VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Boot/EFI/DcsBoot.efibin22840 -> 24088 bytes
-rw-r--r--src/Boot/EFI/DcsBoot32.efibin19672 -> 20472 bytes
-rw-r--r--src/Boot/EFI/DcsCfg.efibin952568 -> 953528 bytes
-rw-r--r--src/Boot/EFI/DcsCfg32.efibin815512 -> 816152 bytes
-rw-r--r--src/Boot/EFI/DcsInfo.efibin37144 -> 37144 bytes
-rw-r--r--src/Boot/EFI/DcsInfo32.efibin33880 -> 33880 bytes
-rw-r--r--src/Boot/EFI/DcsInt.efibin911032 -> 912184 bytes
-rw-r--r--src/Boot/EFI/DcsInt32.efibin794360 -> 795160 bytes
-rw-r--r--src/Boot/EFI/DcsRe.efibin28344 -> 28472 bytes
-rw-r--r--src/Boot/EFI/DcsRe32.efibin23960 -> 24056 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker.efibin9816 -> 9816 bytes
-rw-r--r--src/Boot/EFI/LegacySpeaker32.efibin9560 -> 9560 bytes
-rw-r--r--src/Boot/Windows/Bios.h3
-rw-r--r--src/Boot/Windows/BootCommon.h2
-rw-r--r--src/Boot/Windows/BootDiskIo.cpp4
-rw-r--r--src/Boot/Windows/BootDiskIo.h1
-rw-r--r--src/Boot/Windows/BootEncryptedIo.cpp14
-rw-r--r--src/Build/CMakeLists.txt316
-rw-r--r--src/Build/Include/Makefile.inc12
-rw-r--r--src/Build/Packaging/debian-control/prerm9
-rw-r--r--src/Build/Packaging/rpm-control/prerm.sh9
-rw-r--r--src/Build/Resources/MacOSX/Info.plist.legacy.xml106
-rw-r--r--src/Build/Resources/MacOSX/Info.plist.xml10
-rwxr-xr-xsrc/Build/build_cmake_deb.sh43
-rw-r--r--src/Build/build_cmake_opensuse.sh71
-rw-r--r--src/Build/build_cmake_rpm_gtk2.sh69
-rw-r--r--src/Build/build_cmake_rpm_gtk3.sh69
-rwxr-xr-xsrc/Build/build_veracrypt_macosx.sh20
-rwxr-xr-xsrc/Build/build_veracrypt_macosx_legacy.sh33
-rw-r--r--src/Common/BootEncryption.cpp826
-rw-r--r--src/Common/BootEncryption.h28
-rw-r--r--src/Common/Common.rc49
-rw-r--r--src/Common/Crypto.c8
-rw-r--r--src/Common/Crypto.h2
-rw-r--r--src/Common/Dlgcode.c449
-rw-r--r--src/Common/Dlgcode.h9
-rw-r--r--src/Common/Format.c46
-rw-r--r--src/Common/Format.h1
-rw-r--r--src/Common/Keyfiles.c59
-rw-r--r--src/Common/Language.xml93
-rw-r--r--src/Common/Password.c20
-rw-r--r--src/Common/Random.c27
-rw-r--r--src/Common/Random.h1
-rw-r--r--src/Common/Tcdefs.h19
-rw-r--r--src/Common/libzip/NEWS.md8
-rw-r--r--src/Common/libzip/compat.h2
-rw-r--r--src/Common/libzip/config.h2
-rw-r--r--src/Common/libzip/zip.h70
-rw-r--r--src/Common/libzip/zip_add.c2
-rw-r--r--src/Common/libzip/zip_add_dir.c2
-rw-r--r--src/Common/libzip/zip_add_entry.c2
-rw-r--r--src/Common/libzip/zip_algorithm_deflate.c2
-rw-r--r--src/Common/libzip/zip_buffer.c2
-rw-r--r--src/Common/libzip/zip_close.c27
-rw-r--r--src/Common/libzip/zip_delete.c2
-rw-r--r--src/Common/libzip/zip_dir_add.c2
-rw-r--r--src/Common/libzip/zip_dirent.c8
-rw-r--r--src/Common/libzip/zip_discard.c2
-rw-r--r--src/Common/libzip/zip_entry.c2
-rw-r--r--src/Common/libzip/zip_error.c2
-rw-r--r--src/Common/libzip/zip_error_clear.c2
-rw-r--r--src/Common/libzip/zip_error_get.c2
-rw-r--r--src/Common/libzip/zip_error_get_sys_type.c2
-rw-r--r--src/Common/libzip/zip_error_strerror.c2
-rw-r--r--src/Common/libzip/zip_error_to_str.c2
-rw-r--r--src/Common/libzip/zip_extra_field.c2
-rw-r--r--src/Common/libzip/zip_extra_field_api.c2
-rw-r--r--src/Common/libzip/zip_fclose.c2
-rw-r--r--src/Common/libzip/zip_fdopen.c4
-rw-r--r--src/Common/libzip/zip_file_add.c2
-rw-r--r--src/Common/libzip/zip_file_error_clear.c2
-rw-r--r--src/Common/libzip/zip_file_error_get.c2
-rw-r--r--src/Common/libzip/zip_file_get_comment.c2
-rw-r--r--src/Common/libzip/zip_file_get_external_attributes.c2
-rw-r--r--src/Common/libzip/zip_file_get_offset.c2
-rw-r--r--src/Common/libzip/zip_file_rename.c2
-rw-r--r--src/Common/libzip/zip_file_replace.c2
-rw-r--r--src/Common/libzip/zip_file_set_comment.c2
-rw-r--r--src/Common/libzip/zip_file_set_external_attributes.c2
-rw-r--r--src/Common/libzip/zip_file_set_mtime.c2
-rw-r--r--src/Common/libzip/zip_file_strerror.c2
-rw-r--r--src/Common/libzip/zip_filerange_crc.c14
-rw-r--r--src/Common/libzip/zip_fopen.c2
-rw-r--r--src/Common/libzip/zip_fopen_encrypted.c2
-rw-r--r--src/Common/libzip/zip_fopen_index.c2
-rw-r--r--src/Common/libzip/zip_fopen_index_encrypted.c2
-rw-r--r--src/Common/libzip/zip_fread.c2
-rw-r--r--src/Common/libzip/zip_get_archive_comment.c2
-rw-r--r--src/Common/libzip/zip_get_archive_flag.c2
-rw-r--r--src/Common/libzip/zip_get_encryption_implementation.c2
-rw-r--r--src/Common/libzip/zip_get_file_comment.c2
-rw-r--r--src/Common/libzip/zip_get_name.c2
-rw-r--r--src/Common/libzip/zip_get_num_entries.c2
-rw-r--r--src/Common/libzip/zip_get_num_files.c2
-rw-r--r--src/Common/libzip/zip_hash.c2
-rw-r--r--src/Common/libzip/zip_io_util.c2
-rw-r--r--src/Common/libzip/zip_memdup.c2
-rw-r--r--src/Common/libzip/zip_name_locate.c2
-rw-r--r--src/Common/libzip/zip_new.c2
-rw-r--r--src/Common/libzip/zip_open.c3
-rw-r--r--src/Common/libzip/zip_progress.c2
-rw-r--r--src/Common/libzip/zip_rename.c2
-rw-r--r--src/Common/libzip/zip_replace.c2
-rw-r--r--src/Common/libzip/zip_set_archive_comment.c2
-rw-r--r--src/Common/libzip/zip_set_archive_flag.c2
-rw-r--r--src/Common/libzip/zip_set_default_password.c2
-rw-r--r--src/Common/libzip/zip_set_file_comment.c2
-rw-r--r--src/Common/libzip/zip_set_file_compression.c2
-rw-r--r--src/Common/libzip/zip_set_name.c2
-rw-r--r--src/Common/libzip/zip_source_begin_write.c2
-rw-r--r--src/Common/libzip/zip_source_begin_write_cloning.c2
-rw-r--r--src/Common/libzip/zip_source_buffer.c6
-rw-r--r--src/Common/libzip/zip_source_call.c2
-rw-r--r--src/Common/libzip/zip_source_close.c2
-rw-r--r--src/Common/libzip/zip_source_commit_write.c2
-rw-r--r--src/Common/libzip/zip_source_compress.c2
-rw-r--r--src/Common/libzip/zip_source_crc.c3
-rw-r--r--src/Common/libzip/zip_source_error.c2
-rw-r--r--src/Common/libzip/zip_source_file.c2
-rw-r--r--src/Common/libzip/zip_source_filep.c17
-rw-r--r--src/Common/libzip/zip_source_free.c2
-rw-r--r--src/Common/libzip/zip_source_function.c2
-rw-r--r--src/Common/libzip/zip_source_get_compression_flags.c2
-rw-r--r--src/Common/libzip/zip_source_is_deleted.c2
-rw-r--r--src/Common/libzip/zip_source_layered.c2
-rw-r--r--src/Common/libzip/zip_source_open.c2
-rw-r--r--src/Common/libzip/zip_source_pkware.c2
-rw-r--r--src/Common/libzip/zip_source_read.c4
-rw-r--r--src/Common/libzip/zip_source_remove.c2
-rw-r--r--src/Common/libzip/zip_source_rollback_write.c2
-rw-r--r--src/Common/libzip/zip_source_seek.c9
-rw-r--r--src/Common/libzip/zip_source_seek_write.c2
-rw-r--r--src/Common/libzip/zip_source_stat.c2
-rw-r--r--src/Common/libzip/zip_source_supports.c2
-rw-r--r--src/Common/libzip/zip_source_tell.c2
-rw-r--r--src/Common/libzip/zip_source_tell_write.c2
-rw-r--r--src/Common/libzip/zip_source_win32a.c2
-rw-r--r--src/Common/libzip/zip_source_win32handle.c2
-rw-r--r--src/Common/libzip/zip_source_win32utf8.c2
-rw-r--r--src/Common/libzip/zip_source_win32w.c2
-rw-r--r--src/Common/libzip/zip_source_window.c17
-rw-r--r--src/Common/libzip/zip_source_write.c2
-rw-r--r--src/Common/libzip/zip_source_zip.c2
-rw-r--r--src/Common/libzip/zip_source_zip_new.c2
-rw-r--r--src/Common/libzip/zip_stat.c2
-rw-r--r--src/Common/libzip/zip_stat_index.c2
-rw-r--r--src/Common/libzip/zip_stat_init.c2
-rw-r--r--src/Common/libzip/zip_strerror.c2
-rw-r--r--src/Common/libzip/zip_string.c2
-rw-r--r--src/Common/libzip/zip_unchange.c2
-rw-r--r--src/Common/libzip/zip_unchange_all.c2
-rw-r--r--src/Common/libzip/zip_unchange_archive.c2
-rw-r--r--src/Common/libzip/zip_unchange_data.c2
-rw-r--r--src/Common/libzip/zip_utf-8.c4
-rw-r--r--src/Common/libzip/zipint.h23
-rw-r--r--src/Common/libzip/zipwin32.h2
-rw-r--r--src/Core/CoreBase.cpp3
-rw-r--r--src/Core/CoreBase.h7
-rw-r--r--src/Core/RandomNumberGenerator.cpp23
-rw-r--r--src/Core/RandomNumberGenerator.h2
-rw-r--r--src/Core/Unix/CoreService.cpp50
-rw-r--r--src/Core/Unix/CoreUnix.cpp7
-rw-r--r--src/Core/VolumeCreator.h1
-rw-r--r--src/Crypto/Aeskey.c13
-rw-r--r--src/Crypto/Camellia.c2
-rw-r--r--src/Crypto/Camellia.h2
-rw-r--r--src/Crypto/Crypto.vcxproj15
-rw-r--r--src/Crypto/Crypto.vcxproj.filters3
-rw-r--r--src/Crypto/Makefile.inc4
-rw-r--r--src/Crypto/Sha2.c6
-rw-r--r--src/Crypto/Sha2.h2
-rw-r--r--src/Crypto/Sources1
-rw-r--r--src/Crypto/Twofish.c8
-rw-r--r--src/Crypto/Twofish.h4
-rw-r--r--src/Crypto/Whirlpool.c14
-rw-r--r--src/Crypto/cpu.c33
-rw-r--r--src/Crypto/cpu.h4
-rw-r--r--src/Crypto/jitterentropy-base-user.h52
-rw-r--r--src/Crypto/jitterentropy-base.c468
-rw-r--r--src/Crypto/jitterentropy.h53
-rw-r--r--src/Crypto/rdrand_ml.asm266
-rw-r--r--src/Crypto/rdseed_ml.asm230
-rw-r--r--src/Driver/DriveFilter.c6
-rw-r--r--src/Driver/Driver.rc4
-rw-r--r--src/Driver/Ntdriver.c333
-rw-r--r--src/Driver/Ntvol.c71
-rw-r--r--src/ExpandVolume/DlgExpandVolume.cpp72
-rw-r--r--src/ExpandVolume/ExpandVolume.c75
-rw-r--r--src/ExpandVolume/ExpandVolume.h2
-rw-r--r--src/ExpandVolume/ExpandVolume.rc17
-rw-r--r--src/ExpandVolume/WinMain.cpp2
-rw-r--r--src/ExpandVolume/resource.h5
-rw-r--r--src/Format/Format.rc550
-rw-r--r--src/Format/Tcformat.c27
-rw-r--r--src/Format/VeraCrypt_Wizard.bmpbin166518 -> 190998 bytes
-rw-r--r--src/Main/CommandLineInterface.cpp41
-rw-r--r--src/Main/CommandLineInterface.h9
-rw-r--r--src/Main/Forms/DeviceSelectionDialog.cpp40
-rw-r--r--src/Main/Forms/EncryptionOptionsWizardPage.cpp18
-rw-r--r--src/Main/Forms/EncryptionOptionsWizardPage.h6
-rw-r--r--src/Main/Forms/Forms.cpp21
-rw-r--r--src/Main/Forms/KeyfilesPanel.cpp2
-rw-r--r--src/Main/Forms/MainFrame.cpp2
-rw-r--r--src/Main/Forms/TrueCrypt.fbp24
-rw-r--r--src/Main/Forms/VolumeCreationWizard.cpp3
-rw-r--r--src/Main/Forms/VolumeFormatOptionsWizardPage.cpp4
-rw-r--r--src/Main/Forms/VolumePasswordPanel.cpp16
-rw-r--r--src/Main/Forms/VolumeSizeWizardPage.cpp10
-rw-r--r--src/Main/Forms/VolumeSizeWizardPage.h1
-rw-r--r--src/Main/Forms/WaitDialog.cpp2
-rwxr-xr-xsrc/Main/GraphicUserInterface.cpp2
-rw-r--r--src/Main/LanguageStrings.cpp2
-rwxr-xr-xsrc/Main/Main.make142
-rw-r--r--src/Main/TextUserInterface.cpp29
-rw-r--r--src/Main/TextUserInterface.h2
-rw-r--r--src/Main/UserInterface.cpp13
-rw-r--r--src/Makefile62
-rw-r--r--src/Mount/Favorites.cpp132
-rw-r--r--src/Mount/Mount.c194
-rw-r--r--src/Mount/Mount.rc8
-rw-r--r--src/Mount/Mount.vcxproj.user4
-rw-r--r--src/Platform/Exception.h1
-rw-r--r--src/Platform/Unix/Process.cpp2
-rw-r--r--src/Readme.txt2
-rw-r--r--src/Release/Setup Files/veracrypt-x64.catbin10793 -> 10615 bytes
-rw-r--r--src/Release/Setup Files/veracrypt-x64.sysbin827816 -> 831328 bytes
-rw-r--r--src/Release/Setup Files/veracrypt.Inf4
-rw-r--r--src/Release/Setup Files/veracrypt.catbin10740 -> 10559 bytes
-rw-r--r--src/Release/Setup Files/veracrypt.sysbin765992 -> 768864 bytes
-rw-r--r--src/Setup/FreeBSD/veracrypt-uninstall.sh1
-rw-r--r--src/Setup/Linux/veracrypt-uninstall.sh3
-rwxr-xr-xsrc/Setup/MacOSX/veracrypt.pkgproj117
-rwxr-xr-xsrc/Setup/MacOSX/veracrypt_Legacy.pkgproj1079
-rw-r--r--src/Setup/Portable.rc8
-rw-r--r--src/Setup/Setup.rc8
-rw-r--r--src/Signing/DigiCert_High_Assurance_Code_Signing_CA.cerbin0 -> 1734 bytes
-rw-r--r--src/Signing/DigiCert_High_Assurance_MS_Cross_Cert.crt30
-rw-r--r--src/Signing/Thawt_CodeSigning_CA.crt27
-rw-r--r--src/Signing/sign.bat8
-rw-r--r--src/Signing/sign_test.bat2
-rw-r--r--src/Signing/sign_test_debug.bat2
-rw-r--r--src/Signing/thawte_Primary_MS_Cross_Cert.cer32
-rw-r--r--src/Volume/Cipher.cpp16
-rw-r--r--src/Volume/Hash.cpp2
-rw-r--r--src/Volume/Volume.make3
-rw-r--r--src/Volume/VolumePassword.cpp4
-rw-r--r--src/Volume/VolumePassword.h7
247 files changed, 5544 insertions, 1879 deletions
diff --git a/src/Boot/EFI/DcsBoot.efi b/src/Boot/EFI/DcsBoot.efi
index f66be23..0fcd48e 100644
--- a/src/Boot/EFI/DcsBoot.efi
+++ b/src/Boot/EFI/DcsBoot.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsBoot32.efi b/src/Boot/EFI/DcsBoot32.efi
index cdf37a8..48db0ca 100644
--- a/src/Boot/EFI/DcsBoot32.efi
+++ b/src/Boot/EFI/DcsBoot32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg.efi b/src/Boot/EFI/DcsCfg.efi
index 0885b7e..03c9761 100644
--- a/src/Boot/EFI/DcsCfg.efi
+++ b/src/Boot/EFI/DcsCfg.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsCfg32.efi b/src/Boot/EFI/DcsCfg32.efi
index 9486f4e..22cc0d5 100644
--- a/src/Boot/EFI/DcsCfg32.efi
+++ b/src/Boot/EFI/DcsCfg32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInfo.efi b/src/Boot/EFI/DcsInfo.efi
index 6da62b8..6be1cb8 100644
--- a/src/Boot/EFI/DcsInfo.efi
+++ b/src/Boot/EFI/DcsInfo.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInfo32.efi b/src/Boot/EFI/DcsInfo32.efi
index b0f0d48..006adfb 100644
--- a/src/Boot/EFI/DcsInfo32.efi
+++ b/src/Boot/EFI/DcsInfo32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt.efi b/src/Boot/EFI/DcsInt.efi
index 56f574a..a0c2975 100644
--- a/src/Boot/EFI/DcsInt.efi
+++ b/src/Boot/EFI/DcsInt.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsInt32.efi b/src/Boot/EFI/DcsInt32.efi
index 09fb32e..991885f 100644
--- a/src/Boot/EFI/DcsInt32.efi
+++ b/src/Boot/EFI/DcsInt32.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsRe.efi b/src/Boot/EFI/DcsRe.efi
index 69afe14..070cc97 100644
--- a/src/Boot/EFI/DcsRe.efi
+++ b/src/Boot/EFI/DcsRe.efi
Binary files differ
diff --git a/src/Boot/EFI/DcsRe32.efi b/src/Boot/EFI/DcsRe32.efi
index 0dc3e9c..c4f2013 100644
--- a/src/Boot/EFI/DcsRe32.efi
+++ b/src/Boot/EFI/DcsRe32.efi
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker.efi b/src/Boot/EFI/LegacySpeaker.efi
index 13f0c51..a1d14eb 100644
--- a/src/Boot/EFI/LegacySpeaker.efi
+++ b/src/Boot/EFI/LegacySpeaker.efi
Binary files differ
diff --git a/src/Boot/EFI/LegacySpeaker32.efi b/src/Boot/EFI/LegacySpeaker32.efi
index 45d4200..1ec5ba6 100644
--- a/src/Boot/EFI/LegacySpeaker32.efi
+++ b/src/Boot/EFI/LegacySpeaker32.efi
Binary files differ
diff --git a/src/Boot/Windows/Bios.h b/src/Boot/Windows/Bios.h
index 4e1cec5..7085e7a 100644
--- a/src/Boot/Windows/Bios.h
+++ b/src/Boot/Windows/Bios.h
@@ -24,7 +24,8 @@
enum
{
BiosResultSuccess = 0x00,
- BiosResultInvalidFunction = 0x01
+ BiosResultInvalidFunction = 0x01,
+ BiosResultTimeout = 0x80
};
typedef byte BiosResult;
diff --git a/src/Boot/Windows/BootCommon.h b/src/Boot/Windows/BootCommon.h
index 3bbd09b..b77b880 100644
--- a/src/Boot/Windows/BootCommon.h
+++ b/src/Boot/Windows/BootCommon.h
@@ -17,7 +17,7 @@
#include "BootDefs.h"
// The user will be advised to upgrade the rescue disk if upgrading from the following or any previous version
-#define TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION 0x0122
+#define TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION 0x0123
#define TC_BOOT_LOADER_AREA_SIZE (TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS)
diff --git a/src/Boot/Windows/BootDiskIo.cpp b/src/Boot/Windows/BootDiskIo.cpp
index ea808dd..437c462 100644
--- a/src/Boot/Windows/BootDiskIo.cpp
+++ b/src/Boot/Windows/BootDiskIo.cpp
@@ -105,7 +105,7 @@ void Print (const ChsAddress &chs)
void PrintSectorCountInMB (const uint64 &sectorCount)
{
- Print (sectorCount >> (TC_LB_SIZE_BIT_SHIFT_DIVISOR + 2)); Print (" MB ");
+ Print (sectorCount >> (TC_LB_SIZE_BIT_SHIFT_DIVISOR + 2)); Print (" MiB ");
}
@@ -237,7 +237,7 @@ static BiosResult ReadWriteSectors (bool write, BiosLbaPacket &dapPacket, byte d
}
-static BiosResult ReadWriteSectors (bool write, byte *buffer, byte drive, const uint64 &sector, uint16 sectorCount, bool silent)
+BiosResult ReadWriteSectors (bool write, byte *buffer, byte drive, const uint64 &sector, uint16 sectorCount, bool silent)
{
BiosLbaPacket dapPacket;
dapPacket.Buffer = (uint32) buffer;
diff --git a/src/Boot/Windows/BootDiskIo.h b/src/Boot/Windows/BootDiskIo.h
index d4e8cf0..621acd8 100644
--- a/src/Boot/Windows/BootDiskIo.h
+++ b/src/Boot/Windows/BootDiskIo.h
@@ -112,6 +112,7 @@ BiosResult ReadSectors (uint16 bufferSegment, uint16 bufferOffset, byte drive, c
BiosResult ReadSectors (byte *buffer, byte drive, const uint64 &sector, uint16 sectorCount, bool silent = false);
BiosResult ReadSectors (byte *buffer, byte drive, const ChsAddress &chs, byte sectorCount, bool silent = false);
BiosResult ReadWriteSectors (bool write, uint16 bufferSegment, uint16 bufferOffset, byte drive, const uint64 &sector, uint16 sectorCount, bool silent);
+BiosResult ReadWriteSectors (bool write, byte *buffer, byte drive, const uint64 &sector, uint16 sectorCount, bool silent);
BiosResult WriteSectors (byte *buffer, byte drive, const uint64 &sector, uint16 sectorCount, bool silent = false);
BiosResult WriteSectors (byte *buffer, byte drive, const ChsAddress &chs, byte sectorCount, bool silent = false);
diff --git a/src/Boot/Windows/BootEncryptedIo.cpp b/src/Boot/Windows/BootEncryptedIo.cpp
index 25fe1dc..8ca5563 100644
--- a/src/Boot/Windows/BootEncryptedIo.cpp
+++ b/src/Boot/Windows/BootEncryptedIo.cpp
@@ -108,10 +108,22 @@ BiosResult WriteEncryptedSectors (uint16 sourceSegment, uint16 sourceOffset, byt
EncryptDataUnits (SectorBuffer, &dataUnitNo, 1, BootCryptoInfo);
}
- result = WriteSectors (SectorBuffer, drive, sector + writeOffset, 1);
+ result = ReadWriteSectors (true, SectorBuffer, drive, sector + writeOffset, 1, true);
+ if (BiosResultTimeout == result)
+ {
+ if (BiosResultSuccess == ReadWriteSectors (false, TC_BOOT_LOADER_BUFFER_SEGMENT, 0, drive, sector + writeOffset, 8, false))
+ {
+ CopyMemory (SectorBuffer, TC_BOOT_LOADER_BUFFER_SEGMENT,0, TC_LB_SIZE);
+ result = ReadWriteSectors (true, TC_BOOT_LOADER_BUFFER_SEGMENT, 0, drive, sector + writeOffset, 8, true);
+ }
+ }
if (result != BiosResultSuccess)
+ {
+ sector += writeOffset;
+ PrintDiskError (result, true, drive, &sector);
break;
+ }
++sector;
++dataUnitNo;
diff --git a/src/Build/CMakeLists.txt b/src/Build/CMakeLists.txt
new file mode 100644
index 0000000..47a1547
--- /dev/null
+++ b/src/Build/CMakeLists.txt
@@ -0,0 +1,316 @@
+# - Minimum CMake version
+cmake_minimum_required(VERSION 2.8.0)
+
+# - Obligatory parameters
+# -DVERACRYPT_BUILD_DIR : folder that contains 'usr' folder
+# -DNOGUI : TRUE if building 'Console' version, 'FALSE' if building 'GUI' version
+if ( NOT DEFINED VERACRYPT_BUILD_DIR )
+ MESSAGE(FATAL_ERROR "VERACRYPT_BUILD_DIR variable MUST BE set to the path of the folder which contains 'usr' folder")
+elseif ( NOT DEFINED NOGUI )
+ MESSAGE(FATAL_ERROR "NOGUI variable MUST BE set to TRUE if building 'Console' version, 'FALSE' otherwise")
+endif()
+
+# - Set version of the package
+set( FULL_VERSION "1.24-Update2" )
+set( VERSION "1.24.9" )
+set( RELEASE "1" )
+
+# - Set PROJECT_NAME and CONFLICT_PACKAGE values
+if (NOGUI)
+ set( PROJECT_NAME "veracrypt-console" )
+ set( CONFLICT_PACKAGE "veracrypt" )
+else()
+ set( PROJECT_NAME "veracrypt" )
+ set( CONFLICT_PACKAGE "veracrypt-console" )
+endif()
+project(${PROJECT_NAME})
+
+# - Check whether 'Tcdefs.h' and 'License.txt' exist
+if(NOT EXISTS "$ENV{SOURCEPATH}/Common/Tcdefs.h")
+ MESSAGE(FATAL_ERROR "Tcdefs.h does not exist.")
+elseif(NOT EXISTS "$ENV{SOURCEPATH}/License.txt")
+ MESSAGE(FATAL_ERROR "License.txt does not exist.")
+endif()
+
+# - Detect build system bitness
+# The following variable will be set
+# $SUFFIX 32 64
+# $CMAKE_SYSTEM_NAME Windows Linux Darwin
+# N.B :
+# To build for 32-bit under 64-bit, set 'CMAKE_SIZEOF_VOID_P' to '4'
+if( CMAKE_SIZEOF_VOID_P EQUAL 8 )
+
+ # Build System is under 64-bit arch
+ set (SUFFIX "64")
+ MESSAGE(STATUS "Build System = ${CMAKE_SYSTEM_NAME} - Bitness : 64-bit - Compiler : ${CMAKE_CXX_COMPILER_ID}")
+
+elseif( CMAKE_SIZEOF_VOID_P EQUAL 4 )
+
+ # Build System is under 32-bit arch
+ set (SUFFIX "32")
+ MESSAGE(STATUS "Build System = ${CMAKE_SYSTEM_NAME} - Bitness : 32-bit - Compiler : ${CMAKE_CXX_COMPILER_ID}")
+
+else( )
+
+ MESSAGE(FATAL_ERROR "Could not detect system bitness")
+
+endif( )
+
+# - Detect OSX, CentOS, Debian, Ubuntu or openSUSE platform of the build system
+# The following variable(s) will be set
+# $PLATFORM Debian Ubuntu CentOS openSUSE (TODO)
+# $PLATFORM_VERSION
+# 9.x 16.04 7.X 42.3
+# 10.X 18.04 8.X 15.0
+# ... ... ... ...
+# $DISTRO_NAME ${PLATFORM}-${PLATFORM_VERSION}
+if ( UNIX )
+
+ # /etc/debian_version exists for both Debian and Ubuntu
+ if(EXISTS "/etc/debian_version")
+
+ set ( PLATFORM "Debian" )
+
+ # Read lsb-release to get flavour name and flavour release version (only supported one for now is Ubuntu)
+ if(EXISTS "/etc/lsb-release")
+
+ file(READ "/etc/lsb-release" LSB_RELEASE_ID)
+ string(REGEX MATCH "DISTRIB_ID=([a-zA-Z0-9 /\\.]+)" _ ${LSB_RELEASE_ID})
+ set(FULL_FLAVOUR ${CMAKE_MATCH_1})
+
+ if (FULL_FLAVOUR MATCHES "^.*Ubuntu.*$")
+
+ set ( PLATFORM "Ubuntu" )
+
+ file(READ "/etc/lsb-release" UBUNTU_RELEASE)
+ string(REGEX MATCH "DISTRIB_RELEASE=([0-9 /\\.]+)" _ ${UBUNTU_RELEASE})
+ set(PLATFORM_VERSION ${CMAKE_MATCH_1})
+
+ else()
+
+ file(READ "/etc/debian_version" DEBIAN_RELEASE)
+ string(REGEX MATCH "([0-9]+\\.[0-9]+)" _ ${DEBIAN_RELEASE})
+ set(PLATFORM_VERSION ${CMAKE_MATCH_1})
+
+ endif()
+
+ # Get debian release version
+ elseif(EXISTS "/etc/debian_version")
+
+ file(READ "/etc/debian_version" DEBIAN_RELEASE)
+ string(REGEX MATCH "([0-9]+\\.[0-9]+)" _ ${DEBIAN_RELEASE})
+ set(PLATFORM_VERSION ${CMAKE_MATCH_1})
+
+ endif()
+
+ # Get centos release version
+ elseif(EXISTS "/etc/centos-release")
+
+ set ( PLATFORM "CentOS" )
+
+ file(READ "/etc/centos-release" CENTOS_RELEASE)
+ string(REGEX MATCH "release ([0-9 /\\.]+)" _ ${CENTOS_RELEASE})
+ set(PLATFORM_VERSION ${CMAKE_MATCH_1})
+
+ # Only if distribution uses systemd and if all previous files didn't exist
+ # i.e OpenSUSE
+ elseif(EXISTS "/etc/os-release")
+
+ file(READ "/etc/os-release" OS_RELEASE_NAME)
+ string(REGEX MATCH "NAME=\"([a-zA-Z0-9 /\\.]+)\"" _ ${OS_RELEASE_NAME})
+ set(FULL_PLATFORM ${CMAKE_MATCH_1})
+
+ if (FULL_PLATFORM MATCHES "^.*openSUSE.*$")
+ set ( PLATFORM "openSUSE" )
+ elseif ( FULL_PLATFORM MATCHES "^.*Ubuntu.*$")
+ set ( PLATFORM "Ubuntu" )
+ elseif ( FULL_PLATFORM MATCHES "^.*Debian.*$")
+ set ( PLATFORM "Debian" )
+ elseif ( FULL_PLATFORM MATCHES "^.*CentOS.*$" )
+ set ( PLATFORM "CentOS" )
+ endif ( )
+
+ # Get ditribution release version
+ file(READ "/etc/os-release" OS_RELEASE)
+ string(REGEX MATCH "VERSION=\"([a-zA-Z0-9 /\\.]+)\"" _ ${OS_RELEASE})
+ set(PLATFORM_VERSION ${CMAKE_MATCH_1})
+
+ endif()
+
+endif ( )
+string(REGEX REPLACE " $" "" PLATFORM_VERSION "${PLATFORM_VERSION}") # Trim the last trailing whitespace
+set ( DISTRO_NAME ${PLATFORM}-${PLATFORM_VERSION} )
+MESSAGE ( STATUS "Platform = ${PLATFORM}" )
+MESSAGE ( STATUS "Platform Version = ${PLATFORM_VERSION}" )
+MESSAGE ( STATUS "Distribution name = ${DISTRO_NAME}" )
+
+# - Detect the architecture under OSX, Debian, CentOS and OpenSUSE platforms
+# The following variable will be set
+# $ARCHITECTURE
+if ( PLATFORM STREQUAL "Debian" OR PLATFORM STREQUAL "Ubuntu" )
+
+ # There is no such thing as i686 architecture on debian, i386 is to be used instead
+ # dpkg --print-architecture
+ find_program(DPKG_CMD dpkg)
+ if(NOT DPKG_CMD)
+ # Cannot find dpkg in path
+ # Try best guess following SUFFIX value calculated from CMAKE_SIZEOF_VOID_P
+ if (SUFFIX STREQUAL "32")
+ SET(ARCHITECTURE i386)
+ elseif (SUFFIX STREQUAL "64")
+ SET(ARCHITECTURE amd64)
+ endif()
+ else( )
+ execute_process(COMMAND dpkg --print-architecture OUTPUT_VARIABLE ARCHITECTURE OUTPUT_STRIP_TRAILING_WHITESPACE)
+ endif( )
+
+elseif ( ( PLATFORM STREQUAL "CentOS" ) OR ( PLATFORM STREQUAL "openSUSE" ) )
+
+ execute_process(COMMAND arch OUTPUT_VARIABLE ARCHITECTURE OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+else ()
+
+ MESSAGE(FATAL_ERROR "Unrecognized / unsupported distribution")
+
+endif ( )
+MESSAGE ( STATUS "Architecture = ${ARCHITECTURE}" )
+
+# - Create installation folder directory at install time
+# This won't lead to the files being actually installed (in CMAKE_INSTALL_PREFIX)
+# unless "cmake --build . --target install" is executed, which is not the case here.
+#
+# Doing things like the following
+# - install(DIRECTORY ${VERACRYPT_BUILD_DIR}/usr DESTINATION /)
+# - install(DIRECTORY ${VERACRYPT_BUILD_DIR}/usr/bin DESTINATION /usr)
+# lead to conflicts despite the usage of CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION
+# because install() forces CpackRPM to create the DESTINATION folders.
+#
+# We fix this by installing ALL directories inside '/usr' in '.', and setting
+# CPACK_PACKAGING_INSTALL_PREFIX to '/usr'.
+# This way, during the packaging, 'bin' and 'share' folders will be installed
+# inside '${CPACK_PACKAGE_DIRECTORY}/_CPack_Packages/<system_name>/DEB,RPM/${CPACK_PACKAGE_NAME}/${CPACK_PACKAGING_INSTALL_PREFIX}'.
+#
+# Also, we use USE_SOURCE_PERMISSIONS to save the permissions
+install(DIRECTORY ${VERACRYPT_BUILD_DIR}/usr/bin
+ DESTINATION .
+ USE_SOURCE_PERMISSIONS)
+install(DIRECTORY ${VERACRYPT_BUILD_DIR}/usr/share
+ DESTINATION .
+ USE_SOURCE_PERMISSIONS)
+set(CPACK_PACKAGING_INSTALL_PREFIX "/usr")
+
+# For packaging
+# CPack will first install into ${CPACK_PACKAGE_DIRECTORY}/_CPack_Packages/<system_name>/DEB,RPM/${CPACK_PACKAGE_NAME}/${CPACK_PACKAGING_INSTALL_PREFIX}
+# See https://gitlab.kitware.com/cmake/community/wikis/doc/cpack/PackageGenerators
+# See https://cmake.org/cmake/help/latest/cpack_gen/deb.html
+# See https://cmake.org/cmake/help/latest/cpack_gen/rpm.html
+#
+
+# Installation scripts should be provided in this order
+# PREINST;POSTINST;PRERM;POSTRM
+
+file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/Packaging) # creates the Packaging directory under build directory when CMake generates the build system
+
+set( VENDOR "IDRIX" )
+set( LICENSE "VeraCrypt License" )
+set( CONTACT "VeraCrypt Team <veracrypt@idrix.fr>" )
+set( CPACK_PACKAGE_DESCRIPTION_SUMMARY "Disk encryption with strong security based on TrueCrypt." )
+set( CPACK_PACKAGE_DESCRIPTION "This package contains binaries for VeraCrypt, a disk encryption with strong security based on TrueCrypt." )
+set( CPACK_PACKAGE_NAME ${PROJECT_NAME} )
+set( CPACK_PACKAGE_VERSION ${VERSION} )
+set( CPACK_PACKAGE_RELEASE ${RELEASE} )
+set( CPACK_PACKAGE_VENDOR ${VENDOR} )
+set( CPACK_PACKAGE_LICENSE ${LICENSE} )
+set( CPACK_RESOURCE_FILE_LICENSE "$ENV{SOURCEPATH}/License.txt")
+set( CPACK_PACKAGE_CONTACT ${CONTACT} )
+set( CPACK_PACKAGE_FILE_NAME ${CPACK_PACKAGE_NAME}-${FULL_VERSION}-${DISTRO_NAME}-${ARCHITECTURE} )
+set( CPACK_PACKAGE_CHECKSUM SHA256 )
+set( CPACK_PACKAGE_RELOCATABLE "OFF") # Disable package relocation (especially for rpm)
+set( CPACK_PACKAGE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/Packaging )
+
+if ( ( PLATFORM STREQUAL "Debian" ) OR ( PLATFORM STREQUAL "Ubuntu" ) )
+
+ # Debian control script(s)
+ file( MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/Packaging/debian-control)
+ configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/Packaging/debian-control/prerm ${CMAKE_CURRENT_BINARY_DIR}/Packaging/debian-control/prerm)
+ set( DEBIAN_PRERM ${CMAKE_CURRENT_BINARY_DIR}/Packaging/debian-control/prerm)
+
+ set( CPACK_GENERATOR "DEB" ) # mandatory
+ set( CPACK_DEBIAN_PACKAGE_NAME ${CPACK_PACKAGE_NAME} ) # mandatory
+ set( CPACK_DEBIAN_FILE_NAME ${CPACK_PACKAGE_FILE_NAME}.deb ) # mandatory
+ set( CPACK_DEBIAN_PACKAGE_VERSION ${CPACK_PACKAGE_VERSION} ) # mandatory
+ set( CPACK_DEBIAN_PACKAGE_RELEASE ${CPACK_PACKAGE_RELEASE} )
+ set( CPACK_DEBIAN_PACKAGE_ARCHITECTURE ${ARCHITECTURE} ) # mandatory
+
+ # Link against gtk3 version of wxWidgets if >= Debian 10 or >= Ubuntu 18.04
+ # Otherwise, link against gtk2 version of wxWidgets
+ if ( ( ( PLATFORM STREQUAL "Debian" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "10" ) )
+ OR ( ( PLATFORM STREQUAL "Ubuntu" ) AND ( PLATFORM_VERSION VERSION_GREATER_EQUAL "18.04" ) ) )
+
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-gtk3-0v5, libfuse2, dmsetup, sudo" )
+
+ else ()
+
+ set( CPACK_DEBIAN_PACKAGE_DEPENDS "libwxgtk3.0-0v5, libfuse2, dmsetup, sudo" )
+
+ endif()
+
+ set( CPACK_DEBIAN_PACKAGE_MAINTAINER ${CONTACT} ) # mandatory
+ set( CPACK_DEBIAN_PACKAGE_DESCRIPTION ${CPACK_PACKAGE_DESCRIPTION_SUMMARY} ) # mandatory
+ set( CPACK_DEBIAN_ARCHIVE_TYPE "gnutar") # mandatory
+ set( CPACK_DEBIAN_COMPRESSION_TYPE "gzip") # mandatory
+ set( CPACK_DEBIAN_PACKAGE_PRIORITY "optional" ) # mandatory
+ set( CPACK_DEBIAN_PACKAGE_SECTION "libs" ) # recommended, Section relative to Debian sections (https://www.debian.org/doc/debian-policy/ch-archive.html#s-subsections)
+ set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA ${DEBIAN_PREINST};${DEBIAN_POSTINST};${DEBIAN_PRERM};${DEBIAN_POSTRM})
+ set(CPACK_DEBIAN_PACKAGE_CONFLICTS "${CONFLICT_PACKAGE}")
+
+elseif ( ( PLATFORM STREQUAL "CentOS" ) OR ( PLATFORM STREQUAL "openSUSE" ) )
+
+ # RPM control script(s)
+ file( MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/Packaging/rpm-control)
+ configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/Packaging/rpm-control/prerm.sh ${CMAKE_CURRENT_BINARY_DIR}/Packaging/rpm-control/prerm.sh)
+ set( RPM_PRERM ${CMAKE_CURRENT_BINARY_DIR}/Packaging/rpm-control/prerm.sh)
+
+ set( CPACK_GENERATOR "RPM" ) # mandatory
+ set( CPACK_RPM_PACKAGE_SUMMARY ${CPACK_PACKAGE_SUMMARY} ) # mandatory
+ set( CPACK_RPM_PACKAGE_DESCRIPTION ${CPACK_PACKAGE_DESCRIPTION} ) # mandatory
+ set( CPACK_RPM_PACKAGE_NAME ${CPACK_PACKAGE_NAME} ) # mandatory
+ set( CPACK_RPM_FILE_NAME ${CPACK_PACKAGE_FILE_NAME}.rpm ) # mandatory
+ set( CPACK_RPM_PACKAGE_VERSION ${CPACK_PACKAGE_VERSION} ) # mandatory
+ set( CPACK_RPM_PACKAGE_ARCHITECTURE ${ARCHITECTURE} ) # mandatory
+ set( CPACK_RPM_PACKAGE_RELEASE ${CPACK_PACKAGE_RELEASE} ) # mandatory
+ set( CPACK_RPM_PACKAGE_LICENSE ${CPACK_PACKAGE_LICENSE} ) # mandatory
+ set( CPACK_RPM_PACKAGE_GROUP "Applications/System" ) # mandatory, https://fedoraproject.org/wiki/RPMGroups
+ set( CPACK_RPM_PACKAGE_VENDOR ${CPACK_PACKAGE_VENDOR} ) # mandatory
+ set( CPACK_RPM_PACKAGE_AUTOREQ "no" ) # disable automatic shared libraries dependency detection (most of the time buggy)
+
+ if ( PLATFORM STREQUAL "CentOS" )
+
+ if ( DEFINED WITHGTK3 AND WITHGTK3 )
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk3, sudo" )
+ else ()
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk2, sudo" )
+ endif()
+
+ elseif ( PLATFORM STREQUAL "openSUSE" )
+
+ set( CPACK_RPM_PACKAGE_REQUIRES "fuse, device-mapper, gtk2, sudo" )
+ endif()
+
+ set( CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${RPM_PRERM}) # optional
+
+ # Prevents CPack from generating file conflicts
+ # This is to avoid having %dir of these directories in the .spec file
+ set( CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr" )
+ list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr/bin" )
+ list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr/share" )
+ list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr/share/applications" )
+ list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr/share/doc" )
+ list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr/share/pixmaps" )
+
+ set( CPACK_RPM_PACKAGE_RELOCATABLE "OFF" )
+ set( CPACK_RPM_PACKAGE_CONFLICTS "${CONFLICT_PACKAGE}")
+
+endif()
+
+include(CPack)
diff --git a/src/Build/Include/Makefile.inc b/src/Build/Include/Makefile.inc
index b39021d..ba166b6 100644
--- a/src/Build/Include/Makefile.inc
+++ b/src/Build/Include/Makefile.inc
@@ -14,12 +14,16 @@ $(NAME): $(NAME).a
clean:
@echo Cleaning $(NAME)
- rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJS:.o=.d) *.gch
+ rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) *.gch
%.o: %.c
@echo Compiling $(<F)
$(CC) $(CFLAGS) -c $< -o $@
+%.o0: %.c
+ @echo Compiling $(<F)
+ $(CC) $(CFLAGS) -O0 -c $< -o $@
+
%.o: %.cpp
@echo Compiling $(<F)
$(CXX) $(CXXFLAGS) -c $< -o $@
@@ -64,10 +68,10 @@ TR_SED_BIN := tr '\n' ' ' | tr -s ' ' ',' | sed -e 's/^,//g' -e 's/,$$/n/' | tr
# Dependencies
--include $(OBJS:.o=.d) $(OBJSEX:.oo=.d)
+-include $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d)
-$(NAME).a: $(OBJS) $(OBJSEX)
+$(NAME).a: $(OBJS) $(OBJSEX) $(OBJSNOOPT)
@echo Updating library $@
- $(AR) $(AFLAGS) -rcu $@ $(OBJS) $(OBJSEX)
+ $(AR) $(AFLAGS) -rcu $@ $(OBJS) $(OBJSEX) $(OBJSNOOPT)
$(RANLIB) $@
diff --git a/src/Build/Packaging/debian-control/prerm b/src/Build/Packaging/debian-control/prerm
new file mode 100644
index 0000000..d2e3894
--- /dev/null
+++ b/src/Build/Packaging/debian-control/prerm
@@ -0,0 +1,9 @@
+#!/bin/sh
+V="$(mount | grep veracrypt_aux_mnt)"
+if [ ! -z "$V" ]
+then
+ echo "Error: All VeraCrypt volumes must be dismounted first." >&2
+ exit 1
+else
+ exit 0
+fi \ No newline at end of file
diff --git a/src/Build/Packaging/rpm-control/prerm.sh b/src/Build/Packaging/rpm-control/prerm.sh
new file mode 100644
index 0000000..d2e3894
--- /dev/null
+++ b/src/Build/Packaging/rpm-control/prerm.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+V="$(mount | grep veracrypt_aux_mnt)"
+if [ ! -z "$V" ]
+then
+ echo "Error: All VeraCrypt volumes must be dismounted first." >&2
+ exit 1
+else
+ exit 0
+fi \ No newline at end of file
diff --git a/src/Build/Resources/MacOSX/Info.plist.legacy.xml b/src/Build/Resources/MacOSX/Info.plist.legacy.xml
new file mode 100644
index 0000000..f0e9282
--- /dev/null
+++ b/src/Build/Resources/MacOSX/Info.plist.legacy.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+
+ <key>CFBundleIdentifier</key>
+ <string>org.idrix.VeraCrypt</string>
+
+ <key>UTExportedTypeDeclarations</key>
+ <array>
+ <dict>
+ <key>UTTypeIdentifier</key>
+ <string>org.idrix.veracrypt.hc</string>
+
+ <key>UTTypeDescription</key>
+ <string>VeraCrypt Container File</string>
+
+ <key>UTTypeConformsTo</key>
+ <array>
+ <string>public.data</string>
+ </array>
+
+ <key>UTTypeTagSpecification</key>
+ <dict>
+ <key>public.filename-extension</key>
+ <array>
+ <string>hc</string>
+ <string>tc</string>
+ </array>
+
+ <key>public.mime-type</key>
+ <string>application/veracrypt</string>
+ </dict>
+ </dict>
+ </array>
+
+ <key>CFBundleDocumentTypes</key>
+ <array>
+ <dict>
+ <key>CFBundleTypeIconFile</key>
+ <string>VeraCrypt_Volume.icns</string>
+ <key>CFBundleTypeName</key>
+ <string>VeraCrypt Container File</string>
+ <key>CFBundleTypeRole</key>
+ <string>Viewer</string>
+ <key>LSHandlerRank</key>
+ <string>Owner</string>
+ <key>LSItemContentTypes</key>
+ <array>
+ <!-- my app supports files with my custom extension (see UTExportedTypeDeclarations) -->
+ <string>org.idrix.veracrypt.hc</string>
+ </array>
+ </dict>
+ </array>
+
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+
+ <key>CFBundleExecutable</key>
+ <string>VeraCrypt</string>
+
+ <key>CFBundleIconFile</key>
+ <string>VeraCrypt.icns</string>
+
+ <key>CFBundleName</key>
+ <string>VeraCrypt</string>
+
+ <key>CFBundlePackageType</key>
+ <string>APPL</string>
+
+ <key>CFBundleSignature</key>
+ <string>TRUE</string>
+
+ <key>CFBundleVersion</key>
+ <string>1.24.9</string>
+
+ <key>CFBundleShortVersionString</key>
+ <string>_VERSION_</string>
+
+ <key>CFBundleLongVersionString</key>
+ <string>VeraCrypt _VERSION_</string>
+
+ <key>LSArchitecturePriority</key>
+ <array>
+ <string>x86_64</string>
+ <string>i386</string>
+ </array>
+
+ <key>LSMinimumSystemVersion</key>
+ <string>10.7.0</string>
+
+ <key>LSRequiresCarbon</key>
+ <false/>
+
+ <key>CSResourcesFileMapped</key>
+ <true/>
+
+ <key>NSHighResolutionCapable</key>
+ <true/>
+
+ <key>NSPrincipalClass</key>
+ <string>NSApplication</string>
+</dict>
+</plist>
diff --git a/src/Build/Resources/MacOSX/Info.plist.xml b/src/Build/Resources/MacOSX/Info.plist.xml
index b5b5a85..fbd9c21 100644
--- a/src/Build/Resources/MacOSX/Info.plist.xml
+++ b/src/Build/Resources/MacOSX/Info.plist.xml
@@ -74,7 +74,7 @@
<string>TRUE</string>
<key>CFBundleVersion</key>
- <string>1.24.5</string>
+ <string>1.24.9</string>
<key>CFBundleShortVersionString</key>
<string>_VERSION_</string>
@@ -82,14 +82,8 @@
<key>CFBundleLongVersionString</key>
<string>VeraCrypt _VERSION_</string>
- <key>LSArchitecturePriority</key>
- <array>
- <string>x86_64</string>
- <string>i386</string>
- </array>
-
<key>LSMinimumSystemVersion</key>
- <string>10.7.0</string>
+ <string>10.9.0</string>
<key>LSRequiresCarbon</key>
<false/>
diff --git a/src/Build/build_cmake_deb.sh b/src/Build/build_cmake_deb.sh
new file mode 100755
index 0000000..3be23dd
--- /dev/null
+++ b/src/Build/build_cmake_deb.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+# Errors should cause script to exit
+set -e
+
+# Absolute path to this script
+export SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in
+export SCRIPTPATH=$(dirname "$SCRIPT")
+# Source directory which contains the Makefile
+export SOURCEPATH=$(readlink -f "$SCRIPTPATH/..")
+# Directory where the VeraCrypt has been checked out
+export PARENTDIR=$(readlink -f "$SCRIPTPATH/../../..")
+
+cd $SOURCEPATH
+
+echo "Building GUI version of VeraCrypt for DEB using system wxWidgets"
+make clean || exit 1
+make || exit 1
+make install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+echo "Building console version of VeraCrypt for DEB using system wxWidgets"
+
+# This is to avoid " Error: Unable to initialize GTK+, is DISPLAY set properly?"
+# when building over SSH without X11 Forwarding
+# export DISPLAY=:0.0
+
+make NOGUI=1 clean || exit 1
+make NOGUI=1 || exit 1
+make NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+echo "Creating VeraCrypt DEB packages"
+
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack DEB
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack DEB
+
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/GUI
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/Console
+
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DNOGUI=FALSE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/GUI/CPackConfig.cmake || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DNOGUI=TRUE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/Console/CPackConfig.cmake || exit 1
diff --git a/src/Build/build_cmake_opensuse.sh b/src/Build/build_cmake_opensuse.sh
new file mode 100644
index 0000000..340440a
--- /dev/null
+++ b/src/Build/build_cmake_opensuse.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+
+# Errors should cause script to exit
+set -e
+
+# Absolute path to this script
+export SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in
+export SCRIPTPATH=$(dirname "$SCRIPT")
+# Source directory which contains the Makefile
+export SOURCEPATH=$(readlink -f "$SCRIPTPATH/..")
+# Directory where the VeraCrypt has been checked out
+export PARENTDIR=$(readlink -f "$SCRIPTPATH/../../..")
+
+# The sources of wxWidgets 3.0.4 must be extracted to the parent directory
+export WX_ROOT=$PARENTDIR/wxWidgets-3.0.4
+echo "Using wxWidgets sources in $WX_ROOT"
+
+cd $SOURCEPATH
+
+echo "Building GUI version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildGui
+
+# To build wxWidgets using GTK-2
+make WXSTATIC=1 wxbuild || exit 1
+ln -s $WX_BUILD_DIR/lib $WX_BUILD_DIR/lib64
+make WXSTATIC=1 clean || exit 1
+make WXSTATIC=1 || exit 1
+make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 clean || exit 1
+# make WXSTATIC=1 || exit 1
+# make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+echo "Building console version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This is to avoid " Error: Unable to initialize GTK+, is DISPLAY set properly?"
+# when building over SSH without X11 Forwarding
+# export DISPLAY=:0.0
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildConsole
+
+# To build wxWidgets using GTK-2
+make WXSTATIC=1 NOGUI=1 wxbuild || exit 1
+ln -s $WX_BUILD_DIR/lib $WX_BUILD_DIR/lib64
+make WXSTATIC=1 NOGUI=1 clean || exit 1
+make WXSTATIC=1 NOGUI=1 || exit 1
+make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 NOGUI=1 clean || exit 1
+# make WXSTATIC=1 NOGUI=1 || exit 1
+# make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+echo "Creating VeraCrypt RPM packages "
+
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/GUI
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/Console
+
+# wxWidgets was built using GTK-2
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DWITHGTK3=TRUE -DNOGUI=FALSE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/GUI/CPackConfig.cmake || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DWITHGTK3=TRUE -DNOGUI=TRUE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/Console/CPackConfig.cmake|| exit 1
diff --git a/src/Build/build_cmake_rpm_gtk2.sh b/src/Build/build_cmake_rpm_gtk2.sh
new file mode 100644
index 0000000..38c66a9
--- /dev/null
+++ b/src/Build/build_cmake_rpm_gtk2.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+# Errors should cause script to exit
+set -e
+
+# Absolute path to this script
+export SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in
+export SCRIPTPATH=$(dirname "$SCRIPT")
+# Source directory which contains the Makefile
+export SOURCEPATH=$(readlink -f "$SCRIPTPATH/..")
+# Directory where the VeraCrypt has been checked out
+export PARENTDIR=$(readlink -f "$SCRIPTPATH/../../..")
+
+# The sources of wxWidgets 3.0.4 must be extracted to the parent directory
+export WX_ROOT=$PARENTDIR/wxWidgets-3.0.4
+echo "Using wxWidgets sources in $WX_ROOT"
+
+cd $SOURCEPATH
+
+echo "Building GUI version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildGui
+
+# To build wxWidgets using GTK-2
+make WXSTATIC=1 wxbuild || exit 1
+make WXSTATIC=1 clean || exit 1
+make WXSTATIC=1 || exit 1
+make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 clean || exit 1
+# make WXSTATIC=1 || exit 1
+# make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+echo "Building console version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This is to avoid " Error: Unable to initialize GTK+, is DISPLAY set properly?"
+# when building over SSH without X11 Forwarding
+# export DISPLAY=:0.0
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildConsole
+
+# To build wxWidgets using GTK-2
+make WXSTATIC=1 NOGUI=1 wxbuild || exit 1
+make WXSTATIC=1 NOGUI=1 clean || exit 1
+make WXSTATIC=1 NOGUI=1 || exit 1
+make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 NOGUI=1 clean || exit 1
+# make WXSTATIC=1 NOGUI=1 || exit 1
+# make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+echo "Creating VeraCrypt RPM packages "
+
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/GUI
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/Console
+
+# wxWidgets was built using GTK-2
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DWITHGTK3=FALSE -DNOGUI=FALSE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/GUI/CPackConfig.cmake || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DWITHGTK3=FALSE -DNOGUI=TRUE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/Console/CPackConfig.cmake || exit 1
diff --git a/src/Build/build_cmake_rpm_gtk3.sh b/src/Build/build_cmake_rpm_gtk3.sh
new file mode 100644
index 0000000..97091ce
--- /dev/null
+++ b/src/Build/build_cmake_rpm_gtk3.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+# Errors should cause script to exit
+set -e
+
+# Absolute path to this script
+export SCRIPT=$(readlink -f "$0")
+# Absolute path this script is in
+export SCRIPTPATH=$(dirname "$SCRIPT")
+# Source directory which contains the Makefile
+export SOURCEPATH=$(readlink -f "$SCRIPTPATH/..")
+# Directory where the VeraCrypt has been checked out
+export PARENTDIR=$(readlink -f "$SCRIPTPATH/../../..")
+
+# The sources of wxWidgets 3.0.4 must be extracted to the parent directory
+export WX_ROOT=$PARENTDIR/wxWidgets-3.0.4
+echo "Using wxWidgets sources in $WX_ROOT"
+
+cd $SOURCEPATH
+
+echo "Building GUI version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildGui
+
+# To build wxWidgets using GTK-3
+make WXSTATIC=1 WITHGTK3=1 wxbuild || exit 1
+make WXSTATIC=1 clean || exit 1
+make WXSTATIC=1 || exit 1
+make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 clean || exit 1
+# make WXSTATIC=1 || exit 1
+# make WXSTATIC=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/GUI" || exit 1
+
+echo "Building console version of VeraCrypt for RPM using wxWidgets static libraries"
+
+# This is to avoid " Error: Unable to initialize GTK+, is DISPLAY set properly?"
+# when building over SSH without X11 Forwarding
+# export DISPLAY=:0.0
+
+# This will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuildConsole
+
+# To build wxWidgets using GTK-3
+make WXSTATIC=1 WITHGTK3=1 NOGUI=1 wxbuild || exit 1
+make WXSTATIC=1 NOGUI=1 clean || exit 1
+make WXSTATIC=1 NOGUI=1 || exit 1
+make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+# Uncomment below and comment lines above to reuse existing wxWidgets build
+# make WXSTATIC=1 NOGUI=1 clean || exit 1
+# make WXSTATIC=1 NOGUI=1 || exit 1
+# make WXSTATIC=1 NOGUI=1 install DESTDIR="$PARENTDIR/VeraCrypt_Setup/Console" || exit 1
+
+echo "Creating VeraCrypt RPM packages "
+
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+# -DCPACK_RPM_PACKAGE_DEBUG=TRUE for debugging cpack RPM
+
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/GUI
+mkdir -p $PARENTDIR/VeraCrypt_Packaging/Console
+
+# wxWidgets was built using GTK-3
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/GUI -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/GUI" -DWITHGTK3=TRUE -DNOGUI=FALSE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/GUI/CPackConfig.cmake || exit 1
+cmake -H$SCRIPTPATH -B$PARENTDIR/VeraCrypt_Packaging/Console -DVERACRYPT_BUILD_DIR="$PARENTDIR/VeraCrypt_Setup/Console" -DWITHGTK3=TRUE -DNOGUI=TRUE || exit 1
+cpack --config $PARENTDIR/VeraCrypt_Packaging/Console/CPackConfig.cmake|| exit 1
diff --git a/src/Build/build_veracrypt_macosx.sh b/src/Build/build_veracrypt_macosx.sh
index 233afb2..e22f2df 100755
--- a/src/Build/build_veracrypt_macosx.sh
+++ b/src/Build/build_veracrypt_macosx.sh
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2013-2017 IDRIX
+# Copyright (c) 2013-2019 IDRIX
# Governed by the Apache License 2.0 the full text of which is contained
# in the file License.txt included in VeraCrypt binary and source
# code distribution packages.
@@ -12,22 +12,22 @@ SOURCEPATH=$(cd "$(dirname "$SCRIPTPATH/../.")"; pwd)
# directory where the VeraCrypt project has been checked out
PARENTDIR=$(cd "$(dirname "$SCRIPTPATH/../../../.")"; pwd)
-# the sources of wxWidgets 3.0.3 must be extracted to the parent directory
-export WX_ROOT=$PARENTDIR/wxWidgets-3.0.4
+# the sources of wxWidgets 3.1.2 must be extracted to the parent directory (for night mode)
+export WX_ROOT=$PARENTDIR/wxWidgets-3.1.3
echo "Using wxWidgets sources in $WX_ROOT"
# this will be the temporary wxWidgets directory
-export WX_BUILD_DIR=$PARENTDIR/wxBuild
-
-# define the SDK version to use. We use 10.7 by default
-export VC_OSX_TARGET=10.7
-echo "Using MacOSX SDK $VC_OSX_TARGET"
+export WX_BUILD_DIR=$PARENTDIR/wxBuild-3.1.3
+# define the SDK version to use and OSX minimum target. We target 10.9 by default
+export VC_OSX_TARGET=10.9
+export VC_OSX_SDK=10.14
+echo "Using MacOSX SDK $VC_OSX_SDK with target set to $VC_OSX_TARGET"
cd $SOURCEPATH
echo "Building VeraCrypt"
-make WXSTATIC=1 wxbuild && make WXSTATIC=1 clean && make WXSTATIC=1 && make WXSTATIC=1 package
+make WXSTATIC=FULL wxbuild && make WXSTATIC=FULL clean && make WXSTATIC=FULL && make WXSTATIC=FULL package
# Uncomment below and comment line above to reuse existing wxWidgets build
-# make WXSTATIC=1 clean && make WXSTATIC=1 && make WXSTATIC=1 package \ No newline at end of file
+# make WXSTATIC=FULL clean && make WXSTATIC=FULL && make WXSTATIC=FULL package \ No newline at end of file
diff --git a/src/Build/build_veracrypt_macosx_legacy.sh b/src/Build/build_veracrypt_macosx_legacy.sh
new file mode 100755
index 0000000..70226f2
--- /dev/null
+++ b/src/Build/build_veracrypt_macosx_legacy.sh
@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2013-2017 IDRIX
+# Governed by the Apache License 2.0 the full text of which is contained
+# in the file License.txt included in VeraCrypt binary and source
+# code distribution packages.
+#
+
+# Absolute path this script is in
+SCRIPTPATH=$(cd "$(dirname "$0")"; pwd)
+# source directory which contains the Makefile
+SOURCEPATH=$(cd "$(dirname "$SCRIPTPATH/../.")"; pwd)
+# directory where the VeraCrypt project has been checked out
+PARENTDIR=$(cd "$(dirname "$SCRIPTPATH/../../../.")"; pwd)
+
+# the sources of wxWidgets 3.1.2 must be extracted to the parent directory
+export WX_ROOT=$PARENTDIR/wxWidgets-3.1.2
+echo "Using wxWidgets sources in $WX_ROOT"
+# this will be the temporary wxWidgets directory
+export WX_BUILD_DIR=$PARENTDIR/wxBuild
+
+# define the SDK version to use. We use 10.7 by default
+export VC_OSX_TARGET=10.7
+export VC_OSX_SDK=10.9
+echo "Using MacOSX SDK $VC_OSX_TARGET"
+
+
+cd $SOURCEPATH
+
+echo "Building VeraCrypt"
+make WXSTATIC=FULL wxbuild && make WXSTATIC=FULL clean && make WXSTATIC=FULL && make WXSTATIC=FULL package
+
+# Uncomment below and comment line above to reuse existing wxWidgets build
+# make WXSTATIC=FULL clean && make WXSTATIC=FULL && make WXSTATIC=FULL package
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 4061bde..e956695 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -275,6 +275,27 @@ bool ZipAdd (zip_t *z, const char* name, const unsigned char* pbData, DWORD cbDa
return true;
}
+static BOOL IsWindowsMBR (const byte *buffer, size_t bufferSize)
+{
+ BOOL bRet = FALSE;
+ byte g_pbMsSignature[4] = {0x33, 0xc0, 0x8e, 0xd0};
+ const char* g_szStr1 = "Invalid partition table";
+ const char* g_szStr2 = "Error loading operating system";
+ const char* g_szStr3 = "Missing operating system";
+
+ if ((0 == memcmp (buffer, g_pbMsSignature, 4)) &&
+ (BufferContainsString (buffer, bufferSize, g_szStr1)
+ || BufferContainsString (buffer, bufferSize, g_szStr2)
+ || BufferContainsString (buffer, bufferSize, g_szStr3)
+ )
+ )
+ {
+ bRet = TRUE;
+ }
+
+ return bRet;
+}
+
namespace VeraCrypt
{
#if !defined (SETUP)
@@ -1030,7 +1051,7 @@ namespace VeraCrypt
static EfiBoot EfiBootInst;
- BootEncryption::BootEncryption (HWND parent, bool postOOBE)
+ BootEncryption::BootEncryption (HWND parent, bool postOOBE, bool setBootEntry, bool forceFirstBootEntry, bool setBootNext)
: DriveConfigValid (false),
ParentWindow (parent),
RealSystemDriveSizeValid (false),
@@ -1041,7 +1062,10 @@ namespace VeraCrypt
SelectedEncryptionAlgorithmId (0),
SelectedPrfAlgorithmId (0),
VolumeHeaderValid (false),
- PostOOBEMode (postOOBE)
+ PostOOBEMode (postOOBE),
+ SetBootNext (setBootNext),
+ SetBootEntry (setBootEntry),
+ ForceFirstBootEntry (forceFirstBootEntry)
{
HiddenOSCandidatePartition.IsGPT = FALSE;
HiddenOSCandidatePartition.Number = (size_t) -1;
@@ -2364,6 +2388,35 @@ namespace VeraCrypt
WriteConfigInteger (configFile, configContent, "AuthorizeRetry", authorizeRetry);
WriteConfigInteger (configFile, configContent, "DcsBmlLockFlags", bmlLockFlags);
WriteConfigInteger (configFile, configContent, "DcsBmlDriver", bmlDriverEnabled);
+
+ string fieldValue;
+ if (IsPostExecFileField(actionSuccessValue, fieldValue) && (0 == _stricmp(fieldValue.c_str(), "\\EFI\\Microsoft\\Boot\\bootmgfw.efi")))
+ {
+ // fix wrong configuration file since bootmgfw.efi is now a copy of VeraCrypt and if we don't fix the DcsProp
+ // file, veraCrypt bootloader will call itself
+ // We first check if bootmgfw.efi is original Microsoft one. If yes, we don't do anything, otherwise we set the field to bootmgfw_ms.vc
+ unsigned __int64 loaderSize = 0;
+ bool bModifiedMsBoot = true;
+ EfiBootInst.GetFileSize(L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", loaderSize);
+
+ if (loaderSize > 32768)
+ {
+ std::vector<byte> bootLoaderBuf ((size_t) loaderSize);
+
+ EfiBootInst.ReadFile(L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", &bootLoaderBuf[0], (DWORD) loaderSize);
+
+ // look for bootmgfw.efi identifiant string
+ const char* g_szMsBootString = "bootmgfw.pdb";
+ if (BufferHasPattern (bootLoaderBuf.data (), (size_t) loaderSize, g_szMsBootString, strlen (g_szMsBootString)))
+ {
+ bModifiedMsBoot = false;
+ }
+ }
+
+ if (bModifiedMsBoot)
+ actionSuccessValue = "postexec file(EFI\\Microsoft\\Boot\\bootmgfw_ms.vc)";
+ }
+
WriteConfigString (configFile, configContent, "ActionSuccess", actionSuccessValue.c_str());
// Write unmodified values
@@ -2396,12 +2449,62 @@ namespace VeraCrypt
return bRet;
}
+ BOOL EfiBootConf::IsPostExecFileField (const string& fieldValue, string& filePath)
+ {
+ BOOL bRet = FALSE;
+ filePath = "";
+
+ if (!fieldValue.empty() && strlen (fieldValue.c_str()))
+ {
+ string copieValue = fieldValue;
+ std::transform(copieValue.begin(), copieValue.end(), copieValue.begin(), ::tolower);
+
+ if (strstr (copieValue.c_str(), "postexec") && strstr (copieValue.c_str(), "file("))
+ {
+ char c;
+ const char* ptr = strstr (copieValue.c_str(), "file(");
+
+ filePath = "\\";
+ ptr += 5;
+ while ((c = *ptr))
+ {
+ if (c == ')')
+ break;
+ if (c == '/')
+ c = '\\';
+ filePath += c;
+ ptr++;
+ }
+
+ if (c == ')')
+ bRet = TRUE;
+ else
+ filePath = "";
+ }
+ }
+
+ return bRet;
+ }
+
+ BOOL EfiBootConf::IsPostExecFileField (const string& fieldValue, wstring& filePath)
+ {
+ string aPath;
+ BOOL bRet = IsPostExecFileField (fieldValue, aPath);
+ if (bRet)
+ filePath = wstring(aPath.begin(), aPath.end());
+ else
+ filePath = L"";
+
+ return bRet;
+ }
+
static const wchar_t* EfiVarGuid = L"{8BE4DF61-93CA-11D2-AA0D-00E098032B8C}";
void
- GetVolumeESP(wstring& path)
+ GetVolumeESP(wstring& path, wstring& bootVolumePath)
{
static wstring g_EspPath;
+ static wstring g_BootVolumePath;
static bool g_EspPathInitialized = false;
if (!g_EspPathInitialized)
@@ -2422,17 +2525,29 @@ namespace VeraCrypt
res = NtQuerySystemInformationPtr((SYSTEM_INFORMATION_CLASS)SYSPARTITIONINFORMATION, tempBuf, sizeof(tempBuf), &len);
if (res != S_OK)
{
+ /* try to convert the returned NTSTATUS to a WIN32 system error using RtlNtStatusToDosError */
+ RtlNtStatusToDosErrorFn RtlNtStatusToDosErrorPtr = (RtlNtStatusToDosErrorFn) GetProcAddress (GetModuleHandle (L"ntdll.dll"), "RtlNtStatusToDosError");
+ if (RtlNtStatusToDosErrorPtr)
+ {
+ ULONG win32err = RtlNtStatusToDosErrorPtr (res);
+ if (win32err != ERROR_MR_MID_NOT_FOUND)
+ res = (NTSTATUS) win32err;
+ }
+
SetLastError (res);
throw SystemException (SRC_POS);
}
PUNICODE_STRING pStr = (PUNICODE_STRING) tempBuf;
+
+ g_BootVolumePath = pStr->Buffer;
g_EspPath = L"\\\\?";
g_EspPath += &pStr->Buffer[7];
g_EspPathInitialized = true;
}
path = g_EspPath;
+ bootVolumePath = g_BootVolumePath;
}
std::string ReadESPFile (LPCWSTR szFilePath, bool bSkipUTF8BOM)
@@ -2442,9 +2557,9 @@ namespace VeraCrypt
ByteArray fileContent;
DWORD dwSize = 0, dwOffset = 0;
- std::wstring pathESP;
+ std::wstring pathESP, bootVolumePath;
- GetVolumeESP(pathESP);
+ GetVolumeESP(pathESP, bootVolumePath);
if (szFilePath[0] != L'\\')
pathESP += L"\\";
File f(pathESP + szFilePath, true);
@@ -2473,7 +2588,7 @@ namespace VeraCrypt
ByteArray fileContent;
DWORD dwSize = dwDataLen, dwOffset = 0;
- std::wstring pathESP;
+ std::wstring pathESP, bootVolumePath;
if (bAddUTF8BOM)
{
@@ -2481,7 +2596,7 @@ namespace VeraCrypt
dwOffset = 3;
}
- GetVolumeESP(pathESP);
+ GetVolumeESP(pathESP, bootVolumePath);
if (szFilePath[0] != L'\\')
pathESP += L"\\";
@@ -2500,42 +2615,13 @@ namespace VeraCrypt
ZeroMemory (&sdn, sizeof (sdn));
ZeroMemory (&partInfo, sizeof (partInfo));
m_bMounted = false;
- bBootVolumePathSelected = false;
+ bDeviceInfoValid = false;
}
- void EfiBoot::SelectBootVolumeESP() {
- NTSTATUS res;
- ULONG len;
- memset(tempBuf, 0, sizeof(tempBuf));
-
- // Load NtQuerySystemInformation function point
- if (!NtQuerySystemInformationPtr)
- {
- NtQuerySystemInformationPtr = (NtQuerySystemInformationFn) GetProcAddress (GetModuleHandle (L"ntdll.dll"), "NtQuerySystemInformation");
- if (!NtQuerySystemInformationPtr)
- throw SystemException (SRC_POS);
- }
-
- res = NtQuerySystemInformationPtr((SYSTEM_INFORMATION_CLASS)SYSPARTITIONINFORMATION, tempBuf, sizeof(tempBuf), &len);
- if (res != S_OK)
- {
- SetLastError (res);
- throw SystemException (SRC_POS);
- }
-
- PUNICODE_STRING pStr = (PUNICODE_STRING) tempBuf;
- BootVolumePath = pStr->Buffer;
-
- EfiBootPartPath = L"\\\\?";
- EfiBootPartPath += &pStr->Buffer[7];
-
- bBootVolumePathSelected = true;
- }
+ void EfiBoot::PrepareBootPartition(bool bDisableException) {
+
+ GetVolumeESP (EfiBootPartPath, BootVolumePath);
- void EfiBoot::PrepareBootPartition() {
- if (!bBootVolumePathSelected) {
- SelectBootVolumeESP();
- }
std::wstring devicePath = L"\\\\?\\GLOBALROOT";
devicePath += BootVolumePath;
Device dev(devicePath.c_str(), TRUE);
@@ -2546,18 +2632,22 @@ namespace VeraCrypt
}
catch (...)
