nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-11-28 05:53:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Windows: Block upgrade of VeraCrypt is the system is encrypted using RIPEMD-160 or GOST89 since they are not supported anymore.

Browse Source
This commit is contained in:
Mounir IDRASSI 2022-03-20 20:53:20 +01:00
parent dd0f3cd167
commit 5383190518
No known key found for this signature in database
GPG Key ID: 02C30AE90FAE4A6F
5 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/Common/BootEncryption.cpp
View File

@ -5832,4 +5832,32 @@ namespace VeraCrypt
{ {
return (::RestartComputer(bShutdown) != FALSE); return (::RestartComputer(bShutdown) != FALSE);
} }
bool BootEncryption::IsUsingUnsupportedAlgorithm(LONG driverVersion)
{
bool bRet = false;
try
{
if (driverVersion <= 0x125)
{
// version 1.25 is last version to support RIPEMD160 and GOST89
static int GOST89_EA = 5;
static int RIPEMD160_PRF = 4;
VOLUME_PROPERTIES_STRUCT props = {0};
GetVolumeProperties(&props);
//
if (props.ea == GOST89_EA || props.pkcs5 == RIPEMD160_PRF)
bRet = true;
}
}
catch(...)
{
}
return bRet;
}
} }

1
src/Common/BootEncryption.h
View File

@ -313,6 +313,7 @@ namespace VeraCrypt
void RestoreSystemLoader (); void RestoreSystemLoader ();
static void UpdateSetupConfigFile (bool bForInstall); static void UpdateSetupConfigFile (bool bForInstall);
void GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded); void GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded);
bool IsUsingUnsupportedAlgorithm(LONG driverVersion);
protected: protected:
static const uint32 RescueIsoImageSize = 1835008; // Size of ISO9660 image with bootable emulated 1.44MB floppy disk image static const uint32 RescueIsoImageSize = 1835008; // Size of ISO9660 image with bootable emulated 1.44MB floppy disk image

1
src/Common/Language.xml
View File

@ -1567,6 +1567,7 @@
<entry lang="en" key="VOLUME_HOST_IN_USE">WARNING: The host file/device {0} is already in use!\n\nIgnoring this can cause undesired results including system instability. All applications that might be using the host file/device should be closed before mounting the volume.\n\nContinue mounting?</entry> <entry lang="en" key="VOLUME_HOST_IN_USE">WARNING: The host file/device {0} is already in use!\n\nIgnoring this can cause undesired results including system instability. All applications that might be using the host file/device should be closed before mounting the volume.\n\nContinue mounting?</entry>
<entry lang="en" key="CANT_INSTALL_WITH_EXE_OVER_MSI">VeraCrypt was previously installed using an MSI package and so it can't be updated using the standard installer.\n\nPlease use the MSI package to update your VeraCrypt installation.</entry> <entry lang="en" key="CANT_INSTALL_WITH_EXE_OVER_MSI">VeraCrypt was previously installed using an MSI package and so it can't be updated using the standard installer.\n\nPlease use the MSI package to update your VeraCrypt installation.</entry>
<entry lang="en" key="IDC_USE_ALL_FREE_SPACE">Use all available free space</entry> <entry lang="en" key="IDC_USE_ALL_FREE_SPACE">Use all available free space</entry>
<entry lang="en" key="SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ALGORITHM">VeraCrypt cannot be upgraded because the system partition/drive was encrypted using an algorithm that is not supported anymore.\nPlease decrypt your system before upgrading VeraCrypt and then encrypt it again.</entry>
</localization> </localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt"> <xs:element name="VeraCrypt">

4
src/Setup/Setup.c
View File

@ -1726,6 +1726,10 @@ BOOL DoDriverUnload (HWND hwndDlg)
if (CurrentOSMajor == 6 && CurrentOSMinor == 0 && CurrentOSServicePack < 1) if (CurrentOSMajor == 6 && CurrentOSMinor == 0 && CurrentOSServicePack < 1)
AbortProcess ("SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ON_VISTA_SP0"); AbortProcess ("SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ON_VISTA_SP0");
// check if we are upgrading a system encrypted with unsupported algorithms
if (bootEnc.IsUsingUnsupportedAlgorithm(driverVersion))
AbortProcess ("SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ALGORITHM");
SystemEncryptionUpdate = TRUE; SystemEncryptionUpdate = TRUE;
PortableMode = FALSE; PortableMode = FALSE;
} }

8
src/SetupDLL/Setup.c
View File

@ -1560,6 +1560,14 @@ BOOL DoDriverUnload_Dll (MSIHANDLE hInstaller, HWND hwnd)
goto end; goto end;
} }
// check if we are upgrading a system encrypted with unsupported algorithms
if (bootEnc.IsUsingUnsupportedAlgorithm(driverVersion))
{
MSILogAndShow(hInstaller, MSI_ERROR_LEVEL, GetString("SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ALGORITHM"));
bOK = FALSE;
goto end;
}
SystemEncryptionUpdate = TRUE; SystemEncryptionUpdate = TRUE;
PortableMode = FALSE; PortableMode = FALSE;
} }