Duplicated extensions in ClientHello still connected; TLS 1.3 RFC 8446 violation

[hey3e]

Summary

Client whose ClientHello with duplicated extensions can still connect to programs/ssl/ssl_server2, which violates the requirement in RFC8446: There MUST NOT be more than one extension of the same type in a given extension block.

System information

Mbed TLS version (number or commit id): 3.4.0 f1c032a
Operating system and version: Ubuntu 22.04.2 LTS
Configuration (if not default, please attach mbedtls_config.h): #define MBEDTLS_SSL_PROTO_TLS1_3
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): default
Additional environment information: no

Expected behavior

Server aborts the handshake

Actual behavior

Connected

Steps to reproduce

1. Use openssl s_client as mutated client.

• locate ssl/statem/extensions_clnt.c
• locate tls_construct_ctos_sig_algs function
• duplicate the code of adding sig_alg extensions: if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_start_sub_packet_u16(pkt) || !tls12_copy_sigalgs(s, pkt, salg, salglen) || !WPACKET_close(pkt) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; } and make.

2. Make mbedtls.
3. Start server: ./programs/ssl/ssl_server2 ca_file=ca.pem crt_file=cert.pem key_file=key.pem auth_mode=required
4. Start client: './apps/openssl s_client -connect 127.0.0.1:4433 -tls1_3 -cert cert.pem -key key.pem -CAfile ca.pem'
5. Connected.

Additional information

Duplicate any of the extension can reproduce.