On Wed, Jan 09, 2008, John Firebaugh wrote: > > Now it's time to implement streaming decryption. I've got it working via > d2i_PKCS7() and PKCS7_decrypt(), but of course that requires the entire > encoded data be in memory. As far as I can see, there's no support in > either 0.9.8 or 0.9.9 for streaming decryption, so I'm without a > reference this time. I think the right approach is to build up my own > PKCS7 structure by using ASN1_d2i_bio() on the individual parts, and > then use PKCS7_dataDecode(), passing my own read BIO. Does that sound > right? >
That operation is much harder to do which is why I haven't implemented it yet though there is a possibility I will at some point. Making the whole ASN1 parser streamable is one option but a rather difficult one. If I was doing it I'd probably modify the ASN1 parsing routines so they return a partial structure when the "content" has been reached which can then set up the necessary machinery to process the content. This would be analagous to the streaming encode functionality. The content would need an ASN1 streaming BIO which could convert an indefinite length OCTET STRING into the actual content. Handling that according to the specs is quite difficult in itself because the structure can contain additional constructed forms to arbitrary depth. In practice nobody does that however. Then once the content is processes the trailing data can be handled. Then a derived PKCS7 structure can be obtain which would consist of the original minus the content (or with zero length content) which would be small enough to keep in memory and could be parsed in the normal way. Other bits would need to be streamed as well such as the SMIME parser. There are some non-trivial API decisions too. The PKCS#7 streaming encode is capable of chaining data so you can do signed(encrypted(signed)) on the fly too. Handling the equivalent for streaming encode is rather fun.... One case is much easier to handle: streaming verifiy of cleartext signed data (multipart/signed stuff). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
