grpc 1.60.0 → 1.62.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +397 -332
- data/include/grpc/event_engine/event_engine.h +25 -16
- data/include/grpc/event_engine/extensible.h +68 -0
- data/include/grpc/event_engine/internal/memory_allocator_impl.h +6 -0
- data/include/grpc/event_engine/internal/slice_cast.h +12 -0
- data/include/grpc/event_engine/memory_allocator.h +3 -1
- data/include/grpc/event_engine/slice.h +5 -0
- data/include/grpc/grpc_security.h +22 -1
- data/include/grpc/impl/call.h +29 -0
- data/include/grpc/impl/channel_arg_names.h +12 -1
- data/include/grpc/impl/slice_type.h +1 -1
- data/include/grpc/module.modulemap +1 -0
- data/include/grpc/support/port_platform.h +12 -20
- data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.cc +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/channel_connectivity.cc +11 -11
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.h +4 -4
- data/src/core/{ext/filters/client_channel/client_channel.cc → client_channel/client_channel_filter.cc} +278 -236
- data/src/core/{ext/filters/client_channel/client_channel.h → client_channel/client_channel_filter.h} +42 -42
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_internal.h +8 -6
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_plugin.cc +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.cc +2 -2
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.h +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/config_selector.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/config_selector.h +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/connector.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.cc +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.cc +2 -2
- data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.cc +9 -8
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.h +8 -8
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.cc +12 -9
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.h +11 -10
- data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/service_config_channel_arg_filter.cc +39 -21
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel.cc +2 -2
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel.h +6 -6
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_interface_internal.h +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +55 -8
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +20 -6
- data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +10 -13
- data/src/core/ext/filters/channel_idle/channel_idle_filter.h +18 -10
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +326 -0
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.h +143 -0
- data/src/core/ext/filters/deadline/deadline_filter.cc +12 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +18 -14
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +13 -4
- data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.h +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -32
- data/src/core/ext/filters/http/client/http_client_filter.h +10 -5
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/client_authority_filter.h +12 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +42 -20
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +55 -80
- data/src/core/ext/filters/http/message_compress/compression_filter.h +54 -12
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +325 -0
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.h +139 -0
- data/src/core/ext/filters/http/server/http_server_filter.cc +41 -41
- data/src/core/ext/filters/http/server/http_server_filter.h +11 -4
- data/src/core/ext/filters/message_size/message_size_filter.cc +57 -77
- data/src/core/ext/filters/message_size/message_size_filter.h +36 -24
- data/src/core/ext/filters/rbac/rbac_filter.cc +16 -12
- data/src/core/ext/filters/rbac/rbac_filter.h +11 -4
- data/src/core/ext/filters/rbac/rbac_service_config_parser.h +1 -1
- data/src/core/ext/filters/server_config_selector/server_config_selector.h +2 -2
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +27 -15
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +48 -51
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +22 -5
- data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +1 -1
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +5 -2
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +7 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +11 -2
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +67 -145
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +21 -82
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -8
- data/src/core/ext/transport/chttp2/transport/frame.cc +506 -0
- data/src/core/ext/transport/chttp2/transport/frame.h +214 -0
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +33 -79
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +4 -7
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +5 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +3 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +3 -1
- data/src/core/ext/transport/chttp2/transport/http2_settings.cc +122 -32
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +142 -37
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -22
- data/src/core/ext/transport/chttp2/transport/parsing.cc +23 -37
- data/src/core/ext/transport/chttp2/transport/writing.cc +26 -58
- data/src/core/ext/transport/inproc/inproc_transport.cc +179 -13
- data/src/core/ext/transport/inproc/inproc_transport.h +8 -0
- data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb.h +351 -164
- data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.c +89 -50
- data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +47 -3
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +15 -7
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb.h +32 -3
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb_minitable.c +8 -5
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb.h +28 -0
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb_minitable.c +6 -4
- data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb.h +0 -1
- data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb.h +29 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb_minitable.c +7 -4
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +17 -1
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +4 -3
- data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb.h +166 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.c +55 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.h +30 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +30 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +7 -5
- data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb.h +99 -19
- data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.c +29 -12
- data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.h +1 -0
- data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb.h +15 -0
- data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb_minitable.c +4 -3
- data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb.h +31 -3
- data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb_minitable.c +22 -4
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +91 -3
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +11 -8
- data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb.h +30 -0
- data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb_minitable.c +7 -4
- data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb.h +1 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb_minitable.c +1 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb.h +125 -3
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb_minitable.c +17 -4
- data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb.h +19 -1
