Adding support for --ciphers in WinSSL/Schannel...

[RobertPragSymc]

Adding support for selecting ciphers in WinSSL/Schannel. Given the
contstraints of SChannel, I'm exposing these as the algorithms
themselves instead; while replicating the ciphersuite as specified by
OpenSSL would have been preferable, I found no way in the SChannel API
to do so.

To use this from the commandline, you need to pass the names of contants
defining the desired algorithms. For example:

curl --ciphers "CALG_SHA_256:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM" https://github.com

The specific names come from wincrypt.h

This is an attempt to implement
https://curl.haxx.se/docs/todo.html#Add_support_for_the_ciphers_op
limited by the oddities of how SChannel handles encryption algorithms.

[bagder]

Remember make checksrc to validate the code style:

/vtls/schannel.c:211:3: warning: if with space (SPACEBEFOREPAREN)
 if (strcmp(#X, tmp) == 0) \
   ^
./vtls/schannel.c:215:25: warning: no space after declarative asterisk (ASTERISKNOSPACE)
 get_alg_id_by_name(char* name)
                         ^
./vtls/schannel.c:215:24: warning: no space before asterisk (ASTERISKNOSPACE)
 get_alg_id_by_name(char* name)
                        ^
./vtls/schannel.c:219:104: warning: Longer than 79 columns (LONGLINE)
   size_t n = nameEnd ? min(nameEnd - name, LONGEST_ALG_ID - 1) : min(strlen(name), LONGEST_ALG_ID - 1);
./vtls/schannel.c:297:52: warning: no space after declarative asterisk (ASTERISKNOSPACE)
 set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char* ciphers)
                                                    ^
./vtls/schannel.c:297:51: warning: no space before asterisk (ASTERISKNOSPACE)
 set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char* ciphers)
                                                   ^
./vtls/schannel.c:304:7: warning: if with space (SPACEBEFOREPAREN)
     if (!alg)
       ^
./vtls/schannel.c:306:7: warning: if with space (SPACEBEFOREPAREN)
     if (alg)
       ^
./vtls/schannel.c:311:7: warning: if with space (SPACEBEFOREPAREN)
     if (startCur)
       ^
./vtls/schannel.c:535:4: warning: Trailing whitespace (TRAILINGSPACE)
     
    ^
./vtls/schannel.c:539:82: warning: Longer than 79 columns (LONGLINE)
         failf(data, "Unable to set ciphers to %s", SSL_CONN_CONFIG(cipher_list));

[RobertPragSymc]

Let me know if there is anything further I should do around this change.

[bagder]

I think it'd be good to also get the ciphers documented in docs/CIPHERS.md !

[bagder]

@RobertPragSymc if you can just amend the docs, I'm ready to merge!

[RobertPragSymc]

I'm not sure how, but my documentation change seems to have caused a unit test to fail for the wolfssl debug build:

test 1455...[HTTP GET when PROXY Protocol enabled]
1455: protocol FAILED:
--- log/check-expected 2018-06-11 23:04:56.700595598 +0000
+++ log/check-generated 2018-06-11 23:04:56.700595598 +0000
@@ -1,5 +0,0 @@

Is this known flakiness, or have I broken something clever?

[bagder]

Not your fault. 1455 has been flaky recently! :-(

[bagder]

Thanks, landed. I took the liberty of changing the name in your commit so that you will end up getting credited correctly. I hope I didn't overstep anything...