RubyGems - grpc - Versions diffs - 1.12.0 → 1.13.0.pre1 - Mend

grpc 1.12.0 → 1.13.0.pre1

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (245) hide show

checksums.yaml +4 -4
data/Makefile +314 -23
data/include/grpc/impl/codegen/fork.h +4 -4
data/include/grpc/impl/codegen/grpc_types.h +1 -1
data/include/grpc/impl/codegen/port_platform.h +3 -0
data/src/boringssl/err_data.c +256 -246
data/src/core/ext/filters/client_channel/channel_connectivity.cc +1 -1
data/src/core/ext/filters/client_channel/client_channel.cc +367 -272
data/src/core/ext/filters/client_channel/lb_policy.h +1 -3
data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +11 -9
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +42 -32
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +36 -0
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +36 -102
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +37 -32
data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +22 -19
data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
data/src/core/ext/filters/client_channel/resolver.h +1 -3
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +3 -3
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +0 -1
data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +4 -4
data/src/core/ext/filters/client_channel/subchannel.cc +3 -3
data/src/core/ext/filters/http/client_authority_filter.cc +5 -4
data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +4 -4
data/src/core/ext/filters/http/server/http_server_filter.cc +123 -131
data/src/core/ext/transport/chttp2/server/chttp2_server.cc +1 -1
data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +9 -8
data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +19 -19
data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +10 -6
data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +4 -3
data/src/core/ext/transport/chttp2/transport/parsing.cc +14 -12
data/src/core/ext/transport/chttp2/transport/writing.cc +6 -6
data/src/core/lib/channel/channel_stack.cc +0 -5
data/src/core/lib/channel/channel_stack.h +1 -1
data/src/core/lib/channel/channel_stack_builder.cc +0 -3
data/src/core/lib/channel/channel_stack_builder.h +0 -2
data/src/core/lib/channel/channel_trace.cc +3 -3
data/src/core/lib/channel/channelz_registry.cc +77 -0
data/src/core/lib/channel/channelz_registry.h +99 -0
data/src/core/lib/channel/handshaker.cc +20 -1
data/src/core/lib/debug/stats.h +7 -0
data/src/core/lib/debug/stats_data.cc +5 -0
data/src/core/lib/debug/stats_data.h +120 -0
data/src/core/lib/debug/trace.h +11 -9
data/src/core/lib/gprpp/fork.cc +260 -0
data/src/core/lib/gprpp/fork.h +79 -0
data/src/core/lib/gprpp/memory.h +12 -0
data/src/core/lib/gprpp/orphanable.h +2 -6
data/src/core/lib/gprpp/ref_counted.h +2 -6
data/src/core/lib/gprpp/thd.h +0 -3
data/src/core/lib/gprpp/thd_posix.cc +4 -53
data/src/core/lib/gprpp/thd_windows.cc +0 -7
data/src/core/lib/http/httpcli_security_connector.cc +1 -3
data/src/core/lib/iomgr/combiner.cc +19 -2
data/src/core/lib/iomgr/combiner.h +1 -1
data/src/core/lib/iomgr/ev_epoll1_linux.cc +2 -2
data/src/core/lib/iomgr/ev_epollex_linux.cc +59 -3
data/src/core/lib/iomgr/ev_epollsig_linux.cc +1 -1
data/src/core/lib/iomgr/ev_poll_posix.cc +2 -2
data/src/core/lib/iomgr/ev_posix.cc +11 -4
data/src/core/lib/iomgr/ev_posix.h +6 -0
data/src/core/lib/iomgr/exec_ctx.cc +9 -9
data/src/core/lib/iomgr/exec_ctx.h +39 -20
data/src/core/lib/iomgr/fork_posix.cc +30 -18
data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
data/src/core/lib/iomgr/polling_entity.cc +11 -2
data/src/core/lib/iomgr/pollset_custom.cc +2 -2
data/src/core/lib/iomgr/port.h +38 -1
data/src/core/lib/iomgr/resolve_address.h +1 -1
data/src/core/lib/iomgr/resolve_address_posix.cc +1 -1
data/src/core/lib/iomgr/resource_quota.cc +1 -1
data/src/core/lib/iomgr/sockaddr_posix.h +1 -1
data/src/core/lib/iomgr/socket_factory_posix.cc +1 -1
data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -1
data/src/core/lib/iomgr/tcp_client_custom.cc +3 -3
data/src/core/lib/iomgr/tcp_client_posix.cc +3 -2
data/src/core/lib/iomgr/tcp_custom.cc +1 -1
data/src/core/lib/iomgr/tcp_posix.cc +18 -10
data/src/core/lib/iomgr/tcp_server_posix.cc +9 -8
data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +16 -4
data/src/core/lib/iomgr/timer.h +1 -1
data/src/core/lib/iomgr/timer_generic.cc +113 -41
data/src/core/lib/iomgr/timer_manager.cc +1 -1
data/src/core/lib/security/credentials/credentials.h +1 -0
data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +88 -115
data/src/core/lib/security/credentials/google_default/google_default_credentials.h +16 -0
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -6
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
data/src/core/lib/security/security_connector/alts_security_connector.cc +2 -1
data/src/core/lib/security/security_connector/security_connector.cc +7 -7
data/src/core/lib/security/transport/security_handshaker.cc +1 -0
data/src/core/lib/security/util/json_util.cc +4 -0
data/src/core/lib/slice/slice_buffer.cc +15 -3
data/src/core/lib/surface/call.cc +31 -17
data/src/core/lib/surface/call.h +5 -0
data/src/core/lib/surface/channel.cc +2 -5
data/src/core/lib/surface/completion_queue.cc +1 -3
data/src/core/lib/surface/completion_queue.h +0 -1
data/src/core/lib/surface/init.cc +7 -8
data/src/core/lib/surface/version.cc +2 -2
data/src/core/lib/transport/byte_stream.cc +1 -1
data/src/core/lib/transport/transport.cc +2 -1
data/src/core/lib/transport/transport.h +4 -8
data/src/core/lib/transport/transport_op_string.cc +1 -1
data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +19 -7
data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +10 -0
data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +28 -2
data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +3 -0
data/src/core/tsi/fake_transport_security.cc +1 -0
data/src/core/tsi/ssl_transport_security.cc +238 -110
data/src/core/tsi/transport_security.cc +14 -0
data/src/core/tsi/transport_security.h +2 -0
data/src/core/tsi/transport_security_interface.h +11 -1
data/src/ruby/bin/math_client.rb +17 -9
data/src/ruby/lib/grpc/generic/rpc_server.rb +2 -1
data/src/ruby/lib/grpc/version.rb +1 -1
data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +4 -1
data/third_party/boringssl/crypto/asn1/a_int.c +33 -28
data/third_party/boringssl/crypto/asn1/a_mbstr.c +24 -22
data/third_party/boringssl/crypto/asn1/a_utf8.c +13 -11
data/third_party/boringssl/crypto/asn1/asn1_locl.h +3 -0
data/third_party/boringssl/crypto/bio/fd.c +1 -0
data/third_party/boringssl/crypto/bio/file.c +2 -0
data/third_party/boringssl/crypto/bn_extra/convert.c +6 -5
data/third_party/boringssl/crypto/bytestring/ber.c +1 -4
data/third_party/boringssl/crypto/bytestring/cbb.c +116 -16
data/third_party/boringssl/crypto/bytestring/cbs.c +150 -20
data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +171 -0
data/third_party/boringssl/crypto/cipher_extra/e_rc2.c +2 -0
data/third_party/boringssl/crypto/cipher_extra/e_tls.c +1 -2
data/third_party/boringssl/crypto/cpu-aarch64-fuchsia.c +55 -0
data/third_party/boringssl/crypto/cpu-aarch64-linux.c +2 -1
data/third_party/boringssl/crypto/dsa/dsa.c +16 -54
data/third_party/boringssl/crypto/fipsmodule/bcm.c +11 -542
data/third_party/boringssl/crypto/fipsmodule/bn/add.c +33 -64
data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +4 -3
data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +122 -70
data/third_party/boringssl/crypto/fipsmodule/bn/bytes.c +32 -71
data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +58 -112
data/third_party/boringssl/crypto/fipsmodule/bn/div.c +198 -122
data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +31 -65
data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +2 -1
data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +98 -15
data/third_party/boringssl/crypto/fipsmodule/bn/jacobi.c +1 -1
data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +124 -81
data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +8 -30
data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +303 -347
data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +2 -3
data/third_party/boringssl/crypto/fipsmodule/bn/random.c +3 -4
data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +199 -222
data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +27 -47
data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +45 -28
data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +1 -1
data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +10 -10
data/third_party/boringssl/crypto/fipsmodule/des/internal.h +2 -0
data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +78 -47
data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +35 -54
data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +3 -10
data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +36 -22
data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +59 -90
data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +29 -48
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +17 -26
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +15 -11
data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +45 -51
data/third_party/boringssl/crypto/fipsmodule/ec/{util-64.c → util.c} +0 -5
data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +144 -264
data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +78 -56
data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +256 -0
data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +36 -32
data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +9 -7
data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +16 -10
data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +255 -102
data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +581 -0
data/third_party/boringssl/crypto/fipsmodule/tls/internal.h +39 -0
data/third_party/boringssl/crypto/fipsmodule/tls/kdf.c +165 -0
data/third_party/boringssl/crypto/internal.h +65 -2
data/third_party/boringssl/crypto/mem.c +0 -2
data/third_party/boringssl/crypto/obj/obj.c +6 -73
data/third_party/boringssl/crypto/thread_pthread.c +35 -5
data/third_party/boringssl/crypto/x509/a_strex.c +11 -11
data/third_party/boringssl/crypto/x509/x_name.c +13 -0
data/third_party/boringssl/include/openssl/aead.h +4 -0
data/third_party/boringssl/include/openssl/asn1.h +1 -3
data/third_party/boringssl/include/openssl/base.h +1 -14
data/third_party/boringssl/include/openssl/bio.h +1 -1
data/third_party/boringssl/include/openssl/bn.h +49 -15
data/third_party/boringssl/include/openssl/bytestring.h +49 -24
data/third_party/boringssl/include/openssl/crypto.h +4 -0
data/third_party/boringssl/include/openssl/ec_key.h +7 -3
data/third_party/boringssl/include/openssl/err.h +9 -9
data/third_party/boringssl/include/openssl/evp.h +1 -1
data/third_party/boringssl/include/openssl/rsa.h +34 -10
data/third_party/boringssl/include/openssl/ssl.h +160 -17
data/third_party/boringssl/include/openssl/stack.h +1 -1
data/third_party/boringssl/include/openssl/tls1.h +10 -2
data/third_party/boringssl/include/openssl/x509.h +3 -0
data/third_party/boringssl/ssl/d1_both.cc +16 -2
data/third_party/boringssl/ssl/dtls_method.cc +1 -1
data/third_party/boringssl/ssl/handoff.cc +285 -0
data/third_party/boringssl/ssl/handshake.cc +26 -12
data/third_party/boringssl/ssl/handshake_client.cc +65 -31
data/third_party/boringssl/ssl/handshake_server.cc +14 -2
data/third_party/boringssl/ssl/internal.h +132 -79
data/third_party/boringssl/ssl/s3_both.cc +2 -2
data/third_party/boringssl/ssl/s3_lib.cc +3 -1
data/third_party/boringssl/ssl/s3_pkt.cc +0 -18
data/third_party/boringssl/ssl/ssl_aead_ctx.cc +1 -4
data/third_party/boringssl/ssl/ssl_asn1.cc +47 -43
data/third_party/boringssl/ssl/ssl_cipher.cc +8 -8
data/third_party/boringssl/ssl/ssl_key_share.cc +3 -1
data/third_party/boringssl/ssl/ssl_lib.cc +83 -14
data/third_party/boringssl/ssl/ssl_privkey.cc +6 -0
data/third_party/boringssl/ssl/ssl_stat.cc +6 -6
data/third_party/boringssl/ssl/ssl_versions.cc +12 -85
data/third_party/boringssl/ssl/ssl_x509.cc +59 -61
data/third_party/boringssl/ssl/t1_enc.cc +73 -124
data/third_party/boringssl/ssl/t1_lib.cc +367 -41
data/third_party/boringssl/ssl/tls13_both.cc +8 -0
data/third_party/boringssl/ssl/tls13_client.cc +98 -184
data/third_party/boringssl/ssl/tls13_enc.cc +88 -158
data/third_party/boringssl/ssl/tls13_server.cc +91 -137
data/third_party/boringssl/ssl/tls_method.cc +0 -17
data/third_party/boringssl/ssl/tls_record.cc +1 -10
data/third_party/boringssl/third_party/fiat/curve25519.c +921 -2753
data/third_party/boringssl/third_party/fiat/curve25519_tables.h +7880 -0
data/third_party/boringssl/third_party/fiat/internal.h +32 -20
data/third_party/boringssl/third_party/fiat/p256.c +1824 -0
metadata +64 -64
data/src/core/lib/channel/channel_trace_registry.cc +0 -80
data/src/core/lib/channel/channel_trace_registry.h +0 -43
data/src/core/lib/gpr/fork.cc +0 -78
data/src/core/lib/gpr/fork.h +0 -35
data/src/core/tsi/transport_security_adapter.cc +0 -235
data/src/core/tsi/transport_security_adapter.h +0 -41
data/src/ruby/bin/apis/google/protobuf/empty.rb +0 -29
data/src/ruby/bin/apis/pubsub_demo.rb +0 -241
data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +0 -159
data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +0 -88
data/src/ruby/pb/test/client.rb +0 -764
data/src/ruby/pb/test/server.rb +0 -252
data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +0 -247
data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +0 -1674

