sk_pop_free() checks for NULL so do not bother doing it from the callers.

7 files changed, 31 insertions, 50 deletions

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index e8cc0e3905f..e44a025e571 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.171 2017/01/24 01:39:13 jsing Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.172 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1723,8 +1723,7 @@ ssl3_get_certificate_request(SSL *s)
 	/* we should setup a certificate to return.... */
 	S3I(s)->tmp.cert_req = 1;
 	S3I(s)->tmp.ctype_num = ctype_num;
-	if (S3I(s)->tmp.ca_names != NULL)
-		sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
+	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
 	S3I(s)->tmp.ca_names = ca_sk;
 	ca_sk = NULL;
 
@@ -1736,8 +1735,7 @@ truncated:
 	}
 err:
 	X509_NAME_free(xn);
-	if (ca_sk != NULL)
-		sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
+	sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
 	return (ret);
 }
 
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 9d0217e95f4..977c170403b 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.130 2017/01/24 09:03:21 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.131 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1838,8 +1838,7 @@ ssl3_free(SSL *s)
 		explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
 	free(S3I(s)->tmp.x25519);
 
-	if (S3I(s)->tmp.ca_names != NULL)
-		sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
+	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
 	BIO_free(S3I(s)->handshake_buffer);
 	tls1_free_digest_list(s);
 	free(S3I(s)->alpn_selected);
@@ -1861,8 +1860,7 @@ ssl3_clear(SSL *s)
 	size_t		 rlen, wlen;
 
 	tls1_cleanup_key_block(s);
-	if (S3I(s)->tmp.ca_names != NULL)
-		sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
+	sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free);
 
 	DH_free(S3I(s)->tmp.dh);
 	S3I(s)->tmp.dh = NULL;
@@ -2330,10 +2328,8 @@ ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 		break;
 
 	case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
-		if (ctx->extra_certs) {
-			sk_X509_pop_free(ctx->extra_certs, X509_free);
-			ctx->extra_certs = NULL;
-		}
+		sk_X509_pop_free(ctx->extra_certs, X509_free);
+		ctx->extra_certs = NULL;
 		break;
 
 	default:
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 37095877422..c6d340026a8 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.152 2017/01/24 12:22:23 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.153 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2595,8 +2595,7 @@ ssl3_get_client_certificate(SSL *s)
 			goto err;
 		}
 	}
-	if (SSI(s)->sess_cert->cert_chain != NULL)
-		sk_X509_pop_free(SSI(s)->sess_cert->cert_chain, X509_free);
+	sk_X509_pop_free(SSI(s)->sess_cert->cert_chain, X509_free);
 	SSI(s)->sess_cert->cert_chain = sk;
 
 	/*
@@ -2617,8 +2616,8 @@ f_err:
 	}
 err:
 	X509_free(x);
-	if (sk != NULL)
-		sk_X509_pop_free(sk, X509_free);
+	sk_X509_pop_free(sk, X509_free);
+
 	return (ret);
 }
 
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index c23e789bf8f..9ce8585d46f 100644
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.58 2017/01/23 06:45:30 beck Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.59 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -395,9 +395,7 @@ ssl_sess_cert_free(SESS_CERT *sc)
 	if (i > 0)
 		return;
 
-	/* i == 0 */
-	if (sc->cert_chain != NULL)
-		sk_X509_pop_free(sc->cert_chain, X509_free);
+	sk_X509_pop_free(sc->cert_chain, X509_free);
 	for (i = 0; i < SSL_PKEY_NUM; i++)
 		X509_free(sc->peer_pkeys[i].x509);
 
@@ -459,9 +457,7 @@ static void
 set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
     STACK_OF(X509_NAME) *name_list)
 {
-	if (*ca_list != NULL)
-		sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
-
+	sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
 	*ca_list = name_list;
 }
 
@@ -611,8 +607,7 @@ SSL_load_client_CA_file(const char *file)
 
 	if (0) {
 err:
-		if (ret != NULL)
-			sk_X509_NAME_pop_free(ret, X509_NAME_free);
+		sk_X509_NAME_pop_free(ret, X509_NAME_free);
 		ret = NULL;
 	}
 	if (sk != NULL)
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 21d2d231d10..bdf6bc6ee38 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.146 2017/01/24 13:34:26 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.147 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -561,17 +561,16 @@ SSL_free(SSL *s)
 
 	free(s->tlsext_hostname);
 	SSL_CTX_free(s->initial_ctx);
+
 	free(s->internal->tlsext_ecpointformatlist);
 	free(s->internal->tlsext_supportedgroups);
-	if (s->internal->tlsext_ocsp_exts)
-		sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
-		    X509_EXTENSION_free);
-	if (s->internal->tlsext_ocsp_ids)
-		sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
+
+	sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
+	    X509_EXTENSION_free);
+	sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
 	free(s->internal->tlsext_ocsp_resp);
 
-	if (s->internal->client_CA != NULL)
-		sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);
+	sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free);
 
 	if (s->method != NULL)
 		s->method->internal->ssl_free(s);
@@ -2011,10 +2010,8 @@ SSL_CTX_free(SSL_CTX *ctx)
 	sk_SSL_CIPHER_free(ctx->cipher_list);
 	sk_SSL_CIPHER_free(ctx->internal->cipher_list_by_id);
 	ssl_cert_free(ctx->internal->cert);
-	if (ctx->internal->client_CA != NULL)
-		sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free);
-	if (ctx->extra_certs != NULL)
-		sk_X509_pop_free(ctx->extra_certs, X509_free);
+	sk_X509_NAME_pop_free(ctx->internal->client_CA, X509_NAME_free);
+	sk_X509_pop_free(ctx->extra_certs, X509_free);
 
 #ifndef OPENSSL_NO_SRTP
 	if (ctx->internal->srtp_profiles)
diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c
index 82c8cc0a870..03eedc0d8a7 100644
--- a/lib/libssl/ssl_rsa.c
+++ b/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_rsa.c,v 1.24 2017/01/23 22:34:38 beck Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.25 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -671,10 +671,8 @@ ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
 		int r;
 		unsigned long err;
 
-		if (ctx->extra_certs != NULL) {
-			sk_X509_pop_free(ctx->extra_certs, X509_free);
-			ctx->extra_certs = NULL;
-		}
+		sk_X509_pop_free(ctx->extra_certs, X509_free);
+		ctx->extra_certs = NULL;
 
 		while ((ca = PEM_read_bio_X509(in, NULL,
 		    ctx->default_passwd_callback,
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 23e1a2d350c..9b60d664e56 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.110 2017/01/24 12:24:07 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.111 2017/01/24 14:57:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1593,10 +1593,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
 				}
 				sdata = data;
 				if (dsize > 0) {
-					if (s->internal->tlsext_ocsp_exts) {
-						sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
-						    X509_EXTENSION_free);
-					}
+					sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts,
+					    X509_EXTENSION_free);
 
 					s->internal->tlsext_ocsp_exts =
 					    d2i_X509_EXTENSIONS(NULL,