Renaming _openssl files to _impl

net/socket/ssl_client_socket_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-// OpenSSL binding for SSLClientSocket. The class layout and general principle
-// of operation is derived from SSLClientSocketNSS.
-
-#include "net/socket/ssl_client_socket_openssl.h"
+#include "net/socket/ssl_client_socket_impl.h"
 
 #include <errno.h>
 #include <openssl/bio.h>
 #include <openssl/bytestring.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/mem.h>
 #include <openssl/ssl.h>
 #include <string.h>
 
@@ skipping 43 matching lines @@
 #if defined(USE_NSS_CERTS)
 #include "net/cert_net/nss_ocsp.h"
 #endif
 
 namespace net {
 
 namespace {
 
 // Enable this to see logging for state machine state transitions.
 #if 0
-#define GotoState(s) do { DVLOG(2) << (void *)this << " " << __FUNCTION__ << \
-                           " jump to state " << s; \
-                           next_handshake_state_ = s; } while (0)
+#define GotoState(s)                                                          \
+  do {                                                                        \
+    DVLOG(2) << (void*)this << " " << __FUNCTION__ << " jump to state " << s; \
+    next_handshake_state_ = s;                                                \
+  } while (0)
 #else
 #define GotoState(s) next_handshake_state_ = s
 #endif
 
 // This constant can be any non-negative/non-zero value (eg: it does not
 // overlap with any value of the net::Error range, including net::OK).
 const int kNoPendingResult = 1;
 
 // If a client doesn't have a list of protocols that it supports, but
 // the server supports NPN, choosing "http/1.1" is the best answer.
@@ skipping 96 matching lines @@
     if (capture_mode.include_cookies_and_credentials()) {
       key_to_log = base::HexEncode(raw_key.data(), raw_key.length());
     }
     dict->SetString("key", key_to_log);
   }
   return std::move(dict);
 }
 
 }  // namespace
 
-class SSLClientSocketOpenSSL::SSLContext {
+class SSLClientSocketImpl::SSLContext {
  public:
   static SSLContext* GetInstance() {
     return base::Singleton<SSLContext>::get();
   }
   SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); }
-  SSLClientSessionCacheOpenSSL* session_cache() { return &session_cache_; }
+  SSLClientSessionCacheImpl* session_cache() { return &session_cache_; }
 
-  SSLClientSocketOpenSSL* GetClientSocketFromSSL(const SSL* ssl) {
+  SSLClientSocketImpl* GetClientSocketFromSSL(const SSL* ssl) {
     DCHECK(ssl);
-    SSLClientSocketOpenSSL* socket = static_cast<SSLClientSocketOpenSSL*>(
+    SSLClientSocketImpl* socket = static_cast<SSLClientSocketImpl*>(
         SSL_get_ex_data(ssl, ssl_socket_data_index_));
     DCHECK(socket);
     return socket;
   }
 
-  bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketOpenSSL* socket) {
+  bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketImpl* socket) {
     return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0;
   }
 
 #if !defined(OS_NACL)
   void SetSSLKeyLogFile(
       const base::FilePath& path,
       const scoped_refptr<base::SequencedTaskRunner>& task_runner) {
     DCHECK(!ssl_key_logger_);
     ssl_key_logger_.reset(new SSLKeyLogger(path, task_runner));
     SSL_CTX_set_keylog_callback(ssl_ctx_.get(), KeyLogCallback);
   }
 #endif
 
   static const SSL_PRIVATE_KEY_METHOD kPrivateKeyMethod;
 
  private:
   friend struct base::DefaultSingletonTraits<SSLContext>;
 
-  SSLContext() : session_cache_(SSLClientSessionCacheOpenSSL::Config()) {
+  SSLContext() : session_cache_(SSLClientSessionCacheImpl::Config()) {
     crypto::EnsureOpenSSLInit();
     ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0);
     DCHECK_NE(ssl_socket_data_index_, -1);
     ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method()));
     SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), CertVerifyCallback, NULL);
     SSL_CTX_set_cert_cb(ssl_ctx_.get(), ClientCertRequestCallback, NULL);
     SSL_CTX_set_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, NULL);
     // This stops |SSL_shutdown| from generating the close_notify message, which
     // is currently not sent on the network.
     // TODO(haavardm): Remove setting quiet shutdown once 118366 is fixed.
     SSL_CTX_set_quiet_shutdown(ssl_ctx_.get(), 1);
     // Note that SSL_OP_DISABLE_NPN is used to disable NPN if
     // ssl_config_.next_proto is empty.
     SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback,
                                      NULL);
 
     // Disable the internal session cache. Session caching is handled
-    // externally (i.e. by SSLClientSessionCacheOpenSSL).
+    // externally (i.e. by SSLClientSessionCacheImpl).
     SSL_CTX_set_session_cache_mode(
         ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL);
     SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback);
 
     if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum,
                                        &TokenBindingAddCallback,
                                        &TokenBindingFreeCallback, nullptr,
                                        &TokenBindingParseCallback, nullptr)) {
       NOTREACHED();
     }
   }
 
   static int TokenBindingAddCallback(SSL* ssl,
                                      unsigned int extension_value,
                                      const uint8_t** out,
                                      size_t* out_len,
                                      int* out_alert_value,
                                      void* add_arg) {
     DCHECK_EQ(extension_value, kTbExtNum);
-    SSLClientSocketOpenSSL* socket =
-        SSLClientSocketOpenSSL::SSLContext::GetInstance()
-            ->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket =
+        SSLClientSocketImpl::SSLContext::GetInstance()->GetClientSocketFromSSL(
+            ssl);
     return socket->TokenBindingAdd(out, out_len, out_alert_value);
   }
 
   static void TokenBindingFreeCallback(SSL* ssl,
                                        unsigned extension_value,
                                        const uint8_t* out,
                                        void* add_arg) {
     DCHECK_EQ(extension_value, kTbExtNum);
     OPENSSL_free(const_cast<unsigned char*>(out));
   }
 
   static int TokenBindingParseCallback(SSL* ssl,
                                        unsigned int extension_value,
                                        const uint8_t* contents,
                                        size_t contents_len,
                                        int* out_alert_value,
                                        void* parse_arg) {
     DCHECK_EQ(extension_value, kTbExtNum);
-    SSLClientSocketOpenSSL* socket =
-        SSLClientSocketOpenSSL::SSLContext::GetInstance()
-            ->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket =
+        SSLClientSocketImpl::SSLContext::GetInstance()->GetClientSocketFromSSL(
+            ssl);
     return socket->TokenBindingParse(contents, contents_len, out_alert_value);
   }
 
   static int ClientCertRequestCallback(SSL* ssl, void* arg) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     DCHECK(socket);
     return socket->ClientCertRequestCallback(ssl);
   }
 
-  static int CertVerifyCallback(X509_STORE_CTX *store_ctx, void *arg) {
+  static int CertVerifyCallback(X509_STORE_CTX* store_ctx, void* arg) {
     SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(
         store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     CHECK(socket);
 
     return socket->CertVerifyCallback(store_ctx);
   }
 
   static int SelectNextProtoCallback(SSL* ssl,
-                                     unsigned char** out, unsigned char* outlen,
+                                     unsigned char** out,
+                                     unsigned char* outlen,
                                      const unsigned char* in,
-                                     unsigned int inlen, void* arg) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+                                     unsigned int inlen,
+                                     void* arg) {
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->SelectNextProtoCallback(out, outlen, in, inlen);
   }
 
   static int NewSessionCallback(SSL* ssl, SSL_SESSION* session) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->NewSessionCallback(session);
   }
 
   static int PrivateKeyTypeCallback(SSL* ssl) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->PrivateKeyTypeCallback();
   }
 
   static size_t PrivateKeyMaxSignatureLenCallback(SSL* ssl) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->PrivateKeyMaxSignatureLenCallback();
   }
 
   static ssl_private_key_result_t PrivateKeySignCallback(SSL* ssl,
                                                          uint8_t* out,
                                                          size_t* out_len,
                                                          size_t max_out,
                                                          const EVP_MD* md,
                                                          const uint8_t* in,
                                                          size_t in_len) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->PrivateKeySignCallback(out, out_len, max_out, md, in,
                                           in_len);
   }
 
   static ssl_private_key_result_t PrivateKeySignCompleteCallback(
       SSL* ssl,
       uint8_t* out,
       size_t* out_len,
       size_t max_out) {
-    SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->PrivateKeySignCompleteCallback(out, out_len, max_out);
   }
 
 #if !defined(OS_NACL)
   static void KeyLogCallback(const SSL* ssl, const char* line) {
     GetInstance()->ssl_key_logger_->WriteLine(line);
   }
 #endif
 
