rubysl-openssl 2.4.0 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 02c28e54552a012c04288964b9388152e2e08396
-  data.tar.gz: 092a697ea348a292d7ea1d37c2bdef94e1398496
+  metadata.gz: b5891637a7b61280d9cf53442718d278f44de04e
+  data.tar.gz: f0144074795d3268b386c773e00a4495cde6759f
 SHA512:
-  metadata.gz: 14d006d186aaaa3b84d0031f6c680276eb1f1a0d837a061d72545076325e6a421c46fa433204a9e68bd842836bd6e39cffd12eaf87eec0c34a0e1a959c439590
-  data.tar.gz: d553256a8678cd64b99c01705e2b01902e913dc78ce47d5e1b55fb2479164b5beb22cf7422294cc81695968adf103b99829a653b4820f6ffec18477bf09dc0cb
+  metadata.gz: ba962b6d3311055b901193dd303e79912bf7097bba7e49ce0dd0e2623c8ddcf1bc699d35d139bfcabc8b2bdae6f26328a1a4f0617cdac54a478abae6ff3a9510
+  data.tar.gz: 132cc0ae45c8e2d3cf13a22f9a77373db4fb2c6dd477b2d65652baf495bb553239ce7f566f001b8d9841433be6d8ab6ef9df33a8b8d73d03b8b6195335221d24

data/ext/rubysl/openssl/deprecation.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 module OpenSSL
   def self.deprecated_warning_flag
     unless flag = (@deprecated_warning_flag ||= nil)

data/ext/rubysl/openssl/extconf.rb

@@ -1,18 +1,14 @@
 # -*- coding: us-ascii -*-
+# frozen_string_literal: false
 =begin
-= $RCSfile$ -- Generator for Makefile
-
 = Info
   'OpenSSL for Ruby 2' project
   Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
   All rights reserved.
 
 = Licence
-  This program is licenced under the same licence as Ruby.
+  This program is licensed under the same licence as Ruby.
   (See the file 'LICENCE'.)
-
-= Version
-  $Id$
 =end
 
 require "mkmf"
@@ -59,7 +55,7 @@ unless have_header("openssl/conf_api.h")
   raise "OpenSSL 0.9.6 or later required."
 end
 unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
-  Logging::message "You may be using a version of OpenSSL or SSL provided by Apple.\nIf you encounter issues, please use another SSL library. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
+  raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
 end
 
 Logging::message "=== Checking for OpenSSL features... ===\n"
@@ -87,6 +83,7 @@ have_func("HMAC_CTX_init")
 have_func("PEM_def_callback")
 have_func("PKCS5_PBKDF2_HMAC")
 have_func("PKCS5_PBKDF2_HMAC_SHA1")
+have_func("RAND_egd")
 have_func("X509V3_set_nconf")
 have_func("X509V3_EXT_nconf_nid")
 have_func("X509_CRL_add0_revoked")
@@ -112,6 +109,7 @@ have_func("TLSv1_1_client_method")
 have_func("TLSv1_2_method")
 have_func("TLSv1_2_server_method")
 have_func("TLSv1_2_client_method")
+have_func("SSL_CTX_set_alpn_select_cb")
 have_macro("OPENSSL_NPN_NEGOTIATED", ['openssl/ssl.h']) && $defs.push("-DHAVE_OPENSSL_NPN_NEGOTIATED")
 unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
   have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
@@ -157,7 +155,7 @@ have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTH
 Logging::message "=== Checking done. ===\n"
 
 create_header
-create_makefile("openssl/openssl") {|conf|
+create_makefile("openssl") {|conf|
   conf << "THREAD_MODEL = #{CONFIG["THREAD_MODEL"]}\n"
 }
 Logging::message "Done.\n"

data/ext/rubysl/openssl/openssl_missing.c

@@ -1,11 +1,10 @@
 /*
- * $Id: openssl_missing.c 40625 2013-05-09 12:12:17Z akr $
  * 'OpenSSL for Ruby' project
  * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
  * All rights reserved.
  */
 /*
- * This program is licenced under the same licence as Ruby.
+ * This program is licensed under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
 #include RUBY_EXTCONF_H
@@ -353,4 +352,3 @@ ASN1_put_eoc(unsigned char **pp)
     return 2;
 }
 #endif
-

data/ext/rubysl/openssl/openssl_missing.h

@@ -1,11 +1,10 @@
 /*
- * $Id: openssl_missing.h 32230 2011-06-26 01:32:03Z emboss $
  * 'OpenSSL for Ruby' project
  * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
  * All rights reserved.
  */
 /*
- * This program is licenced under the same licence as Ruby.
+ * This program is licensed under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
 #if !defined(_OSSL_OPENSSL_MISSING_H_)
@@ -195,4 +194,3 @@ int ASN1_put_eoc(unsigned char **pp);
 
