Commit Graph

92 Commits

Author SHA1 Message Date
Mounir IDRASSI 44843c47b8 Unix: fix doas auth PTY opening on OpenBSD
OpenBSD defines O_CLOEXEC, but rejects it in posix_openpt() with EINVAL. Retry with the POSIX pseudoterminal flags and then set FD_CLOEXEC explicitly so doas authentication can create its private PTY.
2026-06-30 16:59:25 +09:00
Mounir IDRASSI 47786ddce8 Unix: add doas elevation support
Prefer sudo when available and fall back to doas on Unix. Run doas authentication through a PTY while keeping service communication on stdin/stdout pipes, and use a no-fork service mode for the doas path.

Keep doas authentication terminal descriptors close-on-exec and close the slave descriptor after attaching it as the controlling terminal. Preserve startup diagnostics through stderr until service synchronization completes, then redirect no-fork service stderr away from the closed parent pipe.

Use noninteractive privilege-helper auth checks for both sudo and doas so cached, nopass, or persisted sessions do not need an unnecessary VeraCrypt password prompt. Keep the PTY password path for doas when authentication is required.

Use a shared Unix DOAS_USER helper for FUSE and mount ownership, backed by getpwnam_r and guarded so non-OpenBSD platforms only trust it for VeraCrypt's internal doas no-fork service path. Detach asynchronous child-reaper threads to avoid leaking joinable pthread handles.
2026-06-25 14:40:34 +09:00
Mounir IDRASSI 26adb5e882 Linux: retry auto FAT mounts with blkid
Keep the historical auto-mount behavior as the first attempt when the user did not request a filesystem type. If that mount fails on Linux, detect the filesystem with blkid and retry only for FAT-family types that minimal mount implementations may not auto-probe.

Leave explicit filesystem types and NTFS kernel-driver resolution unchanged.
2026-06-25 14:40:34 +09:00
damianrickard 355b61f41a macOS: honor the CheckFilesystem repair flag (#1791)
CoreMacOSX::CheckFilesystem() ignored both its mountedVolume and repair
arguments and always just launched Disk Utility.app, so the "Check
Filesystem" and "Repair Filesystem" menu items behaved identically and
neither acted on the mounted volume. On Linux/BSD the same operation runs
fsck and honors the flag (passing -n only when repair is false).

Run diskutil on the VeraCrypt virtual device, choosing verifyVolume or
repairVolume per the flag (diskutil unmounts the inner filesystem itself
as needed). The Core layer has no GUI, so the result is shown in a
Terminal window via a temporary .command script; it falls back to
launching Disk Utility.app when no virtual device is available.

Run the macOS check in the unprivileged application process. VeraCrypt does
not need to create or launch the helper script from the elevated core
service: diskutil operates on the mounted virtual device and macOS handles
any device authorization requirements. Once a device-hosted mount has
started the elevated core service, every later service request is routed to
that root process. There it would create the helper script as root (0700)
and open a Terminal in the GUI session that the user could neither read nor
execute. CoreServiceProxy::CheckFilesystem now invokes the core
implementation directly on macOS instead of sending a service request, so
the script is always owned by the GUI user.

The device path is strictly validated as /dev/[r]diskN[sM] before being
single-quoted into the command. The helper script is created securely in
the per-user temp directory via mkstemps() (atomic O_EXCL/0600, fchmod
0700 by descriptor, close() checked for deferred write errors, unlinked on
any failure) rather than at a predictable, enumerable path in the
world-writable /tmp, guarding against a symlink/race on the executed
script. A trap removes the script on exit even if the window is closed
early, and it is also unlinked if launching Terminal fails. The script
captures $? so diskutil's result, including failures, is shown before the
script exits.

Replace the macOS pre-check message (which still told the user Disk
Utility would open and to pick Verify/Repair manually) with check- and
repair-specific text describing the new automatic diskutil flow.

Seed the two new strings into all translation files with the English
text so the XML key-completeness check passes; localization can follow.

Co-authored-by: Damian Rickard <damian@rickard.us>
2026-06-22 07:05:45 +02:00
Mounir IDRASSI adac089fd6 Linux/macOS: surface post-sudo elevation errors
Separate sudo authentication success from elevated request execution state by acknowledging when the elevated core service starts successfully.