   // This is the index used with SSL_get_ex_data to retrieve the owner
-  // SSLClientSocketOpenSSL object from an SSL instance.
+  // SSLClientSocketImpl object from an SSL instance.
   int ssl_socket_data_index_;
 
   ScopedSSL_CTX ssl_ctx_;
 
 #if !defined(OS_NACL)
   std::unique_ptr<SSLKeyLogger> ssl_key_logger_;
 #endif
 
   // TODO(davidben): Use a separate cache per URLRequestContext.
   // https://crbug.com/458365
   //
   // TODO(davidben): Sessions should be invalidated on fatal
   // alerts. https://crbug.com/466352
-  SSLClientSessionCacheOpenSSL session_cache_;
+  SSLClientSessionCacheImpl session_cache_;
 };
 
 const SSL_PRIVATE_KEY_METHOD
-    SSLClientSocketOpenSSL::SSLContext::kPrivateKeyMethod = {
-        &SSLClientSocketOpenSSL::SSLContext::PrivateKeyTypeCallback,
-        &SSLClientSocketOpenSSL::SSLContext::PrivateKeyMaxSignatureLenCallback,
-        &SSLClientSocketOpenSSL::SSLContext::PrivateKeySignCallback,
-        &SSLClientSocketOpenSSL::SSLContext::PrivateKeySignCompleteCallback,
+    SSLClientSocketImpl::SSLContext::kPrivateKeyMethod = {
+        &SSLClientSocketImpl::SSLContext::PrivateKeyTypeCallback,
+        &SSLClientSocketImpl::SSLContext::PrivateKeyMaxSignatureLenCallback,
+        &SSLClientSocketImpl::SSLContext::PrivateKeySignCallback,
+        &SSLClientSocketImpl::SSLContext::PrivateKeySignCompleteCallback,
 };
 
 // PeerCertificateChain is a helper object which extracts the certificate
 // chain, as given by the server, from an OpenSSL socket and performs the needed
 // resource management. The first element of the chain is the leaf certificate
 // and the other elements are in the order given by the server.
-class SSLClientSocketOpenSSL::PeerCertificateChain {
+class SSLClientSocketImpl::PeerCertificateChain {
  public:
-  explicit PeerCertificateChain(STACK_OF(X509)* chain) { Reset(chain); }
+  explicit PeerCertificateChain(STACK_OF(X509) * chain) { Reset(chain); }
   PeerCertificateChain(const PeerCertificateChain& other) { *this = other; }
   ~PeerCertificateChain() {}
   PeerCertificateChain& operator=(const PeerCertificateChain& other);
 
   // Resets the PeerCertificateChain to the set of certificates in|chain|,
   // which may be NULL, indicating to empty the store certificates.
   // Note: If an error occurs, such as being unable to parse the certificates,
   // this will behave as if Reset(NULL) was called.
-  void Reset(STACK_OF(X509)* chain);
+  void Reset(STACK_OF(X509) * chain);
 
   // Note that when USE_OPENSSL_CERTS is defined, OSCertHandle is X509*
   scoped_refptr<X509Certificate> AsOSChain() const;
 
   size_t size() const {
     if (!openssl_chain_.get())
       return 0;
     return sk_X509_num(openssl_chain_.get());
   }
 
-  bool empty() const {
-    return size() == 0;
-  }
+  bool empty() const { return size() == 0; }
 
   X509* Get(size_t index) const {
     DCHECK_LT(index, size());
     return sk_X509_value(openssl_chain_.get(), index);
   }
 
  private:
   ScopedX509Stack openssl_chain_;
 };
 
-SSLClientSocketOpenSSL::PeerCertificateChain&
-SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
+SSLClientSocketImpl::PeerCertificateChain&
+SSLClientSocketImpl::PeerCertificateChain::operator=(
     const PeerCertificateChain& other) {
   if (this == &other)
     return *this;
 
   openssl_chain_.reset(X509_chain_up_ref(other.openssl_chain_.get()));
   return *this;
 }
 
-void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
-    STACK_OF(X509)* chain) {
+void SSLClientSocketImpl::PeerCertificateChain::Reset(STACK_OF(X509) * chain) {
   openssl_chain_.reset(chain ? X509_chain_up_ref(chain) : NULL);
 }
 
 scoped_refptr<X509Certificate>
-SSLClientSocketOpenSSL::PeerCertificateChain::AsOSChain() const {
+SSLClientSocketImpl::PeerCertificateChain::AsOSChain() const {
 #if defined(USE_OPENSSL_CERTS)
   // When OSCertHandle is typedef'ed to X509, this implementation does a short
   // cut to avoid converting back and forth between DER and the X509 struct.
   X509Certificate::OSCertHandles intermediates;
   for (size_t i = 1; i < sk_X509_num(openssl_chain_.get()); ++i) {
     intermediates.push_back(sk_X509_value(openssl_chain_.get(), i));
   }
 
   return X509Certificate::CreateFromHandle(
       sk_X509_value(openssl_chain_.get(), 0), intermediates);
 #else
   // DER-encode the chain and convert to a platform certificate handle.
   std::vector<base::StringPiece> der_chain;
   for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
     X509* x = sk_X509_value(openssl_chain_.get(), i);
     base::StringPiece der;
     if (!x509_util::GetDER(x, &der))
       return NULL;
     der_chain.push_back(der);
   }
 
   return X509Certificate::CreateFromDERCertChain(der_chain);
 #endif
 }
 
 // static
 void SSLClientSocket::ClearSessionCache() {
-  SSLClientSocketOpenSSL::SSLContext* context =
-      SSLClientSocketOpenSSL::SSLContext::GetInstance();
+  SSLClientSocketImpl::SSLContext* context =
+      SSLClientSocketImpl::SSLContext::GetInstance();
   context->session_cache()->Flush();
 }
 
-SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
+SSLClientSocketImpl::SSLClientSocketImpl(
     std::unique_ptr<ClientSocketHandle> transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
     const SSLClientSocketContext& context)
     : transport_send_busy_(false),
       transport_recv_busy_(false),
       pending_read_error_(kNoPendingResult),
       pending_read_ssl_error_(SSL_ERROR_NONE),
       transport_read_error_(OK),
       transport_write_error_(OK),
@@ skipping 20 matching lines @@
       certificate_verified_(false),
       ssl_failure_state_(SSL_FAILURE_NONE),
       signature_result_(kNoPendingResult),
       transport_security_state_(context.transport_security_state),
       policy_enforcer_(context.ct_policy_enforcer),
       net_log_(transport_->socket()->NetLog()),
       weak_factory_(this) {
   DCHECK(cert_verifier_);
 }
 
-SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() {
+SSLClientSocketImpl::~SSLClientSocketImpl() {
   Disconnect();
 }
 
 #if !defined(OS_NACL)
-void SSLClientSocketOpenSSL::SetSSLKeyLogFile(
+void SSLClientSocketImpl::SetSSLKeyLogFile(
     const base::FilePath& ssl_keylog_file,
     const scoped_refptr<base::SequencedTaskRunner>& task_runner) {
   SSLContext::GetInstance()->SetSSLKeyLogFile(ssl_keylog_file, task_runner);
 }
 #endif
 
-void SSLClientSocketOpenSSL::GetSSLCertRequestInfo(
+void SSLClientSocketImpl::GetSSLCertRequestInfo(
     SSLCertRequestInfo* cert_request_info) {
   cert_request_info->host_and_port = host_and_port_;
   cert_request_info->cert_authorities = cert_authorities_;
   cert_request_info->cert_key_types = cert_key_types_;
 }
 
-SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto(
+SSLClientSocket::NextProtoStatus SSLClientSocketImpl::GetNextProto(
     std::string* proto) const {
   *proto = npn_proto_;
   return npn_status_;
 }
 
-ChannelIDService*
-SSLClientSocketOpenSSL::GetChannelIDService() const {
+ChannelIDService* SSLClientSocketImpl::GetChannelIDService() const {
   return channel_id_service_;
 }
 
