Dirk-Willem van Gulik
dirkx at webweaving.org
Thu Aug 5 11:09:24 UTC 2021
> On 5 Aug 2021, at 02:54, Michael Richardson <mcr at sandelman.ca> wrote:
> Dirk-Willem van Gulik <dirkx at webweaving.org> wrote:
>> I have very large globs of on the fly generated data that are to be
>> signed and output as a base64 payload followed by a separate PKCS#7
>> package with a detached signature at the end of the transmission.
>> I’d like to avoid CMS_sign/CMS_final having to rely on a BIO_s_mem(),
>> disk-storage or similar.
>> But rather simply do something like calculating the SHA256 as the
>> payload is streamed out. And then have a CMS_sign/final do the deed
>> with that SHA256 rather than a BIO.
> My understanding from reading the CMS man pages is that it is done by
> providing a NULL value for the content. I haven't done this myself, but
> encountered the hints at, for instance:
> I'd go look in the tests directory for some code that calls CMS_final(), and
> maybe that will provide a workable example for you.
That is what I had expected - but as far as I can trace it - all called end up going through cms_DigestedData_do_final() that contains a EVP_DigestFinal_ex(). :(.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: Message signed with OpenPGP
More information about the openssl-users