summaryrefslogtreecommitdiff
path: root/sys/arch/i386/stand
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2018-08-10 16:41:36 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2018-08-10 16:41:36 +0000
commitaf8683f083643498df54e042732ceef667e50e91 (patch)
treeb1f974152cb4586041e6759a6762b5b0bde5010f /sys/arch/i386/stand
parent557c191e8c94b472bf9cd75cb1b39b68a87d4883 (diff)
Retry on incorrect passphrase for softraid crypto boot.
Historically, the softraid crypto support in the boot loaders has only given one attempt to provide the correct passphrase. There were a few reasons for this, including the fact that pkcs5_pbkdf2() allows an empty passphrase and that returning EPERM allowed for another attempt. With the event of KARL and the need for bsd.booted with hibernate resumption, this becomes much more of an issue - if you get the passphrase wrong you fail to resume. There are also other situations like using /etc/boot.conf to switch serial console, but an incorrect passphrase results in the config not being read. Also, bcrypt_pbkdf() does not permit empty passphrases. This reworks the softraid crypto support in the boot loaders so that it loops requesting a valid passphrase until one is provided, or an empty passphrase is entered (at which point it will abort). ok mortimer@ tb@
Diffstat (limited to 'sys/arch/i386/stand')
-rw-r--r--sys/arch/i386/stand/libsa/biosdev.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/arch/i386/stand/libsa/biosdev.c b/sys/arch/i386/stand/libsa/biosdev.c
index 4c06a87e9ff..2126d709af6 100644
--- a/sys/arch/i386/stand/libsa/biosdev.c
+++ b/sys/arch/i386/stand/libsa/biosdev.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: biosdev.c,v 1.96 2017/07/21 01:21:42 yasuoka Exp $ */
+/* $OpenBSD: biosdev.c,v 1.97 2018/08/10 16:41:35 jsing Exp $ */
/*
* Copyright (c) 1996 Michael Shalayeff
@@ -530,7 +530,7 @@ biosopen(struct open_file *f, ...)
}
if (bv->sbv_level == 'C' && bv->sbv_keys == NULL)
- if (sr_crypto_decrypt_keys(bv) != 0)
+ if (sr_crypto_unlock_volume(bv) != 0)
return EPERM;
if (bv->sbv_diskinfo == NULL) {