When used like in this example the cipher is consumed by decrypt() and thus seems to require the whole file to be in memory?
How would I apply the AES-CBC decryption to, for example, a reqwest::blocking::Body, which implements std::io::Read, without reading the whole body into memory at the same time?
You will have to use the encrypt_blocks and decrypt_blocks methods on the BlockMode trait. The easiest (but not quite performant) way will be to decode one block at a time:
let mut buf = GenericArray::default();
let mut cipher = AesCbc::new(key, iv);
reader.read_exact(&mut buf)?;
cipher.decrypt_blocks(core::slice::from_mut(&mut buf));
A more performant approach will involve reading several blocks at once and casting the resulting buffer into slice of generic arrays via some unsafe code.
We could add buffering to block modes in future versions, but no concrete plans yet.