grpc 1.28.0.pre2 → 1.31.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8313 -11862
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +4 -0
- data/include/grpc/impl/codegen/grpc_types.h +23 -23
- data/include/grpc/impl/codegen/port_platform.h +6 -34
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +18 -12
- data/src/core/ext/filters/client_channel/client_channel.cc +618 -482
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +9 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +23 -14
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +44 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +311 -497
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -17
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +117 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +1142 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +10 -7
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +78 -61
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +41 -40
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +22 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +12 -10
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +79 -122
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +199 -163
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +46 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +64 -12
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +19 -17
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +21 -22
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +73 -217
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +45 -27
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +55 -25
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1200 -246
- data/src/core/ext/filters/client_channel/xds/xds_api.h +130 -44
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +90 -29
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +9 -4
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +839 -431
- data/src/core/ext/filters/client_channel/xds/xds_client.h +84 -33
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +40 -28
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -33
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +28 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +61 -88
- data/src/core/ext/filters/message_size/message_size_filter.h +10 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +386 -350
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +42 -26
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +25 -30
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +27 -21
- data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +24 -22
- data/src/core/ext/transport/inproc/inproc_transport.cc +54 -15
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -876
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +429 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +198 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +388 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +23 -10
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +352 -310
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -27
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +258 -214
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +157 -122
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +173 -73
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +53 -38
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +95 -63
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +68 -46
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +770 -722
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +305 -210
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +22 -16
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +48 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +12 -11
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +421 -389
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +64 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +569 -562
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +10 -21
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +10 -33
- data/src/core/lib/gpr/string.h +4 -18
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +15 -13
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +10 -10
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +4 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +25 -29
- data/src/core/lib/iomgr/ev_epollex_linux.cc +17 -24
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.cc +4 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr.cc +10 -0
- data/src/core/lib/iomgr/iomgr.h +10 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +2 -21
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +42 -57
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +16 -25
- data/src/core/lib/iomgr/resource_quota.cc +38 -37
- data/src/core/lib/iomgr/sockaddr_utils.cc +29 -33
- data/src/core/lib/iomgr/sockaddr_utils.h +10 -15
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +102 -81
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -18
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +30 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +10 -11
- data/src/core/lib/iomgr/tcp_custom.cc +3 -4
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +11 -23
- data/src/core/lib/iomgr/tcp_server_posix.cc +38 -44
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +15 -15
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +32 -36
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +25 -26
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +13 -62
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -17
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +73 -54
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -6
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +48 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +17 -17
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +2 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +38 -36
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +89 -21
- data/src/core/lib/security/security_connector/ssl_utils.h +18 -12
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -72
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +11 -11
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +15 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +42 -44
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +304 -47
- data/src/core/lib/surface/completion_queue.h +8 -0
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init.cc +2 -0
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +971 -837
- data/src/core/lib/surface/server.h +66 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +9 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.cc +8 -15
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +24 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +31 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +34 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +154 -50
- data/src/core/tsi/ssl_transport_security.h +22 -10
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +8 -3
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +12 -3
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +335 -297
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +434 -161
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +18 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +104 -122
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +47 -16
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +249 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1227 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +682 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +57 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +33 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +191 -79
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +282 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +791 -715
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +23 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +30 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +21 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +74 -54
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +44 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +51 -26
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +129 -48
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +55 -22
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- data/third_party/upb/upb/decode.c +467 -504
- data/third_party/upb/upb/encode.c +163 -121
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -75
- data/third_party/upb/upb/table.int.h +11 -43
- data/third_party/upb/upb/upb.c +148 -124
- data/third_party/upb/upb/upb.h +65 -147
- data/third_party/upb/upb/upb.hpp +86 -0
- metadata +122 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1908
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
- data/third_party/upb/upb/generated_util.h +0 -105
@@ -29,11 +29,13 @@
|
|
29
29
|
#include "src/core/tsi/ssl_transport_security.h"
|
30
30
|
#include "src/core/tsi/transport_security_interface.h"
|
31
31
|
|
32
|
-
|
32
|
+
struct grpc_ssl_config {
|
33
33
|
tsi_ssl_pem_key_cert_pair* pem_key_cert_pair;
|
34
34
|
char* pem_root_certs;
|
35
35
|
verify_peer_options verify_options;
|
36
|
-
|
36
|
+
grpc_tls_version min_tls_version = grpc_tls_version::TLS1_2;
|
37
|
+
grpc_tls_version max_tls_version = grpc_tls_version::TLS1_3;
|
38
|
+
};
|
37
39
|
|
38
40
|
/* Creates an SSL channel_security_connector.
|
39
41
|
- request_metadata_creds is the credentials object which metadata
|
@@ -57,14 +59,15 @@ grpc_ssl_channel_security_connector_create(
|
|
57
59
|
tsi_ssl_session_cache* ssl_session_cache);
|
58
60
|
|
59
61
|
/* Config for ssl servers. */
|
60
|
-
|
62
|
+
struct grpc_ssl_server_config {
|
61
63
|
tsi_ssl_pem_key_cert_pair* pem_key_cert_pairs = nullptr;
|
62
64
|
size_t num_key_cert_pairs = 0;
|
63
65
|
char* pem_root_certs = nullptr;
|
64
66
|
grpc_ssl_client_certificate_request_type client_certificate_request =
|
65
67
|
GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
|
66
|
-
|
67
|
-
|
68
|
+
grpc_tls_version min_tls_version = grpc_tls_version::TLS1_2;
|
69
|
+
grpc_tls_version max_tls_version = grpc_tls_version::TLS1_3;
|
70
|
+
};
|
68
71
|
/* Creates an SSL server_security_connector.
