crypto/tls: add a bogo shim

Run the BoGo test suite.

For now a number of tests are disabled, so that we can land the shim.
Once the shim is in the tree I'll work on fixing tests, and aligning
the TLS stack with the boringssl stack.

Eventually we should also remove the --loose-errors flag.

Fixes #51434

Change-Id: Ic8339fc34552936b798acf834011a129e375750e
Reviewed-on: https://go-review.googlesource.com/c/go/+/486495
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>

Author: rolandshoemaker

src/crypto/tls/bogo_config.json

@@ -0,0 +1,175 @@
+{
+    "DisabledTests": {
+        "*QUIC*": "No QUIC support",
+        "Compliance-fips*": "No FIPS",
+        "*DTLS*": "No DTLS",
+        "SendEmptyRecords*": "crypto/tls doesn't implement spam protections",
+        "SendWarningAlerts*": "crypto/tls doesn't implement spam protections",
+        "TooManyKeyUpdates": "crypto/tls doesn't implement spam protections (TODO: I think?)",
+        "SkipNewSessionTicket": "TODO confusing? maybe bug",
+        "SendUserCanceledAlerts*": "TODO may be a real bug?",
+        "GREASE-Server-TLS13": "TODO ???",
+        "GarbageCertificate*": "TODO ask davidben, alertDecode vs alertBadCertificate",
+        "SendBogusAlertType": "sending wrong alert type",
+        "EchoTLS13CompatibilitySessionID": "TODO reject compat session ID",
+        "*ECH-Server*": "no ECH server support",
+        "TLS-ECH-Client-UnsolictedHRRExtension": "TODO",
+        "SupportTicketsWithSessionID": "TODO: first pass, this should be fixed",
+        "NoNullCompression-TLS12": "TODO: first pass, this should be fixed",
+        "KeyUpdate-RequestACK": "TODO: first pass, this should be fixed",
+        "TLS13-HRR-InvalidCompressionMethod": "TODO: first pass, this should be fixed",
+        "InvalidCompressionMethod": "TODO: first pass, this should be fixed",
+        "TLS-TLS12-RSA_WITH_AES_128_GCM_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
+        "TLS-TLS1-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+        "TLS-TLS11-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+        "TLS-TLS12-RSA_WITH_AES_128_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+        "TLS-TLS12-RSA_WITH_AES_256_GCM_SHA384-LargeRecord": "TODO: first pass, this should be fixed",
+        "TLS-TLS1-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+        "TLS-TLS11-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+        "TLS-TLS12-RSA_WITH_AES_256_CBC_SHA-LargeRecord": "TODO: first pass, this should be fixed",
+        "TLS-TLS12-ECDHE_RSA_WITH_AES_128_CBC_SHA256-LargeRecord": "TODO: first pass, this should be fixed",
+        "RequireAnyClientCertificate-TLS1": "TODO: first pass, this should be fixed",
+        "RequireAnyClientCertificate-TLS11": "TODO: first pass, this should be fixed",
+        "RequireAnyClientCertificate-TLS12": "TODO: first pass, this should be fixed",
+        "ClientHelloVersionTooHigh": "TODO: first pass, this should be fixed",
+        "MinorVersionTolerance": "TODO: first pass, this should be fixed",
+        "IgnoreClientVersionOrder": "TODO: first pass, this should be fixed",
+        "SupportedVersionSelection-TLS12": "TODO: first pass, this should be fixed",
+        "MajorVersionTolerance": "TODO: first pass, this should be fixed",
+        "DuplicateExtensionServer-TLS-TLS1": "TODO: first pass, this should be fixed",
+        "DuplicateExtensionClient-TLS-TLS1": "TODO: first pass, this should be fixed",
+        "UnsolicitedServerNameAck-TLS-TLS1": "TODO: first pass, this should be fixed",
+        "TicketSessionIDLength-33-TLS-TLS1": "TODO: first pass, this should be fixed",
+        "DuplicateExtensionServer-TLS-TLS11": "TODO: first pass, this should be fixed",
+        "DuplicateExtensionClient-TLS-TLS11": "TODO: first pass, this should be fixed",
+        "UnsolicitedServerNameAck-TLS-TLS11": "TODO: first pass, this should be fixed",
+        "TicketSessionIDLength-33-TLS-TLS11": "TODO: first pass, this should be fixed",
+        "DuplicateExtensionServer-TLS-TLS12": "TODO: first pass, this should be fixed",
+        "DuplicateExtensionClient-TLS-TLS12": "TODO: first pass, this should be fixed",
+        "UnsolicitedServerNameAck-TLS-TLS12": "TODO: first pass, this should be fixed",
+        "TicketSessionIDLength-33-TLS-TLS12": "TODO: first pass, this should be fixed",
+        "DuplicateExtensionClient-TLS-TLS13": "TODO: first pass, this should be fixed",
+        "DuplicateExtensionServer-TLS-TLS13": "TODO: first pass, this should be fixed",
+        "UnsolicitedServerNameAck-TLS-TLS13": "TODO: first pass, this should be fixed",
+        "RenegotiationInfo-Forbidden-TLS13": "TODO: first pass, this should be fixed",
+        "EMS-Forbidden-TLS13": "TODO: first pass, this should be fixed",
+        "SendUnsolicitedOCSPOnCertificate-TLS13": "TODO: first pass, this should be fixed",
