]>
Commit | Line | Data |
---|---|---|
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 | |
2 | From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com> | |
3 | Date: Wed, 22 May 2019 12:26:43 +0200 | |
4 | Subject: [PATCH] add crypto patches | |
5 | MIME-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ||
9 | cherry-picked from upstream master, to ease in-place upgrade for | |
10 | clusters running our default configuration | |
11 | ||
12 | Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
13 | --- | |
14 | ...rypto-re-introduce-secauth-parameter.patch | 62 ++++++++ | |
15 | .../keygen-Reflect-change-in-knet.patch | 100 +++++++++++++ | |
16 | ...et-totem.keyfile-and-totem.key-to-RO.patch | 44 ++++++ | |
17 | .../totemconfig-Remove-support-for-3des.patch | 138 ++++++++++++++++++ | |
18 | debian/patches/series | 4 + | |
19 | 5 files changed, 348 insertions(+) | |
20 | create mode 100644 debian/patches/crypto-re-introduce-secauth-parameter.patch | |
21 | create mode 100644 debian/patches/keygen-Reflect-change-in-knet.patch | |
22 | create mode 100644 debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch | |
23 | create mode 100644 debian/patches/totemconfig-Remove-support-for-3des.patch | |
24 | ||
25 | diff --git a/debian/patches/crypto-re-introduce-secauth-parameter.patch b/debian/patches/crypto-re-introduce-secauth-parameter.patch | |
26 | new file mode 100644 | |
27 | index 00000000..1c5739c1 | |
28 | --- /dev/null | |
29 | +++ b/debian/patches/crypto-re-introduce-secauth-parameter.patch | |
30 | @@ -0,0 +1,62 @@ | |
31 | +From: =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com> | |
32 | +Date: Wed, 10 Apr 2019 09:43:33 +0200 | |
33 | +Subject: crypto: re-introduce secauth parameter | |
34 | +MIME-Version: 1.0 | |
35 | +Content-Type: text/plain; charset="utf-8" | |
36 | +Content-Transfer-Encoding: 8bit | |
37 | + | |
38 | +with the following semantics: | |
39 | +- default off | |
40 | +- implies crypto_hash SHA256 and crypto_cipher AES256 | |
41 | +- crypto_* have higher precedence | |
42 | +- only applicable for knet, like crypto_* | |
43 | + | |
44 | +this should make upgrading from Corosync 2.x less painful for users that | |
45 | +have an explicit secauth=on in their configuration. | |
46 | + | |
47 | +Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
48 | +Reviewed-by: Jan Friesse <jfriesse@redhat.com> | |
49 | +(cherry picked from commit b97ca8e9f026aaaf2fe9cf697d89803004587f60) | |
50 | +--- | |
51 | + exec/totemconfig.c | 8 ++++++++ | |
52 | + man/corosync.conf.5 | 8 ++++++++ | |
53 | + 2 files changed, 16 insertions(+) | |
54 | + | |
55 | +diff --git a/exec/totemconfig.c b/exec/totemconfig.c | |
56 | +index 4f69fd5..1954f76 100644 | |
57 | +--- a/exec/totemconfig.c | |
58 | ++++ b/exec/totemconfig.c | |
59 | +@@ -450,6 +450,14 @@ static int totem_get_crypto(struct totem_config *totem_config, const char **erro | |
60 | + tmp_model = "nss"; | |
61 | + } | |
62 | + | |
63 | ++ if (icmap_get_string("totem.secauth", &str) == CS_OK) { | |
64 | ++ if (strcmp(str, "on") == 0) { | |
65 | ++ tmp_cipher = "aes256"; | |
66 | ++ tmp_hash = "sha256"; | |
