[pkg-opensc-commit] [libp11] 31/67: Memory allocation cleanup

Sat Jan 30 05:34:14 UTC 2016

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit 74e22388ab1d26732b0d6e5ff9179f65d9b85228
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Mon Jan 4 13:21:37 2016 +0100

    Memory allocation cleanup
---
 examples/auth.c       | 18 ++++++-------
 examples/decrypt.c    | 24 ++++++++---------
 examples/getrandom.c  |  2 +-
 examples/rawrsasign.c | 18 ++++++-------
 src/libp11-int.h      |  3 ---
 src/libpkcs11.c       | 19 ++++++-------
 src/p11_attr.c        | 18 ++++++++-----
 src/p11_cert.c        | 61 +++++++++++++++++++++++-------------------
 src/p11_key.c         | 18 +++++++------
 src/p11_load.c        |  8 +++---
 src/p11_misc.c        | 13 ++-------
 src/p11_ops.c         |  4 +--
 src/p11_slot.c        | 74 ++++++++++++++++++++++++++++++---------------------
 tests/fork-test.c     | 16 +++++------
 14 files changed, 156 insertions(+), 140 deletions(-)

diff --git a/examples/auth.c b/examples/auth.c
index b4bc3c0..21216a3 100644
--- a/examples/auth.c
+++ b/examples/auth.c
@@ -62,7 +62,7 @@ int main(int argc, char *argv[])
 
 	/* get first slot with a token */
 	slot = PKCS11_find_token(ctx, slots, nslots);
-	if (!slot || !slot->token) {
+	if (slot == NULL || slot->token == NULL) {
 		fprintf(stderr, "no token available\n");
 		rc = 3;
 		goto notoken;
@@ -94,7 +94,7 @@ int main(int argc, char *argv[])
 
 		/* Read the password. */
 		printf("Password for token %.32s: ", slot->token->label);
-		if (!fgets(password, sizeof(password), stdin))
+		if (fgets(password, sizeof(password), stdin) == NULL)
 			goto failed;
 
 		/* Restore terminal. */
@@ -153,8 +153,8 @@ int main(int argc, char *argv[])
 	authcert=&certs[0];
 
 	/* get random bytes */
-	random = malloc(RANDOM_SIZE);
-	if (!random)
+	random = OPENSSL_malloc(RANDOM_SIZE);
+	if (random == NULL)
 		goto failed;
 
 	fd = open(RANDOM_SOURCE, O_RDONLY);
@@ -182,15 +182,15 @@ int main(int argc, char *argv[])
 	close(fd);
 
 	authkey = PKCS11_find_key(authcert);
-	if (!authkey) {
+	if (authkey == NULL) {
 		fprintf(stderr, "no key matching certificate available\n");
 		goto failed;
 	}
 
 	/* ask for a sha1 hash of the random data, signed by the key */
 	siglen = MAX_SIGSIZE;
-	signature = malloc(MAX_SIGSIZE);
-	if (!signature)
+	signature = OPENSSL_malloc(MAX_SIGSIZE);
+	if (signature == NULL)
 		goto failed;
 
 	rc = PKCS11_sign(NID_sha1, random, RANDOM_SIZE, signature, &siglen,
@@ -219,9 +219,9 @@ int main(int argc, char *argv[])
 		EVP_PKEY_free(pubkey);
 
 	if (random != NULL)
-		free(random);
+		OPENSSL_free(random);
 	if (signature != NULL)
-		free(signature);
+		OPENSSL_free(signature);
 
 	PKCS11_release_all_slots(ctx, slots, nslots);
 	PKCS11_CTX_unload(ctx);
diff --git a/examples/decrypt.c b/examples/decrypt.c
index 550ab46..e209733 100644
--- a/examples/decrypt.c
+++ b/examples/decrypt.c
@@ -62,7 +62,7 @@ int main(int argc, char *argv[])
 
 	/* get first slot with a token */
 	slot = PKCS11_find_token(ctx, slots, nslots);
-	if (!slot || !slot->token) {
+	if (slot == NULL || slot->token == NULL) {
 		fprintf(stderr, "no token available\n");
 		rc = 3;
 		goto notoken;
@@ -89,8 +89,8 @@ int main(int argc, char *argv[])
 	authcert=&certs[0];
 
 	/* get random bytes */
-	random = malloc(RANDOM_SIZE);
-	if (!random)
+	random = OPENSSL_malloc(RANDOM_SIZE);
+	if (random == NULL)
 		goto failed;
 
 	fd = open(RANDOM_SOURCE, O_RDONLY);
@@ -125,8 +125,8 @@ int main(int argc, char *argv[])
 	}
 
 	/* allocate destination buffer */
-	encrypted = malloc(RSA_size(pubkey->pkey.rsa));
-	if (!encrypted) {
+	encrypted = OPENSSL_malloc(RSA_size(pubkey->pkey.rsa));
+	if (encrypted == NULL) {
 		fprintf(stderr,"out of memory for encrypted data");
 		goto failed;
 	}
@@ -157,7 +157,7 @@ int main(int argc, char *argv[])
 
 	/* Read the password. */
 	printf("Password for token %.32s: ", slot->token->label);
-	if (!fgets(password, sizeof(password), stdin))
+	if (fgets(password, sizeof(password), stdin) == NULL)
 		goto failed;
 
 	/* Restore terminal. */
@@ -180,14 +180,14 @@ int main(int argc, char *argv[])
       loggedin:
 
 	authkey = PKCS11_find_key(authcert);
-	if (!authkey) {
+	if (authkey == NULL) {
 		fprintf(stderr, "no key matching certificate available\n");
 		goto failed;
 	}
 
 	/* allocate space for decrypted data */
-	decrypted = malloc(RSA_size(pubkey->pkey.rsa));
-	if (!decrypted)
+	decrypted = OPENSSL_malloc(RSA_size(pubkey->pkey.rsa));
+	if (decrypted == NULL)
 		goto failed;
 
 	rc = PKCS11_private_decrypt(len, encrypted,
@@ -210,11 +210,11 @@ int main(int argc, char *argv[])
 	if (pubkey != NULL)
 		EVP_PKEY_free(pubkey);
 	if (random != NULL)
-		free(random);
+		OPENSSL_free(random);
 	if (encrypted != NULL)
-		free(encrypted);
+		OPENSSL_free(encrypted);
 	if (decrypted != NULL)
-		free(decrypted);
+		OPENSSL_free(decrypted);
 
 	CRYPTO_cleanup_all_ex_data();
 	ERR_free_strings();
diff --git a/examples/getrandom.c b/examples/getrandom.c
index b8f0a69..f1c074c 100644
--- a/examples/getrandom.c
+++ b/examples/getrandom.c
@@ -46,7 +46,7 @@ int main(int argc, char *argv[])
 
 	/* get first slot with a token */
 	slot = PKCS11_find_token(ctx, slots, nslots);
-	if (!slot || !slot->token) {
+	if (slot == NULL || slot->token == NULL) {
 		fprintf(stderr, "no token available\n");
 		rc = 3;
 		goto notoken;
diff --git a/examples/rawrsasign.c b/examples/rawrsasign.c
index 72c3491..aab1fe2 100644
--- a/examples/rawrsasign.c
+++ b/examples/rawrsasign.c
@@ -92,7 +92,7 @@ int main(int argc, char *argv[])
 
     /* get first slot with a token */
     slot = PKCS11_find_token(ctx, slots, nslots);
-    if (!slot || !slot->token) {
+    if (slot == NULL || slot->token == NULL) {
         fprintf(stderr, "no token available\n");
         END(1);
     }
@@ -123,7 +123,7 @@ int main(int argc, char *argv[])
 
         /* Read the password. */
         printf("Password for token %.32s: ", slot->token->label);
-        if (!fgets(password, sizeof(password), stdin))
+        if (fgets(password, sizeof(password), stdin) == NULL)
             END(1);
 
         /* Restore terminal. */
@@ -160,8 +160,8 @@ loggedin:
     authcert=&certs[0];
 
     /* get random bytes */
-    random = malloc(RANDOM_SIZE);
-    if (!random)
+    random = OPENSSL_malloc(RANDOM_SIZE);
+    if (random == NULL)
         END(1);
 
     fd = open(RANDOM_SOURCE, O_RDONLY);
@@ -189,7 +189,7 @@ loggedin:
     close(fd);
 
     authkey = PKCS11_find_key(authcert);
-    if (!authkey) {
+    if (authkey == NULL) {
         fprintf(stderr, "no key matching certificate available\n");
         END(1);
     }
@@ -229,8 +229,8 @@ loggedin:
     }
 
     siglen = MAX_SIGSIZE;
-    signature = malloc(MAX_SIGSIZE);
-    if (!signature)
+    signature = OPENSSL_malloc(MAX_SIGSIZE);
+    if (signature == NULL)
         END(1);
 
     /* Do a raw RSA sign operation with the smart card */
@@ -282,9 +282,9 @@ end:
     if (pubkey != NULL)
         EVP_PKEY_free(pubkey);
     if (random != NULL)
-        free(random);
+        OPENSSL_free(random);
     if (signature != NULL)
-        free(signature);
+        OPENSSL_free(signature);
 
     if (slots != NULL)
         PKCS11_release_all_slots(ctx, slots, nslots);
diff --git a/src/libp11-int.h b/src/libp11-int.h
index 9f44546..863c9a3 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -143,8 +143,6 @@ typedef struct pkcs11_cert_private {
 	PRIVCTX(ctx)->method->func_and_args
 