- data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb_minitable.c +4 -3
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb.h +1 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb_minitable.c +1 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +15 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb_minitable.c +5 -2
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +42 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +11 -8
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb.h +23 -8
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb_minitable.c +9 -4
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +58 -16
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +14 -11
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb.h +712 -0
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.c +151 -0
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.h +33 -0
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +15 -0
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb_minitable.c +7 -2
- data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb.h +129 -0
- data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.c +27 -6
- data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.h +1 -0
- data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb.h +15 -0
- data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb_minitable.c +5 -2
- data/src/core/ext/upbdefs-gen/envoy/config/accesslog/v3/accesslog.upbdefs.c +60 -60
- data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +278 -256
- data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +483 -475
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/filter.upbdefs.c +27 -20
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/outlier_detection.upbdefs.c +17 -12
- data/src/core/ext/upbdefs-gen/envoy/config/common/matcher/v3/matcher.upbdefs.c +157 -161
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/address.upbdefs.c +105 -97
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +106 -102
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_uri.upbdefs.c +14 -13
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +228 -224
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.c +32 -26
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/endpoint.upbdefs.c +31 -28
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route.upbdefs.c +22 -19
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +818 -813
- data/src/core/ext/upbdefs-gen/envoy/config/tap/v3/common.upbdefs.c +158 -151
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/dynamic_ot.upbdefs.c +27 -23
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +59 -53
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opentelemetry.upbdefs.c +40 -18
- data/src/core/ext/upbdefs-gen/envoy/data/accesslog/v3/accesslog.upbdefs.c +106 -103
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/router/v3/router.upbdefs.c +16 -12
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +22 -21
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +265 -261
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +127 -125
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +188 -182
- data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.c +133 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +57 -56
- data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.c +27 -20
- data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/cel.upbdefs.c +10 -8
- data/src/core/ext/xds/certificate_provider_store.cc +2 -1
- data/src/core/ext/xds/certificate_provider_store.h +0 -5
- data/src/core/ext/xds/xds_api.cc +92 -166
- data/src/core/ext/xds/xds_api.h +4 -9
- data/src/core/ext/xds/xds_bootstrap.h +6 -4
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +4 -15
- data/src/core/ext/xds/xds_bootstrap_grpc.h +2 -1
- data/src/core/ext/xds/xds_certificate_provider.cc +88 -287
- data/src/core/ext/xds/xds_certificate_provider.h +44 -111
- data/src/core/ext/xds/xds_client.cc +526 -468
- data/src/core/ext/xds/xds_client.h +50 -36
- data/src/core/ext/xds/xds_client_grpc.cc +56 -16
- data/src/core/ext/xds/xds_client_grpc.h +4 -1
- data/src/core/ext/xds/xds_client_stats.cc +11 -11
- data/src/core/ext/xds/xds_client_stats.h +8 -13
- data/src/core/ext/xds/xds_cluster.cc +105 -12
- data/src/core/ext/xds/xds_cluster.h +10 -2
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +9 -5
- data/src/core/ext/xds/xds_common_types.cc +14 -10
- data/src/core/ext/xds/xds_endpoint.cc +9 -4
- data/src/core/ext/xds/xds_endpoint.h +6 -2
- data/src/core/ext/xds/xds_health_status.cc +12 -2
- data/src/core/ext/xds/xds_health_status.h +5 -3
- data/src/core/ext/xds/xds_http_rbac_filter.cc +5 -3
- data/src/core/ext/xds/xds_lb_policy_registry.cc +1 -1
- data/src/core/ext/xds/xds_listener.cc +14 -8
- data/src/core/ext/xds/xds_resource_type_impl.h +6 -4
- data/src/core/ext/xds/xds_route_config.cc +35 -23
- data/src/core/ext/xds/xds_route_config.h +1 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +63 -59
- data/src/core/ext/xds/xds_transport.h +3 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +52 -55
- data/src/core/ext/xds/xds_transport_grpc.h +4 -0
- data/src/core/lib/channel/call_tracer.cc +12 -0
- data/src/core/lib/channel/call_tracer.h +17 -3
- data/src/core/lib/channel/channel_args.cc +24 -14
- data/src/core/lib/channel/channel_args.h +89 -14
- data/src/core/lib/channel/channel_stack.cc +27 -0
- data/src/core/lib/channel/channel_stack.h +10 -10
- data/src/core/lib/channel/connected_channel.cc +77 -30
- data/src/core/lib/channel/promise_based_filter.cc +4 -4
- data/src/core/lib/channel/promise_based_filter.h +1040 -1
- data/src/core/lib/channel/server_call_tracer_filter.cc +43 -35
- data/src/core/lib/compression/compression_internal.cc +0 -3
- data/src/core/lib/config/core_configuration.h +3 -3
- data/src/core/lib/event_engine/ares_resolver.cc +141 -73
- data/src/core/lib/event_engine/ares_resolver.h +9 -10
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +4 -0
- data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +8 -1
- data/src/core/lib/event_engine/extensions/can_track_errors.h +40 -0
- data/src/core/lib/event_engine/extensions/supports_fd.h +160 -0
- data/src/core/lib/event_engine/forkable.cc +7 -5
- data/src/core/lib/event_engine/posix.h +11 -122
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.cc +132 -0
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +57 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +31 -7
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +54 -39
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +6 -12
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +14 -6
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +21 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +9 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +7 -0
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +17 -27
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +0 -3
- data/src/core/lib/event_engine/query_extensions.h +85 -0
- data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +55 -0
- data/src/core/lib/event_engine/shim.cc +3 -17
- data/src/core/lib/event_engine/shim.h +0 -2
- data/src/core/lib/event_engine/thread_pool/thread_count.cc +28 -7
- data/src/core/lib/event_engine/thread_pool/thread_count.h +6 -1
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +109 -5
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +9 -0
- data/src/core/lib/event_engine/utils.cc +2 -1
- data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +1 -0
- data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +115 -0
- data/src/core/lib/event_engine/windows/native_windows_dns_resolver.h +51 -0
- data/src/core/lib/event_engine/windows/windows_engine.cc +7 -7
- data/src/core/lib/experiments/config.cc +23 -2
