Don't False Start with DHE.

BUG=460271

Change-Id: Ic233511114012149e4a1074470c16bd9f701cf5a
Reviewed-on: https://boringssl-review.googlesource.com/4192
Reviewed-by: Adam Langley <agl@google.com>

crypto/cpu-arm.c

@@ -168,7 +168,7 @@ void OPENSSL_cpuid_setup(void) {
   }
 #endif
 
-  OPENSSL_armcap_P |= ARMV7_NEON | ARMV7_NEON_FUNCTIONAL;
+  OPENSSL_armcap_P |= ARMV7_NEON;
 
   if (hwcap & kAES) {
     OPENSSL_armcap_P |= ARMV8_AES;

ssl/s3_pkt.c

@@ -201,7 +201,10 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) {
     rb->offset = len + align;
   }
 
-  assert(n <= (int)(rb->len - rb->offset));
+  if (n > (int)(rb->len - rb->offset)) {
+    OPENSSL_PUT_ERROR(SSL, ssl3_read_n, ERR_R_INTERNAL_ERROR);
+    return -1;
+  }
 
   if (!s->read_ahead) {
     /* ignore max parameter */

ssl/ssl_lib.c

@@ -2895,14 +2895,12 @@ void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size,
 int ssl3_can_false_start(const SSL *s) {
   const SSL_CIPHER *const cipher = SSL_get_current_cipher(s);
 
-  /* False Start only for TLS 1.2 with a forward-secure, AEAD cipher and ALPN or
-   * NPN. */
+  /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */
   return !SSL_IS_DTLS(s) &&
       SSL_version(s) >= TLS1_2_VERSION &&
       (s->s3->alpn_selected || s->s3->next_proto_neg_seen) &&
       cipher != NULL &&
-      (cipher->algorithm_mkey == SSL_kEDH ||
-       cipher->algorithm_mkey == SSL_kEECDH) &&
+      cipher->algorithm_mkey == SSL_kEECDH &&
       (cipher->algorithm_enc == SSL_AES128GCM ||
        cipher->algorithm_enc == SSL_AES256GCM ||
        cipher->algorithm_enc == SSL_CHACHA20POLY1305);