Merge remote branch 'remotes/origin/topic/robin/work'

* remotes/origin/topic/robin/work:
  *Now* this passes the test suite.
  Fixes to SSL/TLS analyzer
  Added new TLS ciphers
  Removing some apparently unnecessary lines.
  A few smaller tweaks.
  Prepared the old analyzer for extracting SSL extensions.
  Fixed bug in do_split implementation.
  Removed an accidental debugging printf.
  Readded the other changes to remove CheckString calls from strings.bif.
  Fixed the problem with do_split function which caused it to bail 1 separator early.
  Modification from rmkml to support SSL extensions.
  Updated SSL analyzer and Bro script with lots of new ciphers.

CHANGES

@@ -1,3 +1,16 @@
+1.6-dev.44 Tue Feb  8 20:11:44 PST 2011
+
+- A number of updates to the SSL analyzer, including support for new
+  ciphers; SSL extensions; and bug fixes. The analyzer does not longer
+  throw weird for exceeding a predefined cipherspec_size anymore.
+  (Seth Hall and Rmkml).
+
+- The various split*() BiFs now handle strings containing null bytes
+  correctly. (Seth Hall)
+
+- Adding new aux/btest submodule. This is a framework we will use in
+  the future for doing unit tests. (Robin Sommer)
+
 1.6-dev.41 Mon Feb  7 13:43:56 PST 2011
 
 - Smarter way to increase the parent/child pipe's socket buffer.

VERSION

@@ -1 +1 @@
-1.6-dev.41
+1.6-dev.44

policy/bro.init

@@ -912,8 +912,8 @@ global dns_skip_all_addl = T &redef;
 global dns_max_queries = 5;
 
 # The maxiumum size in bytes for an SSL cipherspec.  If we see a packet that
-# has bigger cipherspecs, we warn and won't do a comparisons of cipherspecs.
+# has bigger cipherspecs, we won't do a comparisons of cipherspecs.
-const ssl_max_cipherspec_size = 45 &redef;
+const ssl_max_cipherspec_size = 68 &redef;
 
 # SSL and X.509 types.
 type cipher_suites_list: set[count];

policy/ssl.bro

@@ -85,29 +85,28 @@ const myWeakCiphers: set[count] = {
 	SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
 	SSLv20_CK_DES_64_CBC_WITH_MD5,
 
-	SSLv3x_NULL_WITH_NULL_NULL,
+	TLS_NULL_WITH_NULL_NULL,
-	SSLv3x_RSA_WITH_NULL_MD5,
+	TLS_RSA_WITH_NULL_MD5,
-	SSLv3x_RSA_WITH_NULL_SHA,
+	TLS_RSA_WITH_NULL_SHA,
-	SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5,
+	TLS_RSA_EXPORT_WITH_RC4_40_MD5,
-	SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
-	SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_RSA_WITH_DES_CBC_SHA,
+	TLS_RSA_WITH_DES_CBC_SHA,
 
-	SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_DH_DSS_WITH_DES_CBC_SHA,
+	TLS_DH_DSS_WITH_DES_CBC_SHA,
-	SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_DH_RSA_WITH_DES_CBC_SHA,
+	TLS_DH_RSA_WITH_DES_CBC_SHA,
-	SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_DHE_DSS_WITH_DES_CBC_SHA,
+	TLS_DHE_DSS_WITH_DES_CBC_SHA,
-	SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_DHE_RSA_WITH_DES_CBC_SHA,
+	TLS_DHE_RSA_WITH_DES_CBC_SHA,
 
-	SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5,
+	TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5,
-	SSLv3x_DH_anon_WITH_RC4_128_MD5,
+	TLS_DH_ANON_WITH_RC4_128_MD5,
-	SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_DH_anon_WITH_DES_CBC_SHA,
+	TLS_DH_ANON_WITH_DES_CBC_SHA,
-	SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA,
+	TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
-	SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA
 };
 
