grpc 1.28.0.pre2 → 1.31.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8313 -11862
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +4 -0
- data/include/grpc/impl/codegen/grpc_types.h +23 -23
- data/include/grpc/impl/codegen/port_platform.h +6 -34
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +18 -12
- data/src/core/ext/filters/client_channel/client_channel.cc +618 -482
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +9 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +23 -14
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +44 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +311 -497
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -17
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +117 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +1142 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +10 -7
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +78 -61
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +41 -40
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +22 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +12 -10
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +79 -122
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +199 -163
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +46 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +64 -12
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +19 -17
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +21 -22
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +73 -217
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +45 -27
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +55 -25
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1200 -246
- data/src/core/ext/filters/client_channel/xds/xds_api.h +130 -44
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +90 -29
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +9 -4
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +839 -431
- data/src/core/ext/filters/client_channel/xds/xds_client.h +84 -33
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +40 -28
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -33
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +28 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +61 -88
- data/src/core/ext/filters/message_size/message_size_filter.h +10 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +386 -350
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +42 -26
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +25 -30
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +27 -21
- data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +24 -22
- data/src/core/ext/transport/inproc/inproc_transport.cc +54 -15
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -876
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +429 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +198 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +388 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +23 -10
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +352 -310
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -27
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +258 -214
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +157 -122
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +173 -73
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +53 -38
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +95 -63
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +68 -46
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +770 -722
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +305 -210
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +22 -16
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +48 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +12 -11
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +421 -389
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +64 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +569 -562
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +10 -21
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +10 -33
- data/src/core/lib/gpr/string.h +4 -18
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +15 -13
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +10 -10
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +4 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +25 -29
- data/src/core/lib/iomgr/ev_epollex_linux.cc +17 -24
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.cc +4 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr.cc +10 -0
- data/src/core/lib/iomgr/iomgr.h +10 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +2 -21
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +42 -57
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +16 -25
- data/src/core/lib/iomgr/resource_quota.cc +38 -37
- data/src/core/lib/iomgr/sockaddr_utils.cc +29 -33
- data/src/core/lib/iomgr/sockaddr_utils.h +10 -15
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +102 -81
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -18
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +30 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +10 -11
- data/src/core/lib/iomgr/tcp_custom.cc +3 -4
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +11 -23
- data/src/core/lib/iomgr/tcp_server_posix.cc +38 -44
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +15 -15
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +32 -36
