CMS_sign/CMS_final streaming
Dirk-Willem van Gulik
dirkx at webweaving.org
Thu Aug 5 11:09:24 UTC 2021
> On 5 Aug 2021, at 02:54, Michael Richardson <mcr at sandelman.ca> wrote:
>
>
> Dirk-Willem van Gulik <dirkx at webweaving.org> wrote:
>> I have very large globs of on the fly generated data that are to be
>> signed and output as a base64 payload followed by a separate PKCS#7
>> package with a detached signature at the end of the transmission[1].
>
>> I’d like to avoid CMS_sign/CMS_final having to rely on a BIO_s_mem(),
>> disk-storage or similar.
>
>> But rather simply do something like calculating the SHA256 as the
>> payload is streamed out. And then have a CMS_sign/final do the deed
>> with that SHA256 rather than a BIO.
>
> My understanding from reading the CMS man pages is that it is done by
> providing a NULL value for the content. I haven't done this myself, but
> encountered the hints at, for instance:
> https://www.openssl.org/docs/man1.1.1/man3/CMS_final.html
>
> I'd go look in the tests directory for some code that calls CMS_final(), and
> maybe that will provide a workable example for you.
That is what I had expected - but as far as I can trace it - all called end up going through cms_DigestedData_do_final() that contains a EVP_DigestFinal_ex(). :(.
Dw
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210805/28feca32/attachment.sig>
More information about the openssl-users
mailing list