Merge pull request #765 from public/doc-tweaks
Update HMAC and Digest docs.
diff --git a/cryptography/__init__.py b/cryptography/__init__.py
index f37bd22..599bb05 100644
--- a/cryptography/__init__.py
+++ b/cryptography/__init__.py
@@ -10,6 +10,9 @@
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
from cryptography.__about__ import (
__title__, __summary__, __uri__, __version__, __author__, __email__,
__license__, __copyright__
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py
index a26dbe1..d7c867d 100644
--- a/cryptography/exceptions.py
+++ b/cryptography/exceptions.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
class UnsupportedAlgorithm(Exception):
pass
diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index 71a9fad..28d9c92 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import base64
import binascii
import os
diff --git a/cryptography/hazmat/__init__.py b/cryptography/hazmat/__init__.py
index 55c925c..2f42057 100644
--- a/cryptography/hazmat/__init__.py
+++ b/cryptography/hazmat/__init__.py
@@ -10,3 +10,5 @@
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/cryptography/hazmat/backends/__init__.py b/cryptography/hazmat/backends/__init__.py
index 406b37e..59d1bc6 100644
--- a/cryptography/hazmat/backends/__init__.py
+++ b/cryptography/hazmat/backends/__init__.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
from cryptography.hazmat.backends import openssl
from cryptography.hazmat.backends.multibackend import MultiBackend
from cryptography.hazmat.bindings.commoncrypto.binding import (
diff --git a/cryptography/hazmat/backends/commoncrypto/__init__.py b/cryptography/hazmat/backends/commoncrypto/__init__.py
index 64a1c01..f080394 100644
--- a/cryptography/hazmat/backends/commoncrypto/__init__.py
+++ b/cryptography/hazmat/backends/commoncrypto/__init__.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
from cryptography.hazmat.backends.commoncrypto.backend import backend
diff --git a/cryptography/hazmat/backends/openssl/__init__.py b/cryptography/hazmat/backends/openssl/__init__.py
index a8dfad0..25885e1 100644
--- a/cryptography/hazmat/backends/openssl/__init__.py
+++ b/cryptography/hazmat/backends/openssl/__init__.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
from cryptography.hazmat.backends.openssl.backend import backend
diff --git a/cryptography/hazmat/bindings/__init__.py b/cryptography/hazmat/bindings/__init__.py
index 55c925c..2f42057 100644
--- a/cryptography/hazmat/bindings/__init__.py
+++ b/cryptography/hazmat/bindings/__init__.py
@@ -10,3 +10,5 @@
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/cryptography/hazmat/bindings/commoncrypto/__init__.py b/cryptography/hazmat/bindings/commoncrypto/__init__.py
index 55c925c..2f42057 100644
--- a/cryptography/hazmat/bindings/commoncrypto/__init__.py
+++ b/cryptography/hazmat/bindings/commoncrypto/__init__.py
@@ -10,3 +10,5 @@
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/cryptography/hazmat/bindings/commoncrypto/binding.py b/cryptography/hazmat/bindings/commoncrypto/binding.py
index 45c0eaa..ee80942 100644
--- a/cryptography/hazmat/bindings/commoncrypto/binding.py
+++ b/cryptography/hazmat/bindings/commoncrypto/binding.py
@@ -14,6 +14,7 @@
from __future__ import absolute_import, division, print_function
import sys
+import platform
from cryptography.hazmat.bindings.utils import build_ffi
@@ -46,4 +47,5 @@
@classmethod
def is_available(cls):
- return sys.platform == "darwin"
+ return sys.platform == "darwin" and list(map(
+ int, platform.mac_ver()[0].split("."))) >= [10, 8, 0]
diff --git a/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py
index 8f03bc3..9bd03a7 100644
--- a/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py
+++ b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <CommonCrypto/CommonCryptor.h>
"""
diff --git a/cryptography/hazmat/bindings/commoncrypto/common_digest.py b/cryptography/hazmat/bindings/commoncrypto/common_digest.py
index ec0fcc9..c59200c 100644
--- a/cryptography/hazmat/bindings/commoncrypto/common_digest.py
+++ b/cryptography/hazmat/bindings/commoncrypto/common_digest.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <CommonCrypto/CommonDigest.h>
"""
diff --git a/cryptography/hazmat/bindings/commoncrypto/common_hmac.py b/cryptography/hazmat/bindings/commoncrypto/common_hmac.py
index a4bf900..4f54b62 100644
--- a/cryptography/hazmat/bindings/commoncrypto/common_hmac.py
+++ b/cryptography/hazmat/bindings/commoncrypto/common_hmac.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <CommonCrypto/CommonHMAC.h>
"""
diff --git a/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py b/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py
