: ",IDT_HEADER_KEY,2,47,54,8
- CONTROL "",IDC_HEADER_KEY,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,57,46,163,8,WS_EX_TRANSPARENT
- RTEXT "Master Key: ",IDT_MASTER_KEY,2,55,54,8
- LTEXT "",IDC_DISK_KEY,57,54,163,8,0,WS_EX_TRANSPARENT
- RTEXT "Cluster ",IDT_CLUSTER,80,15,32,8
- LTEXT "",IDC_BOX_HELP,1,112,224,40
- GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,3,225,29
- CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,76,158,12
- RTEXT "",IDC_TIMEREMAIN,177,93,42,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_WRITESPEED,106,93,42,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ COMBOBOX IDC_FILESYS,50,13,36,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ COMBOBOX IDC_CLUSTERSIZE,135,13,42,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ CONTROL "Quick Format",IDC_QUICKFORMAT,"Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,181,9,92,8
+ CONTROL "",IDC_SHOW_KEYS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,265,38,9,8
+ PUSHBUTTON "Abort",IDC_ABORT_BUTTON,200,75,64,14
+ RTEXT "Header Key: ",IDT_HEADER_KEY,2,47,76,8
+ CONTROL "",IDC_HEADER_KEY,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,83,46,190,8,WS_EX_TRANSPARENT
+ RTEXT "Master Key: ",IDT_MASTER_KEY,2,55,76,8
+ LTEXT "",IDC_DISK_KEY,83,54,190,8,0,WS_EX_TRANSPARENT
+ RTEXT "Cluster ",IDT_CLUSTER,91,15,44,8
+ LTEXT "",IDC_BOX_HELP,1,112,274,58
+ GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,3,276,29
+ CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,76,189,12
+ RTEXT "",IDC_TIMEREMAIN,217,93,46,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "",IDC_WRITESPEED,128,93,42,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
LTEXT "",IDC_BYTESWRITTEN,29,93,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
RTEXT "Done",IDT_DONE,5,94,22,8
- RTEXT "Speed",IDT_SPEED,70,94,34,8
- RTEXT "Left",IDT_LEFT,150,94,25,8
- GROUPBOX "",IDC_STATIC,0,67,225,41
- RTEXT "Filesystem ",IDT_FILESYSTEM,1,15,41,8,0,WS_EX_RIGHT
- RTEXT "Random Pool: ",IDT_RANDOM_POOL,2,39,54,8
- GROUPBOX "",IDC_STATIC,0,32,225,35
- CONTROL "",IDC_RANDOM_BYTES,"Static",SS_SIMPLE | WS_GROUP,57,38,155,8,WS_EX_TRANSPARENT
- GROUPBOX "Randomness Collected From Mouse Movements",IDT_ENTROPY_BAR,0,153,224,18
- CONTROL "",IDC_ENTROPY_BAR,"msctls_progress32",WS_BORDER,11,162,202,6
- CONTROL "Dynamic",SPARSE_FILE,"Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,163,21,60,8
-END
-
-IDD_INTRO_PAGE_DLG DIALOGEX 0, 0, 226, 172
+ RTEXT "Speed",IDT_SPEED,81,94,45,8
+ RTEXT "Left",IDT_LEFT,177,94,35,8
+ GROUPBOX "",IDC_STATIC,0,67,276,41
+ RTEXT "Filesystem ",IDT_FILESYSTEM,1,15,46,8,0,WS_EX_RIGHT
+ RTEXT "Random Pool: ",IDT_RANDOM_POOL,2,39,76,8
+ GROUPBOX "",IDC_STATIC,0,32,276,35
+ CONTROL "",IDC_RANDOM_BYTES,"Static",SS_SIMPLE | WS_GROUP,83,38,177,8,WS_EX_TRANSPARENT
+ GROUPBOX "Randomness Collected From Mouse Movements",IDT_ENTROPY_BAR,0,175,276,18
+ CONTROL "",IDC_ENTROPY_BAR,"msctls_progress32",WS_BORDER,20,184,235,6
+ CONTROL "Dynamic",SPARSE_FILE,"Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,181,21,92,8
+END
+
+IDD_INTRO_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Create an encrypted file container",IDC_FILE_CONTAINER,
- "Button",BS_AUTORADIOBUTTON,0,7,217,10
- LTEXT "More information",IDC_MORE_INFO_ON_CONTAINERS,16,40,165,10,SS_NOTIFY
+ "Button",BS_AUTORADIOBUTTON,0,7,269,10
+ LTEXT "More information",IDC_MORE_INFO_ON_CONTAINERS,16,40,253,10,SS_NOTIFY
CONTROL "Encrypt a non-system partition/drive",IDC_NONSYS_DEVICE,
- "Button",BS_AUTORADIOBUTTON,0,53,217,10
+ "Button",BS_AUTORADIOBUTTON,0,55,269,10
CONTROL "Encrypt the system partition or entire system drive",IDC_SYS_DEVICE,
- "Button",BS_AUTORADIOBUTTON,0,89,217,10
- LTEXT "More information about system encryption",IDC_MORE_INFO_ON_SYS_ENCRYPTION,16,153,190,10,SS_NOTIFY
- LTEXT "Creates a virtual encrypted disk within a file. Recommended for inexperienced users.",IDT_FILE_CONTAINER,16,20,205,16
- LTEXT "Encrypts a non-system partition on any internal or external drive (e.g. a flash drive). Optionally, creates a hidden volume.",IDT_NON_SYS_DEVICE,16,66,205,20
- LTEXT "Encrypts the partition/drive where Windows is installed. Anyone who wants to gain access and use the system, read and write files, etc., will need to enter the correct password each time before Windows boots. Optionally, creates a hidden system.",IDT_SYS_DEVICE,16,102,205,47
+ "Button",BS_AUTORADIOBUTTON,0,98,269,10
+ LTEXT "More information about system encryption",IDC_MORE_INFO_ON_SYS_ENCRYPTION,16,177,253,10,SS_NOTIFY
+ LTEXT "Creates a virtual encrypted disk within a file. Recommended for inexperienced users.",IDT_FILE_CONTAINER,16,20,253,16
+ LTEXT "Encrypts a non-system partition on any internal or external drive (e.g. a flash drive). Optionally, creates a hidden volume.",IDT_NON_SYS_DEVICE,16,68,253,26
+ LTEXT "Encrypts the partition/drive where Windows is installed. Anyone who wants to gain access and use the system, read and write files, etc., will need to enter the correct password each time before Windows boots. Optionally, creates a hidden system.",IDT_SYS_DEVICE,16,112,253,59
END
-IDD_INFO_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_INFO_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "",IDC_BOX_HELP,0,10,225,155
+ LTEXT "",IDC_BOX_HELP,0,31,269,155
END
-IDD_HIDVOL_HOST_FILL_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_HIDVOL_HOST_FILL_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "",IDC_BOX_HELP,0,6,226,138
- PUSHBUTTON "Open Outer Volume",IDC_OPEN_OUTER_VOLUME,0,146,85,14
+ LTEXT "",IDC_BOX_HELP,0,6,269,167
+ PUSHBUTTON "Open Outer Volume",IDC_OPEN_OUTER_VOLUME,0,176,85,14
END
-IDD_HIDDEN_VOL_WIZARD_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_HIDDEN_VOL_WIZARD_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Normal mode",IDC_HIDVOL_WIZ_MODE_FULL,"Button",BS_AUTORADIOBUTTON,0,7,217,10
- CONTROL "Direct mode",IDC_HIDVOL_WIZ_MODE_DIRECT,"Button",BS_AUTORADIOBUTTON,0,87,217,10
- LTEXT "",IDC_BOX_HELP,16,20,205,63
- LTEXT "",IDC_BOX_HELP2,16,101,205,59
+ CONTROL "Normal mode",IDC_HIDVOL_WIZ_MODE_FULL,"Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "Direct mode",IDC_HIDVOL_WIZ_MODE_DIRECT,"Button",BS_AUTORADIOBUTTON,0,97,269,10
+ LTEXT "",IDC_BOX_HELP,16,20,253,72
+ LTEXT "",IDC_BOX_HELP2,16,110,253,72
END
-IDD_PASSWORD_ENTRY_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_PASSWORD_ENTRY_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_PASSWORD_DIRECT,50,2,173,14,ES_PASSWORD | ES_AUTOHSCROLL
- COMBOBOX IDC_PKCS5_PRF_ID,50,17,104,90,CBS_DROPDOWNLIST | WS_TABSTOP
- EDITTEXT IDC_PIM,50,32,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER | NOT WS_VISIBLE
- LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,96,34,127,8,NOT WS_VISIBLE
- CONTROL "&Display password",IDC_SHOW_PASSWORD_SINGLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,50,46,84,11,WS_EX_TRANSPARENT
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,50,57,94,11
- PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,149,54,74,14
- LTEXT "",IDC_BOX_HELP,0,74,225,94
- RTEXT "Password:",IDT_PASSWORD,0,6,48,8
- RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,0,19,48,8
- RTEXT "Volume PIM:",IDT_PIM,0,35,48,8,NOT WS_VISIBLE
- CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,50,35,97,10
-END
-
-IDD_VOLUME_TYPE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+ EDITTEXT IDC_PASSWORD_DIRECT,75,2,198,14,ES_PASSWORD | ES_AUTOHSCROLL
+ COMBOBOX IDC_PKCS5_PRF_ID,75,17,131,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ EDITTEXT IDC_PIM,75,32,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER | NOT WS_VISIBLE
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,121,34,152,8,NOT WS_VISIBLE
+ CONTROL "&Display password",IDC_SHOW_PASSWORD_SINGLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,75,46,109,11,WS_EX_TRANSPARENT
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,75,57,106,11
+ PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,188,54,85,14
+ LTEXT "",IDC_BOX_HELP,0,74,273,119
+ RTEXT "Password:",IDT_PASSWORD,0,6,71,8
+ RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,0,19,71,8
+ RTEXT "Volume PIM:",IDT_PIM,0,35,71,8,NOT WS_VISIBLE
+ CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,75,35,97,10
+END
+
+IDD_VOLUME_TYPE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Standard VeraCrypt volume",IDC_STD_VOL,"Button",BS_AUTORADIOBUTTON,0,7,212,10
- CONTROL "Hi&dden VeraCrypt volume ",IDC_HIDDEN_VOL,"Button",BS_AUTORADIOBUTTON,0,68,212,10
- LTEXT "More information about hidden volumes",IDC_HIDDEN_VOL_HELP,16,151,205,10,SS_NOTIFY
- LTEXT "",IDC_BOX_HELP_NORMAL_VOL,16,20,205,41
- LTEXT "",IDC_BOX_HELP,16,83,205,62
+ CONTROL "Standard VeraCrypt volume",IDC_STD_VOL,"Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "Hi&dden VeraCrypt volume ",IDC_HIDDEN_VOL,"Button",BS_AUTORADIOBUTTON,0,76,269,10
+ LTEXT "More information about hidden volumes",IDC_HIDDEN_VOL_HELP,16,173,253,10,SS_NOTIFY
+ LTEXT "",IDC_BOX_HELP_NORMAL_VOL,16,20,253,52
+ LTEXT "",IDC_BOX_HELP,16,93,253,70
END
-IDD_SYSENC_SPAN_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_SPAN_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Encrypt the Windows system partition",IDC_SYS_PARTITION,
- "Button",BS_AUTORADIOBUTTON,0,7,212,10
- CONTROL "Encrypt the whole drive",IDC_WHOLE_SYS_DRIVE,"Button",BS_AUTORADIOBUTTON,0,53,212,10
- LTEXT "Select this option to encrypt the partition where the currently running Windows operating system is installed.",IDT_SYS_PARTITION,16,20,205,32
- LTEXT "",IDT_WHOLE_SYS_DRIVE,16,70,205,95
+ "Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "Encrypt the whole drive",IDC_WHOLE_SYS_DRIVE,"Button",BS_AUTORADIOBUTTON,0,67,269,10
+ LTEXT "Select this option to encrypt the partition where the currently running Windows operating system is installed.",IDT_SYS_PARTITION,16,20,253,42
+ LTEXT "",IDT_WHOLE_SYS_DRIVE,16,82,253,104
END
-IDD_SYSENC_RESCUE_DISK_CREATION_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_RESCUE_DISK_CREATION_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_RESCUE_DISK_ISO_PATH,0,159,163,13,ES_AUTOHSCROLL
- PUSHBUTTON "Bro&wse...",IDC_BROWSE,166,158,59,14
- LTEXT "",IDT_RESCUE_DISK_INFO,0,1,225,137
+ EDITTEXT IDC_RESCUE_DISK_ISO_PATH,0,180,201,13,ES_AUTOHSCROLL
+ PUSHBUTTON "Bro&wse...",IDC_BROWSE,204,179,70,14
+ LTEXT "",IDT_RESCUE_DISK_INFO,0,1,273,137
CONTROL "Skip Rescue Disk verification",IDC_SKIP_RESCUE_VERIFICATION,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,0,145,106,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,0,166,273,10
END
-IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- CONTROL "Display pool content",IDC_DISPLAY_POOL_CONTENTS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,1,98,122,10
- CONTROL "",IDC_SYS_POOL_CONTENTS,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,8,14,205,72,WS_EX_TRANSPARENT
- LTEXT "IMPORTANT: Move your mouse as randomly as possible within this window. The longer you move it, the better. This significantly increases the cryptographic strength of the encryption keys. Then click Next to continue.",IDT_COLLECTING_RANDOM_DATA_NOTE,1,112,224,40
- GROUPBOX "Current pool content (partial)",IDT_PARTIAL_POOL_CONTENTS,0,5,222,88
- GROUPBOX "Randomness Collected From Mouse Movements",IDT_ENTROPY_BAR,0,154,224,18
- CONTROL "",IDC_ENTROPY_BAR,"msctls_progress32",WS_BORDER,11,163,202,6
+ CONTROL "Display pool content",IDC_DISPLAY_POOL_CONTENTS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,10,93,266,10
+ CONTROL "",IDC_SYS_POOL_CONTENTS,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,33,17,209,63,WS_EX_TRANSPARENT
+ LTEXT "IMPORTANT: Move your mouse as randomly as possible within this window. The longer you move it, the better. This significantly increases the cryptographic strength of the encryption keys. Then click Next to continue.",IDT_COLLECTING_RANDOM_DATA_NOTE,10,107,265,63
+ GROUPBOX "Current pool content (partial)",IDT_PARTIAL_POOL_CONTENTS,0,5,276,83
+ GROUPBOX "Randomness Collected From Mouse Movements",IDT_ENTROPY_BAR,0,174,276,18
+ CONTROL "",IDC_ENTROPY_BAR,"msctls_progress32",WS_BORDER,11,183,254,6
END
-IDD_SYSENC_MULTI_BOOT_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_MULTI_BOOT_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Single-boot",IDC_SINGLE_BOOT,"Button",BS_AUTORADIOBUTTON,0,7,212,10
- CONTROL "Multi-boot",IDC_MULTI_BOOT,"Button",BS_AUTORADIOBUTTON,0,53,217,10
- LTEXT "Select this option if there is only one operating system installed on this computer (even if it has multiple users).",IDT_SINGLE_BOOT,16,20,205,32
- LTEXT "Select this option if there are two or more operating systems installed on this computer.\n\nFor example:\n- Windows XP and Windows XP\n- Windows XP and Windows Vista\n- Windows and Mac OS X\n- Windows and Linux\n- Windows, Linux and Mac OS X",IDT_MULTI_BOOT,16,66,205,72
+ CONTROL "Single-boot",IDC_SINGLE_BOOT,"Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "Multi-boot",IDC_MULTI_BOOT,"Button",BS_AUTORADIOBUTTON,0,75,217,10
+ LTEXT "Select this option if there is only one operating system installed on this computer (even if it has multiple users).",IDT_SINGLE_BOOT,16,20,253,48
+ LTEXT "Select this option if there are two or more operating systems installed on this computer.\n\nFor example:\n- Windows XP and Windows XP\n- Windows XP and Windows Vista\n- Windows and Mac OS X\n- Windows and Linux\n- Windows, Linux and Mac OS X",IDT_MULTI_BOOT,16,89,253,90
END
-IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- LTEXT "Download CD/DVD recording software",IDC_DOWNLOAD_CD_BURN_SOFTWARE,0,136,217,10,SS_NOTIFY
- LTEXT "",IDT_RESCUE_DISK_BURN_INFO,0,4,225,128
+ LTEXT "Download CD/DVD recording software",IDC_DOWNLOAD_CD_BURN_SOFTWARE,0,159,273,10,SS_NOTIFY
+ LTEXT "",IDT_RESCUE_DISK_BURN_INFO,0,4,273,148
END
-IDD_SYSENC_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- COMBOBOX IDC_WIPE_MODE,61,0,127,90,CBS_DROPDOWNLIST | WS_TABSTOP
- RTEXT "Wipe mode:",IDT_WIPE_MODE,0,2,59,8,0,WS_EX_RIGHT
- LTEXT "",IDT_WIPE_MODE_INFO,0,19,225,128
+ COMBOBOX IDC_WIPE_MODE,88,0,138,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,0,2,83,8,0,WS_EX_RIGHT
+ LTEXT "",IDT_WIPE_MODE_INFO,0,19,269,167
END
-IDD_INPLACE_ENCRYPTION_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_INPLACE_ENCRYPTION_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- COMBOBOX IDC_WIPE_MODE,67,13,125,90,CBS_DROPDOWNLIST | WS_TABSTOP
- PUSHBUTTON "&Pause",IDC_PAUSE,169,40,50,14
- LTEXT "More information",IDC_MORE_INFO_SYS_ENCRYPTION,1,150,202,10,SS_NOTIFY
+ COMBOBOX IDC_WIPE_MODE,96,13,125,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ PUSHBUTTON "&Pause",IDC_PAUSE,204,40,63,14
+ LTEXT "More information",IDC_MORE_INFO_SYS_ENCRYPTION,1,176,266,10,SS_NOTIFY
LTEXT "",IDC_BYTESWRITTEN,29,58,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_WRITESPEED,103,58,46,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_TIMEREMAIN,177,58,42,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "Wipe mode:",IDT_WIPE_MODE,6,15,59,8,0,WS_EX_RIGHT
- CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,41,158,12
+ RTEXT "",IDC_WRITESPEED,110,58,56,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "",IDC_TIMEREMAIN,212,58,54,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,6,15,85,8,0,WS_EX_RIGHT
+ CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,41,192,12