- data/src/core/lib/experiments/config.h +9 -0
- data/src/core/lib/experiments/experiments.cc +296 -378
- data/src/core/lib/experiments/experiments.h +64 -162
- data/src/core/lib/gpr/posix/sync.cc +2 -2
- data/src/core/lib/gpr/posix/time.cc +0 -5
- data/src/core/lib/gpr/windows/sync.cc +2 -2
- data/src/core/lib/gprpp/debug_location.h +15 -0
- data/src/core/lib/gprpp/down_cast.h +49 -0
- data/src/core/lib/gprpp/dual_ref_counted.h +36 -7
- data/src/core/lib/gprpp/linux/env.cc +1 -19
- data/src/core/lib/gprpp/load_file.cc +2 -1
- data/src/core/lib/gprpp/load_file.h +2 -1
- data/src/core/lib/gprpp/orphanable.h +27 -0
- data/src/core/lib/gprpp/posix/thd.cc +27 -2
- data/src/core/lib/gprpp/ref_counted.h +63 -22
- data/src/core/lib/gprpp/ref_counted_ptr.h +70 -27
- data/src/core/lib/gprpp/ref_counted_string.h +13 -0
- data/src/core/lib/gprpp/status_helper.cc +1 -2
- data/src/core/lib/gprpp/thd.h +8 -0
- data/src/core/lib/gprpp/time.h +4 -3
- data/src/core/lib/gprpp/windows/directory_reader.cc +1 -0
- data/src/core/lib/gprpp/windows/thd.cc +10 -1
- data/src/core/lib/iomgr/combiner.cc +16 -52
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +51 -14
- data/src/core/lib/iomgr/event_engine_shims/endpoint.h +16 -0
- data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
- data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -3
- data/src/core/lib/iomgr/tcp_server_posix.cc +65 -50
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -0
- data/src/core/lib/json/json_writer.cc +1 -1
- data/src/core/lib/promise/activity.cc +17 -2
- data/src/core/lib/promise/activity.h +13 -6
- data/src/core/lib/promise/all_ok.h +80 -0
- data/src/core/lib/promise/context.h +45 -7
- data/src/core/lib/promise/detail/join_state.h +2077 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -0
- data/src/core/lib/promise/detail/promise_like.h +8 -1
- data/src/core/lib/promise/detail/seq_state.h +3458 -150
- data/src/core/lib/promise/detail/status.h +42 -5
- data/src/core/lib/promise/for_each.h +13 -4
- data/src/core/lib/promise/if.h +4 -0
- data/src/core/lib/promise/interceptor_list.h +13 -5
- data/src/core/lib/promise/latch.h +9 -6
- data/src/core/lib/promise/party.cc +45 -31
- data/src/core/lib/promise/party.h +176 -9
- data/src/core/lib/promise/pipe.h +2 -7
- data/src/core/lib/promise/poll.h +39 -13
- data/src/core/lib/promise/promise.h +4 -0
- data/src/core/lib/promise/seq.h +107 -7
- data/src/core/lib/promise/sleep.cc +1 -1
- data/src/core/lib/promise/status_flag.h +226 -0
- data/src/core/lib/promise/try_join.h +132 -0
- data/src/core/lib/promise/try_seq.h +132 -10
- data/src/core/lib/resource_quota/arena.h +2 -2
- data/src/core/lib/resource_quota/memory_quota.cc +61 -12
- data/src/core/lib/resource_quota/memory_quota.h +6 -0
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -11
- data/src/core/lib/security/authorization/grpc_server_authz_filter.h +14 -5
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +28 -20
- data/src/core/lib/security/credentials/external/external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +9 -11
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +11 -10
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +9 -7
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -1
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +16 -24
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +12 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +22 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +1 -5
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +22 -29
- data/src/core/lib/security/credentials/xds/xds_credentials.h +2 -4
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +3 -7
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/ssl_utils.cc +26 -17
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +4 -3
- data/src/core/lib/security/transport/auth_filters.h +71 -4
- data/src/core/lib/security/transport/client_auth_filter.cc +2 -4
- data/src/core/lib/security/transport/legacy_server_auth_filter.cc +244 -0
- data/src/core/lib/security/transport/security_handshaker.cc +0 -8
- data/src/core/lib/security/transport/security_handshaker.h +0 -6
- data/src/core/lib/security/transport/server_auth_filter.cc +70 -90
- data/src/core/lib/slice/slice_buffer.h +6 -1
- data/src/core/lib/surface/builtins.cc +1 -1
- data/src/core/lib/surface/call.cc +783 -210
- data/src/core/lib/surface/call.h +26 -13
- data/src/core/lib/surface/call_trace.cc +46 -5
- data/src/core/lib/surface/channel.cc +15 -25
- data/src/core/lib/surface/channel.h +4 -26
- data/src/core/lib/surface/channel_init.cc +81 -7
- data/src/core/lib/surface/channel_init.h +129 -5
- data/src/core/lib/surface/init.cc +15 -9
- data/src/core/lib/surface/server.cc +255 -239
- data/src/core/lib/surface/server.h +26 -54
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/surface/wait_for_cq_end_op.cc +75 -0
- data/src/core/lib/surface/wait_for_cq_end_op.h +72 -0
- data/src/core/lib/transport/batch_builder.cc +2 -3
- data/src/core/lib/transport/batch_builder.h +1 -1
- data/src/core/lib/transport/call_factory.cc +41 -0
- data/src/core/lib/transport/call_factory.h +56 -0
- data/src/core/lib/transport/call_filters.cc +371 -0
- data/src/core/lib/transport/call_filters.h +1500 -0
- data/src/core/lib/transport/call_final_info.cc +38 -0
- data/src/core/lib/transport/call_final_info.h +54 -0
- data/src/core/lib/transport/call_size_estimator.cc +41 -0
- data/src/core/lib/transport/call_size_estimator.h +52 -0
- data/src/core/lib/transport/call_spine.cc +107 -0
- data/src/core/lib/transport/call_spine.h +429 -0
- data/src/core/lib/transport/connectivity_state.cc +3 -2
- data/src/core/lib/transport/connectivity_state.h +4 -0
- data/src/core/lib/transport/handshaker.cc +0 -8
- data/src/core/lib/transport/handshaker.h +0 -7
- data/src/core/lib/transport/message.cc +45 -0
- data/src/core/lib/transport/message.h +61 -0
- data/src/core/lib/transport/metadata.cc +37 -0
- data/src/core/lib/transport/metadata.h +78 -0
- data/src/core/lib/transport/metadata_batch.cc +4 -2
- data/src/core/lib/transport/metadata_batch.h +6 -6
- data/src/core/lib/transport/transport.cc +3 -57
- data/src/core/lib/transport/transport.h +23 -102
- data/src/core/load_balancing/address_filtering.cc +108 -0
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/address_filtering.h +7 -6
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/backend_metric_data.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.cc +6 -5
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.h +4 -4
- data/src/core/{lib/load_balancing → load_balancing}/delegating_helper.h +5 -5
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.cc +18 -21
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.h +14 -11
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.cc +2 -2
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.cc +158 -111
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.cc +15 -10
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client_internal.h +7 -7
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy.cc +1 -1
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy.h +7 -7
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy_factory.h +4 -4
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.cc +2 -2
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.h +5 -5
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.cc +15 -10
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.h +5 -5
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric_internal.h +8 -8
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.cc +20 -21
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.cc +100 -99
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/priority/priority.cc +13 -11
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.cc +20 -23