{
- throw;
+ if (!bDisableException)
+ throw;
}
- bool bSuccess = dev.IoCtl(IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, &sdn, sizeof(sdn))
- && dev.IoCtl(IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &partInfo, sizeof(partInfo));
- DWORD dwLastError = GetLastError ();
- dev.Close();
- if (!bSuccess)
+ if (dev.IsOpened())
{
- SetLastError (dwLastError);
- throw SystemException(SRC_POS);
- }
+ bDeviceInfoValid = dev.IoCtl(IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, &sdn, sizeof(sdn))
+ && dev.IoCtl(IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &partInfo, sizeof(partInfo));
+ DWORD dwLastError = GetLastError ();
+ dev.Close();
+ if (!bDeviceInfoValid && !bDisableException)
+ {
+ SetLastError (dwLastError);
+ throw SystemException(SRC_POS);
+ }
+ }
}
bool EfiBoot::IsEfiBoot() {
@@ -2615,98 +2705,107 @@ namespace VeraCrypt
}
}
- void EfiBoot::SetStartExec(wstring description, wstring execPath, uint16 statrtOrderNum , wchar_t* type, uint32 attr) {
+ void EfiBoot::SetStartExec(wstring description, wstring execPath, bool setBootEntry, bool forceFirstBootEntry, bool setBootNext, uint16 statrtOrderNum , wchar_t* type, uint32 attr) {
SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE);
// Check EFI
if (!IsEfiBoot()) {
throw ErrorException(L"can not detect EFI environment", SRC_POS);
}
- uint32 varSize = 56;
- varSize += ((uint32) description.length()) * 2 + 2;
- varSize += ((uint32) execPath.length()) * 2 + 2;
- byte *startVar = new byte[varSize];
- byte *pVar = startVar;
-
- // Attributes (1b Active, 1000b - Hidden)
- *(uint32 *)pVar = attr;
- pVar += sizeof(uint32);
-
- // Size Of device path + file path
- *(uint16 *)pVar = (uint16)(50 + execPath.length() * 2 + 2);
- pVar += sizeof(uint16);
-
- // description
- for (uint32 i = 0; i < description.length(); i++) {
- *(uint16 *)pVar = description[i];
+ if (bDeviceInfoValid)
+ {
+ uint32 varSize = 56;
+ varSize += ((uint32) description.length()) * 2 + 2;
+ varSize += ((uint32) execPath.length()) * 2 + 2;
+ byte *startVar = new byte[varSize];
+ byte *pVar = startVar;
+
+ // Attributes (1b Active, 1000b - Hidden)
+ *(uint32 *)pVar = attr;
+ pVar += sizeof(uint32);
+
+ // Size Of device path + file path
+ *(uint16 *)pVar = (uint16)(50 + execPath.length() * 2 + 2);
+ pVar += sizeof(uint16);
+
+ // description
+ for (uint32 i = 0; i < description.length(); i++) {
+ *(uint16 *)pVar = description[i];
+ pVar += sizeof(uint16);
+ }
+ *(uint16 *)pVar = 0;
pVar += sizeof(uint16);
- }
- *(uint16 *)pVar = 0;
- pVar += sizeof(uint16);
- /* EFI_DEVICE_PATH_PROTOCOL (HARDDRIVE_DEVICE_PATH \ FILE_PATH \ END) */
+ /* EFI_DEVICE_PATH_PROTOCOL (HARDDRIVE_DEVICE_PATH \ FILE_PATH \ END) */
- // Type
- *(byte *)pVar = 0x04;
- pVar += sizeof(byte);
+ // Type
+ *(byte *)pVar = 0x04;
+ pVar += sizeof(byte);
- // SubType
- *(byte *)pVar = 0x01;
- pVar += sizeof(byte);
+ // SubType
+ *(byte *)pVar = 0x01;
+ pVar += sizeof(byte);
- // HDD dev path length
- *(uint16 *)pVar = 0x2A; // 42
- pVar += sizeof(uint16);
+ // HDD dev path length
+ *(uint16 *)pVar = 0x2A; // 42
+ pVar += sizeof(uint16);
- // PartitionNumber
- *(uint32 *)pVar = (uint32)partInfo.PartitionNumber;
- pVar += sizeof(uint32);
+ // PartitionNumber
+ *(uint32 *)pVar = (uint32)partInfo.PartitionNumber;
+ pVar += sizeof(uint32);
- // PartitionStart
- *(uint64 *)pVar = partInfo.StartingOffset.QuadPart >> 9;
- pVar += sizeof(uint64);
+ // PartitionStart
+ *(uint64 *)pVar = partInfo.StartingOffset.QuadPart >> 9;
+ pVar += sizeof(uint64);
- // PartitiontSize
- *(uint64 *)pVar = partInfo.PartitionLength.QuadPart >> 9;
- pVar += sizeof(uint64);
+ // PartitiontSize
+ *(uint64 *)pVar = partInfo.PartitionLength.QuadPart >> 9;
+ pVar += sizeof(uint64);
- // GptGuid
- memcpy(pVar, &partInfo.Gpt.PartitionId, 16);
- pVar += 16;
+ // GptGuid
+ memcpy(pVar, &partInfo.Gpt.PartitionId, 16);
+ pVar += 16;
- // MbrType
- *(byte *)pVar = 0x02;
- pVar += sizeof(byte);
+ // MbrType
+ *(byte *)pVar = 0x02;
+ pVar += sizeof(byte);
- // SigType
- *(byte *)pVar = 0x02;
- pVar += sizeof(byte);
+ // SigType
+ *(byte *)pVar = 0x02;
+ pVar += sizeof(byte);
- // Type and sub type 04 04 (file path)
- *(uint16 *)pVar = 0x0404;
- pVar += sizeof(uint16);
+ // Type and sub type 04 04 (file path)
+ *(uint16 *)pVar = 0x0404;
+ pVar += sizeof(uint16);
- // SizeOfFilePath ((CHAR16)FullPath.length + sizeof(EndOfrecord marker) )
- *(uint16 *)pVar = (uint16)(execPath.length() * 2 + 2 + sizeof(uint32));
- pVar += sizeof(uint16);
+ // SizeOfFilePath ((CHAR16)FullPath.length + sizeof(EndOfrecord marker) )
+ *(uint16 *)pVar = (uint16)(execPath.length() * 2 + 2 + sizeof(uint32));
+ pVar += sizeof(uint16);
- // FilePath
- for (uint32 i = 0; i < execPath.length(); i++) {
- *(uint16 *)pVar = execPath[i];
+ // FilePath
+ for (uint32 i = 0; i < execPath.length(); i++) {
+ *(uint16 *)pVar = execPath[i];
+ pVar += sizeof(uint16);
+ }
+ *(uint16 *)pVar = 0;
pVar += sizeof(uint16);
- }
- *(uint16 *)pVar = 0;
- pVar += sizeof(uint16);
- // EndOfrecord
- *(uint32 *)pVar = 0x04ff7f;
- pVar += sizeof(uint32);
+ // EndOfrecord
+ *(uint32 *)pVar = 0x04ff7f;
+ pVar += sizeof(uint32);
- // Set variable
- wchar_t varName[256];
- StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum);
- SetFirmwareEnvironmentVariable(varName, EfiVarGuid, startVar, varSize);
- delete [] startVar;
+ // Set variable
+ wchar_t varName[256];
+ StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum);
+
+ // only set value if it doesn't already exist
+ byte* existingVar = new byte[varSize];
+ DWORD existingVarLen = GetFirmwareEnvironmentVariableW (varName, EfiVarGuid, existingVar, varSize);
+ if ((existingVarLen != varSize) || (0 != memcmp (existingVar, startVar, varSize)))
+ SetFirmwareEnvironmentVariable(varName, EfiVarGuid, startVar, varSize);
+ delete [] startVar;
+ delete [] existingVar;
+ }
// Update order
wstring order = L"Order";
@@ -2723,42 +2822,183 @@ namespace VeraCrypt
}
}
- // Create new entry if absent
- if (startOrderNumPos == UINT_MAX) {
- for (uint32 i = startOrderLen / 2; i > 0; --i) {
- startOrder[i] = startOrder[i - 1];
+ if (setBootEntry)
+ {
+ // check if first entry in BootOrder is Windows one
+ bool bFirstEntryIsWindows = false;
+ if (startOrderNumPos != 0)
+ {
+ wchar_t varName[256];
+ StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, startOrder[0]);
+
+ byte* existingVar = new byte[512];
+ DWORD existingVarLen = GetFirmwareEnvironmentVariableW (varName, EfiVarGuid, existingVar, 512);
+ if (existingVarLen > 0)
+ {
+ if (BufferContainsWideString (existingVar, existingVarLen, L"EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+ bFirstEntryIsWindows = true;
+ }
+
+ delete [] existingVar;
}
- startOrder[0] = statrtOrderNum;
- startOrderLen += 2;
- startOrderUpdate = true;
- } else if (startOrderNumPos > 0) {
- for (uint32 i = startOrderNumPos; i > 0; --i) {
- startOrder[i] = startOrder[i - 1];
+
+
+ // Create new entry if absent
+ if (startOrderNumPos == UINT_MAX) {
+ if (bDeviceInfoValid)
+ {
+ if (forceFirstBootEntry && bFirstEntryIsWindows)
+ {
+ for (uint32 i = startOrderLen / 2; i > 0; --i) {
+ startOrder[i] = startOrder[i - 1];
+ }
+ startOrder[0] = statrtOrderNum;
+ }
+ else
+ {
+ startOrder[startOrderLen/2] = statrtOrderNum;
+ }
+ startOrderLen += 2;
+ startOrderUpdate = true;
+ }
+ } else if ((startOrderNumPos > 0) && forceFirstBootEntry && bFirstEntryIsWindows) {
+ for (uint32 i = startOrderNumPos; i > 0; --i) {
+ startOrder[i] = startOrder[i - 1];
+ }
+ startOrder[0] = statrtOrderNum;
+ startOrderUpdate = true;
+ }
+
+ if (startOrderUpdate) {
+ SetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, startOrder, startOrderLen);
}
- startOrder[0] = statrtOrderNum;
- startOrderUpdate = true;
}
- if (startOrderUpdate) {
- SetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, startOrder, startOrderLen);
+ if (setBootNext)
+ {
+ // set BootNext value
+ wstring next = L"Next";
+ next.insert(0, type == NULL ? L"Boot" : type);
+
+ SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, &statrtOrderNum, 2);
+
+ }
+ }
+
+ bool EfiBoot::CompareFiles (const wchar_t* fileName1, const wchar_t* fileName2)
+ {
+ bool bRet = false;
+ File f1 (fileName1, true);
+ File f2 (fileName2, true);
+
+ if (f1.IsOpened() && f2.IsOpened())
+ {
+ try
+ {
+ DWORD size1, size2;
+ f1.GetFileSize (size1);
+ f2.GetFileSize (size2);
+
+ if (size1 == size2)
+ {
+ // same size, so now we compare content
+ std::vector<byte> file1Buf (8096);
+ std::vector<byte> file2Buf (8096);
+ DWORD remainingBytes = size1, dataToRead;
+
+ while (remainingBytes)
+ {
+ dataToRead = VC_MIN (remainingBytes, (DWORD) file1Buf.size());
+ DWORD f1Bytes = f1.Read (file1Buf.data(), dataToRead);
+ DWORD f2Bytes = f2.Read (file2Buf.data(), dataToRead);
+
+ if ((f1Bytes != f2Bytes) || memcmp (file1Buf.data(), file2Buf.data(), (size_t) f1Bytes))
+ {
+ break;
+ }
+ else
+ {
+ remainingBytes -= f1Bytes;
+ }
+ }
+
+ if (0 == remainingBytes)
+ {
+ // content is the same
+ bRet = true;
+ }
+ }
+ }
+ catch (...) {}
}
- // set BootNext value
- wstring next = L"Next";
- next.insert(0, type == NULL ? L"Boot" : type);
+ f1.Close();
+ f2.Close();
+
+ return bRet;
+ }
+
+ bool EfiBoot::CompareFileData (const wchar_t* fileName, const byte* data, DWORD size)
+ {
+ bool bRet = false;
+
+ File f(fileName, true);
+ if (f.IsOpened ())
+ {
+ try
+ {
+ // check if the file has the same content
+ // if yes, don't perform any write operation to avoid changing its timestamp
+ DWORD existingSize = 0;
- SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, &statrtOrderNum, 2);
+ f.GetFileSize(existingSize);
+
+ if (existingSize == size)
+ {
+ std::vector<byte> fileBuf (8096);
+ DWORD remainingBytes = size, dataOffset = 0, dataToRead;
+
+ while (remainingBytes)
+ {
+ dataToRead = VC_MIN (remainingBytes, (DWORD) fileBuf.size());
+ dataToRead = f.Read (fileBuf.data(), dataToRead);
+ if (memcmp (data + dataOffset, fileBuf.data(), (size_t) dataToRead))
+ {
+ break;
+ }
+ else
+ {
+ dataOffset += dataToRead;
+ remainingBytes -= dataToRead;
+ }
+ }
+
+ if (0 == remainingBytes)
+ {
+ // content is the same
+ bRet = true;
+ }
+ }
+ }
+ catch (...){}
+ }
+
+ f.Close();
+
+ return bRet;
}
void EfiBoot::SaveFile(const wchar_t* name, byte* data, DWORD size) {
wstring path = EfiBootPartPath;
path += name;
- File f(path, false, true);
- f.Write(data, size);
- f.Close();
-
+ if (!CompareFileData (path.c_str(), data, size))
+ {
+ File f(path, false, true);
+ f.Write(data, size);
+ f.Close();
+ }
}
bool EfiBoot::FileExists(const wchar_t* name) {
@@ -2797,7 +3037,10 @@ namespace VeraCrypt
}
else
targetPath = targetName;
- throw_sys_if (!::CopyFileW (path.c_str(), targetPath.c_str(), FALSE));
+
+ // if both files are the same, we don't perform copy operation
+ if (!CompareFiles (path.c_str(), targetPath.c_str()))
+ throw_sys_if (!::CopyFileW (path.c_str(), targetPath.c_str(), FALSE));
}
BOOL EfiBoot::RenameFile(const wchar_t* name, const wchar_t* nameNew, BOOL bForce) {
@@ -2805,7 +3048,16 @@ namespace VeraCrypt
path += name;
wstring pathNew = EfiBootPartPath;
pathNew += nameNew;
- return MoveFileExW(path.c_str(), pathNew.c_str(), bForce? MOVEFILE_REPLACE_EXISTING : 0);
+
+ BOOL bRet;
+ if (CompareFiles (path.c_str(), pathNew.c_str()))
+ {
+ // files identical. Delete source file only
+ bRet = DeleteFile (path.c_str());
+ }
+ else
+ bRet = MoveFileExW(path.c_str(), pathNew.c_str(), bForce? MOVEFILE_REPLACE_EXISTING : 0);
+ return bRet;
}
BOOL EfiBoot::DelFile(const wchar_t* name) {
@@ -2955,20 +3207,69 @@ namespace VeraCrypt
if (bForInstall)
{
+ /* Before updating files, we check first if they already have the expected content. If yes, then we don't perform
+ * any write operation to avoid modifying file timestamps Unnecessarily.
+ */
+ bool bSkipWrite = false;
+ wchar_t wszBuffer [2 * TC_MAX_PATH] = {0};
wstring szPathParam = L"\"";
szPathParam += szInstallPath;
szPathParam += L"\"";
- WritePrivateProfileStringW (L"SetupConfig", L"ReflectDrivers", szPathParam.c_str(), szSetupconfigLocation);
+ if ( (0 < GetPrivateProfileStringW (L"SetupConfig", L"ReflectDrivers", L"", wszBuffer, ARRAYSIZE (wszBuffer), szSetupconfigLocation))
+ && (_wcsicmp (wszBuffer, szInstallPath) == 0)
+ )
+ {
+ bSkipWrite = true;
+ }
+
+ if (!bSkipWrite)
+ WritePrivateProfileStringW (L"SetupConfig", L"ReflectDrivers", szPathParam.c_str(), szSetupconfigLocation);
+
+ bSkipWrite = false;
szPathParam = GetProgramConfigPath (L"SetupComplete.cmd");
- FILE* scriptFile = _wfopen (szPathParam.c_str(), L"w");
+
+ wstring wszExpectedValue = L"\"";
+ wszExpectedValue += szInstallPath;
+ wszExpectedValue += L"\\VeraCrypt.exe\" /PostOOBE";
+
+ FILE* scriptFile = _wfopen (szPathParam.c_str(), L"r");
if (scriptFile)
{
- fwprintf (scriptFile, L"\"%s\\VeraCrypt.exe\" /PostOOBE\n", szInstallPath);
+ long fileSize = _filelength (_fileno (scriptFile));
+ if (fileSize < (2 * TC_MAX_PATH))
+ {
+ fgetws (wszBuffer, ARRAYSIZE (wszBuffer), scriptFile);
+
+ if (wszBuffer[wcslen (wszBuffer) - 1] == L'\n')
+ wszBuffer[wcslen (wszBuffer) - 1] = 0;
+
+ bSkipWrite = (0 == _wcsicmp (wszBuffer, wszExpectedValue.c_str()));
+ }
fclose (scriptFile);
+ }
- WritePrivateProfileStringW (L"SetupConfig", L"PostOOBE", szPathParam.c_str(), szSetupconfigLocation);
+ if (!bSkipWrite)
+ {
+ scriptFile = _wfopen (szPathParam.c_str(), L"w");
+ if (scriptFile)
+ {
+ fwprintf (scriptFile, L"%s\n", wszExpectedValue.c_str());
+ fclose (scriptFile);
+ }
}
+
+ bSkipWrite = false;
+
+ if ( (0 < GetPrivateProfileStringW (L"SetupConfig", L"PostOOBE", L"", wszBuffer, ARRAYSIZE (wszBuffer), szSetupconfigLocation))
+ && (_wcsicmp (wszBuffer, szPathParam.c_str()) == 0)
+ )
+ {
+ bSkipWrite = true;
+ }
+
+ if (!bSkipWrite)
+ WritePrivateProfileStringW (L"SetupConfig", L"PostOOBE", szPathParam.c_str(), szSetupconfigLocation);
}
else
{
@@ -3063,7 +3364,7 @@ namespace VeraCrypt
if (!DcsInfoImg)
throw ErrorException(L"Out of resource DcsInfo", SRC_POS);
- EfiBootInst.PrepareBootPartition();
+ EfiBootInst.PrepareBootPartition(PostOOBEMode);
try
{
@@ -3076,8 +3377,15 @@ namespace VeraCrypt
if (preserveUserConfig)
{
- bool bModifiedMsBoot = true;
- EfiBootInst.GetFileSize(L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", loaderSize);
+ bool bModifiedMsBoot = true, bMissingMsBoot = false;;
+ if (EfiBootInst.FileExists (L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+ EfiBootInst.GetFileSize(L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", loaderSize);
+ else
+ bMissingMsBoot = true;
+
+ // restore boot menu entry in case of PostOOBE
+ if (PostOOBEMode)
+ EfiBootInst.SetStartExec(L"VeraCrypt BootLoader (DcsBoot)", L"\\EFI\\VeraCrypt\\DcsBoot.efi", SetBootEntry, ForceFirstBootEntry, SetBootNext);
if (EfiBootInst.FileExists (L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc"))
{
@@ -3120,37 +3428,40 @@ namespace VeraCrypt
EfiBootConf conf;
if (EfiBootInst.ReadConfig (L"\\EFI\\VeraCrypt\\DcsProp", conf) && strlen (conf.actionSuccessValue.c_str()))
{
- string actionValue = conf.actionSuccessValue;
- std::transform(actionValue.begin(), actionValue.end(), actionValue.begin(), ::tolower);
-
- if (strstr (actionValue.c_str(), "postexec") && strstr (actionValue.c_str(), "file("))
+ wstring loaderPath;
+ if (EfiBootConf::IsPostExecFileField (conf.actionSuccessValue, loaderPath))
{
- char c;
- const char* ptr = strstr (actionValue.c_str(), "file(");
- ptr += 5;
- wstring loaderPath = L"\\";
- while ((c = *ptr))
+ // check that it is not bootmgfw.efi
+ if ( (0 != _wcsicmp (loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+ && (EfiBootInst.FileExists (loaderPath.c_str()))
+ )
{
- if (c == ')' || c == ' ')
- break;
- loaderPath += (wchar_t) c;
- ptr++;
+ // look for bootmgfw.efi identifiant string
+ EfiBootInst.GetFileSize(loaderPath.c_str(), loaderSize);
+ std::vector<byte> bootLoaderBuf ((size_t) loaderSize);
+
+ EfiBootInst.ReadFile(loaderPath.c_str(), &bootLoaderBuf[0], (DWORD) loaderSize);
+
+ // look for bootmgfw.efi identifiant string
+ if (BufferHasPattern (bootLoaderBuf.data (), (size_t) loaderSize, g_szMsBootString, strlen (g_szMsBootString)))
+ {
+ bFound = true;
+ EfiBootInst.RenameFile(loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", TRUE);
+ }
}
- bFound = true;
- EfiBootInst.RenameFile(loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", TRUE);
}
}
- if (!bFound)
+ if (!bFound && !PostOOBEMode)
throw ErrorException ("WINDOWS_EFI_BOOT_LOADER_MISSING", SRC_POS);
}
}
- if (PostOOBEMode)
- {
+ if (PostOOBEMode && EfiBootInst.FileExists (L"\\EFI\\VeraCrypt\\DcsBoot.efi"))
+ {
// check if bootmgfw.efi has been set again to Microsoft version
// if yes, replace it with our bootloader after it was copied to bootmgfw_ms.vc
- if (!bModifiedMsBoot)
+ if (!bModifiedMsBoot || bMissingMsBoot)
EfiBootInst.CopyFile (L"\\EFI\\VeraCrypt\\DcsBoot.efi", L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi");
if (EfiBootInst.FileExists (szStdEfiBootloader))
@@ -3244,50 +3555,67 @@ namespace VeraCrypt
}
else
{
- byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0};
- CreateBootLoaderInMemory (bootLoaderBuf, sizeof (bootLoaderBuf), false, hiddenOSCreation);
+ try
+ {
+ byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0};
+ CreateBootLoaderInMemory (bootLoaderBuf, sizeof (bootLoaderBuf), false, hiddenOSCreation);
- // Write MBR
- byte mbr[TC_SECTOR_SIZE_BIOS];
+ // Write MBR
+ byte mbr[TC_SECTOR_SIZE_BIOS];
- device.SeekAt (0);
- device.Read (mbr, sizeof (mbr));
+ device.SeekAt (0);
+ device.Read (mbr, sizeof (mbr));
- if (preserveUserConfig && BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME))
- {
- uint16 version = BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET));
- if (version != 0)
+ if (preserveUserConfig && BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME))
{
- bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET];
- memcpy (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH);
-
- if (bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)
+ uint16 version = BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET));
+ if (version != 0)
{
- if (pim >= 0)
+ bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET];
+ memcpy (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH);
+
+ if (bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)
{
- memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
+ if (pim >= 0)
+ {
+ memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
+ }
+ else
+ memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
}
- else
- memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
}
}
- }
- memcpy (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE);
+ // perform actual write only if content is different and either we are not in PostOOBE mode or the MBR contains VeraCrypt/Windows signature.
+ // this last check is done to avoid interfering with multi-boot configuration where MBR belongs to a boot manager like Grub
+ if (memcmp (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE)
+ && (!PostOOBEMode || BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME) || IsWindowsMBR (mbr, sizeof (mbr))))
+ {
+ memcpy (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE);
- device.SeekAt (0);
- device.Write (mbr, sizeof (mbr));
+ device.SeekAt (0);
+ device.Write (mbr, sizeof (mbr));
- byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS];
- device.SeekAt (0);
- device.Read (mbrVerificationBuf, sizeof (mbr));
+ byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS];
+ device.SeekAt (0);
+ device.Read (mbrVerificationBuf, sizeof (mbr));
- if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0)
- throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS);
+ if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0)
+ throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS);
+ }
- // Write boot loader
- device.SeekAt (TC_SECTOR_SIZE_BIOS);
- device.Write (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, sizeof (bootLoaderBuf) - TC_SECTOR_SIZE_BIOS);
+ if (!PostOOBEMode)
+ {
+ // Write boot loader
+ device.SeekAt (TC_SECTOR_SIZE_BIOS);
+ device.Write (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, sizeof (bootLoaderBuf) - TC_SECTOR_SIZE_BIOS);
+ }
+ }
+ catch (...)
+ {
+ if (!PostOOBEMode)
+ throw;
+ }
}
if (!IsAdmin() && IsUacSupported())
@@ -3441,16 +3769,23 @@ namespace VeraCrypt
if (!DcsInfoImg)
throw ParameterIncorrect (SRC_POS);
- char szTmpPath[MAX_PATH + 1], szTmpFilePath[MAX_PATH + 1];
- if (!GetTempPathA (MAX_PATH, szTmpPath))
+ WCHAR szTmpPath[MAX_PATH + 1], szTmpFilePath[MAX_PATH + 1];
+ if (!GetTempPathW (MAX_PATH, szTmpPath))
throw SystemException (SRC_POS);
- if (!GetTempFileNameA (szTmpPath, "_vrd", 0, szTmpFilePath))
+ if (!GetTempFileNameW (szTmpPath, L"_vrd", 0, szTmpFilePath))
throw SystemException (SRC_POS);
- finally_do_arg (char*, szTmpFilePath, { DeleteFileA (finally_arg);});
+ finally_do_arg (WCHAR*, szTmpFilePath, { DeleteFileW (finally_arg);});
int ierr;
- zip_t* z = zip_open (szTmpFilePath, ZIP_CREATE | ZIP_TRUNCATE | ZIP_CHECKCONS, &ierr);
+
+ // convert szTmpFilePath to UTF-8 since this is what zip_open expected
+ char szUtf8Path[2*MAX_PATH + 1];
+ int utf8Len = WideCharToMultiByte (CP_UTF8, 0, szTmpFilePath, -1, szUtf8Path, sizeof (szUtf8Path), NULL, NULL);
+ if (utf8Len <= 0)
+ throw SystemException (SRC_POS);
+
+ zip_t* z = zip_open (szUtf8Path, ZIP_CREATE | ZIP_TRUNCATE | ZIP_CHECKCONS, &ierr);
if (!z)
throw ParameterIncorrect (SRC_POS);
@@ -3542,7 +3877,7 @@ namespace VeraCrypt
z = NULL;
// read the zip data from the temporary file
- FILE* ftmpFile = fopen (szTmpFilePath, "rb");
+ FILE* ftmpFile = _wfopen (szTmpFilePath, L"rb");
if (!ftmpFile)
throw ParameterIncorrect (SRC_POS);
@@ -4230,24 +4565,27 @@ namespace VeraCrypt
EfiBootConf conf;
if (EfiBootInst.ReadConfig (L"\\EFI\\VeraCrypt\\DcsProp", conf) && strlen (conf.actionSuccessValue.c_str()))
{
- string actionValue = conf.actionSuccessValue;
- std::transform(actionValue.begin(), actionValue.end(), actionValue.begin(), ::tolower);
-
- if (strstr (actionValue.c_str(), "postexec") && strstr (actionValue.c_str(), "file("))
+ wstring loaderPath;
+ if (EfiBootConf::IsPostExecFileField (conf.actionSuccessValue, loaderPath))
{
- char c;
- const char* ptr = strstr (actionValue.c_str(), "file(");
- ptr += 5;
- wstring loaderPath = L"\\";
- while ((c = *ptr))
+ // check that it is not bootmgfw_ms.vc or bootmgfw.efi
+ if ( (0 != _wcsicmp (loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc"))
+ && (0 != _wcsicmp (loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi"))
+ )
{
- if (c == ')' || c == ' ')
- break;
- loaderPath += (wchar_t) c;
- ptr++;
- }
+ const char* g_szMsBootString = "bootmgfw.pdb";
+ unsigned __int64 loaderSize = 0;
+ EfiBootInst.GetFileSize(loaderPath.c_str(), loaderSize);
+ std::vector<byte> bootLoaderBuf ((size_t) loaderSize);
- EfiBootInst.RenameFile(loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", TRUE);
+ EfiBootInst.ReadFile(loaderPath.c_str(), &bootLoaderBuf[0], (DWORD) loaderSize);
+
+ // look for bootmgfw.efi identifiant string
+ if (BufferHasPattern (bootLoaderBuf.data (), (size_t) loaderSize, g_szMsBootString, strlen (g_szMsBootString)))
+ {
+ EfiBootInst.RenameFile(loaderPath.c_str(), L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", TRUE);
+ }
+ }
}
}
}
@@ -4567,6 +4905,16 @@ namespace VeraCrypt
if (registerService)
{
+ // check if service already exists.
+ // If yes then start it immediatly after reinstalling it
+ bool bAlreadyExists = false;
+ SC_HANDLE service = OpenService (scm, TC_SYSTEM_FAVORITES_SERVICE_NAME, GENERIC_READ);
+ if (service)
+ {
+ bAlreadyExists = true;
+ CloseServiceHandle (service);
+ }
+
try
{
RegisterSystemFavoritesService (FALSE, noFileHandling);
@@ -4577,11 +4925,19 @@ namespace VeraCrypt
{
wchar_t appPath[TC_MAX_PATH];
throw_sys_if (!GetModuleFileName (NULL, appPath, ARRAYSIZE (appPath)));
-
+ /* explicitely specify VeraCrypt.exe as the file to copy and don't rely
+ * on the fact we will be always called by VeraCrypt.exe because it's not
+ * always true.
+ */
+ wchar_t* ptr = wcsrchr (appPath, L'\\');
+ if (ptr)
+ ptr[1] = 0;
+ StringCchCatW (appPath, ARRAYSIZE (appPath), _T(TC_APP_NAME) L".exe");
+
throw_sys_if (!CopyFile (appPath, servicePath.c_str(), FALSE));
}
- SC_HANDLE service = CreateService (scm,
+ service = CreateService (scm,
TC_SYSTEM_FAVORITES_SERVICE_NAME,
_T(TC_APP_NAME) L" System Favorites",
SERVICE_ALL_ACCESS,
@@ -4601,6 +4957,10 @@ namespace VeraCrypt
description.lpDescription = L"Mounts VeraCrypt system favorite volumes.";
ChangeServiceConfig2 (service, SERVICE_CONFIG_DESCRIPTION, &description);
+ // start the service immediatly if it already existed before
+ if (bAlreadyExists)
+ StartService (service, 0, NULL);
+
CloseServiceHandle (service);
try
@@ -4642,6 +5002,30 @@ namespace VeraCrypt
}
}
+ bool BootEncryption::IsSystemFavoritesServiceRunning ()
+ {
+ bool bRet = false;
+ SC_HANDLE scm = OpenSCManager (NULL, NULL, SC_MANAGER_CONNECT);
+ if (scm)
+ {
+ SC_HANDLE service = OpenService(scm, TC_SYSTEM_FAVORITES_SERVICE_NAME, GENERIC_READ);
+ if (service)
+ {
+ SERVICE_STATUS status;
+ if (QueryServiceStatus(service, &status))
+ {
+ bRet = (status.dwCurrentState == SERVICE_RUNNING);
+ }
+
+ CloseServiceHandle(service);
+ }
+
+ CloseServiceHandle (scm);
+ }
+
+ return bRet;
+ }
+
void BootEncryption::UpdateSystemFavoritesService ()
{
SC_HANDLE scm = OpenSCManager (NULL, NULL, SC_MANAGER_ALL_ACCESS);
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h
index 0b5fe4f..decacb8 100644
--- a/src/Common/BootEncryption.h
+++ b/src/Common/BootEncryption.h
@@ -29,6 +29,10 @@ typedef NTSTATUS (WINAPI *NtQuerySystemInformationFn)(
PULONG ReturnLength
);
+typedef ULONG (WINAPI *RtlNtStatusToDosErrorFn)(
+ NTSTATUS Status
+);
+
using namespace std;
namespace VeraCrypt
@@ -189,9 +193,11 @@ namespace VeraCrypt
BOOL Load (const wchar_t* fileName);
void Load (char* configContent);
BOOL Save (const wchar_t* fileName, HWND hwnd);
+ static BOOL IsPostExecFileField (const string& szFieldValue, string& filePath);
+ static BOOL IsPostExecFileField (const string& szFieldValue, wstring& filePath);
};
- void GetVolumeESP(wstring& path);
+ void GetVolumeESP(wstring& path, wstring& bootVolumePath);
std::string ReadESPFile (LPCWSTR szFilePath, bool bSkipUTF8BOM);
void WriteESPFile (LPCWSTR szFilePath, LPBYTE pbData, DWORD dwDataLen, bool bAddUTF8BOM);
@@ -199,16 +205,18 @@ namespace VeraCrypt
public:
EfiBoot();
- void PrepareBootPartition();
+ void PrepareBootPartition(bool bDisableException = false);
bool IsEfiBoot();
void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);
- void SetStartExec(wstring description, wstring execPath, uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL, uint32 attr = 1);
+ void SetStartExec(wstring description, wstring execPath, bool setBootEntry = true, bool forceFirstBootEntry = true, bool setBootNext = true, uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL, uint32 attr = 1);
void SaveFile(const wchar_t* name, byte* data, DWORD size);
void GetFileSize(const wchar_t* name, unsigned __int64& size);
void ReadFile(const wchar_t* name, byte* data, DWORD size);
void CopyFile(const wchar_t* name, const wchar_t* targetName);
bool FileExists(const wchar_t* name);
+ static bool CompareFiles (const wchar_t* fileName1, const wchar_t* fileName2);
+ static bool CompareFileData (const wchar_t* fileName, const byte* data, DWORD size);
BOOL RenameFile(const wchar_t* name, const wchar_t* nameNew, BOOL bForce);
BOOL DelFile(const wchar_t* name);
@@ -217,23 +225,22 @@ namespace VeraCrypt
BOOL UpdateConfig (const wchar_t* name, int pim, int hashAlgo, HWND hwndDlg);
BOOL WriteConfig (const wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg);
BOOL DelDir(const wchar_t* name);
- void SelectBootVolumeESP();
- PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;}
+ PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { if (bDeviceInfoValid) return &sdn; else { SetLastError (ERROR_INVALID_DRIVE); throw SystemException(SRC_POS);}}
protected:
bool m_bMounted;
std::wstring EfiBootPartPath;
STORAGE_DEVICE_NUMBER sdn;
PARTITION_INFORMATION_EX partInfo;
+ bool bDeviceInfoValid;
WCHAR tempBuf[1024];
- bool bBootVolumePathSelected;
std::wstring BootVolumePath;
};
class BootEncryption
{
public:
- BootEncryption (HWND parent, bool postOOBE = false);
+ BootEncryption (HWND parent, bool postOOBE = false, bool setBootEntry = true, bool forceFirstBootEntry = true, bool setBootNext = false);
~BootEncryption ();
enum FilterType
@@ -285,6 +292,7 @@ namespace VeraCrypt
void RegisterFilterDriver (bool registerDriver, FilterType filterType);
void RegisterSystemFavoritesService (BOOL registerService);
void RegisterSystemFavoritesService (BOOL registerService, BOOL noFileHandling);
+ bool IsSystemFavoritesServiceRunning ();
void UpdateSystemFavoritesService ();
void RenameDeprecatedSystemLoaderBackup ();
bool RestartComputer (BOOL bShutdown = FALSE);
@@ -344,6 +352,9 @@ namespace VeraCrypt
bool RescueVolumeHeaderValid;
bool VolumeHeaderValid;
bool PostOOBEMode;
+ bool SetBootNext;
+ bool SetBootEntry;
+ bool ForceFirstBootEntry;
};
}
@@ -361,6 +372,9 @@ namespace VeraCrypt
#define VC_SYSTEM_FAVORITES_SERVICE_ARG_SKIP_MOUNT L"/SkipMount"
#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER 0x1
+#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT 0x2
+#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY 0x4
+#define VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY 0x8
#define VC_WINDOWS_UPGRADE_POSTOOBE_CMDLINE_OPTION L"/PostOOBE"
diff --git a/src/Common/Common.rc b/src/Common/Common.rc
index 60ea0a5..d55e31b 100644
--- a/src/Common/Common.rc
+++ b/src/Common/Common.rc
@@ -65,39 +65,39 @@ BEGIN
PUSHBUTTON "Cancel",IDCANCEL,248,190,50,14
END
-IDD_MOUNT_OPTIONS DIALOGEX 0, 0, 277, 244
+IDD_MOUNT_OPTIONS DIALOGEX 0, 0, 310, 244
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - Mount Options"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Mount volume as read-&only",IDC_MOUNT_READONLY,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,11,194,10
+ CONTROL "Mount volume as read-&only",IDC_MOUNT_READONLY,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,11,231,10
CONTROL "Mount volume as removable &medium",IDC_MOUNT_REMOVABLE,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,25,195,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,25,231,10
CONTROL "Use backup header embedded in &volume if available",IDC_USE_EMBEDDED_HEADER_BAK,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,39,257,11
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,39,295,11
CONTROL "Mount partition &using system encryption without pre-boot authentication",IDC_MOUNT_SYSENC_PART_WITHOUT_PBA,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,53,259,11
- EDITTEXT IDC_VOLUME_LABEL,112,82,150,14,ES_AUTOHSCROLL
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,53,295,11
+ EDITTEXT IDC_VOLUME_LABEL,134,82,167,14,ES_AUTOHSCROLL
CONTROL "&Protect hidden volume against damage caused by writing to outer volume",IDC_PROTECT_HIDDEN_VOL,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,115,252,10
- EDITTEXT IDC_PASSWORD_PROT_HIDVOL,112,133,151,14,ES_PASSWORD | ES_AUTOHSCROLL
- COMBOBOX IDC_PKCS5_PRF_ID,112,154,91,90,CBS_DROPDOWNLIST | WS_TABSTOP
- EDITTEXT IDC_PIM,112,174,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER | NOT WS_VISIBLE
- CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,179,97,10
- LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,158,177,112,8,NOT WS_VISIBLE
- CONTROL "&Display password",IDC_SHOW_PASSWORD_MO,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,192,90,10
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE_HIDVOL_PROT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,205,90,10
- PUSHBUTTON "&Keyfiles...",IDC_KEYFILES_HIDVOL_PROT,204,201,60,14
- DEFPUSHBUTTON "OK",IDOK,211,7,60,14
- PUSHBUTTON "Cancel",IDCANCEL,211,24,60,14
- LTEXT "What is hidden volume protection?",IDC_LINK_HIDVOL_PROTECTION_INFO,16,220,247,10,SS_NOTIFY
- RTEXT "P&assword to hidden volume:\n(if empty, cache is used)",IDT_HIDDEN_PROT_PASSWD,15,132,91,17,0,WS_EX_RIGHT
- GROUPBOX "Hidden Volume Protection",IDT_HIDDEN_VOL_PROTECTION,6,101,265,136
- RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,15,155,91,17
- RTEXT "Volume PIM:",IDT_PIM,15,177,91,17,NOT WS_VISIBLE
- LTEXT "Volume Label in Windows:",IDT_VOLUME_LABEL,12,85,95,8
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,115,283,10
+ EDITTEXT IDC_PASSWORD_PROT_HIDVOL,134,133,167,14,ES_PASSWORD | ES_AUTOHSCROLL
+ COMBOBOX IDC_PKCS5_PRF_ID,134,154,91,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ EDITTEXT IDC_PIM,134,174,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER | NOT WS_VISIBLE
+ CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,134,179,97,10
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,181,177,121,8,NOT WS_VISIBLE
+ CONTROL "&Display password",IDC_SHOW_PASSWORD_MO,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,134,192,90,10
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE_HIDVOL_PROT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,134,205,90,10
+ PUSHBUTTON "&Keyfiles...",IDC_KEYFILES_HIDVOL_PROT,239,201,60,14
+ DEFPUSHBUTTON "OK",IDOK,246,7,60,14
+ PUSHBUTTON "Cancel",IDCANCEL,246,24,60,14
+ LTEXT "What is hidden volume protection?",IDC_LINK_HIDVOL_PROTECTION_INFO,16,220,279,10,SS_NOTIFY
+ RTEXT "P&assword to hidden volume:\n(if empty, cache is used)",IDT_HIDDEN_PROT_PASSWD,15,132,115,17,0,WS_EX_RIGHT
+ GROUPBOX "Hidden Volume Protection",IDT_HIDDEN_VOL_PROTECTION,6,101,299,136
+ RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,15,155,115,17
+ RTEXT "Volume PIM:",IDT_PIM,15,177,115,17,NOT WS_VISIBLE
+ LTEXT "Volume Label in Windows:",IDT_VOLUME_LABEL,12,85,115,8
CONTROL "Only create virtual device without mounting on selected drive letter",IDC_DISABLE_MOUNT_MANAGER,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,67,231,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,67,297,10
END
IDD_KEYFILES DIALOGEX 0, 0, 363, 251
@@ -375,6 +375,7 @@ BEGIN
IDD_MOUNT_OPTIONS, DIALOG
BEGIN
LEFTMARGIN, 7
+ RIGHTMARGIN, 309
TOPMARGIN, 7
BOTTOMMARGIN, 238
END
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index 501cd16..913495f 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -252,7 +252,7 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
else if (cipher == TWOFISH) {
twofish_encrypt_blocks(ks, data, data, (uint32) blockCount);
}
@@ -369,7 +369,7 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
else if (cipher == TWOFISH) {
twofish_decrypt_blocks(ks, data, data, (uint32) blockCount);
}
@@ -464,7 +464,7 @@ BOOL CipherSupportsIntraDataUnitParallelization (int cipher)
|| (cipher == SERPENT && HasSSE2())
|| (cipher == KUZNYECHIK && HasSSE2())
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
|| (cipher == TWOFISH)
|| (cipher == CAMELLIA)
#endif
@@ -1217,7 +1217,7 @@ BOOL IsHwEncryptionEnabled ()
#endif // !TC_WINDOWS_BOOT
-#ifndef TC_WINDOWS_BOOT
+#if !defined (TC_WINDOWS_BOOT) && !defined (_UEFI)
static BOOL CpuRngDisabled = TRUE;
static BOOL RamEncryptionEnabled = FALSE;
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index 600fee9..a31152f 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -208,10 +208,12 @@ typedef struct
# include "GostCipher.h"
# include "kuznyechik.h"
# include "Camellia.h"
+#if !defined (_UEFI)
# include "chachaRng.h"
# ifdef _WIN64
# include "t1ha.h"
# endif
+#endif
#else
# include "CamelliaSmall.h"
#endif
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 64c1147..5e2dc39 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -188,6 +188,9 @@ BOOL MountVolumesAsSystemFavorite = FALSE;
BOOL FavoriteMountOnArrivalInProgress = FALSE;
BOOL MultipleMountOperationInProgress = FALSE;
+volatile BOOL NeedPeriodicDeviceListUpdate = FALSE;
+BOOL DisablePeriodicDeviceListUpdate = FALSE;
+
BOOL WaitDialogDisplaying = FALSE;
/* Handle to the device driver */
@@ -221,6 +224,9 @@ static std::vector<HostDevice> rawHostDeviceList;
/* Critical section used to ensure that only one thread at a time can create a secure desktop */
CRITICAL_SECTION csSecureDesktop;
+/* Boolean that indicates if our Secure Desktop is active and being used or not */
+BOOL bSecureDesktopOngoing = FALSE;
+
HINSTANCE hInst = NULL;
HCURSOR hCursor = NULL;
@@ -294,6 +300,7 @@ HMODULE hntmartadll = NULL;
HMODULE hwinscarddll = NULL;
HMODULE hmsvcrtdll = NULL;
HMODULE hWinTrustLib = NULL;
+HMODULE hAdvapi32Dll = NULL;
#define FREE_DLL(h) if (h) { FreeLibrary (h); h = NULL;}
@@ -330,6 +337,18 @@ typedef HRESULT (STDAPICALLTYPE *SHStrDupWPtr)(LPCWSTR psz, LPWSTR *ppwsz);
// ChangeWindowMessageFilter
typedef BOOL (WINAPI *ChangeWindowMessageFilterPtr) (UINT, DWORD);
+typedef BOOL (WINAPI *CreateProcessWithTokenWFn)(
+ __in HANDLE hToken,
+ __in DWORD dwLogonFlags,
+ __in_opt LPCWSTR lpApplicationName,
+ __inout_opt LPWSTR lpCommandLine,
+ __in DWORD dwCreationFlags,
+ __in_opt LPVOID lpEnvironment,
+ __in_opt LPCWSTR lpCurrentDirectory,
+ __in LPSTARTUPINFOW lpStartupInfo,
+ __out LPPROCESS_INFORMATION lpProcessInformation
+ );
+
SetDllDirectoryPtr SetDllDirectoryFn = NULL;
SetSearchPathModePtr SetSearchPathModeFn = NULL;
SetDefaultDllDirectoriesPtr SetDefaultDllDirectoriesFn = NULL;
@@ -344,6 +363,7 @@ SetupOpenInfFileWPtr SetupOpenInfFileWFn = NULL;
SHDeleteKeyWPtr SHDeleteKeyWFn = NULL;
SHStrDupWPtr SHStrDupWFn = NULL;
ChangeWindowMessageFilterPtr ChangeWindowMessageFilterFn = NULL;
+CreateProcessWithTokenWFn CreateProcessWithTokenWPtr = NULL;
typedef LONG (WINAPI *WINVERIFYTRUST)(HWND hwnd, GUID *pgActionID, LPVOID pWVTData);
typedef CRYPT_PROVIDER_DATA* (WINAPI *WTHELPERPROVDATAFROMSTATEDATA)(HANDLE hStateData);
@@ -360,12 +380,12 @@ static WTHELPERGETPROVSIGNERFROMCHAIN WTHelperGetProvSignerFromChainFn = NULL;
static WTHELPERGETPROVCERTFROMCHAIN WTHelperGetProvCertFromChainFn = NULL;
static unsigned char gpbSha1CodeSignCertFingerprint[64] = {
- 0xCD, 0xF3, 0x05, 0xAD, 0xAE, 0xD3, 0x91, 0xF2, 0x0D, 0x95, 0x95, 0xAC,
- 0x76, 0x09, 0x35, 0x53, 0x11, 0x00, 0x4D, 0xDD, 0x56, 0x02, 0xBD, 0x09,
- 0x76, 0x57, 0xE1, 0xFA, 0xFA, 0xF4, 0x86, 0x09, 0x28, 0xA4, 0x0D, 0x1C,
- 0x68, 0xE7, 0x68, 0x31, 0xD3, 0xB6, 0x62, 0x9C, 0x75, 0x91, 0xAB, 0xB5,
- 0x6F, 0x1A, 0x75, 0xE7, 0x13, 0x2F, 0xF1, 0xB1, 0x14, 0xBF, 0x5F, 0x00,
- 0x40, 0xCE, 0x17, 0x6C
+ 0x64, 0x4C, 0x59, 0x15, 0xC5, 0xD4, 0x31, 0x2A, 0x73, 0x12, 0xC4, 0xA6,
+ 0xF2, 0x2C, 0xE8, 0x7E, 0xA8, 0x05, 0x53, 0xB5, 0x99, 0x9A, 0xF5, 0xD1,
+ 0xBE, 0x57, 0x56, 0x3D, 0x2F, 0xCA, 0x0B, 0x2F, 0xEF, 0x57, 0xFB, 0xA0,
+ 0x03, 0xEF, 0x66, 0x4D, 0xBF, 0xEE, 0x25, 0xBC, 0x22, 0xDD, 0x5C, 0x15,
+ 0x47, 0xD6, 0x6F, 0x57, 0x94, 0xBB, 0x65, 0xBC, 0x5C, 0xAA, 0xE8, 0x80,
+ 0xFB, 0xD0, 0xEF, 0x00
};
typedef HRESULT (WINAPI *SHGETKNOWNFOLDERPATH) (
@@ -752,6 +772,7 @@ void AbortProcessDirect (wchar_t *abortMsg)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
exit (1);
}
@@ -802,6 +823,7 @@ void AbortProcessSilent (void)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
// Note that this function also causes localcleanup() to be called (see atexit())
exit (1);
@@ -3008,6 +3030,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
AbortProcess ("INIT_DLL");
LoadSystemDll (L"Riched20.dll", &hRichEditDll, FALSE, SRC_POS);
+ LoadSystemDll (L"Advapi32.dll", &hAdvapi32Dll, FALSE, SRC_POS);
#if !defined(SETUP)
if (!VerifyModuleSignature (modPath))
@@ -3041,6 +3064,9 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
#endif
}
+ // Get CreateProcessWithTokenW function pointer
+ CreateProcessWithTokenWPtr = (CreateProcessWithTokenWFn) GetProcAddress(hAdvapi32Dll, "CreateProcessWithTokenW");
+
/* Save the instance handle for later */
hInst = hInstance;
@@ -3265,6 +3291,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
exit (1);
}
#endif
@@ -3310,6 +3337,7 @@ void FinalizeApp (void)
FREE_DLL (hntmartadll);
FREE_DLL (hwinscarddll);
FREE_DLL (hmsvcrtdll);
+ FREE_DLL (hAdvapi32Dll);
}
void InitHelpFileName (void)
@@ -5095,7 +5123,7 @@ void OpenVolumeExplorerWindow (int driveNo)
// Force explorer to discover the drive
SHGetFileInfo (dosName, 0, &fInfo, sizeof (fInfo), 0);
- ShellExecute (NULL, L"open", dosName, NULL, NULL, SW_SHOWNORMAL);
+ SafeOpenURL (dosName);
}
static BOOL explorerCloseSent;
@@ -10493,25 +10521,37 @@ void ConfigReadCompareString (char *configKey, char *defaultValue, char *str, in
void OpenPageHelp (HWND hwndDlg, int nPage)
{
- int r = (int)ShellExecuteW (NULL, L"open", szHelpFile, NULL, NULL, SW_SHOWNORMAL);
-
- if (r == ERROR_FILE_NOT_FOUND)
+ if (IsAdmin ())
{
- // Try the secondary help file
- r = (int)ShellExecuteW (NULL, L"open", szHelpFile2, NULL, NULL, SW_SHOWNORMAL);
+ if (FileExists (szHelpFile))
+ SafeOpenURL (szHelpFile);
+ else if (FileExists (szHelpFile2))
+ SafeOpenURL (szHelpFile2);
+ else
+ Applink ("help");
+ }
+ else
+ {
+ int r = (int)ShellExecuteW (NULL, L"open", szHelpFile, NULL, NULL, SW_SHOWNORMAL);
if (r == ERROR_FILE_NOT_FOUND)
{
- // Open local HTML help. It will fallback to online help if not found.
- Applink ("help");
- return;
+ // Try the secondary help file
+ r = (int)ShellExecuteW (NULL, L"open", szHelpFile2, NULL, NULL, SW_SHOWNORMAL);
+
+ if (r == ERROR_FILE_NOT_FOUND)
+ {
+ // Open local HTML help. It will fallback to online help if not found.
+ Applink ("help");
+ return;
+ }
}
- }
- if (r == SE_ERR_NOASSOC)
- {
- if (AskYesNo ("HELP_READER_ERROR", MainDlg) == IDYES)
- OpenOnlineHelp ();
+ if (r == SE_ERR_NOASSOC)
+ {
+ if (AskYesNo ("HELP_READER_ERROR", MainDlg) == IDYES)
+ OpenOnlineHelp ();
+ }
}
}
@@ -11015,14 +11055,30 @@ void Applink (const char *dest)
CorrectURL (url);
}
- r = (int) ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
-
- if (((r == ERROR_FILE_NOT_FOUND) || (r == ERROR_PATH_NOT_FOUND)) && buildUrl)
+ if (IsAdmin ())
{
- // fallbacl to online resources
- StringCbPrintfW (url, sizeof (url), L"https://www.veracrypt.fr/en/%s", page);
- ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
- }
+ if (buildUrl && !FileExists (url))
+ {
+ // fallbacl to online resources
+ StringCbPrintfW (url, sizeof (url), L"https://www.veracrypt.fr/en/%s", page);
+ SafeOpenURL (url);
+ }
+ else
+ {
+ SafeOpenURL (url);
+ }
+ }
+ else
+ {
+ r = (int) ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
+
+ if (((r == ERROR_FILE_NOT_FOUND) || (r == ERROR_PATH_NOT_FOUND)) && buildUrl)
+ {
+ // fallbacl to online resources
+ StringCbPrintfW (url, sizeof (url), L"https://www.veracrypt.fr/en/%s", page);
+ ShellExecuteW (NULL, L"open", url, NULL, NULL, SW_SHOWNORMAL);
+ }
+ }
Sleep (200);
NormalCursor ();
@@ -11136,7 +11192,7 @@ void InconsistencyResolved (char *techInfo)
}
-void ReportUnexpectedState (char *techInfo)
+void ReportUnexpectedState (const char *techInfo)
{
wchar_t finalMsg[8024];
@@ -11182,10 +11238,8 @@ int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password
else
StringCbCopyW (szCFDevice, sizeof(szCFDevice), szDiskFile);
- if (preserveTimestamps)
- write = TRUE;
- context->HostFileHandle = CreateFile (szCFDevice, GENERIC_READ | (write ? GENERIC_WRITE : 0), FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
+ context->HostFileHandle = CreateFile (szCFDevice, GENERIC_READ | (write ? GENERIC_WRITE : (!context->IsDevice && preserveTimestamps? FILE_WRITE_ATTRIBUTES : 0)), FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (context->HostFileHandle == INVALID_HANDLE_VALUE)
{
@@ -11207,6 +11261,13 @@ int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password
// Remember the container modification/creation date and time
if (!context->IsDevice && preserveTimestamps)
{
+ // ensure that Last Access and Last Write timestamps are not modified
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (context->HostFileHandle, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (context->HostFileHandle, &context->CreationTime, &context->LastAccessTime, &context->LastWriteTime) == 0)
context->TimestampsValid = FALSE;
else
@@ -12556,6 +12617,8 @@ wstring FindDeviceByVolumeID (const BYTE volumeID [VOLUME_ID_SIZE], BOOL bFromSe
static std::vector<HostDevice> volumeIdCandidates;
EnterCriticalSection (&csMountableDevices);
+ if (!NeedPeriodicDeviceListUpdate)
+ UpdateMountableHostDeviceList ();
std::vector<HostDevice> newDevices = mountableDevices;
LeaveCriticalSection (&csMountableDevices);
@@ -12677,19 +12740,16 @@ void CheckFilesystem (HWND hwndDlg, int driveNo, BOOL fixErrors)
ShellExecuteW (NULL, (!IsAdmin() && IsUacSupported()) ? L"runas" : L"open", cmdPath, param, NULL, SW_SHOW);
}
-
-BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str)
+BOOL BufferContainsPattern (const byte *buffer, size_t bufferSize, const byte *pattern, size_t patternSize)
{
- size_t strLen = strlen (str);
-
- if (bufferSize < strLen)
+ if (bufferSize < patternSize)
return FALSE;
- bufferSize -= strLen;
+ bufferSize -= patternSize;
for (size_t i = 0; i < bufferSize; ++i)
{
- if (memcmp (buffer + i, str, strLen) == 0)
+ if (memcmp (buffer + i, pattern, patternSize) == 0)
return TRUE;
}
@@ -12697,6 +12757,17 @@ BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *st
}
+BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str)
+{
+ return BufferContainsPattern (buffer, bufferSize, (const byte*) str, strlen (str));
+}
+
+BOOL BufferContainsWideString (const byte *buffer, size_t bufferSize, const wchar_t *str)
+{
+ return BufferContainsPattern (buffer, bufferSize, (const byte*) str, 2 * wcslen (str));
+}
+
+
#ifndef SETUP
int AskNonSysInPlaceEncryptionResume (HWND hwndDlg, BOOL *pbDecrypt)
@@ -13096,7 +13167,7 @@ BOOL GetPassword (HWND hwndDlg, UINT ctrlID, char* passValue, int bufSize, BOOL
{
SetFocus (GetDlgItem(hwndDlg, ctrlID));
if (GetLastError () == ERROR_INSUFFICIENT_BUFFER)
- Error ("PASSWORD_UTF8_TOO_LONG", hwndDlg);
+ Error ((bufSize == (MAX_LEGACY_PASSWORD + 1))? "LEGACY_PASSWORD_UTF8_TOO_LONG": "PASSWORD_UTF8_TOO_LONG", hwndDlg);
else
Error ("PASSWORD_UTF8_INVALID", hwndDlg);
}
@@ -13384,7 +13455,8 @@ BOOL DeleteDirectory (const wchar_t* szDirName)
static BOOL GenerateRandomString (HWND hwndDlg, LPTSTR szName, DWORD maxCharsCount)
{
BOOL bRet = FALSE;
- if (Randinit () != ERR_SUCCESS)
+ int alreadyInitialized = 0;
+ if (RandinitWithCheck (&alreadyInitialized) != ERR_SUCCESS)
{
handleError (hwndDlg, (CryptoAPILastError == ERROR_SUCCESS)? ERR_RAND_INIT_FAILED : ERR_CAPI_INIT_FAILED, SRC_POS);
}
@@ -13408,6 +13480,19 @@ static BOOL GenerateRandomString (HWND hwndDlg, LPTSTR szName, DWORD maxCharsCou
}
burn (indexes, maxCharsCount + 1);
free (indexes);
+
+ /* If RNG was not initialized before us, then stop it in order to
+ * stop the fast poll thread which consumes CPU. Next time a critical operation
+ * that requires RNG is performed, it will be initialized again.
+ *
+ * We do this because since the addition of secure desktop support, every time
+ * secure desktop is displayed, the RNG fast poll thread was started even if the
+ * user will never perform any critical operation that requires random bytes.
+ */
+ if (!alreadyInitialized)
+ {
+ RandStop (FALSE);
+ }
}
return bRet;
@@ -13575,75 +13660,79 @@ INT_PTR SecureDesktopDialogBoxParam(
INT_PTR retValue = 0;
BOOL bEffectiveUseSecureDesktop = bCmdUseSecureDesktopValid? bCmdUseSecureDesktop : bUseSecureDesktop;
- if (bEffectiveUseSecureDesktop && GenerateRandomString (hWndParent, szDesktopName, 64))
+ if (bEffectiveUseSecureDesktop)
{
- map<DWORD, BOOL> ctfmonBeforeList, ctfmonAfterList;
- DWORD desktopAccess = DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS;
- HDESK hSecureDesk;
+ EnterCriticalSection (&csSecureDesktop);
+ bSecureDesktopOngoing = TRUE;
+ finally_do ({ bSecureDesktopOngoing = FALSE; LeaveCriticalSection (&csSecureDesktop); });
- HDESK hInputDesk = NULL;
+ if (GenerateRandomString (hWndParent, szDesktopName, 64))
+ {
+ map<DWORD, BOOL> ctfmonBeforeList, ctfmonAfterList;
+ DWORD desktopAccess = DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS;
+ HDESK hSecureDesk;
- EnterCriticalSection (&csSecureDesktop);
- finally_do ({ LeaveCriticalSection (&csSecureDesktop); });
+ HDESK hInputDesk = NULL;
- // wait for the input desktop to be available before switching to
- // secure desktop. Under Windows 10, the user session can be started
- // in the background even before the user has authenticated and in this
- // case, we wait for the user to be really authenticated before starting
- // secure desktop mechanism
+ // wait for the input desktop to be available before switching to
+ // secure desktop. Under Windows 10, the user session can be started
+ // in the background even before the user has authenticated and in this
+ // case, we wait for the user to be really authenticated before starting
+ // secure desktop mechanism
- while (!(hInputDesk = OpenInputDesktop (0, TRUE, GENERIC_READ)))
- {
- Sleep (SECUREDESKTOP_MONOTIR_PERIOD);
- }
+ while (!(hInputDesk = OpenInputDesktop (0, TRUE, GENERIC_READ)))
+ {
+ Sleep (SECUREDESKTOP_MONOTIR_PERIOD);
+ }
- CloseDesktop (hInputDesk);
+ CloseDesktop (hInputDesk);
- // get the initial list of ctfmon.exe processes before creating new desktop
- GetCtfMonProcessIdList (ctfmonBeforeList);
-
- hSecureDesk = CreateDesktop (szDesktopName, NULL, NULL, 0, desktopAccess, NULL);
- if (hSecureDesk)
- {
- SecureDesktopThreadParam param;
-
- param.hDesk = hSecureDesk;
- param.szDesktopName = szDesktopName;
- param.hInstance = hInstance;
- param.lpTemplateName = lpTemplateName;
- param.lpDialogFunc = lpDialogFunc;
- param.dwInitParam = dwInitParam;
- param.retValue = 0;
+ // get the initial list of ctfmon.exe processes before creating new desktop
+ GetCtfMonProcessIdList (ctfmonBeforeList);
- HANDLE hThread = ::CreateThread (NULL, 0, SecureDesktopThread, (LPVOID) &param, 0, NULL);
- if (hThread)
+ hSecureDesk = CreateDesktop (szDesktopName, NULL, NULL, 0, desktopAccess, NULL);
+ if (hSecureDesk)
{
- WaitForSingleObject (hThread, INFINITE);
- CloseHandle (hThread);
+ SecureDesktopThreadParam param;
+
+ param.hDesk = hSecureDesk;
+ param.szDesktopName = szDesktopName;
+ param.hInstance = hInstance;
+ param.lpTemplateName = lpTemplateName;
+ param.lpDialogFunc = lpDialogFunc;
+ param.dwInitParam = dwInitParam;
+ param.retValue = 0;
+
+ HANDLE hThread = ::CreateThread (NULL, 0, SecureDesktopThread, (LPVOID) &param, 0, NULL);
+ if (hThread)
+ {
+ WaitForSingleObject (hThread, INFINITE);
+ CloseHandle (hThread);
- retValue = param.retValue;
- bSuccess = TRUE;
- }
+ retValue = param.retValue;
+ bSuccess = TRUE;
+ }
- CloseDesktop (hSecureDesk);
+ CloseDesktop (hSecureDesk);
- // get the new list of ctfmon.exe processes in order to find the ID of the
- // ctfmon.exe instance that corresponds to the desktop we create so that
- // we can kill it, otherwise it would remain running
- GetCtfMonProcessIdList (ctfmonAfterList);
+ // get the new list of ctfmon.exe processes in order to find the ID of the
+ // ctfmon.exe instance that corresponds to the desktop we create so that
+ // we can kill it, otherwise it would remain running
+ GetCtfMonProcessIdList (ctfmonAfterList);
- for (map<DWORD, BOOL>::iterator It = ctfmonAfterList.begin();
- It != ctfmonAfterList.end(); It++)
- {
- if (ctfmonBeforeList[It->first] != TRUE)
+ for (map<DWORD, BOOL>::iterator It = ctfmonAfterList.begin();
+ It != ctfmonAfterList.end(); It++)
{
- // Kill process
- KillProcess (It->first);
+ if (ctfmonBeforeList[It->first] != TRUE)
+ {
+ // Kill process
+ KillProcess (It->first);
+ }
}
}
- }
- burn (szDesktopName, sizeof (szDesktopName));
+ burn (szDesktopName, sizeof (szDesktopName));
+ }
}
if (!bSuccess)
@@ -13933,6 +14022,17 @@ BOOL EnableProcessProtection()
PACL pACL = NULL;
DWORD cbACL = 0;
+ // Acces mask
+ DWORD dwAccessMask = SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE; // same as protected process
+
+ if (IsAdmin ())
+ {
+ // if we are running elevated, we allow CreateProcessXXX calls alongside PROCESS_DUP_HANDLE and PROCESS_QUERY_INFORMATION in order to be able
+ // to implement secure way to open URLs (cf RunAsDesktopUser)
+ // we are still protecting against memory access from non-admon processes
+ dwAccessMask |= PROCESS_CREATE_PROCESS | PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION;
+ }
+
// Open the access token associated with the calling process
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) {
goto Cleanup;
@@ -13971,7 +14071,7 @@ BOOL EnableProcessProtection()
if (!AddAccessAllowedAce(
pACL,
ACL_REVISION,
- SYNCHRONIZE | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE, // same as protected process
+ dwAccessMask,
pTokenUser->User.Sid // pointer to the trustee's SID
)) {
goto Cleanup;
@@ -14002,6 +14102,169 @@ Cleanup:
return bSuccess;
}
+// Based on sample code from:
+// https://blogs.msdn.microsoft.com/aaron_margosis/2009/06/06/faq-how-do-i-start-a-program-as-the-desktop-user-from-an-elevated-app/
+// start a program non-elevated as the desktop user from an elevated app
+
+static bool RunAsDesktopUser(
+ __in const wchar_t * szApp,
+ __in wchar_t * szCmdLine)
+{
+ HANDLE hThreadToken = NULL, hShellProcess = NULL, hShellProcessToken = NULL, hPrimaryToken = NULL;
+ HWND hwnd = NULL;
+ DWORD dwPID = 0;
+ BOOL ret;
+ DWORD dwLastErr;
+ STARTUPINFOW si;
+ PROCESS_INFORMATION pi;
+ bool retval = false;
+ SecureZeroMemory(&si, sizeof(si));
+ SecureZeroMemory(&pi, sizeof(pi));
+ si.cb = sizeof(si);
+
+ // locate CreateProcessWithTokenW in Advapi32.dll
+ if (!CreateProcessWithTokenWPtr)
+ {
+ return false;
+ }
+
+ if (!ImpersonateSelf (SecurityImpersonation))
+ {
+ return false;
+ }
+
+ if (!OpenThreadToken (GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES, TRUE, &hThreadToken))
+ {
+ return false;
+ }
+ else
+ {
+ TOKEN_PRIVILEGES tkp;
+ tkp.PrivilegeCount = 1;
+ LookupPrivilegeValueW(NULL, SE_INCREASE_QUOTA_NAME, &tkp.Privileges[0].Luid);
+ tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+
+ SetThreadToken (NULL, NULL);
+
+ AdjustTokenPrivileges(hThreadToken, FALSE, &tkp, 0, NULL, NULL);
+ dwLastErr = GetLastError();
+ if (ERROR_SUCCESS != dwLastErr)
+ {
+ goto cleanup;
+ }
+ }
+
+ // From this point down, we have handles to close, so make sure to clean up.
+
+ // Get an HWND representing the desktop shell.
+ // CAVEATS: This will fail if the shell is not running (crashed or terminated), or the default shell has been
+ // replaced with a custom shell. This also won't return what you probably want if Explorer has been terminated and
+ // restarted elevated.
+ hwnd = GetShellWindow();
+ if (NULL == hwnd)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Get the PID of the desktop shell process.
+ GetWindowThreadProcessId(hwnd, &dwPID);
+ if (0 == dwPID)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Open the desktop shell process in order to query it (get the token)
+ hShellProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwPID);
+ if (!hShellProcess)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Get the process token of the desktop shell.
+ ret = OpenProcessToken(hShellProcess, TOKEN_DUPLICATE, &hShellProcessToken);
+ if (!ret)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Duplicate the shell's process token to get a primary token.
