crypto/tls: skip BadRSAClientKeyExchange-[4,5]

These two bogo tests mutate the version number used for the premaster secret calculation for a client RSA key exchange, with the expectation the server rejects the handshake. Per the comment in the end of rsaKeyAgreement.processClientKeyExchange we explicitly choose *not* to verify the version number. This commit adds the two version number tests to the ignore list. They coincidentally happen to produced the expected failure because they use a non-default ciphersuite. When we add this ciphersuite to the client config for the bogo test they will start to fail unless ignored. Updates #72006 Change-Id: I27a2cd231e4b8762b0d9e2dbd3d8ddd5b87fd5c6 Reviewed-on: https://go-review.googlesource.com/c/go/+/669175 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
2025-04-30 10:07:10 -04:00 · 2025-04-30 10:07:10 -04:00 · 45f2782617
parent 00b6348658
commit 45f2782617
1 changed files with 3 additions and 0 deletions
--- a/src/crypto/tls/bogo_config.json
+++ b/src/crypto/tls/bogo_config.json
@ -58,6 +58,9 @@
        "*Client-P-224*": "no P-224 support",
        "*Server-P-224*": "no P-224 support",
        "CurveID-Resume*": "unexposed curveID is not stored in the ticket yet",
+        "BadRSAClientKeyExchange-4": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
+        "BadRSAClientKeyExchange-5": "crypto/tls doesn't check the version number in the premaster secret - see processClientKeyExchange comment",
+
        "CheckLeafCurve": "TODO: first pass, this should be fixed",
        "DisabledCurve-HelloRetryRequest-TLS13": "TODO: first pass, this should be fixed",
        "UnsupportedCurve": "TODO: first pass, this should be fixed",