[corosync-pve.git] / patches / 0007-add-crypto-patches.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Wed, 22 May 2019 12:26:43 +0200
Subject: [PATCH] add crypto patches
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

cherry-picked from upstream master, to ease in-place upgrade for
clusters running our default configuration

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 ...rypto-re-introduce-secauth-parameter.patch |  62 ++++++++
 .../keygen-Reflect-change-in-knet.patch       | 100 +++++++++++++
 ...et-totem.keyfile-and-totem.key-to-RO.patch |  44 ++++++
 .../totemconfig-Remove-support-for-3des.patch | 138 ++++++++++++++++++
 debian/patches/series                         |   4 +
 5 files changed, 348 insertions(+)
 create mode 100644 debian/patches/crypto-re-introduce-secauth-parameter.patch
 create mode 100644 debian/patches/keygen-Reflect-change-in-knet.patch
 create mode 100644 debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch
 create mode 100644 debian/patches/totemconfig-Remove-support-for-3des.patch

diff --git a/debian/patches/crypto-re-introduce-secauth-parameter.patch b/debian/patches/crypto-re-introduce-secauth-parameter.patch
new file mode 100644
index 00000000..1c5739c1
--- /dev/null
+++ b/debian/patches/crypto-re-introduce-secauth-parameter.patch
@@ -0,0 +1,62 @@
+From: =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
+Date: Wed, 10 Apr 2019 09:43:33 +0200
+Subject: crypto: re-introduce secauth parameter
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+with the following semantics:
+- default off
+- implies crypto_hash SHA256 and crypto_cipher AES256
+- crypto_* have higher precedence
+- only applicable for knet, like crypto_*
+
+this should make upgrading from Corosync 2.x less painful for users that
+have an explicit secauth=on in their configuration.
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Reviewed-by: Jan Friesse <jfriesse@redhat.com>
+(cherry picked from commit b97ca8e9f026aaaf2fe9cf697d89803004587f60)
+---
+ exec/totemconfig.c  | 8 ++++++++
+ man/corosync.conf.5 | 8 ++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/exec/totemconfig.c b/exec/totemconfig.c
+index 4f69fd5..1954f76 100644
+--- a/exec/totemconfig.c
++++ b/exec/totemconfig.c
+@@ -450,6 +450,14 @@ static int totem_get_crypto(struct totem_config *totem_config, const char **erro
+ 		tmp_model = "nss";
+ 	}
+ 
++	if (icmap_get_string("totem.secauth", &str) == CS_OK) {
++		if (strcmp(str, "on") == 0) {
++			tmp_cipher = "aes256";
++			tmp_hash = "sha256";
++		}
++		free(str);
++	}
++
+ 	if (icmap_get_string("totem.crypto_cipher", &str) == CS_OK) {
+ 		if (strcmp(str, "none") == 0) {
+ 			tmp_cipher = "none";
+diff --git a/man/corosync.conf.5 b/man/corosync.conf.5
+index 216dfc5..b294e11 100644
+--- a/man/corosync.conf.5
++++ b/man/corosync.conf.5
+@@ -224,6 +224,14 @@ transmission is only supported for the knet transport.
+ 
+ The default is none.
+ 
++.TP
++secauth
++This implies crypto_cipher=aes256 and crypto_hash=sha256, unless those options
++are explicitly set. Encrypted transmission is only supported for the knet
++transport.
++
++The default is off.
++
+ .TP
+ keyfile
+ This specifies the fully qualified path to the shared key used to
diff --git a/debian/patches/keygen-Reflect-change-in-knet.patch b/debian/patches/keygen-Reflect-change-in-knet.patch
new file mode 100644
index 00000000..068f481f
--- /dev/null
+++ b/debian/patches/keygen-Reflect-change-in-knet.patch
@@ -0,0 +1,100 @@
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Tue, 9 Apr 2019 17:09:34 +0200
+Subject: keygen: Reflect change in knet
+
+Knet commit 1cb36f0cffd4559971826ca4774a88c5b05882fb reduced minimal
+key length to 1024-bit. Keygen should keep compatibility with already
+released 3.0.[0-1] so default key length should be 2048 bits. It's
+possible to use -s argument to generate shorter key - keygen respects
+minimum/maximum as defined by knet.
+
+Also fix man page to reflect this change.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
+(cherry picked from commit c260bce45b1f5b4a82c74513c4b3302d32daf179)
+---
+ tools/corosync-keygen.c |  4 ++--
+ man/corosync-keygen.8   | 21 +++++++++------------
+ 2 files changed, 11 insertions(+), 14 deletions(-)
+
+diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c
+index 40e4d6e..243661a 100644
+--- a/tools/corosync-keygen.c
++++ b/tools/corosync-keygen.c
+@@ -1,6 +1,6 @@
+ /*
+  * Copyright (c) 2004 MontaVista Software, Inc.
