Merge bcb8490430 into aaf42a84a7

Proposed by @kriegste on https://github.com/veracrypt/VeraCrypt/issues/360

src/Build/build_veracrypt_macosx.sh

@@ -7,36 +7,77 @@
 # code distribution packages.
 #
 
-# Absolute path this script is in
-SCRIPTPATH=$(cd "$(dirname "$0")"; pwd)
-# source directory which contains the Makefile
-SOURCEPATH=$(cd "$(dirname "$SCRIPTPATH/../.")"; pwd)
-# directory where the VeraCrypt project has been checked out
-PARENTDIR=$(cd "$(dirname "$SCRIPTPATH/../../../.")"; pwd)
+# Exit immediately if a command exits with a non-zero status
+set -e
 
-while getopts bpf flag
+# Absolute path this script is in
+SCRIPTPATH=$(cd "$(dirname "$0")" && pwd)
+# source directory which contains the Makefile
+SOURCEPATH=$(cd "$(dirname "$SCRIPTPATH/../.")" && pwd)
+# directory where the VeraCrypt project has been checked out
+PARENTDIR=$(cd "$(dirname "$SCRIPTPATH/../../../.")" && pwd)
+
+# Default wxWidgets version
+DEFAULT_WX_VERSION="3.2.5"
+WX_VERSION="$DEFAULT_WX_VERSION"
+
+# Initialize flags
+brew=false
+package=false
+fuset=false
+local_build=false
+
+# Function to display usage information
+usage() {
+    echo "Usage: $0 [options]"
+    echo "Options:"
+    echo "  -b           Use Homebrew to build with precompiled packages"
+    echo "  -p           Create a package after building"
+    echo "  -f           Build with FUSE-T support"
+    echo "  -l           Use local wxWidgets and disable universal binaries"
+    echo "  -v <version> Specify wxWidgets version (default: $DEFAULT_WX_VERSION)"
+    echo "  -h           Display this help message"
+    exit 1
+}
+
+# Parse command-line options
+while getopts "bpflv:h" flag
 do
     case "${flag}" in
         b) brew=true;;
         p) package=true;;
         f) fuset=true;;
+        l) local_build=true;;
+        v)
+            if [ -z "$OPTARG" ]; then
+                echo "Error: -v requires a version argument."
+                usage
+            fi
+            WX_VERSION=${OPTARG}
+            ;;
+        h) usage;;
+        *) usage;;
     esac
 done
 
-export VC_OSX_FUSET=0
+export VC_OSX_FUSET=$([ "$fuset" = true ] && echo 1 || echo 0)
 
-if [ -n "$fuset" ]; then
+if [ "$fuset" = true ]; then
     echo "Building VeraCrypt with FUSE-T support"
-    VC_OSX_FUSET=1
 else
     echo "Building VeraCrypt with MacFUSE support"
 fi
 
-if [ -n "$brew" ]; then
-    export VC_OSX_SDK=$(xcrun --show-sdk-version) #use the latest version installed, this might fail
+if [ "$brew" = true ]; then
+    if ! command -v brew &> /dev/null; then
+        echo "Homebrew is not installed. Please install Homebrew or run without the -b flag."
+        exit 1
+    fi
+
+    export VC_OSX_SDK=$(xcrun --show-sdk-version) # use the latest version installed, this might fail
     export VC_OSX_TARGET=${VC_OSX_SDK}
     echo "Using MacOSX SDK $VC_OSX_SDK with target set to $VC_OSX_TARGET"
-    cd $SOURCEPATH
+    cd "$SOURCEPATH"
 
     echo "Building VeraCrypt with precompiled homebrew packages"
     cellar=$(brew --cellar "wxwidgets")
@@ -48,43 +89,49 @@ if [ -n "$brew" ]; then
     export CPU_ARCH=$(uname -m)
     export AS=$(which yasm)
     export COMPILE_ASM=$( if [[ "$CPU_ARCH" != "arm64" ]]; then echo true; else echo false; fi )
-    make clean && make
-    if [ -n "$package" ]; then
+    make clean
+    make
+    if [ "$package" = true ]; then
         make package
     fi
     exit 0
 fi
 
