openssl: use StringValueCStr() where NUL-terminated string is expected

* ext/openssl/ossl_asn1.c, ext/openssl/ossl_bn.c, ext/openssl/ossl_cipher.c, ext/openssl/ossl_digest.c ext/openssl/ossl_engine.c, ext/openssl/ossl_ns_spki.c ext/openssl/ossl_pkcs12.c, ext/openssl/ossl_pkcs7.c ext/openssl/ossl_pkey.c, ext/openssl/ossl_pkey_ec.c ext/openssl/ossl_rand.c, ext/openssl/ossl_ssl.c ext/openssl/ossl_x509attr.c, ext/openssl/ossl_x509cert.c ext/openssl/ossl_x509ext.c, ext/openssl/ossl_x509store.c: Use StringValueCStr() where NUL-terminated string is expected. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55134 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2016-05-23 11:40:07 +00:00 · 2016-05-23 11:40:07 +00:00 · 582fa9cde9
commit 582fa9cde9
parent b9da060bd8
17 changed files with 90 additions and 82 deletions
--- a/12
+++ b/12
@ -1,3 +1,15 @@
 Mon May 23 20:32:16 2016  Kazuki Yamaguchi  <k@rhe.jp>
 	* ext/openssl/ossl_asn1.c, ext/openssl/ossl_bn.c,
 	  ext/openssl/ossl_cipher.c, ext/openssl/ossl_digest.c
 	  ext/openssl/ossl_engine.c, ext/openssl/ossl_ns_spki.c
 	  ext/openssl/ossl_pkcs12.c, ext/openssl/ossl_pkcs7.c
 	  ext/openssl/ossl_pkey.c, ext/openssl/ossl_pkey_ec.c
 	  ext/openssl/ossl_rand.c, ext/openssl/ossl_ssl.c
 	  ext/openssl/ossl_x509attr.c, ext/openssl/ossl_x509cert.c
 	  ext/openssl/ossl_x509ext.c, ext/openssl/ossl_x509store.c: Use
 	  StringValueCStr() where NUL-terminated string is expected.
 Mon May 23 20:20:12 2016  NAKAMURA Usaku  <usa@ruby-lang.org>
 	* ext/bigdecimal/bigdecimal.c (isfinite): get rid of a warning on
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@ -140,7 +140,7 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
 	bn = GetBNPtr(obj);
    } else {
 	obj = rb_String(obj);
-	if (!BN_dec2bn(&bn, StringValuePtr(obj))) {
+	if (!BN_dec2bn(&bn, StringValueCStr(obj))) {
 	    ossl_raise(eOSSLError, NULL);
 	}
    }
@ -293,10 +293,10 @@ obj_to_asn1obj(VALUE obj)
 {
    ASN1_OBJECT *a1obj;
-    StringValue(obj);
+    StringValueCStr(obj);
    a1obj = OBJ_txt2obj(RSTRING_PTR(obj), 0);
    if(!a1obj) a1obj = OBJ_txt2obj(RSTRING_PTR(obj), 1);
-    if(!a1obj) ossl_raise(eASN1Error, "invalid OBJECT ID");
+    if(!a1obj) ossl_raise(eASN1Error, "invalid OBJECT ID %"PRIsVALUE, obj);
    return a1obj;
 }
@ -1374,9 +1374,9 @@ ossl_asn1cons_each(VALUE self)
 static VALUE
 ossl_asn1obj_s_register(VALUE self, VALUE oid, VALUE sn, VALUE ln)
 {
-    StringValue(oid);
+    StringValueCStr(oid);
-    StringValue(sn);
+    StringValueCStr(sn);
-    StringValue(ln);
+    StringValueCStr(ln);
    if(!OBJ_create(RSTRING_PTR(oid), RSTRING_PTR(sn), RSTRING_PTR(ln)))
 	ossl_raise(eASN1Error, NULL);
@ -1399,7 +1399,7 @@ ossl_asn1obj_get_sn(VALUE self)
    int nid;
    val = ossl_asn1_get_value(self);
-    if ((nid = OBJ_txt2nid(StringValuePtr(val))) != NID_undef)
+    if ((nid = OBJ_txt2nid(StringValueCStr(val))) != NID_undef)
 	ret = rb_str_new2(OBJ_nid2sn(nid));
    return ret;
@ -1420,7 +1420,7 @@ ossl_asn1obj_get_ln(VALUE self)
    int nid;
    val = ossl_asn1_get_value(self);
-    if ((nid = OBJ_txt2nid(StringValuePtr(val))) != NID_undef)
+    if ((nid = OBJ_txt2nid(StringValueCStr(val))) != NID_undef)
 	ret = rb_str_new2(OBJ_nid2ln(nid));
    return ret;
--- a/ext/openssl/ossl_bn.c
+++ b/ext/openssl/ossl_bn.c
@ -95,7 +95,7 @@ try_convert_to_bnptr(VALUE obj)
    case T_BIGNUM:
 	obj = rb_String(obj);
 	newobj = NewBN(cBN);	/* GC bug */
-	if (!BN_dec2bn(&bn, StringValuePtr(obj))) {