 const x509_ignore_errors: set[int] = {

src/SSLCiphers.cc

@@ -319,52 +319,52 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
 		168,
 		160
 	},
-	{ TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5,
+	{ TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,
 		SSL_CIPHER_TYPE_STREAM,
 		SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_RC4,
 		SSL_MAC_MD5,
-		SSL_KEY_EXCHANGE_DH_ANON_EXPORT,
+		SSL_KEY_EXCHANGE_DH_anon_EXPORT,
 		0,
 		40,
 		128
 	},
-	{ TLS_DH_ANON_WITH_RC4_128_MD5,
+	{ TLS_DH_anon_WITH_RC4_128_MD5,
 		SSL_CIPHER_TYPE_STREAM,
 		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_RC4,
 		SSL_MAC_MD5,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		128,
 		128
 	},
-	{ TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
+	{ TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
 		SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_DES40,
 		SSL_MAC_SHA,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		40,
 		160
 	},
-	{ TLS_DH_ANON_WITH_DES_CBC_SHA,
+	{ TLS_DH_anon_WITH_DES_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
 		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_DES,
 		SSL_MAC_SHA,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		56,
 		160
 	},
-	{ TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
+	{ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
 		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_3DES,
 		SSL_MAC_SHA,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		168,
 		160
@@ -389,16 +389,48 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
 		96,
 		160
 	},
-	{ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA,
+	
-		SSL_CIPHER_TYPE_STREAM,
+	{ SSL_RSA_WITH_RC2_CBC_MD5,
-		SSL_FLAG_SSLv30,
+		SSL_CIPHER_TYPE_BLOCK,
-		SSL_CIPHER_RC4,
+		SSL_FLAG_SSLv20,
-		SSL_MAC_SHA,
+		SSL_CIPHER_RC2,
-		SSL_KEY_EXCHANGE_FORTEZZA_KEA,
+		SSL_MAC_MD5,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		56,
+		160
+	},
+	{ SSL_RSA_WITH_IDEA_CBC_MD5,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv20,
+		SSL_CIPHER_IDEA,
+		SSL_MAC_MD5,
+		SSL_KEY_EXCHANGE_RSA,
 		0,
 		128,
 		160
 	},
+	{ SSL_RSA_WITH_DES_CBC_MD5,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv20,
+		SSL_CIPHER_DES,
+		SSL_MAC_MD5,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		56,
+		160
+	},
+	{ SSL_RSA_WITH_3DES_EDE_CBC_MD5,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv20,
+		SSL_CIPHER_3DES,
+		SSL_MAC_MD5,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		168,
+		160
+	},
+	
 	// --- special SSLv3 FIPS ciphers
 	{ SSL_RSA_FIPS_WITH_DES_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
@@ -522,12 +554,12 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
 		128,
 		160
 	},
-	{ TLS_DH_ANON_WITH_AES_128_CBC_SHA,
+	{ TLS_DH_anon_WITH_AES_128_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
 		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_AES,
 		SSL_MAC_SHA,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		128,
 		160
@@ -582,16 +614,459 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
 		256,
 		160
 	},
-	{ TLS_DH_ANON_WITH_AES_256_CBC_SHA,
+	{ TLS_DH_anon_WITH_AES_256_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
 		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_AES,
 		SSL_MAC_SHA,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		256,
 		160
-	}
+	},
+	{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_DSS,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_DSS,
+		0,
+		128,
+		160
+	},
+	{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_anon,
+		0,
+		128,
+		160
+	},
+	{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_DSS,
+		0,
+		256,
+		160
+	},
+	{ TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_RSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_DSS,
+		0,
+		256,
+		160
+	},
+	{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_RSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_anon,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_3DES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+		0,
+		168,
+		160
+	},
+	{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+		0,
+		0,
+		160
+	},
+	{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_RC4,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_3DES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_RSA,
+		0,
+		168,
+		160
+	},
+	{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_RSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDHE_RSA_WITH_NULL_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_RSA,
+		0,
+		0,
+		160
+	},
+	{ TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_RC4,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_3DES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_ECDSA,
+		0,
+		168,
+		160
+	},
+	{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_ECDSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_ECDSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDH_ECDSA_WITH_NULL_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_ECDSA,
+		0,
+		0,
+		160
+	},
+	{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_RC4,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_ECDSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_3DES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_RSA,
+		0,
+		168,
+		160
+	},
+	{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_RSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDH_RSA_WITH_NULL_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_RSA,
+		0,
+		0,
+		160
+	},
+	{ TLS_ECDH_RSA_WITH_RC4_128_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_RC4,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_3DES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_anon,
+		0,
+		168,
+		160
+	},
+	{ TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_anon,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_anon,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDH_anon_WITH_NULL_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_anon,
+		0,
+		0,
+		160
+	},
+	{ TLS_ECDH_anon_WITH_RC4_128_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_RC4,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_anon,
+		0,
+		128,
+		160
+	},
+	{ TLS_RSA_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_DSS_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_DSS,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_RSA_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DHE_DSS_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_DSS,
+		0,
+		128,
+		160
+	},
+	{ TLS_DHE_RSA_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_anon_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_anon,
+		0,
+		128,
+		160
+	},
+	
+	{ TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
+		SSL_CIPHER_TYPE_NULL,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_NULL,
+		SSL_KEY_EXCHANGE_NULL,
+		0,
+		0,
+		0
+	},
+	
+	
 };
 
