VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common
AgeCommit message (Collapse)AuthorFilesLines
3 daysUpdate release notes and release date.Mounir IDRASSI1-1/+1
6 daysWindows/Linux/macOS: implement AES hardware support on ARM64 (ARMv8)Mounir IDRASSI5-30/+10
8 daysLinux/FreeBSD: Prevent mounting volumes on system directories and PATH ↵Mounir IDRASSI1-0/+3
(CVE-2025-23021, reported by SivertPL @__tfr) Added security checks to prevent mounting VeraCrypt volumes on system directories (like /usr/bin) or directories in the user's PATH, which could theoretically allow execution of malicious binaries instead of legitimate system binaries. Key changes: - Block mounting on protected system directories (/usr, /bin, /lib, etc.) This restriction cannot be overridden - Block mounting on directories present in user's PATH environment variable This can be overridden with --allow-insecure-mount flag - Add visual warnings (red border, "[INSECURE MODE]") when mounting on PATH directories is allowed - Handle symlinks properly when checking paths - Add new error messages for blocked mount points To override PATH-based restrictions only (system directories remain protected): veracrypt --allow-insecure-mount [options] volume mountpoint Security Impact: Low to Medium The attack requires either: - User explicitly choosing a system directory as mount point instead of using VeraCrypt's default mount points - Or attacker having both filesystem access to modify favorites configuration AND knowledge of the volume password Default mount points are not affected by this vulnerability. Security: CVE-2025-23021
8 daysIncrement version to 1.26.18. Update copyright date. Update Release Notes. ↵Mounir IDRASSI56-62/+62
Update Windows drivers.
10 daysWindows: Fix regression in Traveler Disk creation (#886)Mounir IDRASSI1-6/+6
Issue was caused by the fact that Microsoft signing certificate for driver file has changed. We fix it by updating the SHA512 fingerprint of Microsoft code signing certificate.
2025-01-06Windows: Add missing file entry to Zip project after libzip updateMounir IDRASSI2-0/+4
2025-01-01Windows: Update libzip to version 1.11.2Mounir IDRASSI143-669/+1200
2025-01-01Windows: Update LZMA SDK to version 24.09Mounir IDRASSI16-247/+967
2024-12-27Windows: use modern API to gather system entropy for random generation ↵Mounir IDRASSI1-134/+212
instead of obsolete that were not working This commit increases randomness quality by using more dynamic/varied sources of entropy. PDH-based disk and network statistics collection in now added to random pool - Introduced `GetDiskStatistics` to gather disk read/write performance data using PDH API. - Introduced `GetNetworkStatistics` to gather network send/receive performance data using PDH API. - Integrated high-resolution timestamps and random intervals to improve entropy in collected data. - Updated `SlowPoll` function to utilize PDH-based disk and network statistics. - Removed obsolete NetAPI32-based network statistics collection.
2024-12-25Windows: Update Windows version check on startup to require Win10 1809 or laterMounir IDRASSI3-4/+22
- Add IsWin10BuildAtLeast() helper function to check Windows 10 build numbers - Replace direct build number comparison with IsWin10BuildAtLeast() for ReflectDrivers check - Update error message to be more specific about Windows version requirement
2024-12-25Windows Driver: set Windows 10 version 1809 as minimum.Mounir IDRASSI1-1/+1
To support this, we had to replace ExAllocatePool2 by ExAllocatePoolUninitialized.
2024-11-27Windows Setup: Fix the implementation of backup/restore of file permission ↵Mounir IDRASSI2-13/+4
during update
2024-11-25Windows Setup: Fix "Access Denied" issue during VeraCrypt update after a ↵Mounir IDRASSI2-1/+239
Windows upgrade During a Windows upgrade, ownership of veracrypt.sys is set to TrustedInstaller, preventing VeraCrypt from accessing the file during an update. This commit resolves the issue by temporarily taking ownership of the file to rename it, allowing the new file to be copied. The setup process now obtains additional privileges for this operation, which are properly dropped once the file copying is complete.
2024-11-24Set 1.26.17 release date to November 24thMounir IDRASSI1-1/+1
2024-11-23Windows Driver: Make max work items count configurable. Increase default to ↵Mounir IDRASSI1-0/+2
1024. Queue write IRPs. - Made the maximum work items count configurable to allow flexibility based on system needs. - Increased the default value of max work items count to 1024 to better handle high-throughput scenarios. - Queue write IRPs in system worker thread to avoid potential deadlocks in write scenarios.
2024-11-20Windows driver: use correct WDM type. Increment version to 1.26.17Mounir IDRASSI1-2/+2
2024-11-18Increment version to 1.26.16. Update Release Notes. Update signed Windows ↵Mounir IDRASSI1-3/+3
drivers.
