If MD_Init() fails to allocate memory for ctx->md_data, such as in EVP_DigestInit_ex(), it will return 0.
The return value is not checked in ssleay_rand_bytes() and other functions, and call to MD_Update() afterward will dereference this NULL pointer and cause segmentation fault. -Xiaoyong
openssl_md_rand.c.patch
Description: Binary data
