Hi all, due to the new streaming support in OpenSSL 1.0.0d the calculations for completing the signature are delayed now. I guess streaming support was meant especially for DETACHED SMIME, but complicates the handling.
The PKCS7_sign() routine still does most of the initialization on the p7 structure, but finalizing (i.e. call of PKCS7_final()) is intenionally delayed. Currently PKCS7_final() is called in the last line of SMIME_write_PKCS7(), which is (or at least previously was) the SMIME output routine. Due to this delay it seems difficult to add a timestamp over the signature which needs the signature value, of course. Does anyone know how to interfere the output generation to add an unsigned attribute (like a timestamp) when the signature is already created, but not yet written to the output? Alternatively the finalization might be performed within or right after PKCS7_sign(), just as in the old manner, but then the contents happens to be processed twice (hash calculation and signature processing) when the data is written, because the output routine heavily depends on the new auxiliary asn1 callback. Any hint? What am i missing? TIA -- Christian Weber ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
