Remove incorrect check for tls1.3 support in tests (#2325)

Some tests used a "is tls1.3 supported?" check which was just a
wrapper for "is rsa-pss supported?". However, TLS1.3 can be
negotiated without RSA-PSS support by using ECDSA certs instead
of RSA certs.

Author: lrstewart

tests/unit/s2n_client_extensions_test.c

@@ -898,7 +898,7 @@ int main(int argc, char **argv)
     }
 
     /* Server and client support the OCSP extension. Test Behavior for TLS 1.3 */
-    if(s2n_x509_ocsp_stapling_supported() && s2n_is_tls13_supported()) {
+    if(s2n_x509_ocsp_stapling_supported()) {
         struct s2n_connection *client_conn;
         struct s2n_connection *server_conn;
         struct s2n_config *server_config;
@@ -928,8 +928,8 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(s2n_connections_set_io_pair(client_conn, server_conn, &io_pair));
 
         EXPECT_NOT_NULL(server_config = s2n_config_new());
-        EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_CERT_CHAIN, cert_chain, S2N_MAX_TEST_PEM_SIZE));
-        EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_PRIVATE_KEY, private_key, S2N_MAX_TEST_PEM_SIZE));
+        EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_ECDSA_TEST_CERT_CHAIN, cert_chain, S2N_MAX_TEST_PEM_SIZE));
+        EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_ECDSA_TEST_PRIVATE_KEY, private_key, S2N_MAX_TEST_PEM_SIZE));
         EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key(server_config, cert_chain, private_key));
         EXPECT_SUCCESS(s2n_config_set_extension_data(server_config, S2N_EXTENSION_OCSP_STAPLING,
                     server_ocsp_status, sizeof(server_ocsp_status)));

tests/unit/s2n_self_talk_nonblocking_test.c

@@ -47,6 +47,7 @@ int mock_client(struct s2n_test_io_pair *io_pair, uint8_t *expected_data, uint32
     client_config = s2n_config_new();
     s2n_config_disable_x509_verification(client_config);
     s2n_connection_set_config(client_conn, client_config);
+    GUARD(s2n_config_set_cipher_preferences(client_config, "test_all"));
 
     s2n_connection_set_io_pair(client_conn, io_pair);
 
@@ -107,6 +108,7 @@ int mock_client_iov(struct s2n_test_io_pair *io_pair, struct iovec *iov, uint32_
     client_config = s2n_config_new();
     s2n_config_disable_x509_verification(client_config);
     s2n_connection_set_config(client_conn, client_config);
+    GUARD(s2n_config_set_cipher_preferences(client_config, "test_all"));
 
     s2n_connection_set_io_pair(client_conn, io_pair);
 
@@ -176,16 +178,14 @@ int test_send(int use_tls13, int use_iov, int prefer_throughput)
     struct s2n_cert_chain_and_key *chain_and_key;
 
     EXPECT_NOT_NULL(config = s2n_config_new());
-    EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_CERT_CHAIN, cert_chain_pem, S2N_MAX_TEST_PEM_SIZE));
-    EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_PRIVATE_KEY, private_key_pem, S2N_MAX_TEST_PEM_SIZE));
+    EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_ECDSA_TEST_CERT_CHAIN, cert_chain_pem, S2N_MAX_TEST_PEM_SIZE));
+    EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_ECDSA_TEST_PRIVATE_KEY, private_key_pem, S2N_MAX_TEST_PEM_SIZE));
     EXPECT_NOT_NULL(chain_and_key = s2n_cert_chain_and_key_new());
     EXPECT_SUCCESS(s2n_cert_chain_and_key_load_pem(chain_and_key, cert_chain_pem, private_key_pem));
     EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
     EXPECT_SUCCESS(s2n_read_test_pem(S2N_DEFAULT_TEST_DHPARAMS, dhparams_pem, S2N_MAX_TEST_PEM_SIZE));
     EXPECT_SUCCESS(s2n_config_add_dhparams(config, dhparams_pem));
-    if (use_tls13) {
-        EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default_tls13"));
-    }
+    GUARD(s2n_config_set_cipher_preferences(config, "test_all"));
 
     /* Get some random data to send/receive */
     uint32_t data_size = 0;
@@ -264,6 +264,13 @@ int test_send(int use_tls13, int use_iov, int prefer_throughput)
     /* Negotiate the handshake. */
     EXPECT_SUCCESS(s2n_negotiate(conn, &blocked));
 
+    /* Make sure we negotiated the expected version */
+    if (use_tls13) {
+        EXPECT_EQUAL(conn->actual_protocol_version, S2N_TLS13);
+    } else {
+        EXPECT_EQUAL(conn->actual_protocol_version, S2N_TLS12);
+    }
+
     /* Pause the child process by sending it SIGSTP */
     EXPECT_SUCCESS(kill(pid, SIGSTOP));
 
@@ -354,9 +361,6 @@ int main(int argc, char **argv)
     EXPECT_NOT_NULL(dhparams_pem = malloc(S2N_MAX_TEST_PEM_SIZE));
 
     for (int use_tls13 = 0; use_tls13 < 2; use_tls13 ++) {
-        if (use_tls13 && !s2n_is_tls13_supported()) {
-            continue;
-        }
         for (int use_iovec = 0; use_iovec < 2; use_iovec ++) {
             for (int use_throughput = 0; use_throughput < 2; use_throughput ++) {
                 test_send(use_tls13, use_iovec, use_throughput);

tests/unit/s2n_self_talk_tls13_test.c

@@ -107,10 +107,6 @@ int main(int argc, char **argv)
 
     BEGIN_TEST();
 
-    if (!s2n_is_tls13_supported()) {
-        END_TEST();
-    }
-
     EXPECT_SUCCESS(s2n_enable_tls13());
 
     /* Create a pipe */
@@ -134,7 +130,7 @@ int main(int argc, char **argv)
 
     struct s2n_cert_chain_and_key *chain_and_key;
     EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&chain_and_key,
-                S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY));
+                S2N_DEFAULT_ECDSA_TEST_CERT_CHAIN, S2N_DEFAULT_ECDSA_TEST_PRIVATE_KEY));
 
     EXPECT_NOT_NULL(config = s2n_config_new());
     EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, "default_tls13"));

tls/s2n_tls13.c

@@ -18,11 +18,6 @@
 #include "tls/s2n_tls13.h"
 #include "crypto/s2n_rsa_signing.h"
 
-int s2n_is_tls13_supported()
-{
-    return s2n_is_rsa_pss_signing_supported();
-}
-
 int s2n_is_tls13_enabled()
 {
     return s2n_highest_protocol_version == S2N_TLS13;

tls/s2n_tls13.h

@@ -33,7 +33,6 @@ extern int s2n_enable_tls13();
 /* from RFC: https://tools.ietf.org/html/rfc8446#section-4.1.3*/
 extern uint8_t hello_retry_req_random[S2N_TLS_RANDOM_DATA_LEN];
 
-int s2n_is_tls13_supported();
 int s2n_is_tls13_enabled();
 int s2n_disable_tls13();
 bool s2n_is_valid_tls13_cipher(const uint8_t version[2]);