From 041999e3d06c6cce44f4c2cba962fa7b599c6ca7 Mon Sep 17 00:00:00 2001
From: Alan Somers <asomers@FreeBSD.org>
Date: Fri, 29 Dec 2017 16:06:10 +0000
Subject: [PATCH] Fix potential TOCTTOU bug in the geli tests

This change mostly reverts r293436, which introduced the bug due to a belief
that geli(8) would allocate md(4) devices by itself. However, that belief is
incorrect. Instead of using linear probing to find available md(4) numbers,
it's best to use the existing attach_md function.

Reviewed by:	ngie
MFC after:	2 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D13666
---
 tests/sys/geom/class/eli/attach_d_test.sh     |  16 +--
 tests/sys/geom/class/eli/conf.sh              |  17 ++-
 .../sys/geom/class/eli/configure_b_B_test.sh  |  36 +++----
 tests/sys/geom/class/eli/delkey_test.sh       |  42 ++++----
 tests/sys/geom/class/eli/detach_l_test.sh     |  20 ++--
 tests/sys/geom/class/eli/init_B_test.sh       |  44 ++++----
 tests/sys/geom/class/eli/init_J_test.sh       | 102 +++++++++---------
 tests/sys/geom/class/eli/init_a_test.sh       |  16 +--
 tests/sys/geom/class/eli/init_alias_test.sh   |  12 +--
 tests/sys/geom/class/eli/init_i_P_test.sh     |   4 +-
 tests/sys/geom/class/eli/init_test.sh         |  18 ++--
 .../sys/geom/class/eli/integrity_copy_test.sh |  42 ++++----
 .../sys/geom/class/eli/integrity_data_test.sh |  16 +--
 .../sys/geom/class/eli/integrity_hmac_test.sh |  16 +--
 tests/sys/geom/class/eli/kill_test.sh         |  34 +++---
 tests/sys/geom/class/eli/nokey_test.sh        |  18 ++--
 tests/sys/geom/class/eli/onetime_a_test.sh    |  14 +--
 tests/sys/geom/class/eli/onetime_d_test.sh    |  16 +--
 tests/sys/geom/class/eli/onetime_test.sh      |  16 +--
 tests/sys/geom/class/eli/readonly_test.sh     |  26 ++---
 tests/sys/geom/class/eli/resize_test.sh       |   3 +-
 tests/sys/geom/class/eli/setkey_test.sh       |  50 ++++-----
 22 files changed, 288 insertions(+), 290 deletions(-)

diff --git a/tests/sys/geom/class/eli/attach_d_test.sh b/tests/sys/geom/class/eli/attach_d_test.sh
index 5d700b3270c..ed9226972d8 100644
--- a/tests/sys/geom/class/eli/attach_d_test.sh
+++ b/tests/sys/geom/class/eli/attach_d_test.sh
@@ -6,30 +6,30 @@
 base=`basename $0`
 sectors=100
 keyfile=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..3"
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile md${no}
-geli attach -d -p -k $keyfile md${no}
-if [ -c /dev/md${no}.eli ]; then
+geli init -B none -P -K $keyfile ${md}
+geli attach -d -p -k $keyfile ${md}
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
 # Be sure it doesn't detach on read.
-dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
 sleep 1
-if [ -c /dev/md${no}.eli ]; then
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
-true > /dev/md${no}.eli
+true > /dev/${md}.eli
 sleep 1
-if [ ! -c /dev/md${no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
diff --git a/tests/sys/geom/class/eli/conf.sh b/tests/sys/geom/class/eli/conf.sh
index 5ac291b2e15..117b281c79b 100644
--- a/tests/sys/geom/class/eli/conf.sh
+++ b/tests/sys/geom/class/eli/conf.sh
@@ -4,13 +4,6 @@
 class="eli"
 base=`basename $0`
 
-# We need to use linear probing in order to detect the first available md(4)
-# device instead of using mdconfig -a -t, because geli(8) attachs md(4) devices
-no=0
-while [ -c /dev/md$no ]; do
-	: $(( no += 1 ))
-done
-
 # Execute `func` for each combination of cipher, sectorsize, and hmac algo
 # `func` usage should be:
 # func <cipher> <aalgo> <secsize>
@@ -61,8 +54,14 @@ for_each_geli_config_nointegrity() {
 
 geli_test_cleanup()
 {
-	[ -c /dev/md${no}.eli ] && geli detach md${no}.eli
-	mdconfig -d -u $no
+	if [ -f "$TEST_MDS_FILE" ]; then
+		while read md; do
+			[ -c /dev/${md}.eli ] && \
+				geli detach $md.eli 2>/dev/null
+			mdconfig -d -u $md 2>/dev/null
+		done < $TEST_MDS_FILE
+	fi
+	rm -f "$TEST_MDS_FILE"
 }
 trap geli_test_cleanup ABRT EXIT INT TERM
 
diff --git a/tests/sys/geom/class/eli/configure_b_B_test.sh b/tests/sys/geom/class/eli/configure_b_B_test.sh
index b6cdf4fe1d9..521917551fc 100644
--- a/tests/sys/geom/class/eli/configure_b_B_test.sh
+++ b/tests/sys/geom/class/eli/configure_b_B_test.sh
@@ -5,123 +5,123 @@
 
 base=`basename $0`
 sectors=100
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..17"
 
-geli init -B none -P -K /dev/null md${no}
+geli init -B none -P -K /dev/null ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
 
-geli dump md${no} | egrep 'flags: 0x0$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x0$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
 
-geli init -B none -b -P -K /dev/null md${no}
+geli init -B none -b -P -K /dev/null ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
 
-geli dump md${no} | egrep 'flags: 0x2$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x2$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 4"
 else
 	echo "not ok 4"
 fi
 
