[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Thu Apr 30 21:34:36 UTC 2015


The branch master has been updated
       via  222561fe8ef510f336417a666f69f81ddc9b8fe4 (commit)
      from  2ace745022f5af0709297e96eb0b0829c87c4291 (commit)


- Log -----------------------------------------------------------------
commit 222561fe8ef510f336417a666f69f81ddc9b8fe4
Author: Rich Salz <rsalz at openssl.org>
Date:   Thu Apr 30 17:33:59 2015 -0400

    free NULL cleanup 5a
    
    Don't check for NULL before calling a free routine.  This gets X509_.*free:
        x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
        X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
        X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/apps.c                       |  3 +--
 apps/ca.c                         | 44 +++++++++++++------------------------
 apps/crl2p7.c                     |  6 ++---
 apps/ocsp.c                       |  3 +--
 apps/pkcs12.c                     |  6 ++---
 apps/s_cb.c                       | 15 +++++--------
 apps/s_client.c                   | 12 ++++------
 apps/s_server.c                   | 22 +++++++------------
 apps/smime.c                      |  3 +--
 apps/verify.c                     |  9 +++-----
 crypto/asn1/x_info.c              |  9 +++-----
 crypto/asn1/x_pkey.c              |  3 +--
 crypto/asn1/x_pubkey.c            |  9 +++-----
 crypto/cms/cms_asn1.c             |  6 ++---
 crypto/cms/cms_pwri.c             |  3 +--
 crypto/cms/cms_sd.c               |  3 +--
 crypto/cms/cms_smime.c            |  6 ++---
 crypto/dh/dh_ameth.c              | 12 ++++------
 crypto/ec/ec_ameth.c              | 12 ++++------
 crypto/evp/p_lib.c                |  3 +--
 crypto/ocsp/ocsp_vfy.c            |  3 +--
 crypto/pem/pem_info.c             |  3 +--
 crypto/pkcs12/p12_kiss.c          | 14 +++++-------
 crypto/pkcs7/pk7_doit.c           |  6 ++---
 crypto/pkcs7/pk7_smime.c          |  3 +--
 crypto/rsa/rsa_ameth.c            | 12 ++++------
 crypto/rsa/rsa_sign.c             |  3 +--
 crypto/ts/ts_rsp_sign.c           |  9 +++-----
 crypto/x509/by_file.c             |  6 ++---
 crypto/x509/x509_att.c            |  6 ++---
 crypto/x509/x509_lu.c             |  7 ++++--
 crypto/x509/x509_r2x.c            |  9 ++++----
 crypto/x509/x509_v3.c             |  6 ++---
 crypto/x509/x509_vfy.c            | 29 ++++++++++--------------
 crypto/x509/x509_vpm.c            |  6 ++---
 crypto/x509/x509name.c            |  3 +--
 crypto/x509/x_attrib.c            |  3 +--
 crypto/x509/x_name.c              | 15 +++++--------
 crypto/x509v3/pcy_cache.c         |  3 +--
 crypto/x509v3/pcy_tree.c          | 10 +++------
 crypto/x509v3/v3_crld.c           |  6 ++---
 demos/cms/cms_ddec.c              |  3 +--
 demos/cms/cms_dec.c               |  3 +--
 demos/cms/cms_denc.c              |  6 ++---
 demos/cms/cms_enc.c               |  6 ++---
 demos/cms/cms_sign.c              |  3 +--
 demos/cms/cms_sign2.c             |  8 ++-----
 demos/cms/cms_ver.c               |  3 +--
 demos/easy_tls/easy-tls.c         |  3 +--
 demos/smime/smdec.c               |  3 +--
 demos/smime/smenc.c               |  6 ++---
 demos/smime/smsign.c              |  3 +--
 demos/smime/smsign2.c             |  6 ++---
 demos/smime/smver.c               |  3 +--
 demos/spkigen.c                   |  3 +--
 doc/crypto/X509_STORE_CTX_new.pod |  1 +
 doc/crypto/X509_new.pod           |  1 +
 ssl/s3_clnt.c                     | 18 +++++----------
 ssl/s3_lib.c                      | 12 ++++------
 ssl/s3_srvr.c                     | 12 ++++------
 ssl/ssl_cert.c                    | 46 +++++++++++++--------------------------
 ssl/ssl_lib.c                     | 25 +++++++--------------
 ssl/ssl_rsa.c                     |  9 +++-----
 ssl/ssl_sess.c                    |  3 +--
 ssl/t1_lib.c                      |  7 ++----
 65 files changed, 189 insertions(+), 355 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 5eadc72..9475fe3 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -971,8 +971,7 @@ static int load_certs_crls(const char *file, int format,
 
  end:
 
-    if (xis)
-        sk_X509_INFO_pop_free(xis, X509_INFO_free);
+    sk_X509_INFO_pop_free(xis, X509_INFO_free);
 
     if (rv == 0) {
         if (pcerts) {
diff --git a/apps/ca.c b/apps/ca.c
index 5535603..a3e0bda 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1349,9 +1349,7 @@ end_of_options:
     BIO_free_all(Sout);
     BIO_free_all(out);
     BIO_free_all(in);
-
-    if (cert_sk)
-        sk_X509_pop_free(cert_sk, X509_free);
+    sk_X509_pop_free(cert_sk, X509_free);
 
     if (ret)
         ERR_print_errors(bio_err);
@@ -1364,8 +1362,7 @@ end_of_options:
     if (sigopts)
         sk_OPENSSL_STRING_free(sigopts);
     EVP_PKEY_free(pkey);
-    if (x509)
-        X509_free(x509);
+    X509_free(x509);
     X509_CRL_free(crl);
     NCONF_free(conf);
     NCONF_free(extconf);
@@ -1440,8 +1437,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
                  ext_copy, selfsign);
 
  end:
-    if (req != NULL)
-        X509_REQ_free(req);
+    X509_REQ_free(req);
     BIO_free(in);
     return (ok);
 }
@@ -1495,10 +1491,8 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
                  ext_copy, 0);
 
  end:
-    if (rreq != NULL)
-        X509_REQ_free(rreq);
-    if (req != NULL)
-        X509_free(req);
+    X509_REQ_free(rreq);
+    X509_free(req);
     return (ok);
 }
 
@@ -1700,8 +1694,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
 
             if (push != NULL) {
                 if (!X509_NAME_add_entry(subject, push, -1, 0)) {
-                    if (push != NULL)
-                        X509_NAME_ENTRY_free(push);
+                    X509_NAME_ENTRY_free(push);
                     BIO_printf(bio_err, "Memory allocation failure\n");
                     goto end;
                 }
@@ -1876,8 +1869,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
         /*
          * Free the current entries if any, there should not be any I believe
          */
-        if (ci->extensions != NULL)
-            sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
+        sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
 
         ci->extensions = NULL;
 
