| Message ID | 20200719094948.57487-1-grandmaster@al2klimov.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [for,v5.9] ARM: STM32: Replace HTTP links with HTTPS ones | expand |
Hi Alexander On 7/19/20 11:49 AM, Alexander A. Klimov wrote: > Rationale: > Reduces attack surface on kernel devs opening the links for MITM > as HTTPS traffic is much harder to manipulate. > > Deterministic algorithm: > For each file: > If not .svg: > For each line: > If doesn't contain `\bxmlns\b`: > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: > If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: > If both the HTTP and HTTPS versions > return 200 OK and serve the same content: > Replace HTTP with HTTPS. > > Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> This patch touch 2 different subsystems. Can you please split it ? Regards Alex > --- > Continuing my work started at 93431e0607e5. > See also: git log --oneline '--author=Alexander A. Klimov <grandmaster@al2klimov.de>' v5.7..master > (Actually letting a shell for loop submit all this stuff for me.) > > If there are any URLs to be removed completely > or at least not (just) HTTPSified: > Just clearly say so and I'll *undo my change*. > See also: https://lkml.org/lkml/2020/6/27/64 > > If there are any valid, but yet not changed URLs: > See: https://lkml.org/lkml/2020/6/26/837 > > If you apply the patch, please let me know. > > Sorry again to all maintainers who complained about subject lines. > Now I realized that you want an actually perfect prefixes, > not just subsystem ones. > I tried my best... > And yes, *I could* (at least half-)automate it. > Impossible is nothing! :) > > > arch/arm/mach-stm32/Makefile.boot | 2 +- > crypto/testmgr.h | 6 +++--- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/arch/arm/mach-stm32/Makefile.boot b/arch/arm/mach-stm32/Makefile.boot > index cec195d4fcba..5dde7328a7a9 100644 > --- a/arch/arm/mach-stm32/Makefile.boot > +++ b/arch/arm/mach-stm32/Makefile.boot > @@ -1,4 +1,4 @@ > # SPDX-License-Identifier: GPL-2.0-only > # Empty file waiting for deletion once Makefile.boot isn't needed any more. > # Patch waits for application at > -# http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 . > +# https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 . > diff --git a/crypto/testmgr.h b/crypto/testmgr.h > index d29983908c38..cdcf0d2fe40d 100644 > --- a/crypto/testmgr.h > +++ b/crypto/testmgr.h > @@ -16231,7 +16231,7 @@ static const struct cipher_testvec aes_lrw_tv_template[] = { > "\xe9\x5d\x48\x92\x54\x63\x4e\xb8", > .len = 48, > }, { > -/* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ > +/* https://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ > .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" > "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" > "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" > @@ -21096,7 +21096,7 @@ static const struct aead_testvec aegis128_tv_template[] = { > > /* > * All key wrapping test vectors taken from > - * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip > + * https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip > * > * Note: as documented in keywrap.c, the ivout for encryption is the first > * semiblock of the ciphertext from the test vector. For decryption, iv is > @@ -22825,7 +22825,7 @@ static const struct cipher_testvec xeta_tv_template[] = { > * FCrypt test vectors > */ > static const struct cipher_testvec fcrypt_pcbc_tv_template[] = { > - { /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */ > + { /* https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */ > .key = "\x00\x00\x00\x00\x00\x00\x00\x00", > .klen = 8, > .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", >
