8 files changed, 30 insertions, 23 deletions

diff --git a/openssl/src/hash.rs b/openssl/src/hash.rs
index 1d2089ef..47d6dc7a 100644
--- a/openssl/src/hash.rs
+++ b/openssl/src/hash.rs
@@ -60,7 +60,7 @@ use self::State::*;
 ///
 /// # Examples
 ///
-/// Calculate a hash in one go.
+/// Calculate a hash in one go:
 ///
 /// ```
 /// use openssl::hash::{hash, MessageDigest};
@@ -71,7 +71,7 @@ use self::State::*;
 /// assert_eq!(res, spec);
 /// ```
 ///
-/// Use the `Write` trait to supply the input in chunks.
+/// Supply the input in chunks:
 ///
 /// ```
 /// use openssl::hash::{Hasher, MessageDigest};
diff --git a/openssl/src/pkcs5.rs b/openssl/src/pkcs5.rs
index 8d6dcce8..9e1c2d26 100644
--- a/openssl/src/pkcs5.rs
+++ b/openssl/src/pkcs5.rs
@@ -22,7 +22,7 @@ pub struct KeyIvPair {
 /// v1.5 or PBKDF1 from PKCS#5 v2.0.
 ///
 /// New applications should not use this and instead use
-/// `pkcs5_pbkdf2_hmac_sha1` or another more modern key derivation algorithm.
+/// `pbkdf2_hmac` or another more modern key derivation algorithm.
 pub fn bytes_to_key(cipher: Cipher,
                     digest: MessageDigest,
                     data: &[u8],
diff --git a/openssl/src/pkey.rs b/openssl/src/pkey.rs
index 7f031244..7a32692b 100644
--- a/openssl/src/pkey.rs
+++ b/openssl/src/pkey.rs
@@ -117,6 +117,9 @@ impl PKey {
     }
 
     /// Creates a new `PKey` containing an HMAC key.
+    ///
+    /// # Note
+    /// To compute HMAC values, use the `sign` module.
     pub fn hmac(key: &[u8]) -> Result<PKey, ErrorStack> {
         unsafe {
             assert!(key.len() <= c_int::max_value() as usize);
diff --git a/openssl/src/sign.rs b/openssl/src/sign.rs
index ca7986ca..ec37c885 100644
--- a/openssl/src/sign.rs
+++ b/openssl/src/sign.rs
@@ -35,12 +35,13 @@
 //! assert!(verifier.finish(&signature).unwrap());
 //! ```
 //!
-//! Compute an HMAC (note that `Verifier` cannot be used with HMACs):
+//! Compute an HMAC:
 //!
 //! ```rust
-//! use openssl::sign::Signer;
-//! use openssl::pkey::PKey;
 //! use openssl::hash::MessageDigest;
+//! use openssl::memcmp;
+//! use openssl::pkey::PKey;
+//! use openssl::sign::Signer;
 //!
 //! // Create a PKey
 //! let key = PKey::hmac(b"my secret").unwrap();
@@ -53,6 +54,12 @@
 //! signer.update(data).unwrap();
 //! signer.update(data2).unwrap();
 //! let hmac = signer.finish().unwrap();
+//!
+//! // `Verifier` cannot be used with HMACs; use the `memcmp::eq` function instead
+//! //
+//! // Do not simply check for equality with `==`!
+//! # let target = hmac.clone();
+//! assert!(memcmp::eq(&hmac, &target));
 //! ```
 use ffi;
 use std::io::{self, Write};
diff --git a/openssl/src/ssl/bio.rs b/openssl/src/ssl/bio.rs
index c5152a41..4dc7cbd4 100644
--- a/openssl/src/ssl/bio.rs
+++ b/openssl/src/ssl/bio.rs
@@ -68,10 +68,10 @@ pub unsafe fn get_mut<'a, S: 'a>(bio: *mut BIO) -> &'a mut S {
 }
 
 unsafe fn state<'a, S: 'a>(bio: *mut BIO) -> &'a mut StreamState<S> {
-    mem::transmute(compat::BIO_get_data(bio))
+    &mut *(compat::BIO_get_data(bio) as *mut _)
 }
 
-unsafe extern "C" fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_int) -> c_int {
+unsafe extern fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_int) -> c_int {
     BIO_clear_retry_flags(bio);
 
     let state = state::<S>(bio);
@@ -93,7 +93,7 @@ unsafe extern "C" fn bwrite<S: Write>(bio: *mut BIO, buf: *const c_char, len: c_
     }
 }
 
