Issue with API EVP_PKEY_new_CMAC_key
Matt Caswell
matt at openssl.org
Wed Oct 6 07:55:44 UTC 2021
On 06/10/2021 06:46, Suji wrote:
> Hi,
>
> I am getting an issue with EVP_PKEY_new_CMAC_key while using Engine as
> an argument. It was a negative test case, passed an invalid key length.
> It hits the error, and when the application exits , it gets a
> segmentation fault.
>
> From my analysis, the scenario seems like this. When the call happens
> engine reference count e-funct_ref increases by 1 (CMAC_CTX_new) but
> when this error occurs it is decreased by 2 (EVP_PKEY_free and
> CMAC_CTX_free). When the application exits it again tries for
> EVP_PKEY_free and this issue happens.The call never reaches the engine,
> as it is an error case.
>
> It seems a bug to me, as one of these EVP_PKEY_free should be avoided.
> Any analysis on this?
This looks like a bug to me. It seems to me that the internal function
pkey_set_type() is consuming the ENGINE reference when it should not do
so. This means when we come to free things up, we free up one too many
references.
I've raised an issue for it here:
https://github.com/openssl/openssl/issues/16757
Matt
More information about the openssl-users
mailing list