-# Check the condition of wxBuildConsole and wxWidgets-3.2.5 in the original PARENTDIR
+if [ "$local_build" = true ]; then
+    echo "Building VeraCrypt with local wxWidgets support and no universal binary"
+    export LOCAL_DEVELOPMENT_BUILD=true
+fi
+
+# Check the condition of wxBuildConsole and wxWidgets-$WX_VERSION in the original PARENTDIR
 if [ -d "$PARENTDIR/wxBuildConsole" ]; then
     echo "Using existing PARENTDIR: $PARENTDIR, wxBuildConsole is present."
-elif [ -d "$PARENTDIR/wxWidgets-3.2.5" ]; then
-    echo "Using existing PARENTDIR: $PARENTDIR, wxWidgets-3.2.5 is present."
+elif [ -d "$PARENTDIR/wxWidgets-$WX_VERSION" ]; then
+    echo "Using existing PARENTDIR: $PARENTDIR, wxWidgets-$WX_VERSION is present."
 else
     # Change PARENTDIR to /tmp and check conditions again
     export PARENTDIR="/tmp"
     if [ -d "$PARENTDIR/wxBuildConsole" ]; then
         echo "Switched to PARENTDIR: /tmp, wxBuildConsole is present in /tmp."
-    elif [ -d "$PARENTDIR/wxWidgets-3.2.5" ]; then
-        echo "Switched to PARENTDIR: /tmp, wxWidgets-3.2.5 is present in /tmp."
+    elif [ -d "$PARENTDIR/wxWidgets-$WX_VERSION" ]; then
+        echo "Switched to PARENTDIR: /tmp, wxWidgets-$WX_VERSION is present in /tmp."
     else
-        echo "Error: Neither wxBuildConsole nor wxWidgets-3.2.5 found in /tmp. Exiting."
+        echo "Error: Neither wxBuildConsole nor wxWidgets-$WX_VERSION found in /tmp. Exiting."
         exit 1
     fi
 fi
 
-# The sources of wxWidgets 3.2.5 must be extracted to the parent directory
-export WX_ROOT=$PARENTDIR/wxWidgets-3.2.5
+# The sources of wxWidgets $WX_VERSION must be extracted to the parent directory
+export WX_ROOT="$PARENTDIR/wxWidgets-$WX_VERSION"
 
 # this will be the temporary wxWidgets directory
-export WX_BUILD_DIR=$PARENTDIR/wxBuild-3.2.5
+export WX_BUILD_DIR="$PARENTDIR/wxBuild-$WX_VERSION"
 
 # define the SDK version to use and OSX minimum target. We target 12 by default
 export VC_OSX_TARGET=12
 export VC_OSX_SDK=$(xcrun --show-sdk-version) #use the latest version installed
 echo "Using MacOSX SDK $VC_OSX_SDK with target set to $VC_OSX_TARGET"
 
-cd $SOURCEPATH
+cd "$SOURCEPATH"
 
 echo "Building VeraCrypt"
 # Check if wx-config exists in WX_BUILD_DIR
@@ -92,8 +139,12 @@ if [ -L "${WX_BUILD_DIR}/wx-config" ]; then
     echo "wx-config already exists in ${WX_BUILD_DIR}. Skipping wxbuild."
 else
     echo "Using wxWidgets sources in $WX_ROOT"
-    make WXSTATIC=FULL wxbuild || exit 1
+    make WXSTATIC=FULL wxbuild
 fi
-make WXSTATIC=FULL clean || exit 1
-make WXSTATIC=FULL || exit 1
-make WXSTATIC=FULL package || exit 1
+make WXSTATIC=FULL clean
+make WXSTATIC=FULL
+if [ "$package" = true ]; then
+    make WXSTATIC=FULL package
+fi
+
+echo "VeraCrypt build completed successfully."