-Error SSLClientSocketOpenSSL::GetSignedEKMForTokenBinding(
+Error SSLClientSocketImpl::GetSignedEKMForTokenBinding(
     crypto::ECPrivateKey* key,
     std::vector<uint8_t>* out) {
   // The same key will be used across multiple requests to sign the same value,
   // so the signature is cached.
   std::string raw_public_key;
   if (!key->ExportRawPublicKey(&raw_public_key))
     return ERR_FAILED;
   SignedEkmMap::iterator it = tb_signed_ekm_map_.Get(raw_public_key);
   if (it != tb_signed_ekm_map_.end()) {
     *out = it->second;
@@ skipping 12 matching lines @@
   if (!SignTokenBindingEkm(
           base::StringPiece(reinterpret_cast<char*>(tb_ekm_buf),
                             sizeof(tb_ekm_buf)),
           key, out))
     return ERR_FAILED;
 
   tb_signed_ekm_map_.Put(raw_public_key, *out);
   return OK;
 }
 
-crypto::ECPrivateKey* SSLClientSocketOpenSSL::GetChannelIDKey() const {
+crypto::ECPrivateKey* SSLClientSocketImpl::GetChannelIDKey() const {
   return channel_id_key_.get();
 }
 
-SSLFailureState SSLClientSocketOpenSSL::GetSSLFailureState() const {
+SSLFailureState SSLClientSocketImpl::GetSSLFailureState() const {
   return ssl_failure_state_;
 }
 
-int SSLClientSocketOpenSSL::ExportKeyingMaterial(
-    const base::StringPiece& label,
-    bool has_context, const base::StringPiece& context,
-    unsigned char* out, unsigned int outlen) {
+int SSLClientSocketImpl::ExportKeyingMaterial(const base::StringPiece& label,
+                                              bool has_context,
+                                              const base::StringPiece& context,
+                                              unsigned char* out,
+                                              unsigned int outlen) {
   if (!IsConnected())
     return ERR_SOCKET_NOT_CONNECTED;
 
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
   int rv = SSL_export_keying_material(
       ssl_, out, outlen, label.data(), label.size(),
       reinterpret_cast<const unsigned char*>(context.data()), context.length(),
       has_context ? 1 : 0);
 
   if (rv != 1) {
     int ssl_error = SSL_get_error(ssl_, rv);
     LOG(ERROR) << "Failed to export keying material;"
-               << " returned " << rv
-               << ", SSL error code " << ssl_error;
+               << " returned " << rv << ", SSL error code " << ssl_error;
     return MapOpenSSLError(ssl_error, err_tracer);
   }
   return OK;
 }
 
-int SSLClientSocketOpenSSL::Connect(const CompletionCallback& callback) {
+int SSLClientSocketImpl::Connect(const CompletionCallback& callback) {
   // It is an error to create an SSLClientSocket whose context has no
   // TransportSecurityState.
   DCHECK(transport_security_state_);
 
   // Although StreamSocket does allow calling Connect() after Disconnect(),
   // this has never worked for layered sockets. CHECK to detect any consumers
   // reconnecting an SSL socket.
   //
   // TODO(davidben,mmenke): Remove this API feature. See
   // https://crbug.com/499289.
@@ skipping 15 matching lines @@
   rv = DoHandshakeLoop(OK);
   if (rv == ERR_IO_PENDING) {
     user_connect_callback_ = callback;
   } else {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
   }
 
   return rv > OK ? OK : rv;
 }
 
-void SSLClientSocketOpenSSL::Disconnect() {
+void SSLClientSocketImpl::Disconnect() {
   crypto::OpenSSLErrStackTracer tracer(FROM_HERE);
 
   if (ssl_) {
     // Calling SSL_shutdown prevents the session from being marked as
     // unresumable.
     SSL_shutdown(ssl_);
     SSL_free(ssl_);
     ssl_ = NULL;
   }
   if (transport_bio_) {
     BIO_free_all(transport_bio_);
     transport_bio_ = NULL;
   }
 
   disconnected_ = true;
 
   // Shut down anything that may call us back.
   cert_verifier_request_.reset();
   transport_->socket()->Disconnect();
 
   // Null all callbacks, delete all buffers.
   transport_send_busy_ = false;
   send_buffer_ = NULL;
   transport_recv_busy_ = false;
   recv_buffer_ = NULL;
 
   user_connect_callback_.Reset();
   user_read_callback_.Reset();
   user_write_callback_.Reset();
-  user_read_buf_         = NULL;
-  user_read_buf_len_     = 0;
-  user_write_buf_        = NULL;
-  user_write_buf_len_    = 0;
+  user_read_buf_ = NULL;
+  user_read_buf_len_ = 0;
+  user_write_buf_ = NULL;
+  user_write_buf_len_ = 0;
 
   pending_read_error_ = kNoPendingResult;
   pending_read_ssl_error_ = SSL_ERROR_NONE;
   pending_read_error_info_ = OpenSSLErrorInfo();
 
   transport_read_error_ = OK;
   transport_write_error_ = OK;
 
   server_cert_verify_result_.Reset();
   completed_connect_ = false;
@@ skipping 10 matching lines @@
   tb_was_negotiated_ = false;
   session_pending_ = false;
   certificate_verified_ = false;
   channel_id_request_.Cancel();
   ssl_failure_state_ = SSL_FAILURE_NONE;
 
   signature_result_ = kNoPendingResult;
   signature_.clear();
 }
 
-bool SSLClientSocketOpenSSL::IsConnected() const {
+bool SSLClientSocketImpl::IsConnected() const {
   // If the handshake has not yet completed.
   if (!completed_connect_)
     return false;
   // If an asynchronous operation is still pending.
   if (user_read_buf_.get() || user_write_buf_.get())
     return true;
 
   return transport_->socket()->IsConnected();
 }
 
-bool SSLClientSocketOpenSSL::IsConnectedAndIdle() const {
+bool SSLClientSocketImpl::IsConnectedAndIdle() const {
   // If the handshake has not yet completed.
   if (!completed_connect_)
     return false;
   // If an asynchronous operation is still pending.
   if (user_read_buf_.get() || user_write_buf_.get())
     return false;
 
   // If there is data read from the network that has not yet been consumed, do
   // not treat the connection as idle.
   //
   // Note that this does not check |BIO_pending|, whether there is ciphertext
   // that has not yet been flushed to the network. |Write| returns early, so
   // this can cause race conditions which cause a socket to not be treated
   // reusable when it should be. See https://crbug.com/466147.
   if (BIO_wpending(transport_bio_) > 0)
     return false;
 
   return transport_->socket()->IsConnectedAndIdle();
 }
 
-int SSLClientSocketOpenSSL::GetPeerAddress(IPEndPoint* addressList) const {
+int SSLClientSocketImpl::GetPeerAddress(IPEndPoint* addressList) const {
   return transport_->socket()->GetPeerAddress(addressList);
 }
 
-int SSLClientSocketOpenSSL::GetLocalAddress(IPEndPoint* addressList) const {
+int SSLClientSocketImpl::GetLocalAddress(IPEndPoint* addressList) const {
   return transport_->socket()->GetLocalAddress(addressList);
 }
 
-const BoundNetLog& SSLClientSocketOpenSSL::NetLog() const {
+const BoundNetLog& SSLClientSocketImpl::NetLog() const {
   return net_log_;
 }
 
-void SSLClientSocketOpenSSL::SetSubresourceSpeculation() {
+void SSLClientSocketImpl::SetSubresourceSpeculation() {
   if (transport_.get() && transport_->socket()) {
     transport_->socket()->SetSubresourceSpeculation();
   } else {
     NOTREACHED();
   }
 }
 
-void SSLClientSocketOpenSSL::SetOmniboxSpeculation() {
+void SSLClientSocketImpl::SetOmniboxSpeculation() {
   if (transport_.get() && transport_->socket()) {
     transport_->socket()->SetOmniboxSpeculation();
   } else {
     NOTREACHED();
   }
 }
 
-bool SSLClientSocketOpenSSL::WasEverUsed() const {
+bool SSLClientSocketImpl::WasEverUsed() const {
   return was_ever_used_;
 }
 
-bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
+bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) {
   ssl_info->Reset();
   if (server_cert_chain_->empty())
     return false;
 
   ssl_info->cert = server_cert_verify_result_.verified_cert;
   ssl_info->unverified_cert = server_cert_;
   ssl_info->cert_status = server_cert_verify_result_.cert_status;
   ssl_info->is_issued_by_known_root =
       server_cert_verify_result_.is_issued_by_known_root;
-  ssl_info->public_key_hashes =
-    server_cert_verify_result_.public_key_hashes;
+  ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
   ssl_info->client_cert_sent =
       ssl_config_.send_client_cert && ssl_config_.client_cert.get();
   ssl_info->channel_id_sent = channel_id_sent_;
   ssl_info->token_binding_negotiated = tb_was_negotiated_;
   ssl_info->token_binding_key_param = tb_negotiated_param_;
   ssl_info->pinning_failure_log = pinning_failure_log_;
 
   AddCTInfoToSSLInfo(ssl_info);
 
   const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_);
   CHECK(cipher);
   ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL);
   ssl_info->key_exchange_info =
       SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_));
 
