From nobody@FreeBSD.org  Sun Dec 22 10:51:32 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 702C3114
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 22 Dec 2013 10:51:32 +0000 (UTC)
Received: from oldred.freebsd.org (oldred.freebsd.org [IPv6:2001:1900:2254:206a::50:4])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 5AE94137A
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 22 Dec 2013 10:51:32 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id rBMApVMc066559
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 22 Dec 2013 10:51:31 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id rBMApVFG066549;
	Sun, 22 Dec 2013 10:51:31 GMT
	(envelope-from nobody)
Message-Id: <201312221051.rBMApVFG066549@oldred.freebsd.org>
Date: Sun, 22 Dec 2013 10:51:31 GMT
From: Fabian Keil <fk@fabiankeil.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [regression][geli] Keyfile content potentially cleared prematurely after r259428
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         185084
>Category:       kern
>Synopsis:       [regression][geli] Keyfile content potentially cleared prematurely after r259428
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Dec 22 11:00:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Fabian Keil
>Release:        HEAD
>Organization:
>Environment:
FreeBSD r500.local 11.0-CURRENT FreeBSD 11.0-CURRENT #622 r259649+aa0d7b0(fk): Sat Dec 21 21:30:53 CET 2013     fk@r500.local:/usr/obj/usr/src/sys/ZOEY  amd64

>Description:
After r259428 the loaded keyfile content is cleared in g_eli_keyfiles_load().

This is potentially prematurely.

If there's also a passphrase and the user fails to get it right the first time, the following attempts are now guaranteed to fail due to lacking keyfile content (unless the keyfile only contained zeroes anyway).
>How-To-Repeat:
Boot with a geli provider that has the BOOT flag set and requires a keyfile and a passphrase to attach, enter an incorrect passphrase the first time and try again using the correct one.
>Fix:
Revert r259428, (optionally) apply a patch like the attached one to clear the keyfile content once it's no longer needed.

Patch attached with submission follows:

From 584f628f5d5d4a2a8ee0af660b16b5ceb31f73b1 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Sat, 21 Dec 2013 18:54:09 +0100
Subject: [PATCH] Let g_eli_taste() call g_eli_keyfiles_clear() upon successful
 master key retrieval

---
 sys/geom/eli/g_eli.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/geom/eli/g_eli.c b/sys/geom/eli/g_eli.c
index 3dff46e..24be5af 100644
--- a/sys/geom/eli/g_eli.c
+++ b/sys/geom/eli/g_eli.c
@@ -1141,6 +1141,7 @@ g_eli_taste(struct g_class *mp, struct g_provider *pp, int flags __unused)
 			g_eli_keyfiles_clear(pp->name);
 			return (NULL);
 		}
+		g_eli_keyfiles_clear(pp->name);
 		G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name);
 		break;
 	}
-- 
1.8.4.2



>Release-Note:
>Audit-Trail:
>Unformatted:
