[cryptography] anyone got a "how not to use OpenSSL" list?
noloader at gmail.com
Wed Oct 24 23:41:23 EDT 2012
On Wed, Oct 10, 2012 at 1:34 PM,
<travis+ml-rbcryptography at subspacefield.org> wrote:
> I want to find common improper usages of OpenSSL library for SSL/TLS.
> Can be reverse-engineered from a "how to properly use OpenSSL" FAQ,
> probably, but would prefer information to the first point rather than
> its complement.
Calling RAND_pseudo_bytes instead of RAND_bytes. To make matters
worst, they return slightly different values - 0 means failure for
RAND_bytes; while 0 means "non-cryptographic bytes have been returned"
More information about the cryptography