RTEXT "Done",IDT_DONE,5,59,22,8
- RTEXT "Status",IDT_STATUS,72,59,29,8
- RTEXT "Left",IDT_LEFT,151,59,24,8
- LTEXT "",IDC_BOX_HELP,1,77,224,70
- GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,3,225,29
- GROUPBOX "",IDC_STATIC,0,32,225,41
+ RTEXT "Status",IDT_STATUS,73,59,33,8
+ RTEXT "Left",IDT_LEFT,172,59,35,8
+ LTEXT "",IDC_BOX_HELP,1,77,266,95
+ GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,3,267,29
+ GROUPBOX "",IDC_STATIC,0,32,267,41
END
-IDD_SYSENC_KEYS_GEN_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_KEYS_GEN_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
CONTROL "Display generated keys (their portions)",IDC_DISPLAY_KEYS,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,1,94,216,10
- CONTROL "",IDC_HEADER_KEY,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,57,71,163,8,WS_EX_TRANSPARENT
- LTEXT "",IDC_DISK_KEY,57,79,163,8,0,WS_EX_TRANSPARENT
- LTEXT "The keys, salt, and other data have been successfully generated. If you want to generate new keys, click Back and then Next. Otherwise, click Next to continue.",IDT_SYSENC_KEYS_GEN_INFO,1,23,224,41
- RTEXT "Header Key: ",IDT_HEADER_KEY,2,72,54,8
- RTEXT "Master Key: ",IDT_MASTER_KEY,2,80,54,8
- GROUPBOX "",-1,0,65,225,26
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,51,110,216,10
+ CONTROL "",IDC_HEADER_KEY,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,100,87,163,8,WS_EX_TRANSPARENT
+ LTEXT "",IDC_DISK_KEY,100,95,163,8,0,WS_EX_TRANSPARENT
+ LTEXT "The keys, salt, and other data have been successfully generated. If you want to generate new keys, click Back and then Next. Otherwise, click Next to continue.",IDT_SYSENC_KEYS_GEN_INFO,1,23,266,57
+ RTEXT "Header Key: ",IDT_HEADER_KEY,2,88,93,8
+ RTEXT "Master Key: ",IDT_MASTER_KEY,2,96,93,8
+ GROUPBOX "",-1,0,81,267,26
END
-IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "",IDC_CHOICE1,"Button",BS_AUTORADIOBUTTON,0,7,212,10
- CONTROL "",IDC_CHOICE2,"Button",BS_AUTORADIOBUTTON,0,17,217,10
- LTEXT "",IDC_BOX_HELP,1,34,220,112
+ CONTROL "",IDC_CHOICE1,"Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "",IDC_CHOICE2,"Button",BS_AUTORADIOBUTTON,0,17,269,10
+ LTEXT "",IDC_BOX_HELP,1,34,268,152
END
-IDD_SYSENC_DRIVE_ANALYSIS_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_DRIVE_ANALYSIS_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- LTEXT "",IDT_SYSENC_DRIVE_ANALYSIS_INFO,2,10,215,88
- CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,1,115,216,12
- LTEXT "Progress:",IDT_PROGRESS,2,104,57,8
+ LTEXT "",IDT_SYSENC_DRIVE_ANALYSIS_INFO,0,10,267,109
+ CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,0,135,267,12
+ LTEXT "Progress:",IDT_PROGRESS,2,124,172,8
END
-IDD_SYSENC_TYPE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_TYPE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Normal",IDC_SYSENC_NORMAL,"Button",BS_AUTORADIOBUTTON,0,7,212,10
- CONTROL "Hi&dden",IDC_SYSENC_HIDDEN,"Button",BS_AUTORADIOBUTTON,0,53,212,10
- LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,16,148,205,10,SS_NOTIFY
- LTEXT "",IDC_BOX_HELP_SYSENC_NORMAL,16,20,205,25
- LTEXT "",IDC_BOX_HELP,16,67,205,72
+ CONTROL "Normal",IDC_SYSENC_NORMAL,"Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "Hi&dden",IDC_SYSENC_HIDDEN,"Button",BS_AUTORADIOBUTTON,0,64,269,10
+ LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,16,173,253,10,SS_NOTIFY
+ LTEXT "",IDC_BOX_HELP_SYSENC_NORMAL,16,20,253,41
+ LTEXT "",IDC_BOX_HELP,16,78,253,90
END
-IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,0,150,217,10,SS_NOTIFY
- LTEXT "",IDC_BOX_HELP,0,2,225,142
+ LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,0,172,273,10,SS_NOTIFY
+ LTEXT "",IDC_BOX_HELP,0,2,273,166
END
-IDD_DEVICE_WIPE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_DEVICE_WIPE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- PUSHBUTTON "Abort",IDC_ABORT_BUTTON,169,48,50,14
+ PUSHBUTTON "Abort",IDC_ABORT_BUTTON,217,48,50,14
LTEXT "",IDC_BYTESWRITTEN,29,66,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_WRITESPEED,103,66,46,11,SS_CENTERIMAGE | NOT WS_VISIBLE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_TIMEREMAIN,177,66,42,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "Wipe mode:",IDT_WIPE_MODE,6,22,59,8,0,WS_EX_RIGHT
- CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,49,158,12
+ RTEXT "",IDC_WRITESPEED,119,66,46,11,SS_CENTERIMAGE | NOT WS_VISIBLE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "",IDC_TIMEREMAIN,219,66,48,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,6,22,92,8,0,WS_EX_RIGHT
+ CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,49,208,12
RTEXT "Done",IDT_DONE,5,67,22,8
- RTEXT "Pass",IDT_PASS,72,67,29,8,NOT WS_VISIBLE
- RTEXT "Left",IDT_LEFT,151,67,24,8
- LTEXT "",IDC_BOX_HELP,1,86,224,80
- GROUPBOX "",IDT_FORMAT_OPTIONS,0,10,225,29
- GROUPBOX "",IDC_STATIC,0,40,225,42
- LTEXT "",IDC_WIPE_MODE,67,21,125,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_STATICEDGE
+ RTEXT "Pass",IDT_PASS,73,67,44,8,NOT WS_VISIBLE
+ RTEXT "Left",IDT_LEFT,180,67,34,8
+ LTEXT "",IDC_BOX_HELP,1,96,266,91
+ GROUPBOX "",IDT_FORMAT_OPTIONS,0,10,267,29
+ GROUPBOX "",IDC_STATIC,0,40,267,42
+ LTEXT "",IDC_WIPE_MODE,101,21,125,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_STATICEDGE
END
-IDD_DEVICE_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_DEVICE_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- COMBOBOX IDC_WIPE_MODE,61,9,127,90,CBS_DROPDOWNLIST | WS_TABSTOP
- RTEXT "Wipe mode:",IDT_WIPE_MODE,0,11,59,8,0,WS_EX_RIGHT
- LTEXT "",IDT_WIPE_MODE_INFO,0,29,225,122
+ COMBOBOX IDC_WIPE_MODE,89,9,127,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,0,11,86,8,0,WS_EX_RIGHT
+ LTEXT "",IDT_WIPE_MODE_INFO,0,29,269,157
END
-IDD_DEVICE_TRANSFORM_MODE_DLG DIALOGEX 0, 0, 226, 172
+IDD_DEVICE_TRANSFORM_MODE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Create encrypted volume and format it",IDC_DEVICE_TRANSFORM_MODE_FORMAT,
- "Button",BS_AUTORADIOBUTTON,0,8,217,10
+ "Button",BS_AUTORADIOBUTTON,0,8,269,10
CONTROL "Encrypt partition in place",IDC_DEVICE_TRANSFORM_MODE_INPLACE,
- "Button",BS_AUTORADIOBUTTON,0,98,217,10
- LTEXT "",IDC_BOX_HELP,16,21,205,74
- LTEXT "",IDC_BOX_HELP2,16,112,205,53
+ "Button",BS_AUTORADIOBUTTON,0,111,269,10
+ LTEXT "",IDC_BOX_HELP,16,21,253,84
+ LTEXT "",IDC_BOX_HELP2,16,125,253,61
END
-IDD_EXPANDED_LIST_SELECT_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_EXPANDED_LIST_SELECT_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "",IDC_BOX_HELP,0,107,225,58
- LISTBOX IDC_LIST_BOX,0,3,222,100,LBS_NOINTEGRALHEIGHT | LBS_DISABLENOSCROLL | WS_VSCROLL
+ LTEXT "",IDC_BOX_HELP,0,117,269,69
+ LISTBOX IDC_LIST_BOX,0,3,269,107,LBS_NOINTEGRALHEIGHT | LBS_DISABLENOSCROLL | WS_VSCROLL
END
-IDD_DRIVE_LETTER_SELECTION_PAGE DIALOGEX 0, 0, 226, 172
+IDD_DRIVE_LETTER_SELECTION_PAGE DIALOGEX 0, 0, 277, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "",IDC_BOX_HELP,0,40,225,118
- COMBOBOX IDC_DRIVE_LETTER_LIST,94,15,38,69,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
- RTEXT "Drive letter:",IDT_DRIVE_LETTER,5,17,86,8
+ LTEXT "",IDC_BOX_HELP,0,40,270,146
+ COMBOBOX IDC_DRIVE_LETTER_LIST,115,15,38,69,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ RTEXT "Drive letter:",IDT_DRIVE_LETTER,5,17,106,8
END
-IDD_PIM_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_PIM_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_PIM,53,0,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER
- LTEXT "",IDC_BOX_HELP,0,32,225,126
- RTEXT "Volume PIM:",IDT_PIM,1,3,50,8
- LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,97,3,126,8
- LTEXT "Information on PIM",IDC_LINK_PIM_INFO,0,161,213,8,SS_NOTIFY
- CONTROL "Display PIM",IDC_SHOW_PIM,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,17,150,10
+ EDITTEXT IDC_PIM,74,0,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER
+ LTEXT "",IDC_BOX_HELP,0,32,273,142
+ RTEXT "Volume PIM:",IDT_PIM,1,3,69,8
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,120,3,153,8
+ LTEXT "Information on PIM",IDC_LINK_PIM_INFO,0,179,273,8,SS_NOTIFY
+ CONTROL "Display PIM",IDC_SHOW_PIM,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,74,17,196,10
END
@@ -491,40 +491,38 @@ GUIDELINES DESIGNINFO
BEGIN
IDD_VOL_CREATION_WIZARD_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 393
+ RIGHTMARGIN, 443
TOPMARGIN, 1
- BOTTOMMARGIN, 227
- HORZGUIDE, 216
+ BOTTOMMARGIN, 248
+ HORZGUIDE, 241
END
IDD_CIPHER_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 161
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 182
END
IDD_PASSWORD_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 143
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 192
END
IDD_SIZE_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 165
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 186
END
IDD_VOLUME_LOCATION_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 167
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 188
END
IDD_FORMAT_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 153
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -532,67 +530,65 @@ BEGIN
IDD_INTRO_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_INFO_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_HIDVOL_HOST_FILL_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_HIDDEN_VOL_WIZARD_MODE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_PASSWORD_ENTRY_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 143
+ RIGHTMARGIN, 273
END
IDD_VOLUME_TYPE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_SYSENC_SPAN_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_SYSENC_RESCUE_DISK_CREATION_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 167
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 188
END
IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 153
+ BOTTOMMARGIN, 174
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -600,37 +596,37 @@ BEGIN
IDD_SYSENC_MULTI_BOOT_MODE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 167
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 188
END
IDD_SYSENC_WIPE_MODE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_INPLACE_ENCRYPTION_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 166
+ RIGHTMARGIN, 267
+ BOTTOMMARGIN, 187
HORZGUIDE, 80
HORZGUIDE, 96
END
IDD_SYSENC_KEYS_GEN_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 153
+ RIGHTMARGIN, 267
+ BOTTOMMARGIN, 174
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -638,15 +634,15 @@ BEGIN
IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_SYSENC_DRIVE_ANALYSIS_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 153
+ RIGHTMARGIN, 267
+ BOTTOMMARGIN, 174
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -654,21 +650,21 @@ BEGIN
IDD_SYSENC_TYPE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 167
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 188
END
IDD_DEVICE_WIPE_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 166
+ RIGHTMARGIN, 267
+ BOTTOMMARGIN, 187
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -676,39 +672,39 @@ BEGIN
IDD_DEVICE_WIPE_MODE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_DEVICE_TRANSFORM_MODE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_EXPANDED_LIST_SELECT_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_DRIVE_LETTER_SELECTION_PAGE, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 270
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_PIM_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 171
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 192
END
END
#endif // APSTUDIO_INVOKED
diff --git a/src/Format/InPlace.c b/src/Format/InPlace.c
index 7117a8a..4a16fd4 100644
--- a/src/Format/InPlace.c
+++ b/src/Format/InPlace.c
@@ -774,6 +774,9 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
int pim = volParams->pim;
DISK_GEOMETRY driveGeometry;
HWND hwndDlg = volParams->hwndDlg;
+#ifdef _WIN64
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
bInPlaceEncNonSysResumed = TRUE;
@@ -870,7 +873,7 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
goto closing_seq;
#ifdef _WIN64
- if (IsRamEncryptionEnabled ())
+ if (bIsRamEncryptionEnabled)
{
VcProtectKeys (masterCryptoInfo, VcGetEncryptionID (masterCryptoInfo));
VcProtectKeys (headerCryptoInfo, VcGetEncryptionID (headerCryptoInfo));
@@ -1097,6 +1100,19 @@ inplace_enc_read:
{
PCRYPTO_INFO dummyInfo = NULL;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+ PCRYPTO_INFO cryptoInfoBackup = NULL;
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof(tmpCI));
+ memcpy (&tmpCI, masterCryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (masterCryptoInfo));
+ cryptoInfoBackup = masterCryptoInfo;
+ masterCryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
header,
headerCryptoInfo->ea,
@@ -1115,6 +1131,15 @@ inplace_enc_read:
masterCryptoInfo->SectorSize,
wipeAlgorithm == TC_WIPE_NONE ? FALSE : (wipePass < PRAND_HEADER_WIPE_PASSES - 1));
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ masterCryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof(tmpCI));
+ }
+#endif
+
if (nStatus != ERR_SUCCESS)
goto closing_seq;
@@ -1128,9 +1153,28 @@ inplace_enc_read:
goto closing_seq;
}
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof(tmpCI));
+ memcpy (&tmpCI, headerCryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (headerCryptoInfo));
+ cryptoInfoBackup = headerCryptoInfo;
+ headerCryptoInfo = &tmpCI;
+ }
+#endif
// Fill the reserved sectors of the header area with random data
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, headerCryptoInfo, masterCryptoInfo->VolumeSize.Value, TRUE, FALSE);
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ headerCryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof(tmpCI));
+ }
+#endif
+
if (nStatus != ERR_SUCCESS)
goto closing_seq;
@@ -1290,6 +1334,9 @@ int DecryptPartitionInPlace (volatile FORMAT_VOL_PARAMETERS *volParams, volatile
int pkcs5_prf = volParams->pkcs5;
int pim = volParams->pim;
DISK_GEOMETRY driveGeometry;
+#ifdef _WIN64
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
buf = (char *) TCalloc (TC_MAX_NONSYS_INPLACE_ENC_WORK_CHUNK_SIZE);
@@ -1397,7 +1444,7 @@ int DecryptPartitionInPlace (volatile FORMAT_VOL_PARAMETERS *volParams, volatile
goto closing_seq;
#ifdef _WIN64
- if (IsRamEncryptionEnabled ())
+ if (bIsRamEncryptionEnabled)
{
VcProtectKeys (masterCryptoInfo, VcGetEncryptionID (masterCryptoInfo));
VcProtectKeys (headerCryptoInfo, VcGetEncryptionID (headerCryptoInfo));
@@ -1799,6 +1846,9 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN
uint32 headerCrc32;
byte *fieldPos;
PCRYPTO_INFO pCryptoInfo = headerCryptoInfo;
+#ifdef _WIN64
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
header = (byte *) TCalloc (TC_VOLUME_HEADER_EFFECTIVE_SIZE);
@@ -1820,7 +1870,7 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN
}
#ifdef _WIN64
- if (IsRamEncryptionEnabled())
+ if (bIsRamEncryptionEnabled)
{
pCryptoInfo = crypto_open();
if (!pCryptoInfo)
@@ -1874,7 +1924,7 @@ closing_seq:
dwError = GetLastError();
#ifdef _WIN64
- if (IsRamEncryptionEnabled() && pCryptoInfo)
+ if (bIsRamEncryptionEnabled && pCryptoInfo)
{
crypto_close(pCryptoInfo);
}
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index 0841aaa..a855408 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -250,6 +250,7 @@ int CmdVolumeFilesystem = FILESYS_NONE;
unsigned __int64 CmdVolumeFileSize = 0;
BOOL CmdSparseFileSwitch = FALSE;
BOOL CmdQuickFormat = FALSE;
