From 041999e3d06c6cce44f4c2cba962fa7b599c6ca7 Mon Sep 17 00:00:00 2001
From: Alan Somers <asomers@FreeBSD.org>
Date: Fri, 29 Dec 2017 16:06:10 +0000
Subject: [PATCH] Fix potential TOCTTOU bug in the geli tests

This change mostly reverts r293436, which introduced the bug due to a belief
that geli(8) would allocate md(4) devices by itself. However, that belief is
incorrect. Instead of using linear probing to find available md(4) numbers,
it's best to use the existing attach_md function.

Reviewed by:	ngie
MFC after:	2 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D13666
---
 tests/sys/geom/class/eli/attach_d_test.sh     |  16 +--
 tests/sys/geom/class/eli/conf.sh              |  17 ++-
 .../sys/geom/class/eli/configure_b_B_test.sh  |  36 +++----
 tests/sys/geom/class/eli/delkey_test.sh       |  42 ++++----
 tests/sys/geom/class/eli/detach_l_test.sh     |  20 ++--
 tests/sys/geom/class/eli/init_B_test.sh       |  44 ++++----
 tests/sys/geom/class/eli/init_J_test.sh       | 102 +++++++++---------
 tests/sys/geom/class/eli/init_a_test.sh       |  16 +--
 tests/sys/geom/class/eli/init_alias_test.sh   |  12 +--
 tests/sys/geom/class/eli/init_i_P_test.sh     |   4 +-
 tests/sys/geom/class/eli/init_test.sh         |  18 ++--
 .../sys/geom/class/eli/integrity_copy_test.sh |  42 ++++----
 .../sys/geom/class/eli/integrity_data_test.sh |  16 +--
 .../sys/geom/class/eli/integrity_hmac_test.sh |  16 +--
 tests/sys/geom/class/eli/kill_test.sh         |  34 +++---
 tests/sys/geom/class/eli/nokey_test.sh        |  18 ++--
 tests/sys/geom/class/eli/onetime_a_test.sh    |  14 +--
 tests/sys/geom/class/eli/onetime_d_test.sh    |  16 +--
 tests/sys/geom/class/eli/onetime_test.sh      |  16 +--
 tests/sys/geom/class/eli/readonly_test.sh     |  26 ++---
 tests/sys/geom/class/eli/resize_test.sh       |   3 +-
 tests/sys/geom/class/eli/setkey_test.sh       |  50 ++++-----
 22 files changed, 288 insertions(+), 290 deletions(-)

diff --git a/tests/sys/geom/class/eli/attach_d_test.sh b/tests/sys/geom/class/eli/attach_d_test.sh
index 5d700b3270c7..ed9226972d89 100644
--- a/tests/sys/geom/class/eli/attach_d_test.sh
+++ b/tests/sys/geom/class/eli/attach_d_test.sh
@@ -6,30 +6,30 @@
 base=`basename $0`
 sectors=100
 keyfile=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..3"
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile md${no}
-geli attach -d -p -k $keyfile md${no}
-if [ -c /dev/md${no}.eli ]; then
+geli init -B none -P -K $keyfile ${md}
+geli attach -d -p -k $keyfile ${md}
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
 # Be sure it doesn't detach on read.
-dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
 sleep 1
-if [ -c /dev/md${no}.eli ]; then
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
-true > /dev/md${no}.eli
+true > /dev/${md}.eli
 sleep 1
-if [ ! -c /dev/md${no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
diff --git a/tests/sys/geom/class/eli/conf.sh b/tests/sys/geom/class/eli/conf.sh
index 5ac291b2e15d..117b281c79b9 100644
--- a/tests/sys/geom/class/eli/conf.sh
+++ b/tests/sys/geom/class/eli/conf.sh
@@ -4,13 +4,6 @@
 class="eli"
 base=`basename $0`
 
-# We need to use linear probing in order to detect the first available md(4)
-# device instead of using mdconfig -a -t, because geli(8) attachs md(4) devices
-no=0
-while [ -c /dev/md$no ]; do
-	: $(( no += 1 ))
-done
-
 # Execute `func` for each combination of cipher, sectorsize, and hmac algo
 # `func` usage should be:
 # func <cipher> <aalgo> <secsize>
@@ -61,8 +54,14 @@ for_each_geli_config_nointegrity() {
 
 geli_test_cleanup()
 {
-	[ -c /dev/md${no}.eli ] && geli detach md${no}.eli
-	mdconfig -d -u $no
+	if [ -f "$TEST_MDS_FILE" ]; then
+		while read md; do
+			[ -c /dev/${md}.eli ] && \
+				geli detach $md.eli 2>/dev/null
+			mdconfig -d -u $md 2>/dev/null
+		done < $TEST_MDS_FILE
+	fi
+	rm -f "$TEST_MDS_FILE"
 }
 trap geli_test_cleanup ABRT EXIT INT TERM
 
diff --git a/tests/sys/geom/class/eli/configure_b_B_test.sh b/tests/sys/geom/class/eli/configure_b_B_test.sh
index b6cdf4fe1d9a..521917551fc4 100644
--- a/tests/sys/geom/class/eli/configure_b_B_test.sh
+++ b/tests/sys/geom/class/eli/configure_b_B_test.sh
@@ -5,123 +5,123 @@
 
 base=`basename $0`
 sectors=100
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..17"
 
