I'm using the openSSL command line tool to sign, encrypt, decrypt and
verify files. Dr. Stephen Henson was so kind to implement the "-
stream" functionality into the SMIME encoding and signing code, so
openSSL is able to sign and encrypt very large files without having
them loaded into memory completely. I tested the functionality with
the following command (file to be encrypted is 1GB):

localhost:/tmp/openssl-SNAP-20070602/apps# time ./openssl smime -
encrypt -in /proc/kcore -out /tmp/kcore.enc -aes256 -nodetach -binary
-outform DER -engine padlock -stream pub.cer
engine "padlock" set.

real 0m39.435s
user 0m6.180s
sys 0m10.125s

The memory usage of the openSSL command stays at about 3MB during
this task constantly. The resulting file has the appropriate size, so
I expect that the file is encypted correcty:

localhost:/tmp/openssl-SNAP-20070602/apps# ls -l /tmp/kcore.enc
-rw-r--r-- 1 root root 1066389911 2007-06-03 06:21 /tmp/kcore.enc

The problem is now, that I'm unable to decrypt the encrypted file in
order to check its integraty:

localhost:/tmp/openssl-SNAP-20070602/apps# time ./openssl smime -
decrypt -in /tmp/kcore.enc -out /tmp/kcore.dec -inform DER -recip
priv.cer -engine padlock -stream
engine "padlock" set.
Error reading S/MIME message
15934:error:07069041:memory buffer routines:BUF_MEM_grow_clean:malloc
15934:error:0D06B041:asn1 encoding routines:ASN1_D2I_READ_BIO:malloc

The memory consumption raised about 1.5GB on this machine before no
more memory was available, so I think the OS (Debian Linux) had no
more memory available for allocation (which explains the error message).
Is there a way to decrypt large files encrypted this way?

Harald Latzko

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org