[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Mon Jun 12 20:20:51 UTC 2017


The branch master has been updated
       via  2234212c3dde887e0b7fa08277d035cd132e2cce (commit)
      from  71d8c138cf0a72663cd401d753564eecd8c23289 (commit)


- Log -----------------------------------------------------------------
commit 2234212c3dde887e0b7fa08277d035cd132e2cce
Author: Paul Yang <paulyang.inf at gmail.com>
Date:   Tue Jun 13 01:24:02 2017 +0800

    Clean up a bundle of codingstyle stuff in apps directory
    
    Mostly braces and NULL pointer check and also copyright year bump
    
    Signed-off-by: Paul Yang <paulyang.inf at gmail.com>
    
    Reviewed-by: Kurt Roeckx <kurt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3657)

-----------------------------------------------------------------------

Summary of changes:
 apps/app_rand.c  |   9 +--
 apps/apps.c      | 138 ++++++++++++++++++++-------------------
 apps/asn1pars.c  |  16 ++---
 apps/ca.c        |  80 ++++++++++++-----------
 apps/ciphers.c   |   2 +-
 apps/cms.c       | 196 ++++++++++++++++++++++++++++---------------------------
 apps/crl2p7.c    |   4 +-
 apps/dgst.c      |  56 ++++++++--------
 apps/dhparam.c   |   9 +--
 apps/dsa.c       |  17 +++--
 apps/dsaparam.c  |   7 +-
 apps/ec.c        |  15 +++--
 apps/ecparam.c   |  10 +--
 apps/enc.c       |  18 ++---
 apps/engine.c    |  16 ++---
 apps/errstr.c    |   6 +-
 apps/genpkey.c   |   6 +-
 apps/ocsp.c      | 139 ++++++++++++++++++++-------------------
 apps/openssl.c   |  16 ++---
 apps/opt.c       |  13 ++--
 apps/passwd.c    |   4 +-
 apps/pkcs12.c    |  33 ++++++----
 apps/pkcs8.c     |  35 +++++-----
 apps/pkey.c      |  17 +++--
 apps/pkeyparam.c |   4 +-
 apps/pkeyutl.c   |  25 +++----
 apps/progs.pl    |   4 +-
 apps/rehash.c    |  12 ++--
 apps/req.c       | 134 ++++++++++++++++++++-----------------
 apps/rsa.c       |  18 ++---
 apps/rsautl.c    |  12 ++--
 apps/s_apps.h    |   2 +-
 apps/s_cb.c      |  68 ++++++++++---------
 apps/s_client.c  |  38 ++++++-----
 apps/s_server.c  |  80 ++++++++++++-----------
 apps/s_time.c    |  12 ++--
 apps/sess_id.c   |  20 +++---
 apps/smime.c     |  82 ++++++++++++-----------
 apps/speed.c     |   4 +-
 apps/srp.c       |  26 ++++----
 apps/testdsa.h   |   2 +-
 apps/ts.c        |  14 ++--
 apps/verify.c    |   8 +--
 apps/version.c   |   7 +-
 apps/x509.c      |  40 +++++++-----
 45 files changed, 770 insertions(+), 704 deletions(-)

diff --git a/apps/app_rand.c b/apps/app_rand.c
index 0d44af9..8a85cc9 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,18 +19,19 @@ int app_RAND_load_file(const char *file, int dont_warn)
     int consider_randfile = (file == NULL);
     char buffer[200];
 
-    if (file == NULL)
+    if (file == NULL) {
         file = RAND_file_name(buffer, sizeof buffer);
 #ifndef OPENSSL_NO_EGD
-    else if (RAND_egd(file) > 0) {
+    } else if (RAND_egd(file) > 0) {
         /*
          * we try if the given filename is an EGD socket. if it is, we don't
          * write anything back to the file.
          */
         egdsocket = 1;
         return 1;
-    }
 #endif
+    }
+
     if (file == NULL || !RAND_load_file(file, -1)) {
         if (RAND_status() == 0) {
             if (!dont_warn) {
diff --git a/apps/apps.c b/apps/apps.c
index 15cf4a7..a89d4eb 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -140,9 +140,8 @@ int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
 
 int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
 {
-    if (path == NULL) {
+    if (path == NULL)
         return SSL_CTX_set_default_ctlog_list_file(ctx);
-    }
 
     return SSL_CTX_set_ctlog_list_file(ctx, path);
 }
@@ -312,8 +311,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
         if (ok >= 0)
             do {
                 ok = UI_process(ui);
-            }
-            while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+            } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
 
         OPENSSL_clear_free(buff, (unsigned int)bufsiz);
 
@@ -342,22 +340,24 @@ static char *app_get_pass(const char *arg, int keepbio);
 int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
 {
     int same;
-    if (!arg2 || !arg1 || strcmp(arg1, arg2))
+    if (arg2 == NULL || arg1 == NULL || strcmp(arg1, arg2))
         same = 0;
     else
         same = 1;
-    if (arg1) {
+    if (arg1 != NULL) {
         *pass1 = app_get_pass(arg1, same);
-        if (!*pass1)
+        if (*pass1 == NULL)
             return 0;
-    } else if (pass1)
+    } else if (pass1 != NULL) {
         *pass1 = NULL;
-    if (arg2) {
+    }
+    if (arg2 != NULL) {
         *pass2 = app_get_pass(arg2, same ? 2 : 0);
-        if (!*pass2)
+        if (*pass2 == NULL)
             return 0;
-    } else if (pass2)
+    } else if (pass2 != NULL) {
         *pass2 = NULL;
+    }
     return 1;
 }
 
@@ -371,16 +371,16 @@ static char *app_get_pass(const char *arg, int keepbio)
         return OPENSSL_strdup(arg + 5);
     if (strncmp(arg, "env:", 4) == 0) {
         tmp = getenv(arg + 4);
-        if (!tmp) {
+        if (tmp == NULL) {
             BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4);
             return NULL;
         }
         return OPENSSL_strdup(tmp);
     }
-    if (!keepbio || !pwdbio) {
+    if (!keepbio || pwdbio == NULL) {
         if (strncmp(arg, "file:", 5) == 0) {
             pwdbio = BIO_new_file(arg + 5, "r");
-            if (!pwdbio) {
+            if (pwdbio == NULL) {
                 BIO_printf(bio_err, "Can't open file %s\n", arg + 5);
                 return NULL;
             }
@@ -429,7 +429,7 @@ static char *app_get_pass(const char *arg, int keepbio)
         return NULL;
     }
     tmp = strchr(tpass, '\n');
-    if (tmp)
+    if (tmp != NULL)
         *tmp = 0;
     return OPENSSL_strdup(tpass);
 }
@@ -454,6 +454,7 @@ static CONF *app_load_config_(BIO *in, const char *filename)
     NCONF_free(conf);
     return NULL;
 }
+
 CONF *app_load_config(const char *filename)
 {
     BIO *in;
@@ -467,6 +468,7 @@ CONF *app_load_config(const char *filename)
     BIO_free(in);
     return conf;
 }
+
 CONF *app_load_config_quiet(const char *filename)
 {
     BIO *in;
@@ -540,9 +542,9 @@ static int load_pkcs12(BIO *in, const char *desc,
         goto die;
     }
     /* See if an empty password will do */
-    if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
+    if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) {
         pass = "";
-    else {
+    } else {
         if (!pem_cb)
             pem_cb = (pem_password_cb *)password_callback;
         len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
@@ -603,8 +605,7 @@ static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
     OPENSSL_free(host);
     OPENSSL_free(path);
     OPENSSL_free(port);
-    if (bio)
-        BIO_free_all(bio);
+    BIO_free_all(bio);
     OCSP_REQ_CTX_free(rctx);
     if (rv != 1) {
         BIO_printf(bio_err, "Error loading %s from %s\n",
@@ -630,17 +631,18 @@ X509 *load_cert(const char *file, int format, const char *cert_descrip)
     if (file == NULL) {
         unbuffer(stdin);
         cert = dup_bio_in(format);
-    } else
+    } else {
         cert = bio_open_default(file, 'r', format);
+    }
     if (cert == NULL)
         goto end;
 
-    if (format == FORMAT_ASN1)
+    if (format == FORMAT_ASN1) {
         x = d2i_X509_bio(cert, NULL);
-    else if (format == FORMAT_PEM)
+    } else if (format == FORMAT_PEM) {
         x = PEM_read_bio_X509_AUX(cert, NULL,
                                   (pem_password_cb *)password_callback, NULL);
-    else if (format == FORMAT_PKCS12) {
+    } else if (format == FORMAT_PKCS12) {
         if (!load_pkcs12(cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
             goto end;
     } else {
@@ -671,11 +673,11 @@ X509_CRL *load_crl(const char *infile, int format)
     in = bio_open_default(infile, 'r', format);
     if (in == NULL)
         goto end;
-    if (format == FORMAT_ASN1)
+    if (format == FORMAT_ASN1) {
         x = d2i_X509_CRL_bio(in, NULL);
-    else if (format == FORMAT_PEM)
+    } else if (format == FORMAT_PEM) {
         x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
-    else {
+    } else {
         BIO_printf(bio_err, "bad input format specified for input crl\n");
         goto end;
     }
@@ -705,9 +707,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
         goto end;
     }
     if (format == FORMAT_ENGINE) {
-        if (e == NULL)
+        if (e == NULL) {
             BIO_printf(bio_err, "no engine specified\n");
-        else {
+        } else {
 #ifndef OPENSSL_NO_ENGINE
             if (ENGINE_init(e)) {
                 pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
@@ -726,8 +728,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
     if (file == NULL && maybe_stdin) {
         unbuffer(stdin);
         key = dup_bio_in(format);
-    } else
+    } else {
         key = bio_open_default(file, 'r', format);
+    }
     if (key == NULL)
         goto end;
     if (format == FORMAT_ASN1) {
@@ -736,21 +739,19 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
         pkey = PEM_read_bio_PrivateKey(key, NULL,
                                        (pem_password_cb *)password_callback,
                                        &cb_data);
-    }
-    else if (format == FORMAT_PKCS12) {
+    } else if (format == FORMAT_PKCS12) {
         if (!load_pkcs12(key, key_descrip,
                          (pem_password_cb *)password_callback, &cb_data,
                          &pkey, NULL, NULL))
             goto end;
-    }
 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
-    else if (format == FORMAT_MSBLOB)
+    } else if (format == FORMAT_MSBLOB) {
         pkey = b2i_PrivateKey_bio(key);
-    else if (format == FORMAT_PVK)
+    } else if (format == FORMAT_PVK) {
         pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
                            &cb_data);
 #endif
-    else {
+    } else {
         BIO_printf(bio_err, "bad input format specified for key file\n");
         goto end;
     }
@@ -778,9 +779,9 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
         goto end;
     }
     if (format == FORMAT_ENGINE) {
-        if (e == NULL)
+        if (e == NULL) {
             BIO_printf(bio_err, "no engine specified\n");
-        else {
+        } else {
 #ifndef OPENSSL_NO_ENGINE
             pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
             if (pkey == NULL) {
@@ -796,14 +797,14 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
     if (file == NULL && maybe_stdin) {
         unbuffer(stdin);
         key = dup_bio_in(format);
-    } else
+    } else {
         key = bio_open_default(file, 'r', format);
+    }
     if (key == NULL)
         goto end;
     if (format == FORMAT_ASN1) {
         pkey = d2i_PUBKEY_bio(key, NULL);
-    }
-    else if (format == FORMAT_ASN1RSA) {
+    } else if (format == FORMAT_ASN1RSA) {
 #ifndef OPENSSL_NO_RSA
         RSA *rsa;
         rsa = d2i_RSAPublicKey_bio(key, NULL);
@@ -833,16 +834,15 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
         BIO_printf(bio_err, "RSA keys not supported\n");
 #endif
             pkey = NULL;
-    }
-    else if (format == FORMAT_PEM) {
+    } else if (format == FORMAT_PEM) {
         pkey = PEM_read_bio_PUBKEY(key, NULL,
                                    (pem_password_cb *)password_callback,
                                    &cb_data);
-    }
 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
-    else if (format == FORMAT_MSBLOB)
+    } else if (format == FORMAT_MSBLOB) {
         pkey = b2i_PublicKey_bio(key);
 #endif
+    }
  end:
     BIO_free(key);
     if (pkey == NULL)
@@ -880,36 +880,36 @@ static int load_certs_crls(const char *file, int format,
 
     BIO_free(bio);
 
-    if (pcerts && *pcerts == NULL) {
+    if (pcerts != NULL && *pcerts == NULL) {
         *pcerts = sk_X509_new_null();
-        if (!*pcerts)
+        if (*pcerts == NULL)
             goto end;
     }
 
-    if (pcrls && *pcrls == NULL) {
+    if (pcrls != NULL && *pcrls == NULL) {
         *pcrls = sk_X509_CRL_new_null();
-        if (!*pcrls)
+        if (*pcrls == NULL)
             goto end;
     }
 
     for (i = 0; i < sk_X509_INFO_num(xis); i++) {
         xi = sk_X509_INFO_value(xis, i);
-        if (xi->x509 && pcerts) {
+        if (xi->x509 != NULL && pcerts != NULL) {
             if (!sk_X509_push(*pcerts, xi->x509))
                 goto end;
             xi->x509 = NULL;
         }
-        if (xi->crl && pcrls) {
+        if (xi->crl != NULL && pcrls != NULL) {
             if (!sk_X509_CRL_push(*pcrls, xi->crl))
                 goto end;
             xi->crl = NULL;
         }
     }
 
-    if (pcerts && sk_X509_num(*pcerts) > 0)
+    if (pcerts != NULL && sk_X509_num(*pcerts) > 0)
         rv = 1;
 
-    if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
+    if (pcrls != NULL && sk_X509_CRL_num(*pcrls) > 0)
         rv = 1;
 
  end:
@@ -917,11 +917,11 @@ static int load_certs_crls(const char *file, int format,
     sk_X509_INFO_pop_free(xis, X509_INFO_free);
 
     if (rv == 0) {
-        if (pcerts) {
+        if (pcerts != NULL) {
             sk_X509_pop_free(*pcerts, X509_free);
             *pcerts = NULL;
         }
-        if (pcrls) {
+        if (pcrls != NULL) {
             sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
             *pcrls = NULL;
         }
@@ -1126,8 +1126,9 @@ static int set_table_opts(unsigned long *flags, const char *arg,
     } else if (c == '+') {
         c = 1;
         arg++;
-    } else
+    } else {
         c = 1;
+    }
 
     for (ptbl = in_tbl; ptbl->name; ptbl++) {
         if (strcasecmp(arg, ptbl->name) == 0) {
@@ -1172,9 +1173,9 @@ void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
                       int len, unsigned char *buffer)
 {
     BIO_printf(out, "    static unsigned char %s_%d[] = {", var, len);
-    if (BN_is_zero(in))
+    if (BN_is_zero(in)) {
         BIO_printf(out, "\n\t0x00");
-    else {
+    } else {
         int i, l;
 
         l = BN_bn2bin(in, buffer);
@@ -1189,6 +1190,7 @@ void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
     }
     BIO_printf(out, "\n    };\n");
 }
+
 void print_array(BIO *out, const char* title, int len, const unsigned char* d)
 {
     int i;
@@ -1222,8 +1224,9 @@ X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, i
                 BIO_printf(bio_err, "Error loading file %s\n", CAfile);
                 goto end;
             }
-        } else
+        } else {
             X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+        }
     }
 
     if (CApath != NULL || !noCApath) {
@@ -1235,8 +1238,9 @@ X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, i
                 BIO_printf(bio_err, "Error loading directory %s\n", CApath);
                 goto end;
             }
-        } else
+        } else {
             X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+        }
     }
 
     ERR_clear_error();
@@ -1267,7 +1271,7 @@ ENGINE *setup_engine(const char *engine, int debug)
     ENGINE *e = NULL;
 
 #ifndef OPENSSL_NO_ENGINE
-    if (engine) {
+    if (engine != NULL) {
         if (strcmp(engine, "auto") == 0) {
             BIO_printf(bio_err, "enabling auto ENGINE support\n");
             ENGINE_register_all_complete();
@@ -1873,8 +1877,9 @@ static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
             node = sk_X509_POLICY_NODE_value(nodes, i);
             X509_POLICY_NODE_print(bio_err, node, 2);
         }
-    } else
+    } else {
         BIO_puts(bio_err, " <empty>\n");
+    }
 }
 
 void policies_print(X509_STORE_CTX *ctx)
@@ -1919,8 +1924,9 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in)
             }
             out[start] = i - start;
             start = i + 1;
-        } else
+        } else {
             out[i + 1] = in[i];
+        }
     }
 
     *outlen = len + 1;
@@ -2229,9 +2235,9 @@ double app_tminterval(int stop, int usertime)
     if (usertime)
         now = rus.tms_utime;
 
-    if (stop == TM_START)
+    if (stop == TM_START) {
         tmstart = now;
-    else {
+    } else {
         long int tck = sysconf(_SC_CLK_TCK);
         ret = (now - tmstart) / (double)tck;
     }
@@ -2368,7 +2374,7 @@ int raw_read_stdin(void *buf, int siz)
         return (-1);
 }
 #elif defined(__VMS)
-#include <sys/socket.h>
+# include <sys/socket.h>
 
 int raw_read_stdin(void *buf, int siz)
 {
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index c4b2038..048d65f 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -194,9 +194,7 @@ int asn1parse_main(int argc, char **argv)
                 ERR_print_errors(bio_err);
                 goto end;
             }
-        }
-
-        else {
+        } else {
 
             if (informat == FORMAT_PEM) {
                 BIO *tmp;
@@ -273,7 +271,7 @@ int asn1parse_main(int argc, char **argv)
 
     if ((length == 0) || ((long)length > num))
         length = (unsigned int)num;
-    if (derout) {
+    if (derout != NULL) {
         if (BIO_write(derout, str + offset, length) != (int)length) {
             BIO_printf(bio_err, "Error writing output\n");
             ERR_print_errors(bio_err);
@@ -323,12 +321,12 @@ static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
     unsigned char *p;
     ASN1_TYPE *atyp = NULL;
 
-    if (genconf) {
+    if (genconf != NULL) {
         if ((cnf = app_load_config(genconf)) == NULL)
             goto err;
-        if (!genstr)
+        if (genstr == NULL)
             genstr = NCONF_get_string(cnf, "default", "asn1");
-        if (!genstr) {
+        if (genstr == NULL) {
             BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf);
             goto err;
         }
@@ -338,7 +336,7 @@ static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
     NCONF_free(cnf);
     cnf = NULL;
 
-    if (!atyp)
+    if (atyp == NULL)
         return -1;
 
     len = i2d_ASN1_TYPE(atyp, NULL);
diff --git a/apps/ca.c b/apps/ca.c
index 7e6e103..91d962f 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -471,17 +471,17 @@ end_of_options:
     app_RAND_load_file(randfile, 0);
 
     f = NCONF_get_string(conf, section, STRING_MASK);
-    if (!f)
+    if (f == NULL)
         ERR_clear_error();
 