 /* Memory allocation */
-#define PKCS11_NEW(type) \
-	((type *) pkcs11_malloc(sizeof(type)))
 #define PKCS11_DUP(s) \
 	pkcs11_strdup((char *) s, sizeof(s))
 
@@ -153,7 +151,6 @@ extern void pkcs11_release_slot(PKCS11_CTX *, PKCS11_SLOT *slot);
 
 extern void pkcs11_destroy_keys(PKCS11_TOKEN *, unsigned int);
 extern void pkcs11_destroy_certs(PKCS11_TOKEN *);
-extern void *pkcs11_malloc(size_t);
 extern char *pkcs11_strdup(char *, size_t);
 
 extern int pkcs11_getattr(PKCS11_TOKEN *, CK_OBJECT_HANDLE,
diff --git a/src/libpkcs11.c b/src/libpkcs11.c
index 92bc689..c4abf29 100644
--- a/src/libpkcs11.c
+++ b/src/libpkcs11.c
@@ -56,7 +56,10 @@ C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs)
 	if (mspec == NULL)
 		return NULL;
 
-	mod = (sc_pkcs11_module_t *) calloc(1, sizeof(*mod));
+	mod = OPENSSL_malloc(sizeof(sc_pkcs11_module_t));
+	if (mod == NULL)
+		return NULL;
+	memset(mod, 0, sizeof(sc_pkcs11_module_t));
 	mod->_magic = MAGIC;
 
 #ifdef WIN32
@@ -69,10 +72,8 @@ C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs)
 		goto failed;
 
 #ifdef WIN32
-	c_get_function_list = (CK_C_GetFunctionList)GetProcAddress (
-		mod->handle,
-		"C_GetFunctionList"
-	);
+	c_get_function_list = (CK_C_GetFunctionList)
+		GetProcAddress(mod->handle, "C_GetFunctionList");
 #else
 	{
 		/*
@@ -90,7 +91,7 @@ C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs)
 	}
 #endif
 
-	if (!c_get_function_list)
+	if (c_get_function_list == NULL)
 		goto failed;
 	rv = c_get_function_list(funcs);
 	if (rv == CKR_OK)
@@ -111,7 +112,7 @@ C_UnloadModule(void *module)
 {
 	sc_pkcs11_module_t *mod = (sc_pkcs11_module_t *) module;
 
-	if (!mod || mod->_magic != MAGIC)
+	if (mod == NULL || mod->_magic != MAGIC)
 		return CKR_ARGUMENTS_BAD;
 
 	if (mod->handle) {
@@ -122,8 +123,8 @@ C_UnloadModule(void *module)
 #endif
 	}
 
-	memset(mod, 0, sizeof(*mod));
-	free(mod);
+	memset(mod, 0, sizeof(sc_pkcs11_module_t));
+	OPENSSL_free(mod);
 
 	return CKR_OK;
 }
diff --git a/src/p11_attr.c b/src/p11_attr.c
index 3f5cfcb..b79a234 100644
--- a/src/p11_attr.c
+++ b/src/p11_attr.c
@@ -89,9 +89,10 @@ pkcs11_getattr_bn(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object,
 	if (pkcs11_getattr_var(token, object, type, NULL, &size) || size == 0)
 		return -1;
 
-	binary = calloc(1, size);
+	binary = OPENSSL_malloc(size);
 	if (binary == NULL)
 		return -1;
+	memset(binary, 0, size);
 
 	if (pkcs11_getattr_var(token, object, type, binary, &size)) {
 		ret = -1;
@@ -112,8 +113,8 @@ pkcs11_getattr_bn(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object,
 	ret = *bn ? 0 : -1;
 
  cleanup:
- 	free(binary);
- 	return ret;
+	OPENSSL_free(binary);
+	return ret;
 }
 
 /*
@@ -122,7 +123,9 @@ pkcs11_getattr_bn(PKCS11_TOKEN * token, CK_OBJECT_HANDLE object,
 void pkcs11_addattr(CK_ATTRIBUTE_PTR ap, int type, const void *data, size_t size)
 {
 	ap->type = type;
-	ap->pValue = malloc(size);
+	ap->pValue = OPENSSL_malloc(size);
+	if (ap->pValue == NULL)
+		return;
 	memcpy(ap->pValue, data, size);
 	ap->ulValueLen = size;
 }
@@ -161,7 +164,10 @@ void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR ap, int type, pkcs11_i2d_fn enc, void *
 
 	ap->type = type;
 	ap->ulValueLen = enc(obj, NULL);
-	ap->pValue = p = (unsigned char *) malloc(ap->ulValueLen);
+	ap->pValue = OPENSSL_malloc(ap->ulValueLen);
+	if (ap->pValue == NULL)
+		return;
+	p = ap->pValue;
 	enc(obj, &p);
 }
 