Am 21.07.20 um 10:49 schrieb Alexandre Torgue: > Hi Alexander > > On 7/19/20 11:49 AM, Alexander A. Klimov wrote: >> Rationale: >> Reduces attack surface on kernel devs opening the links for MITM >> as HTTPS traffic is much harder to manipulate. >> >> Deterministic algorithm: >> For each file: >> If not .svg: >> For each line: >> If doesn't contain `\bxmlns\b`: >> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: >> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: >> If both the HTTP and HTTPS versions >> return 200 OK and serve the same content: >> Replace HTTP with HTTPS. >> >> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> > > This patch touch 2 different subsystems. Can you please split it ? I can. But don't all files belong to the subsystem this patch is for? ➜ linux git:(autogen/1029) git show arch/arm/mach-stm32/Makefile.boot |perl scripts/get_maintainer.pl --nogit{,-fallback} Russell King <linux@armlinux.org.uk> (odd fixer:ARM PORT) Maxime Coquelin <mcoquelin.stm32@gmail.com> (maintainer:ARM/STM32 ARCHITECTURE) Alexandre Torgue <alexandre.torgue@st.com> (maintainer:ARM/STM32 ARCHITECTURE) linux-arm-kernel@lists.infradead.org (moderated list:ARM SUB-ARCHITECTURES) linux-stm32@st-md-mailman.stormreply.com (moderated list:ARM/STM32 ARCHITECTURE) linux-kernel@vger.kernel.org (open list) ➜ linux git:(autogen/1029) git show crypto/testmgr.h |perl scripts/get_maintainer.pl --nogit{,-fallback} Herbert Xu <herbert@gondor.apana.org.au> (maintainer:CRYPTO API) "David S. Miller" <davem@davemloft.net> (maintainer:CRYPTO API) Maxime Coquelin <mcoquelin.stm32@gmail.com> (maintainer:ARM/STM32 ARCHITECTURE) Alexandre Torgue <alexandre.torgue@st.com> (maintainer:ARM/STM32 ARCHITECTURE) linux-crypto@vger.kernel.org (open list:CRYPTO API) linux-stm32@st-md-mailman.stormreply.com (moderated list:ARM/STM32 ARCHITECTURE) linux-arm-kernel@lists.infradead.org (moderated list:ARM/STM32 ARCHITECTURE) linux-kernel@vger.kernel.org (open list) ➜ linux git:(autogen/1029) > > Regards > Alex > > >> --- >> Continuing my work started at 93431e0607e5. >> See also: git log --oneline '--author=Alexander A. Klimov >> <grandmaster@al2klimov.de>' v5.7..master >> (Actually letting a shell for loop submit all this stuff for me.) >> >> If there are any URLs to be removed completely >> or at least not (just) HTTPSified: >> Just clearly say so and I'll *undo my change*. >> See also: https://lkml.org/lkml/2020/6/27/64 >> >> If there are any valid, but yet not changed URLs: >> See: https://lkml.org/lkml/2020/6/26/837 >> >> If you apply the patch, please let me know. >> >> Sorry again to all maintainers who complained about subject lines. >> Now I realized that you want an actually perfect prefixes, >> not just subsystem ones. >> I tried my best... >> And yes, *I could* (at least half-)automate it. >> Impossible is nothing! :) >> >> >> arch/arm/mach-stm32/Makefile.boot | 2 +- >> crypto/testmgr.h | 6 +++--- >> 2 files changed, 4 insertions(+), 4 deletions(-) >> >> diff --git a/arch/arm/mach-stm32/Makefile.boot >> b/arch/arm/mach-stm32/Makefile.boot >> index cec195d4fcba..5dde7328a7a9 100644 >> --- a/arch/arm/mach-stm32/Makefile.boot >> +++ b/arch/arm/mach-stm32/Makefile.boot >> @@ -1,4 +1,4 @@ >> # SPDX-License-Identifier: GPL-2.0-only >> # Empty file waiting for deletion once Makefile.boot isn't needed >> any more. >> # Patch waits for application at >> -# >> http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 . >> +# >> https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 . >> diff --git a/crypto/testmgr.h b/crypto/testmgr.h >> index d29983908c38..cdcf0d2fe40d 100644 >> --- a/crypto/testmgr.h >> +++ b/crypto/testmgr.h >> @@ -16231,7 +16231,7 @@ static const struct cipher_testvec >> aes_lrw_tv_template[] = { >> "\xe9\x5d\x48\x92\x54\x63\x4e\xb8", >> .len = 48, >> }, { >> -/* >> http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ >> +/* >> https://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ >> >> .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" >> "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" >> "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" >> @@ -21096,7 +21096,7 @@ static const struct aead_testvec >> aegis128_tv_template[] = { >> /* >> * All key wrapping test vectors taken from >> - * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip >> + * https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip >> * >> * Note: as documented in keywrap.c, the ivout for encryption is the >> first >> * semiblock of the ciphertext from the test vector. For decryption, >> iv is >> @@ -22825,7 +22825,7 @@ static const struct cipher_testvec >> xeta_tv_template[] = { >> * FCrypt test vectors >> */ >> static const struct cipher_testvec fcrypt_pcbc_tv_template[] = { >> - { /* >> http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html >> */ >> + { /* >> https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html >> */ >> .key = "\x00\x00\x00\x00\x00\x00\x00\x00", >> .klen = 8, >> .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", >>