-geli configure -B md${no}
+geli configure -B ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 5"
 else
 	echo "not ok 5"
 fi
 
-geli dump md${no} | egrep 'flags: 0x0$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x0$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
 	echo "not ok 6"
 fi
 
-geli configure -b md${no}
+geli configure -b ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 7"
 else
 	echo "not ok 7"
 fi
 
-geli dump md${no} | egrep 'flags: 0x2$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x2$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 8"
 else
 	echo "not ok 8"
 fi
 
-geli attach -p -k /dev/null md${no}
+geli attach -p -k /dev/null ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 9"
 else
 	echo "not ok 9"
 fi
 
-geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null
+geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 10"
 else
 	echo "not ok 10"
 fi
 
-geli configure -B md${no}
+geli configure -B ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 11"
 else
 	echo "not ok 11"
 fi
 
-geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null
+geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 12"
 else
 	echo "not ok 12"
 fi
 
-geli dump md${no} | egrep 'flags: 0x0$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x0$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 13"
 else
 	echo "not ok 13"
 fi
 
-geli configure -b md${no}
+geli configure -b ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 14"
 else
 	echo "not ok 14"
 fi
 
-geli list md${no}.eli | egrep '^Flags: .*BOOT' >/dev/null
+geli list ${md}.eli | egrep '^Flags: .*BOOT' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 15"
 else
 	echo "not ok 15"
 fi
 
-geli dump md${no} | egrep 'flags: 0x2$' >/dev/null
+geli dump ${md} | egrep 'flags: 0x2$' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 16"
 else
 	echo "not ok 16"
 fi
 
-geli detach md${no}
+geli detach ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 17"
 else
diff --git a/tests/sys/geom/class/eli/delkey_test.sh b/tests/sys/geom/class/eli/delkey_test.sh
index 67b253efd0d..a76100a4dda 100644
--- a/tests/sys/geom/class/eli/delkey_test.sh
+++ b/tests/sys/geom/class/eli/delkey_test.sh
@@ -9,7 +9,7 @@ keyfile1=`mktemp $base.XXXXXX` || exit 1
 keyfile2=`mktemp $base.XXXXXX` || exit 1
 keyfile3=`mktemp $base.XXXXXX` || exit 1
 keyfile4=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..14"
 
@@ -18,21 +18,21 @@ dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1
 dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1
 dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile1 md${no}
-geli attach -p -k $keyfile1 md${no}
-geli setkey -n 1 -P -K $keyfile2 md${no}
+geli init -B none -P -K $keyfile1 ${md}
+geli attach -p -k $keyfile1 ${md}
+geli setkey -n 1 -P -K $keyfile2 ${md}
 
 # Remove key 0 for attached provider.
-geli delkey -n 0 md${no}
+geli delkey -n 0 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # We cannot use keyfile1 anymore.
-geli attach -p -k $keyfile1 md${no} 2>/dev/null
+geli attach -p -k $keyfile1 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 2"
 else
@@ -40,7 +40,7 @@ else
 fi
 
 # Attach with key 1.
-geli attach -p -k $keyfile2 md${no}
+geli attach -p -k $keyfile2 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 3"
 else
@@ -48,7 +48,7 @@ else
 fi
 
 # We cannot remove last key without -f option (for attached provider).
-geli delkey -n 1 md${no} 2>/dev/null
+geli delkey -n 1 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 4"
 else
@@ -56,7 +56,7 @@ else
 fi
 
 # Remove last key for attached provider.
-geli delkey -f -n 1 md${no}
+geli delkey -f -n 1 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 5"
 else
@@ -64,16 +64,16 @@ else
 fi
 
 # If there are no valid keys, but provider is attached, we can save situation.
-geli setkey -n 0 -P -K $keyfile3 md${no}
+geli setkey -n 0 -P -K $keyfile3 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
 	echo "not ok 6"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # We cannot use keyfile2 anymore.
-geli attach -p -k $keyfile2 md${no} 2>/dev/null
+geli attach -p -k $keyfile2 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 7"
 else
@@ -81,7 +81,7 @@ else
 fi
 
 # Attach with key 0.
-geli attach -p -k $keyfile3 md${no}
+geli attach -p -k $keyfile3 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 8"
 else
@@ -89,16 +89,16 @@ else
 fi
 
 # Setup key 1.
-geli setkey -n 1 -P -K $keyfile4 md${no}
+geli setkey -n 1 -P -K $keyfile4 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 9"
 else
 	echo "not ok 9"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # Remove key 1 for detached provider.
-geli delkey -n 1 md${no}
+geli delkey -n 1 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 10"
 else
@@ -106,7 +106,7 @@ else
 fi
 
 # We cannot use keyfile4 anymore.
-geli attach -p -k $keyfile4 md${no} 2>/dev/null
+geli attach -p -k $keyfile4 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 11"
 else
@@ -114,7 +114,7 @@ else
 fi
 
 # We cannot remove last key without -f option (for detached provider).
-geli delkey -n 0 md${no} 2>/dev/null
+geli delkey -n 0 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 12"
 else
@@ -122,7 +122,7 @@ else
 fi
 
 # Remove last key for detached provider.
-geli delkey -f -n 0 md${no}
+geli delkey -f -n 0 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 13"
 else
@@ -130,7 +130,7 @@ else
 fi
 
