diff mbox series

[for,v5.9] ARM: STM32: Replace HTTP links with HTTPS ones

Message ID 20200719094948.57487-1-grandmaster@al2klimov.de (mailing list archive)
State New, archived
Headers show
Series [for,v5.9] ARM: STM32: Replace HTTP links with HTTPS ones | expand

Commit Message

Alexander A. Klimov July 19, 2020, 9:49 a.m. UTC
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
  If not .svg:
    For each line:
      If doesn't contain `\bxmlns\b`:
        For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
            If both the HTTP and HTTPS versions
            return 200 OK and serve the same content:
              Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
---
 Continuing my work started at 93431e0607e5.
 See also: git log --oneline '--author=Alexander A. Klimov <grandmaster@al2klimov.de>' v5.7..master
 (Actually letting a shell for loop submit all this stuff for me.)

 If there are any URLs to be removed completely
 or at least not (just) HTTPSified:
 Just clearly say so and I'll *undo my change*.
 See also: https://lkml.org/lkml/2020/6/27/64

 If there are any valid, but yet not changed URLs:
 See: https://lkml.org/lkml/2020/6/26/837

 If you apply the patch, please let me know.

 Sorry again to all maintainers who complained about subject lines.
 Now I realized that you want an actually perfect prefixes,
 not just subsystem ones.
 I tried my best...
 And yes, *I could* (at least half-)automate it.
 Impossible is nothing! :)


 arch/arm/mach-stm32/Makefile.boot | 2 +-
 crypto/testmgr.h                  | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Comments

Alexandre TORGUE July 21, 2020, 8:49 a.m. UTC | #1
Hi Alexander

On 7/19/20 11:49 AM, Alexander A. Klimov wrote:
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
> 
> Deterministic algorithm:
> For each file:
>    If not .svg:
>      For each line:
>        If doesn't contain `\bxmlns\b`:
>          For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> 	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
>              If both the HTTP and HTTPS versions
>              return 200 OK and serve the same content:
>                Replace HTTP with HTTPS.
> 
> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>

This patch touch 2 different subsystems. Can you please split it ?

