* In a production environment, it is almost never appropriate to simply crash in an uncontrolled manner (i.e. dereferencing a NULL pointer).
Applications that want this can check parameters themselves before calling the function. Saying “C arguments don’t hold” is only because it goes against your position :) FILE *f = fopen(“/”, “w”); fprintf(f, “hello world”); Is a programming error. No two ways about it. The C runtime doesn’t protect against that programming error. The OpenSSL contract says things like “foo points to a {some type of object}” Except for the free routines – which was new in 1.1 – it says nothing about NULL. (i2d/d2i also excepted)