Merge pull request #1277 from sfackler/github-actions

Start moving to GitHub actions
2020-05-24 20:17:18 -04:00 · 2020-05-24 20:17:18 -04:00 · 00e909849c
parent 72048765c7 f401ba2ec1
commit 00e909849c
44 changed files with 462 additions and 258 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -0,0 +1,49 @@
 name: CI
 on:
  pull_request:
    branches:
      - master
  push:
    branches:
      - master
 env:
  RUSTFLAGS: -Dwarnings
  RUST_BACKTRACE: 1
 jobs:
  rustfmt:
    name: rustfmt
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Install Rust
        run: rustup update stable && rustup default stable
      - name: Check formatting
        run: cargo fmt --all -- --check
  clippy:
    name: clippy
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Install Rust
        run: rustup update stable && rustup default stable
      - name: Get rust version
        id: rust-version
        run: echo "::set-output name=version::$(rustc --version)"
      - name: Create lockfile
        run: cargo generate-lockfile
      - name: Cache cargo registry
        uses: actions/cache@v1
        with:
          path: ~/.cargo/registry/cache
          key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
      - name: Cache target directory
        uses: actions/cache@v1
        with:
          path: target
          key: clippy-target-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
      - name: Check clippy
        run: cargo clippy --all --all-targets
--- a/openssl-sys/build/cfgs.rs
+++ b/openssl-sys/build/cfgs.rs
@ -1,3 +1,4 @@
 #[allow(clippy::inconsistent_digit_grouping)]
 pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<&'static str> {
    let mut cfgs = vec![];
--- a/openssl-sys/build/find_normal.rs
+++ b/openssl-sys/build/find_normal.rs
@ -9,14 +9,15 @@ pub fn get_openssl(target: &str) -> (PathBuf, PathBuf) {
    let lib_dir = env("OPENSSL_LIB_DIR").map(PathBuf::from);
    let include_dir = env("OPENSSL_INCLUDE_DIR").map(PathBuf::from);
-    if lib_dir.is_none() || include_dir.is_none() {
+    match (lib_dir, include_dir) {
-        let openssl_dir = env("OPENSSL_DIR").unwrap_or_else(|| find_openssl_dir(&target));
+        (Some(lib_dir), Some(include_dir)) => (lib_dir, include_dir),
-        let openssl_dir = Path::new(&openssl_dir);
+        (lib_dir, include_dir) => {
-        let lib_dir = lib_dir.unwrap_or_else(|| openssl_dir.join("lib"));
+            let openssl_dir = env("OPENSSL_DIR").unwrap_or_else(|| find_openssl_dir(&target));
-        let include_dir = include_dir.unwrap_or_else(|| openssl_dir.join("include"));
+            let openssl_dir = Path::new(&openssl_dir);
-        (lib_dir, include_dir)
+            let lib_dir = lib_dir.unwrap_or_else(|| openssl_dir.join("lib"));
-    } else {
+            let include_dir = include_dir.unwrap_or_else(|| openssl_dir.join("include"));
-        (lib_dir.unwrap(), include_dir.unwrap())
+            (lib_dir, include_dir)
        }
    }
 }
@ -93,7 +94,7 @@ openssl-sys = {}
    if host.contains("apple-darwin") && target.contains("apple-darwin") {
        let system = Path::new("/usr/lib/libssl.0.9.8.dylib");
        if system.exists() {
-            msg.push_str(&format!(
+            msg.push_str(
                "
 It looks like you're compiling on macOS, where the system contains a version of
@ -105,27 +106,28 @@ install the `openssl` package, or as a maintainer you can use the openssl-sys
 Unfortunately though the compile cannot continue, so aborting.
-"
+",
-            ));
+            );
        }
    }
-    if host.contains("unknown-linux") && target.contains("unknown-linux-gnu") {
+    if host.contains("unknown-linux")
-        if Command::new("pkg-config").output().is_err() {
+        && target.contains("unknown-linux-gnu")
-            msg.push_str(&format!(
+        && Command::new("pkg-config").output().is_err()
-                "
+    {
        msg.push_str(
            "
 It looks like you're compiling on Linux and also targeting Linux. Currently this
 requires the `pkg-config` utility to find OpenSSL but unfortunately `pkg-config`
 could not be found. If you have OpenSSL installed you can likely fix this by
 installing `pkg-config`.
-"
+",
-            ));
+        );
        }
    }
    if host.contains("windows") && target.contains("windows-gnu") {
-        msg.push_str(&format!(
+        msg.push_str(
            "
 It looks like you're compiling for MinGW but you may not have either OpenSSL or
 pkg-config installed. You can install these two dependencies with:
@ -134,12 +136,12 @@ pacman -S openssl-devel pkg-config
 and try building this crate again.
-"
+",
-        ));
+        );
    }
    if host.contains("windows") && target.contains("windows-msvc") {
-        msg.push_str(&format!(
+        msg.push_str(
            "
 It looks like you're compiling for MSVC but we couldn't detect an OpenSSL
 installation. If there isn't one installed then you can try the rust-openssl
@ -148,8 +150,8 @@ OpenSSL:
 https://github.com/sfackler/rust-openssl#windows
-"
+",
-        ));
+        );
    }
    panic!(msg);
@ -207,10 +209,7 @@ fn try_vcpkg() {
        .find_package("openssl");
    if let Err(e) = lib {
-        println!(
+        println!("note: vcpkg did not find openssl: {}", e);
            "note: vcpkg did not find openssl: {}",
            e
        );
        return;
    }
@ -237,5 +236,6 @@ fn execute_command_and_get_output(cmd: &str, args: &[&str]) -> Option<String> {
            }
        }
    }
-    return None;
+
    None
 }
--- a/openssl-sys/build/main.rs
+++ b/openssl-sys/build/main.rs
@ -1,3 +1,5 @@
 #![allow(clippy::inconsistent_digit_grouping)]
 extern crate autocfg;
 extern crate cc;
 #[cfg(feature = "vendored")]
@ -79,11 +81,11 @@ fn main() {
    );
    println!("cargo:include={}", include_dir.to_string_lossy());
-    let version = validate_headers(&[include_dir.clone().into()]);
+    let version = validate_headers(&[include_dir]);
    let libs_env = env("OPENSSL_LIBS");
    let libs = match libs_env.as_ref().and_then(|s| s.to_str()) {
-        Some(ref v) => v.split(":").collect(),
+        Some(ref v) => v.split(':').collect(),
        None => match version {
            Version::Openssl10x if target.contains("windows") => vec!["ssleay32", "libeay32"],
            Version::Openssl11x if target.contains("windows-msvc") => vec!["libssl", "libcrypto"],
--- a/openssl-sys/src/err.rs
+++ b/openssl-sys/src/err.rs
@ -9,7 +9,7 @@ const_fn! {
    pub const fn ERR_PACK(l: c_int, f: c_int, r: c_int) -> c_ulong {
        ((l as c_ulong & 0x0FF) << 24) |
        ((f as c_ulong & 0xFFF) << 12) |
-        ((r as c_ulong & 0xFFF))
+        (r as c_ulong & 0xFFF)
    }
    pub const fn ERR_GET_LIB(l: c_ulong) -> c_int {
--- a/openssl-sys/src/evp.rs
+++ b/openssl-sys/src/evp.rs
@ -167,7 +167,7 @@ extern "C" {
    pub fn EVP_DecryptFinal_ex(
        ctx: *mut EVP_CIPHER_CTX,
        outm: *mut c_uchar,
-        outl: *mut c_int
+        outl: *mut c_int,
    ) -> c_int;
 }
 cfg_if! {
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@ -1,5 +1,13 @@
-#![allow(non_camel_case_types, non_upper_case_globals, non_snake_case)]
+#![allow(
-#![allow(dead_code, overflowing_literals, unused_imports)]
+    clippy::missing_safety_doc,
    clippy::unreadable_literal,
    dead_code,
    non_camel_case_types,
    non_snake_case,
    non_upper_case_globals,
    overflowing_literals,
    unused_imports
 )]
 #![doc(html_root_url = "https://docs.rs/openssl-sys/0.9")]
 extern crate libc;
--- a/openssl-sys/src/pem.rs
+++ b/openssl-sys/src/pem.rs
@ -142,9 +142,7 @@ extern "C" {
        buf: *mut *const u8,
        length: c_long,
    ) -> *mut PKCS8_PRIV_KEY_INFO;
-    pub fn PKCS8_PRIV_KEY_INFO_free(
+    pub fn PKCS8_PRIV_KEY_INFO_free(p8inf: *mut PKCS8_PRIV_KEY_INFO);
        p8inf: *mut PKCS8_PRIV_KEY_INFO,
    );
    pub fn PEM_read_bio_PKCS7(
        bio: *mut BIO,
--- a/openssl/build.rs
+++ b/openssl/build.rs
@ -1,7 +1,9 @@
 #![allow(clippy::inconsistent_digit_grouping)]
 use std::env;
 fn main() {
-    if let Ok(_) = env::var("DEP_OPENSSL_LIBRESSL") {
+    if env::var("DEP_OPENSSL_LIBRESSL").is_ok() {
        println!("cargo:rustc-cfg=libressl");
    }
@ -10,7 +12,7 @@ fn main() {
    }
    if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
-        for var in vars.split(",") {
+        for var in vars.split(',') {
            println!("cargo:rustc-cfg=osslconf=\"{}\"", var);
        }
    }
--- a/openssl/src/asn1.rs
+++ b/openssl/src/asn1.rs
@ -124,17 +124,14 @@ impl Asn1TimeRef {
    #[cfg(ossl102)]
    pub fn diff(&self, compare: &Self) -> Result<TimeDiff, ErrorStack> {
        let mut days = 0;
-        let mut seconds = 0;
+        let mut secs = 0;
        let other = compare.as_ptr();
-        let err = unsafe { ffi::ASN1_TIME_diff(&mut days, &mut seconds, self.as_ptr(), other) };
+        let err = unsafe { ffi::ASN1_TIME_diff(&mut days, &mut secs, self.as_ptr(), other) };
        match err {
            0 => Err(ErrorStack::get()),
-            _ => Ok(TimeDiff {
+            _ => Ok(TimeDiff { days, secs }),
                days: days,
                secs: seconds,
            }),
        }
    }
@ -256,6 +253,7 @@ impl Asn1Time {
    /// This corresponds to [`ASN1_TIME_set_string`].