Regards
Alex


> ---
>   Continuing my work started at 93431e0607e5.
>   See also: git log --oneline '--author=Alexander A. Klimov <grandmaster@al2klimov.de>' v5.7..master
>   (Actually letting a shell for loop submit all this stuff for me.)
> 
>   If there are any URLs to be removed completely
>   or at least not (just) HTTPSified:
>   Just clearly say so and I'll *undo my change*.
>   See also: https://lkml.org/lkml/2020/6/27/64
> 
>   If there are any valid, but yet not changed URLs:
>   See: https://lkml.org/lkml/2020/6/26/837
> 
>   If you apply the patch, please let me know.
> 
>   Sorry again to all maintainers who complained about subject lines.
>   Now I realized that you want an actually perfect prefixes,
>   not just subsystem ones.
>   I tried my best...
>   And yes, *I could* (at least half-)automate it.
>   Impossible is nothing! :)
> 
> 
>   arch/arm/mach-stm32/Makefile.boot | 2 +-
>   crypto/testmgr.h                  | 6 +++---
>   2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/arm/mach-stm32/Makefile.boot b/arch/arm/mach-stm32/Makefile.boot
> index cec195d4fcba..5dde7328a7a9 100644
> --- a/arch/arm/mach-stm32/Makefile.boot
> +++ b/arch/arm/mach-stm32/Makefile.boot
> @@ -1,4 +1,4 @@
>   # SPDX-License-Identifier: GPL-2.0-only
>   # Empty file waiting for deletion once Makefile.boot isn't needed any more.
>   # Patch waits for application at
> -# http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
> +# https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
> diff --git a/crypto/testmgr.h b/crypto/testmgr.h
> index d29983908c38..cdcf0d2fe40d 100644
> --- a/crypto/testmgr.h
> +++ b/crypto/testmgr.h
> @@ -16231,7 +16231,7 @@ static const struct cipher_testvec aes_lrw_tv_template[] = {
>   			  "\xe9\x5d\x48\x92\x54\x63\x4e\xb8",
>   		.len	= 48,
>   	}, {
> -/* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */
> +/* https://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */
>   		.key    = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
>   			  "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
>   			  "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
> @@ -21096,7 +21096,7 @@ static const struct aead_testvec aegis128_tv_template[] = {
>   
>   /*
>    * All key wrapping test vectors taken from
> - * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
> + * https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
>    *
>    * Note: as documented in keywrap.c, the ivout for encryption is the first
>    * semiblock of the ciphertext from the test vector. For decryption, iv is
> @@ -22825,7 +22825,7 @@ static const struct cipher_testvec xeta_tv_template[] = {
>    * FCrypt test vectors
>    */
>   static const struct cipher_testvec fcrypt_pcbc_tv_template[] = {
> -	{ /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */
> +	{ /* https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */
>   		.key	= "\x00\x00\x00\x00\x00\x00\x00\x00",
>   		.klen	= 8,
>   		.iv	= "\x00\x00\x00\x00\x00\x00\x00\x00",
>
Alexander A. Klimov July 21, 2020, 5:49 p.m. UTC | #2
Am 21.07.20 um 10:49 schrieb Alexandre Torgue:
> Hi Alexander
> 
> On 7/19/20 11:49 AM, Alexander A. Klimov wrote:
>> Rationale:
>> Reduces attack surface on kernel devs opening the links for MITM
>> as HTTPS traffic is much harder to manipulate.
>>
>> Deterministic algorithm:
>> For each file:
>>    If not .svg:
>>      For each line:
>>        If doesn't contain `\bxmlns\b`:
>>          For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>>       If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
>>              If both the HTTP and HTTPS versions
>>              return 200 OK and serve the same content:
>>                Replace HTTP with HTTPS.
>>
>> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
> 
> This patch touch 2 different subsystems. Can you please split it ?
I can. But don't all files belong to the subsystem this patch is for?

➜  linux git:(autogen/1029) git show arch/arm/mach-stm32/Makefile.boot 
|perl scripts/get_maintainer.pl --nogit{,-fallback}
Russell King <linux@armlinux.org.uk> (odd fixer:ARM PORT)
Maxime Coquelin <mcoquelin.stm32@gmail.com> (maintainer:ARM/STM32 
ARCHITECTURE)
Alexandre Torgue <alexandre.torgue@st.com> (maintainer:ARM/STM32 
ARCHITECTURE)
linux-arm-kernel@lists.infradead.org (moderated list:ARM SUB-ARCHITECTURES)
linux-stm32@st-md-mailman.stormreply.com (moderated list:ARM/STM32 
ARCHITECTURE)
linux-kernel@vger.kernel.org (open list)
➜  linux git:(autogen/1029) git show crypto/testmgr.h |perl 
scripts/get_maintainer.pl --nogit{,-fallback}
Herbert Xu <herbert@gondor.apana.org.au> (maintainer:CRYPTO API)
"David S. Miller" <davem@davemloft.net> (maintainer:CRYPTO API)
Maxime Coquelin <mcoquelin.stm32@gmail.com> (maintainer:ARM/STM32 
ARCHITECTURE)
Alexandre Torgue <alexandre.torgue@st.com> (maintainer:ARM/STM32 
ARCHITECTURE)
linux-crypto@vger.kernel.org (open list:CRYPTO API)
linux-stm32@st-md-mailman.stormreply.com (moderated list:ARM/STM32 
ARCHITECTURE)
linux-arm-kernel@lists.infradead.org (moderated list:ARM/STM32 ARCHITECTURE)
linux-kernel@vger.kernel.org (open list)
➜  linux git:(autogen/1029)