Once that channel is available, propagate later failures instead of showing repeated administrator password dialogs. Initialize the sudo dummy-password flag consistently on macOS, avoiding an uninitialized read of UseDummySudoPassword.

Register admin-password cleanup before elevation attempts so plaintext sudo credentials are erased on early-return and post-sudo failure paths.

References #1788.
2026-06-21 04:29:32 +02:00
damianrickard 37412adf04 macOS: parse hdiutil -plist output via CoreFoundation instead of string scanning (#1776)
The hdiutil `-plist` output used for mount/dismount device discovery
(MountAuxVolumeImage and UpdateMountedVolumeInfo) was parsed with a
hand-rolled string scanner that assumed the value always follows the
requested key and that <key>/<string> pairs appear in a fixed order.

Replace it with the CoreFoundation property-list API
(CFPropertyListCreateWithData + dictionary/array navigation), which is
correct by construction and robust to hdiutil output ordering/variation.
An RAII helper (CFHolder) ensures CFRelease on every path.

Behavior is preserved: prefer the system-entity that carries a
mount-point, otherwise fall back to the first dev-entry, and match disk
images by normalized image-path. CoreFoundation is already linked on
macOS (via Cocoa), so no build changes are needed.

Verified end-to-end on Apple Silicon: mounting parses `hdiutil attach`
output and dismount parses `hdiutil info` output correctly.

Co-authored-by: Damian Rickard <damian@rickard.us>
2026-06-16 06:54:58 +02:00
damianrickard 575262a104 macOS: restrict elevated SetFileOwner to disk device nodes (#1758)
The privileged CoreService handler for SetFileOwnerRequest passed the
client-supplied path straight to chown() as root with no validation --
unlike the adjacent APFS formatter handler, which strictly validates its
device argument. Every legitimate macOS caller of the elevated
SetFileOwner targets a real disk device node (/dev/[r]diskN[sM]), so a
crafted IPC request, or a symlink planted at the target, could otherwise
make the root process change ownership of an arbitrary path.

Validate the target service-side: require the strict device-path form
already used by the formatter, and lstat() it to confirm a block or
character device (rejecting symlinks rather than following them) before
the chown.

Co-authored-by: Damian Rickard <damian@rickard.us>
2026-06-14 23:31:42 +09:00
Mounir IDRASSI d26be95861 Update copyright year to 2026 2026-06-09 09:56:25 +09:00
Mounir IDRASSI 4ad36447b2 Linux: fix CentOS 6 build with GCC 4.4
CentOS 6 builds VeraCrypt with GCC 4.4.7 and -std=c++0x. That compiler does not support range-based for loops, and its libstdc++ does not provide std::string::back() or std::string::pop_back().

Avoid those constructs in the affected Unix/Linux code paths: use VeraCrypt's existing foreach helper when iterating PKCS#11 object handles, and use indexing plus erase() when trimming trailing slashes from PATH entries.

This keeps the code valid for newer Linux toolchains while restoring compatibility with the CentOS 6 build environment.
2026-05-26 21:04:52 +09:00
Mounir IDRASSI 6774de941d OpenBSD: honor doas user for mount ownership and FUSE access
VeraCrypt derives the real (non-root) user from SUDO_UID/SUDO_GID
to set default mount-point ownership and the FUSE service access
filter. On OpenBSD, privileged commands are normally run through doas,
which exposes the invoking login name via DOAS_USER and does not set
the sudo variables. As a result, VeraCrypt launched through doas
attributes both to root instead of the invoking user.

When the sudo identity variables are absent, resolve DOAS_USER through
the password database and use that uid/gid for default mount-point
ownership and the VeraCrypt FUSE service access filter. sudo behavior
is unchanged.

This is a correctness fix for the doas launch path. It is not confirmed
to resolve the non-root ext2fs EACCES reported in the linked issues:
that failure occurs at the ext2fs layer reached through vnd, whose
backing-image I/O runs as root and is therefore already permitted by
the access filter.

