Commit Graph

176 Commits

Author SHA1 Message Date
Mounir IDRASSI 75857757fe Reset PIM defaults when changing volume KDF
A SourceForge report pointed out that the password-change and header-KDF dialogs reused the current custom PIM when the user selected a different KDF. That was harmless when all choices used the same PBKDF2 PIM scale, but it is wrong with Argon2 because the same numeric PIM has different security and performance meaning.

Avoid silently carrying a custom PIM across KDF changes in both the Windows and wx dialogs. If the new KDF differs from the current one and the user has not explicitly opened the New PIM field, use the default PIM for the selected KDF instead. Keep preserving the current PIM when the KDF is unchanged.

Enable explicit New PIM entry in the header KDF-only flow, warn before resetting an existing custom PIM to the new KDF default, and validate explicitly entered KDF-only PIM values.

Report the new KDF from the Windows dialog as well as the new PIM so favorite volumes update both stored PIM and pinned KDF metadata after password or header KDF changes, including system favorites. Add translation fallbacks, documentation, and release notes for the new behavior.
2026-06-12 18:13:48 +09:00
Mounir IDRASSI d26be95861 Update copyright year to 2026 2026-06-09 09:56:25 +09:00
Mounir IDRASSI 170dfa83ee Linux/macOS: fix hidden volume FAT size limit
The Unix volume creation wizard applied the FAT32 sector-count limit as a blanket check for device-hosted hidden-volume outer volumes. On 512e disks Linux reports 512-byte logical sectors, so this incorrectly rejected larger device-hosted outer volumes even when the selected outer filesystem was not FAT.

Compute the actual VeraCrypt filesystem/data area size through a shared helper and apply the FAT32 size limit only when FAT is selected. This preserves correct FAT validation while allowing non-FAT outer volumes to proceed to the existing hidden-volume size estimation flow.

Update text-mode creation so FAT is not offered when the selected size cannot support it, and default to the platform native filesystem in that case. Clarify the user-facing FAT limit wording to refer to logical sector size.

Fixes #262
2026-05-29 19:18:56 +09:00
Mounir IDRASSI 610feb4c28 macOS: block partitioned disk alias bypass
On macOS, the same whole disk can be addressed as both /dev/diskN and /dev/rdiskN. The GUI creation wizard only compared the selected path against the enumerated raw device path, so manually entering the block-device alias could bypass the existing DEVICE_PARTITIONS_ERR guard and allow formatting a disk that still had partitions.

Add a shared macOS device-path comparison helper that normalizes paths to their raw-device form before comparison. Use it in the GUI wizard so /dev/diskN and /dev/rdiskN are treated as the same whole-disk target while partition paths remain distinct.

Apply the same partitioned whole-device guard in the text/CLI creation path as well, including the macOS alias normalization, so command-line creation cannot format a partitioned top-level disk through an alternate device alias.

Fixes #728
2026-05-29 18:32:32 +09:00
Mounir IDRASSI b33a534581 Linux/macOS: fix remaining wxWidgets sizer flags
Remove the remaining generated-form alignment flag that wxWidgets ignores in box sizers: the language page system-default button bottom alignment combined with wxEXPAND. Preserve the Legal Notices OK button centering and keep Forms.cpp and TrueCrypt.fbp in sync.

Keep the existing global sizer consistency check suppressions in place pending additional testing.

Follow-up to issue #49.
2026-05-29 15:50:49 +09:00
Mounir IDRASSI cfd54af700 macOS: force fresh exFAT layout when formatting volumes
Pass -R to newfs_exfat in both GUI and text-mode volume creation so macOS derives a fresh exFAT layout instead of preserving stale geometry from an existing exFAT boot region. This matches Finder/Disk Utility erase behavior.

Validated on Windows 11: chkdsk no longer reports boot-region corruption on volumes formatted this way.

Fixes #1021.
2026-05-28 13:14:19 +02:00
Mounir IDRASSI 08b433012e Fix volume size unit choice width
The volume size page populates the unit wxChoice after the generated base class has already fit the empty control. On macOS this can leave the closed choice too narrow, truncating MiB to .... Measure the localized unit labels after appending them and set a sufficient minimum width.
2026-05-27 11:31:56 +02:00
Mounir IDRASSI ce20a24aa5 Fix hidden volume size estimate for exFAT outer volumes
On Unix and macOS, the hidden volume wizard estimates the available space for non-FAT outer filesystems using statvfs(). The previous calculation used f_bsize with f_bavail, which can overstate available bytes on macOS exFAT because f_bsize may be the preferred I/O size instead of the fragment size associated with the block counts.

Use f_frsize when it is reported, fall back to f_bsize, and clamp the non-FAT estimate to the actual outer VeraCrypt data size before applying the existing 80% safety heuristic.

Also harden hidden volume creation in both the cross-platform VolumeCreator path and the Windows/common formatting path by rejecting sizes that would exceed the hidden host data area and overlap volume header space.

Fixes #1037
2026-05-27 10:28:43 +02:00
Mounir IDRASSI 854f85f013 Linux: fix language loading when running as AppImage
Fixes #1624

The language file path was hardcoded to /usr/share/veracrypt/languages/
which doesn't exist inside an AppImage runtime. Language files are
actually located under $APPDIR/usr/share/veracrypt/languages/ when
running from an AppImage.

This affected both the language file loading in Resources.cpp and the
language enumeration in PreferencesDialog.cpp, causing the language
selection to show only "System default" and "English" regardless of
which translations were packaged in the AppImage.
2026-05-24 21:47:11 +09:00
Mounir IDRASSI fc2efd0b8f Linux: suppress redundant already-running dialog
When a second GUI process successfully notifies the running instance through the show-request FIFO, the handoff is not an error. Avoid showing the informational modal before exiting, and let the running instance restore the main window on any show request.

Also initialize the GTK indicator menu item pointers to NULL and guard the show/hide label update, preventing a latent crash in SetBackgroundMode when the indicator menu has not been built (e.g. background task disabled in preferences) -- a path made more reachable by the FIFO timer now invoking SetBackgroundMode unconditionally on incoming show requests.

Fixes #1447.

Closes #1745.

Refs #461.
2026-05-22 23:45:04 +09:00
Mounir IDRASSI 79bee911be Linux/macOS: enable quick format for file containers
Allow normal file-hosted containers to use quick format in the Unix volume creation path by sizing the host file with ftruncate before backup headers are written.

Enable the GUI checkbox for normal file containers and honor --quick in text mode. Update the Unix HTML documentation for the weaker deniability properties of sparse or unwritten host regions.
2026-05-22 10:46:30 +09:00
Mounir IDRASSI 6bef9e009c Linux: refine in-kernel NTFS driver selection
Keep the NTFS kernel-driver option as a generic in-kernel NTFS path rather than an ntfs3-specific path. Add --filesystem=kernel-ntfs and -m kernelntfs routes that select a registered or loadable kernel NTFS driver and mount with -i so mount.ntfs/ntfs-3g helpers are not invoked.

Preserve --filesystem=ntfs3 as a literal pin to the ntfs3 driver. Treat both ntfs3 and kernel-ntfs as mount-only selectors; volume creation continues to use filesystem type NTFS.

The preference and -m kernelntfs path only select an in-kernel NTFS driver when no explicit filesystem type was supplied and blkid detects NTFS.

Treat ntfs as the preferred in-kernel driver on Linux 7.1 and later, where the upstream read/write driver is expected. On earlier kernels, select ntfs only when module metadata identifies the standalone read/write driver and /sys/module confirms it loaded, avoiding ntfs3 read-only ntfs compatibility registrations. Fall back to ntfs3 otherwise, and report a generic kernel-driver error if neither supported driver is available or loadable.

Rename the internal preference/config field to MountNtfsWithKernelDriver, migrate the old MountNtfsWithNtfs3 preference key, and update UI strings, CLI help, documentation, release notes, and translation placeholders accordingly.

