lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 22 Jul 2020 09:06:29 +0200
From:   Alexandre Torgue <alexandre.torgue@...com>
To:     "Alexander A. Klimov" <grandmaster@...klimov.de>,
        <linux@...linux.org.uk>, <mcoquelin.stm32@...il.com>,
        <herbert@...dor.apana.org.au>, <davem@...emloft.net>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-stm32@...md-mailman.stormreply.com>,
        <linux-kernel@...r.kernel.org>, <linux-crypto@...r.kernel.org>
Subject: Re: [PATCH for v5.9] ARM: STM32: Replace HTTP links with HTTPS ones



On 7/21/20 7:49 PM, Alexander A. Klimov wrote:
> 
> 
> Am 21.07.20 um 10:49 schrieb Alexandre Torgue:
>> Hi Alexander
>>
>> On 7/19/20 11:49 AM, Alexander A. Klimov wrote:
>>> Rationale:
>>> Reduces attack surface on kernel devs opening the links for MITM
>>> as HTTPS traffic is much harder to manipulate.
>>>
>>> Deterministic algorithm:
>>> For each file:
>>>    If not .svg:
>>>      For each line:
>>>        If doesn't contain `\bxmlns\b`:
>>>          For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>>>       If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
>>>              If both the HTTP and HTTPS versions
>>>              return 200 OK and serve the same content:
>>>                Replace HTTP with HTTPS.
>>>
>>> Signed-off-by: Alexander A. Klimov <grandmaster@...klimov.de>
>>
>> This patch touch 2 different subsystems. Can you please split it ?
> I can. But don't all files belong to the subsystem this patch is for?
> 
> ➜  linux git:(autogen/1029) git show arch/arm/mach-stm32/Makefile.boot 
> |perl scripts/get_maintainer.pl --nogit{,-fallback}
> Russell King <linux@...linux.org.uk> (odd fixer:ARM PORT)
> Maxime Coquelin <mcoquelin.stm32@...il.com> (maintainer:ARM/STM32 
> ARCHITECTURE)
> Alexandre Torgue <alexandre.torgue@...com> (maintainer:ARM/STM32 
> ARCHITECTURE)
> linux-arm-kernel@...ts.infradead.org (moderated list:ARM SUB-ARCHITECTURES)
> linux-stm32@...md-mailman.stormreply.com (moderated list:ARM/STM32 
> ARCHITECTURE)
> linux-kernel@...r.kernel.org (open list)
> ➜  linux git:(autogen/1029) git show crypto/testmgr.h |perl 
> scripts/get_maintainer.pl --nogit{,-fallback}
> Herbert Xu <herbert@...dor.apana.org.au> (maintainer:CRYPTO API)
> "David S. Miller" <davem@...emloft.net> (maintainer:CRYPTO API)
> Maxime Coquelin <mcoquelin.stm32@...il.com> (maintainer:ARM/STM32 
> ARCHITECTURE)
> Alexandre Torgue <alexandre.torgue@...com> (maintainer:ARM/STM32 
> ARCHITECTURE)
> linux-crypto@...r.kernel.org (open list:CRYPTO API)
> linux-stm32@...md-mailman.stormreply.com (moderated list:ARM/STM32 
> ARCHITECTURE)
> linux-arm-kernel@...ts.infradead.org (moderated list:ARM/STM32 
> ARCHITECTURE)
> linux-kernel@...r.kernel.org (open list)
> ➜  linux git:(autogen/1029)

hum, I was not aware that I could take "crypto" patches. But anyway I 
think, the clean way (to avoid merge  issue later) is that I take 
mach-stm32 patch and Herbert the crypto one. Except if Herbert doesn't 
agree can you please split ?

Thanks
Alex

> 
>>
>> Regards
>> Alex
>>
>>
>>> ---
>>>   Continuing my work started at 93431e0607e5.
>>>   See also: git log --oneline '--author=Alexander A. Klimov 
>>> <grandmaster@...klimov.de>' v5.7..master
>>>   (Actually letting a shell for loop submit all this stuff for me.)
>>>
>>>   If there are any URLs to be removed completely
>>>   or at least not (just) HTTPSified:
>>>   Just clearly say so and I'll *undo my change*.
>>>   See also: https://lkml.org/lkml/2020/6/27/64
>>>
>>>   If there are any valid, but yet not changed URLs:
>>>   See: https://lkml.org/lkml/2020/6/26/837
>>>
>>>   If you apply the patch, please let me know.
>>>
>>>   Sorry again to all maintainers who complained about subject lines.
>>>   Now I realized that you want an actually perfect prefixes,
>>>   not just subsystem ones.
>>>   I tried my best...
>>>   And yes, *I could* (at least half-)automate it.
>>>   Impossible is nothing! :)
>>>
>>>
>>>   arch/arm/mach-stm32/Makefile.boot | 2 +-
>>>   crypto/testmgr.h                  | 6 +++---
>>>   2 files changed, 4 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/arch/arm/mach-stm32/Makefile.boot 
>>> b/arch/arm/mach-stm32/Makefile.boot
>>> index cec195d4fcba..5dde7328a7a9 100644
>>> --- a/arch/arm/mach-stm32/Makefile.boot
>>> +++ b/arch/arm/mach-stm32/Makefile.boot
>>> @@ -1,4 +1,4 @@
>>>   # SPDX-License-Identifier: GPL-2.0-only
>>>   # Empty file waiting for deletion once Makefile.boot isn't needed 
>>> any more.
>>>   # Patch waits for application at
>>> -# 
>>> http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
>>> +# 
>>> https://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
>>> diff --git a/crypto/testmgr.h b/crypto/testmgr.h
>>> index d29983908c38..cdcf0d2fe40d 100644
>>> --- a/crypto/testmgr.h
>>> +++ b/crypto/testmgr.h
>>> @@ -16231,7 +16231,7 @@ static const struct cipher_testvec 
>>> aes_lrw_tv_template[] = {
>>>                 "\xe9\x5d\x48\x92\x54\x63\x4e\xb8",
>>>           .len    = 48,
>>>       }, {
>>> -/* 
>>> http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */ 
>>>
>>> +/* 
>>> https://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html 
>>> */
>>>           .key    = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
>>>                 "\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
>>>                 "\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
>>> @@ -21096,7 +21096,7 @@ static const struct aead_testvec 
>>> aegis128_tv_template[] = {
>>>   /*
>>>    * All key wrapping test vectors taken from
>>> - * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
>>> + * 
>>> https://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
>>>    *
>>>    * Note: as documented in keywrap.c, the ivout for encryption is 
>>> the first
>>>    * semiblock of the ciphertext from the test vector. For 
>>> decryption, iv is
>>> @@ -22825,7 +22825,7 @@ static const struct cipher_testvec 
>>> xeta_tv_template[] = {
>>>    * FCrypt test vectors
>>>    */
>>>   static const struct cipher_testvec fcrypt_pcbc_tv_template[] = {
>>> -    { /* 
>>> http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html 
>>> */
>>> +    { /* 
>>> https://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html 
>>> */
>>>           .key    = "\x00\x00\x00\x00\x00\x00\x00\x00",
>>>           .klen    = 8,
>>>           .iv    = "\x00\x00\x00\x00\x00\x00\x00\x00",
>>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