|
69
72
|
- config is the SSL config to be used for the SSL channel establishment.
|
70
73
|
- sc is a pointer on the connector to be created.
|
@@ -20,10 +20,13 @@
|
|
20
20
|
|
21
21
|
#include "src/core/lib/security/security_connector/ssl_utils.h"
|
22
22
|
|
23
|
+
#include <vector>
|
24
|
+
|
25
|
+
#include "absl/strings/str_cat.h"
|
26
|
+
|
23
27
|
#include <grpc/slice_buffer.h>
|
24
28
|
#include <grpc/support/alloc.h>
|
25
29
|
#include <grpc/support/log.h>
|
26
|
-
#include <grpc/support/string_util.h>
|
27
30
|
|
28
31
|
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
|
29
32
|
#include "src/core/lib/channel/channel_args.h"
|
@@ -65,6 +68,9 @@ static const char* cipher_suites = nullptr;
|
|
65
68
|
// All cipher suites for default are compliant with HTTP2.
|
66
69
|
GPR_GLOBAL_CONFIG_DEFINE_STRING(
|
67
70
|
grpc_ssl_cipher_suites,
|
71
|
+
"TLS_AES_128_GCM_SHA256:"
|
72
|
+
"TLS_AES_256_GCM_SHA384:"
|
73
|
+
"TLS_CHACHA20_POLY1305_SHA256:"
|
68
74
|
"ECDHE-ECDSA-AES128-GCM-SHA256:"
|
69
75
|
"ECDHE-ECDSA-AES256-GCM-SHA384:"
|
70
76
|
"ECDHE-RSA-AES128-GCM-SHA256:"
|
@@ -132,6 +138,18 @@ grpc_get_tsi_client_certificate_request_type(
|
|
132
138
|
}
|
133
139
|
}
|
134
140
|
|
141
|
+
tsi_tls_version grpc_get_tsi_tls_version(grpc_tls_version tls_version) {
|
142
|
+
switch (tls_version) {
|
143
|
+
case grpc_tls_version::TLS1_2:
|
144
|
+
return tsi_tls_version::TSI_TLS1_2;
|
145
|
+
case grpc_tls_version::TLS1_3:
|
146
|
+
return tsi_tls_version::TSI_TLS1_3;
|
147
|
+
default:
|
148
|
+
gpr_log(GPR_INFO, "Falling back to TLS 1.2.");
|
149
|
+
return tsi_tls_version::TSI_TLS1_2;
|
150
|
+
}
|
151
|
+
}
|
152
|
+
|
135
153
|
grpc_error* grpc_ssl_check_alpn(const tsi_peer* peer) {
|
136
154
|
#if TSI_OPENSSL_ALPN_SUPPORT
|
137
155
|
/* Check the ALPN if ALPN is supported. */
|
@@ -149,23 +167,20 @@ grpc_error* grpc_ssl_check_alpn(const tsi_peer* peer) {
|
|
149
167
|
return GRPC_ERROR_NONE;
|
150
168
|
}
|
151
169
|
|
152
|
-
grpc_error* grpc_ssl_check_peer_name(
|
170
|
+
grpc_error* grpc_ssl_check_peer_name(absl::string_view peer_name,
|
153
171
|
const tsi_peer* peer) {
|
154
172
|
/* Check the peer name if specified. */
|
155
173
|
if (!peer_name.empty() && !grpc_ssl_host_matches_name(peer, peer_name)) {
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
grpc_error* error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg);
|
160
|
-
gpr_free(msg);
|
161
|
-
return error;
|
174
|
+
return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
175
|
+
absl::StrCat("Peer name ", peer_name, " is not in peer certificate")
|
176
|
+
.c_str());
|
162
177
|
}
|
163
178
|
return GRPC_ERROR_NONE;
|
164
179
|
}
|
165
180
|
|
166
|
-
bool grpc_ssl_check_call_host(
|
167
|
-
|
168
|
-
|
181
|
+
bool grpc_ssl_check_call_host(absl::string_view host,
|
182
|
+
absl::string_view target_name,
|
183
|
+
absl::string_view overridden_target_name,
|
169
184
|
grpc_auth_context* auth_context,
|
170
185
|
grpc_error** error) {
|
171
186
|
grpc_security_status status = GRPC_SECURITY_ERROR;
|
@@ -197,29 +212,50 @@ const char** grpc_fill_alpn_protocol_strings(size_t* num_alpn_protocols) {
|
|
197
212
|
}
|
198
213
|
|
199
214
|
int grpc_ssl_host_matches_name(const tsi_peer* peer,
|
200
|
-
|
201
|
-
|
202
|
-
|
215
|
+
absl::string_view peer_name) {
|
216
|
+
absl::string_view allocated_name;
|
217
|
+
absl::string_view ignored_port;
|
203
218
|
grpc_core::SplitHostPort(peer_name, &allocated_name, &ignored_port);
|
204
219
|
if (allocated_name.empty()) return 0;
|
205
220
|
|
206
221
|
// IPv6 zone-id should not be included in comparisons.