 # We cannot use keyfile3 anymore.
-geli attach -p -k $keyfile3 md${no} 2>/dev/null
+geli attach -p -k $keyfile3 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 14"
 else
diff --git a/tests/sys/geom/class/eli/detach_l_test.sh b/tests/sys/geom/class/eli/detach_l_test.sh
index 605ae94e6bf..ba5e1892cf5 100644
--- a/tests/sys/geom/class/eli/detach_l_test.sh
+++ b/tests/sys/geom/class/eli/detach_l_test.sh
@@ -6,36 +6,36 @@
 base=`basename $0`
 sectors=100
 keyfile=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..4"
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile md${no}
-geli attach -p -k $keyfile md${no}
-if [ -c /dev/md${no}.eli ]; then
+geli init -B none -P -K $keyfile ${md}
+geli attach -p -k $keyfile ${md}
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
 # Be sure it doesn't detach before 'detach -l'.
-dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
 sleep 1
-if [ -c /dev/md${no}.eli ]; then
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
-geli detach -l md${no}
-if [ -c /dev/md${no}.eli ]; then
+geli detach -l ${md}
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
-dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
 sleep 1
-if [ ! -c /dev/md${no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 4"
 else
 	echo "not ok 4"
diff --git a/tests/sys/geom/class/eli/init_B_test.sh b/tests/sys/geom/class/eli/init_B_test.sh
index 3ba743cfbc6..8d384a73930 100644
--- a/tests/sys/geom/class/eli/init_B_test.sh
+++ b/tests/sys/geom/class/eli/init_B_test.sh
@@ -12,90 +12,90 @@ echo "1..13"
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-mdconfig -a -t malloc -s $sectors -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors`)
 
 # -B none
-rm -f /var/backups/md${no}.eli
-geli init -B none -P -K $keyfile md${no} 2>/dev/null
-if [ ! -f /var/backups/md${no}.eli ]; then
+rm -f /var/backups/${md}.eli
+geli init -B none -P -K $keyfile ${md} 2>/dev/null
+if [ ! -f /var/backups/${md}.eli ]; then
 	echo "ok 1 - -B none"
 else
 	echo "not ok 1 - -B none"
 fi
 
 # no -B
-rm -f /var/backups/md${no}.eli
-geli init -P -K $keyfile md${no} >/dev/null 2>&1
-if [ -f /var/backups/md${no}.eli ]; then
+rm -f /var/backups/${md}.eli
+geli init -P -K $keyfile ${md} >/dev/null 2>&1
+if [ -f /var/backups/${md}.eli ]; then
 	echo "ok 2 - no -B"
 else
 	echo "not ok 2 - no -B"
 fi
-geli clear md${no}
-geli attach -p -k $keyfile md${no} 2>/dev/null
+geli clear ${md}
+geli attach -p -k $keyfile ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 3 - no -B"
 else
 	echo "not ok 3 - no -B"
 fi
-if [ ! -c /dev/md${no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 4 - no -B"
 else
 	echo "not ok 4 - no -B"
 fi
-geli restore /var/backups/md${no}.eli md${no}
+geli restore /var/backups/${md}.eli ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 5 - no -B"
 else
 	echo "not ok 5 - no -B"
 fi
-geli attach -p -k $keyfile md${no} 2>/dev/null
+geli attach -p -k $keyfile ${md} 2>/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 6 - no -B"
 else
 	echo "not ok 6 - no -B"
 fi
-if [ -c /dev/md${no}.eli ]; then
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 7 - no -B"
 else
 	echo "not ok 7 - no -B"
 fi
-geli detach md${no}
-rm -f /var/backups/md${no}.eli
+geli detach ${md}
+rm -f /var/backups/${md}.eli
 
 # -B file
 rm -f $backupfile
-geli init -B $backupfile -P -K $keyfile md${no} >/dev/null 2>&1
+geli init -B $backupfile -P -K $keyfile ${md} >/dev/null 2>&1
 if [ -f $backupfile ]; then
 	echo "ok 8 - -B file"
 else
 	echo "not ok 8 - -B file"
 fi
-geli clear md${no}
-geli attach -p -k $keyfile md${no} 2>/dev/null
+geli clear ${md}
+geli attach -p -k $keyfile ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 9 - -B file"
 else
 	echo "not ok 9 - -B file"
 fi
-if [ ! -c /dev/md${no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 10 - -B file"
 else
 	echo "not ok 10 - -B file"
 fi
-geli restore $backupfile md${no}
+geli restore $backupfile ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 11 - -B file"
 else
 	echo "not ok 11 - -B file"
 fi
-geli attach -p -k $keyfile md${no} 2>/dev/null
+geli attach -p -k $keyfile ${md} 2>/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 12 - -B file"
 else
 	echo "not ok 12 - -B file"
 fi
-if [ -c /dev/md${no}.eli ]; then
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 13 - -B file"
 else
 	echo "not ok 13 - -B file"
diff --git a/tests/sys/geom/class/eli/init_J_test.sh b/tests/sys/geom/class/eli/init_J_test.sh
index 266a3d537e0..090a5087745 100644
--- a/tests/sys/geom/class/eli/init_J_test.sh
+++ b/tests/sys/geom/class/eli/init_J_test.sh
@@ -9,7 +9,7 @@ keyfile0=`mktemp $base.XXXXXX` || exit 1
 keyfile1=`mktemp $base.XXXXXX` || exit 1
 passfile0=`mktemp $base.XXXXXX` || exit 1
 passfile1=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..150"
 
