[openssl-users] openssl cms -decrypt failing due to malloc(3) failure

Jakob Bohm jb-openssl at wisemo.com
Wed Aug 1 23:36:03 UTC 2018

On 01/08/2018 15:42, Viktor Dukhovni wrote:
>> On Aug 1, 2018, at 9:31 AM, Michael Wojcik <Michael.Wojcik at microfocus.com> wrote:
>> CMS with an AEAD mode (such as AES128-GCM) ought to avoid the integrity-protection issue for the encrypted content, but not for the other parts of the message, I assume. (I'm no CMS expert so I may be missing something there.) And, of course, both sender and recipient would have to support that algorithm.
> Not if you make it streaming.  A streaming implementing will emit almost
> the entirety of the decrypted message before checking integrity at the
> end and finding out that some part of it (already output) was wrong.
Which is entirely fine if all you do with the stream output before
integrity checking is to store it somewhere larger than process RAM,
such as in a (temporary) disk file (Or perform some other operation
which is safe with garbage input).

Consider the (logically equivalent) fact that most algorithms inside
OpenSSL stream their output to memory because it is rarely possible
to hold an entire message in CPU registers.

But I agree that blindly switching to AEAD modes does nothing to help
the "problem" of allowing a different level of the software stack to
see decrypted output before the integrity check has been completed.

OpenSSL should be an open toolkit, not a bondage-and-discipline
programming environment like NaCl.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list