Permalink
Browse files

schannel: add support for NULL Encryption Cipher

This should add support for the eNULL cipher Suites.
NULL encryption algorithm is not directly supported by schannel
we need to set dwMinimumCipherStrength and
dwMaximumCipherStrength to -1
rational: NULL encryption is not often used but is sometime necessary,
for legal reasons.
  • Loading branch information...
essadiel authored and Legros committed Jan 10, 2019
1 parent 5f5b5af commit 337d543f6a24335da2ea07c2f53527f3badfc2f4
Showing with 13 additions and 0 deletions.
  1. +13 −0 lib/vtls/schannel.c
@@ -207,6 +207,7 @@ set_ssl_version_min_max(SCHANNEL_CRED *schannel_cred, struct connectdata *conn)
#define CIPHEROPTION(X) \
if(strcmp(#X, tmp) == 0) \
return X
#define eNULL -1

static int
get_alg_id_by_name(char *name)
@@ -217,6 +218,7 @@ get_alg_id_by_name(char *name)
min(strlen(name), LONGEST_ALG_ID - 1);
strncpy(tmp, name, n);
tmp[n] = 0;
CIPHEROPTION(eNULL);
CIPHEROPTION(CALG_MD2);
CIPHEROPTION(CALG_MD4);
CIPHEROPTION(CALG_MD5);
@@ -337,6 +339,17 @@ set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers)
long alg = strtol(startCur, 0, 0);
if(!alg)
alg = get_alg_id_by_name(startCur);
if(alg == -1) {
/* this is the eNULL case
to force Null encryption in schannel
we need to pass
dwMinimumCipherStrength & dwMaximumCipherStrength to -1
since this is a force case we ignore other algorithms
*/
schannel_cred->dwMinimumCipherStrength = -1;
schannel_cred->dwMaximumCipherStrength = -1;
break;
}
if(alg)
algIds[algCount++] = alg;
else

0 comments on commit 337d543

Please sign in to comment.