-    if (f && !ASN1_STRING_set_default_mask_asc(f)) {
+    if (f != NULL && !ASN1_STRING_set_default_mask_asc(f)) {
         BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
         goto end;
     }
 
     if (chtype != MBSTRING_UTF8) {
         f = NCONF_get_string(conf, section, UTF8_IN);
-        if (!f)
+        if (f == NULL)
             ERR_clear_error();
         else if (strcmp(f, "yes") == 0)
             chtype = MBSTRING_UTF8;
@@ -489,9 +489,9 @@ end_of_options:
 
     db_attr.unique_subject = 1;
     p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
-    if (p) {
+    if (p != NULL)
         db_attr.unique_subject = parse_yesno(p, 1);
-    } else
+    else
         ERR_clear_error();
 
     /*****************************************************************/
@@ -520,7 +520,7 @@ end_of_options:
         && (keyfile = lookup_conf(conf, section, ENV_PRIVATE_KEY)) == NULL)
         goto end;
 
-    if (!key) {
+    if (key == NULL) {
         free_key = 1;
         if (!app_passwd(passinarg, NULL, &key, NULL)) {
             BIO_printf(bio_err, "Error getting password\n");
@@ -528,12 +528,11 @@ end_of_options:
         }
     }
     pkey = load_key(keyfile, keyformat, 0, key, e, "CA private key");
-    if (key)
+    if (key != NULL)
         OPENSSL_cleanse(key, strlen(key));
-    if (pkey == NULL) {
+    if (pkey == NULL)
         /* load_key() has already printed an appropriate message */
         goto end;
-    }
 
     /*****************************************************************/
     /* we need a certificate */
@@ -568,7 +567,7 @@ end_of_options:
 
     f = NCONF_get_string(conf, section, ENV_NAMEOPT);
 
-    if (f) {
+    if (f != NULL) {
         if (!set_nameopt(f)) {
             BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
             goto end;
@@ -578,24 +577,26 @@ end_of_options:
 
     f = NCONF_get_string(conf, section, ENV_CERTOPT);
 
-    if (f) {
+    if (f != NULL) {
         if (!set_cert_ex(&certopt, f)) {
             BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
             goto end;
         }
         default_op = 0;
-    } else
+    } else {
         ERR_clear_error();
+    }
 
     f = NCONF_get_string(conf, section, ENV_EXTCOPY);
 
-    if (f) {
+    if (f != NULL) {
         if (!set_ext_copy(&ext_copy, f)) {
             BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
             goto end;
         }
-    } else
+    } else {
         ERR_clear_error();
+    }
 
     /*****************************************************************/
     /* lookup where to write new certificates */
@@ -774,17 +775,17 @@ end_of_options:
         if (serialfile == NULL)
             goto end;
 
-        if (!extconf) {
+        if (extconf == NULL) {
             /*
              * no '-extfile' option, so we look for extensions in the main
              * configuration file
              */
-            if (!extensions) {
+            if (extensions == NULL) {
                 extensions = NCONF_get_string(conf, section, ENV_EXTENSIONS);
-                if (!extensions)
+                if (extensions == NULL)
                     ERR_clear_error();
             }
-            if (extensions) {
+            if (extensions != NULL) {
                 /* Check syntax of file */
                 X509V3_CTX ctx;
                 X509V3_set_ctx_test(&ctx);
@@ -805,7 +806,7 @@ end_of_options:
             if (startdate == NULL)
                 ERR_clear_error();
         }
-        if (startdate && !ASN1_TIME_set_string_X509(NULL, startdate)) {
+        if (startdate != NULL && !ASN1_TIME_set_string_X509(NULL, startdate)) {
             BIO_printf(bio_err,
                        "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
             goto end;
@@ -818,7 +819,7 @@ end_of_options:
             if (enddate == NULL)
                 ERR_clear_error();
         }
-        if (enddate && !ASN1_TIME_set_string_X509(NULL, enddate)) {
+        if (enddate != NULL && !ASN1_TIME_set_string_X509(NULL, enddate)) {
             BIO_printf(bio_err,
                        "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
             goto end;
@@ -828,7 +829,7 @@ end_of_options:
             if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days))
                 days = 0;
         }
-        if (!enddate && (days == 0)) {
+        if (enddate == NULL && (days == 0)) {
             BIO_printf(bio_err,
                        "cannot lookup how many days to certify for\n");
             goto end;
@@ -839,9 +840,9 @@ end_of_options:
             goto end;
         }
         if (verbose) {
-            if (BN_is_zero(serial))
+            if (BN_is_zero(serial)) {
                 BIO_printf(bio_err, "next serial number is 00\n");
-            else {
+            } else {
                 if ((f = BN_bn2hex(serial)) == NULL)
                     goto end;
                 BIO_printf(bio_err, "next serial number is %s\n", f);
@@ -1045,12 +1046,12 @@ end_of_options:
     /*****************************************************************/
     if (gencrl) {
         int crl_v2 = 0;
-        if (!crl_ext) {
+        if (crl_ext == NULL) {
             crl_ext = NCONF_get_string(conf, section, ENV_CRLEXT);
-            if (!crl_ext)
+            if (crl_ext == NULL)
                 ERR_clear_error();
         }
-        if (crl_ext) {
+        if (crl_ext != NULL) {
             /* Check syntax of file */
             X509V3_CTX ctx;
             X509V3_set_ctx_test(&ctx);
@@ -1141,12 +1142,12 @@ end_of_options:
 
         /* Add any extensions asked for */
 
-        if (crl_ext || crlnumberfile != NULL) {
+        if (crl_ext != NULL || crlnumberfile != NULL) {
             X509V3_CTX crlctx;
             X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
             X509V3_set_nconf(&crlctx, conf);
 
-            if (crl_ext)
+            if (crl_ext != NULL)
                 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl))
                     goto end;
             if (crlnumberfile != NULL) {
@@ -1160,7 +1161,7 @@ end_of_options:
                     goto end;
             }
         }
-        if (crl_ext || crl_v2) {
+        if (crl_ext != NULL || crl_v2) {
             if (!X509_CRL_set_version(crl, 1))
                 goto end;       /* version 2 CRL */
         }
@@ -1297,8 +1298,9 @@ static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
                    "Signature did not match the certificate request\n");
         ERR_print_errors(bio_err);
         goto end;
-    } else
+    } else {
         BIO_printf(bio_err, "Signature ok\n");
+    }
 
     ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
                  chtype, multirdn, email_dn, startdate, enddate, days, batch,
@@ -1346,8 +1348,9 @@ static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x
         ok = 0;
         BIO_printf(bio_err, "Signature did not match the certificate\n");
         goto end;
-    } else
+    } else {
         BIO_printf(bio_err, "Signature ok\n");
+    }
 
     if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
         goto end;
@@ -1502,8 +1505,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
                                "The %s field needed to be supplied and was missing\n",
                                cv->name);
                     goto end;
-                } else
+                } else {
                     push = tne;
+                }
             } else if (strcmp(cv->value, "match") == 0) {
                 int last2;
 
@@ -1578,9 +1582,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
      * And add it later on because of the method extensions are added (altName)
      */
 
-    if (email_dn)
+    if (email_dn) {
         dn_subject = subject;
-    else {
+    } else {
         X509_NAME_ENTRY *tmpne;
         /*
          * Its best to dup the subject DN and then delete any email addresses
@@ -1718,7 +1722,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
         else
             X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
 
-        if (extconf) {
+        if (extconf != NULL) {
             if (verbose)
                 BIO_printf(bio_err, "Extra configuration file found\n");
 
@@ -2505,9 +2509,9 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
             goto end;
         }
 
-        if (reason_code == 7)
+        if (reason_code == 7) {
             reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
-        else if (reason_code == 8) { /* Hold instruction */
+        } else if (reason_code == 8) { /* Hold instruction */
             if (!arg_str) {
                 BIO_printf(bio_err, "missing hold instruction\n");
                 goto end;
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 531bf8d..3cbcc5e 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/cms.c b/apps/cms.c
index 3db36fe..25ee7e8 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -477,7 +477,7 @@ int cms_main(int argc, char **argv)
             break;
         case OPT_SIGNER:
             /* If previous -signer argument add signer to list */
-            if (signerfile) {
+            if (signerfile != NULL) {
                 if (sksigners == NULL
                     && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                     goto end;
@@ -494,7 +494,7 @@ int cms_main(int argc, char **argv)
             break;
         case OPT_INKEY:
             /* If previous -inkey argument add signer to list */
-            if (keyfile) {
+            if (keyfile != NULL) {
                 if (signerfile == NULL) {
                     BIO_puts(bio_err, "Illegal -inkey without -signer\n");
                     goto end;
@@ -525,8 +525,9 @@ int cms_main(int argc, char **argv)
                     goto end;
                 sk_X509_push(encerts, cert);
                 cert = NULL;
-            } else
+            } else {
                 recipfile = opt_arg();
+            }
             break;
         case OPT_CIPHER:
             if (!opt_cipher(opt_unknown(), &cipher))
@@ -535,12 +536,12 @@ int cms_main(int argc, char **argv)
         case OPT_KEYOPT:
             keyidx = -1;
             if (operation == SMIME_ENCRYPT) {
-                if (encerts)
+                if (encerts != NULL)
                     keyidx += sk_X509_num(encerts);
             } else {
-                if (keyfile || signerfile)
+                if (keyfile != NULL || signerfile != NULL)
                     keyidx++;
-                if (skkeys)
+                if (skkeys != NULL)
                     keyidx += sk_OPENSSL_STRING_num(skkeys);
             }
             if (keyidx < 0) {
@@ -586,60 +587,61 @@ int cms_main(int argc, char **argv)
     argc = opt_num_rest();
     argv = opt_rest();
 
-    if (((rr_allorfirst != -1) || rr_from) && !rr_to) {
+    if ((rr_allorfirst != -1 || rr_from != NULL) && rr_to == NULL) {
         BIO_puts(bio_err, "No Signed Receipts Recipients\n");
         goto opthelp;
     }
 
-    if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
+    if (!(operation & SMIME_SIGNERS) && (rr_to != NULL || rr_from != NULL)) {
         BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
         goto opthelp;
     }
-    if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
+    if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
         BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
         goto opthelp;
     }
 
     if (operation & SMIME_SIGNERS) {
-        if (keyfile && !signerfile) {
+        if (keyfile != NULL && signerfile == NULL) {
             BIO_puts(bio_err, "Illegal -inkey without -signer\n");
             goto opthelp;
         }
         /* Check to see if any final signer needs to be appended */
-        if (signerfile) {
-            if (!sksigners
+        if (signerfile != NULL) {
+            if (sksigners == NULL
                 && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                 goto end;
             sk_OPENSSL_STRING_push(sksigners, signerfile);
-            if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+            if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                 goto end;
-            if (!keyfile)
+            if (keyfile == NULL)
                 keyfile = signerfile;
             sk_OPENSSL_STRING_push(skkeys, keyfile);
         }
-        if (!sksigners) {
+        if (sksigners == NULL) {
             BIO_printf(bio_err, "No signer certificate specified\n");
             goto opthelp;
         }
         signerfile = NULL;
         keyfile = NULL;
         need_rand = 1;
-    }
-
-    else if (operation == SMIME_DECRYPT) {
-        if (!recipfile && !keyfile && !secret_key && !pwri_pass) {
+    } else if (operation == SMIME_DECRYPT) {
+        if (recipfile == NULL && keyfile == NULL
+            && secret_key == NULL && pwri_pass == NULL) {
             BIO_printf(bio_err,
                        "No recipient certificate or key specified\n");
             goto opthelp;
         }
     } else if (operation == SMIME_ENCRYPT) {
-        if (*argv == NULL && !secret_key && !pwri_pass && !encerts) {
+        if (*argv == NULL && secret_key == NULL
+            && pwri_pass == NULL && encerts == NULL) {
             BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
             goto opthelp;
         }
         need_rand = 1;
-    } else if (!operation)
+    } else if (!operation) {
         goto opthelp;
+    }
 
     if (!app_passwd(passinarg, NULL, &passin, NULL)) {
         BIO_printf(bio_err, "Error getting password\n");
@@ -658,15 +660,13 @@ int cms_main(int argc, char **argv)
     if (!(operation & SMIME_SIGNERS))
         flags &= ~CMS_DETACHED;
 
-    if (!(operation & SMIME_OP)) {
+    if (!(operation & SMIME_OP))
         if (flags & CMS_BINARY)
             outformat = FORMAT_BINARY;
-    }
 
-    if (!(operation & SMIME_IP)) {
+    if (!(operation & SMIME_IP))
         if (flags & CMS_BINARY)
             informat = FORMAT_BINARY;
-    }
 
     if (operation == SMIME_ENCRYPT) {
         if (!cipher) {
@@ -683,7 +683,7 @@ int cms_main(int argc, char **argv)
             goto end;
         }
 
-        if (*argv && !encerts)
+        if (*argv && encerts == NULL)
             if ((encerts = sk_X509_new_null()) == NULL)
                 goto end;
         while (*argv) {
@@ -696,7 +696,7 @@ int cms_main(int argc, char **argv)
         }
     }
 
-    if (certfile) {
+    if (certfile != NULL) {
         if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
                         "certificate file")) {
             ERR_print_errors(bio_err);
@@ -704,7 +704,7 @@ int cms_main(int argc, char **argv)
         }
     }
 
-    if (recipfile && (operation == SMIME_DECRYPT)) {
+    if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
         if ((recip = load_cert(recipfile, FORMAT_PEM,
                                "recipient certificate file")) == NULL) {
             ERR_print_errors(bio_err);
@@ -721,17 +721,18 @@ int cms_main(int argc, char **argv)
     }
 
     if (operation == SMIME_DECRYPT) {
-        if (!keyfile)
+        if (keyfile == NULL)
             keyfile = recipfile;
     } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) {
-        if (!keyfile)
+        if (keyfile == NULL)
             keyfile = signerfile;
-    } else
+    } else {
         keyfile = NULL;
+    }
 
-    if (keyfile) {
+    if (keyfile != NULL) {
         key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
-        if (!key)
+        if (key == NULL)
             goto end;
     }
 
@@ -740,29 +741,29 @@ int cms_main(int argc, char **argv)
         goto end;
 
     if (operation & SMIME_IP) {
-        if (informat == FORMAT_SMIME)
+        if (informat == FORMAT_SMIME) {
             cms = SMIME_read_CMS(in, &indata);
-        else if (informat == FORMAT_PEM)
+        } else if (informat == FORMAT_PEM) {
             cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
-        else if (informat == FORMAT_ASN1)
+        } else if (informat == FORMAT_ASN1) {
             cms = d2i_CMS_bio(in, NULL);
-        else {
+        } else {
             BIO_printf(bio_err, "Bad input format for CMS file\n");
             goto end;
         }
 
-        if (!cms) {
+        if (cms == NULL) {
             BIO_printf(bio_err, "Error reading S/MIME message\n");
             goto end;
         }
-        if (contfile) {
+        if (contfile != NULL) {
             BIO_free(indata);
             if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
                 BIO_printf(bio_err, "Can't read content file %s\n", contfile);
                 goto end;
             }
         }
-        if (certsoutfile) {
+        if (certsoutfile != NULL) {
             STACK_OF(X509) *allcerts;
             allcerts = CMS_get1_certs(cms);
             if (!save_certs(certsoutfile, allcerts)) {
@@ -775,25 +776,25 @@ int cms_main(int argc, char **argv)
         }
     }
 
-    if (rctfile) {
+    if (rctfile != NULL) {
         char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
         if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) {
             BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile);
             goto end;
         }
 
-        if (rctformat == FORMAT_SMIME)
+        if (rctformat == FORMAT_SMIME) {
             rcms = SMIME_read_CMS(rctin, NULL);
-        else if (rctformat == FORMAT_PEM)
+        } else if (rctformat == FORMAT_PEM) {
             rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
-        else if (rctformat == FORMAT_ASN1)
+        } else if (rctformat == FORMAT_ASN1) {
             rcms = d2i_CMS_bio(rctin, NULL);
-        else {
+        } else {
             BIO_printf(bio_err, "Bad input format for receipt\n");
             goto end;
         }
 
-        if (!rcms) {
+        if (rcms == NULL) {
             BIO_printf(bio_err, "Error reading receipt\n");
             goto end;
         }
@@ -823,7 +824,7 @@ int cms_main(int argc, char **argv)
         int i;
         flags |= CMS_PARTIAL;
         cms = CMS_encrypt(NULL, in, cipher, flags);
-        if (!cms)
+        if (cms == NULL)
             goto end;
         for (i = 0; i < sk_X509_num(encerts); i++) {
             CMS_RecipientInfo *ri;
@@ -837,9 +838,9 @@ int cms_main(int argc, char **argv)
                 }
             }
             ri = CMS_add1_recipient_cert(cms, x, tflags);
-            if (!ri)
+            if (ri == NULL)
                 goto end;
-            if (kparam) {
+            if (kparam != NULL) {
                 EVP_PKEY_CTX *pctx;
                 pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
                 if (!cms_set_pkey_param(pctx, kparam->param))
@@ -853,7 +854,7 @@ int cms_main(int argc, char **argv)
             }
         }
 
-        if (secret_key) {
+        if (secret_key != NULL) {
             if (!CMS_add0_recipient_key(cms, NID_undef,
                                         secret_key, secret_keylen,
                                         secret_keyid, secret_keyidlen,
@@ -863,13 +864,13 @@ int cms_main(int argc, char **argv)
             secret_key = NULL;
             secret_keyid = NULL;
         }
-        if (pwri_pass) {
+        if (pwri_pass != NULL) {
             pwri_tmp = (unsigned char *)OPENSSL_strdup((char *)pwri_pass);
-            if (!pwri_tmp)
+            if (pwri_tmp == NULL)
                 goto end;
-            if (!CMS_add0_recipient_password(cms,
-                                             -1, NID_undef, NID_undef,
-                                             pwri_tmp, -1, NULL))
+            if (CMS_add0_recipient_password(cms,
+                                            -1, NID_undef, NID_undef,
+                                            pwri_tmp, -1, NULL) == NULL)
                 goto end;
             pwri_tmp = NULL;
         }
@@ -886,11 +887,11 @@ int cms_main(int argc, char **argv)
         STACK_OF(CMS_SignerInfo) *sis;
         CMS_SignerInfo *si;
         sis = CMS_get0_SignerInfos(cms);
-        if (!sis)
+        if (sis == NULL)
             goto end;
         si = sk_CMS_SignerInfo_value(sis, 0);
         srcms = CMS_sign_receipt(si, signer, key, other, flags);
-        if (!srcms)
+        if (srcms == NULL)
             goto end;
         CMS_ContentInfo_free(cms);
         cms = srcms;
@@ -908,21 +909,22 @@ int cms_main(int argc, char **argv)
             }
             flags |= CMS_PARTIAL;
             cms = CMS_sign(NULL, NULL, other, in, flags);
-            if (!cms)
+            if (cms == NULL)
                 goto end;
-            if (econtent_type)
+            if (econtent_type != NULL)
                 CMS_set1_eContentType(cms, econtent_type);
 