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +25 -26
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +13 -62
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -17
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +73 -54
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -6
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +48 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +17 -17
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +2 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +38 -36
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +89 -21
- data/src/core/lib/security/security_connector/ssl_utils.h +18 -12
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -72
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +11 -11
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +15 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +42 -44
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +304 -47
- data/src/core/lib/surface/completion_queue.h +8 -0
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init.cc +2 -0
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +971 -837
- data/src/core/lib/surface/server.h +66 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +9 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.cc +8 -15
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +24 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +31 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +34 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +154 -50
- data/src/core/tsi/ssl_transport_security.h +22 -10
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +8 -3
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +12 -3
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +335 -297
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +434 -161
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +18 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +104 -122
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +47 -16
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +249 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1227 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +682 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +57 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +33 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +191 -79
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +282 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +791 -715
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +23 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +30 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +21 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +74 -54
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +44 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +51 -26
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +129 -48
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +55 -22
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- data/third_party/upb/upb/decode.c +467 -504
- data/third_party/upb/upb/encode.c +163 -121
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -75
- data/third_party/upb/upb/table.int.h +11 -43
- data/third_party/upb/upb/upb.c +148 -124
- data/third_party/upb/upb/upb.h +65 -147
- data/third_party/upb/upb/upb.hpp +86 -0
- metadata +122 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1908
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
- data/third_party/upb/upb/generated_util.h +0 -105
@@ -18,8 +18,6 @@
|
|
18
18
|
|
19
19
|
#include <grpc/support/port_platform.h>
|
20
20
|
|
21
|
-
#include "src/core/tsi/grpc_shadow_boringssl.h"
|
22
|
-
|
23
21
|
#include "src/core/tsi/ssl_transport_security.h"
|
24
22
|
|
25
23
|
#include <limits.h>
|
@@ -35,6 +33,8 @@
|
|
35
33
|
#include <sys/socket.h>
|
36
34
|
#endif
|
37
35
|
|
36
|
+
#include <string>
|
37
|
+
|
38
38
|
#include <grpc/grpc_security.h>
|
39
39
|
#include <grpc/support/alloc.h>
|
40
40
|
#include <grpc/support/log.h>
|
@@ -42,12 +42,16 @@
|
|
42
42
|
#include <grpc/support/sync.h>
|
43
43
|
#include <grpc/support/thd_id.h>
|
44
44
|
|
45
|
+
#include "absl/strings/match.h"
|
46
|
+
#include "absl/strings/string_view.h"
|
47
|
+
|
45
48
|
extern "C" {
|
46
49
|
#include <openssl/bio.h>
|
47
50
|
#include <openssl/crypto.h> /* For OPENSSL_free */
|
48
51
|
#include <openssl/engine.h>
|
49
52
|
#include <openssl/err.h>
|
50
53
|
#include <openssl/ssl.h>
|
54
|
+
#include <openssl/tls1.h>
|
51
55
|
#include <openssl/x509.h>
|
52
56
|
#include <openssl/x509v3.h>
|
53
57
|
}
|
@@ -105,7 +109,7 @@ struct tsi_ssl_server_handshaker_factory {
|
|
105
109
|
size_t alpn_protocol_list_length;
|
106
110
|
};
|
107
111
|
|
108
|
-
|
112
|
+
struct tsi_ssl_handshaker {
|
109
113
|
tsi_handshaker base;
|
110
114
|
SSL* ssl;
|
111
115
|
BIO* network_io;
|
@@ -113,25 +117,22 @@ typedef struct {
|
|
113
117
|
unsigned char* outgoing_bytes_buffer;
|
114
118
|
size_t outgoing_bytes_buffer_size;
|
115
119
|
tsi_ssl_handshaker_factory* factory_ref;
|
116
|
-
}
|
117
|
-
|
118
|
-
typedef struct {
|
120
|
+
};
|
121
|
+
struct tsi_ssl_handshaker_result {
|
119
122
|
tsi_handshaker_result base;
|
120
123
|
SSL* ssl;
|
121
124
|
BIO* network_io;
|
122
125
|
unsigned char* unused_bytes;
|
123
126
|
size_t unused_bytes_size;
|
124
|
-
}
|
125
|
-
|
126
|
-
typedef struct {
|
127
|
+
};
|
128
|
+
struct tsi_ssl_frame_protector {
|
127
129
|
tsi_frame_protector base;
|
128
130
|
SSL* ssl;
|
129
131
|
