From 57457783331aa05634453f6ce0d27ee129cb06de Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 9 Jun 2017 15:30:29 +0100
Subject: [PATCH 1/2] Don't parse or write extensions in SSLv3

In mbed TLS 1.3 a check went missing disabling the use of extensions
in SERVER_HELLO for SSLv3, causing the "SSLv3 with extensions" test
case from ssl-opt.sh to fail. This commit fixes that and adds a dump
of all extensions present in the client hello that the same test case
also checks for.
---
 library/ssl_srv.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 8ad990b1a..146f28310 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1632,6 +1632,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
 
         ext = buf + 44 + sess_len + ciph_len + comp_len;
 
+        SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
+
         while( ext_len )
         {
             unsigned int ext_id   = ( ( ext[0] <<  8 )
@@ -2328,6 +2330,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
     SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
                    ssl->session_negotiate->compression ) );
 
+    /* Do not write the extensions if the protocol is SSLv3 */
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+    if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
+    {
+#endif
+
     /*
      *  First write extensions, then the total length
      */
@@ -2378,6 +2386,10 @@ static int ssl_write_server_hello( ssl_context *ssl )
         p += ext_len;
     }
 
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+    }
+#endif
+
     ssl->out_msglen  = p - buf;
     ssl->out_msgtype = SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = SSL_HS_SERVER_HELLO;

From cc608e86b5966dba44f7b2563472569a65980856 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 9 Jun 2017 15:39:30 +0100
Subject: [PATCH 2/2] Add entry to ChangeLog

---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 8449329b0..ad1f57248 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,8 @@ Security
      Clémentine Maurice and Stefan Mangard.
 
 Bugfix
+   * Disable use of extensions for SSLv3, previously causing the
+     "SSLv3 with extensions" test from ssl-opt.sh to fail.
    * Fix insufficient support for signature-hash-algorithm extension,
      resulting in compatibility problems with Chrome. Found by hfloyrd. #823
    * Wipe stack buffers in RSA private key operations