Reference: https://github.com/veracrypt/VeraCrypt/issues/1735
2026-05-18 22:19:23 +09:00
Mounir IDRASSI 8b1c668b77 Linux: Fix PreferencesDialog build with GCC 4.4
Replace the Linux ntfs3 help icon paint lambda with a small wxWindow
subclass and regular paint event handler.

GCC 4.4, used on CentOS 6, builds with -std=c++0x but does not support
the lambda syntax used in PreferencesDialog.cpp, causing compilation to
fail at the ntfs3 help icon handler.

The drawing behavior is unchanged.
2026-05-17 13:52:45 +09:00
Mounir IDRASSI 77e4830c99 macOS: run APFS formatter elevated
APFS volume creation can still fail with Permission denied after preparing the raw and block device aliases because newfs_apfs performs privileged APFS container and volume operations beyond opening the device nodes.

Route APFS formatting through the elevated CoreService path for non-root macOS runs. Keep the elevated interface narrow by sending only the target device and invoking user UID/GID, validate the device path on the privileged side, rebuild the formatter arguments there, and execute /sbin/newfs_apfs by absolute path to avoid PATH shadowing.

Pass -U/-G so the created filesystem preserves the invoking user ownership. Apply the same path to GUI and text-mode creation.
2026-05-15 13:52:21 +09:00
Mounir IDRASSI 960f5993b2 macOS: prepare APFS formatter device aliases
When creating an APFS filesystem inside a newly created device-hosted volume, VeraCrypt prepared only the raw hdiutil device path before invoking newfs_apfs. On macOS, newfs_apfs may resolve or reopen the corresponding block device path, which can fail with Permission denied for non-root GUI runs.

Prepare both raw and block aliases for the temporary formatter device, restore changed owners afterward, and share the helper between GUI and text-mode volume creation. Restore each changed alias independently so one restore failure does not skip the rest.
2026-05-13 14:39:06 +09:00
Mounir IDRASSI 49c8fd3680 macOS: validate format wizard device targets
Keep device selection enumeration unchanged to avoid slow dialog loads.

In the format wizard, inspect only the selected target with diskutil info -plist and reject APFS synthesized devices, macOS system/support targets, read-only targets, and current APFS system stores. Add a read-only APFS hint for creation failures.
2026-05-11 23:47:20 +09:00
Mounir IDRASSI f8837090b8 Linux/macOS: show volume creation finalization stages
Report explicit progress stages while writing volume data, writing backup headers, and flushing data to disk so the wizard does not appear stuck at 100%.

Keep the wizard in progress during Unix post-creation formatting and show status for temporary mount/device setup, mkfs invocation, and dismount.
2026-05-03 11:26:20 +09:00
Mounir IDRASSI abd089140b Linux: add emergency cleanup for stale unmounts
When normal filesystem unmount fails, the Linux path could stop before cleaning VeraCrypt mapper, loop and FUSE objects. Add an explicit emergency dismount request that is only reached after interactive confirmation.

The recovery path lazy-detaches mounted filesystems, uses deferred dmsetup removal for VeraCrypt mapper devices, detaches loop devices, and keeps normal force/ignoreOpenFiles behavior unchanged.
2026-05-02 23:03:29 +09:00
Mammoth 771acf5951 Linux: allow mounting NTFS volumes with ntfs3 (#1695)
* Linux: allow mounting volumes with ntfs3

* Linux: add ntfs3 preference for NTFS mounts

* Linux: wrap ntfs3 preference help text

* Add Linux ntfs3 mount preference

* Remove Russian translation changes from ntfs3 PR

* XML Translations: Add English fallback entries for ntfs3 preference

---------

Co-authored-by: Mounir IDRASSI <mounir.idrassi@amcrypto.jp>
2026-04-29 10:11:22 +09:00
Mounir IDRASSI e59eb421fb Linux/macOS: Implement missing Argon2 KDF support on Unix 2026-04-19 17:52:44 +09:00
Mounir IDRASSI 3e9c47d256 Linux/macOS: collect mouse entropy from nested controls
wxWidgets does not propagate mouse motion events from child controls to parent windows. The Linux/macOS GUI was binding the random-pool mouse handlers only to the dialog/page and its direct children, which left nested controls such as static-box contents and the wizard image as dead zones.