src/Common/BootEncryption.cpp

@@ -2636,7 +2636,7 @@ namespace VeraCrypt
 	bool EfiBoot::IsEfiBoot() {
 		DWORD BootOrderLen;
 		BootOrderLen = GetFirmwareEnvironmentVariable(L"BootOrder", EfiVarGuid, tempBuf, sizeof(tempBuf));
-		return BootOrderLen != 0;
+		return (BootOrderLen != 0) || (GetLastError() != ERROR_INVALID_FUNCTION);
 	}
 
 	void EfiBoot::DeleteStartExec(uint16 statrtOrderNum, wchar_t* type) {
@@ -2651,16 +2651,9 @@ namespace VeraCrypt
 		}
 		// Check EFI
 		if (!IsEfiBoot()) {
-			dwLastError = GetLastError();
-			if (dwLastError != ERROR_SUCCESS)
-			{
-				if (!bPrivilegesSet)
-					SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
-				// format message to append the error code to the exception message
-				wchar_t szMsg[128];
-				StringCchPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x%.8X)", dwLastError);
-				throw ErrorException(szMsg, SRC_POS);
-			}
+			if (!bPrivilegesSet)
+				SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
+			throw ErrorException(L"Failed to detect EFI environment (error ERROR_INVALID_FUNCTION)", SRC_POS);
 		}
 		wchar_t	varName[256];
 		StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum);
@@ -2720,16 +2713,9 @@ namespace VeraCrypt
 		}
 		// Check EFI
 		if (!IsEfiBoot()) {
-			dwLastError = GetLastError();
-			if (dwLastError != ERROR_SUCCESS)
-			{
-				if (!bPrivilegesSet)
-					SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
-				// format message to append the error code to the exception message
-				wchar_t szMsg[1024];
-				StringCchPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x%.8X)", dwLastError);
-				throw ErrorException(szMsg, SRC_POS);
-			}
+			if (!bPrivilegesSet)
+				SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
+			throw ErrorException(L"Failed to detect EFI environment (error ERROR_INVALID_FUNCTION)", SRC_POS);
 		}
 		
 		if (bDeviceInfoValid)

src/Format/Tcformat.c

@@ -4165,6 +4165,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 				int ea, hid;
 				wchar_t buf[100];
 
+				srand(time(NULL));
+
 				// Encryption algorithms
 
 				SendMessage (GetDlgItem (hwndDlg, IDC_COMBO_BOX), CB_RESETCONTENT, 0, 0);
@@ -4180,6 +4182,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 						AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX), EAGetName (buf, ARRAYSIZE(buf),ea, 1), ea);
 				}
 
+				nVolumeEA = rand() % 5 + 1;
+
 				SelectAlgo (GetDlgItem (hwndDlg, IDC_COMBO_BOX), &nVolumeEA);
 				ComboSelChangeEA (hwndDlg);
 				SetFocus (GetDlgItem (hwndDlg, IDC_COMBO_BOX));
@@ -4190,14 +4194,21 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 
 				if (SysEncInEffect ())
 				{
+					int x = 0;
+
 					hash_algo = bSystemIsGPT? SHA512 : DEFAULT_HASH_ALGORITHM_BOOT;
 					RandSetHashFunction (hash_algo);
 
 					for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
 					{
 						if ((!HashIsDeprecated (hid)) && (bSystemIsGPT || HashForSystemEncryption (hid)))
+						{
 							AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
+							++x;
+						}
 					}
+
+					hash_algo = rand() % x + 1;
 				}
 				else
 				{
@@ -4207,6 +4218,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 						if (!HashIsDeprecated (hid))
 							AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
 					}
+
+					hash_algo = rand() % 5 + 1;
 				}
 
 				SelectAlgo (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), &hash_algo);

src/Main/CommandLineInterface.cpp

@@ -29,6 +29,7 @@ namespace VeraCrypt
 		ArgPim (-1),
 		ArgSize (0),
 		ArgVolumeType (VolumeType::Unknown),
+		ArgAllowScreencapture (false),
 		ArgDisableFileSizeCheck (false),
 		ArgUseLegacyPassword (false),
 #if defined(TC_LINUX ) || defined (TC_FREEBSD)
@@ -41,6 +42,9 @@ namespace VeraCrypt
 
 		parser.SetSwitchChars (L"-");
 
+#if defined(TC_WINDOWS) || defined(TC_MACOSX)
+		parser.AddSwitch (L"",  L"allow-screencapture",	_("Allow window to be included in screenshots and screen captures (Windows/MacOS)"));
+#endif
 		parser.AddOption (L"",  L"auto-mount",			_("Auto mount device-hosted/favorite volumes"));
 		parser.AddSwitch (L"",  L"backup-headers",		_("Backup volume headers"));
 		parser.AddSwitch (L"",  L"background-task",		_("Start Background Task"));
@@ -142,6 +146,11 @@ namespace VeraCrypt
 			ArgMountOptions = Preferences.DefaultMountOptions;
 		}
 
