openssl: use StringValueCStr() where NUL-terminated string is expected

* ext/openssl/ossl_asn1.c, ext/openssl/ossl_bn.c,
  ext/openssl/ossl_cipher.c, ext/openssl/ossl_digest.c
  ext/openssl/ossl_engine.c, ext/openssl/ossl_ns_spki.c
  ext/openssl/ossl_pkcs12.c, ext/openssl/ossl_pkcs7.c
  ext/openssl/ossl_pkey.c, ext/openssl/ossl_pkey_ec.c
  ext/openssl/ossl_rand.c, ext/openssl/ossl_ssl.c
  ext/openssl/ossl_x509attr.c, ext/openssl/ossl_x509cert.c
  ext/openssl/ossl_x509ext.c, ext/openssl/ossl_x509store.c: Use
  StringValueCStr() where NUL-terminated string is expected.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55134 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,15 @@
+Mon May 23 20:32:16 2016  Kazuki Yamaguchi  <k@rhe.jp>
+
+	* ext/openssl/ossl_asn1.c, ext/openssl/ossl_bn.c,
+	  ext/openssl/ossl_cipher.c, ext/openssl/ossl_digest.c
+	  ext/openssl/ossl_engine.c, ext/openssl/ossl_ns_spki.c
+	  ext/openssl/ossl_pkcs12.c, ext/openssl/ossl_pkcs7.c
+	  ext/openssl/ossl_pkey.c, ext/openssl/ossl_pkey_ec.c
+	  ext/openssl/ossl_rand.c, ext/openssl/ossl_ssl.c
+	  ext/openssl/ossl_x509attr.c, ext/openssl/ossl_x509cert.c
+	  ext/openssl/ossl_x509ext.c, ext/openssl/ossl_x509store.c: Use
+	  StringValueCStr() where NUL-terminated string is expected.
+
 Mon May 23 20:20:12 2016  NAKAMURA Usaku  <usa@ruby-lang.org>
 
 	* ext/bigdecimal/bigdecimal.c (isfinite): get rid of a warning on

ext/openssl/ossl_asn1.c

@@ -140,7 +140,7 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
 	bn = GetBNPtr(obj);
     } else {
 	obj = rb_String(obj);
-	if (!BN_dec2bn(&bn, StringValuePtr(obj))) {
+	if (!BN_dec2bn(&bn, StringValueCStr(obj))) {
 	    ossl_raise(eOSSLError, NULL);
 	}
     }
@@ -293,10 +293,10 @@ obj_to_asn1obj(VALUE obj)
 {
     ASN1_OBJECT *a1obj;
 
-    StringValue(obj);
+    StringValueCStr(obj);
     a1obj = OBJ_txt2obj(RSTRING_PTR(obj), 0);
     if(!a1obj) a1obj = OBJ_txt2obj(RSTRING_PTR(obj), 1);
-    if(!a1obj) ossl_raise(eASN1Error, "invalid OBJECT ID");
+    if(!a1obj) ossl_raise(eASN1Error, "invalid OBJECT ID %"PRIsVALUE, obj);
 
     return a1obj;
 }
@@ -1374,9 +1374,9 @@ ossl_asn1cons_each(VALUE self)
 static VALUE
 ossl_asn1obj_s_register(VALUE self, VALUE oid, VALUE sn, VALUE ln)
 {
-    StringValue(oid);
-    StringValue(sn);
-    StringValue(ln);
+    StringValueCStr(oid);
+    StringValueCStr(sn);
+    StringValueCStr(ln);
 
     if(!OBJ_create(RSTRING_PTR(oid), RSTRING_PTR(sn), RSTRING_PTR(ln)))
 	ossl_raise(eASN1Error, NULL);
@@ -1399,7 +1399,7 @@ ossl_asn1obj_get_sn(VALUE self)
     int nid;
 
     val = ossl_asn1_get_value(self);
-    if ((nid = OBJ_txt2nid(StringValuePtr(val))) != NID_undef)
+    if ((nid = OBJ_txt2nid(StringValueCStr(val))) != NID_undef)
 	ret = rb_str_new2(OBJ_nid2sn(nid));
 
     return ret;
@@ -1420,7 +1420,7 @@ ossl_asn1obj_get_ln(VALUE self)
     int nid;
 
     val = ossl_asn1_get_value(self);
-    if ((nid = OBJ_txt2nid(StringValuePtr(val))) != NID_undef)
+    if ((nid = OBJ_txt2nid(StringValueCStr(val))) != NID_undef)
 	ret = rb_str_new2(OBJ_nid2ln(nid));
 
