[tor-dev] [patch] properly test for OPENSSL_NO_COMP

Ian Goldberg iang at cs.uwaterloo.ca
Mon Jul 14 09:39:14 UTC 2014


On Sun, Jul 13, 2014 at 11:01:23PM -0400, grarpamp wrote:
> On Sun, Jul 13, 2014 at 7:23 PM, Ian Goldberg <iang at cs.uwaterloo.ca> wrote:
> > On Sun, Jul 13, 2014 at 07:20:29PM -0400, grarpamp wrote:
> >> >    /* Don't actually allow compression; it uses ram and time, but the data
> >> >     * we transmit is all encrypted anyway. */
> >> >      result->ctx->comp_methods = NULL;
> >>
> >> This comment is confusing. Why are you asserting/mixing the two with
> >> the ', but' that 'encryption anyway' is excuse to not compress due to
> >> 'ram/time'? They are two separate things. Either you are encrypting
> >> compressed data, or encrypting uncompressed data.
> >
> > It seems to me the intent of the comment is that the *plaintext* data
> > being transmitted is already encrypted (at another layer), and so is not
> > going to be compressible, so don't waste ram/time trying to do so.
> 
> I though this portion referred to compress then encrypt, not
> encrypt then compress (which would of course be pointless).
> ie: I thought the openssl zlib routines were to compressed then
> encrypted.

Yes, that's right.  But the data to be (optionally compressed then)
encrypted is, in Tor, typically *already* encrypted by the application
layer, so compressing then encrypting that is not better than just
re-encrypting it.

   - Ian


More information about the tor-dev mailing list