67 | ++ } | |
68 | ++ free(str); | |
69 | ++ } | |
70 | ++ | |
71 | + if (icmap_get_string("totem.crypto_cipher", &str) == CS_OK) { | |
72 | + if (strcmp(str, "none") == 0) { | |
73 | + tmp_cipher = "none"; | |
74 | +diff --git a/man/corosync.conf.5 b/man/corosync.conf.5 | |
75 | +index 216dfc5..b294e11 100644 | |
76 | +--- a/man/corosync.conf.5 | |
77 | ++++ b/man/corosync.conf.5 | |
78 | +@@ -224,6 +224,14 @@ transmission is only supported for the knet transport. | |
79 | + | |
80 | + The default is none. | |
81 | + | |
82 | ++.TP | |
83 | ++secauth | |
84 | ++This implies crypto_cipher=aes256 and crypto_hash=sha256, unless those options | |
85 | ++are explicitly set. Encrypted transmission is only supported for the knet | |
86 | ++transport. | |
87 | ++ | |
88 | ++The default is off. | |
89 | ++ | |
90 | + .TP | |
91 | + keyfile | |
92 | + This specifies the fully qualified path to the shared key used to | |
93 | diff --git a/debian/patches/keygen-Reflect-change-in-knet.patch b/debian/patches/keygen-Reflect-change-in-knet.patch | |
94 | new file mode 100644 | |
95 | index 00000000..068f481f | |
96 | --- /dev/null | |
97 | +++ b/debian/patches/keygen-Reflect-change-in-knet.patch | |
98 | @@ -0,0 +1,100 @@ | |
99 | +From: Jan Friesse <jfriesse@redhat.com> | |
100 | +Date: Tue, 9 Apr 2019 17:09:34 +0200 | |
101 | +Subject: keygen: Reflect change in knet | |
102 | + | |
103 | +Knet commit 1cb36f0cffd4559971826ca4774a88c5b05882fb reduced minimal | |
104 | +key length to 1024-bit. Keygen should keep compatibility with already | |
105 | +released 3.0.[0-1] so default key length should be 2048 bits. It's | |
106 | +possible to use -s argument to generate shorter key - keygen respects | |
107 | +minimum/maximum as defined by knet. | |
108 | + | |
109 | +Also fix man page to reflect this change. | |
110 | + | |
111 | +Signed-off-by: Jan Friesse <jfriesse@redhat.com> | |
112 | +Reviewed-by: Christine Caulfield <ccaulfie@redhat.com> | |
113 | +(cherry picked from commit c260bce45b1f5b4a82c74513c4b3302d32daf179) | |
114 | +--- | |
115 | + tools/corosync-keygen.c | 4 ++-- | |
116 | + man/corosync-keygen.8 | 21 +++++++++------------ | |
117 | + 2 files changed, 11 insertions(+), 14 deletions(-) | |
118 | + | |
119 | +diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c | |
120 | +index 40e4d6e..243661a 100644 | |
121 | +--- a/tools/corosync-keygen.c | |
122 | ++++ b/tools/corosync-keygen.c | |
123 | +@@ -1,6 +1,6 @@ | |
124 | + /* | |
125 | + * Copyright (c) 2004 MontaVista Software, Inc. | |
126 | +- * Copyright (c) 2005-2017 Red Hat, Inc. | |
127 | ++ * Copyright (c) 2005-2019 Red Hat, Inc. | |
128 | + * | |
129 | + * All rights reserved. | |
130 | + * | |
131 | +@@ -52,7 +52,7 @@ | |
132 | + | |
133 | + #define DEFAULT_KEYFILE COROSYSCONFDIR "/authkey" | |
134 | + | |
135 | +-#define DEFAULT_KEYFILE_LEN TOTEM_PRIVATE_KEY_LEN_MIN | |
136 | ++#define DEFAULT_KEYFILE_LEN 256 | |
137 | + | |
138 | + #define DEFAULT_RANDOM_DEV "/dev/urandom" | |
139 | + | |
140 | +diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8 | |
141 | +index 0839621..8767ddc 100644 | |
142 | +--- a/man/corosync-keygen.8 | |
