grpc 1.53.2 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +78 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
- data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -32
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +0 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +19 -55
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +0 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +0 -21
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/validate_metadata.cc +42 -43
- data/src/core/lib/surface/validate_metadata.h +0 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +5 -2
- data/src/core/lib/transport/metadata_batch.h +17 -113
- data/src/core/lib/transport/parsed_metadata.h +6 -16
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +103 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
|
@@ -45,6 +45,9 @@
|
|
|
45
45
|
#include "src/core/lib/promise/context.h"
|
|
46
46
|
#include "src/core/lib/resource_quota/memory_quota.h"
|
|
47
47
|
|
|
48
|
+
// #define GRPC_ARENA_POOLED_ALLOCATIONS_USE_MALLOC
|
|
49
|
+
// #define GRPC_ARENA_TRACE_POOLED_ALLOCATIONS
|
|
50
|
+
|
|
48
51
|
namespace grpc_core {
|
|
49
52
|
|
|
50
53
|
namespace arena_detail {
|
|
@@ -114,7 +117,9 @@ PoolAndSize ChoosePoolForAllocationSize(
|
|
|
114
117
|
} // namespace arena_detail
|
|
115
118
|
|
|
116
119
|
class Arena {
|
|
117
|
-
|
|
120
|
+
// Selected pool sizes.
|
|
121
|
+
// How to tune: see tools/codegen/core/optimize_arena_pool_sizes.py
|
|
122
|
+
using PoolSizes = absl::integer_sequence<size_t, 80, 304, 528, 1024>;
|
|
118
123
|
struct FreePoolNode {
|
|
119
124
|
FreePoolNode* next;
|
|
120
125
|
};
|
|
@@ -130,6 +135,13 @@ class Arena {
|
|
|
130
135
|
size_t initial_size, size_t alloc_size,
|
|
131
136
|
MemoryAllocator* memory_allocator);
|
|
132
137
|
|
|
138
|
+
// Destroy all `ManagedNew` allocated objects.
|
|
139
|
+
// Allows safe destruction of these objects even if they need context held by
|
|
140
|
+
// the arena.
|
|
141
|
+
// Idempotent.
|
|
142
|
+
// TODO(ctiller): eliminate ManagedNew.
|
|
143
|
+
void DestroyManagedNewObjects();
|
|
144
|
+
|
|
133
145
|
// Destroy an arena.
|
|
134
146
|
void Destroy();
|
|
135
147
|
|
|
@@ -170,6 +182,7 @@ class Arena {
|
|
|
170
182
|
return &p->t;
|
|
171
183
|
}
|
|
172
184
|
|
|
185
|
+
#ifndef GRPC_ARENA_POOLED_ALLOCATIONS_USE_MALLOC
|
|
173
186
|
class PooledDeleter {
|
|
174
187
|
public:
|
|
175
188
|
explicit PooledDeleter(std::atomic<FreePoolNode*>* free_list)
|
|
@@ -209,6 +222,7 @@ class Arena {
|
|
|
209
222
|
&pools_[arena_detail::PoolFromObjectSize<sizeof(T)>(PoolSizes())];
|
|
210
223
|
return PoolPtr<T>(
|
|
211
224
|
new (AllocPooled(
|
|
225
|
+
sizeof(T),
|
|
212
226
|
arena_detail::AllocationSizeFromObjectSize<sizeof(T)>(PoolSizes()),
|
|
213
227
|
free_list)) T(std::forward<Args>(args)...),
|
|
214
228
|
PooledDeleter(free_list));
|
|
@@ -229,12 +243,95 @@ class Arena {
|
|
|
229
243
|
return PoolPtr<T[]>(new (Alloc(where.alloc_size)) T[n],
|
|
230
244
|
PooledDeleter(nullptr));
|
|
231
245
|
} else {
|
|
232
|
-
return PoolPtr<T[]>(
|
|
233
|
-
|
|
234
|
-
|
|
246
|
+
return PoolPtr<T[]>(new (AllocPooled(where.alloc_size, where.alloc_size,
|
|
247
|
+
&pools_[where.pool_index])) T[n],
|
|
248
|
+
PooledDeleter(&pools_[where.pool_index]));
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
// Like MakePooled, but with manual memory management.
|
|
253
|
+
// The caller is responsible for calling DeletePooled() on the returned
|
|
254
|
+
// pointer, and expected to call it with the same type T as was passed to this
|
|
255
|
+
// function (else the free list returned to the arena will be corrupted).
|
|
256
|
+
template <typename T, typename... Args>
|
|
257
|
+
T* NewPooled(Args&&... args) {
|
|
258
|
+
auto* free_list =
|
|
259
|
+
&pools_[arena_detail::PoolFromObjectSize<sizeof(T)>(PoolSizes())];
|
|
260
|
+
return new (AllocPooled(
|
|
261
|
+
sizeof(T),
|
|
262
|
+
arena_detail::AllocationSizeFromObjectSize<sizeof(T)>(PoolSizes()),
|
|
263
|
+
free_list)) T(std::forward<Args>(args)...);
|
|
264
|
+
}
|
|
265
|
+
|
|
266
|
+
template <typename T>
|
|
267
|
+
void DeletePooled(T* p) {
|
|
268
|
+
auto* free_list =
|
|
269
|
+
&pools_[arena_detail::PoolFromObjectSize<sizeof(T)>(PoolSizes())];
|
|
270
|
+
p->~T();
|
|
271
|
+
FreePooled(p, free_list);
|
|
272
|
+
}
|
|
273
|
+
#else
|
|
274
|
+
class PooledDeleter {
|
|
275
|
+
public:
|
|
276
|
+
PooledDeleter() = default;
|
|
277
|
+
explicit PooledDeleter(std::nullptr_t) : delete_(false) {}
|
|
278
|
+
template <typename T>
|
|
279
|
+
void operator()(T* p) {
|
|
280
|
+
// TODO(ctiller): promise based filter hijacks ownership of some pointers
|
|
281
|
+
// to make them appear as PoolPtr without really transferring ownership,
|
|
282
|
+
// by setting the arena to nullptr.
