Issue with API EVP_PKEY_new_CMAC_key

Suji sujiknair at
Wed Oct 6 05:46:55 UTC 2021


I am getting an issue with EVP_PKEY_new_CMAC_key while using Engine as an
argument. It was a negative test case, passed an invalid key length. It
hits the error, and when the application exits , it gets a segmentation

>From my analysis, the scenario seems like this. When the call happens
engine reference count e-funct_ref increases by 1 (CMAC_CTX_new) but when
this error occurs it is decreased by 2 (EVP_PKEY_free and CMAC_CTX_free).
When the application exits it again tries for EVP_PKEY_free and this issue
happens.The call never reaches the engine, as it is an error case.

It seems a bug to me, as one of these EVP_PKEY_free should be avoided. Any
analysis on this?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list