     return ret;

ext/openssl/ossl_bn.c

@@ -95,7 +95,7 @@ try_convert_to_bnptr(VALUE obj)
     case T_BIGNUM:
 	obj = rb_String(obj);
 	newobj = NewBN(cBN);	/* GC bug */
-	if (!BN_dec2bn(&bn, StringValuePtr(obj))) {
+	if (!BN_dec2bn(&bn, StringValueCStr(obj))) {
 	    ossl_raise(eBNError, NULL);
 	}
 	SetBN(newobj, bn); /* Handle potencial mem leaks */
@@ -209,26 +209,25 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
 	return self;
     }
 
-    StringValue(str);
     GetBN(self, bn);
     switch (base) {
     case 0:
-	if (!BN_mpi2bn((unsigned char *)RSTRING_PTR(str), RSTRING_LENINT(str), bn)) {
+	if (!BN_mpi2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) {
 	    ossl_raise(eBNError, NULL);
 	}
 	break;
     case 2:
-	if (!BN_bin2bn((unsigned char *)RSTRING_PTR(str), RSTRING_LENINT(str), bn)) {
+	if (!BN_bin2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) {
 	    ossl_raise(eBNError, NULL);
 	}
 	break;
     case 10:
-	if (!BN_dec2bn(&bn, RSTRING_PTR(str))) {
+	if (!BN_dec2bn(&bn, StringValueCStr(str))) {
 	    ossl_raise(eBNError, NULL);
 	}
 	break;
     case 16:
-	if (!BN_hex2bn(&bn, RSTRING_PTR(str))) {
+	if (!BN_hex2bn(&bn, StringValueCStr(str))) {
 	    ossl_raise(eBNError, NULL);
 	}
 	break;

ext/openssl/ossl_cipher.c

@@ -116,7 +116,7 @@ ossl_cipher_initialize(VALUE self, VALUE str)
     char *name;
     unsigned char key[EVP_MAX_KEY_LENGTH];
 
-    name = StringValuePtr(str);
+    name = StringValueCStr(str);
     GetCipherInit(self, ctx);
     if (ctx) {
 	ossl_raise(rb_eRuntimeError, "Cipher already inititalized!");
@@ -124,7 +124,7 @@ ossl_cipher_initialize(VALUE self, VALUE str)
     AllocCipher(self, ctx);
     EVP_CIPHER_CTX_init(ctx);
     if (!(cipher = EVP_get_cipherbyname(name))) {
-	ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%s)", name);
+	ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%"PRIsVALUE")", str);
     }
     /*
      * The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows

ext/openssl/ossl_digest.c

@@ -61,7 +61,7 @@ GetDigestPtr(VALUE obj)
 	    ASN1_OBJECT_free(oid);
 	}
 	if(!md)
-            ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%s).", name);
+            ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%"PRIsVALUE").", obj);
     } else {
         EVP_MD_CTX *ctx;
 

ext/openssl/ossl_engine.c

@@ -96,7 +96,7 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
         ENGINE_load_builtin_engines();
         return Qtrue;
     }
-    StringValue(name);
+    StringValueCStr(name);
 #ifndef OPENSSL_NO_STATIC_ENGINE
 #if HAVE_ENGINE_LOAD_DYNAMIC
     OSSL_ENGINE_LOAD_IF_MATCH(dynamic);
@@ -148,7 +148,7 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
     OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);
 #endif
     OSSL_ENGINE_LOAD_IF_MATCH(openssl);
-    rb_warning("no such builtin loader for `%s'", RSTRING_PTR(name));
+    rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
     return Qnil;
 #endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
 }
@@ -213,7 +213,7 @@ ossl_engine_s_by_id(VALUE klass, VALUE id)
     ENGINE *e;
     VALUE obj;
 
-    StringValue(id);
+    StringValueCStr(id);
     ossl_engine_s_load(1, &id, klass);
     obj = NewEngine(klass);
     if(!(e = ENGINE_by_id(RSTRING_PTR(id))))
@@ -318,12 +318,10 @@ ossl_engine_get_cipher(VALUE self, VALUE name)
 {
     ENGINE *e;
     const EVP_CIPHER *ciph, *tmp;
-    char *s;
     int nid;
 