-geli init -B none -P -K /dev/null md${no}
+geli init -B none -P -K /dev/null ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
 
-geli dump md${no} | egrep 'flags: 0x0$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x0$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
 
-geli init -B none -b -P -K /dev/null md${no}
+geli init -B none -b -P -K /dev/null ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
 
-geli dump md${no} | egrep 'flags: 0x2$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x2$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 4"
 else
 	echo "not ok 4"
 fi
 
-geli configure -B md${no}
+geli configure -B ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 5"
 else
 	echo "not ok 5"
 fi
 
-geli dump md${no} | egrep 'flags: 0x0$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x0$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
 	echo "not ok 6"
 fi
 
-geli configure -b md${no}
+geli configure -b ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 7"
 else
 	echo "not ok 7"
 fi
 
-geli dump md${no} | egrep 'flags: 0x2$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x2$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 8"
 else
 	echo "not ok 8"
 fi
 
-geli attach -p -k /dev/null md${no}
+geli attach -p -k /dev/null ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 9"
 else
 	echo "not ok 9"
 fi
 
-geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null
+geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 10"
 else
 	echo "not ok 10"
 fi
 
-geli configure -B md${no}
+geli configure -B ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 11"
 else
 	echo "not ok 11"
 fi
 
-geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null
+geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 12"
 else
 	echo "not ok 12"
 fi
 
-geli dump md${no} | egrep 'flags: 0x0$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x0$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 13"
 else
 	echo "not ok 13"
 fi
 
-geli configure -b md${no}
+geli configure -b ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 14"
 else
 	echo "not ok 14"
 fi
 
-geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null
+geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 15"
 else
 	echo "not ok 15"
 fi
 
-geli dump md${no} | egrep 'flags: 0x2$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x2$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 16"
 else
 	echo "not ok 16"
 fi
 
-geli detach md${no}
+geli detach ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 17"
 else
diff --git a/tests/sys/geom/class/eli/delkey_test.sh b/tests/sys/geom/class/eli/delkey_test.sh
index 67b253efd0d8..a76100a4dda4 100644
--- a/tests/sys/geom/class/eli/delkey_test.sh
+++ b/tests/sys/geom/class/eli/delkey_test.sh
@@ -9,7 +9,7 @@ keyfile1=`mktemp $base.XXXXXX` || exit 1
 keyfile2=`mktemp $base.XXXXXX` || exit 1
 keyfile3=`mktemp $base.XXXXXX` || exit 1
 keyfile4=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..14"
 
@@ -18,21 +18,21 @@ dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1
 dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1
 dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile1 md${no}
-geli attach -p -k $keyfile1 md${no}
-geli setkey -n 1 -P -K $keyfile2 md${no}
+geli init -B none -P -K $keyfile1 ${md}
+geli attach -p -k $keyfile1 ${md}
+geli setkey -n 1 -P -K $keyfile2 ${md}
 
 # Remove key 0 for attached provider.
-geli delkey -n 0 md${no}
+geli delkey -n 0 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # We cannot use keyfile1 anymore.
-geli attach -p -k $keyfile1 md${no} 2>/dev/null
+geli attach -p -k $keyfile1 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 2"
 else
@@ -40,7 +40,7 @@ else
 fi
 
 # Attach with key 1.
-geli attach -p -k $keyfile2 md${no}
+geli attach -p -k $keyfile2 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 3"
 else
@@ -48,7 +48,7 @@ else
 fi
 
 # We cannot remove last key without -f option (for attached provider).
-geli delkey -n 1 md${no} 2>/dev/null
+geli delkey -n 1 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 4"
 else
@@ -56,7 +56,7 @@ else
 fi
 
 # Remove last key for attached provider.
-geli delkey -f -n 1 md${no}
+geli delkey -f -n 1 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 5"
 else
@@ -64,16 +64,16 @@ else
 fi
 
 # If there are no valid keys, but provider is attached, we can save situation.
-geli setkey -n 0 -P -K $keyfile3 md${no}
+geli setkey -n 0 -P -K $keyfile3 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
 	echo "not ok 6"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # We cannot use keyfile2 anymore.
-geli attach -p -k $keyfile2 md${no} 2>/dev/null
+geli attach -p -k $keyfile2 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 7"
 else
@@ -81,7 +81,7 @@ else
 fi
 
 # Attach with key 0.
-geli attach -p -k $keyfile3 md${no}
+geli attach -p -k $keyfile3 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 8"
 else
@@ -89,16 +89,16 @@ else
 fi
 
 # Setup key 1.
-geli setkey -n 1 -P -K $keyfile4 md${no}
+geli setkey -n 1 -P -K $keyfile4 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 9"
 else
 	echo "not ok 9"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # Remove key 1 for detached provider.
-geli delkey -n 1 md${no}
+geli delkey -n 1 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 10"
 else
@@ -106,7 +106,7 @@ else
 fi
 
 # We cannot use keyfile4 anymore.
-geli attach -p -k $keyfile4 md${no} 2>/dev/null
+geli attach -p -k $keyfile4 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 11"
 else
@@ -114,7 +114,7 @@ else
 fi
 
