svn commit: r317246 - in head: sbin/geom/class/eli sys/geom/eli

Alexander Motin mav at FreeBSD.org
Fri Apr 21 07:16:09 UTC 2017 

Author: mav
Date: Fri Apr 21 07:16:07 2017
New Revision: 317246
URL: https://svnweb.freebsd.org/changeset/base/317246

Log:
  Always allow setting number of iterations for the first time.
  
  Before this change it was impossible to set number of PKCS#5v2 iterations,
  required to set passphrase, if it has two keys and never had any passphrase.
  Due to present metadata format limitations there are still cases when number
  of iterations can not be changed, but now it works in cases when it can.
  
  PR:		218512
  MFC after:	2 weeks
  Sponsored by:	iXsystems, Inc.
  Differential Revision:	https://reviews.freebsd.org/D10338

Modified:
  head/sbin/geom/class/eli/geom_eli.c
  head/sys/geom/eli/g_eli_ctl.c

Modified: head/sbin/geom/class/eli/geom_eli.c
==============================================================================
--- head/sbin/geom/class/eli/geom_eli.c	Fri Apr 21 06:55:17 2017	(r317245)
+++ head/sbin/geom/class/eli/geom_eli.c	Fri Apr 21 07:16:07 2017	(r317246)
@@ -1118,7 +1118,9 @@ eli_setkey_detached(struct gctl_req *req
 
 	val = gctl_get_intmax(req, "iterations");
 	/* Check if iterations number should and can be changed. */
-	if (val != -1) {
+	if (val != -1 && md->md_iterations == -1) {
+		md->md_iterations = val;
+	} else if (val != -1 && val != md->md_iterations) {
 		if (bitcount32(md->md_keys) != 1) {
 			gctl_error(req, "To be able to use '-i' option, only "
 			    "one key can be defined.");

Modified: head/sys/geom/eli/g_eli_ctl.c
==============================================================================
--- head/sys/geom/eli/g_eli_ctl.c	Fri Apr 21 06:55:17 2017	(r317245)
+++ head/sys/geom/eli/g_eli_ctl.c	Fri Apr 21 07:16:07 2017	(r317246)
@@ -618,7 +618,9 @@ g_eli_ctl_setkey(struct gctl_req *req, s
 		return;
 	}
 	/* Check if iterations number should and can be changed. */
-	if (*valp != -1) {
+	if (*valp != -1 && md.md_iterations == -1) {
+		md.md_iterations = *valp;
+	} else if (*valp != -1 && *valp != md.md_iterations) {
 		if (bitcount32(md.md_keys) != 1) {
 			gctl_error(req, "To be able to use '-i' option, only "
 			    "one key can be defined.");

More information about the svn-src-head mailing list