Merge branch 'development'
diff --git a/ChangeLog b/ChangeLog
index daa6e50..2d46005 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,6 +36,8 @@
* Disabled SSLv3 in the default configuration.
* Optimized mbedtls_mpi_zeroize() for MPI integer size. (Fix by Alexey
Skalozub).
+ * Fix non-compliance server extension handling. Extensions for SSLv3 are now
+ ignored, as required by RFC6101.
= mbed TLS 2.2.1 released 2016-01-05
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 9fc21a5..5a51cbb 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1507,6 +1507,12 @@
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
#endif
+ /* Do not parse the extensions if the protocol is SSLv3 */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
+ {
+#endif
+
/*
* Check the extension length
*/
@@ -1692,8 +1698,13 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
+
}
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ }
+#endif
+
#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
for( i = 0, p = buf + 41 + sess_len; i < ciph_len; i += 2, p += 2 )
{
@@ -2363,6 +2374,12 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
ssl->session_negotiate->compression ) );
+ /* Do not write the extensions if the protocol is SSLv3 */
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) )
+ {
+#endif
+
/*
* First write extensions, then the total length
*/
@@ -2419,6 +2436,10 @@
p += ext_len;
}
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ }
+#endif
+
ssl->out_msglen = p - buf;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index bfc603f..8635242 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -778,7 +778,7 @@
"$P_CLI debug_level=3 min_version=ssl3" \
0 \
-c "client hello, adding encrypt_then_mac extension" \
- -s "found encrypt then mac extension" \
+ -S "found encrypt then mac extension" \
-S "server hello, adding encrypt then mac extension" \
-C "found encrypt_then_mac extension" \
-C "using encrypt then mac" \
@@ -837,7 +837,7 @@
"$P_CLI debug_level=3 min_version=ssl3" \
0 \
-c "client hello, adding extended_master_secret extension" \
- -s "found extended master secret extension" \
+ -S "found extended master secret extension" \
-S "server hello, adding extended master secret extension" \
-C "found extended_master_secret extension" \
-C "using extended master secret" \
@@ -2911,6 +2911,16 @@
0 \
-s "Read from client: 1 bytes read"
+# A test for extensions in SSLv3
+
+requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
+run_test "SSLv3 with extensions, server side" \
+ "$P_SRV min_version=ssl3 debug_level=3" \
+ "$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
+ 0 \
+ -S "dumping 'client hello extensions'" \
+ -S "server hello, total extension length:"
+
# Test for large packets
requires_config_enabled MBEDTLS_SSL_PROTO_SSL3