+	if (!BN_dec2bn(&bn, StringValueCStr(obj))) {
 	    ossl_raise(eBNError, NULL);
 	}
 	SetBN(newobj, bn); /* Handle potencial mem leaks */
@ -209,26 +209,25 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
 	return self;
    }
    StringValue(str);
    GetBN(self, bn);
    switch (base) {
    case 0:
-	if (!BN_mpi2bn((unsigned char *)RSTRING_PTR(str), RSTRING_LENINT(str), bn)) {
+	if (!BN_mpi2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) {
 	    ossl_raise(eBNError, NULL);
 	}
 	break;
    case 2:
-	if (!BN_bin2bn((unsigned char *)RSTRING_PTR(str), RSTRING_LENINT(str), bn)) {
+	if (!BN_bin2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) {
 	    ossl_raise(eBNError, NULL);
 	}
 	break;
    case 10:
-	if (!BN_dec2bn(&bn, RSTRING_PTR(str))) {
+	if (!BN_dec2bn(&bn, StringValueCStr(str))) {
 	    ossl_raise(eBNError, NULL);
 	}
 	break;
    case 16:
-	if (!BN_hex2bn(&bn, RSTRING_PTR(str))) {
+	if (!BN_hex2bn(&bn, StringValueCStr(str))) {
 	    ossl_raise(eBNError, NULL);
 	}
 	break;
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@ -116,7 +116,7 @@ ossl_cipher_initialize(VALUE self, VALUE str)
    char *name;
    unsigned char key[EVP_MAX_KEY_LENGTH];
-    name = StringValuePtr(str);
+    name = StringValueCStr(str);
    GetCipherInit(self, ctx);
    if (ctx) {
 	ossl_raise(rb_eRuntimeError, "Cipher already inititalized!");
@ -124,7 +124,7 @@ ossl_cipher_initialize(VALUE self, VALUE str)
    AllocCipher(self, ctx);
    EVP_CIPHER_CTX_init(ctx);
    if (!(cipher = EVP_get_cipherbyname(name))) {
-	ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%s)", name);
+	ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%"PRIsVALUE")", str);
    }
    /*
     * The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows
--- a/ext/openssl/ossl_digest.c
+++ b/ext/openssl/ossl_digest.c
@ -61,7 +61,7 @@ GetDigestPtr(VALUE obj)
 	    ASN1_OBJECT_free(oid);
 	}
 	if(!md)
-            ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%s).", name);
+            ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%"PRIsVALUE").", obj);
    } else {
        EVP_MD_CTX *ctx;
--- a/ext/openssl/ossl_engine.c
+++ b/ext/openssl/ossl_engine.c
@ -96,7 +96,7 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
        ENGINE_load_builtin_engines();
        return Qtrue;
    }
-    StringValue(name);
+    StringValueCStr(name);
 #ifndef OPENSSL_NO_STATIC_ENGINE
 #if HAVE_ENGINE_LOAD_DYNAMIC
    OSSL_ENGINE_LOAD_IF_MATCH(dynamic);
@ -148,7 +148,7 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
    OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);
 #endif
    OSSL_ENGINE_LOAD_IF_MATCH(openssl);
-    rb_warning("no such builtin loader for `%s'", RSTRING_PTR(name));
+    rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
    return Qnil;
 #endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
 }
@ -213,7 +213,7 @@ ossl_engine_s_by_id(VALUE klass, VALUE id)
    ENGINE *e;
    VALUE obj;
-    StringValue(id);
+    StringValueCStr(id);
    ossl_engine_s_load(1, &id, klass);
    obj = NewEngine(klass);
    if(!(e = ENGINE_by_id(RSTRING_PTR(id))))
@ -318,12 +318,10 @@ ossl_engine_get_cipher(VALUE self, VALUE name)
 {
    ENGINE *e;
    const EVP_CIPHER *ciph, *tmp;
    char *s;
    int nid;
-    s = StringValuePtr(name);
+    tmp = EVP_get_cipherbyname(StringValueCStr(name));
-    tmp = EVP_get_cipherbyname(s);
+    if(!tmp) ossl_raise(eEngineError, "no such cipher `%"PRIsVALUE"'", name);
