upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-03 13:58:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

geli: Fix geli setkey -J for detached providers

Browse source 
Clear cached_passphrase before generating a new key, otherwise the
operation nonsensically tries to reuse the old passphrase.

Approved by:	re (kib)
PR:		254966
Pull Request:	https://github.com/freebsd/freebsd-src/pull/780
MFC after:	1 week

(cherry picked from commit 88d13bf33754bd4b0c5df92eef83d6fadb9b4944)
This commit is contained in:
Arjan de Vet 2023-08-28 10:54:18 -04:00 committed by Mark Johnston
parent d6fec2dacf
commit 134d36676e
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/geom/eli/geom_eli.c
View file

@ -1421,6 +1421,12 @@ eli_setkey_detached(struct gctl_req *req, const char *prov,
bcopy(mkey, mkeydst, sizeof(mkey));
explicit_bzero(mkey, sizeof(mkey));
/*
* The previous eli_genkey() set cached_passphrase, we do not want to
* use that for the new passphrase so always prompt for it
*/
explicit_bzero(cached_passphrase, sizeof(cached_passphrase));
/* Generate key for Master Key encryption. */
if (eli_genkey_single(req, md, key, true) == NULL) {
explicit_bzero(key, sizeof(key));