Perform ClientHello padding if the field trial is enabled

net/socket/ssl_client_socket_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // OpenSSL binding for SSLClientSocket. The class layout and general principle
 // of operation is derived from SSLClientSocketNSS.
 
 #include "net/socket/ssl_client_socket_openssl.h"
 
 #include <errno.h>
@@ skipping 456 matching lines @@
   // TransportSecurityState.
   DCHECK(transport_security_state_);
 
   net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT);
 
   // Set up new ssl object.
   int rv = Init();
   if (rv != OK) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(rv));
+    if (ssl_config_.fastradio_padding_eligible)
+      UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error_ClientPadding",
+                                  std::abs(rv));

[davidben, 2015/02/04 01:04:47]

It looks like SSL_Connection_Error metrics were added specifically for this
experiment. We already have a pile of connection metrics here:

https://code.google.com/p/chromium/codesearch#chromium/src/net/socket/ssl_cli...

The ones here apply only to OpenSSL, but some of our ports still ship NSS.
They're also duplicated a lot. If I recall, the histogram macros expand out to a
decent amount of code with a static thing to cache them and everything. We don't
actually want to be duplicating them in lots of places like that.

This also is more directly comparable with the _Latency metrics. Not every
SSLClientSocket goes through SSLConnectJob.

We also already have error metrics at a higher level here:

https://code.google.com/p/chromium/codesearch#chromium/src/content/browser/lo...

Both sets are also already keyed on Google, so that might avoid your extra
boolean. Though it would also somewhat assume that the higher-level check is
compatible with the lower-level check. I'll defer to Ryan there.

[jeremyim, 2015/02/04 17:26:32]

We were planning on using the latency metrics from ssl_client_socket_pool.cc and
we were only adding these metrics to measure error rates. We didn't have
confidence that the higher level main/sub frame error rates would give us
sufficient visibility into whether the padding introduced higher error rates.

I think we are ok with the metrics only being in OpenSSL since NSS doesn't
support fastradio padding.

[davidben, 2015/02/04 17:44:36]

SSL_Connection_Error is extremely generic and isn't specific to
OpenSSL/BoringSSL. It's very confusing to have metrics (unless they're so
specific so as to be measuring implementation quirks like
Net.SSLSessionVersionMatch) only be available on one side and not the other.

In fact, the immediate cause for my bringing this up is I noticed that metric
and immediately went to compare it before and after the NSS -> BoringSSL switch
across platforms. (It turns out the metric was newly added, so it wouldn't have
been helpful anyway. But there are still NSS -> BoringSSL switches to come.)

There's also still the other concerns like binary size from expanding the
histogram macro in so many places and being able to directly compare
SSL_Connection_Error and SSL_Connection_Latency.

     return rv;
   }
 
   // Set SSL to client mode. Handshake happens in the loop below.
   SSL_set_connect_state(ssl_);
 
+  // Enable fastradio padding.
+  SSL_enable_fastradio_padding(ssl_,
+                               ssl_config_.enable_fastradio_padding &&
+                                   ssl_config_.fastradio_padding_eligible);
+
   GotoState(STATE_HANDSHAKE);
   rv = DoHandshakeLoop(OK);
   if (rv == ERR_IO_PENDING) {
     user_connect_callback_ = callback;
   } else {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(rv));
+    if (ssl_config_.fastradio_padding_eligible)
+      UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error_ClientPadding",
+                                  std::abs(rv));
     if (rv < OK)
       OnHandshakeCompletion();
   }
 
   return rv > OK ? OK : rv;
 }
 
 void SSLClientSocketOpenSSL::Disconnect() {
   // If a handshake was pending (Connect() had been called), notify interested
   // parties that it's been aborted now. If the handshake had already
@@ skipping 860 matching lines @@
       }
     }
   }
 }
 
 void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) {
   int rv = DoHandshakeLoop(result);
   if (rv != ERR_IO_PENDING) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(rv));
+    if (ssl_config_.fastradio_padding_eligible)
+      UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error_ClientPadding",
+                                  std::abs(rv));
     DoConnectCallback(rv);
   }
 }
 
 void SSLClientSocketOpenSSL::OnSendComplete(int result) {
   if (next_handshake_state_ == STATE_HANDSHAKE) {
     // In handshake phase.
     OnHandshakeIOComplete(result);
     return;
   }
@@ skipping 643 matching lines @@
                                             ct::SCT_STATUS_LOG_UNKNOWN));
   }
 }
 
 scoped_refptr<X509Certificate>
 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
   return server_cert_;
 }
 
 }  // namespace net