-            if (rr_to) {
+            if (rr_to != NULL) {
                 rr = make_receipt_request(rr_to, rr_allorfirst, rr_from);
-                if (!rr) {
+                if (rr == NULL) {
                     BIO_puts(bio_err,
                              "Signed Receipt Request Creation Error\n");
                     goto end;
                 }
             }
-        } else
+        } else {
             flags |= CMS_REUSE_DIGEST;
+        }
         for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
             CMS_SignerInfo *si;
             cms_key_param *kparam;
@@ -931,10 +933,10 @@ int cms_main(int argc, char **argv)
             keyfile = sk_OPENSSL_STRING_value(skkeys, i);
 
             signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
-            if (!signer)
+            if (signer == NULL)
                 goto end;
             key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
-            if (!key)
+            if (key == NULL)
                 goto end;
             for (kparam = key_first; kparam; kparam = kparam->next) {
                 if (kparam->idx == i) {
@@ -943,15 +945,15 @@ int cms_main(int argc, char **argv)
                 }
             }
             si = CMS_add1_signer(cms, signer, key, sign_md, tflags);
-            if (!si)
+            if (si == NULL)
                 goto end;
-            if (kparam) {
+            if (kparam != NULL) {
                 EVP_PKEY_CTX *pctx;
                 pctx = CMS_SignerInfo_get0_pkey_ctx(si);
                 if (!cms_set_pkey_param(pctx, kparam->param))
                     goto end;
             }
-            if (rr && !CMS_add1_ReceiptRequest(si, rr))
+            if (rr != NULL && !CMS_add1_ReceiptRequest(si, rr))
                 goto end;
             X509_free(signer);
             signer = NULL;
@@ -965,7 +967,7 @@ int cms_main(int argc, char **argv)
         }
     }
 
-    if (!cms) {
+    if (cms == NULL) {
         BIO_printf(bio_err, "Error creating CMS structure\n");
         goto end;
     }
@@ -975,7 +977,7 @@ int cms_main(int argc, char **argv)
         if (flags & CMS_DEBUG_DECRYPT)
             CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
 
-        if (secret_key) {
+        if (secret_key != NULL) {
             if (!CMS_decrypt_set1_key(cms,
                                       secret_key, secret_keylen,
                                       secret_keyid, secret_keyidlen)) {
@@ -984,14 +986,14 @@ int cms_main(int argc, char **argv)
             }
         }
 
-        if (key) {
+        if (key != NULL) {
             if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
                 BIO_puts(bio_err, "Error decrypting CMS using private key\n");
                 goto end;
             }
         }
 
-        if (pwri_pass) {
+        if (pwri_pass != NULL) {
             if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
                 BIO_puts(bio_err, "Error decrypting CMS using password\n");
                 goto end;
@@ -1009,9 +1011,9 @@ int cms_main(int argc, char **argv)
         if (!CMS_uncompress(cms, indata, out, flags))
             goto end;
     } else if (operation == SMIME_DIGEST_VERIFY) {
-        if (CMS_digest_verify(cms, indata, out, flags) > 0)
+        if (CMS_digest_verify(cms, indata, out, flags) > 0) {
             BIO_printf(bio_err, "Verification successful\n");
-        else {
+        } else {
             BIO_printf(bio_err, "Verification failure\n");
             goto end;
         }
@@ -1020,15 +1022,15 @@ int cms_main(int argc, char **argv)
                                        indata, out, flags))
             goto end;
     } else if (operation == SMIME_VERIFY) {
-        if (CMS_verify(cms, other, store, indata, out, flags) > 0)
+        if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
             BIO_printf(bio_err, "Verification successful\n");
-        else {
+        } else {
             BIO_printf(bio_err, "Verification failure\n");
             if (verify_retcode)
                 ret = verify_err + 32;
             goto end;
         }
-        if (signerfile) {
+        if (signerfile != NULL) {
             STACK_OF(X509) *signers;
             signers = CMS_get0_signers(cms);
             if (!save_certs(signerfile, signers)) {
@@ -1043,9 +1045,9 @@ int cms_main(int argc, char **argv)
             receipt_request_print(cms);
 
     } else if (operation == SMIME_VERIFY_RECEIPT) {
-        if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
+        if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) {
             BIO_printf(bio_err, "Verification successful\n");
-        else {
+        } else {
             BIO_printf(bio_err, "Verification failure\n");
             goto end;
         }
@@ -1064,11 +1066,11 @@ int cms_main(int argc, char **argv)
                 ret = SMIME_write_CMS(out, cms, indata, flags);
             else
                 ret = SMIME_write_CMS(out, cms, in, flags);
-        } else if (outformat == FORMAT_PEM)
+        } else if (outformat == FORMAT_PEM) {
             ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
-        else if (outformat == FORMAT_ASN1)
+        } else if (outformat == FORMAT_ASN1) {
             ret = i2d_CMS_bio_stream(out, cms, in, flags);
-        else {
+        } else {
             BIO_printf(bio_err, "Bad output format for CMS file\n");
             goto end;
         }
@@ -1122,10 +1124,10 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers)
 {
     int i;
     BIO *tmp;
-    if (!signerfile)
+    if (signerfile == NULL)
         return 1;
     tmp = BIO_new_file(signerfile, "w");
-    if (!tmp)
+    if (tmp == NULL)
         return 0;
     for (i = 0; i < sk_X509_num(signers); i++)
         PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
@@ -1185,9 +1187,9 @@ static void receipt_request_print(CMS_ContentInfo *cms)
         si = sk_CMS_SignerInfo_value(sis, i);
         rv = CMS_get1_ReceiptRequest(si, &rr);
         BIO_printf(bio_err, "Signer %d:\n", i + 1);
-        if (rv == 0)
+        if (rv == 0) {
             BIO_puts(bio_err, "  No Receipt Request\n");
-        else if (rv < 0) {
+        } else if (rv < 0) {
             BIO_puts(bio_err, "  Receipt Request Parse Error\n");
             ERR_print_errors(bio_err);
         } else {
@@ -1200,15 +1202,16 @@ static void receipt_request_print(CMS_ContentInfo *cms)
             id = (const char *)ASN1_STRING_get0_data(scid);
             BIO_dump_indent(bio_err, id, idlen, 4);
             BIO_puts(bio_err, "  Receipts From");
-            if (rlist) {
+            if (rlist != NULL) {
                 BIO_puts(bio_err, " List:\n");
                 gnames_stack_print(rlist);
-            } else if (allorfirst == 1)
+            } else if (allorfirst == 1) {
                 BIO_puts(bio_err, ": First Tier\n");
-            else if (allorfirst == 0)
+            } else if (allorfirst == 0) {
                 BIO_puts(bio_err, ": All\n");
-            else
+            } else {
                 BIO_printf(bio_err, " Unknown (%d)\n", allorfirst);
+            }
             BIO_puts(bio_err, "  Receipts To:\n");
             gnames_stack_print(rto);
         }
@@ -1223,12 +1226,12 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
     GENERAL_NAMES *gens = NULL;
     GENERAL_NAME *gen = NULL;
     ret = sk_GENERAL_NAMES_new_null();
-    if (!ret)
+    if (ret == NULL)
         goto err;
     for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) {
         char *str = sk_OPENSSL_STRING_value(ns, i);
         gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
-        if (!gen)
+        if (gen == NULL)
             goto err;
         gens = GENERAL_NAMES_new();
         if (gens == NULL)
@@ -1257,14 +1260,15 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
     STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
     CMS_ReceiptRequest *rr;
     rct_to = make_names_stack(rr_to);
-    if (!rct_to)
+    if (rct_to == NULL)
         goto err;
-    if (rr_from) {
+    if (rr_from != NULL) {
         rct_from = make_names_stack(rr_from);
-        if (!rct_from)
+        if (rct_from == NULL)
             goto err;
-    } else
+    } else {
         rct_from = NULL;
+    }
     rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
                                     rct_to);
     return rr;
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index cb2461e..95b71e4 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -131,7 +131,7 @@ int crl2pkcs7_main(int argc, char **argv)
         goto end;
     p7s->cert = cert_stack;
 
-    if (certflst)
+    if (certflst != NULL)
         for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
             certfile = sk_OPENSSL_STRING_value(certflst, i);
             if (add_certs_from_file(cert_stack, certfile) < 0) {
diff --git a/apps/dgst.c b/apps/dgst.c
index 48ab549..545c032 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -190,7 +190,7 @@ int dgst_main(int argc, char **argv)
         goto end;
     }
 
-    if (do_verify && !sigfile) {
+    if (do_verify && sigfile == NULL) {
         BIO_printf(bio_err,
                    "No signature to verify: use the -signature option\n");
         goto end;
@@ -217,30 +217,30 @@ int dgst_main(int argc, char **argv)
     }
 
     if (out_bin == -1) {
-        if (keyfile)
+        if (keyfile != NULL)
             out_bin = 1;
         else
             out_bin = 0;
     }
 
-    if (randfile)
+    if (randfile != NULL)
         app_RAND_load_file(randfile, 0);
 
     out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
     if (out == NULL)
         goto end;
 
-    if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
+    if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
         BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
         goto end;
     }
 
-    if (keyfile) {
+    if (keyfile != NULL) {
         if (want_pub)
             sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
         else
             sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
-        if (!sigkey) {
+        if (sigkey == NULL) {
             /*
              * load_[pub]key() has already printed an appropriate message
              */
@@ -248,12 +248,12 @@ int dgst_main(int argc, char **argv)
         }
     }
 
-    if (mac_name) {
+    if (mac_name != NULL) {
         EVP_PKEY_CTX *mac_ctx = NULL;
         int r = 0;
         if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
             goto mac_end;
-        if (macopts) {
+        if (macopts != NULL) {
             char *macopt;
             for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
                 macopt = sk_OPENSSL_STRING_value(macopts, i);
@@ -277,14 +277,14 @@ int dgst_main(int argc, char **argv)
             goto end;
     }
 
-    if (hmac_key) {
+    if (hmac_key != NULL) {
         sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
                                       (unsigned char *)hmac_key, -1);
-        if (!sigkey)
+        if (sigkey == NULL)
             goto end;
     }
 
-    if (sigkey) {
+    if (sigkey != NULL) {
         EVP_MD_CTX *mctx = NULL;
         EVP_PKEY_CTX *pctx = NULL;
         int r;
@@ -302,7 +302,7 @@ int dgst_main(int argc, char **argv)
             ERR_print_errors(bio_err);
             goto end;
         }
-        if (sigopts) {
+        if (sigopts != NULL) {
             char *sigopt;
             for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
                 sigopt = sk_OPENSSL_STRING_value(sigopts, i);
@@ -331,9 +331,9 @@ int dgst_main(int argc, char **argv)
         }
     }
 
-    if (sigfile && sigkey) {
+    if (sigfile != NULL && sigkey != NULL) {
         BIO *sigbio = BIO_new_file(sigfile, "rb");
-        if (!sigbio) {
+        if (sigbio == NULL) {
             BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
             ERR_print_errors(bio_err);
             goto end;
@@ -363,14 +363,14 @@ int dgst_main(int argc, char **argv)
     } else {
         const char *md_name = NULL, *sig_name = NULL;
         if (!out_bin) {
-            if (sigkey) {
+            if (sigkey != NULL) {
                 const EVP_PKEY_ASN1_METHOD *ameth;
                 ameth = EVP_PKEY_get0_asn1(sigkey);
                 if (ameth)
                     EVP_PKEY_asn1_get0_info(NULL, NULL,
                                             NULL, NULL, &sig_name, ameth);
             }
-            if (md)
+            if (md != NULL)
                 md_name = EVP_MD_name(md);
         }
         ret = 0;
@@ -380,9 +380,10 @@ int dgst_main(int argc, char **argv)
                 perror(argv[i]);
                 ret++;
                 continue;
-            } else
+            } else {
                 r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
                           siglen, sig_name, md_name, argv[i]);
+            }
             if (r)
                 ret = r;
             (void)BIO_reset(bmd);
@@ -420,13 +421,13 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
         if (i == 0)
             break;
     }
-    if (sigin) {
+    if (sigin != NULL) {
         EVP_MD_CTX *ctx;
         BIO_get_md_ctx(bp, &ctx);
         i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
-        if (i > 0)
+        if (i > 0) {
             BIO_printf(out, "Verified OK\n");
-        else if (i == 0) {
+        } else if (i == 0) {
             BIO_printf(out, "Verification Failure\n");
             return 1;
         } else {
@@ -436,7 +437,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
         }
         return 0;
     }
-    if (key) {
+    if (key != NULL) {
         EVP_MD_CTX *ctx;
         BIO_get_md_ctx(bp, &ctx);
         len = BUFSIZE;
@@ -453,22 +454,23 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
         }
     }
 
-    if (binout)
+    if (binout) {
         BIO_write(out, buf, len);
-    else if (sep == 2) {
+    } else if (sep == 2) {
         for (i = 0; i < (int)len; i++)
             BIO_printf(out, "%02x", buf[i]);
         BIO_printf(out, " *%s\n", file);
     } else {
-        if (sig_name) {
+        if (sig_name != NULL) {
             BIO_puts(out, sig_name);
-            if (md_name)
+            if (md_name != NULL)
                 BIO_printf(out, "-%s", md_name);
             BIO_printf(out, "(%s)= ", file);
-        } else if (md_name)
+        } else if (md_name != NULL) {
             BIO_printf(out, "%s(%s)= ", md_name, file);
-        else
+        } else {
             BIO_printf(out, "(%s)= ", file);
+        }
         for (i = 0; i < (int)len; i++) {
             if (sep && (i != 0))
                 BIO_printf(out, ":");
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 6cd059f..fc3a51e 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -138,7 +138,7 @@ int dhparam_main(int argc, char **argv)
     argc = opt_num_rest();
     argv = opt_rest();
 
-    if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
+    if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0))
         goto end;
 
     if (g && !num)
@@ -354,10 +354,11 @@ int dhparam_main(int argc, char **argv)
                 i = i2d_DHxparams_bio(out, dh);
             else
                 i = i2d_DHparams_bio(out, dh);
-        } else if (q != NULL)
+        } else if (q != NULL) {
             i = PEM_write_bio_DHxparams(out, dh);
-        else
+        } else {
             i = PEM_write_bio_DHparams(out, dh);
+        }
         if (!i) {
             BIO_printf(bio_err, "unable to write DH parameters\n");
             ERR_print_errors(bio_err);
diff --git a/apps/dsa.c b/apps/dsa.c
index dddc5b8..89599fc 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -161,7 +161,7 @@ int dsa_main(int argc, char **argv)
         else
             pkey = load_key(infile, informat, 1, passin, e, "Private Key");
 
-        if (pkey) {
+        if (pkey != NULL) {
             dsa = EVP_PKEY_get1_DSA(pkey);
             EVP_PKEY_free(pkey);
         }
@@ -199,16 +199,16 @@ int dsa_main(int argc, char **argv)
     }
     BIO_printf(bio_err, "writing DSA key\n");
     if (outformat == FORMAT_ASN1) {
-        if (pubin || pubout)
+        if (pubin || pubout) {
             i = i2d_DSA_PUBKEY_bio(out, dsa);
-        else {
+        } else {
             assert(private);
             i = i2d_DSAPrivateKey_bio(out, dsa);
         }
     } else if (outformat == FORMAT_PEM) {
-        if (pubin || pubout)
+        if (pubin || pubout) {
             i = PEM_write_bio_DSA_PUBKEY(out, dsa);
-        else {
+        } else {
             assert(private);
             i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
                                             NULL, 0, NULL, passout);
@@ -232,10 +232,9 @@ int dsa_main(int argc, char **argv)
 #  else
             i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
 #  endif
-        }
-        else if (pubin || pubout)
+        } else if (pubin || pubout) {
             i = i2b_PublicKey_bio(out, pk);
-        else {
+        } else {
             assert(private);
             i = i2b_PrivateKey_bio(out, pk);
         }
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 26fcf1e..cf0a10b 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -155,10 +155,11 @@ int dsaparam_main(int argc, char **argv)
             BIO_printf(bio_err, "Error, DSA key generation failed\n");
             goto end;
         }
-    } else if (informat == FORMAT_ASN1)
+    } else if (informat == FORMAT_ASN1) {
         dsa = d2i_DSAparams_bio(in, NULL);
-    else
+    } else {
         dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
+    }
     if (dsa == NULL) {
         BIO_printf(bio_err, "unable to load DSA parameters\n");
         ERR_print_errors(bio_err);
diff --git a/apps/ec.c b/apps/ec.c
index 06f357d..859623e 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -244,20 +244,20 @@ int ec_main(int argc, char **argv)
 
     BIO_printf(bio_err, "writing EC key\n");
     if (outformat == FORMAT_ASN1) {
-        if (param_out)
+        if (param_out) {
             i = i2d_ECPKParameters_bio(out, group);
-        else if (pubin || pubout)
+        } else if (pubin || pubout) {
             i = i2d_EC_PUBKEY_bio(out, eckey);
-        else {
+        } else {
             assert(private);
             i = i2d_ECPrivateKey_bio(out, eckey);
         }
     } else {
-        if (param_out)
+        if (param_out) {
             i = PEM_write_bio_ECPKParameters(out, group);
-        else if (pubin || pubout)
+        } else if (pubin || pubout) {
             i = PEM_write_bio_EC_PUBKEY(out, eckey);
-        else {
+        } else {
             assert(private);
             i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
                                            NULL, 0, NULL, passout);
@@ -267,8 +267,9 @@ int ec_main(int argc, char **argv)
     if (!i) {
         BIO_printf(bio_err, "unable to write private key\n");
         ERR_print_errors(bio_err);
-    } else
+    } else {
         ret = 0;
+    }
  end:
     BIO_free(in);
     BIO_free_all(out);
diff --git a/apps/ecparam.c b/apps/ecparam.c
index 7d4cef1..a3696c9 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -232,8 +232,9 @@ int ecparam_main(int argc, char **argv)
             BIO_printf(bio_err, "using curve name prime256v1 "
                        "instead of secp256r1\n");
             nid = NID_X9_62_prime256v1;
-        } else
+        } else {
             nid = OBJ_sn2nid(curve_name);
+        }
 
         if (nid == 0)
             nid = EC_curve_nist2nid(curve_name);
@@ -250,10 +251,11 @@ int ecparam_main(int argc, char **argv)
         }
         EC_GROUP_set_asn1_flag(group, asn1_flag);
         EC_GROUP_set_point_conversion_form(group, form);
-    } else if (informat == FORMAT_ASN1)
+    } else if (informat == FORMAT_ASN1) {
         group = d2i_ECPKParameters_bio(in, NULL);
-    else
+    } else {
         group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
+    }
     if (group == NULL) {
         BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
         ERR_print_errors(bio_err);
diff --git a/apps/enc.c b/apps/enc.c
index 157cb94..1ff1d6b 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -113,13 +113,13 @@ int enc_main(int argc, char **argv)
 