+BOOL CmdFastCreateFile = FALSE;
BOOL bForceOperation = FALSE;
@@ -259,6 +260,8 @@ BOOL bGuiMode = TRUE;
BOOL bSystemIsGPT = FALSE;
+KeyFile *FirstCmdKeyFile = NULL;
+
int nPbar = 0; /* Control ID of progress bar:- for format code */
wchar_t HeaderKeyGUIView [KEY_GUI_VIEW_SIZE];
@@ -282,6 +285,7 @@ BOOL bDisplayPoolContents = TRUE;
volatile BOOL bSparseFileSwitch = FALSE;
volatile BOOL quickFormat = FALSE;
+volatile BOOL fastCreateFile = FALSE;
volatile BOOL dynamicFormat = FALSE; /* this variable represents the sparse file flag. */
volatile int fileSystem = FILESYS_NONE;
volatile int clusterSize = 0;
@@ -486,6 +490,8 @@ static void localcleanup (void)
burn (szFileName, sizeof(szFileName));
burn (szDiskFile, sizeof(szDiskFile));
+ KeyFileRemoveAll (&FirstCmdKeyFile);
+
// Attempt to wipe the GUI fields showing portions of randpool, of the master and header keys
wmemset (tmp, L'X', ARRAYSIZE(tmp));
tmp [ARRAYSIZE(tmp)-1] = 0;
@@ -2635,6 +2641,7 @@ static void __cdecl volTransformThreadFunction (void *hwndDlgArg)
volParams->clusterSize = clusterSize;
volParams->sparseFileSwitch = dynamicFormat;
volParams->quickFormat = quickFormat;
+ volParams->fastCreateFile = fastCreateFile;
volParams->sectorSize = GetFormatSectorSize();
volParams->realClusterSize = &realClusterSize;
volParams->password = &volumePassword;
@@ -3313,6 +3320,12 @@ BOOL IsSparseFile (HWND hwndDlg)
if (bPreserveTimestamp)
{
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (hFile, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (hFile, NULL, &ftLastAccessTime, NULL) == 0)
bTimeStampValid = FALSE;
else
@@ -3352,6 +3365,12 @@ BOOL GetFileVolSize (HWND hwndDlg, unsigned __int64 *size)
if (bPreserveTimestamp)
{
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (hFile, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (hFile, NULL, &ftLastAccessTime, NULL) == 0)
bTimeStampValid = FALSE;
else
@@ -4391,7 +4410,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetCheckBox (hwndDlg, IDC_PIM_ENABLE, PimEnable);
SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable && !SysEncInEffect());
- EnableWindow (GetDlgItem (hwndDlg, IDC_KEY_FILES), KeyFilesEnable);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEY_FILES), KeyFilesEnable && !SysEncInEffect());
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEYFILES_ENABLE), !SysEncInEffect());
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), str);
@@ -4546,6 +4566,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (hwndDlg, IDT_RESCUE_DISK_INFO), bSystemIsGPT? GetString ("RESCUE_DISK_EFI_INFO"): GetString ("RESCUE_DISK_INFO"));
+ SetCheckBox (hwndDlg, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk);
SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
@@ -6128,6 +6149,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
ExtractCommandLine (hwndDlg, (wchar_t *) lParam);
+ if (EnableMemoryProtection)
+ {
+ /* Protect this process memory from being accessed by non-admin users */
+ EnableProcessProtection ();
+ }
+
if (ComServerMode)
{
InitDialog (hwndDlg);
@@ -6140,6 +6167,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
exit (0);
}
+ fastCreateFile = CmdFastCreateFile;
+
if (DirectCreationMode)
{
wchar_t root[TC_MAX_PATH];
@@ -6151,7 +6180,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
showKeys = FALSE;
bGuiMode = FALSE;
- if (CmdVolumePassword.Length == 0)
+ if (CmdVolumePassword.Length == 0 && !FirstCmdKeyFile)
AbortProcess ("ERR_PASSWORD_MISSING");
if (CmdVolumeFileSize == 0)
@@ -6242,7 +6271,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
else
{
- if (!dynamicFormat && (nVolumeSize > free.QuadPart))
+ if (!dynamicFormat && !bDontCheckFileContainerSize && (nVolumeSize > free.QuadPart))
{
AbortProcess ("ERR_CONTAINER_SIZE_TOO_BIG");
}
@@ -6306,6 +6335,11 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
}
+ if (!KeyFilesApply (hwndDlg, &volumePassword, FirstCmdKeyFile, NULL))
+ {
+ exit (1);
+ }
+
volTransformThreadFunction (hwndDlg);
exit (bOperationSuccess? 0 : 1);
@@ -8981,6 +9015,10 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionForce,
OptionNoSizeCheck,
OptionQuickFormat,
+ OptionFastCreateFile,
+ OptionEnableMemoryProtection,
+ OptionKeyfile,
+ OptionSecureDesktop,
};
argument args[]=
@@ -9003,6 +9041,10 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionForce, L"/force", NULL, FALSE },
{ OptionNoSizeCheck, L"/nosizecheck", NULL, FALSE },
{ OptionQuickFormat, L"/quick", NULL, FALSE },
+ { OptionFastCreateFile, L"/fastcreatefile", NULL, FALSE },
+ { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE },
+ { OptionKeyfile, L"/keyfile", L"/k", FALSE },
+ { OptionSecureDesktop, L"/secureDesktop", NULL, FALSE },
// Internal
{ CommandResumeSysEncLogOn, L"/acsysenc", L"/a", TRUE },
@@ -9359,6 +9401,14 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
CmdQuickFormat = TRUE;
break;
+ case OptionFastCreateFile:
+ CmdFastCreateFile = TRUE;
+ break;
+
+ case OptionEnableMemoryProtection:
+ EnableMemoryProtection = TRUE;
+ break;
+
case OptionHistory:
{
wchar_t szTmp[8] = {0};
@@ -9413,6 +9463,46 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
}
break;
+ case OptionKeyfile:
+ {
+ wchar_t tmpPath [2 * TC_MAX_PATH] = {0};
+ if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs, &i,
+ nNoCommandLineArgs, tmpPath, ARRAYSIZE (tmpPath)))
+ {
+ KeyFile *kf;
+ RelativePath2Absolute (tmpPath);
+ kf = (KeyFile *) malloc (sizeof (KeyFile));
+ if (kf)
+ {
+ StringCchCopyW (kf->FileName, ARRAYSIZE(kf->FileName), tmpPath);
+ FirstCmdKeyFile = KeyFileAdd (FirstCmdKeyFile, kf);
+ }
+ }
+ else
+ AbortProcess ("COMMAND_LINE_ERROR");
+ }
+
+ break;
+
+ case OptionSecureDesktop:
+ {
+ wchar_t szTmp[16] = {0};
+ bCmdUseSecureDesktop = TRUE;
+ bCmdUseSecureDesktopValid = TRUE;
+
+ if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs, &i, nNoCommandLineArgs,
+ szTmp, ARRAYSIZE (szTmp)))
+ {
+ if (!_wcsicmp(szTmp,L"n") || !_wcsicmp(szTmp,L"no"))
+ bCmdUseSecureDesktop = FALSE;
+ else if (!_wcsicmp(szTmp,L"y") || !_wcsicmp(szTmp,L"yes"))
+ bCmdUseSecureDesktop = TRUE;
+ else
+ AbortProcess ("COMMAND_LINE_ERROR");
+ }
+ }
+ break;
+
default:
DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_COMMANDHELP_DLG), hwndDlg, (DLGPROC)
CommandHelpDlgProc, (LPARAM) &as);
diff --git a/src/Format/VeraCrypt_Wizard.bmp b/src/Format/VeraCrypt_Wizard.bmp
index 27b4b0b..24f3028 100644
--- a/src/Format/VeraCrypt_Wizard.bmp
+++ b/src/Format/VeraCrypt_Wizard.bmp
Binary files differ
diff --git a/src/Main/CommandLineInterface.cpp b/src/Main/CommandLineInterface.cpp
index 68d308f..b5f18dd 100644
--- a/src/Main/CommandLineInterface.cpp
+++ b/src/Main/CommandLineInterface.cpp
@@ -30,6 +30,11 @@ namespace VeraCrypt
ArgSize (0),
ArgVolumeType (VolumeType::Unknown),
ArgTrueCryptMode (false),
+ ArgDisableFileSizeCheck (false),
+ ArgUseLegacyPassword (false),
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ ArgUseDummySudoPassword (false),
+#endif
StartBackgroundTask (false)
{
wxCmdLineParser parser;
@@ -96,7 +101,11 @@ namespace VeraCrypt
parser.AddOption (L"", L"volume-type", _("Volume type"));
parser.AddParam ( _("Volume path"), wxCMD_LINE_VAL_STRING, wxCMD_LINE_PARAM_OPTIONAL);
parser.AddParam ( _("Mount point"), wxCMD_LINE_VAL_STRING, wxCMD_LINE_PARAM_OPTIONAL);
-
+ parser.AddSwitch (L"", L"no-size-check", _("Disable check of container size against disk free space."));
+ parser.AddSwitch (L"", L"legacy-password-maxlength", _("Use legacy maximum password length (64 UTF-8 bytes)"));
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ parser.AddSwitch (L"", L"use-dummy-sudo-password", _("Use dummy password in sudo to detect if it is already authenticated"));
+#endif
wxString str;
bool param1IsVolume = false;
bool param1IsMountedVolumeSpec = false;
@@ -319,6 +328,8 @@ namespace VeraCrypt
}
else if (str.IsSameAs (L"exFAT", false))
ArgFilesystem = VolumeCreationOptions::FilesystemType::exFAT;
+ else if (str.IsSameAs (L"APFS", false))
+ ArgFilesystem = VolumeCreationOptions::FilesystemType::APFS;
#elif defined (TC_FREEBSD) || defined (TC_SOLARIS)
else if (str.IsSameAs (L"UFS", false))
ArgFilesystem = VolumeCreationOptions::FilesystemType::UFS;
@@ -331,6 +342,11 @@ namespace VeraCrypt
ArgForce = parser.Found (L"force");
ArgTrueCryptMode = parser.Found (L"truecrypt");
+ ArgDisableFileSizeCheck = parser.Found (L"no-size-check");
+ ArgUseLegacyPassword = parser.Found (L"legacy-password-maxlength") || ArgTrueCryptMode;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ ArgUseDummySudoPassword = parser.Found (L"use-dummy-sudo-password");
+#endif
#if !defined(TC_WINDOWS) && !defined(TC_MACOSX)
if (parser.Found (L"fs-options", &str))
@@ -402,7 +418,7 @@ namespace VeraCrypt
ArgNewKeyfiles = ToKeyfileList (str);
if (parser.Found (L"new-password", &str))
- ArgNewPassword = ToUTF8Password (str.c_str());
+ ArgNewPassword = ToUTF8Password (str.c_str(), -1, ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
if (parser.Found (L"new-pim", &str))
{
@@ -441,7 +457,7 @@ namespace VeraCrypt
{
if (Preferences.UseStandardInput)
throw_err (L"--password cannot be used with --stdin");
- ArgPassword = ToUTF8Password (str.c_str());
+ ArgPassword = ToUTF8Password (str.c_str(), -1, ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
}
if (parser.Found (L"pim", &str))
@@ -482,7 +498,7 @@ namespace VeraCrypt
if (parser.Found (L"protection-password", &str))
{
- ArgMountOptions.ProtectionPassword = ToUTF8Password (str.c_str());
+ ArgMountOptions.ProtectionPassword = ToUTF8Password (str.c_str(), -1, ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
ArgMountOptions.Protection = VolumeProtection::HiddenVolumeReadOnly;
}
@@ -596,7 +612,7 @@ namespace VeraCrypt
if (parser.Found (L"token-pin", &str) && !str.IsEmpty ())
{
- ArgTokenPin = ToUTF8Buffer (str.c_str(), str.Len ());
+ ArgTokenPin = ToUTF8Buffer (str.c_str(), str.Len (), ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
}
if (parser.Found (L"verbose"))
@@ -771,18 +787,18 @@ namespace VeraCrypt
return filteredVolumes;
}
- shared_ptr<VolumePassword> ToUTF8Password (const wchar_t* str, size_t charCount)
+ shared_ptr<VolumePassword> ToUTF8Password (const wchar_t* str, size_t charCount, size_t maxUtf8Len)
{
if (charCount > 0)
{
- shared_ptr<SecureBuffer> utf8Buffer = ToUTF8Buffer (str, charCount);
+ shared_ptr<SecureBuffer> utf8Buffer = ToUTF8Buffer (str, charCount, maxUtf8Len);
return shared_ptr<VolumePassword>(new VolumePassword (*utf8Buffer));
}
else
return shared_ptr<VolumePassword>(new VolumePassword ());
}
- shared_ptr<SecureBuffer> ToUTF8Buffer (const wchar_t* str, size_t charCount)
+ shared_ptr<SecureBuffer> ToUTF8Buffer (const wchar_t* str, size_t charCount, size_t maxUtf8Len)
{
if (charCount == (size_t) -1)
charCount = wcslen (str);
@@ -797,8 +813,13 @@ namespace VeraCrypt
ulen = utf8.FromWChar ((char*) (byte*) passwordBuf, ulen, str, charCount);
if (wxCONV_FAILED == ulen)
throw PasswordUTF8Invalid (SRC_POS);
- if (ulen > VolumePassword::MaxSize)
- throw PasswordUTF8TooLong (SRC_POS);
+ if (ulen > maxUtf8Len)
+ {
+ if (maxUtf8Len == VolumePassword::MaxLegacySize)
+ throw PasswordLegacyUTF8TooLong (SRC_POS);
+ else
+ throw PasswordUTF8TooLong (SRC_POS);
+ }
ConstBufferPtr utf8Buffer ((byte*) passwordBuf, ulen);
return shared_ptr<SecureBuffer>(new SecureBuffer (utf8Buffer));
diff --git a/src/Main/CommandLineInterface.h b/src/Main/CommandLineInterface.h
index cc4c317..00dabfd 100644
--- a/src/Main/CommandLineInterface.h
+++ b/src/Main/CommandLineInterface.h
@@ -83,6 +83,11 @@ namespace VeraCrypt
VolumeType::Enum ArgVolumeType;
bool ArgTrueCryptMode;
shared_ptr<SecureBuffer> ArgTokenPin;
+ bool ArgDisableFileSizeCheck;
+ bool ArgUseLegacyPassword;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ bool ArgUseDummySudoPassword;
+#endif
bool StartBackgroundTask;
UserPreferences Preferences;
@@ -97,8 +102,8 @@ namespace VeraCrypt
CommandLineInterface &operator= (const CommandLineInterface &);
};
- shared_ptr<VolumePassword> ToUTF8Password (const wchar_t* str, size_t charCount = (size_t) -1);
- shared_ptr<SecureBuffer> ToUTF8Buffer (const wchar_t* str, size_t charCount = (size_t) -1);
+ shared_ptr<VolumePassword> ToUTF8Password (const wchar_t* str, size_t charCount, size_t maxUtf8Len);
+ shared_ptr<SecureBuffer> ToUTF8Buffer (const wchar_t* str, size_t charCount, size_t maxUtf8Len);
extern auto_ptr <CommandLineInterface> CmdLine;
}
diff --git a/src/Main/Forms/AboutDialog.cpp b/src/Main/Forms/AboutDialog.cpp
index 60edc58..300db72 100644
--- a/src/Main/Forms/AboutDialog.cpp
+++ b/src/Main/Forms/AboutDialog.cpp
@@ -57,7 +57,7 @@ namespace VeraCrypt
L"Paulo Barreto, Brian Gladman, Wei Dai, Peter Gutmann, and many others.\n\n"
L"Portions of this software:\n"
- L"Copyright \xA9 2013-2019 IDRIX. All rights reserved.\n"
+ L"Copyright \xA9 2013-2020 IDRIX. All rights reserved.\n"
L"Copyright \xA9 2003-2012 TrueCrypt Developers Association. All Rights Reserved.\n"
L"Copyright \xA9 1998-2000 Paul Le Roux. All Rights Reserved.\n"
L"Copyright \xA9 1998-2008 Brian Gladman. All Rights Reserved.\n"
@@ -66,10 +66,10 @@ namespace VeraCrypt
L"Copyright \xA9 1999-2017 Dieter Baron and Thomas Klausner.\n"
L"Copyright \xA9 2013, Alexey Degtyarev. All rights reserved.\n"
L"Copyright \xA9 1999-2016 Jack Lloyd. All rights reserved.\n"
- L"Copyright \xA9 2013-2018 Stephan Mueller <smueller@chronox.de>\n\n"
+ L"Copyright \xA9 2013-2019 Stephan Mueller <smueller@chronox.de>\n\n"
L"\nThis software as a whole:\n"
- L"Copyright \xA9 2013-2019 IDRIX. All rights reserved.\n\n"
+ L"Copyright \xA9 2013-2020 IDRIX. All rights reserved.\n\n"
L"This software uses wxWidgets library, which is copyright \xA9 1998-2011 Julian Smart, Robert Roebling et al.\n\n"
diff --git a/src/Main/Forms/DeviceSelectionDialog.cpp b/src/Main/Forms/DeviceSelectionDialog.cpp
index c3a3d84..c886e18 100644
--- a/src/Main/Forms/DeviceSelectionDialog.cpp
+++ b/src/Main/Forms/DeviceSelectionDialog.cpp
@@ -48,13 +48,31 @@ namespace VeraCrypt
foreach_ref (HostDevice &device, DeviceList)
{
- if (device.Size == 0)
- continue;
-
vector <wstring> fields (DeviceListCtrl->GetColumnCount());
-
+
if (DeviceListCtrl->GetItemCount() > 0)
Gui->AppendToListCtrl (DeviceListCtrl, fields);
+
+ // i.e. /dev/rdisk0 might have size = 0 in case open() fails because, for example on OSX,
+ // SIP is enabled on the machine ;
+ // This does not mean that it does not have partitions that have been successfully opened
+ // and have a size != 0 ;
+ // Therefore, we do not show the device ONLY if it does not have partitions with size != 0 ;
+ if (device.Size == 0)
+ {
+ bool bHasNonEmptyPartition = false;
+ foreach_ref (HostDevice &partition, device.Partitions)
+ {
+ if (partition.Size)
+ {
+ bHasNonEmptyPartition = true;
+ break;
+ }
+ }
+
+ if (!bHasNonEmptyPartition)
+ continue;
+ }
#ifdef TC_WINDOWS
fields[ColumnDevice] = StringFormatter (L"{0} {1}:", _("Harddisk"), device.SystemNumber);
@@ -64,11 +82,20 @@ namespace VeraCrypt
fields[ColumnDevice] = wstring (device.Path) + L":";
fields[ColumnMountPoint] = device.MountPoint;
#endif
- fields[ColumnSize] = Gui->SizeToString (device.Size);
+ // If the size of the device is 0, we do not show the size to avoid confusing the user ;
+ if (device.Size)
+ fields[ColumnSize] = Gui->SizeToString (device.Size);
+ else
+ fields[ColumnSize] = L"";
Gui->AppendToListCtrl (DeviceListCtrl, fields, 0, &device);
foreach_ref (HostDevice &partition, device.Partitions)
{
