Does openssl have a test suite? Does it generate a large number of keys and look for
It's easy to suggest this with the benefit of hindsight, and difficult to know whether it
would have been obvious in advance. But I do know that when I have used hash functions (in
non-security applications) I have sometimes studied whether they are generating sufficiently
well distributed results.