@@ -, +, @@ --- sys/geom/eli/g_eli.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- b/sys/geom/eli/g_eli.c +++ b/sys/geom/eli/g_eli.c @@ -1062,7 +1062,8 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused) tries = 1; } else { /* Ask for the passphrase no more than g_eli_tries times. */ - tries = g_eli_tries; + /* CyberLeo: Add one to test first without password. */ + tries = g_eli_tries + 1; } for (i = 0; i < tries; i++) { @@ -1088,7 +1089,8 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused) } /* Ask for the passphrase if defined. */ - if (md.md_iterations >= 0) { + /* CyberLeo: Don't ask if this is the first try */ + if (i > 0 && md.md_iterations >= 0) { printf("Enter passphrase for %s: ", pp->name); cngets(passphrase, sizeof(passphrase), g_eli_visible_passphrase); @@ -1096,14 +1098,15 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused) /* * Prepare Derived-Key from the user passphrase. + * CyberLeo: But only after the first try. */ - if (md.md_iterations == 0) { + if (i > 0 && md.md_iterations == 0) { g_eli_crypto_hmac_update(&ctx, md.md_salt, sizeof(md.md_salt)); g_eli_crypto_hmac_update(&ctx, passphrase, strlen(passphrase)); bzero(passphrase, sizeof(passphrase)); - } else if (md.md_iterations > 0) { + } else if (i > 0 && md.md_iterations > 0) { u_char dkey[G_ELI_USERKEYLEN]; pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt, --