     /* first check the program name */
     prog = opt_progname(argv[0]);
-    if (strcmp(prog, "base64") == 0)
+    if (strcmp(prog, "base64") == 0) {
         base64 = 1;
 #ifdef ZLIB
-    else if (strcmp(prog, "zlib") == 0)
+    } else if (strcmp(prog, "zlib") == 0) {
         do_zlib = 1;
 #endif
-    else {
+    } else {
         cipher = EVP_get_cipherbyname(prog);
         if (cipher == NULL && strcmp(prog, "enc") != 0) {
             BIO_printf(bio_err, "%s is not a known cipher\n", prog);
@@ -292,12 +292,13 @@ int enc_main(int argc, char **argv)
 
     if (infile == NULL) {
         in = dup_bio_in(informat);
-    } else
+    } else {
         in = bio_open_default(infile, 'r', informat);
+    }
     if (in == NULL)
         goto end;
 
-    if (!str && passarg) {
+    if (str == NULL && passarg != NULL) {
         if (!app_passwd(passarg, NULL, &pass, NULL)) {
             BIO_printf(bio_err, "Error getting password\n");
             goto end;
@@ -393,17 +394,18 @@ int enc_main(int argc, char **argv)
             unsigned char *sptr;
             size_t str_len = strlen(str);
 
-            if (nosalt)
+            if (nosalt) {
                 sptr = NULL;
-            else {
+            } else {
                 if (enc) {
                     if (hsalt) {
                         if (!set_hex(hsalt, salt, sizeof salt)) {
                             BIO_printf(bio_err, "invalid hex salt value\n");
                             goto end;
                         }
-                    } else if (RAND_bytes(salt, sizeof salt) <= 0)
+                    } else if (RAND_bytes(salt, sizeof salt) <= 0) {
                         goto end;
+                    }
                     /*
                      * If -P option then don't bother writing
                      */
diff --git a/apps/engine.c b/apps/engine.c
index 1ead525..49f53ee 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -147,7 +147,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
     }
 
     cmds = sk_OPENSSL_STRING_new_null();
-    if (!cmds)
+    if (cmds == NULL)
         goto err;
 
     do {
@@ -249,9 +249,9 @@ static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
             if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
                 res = 0;
         }
-        if (res)
+        if (res) {
             BIO_printf(out, "[Success]: %s\n", cmd);
-        else {
+        } else {
             BIO_printf(out, "[Failure]: %s\n", cmd);
             ERR_print_errors(out);
         }
@@ -380,7 +380,7 @@ int engine_main(int argc, char **argv)
                     goto end;
 
                 fn_c = ENGINE_get_ciphers(e);
-                if (!fn_c)
+                if (fn_c == NULL)
                     goto skip_ciphers;
                 n = fn_c(e, NULL, &nids, 0);
                 for (k = 0; k < n; ++k)
@@ -389,7 +389,7 @@ int engine_main(int argc, char **argv)
 
  skip_ciphers:
                 fn_d = ENGINE_get_digests(e);
-                if (!fn_d)
+                if (fn_d == NULL)
                     goto skip_digests;
                 n = fn_d(e, NULL, &nids, 0);
                 for (k = 0; k < n; ++k)
@@ -398,14 +398,14 @@ int engine_main(int argc, char **argv)
 
  skip_digests:
                 fn_pk = ENGINE_get_pkey_meths(e);
-                if (!fn_pk)
+                if (fn_pk == NULL)
                     goto skip_pmeths;
                 n = fn_pk(e, NULL, &nids, 0);
                 for (k = 0; k < n; ++k)
                     if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
                         goto end;
  skip_pmeths:
-                if (cap_buf && (*cap_buf != '\0'))
+                if (cap_buf != NULL && (*cap_buf != '\0'))
                     BIO_printf(out, " [%s]\n", cap_buf);
 
                 OPENSSL_free(cap_buf);
diff --git a/apps/errstr.c b/apps/errstr.c
index 6bbbe2f..8b993fa 100644
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -50,9 +50,9 @@ int errstr_main(int argc, char **argv)
 
     ret = 0;
     for (argv = opt_rest(); *argv; argv++) {
-        if (sscanf(*argv, "%lx", &l) == 0)
+        if (sscanf(*argv, "%lx", &l) == 0) {
             ret++;
-        else {
+        } else {
             /* We're not really an SSL application so this won't auto-init, but
              * we're still interested in SSL error strings
              */
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 8f556f3..469ea1c 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -156,9 +156,9 @@ int genpkey_main(int argc, char **argv)
         }
     }
 
-    if (do_param)
+    if (do_param) {
         rv = PEM_write_bio_Parameters(out, pkey);
-    else if (outformat == FORMAT_PEM) {
+    } else if (outformat == FORMAT_PEM) {
         assert(private);
         rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
     } else if (outformat == FORMAT_ASN1) {
diff --git a/apps/ocsp.c b/apps/ocsp.c
index c461e76..0b93832 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -219,10 +219,10 @@ int ocsp_main(int argc, char **argv)
     char *prog;
 
     reqnames = sk_OPENSSL_STRING_new_null();
-    if (!reqnames)
+    if (reqnames == NULL)
         goto end;
     ids = sk_OCSP_CERTID_new_null();
-    if (!ids)
+    if (ids == NULL)
         goto end;
     if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
         return 1;
@@ -471,64 +471,65 @@ int ocsp_main(int argc, char **argv)
         goto opthelp;
 
     /* Have we anything to do? */
-    if (!req && !reqin && !respin && !(port && ridx_filename))
+    if (req == NULL&& reqin == NULL
+        && respin == NULL && !(port != NULL && ridx_filename != NULL))
         goto opthelp;
 
     out = bio_open_default(outfile, 'w', FORMAT_TEXT);
     if (out == NULL)
         goto end;
 
-    if (!req && (add_nonce != 2))
+    if (req == NULL && (add_nonce != 2))
         add_nonce = 0;
 
-    if (!req && reqin) {
+    if (req == NULL && reqin != NULL) {
         derbio = bio_open_default(reqin, 'r', FORMAT_ASN1);
         if (derbio == NULL)
             goto end;
         req = d2i_OCSP_REQUEST_bio(derbio, NULL);
         BIO_free(derbio);
-        if (!req) {
+        if (req == NULL) {
             BIO_printf(bio_err, "Error reading OCSP request\n");
             goto end;
         }
     }
 
-    if (!req && port) {
+    if (req == NULL && port != NULL) {
         acbio = init_responder(port);
-        if (!acbio)
+        if (acbio == NULL)
             goto end;
     }
 
-    if (rsignfile) {
-        if (!rkeyfile)
+    if (rsignfile != NULL) {
+        if (rkeyfile == NULL)
             rkeyfile = rsignfile;
         rsigner = load_cert(rsignfile, FORMAT_PEM, "responder certificate");
-        if (!rsigner) {
+        if (rsigner == NULL) {
             BIO_printf(bio_err, "Error loading responder certificate\n");
             goto end;
         }
         if (!load_certs(rca_filename, &rca_cert, FORMAT_PEM,
                         NULL, "CA certificate"))
             goto end;
-        if (rcertfile) {
+        if (rcertfile != NULL) {
             if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL,
                             "responder other certificates"))
                 goto end;
         }
         rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
                         "responder private key");
-        if (!rkey)
+        if (rkey == NULL)
             goto end;
     }
-    if (acbio)
+    if (acbio != NULL)
         BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
 
- redo_accept:
+redo_accept:
 
-    if (acbio) {
+    if (acbio != NULL) {
         if (!do_responder(&req, &cbio, acbio))
             goto end;
-        if (!req) {
+        if (req == NULL) {
             resp =
                 OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
                                      NULL);
@@ -537,30 +538,32 @@ int ocsp_main(int argc, char **argv)
         }
     }
 
-    if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) {
+    if (req == NULL
+        && (signfile != NULL || reqout != NULL
+            || host != NULL || add_nonce || ridx_filename != NULL)) {
         BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
         goto end;
     }
 
-    if (req && add_nonce)
+    if (req != NULL && add_nonce)
         OCSP_request_add1_nonce(req, NULL, -1);
 
-    if (signfile) {
-        if (!keyfile)
+    if (signfile != NULL) {
+        if (keyfile == NULL)
             keyfile = signfile;
         signer = load_cert(signfile, FORMAT_PEM, "signer certificate");
-        if (!signer) {
+        if (signer == NULL) {
             BIO_printf(bio_err, "Error loading signer certificate\n");
             goto end;
         }
-        if (sign_certfile) {
+        if (sign_certfile != NULL) {
             if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL,
                             "signer certificates"))
                 goto end;
         }
         key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
                        "signer private key");
-        if (!key)
+        if (key == NULL)
             goto end;
 
         if (!OCSP_request_sign
@@ -570,10 +573,10 @@ int ocsp_main(int argc, char **argv)
         }
     }
 
-    if (req_text && req)
+    if (req_text && req != NULL)
         OCSP_REQUEST_print(out, req, 0);
 
-    if (reqout) {
+    if (reqout != NULL) {
         derbio = bio_open_default(reqout, 'w', FORMAT_ASN1);
         if (derbio == NULL)
             goto end;
@@ -581,43 +584,44 @@ int ocsp_main(int argc, char **argv)
         BIO_free(derbio);
     }
 
-    if (ridx_filename && (!rkey || !rsigner || !rca_cert)) {
+    if (ridx_filename != NULL
+        && (rkey == NULL || rsigner == NULL || rca_cert == NULL)) {
         BIO_printf(bio_err,
                    "Need a responder certificate, key and CA for this operation!\n");
         goto end;
     }
 
-    if (ridx_filename && !rdb) {
+    if (ridx_filename != NULL && rdb == NULL) {
         rdb = load_index(ridx_filename, NULL);
-        if (!rdb)
+        if (rdb == NULL)
             goto end;
         if (!index_index(rdb))
             goto end;
     }
 
-    if (rdb) {
+    if (rdb != NULL) {
         make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,
                                rsign_md, rother, rflags, nmin, ndays, badsig);
-        if (cbio)
+        if (cbio != NULL)
             send_ocsp_response(cbio, resp);
-    } else if (host) {
+    } else if (host != NULL) {
 # ifndef OPENSSL_NO_SOCK
         resp = process_responder(req, host, path,
                                  port, use_ssl, headers, req_timeout);
-        if (!resp)
+        if (resp == NULL)
             goto end;
 # else
         BIO_printf(bio_err,
                    "Error creating connect BIO - sockets not supported.\n");
         goto end;
 # endif
-    } else if (respin) {
+    } else if (respin != NULL) {
         derbio = bio_open_default(respin, 'r', FORMAT_ASN1);
         if (derbio == NULL)
             goto end;
         resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
         BIO_free(derbio);
-        if (!resp) {
+        if (resp == NULL) {
             BIO_printf(bio_err, "Error reading OCSP response\n");
             goto end;
         }
@@ -628,7 +632,7 @@ int ocsp_main(int argc, char **argv)
 
  done_resp:
 
-    if (respout) {
+    if (respout != NULL) {
         derbio = bio_open_default(respout, 'w', FORMAT_ASN1);
         if (derbio == NULL)
             goto end;
@@ -650,7 +654,7 @@ int ocsp_main(int argc, char **argv)
         OCSP_RESPONSE_print(out, resp, 0);
 
     /* If running as responder don't verify our own response */
-    if (cbio) {
+    if (cbio != NULL) {
         /* If not unlimited, see if we took all we should. */
         if (accept_count != -1 && --accept_count <= 0) {
             ret = 0;
@@ -664,26 +668,26 @@ int ocsp_main(int argc, char **argv)
         resp = NULL;
         goto redo_accept;
     }
-    if (ridx_filename) {
+    if (ridx_filename != NULL) {
         ret = 0;
         goto end;
     }
 
-    if (!store) {
+    if (store == NULL) {
         store = setup_verify(CAfile, CApath, noCAfile, noCApath);
         if (!store)
             goto end;
     }
     if (vpmtouched)
         X509_STORE_set1_param(store, vpm);
-    if (verify_certfile) {
+    if (verify_certfile != NULL) {
         if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL,
                         "validator certificate"))
             goto end;
     }
 
     bs = OCSP_response_get1_basic(resp);
-    if (!bs) {
+    if (bs == NULL) {
         BIO_printf(bio_err, "Error parsing response\n");
         goto end;
     }
@@ -691,7 +695,7 @@ int ocsp_main(int argc, char **argv)
     ret = 0;
 
     if (!noverify) {
-        if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) {
+        if (req != NULL && ((i = OCSP_check_nonce(req, bs)) <= 0)) {
             if (i == -1)
                 BIO_printf(bio_err, "WARNING: no nonce in response\n");
             else {
@@ -711,9 +715,9 @@ int ocsp_main(int argc, char **argv)
             BIO_printf(bio_err, "Response Verify Failure\n");
             ERR_print_errors(bio_err);
             ret = 1;
-        } else
+        } else {
             BIO_printf(bio_err, "Response verify OK\n");
-
+        }
     }
 
     print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage);
@@ -753,7 +757,8 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
                          STACK_OF(OCSP_CERTID) *ids)
 {
     OCSP_CERTID *id;
-    if (!issuer) {
+
+    if (issuer == NULL) {
         BIO_printf(bio_err, "No issuer certificate specified\n");
         return 0;
     }
@@ -762,7 +767,7 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
     if (*req == NULL)
         goto err;
     id = OCSP_cert_to_id(cert_id_md, cert, issuer);
-    if (!id || !sk_OCSP_CERTID_push(ids, id))
+    if (id == NULL || !sk_OCSP_CERTID_push(ids, id))
         goto err;
     if (!OCSP_request_add0_id(*req, id))
         goto err;
@@ -781,7 +786,8 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
     X509_NAME *iname;
     ASN1_BIT_STRING *ikey;
     ASN1_INTEGER *sno;
-    if (!issuer) {
+
+    if (issuer == NULL) {
         BIO_printf(bio_err, "No issuer certificate specified\n");
         return 0;
     }
@@ -792,7 +798,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
     iname = X509_get_subject_name(issuer);
     ikey = X509_get0_pubkey_bitstr(issuer);
     sno = s2i_ASN1_INTEGER(NULL, serial);
-    if (!sno) {
+    if (sno == NULL) {
         BIO_printf(bio_err, "Error converting serial number %s\n", serial);
         return 0;
     }
@@ -819,7 +825,7 @@ static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
     int i, status, reason;
     ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
 
-    if (!bs || !req || !sk_OPENSSL_STRING_num(names)
+    if (bs == NULL || req == NULL || !sk_OPENSSL_STRING_num(names)
         || !sk_OCSP_CERTID_num(ids))
         return;
 
@@ -905,7 +911,7 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
         OCSP_id_get0_info(NULL, &cert_id_md_oid, NULL, NULL, cid);
 
         cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);
-        if (!cert_id_md) {
+        if (cert_id_md == NULL) {
             *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
                                          NULL);
             goto end;
@@ -928,15 +934,15 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
         }
         OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
         inf = lookup_serial(db, serial);
-        if (!inf)
+        if (inf == NULL) {
             OCSP_basic_add1_status(bs, cid,
                                    V_OCSP_CERTSTATUS_UNKNOWN,
                                    0, NULL, thisupd, nextupd);
-        else if (inf[DB_type][0] == DB_TYPE_VAL)
+        } else if (inf[DB_type][0] == DB_TYPE_VAL) {
             OCSP_basic_add1_status(bs, cid,
                                    V_OCSP_CERTSTATUS_GOOD,
                                    0, NULL, thisupd, nextupd);
-        else if (inf[DB_type][0] == DB_TYPE_REV) {
+        } else if (inf[DB_type][0] == DB_TYPE_REV) {
             ASN1_OBJECT *inst = NULL;
             ASN1_TIME *revtm = NULL;
             ASN1_GENERALIZEDTIME *invtm = NULL;
@@ -946,10 +952,10 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
             single = OCSP_basic_add1_status(bs, cid,
                                             V_OCSP_CERTSTATUS_REVOKED,
                                             reason, revtm, thisupd, nextupd);
-            if (invtm)
+            if (invtm != NULL)
                 OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date,
                                              invtm, 0, 0);
-            else if (inst)
+            else if (inst != NULL)
                 OCSP_SINGLERESP_add1_ext_i2d(single,
                                              NID_hold_instruction_code, inst,
                                              0, 0);
@@ -1134,13 +1140,14 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio)
     }
 
     /* Try to read OCSP request */
-    if (getbio) {
+    if (getbio != NULL) {
         req = d2i_OCSP_REQUEST_bio(getbio, NULL);
         BIO_free_all(getbio);
-    } else
+    } else {
         req = d2i_OCSP_REQUEST_bio(cbio, NULL);
+    }
 
-    if (!req) {
+    if (req == NULL) {
         BIO_printf(bio_err, "Error parsing OCSP request\n");
         ERR_print_errors(bio_err);
     }
@@ -1156,7 +1163,7 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
     char http_resp[] =
         "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
         "Content-Length: %d\r\n\r\n";
-    if (!cbio)
+    if (cbio == NULL)
         return 0;
     BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
     i2d_OCSP_RESPONSE_bio(cbio, resp);
@@ -1234,11 +1241,11 @@ static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
         openssl_fdset(fd, &confds);
         tv.tv_usec = 0;
         tv.tv_sec = req_timeout;
-        if (BIO_should_read(cbio))
+        if (BIO_should_read(cbio)) {
             rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
-        else if (BIO_should_write(cbio))
+        } else if (BIO_should_write(cbio)) {
             rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
-        else {
+        } else {
             BIO_puts(bio_err, "Unexpected retry condition\n");
             goto err;
         }
@@ -1269,11 +1276,11 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
     OCSP_RESPONSE *resp = NULL;
 
     cbio = BIO_new_connect(host);
-    if (!cbio) {
+    if (cbio == NULL) {
         BIO_printf(bio_err, "Error creating connect BIO\n");
         goto end;
     }
-    if (port)
+    if (port != NULL)
         BIO_set_conn_port(cbio, port);
     if (use_ssl == 1) {
         BIO *sbio;
@@ -1288,7 +1295,7 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
     }
 
     resp = query_responder(cbio, host, path, headers, req, req_timeout);
-    if (!resp)
+    if (resp == NULL)
         BIO_printf(bio_err, "Error querying OCSP responder\n");
  end:
     BIO_free_all(cbio);
diff --git a/apps/openssl.c b/apps/openssl.c
index e42ee1e..b2d4e6f 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -258,12 +258,12 @@ const OPTIONS exit_options[] = {
 static void list_cipher_fn(const EVP_CIPHER *c,
                            const char *from, const char *to, void *arg)
 {
-    if (c)
+    if (c != NULL) {
         BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
-    else {
-        if (!from)
+    } else {
+        if (from == NULL)
             from = "<undefined>";
-        if (!to)
+        if (to == NULL)
             to = "<undefined>";
         BIO_printf(arg, "%s => %s\n", from, to);
     }
@@ -272,12 +272,12 @@ static void list_cipher_fn(const EVP_CIPHER *c,
 static void list_md_fn(const EVP_MD *m,
                        const char *from, const char *to, void *arg)
 {
-    if (m)
+    if (m != NULL) {
         BIO_printf(arg, "%s\n", EVP_MD_name(m));
-    else {
-        if (!from)
+    } else {
+        if (from == NULL)
             from = "<undefined>";
-        if (!to)
+        if (to == NULL)
             to = "<undefined>";
         BIO_printf((BIO *)arg, "%s => %s\n", from, to);
     }
diff --git a/apps/opt.c b/apps/opt.c
index 499a0b5..a261bf5 100644
--- a/apps/opt.c
+++ b/apps/opt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -181,10 +181,10 @@ int opt_format_error(const char *s, unsigned long flags)
 {
     OPT_PAIR *ap;
 
