Emit NASM-compatible .pdata/.xdata records for the x64 table AES routines and AES-NI 32-block paths.
Describe the nonvolatile GP and XMM6-XMM15 saves so kernel stack unwinding can cross these routines reliably.
Gate the metadata on win64 output so ELF and Mach-O builds keep their existing assembly paths.
Only call the one-block assembly helper when one block remains after the three-block loop.
This prevents zero-block and multiple-of-three requests from reading and writing one extra block past the caller buffer.
Add a Twofish multiblock self-test covering block counts 0 through 9.
Align CRYPTO_INFO primary and secondary key-schedule buffers so cipher implementations can safely use word-sized schedule access on VeraCrypt-managed storage.
Keep generic Camellia direct uint64 schedule indexing. Builds that define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS use direct 64-bit key and block byte loads/stores; memcpy is retained only for strict-alignment builds.
Require SSSE3 before using the x64 AESNI 16-way Camellia path because the assembly uses pshufb in addition to AES and AVX.
CRYPTOPP_BOOL_X64 is defined as 0 on non-x64 builds, so #ifdef made HasSSE2() and HasISSE() always true. Use #if so non-x64 builds follow runtime feature detection and DisableCPUExtendedFeatures().
Ensure SHA-256 and SHA-512 PBKDF cancellation paths restore saved extended processor state before cleanup. Remove unnecessary extended-state save/restore around BLAKE2s, which does not use AVX in the current implementation.
Hidden volumes are forced to quick format to avoid rewriting the hidden data area. Keep that behavior while skipping the file-container allocation shortcut that writes plaintext zero sectors at 128 MiB intervals.
The allocation shortcut remains enabled for non-hidden file containers; hidden containers now use only the encrypted formatter write path for sectors that are written.
Enhance build_msi_x64.bat to enumerate installed Windows Kits 10 SDK bin directories matching 10.* and select the newest x86 path that contains the MSI tools.
Keep VC_DIR_PLATFORMSDK as the first override and preserve the existing fixed SDK fallback paths for older installations.
Require MsiInfo.exe during discovery as well as msitran.exe and msidb.exe so the selected SDK path supports the final MSI metadata step.
Replace outdated Visual Studio 2010/2019 and legacy Windows SDK 7.1, WDK 7.1, and Windows 8.1 SDK guidance with the current Visual Studio 2022/v143 toolchain, Windows 10/11 SDK, and WDK requirements.
Document NASM, YASM, WiX Toolset v3.x, signtool.exe, and optional legacy BIOS bootloader tools separately. Update the build flow for x64, ARM64, Win32 setup/helper projects, and explicit Driver project builds.
Align the zh-cn and ru translated guides with the updated English content while preserving their existing translation style. Fix test certificate paths to use src/Signing/TestCertificate.
Route Linux GUI mounted-volume opens through Windows Explorer when WSL interop is available, before falling back to xdg-open and known file managers.
Detect WSL by checking for /usr/bin/wslinfo and /usr/bin/wslpath, build the target path from the WSL root UNC so /mnt/<drive> mount points stay in the WSL VFS overlay, and launch Explorer directly so the folder argument is preserved.
BMI2 support is advertised by CPUID leaf 7, subleaf 0, EBX bit 8. The previous early assignment used CPUID leaf 1 EBX bit 8, which is not the BMI2 feature bit and could leave a bogus fallback value before vendor-specific leaf 7 detection.
Keep BMI2 detection based on the leaf 7 result only. Unlike AVX2, BMI2 is GPR-only and does not require an OS/XCR0 state gate.
Also save the max basic CPUID leaf immediately after CPUID leaf 0. The AMD/Hygon path reuses the cpuid buffer for leaf 0x80000005 before checking whether leaf 7 is available, so using the saved max basic leaf prevents RDSEED, AVX2, and BMI2 detection from being skipped because that buffer was clobbered.
AVX2 support is advertised by CPUID leaf 7, subleaf 0, EBX bit 5. The previous early assignment used cpuid1[1] bit 5, which is CPUID leaf 1 EBX and is not the AVX2 feature bit.
Record the leaf 7 AVX2 bit separately and assign g_hasAVX2 only after vendor-specific detection has completed. The final value is now gated by g_hasAVX, which reflects the OS/XCR0 AVX state check, so AVX2 code is not selected unless both the CPU and OS state support it.
Move the Unmount All mnemonic away from the single-volume Unmount action in the Windows resources and affected language files. This keeps the two main actions reachable through distinct keyboard accelerators across packaged translations.
Fixes https://github.com/veracrypt/VeraCrypt/issues/1751
Ensure ESP file writes have true replace semantics even when the operation is delegated to the elevated COM helper. This prevents shorter edits of EFI\VeraCrypt\DcsProp from leaving stale bytes at the end of the file.
Also XML-escape decoded EFI boot configuration values before serializing them, preserving values containing characters such as <, > and & during EfiBootConf save/update paths.
Fixes#954.
Mount temporary ReFS volumes as fixed media, since Windows does not support ReFS on removable media. Use FMIFS_HARDDISK for the FormatEx fallback while preserving the removable-media path for NTFS and exFAT.
Also make the FormatEx DONE-with-failure status explicit and guard against a missing callback parameter.
The GUI single-instance lock was previously created through wxSingleInstanceChecker without an explicit Unix path, causing wxWidgets to place .VeraCrypt-lock-$USER directly in the user home directory.
Resolve a private lock directory before constructing wxSingleInstanceChecker. Prefer $XDG_RUNTIME_DIR/VeraCrypt, then $XDG_CACHE_HOME/VeraCrypt, then ~/.cache/VeraCrypt, and keep the previous home-directory behavior only as a final fallback if no XDG location can be used.
Update stale-lock cleanup to remove the lock from the same resolved directory, so false-positive cleanup continues to work after moving the lock out of $HOME.
Fixes https://github.com/veracrypt/VeraCrypt/issues/819
The Unix volume creation wizard applied the FAT32 sector-count limit as a blanket check for device-hosted hidden-volume outer volumes. On 512e disks Linux reports 512-byte logical sectors, so this incorrectly rejected larger device-hosted outer volumes even when the selected outer filesystem was not FAT.
Compute the actual VeraCrypt filesystem/data area size through a shared helper and apply the FAT32 size limit only when FAT is selected. This preserves correct FAT validation while allowing non-FAT outer volumes to proceed to the existing hidden-volume size estimation flow.
Update text-mode creation so FAT is not offered when the selected size cannot support it, and default to the platform native filesystem in that case. Clarify the user-facing FAT limit wording to refer to logical sector size.
Fixes#262
On macOS, the same whole disk can be addressed as both /dev/diskN and /dev/rdiskN. The GUI creation wizard only compared the selected path against the enumerated raw device path, so manually entering the block-device alias could bypass the existing DEVICE_PARTITIONS_ERR guard and allow formatting a disk that still had partitions.
Add a shared macOS device-path comparison helper that normalizes paths to their raw-device form before comparison. Use it in the GUI wizard so /dev/diskN and /dev/rdiskN are treated as the same whole-disk target while partition paths remain distinct.
Apply the same partitioned whole-device guard in the text/CLI creation path as well, including the macOS alias normalization, so command-line creation cannot format a partitioned top-level disk through an alternate device alias.
Fixes#728
Remove the remaining generated-form alignment flag that wxWidgets ignores in box sizers: the language page system-default button bottom alignment combined with wxEXPAND. Preserve the Legal Notices OK button centering and keep Forms.cpp and TrueCrypt.fbp in sync.
Keep the existing global sizer consistency check suppressions in place pending additional testing.
Follow-up to issue #49.
Install a macOS-specific secure text field hotkey handler so Command-A selects the full contents of password controls when Cocoa does not route the shortcut through wxWidgets accelerators. Keep the existing wxWidgets accelerator handler for Command-V and Command-A, and recognize the standard paste/select-all IDs when they do reach the C++ event path.
Add Objective-C++ compilation support for the macOS helper and include it in the GUI target only on macOS.
Fixes https://github.com/veracrypt/VeraCrypt/issues/1567
Pass -R to newfs_exfat in both GUI and text-mode volume creation so macOS derives a fresh exFAT layout instead of preserving stale geometry from an existing exFAT boot region. This matches Finder/Disk Utility erase behavior.
Validated on Windows 11: chkdsk no longer reports boot-region corruption on volumes formatted this way.
Fixes#1021.
The volume size page populates the unit wxChoice after the generated base class has already fit the empty control. On macOS this can leave the closed choice too narrow, truncating MiB to .... Measure the localized unit labels after appending them and set a sufficient minimum width.
On Unix and macOS, the hidden volume wizard estimates the available space for non-FAT outer filesystems using statvfs(). The previous calculation used f_bsize with f_bavail, which can overstate available bytes on macOS exFAT because f_bsize may be the preferred I/O size instead of the fragment size associated with the block counts.
Use f_frsize when it is reported, fall back to f_bsize, and clamp the non-FAT estimate to the actual outer VeraCrypt data size before applying the existing 80% safety heuristic.
Also harden hidden volume creation in both the cross-platform VolumeCreator path and the Windows/common formatting path by rejecting sizes that would exceed the hidden host data area and overlap volume header space.
Fixes#1037
Bundle the FUSE2 userspace library inside the AppImage AppDir and make AppRun prefer APPDIR/usr/lib. This lets the bundled VeraCrypt binary resolve libfuse.so.2 on systems where FUSE2 userspace packages are no longer installed by default.
Name AppImage artifacts according to the GTK backend detected during the build. GTK3 builds keep the default VeraCrypt-<version>-<arch>.AppImage name, while GTK2 builds use a gtk2-legacy suffix to distinguish the legacy compatibility artifact.
Include immintrin.h in the Argon2 AVX2 implementation so GCC toolchains such as the one on CentOS 7 see the AVX2 intrinsic types when compiling with -mavx2.
Refs: https://github.com/veracrypt/VeraCrypt/issues/1595
CentOS 6 builds VeraCrypt with GCC 4.4.7 and -std=c++0x. That compiler does not support range-based for loops, and its libstdc++ does not provide std::string::back() or std::string::pop_back().
Avoid those constructs in the affected Unix/Linux code paths: use VeraCrypt's existing foreach helper when iterating PKCS#11 object handles, and use indexing plus erase() when trimming trailing slashes from PATH entries.
This keeps the code valid for newer Linux toolchains while restoring compatibility with the CentOS 6 build environment.
Stage VeraCrypt and wxWidgets sources under the SDK package directory before rendering the OpenWrt package Makefile. The generated recipe now refers only to fixed package-local paths, so checkout and work directory names are no longer parsed as GNU Make syntax or passed unquoted through recipe source arguments.
Validate VeraCrypt and wxWidgets version tokens before substituting them into generated package metadata. This prevents unexpected Make metacharacters from entering the generated OpenWrt recipe while preserving normal dotted release versions.
Quote OpenWrt QEMU test container-size values with the existing shell quoting helper, matching the password handling and preventing user-supplied size text from being split or interpreted by the guest shell.
OpenBSD builds were relying on ggod to generate embedded resource
headers. That tool is not available on a stock OpenBSD 7.9 install,
and using base od directly is not a safe substitute because it emits
zero-padded decimal values such as 060 and 098. Those tokens are then
included in C++ source and parsed as octal constants, which either
changes values or fails compilation.
Use hexdump with an explicit unsigned-byte format for OpenBSD. It is
part of the base system and emits unpadded decimal byte values suitable
for the existing resource-header pipeline.
The text-mode binary also crashed on normal process exit on OpenBSD,
including after --version, --test, create, mount, list, and dismount.
GDB showed the crash in libpcsclite_real during SCardReleaseContext(),
called from the static SCardManager destructor. This happened even for
commands that did not use EMV or security-token support because the
static manager constructor eagerly initialized PC/SC at startup.
Avoid eager PC/SC initialization and exit-time finalization on OpenBSD.
The existing call sites still initialize PC/SC lazily when EMV/token
operations need it, while ordinary CLI commands no longer touch
pcsc-lite and no longer crash during static destruction.
Validated on OpenBSD 7.9 amd64 with:
- gmake NOGUI=1 -j2
- veracrypt --text --version
- veracrypt --text --test
- device-hosted create/mount/list/dismount smoke test through doas/vnd
Refs #1589.
Refs #1593.
VeraCrypt derives the real (non-root) user from SUDO_UID/SUDO_GID
to set default mount-point ownership and the FUSE service access
filter. On OpenBSD, privileged commands are normally run through doas,
which exposes the invoking login name via DOAS_USER and does not set
the sudo variables. As a result, VeraCrypt launched through doas
attributes both to root instead of the invoking user.
When the sudo identity variables are absent, resolve DOAS_USER through
the password database and use that uid/gid for default mount-point
ownership and the VeraCrypt FUSE service access filter. sudo behavior
is unchanged.