BIO* network_io;
|
130
132
|
unsigned char* buffer;
|
131
133
|
size_t buffer_size;
|
132
134
|
size_t buffer_offset;
|
133
|
-
}
|
134
|
-
|
135
|
+
};
|
135
136
|
/* --- Library Initialization. ---*/
|
136
137
|
|
137
138
|
static gpr_once g_init_openssl_once = GPR_ONCE_INIT;
|
@@ -238,7 +239,7 @@ static void ssl_info_callback(const SSL* ssl, int where, int ret) {
|
|
238
239
|
|
239
240
|
/* Returns 1 if name looks like an IP address, 0 otherwise.
|
240
241
|
This is a very rough heuristic, and only handles IPv6 in hexadecimal form. */
|
241
|
-
static int looks_like_ip_address(
|
242
|
+
static int looks_like_ip_address(absl::string_view name) {
|
242
243
|
size_t dot_count = 0;
|
243
244
|
size_t num_size = 0;
|
244
245
|
for (size_t i = 0; i < name.size(); ++i) {
|
@@ -345,13 +346,10 @@ static tsi_result add_pem_certificate(X509* cert, tsi_peer_property* property) {
|
|
345
346
|
/* Gets the subject SANs from an X509 cert as a tsi_peer_property. */
|
346
347
|
static tsi_result add_subject_alt_names_properties_to_peer(
|
347
348
|
tsi_peer* peer, GENERAL_NAMES* subject_alt_names,
|
348
|
-
size_t subject_alt_name_count) {
|
349
|
+
size_t subject_alt_name_count, int* current_insert_index) {
|
349
350
|
size_t i;
|
350
351
|
tsi_result result = TSI_OK;
|
351
352
|
|
352
|
-
/* Reset for DNS entries filtering. */
|
353
|
-
peer->property_count -= subject_alt_name_count;
|
354
|
-
|
355
353
|
for (i = 0; i < subject_alt_name_count; i++) {
|
356
354
|
GENERAL_NAME* subject_alt_name =
|
357
355
|
sk_GENERAL_NAME_value(subject_alt_names, TSI_SIZE_AS_SIZE(i));
|
@@ -376,7 +374,17 @@ static tsi_result add_subject_alt_names_properties_to_peer(
|
|
376
374
|
result = tsi_construct_string_peer_property(
|
377
375
|
TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY,
|
378
376
|
reinterpret_cast<const char*>(name), static_cast<size_t>(name_size),
|
379
|
-
&peer->properties[
|
377
|
+
&peer->properties[(*current_insert_index)++]);
|
378
|
+
if (result != TSI_OK) {
|
379
|
+
OPENSSL_free(name);
|
380
|
+
break;
|
381
|
+
}
|
382
|
+
if (subject_alt_name->type == GEN_URI) {
|
383
|
+
result = tsi_construct_string_peer_property(
|
384
|
+
TSI_X509_URI_PEER_PROPERTY, reinterpret_cast<const char*>(name),
|
385
|
+
static_cast<size_t>(name_size),
|
386
|
+
&peer->properties[(*current_insert_index)++]);
|
387
|
+
}
|
380
388
|
OPENSSL_free(name);
|
381
389
|
} else if (subject_alt_name->type == GEN_IPADD) {
|
382
390
|
char ntop_buf[INET6_ADDRSTRLEN];
|
@@ -401,7 +409,7 @@ static tsi_result add_subject_alt_names_properties_to_peer(
|
|
401
409
|
|
402
410
|
result = tsi_construct_string_peer_property_from_cstring(
|
403
411
|
TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, name,
|
404
|
-
&peer->properties[
|
412
|
+
&peer->properties[(*current_insert_index)++]);
|
405
413
|
}
|
406
414
|
if (result != TSI_OK) break;
|
407
415
|
}
|
@@ -424,26 +432,35 @@ static tsi_result peer_from_x509(X509* cert, int include_certificate_type,
|
|
424
432
|
property_count = (include_certificate_type ? static_cast<size_t>(1) : 0) +
|
425
433
|
2 /* common name, certificate */ +
|
426
434
|
static_cast<size_t>(subject_alt_name_count);
|
435
|
+
for (int i = 0; i < subject_alt_name_count; i++) {
|
436
|
+
GENERAL_NAME* subject_alt_name =
|
437
|
+
sk_GENERAL_NAME_value(subject_alt_names, TSI_SIZE_AS_SIZE(i));
|
438
|
+
if (subject_alt_name->type == GEN_URI) {
|
439
|
+
property_count += 1;
|
440
|
+
}
|
441
|
+
}
|
427
442
|
result = tsi_construct_peer(property_count, peer);
|
428
443
|
if (result != TSI_OK) return result;
|
444
|
+
int current_insert_index = 0;
|
429
445
|
do {
|
430
446
|
if (include_certificate_type) {
|
431
447
|
result = tsi_construct_string_peer_property_from_cstring(
|
432
448
|
TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
|
433
|
-
&peer->properties[
|
449
|
+
&peer->properties[current_insert_index++]);
|
434
450
|
if (result != TSI_OK) break;
|
435
451
|
}
|
436
452
|
result = peer_property_from_x509_common_name(
|
437
|
-
cert, &peer->properties[
|
453
|
+
cert, &peer->properties[current_insert_index++]);
|
438
454
|
if (result != TSI_OK) break;
|
439
455
|
|
440
|
-
result =
|
441
|
-
cert, &peer->properties[
|
456
|
+
result =
|
457
|
+
add_pem_certificate(cert, &peer->properties[current_insert_index++]);
|
442
458
|
if (result != TSI_OK) break;
|
443
459
|
|
444
460
|
if (subject_alt_name_count != 0) {
|
445
461
|
result = add_subject_alt_names_properties_to_peer(
|
446
|
-
peer, subject_alt_names, static_cast<size_t>(subject_alt_name_count)
|
462
|
+
peer, subject_alt_names, static_cast<size_t>(subject_alt_name_count),
|
463
|
+
¤t_insert_index);
|
447
464
|
if (result != TSI_OK) break;
|
448
465
|
}
|
449
466
|
} while (0);
|
@@ -452,6 +469,8 @@ static tsi_result peer_from_x509(X509* cert, int include_certificate_type,
|
|
452
469
|
sk_GENERAL_NAME_pop_free(subject_alt_names, GENERAL_NAME_free);
|
453
470
|
}
|
454
471
|
if (result != TSI_OK) tsi_peer_destruct(peer);
|
472
|
+
|
473
|
+
GPR_ASSERT((int)peer->property_count == current_insert_index);
|
455
474
|
return result;
|
456
475
|
}
|
457
476
|
|
@@ -872,6 +891,50 @@ static int NullVerifyCallback(int /*preverify_ok*/, X509_STORE_CTX* /*ctx*/) {
|
|
872
891
|
return 1;
|
873
892
|
}
|
874
893
|
|
894
|
+
// Sets the min and max TLS version of |ssl_context| to |min_tls_version| and
|
895
|
+
// |max_tls_version|, respectively. Calling this method is a no-op when using
|
896
|
+
// OpenSSL versions < 1.1.
|
897
|
+
static tsi_result tsi_set_min_and_max_tls_versions(
|
898
|
+
SSL_CTX* ssl_context, tsi_tls_version min_tls_version,
|
899
|
+
tsi_tls_version max_tls_version) {
|
900
|
+
if (ssl_context == nullptr) {
|
901
|
+
gpr_log(GPR_INFO,
|
902
|
+
"Invalid nullptr argument to |tsi_set_min_and_max_tls_versions|.");
|
903
|
+
return TSI_INVALID_ARGUMENT;
|
904
|
+
}
|
905
|
+
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
906
|
+
// Set the min TLS version of the SSL context.
|
907
|
+
switch (min_tls_version) {
|
908
|
+
case tsi_tls_version::TSI_TLS1_2:
|
909
|
+
SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION);
|
910
|
+
break;
|
911
|
+
#if defined(TLS1_3_VERSION)
|
912
|
+
case tsi_tls_version::TSI_TLS1_3:
|
913
|
+
SSL_CTX_set_min_proto_version(ssl_context, TLS1_3_VERSION);
|
914
|
+
break;
|
915
|
+
#endif
|
916
|
+
default:
|
917
|
+
gpr_log(GPR_INFO, "TLS version is not supported.");
|
918
|
+
return TSI_FAILED_PRECONDITION;
|
919
|
+
}
|
920
|
+
// Set the max TLS version of the SSL context.
|
921
|
+
switch (max_tls_version) {
|
922
|
+
case tsi_tls_version::TSI_TLS1_2:
|
923
|
+
SSL_CTX_set_max_proto_version(ssl_context, TLS1_2_VERSION);
|
924
|
+
break;
|
925
|
+
#if defined(TLS1_3_VERSION)
|
926
|
+
case tsi_tls_version::TSI_TLS1_3:
|
927
|
+
SSL_CTX_set_max_proto_version(ssl_context, TLS1_3_VERSION);
|
928
|
+
break;
|
929
|
+
#endif
|
930
|
+
default:
|
931
|
+
gpr_log(GPR_INFO, "TLS version is not supported.");
|
932
|
+
return TSI_FAILED_PRECONDITION;
|
933
|
+
}
|
934
|
+
#endif
|
935
|
+
return TSI_OK;
|
936
|
+
}
|
937
|
+
|
875
938
|
/* --- tsi_ssl_root_certs_store methods implementation. ---*/
|
876
939
|
|
877
940
|
tsi_ssl_root_certs_store* tsi_ssl_root_certs_store_create(
|
@@ -1283,7 +1346,7 @@ static const tsi_handshaker_result_vtable handshaker_result_vtable = {
|
|
1283
1346
|
};
|
1284
1347
|
|
1285
1348
|
static tsi_result ssl_handshaker_result_create(
|
1286
|
-
tsi_ssl_handshaker* handshaker,
|
1349
|
+
tsi_ssl_handshaker* handshaker, unsigned char* unused_bytes,
|
1287
1350
|
size_t unused_bytes_size, tsi_handshaker_result** handshaker_result) {
|
1288
1351
|
if (handshaker == nullptr || handshaker_result == nullptr ||
|
1289
1352
|
(unused_bytes_size > 0 && unused_bytes == nullptr)) {
|
@@ -1297,11 +1360,8 @@ static tsi_result ssl_handshaker_result_create(
|
|
1297
1360
|
handshaker->ssl = nullptr;
|
1298
1361
|
result->network_io = handshaker->network_io;
|
1299
1362
|
handshaker->network_io = nullptr;
|
1300
|
-
|
1301
|
-
|
1302
|
-
static_cast<unsigned char*>(gpr_malloc(unused_bytes_size));
|
1303
|
-
memcpy(result->unused_bytes, unused_bytes, unused_bytes_size);
|
1304
|
-
}
|
1363
|
+
/* Transfer ownership of |unused_bytes| to the handshaker result. */
|
1364
|
+
result->unused_bytes = unused_bytes;
|
1305
1365
|
result->unused_bytes_size = unused_bytes_size;
|
1306
1366
|
*handshaker_result = &result->base;
|
1307
1367
|
return TSI_OK;
|
@@ -1394,6 +1454,36 @@ static void ssl_handshaker_destroy(tsi_handshaker* self) {
|
|
1394
1454
|
gpr_free(impl);
|
1395
1455
|
}
|
1396
1456
|
|
1457
|
+
// Removes the bytes remaining in |impl->SSL|'s read BIO and writes them to
|
1458
|
+
// |bytes_remaining|.
|
1459
|
+
static tsi_result ssl_bytes_remaining(tsi_ssl_handshaker* impl,
|
1460
|
+
unsigned char** bytes_remaining,
|
1461
|
+
size_t* bytes_remaining_size) {
|
1462
|
+
if (impl == nullptr || bytes_remaining == nullptr ||
|
1463
|
+
bytes_remaining_size == nullptr) {
|
1464
|
+
return TSI_INVALID_ARGUMENT;
|
1465
|
+
}
|
1466
|
+
// Atempt to read all of the bytes in SSL's read BIO. These bytes should
|
1467
|
+
// contain application data records that were appended to a handshake record
|
1468
|
+
// containing the ClientFinished or ServerFinished message.
|
1469
|
+
size_t bytes_in_ssl = BIO_pending(SSL_get_rbio(impl->ssl));
|
1470
|
+
if (bytes_in_ssl == 0) return TSI_OK;
|
1471
|
+
*bytes_remaining = static_cast<uint8_t*>(gpr_malloc(bytes_in_ssl));
|
1472
|
+
int bytes_read = BIO_read(SSL_get_rbio(impl->ssl), *bytes_remaining,
|
1473
|
+
static_cast<int>(bytes_in_ssl));
|
1474
|
+
// If an unexpected number of bytes were read, return an error status and free
|
1475
|
+
// all of the bytes that were read.
|
1476
|
+
if (bytes_read < 0 || static_cast<size_t>(bytes_read) != bytes_in_ssl) {
|
1477
|
+
gpr_log(GPR_ERROR,
|
1478
|
+
"Failed to read the expected number of bytes from SSL object.");
|
1479
|
+
gpr_free(*bytes_remaining);
|
1480
|
+
*bytes_remaining = nullptr;
|
1481
|
+
return TSI_INTERNAL_ERROR;
|
1482
|
+
}
|
1483
|
+
*bytes_remaining_size = static_cast<size_t>(bytes_read);
|
1484
|
+
return TSI_OK;
|
1485
|
+
}
|
1486
|
+
|
1397
1487
|
static tsi_result ssl_handshaker_next(
|
1398
1488
|
tsi_handshaker* self, const unsigned char* received_bytes,
|
1399
1489
|
size_t received_bytes_size, const unsigned char** bytes_to_send,
|
@@ -1434,9 +1524,19 @@ static tsi_result ssl_handshaker_next(
|
|
1434
1524
|
if (ssl_handshaker_get_result(impl) == TSI_HANDSHAKE_IN_PROGRESS) {
|
1435
1525
|
*handshaker_result = nullptr;
|
1436
1526
|
} else {
|
1437
|
-
|
1438
|
-
|
1439
|
-
|
1527
|
+
// Any bytes that remain in |impl->ssl|'s read BIO after the handshake is
|
1528
|
+
// complete must be extracted and set to the unused bytes of the handshaker
|
1529
|
+
// result. This indicates to the gRPC stack that there are bytes from the
|
1530
|
+
// peer that must be processed.
