Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 6 May 2017 00:50:24 +0000 (UTC)
From:      Alexander Motin <mav@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r317858 - in stable/11: sbin/geom/class/eli sys/geom/eli
Message-ID:  <201705060050.v460oOpw049308@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: mav
Date: Sat May  6 00:50:24 2017
New Revision: 317858
URL: https://svnweb.freebsd.org/changeset/base/317858

Log:
  MFC r317246: Always allow setting number of iterations for the first time.
  
  Before this change it was impossible to set number of PKCS#5v2 iterations,
  required to set passphrase, if it has two keys and never had any passphrase.
  Due to present metadata format limitations there are still cases when number
  of iterations can not be changed, but now it works in cases when it can.
  
  PR:		218512
  Sponsored by:	iXsystems, Inc.

Modified:
  stable/11/sbin/geom/class/eli/geom_eli.c
  stable/11/sys/geom/eli/g_eli_ctl.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sbin/geom/class/eli/geom_eli.c
==============================================================================
--- stable/11/sbin/geom/class/eli/geom_eli.c	Fri May  5 21:59:34 2017	(r317857)
+++ stable/11/sbin/geom/class/eli/geom_eli.c	Sat May  6 00:50:24 2017	(r317858)
@@ -1118,7 +1118,9 @@ eli_setkey_detached(struct gctl_req *req
 
 	val = gctl_get_intmax(req, "iterations");
 	/* Check if iterations number should and can be changed. */
-	if (val != -1) {
+	if (val != -1 && md->md_iterations == -1) {
+		md->md_iterations = val;
+	} else if (val != -1 && val != md->md_iterations) {
 		if (bitcount32(md->md_keys) != 1) {
 			gctl_error(req, "To be able to use '-i' option, only "
 			    "one key can be defined.");

Modified: stable/11/sys/geom/eli/g_eli_ctl.c
==============================================================================
--- stable/11/sys/geom/eli/g_eli_ctl.c	Fri May  5 21:59:34 2017	(r317857)
+++ stable/11/sys/geom/eli/g_eli_ctl.c	Sat May  6 00:50:24 2017	(r317858)
@@ -613,7 +613,9 @@ g_eli_ctl_setkey(struct gctl_req *req, s
 		return;
 	}
 	/* Check if iterations number should and can be changed. */
-	if (*valp != -1) {
+	if (*valp != -1 && md.md_iterations == -1) {
+		md.md_iterations = *valp;
+	} else if (*valp != -1 && *valp != md.md_iterations) {
 		if (bitcount32(md.md_keys) != 1) {
 			gctl_error(req, "To be able to use '-i' option, only "
 			    "one key can be defined.");

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705060050.v460oOpw049308>