 const uint SSL_CipherSpecs_Count =

src/SSLCiphers.h

@@ -51,37 +51,222 @@ enum SSL3_1_CipherSpec {
 	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA    = 0x0014,
 	TLS_DHE_RSA_WITH_DES_CBC_SHA             = 0x0015,
 	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        = 0x0016,
-	TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5     = 0x0017,
+	TLS_DH_anon_EXPORT_WITH_RC4_40_MD5       = 0x0017,
-	TLS_DH_ANON_WITH_RC4_128_MD5           = 0x0018,
+	TLS_DH_anon_WITH_RC4_128_MD5             = 0x0018,
-	TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA  = 0x0019,
+	TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA    = 0x0019,
-	TLS_DH_ANON_WITH_DES_CBC_SHA           = 0x001A,
+	TLS_DH_anon_WITH_DES_CBC_SHA             = 0x001A,
-	TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA      = 0x001B,
+	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA        = 0x001B,
 	// --- special SSLv3 ciphers            
 	SSL_FORTEZZA_KEA_WITH_NULL_SHA           = 0x001C,
 	SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA   = 0x001D,
-	SSL_FORTEZZA_KEA_WITH_RC4_128_SHA      = 0x001E,
+	//SSL_FORTEZZA_KEA_WITH_RC4_128_SHA        = 0x001E,
-	// --- special SSLv3 FIPS ciphers
+	// -- RFC 2712 (ciphers not fully described in SSLCiphers.cc)
-	SSL_RSA_FIPS_WITH_DES_CBC_SHA		   = 0xFEFE,
+	TLS_KRB5_WITH_DES_CBC_SHA                = 0x001E,
-	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA	   = 0XFEFF,
+	TLS_KRB5_WITH_3DES_EDE_CBC_SHA           = 0x001F,
-	// --- new 56 bit export ciphers
+	TLS_KRB5_WITH_RC4_128_SHA                = 0x0020,
-	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     = 0x0062,
+	TLS_KRB5_WITH_IDEA_CBC_SHA               = 0x0021,
-	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      = 0x0064,
+	TLS_KRB5_WITH_DES_CBC_MD5                = 0x0022,
-	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063,
+	TLS_KRB5_WITH_3DES_EDE_CBC_MD5           = 0x0023,
-	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  = 0x0065,
+	TLS_KRB5_WITH_RC4_128_MD5                = 0x0024,
-	TLS_DHE_DSS_WITH_RC4_128_SHA            = 0x0066,
+	TLS_KRB5_WITH_IDEA_CBC_MD5               = 0x0025,
+	TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA      = 0x0026,
+	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA      = 0x0027,
+	TLS_KRB5_EXPORT_WITH_RC4_40_SHA          = 0x0028,
+	TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5      = 0x0029,
+	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5      = 0x002A,
+	TLS_KRB5_EXPORT_WITH_RC4_40_MD5          = 0x002B,
+	
 	// --- new AES ciphers
 	TLS_RSA_WITH_AES_128_CBC_SHA             = 0x002F,
 	TLS_DH_DSS_WITH_AES_128_CBC_SHA          = 0x0030,
 	TLS_DH_RSA_WITH_AES_128_CBC_SHA          = 0x0031,
 	TLS_DHE_DSS_WITH_AES_128_CBC_SHA         = 0x0032,
 	TLS_DHE_RSA_WITH_AES_128_CBC_SHA         = 0x0033,
-	TLS_DH_ANON_WITH_AES_128_CBC_SHA  = 0x0034,
+	TLS_DH_anon_WITH_AES_128_CBC_SHA         = 0x0034,
 	TLS_RSA_WITH_AES_256_CBC_SHA             = 0x0035,
 	TLS_DH_DSS_WITH_AES_256_CBC_SHA          = 0x0036,
 	TLS_DH_RSA_WITH_AES_256_CBC_SHA          = 0x0037,
 	TLS_DHE_DSS_WITH_AES_256_CBC_SHA         = 0x0038,
 	TLS_DHE_RSA_WITH_AES_256_CBC_SHA         = 0x0039,
-	TLS_DH_ANON_WITH_AES_256_CBC_SHA  = 0x003A
+	TLS_DH_anon_WITH_AES_256_CBC_SHA         = 0x003A,
+	TLS_RSA_WITH_NULL_SHA256                 = 0x003B,
+	TLS_RSA_WITH_AES_128_CBC_SHA256          = 0x003C,
+	TLS_RSA_WITH_AES_256_CBC_SHA256          = 0x003D,
+	TLS_DH_DSS_WITH_AES_128_CBC_SHA256       = 0x003E,
+	TLS_DH_RSA_WITH_AES_128_CBC_SHA256       = 0x003F,
+	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256      = 0x0040,
+	// -- RFC 4132
+	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        = 0x0041,
+	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA     = 0x0042,
+	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA     = 0x0043,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA    = 0x0044,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    = 0x0045,
+	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA    = 0x0046,
+	// -- Non-RFC.  Widely deployed implementation (ciphers not fully described in SSLCiphers.cc)
+	TLS_RSA_EXPORT1024_WITH_RC4_56_MD5       = 0x0060,
+	TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5   = 0x0061,
+	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA      = 0x0062,
+	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA  = 0x0063,
+	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA       = 0x0064,
+	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA   = 0x0065,
+	TLS_DHE_DSS_WITH_RC4_128_SHA             = 0x0066,
+	// -- RFC 5246 (ciphers not fully described in SSLCiphers.cc)
+	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      = 0x0067,
+	TLS_DH_DSS_WITH_AES_256_CBC_SHA256       = 0x0068,
+	TLS_DH_RSA_WITH_AES_256_CBC_SHA256       = 0x0069,
+	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256      = 0x006A,
+	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      = 0x006B,
+	TLS_DH_anon_WITH_AES_128_CBC_SHA256      = 0x006C,
+	TLS_DH_anon_WITH_AES_256_CBC_SHA256      = 0x006D,
+	// -- RFC 5932
+	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        = 0x0084,
+	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA     = 0x0085,
+	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA     = 0x0086,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA    = 0x0087,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    = 0x0088,
+	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA    = 0x0089,
+	// -- RFC 4279 (ciphers not fully described in SSLCiphers.cc)
+	TLS_PSK_WITH_RC4_128_SHA                 = 0x008A,
+	TLS_PSK_WITH_3DES_EDE_CBC_SHA            = 0x008B,
+	TLS_PSK_WITH_AES_128_CBC_SHA             = 0x008C,
+	TLS_PSK_WITH_AES_256_CBC_SHA             = 0x008D,
+	TLS_DHE_PSK_WITH_RC4_128_SHA             = 0x008E,
+	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        = 0x008F,
+	TLS_DHE_PSK_WITH_AES_128_CBC_SHA         = 0x0090,
+	TLS_DHE_PSK_WITH_AES_256_CBC_SHA         = 0x0091,
+	TLS_RSA_PSK_WITH_RC4_128_SHA             = 0x0092,
+	TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        = 0x0093,
+	TLS_RSA_PSK_WITH_AES_128_CBC_SHA         = 0x0094,
+	TLS_RSA_PSK_WITH_AES_256_CBC_SHA         = 0x0095,
+	// -- RFC 4162
+	TLS_RSA_WITH_SEED_CBC_SHA                = 0x0096,
+	TLS_DH_DSS_WITH_SEED_CBC_SHA             = 0x0097,
+	TLS_DH_RSA_WITH_SEED_CBC_SHA             = 0x0098,
+	TLS_DHE_DSS_WITH_SEED_CBC_SHA            = 0x0099,
+	TLS_DHE_RSA_WITH_SEED_CBC_SHA            = 0x009A,
+	TLS_DH_anon_WITH_SEED_CBC_SHA            = 0x009B,
+	// -- RFC 5288 (ciphers not fully described in SSLCiphers.cc)
+	TLS_RSA_WITH_AES_128_GCM_SHA256          = 0x009C,
+	TLS_RSA_WITH_AES_256_GCM_SHA384          = 0x009D,
+	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      = 0x009E,
+	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      = 0x009F,
+	TLS_DH_RSA_WITH_AES_128_GCM_SHA256       = 0x00A0,
