Compare commits
15 Commits
876cacb728
...
d14c964d8a
Author | SHA1 | Date |
---|---|---|
Deniz Türkoglu | d14c964d8a | |
Jertzukka | 55c3a8dc58 | |
Mounir IDRASSI | e96f3035d9 | |
Deniz Tuerkoglu | 8506cc03ec | |
Deniz Tuerkoglu | 5c4c75d817 | |
Deniz Tuerkoglu | 0616324837 | |
Deniz Tuerkoglu | 1bdc5592ce | |
Deniz Tuerkoglu | c7542aef67 | |
Deniz Tuerkoglu | 3e5168f1a6 | |
Deniz Tuerkoglu | ef75034b8c | |
Deniz Tuerkoglu | 0f6075e25a | |
Deniz Tuerkoglu | f3ff46b015 | |
Deniz Tuerkoglu | ad431d95a8 | |
Deniz Tuerkoglu | c5494492b0 | |
Deniz Tuerkoglu | eca3086a1d |
21
README.md
21
README.md
|
@ -151,9 +151,24 @@ of the SDK (i.e. 10.15), you can export the environment variable VC_OSX_TARGET:
|
|||
|
||||
$ export VC_OSX_TARGET=10.15
|
||||
|
||||
For development dependencies management, you can use [homebrew](https://brew.sh).
|
||||
|
||||
Before building under MacOSX, pkg-config must be installed if not yet available.
|
||||
Get it from https://pkgconfig.freedesktop.org/releases/pkg-config-0.28.tar.gz and
|
||||
$ brew install pkg-config yasm wxwidgets
|
||||
|
||||
You also need system dependencies
|
||||
|
||||
$ brew install --cask macfuse packages
|
||||
|
||||
After installating dependencies via brew, you can build a local development build
|
||||
|
||||
$ ./src/Build/build_veracrypt_macosx.sh -b
|
||||
|
||||
If you want to build the package, you also need to pass `-p` to the build script above. The built
|
||||
executable will be in `.src/Main`
|
||||
|
||||
If you prefer to build from sources, or without homebrew, pkg-config and packages must be installed.
|
||||
|
||||
Get pkg-config from https://pkgconfig.freedesktop.org/releases/pkg-config-0.28.tar.gz and
|
||||
compile using the following commands :
|
||||
|
||||
$ ./configure --with-internal-glib
|
||||
|
@ -178,7 +193,7 @@ Because of incompatibility issues with OSXFUSE, the SDK 10.9 generates a
|
|||
VeraCrypt binary that has issues communicating with the OSXFUSE kernel extension.
|
||||
Thus, we recommend using a different OSX SDK version for building VeraCrypt.
|
||||
|
||||
|
||||
To build the installation package, you will need [packages](http://s.sudre.free.fr/Software/Packages/about.html)
|
||||
|
||||
III. FreeBSD
|
||||
============================
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
#
|
||||
# Copyright (c) 2013-2019 IDRIX
|
||||
# Governed by the Apache License 2.0 the full text of which is contained
|
||||
|
@ -12,6 +14,37 @@ SOURCEPATH=$(cd "$(dirname "$SCRIPTPATH/../.")"; pwd)
|
|||
# directory where the VeraCrypt project has been checked out
|
||||
PARENTDIR=$(cd "$(dirname "$SCRIPTPATH/../../../.")"; pwd)
|
||||
|
||||
while getopts bpr flag
|
||||
do
|
||||
case "${flag}" in
|
||||
b) brew=true;;
|
||||
p) package=true;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -n "$brew" ]; then
|
||||
export VC_OSX_SDK=$(xcrun --show-sdk-version) #use the latest version installed, this might fail
|
||||
export VC_OSX_TARGET=${VC_OSX_SDK}
|
||||
echo "Using MacOSX SDK $VC_OSX_SDK with target set to $VC_OSX_TARGET"
|
||||
cd $SOURCEPATH
|
||||
|
||||
echo "Building VeraCrypt with precompiled homebrew packages"
|
||||
cellar=$(brew --cellar "wxwidgets")
|
||||
version=$(brew list --versions "wxwidgets" | head -1 | awk '{print $2}')
|
||||
export WX_BUILD_DIR="$cellar/$version/bin"
|
||||
# skip signing and build only for local arch
|