    ///
    /// [`ASN1_TIME_set_string`]: https://www.openssl.org/docs/manmaster/man3/ASN1_TIME_set_string.html
    #[allow(clippy::should_implement_trait)]
    pub fn from_str(s: &str) -> Result<Asn1Time, ErrorStack> {
        unsafe {
            let s = CString::new(s).unwrap();
@ -370,9 +368,9 @@ impl Asn1StringRef {
        }
    }
-    /// Return the string as an array of bytes
+    /// Return the string as an array of bytes.
    ///
-    /// The bytes do not directly corespond to UTF-8 encoding.  To interact with
+    /// The bytes do not directly correspond to UTF-8 encoding.  To interact with
    /// strings in rust, it is preferable to use [`as_utf8`]
    ///
    /// [`as_utf8`]: struct.Asn1String.html#method.as_utf8
@ -380,10 +378,15 @@ impl Asn1StringRef {
        unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr()), self.len()) }
    }
-    /// Return the length of the Asn1String (number of bytes)
+    /// Returns the number of bytes in the string.
    pub fn len(&self) -> usize {
        unsafe { ffi::ASN1_STRING_length(self.as_ptr()) as usize }
    }
    /// Determines if the string is empty.
    pub fn is_empty(&self) -> bool {
        self.len() == 0
    }
 }
 foreign_type_and_impl_send_sync! {
@ -467,14 +470,20 @@ foreign_type_and_impl_send_sync! {
 }
 impl Asn1BitStringRef {
-    /// Returns the Asn1BitString as a slice
+    /// Returns the Asn1BitString as a slice.
    pub fn as_slice(&self) -> &[u8] {
        unsafe { slice::from_raw_parts(ASN1_STRING_get0_data(self.as_ptr() as *mut _), self.len()) }
    }
-    /// Length of Asn1BitString in number of bytes.
+
    /// Returns the number of bytes in the string.
    pub fn len(&self) -> usize {
        unsafe { ffi::ASN1_STRING_length(self.as_ptr() as *const _) as usize }
    }
    /// Determines if the string is empty.
    pub fn is_empty(&self) -> bool {
        self.len() == 0
    }
 }
 foreign_type_and_impl_send_sync! {
--- a/openssl/src/base64.rs
+++ b/openssl/src/base64.rs
@ -63,7 +63,7 @@ pub fn decode_block(src: &str) -> Result<Vec<u8>, ErrorStack> {
        out.set_len(out_len as usize);
    }
-    if src.ends_with("=") {
+    if src.ends_with('=') {
        out.pop();
        if src.ends_with("==") {
            out.pop();
--- a/openssl/src/bn.rs
+++ b/openssl/src/bn.rs
@ -12,16 +12,13 @@
 //! use openssl::bn::BigNum;
 //! use openssl::error::ErrorStack;
 //!
-//! fn bignums() -> Result<(), ErrorStack> {
+//! fn main() -> Result<(), ErrorStack> {
 //!   let a = BigNum::new()?; // a = 0
 //!   let b = BigNum::from_dec_str("1234567890123456789012345")?;
 //!   let c = &a * &b;
 //!   assert_eq!(a, c);
 //!   Ok(())
 //! }
 //! # fn main() {
 //! #    bignums();
 //! # }
 //! ```
 //!
 //! [`BIGNUM`]: https://wiki.openssl.org/index.php/Manual:Bn_internal(3)
@ -191,6 +188,7 @@ impl BigNumRef {
    /// OpenSSL documentation at [`BN_div_word`]
    ///
    /// [`BN_div_word`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_div_word.html
    #[allow(clippy::identity_conversion)]
    pub fn div_word(&mut self, w: u32) -> Result<u64, ErrorStack> {
        unsafe {
            let r = ffi::BN_div_word(self.as_ptr(), w.into());
@ -207,6 +205,7 @@ impl BigNumRef {
    /// OpenSSL documentation at [`BN_mod_word`]
    ///
    /// [`BN_mod_word`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_mod_word.html
    #[allow(clippy::identity_conversion)]
    pub fn mod_word(&self, w: u32) -> Result<u64, ErrorStack> {
        unsafe {
            let r = ffi::BN_mod_word(self.as_ptr(), w.into());
@ -244,6 +243,7 @@ impl BigNumRef {
    /// OpenSSL documentation at [`BN_set_bit`]
    ///
    /// [`BN_set_bit`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_set_bit.html
    #[allow(clippy::identity_conversion)]
    pub fn set_bit(&mut self, n: i32) -> Result<(), ErrorStack> {
        unsafe { cvt(ffi::BN_set_bit(self.as_ptr(), n.into())).map(|_| ()) }
    }
@ -255,6 +255,7 @@ impl BigNumRef {
    /// OpenSSL documentation at [`BN_clear_bit`]
    ///
    /// [`BN_clear_bit`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_clear_bit.html
    #[allow(clippy::identity_conversion)]
    pub fn clear_bit(&mut self, n: i32) -> Result<(), ErrorStack> {
        unsafe { cvt(ffi::BN_clear_bit(self.as_ptr(), n.into())).map(|_| ()) }
    }
@ -264,6 +265,7 @@ impl BigNumRef {
    /// OpenSSL documentation at [`BN_is_bit_set`]
    ///
    /// [`BN_is_bit_set`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_is_bit_set.html
    #[allow(clippy::identity_conversion)]
    pub fn is_bit_set(&self, n: i32) -> bool {
        unsafe { ffi::BN_is_bit_set(self.as_ptr(), n.into()) == 1 }
    }
@ -275,6 +277,7 @@ impl BigNumRef {
    /// OpenSSL documentation at [`BN_mask_bits`]
    ///
    /// [`BN_mask_bits`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_mask_bits.html
    #[allow(clippy::identity_conversion)]
    pub fn mask_bits(&mut self, n: i32) -> Result<(), ErrorStack> {
        unsafe { cvt(ffi::BN_mask_bits(self.as_ptr(), n.into())).map(|_| ()) }
    }
@ -322,6 +325,7 @@ impl BigNumRef {
    /// OpenSSL documentation at [`BN_lshift`]
    ///
    /// [`BN_lshift`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_lshift.html
    #[allow(clippy::identity_conversion)]
    pub fn lshift(&mut self, a: &BigNumRef, n: i32) -> Result<(), ErrorStack> {
        unsafe { cvt(ffi::BN_lshift(self.as_ptr(), a.as_ptr(), n.into())).map(|_| ()) }
    }
@ -331,6 +335,7 @@ impl BigNumRef {
    /// OpenSSL documentation at [`BN_rshift`]
    ///
    /// [`BN_rshift`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_rshift.html
    #[allow(clippy::identity_conversion)]
    pub fn rshift(&mut self, a: &BigNumRef, n: i32) -> Result<(), ErrorStack> {
        unsafe { cvt(ffi::BN_rshift(self.as_ptr(), a.as_ptr(), n.into())).map(|_| ()) }
    }
@ -416,6 +421,7 @@ impl BigNumRef {
    ///
    /// [`constants`]: index.html#constants
    /// [`BN_rand`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_rand.html
    #[allow(clippy::identity_conversion)]
    pub fn rand(&mut self, bits: i32, msb: MsbOption, odd: bool) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_rand(
@ -433,6 +439,7 @@ impl BigNumRef {
    /// OpenSSL documentation at [`BN_psuedo_rand`]
    ///
    /// [`BN_psuedo_rand`]: https://www.openssl.org/docs/man1.1.0/crypto/BN_pseudo_rand.html
    #[allow(clippy::identity_conversion)]
    pub fn pseudo_rand(&mut self, bits: i32, msb: MsbOption, odd: bool) -> Result<(), ErrorStack> {
        unsafe {
            cvt(ffi::BN_pseudo_rand(
@ -811,7 +818,7 @@ impl BigNumRef {
    /// # Return Value
    ///
    /// Returns `true` if `self` is prime with an error probability of less than `0.25 ^ checks`.
-
+    #[allow(clippy::identity_conversion)]
    pub fn is_prime(&self, checks: i32, ctx: &mut BigNumContextRef) -> Result<bool, ErrorStack> {
        unsafe {
            cvt_n(ffi::BN_is_prime_ex(
@ -837,6 +844,7 @@ impl BigNumRef {
    /// # Return Value
    ///
    /// Returns `true` if `self` is prime with an error probability of less than `0.25 ^ checks`.
