Migrate RSA-decryption test cases to ECDHE-ECDSA or PSK

[gilles-peskine-arm]

There are a few TLS 1.2 test cases where we're currently using an RSA decryption key exchange, but we could indifferently use a signature-based key exchange. Since we are removing RSA decryption, we need to migrate those test cases to something else. It can be either ECDHE-ECDSA or ECDHE-RSA or PSK, but ECDHE-ECDSA minimizes the crypto requirements while not switching to PSK which is sometimes peculiar.

This applies to development only. But we may want to backport the new test cases as additional tests in 3.6 for a minor but very cheap coverage improvement.

Remove the other test cases that force an RSA-decryption key exchange.

Definition of done:

• Correctness: we don't lose test coverage, except specifically around RSA-decryption cipher suites.
• Completeness: there are no test cases in test_suite_ssl or ssl-opt that force an RSA-decryption cipher suite.

To clarify the scope:

• A test case that uses RSA decryption (TLS-RSA-WITH-…) because its objective is to test RSA decryption should be removed.
• A test case that uses RSA decryption, for which there is another test case that's identical except for using ECDHE-RSA or ECDHE-ECDSA, should be removed.
• A test case that uses RSA decryption, but could do without it, and has no equivalent ECDHE-signature test case, should be adapted.
• A test case that uses a key exchange based on RSA signatures is out of scope.

The affected test cases, analyzed on 202b69c:

• test_suite_ssl

  • handshake_cipher: we're testing a random-looking assortment of key exchange and ciphers. Change the AES-128-CCM test cases to a different key exchange.
  • handshake_ciphersuite_select: likewise for AES-256-CBC-SHA256
  • resize_buffers_renegotiate_mfl: likewise for AES-128-CCM.

• ssl-opt.sh

  • "Encrypt then MAC…"
  • "CBC Record splitting: TLS 1.2, no splitting"
  • "Small client packet…"
  • "Small server packet…"
  • "Large client packet…"
  • "Large server packet…"
  • "Force a non ECC ciphersuite …": between the removal of ECC the only non-ECC cipher suites are PSK. So these two test cases should change to PSK.

Other test cases that force a TLS-RSA-WITH-… cipher suite should be removed In particular:

• ssl-opt.sh:
  • "SSL async private: … callback not present": these test cases perform two client connections, one with (by default) a signature-based key exchange and one with a decryption-based key exchange. Since there is now a single path through the async callbacks, it isn't possible to configure partial callback support, so we don't need those tests of partial callback support any longer.