@@ -20,106 +20,106 @@ dd if=/dev/random bs=512 count=16 2>/dev/null | sha1 > ${passfile1}
 
 i=1
 for iter in -1 0 64; do
-	geli init -i ${iter} -B none -J ${passfile0} -P md${no} 2>/dev/null && echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -P ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli init -i ${iter} -B none -J ${passfile0} -P -K ${keyfile0} md${no} 2>/dev/null && echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -P -K ${keyfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli init -i ${iter} -B none -J ${passfile0} -K ${keyfile0} md${no} 2>/dev/null || echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -K ${keyfile0} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -p md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -p ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${keyfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${keyfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${passfile0} -p md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${passfile0} -p ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${keyfile0} -k ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${keyfile0} -k ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${keyfile0} -k ${keyfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${keyfile0} -k ${keyfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} -k ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${passfile0} -k ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} -k ${keyfile0} md${no} 2>/dev/null || echo -n "not "
+	geli attach -j ${passfile0} -k ${keyfile0} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${keyfile0} | geli attach -j ${passfile0} -k - md${no} 2>/dev/null || echo -n "not "
+	cat ${keyfile0} | geli attach -j ${passfile0} -k - ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${passfile0} | geli attach -j - -k ${keyfile0} md${no} 2>/dev/null || echo -n "not "
+	cat ${passfile0} | geli attach -j - -k ${keyfile0} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
 
-	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P md${no} 2>/dev/null && echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P -K ${keyfile0} -K ${keyfile1} md${no} 2>/dev/null && echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -P -K ${keyfile0} -K ${keyfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -K ${keyfile0} -K ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	geli init -i ${iter} -B none -J ${passfile0} -J ${passfile1} -K ${keyfile0} -K ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -p md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -p ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -p md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -p ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -k ${keyfile1} -p md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -k ${keyfile1} -p ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile0} -j ${passfile1} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile0} -j ${passfile1} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile0} -k ${keyfile1} -j ${passfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile1} -j ${passfile0} md${no} 2>/dev/null && echo -n "not "
+	geli attach -k ${keyfile1} -k ${keyfile0} -j ${passfile1} -j ${passfile0} ${md} 2>/dev/null && echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${passfile0} | geli attach -j - -j ${passfile1} -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	cat ${passfile0} | geli attach -j - -j ${passfile1} -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${passfile1} | geli attach -j ${passfile0} -j - -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	cat ${passfile1} | geli attach -j ${passfile0} -j - -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${keyfile0} | geli attach -j ${passfile0} -j ${passfile1} -k - -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	cat ${keyfile0} | geli attach -j ${passfile0} -j ${passfile1} -k - -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k - md${no} 2>/dev/null || echo -n "not "
+	cat ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k ${keyfile0} -k - ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${keyfile0} ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k - md${no} 2>/dev/null || echo -n "not "
+	cat ${keyfile0} ${keyfile1} | geli attach -j ${passfile0} -j ${passfile1} -k - ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	cat ${passfile0} ${passfile1} | awk '{printf "%s", $0}' | geli attach -j - -k ${keyfile0} -k ${keyfile1} md${no} 2>/dev/null || echo -n "not "
+	cat ${passfile0} ${passfile1} | awk '{printf "%s", $0}' | geli attach -j - -k ${keyfile0} -k ${keyfile1} ${md} 2>/dev/null || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
-	geli detach md${no} || echo -n "not "
+	geli detach ${md} || echo -n "not "
 	echo "ok ${i}"; i=$((i+1))
 done
 
diff --git a/tests/sys/geom/class/eli/init_a_test.sh b/tests/sys/geom/class/eli/init_a_test.sh
index 9b5b251c930..d363766cd43 100644
--- a/tests/sys/geom/class/eli/init_a_test.sh
+++ b/tests/sys/geom/class/eli/init_a_test.sh
@@ -15,16 +15,16 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1
-	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
-	geli attach -p -k $keyfile md${no}
+	md=$(attach_md -t malloc -s `expr $secsize \* $sectors + 512`b)
+	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
+	geli attach -p -k $keyfile ${md}
 
-	secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+	secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
 
-	dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+	dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
 
 	md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
 
 	if [ ${md_rnd} = ${md_ddev} ]; then
 		echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
@@ -33,8 +33,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 echo "1..600"
diff --git a/tests/sys/geom/class/eli/init_alias_test.sh b/tests/sys/geom/class/eli/init_alias_test.sh
index 0422bee0706..24aa3941444 100644
--- a/tests/sys/geom/class/eli/init_alias_test.sh
+++ b/tests/sys/geom/class/eli/init_alias_test.sh
@@ -15,10 +15,10 @@ do_test() {
 	expected_ealgo=$3
 	expected_keylen=$4
 
-	geli init -B none -e $ealgo -l $keylen -P -K $keyfile md${no} 2>/dev/null
-	geli attach -p -k $keyfile md${no}
-	real_ealgo=`geli list md${no}.eli | awk '/EncryptionAlgorithm/ {print $2}'`
-	real_keylen=`geli list md${no}.eli | awk '/KeyLength/ {print $2}'`
+	geli init -B none -e $ealgo -l $keylen -P -K $keyfile ${md} 2>/dev/null
+	geli attach -p -k $keyfile ${md}
+	real_ealgo=`geli list ${md}.eli | awk '/EncryptionAlgorithm/ {print $2}'`
+	real_keylen=`geli list ${md}.eli | awk '/KeyLength/ {print $2}'`
 
 	if [ ${real_ealgo} = ${expected_ealgo} ]; then
 		echo "ok $i - ${ealgo} aliased to ${real_ealgo}"
@@ -34,12 +34,12 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
+	geli detach ${md}
 }
 
 echo "1..38"
 i=1
-mdconfig -a -t malloc -s 1024k -u $no || exit 1
+md=$(attach_md -t malloc -s 1024k)
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
 for spec in aes:0:AES-XTS:128 aes:128:AES-XTS:128 aes:256:AES-XTS:256 \
diff --git a/tests/sys/geom/class/eli/init_i_P_test.sh b/tests/sys/geom/class/eli/init_i_P_test.sh
index 1c59a97d391..e512c3f918e 100644
--- a/tests/sys/geom/class/eli/init_i_P_test.sh
+++ b/tests/sys/geom/class/eli/init_i_P_test.sh
@@ -6,13 +6,13 @@
 base=`basename $0`
 sectors=100
 keyfile=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..1"
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -i 64 -P -K ${keyfile} md${no} 2>/dev/null
+geli init -B none -i 64 -P -K ${keyfile} ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 1"
 else
diff --git a/tests/sys/geom/class/eli/init_test.sh b/tests/sys/geom/class/eli/init_test.sh
index 31fca551436..8dd1775c201 100644
--- a/tests/sys/geom/class/eli/init_test.sh
+++ b/tests/sys/geom/class/eli/init_test.sh
@@ -16,19 +16,19 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1
+	md=$(attach_md -t malloc -s `expr $secsize \* $sectors + 512`b)
 
