3 files changed, 56 insertions, 36 deletions

diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index 2700154c..7bae7142 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -154,21 +154,39 @@ RSA
             :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`
             it may also be raised for invalid label values.
 
-        .. code-block:: python
+        .. doctest::
 
-            from cryptography.hazmat.backends import default_backend
-            from cryptography.hazmat.primitives import hashes
-            from cryptography.hazmat.primitives.asymmetric import padding
+            >>> from cryptography.hazmat.backends import default_backend
+            >>> from cryptography.hazmat.primitives import hashes
+            >>> from cryptography.hazmat.primitives.asymmetric import padding
 
-            plaintext = private_key.decrypt(
-                ciphertext,
-                padding.OAEP(
-                    mgf=padding.MGF1(algorithm=hashes.SHA1()),
-                    algorithm=hashes.SHA1(),
-                    label=None
-                ),
-                default_backend()
-            )
+            >>> # Generate a key
+            >>> private_key = rsa.RSAPrivateKey.generate(
+            ...     public_exponent=65537,
+            ...     key_size=2048,
+            ...     backend=default_backend()
+            ... )
+            >>> public_key = private_key.public_key()
+            >>> # encrypt some data
+            >>> ciphertext = public_key.encrypt(
+            ...     b"encrypted data",
+            ...     padding.OAEP(
+            ...         mgf=padding.MGF1(algorithm=hashes.SHA1()),
+            ...         algorithm=hashes.SHA1(),
+            ...         label=None
+            ...     ),
+            ...     default_backend()
+            ... )
+            >>> # Now do the actual decryption
+            >>> plaintext = private_key.decrypt(
+            ...     ciphertext,
+            ...     padding.OAEP(
+            ...         mgf=padding.MGF1(algorithm=hashes.SHA1()),
+            ...         algorithm=hashes.SHA1(),
+            ...         label=None
+            ...     ),
+            ...     default_backend()
+            ... )
 
 
 .. class:: RSAPublicKey(public_exponent, modulus)
@@ -306,27 +324,29 @@ RSA
             :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`
             it may also be raised for invalid label values.
 
-        .. code-block:: python
-
-            from cryptography.hazmat.backends import default_backend
-            from cryptography.hazmat.primitives import hashes
-            from cryptography.hazmat.primitives.asymmetric import padding, rsa
-
-            private_key = rsa.RSAPrivateKey.generate(
-                public_exponent=65537,
-                key_size=2048,
-                backend=default_backend()
-            )
-            public_key = private_key.public_key()
-            ciphertext = public_key.encrypt(
-                plaintext,
-                padding.OAEP(
-                    mgf=padding.MGF1(algorithm=hashes.SHA1()),
-                    algorithm=hashes.SHA1(),
-                    label=None
-                ),
-                default_backend()
-            )
+        .. doctest::
+
+            >>> from cryptography.hazmat.backends import default_backend
+            >>> from cryptography.hazmat.primitives import hashes
+            >>> from cryptography.hazmat.primitives.asymmetric import padding
+
+            >>> # Generate a key
+            >>> private_key = rsa.RSAPrivateKey.generate(
+            ...     public_exponent=65537,
+            ...     key_size=2048,
+            ...     backend=default_backend()
+            ... )
+            >>> public_key = private_key.public_key()
+            >>> # encrypt some data
+            >>> ciphertext = public_key.encrypt(
+            ...     b"encrypted data",
+            ...     padding.OAEP(
+            ...         mgf=padding.MGF1(algorithm=hashes.SHA1()),
+            ...         algorithm=hashes.SHA1(),
+            ...         label=None
+            ...     ),
+            ...     default_backend()
+            ... )
 
 
 Handling partial RSA private keys
diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst
index fdc540b9..de6bf5f8 100644
--- a/docs/hazmat/primitives/key-derivation-functions.rst
+++ b/docs/hazmat/primitives/key-derivation-functions.rst
@@ -194,7 +194,7 @@ Different KDFs are suitable for different tasks such as:
     .. method:: derive(key_material)
 
         :param bytes key_material: The input key material.
-        :retunr bytes: The derived key.
+        :return bytes: The derived key.
 
         Derives a new key from the input key material by performing both the
         extract and expand operations.
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 78bf6637..e5d8c65b 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -20,7 +20,7 @@ provides secrecy but not authenticity. That means an attacker can't see the
 message but an attacker can create bogus messages and force the application to
 decrypt them.
 
-For this reason it is *strongly* recommended to combine encryption with a
+For this reason it is **strongly** recommended to combine encryption with a
 message authentication code, such as :doc:`HMAC </hazmat/primitives/mac/hmac>`, in
 an "encrypt-then-MAC" formulation as `described by Colin Percival`_.