[pull] master from veracrypt:master#192
Merged
Merged
Conversation
Document BLAKE2b-512 and Argon2id usage in the HTML/CHM user guide and Russian/Chinese translations. Clarify Argon2id's non-system scope, PBKDF2-HMAC system encryption behavior, PIM parameters, and regenerate the CHM files.
The Blake2b hash class (BLAKE2b-512) was fully implemented but never registered in Hash::GetAvailableAlgorithms(), so it was absent from the Random Pool Enrichment, Keyfile Generator and Benchmark dialogs on Linux/macOS. In particular, when Argon2 is selected as the volume PRF, the RNG pool hash is set to BLAKE2b-512, but the Random Pool Enrichment dialog could neither display nor pre-select it, diverging from Windows which offers BLAKE2b-512 in the same dialog. Register Blake2b after Streebog (matching the Crypto.c PRF order). Its 64-byte digest divides RNG_POOL_SIZE (320), so the HashMixPool size constraint holds, and blake2b.o is always built in non-wolfCrypt builds. Also make Pkcs5Kdf::GetAlgorithm(const Hash&) Argon2-aware by removing the unconditional skip of the Argon2 KDF, so a BLAKE2b-512 hash now maps to the Argon2 KDF instead of throwing.
The privileged CoreService handler for SetFileOwnerRequest passed the client-supplied path straight to chown() as root with no validation -- unlike the adjacent APFS formatter handler, which strictly validates its device argument. Every legitimate macOS caller of the elevated SetFileOwner targets a real disk device node (/dev/[r]diskN[sM]), so a crafted IPC request, or a symlink planted at the target, could otherwise make the root process change ownership of an arbitrary path. Validate the target service-side: require the strict device-path form already used by the formatter, and lstat() it to confirm a block or character device (rejecting symlinks rather than following them) before the chown. Co-authored-by: Damian Rickard <damian@rickard.us>
* Honor --no-size-check when creating file containers via the CLI The text-mode volume creation path clamps the maximum allowed volume size to the available free disk space and never consults ArgDisableFileSizeCheck, so the documented --no-size-check switch has no effect when creating a file-hosted container with `--text --create`. The flag is honored by the GUI wizard (Forms/VolumeSizeWizardPage.cpp) but was missing from the text UI, making it impossible to create a (sparse) container larger than the current free space from the command line -- even though such a container is perfectly valid on filesystems with sparse-file support (e.g. APFS, ext4, NTFS) and is exactly what the flag exists to allow. Skip the free-space clamp when --no-size-check is set, mirroring the GUI behavior. * Fix max volume size handling with no-size-check Keep the max size sentinel and interactive max choice bounded by available disk space even when --no-size-check allows explicit sparse container sizes beyond the current free space. --------- Co-authored-by: Damian Rickard <damian@rickard.us> Co-authored-by: Mounir IDRASSI <mounir.idrassi@amcrypto.jp>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )