When keys were configured without passphrase, number of iterations in

metadata is equal to -1. if we then wanted to attach provider (or change keys) and forget about '-p' flag it failed on assertion (quite ok, without assertion it could call PKCS#5v2 with 4294967295 iterations). Instead of failing on assertion, remind about '-p' flag. MFC after: 3 days
2005-08-14 14:13:07 +00:00 · 2005-08-14 14:13:07 +00:00 · 5b5a030fa4
commit 5b5a030fa4
parent 711dc65d01
1 changed files with 4 additions and 0 deletions
--- a/sbin/geom/class/eli/geom_eli.c
+++ b/sbin/geom/class/eli/geom_eli.c
@ -344,6 +344,10 @@ eli_genkey(struct gctl_req *req, struct g_eli_metadata *md, unsigned char *key,
 	if (!*nopassphrase) {
 		char buf1[BUFSIZ], buf2[BUFSIZ], *p;

+		if (!new && md->md_iterations == -1) {
+			gctl_error(req, "Missing -p flag.");
+			return (NULL);
+		}
 		for (;;) {
 			p = readpassphrase(
 			    new ? "Enter new passphrase:" : "Enter passphrase:",