Discussion:
BIO_new_CMS with CMS_DETACHED
Pedro Lamarão
2014-10-01 12:42:06 UTC
Permalink
Hello, fellows.

I am implementing a new streamer for CMS_SignedData with CMS_sign.
Because I need to adapt a certain input and output interface, I chose
to use BIO pairs with BIO_new_CMS. I read from my original input
stream, write into the CMS filter, read from the pair and write to the
original output stream.

My program successfuly produces a SignedData structure in the end, but
the actual data is embedded. I have passed (CMS_BINARY | CMS_DETACHED
| CMS_STREAM) as flags to the initial call to CMS_sign but still the
SignedData is not being produced detached.

Am I missing something? Is there another way I can achieve the same thing?

The code that follows is a true fragment from my original program.

Thanks for your time.
Pedro.

------------------
auto content = std::shared_ptr<CMS_
ContentInfo>();
{
auto x = CMS_sign(signer_certificate.get(), signer_key.get(),
nullptr, nullptr, (CMS_BINARY | CMS_DETACHED | CMS_STREAM));
if (x == nullptr) return E_FAIL;
content.reset(x, CMS_ContentInfo_free);
}

auto tmp_size = 1024U;

BIO * tmp_in, * tmp_out;
BIO_new_bio_pair(& tmp_in, 0U, & tmp_out, 0U);

auto tmp_cms = BIO_new_CMS(tmp_in, content.get());

auto buffer_size = 1024U * 1024U;
auto buffer = std::unique_ptr<unsigned char []>(new unsigned char
[buffer_size]);

while (true)
{
auto inc = ULONG(0);
auto hr = input->Read(buffer.get(), buffer_size, & inc);
if (FAILED(hr)) return hr;
if (inc == 0) break;

auto r = BIO_write(tmp_cms, buffer.get(), inc);
if (r <= 0) return E_FAIL;

auto tmpc = BIO_read(tmp_out, buffer.get(), buffer_size);
if (tmpc <= 0) break;

auto outc = ULONG(0);
hr = output->Write(buffer.get(), tmpc, & outc);
if (FAILED(hr)) return hr;

(* written) += outc;
}

BIO_flush(tmp_cms);

while (true)
{
auto tmpc = BIO_read(tmp_out, buffer.get(), buffer_size);
if (tmpc <= 0) break;

auto outc = ULONG(0);
auto hr = output->Write(buffer.get(), tmpc, & outc);
if (FAILED(hr)) return hr;

(*written) += outc;
}
--
Pedro Lamarão ∷ http://www.pedro.lamarao.nom.br/

"Sanity consists in the faculty of adjusting ideas in proper
proportion." - Aleister Crowley
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Dr. Stephen Henson
2014-10-01 23:31:20 UTC
Permalink
Post by Pedro Lamarão
Hello, fellows.
I am implementing a new streamer for CMS_SignedData with CMS_sign.
Because I need to adapt a certain input and output interface, I chose
to use BIO pairs with BIO_new_CMS. I read from my original input
stream, write into the CMS filter, read from the pair and write to the
original output stream.
My program successfuly produces a SignedData structure in the end, but
the actual data is embedded. I have passed (CMS_BINARY | CMS_DETACHED
| CMS_STREAM) as flags to the initial call to CMS_sign but still the
SignedData is not being produced detached.
Am I missing something? Is there another way I can achieve the same thing?
The code that follows is a true fragment from my original program.
This may work:

cms = CMS_sign(...args...); /* Make sure you set CMS_STREAM */
BIO *cmsbio = CMS_dataInit(cms, NULL);
..write any content you want signing to cmsbio multiple calls allowed...
CMS_dataFinal(cms, cmsbio);
/* cms should now contain valid signedData */

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Loading...