Age | Commit message (Collapse) | Author | Files | Lines |
|
This update simplifies the logic for detecting active sudo sessions by checking the exit code of the sudo -n -l command, which reliably returns 0 if a session is active.
Additionally, this approach is now applicable to recent macOS versions, as they no longer have the sudo bug that previously prevented us from using this method.
|
|
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
|
|
Introducing data into the standard out in the core service will
cause deserialization problems, as the pipes are used for interprocess
communication.
|
|
FUSE-T volumes.
|
|
The build script build_veracrypt_macosx.h now accepts the argument -f to enable fuse-t support.
It is also possible to set the environment variable VC_OSX_FUSET to 1 for FUSE-T support.
A change was done in CoreUnix::GetMountedVolumes to add a waiting loop for control file to be accessible because when using FUSE-T there always a delay before control file can be serialized.
|
|
|
|
filesystems (#1350)
|
|
The behaviour of `wc -l` is different on FreeBSD, in which the stdout
result is padded by spaces in the beginning, which causes that the
result[0] is not actually the value we care about. This patch adds
a translate removing all whitespace from the output.
|
|
|
|
* wolfCrypt as crypto backend for VeraCrypt
* Refactor to use EncryptionModeWolfCryptXTS class
|
|
* EMVCard.cpp: ArrayToHexWideString: prohibit conversion of a string constant
../Common/EMVCard.cpp: In function 'std::wstring VeraCrypt::ArrayToHexWideString(con
st unsigned char*, size_t)':
../Common/EMVCard.cpp:28:43: warning: ISO C++ forbids converting a string constant
to 'wchar_t*' [-Wwrite-strings]
28 | static wchar_t* hexChar = L"0123456789ABCDEF";
| ^~~~~~~~~~~~~~~~~~~
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
* EMVCard.cpp: ArrayToHexWideString: fix of the comparison of different types
../Common/EMVCard.cpp: In function 'std::wstring VeraCrypt::ArrayToHexWideString(con
st unsigned char*, size_t)':
../Common/EMVCard.cpp:32:43: warning: comparison of integer expressions of different
signedness: 'int' and 'size_t' {aka 'long unsigned int'} [-Wsign-compare]
32 | for (int i = 0; i < cbData; i++)
| ~~^~~~~~~~
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
* SecurityTokenKeyfilesDialog.cpp: removed initialization of an unused variable
Forms/SecurityTokenKeyfilesDialog.cpp:58:24: warning: unused variable 'i' [-Wunused-
variable]
58 | size_t i = 0;
| ^
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
* Core/Unix: throwing an exception instead of ignoring the error
Fixes: 5a6b445f ("fix warnings and UB (#1164)")
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
---------
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
Co-authored-by: Vasiliy Kovalev <kovalev@altlinux.org>
|
|
(proposed by @Lavode in #1187)
Fixes #1187
|
|
creating volumes
This is unlikely to happen thanks to random generator properties but we much add this check to prevent an attack described in page 3 of https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf
|
|
* Crypto: fix warning mismatched bound
../Crypto/cpu.c:67:32: warning: argument 2 of type 'uint32[4]'
{aka 'unsigned int[4]'} with mismatched bound [-Warray-parameter=]
67 | int CpuId(uint32 input, uint32 output[4])
| ~~~~~~~^~~~~~~~~
In file included from ../Crypto/cpu.c:3:
../Crypto/cpu.h:236:33: note: previously declared as 'uint32 *'
{aka 'unsigned int *'}
236 | int CpuId(uint32 input, uint32 *output);
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
* Core/Unix: fix warning ignoring return value
Unix/CoreUnix.cpp: In member function 'virtual std::shared_ptr<VeraCrypt:\
:VolumeInfo> VeraCrypt::CoreUnix::MountVolume(VeraCrypt::MountOptions&)':
Unix/CoreUnix.cpp:682:55: warning: ignoring return value of
'int chown(const char*, __uid_t, __gid_t)' declared with attribute
'warn_unused_result' [-Wunused-result]
682 | chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId());
| ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
* Main/Forms: fix warning cast to pointer from integer of different size
Forms/MainFrame.cpp: In member function 'void VeraCrypt::MainFrame:\
:UpdateVolumeList()':
Forms/MainFrame.cpp:1718:106: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
1718 | Gui->InsertToListCtrl (SlotListCtrl, ++prevItemIndex,
fields, 0, (void *) volume->SlotNumber);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
Forms/MainFrame.cpp:1753:114: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
1753 | Gui->InsertToListCtrl (SlotListCtrl, ++prevItemIndex,
fields, 0, (void *) slotNumber);
| ^~~~~~~~~~~~~~~~~~~
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
* Crypto: fix undefined behavior signed integer overflow
In function 'twofish_set_key':
cc1: warning: iteration 4 invokes undefined behavior
[-Waggressive-loop-optimizations]
../Crypto/Twofish.c:626:23: note: within this loop
626 | for (i = 0; i != 40; i += 2)
| ~~^~~~~
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
---------
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
Co-authored-by: Vasiliy Kovalev <kovalev@altlinux.org>
|
|
|
|
|
|
* Add basic strcture needed for EMV implementation
* Add demo EMV functionality with C code pasted in a very dirty and unsafe way. NOT FINAL
* Refactor IccExtractor Structure
* Fix Makefile
* fix include file
* move global variables from h to c
* revert to memcpy
* fix icc data recovery functions
* Add EMV functionalities on windows
* Make EMVToken structures like SecurityToken
* Define constants instead of hard coded values
* Token structures created with inheritance
* refactor TokenKeyfile to use inherit. + polymor.