index 85def1e..e8cc03e 100644
--- a/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py
+++ b/cryptography/hazmat/bindings/commoncrypto/common_key_derivation.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <CommonCrypto/CommonKeyDerivation.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/__init__.py b/cryptography/hazmat/bindings/openssl/__init__.py
index 55c925c..2f42057 100644
--- a/cryptography/hazmat/bindings/openssl/__init__.py
+++ b/cryptography/hazmat/bindings/openssl/__init__.py
@@ -10,3 +10,5 @@
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/cryptography/hazmat/bindings/openssl/aes.py b/cryptography/hazmat/bindings/openssl/aes.py
index 95ed527..17c154c 100644
--- a/cryptography/hazmat/bindings/openssl/aes.py
+++ b/cryptography/hazmat/bindings/openssl/aes.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/aes.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/asn1.py b/cryptography/hazmat/bindings/openssl/asn1.py
index aeaf316..d908b19 100644
--- a/cryptography/hazmat/bindings/openssl/asn1.py
+++ b/cryptography/hazmat/bindings/openssl/asn1.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/asn1.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/bignum.py b/cryptography/hazmat/bindings/openssl/bignum.py
index e843099..a40397d 100644
--- a/cryptography/hazmat/bindings/openssl/bignum.py
+++ b/cryptography/hazmat/bindings/openssl/bignum.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/bn.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/bio.py b/cryptography/hazmat/bindings/openssl/bio.py
index 2817268..0c521b4 100644
--- a/cryptography/hazmat/bindings/openssl/bio.py
+++ b/cryptography/hazmat/bindings/openssl/bio.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/bio.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/conf.py b/cryptography/hazmat/bindings/openssl/conf.py
index 6d818cf..dda35e8 100644
--- a/cryptography/hazmat/bindings/openssl/conf.py
+++ b/cryptography/hazmat/bindings/openssl/conf.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/conf.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/crypto.py b/cryptography/hazmat/bindings/openssl/crypto.py
index 81d13b7..99e1a61 100644
--- a/cryptography/hazmat/bindings/openssl/crypto.py
+++ b/cryptography/hazmat/bindings/openssl/crypto.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/crypto.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/dh.py b/cryptography/hazmat/bindings/openssl/dh.py
index ecc62e9..1791a67 100644
--- a/cryptography/hazmat/bindings/openssl/dh.py
+++ b/cryptography/hazmat/bindings/openssl/dh.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/dh.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/bindings/openssl/dsa.py
index 664296d..40d3b8e 100644
--- a/cryptography/hazmat/bindings/openssl/dsa.py
+++ b/cryptography/hazmat/bindings/openssl/dsa.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/dsa.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py
index 9d6f7cb..2617fe2 100644
--- a/cryptography/hazmat/bindings/openssl/ec.py
+++ b/cryptography/hazmat/bindings/openssl/ec.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
diff --git a/cryptography/hazmat/bindings/openssl/engine.py b/cryptography/hazmat/bindings/openssl/engine.py
index 77118e8..364232e 100644
--- a/cryptography/hazmat/bindings/openssl/engine.py
+++ b/cryptography/hazmat/bindings/openssl/engine.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/engine.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py
index f21d98b..806d0ea 100644
--- a/cryptography/hazmat/bindings/openssl/err.py
+++ b/cryptography/hazmat/bindings/openssl/err.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/err.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/evp.py b/cryptography/hazmat/bindings/openssl/evp.py
index 77128c4..ad4b568 100644
--- a/cryptography/hazmat/bindings/openssl/evp.py
+++ b/cryptography/hazmat/bindings/openssl/evp.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/evp.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/hmac.py b/cryptography/hazmat/bindings/openssl/hmac.py
index 4b81c9d..6a64b92 100644
--- a/cryptography/hazmat/bindings/openssl/hmac.py
+++ b/cryptography/hazmat/bindings/openssl/hmac.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/hmac.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/nid.py b/cryptography/hazmat/bindings/openssl/nid.py
index a772d37..ea6fd4d 100644
--- a/cryptography/hazmat/bindings/openssl/nid.py
+++ b/cryptography/hazmat/bindings/openssl/nid.py
@@ -11,9 +11,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = ""
TYPES = """
+static const int Cryptography_HAS_ECDSA_SHA2_NIDS;
+
