grpc 1.28.0 → 1.30.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +7694 -11190
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +22 -9
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +19 -21
- data/include/grpc/impl/codegen/port_platform.h +6 -2
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +203 -236
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +17 -10
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +240 -301
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +6 -2
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +73 -59
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +16 -20
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +184 -133
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +32 -5
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +16 -16
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +20 -31
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +4 -3
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +348 -221
- data/src/core/ext/filters/client_channel/xds/xds_api.h +37 -37
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +44 -49
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +532 -339
- data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +31 -19
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +7 -10
- data/src/core/ext/filters/message_size/message_size_filter.h +4 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +23 -22
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +15 -8
- data/src/core/ext/transport/inproc/inproc_transport.cc +19 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -875
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +21 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +43 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +47 -26
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +115 -65
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +88 -6
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +12 -4
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +16 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +63 -41
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +173 -77
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +90 -30
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +69 -63
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +2 -26
- data/src/core/lib/gpr/string.h +0 -16
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +2 -3
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
- data/src/core/lib/iomgr/ev_epollex_linux.cc +2 -3
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
- data/src/core/lib/iomgr/ev_posix.cc +2 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +1 -0
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
- data/src/core/lib/iomgr/resource_quota.cc +4 -6
- data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
- data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
- data/src/core/lib/iomgr/tcp_client_posix.cc +8 -5
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
- data/src/core/lib/iomgr/tcp_custom.cc +2 -3
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +2 -3
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +9 -14
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +5 -5
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +8 -59
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -8
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +55 -27
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +38 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -25
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +59 -12
- data/src/core/lib/security/security_connector/ssl_utils.h +12 -10
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +77 -51
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +14 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +2 -3
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +33 -33
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +570 -369
- data/src/core/lib/surface/server.h +32 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +3 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +8 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +32 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +52 -39
- data/src/core/tsi/ssl_transport_security.h +8 -8
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +3 -3
- data/src/ruby/ext/grpc/rb_call.c +9 -1
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +5 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -0
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +329 -297
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +432 -160
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -12
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +172 -77
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +5 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +14 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +28 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +12 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +64 -47
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +6 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +64 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +6 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +50 -20
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- metadata +111 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
