RubyGems - grpc - Versions diffs - 1.24.0 → 1.25.0 - Mend

grpc 1.24.0 → 1.25.0

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (505) hide show

checksums.yaml +4 -4
data/Makefile +306 -243
data/etc/roots.pem +0 -100
data/include/grpc/grpc_security.h +44 -18
data/include/grpc/impl/codegen/grpc_types.h +15 -0
data/include/grpc/impl/codegen/port_platform.h +27 -11
data/include/grpc/impl/codegen/sync_generic.h +1 -1
data/src/boringssl/err_data.c +695 -650
data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
data/src/core/ext/filters/client_channel/client_channel.h +24 -0
data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
data/src/core/ext/filters/client_channel/resolver.cc +1 -2
data/src/core/ext/filters/client_channel/resolver.h +8 -16
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
data/src/core/ext/filters/client_channel/service_config.h +8 -8
data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
data/src/core/ext/filters/client_channel/subchannel.h +7 -9
data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
data/src/core/lib/channel/channel_args.cc +16 -0
data/src/core/lib/channel/channel_args.h +22 -0
data/src/core/lib/channel/channelz.cc +5 -6
data/src/core/lib/channel/channelz.h +1 -1
data/src/core/lib/channel/connected_channel.cc +20 -20
data/src/core/lib/channel/handshaker.h +3 -4
data/src/core/lib/channel/handshaker_factory.h +1 -3
data/src/core/lib/debug/trace.h +3 -2
data/src/core/lib/gprpp/arena.cc +3 -3
data/src/core/lib/gprpp/arena.h +2 -3
data/src/core/lib/gprpp/inlined_vector.h +9 -0
data/src/core/lib/gprpp/map.h +3 -501
data/src/core/lib/gprpp/memory.h +45 -41
data/src/core/lib/gprpp/mpscq.cc +108 -0
data/src/core/lib/gprpp/mpscq.h +98 -0
data/src/core/lib/gprpp/orphanable.h +6 -11
data/src/core/lib/gprpp/ref_counted.h +25 -19
data/src/core/lib/gprpp/set.h +33 -0
data/src/core/lib/gprpp/thd.h +2 -4
data/src/core/lib/http/httpcli.cc +1 -1
data/src/core/lib/http/httpcli_security_connector.cc +15 -11
data/src/core/lib/http/parser.cc +1 -1
data/src/core/lib/iomgr/buffer_list.cc +4 -5
data/src/core/lib/iomgr/buffer_list.h +5 -6
data/src/core/lib/iomgr/call_combiner.cc +4 -5
data/src/core/lib/iomgr/call_combiner.h +2 -2
data/src/core/lib/iomgr/cfstream_handle.h +3 -5
data/src/core/lib/iomgr/closure.h +8 -3
data/src/core/lib/iomgr/combiner.cc +45 -82
data/src/core/lib/iomgr/combiner.h +32 -8
data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
data/src/core/lib/iomgr/exec_ctx.h +4 -3
data/src/core/lib/iomgr/executor.cc +4 -2
data/src/core/lib/iomgr/executor.h +3 -0
data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
data/src/core/lib/iomgr/executor/threadpool.h +7 -11
data/src/core/lib/iomgr/resource_quota.cc +55 -51
data/src/core/lib/iomgr/resource_quota.h +13 -9
data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
data/src/core/lib/iomgr/tcp_custom.cc +9 -7
data/src/core/lib/iomgr/tcp_posix.cc +20 -16
data/src/core/lib/iomgr/tcp_server.h +1 -4
data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
data/src/core/lib/iomgr/timer_custom.cc +2 -2
data/src/core/lib/iomgr/udp_server.cc +3 -2
data/src/core/lib/iomgr/udp_server.h +6 -12
data/src/core/lib/json/json.h +1 -1
data/src/core/lib/json/json_string.cc +2 -2
data/src/core/lib/profiling/basic_timers.cc +2 -2
data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
data/src/core/lib/security/credentials/credentials.h +4 -20
data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
data/src/core/lib/security/security_connector/security_connector.cc +1 -0
data/src/core/lib/security/security_connector/security_connector.h +19 -17
data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
data/src/core/lib/security/transport/security_handshaker.cc +29 -13
data/src/core/lib/security/transport/security_handshaker.h +4 -2
data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
data/src/core/lib/slice/slice.cc +2 -10
data/src/core/lib/slice/slice_hash_table.h +4 -6
data/src/core/lib/slice/slice_intern.cc +42 -39
data/src/core/lib/slice/slice_internal.h +3 -3
data/src/core/lib/slice/slice_utils.h +21 -4
data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
data/src/core/lib/surface/call.cc +3 -3
data/src/core/lib/surface/channel.cc +7 -0
data/src/core/lib/surface/completion_queue.cc +12 -11
data/src/core/lib/surface/completion_queue.h +4 -2
data/src/core/lib/surface/init.cc +1 -0
data/src/core/lib/surface/lame_client.cc +33 -18
