Fix flaky BadRSAClientKeyExchange-1 test.

Sometimes BadRSAClientKeyExchange-1 fails with DATA_TOO_LARGE_FOR_MODULUS if
the corruption brings the ciphertext above the RSA modulus. Ensure this does
not happen.

Change-Id: I0d8ea6887dfcab946fdf5d38f5b196f5a927c4a9
Reviewed-on: https://boringssl-review.googlesource.com/6731
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index d1ec91f..5b6f240 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go
@@ -165,7 +165,9 @@
 		return nil, nil, err
 	}
 	if bad == RSABadValueCorrupt {
-		encrypted[0] ^= 1
+		encrypted[len(encrypted)-1] ^= 1
+		// Clear the high byte to ensure |encrypted| is still below the RSA modulus.
+		encrypted[0] = 0
 	}
 	ckx := new(clientKeyExchangeMsg)
 	if clientHello.vers != VersionSSL30 {