+ // If a partition's size is 0, there is no need to show it in the list
+ // since this means it is not usable (i.e on OSX, because of SIP enabled in the machine) ;
+ if (!partition.Size)
+ continue;
+
fields[ColumnDevice] =
#ifndef TC_WINDOWS
wstring (L" ") +
@@ -113,7 +140,8 @@ namespace VeraCrypt
void DeviceSelectionDialog::OnListItemSelected (wxListEvent& event)
{
HostDevice *device = (HostDevice *) (event.GetItem().GetData());
- if (device)
+ // If a device's size is 0, we do not enable the 'OK' button since it is not usable
+ if (device && device->Size)
{
SelectedDevice = *device;
StdButtonsOK->Enable();
diff --git a/src/Main/Forms/EncryptionOptionsWizardPage.cpp b/src/Main/Forms/EncryptionOptionsWizardPage.cpp
index e20a659..0d899fb 100644
--- a/src/Main/Forms/EncryptionOptionsWizardPage.cpp
+++ b/src/Main/Forms/EncryptionOptionsWizardPage.cpp
@@ -24,6 +24,9 @@ namespace VeraCrypt
: EncryptionOptionsWizardPageBase (parent)
{
+#ifdef TC_MACOSX
+ EncryptionAlgorithmStaticText->Connect( wxEVT_SIZE, wxSizeEventHandler( EncryptionOptionsWizardPage::HandleOnSize ), NULL, this );
+#endif
EncryptionAlgorithms = EncryptionAlgorithm::GetAvailableAlgorithms();
foreach (shared_ptr <EncryptionAlgorithm> ea, EncryptionAlgorithms)
{
@@ -45,6 +48,21 @@ namespace VeraCrypt
}
+#ifdef TC_MACOSX
+ EncryptionOptionsWizardPage::~EncryptionOptionsWizardPage()
+ {
+ EncryptionAlgorithmStaticText->Disconnect( wxEVT_SIZE, wxSizeEventHandler( EncryptionOptionsWizardPage::HandleOnSize ), NULL, this );
+ }
+
+ void EncryptionOptionsWizardPage::HandleOnSize( wxSizeEvent& event )
+ {
+ int width, height;
+ EncryptionAlgorithmStaticText->GetClientSize (&width, &height);
+ EncryptionAlgorithmStaticText->Wrap (width);
+ event.Skip();
+ }
+#endif
+
shared_ptr <EncryptionAlgorithm> EncryptionOptionsWizardPage::GetEncryptionAlgorithm () const
{
return Gui->GetSelectedData <EncryptionAlgorithm> (EncryptionAlgorithmChoice)->GetNew();
diff --git a/src/Main/Forms/EncryptionOptionsWizardPage.h b/src/Main/Forms/EncryptionOptionsWizardPage.h
index b8d42d7..fbc63f9 100644
--- a/src/Main/Forms/EncryptionOptionsWizardPage.h
+++ b/src/Main/Forms/EncryptionOptionsWizardPage.h
@@ -22,6 +22,9 @@ namespace VeraCrypt
public:
EncryptionOptionsWizardPage (wxPanel* parent);
+#ifdef TC_MACOSX
+ ~EncryptionOptionsWizardPage ();
+#endif
shared_ptr <EncryptionAlgorithm> GetEncryptionAlgorithm () const;
shared_ptr <Hash> GetHash () const;
bool IsValid () { return true; }
@@ -37,6 +40,9 @@ namespace VeraCrypt
void OnHashHyperlinkClick (wxHyperlinkEvent& event);
void OnTestButtonClick (wxCommandEvent& event);
+#ifdef TC_MACOSX
+ void HandleOnSize( wxSizeEvent& event );
+#endif
EncryptionAlgorithmList EncryptionAlgorithms;
HashList Hashes;
};
diff --git a/src/Main/Forms/Forms.cpp b/src/Main/Forms/Forms.cpp
index ad1a3ee..c0a4070 100644
--- a/src/Main/Forms/Forms.cpp
+++ b/src/Main/Forms/Forms.cpp
@@ -328,7 +328,7 @@ MainFrameBase::MainFrameBase( wxWindow* parent, wxWindowID id, const wxString& t
VolumeStaticBoxSizer->Add( VolumeGridBagSizer, 1, wxEXPAND|wxALL, 4 );
- LowStaticBoxSizer->Add( VolumeStaticBoxSizer, 1, wxEXPAND, 5 );
+ LowStaticBoxSizer->Add( VolumeStaticBoxSizer, 1, wxEXPAND|wxALL, 5 );
LowStaticBoxSizer->Add( 0, 0, 0, 0, 5 );
@@ -344,46 +344,49 @@ MainFrameBase::MainFrameBase( wxWindow* parent, wxWindowID id, const wxString& t
VolumeButton->SetDefault();
VolumeButton->SetMinSize( wxSize( -1,32 ) );
- sbSizer4->Add( VolumeButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP, 2 );
+ sbSizer4->Add( VolumeButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL, 2 );
gSizer2->Add( sbSizer4, 1, wxEXPAND, 0 );
wxStaticBoxSizer* sbSizer41;
sbSizer41 = new wxStaticBoxSizer( new wxStaticBox( MainPanel, wxID_ANY, wxEmptyString ), wxVERTICAL );
+ sbSizer41->SetMinSize( wxSize( 139,-1 ) );
MountAllDevicesButton = new wxButton( MainPanel, wxID_ANY, _("&Auto-Mount Devices"), wxDefaultPosition, wxDefaultSize, 0 );
MountAllDevicesButton->SetMinSize( wxSize( -1,32 ) );
- sbSizer41->Add( MountAllDevicesButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP, 2 );
+ sbSizer41->Add( MountAllDevicesButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL, 2 );
- gSizer2->Add( sbSizer41, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND, 5 );
+ gSizer2->Add( sbSizer41, 1, wxEXPAND, 5 );
wxStaticBoxSizer* sbSizer42;
sbSizer42 = new wxStaticBoxSizer( new wxStaticBox( MainPanel, wxID_ANY, wxEmptyString ), wxVERTICAL );
+ sbSizer42->SetMinSize( wxSize( 139,-1 ) );
DismountAllButton = new wxButton( MainPanel, wxID_ANY, _("Di&smount All"), wxDefaultPosition, wxDefaultSize, 0 );
DismountAllButton->SetMinSize( wxSize( -1,32 ) );
- sbSizer42->Add( DismountAllButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP, 2 );
+ sbSizer42->Add( DismountAllButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL, 2 );
- gSizer2->Add( sbSizer42, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND, 5 );
+ gSizer2->Add( sbSizer42, 1, wxEXPAND, 5 );
wxStaticBoxSizer* sbSizer43;
sbSizer43 = new wxStaticBoxSizer( new wxStaticBox( MainPanel, wxID_ANY, wxEmptyString ), wxVERTICAL );
+ sbSizer43->SetMinSize( wxSize( 139,-1 ) );
ExitButton = new wxButton( MainPanel, wxID_ANY, _("E&xit"), wxDefaultPosition, wxDefaultSize, 0 );
ExitButton->SetMinSize( wxSize( -1,32 ) );
- sbSizer43->Add( ExitButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP, 2 );
+ sbSizer43->Add( ExitButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL, 2 );
- gSizer2->Add( sbSizer43, 1, wxALIGN_RIGHT|wxEXPAND, 5 );
+ gSizer2->Add( sbSizer43, 1, wxEXPAND, 5 );
- LowStaticBoxSizer->Add( gSizer2, 0, wxEXPAND, 5 );
+ LowStaticBoxSizer->Add( gSizer2, 0, wxEXPAND|wxALL, 5 );
bSizer48->Add( LowStaticBoxSizer, 0, wxEXPAND, 5 );
diff --git a/src/Main/Forms/KeyfilesPanel.cpp b/src/Main/Forms/KeyfilesPanel.cpp
index 71077e8..c1f26d8 100644
--- a/src/Main/Forms/KeyfilesPanel.cpp
+++ b/src/Main/Forms/KeyfilesPanel.cpp
@@ -59,10 +59,8 @@ namespace VeraCrypt
SetDropTarget (new FileDropTarget (this));
KeyfilesListCtrl->SetDropTarget (new FileDropTarget (this));
-#ifdef TC_MACOSX
foreach (wxWindow *c, GetChildren())
c->SetDropTarget (new FileDropTarget (this));
-#endif
UpdateButtons();
}
diff --git a/src/Main/Forms/MainFrame.cpp b/src/Main/Forms/MainFrame.cpp
index ad5bf5b..2585319 100644
--- a/src/Main/Forms/MainFrame.cpp
+++ b/src/Main/Forms/MainFrame.cpp
@@ -99,6 +99,9 @@ namespace VeraCrypt
Connect( wxID_ANY, wxEVT_COMMAND_PREF_UPDATED, wxCommandEventHandler( MainFrame::OnPreferencesUpdated ) );
Connect( wxID_ANY, wxEVT_COMMAND_OPEN_VOLUME_REQUEST, wxCommandEventHandler( MainFrame::OnOpenVolumeSystemRequest ) );
+#ifdef TC_MACOSX
+ Connect( wxID_ANY, wxEVT_MOVE, wxMoveEventHandler( MainFrame::OnMoveHandler ) );
+#endif
}
MainFrame::~MainFrame ()
@@ -119,6 +122,9 @@ namespace VeraCrypt
Disconnect( wxID_ANY, wxEVT_COMMAND_UPDATE_VOLUME_LIST, wxCommandEventHandler( MainFrame::OnUpdateVolumeList ) );
Disconnect( wxID_ANY, wxEVT_COMMAND_PREF_UPDATED, wxCommandEventHandler( MainFrame::OnPreferencesUpdated ) );
Disconnect( wxID_ANY, wxEVT_COMMAND_OPEN_VOLUME_REQUEST, wxCommandEventHandler( MainFrame::OnOpenVolumeSystemRequest ) );
+#ifdef TC_MACOSX
+ Disconnect( wxID_ANY, wxEVT_MOVE, wxMoveEventHandler( MainFrame::OnMoveHandler ) );
+#endif
Core->VolumeMountedEvent.Disconnect (this);
Core->VolumeDismountedEvent.Disconnect (this);
Gui->OpenVolumeSystemRequestEvent.Disconnect (this);
@@ -393,10 +399,8 @@ namespace VeraCrypt
};
SetDropTarget (new FileDropTarget (this));
-#ifdef TC_MACOSX
foreach (wxWindow *c, MainPanel->GetChildren())
c->SetDropTarget (new FileDropTarget (this));
-#endif
// Volume history
VolumeHistory::ConnectComboBox (VolumePathComboBox);
@@ -727,6 +731,7 @@ namespace VeraCrypt
#ifdef TC_MACOSX
if (Gui->IsInBackgroundMode())
Gui->SetBackgroundMode (false);
+ EnsureVisible ();
#endif
AboutDialog dialog (this);
dialog.ShowModal();
@@ -1724,4 +1729,11 @@ namespace VeraCrypt
Core->WipePasswordCache();
UpdateWipeCacheButton();
}
+
+#ifdef TC_MACOSX
+ void MainFrame::OnMoveHandler(wxMoveEvent& event)
+ {
+ EnsureVisible (true);
+ }
+#endif
}
diff --git a/src/Main/Forms/MainFrame.h b/src/Main/Forms/MainFrame.h
index 39c411a..414ecca 100644
--- a/src/Main/Forms/MainFrame.h
+++ b/src/Main/Forms/MainFrame.h
@@ -15,6 +15,9 @@
#include "Forms.h"
#include "ChangePasswordDialog.h"
+#ifdef TC_MACOSX
+#include <wx/display.h>
+#endif
namespace VeraCrypt
{
@@ -162,6 +165,35 @@ namespace VeraCrypt
void UpdateWipeCacheButton ();
void WipeCache ();
+#ifdef TC_MACOSX
+ void OnMoveHandler(wxMoveEvent& event);
+
+ void EnsureVisible(bool bOnlyHeadingBar = false)
+ {
+ wxDisplay display (this);
+ wxRect displayRect = display.GetClientArea();
+
+ bool bMove = false;
+ wxPoint p = GetScreenPosition();
+ wxRect r = GetRect ();
+ wxRect rc = GetClientRect ();
+ int titleBarHeight = r.height - rc.height;
+
+ if (!bOnlyHeadingBar && (p.x < displayRect.x))
+ p.x = 0, bMove = true;
+ if (p.y < displayRect.y)
+ p.y = displayRect.y, bMove = true;
+ if (!bOnlyHeadingBar && (p.x + r.width > displayRect.x + displayRect.width))
+ p.x = displayRect.x + displayRect.width - r.width, bMove = true;
+ if (!bOnlyHeadingBar && (p.y + r.height > displayRect.y + displayRect.height))
+ p.y = displayRect.y + displayRect.height - r.height, bMove = true;
+ if (bOnlyHeadingBar && (p.y > (displayRect.y + displayRect.height - titleBarHeight)))
+ p.y = displayRect.y + displayRect.height - titleBarHeight, bMove = true;
+ if (bMove)
+ Move (p);
+ }
+#endif
+
struct VolumeActivityMapEntry
{
VolumeActivityMapEntry () { }
diff --git a/src/Main/Forms/TrueCrypt.fbp b/src/Main/Forms/TrueCrypt.fbp
index 7509f1e..d512ce8 100644
--- a/src/Main/Forms/TrueCrypt.fbp
+++ b/src/Main/Forms/TrueCrypt.fbp
@@ -1373,7 +1373,7 @@
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
- <property name="flag">wxEXPAND</property>
+ <property name="flag">wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxStaticBoxSizer" expanded="1">
<property name="id">wxID_ANY</property>
@@ -1989,7 +1989,7 @@
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
- <property name="flag">wxEXPAND</property>
+ <property name="flag">wxEXPAND|wxALL</property>
<property name="proportion">0</property>
<object class="wxGridSizer" expanded="1">
<property name="cols">4</property>
@@ -2013,7 +2013,7 @@
<event name="OnUpdateUI"></event>
<object class="sizeritem" expanded="1">
<property name="border">2</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP</property>
+ <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxButton" expanded="1">
<property name="BottomDockable">1</property>
@@ -2103,19 +2103,19 @@
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND</property>
+ <property name="flag">wxEXPAND</property>
<property name="proportion">1</property>
<object class="wxStaticBoxSizer" expanded="1">
<property name="id">wxID_ANY</property>
<property name="label"></property>
- <property name="minimum_size">-1,-1</property>
+ <property name="minimum_size">139,-1</property>
<property name="name">sbSizer41</property>
<property name="orient">wxVERTICAL</property>
<property name="permission">none</property>
<event name="OnUpdateUI"></event>
<object class="sizeritem" expanded="1">
<property name="border">2</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP</property>
+ <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxButton" expanded="1">
<property name="BottomDockable">1</property>
@@ -2205,19 +2205,19 @@
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND</property>
+ <property name="flag">wxEXPAND</property>
<property name="proportion">1</property>
<object class="wxStaticBoxSizer" expanded="1">
<property name="id">wxID_ANY</property>
<property name="label"></property>
- <property name="minimum_size">-1,-1</property>
+ <property name="minimum_size">139,-1</property>
<property name="name">sbSizer42</property>
<property name="orient">wxVERTICAL</property>
<property name="permission">none</property>
<event name="OnUpdateUI"></event>
<object class="sizeritem" expanded="1">
<property name="border">2</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP</property>
+ <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxButton" expanded="1">
<property name="BottomDockable">1</property>
@@ -2307,19 +2307,19 @@
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
- <property name="flag">wxALIGN_RIGHT|wxEXPAND</property>
+ <property name="flag">wxEXPAND</property>
<property name="proportion">1</property>
<object class="wxStaticBoxSizer" expanded="1">
<property name="id">wxID_ANY</property>
<property name="label"></property>
- <property name="minimum_size">-1,-1</property>
+ <property name="minimum_size">139,-1</property>
<property name="name">sbSizer43</property>
<property name="orient">wxVERTICAL</property>
<property name="permission">none</property>
<event name="OnUpdateUI"></event>
<object class="sizeritem" expanded="1">
<property name="border">2</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP</property>
+ <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxButton" expanded="1">
<property name="BottomDockable">1</property>
diff --git a/src/Main/Forms/VolumeCreationWizard.cpp b/src/Main/Forms/VolumeCreationWizard.cpp
index b28b1c3..b6d60f4 100644
--- a/src/Main/Forms/VolumeCreationWizard.cpp
+++ b/src/Main/Forms/VolumeCreationWizard.cpp
@@ -175,7 +175,7 @@ namespace VeraCrypt
else if (SelectedVolumeType == VolumeType::Hidden)
{
pageTitle = LangString["SIZE_HIDVOL_TITLE"];
- pageText = LangString["SIZE_HELP_HIDDEN_VOL"] + L"\n\n" + _("Please note that if your operating system does not allocate files from the beginning of the free space, the maximum possible hidden volume size may be much smaller than the size of the free space on the outer volume. This not a bug in VeraCrypt but a limitation of the operating system.");
+ pageText = LangString["SIZE_HELP_HIDDEN_VOL"] + L"\n\n" + _("Please note that if your operating system does not allocate files from the beginning of the free space, the maximum possible hidden volume size may be much smaller than the size of the free space on the outer volume. This is not a bug in VeraCrypt but a limitation of the operating system.");
freeSpaceText = StringFormatter (_("Maximum possible hidden volume size for this volume is {0}."), Gui->SizeToString (MaxHiddenVolumeSize));
}
else
@@ -475,6 +475,7 @@ namespace VeraCrypt
#elif defined (TC_MACOSX)
case VolumeCreationOptions::FilesystemType::MacOsExt: fsFormatter = "newfs_hfs"; break;
case VolumeCreationOptions::FilesystemType::exFAT: fsFormatter = "newfs_exfat"; break;
+ case VolumeCreationOptions::FilesystemType::APFS: fsFormatter = "newfs_apfs"; break;
#elif defined (TC_FREEBSD) || defined (TC_SOLARIS)
case VolumeCreationOptions::FilesystemType::UFS: fsFormatter = "newfs" ; break;
#endif
diff --git a/src/Main/Forms/VolumeFormatOptionsWizardPage.cpp b/src/Main/Forms/VolumeFormatOptionsWizardPage.cpp
index ec0d778..3865705 100644
--- a/src/Main/Forms/VolumeFormatOptionsWizardPage.cpp
+++ b/src/Main/Forms/VolumeFormatOptionsWizardPage.cpp
@@ -13,6 +13,7 @@
#include "System.h"
#include "Main/GraphicUserInterface.h"
#include "VolumeFormatOptionsWizardPage.h"
+#include <wx/platinfo.h>
namespace VeraCrypt
{
@@ -40,6 +41,8 @@ namespace VeraCrypt
#elif defined (TC_MACOSX)
FilesystemTypeChoice->Append (L"Mac OS Extended", (void *) VolumeCreationOptions::FilesystemType::MacOsExt);
FilesystemTypeChoice->Append (L"exFAT", (void *) VolumeCreationOptions::FilesystemType::exFAT);