data/src/core/lib/surface/server.cc +77 -76
data/src/core/lib/surface/version.cc +1 -1
data/src/core/lib/transport/byte_stream.h +3 -7
data/src/core/lib/transport/connectivity_state.cc +112 -98
data/src/core/lib/transport/connectivity_state.h +100 -50
data/src/core/lib/transport/static_metadata.cc +276 -288
data/src/core/lib/transport/static_metadata.h +73 -76
data/src/core/lib/transport/status_conversion.cc +1 -1
data/src/core/lib/transport/status_metadata.cc +1 -1
data/src/core/lib/transport/transport.cc +2 -2
data/src/core/lib/transport/transport.h +12 -4
data/src/core/lib/transport/transport_op_string.cc +14 -11
data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
data/src/core/tsi/fake_transport_security.cc +7 -5
data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
data/src/core/tsi/local_transport_security.cc +8 -6
data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
data/src/core/tsi/ssl_transport_security.cc +12 -12
data/src/core/tsi/ssl_transport_security.h +2 -2
data/src/core/tsi/transport_security_grpc.cc +7 -0
data/src/core/tsi/transport_security_grpc.h +6 -0
data/src/ruby/ext/grpc/extconf.rb +1 -0
data/src/ruby/ext/grpc/rb_call.c +1 -1
data/src/ruby/ext/grpc/rb_channel.c +1 -1
data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
data/src/ruby/lib/grpc/version.rb +1 -1
data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
data/third_party/boringssl/crypto/base64/base64.c +2 -2
data/third_party/boringssl/crypto/bio/bio.c +73 -9
data/third_party/boringssl/crypto/bio/connect.c +4 -0
data/third_party/boringssl/crypto/bio/fd.c +4 -0
data/third_party/boringssl/crypto/bio/file.c +5 -2
data/third_party/boringssl/crypto/bio/socket.c +4 -0
data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
data/third_party/boringssl/crypto/chacha/internal.h +45 -0
data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
data/third_party/boringssl/crypto/conf/conf.c +7 -0
data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
data/third_party/boringssl/crypto/cpu-intel.c +45 -51
data/third_party/boringssl/crypto/crypto.c +39 -22
data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
data/third_party/boringssl/crypto/engine/engine.c +2 -1
data/third_party/boringssl/crypto/err/err.c +2 -0
data/third_party/boringssl/crypto/err/internal.h +2 -2
data/third_party/boringssl/crypto/evp/evp.c +89 -8
data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
data/third_party/boringssl/crypto/evp/internal.h +18 -1
data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
data/third_party/boringssl/crypto/hrss/internal.h +62 -0
data/third_party/boringssl/crypto/internal.h +95 -20
data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
data/third_party/boringssl/crypto/mem.c +39 -2
data/third_party/boringssl/crypto/obj/obj.c +4 -4
data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
data/third_party/boringssl/crypto/pool/internal.h +1 -1
data/third_party/boringssl/crypto/pool/pool.c +21 -0
data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
data/third_party/boringssl/crypto/refcount_lock.c +2 -2
data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
data/third_party/boringssl/crypto/stack/stack.c +83 -32
data/third_party/boringssl/crypto/thread_none.c +2 -2
data/third_party/boringssl/crypto/thread_pthread.c +2 -2
data/third_party/boringssl/crypto/thread_win.c +38 -19
data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
data/third_party/boringssl/crypto/x509/by_file.c +12 -10
data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
data/third_party/boringssl/crypto/x509/t_req.c +1 -3
data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
data/third_party/boringssl/crypto/x509/x509name.c +2 -3
data/third_party/boringssl/crypto/x509/x_all.c +109 -210
data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
data/third_party/boringssl/include/openssl/aead.h +45 -19
data/third_party/boringssl/include/openssl/aes.h +32 -7
data/third_party/boringssl/include/openssl/asn1.h +7 -77
data/third_party/boringssl/include/openssl/base.h +120 -6
data/third_party/boringssl/include/openssl/base64.h +4 -1
data/third_party/boringssl/include/openssl/bio.h +112 -81
data/third_party/boringssl/include/openssl/blowfish.h +3 -3
data/third_party/boringssl/include/openssl/bn.h +55 -29
data/third_party/boringssl/include/openssl/buf.h +2 -2
data/third_party/boringssl/include/openssl/bytestring.h +54 -32