+- * Copyright (c) 2005-2017 Red Hat, Inc.
++ * Copyright (c) 2005-2019 Red Hat, Inc.
+  *
+  * All rights reserved.
+  *
+@@ -52,7 +52,7 @@
+ 
+ #define DEFAULT_KEYFILE COROSYSCONFDIR "/authkey"
+ 
+-#define DEFAULT_KEYFILE_LEN		TOTEM_PRIVATE_KEY_LEN_MIN
++#define DEFAULT_KEYFILE_LEN		256
+ 
+ #define DEFAULT_RANDOM_DEV		"/dev/urandom"
+ 
+diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8
+index 0839621..8767ddc 100644
+--- a/man/corosync-keygen.8
++++ b/man/corosync-keygen.8
+@@ -1,5 +1,5 @@
+ .\"/*
+-.\" * Copyright (C) 2010-2017 Red Hat, Inc.
++.\" * Copyright (C) 2010-2019 Red Hat, Inc.
+ .\" *
+ .\" * All rights reserved.
+ .\" *
+@@ -31,7 +31,7 @@
+ .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ .\" * THE POSSIBILITY OF SUCH DAMAGE.
+ .\" */
+-.TH COROSYNC-KEYGEN 8 2017-07-03
++.TH COROSYNC-KEYGEN 8 2019-04-09
+ .SH NAME
+ corosync-keygen \- Generate an authentication key for Corosync.
+ .SH SYNOPSIS
+@@ -69,7 +69,7 @@ Random number source file. Default is /dev/urandom. As an example /dev/random ma
+ used when really superb randomness is needed.
+ .TP
+ .B -s size
+-Size of the generated key in bytes. Default is 1024 bytes. Allowed range is <1024, 4096>.
++Size of the generated key in bytes. Default is 256 bytes. Allowed range is <128, 4096>.
+ .TP
+ .TP
+ .B -l
+@@ -84,7 +84,7 @@ Generate the key.
+ .nf
+ # corosync-keygen
+ Corosync Cluster Engine Authentication key generator.
+-Gathering 8192 bits for key from /dev/urandom.
++Gathering 2048 bits for key from /dev/urandom.
+ Writing corosync key to /etc/corosync/authkey
+ .fi
+ 
+@@ -101,15 +101,12 @@ Writing corosync key to /tmp/authkey.
+ Generate superb key using /dev/random
+ .nf
+ # corosync-keygen -r /dev/random
+-Corosync Cluster Engine Authentication key generator.
+-Gathering 8192 bits for key from /dev/random.
++Gathering 2048 bits for key from /dev/random.
+ Press keys on your keyboard to generate entropy.
+-Press keys on your keyboard to generate entropy (7928 bits still needed).
+-Press keys on your keyboard to generate entropy (7880 bits still needed).
+- ...
+-Press keys on your keyboard to generate entropy (104 bits still needed).
+-Press keys on your keyboard to generate entropy (56 bits still needed).
+-Press keys on your keyboard to generate entropy (8 bits still needed).
++Press keys on your keyboard to generate entropy (1128 bits still needed).
++Press keys on your keyboard to generate entropy (504 bits still needed).
++Press keys on your keyboard to generate entropy (128 bits still needed).
++Press keys on your keyboard to generate entropy (32 bits still needed).
+ Writing corosync key to /etc/corosync/authkey.
+ .fi
+ 
diff --git a/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch b/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch
new file mode 100644
index 00000000..9daad20b
--- /dev/null
+++ b/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch
@@ -0,0 +1,44 @@
+From: =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
+Date: Wed, 3 Apr 2019 21:57:30 +0200
+Subject: set totem.keyfile and totem.key to RO
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+so that we get the nice log message when attempting to modify them at
+runtime, just like for totem.crypto_* and co.
