Remove unnecessary NULL checks, part 5.

Finally, the ssl stack.

Change-Id: Iea10e302825947da36ad46eaf3e8e2bce060fde2
Reviewed-on: https://boringssl-review.googlesource.com/4518
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index ec2d920..85b0af9 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -199,12 +199,8 @@
   if (frag == NULL) {
     return;
   }
-  if (frag->fragment) {
-    OPENSSL_free(frag->fragment);
-  }
-  if (frag->reassembly) {
-    OPENSSL_free(frag->reassembly);
-  }
+  OPENSSL_free(frag->fragment);
+  OPENSSL_free(frag->reassembly);
   OPENSSL_free(frag);
 }
 
@@ -660,12 +656,8 @@
 f_err:
   ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
-  if (item != NULL) {
-    pitem_free(item);
-  }
-  if (frag != NULL) {
-    dtls1_hm_fragment_free(frag);
-  }
+  pitem_free(item);
+  dtls1_hm_fragment_free(frag);
   *ok = 0;
   return -1;
 }
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 9e41618..c063247 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -510,9 +510,7 @@
 end:
   s->in_handshake--;
 
-  if (buf != NULL) {
-    BUF_MEM_free(buf);
-  }
+  BUF_MEM_free(buf);
   if (cb != NULL) {
     cb(s, SSL_CB_CONNECT_EXIT, ret);
   }
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 9dadb28..3c1fd09 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -101,12 +101,8 @@
   d1->sent_messages = pqueue_new();
 
   if (!d1->buffered_messages || !d1->sent_messages) {
-    if (d1->buffered_messages) {
-      pqueue_free(d1->buffered_messages);
-    }
-    if (d1->sent_messages) {
-      pqueue_free(d1->sent_messages);
-    }
+    pqueue_free(d1->buffered_messages);
+    pqueue_free(d1->sent_messages);
     OPENSSL_free(d1);
     ssl3_free(s);
     return 0;
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 3ae0513..3415f98 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -516,9 +516,7 @@
 
 end:
   s->in_handshake--;
-  if (buf != NULL) {
-    BUF_MEM_free(buf);
-  }
+  BUF_MEM_free(buf);
   if (cb != NULL) {
     cb(s, SSL_CB_ACCEPT_EXIT, ret);
   }
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 9ab8e1b..889a732 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -658,18 +658,14 @@
 }
 
 int ssl3_release_write_buffer(SSL *s) {
-  if (s->s3->wbuf.buf != NULL) {
-    OPENSSL_free(s->s3->wbuf.buf);
-    s->s3->wbuf.buf = NULL;
-  }
+  OPENSSL_free(s->s3->wbuf.buf);
+  s->s3->wbuf.buf = NULL;
   return 1;
 }
 
 int ssl3_release_read_buffer(SSL *s) {
-  if (s->s3->rbuf.buf != NULL) {
-    OPENSSL_free(s->s3->rbuf.buf);
-    s->s3->rbuf.buf = NULL;
-  }
+  OPENSSL_free(s->s3->rbuf.buf);
+  s->s3->rbuf.buf = NULL;
   return 1;
 }
 
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index dda637d..5efccd4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -545,10 +545,8 @@
         /* clean a few things up */
         ssl3_cleanup_key_block(s);
 
-        if (s->init_buf != NULL) {
-          BUF_MEM_free(s->init_buf);
-          s->init_buf = NULL;
-        }
+        BUF_MEM_free(s->init_buf);
+        s->init_buf = NULL;
 
         /* Remove write buffering now. */
         ssl_free_wbio_buffer(s);
@@ -588,9 +586,7 @@
 
 end:
   s->in_handshake--;
-  if (buf != NULL) {
-    BUF_MEM_free(buf);
-  }
+  BUF_MEM_free(buf);
   if (cb != NULL) {
     cb(s, SSL_CB_CONNECT_EXIT, ret);
   }
@@ -993,9 +989,7 @@
     goto err;
   }
 
-  if (s->session->sess_cert) {
-    ssl_sess_cert_free(s->session->sess_cert);
-  }
+  ssl_sess_cert_free(s->session->sess_cert);
   s->session->sess_cert = sc;
 
   sc->cert_chain = sk;
@@ -1033,17 +1027,11 @@
     goto f_err;
   }
   sc->peer_cert_type = i;
-  /* Why would the following ever happen? We just created sc a couple of lines
-   * ago. */
-  if (sc->peer_pkeys[i].x509 != NULL) {
-    X509_free(sc->peer_pkeys[i].x509);
-  }
+  X509_free(sc->peer_pkeys[i].x509);
   sc->peer_pkeys[i].x509 = X509_up_ref(x);
   sc->peer_key = &(sc->peer_pkeys[i]);
 
-  if (s->session->peer != NULL) {
-    X509_free(s->session->peer);
-  }
+  X509_free(s->session->peer);
   s->session->peer = X509_up_ref(x);
 
   s->session->verify_result = s->verify_result;
@@ -1108,10 +1096,8 @@
 
       /* TODO(davidben): This should be reset in one place with the rest of the
        * handshake state. */
-      if (s->s3->tmp.peer_psk_identity_hint) {
-        OPENSSL_free(s->s3->tmp.peer_psk_identity_hint);
-        s->s3->tmp.peer_psk_identity_hint = NULL;
-      }
+      OPENSSL_free(s->s3->tmp.peer_psk_identity_hint);
+      s->s3->tmp.peer_psk_identity_hint = NULL;
     }
     s->s3->tmp.reuse_message = 1;
     return 1;
@@ -1122,14 +1108,10 @@
   server_key_exchange_orig = server_key_exchange;
 
   if (s->session->sess_cert != NULL) {
-    if (s->session->sess_cert->peer_dh_tmp) {
-      DH_free(s->session->sess_cert->peer_dh_tmp);
-      s->session->sess_cert->peer_dh_tmp = NULL;
-    }
-    if (s->session->sess_cert->peer_ecdh_tmp) {
-      EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
-      s->session->sess_cert->peer_ecdh_tmp = NULL;
-    }
+    DH_free(s->session->sess_cert->peer_dh_tmp);
+    s->session->sess_cert->peer_dh_tmp = NULL;
+    EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
+    s->session->sess_cert->peer_ecdh_tmp = NULL;
   } else {
     s->session->sess_cert = ssl_sess_cert_new();
     if (s->session->sess_cert == NULL) {
@@ -1364,17 +1346,11 @@
   ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
   EVP_PKEY_free(pkey);
-  if (rsa != NULL) {
-    RSA_free(rsa);
-  }
-  if (dh != NULL) {
-    DH_free(dh);
-  }
+  RSA_free(rsa);
+  DH_free(dh);
   BN_CTX_free(bn_ctx);
   EC_POINT_free(srvr_ecpoint);
-  if (ecdh != NULL) {
-    EC_KEY_free(ecdh);
-  }
+  EC_KEY_free(ecdh);
   EVP_MD_CTX_cleanup(&md_ctx);
   return -1;
 }
@@ -1506,18 +1482,14 @@
 