    if(!tmp) ossl_raise(eEngineError, "no such cipher `%s'", s);
    nid = EVP_CIPHER_nid(tmp);
    GetEngine(self, e);
    ciph = ENGINE_get_cipher(e, nid);
@ -357,12 +355,10 @@ ossl_engine_get_digest(VALUE self, VALUE name)
 {
    ENGINE *e;
    const EVP_MD *md, *tmp;
    char *s;
    int nid;
-    s = StringValuePtr(name);
+    tmp = EVP_get_digestbyname(StringValueCStr(name));
-    tmp = EVP_get_digestbyname(s);
+    if(!tmp) ossl_raise(eEngineError, "no such digest `%"PRIsVALUE"'", name);
    if(!tmp) ossl_raise(eEngineError, "no such digest `%s'", s);
    nid = EVP_MD_nid(tmp);
    GetEngine(self, e);
    md = ENGINE_get_digest(e, nid);
@ -393,8 +389,8 @@ ossl_engine_load_privkey(int argc, VALUE *argv, VALUE self)
    char *sid, *sdata;
    rb_scan_args(argc, argv, "02", &id, &data);
-    sid = NIL_P(id) ? NULL : StringValuePtr(id);
+    sid = NIL_P(id) ? NULL : StringValueCStr(id);
-    sdata = NIL_P(data) ? NULL : StringValuePtr(data);
+    sdata = NIL_P(data) ? NULL : StringValueCStr(data);
    GetEngine(self, e);
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
    pkey = ENGINE_load_private_key(e, sid, sdata);
@ -427,8 +423,8 @@ ossl_engine_load_pubkey(int argc, VALUE *argv, VALUE self)
    char *sid, *sdata;
    rb_scan_args(argc, argv, "02", &id, &data);
-    sid = NIL_P(id) ? NULL : StringValuePtr(id);
+    sid = NIL_P(id) ? NULL : StringValueCStr(id);
-    sdata = NIL_P(data) ? NULL : StringValuePtr(data);
+    sdata = NIL_P(data) ? NULL : StringValueCStr(data);
    GetEngine(self, e);
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
    pkey = ENGINE_load_public_key(e, sid, sdata);
@ -487,10 +483,8 @@ ossl_engine_ctrl_cmd(int argc, VALUE *argv, VALUE self)
    GetEngine(self, e);
    rb_scan_args(argc, argv, "11", &cmd, &val);
-    StringValue(cmd);
+    ret = ENGINE_ctrl_cmd_string(e, StringValueCStr(cmd),
-    if (!NIL_P(val)) StringValue(val);
+				 NIL_P(val) ? NULL : StringValueCStr(val), 0);
    ret = ENGINE_ctrl_cmd_string(e, RSTRING_PTR(cmd),
 				 NIL_P(val) ? NULL : RSTRING_PTR(val), 0);
    if (!ret) ossl_raise(eEngineError, NULL);
    return self;
--- a/ext/openssl/ossl_ns_spki.c
+++ b/ext/openssl/ossl_ns_spki.c
@ -86,15 +86,15 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
 	return self;
    }
    StringValue(buffer);
-    if (!(spki = NETSCAPE_SPKI_b64_decode(RSTRING_PTR(buffer), -1))) {
+    if (!(spki = NETSCAPE_SPKI_b64_decode(RSTRING_PTR(buffer), RSTRING_LENINT(buffer)))) {
 	ossl_clear_error();
 	p = (unsigned char *)RSTRING_PTR(buffer);
 	if (!(spki = d2i_NETSCAPE_SPKI(NULL, &p, RSTRING_LEN(buffer)))) {
 	    ossl_raise(eSPKIError, NULL);
 	}
    }
    NETSCAPE_SPKI_free(DATA_PTR(self));
-    DATA_PTR(self) = spki;
+    SetSPKI(self, spki);
    ossl_clear_error();
    return self;
 }
--- a/ext/openssl/ossl_pkcs12.c
+++ b/ext/openssl/ossl_pkcs12.c
@ -100,19 +100,19 @@ ossl_pkcs12_s_create(int argc, VALUE *argv, VALUE self)
    PKCS12 *p12;
    rb_scan_args(argc, argv, "46", &pass, &name, &pkey, &cert, &ca, &key_nid, &cert_nid, &key_iter, &mac_iter, &keytype);
-    passphrase = NIL_P(pass) ? NULL : StringValuePtr(pass);
+    passphrase = NIL_P(pass) ? NULL : StringValueCStr(pass);
-    friendlyname = NIL_P(name) ? NULL : StringValuePtr(name);
+    friendlyname = NIL_P(name) ? NULL : StringValueCStr(name);
    key = GetPKeyPtr(pkey);
    x509 = GetX509CertPtr(cert);
    x509s = NIL_P(ca) ? NULL : ossl_x509_ary2sk(ca);
 /* TODO: make a VALUE to nid function */
    if (!NIL_P(key_nid)) {