||||
export LOCAL_DEVELOPMENT_BUILD=true
|
||||
# set the correct CPU arch for Makefile
|
||||
export CPU_ARCH=$(uname -m)
|
||||
export AS=$(which yasm)
|
||||
export COMPILE_ASM=$( if [[ "$CPU_ARCH" != "arm64" ]]; then echo true; else echo false; fi )
|
||||
make clean && make
|
||||
if [ -n "$package" ]; then
|
||||
make package
|
||||
fi
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# the sources of wxWidgets 3.1.2 must be extracted to the parent directory (for night mode)
|
||||
export WX_ROOT=$PARENTDIR/wxWidgets-3.2.2.1
|
||||
echo "Using wxWidgets sources in $WX_ROOT"
|
||||
|
@ -19,7 +52,7 @@ echo "Using wxWidgets sources in $WX_ROOT"
|
|||
# this will be the temporary wxWidgets directory
|
||||
export WX_BUILD_DIR=$PARENTDIR/wxBuild-3.2.2.1
|
||||
|
||||
# define the SDK version to use and OSX minimum target. We target 10.9 by default
|
||||
# define the SDK version to use and OSX minimum target. We target 12 by default
|
||||
export VC_OSX_TARGET=12
|
||||
export VC_OSX_SDK=13
|
||||
echo "Using MacOSX SDK $VC_OSX_SDK with target set to $VC_OSX_TARGET"
|
||||
|
|
|
@ -14240,9 +14240,11 @@ BOOL BufferHasPattern (const unsigned char* buffer, size_t bufferLen, const void
|
|||
return bRet;
|
||||
}
|
||||
|
||||
/* Implementation borrowed from KeePassXC source code (https://github.com/keepassxreboot/keepassxc/blob/release/2.4.0/src/core/Bootstrap.cpp#L150)
|
||||
/* Implementation borrowed from KeePassXC source code (https://github.com/keepassxreboot/keepassxc/blob/2.7.8/src/core/Bootstrap.cpp#L121)
|
||||
*
|
||||
* Reduce current user acess rights for this process to the minimum in order to forbid non-admin users from reading the process memory.
|
||||
* Restrict access to changing DACL's after the process is started. This prevents the creator of veracrypt process from simply adding
|
||||
* the permission to read memory back to the DACL list.
|
||||
*/
|
||||
BOOL ActivateMemoryProtection()
|
||||
{
|
||||
|
@ -14252,6 +14254,8 @@ BOOL ActivateMemoryProtection()
|
|||
HANDLE hToken = NULL;
|
||||
PTOKEN_USER pTokenUser = NULL;
|
||||
DWORD cbBufferSize = 0;
|
||||
PSID pOwnerRightsSid = NULL;
|
||||
DWORD pOwnerRightsSidSize = SECURITY_MAX_SID_SIZE;
|
||||
|
||||
// Access control list
|
||||
PACL pACL = NULL;
|
||||
|
@ -14292,8 +14296,19 @@ BOOL ActivateMemoryProtection()
|
|||
goto Cleanup;
|
||||
}
|
||||
|
||||
// Retrieve CreaterOwnerRights SID
|
||||
pOwnerRightsSid = (PSID) HeapAlloc(GetProcessHeap(), 0, pOwnerRightsSidSize);
|
||||
if (pOwnerRightsSid == NULL) {
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
if (!CreateWellKnownSid(WinCreatorOwnerRightsSid, NULL, pOwnerRightsSid, &pOwnerRightsSidSize)) {
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
// Calculate the amount of memory that must be allocated for the DACL
|
||||
cbACL = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pTokenUser->User.Sid);
|
||||
cbACL = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pTokenUser->User.Sid)
|
||||
+ sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pOwnerRightsSid);
|
||||
|
||||
// Create and initialize an ACL
|
||||
pACL = (PACL) HeapAlloc(GetProcessHeap(), 0, cbACL);
|
||||
|
@ -14315,6 +14330,17 @@ BOOL ActivateMemoryProtection()
|
|||
goto Cleanup;
|
||||
}
|
||||
|
||||
// Explicitly set "Process Owner" rights to Read Only. The default is Full Control.