-unsafe extern "C" fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int) -> c_int {
+unsafe extern fn bread<S: Read>(bio: *mut BIO, buf: *mut c_char, len: c_int) -> c_int {
     BIO_clear_retry_flags(bio);
 
     let state = state::<S>(bio);
@@ -123,11 +123,11 @@ fn retriable_error(err: &io::Error) -> bool {
     }
 }
 
-unsafe extern "C" fn bputs<S: Write>(bio: *mut BIO, s: *const c_char) -> c_int {
+unsafe extern fn bputs<S: Write>(bio: *mut BIO, s: *const c_char) -> c_int {
     bwrite::<S>(bio, s, strlen(s) as c_int)
 }
 
-unsafe extern "C" fn ctrl<S: Write>(bio: *mut BIO,
+unsafe extern fn ctrl<S: Write>(bio: *mut BIO,
                                     cmd: c_int,
                                     _num: c_long,
                                     _ptr: *mut c_void)
@@ -151,7 +151,7 @@ unsafe extern "C" fn ctrl<S: Write>(bio: *mut BIO,
     }
 }
 
-unsafe extern "C" fn create(bio: *mut BIO) -> c_int {
+unsafe extern fn create(bio: *mut BIO) -> c_int {
     compat::BIO_set_init(bio, 0);
     compat::BIO_set_num(bio, 0);
     compat::BIO_set_data(bio, ptr::null_mut());
@@ -159,7 +159,7 @@ unsafe extern "C" fn create(bio: *mut BIO) -> c_int {
     1
 }
 
-unsafe extern "C" fn destroy<S>(bio: *mut BIO) -> c_int {
+unsafe extern fn destroy<S>(bio: *mut BIO) -> c_int {
     if bio.is_null() {
         return 0;
     }
diff --git a/openssl/src/ssl/connector.rs b/openssl/src/ssl/connector.rs
index cc5c5273..43dad17d 100644
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@@ -379,7 +379,7 @@ mod verify {
         // the same thing we do here.
         //
         // The Public Suffix (https://www.publicsuffix.org/) list could
-        // potentically be used here, but it's both huge and updated frequently
+        // potentially be used here, but it's both huge and updated frequently
         // enough that management would be a PITA.
         if dot_idxs.next().is_none() {
             return None;
diff --git a/openssl/src/symm.rs b/openssl/src/symm.rs
index d2cb0cc8..99ee4c67 100644
--- a/openssl/src/symm.rs
+++ b/openssl/src/symm.rs
@@ -369,6 +369,10 @@ fn cipher(t: Cipher,
 ///
 /// Additional Authenticated Data can be provided in the `aad` field, and the authentication tag
 /// will be copied into the `tag` field.
+///
+/// The size of the `tag` buffer indicates the required size of the tag. While some ciphers support
+/// a range of tag sizes, it is recommended to pick the maximum size. For AES GCM, this is 16 bytes,
+/// for example.
 pub fn encrypt_aead(t: Cipher,
                     key: &[u8],
                     iv: Option<&[u8]>,
@@ -390,10 +394,6 @@ pub fn encrypt_aead(t: Cipher,
 ///
 /// Additional Authenticated Data can be provided in the `aad` field, and the authentication tag
 /// should be provided in the `tag` field.
-///
-/// The size of the `tag` buffer indicates the required size of the tag. While some ciphers support
-/// a range of tag sizes, it is recommended to pick the maximum size. For AES GCM, this is 16 bytes,
-/// for example.
 pub fn decrypt_aead(t: Cipher,
                     key: &[u8],
                     iv: Option<&[u8]>,
diff --git a/openssl/src/version.rs b/openssl/src/version.rs
index 2604914e..bf47695b 100644
--- a/openssl/src/version.rs
+++ b/openssl/src/version.rs
@@ -20,11 +20,8 @@ use ffi::{SSLEAY_VERSION as OPENSSL_VERSION, SSLEAY_CFLAGS as OPENSSL_CFLAGS,
           SSLeay_version as OpenSSL_version};
 
 #[cfg(ossl110)]
-use ffi::{OPENSSL_VERSION, OPENSSL_CFLAGS};
-#[cfg(ossl110)]
-use ffi::{OPENSSL_BUILT_ON, OPENSSL_PLATFORM, OPENSSL_DIR};
-#[cfg(ossl110)]
-use ffi::{OpenSSL_version_num, OpenSSL_version};
+use ffi::{OPENSSL_VERSION, OPENSSL_CFLAGS, OPENSSL_BUILT_ON, OPENSSL_PLATFORM, OPENSSL_DIR,
+          OpenSSL_version_num, OpenSSL_version};
 
 /// OPENSSL_VERSION_NUMBER is a numeric release version identifier:
 ///