 
 #endif /* _OSSL_OPENSSL_MISSING_H_ */
-

data/ext/rubysl/openssl/ossl.c

@@ -1,11 +1,10 @@
 /*
- * $Id: ossl.c 47744 2014-09-30 05:25:32Z nobu $
  * 'OpenSSL for Ruby' project
  * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
  * All rights reserved.
  */
 /*
- * This program is licenced under the same licence as Ruby.
+ * This program is licensed under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
 #include "ossl.h"
@@ -556,6 +555,20 @@ static void Init_ossl_locks(void)
  * OpenSSL provides SSL, TLS and general purpose cryptography.  It wraps the
  * OpenSSL[http://www.openssl.org/] library.
  *
+ * = Install
+ *
+ * OpenSSL comes bundled with the Standard Library of Ruby.
+ *
+ * This means the OpenSSL extension is compiled with Ruby and packaged on
+ * build. During compile time, Ruby will need to link against the OpenSSL
+ * library on your system. However, you cannot use openssl provided by Apple to
+ * build standard library openssl.
+ *
+ * If you use OSX, you should install another openssl and run ```./configure
+ * --with-openssl-dir=/path/to/another-openssl```. For Homebrew user, run `brew
+ * install openssl` and then ```./configure --with-openssl-dir=`brew --prefix
+ * openssl` ```.
+ *
  * = Examples
  *
  * All examples assume you have loaded OpenSSL with:
@@ -1165,4 +1178,3 @@ main(int argc, char *argv[])
     return 0;
 }
 #endif /* OSSL_DEBUG */
-

data/ext/rubysl/openssl/ossl.h

@@ -1,11 +1,10 @@
 /*
- * $Id: ossl.h 44582 2014-01-13 00:57:42Z nobu $
  * 'OpenSSL for Ruby' project
  * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
  * All rights reserved.
  */
 /*
- * This program is licenced under the same licence as Ruby.
+ * This program is licensed under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
 #if !defined(_OSSL_H_)
@@ -45,7 +44,7 @@ extern "C" {
 #  define assert(condition)
 #endif
 
-#if defined(_WIN32)
+#if defined(_WIN32) && !defined(LIBRESSL_VERSION_NUMBER)
 #  include <openssl/e_os2.h>
 #  define OSSL_NO_CONF_API 1
 #  if !defined(OPENSSL_SYS_WIN32)
@@ -64,6 +63,9 @@ extern "C" {
 #include <openssl/rand.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
+#if !defined(_WIN32)
+#  include <openssl/crypto.h>
+#endif
 #undef X509_NAME
 #undef PKCS7_SIGNER_INFO
 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
@@ -244,4 +246,3 @@ void Init_openssl(void);
 #endif
 
 #endif /* _OSSL_H_ */
-

data/ext/rubysl/openssl/ossl_asn1.c

@@ -1,11 +1,10 @@
 /*
- * $Id: ossl_asn1.c 47744 2014-09-30 05:25:32Z nobu $
  * 'OpenSSL for Ruby' team members
  * Copyright (C) 2003
  * All rights reserved.
  */
 /*
- * This program is licenced under the same licence as Ruby.
+ * This program is licensed under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
 #include "ossl.h"
@@ -1029,7 +1028,7 @@ static VALUE
 ossl_asn1_traverse(VALUE self, VALUE obj)
 {
     unsigned char *p;
-    volatile VALUE tmp;
+    VALUE tmp;
     long len, read = 0, offset = 0;
 
     obj = ossl_to_der_if_possible(obj);
@@ -1037,6 +1036,7 @@ ossl_asn1_traverse(VALUE self, VALUE obj)
     p = (unsigned char *)RSTRING_PTR(tmp);
     len = RSTRING_LEN(tmp);
     ossl_asn1_decode0(&p, len, &offset, 0, 1, &read);
+    RB_GC_GUARD(tmp);
     int_ossl_decode_sanity_check(len, read, offset);
     return Qnil;
 }
@@ -1058,7 +1058,7 @@ ossl_asn1_decode(VALUE self, VALUE obj)
 {
     VALUE ret;
     unsigned char *p;
-    volatile VALUE tmp;
+    VALUE tmp;
     long len, read = 0, offset = 0;
 