-    s = StringValuePtr(name);
-    tmp = EVP_get_cipherbyname(s);
-    if(!tmp) ossl_raise(eEngineError, "no such cipher `%s'", s);
+    tmp = EVP_get_cipherbyname(StringValueCStr(name));
+    if(!tmp) ossl_raise(eEngineError, "no such cipher `%"PRIsVALUE"'", name);
     nid = EVP_CIPHER_nid(tmp);
     GetEngine(self, e);
     ciph = ENGINE_get_cipher(e, nid);
@@ -357,12 +355,10 @@ ossl_engine_get_digest(VALUE self, VALUE name)
 {
     ENGINE *e;
     const EVP_MD *md, *tmp;
-    char *s;
     int nid;
 
-    s = StringValuePtr(name);
-    tmp = EVP_get_digestbyname(s);
-    if(!tmp) ossl_raise(eEngineError, "no such digest `%s'", s);
+    tmp = EVP_get_digestbyname(StringValueCStr(name));
+    if(!tmp) ossl_raise(eEngineError, "no such digest `%"PRIsVALUE"'", name);
     nid = EVP_MD_nid(tmp);
     GetEngine(self, e);
     md = ENGINE_get_digest(e, nid);
@@ -393,8 +389,8 @@ ossl_engine_load_privkey(int argc, VALUE *argv, VALUE self)
     char *sid, *sdata;
 
     rb_scan_args(argc, argv, "02", &id, &data);
-    sid = NIL_P(id) ? NULL : StringValuePtr(id);
-    sdata = NIL_P(data) ? NULL : StringValuePtr(data);
+    sid = NIL_P(id) ? NULL : StringValueCStr(id);
+    sdata = NIL_P(data) ? NULL : StringValueCStr(data);
     GetEngine(self, e);
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
     pkey = ENGINE_load_private_key(e, sid, sdata);
@@ -427,8 +423,8 @@ ossl_engine_load_pubkey(int argc, VALUE *argv, VALUE self)
     char *sid, *sdata;
 
     rb_scan_args(argc, argv, "02", &id, &data);
-    sid = NIL_P(id) ? NULL : StringValuePtr(id);
-    sdata = NIL_P(data) ? NULL : StringValuePtr(data);
+    sid = NIL_P(id) ? NULL : StringValueCStr(id);
+    sdata = NIL_P(data) ? NULL : StringValueCStr(data);
     GetEngine(self, e);
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
     pkey = ENGINE_load_public_key(e, sid, sdata);
@@ -487,10 +483,8 @@ ossl_engine_ctrl_cmd(int argc, VALUE *argv, VALUE self)
 
     GetEngine(self, e);
     rb_scan_args(argc, argv, "11", &cmd, &val);
-    StringValue(cmd);
-    if (!NIL_P(val)) StringValue(val);
-    ret = ENGINE_ctrl_cmd_string(e, RSTRING_PTR(cmd),
-				 NIL_P(val) ? NULL : RSTRING_PTR(val), 0);
+    ret = ENGINE_ctrl_cmd_string(e, StringValueCStr(cmd),
+				 NIL_P(val) ? NULL : StringValueCStr(val), 0);
     if (!ret) ossl_raise(eEngineError, NULL);
 
     return self;

ext/openssl/ossl_ns_spki.c

@@ -86,15 +86,15 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
 	return self;
     }
     StringValue(buffer);
-    if (!(spki = NETSCAPE_SPKI_b64_decode(RSTRING_PTR(buffer), -1))) {
+    if (!(spki = NETSCAPE_SPKI_b64_decode(RSTRING_PTR(buffer), RSTRING_LENINT(buffer)))) {
+	ossl_clear_error();
 	p = (unsigned char *)RSTRING_PTR(buffer);
 	if (!(spki = d2i_NETSCAPE_SPKI(NULL, &p, RSTRING_LEN(buffer)))) {
 	    ossl_raise(eSPKIError, NULL);
 	}
     }
     NETSCAPE_SPKI_free(DATA_PTR(self));
-    DATA_PTR(self) = spki;
-    ossl_clear_error();
+    SetSPKI(self, spki);
 
     return self;
 }

ext/openssl/ossl_pkcs12.c

@@ -100,19 +100,19 @@ ossl_pkcs12_s_create(int argc, VALUE *argv, VALUE self)
     PKCS12 *p12;
 