|
|
283
|
+
// This is a transitional hack and should be removed once promise based
|
|
284
|
+
// filter is removed.
|
|
285
|
+
if (delete_) delete p;
|
|
235
286
|
}
|
|
287
|
+
|
|
288
|
+
bool has_freelist() const { return delete_; }
|
|
289
|
+
|
|
290
|
+
private:
|
|
291
|
+
bool delete_ = true;
|
|
292
|
+
};
|
|
293
|
+
|
|
294
|
+
template <typename T>
|
|
295
|
+
using PoolPtr = std::unique_ptr<T, PooledDeleter>;
|
|
296
|
+
|
|
297
|
+
// Make a unique_ptr to T that is allocated from the arena.
|
|
298
|
+
// When the pointer is released, the memory may be reused for other
|
|
299
|
+
// MakePooled(.*) calls.
|
|
300
|
+
// CAUTION: The amount of memory allocated is rounded up to the nearest
|
|
301
|
+
// value in Arena::PoolSizes, and so this may pessimize total
|
|
302
|
+
// arena size.
|
|
303
|
+
template <typename T, typename... Args>
|
|
304
|
+
PoolPtr<T> MakePooled(Args&&... args) {
|
|
305
|
+
return PoolPtr<T>(new T(std::forward<Args>(args)...), PooledDeleter());
|
|
306
|
+
}
|
|
307
|
+
|
|
308
|
+
// Make a unique_ptr to an array of T that is allocated from the arena.
|
|
309
|
+
// When the pointer is released, the memory may be reused for other
|
|
310
|
+
// MakePooled(.*) calls.
|
|
311
|
+
// One can use MakePooledArray<char> to allocate a buffer of bytes.
|
|
312
|
+
// CAUTION: The amount of memory allocated is rounded up to the nearest
|
|
313
|
+
// value in Arena::PoolSizes, and so this may pessimize total
|
|
314
|
+
// arena size.
|
|
315
|
+
template <typename T>
|
|
316
|
+
PoolPtr<T[]> MakePooledArray(size_t n) {
|
|
317
|
+
return PoolPtr<T[]>(new T[n], PooledDeleter());
|
|
236
318
|
}
|
|
237
319
|
|
|
320
|
+
// Like MakePooled, but with manual memory management.
|
|
321
|
+
// The caller is responsible for calling DeletePooled() on the returned
|
|
322
|
+
// pointer, and expected to call it with the same type T as was passed to this
|
|
323
|
+
// function (else the free list returned to the arena will be corrupted).
|
|
324
|
+
template <typename T, typename... Args>
|
|
325
|
+
T* NewPooled(Args&&... args) {
|
|
326
|
+
return new T(std::forward<Args>(args)...);
|
|
327
|
+
}
|
|
328
|
+
|
|
329
|
+
template <typename T>
|
|
330
|
+
void DeletePooled(T* p) {
|
|
331
|
+
delete p;
|
|
332
|
+
}
|
|
333
|
+
#endif
|
|
334
|
+
|
|
238
335
|
private:
|
|
239
336
|
struct Zone {
|
|
240
337
|
Zone* prev;
|
|
@@ -275,9 +372,24 @@ class Arena {
|
|
|
275
372
|
|
|
276
373
|
void* AllocZone(size_t size);
|
|
277
374
|
|
|
278
|
-
void* AllocPooled(size_t
|
|
375
|
+
void* AllocPooled(size_t obj_size, size_t alloc_size,
|
|
376
|
+
std::atomic<FreePoolNode*>* head);
|
|
279
377
|
static void FreePooled(void* p, std::atomic<FreePoolNode*>* head);
|
|
280
378
|
|
|
379
|
+
void TracePoolAlloc(size_t size, void* ptr) {
|
|
380
|
+
(void)size;
|
|
381
|
+
(void)ptr;
|
|
382
|
+
#ifdef GRPC_ARENA_TRACE_POOLED_ALLOCATIONS
|
|
383
|
+
gpr_log(GPR_ERROR, "ARENA %p ALLOC %" PRIdPTR " @ %p", this, size, ptr);
|
|
384
|
+
#endif
|
|
385
|
+
}
|
|
386
|
+
static void TracePoolFree(void* ptr) {
|
|
387
|
+
(void)ptr;
|
|
388
|
+
#ifdef GRPC_ARENA_TRACE_POOLED_ALLOCATIONS
|
|
389
|
+
gpr_log(GPR_ERROR, "FREE %p", ptr);
|
|
390
|
+
#endif
|
|
391
|
+
}
|
|
392
|
+
|
|
281
393
|
// Keep track of the total used size. We use this in our call sizing
|
|
282
394
|
// hysteresis.