-    if (flags == OPT_FMT_PEMDER)
+    if (flags == OPT_FMT_PEMDER) {
         BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n",
                    prog, s);
-    else {
+    } else {
         BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n",
                    prog, s);
         for (ap = formats; ap->name; ap++)
@@ -264,8 +264,9 @@ int opt_format(const char *s, unsigned long flags, int *result)
             if ((flags & OPT_FMT_PKCS12) == 0)
                 return opt_format_error(s, flags);
             *result = FORMAT_PKCS12;
-        } else
+        } else {
             return 0;
+        }
         break;
     }
     return 1;
@@ -275,7 +276,7 @@ int opt_format(const char *s, unsigned long flags, int *result)
 int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
 {
     *cipherp = EVP_get_cipherbyname(name);
-    if (*cipherp)
+    if (*cipherp != NULL)
         return 1;
     BIO_printf(bio_err, "%s: Unknown cipher %s\n", prog, name);
     return 0;
@@ -287,7 +288,7 @@ int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
 int opt_md(const char *name, const EVP_MD **mdp)
 {
     *mdp = EVP_get_digestbyname(name);
-    if (*mdp)
+    if (*mdp != NULL)
         return 1;
     BIO_printf(bio_err, "%s: Unknown digest %s\n", prog, name);
     return 0;
diff --git a/apps/passwd.c b/apps/passwd.c
index 1dc1e37..c873697 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -187,7 +187,7 @@ int passwd_main(int argc, char **argv)
     argc = opt_num_rest();
     argv = opt_rest();
 
-    if (*argv) {
+    if (*argv != NULL) {
         if (pw_source_defined)
             goto opthelp;
         pw_source_defined = 1;
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 8280676..439622a 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -285,7 +285,7 @@ int pkcs12_main(int argc, char **argv)
 
     private = 1;
 
-    if (passarg) {
+    if (passarg != NULL) {
         if (export_cert)
             passoutarg = passarg;
         else
@@ -297,14 +297,14 @@ int pkcs12_main(int argc, char **argv)
         goto end;
     }
 
-    if (!cpass) {
+    if (cpass == NULL) {
         if (export_cert)
             cpass = passout;
         else
             cpass = passin;
     }
 
-    if (cpass) {
+    if (cpass != NULL) {
         mpass = cpass;
         noprompt = 1;
     } else {
@@ -312,7 +312,7 @@ int pkcs12_main(int argc, char **argv)
         mpass = macpass;
     }
 
-    if (export_cert || inrand) {
+    if (export_cert || inrand != NULL) {
         app_RAND_load_file(NULL, (inrand != NULL));
         if (inrand != NULL)
             BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
@@ -320,6 +320,7 @@ int pkcs12_main(int argc, char **argv)
     }
 
     if (twopass) {
+        /* To avoid bit rot */
         if (1) {
 #ifndef OPENSSL_NO_UI
             if (EVP_read_pw_string
@@ -353,7 +354,7 @@ int pkcs12_main(int argc, char **argv)
         if (!(options & NOKEYS)) {
             key = load_key(keyname ? keyname : infile,
                            FORMAT_PEM, 1, passin, e, "private key");
-            if (!key)
+            if (key == NULL)
                 goto export_end;
         }
 
@@ -363,7 +364,7 @@ int pkcs12_main(int argc, char **argv)
                             "certificates"))
                 goto export_end;
 
-            if (key) {
+            if (key != NULL) {
                 /* Look for matching private key */
                 for (i = 0; i < sk_X509_num(certs); i++) {
                     x = sk_X509_value(certs, i);
@@ -377,7 +378,7 @@ int pkcs12_main(int argc, char **argv)
                         break;
                     }
                 }
-                if (!ucert) {
+                if (ucert == NULL) {
                     BIO_printf(bio_err,
                                "No certificate matches private key\n");
                     goto export_end;
@@ -387,7 +388,7 @@ int pkcs12_main(int argc, char **argv)
         }
 
         /* Add any more certificates asked for */
-        if (certfile) {
+        if (certfile != NULL) {
             if (!load_certs(certfile, &certs, FORMAT_PEM, NULL,
                             "certificates from certfile"))
                 goto export_end;
@@ -429,15 +430,16 @@ int pkcs12_main(int argc, char **argv)
             X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
         }
 
-        if (csp_name && key)
+        if (csp_name != NULL && key != NULL)
             EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
                                       MBSTRING_ASC, (unsigned char *)csp_name,
                                       -1);
 
-        if (add_lmk && key)
+        if (add_lmk && key != NULL)
             EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
 
         if (!noprompt) {
+            /* To avoid bit rot */
             if (1) {
 #ifndef OPENSSL_NO_UI
                 if (EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
@@ -609,8 +611,9 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
                 alg_print(p7->d.encrypted->enc_data->algorithm);
             }
             bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
-        } else
+        } else {
             continue;
+        }
         if (!bags)
             goto err;
         if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
@@ -874,8 +877,9 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
         if (attr_nid == NID_undef) {
             i2a_ASN1_OBJECT(out, attr_obj);
             BIO_printf(out, ": ");
-        } else
+        } else {
             BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+        }
 
         if (X509_ATTRIBUTE_count(attr)) {
             av = X509_ATTRIBUTE_get0_type(attr, 0);
@@ -903,8 +907,9 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
                 BIO_printf(out, "<Unsupported tag %d>\n", av->type);
                 break;
             }
-        } else
+        } else {
             BIO_printf(out, "<No Values>\n");
+        }
     }
     return 1;
 }
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 7ee23a2..e964a3b 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -196,7 +196,7 @@ int pkcs8_main(int argc, char **argv)
 
     if (topk8) {
         pkey = load_key(infile, informat, 1, passin, e, "key");
-        if (!pkey)
+        if (pkey == NULL)
             goto end;
         if ((p8inf = EVP_PKEY2PKCS8(pkey)) == NULL) {
             BIO_printf(bio_err, "Error converting key\n");
@@ -205,11 +205,11 @@ int pkcs8_main(int argc, char **argv)
         }
         if (nocrypt) {
             assert(private);
-            if (outformat == FORMAT_PEM)
+            if (outformat == FORMAT_PEM) {
                 PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
-            else if (outformat == FORMAT_ASN1)
+            } else if (outformat == FORMAT_ASN1) {
                 i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
-            else {
+            } else {
                 BIO_printf(bio_err, "Bad format specified for key\n");
                 goto end;
             }
@@ -232,9 +232,10 @@ int pkcs8_main(int argc, char **argv)
                 ERR_print_errors(bio_err);
                 goto end;
             }
-            if (passout)
+            if (passout != NULL) {
                 p8pass = passout;
-            else if (1) {
+            } else if (1) {
+                /* To avoid bit rot */
 #ifndef OPENSSL_NO_UI
                 p8pass = pass;
                 if (EVP_read_pw_string
@@ -272,32 +273,32 @@ int pkcs8_main(int argc, char **argv)
     }
 
     if (nocrypt) {
-        if (informat == FORMAT_PEM)
+        if (informat == FORMAT_PEM) {
             p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
-        else if (informat == FORMAT_ASN1)
+        } else if (informat == FORMAT_ASN1) {
             p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
-        else {
+        } else {
             BIO_printf(bio_err, "Bad format specified for key\n");
             goto end;
         }
     } else {
-        if (informat == FORMAT_PEM)
+        if (informat == FORMAT_PEM) {
             p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
-        else if (informat == FORMAT_ASN1)
+        } else if (informat == FORMAT_ASN1) {
             p8 = d2i_PKCS8_bio(in, NULL);
-        else {
+        } else {
             BIO_printf(bio_err, "Bad format specified for key\n");
             goto end;
         }
 
-        if (!p8) {
+        if (p8 == NULL) {
             BIO_printf(bio_err, "Error reading key\n");
             ERR_print_errors(bio_err);
             goto end;
         }
-        if (passin)
+        if (passin != NULL) {
             p8pass = passin;
-        else if (1) {
+        } else if (1) {
 #ifndef OPENSSL_NO_UI
             p8pass = pass;
             if (EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0)) {
@@ -312,7 +313,7 @@ int pkcs8_main(int argc, char **argv)
         p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
     }
 
-    if (!p8inf) {
+    if (p8inf == NULL) {
         BIO_printf(bio_err, "Error decrypting key\n");
         ERR_print_errors(bio_err);
         goto end;
diff --git a/apps/pkey.c b/apps/pkey.c
index 14896d3..e8e32ba 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -136,14 +136,14 @@ int pkey_main(int argc, char **argv)
         pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
     else
         pkey = load_key(infile, informat, 1, passin, e, "key");
-    if (!pkey)
+    if (pkey == NULL)
         goto end;
 
     if (!noout) {
         if (outformat == FORMAT_PEM) {
-            if (pubout)
+            if (pubout) {
                 PEM_write_bio_PUBKEY(out, pkey);
-            else {
+            } else {
                 assert(private);
                 if (traditional)
                     PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
@@ -154,9 +154,9 @@ int pkey_main(int argc, char **argv)
                                              NULL, 0, NULL, passout);
             }
         } else if (outformat == FORMAT_ASN1) {
-            if (pubout)
+            if (pubout) {
                 i2d_PUBKEY_bio(out, pkey);
-            else {
+            } else {
                 assert(private);
                 i2d_PrivateKey_bio(out, pkey);
             }
@@ -164,13 +164,12 @@ int pkey_main(int argc, char **argv)
             BIO_printf(bio_err, "Bad format specified for key\n");
             goto end;
         }
-
     }
 
     if (text) {
-        if (pubtext)
+        if (pubtext) {
             EVP_PKEY_print_public(out, pkey, 0, NULL);
-        else {
+        } else {
             assert(private);
             EVP_PKEY_print_private(out, pkey, 0, NULL);
         }
diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c
index fe07ea7..9ac2475 100644
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -80,7 +80,7 @@ int pkeyparam_main(int argc, char **argv)
     if (out == NULL)
         goto end;
     pkey = PEM_read_bio_Parameters(in, NULL);
-    if (!pkey) {
+    if (pkey == NULL) {
         BIO_printf(bio_err, "Error reading parameters\n");
         ERR_print_errors(bio_err);
         goto end;
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 3ba75ad..90e9ae3 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -226,13 +226,13 @@ int pkeyutl_main(int argc, char **argv)
         }
     }
 
-    if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
+    if (sigfile != NULL && (pkey_op != EVP_PKEY_OP_VERIFY)) {
         BIO_printf(bio_err,
                    "%s: Signature file specified for non verify\n", prog);
         goto end;
     }
 
-    if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
+    if (sigfile == NULL && (pkey_op == EVP_PKEY_OP_VERIFY)) {
         BIO_printf(bio_err,
                    "%s: No signature file specified for verify\n", prog);
         goto end;
@@ -250,9 +250,10 @@ int pkeyutl_main(int argc, char **argv)
     if (out == NULL)
         goto end;
 
-    if (sigfile) {
+    if (sigfile != NULL) {
         BIO *sigbio = BIO_new_file(sigfile, "rb");
-        if (!sigbio) {
+
+        if (sigbio == NULL) {
             BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
             goto end;
         }
@@ -264,7 +265,7 @@ int pkeyutl_main(int argc, char **argv)
         }
     }
 
-    if (in) {
+    if (in != NULL) {
         /* Read the input data */
         buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
         if (buf_inlen < 0) {
@@ -289,8 +290,9 @@ int pkeyutl_main(int argc, char **argv)
         if (rv == 1) {
             BIO_puts(out, "Signature Verified Successfully\n");
             ret = 0;
-        } else
+        } else {
             BIO_puts(out, "Signature Verification Failure\n");
+        }
         goto end;
     }
     if (kdflen != 0) {
@@ -316,10 +318,11 @@ int pkeyutl_main(int argc, char **argv)
     if (asn1parse) {
         if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
             ERR_print_errors(bio_err);
-    } else if (hexdump)
+    } else if (hexdump) {
         BIO_dump(out, (char *)buf_out, buf_outlen);
-    else
+    } else {
         BIO_write(out, buf_out, buf_outlen);
+    }
 
  end:
     EVP_PKEY_CTX_free(ctx);
@@ -381,7 +384,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
         impl = e;
 #endif
 
-    if (kdfalg) {
+    if (kdfalg != NULL) {
         int kdfnid = OBJ_sn2nid(kdfalg);
         if (kdfnid == NID_undef)
             goto end;
@@ -444,7 +447,7 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
     if (peerform == FORMAT_ENGINE)
         engine = e;
     peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
-    if (!peer) {
+    if (peer == NULL) {
         BIO_printf(bio_err, "Error reading peer key %s\n", file);
         ERR_print_errors(bio_err);
         return 0;
diff --git a/apps/progs.pl b/apps/progs.pl
index 94a4962..7713440 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -32,7 +32,7 @@ print <<'EOF';
  * WARNING: do not edit!
  * Generated by apps/progs.pl
  *
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/rehash.c b/apps/rehash.c
index 52c005e..e3c0244 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -254,11 +254,11 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
         goto end;
     }
     x = sk_X509_INFO_value(inf, 0);
-    if (x->x509) {
+    if (x->x509 != NULL) {
         type = TYPE_CERT;
         name = X509_get_subject_name(x->x509);
         X509_digest(x->x509, evpmd, digest, NULL);
-    } else if (x->crl) {
+    } else if (x->crl != NULL) {
         type = TYPE_CRL;
         name = X509_CRL_get_issuer(x->crl);
         X509_CRL_digest(x->crl, evpmd, digest, NULL);
@@ -266,7 +266,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
         ++errs;
         goto end;
     }
-    if (name) {
+    if (name != NULL) {
         if ((h == HASH_NEW) || (h == HASH_BOTH))
             errs += add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0);
         if ((h == HASH_OLD) || (h == HASH_BOTH))
@@ -499,8 +499,8 @@ int rehash_main(int argc, char **argv)
     evpmd = EVP_sha1();
     evpmdsize = EVP_MD_size(evpmd);
 
-    if (*argv) {
-        while (*argv)
+    if (*argv != NULL) {
+        while (*argv != NULL)
             errs += do_dir(*argv++, h);
     } else if ((env = getenv("SSL_CERT_DIR")) != NULL) {
         m = OPENSSL_strdup(env);
diff --git a/apps/req.c b/apps/req.c
index a47dfcf..34d9065 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -371,21 +371,21 @@ int req_main(int argc, char **argv)
 
     if (md_alg == NULL) {
         p = NCONF_get_string(req_conf, SECTION, "default_md");
-        if (p == NULL)
+        if (p == NULL) {
             ERR_clear_error();
-        else {
+        } else {
             if (!opt_md(p, &md_alg))
                 goto opthelp;
             digest = md_alg;
         }
     }
 
-    if (!extensions) {
+    if (extensions == NULL) {
         extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
-        if (!extensions)
+        if (extensions == NULL)
             ERR_clear_error();
     }
-    if (extensions) {
+    if (extensions != NULL) {
         /* Check syntax of file */
         X509V3_CTX ctx;
         X509V3_set_ctx_test(&ctx);
@@ -412,28 +412,28 @@ int req_main(int argc, char **argv)
     }
 
     p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
-    if (!p)
+    if (p == NULL)
         ERR_clear_error();
 
-    if (p && !ASN1_STRING_set_default_mask_asc(p)) {
+    if (p != NULL && !ASN1_STRING_set_default_mask_asc(p)) {
         BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
         goto end;
     }
 
     if (chtype != MBSTRING_UTF8) {
         p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
-        if (!p)
+        if (p == NULL)
             ERR_clear_error();
         else if (strcmp(p, "yes") == 0)
             chtype = MBSTRING_UTF8;
     }
 
-    if (!req_exts) {
+    if (req_exts == NULL) {
         req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
-        if (!req_exts)
+        if (req_exts == NULL)
             ERR_clear_error();
     }
-    if (req_exts) {
+    if (req_exts != NULL) {
         /* Check syntax of file */
         X509V3_CTX ctx;
         X509V3_set_ctx_test(&ctx);
@@ -448,7 +448,7 @@ int req_main(int argc, char **argv)
 
     if (keyfile != NULL) {
         pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
-        if (!pkey) {
+        if (pkey == NULL) {
             /* load_key() has already printed an appropriate message */
             goto end;
         } else {
@@ -464,17 +464,17 @@ int req_main(int argc, char **argv)
         if (randfile == NULL)
             ERR_clear_error();
         app_RAND_load_file(randfile, 0);
-        if (inrand)
+        if (inrand != NULL)
             app_RAND_load_files(inrand);
 
         if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) {
             newkey = DEFAULT_KEY_LENGTH;
         }
 
-        if (keyalg) {
+        if (keyalg != NULL) {
             genctx = set_keygen_ctx(keyalg, &pkey_type, &newkey,
                                     &keyalgstr, gen_eng);
-            if (!genctx)
+            if (genctx == NULL)
                 goto end;
         }
 
@@ -486,14 +486,14 @@ int req_main(int argc, char **argv)
             goto end;
         }
 
-        if (!genctx) {
+        if (genctx == NULL) {
             genctx = set_keygen_ctx(NULL, &pkey_type, &newkey,
                                     &keyalgstr, gen_eng);
             if (!genctx)
                 goto end;
         }
 
-        if (pkeyopts) {
+        if (pkeyopts != NULL) {
             char *genopt;
             for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) {
                 genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
@@ -610,9 +610,9 @@ int req_main(int argc, char **argv)
                 goto end;
 