Refs #1589.
Refs #1593.
2026-05-26 11:07:40 +09:00
Mounir IDRASSI 6bef9e009c Linux: refine in-kernel NTFS driver selection
Keep the NTFS kernel-driver option as a generic in-kernel NTFS path rather than an ntfs3-specific path. Add --filesystem=kernel-ntfs and -m kernelntfs routes that select a registered or loadable kernel NTFS driver and mount with -i so mount.ntfs/ntfs-3g helpers are not invoked.

Preserve --filesystem=ntfs3 as a literal pin to the ntfs3 driver. Treat both ntfs3 and kernel-ntfs as mount-only selectors; volume creation continues to use filesystem type NTFS.

The preference and -m kernelntfs path only select an in-kernel NTFS driver when no explicit filesystem type was supplied and blkid detects NTFS.

Treat ntfs as the preferred in-kernel driver on Linux 7.1 and later, where the upstream read/write driver is expected. On earlier kernels, select ntfs only when module metadata identifies the standalone read/write driver and /sys/module confirms it loaded, avoiding ntfs3 read-only ntfs compatibility registrations. Fall back to ntfs3 otherwise, and report a generic kernel-driver error if neither supported driver is available or loadable.

Rename the internal preference/config field to MountNtfsWithKernelDriver, migrate the old MountNtfsWithNtfs3 preference key, and update UI strings, CLI help, documentation, release notes, and translation placeholders accordingly.

Reference: https://github.com/veracrypt/VeraCrypt/issues/1735
2026-05-18 22:19:23 +09:00
Mounir IDRASSI cd101433c5 macOS: recover mounted volume mount points
Prefer hdiutil plist entities that carry a mount-point when recording the virtual device. This fixes APFS images where the first dev-entry is not the mounted volume.

Add a macOS mounted-volume refresh hook that recovers VirtualDevice and MountPoint from hdiutil info when FUSE-T SMB auxiliary metadata is missing or stale.
2026-05-15 15:35:28 +02:00
Mounir IDRASSI 77e4830c99 macOS: run APFS formatter elevated
APFS volume creation can still fail with Permission denied after preparing the raw and block device aliases because newfs_apfs performs privileged APFS container and volume operations beyond opening the device nodes.

Route APFS formatting through the elevated CoreService path for non-root macOS runs. Keep the elevated interface narrow by sending only the target device and invoking user UID/GID, validate the device path on the privileged side, rebuild the formatter arguments there, and execute /sbin/newfs_apfs by absolute path to avoid PATH shadowing.

Pass -U/-G so the created filesystem preserves the invoking user ownership. Apply the same path to GUI and text-mode creation.
2026-05-15 13:52:21 +09:00
Mounir IDRASSI abd089140b Linux: add emergency cleanup for stale unmounts
When normal filesystem unmount fails, the Linux path could stop before cleaning VeraCrypt mapper, loop and FUSE objects. Add an explicit emergency dismount request that is only reached after interactive confirmation.

The recovery path lazy-detaches mounted filesystems, uses deferred dmsetup removal for VeraCrypt mapper devices, detaches loop devices, and keeps normal force/ignoreOpenFiles behavior unchanged.
2026-05-02 23:03:29 +09:00
Mammoth 771acf5951 Linux: allow mounting NTFS volumes with ntfs3 (#1695)
* Linux: allow mounting volumes with ntfs3

* Linux: add ntfs3 preference for NTFS mounts

* Linux: wrap ntfs3 preference help text

* Add Linux ntfs3 mount preference

* Remove Russian translation changes from ntfs3 PR

* XML Translations: Add English fallback entries for ntfs3 preference

---------

Co-authored-by: Mounir IDRASSI <mounir.idrassi@amcrypto.jp>
2026-04-29 10:11:22 +09:00
curious-rabbit e7188c96a4 Fix undefined behavior in StartElevated stderr read loop (#1550) (#1687)
The read loop that captures stderr from the sudo child process used
`vector<char> buffer(4096); buffer.clear();` followed by
`read(fd, &buffer[0], buffer.capacity())`. This has two instances of
undefined behavior:

1. `operator[](0)` on a vector with `size() == 0` violates the C++
   standard precondition `n < size()`. libstdc++ built with
   `-D_GLIBCXX_ASSERTIONS` aborts the process with:

     stl_vector.h:1128: Assertion '__n < this->size()' failed.

