From 91d3b685dcd805ced1453c551ad315eb3173eab1 Mon Sep 17 00:00:00 2001
From: Michal Rokos <m.rokos@sh.cvut.cz>
Date: Fri, 21 Dec 2001 20:10:12 +0000
Subject: 	* Memory checking

---
 ChangeLog          |   5 ++-
 openssl_missing.c  |   5 +--
 ossl.c             |  26 ++++----------
 ossl.h             |  24 +++++++++----
 ossl_bn.c          | 102 +++++++++++++++++++++++++++++------------------------
 ossl_cipher.c      |  11 ++++++
 ossl_config.c      |   4 +--
 ossl_digest.c      |  26 ++++++++------
 ossl_hmac.c        |  10 +++---
 ossl_ns_spki.c     |  10 ++++--
 ossl_pkcs7.c       |  31 +++++++++-------
 ossl_pkey.c        |   2 ++
 ossl_pkey_dsa.c    |  56 +++++++++++++++++++++--------
 ossl_pkey_rsa.c    |  73 ++++++++++++++++++++++++++------------
 ossl_rand.c        |   5 ++-
 ossl_ssl.c         |   6 ++--
 ossl_x509.c        |  63 ++++++++++++++++++++++++---------
 ossl_x509attr.c    |  35 ++++++++++++++----
 ossl_x509crl.c     |  21 +++++++----
 ossl_x509ext.c     |  37 +++++++++++++++----
 ossl_x509name.c    |  33 +++++++++++++----
 ossl_x509req.c     |  60 ++++++++++++++++++++++---------
 ossl_x509revoked.c |  47 ++++++++++++++++++------
 ossl_x509store.c   |  24 ++++++++-----
 24 files changed, 486 insertions(+), 230 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ce1964f..11e74c9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,11 +4,14 @@ Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz>
 All rights reserved.
 
 $Log$
+Revision 1.13  2001/12/21 20:10:12  majkl
+	* Memory checking
+
 Revision 1.12  2001/12/21 19:21:35  gotoyuzo
 	* fixed unusual usage of ## preprocessing token sequence.
 
 Revision 1.11  2001/12/13 18:08:58  majkl
-	* added bn methods (thanks to UNKNOWN <oss-ruby@technorama.net>
+	* added bn methods (thanks to UNKNOWN <oss-ruby@technorama.net>)
 	* simplify ossl_digest sources
 
 Revision 1.10  2001/11/29 13:17:24  majkl
diff --git a/openssl_missing.c b/openssl_missing.c
index 577e1e0..41ff5fe 100644
--- a/openssl_missing.c
+++ b/openssl_missing.c
@@ -8,11 +8,12 @@
  * This program is licenced under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
+#ifndef NO_HMAC
+
 #include <openssl/hmac.h>
 #include "openssl_missing.h"
 
 /* to hmac.[ch] */
-#ifndef NO_HMAC
 int
 HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
 {
@@ -20,10 +21,10 @@ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
         	/* HMACerr(HMAC_CTX_COPY,HMAC_R_INPUT_NOT_INITIALIZED); */
         	return 0;
     	}
-
 	memcpy(out, in, sizeof(HMAC_CTX));
 
 	return 1;
 }
+
 #endif
 
diff --git a/ossl.c b/ossl.c
index 8e2cf57..91bd921 100644
--- a/ossl.c
+++ b/ossl.c
@@ -11,6 +11,9 @@
 #include <openssl/err.h>
 #include "ossl.h"
 
+/*
+ * Check Types
+ */
 void ossl_check_type(VALUE obj, VALUE klass)
 {
 	if (rb_obj_is_kind_of(obj, klass) == Qfalse) {
@@ -20,24 +23,7 @@ void ossl_check_type(VALUE obj, VALUE klass)
 }
 
 /*
- * Debug prints
-#ifdef OSSL_DEBUG
-inline char *ossl_error() {
-	char *ret = NULL, *err = NULL;
-	int ret_len = 0;
-	
-	err = ERR_error_string(ERR_get_error(), NULL);
-	ret_len = strlen(err)+strlen(__FILE__)+(sizeof(__LINE__)*3)+5;
-	ret = malloc(ret_len+1);
-	if (snprintf(ret, ret_len, "%s [%s:%d]", err, __FILE__, __LINE__) > ret_len) {
-		rb_bug("BUFFER OVERFLOW IN ossl_error());
-	}
-
-	return ret;
-}
-#else
-#define ossl_error() ERR_error_string(ERR_get_error(), NULL)
-#endif
+ * Error messages
  */
 char *ossl_error(void)
 {
@@ -46,6 +32,7 @@ char *ossl_error(void)
 
 /*
  * On Windows platform there is no strptime function
+ * implementation in strptime.c
  */
 #ifndef HAVE_STRPTIME
 char *strptime(char *buf, char *fmt, struct tm *tm);
@@ -88,7 +75,8 @@ VALUE mPKCS7;
 /*
  * OSSL library init
  */
-void Init_openssl()
+void
+Init_openssl()
 {
 	OpenSSL_add_all_algorithms();
 	ERR_load_crypto_strings();
diff --git a/ossl.h b/ossl.h
index 04a9bb5..258eafe 100644
--- a/ossl.h
+++ b/ossl.h
@@ -137,7 +137,8 @@ void Init_ossl_digest(VALUE);
 /*
  * X509
  */
-VALUE ossl_x509_new2(X509 *);
+VALUE ossl_x509_new_null(void);
+VALUE ossl_x509_new(X509 *);
 VALUE ossl_x509_new_from_file(VALUE);
 X509 *ossl_x509_get_X509(VALUE);
 void Init_ossl_x509(VALUE);
@@ -151,42 +152,47 @@ void Init_ossl_x509crl(VALUE);
 /*
  * X509Name
  */
-VALUE ossl_x509name_new2(X509_NAME *);
+VALUE ossl_x509name_new_null(void);
+VALUE ossl_x509name_new(X509_NAME *);
 X509_NAME *ossl_x509name_get_X509_NAME(VALUE);
 void Init_ossl_x509name(VALUE);
 
 /*
  * X509Request
  */
-VALUE ossl_x509req_new2(X509_REQ *);
+VALUE ossl_x509req_new_null(void);
+VALUE ossl_x509req_new(X509_REQ *);
 X509_REQ *ossl_x509req_get_X509_REQ(VALUE);
 void Init_ossl_x509req(VALUE);
 
 /*
  * X509Revoked
  */
-VALUE ossl_x509revoked_new2(X509_REVOKED *);
+VALUE ossl_x509revoked_new_null(void);
+VALUE ossl_x509revoked_new(X509_REVOKED *);
 X509_REVOKED *ossl_x509revoked_get_X509_REVOKED(VALUE);
 void Init_ossl_x509revoked(VALUE);
 
 /*
  * X509Store
  */
-VALUE ossl_x509store_new2(X509_STORE_CTX *);
+VALUE ossl_x509store_new(X509_STORE_CTX *);
 X509_STORE *ossl_x509store_get_X509_STORE(VALUE);
 void Init_ossl_x509store(VALUE);
 
 /*
  * X509Extension
  */
-VALUE ossl_x509ext_new2(X509_EXTENSION *);
+VALUE ossl_x509ext_new_null(void);
+VALUE ossl_x509ext_new(X509_EXTENSION *);
 X509_EXTENSION *ossl_x509ext_get_X509_EXTENSION(VALUE);
 void Init_ossl_x509ext(VALUE);
 
 /*
  * X509Attribute
  */
-VALUE ossl_x509attr_new2(X509_ATTRIBUTE *);
+VALUE ossl_x509attr_new_null(void);
+VALUE ossl_x509attr_new(X509_ATTRIBUTE *);
 X509_ATTRIBUTE *ossl_x509attr_get_X509_ATTRIBUTE(VALUE);
 void Init_ossl_x509attr(VALUE);
 
@@ -218,19 +224,23 @@ void Init_ossl_pkey(VALUE);
 /*
  * RSA
  */
+#ifndef NO_RSA
 VALUE ossl_rsa_new_null();
 VALUE ossl_rsa_new(RSA *);
 RSA *ossl_rsa_get_RSA(VALUE);
 EVP_PKEY *ossl_rsa_get_EVP_PKEY(VALUE);
+#endif
 void Init_ossl_rsa(VALUE, VALUE, VALUE);
 
 /*
  * DSA
  */
+#ifndef NO_DSA
 VALUE ossl_dsa_new_null();
 VALUE ossl_dsa_new(DSA *);
 DSA *ossl_dsa_get_DSA(VALUE);
 EVP_PKEY *ossl_dsa_get_EVP_PKEY(VALUE);
+#endif
 void Init_ossl_dsa(VALUE, VALUE, VALUE);
 
 /*
diff --git a/ossl_bn.c b/ossl_bn.c
index 02aae14..a9b3caa 100644
--- a/ossl_bn.c
+++ b/ossl_bn.c
@@ -1,7 +1,7 @@
 /*
  * $Id$
  * 'OpenSSL for Ruby' project
- * Copyright (C) 2001 <oss-ruby@technorama.net>
+ * Copyright (C) 2001 UNKNOWN <oss-ruby@technorama.net>
  * All rights reserved.
  */
 /*
@@ -14,6 +14,7 @@
 #define MakeBN(obj, bnp) {\
 	obj = Data_Make_Struct(cBN, ossl_bn, 0, ossl_bn_free, bnp);\
 }
+
 #define GetBN_unsafe(obj, bnp) Data_Get_Struct(obj, ossl_bn, bnp)
 #define GetBN(obj, bnp) {\
 	GetBN_unsafe(obj, bnp);\
@@ -84,6 +85,7 @@ ossl_bn_get_BIGNUM(VALUE obj)
 	ossl_bn *bnp = NULL;
 	BIGNUM *bn = NULL;
 	
+	OSSL_Check_Type(obj, cBN);
 	GetBN(obj, bnp);
 
 	if (!(bn = BN_dup(bnp->bignum))) {
@@ -96,6 +98,19 @@ ossl_bn_get_BIGNUM(VALUE obj)
 /*
  * Private
  */
+VALUE
+ossl_bn_new_nodup(BIGNUM *bn)
+{
+	ossl_bn *bnp = NULL;
+	VALUE obj;
+
+	MakeBN(obj, bnp);
+	
+	bnp->bignum = bn;
+
+	return obj;
+}
+
 static VALUE
 ossl_bn_s_new(int argc, VALUE *argv, VALUE klass)
 {
@@ -145,7 +160,7 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
 			str = number;
 			break;
 		default:
-			rb_raise(eBNError, "unsupported argument (%s)", rb_class2name(CLASS_OF(number)));
+			rb_raise(rb_eTypeError, "unsupported argument (%s)", rb_class2name(CLASS_OF(number)));
 	}
 
 	if (!BN_dec2bn(&bn, RSTRING(str)->ptr)) {
@@ -199,7 +214,6 @@ BIGNUM_BOOL1(is_odd);
 		ossl_bn *bnp = NULL;							\
 		BIGNUM *result = NULL;							\
 		BN_CTX ctx;								\
-		VALUE obj;								\
 											\
 		GetBN(self, bnp);							\
 											\
@@ -207,13 +221,12 @@ BIGNUM_BOOL1(is_odd);
 			rb_raise(eBNError, "%s", ossl_error());				\
 											\
 		BN_CTX_init(&ctx);							\
-		if (BN_##func(result, bnp->bignum, &ctx) != 1)			\
+		if (BN_##func(result, bnp->bignum, &ctx) != 1) {			\
+			BN_free(result);						\
 			rb_raise(eBNError, "%s", ossl_error());				\
+		}									\
 											\
-		obj = ossl_bn_new(result);						\
-		BN_free(result);							\
-											\
-		return obj;								\
+		return ossl_bn_new_nodup(result);					\
 	}
 BIGNUM_1c(sqr);
 
@@ -224,7 +237,6 @@ BIGNUM_1c(sqr);
 		ossl_bn *bn1p = NULL;							\
 		ossl_bn *bn2p = NULL;							\
 		BIGNUM *result = NULL;							\
-		VALUE obj;								\
 											\
 		GetBN(self, bn1p);							\
 											\
@@ -234,25 +246,23 @@ BIGNUM_1c(sqr);
 		if (!(result = BN_new()))						\
 			rb_raise(eBNError, "%s", ossl_error());				\
 											\
-		if (BN_##func(result, bn1p->bignum, bn2p->bignum) != 1)			\
+		if (BN_##func(result, bn1p->bignum, bn2p->bignum) != 1) {		\
+			BN_free(result);						\
 			rb_raise(eBNError, "%s", ossl_error());				\
+		}									\
 											\
-		obj = ossl_bn_new(result);						\
-		BN_free(result);							\
-											\
-		return obj;								\
+		return ossl_bn_new_nodup(result);					\
 	}
 BIGNUM_2(add);
 BIGNUM_2(sub);
 
 #define BIGNUM_2c(func)									\
 	static VALUE									\
-	ossl_bn_##func(VALUE self, VALUE other)					\
+	ossl_bn_##func(VALUE self, VALUE other)						\
 	{										\
 		ossl_bn *bn1p = NULL, *bn2p = NULL;					\
 		BIGNUM *result = NULL;							\
 		BN_CTX ctx;								\
-		VALUE obj;								\
 											\
 		GetBN(self, bn1p);							\
 											\
@@ -263,13 +273,12 @@ BIGNUM_2(sub);
 			rb_raise(eBNError, "%s", ossl_error());				\
 											\
 		BN_CTX_init(&ctx);							\
-		if (BN_##func(result, bn1p->bignum, bn2p->bignum, &ctx) != 1)		\
+		if (BN_##func(result, bn1p->bignum, bn2p->bignum, &ctx) != 1) {	\
+			BN_free(result);						\
 			rb_raise(eBNError, "%s", ossl_error());				\
+		}									\
 											\
-		obj = ossl_bn_new(result);						\
-		BN_free(result);							\
-											\
-		return obj;								\
+		return ossl_bn_new_nodup(result);					\
 	}
 BIGNUM_2c(mul);
 BIGNUM_2c(mod);
@@ -289,17 +298,22 @@ ossl_bn_div(VALUE self, VALUE other)
 	OSSL_Check_Type(other, cBN);
 	GetBN(other, bn2p);
 	
-	if ((r1 = BN_new()) == NULL || (r2 = BN_new()) == NULL)
+	if (!(r1 = BN_new()))
 		rb_raise(eBNError, "%s", ossl_error());
+	if (!(r2 = BN_new())) {
+		BN_free(r1);
+		rb_raise(eBNError, "%s", ossl_error());
+	}
 	
 	BN_CTX_init(&ctx);
-	if (BN_div(r1, r2, bn1p->bignum, bn2p->bignum, &ctx) != 1)
+	if (BN_div(r1, r2, bn1p->bignum, bn2p->bignum, &ctx) != 1) {
+		BN_free(r1);
+		BN_free(r2);
 		rb_raise(eBNError, "%s", ossl_error());
+	}
 
-	obj1 = ossl_bn_new(r1);
-	BN_free(r1);
-	obj2 = ossl_bn_new(r2);
-	BN_free(r2);
+	obj1 = ossl_bn_new_nodup(r1);
+	obj2 = ossl_bn_new_nodup(r2);
 	
 	return rb_ary_new3(2, obj1, obj2);
 }
@@ -310,7 +324,6 @@ ossl_bn_mod_inverse(VALUE self, VALUE other)
 	ossl_bn *bn1p = NULL, *bn2p = NULL;
 	BIGNUM *result = NULL;
 	BN_CTX ctx;
-	VALUE obj;
 
 	GetBN(self, bn1p);
 
@@ -321,23 +334,21 @@ ossl_bn_mod_inverse(VALUE self, VALUE other)
 		rb_raise(eBNError, "%s", ossl_error());
 	
 	BN_CTX_init(&ctx);
-	if (BN_mod_inverse(result, bn1p->bignum, bn2p->bignum, &ctx) == NULL)
+	if (BN_mod_inverse(result, bn1p->bignum, bn2p->bignum, &ctx) == NULL) {
+		BN_free(result);
 		rb_raise(eBNError, "%s", ossl_error());
+	}
 
-	obj = ossl_bn_new(result);
-	BN_free(result);
-	
-	return obj;
+	return ossl_bn_new_nodup(result);
 }
 
 #define BIGNUM_3c(func)									\
 	static VALUE									\
-	ossl_bn_##func(VALUE self, VALUE other1, VALUE other2)			\
+	ossl_bn_##func(VALUE self, VALUE other1, VALUE other2)				\
 	{										\
 		ossl_bn *bn1p = NULL, *bn2p = NULL, *bn3p = NULL;			\
 		BIGNUM *result = NULL;							\
 		BN_CTX ctx;								\
-		VALUE obj;								\
 											\
 		GetBN(self, bn1p);							\
 											\
@@ -350,13 +361,12 @@ ossl_bn_mod_inverse(VALUE self, VALUE other)
 			rb_raise(eBNError, "%s", ossl_error());				\
 											\
 		BN_CTX_init(&ctx);							\
-		if (BN_##func(result, bn1p->bignum, bn2p->bignum, bn3p->bignum, &ctx) != 1)	\
+		if (BN_##func(result, bn1p->bignum, bn2p->bignum, bn3p->bignum, &ctx) != 1) {	\
+			BN_free(result);						\
 			rb_raise(eBNError, "%s", ossl_error());				\
+		}									\
 											\
-		obj = ossl_bn_new(result);						\
-		BN_free(result);							\
-											\
-		return obj;								\
+		return ossl_bn_new_nodup(result);					\
 	}
 BIGNUM_3c(mod_mul);
 BIGNUM_3c(mod_exp);
@@ -405,24 +415,22 @@ ossl_bn_mask_bits(VALUE self, VALUE bit)
 
 #define BIGNUM_SHIFT(func)								\
 	static VALUE									\
-	ossl_bn_##func(VALUE self, VALUE bits)					\
+	ossl_bn_##func(VALUE self, VALUE bits)						\
 	{										\
 		ossl_bn *bnp = NULL;							\
 		BIGNUM *result = NULL;							\
-		VALUE obj;								\
 											\
 		GetBN(self, bnp);							\
 											\
 		if (!(result = BN_new()))						\
 			rb_raise(eBNError, "%s", ossl_error());				\
 											\
-		if (BN_##func(result, bnp->bignum, NUM2INT(bits)) != 1)		\
+		if (BN_##func(result, bnp->bignum, NUM2INT(bits)) != 1) {		\
+			BN_free(result);						\
 			rb_raise(eBNError, "%s", ossl_error());				\
+		}									\
 											\
-		obj = ossl_bn_new(result);						\
-		BN_free(result);							\
-											\
-		return obj;								\
+		return ossl_bn_new_nodup(result);					\
 	}
 BIGNUM_SHIFT(lshift);
 BIGNUM_SHIFT(rshift);
diff --git a/ossl_cipher.c b/ossl_cipher.c
index 882149c..0c28d34 100644
--- a/ossl_cipher.c
+++ b/ossl_cipher.c
@@ -58,6 +58,7 @@ ossl_cipher_free(ossl_cipher *ciphp)
 {
 	if (ciphp) {
 		if (ciphp->ctx) OPENSSL_free(ciphp->ctx);
+		ciphp->ctx = NULL;
 		free(ciphp);
 	}
 }
@@ -70,6 +71,8 @@ ossl_cipher_get_NID(VALUE obj)
 {
 	ossl_cipher *ciphp = NULL;
 
+	OSSL_Check_Type(obj, cCipher);
+
 	GetCipher(obj, ciphp);
 
 	return ciphp->nid; /*EVP_CIPHER_CTX_nid(ciphp->ctx);*/
@@ -80,6 +83,8 @@ ossl_cipher_get_EVP_CIPHER(VALUE obj)
 {
 	ossl_cipher *ciphp = NULL;
 
+	OSSL_Check_Type(obj, cCipher);
+
 	GetCipher(obj, ciphp);
 
 	return EVP_get_cipherbynid(ciphp->nid); /*EVP_CIPHER_CTX_cipher(ciphp->ctx);*/
@@ -120,6 +125,7 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
 	rb_scan_args(argc, argv, "11", &pass, &init_v);
 	
 	Check_SafeStr(pass);
+
 	if (NIL_P(init_v)) {
 		/*
 		 * TODO:
@@ -174,7 +180,9 @@ ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self)
 	EVP_CIPHER_CTX_init(ciphp->ctx);
 
 	cipher = EVP_get_cipherbynid(ciphp->nid);
+	
 	/*if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0); /* cipher = CIPHER_INFO */
+
 	EVP_BytesToKey(cipher, EVP_md5(), iv, RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
 	
 	if (!EVP_DecryptInit(ciphp->ctx, cipher, key, iv)) {
@@ -193,6 +201,7 @@ ossl_cipher_update(VALUE self, VALUE data)
 	VALUE str;
 
 	GetCipher(self, ciphp);
+
 	Check_SafeStr(data);
 	in = RSTRING(data)->ptr;
 	in_len = RSTRING(data)->len;
@@ -201,6 +210,7 @@ ossl_cipher_update(VALUE self, VALUE data)
 		rb_raise(eCipherError, "%s", ossl_error());
 	}
 	if (!EVP_CipherUpdate(ciphp->ctx, out, &out_len, in, in_len)) {
+		OPENSSL_free(out);
 		rb_raise(eCipherError, "%s", ossl_error());
 	}
 	
@@ -225,6 +235,7 @@ ossl_cipher_cipher(VALUE self)
 		rb_raise(eCipherError, "%s", ossl_error());
 	}
 	if (!EVP_CipherFinal(ciphp->ctx, out, &out_len)) {
+		OPENSSL_free(out);
 		rb_raise(eCipherError, "%s", ossl_error());
 	}
 	str = rb_str_new(out, out_len);
diff --git a/ossl_config.c b/ossl_config.c
index 6713a93..50f6ed0 100644
--- a/ossl_config.c
+++ b/ossl_config.c
@@ -43,8 +43,8 @@ static void
 ossl_config_free(ossl_config *configp)
 {
 	if (configp) {
-		if (configp->config)
-			CONF_free(configp->config);
+		if (configp->config) CONF_free(configp->config);
+		configp->config = NULL;
 		free(configp);
 	}
 }
diff --git a/ossl_digest.c b/ossl_digest.c
index d744d39..f2013c6 100644
--- a/ossl_digest.c
+++ b/ossl_digest.c
@@ -34,6 +34,7 @@ ossl_digest_free(ossl_digest *digestp)
 {
 	if (digestp) {
 		if (digestp->md) OPENSSL_free(digestp->md);
+		digestp->md = NULL;
 		free(digestp);
 	}
 }
@@ -46,6 +47,8 @@ ossl_digest_get_NID(VALUE obj)
 {
 	ossl_digest *digestp = NULL;
 	
