Reland 'Require ECDHE for False Start.'

This is a reland of https://codereview.chromium.org/1057733002. It rolls
BoringSSL slightly further than previously to fix a Windows build issue.

This adds just enough of an implementation of ECDHE_RSA to tlslite to
support it on the server side.

It also rolls BoringSSL e2e1326..40acdae to pick up the corresponding
BoringSSL change. Summary of changes available at:

https://boringssl.googlesource.com/boringssl/+log/e2e1326..40acdae

BUG=460271
TBR=rsleevi@chromium.org,agl@chromium.org

Review URL: https://codereview.chromium.org/1056153002

Cr-Commit-Position: refs/heads/master@{#323780}

2 files changed, 30 insertions, 10 deletions

diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 99a4374..e9d468b 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -1621,7 +1621,7 @@ SECStatus SSLClientSocketNSS::Core::CanFalseStartCallback(
       SSL_GetChannelInfo(socket, &channel_info, sizeof(channel_info));
   if (ok != SECSuccess || channel_info.length != sizeof(channel_info) ||
       channel_info.protocolVersion < SSL_LIBRARY_VERSION_TLS_1_2 ||
-      !IsSecureTLSCipherSuite(channel_info.cipherSuite)) {
+      !IsFalseStartableTLSCipherSuite(channel_info.cipherSuite)) {
     *can_false_start = PR_FALSE;
     return SECSuccess;
   }
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 3a4ff5b..38519c5 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -2203,7 +2203,9 @@ TEST_F(SSLClientSocketTest, CipherSuiteDisables) {
   // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml,
   // only disabling those cipher suites that the test server actually
   // implements.
-  const uint16 kCiphersToDisable[] = {0x0005,  // TLS_RSA_WITH_RC4_128_SHA
+  const uint16 kCiphersToDisable[] = {
+      0x0005,  // TLS_RSA_WITH_RC4_128_SHA
+      0xc011,  // TLS_ECDHE_RSA_WITH_RC4_128_SHA
   };
 
   SpawnedTestServer::SSLOptions ssl_options;
@@ -2881,10 +2883,10 @@ TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
     return;
   }
 
-  // False Start requires NPN/ALPN, perfect forward secrecy, and an AEAD.
+  // False Start requires NPN/ALPN, ECDHE, and an AEAD.
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
-      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
+      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.enable_npn = true;
@@ -2903,7 +2905,7 @@ TEST_F(SSLClientSocketFalseStartTest, NoNPN) {
 
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
-      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
+      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   SSLConfig client_config;
@@ -2912,8 +2914,8 @@ TEST_F(SSLClientSocketFalseStartTest, NoNPN) {
       TestFalseStart(server_options, client_config, false));
 }
 
-// Test that False Start is disabled without perfect forward secrecy.
-TEST_F(SSLClientSocketFalseStartTest, NoForwardSecrecy) {
+// Test that False Start is disabled with plain RSA ciphers.
+TEST_F(SSLClientSocketFalseStartTest, RSA) {
   if (!SupportsAESGCM()) {
     LOG(WARNING) << "Skipping test because AES-GCM is not supported.";
     return;
@@ -2931,11 +2933,29 @@ TEST_F(SSLClientSocketFalseStartTest, NoForwardSecrecy) {
       TestFalseStart(server_options, client_config, false));
 }
 
+// Test that False Start is disabled with DHE_RSA ciphers.
+TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) {
+  if (!SupportsAESGCM()) {
+    LOG(WARNING) << "Skipping test because AES-GCM is not supported.";
+    return;
+  }
+
+  SpawnedTestServer::SSLOptions server_options;
+  server_options.key_exchanges =
+      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
+  server_options.bulk_ciphers =
+      SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
+  server_options.enable_npn = true;
+  SSLConfig client_config;
+  client_config.next_protos.push_back(kProtoHTTP11);
+  ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false));
+}
+
 // Test that False Start is disabled without an AEAD.
 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) {
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
-      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
+      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128;
   server_options.enable_npn = true;
@@ -2954,7 +2974,7 @@ TEST_F(SSLClientSocketFalseStartTest, SessionResumption) {
   // Start a server.
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
-      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
+      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.enable_npn = true;
@@ -2992,7 +3012,7 @@ TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) {
   // Start a server.
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
-      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
+      SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA;
   server_options.bulk_ciphers =
       SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
   server_options.enable_npn = true;