On Thu, Mar 22, 2018 at 07:10:00PM +0200, Ilari Liusvaara wrote: > I think BearSSL processes messages chunk-by-chunk. I think it even can > process individual X.509 certificates chunk-by-chunk.
That's correct. In fact, it can process a complete handshake, including the X.509 certificate chain, even if each individual byte is sent in its own record. The only elements that are reassembled in memory are public keys and signature values, on which I can enforce strict size limits (e.g. at most 512 bytes for a signature, which is good for up to RSA-4096). > The reason why chunk-by-chunk processing is so rare is how difficult it > is to program. BearSSL does that by doing all the parsing in a dedicated coroutine, which is itself implemented with a Forth-like language. This allows a "normal", nested parsing that can be interrupted and resumed at will, as data bytes become available. Certificate compression would be challenging to implement, though. Usually, compression relies on at least a "window" over the decompressed data (32 kB for Zlib/Deflate). Some rudimentary forms of compression don't need that (e.g. run-length encoding) but usually offer poor compression ratios. A 32 kB window is a lot for the kind of architecture that BearSSL targets. --Thomas Pornin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls