VeraCrypt

Recent Commits

• Mounir IDRASSI (05 Jun 26)

  Build: replace fixed SOURCE_DATE_EPOCH fallback Keep caller-provided SOURCE_DATE_EPOCH authoritative and derive the automatic default through a shared helper used by the Makefile, direct CMake/CPack packaging, and the deb packaging wrapper. When repository metadata is available, use the HEAD commit timestamp without relying on git -C. Resolve the source root before probing Git so symlinked source paths still use the checkout HEAD. For source tarballs without .git, derive the fallback timestamp from the release date encoded in Common/Tcdefs.h instead of the stale 2020-01-01 constant. Add TC_RELEASE_DATE_DAY and validate it together with TC_RELEASE_DATE_YEAR, TC_RELEASE_DATE_MONTH, and TC_STR_RELEASE_DATE. Abort when no valid timestamp can be derived. For direct CMake invocation, initialize SOURCEPATH when the wrapper has not provided it, use the shared helper for derivation, validate the result, and export it for package targets. Also persist the configured epoch through CPACK_PROJECT_CONFIG_FILE so later standalone cpack --config runs export the same value before invoking package generators. Document that automatic git-checkout builds and release-tarball builds intentionally use different epochs; release reproducers should build from the tarball or set SOURCE_DATE_EPOCH explicitly.

• Mounir IDRASSI (05 Jun 26)

  Windows: allow selecting KDFs in benchmark dialog Add a KDF checklist to the Windows benchmark dialog while keeping all algorithms selected by default. Filter KDF benchmark execution to the checked algorithms and silently skip when none are selected. Reuse existing KDF localization strings and keep Language.xml unchanged.

• Mounir IDRASSI (05 Jun 26)

  Crypto: fix no-SSE2 x86 fallback paths Guard BLAKE2s x86 SIMD dispatch on compiled SSE2 intrinsic support so NOSSE2 builds do not reference missing compressor symbols. Make Argon2 AVX2/SSE2 stubs fall back to the next available implementation instead of returning ARGON2_INCORRECT_PARAMETER when runtime CPU flags outpace build capabilities.

• Mounir IDRASSI (04 Jun 26)

  Update translations

• Mounir IDRASSI (04 Jun 26)

  Documentation: Update CHM files

• Mounir IDRASSI (04 Jun 26)

  Update Release Notes. Set release date.

• Mounir IDRASSI (04 Jun 26)

  Windows: Update signed driver to version 1.26.29.2

• Mounir IDRASSI (03 Jun 26)

  Windows: Add Win64 unwind metadata for AES assembly Emit NASM-compatible .pdata/.xdata records for the x64 table AES routines and AES-NI 32-block paths. Describe the nonvolatile GP and XMM6-XMM15 saves so kernel stack unwinding can cross these routines reliably. Gate the metadata on win64 output so ELF and Mach-O builds keep their existing assembly paths.

• Mounir IDRASSI (03 Jun 26)

  Fix Twofish x64 multiblock tail handling Only call the one-block assembly helper when one block remains after the three-block loop. This prevents zero-block and multiple-of-three requests from reading and writing one extra block past the caller buffer. Add a Twofish multiblock self-test covering block counts 0 through 9.

• Mounir IDRASSI (03 Jun 26)

  Documentation: Use correct Yasm download link instead of old dead link

• Mounir IDRASSI (03 Jun 26)

  Align key schedules and fix Camellia SSSE3 dispatch Align CRYPTO_INFO primary and secondary key-schedule buffers so cipher implementations can safely use word-sized schedule access on VeraCrypt-managed storage. Keep generic Camellia direct uint64 schedule indexing. Builds that define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS use direct 64-bit key and block byte loads/stores; memcpy is retained only for strict-alignment builds. Require SSSE3 before using the x64 AESNI 16-way Camellia path because the assembly uses pshufb in addition to AES and AVX.

• Mounir IDRASSI (03 Jun 26)

  Fix x64 CPU feature macro guard CRYPTOPP_BOOL_X64 is defined as 0 on non-x64 builds, so #ifdef made HasSSE2() and HasISSE() always true. Use #if so non-x64 builds follow runtime feature detection and DisableCPUExtendedFeatures().

• Mounir IDRASSI (03 Jun 26)

  Windows driver: fix PBKDF XSTATE cleanup Ensure SHA-256 and SHA-512 PBKDF cancellation paths restore saved extended processor state before cleanup. Remove unnecessary extended-state save/restore around BLAKE2s, which does not use AVX in the current implementation.

• Mounir IDRASSI (03 Jun 26)

  Increment version to 1.26.29. Update signed Windows drivers

• Mounir IDRASSI (03 Jun 26)

  Merge commit from fork Hidden volumes are forced to quick format to avoid rewriting the hidden data area. Keep that behavior while skipping the file-container allocation shortcut that writes plaintext zero sectors at 128 MiB intervals. The allocation shortcut remains enabled for non-hidden file containers; hidden containers now use only the encrypted formatter write path for sectors that are written.

• Mounir IDRASSI (02 Jun 26)

  Windows: discover newer SDK MSI tools Enhance build_msi_x64.bat to enumerate installed Windows Kits 10 SDK bin directories matching 10.* and select the newest x86 path that contains the MSI tools. Keep VC_DIR_PLATFORMSDK as the first override and preserve the existing fixed SDK fallback paths for older installations. Require MsiInfo.exe during discovery as well as msitran.exe and msidb.exe so the selected SDK path supports the final MSI metadata step.