|
207
222
|
const size_t zone_id = allocated_name.find('%');
|
208
|
-
if (zone_id !=
|
223
|
+
if (zone_id != absl::string_view::npos) {
|
209
224
|
allocated_name.remove_suffix(allocated_name.size() - zone_id);
|
210
225
|
}
|
211
226
|
return tsi_ssl_peer_matches_name(peer, allocated_name);
|
212
227
|
}
|
213
228
|
|
214
|
-
int grpc_ssl_cmp_target_name(
|
215
|
-
|
216
|
-
|
217
|
-
|
229
|
+
int grpc_ssl_cmp_target_name(absl::string_view target_name,
|
230
|
+
absl::string_view other_target_name,
|
231
|
+
absl::string_view overridden_target_name,
|
232
|
+
absl::string_view other_overridden_target_name) {
|
218
233
|
int c = target_name.compare(other_target_name);
|
219
234
|
if (c != 0) return c;
|
220
235
|
return overridden_target_name.compare(other_overridden_target_name);
|
221
236
|
}
|
222
237
|
|
238
|
+
static bool IsSpiffeId(absl::string_view uri) {
|
239
|
+
// Return false without logging for a non-spiffe uri scheme.
|
240
|
+
if (!absl::StartsWith(uri, "spiffe://")) {
|
241
|
+
return false;
|
242
|
+
};
|
243
|
+
if (uri.size() > 2048) {
|
244
|
+
gpr_log(GPR_INFO, "Invalid SPIFFE ID: ID longer than 2048 bytes.");
|
245
|
+
return false;
|
246
|
+
}
|
247
|
+
std::vector<absl::string_view> splits = absl::StrSplit(uri, '/');
|
248
|
+
if (splits.size() < 4 || splits[3] == "") {
|
249
|
+
gpr_log(GPR_INFO, "Invalid SPIFFE ID: workload id is empty.");
|
250
|
+
return false;
|
251
|
+
}
|
252
|
+
if (splits[2].size() > 255) {
|
253
|
+
gpr_log(GPR_INFO, "Invalid SPIFFE ID: domain longer than 255 characters.");
|
254
|
+
return false;
|
255
|
+
}
|
256
|
+
return true;
|
257
|
+
}
|
258
|
+
|
223
259
|
grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context(
|
224
260
|
const tsi_peer* peer, const char* transport_security_type) {
|
225
261
|
size_t i;
|
@@ -232,6 +268,10 @@ grpc_core::RefCountedPtr
|
|
232
268
|
grpc_auth_context_add_cstring_property(
|
233
269
|
ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
|
234
270
|
transport_security_type);
|
271
|
+
const char* spiffe_data = nullptr;
|
272
|
+
size_t spiffe_length = 0;
|
273
|
+
int uri_count = 0;
|
274
|
+
bool has_spiffe_id = false;
|
235
275
|
for (i = 0; i < peer->property_count; i++) {
|
236
276
|
const tsi_peer_property* prop = &peer->properties[i];
|
237
277
|
if (prop->name == nullptr) continue;
|
@@ -263,12 +303,32 @@ grpc_core::RefCountedPtr
|
|
263
303
|
grpc_auth_context_add_property(
|
264
304
|
ctx.get(), GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME,
|
265
305
|
prop->value.data, prop->value.length);
|
306
|
+
} else if (strcmp(prop->name, TSI_X509_URI_PEER_PROPERTY) == 0) {
|
307
|
+
uri_count++;
|
308
|
+
absl::string_view spiffe_id(prop->value.data, prop->value.length);
|
309
|
+
if (IsSpiffeId(spiffe_id)) {
|
310
|
+
spiffe_data = prop->value.data;
|
311
|
+
spiffe_length = prop->value.length;
|
312
|
+
has_spiffe_id = true;
|
313
|
+
}
|
266
314
|
}
|
267
315
|
}
|
268
316
|
if (peer_identity_property_name != nullptr) {
|
269
317
|
GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(
|
270
318
|
ctx.get(), peer_identity_property_name) == 1);
|
271
319
|
}
|
320
|
+
// A valid SPIFFE certificate can only have exact one URI SAN field.
