diff --git a/.travis.yml b/.travis.yml
index 8bff2b33..5c5cf310 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,7 +6,7 @@ before_script:
   - sudo apt-add-repository -y ppa:pkg-opendnssec/ppa
   - sudo apt-get update -qq
   - sudo apt-get install -y softhsm libsofthsm-dev opensc
-  - touch config.rpath && autoreconf -fvi && ./configure
+  - touch config.rpath && autoreconf -fvi && ./configure --enable-strict --enable-pedantic
 
 script: make && make check && make dist
 
diff --git a/examples/auth.c b/examples/auth.c
index 53132ce7..b4bc3c0b 100644
--- a/examples/auth.c
+++ b/examples/auth.c
@@ -94,7 +94,8 @@ int main(int argc, char *argv[])
 
 		/* Read the password. */
 		printf("Password for token %.32s: ", slot->token->label);
-		fgets(password, sizeof(password), stdin);
+		if (!fgets(password, sizeof(password), stdin))
+			goto failed;
 
 		/* Restore terminal. */
 		(void)tcsetattr(0, TCSAFLUSH, &old);
diff --git a/examples/decrypt.c b/examples/decrypt.c
index 16745a48..550ab460 100644
--- a/examples/decrypt.c
+++ b/examples/decrypt.c
@@ -157,7 +157,8 @@ int main(int argc, char *argv[])
 
 	/* Read the password. */
 	printf("Password for token %.32s: ", slot->token->label);
-	fgets(password, sizeof(password), stdin);
+	if (!fgets(password, sizeof(password), stdin))
+		goto failed;
 
 	/* Restore terminal. */
 	(void)tcsetattr(0, TCSAFLUSH, &old);
diff --git a/examples/rawrsasign.c b/examples/rawrsasign.c
index 74e9faf1..72c34913 100644
--- a/examples/rawrsasign.c
+++ b/examples/rawrsasign.c
@@ -123,7 +123,8 @@ int main(int argc, char *argv[])
 
         /* Read the password. */
         printf("Password for token %.32s: ", slot->token->label);
-        fgets(password, sizeof(password), stdin);
+        if (!fgets(password, sizeof(password), stdin))
+            END(1);
 
         /* Restore terminal. */
         (void)tcsetattr(0, TCSAFLUSH, &old);
diff --git a/src/libp11.h b/src/libp11.h
index 574719c4..355c6fd2 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -375,6 +375,10 @@ extern int PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509,
 		char *label, unsigned char *id, size_t id_len,
 		PKCS11_CERT **ret_cert);
 
+/* ec private key operations */
+extern int PKCS11_ecdsa_sign(const unsigned char *m, unsigned int m_len,
+		unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key);
+
 /* rsa private key operations */
 extern int PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
 	unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key);
diff --git a/src/p11_ec.c b/src/p11_ec.c
index e01795ce..f298da97 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -103,7 +103,6 @@ static int pkcs11_get_ec_private(PKCS11_KEY * key, EVP_PKEY * pk)
 	CK_BBOOL sensitive, extractable;
 	EC_KEY * ec = NULL;
 	CK_RV ckrv;
-	int rv;
 	size_t ec_paramslen = 0;
 	CK_BYTE * ec_params = NULL;
 	size_t ec_pointlen = 0;
@@ -228,7 +227,7 @@ static ECDSA_SIG * pkcs11_ecdsa_do_sign(const unsigned char *dgst, int dlen,
 	unsigned char sigret[512]; /* HACK for now */
 	ECDSA_SIG * sig = NULL;
 	PKCS11_KEY * key = NULL;
-	int siglen;
+	unsigned int siglen;
 	int nLen = 48; /* HACK */
 	int rv;
 
@@ -238,7 +237,7 @@ static ECDSA_SIG * pkcs11_ecdsa_do_sign(const unsigned char *dgst, int dlen,
 
 	siglen = sizeof(sigret);
 
-	rv = PKCS11_ecdsa_sign(dgst,dlen,sigret,&siglen, key);
+	rv = PKCS11_ecdsa_sign(dgst, dlen, sigret, &siglen, key);
 	nLen = siglen / 2;
 	if (rv > 0) {
 		sig = ECDSA_SIG_new();
@@ -262,7 +261,7 @@ ECDSA_METHOD *PKCS11_get_ecdsa_method(void)
 {
 
     if (ops == NULL) {
-	ops = ECDSA_METHOD_new(ECDSA_OpenSSL());
+	ops = ECDSA_METHOD_new((ECDSA_METHOD *)ECDSA_OpenSSL());
 	ECDSA_METHOD_set_sign(ops, pkcs11_ecdsa_do_sign);
 	ECDSA_METHOD_set_sign_setup(ops, pkcs11_ecdsa_sign_setup);
     }
diff --git a/src/p11_key.c b/src/p11_key.c
index dba14808..416a4384 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -123,9 +123,7 @@ int pkcs11_reload_keys(PKCS11_KEY * keyin)
 {
         PKCS11_TOKEN_private *tpriv;
         PKCS11_KEY_private *kinpriv;
-        PKCS11_KEY *key;
-        unsigned int n;
-        long int count;
+        unsigned long count, n;
         CK_OBJECT_CLASS kclass = CKO_PRIVATE_KEY;
         CK_ATTRIBUTE attrs[2];
         int rv;
@@ -140,7 +138,7 @@ int pkcs11_reload_keys(PKCS11_KEY * keyin)
         /* We want to use all the keys, the above only returns count for private */
         count = tpriv->nkeys;
 
-        for (n = 0; n < count; n++, key++) {
+        for (n = 0; n < count; n++) {
 	    attrs[0].type = CKA_CLASS;
 	    attrs[0].pValue = &kclass;
 	    attrs[0].ulValueLen = sizeof(kclass);
diff --git a/src/p11_load.c b/src/p11_load.c
index f2a65ffe..eb3badc5 100644
--- a/src/p11_load.c
+++ b/src/p11_load.c
@@ -57,9 +57,9 @@ void PKCS11_CTX_init_args(PKCS11_CTX * ctx, const char *init_args)
 	PKCS11_CTX_private *priv = PRIVCTX(ctx);
 	/* Free previously duplicated string */
 	if (priv->init_args) {
-		free(priv->init_args);
+		OPENSSL_free(priv->init_args);
 	}
-	priv->init_args = init_args ? strdup(init_args) : NULL;
+	priv->init_args = init_args ? BUF_strdup(init_args) : NULL;
 }
 
 /*
@@ -162,7 +162,7 @@ void PKCS11_CTX_free(PKCS11_CTX * ctx)
 	ERR_remove_state(0);
 	*/
 	if (priv->init_args) {
-		free(priv->init_args);
+		OPENSSL_free(priv->init_args);
 	}
 	OPENSSL_free(ctx->manufacturer);
 	OPENSSL_free(ctx->description);