@@ -23,7 +23,7 @@
|
|
23
23
|
|
24
24
|
#include <stddef.h>
|
25
25
|
|
26
|
-
|
26
|
+
struct grpc_uri {
|
27
27
|
char* scheme;
|
28
28
|
char* authority;
|
29
29
|
char* path;
|
@@ -35,8 +35,7 @@ typedef struct {
|
|
35
35
|
/** Split each query part by '='. NULL if not present. */
|
36
36
|
char** query_parts_values;
|
37
37
|
char* fragment;
|
38
|
-
}
|
39
|
-
|
38
|
+
};
|
40
39
|
/** parse a uri, return NULL on failure */
|
41
40
|
grpc_uri* grpc_uri_parse(const char* uri_text, bool suppress_errors);
|
42
41
|
|
@@ -36,8 +36,16 @@ void grpc_lb_policy_grpclb_init(void);
|
|
36
36
|
void grpc_lb_policy_grpclb_shutdown(void);
|
37
37
|
void grpc_lb_policy_cds_init(void);
|
38
38
|
void grpc_lb_policy_cds_shutdown(void);
|
39
|
-
void
|
40
|
-
void
|
39
|
+
void grpc_lb_policy_eds_init(void);
|
40
|
+
void grpc_lb_policy_eds_shutdown(void);
|
41
|
+
void grpc_lb_policy_lrs_init(void);
|
42
|
+
void grpc_lb_policy_lrs_shutdown(void);
|
43
|
+
void grpc_lb_policy_priority_init(void);
|
44
|
+
void grpc_lb_policy_priority_shutdown(void);
|
45
|
+
void grpc_lb_policy_weighted_target_init(void);
|
46
|
+
void grpc_lb_policy_weighted_target_shutdown(void);
|
47
|
+
void grpc_lb_policy_xds_routing_init(void);
|
48
|
+
void grpc_lb_policy_xds_routing_shutdown(void);
|
41
49
|
void grpc_lb_policy_pick_first_init(void);
|
42
50
|
void grpc_lb_policy_pick_first_shutdown(void);
|
43
51
|
void grpc_lb_policy_round_robin_init(void);
|
@@ -78,8 +86,16 @@ void grpc_register_built_in_plugins(void) {
|
|
78
86
|
grpc_lb_policy_grpclb_shutdown);
|
79
87
|
grpc_register_plugin(grpc_lb_policy_cds_init,
|
80
88
|
grpc_lb_policy_cds_shutdown);
|
81
|
-
grpc_register_plugin(
|
82
|
-
|
89
|
+
grpc_register_plugin(grpc_lb_policy_eds_init,
|
90
|
+
grpc_lb_policy_eds_shutdown);
|
91
|
+
grpc_register_plugin(grpc_lb_policy_lrs_init,
|
92
|
+
grpc_lb_policy_lrs_shutdown);
|
93
|
+
grpc_register_plugin(grpc_lb_policy_priority_init,
|
94
|
+
grpc_lb_policy_priority_shutdown);
|
95
|
+
grpc_register_plugin(grpc_lb_policy_weighted_target_init,
|
96
|
+
grpc_lb_policy_weighted_target_shutdown);
|
97
|
+
grpc_register_plugin(grpc_lb_policy_xds_routing_init,
|
98
|
+
grpc_lb_policy_xds_routing_shutdown);
|
83
99
|
grpc_register_plugin(grpc_lb_policy_pick_first_init,
|
84
100
|
grpc_lb_policy_pick_first_shutdown);
|
85
101
|
grpc_register_plugin(grpc_lb_policy_round_robin_init,
|
@@ -102,6 +102,8 @@ typedef struct alts_grpc_handshaker_client {
|
|
102
102
|
bool receive_status_finished;
|
103
103
|
/* if non-null, contains arguments to complete a TSI next callback. */
|
104
104
|
recv_message_result* pending_recv_message_result;
|
105
|
+
/* Maximum frame size used by frame protector. */
|
106
|
+
size_t max_frame_size;
|
105
107
|
} alts_grpc_handshaker_client;
|
106
108
|
|
107
109
|
static void handshaker_client_send_buffer_destroy(
|
@@ -506,6 +508,8 @@ static grpc_byte_buffer* get_serialized_start_client(
|
|
506
508
|
upb_strview_makez(ptr->data));
|
507
509
|
ptr = ptr->next;
|
508
510
|
}
|
511
|
+
grpc_gcp_StartClientHandshakeReq_set_max_frame_size(
|
512
|
+
start_client, static_cast<uint32_t>(client->max_frame_size));
|
509
513
|
return get_serialized_handshaker_req(req, arena.ptr());
|
510
514
|
}
|
511
515
|
|
@@ -565,6 +569,8 @@ static grpc_byte_buffer* get_serialized_start_server(
|
|
565
569
|
arena.ptr());
|
566
570
|
grpc_gcp_RpcProtocolVersions_assign_from_struct(
|
567
571
|
server_version, arena.ptr(), &client->options->rpc_versions);
|
572
|
+
grpc_gcp_StartServerHandshakeReq_set_max_frame_size(
|
573
|
+
start_server, static_cast<uint32_t>(client->max_frame_size));
|
568
574
|
return get_serialized_handshaker_req(req, arena.ptr());
|
569
575
|
}
|
570
576
|
|
@@ -674,7 +680,7 @@ alts_handshaker_client* alts_grpc_handshaker_client_create(
|
|
674
680
|
grpc_alts_credentials_options* options, const grpc_slice& target_name,
|
675
681
|
grpc_iomgr_cb_func grpc_cb, tsi_handshaker_on_next_done_cb cb,
|
676
682
|
void* user_data, alts_handshaker_client_vtable* vtable_for_testing,
|
677
|
-
bool is_client) {
|
683
|
+
bool is_client, size_t max_frame_size) {
|
678
684
|
if (channel == nullptr || handshaker_service_url == nullptr) {
|
679
685
|
gpr_log(GPR_ERROR, "Invalid arguments to alts_handshaker_client_create()");
|
680
686
|
return nullptr;
|
@@ -694,6 +700,7 @@ alts_handshaker_client* alts_grpc_handshaker_client_create(
|
|
694
700
|
client->recv_bytes = grpc_empty_slice();
|
695
701
|
grpc_metadata_array_init(&client->recv_initial_metadata);
|
696
702
|
client->is_client = is_client;
|
703
|
+
client->max_frame_size = max_frame_size;
|
697
704
|
client->buffer_size = TSI_ALTS_INITIAL_BUFFER_SIZE;
|
698
705
|
client->buffer = static_cast<unsigned char*>(gpr_zalloc(client->buffer_size));
|
699
706
|
grpc_slice slice = grpc_slice_from_copied_string(handshaker_service_url);
|
@@ -117,7 +117,7 @@ void alts_handshaker_client_destroy(alts_handshaker_client* client);
|
|
117
117
|
* This method creates an ALTS handshaker client.
|
118
118
|
*
|
119
119
|
* - handshaker: ALTS TSI handshaker to which the created handshaker client
|
120
|
-
*
|
120
|
+
* belongs to.
|
121
121
|
* - channel: grpc channel to ALTS handshaker service.
|
122
122
|
* - handshaker_service_url: address of ALTS handshaker service in the format of
|
123
123
|
* "host:port".