   /* we should setup a certificate to return.... */
   s->s3->tmp.cert_req = 1;
-  if (s->s3->tmp.ca_names != NULL) {
-    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
-  }
+  sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
   s->s3->tmp.ca_names = ca_sk;
   ca_sk = NULL;
 
   ret = 1;
 
 err:
-  if (ca_sk != NULL) {
-    sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
-  }
+  sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
   return ret;
 }
 
@@ -1693,10 +1665,7 @@
         goto err;
       }
 
-      if (s->session->psk_identity != NULL) {
-        OPENSSL_free(s->session->psk_identity);
-      }
-
+      OPENSSL_free(s->session->psk_identity);
       s->session->psk_identity = BUF_strdup(identity);
       if (s->session->psk_identity == NULL) {
         OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange,
@@ -1738,9 +1707,7 @@
           pkey->pkey.rsa == NULL) {
         OPENSSL_PUT_ERROR(SSL, ssl3_send_client_key_exchange,
                           ERR_R_INTERNAL_ERROR);
-        if (pkey != NULL) {
-          EVP_PKEY_free(pkey);
-        }
+        EVP_PKEY_free(pkey);
         goto err;
       }
 
@@ -2007,12 +1974,8 @@
 
 err:
   BN_CTX_free(bn_ctx);
-  if (encodedPoint != NULL) {
-    OPENSSL_free(encodedPoint);
-  }
-  if (clnt_ecdh != NULL) {
-    EC_KEY_free(clnt_ecdh);
-  }
+  OPENSSL_free(encodedPoint);
+  EC_KEY_free(clnt_ecdh);
   EVP_PKEY_free(srvr_pub_pkey);
   if (pms) {
     OPENSSL_cleanse(pms, pms_len);
@@ -2154,12 +2117,8 @@
                         SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
     }
 
-    if (x509 != NULL) {
-      X509_free(x509);
-    }
-    if (pkey != NULL) {
-      EVP_PKEY_free(pkey);
-    }
+    X509_free(x509);
+    EVP_PKEY_free(pkey);
     if (i && !ssl3_has_client_certificate(s)) {
       i = 0;
     }
@@ -2399,15 +2358,9 @@
 
 err:
   EVP_MD_CTX_cleanup(&md_ctx);
-  if (public_key) {
-    OPENSSL_free(public_key);
-  }
-  if (der_sig) {
-    OPENSSL_free(der_sig);
-  }
-  if (sig) {
-    ECDSA_SIG_free(sig);
-  }
+  OPENSSL_free(public_key);
+  OPENSSL_free(der_sig);
+  ECDSA_SIG_free(sig);
 
   return ret;
 }
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 50df40c..fbe68da 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -236,12 +236,8 @@
 }
 
 int ssl3_init_finished_mac(SSL *s) {
-  if (s->s3->handshake_buffer) {
-    BIO_free(s->s3->handshake_buffer);
-  }
-  if (s->s3->handshake_dgst) {
-    ssl3_free_digest_list(s);
-  }
+  BIO_free(s->s3->handshake_buffer);
+  ssl3_free_digest_list(s);
   s->s3->handshake_buffer = BIO_new(BIO_s_mem());
   if (s->s3->handshake_buffer == NULL) {
     return 0;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 3d80565..4537e2e 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -554,47 +554,21 @@
     return;
   }
 
-  if (s->s3->sniff_buffer != NULL) {
-    BUF_MEM_free(s->s3->sniff_buffer);
-  }
+  BUF_MEM_free(s->s3->sniff_buffer);
   ssl3_cleanup_key_block(s);
-  if (s->s3->rbuf.buf != NULL) {
-    ssl3_release_read_buffer(s);
-  }
-  if (s->s3->wbuf.buf != NULL) {
-    ssl3_release_write_buffer(s);
-  }
-  if (s->s3->tmp.dh != NULL) {
-    DH_free(s->s3->tmp.dh);
-  }
-  if (s->s3->tmp.ecdh != NULL) {
-    EC_KEY_free(s->s3->tmp.ecdh);
-  }
+  ssl3_release_read_buffer(s);
+  ssl3_release_write_buffer(s);
+  DH_free(s->s3->tmp.dh);
+  EC_KEY_free(s->s3->tmp.ecdh);
 
-  if (s->s3->tmp.ca_names != NULL) {
-    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
-  }
-  if (s->s3->tmp.certificate_types != NULL) {
-    OPENSSL_free(s->s3->tmp.certificate_types);
-  }
-  if (s->s3->tmp.peer_ecpointformatlist) {
-    OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);
-  }
-  if (s->s3->tmp.peer_ellipticcurvelist) {
-    OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);
-  }
-  if (s->s3->tmp.peer_psk_identity_hint) {
-    OPENSSL_free(s->s3->tmp.peer_psk_identity_hint);
-  }
-  if (s->s3->handshake_buffer) {
-    BIO_free(s->s3->handshake_buffer);
-  }
-  if (s->s3->handshake_dgst) {
-    ssl3_free_digest_list(s);
-  }
-  if (s->s3->alpn_selected) {
-    OPENSSL_free(s->s3->alpn_selected);
-  }
+  sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+  OPENSSL_free(s->s3->tmp.certificate_types);
+  OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);
+  OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);
+  OPENSSL_free(s->s3->tmp.peer_psk_identity_hint);
+  BIO_free(s->s3->handshake_buffer);
+  ssl3_free_digest_list(s);
+  OPENSSL_free(s->s3->alpn_selected);
 