             /* Set version to V3 */
-            if (extensions && !X509_set_version(x509ss, 2))
+            if (extensions != NULL && !X509_set_version(x509ss, 2))
                 goto end;
-            if (serial) {
+            if (serial != NULL) {
                 if (!X509_set_serialNumber(x509ss, serial))
                     goto end;
             } else {
@@ -637,9 +637,9 @@ int req_main(int argc, char **argv)
             X509V3_set_nconf(&ext_ctx, req_conf);
 
             /* Add extensions */
-            if (extensions && !X509V3_EXT_add_nconf(req_conf,
-                                                    &ext_ctx, extensions,
-                                                    x509ss)) {
+            if (extensions != NULL && !X509V3_EXT_add_nconf(req_conf,
+                                                            &ext_ctx, extensions,
+                                                            x509ss)) {
                 BIO_printf(bio_err, "Error Loading extension section %s\n",
                            extensions);
                 goto end;
@@ -668,9 +668,9 @@ int req_main(int argc, char **argv)
             X509V3_set_nconf(&ext_ctx, req_conf);
 
             /* Add extensions */
-            if (req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
-                                                      &ext_ctx, req_exts,
-                                                      req)) {
+            if (req_exts != NULL
+                && !X509V3_EXT_REQ_add_nconf(req_conf, &ext_ctx,
+                                             req_exts, req)) {
                 BIO_printf(bio_err, "Error Loading extension section %s\n",
                            req_exts);
                 goto end;
@@ -723,8 +723,9 @@ int req_main(int argc, char **argv)
         } else if (i == 0) {
             BIO_printf(bio_err, "verify failure\n");
             ERR_print_errors(bio_err);
-        } else                  /* if (i > 0) */
+        } else {                 /* if (i > 0) */
             BIO_printf(bio_err, "verify OK\n");
+        }
     }
 
     if (noout && !text && !modulus && !subject && !pubkey) {
@@ -951,7 +952,8 @@ static int prompt_info(X509_REQ *req,
 
     if (sk_CONF_VALUE_num(dn_sk)) {
         i = -1;
- start:for (;;) {
+ start:
+        for ( ; ; ) {
             i++;
             if (sk_CONF_VALUE_num(dn_sk) <= i)
                 break;
@@ -976,8 +978,9 @@ static int prompt_info(X509_REQ *req,
             if (*type == '+') {
                 mval = -1;
                 type++;
-            } else
+            } else {
                 mval = 0;
+            }
             /* If OBJ not recognised ignore it */
             if ((nid = OBJ_txt2nid(type)) == NID_undef)
                 goto start;
@@ -1030,7 +1033,8 @@ static int prompt_info(X509_REQ *req,
             }
 
             i = -1;
- start2:   for (;;) {
+ start2:
+            for ( ; ; ) {
                 i++;
                 if ((attr_sk == NULL) || (sk_CONF_VALUE_num(attr_sk) <= i))
                     break;
@@ -1128,8 +1132,9 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
         if (plus_char) {
             type++;
             mval = -1;
-        } else
+        } else {
             mval = 0;
+        }
         if (!X509_NAME_add_entry_by_txt(subj, type, chtype,
                                         (unsigned char *)v->value, -1, -1,
                                         mval))
@@ -1178,19 +1183,20 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
     }
 
     if (buf[0] == '\0')
-        return (0);
-    else if (buf[0] == '\n') {
+        return 0;
+    if (buf[0] == '\n') {
         if ((def == NULL) || (def[0] == '\0'))
-            return (1);
+            return 1;
         OPENSSL_strlcpy(buf, def, sizeof buf);
         OPENSSL_strlcat(buf, "\n", sizeof buf);
-    } else if ((buf[0] == '.') && (buf[1] == '\n'))
-        return (1);
+    } else if ((buf[0] == '.') && (buf[1] == '\n')) {
+        return 1;
+    }
 
     i = strlen(buf);
     if (buf[i - 1] != '\n') {
         BIO_printf(bio_err, "weird input :-(\n");
-        return (0);
+        return 0;
     }
     buf[--i] = '\0';
 #ifdef CHARSET_EBCDIC
@@ -1237,19 +1243,20 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
     }
 
     if (buf[0] == '\0')
-        return (0);
-    else if (buf[0] == '\n') {
+        return 0;
+    if (buf[0] == '\n') {
         if ((def == NULL) || (def[0] == '\0'))
-            return (1);
+            return 1;
         OPENSSL_strlcpy(buf, def, sizeof buf);
         OPENSSL_strlcat(buf, "\n", sizeof buf);
-    } else if ((buf[0] == '.') && (buf[1] == '\n'))
-        return (1);
+    } else if ((buf[0] == '.') && (buf[1] == '\n')) {
+        return 1;
+    }
 
     i = strlen(buf);
     if (buf[i - 1] != '\n') {
         BIO_printf(bio_err, "weird input :-(\n");
-        return (0);
+        return 0;
     }
     buf[--i] = '\0';
 #ifdef CHARSET_EBCDIC
@@ -1320,15 +1327,15 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
         *pkey_type = EVP_PKEY_RSA;
         keylen = atol(gstr);
         *pkeylen = keylen;
-    } else if (strncmp(gstr, "param:", 6) == 0)
+    } else if (strncmp(gstr, "param:", 6) == 0) {
         paramfile = gstr + 6;
-    else {
+    } else {
         const char *p = strchr(gstr, ':');
         int len;
         ENGINE *tmpeng;
         const EVP_PKEY_ASN1_METHOD *ameth;
 
-        if (p)
+        if (p != NULL)
             len = p - gstr;
         else
             len = strlen(gstr);
@@ -1339,7 +1346,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
 
         ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
 
-        if (!ameth) {
+        if (ameth == NULL) {
             BIO_printf(bio_err, "Unknown algorithm %.*s\n", len, gstr);
             return NULL;
         }
@@ -1349,28 +1356,31 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
         ENGINE_finish(tmpeng);
 #endif
         if (*pkey_type == EVP_PKEY_RSA) {
-            if (p) {
+            if (p != NULL) {
                 keylen = atol(p + 1);
                 *pkeylen = keylen;
-            } else
+            } else {
                 keylen = *pkeylen;
-        } else if (p)
+            }
+        } else if (p != NULL) {
             paramfile = p + 1;
+        }
     }
 
-    if (paramfile) {
+    if (paramfile != NULL) {
         pbio = BIO_new_file(paramfile, "r");
-        if (!pbio) {
+        if (pbio == NULL) {
             BIO_printf(bio_err, "Can't open parameter file %s\n", paramfile);
             return NULL;
         }
         param = PEM_read_bio_Parameters(pbio, NULL);
 
-        if (!param) {
+        if (param == NULL) {
             X509 *x;
+
             (void)BIO_reset(pbio);
             x = PEM_read_bio_X509(pbio, NULL, NULL, NULL);
-            if (x) {
+            if (x != NULL) {
                 param = X509_get_pubkey(x);
                 X509_free(x);
             }
@@ -1378,25 +1388,26 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
 
         BIO_free(pbio);
 
-        if (!param) {
+        if (param == NULL) {
             BIO_printf(bio_err, "Error reading parameter file %s\n", paramfile);
             return NULL;
         }
-        if (*pkey_type == -1)
+        if (*pkey_type == -1) {
             *pkey_type = EVP_PKEY_id(param);
-        else if (*pkey_type != EVP_PKEY_base_id(param)) {
+        } else if (*pkey_type != EVP_PKEY_base_id(param)) {
             BIO_printf(bio_err, "Key Type does not match parameters\n");
             EVP_PKEY_free(param);
             return NULL;
         }
     }
 
-    if (palgnam) {
+    if (palgnam != NULL) {
         const EVP_PKEY_ASN1_METHOD *ameth;
         ENGINE *tmpeng;
         const char *anam;
+
         ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
-        if (!ameth) {
+        if (ameth == NULL) {
             BIO_puts(bio_err, "Internal error: can't find key algorithm\n");
             return NULL;
         }
@@ -1407,12 +1418,13 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
 #endif
     }
 
-    if (param) {
+    if (param != NULL) {
         gctx = EVP_PKEY_CTX_new(param, keygen_engine);
         *pkeylen = EVP_PKEY_bits(param);
         EVP_PKEY_free(param);
-    } else
+    } else {
         gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
+    }
 
     if (gctx == NULL) {
         BIO_puts(bio_err, "Error allocating keygen context\n");
diff --git a/apps/rsa.c b/apps/rsa.c
index 5462f4b..5adb93d 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -176,12 +176,14 @@ int rsa_main(int argc, char **argv)
                     tmpformat = FORMAT_PEMRSA;
                 else if (informat == FORMAT_ASN1)
                     tmpformat = FORMAT_ASN1RSA;
-            } else
+            } else {
                 tmpformat = informat;
+            }
 
             pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
-        } else
+        } else {
             pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+        }
 
         if (pkey != NULL)
             rsa = EVP_PKEY_get1_RSA(pkey);
@@ -217,9 +219,9 @@ int rsa_main(int argc, char **argv)
     if (check) {
         int r = RSA_check_key(rsa);
 
-        if (r == 1)
+        if (r == 1) {
             BIO_printf(out, "RSA key ok\n");
-        else if (r == 0) {
+        } else if (r == 0) {
             unsigned long err;
 
             while ((err = ERR_peek_error()) != 0 &&
@@ -251,8 +253,7 @@ int rsa_main(int argc, char **argv)
             assert(private);
             i = i2d_RSAPrivateKey_bio(out, rsa);
         }
-    }
-    else if (outformat == FORMAT_PEM) {
+    } else if (outformat == FORMAT_PEM) {
         if (pubout || pubin) {
             if (pubout == 2)
                 i = PEM_write_bio_RSAPublicKey(out, rsa);
@@ -297,8 +298,9 @@ int rsa_main(int argc, char **argv)
     if (i <= 0) {
         BIO_printf(bio_err, "unable to write key\n");
         ERR_print_errors(bio_err);
-    } else
+    } else {
         ret = 0;
+    }
  end:
     release_engine(e);
     BIO_free_all(out);
diff --git a/apps/rsautl.c b/apps/rsautl.c
index e5c1524..c8a2650 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -190,14 +190,13 @@ int rsautl_main(int argc, char **argv)
         break;
     }
 
-    if (!pkey) {
+    if (pkey == NULL)
         return 1;
-    }
 
     rsa = EVP_PKEY_get1_RSA(pkey);
     EVP_PKEY_free(pkey);
 
-    if (!rsa) {
+    if (rsa == NULL) {
         BIO_printf(bio_err, "Error getting RSA key\n");
         ERR_print_errors(bio_err);
         goto end;
@@ -261,10 +260,11 @@ int rsautl_main(int argc, char **argv)
         if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
             ERR_print_errors(bio_err);
         }
-    } else if (hexdump)
+    } else if (hexdump) {
         BIO_dump(out, (char *)rsa_out, rsa_outlen);
-    else
+    } else {
         BIO_write(out, rsa_out, rsa_outlen);
+    }
  end:
     RSA_free(rsa);
     release_engine(e);
diff --git a/apps/s_apps.h b/apps/s_apps.h
index 07b5a7a..6ee2b0c 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/s_cb.c b/apps/s_cb.c
index edbc2b8..f2906a5 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -53,13 +53,14 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
 
     if (!verify_args.quiet || !ok) {
         BIO_printf(bio_err, "depth=%d ", depth);
-        if (err_cert) {
+        if (err_cert != NULL) {
             X509_NAME_print_ex(bio_err,
                                X509_get_subject_name(err_cert),
                                0, get_nameopt());
             BIO_puts(bio_err, "\n");
-        } else
+        } else {
             BIO_puts(bio_err, "<no cert>\n");
+        }
     }
     if (!ok) {
         BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
@@ -206,7 +207,7 @@ static void ssl_print_client_cert_types(BIO *bio, SSL *s)
 
         if (i)
             BIO_puts(bio, ", ");
-        if (cname)
+        if (cname != NULL)
             BIO_puts(bio, cname);
         else
             BIO_printf(bio, "UNKNOWN (%d),", cert_type);
@@ -342,13 +343,13 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)
             BIO_puts(out, ":");
         nid = groups[i];
         /* If unrecognised print out hex version */
-        if (nid & TLSEXT_nid_unknown)
+        if (nid & TLSEXT_nid_unknown) {
             BIO_printf(out, "0x%04X", nid & 0xFFFF);
-        else {
+        } else {
             /* TODO(TLS1.3): Get group name here */
             /* Use NIST name for curve if it exists */
             gname = EC_curve_nid2nist(nid);
-            if (!gname)
+            if (gname == NULL)
                 gname = OBJ_nid2sn(nid);
             BIO_printf(out, "%s", gname);
         }
@@ -366,7 +367,7 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)
         nid = SSL_get_shared_group(s, i);
         /* TODO(TLS1.3): Convert for DH groups */
         gname = EC_curve_nid2nist(nid);
-        if (!gname)
+        if (gname == NULL)
             gname = OBJ_nid2sn(nid);
         BIO_printf(out, "%s", gname);
     }
@@ -376,6 +377,7 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)
     return 1;
 }
 #endif
+
 int ssl_print_tmp_key(BIO *out, SSL *s)
 {
     EVP_PKEY *key;
@@ -399,7 +401,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
             nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
             EC_KEY_free(ec);
             cname = EC_curve_nid2nist(nid);
-            if (!cname)
+            if (cname == NULL)
                 cname = OBJ_nid2sn(nid);
             BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key));
         }
@@ -461,10 +463,9 @@ void apps_ssl_info_callback(const SSL *s, int where, int ret)
         if (ret == 0)
             BIO_printf(bio_err, "%s:failed in %s\n",
                        str, SSL_state_string_long(s));
-        else if (ret < 0) {
+        else if (ret < 0)
             BIO_printf(bio_err, "%s:error in %s\n",
                        str, SSL_state_string_long(s));
-        }
     }
 }
 
@@ -478,6 +479,7 @@ static STRINT_PAIR ssl_versions[] = {
     {"DTLS 1.0 (bad)", DTLS1_BAD_VER},
     {NULL}
 };
+
 static STRINT_PAIR alert_types[] = {
     {" close_notify", 0},
     {" end_of_early_data", 1},
@@ -813,19 +815,19 @@ static int set_cert_cb(SSL *ssl, void *arg)
 #endif
     SSL_certs_clear(ssl);
 
-    if (!exc)
+    if (exc == NULL)
         return 1;
 
     /*
      * Go to end of list and traverse backwards since we prepend newer
      * entries this retains the original order.
      */
-    while (exc->next)
+    while (exc->next != NULL)
         exc = exc->next;
 
     i = 0;
 
-    while (exc) {
+    while (exc != NULL) {
         i++;
         rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
         BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
@@ -846,8 +848,9 @@ static int set_cert_cb(SSL *ssl, void *arg)
             if (exc->build_chain) {
                 if (!SSL_build_cert_chain(ssl, 0))
                     return 0;
-            } else if (exc->chain)
+            } else if (exc->chain != NULL) {
                 SSL_set1_chain(ssl, exc->chain);
+            }
         }
         exc = exc->prev;
     }
@@ -884,7 +887,7 @@ void ssl_excert_free(SSL_EXCERT *exc)
 {
     SSL_EXCERT *curr;
 
-    if (!exc)
+    if (exc == NULL)
         return;
     while (exc) {
         X509_free(exc->cert);
@@ -899,33 +902,33 @@ void ssl_excert_free(SSL_EXCERT *exc)
 int load_excert(SSL_EXCERT **pexc)
 {
     SSL_EXCERT *exc = *pexc;
-    if (!exc)
+    if (exc == NULL)
         return 1;
     /* If nothing in list, free and set to NULL */
-    if (!exc->certfile && !exc->next) {
+    if (exc->certfile == NULL && exc->next == NULL) {
         ssl_excert_free(exc);
         *pexc = NULL;
         return 1;
     }
     for (; exc; exc = exc->next) {
-        if (!exc->certfile) {
+        if (exc->certfile == NULL) {
             BIO_printf(bio_err, "Missing filename\n");
             return 0;
         }
         exc->cert = load_cert(exc->certfile, exc->certform,
                               "Server Certificate");
-        if (!exc->cert)
+        if (exc->cert == NULL)
             return 0;
-        if (exc->keyfile) {
+        if (exc->keyfile != NULL) {
             exc->key = load_key(exc->keyfile, exc->keyform,
                                 0, NULL, NULL, "Server Key");
         } else {
             exc->key = load_key(exc->certfile, exc->certform,
                                 0, NULL, NULL, "Server Key");
         }
-        if (!exc->key)
+        if (exc->key == NULL)
             return 0;
-        if (exc->chainfile) {
+        if (exc->chainfile != NULL) {
             if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
                             "Server Chain"))
                 return 0;
@@ -957,7 +960,7 @@ int args_excert(int opt, SSL_EXCERT **pexc)
     case OPT_X__LAST:
         return 0;
     case OPT_X_CERT:
-        if (exc->certfile && !ssl_excert_prepend(&exc)) {
+        if (exc->certfile != NULL && !ssl_excert_prepend(&exc)) {
             BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog());
             goto err;
         }
@@ -965,14 +968,14 @@ int args_excert(int opt, SSL_EXCERT **pexc)
         exc->certfile = opt_arg();
         break;
     case OPT_X_KEY:
-        if (exc->keyfile) {
+        if (exc->keyfile != NULL) {
             BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog());
             goto err;
         }
         exc->keyfile = opt_arg();
         break;
     case OPT_X_CHAIN:
-        if (exc->chainfile) {
+        if (exc->chainfile != NULL) {
             BIO_printf(bio_err, "%s: Chain already specified\n",
                        opt_getprog());
             goto err;
@@ -1015,11 +1018,11 @@ static void print_raw_cipherlist(SSL *s)
         const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
         if (i)
             BIO_puts(bio_err, ":");
-        if (c)
+        if (c != NULL) {
             BIO_puts(bio_err, SSL_CIPHER_get_name(c));
-        else if (!memcmp(rlist, scsv_id, num))
+        } else if (memcmp(rlist, scsv_id, num) == 0) {
             BIO_puts(bio_err, "SCSV");
-        else {
+        } else {
             size_t j;
             BIO_puts(bio_err, "0x");
             for (j = 0; j < num; j++)
@@ -1114,7 +1117,7 @@ void print_ssl_summary(SSL *s)
     BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
     do_print_sigalgs(bio_err, s, 0);
     peer = SSL_get_peer_certificate(s);
-    if (peer) {
+    if (peer != NULL) {
         int nid;
 