data/src/core/lib/iomgr/timer_manager.cc CHANGED

@@ -172,7 +172,7 @@ static bool wait_until(grpc_millis next) {
         if (grpc_timer_check_trace.enabled()) {
           grpc_millis wait_time = next - grpc_core::ExecCtx::Get()->Now();
-          gpr_log(GPR_INFO, "sleep for a %" PRIdPTR " milliseconds", wait_time);
+          gpr_log(GPR_INFO, "sleep for a %" PRId64 " milliseconds", wait_time);
         }
       } else {  // g_timed_waiter == true && next >= g_timed_waiter_deadline
         next = GRPC_MILLIS_INF_FUTURE;

data/src/core/lib/security/credentials/credentials.h CHANGED

@@ -45,6 +45,7 @@ typedef enum {
 #define GRPC_CHANNEL_CREDENTIALS_TYPE_SSL "Ssl"
 #define GRPC_CHANNEL_CREDENTIALS_TYPE_FAKE_TRANSPORT_SECURITY \
   "FakeTransportSecurity"
+#define GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT "GoogleDefault"
 #define GRPC_CALL_CREDENTIALS_TYPE_OAUTH2 "Oauth2"
 #define GRPC_CALL_CREDENTIALS_TYPE_JWT "Jwt"

data/src/core/lib/security/credentials/google_default/google_default_credentials.cc CHANGED