@@ -169,6 +175,6 @@ void pkcs11_zap_attrs(CK_ATTRIBUTE_PTR ap, unsigned int n)
 {
 	while (n--) {
 		if (ap[n].pValue)
-			free(ap[n].pValue);
+			OPENSSL_free(ap[n].pValue);
 	}
 }
diff --git a/src/p11_cert.c b/src/p11_cert.c
index 1970c8d..7e4822f 100644
--- a/src/p11_cert.c
+++ b/src/p11_cert.c
@@ -29,8 +29,7 @@
 static int pkcs11_find_certs(PKCS11_TOKEN *);
 static int pkcs11_next_cert(PKCS11_CTX *, PKCS11_TOKEN *, CK_SESSION_HANDLE);
 static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
-			    CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o,
-			    PKCS11_CERT **);
+	CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o, PKCS11_CERT **);
 
 static CK_OBJECT_CLASS cert_search_class;
 static CK_ATTRIBUTE cert_search_attrs[] = {
@@ -43,7 +42,7 @@ static CK_ATTRIBUTE cert_search_attrs[] = {
  */
 int
 PKCS11_enumerate_certs(PKCS11_TOKEN * token,
-		       PKCS11_CERT ** certp, unsigned int *countp)
+		PKCS11_CERT ** certp, unsigned int *countp)
 {
 	PKCS11_TOKEN_private *priv = PRIVTOKEN(token);
 
@@ -75,7 +74,7 @@ PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY * key)
 	for (n = 0; n < count; n++, cert++) {
 		cpriv = PRIVCERT(cert);
 		if (cpriv->id_len == kpriv->id_len
-		    && !memcmp(cpriv->id, kpriv->id, kpriv->id_len))
+				&& !memcmp(cpriv->id, kpriv->id, kpriv->id_len))
 			return cert;
 	}
 	return NULL;
@@ -99,7 +98,7 @@ static int pkcs11_find_certs(PKCS11_TOKEN * token)
 	/* Tell the PKCS11 lib to enumerate all matching objects */
 	cert_search_class = CKO_CERTIFICATE;
 	rv = CRYPTOKI_call(ctx, C_FindObjectsInit(session, cert_search_attrs,
-						  numof(cert_search_attrs)));
+		numof(cert_search_attrs)));
 	CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_CERTS, rv);
 
 	do {
@@ -131,10 +130,10 @@ static int pkcs11_next_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
 }
 
 static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
-	 CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj, PKCS11_CERT ** ret)
+		CK_SESSION_HANDLE session, CK_OBJECT_HANDLE obj, PKCS11_CERT ** ret)
 {
 	PKCS11_TOKEN_private *tpriv;
-	PKCS11_CERT_private *kpriv;
+	PKCS11_CERT_private *cpriv;
 	PKCS11_CERT *cert, *tmp;
 	char label[256];
 	unsigned char *data;
@@ -154,10 +153,10 @@ static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
 		return 0;
 
 	tpriv = PRIVTOKEN(token);
-	tmp = (PKCS11_CERT *) OPENSSL_realloc(tpriv->certs,
-				(tpriv->ncerts + 1) * sizeof(PKCS11_CERT));
-	if (!tmp) {
-		free(tpriv->certs);
+	tmp = OPENSSL_realloc(tpriv->certs,
+		(tpriv->ncerts + 1) * sizeof(PKCS11_CERT));
+	if (tmp == NULL) {
+		OPENSSL_free(tpriv->certs);
 		tpriv->certs = NULL;
 		return -1;
 	}
@@ -165,33 +164,40 @@ static int pkcs11_init_cert(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
 
 	cert = tpriv->certs + tpriv->ncerts++;
 	memset(cert, 0, sizeof(*cert));
-	cert->_private = kpriv = PKCS11_NEW(PKCS11_CERT_private);
-	kpriv->object = obj;
-	kpriv->parent = token;
+	cpriv = OPENSSL_malloc(sizeof(PKCS11_CERT_private));
+	if (cpriv == NULL)
+		return -1;
+	memset(cpriv, 0, sizeof(PKCS11_CERT_private));
+	cert->_private = cpriv;
+	cpriv->object = obj;
+	cpriv->parent = token;
 