     obj = ossl_to_der_if_possible(obj);
@@ -1066,6 +1066,7 @@ ossl_asn1_decode(VALUE self, VALUE obj)
     p = (unsigned char *)RSTRING_PTR(tmp);
     len = RSTRING_LEN(tmp);
     ret = ossl_asn1_decode0(&p, len, &offset, 0, 0, &read);
+    RB_GC_GUARD(tmp);
     int_ossl_decode_sanity_check(len, read, offset);
     return ret;
 }
@@ -1089,7 +1090,7 @@ ossl_asn1_decode_all(VALUE self, VALUE obj)
     VALUE ary, val;
     unsigned char *p;
     long len, tmp_len = 0, read = 0, offset = 0;
-    volatile VALUE tmp;
+    VALUE tmp;
 
     obj = ossl_to_der_if_possible(obj);
     tmp = rb_str_new4(StringValue(obj));
@@ -1104,6 +1105,7 @@ ossl_asn1_decode_all(VALUE self, VALUE obj)
 	read += tmp_read;
 	tmp_len -= tmp_read;
     }
+    RB_GC_GUARD(tmp);
     int_ossl_decode_sanity_check(len, read, offset);
     return ary;
 }
@@ -1360,13 +1362,13 @@ ossl_asn1cons_each(VALUE self)
 
 /*
  * call-seq:
- *    ObjectId.register(object_id, short_name, long_name)
+ *    OpenSSL::ASN1::ObjectId.register(object_id, short_name, long_name)
  *
  * This adds a new ObjectId to the internal tables. Where +object_id+ is the
  * numerical form, +short_name+ is the short name, and +long_name+ is the long
  * name.
  *
- * Returns +true+ if successful. Raises an ASN1Error otherwise.
+ * Returns +true+ if successful. Raises an OpenSSL::ASN1::ASN1Error if it fails.
  *
  */
 static VALUE
@@ -1384,11 +1386,11 @@ ossl_asn1obj_s_register(VALUE self, VALUE oid, VALUE sn, VALUE ln)
 
 /* Document-method: OpenSSL::ASN1::ObjectId#sn
  *
- * The short name of the ObjectId, as defined in +openssl/objects.h+.
+ * The short name of the ObjectId, as defined in <openssl/objects.h>.
  */
 /* Document-method: OpenSSL::ASN1::ObjectId#short_name
  *
- * #short_name is an alias to #sn
+ * +short_name+ is an alias to +sn+
  */
 static VALUE
 ossl_asn1obj_get_sn(VALUE self)
@@ -1405,11 +1407,11 @@ ossl_asn1obj_get_sn(VALUE self)
 
 /* Document-method: OpenSSL::ASN1::ObjectId#ln
  *
- * The long name of the ObjectId, as defined in +openssl/objects.h+.
+ * The long name of the ObjectId, as defined in <openssl/objects.h>.
  */
-/* Document-method: OpenSSL::ASN1::ObjectId.long_name
+/* Document-method: OpenSSL::ASN1::ObjectId#long_name
  *
- * #long_name is an alias to #ln
+ * +long_name+ is an alias to +ln+
  */
 static VALUE
 ossl_asn1obj_get_ln(VALUE self)
@@ -1426,7 +1428,7 @@ ossl_asn1obj_get_ln(VALUE self)
 
 /* Document-method: OpenSSL::ASN1::ObjectId#oid
  *
- * The object identifier as a String.
+ * The object identifier as a +String+, e.g. "1.2.3.4.5"
  */
 static VALUE
 ossl_asn1obj_get_oid(VALUE self)
@@ -1809,6 +1811,10 @@ Init_ossl_asn1(void)
      *
      * == OpenSSL::ASN1::ObjectId
      *
+     * NOTE: While OpenSSL::ASN1::ObjectId.new will allocate a new ObjectId,
+     * it is not typically allocated this way, but rather that are received from
+     * parsed ASN1 encodings.
+     *
      * While OpenSSL::ASN1::ObjectId.new will allocate a new ObjectId, it is
      * not typically allocated this way, but rather that are received from
      * parsed ASN1 encodings.