static const int NID_undef;
static const int NID_dsa;
static const int NID_dsaWithSHA;
@@ -189,6 +193,23 @@
"""
CUSTOMIZATIONS = """
+// OpenSSL 0.9.8g+
+#if OPENSSL_VERSION_NUMBER >= 0x0090807fL
+static const long Cryptography_HAS_ECDSA_SHA2_NIDS = 1;
+#else
+static const long Cryptography_HAS_ECDSA_SHA2_NIDS = 0;
+static const int NID_ecdsa_with_SHA224 = 0;
+static const int NID_ecdsa_with_SHA256 = 0;
+static const int NID_ecdsa_with_SHA384 = 0;
+static const int NID_ecdsa_with_SHA512 = 0;
+#endif
"""
-CONDITIONAL_NAMES = {}
+CONDITIONAL_NAMES = {
+ "Cryptography_HAS_ECDSA_SHA2_NIDS": [
+ "NID_ecdsa_with_SHA224",
+ "NID_ecdsa_with_SHA256",
+ "NID_ecdsa_with_SHA384",
+ "NID_ecdsa_with_SHA512",
+ ],
+}
diff --git a/cryptography/hazmat/bindings/openssl/objects.py b/cryptography/hazmat/bindings/openssl/objects.py
index 0abc42d..557c015 100644
--- a/cryptography/hazmat/bindings/openssl/objects.py
+++ b/cryptography/hazmat/bindings/openssl/objects.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/objects.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/opensslv.py b/cryptography/hazmat/bindings/openssl/opensslv.py
index 397f4ca..e4aa621 100644
--- a/cryptography/hazmat/bindings/openssl/opensslv.py
+++ b/cryptography/hazmat/bindings/openssl/opensslv.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/opensslv.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/osrandom_engine.py b/cryptography/hazmat/bindings/openssl/osrandom_engine.py
index 0903a4b..462997c 100644
--- a/cryptography/hazmat/bindings/openssl/osrandom_engine.py
+++ b/cryptography/hazmat/bindings/openssl/osrandom_engine.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#ifdef _WIN32
#include <Wincrypt.h>
diff --git a/cryptography/hazmat/bindings/openssl/pem.py b/cryptography/hazmat/bindings/openssl/pem.py
index 942cba3..e42fc6f 100644
--- a/cryptography/hazmat/bindings/openssl/pem.py
+++ b/cryptography/hazmat/bindings/openssl/pem.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/pem.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/pkcs12.py b/cryptography/hazmat/bindings/openssl/pkcs12.py
index bd01e75..a8f106f 100644
--- a/cryptography/hazmat/bindings/openssl/pkcs12.py
+++ b/cryptography/hazmat/bindings/openssl/pkcs12.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/pkcs12.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/pkcs7.py b/cryptography/hazmat/bindings/openssl/pkcs7.py
index 43f9540..1343e56 100644
--- a/cryptography/hazmat/bindings/openssl/pkcs7.py
+++ b/cryptography/hazmat/bindings/openssl/pkcs7.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/pkcs7.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/rand.py b/cryptography/hazmat/bindings/openssl/rand.py
index 0e645fb..7b1be9d 100644
--- a/cryptography/hazmat/bindings/openssl/rand.py
+++ b/cryptography/hazmat/bindings/openssl/rand.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/rand.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py
index f895cd0..c635610 100644
--- a/cryptography/hazmat/bindings/openssl/rsa.py
+++ b/cryptography/hazmat/bindings/openssl/rsa.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/rsa.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py
index 25bef49..362e24e 100644
--- a/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/cryptography/hazmat/bindings/openssl/ssl.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/ssl.h>
"""
diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/bindings/openssl/x509.py
index 95c88b3..e800d27 100644
--- a/cryptography/hazmat/bindings/openssl/x509.py
+++ b/cryptography/hazmat/bindings/openssl/x509.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/ssl.h>
@@ -120,8 +122,6 @@
int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *);
int X509_REQ_verify(X509_REQ *, EVP_PKEY *);
EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *);
-int X509_REQ_add_extensions(X509_REQ *, X509_EXTENSIONS *);
-X509_EXTENSIONS *X509_REQ_get_extensions(X509_REQ *);
int X509_REQ_print_ex(BIO *, X509_REQ *, unsigned long, unsigned long);
int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int);
@@ -208,9 +208,18 @@
/* These aren't macros these arguments are all const X on openssl > 1.0.x */
int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *);
int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
+
+/* these use STACK_OF(X509_EXTENSION) in 0.9.8e. Once we drop support for
+ RHEL/CentOS 5 we should move these back to FUNCTIONS. */
+int X509_REQ_add_extensions(X509_REQ *, X509_EXTENSIONS *);
+X509_EXTENSIONS *X509_REQ_get_extensions(X509_REQ *);
"""
CUSTOMIZATIONS = """
+// OpenSSL 0.9.8e does not have this definition
+#if OPENSSL_VERSION_NUMBER <= 0x0090805fL
+typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
+#endif
"""
CONDITIONAL_NAMES = {}
diff --git a/cryptography/hazmat/bindings/openssl/x509name.py b/cryptography/hazmat/bindings/openssl/x509name.py
index bf627d6..50abee2 100644
--- a/cryptography/hazmat/bindings/openssl/x509name.py
+++ b/cryptography/hazmat/bindings/openssl/x509name.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/x509.h>
diff --git a/cryptography/hazmat/bindings/openssl/x509v3.py b/cryptography/hazmat/bindings/openssl/x509v3.py
index 6d2d236..02ec250 100644
--- a/cryptography/hazmat/bindings/openssl/x509v3.py
+++ b/cryptography/hazmat/bindings/openssl/x509v3.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
INCLUDES = """
#include <openssl/x509v3.h>
"""
diff --git a/cryptography/hazmat/primitives/__init__.py b/cryptography/hazmat/primitives/__init__.py
index e69de29..2f42057 100644
--- a/cryptography/hazmat/primitives/__init__.py
+++ b/cryptography/hazmat/primitives/__init__.py
@@ -0,0 +1,14 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/cryptography/hazmat/primitives/asymmetric/__init__.py b/cryptography/hazmat/primitives/asymmetric/__init__.py
index e69de29..2f42057 100644
--- a/cryptography/hazmat/primitives/asymmetric/__init__.py
+++ b/cryptography/hazmat/primitives/asymmetric/__init__.py
@@ -0,0 +1,14 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/cryptography/hazmat/primitives/kdf/__init__.py b/cryptography/hazmat/primitives/kdf/__init__.py
index e69de29..2f42057 100644
--- a/cryptography/hazmat/primitives/kdf/__init__.py
+++ b/cryptography/hazmat/primitives/kdf/__init__.py
@@ -0,0 +1,14 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index af15b64..1a46441 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import six
from cryptography import utils
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index 1717262..bf634a6 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import cffi
import six
diff --git a/cryptography/hazmat/primitives/twofactor/__init__.py b/cryptography/hazmat/primitives/twofactor/__init__.py
index e69de29..2f42057 100644
--- a/cryptography/hazmat/primitives/twofactor/__init__.py
+++ b/cryptography/hazmat/primitives/twofactor/__init__.py
@@ -0,0 +1,14 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/docs/conf.py b/docs/conf.py
index 3486fb3..9b73a5b 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -1,4 +1,18 @@
# -*- coding: utf-8 -*-
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
#
# Cryptography documentation build configuration file, created by
# sphinx-quickstart on Tue Aug 6 19:19:14 2013.
@@ -11,6 +25,8 @@
# All configuration values have a default; values that are commented out
# serve to show the default.
+from __future__ import absolute_import, division, print_function
+
import os
import sys
diff --git a/docs/cryptography-docs.py b/docs/cryptography-docs.py
index 0252d69..e4e9296 100644
--- a/docs/cryptography-docs.py
+++ b/docs/cryptography-docs.py
@@ -1,3 +1,18 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
from docutils import nodes
from sphinx.util.compat import Directive, make_admonition
diff --git a/docs/development/custom-vectors/cast5/generate_cast5.py b/docs/development/custom-vectors/cast5/generate_cast5.py
index 32ef3b4..9dd241c 100644
--- a/docs/development/custom-vectors/cast5/generate_cast5.py
+++ b/docs/development/custom-vectors/cast5/generate_cast5.py
@@ -1,3 +1,18 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
import binascii
from cryptography.hazmat.backends import default_backend
diff --git a/docs/hazmat/backends/commoncrypto.rst b/docs/hazmat/backends/commoncrypto.rst
index 16a6133..d31391d 100644
--- a/docs/hazmat/backends/commoncrypto.rst
+++ b/docs/hazmat/backends/commoncrypto.rst
@@ -3,7 +3,8 @@
CommonCrypto Backend
====================
-The `CommonCrypto`_ C library provided by Apple on OS X and iOS.
+The `CommonCrypto`_ C library provided by Apple on OS X and iOS. The CommonCrypto
+backend is only supported on OS X versions 10.8 and above.
.. currentmodule:: cryptography.hazmat.backends.commoncrypto.backend
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 2bc25c5..2ee5085 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -13,23 +13,25 @@
iv = binascii.unhexlify(b"0" * 32)
-Symmetric encryption is a way to encrypt (hide the plaintext value) material
-where the sender and receiver both use the same key. Note that symmetric
-encryption is **not** sufficient for most applications, because it only
-provides secrecy (an attacker can't see the message) but not authenticity (an
-attacker can create bogus messages and force the application to decrypt them).
