[cryptography] anyone got a "how not to use OpenSSL" list?

Jeffrey Walton noloader at gmail.com
Wed Oct 24 23:41:23 EDT 2012


On Wed, Oct 10, 2012 at 1:34 PM,
<travis+ml-rbcryptography at subspacefield.org> wrote:
> I want to find common improper usages of OpenSSL library for SSL/TLS.
>
> Can be reverse-engineered from a "how to properly use OpenSSL" FAQ,
> probably, but would prefer information to the first point rather than
> its complement.
> --
> http://www.subspacefield.org/~travis/
Calling RAND_pseudo_bytes instead of RAND_bytes. To make matters
worst, they return slightly different values - 0 means failure for
RAND_bytes; while 0 means "non-cryptographic bytes have been returned"
for RAND_pseudo_bytes.



More information about the cryptography mailing list