From owner-svn-src-all@freebsd.org  Fri Apr 21 07:16:09 2017
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27098D49030;
 Fri, 21 Apr 2017 07:16:09 +0000 (UTC) (envelope-from mav@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C76FE10D4;
 Fri, 21 Apr 2017 07:16:08 +0000 (UTC) (envelope-from mav@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v3L7G7wM049705;
 Fri, 21 Apr 2017 07:16:07 GMT (envelope-from mav@FreeBSD.org)
Received: (from mav@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v3L7G7Aa049703;
 Fri, 21 Apr 2017 07:16:07 GMT (envelope-from mav@FreeBSD.org)
Message-Id: <201704210716.v3L7G7Aa049703@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: mav set sender to mav@FreeBSD.org
 using -f
From: Alexander Motin <mav@FreeBSD.org>
Date: Fri, 21 Apr 2017 07:16:07 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r317246 - in head: sbin/geom/class/eli sys/geom/eli
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 07:16:09 -0000

Author: mav
Date: Fri Apr 21 07:16:07 2017
New Revision: 317246
URL: https://svnweb.freebsd.org/changeset/base/317246

Log:
  Always allow setting number of iterations for the first time.
  
  Before this change it was impossible to set number of PKCS#5v2 iterations,
  required to set passphrase, if it has two keys and never had any passphrase.
  Due to present metadata format limitations there are still cases when number
  of iterations can not be changed, but now it works in cases when it can.
  
  PR:		218512
  MFC after:	2 weeks
  Sponsored by:	iXsystems, Inc.
  Differential Revision:	https://reviews.freebsd.org/D10338

Modified:
  head/sbin/geom/class/eli/geom_eli.c
  head/sys/geom/eli/g_eli_ctl.c

Modified: head/sbin/geom/class/eli/geom_eli.c
==============================================================================
--- head/sbin/geom/class/eli/geom_eli.c	Fri Apr 21 06:55:17 2017	(r317245)
+++ head/sbin/geom/class/eli/geom_eli.c	Fri Apr 21 07:16:07 2017	(r317246)
@@ -1118,7 +1118,9 @@ eli_setkey_detached(struct gctl_req *req
 
 	val = gctl_get_intmax(req, "iterations");
 	/* Check if iterations number should and can be changed. */
-	if (val != -1) {
+	if (val != -1 && md->md_iterations == -1) {
+		md->md_iterations = val;
+	} else if (val != -1 && val != md->md_iterations) {
 		if (bitcount32(md->md_keys) != 1) {
 			gctl_error(req, "To be able to use '-i' option, only "
 			    "one key can be defined.");

Modified: head/sys/geom/eli/g_eli_ctl.c
==============================================================================
--- head/sys/geom/eli/g_eli_ctl.c	Fri Apr 21 06:55:17 2017	(r317245)
+++ head/sys/geom/eli/g_eli_ctl.c	Fri Apr 21 07:16:07 2017	(r317246)
@@ -618,7 +618,9 @@ g_eli_ctl_setkey(struct gctl_req *req, s
 		return;
 	}
 	/* Check if iterations number should and can be changed. */
-	if (*valp != -1) {
+	if (*valp != -1 && md.md_iterations == -1) {
+		md.md_iterations = *valp;
+	} else if (*valp != -1 && *valp != md.md_iterations) {
 		if (bitcount32(md.md_keys) != 1) {
 			gctl_error(req, "To be able to use '-i' option, only "
 			    "one key can be defined.");