The CTClib deflate implementation follows PGP 2.x in limiting the
compression window to 8k; it also limits the decompression window
similarly. Other implementations e.g. Bouncy Castle, do not heed this
limitation. Andrew Paterson writes:
Since my last e-mail, I did a quick experiment and I have
established that, as you suggested, the 8K window size was the culprit.
As it was easier to modify CTC, I changed the definition of WSIZE back
to 32K (0x8000) in gzip.h then defined WSIZE as 8K (0x2000) in
deflate.c before gzip.h was included. That did the trick!
Encryption/signing (deflating) uses an 8K window size whilst decryption
(inflating) uses a 32K window size. Problem solved and, as a bonus, the
compatibility of CTC is actually increased.
Unfortunately, it does mean that I will have to rebuild/redeploy all
of my software that uses CTC but I think I prefer that to using an
uneasy hybrid of Sun JDK, hacked Bouncy Castle JCE and hacked GNU
Classpath zip classes. There are also licence implications in that the
Bouncy Castle crypto libraries are not under the GPL whereas the GNU
Classpath classes obviously are.
Look for an update build sometime.