Hi Alexander
On 7/19/20 11:49 AM, Alexander A. Klimov wrote:
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
>
> Deterministic algorithm:
> For each file:
> If not .svg:
> For each line:
> If doesn't contain `\bxmlns\b`:
> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
> If both the HTTP and HTTPS versions
> return 200 OK and serve the same content:
> Replace HTTP with HTTPS.
>
> Signed-off-by: Alexander A. Klimov <[email protected]>
This patch touch 2 different subsystems. Can you please split it ?
Regards
Alex
> ---
> Continuing my work started at 93431e0607e5.
> See also: git log --oneline '--author=Alexander A. Klimov <[email protected]>' v5.7..master
> (Actually letting a shell for loop submit all this stuff for me.)
>
> If there are any URLs to be removed completely
> or at least not (just) HTTPSified:
> Just clearly say so and I'll *undo my change*.
> See also: https://lkml.org/lkml/2020/6/27/64
>
> If there are any valid, but yet not changed URLs:
> See: https://lkml.org/lkml/2020/6/26/837
>
> If you apply the patch, please let me know.
>
> Sorry again to all maintainers who complained about subject lines.
> Now I realized that you want an actually perfect prefixes,
> not just subsystem ones.
> I tried my best...
> And yes, *I could* (at least half-)automate it.
> Impossible is nothing! :)
>
>
> arch/arm/mach-stm32/Makefile.boot | 2 +-
> crypto/testmgr.h | 6 +++---
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/arch/arm/mach-stm32/Makefile.boot b/arch/arm/mach-stm32/Makefile.boot
> index cec195d4fcba..5dde7328a7a9 100644
> --- a/arch/arm/mach-stm32/Makefile.boot
> +++ b/arch/arm/mach-stm32/Makefile.boot
> @@ -1,4 +1,4 @@
> # SPDX-License-Identifier: GPL-2.0-only
> # Empty file waiting for deletion once Makefile.boot isn't needed any more.
> # Patch waits for application at
> -# http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
> +# https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
> diff --git a/crypto/testmgr.h b/crypto/testmgr.h
> index d29983908c38..cdcf0d2fe40d 100644
> --- a/crypto/testmgr.h
> +++ b/crypto/testmgr.h
> @@ -16231,7 +16231,7 @@ static const struct cipher_testvec aes_lrw_tv_template[] = {
> "\xe9\x5d\x48\x92\x54\x63\x4e\xb8",
> .len = 48,
> }, {
> -/* http://www.mail-archive.com/[email protected]/msg00173.html */
> +/* https://www.mail-archive.com/[email protected]/msg00173.html */
> .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
> "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
> "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
> @@ -21096,7 +21096,7 @@ static const struct aead_testvec aegis128_tv_template[] = {
>
> /*
> * All key wrapping test vectors taken from
> - * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
> + * https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
> *
> * Note: as documented in keywrap.c, the ivout for encryption is the first
> * semiblock of the ciphertext from the test vector. For decryption, iv is
> @@ -22825,7 +22825,7 @@ static const struct cipher_testvec xeta_tv_template[] = {
> * FCrypt test vectors
> */
> static const struct cipher_testvec fcrypt_pcbc_tv_template[] = {
> - { /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */
> + { /* https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */
> .key = "\x00\x00\x00\x00\x00\x00\x00\x00",
> .klen = 8,
> .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
>
Am 21.07.20 um 10:49 schrieb Alexandre Torgue:
> Hi Alexander
>
> On 7/19/20 11:49 AM, Alexander A. Klimov wrote:
>> Rationale:
>> Reduces attack surface on kernel devs opening the links for MITM
>> as HTTPS traffic is much harder to manipulate.
>>
>> Deterministic algorithm:
>> For each file:
>> If not .svg:
>> For each line:
>> If doesn't contain `\bxmlns\b`:
>> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
>> If both the HTTP and HTTPS versions
>> return 200 OK and serve the same content:
>> Replace HTTP with HTTPS.
>>
>> Signed-off-by: Alexander A. Klimov <[email protected]>
>
> This patch touch 2 different subsystems. Can you please split it ?
I can. But don't all files belong to the subsystem this patch is for?
➜ linux git:(autogen/1029) git show arch/arm/mach-stm32/Makefile.boot
|perl scripts/get_maintainer.pl --nogit{,-fallback}
Russell King <[email protected]> (odd fixer:ARM PORT)
Maxime Coquelin <[email protected]> (maintainer:ARM/STM32
ARCHITECTURE)
Alexandre Torgue <[email protected]> (maintainer:ARM/STM32
ARCHITECTURE)
[email protected] (moderated list:ARM SUB-ARCHITECTURES)
[email protected] (moderated list:ARM/STM32
ARCHITECTURE)
[email protected] (open list)
➜ linux git:(autogen/1029) git show crypto/testmgr.h |perl
scripts/get_maintainer.pl --nogit{,-fallback}
Herbert Xu <[email protected]> (maintainer:CRYPTO API)
"David S. Miller" <[email protected]> (maintainer:CRYPTO API)
Maxime Coquelin <[email protected]> (maintainer:ARM/STM32
ARCHITECTURE)
Alexandre Torgue <[email protected]> (maintainer:ARM/STM32
ARCHITECTURE)
[email protected] (open list:CRYPTO API)
[email protected] (moderated list:ARM/STM32
ARCHITECTURE)
[email protected] (moderated list:ARM/STM32 ARCHITECTURE)
[email protected] (open list)
➜ linux git:(autogen/1029)
>
> Regards
> Alex
>
>
>> ---
>> Continuing my work started at 93431e0607e5.