@@ -2027,18 +2019,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
         if (row[i] != NULL)
             OPENSSL_free(row[i]);
 
-    if (CAname != NULL)
-        X509_NAME_free(CAname);
-    if (subject != NULL)
-        X509_NAME_free(subject);
-    if ((dn_subject != NULL) && !email_dn)
+    X509_NAME_free(CAname);
+    X509_NAME_free(subject);
+    if (dn_subject != subject)
         X509_NAME_free(dn_subject);
     ASN1_UTCTIME_free(tmptm);
-    if (ok <= 0) {
-        if (ret != NULL)
-            X509_free(ret);
-        ret = NULL;
-    } else
+    if (ok <= 0)
+        X509_free(ret);
+    else
         *xret = ret;
     return (ok);
 }
@@ -2186,14 +2174,12 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
                  verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
                  ext_copy, 0);
  end:
-    if (req != NULL)
-        X509_REQ_free(req);
+    X509_REQ_free(req);
     if (parms != NULL)
         CONF_free(parms);
     if (spki != NULL)
         NETSCAPE_SPKI_free(spki);
-    if (ne != NULL)
-        X509_NAME_ENTRY_free(ne);
+    X509_NAME_ENTRY_free(ne);
 
     return (ok);
 }
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index d75b667..fb2b085 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -215,8 +215,7 @@ int crl2pkcs7_main(int argc, char **argv)
     BIO_free(in);
     BIO_free_all(out);
     PKCS7_free(p7);
-    if (crl != NULL)
-        X509_CRL_free(crl);
+    X509_CRL_free(crl);
 
     return (ret);
 }
@@ -267,7 +266,6 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
  end:
     /* never need to OPENSSL_free x */
     BIO_free(in);
-    if (sk != NULL)
-        sk_X509_INFO_free(sk);
+    sk_X509_INFO_free(sk);
     return (ret);
 }
diff --git a/apps/ocsp.c b/apps/ocsp.c
index fb60e3b..680cc0a 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -735,8 +735,7 @@ int ocsp_main(int argc, char **argv)
     ERR_print_errors(bio_err);
     X509_free(signer);
     X509_STORE_free(store);
-    if (vpm)
-        X509_VERIFY_PARAM_free(vpm);
+    X509_VERIFY_PARAM_free(vpm);
     EVP_PKEY_free(key);
     EVP_PKEY_free(rkey);
     X509_free(cert);
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index ec7a1d9..b4b3730 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -504,10 +504,8 @@ int pkcs12_main(int argc, char **argv)
  export_end:
 
         EVP_PKEY_free(key);
-        if (certs)
-            sk_X509_pop_free(certs, X509_free);
-        if (ucert)
-            X509_free(ucert);
+        sk_X509_pop_free(certs, X509_free);
+        X509_free(ucert);
 
         goto end;
 
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 76aeadb..1d026b6 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1219,11 +1219,9 @@ void ssl_excert_free(SSL_EXCERT *exc)
 {
     SSL_EXCERT *curr;
     while (exc) {
-        if (exc->cert)
-            X509_free(exc->cert);
+        X509_free(exc->cert);
         EVP_PKEY_free(exc->key);
-        if (exc->chain)
-            sk_X509_pop_free(exc->chain, X509_free);
+        sk_X509_pop_free(exc->chain, X509_free);
         curr = exc;
         exc = exc->next;
         OPENSSL_free(curr);
@@ -1385,8 +1383,7 @@ void print_ssl_summary(SSL *s)
             BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
     } else
         BIO_puts(bio_err, "No peer certificate\n");
-    if (peer)
-        X509_free(peer);
+    X509_free(peer);
 #ifndef OPENSSL_NO_EC
     ssl_print_point_formats(bio_err, s);
     if (SSL_is_server(s))
@@ -1501,10 +1498,8 @@ int ssl_load_stores(SSL_CTX *ctx,
     }
     rv = 1;
  err:
-    if (vfy)
-        X509_STORE_free(vfy);
-    if (ch)
-        X509_STORE_free(ch);
+    X509_STORE_free(vfy);
+    X509_STORE_free(ch);
     return rv;
 }
 
diff --git a/apps/s_client.c b/apps/s_client.c
index 9d0d6f0..fdd1f5c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1998,17 +1998,14 @@ int s_client_main(int argc, char **argv)
         OPENSSL_free(next_proto.data);
 #endif
     SSL_CTX_free(ctx);
-    if (cert)
-        X509_free(cert);
+    X509_free(cert);
     if (crls)
         sk_X509_CRL_pop_free(crls, X509_CRL_free);
     EVP_PKEY_free(key);
-    if (chain)
-        sk_X509_pop_free(chain, X509_free);
+    sk_X509_pop_free(chain, X509_free);
     if (pass)
         OPENSSL_free(pass);
-    if (vpm)
-        X509_VERIFY_PARAM_free(vpm);
+    X509_VERIFY_PARAM_free(vpm);
     ssl_excert_free(exc);
     sk_OPENSSL_STRING_free(ssl_args);
     SSL_CONF_CTX_free(cctx);
@@ -2197,8 +2194,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
         }
     }
     BIO_printf(bio, "---\n");
-    if (peer != NULL)
-        X509_free(peer);
+    X509_free(peer);
     /* flush, or debugging output gets mixed with http response */
     (void)BIO_flush(bio);
 }
diff --git a/apps/s_server.c b/apps/s_server.c
index 701f52d..f8bec24 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1925,24 +1925,18 @@ int s_server_main(int argc, char *argv[])
     ret = 0;
  end:
     SSL_CTX_free(ctx);
-    if (s_cert)
-        X509_free(s_cert);
-    if (crls)
-        sk_X509_CRL_pop_free(crls, X509_CRL_free);
-    if (s_dcert)
-        X509_free(s_dcert);
+    X509_free(s_cert);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    X509_free(s_dcert);
     EVP_PKEY_free(s_key);
     EVP_PKEY_free(s_dkey);
-    if (s_chain)
-        sk_X509_pop_free(s_chain, X509_free);
-    if (s_dchain)
-        sk_X509_pop_free(s_dchain, X509_free);
+    sk_X509_pop_free(s_chain, X509_free);
+    sk_X509_pop_free(s_dchain, X509_free);
     if (pass)
         OPENSSL_free(pass);
     if (dpass)
         OPENSSL_free(dpass);
-    if (vpm)
-        X509_VERIFY_PARAM_free(vpm);
+    X509_VERIFY_PARAM_free(vpm);
     free_sessions();
 #ifndef OPENSSL_NO_TLSEXT
     if (tlscstatp.host)
@@ -1951,9 +1945,9 @@ int s_server_main(int argc, char *argv[])
         OPENSSL_free(tlscstatp.port);
     if (tlscstatp.path)
         OPENSSL_free(tlscstatp.path);
+    if (ctx2 != NULL)
     SSL_CTX_free(ctx2);
-    if (s_cert2)
-        X509_free(s_cert2);
+    X509_free(s_cert2);
     EVP_PKEY_free(s_key2);
     BIO_free(serverinfo_in);
 # ifndef OPENSSL_NO_NEXTPROTONEG
diff --git a/apps/smime.c b/apps/smime.c
index 21e9daa..0fda865 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -650,8 +650,7 @@ int smime_main(int argc, char **argv)
         ERR_print_errors(bio_err);
     sk_X509_pop_free(encerts, X509_free);
     sk_X509_pop_free(other, X509_free);
-    if (vpm)
-        X509_VERIFY_PARAM_free(vpm);
+    X509_VERIFY_PARAM_free(vpm);
     if (sksigners)
         sk_OPENSSL_STRING_free(sksigners);
     if (skkeys)
diff --git a/apps/verify.c b/apps/verify.c
index 1faca96..f4e18f0 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -221,10 +221,8 @@ int verify_main(int argc, char **argv)
     }
 