+	OSSL_Check_Type(obj, cDigest);
+
 	GetDigest(obj, digestp);
 
 	return EVP_MD_CTX_type(digestp->md); /*== digestp->md->digest->type*/
@@ -56,6 +59,8 @@ ossl_digest_get_EVP_MD(VALUE obj)
 {
 	ossl_digest *digestp = NULL;
 
+	OSSL_Check_Type(obj, cDigest);
+
 	GetDigest(obj, digestp);
 
 	return EVP_MD_CTX_md(digestp->md); /*== digestp->md->digest*/
@@ -107,13 +112,13 @@ ossl_digest_digest(VALUE self)
 		rb_raise(eDigestError, "%s", ossl_error());
 	}
 
-	if (!(digest_txt = malloc(EVP_MD_CTX_size(&final)))) {
+	if (!(digest_txt = OPENSSL_malloc(EVP_MD_CTX_size(&final)))) {
 		rb_raise(eDigestError, "Cannot allocate memory for digest");
 	}
 	EVP_DigestFinal(&final, digest_txt, &digest_len);
 
 	digest = rb_str_new(digest_txt, digest_len);
-	free(digest_txt);
+	OPENSSL_free(digest_txt);
 	
 	return digest;
 }
@@ -137,12 +142,13 @@ ossl_digest_hexdigest(VALUE self)
 		rb_raise(eDigestError, "%s", ossl_error());
 	}
 
-	if (!(digest_txt = malloc(EVP_MD_CTX_size(&final)))) {
+	if (!(digest_txt = OPENSSL_malloc(EVP_MD_CTX_size(&final)))) {
 		rb_raise(eDigestError, "Cannot allocate memory for digest");
 	}
 	EVP_DigestFinal(&final, digest_txt, &digest_len);
 
-	if (!(hexdigest_txt = malloc(2*digest_len+1))) {
+	if (!(hexdigest_txt = OPENSSL_malloc(2*digest_len+1))) {
+		OPENSSL_free(digest_txt);
 		rb_raise(eDigestError, "Memory alloc error");
 	}
 	for (i = 0; i < digest_len; i++) {
@@ -151,8 +157,8 @@ ossl_digest_hexdigest(VALUE self)
 	}
 	hexdigest_txt[i + i] = '\0';
 	hexdigest = rb_str_new(hexdigest_txt, 2*digest_len);
-	free(digest_txt);
-	free(hexdigest_txt);
+	OPENSSL_free(digest_txt);
+	OPENSSL_free(hexdigest_txt);
 
 	return hexdigest;
 }
@@ -175,15 +181,15 @@ ossl_digest_hexdigest(VALUE self)
 		rb_raise(eDigestError, "%s", ossl_error());
 	}
 
-	if (!(digest_txt = malloc(EVP_MD_CTX_size(&final)))) {
+	if (!(digest_txt = OPENSSL_malloc(EVP_MD_CTX_size(&final)))) {
 		rb_raise(eDigestError, "Cannot allocate memory for digest");
 	}
 	EVP_DigestFinal(&final, digest_txt, &digest_len);
 
 	hexdigest_txt = hex_to_string(digest_txt, digest_len);
 	hexdigest = rb_str_new2(hexdigest_txt);
-	free(digest_txt);
-	free(hexdigest_txt);
+	OPENSSL_free(digest_txt);
+	OPENSSL_free(hexdigest_txt);
 
 	return hexdigest;
 }
@@ -264,7 +270,7 @@ Init_ossl_digest(VALUE module)
  * automation for classes creation and initialize method binding
  */
 #define DefDigest(name, func) 							\
-	c##name = rb_define_class_under(module, #name, cDigest);			\
+	c##name = rb_define_class_under(module, #name, cDigest);		\
 	rb_define_method(c##name, "initialize", ossl_##func##_initialize, -1)
 
 /*
diff --git a/ossl_hmac.c b/ossl_hmac.c
index b56beb8..c69c7e7 100644
--- a/ossl_hmac.c
+++ b/ossl_hmac.c
@@ -34,8 +34,8 @@ static void
 ossl_hmac_free(ossl_hmac *hmacp)
 {
 	if (hmacp) {
-		if (hmacp->hmac)
-			OPENSSL_free(hmacp->hmac);
+		if (hmacp->hmac) OPENSSL_free(hmacp->hmac);
+		hmacp->hmac = NULL;
 		free(hmacp);
 	}
 }
@@ -179,13 +179,13 @@ Init_hmac(VALUE module)
 	rb_define_alias(cHMAC, "to_str", "hexhmac");
 }
 
-#else
+#else /* NO_HMAC is defined */
 
 void
 Init_hmac(VALUE module)
 {
-	rb_warning("HMAC will NOT be avaible: OpenSSL is compiled without HMAC");
+	rb_warning("HMAC will NOT be avaible: OpenSSL is compiled without HMAC.");
 }
 
-#endif
+#endif /* NO_HMAC */
 
diff --git a/ossl_ns_spki.c b/ossl_ns_spki.c
index 1f5a533..fed52b3 100644
--- a/ossl_ns_spki.c
+++ b/ossl_ns_spki.c
@@ -33,6 +33,7 @@ ossl_spki_free(ossl_spki *spkip)
 {
 	if(spkip) {
 		if(spkip->spki) NETSCAPE_SPKI_free(spkip->spki);
+		spkip->spki = NULL;
 		free(spkip);
 	}
 }
@@ -78,9 +79,9 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
 		default:
 			rb_raise(rb_eTypeError, "unsupported type");
 	}
-	if (!spki) {
+	if (!spki)
 		rb_raise(eSPKIError, "%s", ossl_error());
-	}
+
 	spkip->spki = spki;
 
 	return self;
@@ -99,7 +100,10 @@ ossl_spki_to_pem(VALUE self)
 		rb_raise(eSPKIError, "%s", ossl_error());
 	}
 
-	return rb_str_new2(data);
+	str = rb_str_new2(data);
+	OPENSSL_free(data);
+
+	return str;
 }
 
 static VALUE
diff --git a/ossl_pkcs7.c b/ossl_pkcs7.c
index 5ce9d47..c57eb42 100644
--- a/ossl_pkcs7.c
+++ b/ossl_pkcs7.c
@@ -28,8 +28,6 @@
 	if (!p7sip->signer) rb_raise(ePKCS7Error, "not initialized!");\
 }
 
-#define DefPKCS7Const(x) rb_define_const(mPKCS7, #x, INT2FIX(x))
-
 /*
  * Constants
  */
@@ -63,9 +61,8 @@ static void
 ossl_pkcs7_free(ossl_pkcs7 *pkcs7p)
 {
 	if (pkcs7p) {
-		if (pkcs7p->pkcs7) {
-			PKCS7_free(pkcs7p->pkcs7);
-		}
+		if (pkcs7p->pkcs7) PKCS7_free(pkcs7p->pkcs7);
+		pkcs7p->pkcs7 = NULL;
 		free(pkcs7p);
 	}
 }
@@ -74,9 +71,8 @@ static void
 ossl_pkcs7si_free(ossl_pkcs7si *p7sip)
 {
 	if (p7sip) {
-		if (p7sip->signer) {
-			PKCS7_SIGNER_INFO_free(p7sip->signer);
-		}
+		if (p7sip->signer) PKCS7_SIGNER_INFO_free(p7sip->signer);
+		p7sip->signer = NULL;
 		free(p7sip);
 	}
 }
@@ -123,6 +119,8 @@ ossl_pkcs7si_get_PKCS7_SIGNER_INFO(VALUE obj)
 	ossl_pkcs7si *p7sip = NULL;
 	PKCS7_SIGNER_INFO *si = NULL;
 	
+	OSSL_Check_Type(obj, cPKCS7SignerInfo);
+
 	GetPKCS7si(obj, p7sip);
 
 	if (!(si = PKCS7_SIGNER_INFO_dup(p7sip->signer))) {
@@ -162,6 +160,7 @@ static VALUE ossl_pkcs7_s_sign(VALUE klass, VALUE key, VALUE cert, VALUE data)
 		rb_raise(ePKCS7Error, "%s", ossl_error());
 	}
 	if (!(p7 = PKCS7_sign(x509, pkey, NULL, bio, 0))) {
+		BIO_free(bio);
 		rb_raise(ePKCS7Error, "%s", ossl_error());
 	}
 	BIO_free(bio);
@@ -182,6 +181,7 @@ ossl_pkcs7_s_new(int argc, VALUE *argv, VALUE klass)
 	MakePKCS7(obj, pkcs7p);
 	
 	rb_obj_call_init(obj, argc, argv);
+	
 	return obj;
 }
 
@@ -203,7 +203,7 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
 				rb_raise(ePKCS7Error, "%s", ossl_error());
 			}
 			if(!PKCS7_set_type(p7, FIX2INT(arg1))) {
-				/*PKCS7_free(p7);*/
+				PKCS7_free(p7);
 				rb_raise(ePKCS7Error, "%s", ossl_error());
 			}
 			break;
@@ -213,6 +213,7 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
 				rb_raise(ePKCS7Error, "%s", ossl_error());
 			}
 			if (!(p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL))) {
+				BIO_free(in);
 				rb_raise(ePKCS7Error, "%s", ossl_error());
 			}
 			BIO_free(in);
@@ -322,10 +323,12 @@ ossl_pkcs7_add_recipient(VALUE self, VALUE cert)
 		rb_raise(ePKCS7Error, "%s", ossl_error());
 	}
 	if (!PKCS7_RECIP_INFO_set(ri, ossl_x509_get_X509(cert))) {
+		PKCS7_RECIP_INFO_free(ri);
 		rb_raise(ePKCS7Error, "%s", ossl_error());
 	}
 
 	if (!PKCS7_add_recipient_info(p7p->pkcs7, ri)) {
+		PKCS7_RECIP_INFO_free(ri);
 		rb_raise(ePKCS7Error, "%s", ossl_error());
 	}
 	
@@ -388,6 +391,7 @@ ossl_pkcs7_add_data(int argc, VALUE *argv, VALUE self)
 		rb_raise(ePKCS7Error, "%s", ossl_error());
 	}
 	if ((i = BIO_write(bio, RSTRING(data)->ptr, RSTRING(data)->len)) != RSTRING(data)->len) {
+		BIO_free(bio);
 		rb_raise(ePKCS7Error, "BIO_wrote %d, but should be %d!", i, RSTRING(data)->len);
 	}
 	if (!PKCS7_dataFinal(p7p->pkcs7, bio)) {
@@ -436,15 +440,15 @@ ossl_pkcs7_data_verify(VALUE self, VALUE x509store, VALUE detached)
 	} else {
 		bio = PKCS7_dataInit(p7p->pkcs7, NULL);
 	}
-	if (!bio) {
+	if (!bio)
 		rb_raise(ePKCS7Error, "%s", ossl_error());
-	}
 
 	/* We have to 'read' from bio to calculate digests etc. */
 	for (;;) {
 		i = BIO_read(bio, buf, sizeof(buf));
 		if (i <= 0) break;
 	}
+	/*BIO_free(bio);*/
 
 	sk = PKCS7_get_signer_info(p7p->pkcs7);
 	if (!sk) {
@@ -573,6 +577,7 @@ ossl_pkcs7si_initialize(int argc, VALUE *argv, VALUE self)
 		rb_raise(ePKCS7Error, "%s", ossl_error());
 	}
 	if (!(PKCS7_SIGNER_INFO_set(si, x509, pkey, md))) {
+		PKCS7_SIGNER_INFO_free(si);
 		rb_raise(ePKCS7Error, "%s", ossl_error());
 	}
 	p7sip->signer = si;
@@ -587,7 +592,7 @@ ossl_pkcs7si_get_name(VALUE self)
 
 	GetPKCS7si(self, p7sip);
 
-	return ossl_x509name_new2(p7sip->signer->issuer_and_serial->issuer);
+	return ossl_x509name_new(p7sip->signer->issuer_and_serial->issuer);
 }
 
 static VALUE
@@ -643,6 +648,8 @@ Init_pkcs7(VALUE mPKCS7)
 	rb_define_method(cPKCS7, "decode_data", ossl_pkcs7_data_decode, 2);
 	rb_define_method(cPKCS7, "to_pem", ossl_pkcs7_to_pem, 0);
 	
+#define DefPKCS7Const(x) rb_define_const(mPKCS7, #x, INT2FIX(x))
+
 	DefPKCS7Const(SIGNED);
 	DefPKCS7Const(ENVELOPED);
 	DefPKCS7Const(SIGNED_ENVELOPED);
diff --git a/ossl_pkey.c b/ossl_pkey.c
index c7a2119..91005d8 100644
--- a/ossl_pkey.c
+++ b/ossl_pkey.c
@@ -81,6 +81,8 @@ ossl_pkey_get_EVP_PKEY(VALUE obj)
 {
 	ossl_pkey *pkeyp = NULL;
 	
+	OSSL_Check_Type(obj, cPKey);
+	
 	GetPKey(obj, pkeyp);
 
 	return pkeyp->get_EVP_PKEY(obj);
diff --git a/ossl_pkey_dsa.c b/ossl_pkey_dsa.c
index 115932f..370be8a 100644
--- a/ossl_pkey_dsa.c
+++ b/ossl_pkey_dsa.c
@@ -8,6 +8,8 @@
  * This program is licenced under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
+#ifndef NO_DSA
+
 #include "ossl.h"
 #include "ossl_pkey.h"
 
@@ -58,9 +60,9 @@ ossl_dsa_new_null()
 	
 	MakeDSA(obj, dsap);
 	
-	if (!(dsap->dsa = DSA_new())) {
+	if (!(dsap->dsa = DSA_new()))
 		rb_raise(eDSAError, "%s", ossl_error());
-	}
+
 	return obj;
 }
 
@@ -76,9 +78,9 @@ ossl_dsa_new(DSA *dsa)
 	MakeDSA(obj, dsap);
 	
 	dsap->dsa = (DSA_PRIVATE(dsa)) ? DSAPrivateKey_dup(dsa) : DSAPublicKey_dup(dsa);
-	if (!dsap->dsa) {
+
+	if (!dsap->dsa)
 		rb_raise(eDSAError, "%s", ossl_error());
-	}
 	
 	return obj;
 }
@@ -89,12 +91,13 @@ ossl_dsa_get_DSA(VALUE obj)
 	ossl_dsa *dsap = NULL;
 	DSA *dsa = NULL;
 	
+	OSSL_Check_Type(obj, cDSA);
+	
 	GetDSA(obj, dsap);
 
 	dsa = (DSA_PRIVATE(dsap->dsa)) ? DSAPrivateKey_dup(dsap->dsa) : DSAPublicKey_dup(dsap->dsa);
-	if (!dsa) {
+	if (!dsa)
 		rb_raise(eDSAError, "%s", ossl_error());
-	}
 	
 	return dsa;
 }
@@ -105,6 +108,8 @@ ossl_dsa_get_EVP_PKEY(VALUE obj)
 	DSA *dsa = NULL;
 	EVP_PKEY *pkey = NULL;
 
+	OSSL_Check_Type(obj, cDSA);
+	
 	dsa = ossl_dsa_get_DSA(obj);
 
 	if (!(pkey = EVP_PKEY_new())) {
@@ -132,6 +137,7 @@ ossl_dsa_s_new(int argc, VALUE *argv, VALUE klass)
 	MakeDSA(obj, dsap);
 
 	rb_obj_call_init(obj, argc, argv);
+	
 	return obj;
 }
 
@@ -178,10 +184,12 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
 			}
 			if (rb_block_given_p())
 				cb = ossl_dsa_generate_cb;
+
 			if (!(dsa = DSA_generate_parameters(FIX2INT(buffer), seed, seed_len, &counter, &h, cb, NULL))) { /* arg to cb = NULL */
 				rb_raise(eDSAError, "%s", ossl_error());
 			}
 			if (!DSA_generate_key(dsa)) {
+				DSA_free(dsa);
 				rb_raise(eDSAError, "%s", ossl_error());
 			}
 			break;
@@ -269,10 +277,12 @@ ossl_dsa_export(int argc, VALUE *argv, VALUE self)
 	
 	if (DSA_PRIVATE(dsap->dsa)) {
 		if (!PEM_write_bio_DSAPrivateKey(out, dsap->dsa, ciph, NULL, 0, NULL, pass)) {
+			BIO_free(out);
 			rb_raise(eDSAError, "%s", ossl_error());
 		}
 	} else {
 		if (!PEM_write_bio_DSAPublicKey(out, dsap->dsa)) {
+			BIO_free(out);
 			rb_raise(eDSAError, "%s", ossl_error());
 		}
 	}
@@ -296,29 +306,33 @@ ossl_dsa_to_der(VALUE self)
 	GetDSA(self, dsap);
 
 	dsa = (DSA_PRIVATE(dsap->dsa)) ? DSAPrivateKey_dup(dsap->dsa):DSAPublicKey_dup(dsap->dsa);
-	if (!dsa) {
+	
+	if (!dsa)
 		rb_raise(eDSAError, "%s", ossl_error());
-	}
+	
 	if (!(pkey = EVP_PKEY_new())) {
 		DSA_free(dsa);
 		rb_raise(eDSAError, "%s", ossl_error());
 	}
 	if (!EVP_PKEY_assign_DSA(pkey, dsap->dsa)) {
-		DSA_free(dsa);
+		/*DSA_free(dsa);*/
 		EVP_PKEY_free(pkey);
 		rb_raise(eDSAError, "%s", ossl_error());
 	}	
 	if (!(key = X509_PUBKEY_new())) {
+		/*DSA_free(dsa);*/
 		EVP_PKEY_free(pkey);
 		rb_raise(eDSAError, "%s", ossl_error());
 	}
 	if (!X509_PUBKEY_set(&key, pkey)) {
-		EVP_PKEY_free(pkey);
+		/*DSA_free(dsa);*/
+		/* EVP_PKEY_free(pkey) = this does X509_PUBKEY_free!! */
 		X509_PUBKEY_free(key);
 		rb_raise(eDSAError, "%s", ossl_error());
 	}
 
 	str = rb_str_new(key->public_key->data, key->public_key->length);
+	/*DSA_free(dsa);*/
 	/* EVP_PKEY_free(pkey) = this does X509_PUBKEY_free!! */
 	X509_PUBKEY_free(key);
 
@@ -344,6 +358,7 @@ ossl_dsa_to_str(VALUE self)
 		rb_raise(eDSAError, "%s", ossl_error());
 	}
 	if (!DSA_print(out, dsap->dsa, 0)) { //offset = 0
+		BIO_free(out);
 		rb_raise(eDSAError, "%s", ossl_error());
 	}
 	BIO_get_mem_ptr(out, &buf);
@@ -393,6 +408,7 @@ ossl_dsa_sign(VALUE self, VALUE data)
 	}
 	
 	if (!DSA_sign(0, RSTRING(data)->ptr, RSTRING(data)->len, sig, &sig_len, dsap->dsa)) { /*type = 0*/
+		OPENSSL_free(sig);
 		rb_raise(eDSAError, "%s", ossl_error());
 	}
 
@@ -413,13 +429,13 @@ ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig)
 	Check_SafeStr(sig);
 
 	ret = DSA_verify(0, RSTRING(digest)->ptr, RSTRING(digest)->len, RSTRING(sig)->ptr, RSTRING(sig)->len, dsap->dsa); /*type = 0*/
+
+	if (ret < 0)
+		rb_raise(eDSAError, "%s", ossl_error());
+
 	if (ret == 1)
 		return Qtrue;
-	else if (ret == 0)
-		return Qfalse;
-	
-	rb_raise(eDSAError, "%s", ossl_error());
-	return Qnil;
+	return Qfalse;
 }
 
 /*
@@ -444,3 +460,13 @@ Init_ossl_dsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError)
 	rb_define_method(cDSA, "verify_digest", ossl_dsa_verify, 2);
 }
 
+#else /* defined NO_DSA */
+
+void
+Init_ossl_dsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError)
+{
+	rb_warning("DSA keys will NOT be avaible: OpenSSL is compiled without DSA support.");
+}
+
+#endif /* NO_DSA */
+
diff --git a/ossl_pkey_rsa.c b/ossl_pkey_rsa.c
index ce26e40..f5e75c5 100644
--- a/ossl_pkey_rsa.c
+++ b/ossl_pkey_rsa.c
@@ -8,6 +8,8 @@
  * This program is licenced under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
+#ifndef NO_RSA
+
 #include "ossl.h"
 #include "ossl_pkey.h"
 
@@ -58,9 +60,9 @@ ossl_rsa_new_null()
 	
 	MakeRSA(obj, rsap);
 	
-	if (!(rsap->rsa = RSA_new())) {
+	if (!(rsap->rsa = RSA_new()))
 		rb_raise(eRSAError, "%s", ossl_error());
-	}
+
 	return obj;
 }
 
@@ -76,9 +78,9 @@ ossl_rsa_new(RSA *rsa)
 	MakeRSA(obj, rsap);
 	
 	rsap->rsa = (RSA_PRIVATE(rsa)) ? RSAPrivateKey_dup(rsa) : RSAPublicKey_dup(rsa);
-	if (!rsap->rsa) {
+
+	if (!rsap->rsa)
 		rb_raise(eRSAError, "%s", ossl_error());
-	}
 	
 	return obj;
 }
@@ -89,12 +91,14 @@ ossl_rsa_get_RSA(VALUE obj)
 	ossl_rsa *rsap = NULL;
 	RSA *rsa = NULL;
 	