+Symmetric encryption is a way to `encrypt`_ or hide the contents of material
+where the sender and receiver both use the same secret key. Note that symmetric
+encryption is **not** sufficient for most applications because it only
+provides secrecy but not authenticity. That means an attacker can't see the
+message but an attacker can create bogus messages and force the application to
+decrypt them.
+
For this reason it is *strongly* recommended to combine encryption with a
message authentication code, such as :doc:`HMAC </hazmat/primitives/hmac>`, in
an "encrypt-then-MAC" formulation as `described by Colin Percival`_.
.. class:: Cipher(algorithm, mode, backend)
- Cipher objects combine an algorithm (such as
- :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`) with a
- mode (such as
+ Cipher objects combine an algorithm such as
+ :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` with a
+ mode like
:class:`~cryptography.hazmat.primitives.ciphers.modes.CBC` or
- :class:`~cryptography.hazmat.primitives.ciphers.modes.CTR`). A simple
- example of encrypting (and then decrypting) content with AES is:
+ :class:`~cryptography.hazmat.primitives.ciphers.modes.CTR`. A simple
+ example of encrypting and then decrypting content with AES is:
.. doctest::
@@ -62,7 +64,7 @@
If the backend doesn't support the requested combination of ``cipher``
and ``mode`` an :class:`~cryptography.exceptions.UnsupportedCipher`
- will be raised.
+ exception will be raised.
.. method:: decryptor()
@@ -72,7 +74,7 @@
If the backend doesn't support the requested combination of ``cipher``
and ``mode`` an :class:`cryptography.exceptions.UnsupportedCipher`
- will be raised.
+ exception will be raised.
.. _symmetric-encryption-algorithms:
@@ -87,17 +89,17 @@
AES is both fast, and cryptographically strong. It is a good default
choice for encryption.
- :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.
- This must be kept secret.
+ :param bytes key: The secret key. This must be kept secret. Either ``128``,
+ ``192``, or ``256`` bits long.
.. class:: Camellia(key)
- Camellia is a block cipher approved for use by CRYPTREC and ISO/IEC.
- It is considered to have comparable security and performance to AES, but
+ Camellia is a block cipher approved for use by `CRYPTREC`_ and ISO/IEC.
+ It is considered to have comparable security and performance to AES but
is not as widely studied or deployed.
- :param bytes key: The secret key, either ``128``, ``192``, or ``256`` bits.
- This must be kept secret.
+ :param bytes key: The secret key. This must be kept secret. Either ``128``,
+ ``192``, or ``256`` bits long.
.. class:: TripleDES(key)
@@ -107,12 +109,11 @@
Nonetheless, Triples DES is not recommended for new applications because it
is incredibly slow; old applications should consider moving away from it.
- :param bytes key: The secret key, either ``64``, ``128``, or ``192`` bits
- (note that DES functionally uses ``56``, ``112``, or ``168`` bits of
- the key, there is a parity byte in each component of the key), in some
- materials these are referred to as being up to three separate keys
- (each ``56`` bits long), they can simply be concatenated to produce the
- full key. This must be kept secret.
+ :param bytes key: The secret key. This must be kept secret. Either ``64``,
+ ``128``, or ``192`` bits long. DES only uses ``56``, ``112``, or ``168``
+ bits of the key as there is a parity byte in each component of the key.
+ Some writing refers to there being up to three separate keys that are each
+ ``56`` bits long, they can simply be concatenated to produce the full key.
.. class:: CAST5(key)
@@ -122,8 +123,8 @@
Canadian government by the `Communications Security Establishment`_. It is
a variable key length cipher and supports keys from 40-128 bits in length.
- :param bytes key: The secret key, 40-128 bits in length (in increments of
- 8). This must be kept secret.
+ :param bytes key: The secret key, This must be kept secret. 40 to 128 bits
+ in length in increments of 8 bits.
Weak Ciphers
------------
@@ -138,10 +139,10 @@
Blowfish is a block cipher developed by Bruce Schneier. It is known to be
susceptible to attacks when using weak keys. The author has recommended
- that users of Blowfish move to newer algorithms, such as :class:`AES`.
+ that users of Blowfish move to newer algorithms such as :class:`AES`.
- :param bytes key: The secret key, 32-448 bits in length (in increments of
- 8). This must be kept secret.
+ :param bytes key: The secret key. This must be kept secret. 32 to 448 bits
+ in length in increments of 8 bits.
.. class:: ARC4(key)
@@ -149,8 +150,8 @@
initial stream output. Its use is strongly discouraged. ARC4 does not use
mode constructions.