-        if ((nkey = OBJ_txt2nid(StringValuePtr(key_nid))) == NID_undef)
+        if ((nkey = OBJ_txt2nid(StringValueCStr(key_nid))) == NID_undef)
-            ossl_raise(rb_eArgError, "Unknown PBE algorithm %s", StringValuePtr(key_nid));
+	    ossl_raise(rb_eArgError, "Unknown PBE algorithm %"PRIsVALUE, key_nid);
    }
    if (!NIL_P(cert_nid)) {
-        if ((ncert = OBJ_txt2nid(StringValuePtr(cert_nid))) == NID_undef)
+        if ((ncert = OBJ_txt2nid(StringValueCStr(cert_nid))) == NID_undef)
-            ossl_raise(rb_eArgError, "Unknown PBE algorithm %s", StringValuePtr(cert_nid));
+	    ossl_raise(rb_eArgError, "Unknown PBE algorithm %"PRIsVALUE, cert_nid);
    }
    if (!NIL_P(key_iter))
        kiter = NUM2INT(key_iter);
@ -158,7 +158,7 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self)
    PKCS12 *pkcs = DATA_PTR(self);
    if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) return self;
-    passphrase = NIL_P(pass) ? NULL : StringValuePtr(pass);
+    passphrase = NIL_P(pass) ? NULL : StringValueCStr(pass);
    in = ossl_obj2bio(arg);
    d2i_PKCS12_bio(in, &pkcs);
    DATA_PTR(self) = pkcs;
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@ -429,12 +429,13 @@ ossl_pkcs7_sym2typeid(VALUE sym)
        { "digest",             NID_pkcs7_digest },
    };
-    if (RB_TYPE_P(sym, T_SYMBOL)) sym = rb_sym2str(sym);
+    if (SYMBOL_P(sym)) sym = rb_sym2str(sym);
    else StringValue(sym);
    RSTRING_GETMEM(sym, s, l);
    for(i = 0; ; i++){
 	if(i == numberof(p7_type_tab))
-	    ossl_raise(ePKCS7Error, "unknown type \"%s\"", s);
+	    ossl_raise(ePKCS7Error, "unknown type \"%"PRIsVALUE"\"", sym);
 	if(strlen(p7_type_tab[i].name) != l) continue;
 	if(strcmp(p7_type_tab[i].name, s) == 0){
 	    ret = p7_type_tab[i].nid;
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@ -121,8 +121,8 @@ ossl_pkey_new_from_file(VALUE filename)
    FILE *fp;
    EVP_PKEY *pkey;
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
-    if (!(fp = fopen(RSTRING_PTR(filename), "r"))) {
+    if (!(fp = fopen(StringValueCStr(filename), "r"))) {
 	ossl_raise(ePKeyError, "%s", strerror(errno));
    }
    rb_fd_fix_cloexec(fileno(fp));
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@ -214,10 +214,10 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
 		ossl_clear_error(); /* ignore errors in the previous d2i_EC_PUBKEY_bio() */
                if (nid == NID_undef)
-                    ossl_raise(eECError, "unknown curve name (%s)\n", name);
+                    ossl_raise(eECError, "unknown curve name (%"PRIsVALUE")", arg);
                if ((ec = EC_KEY_new_by_curve_name(nid)) == NULL)
-                    ossl_raise(eECError, "unable to create curve (%s)\n", name);
+                    ossl_raise(eECError, "unable to create curve (%"PRIsVALUE")\n", arg);
                EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
                EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
@ -802,11 +802,11 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
 		ossl_clear_error(); /* ignore errors in d2i_ECPKParameters_bio() */
                if (nid == NID_undef)
-                    ossl_raise(eEC_GROUP, "unknown curve name (%s)", name);
+                    ossl_raise(eEC_GROUP, "unknown curve name (%"PRIsVALUE")", arg1);
                group = EC_GROUP_new_by_curve_name(nid);
                if (group == NULL)
-                    ossl_raise(eEC_GROUP, "unable to create curve (%s)", name);