+ if (wxPlatformInfo::Get().CheckOSVersion (10, 13))
+ FilesystemTypeChoice->Append (L"APFS", (void *) VolumeCreationOptions::FilesystemType::APFS);
#elif defined (TC_FREEBSD) || defined (TC_SOLARIS)
FilesystemTypeChoice->Append (L"UFS", (void *) VolumeCreationOptions::FilesystemType::UFS);
#endif
@@ -81,6 +84,7 @@ namespace VeraCrypt
case VolumeCreationOptions::FilesystemType::Ext3: FilesystemTypeChoice->SetStringSelection (L"Linux Ext3"); break;
case VolumeCreationOptions::FilesystemType::Ext4: FilesystemTypeChoice->SetStringSelection (L"Linux Ext4"); break;
case VolumeCreationOptions::FilesystemType::MacOsExt: FilesystemTypeChoice->SetStringSelection (L"Mac OS Extended"); break;
+ case VolumeCreationOptions::FilesystemType::APFS: FilesystemTypeChoice->SetStringSelection (L"APFS"); break;
case VolumeCreationOptions::FilesystemType::UFS: FilesystemTypeChoice->SetStringSelection (L"UFS"); break;
default:
diff --git a/src/Main/Forms/VolumePasswordPanel.cpp b/src/Main/Forms/VolumePasswordPanel.cpp
index 2859762..ac30075 100644
--- a/src/Main/Forms/VolumePasswordPanel.cpp
+++ b/src/Main/Forms/VolumePasswordPanel.cpp
@@ -21,6 +21,7 @@ namespace VeraCrypt
VolumePasswordPanel::VolumePasswordPanel (wxWindow* parent, MountOptions* options, shared_ptr <VolumePassword> password, bool disableTruecryptMode, shared_ptr <KeyfileList> keyfiles, bool enableCache, bool enablePassword, bool enableKeyfiles, bool enableConfirmation, bool enablePkcs5Prf, bool isMountPassword, const wxString &passwordLabel)
: VolumePasswordPanelBase (parent), Keyfiles (new KeyfileList), EnablePimEntry (true)
{
+ size_t maxPasswordLength = CmdLine->ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize;
if (keyfiles)
{
*Keyfiles = *keyfiles;
@@ -32,8 +33,8 @@ namespace VeraCrypt
UseKeyfilesCheckBox->SetValue (Gui->GetPreferences().UseKeyfiles && !Keyfiles->empty());
}
- PasswordTextCtrl->SetMaxLength (VolumePassword::MaxSize);
- ConfirmPasswordTextCtrl->SetMaxLength (VolumePassword::MaxSize);
+ PasswordTextCtrl->SetMaxLength (maxPasswordLength);
+ ConfirmPasswordTextCtrl->SetMaxLength (maxPasswordLength);
if (!passwordLabel.empty())
{
@@ -159,10 +160,8 @@ namespace VeraCrypt
if (enableKeyfiles)
{
SetDropTarget (new FileDropTarget (this));
-#ifdef TC_MACOSX
foreach (wxWindow *c, GetChildren())
c->SetDropTarget (new FileDropTarget (this));
-#endif
}
Layout();
@@ -197,9 +196,10 @@ namespace VeraCrypt
FreezeScope freeze (this);
bool isPim = (*textCtrl == VolumePimTextCtrl);
int colspan = isPim? 1 : 2;
+ size_t maxPasswordLength = CmdLine->ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize;
wxTextCtrl *newTextCtrl = new wxTextCtrl (this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, display ? 0 : wxTE_PASSWORD);
- newTextCtrl->SetMaxLength (isPim? MAX_PIM_DIGITS : VolumePassword::MaxSize);
+ newTextCtrl->SetMaxLength (isPim? MAX_PIM_DIGITS : maxPasswordLength);
newTextCtrl->SetValue ((*textCtrl)->GetValue());
newTextCtrl->SetMinSize ((*textCtrl)->GetSize());
@@ -228,12 +228,12 @@ namespace VeraCrypt
{
shared_ptr <VolumePassword> password;
wchar_t passwordBuf[VolumePassword::MaxSize + 1];
- size_t maxPasswordLength = bLegacyPassword? VolumePassword::MaxLegacySize: VolumePassword::MaxSize;
+ size_t maxPasswordLength = (bLegacyPassword || CmdLine->ArgUseLegacyPassword)? VolumePassword::MaxLegacySize: VolumePassword::MaxSize;
finally_do_arg (BufferPtr, BufferPtr (reinterpret_cast <byte *> (passwordBuf), sizeof (passwordBuf)), { finally_arg.Erase(); });
#ifdef TC_WINDOWS
int len = GetWindowText (static_cast <HWND> (textCtrl->GetHandle()), passwordBuf, VolumePassword::MaxSize + 1);
- password = ToUTF8Password (passwordBuf, len);
+ password = ToUTF8Password (passwordBuf, len, maxPasswordLength);
#else
wxString passwordStr (textCtrl->GetValue()); // A copy of the password is created here by wxWidgets, which cannot be erased
for (size_t i = 0; i < passwordStr.size() && i < maxPasswordLength; ++i)
@@ -241,7 +241,7 @@ namespace VeraCrypt
passwordBuf[i] = (wchar_t) passwordStr[i];
passwordStr[i] = L'X';
}
- password = ToUTF8Password (passwordBuf, passwordStr.size() <= maxPasswordLength ? passwordStr.size() : maxPasswordLength);
+ password = ToUTF8Password (passwordBuf, passwordStr.size() <= maxPasswordLength ? passwordStr.size() : maxPasswordLength, maxPasswordLength);
#endif
return password;
}
diff --git a/src/Main/Forms/VolumeSizeWizardPage.cpp b/src/Main/Forms/VolumeSizeWizardPage.cpp
index f404441..fc045b5 100644
--- a/src/Main/Forms/VolumeSizeWizardPage.cpp
+++ b/src/Main/Forms/VolumeSizeWizardPage.cpp
@@ -21,7 +21,8 @@ namespace VeraCrypt
MaxVolumeSize (0),
MaxVolumeSizeValid (false),
MinVolumeSize (1),
- SectorSize (sectorSize)
+ SectorSize (sectorSize),
+ AvailableDiskSpace (0)
{
VolumeSizePrefixChoice->Append (LangString["KB"], reinterpret_cast <void *> (1024));
VolumeSizePrefixChoice->Append (LangString["MB"], reinterpret_cast <void *> (1024 * 1024));
@@ -34,6 +35,10 @@ namespace VeraCrypt
VolumeSizeTextCtrl->Disable();
VolumeSizeTextCtrl->SetValue (L"");
}
+ else
+ {
+ AvailableDiskSpace = (uint64) diskSpace.GetValue ();
+ }
FreeSpaceStaticText->SetFont (Gui->GetDefaultBoldFont (this));
@@ -97,7 +102,8 @@ namespace VeraCrypt
{
try
{
- if (GetVolumeSize() >= MinVolumeSize && (!MaxVolumeSizeValid || GetVolumeSize() <= MaxVolumeSize))
+ uint64 uiVolumeSize = GetVolumeSize();
+ if (uiVolumeSize >= MinVolumeSize && (!MaxVolumeSizeValid || uiVolumeSize <= MaxVolumeSize) && (MaxVolumeSizeValid || CmdLine->ArgDisableFileSizeCheck || !AvailableDiskSpace || uiVolumeSize <= AvailableDiskSpace))
return true;
}
catch (...) { }
diff --git a/src/Main/Forms/VolumeSizeWizardPage.h b/src/Main/Forms/VolumeSizeWizardPage.h
index e12a5a7..aac41f9 100644
--- a/src/Main/Forms/VolumeSizeWizardPage.h
+++ b/src/Main/Forms/VolumeSizeWizardPage.h
@@ -49,6 +49,7 @@ namespace VeraCrypt
bool MaxVolumeSizeValid;
uint64 MinVolumeSize;
uint32 SectorSize;
+ uint64 AvailableDiskSpace;
};
}
diff --git a/src/Main/Forms/WaitDialog.cpp b/src/Main/Forms/WaitDialog.cpp
index d3372db..2976a6e 100644
--- a/src/Main/Forms/WaitDialog.cpp
+++ b/src/Main/Forms/WaitDialog.cpp
@@ -38,12 +38,14 @@ namespace VeraCrypt
VC_CONVERT_EXCEPTION (PasswordEmpty);
VC_CONVERT_EXCEPTION (PasswordTooLong);
VC_CONVERT_EXCEPTION (PasswordUTF8TooLong);
+ VC_CONVERT_EXCEPTION (PasswordLegacyUTF8TooLong);
VC_CONVERT_EXCEPTION (PasswordUTF8Invalid);
VC_CONVERT_EXCEPTION (UnportablePassword);
VC_CONVERT_EXCEPTION (ElevationFailed);
VC_CONVERT_EXCEPTION (RootDeviceUnavailable);
VC_CONVERT_EXCEPTION (DriveLetterUnavailable);
VC_CONVERT_EXCEPTION (DriverError);
+ VC_CONVERT_EXCEPTION (DeviceSectorSizeMismatch);
VC_CONVERT_EXCEPTION (EncryptedSystemRequired);
VC_CONVERT_EXCEPTION (HigherFuseVersionRequired);
VC_CONVERT_EXCEPTION (KernelCryptoServiceTestFailed);
diff --git a/src/Main/GraphicUserInterface.cpp b/src/Main/GraphicUserInterface.cpp
index 99b2caa..b7b4cf4 100755
--- a/src/Main/GraphicUserInterface.cpp
+++ b/src/Main/GraphicUserInterface.cpp
@@ -1309,7 +1309,7 @@ namespace VeraCrypt
#elif defined (TC_MACOSX)
htmlPath += L"/../Resources/doc/HTML/";
#elif defined (TC_UNIX)
- htmlPath = L"/usr/share/veracrypt/doc/HTML/";
+ htmlPath = L"/usr/share/doc/veracrypt/HTML/";
#else
localFile = false;
#endif
diff --git a/src/Main/LanguageStrings.cpp b/src/Main/LanguageStrings.cpp
index 93f9823..efc1bfe 100644
--- a/src/Main/LanguageStrings.cpp
+++ b/src/Main/LanguageStrings.cpp
@@ -75,7 +75,7 @@ namespace VeraCrypt
Map["CHECKING_FS"] = _("Checking the file system on the VeraCrypt volume mounted as {0}...");
Map["REPAIRING_FS"] = _("Attempting to repair the file system on the VeraCrypt volume mounted as {0}...");
Map["UNMOUNT_LOCK_FAILED"] = _("Volume \"{0}\" contains files or folders being used by applications or system.\n\nForce dismount?");
- Map["VOLUME_SIZE_HELP"] = _("Please specify the size of the container to create. Note that the minimum possible size of a volume is 292 KB.");
+ Map["VOLUME_SIZE_HELP"] = _("Please specify the size of the container to create. Note that the minimum possible size of a volume is 292 KiB.");
Map["ENCRYPTION_MODE_NOT_SUPPORTED_BY_KERNEL"] = _("The volume you have mounted uses a mode of operation that is not supported by the Linux kernel. You may experience slow performance when using this volume. To achieve full performance, you should move the data from this volume to a new volume created by VeraCrypt 5.0 or later.");
}
diff --git a/src/Main/Main.make b/src/Main/Main.make
index 581eb34..18efba6 100755
--- a/src/Main/Main.make
+++ b/src/Main/Main.make
@@ -82,14 +82,10 @@ CXXFLAGS += -I$(BASE_DIR)/Main
#------ wxWidgets configuration ------
ifdef TC_NO_GUI
-ifdef VC_WX_STATIC
WX_CONFIG_LIBS := base
else
WX_CONFIG_LIBS := adv,core,base
endif
-else
-WX_CONFIG_LIBS := adv,core,base
-endif
ifeq "$(TC_BUILD_CONFIG)" "Release"
@@ -191,74 +187,89 @@ prepare: $(APPNAME)
ifeq "$(TC_BUILD_CONFIG)" "Release"
ifdef TC_NO_GUI
- cp $(PWD)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)_console
+ cp $(BASE_DIR)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)_console
else
- cp $(PWD)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)
+ cp $(BASE_DIR)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)
endif
else
ifdef TC_NO_GUI
- -rm -f $(PWD)/Main/$(APPNAME)_console
- cp $(PWD)/Main/$(APPNAME) $(PWD)/Main/$(APPNAME)_console
- -ln -sf $(PWD)/Main/$(APPNAME)_console $(APPNAME).app/Contents/MacOS/$(APPNAME)_console
+ -rm -f $(BASE_DIR)/Main/$(APPNAME)_console
+ cp $(BASE_DIR)/Main/$(APPNAME) $(BASE_DIR)/Main/$(APPNAME)_console
+ -ln -sf $(BASE_DIR)/Main/$(APPNAME)_console $(APPNAME).app/Contents/MacOS/$(APPNAME)_console
else
- -ln -sf $(PWD)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)
+ -ln -sf $(BASE_DIR)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)
endif
endif
- cp $(PWD)/Resources/Icons/VeraCrypt.icns $(APPNAME).app/Contents/Resources
- cp $(PWD)/Resources/Icons/VeraCrypt_Volume.icns $(APPNAME).app/Contents/Resources
- cp $(PWD)/../doc/html/* $(APPNAME).app/Contents/Resources/doc/HTML
+ cp $(BASE_DIR)/Resources/Icons/VeraCrypt.icns $(APPNAME).app/Contents/Resources
+ cp $(BASE_DIR)/Resources/Icons/VeraCrypt_Volume.icns $(APPNAME).app/Contents/Resources
+ cp $(BASE_DIR)/../doc/html/* $(APPNAME).app/Contents/Resources/doc/HTML
echo -n APPLTRUE >$(APPNAME).app/Contents/PkgInfo
+ifdef VC_LEGACY_BUILD
+ sed -e 's/_VERSION_/$(patsubst %a,%.1,$(patsubst %b,%.2,$(TC_VERSION)))/' ../Build/Resources/MacOSX/Info.plist.legacy.xml >$(APPNAME).app/Contents/Info.plist
+else
sed -e 's/_VERSION_/$(patsubst %a,%.1,$(patsubst %b,%.2,$(TC_VERSION)))/' ../Build/Resources/MacOSX/Info.plist.xml >$(APPNAME).app/Contents/Info.plist
+endif
codesign -s "Developer ID Application: IDRIX (Z933746L2S)" --timestamp $(APPNAME).app
install: prepare
cp -R $(APPNAME).app /Applications/.
package: prepare
- /usr/local/bin/packagesbuild $(PWD)/Setup/MacOSX/veracrypt.pkgproj
- productsign --sign "Developer ID Installer: IDRIX (Z933746L2S)" --timestamp "$(PWD)/Setup/MacOSX/VeraCrypt $(TC_VERSION).pkg" $(PWD)/Setup/MacOSX/VeraCrypt_$(TC_VERSION).pkg
+ifdef VC_LEGACY_BUILD
+ /usr/local/bin/packagesbuild $(BASE_DIR)/Setup/MacOSX/veracrypt_Legacy.pkgproj
+ productsign --sign "Developer ID Installer: IDRIX (Z933746L2S)" --timestamp "$(BASE_DIR)/Setup/MacOSX/VeraCrypt Legacy $(TC_VERSION).pkg" $(BASE_DIR)/Setup/MacOSX/VeraCrypt_$(TC_VERSION).pkg
+ rm -f $(APPNAME)_Legacy_$(TC_VERSION).dmg
+else
+ /usr/local/bin/packagesbuild $(BASE_DIR)/Setup/MacOSX/veracrypt.pkgproj
+ productsign --sign "Developer ID Installer: IDRIX (Z933746L2S)" --timestamp "$(BASE_DIR)/Setup/MacOSX/VeraCrypt $(TC_VERSION).pkg" $(BASE_DIR)/Setup/MacOSX/VeraCrypt_$(TC_VERSION).pkg
rm -f $(APPNAME)_$(TC_VERSION).dmg
- rm -f "$(PWD)/Setup/MacOSX/template.dmg"
- rm -fr "$(PWD)/Setup/MacOSX/VeraCrypt_dmg"
- mkdir -p "$(PWD)/Setup/MacOSX/VeraCrypt_dmg"
- bunzip2 -k -f "$(PWD)/Setup/MacOSX/template.dmg.bz2"
- hdiutil attach "$(PWD)/Setup/MacOSX/template.dmg" -noautoopen -quiet -mountpoint "$(PWD)/Setup/MacOSX/VeraCrypt_dmg"
- cp "$(PWD)/Setup/MacOSX/VeraCrypt_$(TC_VERSION).pkg" "$(PWD)/Setup/MacOSX/VeraCrypt_dmg/VeraCrypt_Installer.pkg"
- hdiutil detach "$(PWD)/Setup/MacOSX/VeraCrypt_dmg" -quiet -force
- hdiutil convert "$(PWD)/Setup/MacOSX/template.dmg" -quiet -format UDZO -imagekey zlib-level=9 -o $(APPNAME)_$(TC_VERSION).dmg
- rm -f "$(PWD)/Setup/MacOSX/template.dmg"
- rm -fr "$(PWD)/Setup/MacOSX/VeraCrypt_dmg"
+endif
+ rm -f "$(BASE_DIR)/Setup/MacOSX/template.dmg"
+ rm -fr "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg"
+ mkdir -p "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg"
+ bunzip2 -k -f "$(BASE_DIR)/Setup/MacOSX/template.dmg.bz2"
+ hdiutil attach "$(BASE_DIR)/Setup/MacOSX/template.dmg" -noautoopen -quiet -mountpoint "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg"
+ cp "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_$(TC_VERSION).pkg" "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg/VeraCrypt_Installer.pkg"
+ hdiutil detach "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg" -quiet -force
+ifdef VC_LEGACY_BUILD
+ hdiutil convert "$(BASE_DIR)/Setup/MacOSX/template.dmg" -quiet -format UDZO -imagekey zlib-level=9 -o $(APPNAME)_Legacy_$(TC_VERSION).dmg
+else
+ hdiutil convert "$(BASE_DIR)/Setup/MacOSX/template.dmg" -quiet -format UDZO -imagekey zlib-level=9 -o $(APPNAME)_$(TC_VERSION).dmg
+endif
+ rm -f "$(BASE_DIR)/Setup/MacOSX/template.dmg"
+ rm -fr "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg"
endif
ifeq "$(PLATFORM)" "Linux"
prepare: $(APPNAME)
- rm -fr $(PWD)/Setup/Linux/usr
- mkdir -p $(PWD)/Setup/Linux/usr/bin
- mkdir -p $(PWD)/Setup/Linux/usr/share/$(APPNAME)/doc/HTML
- cp $(PWD)/Main/$(APPNAME) $(PWD)/Setup/Linux/usr/bin/$(APPNAME)
- cp $(PWD)/Setup/Linux/$(APPNAME)-uninstall.sh $(PWD)/Setup/Linux/usr/bin/$(APPNAME)-uninstall.sh
- chmod +x $(PWD)/Setup/Linux/usr/bin/$(APPNAME)-uninstall.sh
- cp $(PWD)/License.txt $(PWD)/Setup/Linux/usr/share/$(APPNAME)/doc/License.txt
- cp $(PWD)/../doc/html/* "$(PWD)/Setup/Linux/usr/share/$(APPNAME)/doc/HTML"
+ rm -fr $(BASE_DIR)/Setup/Linux/usr
+ mkdir -p $(BASE_DIR)/Setup/Linux/usr/bin
+ mkdir -p $(BASE_DIR)/Setup/Linux/usr/share/doc/$(APPNAME)/HTML
+ cp $(BASE_DIR)/Main/$(APPNAME) $(BASE_DIR)/Setup/Linux/usr/bin/$(APPNAME)
+ cp $(BASE_DIR)/Setup/Linux/$(APPNAME)-uninstall.sh $(BASE_DIR)/Setup/Linux/usr/bin/$(APPNAME)-uninstall.sh
+ chmod +x $(BASE_DIR)/Setup/Linux/usr/bin/$(APPNAME)-uninstall.sh
+ cp $(BASE_DIR)/License.txt $(BASE_DIR)/Setup/Linux/usr/share/doc/$(APPNAME)/License.txt
+ cp $(BASE_DIR)/../doc/html/* "$(BASE_DIR)/Setup/Linux/usr/share/doc/$(APPNAME)/HTML"
ifndef TC_NO_GUI
- mkdir -p $(PWD)/Setup/Linux/usr/share/applications
- mkdir -p $(PWD)/Setup/Linux/usr/share/pixmaps
- cp $(PWD)/Resources/Icons/VeraCrypt-256x256.xpm $(PWD)/Setup/Linux/usr/share/pixmaps/$(APPNAME).xpm
- cp $(PWD)/Setup/Linux/$(APPNAME).desktop $(PWD)/Setup/Linux/usr/share/applications/$(APPNAME).desktop
+ mkdir -p $(BASE_DIR)/Setup/Linux/usr/share/applications
+ mkdir -p $(BASE_DIR)/Setup/Linux/usr/share/pixmaps
+ cp $(BASE_DIR)/Resources/Icons/VeraCrypt-256x256.xpm $(BASE_DIR)/Setup/Linux/usr/share/pixmaps/$(APPNAME).xpm
+ cp $(BASE_DIR)/Setup/Linux/$(APPNAME).desktop $(BASE_DIR)/Setup/Linux/usr/share/applications/$(APPNAME).desktop
endif
install: prepare
- cp -R $(CURDIR)/Setup/Linux/usr $(DESTDIR)/.