@@ -26,12 +26,16 @@
 #include <grpc/support/log.h>
 #include <grpc/support/sync.h>
+#include "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h"
+#include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/gpr/env.h"
 #include "src/core/lib/gpr/string.h"
 #include "src/core/lib/http/httpcli.h"
 #include "src/core/lib/http/parser.h"
 #include "src/core/lib/iomgr/load_file.h"
 #include "src/core/lib/iomgr/polling_entity.h"
+#include "src/core/lib/security/credentials/alts/alts_credentials.h"
+#include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
 #include "src/core/lib/security/credentials/google_default/google_default_credentials.h"
 #include "src/core/lib/security/credentials/jwt/jwt_credentials.h"
 #include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"
@@ -45,11 +49,12 @@
 /* -- Default credentials. -- */
-static grpc_channel_credentials* default_credentials = nullptr;
-static int compute_engine_detection_done = 0;
+static grpc_channel_credentials* g_default_credentials = nullptr;
+static int g_compute_engine_detection_done = 0;
 static gpr_mu g_state_mu;
-static gpr_mu* g_polling_mu;
 static gpr_once g_once = GPR_ONCE_INIT;
+static grpc_core::internal::grpc_gce_tenancy_checker g_gce_tenancy_checker =
+    grpc_alts_is_running_on_gcp;
 static void init_default_credentials(void) { gpr_mu_init(&g_state_mu); }
@@ -60,103 +65,54 @@ typedef struct {
   grpc_http_response response;
 } compute_engine_detector;
-static void on_compute_engine_detection_http_response(void* user_data,
-                                                      grpc_error* error) {
-  compute_engine_detector* detector =
-      static_cast<compute_engine_detector*>(user_data);
-  if (error == GRPC_ERROR_NONE && detector->response.status == 200 &&
-      detector->response.hdr_count > 0) {
-    /* Internet providers can return a generic response to all requests, so
-       it is necessary to check that metadata header is present also. */
-    size_t i;
-    for (i = 0; i < detector->response.hdr_count; i++) {
-      grpc_http_header* header = &detector->response.hdrs[i];
-      if (strcmp(header->key, "Metadata-Flavor") == 0 &&
-          strcmp(header->value, "Google") == 0) {
-        detector->success = 1;
-        break;
-      }
-    }
-  }
-  gpr_mu_lock(g_polling_mu);
-  detector->is_done = 1;
-  GRPC_LOG_IF_ERROR(
-      "Pollset kick",
-      grpc_pollset_kick(grpc_polling_entity_pollset(&detector->pollent),
-                        nullptr));
-  gpr_mu_unlock(g_polling_mu);
+static void google_default_credentials_destruct(
+    grpc_channel_credentials* creds) {
+  grpc_google_default_channel_credentials* c =
+      reinterpret_cast<grpc_google_default_channel_credentials*>(creds);
+  grpc_channel_credentials_unref(c->alts_creds);
+  grpc_channel_credentials_unref(c->ssl_creds);
 }
-static void destroy_pollset(void* p, grpc_error* e) {
-  grpc_pollset_destroy(static_cast<grpc_pollset*>(p));
-}
-static int is_stack_running_on_compute_engine() {
-  compute_engine_detector detector;
-  grpc_httpcli_request request;
-  grpc_httpcli_context context;
-  grpc_closure destroy_closure;
-  /* The http call is local. If it takes more than one sec, it is for sure not
-     on compute engine. */
-  grpc_millis max_detection_delay = GPR_MS_PER_SEC;
-  grpc_pollset* pollset =
-      static_cast<grpc_pollset*>(gpr_zalloc(grpc_pollset_size()));
-  grpc_pollset_init(pollset, &g_polling_mu);
-  detector.pollent = grpc_polling_entity_create_from_pollset(pollset);
-  detector.is_done = 0;
-  detector.success = 0;
-  memset(&detector.response, 0, sizeof(detector.response));
-  memset(&request, 0, sizeof(grpc_httpcli_request));
-  request.host = (char*)GRPC_COMPUTE_ENGINE_DETECTION_HOST;
-  request.http.path = (char*)"/";
-  grpc_httpcli_context_init(&context);
-  grpc_resource_quota* resource_quota =
-      grpc_resource_quota_create("google_default_credentials");
-  grpc_httpcli_get(
-      &context, &detector.pollent, resource_quota, &request,
-      grpc_core::ExecCtx::Get()->Now() + max_detection_delay,
-      GRPC_CLOSURE_CREATE(on_compute_engine_detection_http_response, &detector,
-                          grpc_schedule_on_exec_ctx),
-      &detector.response);
-  grpc_resource_quota_unref_internal(resource_quota);
-  grpc_core::ExecCtx::Get()->Flush();
-  /* Block until we get the response. This is not ideal but this should only be
-     called once for the lifetime of the process by the default credentials. */
-  gpr_mu_lock(g_polling_mu);
-  while (!detector.is_done) {
-    grpc_pollset_worker* worker = nullptr;
-    if (!GRPC_LOG_IF_ERROR(
-            "pollset_work",
-            grpc_pollset_work(grpc_polling_entity_pollset(&detector.pollent),
-                              &worker, GRPC_MILLIS_INF_FUTURE))) {
-      detector.is_done = 1;
-      detector.success = 0;
-    }
+static grpc_security_status google_default_create_security_connector(
+    grpc_channel_credentials* creds, grpc_call_credentials* call_creds,
+    const char* target, const grpc_channel_args* args,
+    grpc_channel_security_connector** sc, grpc_channel_args** new_args) {
+  grpc_google_default_channel_credentials* c =
+      reinterpret_cast<grpc_google_default_channel_credentials*>(creds);
+  bool is_grpclb_load_balancer = grpc_channel_arg_get_bool(
+      grpc_channel_args_find(args, GRPC_ARG_ADDRESS_IS_GRPCLB_LOAD_BALANCER),
+      false);
+  bool is_backend_from_grpclb_load_balancer = grpc_channel_arg_get_bool(
+      grpc_channel_args_find(
+          args, GRPC_ARG_ADDRESS_IS_BACKEND_FROM_GRPCLB_LOAD_BALANCER),
+      false);
+  bool use_alts =
+      is_grpclb_load_balancer || is_backend_from_grpclb_load_balancer;
+  grpc_security_status status = GRPC_SECURITY_ERROR;
