16 files changed, 31 insertions, 48 deletions

diff --git a/apps/ciphers.c b/apps/ciphers.c
index 6c7ff01eea..4b9a114666 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -223,10 +223,8 @@ int MAIN(int argc, char **argv)
  end:
     if (use_supported && sk)
         sk_SSL_CIPHER_free(sk);
-    if (ctx != NULL)
-        SSL_CTX_free(ctx);
-    if (ssl != NULL)
-        SSL_free(ssl);
+    SSL_CTX_free(ctx);
+    SSL_free(ssl);
     BIO_free_all(STDout);
     apps_shutdown();
     OPENSSL_EXIT(ret);
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 95380964a3..96f4c67421 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1363,8 +1363,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
         BIO_printf(bio_err, "Error querying OCSP responder\n");
  end:
     BIO_free_all(cbio);
-    if (ctx)
-        SSL_CTX_free(ctx);
+    SSL_CTX_free(ctx);
     return resp;
 }
 
diff --git a/apps/s_client.c b/apps/s_client.c
index ec116171c3..a7e03a5f33 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2024,8 +2024,7 @@ int MAIN(int argc, char **argv)
     if (next_proto.data)
         OPENSSL_free(next_proto.data);
 #endif
-    if (ctx != NULL)
-        SSL_CTX_free(ctx);
+    SSL_CTX_free(ctx);
     if (cert)
         X509_free(cert);
     if (crls)
@@ -2040,8 +2039,7 @@ int MAIN(int argc, char **argv)
     ssl_excert_free(exc);
     if (ssl_args)
         sk_OPENSSL_STRING_free(ssl_args);
-    if (cctx)
-        SSL_CONF_CTX_free(cctx);
+    SSL_CONF_CTX_free(cctx);
 #ifndef OPENSSL_NO_JPAKE
     if (jpake_secret && psk_key)
         OPENSSL_free(psk_key);
diff --git a/apps/s_server.c b/apps/s_server.c
index f97a97d8f0..a66098efe7 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2003,8 +2003,7 @@ int MAIN(int argc, char *argv[])
     print_stats(bio_s_out, ctx);
     ret = 0;
  end:
-    if (ctx != NULL)
-        SSL_CTX_free(ctx);
+    SSL_CTX_free(ctx);
     if (s_cert)
         X509_free(s_cert);
     if (crls)
@@ -2031,8 +2030,7 @@ int MAIN(int argc, char *argv[])
         OPENSSL_free(tlscstatp.port);
     if (tlscstatp.path)
         OPENSSL_free(tlscstatp.path);
-    if (ctx2 != NULL)
-        SSL_CTX_free(ctx2);
+    SSL_CTX_free(ctx2);
     if (s_cert2)
         X509_free(s_cert2);
     EVP_PKEY_free(s_key2);
@@ -2047,8 +2045,7 @@ int MAIN(int argc, char *argv[])
     ssl_excert_free(exc);
     if (ssl_args)
         sk_OPENSSL_STRING_free(ssl_args);
-    if (cctx)
-        SSL_CONF_CTX_free(cctx);
+    SSL_CONF_CTX_free(cctx);
 #ifndef OPENSSL_NO_JPAKE
     if (jpake_secret && psk_key)
         OPENSSL_free(psk_key);
diff --git a/apps/s_time.c b/apps/s_time.c
index 5b94634a53..4f460b6a45 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -540,13 +540,10 @@ int MAIN(int argc, char **argv)
 
     ret = 0;
  end:
-    if (scon != NULL)
-        SSL_free(scon);
+    SSL_free(scon);
 
-    if (tm_ctx != NULL) {
-        SSL_CTX_free(tm_ctx);
-        tm_ctx = NULL;
-    }
+    SSL_CTX_free(tm_ctx);
+    tm_ctx = NULL;
     apps_shutdown();
     OPENSSL_EXIT(ret);
 }
diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c
index e6eddb1c05..73280b576a 100644
--- a/demos/bio/sconnect.c
+++ b/demos/bio/sconnect.c
@@ -106,8 +106,7 @@ char *argv[];
             ERR_print_errors_fp(stderr);
     }
     BIO_free_all(out);
-    if (ssl_ctx != NULL)
-        SSL_CTX_free(ssl_ctx);
+    SSL_CTX_free(ssl_ctx);
     exit(!ret);
     return (ret);
 }
diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c
index 3475551d6a..1a0a03abe6 100644
--- a/demos/easy_tls/easy-tls.c
+++ b/demos/easy_tls/easy-tls.c
@@ -804,8 +804,7 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
  err:
     tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg);
  err_return:
-    if (ret != NULL)
-        SSL_CTX_free(ret);
+    SSL_CTX_free(ret);
     return NULL;
 }
 
diff --git a/doc/ssl/SSL_CONF_CTX_new.pod b/doc/ssl/SSL_CONF_CTX_new.pod
index a9ccb049f4..79c8c94ee0 100644
--- a/doc/ssl/SSL_CONF_CTX_new.pod
+++ b/doc/ssl/SSL_CONF_CTX_new.pod
@@ -17,6 +17,7 @@ The function SSL_CONF_CTX_new() allocates and initialises an B<SSL_CONF_CTX>
 structure for use with the SSL_CONF functions.
 