-	geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
-	geli attach -p -k $keyfile md${no}
+	geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
+	geli attach -p -k $keyfile ${md}
 
-	secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+	secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
 
 	dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1
-	dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+	dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
 
 	md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_edev=`dd if=/dev/md${no} bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5`
 
 	if [ ${md_rnd} = ${md_ddev} ]; then
 		echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
@@ -43,8 +43,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 i=1
diff --git a/tests/sys/geom/class/eli/integrity_copy_test.sh b/tests/sys/geom/class/eli/integrity_copy_test.sh
index ae345d74cae..ab55b0457d4 100644
--- a/tests/sys/geom/class/eli/integrity_copy_test.sh
+++ b/tests/sys/geom/class/eli/integrity_copy_test.sh
@@ -16,13 +16,13 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1
-	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
-	geli attach -p -k $keyfile md${no}
+	md=$(attach_md -t malloc -s `expr $secsize \* 2 + 512`b)
+	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
+	geli attach -p -k $keyfile ${md}
 
-	dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+	dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1
 
-	dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+	dd if=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1
 	if [ $? -eq 0 ]; then
 		echo "ok $i - small 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -30,14 +30,14 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
+	geli detach ${md}
 	# Copy first small sector to the second small sector.
 	# This should be detected as corruption.
-	dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1
-	dd if=${sector} of=/dev/md${no} bs=512 count=1 seek=1 >/dev/null 2>&1
-	geli attach -p -k $keyfile md${no}
+	dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1
+	dd if=${sector} of=/dev/${md} bs=512 count=1 seek=1 >/dev/null 2>&1
+	geli attach -p -k $keyfile ${md}
 
-	dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
+	dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		echo "ok $i - small 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -45,14 +45,14 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	ms=`diskinfo /dev/md${no} | awk '{print $3 - 512}'`
-	ns=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+	ms=`diskinfo /dev/${md} | awk '{print $3 - 512}'`
+	ns=`diskinfo /dev/${md}.eli | awk '{print $4}'`
 	usecsize=`echo "($ms / $ns) - (($ms / $ns) % 512)" | bc`
 
 	# Fix the corruption
-	dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=2 >/dev/null 2>&1
+	dd if=/dev/random of=/dev/${md}.eli bs=${secsize} count=2 >/dev/null 2>&1
 
-	dd if=/dev/md${no}.eli bs=${secsize} count=2 >/dev/null 2>&1
+	dd if=/dev/${md}.eli bs=${secsize} count=2 >/dev/null 2>&1
 	if [ $? -eq 0 ]; then
 		echo "ok $i - big 1 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -60,14 +60,14 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
+	geli detach ${md}
 	# Copy first big sector to the second big sector.
 	# This should be detected as corruption.
-	dd if=/dev/md${no} of=${sector} bs=${usecsize} count=1 >/dev/null 2>&1
-	dd if=${sector} of=/dev/md${no} bs=${usecsize} count=1 seek=1 >/dev/null 2>&1
-	geli attach -p -k $keyfile md${no}
+	dd if=/dev/${md} of=${sector} bs=${usecsize} count=1 >/dev/null 2>&1
+	dd if=${sector} of=/dev/${md} bs=${usecsize} count=1 seek=1 >/dev/null 2>&1
+	geli attach -p -k $keyfile ${md}
 
-	dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=2 >/dev/null 2>&1
+	dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=2 >/dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		echo "ok $i - big 2 aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -75,8 +75,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 
diff --git a/tests/sys/geom/class/eli/integrity_data_test.sh b/tests/sys/geom/class/eli/integrity_data_test.sh
index 73b950a58a5..9cabde48bb1 100644
--- a/tests/sys/geom/class/eli/integrity_data_test.sh
+++ b/tests/sys/geom/class/eli/integrity_data_test.sh
@@ -16,16 +16,16 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 1
-	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
+	md=$(attach_md -t malloc -s `expr $secsize \* 2 + 512`b)
+	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
 
 	# Corrupt 8 bytes of data.
-	dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1
+	dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1
 	dd if=/dev/random of=${sector} bs=1 count=8 seek=64 conv=notrunc >/dev/null 2>&1
-	dd if=${sector} of=/dev/md${no} bs=512 count=1 >/dev/null 2>&1
-	geli attach -p -k $keyfile md${no}
+	dd if=${sector} of=/dev/${md} bs=512 count=1 >/dev/null 2>&1
+	geli attach -p -k $keyfile ${md}
 
-	dd if=/dev/md${no}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
+	dd if=/dev/${md}.eli of=/dev/null bs=${secsize} count=1 >/dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -33,8 +33,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 i=1
diff --git a/tests/sys/geom/class/eli/integrity_hmac_test.sh b/tests/sys/geom/class/eli/integrity_hmac_test.sh
index 6e1dfa58510..6dd5ffbcf78 100644
--- a/tests/sys/geom/class/eli/integrity_hmac_test.sh
+++ b/tests/sys/geom/class/eli/integrity_hmac_test.sh
@@ -16,16 +16,16 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* 2 + 512`b -u $no || exit 2
-	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null
+	md=$(attach_md -t malloc -s `expr $secsize \* 2 + 512`b)
+	geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize ${md} 2>/dev/null
 