|
|
283
395
|
std::atomic<size_t> total_used_{0};
|
|
@@ -290,7 +402,9 @@ class Arena {
|
|
|
290
402
|
// last zone; the zone list is reverse-walked during arena destruction only.
|
|
291
403
|
std::atomic<Zone*> last_zone_{nullptr};
|
|
292
404
|
std::atomic<ManagedNewObject*> managed_new_head_{nullptr};
|
|
405
|
+
#ifndef GRPC_ARENA_POOLED_ALLOCATIONS_USE_MALLOC
|
|
293
406
|
std::atomic<FreePoolNode*> pools_[PoolSizes::size()]{};
|
|
407
|
+
#endif
|
|
294
408
|
// The backing memory quota
|
|
295
409
|
MemoryAllocator* const memory_allocator_;
|
|
296
410
|
};
|
|
@@ -645,7 +645,7 @@ std::string PressureController::DebugString() const {
|
|
|
645
645
|
}
|
|
646
646
|
|
|
647
647
|
double PressureTracker::AddSampleAndGetControlValue(double sample) {
|
|
648
|
-
static const double kSetPoint = 95
|
|
648
|
+
static const double kSetPoint = 0.95;
|
|
649
649
|
|
|
650
650
|
double max_so_far = max_this_round_.load(std::memory_order_relaxed);
|
|
651
651
|
if (sample > max_so_far) {
|
|
@@ -38,7 +38,6 @@
|
|
|
38
38
|
#include <grpc/support/string_util.h>
|
|
39
39
|
|
|
40
40
|
#include "src/core/lib/gprpp/env.h"
|
|
41
|
-
#include "src/core/lib/gprpp/host_port.h"
|
|
42
41
|
#include "src/core/lib/http/httpcli_ssl_credentials.h"
|
|
43
42
|
#include "src/core/lib/iomgr/closure.h"
|
|
44
43
|
#include "src/core/lib/json/json.h"
|
|
@@ -49,9 +48,6 @@ namespace grpc_core {
|
|
|
49
48
|
|
|
50
49
|
namespace {
|
|
51
50
|
|
|
52
|
-
const char* awsEc2MetadataIpv4Address = "169.254.169.254";
|
|
53
|
-
const char* awsEc2MetadataIpv6Address = "fd00:ec2::254";
|
|
54
|
-
|
|
55
51
|
const char* kExpectedEnvironmentId = "aws1";
|
|
56
52
|
|
|
57
53
|
const char* kRegionEnvVar = "AWS_REGION";
|
|
@@ -78,15 +74,6 @@ std::string UrlEncode(const absl::string_view& s) {
|
|
|
78
74
|
return result;
|
|
79
75
|
}
|
|
80
76
|
|
|
81
|
-
bool ValidateAwsUrl(const std::string& urlString) {
|
|
82
|
-
absl::StatusOr<URI> url = URI::Parse(urlString);
|
|
83
|
-
if (!url.ok()) return false;
|
|
84
|
-
absl::string_view host;
|
|
85
|
-
absl::string_view port;
|
|
86
|
-
SplitHostPort(url->authority(), &host, &port);
|
|
87
|
-
return host == awsEc2MetadataIpv4Address || host == awsEc2MetadataIpv6Address;
|
|
88
|
-
}
|
|
89
|
-
|
|
90
77
|
} // namespace
|
|
91
78
|
|
|
92
79
|
RefCountedPtr<AwsExternalAccountCredentials>
|
|
@@ -129,22 +116,10 @@ AwsExternalAccountCredentials::AwsExternalAccountCredentials(
|
|
|
129
116
|
return;
|
|
130
117
|
}
|
|
131
118
|
region_url_ = it->second.string_value();
|
|
132
|
-
if (!ValidateAwsUrl(region_url_)) {
|
|
133
|
-
*error = GRPC_ERROR_CREATE(absl::StrFormat(
|
|
134
|
-
"Invalid host for region_url field, expecting %s or %s.",
|
|
135
|
-
awsEc2MetadataIpv4Address, awsEc2MetadataIpv6Address));
|
|
136
|
-
return;
|
|
137
|
-
}
|
|
138
119
|
it = options.credential_source.object_value().find("url");
|
|
139
120
|
if (it != options.credential_source.object_value().end() &&
|
|
140
121
|
it->second.type() == Json::Type::STRING) {
|
|
141
122
|
url_ = it->second.string_value();
|
|
142
|
-
if (!ValidateAwsUrl(url_)) {
|
|
143
|
-
*error = GRPC_ERROR_CREATE(absl::StrFormat(
|
|
144
|
-
"Invalid host for url field, expecting %s or %s.",
|
|
145
|
-
awsEc2MetadataIpv4Address, awsEc2MetadataIpv6Address));
|
|
146
|
-
return;
|
|
147
|
-
}
|
|
148
123
|
}
|
|
149
124
|
it = options.credential_source.object_value().find(
|
|
150
125
|
"regional_cred_verification_url");
|
|
@@ -164,16 +139,16 @@ AwsExternalAccountCredentials::AwsExternalAccountCredentials(
|
|
|
164
139
|
if (it != options.credential_source.object_value().end() &&
|
|
165
140
|
it->second.type() == Json::Type::STRING) {
|
|
166
141
|
imdsv2_session_token_url_ = it->second.string_value();
|
|
167
|
-
if (!ValidateAwsUrl(imdsv2_session_token_url_)) {
|
|
168
