Move Net.SSLHandshakeEarlyDataReason to DoPeek().

DoPeek() is driven on all post-handshake operations, so it's a common point to figure out the early data reject. Bug: 1000659 Change-Id: Ibcb16048a8e804d98eafa574a371d563140f374a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1863380Reviewed-by: Steven Valdez <svaldez@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#707009}

Move Net.SSLHandshakeEarlyDataReason to DoPeek().
DoPeek() is driven on all post-handshake operations, so it's a common point to figure out the early data reject. Bug: 1000659 Change-Id: Ibcb16048a8e804d98eafa574a371d563140f374a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1863380Reviewed-by: Steven Valdez <svaldez@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#707009}
421689f8 · David Benjamin · Commit Bot · b66107d7 · 421689f8 · 421689f8
Commit 421689f8 authored Oct 17, 2019 by David Benjamin Committed by Commit Bot Oct 17, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 28 deletions

net/socket/ssl_client_socket_impl.cc net/socket/ssl_client_socket_impl.cc +23 -23

net/socket/ssl_client_socket_impl.h net/socket/ssl_client_socket_impl.h +0 -5

No files found.
--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc
@@ -943,9 +943,6 @@ int SSLClientSocketImpl::DoHandshake() {
 }

 int SSLClientSocketImpl::DoHandshakeComplete(int result) {
-  if (in_confirm_handshake_)
-    MaybeRecordEarlyDataResult();
-
  if (result < 0)
    return result;

@@ -1372,8 +1369,6 @@ int SSLClientSocketImpl::DoPayloadRead(IOBuffer* buf, int buf_len) {
      DCHECK_NE(kSSLClientSocketNoPendingResult, signature_result_);
      pending_read_error_ = ERR_IO_PENDING;
    } else {
-      if (pending_read_ssl_error_ == SSL_ERROR_EARLY_DATA_REJECTED)
-        MaybeRecordEarlyDataResult();
      pending_read_error_ = MapLastOpenSSLError(
          pending_read_ssl_error_, err_tracer, &pending_read_error_info_);
    }
@@ -1391,8 +1386,6 @@ int SSLClientSocketImpl::DoPayloadRead(IOBuffer* buf, int buf_len) {
    // next call of DoPayloadRead.
    rv = total_bytes_read;

-    MaybeRecordEarlyDataResult();
-
    // Do not treat insufficient data as an error to return in the next call to
    // DoPayloadRead() - instead, let the call fall through to check SSL_read()
    // again. The transport may have data available by then.
@@ -1456,6 +1449,29 @@ void SSLClientSocketImpl::DoPeek() {

  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

+  if (ssl_config_.early_data_enabled && !recorded_early_data_result_) {
+    // |SSL_peek| will implicitly run |SSL_do_handshake| if needed, but run it
+    // manually to pick up the reject reason.
+    int rv = SSL_do_handshake(ssl_.get());
+    int ssl_err = SSL_get_error(ssl_.get(), rv);
+    if (ssl_err == SSL_ERROR_WANT_READ || ssl_err == SSL_ERROR_WANT_WRITE) {
+      return;
+    }
+
+    // Since the two-parameter version of the macro (which asks for a max value)
+    // requires that the max value sentinel be named |kMaxValue|, transform the
+    // max-value sentinel into a one-past-the-end ("boundary") sentinel by
+    // adding 1, in order to be able to use the three-parameter macro.
+    UMA_HISTOGRAM_ENUMERATION("Net.SSLHandshakeEarlyDataReason",
+                              SSL_get_early_data_reason(ssl_.get()),
+                              ssl_early_data_reason_max_value + 1);
+    recorded_early_data_result_ = true;
+    if (ssl_err != SSL_ERROR_NONE) {
+      peek_complete_ = true;
+      return;
+    }
+  }
+
  char byte;
  int rv = SSL_peek(ssl_.get(), &byte, 1);
  int ssl_err = SSL_get_error(ssl_.get(), rv);
@@ -1817,22 +1833,6 @@ void SSLClientSocketImpl::RecordNegotiatedProtocol() const {
                            negotiated_protocol_, kProtoLast + 1);
 }

-void SSLClientSocketImpl::MaybeRecordEarlyDataResult() {
-  DCHECK(ssl_);
-  if (!ssl_config_.early_data_enabled || recorded_early_data_result_)
-    return;
-
-  recorded_early_data_result_ = true;
-  // Since the two-parameter version of the macro (which asks for a max
-  // value) requires that the max value sentinel be named |kMaxValue|,
-  // transform the max-value sentinel into a one-past-the-end ("boundary")
-  // sentinel by adding 1, in order to be able to use the three-parameter
-  // macro.
-  UMA_HISTOGRAM_ENUMERATION("Net.SSLHandshakeEarlyDataReason",
-                            SSL_get_early_data_reason(ssl_.get()),
-                            ssl_early_data_reason_max_value + 1);
-}
-
 int SSLClientSocketImpl::MapLastOpenSSLError(
    int ssl_error,
    const crypto::OpenSSLErrStackTracer& tracer,

--- a/net/socket/ssl_client_socket_impl.h
+++ b/net/socket/ssl_client_socket_impl.h
@@ -201,11 +201,6 @@ class SSLClientSocketImpl : public SSLClientSocket,
  // in a UMA histogram.
  void RecordNegotiatedProtocol() const;

-  // Records the result of a handshake where early data was requested
-  // in the corresponding UMA histogram.  This will happen at most once
-  // during the lifetime of the socket.
-  void MaybeRecordEarlyDataResult();
-
  // Returns the net error corresponding to the most recent OpenSSL
  // error. ssl_error is the output of SSL_get_error.
  int MapLastOpenSSLError(int ssl_error,