From d8880fd450858bea24d5583bbb23874bee4dd790 Mon Sep 17 00:00:00 2001 From: Alexander Motin Date: Fri, 21 Apr 2017 07:16:07 +0000 Subject: Always allow setting number of iterations for the first time. Before this change it was impossible to set number of PKCS#5v2 iterations, required to set passphrase, if it has two keys and never had any passphrase. Due to present metadata format limitations there are still cases when number of iterations can not be changed, but now it works in cases when it can. PR: 218512 MFC after: 2 weeks Sponsored by: iXsystems, Inc. Differential Revision: https://reviews.freebsd.org/D10338 --- sbin/geom/class/eli/geom_eli.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'sbin/geom/class') diff --git a/sbin/geom/class/eli/geom_eli.c b/sbin/geom/class/eli/geom_eli.c index fe7d1974ba48c..26233d9afdf60 100644 --- a/sbin/geom/class/eli/geom_eli.c +++ b/sbin/geom/class/eli/geom_eli.c @@ -1118,7 +1118,9 @@ eli_setkey_detached(struct gctl_req *req, const char *prov, val = gctl_get_intmax(req, "iterations"); /* Check if iterations number should and can be changed. */ - if (val != -1) { + if (val != -1 && md->md_iterations == -1) { + md->md_iterations = val; + } else if (val != -1 && val != md->md_iterations) { if (bitcount32(md->md_keys) != 1) { gctl_error(req, "To be able to use '-i' option, only " "one key can be defined."); -- cgit v1.2.3