   SSLConnectionStatusSetCipherSuite(
       static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)),
       &ssl_info->connection_status);
   SSLConnectionStatusSetVersion(GetNetSSLVersion(ssl_),
                                 &ssl_info->connection_status);
 
   if (!SSL_get_secure_renegotiation_support(ssl_))
     ssl_info->connection_status |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION;
 
   if (ssl_config_.version_fallback)
     ssl_info->connection_status |= SSL_CONNECTION_VERSION_FALLBACK;
 
-  ssl_info->handshake_type = SSL_session_reused(ssl_) ?
-      SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL;
+  ssl_info->handshake_type = SSL_session_reused(ssl_)
+                                 ? SSLInfo::HANDSHAKE_RESUME
+                                 : SSLInfo::HANDSHAKE_FULL;
 
   DVLOG(3) << "Encoded connection status: cipher suite = "
-      << SSLConnectionStatusToCipherSuite(ssl_info->connection_status)
-      << " version = "
-      << SSLConnectionStatusToVersion(ssl_info->connection_status);
+           << SSLConnectionStatusToCipherSuite(ssl_info->connection_status)
+           << " version = "
+           << SSLConnectionStatusToVersion(ssl_info->connection_status);
   return true;
 }
 
-void SSLClientSocketOpenSSL::GetConnectionAttempts(
-    ConnectionAttempts* out) const {
+void SSLClientSocketImpl::GetConnectionAttempts(ConnectionAttempts* out) const {
   out->clear();
 }
 
-int64_t SSLClientSocketOpenSSL::GetTotalReceivedBytes() const {
+int64_t SSLClientSocketImpl::GetTotalReceivedBytes() const {
   return transport_->socket()->GetTotalReceivedBytes();
 }
 
-int SSLClientSocketOpenSSL::Read(IOBuffer* buf,
-                                 int buf_len,
-                                 const CompletionCallback& callback) {
+int SSLClientSocketImpl::Read(IOBuffer* buf,
+                              int buf_len,
+                              const CompletionCallback& callback) {
   user_read_buf_ = buf;
   user_read_buf_len_ = buf_len;
 
   int rv = DoReadLoop();
 
   if (rv == ERR_IO_PENDING) {
     user_read_callback_ = callback;
   } else {
     if (rv > 0)
       was_ever_used_ = true;
     user_read_buf_ = NULL;
     user_read_buf_len_ = 0;
   }
 
   return rv;
 }
 
-int SSLClientSocketOpenSSL::Write(IOBuffer* buf,
-                                  int buf_len,
-                                  const CompletionCallback& callback) {
+int SSLClientSocketImpl::Write(IOBuffer* buf,
+                               int buf_len,
+                               const CompletionCallback& callback) {
   user_write_buf_ = buf;
   user_write_buf_len_ = buf_len;
 
   int rv = DoWriteLoop();
 
   if (rv == ERR_IO_PENDING) {
     user_write_callback_ = callback;
   } else {
     if (rv > 0)
       was_ever_used_ = true;
     user_write_buf_ = NULL;
     user_write_buf_len_ = 0;
   }
 
   return rv;
 }
 
-int SSLClientSocketOpenSSL::SetReceiveBufferSize(int32_t size) {
+int SSLClientSocketImpl::SetReceiveBufferSize(int32_t size) {
   return transport_->socket()->SetReceiveBufferSize(size);
 }
 
-int SSLClientSocketOpenSSL::SetSendBufferSize(int32_t size) {
+int SSLClientSocketImpl::SetSendBufferSize(int32_t size) {
   return transport_->socket()->SetSendBufferSize(size);
 }
 
-int SSLClientSocketOpenSSL::Init() {
+int SSLClientSocketImpl::Init() {
   DCHECK(!ssl_);
   DCHECK(!transport_bio_);
 
 #if defined(USE_NSS_CERTS)
   if (ssl_config_.cert_io_enabled) {
     // TODO(davidben): Move this out of SSLClientSocket. See
     // https://crbug.com/539520.
     EnsureNSSHttpIOInit();
   }
 #endif
@@ skipping 21 matching lines @@
   if (session)
     SSL_set_session(ssl_, session.get());
 
   send_buffer_ = new GrowableIOBuffer();
   send_buffer_->SetCapacity(KDefaultOpenSSLBufferSize);
   recv_buffer_ = new GrowableIOBuffer();
   recv_buffer_->SetCapacity(KDefaultOpenSSLBufferSize);
 
   BIO* ssl_bio = NULL;
 
-  // SSLClientSocketOpenSSL retains ownership of the BIO buffers.
+  // SSLClientSocketImpl retains ownership of the BIO buffers.
   if (!BIO_new_bio_pair_external_buf(
           &ssl_bio, send_buffer_->capacity(),
           reinterpret_cast<uint8_t*>(send_buffer_->data()), &transport_bio_,
           recv_buffer_->capacity(),
           reinterpret_cast<uint8_t*>(recv_buffer_->data())))
     return ERR_UNEXPECTED;
   DCHECK(ssl_bio);
   DCHECK(transport_bio_);
 
   // Install a callback on OpenSSL's end to plumb transport errors through.
-  BIO_set_callback(ssl_bio, &SSLClientSocketOpenSSL::BIOCallback);
+  BIO_set_callback(ssl_bio, &SSLClientSocketImpl::BIOCallback);
   BIO_set_callback_arg(ssl_bio, reinterpret_cast<char*>(this));
 
   SSL_set_bio(ssl_, ssl_bio, ssl_bio);
 
   DCHECK_LT(SSL3_VERSION, ssl_config_.version_min);
   DCHECK_LT(SSL3_VERSION, ssl_config_.version_max);
   SSL_set_min_version(ssl_, ssl_config_.version_min);
   SSL_set_max_version(ssl_, ssl_config_.version_max);
 
   // OpenSSL defaults some options to on, others to off. To avoid ambiguity,
@@ skipping 49 matching lines @@
       command.append(":!");
       command.append(SSL_CIPHER_get_name(cipher));
     }
   }
 
   int rv = SSL_set_cipher_list(ssl_, command.c_str());
   // If this fails (rv = 0) it means there are no ciphers enabled on this SSL.
   // This will almost certainly result in the socket failing to complete the
   // handshake at which point the appropriate error is bubbled up to the client.
   LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') "
-                              "returned " << rv;
+                                                                    "returned "
+                           << rv;
 
   // TLS channel ids.
   if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) {
     SSL_enable_tls_channel_id(ssl_);
   }
 
   if (!ssl_config_.alpn_protos.empty()) {
     // Get list of ciphers that are enabled.
     STACK_OF(SSL_CIPHER)* enabled_ciphers = SSL_get_ciphers(ssl_);
     DCHECK(enabled_ciphers);
@@ skipping 21 matching lines @@
     SSL_enable_signed_cert_timestamps(ssl_);
     SSL_enable_ocsp_stapling(ssl_);
   }
 
   if (cert_verifier_->SupportsOCSPStapling())
     SSL_enable_ocsp_stapling(ssl_);
 
   return OK;
 }
 
-void SSLClientSocketOpenSSL::DoReadCallback(int rv) {
+void SSLClientSocketImpl::DoReadCallback(int rv) {
   // Since Run may result in Read being called, clear |user_read_callback_|
   // up front.
   if (rv > 0)
     was_ever_used_ = true;
   user_read_buf_ = NULL;
   user_read_buf_len_ = 0;
   base::ResetAndReturn(&user_read_callback_).Run(rv);
 }
 
-void SSLClientSocketOpenSSL::DoWriteCallback(int rv) {
+void SSLClientSocketImpl::DoWriteCallback(int rv) {
   // Since Run may result in Write being called, clear |user_write_callback_|
   // up front.
   if (rv > 0)
     was_ever_used_ = true;
   user_write_buf_ = NULL;
   user_write_buf_len_ = 0;
   base::ResetAndReturn(&user_write_callback_).Run(rv);
 }
 
-bool SSLClientSocketOpenSSL::DoTransportIO() {
+bool SSLClientSocketImpl::DoTransportIO() {
   bool network_moved = false;
   int rv;
   // Read and write as much data as possible. The loop is necessary because
   // Write() may return synchronously.
   do {
     rv = BufferSend();
     if (rv != ERR_IO_PENDING && rv != 0)
       network_moved = true;
   } while (rv > 0);
   if (transport_read_error_ == OK && BufferRecv() != ERR_IO_PENDING)
     network_moved = true;
   return network_moved;
 }
 