  end:
-    if (vpm)
-        X509_VERIFY_PARAM_free(vpm);
-    if (store != NULL)
-        X509_STORE_free(store);
+    X509_VERIFY_PARAM_free(vpm);
+    X509_STORE_free(store);
     sk_X509_pop_free(untrusted, X509_free);
     sk_X509_pop_free(trusted, X509_free);
     sk_X509_CRL_pop_free(crls, X509_CRL_free);
@@ -283,8 +281,7 @@ static int check(X509_STORE *ctx, char *file,
         }
         sk_X509_pop_free(chain, X509_free);
     }
-    if (x != NULL)
-        X509_free(x);
+    X509_free(x);
 
     return (ret);
 }
diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c
index fff54c8..4783fc4 100644
--- a/crypto/asn1/x_info.c
+++ b/crypto/asn1/x_info.c
@@ -103,12 +103,9 @@ void X509_INFO_free(X509_INFO *x)
     }
 #endif
 
-    if (x->x509 != NULL)
-        X509_free(x->x509);
-    if (x->crl != NULL)
-        X509_CRL_free(x->crl);
-    if (x->x_pkey != NULL)
-        X509_PKEY_free(x->x_pkey);
+    X509_free(x->x509);
+    X509_CRL_free(x->crl);
+    X509_PKEY_free(x->x_pkey);
     if (x->enc_data != NULL)
         OPENSSL_free(x->enc_data);
     OPENSSL_free(x);
diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
index 98e4a3d..fc5de8a 100644
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
@@ -110,8 +110,7 @@ void X509_PKEY_free(X509_PKEY *x)
     }
 #endif
 
-    if (x->enc_algor != NULL)
-        X509_ALGOR_free(x->enc_algor);
+    X509_ALGOR_free(x->enc_algor);
     ASN1_OCTET_STRING_free(x->enc_pkey);
     EVP_PKEY_free(x->dec_pkey);
     if ((x->key_data != NULL) && (x->key_free))
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index 3c72997..158c240 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -112,15 +112,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
         goto error;
     }
 
-    if (*x != NULL)
-        X509_PUBKEY_free(*x);
-
+    X509_PUBKEY_free(*x);
     *x = pk;
-
     return 1;
+
  error:
-    if (pk != NULL)
-        X509_PUBKEY_free(pk);
+    X509_PUBKEY_free(pk);
     return 0;
 }
 
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index 03de7af..2b61768 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -94,8 +94,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
     if (operation == ASN1_OP_FREE_POST) {
         CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
         EVP_PKEY_free(si->pkey);
-        if (si->signer)
-            X509_free(si->signer);
+        X509_free(si->signer);
         if (si->pctx)
             EVP_MD_CTX_cleanup(&si->mctx);
     }
@@ -248,8 +247,7 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         if (ri->type == CMS_RECIPINFO_TRANS) {
             CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
             EVP_PKEY_free(ktri->pkey);
-            if (ktri->recip)
-                X509_free(ktri->recip);
+            X509_free(ktri->recip);
             EVP_PKEY_CTX_free(ktri->pctx);
         } else if (ri->type == CMS_RECIPINFO_KEK) {
             CMS_KEKRecipientInfo *kekri = ri->d.kekri;
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index e11b1fa..ece5ce3 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -204,8 +204,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
     EVP_CIPHER_CTX_cleanup(&ctx);
     if (ri)
         M_ASN1_free_of(ri, CMS_RecipientInfo);
-    if (encalg)
-        X509_ALGOR_free(encalg);
+    X509_ALGOR_free(encalg);
     return NULL;
 
 }
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index c0a9780..31398ac 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -489,8 +489,7 @@ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
         EVP_PKEY_free(si->pkey);
         si->pkey = X509_get_pubkey(signer);
     }
-    if (si->signer)
-        X509_free(si->signer);
+    X509_free(si->signer);
     si->signer = signer;
 }
 
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index f491ec9..8066602 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -455,10 +455,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
     if (out != tmpout)
         BIO_free_all(tmpout);
 
-    if (cms_certs)
-        sk_X509_pop_free(cms_certs, X509_free);
-    if (crls)
-        sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    sk_X509_pop_free(cms_certs, X509_free);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
 
     return ret;
 }
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 8cd90b6..f3abe07 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -782,10 +782,8 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
 
     rv = 1;
  err:
-    if (kekalg)
-        X509_ALGOR_free(kekalg);
-    if (dukm)
-        OPENSSL_free(dukm);
+    X509_ALGOR_free(kekalg);
+    OPENSSL_free(dukm);
     return rv;
 }
 
@@ -945,10 +943,8 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
     rv = 1;
 
  err:
-    if (penc)
-        OPENSSL_free(penc);
-    if (wrap_alg)
-        X509_ALGOR_free(wrap_alg);
+    OPENSSL_free(penc);
+    X509_ALGOR_free(wrap_alg);
     return rv;
 }
 
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 5a7b0b7..6b34be3 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -796,10 +796,8 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
 
     rv = 1;
  err:
-    if (kekalg)
-        X509_ALGOR_free(kekalg);
-    if (der)
-        OPENSSL_free(der);
+    X509_ALGOR_free(kekalg);
+    OPENSSL_free(der);
     return rv;
 }
 
@@ -967,10 +965,8 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
     rv = 1;
 
  err:
-    if (penc)
-        OPENSSL_free(penc);
-    if (wrap_alg)
-        X509_ALGOR_free(wrap_alg);
+    OPENSSL_free(penc);
+    X509_ALGOR_free(wrap_alg);
     return rv;
 }
 
