Either implementation or documentation of the EVP_SealInit function is incorrect as the iv Parameter is an output parameter not an input parameter of the function.
0.9.6g and 0.9.7 both have this inconsistency but since the C-code had been updated in 0.9.7 and the documentation had not, I decided it's a documentation bug and the attached patch is my proposal to fix it. -- Mit freundlichen Grüßen / with kind regards Nils Rennebarth -- VarySys Technologies GmbH & Co. KG Moenchhaldenstraße 28 70191 Stuttgart Germany Tel +49 711 2501198 Fax +49 711 2501197 mailto:[EMAIL PROTECTED] http://www.packetalarm.com
--- EVP_SealInit.pod.orig Thu Aug 15 16:22:49 2002 +++ EVP_SealInit.pod Wed Jan 8 12:41:51 2003 @@ -24,6 +24,6 @@ EVP_SealInit() initializes a cipher context B<ctx> for encryption -with cipher B<type> using a random secret key and IV supplied in -the B<iv> parameter. B<type> is normally supplied by a function such +with cipher B<type> by generating a random secret key and IV. +B<type> is normally supplied by a function such as EVP_des_cbc(). The secret key is encrypted using one or more public keys, this allows the same encrypted data to be decrypted using any @@ -31,5 +31,8 @@ the public key encrypted secret key will be written, each buffer must contain enough room for the corresponding encrypted key: that is -B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual +B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. +B<iv> is a buffer where the IV is written to, in case the cipher uses +one and must contain enough room: that is B<iv> must have room for +B<EVP_CIPHER_CTX_iv_length(ctx)> bytes. The actual size of each encrypted secret key is written to the array B<ekl>. B<pubk> is an array of B<npubk> public keys.