 // TODO(cbentzel): Remove including "base/threading/thread_local.h" and
 // g_first_run_completed once crbug.com/424386 is fixed.
 base::LazyInstance<base::ThreadLocalBoolean>::Leaky g_first_run_completed =
     LAZY_INSTANCE_INITIALIZER;
 
-int SSLClientSocketOpenSSL::DoHandshake() {
+int SSLClientSocketImpl::DoHandshake() {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
   int rv;
 
   // TODO(cbentzel): Leave only 1 call to SSL_do_handshake once crbug.com/424386
   // is fixed.
   if (ssl_config_.send_client_cert && ssl_config_.client_cert.get()) {
     rv = SSL_do_handshake(ssl_);
   } else {
     if (g_first_run_completed.Get().Get()) {
@@ skipping 66 matching lines @@
       ssl_failure_state_ = SSL_FAILURE_NEXT_PROTO;
     } else {
       ssl_failure_state_ = SSL_FAILURE_UNKNOWN;
     }
   }
 
   GotoState(STATE_HANDSHAKE_COMPLETE);
   return net_error;
 }
 
-int SSLClientSocketOpenSSL::DoHandshakeComplete(int result) {
+int SSLClientSocketImpl::DoHandshakeComplete(int result) {
   if (result < 0)
     return result;
 
   if (ssl_config_.version_fallback &&
       ssl_config_.version_max < ssl_config_.version_fallback_min) {
     return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION;
   }
 
   // Check that if token binding was negotiated, then extended master secret
   // must also be negotiated.
@@ skipping 40 matching lines @@
     UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLServerKeyExchangeHash",
                                 server_key_exchange_hash);
   }
 
   // Verify the certificate.
   UpdateServerCert();
   GotoState(STATE_VERIFY_CERT);
   return OK;
 }
 
-int SSLClientSocketOpenSSL::DoChannelIDLookup() {
+int SSLClientSocketImpl::DoChannelIDLookup() {
   NetLog::ParametersCallback callback = base::Bind(
       &NetLogChannelIDLookupCallback, base::Unretained(channel_id_service_));
   net_log_.BeginEvent(NetLog::TYPE_SSL_GET_CHANNEL_ID, callback);
   GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE);
   return channel_id_service_->GetOrCreateChannelID(
       host_and_port_.host(), &channel_id_key_,
-      base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete,
+      base::Bind(&SSLClientSocketImpl::OnHandshakeIOComplete,
                  base::Unretained(this)),
       &channel_id_request_);
 }
 
-int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) {
+int SSLClientSocketImpl::DoChannelIDLookupComplete(int result) {
   net_log_.EndEvent(NetLog::TYPE_SSL_GET_CHANNEL_ID,
                     base::Bind(&NetLogChannelIDLookupCompleteCallback,
                                channel_id_key_.get(), result));
   if (result < 0)
     return result;
 
   // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key
   // type.
   DCHECK(channel_id_key_);
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int rv = SSL_set1_tls_channel_id(ssl_, channel_id_key_->key());
   if (!rv) {
     LOG(ERROR) << "Failed to set Channel ID.";
     int err = SSL_get_error(ssl_, rv);
     return MapOpenSSLError(err, err_tracer);
   }
 
   // Return to the handshake.
   channel_id_sent_ = true;
   GotoState(STATE_HANDSHAKE);
   return OK;
 }
 
-int SSLClientSocketOpenSSL::DoVerifyCert(int result) {
+int SSLClientSocketImpl::DoVerifyCert(int result) {
   DCHECK(!server_cert_chain_->empty());
   DCHECK(start_cert_verification_time_.is_null());
 
   GotoState(STATE_VERIFY_CERT_COMPLETE);
 
   // OpenSSL decoded the certificate, but the platform certificate
   // implementation could not. This is treated as a fatal SSL-level protocol
   // error rather than a certificate error. See https://crbug.com/91341.
   if (!server_cert_.get())
     return ERR_SSL_SERVER_CERT_BAD_FORMAT;
@@ skipping 24 matching lines @@
   }
 
   start_cert_verification_time_ = base::TimeTicks::Now();
 
   return cert_verifier_->Verify(
       server_cert_.get(), host_and_port_.host(), ocsp_response,
       ssl_config_.GetCertVerifyFlags(),
       // TODO(davidben): Route the CRLSet through SSLConfig so
       // SSLClientSocket doesn't depend on SSLConfigService.
       SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_,
-      base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete,
+      base::Bind(&SSLClientSocketImpl::OnHandshakeIOComplete,
                  base::Unretained(this)),
       &cert_verifier_request_, net_log_);
 }
 
-int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) {
+int SSLClientSocketImpl::DoVerifyCertComplete(int result) {
   cert_verifier_request_.reset();
 
   if (!start_cert_verification_time_.is_null()) {
     base::TimeDelta verify_time =
         base::TimeTicks::Now() - start_cert_verification_time_;
     if (result == OK) {
       UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time);
     } else {
       UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time);
     }
@@ skipping 13 matching lines @@
 
   if (result == OK) {
     // Only check Certificate Transparency if there were no other errors with
     // the connection.
     VerifyCT();
 
     DCHECK(!certificate_verified_);
     certificate_verified_ = true;
     MaybeCacheSession();
   } else {
-    DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result)
-             << " (" << result << ")";
+    DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result) << " ("
+             << result << ")";
   }
 
   completed_connect_ = true;
   // Exit DoHandshakeLoop and return the result to the caller to Connect.
   DCHECK_EQ(STATE_NONE, next_handshake_state_);
   return result;
 }
 
-void SSLClientSocketOpenSSL::DoConnectCallback(int rv) {
+void SSLClientSocketImpl::DoConnectCallback(int rv) {
   if (!user_connect_callback_.is_null()) {
     CompletionCallback c = user_connect_callback_;
     user_connect_callback_.Reset();
     c.Run(rv > OK ? OK : rv);
   }
 }
 
-void SSLClientSocketOpenSSL::UpdateServerCert() {
+void SSLClientSocketImpl::UpdateServerCert() {
   server_cert_chain_->Reset(SSL_get_peer_cert_chain(ssl_));
   server_cert_ = server_cert_chain_->AsOSChain();
   if (server_cert_.get()) {
-    net_log_.AddEvent(
-        NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
-        base::Bind(&NetLogX509CertificateCallback,
-                   base::Unretained(server_cert_.get())));
+    net_log_.AddEvent(NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
+                      base::Bind(&NetLogX509CertificateCallback,
+                                 base::Unretained(server_cert_.get())));
   }
 }
 
-void SSLClientSocketOpenSSL::VerifyCT() {
+void SSLClientSocketImpl::VerifyCT() {
   if (!cert_transparency_verifier_)
     return;
 
   const uint8_t* ocsp_response_raw;
   size_t ocsp_response_len;
   SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len);
   std::string ocsp_response;
   if (ocsp_response_len > 0) {
     ocsp_response.assign(reinterpret_cast<const char*>(ocsp_response_raw),
                          ocsp_response_len);
@@ skipping 41 matching lines @@
         server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;
       }
     }
     ct_verify_result_.cert_policy_compliance =
         policy_enforcer_->DoesConformToCertPolicy(
             server_cert_verify_result_.verified_cert.get(),
             ct_verify_result_.verified_scts, net_log_);
   }
 }
 
-void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) {
+void SSLClientSocketImpl::OnHandshakeIOComplete(int result) {
   int rv = DoHandshakeLoop(result);
   if (rv != ERR_IO_PENDING) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     DoConnectCallback(rv);
   }
 }
 
-void SSLClientSocketOpenSSL::OnSendComplete(int result) {
+void SSLClientSocketImpl::OnSendComplete(int result) {
   if (next_handshake_state_ == STATE_HANDSHAKE) {
     // In handshake phase.
     OnHandshakeIOComplete(result);
     return;
   }
 
   // During a renegotiation, a Read call may also be blocked on a transport
   // write, so retry both operations.
   PumpReadWriteEvents();
 }
 
-void SSLClientSocketOpenSSL::OnRecvComplete(int result) {
-  TRACE_EVENT0("net", "SSLClientSocketOpenSSL::OnRecvComplete");
+void SSLClientSocketImpl::OnRecvComplete(int result) {
+  TRACE_EVENT0("net", "SSLClientSocketImpl::OnRecvComplete");
   if (next_handshake_state_ == STATE_HANDSHAKE) {
     // In handshake phase.
     OnHandshakeIOComplete(result);
     return;
   }
 
