Perform ClientHello padding if the field trial is enabled

net/socket/ssl_client_socket_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // OpenSSL binding for SSLClientSocket. The class layout and general principle
 // of operation is derived from SSLClientSocketNSS.
 
 #include "net/socket/ssl_client_socket_openssl.h"
 
 #include <errno.h>
@@ skipping 21 matching lines @@
 #include "net/cert/ct_ev_whitelist.h"
 #include "net/cert/ct_verifier.h"
 #include "net/cert/single_request_cert_verifier.h"
 #include "net/cert/x509_certificate_net_log_param.h"
 #include "net/cert/x509_util_openssl.h"
 #include "net/http/transport_security_state.h"
 #include "net/socket/ssl_session_cache_openssl.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/ssl/ssl_info.h"
+#include "net/ssl/ssl_socket_config_service.h"
 
 #if defined(OS_WIN)
 #include "base/win/windows_version.h"
 #endif
 
 #if defined(USE_OPENSSL_CERTS)
 #include "net/ssl/openssl_client_key_store.h"
 #else
 #include "net/ssl/openssl_platform_key.h"
 #endif
@@ skipping 315 matching lines @@
       pending_read_ssl_error_(SSL_ERROR_NONE),
       transport_read_error_(OK),
       transport_write_error_(OK),
       server_cert_chain_(new PeerCertificateChain(NULL)),
       completed_connect_(false),
       was_ever_used_(false),
       client_auth_cert_needed_(false),
       cert_verifier_(context.cert_verifier),
       cert_transparency_verifier_(context.cert_transparency_verifier),
       channel_id_service_(context.channel_id_service),
+      ssl_socket_config_service_(context.ssl_socket_config_service),
       ssl_(NULL),
       transport_bio_(NULL),
       transport_(transport_socket.Pass()),
       host_and_port_(host_and_port),
       ssl_config_(ssl_config),
       ssl_session_cache_shard_(context.ssl_session_cache_shard),
       trying_cached_session_(false),
       next_handshake_state_(STATE_NONE),
       npn_status_(kNextProtoUnsupported),
       channel_id_xtn_negotiated_(false),
@@ skipping 76 matching lines @@
   // TransportSecurityState.
   DCHECK(transport_security_state_);
 
   net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT);
 
   // Set up new ssl object.
   int rv = Init();
   if (rv != OK) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(rv));
+    if (ssl_socket_config_service_ &&
+        ssl_socket_config_service_->IsGoogle(host_and_port_))
+      UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error_Google",
+                                  std::abs(rv));
     return rv;
   }
 
   // Set SSL to client mode. Handshake happens in the loop below.
   SSL_set_connect_state(ssl_);
 
   GotoState(STATE_HANDSHAKE);
   rv = DoHandshakeLoop(OK);
   if (rv == ERR_IO_PENDING) {
     user_connect_callback_ = callback;
   } else {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(rv));
+    if (ssl_socket_config_service_ &&
+        ssl_socket_config_service_->IsGoogle(host_and_port_))
+      UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error_Google",
+                                  std::abs(rv));
     if (rv < OK)
       OnHandshakeCompletion();
   }
 
   return rv > OK ? OK : rv;
 }
 
 void SSLClientSocketOpenSSL::Disconnect() {
   // If a handshake was pending (Connect() had been called), notify interested
   // parties that it's been aborted now. If the handshake had already
@@ skipping 379 matching lines @@
   }
 
   if (ssl_config_.signed_cert_timestamps_enabled) {
     SSL_enable_signed_cert_timestamps(ssl_);
     SSL_enable_ocsp_stapling(ssl_);
   }
 
   if (IsOCSPStaplingSupported())
     SSL_enable_ocsp_stapling(ssl_);
 
+  if (ssl_socket_config_service_) {
+    if (ssl_socket_config_service_->UseFastRadioPadding(host_and_port_)) {
+      SSL_enable_fastradio_padding(ssl_, 1);
+    } else {
+      SSL_enable_fastradio_padding(ssl_, 0);
+    }
+  }
+
   return OK;
 }
 
 void SSLClientSocketOpenSSL::DoReadCallback(int rv) {
   // Since Run may result in Read being called, clear |user_read_callback_|
   // up front.
   if (rv > 0)
     was_ever_used_ = true;
   user_read_buf_ = NULL;
   user_read_buf_len_ = 0;
@@ skipping 461 matching lines @@
       }
     }
   }
 }
 
 void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) {
   int rv = DoHandshakeLoop(result);
   if (rv != ERR_IO_PENDING) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(rv));
+    if (ssl_socket_config_service_ &&
+        ssl_socket_config_service_->IsGoogle(host_and_port_))

[Alexei Svitkine (slow), 2015/01/30 18:16:19]

Nit: {}

+      UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error_Google",
+                                  std::abs(rv));
     DoConnectCallback(rv);
   }
 }
 
 void SSLClientSocketOpenSSL::OnSendComplete(int result) {
   if (next_handshake_state_ == STATE_HANDSHAKE) {
     // In handshake phase.
     OnHandshakeIOComplete(result);
     return;
   }
@@ skipping 643 matching lines @@
                                             ct::SCT_STATUS_LOG_UNKNOWN));
   }
 }
 
 scoped_refptr<X509Certificate>
 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
   return server_cert_;
 }
 
 }  // namespace net