The following patch helps me
--- openssl-1.0.2f/crypto/srp/srp_vfy.c 2016-01-28 14:38:31.000000000 +0100 +++ openssl-1.0.2f-patched/crypto/srp/srp_vfy.c 2016-03-02 12:18:01.320339059 +0100 @@ -588,8 +588,12 @@ BN_free(N_bn); BN_free(g_bn); } - OPENSSL_cleanse(vf, vfsize); - OPENSSL_free(vf); + + if (vf) { + OPENSSL_cleanse(vf, vfsize); + OPENSSL_free(vf); + } + BN_clear_free(s); BN_clear_free(v); return result;
note that it seems to be fixed in more recent openssl versions.
The following patch helps me
--- openssl- 1.0.2f/ crypto/ srp/srp_ vfy.c 2016-01-28 14:38:31.000000000 +0100 1.0.2f- patched/ crypto/ srp/srp_ vfy.c 2016-03-02 12:18:01.320339059 +0100
BN_free( N_bn);
BN_free( g_bn); clear_free( s); clear_free( v);
+++ openssl-
@@ -588,8 +588,12 @@
}
- OPENSSL_cleanse(vf, vfsize);
- OPENSSL_free(vf);
+
+ if (vf) {
+ OPENSSL_cleanse(vf, vfsize);
+ OPENSSL_free(vf);
+ }
+
BN_
BN_
return result;
note that it seems to be fixed in more recent openssl versions.