|
-
*error = GRPC_ERROR_CREATE(absl::StrFormat(
|
|
169
|
-
"Invalid host for imdsv2_session_token_url field, expecting %s or "
|
|
170
|
-
"%s.",
|
|
171
|
-
awsEc2MetadataIpv4Address, awsEc2MetadataIpv6Address));
|
|
172
|
-
return;
|
|
173
|
-
}
|
|
174
142
|
}
|
|
175
143
|
}
|
|
176
144
|
|
|
145
|
+
bool AwsExternalAccountCredentials::ShouldUseMetadataServer() {
|
|
146
|
+
return !((GetEnv(kRegionEnvVar).has_value() ||
|
|
147
|
+
GetEnv(kDefaultRegionEnvVar).has_value()) &&
|
|
148
|
+
(GetEnv(kAccessKeyIdEnvVar).has_value() &&
|
|
149
|
+
GetEnv(kSecretAccessKeyEnvVar).has_value()));
|
|
150
|
+
}
|
|
151
|
+
|
|
177
152
|
void AwsExternalAccountCredentials::RetrieveSubjectToken(
|
|
178
153
|
HTTPRequestContext* ctx, const Options& /*options*/,
|
|
179
154
|
std::function<void(std::string, grpc_error_handle)> cb) {
|
|
@@ -186,7 +161,7 @@ void AwsExternalAccountCredentials::RetrieveSubjectToken(
|
|
|
186
161
|
}
|
|
187
162
|
ctx_ = ctx;
|
|
188
163
|
cb_ = cb;
|
|
189
|
-
if (!imdsv2_session_token_url_.empty()) {
|
|
164
|
+
if (!imdsv2_session_token_url_.empty() && ShouldUseMetadataServer()) {
|
|
190
165
|
RetrieveImdsV2SessionToken();
|
|
191
166
|
} else if (signer_ != nullptr) {
|
|
192
167
|
BuildSubjectToken();
|
|
@@ -381,10 +356,12 @@ void AwsExternalAccountCredentials::RetrieveSigningKeys() {
|
|
|
381
356
|
auto secret_access_key_from_env = GetEnv(kSecretAccessKeyEnvVar);
|
|
382
357
|
auto token_from_env = GetEnv(kSessionTokenEnvVar);
|
|
383
358
|
if (access_key_id_from_env.has_value() &&
|
|
384
|
-
secret_access_key_from_env.has_value()
|
|
359
|
+
secret_access_key_from_env.has_value()) {
|
|
385
360
|
access_key_id_ = std::move(*access_key_id_from_env);
|
|
386
361
|
secret_access_key_ = std::move(*secret_access_key_from_env);
|
|
387
|
-
|
|
362
|
+
if (token_from_env.has_value()) {
|
|
363
|
+
token_ = std::move(*token_from_env);
|
|
364
|
+
}
|
|
388
365
|
BuildSubjectToken();
|
|
389
366
|
return;
|
|
390
367
|
}
|
|
@@ -45,6 +45,7 @@ class AwsExternalAccountCredentials final : public ExternalAccountCredentials {
|
|
|
45
45
|
grpc_error_handle* error);
|
|
46
46
|
|
|
47
47
|
private:
|
|
48
|
+
bool ShouldUseMetadataServer();
|
|
48
49
|
void RetrieveSubjectToken(
|
|
49
50
|
HTTPRequestContext* ctx, const Options& options,
|
|
50
51
|
std::function<void(std::string, grpc_error_handle)> cb) override;
|
|
@@ -22,14 +22,12 @@
|
|
|
22
22
|
|
|
23
23
|
#include <string.h>
|
|
24
24
|
|
|
25
|
-
#include <map>
|
|
26
25
|
#include <memory>
|
|
27
26
|
#include <string>
|
|
28
27
|
|
|
29
28
|
#include "absl/status/statusor.h"
|
|
30
29
|
#include "absl/strings/match.h"
|
|
31
30
|
#include "absl/strings/string_view.h"
|
|
32
|
-
#include "absl/strings/strip.h"
|
|
33
31
|
#include "absl/types/optional.h"
|
|
34
32
|
|
|
35
33
|
#include <grpc/grpc_security.h> // IWYU pragma: keep
|
|
@@ -44,7 +42,6 @@
|
|
|
44
42
|
#include "src/core/lib/channel/channel_args.h"
|
|
45
43
|
#include "src/core/lib/debug/trace.h"
|
|
46
44
|
#include "src/core/lib/gprpp/env.h"
|
|
47
|
-
#include "src/core/lib/gprpp/host_port.h"
|
|
48
45
|
#include "src/core/lib/gprpp/orphanable.h"
|
|
49
46
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
|
50
47
|
#include "src/core/lib/gprpp/status_helper.h"
|
|
@@ -254,57 +251,6 @@ static int is_metadata_server_reachable() {
|
|
|
254
251
|
return detector.success;
|
|
255
252
|
}
|
|
256
253
|
|
|
257
|
-
namespace {
|
|
258
|
-
|
|
259
|
-
bool ValidateUrlField(const Json& json, const std::string& field) {
|
|
260
|
-
auto it = json.object_value().find(field);
|
|
261
|
-
if (it == json.object_value().end()) {
|
|
262
|
-
return true;
|
|
263
|
-
}
|
|
264
|
-
if (it->second.type() != Json::Type::STRING ||
|
|
265
|
-
it->second.string_value().empty()) {
|
|
266
|
-
return false;
|
|
267
