Package: openssl Version: 0.9.7g-1 Severity: important
It seems that trying to 'smime -encrypt' a gzipped file doesn't work properly. I noticed when encrypting a 600KB gzipped file left me with a 15KB encrypted file. Gunzipping that file first and then encrypting it did seem to work however. Maybe I'm missing something competely obvious with the usage of openssl smime, but it seems to me that openssl shouldn't be the one deciding on the kind of data I'm allowed to encrypt. Here are some steps to reproduce the problem: # first we create a test certificate $ openssl genrsa 1024 > test.key $ openssl req -new -key test.key -x509 -days 5 -out test.crt # next we create an original file to encrypt $ echo "The original text" > original.txt # we make an encrypted version, and a gzipped and encrypted version $ openssl smime -encrypt -in original.txt -out original.txt.pkcs7 test.crt $ gzip original.txt $ openssl smime -encrypt -in original.txt.gz -out original.txt.gz.pkcs7 test.crt # now we decrypt the encrypted version, and we check its contents $ openssl smime -decrypt -in original.txt.pkcs7 -out result_without_gzip.txt -recip test.crt -inkey test.key $ cat result_without_gzip.txt The original text # ... no problem here # now we decrypt the gzipped and encrypted version, try to gunzip it, to check its contents. $ openssl smime -decrypt -in original.txt.gz.pkcs7 -out result_with_gzip.txt.gz -recip test.crt -inkey test.key $ gunzip result_with_gzip.txt.gz gunzip: result_with_gzip.txt.gz: unexpected end of file # OK, there's a problem. Comparing result_with_gzip.txt.gz with original.txt.gz shows that only the first 8 bytes match, and the rest of the file has been truncated. When testing with larger files, the first eight bytes always seem to match, but after that the files are mangled and considerably smaller. For instance, when using 2MB of urandom data in original.txt, and comparing result_with_gzip.txt.gz with original.txt.gz, the first 8 bytes match again, but the filesizes are 6356 and 2097503 respectively. Thanks for looking into this, -- Mourad DC -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11-1-k7 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages openssl depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libssl0.9.7 0.9.7g-1 SSL shared libraries openssl recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