|
@@ -132,8 +132,12 @@ void alts_handshaker_client_destroy(alts_handshaker_client* client);
|
|
132
132
|
* - vtable_for_testing: ALTS handshaker client vtable instance used for
|
133
133
|
* testing purpose.
|
134
134
|
* - is_client: a boolean value indicating if the created handshaker client is
|
135
|
-
*
|
136
|
-
*
|
135
|
+
* used at the client (is_client = true) or server (is_client = false) side.
|
136
|
+
* - max_frame_size: Maximum frame size used by frame protector (User specified
|
137
|
+
* maximum frame size if present or default max frame size).
|
138
|
+
*
|
139
|
+
* It returns the created ALTS handshaker client on success, and NULL
|
140
|
+
* on failure.
|
137
141
|
*/
|
138
142
|
alts_handshaker_client* alts_grpc_handshaker_client_create(
|
139
143
|
alts_tsi_handshaker* handshaker, grpc_channel* channel,
|
@@ -141,7 +145,7 @@ alts_handshaker_client* alts_grpc_handshaker_client_create(
|
|
141
145
|
grpc_alts_credentials_options* options, const grpc_slice& target_name,
|
142
146
|
grpc_iomgr_cb_func grpc_cb, tsi_handshaker_on_next_done_cb cb,
|
143
147
|
void* user_data, alts_handshaker_client_vtable* vtable_for_testing,
|
144
|
-
bool is_client);
|
148
|
+
bool is_client, size_t max_frame_size);
|
145
149
|
|
146
150
|
/**
|
147
151
|
* This method handles handshaker response returned from ALTS handshaker
|
@@ -63,6 +63,8 @@ struct alts_tsi_handshaker {
|
|
63
63
|
// shutdown effectively follows base.handshake_shutdown,
|
64
64
|
// but is synchronized by the mutex of this object.
|
65
65
|
bool shutdown;
|
66
|
+
// Maximum frame size used by frame protector.
|
67
|
+
size_t max_frame_size;
|
66
68
|
};
|
67
69
|
|
68
70
|
/* Main struct for ALTS TSI handshaker result. */
|
@@ -75,6 +77,8 @@ typedef struct alts_tsi_handshaker_result {
|
|
75
77
|
grpc_slice rpc_versions;
|
76
78
|
bool is_client;
|
77
79
|
grpc_slice serialized_context;
|
80
|
+
// Peer's maximum frame size.
|
81
|
+
size_t max_frame_size;
|
78
82
|
} alts_tsi_handshaker_result;
|
79
83
|
|
80
84
|
static tsi_result handshaker_result_extract_peer(
|
@@ -156,6 +160,26 @@ static tsi_result handshaker_result_create_zero_copy_grpc_protector(
|
|
156
160
|
alts_tsi_handshaker_result* result =
|
157
161
|
reinterpret_cast<alts_tsi_handshaker_result*>(
|
158
162
|
const_cast<tsi_handshaker_result*>(self));
|
163
|
+
|
164
|
+
// In case the peer does not send max frame size (e.g. peer is gRPC Go or
|
165
|
+
// peer uses an old binary), the negotiated frame size is set to
|
166
|
+
// kTsiAltsMinFrameSize (ignoring max_output_protected_frame_size value if
|
167
|
+
// present). Otherwise, it is based on peer and user specified max frame
|
168
|
+
// size (if present).
