[openssl-dev] [openssl.org #4651] [BUG] malloc_failure in ASN1_D2I_READ_BIO with large smime encoded file
Brian Morton via RT
rt at openssl.org
Thu Aug 18 14:01:03 UTC 2016
Ok, so this might be a separate issue. Please let me know what you think
and I can file. The issue is pretty much irrelevant since you can't
decrypt anything over 1.5G.
Try this:
bmorton at athens:~$ dd if=/dev/urandom of=sample.txt bs=512K count=6144
6144+0 records in
6144+0 records out
3221225472 bytes (3.2 GB) copied, 205.387 s, 15.7 MB/s
bmorton at athens:~$ openssl smime -encrypt -binary -text -aes256 -in
sample.txt -out sample.txt.enc -outform DER mysqldump-secure.pub.pem
bmorton at athens:~$ ls -lh | grep sample
-rw-rw-r-- 1 bmorton bmorton 3.0G Aug 18 09:48 sample.txt
-rw-rw-r-- 1 bmorton bmorton 1.9G Aug 18 09:56 sample.txt.enc
bmorton at athens:~$ cat sample.txt | openssl smime -encrypt -binary -text
-aes256 -out sample.txt.enc -outform DER mysqldump-secure.pub.pem
bmorton at athens:~$ ls -lh | grep sample
-rw-rw-r-- 1 bmorton bmorton 3.0G Aug 18 09:48 sample.txt
-rw-rw-r-- 1 bmorton bmorton 1.9G Aug 18 09:59 sample.txt.enc
On Thu, Aug 18, 2016 at 9:36 AM, Stephen Henson via RT <rt at openssl.org>
wrote:
> On Thu Aug 18 00:40:21 2016, bmorton at mortoninsights.com wrote:
> >
> > Regardless of input size (2GB or 30GB) to the smime application, the
> > resulting encrypted file is only 1.9GB on disk. Unless smime format
> > has
> > some very serious compression, it looks like it is silently truncating
> > input. A 32 bit integer dependency in the read buffer might explain
> > that.
> > Is it related, or should I file that separately?
> >
>
> That's strange. It shouldn't do that. The encoding operations should work
> with
> (almost) arbitrary size input when streaming as there is no int dependency
> and
> no need to hold the complete structure in memory.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4651
> Please log in as guest with password guest if prompted
>
>
--
Brian Morton
Morton Software Insights
404-667-1095
bmorton at mortoninsights.com
<https://mortonsoftwareinsights.freshbooks.com/>
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4651
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list