|
321
|
+
if (has_spiffe_id) {
|
322
|
+
if (uri_count == 1) {
|
323
|
+
GPR_ASSERT(spiffe_length > 0);
|
324
|
+
GPR_ASSERT(spiffe_data != nullptr);
|
325
|
+
grpc_auth_context_add_property(ctx.get(),
|
326
|
+
GRPC_PEER_SPIFFE_ID_PROPERTY_NAME,
|
327
|
+
spiffe_data, spiffe_length);
|
328
|
+
} else {
|
329
|
+
gpr_log(GPR_INFO, "Invalid SPIFFE ID: multiple URI SANs.");
|
330
|
+
}
|
331
|
+
}
|
272
332
|
return ctx;
|
273
333
|
}
|
274
334
|
|
@@ -314,6 +374,9 @@ tsi_peer grpc_shallow_peer_from_ssl_auth_context(
|
|
314
374
|
0) {
|
315
375
|
add_shallow_auth_property_to_peer(&peer, prop,
|
316
376
|
TSI_X509_PEM_CERT_CHAIN_PROPERTY);
|
377
|
+
} else if (strcmp(prop->name, GRPC_PEER_SPIFFE_ID_PROPERTY_NAME) == 0) {
|
378
|
+
add_shallow_auth_property_to_peer(&peer, prop,
|
379
|
+
TSI_X509_URI_PEER_PROPERTY);
|
317
380
|
}
|
318
381
|
}
|
319
382
|
}
|
@@ -326,8 +389,8 @@ void grpc_shallow_peer_destruct(tsi_peer* peer) {
|
|
326
389
|
|
327
390
|
grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init(
|
328
391
|
tsi_ssl_pem_key_cert_pair* pem_key_cert_pair, const char* pem_root_certs,
|
329
|
-
bool skip_server_certificate_verification,
|
330
|
-
tsi_ssl_session_cache* ssl_session_cache,
|
392
|
+
bool skip_server_certificate_verification, tsi_tls_version min_tls_version,
|
393
|
+
tsi_tls_version max_tls_version, tsi_ssl_session_cache* ssl_session_cache,
|
331
394
|
tsi_ssl_client_handshaker_factory** handshaker_factory) {
|
332
395
|
const char* root_certs;
|
333
396
|
const tsi_ssl_root_certs_store* root_store;
|
@@ -359,6 +422,8 @@ grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init(
|
|
359
422
|
options.session_cache = ssl_session_cache;
|
360
423
|
options.skip_server_certificate_verification =
|
361
424
|
skip_server_certificate_verification;
|
425
|
+
options.min_tls_version = min_tls_version;
|
426
|
+
options.max_tls_version = max_tls_version;
|
362
427
|
const tsi_result result =
|
363
428
|
tsi_create_ssl_client_handshaker_factory_with_options(&options,
|
364
429
|
handshaker_factory);
|
@@ -375,6 +440,7 @@ grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(
|
|
375
440
|
tsi_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs,
|
376
441
|
const char* pem_root_certs,
|
377
442
|
grpc_ssl_client_certificate_request_type client_certificate_request,
|
443
|
+
tsi_tls_version min_tls_version, tsi_tls_version max_tls_version,
|
378
444
|
tsi_ssl_server_handshaker_factory** handshaker_factory) {
|
379
445
|
size_t num_alpn_protocols = 0;
|
380
446
|
const char** alpn_protocol_strings =
|
@@ -388,6 +454,8 @@ grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(
|
|
388
454
|
options.cipher_suites = grpc_get_ssl_cipher_suites();
|
389
455
|
options.alpn_protocols = alpn_protocol_strings;
|
390
456
|
options.num_alpn_protocols = static_cast<uint16_t>(num_alpn_protocols);
|
457
|
+
options.min_tls_version = min_tls_version;
|
458
|
+
options.max_tls_version = max_tls_version;
|
391
459
|
const tsi_result result =
|
392
460
|
tsi_create_ssl_server_handshaker_factory_with_options(&options,
|
393
461
|
handshaker_factory);
|
@@ -23,12 +23,14 @@
|
|
23
23
|
|
24
24
|
#include <stdbool.h>
|
25
25
|
|
26
|
+
#include "absl/strings/str_split.h"
|
27
|
+
#include "absl/strings/string_view.h"
|
28
|
+
|
26
29
|
#include <grpc/grpc_security.h>
|
27
30
|
#include <grpc/slice_buffer.h>
|
28
31
|
|
29
32
|
#include "src/core/lib/gprpp/global_config.h"
|
30
33
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
31
|
-
#include "src/core/lib/gprpp/string_view.h"
|
32
34
|
#include "src/core/lib/iomgr/error.h"
|
33
35
|
#include "src/core/lib/security/security_connector/security_connector.h"
|
34
36
|
#include "src/core/lib/security/security_connector/ssl_utils_config.h"
|
@@ -45,17 +47,17 @@
|
|
45
47
|
grpc_error* grpc_ssl_check_alpn(const tsi_peer* peer);
|
46
48
|
|
47
49
|
/* Check peer name information returned from SSL handshakes. */
|
48
|
-
grpc_error* grpc_ssl_check_peer_name(
|
50
|
+
grpc_error* grpc_ssl_check_peer_name(absl::string_view peer_name,
|
49
51
|
const tsi_peer* peer);
|
50
52
|
/* Compare targer_name information extracted from SSL security connectors. */
|
51
|
-
int grpc_ssl_cmp_target_name(
|
52
|
-
|
53
|
-
|
54
|
-
|
53
|
+
int grpc_ssl_cmp_target_name(absl::string_view target_name,
|
54
|
+
absl::string_view other_target_name,
|
55
|
+
absl::string_view overridden_target_name,
|
56
|
+
absl::string_view other_overridden_target_name);
|
55
57
|
/* Check the host that will be set for a call is acceptable.*/
|
56
|
-
bool grpc_ssl_check_call_host(
|
57
|
-
|
58
|
-
|
58
|
+
bool grpc_ssl_check_call_host(absl::string_view host,