     rb_scan_args(argc, argv, "46", &pass, &name, &pkey, &cert, &ca, &key_nid, &cert_nid, &key_iter, &mac_iter, &keytype);
-    passphrase = NIL_P(pass) ? NULL : StringValuePtr(pass);
-    friendlyname = NIL_P(name) ? NULL : StringValuePtr(name);
+    passphrase = NIL_P(pass) ? NULL : StringValueCStr(pass);
+    friendlyname = NIL_P(name) ? NULL : StringValueCStr(name);
     key = GetPKeyPtr(pkey);
     x509 = GetX509CertPtr(cert);
     x509s = NIL_P(ca) ? NULL : ossl_x509_ary2sk(ca);
 /* TODO: make a VALUE to nid function */
     if (!NIL_P(key_nid)) {
-        if ((nkey = OBJ_txt2nid(StringValuePtr(key_nid))) == NID_undef)
-            ossl_raise(rb_eArgError, "Unknown PBE algorithm %s", StringValuePtr(key_nid));
+        if ((nkey = OBJ_txt2nid(StringValueCStr(key_nid))) == NID_undef)
+	    ossl_raise(rb_eArgError, "Unknown PBE algorithm %"PRIsVALUE, key_nid);
     }
     if (!NIL_P(cert_nid)) {
-        if ((ncert = OBJ_txt2nid(StringValuePtr(cert_nid))) == NID_undef)
-            ossl_raise(rb_eArgError, "Unknown PBE algorithm %s", StringValuePtr(cert_nid));
+        if ((ncert = OBJ_txt2nid(StringValueCStr(cert_nid))) == NID_undef)
+	    ossl_raise(rb_eArgError, "Unknown PBE algorithm %"PRIsVALUE, cert_nid);
     }
     if (!NIL_P(key_iter))
         kiter = NUM2INT(key_iter);
@@ -158,7 +158,7 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self)
     PKCS12 *pkcs = DATA_PTR(self);
 
     if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) return self;
-    passphrase = NIL_P(pass) ? NULL : StringValuePtr(pass);
+    passphrase = NIL_P(pass) ? NULL : StringValueCStr(pass);
     in = ossl_obj2bio(arg);
     d2i_PKCS12_bio(in, &pkcs);
     DATA_PTR(self) = pkcs;

ext/openssl/ossl_pkcs7.c

@@ -429,12 +429,13 @@ ossl_pkcs7_sym2typeid(VALUE sym)
         { "digest",             NID_pkcs7_digest },
     };
 
-    if (RB_TYPE_P(sym, T_SYMBOL)) sym = rb_sym2str(sym);
+    if (SYMBOL_P(sym)) sym = rb_sym2str(sym);
     else StringValue(sym);
     RSTRING_GETMEM(sym, s, l);
+
     for(i = 0; ; i++){
 	if(i == numberof(p7_type_tab))
-	    ossl_raise(ePKCS7Error, "unknown type \"%s\"", s);
+	    ossl_raise(ePKCS7Error, "unknown type \"%"PRIsVALUE"\"", sym);
 	if(strlen(p7_type_tab[i].name) != l) continue;
 	if(strcmp(p7_type_tab[i].name, s) == 0){
 	    ret = p7_type_tab[i].nid;

ext/openssl/ossl_pkey.c

@@ -121,8 +121,8 @@ ossl_pkey_new_from_file(VALUE filename)
     FILE *fp;
     EVP_PKEY *pkey;
 
-    SafeStringValue(filename);
-    if (!(fp = fopen(RSTRING_PTR(filename), "r"))) {
+    rb_check_safe_obj(filename);
+    if (!(fp = fopen(StringValueCStr(filename), "r"))) {
 	ossl_raise(ePKeyError, "%s", strerror(errno));
     }
     rb_fd_fix_cloexec(fileno(fp));

ext/openssl/ossl_pkey_ec.c

@@ -214,10 +214,10 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
 
 		ossl_clear_error(); /* ignore errors in the previous d2i_EC_PUBKEY_bio() */
                 if (nid == NID_undef)
-                    ossl_raise(eECError, "unknown curve name (%s)\n", name);
+                    ossl_raise(eECError, "unknown curve name (%"PRIsVALUE")", arg);
 
                 if ((ec = EC_KEY_new_by_curve_name(nid)) == NULL)
-                    ossl_raise(eECError, "unable to create curve (%s)\n", name);
+                    ossl_raise(eECError, "unable to create curve (%"PRIsVALUE")\n", arg);
 