+	TLS_DH_RSA_WITH_AES_256_GCM_SHA384       = 0x00A1,
+	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256      = 0x00A2,
+	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384      = 0x00A3,
+	TLS_DH_DSS_WITH_AES_128_GCM_SHA256       = 0x00A4,
+	TLS_DH_DSS_WITH_AES_256_GCM_SHA384       = 0x00A5,
+	TLS_DH_anon_WITH_AES_128_GCM_SHA256      = 0x00A6,
+	TLS_DH_anon_WITH_AES_256_GCM_SHA384      = 0x00A7,
+    // -- RFC 5487 (ciphers not fully described in SSLCiphers.cc)
+	TLS_PSK_WITH_AES_128_GCM_SHA256          = 0x00A8,
+	TLS_PSK_WITH_AES_256_GCM_SHA384          = 0x00A9,
+	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      = 0x00AA,
+	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      = 0x00AB,
+	TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      = 0x00AC,
+	TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      = 0x00AD,
+	TLS_PSK_WITH_AES_128_CBC_SHA256          = 0x00AE,
+	TLS_PSK_WITH_AES_256_CBC_SHA384          = 0x00AF,
+	TLS_PSK_WITH_NULL_SHA256                 = 0x00B0,
+	TLS_PSK_WITH_NULL_SHA384                 = 0x00B1,
+	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      = 0x00B2,
+	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      = 0x00B3,
+	TLS_DHE_PSK_WITH_NULL_SHA256             = 0x00B4,
+	TLS_DHE_PSK_WITH_NULL_SHA384             = 0x00B5,
+	TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      = 0x00B6,
+	TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      = 0x00B7,
+	TLS_RSA_PSK_WITH_NULL_SHA256             = 0x00B8,
+	TLS_RSA_PSK_WITH_NULL_SHA384             = 0x00B9,
+	// -- RFC 5932 (ciphers not fully described in SSLCiphers.cc)
+	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     = 0x00BA,
+	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256  = 0x00BB,
+	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256  = 0x00BC,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE,
+	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF,
+	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     = 0x00C0,
+	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256  = 0x00C1,
+	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256  = 0x00C2,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4,
+	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5,
+	// -- RFC 4492
+	TLS_ECDH_ECDSA_WITH_NULL_SHA             = 0xC001,
+	TLS_ECDH_ECDSA_WITH_RC4_128_SHA          = 0xC002,
+	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA     = 0xC003,
+	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      = 0xC004,
+	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      = 0xC005,
+	TLS_ECDHE_ECDSA_WITH_NULL_SHA            = 0xC006,
+	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA         = 0xC007,
+	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA    = 0xC008,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     = 0xC009,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     = 0xC00A,
+	TLS_ECDH_RSA_WITH_NULL_SHA               = 0xC00B,
+	TLS_ECDH_RSA_WITH_RC4_128_SHA            = 0xC00C,
+	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA       = 0xC00D,
+	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        = 0xC00E,
+	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        = 0xC00F,
+	TLS_ECDHE_RSA_WITH_NULL_SHA              = 0xC010,
+	TLS_ECDHE_RSA_WITH_RC4_128_SHA           = 0xC011,
+	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA      = 0xC012,
+	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       = 0xC013,
+	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       = 0xC014,
+	TLS_ECDH_anon_WITH_NULL_SHA              = 0xC015,
+	TLS_ECDH_anon_WITH_RC4_128_SHA           = 0xC016,
+	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA      = 0xC017,
+	TLS_ECDH_anon_WITH_AES_128_CBC_SHA       = 0xC018,
+	TLS_ECDH_anon_WITH_AES_256_CBC_SHA       = 0xC019,
+	// -- RFC 5054 (ciphers not fully described in SSLCiphers.cc)
+	TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA        = 0xC01A,
+	TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA    = 0xC01B,
+	TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA    = 0xC01C,
+	TLS_SRP_SHA_WITH_AES_128_CBC_SHA         = 0xC01D,
+	TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA     = 0xC01E,
+	TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA     = 0xC01F,
+	TLS_SRP_SHA_WITH_AES_256_CBC_SHA         = 0xC020,
+	TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA     = 0xC021,
+	TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA     = 0xC022,
+	// -- RFC 5289 (ciphers not fully described in SSLCiphers.cc)
+	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  = 0xC023,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  = 0xC024,
+	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256   = 0xC025,
+	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   = 0xC026,
+	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    = 0xC027,
+	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    = 0xC028,
+	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256     = 0xC029,
+	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384     = 0xC02A,
+	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  = 0xC02B,
+	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  = 0xC02C,
+	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   = 0xC02D,
+	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   = 0xC02E,
+	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    = 0xC02F,
+	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    = 0xC030,
+	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     = 0xC031,
+	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     = 0xC032,
+	// -- RFC 5489 (ciphers not fully described in SSLCiphers.cc)
+	TLS_ECDHE_PSK_WITH_RC4_128_SHA           = 0xC033,
+	TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA      = 0xC034,
+	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       = 0xC035,
+	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       = 0xC036,
+	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    = 0xC037,
+	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    = 0xC038,
+	TLS_ECDHE_PSK_WITH_NULL_SHA              = 0xC039,
+	TLS_ECDHE_PSK_WITH_NULL_SHA256           = 0xC03A,
+	TLS_ECDHE_PSK_WITH_NULL_SHA384           = 0xC03B,
+	
+	// --- special SSLv3 FIPS ciphers
+	SSL_RSA_FIPS_WITH_DES_CBC_SHA            = 0xFEFE,
+	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA       = 0xFEFF,
+	SSL_RSA_FIPS_WITH_DES_CBC_SHA_2          = 0xFFE1,
+	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2     = 0xFFE0,
+
+	// Tags for SSL 2 cipher kinds which are not specified for SSL 3. 
+	SSL_RSA_WITH_RC2_CBC_MD5                 = 0xFF80,
+	SSL_RSA_WITH_IDEA_CBC_MD5                = 0xFF81,
+	SSL_RSA_WITH_DES_CBC_MD5                 = 0xFF82,
+	SSL_RSA_WITH_3DES_EDE_CBC_MD5            = 0xFF83,
+	
+	TLS_EMPTY_RENEGOTIATION_INFO_SCSV        = 0x00FF,
 };
 