|
59
|
+
absl::string_view target_name,
|
60
|
+
absl::string_view overridden_target_name,
|
59
61
|
grpc_auth_context* auth_context,
|
60
62
|
grpc_error** error);
|
61
63
|
/* Return HTTP2-compliant cipher suites that gRPC accepts by default. */
|
@@ -71,6 +73,9 @@ grpc_get_tsi_client_certificate_request_type(
|
|
71
73
|
grpc_security_level grpc_tsi_security_level_string_to_enum(
|
72
74
|
const char* security_level);
|
73
75
|
|
76
|
+
/* Map grpc_tls_version to tsi_tls_version. */
|
77
|
+
tsi_tls_version grpc_get_tsi_tls_version(grpc_tls_version tls_version);
|
78
|
+
|
74
79
|
/* Map grpc_security_level enum to a string. */
|
75
80
|
const char* grpc_security_level_to_string(grpc_security_level security_level);
|
76
81
|
|
@@ -84,14 +89,15 @@ const char** grpc_fill_alpn_protocol_strings(size_t* num_alpn_protocols);
|
|
84
89
|
/* Initialize TSI SSL server/client handshaker factory. */
|
85
90
|
grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init(
|
86
91
|
tsi_ssl_pem_key_cert_pair* key_cert_pair, const char* pem_root_certs,
|
87
|
-
bool skip_server_certificate_verification,
|
88
|
-
tsi_ssl_session_cache* ssl_session_cache,
|
92
|
+
bool skip_server_certificate_verification, tsi_tls_version min_tls_version,
|
93
|
+
tsi_tls_version max_tls_version, tsi_ssl_session_cache* ssl_session_cache,
|
89
94
|
tsi_ssl_client_handshaker_factory** handshaker_factory);
|
90
95
|
|
91
96
|
grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(
|
92
97
|
tsi_ssl_pem_key_cert_pair* key_cert_pairs, size_t num_key_cert_pairs,
|
93
98
|
const char* pem_root_certs,
|
94
99
|
grpc_ssl_client_certificate_request_type client_certificate_request,
|
100
|
+
tsi_tls_version min_tls_version, tsi_tls_version max_tls_version,
|
95
101
|
tsi_ssl_server_handshaker_factory** handshaker_factory);
|
96
102
|
|
97
103
|
/* Exposed for testing only. */
|
@@ -101,7 +107,7 @@ tsi_peer grpc_shallow_peer_from_ssl_auth_context(
|
|
101
107
|
const grpc_auth_context* auth_context);
|
102
108
|
void grpc_shallow_peer_destruct(tsi_peer* peer);
|
103
109
|
int grpc_ssl_host_matches_name(const tsi_peer* peer,
|
104
|
-
|
110
|
+
absl::string_view peer_name);
|
105
111
|
|
106
112
|
/* --- Default SSL Root Store. --- */
|
107
113
|
namespace grpc_core {
|
@@ -23,6 +23,9 @@
|
|
23
23
|
#include <stdbool.h>
|
24
24
|
#include <string.h>
|
25
25
|
|
26
|
+
#include "absl/strings/str_cat.h"
|
27
|
+
#include "absl/strings/string_view.h"
|
28
|
+
|
26
29
|
#include <grpc/grpc.h>
|
27
30
|
#include <grpc/support/alloc.h>
|
28
31
|
#include <grpc/support/log.h>
|
@@ -62,64 +65,75 @@ tsi_ssl_pem_key_cert_pair* ConvertToTsiPemKeyCertPair(
|
|
62
65
|
|
63
66
|
} // namespace
|
64
67
|
|
65
|
-
/** -- Util function to fetch TLS server/channel credentials. -- */
|
66
68
|
grpc_status_code TlsFetchKeyMaterials(
|
67
69
|
const grpc_core::RefCountedPtr<grpc_tls_key_materials_config>&
|
68
70
|
key_materials_config,
|
69
|
-
const grpc_tls_credentials_options& options, bool
|
70
|
-
grpc_ssl_certificate_config_reload_status*
|
71
|
+
const grpc_tls_credentials_options& options, bool is_server,
|
72
|
+
grpc_ssl_certificate_config_reload_status* status) {
|
71
73
|
GPR_ASSERT(key_materials_config != nullptr);
|
74
|
+
GPR_ASSERT(status != nullptr);
|
72
75
|
bool is_key_materials_empty =
|
73
76
|
key_materials_config->pem_key_cert_pair_list().empty();
|
74
|
-
|
75
|
-
|
77
|
+
grpc_tls_credential_reload_config* credential_reload_config =
|
78
|
+
options.credential_reload_config();
|
79
|
+
/** If there are no key materials and no credential reload config and the
|
80
|
+
* caller is a server, then return an error. We do not require that a client
|
81
|
+
* always provision certificates. **/
|
82
|
+
if (credential_reload_config == nullptr && is_key_materials_empty &&
|
83
|
+
is_server) {
|
76
84
|
gpr_log(GPR_ERROR,
|
77
85
|
"Either credential reload config or key materials should be "
|
78
86
|
"provisioned.");
|
79
87
|
return GRPC_STATUS_FAILED_PRECONDITION;
|
80
88
|
}
|
81
|
-
grpc_status_code
|
82
|
-
|
83
|
-
if (
|
89
|
+
grpc_status_code reload_status = GRPC_STATUS_OK;
|
90
|
+
/** Use |credential_reload_config| to update |key_materials_config|. **/
|
91
|
+
if (credential_reload_config != nullptr) {
|
84
92
|
grpc_tls_credential_reload_arg* arg = new grpc_tls_credential_reload_arg();
|
85
93
|
arg->key_materials_config = key_materials_config.get();
|
86
|
-
|
94
|
+
arg->error_details = new grpc_tls_error_details();
|
95
|
+
int result = credential_reload_config->Schedule(arg);
|
87
96
|
if (result) {
|
88
|
-
|
97
|
+
/** Credential reloading is performed async. This is not yet supported.