 	if (!pkcs11_getattr_s(token, obj, CKA_LABEL, label, sizeof(label)))
 		cert->label = BUF_strdup(label);
 	size = 0;
 	if (!pkcs11_getattr_var(token, obj, CKA_VALUE, NULL, &size) && size > 0) {
-		data = (unsigned char *) malloc(size);
-		if (data && !pkcs11_getattr_var(token, obj, CKA_VALUE, data, &size)) {
-			const unsigned char *p = data;
-
-			cert->x509 = d2i_X509(NULL, &p, size);
+		data = OPENSSL_malloc(size);
+		if (data) {
+			if (!pkcs11_getattr_var(token, obj, CKA_VALUE, data, &size)) {
+				const unsigned char *p = data;
+
+				cert->x509 = d2i_X509(NULL, &p, size);
+			}
+			OPENSSL_free(data);
 		}
-		if (data)
-			free(data);
 	}
 	cert->id_len = sizeof(id);
 	if (!pkcs11_getattr_var(token, obj, CKA_ID, id, &cert->id_len)) {
-		cert->id = (unsigned char *) malloc(cert->id_len);
+		cert->id = OPENSSL_malloc(cert->id_len);
+		if (cert->id == NULL)
+			return -1;
 		memcpy(cert->id, id, cert->id_len);
 	}
 
 	/* Initialize internal information */
-	kpriv->id_len = sizeof(kpriv->id);
-	if (pkcs11_getattr_var(token, obj, CKA_ID, kpriv->id, &kpriv->id_len))
-		kpriv->id_len = 0;
+	cpriv->id_len = sizeof(cpriv->id);
+	if (pkcs11_getattr_var(token, obj, CKA_ID, cpriv->id, &cpriv->id_len))
+		cpriv->id_len = 0;
 
 	if (ret)
 		*ret = cert;
@@ -213,7 +219,7 @@ void pkcs11_destroy_certs(PKCS11_TOKEN * token)
 			X509_free(cert->x509);
 		OPENSSL_free(cert->label);
 		if (cert->id)
-			free(cert->id);
+			OPENSSL_free(cert->id);
 		if (cert->_private != NULL)
 			OPENSSL_free(cert->_private);
 	}
@@ -228,8 +234,7 @@ void pkcs11_destroy_certs(PKCS11_TOKEN * token)
  */
 int
 PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509, char *label,
-			 unsigned char *id, size_t id_len,
-			 PKCS11_CERT ** ret_cert)
+		unsigned char *id, size_t id_len, PKCS11_CERT ** ret_cert)
 {
 	PKCS11_SLOT *slot = TOKEN2SLOT(token);
 	PKCS11_CTX *ctx = TOKEN2CTX(token);
diff --git a/src/p11_key.c b/src/p11_key.c
index bc7324c..862967c 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -438,18 +438,20 @@ static int pkcs11_init_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
 		return 0;
 	}
 
-	tmp = (PKCS11_KEY *) OPENSSL_realloc(keys->keys,
-				(keys->num + 1) * sizeof(PKCS11_KEY));
-	if (!tmp) {
-		free(keys->keys);
+	tmp = OPENSSL_realloc(keys->keys, (keys->num + 1) * sizeof(PKCS11_KEY));
+	if (tmp == NULL) {
+		OPENSSL_free(keys->keys);
 		keys->keys = NULL;
 		return -1;
 	}
 	keys->keys = tmp;
 
 	key = keys->keys + keys->num++;
-	memset(key, 0, sizeof(*key));
-	key->_private = kpriv = PKCS11_NEW(PKCS11_KEY_private);
+	memset(key, 0, sizeof(PKCS11_KEY));
+	kpriv = OPENSSL_malloc(sizeof(PKCS11_KEY_private));
+	if(kpriv)
+		memset(kpriv, 0, sizeof(PKCS11_KEY_private));
+	key->_private = kpriv;
 	kpriv->object = obj;
 	kpriv->parent = token;
 
@@ -457,7 +459,7 @@ static int pkcs11_init_key(PKCS11_CTX * ctx, PKCS11_TOKEN * token,
 		key->label = BUF_strdup(label);
 	key->id_len = sizeof(id);
 	if (!pkcs11_getattr_var(token, obj, CKA_ID, id, &key->id_len)) {
-		key->id = (unsigned char *) malloc(key->id_len);
+		key->id = OPENSSL_malloc(key->id_len);
 		memcpy(key->id, id, key->id_len);
 	}
 	key->isPrivate = (type == CKO_PRIVATE_KEY);
@@ -489,7 +491,7 @@ void pkcs11_destroy_keys(PKCS11_TOKEN * token, unsigned int type)
 			EVP_PKEY_free(key->evp_key);
 		OPENSSL_free(key->label);
 		if (key->id)
-			free(key->id);
+			OPENSSL_free(key->id);
 		if (key->_private != NULL)
 			OPENSSL_free(key->_private);
 	}
diff --git a/src/p11_load.c b/src/p11_load.c
index 940f5a1..a6d6b3d 100644
--- a/src/p11_load.c
+++ b/src/p11_load.c
@@ -33,12 +33,14 @@ PKCS11_CTX *PKCS11_CTX_new(void)
 	/* Load error strings */
 	ERR_load_PKCS11_strings();
 