|
-
}
|
|
268
|
-
absl::StatusOr<grpc_core::URI> url =
|
|
269
|
-
grpc_core::URI::Parse(it->second.string_value());
|
|
270
|
-
if (!url.ok()) return false;
|
|
271
|
-
if (!absl::EqualsIgnoreCase(url->scheme(), "https")) {
|
|
272
|
-
return false;
|
|
273
|
-
}
|
|
274
|
-
absl::string_view host;
|
|
275
|
-
absl::string_view port;
|
|
276
|
-
grpc_core::SplitHostPort(url->authority(), &host, &port);
|
|
277
|
-
if (absl::ConsumeSuffix(&host, ".p.googleapis.com")) {
|
|
278
|
-
if (absl::StartsWith(host, "sts-") ||
|
|
279
|
-
absl::StartsWith(host, "iamcredentials-")) {
|
|
280
|
-
return true;
|
|
281
|
-
}
|
|
282
|
-
} else if (absl::ConsumeSuffix(&host, ".googleapis.com")) {
|
|
283
|
-
if (host == "sts" || host == "iamcredentials") {
|
|
284
|
-
return true;
|
|
285
|
-
} else if (absl::StartsWith(host, "sts.") ||
|
|
286
|
-
absl::StartsWith(host, "iamcredentials.")) {
|
|
287
|
-
return true;
|
|
288
|
-
} else if (absl::EndsWith(host, ".sts") ||
|
|
289
|
-
absl::EndsWith(host, ".iamcredentials")) {
|
|
290
|
-
return true;
|
|
291
|
-
} else if (absl::EndsWith(host, "-sts") ||
|
|
292
|
-
absl::EndsWith(host, "-iamcredentials")) {
|
|
293
|
-
return true;
|
|
294
|
-
}
|
|
295
|
-
}
|
|
296
|
-
return false;
|
|
297
|
-
}
|
|
298
|
-
|
|
299
|
-
bool ValidateExteralAccountCredentials(const Json& json) {
|
|
300
|
-
return json.type() == Json::Type::OBJECT &&
|
|
301
|
-
ValidateUrlField(json, "token_url") &&
|
|
302
|
-
ValidateUrlField(json, "service_account_impersonation_url") &&
|
|
303
|
-
ValidateUrlField(json, "token_info_url");
|
|
304
|
-
}
|
|
305
|
-
|
|
306
|
-
} // namespace
|
|
307
|
-
|
|
308
254
|
// Takes ownership of creds_path if not NULL.
|
|
309
255
|
static grpc_error_handle create_default_creds_from_path(
|
|
310
256
|
const std::string& creds_path,
|
|
@@ -363,11 +309,6 @@ static grpc_error_handle create_default_creds_from_path(
|
|
|
363
309
|
goto end;
|
|
364
310
|
}
|
|
365
311
|
|
|
366
|
-
// Finally try an external account credentials.
|
|
367
|
-
if (!ValidateExteralAccountCredentials(json)) {
|
|
368
|
-
error = GRPC_ERROR_CREATE("Invalid external account credentials format.");
|
|
369
|
-
goto end;
|
|
370
|
-
}
|
|
371
312
|
result = grpc_core::ExternalAccountCredentials::Create(json, {}, &error);
|
|
372
313
|
|
|
373
314
|
end:
|
|
@@ -267,10 +267,7 @@ void grpc_oauth2_token_fetcher_credentials::on_http_response(
|
|
|
267
267
|
// Invoke callbacks for all pending requests.
|
|
268
268
|
while (pending_request != nullptr) {
|
|
269
269
|
if (status == GRPC_CREDENTIALS_OK) {
|
|
270
|
-
pending_request->
|
|
271
|
-
GRPC_AUTHORIZATION_METADATA_KEY, access_token_value->Ref(),
|
|
272
|
-
[](absl::string_view, const grpc_core::Slice&) { abort(); });
|
|
273
|
-
pending_request->result = std::move(pending_request->md);
|
|
270
|
+
pending_request->result = access_token_value->Ref();
|
|
274
271
|
} else {
|
|
275
272
|
auto err = GRPC_ERROR_CREATE_REFERENCING(
|
|
276
273
|
"Error occurred when fetching oauth2 token.", &error, 1);
|
|
@@ -338,7 +335,15 @@ grpc_oauth2_token_fetcher_credentials::GetRequestMetadata(
|
|
|
338
335
|
if (!pending_request->done.load(std::memory_order_acquire)) {
|
|
339
336
|
return grpc_core::Pending{};
|
|
340
337
|
}
|
|
341
|
-
|
|
338
|
+
if (pending_request->result.ok()) {
|
|
339
|
+
pending_request->md->Append(
|
|
340
|
+
GRPC_AUTHORIZATION_METADATA_KEY,
|
|
341
|
+
std::move(*pending_request->result),
|
|
342
|
+
[](absl::string_view, const grpc_core::Slice&) { abort(); });
|
|
343
|
+
return std::move(pending_request->md);
|
|
344
|
+
} else {
|
|
345
|
+
return pending_request->result.status();
|
|
346
|
+
}
|
|
342
347
|
};
|
|
343
348
|
}
|
|
344
349
|
|
|
@@ -102,7 +102,7 @@ struct grpc_oauth2_pending_get_request_metadata
|
|
|
102
102
|
grpc_polling_entity* pollent;