> 
> Regards
> Alex
> 
> 
>> ---
>>   Continuing my work started at 93431e0607e5.
>>   See also: git log --oneline '--author=Alexander A. Klimov 
>> <grandmaster@al2klimov.de>' v5.7..master
>>   (Actually letting a shell for loop submit all this stuff for me.)
>>
>>   If there are any URLs to be removed completely
>>   or at least not (just) HTTPSified:
>>   Just clearly say so and I'll *undo my change*.
>>   See also: https://lkml.org/lkml/2020/6/27/64
>>
>>   If there are any valid, but yet not changed URLs:
>>   See: https://lkml.org/lkml/2020/6/26/837
>>
>>   If you apply the patch, please let me know.
>>
>>   Sorry again to all maintainers who complained about subject lines.
>>   Now I realized that you want an actually perfect prefixes,
>>   not just subsystem ones.
>>   I tried my best...
>>   And yes, *I could* (at least half-)automate it.
>>   Impossible is nothing! :)
>>
>>
>>   arch/arm/mach-stm32/Makefile.boot | 2 +-
>>   crypto/testmgr.h                  | 6 +++---
>>   2 files changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/arch/arm/mach-stm32/Makefile.boot 
>> b/arch/arm/mach-stm32/Makefile.boot
>> index cec195d4fcba..5dde7328a7a9 100644
>> --- a/arch/arm/mach-stm32/Makefile.boot
>> +++ b/arch/arm/mach-stm32/Makefile.boot
>> @@ -1,4 +1,4 @@
>>   # SPDX-License-Identifier: GPL-2.0-only
>>   # Empty file waiting for deletion once Makefile.boot isn't needed 
>> any more.
>>   # Patch waits for application at
>> -# 
>> http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
>> +# 
>> https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
>> diff --git a/crypto/testmgr.h b/crypto/testmgr.h
>> index d29983908c38..cdcf0d2fe40d 100644
>> --- a/crypto/testmgr.h
>> +++ b/crypto/testmgr.h
>> @@ -16231,7 +16231,7 @@ static const struct cipher_testvec 
>> aes_lrw_tv_template[] = {
>>                 "\xe9\x5d\x48\x92\x54\x63\x4e\xb8",
>>           .len    = 48,
>>       }, {
>> -/* 
>> http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */
>> +/* 
>> https://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ 
>>
>>           .key    = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
>>                 "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
>>                 "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
>> @@ -21096,7 +21096,7 @@ static const struct aead_testvec 
>> aegis128_tv_template[] = {
>>   /*
>>    * All key wrapping test vectors taken from
>> - * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
>> + * https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
>>    *
>>    * Note: as documented in keywrap.c, the ivout for encryption is the 
>> first
>>    * semiblock of the ciphertext from the test vector. For decryption, 
>> iv is