   // Network layer received some data, check if client requested to read
   // decrypted data.
   if (!user_read_buf_.get())
     return;
 
   int rv = DoReadLoop();
   if (rv != ERR_IO_PENDING)
     DoReadCallback(rv);
 }
 
-int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) {
-  TRACE_EVENT0("net", "SSLClientSocketOpenSSL::DoHandshakeLoop");
+int SSLClientSocketImpl::DoHandshakeLoop(int last_io_result) {
+  TRACE_EVENT0("net", "SSLClientSocketImpl::DoHandshakeLoop");
   int rv = last_io_result;
   do {
     // Default to STATE_NONE for next state.
     // (This is a quirk carried over from the windows
     // implementation.  It makes reading the logs a bit harder.)
     // State handlers can and often do call GotoState just
     // to stay in the current state.
     State state = next_handshake_state_;
     GotoState(STATE_NONE);
     switch (state) {
       case STATE_HANDSHAKE:
         rv = DoHandshake();
         break;
       case STATE_HANDSHAKE_COMPLETE:
         rv = DoHandshakeComplete(rv);
         break;
       case STATE_CHANNEL_ID_LOOKUP:
         DCHECK_EQ(OK, rv);
         rv = DoChannelIDLookup();
-       break;
+        break;
       case STATE_CHANNEL_ID_LOOKUP_COMPLETE:
         rv = DoChannelIDLookupComplete(rv);
         break;
       case STATE_VERIFY_CERT:
         DCHECK_EQ(OK, rv);
         rv = DoVerifyCert(rv);
-       break;
+        break;
       case STATE_VERIFY_CERT_COMPLETE:
         rv = DoVerifyCertComplete(rv);
         break;
       case STATE_NONE:
       default:
         rv = ERR_UNEXPECTED;
         NOTREACHED() << "unexpected state" << state;
         break;
     }
 
     bool network_moved = DoTransportIO();
     if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) {
       // In general we exit the loop if rv is ERR_IO_PENDING.  In this
       // special case we keep looping even if rv is ERR_IO_PENDING because
       // the transport IO may allow DoHandshake to make progress.
       rv = OK;  // This causes us to stay in the loop.
     }
   } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE);
   return rv;
 }
 
-int SSLClientSocketOpenSSL::DoReadLoop() {
+int SSLClientSocketImpl::DoReadLoop() {
   bool network_moved;
   int rv;
   do {
     rv = DoPayloadRead();
     network_moved = DoTransportIO();
   } while (rv == ERR_IO_PENDING && network_moved);
 
   return rv;
 }
 
-int SSLClientSocketOpenSSL::DoWriteLoop() {
+int SSLClientSocketImpl::DoWriteLoop() {
   bool network_moved;
   int rv;
   do {
     rv = DoPayloadWrite();
     network_moved = DoTransportIO();
   } while (rv == ERR_IO_PENDING && network_moved);
 
   return rv;
 }
 
-int SSLClientSocketOpenSSL::DoPayloadRead() {
+int SSLClientSocketImpl::DoPayloadRead() {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
   DCHECK_LT(0, user_read_buf_len_);
   DCHECK(user_read_buf_.get());
 
   int rv;
   if (pending_read_error_ != kNoPendingResult) {
     rv = pending_read_error_;
     pending_read_error_ = kNoPendingResult;
     if (rv == 0) {
-      net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED,
-                                    rv, user_read_buf_->data());
+      net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
+                                    user_read_buf_->data());
     } else {
       net_log_.AddEvent(
           NetLog::TYPE_SSL_READ_ERROR,
           CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_,
                                            pending_read_error_info_));
     }
     pending_read_ssl_error_ = SSL_ERROR_NONE;
     pending_read_error_info_ = OpenSSLErrorInfo();
     return rv;
   }
@@ skipping 69 matching lines @@
     net_log_.AddEvent(
         NetLog::TYPE_SSL_READ_ERROR,
         CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_,
                                          pending_read_error_info_));
     pending_read_ssl_error_ = SSL_ERROR_NONE;
     pending_read_error_info_ = OpenSSLErrorInfo();
   }
   return rv;
 }
 
-int SSLClientSocketOpenSSL::DoPayloadWrite() {
+int SSLClientSocketImpl::DoPayloadWrite() {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_);
 
   if (rv >= 0) {
     net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
                                   user_write_buf_->data());
     return rv;
   }
 
   int ssl_error = SSL_get_error(ssl_, rv);
   if (ssl_error == SSL_ERROR_WANT_PRIVATE_KEY_OPERATION)
     return ERR_IO_PENDING;
   OpenSSLErrorInfo error_info;
-  int net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer,
-                                             &error_info);
+  int net_error =
+      MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info);
 
   if (net_error != ERR_IO_PENDING) {
     net_log_.AddEvent(
         NetLog::TYPE_SSL_WRITE_ERROR,
         CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info));
   }
   return net_error;
 }
 
-void SSLClientSocketOpenSSL::PumpReadWriteEvents() {
+void SSLClientSocketImpl::PumpReadWriteEvents() {
   int rv_read = ERR_IO_PENDING;
   int rv_write = ERR_IO_PENDING;
   bool network_moved;
   do {
     if (user_read_buf_.get())
       rv_read = DoPayloadRead();
     if (user_write_buf_.get())
       rv_write = DoPayloadWrite();
     network_moved = DoTransportIO();
   } while (rv_read == ERR_IO_PENDING && rv_write == ERR_IO_PENDING &&
            (user_read_buf_.get() || user_write_buf_.get()) && network_moved);
 
   // Performing the Read callback may cause |this| to be deleted. If this
   // happens, the Write callback should not be invoked. Guard against this by
   // holding a WeakPtr to |this| and ensuring it's still valid.
-  base::WeakPtr<SSLClientSocketOpenSSL> guard(weak_factory_.GetWeakPtr());
+  base::WeakPtr<SSLClientSocketImpl> guard(weak_factory_.GetWeakPtr());
   if (user_read_buf_.get() && rv_read != ERR_IO_PENDING)
     DoReadCallback(rv_read);
 
   if (!guard.get())
     return;
 
   if (user_write_buf_.get() && rv_write != ERR_IO_PENDING)
     DoWriteCallback(rv_write);
 }
 
-int SSLClientSocketOpenSSL::BufferSend(void) {
+int SSLClientSocketImpl::BufferSend(void) {
   if (transport_send_busy_)
     return ERR_IO_PENDING;
 
   size_t buffer_read_offset;
   uint8_t* read_buf;
   size_t max_read;
   int status = BIO_zero_copy_get_read_buf(transport_bio_, &read_buf,
                                           &buffer_read_offset, &max_read);
   DCHECK_EQ(status, 1);  // Should never fail.
   if (!max_read)
     return 0;  // Nothing pending in the OpenSSL write BIO.
   CHECK_EQ(read_buf, reinterpret_cast<uint8_t*>(send_buffer_->StartOfBuffer()));
   CHECK_LT(buffer_read_offset, static_cast<size_t>(send_buffer_->capacity()));
   send_buffer_->set_offset(buffer_read_offset);
 
   int rv = transport_->socket()->Write(
       send_buffer_.get(), max_read,
-      base::Bind(&SSLClientSocketOpenSSL::BufferSendComplete,
+      base::Bind(&SSLClientSocketImpl::BufferSendComplete,
                  base::Unretained(this)));
   if (rv == ERR_IO_PENDING) {
     transport_send_busy_ = true;
   } else {
     TransportWriteComplete(rv);
   }
   return rv;
 }
 
-int SSLClientSocketOpenSSL::BufferRecv(void) {
+int SSLClientSocketImpl::BufferRecv(void) {
   if (transport_recv_busy_)
     return ERR_IO_PENDING;
 
   // Determine how much was requested from |transport_bio_| that was not
   // actually available.
   size_t requested = BIO_ctrl_get_read_request(transport_bio_);
   if (requested == 0) {
     // This is not a perfect match of error codes, as no operation is
     // actually pending. However, returning 0 would be interpreted as
     // a possible sign of EOF, which is also an inappropriate match.
@@ skipping 17 matching lines @@
   DCHECK_EQ(status, 1);  // Should never fail.
   if (!max_write)
     return ERR_IO_PENDING;
 
   CHECK_EQ(write_buf,
            reinterpret_cast<uint8_t*>(recv_buffer_->StartOfBuffer()));
   CHECK_LT(buffer_write_offset, static_cast<size_t>(recv_buffer_->capacity()));
 
   recv_buffer_->set_offset(buffer_write_offset);
   int rv = transport_->socket()->Read(
-      recv_buffer_.get(),
-      max_write,
-      base::Bind(&SSLClientSocketOpenSSL::BufferRecvComplete,
+      recv_buffer_.get(), max_write,
+      base::Bind(&SSLClientSocketImpl::BufferRecvComplete,
                  base::Unretained(this)));
   if (rv == ERR_IO_PENDING) {
     transport_recv_busy_ = true;
   } else {
     rv = TransportReadComplete(rv);
   }
   return rv;
 }
 