+	OSSL_Check_Type(obj, cRSA);
+	
 	GetRSA(obj, rsap);
 
 	rsa = (RSA_PRIVATE(rsap->rsa)) ? RSAPrivateKey_dup(rsap->rsa) : RSAPublicKey_dup(rsap->rsa);
-	if (!rsa) {
+	
+	if (!rsa)
 		rb_raise(eRSAError, "%s", ossl_error());
-	}
 	
 	return rsa;
 }
@@ -105,6 +109,8 @@ ossl_rsa_get_EVP_PKEY(VALUE obj)
 	RSA *rsa = NULL;
 	EVP_PKEY *pkey = NULL;
 
+	OSSL_Check_Type(obj, cRSA);
+	
 	rsa = ossl_rsa_get_RSA(obj);
 
 	if (!(pkey = EVP_PKEY_new())) {
@@ -132,6 +138,7 @@ ossl_rsa_s_new(int argc, VALUE *argv, VALUE klass)
 	MakeRSA(obj, rsap);
 
 	rb_obj_call_init(obj, argc, argv);
+	
 	return obj;
 }
 
@@ -262,10 +269,12 @@ ossl_rsa_export(int argc, VALUE *argv, VALUE self)
 	
 	if (RSA_PRIVATE(rsap->rsa)) {
 		if (!PEM_write_bio_RSAPrivateKey(out, rsap->rsa, ciph, NULL, 0, NULL, pass)) {
+			BIO_free(out);
 			rb_raise(eRSAError, "%s", ossl_error());
 		}
 	} else {
 		if (!PEM_write_bio_RSAPublicKey(out, rsap->rsa)) {
+			BIO_free(out);
 			rb_raise(eRSAError, "%s", ossl_error());
 		}
 	}
@@ -290,15 +299,15 @@ ossl_rsa_public_encrypt(VALUE self, VALUE buffer)
 	Check_Type(buffer, T_STRING);
 	size = RSA_size(rsap->rsa);
 	
-	if (!(enc_text = malloc(size + 16))) {
+	if (!(enc_text = OPENSSL_malloc(size + 16))) {
 		rb_raise(eRSAError, "Memory alloc error");
 	}
 	if ((len = RSA_public_encrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, enc_text, rsap->rsa, RSA_PKCS1_PADDING)) < 0) {
-		free(enc_text);
+		OPENSSL_free(enc_text);
 		rb_raise(eRSAError, "%s", ossl_error());
 	}
 	enc = rb_str_new(enc_text, len);
-	free(enc_text);
+	OPENSSL_free(enc_text);
 
 	return enc;
 }
@@ -316,15 +325,15 @@ ossl_rsa_public_decrypt(VALUE self, VALUE buffer)
 	Check_Type(buffer, T_STRING);
 	size = RSA_size(rsap->rsa);
 	
-	if (!(txt = malloc(size + 16))) {
+	if (!(txt = OPENSSL_malloc(size + 16))) {
 		rb_raise(eRSAError, "Memory alloc error");
 	}
 	if ((len = RSA_public_decrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, txt, rsap->rsa, RSA_PKCS1_PADDING)) < 0) {
-		free(txt);
+		OPENSSL_free(txt);
 		rb_raise(eRSAError, "%s", ossl_error());
 	}
 	text = rb_str_new(txt, len);
-	free(txt);
+	OPENSSL_free(txt);
 
 	return text;
 }
@@ -342,19 +351,20 @@ ossl_rsa_private_encrypt(VALUE self, VALUE buffer)
 	if (!RSA_PRIVATE(rsap->rsa)) {
 		rb_raise(eRSAError, "This key is PUBLIC only!");
 	}
+	
 	Check_Type(buffer, T_STRING);
 	
 	size = RSA_size(rsap->rsa);
 	
-	if (!(enc_text = malloc(size + 16))) {
+	if (!(enc_text = OPENSSL_malloc(size + 16))) {
 		rb_raise(eRSAError, "Memory alloc error");
 	}
 	if ((len = RSA_private_encrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, enc_text, rsap->rsa, RSA_PKCS1_PADDING)) < 0) {
-		free(enc_text);
+		OPENSSL_free(enc_text);
 		rb_raise(eRSAError, "%s", ossl_error());
 	}
 	enc = rb_str_new(enc_text, len);
-	free(enc_text);
+	OPENSSL_free(enc_text);
 
 	return enc;
 }
@@ -376,15 +386,15 @@ ossl_rsa_private_decrypt(VALUE self, VALUE buffer)
 	
 	size = RSA_size(rsap->rsa);
 
-	if (!(txt = malloc(size + 16))) {
+	if (!(txt = OPENSSL_malloc(size + 16))) {
 		rb_raise(eRSAError, "Memory alloc error");
 	}
 	if ((len = RSA_private_decrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, txt, rsap->rsa, RSA_PKCS1_PADDING)) < 0) {
-		free(txt);
+		OPENSSL_free(txt);
 		rb_raise(eRSAError, "%s", ossl_error());
 	}
 	text = rb_str_new(txt, len);
-	free(txt);
+	OPENSSL_free(txt);
 
 	return text;
 }
@@ -407,6 +417,7 @@ ossl_rsa_get_n(VALUE self)
 		rb_raise(eRSAError, "%s", ossl_error());
 	}
 	if (!BN_print(out, rsap->rsa->n)) {
+		BIO_free(out);
 		rb_raise(eRSAError, "%s", ossl_error());
 	}
 	BIO_get_mem_ptr(out, &buf);
@@ -429,29 +440,33 @@ ossl_rsa_to_der(VALUE self)
 	GetRSA(self, rsap);
 
 	rsa = (RSA_PRIVATE(rsap->rsa)) ? RSAPrivateKey_dup(rsap->rsa):RSAPublicKey_dup(rsap->rsa);
-	if (!rsa) {
+	
+	if (!rsa)
 		rb_raise(eRSAError, "%s", ossl_error());
-	}
+
 	if (!(pkey = EVP_PKEY_new())) {
 		RSA_free(rsa);
 		rb_raise(eRSAError, "%s", ossl_error());
 	}
 	if (!EVP_PKEY_assign_RSA(pkey, rsap->rsa)) {
-		RSA_free(rsa);
+		/*RSA_free(rsa);*/
 		EVP_PKEY_free(pkey);
 		rb_raise(eRSAError, "%s", ossl_error());
 	}	
 	if (!(key = X509_PUBKEY_new())) {
+		/*RSA_free(rsa);*/
 		EVP_PKEY_free(pkey);
 		rb_raise(eRSAError, "%s", ossl_error());
 	}
 	if (!X509_PUBKEY_set(&key, pkey)) {
-		EVP_PKEY_free(pkey);
+		/*RSA_free(rsa);*/
+		/* EVP_PKEY_free(pkey) = this does X509_PUBKEY_free!! */
 		X509_PUBKEY_free(key);
 		rb_raise(eRSAError, "%s", ossl_error());
 	}
 
 	str = rb_str_new(key->public_key->data, key->public_key->length);
+	/*RSA_free(rsa);*/
 	/* EVP_PKEY_free(pkey) = this does X509_PUBKEY_free!! */
 	X509_PUBKEY_free(key);
 
@@ -477,6 +492,7 @@ ossl_rsa_to_str(VALUE self)
 		rb_raise(eRSAError, "%s", ossl_error());
 	}
 	if (!RSA_print(out, rsap->rsa, 0)) { //offset = 0
+		BIO_free(out);
 		rb_raise(eRSAError, "%s", ossl_error());
 	}
 	BIO_get_mem_ptr(out, &buf);
@@ -550,7 +566,8 @@ ossl_rsa_verify(VALUE self, VALUE digest, VALUE text)
 /*
  * INIT
  */
-void Init_ossl_rsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError)
+void
+Init_ossl_rsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError)
 {
 	eRSAError = rb_define_class_under(mPKey, "RSAError", ePKeyError);
 
@@ -577,3 +594,13 @@ void Init_ossl_rsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError)
  */
 }
 
+#else /* defined NO_RSA */
+
+void
+Init_ossl_rsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError)
+{
+	rb_warning("RSA keys will NOT be avaible: OpenSSL is compiled without RSA support.");
+}
+
+#endif /* NO_RSA */
+
diff --git a/ossl_rand.c b/ossl_rand.c
index caf7262..424a918 100644
--- a/ossl_rand.c
+++ b/ossl_rand.c
@@ -32,6 +32,7 @@ ossl_rand_seed(VALUE self, VALUE str)
 {
 	Check_SafeStr(str);
 	RAND_seed(RSTRING(str)->ptr, RSTRING(str)->len);
+
 	return str;
 }
 
@@ -70,6 +71,7 @@ ossl_rand_bytes(VALUE self, VALUE len)
 	}
 	
 	if (!RAND_bytes(buffer, FIX2INT(len))) {
+		OPENSSL_free(buffer);
 		rb_raise(eRandomError, "%s", ossl_error());
 	}
 	
@@ -82,7 +84,8 @@ ossl_rand_bytes(VALUE self, VALUE len)
 /*
  * INIT
  */
-void Init_ossl_rand(VALUE mOSSL)
+void
+Init_ossl_rand(VALUE mOSSL)
 {
 	rb_define_method(mOSSL, "seed", ossl_rand_seed, 1);
 	rb_define_method(mOSSL, "load_random_file", ossl_rand_load_file, 1);
diff --git a/ossl_ssl.c b/ossl_ssl.c
index fb922ab..3a14bc7 100644
--- a/ossl_ssl.c
+++ b/ossl_ssl.c
@@ -141,7 +141,7 @@ static int ssl_verify_callback(int ok, X509_STORE_CTX *ctx)
 	VALUE x509stc, args, ret;
 
 	if (!NIL_P(ssl_verify_callback_proc)) {
-		x509stc = ossl_x509store_new2(ctx);
+		x509stc = ossl_x509store_new(ctx);
 		rb_funcall(x509stc, rb_intern("protect"), 0, NULL);
 		args = rb_ary_new2(3);
 		rb_ary_store(args, 0, ssl_verify_callback_proc);
@@ -399,7 +399,7 @@ ssl_get_certificate(self)
 
     if((cert = SSL_get_certificate(p->ssl)) == NULL) return Qnil;
 
-	return ossl_x509_new2(cert);
+	return ossl_x509_new(cert);
 }
 
 static VALUE
@@ -417,7 +417,7 @@ ssl_get_peer_certificate(self)
 
     if((cert = SSL_get_peer_certificate(p->ssl)) == NULL) return Qnil;
 
-	return ossl_x509_new2(cert);
+	return ossl_x509_new(cert);
 }
 
 static VALUE
diff --git a/ossl_x509.c b/ossl_x509.c
index ab08a80..85e6b33 100644
--- a/ossl_x509.c
+++ b/ossl_x509.c
@@ -45,11 +45,28 @@ ossl_x509_free(ossl_x509 *x509p)
 /*
  * public functions
  */
-VALUE 
-ossl_x509_new2(X509 *x509)
+VALUE
+ossl_x509_new_null(void)
+{
+	ossl_x509 *x509p = NULL;
+	VALUE obj;
+
+	MakeX509(obj, x509p);
+
+	if (!(x509p->x509 = X509_new()))
+		rb_raise(eX509CertificateError, "%s", ossl_error());
+
+	return obj;
+}
+		
+VALUE
+ossl_x509_new(X509 *x509)
 {
 	ossl_x509 *x509p = NULL;
 	VALUE obj;
+
+	if (!x509)
+		return ossl_x509_new_null();
 	
