I'm afraid we can't tell from your report whether the bug is in OpenSSL or in your application code. We need a reproducible report - for example, a standalone code snippet, or a sample input to the openssl command-line tool. Cheers, Emilia