Comment 2 for bug 1551274

The following patch helps me

--- openssl-1.0.2f/crypto/srp/srp_vfy.c 2016-01-28 14:38:31.000000000 +0100
+++ openssl-1.0.2f-patched/crypto/srp/srp_vfy.c 2016-03-02 12:18:01.320339059 +0100
@@ -588,8 +588,12 @@
         BN_free(N_bn);
         BN_free(g_bn);
     }
- OPENSSL_cleanse(vf, vfsize);
- OPENSSL_free(vf);
+
+ if (vf) {
+ OPENSSL_cleanse(vf, vfsize);
+ OPENSSL_free(vf);
+ }
+
     BN_clear_free(s);
     BN_clear_free(v);
     return result;

note that it seems to be fixed in more recent openssl versions.