 	# Corrupt 8 bytes of HMAC.
-	dd if=/dev/md${no} of=${sector} bs=512 count=1 >/dev/null 2>&1
+	dd if=/dev/${md} of=${sector} bs=512 count=1 >/dev/null 2>&1
 	dd if=/dev/random of=${sector} bs=1 count=16 conv=notrunc >/dev/null 2>&1
-	dd if=${sector} of=/dev/md${no} bs=512 count=1 >/dev/null 2>&1
-	geli attach -p -k $keyfile md${no}
+	dd if=${sector} of=/dev/${md} bs=512 count=1 >/dev/null 2>&1
+	geli attach -p -k $keyfile ${md}
 
-	dd if=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1
+	dd if=/dev/${md}.eli bs=${secsize} count=1 >/dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
 	else
@@ -33,8 +33,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 
diff --git a/tests/sys/geom/class/eli/kill_test.sh b/tests/sys/geom/class/eli/kill_test.sh
index ccced9f4739..241f2ce73e3 100644
--- a/tests/sys/geom/class/eli/kill_test.sh
+++ b/tests/sys/geom/class/eli/kill_test.sh
@@ -7,19 +7,19 @@ base=`basename $0`
 sectors=100
 keyfile1=`mktemp $base.XXXXXX` || exit 1
 keyfile2=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..9"
 
 dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1
 dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile1 md${no}
-geli attach -p -k $keyfile1 md${no}
-geli setkey -n 1 -P -K $keyfile2 md${no}
+geli init -B none -P -K $keyfile1 ${md}
+geli attach -p -k $keyfile1 ${md}
+geli setkey -n 1 -P -K $keyfile2 ${md}
 
 # Kill attached provider.
-geli kill md${no}
+geli kill ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 1"
 else
@@ -27,14 +27,14 @@ else
 fi
 sleep 1
 # Provider should be automatically detached.
-if [ ! -c /dev/md{$no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
 
 # We cannot use keyfile1 anymore.
-geli attach -p -k $keyfile1 md${no} 2>/dev/null
+geli attach -p -k $keyfile1 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 3"
 else
@@ -42,36 +42,36 @@ else
 fi
 
 # We cannot use keyfile2 anymore.
-geli attach -p -k $keyfile2 md${no} 2>/dev/null
+geli attach -p -k $keyfile2 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 4"
 else
 	echo "not ok 4"
 fi
 
-geli init -B none -P -K $keyfile1 md${no}
-geli setkey -n 1 -p -k $keyfile1 -P -K $keyfile2 md${no}
+geli init -B none -P -K $keyfile1 ${md}
+geli setkey -n 1 -p -k $keyfile1 -P -K $keyfile2 ${md}
 
 # Should be possible to attach with keyfile1.
-geli attach -p -k $keyfile1 md${no}
+geli attach -p -k $keyfile1 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 5"
 else
 	echo "not ok 5"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # Should be possible to attach with keyfile2.
-geli attach -p -k $keyfile2 md${no}
+geli attach -p -k $keyfile2 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
 	echo "not ok 6"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # Kill detached provider.
-geli kill md${no}
+geli kill ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 7"
 else
@@ -79,7 +79,7 @@ else
 fi
 
 # We cannot use keyfile1 anymore.
-geli attach -p -k $keyfile1 md${no} 2>/dev/null
+geli attach -p -k $keyfile1 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 8"
 else
@@ -87,7 +87,7 @@ else
 fi
 
 # We cannot use keyfile2 anymore.
-geli attach -p -k $keyfile2 md${no} 2>/dev/null
+geli attach -p -k $keyfile2 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 9"
 else
diff --git a/tests/sys/geom/class/eli/nokey_test.sh b/tests/sys/geom/class/eli/nokey_test.sh
index f32e1a4f1eb..282979bd455 100644
--- a/tests/sys/geom/class/eli/nokey_test.sh
+++ b/tests/sys/geom/class/eli/nokey_test.sh
@@ -6,11 +6,11 @@
 base=`basename $0`
 sectors=100
 keyfile=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..8"
 
-geli init -B none -P md${no} 2>/dev/null
+geli init -B none -P ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 1"
 else
@@ -19,43 +19,43 @@ fi
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K ${keyfile} md${no} 2>/dev/null
+geli init -B none -P -K ${keyfile} ${md} 2>/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
-geli attach -p md${no} 2>/dev/null
+geli attach -p ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
-geli attach -p -k ${keyfile} md${no} 2>/dev/null
+geli attach -p -k ${keyfile} ${md} 2>/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 4"
 else
 	echo "not ok 4"
 fi
-geli setkey -n 0 -P md${no} 2>/dev/null
+geli setkey -n 0 -P ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 5"
 else
 	echo "not ok 5"
 fi
-geli detach md${no} 2>/dev/null
+geli detach ${md} 2>/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
 	echo "not ok 6"
 fi
-geli setkey -n 0 -p -P -K ${keyfile} md${no} 2>/dev/null
+geli setkey -n 0 -p -P -K ${keyfile} ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 7"
 else
 	echo "not ok 7"
 fi
-geli setkey -n 0 -p -k ${keyfile} -P md${no} 2>/dev/null
+geli setkey -n 0 -p -k ${keyfile} -P ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 8"
 else
diff --git a/tests/sys/geom/class/eli/onetime_a_test.sh b/tests/sys/geom/class/eli/onetime_a_test.sh
index 0cccf303135..f0d3892a128 100644
--- a/tests/sys/geom/class/eli/onetime_a_test.sh
+++ b/tests/sys/geom/class/eli/onetime_a_test.sh
@@ -16,15 +16,15 @@ do_test() {
 	ealgo=${cipher%%:*}
 	keylen=${cipher##*:}
 