data/ext/rubysl/openssl/ossl_asn1.h

@@ -1,11 +1,10 @@
 /*
- * $Id: ossl_asn1.h 27437 2010-04-22 08:04:13Z nobu $
  * 'OpenSSL for Ruby' team members
  * Copyright (C) 2003
  * All rights reserved.
  */
 /*
- * This program is licenced under the same licence as Ruby.
+ * This program is licensed under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
 #if !defined(_OSSL_ASN1_H_)

data/ext/rubysl/openssl/ossl_bio.c

@@ -1,11 +1,10 @@
 /*
- * $Id: ossl_bio.c 47042 2014-08-03 01:56:01Z nobu $
  * 'OpenSSL for Ruby' team members
  * Copyright (C) 2003
  * All rights reserved.
  */
 /*
- * This program is licenced under the same licence as Ruby.
+ * This program is licensed under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
 #include "ossl.h"

data/ext/rubysl/openssl/ossl_bio.h

@@ -1,11 +1,10 @@
 /*
- * $Id: ossl_bio.h 25189 2009-10-02 12:04:37Z akr $
  * 'OpenSSL for Ruby' team members
  * Copyright (C) 2003
  * All rights reserved.
  */
 /*
- * This program is licenced under the same licence as Ruby.
+ * This program is licensed under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
 #if !defined(_OSSL_BIO_H_)
@@ -18,4 +17,3 @@ VALUE ossl_membio2str(BIO*);
 VALUE ossl_protect_membio2str(BIO*,int*);
 
 #endif
-

data/ext/rubysl/openssl/ossl_bn.c

@@ -1,21 +1,22 @@
 /*
- * $Id: ossl_bn.c 48662 2014-12-01 06:38:04Z nobu $
  * 'OpenSSL for Ruby' project
  * Copyright (C) 2001-2002  Technorama team <oss-ruby@technorama.net>
  * All rights reserved.
  */
 /*
- * This program is licenced under the same licence as Ruby.
+ * This program is licensed under the same licence as Ruby.
  * (See the file 'LICENCE'.)
  */
 /* modified by Michal Rokos <m.rokos@sh.cvut.cz> */
 #include "ossl.h"
 
-#define WrapBN(klass, obj, bn) do { \
+#define NewBN(klass) \
+  TypedData_Wrap_Struct((klass), &ossl_bn_type, 0)
+#define SetBN(obj, bn) do { \
   if (!(bn)) { \
     ossl_raise(rb_eRuntimeError, "BN wasn't initialized!"); \
   } \
-  (obj) = TypedData_Wrap_Struct((klass), &ossl_bn_type, (bn)); \
+  RTYPEDDATA_DATA(obj) = (bn); \
 } while (0)
 
 #define GetBN(obj, bn) do { \
@@ -53,6 +54,13 @@ static const rb_data_type_t ossl_bn_type = {
  * Classes
  */
 VALUE cBN;
+
+/* Document-class: OpenSSL::BNError
+ *
+ * BNError < OpenSSLError
+ *
+ * Generic Error for all of OpenSSL::BN (big num)
+ */
 VALUE eBNError;
 
 /*
@@ -64,11 +72,12 @@ ossl_bn_new(const BIGNUM *bn)
     BIGNUM *newbn;
     VALUE obj;
 
+    obj = NewBN(cBN);
     newbn = bn ? BN_dup(bn) : BN_new();
     if (!newbn) {
 	ossl_raise(eBNError, NULL);
     }
-    WrapBN(cBN, obj, newbn);
+    SetBN(obj, newbn);
 
     return obj;
 }
@@ -77,6 +86,7 @@ BIGNUM *
 GetBNPtr(VALUE obj)
 {
     BIGNUM *bn = NULL;
+    VALUE newobj;
 
     if (RTEST(rb_obj_is_kind_of(obj, cBN))) {
 	GetBN(obj, bn);
@@ -84,10 +94,11 @@ GetBNPtr(VALUE obj)
     case T_FIXNUM:
     case T_BIGNUM:
 	obj = rb_String(obj);
+	newobj = NewBN(cBN);	/* GC bug */
 	if (!BN_dec2bn(&bn, StringValuePtr(obj))) {
 	    ossl_raise(eBNError, NULL);
 	}
-	WrapBN(cBN, obj, bn); /* Handle potencial mem leaks */
+	SetBN(newobj, bn); /* Handle potencial mem leaks */
 	break;
     case T_NIL:
 	break;
@@ -111,23 +122,25 @@ static VALUE
 ossl_bn_alloc(VALUE klass)
 {
     BIGNUM *bn;
-    VALUE obj;
+    VALUE obj = NewBN(klass);
 
     if (!(bn = BN_new())) {
 	ossl_raise(eBNError, NULL);
     }
-    WrapBN(klass, obj, bn);
+    SetBN(obj, bn);
 