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+Reviewed-by: Jan Friesse <jfriesse@redhat.com>
+(cherry picked from commit 03fba21503f1b8395519190cc537f63100e995f5)
+---
+ exec/cfg.c  | 2 ++
+ exec/main.c | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/exec/cfg.c b/exec/cfg.c
+index dec7dbf..9aeba0c 100644
+--- a/exec/cfg.c
++++ b/exec/cfg.c
+@@ -578,6 +578,8 @@ static void remove_ro_entries(icmap_map_t temp_map)
+ 	delete_and_notify_if_changed(temp_map, "totem.secauth");
+ 	delete_and_notify_if_changed(temp_map, "totem.crypto_hash");
+ 	delete_and_notify_if_changed(temp_map, "totem.crypto_cipher");
++	delete_and_notify_if_changed(temp_map, "totem.keyfile");
++	delete_and_notify_if_changed(temp_map, "totem.key");
+ 	delete_and_notify_if_changed(temp_map, "totem.version");
+ 	delete_and_notify_if_changed(temp_map, "totem.threads");
+ 	delete_and_notify_if_changed(temp_map, "totem.ip_version");
+diff --git a/exec/main.c b/exec/main.c
+index 8554036..06a519c 100644
+--- a/exec/main.c
++++ b/exec/main.c
+@@ -1036,6 +1036,8 @@ static void set_icmap_ro_keys_flag (void)
+ 	 */
+ 	icmap_set_ro_access("totem.crypto_cipher", CS_FALSE, CS_TRUE);
+ 	icmap_set_ro_access("totem.crypto_hash", CS_FALSE, CS_TRUE);
++	icmap_set_ro_access("totem.keyfile", CS_FALSE, CS_TRUE);
++	icmap_set_ro_access("totem.key", CS_FALSE, CS_TRUE);
+ 	icmap_set_ro_access("totem.secauth", CS_FALSE, CS_TRUE);
+ 	icmap_set_ro_access("totem.ip_version", CS_FALSE, CS_TRUE);
+ 	icmap_set_ro_access("totem.rrp_mode", CS_FALSE, CS_TRUE);
diff --git a/debian/patches/totemconfig-Remove-support-for-3des.patch b/debian/patches/totemconfig-Remove-support-for-3des.patch
new file mode 100644
index 00000000..c46f137f
--- /dev/null
+++ b/debian/patches/totemconfig-Remove-support-for-3des.patch
@@ -0,0 +1,138 @@
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Thu, 11 Apr 2019 08:23:29 +0200
+Subject: totemconfig: Remove support for 3des
+
+Triple DES is considered as a "weak cipher" since 2016 so there is
+really no need to support it in the corosync. Thanks to bug in
+Corosync/Knet/NSS which caused 3des to not work at all,
+no matter what library was used, we can just remove support for 3des
+without braking the compatibility.
+
+Also fix coroparse so:
+- totem.crypto_type is removed (this is 1.x construct which was not used
+even in 2.x)
+- Add checking of totem.crypto_model.
+- Enumarate possible values for crypto_model, crypto_cipher and
+crypto_hash error messages
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
+(cherry picked from commit d05636b738e3cb1cd7a491e4ef492cd44a8bf6a9)
+---
+ exec/coroparse.c         | 21 ++++++++++-----------
+ exec/totemconfig.c       |  3 ---
+ conf/lenses/corosync.aug |  4 ++--
+ man/corosync.conf.5      |  6 +++---
+ 4 files changed, 15 insertions(+), 19 deletions(-)
+
+diff --git a/exec/coroparse.c b/exec/coroparse.c
+index bee0a8c..16e0257 100644
+--- a/exec/coroparse.c
++++ b/exec/coroparse.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2006-2018 Red Hat, Inc.
++ * Copyright (c) 2006-2019 Red Hat, Inc.
+  *
+  * All rights reserved.
+  *
+@@ -747,13 +747,11 @@ static int main_config_parser_cb(const char *path,
+ 					return (0);
+ 				}
+ 			}
+-			if (strcmp(path, "totem.crypto_type") == 0) {
++			if (strcmp(path, "totem.crypto_model") == 0) {
+ 				if ((strcmp(value, "nss") != 0) &&
+-				    (strcmp(value, "aes256") != 0) &&
+-				    (strcmp(value, "aes192") != 0) &&
+-				    (strcmp(value, "aes128") != 0) &&
+-				    (strcmp(value, "3des") != 0)) {
+-					*error_string = "Invalid crypto type";
++				    (strcmp(value, "openssl") != 0)) {
++					*error_string = "Invalid crypto model. "
++					    "Should be nss or openssl";
+ 
+ 					return (0);
+ 				}
+@@ -762,9 +760,9 @@ static int main_config_parser_cb(const char *path,
+ 				if ((strcmp(value, "none") != 0) &&
+ 				    (strcmp(value, "aes256") != 0) &&
+ 				    (strcmp(value, "aes192") != 0) &&
+-				    (strcmp(value, "aes128") != 0) &&
+-				    (strcmp(value, "3des") != 0)) {
+-					*error_string = "Invalid cipher type";
++				    (strcmp(value, "aes128") != 0)) {
++					*error_string = "Invalid cipher type. "
++					    "Should be none, aes256, aes192 or aes128";
+ 
+ 					return (0);
+ 				}
+@@ -776,7 +774,8 @@ static int main_config_parser_cb(const char *path,
+ 				    (strcmp(value, "sha256") != 0) &&
+ 				    (strcmp(value, "sha384") != 0) &&
+ 				    (strcmp(value, "sha512") != 0)) {
+-					*error_string = "Invalid hash type";
++					*error_string = "Invalid hash type. "
++					    "Should be none, md5, sha1, sha256, sha384 or sha512";
+ 
+ 					return (0);
+ 				}
+diff --git a/exec/totemconfig.c b/exec/totemconfig.c