|
1531
|
+
unsigned char* unused_bytes = nullptr;
|
1532
|
+
size_t unused_bytes_size = 0;
|
1533
|
+
status = ssl_bytes_remaining(impl, &unused_bytes, &unused_bytes_size);
|
1534
|
+
if (status != TSI_OK) return status;
|
1535
|
+
if (unused_bytes_size > received_bytes_size) {
|
1536
|
+
gpr_log(GPR_ERROR, "More unused bytes than received bytes.");
|
1537
|
+
gpr_free(unused_bytes);
|
1538
|
+
return TSI_INTERNAL_ERROR;
|
1539
|
+
}
|
1440
1540
|
status = ssl_handshaker_result_create(impl, unused_bytes, unused_bytes_size,
|
1441
1541
|
handshaker_result);
|
1442
1542
|
if (status == TSI_OK) {
|
@@ -1645,8 +1745,8 @@ static void tsi_ssl_server_handshaker_factory_destroy(
|
|
1645
1745
|
gpr_free(self);
|
1646
1746
|
}
|
1647
1747
|
|
1648
|
-
static int does_entry_match_name(
|
1649
|
-
|
1748
|
+
static int does_entry_match_name(absl::string_view entry,
|
1749
|
+
absl::string_view name) {
|
1650
1750
|
if (entry.empty()) return 0;
|
1651
1751
|
|
1652
1752
|
/* Take care of '.' terminations. */
|
@@ -1658,7 +1758,7 @@ static int does_entry_match_name(grpc_core::StringView entry,
|
|
1658
1758
|
if (entry.empty()) return 0;
|
1659
1759
|
}
|
1660
1760
|
|
1661
|
-
if (name
|
1761
|
+
if (absl::EqualsIgnoreCase(name, entry)) {
|
1662
1762
|
return 1; /* Perfect match. */
|
1663
1763
|
}
|
1664
1764
|
if (entry.front() != '*') return 0;
|
@@ -1669,23 +1769,21 @@ static int does_entry_match_name(grpc_core::StringView entry,
|
|
1669
1769
|
return 0;
|
1670
1770
|
}
|
1671
1771
|
size_t name_subdomain_pos = name.find('.');
|
1672
|
-
if (name_subdomain_pos ==
|
1772
|
+
if (name_subdomain_pos == absl::string_view::npos) return 0;
|
1673
1773
|
if (name_subdomain_pos >= name.size() - 2) return 0;
|
1674
|
-
|
1774
|
+
absl::string_view name_subdomain =
|
1675
1775
|
name.substr(name_subdomain_pos + 1); /* Starts after the dot. */
|
1676
1776
|
entry.remove_prefix(2); /* Remove *. */
|
1677
1777
|
size_t dot = name_subdomain.find('.');
|
1678
|
-
if (dot ==
|
1679
|
-
grpc_core::UniquePtr<char> name_subdomain_cstr(
|
1680
|
-
grpc_core::StringViewToCString(name_subdomain));
|
1778
|
+
if (dot == absl::string_view::npos || dot == name_subdomain.size() - 1) {
|
1681
1779
|
gpr_log(GPR_ERROR, "Invalid toplevel subdomain: %s",
|
1682
|
-
|
1780
|
+
std::string(name_subdomain).c_str());
|
1683
1781
|
return 0;
|
1684
1782
|
}
|
1685
1783
|
if (name_subdomain.back() == '.') {
|
1686
1784
|
name_subdomain.remove_suffix(1);
|
1687
1785
|
}
|
1688
|
-
return !entry.empty() && name_subdomain
|
1786
|
+
return !entry.empty() && absl::EqualsIgnoreCase(name_subdomain, entry);
|
1689
1787
|
}
|
1690
1788
|
|
1691
1789
|
static int ssl_server_handshaker_factory_servername_callback(SSL* ssl,
|
@@ -1707,7 +1805,7 @@ static int ssl_server_handshaker_factory_servername_callback(SSL* ssl,
|
|
1707
1805
|
}
|
1708
1806
|
}
|
1709
1807
|
gpr_log(GPR_ERROR, "No match found for server name: %s.", servername);
|
1710
|
-
return
|
1808
|
+
return SSL_TLSEXT_ERR_NOACK;
|
1711
1809
|
}
|
1712
1810
|
|
1713
1811
|
#if TSI_OPENSSL_ALPN_SUPPORT
|
@@ -1791,11 +1889,14 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
|
|
1791
1889
|
return TSI_INVALID_ARGUMENT;
|
1792
1890
|
}
|
1793
1891
|
|
1794
|
-
#if
|
1892
|
+
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
1795
1893
|
ssl_context = SSL_CTX_new(TLS_method());
|
1796
1894
|
#else
|
1797
1895
|
ssl_context = SSL_CTX_new(TLSv1_2_method());
|
1798
1896
|
#endif
|
1897
|
+
result = tsi_set_min_and_max_tls_versions(
|
1898
|
+
ssl_context, options->min_tls_version, options->max_tls_version);
|
1899
|
+
if (result != TSI_OK) return result;
|
1799
1900
|
