10 files changed, 110 insertions, 35 deletions
diff --git a/src/Core/Core.h b/src/Core/Core.h
index 65ea5bee..b9e53021 100644
--- a/src/Core/Core.h
+++ b/src/Core/Core.h
@@ -82,9 +82,13 @@ namespace VeraCrypt
 		shared_ptr <Pkcs5Kdf> m_newPkcs5Kdf;
 		int m_wipeCount;
 		bool m_emvSupportEnabled;
-		ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount, bool emvSupportEnabled) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount), m_emvSupportEnabled(emvSupportEnabled)  {}
+		bool m_masterKeyVulnerable;
+		ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount, bool emvSupportEnabled) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount), m_emvSupportEnabled(emvSupportEnabled), m_masterKeyVulnerable(false)  {}
 		virtual ~ChangePasswordThreadRoutine() { }
-		virtual void ExecutionCode(void) { Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_emvSupportEnabled, m_newPkcs5Kdf, m_wipeCount); }
+		virtual void ExecutionCode(void) { 
+			shared_ptr <Volume> openVolume = Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_emvSupportEnabled, m_newPkcs5Kdf, m_wipeCount); 
+			m_masterKeyVulnerable = openVolume->IsMasterKeyVulnerable();
+		}
 	};
 
 	class OpenVolumeThreadRoutine : public WaitThreadRoutine
diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp
index c1016726..0c6d5c9e 100644
--- a/src/Core/CoreBase.cpp
+++ b/src/Core/CoreBase.cpp
@@ -77,10 +77,11 @@ namespace VeraCrypt
 		}
 	}
 
-	void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
+	shared_ptr <Volume> CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
 	{
 		shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, keyfiles, emvSupportEnabled);
 		ChangePassword (volume, newPassword, newPim, newKeyfiles, emvSupportEnabled, newPkcs5Kdf, wipeCount);
+		return volume;
 	}
 
 	void CoreBase::CoalesceSlotNumberAndMountPoint (MountOptions &options) const
@@ -144,7 +145,7 @@ namespace VeraCrypt
 		outerVolume->ReadSectors (bootSectorBuffer, 0);
 
 		int fatType;
-		byte *bootSector = bootSectorBuffer.Ptr();
+		uint8 *bootSector = bootSectorBuffer.Ptr();
 
 		if (memcmp (bootSector + 54, "FAT12", 5) == 0)
 			fatType = 12;
diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h
index 03aa922a..e646fce3 100644
--- a/src/Core/CoreBase.h
+++ b/src/Core/CoreBase.h
@@ -34,7 +34,7 @@ namespace VeraCrypt
 		virtual ~CoreBase ();
 
 		virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
-		virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
+		virtual shared_ptr <Volume> ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
 		virtual void CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair = false) const = 0;
 		virtual void CoalesceSlotNumberAndMountPoint (MountOptions &options) const;
 		virtual void CreateKeyfile (const FilePath &keyfilePath) const;
diff --git a/src/Core/FatFormatter.cpp b/src/Core/FatFormatter.cpp
index fa327837..c8115f9b 100644
--- a/src/Core/FatFormatter.cpp
+++ b/src/Core/FatFormatter.cpp
@@ -149,7 +149,7 @@ namespace VeraCrypt
 		}
 	}
 
-	static void PutBoot (fatparams * ft, byte *boot, uint32 volumeId)
+	static void PutBoot (fatparams * ft, uint8 *boot, uint32 volumeId)
 	{
 		int cnt = 0;
 
@@ -244,7 +244,7 @@ namespace VeraCrypt
 
 
 	/* FAT32 FSInfo */
-	static void PutFSInfo (byte *sector, fatparams *ft)
+	static void PutFSInfo (uint8 *sector, fatparams *ft)
 	{
 		memset (sector, 0, ft->sector_size);
 		sector[3] = 0x41; /* LeadSig */
@@ -294,16 +294,16 @@ namespace VeraCrypt
 		sector.Zero();
 
 		uint32 volumeId;
-		RandomNumberGenerator::GetDataFast (BufferPtr ((byte *) &volumeId, sizeof (volumeId)));
+		RandomNumberGenerator::GetDataFast (BufferPtr ((uint8 *) &volumeId, sizeof (volumeId)));
 