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/rls/rls.cc +51 -29
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/round_robin/round_robin.cc +32 -35
- data/src/core/{lib/load_balancing → load_balancing}/subchannel_interface.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/subchannel_list.h +17 -17
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/weighted_round_robin.cc +47 -45
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_target/weighted_target.cc +18 -16
- data/src/core/load_balancing/xds/cds.cc +757 -0
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_channel_args.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_impl.cc +241 -131
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_manager.cc +15 -13
- data/src/core/load_balancing/xds/xds_override_host.cc +1313 -0
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_override_host.h +6 -10
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_wrr_locality.cc +13 -14
- data/src/core/plugin_registry/grpc_plugin_registry.cc +3 -0
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +0 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/binder/binder_resolver.cc +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.cc +11 -10
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.h +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_windows.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_posix.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_windows.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.cc +7 -5
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.h +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.cc +12 -10
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.h +5 -5
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.h +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.cc +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.h +3 -3
- data/src/core/{lib/resolver → resolver}/endpoint_addresses.cc +1 -2
- data/src/core/{lib/resolver → resolver}/endpoint_addresses.h +51 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.cc +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/google_c2p/google_c2p_resolver.cc +5 -5
- data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.cc +9 -11
- data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.h +5 -5
- data/src/core/{lib/resolver → resolver}/resolver.cc +1 -1
- data/src/core/{lib/resolver → resolver}/resolver.h +6 -6
- data/src/core/{lib/resolver → resolver}/resolver_factory.h +4 -4
- data/src/core/{lib/resolver → resolver}/resolver_registry.cc +1 -1
- data/src/core/{lib/resolver → resolver}/resolver_registry.h +5 -5
- data/src/core/{lib/resolver → resolver}/server_address.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/sockaddr/sockaddr_resolver.cc +3 -3
- data/src/core/resolver/xds/xds_dependency_manager.cc +1031 -0
- data/src/core/resolver/xds/xds_dependency_manager.h +277 -0
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver.cc +136 -278
- data/src/core/{ext/filters/client_channel/resolver/xds/xds_resolver.h → resolver/xds/xds_resolver_attributes.h} +6 -5
- data/src/core/resolver/xds/xds_resolver_trace.cc +25 -0
- data/src/core/resolver/xds/xds_resolver_trace.h +30 -0
- data/src/core/{lib/service_config → service_config}/service_config.h +4 -4
- data/src/core/{lib/service_config → service_config}/service_config_call_data.h +5 -5
- data/src/core/{lib/service_config → service_config}/service_config_impl.cc +2 -2
- data/src/core/{lib/service_config → service_config}/service_config_impl.h +5 -5
- data/src/core/{lib/service_config → service_config}/service_config_parser.cc +1 -1
- data/src/core/{lib/service_config → service_config}/service_config_parser.h +3 -3
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -1
- data/src/core/tsi/fake_transport_security.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +65 -43
- data/src/ruby/ext/grpc/extconf.rb +0 -1
- data/src/ruby/ext/grpc/rb_channel.c +11 -5
- data/src/ruby/ext/grpc/rb_channel_args.c +3 -1
- data/src/ruby/ext/grpc/rb_event_thread.c +9 -3
- data/src/ruby/ext/grpc/rb_grpc.c +0 -1
- data/src/ruby/ext/grpc/rb_grpc.h +0 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/algorithm/algorithm.h +8 -103
- data/third_party/abseil-cpp/absl/algorithm/container.h +57 -71
- data/third_party/abseil-cpp/absl/base/attributes.h +51 -12
- data/third_party/abseil-cpp/absl/base/call_once.h +15 -9
- data/third_party/abseil-cpp/absl/base/casts.h +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +91 -24
- data/third_party/abseil-cpp/absl/base/internal/endian.h +13 -12
- data/third_party/abseil-cpp/absl/base/internal/identity.h +4 -2
- data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +19 -18
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/nullability_impl.h +106 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +9 -11
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +2 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +17 -4
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +20 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +10 -4
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +13 -6
- data/third_party/abseil-cpp/absl/base/log_severity.cc +1 -0
- data/third_party/abseil-cpp/absl/base/log_severity.h +23 -10
- data/third_party/abseil-cpp/absl/base/no_destructor.h +217 -0
- data/third_party/abseil-cpp/absl/base/nullability.h +224 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +1 -0
- data/third_party/abseil-cpp/absl/base/options.h +27 -1
- data/third_party/abseil-cpp/absl/base/prefetch.h +25 -14
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +0 -2
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +3 -3
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +4 -2
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +13 -9
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -12
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +12 -1
- data/third_party/abseil-cpp/absl/container/internal/layout.h +6 -21
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +11 -2
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +148 -31
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +717 -278
- data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.cc +26 -2
- data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.h +6 -0
- data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +34 -5
- data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy.h +6 -3
- data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_fallback.cc +4 -2
- data/third_party/abseil-cpp/absl/crc/internal/{crc_memcpy_x86_64.cc → crc_memcpy_x86_arm_combined.cc} +65 -47
- data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +10 -2
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +4 -2
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +24 -0
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +35 -33
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +41 -17
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +108 -44
- data/third_party/abseil-cpp/absl/flags/declare.h +0 -5
- data/third_party/abseil-cpp/absl/flags/flag.h +1 -10
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +0 -5
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +10 -1
- data/third_party/abseil-cpp/absl/flags/reflection.cc +2 -1
- data/third_party/abseil-cpp/absl/functional/function_ref.h +8 -0
- data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +49 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +37 -18
- data/third_party/abseil-cpp/absl/random/distributions.h +1 -1
- data/third_party/abseil-cpp/absl/status/internal/status_internal.cc +248 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +55 -14
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +53 -2
