From ac23fefe33701d3a6f4410ae571d6dd49af6e18f Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Sat, 4 Aug 2012 15:28:09 +0200
Subject: [PATCH] Let g_eli_key_init() initialize sc->sc_ekey unless
 g_eli_debug is -1

Fixes weak key generation in geli version 7. The g_eli_debug
misuse is only intended for tests or to attach providers created
before the fix.
---
 sys/geom/eli/g_eli_key_cache.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/geom/eli/g_eli_key_cache.c b/sys/geom/eli/g_eli_key_cache.c
index f434c4d..6c676d1 100644
--- a/sys/geom/eli/g_eli_key_cache.c
+++ b/sys/geom/eli/g_eli_key_cache.c
@@ -195,7 +195,7 @@ g_eli_key_init(struct g_eli_softc *sc)
 {
 
 	mtx_lock(&sc->sc_ekeys_lock);
-	if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) != 0) {
+	if (g_eli_debug != -1) {
 		uint8_t *mkey;
 
 		mkey = sc->sc_mkey + sizeof(sc->sc_ivkey);
@@ -211,7 +211,9 @@ g_eli_key_init(struct g_eli_softc *sc)
 			g_eli_crypto_hmac(mkey, G_ELI_MAXKEYLEN, "\x10", 1,
 			    sc->sc_ekey, 0);
 		}
-	} else {
+	}
+	if ((sc->sc_flags & G_ELI_FLAG_SINGLE_KEY) == 0)
+	{
 		off_t mediasize;
 		size_t blocksize;
 
-- 
1.7.11.4