-		PutBoot (ft, (byte *) sector, volumeId);
+		PutBoot (ft, (uint8 *) sector, volumeId);
 		writeSector (sector); ++sectorNumber;
 
 		/* fat32 boot area */
 		if (ft->size_fat == 32)
 		{
 			/* fsinfo */
-			PutFSInfo((byte *) sector, ft);
+			PutFSInfo((uint8 *) sector, ft);
 			writeSector (sector); ++sectorNumber;
 
 			/* reserved */
@@ -317,10 +317,10 @@ namespace VeraCrypt
 
 			/* bootsector backup */
 			sector.Zero();
-			PutBoot (ft, (byte *) sector, volumeId);
+			PutBoot (ft, (uint8 *) sector, volumeId);
 			writeSector (sector); ++sectorNumber;
 
-			PutFSInfo((byte *) sector, ft);
+			PutFSInfo((uint8 *) sector, ft);
 			writeSector (sector); ++sectorNumber;
 		}
 
@@ -340,10 +340,10 @@ namespace VeraCrypt
 
 				if (n == 0)
 				{
-					byte fat_sig[12];
+					uint8 fat_sig[12];
 					if (ft->size_fat == 32)
 					{
-						fat_sig[0] = (byte) ft->media;
+						fat_sig[0] = (uint8) ft->media;
 						fat_sig[1] = fat_sig[2] = 0xff;
 						fat_sig[3] = 0x0f;
 						fat_sig[4] = fat_sig[5] = fat_sig[6] = 0xff;
@@ -354,7 +354,7 @@ namespace VeraCrypt
 					}
 					else if (ft->size_fat == 16)
 					{
-						fat_sig[0] = (byte) ft->media;
+						fat_sig[0] = (uint8) ft->media;
 						fat_sig[1] = 0xff;
 						fat_sig[2] = 0xff;
 						fat_sig[3] = 0xff;
@@ -362,7 +362,7 @@ namespace VeraCrypt
 					}
 					else if (ft->size_fat == 12)
 					{
-						fat_sig[0] = (byte) ft->media;
+						fat_sig[0] = (uint8) ft->media;
 						fat_sig[1] = 0xff;
 						fat_sig[2] = 0xff;
 						fat_sig[3] = 0x00;
diff --git a/src/Core/RandomNumberGenerator.cpp b/src/Core/RandomNumberGenerator.cpp
index 3fb6062a..b60b4eed 100644
--- a/src/Core/RandomNumberGenerator.cpp
+++ b/src/Core/RandomNumberGenerator.cpp
@@ -114,7 +114,7 @@ namespace VeraCrypt
 
 		ScopeLock lock (AccessMutex);
 		size_t bufferLen = buffer.Size(), loopLen;
-		byte* pbBuffer = buffer.Get();
+		uint8* pbBuffer = buffer.Get();
 		
 		// Initialize JitterEntropy RNG for this call
 		if (0 == jent_entropy_init ())
@@ -267,7 +267,7 @@ namespace VeraCrypt
 		Buffer buffer (1);
 		for (size_t i = 0; i < PoolSize * 10; ++i)
 		{
-			buffer[0] = (byte) i;
+			buffer[0] = (uint8) i;
 			AddToPool (buffer);
 		}
 
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp
index e543652a..6d0f05e5 100644
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -57,7 +57,7 @@ namespace VeraCrypt
 				// Wait for sync code
 				while (true)
 				{
-					byte b;
+					uint8 b;
 					throw_sys_if (read (STDIN_FILENO, &b, 1) != 1);
 					if (b != 0x00)
 						continue;
@@ -309,7 +309,7 @@ namespace VeraCrypt
 					std::vector<char> buffer(128, 0);
 					std::string result;
 					