+ mkdir -p $(DESTDIR)
+ cp -R $(BASE_DIR)/Setup/Linux/usr $(DESTDIR)/
ifeq "$(TC_BUILD_CONFIG)" "Release"
package: prepare
- tar cfz $(PWD)/Setup/Linux/$(PACKAGE_NAME) --directory $(PWD)/Setup/Linux usr
+ tar cfz $(BASE_DIR)/Setup/Linux/$(PACKAGE_NAME) --directory $(BASE_DIR)/Setup/Linux usr
@rm -fr $(INTERNAL_INSTALLER_NAME)
@echo "#!/bin/sh" > $(INTERNAL_INSTALLER_NAME)
@@ -268,14 +279,14 @@ package: prepare
@echo "PACKAGE_START=1107" >> $(INTERNAL_INSTALLER_NAME)
@echo "INSTALLER_TYPE=$(INSTALLER_TYPE)" >> $(INTERNAL_INSTALLER_NAME)
- @cat $(PWD)/Setup/Linux/veracrypt_install_template.sh >> $(INTERNAL_INSTALLER_NAME)
- @cat $(PWD)/Setup/Linux/$(PACKAGE_NAME) >> $(INTERNAL_INSTALLER_NAME)
+ @cat $(BASE_DIR)/Setup/Linux/veracrypt_install_template.sh >> $(INTERNAL_INSTALLER_NAME)
+ @cat $(BASE_DIR)/Setup/Linux/$(PACKAGE_NAME) >> $(INTERNAL_INSTALLER_NAME)
chmod +x $(INTERNAL_INSTALLER_NAME)
- rm -fr $(PWD)/Setup/Linux/packaging
- mkdir -p $(PWD)/Setup/Linux/packaging
- cp $(INTERNAL_INSTALLER_NAME) $(PWD)/Setup/Linux/packaging/.
- makeself $(PWD)/Setup/Linux/packaging $(PWD)/Setup/Linux/$(INSTALLER_NAME) "VeraCrypt $(TC_VERSION) Installer" ./$(INTERNAL_INSTALLER_NAME)
+ rm -fr $(BASE_DIR)/Setup/Linux/packaging
+ mkdir -p $(BASE_DIR)/Setup/Linux/packaging
+ cp $(INTERNAL_INSTALLER_NAME) $(BASE_DIR)/Setup/Linux/packaging/.
+ makeself $(BASE_DIR)/Setup/Linux/packaging $(BASE_DIR)/Setup/Linux/$(INSTALLER_NAME) "VeraCrypt $(TC_VERSION) Installer" ./$(INTERNAL_INSTALLER_NAME)
endif
@@ -283,31 +294,32 @@ endif
ifeq "$(PLATFORM)" "FreeBSD"
prepare: $(APPNAME)
- rm -fr $(PWD)/Setup/FreeBSD/usr
- mkdir -p $(PWD)/Setup/FreeBSD/usr/bin
- mkdir -p $(PWD)/Setup/FreeBSD/usr/share/$(APPNAME)/doc/HTML
- cp $(PWD)/Main/$(APPNAME) $(PWD)/Setup/FreeBSD/usr/bin/$(APPNAME)
- cp $(PWD)/Setup/Linux/$(APPNAME)-uninstall.sh $(PWD)/Setup/FreeBSD/usr/bin/$(APPNAME)-uninstall.sh
- chmod +x $(PWD)/Setup/FreeBSD/usr/bin/$(APPNAME)-uninstall.sh
- cp $(PWD)/License.txt $(PWD)/Setup/FreeBSD/usr/share/$(APPNAME)/doc/License.txt
- cp $(PWD)/../doc/html/* "$(PWD)/Setup/FreeBSD/usr/share/$(APPNAME)/doc/HTML"
+ rm -fr $(BASE_DIR)/Setup/FreeBSD/usr
+ mkdir -p $(BASE_DIR)/Setup/FreeBSD/usr/bin
+ mkdir -p $(BASE_DIR)/Setup/FreeBSD/usr/share/doc/$(APPNAME)/HTML
+ cp $(BASE_DIR)/Main/$(APPNAME) $(BASE_DIR)/Setup/FreeBSD/usr/bin/$(APPNAME)
+ cp $(BASE_DIR)/Setup/Linux/$(APPNAME)-uninstall.sh $(BASE_DIR)/Setup/FreeBSD/usr/bin/$(APPNAME)-uninstall.sh
+ chmod +x $(BASE_DIR)/Setup/FreeBSD/usr/bin/$(APPNAME)-uninstall.sh
+ cp $(BASE_DIR)/License.txt $(BASE_DIR)/Setup/FreeBSD/usr/share/doc/$(APPNAME)/License.txt
+ cp $(BASE_DIR)/../doc/html/* "$(BASE_DIR)/Setup/FreeBSD/usr/share/doc/$(APPNAME)/HTML"
ifndef TC_NO_GUI
- mkdir -p $(PWD)/Setup/FreeBSD/usr/share/applications
- mkdir -p $(PWD)/Setup/FreeBSD/usr/share/pixmaps
- cp $(PWD)/Resources/Icons/VeraCrypt-256x256.xpm $(PWD)/Setup/FreeBSD/usr/share/pixmaps/$(APPNAME).xpm
- cp $(PWD)/Setup/Linux/$(APPNAME).desktop $(PWD)/Setup/FreeBSD/usr/share/applications/$(APPNAME).desktop
+ mkdir -p $(BASE_DIR)/Setup/FreeBSD/usr/share/applications
+ mkdir -p $(BASE_DIR)/Setup/FreeBSD/usr/share/pixmaps
+ cp $(BASE_DIR)/Resources/Icons/VeraCrypt-256x256.xpm $(BASE_DIR)/Setup/FreeBSD/usr/share/pixmaps/$(APPNAME).xpm
+ cp $(BASE_DIR)/Setup/Linux/$(APPNAME).desktop $(BASE_DIR)/Setup/FreeBSD/usr/share/applications/$(APPNAME).desktop
endif
- chown -R root:wheel $(PWD)/Setup/FreeBSD/usr
- chmod -R go-w $(PWD)/Setup/FreeBSD/usr
+ chown -R root:wheel $(BASE_DIR)/Setup/FreeBSD/usr
+ chmod -R go-w $(BASE_DIR)/Setup/FreeBSD/usr
install: prepare
- cp -R $(CURDIR)/Setup/FreeBSD/usr $(DESTDIR)/.
+ mkdir -p $(DESTDIR)
+ cp -R $(BASE_DIR)/Setup/FreeBSD/usr $(DESTDIR)/.
ifeq "$(TC_BUILD_CONFIG)" "Release"
package: prepare
- tar cfz $(PWD)/Setup/FreeBSD/$(PACKAGE_NAME) --directory $(PWD)/Setup/FreeBSD usr
+ tar cfz $(BASE_DIR)/Setup/FreeBSD/$(PACKAGE_NAME) --directory $(BASE_DIR)/Setup/FreeBSD usr
@rm -fr $(INTERNAL_INSTALLER_NAME)
@echo "#!/bin/sh" > $(INTERNAL_INSTALLER_NAME)
@@ -317,14 +329,14 @@ package: prepare
@echo "PACKAGE_START=1107" >> $(INTERNAL_INSTALLER_NAME)
@echo "INSTALLER_TYPE=$(INSTALLER_TYPE)" >> $(INTERNAL_INSTALLER_NAME)
- @cat $(PWD)/Setup/FreeBSD/veracrypt_install_template.sh >> $(INTERNAL_INSTALLER_NAME)
- @cat $(PWD)/Setup/FreeBSD/$(PACKAGE_NAME) >> $(INTERNAL_INSTALLER_NAME)
+ @cat $(BASE_DIR)/Setup/FreeBSD/veracrypt_install_template.sh >> $(INTERNAL_INSTALLER_NAME)
+ @cat $(BASE_DIR)/Setup/FreeBSD/$(PACKAGE_NAME) >> $(INTERNAL_INSTALLER_NAME)
chmod +x $(INTERNAL_INSTALLER_NAME)
- rm -fr $(PWD)/Setup/FreeBSD/packaging
- mkdir -p $(PWD)/Setup/FreeBSD/packaging
- cp $(INTERNAL_INSTALLER_NAME) $(PWD)/Setup/FreeBSD/packaging/.
- makeself $(PWD)/Setup/FreeBSD/packaging $(PWD)/Setup/FreeBSD/$(INSTALLER_NAME) "VeraCrypt $(TC_VERSION) $(SYSTEMNAME) Installer" ./$(INTERNAL_INSTALLER_NAME)
+ rm -fr $(BASE_DIR)/Setup/FreeBSD/packaging
+ mkdir -p $(BASE_DIR)/Setup/FreeBSD/packaging
+ cp $(INTERNAL_INSTALLER_NAME) $(BASE_DIR)/Setup/FreeBSD/packaging/.
+ makeself $(BASE_DIR)/Setup/FreeBSD/packaging $(BASE_DIR)/Setup/FreeBSD/$(INSTALLER_NAME) "VeraCrypt $(TC_VERSION) $(SYSTEMNAME) Installer" ./$(INTERNAL_INSTALLER_NAME)
endif
diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp
index 61b8b8a..4de2cb2 100644
--- a/src/Main/TextUserInterface.cpp
+++ b/src/Main/TextUserInterface.cpp
@@ -20,6 +20,7 @@
#include "Platform/Unix/Process.h"
#endif
+#include <wx/platinfo.h>
#include "Common/SecurityToken.h"
#include "Core/RandomNumberGenerator.h"
#include "Application.h"
@@ -40,7 +41,9 @@ namespace VeraCrypt
#endif
{
FInputStream.reset (new wxFFileInputStream (stdin));
- TextInputStream.reset (new wxTextInputStream (*FInputStream));
+ // Set fallback encoding of the stream converter to UTF-8
+ // to make sure we interpret multibyte symbols properly
+ TextInputStream.reset (new wxTextInputStream (*FInputStream, wxT(" \t"), wxConvAuto(wxFONTENCODING_UTF8)));
}
}
@@ -124,7 +127,7 @@ namespace VeraCrypt
if (verify && verPhase)
{
- shared_ptr <VolumePassword> verPassword = ToUTF8Password (passwordBuf, length);
+ shared_ptr <VolumePassword> verPassword = ToUTF8Password (passwordBuf, length, CmdLine->ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
if (*password != *verPassword)
{
@@ -135,7 +138,7 @@ namespace VeraCrypt
}
}
- password = ToUTF8Password (passwordBuf, length);
+ password = ToUTF8Password (passwordBuf, length, CmdLine->ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
if (!verPhase)
{
@@ -785,6 +788,10 @@ namespace VeraCrypt
#elif defined (TC_MACOSX)
ShowInfo (L" 3) Mac OS Extended"); filesystems.push_back (VolumeCreationOptions::FilesystemType::MacOsExt);
ShowInfo (L" 4) exFAT"); filesystems.push_back (VolumeCreationOptions::FilesystemType::exFAT);
+ if (wxPlatformInfo::Get().CheckOSVersion (10, 13))
+ {
+ ShowInfo (L" 5) APFS"); filesystems.push_back (VolumeCreationOptions::FilesystemType::APFS);
+ }
#elif defined (TC_FREEBSD) || defined (TC_SOLARIS)
ShowInfo (L" 3) UFS"); filesystems.push_back (VolumeCreationOptions::FilesystemType::UFS);
#endif
@@ -881,6 +888,7 @@ namespace VeraCrypt
#elif defined (TC_MACOSX)
case VolumeCreationOptions::FilesystemType::MacOsExt: fsFormatter = "newfs_hfs"; break;
case VolumeCreationOptions::FilesystemType::exFAT: fsFormatter = "newfs_exfat"; break;
+ case VolumeCreationOptions::FilesystemType::APFS: fsFormatter = "newfs_apfs"; break;
#elif defined (TC_FREEBSD) || defined (TC_SOLARIS)
case VolumeCreationOptions::FilesystemType::UFS: fsFormatter = "newfs" ; break;
#endif
@@ -1056,9 +1064,18 @@ namespace VeraCrypt
slotId = (CK_SLOT_ID) AskSelection (tokens.back().SlotId, tokens.front().SlotId);
}
- shared_ptr <KeyfileList> keyfiles = AskKeyfiles();
- if (keyfiles->empty())
- throw UserAbort();
+ shared_ptr <KeyfileList> keyfiles;
+
+ if (CmdLine->ArgKeyfiles.get() && !CmdLine->ArgKeyfiles->empty())
+ keyfiles = CmdLine->ArgKeyfiles;
+ else if (!Preferences.NonInteractive)
+ {
+ keyfiles = AskKeyfiles();
+ if (keyfiles->empty())
+ throw UserAbort();
+ }
+ else
+ throw MissingArgument (SRC_POS);
foreach_ref (const Keyfile &keyfilePath, *keyfiles)
{
diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp
index 3939010..35396b4 100644
--- a/src/Main/UserInterface.cpp
+++ b/src/Main/UserInterface.cpp
@@ -444,6 +444,7 @@ namespace VeraCrypt
{
#define EX2MSG(exception, message) do { if (ex == typeid (exception)) return (message); } while (false)
EX2MSG (DriveLetterUnavailable, LangString["DRIVE_LETTER_UNAVAILABLE"]);
+ EX2MSG (DeviceSectorSizeMismatch, _("Storage device and VC volume sector size mismatch"));
EX2MSG (EncryptedSystemRequired, _("This operation must be performed only when the system hosted on the volume is running."));
EX2MSG (ExternalException, LangString["EXCEPTION_OCCURRED"]);
EX2MSG (InsufficientData, _("Not enough data available."));
@@ -464,6 +465,7 @@ namespace VeraCrypt
EX2MSG (PasswordOrMountOptionsIncorrect, LangString["PASSWORD_OR_KEYFILE_OR_MODE_WRONG"] + _("\n\nNote: If you are attempting to mount a partition located on an encrypted system drive without pre-boot authentication or to mount the encrypted system partition of an operating system that is not running, you can do so by selecting 'Options >' > 'Mount partition using system encryption'."));
EX2MSG (PasswordTooLong, StringFormatter (_("Password is longer than {0} characters."), (int) VolumePassword::MaxSize));
EX2MSG (PasswordUTF8TooLong, LangString["PASSWORD_UTF8_TOO_LONG"]);
+ EX2MSG (PasswordLegacyUTF8TooLong, LangString["LEGACY_PASSWORD_UTF8_TOO_LONG"]);
EX2MSG (PasswordUTF8Invalid, LangString["PASSWORD_UTF8_INVALID"]);
EX2MSG (PartitionDeviceRequired, _("Partition device required."));
EX2MSG (ProtectionPasswordIncorrect, _("Incorrect password to the protected hidden volume or the hidden volume does not exist."));
@@ -533,6 +535,10 @@ namespace VeraCrypt
Core->SetAdminPasswordCallback (shared_ptr <GetStringFunctor> (new AdminPasswordRequestHandler));
}
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ Core->ForceUseDummySudoPassword (CmdLine->ArgUseDummySudoPassword);
+#endif
+
Core->WarningEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnWarning));
Core->VolumeMountedEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnVolumeMounted));
@@ -908,7 +914,8 @@ namespace VeraCrypt
wstring pwdInput;
getline(wcin, pwdInput);
- cmdLine.ArgPassword = ToUTF8Password ( pwdInput.c_str (), pwdInput.size ());
+ size_t maxUtf8Len = cmdLine.ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize;
+ cmdLine.ArgPassword = ToUTF8Password ( pwdInput.c_str (), pwdInput.size (), maxUtf8Len);
}
switch (cmdLine.ArgCommand)
@@ -1265,7 +1272,7 @@ namespace VeraCrypt
"--size=SIZE[K|M|G|T]\n"
" Use specified size when creating a new volume. If no suffix is indicated,\n"
" then SIZE is interpreted in bytes. Suffixes K, M, G or T can be used to\n"
- " indicate a value in KB, MB, GB or TB respectively.\n"
+ " indicate a value in KiB, MiB, GiB or TiB respectively.\n"
"\n"
"-t, --text\n"
" Use text user interface. Graphical user interface is used by default if\n"
@@ -1575,12 +1582,14 @@ namespace VeraCrypt
VC_CONVERT_EXCEPTION (PasswordEmpty);
VC_CONVERT_EXCEPTION (PasswordTooLong);
VC_CONVERT_EXCEPTION (PasswordUTF8TooLong);
+ VC_CONVERT_EXCEPTION (PasswordLegacyUTF8TooLong);
VC_CONVERT_EXCEPTION (PasswordUTF8Invalid);
VC_CONVERT_EXCEPTION (UnportablePassword);
VC_CONVERT_EXCEPTION (ElevationFailed);
VC_CONVERT_EXCEPTION (RootDeviceUnavailable);
VC_CONVERT_EXCEPTION (DriveLetterUnavailable);
VC_CONVERT_EXCEPTION (DriverError);
+ VC_CONVERT_EXCEPTION (DeviceSectorSizeMismatch);
VC_CONVERT_EXCEPTION (EncryptedSystemRequired);
VC_CONVERT_EXCEPTION (HigherFuseVersionRequired);
VC_CONVERT_EXCEPTION (KernelCryptoServiceTestFailed);
diff --git a/src/Makefile b/src/Makefile
index 50af302..f881c87 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -23,6 +23,7 @@
# SSSE3: Enable SSSE3 support in compiler
# SSE41: Enable SSE4.1 support in compiler
# NOSSE2: Disable SEE2 support in compiler
+# WITHGTK3: Build wxWidgets against GTK3
#------ Targets ------
# all
@@ -68,7 +69,7 @@ endif
ifeq "$(origin NOGUI)" "command line"
export TC_NO_GUI := 1
- C_CXX_FLAGS += -DTC_NO_GUI
+ C_CXX_FLAGS += -DTC_NO_GUI -DwxUSE_GUI=0
WX_CONFIGURE_FLAGS += --disable-gui
endif
@@ -90,6 +91,9 @@ ifeq "$(origin WXSTATIC)" "command line"
export VC_WX_STATIC := 1
WX_CONFIG = $(WX_BUILD_DIR)/wx-config
WX_CONFIG_ARGS += --static
+ ifneq "$(WXSTATIC)" "FULL"
+ export VC_WX_MINIMAL := 1
+ endif
endif
@@ -132,7 +136,7 @@ export PLATFORM_UNSUPPORTED := 0
export CPU_ARCH ?= unknown
export SIMD_SUPPORTED := 0
-ARCH = $(shell uname -m)
+ARCH ?= $(shell uname -m)
ifneq (,$(filter i386 i486 i586 i686 x86,$(ARCH)))
CPU_ARCH = x86
@@ -147,6 +151,7 @@ endif
ifeq "$(origin NOASM)" "command line"
CPU_ARCH = unknown
+ C_CXX_FLAGS += -DCRYPTOPP_DISABLE_X86ASM
endif
ifeq "$(CPU_ARCH)" "x86"
@@ -223,6 +228,10 @@ ifeq "$(shell uname -s)" "Linux"
WXCONFIG_CFLAGS += -mno-sse2
WXCONFIG_CXXFLAGS += -mno-sse2
endif
+
+ ifeq "$(origin WITHGTK3)" "command line"
+ WX_CONFIGURE_FLAGS += --with-gtk=3
+ endif
endif
@@ -234,19 +243,25 @@ ifeq "$(shell uname -s)" "Darwin"
APPNAME := VeraCrypt
export VC_OSX_TARGET ?= 10.7
+ export VC_OSX_SDK ?= $(VC_OSX_TARGET)
#check to see if XCode 3 path exists.Otherwise, use XCode 4 path
- VC_OSX_SDK := /Developer/SDKs/MacOSX$(VC_OSX_TARGET).sdk
- ifeq ($(wildcard $(VC_OSX_SDK)/SDKSettings.plist),)
- VC_OSX_SDK := /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX$(VC_OSX_TARGET).sdk
+ VC_OSX_SDK_PATH := /Developer/SDKs/MacOSX$(VC_OSX_SDK).sdk
+ ifeq ($(wildcard $(VC_OSX_SDK_PATH)/SDKSettings.plist),)
+ VC_OSX_SDK_PATH := /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX$(VC_OSX_SDK).sdk
+ endif
+
+ #----- Legacy build if OSX <= 10.8: we build both 32-bit and 64-bit ----
+ ifneq (,$(filter 10.6 10.7 10.8,$(VC_OSX_TARGET)))
+ export VC_LEGACY_BUILD := 1
endif
CC := gcc
CXX := g++
- C_CXX_FLAGS += -DTC_UNIX -DTC_BSD -DTC_MACOSX -mmacosx-version-min=$(VC_OSX_TARGET) -isysroot $(VC_OSX_SDK)
- LFLAGS += -mmacosx-version-min=$(VC_OSX_TARGET) -Wl,-syslibroot $(VC_OSX_SDK)
- WX_CONFIGURE_FLAGS += --with-macosx-version-min=$(VC_OSX_TARGET) --with-macosx-sdk=$(VC_OSX_SDK)
+ C_CXX_FLAGS += -DTC_UNIX -DTC_BSD -DTC_MACOSX -mmacosx-version-min=$(VC_OSX_TARGET) -isysroot $(VC_OSX_SDK_PATH)
