> On 5 Aug 2021, at 02:54, Michael Richardson <mcr@xxxxxxxxxxxx> wrote: > > > Dirk-Willem van Gulik <dirkx@xxxxxxxxxxxxxx> wrote: >> I have very large globs of on the fly generated data that are to be >> signed and output as a base64 payload followed by a separate PKCS#7 >> package with a detached signature at the end of the transmission[1]. > >> I’d like to avoid CMS_sign/CMS_final having to rely on a BIO_s_mem(), >> disk-storage or similar. > >> But rather simply do something like calculating the SHA256 as the >> payload is streamed out. And then have a CMS_sign/final do the deed >> with that SHA256 rather than a BIO. > > My understanding from reading the CMS man pages is that it is done by > providing a NULL value for the content. I haven't done this myself, but > encountered the hints at, for instance: > https://www.openssl.org/docs/man1.1.1/man3/CMS_final.html > > I'd go look in the tests directory for some code that calls CMS_final(), and > maybe that will provide a workable example for you. That is what I had expected - but as far as I can trace it - all called end up going through cms_DigestedData_do_final() that contains a EVP_DigestFinal_ex(). :(. Dw
Attachment:
signature.asc
Description: Message signed with OpenPGP
