On 03.08.23 05:51, Huang, Kai wrote:
Is it safe to assume EVP_MD_CTX_destroy() can always handle a NULL ctx? The manpage says: EVP_MD_CTX_destroy() cleans up digest context ctx and frees up the space allocated to it, it should be called only on a context created using EVP_MD_CTX_create().
Thank you for pointing this out. Afais the implementations I've seen can handle NULL, and similar error-handling paths exists where EVP_MD_CTX_destroy() is called with a NULL pointer exist in several places in the openSSL code.
That being said, this indeed not explicit in the specification (unlike RSA_free() which is called just after and explicitly specifies that NULL is okay). So you're probably right that it's generally safer to not call EVP_MD_CTX_destroy() with a NULL pointer.
I'll include an extra check for this in the next patch revision.
