[openssl-users] openssl cms -decrypt failing due to malloc(3) failure
Christian Böhme
christian.boehme at cloudandheat.com
Tue Jul 31 16:16:06 UTC 2018
On 30.07.2018 20:12, Michael Wojcik wrote:
>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Jordan Brown
>> Sent: Monday, July 30, 2018 10:46
[…]
> FWIW, SUS Issue 5 defines RLIMIT_AS as applying to both malloc and mmap, but RLIMIT_DATA as
> applying only to malloc. (That is, mmap'd pages do not count against the data limit.)
mmap() , by defninition, populates the process' virtual address space, and if that
is limited in size, artificially or not, then the call is going to fail, eventually.
>> If you're a 32-bit process, then malloc'ing or mmap'ing a 2GB object will be difficult at best.
>
> Agreed. And I'm not endorsing the mmap approach for this problem anyway - I'd use a streaming
> approach, so I'm not limited by address space.
Let's look at the following message that was produced by symmetrically encrypting
757 plaintext octets using the Camellia cipher in CBC mode with a 256 bit key derived
from a passphrase:
$ cat ciphertext.pem | openssl asn1parse -i -inform PEM
0:d=0 hl=4 l= 978 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-envelopedData
15:d=1 hl=4 l= 963 cons: cont [ 0 ]
19:d=2 hl=4 l= 959 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :03
26:d=3 hl=3 l= 133 cons: SET
29:d=4 hl=3 l= 130 cons: cont [ 3 ]
32:d=5 hl=2 l= 1 prim: INTEGER :00
35:d=5 hl=2 l= 27 cons: cont [ 0 ]
37:d=6 hl=2 l= 9 prim: OBJECT :PBKDF2
48:d=6 hl=2 l= 14 cons: SEQUENCE
50:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:948BAC4CEDB23DE2
60:d=7 hl=2 l= 2 prim: INTEGER :0800
64:d=5 hl=2 l= 46 cons: SEQUENCE
66:d=6 hl=2 l= 11 prim: OBJECT :id-alg-PWRI-KEK
79:d=6 hl=2 l= 31 cons: SEQUENCE
81:d=7 hl=2 l= 11 prim: OBJECT :camellia-256-cbc
94:d=7 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:D7A2F88C99A1881C1B8B6AA9E2BDD002
112:d=5 hl=2 l= 48 prim: OCTET STRING [HEX DUMP]:445771F0EA6BAA64CAF35BFC2DA546845C…
162:d=3 hl=4 l= 816 cons: SEQUENCE
166:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
177:d=4 hl=2 l= 31 cons: SEQUENCE
179:d=5 hl=2 l= 11 prim: OBJECT :camellia-256-cbc
192:d=5 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:4F8DAFF8EE165FD78C35A644735CD082
210:d=4 hl=4 l= 768 prim: cont [ 0 ]
This structure, if held in a regular file, can be processed quite non-linearly,
and without mmap()'ing its entire contents. The only parts that are going to
grow as the plaintext grows are the ciphertext (index 192 above) and, to a lesser
extend, the ones that depend on key sizes in the recipientInfos and the length
components. Once the overall structure of the message is understood, sequential
processing of the ciphertext should pose no problem, whichever way implemented.
The pure streaming approach may be appropriate for file descriptors that are not
seekable like sockets, pipes, tty ends etcpp., whereas with egular files, random
access schemes using either pread(v)(2) or lseek(2) in combination with
read(v)(2) can be employed. Portability is certainly an issue, but isn't
this what the configure scripts are for to figure out?
I also do not quite get why CMS should not lend itself to "large" data, given the
above. It would seem that the whole point of the definite TLV structures is to be
able to learn the type and size requirements of the data to come in the stream
/before/ processing it, allowing the "processor" to take appropriate measures,
and not necessarily in RAM alone.
Thanks,
Christian
--
*Christian Böhme*
Developer System Integration
CLOUD&HEAT
*CLOUD & HEAT Technologies GmbH*
Königsbrücker Str. 96 (Halle 15) | 01099 Dresden
Tel: +49 351 479 3670 - 100
Fax: +49 351 479 3670 - 110
E-Mail: christian.boehme at cloudandheat.com <mailto:christian.boehme at cloudandheat.com>
Web: https://www.cloudandheat.com <https://www.cloudandheat.com>
Handelsregister: Amtsgericht Dresden
Registernummer: HRB 30549
USt.-Ident.-Nr.: DE281093504
Geschäftsführer: Nicolas Röhrs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 533 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180731/66adfb4e/attachment.sig>
More information about the openssl-users
mailing list