|
169
|
+
size_t max_frame_size = kTsiAltsMinFrameSize;
|
170
|
+
if (result->max_frame_size) {
|
171
|
+
size_t peer_max_frame_size = result->max_frame_size;
|
172
|
+
max_frame_size = std::min<size_t>(peer_max_frame_size,
|
173
|
+
max_output_protected_frame_size == nullptr
|
174
|
+
? kTsiAltsMaxFrameSize
|
175
|
+
: *max_output_protected_frame_size);
|
176
|
+
max_frame_size = std::max<size_t>(max_frame_size, kTsiAltsMinFrameSize);
|
177
|
+
}
|
178
|
+
max_output_protected_frame_size = &max_frame_size;
|
179
|
+
gpr_log(GPR_DEBUG,
|
180
|
+
"After Frame Size Negotiation, maximum frame size used by frame "
|
181
|
+
"protector equals %zu",
|
182
|
+
*max_output_protected_frame_size);
|
159
183
|
tsi_result ok = alts_zero_copy_grpc_protector_create(
|
160
184
|
reinterpret_cast<const uint8_t*>(result->key_data),
|
161
185
|
kAltsAes128GcmRekeyKeyLength, /*is_rekey=*/true, result->is_client,
|
@@ -288,6 +312,7 @@ tsi_result alts_tsi_handshaker_result_create(grpc_gcp_HandshakerResp* resp,
|
|
288
312
|
static_cast<char*>(gpr_zalloc(peer_service_account.size + 1));
|
289
313
|
memcpy(result->peer_identity, peer_service_account.data,
|
290
314
|
peer_service_account.size);
|
315
|
+
result->max_frame_size = grpc_gcp_HandshakerResult_max_frame_size(hresult);
|
291
316
|
upb::Arena rpc_versions_arena;
|
292
317
|
bool serialized = grpc_gcp_rpc_protocol_versions_encode(
|
293
318
|
peer_rpc_version, rpc_versions_arena.ptr(), &result->rpc_versions);
|
@@ -374,7 +399,8 @@ static tsi_result alts_tsi_handshaker_continue_handshaker_next(
|
|
374
399
|
handshaker, channel, handshaker->handshaker_service_url,
|
375
400
|
handshaker->interested_parties, handshaker->options,
|
376
401
|
handshaker->target_name, grpc_cb, cb, user_data,
|
377
|
-
handshaker->client_vtable_for_testing, handshaker->is_client
|
402
|
+
handshaker->client_vtable_for_testing, handshaker->is_client,
|
403
|
+
handshaker->max_frame_size);
|
378
404
|
if (client == nullptr) {
|
379
405
|
gpr_log(GPR_ERROR, "Failed to create ALTS handshaker client");
|
380
406
|
return TSI_FAILED_PRECONDITION;
|
@@ -570,7 +596,8 @@ bool alts_tsi_handshaker_has_shutdown(alts_tsi_handshaker* handshaker) {
|
|
570
596
|
tsi_result alts_tsi_handshaker_create(
|
571
597
|
const grpc_alts_credentials_options* options, const char* target_name,
|
572
598
|
const char* handshaker_service_url, bool is_client,
|
573
|
-
grpc_pollset_set* interested_parties, tsi_handshaker** self
|
599
|
+
grpc_pollset_set* interested_parties, tsi_handshaker** self,
|
600
|
+
size_t user_specified_max_frame_size) {
|
574
601
|
if (handshaker_service_url == nullptr || self == nullptr ||
|
575
602
|
options == nullptr || (is_client && target_name == nullptr)) {
|
576
603
|
gpr_log(GPR_ERROR, "Invalid arguments to alts_tsi_handshaker_create()");
|
@@ -590,6 +617,9 @@ tsi_result alts_tsi_handshaker_create(
|
|
590
617
|
handshaker->has_created_handshaker_client = false;
|
591
618
|
handshaker->handshaker_service_url = gpr_strdup(handshaker_service_url);
|
592
619
|
handshaker->options = grpc_alts_credentials_options_copy(options);
|
620
|
+
handshaker->max_frame_size = user_specified_max_frame_size != 0
|
621
|
+
? user_specified_max_frame_size
|
622
|
+
: kTsiAltsMaxFrameSize;
|
593
623
|
handshaker->base.vtable = handshaker->use_dedicated_cq
|
594
624
|
? &handshaker_vtable_dedicated
|
595
625
|
: &handshaker_vtable;
|
@@ -38,6 +38,11 @@
|
|
38
38
|
|
39
39
|
const size_t kTsiAltsNumOfPeerProperties = 5;
|
40
40
|
|
41
|
+
// Frame size negotiation extends send frame size range to
|
42
|
+
// [kTsiAltsMinFrameSize, kTsiAltsMaxFrameSize].
|
43
|
+
const size_t kTsiAltsMinFrameSize = 16 * 1024;
|
44
|
+
const size_t kTsiAltsMaxFrameSize = 128 * 1024;
|
45
|
+
|
41
46
|
typedef struct alts_tsi_handshaker alts_tsi_handshaker;
|
42
47
|
|
43
48
|
/**
|
@@ -54,6 +59,8 @@ typedef struct alts_tsi_handshaker alts_tsi_handshaker;
|
|
54
59
|
* - interested_parties: set of pollsets interested in this connection.
|
55
60
|
* - self: address of ALTS TSI handshaker instance to be returned from the
|
56
61
|
* method.
|
62
|
+
* - user_specified_max_frame_size: Determines the maximum frame size used by
|
63
|
+
* frame protector that is specified via user. If unspecified, the value is 0.
|
57
64
|
*
|
58
65
|
* It returns TSI_OK on success and an error status code on failure. Note that
|
59
66
|
* if interested_parties is nullptr, a dedicated TSI thread will be created and
|
@@ -62,7 +69,8 @@ typedef struct alts_tsi_handshaker alts_tsi_handshaker;
|
|
62
69
|
tsi_result alts_tsi_handshaker_create(
|
63
70
|
const grpc_alts_credentials_options* options, const char* target_name,
|
64
71
|
const char* handshaker_service_url, bool is_client,
|
65
|
-
grpc_pollset_set* interested_parties, tsi_handshaker** self
|
72
|
+
grpc_pollset_set* interested_parties, tsi_handshaker** self,
|
73
|
+
size_t user_specified_max_frame_size);
|
66
74
|
|
67
75
|
/**
|
68
76
|
* This method creates an ALTS TSI handshaker result instance.
