CMS_sign/CMS_final streaming

Dirk-Willem van Gulik dirkx at webweaving.org
Thu Aug 5 11:09:24 UTC 2021



> On 5 Aug 2021, at 02:54, Michael Richardson <mcr at sandelman.ca> wrote:
> 
> 
> Dirk-Willem van Gulik <dirkx at webweaving.org> wrote:
>> I have very large globs  of on the fly generated data that are to be
>> signed and output as a base64 payload followed by a separate PKCS#7
>> package with a detached signature at the end of the transmission[1].
> 
>> I’d like to avoid CMS_sign/CMS_final having to rely on a BIO_s_mem(),
>> disk-storage or similar.
> 
>> But rather simply do something like calculating the SHA256 as the
>> payload is streamed out.  And then have a CMS_sign/final do the deed
>> with that SHA256 rather than a BIO.
> 
> My understanding from reading the CMS man pages is that it is done by
> providing a NULL value for the content.  I haven't done this myself, but
> encountered the hints at, for instance:
>  https://www.openssl.org/docs/man1.1.1/man3/CMS_final.html
> 
> I'd go look in the tests directory for some code that calls CMS_final(), and
> maybe that will provide a workable example for you.

That is what I had expected - but as far as I can trace it - all called end up going through cms_DigestedData_do_final() that contains a EVP_DigestFinal_ex(). :(.

Dw
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210805/28feca32/attachment.sig>


More information about the openssl-users mailing list