2. `buffer.begin() + bytesRead` on the same empty vector constructs
   an iterator past `end()`, also UB.

`-D_GLIBCXX_ASSERTIONS` is in the default build flags of Arch Linux,
Fedora, and several other distributions. On those systems, the
unprivileged helper process aborts as soon as sudo writes anything
to stderr (a password prompt, a 'user is not in the sudoers file'
error, etc.). The main process then sees EOF on the service output
pipe, and throws `InsufficientData`, which renders to the user as
'Not enough data available'. A second mount attempt fails at
`File::Write` because the helper is dead and the pipe is broken,
producing the bare message 'VeraCrypt::File::Write:395'.

Fix by replacing `buffer` with a plain `char[4096]` and using
`reserve(4096)` on `errOutput` to preserve the original
pre-allocation intent. No behavioral change on systems where the UB
happened to work; aborts are eliminated on systems where the
assertions fire.

Reported-by: multiple users, see veracrypt/VeraCrypt#1550,
              veracrypt/VeraCrypt#1446, veracrypt/VeraCrypt#844

Co-authored-by: rabbit <rabbit@github>
2026-04-23 21:03:20 +09:00
Mounir IDRASSI 357ce6bd7a macOS: harden FUSE-T SMB metadata handling
Increase advertised metadata file size, broaden hdiutil path normalization, and make auxiliary device info updates atomic.
2026-04-22 23:20:25 +09:00
Mounir IDRASSI deb7f55bfb macOS: stabilize FUSE-T SMB mount metadata
Make /aux-device-info readable for SMB, verify that FUSE records hdiutil device info after mount and recover missing virtual devices from hdiutil before dismounting auxiliary mounts.
2026-04-22 16:32:10 +09:00
Mounir IDRASSI 4271b8e6f5 macOS: stabilize FUSE-T SMB auxiliary mounts
Add statfs metadata for the auxiliary FUSE mount, keep /control read-only by sending hdiutil device data through /aux-device-info and tolerate delayed SMB rediscovery during mount completion. Log final control-file retry failures for diagnostics.
2026-04-22 14:37:57 +09:00
Mounir IDRASSI 250a488a84 macOS: Use SMB backend for FUSE-T auxiliary mounts 2026-04-14 14:42:36 +09:00
Mounir IDRASSI 44a9f8bcff Remove SM4 support! 2025-05-18 18:31:39 +09:00
Mounir IDRASSI 982fffe4db Reorder SM4-based cascade ciphers: apply SM4 as the final stage following external review.
The cascade order has been updated so that SM4 is applied after the other cipher(s) (e.g., Serpent). This change reflects standard cryptanalytic guidance, which shows that the overall strength of a cascade is limited by the first encryption stage. Given that SM4 uses a 128-bit key, its post-quantum brute-force resistance is lower than ciphers with a 256-bit key (such as Serpent). By placing SM4 last, we ensure that any potential weakness in SM4 cannot reduce the security margin provided by the stronger cipher.
2025-05-16 15:37:32 +09:00
Mounir IDRASSI b673901503 Move copyright and links to "AM Crypo", amcrypto.jp and veracrypt.jp 2025-05-11 16:02:20 +09:00
Mounir IDRASSI 3edae48717 Linux: Correct handling of documentation in case of AppImage. Code refactoring. 2025-05-10 19:09:31 +09:00
Mounir IDRASSI 745fab60e9 Linux: Fix AppImage compatibility by using AppImage file for sudo elevation
When VeraCrypt is run as an AppImage, the veracrypt binary resides in a SquashFS mount under /tmp which is inaccessible to root. Using this path with sudo results in a "command not found" error.

This patch detects the AppImage environment by checking both APPIMAGE and APPDIR variables, ensuring the executable path starts with APPDIR and that APPDIR starts with the expected "/tmp/.mount_Veracr" prefix. In this scenario, the AppImage file itself (APPIMAGE) is used as the executable for sudo, resolving the elevation issue.
2025-05-10 15:21:19 +09:00
Mounir IDRASSI 7924f06e39 Initial support of SM4 cipher for normal volumes 2025-05-04 02:27:05 +09:00
Steven Lee 43ea5108e5 modify unix default mounting point prefix (use /run/media/veracrypt t… (#1524)
* modify unix default mounting point prefix (use /run/media/veracrypt to replace /mnt/veracrypt).