>> @@ -22825,7 +22825,7 @@ static const struct cipher_testvec 
>> xeta_tv_template[] = {
>>    * FCrypt test vectors
>>    */
>>   static const struct cipher_testvec fcrypt_pcbc_tv_template[] = {
>> -    { /* 
>> http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html 
>> */
>> +    { /* 
>> https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html 
>> */
>>           .key    = "\x00\x00\x00\x00\x00\x00\x00\x00",
>>           .klen    = 8,
>>           .iv    = "\x00\x00\x00\x00\x00\x00\x00\x00",
>>
Alexandre TORGUE July 22, 2020, 7:06 a.m. UTC | #3
On 7/21/20 7:49 PM, Alexander A. Klimov wrote:
> 
> 
> Am 21.07.20 um 10:49 schrieb Alexandre Torgue:
>> Hi Alexander
>>
>> On 7/19/20 11:49 AM, Alexander A. Klimov wrote:
>>> Rationale:
>>> Reduces attack surface on kernel devs opening the links for MITM
>>> as HTTPS traffic is much harder to manipulate.
>>>
>>> Deterministic algorithm:
>>> For each file:
>>>    If not .svg:
>>>      For each line:
>>>        If doesn't contain `\bxmlns\b`:
>>>          For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>>>       If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
>>>              If both the HTTP and HTTPS versions
>>>              return 200 OK and serve the same content:
>>>                Replace HTTP with HTTPS.
>>>
>>> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
>>
>> This patch touch 2 different subsystems. Can you please split it ?
> I can. But don't all files belong to the subsystem this patch is for?
> 
> ➜  linux git:(autogen/1029) git show arch/arm/mach-stm32/Makefile.boot 
> |perl scripts/get_maintainer.pl --nogit{,-fallback}
> Russell King <linux@armlinux.org.uk> (odd fixer:ARM PORT)
> Maxime Coquelin <mcoquelin.stm32@gmail.com> (maintainer:ARM/STM32 
> ARCHITECTURE)
> Alexandre Torgue <alexandre.torgue@st.com> (maintainer:ARM/STM32 
> ARCHITECTURE)
> linux-arm-kernel@lists.infradead.org (moderated list:ARM SUB-ARCHITECTURES)
> linux-stm32@st-md-mailman.stormreply.com (moderated list:ARM/STM32 
> ARCHITECTURE)
> linux-kernel@vger.kernel.org (open list)
> ➜  linux git:(autogen/1029) git show crypto/testmgr.h |perl 
> scripts/get_maintainer.pl --nogit{,-fallback}
> Herbert Xu <herbert@gondor.apana.org.au> (maintainer:CRYPTO API)
> "David S. Miller" <davem@davemloft.net> (maintainer:CRYPTO API)
> Maxime Coquelin <mcoquelin.stm32@gmail.com> (maintainer:ARM/STM32 
> ARCHITECTURE)
> Alexandre Torgue <alexandre.torgue@st.com> (maintainer:ARM/STM32 
> ARCHITECTURE)
> linux-crypto@vger.kernel.org (open list:CRYPTO API)
> linux-stm32@st-md-mailman.stormreply.com (moderated list:ARM/STM32 
> ARCHITECTURE)
> linux-arm-kernel@lists.infradead.org (moderated list:ARM/STM32 
> ARCHITECTURE)
> linux-kernel@vger.kernel.org (open list)
> ➜  linux git:(autogen/1029)