- data/third_party/abseil-cpp/absl/status/status.cc +36 -238
- data/third_party/abseil-cpp/absl/status/status.h +95 -53
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +1 -3
- data/third_party/abseil-cpp/absl/status/status_payload_printer.h +3 -2
- data/third_party/abseil-cpp/absl/status/statusor.cc +5 -2
- data/third_party/abseil-cpp/absl/status/statusor.h +43 -3
- data/third_party/abseil-cpp/absl/strings/ascii.cc +84 -12
- data/third_party/abseil-cpp/absl/strings/ascii.h +8 -6
- data/third_party/abseil-cpp/absl/strings/charconv.cc +19 -12
- data/third_party/abseil-cpp/absl/strings/charconv.h +6 -3
- data/third_party/abseil-cpp/absl/strings/charset.h +164 -0
- data/third_party/abseil-cpp/absl/strings/cord.cc +266 -69
- data/third_party/abseil-cpp/absl/strings/cord.h +138 -92
- data/third_party/abseil-cpp/absl/strings/cord_analysis.cc +19 -33
- data/third_party/abseil-cpp/absl/strings/cord_analysis.h +4 -3
- data/third_party/abseil-cpp/absl/strings/escaping.cc +5 -4
- data/third_party/abseil-cpp/absl/strings/has_absl_stringify.h +63 -0
- data/third_party/abseil-cpp/absl/strings/has_ostream_operator.h +42 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +0 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +19 -45
- data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +23 -28
- data/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h +15 -26
- data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +12 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +145 -8
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +72 -24
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +17 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +7 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/constexpr_parser.h +8 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +10 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +5 -4
- data/third_party/abseil-cpp/absl/strings/match.cc +3 -0
- data/third_party/abseil-cpp/absl/strings/numbers.cc +396 -153
- data/third_party/abseil-cpp/absl/strings/numbers.h +193 -35
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +151 -21
- data/third_party/abseil-cpp/absl/strings/str_cat.h +127 -25
- data/third_party/abseil-cpp/absl/strings/str_format.h +30 -20
- data/third_party/abseil-cpp/absl/strings/str_join.h +16 -16
- data/third_party/abseil-cpp/absl/strings/str_replace.cc +12 -3
- data/third_party/abseil-cpp/absl/strings/str_replace.h +8 -5
- data/third_party/abseil-cpp/absl/strings/str_split.cc +8 -6
- data/third_party/abseil-cpp/absl/strings/str_split.h +18 -0
- data/third_party/abseil-cpp/absl/strings/string_view.cc +26 -5
- data/third_party/abseil-cpp/absl/strings/string_view.h +91 -26
- data/third_party/abseil-cpp/absl/strings/strip.h +5 -2
- data/third_party/abseil-cpp/absl/strings/substitute.cc +12 -4
- data/third_party/abseil-cpp/absl/strings/substitute.h +103 -91
- data/third_party/abseil-cpp/absl/synchronization/internal/pthread_waiter.h +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/win32_waiter.h +4 -2
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +296 -332
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +89 -34
- data/third_party/abseil-cpp/absl/time/civil_time.h +26 -0
- data/third_party/abseil-cpp/absl/time/clock.h +5 -1
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -3
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +2 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +9 -14
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +0 -8
- data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +18 -0
- data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +18 -0
- data/third_party/abseil-cpp/absl/types/internal/variant.h +3 -3
- data/third_party/abseil-cpp/absl/types/optional.h +3 -2
- data/third_party/abseil-cpp/absl/types/span.h +9 -4
- data/third_party/abseil-cpp/absl/utility/utility.h +11 -93
- data/third_party/boringssl-with-bazel/err_data.c +278 -276
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +8 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +19 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +11 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +4 -13
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +27 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +1 -11
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +42 -12
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +0 -22
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +9 -9
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +34 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +49 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +30 -42
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +87 -96
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/des/des.c +105 -31
- data/third_party/boringssl-with-bazel/src/crypto/des/internal.h +10 -81
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +2 -15
- data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +1 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +2 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/add.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +26 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +26 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +10 -41
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +49 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +26 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +27 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +8 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +11 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aesccm.c +43 -50
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +16 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +51 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +17 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +6 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +153 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +87 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +39 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +32 -5
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +254 -54
- data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/{kyber → keccak}/keccak.c +124 -49
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +8 -39
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +39 -29
- data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +17 -33
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +36 -16
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +9 -13
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +101 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +50 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +133 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +54 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/internal.h +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +150 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +71 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +139 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +53 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +44 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +136 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +135 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +45 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +4 -9
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +10 -22
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +12 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +14 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +23 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +225 -51
