Document items behind feature flags
Closes: #22
Change-Id: I278a7d306a7963ecc3f95032e69d1b8d2662b28f
diff --git a/src/bytes.rs b/src/bytes.rs
index f2ef7e0..0f63691 100644
--- a/src/bytes.rs
+++ b/src/bytes.rs
@@ -1,4 +1,6 @@
//! Byte manipulation.
+//!
+//! *This module is available if Mundane is built with the `bytes` feature.*
use boringssl;
diff --git a/src/hash.rs b/src/hash.rs
index 02c8a31..9c5eb8c 100644
--- a/src/hash.rs
+++ b/src/hash.rs
@@ -5,6 +5,8 @@
// https://opensource.org/licenses/MIT.
//! Cryptographic hash functions.
+//!
+//! *This module is available if Mundane is built with the `insecure` feature.*
use std::fmt::{self, Debug, Display, Formatter};
diff --git a/src/insecure.rs b/src/insecure.rs
index e4384ef..acf4150 100644
--- a/src/insecure.rs
+++ b/src/insecure.rs
@@ -9,12 +9,16 @@
//! This module contains cryptographic operations which are considered insecure.
//! These operations should only be used for compatibility with legacy systems -
//! never in new systems!
+//!
+//! *This module is available if Mundane is built with the `insecure` feature.*
#![deprecated(note = "insecure cryptographic operations")]
#[allow(deprecated)]
+#[cfg(feature = "insecure")]
pub use hash::insecure_sha1_digest::InsecureSha1Digest;
#[allow(deprecated)]
+#[cfg(feature = "insecure")]
pub use hmac::insecure_hmac_sha1::InsecureHmacSha1;
#[cfg(feature = "kdf")]
diff --git a/src/kdf.rs b/src/kdf.rs
index 3ed0fb3..36f2158 100644
--- a/src/kdf.rs
+++ b/src/kdf.rs
@@ -11,6 +11,8 @@
//! probably be using something else. In particular:
//! - If you need password verification, see the [`password`] module.
//!
+//! *This module is available if Mundane is built with the `kdf` feature.*
+//!
//! [`password`]: ::password
use std::num::NonZeroU32;
diff --git a/src/lib.rs b/src/lib.rs
index 5d66754..3de2032 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -53,17 +53,17 @@
// Forbid unsafe code except in the boringssl module.
#[allow(unsafe_code)]
mod boringssl;
-#[cfg(feature = "bytes")]
+#[cfg(any(doc, feature = "bytes"))]
#[forbid(unsafe_code)]
pub mod bytes;
#[forbid(unsafe_code)]
pub mod hash;
#[forbid(unsafe_code)]
pub mod hmac;
-#[cfg(feature = "insecure")]
+#[cfg(any(doc, feature = "insecure"))]
#[forbid(unsafe_code)]
pub mod insecure;
-#[cfg(feature = "kdf")]
+#[cfg(any(doc, feature = "kdf"))]
#[forbid(unsafe_code)]
pub mod kdf;
#[forbid(unsafe_code)]
diff --git a/src/public/rsa/mod.rs b/src/public/rsa/mod.rs
index bd4b50a..e607e36 100644
--- a/src/public/rsa/mod.rs
+++ b/src/public/rsa/mod.rs
@@ -371,7 +371,9 @@
/// This signature scheme is old, and considered less secure than RSA-PSS. It
/// should only be used for compatibility with legacy systems - never in new
/// systems!
-#[cfg(feature = "rsa-pkcs1v15")]
+///
+/// *This signature scheme is available if Mundane is built with the `rsa-pkcs1v15` feature.*
+#[cfg(any(doc, feature = "rsa-pkcs1v15"))]
#[derive(Copy, Clone, Default, Debug, Eq, PartialEq, Hash)]
pub struct RsaPkcs1v15;