Commit Graph

  • b0bb124772 Bootloader: reduce the size of Serpent implementation when used as the single cipher. We need this because to save space for the new features to come. Mounir IDRASSI 2014-10-26 09:03:14 +01:00
  • f7d8e565b4 Windows Driver Sanity check: check that the password length passed from the bootloader is less than or equal to 64 before using it. Mounir IDRASSI 2014-10-26 00:58:49 +02:00
  • 3f2e20e339 Simplify code handling iterations count: in boot mode, we'll set the correct iterations count inside derive_u_sha256 and derive_u_ripemd160 depending in the value of the iterations parameter. On normal mode, we use normal values of iterations count. Removes the special test parameter from RIPEMD160 functions. Mounir IDRASSI 2014-10-26 00:57:44 +02:00
  • 714a2ce0ae Bootloader: in function ReadVolumeHeader, arrays dk and masterKey have the same size and they are never needed at the same time. So, we can minimize stack memory usage by using only one array instead of two. At the end of the function, the array is erased securely. Mounir IDRASSI 2014-10-25 20:11:28 +02:00
  • c1378f781a Bootloader: optimize code size in single cipher mode by manually inlining EAInit, EAGetFirst and EAGetKeySize, and by removing the loop in ReadVolumeHeader that tests for encryption algorithms. Mounir IDRASSI 2014-10-26 00:33:18 +02:00
  • c61f8c70de Bootloader code optimization: remove code in HMAC implementation in case of boot compilation that is never called since passwords are always less than 64-byte length. We leave it in Windows compilation because it is used to check the implementation against test vectors. Mounir IDRASSI 2014-10-26 00:28:51 +02:00
  • e1a0826ef5 Linux: remove workaround for wxFileType::GetOpenCommand bug in handling path with spaces because it was fixed in wxWidgets 3.0 and this workaround causes problems. Mounir IDRASSI 2014-10-24 22:32:25 +02:00
  • 9c1ddff7e3 Linux: Support NTFS formatting of volume. We use mkfs.ntfs so it needs to be installed on the system. Mounir IDRASSI 2014-10-24 09:30:24 +02:00
  • ea03100d9e Linux/MacOSX : fix encryption/decryption issues with hard drives that have a sector size bigger than 512. Now, we use the sector size as the minimum unit for data fragment encryption/decryption. Mounir IDRASSI 2014-10-24 08:43:05 +02:00
  • 067394d110 MacOSX : Support hard drives with a large sector size ( > 512). Mounir IDRASSI 2014-10-24 08:37:03 +02:00
  • f05f6a00a6 Integrate SHA-256 support into Linux/MacOSX code. Set PRF priority to SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD-160 . Mounir IDRASSI 2014-10-14 21:19:53 +02:00
  • 905a3ff4a5 Small code size optimization for RIPEMD-160 when compiled for boot encryption. Mounir IDRASSI 2014-10-14 17:22:51 +02:00
  • 922a09b634 Use HashForSystemEncryption to check if the algorithm is supported for system partition encryption because we have now two supported algorithms. Mounir IDRASSI 2014-10-14 17:20:44 +02:00
  • f043e6cbf0 Display only allowed hashes when encrypting the system partition (now, SHA-256 and RIPEMD-160). Mounir IDRASSI 2014-10-14 17:18:17 +02:00
  • 68f16dae24 Implement support for creating and booting encrypted partition using SHA-256. Support SHA-256 for normal volumes as well. Mounir IDRASSI 2014-10-14 17:14:54 +02:00
  • f38cf0b694 Add support for SHA-256 in key derivation for bootloader encryption. Create separate bootloader images for SHA-256 and RIPEMD-160. Set SHA-256 as the default PRF for boot encryption and SHA-512 as default PRF for all other cases. Depricate RIPEMD-160. Mounir IDRASSI 2014-10-14 17:09:18 +02:00