|
@@ -31,7 +31,7 @@
|
|
31
31
|
#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
|
32
32
|
|
33
33
|
/* V-table for alts_grpc_record_protocol implementations. */
|
34
|
-
|
34
|
+
struct alts_grpc_record_protocol_vtable {
|
35
35
|
tsi_result (*protect)(alts_grpc_record_protocol* self,
|
36
36
|
grpc_slice_buffer* unprotected_slices,
|
37
37
|
grpc_slice_buffer* protected_slices);
|
@@ -39,8 +39,7 @@ typedef struct {
|
|
39
39
|
grpc_slice_buffer* protected_slices,
|
40
40
|
grpc_slice_buffer* unprotected_slices);
|
41
41
|
void (*destruct)(alts_grpc_record_protocol* self);
|
42
|
-
}
|
43
|
-
|
42
|
+
};
|
44
43
|
/* Main struct for alts_grpc_record_protocol implementation, shared by both
|
45
44
|
* integrity-only record protocol and privacy-integrity record protocol.
|
46
45
|
* Integrity-only record protocol has additional data elements.
|
@@ -42,14 +42,13 @@
|
|
42
42
|
| size | data |
|
43
43
|
where the size field value is the size of the size field plus the size of
|
44
44
|
the data encoded in little endian on 4 bytes. */
|
45
|
-
|
45
|
+
struct tsi_fake_frame {
|
46
46
|
unsigned char* data;
|
47
47
|
size_t size;
|
48
48
|
size_t allocated_size;
|
49
49
|
size_t offset;
|
50
50
|
int needs_draining;
|
51
|
-
}
|
52
|
-
|
51
|
+
};
|
53
52
|
typedef enum {
|
54
53
|
TSI_FAKE_CLIENT_INIT = 0,
|
55
54
|
TSI_FAKE_SERVER_INIT = 1,
|
@@ -58,7 +57,7 @@ typedef enum {
|
|
58
57
|
TSI_FAKE_HANDSHAKE_MESSAGE_MAX = 4
|
59
58
|
} tsi_fake_handshake_message;
|
60
59
|
|
61
|
-
|
60
|
+
struct tsi_fake_handshaker {
|
62
61
|
tsi_handshaker base;
|
63
62
|
int is_client;
|
64
63
|
tsi_fake_handshake_message next_message_to_send;
|
@@ -68,23 +67,20 @@ typedef struct {
|
|
68
67
|
unsigned char* outgoing_bytes_buffer;
|
69
68
|
size_t outgoing_bytes_buffer_size;
|
70
69
|
tsi_result result;
|
71
|
-
}
|
72
|
-
|
73
|
-
typedef struct {
|
70
|
+
};
|
71
|
+
struct tsi_fake_frame_protector {
|
74
72
|
tsi_frame_protector base;
|
75
73
|
tsi_fake_frame protect_frame;
|
76
74
|
tsi_fake_frame unprotect_frame;
|
77
75
|
size_t max_frame_size;
|
78
|
-
}
|
79
|
-
|
80
|
-
typedef struct {
|
76
|
+
};
|
77
|
+
struct tsi_fake_zero_copy_grpc_protector {
|
81
78
|
tsi_zero_copy_grpc_protector base;
|
82
79
|
grpc_slice_buffer header_sb;
|
83
80
|
grpc_slice_buffer protected_sb;
|
84
81
|
size_t max_frame_size;
|
85
82
|
size_t parsed_frame_size;
|
86
|
-
}
|
87
|
-
|
83
|
+
};
|
88
84
|
/* --- Utils. ---*/
|
89
85
|
|
90
86
|
static const char* tsi_fake_handshake_message_strings[] = {
|
@@ -488,12 +484,11 @@ static const tsi_zero_copy_grpc_protector_vtable
|
|
488
484
|
|
489
485
|
/* --- tsi_handshaker_result methods implementation. ---*/
|
490
486
|
|
491
|
-
|
487
|
+
struct fake_handshaker_result {
|
492
488
|
tsi_handshaker_result base;
|
493
489
|
unsigned char* unused_bytes;
|
494
490
|
size_t unused_bytes_size;
|
495
|
-
}
|
496
|
-
|
491
|
+
};
|
497
492
|
static tsi_result fake_handshaker_result_extract_peer(
|
498
493
|
const tsi_handshaker_result* self, tsi_peer* peer) {
|
499
494
|
/* Construct a tsi_peer with 1 property: certificate type, security_level. */
|
@@ -18,8 +18,6 @@
|
|
18
18
|
|
19
19
|
#include <grpc/support/port_platform.h>
|
20
20
|
|
21
|
-
#include "src/core/tsi/grpc_shadow_boringssl.h"
|
22
|
-
|
23
21
|
#include "src/core/tsi/ssl_transport_security.h"
|
24
22
|
|
25
23
|
#include <limits.h>
|
@@ -42,6 +40,9 @@
|