+ LFLAGS += -mmacosx-version-min=$(VC_OSX_TARGET) -Wl,-syslibroot $(VC_OSX_SDK_PATH)
+ WX_CONFIGURE_FLAGS += --with-macosx-version-min=$(VC_OSX_TARGET) --with-macosx-sdk=$(VC_OSX_SDK_PATH)
ifeq "$(CPU_ARCH)" "x64"
CPU_ARCH = x86
@@ -276,10 +291,18 @@ ifeq "$(shell uname -s)" "Darwin"
S := $(C_CXX_FLAGS)
C_CXX_FLAGS = $(subst -MMD,,$(S))
- C_CXX_FLAGS += -gfull -arch i386 -arch x86_64
- LFLAGS += -Wl,-dead_strip -arch i386 -arch x86_64
+ C_CXX_FLAGS += -gfull -arch x86_64
+ LFLAGS += -Wl,-dead_strip -arch x86_64
+
+ #----- Legacy build: we build both 32-bit and 64-bit ----
+ ifdef VC_LEGACY_BUILD
+ C_CXX_FLAGS += -arch i386
+ LFLAGS += -arch i386
+ WX_CONFIGURE_FLAGS += --enable-universal_binary=i386,x86_64
+ else
+ WX_CONFIGURE_FLAGS += --disable-universal_binary
+ endif
- WX_CONFIGURE_FLAGS += --enable-universal_binary=i386,x86_64
WXCONFIG_CFLAGS += -gfull
WXCONFIG_CXXFLAGS += -gfull
@@ -358,8 +381,10 @@ CFLAGS := $(C_CXX_FLAGS) $(CFLAGS) $(TC_EXTRA_CFLAGS)
CXXFLAGS := $(C_CXX_FLAGS) $(CXXFLAGS) $(TC_EXTRA_CXXFLAGS)
LFLAGS := $(LFLAGS) $(TC_EXTRA_LFLAGS)
-WX_CONFIGURE_FLAGS += --enable-unicode -disable-shared --disable-dependency-tracking --disable-compat26 --enable-exceptions --enable-std_string --enable-dataobj --enable-mimetype \
- --disable-protocol --disable-protocols --disable-url --disable-ipc --disable-sockets --disable-fs_inet --disable-ole --disable-docview --disable-clipboard \
+WX_CONFIGURE_FLAGS += --enable-unicode -disable-shared --disable-dependency-tracking --enable-exceptions --enable-std_string --enable-dataobj --enable-mimetype
+
+ifdef VC_WX_MINIMAL
+WX_CONFIGURE_FLAGS += --disable-protocol --disable-protocols --disable-url --disable-ipc --disable-sockets --disable-fs_inet --disable-ole --disable-docview --disable-clipboard \
--disable-help --disable-html --disable-mshtmlhelp --disable-htmlhelp --disable-mdi --disable-metafile --disable-webkit --disable-webview \
--disable-xrc --disable-aui --disable-postscript --disable-printarch \
--disable-arcstream --disable-fs_archive --disable-fs_zip --disable-tarstream --disable-zipstream \
@@ -372,14 +397,21 @@ WX_CONFIGURE_FLAGS += --enable-unicode -disable-shared --disable-dependency-trac
--disable-richtext --disable-dialupman --disable-debugreport --disable-filesystem --disable-rearrangectrl --disable-treelist --disable-richmsgdlg \
--disable-richtooltip --disable-propgrid --disable-stc --without-libnotify \
--without-gtkprint --without-gnomevfs --disable-fsvolume --disable-fswatcher \
- --disable-graphics_ctx --disable-sound --disable-mediactrl --disable-joystick --disable-apple_ieee \
+ --disable-sound --disable-mediactrl --disable-joystick --disable-apple_ieee \
--disable-gif --disable-pcx --disable-tga --disable-iff --disable-gif --disable-pnm --disable-svg \
--without-expat --without-libtiff --without-libjpeg --without-libpng -without-regex --without-zlib
-
+
ifeq "$(PLATFORM)" "Linux"
WX_CONFIGURE_FLAGS += --disable-tooltips
+ifneq "$(origin WITHGTK3)" "command line"
+ WX_CONFIGURE_FLAGS += --disable-graphics_ctx
+endif
+else
+ WX_CONFIGURE_FLAGS += --disable-graphics_ctx
+endif
endif
+
#------ Project build ------
PROJ_DIRS := Platform Volume Driver/Fuse Core Main
@@ -422,4 +454,4 @@ endif
cd "$(WX_BUILD_DIR)" && "$(WX_ROOT)/configure" $(WX_CONFIGURE_FLAGS) >/dev/null
@echo Building wxWidgets library...
- cd "$(WX_BUILD_DIR)" && $(MAKE)
+ cd "$(WX_BUILD_DIR)" && $(MAKE) -j 4
diff --git a/src/Mount/Favorites.cpp b/src/Mount/Favorites.cpp
index 284c0b5..e93b920 100644
--- a/src/Mount/Favorites.cpp
+++ b/src/Mount/Favorites.cpp
@@ -243,76 +243,91 @@ namespace VeraCrypt
switch (lw)
{
case IDOK:
-
- /* Global System Favorites settings */
-
- if (SystemFavoritesMode)
{
- BootEncryption BootEncObj (NULL);
+ BOOL bInitialOptionValue = NeedPeriodicDeviceListUpdate;
- if (BootEncObj.GetStatus().DriveMounted)
+ /* Global System Favorites settings */
+
+ if (SystemFavoritesMode)
{
- try
- {
- uint32 reqConfig = IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_OPEN_EXPLORER_WIN_ON_MOUNT) ? TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES : 0;
- if (reqConfig != (ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES))
- BootEncObj.SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES, reqConfig ? true : false);
+ BootEncryption BootEncObj (NULL);
- SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS, IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_DISABLE_HOTKEY));
- }
- catch (Exception &e)
+ if (BootEncObj.GetStatus().DriveMounted)
{
- e.Show (hwndDlg);
+ try
+ {
+ uint32 reqConfig = IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_OPEN_EXPLORER_WIN_ON_MOUNT) ? TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES : 0;
+ if (reqConfig != (ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES))
+ BootEncObj.SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES, reqConfig ? true : false);
+
+ if (!BootEncObj.IsSystemFavoritesServiceRunning())
+ {
+ // The system favorites service should be always running
+ // If it is stopped for some reason, we reconfigure it
+ BootEncObj.RegisterSystemFavoritesService (TRUE);
+ }
+
+ SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS, IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_DISABLE_HOTKEY));
+ }
+ catch (Exception &e)
+ {
+ e.Show (hwndDlg);
+ }
}
}
- }
- /* (System) Favorites list */
+ /* (System) Favorites list */
- if (SelectedItem != -1 && !Favorites.empty())
- SetFavoriteVolume (hwndDlg, Favorites[SelectedItem], SystemFavoritesMode);
+ if (SelectedItem != -1 && !Favorites.empty())
+ SetFavoriteVolume (hwndDlg, Favorites[SelectedItem], SystemFavoritesMode);
- if (SaveFavoriteVolumes (hwndDlg, Favorites, SystemFavoritesMode))
- {
- if (!SystemFavoritesMode)
+ if (SaveFavoriteVolumes (hwndDlg, Favorites, SystemFavoritesMode))
{
- bMountFavoritesOnLogon = FALSE;
-
- foreach (const FavoriteVolume &favorite, Favorites)
+ if (!SystemFavoritesMode)
{
- if (favorite.MountOnLogOn)
+ bMountFavoritesOnLogon = FALSE;
+
+ foreach (const FavoriteVolume &favorite, Favorites)
{
- bMountFavoritesOnLogon = TRUE;
- break;
+ if (favorite.MountOnLogOn)
+ {
+ bMountFavoritesOnLogon = TRUE;
+ break;
+ }
}
- }
- if (!bEnableBkgTask || bCloseBkgTaskWhenNoVolumes || IsNonInstallMode())
- {
- foreach (const FavoriteVolume favorite, Favorites)
+ if (!bEnableBkgTask || bCloseBkgTaskWhenNoVolumes || IsNonInstallMode())
{
- if (favorite.MountOnArrival)
+ foreach (const FavoriteVolume favorite, Favorites)
{
- Warning ("FAVORITE_ARRIVAL_MOUNT_BACKGROUND_TASK_ERR", hwndDlg);
- break;
+ if (favorite.MountOnArrival)
+ {
+ Warning ("FAVORITE_ARRIVAL_MOUNT_BACKGROUND_TASK_ERR", hwndDlg);
+ break;
+ }
}
}
- }
- FavoriteVolumes = Favorites;
+ if (!bInitialOptionValue && NeedPeriodicDeviceListUpdate)
+ {
+ // a favorite was set to use VolumeID. We update the list of devices available for mounting as early as possible
+ UpdateMountableHostDeviceList ();
+ }
+
+ FavoriteVolumes = Favorites;
- ManageStartupSeq();
- SaveSettings (hwndDlg);
- }
- else
- SystemFavoriteVolumes = Favorites;
+ ManageStartupSeq();
+ SaveSettings (hwndDlg);
+ }
+ else
+ SystemFavoriteVolumes = Favorites;
- OnFavoriteVolumesUpdated();
- LoadDriveLetters (hwndDlg, GetDlgItem (MainDlg, IDC_DRIVELIST), 0);
+ OnFavoriteVolumesUpdated();
+ LoadDriveLetters (hwndDlg, GetDlgItem (MainDlg, IDC_DRIVELIST), 0);
- EndDialog (hwndDlg, IDOK);
+ EndDialog (hwndDlg, IDOK);
+ }
}
-
return 1;
case IDCANCEL:
@@ -554,6 +569,7 @@ namespace VeraCrypt
void LoadFavoriteVolumes (vector <FavoriteVolume> &favorites, bool systemFavorites, bool noUacElevation)
{
+ bool bVolumeIdInUse = false;
favorites.clear();
wstring favoritesFilePath = systemFavorites ? GetServiceConfigPath (TC_APPD_FILENAME_SYSTEM_FAVORITE_VOLUMES, false) : GetConfigPath (TC_APPD_FILENAME_FAVORITE_VOLUMES);
@@ -701,10 +717,21 @@ namespace VeraCrypt
favorite.Pkcs5 = -1;
}
+ if (!systemFavorites && favorite.UseVolumeID)
+ bVolumeIdInUse = true;
+
favorites.push_back (favorite);
xml++;
}
+ if (!systemFavorites)
+ {
+ if (bVolumeIdInUse && !DisablePeriodicDeviceListUpdate)
+ NeedPeriodicDeviceListUpdate = TRUE;
+ else
+ NeedPeriodicDeviceListUpdate = FALSE;
+ }
+
free (favoritesXml);
}
@@ -763,6 +790,7 @@ namespace VeraCrypt
{
FILE *f;
int cnt = 0;
+ bool bVolumeIdInUse = false;
f = _wfopen (GetConfigPath (systemFavorites ? TC_APPD_FILENAME_SYSTEM_FAVORITE_VOLUMES : TC_APPD_FILENAME_FAVORITE_VOLUMES), L"w,ccs=UTF-8");
if (f == NULL)
@@ -827,7 +855,11 @@ namespace VeraCrypt
s += L" useLabelInExplorer=\"1\"";
if (favorite.UseVolumeID && !IsRepeatedByteArray (0, favorite.VolumeID, sizeof (favorite.VolumeID)))
+ {
s += L" useVolumeID=\"1\"";
+ if (!systemFavorites)
+ bVolumeIdInUse = true;
+ }
s += L">" + wstring (tq) + L"</volume>";
@@ -838,6 +870,14 @@ namespace VeraCrypt
fputws (L"\n\t</favorites>", f);
XmlWriteFooter (f);
+ if (!systemFavorites)
+ {
+ if (bVolumeIdInUse && !DisablePeriodicDeviceListUpdate)
+ NeedPeriodicDeviceListUpdate = TRUE;
+ else
+ NeedPeriodicDeviceListUpdate = FALSE;
+ }
+
if (!CheckFileStreamWriteErrors (hwndDlg, f, systemFavorites ? TC_APPD_FILENAME_SYSTEM_FAVORITE_VOLUMES : TC_APPD_FILENAME_FAVORITE_VOLUMES))
{
fclose (f);
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 5f96afb..6b491c5 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -158,14 +158,14 @@ MountOptions CmdMountOptions;
BOOL CmdMountOptionsValid = FALSE;
MountOptions mountOptions;
MountOptions defaultMountOptions;
-KeyFile *FirstCmdKeyFile;
+KeyFile *FirstCmdKeyFile = NULL;
HBITMAP hbmLogoBitmapRescaled = NULL;
wchar_t OrigKeyboardLayout [8+1] = L"00000409";
BOOL bKeyboardLayoutChanged = FALSE; /* TRUE if the keyboard layout was changed to the standard US keyboard layout (from any other layout). */
BOOL bKeybLayoutAltKeyWarningShown = FALSE; /* TRUE if the user has been informed that it is not possible to type characters by pressing keys while the right Alt key is held down. */
-static KeyFilesDlgParam hidVolProtKeyFilesParam;
+static KeyFilesDlgParam hidVolProtKeyFilesParam = {0};
static MOUNT_LIST_STRUCT LastKnownMountList = {0};
VOLUME_NOTIFICATIONS_LIST VolumeNotificationsList;
@@ -181,6 +181,8 @@ static int bPrebootPasswordDlgMode = FALSE;
static int NoCmdLineArgs;
static BOOL CmdLineVolumeSpecified;
static int LastDriveListVolumeColumnWidth;
+static BOOL ExitMailSlotSpecified = FALSE;
+static TCHAR ExitMailSlotName[MAX_PATH];
// WTS handling
static HMODULE hWtsLib = NULL;
static WTSREGISTERSESSIONNOTIFICATION fnWtsRegisterSessionNotification = NULL;
@@ -375,6 +377,9 @@ static void localcleanup (void)
burn (&defaultMountOptions, sizeof (defaultMountOptions));
burn (szFileName, sizeof(szFileName));
+ KeyFileRemoveAll (&FirstCmdKeyFile);
+ KeyFileRemoveAll (&hidVolProtKeyFilesParam.FirstKeyFile);
+
/* Cleanup common code resources */
cleanup ();
@@ -512,8 +517,11 @@ static void InitMainDialog (HWND hwndDlg)
e.Show (NULL);
}
- // initialize the list of devices available for mounting as early as possible
- UpdateMountableHostDeviceList ();
+ if (NeedPeriodicDeviceListUpdate)
+ {
+ // initialize the list of devices available for mounting as early as possible
+ UpdateMountableHostDeviceList ();
+ }
if (Silent)
LoadDriveLetters (hwndDlg, NULL, 0);
@@ -2968,7 +2976,12 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
SetWindowPos (hwndDlg, HWND_NOTOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE);
}
SetFocus (GetDlgItem (hwndDlg, IDC_PASSWORD));
- SetTimer (hwndDlg, TIMER_ID_CHECK_FOREGROUND, TIMER_INTERVAL_CHECK_FOREGROUND, NULL);
+
+ /* Start the timer to check if we are foreground only if Secure Desktop is not used */
+ if (!bSecureDesktopOngoing)
+ {
+ SetTimer (hwndDlg, TIMER_ID_CHECK_FOREGROUND, TIMER_INTERVAL_CHECK_FOREGROUND, NULL);
+ }
}
return 0;
@@ -3011,11 +3024,16 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
if (keybLayout != 0x00000409 && keybLayout != 0x04090409)
{
Error ("CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION", hwndDlg);
- EndDialog (hwndDlg, IDCANCEL);
- return 1;
+ /* don't be too agressive on enforcing an English keyboard layout. E.g. on WindowsPE this call fails and
+ * then the user can only mount a system encrypted device using the command line by passing the password as a parameter
+ * (which might not be obvious for not so advanced users).
+ *
+ * Now, we informed the user that English keyboard is required, if it is not available the volume can just not be mounted.
+ * There should be no other drawback (as e.g., on the change password dialog, when you might change to a password which won't
+ * work on the pre-start environment.
+ */
}
-
- if (SetTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD, TIMER_INTERVAL_KEYB_LAYOUT_GUARD, NULL) == 0)
+ else if (SetTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD, TIMER_INTERVAL_KEYB_LAYOUT_GUARD, NULL) == 0)
{
Error ("CANNOT_SET_TIMER", hwndDlg);
EndDialog (hwndDlg, IDCANCEL);
@@ -5048,7 +5066,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, wchar_t *szFileName, int pim,
else if (!Silent)
{
int GuiPkcs5 = EffectiveVolumePkcs5;
- BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
+ BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode || IsTrueCryptFileExtension (szFileName)? TRUE : FALSE;
int GuiPim = EffectiveVolumePim;
StringCbCopyW (PasswordDlgVolume, sizeof(PasswordDlgVolume), szFileName);
@@ -5142,7 +5160,14 @@ static BOOL Dismount (HWND hwndDlg, int nDosDriveNo)
WaitCursor ();
if (nDosDriveNo == -2)
+ {
nDosDriveNo = (char) (HIWORD (GetSelectedLong (GetDlgItem (hwndDlg, IDC_DRIVELIST))) - L'A');
+ if (nDosDriveNo < 0 || nDosDriveNo >= 26)
+ {
+ NormalCursor ();
+ return FALSE;
+ }
+ }
if (bCloseDismountedWindows)
{
@@ -6069,8 +6094,6 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
return;
}
- WaitCursor();
-
// Make sure the user is not attempting to decrypt a partition on an entirely encrypted system drive.
if (IsNonSysPartitionOnSysDrive (scPath.c_str ()) == 1)
{
@@ -6088,8 +6111,6 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
{
// The system drive MAY be entirely encrypted (external access without PBA) and the potentially encrypted OS is not running
- NormalCursor ();
-
Warning ("CANT_DECRYPT_PARTITION_ON_ENTIRELY_ENCRYPTED_SYS_DRIVE_UNSURE", hwndDlg);
// We allow the user to continue as we don't know if the drive is really an encrypted system drive.
