On Sat, Jul 04, 2015, Richard Welty wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > what is the lowest overhead method for encrypting using > CMS_encrypt then signing using CMS_sign? it seems like > using BIO_new_mem_buf ought to do but i don't see a method > for getting the length of the CMS_ContentInfo object to > feed to the BIO creation method. > The function i2d_CMS_ContentInfo will return the length and encode the structure with the appropriate arguments for example: unsigned char *buf = NULL; int buflen; buflen = i2d_CMS_ContentInfo(cms, &buf); Depending on the format you want there is a lower overhead (in terms of memory usage) method: you may be able to chain two streaming BIOs and sign encrypted data on the fly. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