     return obj;
 }
 
-/*
- * call-seq:
- *    BN.new => aBN
- *    BN.new(bn) => aBN
- *    BN.new(integer) => aBN
- *    BN.new(string) => aBN
- *    BN.new(string, 0 | 2 | 10 | 16) => aBN
+/* Document-method: OpenSSL::BN.new
+ *
+ *    OpenSSL::BN.new => aBN
+ *    OpenSSL::BN.new(bn) => aBN
+ *    OpenSSL::BN.new(integer) => aBN
+ *    OpenSSL::BN.new(string) => aBN
+ *    OpenSSL::BN.new(string, 0 | 2 | 10 | 16) => aBN
+ *
+ * Construct a new OpenSSL BigNum object.
  */
 static VALUE
 ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
@@ -320,11 +333,6 @@ ossl_bn_coerce(VALUE self, VALUE other)
 }
 
 #define BIGNUM_BOOL1(func)				\
-    /*							\
-     * call-seq:					\
-     *   bn.##func -> true | false			\
-     *							\
-     */							\
     static VALUE					\
     ossl_bn_##func(VALUE self)				\
     {							\
@@ -335,22 +343,33 @@ ossl_bn_coerce(VALUE self, VALUE other)
 	}						\
 	return Qfalse;					\
     }
+
+/*
+ * Document-method: OpenSSL::BN#zero?
+ *   bn.zero? => true | false
+ */
 BIGNUM_BOOL1(is_zero)
+
+/*
+ * Document-method: OpenSSL::BN#one?
+ *   bn.one? => true | false
+ */
 BIGNUM_BOOL1(is_one)
+
+/*
+ * Document-method: OpenSSL::BN#odd?
+ *   bn.odd? => true | false
+ */
 BIGNUM_BOOL1(is_odd)
 
 #define BIGNUM_1c(func)					\
-    /*							\
-     * call-seq:					\
-     *   bn.##func -> aBN				\
-     *							\
-     */							\
     static VALUE					\
     ossl_bn_##func(VALUE self)				\
     {							\
 	BIGNUM *bn, *result;				\
 	VALUE obj;					\
 	GetBN(self, bn);				\
+	obj = NewBN(CLASS_OF(self));			\
 	if (!(result = BN_new())) {			\
 	    ossl_raise(eBNError, NULL);			\
 	}						\
@@ -358,23 +377,24 @@ BIGNUM_BOOL1(is_odd)
 	    BN_free(result);				\
 	    ossl_raise(eBNError, NULL);			\
 	}						\
-	WrapBN(CLASS_OF(self), obj, result);		\
+	SetBN(obj, result);				\
 	return obj;					\
     }
+
+/*
+ * Document-method: OpenSSL::BN#sqr
+ *   bn.sqr => aBN
+ */
 BIGNUM_1c(sqr)
 
 #define BIGNUM_2(func)					\
-    /*							\
-     * call-seq:					\
-     *   bn.##func(bn2) -> aBN				\
-     *							\
-     */							\
     static VALUE					\
     ossl_bn_##func(VALUE self, VALUE other)		\
     {							\
 	BIGNUM *bn1, *bn2 = GetBNPtr(other), *result;	\
 	VALUE obj;					\
 	GetBN(self, bn1);				\
+	obj = NewBN(CLASS_OF(self));			\
 	if (!(result = BN_new())) {			\
 	    ossl_raise(eBNError, NULL);			\
 	}						\
@@ -382,24 +402,30 @@ BIGNUM_1c(sqr)
 	    BN_free(result);				\
 	    ossl_raise(eBNError, NULL);			\
 	}						\
-	WrapBN(CLASS_OF(self), obj, result);		\
+	SetBN(obj, result);				\
 	return obj;					\
     }
+
+/*
+ * Document-method: OpenSSL::BN#+
+ *   bn + bn2 => aBN
+ */
 BIGNUM_2(add)
+
+/*
+ * Document-method: OpenSSL::BN#-
+ *   bn - bn2 => aBN
+ */
 BIGNUM_2(sub)
 