* bugfix

* add trailling semicolon

* add ifdef TC_LINUX
2025-04-30 14:44:26 +09:00
Mounir IDRASSI fc7037b670 Linux/macOS: use absolute path of 'true' command when checking if sudo session is active. 2025-02-19 10:29:27 +01:00
Mounir IDRASSI 5ff256a53d Linux: simpler and more robust approach to detect active sudo session (#1473) 2025-01-25 01:04:47 +01:00
Mounir IDRASSI b42841ed3c macOS: Fix regression in dismount caused by wrong umount path (#1467) 2025-01-22 17:48:51 +01:00
Mounir IDRASSI 078d1410dd Linux/FreeBSD: Prevent mounting volumes on system directories and PATH (CVE-2025-23021, reported by SivertPL @__tfr)
Added security checks to prevent mounting VeraCrypt volumes on system directories (like /usr/bin) or directories in the user's PATH, which could theoretically allow execution of malicious binaries instead of legitimate system binaries.

Key changes:
- Block mounting on protected system directories (/usr, /bin, /lib, etc.)
  This restriction cannot be overridden
- Block mounting on directories present in user's PATH environment variable
  This can be overridden with --allow-insecure-mount flag
- Add visual warnings (red border, "[INSECURE MODE]") when mounting on PATH directories is allowed
- Handle symlinks properly when checking paths
- Add new error messages for blocked mount points

To override PATH-based restrictions only (system directories remain protected):
veracrypt --allow-insecure-mount [options] volume mountpoint

Security Impact: Low to Medium
The attack requires either:
- User explicitly choosing a system directory as mount point instead of using VeraCrypt's default mount points
- Or attacker having both filesystem access to modify favorites configuration AND knowledge of the volume password
Default mount points are not affected by this vulnerability.

Security: CVE-2025-23021
2025-01-14 14:59:45 +01:00
Mounir IDRASSI 2cca2e1daf Linux/FreeBSD: Add absolute paths for system binaries to prevent path hijacking (CVE-2024-54187, collaboration with SivertPL @__tfr)
This commit fixes a critical security vulnerability where VeraCrypt could be tricked into executing malicious binaries with elevated privileges. The vulnerability has two severe implications:

1. When sudo's secure_path option is disabled, attackers could execute malicious binaries with root privileges by placing them in user-writable PATH directories (e.g., making "sudo mount" execute a malicious mount binary)

2. By placing a malicious sudo binary in PATH, attackers could intercept and steal the user's password when VeraCrypt prompts for sudo authentication

The vulnerability allowed attackers to place malicious binaries in user-writable directories that appear in PATH before system directories, potentially leading to privilege escalation and credential theft.

Key changes:
- Implement FindSystemBinary() to locate executables in secure system paths
- Replace all relative binary paths with absolute paths for system commands
- Add security checks for executable permissions
- Update process execution to use absolute paths for:
  * sudo
  * mount
  * fsck
  * terminal emulators
  * file managers
  * system utilities (hdiutil, mdconfig, vnconfig, lofiadm)

The fix ensures all system binaries are called using their absolute paths from secure system directories, preventing both privilege escalation through PATH manipulation and password theft through sudo hijacking.

Security: CVE-2024-54187
2025-01-14 14:59:40 +01:00
Mounir IDRASSI 1b35abb191 Increment version to 1.26.18. Update copyright date. Update Release Notes. Update Windows drivers. 2025-01-14 12:26:28 +01:00
Mounir IDRASSI ca331b8b34 Linux/macOS: Simplify sudo session detection logic and extend it to macOS
This update simplifies the logic for detecting active sudo sessions by checking the exit code of the sudo -n -l command, which reliably returns 0 if a session is active.