if (ssl_context == nullptr) {
|
1800
1901
|
gpr_log(GPR_ERROR, "Could not create ssl context.");
|
1801
1902
|
return TSI_INVALID_ARGUMENT;
|
@@ -1955,11 +2056,15 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
|
|
1955
2056
|
|
1956
2057
|
for (i = 0; i < options->num_key_cert_pairs; i++) {
|
1957
2058
|
do {
|
1958
|
-
#if
|
2059
|
+
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
1959
2060
|
impl->ssl_contexts[i] = SSL_CTX_new(TLS_method());
|
1960
2061
|
#else
|
1961
2062
|
impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
|
1962
2063
|
#endif
|
2064
|
+
result = tsi_set_min_and_max_tls_versions(impl->ssl_contexts[i],
|
2065
|
+
options->min_tls_version,
|
2066
|
+
options->max_tls_version);
|
2067
|
+
if (result != TSI_OK) return result;
|
1963
2068
|
if (impl->ssl_contexts[i] == nullptr) {
|
1964
2069
|
gpr_log(GPR_ERROR, "Could not create ssl context.");
|
1965
2070
|
result = TSI_OUT_OF_RESOURCES;
|
@@ -2058,8 +2163,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
|
|
2058
2163
|
|
2059
2164
|
/* --- tsi_ssl utils. --- */
|
2060
2165
|
|
2061
|
-
int tsi_ssl_peer_matches_name(const tsi_peer* peer,
|
2062
|
-
grpc_core::StringView name) {
|
2166
|
+
int tsi_ssl_peer_matches_name(const tsi_peer* peer, absl::string_view name) {
|
2063
2167
|
size_t i = 0;
|
2064
2168
|
size_t san_count = 0;
|
2065
2169
|
const tsi_peer_property* cn_property = nullptr;
|
@@ -2073,7 +2177,7 @@ int tsi_ssl_peer_matches_name(const tsi_peer* peer,
|
|
2073
2177
|
TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == 0) {
|
2074
2178
|
san_count++;
|
2075
2179
|
|
2076
|
-
|
2180
|
+
absl::string_view entry(property->value.data, property->value.length);
|
2077
2181
|
if (!like_ip && does_entry_match_name(entry, name)) {
|
2078
2182
|
return 1;
|
2079
2183
|
} else if (like_ip && name == entry) {
|
@@ -2088,8 +2192,8 @@ int tsi_ssl_peer_matches_name(const tsi_peer* peer,
|
|
2088
2192
|
|
2089
2193
|
/* If there's no SAN, try the CN, but only if its not like an IP Address */
|
2090
2194
|
if (san_count == 0 && cn_property != nullptr && !like_ip) {
|
2091
|
-
if (does_entry_match_name(
|
2092
|
-
|
2195
|
+
if (does_entry_match_name(absl::string_view(cn_property->value.data,
|
2196
|
+
cn_property->value.length),
|
2093
2197
|
name)) {
|
2094
2198
|
return 1;
|
2095
2199
|
}
|
@@ -21,7 +21,8 @@
|
|
21
21
|
|
22
22
|
#include <grpc/support/port_platform.h>
|
23
23
|
|
24
|
-
#include
|
24
|
+
#include <grpc/grpc_security_constants.h>
|
25
|
+
#include "absl/strings/string_view.h"
|
25
26
|
#include "src/core/tsi/transport_security_interface.h"
|
26
27
|
|
27
28
|
extern "C" {
|
@@ -43,6 +44,8 @@ extern "C" {
|
|
43
44
|
|
44
45
|
#define TSI_SSL_ALPN_SELECTED_PROTOCOL "ssl_alpn_selected_protocol"
|
45
46
|
|
47
|
+
#define TSI_X509_URI_PEER_PROPERTY "x509_uri"
|
48
|
+
|
46
49
|
/* --- tsi_ssl_root_certs_store object ---
|
47
50
|
|
48
51
|
This object stores SSL root certificates. It can be shared by multiple SSL
|
@@ -81,7 +84,7 @@ typedef struct tsi_ssl_client_handshaker_factory
|
|
81
84
|
tsi_ssl_client_handshaker_factory;
|
82
85
|
|
83
86
|
/* Object that holds a private key / certificate chain pair in PEM format. */
|
84
|
-
|
87
|
+
struct tsi_ssl_pem_key_cert_pair {
|
85
88
|
/* private_key is the NULL-terminated string containing the PEM encoding of
|
86
89
|
the client's private key. */
|
87
90
|
const char* private_key;
|
@@ -89,8 +92,7 @@ typedef struct {
|
|
89
92
|
/* cert_chain is the NULL-terminated string containing the PEM encoding of
|
90
93
|
the client's certificate chain. */
|
91
94
|
const char* cert_chain;
|
92
|
-
}
|
93
|
-
|
95
|
+
};
|
94
96
|
/* TO BE DEPRECATED.