 The function SSL_CONF_CTX_free() frees up the context B<cctx>.
+If B<cctx> is NULL nothing is done.
 
 =head1 RETURN VALUES
 
diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod
index 51d8676968..f37617dcef 100644
--- a/doc/ssl/SSL_CTX_free.pod
+++ b/doc/ssl/SSL_CTX_free.pod
@@ -20,6 +20,8 @@ It also calls the free()ing procedures for indirectly affected items, if
 applicable: the session cache, the list of ciphers, the list of Client CAs,
 the certificates and keys.
 
+If B<ctx> is NULL nothing is done.
+
 =head1 WARNINGS
 
 If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this
diff --git a/doc/ssl/SSL_SESSION_free.pod b/doc/ssl/SSL_SESSION_free.pod
index 110ec73ab6..f30fe13c7d 100644
--- a/doc/ssl/SSL_SESSION_free.pod
+++ b/doc/ssl/SSL_SESSION_free.pod
@@ -15,6 +15,7 @@ SSL_SESSION_free - free an allocated SSL_SESSION structure
 SSL_SESSION_free() decrements the reference count of B<session> and removes
 the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
 memory, if the reference count has reached 0.
+If B<session> is NULL nothing is done.
 
 =head1 NOTES
 
diff --git a/doc/ssl/SSL_free.pod b/doc/ssl/SSL_free.pod
index 13c1abd9ec..e3e6f56dc4 100644
--- a/doc/ssl/SSL_free.pod
+++ b/doc/ssl/SSL_free.pod
@@ -15,6 +15,7 @@ SSL_free - free an allocated SSL structure
 SSL_free() decrements the reference count of B<ssl>, and removes the SSL
 structure pointed to by B<ssl> and frees up the allocated memory if the
 reference count has reached 0.
+If B<ssl> is NULL nothing is done.
 
 =head1 NOTES
 
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 0344b7e35b..7cf941d15b 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -125,7 +125,7 @@ static int ssl_free(BIO *a)
     if (bs->ssl != NULL)
         SSL_shutdown(bs->ssl);
     if (a->shutdown) {
-        if (a->init && (bs->ssl != NULL))
+        if (a->init)
             SSL_free(bs->ssl);
         a->init = 0;
         a->flags = 0;
@@ -416,8 +416,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_CTRL_DUP:
         dbio = (BIO *)ptr;
-        if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
-            SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
+        SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
         ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl);
         ((BIO_SSL *)dbio->ptr)->renegotiate_count =
             ((BIO_SSL *)b->ptr)->renegotiate_count;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 6da125897d..404f7f9f8f 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1215,8 +1215,7 @@ int ssl3_get_server_certificate(SSL *s)
     if (sc == NULL)
         goto err;
 
-    if (s->session->sess_cert)
-        ssl_sess_cert_free(s->session->sess_cert);
+    ssl_sess_cert_free(s->session->sess_cert);
     s->session->sess_cert = sc;
 
     sc->cert_chain = sk;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index abb3fd301f..cb7bd86e2a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -393,8 +393,7 @@ SSL *SSL_new(SSL_CTX *ctx)
 
     return (s);
  err:
-    if (s != NULL)
-        SSL_free(s);
+    SSL_free(s);
     SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
     return (NULL);
 }
@@ -2992,6 +2991,7 @@ int ssl_init_wbio_buffer(SSL *s, int push)
 
 void ssl_free_wbio_buffer(SSL *s)
 {
+    /* callers ensure s is never null */
     if (s->bbio == NULL)
         return;
 
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 9273eb6c48..24e5d259d4 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -292,10 +292,8 @@ int ssl_get_new_session(SSL *s, int session)
     else
         ss->timeout = s->session_ctx->session_timeout;
 
-    if (s->session != NULL) {
-        SSL_SESSION_free(s->session);
-        s->session = NULL;
-    }
+    SSL_SESSION_free(s->session);
+    s->session = NULL;
 
     if (session) {
         if (s->version == SSL3_VERSION) {
@@ -578,8 +576,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 
     s->session_ctx->stats.sess_hit++;
 
-    if (s->session != NULL)
-        SSL_SESSION_free(s->session);
+    SSL_SESSION_free(s->session);
     s->session = ret;
     s->verify_result = s->session->verify_result;
     return 1;
diff --git a/test/ssltest.c b/test/ssltest.c
index c9f5b4da1d..6ad63427ad 100644
--- a/test/ssltest.c
+++ b/test/ssltest.c
@@ -1789,15 +1789,11 @@ int main(int argc, char *argv[])
     SSL_free(c_ssl);
 
  end:
-    if (s_ctx != NULL)
-        SSL_CTX_free(s_ctx);
-    if (c_ctx != NULL)
-        SSL_CTX_free(c_ctx);
-
-    if (s_cctx)
-        SSL_CONF_CTX_free(s_cctx);
-    if (c_cctx)
-        SSL_CONF_CTX_free(c_cctx);
+    SSL_CTX_free(s_ctx);
+    SSL_CTX_free(c_ctx);
+
+    SSL_CONF_CTX_free(s_cctx);
+    SSL_CONF_CTX_free(c_cctx);
     sk_OPENSSL_STRING_free(conf_args);
 
     BIO_free(bio_stdout);