 enum SSL_CipherType {
@@ -99,7 +284,9 @@ enum SSL_BulkCipherAlgorithm {
 	SSL_CIPHER_DES40,
 	SSL_CIPHER_FORTEZZA,
 	SSL_CIPHER_IDEA,
-	SSL_CIPHER_AES
+	SSL_CIPHER_AES,
+	SSL_CIPHER_CAMELLIA,
+	SSL_CIPHER_SEED,
 };
 
 enum SSL_MACAlgorithm {
@@ -121,12 +308,18 @@ enum SSL_KeyExchangeAlgorithm {
 	SSL_KEY_EXCHANGE_DHE_DSS_EXPORT,
 	SSL_KEY_EXCHANGE_DHE_RSA,
 	SSL_KEY_EXCHANGE_DHE_RSA_EXPORT,
-	SSL_KEY_EXCHANGE_DH_ANON,
+	SSL_KEY_EXCHANGE_DH_anon,
-	SSL_KEY_EXCHANGE_DH_ANON_EXPORT,
+	SSL_KEY_EXCHANGE_DH_anon_EXPORT,
 	SSL_KEY_EXCHANGE_FORTEZZA_KEA,
 	// --- new 56 bit export ciphers
 	SSL_KEY_EXCHANGE_RSA_EXPORT1024,
-	SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024
+	SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024,
+	// -- Elliptic Curve key change algorithms (rfc4492)
+	SSL_KEY_EXCHANGE_ECDH_ECDSA,
+	SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+	SSL_KEY_EXCHANGE_ECDH_RSA,
+	SSL_KEY_EXCHANGE_ECDHE_RSA,
+	SSL_KEY_EXCHANGE_ECDH_anon,
 };
 
 #if 0

src/SSLProxy.cc

@@ -174,7 +174,6 @@ bool SSL_RecordBuilder::addSegment(const u_char* data, int length)
 			if ( ! computeExpectedSize(data, length) )
 				return false;
 
-			// Insert weird here replacing assert.
 			if ( neededSize > expectedSize )
 				{
 				sslEndpoint->Weird("SSL_RecordBuilder::addSegment neededSize > expectedSize");
@@ -278,7 +277,6 @@ bool SSL_RecordBuilder::addSegment(const u_char* data, int length)
 			{ // another (middle) segment
 			if ( length <= MIN_FRAGMENT_SIZE )
 				sslEndpoint->Parent()->Weird("SSLProxy: Excessive small TCP Segment!");
-
 			addData(data, length);
 			break;
 			}

src/SSLv3.cc

@@ -195,7 +195,7 @@ void SSLv3_Interpreter::printStats()
 	printf( "SSLv3x:\n" );
 	printf( "Note: Because handshake messages may be coalesced into a \n");
 	printf( "      single SSLv3x record, the number of total messages for SSLv3x plus \n");
-	printf( "      the number of total records seen for SSLv2 won't match \n");
+	printf( "      the number of total records seen for SSLv3 won't match \n");
 	printf( "      SSLProxy_Analyzer::totalRecords! \n");
 	printf( "total connections			= %u\n", totalConnections );
 	printf( "opened connections (complete handshake)	= %u\n", openedConnections );
@@ -382,24 +382,12 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 			}
 
 		case SSL3_1_CERTIFICATE:
-			{
-			if ( rec->length >= 3 )
 			{
 			const u_char* pData = rec->data;
 			uint32 certListLength =
 				uint32((pData[4] << 16) |
 				       pData[5] << 8) | pData[6];
 			