+  status = use_alts ? c->alts_creds->vtable->create_security_connector(
+                          c->alts_creds, call_creds, target, args, sc, new_args)
+                    : c->ssl_creds->vtable->create_security_connector(
+                          c->ssl_creds, call_creds, target, args, sc, new_args);
+  /* grpclb-specific channel args are removed from the channel args set
+   * to ensure backends and fallback adresses will have the same set of channel
+   * args. By doing that, it guarantees the connections to backends will not be
+   * torn down and re-connected when switching in and out of fallback mode.
+   */
+  if (use_alts) {
+    static const char* args_to_remove[] = {
+        GRPC_ARG_ADDRESS_IS_GRPCLB_LOAD_BALANCER,
+        GRPC_ARG_ADDRESS_IS_BACKEND_FROM_GRPCLB_LOAD_BALANCER,
+    };
+    *new_args = grpc_channel_args_copy_and_add_and_remove(
+        args, args_to_remove, GPR_ARRAY_SIZE(args_to_remove), nullptr, 0);
   }
-  gpr_mu_unlock(g_polling_mu);
-  grpc_httpcli_context_destroy(&context);
-  GRPC_CLOSURE_INIT(&destroy_closure, destroy_pollset,
-                    grpc_polling_entity_pollset(&detector.pollent),
-                    grpc_schedule_on_exec_ctx);
-  grpc_pollset_shutdown(grpc_polling_entity_pollset(&detector.pollent),
-                        &destroy_closure);
-  g_polling_mu = nullptr;
-  grpc_core::ExecCtx::Get()->Flush();
-  gpr_free(grpc_polling_entity_pollset(&detector.pollent));
-  grpc_http_response_destroy(&detector.response);
-  return detector.success;
+  return status;
 }
+static grpc_channel_credentials_vtable google_default_credentials_vtable = {
+    google_default_credentials_destruct,
+    google_default_create_security_connector, nullptr};
 /* Takes ownership of creds_path if not NULL. */
 static grpc_error* create_default_creds_from_path(
     char* creds_path, grpc_call_credentials** creds) {
@@ -234,8 +190,8 @@ grpc_channel_credentials* grpc_google_default_credentials_create(void) {
   gpr_mu_lock(&g_state_mu);
-  if (default_credentials != nullptr) {
-    result = grpc_channel_credentials_ref(default_credentials);
+  if (g_default_credentials != nullptr) {
+    result = grpc_channel_credentials_ref(g_default_credentials);
     goto end;
   }
@@ -253,9 +209,9 @@ grpc_channel_credentials* grpc_google_default_credentials_create(void) {
   /* At last try to see if we're on compute engine (do the detection only once
      since it requires a network test). */
-  if (!compute_engine_detection_done) {
-    int need_compute_engine_creds = is_stack_running_on_compute_engine();
-    compute_engine_detection_done = 1;
+  if (!g_compute_engine_detection_done) {
+    int need_compute_engine_creds = g_gce_tenancy_checker();
+    g_compute_engine_detection_done = 1;
     if (need_compute_engine_creds) {
       call_creds = grpc_google_compute_engine_credentials_create(nullptr);
       if (call_creds == nullptr) {
@@ -269,18 +225,25 @@ grpc_channel_credentials* grpc_google_default_credentials_create(void) {
 end:
   if (result == nullptr) {
     if (call_creds != nullptr) {
-      /* Blend with default ssl credentials and add a global reference so that
-         it
-         can be cached and re-served. */
-      grpc_channel_credentials* ssl_creds =
-          grpc_ssl_credentials_create(nullptr, nullptr, nullptr);
-      default_credentials = grpc_channel_credentials_ref(
-          grpc_composite_channel_credentials_create(ssl_creds, call_creds,
-                                                    nullptr));
-      GPR_ASSERT(default_credentials != nullptr);
-      grpc_channel_credentials_unref(ssl_creds);
+      /* Create google default credentials. */
+      auto creds = static_cast<grpc_google_default_channel_credentials*>(
+          gpr_zalloc(sizeof(grpc_google_default_channel_credentials)));
+      creds->base.vtable = &google_default_credentials_vtable;
+      creds->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT;
+      gpr_ref_init(&creds->base.refcount, 1);
+      creds->ssl_creds = grpc_ssl_credentials_create(nullptr, nullptr, nullptr);
+      GPR_ASSERT(creds->ssl_creds != nullptr);
+      grpc_alts_credentials_options* options =
+          grpc_alts_credentials_client_options_create();
+      creds->alts_creds = grpc_alts_credentials_create(options);
+      grpc_alts_credentials_options_destroy(options);
+      /* Add a global reference so that it can be cached and re-served. */
+      g_default_credentials = grpc_composite_channel_credentials_create(
+          &creds->base, call_creds, nullptr);
+      GPR_ASSERT(g_default_credentials != nullptr);
+      grpc_channel_credentials_unref(&creds->base);
       grpc_call_credentials_unref(call_creds);
-      result = default_credentials;
+      result = grpc_channel_credentials_ref(g_default_credentials);
     } else {
       gpr_log(GPR_ERROR, "Could not create google default credentials.");
     }
@@ -295,15 +258,25 @@ end:
   return result;
 }
+namespace grpc_core {
+namespace internal {
+void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker) {
+  g_gce_tenancy_checker = checker;
+}
+}  // namespace internal
+}  // namespace grpc_core
 void grpc_flush_cached_google_default_credentials(void) {
   grpc_core::ExecCtx exec_ctx;
   gpr_once_init(&g_once, init_default_credentials);
   gpr_mu_lock(&g_state_mu);
-  if (default_credentials != nullptr) {
-    grpc_channel_credentials_unref(default_credentials);
-    default_credentials = nullptr;
+  if (g_default_credentials != nullptr) {
+    grpc_channel_credentials_unref(g_default_credentials);
+    g_default_credentials = nullptr;
   }
-  compute_engine_detection_done = 0;
+  g_compute_engine_detection_done = 0;
   gpr_mu_unlock(&g_state_mu);
 }