+ // Based on experimentation, this is the minimal set of rights required for CreateProcessWithTokenW (contrary to current documentation).
+ const DWORD dwTokenRights = TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID;
+ ret = DuplicateTokenEx(hShellProcessToken, dwTokenRights, NULL, SecurityImpersonation, TokenPrimary, &hPrimaryToken);
+ if (!ret)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Start the target process with the new token.
+ ret = CreateProcessWithTokenWPtr(
+ hPrimaryToken,
+ 0,
+ szApp,
+ szCmdLine,
+ 0,
+ NULL,
+ NULL,
+ &si,
+ &pi);
+ if (!ret)
+ {
+ dwLastErr = GetLastError();
+ goto cleanup;
+ }
+
+ // Make sure to close HANDLEs return in the PROCESS_INFORMATION.
+ CloseHandle(pi.hProcess);
+ CloseHandle(pi.hThread);
+
+ retval = true;
+
+cleanup:
+ // Clean up resources
+ if (hShellProcessToken) CloseHandle(hShellProcessToken);
+ if (hPrimaryToken) CloseHandle(hPrimaryToken);
+ if (hShellProcess) CloseHandle(hShellProcess);
+ if (hThreadToken) CloseHandle(hThreadToken);
+ RevertToSelf ();
+ if (!retval)
+ SetLastError (dwLastErr);
+ return retval;
+}
+
+// This function always loads a URL in a non-privileged mode
+// If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated
+// Use this security mechanism only starting from Windows Vista
+void SafeOpenURL (LPCWSTR szUrl)
+{
+ if (IsAdmin () && IsOSAtLeast (WIN_VISTA))
+ {
+ WCHAR szRunDllPath[TC_MAX_PATH];
+ WCHAR szUrlDllPath[TC_MAX_PATH];
+ WCHAR szSystemPath[TC_MAX_PATH];
+ LPWSTR szCommandLine = new WCHAR[1024];
+
+ if (!GetSystemDirectory(szSystemPath, MAX_PATH))
+ StringCbCopyW(szSystemPath, sizeof(szSystemPath), L"C:\\Windows\\System32");
+
+ StringCbPrintfW(szRunDllPath, sizeof(szRunDllPath), L"%s\\%s", szSystemPath, L"rundll32.exe");
+ StringCbPrintfW(szUrlDllPath, sizeof(szUrlDllPath), L"%s\\%s", szSystemPath, L"url.dll");
+ StringCchPrintfW(szCommandLine, 1024, L"%s %s,FileProtocolHandler %s", szRunDllPath, szUrlDllPath, szUrl);
+
+ RunAsDesktopUser (NULL, szCommandLine);
+
+ delete [] szCommandLine;
+ }
+ else
+ {
+ ShellExecuteW (NULL, L"open", szUrl, NULL, NULL, SW_SHOWNORMAL);
+ }
+}
+
#if !defined(SETUP) && defined(_WIN64)
#define RtlGenRandom SystemFunction036
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 54475cb..5da717f 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -124,6 +124,7 @@ extern BOOL bHideWaitingDialog;
extern BOOL bCmdHideWaitingDialog;
extern BOOL bCmdHideWaitingDialogValid;
extern BOOL bUseSecureDesktop;
+extern BOOL bSecureDesktopOngoing;
extern BOOL bUseLegacyMaxPasswordLength;
extern BOOL bCmdUseSecureDesktop;
extern BOOL bCmdUseSecureDesktopValid;
@@ -164,6 +165,9 @@ extern BOOL MountVolumesAsSystemFavorite;
extern BOOL FavoriteMountOnArrivalInProgress;
extern BOOL MultipleMountOperationInProgress;
+extern volatile BOOL NeedPeriodicDeviceListUpdate;
+extern BOOL DisablePeriodicDeviceListUpdate;
+
#ifndef SETUP
extern BOOL bLanguageSetInSetup;
#endif
@@ -469,7 +473,7 @@ BOOL CALLBACK CloseTCWindowsEnum( HWND hwnd, LPARAM lParam);
BOOL CALLBACK FindTCWindowEnum (HWND hwnd, LPARAM lParam);
BYTE *MapResource (wchar_t *resourceType, int resourceId, PDWORD size);
void InconsistencyResolved (char *msg);
-void ReportUnexpectedState (char *techInfo);
+void ReportUnexpectedState (const char *techInfo);
BOOL SelectMultipleFiles (HWND hwndDlg, const char *stringId, wchar_t *lpszFileName, size_t cbFileName, BOOL keepHistory);
BOOL SelectMultipleFilesNext (wchar_t *lpszFileName, size_t cbFileName);
void OpenOnlineHelp ();
@@ -505,7 +509,9 @@ BOOL InitSecurityTokenLibrary (HWND hwndDlg);
BOOL FileHasReadOnlyAttribute (const wchar_t *path);
BOOL IsFileOnReadOnlyFilesystem (const wchar_t *path);
void CheckFilesystem (HWND hwndDlg, int driveNo, BOOL fixErrors);
+BOOL BufferContainsPattern (const byte *buffer, size_t bufferSize, const byte *pattern, size_t patternSize);
BOOL BufferContainsString (const byte *buffer, size_t bufferSize, const char *str);
+BOOL BufferContainsWideString (const byte *buffer, size_t bufferSize, const wchar_t *str);
int AskNonSysInPlaceEncryptionResume (HWND hwndDlg, BOOL* pbDecrypt);
BOOL RemoveDeviceWriteProtection (HWND hwndDlg, wchar_t *devicePath);
void EnableElevatedCursorChange (HWND parent);
@@ -539,6 +545,7 @@ void GetInstallationPath (HWND hwndDlg, wchar_t* szInstallPath, DWORD cchSize, B
BOOL GetSetupconfigLocation (wchar_t* path, DWORD cchSize);
BOOL BufferHasPattern (const unsigned char* buffer, size_t bufferLen, const void* pattern, size_t patternLen);
BOOL EnableProcessProtection();
+void SafeOpenURL (LPCWSTR szUrl);
#ifdef _WIN64
void GetAppRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed);
#endif
diff --git a/src/Common/Format.c b/src/Common/Format.c
index bd33f75..4aaf8b3 100644
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -350,14 +350,32 @@ begin_format:
nStatus = ERR_OS_ERROR;
goto error;
}
+ else if (volParams->hiddenVol && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Write timestamps are not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
DisableFileCompression (dev);
if (!volParams->hiddenVol && !bInstantRetryOtherFilesys)
{
LARGE_INTEGER volumeSize;
+ BOOL speedupFileCreation = FALSE;
volumeSize.QuadPart = dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE;
+ // speedup for file creation only makes sens when using quick format
+ if (volParams->quickFormat && volParams->fastCreateFile)
+ speedupFileCreation = TRUE;
+
if (volParams->sparseFileSwitch && volParams->quickFormat)
{
// Create as sparse file container
@@ -371,21 +389,29 @@ begin_format:
// Preallocate the file
if (!SetFilePointerEx (dev, volumeSize, NULL, FILE_BEGIN)
- || !SetEndOfFile (dev)
- || SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ || !SetEndOfFile (dev))
{
nStatus = ERR_OS_ERROR;
goto error;
}
- }
- }
- if (volParams->hiddenVol && !volParams->bDevice && bPreserveTimestamp)
- {
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
+ if (speedupFileCreation)
+ {
+ // accelerate file creation by telling Windows not to fill all file content with zeros
+ // this has security issues since it will put existing disk content into file container
+ // We use this mechanism only when switch /fastCreateFile specific and when quick format
+ // also specified and which is documented to have security issues.
+ // we don't check returned status because failure is not issue for us
+ SetFileValidData (dev, volumeSize.QuadPart);
+ }
+
+ if (SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
+
+ }
}
if (volParams->hwndDlg && volParams->bGuiMode) KillTimer (volParams->hwndDlg, TIMER_ID_RANDVIEW);
diff --git a/src/Common/Format.h b/src/Common/Format.h
index 961ece7..4ce1b8c 100644
--- a/src/Common/Format.h
+++ b/src/Common/Format.h
@@ -38,6 +38,7 @@ typedef struct
unsigned int clusterSize;
BOOL sparseFileSwitch;
BOOL quickFormat;
+ BOOL fastCreateFile;
DWORD sectorSize;
int *realClusterSize;
Password *password;
diff --git a/src/Common/Keyfiles.c b/src/Common/Keyfiles.c
index 686f3ca..174aed9 100644
--- a/src/Common/Keyfiles.c
+++ b/src/Common/Keyfiles.c
@@ -149,50 +149,41 @@ void KeyFileCloneAll (KeyFile *firstKeyFile, KeyFile **outputKeyFile)
static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSize, KeyFile *keyFile)
{
- FILE *f;
unsigned __int8 buffer[64 * 1024];
unsigned __int32 crc = 0xffffffff;
unsigned __int32 writePos = 0;
- size_t bytesRead, totalRead = 0;
+ DWORD bytesRead, totalRead = 0;
int status = TRUE;
-
HANDLE src;
- FILETIME ftCreationTime;
- FILETIME ftLastWriteTime;
- FILETIME ftLastAccessTime;
-
- BOOL bTimeStampValid = FALSE;
+ BOOL bReadStatus = FALSE;
- /* Remember the last access time of the keyfile. It will be preserved in order to prevent
- an adversary from determining which file may have been used as keyfile. */
src = CreateFile (keyFile->FileName,
- GENERIC_READ | GENERIC_WRITE,
+ GENERIC_READ | FILE_WRITE_ATTRIBUTES,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (src != INVALID_HANDLE_VALUE)
{
- if (GetFileTime ((HANDLE) src, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime))
- bTimeStampValid = TRUE;
- }
+ /* We tell Windows not to update the Last Access timestamp in order to prevent
+ an adversary from determining which file may have been used as keyfile. */
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
- finally_do_arg (HANDLE, src,
+ SetFileTime (src, NULL, &ftLastAccessTime, NULL);
+ }
+ else
{
- if (finally_arg != INVALID_HANDLE_VALUE)
- CloseHandle (finally_arg);
- });
-
- f = _wfopen (keyFile->FileName, L"rb");
- if (f == NULL) return FALSE;
+ /* try to open without FILE_WRITE_ATTRIBUTES in case we are in a ReadOnly filesystem (e.g. CD) */
+ src = CreateFile (keyFile->FileName,
+ GENERIC_READ,
+ FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
+ if (src == INVALID_HANDLE_VALUE)
+ return FALSE;
+ }
- while ((bytesRead = fread (buffer, 1, sizeof (buffer), f)) > 0)
+ while ((bReadStatus = ReadFile (src, buffer, sizeof (buffer), &bytesRead, NULL)) && (bytesRead > 0))
{
- size_t i;
-
- if (ferror (f))
- {
- status = FALSE;
- goto close;
- }
+ DWORD i;
for (i = 0; i < bytesRead; i++)
{
@@ -211,7 +202,7 @@ static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSi
}
}
- if (ferror (f))
+ if (!bReadStatus)
{
status = FALSE;
}
@@ -223,13 +214,9 @@ static BOOL KeyFileProcess (unsigned __int8 *keyPool, unsigned __int32 keyPoolSi
close:
DWORD err = GetLastError();
- fclose (f);
- if (bTimeStampValid && !IsFileOnReadOnlyFilesystem (keyFile->FileName))
- {
- // Restore the keyfile timestamp
- SetFileTime (src, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime);
- }
+ CloseHandle (src);
+ burn (buffer, sizeof (buffer));
SetLastError (err);
return status;
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index fd5ee63..18dbaf1 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -33,14 +33,14 @@
<entry lang="en" key="IDC_DISPLAY_POOL_CONTENTS">Display pool content</entry>
<entry lang="en" key="IDC_DOWNLOAD_CD_BURN_SOFTWARE">Download CD/DVD recording software</entry>
<entry lang="en" key="IDC_FILE_CONTAINER">Create an encrypted file container</entry>
- <entry lang="en" key="IDC_GB">&amp;GB</entry>
- <entry lang="en" key="IDC_TB">&amp;TB</entry>
+ <entry lang="en" key="IDC_GB">&amp;GiB</entry>
+ <entry lang="en" key="IDC_TB">&amp;TiB</entry>
<entry lang="en" key="IDC_HIDDEN_SYSENC_INFO_LINK">More information</entry>
<entry lang="en" key="IDC_HIDDEN_VOL">Hi&amp;dden VeraCrypt volume </entry>
<entry lang="en" key="IDC_HIDDEN_VOL_HELP">More information about hidden volumes</entry>
<entry lang="en" key="IDC_HIDVOL_WIZ_MODE_DIRECT">Direct mode</entry>
<entry lang="en" key="IDC_HIDVOL_WIZ_MODE_FULL">Normal mode</entry>
- <entry lang="en" key="IDC_KB">&amp;KB</entry>
+ <entry lang="en" key="IDC_KB">&amp;KiB</entry>
<entry lang="en" key="IDC_KEYFILES_ENABLE">U&amp;se keyfiles</entry>
<entry lang="en" key="IDC_KEYFILES_TRY_EMPTY_PASSWORD">Try first to mount with an empty password</entry>
<entry lang="en" key="IDC_KEYFILES_RANDOM_SIZE">Random size ( 64 &lt;-&gt; 1048576 )</entry>
@@ -48,7 +48,7 @@
<entry lang="en" key="IDC_LINK_HASH_INFO">Information on hash algorithms</entry>
<entry lang="en" key="IDC_LINK_MORE_INFO_ABOUT_CIPHER">More information</entry>
<entry lang="en" key="IDC_LINK_PIM_INFO">Information on PIM</entry>
- <entry lang="en" key="IDC_MB">&amp;MB</entry>
+ <entry lang="en" key="IDC_MB">&amp;MiB</entry>
<entry lang="en" key="IDC_MORE_INFO_ON_CONTAINERS">More information</entry>
<entry lang="en" key="IDC_MORE_INFO_ON_SYS_ENCRYPTION">More information about system encryption</entry>
<entry lang="en" key="IDC_MORE_INFO_SYS_ENCRYPTION">More information</entry>
@@ -414,11 +414,11 @@
<entry lang="en" key="COMPRESSION_NOT_SUPPORTED">Error: The container has been compressed at the filesystem level. VeraCrypt does not support compressed containers (note that compression of encrypted data is ineffective and redundant).\n\nPlease disable compression for the container by following these steps:\n1) Right-click the container in Windows Explorer (not in VeraCrypt).\n2) Select 'Properties'.\n3) In the 'Properties' dialog box, click 'Advanced'.\n4) In the 'Advanced Attributes' dialog box, disable the option 'Compress contents to save disk space' and click 'OK'.\n5) In the 'Properties' dialog box, click 'OK'.</entry>
<entry lang="en" key="CREATE_FAILED">Failed to create volume %s</entry>
<entry lang="en" key="DEVICE_FREE_BYTES">Size of %s is %.2f bytes</entry>
- <entry lang="en" key="DEVICE_FREE_KB">Size of %s is %.2f KB</entry>
- <entry lang="en" key="DEVICE_FREE_MB">Size of %s is %.2f MB</entry>
- <entry lang="en" key="DEVICE_FREE_GB">Size of %s is %.2f GB</entry>
- <entry lang="en" key="DEVICE_FREE_TB">Size of %s is %.2f TB</entry>
- <entry lang="en" key="DEVICE_FREE_PB">Size of %s is %.2f PB</entry>
+ <entry lang="en" key="DEVICE_FREE_KB">Size of %s is %.2f KiB</entry>
+ <entry lang="en" key="DEVICE_FREE_MB">Size of %s is %.2f MiB</entry>
+ <entry lang="en" key="DEVICE_FREE_GB">Size of %s is %.2f GiB</entry>
+ <entry lang="en" key="DEVICE_FREE_TB">Size of %s is %.2f TiB</entry>
+ <entry lang="en" key="DEVICE_FREE_PB">Size of %s is %.2f PiB</entry>
<entry lang="en" key="DEVICE_IN_USE_FORMAT">WARNING: The device/partition is in use by the operating system or applications. Formatting the device/partition might cause data corruption and system instability.\n\nContinue?</entry>
<entry lang="en" key="DEVICE_IN_USE_INPLACE_ENC">Warning: The partition is in use by the operating system or applications. You should close any applications that might be using the partition (including antivirus software).\n\nContinue?</entry>
<entry lang="en" key="FORMAT_CANT_DISMOUNT_FILESYS">Error: The device/partition contains a file system that could not be dismounted. The file system may be in use by the operating system. Formatting the device/partition would very likely cause data corruption and system instability.\n\nTo solve this issue, we recommend that you first delete the partition and then recreate it without formatting. To do so, follow these steps:\n1) Right-click the 'Computer' (or 'My Computer') icon in the 'Start Menu' and select 'Manage'. The 'Computer Management' window should appear.\n2) In the 'Computer Management' window, select 'Storage' > 'Disk Management'.\n3) Right-click the partition you want to encrypt and select either 'Delete Partition', or 'Delete Volume', or 'Delete Logical Drive'.\n4) Click 'Yes'. If Windows asks you to restart the computer, do so. Then repeat the steps 1 and 2 and continue from the step 5.\n5) Right-click the unallocated/free space area and select either 'New Partition', or 'New Simple Volume', or 'New Logical Drive'.\n6) The 'New Partition Wizard' or 'New Simple Volume Wizard' window should appear now; follow its instructions. On the wizard page entitled 'Format Partition', select either 'Do not format this partition' or 'Do not format this volume'. In the same wizard, click 'Next' and then 'Finish'.\n7) Note that the device path you have selected in VeraCrypt may be wrong now. Therefore, exit the VeraCrypt Volume Creation Wizard (if it is still running) and then start it again.\n8) Try encrypting the device/partition again.\n\nIf VeraCrypt repeatedly fails to encrypt the device/partition, you may want to consider creating a file container instead.</entry>
@@ -436,13 +436,13 @@
<entry lang="en" key="RAW_DEV_NOT_SUPPORTED_FOR_INPLACE_ENC">VeraCrypt can in-place encrypt only a partition, a dynamic volume, or an entire system drive.\n\nIf you want to create an encrypted VeraCrypt volume within the selected non-system device, choose the option "Create encrypted volume and format it" (instead of the option "Encrypt partition in place").</entry>
<entry lang="en" key="INPLACE_ENC_INVALID_PATH">Error: VeraCrypt can in-place encrypt only a partition, a dynamic volume, or an entire system drive. Please make sure the specified path is valid.</entry>
<entry lang="en" key="CANNOT_RESIZE_FILESYS">Error: Cannot shrink the filesystem (the filesystem needs to be shrunk to make space for the volume header and backup header).\n\nPossible causes and solutions:\n\n- Not enough free space on the volume. Please make sure no other application is writing to the filesystem.\n\n- Corrupted file system. Try to check it and fix any errors (right-click the corresponding drive letter in the 'Computer' list, then select Properties > Tools > 'Check Now', make sure the option 'Automatically fix file system errors' is enabled and click Start).\n\nIf the above steps do not help, please follow the below steps.</entry>
- <entry lang="en" key="NOT_ENOUGH_FREE_FILESYS_SPACE_FOR_SHRINK">Error: There is not enough free space on the volume and so the filesystem cannot be shrunk (the filesystem needs to be shrunk to make space for the volume header and backup header).\n\nPlease delete any redundant files and empty the Recycle Bin so as to free at least 256 KB of space and then try again. Note that due to a Windows issue, the amount of free space reported by the Windows Explorer may be incorrect until the operating system is restarted. If restarting the system does not help, the file system may be corrupted. Try to check it and fix any errors (right-click the corresponding drive letter in the 'Computer' list, then select Properties > Tools > 'Check Now', make sure the option 'Automatically fix file system errors' is enabled and click Start).\n\nIf the above steps do not help, please follow the below steps.</entry>
+ <entry lang="en" key="NOT_ENOUGH_FREE_FILESYS_SPACE_FOR_SHRINK">Error: There is not enough free space on the volume and so the filesystem cannot be shrunk (the filesystem needs to be shrunk to make space for the volume header and backup header).\n\nPlease delete any redundant files and empty the Recycle Bin so as to free at least 256 KiB of space and then try again. Note that due to a Windows issue, the amount of free space reported by the Windows Explorer may be incorrect until the operating system is restarted. If restarting the system does not help, the file system may be corrupted. Try to check it and fix any errors (right-click the corresponding drive letter in the 'Computer' list, then select Properties > Tools > 'Check Now', make sure the option 'Automatically fix file system errors' is enabled and click Start).\n\nIf the above steps do not help, please follow the below steps.</entry>
<entry lang="en" key="DISK_FREE_BYTES">Free space on drive %s is %.2f bytes.</entry>
- <entry lang="en" key="DISK_FREE_KB">Free space on drive %s is %.2f KB</entry>
- <entry lang="en" key="DISK_FREE_MB">Free space on drive %s is %.2f MB</entry>
- <entry lang="en" key="DISK_FREE_GB">Free space on drive %s is %.2f GB</entry>
- <entry lang="en" key="DISK_FREE_TB">Free space on drive %s is %.2f TB</entry>
- <entry lang="en" key="DISK_FREE_PB">Free space on drive %s is %.2f PB</entry>
+ <entry lang="en" key="DISK_FREE_KB">Free space on drive %s is %.2f KiB</entry>
+ <entry lang="en" key="DISK_FREE_MB">Free space on drive %s is %.2f MiB</entry>
+ <entry lang="en" key="DISK_FREE_GB">Free space on drive %s is %.2f GiB</entry>
+ <entry lang="en" key="DISK_FREE_TB">Free space on drive %s is %.2f TiB</entry>
+ <entry lang="en" key="DISK_FREE_PB">Free space on drive %s is %.2f PiB</entry>
<entry lang="en" key="DRIVELETTERS">Could not get available drive letters.</entry>
<entry lang="en" key="DRIVER_NOT_FOUND">Error: VeraCrypt driver not found.\n\nPlease copy the files 'veracrypt.sys' and 'veracrypt-x64.sys' to the directory where the main VeraCrypt application (VeraCrypt.exe) is located.</entry>
<entry lang="en" key="DRIVER_VERSION">Error: An incompatible version of the VeraCrypt driver is currently running.\n\nIf you are trying to run VeraCrypt in portable mode (i.e. without installing it) and a different version of VeraCrypt is already installed, you must uninstall it first (or upgrade it using the VeraCrypt installer). To uninstall it, follow these steps: On Windows Vista or later, select 'Start Menu' > Computer > 'Uninstall or change a program' > VeraCrypt > Uninstall; on Windows XP, select 'Start Menu' > Settings > 'Control Panel' > 'Add Or Remove Programs' > VeraCrypt > Remove.\n\nSimilarly, if you are trying to run VeraCrypt in portable mode (i.e. without installing it) and a different version of VeraCrypt is already running in portable mode, you must restart the system first and then run only this new version.</entry>
@@ -456,7 +456,7 @@
<entry lang="en" key="ASK_KEEP_DETECTING_SYSTEM_CRASH">Do you want VeraCrypt to continue detecting system crashes?</entry>
<entry lang="en" key="NO_MINIDUMP_FOUND">VeraCrypt found no system crash minidump file.</entry>
<entry lang="en" key="ASK_DELETE_KERNEL_CRASH_DUMP">Do you want to delete the Windows crash dump file to free up disk space?</entry>
- <entry lang="en" key="ASK_DEBUGGER_INSTALL">In order to analyze the system crash, VeraCrypt needs to install Microsoft Debugging Tools for Windows first.\n\nAfter you click OK, the Windows installer will download the Microsoft Debugging Tools installation package (16 MB) from a Microsoft server and install it (the Windows installer will be forwarded to the Microsoft server URL from the veracrypt.org server, which ensures that this feature works even if Microsoft changes the location of the installation package).</entry>
+ <entry lang="en" key="ASK_DEBUGGER_INSTALL">In order to analyze the system crash, VeraCrypt needs to install Microsoft Debugging Tools for Windows first.\n\nAfter you click OK, the Windows installer will download the Microsoft Debugging Tools installation package (16 MiB) from a Microsoft server and install it (the Windows installer will be forwarded to the Microsoft server URL from the veracrypt.org server, which ensures that this feature works even if Microsoft changes the location of the installation package).</entry>
<entry lang="en" key="SYSTEM_CRASH_ANALYSIS_INFO">After you click OK, VeraCrypt will analyze the system crash. This may take up to several minutes.</entry>
<entry lang="en" key="DEBUGGER_NOT_FOUND">Please make sure the environment variable 'PATH' includes the path to 'kd.exe' (Kernel Debugger).</entry>
<entry lang="en" key="SYSTEM_CRASH_NO_VERACRYPT">It appears that VeraCrypt most likely did not cause the system crash. There are many potential reasons why the system could have crashed (for example, a failing hardware component, a bug in a device driver, etc.)</entry>
@@ -479,9 +479,9 @@
<entry lang="en" key="FILE_OPEN_FAILED">The file could not be opened.</entry>
<entry lang="en" key="FILE_TITLE">Volume Location</entry>
<entry lang="en" key="FILESYS_PAGE_TITLE">Large Files</entry>
- <entry lang="en" key="FILESYS_PAGE_HELP_QUESTION">Do you intend to store files larger than 4 GB in this VeraCrypt volume?</entry>
+ <entry lang="en" key="FILESYS_PAGE_HELP_QUESTION">Do you intend to store files larger than 4 GiB in this VeraCrypt volume?</entry>
<entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION">Depending on your choice above, VeraCrypt will choose a suitable default file system for the VeraCrypt volume (you will be able to select a file system in the next step).</entry>
- <entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION_HIDVOL">As you are creating an outer volume, you should consider choosing 'No'. If you choose 'Yes', the default filesystem will be NTFS, which is not as suitable for outer volumes as FAT/exFAT (for example, the maximum possible size of the hidden volume will be significantly greater if the outer volume is formatted as FAT/exFAT). Normally, FAT is the default for both hidden and normal volumes (so FAT volumes are not suspicious). However, if the user indicates intent to store files larger than 4 GB (which the FAT file system does not allow), then FAT is not the default.</entry>
+ <entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION_HIDVOL">As you are creating an outer volume, you should consider choosing 'No'. If you choose 'Yes', the default filesystem will be NTFS, which is not as suitable for outer volumes as FAT/exFAT (for example, the maximum possible size of the hidden volume will be significantly greater if the outer volume is formatted as FAT/exFAT). Normally, FAT is the default for both hidden and normal volumes (so FAT volumes are not suspicious). However, if the user indicates intent to store files larger than 4 GiB (which the FAT file system does not allow), then FAT is not the default.</entry>
<entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION_HIDVOL_CONFIRM">Are you sure you want to choose 'Yes'?</entry>
<entry lang="en" key="DEVICE_TRANSFORM_MODE_PAGE_TITLE">Volume Creation Mode</entry>
<entry lang="en" key="DEVICE_TRANSFORM_MODE_PAGE_FORMAT_HELP">This is the fastest way to create a partition-hosted or device-hosted VeraCrypt volume (in-place encryption, which is the other option, is slower because content of each sector has to be first read, encrypted, and then written). Any data currently stored on the selected partition/device will be lost (the data will NOT be encrypted; it will be overwritten with random data). If you want to encrypt existing data on a partition, choose the other option.</entry>
@@ -536,7 +536,7 @@
<entry lang="en" key="HIDVOL_PROT_WARN_AFTER_MOUNT">The hidden volume is now protected against damage until the outer volume is dismounted.\n\nWARNING: If any data is attempted to be saved to the hidden volume area, VeraCrypt will start write-protecting the entire volume (both the outer and the hidden part) until it is dismounted. This may cause filesystem corruption on the outer volume, which (if repeated) might adversely affect plausible deniability of the hidden volume. Therefore, you should make every effort to avoid writing to the hidden volume area. Any data being saved to the hidden volume area will not be saved and will be lost. Windows may report this as a write error ("Delayed Write Failed" or "The parameter is incorrect").</entry>
<entry lang="en" key="HIDVOL_PROT_WARN_AFTER_MOUNT_PLURAL">Each of the hidden volumes within the newly mounted volumes is now protected against damage until dismounted.\n\nWARNING: If any data is attempted to be saved to protected hidden volume area of any of these volumes, VeraCrypt will start write-protecting the entire volume (both the outer and the hidden part) until it is dismounted. This may cause filesystem corruption on the outer volume, which (if repeated) might adversely affect plausible deniability of the hidden volume. Therefore, you should make every effort to avoid writing to the hidden volume area. Any data being saved to protected hidden volume areas will not be saved and will be lost. Windows may report this as a write error ("Delayed Write Failed" or "The parameter is incorrect").</entry>
<entry lang="en" key="DAMAGE_TO_HIDDEN_VOLUME_PREVENTED">WARNING: Data were attempted to be saved to the hidden volume area of the volume mounted as %c:! VeraCrypt prevented these data from being saved in order to protect the hidden volume. This may have caused filesystem corruption on the outer volume and Windows may have reported a write error ("Delayed Write Failed" or "The parameter is incorrect"). The entire volume (both the outer and the hidden part) will be write-protected until it is dismounted. If this is not the first time VeraCrypt has prevented data from being saved to the hidden volume area of this volume, plausible deniability of this hidden volume might be adversely affected (due to possible unusual correlated inconsistencies within the outer volume file system). Therefore, you should consider creating a new VeraCrypt volume (with Quick Format disabled) and moving files from this volume to the new volume; this volume should be securely erased (both the outer and the hidden part). We strongly recommend that you restart the operating system now.</entry>
- <entry lang="en" key="CANNOT_SATISFY_OVER_4G_FILE_SIZE_REQ">You have indicated intent to store files larger than 4 GB on the volume. This requires the volume to be formatted as NTFS/exFAT/ReFS, which, however, will not be possible.</entry>
+ <entry lang="en" key="CANNOT_SATISFY_OVER_4G_FILE_SIZE_REQ">You have indicated intent to store files larger than 4 GiB on the volume. This requires the volume to be formatted as NTFS/exFAT/ReFS, which, however, will not be possible.</entry>
<entry lang="en" key="CANNOT_CREATE_NON_HIDDEN_NTFS_VOLUMES_UNDER_HIDDEN_OS">Please note that when a hidden operating system is running, non-hidden VeraCrypt volumes cannot be formatted as NTFS/exFAT/ReFS. The reason is that the volume would need to be temporarily mounted without write protection in order to allow the operating system to format it as NTFS (whereas formatting as FAT is performed by VeraCrypt, not by the operating system, and without mounting the volume). For further technical details, see below. You can create a non-hidden NTFS/exFAT/ReFS volume from within the decoy operating system.</entry>
<entry lang="en" key="HIDDEN_VOL_CREATION_UNDER_HIDDEN_OS_HOWTO">For security reasons, when a hidden operating system is running, hidden volumes can be created only in the 'direct' mode (because outer volumes must always be mounted as read-only). To create a hidden volume securely, follow these steps:\n\n1) Boot the decoy system.\n\n2) Create a normal VeraCrypt volume and, to this volume, copy some sensitive-looking files that you actually do NOT want to hide (the volume will become the outer volume).\n\n3) Boot the hidden system and start the VeraCrypt Volume Creation Wizard. If the volume is file-hosted, move it to the system partition or to another hidden volume (otherwise, the newly created hidden volume would be mounted as read-only and could not be formatted). Follow the instructions in the wizard so as to select the 'direct' hidden volume creation mode.\n\n4) In the wizard, select the volume you created in step 2 and then follow the instructions to create a hidden volume within it.</entry>
<entry lang="en" key="HIDDEN_OS_WRITE_PROTECTION_BRIEF_INFO">For security reasons, when a hidden operating system is running, local unencrypted filesystems and non-hidden VeraCrypt volumes are mounted as read-only (no data can be written to such filesystems or VeraCrypt volumes).\n\nData is allowed to be written to any filesystem that resides within a hidden VeraCrypt volume (provided that the hidden volume is not located in a container stored on an unencrypted filesystem or on any other read-only filesystem).</entry>
@@ -560,10 +560,10 @@
<entry lang="en" key="INIT_RICHEDIT">Error: Failed to load the Rich Edit system library.</entry>
<entry lang="en" key="INTRO_TITLE">VeraCrypt Volume Creation Wizard</entry>
<entry lang="en" key="MAX_HIDVOL_SIZE_BYTES">Maximum possible hidden volume size for this volume is %.2f bytes.</entry>
- <entry lang="en" key="MAX_HIDVOL_SIZE_KB">Maximum possible hidden volume size for this volume is %.2f KB.</entry>
- <entry lang="en" key="MAX_HIDVOL_SIZE_MB">Maximum possible hidden volume size for this volume is %.2f MB.</entry>
- <entry lang="en" key="MAX_HIDVOL_SIZE_GB">Maximum possible hidden volume size for this volume is %.2f GB.</entry>
- <entry lang="en" key="MAX_HIDVOL_SIZE_TB">Maximum possible hidden volume size for this volume is %.2f TB.</entry>
+ <entry lang="en" key="MAX_HIDVOL_SIZE_KB">Maximum possible hidden volume size for this volume is %.2f KiB.</entry>
+ <entry lang="en" key="MAX_HIDVOL_SIZE_MB">Maximum possible hidden volume size for this volume is %.2f MiB.</entry>
+ <entry lang="en" key="MAX_HIDVOL_SIZE_GB">Maximum possible hidden volume size for this volume is %.2f GiB.</entry>
+ <entry lang="en" key="MAX_HIDVOL_SIZE_TB">Maximum possible hidden volume size for this volume is %.2f TiB.</entry>
<entry lang="en" key="MOUNTED_NOPWCHANGE">Volume password/keyfiles cannot be changed while the volume is mounted. Please dismount the volume first.</entry>
<entry lang="en" key="MOUNTED_NO_PKCS5_PRF_CHANGE">The header key derivation algorithm cannot be changed while the volume is mounted. Please dismount the volume first.</entry>
<entry lang="en" key="MOUNT_BUTTON">&amp;Mount</entry>
@@ -666,14 +666,14 @@
<entry lang="en" key="SELECT_KEYFILE_GENERATION_DIRECTORY">Select a directory where to store the keyfiles.</entry>
<entry lang="en" key="SELECTED_KEYFILE_IS_CONTAINER_FILE">The current container file was selected as a keyfile. It will be skipped.</entry>
<entry lang="en" key="SERPENT_HELP">Designed by Ross Anderson, Eli Biham, and Lars Knudsen. Published in 1998. 256-bit key, 128-bit block. Mode of operation is XTS. Serpent was one of the AES finalists.</entry>
- <entry lang="en" key="SIZE_HELP">Please specify the size of the container you want to create.\n\nIf you create a dynamic (sparse-file) container, this parameter will specify its maximum possible size.\n\nNote that the minimum possible size of a FAT volume is 292 KB. The minimum possible size of an exFAT volume is 424 KB. The minimum possible size of an NTFS volume is 3792 KB. The minimum possible size of an ReFS volume is 642 MB.</entry>
- <entry lang="en" key="SIZE_HELP_HIDDEN_HOST_VOL">Please specify the size of the outer volume to be created (you will first create the outer volume and then a hidden volume within it). The minimum possible size of a volume within which a hidden volume is intended to be created is 340 KB.</entry>
- <entry lang="en" key="SIZE_HELP_HIDDEN_VOL">Please specify the size of the hidden volume to create. The minimum possible size of a hidden volume is 40 KB (or 3664 KB if it is formatted as NTFS). The maximum possible size you can specify for the hidden volume is displayed above.</entry>
+ <entry lang="en" key="SIZE_HELP">Please specify the size of the container you want to create.\n\nIf you create a dynamic (sparse-file) container, this parameter will specify its maximum possible size.\n\nNote that the minimum possible size of a FAT volume is 292 KiB. The minimum possible size of an exFAT volume is 424 KiB. The minimum possible size of an NTFS volume is 3792 KiB. The minimum possible size of an ReFS volume is 642 MiB.</entry>
+ <entry lang="en" key="SIZE_HELP_HIDDEN_HOST_VOL">Please specify the size of the outer volume to be created (you will first create the outer volume and then a hidden volume within it). The minimum possible size of a volume within which a hidden volume is intended to be created is 340 KiB.</entry>
+ <entry lang="en" key="SIZE_HELP_HIDDEN_VOL">Please specify the size of the hidden volume to create. The minimum possible size of a hidden volume is 40 KiB (or 3664 KiB if it is formatted as NTFS). The maximum possible size you can specify for the hidden volume is displayed above.</entry>
<entry lang="en" key="SIZE_HIDVOL_HOST_TITLE">Outer Volume Size</entry>
<entry lang="en" key="SIZE_HIDVOL_TITLE">Hidden Volume Size</entry>
<entry lang="en" key="SIZE_PARTITION_HELP">Please verify that the size of the selected device/partition shown above is correct and click Next.</entry>
<entry lang="en" key="SIZE_PARTITION_HIDDEN_SYSENC_HELP">The outer volume and the hidden volume (containing the hidden operating system) will reside within the above partition. It should be the first partition behind the system partition.\n\nPlease verify that the size of the partition and its number shown above are correct, and if they are, click Next.</entry>
- <entry lang="en" key="SIZE_PARTITION_HIDDEN_VOL_HELP">\n\nNote that the minimum possible size of a volume within which a hidden volume is intended to be created is 340 KB.</entry>
+ <entry lang="en" key="SIZE_PARTITION_HIDDEN_VOL_HELP">\n\nNote that the minimum possible size of a volume within which a hidden volume is intended to be created is 340 KiB.</entry>
<entry lang="en" key="SIZE_TITLE">Volume Size</entry>
<entry lang="en" key="SPARSE_FILE">Dynamic</entry>
<entry lang="en" key="TESTS_FAILED">CAUTION: SELF-TEST FAILED!</entry>
@@ -748,7 +748,7 @@
<entry lang="en" key="HIDDEN_VOL_HOST_NTFS">Note: The FAT/exFAT file system is more suitable for outer volumes than the NTFS file system (for example, the maximum possible size of the hidden volume would very likely have been significantly greater if the outer volume had been formatted as FAT/exFAT).</entry>
<entry lang="en" key="HIDDEN_VOL_HOST_NTFS_ASK">Note that the FAT/exFAT file system is more suitable for outer volumes than the NTFS file system. For example, the maximum possible size of the hidden volume will very likely be significantly greater if the outer volume is formatted as FAT/exFAT (the reason is that the NTFS file system always stores internal data exactly in the middle of the volume and, therefore, the hidden volume can reside only in the second half of the outer volume).\n\nAre you sure you want to format the outer volume as NTFS?</entry>
<entry lang="en" key="OFFER_FAT_FORMAT_ALTERNATIVE">Do you want to format the volume as FAT instead?</entry>
- <entry lang="en" key="FAT_NOT_AVAILABLE_FOR_SO_LARGE_VOLUME">Note: This volume cannot be formatted as FAT, because it exceeds the maximum volume size supported by the FAT32 filesystem for the applicable sector size (2 TB for 512-byte sectors and 16 TB for 4096-byte sectors).</entry>
+ <entry lang="en" key="FAT_NOT_AVAILABLE_FOR_SO_LARGE_VOLUME">Note: This volume cannot be formatted as FAT, because it exceeds the maximum volume size supported by the FAT32 filesystem for the applicable sector size (2 TiB for 512-byte sectors and 16 TiB for 4096-byte sectors).</entry>
<entry lang="en" key="PARTITION_TOO_SMALL_FOR_HIDDEN_OS">Error: The partition for the hidden operating system (i.e. the first partition behind the system partition) must be at least 5% larger than the system partition (the system partition is the one where the currently running operating system is installed).</entry>
<entry lang="en" key="PARTITION_TOO_SMALL_FOR_HIDDEN_OS_NTFS">Error: The partition for the hidden operating system (i.e. the first partition behind the system partition) must be at least 110% (2.1 times) larger than the system partition (the system partition is the one where the currently running operating system is installed). The reason is that the NTFS file system always stores internal data exactly in the middle of the volume and, therefore, the hidden volume (which is to contain a clone of the system partition) can reside only in the second half of the partition.</entry>
<entry lang="en" key="OUTER_VOLUME_TOO_SMALL_FOR_HIDDEN_OS_NTFS">Error: If the outer volume is formatted as NTFS, it must be at least 110% (2.1 times) larger than the system partition. The reason is that the NTFS file system always stores internal data exactly in the middle of the volume and, therefore, the hidden volume (which is to contain a clone of the system partition) can reside only in the second half of the outer volume.\n\nNote: The outer volume needs to reside within the same partition as the hidden operating system (i.e. within the first partition behind the system partition).</entry>
@@ -756,7 +756,7 @@
<entry lang="en" key="TWO_SYSTEMS_IN_ONE_PARTITION_REMARK">Remark: It is not practical (and therefore is not supported) to install operating systems in two VeraCrypt volumes that are embedded within a single partition, because using the outer operating system would often require data to be written to the area of the hidden operating system (and if such write operations were prevented using the hidden volume protection feature, it would inherently cause system crashes, i.e. 'Blue Screen' errors).</entry>
<entry lang="en" key="FOR_MORE_INFO_ON_PARTITIONS">For information on how to create and manage partitions, please refer to the documentation supplied with your operating system or contact your computer vendor's technical support team for assistance.</entry>
<entry lang="en" key="SYSTEM_PARTITION_NOT_ACTIVE">Error: The currently running operating system is not installed on the boot partition (first Active partition). This is not supported.</entry>
- <entry lang="en" key="CONFIRM_FAT_FOR_FILES_OVER_4GB">You indicated that you intend to store files larger than 4 GB in this VeraCrypt volume. However, you chose the FAT file system, on which files larger than 4 GB cannot be stored.\n\nAre you sure you want to format the volume as FAT?</entry>
+ <entry lang="en" key="CONFIRM_FAT_FOR_FILES_OVER_4GB">You indicated that you intend to store files larger than 4 GiB in this VeraCrypt volume. However, you chose the FAT file system, on which files larger than 4 GiB cannot be stored.\n\nAre you sure you want to format the volume as FAT?</entry>
<entry lang="en" key="NONSYS_INPLACE_DECRYPTION_BAD_VOL_FORMAT">Error: VeraCrypt does not support in-place decryption of legacy non-system volumes created by VeraCrypt 1.0b or earlier.\n\nNote: You can still decrypt files stored on the volume by copying/moving them to any unencrypted volume.</entry>
<entry lang="en" key="NONSYS_INPLACE_DECRYPTION_CANT_DECRYPT_HID_VOL">Error: VeraCrypt cannot in-place decrypt a hidden VeraCrypt volume.\n\nNote: You can still decrypt files stored on the volume by copying/moving them to any unencrypted volume.</entry>
<entry lang="en" key="CONFIRM_VOL_CONTAINS_NO_HIDDEN_VOL">Warning: Note that VeraCrypt cannot in-place decrypt a volume that contains a hidden VeraCrypt volume (the hidden volume would be overwritten with pseudorandom data).\n\nPlease confirm that the volume you are about to decrypt contains no hidden volume.\n\nNote: If the volume contains a hidden volume but you do not mind losing the hidden volume, you can select Proceed (the outer volume will be safely decrypted).</entry>
@@ -997,11 +997,11 @@
<entry lang="en" key="EXE_FILE_EXTENSION_CONFIRM">WARNING: We strongly recommend that you avoid file extensions that are used for executable files (such as .exe, .sys, or .dll) and other similarly problematic file extensions. Using such file extensions causes Windows and antivirus software to interfere with the container, which adversely affects the performance of the volume and may also cause other serious problems.\n\nWe strongly recommend that you remove the file extension or change it (e.g., to '.hc').\n\nAre you sure you want to use the problematic file extension?</entry>
<entry lang="en" key="EXE_FILE_EXTENSION_MOUNT_WARNING">WARNING: This container has a file extension that is used for executable files (such as .exe, .sys, or .dll) or some other file extension that is similarly problematic. It will very likely cause Windows and antivirus software to interfere with the container, which will adversely affect the performance of the volume and may also cause other serious problems.\n\nWe strongly recommend that you remove the file extension of the container or change it (e.g., to '.hc') after you dismount the volume.</entry>
<entry lang="en" key="HOMEPAGE">Homepage</entry>
- <entry lang="en" key="LARGE_IDE_WARNING_XP">WARNING: It appears that you have not applied any Service Pack to your Windows installation. You should not write to IDE disks larger than 128 GB under Windows XP to which you did not apply Service Pack 1 or later! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a bug in VeraCrypt.</entry>
- <entry lang="en" key="LARGE_IDE_WARNING_2K">WARNING: It appears that you have not applied Service Pack 3 or later to your Windows installation. You should not write to IDE disks larger than 128 GB under Windows 2000 to which you did not apply Service Pack 3 or later! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a bug in VeraCrypt.\n\nNote: You may also need to enable the 48-bit LBA support in the registry; for more information, see http://support.microsoft.com/kb/305098/EN-US</entry>
- <entry lang="en" key="LARGE_IDE_WARNING_2K_REGISTRY">WARNING: 48-bit LBA ATAPI support is disabled on your system. Therefore, you should not write to IDE disks larger than 128 GB! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a limitation of VeraCrypt.\n\nTo enable the 48-bit LBA support, add the 'EnableBigLba' registry value in the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\atapi\\Parameters and set it to 1.\n\nFor more information, see http://support.microsoft.com/kb/305098</entry>
- <entry lang="en" key="VOLUME_TOO_LARGE_FOR_FAT32">Error: Files larger than 4 GB cannot be stored on a FAT32 file system. Therefore, file-hosted VeraCrypt volumes (containers) stored on a FAT32 file system cannot be larger than 4 GB.\n\nIf you need a larger volume, create it on an NTFS file system (or, if you use Windows Vista SP1 or later, on an exFAT file system) or, instead of creating a file-hosted volume, encrypt an entire partition or device.</entry>
- <entry lang="en" key="VOLUME_TOO_LARGE_FOR_WINXP">Warning: Windows XP does not support files larger than 2048 GB (it will report that "Not enough storage is available"). Therefore, you cannot create a file-hosted VeraCrypt volume (container) larger than 2048 GB under Windows XP.\n\nNote that it is still possible to encrypt the entire drive or create a partition-hosted VeraCrypt volume larger than 2048 GB under Windows XP.</entry>
+ <entry lang="en" key="LARGE_IDE_WARNING_XP">WARNING: It appears that you have not applied any Service Pack to your Windows installation. You should not write to IDE disks larger than 128 GiB under Windows XP to which you did not apply Service Pack 1 or later! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a bug in VeraCrypt.</entry>
+ <entry lang="en" key="LARGE_IDE_WARNING_2K">WARNING: It appears that you have not applied Service Pack 3 or later to your Windows installation. You should not write to IDE disks larger than 128 GiB under Windows 2000 to which you did not apply Service Pack 3 or later! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a bug in VeraCrypt.\n\nNote: You may also need to enable the 48-bit LBA support in the registry; for more information, see http://support.microsoft.com/kb/305098/EN-US</entry>
+ <entry lang="en" key="LARGE_IDE_WARNING_2K_REGISTRY">WARNING: 48-bit LBA ATAPI support is disabled on your system. Therefore, you should not write to IDE disks larger than 128 GiB! If you do, data on the disk (no matter if it is a VeraCrypt volume or not) may get corrupted. Note that this is a limitation of Windows, not a limitation of VeraCrypt.\n\nTo enable the 48-bit LBA support, add the 'EnableBigLba' registry value in the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\atapi\\Parameters and set it to 1.\n\nFor more information, see http://support.microsoft.com/kb/305098</entry>
+ <entry lang="en" key="VOLUME_TOO_LARGE_FOR_FAT32">Error: Files larger than 4 GiB cannot be stored on a FAT32 file system. Therefore, file-hosted VeraCrypt volumes (containers) stored on a FAT32 file system cannot be larger than 4 GiB.\n\nIf you need a larger volume, create it on an NTFS file system (or, if you use Windows Vista SP1 or later, on an exFAT file system) or, instead of creating a file-hosted volume, encrypt an entire partition or device.</entry>
+ <entry lang="en" key="VOLUME_TOO_LARGE_FOR_WINXP">Warning: Windows XP does not support files larger than 2048 GiB (it will report that "Not enough storage is available"). Therefore, you cannot create a file-hosted VeraCrypt volume (container) larger than 2048 GiB under Windows XP.\n\nNote that it is still possible to encrypt the entire drive or create a partition-hosted VeraCrypt volume larger than 2048 GiB under Windows XP.</entry>
<entry lang="en" key="FREE_SPACE_FOR_WRITING_TO_OUTER_VOLUME">WARNING: If you want to be able to add more data/files to the outer volume in future, you should consider choosing a smaller size for the hidden volume.\n\nAre you sure you want to continue with the size you specified?</entry>
<entry lang="en" key="NO_VOLUME_SELECTED">No volume selected.\n\nClick 'Select Device' or 'Select File' to select a VeraCrypt volume.</entry>
<entry lang="en" key="NO_SYSENC_PARTITION_SELECTED">No partition selected.\n\nClick 'Select Device' to select a dismounted partition that normally requires pre-boot authentication (for example, a partition located on the encrypted system drive of another operating system, which is not running, or the encrypted system partition of another operating system).\n\nNote: The selected partition will be mounted as a regular VeraCrypt volume without pre-boot authentication. This is useful e.g. for backup or repair operations.</entry>
@@ -1066,7 +1066,7 @@
<entry lang="en" key="ERR_ACCESS_DENIED">Access was denied by the operating system.\n\nPossible cause: The operating system requires that you have read/write permission (or administrator privileges) for certain folders, files, and devices, in order for you to be allowed to read and write data to/from them. Normally, a user without administrator privileges is allowed to create, read and modify files in his or her Documents folder.</entry>
<entry lang="en" key="SECTOR_SIZE_UNSUPPORTED">Error: The drive uses an unsupported sector size.\n\nIt is currently not possible to create partition/device-hosted volumes on drives that use sectors larger than 4096 bytes. However, note that you can create file-hosted volumes (containers) on such drives.</entry>
<entry lang="en" key="SYSENC_UNSUPPORTED_SECTOR_SIZE_BIOS">It is currently not possible to encrypt a system installed on a disk that uses a sector size other than 512 bytes.</entry>
- <entry lang="en" key="NO_SPACE_FOR_BOOT_LOADER">The VeraCrypt Boot Loader requires at least 32 KBytes of free space at the beginning of the system drive (the VeraCrypt Boot Loader needs to be stored in that area). Unfortunately, your drive does not meet this condition.\n\nPlease do NOT report this as a bug/problem in VeraCrypt. To solve this problem, you will need to repartition your disk and leave the first 32 KBytes of the disk free (in most cases, you will need to delete and recreate the first partition). We recommend that you use the Microsoft partition manager that is available e.g. when you are installing Windows.</entry>
+ <entry lang="en" key="NO_SPACE_FOR_BOOT_LOADER">The VeraCrypt Boot Loader requires at least 32 KibiBytes of free space at the beginning of the system drive (the VeraCrypt Boot Loader needs to be stored in that area). Unfortunately, your drive does not meet this condition.\n\nPlease do NOT report this as a bug/problem in VeraCrypt. To solve this problem, you will need to repartition your disk and leave the first 32 KibiBytes of the disk free (in most cases, you will need to delete and recreate the first partition). We recommend that you use the Microsoft partition manager that is available e.g. when you are installing Windows.</entry>
<entry lang="en" key="FEATURE_UNSUPPORTED_ON_CURRENT_OS">The feature is not supported on the version of the operating system you are currently using.</entry>
<entry lang="en" key="SYS_ENCRYPTION_UNSUPPORTED_ON_CURRENT_OS">VeraCrypt does not support encryption of a system partition/drive on the version of the operating system you are currently using.</entry>
<entry lang="en" key="SYS_ENCRYPTION_UNSUPPORTED_ON_VISTA_SP0">Before you can encrypt the system partition/drive on Windows Vista, you need to install Service Pack 1 or higher for Windows Vista (no such Service Pack has been installed on this system yet).\n\nNote: Service Pack 1 for Windows Vista resolved an issue causing a shortage of free base memory during system boot.</entry>
@@ -1363,17 +1363,17 @@
<entry lang="en" key="VK_ALT">Alt</entry>
<entry lang="en" key="VK_WIN">Win</entry>
<entry lang="en" key="BYTE">B</entry>
- <entry lang="en" key="KB">KB</entry>
- <entry lang="en" key="MB">MB</entry>
- <entry lang="en" key="GB">GB</entry>
- <entry lang="en" key="TB">TB</entry>
- <entry lang="en" key="PB">PB</entry>
+ <entry lang="en" key="KB">KiB</entry>
+ <entry lang="en" key="MB">MiB</entry>
+ <entry lang="en" key="GB">GiB</entry>
+ <entry lang="en" key="TB">TiB</entry>
+ <entry lang="en" key="PB">PiB</entry>
<entry lang="en" key="B_PER_SEC">B/s</entry>
- <entry lang="en" key="KB_PER_SEC">KB/s</entry>
- <entry lang="en" key="MB_PER_SEC">MB/s</entry>
- <entry lang="en" key="GB_PER_SEC">GB/s</entry>
- <entry lang="en" key="TB_PER_SEC">TB/s</entry>
- <entry lang="en" key="PB_PER_SEC">PB/s</entry>
+ <entry lang="en" key="KB_PER_SEC">KiB/s</entry>
+ <entry lang="en" key="MB_PER_SEC">MiB/s</entry>
+ <entry lang="en" key="GB_PER_SEC">GiB/s</entry>
+ <entry lang="en" key="TB_PER_SEC">TiB/s</entry>
+ <entry lang="en" key="PB_PER_SEC">PiB/s</entry>
<entry lang="en" key="TRIPLE_DOT_GLYPH_ELLIPSIS">…</entry>
<entry lang="en" key="IDC_BOOT_LOADER_CACHE_PIM">Include &amp;PIM when caching pre-boot authentication password</entry>
<entry lang="en" key="IDC_PREF_CACHE_PIM">Include PIM when caching a password</entry>
@@ -1435,6 +1435,9 @@
<entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
<entry lang="en" key="IDC_USE_LEGACY_MAX_PASSWORD_LENGTH">Use legacy maximum password length (64 characters)</entry>
<entry lang="en" key="IDC_ENABLE_RAM_ENCRYPTION">Activate encryption of keys and passwords stored in RAM</entry>
+ <entry lang="en" key="IDT_BENCHMARK">Benchmark:</entry>
+ <entry lang="en" key="IDC_DISABLE_MOUNT_MANAGER">Only create virtual device without mounting on selected drive letter</entry>
+ <entry lang="en" key="LEGACY_PASSWORD_UTF8_TOO_LONG">The entered password is too long: its UTF-8 representation exceeds 64 bytes.</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/src/Common/Password.c b/src/Common/Password.c
index ca0dd46..f2413b6 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -224,6 +224,19 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
if (dev == INVALID_HANDLE_VALUE)
goto error;
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Write timestamps are not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
if (bDevice)
{
@@ -313,13 +326,6 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
SetRandomPoolEnrichedByUserStatus (FALSE); /* force the display of the random enriching dialog */
- if (!bDevice && bPreserveTimestamp)
- {
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
- }
for (volumeType = TC_VOLUME_TYPE_NORMAL; volumeType < TC_VOLUME_TYPE_COUNT; volumeType++)
{
diff --git a/src/Common/Random.c b/src/Common/Random.c
index 1c6b953..09c55bf 100644
--- a/src/Common/Random.c
+++ b/src/Common/Random.c
@@ -94,14 +94,21 @@ HCRYPTPROV hCryptProv;
/* Init the random number generator, setup the hooks, and start the thread */
-int Randinit ()
+int RandinitWithCheck ( int* pAlreadyInitialized)
{
DWORD dwLastError = ERROR_SUCCESS;
if (GetMaxPkcs5OutSize() > RNG_POOL_SIZE)
TC_THROW_FATAL_EXCEPTION;
if(bRandDidInit)
+ {
+ if (pAlreadyInitialized)
+ *pAlreadyInitialized = 1;
return 0;
+ }
+
+ if (pAlreadyInitialized)
+ *pAlreadyInitialized = 0;
InitializeCriticalSection (&critRandProt);
@@ -153,6 +160,11 @@ error:
return 1;
}
+int Randinit ()
+{
+ return RandinitWithCheck (NULL);
+}
+
/* Close everything down, including the thread which is closed down by
setting a flag which eventually causes the thread function to exit */
void RandStop (BOOL freePool)
@@ -922,19 +934,6 @@ BOOL FastPoll (void)
return FALSE;
}
- /* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */
- if (0 == jent_entropy_init ())
- {
- struct rand_data *ec = jent_entropy_collector_alloc (1, 0);
- if (ec)
- {
- ssize_t rndLen = jent_read_entropy (ec, (char*) buffer, sizeof (buffer));
- if (rndLen > 0)
- RandaddBuf (buffer, (int) rndLen);
- jent_entropy_collector_free (ec);
- }
- }
-
// use RDSEED or RDRAND from CPU as source of entropy if enabled
if ( IsCpuRngEnabled() &&
( (HasRDSEED() && RDSEED_getBytes (buffer, sizeof (buffer)))
diff --git a/src/Common/Random.h b/src/Common/Random.h
index 46fe59a..88dd041 100644
--- a/src/Common/Random.h
+++ b/src/Common/Random.h
@@ -35,6 +35,7 @@ extern "C" {
void RandAddInt ( unsigned __int32 x );
int Randinit ( void );
+int RandinitWithCheck ( int* pAlreadyInitialized);
void RandStop (BOOL freePool);
BOOL IsRandomNumberGeneratorStarted ();
void RandSetHashFunction ( int hash_algo_id );
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index 6ee154e..3a0f522 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -54,22 +54,22 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
#define TC_APP_NAME "VeraCrypt"
+// Version displayed to user
+#define VERSION_STRING "1.24-Update2"
+
#ifdef VC_EFI_CUSTOM_MODE
#define VERSION_STRING_SUFFIX "-CustomEFI"
#else
#define VERSION_STRING_SUFFIX ""
#endif
-// Version displayed to user
-#define VERSION_STRING "1.24-Beta5"
-
// Version number to compare against driver
#define VERSION_NUM 0x0124
// Release date
-#define TC_STR_RELEASE_DATE L"March 8, 2019"
+#define TC_STR_RELEASE_DATE L"December 9, 2019"
#define TC_RELEASE_DATE_YEAR 2019
-#define TC_RELEASE_DATE_MONTH 3
+#define TC_RELEASE_DATE_MONTH 12
#define BYTES_PER_KB 1024LL
#define BYTES_PER_MB 1048576LL
@@ -263,6 +263,10 @@ extern ULONG AllocTag;
typedef int BOOL;
#endif
+#ifndef BOOLEAN
+typedef unsigned char BOOLEAN;
+#endif
+
#ifndef TRUE
#define TRUE 1
#endif
@@ -289,6 +293,8 @@ typedef NTSTATUS (NTAPI *ExGetFirmwareEnvironmentVariableFn) (
PULONG Attributes
);
+typedef BOOLEAN (NTAPI *KeAreAllApcsDisabledFn) ();
+
extern NTSTATUS NTAPI KeSaveExtendedProcessorState (
__in ULONG64 Mask,
PXSTATE_SAVE XStateSave
@@ -299,6 +305,9 @@ extern VOID NTAPI KeRestoreExtendedProcessorState (
PXSTATE_SAVE XStateSave
);
+extern BOOLEAN VC_KeAreAllApcsDisabled (VOID);
+
+
#else /* !TC_WINDOWS_DRIVER */
#if !defined(_UEFI)
#define TCalloc malloc
diff --git a/src/Common/libzip/NEWS.md b/src/Common/libzip/NEWS.md
index ab2be0a..9d8d2a3 100644
--- a/src/Common/libzip/NEWS.md
+++ b/src/Common/libzip/NEWS.md
@@ -1,3 +1,11 @@
+1.5.2 [2019-03-12]
+==================
+* Fix bug in AES encryption affecting certain file sizes
+* Keep file permissions when modifying zip archives
+* Support systems with small stack size.
+* Support mbed TLS as crypto backend.
+* Add nullability annotations.
+
1.5.1 [2018-04-11]
==================
diff --git a/src/Common/libzip/compat.h b/src/Common/libzip/compat.h
index 7604d96..f2e4c6c 100644
--- a/src/Common/libzip/compat.h
+++ b/src/Common/libzip/compat.h
@@ -3,7 +3,7 @@
/*
compat.h -- compatibility defines.
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/config.h b/src/Common/libzip/config.h
index d6134b4..4de10df 100644
--- a/src/Common/libzip/config.h
+++ b/src/Common/libzip/config.h
@@ -76,7 +76,7 @@
#define HAVE_SHARED
/* END DEFINES */
#define PACKAGE "libzip"
-#define VERSION "1.5.0a"
+#define VERSION "1.5.2"
#ifndef HAVE_SSIZE_T_LIBZIP
# if SIZE_T_LIBZIP == INT_LIBZIP
diff --git a/src/Common/libzip/zip.h b/src/Common/libzip/zip.h
index 2d83a99..b7cd60c 100644
--- a/src/Common/libzip/zip.h
+++ b/src/Common/libzip/zip.h
@@ -3,7 +3,7 @@
/*
zip.h -- exported declarations.