* add Token.h + Token.cpp in modules in VS2010
* Add a comment at each use of SecurityToken class or objects
* SecurityTokenKeyfilesDialog preparation
* Implemennt GetAvailableTokens in Token class on windows
* merge
* up (patching for Windows)
* foreach Token.cpp corrected
* Display EMV keyfiles on first window in graphic interface
* Add token to Windows UI
* EMVToken selection on OKButton on Linux
* Keyfile.cpp optimization
* Move getKeyfileData in the token class
* EMV::Token GetAvailableKeyfiles() base
* Move getKeyfileData in the token class on unix
* Remove test comments
* Warnings resolved
* RemoveeSecurityTokenLibraryNotInitialized exception if at least one emv token is detected
* Adding new files
* Remove old files and add the new version to the windows project
* Change make_shared to shared_ptr constructor
* IccExtractor integration working on linux
* Throwing card not EMV execption
* catch error when not EMV type in EMVToken::GetAvailableKeyfiles
* Change types to compile on windows
* list all keyfiles, security keyfiles and emv keyfiles in command line
* Change type to be coherent and remove old todo comments
* Remove todo comments
* Change indentation and resolve a bug from previous commit
* Use polymorphism for GetKeyfileData and add export option for EMVTokens on Linux
* Linux : Allow to export EMV Tokens in command lines, Windows : Disable the delete button when EMV Keyfiles are selected
* Remove SlotId from TokenInfo as it is already in Token
* Correct errors on Linux
* Disable delete option if one EMV Token is selected on Linux
* Fix bug enabling delete button if nothing is selected
* emv data used as reference then burnt
* use of normal files in linux corrected
* help updated
* help updated for export functionnality
* option EMV added to graphic interface but not yet working
* Bug fix : Allow to use multiple EMV on windows
* EMV Option added to UserPreferences
* EMV Option working for Linux
* EMV option added to Windows (not working yet)
* [NOT TESTED] EMV option for Windows
* Working EMV option on Windows
* EMV Option for data extraction working for volume creation
* EMV Option for data extraction working for Mount
* EMV Option for data extraction working for mounting favorites volumes
* EMV Option for extraction working for Changing volume password, Set Derivation Key Algorithm and Add or remove keyfile from volume
* Windows : re-checking EMV Option when getting data
* Removing error catches in the IccDataExtractor classe (It only throws error now). Changing GetPan signature to resemble the other functions signatures more
* Changing EMV errors
- Only throwing ICCExtractionException from outside of the ICC module.
- Catching all TLVExceptions and PCSCExceptions to throw the right ICCExtractionException
- Deleting APDU exceptions.