This is a correctness fix for the doas launch path. It is not confirmed
to resolve the non-root ext2fs EACCES reported in the linked issues:
that failure occurs at the ext2fs layer reached through vnd, whose
backing-image I/O runs as root and is therefore already permitted by
the access filter.
Refs #1589.
Refs #1593.
OpenBSD device length detection was returning the raw disk sector count from DIOCGPDINFO directly. That value is not bytes and it describes the physical/default disk label, which caused VeraCrypt to expose an incorrectly sized FUSE backing image through vnd for device-hosted volumes.
Use the current disklabel from DIOCGDINFO, derive the opened partition from the device minor number, and return the selected partition size in bytes. Keep the raw c partition on the whole-disk path by using DL_GETDSIZE there.
Also reject sector-misaligned device-hosted sizes during volume creation so new malformed OpenBSD device-hosted volumes are not created. Do not reject existing malformed headers at mount time, so users can still mount old OpenBSD-created volumes for recovery.
Refs #1589.
Refs #1593.
Add OpenWrt SDK packaging under src/Build for console-only x86/64 builds. The build helper prepares the SDK, renders a local package recipe, builds VeraCrypt with the OpenWrt musl toolchain, uses wxWidgets 3.2.10 as static wxBase, enables FUSE3, and skips release self-tests during cross compilation.
Add a package template that installs the console binary, mount.veracrypt, and license files only. The package declares bash for mount.veracrypt and keeps runtime dependencies focused on the direct userland requirements.
Add a documented QEMU runtime test path that boots the matching OpenWrt image, installs the locally built package set with opkg, runs the VeraCrypt version and algorithm self-tests, and exercises a small filesystem=none container mount/unmount flow.
Allow wxbuild callers to pass WX_CONFIGURE_EXTRA_FLAGS so OpenWrt cross configure flags can be passed into the wxWidgets build without carrying an OpenWrt-specific source patch.
Extend the Unix encryption thread pool to run key-derivation work items and use it when mounting volumes without an explicitly selected KDF. This brings Linux/macOS header PRF autodetection closer to the Windows path while keeping selected-KDF mounts unchanged.
Fixes#1610.
When preparing UEFI system encryption, check for the standard Windows bootmgfw.efi path before reading it. If it is absent, show the existing VeraCrypt diagnostic instead of surfacing a generic file-not-found error from the elevated COM path.
Clarify that Windows startup-managed VHD/VHDX files, including Dev Drive backing images, cannot live on system favorite volumes because they are accessed before those volumes are mounted.
Document that native-boot VHD/VHDX files also cannot live on system favorite volumes and remain subject to the existing VeraCrypt pre-boot authentication limitation for operating systems installed within VHD/VHDX files.
Mention a delayed/retrying attach workaround for non-boot-critical VHD/VHDX files after VeraCryptSystemFavorites mounts the host volume.
Closes#1605.
Use a stable VeraCrypt Start Menu folder for MSI installs instead of deriving it from the versioned product name. Refresh the shortcut component identities for the new folder location and add upgrade-time cleanup for old versioned VeraCrypt Start Menu folders while preserving folders that contain non-VeraCrypt content.
Fixes#1631.
Fixes#1624
The language file path was hardcoded to /usr/share/veracrypt/languages/
which doesn't exist inside an AppImage runtime. Language files are
actually located under $APPDIR/usr/share/veracrypt/languages/ when
running from an AppImage.
This affected both the language file loading in Resources.cpp and the
language enumeration in PreferencesDialog.cpp, causing the language
selection to show only "System default" and "English" regardless of
which translations were packaged in the AppImage.
When a second GUI process successfully notifies the running instance through the show-request FIFO, the handoff is not an error. Avoid showing the informational modal before exiting, and let the running instance restore the main window on any show request.
Also initialize the GTK indicator menu item pointers to NULL and guard the show/hide label update, preventing a latent crash in SetBackgroundMode when the indicator menu has not been built (e.g. background task disabled in preferences) -- a path made more reachable by the FIFO timer now invoking SetBackgroundMode unconditionally on incoming show requests.
Fixes#1447.
Closes#1745.
Refs #461.
Mounir IDRASSI
VastBlast
Ganeron11
nkh0472
Patriccollu
Mounir IDRASSI
Marius Kjærstad