 	MakeX509(obj, x509p);
 	
@@ -70,6 +87,7 @@ ossl_x509_new_from_file(VALUE filename)
 	VALUE obj;
 
 	MakeX509(obj, x509p);
+	
 	path = RSTRING(filename)->ptr;
 	if ((fp = fopen(path, "r")) == NULL)
 		rb_raise(eX509CertificateError, "%s", strerror(errno));
@@ -85,12 +103,15 @@ ossl_x509_new_from_file(VALUE filename)
 }
 
 X509 *
-ossl_x509_get_X509(VALUE self)
+ossl_x509_get_X509(VALUE obj)
 {
 	ossl_x509 *x509p = NULL;
 	X509 *x509 = NULL;
 	
-	GetX509(self, x509p);
+	OSSL_Check_Type(obj, cX509Certificate);
+	
+	GetX509(obj, x509p);
+	
 	if (!(x509 = X509_dup(x509p->x509))) {
 		rb_raise(eX509CertificateError, "%s", ossl_error());
 	}
@@ -108,7 +129,9 @@ ossl_x509_s_new(int argc, VALUE *argv, VALUE klass)
 	VALUE obj;
 	
 	MakeX509(obj, x509p);
+	
 	rb_obj_call_init(obj, argc, argv);
+	
 	return obj;
 }
 
@@ -138,9 +161,9 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self)
 		default:
 			rb_raise(rb_eTypeError, "unsupported type");
 	}
-	if (!x509) {
+	
+	if (!x509)
 		rb_raise(eX509CertificateError, "%s", ossl_error());
-	}	
 	
 	x509p->x509 = x509;
 
@@ -195,7 +218,7 @@ ossl_x509_to_pem(VALUE self)
 	return str;
 }
 
-static VALUE 
+static VALUE
 ossl_x509_to_str(VALUE self)
 {
 	ossl_x509 *x509p = NULL;
@@ -234,7 +257,7 @@ ossl_x509_to_req(VALUE self)
 		rb_raise(eX509CertificateError, "%s", ossl_error());
 	}
 
-	return ossl_x509req_new2(req);
+	return ossl_x509req_new(req);
 }
  */
 
@@ -322,7 +345,7 @@ ossl_x509_get_subject(VALUE self)
 		rb_raise(eX509CertificateError, "%s", ossl_error());
 	}
 
-	return ossl_x509name_new2(name);
+	return ossl_x509name_new(name);
 }
 
 static VALUE 
@@ -356,7 +379,7 @@ ossl_x509_get_issuer(VALUE self)
 		rb_raise(eX509CertificateError, "%s", ossl_error());
 	}
 	
-	return ossl_x509name_new2(name);
+	return ossl_x509name_new(name);
 }
 
 static VALUE 
@@ -369,6 +392,7 @@ ossl_x509_set_issuer(VALUE self, VALUE issuer)
 
 	OSSL_Check_Type(issuer, cX509Name);
 	name = ossl_x509name_get_X509_NAME(issuer);
+	
 	if (!X509_set_issuer_name(x509p->x509, name)) {
 		rb_raise(eX509CertificateError, "%s", ossl_error());
 	}
@@ -406,11 +430,12 @@ ossl_x509_set_not_before(VALUE self, VALUE time)
 	
 	if (!FIXNUM_P(sec))
 		rb_raise(eX509CertificateError, "wierd time");
+
 	if ((intsec = FIX2INT(sec)) < 0)
 		rb_raise(eX509CertificateError, "time < 0???");
-	if (!ASN1_UTCTIME_set(X509_get_notBefore(x509p->x509), intsec)) {
+
+	if (!ASN1_UTCTIME_set(X509_get_notBefore(x509p->x509), intsec))
 		rb_raise(eX509CertificateError, "%s", ossl_error());
-	}
 
 	return time;
 }
@@ -444,11 +469,12 @@ ossl_x509_set_not_after(VALUE self, VALUE time)
 	
 	if (!FIXNUM_P(sec))
 		rb_raise(eX509CertificateError, "wierd time");
+	
 	if ((intsec = FIX2INT(sec)) < 0)
 		rb_raise(eX509CertificateError, "time < 0??");
-	if (!ASN1_UTCTIME_set(X509_get_notAfter(x509p->x509), FIX2INT(sec))) {
+	
+	if (!ASN1_UTCTIME_set(X509_get_notAfter(x509p->x509), FIX2INT(sec)))
 		rb_raise(eX509CertificateError, "%s", ossl_error());
-	}
 
 	return time;
 }
@@ -583,12 +609,14 @@ ossl_x509_get_extensions(VALUE self)
 
 	count = X509_get_ext_count(x509p->x509);
 
-	if (count > 0) ary = rb_ary_new2(count);
-	else return rb_ary_new();
+	if (count > 0)
+		ary = rb_ary_new2(count);
+	else
+		return rb_ary_new();
 
 	for (i=0; i<count; i++) {
 		ext = X509_get_ext(x509p->x509, i);
-		rb_ary_push(ary, ossl_x509ext_new2(ext));
+		rb_ary_push(ary, ossl_x509ext_new(ext));
 	}
 	
 	return ary;
@@ -632,6 +660,7 @@ ossl_x509_add_extension(VALUE self, VALUE ext)
 	GetX509(self, x509p);
 
 	OSSL_Check_Type(ext, cX509Extension);
+	
 	if (!X509_add_ext(x509p->x509, ossl_x509ext_get_X509_EXTENSION(ext), -1)) {
 		rb_raise(eX509CertificateError, "%s", ossl_error());
 	}
diff --git a/ossl_x509attr.c b/ossl_x509attr.c
index a73e281..a80b4ad 100644
--- a/ossl_x509attr.c
+++ b/ossl_x509attr.c
@@ -47,13 +47,30 @@ ossl_x509attr_free(ossl_x509attr *attrp)
  * public
  */
 VALUE 
-ossl_x509attr_new2(X509_ATTRIBUTE *attr)
+ossl_x509attr_new_null(void)
 {
 	ossl_x509attr *attrp = NULL;
 	VALUE obj;
 
 	MakeX509Attr(obj, attrp);
 
+	if (!(attrp->attribute = X509_ATTRIBUTE_new()))
+		rb_raise(eX509AttributeError, "%s", ossl_error());
+
+	return obj;
+}
+
+VALUE 
+ossl_x509attr_new(X509_ATTRIBUTE *attr)
+{
+	ossl_x509attr *attrp = NULL;
+	VALUE obj;
+
+	if (!attr)
+		return ossl_x509attr_new_null();
+	
+	MakeX509Attr(obj, attrp);
+
 	if (!(attrp->attribute = X509_ATTRIBUTE_dup(attr))) {
 		rb_raise(eX509AttributeError, "%s", ossl_error());
 	}
@@ -62,16 +79,18 @@ ossl_x509attr_new2(X509_ATTRIBUTE *attr)
 }
 
 X509_ATTRIBUTE *
-ossl_x509attr_get_X509_ATTRIBUTE(VALUE self)
+ossl_x509attr_get_X509_ATTRIBUTE(VALUE obj)
 {
 	ossl_x509attr *attrp = NULL;
 	X509_ATTRIBUTE *attr = NULL;
 
-	GetX509Attr(self, attrp);
+	OSSL_Check_Type(obj, cX509Attribute);
+	
+	GetX509Attr(obj, attrp);
 
-	if (!(attr = X509_ATTRIBUTE_dup(attrp->attribute))) {
+	if (!(attr = X509_ATTRIBUTE_dup(attrp->attribute)))
 		rb_raise(eX509AttributeError, "%s", ossl_error());
-	}
+
 	return attr;
 }
 
@@ -85,7 +104,9 @@ ossl_x509attr_s_new(int argc, VALUE *argv, VALUE klass)
 	VALUE obj;
 
 	MakeX509Attr(obj, attrp);
+
 	rb_obj_call_init(obj, argc, argv);
+
 	return obj;
 }
 
@@ -146,9 +167,9 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self)
 		default:
 			rb_raise(rb_eTypeError, "unsupported type");
 	}
-	if (!attr) {
+	if (!attr)
 		rb_raise(eX509AttributeError, "%s", ossl_error());
-	}
+
 	attrp->attribute = attr;
 
 	return self;
diff --git a/ossl_x509crl.c b/ossl_x509crl.c
index 5448b5d..4025b1c 100644
--- a/ossl_x509crl.c
+++ b/ossl_x509crl.c
@@ -51,6 +51,8 @@ ossl_x509crl_get_X509_CRL(VALUE obj)
 	ossl_x509crl *crlp = NULL;
 	X509_CRL *crl = NULL;
 	
+	OSSL_Check_Type(obj, cX509CRL);
+	
 	GetX509CRL(obj, crlp);
 
 	if (!(crl = X509_CRL_dup(crlp->crl))) {
@@ -70,6 +72,7 @@ ossl_x509crl_s_new(int argc, VALUE *argv, VALUE klass)
 	VALUE obj;
 
 	MakeX509CRL(obj, crlp);
+
 	rb_obj_call_init(obj, argc, argv);
 
 	return obj;
@@ -96,14 +99,13 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
 				rb_raise(eX509CRLError, "%s", ossl_error());
 			}
 			crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
-			/*BIO_free(in);*/
+			BIO_free(in);
 			break;
 		default:
 			rb_raise(rb_eTypeError, "unsupported type");
 	}
-	if (!crl) {
+	if (!crl)
 		rb_raise(eX509CRLError, "%s", ossl_error());
-	}
 
 	crlp->crl = crl;
 
@@ -152,7 +154,7 @@ ossl_x509crl_get_issuer(VALUE self)
 	
 	GetX509CRL(self, crlp);
 	
-	return ossl_x509name_new2(crlp->crl->crl->issuer);
+	return ossl_x509name_new(crlp->crl->crl->issuer);
 }
 
 static VALUE 
@@ -197,6 +199,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time)
 	
 	if (!FIXNUM_P(sec))
 		rb_raise(eX509CRLError, "wierd time");
+
 	if (!ASN1_UTCTIME_set(crlp->crl->crl->lastUpdate, FIX2INT(sec))) {
 		rb_raise(eX509CRLError, "%s", ossl_error());
 	}
@@ -227,6 +230,7 @@ ossl_x509crl_set_next_update(VALUE self, VALUE time)
 	
 	if (!FIXNUM_P(sec))
 		rb_raise(eX509CRLError, "wierd time");
+
 	if (!ASN1_UTCTIME_set(crlp->crl->crl->nextUpdate, FIX2INT(sec))) {
 		rb_raise(eX509CRLError, "%s", ossl_error());
 	}
@@ -249,8 +253,9 @@ ossl_x509crl_get_revoked(VALUE self)
 		return rb_ary_new();
 
 	ary = rb_ary_new2(num);
+
 	for(i=0; i<num; i++) {
-		rb_ary_push(ary, ossl_x509revoked_new2((X509_REVOKED *)sk_X509_CRL_value(crlp->crl->crl->revoked, i)));
+		rb_ary_push(ary, ossl_x509revoked_new((X509_REVOKED *)sk_X509_CRL_value(crlp->crl->crl->revoked, i)));
 	}
 
 	return ary;
@@ -345,6 +350,7 @@ ossl_x509crl_verify(VALUE self, VALUE key)
 	OSSL_Check_Type(key, cPKey);
 	
 	pkey = ossl_pkey_get_EVP_PKEY(key);
+
 	result = X509_CRL_verify(crlp->crl, pkey);
 	EVP_PKEY_free(pkey);
 