-				// Size consistency checks.
-				if ( certListLength + 3 != uint32(rec->length) )
-					{
-					if ( rec->endp->IsOrig() )
-						Weird("SSLv3x: Corrupt length field in client certificate list!");
-					else
-						Weird("SSLv3x: Corrupt length field in server certificate list!");
-					return;
-					}
-
 			// Sum of all cert sizes has to match
 			// certListLength.
 			uint tempLength = 0;
@@ -430,7 +418,9 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 				(SSL_InterpreterEndpoint*) rec->endp;
 
 			if ( certCount == 0 )
-					{ // we don't have a certificate...
+				{ 
+				// we don't have a certificate, but this is valid
+				// according to RFC2246
 				if ( rec->endp->IsOrig() )
 					{
 					Weird("SSLv3x: Client certificate is missing!");
@@ -458,9 +448,6 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 					certListLength-3, 1, false);
 				}
 
-				}
-			else
-				Weird("SSLv3x: Certificate record too small!" );
 			break;
 			}
 
@@ -554,7 +541,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 					}
 				else
 					{
-					if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
+					if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
 						{
 						if ( rec->length < 2 )
 							{
@@ -595,11 +582,11 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 			switch (cipherSuite)
 				{
 				case TLS_NULL_WITH_NULL_NULL:
-				case TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5:
+				case TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:
-				case TLS_DH_ANON_WITH_RC4_128_MD5:
+				case TLS_DH_anon_WITH_RC4_128_MD5:
-				case TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA:
+				case TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
-				case TLS_DH_ANON_WITH_DES_CBC_SHA:
+				case TLS_DH_anon_WITH_DES_CBC_SHA:
-				case TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA:
+				case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
 					{
 					Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!");
 					break;
@@ -618,7 +605,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 				break;
 				}
 
-			if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT )
+			if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT )
 				Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!");
 
 			// FIXME: Insert weird checks!
@@ -654,7 +641,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 					}
 				else
 					{
-					if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
+					if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
 						{
 						if ( rec->length < 2 )
 							{
@@ -938,14 +925,6 @@ TableVal* SSLv3_Interpreter::analyzeCiphers(const SSLv3_Endpoint* s, int length,
 	{
 	int is_orig = (SSL_InterpreterEndpoint*) s == orig;
 
-	if ( length > ssl_max_cipherspec_size )
-		{
-		if ( is_orig )
-			Weird("SSLv2: Client has CipherSpecs > ssl_max_cipherspec_size");
-		else
-			Weird("SSLv2: Server has CipherSpecs > ssl_max_cipherspec_size");
-		}
-
 	const u_char* pCipher = data;
 	SSL_CipherSpec* pCipherSuiteTemp = 0;
 	uint16 cipherSuite;
@@ -1236,16 +1215,6 @@ SSLv3_HandshakeRecord::SSLv3_HandshakeRecord(const u_char* data, int len,
 				uint16 version, SSLv3_Endpoint const* e)
 : SSLv3_Record(data, len, version, e)
 	{
-	// Weird-check for minimum handshake length header.
-	if ( len < 4 )
-		{
-		e->Interpreter()->Weird("SSLv3x: Handshake-header-length too small!");
-		type = 255;
-		length = 0;
-		next = 0;
-		return;
-		}
-
 	// Don't analyze encrypted client handshake messages.
 	if ( e->IsOrig() &&
 	     ((SSLv3_Interpreter*) e->Interpreter())->change_cipher_client_seen &&
@@ -1270,7 +1239,10 @@ SSLv3_HandshakeRecord::SSLv3_HandshakeRecord(const u_char* data, int len,
 
 	type = uint8(*(this->data));
 	length = ExtractInt24(data, len, 1);
-	if ( length + 4 < len )
+	
+	if ( length == 0 ) // this is a special case to deal with 0 length certs
+		next = 0;
+	else if ( length + 4 < len )
 		next = new SSLv3_HandshakeRecord(data + length + 4,
 					len - (length + 4), version, e);
 	else if ( length + 4 > len )
@@ -1328,7 +1300,9 @@ int SSLv3_HandshakeRecord::checkClientHello()
 	     version != SSLProxy_Analyzer::SSLv31 )
 		endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Client hello!");
 
-	uint8 sessionIDLength = uint8(data[38]);
+	uint16 offset = 38;
+	uint8 sessionIDLength = uint8(data[offset]);
+	offset += (1 + sessionIDLength);
 	if ( sessionIDLength > 32 )
 		{
 		endp->Interpreter()->Weird("SSLv3x: SessionID too long in Client hello!");
@@ -1336,30 +1310,39 @@ int SSLv3_HandshakeRecord::checkClientHello()
 		}
 
 	uint16 cipherSuiteLength =
-		uint16(data[39 + sessionIDLength] << 8 ) |
+		uint16(data[offset] << 8) | data[offset+1];
-		data[40 + sessionIDLength];
+	offset += (2 + cipherSuiteLength);
-
 	if ( cipherSuiteLength < 2 )
 		endp->Interpreter()->Weird("SSLv3x: CipherSuite length too small!");
 
-	if ( cipherSuiteLength + sessionIDLength + 41 > recordLength )
+	if ( offset > recordLength )
 		{
 		endp->Interpreter()->Weird("SSLv3x: Client hello too small, corrupt length fields!");
 		return 0;
 		}
 
-	uint8 compressionMethodLength =
+	uint8 compressionMethodLength = uint8(data[offset]);
-		uint8(data[41 + sessionIDLength + cipherSuiteLength]);
+	offset += (1 + compressionMethodLength);
-
 	if ( compressionMethodLength < 1 )
 		endp->Interpreter()->Weird("SSLv3x: CompressionMethod length too small!");
 