143 | ++++ b/man/corosync-keygen.8 | |
144 | +@@ -1,5 +1,5 @@ | |
145 | + .\"/* | |
146 | +-.\" * Copyright (C) 2010-2017 Red Hat, Inc. | |
147 | ++.\" * Copyright (C) 2010-2019 Red Hat, Inc. | |
148 | + .\" * | |
149 | + .\" * All rights reserved. | |
150 | + .\" * | |
151 | +@@ -31,7 +31,7 @@ | |
152 | + .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF | |
153 | + .\" * THE POSSIBILITY OF SUCH DAMAGE. | |
154 | + .\" */ | |
155 | +-.TH COROSYNC-KEYGEN 8 2017-07-03 | |
156 | ++.TH COROSYNC-KEYGEN 8 2019-04-09 | |
157 | + .SH NAME | |
158 | + corosync-keygen \- Generate an authentication key for Corosync. | |
159 | + .SH SYNOPSIS | |
160 | +@@ -69,7 +69,7 @@ Random number source file. Default is /dev/urandom. As an example /dev/random ma | |
161 | + used when really superb randomness is needed. | |
162 | + .TP | |
163 | + .B -s size | |
164 | +-Size of the generated key in bytes. Default is 1024 bytes. Allowed range is <1024, 4096>. | |
165 | ++Size of the generated key in bytes. Default is 256 bytes. Allowed range is <128, 4096>. | |
166 | + .TP | |
167 | + .TP | |
168 | + .B -l | |
169 | +@@ -84,7 +84,7 @@ Generate the key. | |
170 | + .nf | |
171 | + # corosync-keygen | |
172 | + Corosync Cluster Engine Authentication key generator. | |
173 | +-Gathering 8192 bits for key from /dev/urandom. | |
174 | ++Gathering 2048 bits for key from /dev/urandom. | |
175 | + Writing corosync key to /etc/corosync/authkey | |
176 | + .fi | |
177 | + | |
178 | +@@ -101,15 +101,12 @@ Writing corosync key to /tmp/authkey. | |
179 | + Generate superb key using /dev/random | |
180 | + .nf | |
181 | + # corosync-keygen -r /dev/random | |
182 | +-Corosync Cluster Engine Authentication key generator. | |
183 | +-Gathering 8192 bits for key from /dev/random. | |
184 | ++Gathering 2048 bits for key from /dev/random. | |
185 | + Press keys on your keyboard to generate entropy. | |
186 | +-Press keys on your keyboard to generate entropy (7928 bits still needed). | |
187 | +-Press keys on your keyboard to generate entropy (7880 bits still needed). | |
188 | +- ... | |
189 | +-Press keys on your keyboard to generate entropy (104 bits still needed). | |
190 | +-Press keys on your keyboard to generate entropy (56 bits still needed). | |
191 | +-Press keys on your keyboard to generate entropy (8 bits still needed). | |
192 | ++Press keys on your keyboard to generate entropy (1128 bits still needed). | |
193 | ++Press keys on your keyboard to generate entropy (504 bits still needed). | |
194 | ++Press keys on your keyboard to generate entropy (128 bits still needed). | |
195 | ++Press keys on your keyboard to generate entropy (32 bits still needed). | |
196 | + Writing corosync key to /etc/corosync/authkey. | |
197 | + .fi | |
198 | + | |
199 | diff --git a/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch b/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch | |
200 | new file mode 100644 | |
201 | index 00000000..9daad20b | |
202 | --- /dev/null | |
203 | +++ b/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch | |
204 | @@ -0,0 +1,44 @@ | |
205 | +From: =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com> | |