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -290,7 +290,7 @@ struct zip_error {
struct zip_stat {
zip_uint64_t valid; /* which fields have valid values */
- const char *name; /* name of the file */
+ const char * name; /* name of the file */
zip_uint64_t index; /* index within archive */
zip_uint64_t size; /* size of file (uncompressed) */
zip_uint64_t comp_size; /* size of file (compressed) */
@@ -302,7 +302,7 @@ struct zip_stat {
};
struct zip_buffer_fragment {
- zip_uint8_t *data;
+ zip_uint8_t * data;
zip_uint64_t length;
};
@@ -328,7 +328,7 @@ ZIP_EXTERN void zip_register_progress_callback(zip_t *, zip_progress_callback_t)
ZIP_EXTERN zip_int64_t zip_add(zip_t *, const char *, zip_source_t *); /* use zip_file_add */
ZIP_EXTERN zip_int64_t zip_add_dir(zip_t *, const char *); /* use zip_dir_add */
-ZIP_EXTERN const char *zip_get_file_comment(zip_t *, zip_uint64_t, int *, int); /* use zip_file_get_comment */
+ZIP_EXTERN const char * zip_get_file_comment(zip_t *, zip_uint64_t, int *, int); /* use zip_file_get_comment */
ZIP_EXTERN int zip_get_num_files(zip_t *); /* use zip_get_num_entries instead */
ZIP_EXTERN int zip_rename(zip_t *, zip_uint64_t, const char *); /* use zip_file_rename */
ZIP_EXTERN int zip_replace(zip_t *, zip_uint64_t, zip_source_t *); /* use zip_file_replace */
@@ -344,7 +344,7 @@ ZIP_EXTERN int zip_delete(zip_t *, zip_uint64_t);
ZIP_EXTERN zip_int64_t zip_dir_add(zip_t *, const char *, zip_flags_t);
ZIP_EXTERN void zip_discard(zip_t *);
-ZIP_EXTERN zip_error_t *zip_get_error(zip_t *);
+ZIP_EXTERN zip_error_t * zip_get_error(zip_t *);
ZIP_EXTERN void zip_error_clear(zip_t *);
ZIP_EXTERN int zip_error_code_zip(const zip_error_t *);
ZIP_EXTERN int zip_error_code_system(const zip_error_t *);
@@ -352,12 +352,12 @@ ZIP_EXTERN void zip_error_fini(zip_error_t *);
ZIP_EXTERN void zip_error_init(zip_error_t *);
ZIP_EXTERN void zip_error_init_with_code(zip_error_t *, int);
ZIP_EXTERN void zip_error_set(zip_error_t *, int, int);
-ZIP_EXTERN const char *zip_error_strerror(zip_error_t *);
+ZIP_EXTERN const char * zip_error_strerror(zip_error_t *);
ZIP_EXTERN int zip_error_system_type(const zip_error_t *);
ZIP_EXTERN zip_int64_t zip_error_to_data(const zip_error_t *, void *, zip_uint64_t);
ZIP_EXTERN int zip_fclose(zip_file_t *);
-ZIP_EXTERN zip_t *zip_fdopen(int, int, int *);
+ZIP_EXTERN zip_t * zip_fdopen(int, int, int *);
ZIP_EXTERN zip_int64_t zip_file_add(zip_t *, const char *, zip_source_t *, zip_flags_t);
ZIP_EXTERN void zip_file_error_clear(zip_file_t *);
ZIP_EXTERN int zip_file_extra_field_delete(zip_t *, zip_uint64_t, zip_uint16_t, zip_flags_t);
@@ -365,10 +365,10 @@ ZIP_EXTERN int zip_file_extra_field_delete_by_id(zip_t *, zip_uint64_t, zip_uint
ZIP_EXTERN int zip_file_extra_field_set(zip_t *, zip_uint64_t, zip_uint16_t, zip_uint16_t, const zip_uint8_t *, zip_uint16_t, zip_flags_t);
ZIP_EXTERN zip_int16_t zip_file_extra_fields_count(zip_t *, zip_uint64_t, zip_flags_t);
ZIP_EXTERN zip_int16_t zip_file_extra_fields_count_by_id(zip_t *, zip_uint64_t, zip_uint16_t, zip_flags_t);
-ZIP_EXTERN const zip_uint8_t *zip_file_extra_field_get(zip_t *, zip_uint64_t, zip_uint16_t, zip_uint16_t *, zip_uint16_t *, zip_flags_t);
-ZIP_EXTERN const zip_uint8_t *zip_file_extra_field_get_by_id(zip_t *, zip_uint64_t, zip_uint16_t, zip_uint16_t, zip_uint16_t *, zip_flags_t);
-ZIP_EXTERN const char *zip_file_get_comment(zip_t *, zip_uint64_t, zip_uint32_t *, zip_flags_t);
-ZIP_EXTERN zip_error_t *zip_file_get_error(zip_file_t *);
+ZIP_EXTERN const zip_uint8_t * zip_file_extra_field_get(zip_t *, zip_uint64_t, zip_uint16_t, zip_uint16_t *, zip_uint16_t *, zip_flags_t);
+ZIP_EXTERN const zip_uint8_t * zip_file_extra_field_get_by_id(zip_t *, zip_uint64_t, zip_uint16_t, zip_uint16_t, zip_uint16_t *, zip_flags_t);
+ZIP_EXTERN const char * zip_file_get_comment(zip_t *, zip_uint64_t, zip_uint32_t *, zip_flags_t);
+ZIP_EXTERN zip_error_t * zip_file_get_error(zip_file_t *);
ZIP_EXTERN int zip_file_get_external_attributes(zip_t *, zip_uint64_t, zip_flags_t, zip_uint8_t *, zip_uint32_t *);
ZIP_EXTERN int zip_file_rename(zip_t *, zip_uint64_t, const char *, zip_flags_t);
ZIP_EXTERN int zip_file_replace(zip_t *, zip_uint64_t, zip_source_t *, zip_flags_t);
@@ -376,22 +376,22 @@ ZIP_EXTERN int zip_file_set_comment(zip_t *, zip_uint64_t, const char *, zip_uin
ZIP_EXTERN int zip_file_set_encryption(zip_t *, zip_uint64_t, zip_uint16_t, const char *);
ZIP_EXTERN int zip_file_set_external_attributes(zip_t *, zip_uint64_t, zip_flags_t, zip_uint8_t, zip_uint32_t);
ZIP_EXTERN int zip_file_set_mtime(zip_t *, zip_uint64_t, time_t, zip_flags_t);
-ZIP_EXTERN const char *zip_file_strerror(zip_file_t *);
-ZIP_EXTERN zip_file_t *zip_fopen(zip_t *, const char *, zip_flags_t);
-ZIP_EXTERN zip_file_t *zip_fopen_encrypted(zip_t *, const char *, zip_flags_t, const char *);
-ZIP_EXTERN zip_file_t *zip_fopen_index(zip_t *, zip_uint64_t, zip_flags_t);
-ZIP_EXTERN zip_file_t *zip_fopen_index_encrypted(zip_t *, zip_uint64_t, zip_flags_t, const char *);
+ZIP_EXTERN const char * zip_file_strerror(zip_file_t *);
+ZIP_EXTERN zip_file_t * zip_fopen(zip_t *, const char *, zip_flags_t);
+ZIP_EXTERN zip_file_t * zip_fopen_encrypted(zip_t *, const char *, zip_flags_t, const char *);
+ZIP_EXTERN zip_file_t * zip_fopen_index(zip_t *, zip_uint64_t, zip_flags_t);
+ZIP_EXTERN zip_file_t * zip_fopen_index_encrypted(zip_t *, zip_uint64_t, zip_flags_t, const char *);
ZIP_EXTERN zip_int64_t zip_fread(zip_file_t *, void *, zip_uint64_t);
ZIP_EXTERN zip_int8_t zip_fseek(zip_file_t *, zip_int64_t, int);
ZIP_EXTERN zip_int64_t zip_ftell(zip_file_t *);
-ZIP_EXTERN const char *zip_get_archive_comment(zip_t *, int *, zip_flags_t);
+ZIP_EXTERN const char * zip_get_archive_comment(zip_t *, int *, zip_flags_t);
ZIP_EXTERN int zip_get_archive_flag(zip_t *, zip_flags_t, zip_flags_t);
-ZIP_EXTERN const char *zip_get_name(zip_t *, zip_uint64_t, zip_flags_t);
+ZIP_EXTERN const char * zip_get_name(zip_t *, zip_uint64_t, zip_flags_t);
ZIP_EXTERN zip_int64_t zip_get_num_entries(zip_t *, zip_flags_t);
-ZIP_EXTERN const char *zip_libzip_version(void);
+ZIP_EXTERN const char * zip_libzip_version(void);
ZIP_EXTERN zip_int64_t zip_name_locate(zip_t *, const char *, zip_flags_t);
-ZIP_EXTERN zip_t *zip_open(const char *, int, int *);
-ZIP_EXTERN zip_t *zip_open_from_source(zip_source_t *, int, zip_error_t *);
+ZIP_EXTERN zip_t * zip_open(const char *, int, int *);
+ZIP_EXTERN zip_t * zip_open_from_source(zip_source_t *, int, zip_error_t *);
ZIP_EXTERN int zip_register_progress_callback_with_state(zip_t *, double, zip_progress_callback, void (*)(void *), void *);
ZIP_EXTERN int zip_set_archive_comment(zip_t *, const char *, zip_uint16_t);
ZIP_EXTERN int zip_set_archive_flag(zip_t *, zip_flags_t, int);
@@ -399,20 +399,20 @@ ZIP_EXTERN int zip_set_default_password(zip_t *, const char *);
ZIP_EXTERN int zip_set_file_compression(zip_t *, zip_uint64_t, zip_int32_t, zip_uint32_t);
ZIP_EXTERN int zip_source_begin_write(zip_source_t *);
ZIP_EXTERN int zip_source_begin_write_cloning(zip_source_t *, zip_uint64_t);
-ZIP_EXTERN zip_source_t *zip_source_buffer(zip_t *, const void *, zip_uint64_t, int);
-ZIP_EXTERN zip_source_t *zip_source_buffer_create(const void *, zip_uint64_t, int, zip_error_t *);
-ZIP_EXTERN zip_source_t *zip_source_buffer_fragment(zip_t *, const zip_buffer_fragment_t *, zip_uint64_t, int);
-ZIP_EXTERN zip_source_t *zip_source_buffer_fragment_create(const zip_buffer_fragment_t *, zip_uint64_t, int, zip_error_t *);
+ZIP_EXTERN zip_source_t * zip_source_buffer(zip_t *, const void *, zip_uint64_t, int);
+ZIP_EXTERN zip_source_t * zip_source_buffer_create(const void *, zip_uint64_t, int, zip_error_t *);
+ZIP_EXTERN zip_source_t * zip_source_buffer_fragment(zip_t *, const zip_buffer_fragment_t *, zip_uint64_t, int);
+ZIP_EXTERN zip_source_t * zip_source_buffer_fragment_create(const zip_buffer_fragment_t *, zip_uint64_t, int, zip_error_t *);
ZIP_EXTERN int zip_source_close(zip_source_t *);
ZIP_EXTERN int zip_source_commit_write(zip_source_t *);
-ZIP_EXTERN zip_error_t *zip_source_error(zip_source_t *);
-ZIP_EXTERN zip_source_t *zip_source_file(zip_t *, const char *, zip_uint64_t, zip_int64_t);
-ZIP_EXTERN zip_source_t *zip_source_file_create(const char *, zip_uint64_t, zip_int64_t, zip_error_t *);
-ZIP_EXTERN zip_source_t *zip_source_filep(zip_t *, FILE *, zip_uint64_t, zip_int64_t);
-ZIP_EXTERN zip_source_t *zip_source_filep_create(FILE *, zip_uint64_t, zip_int64_t, zip_error_t *);
+ZIP_EXTERN zip_error_t * zip_source_error(zip_source_t *);
+ZIP_EXTERN zip_source_t * zip_source_file(zip_t *, const char *, zip_uint64_t, zip_int64_t);
+ZIP_EXTERN zip_source_t * zip_source_file_create(const char *, zip_uint64_t, zip_int64_t, zip_error_t *);
+ZIP_EXTERN zip_source_t * zip_source_filep(zip_t *, FILE *, zip_uint64_t, zip_int64_t);
+ZIP_EXTERN zip_source_t * zip_source_filep_create(FILE *, zip_uint64_t, zip_int64_t, zip_error_t *);
ZIP_EXTERN void zip_source_free(zip_source_t *);
-ZIP_EXTERN zip_source_t *zip_source_function(zip_t *, zip_source_callback, void *);
-ZIP_EXTERN zip_source_t *zip_source_function_create(zip_source_callback, void *, zip_error_t *);
+ZIP_EXTERN zip_source_t * zip_source_function(zip_t *, zip_source_callback , void *);
+ZIP_EXTERN zip_source_t * zip_source_function_create(zip_source_callback , void *, zip_error_t *);
ZIP_EXTERN int zip_source_is_deleted(zip_source_t *);
ZIP_EXTERN void zip_source_keep(zip_source_t *);
ZIP_EXTERN zip_int64_t zip_source_make_command_bitmap(zip_source_cmd_t, ...);
@@ -434,11 +434,11 @@ ZIP_EXTERN zip_source_t *zip_source_win32w(zip_t *, const wchar_t *, zip_uint64_
ZIP_EXTERN zip_source_t *zip_source_win32w_create(const wchar_t *, zip_uint64_t, zip_int64_t, zip_error_t *);
#endif
ZIP_EXTERN zip_int64_t zip_source_write(zip_source_t *, const void *, zip_uint64_t);
-ZIP_EXTERN zip_source_t *zip_source_zip(zip_t *, zip_t *, zip_uint64_t, zip_flags_t, zip_uint64_t, zip_int64_t);
+ZIP_EXTERN zip_source_t * zip_source_zip(zip_t *, zip_t *, zip_uint64_t, zip_flags_t, zip_uint64_t, zip_int64_t);
ZIP_EXTERN int zip_stat(zip_t *, const char *, zip_flags_t, zip_stat_t *);
ZIP_EXTERN int zip_stat_index(zip_t *, zip_uint64_t, zip_flags_t, zip_stat_t *);
-ZIP_EXTERN void zip_stat_init(zip_stat_t *);
-ZIP_EXTERN const char *zip_strerror(zip_t *);
+ZIP_EXTERN void zip_stat_init( zip_stat_t *);
+ZIP_EXTERN const char * zip_strerror(zip_t *);
ZIP_EXTERN int zip_unchange(zip_t *, zip_uint64_t);
ZIP_EXTERN int zip_unchange_all(zip_t *);
ZIP_EXTERN int zip_unchange_archive(zip_t *);
diff --git a/src/Common/libzip/zip_add.c b/src/Common/libzip/zip_add.c
index 69966d3..f09c9ff 100644
--- a/src/Common/libzip/zip_add.c
+++ b/src/Common/libzip/zip_add.c
@@ -1,6 +1,6 @@
/*
zip_add.c -- add file via callback function
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_add_dir.c b/src/Common/libzip/zip_add_dir.c
index a0026a7..6beb929 100644
--- a/src/Common/libzip/zip_add_dir.c
+++ b/src/Common/libzip/zip_add_dir.c
@@ -1,6 +1,6 @@
/*
zip_add_dir.c -- add directory
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_add_entry.c b/src/Common/libzip/zip_add_entry.c
index f1de445..45def7a 100644
--- a/src/Common/libzip/zip_add_entry.c
+++ b/src/Common/libzip/zip_add_entry.c
@@ -1,6 +1,6 @@
/*
zip_add_entry.c -- create and init struct zip_entry
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_algorithm_deflate.c b/src/Common/libzip/zip_algorithm_deflate.c
index 2a1c904..ba5ad43 100644
--- a/src/Common/libzip/zip_algorithm_deflate.c
+++ b/src/Common/libzip/zip_algorithm_deflate.c
@@ -1,6 +1,6 @@
/*
zip_algorithm_deflate.c -- deflate (de)compression routines
- Copyright (C) 2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2017-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_buffer.c b/src/Common/libzip/zip_buffer.c
index 96010b2..37977f0 100644
--- a/src/Common/libzip/zip_buffer.c
+++ b/src/Common/libzip/zip_buffer.c
@@ -1,6 +1,6 @@
/*
zip_buffer.c -- bounds checked access to memory buffer
- Copyright (C) 2014-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_close.c b/src/Common/libzip/zip_close.c
index c46e1b3..2657226 100644
--- a/src/Common/libzip/zip_close.c
+++ b/src/Common/libzip/zip_close.c
@@ -1,6 +1,6 @@
/*
zip_close.c -- close zip archive and update changes
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -520,17 +520,24 @@ add_data(zip_t *za, zip_source_t *src, zip_dirent_t *de) {
static int
copy_data(zip_t *za, zip_uint64_t len) {
- zip_uint8_t buf[BUFSIZE];
+ DEFINE_BYTE_ARRAY(buf, BUFSIZE);
size_t n;
double total = (double)len;
+ if (!byte_array_init(buf, BUFSIZE)) {
+ zip_error_set(&za->error, ZIP_ER_MEMORY, 0);
+ return -1;
+ }
+
while (len > 0) {
- n = len > sizeof(buf) ? sizeof(buf) : len;
+ n = len > BUFSIZE ? BUFSIZE : len;
if (_zip_read(za->src, buf, n, &za->error) < 0) {
+ byte_array_fini(buf);
return -1;
}
if (_zip_write(za, buf, n) < 0) {
+ byte_array_fini(buf);
return -1;
}
@@ -539,13 +546,14 @@ copy_data(zip_t *za, zip_uint64_t len) {
_zip_progress_update(za->progress, (total - (double)len) / total);
}
+ byte_array_fini(buf);
return 0;
}
static int
copy_source(zip_t *za, zip_source_t *src, zip_int64_t data_length) {
- zip_uint8_t buf[BUFSIZE];
+ DEFINE_BYTE_ARRAY(buf, BUFSIZE);
zip_int64_t n, current;
int ret;
@@ -554,14 +562,19 @@ copy_source(zip_t *za, zip_source_t *src, zip_int64_t data_length) {
return -1;
}
+ if (!byte_array_init(buf, BUFSIZE)) {
+ zip_error_set(&za->error, ZIP_ER_MEMORY, 0);
+ return -1;
+ }
+
ret = 0;
current = 0;
- while ((n = zip_source_read(src, buf, sizeof(buf))) > 0) {
+ while ((n = zip_source_read(src, buf, BUFSIZE)) > 0) {
if (_zip_write(za, buf, (zip_uint64_t)n) < 0) {
ret = -1;
break;
}
- if (n == sizeof(buf) && za->progress && data_length > 0) {
+ if (n == BUFSIZE && za->progress && data_length > 0) {
current += n;
_zip_progress_update(za->progress, (double)current / (double)data_length);
}
@@ -572,6 +585,8 @@ copy_source(zip_t *za, zip_source_t *src, zip_int64_t data_length) {
ret = -1;
}
+ byte_array_fini(buf);
+
zip_source_close(src);
return ret;
diff --git a/src/Common/libzip/zip_delete.c b/src/Common/libzip/zip_delete.c
index ae8f5a6..458a1b8 100644
--- a/src/Common/libzip/zip_delete.c
+++ b/src/Common/libzip/zip_delete.c
@@ -1,6 +1,6 @@
/*
zip_delete.c -- delete file from zip archive
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_dir_add.c b/src/Common/libzip/zip_dir_add.c
index 236b439..46c76cf 100644
--- a/src/Common/libzip/zip_dir_add.c
+++ b/src/Common/libzip/zip_dir_add.c
@@ -1,6 +1,6 @@
/*
zip_dir_add.c -- add directory
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_dirent.c b/src/Common/libzip/zip_dirent.c
index a6dbfac..4dcb339 100644
--- a/src/Common/libzip/zip_dirent.c
+++ b/src/Common/libzip/zip_dirent.c
@@ -1,6 +1,6 @@
/*
zip_dirent.c -- read directory entry (local or central), clean dirent
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -1069,6 +1069,12 @@ _zip_u2d_time(time_t intime, zip_uint16_t *dtime, zip_uint16_t *ddate) {
struct tm *tm;
tm = localtime(&intime);
+ if (tm == NULL) {
+ /* if localtime() fails, return an arbitrary date (1980-01-01 00:00:00) */
+ *ddate = (1 << 5) + 1;
+ *dtime = 0;
+ return;
+ }
if (tm->tm_year < 80) {
tm->tm_year = 80;
}
diff --git a/src/Common/libzip/zip_discard.c b/src/Common/libzip/zip_discard.c
index 5bbf8d6..94972cf 100644
--- a/src/Common/libzip/zip_discard.c
+++ b/src/Common/libzip/zip_discard.c
@@ -1,6 +1,6 @@
/*
zip_discard.c -- discard and free struct zip
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_entry.c b/src/Common/libzip/zip_entry.c
index f083412..55f6458 100644
--- a/src/Common/libzip/zip_entry.c
+++ b/src/Common/libzip/zip_entry.c
@@ -1,6 +1,6 @@
/*
zip_entry.c -- struct zip_entry helper functions
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_error.c b/src/Common/libzip/zip_error.c
index 9ccaf91..e05ae50 100644
--- a/src/Common/libzip/zip_error.c
+++ b/src/Common/libzip/zip_error.c
@@ -1,6 +1,6 @@
/*
zip_error.c -- zip_error_t helper functions
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_error_clear.c b/src/Common/libzip/zip_error_clear.c
index 2cce450..6b3a8da 100644
--- a/src/Common/libzip/zip_error_clear.c
+++ b/src/Common/libzip/zip_error_clear.c
@@ -1,6 +1,6 @@
/*
zip_error_clear.c -- clear zip error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_error_get.c b/src/Common/libzip/zip_error_get.c
index 1f02ed3..12341d1 100644
--- a/src/Common/libzip/zip_error_get.c
+++ b/src/Common/libzip/zip_error_get.c
@@ -1,6 +1,6 @@
/*
zip_error_get.c -- get zip error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_error_get_sys_type.c b/src/Common/libzip/zip_error_get_sys_type.c
index d7a594e..80bfc0c 100644
--- a/src/Common/libzip/zip_error_get_sys_type.c
+++ b/src/Common/libzip/zip_error_get_sys_type.c
@@ -1,6 +1,6 @@
/*
zip_error_get_sys_type.c -- return type of system error code
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_error_strerror.c b/src/Common/libzip/zip_error_strerror.c
index 6baf900..0f650b5 100644
--- a/src/Common/libzip/zip_error_strerror.c
+++ b/src/Common/libzip/zip_error_strerror.c
@@ -1,6 +1,6 @@
/*
zip_error_sterror.c -- get string representation of struct zip_error
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_error_to_str.c b/src/Common/libzip/zip_error_to_str.c
index 518c0e5..bf51569 100644
--- a/src/Common/libzip/zip_error_to_str.c
+++ b/src/Common/libzip/zip_error_to_str.c
@@ -1,6 +1,6 @@
/*
zip_error_to_str.c -- get string representation of zip error code
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_extra_field.c b/src/Common/libzip/zip_extra_field.c
index 42f97d0..a17e491 100644
--- a/src/Common/libzip/zip_extra_field.c
+++ b/src/Common/libzip/zip_extra_field.c
@@ -1,6 +1,6 @@
/*
zip_extra_field.c -- manipulate extra fields
- Copyright (C) 2012-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_extra_field_api.c b/src/Common/libzip/zip_extra_field_api.c
index 469abd2..31808de 100644
--- a/src/Common/libzip/zip_extra_field_api.c
+++ b/src/Common/libzip/zip_extra_field_api.c
@@ -1,6 +1,6 @@
/*
zip_extra_field_api.c -- public extra fields API functions
- Copyright (C) 2012-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fclose.c b/src/Common/libzip/zip_fclose.c
index be98cc0..1c69a96 100644
--- a/src/Common/libzip/zip_fclose.c
+++ b/src/Common/libzip/zip_fclose.c
@@ -1,6 +1,6 @@
/*
zip_fclose.c -- close file in zip archive
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fdopen.c b/src/Common/libzip/zip_fdopen.c
index b1fc22b..3270935 100644
--- a/src/Common/libzip/zip_fdopen.c
+++ b/src/Common/libzip/zip_fdopen.c
@@ -1,6 +1,6 @@
/*
zip_fdopen.c -- open read-only archive from file descriptor
- Copyright (C) 2009-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -67,12 +67,14 @@ zip_fdopen(int fd_orig, int _flags, int *zep) {
zip_error_init(&error);
if ((src = zip_source_filep_create(fp, 0, -1, &error)) == NULL) {
+ fclose(fp);
_zip_set_open_error(zep, &error, 0);
zip_error_fini(&error);
return NULL;
}
if ((za = zip_open_from_source(src, _flags, &error)) == NULL) {
+ zip_source_free(src);
_zip_set_open_error(zep, &error, 0);
zip_error_fini(&error);
return NULL;
diff --git a/src/Common/libzip/zip_file_add.c b/src/Common/libzip/zip_file_add.c
index ec8ef06..c2c13d6 100644
--- a/src/Common/libzip/zip_file_add.c
+++ b/src/Common/libzip/zip_file_add.c
@@ -1,6 +1,6 @@
/*
zip_file_add.c -- add file via callback function
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_error_clear.c b/src/Common/libzip/zip_file_error_clear.c
index 666beca..2e7dcea 100644
--- a/src/Common/libzip/zip_file_error_clear.c
+++ b/src/Common/libzip/zip_file_error_clear.c
@@ -1,6 +1,6 @@
/*
zip_file_error_clear.c -- clear zip file error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_error_get.c b/src/Common/libzip/zip_file_error_get.c
index d7e0191..1d13807 100644
--- a/src/Common/libzip/zip_file_error_get.c
+++ b/src/Common/libzip/zip_file_error_get.c
@@ -1,6 +1,6 @@
/*
zip_file_error_get.c -- get zip file error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_get_comment.c b/src/Common/libzip/zip_file_get_comment.c
index 478f3d7..ad944aa 100644
--- a/src/Common/libzip/zip_file_get_comment.c
+++ b/src/Common/libzip/zip_file_get_comment.c
@@ -1,6 +1,6 @@
/*
zip_file_get_comment.c -- get file comment
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_get_external_attributes.c b/src/Common/libzip/zip_file_get_external_attributes.c
index e3ede74..e2e5535 100644
--- a/src/Common/libzip/zip_file_get_external_attributes.c
+++ b/src/Common/libzip/zip_file_get_external_attributes.c
@@ -1,6 +1,6 @@
/*
zip_file_get_external_attributes.c -- get opsys/external attributes
- Copyright (C) 2013-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2013-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_get_offset.c b/src/Common/libzip/zip_file_get_offset.c
index 877c179..858a78a 100644
--- a/src/Common/libzip/zip_file_get_offset.c
+++ b/src/Common/libzip/zip_file_get_offset.c
@@ -1,6 +1,6 @@
/*
zip_file_get_offset.c -- get offset of file data in archive.
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_rename.c b/src/Common/libzip/zip_file_rename.c
index 1eb7fac..cc42dfc 100644
--- a/src/Common/libzip/zip_file_rename.c
+++ b/src/Common/libzip/zip_file_rename.c
@@ -1,6 +1,6 @@
/*
zip_file_rename.c -- rename file in zip archive
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_replace.c b/src/Common/libzip/zip_file_replace.c
index e42f5cd..70b379a 100644
--- a/src/Common/libzip/zip_file_replace.c
+++ b/src/Common/libzip/zip_file_replace.c
@@ -1,6 +1,6 @@
/*
zip_file_replace.c -- replace file via callback function
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_set_comment.c b/src/Common/libzip/zip_file_set_comment.c
index 964486b..ae6b602 100644
--- a/src/Common/libzip/zip_file_set_comment.c
+++ b/src/Common/libzip/zip_file_set_comment.c
@@ -1,6 +1,6 @@
/*
zip_file_set_comment.c -- set comment for file in archive
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_set_external_attributes.c b/src/Common/libzip/zip_file_set_external_attributes.c
index cd46e88..c412f27 100644
--- a/src/Common/libzip/zip_file_set_external_attributes.c
+++ b/src/Common/libzip/zip_file_set_external_attributes.c
@@ -1,6 +1,6 @@
/*
zip_file_set_external_attributes.c -- set external attributes for entry
- Copyright (C) 2013-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2013-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_set_mtime.c b/src/Common/libzip/zip_file_set_mtime.c
index 15316d3..f8d6c20 100644
--- a/src/Common/libzip/zip_file_set_mtime.c
+++ b/src/Common/libzip/zip_file_set_mtime.c
@@ -1,6 +1,6 @@
/*
zip_file_set_mtime.c -- set modification time of entry.
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_file_strerror.c b/src/Common/libzip/zip_file_strerror.c
index fd4008a..189c556 100644
--- a/src/Common/libzip/zip_file_strerror.c
+++ b/src/Common/libzip/zip_file_strerror.c
@@ -1,6 +1,6 @@
/*
zip_file_sterror.c -- get string representation of zip file error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_filerange_crc.c b/src/Common/libzip/zip_filerange_crc.c
index 6c4be27..33bf5d8 100644
--- a/src/Common/libzip/zip_filerange_crc.c
+++ b/src/Common/libzip/zip_filerange_crc.c
@@ -1,6 +1,6 @@
/*
zip_filerange_crc.c -- compute CRC32 for a range of a file
- Copyright (C) 2008-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2008-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -39,7 +39,8 @@
int
_zip_filerange_crc(zip_source_t *src, zip_uint64_t start, zip_uint64_t len, uLong *crcp, zip_error_t *error) {
- Bytef buf[BUFSIZE];
+ DEFINE_BYTE_ARRAY(buf, BUFSIZE);
+
zip_int64_t n;
*crcp = crc32(0L, Z_NULL, 0);
@@ -54,14 +55,21 @@ _zip_filerange_crc(zip_source_t *src, zip_uint64_t start, zip_uint64_t len, uLon
return -1;
}
+ if (!byte_array_init(buf, BUFSIZE)) {
+ zip_error_set(error, ZIP_ER_MEMORY, 0);
+ return -1;
+ }
+
while (len > 0) {
n = (zip_int64_t)(len > BUFSIZE ? BUFSIZE : len);
if ((n = zip_source_read(src, buf, (zip_uint64_t)n)) < 0) {
_zip_error_set_from_source(error, src);
+ byte_array_fini(buf);
return -1;
}
if (n == 0) {
zip_error_set(error, ZIP_ER_EOF, 0);
+ byte_array_fini(buf);
return -1;
}
@@ -70,5 +78,7 @@ _zip_filerange_crc(zip_source_t *src, zip_uint64_t start, zip_uint64_t len, uLon
len -= (zip_uint64_t)n;
}
+ byte_array_fini(buf);
+
return 0;
}
diff --git a/src/Common/libzip/zip_fopen.c b/src/Common/libzip/zip_fopen.c
index cb45cc2..4ef76ba 100644
--- a/src/Common/libzip/zip_fopen.c
+++ b/src/Common/libzip/zip_fopen.c
@@ -1,6 +1,6 @@
/*
zip_fopen.c -- open file in zip archive for reading
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fopen_encrypted.c b/src/Common/libzip/zip_fopen_encrypted.c
index abcf6ac..47cd377 100644
--- a/src/Common/libzip/zip_fopen_encrypted.c
+++ b/src/Common/libzip/zip_fopen_encrypted.c
@@ -1,6 +1,6 @@
/*
zip_fopen_encrypted.c -- open file for reading with password
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fopen_index.c b/src/Common/libzip/zip_fopen_index.c
index 7dcf1f7..5f0dc2a 100644
--- a/src/Common/libzip/zip_fopen_index.c
+++ b/src/Common/libzip/zip_fopen_index.c
@@ -1,6 +1,6 @@
/*
zip_fopen_index.c -- open file in zip archive for reading by index
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fopen_index_encrypted.c b/src/Common/libzip/zip_fopen_index_encrypted.c
index 6b32008..4d4aee3 100644
--- a/src/Common/libzip/zip_fopen_index_encrypted.c
+++ b/src/Common/libzip/zip_fopen_index_encrypted.c
@@ -1,6 +1,6 @@
/*
zip_fopen_index_encrypted.c -- open file for reading by index w/ password
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_fread.c b/src/Common/libzip/zip_fread.c
index be46cf0..3020a16 100644
--- a/src/Common/libzip/zip_fread.c
+++ b/src/Common/libzip/zip_fread.c
@@ -1,6 +1,6 @@
/*
zip_fread.c -- read from file
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_archive_comment.c b/src/Common/libzip/zip_get_archive_comment.c
index a3d5a19..c51148d 100644
--- a/src/Common/libzip/zip_get_archive_comment.c
+++ b/src/Common/libzip/zip_get_archive_comment.c
@@ -1,6 +1,6 @@
/*
zip_get_archive_comment.c -- get archive comment
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_archive_flag.c b/src/Common/libzip/zip_get_archive_flag.c
index 67fe4f8..1aaca72 100644
--- a/src/Common/libzip/zip_get_archive_flag.c
+++ b/src/Common/libzip/zip_get_archive_flag.c
@@ -1,6 +1,6 @@
/*
zip_get_archive_flag.c -- get archive global flag
- Copyright (C) 2008-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2008-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_encryption_implementation.c b/src/Common/libzip/zip_get_encryption_implementation.c
index ba459d4..07e4316 100644
--- a/src/Common/libzip/zip_get_encryption_implementation.c
+++ b/src/Common/libzip/zip_get_encryption_implementation.c
@@ -1,6 +1,6 @@
/*
zip_get_encryption_implementation.c -- get encryption implementation
- Copyright (C) 2009-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_file_comment.c b/src/Common/libzip/zip_get_file_comment.c
index 44e5917..6e85a58 100644
--- a/src/Common/libzip/zip_get_file_comment.c
+++ b/src/Common/libzip/zip_get_file_comment.c
@@ -1,6 +1,6 @@
/*
zip_get_file_comment.c -- get file comment
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_name.c b/src/Common/libzip/zip_get_name.c
index d42f14a..2ac005a 100644
--- a/src/Common/libzip/zip_get_name.c
+++ b/src/Common/libzip/zip_get_name.c
@@ -1,6 +1,6 @@
/*
zip_get_name.c -- get filename for a file in zip file
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_num_entries.c b/src/Common/libzip/zip_get_num_entries.c
index 78f30dc..99dfc7a 100644
--- a/src/Common/libzip/zip_get_num_entries.c
+++ b/src/Common/libzip/zip_get_num_entries.c
@@ -1,6 +1,6 @@
/*
zip_get_num_entries.c -- get number of entries in archive
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_get_num_files.c b/src/Common/libzip/zip_get_num_files.c
index 3ccf400..b6e910e 100644
--- a/src/Common/libzip/zip_get_num_files.c
+++ b/src/Common/libzip/zip_get_num_files.c
@@ -1,6 +1,6 @@
/*
zip_get_num_files.c -- get number of files in archive
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_hash.c b/src/Common/libzip/zip_hash.c
index 0d9e996..7288453 100644
--- a/src/Common/libzip/zip_hash.c
+++ b/src/Common/libzip/zip_hash.c
@@ -1,6 +1,6 @@
/*
zip_hash.c -- hash table string -> uint64
- Copyright (C) 2015-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2015-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_io_util.c b/src/Common/libzip/zip_io_util.c
index 77be8f0..53f4437 100644
--- a/src/Common/libzip/zip_io_util.c
+++ b/src/Common/libzip/zip_io_util.c
@@ -1,6 +1,6 @@
/*
zip_io_util.c -- I/O helper functions
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_memdup.c b/src/Common/libzip/zip_memdup.c
index 9d7949d..d604408 100644
--- a/src/Common/libzip/zip_memdup.c
+++ b/src/Common/libzip/zip_memdup.c
@@ -1,6 +1,6 @@
/*
zip_memdup.c -- internal zip function, "strdup" with len
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_name_locate.c b/src/Common/libzip/zip_name_locate.c
index 6713cab..37b1ffe 100644
--- a/src/Common/libzip/zip_name_locate.c
+++ b/src/Common/libzip/zip_name_locate.c
@@ -1,6 +1,6 @@
/*
zip_name_locate.c -- get index by name
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_new.c b/src/Common/libzip/zip_new.c
index 19155f4..1cd614d 100644
--- a/src/Common/libzip/zip_new.c
+++ b/src/Common/libzip/zip_new.c
@@ -1,6 +1,6 @@
/*
zip_new.c -- create and init struct zip
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_open.c b/src/Common/libzip/zip_open.c
index 1886c9d..593bfde 100644
--- a/src/Common/libzip/zip_open.c
+++ b/src/Common/libzip/zip_open.c
@@ -1,6 +1,6 @@
/*
zip_open.c -- open zip archive by name
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -177,7 +177,6 @@ _zip_open(zip_source_t *src, unsigned int flags, zip_error_t *error) {
/* treat empty files as empty archives */
if (len == 0) {
if ((za = _zip_allocate_new(src, flags, error)) == NULL) {
- zip_source_free(src);
return NULL;
}
diff --git a/src/Common/libzip/zip_progress.c b/src/Common/libzip/zip_progress.c
index 46c8bb8..9b11694 100644
--- a/src/Common/libzip/zip_progress.c
+++ b/src/Common/libzip/zip_progress.c
@@ -1,6 +1,6 @@
/*
zip_progress.c -- progress reporting
- Copyright (C) 2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2017-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_rename.c b/src/Common/libzip/zip_rename.c
index 0cc81ed..4fdf636 100644
--- a/src/Common/libzip/zip_rename.c
+++ b/src/Common/libzip/zip_rename.c
@@ -1,6 +1,6 @@
/*
zip_rename.c -- rename file in zip archive
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_replace.c b/src/Common/libzip/zip_replace.c
index 34b922e..2e982af 100644
--- a/src/Common/libzip/zip_replace.c
+++ b/src/Common/libzip/zip_replace.c
@@ -1,6 +1,6 @@
/*
zip_replace.c -- replace file via callback function
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_archive_comment.c b/src/Common/libzip/zip_set_archive_comment.c
index 221fde5..166a2c0 100644
--- a/src/Common/libzip/zip_set_archive_comment.c
+++ b/src/Common/libzip/zip_set_archive_comment.c
@@ -1,6 +1,6 @@
/*
zip_set_archive_comment.c -- set archive comment
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_archive_flag.c b/src/Common/libzip/zip_set_archive_flag.c
index 6fb1131..facf614 100644
--- a/src/Common/libzip/zip_set_archive_flag.c
+++ b/src/Common/libzip/zip_set_archive_flag.c
@@ -1,6 +1,6 @@
/*
zip_get_archive_flag.c -- set archive global flag
- Copyright (C) 2008-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2008-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_default_password.c b/src/Common/libzip/zip_set_default_password.c
index 33c1754..8081657 100644
--- a/src/Common/libzip/zip_set_default_password.c
+++ b/src/Common/libzip/zip_set_default_password.c
@@ -1,6 +1,6 @@
/*
zip_set_default_password.c -- set default password for decryption
- Copyright (C) 2009-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_file_comment.c b/src/Common/libzip/zip_set_file_comment.c
index 93594f0..e4e0331 100644
--- a/src/Common/libzip/zip_set_file_comment.c
+++ b/src/Common/libzip/zip_set_file_comment.c
@@ -1,6 +1,6 @@
/*
zip_set_file_comment.c -- set comment for file in archive
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_file_compression.c b/src/Common/libzip/zip_set_file_compression.c
index 6de2d40..054dd1f 100644
--- a/src/Common/libzip/zip_set_file_compression.c
+++ b/src/Common/libzip/zip_set_file_compression.c
@@ -1,6 +1,6 @@
/*
zip_set_file_compression.c -- set compression for file in archive
- Copyright (C) 2012-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_set_name.c b/src/Common/libzip/zip_set_name.c
index 33fb4bc..aa1dd8e 100644
--- a/src/Common/libzip/zip_set_name.c
+++ b/src/Common/libzip/zip_set_name.c
@@ -1,6 +1,6 @@
/*
zip_set_name.c -- rename helper function
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_begin_write.c b/src/Common/libzip/zip_source_begin_write.c
index 0b010df..a8b90b5 100644
--- a/src/Common/libzip/zip_source_begin_write.c
+++ b/src/Common/libzip/zip_source_begin_write.c
@@ -1,6 +1,6 @@
/*
zip_source_begin_write.c -- start a new file for writing
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_begin_write_cloning.c b/src/Common/libzip/zip_source_begin_write_cloning.c
index 8c4cf71..b38de04 100644
--- a/src/Common/libzip/zip_source_begin_write_cloning.c
+++ b/src/Common/libzip/zip_source_begin_write_cloning.c
@@ -1,6 +1,6 @@
/*
zip_source_begin_write_cloning.c -- clone part of file for writing
- Copyright (C) 2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2017-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_buffer.c b/src/Common/libzip/zip_source_buffer.c
index d2bc8ad..119bc02 100644
--- a/src/Common/libzip/zip_source_buffer.c
+++ b/src/Common/libzip/zip_source_buffer.c
@@ -1,6 +1,6 @@
/*
zip_source_buffer.c -- create zip data source from buffer
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -389,8 +389,8 @@ buffer_grow_fragments(buffer_t *buffer, zip_uint64_t capacity, zip_error_t *erro
}
if ((fragments = realloc(buffer->fragments, sizeof(buffer->fragments[0]) * capacity)) == NULL) {
- zip_error_set(error, ZIP_ER_MEMORY, 0);
- return false;
+ zip_error_set(error, ZIP_ER_MEMORY, 0);
+ return false;
}
buffer->fragments = fragments;
if ((offsets = realloc(buffer->fragment_offsets, sizeof(buffer->fragment_offsets[0]) * (capacity + 1))) == NULL) {
diff --git a/src/Common/libzip/zip_source_call.c b/src/Common/libzip/zip_source_call.c
index ec54b92..3f374fc 100644
--- a/src/Common/libzip/zip_source_call.c
+++ b/src/Common/libzip/zip_source_call.c
@@ -1,6 +1,6 @@
/*
zip_source_call.c -- invoke callback command on zip_source
- Copyright (C) 2009-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_close.c b/src/Common/libzip/zip_source_close.c
index cbc3bea..7916550 100644
--- a/src/Common/libzip/zip_source_close.c
+++ b/src/Common/libzip/zip_source_close.c
@@ -1,6 +1,6 @@
/*
zip_source_close.c -- close zip_source (stop reading)
- Copyright (C) 2009-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_commit_write.c b/src/Common/libzip/zip_source_commit_write.c
index 26c3dd7..67881f0 100644
--- a/src/Common/libzip/zip_source_commit_write.c
+++ b/src/Common/libzip/zip_source_commit_write.c
@@ -1,6 +1,6 @@
/*
zip_source_commit_write.c -- commit changes to file
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_compress.c b/src/Common/libzip/zip_source_compress.c
index a1ac3e0..d2ae220 100644
--- a/src/Common/libzip/zip_source_compress.c
+++ b/src/Common/libzip/zip_source_compress.c
@@ -1,6 +1,6 @@
/*
zip_source_compress.c -- (de)compression routines
- Copyright (C) 2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2017-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_crc.c b/src/Common/libzip/zip_source_crc.c
index 8797dfe..e16f929 100644
--- a/src/Common/libzip/zip_source_crc.c
+++ b/src/Common/libzip/zip_source_crc.c
@@ -1,6 +1,6 @@
/*
zip_source_crc.c -- pass-through source that calculates CRC32 and size
- Copyright (C) 2009-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -148,7 +148,6 @@ crc_read(zip_source_t *src, void *_ctx, void *data, zip_uint64_t len, zip_source
st->comp_method = ZIP_CM_STORE;
st->encryption_method = ZIP_EM_NONE;
st->valid |= ZIP_STAT_SIZE | ZIP_STAT_CRC | ZIP_STAT_COMP_SIZE | ZIP_STAT_COMP_METHOD | ZIP_STAT_ENCRYPTION_METHOD;
- ;
}
return 0;
}
diff --git a/src/Common/libzip/zip_source_error.c b/src/Common/libzip/zip_source_error.c
index 5145169..1e0e0d4 100644
--- a/src/Common/libzip/zip_source_error.c
+++ b/src/Common/libzip/zip_source_error.c
@@ -1,6 +1,6 @@
/*
zip_source_error.c -- get last error from zip_source
- Copyright (C) 2009-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_file.c b/src/Common/libzip/zip_source_file.c
index 77376f4..8714785 100644
--- a/src/Common/libzip/zip_source_file.c
+++ b/src/Common/libzip/zip_source_file.c
@@ -1,6 +1,6 @@
/*
zip_source_file.c -- create data source from file
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_filep.c b/src/Common/libzip/zip_source_filep.c
index 9fc9a01..cb3d151 100644
--- a/src/Common/libzip/zip_source_filep.c
+++ b/src/Common/libzip/zip_source_filep.c
@@ -1,6 +1,6 @@
/*
zip_source_filep.c -- create data source from FILE *
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2019 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -34,6 +34,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/types.h>
#include <sys/stat.h>
#include "zipint.h"
@@ -412,21 +413,27 @@ read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd) {
#endif
case ZIP_SOURCE_COMMIT_WRITE: {
- mode_t mask;
+ mode_t mode;
+ struct stat st;
if (fclose(ctx->fout) < 0) {
ctx->fout = NULL;
zip_error_set(&ctx->error, ZIP_ER_WRITE, errno);
}
ctx->fout = NULL;
+ if (stat(ctx->fname, &st) == 0) {
+ mode = st.st_mode;
+ } else {
+ mode_t mask = umask(022);
+ umask(mask);
+ mode = 0666 & ~mask;
+ }
if (rename(ctx->tmpname, ctx->fname) < 0) {
zip_error_set(&ctx->error, ZIP_ER_RENAME, errno);
return -1;
}
- mask = umask(022);
- umask(mask);
/* not much we can do if chmod fails except make the whole commit fail */
- (void)chmod(ctx->fname, 0666 & ~mask);
+ (void)chmod(ctx->fname, mode);
free(ctx->tmpname);
ctx->tmpname = NULL;
return 0;
diff --git a/src/Common/libzip/zip_source_free.c b/src/Common/libzip/zip_source_free.c
index 7cb3525..dd3c6df 100644
--- a/src/Common/libzip/zip_source_free.c
+++ b/src/Common/libzip/zip_source_free.c
@@ -1,6 +1,6 @@
/*
zip_source_free.c -- free zip data source
- Copyright (C) 1999-2015 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_function.c b/src/Common/libzip/zip_source_function.c
index 56eb1c5..c9730c9 100644
--- a/src/Common/libzip/zip_source_function.c
+++ b/src/Common/libzip/zip_source_function.c
@@ -1,6 +1,6 @@
/*
zip_source_function.c -- create zip data source from callback function
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_get_compression_flags.c b/src/Common/libzip/zip_source_get_compression_flags.c
index e33e43b..a9442aa 100644
--- a/src/Common/libzip/zip_source_get_compression_flags.c
+++ b/src/Common/libzip/zip_source_get_compression_flags.c
@@ -1,6 +1,6 @@
/*
zip_source_get_compression_flags.c -- get compression flags for entry
- Copyright (C) 2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2017-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_is_deleted.c b/src/Common/libzip/zip_source_is_deleted.c
index 1e5d343..090a67b 100644
--- a/src/Common/libzip/zip_source_is_deleted.c
+++ b/src/Common/libzip/zip_source_is_deleted.c
@@ -1,6 +1,6 @@
/*
zip_source_is_deleted.c -- was archive was removed?
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_layered.c b/src/Common/libzip/zip_source_layered.c
index 5e95bc1..580bff0 100644
--- a/src/Common/libzip/zip_source_layered.c
+++ b/src/Common/libzip/zip_source_layered.c
@@ -1,6 +1,6 @@
/*
zip_source_layered.c -- create layered source
- Copyright (C) 2009-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_open.c b/src/Common/libzip/zip_source_open.c
index 187001c..d10a3c5 100644
--- a/src/Common/libzip/zip_source_open.c
+++ b/src/Common/libzip/zip_source_open.c
@@ -1,6 +1,6 @@
/*
zip_source_open.c -- open zip_source (prepare for reading)
- Copyright (C) 2009-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_pkware.c b/src/Common/libzip/zip_source_pkware.c
index b466da4..cc510ea 100644
--- a/src/Common/libzip/zip_source_pkware.c
+++ b/src/Common/libzip/zip_source_pkware.c
@@ -1,6 +1,6 @@
/*
zip_source_pkware.c -- Traditional PKWARE de/encryption routines
- Copyright (C) 2009-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_read.c b/src/Common/libzip/zip_source_read.c
index 83514c6..816fb3d 100644
--- a/src/Common/libzip/zip_source_read.c
+++ b/src/Common/libzip/zip_source_read.c
@@ -1,6 +1,6 @@
/*
zip_source_read.c -- read data from zip_source
- Copyright (C) 2009-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -57,7 +57,7 @@ zip_source_read(zip_source_t *src, void *data, zip_uint64_t len) {
}
if (len == 0) {
- return 0;
+ return 0;
}
bytes_read = 0;
diff --git a/src/Common/libzip/zip_source_remove.c b/src/Common/libzip/zip_source_remove.c
index 8e01e24..6841b74 100644
--- a/src/Common/libzip/zip_source_remove.c
+++ b/src/Common/libzip/zip_source_remove.c
@@ -1,6 +1,6 @@
/*
zip_source_remove.c -- remove empty archive
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_rollback_write.c b/src/Common/libzip/zip_source_rollback_write.c
index bbccaf8..04aa938 100644
--- a/src/Common/libzip/zip_source_rollback_write.c
+++ b/src/Common/libzip/zip_source_rollback_write.c
@@ -1,6 +1,6 @@
/*
zip_source_rollback_write.c -- discard changes
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_seek.c b/src/Common/libzip/zip_source_seek.c
index aed53b8..c7bd8e6 100644
--- a/src/Common/libzip/zip_source_seek.c
+++ b/src/Common/libzip/zip_source_seek.c
@@ -1,6 +1,6 @@
/*
zip_source_seek.c -- seek to offset
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -50,7 +50,12 @@ zip_source_seek(zip_source_t *src, zip_int64_t offset, int whence) {
args.offset = offset;
args.whence = whence;
- return (_zip_source_call(src, &args, sizeof(args), ZIP_SOURCE_SEEK) < 0 ? -1 : 0);
+ if (_zip_source_call(src, &args, sizeof(args), ZIP_SOURCE_SEEK) < 0) {
+ return -1;
+ }
+
+ src->eof = 0;
+ return 0;
}
diff --git a/src/Common/libzip/zip_source_seek_write.c b/src/Common/libzip/zip_source_seek_write.c
index 4ecbee1..a20dc82 100644
--- a/src/Common/libzip/zip_source_seek_write.c
+++ b/src/Common/libzip/zip_source_seek_write.c
@@ -1,6 +1,6 @@
/*
zip_source_seek_write.c -- seek to offset for writing
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_stat.c b/src/Common/libzip/zip_source_stat.c
index 987c862..f3af3be 100644
--- a/src/Common/libzip/zip_source_stat.c
+++ b/src/Common/libzip/zip_source_stat.c
@@ -1,6 +1,6 @@
/*
zip_source_stat.c -- get meta information from zip_source
- Copyright (C) 2009-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2009-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_supports.c b/src/Common/libzip/zip_source_supports.c
index a47f293..394f06e 100644
--- a/src/Common/libzip/zip_source_supports.c
+++ b/src/Common/libzip/zip_source_supports.c
@@ -1,6 +1,6 @@
/*
zip_source_supports.c -- check for supported functions
- Copyright (C) 2014-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_tell.c b/src/Common/libzip/zip_source_tell.c
index ab418fa..da13cf5 100644
--- a/src/Common/libzip/zip_source_tell.c
+++ b/src/Common/libzip/zip_source_tell.c
@@ -1,6 +1,6 @@
/*
zip_source_tell.c -- report current offset
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_tell_write.c b/src/Common/libzip/zip_source_tell_write.c
index f7a8a3f..d20139f 100644
--- a/src/Common/libzip/zip_source_tell_write.c
+++ b/src/Common/libzip/zip_source_tell_write.c
@@ -1,6 +1,6 @@
/*
zip_source_tell_write.c -- report current offset for writing
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_win32a.c b/src/Common/libzip/zip_source_win32a.c
index 0780fa5..b4b060a 100644
--- a/src/Common/libzip/zip_source_win32a.c
+++ b/src/Common/libzip/zip_source_win32a.c
@@ -1,6 +1,6 @@
/*
zip_source_win32a.c -- create data source from Windows file (ANSI)
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_win32handle.c b/src/Common/libzip/zip_source_win32handle.c
index 8cef919..3a2f52e 100644
--- a/src/Common/libzip/zip_source_win32handle.c
+++ b/src/Common/libzip/zip_source_win32handle.c
@@ -1,6 +1,6 @@
/*
zip_source_win32file.c -- create data source from HANDLE (Win32)
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_win32utf8.c b/src/Common/libzip/zip_source_win32utf8.c
index 1e279b0..103b498 100644
--- a/src/Common/libzip/zip_source_win32utf8.c
+++ b/src/Common/libzip/zip_source_win32utf8.c
@@ -1,6 +1,6 @@
/*
zip_source_win32utf8.c -- create data source from Windows file (UTF-8)
- Copyright (C) 1999-2015 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_win32w.c b/src/Common/libzip/zip_source_win32w.c
index 5583bdf..4097214 100644
--- a/src/Common/libzip/zip_source_win32w.c
+++ b/src/Common/libzip/zip_source_win32w.c
@@ -1,6 +1,6 @@
/*
zip_source_win32w.c -- create data source from Windows file (UTF-16)
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_window.c b/src/Common/libzip/zip_source_window.c
index f4701a0..d9e90bf 100644
--- a/src/Common/libzip/zip_source_window.c
+++ b/src/Common/libzip/zip_source_window.c
@@ -1,6 +1,6 @@
/*
zip_source_window.c -- return part of lower source
- Copyright (C) 2012-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -121,7 +121,6 @@ window_read(zip_source_t *src, void *_ctx, void *data, zip_uint64_t len, zip_sou
struct window *ctx;
zip_int64_t ret;
zip_uint64_t n, i;
- char b[8192];
ctx = (struct window *)_ctx;
@@ -154,18 +153,30 @@ window_read(zip_source_t *src, void *_ctx, void *data, zip_uint64_t len, zip_sou
}
if (!ctx->needs_seek) {
+ DEFINE_BYTE_ARRAY(b, BUFSIZE);
+
+ if (!byte_array_init(b, BUFSIZE)) {
+ zip_error_set(&ctx->error, ZIP_ER_MEMORY, 0);
+ return -1;
+ }
+
for (n = 0; n < ctx->start; n += (zip_uint64_t)ret) {
- i = (ctx->start - n > sizeof(b) ? sizeof(b) : ctx->start - n);
+ i = (ctx->start - n > BUFSIZE ? BUFSIZE : ctx->start - n);
if ((ret = zip_source_read(src, b, i)) < 0) {
_zip_error_set_from_source(&ctx->error, src);
+ byte_array_fini(b);
return -1;
}
if (ret == 0) {
zip_error_set(&ctx->error, ZIP_ER_EOF, 0);
+ byte_array_fini(b);
return -1;
}
}
+
+ byte_array_fini(b);
}
+
ctx->offset = ctx->start;
return 0;
diff --git a/src/Common/libzip/zip_source_write.c b/src/Common/libzip/zip_source_write.c
index 1646e33..9f494e0 100644
--- a/src/Common/libzip/zip_source_write.c
+++ b/src/Common/libzip/zip_source_write.c
@@ -1,6 +1,6 @@
/*
zip_source_write.c -- start a new file for writing
- Copyright (C) 2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2014-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_zip.c b/src/Common/libzip/zip_source_zip.c
index b3f1805..3fd90ab 100644
--- a/src/Common/libzip/zip_source_zip.c
+++ b/src/Common/libzip/zip_source_zip.c
@@ -1,6 +1,6 @@
/*
zip_source_zip.c -- create data source from zip file
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_source_zip_new.c b/src/Common/libzip/zip_source_zip_new.c
index a5cfee3..ab78561 100644
--- a/src/Common/libzip/zip_source_zip_new.c
+++ b/src/Common/libzip/zip_source_zip_new.c
@@ -1,6 +1,6 @@
/*
zip_source_zip_new.c -- prepare data structures for zip_fopen/zip_source_zip
- Copyright (C) 2012-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_stat.c b/src/Common/libzip/zip_stat.c
index 02cca37..237d985 100644
--- a/src/Common/libzip/zip_stat.c
+++ b/src/Common/libzip/zip_stat.c
@@ -1,6 +1,6 @@
/*
zip_stat.c -- get information about file by name
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_stat_index.c b/src/Common/libzip/zip_stat_index.c
index 109c118..d19e76a 100644
--- a/src/Common/libzip/zip_stat_index.c
+++ b/src/Common/libzip/zip_stat_index.c
@@ -1,6 +1,6 @@
/*
zip_stat_index.c -- get information about file by index
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_stat_init.c b/src/Common/libzip/zip_stat_init.c
index 0be5138..46fa404 100644
--- a/src/Common/libzip/zip_stat_init.c
+++ b/src/Common/libzip/zip_stat_init.c
@@ -1,6 +1,6 @@
/*
zip_stat_init.c -- initialize struct zip_stat.
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_strerror.c b/src/Common/libzip/zip_strerror.c
index 9e6e86c..eb94198 100644
--- a/src/Common/libzip/zip_strerror.c
+++ b/src/Common/libzip/zip_strerror.c
@@ -1,6 +1,6 @@
/*
zip_sterror.c -- get string representation of zip error
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_string.c b/src/Common/libzip/zip_string.c
index 293766c..7e16a72 100644
--- a/src/Common/libzip/zip_string.c
+++ b/src/Common/libzip/zip_string.c
@@ -1,6 +1,6 @@
/*
zip_string.c -- string handling (with encoding)
- Copyright (C) 2012-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2012-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_unchange.c b/src/Common/libzip/zip_unchange.c
index b0bd078..8285707 100644
--- a/src/Common/libzip/zip_unchange.c
+++ b/src/Common/libzip/zip_unchange.c
@@ -1,6 +1,6 @@
/*
zip_unchange.c -- undo changes to file in zip archive
- Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_unchange_all.c b/src/Common/libzip/zip_unchange_all.c
index 165064b..6a43358 100644
--- a/src/Common/libzip/zip_unchange_all.c
+++ b/src/Common/libzip/zip_unchange_all.c
@@ -1,6 +1,6 @@
/*
zip_unchange.c -- undo changes to all files in zip archive
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_unchange_archive.c b/src/Common/libzip/zip_unchange_archive.c
index f70dba9..404f1ed 100644
--- a/src/Common/libzip/zip_unchange_archive.c
+++ b/src/Common/libzip/zip_unchange_archive.c
@@ -1,6 +1,6 @@
/*
zip_unchange_archive.c -- undo global changes to ZIP archive
- Copyright (C) 2006-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2006-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_unchange_data.c b/src/Common/libzip/zip_unchange_data.c
index 1addaa8..f1df2bd 100644
--- a/src/Common/libzip/zip_unchange_data.c
+++ b/src/Common/libzip/zip_unchange_data.c
@@ -1,6 +1,6 @@
/*
zip_unchange_data.c -- undo helper function
- Copyright (C) 1999-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Common/libzip/zip_utf-8.c b/src/Common/libzip/zip_utf-8.c
index 8f02f88..684eba5 100644
--- a/src/Common/libzip/zip_utf-8.c
+++ b/src/Common/libzip/zip_utf-8.c
@@ -1,6 +1,6 @@
/*
zip_utf-8.c -- UTF-8 support functions for libzip
- Copyright (C) 2011-2014 Dieter Baron and Thomas Klausner
+ Copyright (C) 2011-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -39,7 +39,7 @@
static const zip_uint16_t _cp437_to_unicode[256] = {
/* 0x00 - 0x0F */
- 0x2007, 0x263A, 0x263B, 0x2665, 0x2666, 0x2663, 0x2660, 0x2022, 0x25D8, 0x25CB, 0x25D9, 0x2642, 0x2640, 0x266A, 0x266B, 0x263C,
+ 0x0000, 0x263A, 0x263B, 0x2665, 0x2666, 0x2663, 0x2660, 0x2022, 0x25D8, 0x25CB, 0x25D9, 0x2642, 0x2640, 0x266A, 0x266B, 0x263C,
/* 0x10 - 0x1F */
0x25BA, 0x25C4, 0x2195, 0x203C, 0x00B6, 0x00A7, 0x25AC, 0x21A8, 0x2191, 0x2193, 0x2192, 0x2190, 0x221F, 0x2194, 0x25B2, 0x25BC,
diff --git a/src/Common/libzip/zipint.h b/src/Common/libzip/zipint.h
index 3c60ece..093a1b2 100644
--- a/src/Common/libzip/zipint.h
+++ b/src/Common/libzip/zipint.h
@@ -3,7 +3,7 @@
/*
zipint.h -- internal declarations.
- Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
@@ -40,6 +40,10 @@
#include "compat.h"
+#ifdef ZIP_ALLOCATE_BUFFER
+#include <stdlib.h>
+#endif
+
#include <zlib.h>
#ifndef _ZIP_COMPILING_DEPRECATED
@@ -367,6 +371,23 @@ struct zip_string {
};
+/* byte array */
+
+/* For performance, we usually keep 8k byte arrays on the stack.
+ However, there are (embedded) systems with a stack size of 12k;
+ for those, use malloc()/free() */
+
+#ifdef ZIP_ALLOCATE_BUFFER
+#define DEFINE_BYTE_ARRAY(buf, size) zip_uint8_t *buf
+#define byte_array_init(buf, size) (((buf) = (zip_uint8_t *)malloc(size)) != NULL)
+#define byte_array_fini(buf) (free(buf))
+#else
+#define DEFINE_BYTE_ARRAY(buf, size) zip_uint8_t buf[size]
+#define byte_array_init(buf, size) (1)
+#define byte_array_fini(buf) ((void)0)
+#endif
+
+
/* bounds checked access to memory buffer */
struct zip_buffer {
diff --git a/src/Common/libzip/zipwin32.h b/src/Common/libzip/zipwin32.h
index d2c5d82..7d3ac76 100644
--- a/src/Common/libzip/zipwin32.h
+++ b/src/Common/libzip/zipwin32.h
@@ -3,7 +3,7 @@
/*
zipwin32.h -- internal declarations for Windows.
- Copyright (C) 1999-2015 Dieter Baron and Thomas Klausner
+ Copyright (C) 1999-2018 Dieter Baron and Thomas Klausner
This file is part of libzip, a library to manipulate ZIP archives.
The authors can be contacted at <libzip@nih.at>
diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp
index c22a50c..01d3981 100644
--- a/src/Core/CoreBase.cpp
+++ b/src/Core/CoreBase.cpp
@@ -20,6 +20,9 @@ namespace VeraCrypt
{
CoreBase::CoreBase ()
: DeviceChangeInProgress (false)
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ , UseDummySudoPassword (false)
+#endif
{
}
diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h
index eb830ba..8f41ddd 100644
--- a/src/Core/CoreBase.h
+++ b/src/Core/CoreBase.h
@@ -77,6 +77,10 @@ namespace VeraCrypt
virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0;
virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0;
virtual void WipePasswordCache () const = 0;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;}
+ virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;}
+#endif
Event VolumeDismountedEvent;
Event VolumeMountedEvent;
@@ -87,6 +91,9 @@ namespace VeraCrypt
bool DeviceChangeInProgress;
FilePath ApplicationExecutablePath;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ bool UseDummySudoPassword;
+#endif
private:
CoreBase (const CoreBase &);
diff --git a/src/Core/RandomNumberGenerator.cpp b/src/Core/RandomNumberGenerator.cpp
index fffd948..70c4649 100644
--- a/src/Core/RandomNumberGenerator.cpp
+++ b/src/Core/RandomNumberGenerator.cpp
@@ -46,6 +46,16 @@ namespace VeraCrypt
throw_sys_sub_if (read (random, buffer, buffer.Size()) == -1 && errno != EAGAIN, L"/dev/random");
AddToPool (buffer);
+
+ /* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */
+ if (JitterRngCtx)
+ {
+ ssize_t rndLen = jent_read_entropy (JitterRngCtx, (char*) buffer.Ptr(), buffer.Size());
+ if (rndLen > 0)
+ {
+ AddToPool (buffer);
+ }
+ }
}
#endif
}
@@ -80,6 +90,12 @@ namespace VeraCrypt
ScopeLock lock (AccessMutex);
size_t bufferLen = buffer.Size(), loopLen;
byte* pbBuffer = buffer.Get();
+
+ // Initialize JitterEntropy RNG for this call
+ if (0 == jent_entropy_init ())
+ {
+ JitterRngCtx = jent_entropy_collector_alloc (1, 0);
+ }
// Poll system for data
AddSystemDataToPool (fast);
@@ -127,6 +143,12 @@ namespace VeraCrypt
pbBuffer += loopLen;
}
+
+ if (JitterRngCtx)
+ {
+ jent_entropy_collector_free (JitterRngCtx);
+ JitterRngCtx = NULL;
+ }
}
shared_ptr <Hash> RandomNumberGenerator::GetHash ()
@@ -232,4 +254,5 @@ namespace VeraCrypt
size_t RandomNumberGenerator::ReadOffset;
bool RandomNumberGenerator::Running = false;
size_t RandomNumberGenerator::WriteOffset;
+ struct rand_data *RandomNumberGenerator::JitterRngCtx = NULL;
}
diff --git a/src/Core/RandomNumberGenerator.h b/src/Core/RandomNumberGenerator.h
index 2d1d314..6df31ae 100644
--- a/src/Core/RandomNumberGenerator.h
+++ b/src/Core/RandomNumberGenerator.h
@@ -16,6 +16,7 @@
#include "Platform/Platform.h"
#include "Volume/Hash.h"
#include "Common/Random.h"
+#include "Crypto/jitterentropy.h"
namespace VeraCrypt
{
@@ -53,6 +54,7 @@ namespace VeraCrypt
static size_t ReadOffset;
static bool Running;
static size_t WriteOffset;
+ static struct rand_data *JitterRngCtx;
};
}
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp
index 77d55b2..2a77c90 100644
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -13,6 +13,7 @@
#include "CoreService.h"
#include <fcntl.h>
#include <sys/wait.h>
+#include <stdio.h>
#include "Platform/FileStream.h"
#include "Platform/MemoryStream.h"
#include "Platform/Serializable.h"
@@ -290,6 +291,53 @@ namespace VeraCrypt
while (!ElevatedServiceAvailable)
{
+ // Test if the user has an active "sudo" session.
+ // This is only done under Linux / FreeBSD by executing the command 'sudo -n uptime'.
+ // In case a "sudo" session is active, the result of the command contains the string 'load average'.
+ // Otherwise, the result contains "sudo: a password is required".
+ // This may not work on all OSX versions because of a bug in sudo in its version 1.7.10,
+ // therefore we keep the old behaviour of sending a 'dummy' password under OSX.
+ // See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0
+ //
+ // If for some reason we are getting empty output from pipe, we revert to old behavior
+ // We also use the old way if the user is forcing the use of dummy password for sudo
+
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+
+ if (!Core->GetUseDummySudoPassword ())
+ {
+ std::vector<char> buffer(128, 0);
+ std::string result;
+ bool authCheckDone = false;
+
+ FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command
+ if (pipe)
+ {
+ while (!feof(pipe))
+ {
+ if (fgets(buffer.data(), 128, pipe) != nullptr)
+ result += buffer.data();
+ }
+
+ fflush(pipe);
+ pclose(pipe);
+ pipe = NULL;
+
+ if (!result.empty() && strlen(result.c_str()) != 0)
+ {
+ authCheckDone = true;
+ if (result[0] == '0') // no line found with "load average" text, rerquest admin password
+ (*AdminPasswordCallback) (request.AdminPassword);
+ }
+ }
+
+ if (authCheckDone)
+ {
+ // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
+ request.FastElevation = false;
+ }
+ }
+#endif
try
{
request.Serialize (ServiceInputStream);
@@ -396,6 +444,7 @@ namespace VeraCrypt
vector <char> adminPassword (request.AdminPassword.size() + 1);
int timeout = 6000;
+ // 'request.FastElevation' is always false under Linux / FreeBSD when "sudo -n" works properly
if (request.FastElevation)
{
string dummyPassword = "dummy\n";
@@ -457,6 +506,7 @@ namespace VeraCrypt
outPipe->Close();
errPipe.Close();
+ // 'request.FastElevation' is always false under Linux / FreeBSD
if (request.FastElevation)
{
// Prevent defunct process
diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp
index 372c450..499ea43 100644
--- a/src/Core/Unix/CoreUnix.cpp
+++ b/src/Core/Unix/CoreUnix.cpp
@@ -465,6 +465,7 @@ namespace VeraCrypt
continue;
}
+ options.Password.reset();
throw;
}
@@ -473,8 +474,10 @@ namespace VeraCrypt
if (options.Path->IsDevice())
{
- if (volume->GetFile()->GetDeviceSectorSize() != volume->GetSectorSize())
- throw ParameterIncorrect (SRC_POS);
+ const uint32 devSectorSize = volume->GetFile()->GetDeviceSectorSize();
+ const size_t volSectorSize = volume->GetSectorSize();
+ if (devSectorSize != volSectorSize)
+ throw DeviceSectorSizeMismatch (SRC_POS, StringConverter::ToWide(devSectorSize) + L" != " + StringConverter::ToWide(volSectorSize));
}
// Find a free mount point for FUSE service
diff --git a/src/Core/VolumeCreator.h b/src/Core/VolumeCreator.h
index 4f56308..6b8f143 100644
--- a/src/Core/VolumeCreator.h
+++ b/src/Core/VolumeCreator.h
@@ -45,6 +45,7 @@ namespace VeraCrypt
Ext3,
Ext4,
MacOsExt,
+ APFS,
UFS
};
diff --git a/src/Crypto/Aeskey.c b/src/Crypto/Aeskey.c
index c9ab026..9b7bfd1 100644
--- a/src/Crypto/Aeskey.c
+++ b/src/Crypto/Aeskey.c
@@ -27,6 +27,7 @@
#include "Aesopt.h"
#include "Aestab.h"
+#include "Common/Tcdefs.h"
#ifdef USE_VIA_ACE_IF_PRESENT
# include "aes_via_ace.h"
@@ -95,6 +96,8 @@ AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -147,6 +150,8 @@ AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -202,6 +207,8 @@ AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -352,6 +359,8 @@ AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -439,6 +448,8 @@ AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
@@ -538,6 +549,8 @@ AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
cx->inf.b[1] = 0xff;
#endif
+ burn(ss, sizeof(ss));
+
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
diff --git a/src/Crypto/Camellia.c b/src/Crypto/Camellia.c
index 49bc767..b3a3578 100644
--- a/src/Crypto/Camellia.c
+++ b/src/Crypto/Camellia.c
@@ -3,7 +3,7 @@
#include "Crypto/cpu.h"
#include "Crypto/misc.h"
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
/* camellia.c ver 1.2.0-x86_64_asm1.1
*
diff --git a/src/Crypto/Camellia.h b/src/Crypto/Camellia.h
index 988203d..a1cb832 100644
--- a/src/Crypto/Camellia.h
+++ b/src/Crypto/Camellia.h
@@ -17,7 +17,7 @@ void camellia_set_key(const unsigned __int8 userKey[], unsigned __int8 *ks);
void camellia_encrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
void camellia_decrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
void camellia_encrypt_blocks(unsigned __int8 *ks, const byte* in_blk, byte* out_blk, uint32 blockCount);
void camellia_decrypt_blocks(unsigned __int8 *ks, const byte* in_blk, byte* out_blk, uint32 blockCount);
#endif
diff --git a/src/Crypto/Crypto.vcxproj b/src/Crypto/Crypto.vcxproj
index 027a87e..c6e0aac 100644
--- a/src/Crypto/Crypto.vcxproj
+++ b/src/Crypto/Crypto.vcxproj
@@ -403,6 +403,21 @@
<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
</CustomBuild>
+ <CustomBuild Include="rdseed_ml.asm">
+ <FileType>Document</FileType>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">echo %(Filename)%(Extension) &amp; ml64.exe /nologo /D_M_X64 /W3 /Cx /Zi /Fo "$(TargetDir)\%(Filename).obj" /c "%(FullPath)"
+</Command>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">echo %(Filename)%(Extension) &amp; ml64.exe /nologo /D_M_X64 /W3 /Cx /Zi /Fo "$(TargetDir)\%(Filename).obj" /c "%(FullPath)"
+</Command>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">echo %(Filename)%(Extension) &amp; ml.exe /nologo /D_M_X86 /W3 /Cx /Zi /safeseh /Fo "$(TargetDir)\%(Filename).obj" /c "%(FullPath)"
+</Command>
+ <Command Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">echo %(Filename)%(Extension) &amp; ml.exe /nologo /D_M_X86 /W3 /Cx /Zi /safeseh /Fo "$(TargetDir)\%(Filename).obj" /c "%(FullPath)"
+</Command>
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
+ <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
+ </CustomBuild>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
diff --git a/src/Crypto/Crypto.vcxproj.filters b/src/Crypto/Crypto.vcxproj.filters
index e7b3c3a..541a086 100644
--- a/src/Crypto/Crypto.vcxproj.filters
+++ b/src/Crypto/Crypto.vcxproj.filters
@@ -217,5 +217,8 @@
<CustomBuild Include="rdrand_ml.asm">
<Filter>Source Files</Filter>
</CustomBuild>
+ <CustomBuild Include="rdseed_ml.asm">
+ <Filter>Source Files</Filter>
+ </CustomBuild>
</ItemGroup>
</Project> \ No newline at end of file
diff --git a/src/Crypto/Makefile.inc b/src/Crypto/Makefile.inc
index 86b7a6f..c8d2dfd 100644
--- a/src/Crypto/Makefile.inc
+++ b/src/Crypto/Makefile.inc
@@ -60,4 +60,8 @@ TC_ASM_ERR_LOG = ..\Driver\build_errors_asm.log
"$(OBJ_PATH)\$(O)\rdrand_ml.obj": rdrand_ml.asm
$(VC_MLEXE) $(VC_MLFLAGS) /Fo "$@" /c rdrand_ml.asm 2>$(TC_ASM_ERR_LOG)
+
+"$(OBJ_PATH)\$(O)\rdseed_ml.obj": rdseed_ml.asm
+ $(VC_MLEXE) $(VC_MLFLAGS) /Fo "$@" /c rdseed_ml.asm 2>$(TC_ASM_ERR_LOG)
+
diff --git a/src/Crypto/Sha2.c b/src/Crypto/Sha2.c
index 505ebb0..31cba7f 100644
--- a/src/Crypto/Sha2.c
+++ b/src/Crypto/Sha2.c
@@ -10,7 +10,7 @@ and released into public domain.
#include "Crypto/cpu.h"
#include "Crypto/misc.h"
-#ifdef _UEFI
+#if defined(_UEFI) || defined(CRYPTOPP_DISABLE_ASM)
#define NO_OPTIMIZED_VERSIONS
#endif
@@ -318,7 +318,7 @@ extern "C"
#endif
-CRYPTOPP_ALIGN_DATA(16) uint_32t SHA256_K[64] CRYPTOPP_SECTION_ALIGN16 = {
+CRYPTOPP_ALIGN_DATA(16) static const uint_32t SHA256_K[64] CRYPTOPP_SECTION_ALIGN16 = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
@@ -774,7 +774,7 @@ void sha256_begin(sha256_ctx* ctx)
if (!sha256transfunc)
{
#ifndef NO_OPTIMIZED_VERSIONS
-#ifdef _M_X64
+#if CRYPTOPP_BOOL_X64
if (g_isIntel && HasSAVX2() && HasSBMI2())
sha256transfunc = Avx2Sha256Transform;
else if (g_isIntel && HasSAVX())
diff --git a/src/Crypto/Sha2.h b/src/Crypto/Sha2.h
index 37625ce..7e90abf 100644
--- a/src/Crypto/Sha2.h
+++ b/src/Crypto/Sha2.h
@@ -22,7 +22,7 @@ extern "C" {
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(32)
#else
#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(16)
diff --git a/src/Crypto/Sources b/src/Crypto/Sources
index 2db68a7..9a1bef1 100644
--- a/src/Crypto/Sources
+++ b/src/Crypto/Sources
@@ -25,6 +25,7 @@ SOURCES = \
gost89_$(TC_ARCH).asm \
Aes_hw_cpu.asm \
rdrand_ml.asm \
+ rdseed_ml.asm \
Aeskey.c \
Aestab.c \
chacha-xmm.c \
diff --git a/src/Crypto/Twofish.c b/src/Crypto/Twofish.c
index 8ab5908..f0906f1 100644
--- a/src/Crypto/Twofish.c
+++ b/src/Crypto/Twofish.c
@@ -54,7 +54,7 @@
#define UNROLL_TWOFISH
#endif
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
/* these are 64-bit assembly implementation taken from https://github.com/jkivilin/supercop-blockciphers
Copyright © 2011-2013 Jussi Kivilinna <jussi.kivilinna@iki.fi>
@@ -630,7 +630,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])
uint32 b = rotl32(MDSQ[0][Q[0][Q[0][Q[1][Q[1][i + 1] ^ key[28]] ^ key[20]] ^ key[12]] ^ key[4]] ^ MDSQ[1][Q[0][Q[1][Q[1][Q[0][i + 1] ^ key[29]] ^ key[21]] ^ key[13]] ^ key[5]]
^ MDSQ[2][Q[1][Q[0][Q[0][Q[0][i + 1] ^ key[30]] ^ key[22]] ^ key[14]] ^ key[6]] ^ MDSQ[3][Q[1][Q[1][Q[0][Q[1][i + 1] ^ key[31]] ^ key[23]] ^ key[15]] ^ key[7]], 8);
a += b;
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
if (i < 8)
{
instance->w[i] = a;
@@ -998,7 +998,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])
#ifndef TC_MINIMIZE_CODE_SIZE
-#if (CRYPTOPP_BOOL_X64 == 0)
+#if (CRYPTOPP_BOOL_X64 == 0) || defined(CRYPTOPP_DISABLE_ASM)
void twofish_encrypt(TwofishInstance *ks, const u4byte in_blk[4], u4byte out_blk[4])
{
uint32* rk = ks->l_key;
@@ -1071,7 +1071,7 @@ void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte o
#ifndef TC_MINIMIZE_CODE_SIZE
-#if (CRYPTOPP_BOOL_X64 == 0)
+#if (CRYPTOPP_BOOL_X64 == 0) || defined(CRYPTOPP_DISABLE_ASM)
void twofish_decrypt(TwofishInstance *ks, const u4byte in_blk[4], u4byte out_blk[4])
{
uint32* rk = ks->l_key;
diff --git a/src/Crypto/Twofish.h b/src/Crypto/Twofish.h
index cec99c7..e74826e 100644
--- a/src/Crypto/Twofish.h
+++ b/src/Crypto/Twofish.h
@@ -35,7 +35,7 @@ extern "C"
#endif
typedef struct
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
u4byte mk_tab[4][256], w[8], k[32];
#else
u4byte l_key[40];
@@ -54,7 +54,7 @@ typedef struct
/* in_key must be 32-bytes long */
void twofish_set_key(TwofishInstance *instance, const u4byte in_key[]);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
void twofish_encrypt_blocks(TwofishInstance *instance, const byte* in_blk, byte* out_blk, uint32 blockCount);
void twofish_decrypt_blocks(TwofishInstance *instance, const byte* in_blk, byte* out_blk, uint32 blockCount);
#define twofish_encrypt(instance,in_blk,out_blk) twofish_encrypt_blocks(instance, (const byte*) in_blk, (byte*) out_blk, 1)
diff --git a/src/Crypto/Whirlpool.c b/src/Crypto/Whirlpool.c
index 35188c6..9452951 100644
--- a/src/Crypto/Whirlpool.c
+++ b/src/Crypto/Whirlpool.c
@@ -643,6 +643,20 @@ static const uint64 Whirlpool_C[8*256+R] = {
void WhirlpoolTransform(uint64 *digest, const uint64 *block)
{
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
+#if defined(__GNUC__) && (CRYPTOPP_GCC_VERSION <= 40407)
+ /* workaround for gcc 4.4.7 bug under CentOS which causes crash
+ * in inline assembly.