-	mdconfig -a -t malloc -s `expr $secsize \* $sectors + 512`b -u $no || exit 1
-	geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize md${no} 2>/dev/null
+	md=$(attach_md -t malloc -s `expr $secsize \* $sectors + 512`b)
+	geli onetime -a $aalgo -e $ealgo -l $keylen -s $secsize ${md} 2>/dev/null
 
-	secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+	secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
 
-	dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+	dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
 
 	md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
 
 	if [ ${md_rnd} = ${md_ddev} ]; then
 		echo "ok $i - aalgo=${aalgo} ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
@@ -33,8 +33,8 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
-	mdconfig -d -u $no
+	geli detach ${md}
+	mdconfig -d -u ${md}
 }
 
 i=1
diff --git a/tests/sys/geom/class/eli/onetime_d_test.sh b/tests/sys/geom/class/eli/onetime_d_test.sh
index 51a6abb8c97..c39ac8f9726 100644
--- a/tests/sys/geom/class/eli/onetime_d_test.sh
+++ b/tests/sys/geom/class/eli/onetime_d_test.sh
@@ -5,30 +5,30 @@
 
 base=`basename $0`
 sectors=100
-mdconfig -a -t malloc -s $sectors -u $no || exit 1
+md=$(attach_md -t malloc -s $sectors)
 
 echo "1..3"
 
-geli onetime -d md${no}
-if [ -c /dev/md${no}.eli ]; then
+geli onetime -d ${md}
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
 # Be sure it doesn't detach on read.
-dd if=/dev/md${no}.eli of=/dev/null 2>/dev/null
+dd if=/dev/${md}.eli of=/dev/null 2>/dev/null
 sleep 1
-if [ -c /dev/md${no}.eli ]; then
+if [ -c /dev/${md}.eli ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
-true > /dev/md${no}.eli
+true > /dev/${md}.eli
 sleep 1
-if [ ! -c /dev/md${no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
 
-mdconfig -d -u $no
+mdconfig -d -u ${md}
diff --git a/tests/sys/geom/class/eli/onetime_test.sh b/tests/sys/geom/class/eli/onetime_test.sh
index 3cade152829..37f5cba0d90 100644
--- a/tests/sys/geom/class/eli/onetime_test.sh
+++ b/tests/sys/geom/class/eli/onetime_test.sh
@@ -15,18 +15,18 @@ do_test() {
 	keylen=${cipher##*:}
 
 	rnd=`mktemp $base.XXXXXX` || exit 1
-	mdconfig -a -t malloc -s `expr $secsize \* $sectors`b -u $no || exit 1
+	md=$(attach_md -t malloc -s `expr $secsize \* $sectors`b)
 
-	geli onetime -e $ealgo -l $keylen -s $secsize md${no} 2>/dev/null
+	geli onetime -e $ealgo -l $keylen -s $secsize ${md} 2>/dev/null
 
-	secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'`
+	secs=`diskinfo /dev/${md}.eli | awk '{print $4}'`
 
 	dd if=/dev/random of=${rnd} bs=${secsize} count=${secs} >/dev/null 2>&1
-	dd if=${rnd} of=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null
+	dd if=${rnd} of=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null
 
 	md_rnd=`dd if=${rnd} bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_ddev=`dd if=/dev/md${no}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
-	md_edev=`dd if=/dev/md${no} bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_ddev=`dd if=/dev/${md}.eli bs=${secsize} count=${secs} 2>/dev/null | md5`
+	md_edev=`dd if=/dev/${md} bs=${secsize} count=${secs} 2>/dev/null | md5`
 
 	if [ ${md_rnd} = ${md_ddev} ]; then
 		echo "ok $i - ealgo=${ealgo} keylen=${keylen} sec=${secsize}"
@@ -41,9 +41,9 @@ do_test() {
 	fi
 	i=$((i+1))
 
-	geli detach md${no}
+	geli detach ${md}
 	rm -f $rnd
-	mdconfig -d -u $no
+	mdconfig -d -u ${md}
 }
 
 i=1
diff --git a/tests/sys/geom/class/eli/readonly_test.sh b/tests/sys/geom/class/eli/readonly_test.sh
index 721ad62f3b5..2d69d14769e 100644
--- a/tests/sys/geom/class/eli/readonly_test.sh
+++ b/tests/sys/geom/class/eli/readonly_test.sh
@@ -6,34 +6,34 @@
 base=`basename $0`
 sectors=100
 keyfile=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..11"
 
 dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile md${no}
+geli init -B none -P -K $keyfile ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
 
-geli attach -r -p -k $keyfile md${no}
+geli attach -r -p -k $keyfile ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 2"
 else
 	echo "not ok 2"
 fi
 
-sh -c "true >/dev/md${no}.eli" 2>/dev/null
+sh -c "true >/dev/${md}.eli" 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
 
-geli kill md${no}
+geli kill ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 4"
 else
@@ -41,54 +41,54 @@ else
 fi
 
 # kill should detach provider...
-if [ ! -c /dev/md{$no}.eli ]; then
+if [ ! -c /dev/${md}.eli ]; then
 	echo "ok 5"
 else
 	echo "not ok 5"
 fi
 
 # ...but not destroy the metadata.
-geli attach -r -p -k $keyfile md${no}
+geli attach -r -p -k $keyfile ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
 	echo "not ok 6"
 fi
 
-geli setkey -n 1 -P -K /dev/null md${no} 2>/dev/null
+geli setkey -n 1 -P -K /dev/null ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 7"
 else
 	echo "not ok 7"
 fi
 
-geli delkey -n 0 md${no} 2>/dev/null
+geli delkey -n 0 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 8"
 else
 	echo "not ok 8"
 fi
 