- :param bytes key: The secret key, ``40``, ``56``, ``64``, ``80``, ``128``,
- ``192``, or ``256`` bits in length. This must be kept secret.
+ :param bytes key: The secret key. This must be kept secret. Either ``40``,
+ ``56``, ``64``, ``80``, ``128``, ``192``, or ``256`` bits in length.
.. doctest::
@@ -174,16 +175,16 @@
.. class:: CBC(initialization_vector)
- CBC (Cipher block chaining) is a mode of operation for block ciphers. It is
+ CBC (Cipher Block Chaining) is a mode of operation for block ciphers. It is
considered cryptographically strong.
**Padding is required when using this mode.**
:param bytes initialization_vector: Must be random bytes. They do not need
- to be kept secret (they can be included in a transmitted message). Must
- be the same number of bytes as the ``block_size`` of the cipher. Each
- time something is encrypted a new ``initialization_vector`` should be
- generated. Do not reuse an ``initialization_vector`` with a given
+ to be kept secret and they can be included in a transmitted message.
+ Must be the same number of bytes as the ``block_size`` of the cipher.
+ Each time something is encrypted a new ``initialization_vector`` should
+ be generated. Do not reuse an ``initialization_vector`` with a given
``key``, and particularly do not use a constant
``initialization_vector``.
@@ -223,7 +224,7 @@
compromises the security of every message encrypted with that key. Must
be the same number of bytes as the ``block_size`` of the cipher with a
given key. The nonce does not need to be kept secret and may be
- included alongside the ciphertext.
+ included with the ciphertext.
.. class:: OFB(initialization_vector)
@@ -233,9 +234,9 @@
**This mode does not require padding.**
:param bytes initialization_vector: Must be random bytes. They do not need
- to be kept secret (they can be included in a transmitted message). Must
- be the same number of bytes as the ``block_size`` of the cipher. Do not
- reuse an ``initialization_vector`` with a given ``key``.
+ to be kept secret and they can be included in a transmitted message.
+ Must be the same number of bytes as the ``block_size`` of the cipher.
+ Do not reuse an ``initialization_vector`` with a given ``key``.
.. class:: CFB(initialization_vector)
@@ -245,38 +246,38 @@
**This mode does not require padding.**
:param bytes initialization_vector: Must be random bytes. They do not need
- to be kept secret (they can be included in a transmitted message). Must
- be the same number of bytes as the ``block_size`` of the cipher. Do not
- reuse an ``initialization_vector`` with a given ``key``.
+ to be kept secret and they can be included in a transmitted message.
+ Must be the same number of bytes as the ``block_size`` of the cipher.
+ Do not reuse an ``initialization_vector`` with a given ``key``.
.. class:: GCM(initialization_vector, tag=None)
.. danger::
- When using this mode you MUST not use the decrypted data until
+ When using this mode you **must** not use the decrypted data until
:meth:`~cryptography.hazmat.primitives.interfaces.CipherContext.finalize`
- has been called. GCM provides NO guarantees of ciphertext integrity
+ has been called. GCM provides **no** guarantees of ciphertext integrity
until decryption is complete.
GCM (Galois Counter Mode) is a mode of operation for block ciphers. An
AEAD (authenticated encryption with additional data) mode is a type of
- block cipher mode that encrypts the message as well as authenticating it
- (and optionally additional data that is not encrypted) simultaneously.
- Additional means of verifying integrity (like
- :doc:`HMAC </hazmat/primitives/hmac>`) are not necessary.
+ block cipher mode that simultaneously encrypts the message as well as
+ authenticating it. Additional unencrypted data may also be authenticated.
+ Additional means of verifying integrity such as
+ :doc:`HMAC </hazmat/primitives/hmac>` are not necessary.
**This mode does not require padding.**
:param bytes initialization_vector: Must be random bytes. They do not need
- to be kept secret (they can be included in a transmitted message). NIST
- `recommends 96-bit IV length`_ for performance critical situations, but
- it can be up to 2\ :sup:`64` - 1 bits. Do not reuse an
+ to be kept secret and they can be included in a transmitted message.
+ NIST `recommends a 96-bit IV length`_ for performance critical
+ situations but it can be up to 2\ :sup:`64` - 1 bits. Do not reuse an
``initialization_vector`` with a given ``key``.
.. note::
- Cryptography will emit a 128-bit tag when finalizing encryption.
- You can shorten a tag by truncating it to the desired length, but this
+ Cryptography will generate a 128-bit tag when finalizing encryption.
+ You can shorten a tag by truncating it to the desired length but this
is **not recommended** as it lowers the security margins of the
authentication (`NIST SP-800-38D`_ recommends 96-bits or greater).