 # We cannot remove last key without -f option (for detached provider).
-geli delkey -n 0 md${no} 2>/dev/null
+geli delkey -n 0 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 12"
 else
@@ -122,7 +122,7 @@ else
 fi
 
 # Remove last key for detached provider.
-geli delkey -f -n 0 md${no}
+geli delkey -f -n 0 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 13"
 else
@@ -130,7 +130,7 @@ else
 fi
 
 # We cannot use keyfile3 anymore.
-geli attach -p -k $keyfile3 md${no} 2>/dev/null
+geli attach -p -k $keyfile3 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 14"
 else
diff --git a/tests/sys/geom/class/eli/detach_l_test.sh b/tests/sys/geom/class/eli/detach_l_test.sh
index 605ae94e6bf0..ba5e1892cf58 100644
--- a/tests/sys/geom/class/eli/detach_l_test.sh
+++ b/tests/sys/geom/class/eli/detach_l_test.sh
@@ -6,36 +6,36 @@
 base=`basename $0`
 sectors=100
 keyfile=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..4"
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile md${no}
-geli attach -p -k $keyfile md${no}
-if [ -c /dev/md${no}.eli ]; then
+geli init -B none -P -K $keyfile ${md}
+geli attach -p -k $keyfile ${md}
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
 # Be sure it doesn't detach before 'detach -l'.
-dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
 sleep 1
-if [ -c /dev/md${no}.eli ]; then
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
-geli detach -l md${no}
-if [ -c /dev/md${no}.eli ]; then
+geli detach -l ${md}
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
-dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
 sleep 1
-if [ ! -c /dev/md${no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 4"
 else
 	echo "not ok 4"
diff --git a/tests/sys/geom/class/eli/init_B_test.sh b/tests/sys/geom/class/eli/init_B_test.sh
index 3ba743cfbc64..8d384a739309 100644
--- a/tests/sys/geom/class/eli/init_B_test.sh
+++ b/tests/sys/geom/class/eli/init_B_test.sh
@@ -12,90 +12,90 @@ echo "1..13"
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-mdconfig -a -t malloc -s $sectors -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors`)
 
 # -B none
-rm -f /var/backups/md${no}.eli
-geli init -B none -P -K $keyfile md${no} 2>/dev/null
-if [ ! -f /var/backups/md${no}.eli ]; then
+rm -f /var/backups/${md}.eli
+geli init -B none -P -K $keyfile ${md} 2>/dev/null
+if [ ! -f /var/backups/${md}.eli ]; then
 	echo "ok 1 - -B none"
 else
 	echo "not ok 1 - -B none"
 fi
 
 # no -B
-rm -f /var/backups/md${no}.eli
-geli init -P -K $keyfile md${no} >/dev/null 2>&1
-if [ -f /var/backups/md${no}.eli ]; then
+rm -f /var/backups/${md}.eli
+geli init -P -K $keyfile ${md} >/dev/null 2>&1
+if [ -f /var/backups/${md}.eli ]; then
 	echo "ok 2 - no -B"
 else
 	echo "not ok 2 - no -B"
 fi
-geli clear md${no}
-geli attach -p -k $keyfile md${no} 2>/dev/null
+geli clear ${md}
+geli attach -p -k $keyfile ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 3 - no -B"
 else
 	echo "not ok 3 - no -B"
 fi
-if [ ! -c /dev/md${no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 4 - no -B"
 else
 	echo "not ok 4 - no -B"
 fi
-geli restore /var/backups/md${no}.eli md${no}
+geli restore /var/backups/${md}.eli ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 5 - no -B"
 else
 	echo "not ok 5 - no -B"
 fi
-geli attach -p -k $keyfile md${no} 2>/dev/null
+geli attach -p -k $keyfile ${md} 2>/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 6 - no -B"
 else
 	echo "not ok 6 - no -B"
 fi
-if [ -c /dev/md${no}.eli ]; then
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 7 - no -B"
 else
 	echo "not ok 7 - no -B"
 fi
-geli detach md${no}
-rm -f /var/backups/md${no}.eli
+geli detach ${md}
+rm -f /var/backups/${md}.eli
 
 # -B file
 rm -f $backupfile
-geli init -B $backupfile -P -K $keyfile md${no} >/dev/null 2>&1
+geli init -B $backupfile -P -K $keyfile ${md} >/dev/null 2>&1
 if [ -f $backupfile ]; then
 	echo "ok 8 - -B file"
 else
 	echo "not ok 8 - -B file"
 fi
-geli clear md${no}
-geli attach -p -k $keyfile md${no} 2>/dev/null
+geli clear ${md}
+geli attach -p -k $keyfile ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 9 - -B file"
 else
 	echo "not ok 9 - -B file"
 fi
-if [ ! -c /dev/md${no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 10 - -B file"
 else
 	echo "not ok 10 - -B file"
 fi
-geli restore $backupfile md${no}
+geli restore $backupfile ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 11 - -B file"
 else
 	echo "not ok 11 - -B file"
 fi
-geli attach -p -k $keyfile md${no} 2>/dev/null
+geli attach -p -k $keyfile ${md} 2>/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 12 - -B file"
 else
 	echo "not ok 12 - -B file"
 fi
-if [ -c /dev/md${no}.eli ]; then
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 13 - -B file"
 else
 	echo "not ok 13 - -B file"
diff --git a/tests/sys/geom/class/eli/init_J_test.sh b/tests/sys/geom/class/eli/init_J_test.sh
index 266a3d537e03..090a50877455 100644
--- a/tests/sys/geom/class/eli/init_J_test.sh
+++ b/tests/sys/geom/class/eli/init_J_test.sh
@@ -9,7 +9,7 @@ keyfile0=`mktemp $base.XXXXXX` || exit 1
 keyfile1=`mktemp $base.XXXXXX` || exit 1
 passfile0=`mktemp $base.XXXXXX` || exit 1
 passfile1=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..150"
 