    #[allow(clippy::identity_conversion)]
    pub fn is_prime_fasttest(
        &self,
        checks: i32,
@ -1372,16 +1380,16 @@ mod tests {
    #[test]
    fn test_to_from_slice() {
-        let v0 = BigNum::from_u32(10203004).unwrap();
+        let v0 = BigNum::from_u32(10_203_004).unwrap();
        let vec = v0.to_vec();
        let v1 = BigNum::from_slice(&vec).unwrap();
-        assert!(v0 == v1);
+        assert_eq!(v0, v1);
    }
    #[test]
    fn test_negation() {
-        let a = BigNum::from_u32(909829283).unwrap();
+        let a = BigNum::from_u32(909_829_283).unwrap();
        assert!(!a.is_negative());
        assert!((-a).is_negative());
@ -1389,15 +1397,14 @@ mod tests {
    #[test]
    fn test_shift() {
-        let a = BigNum::from_u32(909829283).unwrap();
+        let a = BigNum::from_u32(909_829_283).unwrap();
        use std::ops::{Shl, Shr};
-        assert!(a == a.shl(1).shr(1));
+        assert_eq!(a, &(&a << 1) >> 1);
    }
    #[test]
    fn test_rand_range() {
-        let range = BigNum::from_u32(909829283).unwrap();
+        let range = BigNum::from_u32(909_829_283).unwrap();
        let mut result = BigNum::from_dec_str(&range.to_dec_str().unwrap()).unwrap();
        range.rand_range(&mut result).unwrap();
        assert!(result >= BigNum::from_u32(0).unwrap() && result < range);
@ -1405,7 +1412,7 @@ mod tests {
    #[test]
    fn test_pseudo_rand_range() {
-        let range = BigNum::from_u32(909829283).unwrap();
+        let range = BigNum::from_u32(909_829_283).unwrap();
        let mut result = BigNum::from_dec_str(&range.to_dec_str().unwrap()).unwrap();
        range.pseudo_rand_range(&mut result).unwrap();
        assert!(result >= BigNum::from_u32(0).unwrap() && result < range);
@ -1413,7 +1420,7 @@ mod tests {
    #[test]
    fn test_prime_numbers() {
-        let a = BigNum::from_u32(19029017).unwrap();
+        let a = BigNum::from_u32(19_029_017).unwrap();
        let mut p = BigNum::new().unwrap();
        p.generate_prime(128, true, None, Some(&a)).unwrap();
--- a/openssl/src/cms.rs
+++ b/openssl/src/cms.rs
@ -81,7 +81,6 @@ impl CmsContentInfoRef {
            let pkey = pkey.as_ptr();
            let cert = cert.as_ptr();
            let out = MemBio::new()?;
            let flags: u32 = 0;
            cvt(ffi::CMS_decrypt(
                self.as_ptr(),
@ -89,7 +88,7 @@ impl CmsContentInfoRef {
                cert,
                ptr::null_mut(),
                out.as_ptr(),
-                flags.into(),
+                0,
            ))?;
            Ok(out.get_buf().to_owned())
--- a/openssl/src/conf.rs
+++ b/openssl/src/conf.rs
@ -18,6 +18,10 @@ impl ConfMethod {
    }
    /// Construct from raw pointer.
    ///
    /// # Safety
    ///
    /// The caller must ensure that the pointer is valid.
    pub unsafe fn from_ptr(ptr: *mut ffi::CONF_METHOD) -> ConfMethod {
        ConfMethod(ptr)
    }
--- a/openssl/src/derive.rs
+++ b/openssl/src/derive.rs
@ -14,6 +14,7 @@ pub struct Deriver<'a>(*mut ffi::EVP_PKEY_CTX, PhantomData<&'a ()>);
 unsafe impl<'a> Sync for Deriver<'a> {}
 unsafe impl<'a> Send for Deriver<'a> {}
 #[allow(clippy::len_without_is_empty)]
 impl<'a> Deriver<'a> {
    /// Creates a new `Deriver` using the provided private key.
    ///
--- a/openssl/src/dsa.rs
+++ b/openssl/src/dsa.rs
@ -451,6 +451,7 @@ mod test {
    }
    #[test]
    #[allow(clippy::redundant_clone)]
    fn clone() {
        let key = Dsa::generate(2048).unwrap();
        drop(key.clone());
--- a/openssl/src/ec.rs
+++ b/openssl/src/ec.rs
@ -15,22 +15,6 @@
 //! [`EcGroup`]: struct.EcGroup.html
 //! [`Nid`]: ../nid/struct.Nid.html
 //! [Eliptic Curve Cryptography]: https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography
 //!
 //! # Examples
 //!
 //! ```
 //! use openssl::ec::{EcGroup, EcPoint};
 //! use openssl::nid::Nid;
 //! use openssl::error::ErrorStack;
 //! fn get_ec_point() -> Result<EcPoint, ErrorStack> {
 //!    let group = EcGroup::from_curve_name(Nid::SECP224R1)?;
 //!    let point = EcPoint::new(&group)?;
 //!    Ok(point)
 //! }
 //! # fn main() {
 //! #    let _ = get_ec_point();
 //! # }
 //! ```
 use ffi;
 use foreign_types::{ForeignType, ForeignTypeRef};
 use libc::c_int;
@ -347,6 +331,7 @@ impl EcPointRef {
        group: &EcGroupRef,
        q: &EcPointRef,
        m: &BigNumRef,
        // FIXME should be &mut
        ctx: &BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
@ -367,6 +352,7 @@ impl EcPointRef {
        &mut self,
        group: &EcGroupRef,
        n: &BigNumRef,
        // FIXME should be &mut
        ctx: &BigNumContextRef,
    ) -> Result<(), ErrorStack> {
        unsafe {
@ -917,6 +903,7 @@ mod test {
    }
    #[test]
    #[allow(clippy::redundant_clone)]
    fn dup() {
        let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
        let key = EcKey::generate(&group).unwrap();
@ -959,7 +946,7 @@ mod test {
        let mut ctx = BigNumContext::new().unwrap();
        let mut public_key = EcPoint::new(&group).unwrap();
        public_key
-            .mul_generator(&group, key.private_key(), &mut ctx)
+            .mul_generator(&group, key.private_key(), &ctx)
            .unwrap();
        assert!(public_key.eq(&group, key.public_key(), &mut ctx).unwrap());
    }
@ -971,7 +958,7 @@ mod test {
        let one = BigNum::from_u32(1).unwrap();
        let mut ctx = BigNumContext::new().unwrap();
        let mut ecp = EcPoint::new(&group).unwrap();
-        ecp.mul_generator(&group, &one, &mut ctx).unwrap();
+        ecp.mul_generator(&group, &one, &ctx).unwrap();
        assert!(ecp.eq(&group, gen, &mut ctx).unwrap());
    }
@ -998,9 +985,8 @@ mod test {
        let dup_key =
            EcKey::from_private_components(&group, key.private_key(), key.public_key()).unwrap();
-        let res = dup_key.check_key().unwrap();
+        dup_key.check_key().unwrap();
        assert!(res == ());
        assert!(key.private_key() == dup_key.private_key());
    }
--- a/openssl/src/ecdsa.rs
+++ b/openssl/src/ecdsa.rs
@ -197,11 +197,11 @@ mod test {
        let verification2 = res
            .verify(String::from("hello2").as_bytes(), &public_key)
            .unwrap();
-        assert!(verification2 == false);
+        assert!(!verification2);
        // Signature will not be verified using the correct data but the incorrect public key
        let verification3 = res.verify(data.as_bytes(), &public_key2).unwrap();
-        assert!(verification3 == false);
+        assert!(!verification3);
    }
    #[test]
--- a/openssl/src/error.rs
+++ b/openssl/src/error.rs
@ -161,7 +161,7 @@ impl Error {
                        None
                    } else {
                        ptr::copy_nonoverlapping(data.as_ptr(), ptr as *mut u8, data.len());
-                        *ptr.offset(data.len() as isize) = 0;
+                        *ptr.add(data.len()) = 0;
                        Some((ptr, ffi::ERR_TXT_MALLOCED))
                    }
                }
--- a/openssl/src/ex_data.rs
+++ b/openssl/src/ex_data.rs
@ -16,10 +16,16 @@ impl<T, U> Clone for Index<T, U> {
 }
 impl<T, U> Index<T, U> {
    /// Creates an `Index` from a raw integer index.
    ///
    /// # Safety
    ///
    /// The caller must ensure that the index correctly maps to a `U` value stored in a `T`.
    pub unsafe fn from_raw(idx: c_int) -> Index<T, U> {
        Index(idx, PhantomData)
    }
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
--- a/openssl/src/hash.rs
+++ b/openssl/src/hash.rs
@ -3,6 +3,7 @@ use std::fmt;
 use std::io;
 use std::io::prelude::*;
 use std::ops::{Deref, DerefMut};
 use std::ptr;
 use error::ErrorStack;
 use nid::Nid;
@ -20,6 +21,11 @@ cfg_if! {
 pub struct MessageDigest(*const ffi::EVP_MD);
 impl MessageDigest {
    /// Creates a `MessageDigest` from a raw OpenSSL pointer.
    ///
    /// # Safety
    ///
    /// The caller must ensure the pointer is valid.
