Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted

* mbedtls-1.3:
  Add entry to ChangeLog
  Don't parse or write extensions in SSLv3

ChangeLog

@@ -17,6 +17,8 @@ Security
      Issue raised by Harm Verhagen
 
 Bugfix
+   * Disable use of extensions for SSLv3, previously causing the
+     "SSLv3 with extensions" test from ssl-opt.sh to fail.
    * Fix insufficient support for signature-hash-algorithm extension,
      resulting in compatibility problems with Chrome. Found by hfloyrd. #823
    * Accept empty trusted CA chain in authentication mode

library/ssl_srv.c

@@ -1632,6 +1632,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
 
         ext = buf + 44 + sess_len + ciph_len + comp_len;
 
+        SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len );
+
         while( ext_len )
         {
             unsigned int ext_id   = ( ( ext[0] <<  8 )
@@ -2328,6 +2330,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
     SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
                    ssl->session_negotiate->compression ) );
 
+    /* Do not write the extensions if the protocol is SSLv3 */
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+    if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
+    {
+#endif
+
     /*
      *  First write extensions, then the total length
      */
@@ -2378,6 +2386,10 @@ static int ssl_write_server_hello( ssl_context *ssl )
         p += ext_len;
     }
 
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+    }
+#endif
+
     ssl->out_msglen  = p - buf;
     ssl->out_msgtype = SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = SSL_HS_SERVER_HELLO;