data/third_party/boringssl/include/openssl/cast.h +2 -2
data/third_party/boringssl/include/openssl/cipher.h +46 -16
data/third_party/boringssl/include/openssl/cmac.h +6 -2
data/third_party/boringssl/include/openssl/conf.h +3 -6
data/third_party/boringssl/include/openssl/cpu.h +25 -9
data/third_party/boringssl/include/openssl/crypto.h +32 -10
data/third_party/boringssl/include/openssl/curve25519.h +4 -4
data/third_party/boringssl/include/openssl/dh.h +3 -2
data/third_party/boringssl/include/openssl/digest.h +21 -7
data/third_party/boringssl/include/openssl/dsa.h +8 -2
data/third_party/boringssl/include/openssl/e_os2.h +18 -0
data/third_party/boringssl/include/openssl/ec.h +25 -21
data/third_party/boringssl/include/openssl/ec_key.h +36 -8
data/third_party/boringssl/include/openssl/ecdh.h +17 -0
data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
data/third_party/boringssl/include/openssl/engine.h +4 -4
data/third_party/boringssl/include/openssl/err.h +3 -0
data/third_party/boringssl/include/openssl/evp.h +199 -42
data/third_party/boringssl/include/openssl/hmac.h +4 -4
data/third_party/boringssl/include/openssl/hrss.h +100 -0
data/third_party/boringssl/include/openssl/lhash.h +131 -23
data/third_party/boringssl/include/openssl/md4.h +6 -4
data/third_party/boringssl/include/openssl/md5.h +6 -4
data/third_party/boringssl/include/openssl/mem.h +6 -2
data/third_party/boringssl/include/openssl/nid.h +3 -0
data/third_party/boringssl/include/openssl/obj.h +3 -0
data/third_party/boringssl/include/openssl/pem.h +102 -64
data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
data/third_party/boringssl/include/openssl/pool.h +13 -2
data/third_party/boringssl/include/openssl/ripemd.h +5 -4
data/third_party/boringssl/include/openssl/rsa.h +46 -15
data/third_party/boringssl/include/openssl/sha.h +40 -28
data/third_party/boringssl/include/openssl/siphash.h +37 -0
data/third_party/boringssl/include/openssl/span.h +17 -9
data/third_party/boringssl/include/openssl/ssl.h +766 -393
data/third_party/boringssl/include/openssl/ssl3.h +4 -3
data/third_party/boringssl/include/openssl/stack.h +134 -77
data/third_party/boringssl/include/openssl/thread.h +1 -1
data/third_party/boringssl/include/openssl/tls1.h +25 -9
data/third_party/boringssl/include/openssl/type_check.h +14 -15
data/third_party/boringssl/include/openssl/x509.h +28 -3
data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
data/third_party/boringssl/include/openssl/x509v3.h +17 -13
data/third_party/boringssl/ssl/d1_both.cc +9 -18
data/third_party/boringssl/ssl/d1_lib.cc +4 -3
data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
data/third_party/boringssl/ssl/dtls_method.cc +0 -1
data/third_party/boringssl/ssl/dtls_record.cc +28 -28
data/third_party/boringssl/ssl/handoff.cc +295 -91
data/third_party/boringssl/ssl/handshake.cc +133 -72
data/third_party/boringssl/ssl/handshake_client.cc +218 -189
data/third_party/boringssl/ssl/handshake_server.cc +399 -272
data/third_party/boringssl/ssl/internal.h +1413 -928
data/third_party/boringssl/ssl/s3_both.cc +175 -36
data/third_party/boringssl/ssl/s3_lib.cc +9 -13
data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
data/third_party/boringssl/ssl/ssl_file.cc +2 -0
data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
data/third_party/boringssl/ssl/ssl_session.cc +230 -178
data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
data/third_party/boringssl/ssl/t1_enc.cc +5 -96
data/third_party/boringssl/ssl/t1_lib.cc +931 -678
data/third_party/boringssl/ssl/tls13_both.cc +251 -121
data/third_party/boringssl/ssl/tls13_client.cc +129 -73
data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
data/third_party/boringssl/ssl/tls13_server.cc +259 -192
data/third_party/boringssl/ssl/tls_method.cc +26 -21
data/third_party/boringssl/ssl/tls_record.cc +42 -47
data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
data/third_party/boringssl/third_party/fiat/p256.c +238 -999
data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
data/third_party/upb/upb/port_def.inc +1 -1
data/third_party/upb/upb/table.c +2 -1
metadata +72 -44
data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
data/src/core/lib/gpr/mpscq.cc +0 -117
data/src/core/lib/gpr/mpscq.h +0 -88
data/src/core/lib/gprpp/abstract.h +0 -47
data/src/core/lib/gprpp/pair.h +0 -38
data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
data/third_party/boringssl/ssl/custom_extensions.cc +0 -265