>> See also: git log --oneline '--author=Alexander A. Klimov
>> <[email protected]>' v5.7..master
>> (Actually letting a shell for loop submit all this stuff for me.)
>>
>> If there are any URLs to be removed completely
>> or at least not (just) HTTPSified:
>> Just clearly say so and I'll *undo my change*.
>> See also: https://lkml.org/lkml/2020/6/27/64
>>
>> If there are any valid, but yet not changed URLs:
>> See: https://lkml.org/lkml/2020/6/26/837
>>
>> If you apply the patch, please let me know.
>>
>> Sorry again to all maintainers who complained about subject lines.
>> Now I realized that you want an actually perfect prefixes,
>> not just subsystem ones.
>> I tried my best...
>> And yes, *I could* (at least half-)automate it.
>> Impossible is nothing! :)
>>
>>
>> arch/arm/mach-stm32/Makefile.boot | 2 +-
>> crypto/testmgr.h | 6 +++---
>> 2 files changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/arch/arm/mach-stm32/Makefile.boot
>> b/arch/arm/mach-stm32/Makefile.boot
>> index cec195d4fcba..5dde7328a7a9 100644
>> --- a/arch/arm/mach-stm32/Makefile.boot
>> +++ b/arch/arm/mach-stm32/Makefile.boot
>> @@ -1,4 +1,4 @@
>> # SPDX-License-Identifier: GPL-2.0-only
>> # Empty file waiting for deletion once Makefile.boot isn't needed
>> any more.
>> # Patch waits for application at
>> -#
>> http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
>> +#
>> https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
>> diff --git a/crypto/testmgr.h b/crypto/testmgr.h
>> index d29983908c38..cdcf0d2fe40d 100644
>> --- a/crypto/testmgr.h
>> +++ b/crypto/testmgr.h
>> @@ -16231,7 +16231,7 @@ static const struct cipher_testvec
>> aes_lrw_tv_template[] = {
>> "\xe9\x5d\x48\x92\x54\x63\x4e\xb8",
>> .len = 48,
>> }, {
>> -/*
>> http://www.mail-archive.com/[email protected]/msg00173.html */
>> +/*
>> https://www.mail-archive.com/[email protected]/msg00173.html */
>>
>> .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
>> "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
>> "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
>> @@ -21096,7 +21096,7 @@ static const struct aead_testvec
>> aegis128_tv_template[] = {
>> /*
>> * All key wrapping test vectors taken from
>> - * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
>> + * https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
>> *
>> * Note: as documented in keywrap.c, the ivout for encryption is the
>> first
>> * semiblock of the ciphertext from the test vector. For decryption,
>> iv is
>> @@ -22825,7 +22825,7 @@ static const struct cipher_testvec
>> xeta_tv_template[] = {
>> * FCrypt test vectors
>> */
>> static const struct cipher_testvec fcrypt_pcbc_tv_template[] = {
>> - { /*
>> http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html
>> */
>> + { /*
>> https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html
>> */
>> .key = "\x00\x00\x00\x00\x00\x00\x00\x00",
>> .klen = 8,
>> .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
>>
On 7/21/20 7:49 PM, Alexander A. Klimov wrote:
>
>
> Am 21.07.20 um 10:49 schrieb Alexandre Torgue:
>> Hi Alexander
>>
>> On 7/19/20 11:49 AM, Alexander A. Klimov wrote:
>>> Rationale:
>>> Reduces attack surface on kernel devs opening the links for MITM
>>> as HTTPS traffic is much harder to manipulate.
>>>
>>> Deterministic algorithm:
>>> For each file:
>>> If not .svg:
>>> For each line:
>>> If doesn't contain `\bxmlns\b`:
>>> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>>> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
>>> If both the HTTP and HTTPS versions
>>> return 200 OK and serve the same content:
>>> Replace HTTP with HTTPS.
>>>
>>> Signed-off-by: Alexander A. Klimov <[email protected]>
>>
>> This patch touch 2 different subsystems. Can you please split it ?
> I can. But don't all files belong to the subsystem this patch is for?