         BIO_puts(bio_err, "Peer certificate: ");
@@ -1126,8 +1129,9 @@ void print_ssl_summary(SSL *s)
         if (SSL_get_peer_signature_type_nid(s, &nid))
             BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid));
         print_verify_detail(s, bio_err);
-    } else
+    } else {
         BIO_puts(bio_err, "No peer certificate\n");
+    }
     X509_free(peer);
 #ifndef OPENSSL_NO_EC
     ssl_print_point_formats(bio_err, s);
@@ -1151,7 +1155,7 @@ int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
         const char *flag = sk_OPENSSL_STRING_value(str, i);
         const char *arg = sk_OPENSSL_STRING_value(str, i + 1);
         if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
-            if (arg)
+            if (arg != NULL)
                 BIO_printf(bio_err, "Error with command: \"%s %s\"\n",
                            flag, arg);
             else
@@ -1285,7 +1289,7 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
         cert_md = 1;
         break;
     }
-    if (nm)
+    if (nm != NULL)
         BIO_printf(sdb->out, "%s=", nm);
 
     switch (op & SSL_SECOP_OTHER_TYPE) {
diff --git a/apps/s_client.c b/apps/s_client.c
index 84dad97..663ab49 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -154,8 +154,9 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
         if (c_debug)
             BIO_printf(bio_c_out,
                        "NULL received PSK identity hint, continuing anyway\n");
-    } else if (c_debug)
+    } else if (c_debug) {
         BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
+    }
 
     /*
      * lookup PSK identity and PSK key based on the given identity hint here
@@ -1423,7 +1424,7 @@ int s_client_main(int argc, char **argv)
     if (argc != 0)
         goto opthelp;
 
-    if (proxystr) {
+    if (proxystr != NULL) {
         int res;
         char *tmp_host = host, *tmp_port = port;
         if (connectstr == NULL) {
@@ -1496,7 +1497,7 @@ int s_client_main(int argc, char **argv)
     if (key_file == NULL)
         key_file = cert_file;
 
-    if (key_file) {
+    if (key_file != NULL) {
         key = load_key(key_file, key_format, 0, pass, e,
                        "client certificate private key file");
         if (key == NULL) {
@@ -1505,7 +1506,7 @@ int s_client_main(int argc, char **argv)
         }
     }
 
-    if (cert_file) {
+    if (cert_file != NULL) {
         cert = load_cert(cert_file, cert_format, "client certificate file");
         if (cert == NULL) {
             ERR_print_errors(bio_err);
@@ -1513,13 +1514,13 @@ int s_client_main(int argc, char **argv)
         }
     }
 
-    if (chain_file) {
+    if (chain_file != NULL) {
         if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL,
                         "client certificate chain"))
             goto end;
     }
 
-    if (crl_file) {
+    if (crl_file != NULL) {
         X509_CRL *crl;
         crl = load_crl(crl_file, crl_format);
         if (crl == NULL) {
@@ -1552,7 +1553,7 @@ int s_client_main(int argc, char **argv)
     if (bio_c_out == NULL) {
         if (c_quiet && !c_debug) {
             bio_c_out = BIO_new(BIO_s_null());
-            if (c_msg && !bio_c_msg)
+            if (c_msg && bio_c_msg == NULL)
                 bio_c_msg = dup_bio_out(FORMAT_TEXT);
         } else if (bio_c_out == NULL)
             bio_c_out = dup_bio_out(FORMAT_TEXT);
@@ -1573,7 +1574,7 @@ int s_client_main(int argc, char **argv)
     if (sdebug)
         ssl_ctx_security_debug(ctx, sdebug);
 
-    if (ssl_config) {
+    if (ssl_config != NULL) {
         if (SSL_CTX_config(ctx, ssl_config) == 0) {
             BIO_printf(bio_err, "Error using configuration \"%s\"\n",
                        ssl_config);
@@ -1672,11 +1673,11 @@ int s_client_main(int argc, char **argv)
     }
 #endif
 
-    if (exc)
+    if (exc != NULL)
         ssl_ctx_set_excert(ctx, exc);
 
 #if !defined(OPENSSL_NO_NEXTPROTONEG)
-    if (next_proto.data)
+    if (next_proto.data != NULL)
         SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
 #endif
     if (alpn_in) {
@@ -1782,7 +1783,7 @@ int s_client_main(int argc, char **argv)
      * come at any time. Therefore we use a callback to write out the session
      * when we know about it. This approach works for < TLSv1.3 as well.
      */
-    if (sess_out) {
+    if (sess_out != NULL) {
         SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT
                                             | SSL_SESS_CACHE_NO_INTERNAL_STORE);
         SSL_CTX_sess_set_new_cb(ctx, new_session_cb);
@@ -1792,17 +1793,17 @@ int s_client_main(int argc, char **argv)
         goto end;
 
     con = SSL_new(ctx);
-    if (sess_in) {
+    if (sess_in != NULL) {
         SSL_SESSION *sess;
         BIO *stmp = BIO_new_file(sess_in, "r");
-        if (!stmp) {
+        if (stmp == NULL) {
             BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
             ERR_print_errors(bio_err);
             goto end;
         }
         sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
         BIO_free(stmp);
-        if (!sess) {
+        if (sess == NULL) {
             BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
             ERR_print_errors(bio_err);
             goto end;
@@ -1920,9 +1921,10 @@ int s_client_main(int argc, char **argv)
                 BIO_free(sbio);
                 goto shut;
             }
-        } else
+        } else {
             /* want to do MTU discovery */
             BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+        }
     } else
 #endif /* OPENSSL_NO_DTLS */
         sbio = BIO_new_socket(s, BIO_NOCLOSE);
@@ -3170,12 +3172,12 @@ static int ocsp_resp_cb(SSL *s, void *arg)
     OCSP_RESPONSE *rsp;
     len = SSL_get_tlsext_status_ocsp_resp(s, &p);
     BIO_puts(arg, "OCSP response: ");
-    if (!p) {
+    if (p == NULL) {
         BIO_puts(arg, "no response sent\n");
         return 1;
     }
     rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
-    if (!rsp) {
+    if (rsp == NULL) {
         BIO_puts(arg, "response parse error\n");
         BIO_dump_indent(arg, (char *)p, len, 4);
         return 0;
diff --git a/apps/s_server.c b/apps/s_server.c
index 4c92a53..26947c3 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -161,7 +161,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
 
     if (s_debug)
         BIO_printf(bio_s_out, "psk_server_cb\n");
-    if (!identity) {
+    if (identity == NULL) {
         BIO_printf(bio_err, "Error: client did not send PSK identity\n");
         goto out_err;
     }
@@ -435,17 +435,17 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg)
 {
     tlsextctx *p = (tlsextctx *) arg;
     const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-    if (servername && p->biodebug)
+    if (servername != NULL && p->biodebug != NULL)
         BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n",
                    servername);
 
-    if (!p->servername)
+    if (p->servername == NULL)
         return SSL_TLSEXT_ERR_NOACK;
 
-    if (servername) {
+    if (servername != NULL) {
         if (strcasecmp(servername, p->servername))
             return p->extension_error;
-        if (ctx2) {
+        if (ctx2 != NULL) {
             BIO_printf(p->biodebug, "Switching server context.\n");
             SSL_set_SSL_CTX(s, ctx2);
         }
@@ -493,7 +493,7 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
     /* Build up OCSP query from server certificate */
     x = SSL_get_certificate(s);
     aia = X509_get1_ocsp(x);
-    if (aia) {
+    if (aia != NULL) {
         if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
                             &host, &port, &path, &use_ssl)) {
             BIO_puts(bio_err, "cert_status: can't parse AIA URL\n");
@@ -503,7 +503,7 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
             BIO_printf(bio_err, "cert_status: AIA URL: %s\n",
                        sk_OPENSSL_STRING_value(aia, 0));
     } else {
-        if (!srctx->host) {
+        if (srctx->host == NULL) {
             BIO_puts(bio_err,
                      "cert_status: no AIA and no default responder URL\n");
             goto done;
@@ -529,7 +529,7 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
     }
     id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
     X509_OBJECT_free(obj);
-    if (!id)
+    if (id == NULL)
         goto err;
     req = OCSP_REQUEST_new();
     if (req == NULL)
@@ -1584,7 +1584,7 @@ int s_server_main(int argc, char *argv[])
     if (nocert == 0) {
         s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
                          "server certificate private key file");
-        if (!s_key) {
+        if (s_key == NULL) {
             ERR_print_errors(bio_err);
             goto end;
         }
@@ -1592,20 +1592,20 @@ int s_server_main(int argc, char *argv[])
         s_cert = load_cert(s_cert_file, s_cert_format,
                            "server certificate file");
 
-        if (!s_cert) {
+        if (s_cert == NULL) {
             ERR_print_errors(bio_err);
             goto end;
         }
-        if (s_chain_file) {
+        if (s_chain_file != NULL) {
             if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL,
                             "server certificate chain"))
                 goto end;
         }
 
-        if (tlsextcbp.servername) {
+        if (tlsextcbp.servername != NULL) {
             s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
                               "second server certificate private key file");
-            if (!s_key2) {
+            if (s_key2 == NULL) {
                 ERR_print_errors(bio_err);
                 goto end;
             }
@@ -1613,7 +1613,7 @@ int s_server_main(int argc, char *argv[])
             s_cert2 = load_cert(s_cert_file2, s_cert_format,
                                 "second server certificate file");
 
-            if (!s_cert2) {
+            if (s_cert2 == NULL) {
                 ERR_print_errors(bio_err);
                 goto end;
             }
@@ -1633,16 +1633,16 @@ int s_server_main(int argc, char *argv[])
             goto end;
     }
 
-    if (crl_file) {
+    if (crl_file != NULL) {
         X509_CRL *crl;
         crl = load_crl(crl_file, crl_format);
-        if (!crl) {
+        if (crl == NULL) {
             BIO_puts(bio_err, "Error loading CRL\n");
             ERR_print_errors(bio_err);
             goto end;
         }
         crls = sk_X509_CRL_new_null();
-        if (!crls || !sk_X509_CRL_push(crls, crl)) {
+        if (crls == NULL || !sk_X509_CRL_push(crls, crl)) {
             BIO_puts(bio_err, "Error adding CRL\n");
             ERR_print_errors(bio_err);
             X509_CRL_free(crl);
@@ -1650,14 +1650,14 @@ int s_server_main(int argc, char *argv[])
         }
     }
 
-    if (s_dcert_file) {
+    if (s_dcert_file != NULL) {
 
         if (s_dkey_file == NULL)
             s_dkey_file = s_dcert_file;
 
         s_dkey = load_key(s_dkey_file, s_dkey_format,
                           0, dpass, engine, "second certificate private key file");
-        if (!s_dkey) {
+        if (s_dkey == NULL) {
             ERR_print_errors(bio_err);
             goto end;
         }
@@ -1665,11 +1665,11 @@ int s_server_main(int argc, char *argv[])
         s_dcert = load_cert(s_dcert_file, s_dcert_format,
                             "second server certificate file");
 
-        if (!s_dcert) {
+        if (s_dcert == NULL) {
             ERR_print_errors(bio_err);
             goto end;
         }
-        if (s_dchain_file) {
+        if (s_dchain_file != NULL) {
             if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL,
                             "second server certificate chain"))
                 goto end;
@@ -1689,7 +1689,7 @@ int s_server_main(int argc, char *argv[])
     if (bio_s_out == NULL) {
         if (s_quiet && !s_debug) {
             bio_s_out = BIO_new(BIO_s_null());
-            if (s_msg && !bio_s_msg)
+            if (s_msg && bio_s_msg == NULL)
                 bio_s_msg = dup_bio_out(FORMAT_TEXT);
         } else {
             if (bio_s_out == NULL)
@@ -1740,7 +1740,7 @@ int s_server_main(int argc, char *argv[])
         BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
     }
     SSL_CTX_set_quiet_shutdown(ctx, 1);
-    if (exc)
+    if (exc != NULL)
         ssl_ctx_set_excert(ctx, exc);
 
     if (state)
@@ -1819,7 +1819,7 @@ int s_server_main(int argc, char *argv[])
         }
     }
 
-    if (ctx2) {
+    if (ctx2 != NULL) {
         BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
 
         if (sdebug)
@@ -1837,7 +1837,7 @@ int s_server_main(int argc, char *argv[])
             BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
         }
         SSL_CTX_set_quiet_shutdown(ctx2, 1);
-        if (exc)
+        if (exc != NULL)
             ssl_ctx_set_excert(ctx2, exc);
 
         if (state)
@@ -1880,9 +1880,9 @@ int s_server_main(int argc, char *argv[])
     if (!no_dhe) {
         DH *dh = NULL;
 
-        if (dhfile)
+        if (dhfile != NULL)
             dh = load_dh_param(dhfile);
-        else if (s_cert_file)
+        else if (s_cert_file != NULL)
             dh = load_dh_param(s_cert_file);
 
         if (dh != NULL) {
@@ -1892,16 +1892,16 @@ int s_server_main(int argc, char *argv[])
         }
         (void)BIO_flush(bio_s_out);
 
-        if (dh == NULL)
+        if (dh == NULL) {
             SSL_CTX_set_dh_auto(ctx, 1);
-        else if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
+        } else if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
             BIO_puts(bio_err, "Error setting temp DH parameters\n");
             ERR_print_errors(bio_err);
             DH_free(dh);
             goto end;
         }
 
-        if (ctx2) {
+        if (ctx2 != NULL) {
             if (!dhfile) {
                 DH *dh2 = load_dh_param(s_cert_file2);
                 if (dh2 != NULL) {
@@ -1912,9 +1912,9 @@ int s_server_main(int argc, char *argv[])
                     dh = dh2;
                 }
             }
-            if (dh == NULL)
+            if (dh == NULL) {
                 SSL_CTX_set_dh_auto(ctx2, 1);
-            else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) {
+            } else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) {
                 BIO_puts(bio_err, "Error setting temp DH parameters\n");
                 ERR_print_errors(bio_err);
                 DH_free(dh);
@@ -1934,7 +1934,8 @@ int s_server_main(int argc, char *argv[])
         goto end;
     }
 
-    if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain))
+    if (ctx2 != NULL
+        && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain))
         goto end;
 
     if (s_dcert != NULL) {
@@ -1946,7 +1947,7 @@ int s_server_main(int argc, char *argv[])
         SSL_CTX_set_not_resumable_session_callback(ctx,
                                                    not_resumable_sess_cb);
 
-        if (ctx2)
+        if (ctx2 != NULL)
             SSL_CTX_set_not_resumable_session_callback(ctx2,
                                                        not_resumable_sess_cb);
     }
@@ -1977,7 +1978,7 @@ int s_server_main(int argc, char *argv[])
     SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
     SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
 
-    if (ctx2) {
+    if (ctx2 != NULL) {
         SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
         if (!SSL_CTX_set_session_id_context(ctx2,
                     (void *)&s_server_session_id_context,
@@ -2373,8 +2374,9 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
                     }
                 }
                 assert(lf_num == 0);
-            } else
+            } else {
                 i = raw_read_stdin(buf, bufsize);
+            }
 
             if (!s_quiet && !s_brief) {
                 if ((i <= 0) || (buf[0] == 'Q')) {
@@ -2868,7 +2870,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
         SSL_set_tlsext_debug_arg(con, bio_s_out);
     }
 
-    if (context
+    if (context != NULL
         && !SSL_set_session_id_context(con, context,
                                        strlen((char *)context)))
         goto err;
@@ -3237,7 +3239,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
         SSL_set_tlsext_debug_callback(con, tlsext_cb);
         SSL_set_tlsext_debug_arg(con, bio_s_out);
     }
-    if (context
+    if (context != NULL
         && !SSL_set_session_id_context(con, context,
                                        strlen((char *)context))) {
         ERR_print_errors(bio_err);
diff --git a/apps/s_time.c b/apps/s_time.c
index 998ef72..bae2524 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -245,9 +245,9 @@ int s_time_main(int argc, char **argv)
         BIO_closesocket(SSL_get_fd(scon));
 
         nConn += 1;
-        if (SSL_session_reused(scon))
+        if (SSL_session_reused(scon)) {
             ver = 'r';
-        else {
+        } else {
             ver = SSL_version(scon);
             if (ver == TLS1_VERSION)
                 ver = 't';
@@ -318,7 +318,7 @@ int s_time_main(int argc, char **argv)
         if ((doConnection(scon, host, ctx)) == NULL)
             goto end;
 
-        if (www_path) {
+        if (www_path != NULL) {
             BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
                          www_path);
             if (SSL_write(scon, buf, strlen(buf)) <= 0)
@@ -334,9 +334,9 @@ int s_time_main(int argc, char **argv)
         BIO_closesocket(SSL_get_fd(scon));
 
         nConn += 1;
-        if (SSL_session_reused(scon))
+        if (SSL_session_reused(scon)) {
             ver = 'r';
-        else {
+        } else {
             ver = SSL_version(scon);
             if (ver == TLS1_VERSION)
                 ver = 't';
diff --git a/apps/sess_id.c b/apps/sess_id.c
index 38624cf..b9f249e 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -100,14 +100,14 @@ int sess_id_main(int argc, char **argv)
     }
     peer = SSL_SESSION_get0_peer(x);
 
-    if (context) {
+    if (context != NULL) {
         size_t ctx_len = strlen(context);
         if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
             BIO_printf(bio_err, "Context too long\n");
             goto end;
         }
         if (!SSL_SESSION_set1_id_context(x, (unsigned char *)context,
-                    ctx_len)) {
+                                         ctx_len)) {
             BIO_printf(bio_err, "Error setting id context\n");
             goto end;
         }
@@ -131,13 +131,13 @@ int sess_id_main(int argc, char **argv)
     }
 
     if (!noout && !cert) {
-        if (outformat == FORMAT_ASN1)
+        if (outformat == FORMAT_ASN1) {
             i = i2d_SSL_SESSION_bio(out, x);
-        else if (outformat == FORMAT_PEM)
+        } else if (outformat == FORMAT_PEM) {
             i = PEM_write_bio_SSL_SESSION(out, x);
-        else if (outformat == FORMAT_NSS)
+        } else if (outformat == FORMAT_NSS) {
             i = SSL_SESSION_print_keylog(out, x);
-        else {
+        } else {
             BIO_printf(bio_err, "bad output format specified for outfile\n");
             goto end;
         }
@@ -146,11 +146,11 @@ int sess_id_main(int argc, char **argv)
             goto end;
         }
     } else if (!noout && (peer != NULL)) { /* just print the certificate */
-        if (outformat == FORMAT_ASN1)
+        if (outformat == FORMAT_ASN1) {
             i = (int)i2d_X509_bio(out, peer);
-        else if (outformat == FORMAT_PEM)
+        } else if (outformat == FORMAT_PEM) {
             i = PEM_write_bio_X509(out, peer);
-        else {
+        } else {
             BIO_printf(bio_err, "bad output format specified for outfile\n");
             goto end;
         }
diff --git a/apps/smime.c b/apps/smime.c
index abc139e..babe4ef 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -245,7 +245,7 @@ int smime_main(int argc, char **argv)
             break;
         case OPT_SIGNER:
             /* If previous -signer argument add signer to list */
-            if (signerfile) {
+            if (signerfile != NULL) {
                 if (sksigners == NULL
                     && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                     goto end;
@@ -273,7 +273,7 @@ int smime_main(int argc, char **argv)
             break;
         case OPT_INKEY:
             /* If previous -inkey argument add signer to list */
-            if (keyfile) {
+            if (keyfile != NULL) {
                 if (signerfile == NULL) {
                     BIO_printf(bio_err,
                                "%s: Must have -signer before -inkey\n", prog);
@@ -323,7 +323,7 @@ int smime_main(int argc, char **argv)
     argc = opt_num_rest();
     argv = opt_rest();
 