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akey.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akeya.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_alt.c +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bcons.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bitst.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_conf.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_cpols.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_crld.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_enum.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_extku.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_genn.c +12 -12
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ia5.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_info.c +4 -6
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_lib.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ncons.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ocsp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pcons.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pmaps.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_prn.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_purp.c +92 -335
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_skey.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_utl.c +20 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +35 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +44 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +107 -255
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +32 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +25 -152
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +330 -944
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +93 -215
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -129
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +46 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +0 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +3 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +24 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +4 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/des.h +0 -13
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +33 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +5 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +26 -18
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +13 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +5 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +19 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +45 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +20 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +18 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +76 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/target.h +31 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +3 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2806 -941
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +38 -1025
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +124 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +1 -2
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +82 -9
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +42 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +9 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +5 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -2
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +21 -0
- data/third_party/cares/config_linux/ares_config.h +2 -38
- data/third_party/upb/upb/reflection/def_pool.h +2 -2
- data/third_party/zlib/adler32.c +5 -27
- data/third_party/zlib/compress.c +5 -16
- data/third_party/zlib/crc32.c +86 -162
- data/third_party/zlib/deflate.c +233 -336
- data/third_party/zlib/deflate.h +8 -8
- data/third_party/zlib/gzguts.h +11 -12
- data/third_party/zlib/infback.c +7 -23
- data/third_party/zlib/inffast.c +1 -4
- data/third_party/zlib/inffast.h +1 -1
- data/third_party/zlib/inflate.c +30 -99
- data/third_party/zlib/inftrees.c +6 -11
- data/third_party/zlib/inftrees.h +3 -3
- data/third_party/zlib/trees.c +224 -302
- data/third_party/zlib/uncompr.c +4 -12
- data/third_party/zlib/zconf.h +6 -2
- data/third_party/zlib/zlib.h +191 -188
- data/third_party/zlib/zutil.c +16 -44
- data/third_party/zlib/zutil.h +10 -10
- metadata +241 -184
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +0 -75
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +0 -711
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +0 -1173
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +0 -922
- data/src/core/lib/event_engine/memory_allocator.cc +0 -74
- data/src/core/lib/iomgr/load_file.cc +0 -78
- data/src/core/lib/iomgr/load_file.h +0 -35
- data/src/core/lib/transport/pid_controller.cc +0 -51
- data/src/core/lib/transport/pid_controller.h +0 -116
- data/third_party/abseil-cpp/absl/base/internal/prefetch.h +0 -137
- data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +0 -280
- data/third_party/abseil-cpp/absl/flags/flag.cc +0 -38
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +0 -116
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +0 -158
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +0 -773
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +0 -607
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +0 -118
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +0 -100
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +0 -111
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +0 -197
- data/third_party/upb/upb/collections/array.h +0 -17
- data/third_party/upb/upb/collections/map.h +0 -17
- data/third_party/upb/upb/upb.hpp +0 -18
- /data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/ext_dat.h +0 -0
@@ -32,11 +32,11 @@
|
|
32
32
|
#include <grpc/support/time.h>
|
33
33
|
|
34
34
|
#include "src/core/lib/debug/trace.h"
|
35
|
+
#include "src/core/lib/gprpp/load_file.h"
|
35
36
|
#include "src/core/lib/gprpp/stat.h"
|
36
37
|
#include "src/core/lib/gprpp/status_helper.h"
|
37
38
|
#include "src/core/lib/iomgr/error.h"
|
38
39
|
#include "src/core/lib/iomgr/exec_ctx.h"
|
39
|
-
#include "src/core/lib/iomgr/load_file.h"
|
40
40
|
#include "src/core/lib/slice/slice.h"
|
41
41
|
#include "src/core/lib/slice/slice_internal.h"
|
42
42
|
#include "src/core/lib/surface/api_trace.h"
|
@@ -280,17 +280,15 @@ absl::optional<std::string>
|
|
280
280
|
FileWatcherCertificateProvider::ReadRootCertificatesFromFile(
|
281
281
|
const std::string& root_cert_full_path) {
|
282
282
|
// Read the root file.
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
if (!root_error.ok()) {
|
283
|
+
auto root_slice =
|
284
|
+
LoadFile(root_cert_full_path, /*add_null_terminator=*/false);
|
285
|
+
if (!root_slice.ok()) {
|
287
286
|
gpr_log(GPR_ERROR, "Reading file %s failed: %s",
|
288
|
-
root_cert_full_path.c_str(),
|
287
|
+
root_cert_full_path.c_str(),
|
288
|
+
root_slice.status().ToString().c_str());
|
289
289
|
return absl::nullopt;
|
290
290
|
}
|
291
|
-
std::string
|
292
|
-
CSliceUnref(root_slice);
|
293
|
-
return root_cert;
|
291
|
+
return std::string(root_slice->as_string_view());
|
294
292
|
}
|
295
293
|
|
296
294
|
namespace {
|
@@ -309,10 +307,6 @@ absl::optional<PemKeyCertPairList>
|
|
309
307
|
FileWatcherCertificateProvider::ReadIdentityKeyCertPairFromFiles(
|
310
308
|
const std::string& private_key_path,
|
311
309
|
const std::string& identity_certificate_path) {
|
312
|
-
struct SliceWrapper {
|
313
|
-
grpc_slice slice = grpc_empty_slice();
|
314
|
-
~SliceWrapper() { CSliceUnref(slice); }
|
315
|
-
};
|
316
310
|
const int kNumRetryAttempts = 3;
|
317
311
|
for (int i = 0; i < kNumRetryAttempts; ++i) {
|
318
312
|
// TODO(ZhenLian): replace the timestamp approach with key-match approach
|
@@ -337,24 +331,22 @@ FileWatcherCertificateProvider::ReadIdentityKeyCertPairFromFiles(
|
|
337
331
|
continue;
|
338
332
|
}
|
339
333
|
// Read the identity files.
