Author: allanjude
Date: Sat Mar 26 15:39:48 2016
New Revision: 297293
URL: https://svnweb.freebsd.org/changeset/base/297293
Log:
Do not prompt for GELI passphrase is encrypted with keys only
PR: 208251
Submitted by: Fabian Keil <f...@fabiankeil.de>
Sponsored by: ScaleEngine Inc.
Modified:
head/sys/boot/geli/geliboot.c
Modified: head/sys/boot/geli/geliboot.c
==============================================================================
--- head/sys/boot/geli/geliboot.c Sat Mar 26 12:19:27 2016
(r297292)
+++ head/sys/boot/geli/geliboot.c Sat Mar 26 15:39:48 2016
(r297293)
@@ -94,6 +94,11 @@ geli_taste(int read_func(void *vdev, voi
/* Disk is not GELI boot device, skip it */
return (1);
}
+ if (md.md_iterations < 0) {
+ /* XXX TODO: Support loading key files */
+ /* Disk does not have a passphrase, skip it */
+ return (1);
+ }
geli_e = malloc(sizeof(struct geli_entry));
if (geli_e == NULL)
return (2);
@@ -137,7 +142,10 @@ geli_attach(struct dsk *dskp, const char
/*
* Prepare Derived-Key from the user passphrase.
*/
- if (geli_e->md.md_iterations == 0) {
+ if (geli_e->md.md_iterations < 0) {
+ /* XXX TODO: Support loading key files */
+ return (1);
+ } else if (geli_e->md.md_iterations == 0) {
g_eli_crypto_hmac_update(&ctx, geli_e->md.md_salt,
sizeof(geli_e->md.md_salt));
g_eli_crypto_hmac_update(&ctx, passphrase,
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
