[openssl-users] openssl cms -decrypt failing due to malloc(3) failure

Viktor Dukhovni openssl-users at dukhovni.org
Wed Aug 1 12:56:06 UTC 2018

On Tue, Jul 31, 2018 at 06:14:18PM +0200, Jakob Bohm wrote:

> > CMS works fine for small messages, and could even be used to construct
> > the integrity-protected chunks in a higher-level protocol.  CMS is
> > not appropriate for multi-gigabyte or terabyte, ... datasets.
> Actually, the CMS format itself is clearly designed for streamed decoding.

It is not, because there is no integrity protection until you reach
the end of the message.  In a packetized format designed for
streaming, each chunk and their sequencing is integrity protected,
streaming extractors are only exposed to (tamper-evident) truncation


More information about the openssl-users mailing list