206 | +Date: Wed, 3 Apr 2019 21:57:30 +0200 | |
207 | +Subject: set totem.keyfile and totem.key to RO | |
208 | +MIME-Version: 1.0 | |
209 | +Content-Type: text/plain; charset="utf-8" | |
210 | +Content-Transfer-Encoding: 8bit | |
211 | + | |
212 | +so that we get the nice log message when attempting to modify them at | |
213 | +runtime, just like for totem.crypto_* and co. | |
214 | + | |
215 | +Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> | |
216 | +Reviewed-by: Jan Friesse <jfriesse@redhat.com> | |
217 | +(cherry picked from commit 03fba21503f1b8395519190cc537f63100e995f5) | |
218 | +--- | |
219 | + exec/cfg.c | 2 ++ | |
220 | + exec/main.c | 2 ++ | |
221 | + 2 files changed, 4 insertions(+) | |
222 | + | |
223 | +diff --git a/exec/cfg.c b/exec/cfg.c | |
224 | +index dec7dbf..9aeba0c 100644 | |
225 | +--- a/exec/cfg.c | |
226 | ++++ b/exec/cfg.c | |
227 | +@@ -578,6 +578,8 @@ static void remove_ro_entries(icmap_map_t temp_map) | |
228 | + delete_and_notify_if_changed(temp_map, "totem.secauth"); | |
229 | + delete_and_notify_if_changed(temp_map, "totem.crypto_hash"); | |
230 | + delete_and_notify_if_changed(temp_map, "totem.crypto_cipher"); | |
231 | ++ delete_and_notify_if_changed(temp_map, "totem.keyfile"); | |
232 | ++ delete_and_notify_if_changed(temp_map, "totem.key"); | |
233 | + delete_and_notify_if_changed(temp_map, "totem.version"); | |
234 | + delete_and_notify_if_changed(temp_map, "totem.threads"); | |
235 | + delete_and_notify_if_changed(temp_map, "totem.ip_version"); | |
236 | +diff --git a/exec/main.c b/exec/main.c | |
237 | +index 8554036..06a519c 100644 | |
238 | +--- a/exec/main.c | |
239 | ++++ b/exec/main.c | |
240 | +@@ -1036,6 +1036,8 @@ static void set_icmap_ro_keys_flag (void) | |
241 | + */ | |
242 | + icmap_set_ro_access("totem.crypto_cipher", CS_FALSE, CS_TRUE); | |
243 | + icmap_set_ro_access("totem.crypto_hash", CS_FALSE, CS_TRUE); | |
244 | ++ icmap_set_ro_access("totem.keyfile", CS_FALSE, CS_TRUE); | |
245 | ++ icmap_set_ro_access("totem.key", CS_FALSE, CS_TRUE); | |
246 | + icmap_set_ro_access("totem.secauth", CS_FALSE, CS_TRUE); | |
247 | + icmap_set_ro_access("totem.ip_version", CS_FALSE, CS_TRUE); | |
248 | + icmap_set_ro_access("totem.rrp_mode", CS_FALSE, CS_TRUE); | |
249 | diff --git a/debian/patches/totemconfig-Remove-support-for-3des.patch b/debian/patches/totemconfig-Remove-support-for-3des.patch | |
250 | new file mode 100644 | |
251 | index 00000000..c46f137f | |
252 | --- /dev/null | |
253 | +++ b/debian/patches/totemconfig-Remove-support-for-3des.patch | |
254 | @@ -0,0 +1,138 @@ | |
255 | +From: Jan Friesse <jfriesse@redhat.com> | |
256 | +Date: Thu, 11 Apr 2019 08:23:29 +0200 | |
257 | +Subject: totemconfig: Remove support for 3des | |
258 | + | |
259 | +Triple DES is considered as a "weak cipher" since 2016 so there is | |
260 | +really no need to support it in the corosync. Thanks to bug in | |
261 | +Corosync/Knet/NSS which caused 3des to not work at all, | |
262 | +no matter what library was used, we can just remove support for 3des | |
263 | +without braking the compatibility. | |
264 | + | |