   OPENSSL_cleanse(s->s3, sizeof *s->s3);
   OPENSSL_free(s->s3);
@@ -661,9 +635,7 @@
         OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_DH_LIB);
         return ret;
       }
-      if (s->cert->dh_tmp != NULL) {
-        DH_free(s->cert->dh_tmp);
-      }
+      DH_free(s->cert->dh_tmp);
       s->cert->dh_tmp = dh;
       ret = 1;
       break;
@@ -692,9 +664,7 @@
 
     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
       if (larg == TLSEXT_NAMETYPE_host_name) {
-        if (s->tlsext_hostname != NULL) {
-          OPENSSL_free(s->tlsext_hostname);
-        }
+        OPENSSL_free(s->tlsext_hostname);
         s->tlsext_hostname = NULL;
 
         ret = 1;
@@ -846,9 +816,7 @@
         OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_CHANNEL_ID_NOT_P256);
         break;
       }
-      if (s->tlsext_channel_id_private) {
-        EVP_PKEY_free(s->tlsext_channel_id_private);
-      }
+      EVP_PKEY_free(s->tlsext_channel_id_private);
       s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY *)parg);
       ret = 1;
       break;
@@ -927,9 +895,7 @@
         DH_free(new);
         return 0;
       }
-      if (cert->dh_tmp != NULL) {
-        DH_free(cert->dh_tmp);
-      }
+      DH_free(cert->dh_tmp);
       cert->dh_tmp = new;
       return 1;
     }
@@ -1026,10 +992,8 @@
       break;
 
     case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
-      if (ctx->extra_certs) {
-        sk_X509_pop_free(ctx->extra_certs, X509_free);
-        ctx->extra_certs = NULL;
-      }
+      sk_X509_pop_free(ctx->extra_certs, X509_free);
+      ctx->extra_certs = NULL;
       break;
 
     case SSL_CTRL_CHAIN:
@@ -1063,9 +1027,7 @@
         OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_CHANNEL_ID_NOT_P256);
         break;
       }
-      if (ctx->tlsext_channel_id_private) {
-        EVP_PKEY_free(ctx->tlsext_channel_id_private);
-      }
+      EVP_PKEY_free(ctx->tlsext_channel_id_private);
       ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY *)parg);
       break;
 
@@ -1266,12 +1228,10 @@
 }
 
 static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len) {
-  if (c->client_certificate_types) {
-    OPENSSL_free(c->client_certificate_types);
-    c->client_certificate_types = NULL;
-  }
-
+  OPENSSL_free(c->client_certificate_types);
+  c->client_certificate_types = NULL;
   c->num_client_certificate_types = 0;
+
   if (!p || !len) {
     return 1;
   }
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 8f5712e..b7fc545 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -644,7 +644,7 @@
 
         /* If we aren't retaining peer certificates then we can discard it
          * now. */
-        if (s->session->peer && s->ctx->retain_only_sha256_of_client_certs) {
+        if (s->ctx->retain_only_sha256_of_client_certs) {
           X509_free(s->session->peer);
           s->session->peer = NULL;
         }
@@ -681,9 +681,7 @@
 
 end:
   s->in_handshake--;
-  if (buf != NULL) {
-    BUF_MEM_free(buf);
-  }
+  BUF_MEM_free(buf);
   if (cb != NULL) {
     cb(s, SSL_CB_ACCEPT_EXIT, ret);
   }
@@ -1215,9 +1213,7 @@
   }
 
 err:
-  if (ciphers != NULL) {
-    sk_SSL_CIPHER_free(ciphers);
-  }
+  sk_SSL_CIPHER_free(ciphers);
   return ret;
 }
 
@@ -1608,9 +1604,7 @@
 f_err:
   ssl3_send_alert(s, SSL3_AL_FATAL, al);
 err:
-  if (encodedPoint != NULL) {
-    OPENSSL_free(encodedPoint);
-  }
+  OPENSSL_free(encodedPoint);
   BN_CTX_free(bn_ctx);
   EVP_MD_CTX_cleanup(&md_ctx);
   return -1;
@@ -2105,14 +2099,10 @@
     }
     OPENSSL_free(premaster_secret);
   }
-  if (decrypt_buf) {
-    OPENSSL_free(decrypt_buf);
-  }
+  OPENSSL_free(decrypt_buf);
   EVP_PKEY_free(clnt_pub_pkey);
   EC_POINT_free(clnt_ecpoint);
-  if (srvr_ecdh != NULL) {
-    EC_KEY_free(srvr_ecdh);
-  }
+  EC_KEY_free(srvr_ecdh);
   BN_CTX_free(bn_ctx);
 
   return -1;
@@ -2351,11 +2341,7 @@
     }
   }
 
-  if (s->session->peer != NULL) {
-    /* This should not be needed */
-    X509_free(s->session->peer);
-  }
-
+  X509_free(s->session->peer);
   s->session->peer = sk_X509_shift(sk);
   s->session->verify_result = s->verify_result;
 
@@ -2368,9 +2354,7 @@
       goto err;
     }
   }
-  if (s->session->sess_cert->cert_chain != NULL) {
-    sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
-  }
+  sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
   s->session->sess_cert->cert_chain = sk;
   /* Inconsistency alert: cert_chain does *not* include the peer's own
    * certificate, while we do include it in s3_clnt.c */
@@ -2385,12 +2369,8 @@
   }
 
 err:
-  if (x != NULL) {
-    X509_free(x);
-  }
-  if (sk != NULL) {
-    sk_X509_pop_free(sk, X509_free);
-  }
+  X509_free(x);
+  sk_X509_pop_free(sk, X509_free);
   return ret;
 }
 
@@ -2539,9 +2519,7 @@
   ret = ssl_do_write(s);
 
 err:
-  if (session != NULL) {
-    OPENSSL_free(session);
-  }
+  OPENSSL_free(session);
   EVP_CIPHER_CTX_cleanup(&ctx);
   HMAC_CTX_cleanup(&hctx);
   return ret;
@@ -2731,14 +2709,8 @@
   BN_free(&y);
   BN_free(sig.r);
   BN_free(sig.s);
-  if (key) {
-    EC_KEY_free(key);
-  }
-  if (point) {
-    EC_POINT_free(point);
-  }
-  if (p256) {
-    EC_GROUP_free(p256);
-  }
+  EC_KEY_free(key);
+  EC_POINT_free(point);
+  EC_GROUP_free(p256);
   return ret;
 }
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 3bca0c9..eb0c725 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -382,7 +382,7 @@
       OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, ERR_R_MALLOC_FAILURE);
       return 0;
     }
-  } else if (*out) {
+  } else {
     OPENSSL_free(*out);
     *out = NULL;
   }
@@ -526,10 +526,8 @@
   ret->time = session_time;
   ret->timeout = timeout;
 
