[openssl-users] openssl cms -decrypt failing due to malloc(3) failure
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Aug 1 12:56:06 UTC 2018
On Tue, Jul 31, 2018 at 06:14:18PM +0200, Jakob Bohm wrote:
> > CMS works fine for small messages, and could even be used to construct
> > the integrity-protected chunks in a higher-level protocol. CMS is
> > not appropriate for multi-gigabyte or terabyte, ... datasets.
>
> Actually, the CMS format itself is clearly designed for streamed decoding.
It is not, because there is no integrity protection until you reach
the end of the message. In a packetized format designed for
streaming, each chunk and their sequencing is integrity protected,
streaming extractors are only exposed to (tamper-evident) truncation
attacks.
--
Viktor.
More information about the openssl-users
mailing list