+        "SendUnsolicitedSCTOnCertificate-TLS13": "TODO: first pass, this should be fixed",
+        "SendUnknownExtensionOnCertificate-TLS13": "TODO: first pass, this should be fixed",
+        "Resume-Server-NoTickets-TLS1-TLS1-TLS": "TODO: first pass, this should be fixed",
+        "Resume-Server-NoTickets-TLS11-TLS11-TLS": "TODO: first pass, this should be fixed",
+        "Resume-Server-NoTickets-TLS12-TLS12-TLS": "TODO: first pass, this should be fixed",
+        "Resume-Server-NoPSKBinder": "TODO: first pass, this should be fixed",
+        "Resume-Server-PSKBinderFirstExtension": "TODO: first pass, this should be fixed",
+        "Resume-Server-PSKBinderFirstExtension-SecondBinder": "TODO: first pass, this should be fixed",
+        "Resume-Server-NoPSKBinder-SecondBinder": "TODO: first pass, this should be fixed",
+        "Resume-Server-OmitPSKsOnSecondClientHello": "TODO: first pass, this should be fixed",
+        "Renegotiate-Server-Forbidden": "TODO: first pass, this should be fixed",
+        "Renegotiate-Client-Forbidden-1": "TODO: first pass, this should be fixed",
+        "Client-Sign-RSA_PKCS1_SHA1-TLS13": "TODO: first pass, this should be fixed",
+        "Client-Sign-RSA_PKCS1_SHA256-TLS13": "TODO: first pass, this should be fixed",
+        "Client-Sign-RSA_PKCS1_SHA384-TLS13": "TODO: first pass, this should be fixed",
+        "Client-Sign-RSA_PKCS1_SHA512-TLS13": "TODO: first pass, this should be fixed",
+        "Client-Sign-ECDSA_SHA1-TLS13": "TODO: first pass, this should be fixed",
+        "Client-Sign-ECDSA_P224_SHA256-TLS13": "TODO: first pass, this should be fixed",
+        "ClientAuth-NoFallback-TLS13": "TODO: first pass, this should be fixed",
+        "ClientAuth-NoFallback-ECDSA": "TODO: first pass, this should be fixed",
+        "ClientAuth-NoFallback-RSA": "TODO: first pass, this should be fixed",
+        "ECDSACurveMismatch-Verify-TLS13": "TODO: first pass, this should be fixed",
+        "Ed25519DefaultDisable-NoAdvertise": "TODO: first pass, this should be fixed",
+        "Ed25519DefaultDisable-NoAccept": "TODO: first pass, this should be fixed",
+        "NoCommonSignatureAlgorithms-TLS12-Fallback": "TODO: first pass, this should be fixed",
+        "UnknownExtension-Client": "TODO: first pass, this should be fixed",
+        "UnknownUnencryptedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
+        "UnofferedExtension-Client-TLS13": "TODO: first pass, this should be fixed",
+        "UnknownExtension-Client-TLS13": "TODO: first pass, this should be fixed",
+        "SendClientVersion-RSA": "TODO: first pass, this should be fixed",
+        "NoCommonCurves": "TODO: first pass, this should be fixed",
+        "PointFormat-EncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
+        "PointFormat-Client-MissingUncompressed": "TODO: first pass, this should be fixed",
+        "TLS13-SendNoKEMModesWithPSK-Server": "TODO: first pass, this should be fixed",
+        "TLS13-DuplicateTicketEarlyDataSupport": "TODO: first pass, this should be fixed",
+        "Basic-Client-NoTicket-TLS-Sync": "TODO: first pass, this should be fixed",
+        "Basic-Server-RSA-TLS-Sync": "TODO: first pass, this should be fixed",
+        "Basic-Client-NoTicket-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
+        "Basic-Server-RSA-TLS-Sync-SplitHandshakeRecords": "TODO: first pass, this should be fixed",
+        "Basic-Client-NoTicket-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
+        "Basic-Server-RSA-TLS-Sync-PackHandshake": "TODO: first pass, this should be fixed",
+        "PartialSecondClientHelloAfterFirst": "TODO: first pass, this should be fixed",
+        "PartialServerHelloWithHelloRetryRequest": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Server-TLS1": "TODO: first pass, this should be fixed",
+        "PartialClientKeyExchangeWithClientHello": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Resume-Server-TLS1": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Resume-Client-TLS11": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Client-TLS1": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Client-TLS11": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Client-TLS12": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Client-TLS13": "TODO: first pass, this should be fixed",
+        "PartialNewSessionTicketWithServerHelloDone": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Server-TLS11": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Server-TLS12": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Resume-Server-TLS11": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Resume-Client-TLS12": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Resume-Server-TLS12": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Resume-Client-TLS13": "TODO: first pass, this should be fixed",