    pub unsafe fn from_ptr(x: *const ffi::EVP_MD) -> Self {
        MessageDigest(x)
    }
@ -102,16 +108,19 @@ impl MessageDigest {
        unsafe { MessageDigest(ffi::EVP_ripemd160()) }
    }
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_ptr(&self) -> *const ffi::EVP_MD {
        self.0
    }
-    /// The size of the digest in bytes
+    /// The size of the digest in bytes.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn size(&self) -> usize {
        unsafe { ffi::EVP_MD_size(self.0) as usize }
    }
-    /// The name of the digest
+    /// The name of the digest.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn type_(&self) -> Nid {
        Nid::from_raw(unsafe { ffi::EVP_MD_type(self.0) })
    }
@ -199,7 +208,7 @@ impl Hasher {
        let ctx = unsafe { cvt_p(EVP_MD_CTX_new())? };
        let mut h = Hasher {
-            ctx: ctx,
+            ctx,
            md: ty.as_ptr(),
            type_: ty,
            state: Finalized,
@ -217,7 +226,7 @@ impl Hasher {
            Finalized => (),
        }
        unsafe {
-            cvt(ffi::EVP_DigestInit_ex(self.ctx, self.md, 0 as *mut _))?;
+            cvt(ffi::EVP_DigestInit_ex(self.ctx, self.md, ptr::null_mut()))?;
        }
        self.state = Reset;
        Ok(())
@ -254,7 +263,7 @@ impl Hasher {
            ))?;
            self.state = Finalized;
            Ok(DigestBytes {
-                buf: buf,
+                buf,
                len: len as usize,
            })
        }
@ -301,7 +310,7 @@ impl Clone for Hasher {
            ctx
        };
        Hasher {
-            ctx: ctx,
+            ctx,
            md: self.md,
            type_: self.type_,
            state: self.state,
@ -407,14 +416,13 @@ mod tests {
    }
    fn hash_recycle_test(h: &mut Hasher, hashtest: &(&str, &str)) {
-        let _ = h.write_all(&Vec::from_hex(hashtest.0).unwrap()).unwrap();
+        h.write_all(&Vec::from_hex(hashtest.0).unwrap()).unwrap();
        let res = h.finish().unwrap();
        assert_eq!(hex::encode(res), hashtest.1);
    }
    // Test vectors from http://www.nsrl.nist.gov/testdata/
-    #[allow(non_upper_case_globals)]
+    const MD5_TESTS: [(&str, &str); 13] = [
    const md5_tests: [(&'static str, &'static str); 13] = [
        ("", "d41d8cd98f00b204e9800998ecf8427e"),
        ("7F", "83acb6e67e50e31db6ed341dd2de1595"),
        ("EC9C", "0b07f0d4ca797d8ac58874f887cb0b68"),
@ -435,7 +443,7 @@ mod tests {
    #[test]
    fn test_md5() {
-        for test in md5_tests.iter() {
+        for test in MD5_TESTS.iter() {
            hash_test(MessageDigest::md5(), test);
        }
    }
@ -443,7 +451,7 @@ mod tests {
    #[test]
    fn test_md5_recycle() {
        let mut h = Hasher::new(MessageDigest::md5()).unwrap();
-        for test in md5_tests.iter() {
+        for test in MD5_TESTS.iter() {
            hash_recycle_test(&mut h, test);
        }
    }
@ -451,7 +459,7 @@ mod tests {
    #[test]
    fn test_finish_twice() {
        let mut h = Hasher::new(MessageDigest::md5()).unwrap();
-        h.write_all(&Vec::from_hex(md5_tests[6].0).unwrap())
+        h.write_all(&Vec::from_hex(MD5_TESTS[6].0).unwrap())
            .unwrap();
        h.finish().unwrap();
        let res = h.finish().unwrap();
@ -460,9 +468,10 @@ mod tests {
    }
    #[test]
    #[allow(clippy::redundant_clone)]
    fn test_clone() {
        let i = 7;
-        let inp = Vec::from_hex(md5_tests[i].0).unwrap();
+        let inp = Vec::from_hex(MD5_TESTS[i].0).unwrap();
        assert!(inp.len() > 2);
        let p = inp.len() / 2;
        let h0 = Hasher::new(MessageDigest::md5()).unwrap();
@ -475,18 +484,18 @@ mod tests {
            let mut h2 = h1.clone();
            h2.write_all(&inp[p..]).unwrap();
            let res = h2.finish().unwrap();
-            assert_eq!(hex::encode(res), md5_tests[i].1);
+            assert_eq!(hex::encode(res), MD5_TESTS[i].1);
        }
        h1.write_all(&inp[p..]).unwrap();
        let res = h1.finish().unwrap();
-        assert_eq!(hex::encode(res), md5_tests[i].1);
+        assert_eq!(hex::encode(res), MD5_TESTS[i].1);
        println!("Clone a finished hasher");
        let mut h3 = h1.clone();
-        h3.write_all(&Vec::from_hex(md5_tests[i + 1].0).unwrap())
+        h3.write_all(&Vec::from_hex(MD5_TESTS[i + 1].0).unwrap())
            .unwrap();
        let res = h3.finish().unwrap();
-        assert_eq!(hex::encode(res), md5_tests[i + 1].1);
+        assert_eq!(hex::encode(res), MD5_TESTS[i + 1].1);
    }
    #[test]
--- a/openssl/src/nid.rs
+++ b/openssl/src/nid.rs
@ -55,6 +55,7 @@ impl Nid {
    }
    /// Return the integer representation of a `Nid`.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
@ -62,6 +63,7 @@ impl Nid {
    /// Returns the `Nid`s of the digest and public key algorithms associated with a signature ID.
    ///
    /// This corresponds to `OBJ_find_sigid_algs`.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn signature_algorithms(&self) -> Option<SignatureAlgorithms> {
        unsafe {
            let mut digest = 0;
@ -81,6 +83,7 @@ impl Nid {
    /// This corresponds to [`OBJ_nid2ln`]
    ///
    /// [`OBJ_nid2ln`]: https://www.openssl.org/docs/man1.1.0/crypto/OBJ_nid2ln.html
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn long_name(&self) -> Result<&'static str, ErrorStack> {
        unsafe {
            cvt_p(ffi::OBJ_nid2ln(self.0) as *mut c_char)
@ -92,6 +95,7 @@ impl Nid {
    /// This corresponds to [`OBJ_nid2sn`]
    ///
    /// [`OBJ_nid2sn`]: https://www.openssl.org/docs/man1.1.0/crypto/OBJ_nid2sn.html
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn short_name(&self) -> Result<&'static str, ErrorStack> {
        unsafe {
            cvt_p(ffi::OBJ_nid2sn(self.0) as *mut c_char)
--- a/openssl/src/ocsp.rs
+++ b/openssl/src/ocsp.rs
@ -32,14 +32,6 @@ bitflags! {
 pub struct OcspResponseStatus(c_int);
 impl OcspResponseStatus {
    pub fn from_raw(raw: c_int) -> OcspResponseStatus {
        OcspResponseStatus(raw)
    }
    pub fn as_raw(&self) -> c_int {
        self.0
    }
    pub const SUCCESSFUL: OcspResponseStatus =
        OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SUCCESSFUL);
    pub const MALFORMED_REQUEST: OcspResponseStatus =
@ -52,37 +44,39 @@ impl OcspResponseStatus {
        OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_SIGREQUIRED);
    pub const UNAUTHORIZED: OcspResponseStatus =
        OcspResponseStatus(ffi::OCSP_RESPONSE_STATUS_UNAUTHORIZED);
    pub fn from_raw(raw: c_int) -> OcspResponseStatus {
        OcspResponseStatus(raw)
    }
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
 }
 #[derive(Copy, Clone, Debug, PartialEq, Eq)]
 pub struct OcspCertStatus(c_int);
 impl OcspCertStatus {
    pub const GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD);
    pub const REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED);
    pub const UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN);
    pub fn from_raw(raw: c_int) -> OcspCertStatus {
        OcspCertStatus(raw)
    }
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
    pub const GOOD: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_GOOD);
    pub const REVOKED: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_REVOKED);
    pub const UNKNOWN: OcspCertStatus = OcspCertStatus(ffi::V_OCSP_CERTSTATUS_UNKNOWN);
 }
 #[derive(Copy, Clone, Debug, PartialEq, Eq)]
 pub struct OcspRevokedStatus(c_int);
 impl OcspRevokedStatus {
    pub fn from_raw(raw: c_int) -> OcspRevokedStatus {
        OcspRevokedStatus(raw)
    }
    pub fn as_raw(&self) -> c_int {
        self.0
    }
    pub const NO_STATUS: OcspRevokedStatus = OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_NOSTATUS);
    pub const UNSPECIFIED: OcspRevokedStatus =
        OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_UNSPECIFIED);
@ -100,6 +94,15 @@ impl OcspRevokedStatus {
        OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_CERTIFICATEHOLD);
    pub const REMOVE_FROM_CRL: OcspRevokedStatus =
        OcspRevokedStatus(ffi::OCSP_REVOKED_STATUS_REMOVEFROMCRL);
    pub fn from_raw(raw: c_int) -> OcspRevokedStatus {
        OcspRevokedStatus(raw)
    }
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
 }
 pub struct OcspStatus<'a> {
@ -190,10 +193,11 @@ impl OcspBasicResponseRef {
                } else {
                    Some(Asn1GeneralizedTimeRef::from_ptr(revocation_time))
                };
                Some(OcspStatus {
                    status: OcspCertStatus(status),
                    reason: OcspRevokedStatus(status),
-                    revocation_time: revocation_time,
+                    revocation_time,
                    this_update: Asn1GeneralizedTimeRef::from_ptr(this_update),
                    next_update: Asn1GeneralizedTimeRef::from_ptr(next_update),
                })
--- a/openssl/src/pkcs12.rs
+++ b/openssl/src/pkcs12.rs
@ -58,11 +58,7 @@ impl Pkcs12Ref {
                Some(Stack::from_ptr(chain))
            };
-            Ok(ParsedPkcs12 {
+            Ok(ParsedPkcs12 { pkey, cert, chain })
                pkey: pkey,
                cert: cert,
                chain: chain,
            })
        }
    }
 }
--- a/openssl/src/pkcs5.rs
+++ b/openssl/src/pkcs5.rs
@ -23,6 +23,7 @@ pub struct KeyIvPair {
 ///
 /// New applications should not use this and instead use
 /// `pbkdf2_hmac` or another more modern key derivation algorithm.