Additionally, this approach is now applicable to recent macOS versions, as they no longer have the sudo bug that previously prevented us from using this method.
2024-12-25 11:29:32 +01:00
Jertzukka 292fe82840 Fix regression in core service deserialization (#1367)
Introducing data into the standard out in the core service will
cause deserialization problems, as the pipes are used for interprocess
communication.
2024-06-24 09:07:19 +02:00
Mounir IDRASSI 01361e300f MacOSX: set FUSE-T workaround max delay to 5 seconds. Make logic specific to FUSE-T volumes. 2024-06-23 16:57:18 +02:00
Mounir IDRASSI edde1d45f6 MacOSX: Add for using FUSE-T instead of MacFUSE
The build script build_veracrypt_macosx.h now accepts the argument -f to enable fuse-t support.
It is also possible to set the environment variable VC_OSX_FUSET to 1 for FUSE-T support.
A change was done in CoreUnix::GetMountedVolumes to add a waiting loop  for control file to be accessible because when using FUSE-T there always a delay before control file can be serialized.
2024-06-22 01:13:20 +02:00
Mounir IDRASSI 455a4f2176 Avoid conflict with C++17 features std::byte by using uint8 type instead of byte 2024-06-12 12:30:04 +02:00
Jertzukka ea7489b93b FreeBSD: Support automatic detection and mounting of ext2/3/4, exFAT, NTFS filesystems (#1350) 2024-06-03 15:57:46 +02:00
Jertzukka bd1e772657 FreeBSD: Fix privilege escalation prompts not showing up (#1349)
The behaviour of `wc -l` is different on FreeBSD, in which the stdout
result is padded by spaces in the beginning, which causes that the
result[0] is not actually the value we care about. This patch adds
a translate removing all whitespace from the output.
2024-06-03 08:09:54 +02:00
Jertzukka 87a9508fdd macOS: Use correct Disk Utility location when "check filesystem" is ran (#1273) 2023-12-11 09:07:37 +01:00
lealem47 9247ce1bb9 wolfCrypt as crypto backend for VeraCrypt (#1227)
* wolfCrypt as crypto backend for VeraCrypt

* Refactor to use EncryptionModeWolfCryptXTS class
2023-11-13 00:51:31 +01:00
kovalev0 847abb23f0 Fix warnings and throwing an exception instead of ignoring the error (#1229)
* EMVCard.cpp: ArrayToHexWideString: prohibit conversion of a string constant

../Common/EMVCard.cpp: In function 'std::wstring VeraCrypt::ArrayToHexWideString(con
st unsigned char*, size_t)':
../Common/EMVCard.cpp:28:43: warning: ISO C++ forbids converting a string constant
to 'wchar_t*' [-Wwrite-strings]
   28 |                 static wchar_t* hexChar = L"0123456789ABCDEF";
      |                                           ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

* EMVCard.cpp: ArrayToHexWideString: fix of the comparison of different types

../Common/EMVCard.cpp: In function 'std::wstring VeraCrypt::ArrayToHexWideString(con
st unsigned char*, size_t)':
../Common/EMVCard.cpp:32:43: warning: comparison of integer expressions of different
 signedness: 'int' and 'size_t' {aka 'long unsigned int'} [-Wsign-compare]
   32 |                         for (int i = 0; i < cbData; i++)
      |                                         ~~^~~~~~~~

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

* SecurityTokenKeyfilesDialog.cpp: removed initialization of an unused variable

Forms/SecurityTokenKeyfilesDialog.cpp:58:24: warning: unused variable 'i' [-Wunused-
variable]
   58 |                 size_t i = 0;
      |                        ^

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

* Core/Unix: throwing an exception instead of ignoring the error

Fixes: 5a6b445f ("fix warnings and UB (#1164)")
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

---------

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
Co-authored-by: Vasiliy Kovalev <kovalev@altlinux.org>
2023-10-08 15:36:15 +02:00
kovalev0 5a6b445f0e fix warnings and UB (#1164)
* Crypto: fix warning mismatched bound

../Crypto/cpu.c:67:32: warning: argument 2 of type 'uint32[4]'
{aka 'unsigned int[4]'} with mismatched bound [-Warray-parameter=]
   67 | int CpuId(uint32 input, uint32 output[4])
      |                         ~~~~~~~^~~~~~~~~
In file included from ../Crypto/cpu.c:3:
../Crypto/cpu.h:236:33: note: previously declared as 'uint32 *'
{aka 'unsigned int *'}
  236 | int CpuId(uint32 input, uint32 *output);