  • bd7d151abf Add SHA-256 source specific for upcoming bootloader build because of its small size. It was derived from the libtomcrypt public domain source. Mounir IDRASSI 2014-10-14 17:02:37 +02:00
  • 2fe23a3fa3 Correctly support reinstalling the same version. Overwrite the bootloader if the same version detected. Mounir IDRASSI 2014-10-14 16:58:28 +02:00
  • effb5c7c1e Windows vulnerability fix : finally make bootloader decompressor more robust and secure by adding multiple checks and validation code. This solves the issue found by the Open Crypt Audit project. Note that we had to switch to the slow implementation of the function decode in order to keep the size of the decompressor code under 2K. Mounir IDRASSI 2014-10-06 16:32:03 +02:00
  • 50ca9fe46f Optimization to reduce code size of derive_u_ripemd160. Useful for boatloader. Mounir IDRASSI 2014-10-05 00:34:41 +02:00
  • 0178a6d33f Optimize code space and solve the Serpent issue (https://sourceforge.net/p/veracrypt/discussion/technical/thread/fb09633a/#6406) by removing key length parameter from serpent_set_key and twofish_set_key Mounir IDRASSI 2014-09-27 16:04:07 +02:00
  • 411e8599f3 Call RegCloseKey only if handle is valid. Mounir IDRASSI 2014-09-24 18:31:52 +02:00
  • b80ee2b7b9 Windows : display the correct tray icon when explorer is restarted (i.e. after an explorer crash). Mounir IDRASSI 2014-09-21 21:48:59 +02:00
  • 8a028aca45 Use absolute path in ShellExecute call that was missed when the security fix for Microsoft Security Advisory 2269637 was implemented. Mounir IDRASSI 2014-09-20 19:28:33 +02:00
  • fb12b635ed Update Readme.txt to include more accurate build instructions for Linux and MacOSX VeraCrypt_MacOSX_1.0e VeraCrypt_Linux_1.0e VeraCrypt_1.0e Mounir IDRASSI 2014-09-15 08:55:13 +02:00
  • d761e95133 MacOSX : increment MacOSX installer version to 1.0e Mounir IDRASSI 2014-09-15 07:38:39 +02:00
  • f7d783dda8 Adapt certain functions in the case of Windows bootloader in order to make its size as small as possible. Mounir IDRASSI 2014-09-04 17:21:11 +02:00
  • ccbc2cff0b Increment version to 1.0e for the next release Mounir IDRASSI 2014-09-04 09:35:09 +02:00
  • 809394d383 Include language xml files in the setup Mounir IDRASSI 2014-09-04 09:34:15 +02:00
  • 7c501359b3 Windows vulnerability fix: correct some integer overflow issues using the IntSafe library. Detected by the Open Crypto Audit project Mounir IDRASSI 2014-09-01 00:03:26 +02:00
  • f82e16f0a1 Windows vulnerability fix: correct checking device name to avoid possible bypass attack detected by the Open Crypto Audit project Mounir IDRASSI 2014-09-01 00:00:23 +02:00
  • 4fa4d6d227 Windows vulnerability fix: correct possible BSOD attack targeted towards GetWipePassCount() / WipeBuffer() found by the Open Crypto Audit Project. Mounir IDRASSI 2014-08-31 23:56:37 +02:00
  • e0efb36f33 Revert previous modification on boad-loader decompressor because it increased its size and it became impossible to include it with the SERPENT version of bootloader. The decompressor and the compressed bootloader are copied twice (original and backup) in the 63 first sectors of the hard drive (32K), thus the size limitation. Mounir IDRASSI 2014-08-31 16:50:41 +02:00
  • ef4355acf8 Windows vulnerability fix : make boot-loader decompressor more robust and secure by adding multiple checks and validation code. Note that we had to switch to the slow implementation of the function decode in order to keep the size of the decompressor code under 2K. Mounir IDRASSI 2014-08-27 23:11:54 +02:00
  • 5fcb262539 Windows vulnerability fix : clear sensitive data in Windows kernel driver by using burjn instead of memset Mounir IDRASSI 2014-08-26 00:02:17 +02:00
