| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- use a more standard-looking memory value tag instead of fully random one that will look suspicious and outstanding
- If we fail to allocate 1MiB for derivation area, we device the size by two in a loop until we succeed. This is better than falling back directly to 8KiB size
- Better method to derive actual encryption key: instead of simply duplicating 128bit key value, we combine a xor addition and self-encryption to build a 256-bit key
- use both encID and pbKeyDerivationArea to derive IV for encryption and not only endID
|
|
better seed for internal RNG compared to KeQueryInterruptTime
|
|
only if PC connected to Internet
|
|
during upgrade
|
|
Updated to the latest version for the VeraCrypt 1.26.6 release.
|
|
outdated
|
|
memory protection
Also a dedicated page in the documentation was added for it.
|
|
|
|
instead of InitCommonControls
|
|
|
|
Remove unneeded boolean
|
|
This can be useful for users who need Accessibility software that may not work when memory protection is active in VeraCrypt
|
|
mitigation (ASLR, Dynamic code, extension points)
Memory protection can be disabled using registry value "VeraCryptEnableMemoryProtection" under the key "HKLM\SYSTEM\CurrentControlSet\Services\veracrypt"
|
|
|
|
Corrected small typo
|
|
|
|
|
|
(proposed by @Lavode in #1187)
Fixes #1187
|
|
third-party file extensions usage.
|
|
Corected a typo
|
|
documentation to mention risks of third-party file extensions.
This commit also adds red color to the warning text about keyfiles in keyfiles dialogs.
|
|
interface
We remove usage of GetOpenFileNameW/GetSaveFileNameW/SHBrowseForFolderW which are deprecated by Microsoft
|
|
now minimal OS version.
|
|
loading thanks to Windows 7 being minimum supported version.
We also block execution on Windows versions older than Windows 7.
A lot of code was removed thanks to this.
|
|
This helps to preserve unknown entries that may be used by future
versions of VeraCrypt (forward compatibility) or entries used by old
versions that were removed from current version (backward compatibility)
|
|
|
|
|
|
setting safe dll loading
|
|
* Update zlib to latest
* Update copyright
Updated copyright of zlib.
|
|
|
|
There was a logical bug that made the code check the filesystem size of
the device path "/dev" instead of using the actual size of the device
Fix #1180
|
|
|
|
|
|
|
|
For now, we force ReadOnly mounting for such partitions.
|
|
If we can set required privilege, we ask the user using UAC to enable them.
|
|
Rules of automatic flushing of stdout buffer is implementation-defined
behaviour. In glibc this is automatically flushed, but we can't rely
on it for other implementations such as musl.
|
|
|
|
value of MS certificate
We also rename the variables gpbSha256CodeSignCertFingerprint and gpbSha256MSCodeSignCertFingerprint to gpbSha512CodeSignCertFingerprint and gpbSha512MSCodeSignCertFingerprint respectively to reflect the fact that they are actually SHA512 hash values and not SHA256 ones.
|
|
When using multiple monitors, the resolution can change in OSX,
during plug-in/off off the display(s). To avoid window becoming
non-usable, there is EnsureVisible, that is called in several
places.
However, if you minimize VeraCrypt on the bigger screen, and
restore it in the main screen of a MacBook, after unplugging, the
window will become unusable (unless you know that clicking 'About'
calls EnsureVisible :-)).
Call EnsureVisible OnActivate so MainFrame is always functional
across screens, even when minimized.
|
|
Some systems (e.g. Alpine Linux) seems to require this.
|
|
If an error happens, error message will be read from popen pipe and so
libpcsclite.so will not be found. This is the same outcome as when
stdout is empty.
|
|
creating volumes
This is unlikely to happen thanks to random generator properties but we much add this check to prevent an attack described in page 3 of https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf
|
|
keys option is enable
When this option is enabled, we first build the list of currently inserted devices then we start listening to insertion events.
When a device insertion occurs, we check if this device is on our list and if yes, we ignore its insertion.
We also ignore devices whose Device ID starts with "SWD\" and "ROOT\" since these are not real devices.
|
|
* Crypto: fix warning mismatched bound
../Crypto/cpu.c:67:32: warning: argument 2 of type 'uint32[4]'
{aka 'unsigned int[4]'} with mismatched bound [-Warray-parameter=]
67 | int CpuId(uint32 input, uint32 output[4])
| ~~~~~~~^~~~~~~~~
In file included from ../Crypto/cpu.c:3:
../Crypto/cpu.h:236:33: note: previously declared as 'uint32 *'
{aka 'unsigned int *'}
236 | int CpuId(uint32 input, uint32 *output);
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
* Core/Unix: fix warning ignoring return value
Unix/CoreUnix.cpp: In member function 'virtual std::shared_ptr<VeraCrypt:\
:VolumeInfo> VeraCrypt::CoreUnix::MountVolume(VeraCrypt::MountOptions&)':
Unix/CoreUnix.cpp:682:55: warning: ignoring return value of
'int chown(const char*, __uid_t, __gid_t)' declared with attribute
'warn_unused_result' [-Wunused-result]
682 | chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId());
| ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
* Main/Forms: fix warning cast to pointer from integer of different size
Forms/MainFrame.cpp: In member function 'void VeraCrypt::MainFrame:\
:UpdateVolumeList()':
Forms/MainFrame.cpp:1718:106: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
1718 | Gui->InsertToListCtrl (SlotListCtrl, ++prevItemIndex,
fields, 0, (void *) volume->SlotNumber);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
Forms/MainFrame.cpp:1753:114: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
1753 | Gui->InsertToListCtrl (SlotListCtrl, ++prevItemIndex,
fields, 0, (void *) slotNumber);
| ^~~~~~~~~~~~~~~~~~~
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
* Crypto: fix undefined behavior signed integer overflow
In function 'twofish_set_key':
cc1: warning: iteration 4 invokes undefined behavior
[-Waggressive-loop-optimizations]
../Crypto/Twofish.c:626:23: note: within this loop
626 | for (i = 0; i != 40; i += 2)
| ~~^~~~~
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
---------
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
Co-authored-by: Vasiliy Kovalev <kovalev@altlinux.org>
|
|
Currently there are a lot of translated strings that are never seen
anywhere as the installer doesn't offer all the available languages
as options in the installer wizard (sans Burmese).
|
|
|
|
|
|
|
|
|