|
||||
if (!AddAccessAllowedAce(
|
||||
pACL,
|
||||
ACL_REVISION,
|
||||
READ_CONTROL,
|
||||
pOwnerRightsSid
|
||||
)) {
|
||||
goto Cleanup;
|
||||
}
|
||||
|
||||
|
||||
// Set discretionary access control list
|
||||
bSuccess = (ERROR_SUCCESS == SetSecurityInfo(GetCurrentProcess(), // object handle
|
||||
SE_KERNEL_OBJECT, // type of object
|
||||
|
@ -14333,6 +14359,9 @@ Cleanup:
|
|||
if (pACL != NULL) {
|
||||
HeapFree(GetProcessHeap(), 0, pACL);
|
||||
}
|
||||
if (pOwnerRightsSid != NULL) {
|
||||
HeapFree(GetProcessHeap(), 0, pOwnerRightsSid);
|
||||
}
|
||||
if (pTokenUser != NULL) {
|
||||
HeapFree(GetProcessHeap(), 0, pTokenUser);
|
||||
}
|
||||
|
|
|
@ -210,7 +210,9 @@ else
|
|||
sed -e 's/_VERSION_/$(patsubst %a,%.1,$(patsubst %b,%.2,$(TC_VERSION)))/' ../Build/Resources/MacOSX/Info.plist.xml >$(APPNAME).app/Contents/Info.plist
|
||||
endif
|
||||
chmod -R go-w $(APPNAME).app
|
||||
ifneq ($(LOCAL_DEVELOPMENT_BUILD),"true")
|
||||
codesign -s "Developer ID Application: IDRIX (Z933746L2S)" --timestamp $(APPNAME).app
|
||||
endif
|
||||
|
||||
install: prepare
|
||||
cp -R $(APPNAME).app /Applications/.
|
||||
|
|
|
@ -668,7 +668,7 @@ namespace VeraCrypt
|
|||
{
|
||||
parentDir = wxT(".");
|
||||
}
|
||||
if (wxDirExists(parentDir) && wxGetDiskSpace (parentDir, nullptr, &diskSpace))
|
||||
if (options->Type == VolumeType::Normal && wxDirExists(parentDir) && wxGetDiskSpace (parentDir, nullptr, &diskSpace))
|
||||
{
|
||||
AvailableDiskSpace = (uint64) diskSpace.GetValue ();
|
||||
if (maxVolumeSize > AvailableDiskSpace)
|
||||
|
@ -678,10 +678,13 @@ namespace VeraCrypt
|
|||
|
||||
if (options->Size == (uint64) (-1))
|
||||
{
|
||||
if (AvailableDiskSpace)
|
||||
if (options->Type == VolumeType::Hidden) {
|
||||
throw_err (_("Please do not use maximum size for hidden volume. As we do not mount the outer volume to determine the available space, it is your responsibility to choose a value so that the hidden volume does not overlap the outer volume."));
|
||||
}
|
||||
else if (AvailableDiskSpace)
|
||||
{
|
||||
// caller requesting maximum size
|
||||
// we use maxVolumeSize because it is guaranteed to be less of equal to AvailableDiskSpace
|
||||
// we use maxVolumeSize because it is guaranteed to be less or equal to AvailableDiskSpace for outer volumes
|
||||
options->Size = maxVolumeSize;
|
||||
}
|
||||
else
|
||||
|
@ -702,14 +705,17 @@ namespace VeraCrypt
|
|||
throw MissingArgument (SRC_POS);
|
||||
|
||||
uint64 multiplier = 1024 * 1024;
|
||||
wxString sizeStr = AskString (options->Type == VolumeType::Hidden ? _("\nEnter hidden volume size (sizeK/size[M]/sizeG/sizeT/max): ") : _("\nEnter volume size (sizeK/size[M]/sizeG.sizeT/max): "));
|
||||