 #define BIGNUM_2c(func)						\
-    /*								\
-     * call-seq:						\
-     *   bn.##func(bn2) -> aBN					\
-     *								\
-     */								\
     static VALUE						\
     ossl_bn_##func(VALUE self, VALUE other)			\
     {								\
 	BIGNUM *bn1, *bn2 = GetBNPtr(other), *result;		\
 	VALUE obj;						\
 	GetBN(self, bn1);					\
+	obj = NewBN(CLASS_OF(self));				\
 	if (!(result = BN_new())) {				\
 	    ossl_raise(eBNError, NULL);				\
 	}							\
@@ -407,19 +433,51 @@ BIGNUM_2(sub)
 	    BN_free(result);					\
 	    ossl_raise(eBNError, NULL);				\
 	}							\
-	WrapBN(CLASS_OF(self), obj, result);			\
+	SetBN(obj, result);					\
 	return obj;						\
     }
+
+/*
+ * Document-method: OpenSSL::BN#*
+ *   bn * bn2 => aBN
+ */
 BIGNUM_2c(mul)
+
+/*
+ * Document-method: OpenSSL::BN#%
+ *   bn % bn2 => aBN
+ */
 BIGNUM_2c(mod)
+
+/*
+ * Document-method: OpenSSL::BN#**
+ *   bn ** bn2 => aBN
+ */
 BIGNUM_2c(exp)
+
+/*
+ * Document-method: OpenSSL::BN#gcd
+ *   bn.gcd(bn2) => aBN
+ */
 BIGNUM_2c(gcd)
+
+/*
+ * Document-method: OpenSSL::BN#mod_sqr
+ *   bn.mod_sqr(bn2) => aBN
+ */
 BIGNUM_2c(mod_sqr)
+
+/*
+ * Document-method: OpenSSL::BN#mod_inverse
+ *   bn.mod_inverse(bn2) => aBN
+ */
 BIGNUM_2c(mod_inverse)
 
 /*
- * call-seq:
+ * Document-method: OpenSSL::BN#/
  *    bn1 / bn2 => [result, remainder]
+ *
+ * Division of OpenSSL::BN instances
  */
 static VALUE
 ossl_bn_div(VALUE self, VALUE other)
@@ -429,6 +487,8 @@ ossl_bn_div(VALUE self, VALUE other)
 
     GetBN(self, bn1);
 
+    obj1 = NewBN(CLASS_OF(self));
+    obj2 = NewBN(CLASS_OF(self));
     if (!(r1 = BN_new())) {
 	ossl_raise(eBNError, NULL);
     }
@@ -441,18 +501,13 @@ ossl_bn_div(VALUE self, VALUE other)
 	BN_free(r2);
 	ossl_raise(eBNError, NULL);
     }
-    WrapBN(CLASS_OF(self), obj1, r1);
-    WrapBN(CLASS_OF(self), obj2, r2);
+    SetBN(obj1, r1);
+    SetBN(obj2, r2);
 
     return rb_ary_new3(2, obj1, obj2);
 }
 
 #define BIGNUM_3c(func)						\
-    /*								\
-     * call-seq:						\
-     *   bn.##func(bn1, bn2) -> aBN				\
-     *								\
-     */								\
     static VALUE						\
     ossl_bn_##func(VALUE self, VALUE other1, VALUE other2)	\
     {								\
@@ -460,6 +515,7 @@ ossl_bn_div(VALUE self, VALUE other)
 	BIGNUM *bn3 = GetBNPtr(other2), *result;		\
 	VALUE obj;						\
 	GetBN(self, bn1);					\
+	obj = NewBN(CLASS_OF(self));				\
 	if (!(result = BN_new())) {				\
 	    ossl_raise(eBNError, NULL);				\
 	}							\
@@ -467,20 +523,35 @@ ossl_bn_div(VALUE self, VALUE other)
 	    BN_free(result);					\
 	    ossl_raise(eBNError, NULL);				\
 	}							\
-	WrapBN(CLASS_OF(self), obj, result);			\
+	SetBN(obj, result);					\
 	return obj;						\
     }
+
+/*
+ * Document-method: OpenSSL::BN#mod_add
+ *   bn.mod_add(bn1, bn2) -> aBN
+ */
 BIGNUM_3c(mod_add)
+
+/*
+ * Document-method: OpenSSL::BN#mod_sub
+ *   bn.mod_sub(bn1, bn2) -> aBN
+ */
 BIGNUM_3c(mod_sub)
+
+/*
+ * Document-method: OpenSSL::BN#mod_mul
+ *   bn.mod_mul(bn1, bn2) -> aBN
+ */
 BIGNUM_3c(mod_mul)
+
+/*
+ * Document-method: OpenSSL::BN#mod_exp
+ *   bn.mod_exp(bn1, bn2) -> aBN
+ */
 BIGNUM_3c(mod_exp)
 