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index c9e971e..c163e47 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -401,8 +401,7 @@ void EVP_PKEY_free(EVP_PKEY *x)
     }
 #endif
     EVP_PKEY_free_it(x);
-    if (x->attributes)
-        sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
+    sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
     OPENSSL_free(x);
 }
 
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 40a3b01..9bf1ff5 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -171,8 +171,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
     }
 
  end:
-    if (chain)
-        sk_X509_pop_free(chain, X509_free);
+    sk_X509_pop_free(chain, X509_free);
     if (bs->certs && certs)
         sk_X509_free(untrusted);
     return ret;
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index b814741..0e7338b 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -276,8 +276,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
     }
     ok = 1;
  err:
-    if (xi != NULL)
-        X509_INFO_free(xi);
+    X509_INFO_free(xi);
     if (!ok) {
         for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
             xi = sk_X509_INFO_value(ret, i);
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index fcfa986..cd18427 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -150,12 +150,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
                 goto err;
             x = NULL;
         }
-        if (x)
-            X509_free(x);
+        X509_free(x);
     }
 
-    if (ocerts)
-        sk_X509_pop_free(ocerts, X509_free);
+    sk_X509_pop_free(ocerts, X509_free);
 
     return 1;
 
@@ -163,12 +161,10 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 
     if (pkey)
         EVP_PKEY_free(*pkey);
-    if (cert && *cert)
+    if (cert)
         X509_free(*cert);
-    if (x)
-        X509_free(x);
-    if (ocerts)
-        sk_X509_pop_free(ocerts, X509_free);
+    X509_free(x);
+    sk_X509_pop_free(ocerts, X509_free);
     return 0;
 
 }
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 639e217..51e9c6e 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -1134,8 +1134,7 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
 {
     int i;
 
-    if (p7si->auth_attr != NULL)
-        sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
+    sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
     p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
     if (p7si->auth_attr == NULL)
         return 0;
@@ -1154,8 +1153,7 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
 {
     int i;
 
-    if (p7si->unauth_attr != NULL)
-        sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
+    sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
     p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
     if (p7si->unauth_attr == NULL)
         return 0;
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index e659af8..33bdda2 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -208,8 +208,7 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
     }
     return si;
  err:
-    if (smcap)
-        sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+    sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
     return NULL;
 }
 
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 4e02531..38b850a 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -381,8 +381,7 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
         rv = rsa_pss_param_print(bp, pss, maskHash, indent);
         if (pss)
             RSA_PSS_PARAMS_free(pss);
-        if (maskHash)
-            X509_ALGOR_free(maskHash);
+        X509_ALGOR_free(maskHash);
         if (!rv)
             return 0;
     } else if (!sig && BIO_puts(bp, "\n") <= 0)
@@ -474,8 +473,7 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
     stmp = NULL;
  err:
     ASN1_STRING_free(stmp);
-    if (algtmp)
-        X509_ALGOR_free(algtmp);
+    X509_ALGOR_free(algtmp);
     if (*palg)
         return 1;
     return 0;
@@ -652,8 +650,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
 
  err:
     RSA_PSS_PARAMS_free(pss);
-    if (maskHash)
-        X509_ALGOR_free(maskHash);
+    X509_ALGOR_free(maskHash);
     return rv;
 }
 
@@ -840,8 +837,7 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
 
  err:
     RSA_OAEP_PARAMS_free(oaep);
-    if (maskHash)
-        X509_ALGOR_free(maskHash);
+    X509_ALGOR_free(maskHash);
     return rv;
 }
 
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index ec1575a..3b2ba56 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -266,8 +266,7 @@ int int_rsa_verify(int dtype, const unsigned char *m,
             ret = 1;
     }
  err:
-    if (sig != NULL)
-        X509_SIG_free(sig);
+    X509_SIG_free(sig);
     if (s != NULL) {
         OPENSSL_cleanse(s, (unsigned int)siglen);
         OPENSSL_free(s);
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 0cdeb06..58068cf 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -207,8 +207,7 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
               TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
         return 0;
     }
-    if (ctx->signer_cert)
-        X509_free(ctx->signer_cert);
+    X509_free(ctx->signer_cert);
     ctx->signer_cert = signer;
     CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
     return 1;
@@ -237,10 +236,8 @@ int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
 int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
 {
 
-    if (ctx->certs) {
-        sk_X509_pop_free(ctx->certs, X509_free);
-        ctx->certs = NULL;
-    }
+    sk_X509_pop_free(ctx->certs, X509_free);
+    ctx->certs = NULL;
     if (!certs)
         return 1;
     if (!(ctx->certs = X509_chain_up_ref(certs))) {
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index bc1c90c..d82a0db 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -174,8 +174,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
         goto err;
     }
  err:
-    if (x != NULL)
-        X509_free(x);
+    X509_free(x);
     BIO_free(in);
     return (ret);
 }
@@ -232,8 +231,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
         goto err;
     }
  err:
-    if (x != NULL)
-        X509_CRL_free(x);
+    X509_CRL_free(x);
     BIO_free(in);
     return (ret);
 }
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index 292546b..df49b0b 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -147,10 +147,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
  err:
     X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
  err2:
-    if (new_attr != NULL)
-        X509_ATTRIBUTE_free(new_attr);
-    if (sk != NULL)
-        sk_X509_ATTRIBUTE_free(sk);
+    X509_ATTRIBUTE_free(new_attr);
+    sk_X509_ATTRIBUTE_free(sk);
     return (NULL);
 }
 
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 08bbc39..7fbc8e3 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -217,6 +217,8 @@ X509_STORE *X509_STORE_new(void)
 
 static void cleanup(X509_OBJECT *a)
 {
+    if (!a)
+        return;
     if (a->type == X509_LU_X509) {
         X509_free(a->data.x509);
     } else if (a->type == X509_LU_CRL) {
@@ -260,8 +262,7 @@ void X509_STORE_free(X509_STORE *vfy)
     sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
 
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
-    if (vfy->param)
-        X509_VERIFY_PARAM_free(vfy->param);
+    X509_VERIFY_PARAM_free(vfy->param);
     OPENSSL_free(vfy);
 }
 
