Should `s2n_dh_params_free(NULL)` fail?

[SaswatPadhi]

Problem:

Currently, s2n_dh_params_free(NULL) fails because we POSIX_ENSURE_REF(dh_params):

s2n-tls/crypto/s2n_dhe.c

Lines 332 to 339 in fe8df74

	int s2n_dh_params_free(struct s2n_dh_params *dh_params)
	{
	POSIX_ENSURE_REF(dh_params);
	DH_free(dh_params->dh);
	dh_params->dh = NULL;
	return S2N_SUCCESS;
	}

Should it fail, or should it be a no-op, i.e., if(!dh_params) return S2N_SUCCESS;?

Solution:

Either behavior makes sense. This is a design choice for the implementation.
IMO, it should be a no-op, just like free(NULL).

The question was raised by @lrstewart @ 2792#discussion_r626751292.

• Does this change what S2N sends over the wire? Not sure
• Does this change any public APIs? Not sure
• Which versions of TLS will this impact? Not sure

Requirements / Acceptance Criteria:

• RFC links: N/A
• Related Issues: Formally verify no memory leaks in hash functions #2792
• Will the Usage Guide or other documentation need to be updated? Not sure
• Testing: Not sure
  • Will this change trigger SAW changes? Not sure
  • Should this change be fuzz tested? No

Out of scope:

N/A