On Mon, Nov 07, 2005, Victor B. Wagner wrote: > > Really, standards allow stream processing of PKCS7 data, and BIO > abstraction in OpenSSL is powerful enough to handle any pkcs7 operation > without having everything in core. At least in some cases. > It is just problem of pkcs7 routines that they do not support stream > operations. > > There is real problem with stream operations on S/MIME data, because > S/MIME doesn't allow any digest except (now considered insecure MD5 and > SHA1) to be specified in MIME headers. > > But it is not a problem for opaque signing and encryption/decription, > because in PKCS7 digest is specified by OID. >
There is partial support for streaming of the cleartext signed data in 0.9.9. I have some prototype code which can encode any PKCS#7 type by streaming but it really needs the companion decoder routines which are much harder to handle. As far as full streaming support is concerned its the same story as with S/MIME v3. People express an interest from time to time but so far no one will fund its development. If anyone *is* interested in funding either they should contact me privately. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
