fix SSL_OP_ALL being unusable on Windows due to long being 32-bit signed

2 files changed, 49 insertions, 13 deletions

diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py
index 094310f3..7ed42f9f 100644
--- a/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/cryptography/hazmat/bindings/openssl/ssl.py
@@ -237,26 +237,28 @@ size_t SSL_get_peer_finished(const SSL *, void *, size_t);
 """
 
 MACROS = """
-long SSL_set_mode(SSL *, long);
-long SSL_get_mode(SSL *);
+unsigned long SSL_set_mode(SSL *, unsigned long);
+unsigned long SSL_get_mode(SSL *);
 
-long SSL_set_options(SSL *, long);
-long SSL_get_options(SSL *);
+unsigned long SSL_set_options(SSL *, unsigned long);
+unsigned long SSL_get_options(SSL *);
 
 int SSL_want_read(const SSL *);
 int SSL_want_write(const SSL *);
 
 long SSL_total_renegotiations(SSL *);
 
-long SSL_CTX_set_options(SSL_CTX *, long);
-long SSL_CTX_get_options(SSL_CTX *);
-long SSL_CTX_set_mode(SSL_CTX *, long);
-long SSL_CTX_get_mode(SSL_CTX *);
-long SSL_CTX_set_session_cache_mode(SSL_CTX *, long);
-long SSL_CTX_get_session_cache_mode(SSL_CTX *);
-long SSL_CTX_set_tmp_dh(SSL_CTX *, DH *);
-long SSL_CTX_set_tmp_ecdh(SSL_CTX *, EC_KEY *);
-long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *);
+/* Defined as unsigned long because SSL_OP_ALL is greater than signed 32-bit
+   and Windows defines long as 32-bit. */
+unsigned long SSL_CTX_set_options(SSL_CTX *, unsigned long);
+unsigned long SSL_CTX_get_options(SSL_CTX *);
+unsigned long SSL_CTX_set_mode(SSL_CTX *, unsigned long);
+unsigned long SSL_CTX_get_mode(SSL_CTX *);
+unsigned long SSL_CTX_set_session_cache_mode(SSL_CTX *, unsigned long);
+unsigned long SSL_CTX_get_session_cache_mode(SSL_CTX *);
+unsigned long SSL_CTX_set_tmp_dh(SSL_CTX *, DH *);
+unsigned long SSL_CTX_set_tmp_ecdh(SSL_CTX *, EC_KEY *);
+unsigned long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *);
 
 /*- These aren't macros these functions are all const X on openssl > 1.0.x -*/
 
diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
index acab22b1..cf3024a7 100644
--- a/tests/hazmat/bindings/test_openssl.py
+++ b/tests/hazmat/bindings/test_openssl.py
@@ -103,3 +103,37 @@ class TestOpenSSL(object):
         b = Binding()
         res = b.lib.Cryptography_add_osrandom_engine()
         assert res == 2
+
+    # Test that we're properly handling 32-bit unsigned on all platforms
+    def test_ssl_ctx_options(self):
+        b = Binding()
+        assert b.lib.SSL_OP_ALL > 0
+        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
+        ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
+        resp = b.lib.SSL_CTX_set_options(ctx, b.lib.SSL_OP_ALL)
+        assert resp == b.lib.SSL_OP_ALL
+        assert b.lib.SSL_OP_ALL == b.lib.SSL_CTX_get_options(ctx)
+
+    # Test that we're properly handling 32-bit unsigned on all platforms
+    def test_ssl_options(self):
+        b = Binding()
+        assert b.lib.SSL_OP_ALL > 0
+        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
+        ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
+        ssl = b.lib.SSL_new(ctx)
+        ssl = b.ffi.gc(ssl, b.lib.SSL_free)
+        resp = b.lib.SSL_set_options(ssl, b.lib.SSL_OP_ALL)
+        assert resp == b.lib.SSL_OP_ALL
+        assert b.lib.SSL_OP_ALL == b.lib.SSL_get_options(ssl)
+
+    # Test that we're properly handling 32-bit unsigned on all platforms
+    def test_ssl_mode(self):
+        b = Binding()
+        assert b.lib.SSL_OP_ALL > 0
+        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
+        ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
+        ssl = b.lib.SSL_new(ctx)
+        ssl = b.ffi.gc(ssl, b.lib.SSL_free)
+        resp = b.lib.SSL_set_mode(ssl, b.lib.SSL_OP_ALL)
+        assert resp == b.lib.SSL_OP_ALL
+        assert b.lib.SSL_OP_ALL == b.lib.SSL_get_mode(ssl)