wxString sizeStr = AskString (options->Type == VolumeType::Hidden ? _("\nEnter hidden volume size (sizeK/size[M]/sizeG/sizeT): ") : _("\nEnter volume size (sizeK/size[M]/sizeG.sizeT/max): "));
|
||||
if (sizeStr.CmpNoCase(wxT("max")) == 0)
|
||||
{
|
||||
multiplier = 1;
|
||||
if (AvailableDiskSpace)
|
||||
if (options->Type == VolumeType::Hidden) {
|
||||
throw_err (_("Please do not use maximum size for hidden volume. As we do not mount the outer volume to determine the available space, it is your responsibility to choose a value so that the hidden volume does not overlap the outer volume."));
|
||||
}
|
||||
else if (AvailableDiskSpace)
|
||||
{
|
||||
// caller requesting maximum size
|
||||
// we use maxVolumeSize because it is guaranteed to be less of equal to AvailableDiskSpace
|
||||
// we use maxVolumeSize because it is guaranteed to be less or equal to AvailableDiskSpace for outer volumes
|
||||
options->Size = maxVolumeSize;
|
||||
}
|
||||
else
|
||||
|
|
48
src/Makefile
48
src/Makefile
|
@ -295,7 +295,7 @@ ifeq "$(shell uname -s)" "Darwin"
|
|||
PLATFORM := MacOSX
|
||||
APPNAME := VeraCrypt
|
||||
|
||||
export VC_OSX_TARGET ?= 10.7
|
||||
export VC_OSX_TARGET ?= 12
|
||||
export VC_OSX_SDK ?= $(VC_OSX_TARGET)
|
||||
|
||||
#check to see if XCode 3 path exists.Otherwise, use XCode 4 path
|
||||
|
@ -323,11 +323,13 @@ ifeq "$(shell uname -s)" "Darwin"
|
|||
endif
|
||||
|
||||
ifeq "$(CPU_ARCH)" "arm64"
|
||||
CPU_ARCH = x86
|
||||
CPU_ARCH = arm64
|
||||
endif
|
||||
|
||||
CFLAGS += -msse2
|
||||
CXXFLAGS += -msse2
|
||||
ifneq "$(CPU_ARCH)" "arm64"
|
||||
CFLAGS += -msse2
|
||||
CXXFLAGS += -msse2
|
||||
endif
|
||||
|
||||
ifeq "$(origin SSSE3)" "command line"
|
||||
CFLAGS += -mssse3
|
||||
|
@ -339,7 +341,7 @@ ifeq "$(shell uname -s)" "Darwin"
|
|||
CXXFLAGS += -mssse3 -msse4.1
|
||||
endif
|
||||
|
||||
AS := $(BASE_DIR)/Build/Tools/MacOSX/yasm
|
||||
AS ?= $(BASE_DIR)/Build/Tools/MacOSX/yasm
|
||||
export ASFLAGS32 := -D __GNUC__ -D __YASM__ -D __BITS__=32 --prefix=_ -f macho32
|
||||
export ASFLAGS64 := -D __GNUC__ -D __YASM__ -D __BITS__=64 --prefix=_ -f macho64
|
||||
|
||||
|
@ -350,8 +352,20 @@ ifeq "$(shell uname -s)" "Darwin"
|
|||
S := $(C_CXX_FLAGS)
|
||||
C_CXX_FLAGS = $(subst -MMD,,$(S))
|
||||
|
||||
C_CXX_FLAGS += -gfull -arch x86_64
|
||||
LFLAGS += -Wl,-dead_strip -arch x86_64
|
||||
# only build local arch in development builds
|
||||
ifeq "$(LOCAL_DEVELOPMENT_BUILD)" "true"
|
||||
ifeq "$(CPU_ARCH)" "arm64"
|
||||
C_CXX_FLAGS += -gfull -arch $(CPU_ARCH)
|
||||
LFLAGS += -Wl,-dead_strip -arch $(CPU_ARCH)
|
||||
else
|
||||
C_CXX_FLAGS += -gfull -arch x86_64
|
||||
LFLAGS += -Wl,-dead_strip -arch x86_64
|
||||
endif
|
||||
else
|
||||
# leave previous logic as is
|
||||