-	priv = PKCS11_NEW(PKCS11_CTX_private);
+	priv = OPENSSL_malloc(sizeof(PKCS11_CTX_private));
 	if (priv == NULL)
 		goto fail;
-	ctx = PKCS11_NEW(PKCS11_CTX);
+	memset(priv, 0, sizeof(PKCS11_CTX_private));
+	ctx = OPENSSL_malloc(sizeof(PKCS11_CTX));
 	if (ctx == NULL)
 		goto fail;
+	memset(ctx, 0, sizeof(PKCS11_CTX));
 	ctx->_private = priv;
 	priv->forkid = _P11_get_forkid();
 	priv->lockid = CRYPTO_get_new_dynlockid();
@@ -79,7 +81,7 @@ int PKCS11_CTX_load(PKCS11_CTX * ctx, const char *name)
 		return -1;
 	}
 	handle = C_LoadModule(name, &priv->method);
-	if (!handle) {
+	if (handle == NULL) {
 		PKCS11err(PKCS11_F_PKCS11_CTX_LOAD, PKCS11_LOAD_MODULE_ERROR);
 		return -1;
 	}
diff --git a/src/p11_misc.c b/src/p11_misc.c
index 2f57d0a..4c15263 100644
--- a/src/p11_misc.c
+++ b/src/p11_misc.c
@@ -22,15 +22,6 @@
 #include <openssl/crypto.h>
 #include "libp11-int.h"
 
-void *pkcs11_malloc(size_t size)
-{
-	void *p = OPENSSL_malloc(size);
-	if (p == NULL)
-		return NULL;
-	memset(p, 0, size);
-	return p;
-}
-
 /* PKCS11 strings are fixed size blank padded,
  * so when strduping them we must make sure
  * we stop at the end of the buffer, and while we're
@@ -41,7 +32,7 @@ char *pkcs11_strdup(char *mem, size_t size)
 
 	while (size && mem[size - 1] == ' ')
 		size--;
-	res = (char *) OPENSSL_malloc(size + 1);
+	res = OPENSSL_malloc(size + 1);
 	if (res == NULL)
 		return NULL;
 	memcpy(res, mem, size);
@@ -56,7 +47,7 @@ void *memdup(const void *src, size_t size)
 {
 	void *dst;
 
-	dst = malloc(size);
+	dst = OPENSSL_malloc(size);
 	if (dst == NULL)
 		return NULL;
 	memcpy(dst, src, size);
diff --git a/src/p11_ops.c b/src/p11_ops.c
index 82b96ac..de33ef1 100644
--- a/src/p11_ops.c
+++ b/src/p11_ops.c
@@ -103,7 +103,7 @@ PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
 		   (size = i2d_X509_SIG(&digest_info, NULL)) &&
 		   /* Check that size is compatible with PKCS#11 padding */
 		   (size + RSA_PKCS1_PADDING_SIZE <= sigsize) &&
-		   (encoded = (unsigned char *) malloc(sigsize))) {
+		   (encoded = OPENSSL_malloc(sigsize))) {
 			unsigned char *tmp = encoded;
 			/* Actually do the encoding */
 			i2d_X509_SIG(&digest_info,&tmp);
@@ -124,7 +124,7 @@ PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
 	}
 
 	if (encoded != NULL)  /* NULL on SSL case */
-		free(encoded);
+		OPENSSL_free(encoded);
 
 	return rv;
 }
diff --git a/src/p11_slot.c b/src/p11_slot.c
index 5f91f68..5ce0d5e 100644
--- a/src/p11_slot.c
+++ b/src/p11_slot.c
@@ -60,13 +60,16 @@ pkcs11_enumerate_slots(PKCS11_CTX * ctx, PKCS11_SLOT ** slotp, unsigned int *cou
 	rv = priv->method->C_GetSlotList(FALSE, NULL_PTR, &nslots);
 	CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
 
-	slotid = (CK_SLOT_ID *)OPENSSL_malloc(nslots * sizeof(CK_SLOT_ID));
+	slotid = OPENSSL_malloc(nslots * sizeof(CK_SLOT_ID));
 	if (slotid == NULL) return (-1);
 
 	rv = priv->method->C_GetSlotList(FALSE, slotid, &nslots);
 	CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
 
