Issue with API EVP_PKEY_new_CMAC_key

Matt Caswell matt at
Wed Oct 6 07:55:44 UTC 2021

On 06/10/2021 06:46, Suji wrote:
> Hi,
> I am getting an issue with EVP_PKEY_new_CMAC_key while using Engine as 
> an argument. It was a negative test case, passed an invalid key length. 
> It hits the error, and when the application exits , it gets a 
> segmentation fault.
>  From my analysis, the scenario seems like this. When the call happens 
> engine reference count e-funct_ref increases by 1 (CMAC_CTX_new) but 
> when this error occurs it is decreased by 2 (EVP_PKEY_free and 
> CMAC_CTX_free). When the application exits it again tries for 
> EVP_PKEY_free and this issue happens.The call never reaches the engine, 
> as it is an error case.
> It seems a bug to me, as one of these EVP_PKEY_free should be avoided. 
> Any analysis on this?

This looks like a bug to me. It seems to me that the internal function 
pkey_set_type() is consuming the ENGINE reference when it should not do 
so. This means when we come to free things up, we free up one too many 

I've raised an issue for it here:


More information about the openssl-users mailing list