-	if ( sessionIDLength + cipherSuiteLength +
+	if ( offset < length )
-	     compressionMethodLength + 38 != length )
+		{
+		uint16 sslExtensionsLength =
+			uint16(data[offset] << 8) | data[offset+1];
+		offset += 2;
+		if ( sslExtensionsLength < 4 )
+			endp->Interpreter()->Weird("SSLv3x: Extensions length too small!");
+
+		// TODO: extract SSL extensions here
+
+		offset += sslExtensionsLength;
+		if ( offset != length+4 )
 			{
 			endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Client hello!");
 			return 0;
 			}
+		}
 
 	return 1;
 	}
@@ -1377,19 +1360,36 @@ int SSLv3_HandshakeRecord::checkServerHello()
 	     version != SSLProxy_Analyzer::SSLv31 )
 		endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Server hello!");
 
-	uint8 sessionIDLength = uint8(data[38]);
+	uint16 offset = 38;
+	uint8 sessionIDLength = uint8(data[offset]);
 	if ( sessionIDLength > 32 )
 		{
 		endp->Interpreter()->Weird("SSLv3x: SessionID too long in Server hello!");
 		return 0;
 		}
+	offset += (1 + sessionIDLength);
 
-	if ( (sessionIDLength + 38) != length )
+	offset += 3; // account for cipher and compression method
+	if ( offset < length )
+		{
+		uint16 sslExtensionsLength =
+			uint16(data[offset] << 8) | data[offset+1];
+		offset += 2;
+		if ( sslExtensionsLength < 4 )
+			endp->Interpreter()->Weird("SSLv3x: Extensions length too small!");
+
+		// TODO: extract SSL extensions here
+		offset += sslExtensionsLength;
+
+		if ( offset != length+4 )
 			{
 			endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Server hello!");
 			return 0;
 			}
 
+		return 0;
+		}
+
 	return 1;
 	}
 

src/strings.bif

@@ -138,27 +138,27 @@ function sort_string_array%(a: string_array%): string_array
 
 function edit%(arg_s: string, arg_edit_char: string%): string
 	%{
-	const char* s = arg_s->AsString()->CheckString();
+	if ( arg_edit_char->Len() != 1 )
-	const char* edit_s = arg_edit_char->AsString()->CheckString();
-
-	if ( strlen(edit_s) != 1 )
 		builtin_run_time("not exactly one edit character", @ARG@[1]);
 
-	char edit_c = *edit_s;
+	const u_char* s = arg_s->Bytes();
+	const u_char* edit_s = arg_edit_char->Bytes();
 
-	int n = strlen(s) + 1;
+	u_char edit_c = *edit_s;
-	char* new_s = new char[n];
+
+	int n = arg_s->Len();
+	u_char* new_s = new u_char[n+1];
 	int ind = 0;
 
-	for ( ; *s; ++s )
+	for ( int i = 0; i < n; ++i )
 		{
-		if ( *s == edit_c )
+		if ( s[i] == edit_c )
 			{ // Delete last character
 			if ( --ind < 0 )
 				ind = 0;
 			}
 		else
-			new_s[ind++] = *s;
+			new_s[ind++] = s[i];
 		}
 
 	new_s[ind] = '\0';
@@ -198,75 +198,55 @@ static int match_prefix(int s_len, const char* s, int t_len, const char* t)
 Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep,
 		int incl_sep, int max_num_sep)
 	{
-	const BroString* str = str_val->AsString();
 	TableVal* a = new TableVal(internal_type("string_array")->AsTableType());
 	ListVal* other_strings = 0;
 
 	if ( other_sep && other_sep->Size() > 0 )
 		other_strings = other_sep->ConvertToPureList();
 
-	// Currently let us assume that str is NUL-terminated. In
+	const u_char* s = str_val->Bytes();
-	// the future we expect to change this by giving RE_Matcher a
+	int n = str_val->Len();
-	// const char* segment.
+	const u_char* end_of_s = s + n;
-
-	const char* s = str->CheckString();
-	int len = strlen(s);
-	const char* end_of_s = s + len;
 	int num = 0;
 	int num_sep = 0;
 
-	while ( 1 )
-		{
 	int offset = 0;
-		const char* t;
+	while ( n >= 0 )
-
-		if ( max_num_sep > 0 && num_sep >= max_num_sep )
-			t = end_of_s;
-		else
 		{
-			for ( t = s; t < end_of_s; ++t )
+		offset = 0;
+		// Find next match offset.
+		int end_of_match;
+		while ( n > 0 &&
+		        (end_of_match = re->MatchPrefix(s + offset, n)) <= 0 )
 			{
-				offset = re->MatchPrefix(t);
+			// Move on to next byte.
-
+			++offset;
-				if ( other_strings )
+			--n;
-					{
-					val_list* vl = other_strings->Vals();
-					loop_over_list(*vl, i)
-						{
-						const BroString* sub =
-							(*vl)[i]->AsString();
-						if ( sub->Len() > offset &&
-						     match_prefix(end_of_s - t,
-								t, sub->Len(),
-								(const char*) (sub->Bytes())) )
-							{
-							offset = sub->Len();
-							}
-						}
-					}
-
-				if ( offset > 0 )
-					break;
-				}
 			}
 
 		Val* ind = new Val(++num, TYPE_COUNT);
-		a->Assign(ind, new StringVal(t - s, s));
+		a->Assign(ind, new StringVal(offset, (const char*) s));
 		Unref(ind);
 
-		if ( t >= end_of_s )
+		// No more separators will be needed if this is the end of string.
+		if ( n <= 0 )
 			break;
 