|
42
40
|
#include <grpc/support/sync.h>
|
43
41
|
#include <grpc/support/thd_id.h>
|
44
42
|
|
43
|
+
#include "absl/strings/match.h"
|
44
|
+
#include "absl/strings/string_view.h"
|
45
|
+
|
45
46
|
extern "C" {
|
46
47
|
#include <openssl/bio.h>
|
47
48
|
#include <openssl/crypto.h> /* For OPENSSL_free */
|
@@ -105,7 +106,7 @@ struct tsi_ssl_server_handshaker_factory {
|
|
105
106
|
size_t alpn_protocol_list_length;
|
106
107
|
};
|
107
108
|
|
108
|
-
|
109
|
+
struct tsi_ssl_handshaker {
|
109
110
|
tsi_handshaker base;
|
110
111
|
SSL* ssl;
|
111
112
|
BIO* network_io;
|
@@ -113,25 +114,22 @@ typedef struct {
|
|
113
114
|
unsigned char* outgoing_bytes_buffer;
|
114
115
|
size_t outgoing_bytes_buffer_size;
|
115
116
|
tsi_ssl_handshaker_factory* factory_ref;
|
116
|
-
}
|
117
|
-
|
118
|
-
typedef struct {
|
117
|
+
};
|
118
|
+
struct tsi_ssl_handshaker_result {
|
119
119
|
tsi_handshaker_result base;
|
120
120
|
SSL* ssl;
|
121
121
|
BIO* network_io;
|
122
122
|
unsigned char* unused_bytes;
|
123
123
|
size_t unused_bytes_size;
|
124
|
-
}
|
125
|
-
|
126
|
-
typedef struct {
|
124
|
+
};
|
125
|
+
struct tsi_ssl_frame_protector {
|
127
126
|
tsi_frame_protector base;
|
128
127
|
SSL* ssl;
|
129
128
|
BIO* network_io;
|
130
129
|
unsigned char* buffer;
|
131
130
|
size_t buffer_size;
|
132
131
|
size_t buffer_offset;
|
133
|
-
}
|
134
|
-
|
132
|
+
};
|
135
133
|
/* --- Library Initialization. ---*/
|
136
134
|
|
137
135
|
static gpr_once g_init_openssl_once = GPR_ONCE_INIT;
|
@@ -238,7 +236,7 @@ static void ssl_info_callback(const SSL* ssl, int where, int ret) {
|
|
238
236
|
|
239
237
|
/* Returns 1 if name looks like an IP address, 0 otherwise.
|
240
238
|
This is a very rough heuristic, and only handles IPv6 in hexadecimal form. */
|
241
|
-
static int looks_like_ip_address(
|
239
|
+
static int looks_like_ip_address(absl::string_view name) {
|
242
240
|
size_t dot_count = 0;
|
243
241
|
size_t num_size = 0;
|
244
242
|
for (size_t i = 0; i < name.size(); ++i) {
|
@@ -345,13 +343,10 @@ static tsi_result add_pem_certificate(X509* cert, tsi_peer_property* property) {
|
|
345
343
|
/* Gets the subject SANs from an X509 cert as a tsi_peer_property. */
|
346
344
|
static tsi_result add_subject_alt_names_properties_to_peer(
|
347
345
|
tsi_peer* peer, GENERAL_NAMES* subject_alt_names,
|
348
|
-
size_t subject_alt_name_count) {
|
346
|
+
size_t subject_alt_name_count, int* current_insert_index) {
|
349
347
|
size_t i;
|
350
348
|
tsi_result result = TSI_OK;
|
351
349
|
|
352
|
-
/* Reset for DNS entries filtering. */
|
353
|
-
peer->property_count -= subject_alt_name_count;
|
354
|
-
|
355
350
|
for (i = 0; i < subject_alt_name_count; i++) {
|
356
351
|
GENERAL_NAME* subject_alt_name =
|
357
352
|
sk_GENERAL_NAME_value(subject_alt_names, TSI_SIZE_AS_SIZE(i));
|
@@ -376,7 +371,17 @@ static tsi_result add_subject_alt_names_properties_to_peer(
|
|
376
371
|
result = tsi_construct_string_peer_property(
|
377
372
|
TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY,
|
378
373
|
reinterpret_cast<const char*>(name), static_cast<size_t>(name_size),
|
379
|
-
&peer->properties[
|
374
|
+
&peer->properties[(*current_insert_index)++]);
|
375
|
+
if (result != TSI_OK) {
|
376
|
+
OPENSSL_free(name);
|
377
|
+
break;
|
378
|
+
}
|
379
|
+
if (subject_alt_name->type == GEN_URI) {
|
380
|
+
result = tsi_construct_string_peer_property(
|
381
|