Add a reusable recursive child-window event binder and use it in the keyfile generator, random pool enrichment dialog, and volume creation wizard. The root windows keep their existing generated bindings, while descendants are bound explicitly, avoiding duplicate handling on the root while covering all nested controls.

This makes the entropy gauge and the random pool update consistently no matter where the pointer moves inside the affected windows.

Fixes #1656.
2026-04-15 16:38:08 +09:00
Ragdoll 2ed98b50d3 Fix erroneous 2 TiB limit for hidden file containers in GUI wizard (#1672) 2026-04-13 16:55:37 +09:00
Mounir IDRASSI 54c39e4eb2 Use "KDF" instead of "PKCS5 PRF" for UI selection of KDF to use 2025-08-08 22:53:04 +09:00
Jertzukka 5d1c48d5ba Linux/FreeBSD/macOS: Column widths correct initially and on update (#1552)
Column width was updated before SlotListCtrl had the slots added,
which caused the column width to be incorrect before the first time
OnTimer ran to update it. Changing the order ensures the column width
is correct on program launch. Also ensure that we do not autosize
column to fit empty content.
2025-06-09 10:27:25 +09:00
Mounir IDRASSI 44a9f8bcff Remove SM4 support! 2025-05-18 18:31:39 +09:00
Mounir IDRASSI b673901503 Move copyright and links to "AM Crypo", amcrypto.jp and veracrypt.jp 2025-05-11 16:02:20 +09:00
Mounir IDRASSI 7924f06e39 Initial support of SM4 cipher for normal volumes 2025-05-04 02:27:05 +09:00
Helmut K. C. Tessarek 498dff9013 refactor: use the term unmount instead of dismount (#1478)
* refactor: use UNMOUNT instead of DISMOUNT in code

This change updates the term DISMOUNT in constants to UNMOUNT.
Other occurrences (e.g. variable names) are left alone for now.

* refactor(ui): use unmount instead of dismount

This change updates the GUI text and replaces dismount with unmount.

* docs: update term dismount -> unmount

* refactor(cmdline): add unmount

This change adds an argument 'unmount' for command line usage, while
trying to deprecate the old disnount argument.
The current dismount argument/flag will still work to not introduce
a breaking change.

* docs: mention that /dismount is deprecated

This change fixes the shorthand version of the argument /unmount
It also adds back the info for /dismount and that it is deprecated.
2025-01-31 23:18:26 +01:00
Mounir IDRASSI 078d1410dd Linux/FreeBSD: Prevent mounting volumes on system directories and PATH (CVE-2025-23021, reported by SivertPL @__tfr)
Added security checks to prevent mounting VeraCrypt volumes on system directories (like /usr/bin) or directories in the user's PATH, which could theoretically allow execution of malicious binaries instead of legitimate system binaries.

Key changes:
- Block mounting on protected system directories (/usr, /bin, /lib, etc.)
  This restriction cannot be overridden
- Block mounting on directories present in user's PATH environment variable
  This can be overridden with --allow-insecure-mount flag
- Add visual warnings (red border, "[INSECURE MODE]") when mounting on PATH directories is allowed
- Handle symlinks properly when checking paths
- Add new error messages for blocked mount points

To override PATH-based restrictions only (system directories remain protected):
veracrypt --allow-insecure-mount [options] volume mountpoint

Security Impact: Low to Medium
The attack requires either:
- User explicitly choosing a system directory as mount point instead of using VeraCrypt's default mount points
- Or attacker having both filesystem access to modify favorites configuration AND knowledge of the volume password
Default mount points are not affected by this vulnerability.