265 | +Also fix coroparse so: | |
266 | +- totem.crypto_type is removed (this is 1.x construct which was not used | |
267 | +even in 2.x) | |
268 | +- Add checking of totem.crypto_model. | |
269 | +- Enumarate possible values for crypto_model, crypto_cipher and | |
270 | +crypto_hash error messages | |
271 | + | |
272 | +Signed-off-by: Jan Friesse <jfriesse@redhat.com> | |
273 | +Reviewed-by: Christine Caulfield <ccaulfie@redhat.com> | |
274 | +(cherry picked from commit d05636b738e3cb1cd7a491e4ef492cd44a8bf6a9) | |
275 | +--- | |
276 | + exec/coroparse.c | 21 ++++++++++----------- | |
277 | + exec/totemconfig.c | 3 --- | |
278 | + conf/lenses/corosync.aug | 4 ++-- | |
279 | + man/corosync.conf.5 | 6 +++--- | |
280 | + 4 files changed, 15 insertions(+), 19 deletions(-) | |
281 | + | |
282 | +diff --git a/exec/coroparse.c b/exec/coroparse.c | |
283 | +index bee0a8c..16e0257 100644 | |
284 | +--- a/exec/coroparse.c | |
285 | ++++ b/exec/coroparse.c | |
286 | +@@ -1,5 +1,5 @@ | |
287 | + /* | |
288 | +- * Copyright (c) 2006-2018 Red Hat, Inc. | |
289 | ++ * Copyright (c) 2006-2019 Red Hat, Inc. | |
290 | + * | |
291 | + * All rights reserved. | |
292 | + * | |
293 | +@@ -747,13 +747,11 @@ static int main_config_parser_cb(const char *path, | |
294 | + return (0); | |
295 | + } | |
296 | + } | |
297 | +- if (strcmp(path, "totem.crypto_type") == 0) { | |
298 | ++ if (strcmp(path, "totem.crypto_model") == 0) { | |
299 | + if ((strcmp(value, "nss") != 0) && | |
300 | +- (strcmp(value, "aes256") != 0) && | |
301 | +- (strcmp(value, "aes192") != 0) && | |
302 | +- (strcmp(value, "aes128") != 0) && | |
303 | +- (strcmp(value, "3des") != 0)) { | |
304 | +- *error_string = "Invalid crypto type"; | |
305 | ++ (strcmp(value, "openssl") != 0)) { | |
306 | ++ *error_string = "Invalid crypto model. " | |
307 | ++ "Should be nss or openssl"; | |
308 | + | |
309 | + return (0); | |
310 | + } | |
311 | +@@ -762,9 +760,9 @@ static int main_config_parser_cb(const char *path, | |
312 | + if ((strcmp(value, "none") != 0) && | |
313 | + (strcmp(value, "aes256") != 0) && | |
314 | + (strcmp(value, "aes192") != 0) && | |
315 | +- (strcmp(value, "aes128") != 0) && | |
316 | +- (strcmp(value, "3des") != 0)) { | |
317 | +- *error_string = "Invalid cipher type"; | |
318 | ++ (strcmp(value, "aes128") != 0)) { | |
319 | ++ *error_string = "Invalid cipher type. " | |
320 | ++ "Should be none, aes256, aes192 or aes128"; | |
321 | + | |
322 | + return (0); | |
323 | + } | |
324 | +@@ -776,7 +774,8 @@ static int main_config_parser_cb(const char *path, | |
325 | + (strcmp(value, "sha256") != 0) && | |
326 | + (strcmp(value, "sha384") != 0) && | |
327 | + (strcmp(value, "sha512") != 0)) { | |
328 | +- *error_string = "Invalid hash type"; | |
329 | ++ *error_string = "Invalid hash type. " | |
330 | ++ "Should be none, md5, sha1, sha256, sha384 or sha512"; | |
331 | + | |
332 | + return (0); | |
333 | + } | |
334 | +diff --git a/exec/totemconfig.c b/exec/totemconfig.c | |
335 | +index d57562a..4f69fd5 100644 | |
336 | +--- a/exec/totemconfig.c | |
337 | ++++ b/exec/totemconfig.c | |