hum, I was not aware that I could take "crypto" patches. But anyway I 
think, the clean way (to avoid merge  issue later) is that I take 
mach-stm32 patch and Herbert the crypto one. Except if Herbert doesn't 
agree can you please split ?

Thanks
Alex

> 
>>
>> Regards
>> Alex
>>
>>
>>> ---
>>>   Continuing my work started at 93431e0607e5.
>>>   See also: git log --oneline '--author=Alexander A. Klimov 
>>> <grandmaster@al2klimov.de>' v5.7..master
>>>   (Actually letting a shell for loop submit all this stuff for me.)
>>>
>>>   If there are any URLs to be removed completely
>>>   or at least not (just) HTTPSified:
>>>   Just clearly say so and I'll *undo my change*.
>>>   See also: https://lkml.org/lkml/2020/6/27/64
>>>
>>>   If there are any valid, but yet not changed URLs:
>>>   See: https://lkml.org/lkml/2020/6/26/837
>>>
>>>   If you apply the patch, please let me know.
>>>
>>>   Sorry again to all maintainers who complained about subject lines.
>>>   Now I realized that you want an actually perfect prefixes,
>>>   not just subsystem ones.
>>>   I tried my best...
>>>   And yes, *I could* (at least half-)automate it.
>>>   Impossible is nothing! :)
>>>
>>>
>>>   arch/arm/mach-stm32/Makefile.boot | 2 +-
>>>   crypto/testmgr.h                  | 6 +++---
>>>   2 files changed, 4 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/arch/arm/mach-stm32/Makefile.boot 
>>> b/arch/arm/mach-stm32/Makefile.boot
>>> index cec195d4fcba..5dde7328a7a9 100644
>>> --- a/arch/arm/mach-stm32/Makefile.boot
>>> +++ b/arch/arm/mach-stm32/Makefile.boot
>>> @@ -1,4 +1,4 @@
>>>   # SPDX-License-Identifier: GPL-2.0-only
>>>   # Empty file waiting for deletion once Makefile.boot isn't needed 
>>> any more.
>>>   # Patch waits for application at
>>> -# 
>>> http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
>>> +# 
>>> https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
>>> diff --git a/crypto/testmgr.h b/crypto/testmgr.h
>>> index d29983908c38..cdcf0d2fe40d 100644
>>> --- a/crypto/testmgr.h
>>> +++ b/crypto/testmgr.h
>>> @@ -16231,7 +16231,7 @@ static const struct cipher_testvec 
>>> aes_lrw_tv_template[] = {
>>>                 "\xe9\x5d\x48\x92\x54\x63\x4e\xb8",
>>>           .len    = 48,
>>>       }, {
>>> -/* 
>>> http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ 
>>>
>>> +/* 
>>> https://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html 
>>> */
>>>           .key    = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
>>>                 "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
>>>                 "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
>>> @@ -21096,7 +21096,7 @@ static const struct aead_testvec 
>>> aegis128_tv_template[] = {
>>>   /*
>>>    * All key wrapping test vectors taken from
>>> - * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
>>> + * 
>>> https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
>>>    *
>>>    * Note: as documented in keywrap.c, the ivout for encryption is 
>>> the first
>>>    * semiblock of the ciphertext from the test vector. For 
>>> decryption, iv is
>>> @@ -22825,7 +22825,7 @@ static const struct cipher_testvec 
>>> xeta_tv_template[] = {
>>>    * FCrypt test vectors
>>>    */
>>>   static const struct cipher_testvec fcrypt_pcbc_tv_template[] = {
>>> -    { /* 
>>> http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html 
>>> */
>>> +    { /* 
>>> https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html 
>>> */
>>>           .key    = "\x00\x00\x00\x00\x00\x00\x00\x00",
>>>           .klen    = 8,
>>>           .iv    = "\x00\x00\x00\x00\x00\x00\x00\x00",
>>>
Herbert Xu July 22, 2020, 7:11 a.m. UTC | #4
On Wed, Jul 22, 2020 at 09:06:29AM +0200, Alexandre Torgue wrote:
>
> hum, I was not aware that I could take "crypto" patches. But anyway I think,
> the clean way (to avoid merge  issue later) is that I take mach-stm32 patch
> and Herbert the crypto one. Except if Herbert doesn't agree can you please
> split ?

Yes I think splitting it up would be better in case there are
other patches down the track that may cause conflicts.

Thanks,
diff mbox series

Patch

diff --git a/arch/arm/mach-stm32/Makefile.boot b/arch/arm/mach-stm32/Makefile.boot
index cec195d4fcba..5dde7328a7a9 100644
--- a/arch/arm/mach-stm32/Makefile.boot
+++ b/arch/arm/mach-stm32/Makefile.boot
@@ -1,4 +1,4 @@ 
 # SPDX-License-Identifier: GPL-2.0-only
 # Empty file waiting for deletion once Makefile.boot isn't needed any more.
 # Patch waits for application at
-# http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
+# https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index d29983908c38..cdcf0d2fe40d 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -16231,7 +16231,7 @@  static const struct cipher_testvec aes_lrw_tv_template[] = {
 			  "\xe9\x5d\x48\x92\x54\x63\x4e\xb8",
 		.len	= 48,
 	}, {
-/* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */
+/* https://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */
 		.key    = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
 			  "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
 			  "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
@@ -21096,7 +21096,7 @@  static const struct aead_testvec aegis128_tv_template[] = {
 
 /*
  * All key wrapping test vectors taken from
- * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
+ * https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
  *
  * Note: as documented in keywrap.c, the ivout for encryption is the first
  * semiblock of the ciphertext from the test vector. For decryption, iv is
@@ -22825,7 +22825,7 @@  static const struct cipher_testvec xeta_tv_template[] = {
  * FCrypt test vectors
  */
 static const struct cipher_testvec fcrypt_pcbc_tv_template[] = {
-	{ /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */
+	{ /* https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */
 		.key	= "\x00\x00\x00\x00\x00\x00\x00\x00",
 		.klen	= 8,
 		.iv	= "\x00\x00\x00\x00\x00\x00\x00\x00",