+ * This dummy check that is always false since "block" is aligned.
+ */
+ uint64 lb = (uint64) block;
+ if (lb % 16)
+ {
+ TC_THROW_FATAL_EXCEPTION;
+ }
+#endif
+#endif
+
+#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
if (HasISSE())
{
#ifdef __GNUC__
diff --git a/src/Crypto/cpu.c b/src/Crypto/cpu.c
index b831696..4aeb8d3 100644
--- a/src/Crypto/cpu.c
+++ b/src/Crypto/cpu.c
@@ -2,6 +2,9 @@
#include "cpu.h"
#include "misc.h"
+#if defined(_MSC_VER) && !defined(_UEFI)
+#include "rdrand.h"
+#endif
#ifndef EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER 1
@@ -218,8 +221,8 @@ VC_INLINE int IsAMD(const uint32 output[4])
{
// This is the "AuthenticAMD" string
return (output[1] /*EBX*/ == 0x68747541) &&
- (output[2] /*ECX*/ == 0x69746E65) &&
- (output[3] /*EDX*/ == 0x444D4163);
+ (output[2] /*ECX*/ == 0x444D4163) &&
+ (output[3] /*EDX*/ == 0x69746E65);
}
VC_INLINE int IsHygon(const uint32 output[4])
@@ -386,6 +389,32 @@ void DetectX86Features()
}
}
}
+#if defined(_MSC_VER) && !defined(_UEFI)
+ /* Add check fur buggy RDRAND (AMD Ryzen case) even if we always use RDSEED instead of RDRAND when RDSEED available */
+ if (g_hasRDRAND)
+ {
+ if ( RDRAND_getBytes ((unsigned char*) cpuid, sizeof (cpuid))
+ && (cpuid[0] == 0xFFFFFFFF) && (cpuid[1] == 0xFFFFFFFF)
+ && (cpuid[2] == 0xFFFFFFFF) && (cpuid[3] == 0xFFFFFFFF)
+ )
+ {
+ g_hasRDRAND = 0;
+ g_hasRDSEED = 0;
+ }
+ }
+
+ if (g_hasRDSEED)
+ {
+ if ( RDSEED_getBytes ((unsigned char*) cpuid, sizeof (cpuid))
+ && (cpuid[0] == 0xFFFFFFFF) && (cpuid[1] == 0xFFFFFFFF)
+ && (cpuid[2] == 0xFFFFFFFF) && (cpuid[3] == 0xFFFFFFFF)
+ )
+ {
+ g_hasRDRAND = 0;
+ g_hasRDSEED = 0;
+ }
+ }
+#endif
if (!g_cacheLineSize)
g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
diff --git a/src/Crypto/cpu.h b/src/Crypto/cpu.h
index ee8c16a..e7affae 100644
--- a/src/Crypto/cpu.h
+++ b/src/Crypto/cpu.h
@@ -25,7 +25,7 @@
#define ATT_NOPREFIX
#endif
-#ifdef _MSC_VER
+#if defined (_MSC_VER) && !defined (TC_WINDOWS_BOOT)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
#if defined(__cplusplus)
extern "C" {
@@ -144,6 +144,7 @@ extern __m128i _mm_set1_epi64x (__int64 a);
#endif
#if CRYPTOPP_SSSE3_AVAILABLE || defined(__INTEL_COMPILER)
+#if defined (_MSC_VER) && !defined (TC_WINDOWS_BOOT)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
#if defined(__cplusplus)
extern "C" {
@@ -155,6 +156,7 @@ extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b);
#else
#include <tmmintrin.h>
#endif
+#endif
#if defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
diff --git a/src/Crypto/jitterentropy-base-user.h b/src/Crypto/jitterentropy-base-user.h
index cbb2f47..a4f5cb4 100644
--- a/src/Crypto/jitterentropy-base-user.h
+++ b/src/Crypto/jitterentropy-base-user.h
@@ -1,7 +1,7 @@
/*
* Non-physical true random number generator based on timing jitter.
*
- * Copyright Stephan Mueller <smueller@chronox.de>, 2013
+ * Copyright Stephan Mueller <smueller@chronox.de>, 2013 - 2019
*
* License
* =======
@@ -35,7 +35,7 @@
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
- e USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
+ * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
@@ -49,8 +49,6 @@
#include <stdlib.h>
#include <string.h>
-typedef uint64 __u64;
-
#ifdef _MSC_VER
typedef uint64 uint64_t;
@@ -70,17 +68,19 @@ typedef int32 ssize_t;
#endif
#endif
-static VC_INLINE void jent_get_nstime(__u64 *out)
+static VC_INLINE void jent_get_nstime(uint64 *out)
{
*out = __rdtsc();;
}
#else
+#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
+
/* taken from Linux kernel */
#if CRYPTOPP_BOOL_X64
#define DECLARE_ARGS(val, low, high) unsigned low, high
-#define EAX_EDX_VAL(val, low, high) ((low) | ((__u64)(high) << 32))
+#define EAX_EDX_VAL(val, low, high) ((low) | ((uint64)(high) << 32))
#define EAX_EDX_RET(val, low, high) "=a" (low), "=d" (high)
#else
#define DECLARE_ARGS(val, low, high) unsigned long long val
@@ -88,16 +88,42 @@ static VC_INLINE void jent_get_nstime(__u64 *out)
#define EAX_EDX_RET(val, low, high) "=A" (val)
#endif
-static VC_INLINE void jent_get_nstime(__u64 *out)
+VC_INLINE void jent_get_nstime(uint64 *out)
{
DECLARE_ARGS(val, low, high);
asm volatile("rdtsc" : EAX_EDX_RET(val, low, high));
*out = EAX_EDX_VAL(val, low, high);
}
+#else
+
+#include <time.h>
+
+VC_INLINE void jent_get_nstime(uint64 *out)
+{
+ /* we could use CLOCK_MONOTONIC(_RAW), but with CLOCK_REALTIME
+ * we get some nice extra entropy once in a while from the NTP actions
+ * that we want to use as well... though, we do not rely on that
+ * extra little entropy */
+ uint64_t tmp = 0;
+ struct timespec time;
+ if (clock_gettime(CLOCK_REALTIME, &time) == 0)
+ {
+ tmp = time.tv_sec;
+ tmp = tmp << 32;
+ tmp = tmp | time.tv_nsec;
+ }
+ *out = tmp;
+}
+
+#endif
+
#endif
-static VC_INLINE void *jent_zalloc(size_t len)
+#ifdef _MSC_VER
+static
+#endif
+VC_INLINE void *jent_zalloc(size_t len)
{
void *tmp = NULL;
tmp = TCalloc(len);
@@ -111,7 +137,10 @@ static VC_INLINE void *jent_zalloc(size_t len)
return tmp;
}
-static VC_INLINE void jent_zfree(void *ptr, unsigned int len)
+#ifdef _MSC_VER
+static
+#endif
+VC_INLINE void jent_zfree(void *ptr, unsigned int len)
{
if (len % 8)
burn(ptr, len);
@@ -123,7 +152,10 @@ static VC_INLINE void jent_zfree(void *ptr, unsigned int len)
TCfree(ptr);
}
-static VC_INLINE int jent_fips_enabled(void)
+#ifdef _MSC_VER
+static
+#endif
+VC_INLINE int jent_fips_enabled(void)
{
return 0;
}
diff --git a/src/Crypto/jitterentropy-base.c b/src/Crypto/jitterentropy-base.c
index c05f0c3..c3856b4 100644
--- a/src/Crypto/jitterentropy-base.c
+++ b/src/Crypto/jitterentropy-base.c
@@ -1,7 +1,7 @@
/*
* Non-physical true random number generator based on timing jitter.
*
- * Copyright Stephan Mueller <smueller@chronox.de>, 2014 - 2018
+ * Copyright Stephan Mueller <smueller@chronox.de>, 2014 - 2019
*
* Design
* ======
@@ -11,7 +11,7 @@
* Interface
* =========
*
- * See documentation in doc/ folder.
+ * See documentation in jitterentropy(3) man page.
*
* License
* =======
@@ -51,34 +51,44 @@
/* Adapted for VeraCrypt */
+
+#ifdef TC_WINDOWS_DRIVER
+#define UINT64_MAX 0xffffffffffffffffU
+#else
+#include <stdint.h>
+#endif
+
#undef _FORTIFY_SOURCE
#ifdef _MSC_VER
#pragma optimize( "", off )
#pragma warning(disable:4242 4244 4334) /* disable warnings on the original code */
#else
-#pragma GCC optimize ("O0")
+#if defined(__clang__)
+ #pragma clang optimize off
+#elif defined (__GNUC__)
+ #pragma GCC optimize ("O0")
+#endif
#endif
#include "jitterentropy.h"
-#ifndef CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT
- /* only check optimization in a compilation for real work */
- #ifdef __OPTIMIZE__
- #error "The CPU Jitter random number generator must not be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitterentropy-base.c."
- #endif
+#ifdef __OPTIMIZE__
+ #error "The CPU Jitter random number generator must not be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitterentropy-base.c."
#endif
#define MAJVERSION 2 /* API / ABI incompatible changes, functional changes that
* require consumer to be updated (as long as this number
* is zero, the API is not considered stable and can
* change without a bump of the major version) */
-#define MINVERSION 1 /* API compatible, ABI may change, functional
+#define MINVERSION 2 /* API compatible, ABI may change, functional
* enhancements only, consumer can be left unchanged if
* enhancements are not considered */
-#define PATCHLEVEL 2 /* API / ABI compatible, no functional changes, no
+#define PATCHLEVEL 0 /* API / ABI compatible, no functional changes, no
* enhancements, bug fixes only */
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+
/**
* jent_version() - Return machine-usable version number of jent library
*
@@ -90,7 +100,7 @@
* The result of this function can be used in comparing the version number
* in a calling program if version-specific calls need to be make.
*
- * Return: Version number of jitterentropy library
+ * @return Version number of jitterentropy library
*/
JENT_PRIVATE_STATIC
unsigned int jent_version(void)
@@ -104,15 +114,206 @@ unsigned int jent_version(void)
return version;
}
+/***************************************************************************
+ * Adaptive Proportion Test
+ *
+ * This test complies with SP800-90B section 4.4.2.
+ ***************************************************************************/
+
+/**
+ * Reset the APT counter
+ *
+ * @ec [in] Reference to entropy collector
+ */
+static void jent_apt_reset(struct rand_data *ec, unsigned int delta_masked)
+{
+ /* Reset APT counter */
+ ec->apt_count = 0;
+ ec->apt_base = delta_masked;
+ ec->apt_observations = 0;
+}
+
+/**
+ * Insert a new entropy event into APT
+ *
+ * @ec [in] Reference to entropy collector
+ * @delta_masked [in] Masked time delta to process
+ */
+static void jent_apt_insert(struct rand_data *ec, unsigned int delta_masked)
+{
+ /* Initialize the base reference */
+ if (!ec->apt_base_set) {
+ ec->apt_base = delta_masked;
+ ec->apt_base_set = 1;
+ return;
+ }
+
+ if (delta_masked == ec->apt_base) {
+ ec->apt_count++;
+
+ if (ec->apt_count >= JENT_APT_CUTOFF)
+ ec->health_failure = 1;
+ }
+
+ ec->apt_observations++;
+
+ if (ec->apt_observations >= JENT_APT_WINDOW_SIZE)
+ jent_apt_reset(ec, delta_masked);
+}
+
+/***************************************************************************
+ * Stuck Test and its use as Repetition Count Test
+ *
+ * The Jitter RNG uses an enhanced version of the Repetition Count Test
+ * (RCT) specified in SP800-90B section 4.4.1. Instead of counting identical
+ * back-to-back values, the input to the RCT is the counting of the stuck
+ * values during the generation of one Jitter RNG output block.
+ *
+ * The RCT is applied with an alpha of 2^{-30} compliant to FIPS 140-2 IG 9.8.
+ *
+ * During the counting operation, the Jitter RNG always calculates the RCT
+ * cut-off value of C. If that value exceeds the allowed cut-off value,
+ * the Jitter RNG output block will be calculated completely but discarded at
+ * the end. The caller of the Jitter RNG is informed with an error code.
+ ***************************************************************************/
+
+/**
+ * Repetition Count Test as defined in SP800-90B section 4.4.1
+ *
+ * @ec [in] Reference to entropy collector
+ * @stuck [in] Indicator whether the value is stuck
+ */
+static void jent_rct_insert(struct rand_data *ec, int stuck)
+{
+ /*
+ * If we have a count less than zero, a previous RCT round identified
+ * a failure. We will not overwrite it.
+ */
+ if (ec->rct_count < 0)
+ return;
+
+ if (stuck) {
+ ec->rct_count++;
+
+ /*
+ * The cutoff value is based on the following consideration:
+ * alpha = 2^-30 as recommended in FIPS 140-2 IG 9.8.
+ * In addition, we require an entropy value H of 1/OSR as this
+ * is the minimum entropy required to provide full entropy.
+ * Note, we collect 64 * OSR deltas for inserting them into
+ * the entropy pool which should then have (close to) 64 bits
+ * of entropy.
+ *
+ * Note, ec->rct_count (which equals to value B in the pseudo
+ * code of SP800-90B section 4.4.1) starts with zero. Hence
+ * we need to subtract one from the cutoff value as calculated
+ * following SP800-90B.
+ */
+ if ((unsigned int)ec->rct_count >= (30 * ec->osr)) {
+ ec->rct_count = -1;
+ ec->health_failure = 1;
+ }
+ } else {
+ ec->rct_count = 0;
+ }
+}
+
+/**
+ * Is there an RCT health test failure?
+ *
+ * @ec [in] Reference to entropy collector
+ *
+ * @return
+ * 0 No health test failure
+ * 1 Permanent health test failure
+ */
+static int jent_rct_failure(struct rand_data *ec)
+{
+ if (ec->rct_count < 0)
+ return 1;
+ return 0;
+}
+
+#ifdef _MSC_VER
+static
+#endif
+VC_INLINE uint64_t jent_delta(uint64_t prev, uint64_t next)
+{
+ return (prev < next) ? (next - prev) : (UINT64_MAX - prev + 1 + next);
+}
+
+/**
+ * Stuck test by checking the:
+ * 1st derivative of the jitter measurement (time delta)
+ * 2nd derivative of the jitter measurement (delta of time deltas)
+ * 3rd derivative of the jitter measurement (delta of delta of time deltas)
+ *
+ * All values must always be non-zero.
+ *
+ * @ec [in] Reference to entropy collector
+ * @current_delta [in] Jitter time delta
+ *
+ * @return
+ * 0 jitter measurement not stuck (good bit)
+ * 1 jitter measurement stuck (reject bit)
+ */
+static int jent_stuck(struct rand_data *ec, uint64_t current_delta)
+{
+ uint64_t delta2 = jent_delta(ec->last_delta, current_delta);
+ uint64_t delta3 = jent_delta(ec->last_delta2, delta2);
+ unsigned int delta_masked = current_delta & JENT_APT_WORD_MASK;
+
+ ec->last_delta = current_delta;
+ ec->last_delta2 = delta2;
+
+ /*
+ * Insert the result of the comparison of two back-to-back time
+ * deltas.
+ */
+ jent_apt_insert(ec, delta_masked);
+
+ if (!current_delta || !delta2 || !delta3) {
+ /* RCT with a stuck bit */
+ jent_rct_insert(ec, 1);
+ return 1;
+ }
+
+ /* RCT with a non-stuck bit */
+ jent_rct_insert(ec, 0);
+
+ return 0;
+}
+
+/**
+ * Report any health test failures
+ *
+ * @ec [in] Reference to entropy collector
+ *
+ * @return
+ * 0 No health test failure
+ * 1 Permanent health test failure
+ */
+static int jent_health_failure(struct rand_data *ec)
+{
+ /* Test is only enabled in FIPS mode */
+ if (!ec->fips_enabled)
+ return 0;
+
+ return ec->health_failure;
+}
+
+/***************************************************************************
+ * Noise sources
+ ***************************************************************************/
+
/**
* Update of the loop count used for the next round of
* an entropy collection.
*
- * Input:
- * @ec entropy collector struct -- may be NULL
- * @bits is the number of low bits of the timer to consider
- * @min is the number of bits we shift the timer value to the right at
- * the end to make sure we have a guaranteed minimum value
+ * @ec [in] entropy collector struct -- may be NULL
+ * @bits [in] is the number of low bits of the timer to consider
+ * @min [in] is the number of bits we shift the timer value to the right at
+ * the end to make sure we have a guaranteed minimum value
*
* @return Newly calculated loop counter
*/
@@ -147,10 +348,6 @@ static uint64_t jent_loop_shuffle(struct rand_data *ec,
return (shuffle + (1<<min));
}
-/***************************************************************************
- * Noise sources
- ***************************************************************************/
-
/**
* CPU Jitter noise source -- this is the noise source based on the CPU
* execution time jitter
@@ -161,30 +358,27 @@ static uint64_t jent_loop_shuffle(struct rand_data *ec,
* The code is deliberately inefficient with respect to the bit shifting
* and shall stay that way. This function is the root cause why the code
* shall be compiled without optimization. This function not only acts as
- * folding operation, but this function's execution is used to measure
+ * LFSR operation, but this function's execution is used to measure
* the CPU execution time jitter. Any change to the loop in this function
* implies that careful retesting must be done.
*
- * Input:
- * @ec entropy collector struct -- may be NULL
- * @time time stamp to be injected
- * @loop_cnt if a value not equal to 0 is set, use the given value as number of
- * loops to perform the folding
+ * @ec [in] entropy collector struct -- may be NULL
+ * @time [in] time stamp to be injected
+ * @loop_cnt [in] if a value not equal to 0 is set, use the given value as
+ * number of loops to perform the LFSR
*
* Output:
* updated ec->data
- *
- * @return Number of loops the folding operation is performed
*/
-static uint64_t jent_lfsr_time(struct rand_data *ec, uint64_t time,
- uint64_t loop_cnt)
+static void jent_lfsr_time(struct rand_data *ec, uint64_t time,
+ uint64_t loop_cnt, int stuck)
{
unsigned int i;
uint64_t j = 0;
uint64_t new = 0;
#define MAX_FOLD_LOOP_BIT 4
#define MIN_FOLD_LOOP_BIT 0
- uint64_t fold_loop_cnt =
+ uint64_t lfsr_loop_cnt =
jent_loop_shuffle(ec, MAX_FOLD_LOOP_BIT, MIN_FOLD_LOOP_BIT);
/*
@@ -192,8 +386,8 @@ static uint64_t jent_lfsr_time(struct rand_data *ec, uint64_t time,
* needed during runtime
*/
if (loop_cnt)
- fold_loop_cnt = loop_cnt;
- for (j = 0; j < fold_loop_cnt; j++) {
+ lfsr_loop_cnt = loop_cnt;
+ for (j = 0; j < lfsr_loop_cnt; j++) {
new = ec->data;
for (i = 1; (DATA_SIZE_BITS) >= i; i++) {
uint64_t tmp = time << (DATA_SIZE_BITS - i);
@@ -220,9 +414,17 @@ static uint64_t jent_lfsr_time(struct rand_data *ec, uint64_t time,
new ^= tmp;
}
}
- ec->data = new;
- return fold_loop_cnt;
+ /*
+ * If the time stamp is stuck, do not finally insert the value into
+ * the entropy pool. Although this operation should not do any harm
+ * even when the time stamp has no entropy, SP800-90B requires that
+ * any conditioning operation (SP800-90B considers the LFSR to be a
+ * conditioning operation) to have an identical amount of input
+ * data according to section 3.1.5.
+ */
+ if (!stuck)
+ ec->data = new;
}
/**
@@ -243,16 +445,13 @@ static uint64_t jent_lfsr_time(struct rand_data *ec, uint64_t time,
* to reliably access either L3 or memory, the ec->mem memory must be quite
* large which is usually not desirable.
*
- * Input:
- * @ec Reference to the entropy collector with the memory access data -- if
- * the reference to the memory block to be accessed is NULL, this noise
- * source is disabled
- * @loop_cnt if a value not equal to 0 is set, use the given value as number of
- * loops to perform the folding
- *
- * @return Number of memory access operations
+ * @ec [in] Reference to the entropy collector with the memory access data -- if
+ * the reference to the memory block to be accessed is NULL, this noise
+ * source is disabled
+ * @loop_cnt [in] if a value not equal to 0 is set, use the given value as
+ * number of loops to perform the folding
*/
-static unsigned int jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
+static void jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
{
unsigned int wrap = 0;
uint64_t i = 0;
@@ -262,7 +461,7 @@ static unsigned int jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
jent_loop_shuffle(ec, MAX_ACC_LOOP_BIT, MIN_ACC_LOOP_BIT);
if (NULL == ec || NULL == ec->mem)
- return 0;
+ return;
wrap = ec->memblocksize * ec->memblocks;
/*
@@ -288,43 +487,11 @@ static unsigned int jent_memaccess(struct rand_data *ec, uint64_t loop_cnt)
ec->memlocation = ec->memlocation + ec->memblocksize - 1;
ec->memlocation = ec->memlocation % wrap;
}
- return i;
}
/***************************************************************************
* Start of entropy processing logic
***************************************************************************/
-
-/**
- * Stuck test by checking the:
- * 1st derivation of the jitter measurement (time delta)
- * 2nd derivation of the jitter measurement (delta of time deltas)
- * 3rd derivation of the jitter measurement (delta of delta of time deltas)
- *
- * All values must always be non-zero.
- *
- * Input:
- * @ec Reference to entropy collector
- * @current_delta Jitter time delta
- *
- * @return
- * 0 jitter measurement not stuck (good bit)
- * 1 jitter measurement stuck (reject bit)
- */
-static int jent_stuck(struct rand_data *ec, uint64_t current_delta)
-{
- int64_t delta2 = ec->last_delta - current_delta;
- int64_t delta3 = delta2 - ec->last_delta2;
-
- ec->last_delta = current_delta;
- ec->last_delta2 = delta2;
-
- if (!current_delta || !delta2 || !delta3)
- return 1;
-
- return 0;
-}
-
/**
* This is the heart of the entropy generation: calculate time deltas and
* use the CPU jitter in the time deltas. The jitter is injected into the
@@ -334,8 +501,7 @@ static int jent_stuck(struct rand_data *ec, uint64_t current_delta)
* of this function! This can be done by calling this function
* and not using its result.
*
- * Input:
- * @entropy_collector Reference to entropy collector
+ * @ec [in] Reference to entropy collector
*
* @return: result of stuck test
*/
@@ -343,6 +509,7 @@ static int jent_measure_jitter(struct rand_data *ec)
{
uint64_t time = 0;
uint64_t current_delta = 0;
+ int stuck;
/* Invoke one noise source before time measurement to add variations */
jent_memaccess(ec, 0);
@@ -352,22 +519,23 @@ static int jent_measure_jitter(struct rand_data *ec)
* invocation to measure the timing variations
*/
jent_get_nstime(&time);
- current_delta = time - ec->prev_time;
+ current_delta = jent_delta(ec->prev_time, time);
ec->prev_time = time;
+ /* Check whether we have a stuck measurement. */
+ stuck = jent_stuck(ec, current_delta);
+
/* Now call the next noise sources which also injects the data */
- jent_lfsr_time(ec, current_delta, 0);
+ jent_lfsr_time(ec, current_delta, 0, stuck);
- /* Check whether we have a stuck measurement. */
- return jent_stuck(ec, current_delta);
+ return stuck;
}
/**
* Generator of one 64 bit random number
* Function fills rand_data->data
*
- * Input:
- * @ec Reference to entropy collector
+ * @ec [in] Reference to entropy collector
*/
static void jent_gen_entropy(struct rand_data *ec)
{
@@ -391,41 +559,6 @@ static void jent_gen_entropy(struct rand_data *ec)
}
/**
- * The continuous test required by FIPS 140-2 -- the function automatically
- * primes the test if needed.
- *
- * Return:
- * 0 if FIPS test passed
- * < 0 if FIPS test failed
- */
-static int jent_fips_test(struct rand_data *ec)
-{
- if (ec->fips_enabled == -1)
- return 0;
-
- if (ec->fips_enabled == 0) {
- if (!jent_fips_enabled()) {
- ec->fips_enabled = -1;
- return 0;
- } else
- ec->fips_enabled = 1;
- }
-
- /* prime the FIPS test */
- if (!ec->old_data) {
- ec->old_data = ec->data;
- jent_gen_entropy(ec);
- }
-
- if (ec->data == ec->old_data)
- return -1;
-
- ec->old_data = ec->data;
-
- return 0;
-}
-
-/**
* Entry function: Obtain entropy for the caller.
*
* This function invokes the entropy gathering logic as often to generate
@@ -435,18 +568,18 @@ static int jent_fips_test(struct rand_data *ec)
* This function truncates the last 64 bit entropy value output to the exact
* size specified by the caller.
*
- * Input:
- * @ec Reference to entropy collector
- * @data pointer to buffer for storing random data -- buffer must already
- * exist
- * @len size of the buffer, specifying also the requested number of random
- * in bytes
+ * @ec [in] Reference to entropy collector
+ * @data [out] pointer to buffer for storing random data -- buffer must
+ * already exist
+ * @len [in] size of the buffer, specifying also the requested number of random
+ * in bytes
*
* @return number of bytes returned when request is fulfilled or an error
*
* The following error codes can occur:
* -1 entropy_collector is NULL
- * -2 FIPS test failed
+ * -2 RCT failed
+ * -3 Chi-Squared test failed
*/
JENT_PRIVATE_STATIC
ssize_t jent_read_entropy(struct rand_data *ec, char *data, size_t len)
@@ -461,8 +594,13 @@ ssize_t jent_read_entropy(struct rand_data *ec, char *data, size_t len)
size_t tocopy;
jent_gen_entropy(ec);
- if (jent_fips_test(ec))
- return -2;
+
+ if (jent_health_failure(ec)) {
+ if (jent_rct_failure(ec))
+ return -2;
+ else
+ return -3;
+ }
if ((DATA_SIZE_BITS / 8) < len)
tocopy = (DATA_SIZE_BITS / 8);
@@ -529,11 +667,8 @@ struct rand_data *jent_entropy_collector_alloc(unsigned int osr,
osr = 1; /* minimum sampling rate is 1 */
entropy_collector->osr = osr;
- entropy_collector->stir = 1;
- if (flags & JENT_DISABLE_STIR)
- entropy_collector->stir = 0;
- if (flags & JENT_DISABLE_UNBIAS)
- entropy_collector->disable_unbias = 1;
+ if (jent_fips_enabled())
+ entropy_collector->fips_enabled = 1;
/* fill the data pad with non-zero values */
jent_gen_entropy(entropy_collector);
@@ -559,6 +694,7 @@ int jent_entropy_init(void)
int i;
uint64_t delta_sum = 0;
uint64_t old_delta = 0;
+ unsigned int nonstuck = 0;
int time_backwards = 0;
int count_mod = 0;
int count_stuck = 0;
@@ -566,6 +702,11 @@ int jent_entropy_init(void)
memset(&ec, 0, sizeof(ec));
+ /* Required for RCT */
+ ec.osr = 1;
+ if (jent_fips_enabled())
+ ec.fips_enabled = 1;
+
/* We could perform statistical tests here, but the problem is
* that we only have a few loop counts to do testing. These
* loop counts may show some slight skew and we produce
@@ -587,8 +728,10 @@ int jent_entropy_init(void)
/*
* TESTLOOPCOUNT needs some loops to identify edge systems. 100 is
* definitely too little.
+ *
+ * SP800-90B requires at least 1024 initial test cycles.
*/
-#define TESTLOOPCOUNT 300
+#define TESTLOOPCOUNT 1024
#define CLEARCACHE 100
for (i = 0; (TESTLOOPCOUNT + CLEARCACHE) > i; i++) {
uint64_t time = 0;
@@ -600,13 +743,14 @@ int jent_entropy_init(void)
/* Invoke core entropy collection logic */
jent_get_nstime(&time);
ec.prev_time = time;
- jent_lfsr_time(&ec, time, 0);
+ jent_memaccess(&ec, 0);
+ jent_lfsr_time(&ec, time, 0, 0);
jent_get_nstime(&time2);
/* test whether timer works */
if (!time || !time2)
return ENOTIME;
- delta = time2 - time;
+ delta = jent_delta(time, time2);
/*
* test whether timer is fine grained enough to provide
* delta even when called shortly after each other -- this
@@ -629,13 +773,35 @@ int jent_entropy_init(void)
if (stuck)
count_stuck++;
+ else {
+ nonstuck++;
+
+ /*
+ * Ensure that the APT succeeded.
+ *
+ * With the check below that count_stuck must be less
+ * than 10% of the overall generated raw entropy values
+ * it is guaranteed that the APT is invoked at
+ * floor((TESTLOOPCOUNT * 0.9) / 64) == 14 times.
+ */
+ if ((nonstuck % JENT_APT_WINDOW_SIZE) == 0) {
+ jent_apt_reset(&ec,
+ delta & JENT_APT_WORD_MASK);
+ if (jent_health_failure(&ec))
+ return EHEALTH;
+ }
+ }
+
+ /* Validate RCT */
+ if (jent_rct_failure(&ec))
+ return ERCT;
/* test whether we have an increasing timer */
if (!(time2 > time))
time_backwards++;
/* use 32 bit value to ensure compilation on 32 bit arches */
- lowdelta = time2 - time;
+ lowdelta = (uint64_t)time2 - (uint64_t)time;
if (!(lowdelta % 100))
count_mod++;
@@ -682,32 +848,8 @@ int jent_entropy_init(void)
* If we have more than 90% stuck results, then this Jitter RNG is
* likely to not work well.
*/
- if (JENT_STUCK_INIT_THRES(TESTLOOPCOUNT) < count_stuck)
+ if ((TESTLOOPCOUNT/10 * 9) < count_stuck)
return ESTUCK;
return 0;
}
-
-/***************************************************************************
- * Statistical test logic not compiled for regular operation
- ***************************************************************************/
-
-#ifdef CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT
-/*
- * Statistical test: return the time duration for the folding operation. If min
- * is set, perform the given number of LFSR ops. Otherwise, allow the
- * loop count shuffling to define the number of LFSR ops.
- */
-JENT_PRIVATE_STATIC
-uint64_t jent_lfsr_var_stat(struct rand_data *ec, unsigned int min)
-{
- uint64_t time = 0;
- uint64_t time2 = 0;
-
- jent_get_nstime(&time);
- jent_memaccess(ec, min);
- jent_lfsr_time(ec, time, min);
- jent_get_nstime(&time2);
- return ((time2 - time));
-}
-#endif /* CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT */
diff --git a/src/Crypto/jitterentropy.h b/src/Crypto/jitterentropy.h
index b692993..3dd6901 100644
--- a/src/Crypto/jitterentropy.h
+++ b/src/Crypto/jitterentropy.h
@@ -1,7 +1,7 @@
ÔĽŅ/*
* Non-physical true random number generator based on timing jitter.
*
- * Copyright Stephan Mueller <smueller@chronox.de>, 2014
+ * Copyright Stephan Mueller <smueller@chronox.de>, 2014 - 2019
*
* License
* =======
@@ -53,32 +53,45 @@ struct rand_data
* of the RNG are marked as SENSITIVE. A user must not
* access that information while the RNG executes its loops to
* calculate the next random value. */
- uint64_t data; /* SENSITIVE Actual random number */
- uint64_t old_data; /* SENSITIVE Previous random number */
- uint64_t prev_time; /* SENSITIVE Previous time stamp */
+ uint64_t data; /* SENSITIVE Actual random number */
+ uint64_t prev_time; /* SENSITIVE Previous time stamp */
#define DATA_SIZE_BITS ((sizeof(uint64_t)) * 8)
- uint64_t last_delta; /* SENSITIVE stuck test */
- int64_t last_delta2; /* SENSITIVE stuck test */
- unsigned int osr; /* Oversample rate */
- int fips_enabled; /* FIPS enabled? */
- unsigned int stir:1; /* Post-processing stirring */
- unsigned int disable_unbias:1; /* Deactivate Von-Neuman unbias */
+ uint64_t last_delta; /* SENSITIVE stuck test */
+ uint64_t last_delta2; /* SENSITIVE stuck test */
+ unsigned int osr; /* Oversampling rate */
#define JENT_MEMORY_BLOCKS 64
#define JENT_MEMORY_BLOCKSIZE 32
#define JENT_MEMORY_ACCESSLOOPS 128
#define JENT_MEMORY_SIZE (JENT_MEMORY_BLOCKS*JENT_MEMORY_BLOCKSIZE)
- unsigned char *mem; /* Memory access location with size of
- * memblocks * memblocksize */
- unsigned int memlocation; /* Pointer to byte in *mem */
- unsigned int memblocks; /* Number of memory blocks in *mem */
- unsigned int memblocksize; /* Size of one memory block in bytes */
- unsigned int memaccessloops; /* Number of memory accesses per random
- * bit generation */
+ unsigned char *mem; /* Memory access location with size of
+ * memblocks * memblocksize */
+ unsigned int memlocation; /* Pointer to byte in *mem */
+ unsigned int memblocks; /* Number of memory blocks in *mem */
+ unsigned int memblocksize; /* Size of one memory block in bytes */
+ unsigned int memaccessloops; /* Number of memory accesses per random
+ * bit generation */
+
+ /* Repetition Count Test */
+ int rct_count; /* Number of stuck values */
+
+ /* Adaptive Proportion Test for a significance level of 2^-30 */
+#define JENT_APT_CUTOFF 325 /* Taken from SP800-90B sec 4.4.2 */
+#define JENT_APT_WINDOW_SIZE 512 /* Data window size */
+ /* LSB of time stamp to process */
+#define JENT_APT_LSB 16
+#define JENT_APT_WORD_MASK (JENT_APT_LSB - 1)
+ unsigned int apt_observations; /* Number of collected observations */
+ unsigned int apt_count; /* APT counter */
+ unsigned int apt_base; /* APT base reference */
+ unsigned int apt_base_set:1; /* APT base reference set? */
+
+ unsigned int fips_enabled:1;
+ unsigned int health_failure:1; /* Permanent health failure */
};
/* Flags that can be used to initialize the RNG */
-#define JENT_DISABLE_STIR (1<<0) /* Disable stirring the entropy pool */
-#define JENT_DISABLE_UNBIAS (1<<1) /* Disable the Von-Neuman Unbiaser */
+#define JENT_DISABLE_STIR (1<<0) /* UNUSED */
+#define JENT_DISABLE_UNBIAS (1<<1) /* UNUSED */
#define JENT_DISABLE_MEMORY_ACCESS (1<<2) /* Disable memory access for more
entropy, saves MEMORY_SIZE RAM for
entropy collector */
@@ -137,6 +150,8 @@ unsigned int jent_version(void);
#define EMINVARVAR 6 /* Timer variations of variations is too small */
#define EPROGERR 7 /* Programming error */
#define ESTUCK 8 /* Too many stuck results during init. */
+#define EHEALTH 9 /* Health test failed during initialization */
+#define ERCT 10 /* RCT failed during initialization */
/* -- BEGIN statistical test functions only complied with CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT -- */
diff --git a/src/Crypto/rdrand_ml.asm b/src/Crypto/rdrand_ml.asm
index 1579a15..4b85f7f 100644
--- a/src/Crypto/rdrand_ml.asm
+++ b/src/Crypto/rdrand_ml.asm
@@ -1,9 +1,9 @@
;; rdrand.asm - written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
;; Copyright assigned to the Crypto++ project.
-;; This ASM file provides RDRAND and RDSEED to downlevel Microsoft tool chains.
-;; Everything "just works" under Visual Studio. Other platforms will have to
-;; run MASM/MASM-64 and then link to the object files.
+;; This ASM file provides RDRAND to downlevel Microsoft tool chains.
+;; Everything "just works" under Visual Studio. Other platforms will
+;; have to run MASM/MASM-64 and then link to the object files.
;; set ASFLAGS=/nologo /D_M_X86 /W3 /Cx /Zi /safeseh
;; set ASFLAGS64=/nologo /D_M_X64 /W3 /Cx /Zi
@@ -13,11 +13,10 @@
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-TITLE MASM_RDRAND_GenerateBlock and MASM_RDSEED_GenerateBlock
-SUBTITLE Microsoft specific ASM code to utilize RDRAND and RDSEED for down level Microsoft toolchains
+TITLE MASM_RDRAND_GenerateBlock source file
+SUBTITLE Microsoft specific ASM code to utilize RDRAND for down level Microsoft toolchains
PUBLIC MASM_RDRAND_GenerateBlock
-PUBLIC MASM_RDSEED_GenerateBlock
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -38,7 +37,6 @@ IFDEF _M_X86 ;; Set via the command line
;; Fastcall calling conventions exports
ALIAS <@MASM_RDRAND_GenerateBlock@8> = <MASM_RDRAND_GenerateBlock>
-ALIAS <@MASM_RDSEED_GenerateBlock@8> = <MASM_RDSEED_GenerateBlock>
ENDIF
@@ -63,13 +61,13 @@ MASM_RDRAND_GenerateBlock PROC ;; arg1:DWORD, arg2:DWORD
bsize EQU edx
;; Top of While loop
-GenerateBlock_Top:
+RDRAND_GenerateBlock_Top:
;; Check remaining size
cmp bsize, 0
- je GenerateBlock_Return
+ je RDRAND_GenerateBlock_Return
-Call_RDRAND_EAX:
+RDRAND_Call_EAX:
;; RDRAND is not available prior to VS2012. Just emit
;; the byte codes using DB. This is `rdrand eax`.
DB 0Fh, 0C7h, 0F0h
@@ -78,46 +76,48 @@ Call_RDRAND_EAX:
;; If CF=0, a random number was not available.
;; Retry immediately
- jnc Call_RDRAND_EAX
+ jnc RDRAND_Call_EAX
RDRAND_succeeded:
cmp bsize, MWSIZE
- jb Partial_Machine_Word
+ jb RDRAND_Partial_Machine_Word
-Full_Machine_Word:
+RDRAND_Full_Machine_Word:
mov DWORD PTR [buffer], eax
add buffer, MWSIZE ;; No need for Intel Core 2 slow workarounds, like
sub bsize, MWSIZE ;; `lea buffer,[buffer+MWSIZE]` for faster adds
;; Continue
- jmp GenerateBlock_Top
+ jmp RDRAND_GenerateBlock_Top
;; 1,2,3 bytes remain
-Partial_Machine_Word:
+RDRAND_Partial_Machine_Word:
;; Test bit 1 to see if size is at least 2
test bsize, 2
- jz Bit_1_Not_Set
+ jz RDRAND_Bit_1_Not_Set
mov WORD PTR [buffer], ax
shr eax, 16
add buffer, 2
-Bit_1_Not_Set:
+RDRAND_Bit_1_Not_Set:
;; Test bit 0 to see if size is at least 1
test bsize, 1
- jz Bit_0_Not_Set
+ jz RDRAND_Bit_0_Not_Set
mov BYTE PTR [buffer], al
+ ;; shr ax, 8
+ ;; add buffer, 1
-Bit_0_Not_Set:
+RDRAND_Bit_0_Not_Set:
;; We've hit all the bits
-GenerateBlock_Return:
+RDRAND_GenerateBlock_Return:
;; Clear artifacts
xor eax, eax
@@ -127,9 +127,6 @@ MASM_RDRAND_GenerateBlock ENDP
ENDIF ;; _M_X86
-OPTION PROLOGUE:PrologueDef
-OPTION EPILOGUE:EpilogueDef
-
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -151,13 +148,13 @@ MASM_RDRAND_GenerateBlock PROC ;; arg1:QWORD, arg2:QWORD
bsize EQU rdx
;; Top of While loop
-GenerateBlock_Top:
+RDRAND_GenerateBlock_Top:
;; Check remaining size
cmp bsize, 0
- je GenerateBlock_Return
+ je RDRAND_GenerateBlock_Return
-Call_RDRAND_RAX:
+RDRAND_Call_RAX:
;; RDRAND is not available prior to VS2012. Just emit
;; the byte codes using DB. This is `rdrand rax`.
DB 048h, 0Fh, 0C7h, 0F0h
@@ -166,254 +163,67 @@ Call_RDRAND_RAX:
;; If CF=0, a random number was not available.
;; Retry immediately
- jnc Call_RDRAND_RAX
+ jnc RDRAND_Call_RAX
RDRAND_succeeded:
cmp bsize, MWSIZE
- jb Partial_Machine_Word
-
-Full_Machine_Word:
-
- mov QWORD PTR [buffer], rax
- add buffer, MWSIZE
- sub bsize, MWSIZE
-
- ;; Continue
- jmp GenerateBlock_Top
-
- ;; 1,2,3,4,5,6,7 bytes remain
-Partial_Machine_Word:
-
- ;; Test bit 2 to see if size is at least 4
- test bsize, 4
- jz Bit_2_Not_Set
-
- mov DWORD PTR [buffer], eax
- shr rax, 32
- add buffer, 4
-
-Bit_2_Not_Set:
-
- ;; Test bit 1 to see if size is at least 2
- test bsize, 2
- jz Bit_1_Not_Set
-
- mov WORD PTR [buffer], ax
- shr eax, 16
- add buffer, 2
-
-Bit_1_Not_Set:
-
- ;; Test bit 0 to see if size is at least 1
- test bsize, 1
- jz Bit_0_Not_Set
-
- mov BYTE PTR [buffer], al
-
-Bit_0_Not_Set:
-
- ;; We've hit all the bits
-
-GenerateBlock_Return:
-
- ;; Clear artifacts
- xor rax, rax
- ret
-
-MASM_RDRAND_GenerateBlock ENDP
-
-ENDIF ;; _M_X64
-
-OPTION PROLOGUE:PrologueDef
-OPTION EPILOGUE:EpilogueDef
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-IFDEF _M_X86 ;; Set via the command line
-
-.CODE
-ALIGN 8
-OPTION PROLOGUE:NONE
-OPTION EPILOGUE:NONE
-
-;; No need for Load_Arguments due to fastcall
-;; ECX (in): arg1, byte* buffer
-;; EDX (in): arg2, size_t bsize
-
-MASM_RDSEED_GenerateBlock PROC ;; arg1:DWORD, arg2:DWORD
-
- MWSIZE EQU 04h ;; machine word size
- buffer EQU ecx
- bsize EQU edx
-
- ;; Top of While loop
-GenerateBlock_Top:
-
- ;; Check remaining size
- cmp bsize, 0
- je GenerateBlock_Return
-
-Call_RDSEED_EAX:
- ;; RDSEED is not available prior to VS2012. Just emit
- ;; the byte codes using DB. This is `rdseed eax`.
- DB 0Fh, 0C7h, 0F8h
-
- ;; If CF=1, the number returned by RDSEED is valid.
- ;; If CF=0, a random number was not available.
-
- ;; Retry immediately
- jnc Call_RDSEED_EAX
-
-RDSEED_succeeded:
-
- cmp bsize, MWSIZE
- jb Partial_Machine_Word
-
-Full_Machine_Word:
-
- mov DWORD PTR [buffer], eax
- add buffer, MWSIZE ;; No need for Intel Core 2 slow workarounds, like
- sub bsize, MWSIZE ;; `lea buffer,[buffer+MWSIZE]` for faster adds
-
- ;; Continue
- jmp GenerateBlock_Top
-
- ;; 1,2,3 bytes remain
-Partial_Machine_Word:
-
- ;; Test bit 1 to see if size is at least 2
- test bsize, 2
- jz Bit_1_Not_Set
-
- mov WORD PTR [buffer], ax
- shr eax, 16
- add buffer, 2
-
-Bit_1_Not_Set:
-
- ;; Test bit 0 to see if size is at least 1
- test bsize, 1
- jz Bit_0_Not_Set
-
- mov BYTE PTR [buffer], al
-
-Bit_0_Not_Set:
-
- ;; We've hit all the bits
-
-GenerateBlock_Return:
-
- ;; Clear artifacts
- xor eax, eax
- ret
-
-MASM_RDSEED_GenerateBlock ENDP
-
-ENDIF ;; _M_X86
+ jb RDRAND_Partial_Machine_Word
-OPTION PROLOGUE:PrologueDef
-OPTION EPILOGUE:EpilogueDef
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-IFDEF _M_X64 ;; Set via the command line
-
-.CODE
-ALIGN 16
-OPTION PROLOGUE:NONE
-OPTION EPILOGUE:NONE
-
-;; No need for Load_Arguments due to fastcall
-;; RCX (in): arg1, byte* buffer
-;; RDX (in): arg2, size_t bsize
-
-MASM_RDSEED_GenerateBlock PROC ;; arg1:QWORD, arg2:QWORD
-
- MWSIZE EQU 08h ;; machine word size
- buffer EQU rcx
- bsize EQU rdx
-
- ;; Top of While loop
-GenerateBlock_Top:
-
- ;; Check remaining size
- cmp bsize, 0
- je GenerateBlock_Return
-
-Call_RDSEED_RAX:
- ;; RDSEED is not available prior to VS2012. Just emit
- ;; the byte codes using DB. This is `rdseed rax`.
- DB 048h, 0Fh, 0C7h, 0F8h
-
- ;; If CF=1, the number returned by RDSEED is valid.
- ;; If CF=0, a random number was not available.
-
- ;; Retry immediately
- jnc Call_RDSEED_RAX
-
-RDSEED_succeeded:
-
- cmp bsize, MWSIZE
- jb Partial_Machine_Word
-
-Full_Machine_Word:
+RDRAND_Full_Machine_Word:
mov QWORD PTR [buffer], rax
add buffer, MWSIZE
sub bsize, MWSIZE
;; Continue
- jmp GenerateBlock_Top
+ jmp RDRAND_GenerateBlock_Top
;; 1,2,3,4,5,6,7 bytes remain
-Partial_Machine_Word:
+RDRAND_Partial_Machine_Word:
;; Test bit 2 to see if size is at least 4
test bsize, 4
- jz Bit_2_Not_Set
+ jz RDRAND_Bit_2_Not_Set
mov DWORD PTR [buffer], eax
shr rax, 32
add buffer, 4
-Bit_2_Not_Set:
+RDRAND_Bit_2_Not_Set:
;; Test bit 1 to see if size is at least 2
test bsize, 2
- jz Bit_1_Not_Set
+ jz RDRAND_Bit_1_Not_Set
mov WORD PTR [buffer], ax
shr eax, 16
add buffer, 2
-Bit_1_Not_Set:
+RDRAND_Bit_1_Not_Set:
;; Test bit 0 to see if size is at least 1
test bsize, 1
- jz Bit_0_Not_Set
+ jz RDRAND_Bit_0_Not_Set
mov BYTE PTR [buffer], al
+ ;; shr ax, 8
+ ;; add buffer, 1
-Bit_0_Not_Set:
+RDRAND_Bit_0_Not_Set:
;; We've hit all the bits
-GenerateBlock_Return:
+RDRAND_GenerateBlock_Return:
;; Clear artifacts
xor rax, rax
ret
-MASM_RDSEED_GenerateBlock ENDP
+MASM_RDRAND_GenerateBlock ENDP
ENDIF ;; _M_X64
-OPTION PROLOGUE:PrologueDef
-OPTION EPILOGUE:EpilogueDef
-
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/src/Crypto/rdseed_ml.asm b/src/Crypto/rdseed_ml.asm
new file mode 100644
index 0000000..6070423
--- /dev/null
+++ b/src/Crypto/rdseed_ml.asm
@@ -0,0 +1,230 @@
+;; rdrand.asm - written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
+;; Copyright assigned to the Crypto++ project.
+
+;; This ASM file provides RDSEED to downlevel Microsoft tool chains.
+;; Everything "just works" under Visual Studio. Other platforms will
+;; have to run MASM/MASM-64 and then link to the object files.
+
+;; set ASFLAGS=/nologo /D_M_X86 /W3 /Cx /Zi /safeseh
+;; set ASFLAGS64=/nologo /D_M_X64 /W3 /Cx /Zi
+;; "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\bin\ml.exe" %ASFLAGS% /Fo rdrand-x86.obj /c rdrand.asm
+;; "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\bin\amd64\ml64.exe" %ASFLAGS64% /Fo rdrand-x64.obj /c rdrand.asm
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+TITLE MASM_RDSEED_GenerateBlock source file
+SUBTITLE Microsoft specific ASM code to utilize RDSEED for down level Microsoft toolchains
+
+PUBLIC MASM_RDSEED_GenerateBlock
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+;; C/C++ Function prototypes (both are fastcall)
+;; X86:
+;; extern "C" void __fastcall MASM_RDSEED_GenerateBlock(byte* ptr, size_t size);
+;; X64:
+;; extern "C" void __fastcall MASM_RDSEED_GenerateBlock(byte* ptr, size_t size);
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+IFDEF _M_X86 ;; Set via the command line
+
+.486
+.MODEL FLAT
+
+;; Fastcall calling conventions exports
+ALIAS <@MASM_RDSEED_GenerateBlock@8> = <MASM_RDSEED_GenerateBlock>
+
+ENDIF
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+IFDEF _M_X86 ;; Set via the command line
+
+.CODE
+ALIGN 8
+OPTION PROLOGUE:NONE
+OPTION EPILOGUE:NONE
+
+;; No need for Load_Arguments due to fastcall
+;; ECX (in): arg1, byte* buffer
+;; EDX (in): arg2, size_t bsize
+
+MASM_RDSEED_GenerateBlock PROC ;; arg1:DWORD, arg2:DWORD
+
+ MWSIZE EQU 04h ;; machine word size
+ buffer EQU ecx
+ bsize EQU edx
+
+ ;; Top of While loop
+RDSEED_GenerateBlock_Top:
+
+ ;; Check remaining size
+ cmp bsize, 0
+ je RDSEED_GenerateBlock_Return
+
+RDSEED_Call_EAX:
+ ;; RDSEED is not available prior to VS2012. Just emit
+ ;; the byte codes using DB. This is `rdseed eax`.
+ DB 0Fh, 0C7h, 0F8h
+
+ ;; If CF=1, the number returned by RDSEED is valid.
+ ;; If CF=0, a random number was not available.
+
+ ;; Retry immediately
+ jnc RDSEED_Call_EAX
+
+RDSEED_succeeded:
+
+ cmp bsize, MWSIZE
+ jb RDSEED_Partial_Machine_Word
+
+RDSEED_Full_Machine_Word:
+
+ mov DWORD PTR [buffer], eax
+ add buffer, MWSIZE ;; No need for Intel Core 2 slow workarounds, like
+ sub bsize, MWSIZE ;; `lea buffer,[buffer+MWSIZE]` for faster adds
+
+ ;; Continue
+ jmp RDSEED_GenerateBlock_Top
+
+ ;; 1,2,3 bytes remain
+RDSEED_Partial_Machine_Word:
+
+ ;; Test bit 1 to see if size is at least 2
+ test bsize, 2
+ jz RDSEED_Bit_1_Not_Set
+
+ mov WORD PTR [buffer], ax
+ shr eax, 16
+ add buffer, 2
+
+RDSEED_Bit_1_Not_Set:
+
+ ;; Test bit 0 to see if size is at least 1
+ test bsize, 1
+ jz RDSEED_Bit_0_Not_Set
+
+ mov BYTE PTR [buffer], al
+ ;; shr ax, 8
+ ;; add buffer, 1
+
+RDSEED_Bit_0_Not_Set:
+
+ ;; We've hit all the bits
+
+RDSEED_GenerateBlock_Return:
+
+ ;; Clear artifacts
+ xor eax, eax
+ ret
+
+MASM_RDSEED_GenerateBlock ENDP
+
+ENDIF ;; _M_X86
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+IFDEF _M_X64 ;; Set via the command line
+
+.CODE
+ALIGN 16
+OPTION PROLOGUE:NONE
+OPTION EPILOGUE:NONE
+
+;; No need for Load_Arguments due to fastcall
+;; RCX (in): arg1, byte* buffer
+;; RDX (in): arg2, size_t bsize
+
+MASM_RDSEED_GenerateBlock PROC ;; arg1:QWORD, arg2:QWORD
+
+ MWSIZE EQU 08h ;; machine word size
+ buffer EQU rcx
+ bsize EQU rdx
+
+ ;; Top of While loop
+RDSEED_GenerateBlock_Top:
+
+ ;; Check remaining size
+ cmp bsize, 0
+ je RDSEED_GenerateBlock_Return
+
+RDSEED_Call_RAX:
+ ;; RDSEED is not available prior to VS2012. Just emit
+ ;; the byte codes using DB. This is `rdseed rax`.
+ DB 048h, 0Fh, 0C7h, 0F8h
+
+ ;; If CF=1, the number returned by RDSEED is valid.
+ ;; If CF=0, a random number was not available.
+
+ ;; Retry immediately
+ jnc RDSEED_Call_RAX
+
+RDSEED_succeeded:
+
+ cmp bsize, MWSIZE
+ jb RDSEED_Partial_Machine_Word
+
+RDSEED_Full_Machine_Word:
+
+ mov QWORD PTR [buffer], rax
+ add buffer, MWSIZE
+ sub bsize, MWSIZE
+
+ ;; Continue
+ jmp RDSEED_GenerateBlock_Top
+
+ ;; 1,2,3,4,5,6,7 bytes remain
+RDSEED_Partial_Machine_Word:
+
+ ;; Test bit 2 to see if size is at least 4
+ test bsize, 4
+ jz RDSEED_Bit_2_Not_Set
+
+ mov DWORD PTR [buffer], eax
+ shr rax, 32
+ add buffer, 4
+
+RDSEED_Bit_2_Not_Set:
+
+ ;; Test bit 1 to see if size is at least 2
+ test bsize, 2
+ jz RDSEED_Bit_1_Not_Set
+
+ mov WORD PTR [buffer], ax
+ shr eax, 16
+ add buffer, 2
+
+RDSEED_Bit_1_Not_Set:
+
+ ;; Test bit 0 to see if size is at least 1
+ test bsize, 1
+ jz RDSEED_Bit_0_Not_Set
+
+ mov BYTE PTR [buffer], al
+ ;; shr ax, 8
+ ;; add buffer, 1
+
+RDSEED_Bit_0_Not_Set:
+
+ ;; We've hit all the bits
+
+RDSEED_GenerateBlock_Return:
+
+ ;; Clear artifacts
+ xor rax, rax
+ ret
+
+MASM_RDSEED_GenerateBlock ENDP
+
+ENDIF ;; _M_X64
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+END
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index 9700226..3813992 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -660,6 +660,12 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
{
CrashDumpEnabled = TRUE;
HibernationEnabled = TRUE;
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled())
+ {
+ HibernationEnabled = FALSE;
+ }
+#endif
}
else if (!LegacyHibernationDriverFilterActive)
StartLegacyHibernationDriverFilter();
diff --git a/src/Driver/Driver.rc b/src/Driver/Driver.rc
index a27a37b..2d39980 100644
--- a/src/Driver/Driver.rc
+++ b/src/Driver/Driver.rc
@@ -27,8 +27,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,5,0
- PRODUCTVERSION 1,24,5,0
+ FILEVERSION 1,24,9,1
+ PRODUCTVERSION 1,24,9,1
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 7293de2..8caf7bf 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -142,6 +142,7 @@ static BOOL RamEncryptionActivated = FALSE;
static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL;
static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL;
static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL;
+static KeAreAllApcsDisabledFn KeAreAllApcsDisabledPtr = NULL;
POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool;
ULONG ExDefaultMdlProtection = 0;
@@ -272,6 +273,15 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
ExDefaultMdlProtection = MdlMappingNoExecute;
}
+ // KeAreAllApcsDisabled is available starting from Windows Server 2003
+ if ((OsMajorVersion > 5) || (OsMajorVersion == 5 && OsMinorVersion >= 2))
+ {
+ UNICODE_STRING KeAreAllApcsDisabledFuncName;
+ RtlInitUnicodeString(&KeAreAllApcsDisabledFuncName, L"KeAreAllApcsDisabled");
+
+ KeAreAllApcsDisabledPtr = (KeAreAllApcsDisabledFn) MmGetSystemRoutineAddress(&KeAreAllApcsDisabledFuncName);
+ }
+
// KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState are available starting from Windows 7
if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))
{
@@ -1374,7 +1384,8 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
else
{
IO_STATUS_BLOCK ioStatus;
- PVOID buffer = TCalloc (max (pVerifyInformation->Length, PAGE_SIZE));
+ DWORD dwBuffersize = min (pVerifyInformation->Length, 16 * PAGE_SIZE);
+ PVOID buffer = TCalloc (dwBuffersize);
if (!buffer)
{
@@ -1382,14 +1393,29 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
}
else
{
- LARGE_INTEGER offset = pVerifyInformation->StartingOffset;
+ LARGE_INTEGER offset;
+ DWORD dwRemainingBytes = pVerifyInformation->Length, dwReadCount;
offset.QuadPart = ullNewOffset;
- Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, pVerifyInformation->Length, &offset, NULL);
- TCfree (buffer);
+ while (dwRemainingBytes)
+ {
+ dwReadCount = min (dwBuffersize, dwRemainingBytes);
+ Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, dwReadCount, &offset, NULL);
+
+ if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != dwReadCount)
+ {
+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ break;
+ }
+ else if (!NT_SUCCESS (Irp->IoStatus.Status))
+ break;
+
+ dwRemainingBytes -= dwReadCount;
+ offset.QuadPart += (ULONGLONG) dwReadCount;
+ }
- if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != pVerifyInformation->Length)
- Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ burn (buffer, dwBuffersize);
+ TCfree (buffer);
}
}
@@ -3457,6 +3483,18 @@ void OnShutdownPending ()
while (SendDeviceIoControlRequest (RootDeviceObject, TC_IOCTL_WIPE_PASSWORD_CACHE, NULL, 0, NULL, 0) == STATUS_INSUFFICIENT_RESOURCES);
}
+typedef struct
+{
+ PWSTR deviceName; ULONG IoControlCode; void *InputBuffer; ULONG InputBufferSize; void *OutputBuffer; ULONG OutputBufferSize;
+ NTSTATUS Status;
+ KEVENT WorkItemCompletedEvent;
+} TCDeviceIoControlWorkItemArgs;
+
+static VOID TCDeviceIoControlWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, TCDeviceIoControlWorkItemArgs *arg)
+{
+ arg->Status = TCDeviceIoControl (arg->deviceName, arg->IoControlCode, arg->InputBuffer, arg->InputBufferSize, arg->OutputBuffer, arg->OutputBufferSize);
+ KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
+}
NTSTATUS TCDeviceIoControl (PWSTR deviceName, ULONG IoControlCode, void *InputBuffer, ULONG InputBufferSize, void *OutputBuffer, ULONG OutputBufferSize)
{
@@ -3468,6 +3506,30 @@ NTSTATUS TCDeviceIoControl (PWSTR deviceName, ULONG IoControlCode, void *InputBu
KEVENT event;
UNICODE_STRING name;
+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())
+ {
+ TCDeviceIoControlWorkItemArgs args;
+
+ PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);
+ if (!workItem)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ args.deviceName = deviceName;
+ args.IoControlCode = IoControlCode;
+ args.InputBuffer = InputBuffer;
+ args.InputBufferSize = InputBufferSize;
+ args.OutputBuffer = OutputBuffer;
+ args.OutputBufferSize = OutputBufferSize;
+
+ KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);
+ IoQueueWorkItem (workItem, TCDeviceIoControlWorkItemRoutine, DelayedWorkQueue, &args);
+
+ KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);
+ IoFreeWorkItem (workItem);
+
+ return args.Status;
+ }
+
RtlInitUnicodeString(&name, deviceName);
ntStatus = IoGetDeviceObjectPointer (&name, FILE_READ_ATTRIBUTES, &fileObject, &deviceObject);
@@ -3528,7 +3590,7 @@ NTSTATUS SendDeviceIoControlRequest (PDEVICE_OBJECT deviceObject, ULONG ioContro
PIRP irp;
KEVENT event;
- if (KeGetCurrentIrql() > APC_LEVEL)
+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())
{
SendDeviceIoControlRequestWorkItemArgs args;
@@ -3844,6 +3906,136 @@ NTSTATUS MountManagerUnmount (int nDosDriveNo)
return ntStatus;
}
+typedef struct
+{
+ MOUNT_STRUCT* mount; PEXTENSION NewExtension;
+ NTSTATUS Status;
+ KEVENT WorkItemCompletedEvent;
+} UpdateFsVolumeInformationWorkItemArgs;
+
+static NTSTATUS UpdateFsVolumeInformation (MOUNT_STRUCT* mount, PEXTENSION NewExtension);
+
+static VOID UpdateFsVolumeInformationWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, UpdateFsVolumeInformationWorkItemArgs *arg)
+{
+ arg->Status = UpdateFsVolumeInformation (arg->mount, arg->NewExtension);
+ KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
+}
+
+static NTSTATUS UpdateFsVolumeInformation (MOUNT_STRUCT* mount, PEXTENSION NewExtension)
+{
+ HANDLE volumeHandle;
+ PFILE_OBJECT volumeFileObject;
+ ULONG labelLen = (ULONG) wcslen (mount->wszLabel);
+ BOOL bIsNTFS = FALSE;
+ ULONG labelMaxLen, labelEffectiveLen;
+
+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())
+ {
+ UpdateFsVolumeInformationWorkItemArgs args;
+
+ PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);
+ if (!workItem)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ args.mount = mount;
+ args.NewExtension = NewExtension;
+
+ KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);
+ IoQueueWorkItem (workItem, UpdateFsVolumeInformationWorkItemRoutine, DelayedWorkQueue, &args);
+
+ KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);
+ IoFreeWorkItem (workItem);
+
+ return args.Status;
+ }
+
+ __try
+ {
+ if (NT_SUCCESS (TCOpenFsVolume (NewExtension, &volumeHandle, &volumeFileObject)))
+ {
+ __try
+ {
+ ULONG fsStatus;
+
+ if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_IS_VOLUME_DIRTY, NULL, 0, &fsStatus, sizeof (fsStatus)))
+ && (fsStatus & VOLUME_IS_DIRTY))
+ {
+ mount->FilesystemDirty = TRUE;
+ }
+ }
+ __except (EXCEPTION_EXECUTE_HANDLER)
+ {
+ mount->FilesystemDirty = TRUE;
+ }
+
+ // detect if the filesystem is NTFS or FAT
+ __try
+ {
+ NTFS_VOLUME_DATA_BUFFER ntfsData;
+ if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_GET_NTFS_VOLUME_DATA, NULL, 0, &ntfsData, sizeof (ntfsData))))
+ {
+ bIsNTFS = TRUE;
+ }
+ }
+ __except (EXCEPTION_EXECUTE_HANDLER)
+ {
+ bIsNTFS = FALSE;
+ }
+
+ NewExtension->bIsNTFS = bIsNTFS;
+ mount->bIsNTFS = bIsNTFS;
+
+ if (labelLen > 0)
+ {
+ if (bIsNTFS)
+ labelMaxLen = 32; // NTFS maximum label length
+ else
+ labelMaxLen = 11; // FAT maximum label length
+
+ // calculate label effective length
+ labelEffectiveLen = labelLen > labelMaxLen? labelMaxLen : labelLen;
+
+ // correct the label in the device
+ memset (&NewExtension->wszLabel[labelEffectiveLen], 0, 33 - labelEffectiveLen);
+ memcpy (mount->wszLabel, NewExtension->wszLabel, 33);
+
+ // set the volume label
+ __try
+ {
+ IO_STATUS_BLOCK ioblock;
+ ULONG labelInfoSize = sizeof(FILE_FS_LABEL_INFORMATION) + (labelEffectiveLen * sizeof(WCHAR));
+ FILE_FS_LABEL_INFORMATION* labelInfo = (FILE_FS_LABEL_INFORMATION*) TCalloc (labelInfoSize);
+ if (labelInfo)
+ {
+ labelInfo->VolumeLabelLength = labelEffectiveLen * sizeof(WCHAR);
+ memcpy (labelInfo->VolumeLabel, mount->wszLabel, labelInfo->VolumeLabelLength);
+
+ if (STATUS_SUCCESS == ZwSetVolumeInformationFile (volumeHandle, &ioblock, labelInfo, labelInfoSize, FileFsLabelInformation))
+ {
+ mount->bDriverSetLabel = TRUE;
+ NewExtension->bDriverSetLabel = TRUE;
+ }
+
+ TCfree(labelInfo);
+ }
+ }
+ __except (EXCEPTION_EXECUTE_HANDLER)
+ {
+
+ }
+ }
+
+ TCCloseFsVolume (volumeHandle, volumeFileObject);
+ }
+ }
+ __except (EXCEPTION_EXECUTE_HANDLER)
+ {
+
+ }
+
+ return STATUS_SUCCESS;
+}
+
NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
{
@@ -3931,12 +4123,6 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
{
if (mount->nReturnCode == 0)
{
- HANDLE volumeHandle;
- PFILE_OBJECT volumeFileObject;
- ULONG labelLen = (ULONG) wcslen (mount->wszLabel);
- BOOL bIsNTFS = FALSE;
- ULONG labelMaxLen, labelEffectiveLen;
-
Dump ("Mount SUCCESS TC code = 0x%08x READ-ONLY = %d\n", mount->nReturnCode, NewExtension->bReadOnly);
if (NewExtension->bReadOnly)
@@ -3968,81 +4154,13 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
mount->FilesystemDirty = FALSE;
- if (mount->bMountManager && NT_SUCCESS (TCOpenFsVolume (NewExtension, &volumeHandle, &volumeFileObject)))
+ if (mount->bMountManager)
{
- __try
- {
- ULONG fsStatus;
-
- if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_IS_VOLUME_DIRTY, NULL, 0, &fsStatus, sizeof (fsStatus)))
- && (fsStatus & VOLUME_IS_DIRTY))
- {
- mount->FilesystemDirty = TRUE;
- }
- }
- __except (EXCEPTION_EXECUTE_HANDLER)
- {
- mount->FilesystemDirty = TRUE;
- }
-
- // detect if the filesystem is NTFS or FAT
- __try
- {
- NTFS_VOLUME_DATA_BUFFER ntfsData;
- if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_GET_NTFS_VOLUME_DATA, NULL, 0, &ntfsData, sizeof (ntfsData))))
- {
- bIsNTFS = TRUE;
- }
- }
- __except (EXCEPTION_EXECUTE_HANDLER)
+ NTSTATUS updateStatus = UpdateFsVolumeInformation (mount, NewExtension);
+ if (!NT_SUCCESS (updateStatus))
{
- bIsNTFS = FALSE;
- }
-
- NewExtension->bIsNTFS = bIsNTFS;
- mount->bIsNTFS = bIsNTFS;
-
- if (labelLen > 0)
- {
- if (bIsNTFS)
- labelMaxLen = 32; // NTFS maximum label length
- else
- labelMaxLen = 11; // FAT maximum label length
-
- // calculate label effective length
- labelEffectiveLen = labelLen > labelMaxLen? labelMaxLen : labelLen;
-
- // correct the label in the device
- memset (&NewExtension->wszLabel[labelEffectiveLen], 0, 33 - labelEffectiveLen);
- memcpy (mount->wszLabel, NewExtension->wszLabel, 33);
-
- // set the volume label
- __try
- {
- IO_STATUS_BLOCK ioblock;
- ULONG labelInfoSize = sizeof(FILE_FS_LABEL_INFORMATION) + (labelEffectiveLen * sizeof(WCHAR));
- FILE_FS_LABEL_INFORMATION* labelInfo = (FILE_FS_LABEL_INFORMATION*) TCalloc (labelInfoSize);
- if (labelInfo)
- {
- labelInfo->VolumeLabelLength = labelEffectiveLen * sizeof(WCHAR);
- memcpy (labelInfo->VolumeLabel, mount->wszLabel, labelInfo->VolumeLabelLength);
-
- if (STATUS_SUCCESS == ZwSetVolumeInformationFile (volumeHandle, &ioblock, labelInfo, labelInfoSize, FileFsLabelInformation))
- {
- mount->bDriverSetLabel = TRUE;
- NewExtension->bDriverSetLabel = TRUE;
- }
-
- TCfree(labelInfo);
- }
- }
- __except (EXCEPTION_EXECUTE_HANDLER)
- {
-
- }
+ Dump ("MountDevice: UpdateFsVolumeInformation failed with status 0x%08x\n", updateStatus);
}
-
- TCCloseFsVolume (volumeHandle, volumeFileObject);
}
}
else
@@ -4056,6 +4174,20 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
}
}
+typedef struct
+{
+ UNMOUNT_STRUCT *unmountRequest; PDEVICE_OBJECT deviceObject; BOOL ignoreOpenFiles;
+ NTSTATUS Status;
+ KEVENT WorkItemCompletedEvent;
+} UnmountDeviceWorkItemArgs;
+
+
+static VOID UnmountDeviceWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, UnmountDeviceWorkItemArgs *arg)
+{
+ arg->Status = UnmountDevice (arg->unmountRequest, arg->deviceObject, arg->ignoreOpenFiles);
+ KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
+}
+
NTSTATUS UnmountDevice (UNMOUNT_STRUCT *unmountRequest, PDEVICE_OBJECT deviceObject, BOOL ignoreOpenFiles)
{
PEXTENSION extension = deviceObject->DeviceExtension;
@@ -4063,6 +4195,27 @@ NTSTATUS UnmountDevice (UNMOUNT_STRUCT *unmountRequest, PDEVICE_OBJECT deviceObj
HANDLE volumeHandle;
PFILE_OBJECT volumeFileObject;
+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())
+ {
+ UnmountDeviceWorkItemArgs args;
+
+ PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);
+ if (!workItem)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ args.deviceObject = deviceObject;
+ args.unmountRequest = unmountRequest;
+ args.ignoreOpenFiles = ignoreOpenFiles;
+
+ KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);
+ IoQueueWorkItem (workItem, UnmountDeviceWorkItemRoutine, DelayedWorkQueue, &args);
+
+ KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);
+ IoFreeWorkItem (workItem);
+
+ return args.Status;
+ }
+
Dump ("UnmountDevice %d\n", extension->nDosDriveNo);
ntStatus = TCOpenFsVolume (extension, &volumeHandle, &volumeFileObject);
@@ -4759,4 +4912,12 @@ VOID NTAPI KeRestoreExtendedProcessorState (
{
(KeRestoreExtendedProcessorStatePtr) (XStateSave);
}
-} \ No newline at end of file
+}
+
+BOOLEAN VC_KeAreAllApcsDisabled (VOID)
+{
+ if (KeAreAllApcsDisabledPtr)
+ return (KeAreAllApcsDisabledPtr) ();
+ else
+ return FALSE;
+}
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c
index afd3a96..e88105c 100644
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -303,7 +303,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
if (mount->bMountReadOnly || ntStatus == STATUS_ACCESS_DENIED)
{
ntStatus = ZwCreateFile (&Extension->hDeviceFile,
- GENERIC_READ | SYNCHRONIZE,
+ GENERIC_READ | (!bRawDevice && mount->bPreserveTimestamp? FILE_WRITE_ATTRIBUTES : 0) | SYNCHRONIZE,
&oaFileAttributes,
&IoStatusBlock,
NULL,
@@ -318,6 +318,26 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
NULL,
0);
+ if (!NT_SUCCESS (ntStatus) && !bRawDevice && mount->bPreserveTimestamp)
+ {
+ /* try again without FILE_WRITE_ATTRIBUTES */
+ ntStatus = ZwCreateFile (&Extension->hDeviceFile,
+ GENERIC_READ | SYNCHRONIZE,
+ &oaFileAttributes,
+ &IoStatusBlock,
+ NULL,
+ FILE_ATTRIBUTE_NORMAL |
+ FILE_ATTRIBUTE_SYSTEM,
+ exclusiveAccess ? FILE_SHARE_READ : FILE_SHARE_READ | FILE_SHARE_WRITE,
+ FILE_OPEN,
+ FILE_RANDOM_ACCESS |
+ FILE_WRITE_THROUGH |
+ (disableBuffering ? FILE_NO_INTERMEDIATE_BUFFERING : 0) |
+ FILE_SYNCHRONOUS_IO_NONALERT,
+ NULL,
+ 0);
+ }
+
if (NT_SUCCESS (ntStatus) && !mount->bMountReadOnly)
mount->VolumeMountedReadOnlyAfterAccessDenied = TRUE;
@@ -362,6 +382,18 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
Extension->fileLastWriteTime = FileBasicInfo.LastWriteTime;
Extension->fileLastChangeTime = FileBasicInfo.ChangeTime;
Extension->bTimeStampValid = TRUE;
+
+ // we tell the system not to update LastAccessTime, LastWriteTime, and ChangeTime
+ FileBasicInfo.CreationTime.QuadPart = 0;
+ FileBasicInfo.LastAccessTime.QuadPart = -1;
+ FileBasicInfo.LastWriteTime.QuadPart = -1;
+ FileBasicInfo.ChangeTime.QuadPart = -1;
+
+ ZwSetInformationFile (Extension->hDeviceFile,
+ &IoStatusBlock,
+ &FileBasicInfo,
+ sizeof (FileBasicInfo),
+ FileBasicInformation);
}
ntStatus = ZwQueryInformationFile (Extension->hDeviceFile,
@@ -886,6 +918,18 @@ void TCCloseVolume (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension)
}
}
+typedef struct
+{
+ PDEVICE_OBJECT deviceObject; PEXTENSION Extension; ULONG ioControlCode; void *inputBuffer; int inputBufferSize; void *outputBuffer; int outputBufferSize;
+ NTSTATUS Status;
+ KEVENT WorkItemCompletedEvent;
+} TCSendHostDeviceIoControlRequestExWorkItemArgs;
+
+static VOID TCSendHostDeviceIoControlRequestExWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, TCSendHostDeviceIoControlRequestExWorkItemArgs *arg)
+{
+ arg->Status = TCSendHostDeviceIoControlRequestEx (arg->deviceObject, arg->Extension, arg->ioControlCode, arg->inputBuffer, arg->inputBufferSize, arg->outputBuffer, arg->outputBufferSize);
+ KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);
+}
NTSTATUS TCSendHostDeviceIoControlRequestEx (PDEVICE_OBJECT DeviceObject,
PEXTENSION Extension,
@@ -901,6 +945,31 @@ NTSTATUS TCSendHostDeviceIoControlRequestEx (PDEVICE_OBJECT DeviceObject,
UNREFERENCED_PARAMETER(DeviceObject); /* Remove compiler warning */
+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())
+ {
+ TCSendHostDeviceIoControlRequestExWorkItemArgs args;
+
+ PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);
+ if (!workItem)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ args.deviceObject = DeviceObject;
+ args.Extension = Extension;
+ args.ioControlCode = IoControlCode;
+ args.inputBuffer = InputBuffer;
+ args.inputBufferSize = InputBufferSize;
+ args.outputBuffer = OutputBuffer;
+ args.outputBufferSize = OutputBufferSize;
+
+ KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);
+ IoQueueWorkItem (workItem, TCSendHostDeviceIoControlRequestExWorkItemRoutine, DelayedWorkQueue, &args);
+
+ KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);
+ IoFreeWorkItem (workItem);
+
+ return args.Status;
+ }
+
KeClearEvent (&Extension->keVolumeEvent);
Irp = IoBuildDeviceIoControlRequest (IoControlCode,
diff --git a/src/ExpandVolume/DlgExpandVolume.cpp b/src/ExpandVolume/DlgExpandVolume.cpp
index c1acd76..ab76d1b 100644
--- a/src/ExpandVolume/DlgExpandVolume.cpp
+++ b/src/ExpandVolume/DlgExpandVolume.cpp
@@ -49,6 +49,8 @@
#define TIMER_ID_RANDVIEW 0xff
#define TIMER_INTERVAL_RANDVIEW 50
+BOOL bSeManageVolumeNameSet = FALSE;
+
// see definition of enum EV_FileSystem
const wchar_t * szFileSystemStr[4] = {L"RAW",L"FAT",L"NTFS",L"EXFAT"};
@@ -117,6 +119,20 @@ uint64 GetSizeBoxMultiplier(HWND hwndDlg)
return Muliplier[i];
}
+void HandleQuickExpanddCheckBox (HWND hwndDlg)
+{
+ if (IsButtonChecked (GetDlgItem (hwndDlg, IDC_INIT_NEWSPACE)))
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_QUICKEXPAND), FALSE);
+ SendDlgItemMessage (hwndDlg, IDC_QUICKEXPAND, BM_SETCHECK, BST_UNCHECKED, 0);
+ }
+ else
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_QUICKEXPAND), TRUE);
+ }
+}
+
+
BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{
static EXPAND_VOL_THREAD_PARAMS *pVolExpandParam;
@@ -164,6 +180,12 @@ BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
SetWindowText (GetDlgItem (hwndDlg, IDT_NEW_SIZE), L"");
GetSpaceString(szHostFreeStr,sizeof(szHostFreeStr),pVolExpandParam->hostSizeFree,FALSE);
StringCbPrintfW (szTemp,sizeof(szTemp),L"%s available on host drive", szHostFreeStr);
+
+ if (!pVolExpandParam->bDisableQuickExpand)
+ {
+ ShowWindow (GetDlgItem (hwndDlg, IDC_QUICKEXPAND), SW_SHOW);
+ HandleQuickExpanddCheckBox (hwndDlg);
+ }
}
SetWindowText (GetDlgItem (hwndDlg, IDC_EXPAND_VOLUME_NEWSIZE), szTemp);
@@ -179,7 +201,7 @@ BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
{
StringCbPrintfW (szTemp, sizeof(szTemp),L"Please specify the new size of the VeraCrypt volume (must be at least %I64u KB larger than the current size).",TC_MINVAL_FS_EXPAND/1024);
}
- SetWindowText (GetDlgItem (hwndDlg, IDC_BOX_HELP), szTemp);
+ SetWindowText (GetDlgItem (hwndDlg, IDC_BOX_HELP), szTemp);
}
return 0;
@@ -197,6 +219,7 @@ BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
wchar_t szTemp[4096];
pVolExpandParam->bInitFreeSpace = IsButtonChecked (GetDlgItem (hwndDlg, IDC_INIT_NEWSPACE));
+ pVolExpandParam->bQuickExpand = IsButtonChecked (GetDlgItem (hwndDlg, IDC_QUICKEXPAND));
if (!pVolExpandParam->bIsDevice) // for devices new size is set by calling function
{
GetWindowText (GetDlgItem (hwndDlg, IDC_SIZEBOX), szTemp, ARRAYSIZE (szTemp));
@@ -207,6 +230,23 @@ BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
return 1;
}
+ if (lw == IDC_INIT_NEWSPACE && !pVolExpandParam->bDisableQuickExpand)
+ {
+ HandleQuickExpanddCheckBox (hwndDlg);
+ return 1;
+ }
+
+ if (lw == IDC_QUICKEXPAND && IsButtonChecked (GetDlgItem (hwndDlg, IDC_QUICKEXPAND)))
+ {
+ // If quick expand selected, then we warn about security issue
+ if (MessageBoxW (hwndDlg, L"WARNING: You should use Quick Expand only in the following cases:\n\n1) The device where the file container is located contains no sensitive data and you do not need plausible deniability.\n2) The device where the file container is located has already been securely and fully encrypted.\n\nAre you sure you want to use Quick Expand?",
+ lpszTitle, YES_NO|MB_ICONWARNING|MB_DEFBUTTON2) == IDNO)
+ {
+ SendDlgItemMessage (hwndDlg, IDC_QUICKEXPAND, BM_SETCHECK, BST_UNCHECKED, 0);
+ return 1;
+ }
+ }
+
return 0;
}
@@ -393,6 +433,7 @@ BOOL CALLBACK ExpandVolProgressDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, L
// tell the volume transform thread to terminate
bVolTransformThreadCancel = TRUE;
}
+ NormalCursor ();
EndDialog (hwndDlg, lw);
return 1;
}
@@ -402,6 +443,7 @@ BOOL CALLBACK ExpandVolProgressDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, L
if (bVolTransformStarted)
{
// TransformThreadFunction finished -> OK button is now exit
+ NormalCursor ();
EndDialog (hwndDlg, lw);
}
else
@@ -561,7 +603,6 @@ void ExpandVolumeWizard (HWND hwndDlg, wchar_t *lpszVolume)
if (KeyFilesEnable && FirstKeyFile)
KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile, lpszVolume);
- WaitCursor ();
OpenVolumeThreadParam threadParam;
threadParam.context = &expandVol;
@@ -691,6 +732,8 @@ void ExpandVolumeWizard (HWND hwndDlg, wchar_t *lpszVolume)
EXPAND_VOL_THREAD_PARAMS VolExpandParam;
VolExpandParam.bInitFreeSpace = (bIsLegacy && bIsDevice) ? FALSE:TRUE;
+ VolExpandParam.bQuickExpand = FALSE;
+ VolExpandParam.bDisableQuickExpand = bIsDevice;
VolExpandParam.szVolumeName = lpszVolume;
VolExpandParam.FileSystem = volFSType;
VolExpandParam.pVolumePassword = &VolumePassword;
@@ -702,6 +745,17 @@ void ExpandVolumeWizard (HWND hwndDlg, wchar_t *lpszVolume)
VolExpandParam.newSize = hostSize;
VolExpandParam.hostSizeFree = hostSizeFree;
+ // disable Quick Expand if the file is sparse or compressed
+ if (!bIsDevice)
+ {
+ DWORD dwFileAttrib = GetFileAttributesW (lpszVolume);
+ if (INVALID_FILE_ATTRIBUTES != dwFileAttrib)
+ {
+ if (dwFileAttrib & (FILE_ATTRIBUTE_COMPRESSED | FILE_ATTRIBUTE_SPARSE_FILE))
+ VolExpandParam.bDisableQuickExpand = TRUE;
+ }
+ }
+
while (1)
{
uint64 newVolumeSize;
@@ -717,7 +771,7 @@ void ExpandVolumeWizard (HWND hwndDlg, wchar_t *lpszVolume)
if ( !bIsDevice )
{
- if ( newVolumeSize < hostSize + TC_MINVAL_FS_EXPAND)
+ if ( (newVolumeSize < hostSize + TC_MINVAL_FS_EXPAND) && ((hostSize == volSize) || (newVolumeSize != hostSize) || ((hostSize - volSize) < TC_MINVAL_FS_EXPAND)))
{
StringCbPrintfW(szTmp,sizeof(szTmp),L"New volume size too small, must be at least %I64u kB larger than the current size.",TC_MINVAL_FS_EXPAND/BYTES_PER_KB);
MessageBoxW (hwndDlg, szTmp, lpszTitle, MB_OK | MB_ICONEXCLAMATION );
@@ -737,6 +791,18 @@ void ExpandVolumeWizard (HWND hwndDlg, wchar_t *lpszVolume)
MessageBoxW (hwndDlg, L"!\n",lpszTitle, MB_OK | MB_ICONEXCLAMATION );
continue;
}
+
+ if (VolExpandParam.bQuickExpand && !bSeManageVolumeNameSet)
+ {
+ if (!SetPrivilege (SE_MANAGE_VOLUME_NAME, TRUE))
+ {
+ MessageBoxW (hwndDlg, L"Error: Failed to get necessary privileges to enable Quick Expand!\nPlease uncheck Quick Expand option and try again.",lpszTitle, MB_OK | MB_ICONEXCLAMATION );
+ VolExpandParam.bQuickExpand = FALSE;
+ continue;
+ }
+
+ bSeManageVolumeNameSet = TRUE;
+ }
}
if ( newVolumeSize > TC_MAX_VOLUME_SIZE )
diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c
index 5a476ba..8db2b57 100644
--- a/src/ExpandVolume/ExpandVolume.c
+++ b/src/ExpandVolume/ExpandVolume.c
@@ -492,7 +492,7 @@ error:
Remarks: a lot of code is from TrueCrypt 'Common\Password.c' :: ChangePwd()
*/
-static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePassword, int VolumePkcs5, int VolumePim, uint64 newHostSize, BOOL initFreeSpace)
+static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePassword, int VolumePkcs5, int VolumePim, uint64 newHostSize, BOOL initFreeSpace, BOOL bQuickExpand)
{
int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;
wchar_t szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
@@ -535,6 +535,27 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
if (dev == INVALID_HANDLE_VALUE)
goto error;
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Time timestamps are not modified
+ // in order to preserve plausible deniability of hidden volumes (last password change time is stored in the volume header).