  • d6aa653648 Windows vulnerability fix : avoid kernel pointer disclosure through a call to TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG but restricting this call to Kernel Mode. Mounir IDRASSI 2014-08-25 22:53:08 +02:00
  • 6de2c143b9 Windows : Specify "IDRIX" in signtool for the subject of the code signing certificate. Mounir IDRASSI 2014-08-25 22:01:10 +02:00
  • 9083f95db0 Remove driver version test that is non application to VeraCrypt and that was wrongly inherited from TrueCrypt. Mounir IDRASSI 2014-08-25 20:08:14 +02:00
  • 03cf7cc566 Correctly handle dialogs from previous versions that used 'TRUE' instead of 'VERA' as a value for GWLP_USERDATA. Mounir IDRASSI 2014-08-25 20:02:45 +02:00
  • f158df394e Windows : correct bug in construction of Format.exe path that prevented the new volume wizard to launch. Mounir IDRASSI 2014-08-25 08:38:42 +02:00
  • bb7ef68040 MacOSX : Update Main Makefile to used the new package name that include the version. VeraCrypt_MacOSX_1.0d Mounir IDRASSI 2014-08-11 07:53:45 +02:00
  • 37891c2bb0 MacOSX : Add detection of MacFUSE compatibility layer in installer. Change package name to include version in order to avoid specifying manually the title of the installer window. Mounir IDRASSI 2014-08-11 07:52:58 +02:00
  • 3e2cf28d92 MacOSX : Correct typos in Main Makefile Mounir IDRASSI 2014-08-11 07:23:33 +02:00
  • 92af806488 MacOSX : change OSXFuse error message to indicate the MacFUSE compatibility layer is needed. Mounir IDRASSI 2014-08-11 07:22:45 +02:00
  • ce44ad4c57 MacOSX : modify Makefile to automatically build and sign the MacOSX installer for VeraCrypt. Mounir IDRASSI 2014-08-11 00:53:13 +02:00
  • a857f6c087 MacOSX : add Packages project that creates the MacOSX installer for VeraCrypt Mounir IDRASSI 2014-08-11 00:52:20 +02:00
  • 0d6443e05a MacOSX : Since we link directly with OSXFuse, change error message to indicate that OSXFuse 2.3+ is needed. Mounir IDRASSI 2014-08-10 23:09:15 +02:00
  • 41a31ac76f MacOSX : Copy console version of VeraCrypt inside the bundle under the name veracrypt_console. Mounir IDRASSI 2014-08-10 10:34:20 +02:00
  • 4fefd61cee MacOSX : Update Fuse error message to display OSXFUSE requirement alongside MacFuse. Mounir IDRASSI 2014-08-09 09:11:05 +02:00
  • 8ee17fd727 MacOSX : Support detection of OSXFUSE and the presence of MacFUSE compatibility layer. Mounir IDRASSI 2014-08-09 09:09:59 +02:00
  • 7aceaf124e MacOSX : copy the help pdf into the VeraCrypt bundle during package creation Mounir IDRASSI 2014-08-09 09:07:44 +02:00
  • f143182cbc MacOSX : correct the name of dmg file used by the rm command Mounir IDRASSI 2014-08-09 08:12:24 +02:00
  • f94707e4ef MacOSX : correct compilation issue caused by system API deprication and use of new wxWidgets. Mounir IDRASSI 2014-07-30 15:39:17 +02:00
  • 73bf608efc MacOSX : Correct issue of compiling assembly files in both 32-bit and 64-bit mode. Modify Makefiles to correct compilation process using latest Xcode. Mounir IDRASSI 2014-07-30 15:37:50 +02:00
  • 6688c9d85a MacOSX : add icns file to be used by VeraCrypt bundle Mounir IDRASSI 2014-07-30 15:20:14 +02:00
  • e8fbc912ce MacOSX : add nasm binary to be used instead of the native one because of the limitations of the version shipped by Apple Mounir IDRASSI 2014-07-30 15:19:18 +02:00
  • 80a26745a6 Linux GUI : hide the wipe choice during volume creation. Remove extra content from wipe choice list. Mounir IDRASSI 2014-07-27 13:03:29 +02:00
  • 88b4628c34 Correct message in Linux VeraCrypt installer to replace truecrypt-uninstall.sh by veracrypt-uninstall.sh Mounir IDRASSI 2014-07-27 12:25:42 +02:00
