libsec: sha256 support for thumbprint files, use it in ssh as well

initThumbprints() now takes an application tag argument
so x509 and ssh can coexist.

the thumbprint entries can now hold both sha1 and sha256
hashes. okThumbprint() now takes a len argument for the
hash length used.

the new function okCertificate() hashes the certificate
with both and checks for any matches.

on failure, okCertificate() returns 0 and sets error string.

we also check for include loops now in thumbfiles, limiting
the number of includes to 8.

2 files changed, 8 insertions, 26 deletions

diff --git a/sys/src/cmd/upas/fs/tls.c b/sys/src/cmd/upas/fs/tls.c
index 07906ee38..dd1ca22cb 100644
--- a/sys/src/cmd/upas/fs/tls.c
+++ b/sys/src/cmd/upas/fs/tls.c
@@ -6,7 +6,6 @@
 int
 wraptls(int ofd, char *host)
 {
-	uchar digest[SHA1dlen];
 	Thumbprint *thumb;
 	TLSconn conn;
 	int fd;
@@ -18,16 +17,10 @@ wraptls(int ofd, char *host)
 		close(ofd);
 		return -1;
 	}
-	thumb = initThumbprints("/sys/lib/tls/mail", "/sys/lib/tls/mail.exclude");
+	thumb = initThumbprints("/sys/lib/tls/mail", "/sys/lib/tls/mail.exclude", "x509");
 	if(thumb != nil){
-		if(conn.cert == nil || conn.certlen <= 0){
-			werrstr("server did not provide TLS certificate");
-			goto Err;
-		}
-		sha1(conn.cert, conn.certlen, digest, nil);
-		if(!okThumbprint(digest, thumb)){
-			werrstr("server certificate %.*H not recognized",
-				SHA1dlen, digest);
+		if(!okCertificate(conn.cert, conn.certlen, thumb)){
+			werrstr("cert for %s not recognized: %r", host);
 		Err:
 			close(fd);
 			fd = -1;
diff --git a/sys/src/cmd/upas/smtp/smtp.c b/sys/src/cmd/upas/smtp/smtp.c
index b20d4df7b..4fb437992 100644
--- a/sys/src/cmd/upas/smtp/smtp.c
+++ b/sys/src/cmd/upas/smtp/smtp.c
@@ -388,9 +388,8 @@ wraptls(void)
 {
 	TLSconn *c;
 	Thumbprint *goodcerts;
-	char *h, *err;
+	char *err;
 	int fd;
-	uchar hash[SHA1dlen];
 
 	goodcerts = nil;
 	err = Giveup;
@@ -412,29 +411,19 @@ wraptls(void)
 	Bterm(&bin);
 	Binit(&bin, fd, OREAD);
 
-	goodcerts = initThumbprints(smtpthumbs, smtpexclthumbs);
+	goodcerts = initThumbprints(smtpthumbs, smtpexclthumbs, "x509");
 	if (goodcerts == nil) {
 		syslog(0, "smtp", "bad thumbprints in %s", smtpthumbs);
 		goto Out;
 	}
-	/* compute sha1 hash of remote's certificate, see if we know it */
-	sha1(c->cert, c->certlen, hash, nil);
-	if (!okThumbprint(hash, goodcerts)) {
-		/* TODO? if not excluded, add hash to thumb list */
-		h = malloc(2*sizeof hash + 1);
-		if (h == nil)
-			goto Out;
-		enc16(h, 2*sizeof hash + 1, hash, sizeof hash);
-		syslog(0, "smtp", "remote cert. has bad thumbprint: x509 sha1=%s server=%q",
-			h, ddomain);
-		free(h);
+	if (!okCertificate(c->cert, c->certlen, goodcerts)) {
+		syslog(0, "smtp", "cert for %s not recognized: %r", ddomain);
 		goto Out;
 	}
 	syslog(0, "smtp", "started TLS to %q", ddomain);
 	err = nil;
 Out:
-	if(goodcerts != nil)
-		freeThumbprints(goodcerts);
+	freeThumbprints(goodcerts);
 	free(c->cert);
 	free(c->sessionID);
 	free(c);