data/src/core/lib/security/credentials/google_default/google_default_credentials.h CHANGED

@@ -39,7 +39,23 @@
   "/" GRPC_GOOGLE_WELL_KNOWN_CREDENTIALS_FILE
 #endif
+typedef struct {
+  grpc_channel_credentials base;
+  grpc_channel_credentials* alts_creds;
+  grpc_channel_credentials* ssl_creds;
+} grpc_google_default_channel_credentials;
 void grpc_flush_cached_google_default_credentials(void);
+namespace grpc_core {
+namespace internal {
+typedef bool (*grpc_gce_tenancy_checker)(void);
+void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker);
+}  // namespace internal
+}  // namespace grpc_core
 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_GOOGLE_DEFAULT_GOOGLE_DEFAULT_CREDENTIALS_H \
         */

data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc CHANGED

@@ -219,9 +219,11 @@ static void on_oauth2_token_fetcher_http_response(void* user_data,
   gpr_mu_lock(&c->mu);
   c->token_fetch_pending = false;
   c->access_token_md = GRPC_MDELEM_REF(access_token_md);
-  c->token_expiration = status == GRPC_CREDENTIALS_OK
-                            ? grpc_core::ExecCtx::Get()->Now() + token_lifetime
-                            : 0;
+  c->token_expiration =
+      status == GRPC_CREDENTIALS_OK
+          ? gpr_time_add(gpr_now(GPR_CLOCK_MONOTONIC),
+                         gpr_time_from_millis(token_lifetime, GPR_TIMESPAN))
+          : gpr_inf_past(GPR_CLOCK_MONOTONIC);
   grpc_oauth2_pending_get_request_metadata* pending_request =
       c->pending_requests;
   c->pending_requests = nullptr;
@@ -259,8 +261,10 @@ static bool oauth2_token_fetcher_get_request_metadata(
   grpc_mdelem cached_access_token_md = GRPC_MDNULL;
   gpr_mu_lock(&c->mu);
   if (!GRPC_MDISNULL(c->access_token_md) &&
-      (c->token_expiration - grpc_core::ExecCtx::Get()->Now() >
-       refresh_threshold)) {
+      gpr_time_cmp(
+          gpr_time_sub(c->token_expiration, gpr_now(GPR_CLOCK_MONOTONIC)),
+          gpr_time_from_seconds(GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS,
+                                GPR_TIMESPAN)) > 0) {
     cached_access_token_md = GRPC_MDELEM_REF(c->access_token_md);
   }
   if (!GRPC_MDISNULL(cached_access_token_md)) {
@@ -333,7 +337,7 @@ static void init_oauth2_token_fetcher(grpc_oauth2_token_fetcher_credentials* c,
   c->base.type = GRPC_CALL_CREDENTIALS_TYPE_OAUTH2;
   gpr_ref_init(&c->base.refcount, 1);
   gpr_mu_init(&c->mu);
-  c->token_expiration = 0;
+  c->token_expiration = gpr_inf_past(GPR_CLOCK_MONOTONIC);
   c->fetch_func = fetch_func;
   c->pollent =
       grpc_polling_entity_create_from_pollset_set(grpc_pollset_set_create());

data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h CHANGED

@@ -71,7 +71,7 @@ typedef struct {
   grpc_call_credentials base;
   gpr_mu mu;
   grpc_mdelem access_token_md;
-  grpc_millis token_expiration;
+  gpr_timespec token_expiration;
   bool token_fetch_pending;
   grpc_oauth2_pending_get_request_metadata* pending_requests;
   grpc_httpcli_context httpcli_context;

data/src/core/lib/security/security_connector/alts_security_connector.cc CHANGED

@@ -30,6 +30,7 @@
 #include "src/core/lib/security/credentials/alts/alts_credentials.h"
 #include "src/core/lib/security/transport/security_handshaker.h"
+#include "src/core/lib/slice/slice_internal.h"
 #include "src/core/lib/transport/transport.h"
 #include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
@@ -133,7 +134,7 @@ grpc_security_status grpc_alts_auth_context_from_tsi_peer(
       rpc_versions_prop->value.data, rpc_versions_prop->value.length);
   bool decode_result =
       grpc_gcp_rpc_protocol_versions_decode(slice, &peer_versions);
-  grpc_slice_unref(slice);
+  grpc_slice_unref_internal(slice);
   if (!decode_result) {
     gpr_log(GPR_ERROR, "Invalid peer rpc protocol versions.");
     return GRPC_SECURITY_ERROR;