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

* Core/Unix: fix warning ignoring return value

Unix/CoreUnix.cpp: In member function 'virtual std::shared_ptr<VeraCrypt:\
:VolumeInfo> VeraCrypt::CoreUnix::MountVolume(VeraCrypt::MountOptions&)':
Unix/CoreUnix.cpp:682:55: warning: ignoring return value of
'int chown(const char*, __uid_t, __gid_t)' declared with attribute
'warn_unused_result' [-Wunused-result]
  682 |     chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId());
      |     ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

* Main/Forms: fix warning cast to pointer from integer of different size

Forms/MainFrame.cpp: In member function 'void VeraCrypt::MainFrame:\
:UpdateVolumeList()':

Forms/MainFrame.cpp:1718:106: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
 1718 |       Gui->InsertToListCtrl (SlotListCtrl, ++prevItemIndex,
        fields, 0, (void *) volume->SlotNumber);
      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~

Forms/MainFrame.cpp:1753:114: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
 1753 |       Gui->InsertToListCtrl (SlotListCtrl, ++prevItemIndex,
        fields, 0, (void *) slotNumber);
      |            ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

* Crypto: fix undefined behavior signed integer overflow

In function 'twofish_set_key':
cc1: warning: iteration 4 invokes undefined behavior
[-Waggressive-loop-optimizations]
../Crypto/Twofish.c:626:23: note: within this loop
  626 |         for (i = 0; i != 40; i += 2)
      |                     ~~^~~~~

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

---------

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
Co-authored-by: Vasiliy Kovalev <kovalev@altlinux.org>
2023-08-04 23:49:11 +02:00
Mounir IDRASSI 3f976c24d2 Linux/macOS: Remove TrueCrypt support 2023-07-24 08:48:52 +02:00
Mounir IDRASSI 034b64f415 EMV keyfile support: Overall code improvements and bug fixes 2023-06-29 00:06:20 +02:00
mmauv 502ab9112a Add EMV functionality (#1080)
* Add basic strcture needed for EMV implementation

* Add demo EMV functionality with C code pasted in a very dirty and unsafe way. NOT FINAL

* Refactor IccExtractor Structure

* Fix Makefile

* fix include file

* move global variables from h to c

* revert to memcpy

* fix icc data recovery functions

* Add EMV functionalities on windows

* Make EMVToken structures like SecurityToken

* Define constants instead of hard coded values

* Token structures created with inheritance

* refactor TokenKeyfile to use inherit. + polymor.

* add Token.h + Token.cpp in modules in VS2010

* Add a comment at each use of SecurityToken class or objects

* SecurityTokenKeyfilesDialog preparation

* Implemennt GetAvailableTokens in Token class on windows

* merge

* up (patching for Windows)

* foreach Token.cpp corrected

* Display EMV keyfiles on first window in graphic interface

* Add token to Windows UI

* EMVToken selection on OKButton on Linux

* Keyfile.cpp optimization

* Move getKeyfileData in the token class

* EMV::Token GetAvailableKeyfiles() base

* Move getKeyfileData in the token class on unix

* Remove test comments

* Warnings resolved

* RemoveeSecurityTokenLibraryNotInitialized exception if at least one emv token is detected

* Adding new files

* Remove old files and add the new version to the windows project

* Change make_shared to shared_ptr constructor

* IccExtractor integration working on linux

* Throwing card not EMV execption

* catch error when not EMV type in EMVToken::GetAvailableKeyfiles

* Change types to compile on windows

* list all keyfiles, security keyfiles and emv keyfiles in command line

* Change type to be coherent and remove old todo comments

* Remove todo comments

* Change indentation and resolve a bug from previous commit

* Use polymorphism for GetKeyfileData and add export option for EMVTokens on Linux

* Linux : Allow to export EMV Tokens in command lines, Windows : Disable the delete button when EMV Keyfiles are selected