On 7/21/20 7:49 PM, Alexander A. Klimov wrote: > > > Am 21.07.20 um 10:49 schrieb Alexandre Torgue: >> Hi Alexander >> >> On 7/19/20 11:49 AM, Alexander A. Klimov wrote: >>> Rationale: >>> Reduces attack surface on kernel devs opening the links for MITM >>> as HTTPS traffic is much harder to manipulate. >>> >>> Deterministic algorithm: >>> For each file: >>> If not .svg: >>> For each line: >>> If doesn't contain `\bxmlns\b`: >>> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: >>> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: >>> If both the HTTP and HTTPS versions >>> return 200 OK and serve the same content: >>> Replace HTTP with HTTPS. >>> >>> Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> >> >> This patch touch 2 different subsystems. Can you please split it ? > I can. But don't all files belong to the subsystem this patch is for? > > ➜ linux git:(autogen/1029) git show arch/arm/mach-stm32/Makefile.boot > |perl scripts/get_maintainer.pl --nogit{,-fallback} > Russell King <linux@armlinux.org.uk> (odd fixer:ARM PORT) > Maxime Coquelin <mcoquelin.stm32@gmail.com> (maintainer:ARM/STM32 > ARCHITECTURE) > Alexandre Torgue <alexandre.torgue@st.com> (maintainer:ARM/STM32 > ARCHITECTURE) > linux-arm-kernel@lists.infradead.org (moderated list:ARM SUB-ARCHITECTURES) > linux-stm32@st-md-mailman.stormreply.com (moderated list:ARM/STM32 > ARCHITECTURE) > linux-kernel@vger.kernel.org (open list) > ➜ linux git:(autogen/1029) git show crypto/testmgr.h |perl > scripts/get_maintainer.pl --nogit{,-fallback} > Herbert Xu <herbert@gondor.apana.org.au> (maintainer:CRYPTO API) > "David S. Miller" <davem@davemloft.net> (maintainer:CRYPTO API) > Maxime Coquelin <mcoquelin.stm32@gmail.com> (maintainer:ARM/STM32 > ARCHITECTURE) > Alexandre Torgue <alexandre.torgue@st.com> (maintainer:ARM/STM32 > ARCHITECTURE) > linux-crypto@vger.kernel.org (open list:CRYPTO API) > linux-stm32@st-md-mailman.stormreply.com (moderated list:ARM/STM32 > ARCHITECTURE) > linux-arm-kernel@lists.infradead.org (moderated list:ARM/STM32 > ARCHITECTURE) > linux-kernel@vger.kernel.org (open list) > ➜ linux git:(autogen/1029) hum, I was not aware that I could take "crypto" patches. But anyway I think, the clean way (to avoid merge issue later) is that I take mach-stm32 patch and Herbert the crypto one. Except if Herbert doesn't agree can you please split ? Thanks Alex > >> >> Regards >> Alex >> >> >>> --- >>> Continuing my work started at 93431e0607e5. >>> See also: git log --oneline '--author=Alexander A. Klimov >>> <grandmaster@al2klimov.de>' v5.7..master >>> (Actually letting a shell for loop submit all this stuff for me.) >>> >>> If there are any URLs to be removed completely >>> or at least not (just) HTTPSified: >>> Just clearly say so and I'll *undo my change*. >>> See also: https://lkml.org/lkml/2020/6/27/64 >>> >>> If there are any valid, but yet not changed URLs: >>> See: https://lkml.org/lkml/2020/6/26/837 >>> >>> If you apply the patch, please let me know. >>> >>> Sorry again to all maintainers who complained about subject lines. >>> Now I realized that you want an actually perfect prefixes, >>> not just subsystem ones. >>> I tried my best... >>> And yes, *I could* (at least half-)automate it. >>> Impossible is nothing! :) >>> >>> >>> arch/arm/mach-stm32/Makefile.boot | 2 +- >>> crypto/testmgr.h | 6 +++--- >>> 2 files changed, 4 insertions(+), 4 deletions(-) >>> >>> diff --git a/arch/arm/mach-stm32/Makefile.boot >>> b/arch/arm/mach-stm32/Makefile.boot >>> index cec195d4fcba..5dde7328a7a9 100644 >>> --- a/arch/arm/mach-stm32/Makefile.boot >>> +++ b/arch/arm/mach-stm32/Makefile.boot >>> @@ -1,4 +1,4 @@ >>> # SPDX-License-Identifier: GPL-2.0-only >>> # Empty file waiting for deletion once Makefile.boot isn't needed >>> any more. >>> # Patch waits for application at >>> -# >>> http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 . >>> +# >>> https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 . >>> diff --git a/crypto/testmgr.h b/crypto/testmgr.h >>> index d29983908c38..cdcf0d2fe40d 100644 >>> --- a/crypto/testmgr.h >>> +++ b/crypto/testmgr.h >>> @@ -16231,7 +16231,7 @@ static const struct cipher_testvec >>> aes_lrw_tv_template[] = { >>> "\xe9\x5d\x48\x92\x54\x63\x4e\xb8", >>> .len = 48, >>> }, { >>> -/* >>> http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ >>> >>> +/* >>> https://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html >>> */ >>> .