                 EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
                 EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
@@ -802,11 +802,11 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
 
 		ossl_clear_error(); /* ignore errors in d2i_ECPKParameters_bio() */
                 if (nid == NID_undef)
-                    ossl_raise(eEC_GROUP, "unknown curve name (%s)", name);
+                    ossl_raise(eEC_GROUP, "unknown curve name (%"PRIsVALUE")", arg1);
 
                 group = EC_GROUP_new_by_curve_name(nid);
                 if (group == NULL)
-                    ossl_raise(eEC_GROUP, "unable to create curve (%s)", name);
+                    ossl_raise(eEC_GROUP, "unable to create curve (%"PRIsVALUE")", arg1);
 
                 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
                 EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);

ext/openssl/ossl_rand.c

@@ -67,9 +67,9 @@ ossl_rand_add(VALUE self, VALUE str, VALUE entropy)
 static VALUE
 ossl_rand_load_file(VALUE self, VALUE filename)
 {
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
 
-    if(!RAND_load_file(RSTRING_PTR(filename), -1)) {
+    if(!RAND_load_file(StringValueCStr(filename), -1)) {
 	ossl_raise(eRandomError, NULL);
     }
     return Qtrue;
@@ -86,8 +86,9 @@ ossl_rand_load_file(VALUE self, VALUE filename)
 static VALUE
 ossl_rand_write_file(VALUE self, VALUE filename)
 {
-    SafeStringValue(filename);
-    if (RAND_write_file(RSTRING_PTR(filename)) == -1) {
+    rb_check_safe_obj(filename);
+
+    if (RAND_write_file(StringValueCStr(filename)) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
     return Qtrue;
@@ -161,9 +162,9 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len)
 static VALUE
 ossl_rand_egd(VALUE self, VALUE filename)
 {
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
 
-    if (RAND_egd(RSTRING_PTR(filename)) == -1) {
+    if (RAND_egd(StringValueCStr(filename)) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
     return Qtrue;
@@ -183,9 +184,9 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len)
 {
     int n = NUM2INT(len);
 
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
 
-    if (RAND_egd_bytes(RSTRING_PTR(filename), n) == -1) {
+    if (RAND_egd_bytes(StringValueCStr(filename), n) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
     return Qtrue;

ext/openssl/ossl_ssl.c

@@ -563,9 +563,8 @@ ssl_npn_encode_protocol_i(VALUE cur, VALUE encoded)
 static VALUE
 ssl_encode_npn_protocols(VALUE protocols)
 {
-    VALUE encoded = rb_str_new2("");
+    VALUE encoded = rb_str_new(NULL, 0);
     rb_iterate(rb_each, protocols, ssl_npn_encode_protocol_i, encoded);
-    StringValueCStr(encoded);
     return encoded;
 }
 
@@ -775,9 +774,9 @@ ossl_sslctx_setup(VALUE self)
     }
 
     val = ossl_sslctx_get_ca_file(self);
-    ca_file = NIL_P(val) ? NULL : StringValuePtr(val);
+    ca_file = NIL_P(val) ? NULL : StringValueCStr(val);
     val = ossl_sslctx_get_ca_path(self);
-    ca_path = NIL_P(val) ? NULL : StringValuePtr(val);
+    ca_path = NIL_P(val) ? NULL : StringValueCStr(val);
     if(ca_file || ca_path){
 	if (!SSL_CTX_load_verify_locations(ctx, ca_file, ca_path))
 	    rb_warning("can't set verify locations");
@@ -812,7 +811,7 @@ ossl_sslctx_setup(VALUE self)
     val = rb_iv_get(self, "@alpn_protocols");
     if (!NIL_P(val)) {
 	VALUE rprotos = ssl_encode_npn_protocols(val);
-	SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)StringValueCStr(rprotos), RSTRING_LENINT(rprotos));
+	SSL_CTX_set_alpn_protos(ctx, (unsigned char *)RSTRING_PTR(rprotos), RSTRING_LENINT(rprotos));
 	OSSL_Debug("SSL ALPN values added");
     }
     if (RTEST(rb_iv_get(self, "@alpn_select_cb"))) {
@@ -947,7 +946,7 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
         ossl_raise(eSSLError, "SSL_CTX is not initialized.");
         return Qnil;
     }
-    if (!SSL_CTX_set_cipher_list(ctx, RSTRING_PTR(str))) {
+    if (!SSL_CTX_set_cipher_list(ctx, StringValueCStr(str))) {
         ossl_raise(eSSLError, "SSL_CTX_set_cipher_list");
     }
 
