@@ -, +, @@ 
---
 sys/geom/eli/g_eli.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)
--- b/sys/geom/eli/g_eli.c	
+++ b/sys/geom/eli/g_eli.c	
@@ -1062,7 +1062,8 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
 		tries = 1;
 	} else {
 		/* Ask for the passphrase no more than g_eli_tries times. */
-		tries = g_eli_tries;
+		/* CyberLeo: Add one to test first without password. */
+		tries = g_eli_tries + 1;
 	}
 
 	for (i = 0; i < tries; i++) {
@@ -1088,7 +1089,8 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
 		}
 
 		/* Ask for the passphrase if defined. */
-		if (md.md_iterations >= 0) {
+		/* CyberLeo: Don't ask if this is the first try */
+		if (i > 0 && md.md_iterations >= 0) {
 			printf("Enter passphrase for %s: ", pp->name);
 			cngets(passphrase, sizeof(passphrase),
 			    g_eli_visible_passphrase);
@@ -1096,14 +1098,15 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
 
 		/*
 		 * Prepare Derived-Key from the user passphrase.
+		 * CyberLeo: But only after the first try.
 		 */
-		if (md.md_iterations == 0) {
+		if (i > 0 && md.md_iterations == 0) {
 			g_eli_crypto_hmac_update(&ctx, md.md_salt,
 			    sizeof(md.md_salt));
 			g_eli_crypto_hmac_update(&ctx, passphrase,
 			    strlen(passphrase));
 			bzero(passphrase, sizeof(passphrase));
-		} else if (md.md_iterations > 0) {
+		} else if (i > 0 && md.md_iterations > 0) {
 			u_char dkey[G_ELI_USERKEYLEN];
 
 			pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
--