-					FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r");	//	We redirect stderr to stdout (2>&1) to be able to catch the result of the command
+					FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l | tr -d '[:blank:]'", "r");	//	We redirect stderr to stdout (2>&1) to be able to catch the result of the command
 					if (pipe)
 					{
 						while (!feof(pipe))
@@ -543,7 +543,7 @@ namespace VeraCrypt
 
 			try
 			{
-				shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((byte *) &errOutput[0], errOutput.size())));
+				shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((uint8 *) &errOutput[0], errOutput.size())));
 				deserializedObject.reset (Serializable::DeserializeNew (stream));
 				deserializedException = dynamic_cast <Exception*> (deserializedObject.get());
 			}
@@ -575,7 +575,7 @@ namespace VeraCrypt
 		ServiceOutputStream = shared_ptr <Stream> (new FileStream (outPipe->GetReadFD()));
 
 		// Send sync code
-		byte sync[] = { 0, 0x11, 0x22 };
+		uint8 sync[] = { 0, 0x11, 0x22 };
 		ServiceInputStream->Write (ConstBufferPtr (sync, array_capacity (sync)));
 
 		AdminInputPipe = move_ptr(inPipe);
diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp
index 258979b9..1868eb6d 100644
--- a/src/Core/Unix/CoreUnix.cpp
+++ b/src/Core/Unix/CoreUnix.cpp
@@ -241,7 +241,7 @@ namespace VeraCrypt
 		device.SeekAt (0);
 		device.ReadCompleteBuffer (bootSector);
 
-		byte *b = bootSector.Ptr();
+		uint8 *b = bootSector.Ptr();
 
 		return memcmp (b + 3,  "NTFS", 4) != 0
 			&& memcmp (b + 54, "FAT", 3) != 0
@@ -303,17 +303,45 @@ namespace VeraCrypt
 				continue;
 
 			shared_ptr <VolumeInfo> mountedVol;
-			try
+			// Introduce a retry mechanism with a timeout for control file access
+			// This workaround is limited to FUSE-T mounted volume under macOS for
+			// which md.Device starts with "fuse-t:"
+#ifdef VC_MACOSX_FUSET
+			bool isFuseT = wstring(mf.Device).find(L"fuse-t:") == 0;
+			int controlFileRetries = 10; // 10 retries with 500ms sleep each, total 5 seconds
+			while (!mountedVol && (controlFileRetries-- > 0))
+#endif
 			{
-				shared_ptr <File> controlFile (new File);
-				controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath());
+				try 
+				{
+					shared_ptr <File> controlFile (new File);
+					controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath());
 
-				shared_ptr <Stream> controlFileStream (new FileStream (controlFile));
-				mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream);
+					shared_ptr <Stream> controlFileStream (new FileStream (controlFile));
+					mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream);
+				}
+				catch (const std::exception& e)
+				{
+#ifdef VC_MACOSX_FUSET
+					// if exception starts with "VeraCrypt::Serializer::ValidateName", then 
+					// serialization is not ready yet and we need to wait before retrying
+					// this happens when FUSE-T is used under macOS and if it is the first time
+					// the volume is mounted
+					if (isFuseT && string (e.what()).find ("VeraCrypt::Serializer::ValidateName") != string::npos)
+					{
+						Thread::Sleep(500); // Wait before retrying
+					}
+					else
+					{
+						break; // Control file not found or other error
+					}
+#endif
+				}
 			}
-			catch (...)
+
+			if (!mountedVol) 
 			{
-				continue;
+				continue; // Skip to the next mounted filesystem
 			}
 
 			if (!volumePath.IsEmpty() && wstring (mountedVol->Path).compare (volumePath) != 0)
diff --git a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp
index 01463c35..05520274 100644
--- a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp
+++ b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp
@@ -83,7 +83,7 @@ namespace VeraCrypt
 #ifdef TC_MACOSX
 		const string busType = "rdisk";
 #else
-		foreach (const string &busType, StringConverter::Split ("ad da"))
+		foreach (const string &busType, StringConverter::Split ("ad da vtbd"))
 #endif
 		{
 			for (int devNumber = 0; devNumber < 64; devNumber++)
@@ -185,10 +185,51 @@ namespace VeraCrypt
 