-  if (ret->peer != NULL) {
-    X509_free(ret->peer);
-    ret->peer = NULL;
-  }
+  X509_free(ret->peer);
+  ret->peer = NULL;
   if (has_peer) {
     const uint8_t *ptr;
     ptr = CBS_data(&peer);
@@ -585,8 +583,6 @@
   return ret;
 
 err:
-  if (allocated) {
-    SSL_SESSION_free(allocated);
-  }
+  SSL_SESSION_free(allocated);
   return NULL;
 }
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 384cf26..a21256f 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -314,35 +314,17 @@
     return;
   }
 
-  if (c->dh_tmp) {
-    DH_free(c->dh_tmp);
-  }
+  DH_free(c->dh_tmp);
 
   ssl_cert_clear_certs(c);
-  if (c->peer_sigalgs) {
-    OPENSSL_free(c->peer_sigalgs);
-  }
-  if (c->conf_sigalgs) {
-    OPENSSL_free(c->conf_sigalgs);
-  }
-  if (c->client_sigalgs) {
-    OPENSSL_free(c->client_sigalgs);
-  }
-  if (c->shared_sigalgs) {
-    OPENSSL_free(c->shared_sigalgs);
-  }
-  if (c->client_certificate_types) {
-    OPENSSL_free(c->client_certificate_types);
-  }
-  if (c->verify_store) {
-    X509_STORE_free(c->verify_store);
-  }
-  if (c->chain_store) {
-    X509_STORE_free(c->chain_store);
-  }
-  if (c->ciphers_raw) {
-    OPENSSL_free(c->ciphers_raw);
-  }
+  OPENSSL_free(c->peer_sigalgs);
+  OPENSSL_free(c->conf_sigalgs);
+  OPENSSL_free(c->client_sigalgs);
+  OPENSSL_free(c->shared_sigalgs);
+  OPENSSL_free(c->client_certificate_types);
+  X509_STORE_free(c->verify_store);
+  X509_STORE_free(c->chain_store);
+  OPENSSL_free(c->ciphers_raw);
 
   OPENSSL_free(c);
 }
@@ -352,9 +334,7 @@
   if (!cpk) {
     return 0;
   }
-  if (cpk->chain) {
-    sk_X509_pop_free(cpk->chain, X509_free);
-  }
+  sk_X509_pop_free(cpk->chain, X509_free);
   cpk->chain = chain;
   return 1;
 }
@@ -453,22 +433,14 @@
     return;
   }
 
-  if (sc->cert_chain != NULL) {
-    sk_X509_pop_free(sc->cert_chain, X509_free);
-  }
+  sk_X509_pop_free(sc->cert_chain, X509_free);
 
   for (i = 0; i < SSL_PKEY_NUM; i++) {
-    if (sc->peer_pkeys[i].x509 != NULL) {
-      X509_free(sc->peer_pkeys[i].x509);
-    }
+    X509_free(sc->peer_pkeys[i].x509);
   }
 
-  if (sc->peer_dh_tmp != NULL) {
-    DH_free(sc->peer_dh_tmp);
-  }
-  if (sc->peer_ecdh_tmp != NULL) {
-    EC_KEY_free(sc->peer_ecdh_tmp);
-  }
+  DH_free(sc->peer_dh_tmp);
+  EC_KEY_free(sc->peer_ecdh_tmp);
 
   OPENSSL_free(sc);
 }
@@ -527,10 +499,7 @@
 
 static void set_client_CA_list(STACK_OF(X509_NAME) * *ca_list,
                                STACK_OF(X509_NAME) * name_list) {
-  if (*ca_list != NULL) {
-    sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
-  }
-
+  sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
   *ca_list = name_list;
 }
 
@@ -673,21 +642,13 @@
 
   if (0) {
   err:
-    if (ret != NULL) {
-      sk_X509_NAME_pop_free(ret, X509_NAME_free);
-    }
+    sk_X509_NAME_pop_free(ret, X509_NAME_free);
     ret = NULL;
   }
 
-  if (sk != NULL) {
-    sk_X509_NAME_free(sk);
-  }
-  if (in != NULL) {
-    BIO_free(in);
-  }
-  if (x != NULL) {
-    X509_free(x);
-  }
+  sk_X509_NAME_free(sk);
+  BIO_free(in);
+  X509_free(x);
   if (ret != NULL) {
     ERR_clear_error();
   }
@@ -748,12 +709,8 @@
     ret = 0;
   }
 
-  if (in != NULL) {
-    BIO_free(in);
-  }
-  if (x != NULL) {
-    X509_free(x);
-  }
+  BIO_free(in);
+  X509_free(x);
 
   (void) sk_X509_NAME_set_cmp_func(stack, oldcmp);
 
@@ -1024,9 +981,7 @@
     pstore = &c->verify_store;
   }
 
-  if (*pstore) {
-    X509_STORE_free(*pstore);
-  }
+  X509_STORE_free(*pstore);
   *pstore = store;
 
   if (ref && store) {
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 857b2a4..7e0ade8 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -1003,9 +1003,7 @@
   pref_list = NULL;
 
   if (out_cipher_list_by_id != NULL) {
-    if (*out_cipher_list_by_id != NULL) {
-      sk_SSL_CIPHER_free(*out_cipher_list_by_id);
-    }
+    sk_SSL_CIPHER_free(*out_cipher_list_by_id);
     *out_cipher_list_by_id = tmp_cipher_list;
     tmp_cipher_list = NULL;
     (void) sk_SSL_CIPHER_set_cmp_func(*out_cipher_list_by_id,
@@ -1020,24 +1018,14 @@
   return cipherstack;
 
 err:
-  if (co_list) {
-    OPENSSL_free(co_list);
-  }
-  if (in_group_flags) {
-    OPENSSL_free(in_group_flags);
-  }
-  if (cipherstack) {
-    sk_SSL_CIPHER_free(cipherstack);
-  }
-  if (tmp_cipher_list) {
-    sk_SSL_CIPHER_free(tmp_cipher_list);
-  }
-  if (pref_list && pref_list->in_group_flags) {
+  OPENSSL_free(co_list);
+  OPENSSL_free(in_group_flags);
+  sk_SSL_CIPHER_free(cipherstack);
+  sk_SSL_CIPHER_free(tmp_cipher_list);
+  if (pref_list) {
     OPENSSL_free(pref_list->in_group_flags);
   }
-  if (pref_list) {
-    OPENSSL_free(pref_list);
-  }
+  OPENSSL_free(pref_list);
   return NULL;
 }
 