• Mounir IDRASSI (02 Jun 26)

  Update Windows build documentation for VS2022 Replace outdated Visual Studio 2010/2019 and legacy Windows SDK 7.1, WDK 7.1, and Windows 8.1 SDK guidance with the current Visual Studio 2022/v143 toolchain, Windows 10/11 SDK, and WDK requirements. Document NASM, YASM, WiX Toolset v3.x, signtool.exe, and optional legacy BIOS bootloader tools separately. Update the build flow for x64, ARM64, Win32 setup/helper projects, and explicit Driver project builds. Align the zh-cn and ru translated guides with the updated English content while preserving their existing translation style. Fix test certificate paths to use src/Signing/TestCertificate.

• VastBlast (02 Jun 26)

  Merge commit from fork * Fix wolfCrypt PBKDF2 key derivation * Document wolfSSL PBKDF2 build option * Handle wolfCrypt PBKDF2 failures

• Mounir IDRASSI (01 Jun 26)

  Align Whirlpool lookup table and local buffer

• Mounir IDRASSI (01 Jun 26)

  Linux/WSL: open mounted volumes via Windows Explorer Route Linux GUI mounted-volume opens through Windows Explorer when WSL interop is available, before falling back to xdg-open and known file managers. Detect WSL by checking for /usr/bin/wslinfo and /usr/bin/wslpath, build the target path from the WSL root UNC so /mnt/<drive> mount points stay in the WSL VFS overlay, and launch Explorer directly so the folder argument is preserved.

• Mounir IDRASSI (31 May 26)

  FreeBSD: link static wx builds with iconv

• Mounir IDRASSI (31 May 26)

  XML language file: Update Russian translations by Dmitry Yerokhin

• Mounir IDRASSI (31 May 26)

  Fix leaf 7 feature detection BMI2 support is advertised by CPUID leaf 7, subleaf 0, EBX bit 8. The previous early assignment used CPUID leaf 1 EBX bit 8, which is not the BMI2 feature bit and could leave a bogus fallback value before vendor-specific leaf 7 detection. Keep BMI2 detection based on the leaf 7 result only. Unlike AVX2, BMI2 is GPR-only and does not require an OS/XCR0 state gate. Also save the max basic CPUID leaf immediately after CPUID leaf 0. The AMD/Hygon path reuses the cpuid buffer for leaf 0x80000005 before checking whether leaf 7 is available, so using the saved max basic leaf prevents RDSEED, AVX2, and BMI2 detection from being skipped because that buffer was clobbered.

• Mounir IDRASSI (31 May 26)

  Fix AVX2 feature gating AVX2 support is advertised by CPUID leaf 7, subleaf 0, EBX bit 5. The previous early assignment used cpuid1[1] bit 5, which is CPUID leaf 1 EBX and is not the AVX2 feature bit. Record the leaf 7 AVX2 bit separately and assign g_hasAVX2 only after vendor-specific detection has completed. The final value is now gated by g_hasAVX, which reflects the OS/XCR0 AVX state check, so AVX2 code is not selected unless both the CPU and OS state support it.

• Mounir IDRASSI (31 May 26)

  Windows: fix security token foreach warning

• Mounir IDRASSI (31 May 26)

  Fix Unmount All access keys Move the Unmount All mnemonic away from the single-volume Unmount action in the Windows resources and affected language files. This keeps the two main actions reachable through distinct keyboard accelerators across packaged translations. Fixes https://github.com/veracrypt/VeraCrypt/issues/1751

• Mounir IDRASSI (30 May 26)

  Windows: fix EFI DcsProp rewrite handling Ensure ESP file writes have true replace semantics even when the operation is delegated to the elevated COM helper. This prevents shorter edits of EFI\VeraCrypt\DcsProp from leaving stale bytes at the end of the file. Also XML-escape decoded EFI boot configuration values before serializing them, preserving values containing characters such as <, > and & during EfiBootConf save/update paths. Fixes #954.

• Ganeron11 (30 May 26)

  Update Language.pl.xml (#1750) * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml more fixes * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml * Update Language.pl.xml

• Mounir IDRASSI (30 May 26)

  Windows: fix ReFS formatting during volume creation Mount temporary ReFS volumes as fixed media, since Windows does not support ReFS on removable media. Use FMIFS_HARDDISK for the FormatEx fallback while preserving the removable-media path for NTFS and exFAT. Also make the FormatEx DONE-with-failure status explicit and guard against a missing callback parameter.

• Mounir IDRASSI (29 May 26)

  Linux: store GUI instance lock under XDG paths The GUI single-instance lock was previously created through wxSingleInstanceChecker without an explicit Unix path, causing wxWidgets to place .VeraCrypt-lock-$USER directly in the user home directory. Resolve a private lock directory before constructing wxSingleInstanceChecker. Prefer $XDG_RUNTIME_DIR/VeraCrypt, then $XDG_CACHE_HOME/VeraCrypt, then ~/.cache/VeraCrypt, and keep the previous home-directory behavior only as a final fallback if no XDG location can be used. Update stale-lock cleanup to remove the lock from the same resolved directory, so false-positive cleanup continues to work after moving the lock out of $HOME. Fixes https://github.com/veracrypt/VeraCrypt/issues/819