 #[allow(clippy::identity_conversion)]
 pub fn bytes_to_key(
    cipher: Cipher,
    digest: MessageDigest,
@ -75,7 +76,7 @@ pub fn bytes_to_key(
            iv_ptr,
        ))?;
-        Ok(KeyIvPair { key: key, iv: iv })
+        Ok(KeyIvPair { key, iv })
    }
 }
--- a/openssl/src/pkcs7.rs
+++ b/openssl/src/pkcs7.rs
@ -303,7 +303,7 @@ mod tests {
        let cert = include_bytes!("../test/cert.pem");
        let cert = X509::from_pem(cert).unwrap();
        let certs = Stack::new().unwrap();
-        let message: String = String::from("foo");
+        let message = "foo";
        let flags = Pkcs7Flags::STREAM | Pkcs7Flags::DETACHED;
        let pkey = include_bytes!("../test/key.pem");
        let pkey = PKey::private_key_from_pem(pkey).unwrap();
@ -336,11 +336,8 @@ mod tests {
            )
            .expect("should succeed");
-        assert_eq!(message.clone().into_bytes(), output);
+        assert_eq!(output, message.as_bytes());
-        assert_eq!(
+        assert_eq!(content.expect("should be non-empty"), message.as_bytes());
            message.clone().into_bytes(),
            content.expect("should be non-empty")
        );
    }
    #[test]
@ -348,7 +345,7 @@ mod tests {
        let cert = include_bytes!("../test/cert.pem");
        let cert = X509::from_pem(cert).unwrap();
        let certs = Stack::new().unwrap();
-        let message: String = String::from("foo");
+        let message = "foo";
        let flags = Pkcs7Flags::STREAM;
        let pkey = include_bytes!("../test/key.pem");
        let pkey = PKey::private_key_from_pem(pkey).unwrap();
@ -375,7 +372,7 @@ mod tests {
            .verify(&certs, &store, None, Some(&mut output), flags)
            .expect("should succeed");
-        assert_eq!(message.clone().into_bytes(), output);
+        assert_eq!(output, message.as_bytes());
        assert!(content.is_none());
    }
--- a/openssl/src/pkey.rs
+++ b/openssl/src/pkey.rs
@ -58,6 +58,8 @@ use dsa::Dsa;
 use ec::EcKey;
 use error::ErrorStack;
 use rsa::Rsa;
 #[cfg(ossl110)]
 use symm::Cipher;
 use util::{invoke_passwd_cb, CallbackState};
 use {cvt, cvt_p};
@ -75,16 +77,6 @@ pub enum Private {}
 pub struct Id(c_int);
 impl Id {
    /// Creates a `Id` from an integer representation.
    pub fn from_raw(value: c_int) -> Id {
        Id(value)
    }
    /// Returns the integer representation of the `Id`.
    pub fn as_raw(&self) -> c_int {
        self.0
    }
    pub const RSA: Id = Id(ffi::EVP_PKEY_RSA);
    pub const HMAC: Id = Id(ffi::EVP_PKEY_HMAC);
    pub const DSA: Id = Id(ffi::EVP_PKEY_DSA);
@ -95,6 +87,17 @@ impl Id {
    pub const ED25519: Id = Id(ffi::EVP_PKEY_ED25519);
    #[cfg(ossl111)]
    pub const ED448: Id = Id(ffi::EVP_PKEY_ED448);
    /// Creates a `Id` from an integer representation.
    pub fn from_raw(value: c_int) -> Id {
        Id(value)
    }
    /// Returns the integer representation of the `Id`.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
 }
 /// A trait indicating that a key has parameters.
@ -394,7 +397,8 @@ impl PKey<Private> {
    ///
    /// To compute CMAC values, use the `sign` module.
    #[cfg(ossl110)]
-    pub fn cmac(cipher: &::symm::Cipher, key: &[u8]) -> Result<PKey<Private>, ErrorStack> {
+    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn cmac(cipher: &Cipher, key: &[u8]) -> Result<PKey<Private>, ErrorStack> {
        unsafe {
            assert!(key.len() <= c_int::max_value() as usize);
            let kctx = cvt_p(ffi::EVP_PKEY_CTX_new_id(
@ -527,10 +531,7 @@ impl PKey<Private> {
    /// Deserializes a DER-formatted PKCS#8 unencrypted private key.
    ///
    /// This method is mainly for interoperability reasons. Encrypted keyfiles should be preferred.
-    pub fn private_key_from_pkcs8(
+    pub fn private_key_from_pkcs8(der: &[u8]) -> Result<PKey<Private>, ErrorStack> {
        der: &[u8],
    ) -> Result<PKey<Private>, ErrorStack>
    {
        unsafe {
            ffi::init();
            let len = der.len().min(c_long::max_value() as usize) as c_long;
@ -539,8 +540,7 @@ impl PKey<Private> {
                &mut der.as_ptr(),
                len,
            ))?;
-            let res = cvt_p(ffi::EVP_PKCS82PKEY(p8inf))
+            let res = cvt_p(ffi::EVP_PKCS82PKEY(p8inf)).map(|p| PKey::from_ptr(p));
                .map(|p| PKey::from_ptr(p));
            ffi::PKCS8_PRIV_KEY_INFO_free(p8inf);
            res
        }
--- a/openssl/src/rsa.rs
+++ b/openssl/src/rsa.rs
@ -49,20 +49,21 @@ use {cvt, cvt_n, cvt_p};
 pub struct Padding(c_int);
 impl Padding {
    pub const NONE: Padding = Padding(ffi::RSA_NO_PADDING);
    pub const PKCS1: Padding = Padding(ffi::RSA_PKCS1_PADDING);
    pub const PKCS1_OAEP: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING);
    pub const PKCS1_PSS: Padding = Padding(ffi::RSA_PKCS1_PSS_PADDING);
    /// Creates a `Padding` from an integer representation.
    pub fn from_raw(value: c_int) -> Padding {
        Padding(value)
    }
    /// Returns the integer representation of `Padding`.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
    pub const NONE: Padding = Padding(ffi::RSA_NO_PADDING);
    pub const PKCS1: Padding = Padding(ffi::RSA_PKCS1_PADDING);
    pub const PKCS1_OAEP: Padding = Padding(ffi::RSA_PKCS1_OAEP_PADDING);
    pub const PKCS1_PSS: Padding = Padding(ffi::RSA_PKCS1_PSS_PADDING);
 }
 generic_foreign_type_and_impl_send_sync! {
@ -579,6 +580,7 @@ impl Rsa<Private> {
    ///
    /// This a convenience method over
    /// `Rsa::build(n, e, d)?.set_factors(p, q)?.set_crt_params(dmp1, dmq1, iqmp)?.build()`
    #[allow(clippy::too_many_arguments, clippy::many_single_char_names)]
    pub fn from_private_components(
        n: BigNum,
        e: BigNum,
@ -895,11 +897,11 @@ mod test {
        let keypair = super::Rsa::generate(2048).unwrap();
        let pubkey_pem = keypair.public_key_to_pem_pkcs1().unwrap();
        let pubkey = super::Rsa::public_key_from_pem_pkcs1(&pubkey_pem).unwrap();
-        let msg = "Hello, world!".as_bytes();
+        let msg = b"Hello, world!";
        let mut encrypted = vec![0; pubkey.size() as usize];
        let len = pubkey
-            .public_encrypt(&msg, &mut encrypted, Padding::PKCS1)
+            .public_encrypt(msg, &mut encrypted, Padding::PKCS1)
            .unwrap();
        assert!(len > msg.len());
        let mut decrypted = vec![0; keypair.size() as usize];
@ -907,7 +909,7 @@ mod test {
            .private_decrypt(&encrypted, &mut decrypted, Padding::PKCS1)
            .unwrap();
        assert_eq!(len, msg.len());
-        assert_eq!("Hello, world!", String::from_utf8_lossy(&decrypted[..len]));
+        assert_eq!(&decrypted[..len], msg);
    }
    #[test]
@ -915,15 +917,15 @@ mod test {
        let keypair = super::Rsa::generate(2048).unwrap();
        let pubkey_pem = keypair.public_key_to_pem_pkcs1().unwrap();
        let pubkey = super::Rsa::public_key_from_pem_pkcs1(&pubkey_pem).unwrap();
-        let msg = "foo".as_bytes();
+        let msg = b"foo";
        let mut encrypted1 = vec![0; pubkey.size() as usize];
        let mut encrypted2 = vec![0; pubkey.size() as usize];
        let len1 = pubkey
-            .public_encrypt(&msg, &mut encrypted1, Padding::PKCS1)
+            .public_encrypt(msg, &mut encrypted1, Padding::PKCS1)
            .unwrap();
        let len2 = pubkey
-            .public_encrypt(&msg, &mut encrypted2, Padding::PKCS1)
+            .public_encrypt(msg, &mut encrypted2, Padding::PKCS1)
            .unwrap();
        assert!(len1 > (msg.len() + 1));
        assert_eq!(len1, len2);
@ -931,6 +933,7 @@ mod test {
    }
    #[test]
    #[allow(clippy::redundant_clone)]
    fn clone() {
        let key = Rsa::generate(2048).unwrap();
        drop(key.clone());
--- a/openssl/src/sha.rs
+++ b/openssl/src/sha.rs
@ -118,6 +118,13 @@ pub fn sha512(data: &[u8]) -> [u8; 64] {
 #[derive(Clone)]
 pub struct Sha1(ffi::SHA_CTX);
 impl Default for Sha1 {
    #[inline]
    fn default() -> Sha1 {
        Sha1::new()
    }
 }
 impl Sha1 {
    /// Creates a new hasher.
    #[inline]
@ -156,6 +163,13 @@ impl Sha1 {
 #[derive(Clone)]
 pub struct Sha224(ffi::SHA256_CTX);
 impl Default for Sha224 {
    #[inline]
    fn default() -> Sha224 {
        Sha224::new()
    }
 }
 impl Sha224 {
    /// Creates a new hasher.
    #[inline]
@ -194,6 +208,13 @@ impl Sha224 {
 #[derive(Clone)]
 pub struct Sha256(ffi::SHA256_CTX);
 impl Default for Sha256 {
    #[inline]
    fn default() -> Sha256 {
        Sha256::new()
    }
 }
 impl Sha256 {
    /// Creates a new hasher.
    #[inline]
@ -232,6 +253,13 @@ impl Sha256 {
 #[derive(Clone)]
 pub struct Sha384(ffi::SHA512_CTX);
 impl Default for Sha384 {
    #[inline]
    fn default() -> Sha384 {
        Sha384::new()
    }
 }
 impl Sha384 {
    /// Creates a new hasher.
    #[inline]
@ -270,6 +298,13 @@ impl Sha384 {
 #[derive(Clone)]
 pub struct Sha512(ffi::SHA512_CTX);
 impl Default for Sha512 {
    #[inline]
    fn default() -> Sha512 {
        Sha512::new()
    }
 }
 impl Sha512 {
    /// Creates a new hasher.