-	slots = (PKCS11_SLOT *) pkcs11_malloc(nslots * sizeof(PKCS11_SLOT));
+	slots = OPENSSL_malloc(nslots * sizeof(PKCS11_SLOT));
+	if (slots == NULL)
+		return -1;
+	memset(slots, 0, nslots * sizeof(PKCS11_SLOT));
 	for (n = 0; n < nslots; n++) {
 		if (pkcs11_init_slot(ctx, &slots[n], slotid[n])) {
 			while (n--)
@@ -98,7 +101,7 @@ PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx,  PKCS11_SLOT * slots, unsigned
 
 	(void)ctx;
 
-	if (! slots)
+	if (slots == NULL)
 		return NULL;
 
 	best = NULL;
@@ -306,7 +309,7 @@ int PKCS11_init_token(PKCS11_TOKEN * token, const char *pin, const char *label)
 
 	CHECK_FORK(ctx);
 
-	if (!label)
+	if (label == NULL)
 		label = "PKCS#11 Token";
 	rv = CRYPTOKI_call(ctx, C_InitToken(priv->id,
 					    (CK_UTF8CHAR *) pin, strlen(pin),
@@ -433,7 +436,11 @@ static int pkcs11_init_slot(PKCS11_CTX * ctx, PKCS11_SLOT * slot, CK_SLOT_ID id)
 	rv = CRYPTOKI_call(ctx, C_GetSlotInfo(id, &info));
 	CRYPTOKI_checkerr(PKCS11_F_PKCS11_ENUM_SLOTS, rv);
 
-	priv = PKCS11_NEW(PKCS11_SLOT_private);
+	priv = OPENSSL_malloc(sizeof(PKCS11_SLOT_private));
+	if (priv == NULL)
+		return -1;
+	memset(priv, 0, sizeof(PKCS11_SLOT_private));
+
 	priv->parent = ctx;
 	priv->id = id;
 	priv->forkid = PRIVCTX(ctx)->forkid;
@@ -490,25 +497,30 @@ static int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
 	PKCS11_SLOT_private *priv = PRIVSLOT(slot);
 	PKCS11_TOKEN_private *tpriv;
 	CK_TOKEN_INFO info;
-	PKCS11_TOKEN *token;
 	int rv;
 
-	if (slot->token)
+	if (slot->token) {
 		pkcs11_destroy_token(slot->token);
-	else
-		slot->token = PKCS11_NEW(PKCS11_TOKEN);
-	token = slot->token;
+	} else {
+		slot->token = OPENSSL_malloc(sizeof(PKCS11_TOKEN));
+		if (slot->token == NULL)
+			return -1;
+		memset(slot->token, 0, sizeof(PKCS11_TOKEN));
+	}
 
 	rv = CRYPTOKI_call(ctx, C_GetTokenInfo(priv->id, &info));
 	if (rv == CKR_TOKEN_NOT_PRESENT || rv == CKR_TOKEN_NOT_RECOGNIZED) {
-		OPENSSL_free(token);
+		OPENSSL_free(slot->token);
 		slot->token = NULL;
 		return 0;
 	}
 	CRYPTOKI_checkerr(PKCS11_F_PKCS11_CHECK_TOKEN, rv);
 
 	/* We have a token */
-	tpriv = PKCS11_NEW(PKCS11_TOKEN_private);
+	tpriv = OPENSSL_malloc(sizeof(PKCS11_TOKEN_private));
+	if (tpriv == NULL)
+		return -1;
+	memset(tpriv, 0, sizeof(PKCS11_TOKEN_private));
 	tpriv->parent = slot;
 	tpriv->prv.keys = NULL;
 	tpriv->prv.num = -1;
@@ -516,25 +528,25 @@ static int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
 	tpriv->pub.num = -1;
 	tpriv->ncerts = -1;
 