@@ -6771,6 +6792,41 @@ void DisplayDriveListContextMenu (HWND hwndDlg, LPARAM lParam)
}
}
+// broadcast signal to WAITFOR.EXE MailSlot to notify any waiting instance that we are exiting
+static void SignalExitCode (int exitCode)
+{
+ if (ExitMailSlotSpecified)
+ {
+ HANDLE hFile;
+ hFile = CreateFile (ExitMailSlotName,
+ GENERIC_WRITE,
+ FILE_SHARE_READ,
+ (LPSECURITY_ATTRIBUTES) NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ (HANDLE) NULL);
+ if ((hFile == INVALID_HANDLE_VALUE) && (GetLastError () == ERROR_FILE_NOT_FOUND))
+ {
+ // MailSlot not found, wait 1 second and try again in case we exited too quickly
+ Sleep (1000);
+ hFile = CreateFile (ExitMailSlotName,
+ GENERIC_WRITE,
+ FILE_SHARE_READ,
+ (LPSECURITY_ATTRIBUTES) NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ (HANDLE) NULL);
+ }
+ if (hFile != INVALID_HANDLE_VALUE)
+ {
+ char szMsg[64];
+ DWORD cbWritten;
+ StringCbPrintfA (szMsg, sizeof (szMsg), "VeraCrypt Exit %d", exitCode);
+ WriteFile(hFile, szMsg, (DWORD) (strlen (szMsg) +1), &cbWritten, (LPOVERLAPPED) NULL);
+ CloseHandle (hFile);
+ }
+ }
+}
/* Except in response to the WM_INITDIALOG and WM_ENDSESSION messages, the dialog box procedure
should return nonzero if it processes a message, and zero if it does not. */
@@ -6850,6 +6906,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
AbortProcess ("COMMAND_LINE_ERROR");
}
+ if (EnableMemoryProtection)
+ {
+ /* Protect this process memory from being accessed by non-admin users */
+ EnableProcessProtection ();
+ }
+
if (ComServerMode)
{
InitDialog (hwndDlg);
@@ -6975,7 +7037,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (FirstCmdKeyFile)
{
KeyFileRemoveAll (&FirstKeyFile);
- FirstKeyFile = FirstCmdKeyFile;
+ KeyFileCloneAll (FirstCmdKeyFile, &FirstKeyFile);
KeyFilesEnable = TRUE;
}
@@ -7111,7 +7173,10 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (Quit)
{
if (TaskBarIconMutex == NULL)
+ {
+ SignalExitCode (exitCode);
exit (exitCode);
+ }
MainWindowHidden = TRUE;
@@ -7123,6 +7188,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
if (TaskBarIconMutex)
TaskBarIconRemove (hwndDlg);
+ SignalExitCode (exitCode);
exit (exitCode);
}
else
@@ -7336,7 +7402,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
if (wParam == TIMER_ID_UPDATE_DEVICE_LIST)
{
- UpdateMountableHostDeviceList ();
+ if (NeedPeriodicDeviceListUpdate)
+ UpdateMountableHostDeviceList ();
}
else
{
@@ -8872,6 +8939,9 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionTryEmptyPassword,
OptionNoWaitDlg,
OptionSecureDesktop,
+ OptionDisableDeviceUpdate,
+ OptionEnableMemoryProtection,
+ OptionSignalExit,
};
argument args[]=
@@ -8900,6 +8970,9 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionTryEmptyPassword, L"/tryemptypass", NULL, FALSE },
{ OptionNoWaitDlg, L"/nowaitdlg", NULL, FALSE },
{ OptionSecureDesktop, L"/secureDesktop", NULL, FALSE },
+ { OptionDisableDeviceUpdate, L"/disableDeviceUpdate", NULL, FALSE },
+ { OptionEnableMemoryProtection, L"/protectMemory", NULL, FALSE },
+ { OptionSignalExit, L"/signalExit", NULL, FALSE },
};
argumentspec as;
@@ -8990,6 +9063,29 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
}
break;
+ case OptionDisableDeviceUpdate:
+ {
+ DisablePeriodicDeviceListUpdate = TRUE;
+ }
+ break;
+
+ case OptionEnableMemoryProtection:
+ {
+ EnableMemoryProtection = TRUE;
+ }
+ break;
+
+ case OptionSignalExit:
+ if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs, &i,
+ nNoCommandLineArgs, tmpPath, ARRAYSIZE (tmpPath)))
+ {
+ StringCbPrintfW (ExitMailSlotName, sizeof (ExitMailSlotName), L"\\\\.\\mailslot\\WAITFOR.EXE\\%s", tmpPath);
+ ExitMailSlotSpecified = TRUE;
+ }
+ else
+ AbortProcess ("COMMAND_LINE_ERROR");
+ break;
+
case OptionCache:
{
wchar_t szTmp[16] = {0};
@@ -9409,25 +9505,31 @@ static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl,
case SERVICE_CONTROL_STOP:
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
- if (bSystemIsGPT)
+ if (!(BootEncObj->ReadServiceConfigurationFlags () & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER))
{
- uint32 serviceFlags = BootEncObj->ReadServiceConfigurationFlags ();
- if (!(serviceFlags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER))
+ try
{
- try
- {
- BootEncryption::UpdateSetupConfigFile (true);
- if (!BootEncStatus.HiddenSystem)
- {
- // re-install our bootloader again in case the update process has removed it.
- BootEncryption bootEnc (NULL, true);
- bootEnc.InstallBootLoader (true);
- }
- }
- catch (...)
+ BootEncryption::UpdateSetupConfigFile (true);
+ if (!BootEncStatus.HiddenSystem)
{
+ // re-install our bootloader again in case the update process has removed it.
+ bool bForceSetNextBoot = false;
+ bool bSetBootentry = true;
+ bool bForceFirstBootEntry = true;
+ uint32 flags = BootEncObj->ReadServiceConfigurationFlags ();
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT)
+ bForceSetNextBoot = true;
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY)
+ bSetBootentry = false;
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY)
+ bForceFirstBootEntry = false;
+ BootEncryption bootEnc (NULL, true, bSetBootentry, bForceFirstBootEntry, bForceSetNextBoot);
+ bootEnc.InstallBootLoader (true);
}
}
+ catch (...)
+ {
+ }
}
/* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION flag */
@@ -9529,8 +9631,6 @@ static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
SystemFavoritesServiceSetStatus (SERVICE_START_PENDING, 120000);
SystemFavoritesServiceLogInfo (wstring (L"Initializing list of host devices"));
- // initialize the list of devices available for mounting as early as possible
- UpdateMountableHostDeviceList ();
SystemFavoritesServiceLogInfo (wstring (L"Starting System Favorites mounting process"));
@@ -10111,9 +10211,6 @@ BOOL MountFavoriteVolumes (HWND hwnd, BOOL systemFavorites, BOOL logOnMount, BOO
{
Sleep (5000);
- SystemFavoritesServiceLogInfo (wstring (L"Updating list of host devices"));
- UpdateMountableHostDeviceList ();
-
SystemFavoritesServiceLogInfo (wstring (L"Trying to mount skipped system favorites"));
// Update the service status to avoid being killed
@@ -10842,6 +10939,21 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
nStatus = ERR_OS_ERROR;
goto error;
}
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access timestamp is not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ /* Remember the container modification/creation date and time. */
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
// Determine volume host size
if (bDevice)
@@ -10912,15 +11024,6 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
hostSize = fileSize.QuadPart;
}
- if (!bDevice && bPreserveTimestamp)
- {
- /* Remember the container modification/creation date and time. */
-
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
- }
/* Read the volume header from the backup file */
char buffer[TC_VOLUME_HEADER_GROUP_SIZE];
@@ -11592,6 +11695,8 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
WORD lw = LOWORD (wParam);
static std::string platforminfo;
+ static byte currentUserConfig;
+ static string currentCustomUserMessage;
switch (msg)
{
@@ -11618,6 +11723,14 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bClearKeysEnabled = (driverConfig & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)? TRUE : FALSE;
BOOL bIsHiddenOS = IsHiddenOSRunning ();
+ if (bClearKeysEnabled)
+ {
+ // the clear keys option works only if the service is running
+ if (!BootEncObj->IsSystemFavoritesServiceRunning())
+ bClearKeysEnabled = false;
+ }
+
+
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
{
// operations canceled
@@ -11625,6 +11738,10 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
return 1;
}
+ // we store current configuration in order to be able to detect if user changed it or not after clicking OK
+ currentUserConfig = userConfig;
+ currentCustomUserMessage = customUserMessage;
+
if (bootLoaderVersion != VERSION_NUM)
Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
@@ -11694,13 +11811,19 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
try
{
- std::string dcsprop = ReadESPFile (L"\\EFI\\VeraCrypt\\DcsProp", true);
+ std::string currentDcsprop = ReadESPFile (L"\\EFI\\VeraCrypt\\DcsProp", true);
+ std::string dcsprop = currentDcsprop;
while (TextEditDialogBox(FALSE, hwndDlg, GetString ("BOOT_LOADER_CONFIGURATION_FILE"), dcsprop) == IDOK)
{
- if (validateDcsPropXml (dcsprop.c_str()))
+ const char* dcspropContent = dcsprop.c_str();
+ if (0 == strcmp(dcspropContent, currentDcsprop.c_str()))
+ {
+ break;
+ }
+ else if (validateDcsPropXml (dcspropContent))
{
- WriteESPFile (L"\\EFI\\VeraCrypt\\DcsProp", (LPBYTE) dcsprop.c_str(), (DWORD) dcsprop.size(), true);
+ WriteESPFile (L"\\EFI\\VeraCrypt\\DcsProp", (LPBYTE) dcspropContent, (DWORD) strlen (dcspropContent), true);
break;
}
else
@@ -11738,17 +11861,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
if (!bSystemIsGPT)
GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
- byte userConfig;
- try
- {
- if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig))
- return 1;
- }
- catch (Exception &e)
- {
- e.Show (hwndDlg);
- return 1;
- }
+ byte userConfig = currentUserConfig;
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT))
userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_PIM;
@@ -11757,22 +11870,22 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
if (bSystemIsGPT)
{
- if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
- userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
+ if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
+ userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
}
else
{
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
- userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
+ userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
- if (!IsDlgButtonChecked (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS))
- userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
+ if (!IsDlgButtonChecked (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS))
+ userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
}
try
@@ -11781,7 +11894,21 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
BOOL bBlockSysEncTrimEnabled = IsDlgButtonChecked (hwndDlg, IDC_BLOCK_SYSENC_TRIM);
BOOL bClearKeysEnabled = IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION);
- BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
+
+ if (bClearKeysEnabled && !BootEncObj->IsSystemFavoritesServiceRunning())
+ {
+ // the system favorite service service should be running
+ // if it is not the case, report a failure and quit
+ std::string techInfo = SRC_POS;
+ techInfo += "\nIsSystemFavoritesServiceRunning = False.";
+ ReportUnexpectedState (techInfo.c_str());
+ return 1;
+ }
+
+ // only write boot configuration if something changed
+ if ((userConfig != currentUserConfig) || (!bSystemIsGPT && (customUserMessage != currentCustomUserMessage)))
+ BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
+
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));
@@ -11833,7 +11960,18 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
case IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION:
if (IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION))
{
- Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
+ if (!BootEncObj->IsSystemFavoritesServiceRunning())
+ {
+ // the system favorite service service should be running
+ // if it is not the case, report a failure
+ std::string techInfo = SRC_POS;
+ techInfo += "\nIsSystemFavoritesServiceRunning = False.";
+ ReportUnexpectedState (techInfo.c_str());
+
+ CheckDlgButton (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, BST_UNCHECKED);
+ }
+ else
+ Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
}
break;
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index 137cc62..1289b3b 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -195,8 +195,8 @@ BEGIN
EDITTEXT IDC_PIM,69,43,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER | NOT WS_VISIBLE
CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,48,97,10
CONTROL "Cache passwords and keyfil&es in memory",IDC_CACHE,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,61,153,10
- CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,74,83,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,61,241,10
+ CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,74,244,10
CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,87,99,11
PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,173,84,75,14
PUSHBUTTON "Mount Opti&ons...",IDC_MOUNT_OPTIONS,252,84,69,14
@@ -548,8 +548,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,5,0
- PRODUCTVERSION 1,24,5,0
+ FILEVERSION 1,24,15,0
+ PRODUCTVERSION 1,24,15,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -566,11 +566,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt"
- VALUE "FileVersion", "1.24-Beta5"
+ VALUE "FileVersion", "1.24-Update6"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Beta5"
+ VALUE "ProductVersion", "1.24-Update6"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Mount/Mount.vcxproj.user b/src/Mount/Mount.vcxproj.user
index ace9a86..9ab5ba9 100644
--- a/src/Mount/Mount.vcxproj.user
+++ b/src/Mount/Mount.vcxproj.user
@@ -1,3 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <LocalDebuggerCommandArguments>
+ </LocalDebuggerCommandArguments>
+ <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+ </PropertyGroup>
</Project> \ No newline at end of file
diff --git a/src/Platform/Exception.h b/src/Platform/Exception.h
index 71cfa1c..b0f04bb 100644
--- a/src/Platform/Exception.h
+++ b/src/Platform/Exception.h
@@ -82,6 +82,7 @@ namespace VeraCrypt
TC_EXCEPTION_NODECL (ExecutedProcessFailed); \
TC_EXCEPTION (AlreadyInitialized); \
TC_EXCEPTION (AssertionFailed); \
+ TC_EXCEPTION (DeviceSectorSizeMismatch); \
TC_EXCEPTION (ExternalException); \
TC_EXCEPTION (InsufficientData); \
TC_EXCEPTION (NotApplicable); \
diff --git a/src/Platform/Unix/Process.cpp b/src/Platform/Unix/Process.cpp
index ac8598f..a21e118 100644
--- a/src/Platform/Unix/Process.cpp
+++ b/src/Platform/Unix/Process.cpp
@@ -30,7 +30,7 @@ namespace VeraCrypt
string Process::Execute (const string &processName, const list <string> &arguments, int timeOut, ProcessExecFunctor *execFunctor, const Buffer *inputData)
{
char *args[32];
- if (array_capacity (args) <= arguments.size())
+ if (array_capacity (args) <= (arguments.size() + 1))
throw ParameterTooLarge (SRC_POS);
#if 0
diff --git a/src/Readme.txt b/src/Readme.txt
index 877d103..d4dc8f1 100644
--- a/src/Readme.txt
+++ b/src/Readme.txt
@@ -68,7 +68,7 @@ IDRIX certificate).
Keep this in mind if you compile VeraCrypt
and compare your binaries with the official binaries. If your binaries are
unsigned, the sizes of the official binaries will usually be approximately
-10 KB greater than sizes of your binaries (there may be further differences
+10 KiB greater than sizes of your binaries (there may be further differences
if you use a different version of the compiler, or if you install a different
or no service pack for Visual Studio, or different hotfixes for it, or if you
use different versions of the required SDKs).
@@ -241,10 +241,10 @@ Copyright Information
---------------------
This software as a whole:
-Copyright (c) 2013-2019 IDRIX. All rights reserved.
+Copyright (c) 2013-2020 IDRIX. All rights reserved.
Portions of this software:
-Copyright (c) 2013-2019 IDRIX. All rights reserved.
+Copyright (c) 2013-2020 IDRIX. All rights reserved.
Copyright (c) 2003-2012 TrueCrypt Developers Association. All rights reserved.
Copyright (c) 1998-2000 Paul Le Roux. All rights reserved.
Copyright (c) 1998-2008 Brian Gladman, Worcester, UK. All rights reserved.
@@ -253,7 +253,7 @@ Copyright (c) 2016 Disk Cryptography Services for EFI (DCS), Alex Kolotnikov
Copyright (c) 1999-2017 Dieter Baron and Thomas Klausner.
Copyright (c) 2013, Alexey Degtyarev. All rights reserved.
Copyright (c) 1999-2016 Jack Lloyd. All rights reserved.
-Copyright (c) 2013-2018 Stephan Mueller <smueller@chronox.de>
+Copyright (c) 2013-2019 Stephan Mueller <smueller@chronox.de>
For more information, please see the legal notices attached to parts of the
source code.
diff --git a/src/Release/Setup Files/veracrypt-x64.cat b/src/Release/Setup Files/veracrypt-x64.cat
index 076d114..b39e93d 100644
--- a/src/Release/Setup Files/veracrypt-x64.cat
+++ b/src/Release/Setup Files/veracrypt-x64.cat
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt-x64.sys b/src/Release/Setup Files/veracrypt-x64.sys
index 532ca44..3dc25f6 100644
--- a/src/Release/Setup Files/veracrypt-x64.sys
+++ b/src/Release/Setup Files/veracrypt-x64.sys
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt.Inf b/src/Release/Setup Files/veracrypt.Inf
index 94ced21..74d9f27 100644
--- a/src/Release/Setup Files/veracrypt.Inf
+++ b/src/Release/Setup Files/veracrypt.Inf
@@ -2,7 +2,7 @@
;;; VeraCrypt
;;;
;;;
-;;; Copyright (c) 2018, IDRIX
+;;; Copyright (c) 2020, IDRIX
;;;
[Version]
@@ -10,7 +10,7 @@ signature = "$Windows NT$"
Class = "Encryption" ;This is determined by the work this filter driver does
ClassGuid = {a0a701c0-a511-42ff-aa6c-06dc0395576f} ;This value is determined by the Class
Provider = %ProviderString%
-DriverVer = 03/08/2019,1.24.5.0
+DriverVer = 03/10/2020,1.24.15.0
CatalogFile = veracrypt.cat
diff --git a/src/Release/Setup Files/veracrypt.cat b/src/Release/Setup Files/veracrypt.cat
index 9756100..2d3f687 100644
--- a/src/Release/Setup Files/veracrypt.cat
+++ b/src/Release/Setup Files/veracrypt.cat
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt.sys b/src/Release/Setup Files/veracrypt.sys
index c2408b7..769a5a8 100644
--- a/src/Release/Setup Files/veracrypt.sys
+++ b/src/Release/Setup Files/veracrypt.sys
Binary files differ
diff --git a/src/Setup/FreeBSD/veracrypt-uninstall.sh b/src/Setup/FreeBSD/veracrypt-uninstall.sh
index f8f111e..e29dbcc 100644
--- a/src/Setup/FreeBSD/veracrypt-uninstall.sh
+++ b/src/Setup/FreeBSD/veracrypt-uninstall.sh
@@ -6,6 +6,7 @@ rm -f /usr/bin/veracrypt
rm -f /usr/share/applications/veracrypt.desktop
rm -f /usr/share/pixmaps/veracrypt.xpm
rm -fr /usr/share/veracrypt
+rm -fr /usr/share/doc/veracrypt