2024-11-17Windows Driver: Use system functions directly instead of dynamic loading ↵Mounir IDRASSI2-59/+12
since we are targeting Windows 10
2024-11-16Windows: Fix driver crash caused by 32-bit leftover code in ↵Mounir IDRASSI1-3/+0
derive_key_blake2s function
2024-11-16Windows: Avoid modifying BootArguments structure and use __unaligned keyword ↵Mounir IDRASSI2-2/+2
to inform compiler that pointer is unaligned. This avoids issues with existing bootloaders
2024-11-16Windows: remove 32-bit logic from the code since we support only 64-bit. ↵Mounir IDRASSI15-279/+41
remove 32-bit EFI bootloader files. We also fix intermediary files folder for Portable and Setup projects
2024-11-16Windows: Fix regression in self-test of hash algorithms that caused them to failMounir IDRASSI1-2/+2
2024-11-15Windows: remove VS 2019 solution and project files since we migrated to VS 2022.Mounir IDRASSI5-761/+0
2024-11-15Windows: move main project files and solution from VS 2010 to VS 2022. ↵Mounir IDRASSI3-17/+198
Delete unused files.
2024-11-15Windows: Fix warning when building Setup and Portable. No file elevation is ↵Mounir IDRASSI1-0/+8
used for them.
2024-11-15Windows: Upgrade VS 2019 solution/projects to VS 2022. Remove Win32 ↵Mounir IDRASSI2-24/+24
configuration for driver and binaries. Only setup remains 32-bit to be compatible with both x64 and arm64 Windows.
2024-11-15Windows: Fix build of MBR bootloaderMounir IDRASSI1-1/+1
2024-11-15Windows: Fix warning in driver build by make get_pkcs5_iteration_count have ↵Mounir IDRASSI1-40/+36
a single return statement at the end
2024-11-15Windows: Use VS builtin __fastfail intrinsic for fatal exception instead of ↵Mounir IDRASSI1-0/+3
affecting NULL pointer
2024-11-15Windows: Fix various compiler warningsMounir IDRASSI9-146/+150
2024-11-13Use adequate const qualifiers for pbkdf2 functions argumentsMounir IDRASSI2-16/+16
2024-11-13Windows: Remove support for 32-bit driver code. Set build target as Windows ↵Mounir IDRASSI19-376/+247
10. Simplify code and fix all warnings in driver.
2024-11-13Windows: Use BCryptGenRandom instead of deprecated CryptGenRandom to ↵Mounir IDRASSI1-27/+21
generate secure random bytes
2024-09-19Windows: Fix EFI configuration editor various issuesMounir IDRASSI2-7/+47
We always using Unicode functions to interact with UI. We convert UTF8 string to UTF16 and vis-versa. Overwrite input string instead of using resize that caused old test to remain. Fix case of readOnly by using correct message. change position of OK/cancel button to match other dialogs. Activate translation on this dialog.
2024-09-17Windows: Simplify error message related to IsEfiBoot since it always fail ↵Mounir IDRASSI1-20/+6
with ERROR_INVALID_FUNCTION Proposed by @kriegste on https://github.com/veracrypt/VeraCrypt/issues/360
2024-09-16Windows: Fix failed EFI detection on some PCs where BootOrder variable is ↵Mounir IDRASSI1-1/+1
not defined. we now report that EFI is not support only when GetFirmwareEnvironmentVariable fails with error ERROR_INVALID_FUNCTION. Proposed by @kriegste on https://github.com/veracrypt/VeraCrypt/issues/360
2024-09-10Linux/macOS: Fix missing define that was causing compilation errorMounir IDRASSI1-0/+2
2024-09-08Windows: Add support for x86 and x64 build for driver and binaries using ↵Mounir IDRASSI3-12/+37
Visual Studio 2019 We also enable Control Flow Guard and Spectre Mitigation
2024-09-02Windows: Fix bug in disabling of Windows privileges, they were completely ↵Mounir IDRASSI1-2/+2
removed instead This started to cause issues after latest changes to disable privileges when they are no more needed. Because of the bug, the privileges could not be enabled again because they were wrongly removed.
2024-09-02Windows: Fix truncated displayed error messageMounir IDRASSI1-4/+4
2024-09-01Windows: Fix MSI not installing all new documentation file. Remove old files ↵Mounir IDRASSI1-3/+3
left from old versions. Increment version to 1.26.15.
2024-08-25Increment version to 1.26.14. Set release date to August 25th.Mounir IDRASSI1-2/+2
2024-08-24Windows: Fix regression causing crash when a wrong password is used when ↵Mounir IDRASSI2-2/+2
changing password of volumes
2024-08-21Windows: Only load valid XML language files (Language.xx.xml or ↵Mounir IDRASSI1-0/+44
Language.xx-yy.xml format)
2024-08-17Update Release Notes. Set release date to August 17th.Mounir IDRASSI1-1/+1
2024-08-14Windows: better handling of reading EFI variable to display help error ↵Mounir IDRASSI1-4/+44
messages in case of failure. Now we accept the possibility of BootOrder EFI variable to be empty in order to try to solve issues on some PCs.
2024-08-13Windows: fix build failure for x86/x64 with newer Visual Studio that use ↵Mounir IDRASSI1-1/+7
Windows 10/11 SDK We set Windows 8 as minimum API support fir Visual Studio 2015 and newer. Closes #1398
2024-08-11Fix another typo of "CPLC" is language files including English one.Mounir IDRASSI1-1/+1
2024-08-11Revert changes mistakenly included in previous commitMounir IDRASSI1-1/+1
2024-08-11Fix typo of "CPLC" is language files including English one.Mounir IDRASSI2-2/+2