Security: CVE-2025-23021
2025-01-14 14:59:45 +01:00
Mounir IDRASSI 1b35abb191 Increment version to 1.26.18. Update copyright date. Update Release Notes. Update Windows drivers. 2025-01-14 12:26:28 +01:00
Deniz Türkoglu e0a46f6b2b Add Option to Enable/Disable Screen Capture (#1418)
Veracrypt currently appears in screenshots and screen captures,
which can unintentionally expose sensitive information, such as
the fact that Veracrypt is running or the location of your volumes.

Both Windows and macOS offer mechanisms to exclude specific windows
from being captured. While not foolproof, this is a useful preventative
measure. The method is a no-op for Linux/FreeBSD.

For more details on the wxWidgets API, see:
https://docs.wxwidgets.org/3.2/classwx_top_level_window.html#a337b9cec62b0cbd3b1b1545a83270f64
2024-09-17 00:05:21 +02:00
Mounir IDRASSI d6f0250901 Linux/MacOSX: Only load valid XML language files (Language.langid.xml format with langid one of the predefined language identifiers) 2024-08-25 09:36:38 +02:00
Mounir IDRASSI 25c88fe3d3 Revert "Add Hausa translation (#1404)" (#1407)
This reverts commit ce9537f2b8.
2024-08-22 06:53:26 +02:00
Marius Kjærstad ce9537f2b8 Add Hausa translation (#1404) 2024-08-21 20:20:46 +02:00
Marius Kjærstad 75b2512dba Add Norwegian Bokmål translation (#1382)
* Add Norwegian Bokmål translation

* Fix Norwegian Bokmål translation
2024-08-03 05:52:44 +02:00
Mounir IDRASSI ed1263bf8c Implement detection of volumes with vulnerable XTS master key.
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
2024-08-02 00:20:53 +02:00
Mounir IDRASSI 9697416919 Linux: Make the C++ code compatible with old compilers (g++ 4.4.7 on CentOS 6) 2024-06-30 01:22:05 +02:00
Mounir IDRASSI 0ea32b02b9 MacOSX: Fix compiler warning
Update friend declaration in FuseService.h and refactor GetCharWidth to ComputeCharWidth in WaitDialog.h to avoif hiding GetCharWidth inherited from wxWindow
2024-06-23 22:43:14 +02:00
Mounir IDRASSI 875a1da0fb macOSX: Add "FUSE-T build" in About dialog when linking against FUSE-T instead of MacFUSE 2024-06-23 12:50:40 +02:00
Mounir IDRASSI 423352056e Update copyright date in some files 2024-06-23 12:49:08 +02:00
Mounir IDRASSI 455a4f2176 Avoid conflict with C++17 features std::byte by using uint8 type instead of byte 2024-06-12 12:30:04 +02:00
Jertzukka bf9f3ec4f0 Avoid assert by verifying installed languages exist (#1354)
wxDir::GetAllFiles will throw an assert when opening the preferences dialog
if for some reason the user has not installed VeraCrypt properly and is
missing the intended folder. This patch adds a check to ensure the folder
first exists before querying its files.
2024-06-03 23:10:53 +02:00
Jertzukka 114624b3a5 Prepare for changes in wxWidgets 3.3 (#1343)
* Move from deprecated wxScopedPtr to std::unique_ptr
wxScopedPtr was included previously through some header hierarchy which as of 3.3 is
no longer the case causing it to break. But instead of including a header for a deprecated
function explicitly, just move to std::unique_ptr as recommended by upstream.

* Convert to explicit conversions from wxString
As of https://github.com/wxWidgets/wxWidgets/pull/23449/commits/35c35c235e9c29b40002131602e050dca8d65b8c
wxWidgets defaults to STL classes, which has a side-effect that
some implicit conversions break. This patch converts those conversions
to explicit in anticipation of wxWidgets 3.3 release.
2024-05-18 03:46:39 +02:00
Jertzukka ff93a6021f macOS: Fix near zero width PIM input box and simplify wxTextValidator logic (#1274)
* macOS: Fix issue where PIM box has no width in Wizard
VolumePimTextCtrl has a problem with width on macOS which
we can fix by adjusting the proportions of the elements
inside the PimSizer, which seems like a better solution than
using a forced minimum size in pixels.