@@ -413,6 +414,8 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a)
 
 void X509_OBJECT_free_contents(X509_OBJECT *a)
 {
+    if (!a)
+        return;
     switch (a->type) {
     case X509_LU_X509:
         X509_free(a->data.x509);
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index 3cd7280..e715904 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -104,10 +104,9 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
 
     if (!X509_sign(ret, pkey, EVP_md5()))
         goto err;
-    if (0) {
+    return ret;
+
  err:
-        X509_free(ret);
-        ret = NULL;
-    }
-    return (ret);
+    X509_free(ret);
+    return NULL;
 }
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index d70bfae..ad33be6 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -176,10 +176,8 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
  err:
     X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
  err2:
-    if (new_ex != NULL)
-        X509_EXTENSION_free(new_ex);
-    if (sk != NULL)
-        sk_X509_EXTENSION_free(sk);
+    X509_EXTENSION_free(new_ex);
+    sk_X509_EXTENSION_free(sk);
     return (NULL);
 }
 
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 85dc714..3cdf453 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -495,10 +495,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
  end:
         X509_get_pubkey_parameters(NULL, ctx->chain);
     }
-    if (sktmp != NULL)
-        sk_X509_free(sktmp);
-    if (chain_ss != NULL)
-        X509_free(chain_ss);
+    sk_X509_free(sktmp);
+    X509_free(chain_ss);
     return ok;
 }
 
@@ -1016,8 +1014,7 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
     }
 
     if (best_crl) {
-        if (*pcrl)
-            X509_CRL_free(*pcrl);
+        X509_CRL_free(*pcrl);
         *pcrl = best_crl;
         *pissuer = best_crl_issuer;
         *pscore = best_score;
@@ -2058,8 +2055,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
 
  memerr:
     X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE);
-    if (crl)
-        X509_CRL_free(crl);
+    X509_CRL_free(crl);
     return NULL;
 }
 
@@ -2230,6 +2226,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
 
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
 {
+    if (!ctx)
+        return;
     X509_STORE_CTX_cleanup(ctx);
     OPENSSL_free(ctx);
 }
@@ -2376,14 +2374,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
             X509_VERIFY_PARAM_free(ctx->param);
         ctx->param = NULL;
     }
-    if (ctx->tree != NULL) {
-        X509_policy_tree_free(ctx->tree);
-        ctx->tree = NULL;
-    }
-    if (ctx->chain != NULL) {
-        sk_X509_pop_free(ctx->chain, X509_free);
-        ctx->chain = NULL;
-    }
+    X509_policy_tree_free(ctx->tree);
+    ctx->tree = NULL;
+    sk_X509_pop_free(ctx->chain, X509_free);
+    ctx->chain = NULL;
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
     memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
 }
@@ -2436,7 +2430,6 @@ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
 
 void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
 {
-    if (ctx->param)
-        X509_VERIFY_PARAM_free(ctx->param);
+    X509_VERIFY_PARAM_free(ctx->param);
     ctx->param = param;
 }
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 009255e..57c2606 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -168,6 +168,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
 {
     X509_VERIFY_PARAM *param;
     X509_VERIFY_PARAM_ID *paramid;
+
     param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
     if (!param)
         return NULL;
@@ -185,7 +186,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
 
 void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
 {
-    if (param == NULL)
+    if (!param)
         return;
     x509_verify_param_zero(param);
     OPENSSL_free(param->id);
@@ -644,7 +645,6 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
 
 void X509_VERIFY_PARAM_table_cleanup(void)
 {
-    if (param_table)
-        sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
+    sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
     param_table = NULL;
 }
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index 6bb1e5d..5a70845 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -277,8 +277,7 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
     }
     return (1);
  err:
-    if (new_name != NULL)
-        X509_NAME_ENTRY_free(new_name);
+    X509_NAME_ENTRY_free(new_name);
     return (0);
 }
 
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
index 9ff6dcc..9782fda 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -98,8 +98,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
     ASN1_TYPE_set(val, atrtype, value);
     return (ret);
  err:
-    if (ret != NULL)
-        X509_ATTRIBUTE_free(ret);
+    X509_ATTRIBUTE_free(ret);
     ASN1_TYPE_free(val);
     return (NULL);
 }
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index e6a862e..cdc4c97 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -150,8 +150,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
  memerr:
     ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
     if (ret) {
-        if (ret->entries)
-            sk_X509_NAME_ENTRY_free(ret->entries);
+        sk_X509_NAME_ENTRY_free(ret->entries);
         OPENSSL_free(ret);
     }
     return 0;
@@ -160,6 +159,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
 static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
     X509_NAME *a;
+
     if (!pval || !*pval)
         return;
     a = (X509_NAME *)*pval;
@@ -232,8 +232,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
     *in = p;
     return ret;
  err:
-    if (nm.x != NULL)
-        X509_NAME_free(nm.x);
+    X509_NAME_free(nm.x);
     ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
     return 0;
 }
@@ -394,11 +393,9 @@ static int x509_name_canon(X509_NAME *a)
 
  err:
 
-    if (tmpentry)
-        X509_NAME_ENTRY_free(tmpentry);
-    if (intname)
-        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
-                                             local_sk_X509_NAME_ENTRY_pop_free);
+    X509_NAME_ENTRY_free(tmpentry);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+                                         local_sk_X509_NAME_ENTRY_pop_free);
     return ret;
 }
 
diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
index eff4291..125b311 100644
--- a/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
@@ -221,8 +221,7 @@ void policy_cache_free(X509_POLICY_CACHE *cache)
         return;
     if (cache->anyPolicy)
         policy_data_free(cache->anyPolicy);
-    if (cache->data)
-        sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+    sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
     OPENSSL_free(cache);
 }
 
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index cc52fa2..1f85c37 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -655,17 +655,13 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree)
     sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
 
     for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
-        if (curr->cert)
-            X509_free(curr->cert);
-        if (curr->nodes)
-            sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
+        X509_free(curr->cert);
+        sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
         if (curr->anyPolicy)
             policy_node_free(curr->anyPolicy);
     }
 
-    if (tree->extra_data)
-        sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
-
+    sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
     OPENSSL_free(tree->levels);
     OPENSSL_free(tree);
 
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
index e38632f..48a6a9d 100644
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -175,8 +175,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
  err:
     if (fnm)
         sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
-    if (rnm)
-        sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
+    sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
     return -1;
 }
 
@@ -354,8 +353,7 @@ static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         break;
 
     case ASN1_OP_FREE_POST:
-        if (dpn->dpname)
-            X509_NAME_free(dpn->dpname);
+        X509_NAME_free(dpn->dpname);
         break;
     }
     return 1;
diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c
index 1e06cea..36bb4ee 100644
--- a/demos/cms/cms_ddec.c
+++ b/demos/cms/cms_ddec.c
@@ -70,8 +70,7 @@ int main(int argc, char **argv)
 
     if (cms)
         CMS_ContentInfo_free(cms);
-    if (rcert)
-        X509_free(rcert);
+    X509_free(rcert);
     EVP_PKEY_free(rkey);
 
