[openssl.org #2787] [PATCH] enc: compress before compress/base64 is applied

Sat, 07 Apr 2012 06:40:18 -0700 

The command
|openssl enc -pass pass:pass -iv 0 -K 0 -S 0 -aes-256-cbc -base64 < file > 
file.enc.b64

first performs the encryption followed by base64 encoding. That means the output
is base64 encoded as requests.

The command
|openssl enc -pass pass:pass -iv 0 -K 0 -S 0 -aes-256-cbc -z < file > file.enc.z

first performs the encryption followed by compression. That means the encrypted
data is compressed which should not give any improvement because a good
encryption algorithm should not produce anything that can be compressed.

The command
| openssl enc -pass pass:pass -iv 0 -K 0 -S 0 -aes-256-cbc -z -base64 < file >  
file.enc.z.base64

first performs the encryption, followed by base64 encoding followed by
compression. The output is no longer base64 encoded as requests but compressed
by zlib.

This patch changes the order of the individual steps to
- compress the input
- encrypt the content
- encode is as base64

the -d step is in reverse order.
That means the last command will produce a base64 encoded file which was
compressed before encrypted.

The *now* created files are no longer compatible with the files created with
an earlier version of openssl if the -z option was involved.

To get the "old" content with new binary the following step is required:
|       openssl enc -d -z < file.old | \
|               openssl enc -d -aes-256-cbc > file

where the first step simply decompresses the content and the second performs the
decryption.

Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
---
 apps/enc.c |   32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/apps/enc.c b/apps/enc.c
index 719acc3..a6fd07e 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -475,19 +475,6 @@ bad:
        rbio=in;
        wbio=out;
 
-#ifdef ZLIB
-
-       if (do_zlib)
-               {
-               if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
-                       goto end;
-               if (enc)
-                       wbio=BIO_push(bzl,wbio);
-               else
-                       rbio=BIO_push(bzl,rbio);
-               }
-#endif
-
        if (base64)
                {
                if ((b64=BIO_new(BIO_f_base64())) == NULL)
@@ -653,9 +640,24 @@ bad:
                        }
                }
 
-       /* Only encrypt/decrypt as we write the file */
        if (benc != NULL)
-               wbio=BIO_push(benc,wbio);
+               {
+               if (!enc)
+                       rbio=BIO_push(benc,rbio);
+               else
+                       wbio=BIO_push(benc,wbio);
+               }
+#ifdef ZLIB
+       if (do_zlib)
+               {
+               if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
+                       goto end;
+               if (enc)
+                       wbio=BIO_push(bzl,wbio);
+               else
+                       rbio=BIO_push(bzl,rbio);
+               }
+#endif
 
        for (;;)
                {
-- 
1.7.9.5

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to