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 2d0bec7..696b13b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -205,21 +205,17 @@
   s->rwstate = SSL_NOTHING;
   s->rstate = SSL_ST_READ_HEADER;
 
-  if (s->init_buf != NULL) {
-    BUF_MEM_free(s->init_buf);
-    s->init_buf = NULL;
-  }
+  BUF_MEM_free(s->init_buf);
+  s->init_buf = NULL;
 
   s->packet = NULL;
   s->packet_length = 0;
 
   ssl_clear_cipher_ctx(s);
 
-  if (s->next_proto_negotiated) {
-    OPENSSL_free(s->next_proto_negotiated);
-    s->next_proto_negotiated = NULL;
-    s->next_proto_negotiated_len = 0;
-  }
+  OPENSSL_free(s->next_proto_negotiated);
+  s->next_proto_negotiated = NULL;
+  s->next_proto_negotiated_len = 0;
 
   /* The s->d1->mtu is simultaneously configuration (preserved across
    * clear) and connection-specific state (gets reset).
@@ -365,9 +361,7 @@
   return s;
 
 err:
-  if (s != NULL) {
-    SSL_free(s);
-  }
+  SSL_free(s);
   OPENSSL_PUT_ERROR(SSL, SSL_new, ERR_R_MALLOC_FAILURE);
 
   return NULL;
@@ -492,12 +486,7 @@
   return ret;
 
 err:
-  if (ret && ret->ciphers) {
-    sk_SSL_CIPHER_free(ret->ciphers);
-  }
-  if (ret) {
-    OPENSSL_free(ret);
-  }
+  ssl_cipher_preference_list_free(ret);
   return NULL;
 }
 
@@ -524,12 +513,7 @@
   return ret;
 
 err:
-  if (ret && ret->ciphers) {
-    sk_SSL_CIPHER_free(ret->ciphers);
-  }
-  if (ret) {
-    OPENSSL_free(ret);
-  }
+  ssl_cipher_preference_list_free(ret);
   return NULL;
 }
 
@@ -544,9 +528,7 @@
     return;
   }
 
-  if (s->param) {
-    X509_VERIFY_PARAM_free(s->param);
-  }
+  X509_VERIFY_PARAM_free(s->param);
 
   CRYPTO_free_ex_data(&g_ex_data_class_ssl, s, &s->ex_data);
 
@@ -559,74 +541,40 @@
     s->bbio = NULL;
   }
 
-  if (s->rbio != NULL) {
-    BIO_free_all(s->rbio);
-  }
-
-  if (s->wbio != NULL && s->wbio != s->rbio) {
+  int free_wbio = s->wbio != s->rbio;
+  BIO_free_all(s->rbio);
+  if (free_wbio) {
     BIO_free_all(s->wbio);
   }
 
-  if (s->init_buf != NULL) {
-    BUF_MEM_free(s->init_buf);
-  }
+  BUF_MEM_free(s->init_buf);
 
   /* add extra stuff */
-  if (s->cipher_list != NULL) {
-    ssl_cipher_preference_list_free(s->cipher_list);
-  }
-  if (s->cipher_list_by_id != NULL) {
-    sk_SSL_CIPHER_free(s->cipher_list_by_id);
-  }
+  ssl_cipher_preference_list_free(s->cipher_list);
+  sk_SSL_CIPHER_free(s->cipher_list_by_id);
 
-  if (s->session != NULL) {
-    ssl_clear_bad_session(s);
-    SSL_SESSION_free(s->session);
-  }
+  ssl_clear_bad_session(s);
+  SSL_SESSION_free(s->session);
 
   ssl_clear_cipher_ctx(s);
 
-  if (s->cert != NULL) {
-    ssl_cert_free(s->cert);
-  }
+  ssl_cert_free(s->cert);
 
-  if (s->tlsext_hostname) {
-    OPENSSL_free(s->tlsext_hostname);
-  }
-  if (s->initial_ctx) {
-    SSL_CTX_free(s->initial_ctx);
-  }
-  if (s->tlsext_ecpointformatlist) {
-    OPENSSL_free(s->tlsext_ecpointformatlist);
-  }
-  if (s->tlsext_ellipticcurvelist) {
-    OPENSSL_free(s->tlsext_ellipticcurvelist);
-  }
-  if (s->alpn_client_proto_list) {
-    OPENSSL_free(s->alpn_client_proto_list);
-  }
-  if (s->tlsext_channel_id_private) {
-    EVP_PKEY_free(s->tlsext_channel_id_private);
-  }
-  if (s->psk_identity_hint) {
-    OPENSSL_free(s->psk_identity_hint);
-  }
-  if (s->client_CA != NULL) {
-    sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
-  }
-  if (s->next_proto_negotiated) {
-    OPENSSL_free(s->next_proto_negotiated);
-  }
-  if (s->srtp_profiles) {
-    sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
-  }
+  OPENSSL_free(s->tlsext_hostname);
+  SSL_CTX_free(s->initial_ctx);
+  OPENSSL_free(s->tlsext_ecpointformatlist);
+  OPENSSL_free(s->tlsext_ellipticcurvelist);
+  OPENSSL_free(s->alpn_client_proto_list);
+  EVP_PKEY_free(s->tlsext_channel_id_private);
+  OPENSSL_free(s->psk_identity_hint);
+  sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
+  OPENSSL_free(s->next_proto_negotiated);
+  sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
 
   if (s->method != NULL) {
     s->method->ssl_free(s);
   }
-  if (s->ctx) {
-    SSL_CTX_free(s->ctx);
-  }
+  SSL_CTX_free(s->ctx);
 