-		++num_sep;
-
 		if ( incl_sep )
 			{ // including the part that matches the pattern
 			ind = new Val(++num, TYPE_COUNT);
-			a->Assign(ind, new StringVal(offset, t));
+			a->Assign(ind, new StringVal(end_of_match, (const char*) s+offset));
 			Unref(ind);
 			}
 
-		s = t + offset;
+		if ( max_num_sep && num_sep >= max_num_sep )
+			break;
+
+		++num_sep;
+
+		n -= end_of_match;
+		s += offset + end_of_match;;
+
 		if ( s > end_of_s )
 			internal_error("RegMatch in split goes beyond the string");
 		}
@@ -476,42 +456,38 @@ function subst_string%(s: string, from: string, to: string%): string
 
 function to_lower%(str: string%): string
 	%{
-	const char* s = str->CheckString();
+	const u_char* s = str->Bytes();
-	int n = strlen(s) + 1;
+	int n = str->Len();
 	char* lower_s = new char[n];
+	char* ls = lower_s;
 
-	char* ls;
+	for ( int i = 0; i < n; ++i)
-	for ( ls = lower_s; *s; ++s )
 		{
-		if ( isascii(*s) && isupper(*s) )
+		if ( isascii(s[i]) && isupper(s[i]) )
-			*ls++ = tolower(*s);
+			*ls++ = tolower(s[i]);
 		else
-			*ls++ = *s;
+			*ls++ = s[i];
 		}
 
-	*ls = '\0';
+	return new StringVal(new BroString(1, byte_vec(lower_s), n));
-
-	return new StringVal(new BroString(1, byte_vec(lower_s), n-1));
 	%}
 
 function to_upper%(str: string%): string
 	%{
-	const char* s = str->CheckString();
+	const u_char* s = str->Bytes();
-	int n = strlen(s) + 1;
+	int n = str->Len();
 	char* upper_s = new char[n];
+	char* us = upper_s;
 
-	char* us;
+	for ( int i = 0; i < n; ++i)
-	for ( us = upper_s; *s; ++s )
 		{
-		if ( isascii(*s) && islower(*s) )
+		if ( isascii(s[i]) && islower(s[i]) )
-			*us++ = toupper(*s);
+			*us++ = toupper(s[i]);
 		else
-			*us++ = *s;
+			*us++ = s[i];
 		}
 
-	*us = '\0';
+	return new StringVal(new BroString(1, byte_vec(upper_s), n));
-
-	return new StringVal(new BroString(1, byte_vec(upper_s), n-1));
 	%}
 
 function clean%(str: string%): string
@@ -604,40 +580,35 @@ function str_split%(s: string, idx: index_vec%): string_vec
 
 function strip%(str: string%): string
 	%{
-	const char* s = str->CheckString();
+	const u_char* s = str->Bytes();
+	int n = str->Len();
 
-	int n = strlen(s) + 1;
+	if ( n == 0 )
-	char* strip_s = new char[n];
-
-	if ( n == 1 )
 		// Empty string.
-		return new StringVal(new BroString(1, byte_vec(strip_s), 0));
+		return new StringVal(new BroString(s, n, 1));
 
-	while ( isspace(*s) )
+	const u_char* sp = s;
-		++s;
 
-	strncpy(strip_s, s, n);
+	// Move a pointer from the end of the string.
-
+	const u_char* e = sp + n - 1;
-	char* s2 = strip_s;
+	while ( e > sp && isspace(*e) )
-	char* e = &s2[strlen(s2) - 1];
-
-	while ( e > s2 && isspace(*e) )
 		--e;
 
-	e[1] = '\0';	// safe even if e hasn't changed, due to n = strlen + 1
+	// Move the pointer for the beginning of the string.
+	while ( isspace(*sp) && sp <= e )
+		++sp;
 
-	return new StringVal(new BroString(1, byte_vec(s2), (e-s2)+1));
+	return new StringVal(new BroString(sp, (e - sp + 1), 1));
 	%}
 
 function string_fill%(len: int, source: string%): string
 	%{
-	const char* src = source->CheckString();
+	const u_char* src = source->Bytes();
-
+	int n = source->Len();
-	int sn = strlen(src);
 	char* dst = new char[len];
 
-	for ( int i = 0; i < len; i += sn )
+	for ( int i = 0; i < len; i += n )
-		::memcpy((dst + i), src, min(sn, len - i));
+		::memcpy((dst + i), src, min(n, len - i));
 
 	dst[len - 1] = 0;
 
@@ -651,10 +622,11 @@ function string_fill%(len: int, source: string%): string
 function str_shell_escape%(source: string%): string
 	%{
 	unsigned j = 0;
-	const char* src = source->CheckString();
+	const u_char* src = source->Bytes();
-	char* dst = new char[strlen(src) * 2 + 1];
+	unsigned n = source->Len();
+	byte_vec dst = new u_char[n * 2 + 1];
 
-	for ( unsigned i = 0; i < strlen(src); ++i )
+	for ( unsigned i = 0; i < n; ++i )
 		{
 		switch ( src[i] ) {
 		case '`': case '"': case '\\': case '$':
@@ -672,7 +644,7 @@ function str_shell_escape%(source: string%): string
 		}
 
 	dst[j] = '\0';
-	return new StringVal(new BroString(1, byte_vec(dst), j));
+	return new StringVal(new BroString(1, dst, j));
 	%}
 
 # Returns all occurrences of the given pattern in the given string (an empty