-geli delkey -f -n 0 md${no} 2>/dev/null
+geli delkey -f -n 0 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 9"
 else
 	echo "not ok 9"
 fi
 
-geli list md${no}.eli | egrep '^Flags: .*READ-ONLY' >/dev/null
+geli list ${md}.eli | egrep '^Flags: .*READ-ONLY' >/dev/null
 if [ $? -eq 0 ]; then
 	echo "ok 10"
 else
 	echo "not ok 10"
 fi
 
-geli detach md${no}
+geli detach ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 11"
 else
 	echo "not ok 11"
 fi
 
-mdconfig -d -u $no
+mdconfig -d -u ${md}
 rm -f $keyfile
diff --git a/tests/sys/geom/class/eli/resize_test.sh b/tests/sys/geom/class/eli/resize_test.sh
index ef40ee59b0c..c7159711639 100644
--- a/tests/sys/geom/class/eli/resize_test.sh
+++ b/tests/sys/geom/class/eli/resize_test.sh
@@ -8,8 +8,7 @@ echo 1..27
 BLK=512
 BLKS_PER_MB=2048
 
-md=$(mdconfig -s40m) || exit 1
-unit=${md#md}
+md=$(attach_md -t malloc -s40m)
 i=1
 
 fsck_md()
diff --git a/tests/sys/geom/class/eli/setkey_test.sh b/tests/sys/geom/class/eli/setkey_test.sh
index 458100c7da8..087524d292b 100644
--- a/tests/sys/geom/class/eli/setkey_test.sh
+++ b/tests/sys/geom/class/eli/setkey_test.sh
@@ -11,7 +11,7 @@ keyfile2=`mktemp $base.XXXXXX` || exit 1
 keyfile3=`mktemp $base.XXXXXX` || exit 1
 keyfile4=`mktemp $base.XXXXXX` || exit 1
 keyfile5=`mktemp $base.XXXXXX` || exit 1
-mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1
+md=$(attach_md -t malloc -s `expr $sectors + 1`)
 
 echo "1..16"
 
@@ -23,24 +23,24 @@ dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1
 dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1
 dd if=/dev/random of=${keyfile5} bs=512 count=16 >/dev/null 2>&1
 
-geli init -B none -P -K $keyfile1 md${no}
-geli attach -p -k $keyfile1 md${no}
+geli init -B none -P -K $keyfile1 ${md}
+geli attach -p -k $keyfile1 ${md}
 
-dd if=${rnd} of=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null
+dd if=${rnd} of=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null
 rm -f $rnd
-hash2=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+hash2=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
 
 # Change current key (0) for attached provider.
-geli setkey -P -K $keyfile2 md${no}
+geli setkey -P -K $keyfile2 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 1"
 else
 	echo "not ok 1"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # We cannot use keyfile1 anymore.
-geli attach -p -k $keyfile1 md${no} 2>/dev/null
+geli attach -p -k $keyfile1 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 2"
 else
@@ -48,35 +48,35 @@ else
 fi
 
 # Attach with new key.
-geli attach -p -k $keyfile2 md${no}
+geli attach -p -k $keyfile2 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 3"
 else
 	echo "not ok 3"
 fi
-hash3=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+hash3=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
 
 # Change key 1 for attached provider.
-geli setkey -n 1 -P -K $keyfile3 md${no}
+geli setkey -n 1 -P -K $keyfile3 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 4"
 else
 	echo "not ok 4"
 fi
-geli detach md${no}
+geli detach ${md}
 
 # Attach with key 1.
-geli attach -p -k $keyfile3 md${no}
+geli attach -p -k $keyfile3 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 5"
 else
 	echo "not ok 5"
 fi
-hash4=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
-geli detach md${no}
+hash4=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+geli detach ${md}
 
 # Change current (1) key for detached provider.
-geli setkey -p -k $keyfile3 -P -K $keyfile4 md${no}
+geli setkey -p -k $keyfile3 -P -K $keyfile4 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 6"
 else
@@ -84,7 +84,7 @@ else
 fi
 
 # We cannot use keyfile3 anymore.
-geli attach -p -k $keyfile3 md${no} 2>/dev/null
+geli attach -p -k $keyfile3 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 7"
 else
@@ -92,17 +92,17 @@ else
 fi
 
 # Attach with key 1.
-geli attach -p -k $keyfile4 md${no}
+geli attach -p -k $keyfile4 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 8"
 else
 	echo "not ok 8"
 fi
-hash5=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
-geli detach md${no}
+hash5=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+geli detach ${md}
 
 # Change key 0 for detached provider.
-geli setkey -n 0 -p -k $keyfile4 -P -K $keyfile5 md${no}
+geli setkey -n 0 -p -k $keyfile4 -P -K $keyfile5 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 9"
 else
@@ -110,7 +110,7 @@ else
 fi
 
 # We cannot use keyfile2 anymore.
-geli attach -p -k $keyfile2 md${no} 2>/dev/null
+geli attach -p -k $keyfile2 ${md} 2>/dev/null
 if [ $? -ne 0 ]; then
 	echo "ok 10"
 else
@@ -118,14 +118,14 @@ else
 fi
 
 # Attach with key 0.
-geli attach -p -k $keyfile5 md${no}
+geli attach -p -k $keyfile5 ${md}
 if [ $? -eq 0 ]; then
 	echo "ok 11"
 else
 	echo "not ok 11"
 fi
-hash6=`dd if=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null | md5`
-geli detach md${no}
+hash6=`dd if=/dev/${md}.eli bs=512 count=${sectors} 2>/dev/null | md5`
+geli detach ${md}
 
 if [ ${hash1} = ${hash2} ]; then
 	echo "ok 12"