+index d57562a..4f69fd5 100644
+--- a/exec/totemconfig.c
++++ b/exec/totemconfig.c
+@@ -463,9 +463,6 @@ static int totem_get_crypto(struct totem_config *totem_config, const char **erro
+ 		if (strcmp(str, "aes128") == 0) {
+ 			tmp_cipher = "aes128";
+ 		}
+-		if (strcmp(str, "3des") == 0) {
+-			tmp_cipher = "3des";
+-		}
+ 		free(str);
+ 	}
+ 
+diff --git a/conf/lenses/corosync.aug b/conf/lenses/corosync.aug
+index 39334f1..edeb4fb 100644
+--- a/conf/lenses/corosync.aug
++++ b/conf/lenses/corosync.aug
+@@ -51,8 +51,8 @@ let totem =
+     |kv "rrp_mode" /none|active|passive/
+     |kv "vsftype" /none|ykd/
+     |kv "secauth" /on|off/
+-    |kv "crypto_type" /nss|aes256|aes192|aes128|3des/
+-    |kv "crypto_cipher" /none|nss|aes256|aes192|aes128|3des/
++    |kv "crypto_model" /nss|openssl/
++    |kv "crypto_cipher" /none|nss|aes256|aes192|aes128/
+     |kv "crypto_hash" /none|md5|sha1|sha256|sha384|sha512/
+     |kv "transport" /udp|iba|udpu/
+     |kv "version" Rx.integer
+diff --git a/man/corosync.conf.5 b/man/corosync.conf.5
+index dd6f3ba..216dfc5 100644
+--- a/man/corosync.conf.5
++++ b/man/corosync.conf.5
+@@ -1,6 +1,6 @@
+ .\"/*
+ .\" * Copyright (c) 2005 MontaVista Software, Inc.
+-.\" * Copyright (c) 2006-2018 Red Hat, Inc.
++.\" * Copyright (c) 2006-2019 Red Hat, Inc.
+ .\" *
+ .\" * All rights reserved.
+ .\" *
+@@ -32,7 +32,7 @@
+ .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ .\" * THE POSSIBILITY OF SUCH DAMAGE.
+ .\" */
+-.TH COROSYNC_CONF 5 2019-01-10 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
++.TH COROSYNC_CONF 5 2019-04-11 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
+ .SH NAME
+ corosync.conf - corosync executive configuration file
+ 
+@@ -218,7 +218,7 @@ The default is none.
+ .TP
+ crypto_cipher
+ This specifies which cipher should be used to encrypt all messages.
+-Valid values are none (no encryption), aes256, aes192, aes128 and 3des.
++Valid values are none (no encryption), aes256, aes192 and aes128.
+ Enabling crypto_cipher, requires also enabling of crypto_hash. Encrypted
+ transmission is only supported for the knet transport.
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 2caabe1c..6f18c886 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,7 @@ Use-the-AWK-variable-provided-by-configure.patch
 pve__only-start-corosync.service-if-conf-exists.patch
 cfgtool-Improve-link-status-display.patch
 Revert-init-Enable-StopWhenUnneeded.patch
+set-totem.keyfile-and-totem.key-to-RO.patch
+keygen-Reflect-change-in-knet.patch
+totemconfig-Remove-support-for-3des.patch
+crypto-re-introduce-secauth-parameter.patch
Commit	Line	Data
9d5f2a67 FG	1	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	2	From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
	3	Date: Wed, 22 May 2019 12:26:43 +0200
	4	Subject: [PATCH] add crypto patches
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	cherry-picked from upstream master, to ease in-place upgrade for
	10	clusters running our default configuration
	11
	12	Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	13	---
	14	...rypto-re-introduce-secauth-parameter.patch \| 62 ++++++++
	15	.../keygen-Reflect-change-in-knet.patch \| 100 +++++++++++++
	16	...et-totem.keyfile-and-totem.key-to-RO.patch \| 44 ++++++
	17	.../totemconfig-Remove-support-for-3des.patch \| 138 ++++++++++++++++++
	18	debian/patches/series \| 4 +
	19	5 files changed, 348 insertions(+)
	20	create mode 100644 debian/patches/crypto-re-introduce-secauth-parameter.patch
	21	create mode 100644 debian/patches/keygen-Reflect-change-in-knet.patch
	22	create mode 100644 debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch
	23	create mode 100644 debian/patches/totemconfig-Remove-support-for-3des.patch
	24
	25	diff --git a/debian/patches/crypto-re-introduce-secauth-parameter.patch b/debian/patches/crypto-re-introduce-secauth-parameter.patch
	26	new file mode 100644
	27	index 00000000..1c5739c1
	28	--- /dev/null
	29	+++ b/debian/patches/crypto-re-introduce-secauth-parameter.patch
	30	@@ -0,0 +1,62 @@
	31	+From: =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
	32	+Date: Wed, 10 Apr 2019 09:43:33 +0200
	33	+Subject: crypto: re-introduce secauth parameter
	34	+MIME-Version: 1.0
	35	+Content-Type: text/plain; charset="utf-8"
	36	+Content-Transfer-Encoding: 8bit
	37	+
	38	+with the following semantics:
	39	+- default off
	40	+- implies crypto_hash SHA256 and crypto_cipher AES256
	41	+- crypto_* have higher precedence
	42	+- only applicable for knet, like crypto_*
	43	+
	44	+this should make upgrading from Corosync 2.x less painful for users that
	45	+have an explicit secauth=on in their configuration.