 #define BIGNUM_BIT(func)				\
-    /*							\
-     * call-seq:					\
-     *   bn.##func(bit) -> self				\
-     *							\
-     */							\
     static VALUE					\
     ossl_bn_##func(VALUE self, VALUE bit)		\
     {							\
@@ -491,13 +562,32 @@ BIGNUM_3c(mod_exp)
 	}						\
 	return self;					\
     }
+
+/*
+ * Document-method: OpenSSL::BN#set_bit!
+ *   bn.set_bit!(bit) -> self
+ */
 BIGNUM_BIT(set_bit)
+
+/*
+ * Document-method: OpenSSL::BN#clear_bit!
+ *   bn.clear_bit!(bit) -> self
+ */
 BIGNUM_BIT(clear_bit)
-BIGNUM_BIT(mask_bits)
 
 /*
- * call-seq:
+ * Document-method: OpenSSL::BN#mask_bit!
+ *   bn.mask_bit!(bit) -> self
+ */
+BIGNUM_BIT(mask_bits)
+
+/* Document-method: OpenSSL::BN#bit_set?
+ *
+ * Returns boolean of whether +bit+ is set.
+ * Bitwise operations for openssl BIGNUMs.
+ *
  *    bn.bit_set?(bit) => true | false
+ *
  */
 static VALUE
 ossl_bn_is_bit_set(VALUE self, VALUE bit)
@@ -514,11 +604,6 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit)
 }
 
 #define BIGNUM_SHIFT(func)				\
-    /*							\
-     * call-seq:					\
-     *   bn.##func(bits) -> aBN				\
-     *							\
-     */							\
     static VALUE					\
     ossl_bn_##func(VALUE self, VALUE bits)		\
     {							\
@@ -527,6 +612,7 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit)
 	VALUE obj;					\
 	b = NUM2INT(bits);				\
 	GetBN(self, bn);				\
+	obj = NewBN(CLASS_OF(self));			\
 	if (!(result = BN_new())) {			\
 		ossl_raise(eBNError, NULL);		\
 	}						\
@@ -534,18 +620,25 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit)
 		BN_free(result);			\
 		ossl_raise(eBNError, NULL);		\
 	}						\
-	WrapBN(CLASS_OF(self), obj, result);		\
+	SetBN(obj, result);				\
 	return obj;					\
     }
+
+/*
+ * Document-method: OpenSSL::BN#<<
+ * call-seq:
+ *   bn << bits -> aBN
+ */
 BIGNUM_SHIFT(lshift)
+
+/*
+ * Document-method: OpenSSL::BN#>>
+ * call-seq:
+ *   bn >> bits -> aBN
+ */
 BIGNUM_SHIFT(rshift)
 
 #define BIGNUM_SELF_SHIFT(func)				\
-    /*							\
-     * call-seq:					\
-     *   bn.##func!(bits) -> self			\
-     *							\
-     */							\
     static VALUE					\
     ossl_bn_self_##func(VALUE self, VALUE bits)		\
     {							\
@@ -557,15 +650,20 @@ BIGNUM_SHIFT(rshift)
 		ossl_raise(eBNError, NULL);		\
 	return self;					\
     }
+
+/*
+ * Document-method: OpenSSL::BN#lshift!
+ *   bn.lshift!(bits) -> self
+ */
 BIGNUM_SELF_SHIFT(lshift)
+
+/*
+ * Document-method: OpenSSL::BN#rshift!
+ *   bn.rshift!(bits) -> self
+ */
 BIGNUM_SELF_SHIFT(rshift)
 
 #define BIGNUM_RAND(func)					\
-    /*								\
-     * call-seq:						\
-     *   BN.##func(bits [, fill [, odd]]) -> aBN		\
-     *								\
-     */								\
     static VALUE						\
     ossl_bn_s_##func(int argc, VALUE *argv, VALUE klass)	\
     {								\
@@ -581,6 +679,7 @@ BIGNUM_SELF_SHIFT(rshift)
 	    top = NUM2INT(fill);				\
 	}							\
 	b = NUM2INT(bits);					\
+	obj = NewBN(klass);					\
 	if (!(result = BN_new())) {				\
 	    ossl_raise(eBNError, NULL);				\
 	}							\
@@ -588,23 +687,28 @@ BIGNUM_SELF_SHIFT(rshift)
 	    BN_free(result);					\
 	    ossl_raise(eBNError, NULL);				\
 	}							\
-	WrapBN(klass, obj, result);				\
+	SetBN(obj, result);					\
 	return obj;						\
     }
+
+/*
+ * Document-method: OpenSSL::BN.rand
+ *   BN.rand(bits [, fill [, odd]]) -> aBN
+ */
 BIGNUM_RAND(rand)
+
+/*
+ * Document-method: OpenSSL::BN.pseudo_rand
+ *   BN.pseudo_rand(bits [, fill [, odd]]) -> aBN
+ */
 BIGNUM_RAND(pseudo_rand)
 
