CMS decrypt using streams still gives malloc error

Viktor Dukhovni openssl-users at
Mon Apr 3 20:46:39 UTC 2023

On Mon, Apr 03, 2023 at 02:37:03PM -0400, Patrick Herbst wrote:

> I thought "stream" was suposed to allow bigger files.  Am i doing
> something wrong?  or is decrypt broken?

IIRC streaming only manages to run in constant space when encrypting,
decryption still buffers the entire result in memory.

       -stream -indef -noindef
           The -stream and -indef options are equivalent and enable streaming
           I/O for encoding operations. This permits single pass processing of
           data without the need to hold the entire contents in memory,
           potentially supporting very large files. Streaming is automatically
           set for S/MIME signing with detached data if the output format is
           SMIME it is currently off by default for all other operations.
       The -stream and -indef options enable streaming I/O support.  As a
       result the encoding is BER using indefinite length constructed encoding
       and no longer DER. Streaming is supported for the -encrypt operation
       and the -sign operation if the content is not detached.


More information about the openssl-users mailing list