|
98
|
+
* **/
|
89
99
|
gpr_log(GPR_ERROR, "Async credential reload is unsupported now.");
|
90
|
-
status =
|
100
|
+
*status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
|
101
|
+
reload_status =
|
91
102
|
is_key_materials_empty ? GRPC_STATUS_UNIMPLEMENTED : GRPC_STATUS_OK;
|
92
103
|
} else {
|
93
|
-
|
94
|
-
*
|
104
|
+
/** Credential reloading is performed sync. **/
|
105
|
+
*status = arg->status;
|
95
106
|
if (arg->status == GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED) {
|
96
107
|
/* Key materials is not empty. */
|
97
108
|
gpr_log(GPR_DEBUG, "Credential does not change after reload.");
|
98
109
|
} else if (arg->status == GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL) {
|
99
110
|
gpr_log(GPR_ERROR, "Credential reload failed with an error:");
|
100
111
|
if (arg->error_details != nullptr) {
|
101
|
-
gpr_log(GPR_ERROR, "%s", arg->error_details);
|
112
|
+
gpr_log(GPR_ERROR, "%s", arg->error_details->error_details().c_str());
|
102
113
|
}
|
103
|
-
|
114
|
+
reload_status =
|
115
|
+
is_key_materials_empty ? GRPC_STATUS_INTERNAL : GRPC_STATUS_OK;
|
104
116
|
}
|
105
117
|
}
|
106
|
-
|
118
|
+
delete arg->error_details;
|
119
|
+
/** If the credential reload config was constructed via a wrapped language,
|
120
|
+
* then |arg->context| and |arg->destroy_context| will not be nullptr. In
|
121
|
+
* this case, we must destroy |arg->context|, which stores the wrapped
|
122
|
+
* language-version of the credential reload arg. **/
|
107
123
|
if (arg->destroy_context != nullptr) {
|
108
124
|
arg->destroy_context(arg->context);
|
109
125
|
}
|
110
126
|
delete arg;
|
111
127
|
}
|
112
|
-
return
|
128
|
+
return reload_status;
|
113
129
|
}
|
114
130
|
|
115
131
|
grpc_error* TlsCheckHostName(const char* peer_name, const tsi_peer* peer) {
|
116
132
|
/* Check the peer name if specified. */
|
117
133
|
if (peer_name != nullptr && !grpc_ssl_host_matches_name(peer, peer_name)) {
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
gpr_free(msg);
|
122
|
-
return error;
|
134
|
+
return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
135
|
+
absl::StrCat("Peer name ", peer_name, " is not in peer certificate")
|
136
|
+
.c_str());
|
123
137
|
}
|
124
138
|
return GRPC_ERROR_NONE;
|
125
139
|
}
|
@@ -131,15 +145,14 @@ TlsChannelSecurityConnector::TlsChannelSecurityConnector(
|
|
131
145
|
: grpc_channel_security_connector(GRPC_SSL_URL_SCHEME,
|
132
146
|
std::move(channel_creds),
|
133
147
|
std::move(request_metadata_creds)),
|
134
|
-
overridden_target_name_(
|
135
|
-
|
136
|
-
: gpr_strdup(overridden_target_name)) {
|
148
|
+
overridden_target_name_(
|
149
|
+
overridden_target_name == nullptr ? "" : overridden_target_name) {
|
137
150
|
key_materials_config_ = grpc_tls_key_materials_config_create()->Ref();
|
138
151
|
check_arg_ = ServerAuthorizationCheckArgCreate(this);
|
139
|
-
|
140
|
-
|
152
|
+
absl::string_view host;
|
153
|
+
absl::string_view port;
|
141
154
|
grpc_core::SplitHostPort(target_name, &host, &port);
|
142
|
-
target_name_ =
|
155
|
+
target_name_ = std::string(host);
|
143
156
|
}
|
144
157
|
|
145
158
|
TlsChannelSecurityConnector::~TlsChannelSecurityConnector() {
|
@@ -163,8 +176,8 @@ void TlsChannelSecurityConnector::add_handshakers(
|
|
163
176
|
tsi_handshaker* tsi_hs = nullptr;
|
164
177
|
tsi_result result = tsi_ssl_client_handshaker_factory_create_handshaker(
|
165
178
|
client_handshaker_factory_,
|
166
|
-
overridden_target_name_
|
167
|
-
|
179
|
+
overridden_target_name_.empty() ? target_name_.c_str()
|
180
|
+
: overridden_target_name_.c_str(),
|
168
181
|
&tsi_hs);
|
169
182
|
if (result != TSI_OK) {
|
170
183
|
gpr_log(GPR_ERROR, "Handshaker creation failed with error %s.",
|
@@ -179,9 +192,9 @@ void TlsChannelSecurityConnector::check_peer(
|
|
179
192
|
tsi_peer peer, grpc_endpoint* /*ep*/,
|
180
193
|
grpc_core::RefCountedPtr<grpc_auth_context>* auth_context,
|
181
194
|
grpc_closure* on_peer_checked) {
|
182
|
-
const char* target_name = overridden_target_name_
|
183
|
-
?
|
184
|
-
:
|
195
|
+
const char* target_name = overridden_target_name_.empty()
|
196
|
+
? target_name_.c_str()
|
197
|
+
: overridden_target_name_.c_str();
|
185
198
|
grpc_error* error = grpc_ssl_check_alpn(&peer);
|
186
199
|
if (error != GRPC_ERROR_NONE) {
|
187
200
|
grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_peer_checked, error);
|
@@ -258,16 +271,16 @@ int TlsChannelSecurityConnector::cmp(
|
|
258
271
|
if (c != 0) {
|
259
272
|
return c;
|
260
273
|
}
|
261
|
-
return grpc_ssl_cmp_target_name(
|
262
|
-
|
263
|
-
|
274
|
+
return grpc_ssl_cmp_target_name(
|
275
|
+
target_name_.c_str(), other->target_name_.c_str(),
|
276
|
+
overridden_target_name_.c_str(), other->overridden_target_name_.c_str());
|
264
277
|
}
|
265
278
|
|
266
279
|
bool TlsChannelSecurityConnector::check_call_host(
|
267
|
-
|
268
|
-
grpc_closure* on_call_host_checked
|
269
|
-
return grpc_ssl_check_call_host(host, target_name_.