data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc CHANGED

@@ -31,7 +31,7 @@ static grpc_alts_credentials_options* alts_server_options_copy(
     const grpc_alts_credentials_options* options);
 static void alts_server_options_destroy(
-    grpc_alts_credentials_options* options) {}
+    grpc_alts_credentials_options* /*options*/) {}
 static const grpc_alts_credentials_options_vtable vtable = {
     alts_server_options_copy, alts_server_options_destroy};

data/src/core/lib/security/credentials/credentials.h CHANGED

@@ -110,17 +110,7 @@ struct grpc_channel_credentials
   create_security_connector(
       grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
       const char* target, const grpc_channel_args* args,
-      grpc_channel_args** new_args)
-#if GRPC_USE_CPP_STD_LIB
-      = 0;
-#else
-  {
-    // Tell clang-tidy that call_creds cannot be passed as const-ref.
-    call_creds.reset();
-    gpr_log(GPR_ERROR, "Function marked GRPC_ABSTRACT was not implemented");
-    GPR_ASSERT(false);
-  }
-#endif
+      grpc_channel_args** new_args) = 0;
   // Creates a version of the channel credentials without any attached call
   // credentials. This can be used in order to open a channel to a non-trusted
@@ -156,8 +146,6 @@ struct grpc_channel_credentials
   const char* type() const { return type_; }
-  GRPC_ABSTRACT_BASE_CLASS
  private:
   const char* type_;
   grpc_core::Map<grpc_core::UniquePtr<char>,
@@ -248,18 +236,16 @@ struct grpc_call_credentials
                                     grpc_auth_metadata_context context,
                                     grpc_credentials_mdelem_array* md_array,
                                     grpc_closure* on_request_metadata,
-                                    grpc_error** error) GRPC_ABSTRACT;
+                                    grpc_error** error) = 0;
   // Cancels a pending asynchronous operation started by
   // grpc_call_credentials_get_request_metadata() with the corresponding
   // value of \a md_array.
   virtual void cancel_get_request_metadata(
-      grpc_credentials_mdelem_array* md_array, grpc_error* error) GRPC_ABSTRACT;
+      grpc_credentials_mdelem_array* md_array, grpc_error* error) = 0;
   const char* type() const { return type_; }
-  GRPC_ABSTRACT_BASE_CLASS
  private:
   const char* type_;
 };
@@ -282,7 +268,7 @@ struct grpc_server_credentials
   virtual ~grpc_server_credentials() { DestroyProcessor(); }
   virtual grpc_core::RefCountedPtr<grpc_server_security_connector>
-  create_security_connector() GRPC_ABSTRACT;
+  create_security_connector() = 0;
   const char* type() const { return type_; }
@@ -292,8 +278,6 @@ struct grpc_server_credentials
   void set_auth_metadata_processor(
       const grpc_auth_metadata_processor& processor);
-  GRPC_ABSTRACT_BASE_CLASS
  private:
   void DestroyProcessor() {
     if (processor_.destroy != nullptr && processor_.state != nullptr) {

