MFC r317246: Always allow setting number of iterations for the first time.

Before this change it was impossible to set number of PKCS#5v2 iterations, required to set passphrase, if it has two keys and never had any passphrase. Due to present metadata format limitations there are still cases when number of iterations can not be changed, but now it works in cases when it can. PR: 218512 Sponsored by: iXsystems, Inc.
author: mav <mav@FreeBSD.org> 2017-05-06 00:50:24 +0000
committer: mav <mav@FreeBSD.org> 2017-05-06 00:50:24 +0000
commit: 846309b059d147ae502498f6811734d5b951fbc1 (patch)
tree: bf7d91f2bd34b8c80162896799b831bf763b06cf /sbin/geom/class
parent: 5c1c0f2da36affad6aa05377dbf0fbab21da44f5 (diff)
download: FreeBSD-src-846309b059d147ae502498f6811734d5b951fbc1.zip
FreeBSD-src-846309b059d147ae502498f6811734d5b951fbc1.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/geom/class/eli/geom_eli.c b/sbin/geom/class/eli/geom_eli.c
index c804622..e789399 100644
--- a/sbin/geom/class/eli/geom_eli.c
+++ b/sbin/geom/class/eli/geom_eli.c
@@ -1118,7 +1118,9 @@ eli_setkey_detached(struct gctl_req *req, const char *prov,
 
 	val = gctl_get_intmax(req, "iterations");
 	/* Check if iterations number should and can be changed. */
-	if (val != -1) {
+	if (val != -1 && md->md_iterations == -1) {
+		md->md_iterations = val;
+	} else if (val != -1 && val != md->md_iterations) {
 		if (bitcount32(md->md_keys) != 1) {
 			gctl_error(req, "To be able to use '-i' option, only "
 			    "one key can be defined.");
author	mav <mav@FreeBSD.org>	2017-05-06 00:50:24 +0000
committer	mav <mav@FreeBSD.org>	2017-05-06 00:50:24 +0000
commit	846309b059d147ae502498f6811734d5b951fbc1 (patch)
tree	bf7d91f2bd34b8c80162896799b831bf763b06cf /sbin/geom/class
parent	5c1c0f2da36affad6aa05377dbf0fbab21da44f5 (diff)
download	FreeBSD-src-846309b059d147ae502498f6811734d5b951fbc1.zip FreeBSD-src-846309b059d147ae502498f6811734d5b951fbc1.tar.gz