On Mon, Apr 03, 2023 at 06:38:03PM -0400, Patrick Herbst wrote:
> > IIRC streaming only manages to run in constant space when encrypting,
> > decryption still buffers the entire result in memory.
>
> If its true that you can stream to encrypt, but not decrypt, then what
> good is it? how are you supposed to be able to decrypt something that
> was stream encrypted?
Perhaps, by using a different implementation? :-(
But more seriously, there's a fundamental obstacle to handling large
streams with CMS. It is simply not fit for purpose.
* In CMS the MAC is at the end of the entire message.
So you have no idea whether any of the data is valid/authentic until
the whole thing has been decrypted.
The only sane way to encrypt large streams is to break them up into
chunks, encrypt each chunk (with its offset or sequence number) and
include a final zero length chunk to securely signal end of stream.
Think HTTP chunked transfer encoding with CMS rather than TLS for
integrity protection of the chunks.
OpenSSL punts on the question of how to validate large streams, and
perhaps with some justification.
--
Viktor.
