From owner-svn-src-stable@freebsd.org  Sat May  6 00:50:26 2017
Return-Path: <owner-svn-src-stable@freebsd.org>
Delivered-To: svn-src-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5C545D5DA8C;
 Sat,  6 May 2017 00:50:26 +0000 (UTC) (envelope-from mav@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0EB01AA6;
 Sat,  6 May 2017 00:50:25 +0000 (UTC) (envelope-from mav@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v460oOA6049310;
 Sat, 6 May 2017 00:50:24 GMT (envelope-from mav@FreeBSD.org)
Received: (from mav@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v460oOpw049308;
 Sat, 6 May 2017 00:50:24 GMT (envelope-from mav@FreeBSD.org)
Message-Id: <201705060050.v460oOpw049308@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: mav set sender to mav@FreeBSD.org
 using -f
From: Alexander Motin <mav@FreeBSD.org>
Date: Sat, 6 May 2017 00:50:24 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject: svn commit: r317858 - in stable/11: sbin/geom/class/eli sys/geom/eli
X-SVN-Group: stable-11
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable>, 
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable/>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 May 2017 00:50:26 -0000

Author: mav
Date: Sat May  6 00:50:24 2017
New Revision: 317858
URL: https://svnweb.freebsd.org/changeset/base/317858

Log:
  MFC r317246: Always allow setting number of iterations for the first time.
  
  Before this change it was impossible to set number of PKCS#5v2 iterations,
  required to set passphrase, if it has two keys and never had any passphrase.
  Due to present metadata format limitations there are still cases when number
  of iterations can not be changed, but now it works in cases when it can.
  
  PR:		218512
  Sponsored by:	iXsystems, Inc.

Modified:
  stable/11/sbin/geom/class/eli/geom_eli.c
  stable/11/sys/geom/eli/g_eli_ctl.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sbin/geom/class/eli/geom_eli.c
==============================================================================
--- stable/11/sbin/geom/class/eli/geom_eli.c	Fri May  5 21:59:34 2017	(r317857)
+++ stable/11/sbin/geom/class/eli/geom_eli.c	Sat May  6 00:50:24 2017	(r317858)
@@ -1118,7 +1118,9 @@ eli_setkey_detached(struct gctl_req *req
 
 	val = gctl_get_intmax(req, "iterations");
 	/* Check if iterations number should and can be changed. */
-	if (val != -1) {
+	if (val != -1 && md->md_iterations == -1) {
+		md->md_iterations = val;
+	} else if (val != -1 && val != md->md_iterations) {
 		if (bitcount32(md->md_keys) != 1) {
 			gctl_error(req, "To be able to use '-i' option, only "
 			    "one key can be defined.");

Modified: stable/11/sys/geom/eli/g_eli_ctl.c
==============================================================================
--- stable/11/sys/geom/eli/g_eli_ctl.c	Fri May  5 21:59:34 2017	(r317857)
+++ stable/11/sys/geom/eli/g_eli_ctl.c	Sat May  6 00:50:24 2017	(r317858)
@@ -613,7 +613,9 @@ g_eli_ctl_setkey(struct gctl_req *req, s
 		return;
 	}
 	/* Check if iterations number should and can be changed. */
-	if (*valp != -1) {
+	if (*valp != -1 && md.md_iterations == -1) {
+		md.md_iterations = *valp;
+	} else if (*valp != -1 && *valp != md.md_iterations) {
 		if (bitcount32(md.md_keys) != 1) {
 			gctl_error(req, "To be able to use '-i' option, only "
 			    "one key can be defined.");