+
TSI_X509_URI_PEER_PROPERTY, reinterpret_cast<const char*>(name),
|
382
|
+
static_cast<size_t>(name_size),
|
383
|
+
&peer->properties[(*current_insert_index)++]);
|
384
|
+
}
|
380
385
|
OPENSSL_free(name);
|
381
386
|
} else if (subject_alt_name->type == GEN_IPADD) {
|
382
387
|
char ntop_buf[INET6_ADDRSTRLEN];
|
@@ -401,7 +406,7 @@ static tsi_result add_subject_alt_names_properties_to_peer(
|
|
401
406
|
|
402
407
|
result = tsi_construct_string_peer_property_from_cstring(
|
403
408
|
TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, name,
|
404
|
-
&peer->properties[
|
409
|
+
&peer->properties[(*current_insert_index)++]);
|
405
410
|
}
|
406
411
|
if (result != TSI_OK) break;
|
407
412
|
}
|
@@ -424,26 +429,35 @@ static tsi_result peer_from_x509(X509* cert, int include_certificate_type,
|
|
424
429
|
property_count = (include_certificate_type ? static_cast<size_t>(1) : 0) +
|
425
430
|
2 /* common name, certificate */ +
|
426
431
|
static_cast<size_t>(subject_alt_name_count);
|
432
|
+
for (int i = 0; i < subject_alt_name_count; i++) {
|
433
|
+
GENERAL_NAME* subject_alt_name =
|
434
|
+
sk_GENERAL_NAME_value(subject_alt_names, TSI_SIZE_AS_SIZE(i));
|
435
|
+
if (subject_alt_name->type == GEN_URI) {
|
436
|
+
property_count += 1;
|
437
|
+
}
|
438
|
+
}
|
427
439
|
result = tsi_construct_peer(property_count, peer);
|
428
440
|
if (result != TSI_OK) return result;
|
441
|
+
int current_insert_index = 0;
|
429
442
|
do {
|
430
443
|
if (include_certificate_type) {
|
431
444
|
result = tsi_construct_string_peer_property_from_cstring(
|
432
445
|
TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
|
433
|
-
&peer->properties[
|
446
|
+
&peer->properties[current_insert_index++]);
|
434
447
|
if (result != TSI_OK) break;
|
435
448
|
}
|
436
449
|
result = peer_property_from_x509_common_name(
|
437
|
-
cert, &peer->properties[
|
450
|
+
cert, &peer->properties[current_insert_index++]);
|
438
451
|
if (result != TSI_OK) break;
|
439
452
|
|
440
|
-
result =
|
441
|
-
cert, &peer->properties[
|
453
|
+
result =
|
454
|
+
add_pem_certificate(cert, &peer->properties[current_insert_index++]);
|
442
455
|
if (result != TSI_OK) break;
|
443
456
|
|
444
457
|
if (subject_alt_name_count != 0) {
|
445
458
|
result = add_subject_alt_names_properties_to_peer(
|
446
|
-
peer, subject_alt_names, static_cast<size_t>(subject_alt_name_count)
|
459
|
+
peer, subject_alt_names, static_cast<size_t>(subject_alt_name_count),
|
460
|
+
¤t_insert_index);
|
447
461
|
if (result != TSI_OK) break;
|
448
462
|
}
|
449
463
|
} while (0);
|
@@ -452,6 +466,8 @@ static tsi_result peer_from_x509(X509* cert, int include_certificate_type,
|
|
452
466
|
sk_GENERAL_NAME_pop_free(subject_alt_names, GENERAL_NAME_free);
|
453
467
|
}
|
454
468
|
if (result != TSI_OK) tsi_peer_destruct(peer);
|
469
|
+
|
470
|
+
GPR_ASSERT((int)peer->property_count == current_insert_index);
|
455
471
|
return result;
|
456
472
|
}
|
457
473
|
|
@@ -1645,8 +1661,8 @@ static void tsi_ssl_server_handshaker_factory_destroy(
|
|
1645
1661
|
gpr_free(self);
|
1646
1662
|
}
|
1647
1663
|
|
1648
|
-
static int does_entry_match_name(
|
1649
|
-
|
1664
|
+
static int does_entry_match_name(absl::string_view entry,
|
1665
|
+
absl::string_view name) {
|
1650
1666
|
if (entry.empty()) return 0;
|
1651
1667
|
|
1652
1668
|
/* Take care of '.' terminations. */
|