    #[inline]
--- a/openssl/src/sign.rs
+++ b/openssl/src/sign.rs
@ -123,6 +123,7 @@ impl<'a> Drop for Signer<'a> {
    }
 }
 #[allow(clippy::len_without_is_empty)]
 impl<'a> Signer<'a> {
    /// Creates a new `Signer`.
    ///
@ -354,7 +355,11 @@ impl<'a> Signer<'a> {
    ///
    /// [`EVP_DigestSign`]: https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestSign.html
    #[cfg(ossl111)]
-    pub fn sign_oneshot(&mut self, sig_buf: &mut [u8], data_buf: &[u8]) -> Result<usize, ErrorStack> {
+    pub fn sign_oneshot(
        &mut self,
        sig_buf: &mut [u8],
        data_buf: &[u8],
    ) -> Result<usize, ErrorStack> {
        unsafe {
            let mut sig_len = sig_buf.len();
            cvt(ffi::EVP_DigestSign(
@ -641,12 +646,12 @@ mod test {
    use rsa::{Padding, Rsa};
    use sign::{RsaPssSaltlen, Signer, Verifier};
-    const INPUT: &'static str =
+    const INPUT: &str =
        "65794a68624763694f694a53557a49314e694a392e65794a7063334d694f694a71623255694c41304b49434a6c\
         654841694f6a457a4d4441344d546b7a4f44417344516f67496d6830644841364c79396c654746746347786c4c\
         6d4e76625339706331397962323930496a7030636e566c6651";
-    const SIGNATURE: &'static str =
+    const SIGNATURE: &str =
        "702e218943e88fd11eb5d82dbf7845f34106ae1b81fff7731116add1717d83656d420afd3c96eedd73a2663e51\
         66687b000b87226e0187ed1073f945e582adfcef16d85a798ee8c66ddb3db8975b17d09402beedd5d9d9700710\
         8db28160d5f8040ca7445762b81fbe7ff9d92e0ae76f24f25b33bbe6f44ae61eb1040acb20044d3ef9128ed401\
--- a/openssl/src/srtp.rs
+++ b/openssl/src/srtp.rs
@ -38,20 +38,21 @@ impl SrtpProtectionProfileRef {
 pub struct SrtpProfileId(c_ulong);
 impl SrtpProfileId {
    /// Creates a `SrtpProfileId` from an integer representation.
    pub fn from_raw(value: c_ulong) -> SrtpProfileId {
        SrtpProfileId(value)
    }
    /// Returns the integer representation of `SrtpProfileId`.
    pub fn as_raw(&self) -> c_ulong {
        self.0
    }
    pub const SRTP_AES128_CM_SHA1_80: SrtpProfileId = SrtpProfileId(ffi::SRTP_AES128_CM_SHA1_80);
    pub const SRTP_AES128_CM_SHA1_32: SrtpProfileId = SrtpProfileId(ffi::SRTP_AES128_CM_SHA1_32);
    pub const SRTP_AES128_F8_SHA1_80: SrtpProfileId = SrtpProfileId(ffi::SRTP_AES128_F8_SHA1_80);
    pub const SRTP_AES128_F8_SHA1_32: SrtpProfileId = SrtpProfileId(ffi::SRTP_AES128_F8_SHA1_32);
    pub const SRTP_NULL_SHA1_80: SrtpProfileId = SrtpProfileId(ffi::SRTP_NULL_SHA1_80);
    pub const SRTP_NULL_SHA1_32: SrtpProfileId = SrtpProfileId(ffi::SRTP_NULL_SHA1_32);
    /// Creates a `SrtpProfileId` from an integer representation.
    pub fn from_raw(value: c_ulong) -> SrtpProfileId {
        SrtpProfileId(value)
    }
    /// Returns the integer representation of `SrtpProfileId`.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_ulong {
        self.0
    }
 }
--- a/openssl/src/ssl/bio.rs
+++ b/openssl/src/ssl/bio.rs
@ -1,12 +1,11 @@
 use ffi::{
    self, BIO_clear_retry_flags, BIO_new, BIO_set_retry_read, BIO_set_retry_write, BIO,
-    BIO_CTRL_FLUSH, BIO_CTRL_DGRAM_QUERY_MTU,
+    BIO_CTRL_DGRAM_QUERY_MTU, BIO_CTRL_FLUSH,
 };
 use libc::{c_char, c_int, c_long, c_void, strlen};
 use std::any::Any;
 use std::io;
 use std::io::prelude::*;
 use std::mem;
 use std::panic::{catch_unwind, AssertUnwindSafe};
 use std::ptr;
 use std::slice;
@ -37,7 +36,7 @@ pub fn new<S: Read + Write>(stream: S) -> Result<(*mut BIO, BioMethod), ErrorSta
    let method = BioMethod::new::<S>();
    let state = Box::new(StreamState {
-        stream: stream,
+        stream,
        error: None,
        panic: None,
        dtls_mtu_size: 0,
@ -48,7 +47,7 @@ pub fn new<S: Read + Write>(stream: S) -> Result<(*mut BIO, BioMethod), ErrorSta
        BIO_set_data(bio, Box::into_raw(state) as *mut _);
        BIO_set_init(bio, 1);
-        return Ok((bio, method));
+        Ok((bio, method))
    }
 }
@ -63,7 +62,7 @@ pub unsafe fn take_panic<S>(bio: *mut BIO) -> Option<Box<dyn Any + Send>> {
 }
 pub unsafe fn get_ref<'a, S: 'a>(bio: *mut BIO) -> &'a S {
-    let state: &'a StreamState<S> = mem::transmute(BIO_get_data(bio));
+    let state = &*(BIO_get_data(bio) as *const StreamState<S>);
    &state.stream
 }
@ -73,7 +72,10 @@ pub unsafe fn get_mut<'a, S: 'a>(bio: *mut BIO) -> &'a mut S {
 pub unsafe fn set_dtls_mtu_size<S>(bio: *mut BIO, mtu_size: usize) {
    if mtu_size as u64 > c_long::max_value() as u64 {
-        panic!("Given MTU size {} can't be represented in a positive `c_long` range")
+        panic!(
            "Given MTU size {} can't be represented in a positive `c_long` range",
            mtu_size
        )
    }
    state::<S>(bio).dtls_mtu_size = mtu_size as c_long;
 }
@ -207,7 +209,7 @@ cfg_if! {
                    assert!(ffi::BIO_meth_set_ctrl(ptr, ctrl::<S>) != 0);
                    assert!(ffi::BIO_meth_set_create(ptr, create) != 0);
                    assert!(ffi::BIO_meth_set_destroy(ptr, destroy::<S>) != 0);
-                    return ret;
+                    ret
                }
            }
--- a/openssl/src/ssl/callbacks.rs
+++ b/openssl/src/ssl/callbacks.rs
@ -116,10 +116,10 @@ where
            .ssl_context()
            .ex_data(callback_idx)
            .expect("BUG: psk callback missing") as *const F;
-        let identity = if identity != ptr::null() {
+        let identity = if identity.is_null() {
            Some(CStr::from_ptr(identity).to_bytes())
        } else {
            None
        } else {
            Some(CStr::from_ptr(identity).to_bytes())
        };
        // Give the callback mutable slices into which it can write the psk.
        let psk_sl = slice::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize);
--- a/openssl/src/ssl/connector.rs
+++ b/openssl/src/ssl/connector.rs
@ -20,6 +20,7 @@ ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
 -----END DH PARAMETERS-----
 ";
 #[allow(clippy::inconsistent_digit_grouping)]
 fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
    let mut ctx = SslContextBuilder::new(method)?;
--- a/openssl/src/ssl/error.rs
+++ b/openssl/src/ssl/error.rs
@ -14,14 +14,6 @@ use x509::X509VerifyResult;
 pub struct ErrorCode(c_int);
 impl ErrorCode {
    pub fn from_raw(raw: c_int) -> ErrorCode {
        ErrorCode(raw)
    }
    pub fn as_raw(&self) -> c_int {
        self.0
    }
    /// The SSL session has been closed.
    pub const ZERO_RETURN: ErrorCode = ErrorCode(ffi::SSL_ERROR_ZERO_RETURN);
@ -46,6 +38,15 @@ impl ErrorCode {
    /// Requires OpenSSL 1.1.1 or newer.
    #[cfg(ossl111)]
    pub const WANT_CLIENT_HELLO_CB: ErrorCode = ErrorCode(ffi::SSL_ERROR_WANT_CLIENT_HELLO_CB);
    pub fn from_raw(raw: c_int) -> ErrorCode {
        ErrorCode(raw)
    }
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
 }
 #[derive(Debug)]
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@ -338,11 +338,16 @@ impl SslMethod {
    }
    /// Constructs an `SslMethod` from a pointer to the underlying OpenSSL value.
    ///
    /// # Safety
    ///
    /// The caller must ensure the pointer is valid.
    pub unsafe fn from_ptr(ptr: *const ffi::SSL_METHOD) -> SslMethod {
        SslMethod(ptr)
    }
    /// Returns a pointer to the underlying OpenSSL value.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_ptr(&self) -> *const ffi::SSL_METHOD {
        self.0
    }
@ -444,16 +449,6 @@ bitflags! {
 pub struct SslFiletype(c_int);
 impl SslFiletype {
    /// Constructs an `SslFiletype` from a raw OpenSSL value.
    pub fn from_raw(raw: c_int) -> SslFiletype {
        SslFiletype(raw)
    }
    /// Returns the raw OpenSSL value represented by this type.
    pub fn as_raw(&self) -> c_int {
        self.0
    }
    /// The PEM format.
    ///
    /// This corresponds to `SSL_FILETYPE_PEM`.