  • ee9f3101fd Correct compilation error under Linux introduced in latest commit Mounir IDRASSI 2014-07-27 12:20:02 +02:00
  • cb6dad6bd2 Linux/MacOSX port of manual selection of number of passes for volume header over-write operation. Mounir IDRASSI 2014-07-27 03:29:45 +02:00
  • 4d8d59c23d Add description string for the new wipe mode WIPE_MODE_256 in language files. Mounir IDRASSI 2014-07-27 02:38:18 +02:00
  • 1c11ee428d Add option in select the number of passes for volume header over-writing. By default, it is set to 3 but it can be increased to 256 passes (which can lead to a delay of many hours for a single password change operation). Mounir IDRASSI 2014-07-27 02:36:23 +02:00
  • 97154aaf51 Lower number of times we overwrite volume header during the encryption of a partition if the user choose to wipe the driver. Latest studies show that even one pass is enough to make data irretrievable. A value of 3 is a conservative approach that enhance performance without scarifying security. http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html http://digital-forensics.sans.org/blog/2009/01/15/overwriting-hard-drive-data/ Mounir IDRASSI 2014-07-26 17:46:17 +02:00
  • 1ddae20932 Correct Linux compilation after removing legacy cryptographic code. Mounir IDRASSI 2014-07-20 13:15:28 +02:00
  • a5c1978eef Remove remaining legacy cryptographic algorithms that are never used by VeraCrypt. Mounir IDRASSI 2014-07-20 12:30:58 +02:00
  • 75f7808719 Remove deprecated/legacy cryptographic algorithms and encryption modes that are never used by VeraCrypt. This will speed up volumes opening in many cases. Mounir IDRASSI 2014-07-20 05:11:10 +02:00
  • 0594532cf1 Mount.c : call burn directly in szFileName instead of (&szFileName). This was not an issue because the compiler returns the same address for both, but for the sake of clarity it had to be corrected. Mounir IDRASSI 2014-07-14 17:43:31 +02:00
  • c220db0128 Static Code Analysis : Generalize the use of Safe String functions. Add some NULL pointer checks. Avoid false-positive detection in AppendMenu (MF_SEPARATOR) calls by setting the last parameter to "" instead of NULL. Mounir IDRASSI 2014-07-14 17:41:09 +02:00
  • c01f392a7b Static Code Analysis : Use Safe String function in Dlgcode.c. Add byte size parameter in various functions to help implement secure handling of strings. Mounir IDRASSI 2014-07-14 17:34:26 +02:00
  • bbc738c490 Static Code Analysis : Add various NULL pointers checks Mounir IDRASSI 2014-07-14 17:32:57 +02:00
  • 8bf58486af Static Code Analysis : Add NULL pointers checks on the result of ATL string conversion. Avoid some conversions by using UNICODE functions directly. Mounir IDRASSI 2014-07-14 17:24:13 +02:00
  • ba733dd032 Use Safe String functions in Registry.c and add a unicode version of WriteLocalMachineRegistryDword function to avoid doing conversions when used. Mounir IDRASSI 2014-07-14 17:20:32 +02:00
  • 016edc150b Static Code Analysis : Use Safe String functions in Setup code to avoid potential security issues. Mounir IDRASSI 2014-07-14 17:18:01 +02:00
  • 5c1db9d0e1 Static Code Analysis : Add check on the return of strtok inside mkfulldir_internal to avoid warning. Mounir IDRASSI 2014-07-14 17:16:39 +02:00
  • f3625a080f Static Code Analysis: Correctly initialize variables to avoid false-positive detection in the boot code. Mounir IDRASSI 2014-07-14 17:02:16 +02:00
  • 3137d36d9a Static Code Analysis : Use Safe string functions inside VeraCrypt Device Driver to avoid potential security issues. Add many checks for NULL pointers to handle low memory use cases. Mounir IDRASSI 2014-07-14 16:59:14 +02:00