data/src/core/lib/security/security_connector/security_connector.cc CHANGED

@@ -44,7 +44,6 @@
 #include "src/core/lib/security/transport/target_authority_table.h"
 #include "src/core/tsi/fake_transport_security.h"
 #include "src/core/tsi/ssl_transport_security.h"
-#include "src/core/tsi/transport_security_adapter.h"
 grpc_core::DebugOnlyTraceFlag grpc_trace_security_connector_refcount(
     false, "security_connector_refcount");
@@ -70,8 +69,11 @@ void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb) {
 /* Defines the cipher suites that we accept by default. All these cipher suites
    are compliant with HTTP2. */
-#define GRPC_SSL_CIPHER_SUITES \
-  "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384"
+#define GRPC_SSL_CIPHER_SUITES     \
+  "ECDHE-ECDSA-AES128-GCM-SHA256:" \
+  "ECDHE-ECDSA-AES256-GCM-SHA384:" \
+  "ECDHE-RSA-AES128-GCM-SHA256:"   \
+  "ECDHE-RSA-AES256-GCM-SHA384"
 static gpr_once cipher_suites_once = GPR_ONCE_INIT;
 static const char* cipher_suites = nullptr;
@@ -673,8 +675,7 @@ static void ssl_channel_add_handshakers(grpc_channel_security_connector* sc,
   }
   // Create handshakers.
   grpc_handshake_manager_add(
-      handshake_mgr, grpc_security_handshaker_create(
-                         tsi_create_adapter_handshaker(tsi_hs), &sc->base));
+      handshake_mgr, grpc_security_handshaker_create(tsi_hs, &sc->base));
 }
 static const char** fill_alpn_protocol_strings(size_t* num_alpn_protocols) {
@@ -782,8 +783,7 @@ static void ssl_server_add_handshakers(grpc_server_security_connector* sc,
   }
   // Create handshakers.
   grpc_handshake_manager_add(
-      handshake_mgr, grpc_security_handshaker_create(
-                         tsi_create_adapter_handshaker(tsi_hs), &sc->base));
+      handshake_mgr, grpc_security_handshaker_create(tsi_hs, &sc->base));
 }
 int grpc_ssl_host_matches_name(const tsi_peer* peer, const char* peer_name) {

data/src/core/lib/security/transport/security_handshaker.cc CHANGED

@@ -380,6 +380,7 @@ static void security_handshaker_shutdown(grpc_handshaker* handshaker,
   gpr_mu_lock(&h->mu);
   if (!h->shutdown) {
     h->shutdown = true;
+    tsi_handshaker_shutdown(h->handshaker);
     grpc_endpoint_shutdown(h->args->endpoint, GRPC_ERROR_REF(why));
     cleanup_args_for_failure_locked(h);
   }

data/src/core/lib/security/util/json_util.cc CHANGED

@@ -29,6 +29,10 @@ const char* grpc_json_get_string_property(const grpc_json* json,
                                           const char* prop_name) {
   grpc_json* child;
   for (child = json->child; child != nullptr; child = child->next) {
+    if (child->key == nullptr) {
+      gpr_log(GPR_ERROR, "Invalid (null) JSON key encountered");
+      return nullptr;
+    }
     if (strcmp(child->key, prop_name) == 0) break;
   }
   if (child == nullptr || child->type != GRPC_JSON_STRING) {

data/src/core/lib/slice/slice_buffer.cc CHANGED

@@ -333,14 +333,26 @@ void grpc_slice_buffer_trim_end(grpc_slice_buffer* sb, size_t n,
     size_t slice_len = GRPC_SLICE_LENGTH(slice);
     if (slice_len > n) {
       sb->slices[idx] = grpc_slice_split_head(&slice, slice_len - n);
-      grpc_slice_buffer_add_indexed(garbage, slice);
+      if (garbage) {
+        grpc_slice_buffer_add_indexed(garbage, slice);
+      } else {
+        grpc_slice_unref_internal(slice);
+      }
       return;
     } else if (slice_len == n) {
-      grpc_slice_buffer_add_indexed(garbage, slice);
+      if (garbage) {
+        grpc_slice_buffer_add_indexed(garbage, slice);
+      } else {
+        grpc_slice_unref_internal(slice);
+      }
       sb->count = idx;
       return;
     } else {
-      grpc_slice_buffer_add_indexed(garbage, slice);
+      if (garbage) {
+        grpc_slice_buffer_add_indexed(garbage, slice);
+      } else {
+        grpc_slice_unref_internal(slice);
+      }
       n -= slice_len;
       sb->count = idx;
     }