	46	+
	47	+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
	48	+Reviewed-by: Jan Friesse <jfriesse@redhat.com>
	49	+(cherry picked from commit b97ca8e9f026aaaf2fe9cf697d89803004587f60)
	50	+---
	51	+ exec/totemconfig.c \| 8 ++++++++
	52	+ man/corosync.conf.5 \| 8 ++++++++
	53	+ 2 files changed, 16 insertions(+)
	54	+
	55	+diff --git a/exec/totemconfig.c b/exec/totemconfig.c
	56	+index 4f69fd5..1954f76 100644
	57	+--- a/exec/totemconfig.c
	58	++++ b/exec/totemconfig.c
	59	+@@ -450,6 +450,14 @@ static int totem_get_crypto(struct totem_config totem_config, const char *erro
	60	+ tmp_model = "nss";
	61	+ }
	62	+
	63	++ if (icmap_get_string("totem.secauth", &str) == CS_OK) {
	64	++ if (strcmp(str, "on") == 0) {
65	++ tmp_cipher = "aes256";
66	++ tmp_hash = "sha256";
67	++ }
68	++ free(str);
69	++ }
70	++
71	+ if (icmap_get_string("totem.crypto_cipher", &str) == CS_OK) {
72	+ if (strcmp(str, "none") == 0) {
73	+ tmp_cipher = "none";
74	+diff --git a/man/corosync.conf.5 b/man/corosync.conf.5
75	+index 216dfc5..b294e11 100644
76	+--- a/man/corosync.conf.5
77	++++ b/man/corosync.conf.5
78	+@@ -224,6 +224,14 @@ transmission is only supported for the knet transport.
79	+
80	+ The default is none.
81	+
82	++.TP
83	++secauth
84	++This implies crypto_cipher=aes256 and crypto_hash=sha256, unless those options
85	++are explicitly set. Encrypted transmission is only supported for the knet
86	++transport.
87	++
88	++The default is off.
89	++
90	+ .TP
91	+ keyfile
92	+ This specifies the fully qualified path to the shared key used to
93	diff --git a/debian/patches/keygen-Reflect-change-in-knet.patch b/debian/patches/keygen-Reflect-change-in-knet.patch
94	new file mode 100644
95	index 00000000..068f481f
96	--- /dev/null
97	+++ b/debian/patches/keygen-Reflect-change-in-knet.patch
98	@@ -0,0 +1,100 @@
99	+From: Jan Friesse <jfriesse@redhat.com>
100	+Date: Tue, 9 Apr 2019 17:09:34 +0200
101	+Subject: keygen: Reflect change in knet
102	+
103	+Knet commit 1cb36f0cffd4559971826ca4774a88c5b05882fb reduced minimal
104	+key length to 1024-bit. Keygen should keep compatibility with already
105	+released 3.0.[0-1] so default key length should be 2048 bits. It's
106	+possible to use -s argument to generate shorter key - keygen respects
107	+minimum/maximum as defined by knet.
108	+
109	+Also fix man page to reflect this change.
110	+
111	+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
112	+Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
113	+(cherry picked from commit c260bce45b1f5b4a82c74513c4b3302d32daf179)
114	+---
115	+ tools/corosync-keygen.c \| 4 ++--
116	+ man/corosync-keygen.8 \| 21 +++++++++------------
117	+ 2 files changed, 11 insertions(+), 14 deletions(-)
118	+
119	+diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c
120	+index 40e4d6e..243661a 100644
121	+--- a/tools/corosync-keygen.c
122	++++ b/tools/corosync-keygen.c
123	+@@ -1,6 +1,6 @@
124	+ /*
125	+ * Copyright (c) 2004 MontaVista Software, Inc.
126	+- * Copyright (c) 2005-2017 Red Hat, Inc.
127	++ * Copyright (c) 2005-2019 Red Hat, Inc.
128	+ *
129	+ * All rights reserved.