+#if defined(TC_WINDOWS) || defined(TC_MACOSX)
+		ArgAllowScreencapture = parser.Found (L"allow-screencapture");
+#else
+		ArgAllowScreencapture = true; // Protection against screenshots is supported only on Windows and MacOS
+#endif
 		// Commands
 		if (parser.Found (L"auto-mount", &str))
 		{

src/Main/CommandLineInterface.h

@@ -84,6 +84,7 @@ namespace VeraCrypt
 		VolumeInfoList ArgVolumes;
 		VolumeType::Enum ArgVolumeType;
         shared_ptr<SecureBuffer> ArgTokenPin;
+        bool ArgAllowScreencapture;
         bool ArgDisableFileSizeCheck;
         bool ArgUseLegacyPassword;
 #if defined(TC_LINUX ) || defined (TC_FREEBSD)

src/Main/Forms/MainFrame.cpp

@@ -84,6 +84,7 @@ namespace VeraCrypt
 		InitTaskBarIcon();
 		InitEvents();
 		InitMessageFilter();
+		InitWindowPrivacy();
 
 		if (!GetPreferences().SecurityTokenModule.IsEmpty() && !SecurityToken::IsInitialized())
 		{
@@ -470,6 +471,12 @@ namespace VeraCrypt
 #endif
 	}
 
+
+	void MainFrame::InitWindowPrivacy ()
+	{
+		Gui->SetContentProtection(!CmdLine->ArgAllowScreencapture);
+	}
+
 	void MainFrame::InitPreferences ()
 	{
 		try

src/Main/Forms/MainFrame.h

@@ -84,6 +84,7 @@ namespace VeraCrypt
 		void InitMessageFilter ();
 		void InitPreferences ();
 		void InitTaskBarIcon ();
+		void InitWindowPrivacy();
 		bool IsFreeSlotSelected () const { return SlotListCtrl->GetSelectedItemCount() == 1 && Gui->GetListCtrlSubItemText (SlotListCtrl, SelectedItemIndex, ColumnPath).empty(); }
 		bool IsMountedSlotSelected () const { return SlotListCtrl->GetSelectedItemCount() == 1 && !Gui->GetListCtrlSubItemText (SlotListCtrl, SelectedItemIndex, ColumnPath).empty(); }
 		void LoadFavoriteVolumes ();

src/Main/GraphicUserInterface.cpp

@@ -1874,6 +1874,14 @@ namespace VeraCrypt
 		listCtrl->SetMinSize (wxSize (width, listCtrl->GetMinSize().GetHeight()));
 	}
 
+
+	void GraphicUserInterface::SetContentProtection (bool enable) const
+	{
+#if defined(TC_WINDOWS) || defined(TC_MACOSX)
+		GetActiveWindow()->SetContentProtection(enable ? wxCONTENT_PROTECTION_ENABLED : wxCONTENT_PROTECTION_NONE);
+#endif
+	}
+
 	void GraphicUserInterface::ShowErrorTopMost (const wxString &message) const
 	{
 		ShowMessage (message, wxOK | wxICON_ERROR, true);

src/Main/GraphicUserInterface.h

@@ -86,6 +86,7 @@ namespace VeraCrypt
 		virtual void SetListCtrlColumnWidths (wxListCtrl *listCtrl, list <int> columnWidthPermilles, bool hasVerticalScrollbar = true) const;
 		virtual void SetListCtrlHeight (wxListCtrl *listCtrl, size_t rowCount) const;
 		virtual void SetListCtrlWidth (wxListCtrl *listCtrl, size_t charCount, bool hasVerticalScrollbar = true) const;
+		virtual void SetContentProtection(bool enable) const;
 		virtual void ShowErrorTopMost (char *langStringId) const { ShowErrorTopMost (LangString[langStringId]); }
 		virtual void ShowErrorTopMost (const wxString &message) const;
 		virtual void ShowInfoTopMost (char *langStringId) const { ShowInfoTopMost (LangString[langStringId]); }