@ -463,6 +458,17 @@ impl SslFiletype {
    ///
    /// This corresponds to `SSL_FILETYPE_ASN1`.
    pub const ASN1: SslFiletype = SslFiletype(ffi::SSL_FILETYPE_ASN1);
    /// Constructs an `SslFiletype` from a raw OpenSSL value.
    pub fn from_raw(raw: c_int) -> SslFiletype {
        SslFiletype(raw)
    }
    /// Returns the raw OpenSSL value represented by this type.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
 }
 /// An identifier of a certificate status type.
@ -470,18 +476,19 @@ impl SslFiletype {
 pub struct StatusType(c_int);
 impl StatusType {
    /// An OSCP status.
    pub const OCSP: StatusType = StatusType(ffi::TLSEXT_STATUSTYPE_ocsp);
    /// Constructs a `StatusType` from a raw OpenSSL value.
    pub fn from_raw(raw: c_int) -> StatusType {
        StatusType(raw)
    }
    /// Returns the raw OpenSSL value represented by this type.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
    /// An OSCP status.
    pub const OCSP: StatusType = StatusType(ffi::TLSEXT_STATUSTYPE_ocsp);
 }
 /// An identifier of a session name type.
@ -489,18 +496,19 @@ impl StatusType {
 pub struct NameType(c_int);
 impl NameType {
    /// A host name.
    pub const HOST_NAME: NameType = NameType(ffi::TLSEXT_NAMETYPE_host_name);
    /// Constructs a `StatusType` from a raw OpenSSL value.
    pub fn from_raw(raw: c_int) -> StatusType {
        StatusType(raw)
    }
    /// Returns the raw OpenSSL value represented by this type.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
    /// A host name.
    pub const HOST_NAME: NameType = NameType(ffi::TLSEXT_NAMETYPE_host_name);
 }
 lazy_static! {
@ -658,6 +666,10 @@ impl SslContextBuilder {
    }
    /// Creates an `SslContextBuilder` from a pointer to a raw OpenSSL value.
    ///
    /// # Safety
    ///
    /// The caller must ensure that the pointer is valid and uniquely owned by the builder.
    pub unsafe fn from_ptr(ctx: *mut ffi::SSL_CTX) -> SslContextBuilder {
        SslContextBuilder(SslContext::from_ptr(ctx))
    }
@ -1726,6 +1738,7 @@ impl SslContextBuilder {
    /// This corresponds to [`SSL_CTX_sess_get_cache_size`].
    ///
    /// [`SSL_CTX_sess_get_cache_size`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_sess_set_cache_size.html
    #[allow(clippy::identity_conversion)]
    pub fn set_session_cache_size(&mut self, size: i32) -> i64 {
        unsafe { ffi::SSL_CTX_sess_set_cache_size(self.as_ptr(), size.into()).into() }
    }
@ -1967,6 +1980,7 @@ impl SslContextRef {
    /// This corresponds to [`SSL_CTX_sess_get_cache_size`].
    ///
    /// [`SSL_CTX_sess_get_cache_size`]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_sess_set_cache_size.html
    #[allow(clippy::identity_conversion)]
    pub fn session_cache_size(&self) -> i64 {
        unsafe { ffi::SSL_CTX_sess_get_cache_size(self.as_ptr()).into() }
    }
@ -2084,6 +2098,7 @@ impl SslCipherRef {
    /// This corresponds to [`SSL_CIPHER_get_bits`].
    ///
    /// [`SSL_CIPHER_get_bits`]: https://www.openssl.org/docs/manmaster/man3/SSL_CIPHER_get_name.html
    #[allow(clippy::identity_conversion)]
    pub fn bits(&self) -> CipherBits {
        unsafe {
            let mut algo_bits = 0;
@ -2242,6 +2257,7 @@ impl SslSessionRef {
    /// This corresponds to [`SSL_SESSION_get_time`].
    ///
    /// [`SSL_SESSION_get_time`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_time.html
    #[allow(clippy::identity_conversion)]
    pub fn time(&self) -> i64 {
        unsafe { ffi::SSL_SESSION_get_time(self.as_ptr()).into() }
    }
@ -2253,6 +2269,7 @@ impl SslSessionRef {
    /// This corresponds to [`SSL_SESSION_get_timeout`].
    ///
    /// [`SSL_SESSION_get_timeout`]: https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_time.html
    #[allow(clippy::identity_conversion)]
    pub fn timeout(&self) -> i64 {
        unsafe { ffi::SSL_SESSION_get_timeout(self.as_ptr()).into() }
    }
@ -2868,7 +2885,7 @@ impl SslRef {
    pub fn servername_raw(&self, type_: NameType) -> Option<&[u8]> {
        unsafe {
            let name = ffi::SSL_get_servername(self.as_ptr(), type_.0);
-            if name == ptr::null() {
+            if name.is_null() {
                None
            } else {
                Some(CStr::from_ptr(name as *const _).to_bytes())
@ -3464,7 +3481,7 @@ impl<S: Read + Write> SslStream<S> {
        // that it read zero bytes, but zero is also the sentinel for "error".
        // To avoid that confusion short-circuit that logic and return quickly
        // if `buf` has a length of zero.
-        if buf.len() == 0 {
+        if buf.is_empty() {
            return Ok(0);
        }
@ -3486,7 +3503,7 @@ impl<S: Read + Write> SslStream<S> {
    /// [`SSL_write`]: https://www.openssl.org/docs/manmaster/man3/SSL_write.html
    pub fn ssl_write(&mut self, buf: &[u8]) -> Result<usize, Error> {
        // See above for why we short-circuit on zero-length buffers
-        if buf.len() == 0 {
+        if buf.is_empty() {
            return Ok(0);
        }
--- a/openssl/src/ssl/test/mod.rs
+++ b/openssl/src/ssl/test/mod.rs
@ -41,9 +41,9 @@ use x509::{X509Name, X509StoreContext, X509VerifyResult, X509};
 mod server;
-static ROOT_CERT: &'static [u8] = include_bytes!("../../../test/root-ca.pem");
+static ROOT_CERT: &[u8] = include_bytes!("../../../test/root-ca.pem");
-static CERT: &'static [u8] = include_bytes!("../../../test/cert.pem");
+static CERT: &[u8] = include_bytes!("../../../test/cert.pem");
-static KEY: &'static [u8] = include_bytes!("../../../test/key.pem");
+static KEY: &[u8] = include_bytes!("../../../test/key.pem");
 #[test]
 fn verify_untrusted() {
@ -385,7 +385,7 @@ fn test_connect_with_srtp_ssl() {
            .unwrap();
        let mut profilenames = String::new();
        for profile in ssl.srtp_profiles().unwrap() {
-            if profilenames.len() > 0 {
+            if !profilenames.is_empty() {
                profilenames.push(':');
            }
            profilenames += profile.name();
@ -1310,7 +1310,7 @@ fn stateless() {
 #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
 #[test]
 fn psk_ciphers() {
-    const CIPHER: &'static str = "PSK-AES128-CBC-SHA";
+    const CIPHER: &str = "PSK-AES128-CBC-SHA";
    const PSK: &[u8] = b"thisisaverysecurekey";
    const CLIENT_IDENT: &[u8] = b"thisisaclient";
    static CLIENT_CALLED: AtomicBool = AtomicBool::new(false);
--- a/openssl/src/stack.rs
+++ b/openssl/src/stack.rs
@ -178,11 +178,16 @@ impl<T: Stackable> StackRef<T> {
        self.as_ptr() as *mut _
    }
-    /// Returns the number of items in the stack
+    /// Returns the number of items in the stack.
    pub fn len(&self) -> usize {
        unsafe { OPENSSL_sk_num(self.as_stack()) as usize }
    }
    /// Determines if the stack is empty.
    pub fn is_empty(&self) -> bool {
        self.len() == 0
    }
    pub fn iter(&self) -> Iter<T> {
        Iter {
            stack: self,
--- a/openssl/src/symm.rs
+++ b/openssl/src/symm.rs
@ -276,21 +276,29 @@ impl Cipher {
        unsafe { Cipher(ffi::EVP_chacha20_poly1305()) }
    }
    /// Creates a `Cipher` from a raw pointer to its OpenSSL type.
    ///
    /// # Safety
    ///
    /// The caller must ensure the pointer is valid for the `'static` lifetime.
    pub unsafe fn from_ptr(ptr: *const ffi::EVP_CIPHER) -> Cipher {
        Cipher(ptr)
    }
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_ptr(&self) -> *const ffi::EVP_CIPHER {
        self.0
    }
    /// Returns the length of keys used with this cipher.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn key_len(&self) -> usize {
        unsafe { EVP_CIPHER_key_length(self.0) as usize }
    }
    /// Returns the length of the IV used with this cipher, or `None` if the
    /// cipher does not use an IV.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn iv_len(&self) -> Option<usize> {
        unsafe {
            let len = EVP_CIPHER_iv_length(self.0) as usize;
@ -307,26 +315,27 @@ impl Cipher {
    /// # Note
    ///
    /// Stream ciphers such as RC4 have a block size of 1.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn block_size(&self) -> usize {
        unsafe { EVP_CIPHER_block_size(self.0) as usize }
    }
    /// Determines whether the cipher is using CCM mode
-    fn is_ccm(&self) -> bool {
+    fn is_ccm(self) -> bool {
        // NOTE: OpenSSL returns pointers to static structs, which makes this work as expected
-        *self == Cipher::aes_128_ccm() || *self == Cipher::aes_256_ccm()
+        self == Cipher::aes_128_ccm() || self == Cipher::aes_256_ccm()
    }
    /// Determines whether the cipher is using OCB mode
    #[cfg(ossl110)]
-    fn is_ocb(&self) -> bool {
+    fn is_ocb(self) -> bool {
-        *self == Cipher::aes_128_ocb() ||
+        self == Cipher::aes_128_ocb()
-        *self == Cipher::aes_192_ocb() ||
+            || self == Cipher::aes_192_ocb()
-        *self == Cipher::aes_256_ocb()
+            || self == Cipher::aes_256_ocb()
    }
    #[cfg(not(ossl110))]
-    const fn is_ocb(&self) -> bool {
+    const fn is_ocb(self) -> bool {
        false
    }
 }
@ -421,7 +430,7 @@ impl Crypter {
        unsafe {
            let ctx = cvt_p(ffi::EVP_CIPHER_CTX_new())?;
            let crypter = Crypter {
-                ctx: ctx,
+                ctx,
                block_size: t.block_size(),
            };
@ -808,12 +817,13 @@ pub fn decrypt_aead(
    c.aad_update(aad)?;
    let count = c.update(data, &mut out)?;
    let mut rest = 0;
-    if !t.is_ccm() {
+    let rest = if t.is_ccm() {
        0
    } else {
        c.set_tag(tag)?;
-        rest = c.finalize(&mut out[count..])?;
+        c.finalize(&mut out[count..])?