Adjacent, simplifies the validator logic for digits in PIM field.

Fixes #1219
2023-12-11 09:06:33 +01:00
Jertzukka 6a1780864c Linux/FreeBSD/macOS: Implement language selection settings (#1253)
* Implement Language selection into settings
Initial commit to create a new tab in PreferencesNotebook for
Language selection. By default, if nothing is chosen, it uses the
current behaviour of using the language from system environment
variables. If another language is chosen from the settings, it is
saved into the Configuration.xml and this is used instead.

* Fix SetStringSelection() assert issue on macOS

* Add header include to fix build

* Add current language pack, authors and way to use literal strings

* Translations also for FreeBSD

* Minimal GTK3 WX build on FreeBSD requires wxGraphicsContext

* Get Preferences properly instead of workaround function

* Use WrapSizer instead of BoxSizer for author line
This forces long author lists to be put on a new line, reducing
the need to increase window width.

* Update Finnish translation

* Borrow translation from IDM_LANGUAGE where it makes sense

* Remove colon and thus unneeded function

* Simplify Language tab layout

* Reintroduce macOS specific fixes to Forms.cpp

* cleanup
2023-11-19 00:31:40 +01:00
lealem47 9247ce1bb9 wolfCrypt as crypto backend for VeraCrypt (#1227)
* wolfCrypt as crypto backend for VeraCrypt

* Refactor to use EncryptionModeWolfCryptXTS class
2023-11-13 00:51:31 +01:00
Jertzukka 91b47deb0e Linux: Focus PIM field when selected (#1239)
Sets focus to VolumePimTextCtrl initially when the checkbox is clicked.
2023-10-31 00:08:41 +01:00
kovalev0 847abb23f0 Fix warnings and throwing an exception instead of ignoring the error (#1229)
* EMVCard.cpp: ArrayToHexWideString: prohibit conversion of a string constant

../Common/EMVCard.cpp: In function 'std::wstring VeraCrypt::ArrayToHexWideString(con
st unsigned char*, size_t)':
../Common/EMVCard.cpp:28:43: warning: ISO C++ forbids converting a string constant
to 'wchar_t*' [-Wwrite-strings]
   28 |                 static wchar_t* hexChar = L"0123456789ABCDEF";
      |                                           ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

* EMVCard.cpp: ArrayToHexWideString: fix of the comparison of different types

../Common/EMVCard.cpp: In function 'std::wstring VeraCrypt::ArrayToHexWideString(con
st unsigned char*, size_t)':
../Common/EMVCard.cpp:32:43: warning: comparison of integer expressions of different
 signedness: 'int' and 'size_t' {aka 'long unsigned int'} [-Wsign-compare]
   32 |                         for (int i = 0; i < cbData; i++)
      |                                         ~~^~~~~~~~

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

* SecurityTokenKeyfilesDialog.cpp: removed initialization of an unused variable

Forms/SecurityTokenKeyfilesDialog.cpp:58:24: warning: unused variable 'i' [-Wunused-
variable]
   58 |                 size_t i = 0;
      |                        ^

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

* Core/Unix: throwing an exception instead of ignoring the error

Fixes: 5a6b445f ("fix warnings and UB (#1164)")
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>

---------

Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
Co-authored-by: Vasiliy Kovalev <kovalev@altlinux.org>
2023-10-08 15:36:15 +02:00
Mounir IDRASSI 42857b4930 Update various copyright dates 2023-10-05 09:07:35 +02:00
Mounir IDRASSI 8eb232a4a3 MacOS: set minimum target to OSX 12. Fix About menu not working.
The modification to Forms.cpp is temporary until we find a better
approach
2023-10-01 18:51:20 +02:00