If you must shorten the tag the minimum allowed length is 4 bytes
@@ -298,8 +299,8 @@
# Generate a random 96-bit IV.
iv = os.urandom(12)
- # Construct a AES-GCM Cipher object with the given and our randomly
- # generated IV.
+ # Construct a AES-GCM Cipher object with the given key and a
+ # randomly generated IV.
encryptor = Cipher(
algorithms.AES(key),
modes.GCM(iv),
@@ -371,7 +372,7 @@
ECB (Electronic Code Book) is the simplest mode of operation for block
ciphers. Each block of data is encrypted in the same way. This means
identical plaintext blocks will always result in identical ciphertext
- blocks, and thus result in information leakage
+ blocks, which can leave `significant patterns in the output`_.
**Padding is required when using this mode.**
@@ -386,12 +387,13 @@
context. Once that is done call ``finalize()`` to finish the operation and
obtain the remainder of the data.
- Block ciphers require that plaintext or ciphertext always be a multiple of
- their block size, because of that **padding** is sometimes required to make
- a message the correct size. ``CipherContext`` will not automatically apply
- any padding; you'll need to add your own. For block ciphers the recommended
- padding is :class:`cryptography.hazmat.primitives.padding.PKCS7`. If you
- are using a stream cipher mode (such as
+ Block ciphers require that the plaintext or ciphertext always be a multiple
+ of their block size. Because of that **padding** is sometimes required to
+ make a message the correct size. ``CipherContext`` will not automatically
+ apply any padding; you'll need to add your own. For block ciphers the
+ recommended padding is
+ :class:`cryptography.hazmat.primitives.padding.PKCS7`. If you are using a
+ stream cipher mode (such as
:class:`cryptography.hazmat.primitives.modes.CTR`) you don't have to worry
about this.
@@ -404,31 +406,31 @@
When the ``Cipher`` was constructed in a mode that turns it into a
stream cipher (e.g.
:class:`cryptography.hazmat.primitives.ciphers.modes.CTR`), this will
- return bytes immediately, however in other modes it will return chunks,
+ return bytes immediately, however in other modes it will return chunks
whose size is determined by the cipher's block size.
.. method:: finalize()
:return bytes: Returns the remainder of the data.
:raises ValueError: This is raised when the data provided isn't
- correctly padded to be a multiple of the algorithm's block size.
+ a multiple of the algorithm's block size.
Once ``finalize`` is called this object can no longer be used and
- :meth:`update` and :meth:`finalize` will raise
- :class:`~cryptography.exceptions.AlreadyFinalized`.
+ :meth:`update` and :meth:`finalize` will raise an
+ :class:`~cryptography.exceptions.AlreadyFinalized` exception.
.. class:: AEADCipherContext
- When calling ``encryptor()`` or ``decryptor()`` on a ``Cipher`` object
+ When calling ``encryptor`` or ``decryptor`` on a ``Cipher`` object
with an AEAD mode (e.g.
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM`) the result will
conform to the ``AEADCipherContext`` and ``CipherContext`` interfaces. If
it is an encryption context it will additionally be an
- ``AEADEncryptionContext`` interface. ``AEADCipherContext`` contains an
- additional method ``authenticate_additional_data`` for adding additional
- authenticated but unencrypted data (see note below). You should call this
- before calls to ``update``. When you are done call ``finalize()`` to finish
- the operation.
+ ``AEADEncryptionContext`` provider. ``AEADCipherContext`` contains an
+ additional method :meth:`authenticate_additional_data` for adding
+ additional authenticated but unencrypted data (see note below). You should
+ call this before calls to ``update``. When you are done call `finalize``
+ to finish the operation.
.. note::
@@ -444,12 +446,13 @@
.. class:: AEADEncryptionContext
- When creating an encryption context using ``encryptor()`` on a ``Cipher``
- object with an AEAD mode (e.g.
- :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM`) you will receive
- a return object conforming to the ``AEADEncryptionContext`` interface (as
- well as ``AEADCipherContext``). This interface provides one additional
- attribute ``tag``. ``tag`` can only be obtained after ``finalize()``.
+ When creating an encryption context using ``encryptor`` on a ``Cipher``
+ object with an AEAD mode such as
+ :class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` an object
+ conforming to both the ``AEADEncryptionContext`` and ``AEADCipherContext``
+ interfaces will be returned. This interface provides one
+ additional attribute ``tag``. ``tag`` can only be obtained after
+ ``finalize`` has been called.