   OPENSSL_free(s);
 }
@@ -640,10 +588,10 @@
     }
   }
 
-  if (s->rbio != NULL && s->rbio != rbio) {
+  if (s->rbio != rbio) {
     BIO_free_all(s->rbio);
   }
-  if (s->wbio != NULL && s->wbio != wbio && s->rbio != s->wbio) {
+  if (s->wbio != wbio && s->rbio != s->wbio) {
     BIO_free_all(s->wbio);
   }
   s->rbio = rbio;
@@ -1455,9 +1403,7 @@
   return sk;
 
 err:
-  if (sk != NULL) {
-    sk_SSL_CIPHER_free(sk);
-  }
+  sk_SSL_CIPHER_free(sk);
   return NULL;
 }
 
@@ -1645,10 +1591,7 @@
 
 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
                             unsigned protos_len) {
-  if (ctx->alpn_client_proto_list) {
-    OPENSSL_free(ctx->alpn_client_proto_list);
-  }
-
+  OPENSSL_free(ctx->alpn_client_proto_list);
   ctx->alpn_client_proto_list = BUF_memdup(protos, protos_len);
   if (!ctx->alpn_client_proto_list) {
     return 1;
@@ -1659,10 +1602,7 @@
 }
 
 int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) {
-  if (ssl->alpn_client_proto_list) {
-    OPENSSL_free(ssl->alpn_client_proto_list);
-  }
-
+  OPENSSL_free(ssl->alpn_client_proto_list);
   ssl->alpn_client_proto_list = BUF_memdup(protos, protos_len);
   if (!ssl->alpn_client_proto_list) {
     return 1;
@@ -1867,9 +1807,7 @@
 err:
   OPENSSL_PUT_ERROR(SSL, SSL_CTX_new, ERR_R_MALLOC_FAILURE);
 err2:
-  if (ret != NULL) {
-    SSL_CTX_free(ret);
-  }
+  SSL_CTX_free(ret);
   return NULL;
 }
 
@@ -1879,9 +1817,7 @@
     return;
   }
 
-  if (ctx->param) {
-    X509_VERIFY_PARAM_free(ctx->param);
-  }
+  X509_VERIFY_PARAM_free(ctx->param);
 
   /* Free internal session cache. However: the remove_cb() may reference the
    * ex_data of SSL_CTX, thus the ex_data store can only be removed after the
@@ -1889,57 +1825,25 @@
    * the session cache, the most secure solution seems to be: empty (flush) the
    * cache, then free ex_data, then finally free the cache. (See ticket
    * [openssl.org #212].) */
-  if (ctx->sessions != NULL) {
-    SSL_CTX_flush_sessions(ctx, 0);
-  }
+  SSL_CTX_flush_sessions(ctx, 0);
 
   CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data);
 
-  if (ctx->sessions != NULL) {
-    lh_SSL_SESSION_free(ctx->sessions);
-  }
-  if (ctx->cert_store != NULL) {
-    X509_STORE_free(ctx->cert_store);
-  }
-  if (ctx->cipher_list != NULL) {
-    ssl_cipher_preference_list_free(ctx->cipher_list);
-  }
-  if (ctx->cipher_list_by_id != NULL) {
-    sk_SSL_CIPHER_free(ctx->cipher_list_by_id);
-  }
-  if (ctx->cipher_list_tls11 != NULL) {
-    ssl_cipher_preference_list_free(ctx->cipher_list_tls11);
-  }
-  if (ctx->cert != NULL) {
-    ssl_cert_free(ctx->cert);
-  }
-  if (ctx->client_CA != NULL) {
-    sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free);
-  }
-  if (ctx->extra_certs != NULL) {
-    sk_X509_pop_free(ctx->extra_certs, X509_free);
-  }
-  if (ctx->srtp_profiles) {
-    sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
-  }
-  if (ctx->psk_identity_hint) {
-    OPENSSL_free(ctx->psk_identity_hint);
-  }
-  if (ctx->tlsext_ecpointformatlist) {
-    OPENSSL_free(ctx->tlsext_ecpointformatlist);
-  }
-  if (ctx->tlsext_ellipticcurvelist) {
-    OPENSSL_free(ctx->tlsext_ellipticcurvelist);
-  }
-  if (ctx->alpn_client_proto_list != NULL) {
-    OPENSSL_free(ctx->alpn_client_proto_list);
-  }
-  if (ctx->tlsext_channel_id_private) {
-    EVP_PKEY_free(ctx->tlsext_channel_id_private);
-  }
-  if (ctx->keylog_bio) {
-    BIO_free(ctx->keylog_bio);
-  }
+  lh_SSL_SESSION_free(ctx->sessions);
+  X509_STORE_free(ctx->cert_store);
+  ssl_cipher_preference_list_free(ctx->cipher_list);
+  sk_SSL_CIPHER_free(ctx->cipher_list_by_id);
+  ssl_cipher_preference_list_free(ctx->cipher_list_tls11);
+  ssl_cert_free(ctx->cert);
+  sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free);
+  sk_X509_pop_free(ctx->extra_certs, X509_free);
+  sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
+  OPENSSL_free(ctx->psk_identity_hint);
+  OPENSSL_free(ctx->tlsext_ecpointformatlist);
+  OPENSSL_free(ctx->tlsext_ellipticcurvelist);
+  OPENSSL_free(ctx->alpn_client_proto_list);
+  EVP_PKEY_free(ctx->tlsext_channel_id_private);
+  BIO_free(ctx->keylog_bio);
 
   OPENSSL_free(ctx);
 }
@@ -2487,15 +2391,11 @@
     ctx = ssl->initial_ctx;
   }
 
-  if (ssl->cert != NULL) {
-    ssl_cert_free(ssl->cert);
-  }
-
+  ssl_cert_free(ssl->cert);
   ssl->cert = ssl_cert_dup(ctx->cert);
+
   CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
-  if (ssl->ctx != NULL) {
-    SSL_CTX_free(ssl->ctx); /* decrement reference count */
-  }
+  SSL_CTX_free(ssl->ctx); /* decrement reference count */
   ssl->ctx = ctx;
 
   ssl->sid_ctx_length = ctx->sid_ctx_length;
@@ -2576,9 +2476,7 @@
 }
 
 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) {
-  if (ctx->cert_store != NULL) {
-    X509_STORE_free(ctx->cert_store);
-  }
+  X509_STORE_free(ctx->cert_store);
   ctx->cert_store = store;
 }
 