>
> ➜ linux git:(autogen/1029) git show arch/arm/mach-stm32/Makefile.boot
> |perl scripts/get_maintainer.pl --nogit{,-fallback}
> Russell King <[email protected]> (odd fixer:ARM PORT)
> Maxime Coquelin <[email protected]> (maintainer:ARM/STM32
> ARCHITECTURE)
> Alexandre Torgue <[email protected]> (maintainer:ARM/STM32
> ARCHITECTURE)
> [email protected] (moderated list:ARM SUB-ARCHITECTURES)
> [email protected] (moderated list:ARM/STM32
> ARCHITECTURE)
> [email protected] (open list)
> ➜ linux git:(autogen/1029) git show crypto/testmgr.h |perl
> scripts/get_maintainer.pl --nogit{,-fallback}
> Herbert Xu <[email protected]> (maintainer:CRYPTO API)
> "David S. Miller" <[email protected]> (maintainer:CRYPTO API)
> Maxime Coquelin <[email protected]> (maintainer:ARM/STM32
> ARCHITECTURE)
> Alexandre Torgue <[email protected]> (maintainer:ARM/STM32
> ARCHITECTURE)
> [email protected] (open list:CRYPTO API)
> [email protected] (moderated list:ARM/STM32
> ARCHITECTURE)
> [email protected] (moderated list:ARM/STM32
> ARCHITECTURE)
> [email protected] (open list)
> ➜ linux git:(autogen/1029)
hum, I was not aware that I could take "crypto" patches. But anyway I
think, the clean way (to avoid merge issue later) is that I take
mach-stm32 patch and Herbert the crypto one. Except if Herbert doesn't
agree can you please split ?
Thanks
Alex
>
>>
>> Regards
>> Alex
>>
>>
>>> ---
>>> Continuing my work started at 93431e0607e5.
>>> See also: git log --oneline '--author=Alexander A. Klimov
>>> <[email protected]>' v5.7..master
>>> (Actually letting a shell for loop submit all this stuff for me.)
>>>
>>> If there are any URLs to be removed completely
>>> or at least not (just) HTTPSified:
>>> Just clearly say so and I'll *undo my change*.
>>> See also: https://lkml.org/lkml/2020/6/27/64
>>>
>>> If there are any valid, but yet not changed URLs:
>>> See: https://lkml.org/lkml/2020/6/26/837
>>>
>>> If you apply the patch, please let me know.
>>>
>>> Sorry again to all maintainers who complained about subject lines.
>>> Now I realized that you want an actually perfect prefixes,
>>> not just subsystem ones.
>>> I tried my best...
>>> And yes, *I could* (at least half-)automate it.
>>> Impossible is nothing! :)
>>>
>>>
>>> arch/arm/mach-stm32/Makefile.boot | 2 +-
>>> crypto/testmgr.h | 6 +++---
>>> 2 files changed, 4 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/arch/arm/mach-stm32/Makefile.boot
>>> b/arch/arm/mach-stm32/Makefile.boot
>>> index cec195d4fcba..5dde7328a7a9 100644
>>> --- a/arch/arm/mach-stm32/Makefile.boot
>>> +++ b/arch/arm/mach-stm32/Makefile.boot
>>> @@ -1,4 +1,4 @@
>>> # SPDX-License-Identifier: GPL-2.0-only
>>> # Empty file waiting for deletion once Makefile.boot isn't needed
>>> any more.
>>> # Patch waits for application at
>>> -#
>>> http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
>>> +#
>>> https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
>>> diff --git a/crypto/testmgr.h b/crypto/testmgr.h
>>> index d29983908c38..cdcf0d2fe40d 100644
>>> --- a/crypto/testmgr.h
>>> +++ b/crypto/testmgr.h
>>> @@ -16231,7 +16231,7 @@ static const struct cipher_testvec
>>> aes_lrw_tv_template[] = {
>>> "\xe9\x5d\x48\x92\x54\x63\x4e\xb8",
>>> .len = 48,
>>> }, {
>>> -/*
>>> http://www.mail-archive.com/[email protected]/msg00173.html */
>>>
>>> +/*
>>> https://www.mail-archive.com/[email protected]/msg00173.html
>>> */
>>> .key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
>>> "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
>>> "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
>>> @@ -21096,7 +21096,7 @@ static const struct aead_testvec
>>> aegis128_tv_template[] = {
>>> /*
>>> * All key wrapping test vectors taken from
>>> - * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
>>> + *
>>> https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
>>> *
>>> * Note: as documented in keywrap.c, the ivout for encryption is
>>> the first
>>> * semiblock of the ciphertext from the test vector. For
>>> decryption, iv is
>>> @@ -22825,7 +22825,7 @@ static const struct cipher_testvec
>>> xeta_tv_template[] = {
>>> * FCrypt test vectors
>>> */
>>> static const struct cipher_testvec fcrypt_pcbc_tv_template[] = {
>>> - { /*
>>> http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html
>>> */
>>> + { /*
>>> https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html
>>> */
>>> .key = "\x00\x00\x00\x00\x00\x00\x00\x00",
>>> .klen = 8,
>>> .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
>>>