|
340
|
-
|
341
|
-
|
342
|
-
grpc_load_file(private_key_path.c_str(), 0, &key_slice.slice);
|
343
|
-
if (!key_error.ok()) {
|
334
|
+
auto key_slice = LoadFile(private_key_path, /*add_null_terminator=*/false);
|
335
|
+
if (!key_slice.ok()) {
|
344
336
|
gpr_log(GPR_ERROR, "Reading file %s failed: %s. Start retrying...",
|
345
|
-
private_key_path.c_str(),
|
337
|
+
private_key_path.c_str(), key_slice.status().ToString().c_str());
|
346
338
|
continue;
|
347
339
|
}
|
348
|
-
|
349
|
-
|
350
|
-
if (!
|
340
|
+
auto cert_slice =
|
341
|
+
LoadFile(identity_certificate_path, /*add_null_terminator=*/false);
|
342
|
+
if (!cert_slice.ok()) {
|
351
343
|
gpr_log(GPR_ERROR, "Reading file %s failed: %s. Start retrying...",
|
352
344
|
identity_certificate_path.c_str(),
|
353
|
-
|
345
|
+
cert_slice.status().ToString().c_str());
|
354
346
|
continue;
|
355
347
|
}
|
356
|
-
std::string private_key(
|
357
|
-
std::string cert_chain(
|
348
|
+
std::string private_key(key_slice->as_string_view());
|
349
|
+
std::string cert_chain(cert_slice->as_string_view());
|
358
350
|
PemKeyCertPairList identity_pairs;
|
359
351
|
identity_pairs.emplace_back(private_key, cert_chain);
|
360
352
|
// Checking the last modification of identity files before reading.
|
@@ -39,7 +39,6 @@
|
|
39
39
|
#include "src/core/lib/gprpp/sync.h"
|
40
40
|
#include "src/core/lib/gprpp/thd.h"
|
41
41
|
#include "src/core/lib/gprpp/unique_type_name.h"
|
42
|
-
#include "src/core/lib/iomgr/iomgr_fwd.h"
|
43
42
|
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
|
44
43
|
#include "src/core/lib/security/security_connector/ssl_utils.h"
|
45
44
|
|
@@ -55,8 +54,6 @@
|
|
55
54
|
struct grpc_tls_certificate_provider
|
56
55
|
: public grpc_core::RefCounted<grpc_tls_certificate_provider> {
|
57
56
|
public:
|
58
|
-
virtual grpc_pollset_set* interested_parties() const { return nullptr; }
|
59
|
-
|
60
57
|
virtual grpc_core::RefCountedPtr<grpc_tls_certificate_distributor>
|
61
58
|
distributor() const = 0;
|
62
59
|
|
@@ -149,3 +149,15 @@ void grpc_tls_credentials_options_set_crl_provider(
|
|
149
149
|
GPR_ASSERT(options != nullptr);
|
150
150
|
options->set_crl_provider(provider);
|
151
151
|
}
|
152
|
+
|
153
|
+
void grpc_tls_credentials_options_set_min_tls_version(
|
154
|
+
grpc_tls_credentials_options* options, grpc_tls_version min_tls_version) {
|
155
|
+
GPR_ASSERT(options != nullptr);
|
156
|
+
options->set_min_tls_version(min_tls_version);
|
157
|
+
}
|
158
|
+
|
159
|
+
void grpc_tls_credentials_options_set_max_tls_version(
|
160
|
+
grpc_tls_credentials_options* options, grpc_tls_version max_tls_version) {
|
161
|
+
GPR_ASSERT(options != nullptr);
|
162
|
+
options->set_max_tls_version(max_tls_version);
|
163
|
+
}
|
@@ -148,8 +148,7 @@ absl::StatusOr<std::shared_ptr<CrlProvider>> CreateDirectoryReloaderCrlProvider(
|
|
148
148
|
return absl::InvalidArgumentError("Refresh duration minimum is 60 seconds");
|
149
149
|
}
|
150
150
|
auto provider = std::make_shared<DirectoryReloaderCrlProvider>(
|
151
|
-
refresh_duration, reload_error_callback,
|
152
|
-
grpc_event_engine::experimental::GetDefaultEventEngine(),
|
151
|
+
refresh_duration, reload_error_callback, /*event_engine=*/nullptr,
|
153
152
|
MakeDirectoryReader(directory));
|
154
153
|
// This could be slow to do at startup, but we want to
|
155
154
|
// make sure it's done before the provider is used.