@@ -20,106 +20,106 @@ dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > ${passfile1}
 
 i=1
 for iter in -1 0 64; do
-	geli init -i ${iter} -B none -J ${passfile0} -P md${no} 2>/dev/null && echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -P ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli init -i ${iter} -B none -J ${passfile0} -P -K ${keyfile0} md${no} 2>/dev/null && echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -P -K ${keyfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli init -i ${iter} -B none -J ${passfile0} -K ${keyfile0} md${no} 2>/dev/null || echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -K ${keyfile0} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -p md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -p ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${keyfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${keyfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${passfile0} -p md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${passfile0} -p ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${keyfile0} -k ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${keyfile0} -k ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${keyfile0} -k ${keyfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${keyfile0} -k ${keyfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} -k ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${passfile0} -k ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} -k ${keyfile0} md${no} 2>/dev/null || echo -n "not "
+	geli attach -j ${passfile0} -k ${keyfile0} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${keyfile0} | geli attach -j ${passfile0} -k - md${no} 2>/dev/null || echo -n "not "
+	cat ${keyfile0} | geli attach -j ${passfile0} -k - ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${passfile0} | geli attach -j - -k ${keyfile0} md${no} 2>/dev/null || echo -n "not "
+	cat ${passfile0} | geli attach -j - -k ${keyfile0} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
 
-	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P md${no} 2>/dev/null && echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P -K ${keyfile0} -K ${keyfile1} md${no} 2>/dev/null && echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P -K ${keyfile0} -K ${keyfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -K ${keyfile0} -K ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -K ${keyfile0} -K ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -p md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -p ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -p md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -p ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -k ${keyfile1} -p md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -k ${keyfile1} -p ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${passfile0} | geli attach -j - -j ${passfile1} -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	cat ${passfile0} | geli attach -j - -j ${passfile1} -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${passfile1} | geli attach -j ${passfile0} -j - -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	cat ${passfile1} | geli attach -j ${passfile0} -j - -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${keyfile0} | geli attach -j ${passfile0} -j ${passfile1} -k - -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	cat ${keyfile0} | geli attach -j ${passfile0} -j ${passfile1} -k - -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k - md${no} 2>/dev/null || echo -n "not "
+	cat ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k - ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${keyfile0} ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k - md${no} 2>/dev/null || echo -n "not "
+	cat ${keyfile0} ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k - ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${passfile0} ${passfile1} | awk '{printf "%s", $0}' | geli attach -j - -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	cat ${passfile0} ${passfile1} | awk '{printf "%s", $0}' | geli attach -j - -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
 done
 
diff --git a/tests/sys/geom/class/eli/init_a_test.sh b/tests/sys/geom/class/eli/init_a_test.sh
index 9b5b251c930b..d363766cd43b 100644
--- a/tests/sys/geom/class/eli/init_a_test.sh
+++ b/tests/sys/geom/class/eli/init_a_test.sh
@@ -15,16 +15,16 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1
-	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
-	geli attach -p -k $keyfile md${no}
+	md=$(attach_md -t malloc -s `expr $secsize \* $sectors + 512`b)
+	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
+	geli attach -p -k $keyfile ${md}
 
-	secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+	secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
 
-	dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+	dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
 
 	md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
 
 	if [ ${md_rnd} = ${md_ddev} ]; then
 		echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
@@ -33,8 +33,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 echo "1..600"
diff --git a/tests/sys/geom/class/eli/init_alias_test.sh b/tests/sys/geom/class/eli/init_alias_test.sh
index 0422bee07065..24aa3941444d 100644
--- a/tests/sys/geom/class/eli/init_alias_test.sh
+++ b/tests/sys/geom/class/eli/init_alias_test.sh
@@ -15,10 +15,10 @@ do_test() {
 	expected_ealgo=$3
 	expected_keylen=$4
 
