CMS_sign/CMS_final streaming

Dirk-Willem van Gulik dirkx at
Wed Aug 4 23:09:52 UTC 2021

I have very large globs  of on the fly generated data that are to be signed and output as a base64 payload followed by a separate PKCS#7 package with a detached signature at the end of the transmission[1].

I’d like to avoid CMS_sign/CMS_final having to rely on a BIO_s_mem(), disk-storage or similar. 

But rather simply do something like calculating the SHA256 as the payload is streamed out.  And then have a CMS_sign/final do the deed with that SHA256 rather than a BIO. 

Is there a way to use these interfaces (or ex) that way ? 

With kind regards,



More information about the openssl-users mailing list