From 9bb5d495e8e04f53737c6e57eae59cdb557504c7 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 28 Aug 2023 17:59:47 +0200
Subject: [PATCH] Detect GnuTLS support for TLS-RSA-WITH-NULL-SHA256

TLS-RSA-WITH-NULL-SHA256, like other SHA256-based cipher suites, was first
introduced in TLS 1.2. Mbed TLS accepts it in earlier protocol versions as
well. This is technically a bug, which older versions of GnuTLS also have.
GnuTLS 3.4.7 fixed this bug. Adapt compat.sh to automatically omit
TLS-RSA-WITH-NULL-SHA256 in invalid protocol versions if GnuTLS doesn't
support it. It's already not included in invalid protocol versions in
OpenSSL interoperability testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/compat.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index a351a6527..0098042b6 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -617,7 +617,16 @@ add_gnutls_ciphersuites()
             ;;
 
         "RSA")
-            if [ `minor_ver "$MODE"` -gt 0 ]
+            # TLS-RSA-WITH-NULL-SHA256 is a (D)TLS 1.2-only cipher suite,
+            # like all SHA256 cipher suites. But Mbed TLS supports it with
+            # (D)TLS 1.0 and 1.1 as well. So do ancient versions of GnuTLS,
+            # but this was considered a bug which was fixed in GnuTLS 3.4.7.
+            # Check the GnuTLS support list to see what the protocol version
+            # requirement is for that cipher suite.
+            if [ `minor_ver "$MODE"` -ge 3 ] || {
+                   [ `minor_ver "$MODE"` -gt 0 ] &&
+                   $GNUTLS_CLI --list | grep -q '^TLS_RSA_NULL_SHA256.*0$'
+               }
             then
                 M_CIPHERS="$M_CIPHERS                           \
                     TLS-RSA-WITH-NULL-SHA256                    \