-	geli init -B none -e $ealgo -l $keylen -P -K $keyfile md${no} 2>/dev/null
-	geli attach -p -k $keyfile md${no}
-	real_ealgo=`geli list md${no}.eli | awk '/EncryptionAlgorithm/ {print $2}'`
-	real_keylen=`geli list md${no}.eli | awk '/KeyLength/ {print $2}'`
+	geli init -B none -e $ealgo -l $keylen -P -K $keyfile ${md} 2>/dev/null
+	geli attach -p -k $keyfile ${md}
+	real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'`
+	real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'`
 
 	if [ ${real_ealgo} = ${expected_ealgo} ]; then
 		echo "ok $i - ${ealgo} aliased to ${real_ealgo}"
@@ -34,12 +34,12 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
+	geli detach ${md}
 }
 
 echo "1..38"
 i=1
-mdconfig -a -t malloc -s 1024k -u $no || exit 1
+md=$(attach_md -t malloc -s 1024k)
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
 for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \
diff --git a/tests/sys/geom/class/eli/init_i_P_test.sh b/tests/sys/geom/class/eli/init_i_P_test.sh
index 1c59a97d391c..e512c3f918eb 100644
--- a/tests/sys/geom/class/eli/init_i_P_test.sh
+++ b/tests/sys/geom/class/eli/init_i_P_test.sh
@@ -6,13 +6,13 @@
 base=`basename $0`
 sectors=100
 keyfile=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..1"
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -i 64 -P -K ${keyfile} md${no} 2>/dev/null
+geli init -B none -i 64 -P -K ${keyfile} ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 1"
 else
diff --git a/tests/sys/geom/class/eli/init_test.sh b/tests/sys/geom/class/eli/init_test.sh
index 31fca551436f..8dd1775c201e 100644
--- a/tests/sys/geom/class/eli/init_test.sh
+++ b/tests/sys/geom/class/eli/init_test.sh
@@ -16,19 +16,19 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1
+	md=$(attach_md -t malloc -s `expr $secsize \* $sectors + 512`b)
 
-	geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
-	geli attach -p -k $keyfile md${no}
+	geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
+	geli attach -p -k $keyfile ${md}
 
-	secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+	secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
 
 	dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1
-	dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+	dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
 
 	md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_edev=`dd if=/dev/md${no} bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5`
 
 	if [ ${md_rnd} = ${md_ddev} ]; then
 		echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
@@ -43,8 +43,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 i=1
diff --git a/tests/sys/geom/class/eli/integrity_copy_test.sh b/tests/sys/geom/class/eli/integrity_copy_test.sh
index ae345d74cae3..ab55b0457d4d 100644
--- a/tests/sys/geom/class/eli/integrity_copy_test.sh
+++ b/tests/sys/geom/class/eli/integrity_copy_test.sh
@@ -16,13 +16,13 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1
-	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
-	geli attach -p -k $keyfile md${no}
+	md=$(attach_md -t malloc -s `expr $secsize \* 2 + 512`b)
+	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
+	geli attach -p -k $keyfile ${md}
 
-	dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+	dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1
 
-	dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+	dd if=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1
 	if [ $? -eq 0 ]; then
 		echo "ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -30,14 +30,14 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
+	geli detach ${md}
 	# Copy first small sector to the second small sector.
 	# This should be detected as corruption.
-	dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1
-	dd if=${sector} of=/dev/md${no} bs=512 count=1 seek=1 >/dev/null 2>&1
-	geli attach -p -k $keyfile md${no}
+	dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1
+	dd if=${sector} of=/dev/${md} bs=512 count=1 seek=1 >/dev/null 2>&1
+	geli attach -p -k $keyfile ${md}
 
-	dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
+	dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		echo "ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -45,14 +45,14 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	ms=`diskinfo /dev/md${no} | awk '{print $3 - 512}'`
-	ns=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+	ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'`
+	ns=`diskinfo /dev/${md}.eli | awk '{print $4}'`
 	usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc`
 
 	# Fix the corruption
-	dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=2 >/dev/null 2>&1
+	dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=2 >/dev/null 2>&1
 
-	dd if=/dev/md${no}.eli bs=${secsize} count=2 >/dev/null 2>&1
+	dd if=/dev/${md}.eli bs=${secsize} count=2 >/dev/null 2>&1
 	if [ $? -eq 0 ]; then
 		echo "ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -60,14 +60,14 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
+	geli detach ${md}
 	# Copy first big sector to the second big sector.
 	# This should be detected as corruption.
-	dd if=/dev/md${no} of=${sector} bs=${usecsize} count=1 >/dev/null 2>&1
-	dd if=${sector} of=/dev/md${no} bs=${usecsize} count=1 seek=1 >/dev/null 2>&1
-	geli attach -p -k $keyfile md${no}
+	dd if=/dev/${md} of=${sector} bs=${usecsize} count=1 >/dev/null 2>&1
+	dd if=${sector} of=/dev/${md} bs=${usecsize} count=1 seek=1 >/dev/null 2>&1
+	geli attach -p -k $keyfile ${md}
 
-	dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=2 >/dev/null 2>&1
+	dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 >/dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		echo "ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -75,8 +75,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 
diff --git a/tests/sys/geom/class/eli/integrity_data_test.sh b/tests/sys/geom/class/eli/integrity_data_test.sh
index 73b950a58a5e..9cabde48bb14 100644
--- a/tests/sys/geom/class/eli/integrity_data_test.sh
+++ b/tests/sys/geom/class/eli/integrity_data_test.sh
@@ -16,16 +16,16 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1
-	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
+	md=$(attach_md -t malloc -s `expr $secsize \* 2 + 512`b)
+	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
 
