Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
during update
|
|
|
|
Windows upgrade
During a Windows upgrade, ownership of veracrypt.sys is set to TrustedInstaller, preventing VeraCrypt from accessing the file during an update.
This commit resolves the issue by temporarily taking ownership of the file to rename it, allowing the new file to be copied. The setup process now obtains additional privileges for this operation, which are properly dropped once the file copying is complete.
|
|
|
|
|
|
1024. Queue write IRPs.
- Made the maximum work items count configurable to allow flexibility based on system needs.
- Increased the default value of max work items count to 1024 to better handle high-throughput scenarios.
- Queue write IRPs in system worker thread to avoid potential deadlocks in write scenarios.
|
|
Reduce the critical section protected by spinlock to only cover the list manipulation operation. Move the ActiveWorkItems counter decrement outside the spinlock using InterlockedDecrement, and separate event signaling from the locked section.
This change minimizes time spent at raised IRQL (DISPATCH_LEVEL) and reduces potential for lock contention.
|
|
|
|
|
|
drivers.
|
|
since we are targeting Windows 10
|
|
completions
There was a deadlock issue in the driver caused by the CompletionThreadProc function in EncryptedIoQueue.c:
https://sourceforge.net/p/veracrypt/discussion/general/thread/f6e7f623d0/?page=20&limit=25#8362
The driver uses a single thread (CompletionThreadProc) to process IRP completions. When IoCompleteRequest is called within this thread, it can result in new IRPs being generated (e.g., for pagefile operations) that are intercepted by the driver and queued back into the CompletionThreadQueue. Since CompletionThreadProc is the only thread processing this queue and is waiting on IoCompleteRequest, these new IRPs are not handled, leading to a system freeze.
To resolve this issue, the following changes have been made:
Deferred IRP Completion Using Pre-allocated Work Items:
- Introduced a pool of pre-allocated work items (COMPLETE_IRP_WORK_ITEM) to handle IRP completions without causing additional resource allocations that could trigger new IRPs.
- The CompletionThreadProc now queues IRP completions to these work items, which are processed in a different context using IoQueueWorkItem, preventing re-entrant IRPs from blocking the completion thread.
Thread-Safe Work Item Pool Management:
- Implemented a thread-safe mechanism using a semaphore (WorkItemSemaphore), spin lock (WorkItemLock), and a free list (FreeWorkItemsList) to manage the pool of work items.
- Threads acquire and release work items safely, and if all work items are busy, threads wait until one becomes available.
Reference Counting and Improved Stop Handling:
- Added an ActiveWorkItems counter to track the number of active work items.
- Modified EncryptedIoQueueStop to wait for all active work items to complete before proceeding with cleanup, ensuring a clean shutdown.
These changes address the deadlock issue by preventing CompletionThreadProc from being blocked by re-entrant IRPs generated during IoCompleteRequest. By deferring IRP completion to a different context using pre-allocated work items and managing resources properly, we avoid the deadlock and ensure that all IRPs are processed correctly.
|
|
|
|
|
|
derive_key_blake2s function
|
|
to inform compiler that pointer is unaligned.
This avoids issues with existing bootloaders
|
|
remove 32-bit EFI bootloader files.
We also fix intermediary files folder for Portable and Setup projects
|
|
|
|
|
|
|
|
|
|
unused old project files
|
|
Delete unused files.
|
|
used for them.
|
|
configuration for driver and binaries.
Only setup remains 32-bit to be compatible with both x64 and arm64 Windows.
|
|
|
|
a single return statement at the end
|
|
affecting NULL pointer
|
|
|
|
|
|
|
|
|
|
|
|
10. Simplify code and fix all warnings in driver.
|
|
generate secure random bytes
|
|
|
|
SHA instruction
|
|
|
|
PBKDF2-HMAC-SHA256
|
|
fallback mechanisms (#1420)
- Use xdg-open as the primary method for opening directories, ensuring compatibility with most Linux environments.
- Implemented fallback logic to try other known file managers (e.g., nautilus, dolphin, caja, thunar) if xdg-open is unavailable or fails.
Based on proposal by @bugtracker2019
|
|
|
|
We always using Unicode functions to interact with UI. We convert UTF8 string to UTF16 and vis-versa.
Overwrite input string instead of using resize that caused old test to remain.
Fix case of readOnly by using correct message.
change position of OK/cancel button to match other dialogs.
Activate translation on this dialog.
|
|
|
|
with ERROR_INVALID_FUNCTION
Proposed by @kriegste on https://github.com/veracrypt/VeraCrypt/issues/360
|
|
fixed by Mattoje #1417
|
|
protection doesn't work on Linux
In the code we also enable it for TC_WINDOWS but actually we don't use wxWidgets for Windows build.
|
|
Veracrypt currently appears in screenshots and screen captures,
which can unintentionally expose sensitive information, such as
the fact that Veracrypt is running or the location of your volumes.
Both Windows and macOS offer mechanisms to exclude specific windows
from being captured. While not foolproof, this is a useful preventative
measure. The method is a no-op for Linux/FreeBSD.
For more details on the wxWidgets API, see:
https://docs.wxwidgets.org/3.2/classwx_top_level_window.html#a337b9cec62b0cbd3b1b1545a83270f64
|
|
not defined.
we now report that EFI is not support only when GetFirmwareEnvironmentVariable fails with error ERROR_INVALID_FUNCTION.
Proposed by @kriegste on https://github.com/veracrypt/VeraCrypt/issues/360
|