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ /* Remember the container modification/creation date and time, (used to reset file date and time of
+ file-hosted volumes after password change (or attempt to), in order to preserve plausible deniability
+ of hidden volumes (last password change time is stored in the volume header). */
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ {
+ bTimeStampValid = FALSE;
+ MessageBoxW (hwndDlg, GetString ("GETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
+ }
+ else
+ bTimeStampValid = TRUE;
+ }
if (bDevice)
{
@@ -628,20 +649,6 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
goto error;
}
- if (!bDevice && bPreserveTimestamp)
- {
- /* Remember the container modification/creation date and time, (used to reset file date and time of
- file-hosted volumes after password change (or attempt to), in order to preserve plausible deniability
- of hidden volumes (last password change time is stored in the volume header). */
-
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- {
- bTimeStampValid = FALSE;
- MessageBoxW (hwndDlg, GetString ("GETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
- }
- else
- bTimeStampValid = TRUE;
- }
// Seek the volume header
headerOffset.QuadPart = TC_VOLUME_HEADER_OFFSET;
@@ -750,13 +757,37 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
liNewSize.QuadPart=(LONGLONG)newHostSize;
- // Preallocate the file
- if (!SetFilePointerEx (dev, liNewSize, NULL, FILE_BEGIN)
- || !SetEndOfFile (dev)
- || SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ if (hostSize != newHostSize)
{
- nStatus = ERR_OS_ERROR;
- goto error;
+ // Preallocate the file
+ if (!SetFilePointerEx (dev, liNewSize, NULL, FILE_BEGIN)
+ || !SetEndOfFile (dev))
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
+
+ if (bQuickExpand)
+ {
+ if (!SetFileValidData (dev, liNewSize.QuadPart))
+ {
+ DebugAddProgressDlgStatus(hwndDlg, L"Warning: Failed to perform Quick Expand. Continuing with standard expanding...\r\n");
+ }
+ }
+
+ if (SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
+ }
+ else
+ {
+ if (SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
}
}
@@ -1050,7 +1081,7 @@ void __cdecl volTransformThreadFunction (void *pExpandDlgParam)
HWND hwndDlg = (HWND) pParam->hwndDlg;
nStatus = ExpandVolume (hwndDlg, (wchar_t*)pParam->szVolumeName, pParam->pVolumePassword,
- pParam->VolumePkcs5, pParam->VolumePim, pParam->newSize, pParam->bInitFreeSpace );
+ pParam->VolumePkcs5, pParam->VolumePim, pParam->newSize, pParam->bInitFreeSpace, pParam->bQuickExpand );
if (nStatus!=ERR_SUCCESS && nStatus!=ERR_USER_ABORT)
handleError (hwndDlg, nStatus, SRC_POS);
diff --git a/src/ExpandVolume/ExpandVolume.h b/src/ExpandVolume/ExpandVolume.h
index 5f4eb7f..668eb79 100644
--- a/src/ExpandVolume/ExpandVolume.h
+++ b/src/ExpandVolume/ExpandVolume.h
@@ -40,6 +40,8 @@ typedef struct
BOOL bIsDevice;
BOOL bIsLegacy;
BOOL bInitFreeSpace;
+ BOOL bQuickExpand;
+ BOOL bDisableQuickExpand;
Password *pVolumePassword;
int VolumePkcs5;
int VolumePim;
diff --git a/src/ExpandVolume/ExpandVolume.rc b/src/ExpandVolume/ExpandVolume.rc
index 3f5e891..4eb92ff 100644
--- a/src/ExpandVolume/ExpandVolume.rc
+++ b/src/ExpandVolume/ExpandVolume.rc
@@ -38,7 +38,8 @@ BEGIN
CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,248,105,38,10
CONTROL "&TB",IDC_TB,"Button",BS_AUTORADIOBUTTON,288,105,38,10
CONTROL "Fill new space with random data",IDC_INIT_NEWSPACE,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,30,127,118,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,30,120,276,10
+ CONTROL "Quick Expand",IDC_QUICKEXPAND,"Button",BS_AUTOCHECKBOX | NOT WS_VISIBLE | WS_DISABLED | WS_TABSTOP,30,132,276,10
DEFPUSHBUTTON "Continue",IDOK,15,238,84,18
PUSHBUTTON "Cancel",IDCANCEL,277,238,84,18
LTEXT "Help Text",IDC_BOX_HELP,15,165,346,58,0,WS_EX_CLIENTEDGE
@@ -141,7 +142,7 @@ END
//
#ifdef APSTUDIO_INVOKED
-GUIDELINES DESIGNINFO
+GUIDELINES DESIGNINFO
BEGIN
IDD_SIZE_DIALOG, DIALOG
BEGIN
@@ -192,8 +193,8 @@ IDR_MOUNT_RSRC_HEADER HEADER "resource.h"
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,5,0
- PRODUCTVERSION 1,24,5,0
+ FILEVERSION 1,24,9,0
+ PRODUCTVERSION 1,24,9,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -210,11 +211,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Expander"
- VALUE "FileVersion", "1.24-Beta5"
+ VALUE "FileVersion", "1.24-Update2"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCryptExpander.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Beta5"
+ VALUE "ProductVersion", "1.24-Update2"
END
END
BLOCK "VarFileInfo"
@@ -264,7 +265,7 @@ IDB_LOGO_288DPI BITMAP "Logo_288dpi.bmp"
// Menu
//
-IDR_MENU MENUEX
+IDR_MENU MENUEX
BEGIN
MENUITEM "About", IDM_ABOUT,MFT_STRING,MFS_ENABLED
MENUITEM "Homepage", IDM_HOMEPAGE,MFT_STRING | MFT_RIGHTJUSTIFY,MFS_ENABLED
@@ -276,7 +277,7 @@ END
// String Table
//
-STRINGTABLE
+STRINGTABLE
BEGIN
IDS_UACSTRING "VeraCrypt Expander"
END
diff --git a/src/ExpandVolume/WinMain.cpp b/src/ExpandVolume/WinMain.cpp
index 2710cc4..ffeabe0 100644
--- a/src/ExpandVolume/WinMain.cpp
+++ b/src/ExpandVolume/WinMain.cpp
@@ -957,7 +957,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (lw == IDM_HOMEPAGE )
{
ArrowWaitCursor ();
- ShellExecute (NULL, L"open", L"https://www.veracrypt.fr", NULL, NULL, SW_SHOWNORMAL);
+ SafeOpenURL (L"https://www.veracrypt.fr");
Sleep (200);
NormalCursor ();
diff --git a/src/ExpandVolume/resource.h b/src/ExpandVolume/resource.h
index 993c414..99d89dd 100644
--- a/src/ExpandVolume/resource.h
+++ b/src/ExpandVolume/resource.h
@@ -71,6 +71,7 @@
#define IDC_OLD_PIM 1143
#define IDC_OLD_PIM_HELP 1144
#define ID_HOMEPAGE 1145
+#define IDC_QUICKEXPAND 1146
#define IDM_HELP 40001
#define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003
@@ -135,13 +136,13 @@
#define IDM_MANAGE_TOKEN_KEYFILES 40062
// Next default values for new objects
-//
+//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 120
#define _APS_NEXT_COMMAND_VALUE 40064
-#define _APS_NEXT_CONTROL_VALUE 1146
+#define _APS_NEXT_CONTROL_VALUE 1147
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/Format/Format.rc b/src/Format/Format.rc
index a96dcbc..f855dcf 100644
--- a/src/Format/Format.rc
+++ b/src/Format/Format.rc
@@ -28,8 +28,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,5,0
- PRODUCTVERSION 1,24,5,0
+ FILEVERSION 1,24,9,0
+ PRODUCTVERSION 1,24,9,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -46,11 +46,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Format"
- VALUE "FileVersion", "1.24-Beta5"
+ VALUE "FileVersion", "1.24-Update2"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Format.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Beta5"
+ VALUE "ProductVersion", "1.24-Update2"
END
END
BLOCK "VarFileInfo"
@@ -79,378 +79,378 @@ IDR_FORMAT_TLB TYPELIB "Format.tlb"
// Dialog
//
-IDD_VOL_CREATION_WIZARD_DLG DIALOGEX 0, 0, 400, 229
+IDD_VOL_CREATION_WIZARD_DLG DIALOGEX 0, 0, 450, 250
STYLE DS_SETFONT | DS_SETFOREGROUND | DS_FIXEDSYS | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt Volume Creation Wizard"
CLASS "VeraCryptCustomDlg"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- PUSHBUTTON "&Help",IDHELP,176,209,50,14
- PUSHBUTTON "",IDC_PREV,235,209,50,14
- DEFPUSHBUTTON "",IDC_NEXT,285,209,50,14
- PUSHBUTTON "Cancel",IDCANCEL,343,209,50,14
- LTEXT "",IDC_BOX_TITLE,160,8,233,17
- GROUPBOX "",IDC_STATIC,4,0,392,203
- CONTROL 116,IDC_BITMAP_WIZARD,"Static",SS_BITMAP | SS_SUNKEN,10,9,137,169
- LTEXT "",IDC_POS_BOX,160,24,231,172
+ PUSHBUTTON "&Help",IDHELP,166,234,60,14
+ PUSHBUTTON "",IDC_PREV,238,234,60,14
+ DEFPUSHBUTTON "",IDC_NEXT,310,234,60,14
+ PUSHBUTTON "Cancel",IDCANCEL,382,234,60,14
+ LTEXT "",IDC_BOX_TITLE,160,8,283,17
+ GROUPBOX "",IDC_STATIC,51,0,392,230
+ CONTROL 116,IDC_BITMAP_WIZARD,"Static",SS_BITMAP | SS_SUNKEN,10,9,137,193
+ LTEXT "",IDC_POS_BOX,160,24,281,193
END
-IDD_CIPHER_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_CIPHER_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- COMBOBOX IDC_COMBO_BOX,7,23,137,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
- PUSHBUTTON "&Test",IDC_CIPHER_TEST,149,22,59,14
- PUSHBUTTON "&Benchmark",IDC_BENCHMARK,149,100,59,14
- COMBOBOX IDC_COMBO_BOX_HASH_ALGO,7,137,83,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
- LTEXT "",IDC_BOX_HELP,7,40,205,58
- GROUPBOX "Encryption Algorithm",IDT_ENCRYPTION_ALGO,0,10,217,111
- GROUPBOX "Hash Algorithm",IDT_HASH_ALGO,0,124,217,35
- LTEXT "More information",IDC_LINK_MORE_INFO_ABOUT_CIPHER,7,102,135,10,SS_NOTIFY
- LTEXT "Information on hash algorithms",IDC_LINK_HASH_INFO,97,139,115,8,SS_NOTIFY
+ COMBOBOX IDC_COMBO_BOX,7,23,172,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ PUSHBUTTON "&Test",IDC_CIPHER_TEST,191,22,81,14
+ PUSHBUTTON "&Benchmark",IDC_BENCHMARK,191,122,81,14
+ COMBOBOX IDC_COMBO_BOX_HASH_ALGO,7,169,95,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ LTEXT "",IDC_BOX_HELP,7,40,266,78
+ GROUPBOX "Encryption Algorithm",IDT_ENCRYPTION_ALGO,0,10,273,131
+ GROUPBOX "Hash Algorithm",IDT_HASH_ALGO,0,156,273,35
+ LTEXT "More information",IDC_LINK_MORE_INFO_ABOUT_CIPHER,7,124,176,10,SS_NOTIFY
+ LTEXT "Information on hash algorithms",IDC_LINK_HASH_INFO,121,171,148,8,SS_NOTIFY
END
-IDD_PASSWORD_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_PASSWORD_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_PASSWORD,53,3,170,14,ES_PASSWORD | ES_AUTOHSCROLL
- EDITTEXT IDC_VERIFY,53,19,170,14,ES_PASSWORD | ES_AUTOHSCROLL
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,35,95,10
- PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,152,36,71,14,WS_DISABLED
- CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,45,95,11,WS_EX_TRANSPARENT
- CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,56,97,10
- RTEXT "Password:",IDT_PASSWORD,1,6,50,8
- RTEXT "&Confirm:",IDT_CONFIRM,1,23,50,8
- LTEXT "",IDC_BOX_HELP,0,71,225,97
+ EDITTEXT IDC_PASSWORD,71,3,202,14,ES_PASSWORD | ES_AUTOHSCROLL
+ EDITTEXT IDC_VERIFY,71,19,202,14,ES_PASSWORD | ES_AUTOHSCROLL
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,35,103,10
+ PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,182,36,91,14,WS_DISABLED
+ CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,45,108,11,WS_EX_TRANSPARENT
+ CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,56,114,10
+ RTEXT "Password:",IDT_PASSWORD,1,6,68,8
+ RTEXT "&Confirm:",IDT_CONFIRM,1,23,68,8
+ LTEXT "",IDC_BOX_HELP,0,71,273,121
END
-IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_SIZEBOX,0,22,71,14,ES_AUTOHSCROLL | ES_NUMBER
- CONTROL "&KB",IDC_KB,"Button",BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,80,25,27,10
- CONTROL "&MB",IDC_MB,"Button",BS_AUTORADIOBUTTON,115,25,27,10
- CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,150,25,27,10
- LTEXT "",IDC_BOX_HELP,0,84,214,75
- LTEXT "",IDC_SPACE_LEFT,0,44,214,33
- CONTROL "&TB",IDC_TB,"Button",BS_AUTORADIOBUTTON,185,25,27,10
+ EDITTEXT IDC_SIZEBOX,0,22,96,14,ES_AUTOHSCROLL | ES_NUMBER
+ CONTROL "&KB",IDC_KB,"Button",BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,105,25,27,10
+ CONTROL "&MB",IDC_MB,"Button",BS_AUTORADIOBUTTON,140,25,27,10
+ CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,175,25,27,10
+ LTEXT "",IDC_BOX_HELP,0,65,273,123
+ LTEXT "",IDC_SPACE_LEFT,0,44,273,18
+ CONTROL "&TB",IDC_TB,"Button",BS_AUTORADIOBUTTON,210,25,27,10
END
-IDD_VOLUME_LOCATION_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_VOLUME_LOCATION_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- COMBOBOX IDC_COMBO_BOX,0,9,148,80,CBS_DROPDOWN | CBS_AUTOHSCROLL | WS_VSCROLL | WS_TABSTOP
- CONTROL "&Never save history",IDC_NO_HISTORY,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,3,28,213,10
- PUSHBUTTON "",IDC_SELECT_VOLUME_LOCATION,155,9,62,14
- LTEXT "",IDC_BOX_HELP,0,42,219,125
+ COMBOBOX IDC_COMBO_BOX,0,9,174,80,CBS_DROPDOWN | CBS_AUTOHSCROLL | WS_VSCROLL | WS_TABSTOP
+ CONTROL "&Never save history",IDC_NO_HISTORY,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,3,28,270,10
+ PUSHBUTTON "",IDC_SELECT_VOLUME_LOCATION,181,9,92,14
+ LTEXT "",IDC_BOX_HELP,0,45,273,143
END
-IDD_FORMAT_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_FORMAT_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- COMBOBOX IDC_FILESYS,43,13,36,90,CBS_DROPDOWNLIST | WS_TABSTOP
- COMBOBOX IDC_CLUSTERSIZE,112,13,42,90,CBS_DROPDOWNLIST | WS_TABSTOP
- CONTROL "Quick Format",IDC_QUICKFORMAT,"Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,163,9,60,8
- CONTROL "",IDC_SHOW_KEYS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,214,38,9,8
- PUSHBUTTON "Abort",IDC_ABORT_BUTTON,169,75,50,14
- RTEXT "Header Key: ",IDT_HEADER_KEY,2,47,54,8
- CONTROL "",IDC_HEADER_KEY,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,57,46,163,8,WS_EX_TRANSPARENT
- RTEXT "Master Key: ",IDT_MASTER_KEY,2,55,54,8
- LTEXT "",IDC_DISK_KEY,57,54,163,8,0,WS_EX_TRANSPARENT
- RTEXT "Cluster ",IDT_CLUSTER,80,15,32,8
- LTEXT "",IDC_BOX_HELP,1,112,224,40
- GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,3,225,29
- CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,76,158,12
- RTEXT "",IDC_TIMEREMAIN,177,93,42,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_WRITESPEED,106,93,42,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ COMBOBOX IDC_FILESYS,50,13,36,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ COMBOBOX IDC_CLUSTERSIZE,135,13,42,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ CONTROL "Quick Format",IDC_QUICKFORMAT,"Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,181,9,92,8
+ CONTROL "",IDC_SHOW_KEYS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,265,38,9,8
+ PUSHBUTTON "Abort",IDC_ABORT_BUTTON,200,75,64,14
+ RTEXT "Header Key: ",IDT_HEADER_KEY,2,47,76,8
+ CONTROL "",IDC_HEADER_KEY,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,83,46,190,8,WS_EX_TRANSPARENT
+ RTEXT "Master Key: ",IDT_MASTER_KEY,2,55,76,8
+ LTEXT "",IDC_DISK_KEY,83,54,190,8,0,WS_EX_TRANSPARENT
+ RTEXT "Cluster ",IDT_CLUSTER,91,15,44,8
+ LTEXT "",IDC_BOX_HELP,1,112,274,58
+ GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,3,276,29
+ CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,76,189,12
+ RTEXT "",IDC_TIMEREMAIN,217,93,46,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "",IDC_WRITESPEED,128,93,42,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
LTEXT "",IDC_BYTESWRITTEN,29,93,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
RTEXT "Done",IDT_DONE,5,94,22,8
- RTEXT "Speed",IDT_SPEED,70,94,34,8
- RTEXT "Left",IDT_LEFT,150,94,25,8
- GROUPBOX "",IDC_STATIC,0,67,225,41
- RTEXT "Filesystem ",IDT_FILESYSTEM,1,15,41,8,0,WS_EX_RIGHT
- RTEXT "Random Pool: ",IDT_RANDOM_POOL,2,39,54,8
- GROUPBOX "",IDC_STATIC,0,32,225,35
- CONTROL "",IDC_RANDOM_BYTES,"Static",SS_SIMPLE | WS_GROUP,57,38,155,8,WS_EX_TRANSPARENT
- GROUPBOX "Randomness Collected From Mouse Movements",IDT_ENTROPY_BAR,0,153,224,18
- CONTROL "",IDC_ENTROPY_BAR,"msctls_progress32",WS_BORDER,11,162,202,6
- CONTROL "Dynamic",SPARSE_FILE,"Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,163,21,60,8
-END
-
-IDD_INTRO_PAGE_DLG DIALOGEX 0, 0, 226, 172
+ RTEXT "Speed",IDT_SPEED,81,94,45,8
+ RTEXT "Left",IDT_LEFT,177,94,35,8
+ GROUPBOX "",IDC_STATIC,0,67,276,41
+ RTEXT "Filesystem ",IDT_FILESYSTEM,1,15,46,8,0,WS_EX_RIGHT
+ RTEXT "Random Pool: ",IDT_RANDOM_POOL,2,39,76,8
+ GROUPBOX "",IDC_STATIC,0,32,276,35
+ CONTROL "",IDC_RANDOM_BYTES,"Static",SS_SIMPLE | WS_GROUP,83,38,177,8,WS_EX_TRANSPARENT
+ GROUPBOX "Randomness Collected From Mouse Movements",IDT_ENTROPY_BAR,0,175,276,18
+ CONTROL "",IDC_ENTROPY_BAR,"msctls_progress32",WS_BORDER,20,184,235,6
+ CONTROL "Dynamic",SPARSE_FILE,"Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,181,21,92,8
+END
+
+IDD_INTRO_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Create an encrypted file container",IDC_FILE_CONTAINER,
- "Button",BS_AUTORADIOBUTTON,0,7,217,10
- LTEXT "More information",IDC_MORE_INFO_ON_CONTAINERS,16,40,165,10,SS_NOTIFY
+ "Button",BS_AUTORADIOBUTTON,0,7,269,10
+ LTEXT "More information",IDC_MORE_INFO_ON_CONTAINERS,16,40,253,10,SS_NOTIFY
CONTROL "Encrypt a non-system partition/drive",IDC_NONSYS_DEVICE,
- "Button",BS_AUTORADIOBUTTON,0,53,217,10
+ "Button",BS_AUTORADIOBUTTON,0,55,269,10
CONTROL "Encrypt the system partition or entire system drive",IDC_SYS_DEVICE,
- "Button",BS_AUTORADIOBUTTON,0,89,217,10
- LTEXT "More information about system encryption",IDC_MORE_INFO_ON_SYS_ENCRYPTION,16,153,190,10,SS_NOTIFY
- LTEXT "Creates a virtual encrypted disk within a file. Recommended for inexperienced users.",IDT_FILE_CONTAINER,16,20,205,16
- LTEXT "Encrypts a non-system partition on any internal or external drive (e.g. a flash drive). Optionally, creates a hidden volume.",IDT_NON_SYS_DEVICE,16,66,205,20
- LTEXT "Encrypts the partition/drive where Windows is installed. Anyone who wants to gain access and use the system, read and write files, etc., will need to enter the correct password each time before Windows boots. Optionally, creates a hidden system.",IDT_SYS_DEVICE,16,102,205,47
+ "Button",BS_AUTORADIOBUTTON,0,98,269,10
+ LTEXT "More information about system encryption",IDC_MORE_INFO_ON_SYS_ENCRYPTION,16,177,253,10,SS_NOTIFY
+ LTEXT "Creates a virtual encrypted disk within a file. Recommended for inexperienced users.",IDT_FILE_CONTAINER,16,20,253,16
+ LTEXT "Encrypts a non-system partition on any internal or external drive (e.g. a flash drive). Optionally, creates a hidden volume.",IDT_NON_SYS_DEVICE,16,68,253,26
+ LTEXT "Encrypts the partition/drive where Windows is installed. Anyone who wants to gain access and use the system, read and write files, etc., will need to enter the correct password each time before Windows boots. Optionally, creates a hidden system.",IDT_SYS_DEVICE,16,112,253,59
END
-IDD_INFO_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_INFO_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "",IDC_BOX_HELP,0,10,225,155
+ LTEXT "",IDC_BOX_HELP,0,31,269,155
END
-IDD_HIDVOL_HOST_FILL_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_HIDVOL_HOST_FILL_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "",IDC_BOX_HELP,0,6,226,138
- PUSHBUTTON "Open Outer Volume",IDC_OPEN_OUTER_VOLUME,0,146,85,14
+ LTEXT "",IDC_BOX_HELP,0,6,269,167
+ PUSHBUTTON "Open Outer Volume",IDC_OPEN_OUTER_VOLUME,0,176,85,14
END
-IDD_HIDDEN_VOL_WIZARD_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_HIDDEN_VOL_WIZARD_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Normal mode",IDC_HIDVOL_WIZ_MODE_FULL,"Button",BS_AUTORADIOBUTTON,0,7,217,10
- CONTROL "Direct mode",IDC_HIDVOL_WIZ_MODE_DIRECT,"Button",BS_AUTORADIOBUTTON,0,87,217,10
- LTEXT "",IDC_BOX_HELP,16,20,205,63
- LTEXT "",IDC_BOX_HELP2,16,101,205,59
+ CONTROL "Normal mode",IDC_HIDVOL_WIZ_MODE_FULL,"Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "Direct mode",IDC_HIDVOL_WIZ_MODE_DIRECT,"Button",BS_AUTORADIOBUTTON,0,97,269,10
+ LTEXT "",IDC_BOX_HELP,16,20,253,72
+ LTEXT "",IDC_BOX_HELP2,16,110,253,72
END
-IDD_PASSWORD_ENTRY_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_PASSWORD_ENTRY_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_PASSWORD_DIRECT,50,2,173,14,ES_PASSWORD | ES_AUTOHSCROLL
- COMBOBOX IDC_PKCS5_PRF_ID,50,17,104,90,CBS_DROPDOWNLIST | WS_TABSTOP
- EDITTEXT IDC_PIM,50,32,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER | NOT WS_VISIBLE
- LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,96,34,127,8,NOT WS_VISIBLE
- CONTROL "&Display password",IDC_SHOW_PASSWORD_SINGLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,50,46,84,11,WS_EX_TRANSPARENT
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,50,57,94,11
- PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,149,54,74,14
- LTEXT "",IDC_BOX_HELP,0,74,225,94
- RTEXT "Password:",IDT_PASSWORD,0,6,48,8
- RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,0,19,48,8
- RTEXT "Volume PIM:",IDT_PIM,0,35,48,8,NOT WS_VISIBLE
- CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,50,35,97,10
-END
-
-IDD_VOLUME_TYPE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+ EDITTEXT IDC_PASSWORD_DIRECT,75,2,198,14,ES_PASSWORD | ES_AUTOHSCROLL
+ COMBOBOX IDC_PKCS5_PRF_ID,75,17,131,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ EDITTEXT IDC_PIM,75,32,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER | NOT WS_VISIBLE
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,121,34,152,8,NOT WS_VISIBLE
+ CONTROL "&Display password",IDC_SHOW_PASSWORD_SINGLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,75,46,109,11,WS_EX_TRANSPARENT
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,75,57,106,11
+ PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,188,54,85,14
+ LTEXT "",IDC_BOX_HELP,0,74,273,119
+ RTEXT "Password:",IDT_PASSWORD,0,6,71,8
+ RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,0,19,71,8
+ RTEXT "Volume PIM:",IDT_PIM,0,35,71,8,NOT WS_VISIBLE
+ CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,75,35,97,10
+END
+
+IDD_VOLUME_TYPE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Standard VeraCrypt volume",IDC_STD_VOL,"Button",BS_AUTORADIOBUTTON,0,7,212,10
- CONTROL "Hi&dden VeraCrypt volume ",IDC_HIDDEN_VOL,"Button",BS_AUTORADIOBUTTON,0,68,212,10
- LTEXT "More information about hidden volumes",IDC_HIDDEN_VOL_HELP,16,151,205,10,SS_NOTIFY
- LTEXT "",IDC_BOX_HELP_NORMAL_VOL,16,20,205,41
- LTEXT "",IDC_BOX_HELP,16,83,205,62
+ CONTROL "Standard VeraCrypt volume",IDC_STD_VOL,"Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "Hi&dden VeraCrypt volume ",IDC_HIDDEN_VOL,"Button",BS_AUTORADIOBUTTON,0,76,269,10
+ LTEXT "More information about hidden volumes",IDC_HIDDEN_VOL_HELP,16,173,253,10,SS_NOTIFY
+ LTEXT "",IDC_BOX_HELP_NORMAL_VOL,16,20,253,52
+ LTEXT "",IDC_BOX_HELP,16,93,253,70
END
-IDD_SYSENC_SPAN_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_SPAN_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Encrypt the Windows system partition",IDC_SYS_PARTITION,
- "Button",BS_AUTORADIOBUTTON,0,7,212,10
- CONTROL "Encrypt the whole drive",IDC_WHOLE_SYS_DRIVE,"Button",BS_AUTORADIOBUTTON,0,53,212,10
- LTEXT "Select this option to encrypt the partition where the currently running Windows operating system is installed.",IDT_SYS_PARTITION,16,20,205,32
- LTEXT "",IDT_WHOLE_SYS_DRIVE,16,70,205,95
+ "Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "Encrypt the whole drive",IDC_WHOLE_SYS_DRIVE,"Button",BS_AUTORADIOBUTTON,0,67,269,10
+ LTEXT "Select this option to encrypt the partition where the currently running Windows operating system is installed.",IDT_SYS_PARTITION,16,20,253,42
+ LTEXT "",IDT_WHOLE_SYS_DRIVE,16,82,253,104
END
-IDD_SYSENC_RESCUE_DISK_CREATION_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_RESCUE_DISK_CREATION_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_RESCUE_DISK_ISO_PATH,0,159,163,13,ES_AUTOHSCROLL
- PUSHBUTTON "Bro&wse...",IDC_BROWSE,166,158,59,14
- LTEXT "",IDT_RESCUE_DISK_INFO,0,1,225,137
+ EDITTEXT IDC_RESCUE_DISK_ISO_PATH,0,180,201,13,ES_AUTOHSCROLL
+ PUSHBUTTON "Bro&wse...",IDC_BROWSE,204,179,70,14
+ LTEXT "",IDT_RESCUE_DISK_INFO,0,1,273,137
CONTROL "Skip Rescue Disk verification",IDC_SKIP_RESCUE_VERIFICATION,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,0,145,106,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,0,166,273,10
END
-IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- CONTROL "Display pool content",IDC_DISPLAY_POOL_CONTENTS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,1,98,122,10
- CONTROL "",IDC_SYS_POOL_CONTENTS,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,8,14,205,72,WS_EX_TRANSPARENT
- LTEXT "IMPORTANT: Move your mouse as randomly as possible within this window. The longer you move it, the better. This significantly increases the cryptographic strength of the encryption keys. Then click Next to continue.",IDT_COLLECTING_RANDOM_DATA_NOTE,1,112,224,40
- GROUPBOX "Current pool content (partial)",IDT_PARTIAL_POOL_CONTENTS,0,5,222,88
- GROUPBOX "Randomness Collected From Mouse Movements",IDT_ENTROPY_BAR,0,154,224,18
- CONTROL "",IDC_ENTROPY_BAR,"msctls_progress32",WS_BORDER,11,163,202,6
+ CONTROL "Display pool content",IDC_DISPLAY_POOL_CONTENTS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,10,93,266,10
+ CONTROL "",IDC_SYS_POOL_CONTENTS,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,33,17,209,63,WS_EX_TRANSPARENT
+ LTEXT "IMPORTANT: Move your mouse as randomly as possible within this window. The longer you move it, the better. This significantly increases the cryptographic strength of the encryption keys. Then click Next to continue.",IDT_COLLECTING_RANDOM_DATA_NOTE,10,107,265,63
+ GROUPBOX "Current pool content (partial)",IDT_PARTIAL_POOL_CONTENTS,0,5,276,83
+ GROUPBOX "Randomness Collected From Mouse Movements",IDT_ENTROPY_BAR,0,174,276,18
+ CONTROL "",IDC_ENTROPY_BAR,"msctls_progress32",WS_BORDER,11,183,254,6
END
-IDD_SYSENC_MULTI_BOOT_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_MULTI_BOOT_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Single-boot",IDC_SINGLE_BOOT,"Button",BS_AUTORADIOBUTTON,0,7,212,10
- CONTROL "Multi-boot",IDC_MULTI_BOOT,"Button",BS_AUTORADIOBUTTON,0,53,217,10
- LTEXT "Select this option if there is only one operating system installed on this computer (even if it has multiple users).",IDT_SINGLE_BOOT,16,20,205,32
- LTEXT "Select this option if there are two or more operating systems installed on this computer.\n\nFor example:\n- Windows XP and Windows XP\n- Windows XP and Windows Vista\n- Windows and Mac OS X\n- Windows and Linux\n- Windows, Linux and Mac OS X",IDT_MULTI_BOOT,16,66,205,72
+ CONTROL "Single-boot",IDC_SINGLE_BOOT,"Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "Multi-boot",IDC_MULTI_BOOT,"Button",BS_AUTORADIOBUTTON,0,75,217,10
+ LTEXT "Select this option if there is only one operating system installed on this computer (even if it has multiple users).",IDT_SINGLE_BOOT,16,20,253,48
+ LTEXT "Select this option if there are two or more operating systems installed on this computer.\n\nFor example:\n- Windows XP and Windows XP\n- Windows XP and Windows Vista\n- Windows and Mac OS X\n- Windows and Linux\n- Windows, Linux and Mac OS X",IDT_MULTI_BOOT,16,89,253,90
END
-IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- LTEXT "Download CD/DVD recording software",IDC_DOWNLOAD_CD_BURN_SOFTWARE,0,136,217,10,SS_NOTIFY
- LTEXT "",IDT_RESCUE_DISK_BURN_INFO,0,4,225,128
+ LTEXT "Download CD/DVD recording software",IDC_DOWNLOAD_CD_BURN_SOFTWARE,0,159,273,10,SS_NOTIFY
+ LTEXT "",IDT_RESCUE_DISK_BURN_INFO,0,4,273,148
END
-IDD_SYSENC_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- COMBOBOX IDC_WIPE_MODE,61,0,127,90,CBS_DROPDOWNLIST | WS_TABSTOP
- RTEXT "Wipe mode:",IDT_WIPE_MODE,0,2,59,8,0,WS_EX_RIGHT
- LTEXT "",IDT_WIPE_MODE_INFO,0,19,225,128
+ COMBOBOX IDC_WIPE_MODE,88,0,138,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,0,2,83,8,0,WS_EX_RIGHT
+ LTEXT "",IDT_WIPE_MODE_INFO,0,19,269,167
END
-IDD_INPLACE_ENCRYPTION_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_INPLACE_ENCRYPTION_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- COMBOBOX IDC_WIPE_MODE,67,13,125,90,CBS_DROPDOWNLIST | WS_TABSTOP
- PUSHBUTTON "&Pause",IDC_PAUSE,169,40,50,14
- LTEXT "More information",IDC_MORE_INFO_SYS_ENCRYPTION,1,150,202,10,SS_NOTIFY
+ COMBOBOX IDC_WIPE_MODE,96,13,125,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ PUSHBUTTON "&Pause",IDC_PAUSE,204,40,63,14
+ LTEXT "More information",IDC_MORE_INFO_SYS_ENCRYPTION,1,176,266,10,SS_NOTIFY
LTEXT "",IDC_BYTESWRITTEN,29,58,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_WRITESPEED,103,58,46,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_TIMEREMAIN,177,58,42,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "Wipe mode:",IDT_WIPE_MODE,6,15,59,8,0,WS_EX_RIGHT
- CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,41,158,12
+ RTEXT "",IDC_WRITESPEED,110,58,56,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "",IDC_TIMEREMAIN,212,58,54,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,6,15,85,8,0,WS_EX_RIGHT
+ CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,41,192,12
RTEXT "Done",IDT_DONE,5,59,22,8
- RTEXT "Status",IDT_STATUS,72,59,29,8
- RTEXT "Left",IDT_LEFT,151,59,24,8
- LTEXT "",IDC_BOX_HELP,1,77,224,70
- GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,3,225,29
- GROUPBOX "",IDC_STATIC,0,32,225,41
+ RTEXT "Status",IDT_STATUS,73,59,33,8
+ RTEXT "Left",IDT_LEFT,172,59,35,8
+ LTEXT "",IDC_BOX_HELP,1,77,266,95
+ GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,3,267,29
+ GROUPBOX "",IDC_STATIC,0,32,267,41
END
-IDD_SYSENC_KEYS_GEN_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_KEYS_GEN_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
CONTROL "Display generated keys (their portions)",IDC_DISPLAY_KEYS,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,1,94,216,10
- CONTROL "",IDC_HEADER_KEY,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,57,71,163,8,WS_EX_TRANSPARENT
- LTEXT "",IDC_DISK_KEY,57,79,163,8,0,WS_EX_TRANSPARENT
- LTEXT "The keys, salt, and other data have been successfully generated. If you want to generate new keys, click Back and then Next. Otherwise, click Next to continue.",IDT_SYSENC_KEYS_GEN_INFO,1,23,224,41
- RTEXT "Header Key: ",IDT_HEADER_KEY,2,72,54,8
- RTEXT "Master Key: ",IDT_MASTER_KEY,2,80,54,8
- GROUPBOX "",-1,0,65,225,26
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,51,110,216,10
+ CONTROL "",IDC_HEADER_KEY,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,100,87,163,8,WS_EX_TRANSPARENT
+ LTEXT "",IDC_DISK_KEY,100,95,163,8,0,WS_EX_TRANSPARENT
+ LTEXT "The keys, salt, and other data have been successfully generated. If you want to generate new keys, click Back and then Next. Otherwise, click Next to continue.",IDT_SYSENC_KEYS_GEN_INFO,1,23,266,57
+ RTEXT "Header Key: ",IDT_HEADER_KEY,2,88,93,8
+ RTEXT "Master Key: ",IDT_MASTER_KEY,2,96,93,8
+ GROUPBOX "",-1,0,81,267,26
END
-IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "",IDC_CHOICE1,"Button",BS_AUTORADIOBUTTON,0,7,212,10
- CONTROL "",IDC_CHOICE2,"Button",BS_AUTORADIOBUTTON,0,17,217,10
- LTEXT "",IDC_BOX_HELP,1,34,220,112
+ CONTROL "",IDC_CHOICE1,"Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "",IDC_CHOICE2,"Button",BS_AUTORADIOBUTTON,0,17,269,10
+ LTEXT "",IDC_BOX_HELP,1,34,268,152
END
-IDD_SYSENC_DRIVE_ANALYSIS_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_DRIVE_ANALYSIS_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- LTEXT "",IDT_SYSENC_DRIVE_ANALYSIS_INFO,2,10,215,88
- CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,1,115,216,12
- LTEXT "Progress:",IDT_PROGRESS,2,104,57,8
+ LTEXT "",IDT_SYSENC_DRIVE_ANALYSIS_INFO,0,10,267,109
+ CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,0,135,267,12
+ LTEXT "Progress:",IDT_PROGRESS,2,124,172,8
END
-IDD_SYSENC_TYPE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_TYPE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Normal",IDC_SYSENC_NORMAL,"Button",BS_AUTORADIOBUTTON,0,7,212,10
- CONTROL "Hi&dden",IDC_SYSENC_HIDDEN,"Button",BS_AUTORADIOBUTTON,0,53,212,10
- LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,16,148,205,10,SS_NOTIFY
- LTEXT "",IDC_BOX_HELP_SYSENC_NORMAL,16,20,205,25
- LTEXT "",IDC_BOX_HELP,16,67,205,72
+ CONTROL "Normal",IDC_SYSENC_NORMAL,"Button",BS_AUTORADIOBUTTON,0,7,269,10
+ CONTROL "Hi&dden",IDC_SYSENC_HIDDEN,"Button",BS_AUTORADIOBUTTON,0,64,269,10
+ LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,16,173,253,10,SS_NOTIFY
+ LTEXT "",IDC_BOX_HELP_SYSENC_NORMAL,16,20,253,41
+ LTEXT "",IDC_BOX_HELP,16,78,253,90
END
-IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,0,150,217,10,SS_NOTIFY
- LTEXT "",IDC_BOX_HELP,0,2,225,142
+ LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,0,172,273,10,SS_NOTIFY
+ LTEXT "",IDC_BOX_HELP,0,2,273,166
END
-IDD_DEVICE_WIPE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_DEVICE_WIPE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- PUSHBUTTON "Abort",IDC_ABORT_BUTTON,169,48,50,14
+ PUSHBUTTON "Abort",IDC_ABORT_BUTTON,217,48,50,14
LTEXT "",IDC_BYTESWRITTEN,29,66,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_WRITESPEED,103,66,46,11,SS_CENTERIMAGE | NOT WS_VISIBLE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_TIMEREMAIN,177,66,42,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "Wipe mode:",IDT_WIPE_MODE,6,22,59,8,0,WS_EX_RIGHT
- CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,49,158,12
+ RTEXT "",IDC_WRITESPEED,119,66,46,11,SS_CENTERIMAGE | NOT WS_VISIBLE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "",IDC_TIMEREMAIN,219,66,48,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,6,22,92,8,0,WS_EX_RIGHT
+ CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,49,208,12
RTEXT "Done",IDT_DONE,5,67,22,8
- RTEXT "Pass",IDT_PASS,72,67,29,8,NOT WS_VISIBLE
- RTEXT "Left",IDT_LEFT,151,67,24,8
- LTEXT "",IDC_BOX_HELP,1,86,224,80
- GROUPBOX "",IDT_FORMAT_OPTIONS,0,10,225,29
- GROUPBOX "",IDC_STATIC,0,40,225,42
- LTEXT "",IDC_WIPE_MODE,67,21,125,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_STATICEDGE
+ RTEXT "Pass",IDT_PASS,73,67,44,8,NOT WS_VISIBLE
+ RTEXT "Left",IDT_LEFT,180,67,34,8
+ LTEXT "",IDC_BOX_HELP,1,96,266,91
+ GROUPBOX "",IDT_FORMAT_OPTIONS,0,10,267,29
+ GROUPBOX "",IDC_STATIC,0,40,267,42
+ LTEXT "",IDC_WIPE_MODE,101,21,125,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_STATICEDGE
END
-IDD_DEVICE_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_DEVICE_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- COMBOBOX IDC_WIPE_MODE,61,9,127,90,CBS_DROPDOWNLIST | WS_TABSTOP
- RTEXT "Wipe mode:",IDT_WIPE_MODE,0,11,59,8,0,WS_EX_RIGHT
- LTEXT "",IDT_WIPE_MODE_INFO,0,29,225,122
+ COMBOBOX IDC_WIPE_MODE,89,9,127,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,0,11,86,8,0,WS_EX_RIGHT
+ LTEXT "",IDT_WIPE_MODE_INFO,0,29,269,157
END
-IDD_DEVICE_TRANSFORM_MODE_DLG DIALOGEX 0, 0, 226, 172
+IDD_DEVICE_TRANSFORM_MODE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Create encrypted volume and format it",IDC_DEVICE_TRANSFORM_MODE_FORMAT,
- "Button",BS_AUTORADIOBUTTON,0,8,217,10
+ "Button",BS_AUTORADIOBUTTON,0,8,269,10
CONTROL "Encrypt partition in place",IDC_DEVICE_TRANSFORM_MODE_INPLACE,
- "Button",BS_AUTORADIOBUTTON,0,98,217,10
- LTEXT "",IDC_BOX_HELP,16,21,205,74
- LTEXT "",IDC_BOX_HELP2,16,112,205,53
+ "Button",BS_AUTORADIOBUTTON,0,111,269,10
+ LTEXT "",IDC_BOX_HELP,16,21,253,84
+ LTEXT "",IDC_BOX_HELP2,16,125,253,61
END
-IDD_EXPANDED_LIST_SELECT_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_EXPANDED_LIST_SELECT_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "",IDC_BOX_HELP,0,107,225,58
- LISTBOX IDC_LIST_BOX,0,3,222,100,LBS_NOINTEGRALHEIGHT | LBS_DISABLENOSCROLL | WS_VSCROLL
+ LTEXT "",IDC_BOX_HELP,0,117,269,69
+ LISTBOX IDC_LIST_BOX,0,3,269,107,LBS_NOINTEGRALHEIGHT | LBS_DISABLENOSCROLL | WS_VSCROLL
END
-IDD_DRIVE_LETTER_SELECTION_PAGE DIALOGEX 0, 0, 226, 172
+IDD_DRIVE_LETTER_SELECTION_PAGE DIALOGEX 0, 0, 277, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "",IDC_BOX_HELP,0,40,225,118
- COMBOBOX IDC_DRIVE_LETTER_LIST,94,15,38,69,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
- RTEXT "Drive letter:",IDT_DRIVE_LETTER,5,17,86,8
+ LTEXT "",IDC_BOX_HELP,0,40,270,146
+ COMBOBOX IDC_DRIVE_LETTER_LIST,115,15,38,69,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ RTEXT "Drive letter:",IDT_DRIVE_LETTER,5,17,106,8
END
-IDD_PIM_PAGE_DLG DIALOGEX 0, 0, 226, 172
+IDD_PIM_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_PIM,53,0,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER
- LTEXT "",IDC_BOX_HELP,0,32,225,126
- RTEXT "Volume PIM:",IDT_PIM,1,3,50,8
- LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,97,3,126,8
- LTEXT "Information on PIM",IDC_LINK_PIM_INFO,0,161,213,8,SS_NOTIFY
- CONTROL "Display PIM",IDC_SHOW_PIM,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,17,150,10
+ EDITTEXT IDC_PIM,74,0,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER
+ LTEXT "",IDC_BOX_HELP,0,32,273,142
+ RTEXT "Volume PIM:",IDT_PIM,1,3,69,8
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,120,3,153,8
+ LTEXT "Information on PIM",IDC_LINK_PIM_INFO,0,179,273,8,SS_NOTIFY
+ CONTROL "Display PIM",IDC_SHOW_PIM,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,74,17,196,10
END
@@ -491,40 +491,38 @@ GUIDELINES DESIGNINFO
BEGIN
IDD_VOL_CREATION_WIZARD_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 393
+ RIGHTMARGIN, 443
TOPMARGIN, 1
- BOTTOMMARGIN, 227
- HORZGUIDE, 216
+ BOTTOMMARGIN, 248
+ HORZGUIDE, 241
END
IDD_CIPHER_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 161
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 182
END
IDD_PASSWORD_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 143
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 192
END
IDD_SIZE_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 165
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 186
END
IDD_VOLUME_LOCATION_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 167
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 188
END
IDD_FORMAT_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 153
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -532,67 +530,65 @@ BEGIN
IDD_INTRO_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_INFO_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_HIDVOL_HOST_FILL_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_HIDDEN_VOL_WIZARD_MODE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_PASSWORD_ENTRY_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 143
+ RIGHTMARGIN, 273
END
IDD_VOLUME_TYPE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_SYSENC_SPAN_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_SYSENC_RESCUE_DISK_CREATION_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 167
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 188
END
IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 153
+ BOTTOMMARGIN, 174
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -600,37 +596,37 @@ BEGIN
IDD_SYSENC_MULTI_BOOT_MODE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 167
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 188
END
IDD_SYSENC_WIPE_MODE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_INPLACE_ENCRYPTION_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 166
+ RIGHTMARGIN, 267
+ BOTTOMMARGIN, 187
HORZGUIDE, 80
HORZGUIDE, 96
END
IDD_SYSENC_KEYS_GEN_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 153
+ RIGHTMARGIN, 267
+ BOTTOMMARGIN, 174
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -638,15 +634,15 @@ BEGIN
IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_SYSENC_DRIVE_ANALYSIS_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 153
+ RIGHTMARGIN, 267
+ BOTTOMMARGIN, 174
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -654,21 +650,21 @@ BEGIN
IDD_SYSENC_TYPE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 167
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 188
END
IDD_DEVICE_WIPE_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 217
- BOTTOMMARGIN, 166
+ RIGHTMARGIN, 267
+ BOTTOMMARGIN, 187
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -676,39 +672,39 @@ BEGIN
IDD_DEVICE_WIPE_MODE_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_DEVICE_TRANSFORM_MODE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_EXPANDED_LIST_SELECT_PAGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 269
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_DRIVE_LETTER_SELECTION_PAGE, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 219
+ RIGHTMARGIN, 270
TOPMARGIN, 7
- BOTTOMMARGIN, 165
+ BOTTOMMARGIN, 186
END
IDD_PIM_PAGE_DLG, DIALOG
BEGIN
- RIGHTMARGIN, 223
- BOTTOMMARGIN, 171
+ RIGHTMARGIN, 273
+ BOTTOMMARGIN, 192
END
END
#endif // APSTUDIO_INVOKED
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index 0841aaa..002b6c5 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -250,6 +250,7 @@ int CmdVolumeFilesystem = FILESYS_NONE;
unsigned __int64 CmdVolumeFileSize = 0;
BOOL CmdSparseFileSwitch = FALSE;
BOOL CmdQuickFormat = FALSE;
+BOOL CmdFastCreateFile = FALSE;
BOOL bForceOperation = FALSE;
@@ -282,6 +283,7 @@ BOOL bDisplayPoolContents = TRUE;
volatile BOOL bSparseFileSwitch = FALSE;
volatile BOOL quickFormat = FALSE;
+volatile BOOL fastCreateFile = FALSE;
volatile BOOL dynamicFormat = FALSE; /* this variable represents the sparse file flag. */
volatile int fileSystem = FILESYS_NONE;
volatile int clusterSize = 0;
@@ -2635,6 +2637,7 @@ static void __cdecl volTransformThreadFunction (void *hwndDlgArg)
volParams->clusterSize = clusterSize;
volParams->sparseFileSwitch = dynamicFormat;
volParams->quickFormat = quickFormat;
+ volParams->fastCreateFile = fastCreateFile;
volParams->sectorSize = GetFormatSectorSize();
volParams->realClusterSize = &realClusterSize;
volParams->password = &volumePassword;
@@ -3313,6 +3316,12 @@ BOOL IsSparseFile (HWND hwndDlg)
if (bPreserveTimestamp)
{
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (hFile, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (hFile, NULL, &ftLastAccessTime, NULL) == 0)
bTimeStampValid = FALSE;
else
@@ -3352,6 +3361,12 @@ BOOL GetFileVolSize (HWND hwndDlg, unsigned __int64 *size)
if (bPreserveTimestamp)
{
+ FILETIME ftLastAccessTime;
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (hFile, NULL, &ftLastAccessTime, NULL);
+
if (GetFileTime (hFile, NULL, &ftLastAccessTime, NULL) == 0)
bTimeStampValid = FALSE;
else
@@ -4391,7 +4406,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetCheckBox (hwndDlg, IDC_PIM_ENABLE, PimEnable);
SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable && !SysEncInEffect());
- EnableWindow (GetDlgItem (hwndDlg, IDC_KEY_FILES), KeyFilesEnable);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEY_FILES), KeyFilesEnable && !SysEncInEffect());
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEYFILES_ENABLE), !SysEncInEffect());
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), str);
@@ -6221,6 +6237,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
quickFormat = CmdQuickFormat;
+ fastCreateFile = CmdFastCreateFile;
dynamicFormat = CmdSparseFileSwitch;
if (!GetDiskFreeSpaceEx (root, &free, 0, 0))
@@ -6242,7 +6259,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
else
{
- if (!dynamicFormat && (nVolumeSize > free.QuadPart))
+ if (!dynamicFormat && !bDontCheckFileContainerSize && (nVolumeSize > free.QuadPart))
{
AbortProcess ("ERR_CONTAINER_SIZE_TOO_BIG");
}
@@ -8981,6 +8998,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionForce,
OptionNoSizeCheck,
OptionQuickFormat,
+ OptionFastCreateFile,
};
argument args[]=
@@ -9003,6 +9021,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionForce, L"/force", NULL, FALSE },
{ OptionNoSizeCheck, L"/nosizecheck", NULL, FALSE },
{ OptionQuickFormat, L"/quick", NULL, FALSE },
+ { OptionFastCreateFile, L"/fastcreatefile", NULL, FALSE },
// Internal
{ CommandResumeSysEncLogOn, L"/acsysenc", L"/a", TRUE },
@@ -9359,6 +9378,10 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
CmdQuickFormat = TRUE;
break;
+ case OptionFastCreateFile:
+ CmdFastCreateFile = TRUE;
+ break;
+
case OptionHistory:
{
wchar_t szTmp[8] = {0};
diff --git a/src/Format/VeraCrypt_Wizard.bmp b/src/Format/VeraCrypt_Wizard.bmp
index 27b4b0b..a368a3a 100644
--- a/src/Format/VeraCrypt_Wizard.bmp
+++ b/src/Format/VeraCrypt_Wizard.bmp
Binary files differ
diff --git a/src/Main/CommandLineInterface.cpp b/src/Main/CommandLineInterface.cpp
index 68d308f..b5f18dd 100644
--- a/src/Main/CommandLineInterface.cpp
+++ b/src/Main/CommandLineInterface.cpp
@@ -30,6 +30,11 @@ namespace VeraCrypt
ArgSize (0),
ArgVolumeType (VolumeType::Unknown),
ArgTrueCryptMode (false),
+ ArgDisableFileSizeCheck (false),
+ ArgUseLegacyPassword (false),
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ ArgUseDummySudoPassword (false),
+#endif
StartBackgroundTask (false)
{
wxCmdLineParser parser;
@@ -96,7 +101,11 @@ namespace VeraCrypt
parser.AddOption (L"", L"volume-type", _("Volume type"));
parser.AddParam ( _("Volume path"), wxCMD_LINE_VAL_STRING, wxCMD_LINE_PARAM_OPTIONAL);
parser.AddParam ( _("Mount point"), wxCMD_LINE_VAL_STRING, wxCMD_LINE_PARAM_OPTIONAL);
-
+ parser.AddSwitch (L"", L"no-size-check", _("Disable check of container size against disk free space."));
+ parser.AddSwitch (L"", L"legacy-password-maxlength", _("Use legacy maximum password length (64 UTF-8 bytes)"));
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ parser.AddSwitch (L"", L"use-dummy-sudo-password", _("Use dummy password in sudo to detect if it is already authenticated"));
+#endif
wxString str;
bool param1IsVolume = false;
bool param1IsMountedVolumeSpec = false;
@@ -319,6 +328,8 @@ namespace VeraCrypt
}
else if (str.IsSameAs (L"exFAT", false))
ArgFilesystem = VolumeCreationOptions::FilesystemType::exFAT;
+ else if (str.IsSameAs (L"APFS", false))
+ ArgFilesystem = VolumeCreationOptions::FilesystemType::APFS;
#elif defined (TC_FREEBSD) || defined (TC_SOLARIS)
else if (str.IsSameAs (L"UFS", false))
ArgFilesystem = VolumeCreationOptions::FilesystemType::UFS;
@@ -331,6 +342,11 @@ namespace VeraCrypt
ArgForce = parser.Found (L"force");
ArgTrueCryptMode = parser.Found (L"truecrypt");
+ ArgDisableFileSizeCheck = parser.Found (L"no-size-check");
+ ArgUseLegacyPassword = parser.Found (L"legacy-password-maxlength") || ArgTrueCryptMode;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ ArgUseDummySudoPassword = parser.Found (L"use-dummy-sudo-password");
+#endif
#if !defined(TC_WINDOWS) && !defined(TC_MACOSX)
if (parser.Found (L"fs-options", &str))
@@ -402,7 +418,7 @@ namespace VeraCrypt
ArgNewKeyfiles = ToKeyfileList (str);
if (parser.Found (L"new-password", &str))
- ArgNewPassword = ToUTF8Password (str.c_str());
+ ArgNewPassword = ToUTF8Password (str.c_str(), -1, ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
if (parser.Found (L"new-pim", &str))
{
@@ -441,7 +457,7 @@ namespace VeraCrypt
{
if (Preferences.UseStandardInput)
throw_err (L"--password cannot be used with --stdin");
- ArgPassword = ToUTF8Password (str.c_str());
+ ArgPassword = ToUTF8Password (str.c_str(), -1, ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
}
if (parser.Found (L"pim", &str))
@@ -482,7 +498,7 @@ namespace VeraCrypt
if (parser.Found (L"protection-password", &str))
{
- ArgMountOptions.ProtectionPassword = ToUTF8Password (str.c_str());
+ ArgMountOptions.ProtectionPassword = ToUTF8Password (str.c_str(), -1, ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
ArgMountOptions.Protection = VolumeProtection::HiddenVolumeReadOnly;
}
@@ -596,7 +612,7 @@ namespace VeraCrypt
if (parser.Found (L"token-pin", &str) && !str.IsEmpty ())
{
- ArgTokenPin = ToUTF8Buffer (str.c_str(), str.Len ());
+ ArgTokenPin = ToUTF8Buffer (str.c_str(), str.Len (), ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
}
if (parser.Found (L"verbose"))
@@ -771,18 +787,18 @@ namespace VeraCrypt
return filteredVolumes;
}
- shared_ptr<VolumePassword> ToUTF8Password (const wchar_t* str, size_t charCount)
+ shared_ptr<VolumePassword> ToUTF8Password (const wchar_t* str, size_t charCount, size_t maxUtf8Len)
{
if (charCount > 0)
{
- shared_ptr<SecureBuffer> utf8Buffer = ToUTF8Buffer (str, charCount);
+ shared_ptr<SecureBuffer> utf8Buffer = ToUTF8Buffer (str, charCount, maxUtf8Len);
return shared_ptr<VolumePassword>(new VolumePassword (*utf8Buffer));
}
else
return shared_ptr<VolumePassword>(new VolumePassword ());
}
- shared_ptr<SecureBuffer> ToUTF8Buffer (const wchar_t* str, size_t charCount)
+ shared_ptr<SecureBuffer> ToUTF8Buffer (const wchar_t* str, size_t charCount, size_t maxUtf8Len)
{
if (charCount == (size_t) -1)
charCount = wcslen (str);
@@ -797,8 +813,13 @@ namespace VeraCrypt
ulen = utf8.FromWChar ((char*) (byte*) passwordBuf, ulen, str, charCount);
if (wxCONV_FAILED == ulen)
throw PasswordUTF8Invalid (SRC_POS);
- if (ulen > VolumePassword::MaxSize)
- throw PasswordUTF8TooLong (SRC_POS);
+ if (ulen > maxUtf8Len)
+ {
+ if (maxUtf8Len == VolumePassword::MaxLegacySize)
+ throw PasswordLegacyUTF8TooLong (SRC_POS);
+ else
+ throw PasswordUTF8TooLong (SRC_POS);
+ }
ConstBufferPtr utf8Buffer ((byte*) passwordBuf, ulen);
return shared_ptr<SecureBuffer>(new SecureBuffer (utf8Buffer));
diff --git a/src/Main/CommandLineInterface.h b/src/Main/CommandLineInterface.h
index cc4c317..00dabfd 100644
--- a/src/Main/CommandLineInterface.h
+++ b/src/Main/CommandLineInterface.h
@@ -83,6 +83,11 @@ namespace VeraCrypt
VolumeType::Enum ArgVolumeType;
bool ArgTrueCryptMode;
shared_ptr<SecureBuffer> ArgTokenPin;
+ bool ArgDisableFileSizeCheck;
