diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-08-02 00:20:53 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-08-02 00:20:53 +0200 |
| commit | ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c (patch) | |
| tree | 14dfb134969574b7f0d869c455981418c652780e /src/Common/BootEncryption.cpp | |
| parent | 6121ca02397e75fe51b2c76111ef836556fedb49 (diff) | |
| download | VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.tar.gz VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.zip | |
Implement detection of volumes with vulnerable XTS master key.
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
Diffstat (limited to 'src/Common/BootEncryption.cpp')
| -rw-r--r-- | src/Common/BootEncryption.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 2080a44b..2be81416 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -1462,6 +1462,7 @@ namespace VeraCrypt /* IMPORTANT: Do NOT add any potentially time-consuming operations to this function. */ BootEncryptionStatus status; + memset (&status, 0, sizeof(status)); CallDriver (TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS, NULL, 0, &status, sizeof (status)); return status; } @@ -5401,6 +5402,10 @@ namespace VeraCrypt int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, &cryptoInfo, NULL); finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); }); + // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed + if (cryptoInfo->bVulnerableMasterKey) + status = ERR_SYSENC_XTS_MASTERKEY_VULNERABLE; + if (status != 0) { handleError (hwndDlg, status, SRC_POS); |