 	# Corrupt 8 bytes of data.
-	dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1
+	dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1
 	dd if=/dev/random of=${sector} bs=1 count=8 seek=64 conv=notrunc >/dev/null 2>&1
-	dd if=${sector} of=/dev/md${no} bs=512 count=1 >/dev/null 2>&1
-	geli attach -p -k $keyfile md${no}
+	dd if=${sector} of=/dev/${md} bs=512 count=1 >/dev/null 2>&1
+	geli attach -p -k $keyfile ${md}
 
-	dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
+	dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -33,8 +33,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 i=1
diff --git a/tests/sys/geom/class/eli/integrity_hmac_test.sh b/tests/sys/geom/class/eli/integrity_hmac_test.sh
index 6e1dfa585108..6dd5ffbcf78c 100644
--- a/tests/sys/geom/class/eli/integrity_hmac_test.sh
+++ b/tests/sys/geom/class/eli/integrity_hmac_test.sh
@@ -16,16 +16,16 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 2
-	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
+	md=$(attach_md -t malloc -s `expr $secsize \* 2 + 512`b)
+	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
 
 	# Corrupt 8 bytes of HMAC.
-	dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1
+	dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1
 	dd if=/dev/random of=${sector} bs=1 count=16 conv=notrunc >/dev/null 2>&1
-	dd if=${sector} of=/dev/md${no} bs=512 count=1 >/dev/null 2>&1
-	geli attach -p -k $keyfile md${no}
+	dd if=${sector} of=/dev/${md} bs=512 count=1 >/dev/null 2>&1
+	geli attach -p -k $keyfile ${md}
 
-	dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+	dd if=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -33,8 +33,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 
diff --git a/tests/sys/geom/class/eli/kill_test.sh b/tests/sys/geom/class/eli/kill_test.sh
index ccced9f47397..241f2ce73e39 100644
--- a/tests/sys/geom/class/eli/kill_test.sh
+++ b/tests/sys/geom/class/eli/kill_test.sh
@@ -7,19 +7,19 @@ base=`basename $0`
 sectors=100
 keyfile1=`mktemp $base.XXXXXX` || exit 1
 keyfile2=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..9"
 
 dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1
 dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile1 md${no}
-geli attach -p -k $keyfile1 md${no}
-geli setkey -n 1 -P -K $keyfile2 md${no}
+geli init -B none -P -K $keyfile1 ${md}
+geli attach -p -k $keyfile1 ${md}
+geli setkey -n 1 -P -K $keyfile2 ${md}
 
 # Kill attached provider.
-geli kill md${no}
+geli kill ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 1"
 else
@@ -27,14 +27,14 @@ else
 fi
 sleep 1
 # Provider should be automatically detached.
-if [ ! -c /dev/md{$no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
 
 # We cannot use keyfile1 anymore.
-geli attach -p -k $keyfile1 md${no} 2>/dev/null
+geli attach -p -k $keyfile1 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 3"
 else
@@ -42,36 +42,36 @@ else
 fi
 
 # We cannot use keyfile2 anymore.
-geli attach -p -k $keyfile2 md${no} 2>/dev/null
+geli attach -p -k $keyfile2 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 4"
 else
 	echo "not ok 4"
 fi
 
-geli init -B none -P -K $keyfile1 md${no}
-geli setkey -n 1 -p -k $keyfile1 -P -K $keyfile2 md${no}
+geli init -B none -P -K $keyfile1 ${md}
+geli setkey -n 1 -p -k $keyfile1 -P -K $keyfile2 ${md}
 
 # Should be possible to attach with keyfile1.
-geli attach -p -k $keyfile1 md${no}
+geli attach -p -k $keyfile1 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 5"
 else
 	echo "not ok 5"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # Should be possible to attach with keyfile2.
-geli attach -p -k $keyfile2 md${no}
+geli attach -p -k $keyfile2 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
 	echo "not ok 6"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # Kill detached provider.
-geli kill md${no}
+geli kill ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 7"
 else
@@ -79,7 +79,7 @@ else
 fi
 
 # We cannot use keyfile1 anymore.
-geli attach -p -k $keyfile1 md${no} 2>/dev/null
+geli attach -p -k $keyfile1 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 8"
 else
@@ -87,7 +87,7 @@ else
 fi
 
 # We cannot use keyfile2 anymore.
-geli attach -p -k $keyfile2 md${no} 2>/dev/null
+geli attach -p -k $keyfile2 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 9"
 else
diff --git a/tests/sys/geom/class/eli/nokey_test.sh b/tests/sys/geom/class/eli/nokey_test.sh
index f32e1a4f1eba..282979bd4556 100644
--- a/tests/sys/geom/class/eli/nokey_test.sh
+++ b/tests/sys/geom/class/eli/nokey_test.sh
@@ -6,11 +6,11 @@
 base=`basename $0`
 sectors=100
 keyfile=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..8"
 