data/src/core/lib/security/credentials/fake/fake_credentials.cc CHANGED

@@ -45,7 +45,7 @@ class grpc_fake_channel_credentials final : public grpc_channel_credentials {
   create_security_connector(
       grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
       const char* target, const grpc_channel_args* args,
-      grpc_channel_args** new_args) override {
+      grpc_channel_args** /*new_args*/) override {
     return grpc_fake_channel_security_connector_create(
         this->Ref(), std::move(call_creds), target, args);
   }
@@ -89,9 +89,9 @@ const char* grpc_fake_transport_get_expected_targets(
 /* -- Metadata-only test credentials. -- */
 bool grpc_md_only_test_credentials::get_request_metadata(
-    grpc_polling_entity* pollent, grpc_auth_metadata_context context,
+    grpc_polling_entity* /*pollent*/, grpc_auth_metadata_context /*context*/,
     grpc_credentials_mdelem_array* md_array, grpc_closure* on_request_metadata,
-    grpc_error** error) {
+    grpc_error** /*error*/) {
   grpc_credentials_mdelem_array_add(md_array, md_);
   if (is_async_) {
     GRPC_CLOSURE_SCHED(on_request_metadata, GRPC_ERROR_NONE);
@@ -101,7 +101,7 @@ bool grpc_md_only_test_credentials::get_request_metadata(
 }
 void grpc_md_only_test_credentials::cancel_get_request_metadata(
-    grpc_credentials_mdelem_array* md_array, grpc_error* error) {
+    grpc_credentials_mdelem_array* /*md_array*/, grpc_error* error) {
   GRPC_ERROR_UNREF(error);
 }

data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h CHANGED

@@ -85,13 +85,11 @@ class grpc_oauth2_token_fetcher_credentials : public grpc_call_credentials {
   void on_http_response(grpc_credentials_metadata_request* r,
                         grpc_error* error);
-  GRPC_ABSTRACT_BASE_CLASS
  protected:
   virtual void fetch_oauth2(grpc_credentials_metadata_request* req,
                             grpc_httpcli_context* httpcli_context,
                             grpc_polling_entity* pollent, grpc_iomgr_cb_func cb,
-                            grpc_millis deadline) GRPC_ABSTRACT;
+                            grpc_millis deadline) = 0;
  private:
   gpr_mu mu_;

data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h CHANGED

@@ -42,6 +42,12 @@ struct grpc_tls_key_materials_config
   int version() const { return version_; }
   /** Setters for member fields. **/
+  void set_pem_root_certs(grpc_core::UniquePtr<char> pem_root_certs) {
+    pem_root_certs_ = std::move(pem_root_certs);
+  }
+  void add_pem_key_cert_pair(grpc_core::PemKeyCertPair pem_key_cert_pair) {
+    pem_key_cert_pair_list_.push_back(pem_key_cert_pair);
+  }
   void set_key_materials(grpc_core::UniquePtr<char> pem_root_certs,
                          PemKeyCertPairList pem_key_cert_pair_list);
   void set_version(int version) { version_ = version; }
@@ -65,18 +71,46 @@ struct grpc_tls_credential_reload_config
       void (*destruct)(void* config_user_data));
   ~grpc_tls_credential_reload_config();
+  void* context() const { return context_; }
+  void set_context(void* context) { context_ = context; }
   int Schedule(grpc_tls_credential_reload_arg* arg) const {
+    if (schedule_ == nullptr) {
+      gpr_log(GPR_ERROR, "schedule API is nullptr");
+      if (arg != nullptr) {
+        arg->status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL;
+        arg->error_details =
+            gpr_strdup("schedule API in credential reload config is nullptr");
+      }
+      return 1;
+    }
+    if (arg != nullptr) {
+      arg->config = const_cast<grpc_tls_credential_reload_config*>(this);
+    }
     return schedule_(config_user_data_, arg);
   }
   void Cancel(grpc_tls_credential_reload_arg* arg) const {
     if (cancel_ == nullptr) {
       gpr_log(GPR_ERROR, "cancel API is nullptr.");
+      if (arg != nullptr) {
+        arg->status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL;
+        arg->error_details =
+            gpr_strdup("cancel API in credential reload config is nullptr");
+      }
       return;
     }
+    if (arg != nullptr) {
+      arg->config = const_cast<grpc_tls_credential_reload_config*>(this);
+    }
     cancel_(config_user_data_, arg);
   }
  private:
+  /** This is a pointer to the wrapped language implementation of
+   * grpc_tls_credential_reload_config. It is necessary to implement the C
+   * schedule and cancel functions, given the schedule or cancel function in a
+   * wrapped language. **/
+  void* context_ = nullptr;
   /** config-specific, read-only user data that works for all channels created
      with a credential using the config. */
   void* config_user_data_;
@@ -113,18 +147,48 @@ struct grpc_tls_server_authorization_check_config
       void (*destruct)(void* config_user_data));
   ~grpc_tls_server_authorization_check_config();
+  void* context() const { return context_; }
+  void set_context(void* context) { context_ = context; }
   int Schedule(grpc_tls_server_authorization_check_arg* arg) const {
+    if (schedule_ == nullptr) {
+      gpr_log(GPR_ERROR, "schedule API is nullptr");
+      if (arg != nullptr) {
+        arg->status = GRPC_STATUS_NOT_FOUND;
+        arg->error_details = gpr_strdup(
+            "schedule API in server authorization check config is nullptr");
+      }
+      return 1;
+    }
+    if (arg != nullptr && context_ != nullptr) {
+      arg->config =
+          const_cast<grpc_tls_server_authorization_check_config*>(this);
+    }
     return schedule_(config_user_data_, arg);
   }
   void Cancel(grpc_tls_server_authorization_check_arg* arg) const {
     if (cancel_ == nullptr) {
       gpr_log(GPR_ERROR, "cancel API is nullptr.");
+      if (arg != nullptr) {
+        arg->status = GRPC_STATUS_NOT_FOUND;
+        arg->error_details = gpr_strdup(
+            "schedule API in server authorization check config is nullptr");
+      }
       return;
     }
+    if (arg != nullptr) {
+      arg->config =
+          const_cast<grpc_tls_server_authorization_check_config*>(this);
+    }
     cancel_(config_user_data_, arg);
   }
  private:
+  /** This is a pointer to the wrapped language implementation of
+   * grpc_tls_server_authorization_check_config. It is necessary to implement
+   * the C schedule and cancel functions, given the schedule or cancel function
+   * in a wrapped language. **/
+  void* context_ = nullptr;
   /** config-specific, read-only user data that works for all channels created
      with a Credential using the config. */
   void* config_user_data_;