|
95
97
|
Creates a client handshaker factory.
|
96
98
|
- pem_key_cert_pair is a pointer to the object containing client's private
|
@@ -151,6 +153,10 @@ struct tsi_ssl_client_handshaker_options {
|
|
151
153
|
/* skip server certificate verification. */
|
152
154
|
bool skip_server_certificate_verification;
|
153
155
|
|
156
|
+
/* The min and max TLS versions that will be negotiated by the handshaker. */
|
157
|
+
tsi_tls_version min_tls_version;
|
158
|
+
tsi_tls_version max_tls_version;
|
159
|
+
|
154
160
|
tsi_ssl_client_handshaker_options()
|
155
161
|
: pem_key_cert_pair(nullptr),
|
156
162
|
pem_root_certs(nullptr),
|
@@ -159,7 +165,9 @@ struct tsi_ssl_client_handshaker_options {
|
|
159
165
|
alpn_protocols(nullptr),
|
160
166
|
num_alpn_protocols(0),
|
161
167
|
session_cache(nullptr),
|
162
|
-
skip_server_certificate_verification(false)
|
168
|
+
skip_server_certificate_verification(false),
|
169
|
+
min_tls_version(tsi_tls_version::TSI_TLS1_2),
|
170
|
+
max_tls_version(tsi_tls_version::TSI_TLS1_3) {}
|
163
171
|
};
|
164
172
|
|
165
173
|
/* Creates a client handshaker factory.
|
@@ -275,6 +283,9 @@ struct tsi_ssl_server_handshaker_options {
|
|
275
283
|
const char* session_ticket_key;
|
276
284
|
/* session_ticket_key_size is a size of session ticket encryption key. */
|
277
285
|
size_t session_ticket_key_size;
|
286
|
+
/* The min and max TLS versions that will be negotiated by the handshaker. */
|
287
|
+
tsi_tls_version min_tls_version;
|
288
|
+
tsi_tls_version max_tls_version;
|
278
289
|
|
279
290
|
tsi_ssl_server_handshaker_options()
|
280
291
|
: pem_key_cert_pairs(nullptr),
|
@@ -285,7 +296,9 @@ struct tsi_ssl_server_handshaker_options {
|
|
285
296
|
alpn_protocols(nullptr),
|
286
297
|
num_alpn_protocols(0),
|
287
298
|
session_ticket_key(nullptr),
|
288
|
-
session_ticket_key_size(0)
|
299
|
+
session_ticket_key_size(0),
|
300
|
+
min_tls_version(tsi_tls_version::TSI_TLS1_2),
|
301
|
+
max_tls_version(tsi_tls_version::TSI_TLS1_3) {}
|
289
302
|
};
|
290
303
|
|
291
304
|
/* Creates a server handshaker factory.
|
@@ -317,7 +330,7 @@ void tsi_ssl_server_handshaker_factory_unref(
|
|
317
330
|
- handle mixed case.
|
318
331
|
- handle %encoded chars.
|
319
332
|
- handle public suffix wildchar more strictly (e.g. *.co.uk) */
|
320
|
-
int tsi_ssl_peer_matches_name(const tsi_peer* peer,
|
333
|
+
int tsi_ssl_peer_matches_name(const tsi_peer* peer, absl::string_view name);
|
321
334
|
|
322
335
|
/* --- Testing support. ---
|
323
336
|
|
@@ -332,10 +345,9 @@ typedef void (*tsi_ssl_handshaker_factory_destructor)(
|
|
332
345
|
tsi_ssl_handshaker_factory* factory);
|
333
346
|
|
334
347
|
/* Virtual table for tsi_ssl_handshaker_factory. */
|
335
|
-
|
348
|
+
struct tsi_ssl_handshaker_factory_vtable {
|
336
349
|
tsi_ssl_handshaker_factory_destructor destroy;
|
337
|
-
}
|
338
|
-
|
350
|
+
};
|
339
351
|
/* Set destructor of handshaker_factory to new_destructor, returns previous
|
340
352
|
destructor. */
|
341
353
|
const tsi_ssl_handshaker_factory_vtable* tsi_ssl_handshaker_factory_swap_vtable(
|