* Remove SlotId from TokenInfo as it is already in Token

* Correct errors on Linux

* Disable delete option if one EMV Token is selected on Linux

* Fix bug enabling delete button if nothing is selected

* emv data used as reference then burnt

* use of normal files in linux corrected

* help updated

* help updated for export functionnality

* option EMV added to graphic interface but not yet working

* Bug fix : Allow to use multiple EMV on windows

* EMV Option added to UserPreferences

* EMV Option working for Linux

* EMV option added to Windows (not working yet)

* [NOT TESTED] EMV option for Windows

* Working EMV option on Windows

* EMV Option for data extraction working for volume creation

* EMV Option for data extraction working for Mount

* EMV Option for data extraction working for mounting favorites volumes

* EMV Option for extraction working for Changing volume password, Set Derivation Key Algorithm and Add or remove keyfile from volume

* Windows : re-checking EMV Option when getting data

* Removing error catches in the IccDataExtractor classe (It only throws error now). Changing GetPan signature to resemble the other functions signatures more

* Changing EMV errors

- Only throwing ICCExtractionException from outside of the ICC module.
- Catching all TLVExceptions and PCSCExceptions to throw the right ICCExtractionException

- Deleting APDU exceptions.

* First version of the documentation

* Adding function pointers for winscard library (but it crashes VeraCrypt)

* Debugging function pointers

* The import of the library on windows work as expected now

* Reverting EMVToken.cpp changes used to test to library import

* Searching for the System32 path instead of hard codding it

* Fixing the bug were VeraCrypt crashes if there is no readers when  "add Token files" is clicked

* Winscard library not initialized in object constructor anymore to delay it after EMVOption check

* Remove winscard lib from windows dependencies

* Properly displaying errors

* Adding a dot in Language.xml

* Catching TLVException

* Removing unused code

* Remove unusefull comments

* Trying to fix 0x1f error

* Update IccDataExtractor.cpp

* Delete History.xml

* Fix get data without get pan

* Cleanup code

* changes for linux compilation but linking not working

* error handling for linux

* erasing emv data

* Burn PAN

* Burn PAN from memory

* Uncomment selfcheck before merging master

* burn corrected

* EMV errors handling for Linux

* EMV working for Linux CLI

* Doc : Winscard Linux package and VeraCrypt versions

---------

Co-authored-by: doriandu45 <d45.poubelle@gmail.com>
Co-authored-by: red4game <redemgaiming@gmail.com>
Co-authored-by: Brice.Namy <brice.namy@insa-rennes.fr>
Co-authored-by: vocthor <pieceo108@gmail.com>
Co-authored-by: vocthor <67202139+vocthor@users.noreply.github.com>
Co-authored-by: Andrei COCAN <andrei.cocan@insa-rennes.fr>
Co-authored-by: AndreiCocan <95496161+AndreiCocan@users.noreply.github.com>
Co-authored-by: francoisLEROUX <francois3443@gmail.com>
2023-06-28 22:51:43 +02:00
Jertzukka 0ffd61a55c Linux/FreeBSD: Fix privilege escalation prompts being ignored (#1100)
Currently if you fail the privilege escalation prompt, the second
one and consecutively every second will be ignored. This is because
if we do not --use-dummy-sudo-password and are on Linux/FreeBSD,
we will be prompted for password twice for one evaluation in the
while(!ElevatedServiceAvailable) loop.

For the fix, we make sure that we run the prompt only once for each
case.
2023-06-10 01:07:27 +02:00
Jertzukka 6ced991d98 Fix issues launching fsck via terminal on Linux (#1086)
Currently on a system without xterm or konsole (like fresh
Ubuntu install) the fsck check will not launch. Added
gnome-terminal as an alternative and fixed an issue where
konsole will always error out as --title and --caption are
no longer valid arguments.

Previously the error message was simply "xterm not found", so
new LangString LINUX_EX2MSG_TERMINALNOTFOUND was added to let the
user knows which programs they need to get the feature working.
2023-06-01 09:01:53 +02:00
ZhanYF b6513d82f8 OpenBSD vnconfig no longer needs -c option (#1002)
Co-authored-by: Your Name <you@example.com>
2023-05-19 00:29:59 +02:00