[PATCH] kernel:gen_kheaders:Replace md5sum to sha256sum

Bhaskar Chowdhury posted 1 patch 4 days, 17 hours ago
kernel/gen_kheaders.sh | 27 ++++++++++++++-------------
1 file changed, 14 insertions(+), 13 deletions(-)
[PATCH] kernel:gen_kheaders:Replace md5sum to sha256sum
Posted by Bhaskar Chowdhury 4 days, 17 hours ago
Thought to apply a better encryption mechanism.

Replace all occurance of md5sum to sha256sum .

Signed-off-by: Bhaskar Chowdhury <unixbhaskar@gmail.com>
---
 kernel/gen_kheaders.sh | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/kernel/gen_kheaders.sh b/kernel/gen_kheaders.sh
index 0c78e64f747d..1abf2d83039c 100755
--- a/kernel/gen_kheaders.sh
+++ b/kernel/gen_kheaders.sh
@@ -3,6 +3,7 @@

 # This script generates an archive consisting of kernel headers
 # for CONFIG_IKHEADERS.
+# Replace md5sum to sha256sum
 set -e
 sfile="$(readlink -f "$0")"
 outdir="$(pwd)"
@@ -37,22 +38,22 @@ all_dirs="$all_dirs $dir_list"
 # When Kconfig regenerates include/generated/autoconf.h, its timestamp is
 # updated, but the contents might be still the same. When any CONFIG option is
 # changed, Kconfig touches the corresponding timestamp file include/config/*.
-# Hence, the md5sum detects the configuration change anyway. We do not need to
+# Hence, the sha256sum detects the configuration change anyway. We do not need to
 # check include/generated/autoconf.h explicitly.
 #
-# Ignore them for md5 calculation to avoid pointless regeneration.
-headers_md5="$(find $all_dirs -name "*.h"			|
+# Ignore them for sha256 calculation to avoid pointless regeneration.
+headers_sha256="$(find $all_dirs -name "*.h"			|
 		grep -v "include/generated/compile.h"	|
 		grep -v "include/generated/autoconf.h"	|
-		xargs ls -l | md5sum | cut -d ' ' -f1)"
+		xargs ls -l | sha256sum| cut -d ' ' -f1)"

 # Any changes to this script will also cause a rebuild of the archive.
-this_file_md5="$(ls -l $sfile | md5sum | cut -d ' ' -f1)"
-if [ -f $tarfile ]; then tarfile_md5="$(md5sum $tarfile | cut -d ' ' -f1)"; fi
-if [ -f kernel/kheaders.md5 ] &&
-	[ "$(head -n 1 kernel/kheaders.md5)" = "$headers_md5" ] &&
-	[ "$(head -n 2 kernel/kheaders.md5 | tail -n 1)" = "$this_file_md5" ] &&
-	[ "$(tail -n 1 kernel/kheaders.md5)" = "$tarfile_md5" ]; then
+this_file_sha256="$(ls -l $sfile | sha256sum| cut -d ' ' -f1)"
+if [ -f $tarfile ]; then tarfile_sha256="$(sha256sum $tarfile | cut -d ' ' -f1)"; fi
+if [ -f kernel/kheaders.sha256 ] &&
+	[ "$(head -n 1 kernel/kheaders.sha256)" = "$headers_sha256" ] &&
+	[ "$(head -n 2 kernel/kheaders.sha256 | tail -n 1)" = "$this_file_sha256" ] &&
+	[ "$(tail -n 1 kernel/kheaders.sha256)" = "$tarfile_sha256" ]; then
 		exit
 fi

@@ -88,8 +89,8 @@ find $cpio_dir -printf "./%P\n" | LC_ALL=C sort | \
     --owner=0 --group=0 --numeric-owner --no-recursion \
     -I $XZ -cf $tarfile -C $cpio_dir/ -T - > /dev/null

-echo $headers_md5 > kernel/kheaders.md5
-echo "$this_file_md5" >> kernel/kheaders.md5
-echo "$(md5sum $tarfile | cut -d ' ' -f1)" >> kernel/kheaders.md5
+echo $headers_sha256 > kernel/kheaders.sha256
+echo "$this_file_sha256" >> kernel/kheaders.sha256
+echo "$(sha256sum $tarfile | cut -d ' ' -f1)" >> kernel/kheaders.sha256

 rm -rf $cpio_dir
--
2.35.1
Re: [PATCH] kernel:gen_kheaders:Replace md5sum to sha256sum
Posted by Daniel Mentz 4 days, 9 hours ago
On Fri, Sep 23, 2022 at 4:06 AM Bhaskar Chowdhury <unixbhaskar@gmail.com> wrote:
> Thought to apply a better encryption mechanism.

MD5 and SHA256 are secure (or, in the case of MD5, not so secure) hash
algorithms, not encryption mechanisms.

> Replace all occurance of md5sum to sha256sum .

Looking at this script, I'm not convinced that it relies on MD5 being
a cryptophically secure hash function. It appears to me as if this
script uses MD5 to simply detect innocent changes to a set of files as
opposed to guarding against malicious attacks. I also found that
sha256sum takes almost three times longer than md5sum. So, in the
absence of security requirements, md5sum might actually be the better
choice because it's faster.
Re: [PATCH] kernel:gen_kheaders:Replace md5sum to sha256sum
Posted by Bhaskar Chowdhury 4 days, 6 hours ago
On 11:12 Fri 23 Sep 2022, Daniel Mentz wrote:
>On Fri, Sep 23, 2022 at 4:06 AM Bhaskar Chowdhury <unixbhaskar@gmail.com> wrote:
>> Thought to apply a better encryption mechanism.
>
>MD5 and SHA256 are secure (or, in the case of MD5, not so secure) hash
>algorithms, not encryption mechanisms.
>
>> Replace all occurance of md5sum to sha256sum .
>
>Looking at this script, I'm not convinced that it relies on MD5 being
>a cryptophically secure hash function. It appears to me as if this
>script uses MD5 to simply detect innocent changes to a set of files as
>opposed to guarding against malicious attacks. I also found that
>sha256sum takes almost three times longer than md5sum. So, in the
>absence of security requirements, md5sum might actually be the better
>choice because it's faster.

Al righto! Then...no issues, give it a pass.
--
Thanks,
Bhaskar

"Here's looking at you kid"-- Casablanca
https://about.me/unixbhaskar