X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/95d9246390251adba7e6e9f0cc70bf0ebe0b2e60..097fb6f2f97575ce17738b4afb3216e9492de2b4:/dsig.c

diff --git a/dsig.c b/dsig.c
index 5006423..a7fa5a9 100644
--- a/dsig.c
+++ b/dsig.c
@@ -467,6 +467,7 @@ static int sign(int argc, char *argv[])
   key_file kf;
   key *k;
   sig *s;
+  fhashstate fh;
   time_t exp = KEXP_EXPIRE;
   unsigned verb = 0;
   const char *ifile = 0, *hfile = 0;
@@ -662,12 +663,13 @@ static int sign(int argc, char *argv[])
 
       /* --- Read the next filename to hash --- */
 
+      fhash_init(&fh, GH_CLASS(s->h), f | FHF_BINARY);
       breset(&b);
       if (getstring(ifp, &b.d, GSF_FILE | f))
 	break;
       b.tag = T_FILE;
       DENSURE(&b.b, GH_CLASS(s->h)->hashsz);
-      if (fhash(GH_CLASS(s->h), f | FHF_BINARY, b.d.buf, b.b.buf)) {
+      if (fhash(&fh, b.d.buf, b.b.buf)) {
 	moan("error reading `%s': %s", b.d.buf, strerror(errno));
 	f |= f_bogus;
       } else {
@@ -678,6 +680,7 @@ static int sign(int argc, char *argv[])
 	}
 	bemit(&b, ofp, s->h, f & f_bin);
       }
+      fhash_free(&fh);
     }
   }
 
@@ -730,6 +733,13 @@ static int sign(int argc, char *argv[])
 
 /*----- Signature verification --------------------------------------------*/
 
+static int checkjunk(const char *path, const struct stat *st, void *p)
+{
+  if (!st) printf("JUNK (error %s) %s\n", strerror(errno), path);
+  else printf("JUNK %s %s\n", describefile(st), path);
+  return (0);
+}
+
 static int verify(int argc, char *argv[])
 {
 #define f_bogus 1u
@@ -744,6 +754,7 @@ static int verify(int argc, char *argv[])
   sig *s;
   dstr d = DSTR_INIT;
   const char *err;
+  fhashstate fh;
   FILE *fp;
   block b;
   int e;
@@ -756,9 +767,10 @@ static int verify(int argc, char *argv[])
       { "progress",	0,		0,	'p' },
       { "quiet",	0,		0,	'q' },
       { "nocheck",	0,		0,	'C' },
+      { "junk",		0,		0,	'j' },
       { 0,		0,		0,	0 }
     };
-    int i = mdwopt(argc, argv, "+vpqC", opts, 0, 0, 0);
+    int i = mdwopt(argc, argv, "+vpqCj", opts, 0, 0, 0);
     if (i < 0)
       break;
     switch (i) {
@@ -775,6 +787,9 @@ static int verify(int argc, char *argv[])
       case 'C':
 	f |= f_nocheck;
 	break;
+      case 'j':
+	f |= FHF_JUNK;
+	break;
       default:
 	f |= f_bogus;
 	break;
@@ -853,6 +868,7 @@ static int verify(int argc, char *argv[])
   if (!(f & f_nocheck) && verb && (err = s->ops->check(s)) != 0)
     printf("WARN public key fails check: %s", err);
 
+  fhash_init(&fh, GH_CLASS(s->h), f | FHF_BINARY);
   for (;;) {
     switch (e) {
       case T_COMMENT:
@@ -885,7 +901,7 @@ static int verify(int argc, char *argv[])
       case T_FILE:
 	DRESET(&d);
 	DENSURE(&d, GH_CLASS(s->h)->hashsz);
-	if (fhash(GH_CLASS(s->h), f | FHF_BINARY, b.d.buf, d.buf)) {
+	if (fhash(&fh, b.d.buf, d.buf)) {
 	  if (verb > 1) {
 	    printf("BAD error reading file `%s': %s\n",
 		    b.d.buf, strerror(errno));
@@ -926,6 +942,9 @@ static int verify(int argc, char *argv[])
     }
   }
 done:
+  if ((f & FHF_JUNK) && fhash_junk(&fh, checkjunk, 0))
+    f |= f_bogus;
+  fhash_free(&fh);
   bdestroy(&b);
   dstr_destroy(&d);
   freesig(s);