@@ -416,11 +422,12 @@ ossl_x509crl_get_extensions(VALUE self)
 
 	if (count > 0) 
 		ary = rb_ary_new2(count);
-	else return rb_ary_new();
+	else
+		return rb_ary_new();
 
 	for (i=0; i<count; i++) {
 		ext = X509_CRL_get_ext(crlp->crl, i);
-		rb_ary_push(ary, ossl_x509ext_new2(ext));
+		rb_ary_push(ary, ossl_x509ext_new(ext));
 	}
 	
 	return ary;
diff --git a/ossl_x509ext.c b/ossl_x509ext.c
index 952358f..644697e 100644
--- a/ossl_x509ext.c
+++ b/ossl_x509ext.c
@@ -67,17 +67,32 @@ ossl_x509extfactory_free(ossl_x509extfactory *extfactoryp)
  * Public
  */
 VALUE 
-ossl_x509ext_new2(X509_EXTENSION *ext)
+ossl_x509ext_new_null(void)
 {
 	ossl_x509ext *extp = NULL;
-	X509_EXTENSION *new = NULL;
 	VALUE obj;
 
 	MakeX509Ext(obj, extp);
-	if (!(new = X509_EXTENSION_dup(ext))) {
+	
+	if (!(extp->extension = X509_EXTENSION_new()))
+		rb_raise(eX509ExtensionError, "%s", ossl_error());
+	
+	return obj;
+}
+
+VALUE 
+ossl_x509ext_new(X509_EXTENSION *ext)
+{
+	ossl_x509ext *extp = NULL;
+	VALUE obj;
+
+	if (!ext)
+		return ossl_x509ext_new_null();
+
+	MakeX509Ext(obj, extp);
+	
+	if (!(extp->extension = X509_EXTENSION_dup(ext)))
 		rb_raise(eX509ExtensionError, "%s", ossl_error());
-	}
-	extp->extension = new;
 
 	return obj;
 }
@@ -87,7 +102,10 @@ ossl_x509ext_get_X509_EXTENSION(VALUE obj)
 {
 	ossl_x509ext *extp = NULL;
 
+	OSSL_Check_Type(obj, cX509Extension);
+	
 	GetX509Ext(obj, extp);
+
 	return X509_EXTENSION_dup(extp->extension);
 }
 
@@ -104,6 +122,7 @@ ossl_x509extfactory_s_new(int argc, VALUE *argv, VALUE klass)
 	VALUE obj;
 	
 	MakeX509ExtFactory(obj, extfactoryp);
+
 	rb_obj_call_init(obj, argc, argv);
 
 	return obj;
@@ -322,12 +341,16 @@ ossl_x509ext_to_str(VALUE obj)
 	 * User defined user format
 	 */
 	nid = OBJ_obj2nid(X509_EXTENSION_get_object(extp->extension));
+
 	BIO_printf(out, "OID=%s, VALUE=", (nid == NID_undef)?"UNKNOWN":OBJ_nid2sn(nid)); /*OBJ_nid2ln(nid)*/
+
 	if (!X509V3_EXT_print(out, extp->extension, 0, 0)) {
+		BIO_free(out);
 		rb_raise(eX509ExtensionError, "%s", ossl_error());
 	}
 	critical = X509_EXTENSION_get_critical(extp->extension);
 	BIO_printf(out,", critical = %s\n", (critical)?"yes":"no");
+
 	BIO_get_mem_ptr(out, &buf);
 	str = rb_str_new(buf->data, buf->length);
 	BIO_free(out);
@@ -355,6 +378,7 @@ ossl_x509ext_to_a(VALUE obj)
 		rb_raise(eX509ExtensionError, "%s", ossl_error());
 	}
 	if (!X509V3_EXT_print(out, extp->extension, 0, 0)) {
+		BIO_free(out);
 		rb_raise(eX509ExtensionError, "%s", ossl_error());
 	}
 	BIO_get_mem_ptr(out, &buf);
@@ -373,7 +397,8 @@ ossl_x509ext_to_a(VALUE obj)
 /*
  * INIT
  */
-void Init_ossl_x509ext(VALUE module)
+void
+Init_ossl_x509ext(VALUE module)
 {
 
 	eX509ExtensionError = rb_define_class_under(module, "ExtensionError", rb_eStandardError);
diff --git a/ossl_x509name.c b/ossl_x509name.c
index b992ba4..452faf9 100644
--- a/ossl_x509name.c
+++ b/ossl_x509name.c
@@ -47,17 +47,32 @@ ossl_x509name_free(ossl_x509name *namep)
  * Public
  */
 VALUE 
-ossl_x509name_new2(X509_NAME *name)
+ossl_x509name_new_null(void)
 {
 	ossl_x509name *namep = NULL;
-	X509_NAME *new = NULL;
 	VALUE obj;
 
 	MakeX509Name(obj, namep);
-	if (!(new = X509_NAME_dup(name))) {
+
+	if (!(namep->name = X509_NAME_new()))
+		rb_raise(eX509NameError, "%s", ossl_error());
+
+	return obj;
+}
+
+VALUE 
+ossl_x509name_new(X509_NAME *name)
+{
+	ossl_x509name *namep = NULL;
+	VALUE obj;
+
+	if (!name)
+		return ossl_x509name_new_null();
+	
+	MakeX509Name(obj, namep);
+
+	if (!(namep->name = X509_NAME_dup(name)))
 		rb_raise(eX509NameError, "%s", ossl_error());
-	}
-	namep->name = new;
 
 	return obj;
 }
@@ -67,6 +82,8 @@ ossl_x509name_get_X509_NAME(VALUE obj)
 {
 	ossl_x509name *namep = NULL;
 
+	OSSL_Check_Type(obj, cX509Name);
+	
 	GetX509Name(obj, namep);
 
 	return X509_NAME_dup(namep->name);
@@ -82,6 +99,7 @@ ossl_x509name_s_new(int argc, VALUE *argv, VALUE klass)
 	VALUE obj;
 	
 	MakeX509Name(obj, namep);
+
 	rb_obj_call_init(obj, argc, argv);
 	
 	return obj;
@@ -125,6 +143,7 @@ ary_to_x509name(VALUE ary)
 		}
 		key = RARRAY(item)->ptr[0];
 		value = RARRAY(item)->ptr[1];
+
 		if (TYPE(key) != T_STRING || TYPE(value) != T_STRING) {
 			rb_raise(eX509NameError, "unsupported structure");
 		}
@@ -203,9 +222,9 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self)
 		default:
 			rb_raise(rb_eTypeError, "unsupported type");
 	}
-	if (!name) {
+	if (!name)
 		rb_raise(eX509NameError, "%s", ossl_error());
-	}
+
 	namep->name = name;
 
 	return self;
diff --git a/ossl_x509req.c b/ossl_x509req.c
index 55d1e83..6f8c2fa 100644
--- a/ossl_x509req.c
+++ b/ossl_x509req.c
@@ -47,30 +47,49 @@ ossl_x509req_free(ossl_x509req *reqp)
  * Public functions
  */
 VALUE 
-ossl_x509req_new2(X509_REQ *req)
+ossl_x509req_new_null(void)
 {
 	ossl_x509req *reqp = NULL;
 	VALUE self;
 	
 	MakeX509Req(self, reqp);
-	if (!(reqp->request = X509_REQ_dup(req))) {
+
+	if (!(reqp->request = X509_REQ_new()))
+		rb_raise(eX509RequestError, "%s", ossl_error());
+
+	return self;
+}
+
+VALUE
+ossl_x509req_new(X509_REQ *req)
+{
+	ossl_x509req *reqp = NULL;
+	VALUE self;
+
+	if (!req)
+		return ossl_x509req_new_null();
+	
+	MakeX509Req(self, reqp);
+
+	if (!(reqp->request = X509_REQ_dup(req)))
 		rb_raise(eX509RequestError, "%s", ossl_error());
-	}
 
 	return self;
 }
 
 X509_REQ *
-ossl_x509req_get_X509_REQ(VALUE self)
+ossl_x509req_get_X509_REQ(VALUE obj)
 {
 	ossl_x509req *reqp = NULL;
 	X509_REQ *req = NULL;
 	
-	GetX509Req(self, reqp);
+	OSSL_Check_Type(obj, cX509Request);
 	
-	if (!(req = X509_REQ_dup(reqp->request))) {
+	GetX509Req(obj, reqp);
+	
+	if (!(req = X509_REQ_dup(reqp->request)))
 		rb_raise(eX509RequestError, "%s", ossl_error());
-	}
+
 	return req;
 }
 
@@ -84,6 +103,7 @@ ossl_x509req_s_new(int argc, VALUE *argv, VALUE klass)
 	VALUE obj;
 	
 	MakeX509Req(obj, reqp);
+
 	rb_obj_call_init(obj, argc, argv);
 
 	return obj;
@@ -115,9 +135,9 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self)
 		default:
 			rb_raise(rb_eTypeError, "unsupported type");
 	}
-	if (!req) {
+	if (!req)
 		rb_raise(eX509RequestError, "%s", ossl_error());
-	}	
+
 	reqp->request = req;
 
 	return self;
@@ -186,7 +206,7 @@ ossl_x509req_to_x509(VALUE self, VALUE days, VALUE key)
 		rb_raise(eX509RequestError, "%s", ossl_error());
 	}
 
-	return ossl_x509req_new2(x509);
+	return ossl_x509req_new(x509);
 }
  */
 
@@ -233,7 +253,7 @@ ossl_x509req_get_subject(VALUE self)
 	if (!(name = X509_REQ_get_subject_name(reqp->request))) {
 		rb_raise(eX509RequestError, "%s", ossl_error());
 	}
-	subject = ossl_x509name_new2(name);
+	subject = ossl_x509name_new(name);
 	/*X509_NAME_free(name);*/
 	
 	return subject;
@@ -253,6 +273,7 @@ ossl_x509req_set_subject(VALUE self, VALUE subject)
 	if (!X509_REQ_set_subject_name(reqp->request, name)) {
 		rb_raise(eX509RequestError, "%s", ossl_error());
 	}
+	/*X509_NAME_free(name);*/
 
 	return subject;
 }
@@ -339,9 +360,10 @@ ossl_x509req_verify(VALUE self, VALUE key)
 	i = X509_REQ_verify(reqp->request, pkey);
 	EVP_PKEY_free(pkey);
 
