CMS_sign/CMS_final streaming
Michael Richardson
mcr at sandelman.ca
Thu Aug 5 00:54:08 UTC 2021
Dirk-Willem van Gulik <dirkx at webweaving.org> wrote:
> I have very large globs of on the fly generated data that are to be
> signed and output as a base64 payload followed by a separate PKCS#7
> package with a detached signature at the end of the transmission[1].
> I’d like to avoid CMS_sign/CMS_final having to rely on a BIO_s_mem(),
> disk-storage or similar.
> But rather simply do something like calculating the SHA256 as the
> payload is streamed out. And then have a CMS_sign/final do the deed
> with that SHA256 rather than a BIO.
My understanding from reading the CMS man pages is that it is done by
providing a NULL value for the content. I haven't done this myself, but
encountered the hints at, for instance:
https://www.openssl.org/docs/man1.1.1/man3/CMS_final.html
I'd go look in the tests directory for some code that calls CMS_final(), and
maybe that will provide a workable example for you.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210804/5a1addaa/attachment.sig>
More information about the openssl-users
mailing list