data/src/core/lib/security/security_connector/alts/alts_security_connector.cc CHANGED

@@ -81,7 +81,7 @@ class grpc_alts_channel_security_connector final
   ~grpc_alts_channel_security_connector() override { gpr_free(target_name_); }
   void add_handshakers(
-      grpc_pollset_set* interested_parties,
+      const grpc_channel_args* args, grpc_pollset_set* interested_parties,
       grpc_core::HandshakeManager* handshake_manager) override {
     tsi_handshaker* handshaker = nullptr;
     const grpc_alts_credentials* creds =
@@ -91,7 +91,7 @@ class grpc_alts_channel_security_connector final
                                           interested_parties,
                                           &handshaker) == TSI_OK);
     handshake_manager->Add(
-        grpc_core::SecurityHandshakerCreate(handshaker, this));
+        grpc_core::SecurityHandshakerCreate(handshaker, this, args));
   }
   void check_peer(tsi_peer peer, grpc_endpoint* ep,
@@ -142,7 +142,7 @@ class grpc_alts_server_security_connector final
   ~grpc_alts_server_security_connector() override = default;
   void add_handshakers(
-      grpc_pollset_set* interested_parties,
+      const grpc_channel_args* args, grpc_pollset_set* interested_parties,
       grpc_core::HandshakeManager* handshake_manager) override {
     tsi_handshaker* handshaker = nullptr;
     const grpc_alts_server_credentials* creds =
@@ -151,7 +151,7 @@ class grpc_alts_server_security_connector final
                    creds->options(), nullptr, creds->handshaker_service_url(),
                    false, interested_parties, &handshaker) == TSI_OK);
     handshake_manager->Add(
-        grpc_core::SecurityHandshakerCreate(handshaker, this));
+        grpc_core::SecurityHandshakerCreate(handshaker, this, args));
   }
   void check_peer(tsi_peer peer, grpc_endpoint* ep,

data/src/core/lib/security/security_connector/fake/fake_security_connector.cc CHANGED

