Attachment #147290 for bug #193624




		tries = 1;
	} else {
		/* Ask for the passphrase no more than g_eli_tries times. */
		/* CyberLeo: Add one to test first without password. */
		tries = g_eli_tries + 1;
	}

	for (i = 0; i < tries; i++) {

		}

		/* Ask for the passphrase if defined. */
		/* CyberLeo: Don't ask if this is the first try */
		if (i > 0 && md.md_iterations >= 0) {
			printf("Enter passphrase for %s: ", pp->name);
			cngets(passphrase, sizeof(passphrase),
			    g_eli_visible_passphrase);


		/*
		 * Prepare Derived-Key from the user passphrase.
		 * CyberLeo: But only after the first try.
		 */
		if (i > 0 && md.md_iterations == 0) {
			g_eli_crypto_hmac_update(&ctx, md.md_salt,
			    sizeof(md.md_salt));
			g_eli_crypto_hmac_update(&ctx, passphrase,
			    strlen(passphrase));
			bzero(passphrase, sizeof(passphrase));
		} else if (i > 0 && md.md_iterations > 0) {
			u_char dkey[G_ELI_USERKEYLEN];

			pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
- 

Return to bug 193624

Lines 1062-1068 g_eli_taste(struct g_class mp, struct g_provider pp, int flags __unused) Link Here

(-)b/sys/geom/eli/g_eli.c (-5 / +7 lines)
1062	tries = 1;	1062	tries = 1;
1063	} else {	1063	} else {
1064	/* Ask for the passphrase no more than g_eli_tries times. */	1064	/* Ask for the passphrase no more than g_eli_tries times. */
1065	tries = g_eli_tries;	1065	/* CyberLeo: Add one to test first without password. */
		1066	tries = g_eli_tries + 1;
1066	}	1067	}
1067		1068
1068	for (i = 0; i < tries; i++) {	1069	for (i = 0; i < tries; i++) {
Lines 1088-1094 g_eli_taste(struct g_class mp, struct g_provider pp, int flags __unused) Link Here
1088	}	1089	}
1089		1090
1090	/* Ask for the passphrase if defined. */	1091	/* Ask for the passphrase if defined. */
1091	if (md.md_iterations >= 0) {	1092	/* CyberLeo: Don't ask if this is the first try */
		1093	if (i > 0 && md.md_iterations >= 0) {
1092	printf("Enter passphrase for %s: ", pp->name);	1094	printf("Enter passphrase for %s: ", pp->name);
1093	cngets(passphrase, sizeof(passphrase),	1095	cngets(passphrase, sizeof(passphrase),
1094	g_eli_visible_passphrase);	1096	g_eli_visible_passphrase);
Lines 1096-1109 g_eli_taste(struct g_class mp, struct g_provider pp, int flags __unused) Link Here
1096		1098
1097	/*	1099	/*
1098	* Prepare Derived-Key from the user passphrase.	1100	* Prepare Derived-Key from the user passphrase.
		1101	* CyberLeo: But only after the first try.
1099	*/	1102	*/
1100	if (md.md_iterations == 0) {	1103	if (i > 0 && md.md_iterations == 0) {
1101	g_eli_crypto_hmac_update(&ctx, md.md_salt,	1104	g_eli_crypto_hmac_update(&ctx, md.md_salt,
1102	sizeof(md.md_salt));	1105	sizeof(md.md_salt));
1103	g_eli_crypto_hmac_update(&ctx, passphrase,	1106	g_eli_crypto_hmac_update(&ctx, passphrase,
1104	strlen(passphrase));	1107	strlen(passphrase));
1105	bzero(passphrase, sizeof(passphrase));	1108	bzero(passphrase, sizeof(passphrase));
1106	} else if (md.md_iterations > 0) {	1109	} else if (i > 0 && md.md_iterations > 0) {
1107	u_char dkey[G_ELI_USERKEYLEN];	1110	u_char dkey[G_ELI_USERKEYLEN];
1108		1111
1109	pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,	1112	pkcs5v2_genkey(dkey, sizeof(dkey), md.md_salt,
1110	-