Dirk-Willem van Gulik <dirkx@xxxxxxxxxxxxxx> wrote:
> I have very large globs of on the fly generated data that are to be
> signed and output as a base64 payload followed by a separate PKCS#7
> package with a detached signature at the end of the transmission[1].
> I’d like to avoid CMS_sign/CMS_final having to rely on a BIO_s_mem(),
> disk-storage or similar.
> But rather simply do something like calculating the SHA256 as the
> payload is streamed out. And then have a CMS_sign/final do the deed
> with that SHA256 rather than a BIO.
My understanding from reading the CMS man pages is that it is done by
providing a NULL value for the content. I haven't done this myself, but
encountered the hints at, for instance:
https://www.openssl.org/docs/man1.1.1/man3/CMS_final.html
I'd go look in the tests directory for some code that calls CMS_final(), and
maybe that will provide a workable example for you.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr@xxxxxxxxxxxx http://www.sandelman.ca/ | ruby on rails [
Attachment:
signature.asc
Description: PGP signature