  • 516fda09a7 Remove test inherited from TrueCrypt because it's always true since we inherited from version 0x71a Mounir IDRASSI 2014-07-11 13:17:31 +02:00
  • 626a3aedd7 Disable posting the results of minidump analysis until a dedicated URL is put in place. Mounir IDRASSI 2014-07-09 13:01:51 +02:00
  • c7c8e28655 Disable crash handling until we put in place a dedicated URL for posting crash information. Mounir IDRASSI 2014-07-09 13:00:55 +02:00
  • 469f1dba40 Remove unused label. Mounir IDRASSI 2014-07-09 12:58:37 +02:00
  • 515495f2f3 Static Code Analysis : Correctly initialize member variable in HostDevice constructor Mounir IDRASSI 2014-07-09 12:56:28 +02:00
  • 7bb812af66 Static Code Analysis : Avoid using invalidate integer value received from GetFileSize. Mounir IDRASSI 2014-07-09 12:55:46 +02:00
  • 9d027b02b9 Static Code Analysis : fix usage of strncpy and sscanf. Mounir IDRASSI 2014-07-09 05:38:35 +02:00
  • 899a22b840 Static Code Analysis : fix various memory leaks. Mounir IDRASSI 2014-07-09 05:35:56 +02:00
  • 5281e2d3b9 Static Code Analysis : fix resource leakage by ensuring that all Windows handles are released properly Mounir IDRASSI 2014-07-09 05:32:14 +02:00
  • 2a288a7e12 Static Code Analysis : Avoid potential overflow when parsing language file by specifying width for 's' conversion specifier Mounir IDRASSI 2014-07-09 05:26:48 +02:00
  • f67748ae8e Static Code Analysis : fix non-absolute DLL/process loads that can be hijacked (Microsoft Security Advisory 2269637). Mounir IDRASSI 2014-07-09 02:20:39 +02:00
  • d6817f941a Static Code Analysis : Add virtual attribute to destructor of classes that have virtual methods inherited from a base class Mounir IDRASSI 2014-07-09 02:04:11 +02:00
  • f19cfb3361 Static Code Analysis : Correctly initialize member variables in various constructors Mounir IDRASSI 2014-07-09 02:01:57 +02:00
  • 9bb962c8bb Fix password memory leak inside the Device driver in boot encryption mode. Mounir IDRASSI 2014-07-07 23:58:10 +02:00
  • 0dda93ca47 Avoid changing metadata (ownership, permission,etc) of /usr when unpacking VeraCrypt tar package VeraCrypt_Linux_1.0d Mounir IDRASSI 2014-07-03 14:12:54 +02:00
  • c2d4bf6207 Set the Execute bit for VeraCrypt uninstall script before copying it to the tar package Mounir IDRASSI 2014-07-03 14:10:22 +02:00
  • a9404c2bff Remove VeraCrypt version number from Readme.txt. Mounir IDRASSI 2014-06-29 16:20:40 +02:00
  • 5218b6dfe8 Add VeraCrypt specific Linux packaging code in Makefiles and add various helper scripts. The original TrueCrypt sources didn't contain anything about this. Mounir IDRASSI 2014-06-24 00:48:17 +02:00
  • 41a22ca4e7 Change namespace from TrueCrypt to VeraCrypt. Rename method from Resources Resources::GetTrueCryptIcon to Resources::GetVeraCryptIcon. Mounir IDRASSI 2014-06-22 16:02:42 +02:00
  • 17823cb58c Update wxFormBuild file to latest version (3.5 beta) and generate new Forms.cpp/Forms.h files. Mounir IDRASSI 2014-06-22 15:40:02 +02:00
  • a81790329f Point to the SourceForge website instead of idrix.fr for the application link. Remove OS parameter is URL constructed under Linux/MacOSX Mounir IDRASSI 2014-06-18 23:17:53 +02:00
  • 4b6594325f Update wxWidgets compilation flags in order to be compatible with wxWidgets 3.0 and remove unneeded dependencies to ensure maximum compatibility. Mounir IDRASSI 2014-06-17 20:36:34 +02:00
  • e1de322ed3 Replace 'TRUE' by 'VERA' in some GUI constants and comments Mounir IDRASSI 2014-06-16 19:11:37 +02:00
  • b6dc9e9e15 Change legacy version check in newly added Linux/MacOSX sources from 0x600 (TrueCrypt) to 0x10b Mounir IDRASSI 2014-06-16 19:11:12 +02:00