     BIO_free(in);
diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c
index 71a0e4f..832b54d 100644
--- a/demos/cms/cms_dec.c
+++ b/demos/cms/cms_dec.c
@@ -61,8 +61,7 @@ int main(int argc, char **argv)
 
     if (cms)
         CMS_ContentInfo_free(cms);
-    if (rcert)
-        X509_free(rcert);
+    X509_free(rcert);
     EVP_PKEY_free(rkey);
 
     BIO_free(in);
diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c
index 8526717..f91fec1 100644
--- a/demos/cms/cms_denc.c
+++ b/demos/cms/cms_denc.c
@@ -79,10 +79,8 @@ int main(int argc, char **argv)
 
     if (cms)
         CMS_ContentInfo_free(cms);
-    if (rcert)
-        X509_free(rcert);
-    if (recips)
-        sk_X509_pop_free(recips, X509_free);
+    X509_free(rcert);
+    sk_X509_pop_free(recips, X509_free);
 
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/cms/cms_enc.c b/demos/cms/cms_enc.c
index 4395e6b..ba62f79 100644
--- a/demos/cms/cms_enc.c
+++ b/demos/cms/cms_enc.c
@@ -75,10 +75,8 @@ int main(int argc, char **argv)
 
     if (cms)
         CMS_ContentInfo_free(cms);
-    if (rcert)
-        X509_free(rcert);
-    if (recips)
-        sk_X509_pop_free(recips, X509_free);
+    X509_free(rcert);
+    sk_X509_pop_free(recips, X509_free);
 
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/cms/cms_sign.c b/demos/cms/cms_sign.c
index 3ad5ce8..e9871df 100644
--- a/demos/cms/cms_sign.c
+++ b/demos/cms/cms_sign.c
@@ -71,8 +71,7 @@ int main(int argc, char **argv)
 
     if (cms)
         CMS_ContentInfo_free(cms);
-    if (scert)
-        X509_free(scert);
+    X509_free(scert);
     EVP_PKEY_free(skey);
 
     BIO_free(in);
diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c
index 3276de1..127f586 100644
--- a/demos/cms/cms_sign2.c
+++ b/demos/cms/cms_sign2.c
@@ -80,14 +80,10 @@ int main(int argc, char **argv)
     if (cms)
         CMS_ContentInfo_free(cms);
 
-    if (scert)
-        X509_free(scert);
+    X509_free(scert);
     EVP_PKEY_free(skey);
-
-    if (scert2)
-        X509_free(scert2);
+    X509_free(scert2);
     EVP_PKEY_free(skey2);
-
     BIO_free(in);
     BIO_free(out);
     BIO_free(tbio);
diff --git a/demos/cms/cms_ver.c b/demos/cms/cms_ver.c
index 4227531..0f34bbf 100644
--- a/demos/cms/cms_ver.c
+++ b/demos/cms/cms_ver.c
@@ -70,8 +70,7 @@ int main(int argc, char **argv)
     if (cms)
         CMS_ContentInfo_free(cms);
 
-    if (cacert)
-        X509_free(cacert);
+    X509_free(cacert);
 
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c
index 1a0a03a..9346720 100644
--- a/demos/easy_tls/easy-tls.c
+++ b/demos/easy_tls/easy-tls.c
@@ -943,8 +943,7 @@ static void write_info(SSL *ssl, int *info_fd)
 
             peercert = SSL_get_peer_certificate(ssl);
             tls_get_x509_subject_name_oneline(peercert, &peer);
-            if (peercert != NULL)
-                X509_free(peercert);
+            X509_free(peercert);
         }
         if (peer.str[0] == '\0')
             v_ok = '0';         /* no cert at all */
diff --git a/demos/smime/smdec.c b/demos/smime/smdec.c
index 9752dea..f1a987a 100644
--- a/demos/smime/smdec.c
+++ b/demos/smime/smdec.c
@@ -58,8 +58,7 @@ int main(int argc, char **argv)
         ERR_print_errors_fp(stderr);
     }
     PKCS7_free(p7);
-    if (rcert)
-        X509_free(rcert);
+    X509_free(rcert);
     EVP_PKEY_free(rkey);
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/smime/smenc.c b/demos/smime/smenc.c
index 2e594ee..79fe2d0 100644
--- a/demos/smime/smenc.c
+++ b/demos/smime/smenc.c
@@ -72,10 +72,8 @@ int main(int argc, char **argv)
         ERR_print_errors_fp(stderr);
     }
     PKCS7_free(p7);
-    if (rcert)
-        X509_free(rcert);
-    if (recips)
-        sk_X509_pop_free(recips, X509_free);
+    X509_free(rcert);
+    sk_X509_pop_free(recips, X509_free);
     BIO_free(in);
     BIO_free(out);
     BIO_free(tbio);
diff --git a/demos/smime/smsign.c b/demos/smime/smsign.c
index 91ab8e4..8505e71 100644
--- a/demos/smime/smsign.c
+++ b/demos/smime/smsign.c
@@ -68,8 +68,7 @@ int main(int argc, char **argv)
         ERR_print_errors_fp(stderr);
     }
     PKCS7_free(p7);
-    if (scert)
-        X509_free(scert);
+    X509_free(scert);
     EVP_PKEY_free(skey);
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/smime/smsign2.c b/demos/smime/smsign2.c
index 0ad709d..415ecf3 100644
--- a/demos/smime/smsign2.c
+++ b/demos/smime/smsign2.c
@@ -76,11 +76,9 @@ int main(int argc, char **argv)
         ERR_print_errors_fp(stderr);
     }
     PKCS7_free(p7);
-    if (scert)
-        X509_free(scert);
+    X509_free(scert);
     EVP_PKEY_free(skey);
-    if (scert2)
-        X509_free(scert2);
+    X509_free(scert2);
     EVP_PKEY_free(skey2);
     BIO_free(in);
     BIO_free(out);
diff --git a/demos/smime/smver.c b/demos/smime/smver.c
index c4b6e75..13ba18b 100644
--- a/demos/smime/smver.c
+++ b/demos/smime/smver.c
@@ -66,8 +66,7 @@ int main(int argc, char **argv)
         ERR_print_errors_fp(stderr);
     }
     PKCS7_free(p7);
-    if (cacert)
-        X509_free(cacert);
+    X509_free(cacert);
     BIO_free(in);
     BIO_free(out);
     BIO_free(tbio);
diff --git a/demos/spkigen.c b/demos/spkigen.c
index c272a8c..7df8f34 100644
--- a/demos/spkigen.c
+++ b/demos/spkigen.c
@@ -166,7 +166,6 @@ EVP_PKEY *pkey;
     pk = NULL;
     ok = 1;
  err:
-    if (pk != NULL)
-        X509_PUBKEY_free(pk);
+    X509_PUBKEY_free(pk);
     return (ok);
 }
diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod
index b17888f..bad12e4 100644
--- a/doc/crypto/X509_STORE_CTX_new.pod
+++ b/doc/crypto/X509_STORE_CTX_new.pod
@@ -37,6 +37,7 @@ The context can then be reused with an new call to X509_STORE_CTX_init().
 