@@ -1658,7 +1674,7 @@ static int does_entry_match_name(grpc_core::StringView entry,
|
|
1658
1674
|
if (entry.empty()) return 0;
|
1659
1675
|
}
|
1660
1676
|
|
1661
|
-
if (name
|
1677
|
+
if (absl::EqualsIgnoreCase(name, entry)) {
|
1662
1678
|
return 1; /* Perfect match. */
|
1663
1679
|
}
|
1664
1680
|
if (entry.front() != '*') return 0;
|
@@ -1669,23 +1685,21 @@ static int does_entry_match_name(grpc_core::StringView entry,
|
|
1669
1685
|
return 0;
|
1670
1686
|
}
|
1671
1687
|
size_t name_subdomain_pos = name.find('.');
|
1672
|
-
if (name_subdomain_pos ==
|
1688
|
+
if (name_subdomain_pos == absl::string_view::npos) return 0;
|
1673
1689
|
if (name_subdomain_pos >= name.size() - 2) return 0;
|
1674
|
-
|
1690
|
+
absl::string_view name_subdomain =
|
1675
1691
|
name.substr(name_subdomain_pos + 1); /* Starts after the dot. */
|
1676
1692
|
entry.remove_prefix(2); /* Remove *. */
|
1677
1693
|
size_t dot = name_subdomain.find('.');
|
1678
|
-
if (dot ==
|
1679
|
-
grpc_core::UniquePtr<char> name_subdomain_cstr(
|
1680
|
-
grpc_core::StringViewToCString(name_subdomain));
|
1694
|
+
if (dot == absl::string_view::npos || dot == name_subdomain.size() - 1) {
|
1681
1695
|
gpr_log(GPR_ERROR, "Invalid toplevel subdomain: %s",
|
1682
|
-
|
1696
|
+
std::string(name_subdomain).c_str());
|
1683
1697
|
return 0;
|
1684
1698
|
}
|
1685
1699
|
if (name_subdomain.back() == '.') {
|
1686
1700
|
name_subdomain.remove_suffix(1);
|
1687
1701
|
}
|
1688
|
-
return !entry.empty() && name_subdomain
|
1702
|
+
return !entry.empty() && absl::EqualsIgnoreCase(name_subdomain, entry);
|
1689
1703
|
}
|
1690
1704
|
|
1691
1705
|
static int ssl_server_handshaker_factory_servername_callback(SSL* ssl,
|
@@ -1707,7 +1721,7 @@ static int ssl_server_handshaker_factory_servername_callback(SSL* ssl,
|
|
1707
1721
|
}
|
1708
1722
|
}
|
1709
1723
|
gpr_log(GPR_ERROR, "No match found for server name: %s.", servername);
|
1710
|
-
return
|
1724
|
+
return SSL_TLSEXT_ERR_NOACK;
|
1711
1725
|
}
|
1712
1726
|
|
1713
1727
|
#if TSI_OPENSSL_ALPN_SUPPORT
|
@@ -2058,8 +2072,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
|
|
2058
2072
|
|
2059
2073
|
/* --- tsi_ssl utils. --- */
|
2060
2074
|
|
2061
|
-
int tsi_ssl_peer_matches_name(const tsi_peer* peer,
|
2062
|
-
grpc_core::StringView name) {
|
2075
|
+
int tsi_ssl_peer_matches_name(const tsi_peer* peer, absl::string_view name) {
|
2063
2076
|
size_t i = 0;
|
2064
2077
|
size_t san_count = 0;
|
2065
2078
|
const tsi_peer_property* cn_property = nullptr;
|
@@ -2073,7 +2086,7 @@ int tsi_ssl_peer_matches_name(const tsi_peer* peer,
|
|
2073
2086
|
TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == 0) {
|
2074
2087
|
san_count++;
|
2075
2088
|
|
2076
|
-
|
2089
|
+
absl::string_view entry(property->value.data, property->value.length);
|
2077
2090
|
if (!like_ip && does_entry_match_name(entry, name)) {
|
2078
2091
|
return 1;
|
2079
2092
|
} else if (like_ip && name == entry) {
|
@@ -2088,8 +2101,8 @@ int tsi_ssl_peer_matches_name(const tsi_peer* peer,
|
|
2088
2101
|
|
2089
2102
|
/* If there's no SAN, try the CN, but only if its not like an IP Address */
|
2090
2103
|
if (san_count == 0 && cn_property != nullptr && !like_ip) {
|
2091
|
-
if (does_entry_match_name(
|
2092
|
-
|
2104
|
+
if (does_entry_match_name(absl::string_view(cn_property->value.data,
|
2105
|
+
cn_property->value.length),
|
2093
2106
|
name)) {
|
2094
2107
|
return 1;
|
2095
2108
|
}
|