|
|
103
103
|
grpc_core::ClientMetadataHandle md;
|
|
104
104
|
struct grpc_oauth2_pending_get_request_metadata* next;
|
|
105
|
-
absl::StatusOr<grpc_core::
|
|
105
|
+
absl::StatusOr<grpc_core::Slice> result;
|
|
106
106
|
};
|
|
107
107
|
|
|
108
108
|
// -- Oauth2 Token Fetcher credentials --
|
|
@@ -117,6 +117,8 @@ gpr_timespec TimeoutSecondsToDeadline(int64_t seconds) {
|
|
|
117
117
|
|
|
118
118
|
} // namespace
|
|
119
119
|
|
|
120
|
+
static constexpr int64_t kMinimumFileWatcherRefreshIntervalSeconds = 1;
|
|
121
|
+
|
|
120
122
|
FileWatcherCertificateProvider::FileWatcherCertificateProvider(
|
|
121
123
|
std::string private_key_path, std::string identity_certificate_path,
|
|
122
124
|
std::string root_cert_path, int64_t refresh_interval_sec)
|
|
@@ -125,6 +127,12 @@ FileWatcherCertificateProvider::FileWatcherCertificateProvider(
|
|
|
125
127
|
root_cert_path_(std::move(root_cert_path)),
|
|
126
128
|
refresh_interval_sec_(refresh_interval_sec),
|
|
127
129
|
distributor_(MakeRefCounted<grpc_tls_certificate_distributor>()) {
|
|
130
|
+
if (refresh_interval_sec_ < kMinimumFileWatcherRefreshIntervalSeconds) {
|
|
131
|
+
gpr_log(GPR_INFO,
|
|
132
|
+
"FileWatcherCertificateProvider refresh_interval_sec_ set to value "
|
|
133
|
+
"less than minimum. Overriding configured value to minimum.");
|
|
134
|
+
refresh_interval_sec_ = kMinimumFileWatcherRefreshIntervalSeconds;
|
|
135
|
+
}
|
|
128
136
|
// Private key and identity cert files must be both set or both unset.
|
|
129
137
|
GPR_ASSERT(private_key_path_.empty() == identity_certificate_path_.empty());
|
|
130
138
|
// Must be watching either root or identity certs.
|
|
@@ -381,6 +389,11 @@ FileWatcherCertificateProvider::ReadIdentityKeyCertPairFromFiles(
|
|
|
381
389
|
return absl::nullopt;
|
|
382
390
|
}
|
|
383
391
|
|
|
392
|
+
int64_t FileWatcherCertificateProvider::TestOnlyGetRefreshIntervalSecond()
|
|
393
|
+
const {
|
|
394
|
+
return refresh_interval_sec_;
|
|
395
|
+
}
|
|
396
|
+
|
|
384
397
|
absl::StatusOr<bool> PrivateKeyAndCertificateMatch(
|
|
385
398
|
absl::string_view private_key, absl::string_view cert_chain) {
|
|
386
399
|
if (private_key.empty()) {
|
|
@@ -19,6 +19,7 @@
|
|
|
19
19
|
#include <grpc/support/port_platform.h>
|
|
20
20
|
|
|
21
21
|
#include <algorithm>
|
|
22
|
+
#include <string>
|
|
22
23
|
#include <vector>
|
|
23
24
|
|
|
24
25
|
#if defined(GPR_LINUX) || defined(GPR_ANDROID) || defined(GPR_FREEBSD) || \
|
|
@@ -27,7 +28,6 @@
|
|
|
27
28
|
#include <dirent.h>
|
|
28
29
|
#include <fcntl.h>
|
|
29
30
|
#include <stdio.h>
|
|
30
|
-
#include <string.h>
|
|
31
31
|
#include <sys/param.h>
|
|
32
32
|
#include <sys/stat.h>
|
|
33
33
|
#include <unistd.h>
|
|
@@ -35,17 +35,13 @@
|
|
|
35
35
|
#include <grpc/support/alloc.h>
|
|
36
36
|
#include <grpc/support/log.h>
|
|
37
37
|
|
|
38
|
+
#include "src/core/lib/config/config_vars.h"
|
|
38
39
|
#include "src/core/lib/gpr/useful.h"
|
|
39
|
-
#include "src/core/lib/gprpp/global_config.h"
|
|
40
|
-
#include "src/core/lib/gprpp/memory.h"
|
|
41
40
|
#include "src/core/lib/iomgr/error.h"
|
|
42
41
|
#include "src/core/lib/iomgr/load_file.h"
|
|
43
42
|
#include "src/core/lib/security/security_connector/load_system_roots.h"
|
|
44
43
|
#include "src/core/lib/security/security_connector/load_system_roots_supported.h"
|
|
45
44
|
|
|
46
|
-
GPR_GLOBAL_CONFIG_DEFINE_STRING(grpc_system_ssl_roots_dir, "",
|
|
47
|
-
"Custom directory to SSL Roots");
|
|
48
|
-
|
|
49
45
|
namespace grpc_core {
|
|
50
46
|
namespace {
|
|
51
47
|
|
|
@@ -150,9 +146,9 @@ grpc_slice CreateRootCertsBundle(const char* certs_directory) {
|
|
|
150
146
|
grpc_slice LoadSystemRootCerts() {
|
|
151
147
|
grpc_slice result = grpc_empty_slice();
|
|
152
148
|
// Prioritize user-specified custom directory if flag is set.