-geli init -B none -P md${no} 2>/dev/null
+geli init -B none -P ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 1"
 else
@@ -19,43 +19,43 @@ fi
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K ${keyfile} md${no} 2>/dev/null
+geli init -B none -P -K ${keyfile} ${md} 2>/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
-geli attach -p md${no} 2>/dev/null
+geli attach -p ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
-geli attach -p -k ${keyfile} md${no} 2>/dev/null
+geli attach -p -k ${keyfile} ${md} 2>/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 4"
 else
 	echo "not ok 4"
 fi
-geli setkey -n 0 -P md${no} 2>/dev/null
+geli setkey -n 0 -P ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 5"
 else
 	echo "not ok 5"
 fi
-geli detach md${no} 2>/dev/null
+geli detach ${md} 2>/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
 	echo "not ok 6"
 fi
-geli setkey -n 0 -p -P -K ${keyfile} md${no} 2>/dev/null
+geli setkey -n 0 -p -P -K ${keyfile} ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 7"
 else
 	echo "not ok 7"
 fi
-geli setkey -n 0 -p -k ${keyfile} -P md${no} 2>/dev/null
+geli setkey -n 0 -p -k ${keyfile} -P ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 8"
 else
diff --git a/tests/sys/geom/class/eli/onetime_a_test.sh b/tests/sys/geom/class/eli/onetime_a_test.sh
index 0cccf3031355..f0d3892a128a 100644
--- a/tests/sys/geom/class/eli/onetime_a_test.sh
+++ b/tests/sys/geom/class/eli/onetime_a_test.sh
@@ -16,15 +16,15 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1
-	geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize md${no} 2>/dev/null
+	md=$(attach_md -t malloc -s `expr $secsize \* $sectors + 512`b)
+	geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md} 2>/dev/null
 
-	secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+	secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
 
-	dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+	dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
 
 	md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
 
 	if [ ${md_rnd} = ${md_ddev} ]; then
 		echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
@@ -33,8 +33,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 i=1
diff --git a/tests/sys/geom/class/eli/onetime_d_test.sh b/tests/sys/geom/class/eli/onetime_d_test.sh
index 51a6abb8c97a..c39ac8f9726f 100644
--- a/tests/sys/geom/class/eli/onetime_d_test.sh
+++ b/tests/sys/geom/class/eli/onetime_d_test.sh
@@ -5,30 +5,30 @@
 
 base=`basename $0`
 sectors=100
-mdconfig -a -t malloc -s $sectors -u $no || exit 1
+md=$(attach_md -t malloc -s $sectors)
 
 echo "1..3"
 
-geli onetime -d md${no}
-if [ -c /dev/md${no}.eli ]; then
+geli onetime -d ${md}
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
 # Be sure it doesn't detach on read.
-dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
 sleep 1
-if [ -c /dev/md${no}.eli ]; then
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
-true > /dev/md${no}.eli
+true > /dev/${md}.eli
 sleep 1
-if [ ! -c /dev/md${no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
 
-mdconfig -d -u $no
+mdconfig -d -u ${md}
diff --git a/tests/sys/geom/class/eli/onetime_test.sh b/tests/sys/geom/class/eli/onetime_test.sh
index 3cade152829a..37f5cba0d908 100644
--- a/tests/sys/geom/class/eli/onetime_test.sh
+++ b/tests/sys/geom/class/eli/onetime_test.sh
@@ -15,18 +15,18 @@ do_test() {
 	keylen=${cipher##*:}
 
 	rnd=`mktemp $base.XXXXXX` || exit 1
-	mdconfig -a -t malloc -s `expr $secsize \* $sectors`b -u $no || exit 1
+	md=$(attach_md -t malloc -s `expr $secsize \* $sectors`b)
 
-	geli onetime -e $ealgo -l $keylen -s $secsize md${no} 2>/dev/null
+	geli onetime -e $ealgo -l $keylen -s $secsize ${md} 2>/dev/null
 
-	secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+	secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
 
 	dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1
-	dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+	dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
 
 	md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_edev=`dd if=/dev/md${no} bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5`
 
 	if [ ${md_rnd} = ${md_ddev} ]; then
 		echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
@@ -41,9 +41,9 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
+	geli detach ${md}
 	rm -f $rnd
-	mdconfig -d -u $no
+	mdconfig -d -u ${md}
 }
 
 i=1
diff --git a/tests/sys/geom/class/eli/readonly_test.sh b/tests/sys/geom/class/eli/readonly_test.sh
index 721ad62f3b5f..2d69d14769e6 100644
--- a/tests/sys/geom/class/eli/readonly_test.sh
+++ b/tests/sys/geom/class/eli/readonly_test.sh
@@ -6,34 +6,34 @@
 base=`basename $0`
 sectors=100
 keyfile=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..11"
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile md${no}
+geli init -B none -P -K $keyfile ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
 
-geli attach -r -p -k $keyfile md${no}
+geli attach -r -p -k $keyfile ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
 
-sh -c "true >/dev/md${no}.eli" 2>/dev/null
+sh -c "true >/dev/${md}.eli" 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
 
-geli kill md${no}
+geli kill ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 4"
 else
@@ -41,54 +41,54 @@ else
 fi
 
 # kill should detach provider...
-if [ ! -c /dev/md{$no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 5"
 else
 	echo "not ok 5"
 fi
 
 # ...but not destroy the metadata.
-geli attach -r -p -k $keyfile md${no}
+geli attach -r -p -k $keyfile ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
 	echo "not ok 6"
 fi
 
