Index: tests/sys/geom/class/eli/onetime_test.sh =================================================================== --- tests/sys/geom/class/eli/onetime_test.sh (revision 363155) +++ tests/sys/geom/class/eli/onetime_test.sh (working copy) @@ -130,9 +130,54 @@ geli_test_cleanup } +atf_test_case onetime cleanup +onetime_null_head() +{ + atf_set "descr" "geli onetime can use the null cipher" + atf_set "require.user" "root" +} +onetime_null_body() +{ + geli_test_setup + + sectors=100 + + dd if=/dev/random of=rnd bs=${MAX_SECSIZE} count=${sectors} status=none + + secsize=512 + ealgo=${cipher%%:*} + keylen=${cipher##*:} + + md=$(attach_md -t malloc -s 100k) + + atf_check -s exit:0 -o ignore -e ignore \ + geli onetime -e null -s ${secsize} ${md} + + atf_check dd if=rnd of=/dev/${md}.eli bs=${secsize} count=${sectors} status=none + + md_rnd=`dd if=rnd bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + md_edev=`dd if=/dev/${md} bs=${secsize} count=${sectors} status=none | md5` + atf_check_equal 0 $? + + if [ ${md_rnd} != ${md_ddev} ]; then + atf_fail "geli did not return the original data" + fi + if [ ${md_rnd} != ${md_edev} ]; then + atf_fail "geli encrypted the data even with the null cipher" + fi +} +onetime_null_cleanup() +{ + geli_test_cleanup +} + atf_init_test_cases() { atf_add_test_case onetime atf_add_test_case onetime_a atf_add_test_case onetime_d + atf_add_test_case onetime_null } Index: sys/geom/eli/g_eli_integrity.c =================================================================== --- sys/geom/eli/g_eli_integrity.c (revision 363155) +++ sys/geom/eli/g_eli_integrity.c (working copy) @@ -536,13 +536,15 @@ crp->crp_digest_start = 0; crp->crp_payload_start = sc->sc_alen; crp->crp_payload_length = data_secsize; - crp->crp_flags |= CRYPTO_F_IV_SEPARATE; if ((sc->sc_flags & G_ELI_FLAG_FIRST_KEY) == 0) { crp->crp_cipher_key = g_eli_key_hold(sc, dstoff, encr_secsize); } - g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv, - sizeof(crp->crp_iv)); + if (g_eli_ivlen(sc->sc_ealgo) != 0) { + crp->crp_flags |= CRYPTO_F_IV_SEPARATE; + g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv, + sizeof(crp->crp_iv)); + } g_eli_auth_keygen(sc, dstoff, authkey); crp->crp_auth_key = authkey; Index: sys/geom/eli/g_eli_privacy.c =================================================================== --- sys/geom/eli/g_eli_privacy.c (revision 363155) +++ sys/geom/eli/g_eli_privacy.c (working copy) @@ -281,13 +281,15 @@ crp->crp_payload_start = 0; crp->crp_payload_length = secsize; - crp->crp_flags |= CRYPTO_F_IV_SEPARATE; if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) == 0) { crp->crp_cipher_key = g_eli_key_hold(sc, dstoff, secsize); } - g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv, - sizeof(crp->crp_iv)); + if (g_eli_ivlen(sc->sc_ealgo) != 0) { + crp->crp_flags |= CRYPTO_F_IV_SEPARATE; + g_eli_crypto_ivgen(sc, dstoff, crp->crp_iv, + sizeof(crp->crp_iv)); + } error = crypto_dispatch(crp); KASSERT(error == 0, ("crypto_dispatch() failed (error=%d)",