@@ -1210,7 +1209,7 @@ ossl_ssl_setup(VALUE self)
 
 #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
         if (!NIL_P(hostname)) {
-           if (SSL_set_tlsext_host_name(ssl, StringValuePtr(hostname)) != 1)
+           if (SSL_set_tlsext_host_name(ssl, StringValueCStr(hostname)) != 1)
                ossl_raise(eSSLError, "SSL_set_tlsext_host_name");
         }
 #endif

ext/openssl/ossl_x509attr.c

@@ -141,7 +141,7 @@ ossl_x509attr_set_oid(VALUE self, VALUE oid)
     ASN1_OBJECT *obj;
     char *s;
 
-    s = StringValuePtr(oid);
+    s = StringValueCStr(oid);
     obj = OBJ_txt2obj(s, 0);
     if(!obj) obj = OBJ_txt2obj(s, 1);
     if(!obj) ossl_raise(eX509AttrError, NULL);
@@ -269,7 +269,7 @@ ossl_x509attr_to_der(VALUE self)
     p = (unsigned char *)RSTRING_PTR(str);
     if(i2d_X509_ATTRIBUTE(attr, &p) <= 0)
 	ossl_raise(eX509AttrError, NULL);
-    rb_str_set_len(str, p - (unsigned char*)RSTRING_PTR(str));
+    ossl_str_adjust(str, p);
 
     return str;
 }

ext/openssl/ossl_x509cert.c

@@ -78,9 +78,9 @@ ossl_x509_new_from_file(VALUE filename)
     FILE *fp;
     VALUE obj;
 
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
     obj = NewX509(cX509Cert);
-    if (!(fp = fopen(RSTRING_PTR(filename), "r"))) {
+    if (!(fp = fopen(StringValueCStr(filename), "r"))) {
 	ossl_raise(eX509CertError, "%s", strerror(errno));
     }
     rb_fd_fix_cloexec(fileno(fp));

ext/openssl/ossl_x509ext.c

@@ -251,15 +251,18 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
 #endif
 
     rb_scan_args(argc, argv, "21", &oid, &value, &critical);
-    StringValue(oid);
+    StringValueCStr(oid);
     StringValue(value);
     if(NIL_P(critical)) critical = Qfalse;
 
     nid = OBJ_ln2nid(RSTRING_PTR(oid));
     if(!nid) nid = OBJ_sn2nid(RSTRING_PTR(oid));
-    if(!nid) ossl_raise(eX509ExtError, "unknown OID `%s'", RSTRING_PTR(oid));
+    if(!nid) ossl_raise(eX509ExtError, "unknown OID `%"PRIsVALUE"'", oid);
+
     valstr = rb_str_new2(RTEST(critical) ? "critical," : "");
     rb_str_append(valstr, value);
+    StringValueCStr(valstr);
+
     GetX509ExtFactory(self, ctx);
     obj = NewX509Ext(cX509Ext);
 #ifdef HAVE_X509V3_EXT_NCONF_NID
@@ -271,8 +274,7 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
     ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING_PTR(valstr));
 #endif
     if (!ext){
-	ossl_raise(eX509ExtError, "%s = %s",
-		   RSTRING_PTR(oid), RSTRING_PTR(value));
+	ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
     }
     SetX509Ext(obj, ext);
 
@@ -341,7 +343,7 @@ ossl_x509ext_set_oid(VALUE self, VALUE oid)
     ASN1_OBJECT *obj;
     char *s;
 
-    s = StringValuePtr(oid);
+    s = StringValueCStr(oid);
     obj = OBJ_txt2obj(s, 0);
     if(!obj) obj = OBJ_txt2obj(s, 1);
     if(!obj) ossl_raise(eX509ExtError, NULL);

ext/openssl/ossl_x509store.c

@@ -240,8 +240,8 @@ ossl_x509store_add_file(VALUE self, VALUE file)
     char *path = NULL;
 
     if(file != Qnil){
-        SafeStringValue(file);
-	path = RSTRING_PTR(file);
+	rb_check_safe_obj(file);
+	path = StringValueCStr(file);
     }
     GetX509Store(self, store);
     lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
@@ -261,8 +261,8 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
     char *path = NULL;
 
     if(dir != Qnil){
-        SafeStringValue(dir);
-	path = RSTRING_PTR(dir);
+	rb_check_safe_obj(dir);
+	path = StringValueCStr(dir);
     }
     GetX509Store(self, store);
     lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());