I. Introduction
Secure Socket Layer (SSL) and Transport Layer Security (TLS) are the most widely used protocols to guarantee data security and integrity for internet communication. In recent years, SSL/TLS protocols are widely used in various industrial development to prevent remote attacks, including browsers, e-mails, instant messaging, etc. To meet the growing demand of the developing industry, SSL libraries [1]–[3] are implemented to provide convenient ways of accessing SSL/TLS protocols. However, this convenience inevitably makes remote attacks easier because of the improper SSL library usages introduced by developers. For instance, as shown in CVE-2016-2182 [4], the result validation of function BN_div_word
https://www.openssl.org/docs/manmaster/man3/BN_div_word.html
is missed, which allows remote attackers to produce a denial of service. Improper error handling in SSL library usages frequently happens, which could result in security and relia-bility flaws [5]–[7]. Therefore, when using the APIs of SSL libraries, it is vital to check whether the API function performs successfully. If not, handling actions should be done to avoid introducing security vulnerabilities.