-void SSLClientSocketOpenSSL::BufferSendComplete(int result) {
+void SSLClientSocketImpl::BufferSendComplete(int result) {
   TransportWriteComplete(result);
   OnSendComplete(result);
 }
 
-void SSLClientSocketOpenSSL::BufferRecvComplete(int result) {
+void SSLClientSocketImpl::BufferRecvComplete(int result) {
   result = TransportReadComplete(result);
   OnRecvComplete(result);
 }
 
-void SSLClientSocketOpenSSL::TransportWriteComplete(int result) {
+void SSLClientSocketImpl::TransportWriteComplete(int result) {
   DCHECK(ERR_IO_PENDING != result);
   int bytes_written = 0;
   if (result < 0) {
     // Record the error. Save it to be reported in a future read or write on
     // transport_bio_'s peer.
     transport_write_error_ = result;
   } else {
     bytes_written = result;
   }
   DCHECK_GE(send_buffer_->RemainingCapacity(), bytes_written);
   int ret = BIO_zero_copy_get_read_buf_done(transport_bio_, bytes_written);
   DCHECK_EQ(1, ret);
   transport_send_busy_ = false;
 }
 
-int SSLClientSocketOpenSSL::TransportReadComplete(int result) {
+int SSLClientSocketImpl::TransportReadComplete(int result) {
   DCHECK(ERR_IO_PENDING != result);
   // If an EOF, canonicalize to ERR_CONNECTION_CLOSED here so MapOpenSSLError
   // does not report success.
   if (result == 0)
     result = ERR_CONNECTION_CLOSED;
   int bytes_read = 0;
   if (result < 0) {
     DVLOG(1) << "TransportReadComplete result " << result;
     // Received an error. Save it to be reported in a future read on
     // transport_bio_'s peer.
     transport_read_error_ = result;
   } else {
     bytes_read = result;
   }
   DCHECK_GE(recv_buffer_->RemainingCapacity(), bytes_read);
   int ret = BIO_zero_copy_get_write_buf_done(transport_bio_, bytes_read);
   DCHECK_EQ(1, ret);
   transport_recv_busy_ = false;
   return result;
 }
 
-int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) {
+int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) {
   DVLOG(3) << "OpenSSL ClientCertRequestCallback called";
   DCHECK(ssl == ssl_);
 
   net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED);
 
   // Clear any currently configured certificates.
   SSL_certs_clear(ssl_);
 
 #if defined(OS_IOS)
   // TODO(droger): Support client auth on iOS. See http://crbug.com/145954).
   LOG(WARNING) << "Client auth is not supported";
-#else  // !defined(OS_IOS)
+#else   // !defined(OS_IOS)
   if (!ssl_config_.send_client_cert) {
     // First pass: we know that a client certificate is needed, but we do not
     // have one at hand.
-    STACK_OF(X509_NAME) *authorities = SSL_get_client_CA_list(ssl);
+    STACK_OF(X509_NAME)* authorities = SSL_get_client_CA_list(ssl);
     for (size_t i = 0; i < sk_X509_NAME_num(authorities); i++) {
-      X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i);
+      X509_NAME* ca_name = (X509_NAME*)sk_X509_NAME_value(authorities, i);
       unsigned char* str = NULL;
       int length = i2d_X509_NAME(ca_name, &str);
       cert_authorities_.push_back(std::string(
-          reinterpret_cast<const char*>(str),
-          static_cast<size_t>(length)));
+          reinterpret_cast<const char*>(str), static_cast<size_t>(length)));
       OPENSSL_free(str);
     }
 
     const unsigned char* client_cert_types;
     size_t num_client_cert_types =
         SSL_get0_certificate_types(ssl, &client_cert_types);
     for (size_t i = 0; i < num_client_cert_types; i++) {
       cert_key_types_.push_back(
           static_cast<SSLClientCertType>(client_cert_types[i]));
     }
@@ skipping 69 matching lines @@
     return 1;
   }
 #endif  // defined(OS_IOS)
 
   // Send no client certificate.
   net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
                     NetLog::IntCallback("cert_count", 0));
   return 1;
 }
 
-int SSLClientSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx) {
+int SSLClientSocketImpl::CertVerifyCallback(X509_STORE_CTX* store_ctx) {
   if (!completed_connect_) {
     // If the first handshake hasn't completed then we accept any certificates
     // because we verify after the handshake.
     return 1;
   }
 
   // Disallow the server certificate to change in a renegotiation.
   if (server_cert_chain_->empty()) {
     LOG(ERROR) << "Received invalid certificate chain between handshakes";
     return 0;
@@ skipping 10 matching lines @@
     return 0;
   }
 
   return 1;
 }
 
 // SelectNextProtoCallback is called by OpenSSL during the handshake. If the
 // server supports NPN, selects a protocol from the list that the server
 // provides. According to third_party/boringssl/src/ssl/ssl_lib.c, the
 // callback can assume that |in| is syntactically valid.
-int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
-                                                    unsigned char* outlen,
-                                                    const unsigned char* in,
-                                                    unsigned int inlen) {
+int SSLClientSocketImpl::SelectNextProtoCallback(unsigned char** out,
+                                                 unsigned char* outlen,
+                                                 const unsigned char* in,
+                                                 unsigned int inlen) {
   if (ssl_config_.npn_protos.empty()) {
     *out = reinterpret_cast<uint8_t*>(
         const_cast<char*>(kDefaultSupportedNPNProtocol));
     *outlen = arraysize(kDefaultSupportedNPNProtocol) - 1;
     npn_status_ = kNextProtoUnsupported;
     return SSL_TLSEXT_ERR_OK;
   }
 
   // Assume there's no overlap between our protocols and the server's list.
   npn_status_ = kNextProtoNoOverlap;
@@ skipping 22 matching lines @@
     *out = reinterpret_cast<unsigned char*>(const_cast<char*>(proto));
     *outlen = strlen(proto);
   }
 
   npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen);
   DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_;
   set_negotiation_extension(kExtensionNPN);
   return SSL_TLSEXT_ERR_OK;
 }
 
-long SSLClientSocketOpenSSL::MaybeReplayTransportError(
-    BIO *bio,
-    int cmd,
-    const char *argp, int argi, long argl,
-    long retvalue) {
-  if (cmd == (BIO_CB_READ|BIO_CB_RETURN) && retvalue <= 0) {
+long SSLClientSocketImpl::MaybeReplayTransportError(BIO* bio,
+                                                    int cmd,
+                                                    const char* argp,
+                                                    int argi,
+                                                    long argl,
+                                                    long retvalue) {
+  if (cmd == (BIO_CB_READ | BIO_CB_RETURN) && retvalue <= 0) {
     // If there is no more data in the buffer, report any pending errors that
     // were observed. Note that both the readbuf and the writebuf are checked
     // for errors, since the application may have encountered a socket error
     // while writing that would otherwise not be reported until the application
     // attempted to write again - which it may never do. See
     // https://crbug.com/249848.
     if (transport_read_error_ != OK) {
       OpenSSLPutNetError(FROM_HERE, transport_read_error_);
       return -1;
     }
     if (transport_write_error_ != OK) {
       OpenSSLPutNetError(FROM_HERE, transport_write_error_);
       return -1;
     }
   } else if (cmd == BIO_CB_WRITE) {
     // Because of the write buffer, this reports a failure from the previous
     // write payload. If the current payload fails to write, the error will be
     // reported in a future write or read to |bio|.
     if (transport_write_error_ != OK) {
       OpenSSLPutNetError(FROM_HERE, transport_write_error_);
       return -1;
     }
   }
   return retvalue;
 }
 
 // static
-long SSLClientSocketOpenSSL::BIOCallback(
-    BIO *bio,
-    int cmd,
-    const char *argp, int argi, long argl,
-    long retvalue) {
-  SSLClientSocketOpenSSL* socket = reinterpret_cast<SSLClientSocketOpenSSL*>(
-      BIO_get_callback_arg(bio));
+long SSLClientSocketImpl::BIOCallback(BIO* bio,
+                                      int cmd,
+                                      const char* argp,
+                                      int argi,
+                                      long argl,
+                                      long retvalue) {
+  SSLClientSocketImpl* socket =
+      reinterpret_cast<SSLClientSocketImpl*>(BIO_get_callback_arg(bio));
   CHECK(socket);
-  return socket->MaybeReplayTransportError(
-      bio, cmd, argp, argi, argl, retvalue);
+  return socket->MaybeReplayTransportError(bio, cmd, argp, argi, argl,
+                                           retvalue);
 }
 