+ bool ArgUseLegacyPassword;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ bool ArgUseDummySudoPassword;
+#endif
bool StartBackgroundTask;
UserPreferences Preferences;
@@ -97,8 +102,8 @@ namespace VeraCrypt
CommandLineInterface &operator= (const CommandLineInterface &);
};
- shared_ptr<VolumePassword> ToUTF8Password (const wchar_t* str, size_t charCount = (size_t) -1);
- shared_ptr<SecureBuffer> ToUTF8Buffer (const wchar_t* str, size_t charCount = (size_t) -1);
+ shared_ptr<VolumePassword> ToUTF8Password (const wchar_t* str, size_t charCount, size_t maxUtf8Len);
+ shared_ptr<SecureBuffer> ToUTF8Buffer (const wchar_t* str, size_t charCount, size_t maxUtf8Len);
extern auto_ptr <CommandLineInterface> CmdLine;
}
diff --git a/src/Main/Forms/DeviceSelectionDialog.cpp b/src/Main/Forms/DeviceSelectionDialog.cpp
index c3a3d84..c886e18 100644
--- a/src/Main/Forms/DeviceSelectionDialog.cpp
+++ b/src/Main/Forms/DeviceSelectionDialog.cpp
@@ -48,13 +48,31 @@ namespace VeraCrypt
foreach_ref (HostDevice &device, DeviceList)
{
- if (device.Size == 0)
- continue;
-
vector <wstring> fields (DeviceListCtrl->GetColumnCount());
-
+
if (DeviceListCtrl->GetItemCount() > 0)
Gui->AppendToListCtrl (DeviceListCtrl, fields);
+
+ // i.e. /dev/rdisk0 might have size = 0 in case open() fails because, for example on OSX,
+ // SIP is enabled on the machine ;
+ // This does not mean that it does not have partitions that have been successfully opened
+ // and have a size != 0 ;
+ // Therefore, we do not show the device ONLY if it does not have partitions with size != 0 ;
+ if (device.Size == 0)
+ {
+ bool bHasNonEmptyPartition = false;
+ foreach_ref (HostDevice &partition, device.Partitions)
+ {
+ if (partition.Size)
+ {
+ bHasNonEmptyPartition = true;
+ break;
+ }
+ }
+
+ if (!bHasNonEmptyPartition)
+ continue;
+ }
#ifdef TC_WINDOWS
fields[ColumnDevice] = StringFormatter (L"{0} {1}:", _("Harddisk"), device.SystemNumber);
@@ -64,11 +82,20 @@ namespace VeraCrypt
fields[ColumnDevice] = wstring (device.Path) + L":";
fields[ColumnMountPoint] = device.MountPoint;
#endif
- fields[ColumnSize] = Gui->SizeToString (device.Size);
+ // If the size of the device is 0, we do not show the size to avoid confusing the user ;
+ if (device.Size)
+ fields[ColumnSize] = Gui->SizeToString (device.Size);
+ else
+ fields[ColumnSize] = L"";
Gui->AppendToListCtrl (DeviceListCtrl, fields, 0, &device);
foreach_ref (HostDevice &partition, device.Partitions)
{
+ // If a partition's size is 0, there is no need to show it in the list
+ // since this means it is not usable (i.e on OSX, because of SIP enabled in the machine) ;
+ if (!partition.Size)
+ continue;
+
fields[ColumnDevice] =
#ifndef TC_WINDOWS
wstring (L" ") +
@@ -113,7 +140,8 @@ namespace VeraCrypt
void DeviceSelectionDialog::OnListItemSelected (wxListEvent& event)
{
HostDevice *device = (HostDevice *) (event.GetItem().GetData());
- if (device)
+ // If a device's size is 0, we do not enable the 'OK' button since it is not usable
+ if (device && device->Size)
{
SelectedDevice = *device;
StdButtonsOK->Enable();
diff --git a/src/Main/Forms/EncryptionOptionsWizardPage.cpp b/src/Main/Forms/EncryptionOptionsWizardPage.cpp
index e20a659..0d899fb 100644
--- a/src/Main/Forms/EncryptionOptionsWizardPage.cpp
+++ b/src/Main/Forms/EncryptionOptionsWizardPage.cpp
@@ -24,6 +24,9 @@ namespace VeraCrypt
: EncryptionOptionsWizardPageBase (parent)
{
+#ifdef TC_MACOSX
+ EncryptionAlgorithmStaticText->Connect( wxEVT_SIZE, wxSizeEventHandler( EncryptionOptionsWizardPage::HandleOnSize ), NULL, this );
+#endif
EncryptionAlgorithms = EncryptionAlgorithm::GetAvailableAlgorithms();
foreach (shared_ptr <EncryptionAlgorithm> ea, EncryptionAlgorithms)
{
@@ -45,6 +48,21 @@ namespace VeraCrypt
}
+#ifdef TC_MACOSX
+ EncryptionOptionsWizardPage::~EncryptionOptionsWizardPage()
+ {
+ EncryptionAlgorithmStaticText->Disconnect( wxEVT_SIZE, wxSizeEventHandler( EncryptionOptionsWizardPage::HandleOnSize ), NULL, this );
+ }
+
+ void EncryptionOptionsWizardPage::HandleOnSize( wxSizeEvent& event )
+ {
+ int width, height;
+ EncryptionAlgorithmStaticText->GetClientSize (&width, &height);
+ EncryptionAlgorithmStaticText->Wrap (width);
+ event.Skip();
+ }
+#endif
+
shared_ptr <EncryptionAlgorithm> EncryptionOptionsWizardPage::GetEncryptionAlgorithm () const
{
return Gui->GetSelectedData <EncryptionAlgorithm> (EncryptionAlgorithmChoice)->GetNew();
diff --git a/src/Main/Forms/EncryptionOptionsWizardPage.h b/src/Main/Forms/EncryptionOptionsWizardPage.h
index b8d42d7..fbc63f9 100644
--- a/src/Main/Forms/EncryptionOptionsWizardPage.h
+++ b/src/Main/Forms/EncryptionOptionsWizardPage.h
@@ -22,6 +22,9 @@ namespace VeraCrypt
public:
EncryptionOptionsWizardPage (wxPanel* parent);
+#ifdef TC_MACOSX
+ ~EncryptionOptionsWizardPage ();
+#endif
shared_ptr <EncryptionAlgorithm> GetEncryptionAlgorithm () const;
shared_ptr <Hash> GetHash () const;
bool IsValid () { return true; }
@@ -37,6 +40,9 @@ namespace VeraCrypt
void OnHashHyperlinkClick (wxHyperlinkEvent& event);
void OnTestButtonClick (wxCommandEvent& event);
+#ifdef TC_MACOSX
+ void HandleOnSize( wxSizeEvent& event );
+#endif
EncryptionAlgorithmList EncryptionAlgorithms;
HashList Hashes;
};
diff --git a/src/Main/Forms/Forms.cpp b/src/Main/Forms/Forms.cpp
index ad1a3ee..c0a4070 100644
--- a/src/Main/Forms/Forms.cpp
+++ b/src/Main/Forms/Forms.cpp
@@ -328,7 +328,7 @@ MainFrameBase::MainFrameBase( wxWindow* parent, wxWindowID id, const wxString& t
VolumeStaticBoxSizer->Add( VolumeGridBagSizer, 1, wxEXPAND|wxALL, 4 );
- LowStaticBoxSizer->Add( VolumeStaticBoxSizer, 1, wxEXPAND, 5 );
+ LowStaticBoxSizer->Add( VolumeStaticBoxSizer, 1, wxEXPAND|wxALL, 5 );
LowStaticBoxSizer->Add( 0, 0, 0, 0, 5 );
@@ -344,46 +344,49 @@ MainFrameBase::MainFrameBase( wxWindow* parent, wxWindowID id, const wxString& t
VolumeButton->SetDefault();
VolumeButton->SetMinSize( wxSize( -1,32 ) );
- sbSizer4->Add( VolumeButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP, 2 );
+ sbSizer4->Add( VolumeButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL, 2 );
gSizer2->Add( sbSizer4, 1, wxEXPAND, 0 );
wxStaticBoxSizer* sbSizer41;
sbSizer41 = new wxStaticBoxSizer( new wxStaticBox( MainPanel, wxID_ANY, wxEmptyString ), wxVERTICAL );
+ sbSizer41->SetMinSize( wxSize( 139,-1 ) );
MountAllDevicesButton = new wxButton( MainPanel, wxID_ANY, _("&Auto-Mount Devices"), wxDefaultPosition, wxDefaultSize, 0 );
MountAllDevicesButton->SetMinSize( wxSize( -1,32 ) );
- sbSizer41->Add( MountAllDevicesButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP, 2 );
+ sbSizer41->Add( MountAllDevicesButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL, 2 );
- gSizer2->Add( sbSizer41, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND, 5 );
+ gSizer2->Add( sbSizer41, 1, wxEXPAND, 5 );
wxStaticBoxSizer* sbSizer42;
sbSizer42 = new wxStaticBoxSizer( new wxStaticBox( MainPanel, wxID_ANY, wxEmptyString ), wxVERTICAL );
+ sbSizer42->SetMinSize( wxSize( 139,-1 ) );
DismountAllButton = new wxButton( MainPanel, wxID_ANY, _("Di&smount All"), wxDefaultPosition, wxDefaultSize, 0 );
DismountAllButton->SetMinSize( wxSize( -1,32 ) );
- sbSizer42->Add( DismountAllButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP, 2 );
+ sbSizer42->Add( DismountAllButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL, 2 );
- gSizer2->Add( sbSizer42, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND, 5 );
+ gSizer2->Add( sbSizer42, 1, wxEXPAND, 5 );
wxStaticBoxSizer* sbSizer43;
sbSizer43 = new wxStaticBoxSizer( new wxStaticBox( MainPanel, wxID_ANY, wxEmptyString ), wxVERTICAL );
+ sbSizer43->SetMinSize( wxSize( 139,-1 ) );
ExitButton = new wxButton( MainPanel, wxID_ANY, _("E&xit"), wxDefaultPosition, wxDefaultSize, 0 );
ExitButton->SetMinSize( wxSize( -1,32 ) );
- sbSizer43->Add( ExitButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP, 2 );
+ sbSizer43->Add( ExitButton, 1, wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL, 2 );
- gSizer2->Add( sbSizer43, 1, wxALIGN_RIGHT|wxEXPAND, 5 );
+ gSizer2->Add( sbSizer43, 1, wxEXPAND, 5 );
- LowStaticBoxSizer->Add( gSizer2, 0, wxEXPAND, 5 );
+ LowStaticBoxSizer->Add( gSizer2, 0, wxEXPAND|wxALL, 5 );
bSizer48->Add( LowStaticBoxSizer, 0, wxEXPAND, 5 );
diff --git a/src/Main/Forms/KeyfilesPanel.cpp b/src/Main/Forms/KeyfilesPanel.cpp
index 71077e8..c1f26d8 100644
--- a/src/Main/Forms/KeyfilesPanel.cpp
+++ b/src/Main/Forms/KeyfilesPanel.cpp
@@ -59,10 +59,8 @@ namespace VeraCrypt
SetDropTarget (new FileDropTarget (this));
KeyfilesListCtrl->SetDropTarget (new FileDropTarget (this));
-#ifdef TC_MACOSX
foreach (wxWindow *c, GetChildren())
c->SetDropTarget (new FileDropTarget (this));
-#endif
UpdateButtons();
}
diff --git a/src/Main/Forms/MainFrame.cpp b/src/Main/Forms/MainFrame.cpp
index ad5bf5b..9abe255 100644
--- a/src/Main/Forms/MainFrame.cpp
+++ b/src/Main/Forms/MainFrame.cpp
@@ -393,10 +393,8 @@ namespace VeraCrypt
};
SetDropTarget (new FileDropTarget (this));
-#ifdef TC_MACOSX
foreach (wxWindow *c, MainPanel->GetChildren())
c->SetDropTarget (new FileDropTarget (this));
-#endif
// Volume history
VolumeHistory::ConnectComboBox (VolumePathComboBox);
diff --git a/src/Main/Forms/TrueCrypt.fbp b/src/Main/Forms/TrueCrypt.fbp
index 7509f1e..d512ce8 100644
--- a/src/Main/Forms/TrueCrypt.fbp
+++ b/src/Main/Forms/TrueCrypt.fbp
@@ -1373,7 +1373,7 @@
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
- <property name="flag">wxEXPAND</property>
+ <property name="flag">wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxStaticBoxSizer" expanded="1">
<property name="id">wxID_ANY</property>
@@ -1989,7 +1989,7 @@
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
- <property name="flag">wxEXPAND</property>
+ <property name="flag">wxEXPAND|wxALL</property>
<property name="proportion">0</property>
<object class="wxGridSizer" expanded="1">
<property name="cols">4</property>
@@ -2013,7 +2013,7 @@
<event name="OnUpdateUI"></event>
<object class="sizeritem" expanded="1">
<property name="border">2</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP</property>
+ <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxButton" expanded="1">
<property name="BottomDockable">1</property>
@@ -2103,19 +2103,19 @@
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND</property>
+ <property name="flag">wxEXPAND</property>
<property name="proportion">1</property>
<object class="wxStaticBoxSizer" expanded="1">
<property name="id">wxID_ANY</property>
<property name="label"></property>
- <property name="minimum_size">-1,-1</property>
+ <property name="minimum_size">139,-1</property>
<property name="name">sbSizer41</property>
<property name="orient">wxVERTICAL</property>
<property name="permission">none</property>
<event name="OnUpdateUI"></event>
<object class="sizeritem" expanded="1">
<property name="border">2</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP</property>
+ <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxButton" expanded="1">
<property name="BottomDockable">1</property>
@@ -2205,19 +2205,19 @@
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND</property>
+ <property name="flag">wxEXPAND</property>
<property name="proportion">1</property>
<object class="wxStaticBoxSizer" expanded="1">
<property name="id">wxID_ANY</property>
<property name="label"></property>
- <property name="minimum_size">-1,-1</property>
+ <property name="minimum_size">139,-1</property>
<property name="name">sbSizer42</property>
<property name="orient">wxVERTICAL</property>
<property name="permission">none</property>
<event name="OnUpdateUI"></event>
<object class="sizeritem" expanded="1">
<property name="border">2</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP</property>
+ <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxButton" expanded="1">
<property name="BottomDockable">1</property>
@@ -2307,19 +2307,19 @@
</object>
<object class="sizeritem" expanded="1">
<property name="border">5</property>
- <property name="flag">wxALIGN_RIGHT|wxEXPAND</property>
+ <property name="flag">wxEXPAND</property>
<property name="proportion">1</property>
<object class="wxStaticBoxSizer" expanded="1">
<property name="id">wxID_ANY</property>
<property name="label"></property>
- <property name="minimum_size">-1,-1</property>
+ <property name="minimum_size">139,-1</property>
<property name="name">sbSizer43</property>
<property name="orient">wxVERTICAL</property>
<property name="permission">none</property>
<event name="OnUpdateUI"></event>
<object class="sizeritem" expanded="1">
<property name="border">2</property>
- <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxTOP</property>
+ <property name="flag">wxALIGN_CENTER_HORIZONTAL|wxEXPAND|wxALL</property>
<property name="proportion">1</property>
<object class="wxButton" expanded="1">
<property name="BottomDockable">1</property>
diff --git a/src/Main/Forms/VolumeCreationWizard.cpp b/src/Main/Forms/VolumeCreationWizard.cpp
index b28b1c3..b6d60f4 100644
--- a/src/Main/Forms/VolumeCreationWizard.cpp
+++ b/src/Main/Forms/VolumeCreationWizard.cpp
@@ -175,7 +175,7 @@ namespace VeraCrypt
else if (SelectedVolumeType == VolumeType::Hidden)
{
pageTitle = LangString["SIZE_HIDVOL_TITLE"];
- pageText = LangString["SIZE_HELP_HIDDEN_VOL"] + L"\n\n" + _("Please note that if your operating system does not allocate files from the beginning of the free space, the maximum possible hidden volume size may be much smaller than the size of the free space on the outer volume. This not a bug in VeraCrypt but a limitation of the operating system.");
+ pageText = LangString["SIZE_HELP_HIDDEN_VOL"] + L"\n\n" + _("Please note that if your operating system does not allocate files from the beginning of the free space, the maximum possible hidden volume size may be much smaller than the size of the free space on the outer volume. This is not a bug in VeraCrypt but a limitation of the operating system.");
freeSpaceText = StringFormatter (_("Maximum possible hidden volume size for this volume is {0}."), Gui->SizeToString (MaxHiddenVolumeSize));
}
else
@@ -475,6 +475,7 @@ namespace VeraCrypt
#elif defined (TC_MACOSX)
case VolumeCreationOptions::FilesystemType::MacOsExt: fsFormatter = "newfs_hfs"; break;
case VolumeCreationOptions::FilesystemType::exFAT: fsFormatter = "newfs_exfat"; break;
+ case VolumeCreationOptions::FilesystemType::APFS: fsFormatter = "newfs_apfs"; break;
#elif defined (TC_FREEBSD) || defined (TC_SOLARIS)
case VolumeCreationOptions::FilesystemType::UFS: fsFormatter = "newfs" ; break;
#endif
diff --git a/src/Main/Forms/VolumeFormatOptionsWizardPage.cpp b/src/Main/Forms/VolumeFormatOptionsWizardPage.cpp
index ec0d778..3865705 100644
--- a/src/Main/Forms/VolumeFormatOptionsWizardPage.cpp
+++ b/src/Main/Forms/VolumeFormatOptionsWizardPage.cpp
@@ -13,6 +13,7 @@
#include "System.h"
#include "Main/GraphicUserInterface.h"
#include "VolumeFormatOptionsWizardPage.h"
+#include <wx/platinfo.h>
namespace VeraCrypt
{
@@ -40,6 +41,8 @@ namespace VeraCrypt
#elif defined (TC_MACOSX)
FilesystemTypeChoice->Append (L"Mac OS Extended", (void *) VolumeCreationOptions::FilesystemType::MacOsExt);
FilesystemTypeChoice->Append (L"exFAT", (void *) VolumeCreationOptions::FilesystemType::exFAT);
+ if (wxPlatformInfo::Get().CheckOSVersion (10, 13))
+ FilesystemTypeChoice->Append (L"APFS", (void *) VolumeCreationOptions::FilesystemType::APFS);
#elif defined (TC_FREEBSD) || defined (TC_SOLARIS)
FilesystemTypeChoice->Append (L"UFS", (void *) VolumeCreationOptions::FilesystemType::UFS);
#endif
@@ -81,6 +84,7 @@ namespace VeraCrypt
case VolumeCreationOptions::FilesystemType::Ext3: FilesystemTypeChoice->SetStringSelection (L"Linux Ext3"); break;
case VolumeCreationOptions::FilesystemType::Ext4: FilesystemTypeChoice->SetStringSelection (L"Linux Ext4"); break;
case VolumeCreationOptions::FilesystemType::MacOsExt: FilesystemTypeChoice->SetStringSelection (L"Mac OS Extended"); break;
+ case VolumeCreationOptions::FilesystemType::APFS: FilesystemTypeChoice->SetStringSelection (L"APFS"); break;
case VolumeCreationOptions::FilesystemType::UFS: FilesystemTypeChoice->SetStringSelection (L"UFS"); break;
default:
diff --git a/src/Main/Forms/VolumePasswordPanel.cpp b/src/Main/Forms/VolumePasswordPanel.cpp
index 2859762..ac30075 100644
--- a/src/Main/Forms/VolumePasswordPanel.cpp
+++ b/src/Main/Forms/VolumePasswordPanel.cpp
@@ -21,6 +21,7 @@ namespace VeraCrypt
VolumePasswordPanel::VolumePasswordPanel (wxWindow* parent, MountOptions* options, shared_ptr <VolumePassword> password, bool disableTruecryptMode, shared_ptr <KeyfileList> keyfiles, bool enableCache, bool enablePassword, bool enableKeyfiles, bool enableConfirmation, bool enablePkcs5Prf, bool isMountPassword, const wxString &passwordLabel)
: VolumePasswordPanelBase (parent), Keyfiles (new KeyfileList), EnablePimEntry (true)
{
+ size_t maxPasswordLength = CmdLine->ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize;
if (keyfiles)
{
*Keyfiles = *keyfiles;
@@ -32,8 +33,8 @@ namespace VeraCrypt
UseKeyfilesCheckBox->SetValue (Gui->GetPreferences().UseKeyfiles && !Keyfiles->empty());
}
- PasswordTextCtrl->SetMaxLength (VolumePassword::MaxSize);
- ConfirmPasswordTextCtrl->SetMaxLength (VolumePassword::MaxSize);
+ PasswordTextCtrl->SetMaxLength (maxPasswordLength);
+ ConfirmPasswordTextCtrl->SetMaxLength (maxPasswordLength);
if (!passwordLabel.empty())
{
@@ -159,10 +160,8 @@ namespace VeraCrypt
if (enableKeyfiles)
{
SetDropTarget (new FileDropTarget (this));
-#ifdef TC_MACOSX
foreach (wxWindow *c, GetChildren())
c->SetDropTarget (new FileDropTarget (this));
-#endif
}
Layout();
@@ -197,9 +196,10 @@ namespace VeraCrypt
FreezeScope freeze (this);
bool isPim = (*textCtrl == VolumePimTextCtrl);
int colspan = isPim? 1 : 2;
+ size_t maxPasswordLength = CmdLine->ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize;
wxTextCtrl *newTextCtrl = new wxTextCtrl (this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, display ? 0 : wxTE_PASSWORD);
- newTextCtrl->SetMaxLength (isPim? MAX_PIM_DIGITS : VolumePassword::MaxSize);
+ newTextCtrl->SetMaxLength (isPim? MAX_PIM_DIGITS : maxPasswordLength);
newTextCtrl->SetValue ((*textCtrl)->GetValue());
newTextCtrl->SetMinSize ((*textCtrl)->GetSize());
@@ -228,12 +228,12 @@ namespace VeraCrypt
{
shared_ptr <VolumePassword> password;
wchar_t passwordBuf[VolumePassword::MaxSize + 1];
- size_t maxPasswordLength = bLegacyPassword? VolumePassword::MaxLegacySize: VolumePassword::MaxSize;
+ size_t maxPasswordLength = (bLegacyPassword || CmdLine->ArgUseLegacyPassword)? VolumePassword::MaxLegacySize: VolumePassword::MaxSize;
finally_do_arg (BufferPtr, BufferPtr (reinterpret_cast <byte *> (passwordBuf), sizeof (passwordBuf)), { finally_arg.Erase(); });
#ifdef TC_WINDOWS
int len = GetWindowText (static_cast <HWND> (textCtrl->GetHandle()), passwordBuf, VolumePassword::MaxSize + 1);
- password = ToUTF8Password (passwordBuf, len);
+ password = ToUTF8Password (passwordBuf, len, maxPasswordLength);
#else
wxString passwordStr (textCtrl->GetValue()); // A copy of the password is created here by wxWidgets, which cannot be erased
for (size_t i = 0; i < passwordStr.size() && i < maxPasswordLength; ++i)
@@ -241,7 +241,7 @@ namespace VeraCrypt
passwordBuf[i] = (wchar_t) passwordStr[i];
passwordStr[i] = L'X';
}
- password = ToUTF8Password (passwordBuf, passwordStr.size() <= maxPasswordLength ? passwordStr.size() : maxPasswordLength);
+ password = ToUTF8Password (passwordBuf, passwordStr.size() <= maxPasswordLength ? passwordStr.size() : maxPasswordLength, maxPasswordLength);
#endif
return password;
}
diff --git a/src/Main/Forms/VolumeSizeWizardPage.cpp b/src/Main/Forms/VolumeSizeWizardPage.cpp
index f404441..3781b05 100644
--- a/src/Main/Forms/VolumeSizeWizardPage.cpp
+++ b/src/Main/Forms/VolumeSizeWizardPage.cpp
@@ -21,7 +21,8 @@ namespace VeraCrypt
MaxVolumeSize (0),
MaxVolumeSizeValid (false),
MinVolumeSize (1),
- SectorSize (sectorSize)
+ SectorSize (sectorSize),
+ AvailableDiskSpace (0)
{
VolumeSizePrefixChoice->Append (LangString["KB"], reinterpret_cast <void *> (1024));
VolumeSizePrefixChoice->Append (LangString["MB"], reinterpret_cast <void *> (1024 * 1024));
@@ -34,6 +35,10 @@ namespace VeraCrypt
VolumeSizeTextCtrl->Disable();
VolumeSizeTextCtrl->SetValue (L"");
}
+ else
+ {
+ AvailableDiskSpace = (uint64) diskSpace.GetValue ();
+ }
FreeSpaceStaticText->SetFont (Gui->GetDefaultBoldFont (this));
@@ -97,7 +102,8 @@ namespace VeraCrypt
{
try
{
- if (GetVolumeSize() >= MinVolumeSize && (!MaxVolumeSizeValid || GetVolumeSize() <= MaxVolumeSize))
+ uint64 uiVolumeSize = GetVolumeSize();
+ if (uiVolumeSize >= MinVolumeSize && (!MaxVolumeSizeValid || uiVolumeSize <= MaxVolumeSize) && (CmdLine->ArgDisableFileSizeCheck || !AvailableDiskSpace || uiVolumeSize <= AvailableDiskSpace))
return true;
}
catch (...) { }
diff --git a/src/Main/Forms/VolumeSizeWizardPage.h b/src/Main/Forms/VolumeSizeWizardPage.h
index e12a5a7..aac41f9 100644
--- a/src/Main/Forms/VolumeSizeWizardPage.h
+++ b/src/Main/Forms/VolumeSizeWizardPage.h
@@ -49,6 +49,7 @@ namespace VeraCrypt
bool MaxVolumeSizeValid;
uint64 MinVolumeSize;
uint32 SectorSize;
+ uint64 AvailableDiskSpace;
};
}
diff --git a/src/Main/Forms/WaitDialog.cpp b/src/Main/Forms/WaitDialog.cpp
index d3372db..2976a6e 100644
--- a/src/Main/Forms/WaitDialog.cpp
+++ b/src/Main/Forms/WaitDialog.cpp
@@ -38,12 +38,14 @@ namespace VeraCrypt
VC_CONVERT_EXCEPTION (PasswordEmpty);
VC_CONVERT_EXCEPTION (PasswordTooLong);
VC_CONVERT_EXCEPTION (PasswordUTF8TooLong);
+ VC_CONVERT_EXCEPTION (PasswordLegacyUTF8TooLong);
VC_CONVERT_EXCEPTION (PasswordUTF8Invalid);
VC_CONVERT_EXCEPTION (UnportablePassword);
VC_CONVERT_EXCEPTION (ElevationFailed);
VC_CONVERT_EXCEPTION (RootDeviceUnavailable);
VC_CONVERT_EXCEPTION (DriveLetterUnavailable);
VC_CONVERT_EXCEPTION (DriverError);
+ VC_CONVERT_EXCEPTION (DeviceSectorSizeMismatch);
VC_CONVERT_EXCEPTION (EncryptedSystemRequired);
VC_CONVERT_EXCEPTION (HigherFuseVersionRequired);
VC_CONVERT_EXCEPTION (KernelCryptoServiceTestFailed);
diff --git a/src/Main/GraphicUserInterface.cpp b/src/Main/GraphicUserInterface.cpp
index 99b2caa..b7b4cf4 100755
--- a/src/Main/GraphicUserInterface.cpp
+++ b/src/Main/GraphicUserInterface.cpp
@@ -1309,7 +1309,7 @@ namespace VeraCrypt
#elif defined (TC_MACOSX)
htmlPath += L"/../Resources/doc/HTML/";
#elif defined (TC_UNIX)
- htmlPath = L"/usr/share/veracrypt/doc/HTML/";
+ htmlPath = L"/usr/share/doc/veracrypt/HTML/";
#else
localFile = false;
#endif
diff --git a/src/Main/LanguageStrings.cpp b/src/Main/LanguageStrings.cpp
index 93f9823..efc1bfe 100644
--- a/src/Main/LanguageStrings.cpp
+++ b/src/Main/LanguageStrings.cpp
@@ -75,7 +75,7 @@ namespace VeraCrypt
Map["CHECKING_FS"] = _("Checking the file system on the VeraCrypt volume mounted as {0}...");
Map["REPAIRING_FS"] = _("Attempting to repair the file system on the VeraCrypt volume mounted as {0}...");
Map["UNMOUNT_LOCK_FAILED"] = _("Volume \"{0}\" contains files or folders being used by applications or system.\n\nForce dismount?");
- Map["VOLUME_SIZE_HELP"] = _("Please specify the size of the container to create. Note that the minimum possible size of a volume is 292 KB.");
+ Map["VOLUME_SIZE_HELP"] = _("Please specify the size of the container to create. Note that the minimum possible size of a volume is 292 KiB.");
Map["ENCRYPTION_MODE_NOT_SUPPORTED_BY_KERNEL"] = _("The volume you have mounted uses a mode of operation that is not supported by the Linux kernel. You may experience slow performance when using this volume. To achieve full performance, you should move the data from this volume to a new volume created by VeraCrypt 5.0 or later.");
}
diff --git a/src/Main/Main.make b/src/Main/Main.make
index 581eb34..a154a84 100755
--- a/src/Main/Main.make
+++ b/src/Main/Main.make
@@ -191,74 +191,89 @@ prepare: $(APPNAME)
ifeq "$(TC_BUILD_CONFIG)" "Release"
ifdef TC_NO_GUI
- cp $(PWD)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)_console
+ cp $(BASE_DIR)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)_console
else
- cp $(PWD)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)
+ cp $(BASE_DIR)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)
endif
else
ifdef TC_NO_GUI
- -rm -f $(PWD)/Main/$(APPNAME)_console
- cp $(PWD)/Main/$(APPNAME) $(PWD)/Main/$(APPNAME)_console
- -ln -sf $(PWD)/Main/$(APPNAME)_console $(APPNAME).app/Contents/MacOS/$(APPNAME)_console
+ -rm -f $(BASE_DIR)/Main/$(APPNAME)_console
+ cp $(BASE_DIR)/Main/$(APPNAME) $(BASE_DIR)/Main/$(APPNAME)_console
+ -ln -sf $(BASE_DIR)/Main/$(APPNAME)_console $(APPNAME).app/Contents/MacOS/$(APPNAME)_console
else
- -ln -sf $(PWD)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)
+ -ln -sf $(BASE_DIR)/Main/$(APPNAME) $(APPNAME).app/Contents/MacOS/$(APPNAME)
endif
endif
- cp $(PWD)/Resources/Icons/VeraCrypt.icns $(APPNAME).app/Contents/Resources
- cp $(PWD)/Resources/Icons/VeraCrypt_Volume.icns $(APPNAME).app/Contents/Resources
- cp $(PWD)/../doc/html/* $(APPNAME).app/Contents/Resources/doc/HTML
+ cp $(BASE_DIR)/Resources/Icons/VeraCrypt.icns $(APPNAME).app/Contents/Resources
+ cp $(BASE_DIR)/Resources/Icons/VeraCrypt_Volume.icns $(APPNAME).app/Contents/Resources
+ cp $(BASE_DIR)/../doc/html/* $(APPNAME).app/Contents/Resources/doc/HTML
echo -n APPLTRUE >$(APPNAME).app/Contents/PkgInfo
+ifdef VC_LEGACY_BUILD
+ sed -e 's/_VERSION_/$(patsubst %a,%.1,$(patsubst %b,%.2,$(TC_VERSION)))/' ../Build/Resources/MacOSX/Info.plist.legacy.xml >$(APPNAME).app/Contents/Info.plist
+else
sed -e 's/_VERSION_/$(patsubst %a,%.1,$(patsubst %b,%.2,$(TC_VERSION)))/' ../Build/Resources/MacOSX/Info.plist.xml >$(APPNAME).app/Contents/Info.plist
+endif
codesign -s "Developer ID Application: IDRIX (Z933746L2S)" --timestamp $(APPNAME).app
install: prepare
cp -R $(APPNAME).app /Applications/.
package: prepare
- /usr/local/bin/packagesbuild $(PWD)/Setup/MacOSX/veracrypt.pkgproj
- productsign --sign "Developer ID Installer: IDRIX (Z933746L2S)" --timestamp "$(PWD)/Setup/MacOSX/VeraCrypt $(TC_VERSION).pkg" $(PWD)/Setup/MacOSX/VeraCrypt_$(TC_VERSION).pkg
+ifdef VC_LEGACY_BUILD
+ /usr/local/bin/packagesbuild $(BASE_DIR)/Setup/MacOSX/veracrypt_Legacy.pkgproj
+ productsign --sign "Developer ID Installer: IDRIX (Z933746L2S)" --timestamp "$(BASE_DIR)/Setup/MacOSX/VeraCrypt Legacy $(TC_VERSION).pkg" $(BASE_DIR)/Setup/MacOSX/VeraCrypt_$(TC_VERSION).pkg
+ rm -f $(APPNAME)_Legacy_$(TC_VERSION).dmg
+else
+ /usr/local/bin/packagesbuild $(BASE_DIR)/Setup/MacOSX/veracrypt.pkgproj
+ productsign --sign "Developer ID Installer: IDRIX (Z933746L2S)" --timestamp "$(BASE_DIR)/Setup/MacOSX/VeraCrypt $(TC_VERSION).pkg" $(BASE_DIR)/Setup/MacOSX/VeraCrypt_$(TC_VERSION).pkg
rm -f $(APPNAME)_$(TC_VERSION).dmg
- rm -f "$(PWD)/Setup/MacOSX/template.dmg"
- rm -fr "$(PWD)/Setup/MacOSX/VeraCrypt_dmg"
- mkdir -p "$(PWD)/Setup/MacOSX/VeraCrypt_dmg"
- bunzip2 -k -f "$(PWD)/Setup/MacOSX/template.dmg.bz2"
- hdiutil attach "$(PWD)/Setup/MacOSX/template.dmg" -noautoopen -quiet -mountpoint "$(PWD)/Setup/MacOSX/VeraCrypt_dmg"
- cp "$(PWD)/Setup/MacOSX/VeraCrypt_$(TC_VERSION).pkg" "$(PWD)/Setup/MacOSX/VeraCrypt_dmg/VeraCrypt_Installer.pkg"
- hdiutil detach "$(PWD)/Setup/MacOSX/VeraCrypt_dmg" -quiet -force
- hdiutil convert "$(PWD)/Setup/MacOSX/template.dmg" -quiet -format UDZO -imagekey zlib-level=9 -o $(APPNAME)_$(TC_VERSION).dmg
- rm -f "$(PWD)/Setup/MacOSX/template.dmg"
- rm -fr "$(PWD)/Setup/MacOSX/VeraCrypt_dmg"
+endif
+ rm -f "$(BASE_DIR)/Setup/MacOSX/template.dmg"
+ rm -fr "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg"
+ mkdir -p "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg"
+ bunzip2 -k -f "$(BASE_DIR)/Setup/MacOSX/template.dmg.bz2"
+ hdiutil attach "$(BASE_DIR)/Setup/MacOSX/template.dmg" -noautoopen -quiet -mountpoint "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg"
+ cp "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_$(TC_VERSION).pkg" "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg/VeraCrypt_Installer.pkg"
+ hdiutil detach "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg" -quiet -force
+ifdef VC_LEGACY_BUILD
+ hdiutil convert "$(BASE_DIR)/Setup/MacOSX/template.dmg" -quiet -format UDZO -imagekey zlib-level=9 -o $(APPNAME)_Legacy_$(TC_VERSION).dmg
+else
+ hdiutil convert "$(BASE_DIR)/Setup/MacOSX/template.dmg" -quiet -format UDZO -imagekey zlib-level=9 -o $(APPNAME)_$(TC_VERSION).dmg
+endif
+ rm -f "$(BASE_DIR)/Setup/MacOSX/template.dmg"
+ rm -fr "$(BASE_DIR)/Setup/MacOSX/VeraCrypt_dmg"
endif
ifeq "$(PLATFORM)" "Linux"
prepare: $(APPNAME)
- rm -fr $(PWD)/Setup/Linux/usr
- mkdir -p $(PWD)/Setup/Linux/usr/bin
- mkdir -p $(PWD)/Setup/Linux/usr/share/$(APPNAME)/doc/HTML
- cp $(PWD)/Main/$(APPNAME) $(PWD)/Setup/Linux/usr/bin/$(APPNAME)
- cp $(PWD)/Setup/Linux/$(APPNAME)-uninstall.sh $(PWD)/Setup/Linux/usr/bin/$(APPNAME)-uninstall.sh
- chmod +x $(PWD)/Setup/Linux/usr/bin/$(APPNAME)-uninstall.sh
- cp $(PWD)/License.txt $(PWD)/Setup/Linux/usr/share/$(APPNAME)/doc/License.txt
- cp $(PWD)/../doc/html/* "$(PWD)/Setup/Linux/usr/share/$(APPNAME)/doc/HTML"
+ rm -fr $(BASE_DIR)/Setup/Linux/usr
+ mkdir -p $(BASE_DIR)/Setup/Linux/usr/bin
+ mkdir -p $(BASE_DIR)/Setup/Linux/usr/share/doc/$(APPNAME)/HTML
+ cp $(BASE_DIR)/Main/$(APPNAME) $(BASE_DIR)/Setup/Linux/usr/bin/$(APPNAME)
+ cp $(BASE_DIR)/Setup/Linux/$(APPNAME)-uninstall.sh $(BASE_DIR)/Setup/Linux/usr/bin/$(APPNAME)-uninstall.sh
+ chmod +x $(BASE_DIR)/Setup/Linux/usr/bin/$(APPNAME)-uninstall.sh
+ cp $(BASE_DIR)/License.txt $(BASE_DIR)/Setup/Linux/usr/share/doc/$(APPNAME)/License.txt
+ cp $(BASE_DIR)/../doc/html/* "$(BASE_DIR)/Setup/Linux/usr/share/doc/$(APPNAME)/HTML"
ifndef TC_NO_GUI
- mkdir -p $(PWD)/Setup/Linux/usr/share/applications
- mkdir -p $(PWD)/Setup/Linux/usr/share/pixmaps
- cp $(PWD)/Resources/Icons/VeraCrypt-256x256.xpm $(PWD)/Setup/Linux/usr/share/pixmaps/$(APPNAME).xpm
- cp $(PWD)/Setup/Linux/$(APPNAME).desktop $(PWD)/Setup/Linux/usr/share/applications/$(APPNAME).desktop
+ mkdir -p $(BASE_DIR)/Setup/Linux/usr/share/applications
+ mkdir -p $(BASE_DIR)/Setup/Linux/usr/share/pixmaps
+ cp $(BASE_DIR)/Resources/Icons/VeraCrypt-256x256.xpm $(BASE_DIR)/Setup/Linux/usr/share/pixmaps/$(APPNAME).xpm
+ cp $(BASE_DIR)/Setup/Linux/$(APPNAME).desktop $(BASE_DIR)/Setup/Linux/usr/share/applications/$(APPNAME).desktop
endif
install: prepare
- cp -R $(CURDIR)/Setup/Linux/usr $(DESTDIR)/.
+ mkdir -p $(DESTDIR)
+ cp -R $(BASE_DIR)/Setup/Linux/usr $(DESTDIR)/
ifeq "$(TC_BUILD_CONFIG)" "Release"
package: prepare
- tar cfz $(PWD)/Setup/Linux/$(PACKAGE_NAME) --directory $(PWD)/Setup/Linux usr
+ tar cfz $(BASE_DIR)/Setup/Linux/$(PACKAGE_NAME) --directory $(BASE_DIR)/Setup/Linux usr
@rm -fr $(INTERNAL_INSTALLER_NAME)
@echo "#!/bin/sh" > $(INTERNAL_INSTALLER_NAME)
@@ -268,14 +283,14 @@ package: prepare
@echo "PACKAGE_START=1107" >> $(INTERNAL_INSTALLER_NAME)
@echo "INSTALLER_TYPE=$(INSTALLER_TYPE)" >> $(INTERNAL_INSTALLER_NAME)
- @cat $(PWD)/Setup/Linux/veracrypt_install_template.sh >> $(INTERNAL_INSTALLER_NAME)
- @cat $(PWD)/Setup/Linux/$(PACKAGE_NAME) >> $(INTERNAL_INSTALLER_NAME)
+ @cat $(BASE_DIR)/Setup/Linux/veracrypt_install_template.sh >> $(INTERNAL_INSTALLER_NAME)
+ @cat $(BASE_DIR)/Setup/Linux/$(PACKAGE_NAME) >> $(INTERNAL_INSTALLER_NAME)
chmod +x $(INTERNAL_INSTALLER_NAME)
- rm -fr $(PWD)/Setup/Linux/packaging
- mkdir -p $(PWD)/Setup/Linux/packaging
- cp $(INTERNAL_INSTALLER_NAME) $(PWD)/Setup/Linux/packaging/.
- makeself $(PWD)/Setup/Linux/packaging $(PWD)/Setup/Linux/$(INSTALLER_NAME) "VeraCrypt $(TC_VERSION) Installer" ./$(INTERNAL_INSTALLER_NAME)
+ rm -fr $(BASE_DIR)/Setup/Linux/packaging
+ mkdir -p $(BASE_DIR)/Setup/Linux/packaging
+ cp $(INTERNAL_INSTALLER_NAME) $(BASE_DIR)/Setup/Linux/packaging/.
+ makeself $(BASE_DIR)/Setup/Linux/packaging $(BASE_DIR)/Setup/Linux/$(INSTALLER_NAME) "VeraCrypt $(TC_VERSION) Installer" ./$(INTERNAL_INSTALLER_NAME)
endif
@@ -283,31 +298,32 @@ endif
ifeq "$(PLATFORM)" "FreeBSD"
prepare: $(APPNAME)
- rm -fr $(PWD)/Setup/FreeBSD/usr
- mkdir -p $(PWD)/Setup/FreeBSD/usr/bin
- mkdir -p $(PWD)/Setup/FreeBSD/usr/share/$(APPNAME)/doc/HTML
- cp $(PWD)/Main/$(APPNAME) $(PWD)/Setup/FreeBSD/usr/bin/$(APPNAME)
- cp $(PWD)/Setup/Linux/$(APPNAME)-uninstall.sh $(PWD)/Setup/FreeBSD/usr/bin/$(APPNAME)-uninstall.sh
- chmod +x $(PWD)/Setup/FreeBSD/usr/bin/$(APPNAME)-uninstall.sh
- cp $(PWD)/License.txt $(PWD)/Setup/FreeBSD/usr/share/$(APPNAME)/doc/License.txt
- cp $(PWD)/../doc/html/* "$(PWD)/Setup/FreeBSD/usr/share/$(APPNAME)/doc/HTML"
+ rm -fr $(BASE_DIR)/Setup/FreeBSD/usr
+ mkdir -p $(BASE_DIR)/Setup/FreeBSD/usr/bin
+ mkdir -p $(BASE_DIR)/Setup/FreeBSD/usr/share/doc/$(APPNAME)/HTML
+ cp $(BASE_DIR)/Main/$(APPNAME) $(BASE_DIR)/Setup/FreeBSD/usr/bin/$(APPNAME)
+ cp $(BASE_DIR)/Setup/Linux/$(APPNAME)-uninstall.sh $(BASE_DIR)/Setup/FreeBSD/usr/bin/$(APPNAME)-uninstall.sh
+ chmod +x $(BASE_DIR)/Setup/FreeBSD/usr/bin/$(APPNAME)-uninstall.sh
+ cp $(BASE_DIR)/License.txt $(BASE_DIR)/Setup/FreeBSD/usr/share/doc/$(APPNAME)/License.txt
+ cp $(BASE_DIR)/../doc/html/* "$(BASE_DIR)/Setup/FreeBSD/usr/share/doc/$(APPNAME)/HTML"
ifndef TC_NO_GUI
- mkdir -p $(PWD)/Setup/FreeBSD/usr/share/applications
- mkdir -p $(PWD)/Setup/FreeBSD/usr/share/pixmaps
- cp $(PWD)/Resources/Icons/VeraCrypt-256x256.xpm $(PWD)/Setup/FreeBSD/usr/share/pixmaps/$(APPNAME).xpm
- cp $(PWD)/Setup/Linux/$(APPNAME).desktop $(PWD)/Setup/FreeBSD/usr/share/applications/$(APPNAME).desktop
+ mkdir -p $(BASE_DIR)/Setup/FreeBSD/usr/share/applications
+ mkdir -p $(BASE_DIR)/Setup/FreeBSD/usr/share/pixmaps
+ cp $(BASE_DIR)/Resources/Icons/VeraCrypt-256x256.xpm $(BASE_DIR)/Setup/FreeBSD/usr/share/pixmaps/$(APPNAME).xpm
+ cp $(BASE_DIR)/Setup/Linux/$(APPNAME).desktop $(BASE_DIR)/Setup/FreeBSD/usr/share/applications/$(APPNAME).desktop
endif
- chown -R root:wheel $(PWD)/Setup/FreeBSD/usr
- chmod -R go-w $(PWD)/Setup/FreeBSD/usr
+ chown -R root:wheel $(BASE_DIR)/Setup/FreeBSD/usr
+ chmod -R go-w $(BASE_DIR)/Setup/FreeBSD/usr
install: prepare
- cp -R $(CURDIR)/Setup/FreeBSD/usr $(DESTDIR)/.
+ mkdir -p $(DESTDIR)
+ cp -R $(BASE_DIR)/Setup/FreeBSD/usr $(DESTDIR)/.
ifeq "$(TC_BUILD_CONFIG)" "Release"
package: prepare
- tar cfz $(PWD)/Setup/FreeBSD/$(PACKAGE_NAME) --directory $(PWD)/Setup/FreeBSD usr
+ tar cfz $(BASE_DIR)/Setup/FreeBSD/$(PACKAGE_NAME) --directory $(BASE_DIR)/Setup/FreeBSD usr
@rm -fr $(INTERNAL_INSTALLER_NAME)
@echo "#!/bin/sh" > $(INTERNAL_INSTALLER_NAME)
@@ -317,14 +333,14 @@ package: prepare
@echo "PACKAGE_START=1107" >> $(INTERNAL_INSTALLER_NAME)
@echo "INSTALLER_TYPE=$(INSTALLER_TYPE)" >> $(INTERNAL_INSTALLER_NAME)
- @cat $(PWD)/Setup/FreeBSD/veracrypt_install_template.sh >> $(INTERNAL_INSTALLER_NAME)
- @cat $(PWD)/Setup/FreeBSD/$(PACKAGE_NAME) >> $(INTERNAL_INSTALLER_NAME)
+ @cat $(BASE_DIR)/Setup/FreeBSD/veracrypt_install_template.sh >> $(INTERNAL_INSTALLER_NAME)
+ @cat $(BASE_DIR)/Setup/FreeBSD/$(PACKAGE_NAME) >> $(INTERNAL_INSTALLER_NAME)
chmod +x $(INTERNAL_INSTALLER_NAME)
- rm -fr $(PWD)/Setup/FreeBSD/packaging
- mkdir -p $(PWD)/Setup/FreeBSD/packaging
- cp $(INTERNAL_INSTALLER_NAME) $(PWD)/Setup/FreeBSD/packaging/.
- makeself $(PWD)/Setup/FreeBSD/packaging $(PWD)/Setup/FreeBSD/$(INSTALLER_NAME) "VeraCrypt $(TC_VERSION) $(SYSTEMNAME) Installer" ./$(INTERNAL_INSTALLER_NAME)
+ rm -fr $(BASE_DIR)/Setup/FreeBSD/packaging
+ mkdir -p $(BASE_DIR)/Setup/FreeBSD/packaging
+ cp $(INTERNAL_INSTALLER_NAME) $(BASE_DIR)/Setup/FreeBSD/packaging/.
+ makeself $(BASE_DIR)/Setup/FreeBSD/packaging $(BASE_DIR)/Setup/FreeBSD/$(INSTALLER_NAME) "VeraCrypt $(TC_VERSION) $(SYSTEMNAME) Installer" ./$(INTERNAL_INSTALLER_NAME)
endif
diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp
index 61b8b8a..4de2cb2 100644
--- a/src/Main/TextUserInterface.cpp
+++ b/src/Main/TextUserInterface.cpp
@@ -20,6 +20,7 @@
#include "Platform/Unix/Process.h"
#endif
+#include <wx/platinfo.h>
#include "Common/SecurityToken.h"
#include "Core/RandomNumberGenerator.h"
#include "Application.h"
@@ -40,7 +41,9 @@ namespace VeraCrypt
#endif
{
FInputStream.reset (new wxFFileInputStream (stdin));
- TextInputStream.reset (new wxTextInputStream (*FInputStream));
+ // Set fallback encoding of the stream converter to UTF-8
+ // to make sure we interpret multibyte symbols properly
+ TextInputStream.reset (new wxTextInputStream (*FInputStream, wxT(" \t"), wxConvAuto(wxFONTENCODING_UTF8)));
}
}
@@ -124,7 +127,7 @@ namespace VeraCrypt
if (verify && verPhase)
{
- shared_ptr <VolumePassword> verPassword = ToUTF8Password (passwordBuf, length);
+ shared_ptr <VolumePassword> verPassword = ToUTF8Password (passwordBuf, length, CmdLine->ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
if (*password != *verPassword)
{
@@ -135,7 +138,7 @@ namespace VeraCrypt
}
}
- password = ToUTF8Password (passwordBuf, length);
+ password = ToUTF8Password (passwordBuf, length, CmdLine->ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize);
if (!verPhase)
{
@@ -785,6 +788,10 @@ namespace VeraCrypt
#elif defined (TC_MACOSX)
ShowInfo (L" 3) Mac OS Extended"); filesystems.push_back (VolumeCreationOptions::FilesystemType::MacOsExt);
ShowInfo (L" 4) exFAT"); filesystems.push_back (VolumeCreationOptions::FilesystemType::exFAT);
+ if (wxPlatformInfo::Get().CheckOSVersion (10, 13))
+ {
+ ShowInfo (L" 5) APFS"); filesystems.push_back (VolumeCreationOptions::FilesystemType::APFS);
+ }
#elif defined (TC_FREEBSD) || defined (TC_SOLARIS)
ShowInfo (L" 3) UFS"); filesystems.push_back (VolumeCreationOptions::FilesystemType::UFS);
#endif
@@ -881,6 +888,7 @@ namespace VeraCrypt
#elif defined (TC_MACOSX)
case VolumeCreationOptions::FilesystemType::MacOsExt: fsFormatter = "newfs_hfs"; break;
case VolumeCreationOptions::FilesystemType::exFAT: fsFormatter = "newfs_exfat"; break;
+ case VolumeCreationOptions::FilesystemType::APFS: fsFormatter = "newfs_apfs"; break;
#elif defined (TC_FREEBSD) || defined (TC_SOLARIS)
case VolumeCreationOptions::FilesystemType::UFS: fsFormatter = "newfs" ; break;
#endif
@@ -1056,9 +1064,18 @@ namespace VeraCrypt
slotId = (CK_SLOT_ID) AskSelection (tokens.back().SlotId, tokens.front().SlotId);
}
- shared_ptr <KeyfileList> keyfiles = AskKeyfiles();
- if (keyfiles->empty())
- throw UserAbort();
+ shared_ptr <KeyfileList> keyfiles;
+
+ if (CmdLine->ArgKeyfiles.get() && !CmdLine->ArgKeyfiles->empty())
+ keyfiles = CmdLine->ArgKeyfiles;
+ else if (!Preferences.NonInteractive)
+ {
+ keyfiles = AskKeyfiles();
+ if (keyfiles->empty())
+ throw UserAbort();
+ }
+ else
+ throw MissingArgument (SRC_POS);
foreach_ref (const Keyfile &keyfilePath, *keyfiles)
{
diff --git a/src/Main/TextUserInterface.h b/src/Main/TextUserInterface.h
index 78874b8..95db02d 100644
--- a/src/Main/TextUserInterface.h
+++ b/src/Main/TextUserInterface.h
@@ -47,9 +47,7 @@ namespace VeraCrypt
virtual void ExportSecurityTokenKeyfile () const;
virtual shared_ptr <GetStringFunctor> GetAdminPasswordRequestHandler ();
virtual void ImportSecurityTokenKeyfiles () const;
-#ifndef TC_NO_GUI
virtual bool Initialize (int &argc, wxChar **argv) { return wxAppBase::Initialize(argc, argv); }
-#endif
virtual void InitSecurityTokenLibrary () const;
virtual void ListSecurityTokenKeyfiles () const;
virtual VolumeInfoList MountAllDeviceHostedVolumes (MountOptions &options) const;
diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp
index 3939010..35396b4 100644
--- a/src/Main/UserInterface.cpp
+++ b/src/Main/UserInterface.cpp
@@ -444,6 +444,7 @@ namespace VeraCrypt
{
#define EX2MSG(exception, message) do { if (ex == typeid (exception)) return (message); } while (false)
EX2MSG (DriveLetterUnavailable, LangString["DRIVE_LETTER_UNAVAILABLE"]);
+ EX2MSG (DeviceSectorSizeMismatch, _("Storage device and VC volume sector size mismatch"));
EX2MSG (EncryptedSystemRequired, _("This operation must be performed only when the system hosted on the volume is running."));
EX2MSG (ExternalException, LangString["EXCEPTION_OCCURRED"]);
EX2MSG (InsufficientData, _("Not enough data available."));
@@ -464,6 +465,7 @@ namespace VeraCrypt
EX2MSG (PasswordOrMountOptionsIncorrect, LangString["PASSWORD_OR_KEYFILE_OR_MODE_WRONG"] + _("\n\nNote: If you are attempting to mount a partition located on an encrypted system drive without pre-boot authentication or to mount the encrypted system partition of an operating system that is not running, you can do so by selecting 'Options >' > 'Mount partition using system encryption'."));
EX2MSG (PasswordTooLong, StringFormatter (_("Password is longer than {0} characters."), (int) VolumePassword::MaxSize));
EX2MSG (PasswordUTF8TooLong, LangString["PASSWORD_UTF8_TOO_LONG"]);
+ EX2MSG (PasswordLegacyUTF8TooLong, LangString["LEGACY_PASSWORD_UTF8_TOO_LONG"]);
EX2MSG (PasswordUTF8Invalid, LangString["PASSWORD_UTF8_INVALID"]);
EX2MSG (PartitionDeviceRequired, _("Partition device required."));
EX2MSG (ProtectionPasswordIncorrect, _("Incorrect password to the protected hidden volume or the hidden volume does not exist."));
@@ -533,6 +535,10 @@ namespace VeraCrypt
Core->SetAdminPasswordCallback (shared_ptr <GetStringFunctor> (new AdminPasswordRequestHandler));
}
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ Core->ForceUseDummySudoPassword (CmdLine->ArgUseDummySudoPassword);
+#endif
+
Core->WarningEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnWarning));
Core->VolumeMountedEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnVolumeMounted));
@@ -908,7 +914,8 @@ namespace VeraCrypt
wstring pwdInput;
getline(wcin, pwdInput);
- cmdLine.ArgPassword = ToUTF8Password ( pwdInput.c_str (), pwdInput.size ());
+ size_t maxUtf8Len = cmdLine.ArgUseLegacyPassword? VolumePassword::MaxLegacySize : VolumePassword::MaxSize;
+ cmdLine.ArgPassword = ToUTF8Password ( pwdInput.c_str (), pwdInput.size (), maxUtf8Len);
}
switch (cmdLine.ArgCommand)
@@ -1265,7 +1272,7 @@ namespace VeraCrypt
"--size=SIZE[K|M|G|T]\n"
" Use specified size when creating a new volume. If no suffix is indicated,\n"
" then SIZE is interpreted in bytes. Suffixes K, M, G or T can be used to\n"
- " indicate a value in KB, MB, GB or TB respectively.\n"
+ " indicate a value in KiB, MiB, GiB or TiB respectively.\n"
"\n"
"-t, --text\n"
" Use text user interface. Graphical user interface is used by default if\n"
@@ -1575,12 +1582,14 @@ namespace VeraCrypt
VC_CONVERT_EXCEPTION (PasswordEmpty);
VC_CONVERT_EXCEPTION (PasswordTooLong);
VC_CONVERT_EXCEPTION (PasswordUTF8TooLong);
+ VC_CONVERT_EXCEPTION (PasswordLegacyUTF8TooLong);
VC_CONVERT_EXCEPTION (PasswordUTF8Invalid);
VC_CONVERT_EXCEPTION (UnportablePassword);
VC_CONVERT_EXCEPTION (ElevationFailed);
VC_CONVERT_EXCEPTION (RootDeviceUnavailable);
VC_CONVERT_EXCEPTION (DriveLetterUnavailable);
VC_CONVERT_EXCEPTION (DriverError);
+ VC_CONVERT_EXCEPTION (DeviceSectorSizeMismatch);
VC_CONVERT_EXCEPTION (EncryptedSystemRequired);
VC_CONVERT_EXCEPTION (HigherFuseVersionRequired);
VC_CONVERT_EXCEPTION (KernelCryptoServiceTestFailed);
diff --git a/src/Makefile b/src/Makefile
index 50af302..f102a28 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -23,6 +23,7 @@
# SSSE3: Enable SSSE3 support in compiler
# SSE41: Enable SSE4.1 support in compiler
# NOSSE2: Disable SEE2 support in compiler
+# WITHGTK3: Build wxWidgets against GTK3
#------ Targets ------
# all
@@ -90,6 +91,9 @@ ifeq "$(origin WXSTATIC)" "command line"
export VC_WX_STATIC := 1
WX_CONFIG = $(WX_BUILD_DIR)/wx-config
WX_CONFIG_ARGS += --static
+ ifneq "$(WXSTATIC)" "FULL"
+ export VC_WX_MINIMAL := 1
+ endif
endif
@@ -132,7 +136,7 @@ export PLATFORM_UNSUPPORTED := 0
export CPU_ARCH ?= unknown
export SIMD_SUPPORTED := 0
-ARCH = $(shell uname -m)
+ARCH ?= $(shell uname -m)
ifneq (,$(filter i386 i486 i586 i686 x86,$(ARCH)))
CPU_ARCH = x86
@@ -147,6 +151,7 @@ endif
ifeq "$(origin NOASM)" "command line"
CPU_ARCH = unknown
+ C_CXX_FLAGS += -DCRYPTOPP_DISABLE_X86ASM
endif
ifeq "$(CPU_ARCH)" "x86"
@@ -223,6 +228,10 @@ ifeq "$(shell uname -s)" "Linux"
WXCONFIG_CFLAGS += -mno-sse2
WXCONFIG_CXXFLAGS += -mno-sse2
endif
+
+ ifeq "$(origin WITHGTK3)" "command line"
+ WX_CONFIGURE_FLAGS += --with-gtk=3
+ endif
endif
@@ -234,19 +243,25 @@ ifeq "$(shell uname -s)" "Darwin"
APPNAME := VeraCrypt
export VC_OSX_TARGET ?= 10.7
+ export VC_OSX_SDK ?= $(VC_OSX_TARGET)
#check to see if XCode 3 path exists.Otherwise, use XCode 4 path
- VC_OSX_SDK := /Developer/SDKs/MacOSX$(VC_OSX_TARGET).sdk
- ifeq ($(wildcard $(VC_OSX_SDK)/SDKSettings.plist),)
- VC_OSX_SDK := /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX$(VC_OSX_TARGET).sdk
+ VC_OSX_SDK_PATH := /Developer/SDKs/MacOSX$(VC_OSX_SDK).sdk
+ ifeq ($(wildcard $(VC_OSX_SDK_PATH)/SDKSettings.plist),)
+ VC_OSX_SDK_PATH := /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX$(VC_OSX_SDK).sdk
+ endif
+
+ #----- Legacy build if OSX <= 10.8: we build both 32-bit and 64-bit ----
+ ifneq (,$(filter 10.6 10.7 10.8,$(VC_OSX_TARGET)))
+ export VC_LEGACY_BUILD := 1
endif
CC := gcc
CXX := g++
- C_CXX_FLAGS += -DTC_UNIX -DTC_BSD -DTC_MACOSX -mmacosx-version-min=$(VC_OSX_TARGET) -isysroot $(VC_OSX_SDK)
- LFLAGS += -mmacosx-version-min=$(VC_OSX_TARGET) -Wl,-syslibroot $(VC_OSX_SDK)
- WX_CONFIGURE_FLAGS += --with-macosx-version-min=$(VC_OSX_TARGET) --with-macosx-sdk=$(VC_OSX_SDK)
+ C_CXX_FLAGS += -DTC_UNIX -DTC_BSD -DTC_MACOSX -mmacosx-version-min=$(VC_OSX_TARGET) -isysroot $(VC_OSX_SDK_PATH)
+ LFLAGS += -mmacosx-version-min=$(VC_OSX_TARGET) -Wl,-syslibroot $(VC_OSX_SDK_PATH)
+ WX_CONFIGURE_FLAGS += --with-macosx-version-min=$(VC_OSX_TARGET) --with-macosx-sdk=$(VC_OSX_SDK_PATH)
ifeq "$(CPU_ARCH)" "x64"
CPU_ARCH = x86
@@ -276,10 +291,18 @@ ifeq "$(shell uname -s)" "Darwin"
S := $(C_CXX_FLAGS)
C_CXX_FLAGS = $(subst -MMD,,$(S))
- C_CXX_FLAGS += -gfull -arch i386 -arch x86_64
- LFLAGS += -Wl,-dead_strip -arch i386 -arch x86_64
+ C_CXX_FLAGS += -gfull -arch x86_64
+ LFLAGS += -Wl,-dead_strip -arch x86_64
+
+ #----- Legacy build: we build both 32-bit and 64-bit ----
+ ifdef VC_LEGACY_BUILD
+ C_CXX_FLAGS += -arch i386
+ LFLAGS += -arch i386
+ WX_CONFIGURE_FLAGS += --enable-universal_binary=i386,x86_64
+ else
+ WX_CONFIGURE_FLAGS += --disable-universal_binary
+ endif
- WX_CONFIGURE_FLAGS += --enable-universal_binary=i386,x86_64
WXCONFIG_CFLAGS += -gfull
WXCONFIG_CXXFLAGS += -gfull
@@ -358,8 +381,10 @@ CFLAGS := $(C_CXX_FLAGS) $(CFLAGS) $(TC_EXTRA_CFLAGS)
CXXFLAGS := $(C_CXX_FLAGS) $(CXXFLAGS) $(TC_EXTRA_CXXFLAGS)
LFLAGS := $(LFLAGS) $(TC_EXTRA_LFLAGS)
-WX_CONFIGURE_FLAGS += --enable-unicode -disable-shared --disable-dependency-tracking --disable-compat26 --enable-exceptions --enable-std_string --enable-dataobj --enable-mimetype \
- --disable-protocol --disable-protocols --disable-url --disable-ipc --disable-sockets --disable-fs_inet --disable-ole --disable-docview --disable-clipboard \
+WX_CONFIGURE_FLAGS += --enable-unicode -disable-shared --disable-dependency-tracking --enable-exceptions --enable-std_string --enable-dataobj --enable-mimetype
+
+ifdef VC_WX_MINIMAL
+WX_CONFIGURE_FLAGS += --disable-protocol --disable-protocols --disable-url --disable-ipc --disable-sockets --disable-fs_inet --disable-ole --disable-docview --disable-clipboard \
--disable-help --disable-html --disable-mshtmlhelp --disable-htmlhelp --disable-mdi --disable-metafile --disable-webkit --disable-webview \
--disable-xrc --disable-aui --disable-postscript --disable-printarch \
--disable-arcstream --disable-fs_archive --disable-fs_zip --disable-tarstream --disable-zipstream \
@@ -372,14 +397,21 @@ WX_CONFIGURE_FLAGS += --enable-unicode -disable-shared --disable-dependency-trac
--disable-richtext --disable-dialupman --disable-debugreport --disable-filesystem --disable-rearrangectrl --disable-treelist --disable-richmsgdlg \
--disable-richtooltip --disable-propgrid --disable-stc --without-libnotify \
--without-gtkprint --without-gnomevfs --disable-fsvolume --disable-fswatcher \
- --disable-graphics_ctx --disable-sound --disable-mediactrl --disable-joystick --disable-apple_ieee \
+ --disable-sound --disable-mediactrl --disable-joystick --disable-apple_ieee \
--disable-gif --disable-pcx --disable-tga --disable-iff --disable-gif --disable-pnm --disable-svg \
--without-expat --without-libtiff --without-libjpeg --without-libpng -without-regex --without-zlib
-
+
ifeq "$(PLATFORM)" "Linux"
WX_CONFIGURE_FLAGS += --disable-tooltips
+ifneq "$(origin WITHGTK3)" "command line"
+ WX_CONFIGURE_FLAGS += --disable-graphics_ctx
+endif
+else
+ WX_CONFIGURE_FLAGS += --disable-graphics_ctx
+endif
endif
+
#------ Project build ------
PROJ_DIRS := Platform Volume Driver/Fuse Core Main
@@ -422,4 +454,4 @@ endif
cd "$(WX_BUILD_DIR)" && "$(WX_ROOT)/configure" $(WX_CONFIGURE_FLAGS) >/dev/null
@echo Building wxWidgets library...