|
270
|
-
overridden_target_name_.
|
280
|
+
absl::string_view host, grpc_auth_context* auth_context,
|
281
|
+
grpc_closure* /*on_call_host_checked*/, grpc_error** error) {
|
282
|
+
return grpc_ssl_check_call_host(host, target_name_.c_str(),
|
283
|
+
overridden_target_name_.c_str(), auth_context,
|
271
284
|
error);
|
272
285
|
}
|
273
286
|
|
@@ -320,8 +333,10 @@ grpc_security_status TlsChannelSecurityConnector::ReplaceHandshakerFactory(
|
|
320
333
|
key_materials_config_->pem_key_cert_pair_list());
|
321
334
|
grpc_security_status status = grpc_ssl_tsi_client_handshaker_factory_init(
|
322
335
|
pem_key_cert_pair, key_materials_config_->pem_root_certs(),
|
323
|
-
skip_server_certificate_verification,
|
324
|
-
|
336
|
+
skip_server_certificate_verification,
|
337
|
+
grpc_get_tsi_tls_version(creds->options().min_tls_version()),
|
338
|
+
grpc_get_tsi_tls_version(creds->options().max_tls_version()),
|
339
|
+
ssl_session_cache, &client_handshaker_factory_);
|
325
340
|
/* Free memory. */
|
326
341
|
grpc_tsi_ssl_pem_key_cert_pairs_destroy(pem_key_cert_pair, 1);
|
327
342
|
return status;
|
@@ -334,17 +349,18 @@ grpc_security_status TlsChannelSecurityConnector::InitializeHandshakerFactory(
|
|
334
349
|
static_cast<const TlsCredentials*>(channel_creds());
|
335
350
|
grpc_tls_key_materials_config* key_materials_config =
|
336
351
|
creds->options().key_materials_config();
|
337
|
-
|
352
|
+
// key_materials_config_->set_key_materials will handle the copying of the key
|
353
|
+
// materials users provided
|
338
354
|
if (key_materials_config != nullptr) {
|
339
|
-
|
340
|
-
key_materials_config->
|
341
|
-
|
342
|
-
gpr_strdup(key_materials_config->pem_root_certs()));
|
343
|
-
key_materials_config_->set_key_materials(std::move(pem_root_certs),
|
344
|
-
std::move(cert_pair_list));
|
355
|
+
key_materials_config_->set_key_materials(
|
356
|
+
key_materials_config->pem_root_certs(),
|
357
|
+
key_materials_config->pem_key_cert_pair_list());
|
345
358
|
}
|
346
359
|
grpc_ssl_certificate_config_reload_status reload_status =
|
347
360
|
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
|
361
|
+
/** If |creds->options()| has a credential reload config, then the call to
|
362
|
+
* |TlsFetchKeyMaterials| will use it to update the root cert and
|
363
|
+
* pem-key-cert-pair list stored in |key_materials_config_|. **/
|
348
364
|
if (TlsFetchKeyMaterials(key_materials_config_, creds->options(), false,
|
349
365
|
&reload_status) != GRPC_STATUS_OK) {
|
350
366
|
/* Raise an error if key materials are not populated. */
|
@@ -359,6 +375,9 @@ grpc_security_status TlsChannelSecurityConnector::RefreshHandshakerFactory() {
|
|
359
375
|
static_cast<const TlsCredentials*>(channel_creds());
|
360
376
|
grpc_ssl_certificate_config_reload_status reload_status =
|
361
377
|
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
|
378
|
+
/** If |creds->options()| has a credential reload config, then the call to
|
379
|
+
* |TlsFetchKeyMaterials| will use it to update the root cert and
|
380
|
+
* pem-key-cert-pair list stored in |key_materials_config_|. **/
|
362
381
|
if (TlsFetchKeyMaterials(key_materials_config_, creds->options(), false,
|
363
382
|
&reload_status) != GRPC_STATUS_OK) {
|
364
383
|
return GRPC_SECURITY_ERROR;
|
@@ -384,31 +403,30 @@ void TlsChannelSecurityConnector::ServerAuthorizationCheckDone(
|
|
384
403
|
grpc_error* TlsChannelSecurityConnector::ProcessServerAuthorizationCheckResult(
|
385
404
|
grpc_tls_server_authorization_check_arg* arg) {
|
386
405
|
grpc_error* error = GRPC_ERROR_NONE;
|
387
|
-
char* msg = nullptr;
|
388
406
|
/* Server authorization check is cancelled by caller. */
|
389
407
|
if (arg->status == GRPC_STATUS_CANCELLED) {
|
390
|
-
|
391
|
-
|
392
|
-
|
393
|
-
|
394
|
-
|
408
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
409
|
+
absl::StrCat("Server authorization check is cancelled by the caller "
|
410
|
+
"with error: ",
|
411
|
+
arg->error_details->error_details())
|
412
|
+
.c_str());
|
395
413
|
} else if (arg->status == GRPC_STATUS_OK) {
|
396
414
|
/* Server authorization check completed successfully but returned check
|
397
415
|
* failure. */
|
398
416
|
if (!arg->success) {
|
399
|
-
|
400
|
-
|
401
|
-
|
417
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
418
|
+
absl::StrCat("Server authorization check failed with error: ",
|
419
|