130	+ *
131	+@@ -52,7 +52,7 @@
132	+
133	+ #define DEFAULT_KEYFILE COROSYSCONFDIR "/authkey"
134	+
135	+-#define DEFAULT_KEYFILE_LEN TOTEM_PRIVATE_KEY_LEN_MIN
136	++#define DEFAULT_KEYFILE_LEN 256
137	+
138	+ #define DEFAULT_RANDOM_DEV "/dev/urandom"
139	+
140	+diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8
141	+index 0839621..8767ddc 100644
142	+--- a/man/corosync-keygen.8
143	++++ b/man/corosync-keygen.8
144	+@@ -1,5 +1,5 @@
145	+ .\"/*
146	+-.\" * Copyright (C) 2010-2017 Red Hat, Inc.
147	++.\" * Copyright (C) 2010-2019 Red Hat, Inc.
148	+ .\" *
149	+ .\" * All rights reserved.
150	+ .\" *
151	+@@ -31,7 +31,7 @@
152	+ .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
153	+ .\" * THE POSSIBILITY OF SUCH DAMAGE.
154	+ .\" */
155	+-.TH COROSYNC-KEYGEN 8 2017-07-03
156	++.TH COROSYNC-KEYGEN 8 2019-04-09
157	+ .SH NAME
158	+ corosync-keygen \- Generate an authentication key for Corosync.
159	+ .SH SYNOPSIS
160	+@@ -69,7 +69,7 @@ Random number source file. Default is /dev/urandom. As an example /dev/random ma
161	+ used when really superb randomness is needed.
162	+ .TP
163	+ .B -s size
164	+-Size of the generated key in bytes. Default is 1024 bytes. Allowed range is <1024, 4096>.
165	++Size of the generated key in bytes. Default is 256 bytes. Allowed range is <128, 4096>.
166	+ .TP
167	+ .TP
168	+ .B -l
169	+@@ -84,7 +84,7 @@ Generate the key.
170	+ .nf
171	+ # corosync-keygen
172	+ Corosync Cluster Engine Authentication key generator.
173	+-Gathering 8192 bits for key from /dev/urandom.
174	++Gathering 2048 bits for key from /dev/urandom.
175	+ Writing corosync key to /etc/corosync/authkey
176	+ .fi
177	+
178	+@@ -101,15 +101,12 @@ Writing corosync key to /tmp/authkey.
179	+ Generate superb key using /dev/random
180	+ .nf
181	+ # corosync-keygen -r /dev/random
182	+-Corosync Cluster Engine Authentication key generator.
183	+-Gathering 8192 bits for key from /dev/random.
184	++Gathering 2048 bits for key from /dev/random.
185	+ Press keys on your keyboard to generate entropy.
186	+-Press keys on your keyboard to generate entropy (7928 bits still needed).
187	+-Press keys on your keyboard to generate entropy (7880 bits still needed).
188	+- ...
189	+-Press keys on your keyboard to generate entropy (104 bits still needed).
190	+-Press keys on your keyboard to generate entropy (56 bits still needed).
191	+-Press keys on your keyboard to generate entropy (8 bits still needed).
192	++Press keys on your keyboard to generate entropy (1128 bits still needed).
193	++Press keys on your keyboard to generate entropy (504 bits still needed).
194	++Press keys on your keyboard to generate entropy (128 bits still needed).
195	++Press keys on your keyboard to generate entropy (32 bits still needed).
196	+ Writing corosync key to /etc/corosync/authkey.
197	+ .fi
198	+
199	diff --git a/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch b/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch
200	new file mode 100644
201	index 00000000..9daad20b
202	--- /dev/null
203	+++ b/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch
204	@@ -0,0 +1,44 @@
205	+From: =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
206	+Date: Wed, 3 Apr 2019 21:57:30 +0200
207	+Subject: set totem.keyfile and totem.key to RO
208	+MIME-Version: 1.0
209	+Content-Type: text/plain; charset="utf-8"
210	+Content-Transfer-Encoding: 8bit
211	+
212	+so that we get the nice log message when attempting to modify them at
213	+runtime, just like for totem.crypto_* and co.