+                    ossl_raise(eEC_GROUP, "unable to create curve (%"PRIsVALUE")", arg1);
                EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
                EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
--- a/ext/openssl/ossl_rand.c
+++ b/ext/openssl/ossl_rand.c
@ -67,9 +67,9 @@ ossl_rand_add(VALUE self, VALUE str, VALUE entropy)
 static VALUE
 ossl_rand_load_file(VALUE self, VALUE filename)
 {
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
-    if(!RAND_load_file(RSTRING_PTR(filename), -1)) {
+    if(!RAND_load_file(StringValueCStr(filename), -1)) {
 	ossl_raise(eRandomError, NULL);
    }
    return Qtrue;
@ -86,8 +86,9 @@ ossl_rand_load_file(VALUE self, VALUE filename)
 static VALUE
 ossl_rand_write_file(VALUE self, VALUE filename)
 {
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
-    if (RAND_write_file(RSTRING_PTR(filename)) == -1) {
+
    if (RAND_write_file(StringValueCStr(filename)) == -1) {
 	ossl_raise(eRandomError, NULL);
    }
    return Qtrue;
@ -161,9 +162,9 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len)
 static VALUE
 ossl_rand_egd(VALUE self, VALUE filename)
 {
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
-    if (RAND_egd(RSTRING_PTR(filename)) == -1) {
+    if (RAND_egd(StringValueCStr(filename)) == -1) {
 	ossl_raise(eRandomError, NULL);
    }
    return Qtrue;
@ -183,9 +184,9 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len)
 {
    int n = NUM2INT(len);
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
-    if (RAND_egd_bytes(RSTRING_PTR(filename), n) == -1) {
+    if (RAND_egd_bytes(StringValueCStr(filename), n) == -1) {
 	ossl_raise(eRandomError, NULL);
    }
    return Qtrue;
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@ -563,9 +563,8 @@ ssl_npn_encode_protocol_i(VALUE cur, VALUE encoded)
 static VALUE
 ssl_encode_npn_protocols(VALUE protocols)
 {
-    VALUE encoded = rb_str_new2("");
+    VALUE encoded = rb_str_new(NULL, 0);
    rb_iterate(rb_each, protocols, ssl_npn_encode_protocol_i, encoded);
    StringValueCStr(encoded);
    return encoded;
 }
@ -775,9 +774,9 @@ ossl_sslctx_setup(VALUE self)
    }
    val = ossl_sslctx_get_ca_file(self);
-    ca_file = NIL_P(val) ? NULL : StringValuePtr(val);
+    ca_file = NIL_P(val) ? NULL : StringValueCStr(val);
    val = ossl_sslctx_get_ca_path(self);
-    ca_path = NIL_P(val) ? NULL : StringValuePtr(val);
+    ca_path = NIL_P(val) ? NULL : StringValueCStr(val);
    if(ca_file || ca_path){
 	if (!SSL_CTX_load_verify_locations(ctx, ca_file, ca_path))
 	    rb_warning("can't set verify locations");
@ -812,7 +811,7 @@ ossl_sslctx_setup(VALUE self)
    val = rb_iv_get(self, "@alpn_protocols");
    if (!NIL_P(val)) {
 	VALUE rprotos = ssl_encode_npn_protocols(val);
-	SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)StringValueCStr(rprotos), RSTRING_LENINT(rprotos));
+	SSL_CTX_set_alpn_protos(ctx, (unsigned char *)RSTRING_PTR(rprotos), RSTRING_LENINT(rprotos));
 	OSSL_Debug("SSL ALPN values added");
    }
    if (RTEST(rb_iv_get(self, "@alpn_select_cb"))) {
@ -947,7 +946,7 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
        ossl_raise(eSSLError, "SSL_CTX is not initialized.");
        return Qnil;
    }
-    if (!SSL_CTX_set_cipher_list(ctx, RSTRING_PTR(str))) {
+    if (!SSL_CTX_set_cipher_list(ctx, StringValueCStr(str))) {
        ossl_raise(eSSLError, "SSL_CTX_set_cipher_list");
    }
@ -1210,7 +1209,7 @@ ossl_ssl_setup(VALUE self)
 #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
