Add slightly better RSA key exchange tests.

Cover not just the wrong version, but also other mistakes.

Change-Id: I46f05a9a37b7e325adc19084d315a415777d3a46
Reviewed-on: https://boringssl-review.googlesource.com/6610
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index f65ff6e..d1ec91f 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go
@@ -138,10 +138,11 @@
 }
 
 func (ka *rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) {
+	bad := config.Bugs.BadRSAClientKeyExchange
 	preMasterSecret := make([]byte, 48)
 	vers := clientHello.vers
-	if config.Bugs.RsaClientKeyExchangeVersion != 0 {
-		vers = config.Bugs.RsaClientKeyExchangeVersion
+	if bad == RSABadValueWrongVersion {
+		vers ^= 1
 	}
 	vers = versionToWire(vers, clientHello.isDTLS)
 	preMasterSecret[0] = byte(vers >> 8)
@@ -151,10 +152,21 @@
 		return nil, nil, err
 	}
 
-	encrypted, err := rsa.EncryptPKCS1v15(config.rand(), cert.PublicKey.(*rsa.PublicKey), preMasterSecret)
+	sentPreMasterSecret := preMasterSecret
+	if bad == RSABadValueTooLong {
+		sentPreMasterSecret = make([]byte, len(sentPreMasterSecret)+1)
+		copy(sentPreMasterSecret, preMasterSecret)
+	} else if bad == RSABadValueTooShort {
+		sentPreMasterSecret = sentPreMasterSecret[:len(sentPreMasterSecret)-1]
+	}
+
+	encrypted, err := rsa.EncryptPKCS1v15(config.rand(), cert.PublicKey.(*rsa.PublicKey), sentPreMasterSecret)
 	if err != nil {
 		return nil, nil, err
 	}
+	if bad == RSABadValueCorrupt {
+		encrypted[0] ^= 1
+	}
 	ckx := new(clientKeyExchangeMsg)
 	if clientHello.vers != VersionSSL30 {
 		ckx.ciphertext = make([]byte, len(encrypted)+2)