+        "TrailingDataWithFinished-Resume-Client-TLS1": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-ClientHello-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-ServerHello-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-ServerHelloDone-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-ServerKeyExchange-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-CertificateVerify-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-ServerFinished-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-ClientKeyExchange-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-TLS13-ClientHello-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-ClientFinished-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-NewSessionTicket-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-TLS13-CertificateRequest-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-TLS13-ServerCertificateVerify-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-TLS13-EncryptedExtensions-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-TLS13-ClientCertificate-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-TLS13-ClientCertificateVerify-TLS": "TODO: first pass, this should be fixed",
+        "TrailingMessageData-TLS13-ServerCertificate-TLS": "TODO: first pass, this should be fixed",
+        "ResumeTLS12SessionID-TLS13": "TODO: first pass, this should be fixed",
+        "SkipEarlyData-TLS13": "TODO: first pass, this should be fixed",
+        "DuplicateKeyShares-TLS13": "TODO: first pass, this should be fixed",
+        "Server-TooLongSessionID-TLS13": "TODO: first pass, this should be fixed",
+        "Client-TooLongSessionID": "TODO: first pass, this should be fixed",
+        "Client-ShortSessionID": "TODO: first pass, this should be fixed",
+        "TLS12NoSessionID-TLS13": "TODO: first pass, this should be fixed",
+        "Server-TooLongSessionID-TLS12": "TODO: first pass, this should be fixed",
+        "EmptyEncryptedExtensions-TLS13": "TODO: first pass, this should be fixed",
+        "SkipEarlyData-SecondClientHelloEarlyData-TLS13": "TODO: first pass, this should be fixed",
+        "EncryptedExtensionsWithKeyShare-TLS13": "TODO: first pass, this should be fixed",
+        "HelloRetryRequest-DuplicateCurve-TLS13": "TODO: first pass, this should be fixed",
+        "HelloRetryRequest-DuplicateCookie-TLS13": "TODO: first pass, this should be fixed",
+        "HelloRetryRequest-Unknown-TLS13": "TODO: first pass, this should be fixed",
+        "SendPostHandshakeChangeCipherSpec-TLS13": "TODO: first pass, this should be fixed",
+        "ECDSAKeyUsage-Server-TLS12": "TODO: first pass, this should be fixed",
+        "ECDSAKeyUsage-Server-TLS13": "TODO: first pass, this should be fixed",
+        "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS1": "TODO: first pass, this should be fixed",
+        "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS1": "TODO: first pass, this should be fixed",
+        "RSAKeyUsage-Client-WantSignature-GotSignature-TLS1": "TODO: first pass, this should be fixed",
+        "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS11": "TODO: first pass, this should be fixed",
+        "RSAKeyUsage-Client-WantSignature-GotSignature-TLS11": "TODO: first pass, this should be fixed",
+        "RSAKeyUsage-Client-WantEncipherment-GotEnciphermentTLS12": "TODO: first pass, this should be fixed",
+        "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS12": "TODO: first pass, this should be fixed",
+        "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS11": "TODO: first pass, this should be fixed",
+        "RSAKeyUsage-Client-WantSignature-GotSignature-TLS12": "TODO: first pass, this should be fixed",
+        "RSAKeyUsage-Client-WantSignature-GotSignature-TLS13": "TODO: first pass, this should be fixed",
+        "RSAKeyUsage-Server-WantSignature-GotEncipherment-TLS13": "TODO: first pass, this should be fixed",
+        "EmptyExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
+        "OmitExtensions-ClientHello-TLS1": "TODO: first pass, this should be fixed",
+        "EmptyExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
+        "OmitExtensions-ClientHello-TLS12": "TODO: first pass, this should be fixed",
+        "EmptyExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
+        "OmitExtensions-ClientHello-TLS11": "TODO: first pass, this should be fixed",
+        "DuplicateCertCompressionExt-TLS12": "TODO: first pass, this should be fixed",
+        "DuplicateCertCompressionExt-TLS13": "TODO: first pass, this should be fixed",
+        "Client-RejectJDK11DowngradeRandom": "TODO: first pass, this should be fixed",
+        "CheckClientCertificateTypes": "TODO: first pass, this should be fixed",
+        "CheckECDSACurve-TLS12": "TODO: first pass, this should be fixed"
+    }
+}