.. attribute:: tag
@@ -459,6 +462,9 @@
.. _`described by Colin Percival`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
-.. _`recommends 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
+.. _`recommends a 96-bit IV length`: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
.. _`NIST SP-800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
.. _`Communications Security Establishment`: http://www.cse-cst.gc.ca
+.. _`encrypt`: https://ssd.eff.org/tech/encryption
+.. _`CRYPTREC`: http://www.cryptrec.go.jp/english/
+.. _`significant patterns in the output`: http://en.wikipedia.org/wiki/Cipher_block_chaining#Electronic_codebook_.28ECB.29
diff --git a/setup.py b/setup.py
index 238ee9b..7f7ba9e 100644
--- a/setup.py
+++ b/setup.py
@@ -10,6 +10,9 @@
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
import os
import sys
from distutils.command.build import build
diff --git a/tests/__init__.py b/tests/__init__.py
index e69de29..2f42057 100644
--- a/tests/__init__.py
+++ b/tests/__init__.py
@@ -0,0 +1,14 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/tests/conftest.py b/tests/conftest.py
index 64982ef..0069f2c 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -1,3 +1,18 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
import pytest
from cryptography.hazmat.backends import _ALL_BACKENDS
diff --git a/tests/hazmat/__init__.py b/tests/hazmat/__init__.py
index e69de29..2f42057 100644
--- a/tests/hazmat/__init__.py
+++ b/tests/hazmat/__init__.py
@@ -0,0 +1,14 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/tests/hazmat/backends/__init__.py b/tests/hazmat/backends/__init__.py
index e69de29..2f42057 100644
--- a/tests/hazmat/backends/__init__.py
+++ b/tests/hazmat/backends/__init__.py
@@ -0,0 +1,14 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py
index 7feb0c7..1062b2b 100644
--- a/tests/hazmat/backends/test_commoncrypto.py
+++ b/tests/hazmat/backends/test_commoncrypto.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import pytest
from cryptography import utils
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index 87ef044..31fb0a2 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import pytest
from cryptography import utils
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index c679218..599d153 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import pytest
from cryptography import utils
diff --git a/tests/hazmat/bindings/test_commoncrypto.py b/tests/hazmat/bindings/test_commoncrypto.py
index db3d1b7..0332674 100644
--- a/tests/hazmat/bindings/test_commoncrypto.py
+++ b/tests/hazmat/bindings/test_commoncrypto.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import pytest
from cryptography.hazmat.bindings.commoncrypto.binding import Binding
diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
index c476390..acab22b 100644
--- a/tests/hazmat/bindings/test_openssl.py
+++ b/tests/hazmat/bindings/test_openssl.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import pytest
from cryptography.hazmat.bindings.openssl.binding import Binding
diff --git a/tests/hazmat/primitives/__init__.py b/tests/hazmat/primitives/__init__.py
index e69de29..2f42057 100644
--- a/tests/hazmat/primitives/__init__.py
+++ b/tests/hazmat/primitives/__init__.py
@@ -0,0 +1,14 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/tests/hazmat/primitives/test_padding.py b/tests/hazmat/primitives/test_padding.py
index 6a2b624..932cef1 100644
--- a/tests/hazmat/primitives/test_padding.py
+++ b/tests/hazmat/primitives/test_padding.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import pytest
import six
diff --git a/tests/hazmat/primitives/twofactor/__init__.py b/tests/hazmat/primitives/twofactor/__init__.py
index e69de29..2f42057 100644
--- a/tests/hazmat/primitives/twofactor/__init__.py
+++ b/tests/hazmat/primitives/twofactor/__init__.py
@@ -0,0 +1,14 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py
index 0f8c4a5..bc907c9 100644
--- a/tests/hazmat/primitives/twofactor/test_hotp.py
+++ b/tests/hazmat/primitives/twofactor/test_hotp.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import os
import pytest
diff --git a/tests/hazmat/primitives/twofactor/test_totp.py b/tests/hazmat/primitives/twofactor/test_totp.py
index a4a108b..f3bddb8 100644
--- a/tests/hazmat/primitives/twofactor/test_totp.py
+++ b/tests/hazmat/primitives/twofactor/test_totp.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import pytest
from cryptography.exceptions import InvalidToken
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 5a8dc3a..f0a0031 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -1,3 +1,18 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, division, print_function
+
import binascii
import os
diff --git a/tests/test_fernet.py b/tests/test_fernet.py
index bd4d90a..36e8729 100644
--- a/tests/test_fernet.py
+++ b/tests/test_fernet.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import base64
import calendar
import json
diff --git a/tests/test_utils.py b/tests/test_utils.py
index 622a665..352085a 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import os
import textwrap
diff --git a/tests/utils.py b/tests/utils.py
index 0d9567f..519edb4 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -11,6 +11,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from __future__ import absolute_import, division, print_function
+
import collections
import os