        if (!NIL_P(hostname)) {
-           if (SSL_set_tlsext_host_name(ssl, StringValuePtr(hostname)) != 1)
+           if (SSL_set_tlsext_host_name(ssl, StringValueCStr(hostname)) != 1)
               ossl_raise(eSSLError, "SSL_set_tlsext_host_name");
        }
 #endif
--- a/ext/openssl/ossl_x509attr.c
+++ b/ext/openssl/ossl_x509attr.c
@ -141,7 +141,7 @@ ossl_x509attr_set_oid(VALUE self, VALUE oid)
    ASN1_OBJECT *obj;
    char *s;
-    s = StringValuePtr(oid);
+    s = StringValueCStr(oid);
    obj = OBJ_txt2obj(s, 0);
    if(!obj) obj = OBJ_txt2obj(s, 1);
    if(!obj) ossl_raise(eX509AttrError, NULL);
@ -269,7 +269,7 @@ ossl_x509attr_to_der(VALUE self)
    p = (unsigned char *)RSTRING_PTR(str);
    if(i2d_X509_ATTRIBUTE(attr, &p) <= 0)
 	ossl_raise(eX509AttrError, NULL);
-    rb_str_set_len(str, p - (unsigned char*)RSTRING_PTR(str));
+    ossl_str_adjust(str, p);
    return str;
 }
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@ -78,9 +78,9 @@ ossl_x509_new_from_file(VALUE filename)
    FILE *fp;
    VALUE obj;
-    SafeStringValue(filename);
+    rb_check_safe_obj(filename);
    obj = NewX509(cX509Cert);
-    if (!(fp = fopen(RSTRING_PTR(filename), "r"))) {
+    if (!(fp = fopen(StringValueCStr(filename), "r"))) {
 	ossl_raise(eX509CertError, "%s", strerror(errno));
    }
    rb_fd_fix_cloexec(fileno(fp));
--- a/ext/openssl/ossl_x509ext.c
+++ b/ext/openssl/ossl_x509ext.c
@ -251,15 +251,18 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
 #endif
    rb_scan_args(argc, argv, "21", &oid, &value, &critical);
-    StringValue(oid);
+    StringValueCStr(oid);
    StringValue(value);
    if(NIL_P(critical)) critical = Qfalse;
    nid = OBJ_ln2nid(RSTRING_PTR(oid));
    if(!nid) nid = OBJ_sn2nid(RSTRING_PTR(oid));
-    if(!nid) ossl_raise(eX509ExtError, "unknown OID `%s'", RSTRING_PTR(oid));
+    if(!nid) ossl_raise(eX509ExtError, "unknown OID `%"PRIsVALUE"'", oid);
    valstr = rb_str_new2(RTEST(critical) ? "critical," : "");
    rb_str_append(valstr, value);
    StringValueCStr(valstr);
    GetX509ExtFactory(self, ctx);
    obj = NewX509Ext(cX509Ext);
 #ifdef HAVE_X509V3_EXT_NCONF_NID
@ -271,8 +274,7 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
    ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING_PTR(valstr));
 #endif
    if (!ext){
-	ossl_raise(eX509ExtError, "%s = %s",
+	ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
 		   RSTRING_PTR(oid), RSTRING_PTR(value));
    }
    SetX509Ext(obj, ext);
@ -341,7 +343,7 @@ ossl_x509ext_set_oid(VALUE self, VALUE oid)
    ASN1_OBJECT *obj;
    char *s;
-    s = StringValuePtr(oid);
+    s = StringValueCStr(oid);
    obj = OBJ_txt2obj(s, 0);
    if(!obj) obj = OBJ_txt2obj(s, 1);
    if(!obj) ossl_raise(eX509ExtError, NULL);
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@ -240,8 +240,8 @@ ossl_x509store_add_file(VALUE self, VALUE file)
    char *path = NULL;
    if(file != Qnil){
-        SafeStringValue(file);
+	rb_check_safe_obj(file);
-	path = RSTRING_PTR(file);
+	path = StringValueCStr(file);
    }
    GetX509Store(self, store);
    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
@ -261,8 +261,8 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
    char *path = NULL;
    if(dir != Qnil){
-        SafeStringValue(dir);
+	rb_check_safe_obj(dir);
-	path = RSTRING_PTR(dir);
+	path = StringValueCStr(dir);
    }
    GetX509Store(self, store);
    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());