-    if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
+    if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
         BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
         goto opthelp;
     }
@@ -334,8 +334,8 @@ int smime_main(int argc, char **argv)
             BIO_puts(bio_err, "Illegal -inkey without -signer\n");
             goto opthelp;
         }
-        if (signerfile) {
-            if (!sksigners
+        if (signerfile != NULL) {
+            if (sksigners == NULL
                 && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                 goto end;
             sk_OPENSSL_STRING_push(sksigners, signerfile);
@@ -345,7 +345,7 @@ int smime_main(int argc, char **argv)
                 keyfile = signerfile;
             sk_OPENSSL_STRING_push(skkeys, keyfile);
         }
-        if (!sksigners) {
+        if (sksigners == NULL) {
             BIO_printf(bio_err, "No signer certificate specified\n");
             goto opthelp;
         }
@@ -353,7 +353,7 @@ int smime_main(int argc, char **argv)
         keyfile = NULL;
         need_rand = 1;
     } else if (operation == SMIME_DECRYPT) {
-        if (!recipfile && !keyfile) {
+        if (recipfile == NULL && keyfile == NULL) {
             BIO_printf(bio_err,
                        "No recipient certificate or key specified\n");
             goto opthelp;
@@ -364,8 +364,9 @@ int smime_main(int argc, char **argv)
             goto opthelp;
         }
         need_rand = 1;
-    } else if (!operation)
+    } else if (!operation) {
         goto opthelp;
+    }
 
     if (!app_passwd(passinarg, NULL, &passin, NULL)) {
         BIO_printf(bio_err, "Error getting password\n");
@@ -395,7 +396,7 @@ int smime_main(int argc, char **argv)
     }
 
     if (operation == SMIME_ENCRYPT) {
-        if (!cipher) {
+        if (cipher == NULL) {
 #ifndef OPENSSL_NO_DES
             cipher = EVP_des_ede3_cbc();
 #else
@@ -404,9 +405,9 @@ int smime_main(int argc, char **argv)
 #endif
         }
         encerts = sk_X509_new_null();
-        if (!encerts)
+        if (encerts == NULL)
             goto end;
-        while (*argv) {
+        while (*argv != NULL) {
             cert = load_cert(*argv, FORMAT_PEM,
                              "recipient certificate file");
             if (cert == NULL)
@@ -417,7 +418,7 @@ int smime_main(int argc, char **argv)
         }
     }
 
-    if (certfile) {
+    if (certfile != NULL) {
         if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
                         "certificate file")) {
             ERR_print_errors(bio_err);
@@ -425,7 +426,7 @@ int smime_main(int argc, char **argv)
         }
     }
 
-    if (recipfile && (operation == SMIME_DECRYPT)) {
+    if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
         if ((recip = load_cert(recipfile, FORMAT_PEM,
                                "recipient certificate file")) == NULL) {
             ERR_print_errors(bio_err);
@@ -434,17 +435,18 @@ int smime_main(int argc, char **argv)
     }
 
     if (operation == SMIME_DECRYPT) {
-        if (!keyfile)
+        if (keyfile == NULL)
             keyfile = recipfile;
     } else if (operation == SMIME_SIGN) {
-        if (!keyfile)
+        if (keyfile == NULL)
             keyfile = signerfile;
-    } else
+    } else {
         keyfile = NULL;
+    }
 
-    if (keyfile) {
+    if (keyfile != NULL) {
         key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
-        if (!key)
+        if (key == NULL)
             goto end;
     }
 
@@ -453,22 +455,22 @@ int smime_main(int argc, char **argv)
         goto end;
 
     if (operation & SMIME_IP) {
-        if (informat == FORMAT_SMIME)
+        if (informat == FORMAT_SMIME) {
             p7 = SMIME_read_PKCS7(in, &indata);
-        else if (informat == FORMAT_PEM)
+        } else if (informat == FORMAT_PEM) {
             p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
-        else if (informat == FORMAT_ASN1)
+        } else if (informat == FORMAT_ASN1) {
             p7 = d2i_PKCS7_bio(in, NULL);
-        else {
+        } else {
             BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
             goto end;
         }
 
-        if (!p7) {
+        if (p7 == NULL) {
             BIO_printf(bio_err, "Error reading S/MIME message\n");
             goto end;
         }
-        if (contfile) {
+        if (contfile != NULL) {
             BIO_free(indata);
             if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
                 BIO_printf(bio_err, "Can't read content file %s\n", contfile);
@@ -505,11 +507,12 @@ int smime_main(int argc, char **argv)
             if (flags & PKCS7_DETACHED) {
                 if (outformat == FORMAT_SMIME)
                     flags |= PKCS7_STREAM;
-            } else if (indef)
+            } else if (indef) {
                 flags |= PKCS7_STREAM;
+            }
             flags |= PKCS7_PARTIAL;
             p7 = PKCS7_sign(NULL, NULL, other, in, flags);
-            if (!p7)
+            if (p7 == NULL)
                 goto end;
             if (flags & PKCS7_NOCERTS) {
                 for (i = 0; i < sk_X509_num(other); i++) {
@@ -517,17 +520,18 @@ int smime_main(int argc, char **argv)
                     PKCS7_add_certificate(p7, x);
                 }
             }
-        } else
+        } else {
             flags |= PKCS7_REUSE_DIGEST;
+        }
         for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
             signerfile = sk_OPENSSL_STRING_value(sksigners, i);
             keyfile = sk_OPENSSL_STRING_value(skkeys, i);
             signer = load_cert(signerfile, FORMAT_PEM,
                                "signer certificate");
-            if (!signer)
+            if (signer == NULL)
                 goto end;
             key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
-            if (!key)
+            if (key == NULL)
                 goto end;
             if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
                 goto end;
@@ -543,7 +547,7 @@ int smime_main(int argc, char **argv)
         }
     }
 
-    if (!p7) {
+    if (p7 == NULL) {
         BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
         goto end;
     }
@@ -569,9 +573,9 @@ int smime_main(int argc, char **argv)
             goto end;
         }
         sk_X509_free(signers);
-    } else if (operation == SMIME_PK7OUT)
+    } else if (operation == SMIME_PK7OUT) {
         PEM_write_bio_PKCS7(out, p7);
-    else {
+    } else {
         if (to)
             BIO_printf(out, "To: %s%s", to, mime_eol);
         if (from)
@@ -583,11 +587,11 @@ int smime_main(int argc, char **argv)
                 rv = SMIME_write_PKCS7(out, p7, indata, flags);
             else
                 rv = SMIME_write_PKCS7(out, p7, in, flags);
-        } else if (outformat == FORMAT_PEM)
+        } else if (outformat == FORMAT_PEM) {
             rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags);
-        else if (outformat == FORMAT_ASN1)
+        } else if (outformat == FORMAT_ASN1) {
             rv = i2d_PKCS7_bio_stream(out, p7, in, flags);
-        else {
+        } else {
             BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
             goto end;
         }
@@ -626,10 +630,11 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers)
 {
     int i;
     BIO *tmp;
-    if (!signerfile)
+
+    if (signerfile == NULL)
         return 1;
     tmp = BIO_new_file(signerfile, "w");
-    if (!tmp)
+    if (tmp == NULL)
         return 0;
     for (i = 0; i < sk_X509_num(signers); i++)
         PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
@@ -652,5 +657,4 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx)
     policies_print(ctx);
 
     return ok;
-
 }
diff --git a/apps/speed.c b/apps/speed.c
index fdc0f7c..3a1f960 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -2640,7 +2640,7 @@ int speed_main(int argc, char **argv)
                 EVP_PKEY_CTX_free(pctx);
                 pctx = NULL;
             }
-            if (!kctx ||        /* keygen ctx is not null */
+            if (kctx == NULL ||      /* keygen ctx is not null */
                 !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) {
                 ecdh_checks = 0;
                 BIO_printf(bio_err, "ECDH keygen failure.\n");
diff --git a/apps/srp.c b/apps/srp.c
index 3b19f86..c31830e 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -139,8 +139,8 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
             BIO_printf(bio_err, "Pass %s\n", password);
 
         OPENSSL_assert(srp_usersalt != NULL);
-        if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
-                                         &verifier, N, g)) ) {
+        if ((gNid = SRP_create_verifier(user, password, &srp_usersalt,
+                                        &verifier, N, g)) == NULL) {
             BIO_printf(bio_err, "Internal error validating SRP verifier\n");
         } else {
             if (strcmp(verifier, srp_verifier))
@@ -170,8 +170,8 @@ static char *srp_create_user(char *user, char **srp_verifier,
         if (verbose)
             BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
                        user, g, N);
-        if (!(gNid = SRP_create_verifier(user, password, &salt,
-                                         srp_verifier, N, g)) ) {
+        if ((gNid = SRP_create_verifier(user, password, &salt,
+                                        srp_verifier, N, g)) == NULL) {
             BIO_printf(bio_err, "Internal error creating SRP verifier\n");
         } else {
             *srp_usersalt = salt;
@@ -283,7 +283,7 @@ int srp_main(int argc, char **argv)
     argc = opt_num_rest();
     argv = opt_rest();
 
-    if (srpvfile && configfile) {
+    if (srpvfile != NULL && configfile != NULL) {
         BIO_printf(bio_err,
                    "-srpvfile and -configfile cannot be specified together.\n");
         goto end;
@@ -299,7 +299,7 @@ int srp_main(int argc, char **argv)
                    "Need at least one user for options -add, -delete, -modify. \n");
         goto opthelp;
     }
-    if ((passinarg || passoutarg) && argc != 1) {
+    if ((passinarg != NULL || passoutarg != NULL) && argc != 1) {
         BIO_printf(bio_err,
                    "-passin, -passout arguments only valid with one user.\n");
         goto opthelp;
@@ -310,8 +310,8 @@ int srp_main(int argc, char **argv)
         goto end;
     }
 
-    if (!srpvfile) {
-        if (!configfile)
+    if (srpvfile == NULL) {
+        if (configfile == NULL)
             configfile = default_config_file;
 
         if (verbose)
@@ -399,17 +399,15 @@ int srp_main(int argc, char **argv)
 
         if (user != NULL && verbose > 1)
             BIO_printf(bio_err, "Processing user \"%s\"\n", user);
-        if ((userindex = get_index(db, user, 'U')) >= 0) {
+        if ((userindex = get_index(db, user, 'U')) >= 0)
             print_user(db, userindex, (verbose > 0) || mode == OPT_LIST);
-        }
 
         if (mode == OPT_LIST) {
             if (user == NULL) {
                 BIO_printf(bio_err, "List all users\n");
 
-                for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+                for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
                     print_user(db, i, 1);
-                }
             } else if (userindex < 0) {
                 BIO_printf(bio_err,
                            "user \"%s\" does not exist, ignored. t\n", user);
@@ -606,7 +604,7 @@ int srp_main(int argc, char **argv)
     OPENSSL_free(passout);
     if (ret)
         ERR_print_errors(bio_err);
-    if (randfile)
+    if (randfile != NULL)
         app_RAND_write_file(randfile);
     NCONF_free(conf);
     free_index(db);
diff --git a/apps/testdsa.h b/apps/testdsa.h
index 3da1fa0..3c4b459 100644
--- a/apps/testdsa.h
+++ b/apps/testdsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/apps/ts.c b/apps/ts.c
index f4bd7f6..636c777 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -498,7 +498,7 @@ static int create_digest(BIO *input, const char *digest, const EVP_MD *md,
     if (md_value_len < 0)
         return 0;
 
-    if (input) {
+    if (input != NULL) {
         unsigned char buffer[4096];
         int length;
 
@@ -590,7 +590,7 @@ static int reply_command(CONF *conf, const char *section, const char *engine,
     } else {
         response = create_response(conf, section, engine, queryfile,
                                    passin, inkey, md, signer, chain, policy);
-        if (response)
+        if (response != NULL)
             BIO_printf(bio_err, "Response has been generated.\n");
         else
             BIO_printf(bio_err, "Response is not generated.\n");
@@ -746,13 +746,14 @@ static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data)
     const char *serial_file = (const char *)data;
     ASN1_INTEGER *serial = next_serial(serial_file);
 
-    if (!serial) {
+    if (serial == NULL) {
         TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
                                     "Error during serial number "
                                     "generation.");
         TS_RESP_CTX_add_failure_info(ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE);
-    } else
+    } else {
         save_ts_serial(serial_file, serial);
+    }
 
     return serial;
 }
@@ -915,8 +916,9 @@ static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
             goto err;
         if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL)
             goto err;
-    } else
+    } else {
         return NULL;
+    }
 
     /* Add the signature verification flag and arguments. */
     TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE);
diff --git a/apps/verify.c b/apps/verify.c
index 2608660..a814649 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -228,9 +228,9 @@ static int check(X509_STORE *ctx, const char *file,
                (file == NULL) ? "stdin" : file);
         goto end;
     }
-    if (tchain)
+    if (tchain != NULL)
         X509_STORE_CTX_set0_trusted_stack(csc, tchain);
-    if (crls)
+    if (crls != NULL)
         X509_STORE_CTX_set0_crls(csc, crls);
     i = X509_verify_cert(csc);
     if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) {
@@ -273,7 +273,7 @@ static int cb(int ok, X509_STORE_CTX *ctx)
     X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
 
     if (!ok) {
-        if (current_cert) {
+        if (current_cert != NULL) {
             X509_NAME_print_ex(bio_err,
                             X509_get_subject_name(current_cert),
                             0, get_nameopt());
diff --git a/apps/version.c b/apps/version.c
index 28523b7..24f1a80 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -97,12 +97,11 @@ int version_main(int argc, char **argv)
         version = 1;
 
     if (version) {
-        if (OpenSSL_version_num() == OPENSSL_VERSION_NUMBER) {
+        if (OpenSSL_version_num() == OPENSSL_VERSION_NUMBER)
             printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
-        } else {
+        else
             printf("%s (Library: %s)\n",
                    OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION));
-        }
     }
     if (date)
         printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
diff --git a/apps/x509.c b/apps/x509.c
index 41d6e4a..689d5a2 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -462,7 +462,7 @@ int x509_main(int argc, char **argv)
         goto end;
     }
 
-    if (fkeyfile) {
+    if (fkeyfile != NULL) {
         fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "Forced key");
         if (fkey == NULL)
             goto end;
@@ -476,13 +476,13 @@ int x509_main(int argc, char **argv)
         goto end;
     }
 
-    if (extfile) {
+    if (extfile != NULL) {
         X509V3_CTX ctx2;
         if ((extconf = app_load_config(extfile)) == NULL)
             goto end;
-        if (!extsect) {
+        if (extsect == NULL) {
             extsect = NCONF_get_string(extconf, "default", "extensions");
-            if (!extsect) {
+            if (extsect == NULL) {
                 ERR_clear_error();
                 extsect = "default";
             }
@@ -530,8 +530,9 @@ int x509_main(int argc, char **argv)
             BIO_printf(bio_err,
                        "Signature did not match the certificate request\n");
             goto end;
-        } else
+        } else {
             BIO_printf(bio_err, "Signature ok\n");
+        }
 
         print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
                    get_nameopt());
@@ -547,8 +548,9 @@ int x509_main(int argc, char **argv)
                 goto end;
             ASN1_INTEGER_free(sno);
             sno = NULL;
-        } else if (!X509_set_serialNumber(x, sno))
+        } else if (!X509_set_serialNumber(x, sno)) {
             goto end;
+        }
 
         if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req)))
             goto end;
@@ -557,14 +559,15 @@ int x509_main(int argc, char **argv)
         if (!set_cert_times(x, NULL, NULL, days))
             goto end;
 
-        if (fkey)
+        if (fkey != NULL) {
             X509_set_pubkey(x, fkey);
-        else {
+        } else {
             pkey = X509_REQ_get0_pubkey(req);
             X509_set_pubkey(x, pkey);
         }
-    } else
+    } else {
         x = load_cert(infile, informat, "Certificate");
+    }
 
     if (x == NULL)
         goto end;
@@ -587,7 +590,7 @@ int x509_main(int argc, char **argv)
     if (clrreject)
         X509_reject_clear(x);
 
-    if (trust) {
+    if (trust != NULL) {
         for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
             objtmp = sk_ASN1_OBJECT_value(trust, i);
             X509_add1_trust_object(x, objtmp);
@@ -595,7 +598,7 @@ int x509_main(int argc, char **argv)
         objtmp = NULL;
     }
 
-    if (reject) {
+    if (reject != NULL) {
         for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
             objtmp = sk_ASN1_OBJECT_value(reject, i);
             X509_add1_reject_object(x, objtmp);
@@ -754,7 +757,7 @@ int x509_main(int argc, char **argv)
                 unsigned char md[EVP_MAX_MD_SIZE];
                 const EVP_MD *fdig = digest;
 
-                if (!fdig)
+                if (fdig == NULL)
                     fdig = EVP_sha1();
 
                 if (!X509_digest(x, fdig, md, &n)) {
@@ -850,9 +853,9 @@ int x509_main(int argc, char **argv)
         goto end;
     }
 
-    if (outformat == FORMAT_ASN1)
+    if (outformat == FORMAT_ASN1) {
         i = i2d_X509_bio(out, x);
-    else if (outformat == FORMAT_PEM) {
+    } else if (outformat == FORMAT_PEM) {
         if (trustout)
             i = PEM_write_bio_X509_AUX(out, x);
         else
@@ -910,8 +913,9 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile, const char *serialfile
                 break;
             }
         OPENSSL_strlcat(buf, POSTFIX, len);
-    } else
+    } else {
         OPENSSL_strlcpy(buf, serialfile, len);
+    }
 
     serial = load_serial(buf, create, NULL);
     if (serial == NULL)
@@ -988,7 +992,7 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges
             X509_delete_ext(x, 0);
     }
 
-    if (conf) {
+    if (conf != NULL) {
         X509V3_CTX ctx2;
         X509_set_version(x, 2); /* version 3 certificate */
         X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
@@ -1057,7 +1061,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
         while (X509_get_ext_count(x) > 0)
             X509_delete_ext(x, 0);
     }
-    if (conf) {
+    if (conf != NULL) {
         X509V3_CTX ctx;
         X509_set_version(x, 2); /* version 3 certificate */
         X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);


More information about the openssl-commits mailing list