- cd "$(WX_BUILD_DIR)" && $(MAKE)
+ cd "$(WX_BUILD_DIR)" && $(MAKE) -j 4
diff --git a/src/Mount/Favorites.cpp b/src/Mount/Favorites.cpp
index 284c0b5..e93b920 100644
--- a/src/Mount/Favorites.cpp
+++ b/src/Mount/Favorites.cpp
@@ -243,76 +243,91 @@ namespace VeraCrypt
switch (lw)
{
case IDOK:
-
- /* Global System Favorites settings */
-
- if (SystemFavoritesMode)
{
- BootEncryption BootEncObj (NULL);
+ BOOL bInitialOptionValue = NeedPeriodicDeviceListUpdate;
- if (BootEncObj.GetStatus().DriveMounted)
+ /* Global System Favorites settings */
+
+ if (SystemFavoritesMode)
{
- try
- {
- uint32 reqConfig = IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_OPEN_EXPLORER_WIN_ON_MOUNT) ? TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES : 0;
- if (reqConfig != (ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES))
- BootEncObj.SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES, reqConfig ? true : false);
+ BootEncryption BootEncObj (NULL);
- SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS, IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_DISABLE_HOTKEY));
- }
- catch (Exception &e)
+ if (BootEncObj.GetStatus().DriveMounted)
{
- e.Show (hwndDlg);
+ try
+ {
+ uint32 reqConfig = IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_OPEN_EXPLORER_WIN_ON_MOUNT) ? TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES : 0;
+ if (reqConfig != (ReadDriverConfigurationFlags() & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES))
+ BootEncObj.SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD_FOR_SYS_FAVORITES, reqConfig ? true : false);
+
+ if (!BootEncObj.IsSystemFavoritesServiceRunning())
+ {
+ // The system favorites service should be always running
+ // If it is stopped for some reason, we reconfigure it
+ BootEncObj.RegisterSystemFavoritesService (TRUE);
+ }
+
+ SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS, IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_DISABLE_HOTKEY));
+ }
+ catch (Exception &e)
+ {
+ e.Show (hwndDlg);
+ }
}
}
- }
- /* (System) Favorites list */
+ /* (System) Favorites list */
- if (SelectedItem != -1 && !Favorites.empty())
- SetFavoriteVolume (hwndDlg, Favorites[SelectedItem], SystemFavoritesMode);
+ if (SelectedItem != -1 && !Favorites.empty())
+ SetFavoriteVolume (hwndDlg, Favorites[SelectedItem], SystemFavoritesMode);
- if (SaveFavoriteVolumes (hwndDlg, Favorites, SystemFavoritesMode))
- {
- if (!SystemFavoritesMode)
+ if (SaveFavoriteVolumes (hwndDlg, Favorites, SystemFavoritesMode))
{
- bMountFavoritesOnLogon = FALSE;
-
- foreach (const FavoriteVolume &favorite, Favorites)
+ if (!SystemFavoritesMode)
{
- if (favorite.MountOnLogOn)
+ bMountFavoritesOnLogon = FALSE;
+
+ foreach (const FavoriteVolume &favorite, Favorites)
{
- bMountFavoritesOnLogon = TRUE;
- break;
+ if (favorite.MountOnLogOn)
+ {
+ bMountFavoritesOnLogon = TRUE;
+ break;
+ }
}
- }
- if (!bEnableBkgTask || bCloseBkgTaskWhenNoVolumes || IsNonInstallMode())
- {
- foreach (const FavoriteVolume favorite, Favorites)
+ if (!bEnableBkgTask || bCloseBkgTaskWhenNoVolumes || IsNonInstallMode())
{
- if (favorite.MountOnArrival)
+ foreach (const FavoriteVolume favorite, Favorites)
{
- Warning ("FAVORITE_ARRIVAL_MOUNT_BACKGROUND_TASK_ERR", hwndDlg);
- break;
+ if (favorite.MountOnArrival)
+ {
+ Warning ("FAVORITE_ARRIVAL_MOUNT_BACKGROUND_TASK_ERR", hwndDlg);
+ break;
+ }
}
}
- }
- FavoriteVolumes = Favorites;
+ if (!bInitialOptionValue && NeedPeriodicDeviceListUpdate)
+ {
+ // a favorite was set to use VolumeID. We update the list of devices available for mounting as early as possible
+ UpdateMountableHostDeviceList ();
+ }
+
+ FavoriteVolumes = Favorites;
- ManageStartupSeq();
- SaveSettings (hwndDlg);
- }
- else
- SystemFavoriteVolumes = Favorites;
+ ManageStartupSeq();
+ SaveSettings (hwndDlg);
+ }
+ else
+ SystemFavoriteVolumes = Favorites;
- OnFavoriteVolumesUpdated();
- LoadDriveLetters (hwndDlg, GetDlgItem (MainDlg, IDC_DRIVELIST), 0);
+ OnFavoriteVolumesUpdated();
+ LoadDriveLetters (hwndDlg, GetDlgItem (MainDlg, IDC_DRIVELIST), 0);
- EndDialog (hwndDlg, IDOK);
+ EndDialog (hwndDlg, IDOK);
+ }
}
-
return 1;
case IDCANCEL:
@@ -554,6 +569,7 @@ namespace VeraCrypt
void LoadFavoriteVolumes (vector <FavoriteVolume> &favorites, bool systemFavorites, bool noUacElevation)
{
+ bool bVolumeIdInUse = false;
favorites.clear();
wstring favoritesFilePath = systemFavorites ? GetServiceConfigPath (TC_APPD_FILENAME_SYSTEM_FAVORITE_VOLUMES, false) : GetConfigPath (TC_APPD_FILENAME_FAVORITE_VOLUMES);
@@ -701,10 +717,21 @@ namespace VeraCrypt
favorite.Pkcs5 = -1;
}
+ if (!systemFavorites && favorite.UseVolumeID)
+ bVolumeIdInUse = true;
+
favorites.push_back (favorite);
xml++;
}
+ if (!systemFavorites)
+ {
+ if (bVolumeIdInUse && !DisablePeriodicDeviceListUpdate)
+ NeedPeriodicDeviceListUpdate = TRUE;
+ else
+ NeedPeriodicDeviceListUpdate = FALSE;
+ }
+
free (favoritesXml);
}
@@ -763,6 +790,7 @@ namespace VeraCrypt
{
FILE *f;
int cnt = 0;
+ bool bVolumeIdInUse = false;
f = _wfopen (GetConfigPath (systemFavorites ? TC_APPD_FILENAME_SYSTEM_FAVORITE_VOLUMES : TC_APPD_FILENAME_FAVORITE_VOLUMES), L"w,ccs=UTF-8");
if (f == NULL)
@@ -827,7 +855,11 @@ namespace VeraCrypt
s += L" useLabelInExplorer=\"1\"";
if (favorite.UseVolumeID && !IsRepeatedByteArray (0, favorite.VolumeID, sizeof (favorite.VolumeID)))
+ {
s += L" useVolumeID=\"1\"";
+ if (!systemFavorites)
+ bVolumeIdInUse = true;
+ }
s += L">" + wstring (tq) + L"</volume>";
@@ -838,6 +870,14 @@ namespace VeraCrypt
fputws (L"\n\t</favorites>", f);
XmlWriteFooter (f);
+ if (!systemFavorites)
+ {
+ if (bVolumeIdInUse && !DisablePeriodicDeviceListUpdate)
+ NeedPeriodicDeviceListUpdate = TRUE;
+ else
+ NeedPeriodicDeviceListUpdate = FALSE;
+ }
+
if (!CheckFileStreamWriteErrors (hwndDlg, f, systemFavorites ? TC_APPD_FILENAME_SYSTEM_FAVORITE_VOLUMES : TC_APPD_FILENAME_FAVORITE_VOLUMES))
{
fclose (f);
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 5f96afb..9130eae 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -512,8 +512,11 @@ static void InitMainDialog (HWND hwndDlg)
e.Show (NULL);
}
- // initialize the list of devices available for mounting as early as possible
- UpdateMountableHostDeviceList ();
+ if (NeedPeriodicDeviceListUpdate)
+ {
+ // initialize the list of devices available for mounting as early as possible
+ UpdateMountableHostDeviceList ();
+ }
if (Silent)
LoadDriveLetters (hwndDlg, NULL, 0);
@@ -2968,7 +2971,12 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
SetWindowPos (hwndDlg, HWND_NOTOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE);
}
SetFocus (GetDlgItem (hwndDlg, IDC_PASSWORD));
- SetTimer (hwndDlg, TIMER_ID_CHECK_FOREGROUND, TIMER_INTERVAL_CHECK_FOREGROUND, NULL);
+
+ /* Start the timer to check if we are foreground only if Secure Desktop is not used */
+ if (!bSecureDesktopOngoing)
+ {
+ SetTimer (hwndDlg, TIMER_ID_CHECK_FOREGROUND, TIMER_INTERVAL_CHECK_FOREGROUND, NULL);
+ }
}
return 0;
@@ -3011,11 +3019,16 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
if (keybLayout != 0x00000409 && keybLayout != 0x04090409)
{
Error ("CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION", hwndDlg);
- EndDialog (hwndDlg, IDCANCEL);
- return 1;
+ /* don't be too agressive on enforcing an English keyboard layout. E.g. on WindowsPE this call fails and
+ * then the user can only mount a system encrypted device using the command line by passing the password as a parameter
+ * (which might not be obvious for not so advanced users).
+ *
+ * Now, we informed the user that English keyboard is required, if it is not available the volume can just not be mounted.
+ * There should be no other drawback (as e.g., on the change password dialog, when you might change to a password which won't
+ * work on the pre-start environment.
+ */
}
-
- if (SetTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD, TIMER_INTERVAL_KEYB_LAYOUT_GUARD, NULL) == 0)
+ else if (SetTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD, TIMER_INTERVAL_KEYB_LAYOUT_GUARD, NULL) == 0)
{
Error ("CANNOT_SET_TIMER", hwndDlg);
EndDialog (hwndDlg, IDCANCEL);
@@ -6069,8 +6082,6 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
return;
}
- WaitCursor();
-
// Make sure the user is not attempting to decrypt a partition on an entirely encrypted system drive.
if (IsNonSysPartitionOnSysDrive (scPath.c_str ()) == 1)
{
@@ -6088,8 +6099,6 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
{
// The system drive MAY be entirely encrypted (external access without PBA) and the potentially encrypted OS is not running
- NormalCursor ();
-
Warning ("CANT_DECRYPT_PARTITION_ON_ENTIRELY_ENCRYPTED_SYS_DRIVE_UNSURE", hwndDlg);
// We allow the user to continue as we don't know if the drive is really an encrypted system drive.
@@ -7336,7 +7345,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
if (wParam == TIMER_ID_UPDATE_DEVICE_LIST)
{
- UpdateMountableHostDeviceList ();
+ if (NeedPeriodicDeviceListUpdate)
+ UpdateMountableHostDeviceList ();
}
else
{
@@ -8872,6 +8882,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionTryEmptyPassword,
OptionNoWaitDlg,
OptionSecureDesktop,
+ OptionDisableDeviceUpdate,
};
argument args[]=
@@ -8900,6 +8911,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionTryEmptyPassword, L"/tryemptypass", NULL, FALSE },
{ OptionNoWaitDlg, L"/nowaitdlg", NULL, FALSE },
{ OptionSecureDesktop, L"/secureDesktop", NULL, FALSE },
+ { OptionDisableDeviceUpdate, L"/disableDeviceUpdate", NULL, FALSE },
};
argumentspec as;
@@ -8990,6 +9002,12 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
}
break;
+ case OptionDisableDeviceUpdate:
+ {
+ DisablePeriodicDeviceListUpdate = TRUE;
+ }
+ break;
+
case OptionCache:
{
wchar_t szTmp[16] = {0};
@@ -9409,25 +9427,31 @@ static DWORD WINAPI SystemFavoritesServiceCtrlHandler ( DWORD dwControl,
case SERVICE_CONTROL_STOP:
SystemFavoritesServiceSetStatus (SERVICE_STOP_PENDING);
- if (bSystemIsGPT)
+ if (!(BootEncObj->ReadServiceConfigurationFlags () & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER))
{
- uint32 serviceFlags = BootEncObj->ReadServiceConfigurationFlags ();
- if (!(serviceFlags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_UPDATE_LOADER))
+ try
{
- try
- {
- BootEncryption::UpdateSetupConfigFile (true);
- if (!BootEncStatus.HiddenSystem)
- {
- // re-install our bootloader again in case the update process has removed it.
- BootEncryption bootEnc (NULL, true);
- bootEnc.InstallBootLoader (true);
- }
- }
- catch (...)
+ BootEncryption::UpdateSetupConfigFile (true);
+ if (!BootEncStatus.HiddenSystem)
{
+ // re-install our bootloader again in case the update process has removed it.
+ bool bForceSetNextBoot = false;
+ bool bSetBootentry = true;
+ bool bForceFirstBootEntry = true;
+ uint32 flags = BootEncObj->ReadServiceConfigurationFlags ();
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_FORCE_SET_BOOTNEXT)
+ bForceSetNextBoot = true;
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_SET_BOOTENTRY)
+ bSetBootentry = false;
+ if (flags & VC_SYSTEM_FAVORITES_SERVICE_CONFIG_DONT_FORCE_FIRST_BOOTENTRY)
+ bForceFirstBootEntry = false;
+ BootEncryption bootEnc (NULL, true, bSetBootentry, bForceFirstBootEntry, bForceSetNextBoot);
+ bootEnc.InstallBootLoader (true);
}
}
+ catch (...)
+ {
+ }
}
/* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION flag */
@@ -9529,8 +9553,6 @@ static VOID WINAPI SystemFavoritesServiceMain (DWORD argc, LPTSTR *argv)
SystemFavoritesServiceSetStatus (SERVICE_START_PENDING, 120000);
SystemFavoritesServiceLogInfo (wstring (L"Initializing list of host devices"));
- // initialize the list of devices available for mounting as early as possible
- UpdateMountableHostDeviceList ();
SystemFavoritesServiceLogInfo (wstring (L"Starting System Favorites mounting process"));
@@ -10111,9 +10133,6 @@ BOOL MountFavoriteVolumes (HWND hwnd, BOOL systemFavorites, BOOL logOnMount, BOO
{
Sleep (5000);
- SystemFavoritesServiceLogInfo (wstring (L"Updating list of host devices"));
- UpdateMountableHostDeviceList ();
-
SystemFavoritesServiceLogInfo (wstring (L"Trying to mount skipped system favorites"));
// Update the service status to avoid being killed
@@ -10842,6 +10861,21 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
nStatus = ERR_OS_ERROR;
goto error;
}
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access timestamp is not modified
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ /* Remember the container modification/creation date and time. */
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ bTimeStampValid = FALSE;
+ else
+ bTimeStampValid = TRUE;
+ }
// Determine volume host size
if (bDevice)
@@ -10912,15 +10946,6 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
hostSize = fileSize.QuadPart;
}
- if (!bDevice && bPreserveTimestamp)
- {
- /* Remember the container modification/creation date and time. */
-
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- bTimeStampValid = FALSE;
- else
- bTimeStampValid = TRUE;
- }
/* Read the volume header from the backup file */
char buffer[TC_VOLUME_HEADER_GROUP_SIZE];
@@ -11592,6 +11617,8 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
WORD lw = LOWORD (wParam);
static std::string platforminfo;
+ static byte currentUserConfig;
+ static string currentCustomUserMessage;
switch (msg)
{
@@ -11618,6 +11645,14 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bClearKeysEnabled = (driverConfig & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)? TRUE : FALSE;
BOOL bIsHiddenOS = IsHiddenOSRunning ();
+ if (bClearKeysEnabled)
+ {
+ // the clear keys option works only if the service is running
+ if (!BootEncObj->IsSystemFavoritesServiceRunning())
+ bClearKeysEnabled = false;
+ }
+
+
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
{
// operations canceled
@@ -11625,6 +11660,10 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
return 1;
}
+ // we store current configuration in order to be able to detect if user changed it or not after clicking OK
+ currentUserConfig = userConfig;
+ currentCustomUserMessage = customUserMessage;
+
if (bootLoaderVersion != VERSION_NUM)
Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
@@ -11694,13 +11733,19 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
try
{
- std::string dcsprop = ReadESPFile (L"\\EFI\\VeraCrypt\\DcsProp", true);
+ std::string currentDcsprop = ReadESPFile (L"\\EFI\\VeraCrypt\\DcsProp", true);
+ std::string dcsprop = currentDcsprop;
while (TextEditDialogBox(FALSE, hwndDlg, GetString ("BOOT_LOADER_CONFIGURATION_FILE"), dcsprop) == IDOK)
{
- if (validateDcsPropXml (dcsprop.c_str()))
+ const char* dcspropContent = dcsprop.c_str();
+ if (0 == strcmp(dcspropContent, currentDcsprop.c_str()))
{
- WriteESPFile (L"\\EFI\\VeraCrypt\\DcsProp", (LPBYTE) dcsprop.c_str(), (DWORD) dcsprop.size(), true);
+ break;
+ }
+ else if (validateDcsPropXml (dcspropContent))
+ {
+ WriteESPFile (L"\\EFI\\VeraCrypt\\DcsProp", (LPBYTE) dcspropContent, (DWORD) strlen (dcspropContent), true);
break;
}
else
@@ -11738,17 +11783,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
if (!bSystemIsGPT)
GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
- byte userConfig;
- try
- {
- if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig))
- return 1;
- }
- catch (Exception &e)
- {
- e.Show (hwndDlg);
- return 1;
- }
+ byte userConfig = currentUserConfig;
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT))
userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_PIM;
@@ -11757,22 +11792,22 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
if (bSystemIsGPT)
{
- if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
- userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
+ if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
+ userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
}
else
{
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
- userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
+ userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
- if (!IsDlgButtonChecked (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS))
- userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
- else
- userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
+ if (!IsDlgButtonChecked (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS))
+ userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
+ else
+ userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
}
try
@@ -11781,7 +11816,21 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
BOOL bBlockSysEncTrimEnabled = IsDlgButtonChecked (hwndDlg, IDC_BLOCK_SYSENC_TRIM);
BOOL bClearKeysEnabled = IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION);
- BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
+
+ if (bClearKeysEnabled && !BootEncObj->IsSystemFavoritesServiceRunning())
+ {
+ // the system favorite service service should be running
+ // if it is not the case, report a failure and quit
+ std::string techInfo = SRC_POS;
+ techInfo += "\nIsSystemFavoritesServiceRunning = False.";
+ ReportUnexpectedState (techInfo.c_str());
+ return 1;
+ }
+
+ // only write boot configuration if something changed
+ if ((userConfig != currentUserConfig) || (!bSystemIsGPT && (customUserMessage != currentCustomUserMessage)))
+ BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
+
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));
@@ -11833,7 +11882,18 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
case IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION:
if (IsDlgButtonChecked (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION))
{
- Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
+ if (!BootEncObj->IsSystemFavoritesServiceRunning())
+ {
+ // the system favorite service service should be running
+ // if it is not the case, report a failure
+ std::string techInfo = SRC_POS;
+ techInfo += "\nIsSystemFavoritesServiceRunning = False.";
+ ReportUnexpectedState (techInfo.c_str());
+
+ CheckDlgButton (hwndDlg, IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION, BST_UNCHECKED);
+ }
+ else
+ Warning ("CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING", hwndDlg);
}
break;
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index 137cc62..8b6006d 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -548,8 +548,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,5,0
- PRODUCTVERSION 1,24,5,0
+ FILEVERSION 1,24,9,0
+ PRODUCTVERSION 1,24,9,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -566,11 +566,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt"
- VALUE "FileVersion", "1.24-Beta5"
+ VALUE "FileVersion", "1.24-Update2"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Beta5"
+ VALUE "ProductVersion", "1.24-Update2"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Mount/Mount.vcxproj.user b/src/Mount/Mount.vcxproj.user
index ace9a86..75a63e9 100644
--- a/src/Mount/Mount.vcxproj.user
+++ b/src/Mount/Mount.vcxproj.user
@@ -1,3 +1,7 @@
ÔĽŅ<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <LocalDebuggerCommandArguments>/DisableDeviceUpdate</LocalDebuggerCommandArguments>
+ <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
+ </PropertyGroup>
</Project> \ No newline at end of file
diff --git a/src/Platform/Exception.h b/src/Platform/Exception.h
index 71cfa1c..b0f04bb 100644
--- a/src/Platform/Exception.h
+++ b/src/Platform/Exception.h
@@ -82,6 +82,7 @@ namespace VeraCrypt
TC_EXCEPTION_NODECL (ExecutedProcessFailed); \
TC_EXCEPTION (AlreadyInitialized); \
TC_EXCEPTION (AssertionFailed); \
+ TC_EXCEPTION (DeviceSectorSizeMismatch); \
TC_EXCEPTION (ExternalException); \
TC_EXCEPTION (InsufficientData); \
TC_EXCEPTION (NotApplicable); \
diff --git a/src/Platform/Unix/Process.cpp b/src/Platform/Unix/Process.cpp
index ac8598f..a21e118 100644
--- a/src/Platform/Unix/Process.cpp
+++ b/src/Platform/Unix/Process.cpp
@@ -30,7 +30,7 @@ namespace VeraCrypt
string Process::Execute (const string &processName, const list <string> &arguments, int timeOut, ProcessExecFunctor *execFunctor, const Buffer *inputData)
{
char *args[32];
- if (array_capacity (args) <= arguments.size())
+ if (array_capacity (args) <= (arguments.size() + 1))
throw ParameterTooLarge (SRC_POS);
#if 0
diff --git a/src/Readme.txt b/src/Readme.txt
index 877d103..0a99475 100644
--- a/src/Readme.txt
+++ b/src/Readme.txt
@@ -68,7 +68,7 @@ IDRIX certificate).
Keep this in mind if you compile VeraCrypt
and compare your binaries with the official binaries. If your binaries are
unsigned, the sizes of the official binaries will usually be approximately
-10 KB greater than sizes of your binaries (there may be further differences
+10 KiB greater than sizes of your binaries (there may be further differences
if you use a different version of the compiler, or if you install a different
or no service pack for Visual Studio, or different hotfixes for it, or if you
use different versions of the required SDKs).
diff --git a/src/Release/Setup Files/veracrypt-x64.cat b/src/Release/Setup Files/veracrypt-x64.cat
index 076d114..f0d8695 100644
--- a/src/Release/Setup Files/veracrypt-x64.cat
+++ b/src/Release/Setup Files/veracrypt-x64.cat
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt-x64.sys b/src/Release/Setup Files/veracrypt-x64.sys
index 532ca44..0644d96 100644
--- a/src/Release/Setup Files/veracrypt-x64.sys
+++ b/src/Release/Setup Files/veracrypt-x64.sys
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt.Inf b/src/Release/Setup Files/veracrypt.Inf
index 94ced21..ebbd9ab 100644
--- a/src/Release/Setup Files/veracrypt.Inf
+++ b/src/Release/Setup Files/veracrypt.Inf
@@ -2,7 +2,7 @@
;;; VeraCrypt
;;;
;;;
-;;; Copyright (c) 2018, IDRIX
+;;; Copyright (c) 2019, IDRIX
;;;
[Version]
@@ -10,7 +10,7 @@ signature = "$Windows NT$"
Class = "Encryption" ;This is determined by the work this filter driver does
ClassGuid = {a0a701c0-a511-42ff-aa6c-06dc0395576f} ;This value is determined by the Class
Provider = %ProviderString%
-DriverVer = 03/08/2019,1.24.5.0
+DriverVer = 12/09/2019,1.24.9.1
CatalogFile = veracrypt.cat
diff --git a/src/Release/Setup Files/veracrypt.cat b/src/Release/Setup Files/veracrypt.cat
index 9756100..25693f5 100644
--- a/src/Release/Setup Files/veracrypt.cat
+++ b/src/Release/Setup Files/veracrypt.cat
Binary files differ
diff --git a/src/Release/Setup Files/veracrypt.sys b/src/Release/Setup Files/veracrypt.sys
index c2408b7..8cf659a 100644
--- a/src/Release/Setup Files/veracrypt.sys
+++ b/src/Release/Setup Files/veracrypt.sys
Binary files differ
diff --git a/src/Setup/FreeBSD/veracrypt-uninstall.sh b/src/Setup/FreeBSD/veracrypt-uninstall.sh
index f8f111e..e29dbcc 100644
--- a/src/Setup/FreeBSD/veracrypt-uninstall.sh
+++ b/src/Setup/FreeBSD/veracrypt-uninstall.sh
@@ -6,6 +6,7 @@ rm -f /usr/bin/veracrypt
rm -f /usr/share/applications/veracrypt.desktop
rm -f /usr/share/pixmaps/veracrypt.xpm
rm -fr /usr/share/veracrypt
+rm -fr /usr/share/doc/veracrypt
echo VeraCrypt uninstalled.
rm -f /usr/bin/veracrypt-uninstall.sh
diff --git a/src/Setup/Linux/veracrypt-uninstall.sh b/src/Setup/Linux/veracrypt-uninstall.sh
index f8f111e..bc74eb0 100644
--- a/src/Setup/Linux/veracrypt-uninstall.sh
+++ b/src/Setup/Linux/veracrypt-uninstall.sh
@@ -1,11 +1,12 @@
#!/bin/sh
V="$(mount | grep veracrypt_aux_mnt)"
-[ "$V" ] && echo Error: All volumes must be dismounted first. && exit 1
+[ "$V" ] && echo Error: All volumes must be dismounted first. >&2 && exit 1
rm -f /usr/bin/veracrypt
rm -f /usr/share/applications/veracrypt.desktop
rm -f /usr/share/pixmaps/veracrypt.xpm
rm -fr /usr/share/veracrypt
+rm -fr /usr/share/doc/veracrypt
echo VeraCrypt uninstalled.
rm -f /usr/bin/veracrypt-uninstall.sh
diff --git a/src/Setup/MacOSX/veracrypt.pkgproj b/src/Setup/MacOSX/veracrypt.pkgproj
index 23299f5..80cff11 100755
--- a/src/Setup/MacOSX/veracrypt.pkgproj
+++ b/src/Setup/MacOSX/veracrypt.pkgproj
@@ -5,6 +5,10 @@
<key>PACKAGES</key>
<array>
<dict>
+ <key>MUST-CLOSE-APPLICATION-ITEMS</key>
+ <array/>
+ <key>MUST-CLOSE-APPLICATIONS</key>
+ <false/>
<key>PACKAGE_FILES</key>
<dict>
<key>DEFAULT_INSTALL_LOCATION</key>
@@ -253,7 +257,7 @@
<key>PATH_TYPE</key>
<integer>0</integer>
<key>PERMISSIONS</key>
- <integer>493</integer>
+ <integer>1005</integer>
<key>TYPE</key>
<integer>1</integer>
<key>UID</key>
@@ -355,6 +359,38 @@
<key>UID</key>
<integer>0</integer>
</dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Automator</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Extensions</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
</array>
<key>GID</key>
<integer>0</integer>
@@ -468,15 +504,29 @@
</dict>
<key>PAYLOAD_TYPE</key>
<integer>0</integer>
+ <key>PRESERVE_EXTENDED_ATTRIBUTES</key>
+ <false/>
+ <key>SHOW_INVISIBLE</key>
+ <false/>
+ <key>SPLIT_FORKS</key>
+ <true/>
+ <key>TREAT_MISSING_FILES_AS_WARNING</key>
+ <false/>
<key>VERSION</key>
- <integer>2</integer>
+ <integer>5</integer>
</dict>
<key>PACKAGE_SCRIPTS</key>
<dict>
<key>POSTINSTALL_PATH</key>
- <dict/>
+ <dict>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ </dict>
<key>PREINSTALL_PATH</key>
- <dict/>
+ <dict>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ </dict>
<key>RESOURCES</key>
<array/>
</dict>
@@ -486,6 +536,8 @@
<integer>1</integer>
<key>CONCLUSION_ACTION</key>
<integer>0</integer>
+ <key>FOLLOW_SYMBOLIC_LINKS</key>
+ <false/>
<key>IDENTIFIER</key>
<string>com.idrix.pkg.veracrypt</string>
<key>LOCATION</key>
@@ -494,9 +546,19 @@
<string>veracrypt</string>
<key>OVERWRITE_PERMISSIONS</key>
<false/>
+ <key>PAYLOAD_SIZE</key>
+ <integer>-1</integer>
+ <key>REFERENCE_PATH</key>
+ <string></string>
+ <key>RELOCATABLE</key>
+ <false/>
+ <key>USE_HFS+_COMPRESSION</key>
+ <false/>
<key>VERSION</key>
- <string>1.24.5</string>
+ <string>1.24.9</string>
</dict>
+ <key>TYPE</key>
+ <integer>0</integer>
<key>UUID</key>
<string>B14381D9-EC5F-43E4-B971-82AB3D132A64</string>
</dict>
@@ -524,14 +586,15 @@
<dict>
<key>BACKGROUND</key>
<dict>
- <key>ALIGNMENT</key>
- <integer>4</integer>
- <key>BACKGROUND_PATH</key>
- <dict/>
- <key>CUSTOM</key>
- <false/>
- <key>SCALING</key>
- <integer>0</integer>
+ <key>APPAREANCES</key>
+ <dict>
+ <key>DARK_AQUA</key>
+ <dict/>
+ <key>LIGHT_AQUA</key>
+ <dict/>
+ </dict>
+ <key>SHARED_SETTINGS_FOR_ALL_APPAREANCES</key>
+ <true/>
</dict>
<key>INSTALLATION TYPE</key>
<dict>
@@ -567,7 +630,7 @@
<dict/>
</dict>
</dict>
- <key>INSTALLATION TYPE</key>
+ <key>MODE</key>
<integer>0</integer>
</dict>
<key>INSTALLATION_STEPS</key>
@@ -636,8 +699,6 @@
</dict>
<key>LICENSE</key>
<dict>
- <key>KEYWORDS</key>
- <dict/>
<key>LOCALIZATIONS</key>
<array>
<dict>
@@ -690,7 +751,7 @@
<key>IC_REQUIREMENT_CPU_ARCHITECTURE_FAMILY</key>
<integer>2</integer>
<key>IC_REQUIREMENT_CPU_INTEL_ARCHITECTURE_TYPE</key>
- <integer>0</integer>
+ <integer>2</integer>
<key>IC_REQUIREMENT_CPU_MINIMUM_CPU_CORES_COUNT</key>
<integer>1</integer>
<key>IC_REQUIREMENT_CPU_MINIMUM_FREQUENCY</key>
@@ -710,7 +771,7 @@
<key>SECONDARY_VALUE</key>
<string></string>
<key>VALUE</key>
- <string>VeraCrypt runs only on Intel platforms.</string>
+ <string>VeraCrypt runs only on Intel 64-bit platforms.</string>
</dict>
<dict>
<key>LANGUAGE</key>
@@ -718,7 +779,7 @@
<key>SECONDARY_VALUE</key>
<string></string>
<key>VALUE</key>
- <string>VeraCrypt supporte seulement les platformes Intel.</string>
+ <string>VeraCrypt supporte seulement les platformes Intel 64 bit.</string>
</dict>
</array>
<key>NAME</key>
@@ -736,7 +797,7 @@
<key>IC_REQUIREMENT_OS_DISTRIBUTION_TYPE</key>
<integer>0</integer>
<key>IC_REQUIREMENT_OS_MINIMUM_VERSION</key>
- <integer>100701</integer>
+ <integer>100900</integer>
</dict>
<key>IC_REQUIREMENT_CHECK_TYPE</key>
<integer>0</integer>
@@ -748,13 +809,13 @@
<key>LANGUAGE</key>
<string>English</string>
<key>VALUE</key>
- <string>VeraCrypt requires MacOSX 10.7.1 and above.</string>
+ <string>VeraCrypt requires MacOSX 10.9 and above.</string>
</dict>
<dict>
<key>LANGUAGE</key>
<string>French</string>
<key>VALUE</key>
- <string>VeraCrypt nécessite MacOSX 10.7.1 et supérieur.</string>
+ <string>VeraCrypt nécessite MacOSX 10.9 et supérieur.</string>
</dict>
</array>
<key>NAME</key>
@@ -813,10 +874,6 @@ https://osxfuse.github.io/
<true/>
</dict>
</array>
- <key>POSTINSTALL_PATH</key>
- <dict/>
- <key>PREINSTALL_PATH</key>
- <dict/>
<key>RESOURCES</key>
<array/>
<key>ROOT_VOLUME_ONLY</key>
@@ -824,8 +881,6 @@ https://osxfuse.github.io/
</dict>
<key>PROJECT_SETTINGS</key>
<dict>
- <key>ADVANCED_OPTIONS</key>
- <dict/>
<key>BUILD_FORMAT</key>
<integer>0</integer>
<key>BUILD_PATH</key>
@@ -1004,7 +1059,11 @@ https://osxfuse.github.io/
</dict>
</array>
<key>NAME</key>
- <string>VeraCrypt 1.24-Beta5</string>
+ <string>VeraCrypt 1.24-Update2</string>
+ <key>PAYLOAD_ONLY</key>
+ <false/>
+ <key>TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING</key>
+ <false/>
</dict>
</dict>
<key>SHARED_GLOBAL_DATA</key>
diff --git a/src/Setup/MacOSX/veracrypt_Legacy.pkgproj b/src/Setup/MacOSX/veracrypt_Legacy.pkgproj
new file mode 100755
index 0000000..bb7e862
--- /dev/null
+++ b/src/Setup/MacOSX/veracrypt_Legacy.pkgproj
@@ -0,0 +1,1079 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>PACKAGES</key>
+ <array>
+ <dict>
+ <key>MUST-CLOSE-APPLICATION-ITEMS</key>
+ <array/>
+ <key>MUST-CLOSE-APPLICATIONS</key>
+ <false/>
+ <key>PACKAGE_FILES</key>
+ <dict>
+ <key>DEFAULT_INSTALL_LOCATION</key>
+ <string>/</string>
+ <key>HIERARCHY</key>
+ <dict>
+ <key>CHILDREN</key>
+ <array>
+ <dict>
+ <key>CHILDREN</key>
+ <array>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>80</integer>
+ <key>PATH</key>
+ <string>Utilities</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>BUNDLE_CAN_DOWNGRADE</key>
+ <true/>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>80</integer>
+ <key>PATH</key>
+ <string>../../Main/VeraCrypt.app</string>
+ <key>PATH_TYPE</key>
+ <integer>1</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>3</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>GID</key>
+ <integer>80</integer>
+ <key>PATH</key>
+ <string>Applications</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>509</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>80</integer>
+ <key>PATH</key>
+ <string>Application Support</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Documentation</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Filesystems</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Frameworks</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Input Methods</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Internet Plug-Ins</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>LaunchAgents</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>LaunchDaemons</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>PreferencePanes</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Preferences</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>80</integer>
+ <key>PATH</key>
+ <string>Printers</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>PrivilegedHelperTools</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>1005</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>QuickLook</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>QuickTime</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Screen Savers</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Scripts</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Services</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Widgets</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Automator</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Extensions</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Library</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array>
+ <dict>
+ <key>CHILDREN</key>
+ <array>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Extensions</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Library</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>System</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>CHILDREN</key>
+ <array>
+ <dict>
+ <key>CHILDREN</key>
+ <array/>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>Shared</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>1023</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>GID</key>
+ <integer>80</integer>
+ <key>PATH</key>
+ <string>Users</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>GID</key>
+ <integer>0</integer>
+ <key>PATH</key>
+ <string>/</string>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ <key>PERMISSIONS</key>
+ <integer>493</integer>
+ <key>TYPE</key>
+ <integer>1</integer>
+ <key>UID</key>
+ <integer>0</integer>
+ </dict>
+ <key>PAYLOAD_TYPE</key>
+ <integer>0</integer>
+ <key>PRESERVE_EXTENDED_ATTRIBUTES</key>
+ <false/>
+ <key>SHOW_INVISIBLE</key>
+ <false/>
+ <key>SPLIT_FORKS</key>
+ <true/>
+ <key>TREAT_MISSING_FILES_AS_WARNING</key>
+ <false/>
+ <key>VERSION</key>
+ <integer>5</integer>
+ </dict>
+ <key>PACKAGE_SCRIPTS</key>
+ <dict>
+ <key>POSTINSTALL_PATH</key>
+ <dict>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ </dict>
+ <key>PREINSTALL_PATH</key>
+ <dict>
+ <key>PATH_TYPE</key>
+ <integer>0</integer>
+ </dict>
+ <key>RESOURCES</key>
+ <array/>
+ </dict>
+ <key>PACKAGE_SETTINGS</key>
+ <dict>
+ <key>AUTHENTICATION</key>
+ <integer>1</integer>
+ <key>CONCLUSION_ACTION</key>
+ <integer>0</integer>
+ <key>FOLLOW_SYMBOLIC_LINKS</key>
+ <false/>
+ <key>IDENTIFIER</key>
+ <string>com.idrix.pkg.veracrypt</string>
+ <key>LOCATION</key>
+ <integer>0</integer>
+ <key>NAME</key>
+ <string>veracrypt</string>
+ <key>OVERWRITE_PERMISSIONS</key>
+ <false/>
+ <key>PAYLOAD_SIZE</key>
+ <integer>-1</integer>
+ <key>REFERENCE_PATH</key>
+ <string></string>
+ <key>RELOCATABLE</key>
+ <false/>
+ <key>USE_HFS+_COMPRESSION</key>
+ <false/>
+ <key>VERSION</key>
+ <string>1.24.9</string>
+ </dict>
+ <key>TYPE</key>
+ <integer>0</integer>
+ <key>UUID</key>
+ <string>B14381D9-EC5F-43E4-B971-82AB3D132A64</string>
+ </dict>
+ </array>
+ <key>PROJECT</key>
+ <dict>
+ <key>PROJECT_COMMENTS</key>
+ <dict>
+ <key>NOTES</key>
+ <data>
+ PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1M
+ IDQuMDEvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvVFIvaHRtbDQv
+ c3RyaWN0LmR0ZCI+CjxodG1sPgo8aGVhZD4KPG1ldGEgaHR0cC1l
+ cXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7
+ IGNoYXJzZXQ9VVRGLTgiPgo8bWV0YSBodHRwLWVxdWl2PSJDb250
+ ZW50LVN0eWxlLVR5cGUiIGNvbnRlbnQ9InRleHQvY3NzIj4KPHRp
+ dGxlPjwvdGl0bGU+CjxtZXRhIG5hbWU9IkdlbmVyYXRvciIgY29u
+ dGVudD0iQ29jb2EgSFRNTCBXcml0ZXIiPgo8bWV0YSBuYW1lPSJD
+ b2NvYVZlcnNpb24iIGNvbnRlbnQ9IjExMzguNTEiPgo8c3R5bGUg
+ dHlwZT0idGV4dC9jc3MiPgo8L3N0eWxlPgo8L2hlYWQ+Cjxib2R5
+ Pgo8L2JvZHk+CjwvaHRtbD4K
+ </data>
+ </dict>
+ <key>PROJECT_PRESENTATION</key>
+ <dict>
+ <key>BACKGROUND</key>
+ <dict>
+ <key>APPAREANCES</key>
+ <dict>
+ <key>DARK_AQUA</key>
+ <dict/>
+ <key>LIGHT_AQUA</key>
+ <dict/>
+ </dict>
+ <key>SHARED_SETTINGS_FOR_ALL_APPAREANCES</key>
+ <true/>
+ </dict>
+ <key>INSTALLATION TYPE</key>
+ <dict>
+ <key>HIERARCHIES</key>
+ <dict>
+ <key>INSTALLER</key>
+ <dict>
+ <key>LIST</key>
+ <array>
+ <dict>
+ <key>DESCRIPTION</key>
+ <array/>
+ <key>OPTIONS</key>
+ <dict>
+ <key>HIDDEN</key>
+ <false/>
+ <key>STATE</key>
+ <integer>1</integer>
+ </dict>
+ <key>PACKAGE_UUID</key>
+ <string>B14381D9-EC5F-43E4-B971-82AB3D132A64</string>
+ <key>TITLE</key>
+ <array/>
+ <key>TOOLTIP</key>
+ <array/>
+ <key>TYPE</key>
+ <integer>0</integer>
+ <key>UUID</key>
+ <string>4F1ACCF7-AA2A-4C80-A42F-274D410A13D1</string>
+ </dict>
+ </array>
+ <key>REMOVED</key>
+ <dict/>
+ </dict>
+ </dict>
+ <key>MODE</key>
+ <integer>0</integer>
+ </dict>
+ <key>INSTALLATION_STEPS</key>
+ <array>
+ <dict>
+ <key>ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS</key>
+ <string>ICPresentationViewIntroductionController</string>
+ <key>INSTALLER_PLUGIN</key>
+ <string>Introduction</string>
+ <key>LIST_TITLE_KEY</key>
+ <string>InstallerSectionTitle</string>
+ </dict>
+ <dict>
+ <key>ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS</key>
+ <string>ICPresentationViewReadMeController</string>
+ <key>INSTALLER_PLUGIN</key>
+ <string>ReadMe</string>
+ <key>LIST_TITLE_KEY</key>
+ <string>InstallerSectionTitle</string>
+ </dict>
+ <dict>
+ <key>ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS</key>
+ <string>ICPresentationViewLicenseController</string>
+ <key>INSTALLER_PLUGIN</key>
+ <string>License</string>
+ <key>LIST_TITLE_KEY</key>
+ <string>InstallerSectionTitle</string>
+ </dict>
+ <dict>
+ <key>ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS</key>
+ <string>ICPresentationViewDestinationSelectController</string>
+ <key>INSTALLER_PLUGIN</key>
+ <string>TargetSelect</string>
+ <key>LIST_TITLE_KEY</key>
+ <string>InstallerSectionTitle</string>
+ </dict>
+ <dict>
+ <key>ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS</key>
+ <string>ICPresentationViewInstallationTypeController</string>
+ <key>INSTALLER_PLUGIN</key>
+ <string>PackageSelection</string>
+ <key>LIST_TITLE_KEY</key>
+ <string>InstallerSectionTitle</string>
+ </dict>
+ <dict>
+ <key>ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS</key>
+ <string>ICPresentationViewInstallationController</string>
+ <key>INSTALLER_PLUGIN</key>
+ <string>Install</string>
+ <key>LIST_TITLE_KEY</key>
+ <string>InstallerSectionTitle</string>
+ </dict>
+ <dict>
+ <key>ICPRESENTATION_CHAPTER_VIEW_CONTROLLER_CLASS</key>
+ <string>ICPresentationViewSummaryController</string>
+ <key>INSTALLER_PLUGIN</key>
+ <string>Summary</string>
+ <key>LIST_TITLE_KEY</key>
+ <string>InstallerSectionTitle</string>
+ </dict>
+ </array>
+ <key>INTRODUCTION</key>
+ <dict>
+ <key>LOCALIZATIONS</key>
+ <array/>
+ </dict>
+ <key>LICENSE</key>
+ <dict>
+ <key>LOCALIZATIONS</key>
+ <array>
+ <dict>
+ <key>LANGUAGE</key>
+ <string>English</string>
+ <key>VALUE</key>
+ <dict>
+ <key>PATH</key>
+ <string>../../License.txt</string>
+ <key>PATH_TYPE</key>
+ <integer>1</integer>
+ </dict>
+ </dict>
+ </array>
+ <key>MODE</key>
+ <integer>0</integer>
+ </dict>
+ <key>README</key>
+ <dict>
+ <key>LOCALIZATIONS</key>
+ <array/>
+ </dict>
+ <key>SUMMARY</key>
+ <dict>
+ <key>LOCALIZATIONS</key>
+ <array/>
+ </dict>
+ <key>TITLE</key>
+ <dict>
+ <key>LOCALIZATIONS</key>
+ <array>
+ <dict>
+ <key>LANGUAGE</key>
+ <string>French</string>
+ <key>VALUE</key>
+ <string></string>
+ </dict>
+ </array>
+ </dict>
+ </dict>
+ <key>PROJECT_REQUIREMENTS</key>
+ <dict>
+ <key>LIST</key>
+ <array>
+ <dict>
+ <key>BEHAVIOR</key>
+ <integer>3</integer>
+ <key>DICTIONARY</key>
+ <dict>
+ <key>IC_REQUIREMENT_CPU_ARCHITECTURE_FAMILY</key>
+ <integer>2</integer>
+ <key>IC_REQUIREMENT_CPU_INTEL_ARCHITECTURE_TYPE</key>
+ <integer>0</integer>
+ <key>IC_REQUIREMENT_CPU_MINIMUM_CPU_CORES_COUNT</key>
+ <integer>1</integer>
+ <key>IC_REQUIREMENT_CPU_MINIMUM_FREQUENCY</key>
+ <integer>866666</integer>
+ <key>IC_REQUIREMENT_CPU_POWERPC_ARCHITECTURE_TYPE</key>
+ <integer>0</integer>
+ </dict>
+ <key>IC_REQUIREMENT_CHECK_TYPE</key>
+ <integer>0</integer>
+ <key>IDENTIFIER</key>
+ <string>fr.whitebox.Packages.requirement.cpu</string>
+ <key>MESSAGE</key>
+ <array>
+ <dict>
+ <key>LANGUAGE</key>
+ <string>English</string>
+ <key>SECONDARY_VALUE</key>
+ <string></string>
+ <key>VALUE</key>
+ <string>VeraCrypt runs only on Intel platforms.</string>
+ </dict>
+ <dict>
+ <key>LANGUAGE</key>
+ <string>French</string>
+ <key>SECONDARY_VALUE</key>
+ <string></string>
+ <key>VALUE</key>
+ <string>VeraCrypt supporte seulement les platformes Intel.</string>
+ </dict>
+ </array>
+ <key>NAME</key>
+ <string>Processor</string>
+ <key>STATE</key>
+ <true/>
+ </dict>
+ <dict>
+ <key>BEHAVIOR</key>
+ <integer>3</integer>
+ <key>DICTIONARY</key>
+ <dict>
+ <key>IC_REQUIREMENT_OS_DISK_TYPE</key>
+ <integer>1</integer>
+ <key>IC_REQUIREMENT_OS_DISTRIBUTION_TYPE</key>
+ <integer>0</integer>
+ <key>IC_REQUIREMENT_OS_MINIMUM_VERSION</key>
+ <integer>100701</integer>
+ </dict>
+ <key>IC_REQUIREMENT_CHECK_TYPE</key>
+ <integer>0</integer>
+ <key>IDENTIFIER</key>
+ <string>fr.whitebox.Packages.requirement.os</string>
+ <key>MESSAGE</key>
+ <array>
+ <dict>
+ <key>LANGUAGE</key>
+ <string>English</string>
+ <key>VALUE</key>
+ <string>VeraCrypt requires MacOSX 10.7.1 and above.</string>
+ </dict>
+ <dict>
+ <key>LANGUAGE</key>
+ <string>French</string>
+ <key>VALUE</key>
+ <string>VeraCrypt nécessite MacOSX 10.7.1 et supérieur.</string>
+ </dict>
+ </array>
+ <key>NAME</key>
+ <string>Operating System</string>
+ <key>STATE</key>
+ <true/>
+ </dict>
+ <dict>
+ <key>BEHAVIOR</key>
+ <integer>3</integer>
+ <key>DICTIONARY</key>
+ <dict>
+ <key>IC_REQUIREMENT_FILES_CONDITION</key>
+ <integer>0</integer>
+ <key>IC_REQUIREMENT_FILES_DISK_TYPE</key>
+ <integer>1</integer>
+ <key>IC_REQUIREMENT_FILES_LIST</key>
+ <array>
+ <string>/usr/local/lib/libosxfuse_i64.2.dylib</string>
+ </array>
+ <key>IC_REQUIREMENT_FILES_SELECTOR</key>
+ <integer>0</integer>
+ </dict>
+ <key>IC_REQUIREMENT_CHECK_TYPE</key>
+ <integer>0</integer>
+ <key>IDENTIFIER</key>
+ <string>fr.whitebox.Packages.requirement.files</string>
+ <key>MESSAGE</key>
+ <array>
+ <dict>
+ <key>LANGUAGE</key>
+ <string>English</string>
+ <key>SECONDARY_VALUE</key>
+ <string></string>
+ <key>VALUE</key>
+ <string>OSXFuse seems to be missing on your machine. VeraCrypt requires OSXFuse 2.5 or above.
+Please download the latest OSXFuse version from :
+https://osxfuse.github.io/</string>
+ </dict>
+ <dict>
+ <key>LANGUAGE</key>
+ <string>French</string>
+ <key>SECONDARY_VALUE</key>
+ <string></string>
+ <key>VALUE</key>
+ <string>OSXFuse semble ne pas être installé sur votre machine. VeraCrypt nécessite OSXFuse 2.5 ou supérieur.
+Merci de télécharger la dernière version de OSXFuse à partir de :
+https://osxfuse.github.io/
+
+</string>
+ </dict>
+ </array>
+ <key>NAME</key>
+ <string>OSXFuse</string>
+ <key>STATE</key>
+ <true/>
+ </dict>
+ </array>
+ <key>RESOURCES</key>
+ <array/>
+ <key>ROOT_VOLUME_ONLY</key>
+ <false/>
+ </dict>
+ <key>PROJECT_SETTINGS</key>
+ <dict>
+ <key>BUILD_FORMAT</key>
+ <integer>0</integer>
+ <key>BUILD_PATH</key>
+ <dict>
+ <key>PATH</key>
+ <string>.</string>
+ <key>PATH_TYPE</key>
+ <integer>1</integer>
+ </dict>
+ <key>EXCLUDED_FILES</key>
+ <array>
+ <dict>
+ <key>PATTERNS_ARRAY</key>
+ <array>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>.DS_Store</string>
+ <key>TYPE</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>PROTECTED</key>
+ <true/>
+ <key>PROXY_NAME</key>
+ <string>Remove .DS_Store files</string>
+ <key>PROXY_TOOLTIP</key>
+ <string>Remove ".DS_Store" files created by the Finder.</string>
+ <key>STATE</key>
+ <true/>
+ </dict>
+ <dict>
+ <key>PATTERNS_ARRAY</key>
+ <array>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>.pbdevelopment</string>
+ <key>TYPE</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>PROTECTED</key>
+ <true/>
+ <key>PROXY_NAME</key>
+ <string>Remove .pbdevelopment files</string>
+ <key>PROXY_TOOLTIP</key>
+ <string>Remove ".pbdevelopment" files created by ProjectBuilder or Xcode.</string>
+ <key>STATE</key>
+ <true/>
+ </dict>
+ <dict>
+ <key>PATTERNS_ARRAY</key>
+ <array>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>CVS</string>
+ <key>TYPE</key>
+ <integer>1</integer>
+ </dict>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>.cvsignore</string>
+ <key>TYPE</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>.cvspass</string>
+ <key>TYPE</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>.svn</string>
+ <key>TYPE</key>
+ <integer>1</integer>
+ </dict>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>.git</string>
+ <key>TYPE</key>
+ <integer>1</integer>
+ </dict>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>.gitignore</string>
+ <key>TYPE</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>PROTECTED</key>
+ <true/>
+ <key>PROXY_NAME</key>
+ <string>Remove SCM metadata</string>
+ <key>PROXY_TOOLTIP</key>
+ <string>Remove helper files and folders used by the CVS, SVN or Git Source Code Management systems.</string>
+ <key>STATE</key>
+ <true/>
+ </dict>
+ <dict>
+ <key>PATTERNS_ARRAY</key>
+ <array>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>classes.nib</string>
+ <key>TYPE</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>designable.db</string>
+ <key>TYPE</key>
+ <integer>0</integer>
+ </dict>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>info.nib</string>
+ <key>TYPE</key>
+ <integer>0</integer>
+ </dict>
+ </array>
+ <key>PROTECTED</key>
+ <true/>
+ <key>PROXY_NAME</key>
+ <string>Optimize nib files</string>
+ <key>PROXY_TOOLTIP</key>
+ <string>Remove "classes.nib", "info.nib" and "designable.nib" files within .nib bundles.</string>
+ <key>STATE</key>
+ <true/>
+ </dict>
+ <dict>
+ <key>PATTERNS_ARRAY</key>
+ <array>
+ <dict>
+ <key>REGULAR_EXPRESSION</key>
+ <false/>
+ <key>STRING</key>
+ <string>Resources Disabled</string>
+ <key>TYPE</key>
+ <integer>1</integer>
+ </dict>
+ </array>
+ <key>PROTECTED</key>
+ <true/>
+ <key>PROXY_NAME</key>
+ <string>Remove Resources Disabled folders</string>
+ <key>PROXY_TOOLTIP</key>
+ <string>Remove "Resources Disabled" folders.</string>
+ <key>STATE</key>
+ <true/>
+ </dict>
+ <dict>
+ <key>SEPARATOR</key>
+ <true/>
+ </dict>
+ </array>
+ <key>NAME</key>
+ <string>VeraCrypt Legacy 1.24-Update2</string>
+ <key>PAYLOAD_ONLY</key>
+ <false/>
+ <key>TREAT_MISSING_PRESENTATION_DOCUMENTS_AS_WARNING</key>
+ <false/>
+ </dict>
+ </dict>
+ <key>SHARED_GLOBAL_DATA</key>
+ <dict>
+ <key>IC_REQUIREMENT_JAVASCRIPT_SHARED_SOURCE_CODE</key>
+ <string></string>
+ </dict>
+ <key>TYPE</key>
+ <integer>0</integer>
+ <key>VERSION</key>
+ <integer>2</integer>
+</dict>
+</plist>
diff --git a/src/Setup/Portable.rc b/src/Setup/Portable.rc
index abbdd6c..76c208b 100644
--- a/src/Setup/Portable.rc
+++ b/src/Setup/Portable.rc
@@ -26,8 +26,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,5,0
- PRODUCTVERSION 1,24,5,0
+ FILEVERSION 1,24,9,0
+ PRODUCTVERSION 1,24,9,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -44,11 +44,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Portable"
- VALUE "FileVersion", "1.24-Beta5"
+ VALUE "FileVersion", "1.24-Update2"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Portable.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Beta5"
+ VALUE "ProductVersion", "1.24-Update2"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Setup/Setup.rc b/src/Setup/Setup.rc
index 639ceda..6a407bd 100644
--- a/src/Setup/Setup.rc
+++ b/src/Setup/Setup.rc
@@ -28,8 +28,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
//
VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,24,5,0
- PRODUCTVERSION 1,24,5,0
+ FILEVERSION 1,24,9,0
+ PRODUCTVERSION 1,24,9,0
FILEFLAGSMASK 0x17L
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -46,11 +46,11 @@ BEGIN
BEGIN
VALUE "CompanyName", "IDRIX"
VALUE "FileDescription", "VeraCrypt Setup"
- VALUE "FileVersion", "1.24-Beta5"
+ VALUE "FileVersion", "1.24-Update2"
VALUE "LegalTrademarks", "VeraCrypt"
VALUE "OriginalFilename", "VeraCrypt Setup.exe"
VALUE "ProductName", "VeraCrypt"
- VALUE "ProductVersion", "1.24-Beta5"
+ VALUE "ProductVersion", "1.24-Update2"
END
END
BLOCK "VarFileInfo"
diff --git a/src/Signing/DigiCert_High_Assurance_Code_Signing_CA.cer b/src/Signing/DigiCert_High_Assurance_Code_Signing_CA.cer
new file mode 100644
index 0000000..cddf4d0
--- /dev/null
+++ b/src/Signing/DigiCert_High_Assurance_Code_Signing_CA.cer
Binary files differ
diff --git a/src/Signing/DigiCert_High_Assurance_MS_Cross_Cert.crt b/src/Signing/DigiCert_High_Assurance_MS_Cross_Cert.crt
new file mode 100644
index 0000000..c42e0fc
--- /dev/null
+++ b/src/Signing/DigiCert_High_Assurance_MS_Cross_Cert.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFOzCCAyOgAwIBAgIKYSBNtAAAAAAAJzANBgkqhkiG9w0BAQUFADB/MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe
+MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQDEyBNaWNyb3Nv
+ZnQgQ29kZSBWZXJpZmljYXRpb24gUm9vdDAeFw0xMTA0MTUxOTQ1MzNaFw0yMTA0
+MTUxOTU1MzNaMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx
+GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhp
+Z2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDGzOVz5vvUu+UtLTKm3+WBP8nNJUm2cSrD1ZQ0Z6IKHLBfaaZAscS3
+so/QmKSpQVk609yU1jzbdDikSsxNJYL3SqVTEjju80ltcZF+Y7arpl/DpIT4T2JR
+vvjF7Ns4kuMG5QiRDMQoQVX7y1qJFX5x6DW/TXIJPb46OFBbdzEbjbPHJEWap6xt
+ABRaBLe6E+tRCphBQSJOZWGHgUFQpnlcid4ZSlfVLuZdHFMsfpjNGgYWpGhz0DQE
+E1yhcdNafFXbXmThN4cwVgTlEbQpgBLxeTmIogIRfCdmt4i3ePLKCqg4qwpkwr9m
+XZWEwaElHoddGlALIBLMQbtuC1E4uEvLAgMBAAGjgcswgcgwEQYDVR0gBAowCDAG
+BgRVHSAAMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSx
+PsNpA/i/RwHUmCYaCALvY2QrwzAfBgNVHSMEGDAWgBRi+wohW39DbhHaCVRQa/XS
+lnHxnjBVBgNVHR8ETjBMMEqgSKBGhkRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v
+cGtpL2NybC9wcm9kdWN0cy9NaWNyb3NvZnRDb2RlVmVyaWZSb290LmNybDANBgkq
+hkiG9w0BAQUFAAOCAgEAIIzBWe1vnGstwUo+dR1FTEFQHL2A6tmwkosGKhM/Uxae
+VjlqimO2eCR59X24uUehCpbC9su9omafBuGs0nkJDv083KwCDHCvPxvseH7U60sF
+YCbZc2GRIe2waGPglxKrb6AS7dmf0tonPLPkVvnR1IEPcb1CfKaJ3M3VvZWiq/GT
+EX3orDEpqF1mcEGd/HXJ1bMaOSrQhQVQi6yRysSTy3GlnaSUb1gM+m4gxAgxtYWd
+foH50j3KWxiFbAqG7CIJG6V0NE9/KLyVSqsdtpiwXQmkd3Z+76eOXYT2GCTL0W2m
+w6GcwhB1gP+dMv3mz0M6gvfOj+FyKptit1/tlRo5XC+UbUi3AV8zL7vcLXM0iQRC
+ChyLefmj+hfv+qEaEN/gssGV61wMBZc7NT4YiE3bbL8kiY3Ivdifezk6JKDV39Hz
+ShqX9qZveh+wkKmzrAE5kdNht2TxPlc4A6/OetK1kPWu3DmZ1bY8l+2myxbHfWsq
+TJCU5kxU/R7NIOzOaJyHWOlhYL7rDsnVGX2f6Xi9DqwhdQePqW7gjGoqa5zj52W8
+vC08bdwE3GdFNjKvBIG8qABuYUyVxVzUjo6fL8EydL29EWUDB83vt14CV9qG1Boo
+NK+ISbLPpd2CVm9oqhTiWVT+/+ru7+qScCJggeMlI8CfzA9JsjWqWMM6w9kWlBA=
+-----END CERTIFICATE-----
diff --git a/src/Signing/Thawt_CodeSigning_CA.crt b/src/Signing/Thawt_CodeSigning_CA.crt
deleted file mode 100644
index 8a25792..0000000
--- a/src/Signing/Thawt_CodeSigning_CA.crt
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEnDCCA4SgAwIBAgIQR5dNeHOlvKsNL7NwGS/OXjANBgkqhkiG9w0BAQUFADCB
-qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
-Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
-MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
-BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTAwMjA4MDAwMDAwWhcNMjAw
-MjA3MjM1OTU5WjBKMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMu
-MSQwIgYDVQQDExtUaGF3dGUgQ29kZSBTaWduaW5nIENBIC0gRzIwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3i891W58l2n45sJPbONOpI9CC+ukkflwL
-joP45npZ5qPFmKeZ0kT/AKalOQSK2imI6tui8xyZFSbCsfT84QxHqQkRBgogkrnH
-oASMXJQZq1slLB1ifnANzmFs3SuCyc5dSF/3wr68QSMeTyld10+89MUq/GPmfCZO
-mad5QZ4QSnp5ycaG94aV0ibOPBgq1nzOr82tu/eCLHAmN0XlD0cixgEovS6DXGqk
-R8Hn0NhrgUY/IRf1B8VDWqZnLLh7YBG1g+71dApycUQ9WP7oGqs4w1nbf244fXbH
-cmmYNpZX02Yc0lSRBC5UGbDcPbUiXobVKn4g313merFl/sUCTjEtAgMBAAGjggEc
-MIIBGDASBgNVHRMBAf8ECDAGAQH/AgEAMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6
-Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQQ0EuY3JsMA4GA1UdDwEB/wQEAwIBBjAy
-BggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5j
-b20wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMDMCkGA1UdEQQiMCCkHjAc
-MRowGAYDVQQDExFWZXJpU2lnbk1QS0ktMi0xMDAdBgNVHQ4EFgQU1A1lP3q9NMb+
-R+dMDcC98t4Vq3EwHwYDVR0jBBgwFoAUe1tFz6/Oy3r9MZIaarbzRutXSFAwDQYJ
-KoZIhvcNAQEFBQADggEBAFb+U1zhx568p+1+U21qFEtRjEBegF+qpOgv7zjIBMnK
-Ps/fOlhOsNS2Y8UpV/oCBZpFTWjbKhvUND2fAMNay5VJpW7hsMX8QU1BSm/Td8jX
-OI3kGd4Y8x8VZYNtRQxT+QqaLqVdv28ygRiSGWpVAK1jHFIGflXZKWiuSnwYmnmI
-ayMj2Cc4KimHdsr7x7ZiIx/telZM3ZwyW/U9DEYYlTsqI2iDZEHZAG0PGSQVaHK9
-xXFnbqxM25DrUaUaYgfQvmoARzxyL+xPYT5zhc5aCre6wBwTdeMiOSjdbR0JRp1P
-uuhAgZHGpM6UchsBzypuFWeVia59t7fN+Qo9dbZrPCU=
------END CERTIFICATE----- \ No newline at end of file
diff --git a/src/Signing/sign.bat b/src/Signing/sign.bat
index a635b3b..2c46bd6 100644
--- a/src/Signing/sign.bat
+++ b/src/Signing/sign.bat
@@ -1,6 +1,6 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Beta5
+set VC_VERSION=1.24-Update2
set SIGNINGPATH=%~dp0
cd %SIGNINGPATH%
@@ -9,8 +9,8 @@ call "..\..\doc\chm\create_chm.bat"
cd %SIGNINGPATH%
rem sign using SHA-1
-signtool sign /v /a /n IDRIX /i Thawte /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
-signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /sha1 1FE67EF0455A9CC11433542FEC0A86DDD644B405 /ac DigiCert_High_Assurance_MS_Cross_Cert.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
+signtool sign /v /sha1 1FE67EF0455A9CC11433542FEC0A86DDD644B405 /ac DigiCert_High_Assurance_Code_Signing_CA.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
timeout /t 10
@@ -58,7 +58,7 @@ rmdir /S /Q docs
cd %SIGNINGPATH%
rem sign using SHA-1
-signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Portable %VC_VERSION%.exe"
+signtool sign /v /sha1 1FE67EF0455A9CC11433542FEC0A86DDD644B405 /ac DigiCert_High_Assurance_Code_Signing_CA.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Portable %VC_VERSION%.exe"
timeout /t 10
diff --git a/src/Signing/sign_test.bat b/src/Signing/sign_test.bat
index a0346dd..ca99db6 100644
--- a/src/Signing/sign_test.bat
+++ b/src/Signing/sign_test.bat
@@ -1,5 +1,5 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Beta5
+set VC_VERSION=1.24-Update2
set PFXNAME=TestCertificate\idrix_codeSign.pfx
set PFXPASSWORD=idrix
set PFXCA=TestCertificate\idrix_TestRootCA.crt
diff --git a/src/Signing/sign_test_debug.bat b/src/Signing/sign_test_debug.bat
index 8c93626..d804c38 100644
--- a/src/Signing/sign_test_debug.bat
+++ b/src/Signing/sign_test_debug.bat
@@ -1,5 +1,5 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
-set VC_VERSION=1.24-Beta5
+set VC_VERSION=1.24-Update2
set PFXNAME=TestCertificate\idrix_codeSign.pfx
set PFXPASSWORD=idrix
set PFXCA=TestCertificate\idrix_TestRootCA.crt
diff --git a/src/Signing/thawte_Primary_MS_Cross_Cert.cer b/src/Signing/thawte_Primary_MS_Cross_Cert.cer
deleted file mode 100644
index 4389935..0000000
--- a/src/Signing/thawte_Primary_MS_Cross_Cert.cer
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFeTCCA2GgAwIBAgIKYR+wpAAAAAAAHTANBgkqhkiG9w0BAQUFADB/MQswCQYD
-VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe
-MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQDEyBNaWNyb3Nv
-ZnQgQ29kZSBWZXJpZmljYXRpb24gUm9vdDAeFw0xMTAyMjIxOTMxNTdaFw0yMTAy
-MjIxOTQxNTdaMIGpMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
-MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD
-VQQLEy8oYykgMjAwNiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ug
-b25seTEfMB0GA1UEAxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAKyg8PuAWdScx6TPnaFZcwkQRQwNLG5o8Wxb
-SGhJWTf8CzMZwnd/zBAtlTQc5utNCacc0rjJlzYCt4nUJF8GwMxElJSNAmJv61rd
-EY0omlyEkBB6Db10Zi9qOKDi1VRE6x0Hnwe6b+7p/U4LKfU+hKAB8Zyr+Bx+iaTo
-odhxZQ2jUXvuvNIiYA25W53fuvxRWwuvmLLpLukE6GKH3ivI107BTGQe3c+HWLpK
-T8poBx0cnUrG1S+RzHxxchzFwGfrMv3JklyU2oXAm79TfSsJ9IydkR+XalLL3gk2
-pHfYe4dQRNU+bilp+zlJJh4JpYB7QC3r6CeFyf5h/X7mfJcd1Z0CAwEAAaOByzCB
-yDARBgNVHSAECjAIMAYGBFUdIAAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC
-AYYwHQYDVR0OBBYEFHtbRc+vzst6/TGSGmq280brV0hQMB8GA1UdIwQYMBaAFGL7
-CiFbf0NuEdoJVFBr9dKWcfGeMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly9jcmwu
-bWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY3Jvc29mdENvZGVWZXJp
-ZlJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4ICAQAtzHG16LqU/17mRGcAe2r8QSw+
-5w5BhVqxKpMrqVuJ8vcrSZyAA/KXuOdgqA7X/V3lRUZ1lPTtHJ3hZiKLYfsp8sao
-vfOHyY9/R+HAWLZKGqLn9xhgaWnggwaeJsd1xAwNedp0a1K5+ujqM1m5uxjdKRoU
-39NqNyd6naDaz//8IsT68An/M+k+F7ocx0LPzidD0wwMVYEwPblgYM4C7OGe6B3c
-hSzgoY2WbZWsF6RxPqFnQbYoHSzjthXlt+Wi9iVthuMgrPn4MU+OYpuYMzdtavc1
-Uj6Q/rA7X8W4UqngbqBHmieel66iSp5TGTnsNX7GWd464Kr1M/BqvaCCGBLeoYxF
-cMor1i6VkUWZWlwkAEm9I7MM7KQ99bnh0bGCWjjuo/uhq0g6jF3/oGUiP9PT/kmQ
-2xRGo4UuilVLCas4sqtjoAjR/a1I4nPYErzCbKUW+tCawF44ODorcY5VOqxCGXof
-DUIg56tdjGiAUkyhwNSI0CMh+5ATCQB7STevqd9IYCKr9PbCNjv4UTw0u8WG5Drh
-n0uQ/lRhAksVnDQXaqlLjUy2nSMmyDrx1rgFzdodYkAYOi8bQc06mToKqdHXfrjE
-r/e4yYAQXtVd9s56mgLFD2OB77Vk6fxb2NJhmmjDfPnHjfkeh9X6LPgWrp2rBo/I
-bcdBzaFOhOPawm68+w==
------END CERTIFICATE-----
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp
index 32f61b7..40507a2 100644
--- a/src/Volume/Cipher.cpp
+++ b/src/Volume/Cipher.cpp
@@ -247,7 +247,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
+#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM)
if ((blockCount >= 4)
&& IsHwSupportAvailable())
{
@@ -263,7 +263,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
+#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM)
if ((blockCount >= 4)
&& IsHwSupportAvailable())
{
@@ -318,7 +318,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
twofish_encrypt_blocks ( (TwofishInstance *) ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::EncryptBlocks (data, blockCount);
@@ -330,7 +330,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
twofish_decrypt_blocks ( (TwofishInstance *) ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::DecryptBlocks (data, blockCount);
@@ -339,7 +339,7 @@ namespace VeraCrypt
bool CipherTwofish::IsHwSupportAvailable () const
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
return true;
#else
return false;
@@ -372,7 +372,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
camellia_encrypt_blocks ( ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::EncryptBlocks (data, blockCount);
@@ -384,7 +384,7 @@ namespace VeraCrypt
if (!Initialized)
throw NotInitialized (SRC_POS);
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
camellia_decrypt_blocks ( ScheduledKey.Ptr(), data, data, blockCount);
#else
Cipher::DecryptBlocks (data, blockCount);
@@ -393,7 +393,7 @@ namespace VeraCrypt
bool CipherCamellia::IsHwSupportAvailable () const
{
-#if CRYPTOPP_BOOL_X64
+#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
return true;
#else
return false;
diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp
index 5e64b3f..3925dde 100644
--- a/src/Volume/Hash.cpp
+++ b/src/Volume/Hash.cpp
@@ -40,7 +40,7 @@ namespace VeraCrypt
void Hash::ValidateDigestParameters (const BufferPtr &buffer) const
{
- if (buffer.Size() != GetDigestSize ())
+ if (buffer.Size() < GetDigestSize ())
throw ParameterIncorrect (SRC_POS);
}
diff --git a/src/Volume/Volume.make b/src/Volume/Volume.make
index 7b5cb4f..224eff6 100644
--- a/src/Volume/Volume.make
+++ b/src/Volume/Volume.make
@@ -12,6 +12,7 @@
OBJS :=
OBJSEX :=
+OBJSNOOPT :=
OBJS += Cipher.o
OBJS += EncryptionAlgorithm.o
OBJS += EncryptionMode.o
@@ -81,6 +82,8 @@ OBJS += ../Crypto/Streebog.o
OBJS += ../Crypto/kuznyechik.o
OBJS += ../Crypto/kuznyechik_simd.o
+OBJSNOOPT += ../Crypto/jitterentropy-base.o0
+
OBJS += ../Common/Crc.o
OBJS += ../Common/Endian.o
OBJS += ../Common/GfMul.o
diff --git a/src/Volume/VolumePassword.cpp b/src/Volume/VolumePassword.cpp
index fee149c..a22c938 100644
--- a/src/Volume/VolumePassword.cpp
+++ b/src/Volume/VolumePassword.cpp
@@ -16,6 +16,10 @@
namespace VeraCrypt
{
+ const size_t VolumePassword::MaxLegacySize = 64;
+ const size_t VolumePassword::MaxSize = 128;
+ const size_t VolumePassword::WarningSizeThreshold = 12;
+
VolumePassword::VolumePassword () : PasswordSize (0)
{
AllocateBuffer ();
diff --git a/src/Volume/VolumePassword.h b/src/Volume/VolumePassword.h
index 5e31977..f4a3ccb 100644
--- a/src/Volume/VolumePassword.h
+++ b/src/Volume/VolumePassword.h
@@ -41,9 +41,9 @@ namespace VeraCrypt
TC_SERIALIZABLE (VolumePassword);
- static const size_t MaxLegacySize = 64;
- static const size_t MaxSize = 128;
- static const size_t WarningSizeThreshold = 12;
+ static const size_t MaxLegacySize;
+ static const size_t MaxSize;
+ static const size_t WarningSizeThreshold;
protected:
void AllocateBuffer ();
@@ -81,6 +81,7 @@ namespace VeraCrypt
TC_EXCEPTION (PasswordEmpty); \
TC_EXCEPTION (PasswordTooLong); \
TC_EXCEPTION (PasswordUTF8TooLong); \
+ TC_EXCEPTION (PasswordLegacyUTF8TooLong); \
TC_EXCEPTION (PasswordUTF8Invalid); \
TC_EXCEPTION (UnportablePassword);