[openssl-users] openssl cms -decrypt failing due to malloc(3) failure

Viktor Dukhovni openssl-users at dukhovni.org
Wed Aug 1 13:42:44 UTC 2018

> On Aug 1, 2018, at 9:31 AM, Michael Wojcik <Michael.Wojcik at microfocus.com> wrote:
> CMS with an AEAD mode (such as AES128-GCM) ought to avoid the integrity-protection issue for the encrypted content, but not for the other parts of the message, I assume. (I'm no CMS expert so I may be missing something there.) And, of course, both sender and recipient would have to support that algorithm.

Not if you make it streaming.  A streaming implementing will emit almost
the entirety of the decrypted message before checking integrity at the
end and finding out that some part of it (already output) was wrong.


More information about the openssl-users mailing list