diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2022-03-20 20:53:20 +0100 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2022-03-21 01:18:27 +0100 |
| commit | 538319051857a8fb8e9e8c4f1048ab53e9c26b40 (patch) | |
| tree | 1b00ac92b8a1fb5998d08bb6bd4dce9b7b76d77c | |
| parent | dd0f3cd16766cf6245b3a1da139ccad952ab7828 (diff) | |
| download | VeraCrypt-538319051857a8fb8e9e8c4f1048ab53e9c26b40.tar.gz VeraCrypt-538319051857a8fb8e9e8c4f1048ab53e9c26b40.zip | |
Windows: Block upgrade of VeraCrypt is the system is encrypted using RIPEMD-160 or GOST89 since they are not supported anymore.
| -rw-r--r-- | src/Common/BootEncryption.cpp | 28 | ||||
| -rw-r--r-- | src/Common/BootEncryption.h | 1 | ||||
| -rw-r--r-- | src/Common/Language.xml | 1 | ||||
| -rw-r--r-- | src/Setup/Setup.c | 4 | ||||
| -rw-r--r-- | src/SetupDLL/Setup.c | 8 |
5 files changed, 42 insertions, 0 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 9a16db53..079eacc6 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -5834,2 +5834,30 @@ namespace VeraCrypt } + + bool BootEncryption::IsUsingUnsupportedAlgorithm(LONG driverVersion) + { + bool bRet = false; + + try + { + if (driverVersion <= 0x125) + { + // version 1.25 is last version to support RIPEMD160 and GOST89 + static int GOST89_EA = 5; + static int RIPEMD160_PRF = 4; + + VOLUME_PROPERTIES_STRUCT props = {0}; + GetVolumeProperties(&props); + + // + if (props.ea == GOST89_EA || props.pkcs5 == RIPEMD160_PRF) + bRet = true; + } + } + catch(...) + { + + } + + return bRet; + } } diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index e25427dd..03c30ea7 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -315,2 +315,3 @@ namespace VeraCrypt void GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded); + bool IsUsingUnsupportedAlgorithm(LONG driverVersion); protected: diff --git a/src/Common/Language.xml b/src/Common/Language.xml index 8002a08c..e4ceac7a 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1569,2 +1569,3 @@ <entry lang="en" key="IDC_USE_ALL_FREE_SPACE">Use all available free space</entry> + <entry lang="en" key="SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ALGORITHM">VeraCrypt cannot be upgraded because the system partition/drive was encrypted using an algorithm that is not supported anymore.\nPlease decrypt your system before upgrading VeraCrypt and then encrypt it again.</entry> </localization> diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c index fbc8a7d8..9433bd40 100644 --- a/src/Setup/Setup.c +++ b/src/Setup/Setup.c @@ -1728,2 +1728,6 @@ BOOL DoDriverUnload (HWND hwndDlg) + // check if we are upgrading a system encrypted with unsupported algorithms + if (bootEnc.IsUsingUnsupportedAlgorithm(driverVersion)) + AbortProcess ("SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ALGORITHM"); + SystemEncryptionUpdate = TRUE; diff --git a/src/SetupDLL/Setup.c b/src/SetupDLL/Setup.c index 7ccd94f9..2afc7312 100644 --- a/src/SetupDLL/Setup.c +++ b/src/SetupDLL/Setup.c @@ -1562,2 +1562,10 @@ BOOL DoDriverUnload_Dll (MSIHANDLE hInstaller, HWND hwnd) + // check if we are upgrading a system encrypted with unsupported algorithms + if (bootEnc.IsUsingUnsupportedAlgorithm(driverVersion)) + { + MSILogAndShow(hInstaller, MSI_ERROR_LEVEL, GetString("SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ALGORITHM")); + bOK = FALSE; + goto end; + } + SystemEncryptionUpdate = TRUE; |