 	void CoreFreeBSD::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const
 	{
+		std::string chosenFilesystem = "msdos";
+		std::string modifiedMountOptions = systemMountOptions;
+
+		if (filesystemType.empty() && modifiedMountOptions.find("mountprog") == string::npos) {
+			// No filesystem type specified through CLI, attempt to identify with blkid
+			// as mount is unable to probe filesystem type on BSD
+			// Make sure we don't override user defined mountprog
+			std::vector<char> buffer(128,0);
+			std::string cmd = "blkid -o value -s TYPE " + static_cast<std::string>(devicePath) + " 2>/dev/null";
+			std::string result;
+
+			FILE* pipe = popen(cmd.c_str(), "r");
+			if (pipe) {
+				while (!feof(pipe)) {
+					if (fgets(buffer.data(), 128, pipe) != nullptr)
+						result += buffer.data();
+				}
+				fflush(pipe);
+				pclose(pipe);
+				pipe = nullptr;
+			}
+
+			if (result.find("ext") == 0 || StringConverter::ToLower(filesystemType).find("ext") == 0) {
+				chosenFilesystem = "ext2fs";
+			}
+			else if (result.find("exfat") == 0 || StringConverter::ToLower(filesystemType) == "exfat") {
+				chosenFilesystem = "exfat";
+				modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "")
+							+ "mountprog=/usr/local/sbin/mount.exfat";
+			}
+			else if (result.find("ntfs") == 0 || StringConverter::ToLower(filesystemType) == "ntfs") {
+				chosenFilesystem = "ntfs";
+				modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "")
+							+ "mountprog=/usr/local/bin/ntfs-3g";
+			}
+			else if (!filesystemType.empty()) {
+				// Filesystem is specified but is none of the above, then supply as is
+				chosenFilesystem = filesystemType;
+			}
+		} else
+			chosenFilesystem = filesystemType;
+
 		try
 		{
-			// Try to mount FAT by default as mount is unable to probe filesystem type on BSD
-			CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType.empty() ? "msdos" : filesystemType, readOnly, systemMountOptions);
+			CoreUnix::MountFilesystem (devicePath, mountPoint, chosenFilesystem, readOnly, modifiedMountOptions);
 		}
 		catch (ExecutedProcessFailed&)
 		{
diff --git a/src/Core/Unix/Linux/CoreLinux.cpp b/src/Core/Unix/Linux/CoreLinux.cpp
index 5d5ba38f..cd4be80f 100644
--- a/src/Core/Unix/Linux/CoreLinux.cpp
+++ b/src/Core/Unix/Linux/CoreLinux.cpp
@@ -386,7 +386,7 @@ namespace VeraCrypt
 					dmCreateArgs << nativeDevPath << " 0";
 
 				SecureBuffer dmCreateArgsBuf (dmCreateArgs.str().size());
-				dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((byte *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size()));
+				dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((uint8 *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size()));
 
 				// Keys
 				const SecureBuffer &cipherKey = cipher.GetKey();
diff --git a/src/Core/Unix/MacOSX/CoreMacOSX.cpp b/src/Core/Unix/MacOSX/CoreMacOSX.cpp
index dde0d949..cfd34072 100644
--- a/src/Core/Unix/MacOSX/CoreMacOSX.cpp
+++ b/src/Core/Unix/MacOSX/CoreMacOSX.cpp
@@ -119,6 +119,7 @@ namespace VeraCrypt
 
 	void CoreMacOSX::MountAuxVolumeImage (const DirectoryPath &auxMountPoint, const MountOptions &options) const
 	{
+#ifndef VC_MACOSX_FUSET
 		// Check FUSE version
 		char fuseVersionString[MAXHOSTNAMELEN + 1] = { 0 };
 		size_t fuseVersionStringLength = MAXHOSTNAMELEN;
@@ -153,7 +154,7 @@ namespace VeraCrypt
 
 		if (fuseVersionMajor < 2 || (fuseVersionMajor == 2 && fuseVersionMinor < 5))
 			throw HigherFuseVersionRequired (SRC_POS);
-
+#endif
 		// Mount volume image
 		string volImage = string (auxMountPoint) + FuseService::GetVolumeImagePath();