-	token->label = PKCS11_DUP(info.label);
-	token->manufacturer = PKCS11_DUP(info.manufacturerID);
-	token->model = PKCS11_DUP(info.model);
-	token->serialnr = PKCS11_DUP(info.serialNumber);
-	token->initialized = (info.flags & CKF_TOKEN_INITIALIZED) ? 1 : 0;
-	token->loginRequired = (info.flags & CKF_LOGIN_REQUIRED) ? 1 : 0;
-	token->secureLogin = (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? 1 : 0;
-	token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED) ? 1 : 0;
-	token->readOnly = (info.flags & CKF_WRITE_PROTECTED) ? 1 : 0;
-	token->hasRng = (info.flags & CKF_RNG) ? 1 : 0;
-	token->userPinCountLow = (info.flags & CKF_USER_PIN_COUNT_LOW) ? 1 : 0;
-	token->userPinFinalTry = (info.flags & CKF_USER_PIN_FINAL_TRY) ? 1 : 0;
-	token->userPinLocked = (info.flags & CKF_USER_PIN_LOCKED) ? 1 : 0;
-	token->userPinToBeChanged = (info.flags & CKF_USER_PIN_TO_BE_CHANGED) ? 1 : 0;
-	token->soPinCountLow = (info.flags & CKF_SO_PIN_COUNT_LOW) ? 1 : 0;
-	token->soPinFinalTry = (info.flags & CKF_SO_PIN_FINAL_TRY) ? 1 : 0;
-	token->soPinLocked = (info.flags & CKF_SO_PIN_LOCKED) ? 1 : 0;
-	token->soPinToBeChanged = (info.flags & CKF_SO_PIN_TO_BE_CHANGED) ? 1 : 0;
-	token->_private = tpriv;
+	slot->token->label = PKCS11_DUP(info.label);
+	slot->token->manufacturer = PKCS11_DUP(info.manufacturerID);
+	slot->token->model = PKCS11_DUP(info.model);
+	slot->token->serialnr = PKCS11_DUP(info.serialNumber);
+	slot->token->initialized = (info.flags & CKF_TOKEN_INITIALIZED) ? 1 : 0;
+	slot->token->loginRequired = (info.flags & CKF_LOGIN_REQUIRED) ? 1 : 0;
+	slot->token->secureLogin = (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? 1 : 0;
+	slot->token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED) ? 1 : 0;
+	slot->token->readOnly = (info.flags & CKF_WRITE_PROTECTED) ? 1 : 0;
+	slot->token->hasRng = (info.flags & CKF_RNG) ? 1 : 0;
+	slot->token->userPinCountLow = (info.flags & CKF_USER_PIN_COUNT_LOW) ? 1 : 0;
+	slot->token->userPinFinalTry = (info.flags & CKF_USER_PIN_FINAL_TRY) ? 1 : 0;
+	slot->token->userPinLocked = (info.flags & CKF_USER_PIN_LOCKED) ? 1 : 0;
+	slot->token->userPinToBeChanged = (info.flags & CKF_USER_PIN_TO_BE_CHANGED) ? 1 : 0;
+	slot->token->soPinCountLow = (info.flags & CKF_SO_PIN_COUNT_LOW) ? 1 : 0;
+	slot->token->soPinFinalTry = (info.flags & CKF_SO_PIN_FINAL_TRY) ? 1 : 0;
+	slot->token->soPinLocked = (info.flags & CKF_SO_PIN_LOCKED) ? 1 : 0;
+	slot->token->soPinToBeChanged = (info.flags & CKF_SO_PIN_TO_BE_CHANGED) ? 1 : 0;
+	slot->token->_private = tpriv;
 
 	return 0;
 }
diff --git a/tests/fork-test.c b/tests/fork-test.c
index 3acd498..55fe818 100644
--- a/tests/fork-test.c
+++ b/tests/fork-test.c
@@ -78,7 +78,7 @@ int main(int argc, char *argv[])
 	do_fork();
 	slot = PKCS11_find_token(ctx, slots, nslots);
 	error_queue("PKCS11_find_token");
-	if (!slot || !slot->token) {
+	if (slot == NULL || slot->token == NULL) {
 		fprintf(stderr, "no token available\n");
 		rc = 3;
 		goto notoken;
@@ -128,8 +128,8 @@ loggedin:
 	authcert=&certs[0];
 
 	/* get random bytes */
-	random = malloc(RANDOM_SIZE);
-	if (!random)
+	random = OPENSSL_malloc(RANDOM_SIZE);
+	if (random == NULL)
 		goto failed;
 
 	fd = open(RANDOM_SOURCE, O_RDONLY);
@@ -159,15 +159,15 @@ loggedin:
 	do_fork();
 	authkey = PKCS11_find_key(authcert);
 	error_queue("PKCS11_find_key");
-	if (!authkey) {
+	if (authkey == NULL) {
 		fprintf(stderr, "no key matching certificate available\n");
 		goto failed;
 	}
 
 	/* ask for a sha1 hash of the random data, signed by the key */
 	siglen = MAX_SIGSIZE;
-	signature = malloc(MAX_SIGSIZE);
-	if (!signature)
+	signature = OPENSSL_malloc(MAX_SIGSIZE);
+	if (signature == NULL)
 		goto failed;
 
 	/* do the operations in child */
@@ -199,9 +199,9 @@ loggedin:
 		EVP_PKEY_free(pubkey);
 
 	if (random != NULL)
-		free(random);
+		OPENSSL_free(random);
 	if (signature != NULL)
-		free(signature);
+		OPENSSL_free(signature);
 
 	PKCS11_release_all_slots(ctx, slots, nslots);
 	PKCS11_CTX_unload(ctx);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git