 X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx>
 is no longer valid.
+If B<ctx> is NULL nothing is done.
 
 X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
 The trusted certificate store is set to B<store>, the end entity certificate
diff --git a/doc/crypto/X509_new.pod b/doc/crypto/X509_new.pod
index d388723..d6f3d30 100644
--- a/doc/crypto/X509_new.pod
+++ b/doc/crypto/X509_new.pod
@@ -19,6 +19,7 @@ X509 structure, which represents an X509 certificate.
 X509_new() allocates and initializes a X509 structure.
 
 X509_free() frees up the B<X509> structure B<a>.
+If B<a> is NULL nothing is done.
 
 =head1 RETURN VALUES
 
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 3eb67ef..bbff778 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1314,21 +1314,18 @@ int ssl3_get_server_certificate(SSL *s)
          * Why would the following ever happen? We just created sc a couple
          * of lines ago.
          */
-        if (sc->peer_pkeys[i].x509 != NULL)
-            X509_free(sc->peer_pkeys[i].x509);
+        X509_free(sc->peer_pkeys[i].x509);
         sc->peer_pkeys[i].x509 = x;
         sc->peer_key = &(sc->peer_pkeys[i]);
 
-        if (s->session->peer != NULL)
-            X509_free(s->session->peer);
+        X509_free(s->session->peer);
         CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
         s->session->peer = x;
     } else {
         sc->peer_cert_type = i;
         sc->peer_key = NULL;
 
-        if (s->session->peer != NULL)
-            X509_free(s->session->peer);
+        X509_free(s->session->peer);
         s->session->peer = NULL;
     }
     s->session->verify_result = s->verify_result;
@@ -2149,15 +2146,13 @@ int ssl3_get_certificate_request(SSL *s)
     /* we should setup a certificate to return.... */
     s->s3->tmp.cert_req = 1;
     s->s3->tmp.ctype_num = ctype_num;
-    if (s->s3->tmp.ca_names != NULL)
-        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
     s->s3->tmp.ca_names = ca_sk;
     ca_sk = NULL;
 
     ret = 1;
  err:
-    if (ca_sk != NULL)
-        sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
+    sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
     return (ret);
 }
 
@@ -3339,8 +3334,7 @@ int ssl3_send_client_certificate(SSL *s)
                    SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
         }
 
-        if (x509 != NULL)
-            X509_free(x509);
+        X509_free(x509);
         if (pkey != NULL)
             EVP_PKEY_free(pkey);
         if (i && !ssl3_check_client_certificate(s))
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7bb3a92..ef2ddb4 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3126,8 +3126,7 @@ void ssl3_free(SSL *s)
     EC_KEY_free(s->s3->tmp.ecdh);
 #endif
 
-    if (s->s3->tmp.ca_names != NULL)
-        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
     BIO_free(s->s3->handshake_buffer);
     if (s->s3->handshake_dgst)
         ssl3_free_digest_list(s);
@@ -3149,8 +3148,7 @@ void ssl3_clear(SSL *s)
     int init_extra;
 
     ssl3_cleanup_key_block(s);
-    if (s->s3->tmp.ca_names != NULL)
-        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
 
 #ifndef OPENSSL_NO_DH
     DH_free(s->s3->tmp.dh);
@@ -3925,10 +3923,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
         break;
 
     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
-        if (ctx->extra_certs) {
-            sk_X509_pop_free(ctx->extra_certs, X509_free);
-            ctx->extra_certs = NULL;
-        }
+        sk_X509_pop_free(ctx->extra_certs, X509_free);
+        ctx->extra_certs = NULL;
         break;
 
     case SSL_CTRL_CHAIN:
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 6c1ba3a..77420a1 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3271,8 +3271,7 @@ int ssl3_get_client_certificate(SSL *s)
         EVP_PKEY_free(pkey);
     }
 
-    if (s->session->peer != NULL) /* This should not be needed */
-        X509_free(s->session->peer);
+    X509_free(s->session->peer);
     s->session->peer = sk_X509_shift(sk);
     s->session->verify_result = s->verify_result;
 
@@ -3287,8 +3286,7 @@ int ssl3_get_client_certificate(SSL *s)
             goto err;
         }
     }
-    if (s->session->sess_cert->cert_chain != NULL)
-        sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
+    sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
     s->session->sess_cert->cert_chain = sk;
     /*
      * Inconsistency alert: cert_chain does *not* include the peer's own
@@ -3303,10 +3301,8 @@ int ssl3_get_client_certificate(SSL *s)
         ssl3_send_alert(s, SSL3_AL_FATAL, al);
     }
  err:
-    if (x != NULL)
-        X509_free(x);
-    if (sk != NULL)
-        sk_X509_pop_free(sk, X509_free);
+    X509_free(x);
+    sk_X509_pop_free(sk, X509_free);
     return (ret);
 }
 
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 4daa296..0ae9646 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -398,16 +398,12 @@ void ssl_cert_clear_certs(CERT *c)
         return;
     for (i = 0; i < SSL_PKEY_NUM; i++) {
         CERT_PKEY *cpk = c->pkeys + i;
-        if (cpk->x509) {
-            X509_free(cpk->x509);
-            cpk->x509 = NULL;
-        }
+        X509_free(cpk->x509);
+        cpk->x509 = NULL;
         EVP_PKEY_free(cpk->privatekey);
         cpk->privatekey = NULL;
-        if (cpk->chain) {
-            sk_X509_pop_free(cpk->chain, X509_free);
-            cpk->chain = NULL;
-        }
+        sk_X509_pop_free(cpk->chain, X509_free);
+        cpk->chain = NULL;
 #ifndef OPENSSL_NO_TLSEXT
         if (cpk->serverinfo) {
             OPENSSL_free(cpk->serverinfo);
@@ -461,10 +457,8 @@ void ssl_cert_free(CERT *c)
         OPENSSL_free(c->shared_sigalgs);
     if (c->ctypes)
         OPENSSL_free(c->ctypes);
-    if (c->verify_store)
-        X509_STORE_free(c->verify_store);
-    if (c->chain_store)
-        X509_STORE_free(c->chain_store);
+    X509_STORE_free(c->verify_store);
+    X509_STORE_free(c->chain_store);
     if (c->ciphers_raw)
         OPENSSL_free(c->ciphers_raw);
 #ifndef OPENSSL_NO_TLSEXT
@@ -485,8 +479,7 @@ int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
     CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
     if (!cpk)
         return 0;
-    if (cpk->chain)
-        sk_X509_pop_free(cpk->chain, X509_free);
+    sk_X509_pop_free(cpk->chain, X509_free);
     for (i = 0; i < sk_X509_num(chain); i++) {
         r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
         if (r != 1) {
@@ -629,11 +622,9 @@ void ssl_sess_cert_free(SESS_CERT *sc)
 #endif
 