-    }
+    };
    out.truncate(count + rest);
    Ok(out)
@ -1458,7 +1468,7 @@ mod tests {
        )
        .unwrap();
        assert_eq!(pt, hex::encode(out));
-     }
+    }
    #[test]
    #[cfg(ossl110)]
--- a/openssl/src/x509/extension.rs
+++ b/openssl/src/x509/extension.rs
@ -33,6 +33,12 @@ pub struct BasicConstraints {
    pathlen: Option<u32>,
 }
 impl Default for BasicConstraints {
    fn default() -> BasicConstraints {
        BasicConstraints::new()
    }
 }
 impl BasicConstraints {
    /// Construct a new `BasicConstraints` extension.
    pub fn new() -> BasicConstraints {
@ -95,6 +101,12 @@ pub struct KeyUsage {
    decipher_only: bool,
 }
 impl Default for KeyUsage {
    fn default() -> KeyUsage {
        KeyUsage::new()
    }
 }
 impl KeyUsage {
    /// Construct a new `KeyUsage` extension.
    pub fn new() -> KeyUsage {
@ -228,6 +240,12 @@ pub struct ExtendedKeyUsage {
    other: Vec<String>,
 }
 impl Default for ExtendedKeyUsage {
    fn default() -> ExtendedKeyUsage {
        ExtendedKeyUsage::new()
    }
 }
 impl ExtendedKeyUsage {
    /// Construct a new `ExtendedKeyUsage` extension.
    pub fn new() -> ExtendedKeyUsage {
@ -354,6 +372,12 @@ pub struct SubjectKeyIdentifier {
    critical: bool,
 }
 impl Default for SubjectKeyIdentifier {
    fn default() -> SubjectKeyIdentifier {
        SubjectKeyIdentifier::new()
    }
 }
 impl SubjectKeyIdentifier {
    /// Construct a new `SubjectKeyIdentifier` extension.
    pub fn new() -> SubjectKeyIdentifier {
@ -384,6 +408,12 @@ pub struct AuthorityKeyIdentifier {
    issuer: Option<bool>,
 }
 impl Default for AuthorityKeyIdentifier {
    fn default() -> AuthorityKeyIdentifier {
        AuthorityKeyIdentifier::new()
    }
 }
 impl AuthorityKeyIdentifier {
    /// Construct a new `AuthorityKeyIdentifier` extension.
    pub fn new() -> AuthorityKeyIdentifier {
@ -438,6 +468,12 @@ pub struct SubjectAlternativeName {
    names: Vec<String>,
 }
 impl Default for SubjectAlternativeName {
    fn default() -> SubjectAlternativeName {
        SubjectAlternativeName::new()
    }
 }
 impl SubjectAlternativeName {
    /// Construct a new `SubjectAlternativeName` extension.
    pub fn new() -> SubjectAlternativeName {
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@ -68,7 +68,7 @@ impl X509StoreContext {
    pub fn new() -> Result<X509StoreContext, ErrorStack> {
        unsafe {
            ffi::init();
-            cvt_p(ffi::X509_STORE_CTX_new()).map(|p| X509StoreContext(p))
+            cvt_p(ffi::X509_STORE_CTX_new()).map(X509StoreContext)
        }
    }
 }
@ -849,7 +849,7 @@ impl Stackable for X509Name {
 impl X509NameRef {
    /// Returns the name entries by the nid.
-    pub fn entries_by_nid<'a>(&'a self, nid: Nid) -> X509NameEntries<'a> {
+    pub fn entries_by_nid(&self, nid: Nid) -> X509NameEntries<'_> {
        X509NameEntries {
            name: self,
            nid: Some(nid),
@ -858,7 +858,7 @@ impl X509NameRef {
    }
    /// Returns an iterator over all `X509NameEntry` values
-    pub fn entries<'a>(&'a self) -> X509NameEntries<'a> {
+    pub fn entries(&self) -> X509NameEntries<'_> {
        X509NameEntries {
            name: self,
            nid: None,
@ -1213,6 +1213,7 @@ impl X509VerifyResult {
    }
    /// Return the integer representation of an `X509VerifyResult`.
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn as_raw(&self) -> c_int {
        self.0
    }
@ -1222,6 +1223,7 @@ impl X509VerifyResult {
    /// This corresponds to [`X509_verify_cert_error_string`].
    ///
    /// [`X509_verify_cert_error_string`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_verify_cert_error_string.html
    #[allow(clippy::trivially_copy_pass_by_ref)]
    pub fn error_string(&self) -> &'static str {
        ffi::init();
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@ -22,7 +22,7 @@ fn pkey() -> PKey<Private> {
 #[test]
 fn test_cert_loading() {
    let cert = include_bytes!("../../test/cert.pem");
-    let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
+    let cert = X509::from_pem(cert).unwrap();
    let fingerprint = cert.digest(MessageDigest::sha1()).unwrap();
    let hash_str = "59172d9313e84459bcff27f967e79e6e9217e584";
@ -34,7 +34,7 @@ fn test_cert_loading() {
 #[test]
 fn test_cert_issue_validity() {
    let cert = include_bytes!("../../test/cert.pem");
-    let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
+    let cert = X509::from_pem(cert).unwrap();
    let not_before = cert.not_before().to_string();
    let not_after = cert.not_after().to_string();
@ -45,7 +45,7 @@ fn test_cert_issue_validity() {
 #[test]
 fn test_save_der() {
    let cert = include_bytes!("../../test/cert.pem");
-    let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
+    let cert = X509::from_pem(cert).unwrap();
    let der = cert.to_der().unwrap();
    assert!(!der.is_empty());
@ -101,8 +101,8 @@ fn test_nameref_iterator() {
    assert_eq!(friendly.object().nid().as_raw(), Nid::FRIENDLYNAME.as_raw());
    assert_eq!(&**friendly.data().as_utf8().unwrap(), "Example");
-    if let Some(_) = all_entries.next() {
+    if all_entries.next().is_some() {
-        assert!(false);
+        panic!();
    }
 }
@ -136,7 +136,7 @@ fn test_subject_alt_name() {
 #[test]
 fn test_subject_alt_name_iter() {
    let cert = include_bytes!("../../test/alt_name_cert.pem");
-    let cert = X509::from_pem(cert).ok().expect("Failed to load PEM");
+    let cert = X509::from_pem(cert).unwrap();
    let subject_alt_names = cert.subject_alt_names().unwrap();
    let mut subject_alt_names_iter = subject_alt_names.iter();
@ -232,7 +232,7 @@ fn x509_builder() {
        .entries_by_nid(Nid::COMMONNAME)
        .next()
        .unwrap();
-    assert_eq!("foobar.com".as_bytes(), cn.data().as_slice());
+    assert_eq!(cn.data().as_slice(), b"foobar.com");
    assert_eq!(serial, x509.serial_number().to_bn().unwrap());
 }
@ -320,6 +320,7 @@ fn signature() {
 }
 #[test]
 #[allow(clippy::redundant_clone)]
 fn clone_x509() {
    let cert = include_bytes!("../../test/cert.pem");
    let cert = X509::from_pem(cert).unwrap();
--- a/systest/build.rs
+++ b/systest/build.rs
@ -40,7 +40,7 @@ fn main() {
    }
    if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
-        for var in vars.split(",") {
+        for var in vars.split(',') {
            cfg.cfg("osslconf", Some(var));
        }
    }
@ -68,15 +68,16 @@ fn main() {
        cfg.header("openssl/cms.h");
    }
    #[allow(clippy::if_same_then_else)]
    cfg.type_name(|s, is_struct, _is_union| {
        // Add some `*` on some callback parameters to get function pointer to
        // typecheck in C, especially on MSVC.
        if s == "PasswordCallback" {
-            format!("pem_password_cb*")
+            "pem_password_cb*".to_string()
        } else if s == "bio_info_cb" {
-            format!("bio_info_cb*")
+            "bio_info_cb*".to_string()
        } else if s == "_STACK" {
-            format!("struct stack_st")
+            "struct stack_st".to_string()
        // This logic should really be cleaned up
        } else if is_struct
            && s != "point_conversion_form_t"
@ -86,7 +87,7 @@ fn main() {
        } else if s.starts_with("stack_st_") {
            format!("struct {}", s)
        } else {
-            format!("{}", s)
+            s.to_string()
        }
    });
    cfg.skip_type(|s| {
@ -130,9 +131,9 @@ fn main() {
    });
    cfg.field_name(|_s, field| {
        if field == "type_" {
-            format!("type")
+            "type".to_string()
        } else {
-            format!("{}", field)
+            field.to_string()
        }
    });
    cfg.fn_cname(|rust, link_name| link_name.unwrap_or(rust).to_string());
--- a/systest/src/main.rs
+++ b/systest/src/main.rs
@ -1,4 +1,4 @@
-#![allow(bad_style)]
+#![allow(bad_style, clippy::all)]
 extern crate libc;
 extern crate openssl_sys;