214	+
215	+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
216	+Reviewed-by: Jan Friesse <jfriesse@redhat.com>
217	+(cherry picked from commit 03fba21503f1b8395519190cc537f63100e995f5)
218	+---
219	+ exec/cfg.c \| 2 ++
220	+ exec/main.c \| 2 ++
221	+ 2 files changed, 4 insertions(+)
222	+
223	+diff --git a/exec/cfg.c b/exec/cfg.c
224	+index dec7dbf..9aeba0c 100644
225	+--- a/exec/cfg.c
226	++++ b/exec/cfg.c
227	+@@ -578,6 +578,8 @@ static void remove_ro_entries(icmap_map_t temp_map)
228	+ delete_and_notify_if_changed(temp_map, "totem.secauth");
229	+ delete_and_notify_if_changed(temp_map, "totem.crypto_hash");
230	+ delete_and_notify_if_changed(temp_map, "totem.crypto_cipher");
231	++ delete_and_notify_if_changed(temp_map, "totem.keyfile");
232	++ delete_and_notify_if_changed(temp_map, "totem.key");
233	+ delete_and_notify_if_changed(temp_map, "totem.version");
234	+ delete_and_notify_if_changed(temp_map, "totem.threads");
235	+ delete_and_notify_if_changed(temp_map, "totem.ip_version");
236	+diff --git a/exec/main.c b/exec/main.c
237	+index 8554036..06a519c 100644
238	+--- a/exec/main.c
239	++++ b/exec/main.c
240	+@@ -1036,6 +1036,8 @@ static void set_icmap_ro_keys_flag (void)
241	+ */
242	+ icmap_set_ro_access("totem.crypto_cipher", CS_FALSE, CS_TRUE);
243	+ icmap_set_ro_access("totem.crypto_hash", CS_FALSE, CS_TRUE);
244	++ icmap_set_ro_access("totem.keyfile", CS_FALSE, CS_TRUE);
245	++ icmap_set_ro_access("totem.key", CS_FALSE, CS_TRUE);
246	+ icmap_set_ro_access("totem.secauth", CS_FALSE, CS_TRUE);
247	+ icmap_set_ro_access("totem.ip_version", CS_FALSE, CS_TRUE);
248	+ icmap_set_ro_access("totem.rrp_mode", CS_FALSE, CS_TRUE);
249	diff --git a/debian/patches/totemconfig-Remove-support-for-3des.patch b/debian/patches/totemconfig-Remove-support-for-3des.patch
250	new file mode 100644
251	index 00000000..c46f137f
252	--- /dev/null
253	+++ b/debian/patches/totemconfig-Remove-support-for-3des.patch
254	@@ -0,0 +1,138 @@
255	+From: Jan Friesse <jfriesse@redhat.com>
256	+Date: Thu, 11 Apr 2019 08:23:29 +0200
257	+Subject: totemconfig: Remove support for 3des
258	+
259	+Triple DES is considered as a "weak cipher" since 2016 so there is
260	+really no need to support it in the corosync. Thanks to bug in
261	+Corosync/Knet/NSS which caused 3des to not work at all,
262	+no matter what library was used, we can just remove support for 3des
263	+without braking the compatibility.
264	+
265	+Also fix coroparse so:
266	+- totem.crypto_type is removed (this is 1.x construct which was not used
267	+even in 2.x)
268	+- Add checking of totem.crypto_model.
269	+- Enumarate possible values for crypto_model, crypto_cipher and
270	+crypto_hash error messages
271	+
272	+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
273	+Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
274	+(cherry picked from commit d05636b738e3cb1cd7a491e4ef492cd44a8bf6a9)
275	+---
276	+ exec/coroparse.c \| 21 ++++++++++-----------
277	+ exec/totemconfig.c \| 3 ---
278	+ conf/lenses/corosync.aug \| 4 ++--
279	+ man/corosync.conf.5 \| 6 +++---
280	+ 4 files changed, 15 insertions(+), 19 deletions(-)
281	+
282	+diff --git a/exec/coroparse.c b/exec/coroparse.c
283	+index bee0a8c..16e0257 100644
284	+--- a/exec/coroparse.c
285	++++ b/exec/coroparse.c
286	+@@ -1,5 +1,5 @@
287	+ /*
288	+- * Copyright (c) 2006-2018 Red Hat, Inc.
289	++ * Copyright (c) 2006-2019 Red Hat, Inc.
290	+ *
291	+ * All rights reserved.