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" >>> "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" >>> "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" >>> @@ -21096,7 +21096,7 @@ static const struct aead_testvec >>> aegis128_tv_template[] = { >>> /* >>> * All key wrapping test vectors taken from >>> - * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip >>> + * >>> https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip >>> * >>> * Note: as documented in keywrap.c, the ivout for encryption is >>> the first >>> * semiblock of the ciphertext from the test vector. For >>> decryption, iv is >>> @@ -22825,7 +22825,7 @@ static const struct cipher_testvec >>> xeta_tv_template[] = { >>> * FCrypt test vectors >>> */ >>> static const struct cipher_testvec fcrypt_pcbc_tv_template[] = { >>> - { /* >>> http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html >>> */ >>> + { /* >>> https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html >>> */ >>> .key = "\x00\x00\x00\x00\x00\x00\x00\x00", >>> .klen = 8, >>> .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", >>>
On Wed, Jul 22, 2020 at 09:06:29AM +0200, Alexandre Torgue wrote: > > hum, I was not aware that I could take "crypto" patches. But anyway I think, > the clean way (to avoid merge issue later) is that I take mach-stm32 patch > and Herbert the crypto one. Except if Herbert doesn't agree can you please > split ? Yes I think splitting it up would be better in case there are other patches down the track that may cause conflicts. Thanks,
diff --git a/arch/arm/mach-stm32/Makefile.boot b/arch/arm/mach-stm32/Makefile.boot index cec195d4fcba..5dde7328a7a9 100644 --- a/arch/arm/mach-stm32/Makefile.boot +++ b/arch/arm/mach-stm32/Makefile.boot @@ -1,4 +1,4 @@ # SPDX-License-Identifier: GPL-2.0-only # Empty file waiting for deletion once Makefile.boot isn't needed any more. # Patch waits for application at -# http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 . +# https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 . diff --git a/crypto/testmgr.h b/crypto/testmgr.h index d29983908c38..cdcf0d2fe40d 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -16231,7 +16231,7 @@ static const struct cipher_testvec aes_lrw_tv_template[] = { "\xe9\x5d\x48\x92\x54\x63\x4e\xb8", .len = 48, }, { -/* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ +/* https://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c" "\x23\x84\xcb\x1c\x77\xd6\x19\x5d" "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21" @@ -21096,7 +21096,7 @@ static const struct aead_testvec aegis128_tv_template[] = { /* * All key wrapping test vectors taken from - * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip + * https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip * * Note: as documented in keywrap.c, the ivout for encryption is the first * semiblock of the ciphertext from the test vector. For decryption, iv is @@ -22825,7 +22825,7 @@ static const struct cipher_testvec xeta_tv_template[] = { * FCrypt test vectors */ static const struct cipher_testvec fcrypt_pcbc_tv_template[] = { - { /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */ + { /* https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */ .key = "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 8, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> --- Continuing my work started at 93431e0607e5. See also: git log --oneline '--author=Alexander A. Klimov <grandmaster@al2klimov.de>' v5.7..master (Actually letting a shell for loop submit all this stuff for me.) If there are any URLs to be removed completely or at least not (just) HTTPSified: Just clearly say so and I'll *undo my change*. See also: https://lkml.org/lkml/2020/6/27/64 If there are any valid, but yet not changed URLs: See: https://lkml.org/lkml/2020/6/26/837 If you apply the patch, please let me know. Sorry again to all maintainers who complained about subject lines. Now I realized that you want an actually perfect prefixes, not just subsystem ones. I tried my best... And yes, *I could* (at least half-)automate it. Impossible is nothing! :) arch/arm/mach-stm32/Makefile.boot | 2 +- crypto/testmgr.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)