 #define BIGNUM_RAND_RANGE(func)					\
-    /*								\
-     * call-seq:						\
-     *   BN.##func(range) -> aBN				\
-     *								\
-     */								\
     static VALUE						\
     ossl_bn_s_##func##_range(VALUE klass, VALUE range)		\
     {								\
 	BIGNUM *bn = GetBNPtr(range), *result;			\
-	VALUE obj;						\
+	VALUE obj = NewBN(klass);				\
 	if (!(result = BN_new())) {				\
 	    ossl_raise(eBNError, NULL);				\
 	}							\
@@ -612,10 +716,22 @@ BIGNUM_RAND(pseudo_rand)
 	    BN_free(result);					\
 	    ossl_raise(eBNError, NULL);				\
 	}							\
-	WrapBN(klass, obj, result);				\
+	SetBN(obj, result);					\
 	return obj;						\
     }
+
+/*
+ * Document-method: OpenSSL::BN.rand_range
+ *   BN.rand_range(range) -> aBN
+ *
+ */
 BIGNUM_RAND_RANGE(rand)
+
+/*
+ * Document-method: OpenSSL::BN.pseudo_rand_range
+ *   BN.pseudo_rand_range(range) -> aBN
+ *
+ */
 BIGNUM_RAND_RANGE(pseudo_rand)
 
 /*
@@ -646,6 +762,7 @@ ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass)
 	add = GetBNPtr(vadd);
 	rem = NIL_P(vrem) ? NULL : GetBNPtr(vrem);
     }
+    obj = NewBN(klass);
     if (!(result = BN_new())) {
 	ossl_raise(eBNError, NULL);
     }
@@ -653,17 +770,12 @@ ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass)
 	BN_free(result);
 	ossl_raise(eBNError, NULL);
     }
-    WrapBN(klass, obj, result);
+    SetBN(obj, result);
 
     return obj;
 }
 
 #define BIGNUM_NUM(func)			\
-    /*							\
-     * call-seq:					\
-     *   bn.##func -> integer				\
-     *							\
-     */							\
     static VALUE 				\
     ossl_bn_##func(VALUE self)			\
     {						\
@@ -671,7 +783,17 @@ ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass)
 	GetBN(self, bn);			\
 	return INT2FIX(BN_##func(bn));		\
     }
+
+/*
+ * Document-method: OpenSSL::BN#num_bytes
+ *   bn.num_bytes => integer
+ */
 BIGNUM_NUM(num_bytes)
+
+/*
+ * Document-method: OpenSSL::BN#num_bits
+ *   bn.num_bits => integer
+ */
 BIGNUM_NUM(num_bits)
 
 static VALUE
@@ -693,11 +815,6 @@ ossl_bn_copy(VALUE self, VALUE other)
 }
 
 #define BIGNUM_CMP(func)				\
-    /*							\
-     * call-seq:					\
-     *   bn.##func(bn2) -> integer			\
-     *							\
-     */							\
     static VALUE					\
     ossl_bn_##func(VALUE self, VALUE other)		\
     {							\
@@ -705,9 +822,30 @@ ossl_bn_copy(VALUE self, VALUE other)
 	GetBN(self, bn1);				\
 	return INT2FIX(BN_##func(bn1, bn2));		\
     }
+
+/*
+ * Document-method: OpenSSL::BN#cmp
+ *   bn.cmp(bn2) => integer
+ */
+/*
+ * Document-method: OpenSSL::BN#<=>
+ *   bn <=> bn2 => integer
+ */
 BIGNUM_CMP(cmp)
+
+/*
+ * Document-method: OpenSSL::BN#ucmp
+ *   bn.ucmp(bn2) => integer
+ */
 BIGNUM_CMP(ucmp)
 
+/*
+ *  call-seq:
+ *     big.eql?(obj) => true or false
+ *
+ *  Returns <code>true</code> only if <i>obj</i> is a
+ *  <code>Bignum</code> with the same value as <i>big</i>. Contrast this
+ */
 static VALUE
 ossl_bn_eql(VALUE self, VALUE other)
 {
@@ -912,4 +1050,3 @@ Init_ossl_bn(void)
      */
     rb_define_method(cBN, "prime_fasttest?", ossl_bn_is_prime_fasttest, -1);
 }
-