292	+ *
293	+@@ -747,13 +747,11 @@ static int main_config_parser_cb(const char *path,
294	+ return (0);
295	+ }
296	+ }
297	+- if (strcmp(path, "totem.crypto_type") == 0) {
298	++ if (strcmp(path, "totem.crypto_model") == 0) {
299	+ if ((strcmp(value, "nss") != 0) &&
300	+- (strcmp(value, "aes256") != 0) &&
301	+- (strcmp(value, "aes192") != 0) &&
302	+- (strcmp(value, "aes128") != 0) &&
303	+- (strcmp(value, "3des") != 0)) {
304	+- *error_string = "Invalid crypto type";
305	++ (strcmp(value, "openssl") != 0)) {
306	++ *error_string = "Invalid crypto model. "
307	++ "Should be nss or openssl";
308	+
309	+ return (0);
310	+ }
311	+@@ -762,9 +760,9 @@ static int main_config_parser_cb(const char *path,
312	+ if ((strcmp(value, "none") != 0) &&
313	+ (strcmp(value, "aes256") != 0) &&
314	+ (strcmp(value, "aes192") != 0) &&
315	+- (strcmp(value, "aes128") != 0) &&
316	+- (strcmp(value, "3des") != 0)) {
317	+- *error_string = "Invalid cipher type";
318	++ (strcmp(value, "aes128") != 0)) {
319	++ *error_string = "Invalid cipher type. "
320	++ "Should be none, aes256, aes192 or aes128";
321	+
322	+ return (0);
323	+ }
324	+@@ -776,7 +774,8 @@ static int main_config_parser_cb(const char *path,
325	+ (strcmp(value, "sha256") != 0) &&
326	+ (strcmp(value, "sha384") != 0) &&
327	+ (strcmp(value, "sha512") != 0)) {
328	+- *error_string = "Invalid hash type";
329	++ *error_string = "Invalid hash type. "
330	++ "Should be none, md5, sha1, sha256, sha384 or sha512";
331	+
332	+ return (0);
333	+ }
334	+diff --git a/exec/totemconfig.c b/exec/totemconfig.c
335	+index d57562a..4f69fd5 100644
336	+--- a/exec/totemconfig.c
337	++++ b/exec/totemconfig.c
338	+@@ -463,9 +463,6 @@ static int totem_get_crypto(struct totem_config totem_config, const char *erro
339	+ if (strcmp(str, "aes128") == 0) {
340	+ tmp_cipher = "aes128";
341	+ }
342	+- if (strcmp(str, "3des") == 0) {
343	+- tmp_cipher = "3des";
344	+- }
345	+ free(str);
346	+ }
347	+
348	+diff --git a/conf/lenses/corosync.aug b/conf/lenses/corosync.aug
349	+index 39334f1..edeb4fb 100644
350	+--- a/conf/lenses/corosync.aug
351	++++ b/conf/lenses/corosync.aug
352	+@@ -51,8 +51,8 @@ let totem =
353	+ \|kv "rrp_mode" /none\|active\|passive/
354	+ \|kv "vsftype" /none\|ykd/
355	+ \|kv "secauth" /on\|off/
356	+- \|kv "crypto_type" /nss\|aes256\|aes192\|aes128\|3des/
357	+- \|kv "crypto_cipher" /none\|nss\|aes256\|aes192\|aes128\|3des/
358	++ \|kv "crypto_model" /nss\|openssl/
359	++ \|kv "crypto_cipher" /none\|nss\|aes256\|aes192\|aes128/
360	+ \|kv "crypto_hash" /none\|md5\|sha1\|sha256\|sha384\|sha512/
361	+ \|kv "transport" /udp\|iba\|udpu/
362	+ \|kv "version" Rx.integer
363	+diff --git a/man/corosync.conf.5 b/man/corosync.conf.5
364	+index dd6f3ba..216dfc5 100644
365	+--- a/man/corosync.conf.5
366	++++ b/man/corosync.conf.5
367	+@@ -1,6 +1,6 @@
368	+ .\"/*
369	+ .\" * Copyright (c) 2005 MontaVista Software, Inc.
370	+-.\" * Copyright (c) 2006-2018 Red Hat, Inc.
371	++.\" * Copyright (c) 2006-2019 Red Hat, Inc.
372	+ .\" *
373	+ .\" * All rights reserved.
374	+ .\" *
375	+@@ -32,7 +32,7 @@
376	+ .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
377	+ .\" * THE POSSIBILITY OF SUCH DAMAGE.
378	+ .\" */
379	+-.TH COROSYNC_CONF 5 2019-01-10 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
380	++.TH COROSYNC_CONF 5 2019-04-11 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
381	+ .SH NAME
382	+ corosync.conf - corosync executive configuration file
383	+
384	+@@ -218,7 +218,7 @@ The default is none.
385	+ .TP
386	+ crypto_cipher
387	+ This specifies which cipher should be used to encrypt all messages.
388	+-Valid values are none (no encryption), aes256, aes192, aes128 and 3des.
389	++Valid values are none (no encryption), aes256, aes192 and aes128.
390	+ Enabling crypto_cipher, requires also enabling of crypto_hash. Encrypted
391	+ transmission is only supported for the knet transport.
392	+
393	diff --git a/debian/patches/series b/debian/patches/series
394	index 2caabe1c..6f18c886 100644
395	--- a/debian/patches/series
396	+++ b/debian/patches/series
397	@@ -8,3 +8,7 @@ Use-the-AWK-variable-provided-by-configure.patch
398	pve__only-start-corosync.service-if-conf-exists.patch
399	cfgtool-Improve-link-status-display.patch
400	Revert-init-Enable-StopWhenUnneeded.patch
401	+set-totem.keyfile-and-totem.key-to-RO.patch
402	+keygen-Reflect-change-in-knet.patch
403	+totemconfig-Remove-support-for-3des.patch
404	+crypto-re-introduce-secauth-parameter.patch