C_CXX_FLAGS += -gfull -arch x86_64
|
||||
LFLAGS += -Wl,-dead_strip -arch x86_64
|
||||
endif
|
||||
|
||||
WX_CONFIGURE_FLAGS += --without-libpng --disable-gif --disable-pcx --disable-tga --disable-iff --disable-gif --disable-svg
|
||||
|
||||
|
@ -361,10 +375,22 @@ ifeq "$(shell uname -s)" "Darwin"
|
|||
LFLAGS += -arch i386
|
||||
WX_CONFIGURE_FLAGS += --enable-universal_binary=i386,x86_64
|
||||
else
|
||||
CXXFLAGS += -std=c++11
|
||||
C_CXX_FLAGS += -arch arm64
|
||||
LFLAGS += -arch arm64
|
||||
WX_CONFIGURE_FLAGS += --enable-universal_binary=arm64,x86_64
|
||||
CXXFLAGS += -std=c++11
|
||||
ifeq "$(LOCAL_DEVELOPMENT_BUILD)" "true"
|
||||
ifeq "$(CPU_ARCH)" "arm64"
|
||||
C_CXX_FLAGS += -arch arm64
|
||||
LFLAGS += -arch arm64
|
||||
else
|
||||
C_CXX_FLAGS += -arch x86_64
|
||||
LFLAGS += -arch x86_64
|
||||
endif
|
||||
WX_CONFIGURE_FLAGS += --disable-universal_binary
|
||||
else
|
||||
# leave previous logic as is
|
||||
C_CXX_FLAGS += -arch arm64
|
||||
LFLAGS += -arch arm64
|
||||
WX_CONFIGURE_FLAGS += --enable-universal_binary=arm64,x86_64
|
||||
endif
|
||||
endif
|
||||
|
||||
WXCONFIG_CFLAGS += -gfull
|
||||
|
|
|
@ -37,6 +37,7 @@ endif
|
|||
|
||||
ifeq "$(ENABLE_WOLFCRYPT)" "0"
|
||||
ifeq "$(PLATFORM)" "MacOSX"
|
||||
ifneq "$(COMPILE_ASM)" "false"
|
||||
OBJSEX += ../Crypto/Aes_asm.oo
|
||||
OBJS += ../Crypto/Aes_hw_cpu.o
|
||||
OBJS += ../Crypto/Aescrypt.o
|
||||
|
@ -76,6 +77,7 @@ else ifeq "$(CPU_ARCH)" "x64"
|
|||
else
|
||||
OBJS += ../Crypto/Aescrypt.o
|
||||
endif
|
||||
endif
|
||||
|
||||
ifeq "$(GCC_GTEQ_430)" "1"
|
||||
OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41
|
||||
|
@ -129,6 +131,7 @@ VolumeLibrary: Volume.a
|
|||
|
||||
ifeq "$(ENABLE_WOLFCRYPT)" "0"
|
||||
ifeq "$(PLATFORM)" "MacOSX"
|
||||
ifneq "$(COMPILE_ASM)" "false"
|
||||
../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm
|
||||
@echo Assembling $(<F)
|
||||
$(AS) $(ASFLAGS32) -o ../Crypto/Aes_x86.o ../Crypto/Aes_x86.asm
|
||||
|
@ -137,7 +140,7 @@ ifeq "$(PLATFORM)" "MacOSX"
|
|||
rm -fr ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o
|
||||
../Crypto/Twofish_asm.oo: ../Crypto/Twofish_x64.S
|
||||
@echo Assembling $(<F)
|
||||
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S
|
||||
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S
|
||||
../Crypto/Camellia_asm.oo: ../Crypto/Camellia_x64.S
|
||||
@echo Assembling $(<F)
|
||||
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_asm.oo ../Crypto/Camellia_x64.S
|
||||
|
@ -173,5 +176,6 @@ ifeq "$(PLATFORM)" "MacOSX"
|
|||
$(AS) $(ASFLAGS64) -o ../Crypto/sha512_sse4.oo ../Crypto/sha512_sse4_x64.asm
|
||||
endif
|
||||
endif
|
||||
endif
|
||||
|
||||
include $(BUILD_INC)/Makefile.inc
|
||||
|
|
Loading…
Reference in New Issue