338 | +@@ -463,9 +463,6 @@ static int totem_get_crypto(struct totem_config *totem_config, const char **erro | |
339 | + if (strcmp(str, "aes128") == 0) { | |
340 | + tmp_cipher = "aes128"; | |
341 | + } | |
342 | +- if (strcmp(str, "3des") == 0) { | |
343 | +- tmp_cipher = "3des"; | |
344 | +- } | |
345 | + free(str); | |
346 | + } | |
347 | + | |
348 | +diff --git a/conf/lenses/corosync.aug b/conf/lenses/corosync.aug | |
349 | +index 39334f1..edeb4fb 100644 | |
350 | +--- a/conf/lenses/corosync.aug | |
351 | ++++ b/conf/lenses/corosync.aug | |
352 | +@@ -51,8 +51,8 @@ let totem = | |
353 | + |kv "rrp_mode" /none|active|passive/ | |
354 | + |kv "vsftype" /none|ykd/ | |
355 | + |kv "secauth" /on|off/ | |
356 | +- |kv "crypto_type" /nss|aes256|aes192|aes128|3des/ | |
357 | +- |kv "crypto_cipher" /none|nss|aes256|aes192|aes128|3des/ | |
358 | ++ |kv "crypto_model" /nss|openssl/ | |
359 | ++ |kv "crypto_cipher" /none|nss|aes256|aes192|aes128/ | |
360 | + |kv "crypto_hash" /none|md5|sha1|sha256|sha384|sha512/ | |
361 | + |kv "transport" /udp|iba|udpu/ | |
362 | + |kv "version" Rx.integer | |
363 | +diff --git a/man/corosync.conf.5 b/man/corosync.conf.5 | |
364 | +index dd6f3ba..216dfc5 100644 | |
365 | +--- a/man/corosync.conf.5 | |
366 | ++++ b/man/corosync.conf.5 | |
367 | +@@ -1,6 +1,6 @@ | |
368 | + .\"/* | |
369 | + .\" * Copyright (c) 2005 MontaVista Software, Inc. | |
370 | +-.\" * Copyright (c) 2006-2018 Red Hat, Inc. | |
371 | ++.\" * Copyright (c) 2006-2019 Red Hat, Inc. | |
372 | + .\" * | |
373 | + .\" * All rights reserved. | |
374 | + .\" * | |
375 | +@@ -32,7 +32,7 @@ | |
376 | + .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF | |
377 | + .\" * THE POSSIBILITY OF SUCH DAMAGE. | |
378 | + .\" */ | |
379 | +-.TH COROSYNC_CONF 5 2019-01-10 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual" | |
380 | ++.TH COROSYNC_CONF 5 2019-04-11 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual" | |
381 | + .SH NAME | |
382 | + corosync.conf - corosync executive configuration file | |
383 | + | |
384 | +@@ -218,7 +218,7 @@ The default is none. | |
385 | + .TP | |
386 | + crypto_cipher | |
387 | + This specifies which cipher should be used to encrypt all messages. | |
388 | +-Valid values are none (no encryption), aes256, aes192, aes128 and 3des. | |
389 | ++Valid values are none (no encryption), aes256, aes192 and aes128. | |
390 | + Enabling crypto_cipher, requires also enabling of crypto_hash. Encrypted | |
391 | + transmission is only supported for the knet transport. | |
392 | + | |
393 | diff --git a/debian/patches/series b/debian/patches/series | |
394 | index 2caabe1c..6f18c886 100644 | |
395 | --- a/debian/patches/series | |
396 | +++ b/debian/patches/series | |
397 | @@ -8,3 +8,7 @@ Use-the-AWK-variable-provided-by-configure.patch | |
398 | pve__only-start-corosync.service-if-conf-exists.patch | |
399 | cfgtool-Improve-link-status-display.patch | |
400 | Revert-init-Enable-StopWhenUnneeded.patch | |
401 | +set-totem.keyfile-and-totem.key-to-RO.patch | |
402 | +keygen-Reflect-change-in-knet.patch | |
403 | +totemconfig-Remove-support-for-3des.patch | |
404 | +crypto-re-introduce-secauth-parameter.patch |