Require that FOO_free functions do nothing on NULL.

This is consistent with C's free function and upstream's convention.

Change-Id: I83f6e2f5824e28f69a9916e580dc2d8cb3b94234
Reviewed-on: https://boringssl-review.googlesource.com/4512
Reviewed-by: Adam Langley <agl@google.com>

STYLE

@@ -105,7 +105,8 @@ type.
 Some types are allocated within the library while others are
 initialized into a struct allocated by the caller, often on the
 stack. Name these functions TYPE_NAME_new/TYPE_NAME_free and
-TYPE_NAME_init/TYPE_NAME_cleanup, respectively.
+TYPE_NAME_init/TYPE_NAME_cleanup, respectively. All TYPE_NAME_free
+functions must do nothing on NULL input.
 
 If a variable is the length of a pointer value, it has the suffix
 _len. An output parameter is named out or has an out_ prefix. For

crypto/x509/x509_vpm.c

@@ -185,6 +185,8 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
 
 void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
 	{
+	if (param == NULL)
+		return;
 	x509_verify_param_zero(param);
 	OPENSSL_free(param->id);
 	OPENSSL_free(param);

ssl/d1_both.c

@@ -196,6 +196,9 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
 }
 
 void dtls1_hm_fragment_free(hm_fragment *frag) {
+  if (frag == NULL) {
+    return;
+  }
   if (frag->fragment) {
     OPENSSL_free(frag->fragment);
   }

ssl/ssl_lib.c

@@ -460,6 +460,9 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) {
 
 void ssl_cipher_preference_list_free(
     struct ssl_cipher_preference_list_st *cipher_list) {
+  if (cipher_list == NULL) {
+    return;
+  }
   sk_SSL_CIPHER_free(cipher_list->ciphers);
   OPENSSL_free(cipher_list->in_group_flags);
   OPENSSL_free(cipher_list);