-geli setkey -n 1 -P -K /dev/null md${no} 2>/dev/null
+geli setkey -n 1 -P -K /dev/null ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 7"
 else
 	echo "not ok 7"
 fi
 
-geli delkey -n 0 md${no} 2>/dev/null
+geli delkey -n 0 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 8"
 else
 	echo "not ok 8"
 fi
 
-geli delkey -f -n 0 md${no} 2>/dev/null
+geli delkey -f -n 0 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 9"
 else
 	echo "not ok 9"
 fi
 
-geli list md${no}.eli | egrep '^Flags: .*READ-ONLY' >/dev/null
+geli list ${md}.eli | egrep '^Flags: .*READ-ONLY' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 10"
 else
 	echo "not ok 10"
 fi
 
-geli detach md${no}
+geli detach ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 11"
 else
 	echo "not ok 11"
 fi
 
-mdconfig -d -u $no
+mdconfig -d -u ${md}
 rm -f $keyfile
diff --git a/tests/sys/geom/class/eli/resize_test.sh b/tests/sys/geom/class/eli/resize_test.sh
index ef40ee59b0c7..c71597116398 100644
--- a/tests/sys/geom/class/eli/resize_test.sh
+++ b/tests/sys/geom/class/eli/resize_test.sh
@@ -8,8 +8,7 @@ echo 1..27
 BLK=512
 BLKS_PER_MB=2048
 
-md=$(mdconfig -s40m) || exit 1
-unit=${md#md}
+md=$(attach_md -t malloc -s40m)
 i=1
 
 fsck_md()
diff --git a/tests/sys/geom/class/eli/setkey_test.sh b/tests/sys/geom/class/eli/setkey_test.sh
index 458100c7da86..087524d292b7 100644
--- a/tests/sys/geom/class/eli/setkey_test.sh
+++ b/tests/sys/geom/class/eli/setkey_test.sh
@@ -11,7 +11,7 @@ keyfile2=`mktemp $base.XXXXXX` || exit 1
 keyfile3=`mktemp $base.XXXXXX` || exit 1
 keyfile4=`mktemp $base.XXXXXX` || exit 1
 keyfile5=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..16"
 
@@ -23,24 +23,24 @@ dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1
 dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1
 dd if=/dev/random of=${keyfile5} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile1 md${no}
-geli attach -p -k $keyfile1 md${no}
+geli init -B none -P -K $keyfile1 ${md}
+geli attach -p -k $keyfile1 ${md}
 
-dd if=${rnd} of=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null
+dd if=${rnd} of=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null
 rm -f $rnd
-hash2=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
 
 # Change current key (0) for attached provider.
-geli setkey -P -K $keyfile2 md${no}
+geli setkey -P -K $keyfile2 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # We cannot use keyfile1 anymore.
-geli attach -p -k $keyfile1 md${no} 2>/dev/null
+geli attach -p -k $keyfile1 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 2"
 else
@@ -48,35 +48,35 @@ else
 fi
 
 # Attach with new key.
-geli attach -p -k $keyfile2 md${no}
+geli attach -p -k $keyfile2 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
-hash3=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
 
 # Change key 1 for attached provider.
-geli setkey -n 1 -P -K $keyfile3 md${no}
+geli setkey -n 1 -P -K $keyfile3 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 4"
 else
 	echo "not ok 4"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # Attach with key 1.
-geli attach -p -k $keyfile3 md${no}
+geli attach -p -k $keyfile3 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 5"
 else
 	echo "not ok 5"
 fi
-hash4=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
-geli detach md${no}
+hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+geli detach ${md}
 
 # Change current (1) key for detached provider.
-geli setkey -p -k $keyfile3 -P -K $keyfile4 md${no}
+geli setkey -p -k $keyfile3 -P -K $keyfile4 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
@@ -84,7 +84,7 @@ else
 fi
 
 # We cannot use keyfile3 anymore.
-geli attach -p -k $keyfile3 md${no} 2>/dev/null
+geli attach -p -k $keyfile3 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 7"
 else
@@ -92,17 +92,17 @@ else
 fi
 
 # Attach with key 1.
-geli attach -p -k $keyfile4 md${no}
+geli attach -p -k $keyfile4 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 8"
 else
 	echo "not ok 8"
 fi
-hash5=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
-geli detach md${no}
+hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+geli detach ${md}
 
 # Change key 0 for detached provider.
-geli setkey -n 0 -p -k $keyfile4 -P -K $keyfile5 md${no}
+geli setkey -n 0 -p -k $keyfile4 -P -K $keyfile5 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 9"
 else
@@ -110,7 +110,7 @@ else
 fi
 
 # We cannot use keyfile2 anymore.
-geli attach -p -k $keyfile2 md${no} 2>/dev/null
+geli attach -p -k $keyfile2 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 10"
 else
@@ -118,14 +118,14 @@ else
 fi
 
 # Attach with key 0.
-geli attach -p -k $keyfile5 md${no}
+geli attach -p -k $keyfile5 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 11"
 else
 	echo "not ok 11"
 fi
-hash6=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
-geli detach md${no}
+hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+geli detach ${md}
 
 if [ ${hash1} = ${hash2} ]; then
 	echo "ok 12"