* First version of the documentation
* Adding function pointers for winscard library (but it crashes VeraCrypt)
* Debugging function pointers
* The import of the library on windows work as expected now
* Reverting EMVToken.cpp changes used to test to library import
* Searching for the System32 path instead of hard codding it
* Fixing the bug were VeraCrypt crashes if there is no readers when "add Token files" is clicked
* Winscard library not initialized in object constructor anymore to delay it after EMVOption check
* Remove winscard lib from windows dependencies
* Properly displaying errors
* Adding a dot in Language.xml
* Catching TLVException
* Removing unused code
* Remove unusefull comments
* Trying to fix 0x1f error
* Update IccDataExtractor.cpp
* Delete History.xml
* Fix get data without get pan
* Cleanup code
* changes for linux compilation but linking not working
* error handling for linux
* erasing emv data
* Burn PAN
* Burn PAN from memory
* Uncomment selfcheck before merging master
* burn corrected
* EMV errors handling for Linux
* EMV working for Linux CLI
* Doc : Winscard Linux package and VeraCrypt versions
---------
Co-authored-by: doriandu45 <d45.poubelle@gmail.com>
Co-authored-by: red4game <redemgaiming@gmail.com>
Co-authored-by: Brice.Namy <brice.namy@insa-rennes.fr>
Co-authored-by: vocthor <pieceo108@gmail.com>
Co-authored-by: vocthor <67202139+vocthor@users.noreply.github.com>
Co-authored-by: Andrei COCAN <andrei.cocan@insa-rennes.fr>
Co-authored-by: AndreiCocan <95496161+AndreiCocan@users.noreply.github.com>
Co-authored-by: francoisLEROUX <francois3443@gmail.com>
|
|
Currently if you fail the privilege escalation prompt, the second
one and consecutively every second will be ignored. This is because
if we do not --use-dummy-sudo-password and are on Linux/FreeBSD,
we will be prompted for password twice for one evaluation in the
while(!ElevatedServiceAvailable) loop.
For the fix, we make sure that we run the prompt only once for each
case.
|
|
Currently on a system without xterm or konsole (like fresh
Ubuntu install) the fsck check will not launch. Added
gnome-terminal as an alternative and fixed an issue where
konsole will always error out as --title and --caption are
no longer valid arguments.
Previously the error message was simply "xterm not found", so
new LangString LINUX_EX2MSG_TERMINALNOTFOUND was added to let the
user knows which programs they need to get the feature working.
|
|
implementation
|
|
The lack of explicit hash initialization was causing issue with Blake2s
because it doesn't allow further processing once a digest value was
returned.
Other hash algorithms don't have this restriction.
Not we explicitely initialize all hash algorithms which is the correct
way to do things.
|
|
Co-authored-by: Your Name <you@example.com>
|
|
algorithms RIPEMD-160 and GOST89.
|
|
1 second for forked process to start
|
|
* *: source files should not be executable
* *: make sure files have final newline
* *: remove BOM from text files
* translations: unify headers
* *: fix typos
* *: trim excess whitespace
|
|
If pam_tmpdir is in use, use the temporary directory for the sudoing
user, rather than that for root.
|
|
* OpenBSD: add basic support
modified: Build/Include/Makefile.inc
modified: Driver/Fuse/FuseService.cpp
modified: Main/FatalErrorHandler.cpp
modified: Makefile
modified: Platform/Unix/File.cpp
modified: Platform/Unix/FilesystemPath.cpp
modified: Platform/Unix/SystemInfo.cpp
* OpenBSD: some necessary files were missing
new file: Core/Unix/OpenBSD/CoreOpenBSD.cpp
new file: Core/Unix/OpenBSD/CoreOpenBSD.h
new file: Core/Unix/OpenBSD/System.h
|
|
|
|
mixed mode for volumes whose size is less than 109 MiB
|
|
|
|
|
|
|
|
compiler not optimizing calls to method Memory::Erase
|
|
implementation which is kept for compatibility with older compilers. We also introduce compatibility code for old compilers that don't define std::unique_ptr
|
|
fail gracefully
|
|
has returned random bytes successfully at least once during the lifetime of RandomNumberGenerator
|
|
|
|
method that takes a size_t argument (we cast to uint32)
|
|
CoreUnix::MountVolume (#565)
|
|
Signed-off-by: alt3r 3go <alt3r.3go@protonmail.com>
|
|
dummy password
The new switch is --use-dummy-sudo-password
|
|
many times in some cases
|
|
|
|
|
|
|
|
active 'sudo' session instead of the use of a 'dummy' password. (#513)
Signed-off-by: El Mostafa IDRASSI <el-mostafa.idrassi@prestalab.net>
|
|
size larger than 512 bytes.
|
|
partitions/drivers in ReadOnly mode in order to allow troubleshooting in some cases.
|
|
(Camellia-Kuznyechik, Camellia-Serpent, Kuznyechik-AES, Kuznyechik-Serpent-Camellia and Kuznyechik-Twofish)
|
|
|