+
arg->error_details->error_details())
|
420
|
+
.c_str());
|
402
421
|
}
|
403
422
|
/* Server authorization check did not complete correctly. */
|
404
423
|
} else {
|
405
|
-
|
406
|
-
|
407
|
-
|
408
|
-
|
409
|
-
|
424
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
425
|
+
absl::StrCat(
|
426
|
+
"Server authorization check did not finish correctly with error: ",
|
427
|
+
arg->error_details->error_details())
|
428
|
+
.c_str());
|
410
429
|
}
|
411
|
-
gpr_free(msg);
|
412
430
|
return error;
|
413
431
|
}
|
414
432
|
|
@@ -417,6 +435,7 @@ TlsChannelSecurityConnector::ServerAuthorizationCheckArgCreate(
|
|
417
435
|
void* user_data) {
|
418
436
|
grpc_tls_server_authorization_check_arg* arg =
|
419
437
|
new grpc_tls_server_authorization_check_arg();
|
438
|
+
arg->error_details = new grpc_tls_error_details();
|
420
439
|
arg->cb = ServerAuthorizationCheckDone;
|
421
440
|
arg->cb_user_data = user_data;
|
422
441
|
arg->status = GRPC_STATUS_OK;
|
@@ -431,7 +450,7 @@ void TlsChannelSecurityConnector::ServerAuthorizationCheckArgDestroy(
|
|
431
450
|
gpr_free((void*)arg->target_name);
|
432
451
|
gpr_free((void*)arg->peer_cert);
|
433
452
|
if (arg->peer_cert_full_chain) gpr_free((void*)arg->peer_cert_full_chain);
|
434
|
-
|
453
|
+
delete arg->error_details;
|
435
454
|
if (arg->destroy_context != nullptr) {
|
436
455
|
arg->destroy_context(arg->context);
|
437
456
|
}
|
@@ -525,7 +544,10 @@ grpc_security_status TlsServerSecurityConnector::ReplaceHandshakerFactory() {
|
|
525
544
|
grpc_security_status status = grpc_ssl_tsi_server_handshaker_factory_init(
|
526
545
|
pem_key_cert_pairs, num_key_cert_pairs,
|
527
546
|
key_materials_config_->pem_root_certs(),
|
528
|
-
creds->options().cert_request_type(),
|
547
|
+
creds->options().cert_request_type(),
|
548
|
+
grpc_get_tsi_tls_version(creds->options().min_tls_version()),
|
549
|
+
grpc_get_tsi_tls_version(creds->options().max_tls_version()),
|
550
|
+
&server_handshaker_factory_);
|
529
551
|
/* Free memory. */
|
530
552
|
grpc_tsi_ssl_pem_key_cert_pairs_destroy(pem_key_cert_pairs,
|
531
553
|
num_key_cert_pairs);
|
@@ -539,15 +561,17 @@ grpc_security_status TlsServerSecurityConnector::InitializeHandshakerFactory() {
|
|
539
561
|
grpc_tls_key_materials_config* key_materials_config =
|
540
562
|
creds->options().key_materials_config();
|
541
563
|
if (key_materials_config != nullptr) {
|
542
|
-
|
543
|
-
key_materials_config->
|
544
|
-
|
545
|
-
gpr_strdup(key_materials_config->pem_root_certs()));
|
546
|
-
key_materials_config_->set_key_materials(std::move(pem_root_certs),
|
547
|
-
std::move(cert_pair_list));
|
564
|
+
key_materials_config_->set_key_materials(
|
565
|
+
key_materials_config->pem_root_certs(),
|
566
|
+
key_materials_config->pem_key_cert_pair_list());
|
548
567
|
}
|
549
568
|
grpc_ssl_certificate_config_reload_status reload_status =
|
550
569
|
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
|
570
|
+
/** If |creds->options()| has a credential reload config, then the call to
|
571
|
+
* |TlsFetchKeyMaterials| will use it to update the root cert and
|
572
|
+
* pem-key-cert-pair list stored in |key_materials_config_|. Otherwise, it
|
573
|
+
* will return |GRPC_STATUS_OK| if |key_materials_config_| already has
|
574
|
+
* credentials, and an error code if not. **/
|
551
575
|
if (TlsFetchKeyMaterials(key_materials_config_, creds->options(), true,
|
552
576
|
&reload_status) != GRPC_STATUS_OK) {
|
553
577
|
/* Raise an error if key materials are not populated. */
|
@@ -562,6 +586,11 @@ grpc_security_status TlsServerSecurityConnector::RefreshHandshakerFactory() {
|
|
562
586
|
static_cast<const TlsServerCredentials*>(server_creds());
|
563
587
|
grpc_ssl_certificate_config_reload_status reload_status =
|
564
588
|
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
|
589
|
+
/** If |creds->options()| has a credential reload config, then the call to
|
590
|
+
* |TlsFetchKeyMaterials| will use it to update the root cert and
|
591
|
+
* pem-key-cert-pair list stored in |key_materials_config_|. Otherwise, it
|
592
|
+
* will return |GRPC_STATUS_OK| if |key_materials_config_| already has
|
593
|
+
* credentials, and an error code if not. **/
|
565
594
|
if (TlsFetchKeyMaterials(key_materials_config_, creds->options(), true,
|
566
595
|
&reload_status) != GRPC_STATUS_OK) {
|
567
596
|
return GRPC_SECURITY_ERROR;
|