@@ -27,7 +27,7 @@
 #include <grpc/support/string_util.h>
 #include "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h"
-#include "src/core/ext/filters/client_channel/lb_policy/xds/xds.h"
+#include "src/core/ext/filters/client_channel/xds/xds_channel_args.h"
 #include "src/core/ext/transport/chttp2/alpn/alpn.h"
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/channel/handshaker.h"
@@ -56,8 +56,8 @@ class grpc_fake_channel_security_connector final
         expected_targets_(
             gpr_strdup(grpc_fake_transport_get_expected_targets(args))),
         is_lb_channel_(
-            grpc_channel_args_find(
-                args, GRPC_ARG_ADDRESS_IS_XDS_LOAD_BALANCER) != nullptr ||
+            grpc_channel_args_find(args, GRPC_ARG_ADDRESS_IS_XDS_SERVER) !=
+                nullptr ||
             grpc_channel_args_find(
                 args, GRPC_ARG_ADDRESS_IS_GRPCLB_LOAD_BALANCER) != nullptr) {
     const grpc_arg* target_name_override_arg =
@@ -96,10 +96,11 @@ class grpc_fake_channel_security_connector final
     return GPR_ICMP(is_lb_channel_, other->is_lb_channel_);
   }
-  void add_handshakers(grpc_pollset_set* interested_parties,
+  void add_handshakers(const grpc_channel_args* args,
+                       grpc_pollset_set* interested_parties,
                        grpc_core::HandshakeManager* handshake_mgr) override {
     handshake_mgr->Add(grpc_core::SecurityHandshakerCreate(
-        tsi_create_fake_handshaker(/*is_client=*/true), this));
+        tsi_create_fake_handshaker(/*is_client=*/true), this, args));
   }
   bool check_call_host(grpc_core::StringView host,
@@ -271,10 +272,11 @@ class grpc_fake_server_security_connector
     fake_check_peer(this, peer, auth_context, on_peer_checked);
   }
-  void add_handshakers(grpc_pollset_set* interested_parties,
+  void add_handshakers(const grpc_channel_args* args,
+                       grpc_pollset_set* interested_parties,
                        grpc_core::HandshakeManager* handshake_mgr) override {
     handshake_mgr->Add(grpc_core::SecurityHandshakerCreate(
-        tsi_create_fake_handshaker(/*=is_client*/ false), this));
+        tsi_create_fake_handshaker(/*=is_client*/ false), this, args));
   }
   int cmp(const grpc_security_connector* other) const override {

data/src/core/lib/security/security_connector/load_system_roots_linux.cc CHANGED

@@ -66,6 +66,8 @@ grpc_slice GetSystemRootCerts() {
         grpc_load_file(kLinuxCertFiles[i], 1, &valid_bundle_slice);
     if (error == GRPC_ERROR_NONE) {
       return valid_bundle_slice;
+    } else {
+      GRPC_ERROR_UNREF(error);
     }
   }
   return grpc_empty_slice();

data/src/core/lib/security/security_connector/local/local_security_connector.cc CHANGED

@@ -129,13 +129,13 @@ class grpc_local_channel_security_connector final
   ~grpc_local_channel_security_connector() override { gpr_free(target_name_); }
   void add_handshakers(
-      grpc_pollset_set* interested_parties,
+      const grpc_channel_args* args, grpc_pollset_set* interested_parties,
       grpc_core::HandshakeManager* handshake_manager) override {
     tsi_handshaker* handshaker = nullptr;
     GPR_ASSERT(local_tsi_handshaker_create(true /* is_client */, &handshaker) ==
                TSI_OK);
     handshake_manager->Add(
-        grpc_core::SecurityHandshakerCreate(handshaker, this));
+        grpc_core::SecurityHandshakerCreate(handshaker, this, args));
   }
   int cmp(const grpc_security_connector* other_sc) const override {
@@ -187,13 +187,13 @@ class grpc_local_server_security_connector final
   ~grpc_local_server_security_connector() override = default;
   void add_handshakers(
-      grpc_pollset_set* interested_parties,
+      const grpc_channel_args* args, grpc_pollset_set* interested_parties,
       grpc_core::HandshakeManager* handshake_manager) override {
     tsi_handshaker* handshaker = nullptr;
     GPR_ASSERT(local_tsi_handshaker_create(false /* is_client */,
                                            &handshaker) == TSI_OK);
     handshake_manager->Add(
-        grpc_core::SecurityHandshakerCreate(handshaker, this));
+        grpc_core::SecurityHandshakerCreate(handshaker, this, args));
   }
   void check_peer(tsi_peer peer, grpc_endpoint* ep,

data/src/core/lib/security/security_connector/security_connector.cc CHANGED

@@ -53,6 +53,7 @@ grpc_channel_security_connector::grpc_channel_security_connector(
     : grpc_security_connector(url_scheme),
       channel_creds_(std::move(channel_creds)),
       request_metadata_creds_(std::move(request_metadata_creds)) {}
 grpc_channel_security_connector::~grpc_channel_security_connector() {}
 int grpc_security_connector_cmp(const grpc_security_connector* sc,

