[tor-dev] [patch] properly test for OPENSSL_NO_COMP
Ian Goldberg
iang at cs.uwaterloo.ca
Mon Jul 14 09:39:14 UTC 2014
On Sun, Jul 13, 2014 at 11:01:23PM -0400, grarpamp wrote:
> On Sun, Jul 13, 2014 at 7:23 PM, Ian Goldberg <iang at cs.uwaterloo.ca> wrote:
> > On Sun, Jul 13, 2014 at 07:20:29PM -0400, grarpamp wrote:
> >> > /* Don't actually allow compression; it uses ram and time, but the data
> >> > * we transmit is all encrypted anyway. */
> >> > result->ctx->comp_methods = NULL;
> >>
> >> This comment is confusing. Why are you asserting/mixing the two with
> >> the ', but' that 'encryption anyway' is excuse to not compress due to
> >> 'ram/time'? They are two separate things. Either you are encrypting
> >> compressed data, or encrypting uncompressed data.
> >
> > It seems to me the intent of the comment is that the *plaintext* data
> > being transmitted is already encrypted (at another layer), and so is not
> > going to be compressible, so don't waste ram/time trying to do so.
>
> I though this portion referred to compress then encrypt, not
> encrypt then compress (which would of course be pointless).
> ie: I thought the openssl zlib routines were to compressed then
> encrypted.
Yes, that's right. But the data to be (optionally compressed then)
encrypted is, in Tor, typically *already* encrypted by the application
layer, so compressing then encrypting that is not better than just
re-encrypting it.
- Ian
More information about the tor-dev
mailing list