-	if (i < 0) {
+	if (i < 0)
 		rb_raise(eX509RequestError, "%s", ossl_error());
-	} else if (i > 0)
+	
+	if (i > 0)
 		return Qtrue;
 
 	return Qfalse;
@@ -359,12 +381,14 @@ ossl_x509req_get_attributes(VALUE self)
 
 	count = X509_REQ_get_attr_count(reqp->request);
 
-	if(count > 0) ary = rb_ary_new2(count);
-	else return rb_ary_new();
+	if(count > 0) 
+		ary = rb_ary_new2(count);
+	else 
+		return rb_ary_new();
 
 	for (i=0; i<count; i++) {
 		attr = X509_REQ_get_attr(reqp->request, i);
-		rb_ary_push(ary, ossl_x509attr_new2(attr));
+		rb_ary_push(ary, ossl_x509attr_new(attr));
 	}
 
 	return ary;
@@ -387,8 +411,11 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
 	
 	for (i=0;i<RARRAY(ary)->len; i++) {
 		item = RARRAY(ary)->ptr[i];
+
 		OSSL_Check_Type(item, cX509Attribute);
+
 		attr = ossl_x509attr_get_X509_ATTRIBUTE(item);
+
 		if (!X509_REQ_add1_attr(reqp->request, attr)) {
 			rb_raise(eX509RequestError, "%s", ossl_error());
 		}
@@ -407,6 +434,7 @@ ossl_x509req_add_attribute(VALUE self, VALUE attr)
 	GetX509Req(self, reqp);
 
 	OSSL_Check_Type(attr, cX509Attribute);
+
 	if (!X509_REQ_add1_attr(reqp->request, ossl_x509attr_get_X509_ATTRIBUTE(attr))) {
 		rb_raise(eX509RequestError, "%s", ossl_error());
 	}
diff --git a/ossl_x509revoked.c b/ossl_x509revoked.c
index b77c8b6..441047a 100644
--- a/ossl_x509revoked.c
+++ b/ossl_x509revoked.c
@@ -46,28 +46,44 @@ ossl_x509revoked_free(ossl_x509revoked *revp)
  * PUBLIC
  */
 VALUE 
-ossl_x509revoked_new2(X509_REVOKED *rev)
+ossl_x509revoked_new_null(void)
 {
 	ossl_x509revoked *revp = NULL;
-	X509_REVOKED *new = NULL;
 	VALUE obj;
+	
+	MakeX509Revoked(obj, revp);
 
-	if (!(new = X509_REVOKED_dup(rev))) {
+	if (!(revp->revoked = X509_REVOKED_new()))
 		rb_raise(eX509RevokedError, "%s", ossl_error());
-	}
+	
+	return obj;
+}
+
+VALUE 
+ossl_x509revoked_new(X509_REVOKED *rev)
+{
+	ossl_x509revoked *revp = NULL;
+	VALUE obj;
+
+	if (!rev)
+		return ossl_x509revoked_new_null();
 	
 	MakeX509Revoked(obj, revp);
-	revp->revoked = new;
+	
+	if (!(revp->revoked = X509_REVOKED_dup(rev)))
+		rb_raise(eX509RevokedError, "%s", ossl_error());
 	
 	return obj;
 }
 
 X509_REVOKED *
-ossl_x509revoked_get_X509_REVOKED(VALUE self)
+ossl_x509revoked_get_X509_REVOKED(VALUE obj)
 {
 	ossl_x509revoked *revp = NULL;
 
-	GetX509Revoked(self, revp);
+	OSSL_Check_Type(obj, cX509Revoked);
+	
+	GetX509Revoked(obj, revp);
 
 	return X509_REVOKED_dup(revp->revoked);
 }
@@ -82,6 +98,7 @@ ossl_x509revoked_s_new(int argc, VALUE *argv, VALUE klass)
 	VALUE obj;
 
 	MakeX509Revoked(obj, revp);
+
 	rb_obj_call_init(obj, argc, argv);
 
 	return obj;
@@ -147,10 +164,12 @@ ossl_x509revoked_set_time(VALUE obj, VALUE time)
 	GetX509Revoked(obj, revp);
 
 	OSSL_Check_Type(time, rb_cTime);
+
 	sec = rb_funcall(time, rb_intern("to_i"), 0, NULL);
 	
 	if (!FIXNUM_P(sec))
 		rb_raise(eX509RevokedError, "wierd time");
+
 	if (!ASN1_UTCTIME_set(revp->revoked->revocationDate, FIX2INT(sec))) {
 		rb_raise(eX509RevokedError, "%s", ossl_error());
 	}
@@ -172,12 +191,14 @@ ossl_x509revoked_get_extensions(VALUE self)
 
 	count = X509_REVOKED_get_ext_count(revp->revoked);
 
-	if (count > 0) ary = rb_ary_new2(count);
-	else return rb_ary_new();
+	if (count > 0)
+		ary = rb_ary_new2(count);
+	else
+		return rb_ary_new();
 
 	for (i=0; i<count; i++) {
 		ext = X509_REVOKED_get_ext(revp->revoked, i);
-		rb_ary_push(ary, ossl_x509ext_new2(ext));
+		rb_ary_push(ary, ossl_x509ext_new(ext));
 	}
 	
 	return ary;
@@ -203,8 +224,11 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
 	
 	for (i=0; i<RARRAY(ary)->len; i++) {
 		item = RARRAY(ary)->ptr[i];
+
 		OSSL_Check_Type(item, cX509Extension);
+
 		ext = ossl_x509ext_get_X509_EXTENSION(item);
+
 		if(!X509_REVOKED_add_ext(revp->revoked, ext, -1)) {
 			rb_raise(eX509RevokedError, "%s", ossl_error());
 		}
@@ -221,6 +245,7 @@ ossl_x509revoked_add_extension(VALUE self, VALUE ext)
 	GetX509Revoked(self, revp);
 
 	OSSL_Check_Type(ext, cX509Extension);
+
 	if(!X509_REVOKED_add_ext(revp->revoked, ossl_x509ext_get_X509_EXTENSION(ext), -1)) {
 		rb_raise(eX509RevokedError, "%s", ossl_error());
 	}
@@ -231,7 +256,7 @@ ossl_x509revoked_add_extension(VALUE self, VALUE ext)
 /*
  * INIT
  */
-void 
+void
 Init_ossl_x509revoked(VALUE module)
 {
 	eX509RevokedError = rb_define_class_under(module, "RevokedError", rb_eStandardError);
diff --git a/ossl_x509store.c b/ossl_x509store.c
index ddd2c52..e6ac2e3 100644
--- a/ossl_x509store.c
+++ b/ossl_x509store.c
@@ -20,8 +20,6 @@
 	if (!storep->store) rb_raise(eX509StoreError, "not initialized!");\
 }
 
-#define DefX509StoreConst(x) rb_define_const(cX509Store, #x, INT2FIX(X509_V_ERR_##x))
-
 /*
  * Classes
  */
@@ -58,10 +56,9 @@ ossl_x509store_free(ossl_x509store *storep)
  * Public functions
  */
 VALUE 
-ossl_x509store_new2(X509_STORE_CTX *ctx)
+ossl_x509store_new(X509_STORE_CTX *ctx)
 {
 	ossl_x509store *storep = NULL;
-	X509_STORE_CTX *ctx2 = NULL;
 	VALUE obj;
 
 	MakeX509Store(obj, storep);
@@ -86,6 +83,8 @@ ossl_x509store_get_X509_STORE(VALUE obj)
 {
 	ossl_x509store *storep = NULL;
 	
+	OSSL_Check_Type(obj, cX509Store);
+	
 	GetX509Store(obj, storep);
 	
 	storep->protect = 1; /* we gave out internal pointer without DUP - don't free this one */
@@ -146,7 +145,8 @@ ossl_session_db_set(void *key, VALUE data)
 	item->next = NULL;
 	if (last)
 		last->next = item;
-	else db_root = item;
+	else
+		db_root = item;
 	rb_thread_critical = 0;
 
 	return data;
@@ -162,6 +162,7 @@ ossl_x509store_s_new(int argc, VALUE *argv, VALUE klass)
 	VALUE obj;
 
 	MakeX509Store(obj, storep);
+
 	rb_obj_call_init(obj, argc, argv);
 
 	return obj;
@@ -204,6 +205,7 @@ ossl_x509store_add_trusted(VALUE self, VALUE cert)
 	x509 = ossl_x509_get_X509(cert);
 
 	if (!X509_STORE_add_cert(storep->store->ctx, x509)) {
+		X509_free(x509);
 		rb_raise(eX509StoreError, "%s", ossl_error());
 	}
 	X509_free(x509);
@@ -235,7 +237,7 @@ ossl_x509store_get_chain(obj)
 	ary = rb_ary_new2(num);
 	for(i=0; i<num; i++) {
 		x509 = sk_X509_value(ctx.chain, i);
-		cert = ossl_x509_new2(x509);
+		cert = ossl_x509_new(x509);
 		rb_ary_push(ary, cert);
 	}
 	
@@ -252,9 +254,11 @@ ossl_x509store_add_crl(VALUE self, VALUE crlst)
 	GetX509Store(self, storep);
 	
 	OSSL_Check_Type(crlst, cX509CRL);
+
 	crl = ossl_x509crl_get_X509_CRL(crlst);
 
 	if (!X509_STORE_add_crl(storep->store->ctx, crl)) {
+		X509_CRL_free(crl);
 		rb_raise(eX509StoreError, "%s", ossl_error());
 	}
 	X509_CRL_free(crl);
@@ -326,8 +330,8 @@ ossl_x509store_verify_cb(int ok, X509_STORE_CTX *ctx)
 	proc = ossl_session_db_get((void *)ctx->ctx);
 	
 	if (!NIL_P(proc)) {
-		store_ctx = ossl_x509store_new2(ctx);
-		rb_funcall(store_ctx, rb_intern("protect"), 0, NULL); /* called default by ossl_..new2 */
+		store_ctx = ossl_x509store_new(ctx);
+		rb_funcall(store_ctx, rb_intern("protect"), 0, NULL); /* called default by ossl_..new */
 		args = rb_ary_new2(3);
 		rb_ary_store(args, 0, proc);
 		rb_ary_store(args, 1, ok ? Qtrue : Qfalse);
@@ -398,7 +402,7 @@ ossl_x509store_get_cert(VALUE self)
 
 	GetX509Store(self, storep);
 	
-	return ossl_x509_new2(X509_STORE_CTX_get_current_cert(storep->store));
+	return ossl_x509_new(X509_STORE_CTX_get_current_cert(storep->store));
 }
 
 static VALUE 
@@ -495,6 +499,8 @@ Init_ossl_x509store(VALUE module)
 	rb_define_method(cX509Store, "set_default_paths", ossl_x509store_set_default_paths, 0);
 	rb_define_method(cX509Store, "load_locations", ossl_x509store_load_locations, 1);
 	
+#define DefX509StoreConst(x) rb_define_const(cX509Store, #x, INT2FIX(X509_V_ERR_##x))
+
 	DefX509StoreConst(UNABLE_TO_GET_ISSUER_CERT);
 	DefX509StoreConst(UNABLE_TO_GET_CRL);
 	DefX509StoreConst(UNABLE_TO_DECRYPT_CERT_SIGNATURE);
-- 
cgit v1.2.3