Allow to change number of iterations for PKCS#5v2. It can only be used

when there is only one key set.

MFC after:	3 days

1 files changed, 21 insertions, 2 deletions

diff --git a/sys/geom/eli/g_eli_ctl.c b/sys/geom/eli/g_eli_ctl.c
index d2ffdd9..9ce3064 100644
--- a/sys/geom/eli/g_eli_ctl.c
+++ b/sys/geom/eli/g_eli_ctl.c
@@ -327,8 +327,7 @@ g_eli_ctl_setkey(struct gctl_req *req, struct g_class *mp)
 	const char *name;
 	u_char *key, *mkeydst, *sector;
 	intmax_t *valp;
-	int nkey;
-	int keysize, error;
+	int keysize, nkey, error;
 
 	g_topology_assert();
 
@@ -366,6 +365,26 @@ g_eli_ctl_setkey(struct gctl_req *req, struct g_class *mp)
 		return;
 	}
 
+	valp = gctl_get_paraml(req, "iterations", sizeof(*valp));
+	if (valp == NULL) {
+		gctl_error(req, "No '%s' argument.", "iterations");
+		return;
+	}
+	/* Check if iterations number should and can be changed. */
+	if (*valp != -1) {
+		if (bitcount32(md.md_keys) != 1) {
+			gctl_error(req, "To be able to use '-i' option, only "
+			    "one key can be defined.");
+			return;
+		}
+		if (md.md_keys != (1 << nkey)) {
+			gctl_error(req, "Only already defined key can be "
+			    "changed when '-i' option is used.");
+			return;
+		}
+		md.md_iterations = *valp;
+	}
+
 	key = gctl_get_param(req, "key", &keysize);
 	if (key == NULL || keysize != G_ELI_USERKEYLEN) {
 		bzero(&md, sizeof(md));