@@ -2626,9 +2524,7 @@
     return 0;
   }
 
-  if (ctx->psk_identity_hint != NULL) {
-    OPENSSL_free(ctx->psk_identity_hint);
-  }
+  OPENSSL_free(ctx->psk_identity_hint);
 
   if (identity_hint != NULL) {
     ctx->psk_identity_hint = BUF_strdup(identity_hint);
@@ -2654,10 +2550,8 @@
   }
 
   /* Clear currently configured hint, if any. */
-  if (s->psk_identity_hint != NULL) {
-    OPENSSL_free(s->psk_identity_hint);
-    s->psk_identity_hint = NULL;
-  }
+  OPENSSL_free(s->psk_identity_hint);
+  s->psk_identity_hint = NULL;
 
   if (identity_hint != NULL) {
     s->psk_identity_hint = BUF_strdup(identity_hint);
@@ -2740,9 +2634,7 @@
 }
 
 void SSL_CTX_set_keylog_bio(SSL_CTX *ctx, BIO *keylog_bio) {
-  if (ctx->keylog_bio != NULL) {
-    BIO_free(ctx->keylog_bio);
-  }
+  BIO_free(ctx->keylog_bio);
   ctx->keylog_bio = keylog_bio;
 }
 
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 45c9891..372748d 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -114,12 +114,8 @@
   ret = SSL_use_certificate(ssl, x);
 
 end:
-  if (x != NULL) {
-    X509_free(x);
-  }
-  if (in != NULL) {
-    BIO_free(in);
-  }
+  X509_free(x);
+  BIO_free(in);
 
   return ret;
 }
@@ -183,9 +179,7 @@
     }
   }
 
-  if (c->pkeys[i].privatekey != NULL) {
-    EVP_PKEY_free(c->pkeys[i].privatekey);
-  }
+  EVP_PKEY_free(c->pkeys[i].privatekey);
   c->pkeys[i].privatekey = EVP_PKEY_dup(pkey);
   c->key = &(c->pkeys[i]);
 
@@ -229,9 +223,7 @@
   RSA_free(rsa);
 
 end:
-  if (in != NULL) {
-    BIO_free(in);
-  }
+  BIO_free(in);
   return ret;
 }
 
@@ -300,9 +292,7 @@
   EVP_PKEY_free(pkey);
 
 end:
-  if (in != NULL) {
-    BIO_free(in);
-  }
+  BIO_free(in);
   return ret;
 }
 
@@ -367,9 +357,7 @@
 
   EVP_PKEY_free(pkey);
 
-  if (c->pkeys[i].x509 != NULL) {
-    X509_free(c->pkeys[i].x509);
-  }
+  X509_free(c->pkeys[i].x509);
   c->pkeys[i].x509 = X509_up_ref(x);
   c->key = &(c->pkeys[i]);
 
@@ -414,12 +402,8 @@
   ret = SSL_CTX_use_certificate(ctx, x);
 
 end:
-  if (x != NULL) {
-    X509_free(x);
-  }
-  if (in != NULL) {
-    BIO_free(in);
-  }
+  X509_free(x);
+  BIO_free(in);
   return ret;
 }
 
@@ -499,9 +483,7 @@
   RSA_free(rsa);
 
 end:
-  if (in != NULL) {
-    BIO_free(in);
-  }
+  BIO_free(in);
   return ret;
 }
 
@@ -567,9 +549,7 @@
   EVP_PKEY_free(pkey);
 
 end:
-  if (in != NULL) {
-    BIO_free(in);
-  }
+  BIO_free(in);
   return ret;
 }
 
@@ -660,11 +640,7 @@
   }
 
 end:
-  if (x != NULL) {
-    X509_free(x);
-  }
-  if (in != NULL) {
-    BIO_free(in);
-  }
+  X509_free(x);
+  BIO_free(in);
   return ret;
 }
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 75cc41f..f3f280c 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -272,10 +272,8 @@
     ss->timeout = s->initial_ctx->session_timeout;
   }
 
-  if (s->session != NULL) {
-    SSL_SESSION_free(s->session);
-    s->session = NULL;
-  }
+  SSL_SESSION_free(s->session);
+  s->session = NULL;
 
   if (session) {
     if (s->version == SSL3_VERSION || s->version == TLS1_VERSION ||
@@ -496,9 +494,7 @@
     goto err;
   }
 
-  if (s->session != NULL) {
-    SSL_SESSION_free(s->session);
-  }
+  SSL_SESSION_free(s->session);
   s->session = ret;
   s->verify_result = s->session->verify_result;
   return 1;
@@ -626,27 +622,13 @@
 
   OPENSSL_cleanse(session->master_key, sizeof(session->master_key));
   OPENSSL_cleanse(session->session_id, sizeof(session->session_id));
-  if (session->sess_cert != NULL) {
-    ssl_sess_cert_free(session->sess_cert);
-  }
-  if (session->peer != NULL) {
-    X509_free(session->peer);
-  }
-  if (session->tlsext_hostname != NULL) {
-    OPENSSL_free(session->tlsext_hostname);
-  }
-  if (session->tlsext_tick != NULL) {
-    OPENSSL_free(session->tlsext_tick);
-  }
-  if (session->tlsext_signed_cert_timestamp_list != NULL) {
-    OPENSSL_free(session->tlsext_signed_cert_timestamp_list);
-  }
-  if (session->ocsp_response != NULL) {
-    OPENSSL_free(session->ocsp_response);
-  }
-  if (session->psk_identity != NULL) {
-    OPENSSL_free(session->psk_identity);
-  }
+  ssl_sess_cert_free(session->sess_cert);
+  X509_free(session->peer);
+  OPENSSL_free(session->tlsext_hostname);
+  OPENSSL_free(session->tlsext_tick);
+  OPENSSL_free(session->tlsext_signed_cert_timestamp_list);
+  OPENSSL_free(session->ocsp_response);
+  OPENSSL_free(session->psk_identity);
   OPENSSL_cleanse(session, sizeof(*session));
   OPENSSL_free(session);
 }
@@ -656,9 +638,7 @@
     return 1;
   }
 