|
|
153
|
-
|
|
154
|
-
if (
|
|
155
|
-
result = CreateRootCertsBundle(custom_dir.
|
|
149
|
+
auto custom_dir = ConfigVars::Get().SystemSslRootsDir();
|
|
150
|
+
if (!custom_dir.empty()) {
|
|
151
|
+
result = CreateRootCertsBundle(std::string(custom_dir).c_str());
|
|
156
152
|
}
|
|
157
153
|
// If the custom directory is empty/invalid/not specified, fallback to
|
|
158
154
|
// distribution-specific directory.
|
|
@@ -32,19 +32,18 @@
|
|
|
32
32
|
#include <grpc/grpc.h>
|
|
33
33
|
#include <grpc/support/alloc.h>
|
|
34
34
|
#include <grpc/support/log.h>
|
|
35
|
+
#include <grpc/support/string_util.h>
|
|
35
36
|
#include <grpc/support/sync.h>
|
|
36
37
|
|
|
37
38
|
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
|
|
38
39
|
#include "src/core/lib/channel/channel_args.h"
|
|
40
|
+
#include "src/core/lib/config/config_vars.h"
|
|
39
41
|
#include "src/core/lib/gpr/useful.h"
|
|
40
|
-
#include "src/core/lib/gprpp/global_config.h"
|
|
41
42
|
#include "src/core/lib/gprpp/host_port.h"
|
|
42
|
-
#include "src/core/lib/gprpp/memory.h"
|
|
43
43
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
|
44
44
|
#include "src/core/lib/iomgr/load_file.h"
|
|
45
45
|
#include "src/core/lib/security/context/security_context.h"
|
|
46
46
|
#include "src/core/lib/security/security_connector/load_system_roots.h"
|
|
47
|
-
#include "src/core/lib/security/security_connector/ssl_utils_config.h"
|
|
48
47
|
#include "src/core/tsi/ssl_transport_security.h"
|
|
49
48
|
#include "src/core/tsi/transport_security.h"
|
|
50
49
|
|
|
@@ -76,22 +75,9 @@ void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb) {
|
|
|
76
75
|
static gpr_once cipher_suites_once = GPR_ONCE_INIT;
|
|
77
76
|
static const char* cipher_suites = nullptr;
|
|
78
77
|
|
|
79
|
-
// All cipher suites for default are compliant with HTTP2.
|
|
80
|
-
GPR_GLOBAL_CONFIG_DEFINE_STRING(
|
|
81
|
-
grpc_ssl_cipher_suites,
|
|
82
|
-
"TLS_AES_128_GCM_SHA256:"
|
|
83
|
-
"TLS_AES_256_GCM_SHA384:"
|
|
84
|
-
"TLS_CHACHA20_POLY1305_SHA256:"
|
|
85
|
-
"ECDHE-ECDSA-AES128-GCM-SHA256:"
|
|
86
|
-
"ECDHE-ECDSA-AES256-GCM-SHA384:"
|
|
87
|
-
"ECDHE-RSA-AES128-GCM-SHA256:"
|
|
88
|
-
"ECDHE-RSA-AES256-GCM-SHA384",
|
|
89
|
-
"A colon separated list of cipher suites to use with OpenSSL")
|
|
90
|
-
|
|
91
78
|
static void init_cipher_suites(void) {
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
cipher_suites = value.release();
|
|
79
|
+
cipher_suites = gpr_strdup(
|
|
80
|
+
std::string(grpc_core::ConfigVars::Get().SslCipherSuites()).c_str());
|
|
95
81
|
}
|
|
96
82
|
|
|
97
83
|
// --- Util ---
|
|
@@ -573,14 +559,13 @@ const char* DefaultSslRootStore::GetPemRootCerts() {
|
|
|
573
559
|
|
|
574
560
|
grpc_slice DefaultSslRootStore::ComputePemRootCerts() {
|
|
575
561
|
grpc_slice result = grpc_empty_slice();
|
|
576
|
-
const bool not_use_system_roots =
|
|
577
|
-
GPR_GLOBAL_CONFIG_GET(grpc_not_use_system_ssl_roots);
|
|
578
562
|
// First try to load the roots from the configuration.
|
|
579
|
-
|
|
580
|
-
|
|
581
|
-
if (strlen(default_root_certs_path.get()) > 0) {
|
|
563
|
+
auto default_root_certs_path = ConfigVars::Get().DefaultSslRootsFilePath();
|
|
564
|
+
if (!default_root_certs_path.empty()) {
|
|
582
565
|
GRPC_LOG_IF_ERROR(
|
|
583
|
-
"load_file",
|
|
566
|
+
"load_file",
|
|
567
|
+
grpc_load_file(std::string(default_root_certs_path).c_str(), 1,
|
|
568
|
+
&result));
|
|
584
569
|
}
|
|
585
570
|
// Try overridden roots if needed.