data/src/core/lib/security/security_connector/security_connector.h CHANGED

@@ -58,15 +58,13 @@ class grpc_security_connector
   virtual void check_peer(
       tsi_peer peer, grpc_endpoint* ep,
       grpc_core::RefCountedPtr<grpc_auth_context>* auth_context,
-      grpc_closure* on_peer_checked) GRPC_ABSTRACT;
+      grpc_closure* on_peer_checked) = 0;
   /* Compares two security connectors. */
-  virtual int cmp(const grpc_security_connector* other) const GRPC_ABSTRACT;
+  virtual int cmp(const grpc_security_connector* other) const = 0;
   const char* url_scheme() const { return url_scheme_; }
-  GRPC_ABSTRACT_BASE_CLASS
  private:
   const char* url_scheme_;
 };
@@ -91,7 +89,9 @@ class grpc_channel_security_connector : public grpc_security_connector {
   grpc_channel_security_connector(
       const char* url_scheme,
       grpc_core::RefCountedPtr<grpc_channel_credentials> channel_creds,
-      grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds);
+      grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds
+      /*,
+      grpc_channel_args* channel_args = nullptr*/);
   ~grpc_channel_security_connector() override;
   /// Checks that the host that will be set for a call is acceptable.
@@ -101,16 +101,16 @@ class grpc_channel_security_connector : public grpc_security_connector {
   virtual bool check_call_host(grpc_core::StringView host,
                                grpc_auth_context* auth_context,
                                grpc_closure* on_call_host_checked,
-                               grpc_error** error) GRPC_ABSTRACT;
+                               grpc_error** error) = 0;
   /// Cancels a pending asynchronous call to
   /// grpc_channel_security_connector_check_call_host() with
   /// \a on_call_host_checked as its callback.
   virtual void cancel_check_call_host(grpc_closure* on_call_host_checked,
-                                      grpc_error* error) GRPC_ABSTRACT;
+                                      grpc_error* error) = 0;
   /// Registers handshakers with \a handshake_mgr.
-  virtual void add_handshakers(grpc_pollset_set* interested_parties,
-                               grpc_core::HandshakeManager* handshake_mgr)
-      GRPC_ABSTRACT;
+  virtual void add_handshakers(const grpc_channel_args* args,
+                               grpc_pollset_set* interested_parties,
+                               grpc_core::HandshakeManager* handshake_mgr) = 0;
   const grpc_channel_credentials* channel_creds() const {
     return channel_creds_.get();
@@ -125,16 +125,20 @@ class grpc_channel_security_connector : public grpc_security_connector {
     return request_metadata_creds_.get();
   }
-  GRPC_ABSTRACT_BASE_CLASS
  protected:
   // Helper methods to be used in subclasses.
   int channel_security_connector_cmp(
       const grpc_channel_security_connector* other) const;
+  // grpc_channel_args* channel_args() const { return channel_args_.get(); }
+  //// Should be called as soon as the channel args are not needed to reduce
+  //// memory usage.
+  // void clear_channel_arg() { channel_args_.reset(); }
  private:
   grpc_core::RefCountedPtr<grpc_channel_credentials> channel_creds_;
   grpc_core::RefCountedPtr<grpc_call_credentials> request_metadata_creds_;
+  grpc_core::UniquePtr<grpc_channel_args> channel_args_;
 };
 /* --- server_security_connector object. ---
@@ -149,9 +153,9 @@ class grpc_server_security_connector : public grpc_security_connector {
       grpc_core::RefCountedPtr<grpc_server_credentials> server_creds);
   ~grpc_server_security_connector() override = default;
-  virtual void add_handshakers(grpc_pollset_set* interested_parties,
-                               grpc_core::HandshakeManager* handshake_mgr)
-      GRPC_ABSTRACT;
+  virtual void add_handshakers(const grpc_channel_args* args,
+                               grpc_pollset_set* interested_parties,
+                               grpc_core::HandshakeManager* handshake_mgr) = 0;
   const grpc_server_credentials* server_creds() const {
     return server_creds_.get();
@@ -160,8 +164,6 @@ class grpc_server_security_connector : public grpc_security_connector {
     return server_creds_.get();
   }
-  GRPC_ABSTRACT_BASE_CLASS
  protected:
   // Helper methods to be used in subclasses.
   int server_security_connector_cmp(