With OpenSSL deprecated on the Mac, I need to replace the EVP_DigestSignUpdate() function in the following code:
EVP_DigestSignInit()
EVP_DigestSignUpdate()
EVP_DigestSignUpdate()
EVP_DigestSignUpdate()
...
EVP_DigestSignFinal()
Much googling and manual reading leads me to the SecTransformExecute() function, however it appears (but is never explicitly stated) that SecTransformExecute() can only ever be called once, implying that it is impossible to sign or verify unbounded/streamed data.
All of the examples I can find encrypt/sign a contrived single block of plaintext, which is an edge case - in the real world data is unbounded and not all present at once.
OpenSSL handles this by allowing the EVP_DigestSignUpdate() function to be called more than once. How does the SecTransform API handle this case? Does anyone have any example code that makes this clear?