-void SSLClientSocketOpenSSL::MaybeCacheSession() {
+void SSLClientSocketImpl::MaybeCacheSession() {
   // Only cache the session once both a new session has been established and the
   // certificate has been verified. Due to False Start, these events may happen
   // in either order.
   if (!session_pending_ || !certificate_verified_)
     return;
 
   SSLContext::GetInstance()->session_cache()->Insert(GetSessionCacheKey(),
                                                      SSL_get_session(ssl_));
   session_pending_ = false;
 }
 
-int SSLClientSocketOpenSSL::NewSessionCallback(SSL_SESSION* session) {
+int SSLClientSocketImpl::NewSessionCallback(SSL_SESSION* session) {
   DCHECK_EQ(session, SSL_get_session(ssl_));
 
   // Only sessions from the initial handshake get cached. Note this callback may
   // be signaled on abbreviated handshakes if the ticket was renewed.
   session_pending_ = true;
   MaybeCacheSession();
 
   // OpenSSL passes a reference to |session|, but the session cache does not
   // take this reference, so release it.
   SSL_SESSION_free(session);
   return 1;
 }
 
-void SSLClientSocketOpenSSL::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const {
+void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const {
   ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_);
 }
 
-std::string SSLClientSocketOpenSSL::GetSessionCacheKey() const {
+std::string SSLClientSocketImpl::GetSessionCacheKey() const {
   std::string result = host_and_port_.ToString();
   result.append("/");
   result.append(ssl_session_cache_shard_);
 
   // Shard the session cache based on maximum protocol version. This causes
   // fallback connections to use a separate session cache.
   result.append("/");
   switch (ssl_config_.version_max) {
     case SSL_PROTOCOL_VERSION_TLS1:
       result.append("tls1");
@@ skipping 12 matching lines @@
   if (ssl_config_.deprecated_cipher_suites_enabled)
     result.append("deprecated");
 
   result.append("/");
   if (ssl_config_.channel_id_enabled)
     result.append("channelid");
 
   return result;
 }
 
-bool SSLClientSocketOpenSSL::IsRenegotiationAllowed() const {
+bool SSLClientSocketImpl::IsRenegotiationAllowed() const {
   if (tb_was_negotiated_)
     return false;
 
   if (npn_status_ == kNextProtoUnsupported)
     return ssl_config_.renego_allowed_default;
 
   NextProto next_proto = NextProtoFromString(npn_proto_);
   for (NextProto allowed : ssl_config_.renego_allowed_for_protos) {
     if (next_proto == allowed)
       return true;
   }
   return false;
 }
 
-int SSLClientSocketOpenSSL::PrivateKeyTypeCallback() {
+int SSLClientSocketImpl::PrivateKeyTypeCallback() {
   switch (ssl_config_.client_private_key->GetType()) {
     case SSLPrivateKey::Type::RSA:
       return EVP_PKEY_RSA;
     case SSLPrivateKey::Type::ECDSA:
       return EVP_PKEY_EC;
   }
   NOTREACHED();
   return EVP_PKEY_NONE;
 }
 
-size_t SSLClientSocketOpenSSL::PrivateKeyMaxSignatureLenCallback() {
+size_t SSLClientSocketImpl::PrivateKeyMaxSignatureLenCallback() {
   return ssl_config_.client_private_key->GetMaxSignatureLengthInBytes();
 }
 
-ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCallback(
+ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCallback(
     uint8_t* out,
     size_t* out_len,
     size_t max_out,
     const EVP_MD* md,
     const uint8_t* in,
     size_t in_len) {
   DCHECK_EQ(kNoPendingResult, signature_result_);
   DCHECK(signature_.empty());
   DCHECK(ssl_config_.client_private_key);
 
   SSLPrivateKey::Hash hash;
   if (!EVP_MDToPrivateKeyHash(md, &hash)) {
     OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
     return ssl_private_key_failure;
   }
 
   net_log_.BeginEvent(
       NetLog::TYPE_SSL_PRIVATE_KEY_OPERATION,
       base::Bind(&NetLogPrivateKeyOperationCallback,
                  ssl_config_.client_private_key->GetType(), hash));
 
   signature_result_ = ERR_IO_PENDING;
   ssl_config_.client_private_key->SignDigest(
       hash, base::StringPiece(reinterpret_cast<const char*>(in), in_len),
-      base::Bind(&SSLClientSocketOpenSSL::OnPrivateKeySignComplete,
+      base::Bind(&SSLClientSocketImpl::OnPrivateKeySignComplete,
                  weak_factory_.GetWeakPtr()));
   return ssl_private_key_retry;
 }
 
-ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCompleteCallback(
+ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCompleteCallback(
     uint8_t* out,
     size_t* out_len,
     size_t max_out) {
   DCHECK_NE(kNoPendingResult, signature_result_);
   DCHECK(ssl_config_.client_private_key);
 
   if (signature_result_ == ERR_IO_PENDING)
     return ssl_private_key_retry;
   if (signature_result_ != OK) {
     OpenSSLPutNetError(FROM_HERE, signature_result_);
     return ssl_private_key_failure;
   }
   if (signature_.size() > max_out) {
     OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
     return ssl_private_key_failure;
   }
   memcpy(out, signature_.data(), signature_.size());
   *out_len = signature_.size();
   signature_.clear();
   return ssl_private_key_success;
 }
 
-void SSLClientSocketOpenSSL::OnPrivateKeySignComplete(
+void SSLClientSocketImpl::OnPrivateKeySignComplete(
     Error error,
     const std::vector<uint8_t>& signature) {
   DCHECK_EQ(ERR_IO_PENDING, signature_result_);
   DCHECK(signature_.empty());
   DCHECK(ssl_config_.client_private_key);
 
   net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_PRIVATE_KEY_OPERATION,
                                     error);
 
   signature_result_ = error;
   if (signature_result_ == OK)
     signature_ = signature;
 
   if (next_handshake_state_ == STATE_HANDSHAKE) {
     OnHandshakeIOComplete(signature_result_);
     return;
   }
 
   // During a renegotiation, either Read or Write calls may be blocked on an
   // asynchronous private key operation.
   PumpReadWriteEvents();
 }
 
-int SSLClientSocketOpenSSL::TokenBindingAdd(const uint8_t** out,
-                                            size_t* out_len,
-                                            int* out_alert_value) {
+int SSLClientSocketImpl::TokenBindingAdd(const uint8_t** out,
+                                         size_t* out_len,
+                                         int* out_alert_value) {
   if (ssl_config_.token_binding_params.empty()) {
     return 0;
   }
   crypto::AutoCBB output;
   CBB parameters_list;
   if (!CBB_init(output.get(), 7) ||
       !CBB_add_u8(output.get(), kTbProtocolVersionMajor) ||
       !CBB_add_u8(output.get(), kTbProtocolVersionMinor) ||
       !CBB_add_u8_length_prefixed(output.get(), &parameters_list)) {
     *out_alert_value = SSL_AD_INTERNAL_ERROR;
     return -1;
   }
   for (size_t i = 0; i < ssl_config_.token_binding_params.size(); ++i) {
     if (!CBB_add_u8(&parameters_list, ssl_config_.token_binding_params[i])) {
       *out_alert_value = SSL_AD_INTERNAL_ERROR;
       return -1;
     }
   }
   // |*out| will be freed by TokenBindingFreeCallback.
   if (!CBB_finish(output.get(), const_cast<uint8_t**>(out), out_len)) {
     *out_alert_value = SSL_AD_INTERNAL_ERROR;
     return -1;
   }
 
   return 1;
 }
 
-int SSLClientSocketOpenSSL::TokenBindingParse(const uint8_t* contents,
-                                              size_t contents_len,
-                                              int* out_alert_value) {
+int SSLClientSocketImpl::TokenBindingParse(const uint8_t* contents,
+                                           size_t contents_len,
+                                           int* out_alert_value) {
   if (completed_connect_) {
     // Token Binding may only be negotiated on the initial handshake.
     *out_alert_value = SSL_AD_ILLEGAL_PARAMETER;
     return 0;
   }
 
   CBS extension;
   CBS_init(&extension, contents, contents_len);
 
   CBS parameters_list;
@@ skipping 27 matching lines @@
       tb_was_negotiated_ = true;
       return 1;
     }
   }
 
   *out_alert_value = SSL_AD_ILLEGAL_PARAMETER;
   return 0;
 }
 
 }  // namespace net