d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not prompt for GELI passphrase is encrypted with keys only

Browse Source 
PR:		208251
Submitted by:	Fabian Keil <fk@fabiankeil.de>
Sponsored by:	ScaleEngine Inc.
This commit is contained in:
allanjude 2016-03-26 15:39:48 +00:00
parent fb2b224f5a
commit 3ceaefacf8
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sys/boot/geli/geliboot.c
View File

@ -94,6 +94,11 @@ geli_taste(int read_func(void *vdev, void *priv, off_t off, void *buf,
/* Disk is not GELI boot device, skip it */
return (1);
}
if (md.md_iterations < 0) {
/* XXX TODO: Support loading key files */
/* Disk does not have a passphrase, skip it */
return (1);
}
geli_e = malloc(sizeof(struct geli_entry));
if (geli_e == NULL)
return (2);
@ -137,7 +142,10 @@ geli_attach(struct dsk *dskp, const char *passphrase)
/*
* Prepare Derived-Key from the user passphrase.
*/
if (geli_e->md.md_iterations == 0) {
if (geli_e->md.md_iterations < 0) {
/* XXX TODO: Support loading key files */
return (1);
} else if (geli_e->md.md_iterations == 0) {
g_eli_crypto_hmac_update(&ctx, geli_e->md.md_salt,
sizeof(geli_e->md.md_salt));
g_eli_crypto_hmac_update(&ctx, passphrase,