     /* i == 0 */
-    if (sc->cert_chain != NULL)
-        sk_X509_pop_free(sc->cert_chain, X509_free);
+    sk_X509_pop_free(sc->cert_chain, X509_free);
     for (i = 0; i < SSL_PKEY_NUM; i++) {
-        if (sc->peer_pkeys[i].x509 != NULL)
-            X509_free(sc->peer_pkeys[i].x509);
+        X509_free(sc->peer_pkeys[i].x509);
 #if 0
         /*
          * We don't have the peer's private key. These lines are just
@@ -726,9 +717,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
 static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
                                STACK_OF(X509_NAME) *name_list)
 {
-    if (*ca_list != NULL)
-        sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
-
+    sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
     *ca_list = name_list;
 }
 
@@ -867,15 +856,12 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 
     if (0) {
  err:
-        if (ret != NULL)
-            sk_X509_NAME_pop_free(ret, X509_NAME_free);
+        sk_X509_NAME_pop_free(ret, X509_NAME_free);
         ret = NULL;
     }
-    if (sk != NULL)
-        sk_X509_NAME_free(sk);
+    sk_X509_NAME_free(sk);
     BIO_free(in);
-    if (x != NULL)
-        X509_free(x);
+    X509_free(x);
     if (ret != NULL)
         ERR_clear_error();
     return (ret);
@@ -1205,8 +1191,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
             goto err;
         }
     }
-    if (cpk->chain)
-        sk_X509_pop_free(cpk->chain, X509_free);
+    sk_X509_pop_free(cpk->chain, X509_free);
     cpk->chain = chain;
     if (rv == 0)
         rv = 1;
@@ -1224,8 +1209,7 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
         pstore = &c->chain_store;
     else
         pstore = &c->verify_store;
-    if (*pstore)
-        X509_STORE_free(*pstore);
+    X509_STORE_free(*pstore);
     *pstore = store;
     if (ref && store)
         CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 73eafdb..7319cd8 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -532,9 +532,7 @@ void SSL_free(SSL *s)
     }
 #endif
 
-    if (s->param)
-        X509_VERIFY_PARAM_free(s->param);
-
+    X509_VERIFY_PARAM_free(s->param);
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
     if (s->bbio != NULL) {
@@ -581,8 +579,7 @@ void SSL_free(SSL *s)
     if (s->tlsext_ellipticcurvelist)
         OPENSSL_free(s->tlsext_ellipticcurvelist);
 # endif                         /* OPENSSL_NO_EC */
-    if (s->tlsext_ocsp_exts)
-        sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
+    sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
     if (s->tlsext_ocsp_ids)
         sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
     if (s->tlsext_ocsp_resp)
@@ -591,8 +588,7 @@ void SSL_free(SSL *s)
         OPENSSL_free(s->alpn_client_proto_list);
 #endif
 
-    if (s->client_CA != NULL)
-        sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
+    sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
 
     if (s->method != NULL)
         s->method->ssl_free(s);
@@ -2032,8 +2028,7 @@ void SSL_CTX_free(SSL_CTX *a)
     }
 #endif
 
-    if (a->param)
-        X509_VERIFY_PARAM_free(a->param);
+    X509_VERIFY_PARAM_free(a->param);
 
     /*
      * Free internal session cache. However: the remove_cb() may reference
@@ -2052,17 +2047,14 @@ void SSL_CTX_free(SSL_CTX *a)
     if (a->sessions != NULL)
         lh_SSL_SESSION_free(a->sessions);
 
-    if (a->cert_store != NULL)
-        X509_STORE_free(a->cert_store);
+    X509_STORE_free(a->cert_store);
     if (a->cipher_list != NULL)
         sk_SSL_CIPHER_free(a->cipher_list);
     if (a->cipher_list_by_id != NULL)
         sk_SSL_CIPHER_free(a->cipher_list_by_id);
     ssl_cert_free(a->cert);
-    if (a->client_CA != NULL)
-        sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
-    if (a->extra_certs != NULL)
-        sk_X509_pop_free(a->extra_certs, X509_free);
+    sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
+    sk_X509_pop_free(a->extra_certs, X509_free);
     a->comp_methods = NULL;
 
 #ifndef OPENSSL_NO_SRTP
@@ -3186,8 +3178,7 @@ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
 
 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
 {
-    if (ctx->cert_store != NULL)
-        X509_STORE_free(ctx->cert_store);
+    X509_STORE_free(ctx->cert_store);
     ctx->cert_store = store;
 }
 
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index b5d457a..e4798e9 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -119,8 +119,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
 
     ret = SSL_use_certificate(ssl, x);
  end:
-    if (x != NULL)
-        X509_free(x);
+    X509_free(x);
     BIO_free(in);
     return (ret);
 }
@@ -418,8 +417,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
 
     EVP_PKEY_free(pkey);
 
-    if (c->pkeys[i].x509 != NULL)
-        X509_free(c->pkeys[i].x509);
+    X509_free(c->pkeys[i].x509);
     CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
     c->pkeys[i].x509 = x;
     c->key = &(c->pkeys[i]);
@@ -465,8 +463,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
 
     ret = SSL_CTX_use_certificate(ctx, x);
  end:
-    if (x != NULL)
-        X509_free(x);
+    X509_free(x);
     BIO_free(in);
     return (ret);
 }
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 51f30fb..eed38ca 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -732,8 +732,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
     OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
     OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
     ssl_sess_cert_free(ss->sess_cert);
-    if (ss->peer != NULL)
-        X509_free(ss->peer);
+    X509_free(ss->peer);
     if (ss->ciphers != NULL)
         sk_SSL_CIPHER_free(ss->ciphers);
 #ifndef OPENSSL_NO_TLSEXT
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 985c357..b77074a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2219,11 +2219,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
                 }
                 sdata = data;
                 if (dsize > 0) {
-                    if (s->tlsext_ocsp_exts) {
-                        sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
-                                                   X509_EXTENSION_free);
-                    }
-
+                    sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
+                                               X509_EXTENSION_free);
                     s->tlsext_ocsp_exts =
                         d2i_X509_EXTENSIONS(NULL, &sdata, dsize);
                     if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) {


More information about the openssl-commits mailing list