|
|
586
571
|
grpc_ssl_roots_override_result ovrd_res = GRPC_SSL_ROOTS_OVERRIDE_FAIL;
|
|
@@ -596,7 +581,8 @@ grpc_slice DefaultSslRootStore::ComputePemRootCerts() {
|
|
|
596
581
|
gpr_free(pem_root_certs);
|
|
597
582
|
}
|
|
598
583
|
// Try loading roots from OS trust store if flag is enabled.
|
|
599
|
-
if (GRPC_SLICE_IS_EMPTY(result) &&
|
|
584
|
+
if (GRPC_SLICE_IS_EMPTY(result) &&
|
|
585
|
+
!ConfigVars::Get().NotUseSystemSslRoots()) {
|
|
600
586
|
result = LoadSystemRootCerts();
|
|
601
587
|
}
|
|
602
588
|
// Fallback to roots manually shipped with gRPC.
|
|
@@ -74,6 +74,7 @@ void PendingVerifierRequestInit(
|
|
|
74
74
|
bool has_common_name = false;
|
|
75
75
|
bool has_peer_cert = false;
|
|
76
76
|
bool has_peer_cert_full_chain = false;
|
|
77
|
+
bool has_verified_root_cert_subject = false;
|
|
77
78
|
std::vector<char*> uri_names;
|
|
78
79
|
std::vector<char*> dns_names;
|
|
79
80
|
std::vector<char*> email_names;
|
|
@@ -105,6 +106,11 @@ void PendingVerifierRequestInit(
|
|
|
105
106
|
} else if (strcmp(prop->name, TSI_X509_IP_PEER_PROPERTY) == 0) {
|
|
106
107
|
char* ip = CopyCoreString(prop->value.data, prop->value.length);
|
|
107
108
|
ip_names.emplace_back(ip);
|
|
109
|
+
} else if (strcmp(prop->name,
|
|
110
|
+
TSI_X509_VERIFIED_ROOT_CERT_SUBECT_PEER_PROPERTY) == 0) {
|
|
111
|
+
request->peer_info.verified_root_cert_subject =
|
|
112
|
+
CopyCoreString(prop->value.data, prop->value.length);
|
|
113
|
+
has_verified_root_cert_subject = true;
|
|
108
114
|
}
|
|
109
115
|
}
|
|
110
116
|
if (!has_common_name) {
|
|
@@ -116,6 +122,9 @@ void PendingVerifierRequestInit(
|
|
|
116
122
|
if (!has_peer_cert_full_chain) {
|
|
117
123
|
request->peer_info.peer_cert_full_chain = nullptr;
|
|
118
124
|
}
|
|
125
|
+
if (!has_verified_root_cert_subject) {
|
|
126
|
+
request->peer_info.verified_root_cert_subject = nullptr;
|
|
127
|
+
}
|
|
119
128
|
request->peer_info.san_names.uri_names_size = uri_names.size();
|
|
120
129
|
if (!uri_names.empty()) {
|
|
121
130
|
request->peer_info.san_names.uri_names =
|
|
@@ -202,6 +211,9 @@ void PendingVerifierRequestDestroy(
|
|
|
202
211
|
if (request->peer_info.peer_cert_full_chain != nullptr) {
|
|
203
212
|
gpr_free(const_cast<char*>(request->peer_info.peer_cert_full_chain));
|
|
204
213
|
}
|
|
214
|
+
if (request->peer_info.verified_root_cert_subject != nullptr) {
|
|
215
|
+
gpr_free(const_cast<char*>(request->peer_info.verified_root_cert_subject));
|
|
216
|
+
}
|
|
205
217
|
}
|
|
206
218
|
|
|
207
219
|
tsi_ssl_pem_key_cert_pair* ConvertToTsiPemKeyCertPair(
|
|
@@ -236,7 +236,8 @@ static void flush_read_staging_buffer(secure_endpoint* ep, uint8_t** cur,
|
|
|
236
236
|
}
|
|
237
237
|
|
|
238
238
|
static void call_read_cb(secure_endpoint* ep, grpc_error_handle error) {
|
|
239
|
-
if (GRPC_TRACE_FLAG_ENABLED(grpc_trace_secure_endpoint)
|
|
239
|
+
if (GRPC_TRACE_FLAG_ENABLED(grpc_trace_secure_endpoint) &&
|
|
240
|
+
gpr_should_log(GPR_LOG_SEVERITY_INFO)) {
|
|
240
241
|
size_t i;
|
|
241
242
|
for (i = 0; i < ep->read_buffer->count; i++) {
|
|
242
243
|
char* data = grpc_dump_slice(ep->read_buffer->slices[i],
|
|
@@ -394,7 +395,8 @@ static void endpoint_write(grpc_endpoint* secure_ep, grpc_slice_buffer* slices,
|
|
|
394
395
|
|
|
395
396
|
grpc_slice_buffer_reset_and_unref(&ep->output_buffer);
|
|
396
397
|
|
|
397
|
-
if (GRPC_TRACE_FLAG_ENABLED(grpc_trace_secure_endpoint)
|
|
398
|
+
if (GRPC_TRACE_FLAG_ENABLED(grpc_trace_secure_endpoint) &&
|
|
399
|
+
gpr_should_log(GPR_LOG_SEVERITY_INFO)) {
|
|
398
400
|
for (i = 0; i < slices->count; i++) {
|
|
399
401
|
char* data =
|
|
400
402
|
grpc_dump_slice(slices->slices[i], GPR_DUMP_HEX | GPR_DUMP_ASCII);
|