-  if (s->session != NULL) {
-    SSL_SESSION_free(s->session);
-  }
+  SSL_SESSION_free(s->session);
   s->session = session;
   if (session != NULL) {
     SSL_SESSION_up_ref(session);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1e495b3..4be839c 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -245,9 +245,7 @@
   ret = 1;
 
 done:
-  if (extension_types) {
-    OPENSSL_free(extension_types);
-  }
+  OPENSSL_free(extension_types);
   return ret;
 }
 
@@ -489,9 +487,7 @@
     }
   }
 
-  if (*out_curve_ids) {
-    OPENSSL_free(*out_curve_ids);
-  }
+  OPENSSL_free(*out_curve_ids);
   *out_curve_ids = curve_ids;
   *out_curve_ids_len = ncurves;
 
@@ -626,9 +622,7 @@
   ret = 1;
 
 done:
-  if (pkey) {
-    EVP_PKEY_free(pkey);
-  }
+  EVP_PKEY_free(pkey);
   return ret;
 }
 
@@ -1346,9 +1340,7 @@
       s, &selected, &selected_len, CBS_data(&protocol_name_list),
       CBS_len(&protocol_name_list), s->ctx->alpn_select_cb_arg);
   if (r == SSL_TLSEXT_ERR_OK) {
-    if (s->s3->alpn_selected) {
-      OPENSSL_free(s->s3->alpn_selected);
-    }
+    OPENSSL_free(s->s3->alpn_selected);
     s->s3->alpn_selected = BUF_memdup(selected, selected_len);
     if (!s->s3->alpn_selected) {
       *out_alert = SSL_AD_INTERNAL_ERROR;
@@ -1374,37 +1366,27 @@
   s->s3->tmp.certificate_status_expected = 0;
   s->s3->tmp.extended_master_secret = 0;
 
-  if (s->s3->alpn_selected) {
-    OPENSSL_free(s->s3->alpn_selected);
-    s->s3->alpn_selected = NULL;
-  }
+  OPENSSL_free(s->s3->alpn_selected);
+  s->s3->alpn_selected = NULL;
 
   /* Clear any signature algorithms extension received */
-  if (s->cert->peer_sigalgs) {
-    OPENSSL_free(s->cert->peer_sigalgs);
-    s->cert->peer_sigalgs = NULL;
-    s->cert->peer_sigalgslen = 0;
-  }
+  OPENSSL_free(s->cert->peer_sigalgs);
+  s->cert->peer_sigalgs = NULL;
+  s->cert->peer_sigalgslen = 0;
 
   /* Clear any shared signature algorithms */
-  if (s->cert->shared_sigalgs) {
-    OPENSSL_free(s->cert->shared_sigalgs);
-    s->cert->shared_sigalgs = NULL;
-    s->cert->shared_sigalgslen = 0;
-  }
+  OPENSSL_free(s->cert->shared_sigalgs);
+  s->cert->shared_sigalgs = NULL;
+  s->cert->shared_sigalgslen = 0;
 
   /* Clear ECC extensions */
-  if (s->s3->tmp.peer_ecpointformatlist != 0) {
-    OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);
-    s->s3->tmp.peer_ecpointformatlist = NULL;
-    s->s3->tmp.peer_ecpointformatlist_length = 0;
-  }
+  OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);
+  s->s3->tmp.peer_ecpointformatlist = NULL;
+  s->s3->tmp.peer_ecpointformatlist_length = 0;
 
-  if (s->s3->tmp.peer_ellipticcurvelist != 0) {
-    OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);
-    s->s3->tmp.peer_ellipticcurvelist = NULL;
-    s->s3->tmp.peer_ellipticcurvelist_length = 0;
-  }
+  OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);
+  s->s3->tmp.peer_ellipticcurvelist = NULL;
+  s->s3->tmp.peer_ellipticcurvelist_length = 0;
 
   /* There may be no extensions. */
   if (CBS_len(cbs) == 0) {
@@ -1546,10 +1528,8 @@
         return 0;
       }
 
-      if (s->s3->tmp.peer_ellipticcurvelist) {
-        OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);
-        s->s3->tmp.peer_ellipticcurvelist_length = 0;
-      }
+      OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);
+      s->s3->tmp.peer_ellipticcurvelist_length = 0;
 
       s->s3->tmp.peer_ellipticcurvelist =
           (uint16_t *)OPENSSL_malloc(CBS_len(&elliptic_curve_list));
@@ -1731,17 +1711,13 @@
   s->s3->tmp.extended_master_secret = 0;
   s->srtp_profile = NULL;
 
-  if (s->s3->alpn_selected) {
-    OPENSSL_free(s->s3->alpn_selected);
-    s->s3->alpn_selected = NULL;
-  }
+  OPENSSL_free(s->s3->alpn_selected);
+  s->s3->alpn_selected = NULL;
 
   /* Clear ECC extensions */
-  if (s->s3->tmp.peer_ecpointformatlist != 0) {
-    OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);
-    s->s3->tmp.peer_ecpointformatlist = NULL;
-    s->s3->tmp.peer_ecpointformatlist_length = 0;
-  }
+  OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);
+  s->s3->tmp.peer_ecpointformatlist = NULL;
+  s->s3->tmp.peer_ecpointformatlist_length = 0;
 
   /* There may be no extensions. */
   if (CBS_len(cbs) == 0) {
@@ -2424,11 +2400,9 @@
   TLS_SIGALGS *salgs = NULL;
   CERT *c = s->cert;
 
-  if (c->shared_sigalgs) {
-    OPENSSL_free(c->shared_sigalgs);
-    c->shared_sigalgs = NULL;
-    c->shared_sigalgslen = 0;
-  }
+  OPENSSL_free(c->shared_sigalgs);
+  c->shared_sigalgs = NULL;
+  c->shared_sigalgslen = 0;
 
   /* If client use client signature algorithms if not NULL */
   if (!s->server && c->client_sigalgs) {
@@ -2662,15 +2636,11 @@
   }
 
   if (client) {
-    if (c->client_sigalgs) {
-      OPENSSL_free(c->client_sigalgs);
-    }
+    OPENSSL_free(c->client_sigalgs);
     c->client_sigalgs = sigalgs;
     c->client_sigalgslen = salglen;
   } else {
-    if (c->conf_sigalgs) {
-      OPENSSL_free(c->conf_sigalgs);
-    }
+    OPENSSL_free(c->conf_sigalgs);
     c->conf_sigalgs = sigalgs;
     c->conf_sigalgslen = salglen;
   }