|
@@ -157,10 +156,28 @@ absl::StatusOr<std::shared_ptr<CrlProvider>> CreateDirectoryReloaderCrlProvider(
|
|
157
156
|
return provider;
|
158
157
|
}
|
159
158
|
|
159
|
+
DirectoryReloaderCrlProvider::DirectoryReloaderCrlProvider(
|
160
|
+
std::chrono::seconds duration, std::function<void(absl::Status)> callback,
|
161
|
+
std::shared_ptr<grpc_event_engine::experimental::EventEngine> event_engine,
|
162
|
+
std::shared_ptr<DirectoryReader> directory_impl)
|
163
|
+
: refresh_duration_(Duration::FromSecondsAsDouble(duration.count())),
|
164
|
+
reload_error_callback_(std::move(callback)),
|
165
|
+
crl_directory_(std::move(directory_impl)) {
|
166
|
+
// Must be called before `GetDefaultEventEngine`
|
167
|
+
grpc_init();
|
168
|
+
if (event_engine == nullptr) {
|
169
|
+
event_engine_ = grpc_event_engine::experimental::GetDefaultEventEngine();
|
170
|
+
} else {
|
171
|
+
event_engine_ = std::move(event_engine);
|
172
|
+
}
|
173
|
+
}
|
174
|
+
|
160
175
|
DirectoryReloaderCrlProvider::~DirectoryReloaderCrlProvider() {
|
161
176
|
if (refresh_handle_.has_value()) {
|
162
177
|
event_engine_->Cancel(refresh_handle_.value());
|
163
178
|
}
|
179
|
+
// Call here because we call grpc_init in the constructor
|
180
|
+
grpc_shutdown();
|
164
181
|
}
|
165
182
|
|
166
183
|
void DirectoryReloaderCrlProvider::UpdateAndStartTimer() {
|
@@ -209,9 +226,9 @@ absl::Status DirectoryReloaderCrlProvider::Update() {
|
|
209
226
|
// in-place updated in crls_.
|
210
227
|
for (auto& kv : new_crls) {
|
211
228
|
std::shared_ptr<Crl>& crl = kv.second;
|
212
|
-
// It's not safe to say crl->Issuer() on the LHS and std::move(crl) on
|
213
|
-
// RHS, because C++ does not guarantee which of those will be
|
214
|
-
// first.
|
229
|
+
// It's not safe to say crl->Issuer() on the LHS and std::move(crl) on
|
230
|
+
// the RHS, because C++ does not guarantee which of those will be
|
231
|
+
// executed first.
|
215
232
|
std::string issuer(crl->Issuer());
|
216
233
|
crls_[std::move(issuer)] = std::move(crl);
|
217
234
|
}
|
@@ -98,11 +98,7 @@ class DirectoryReloaderCrlProvider
|
|
98
98
|
std::chrono::seconds duration, std::function<void(absl::Status)> callback,
|
99
99
|
std::shared_ptr<grpc_event_engine::experimental::EventEngine>
|
100
100
|
event_engine,
|
101
|
-
std::shared_ptr<DirectoryReader> directory_impl)
|
102
|
-
: refresh_duration_(Duration::FromSecondsAsDouble(duration.count())),
|
103
|
-
reload_error_callback_(std::move(callback)),
|
104
|
-
event_engine_(std::move(event_engine)),
|
105
|
-
crl_directory_(std::move(directory_impl)) {}
|
101
|
+
std::shared_ptr<DirectoryReader> directory_impl);
|
106
102
|
|
107
103
|
~DirectoryReloaderCrlProvider() override;
|
108
104
|
std::shared_ptr<Crl> GetCrl(const CertificateInfo& certificate_info) override;
|
@@ -46,6 +46,22 @@ bool CredentialOptionSanityCheck(grpc_tls_credentials_options* options,
|
|
46
46
|
gpr_log(GPR_ERROR, "TLS credentials options is nullptr.");
|
47
47
|
return false;
|
48
48
|
}
|
49
|
+
// In this case, there will be non-retriable handshake errors.
|
50
|
+
if (options->min_tls_version() > options->max_tls_version()) {
|
51
|
+
gpr_log(GPR_ERROR, "TLS min version must not be higher than max version.");
|
52
|
+
grpc_tls_credentials_options_destroy(options);
|
53
|
+
return false;
|
54
|
+
}
|
55
|
+
if (options->max_tls_version() > grpc_tls_version::TLS1_3) {
|
56
|
+
gpr_log(GPR_ERROR, "TLS max version must not be higher than v1.3.");
|
57
|
+
grpc_tls_credentials_options_destroy(options);
|
58
|
+
return false;
|
59
|
+
}
|
60
|
+
if (options->min_tls_version() < grpc_tls_version::TLS1_2) {
|
61
|
+
gpr_log(GPR_ERROR, "TLS min version must not be lower than v1.2.");
|
62
|
+
grpc_tls_credentials_options_destroy(options);
|
63
|
+
return false;
|
64
|
+
}
|
49
65
|
if (!options->crl_directory().empty() && options->crl_provider() != nullptr) {
|
50
66
|
gpr_log(GPR_ERROR,
|
51
67
|
"Setting crl_directory and crl_provider not supported. Using the "
|
@@ -26,7 +26,6 @@
|
|
26
26
|
#include <grpc/impl/channel_arg_names.h>
|
27
27
|
#include <grpc/support/log.h>
|
28
28
|
|
29
|
-
#include "src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h"
|
30
29
|
#include "src/core/ext/xds/xds_certificate_provider.h"
|
31
30
|
#include "src/core/lib/channel/channel_args.h"
|
32
31
|
#include "src/core/lib/gpr/useful.h"
|
@@ -34,6 +33,7 @@
|
|
34
33
|
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
|
35
34
|
#include "src/core/lib/security/credentials/tls/tls_credentials.h"
|
36
35
|
#include "src/core/lib/security/credentials/tls/tls_utils.h"
|
36
|
+
#include "src/core/load_balancing/xds/xds_channel_args.h"
|
37
37
|
|
38
38
|
namespace grpc_core {
|
39
39
|
|
@@ -74,10 +74,8 @@ bool XdsVerifySubjectAlternativeNames(
|
|
74
74
|
//
|
75
75
|
|
76
76
|
XdsCertificateVerifier::XdsCertificateVerifier(
|
77
|
-
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider
|
78
|
-
std::
|
79
|
-
: xds_certificate_provider_(std::move(xds_certificate_provider)),
|
80
|
-
cluster_name_(std::move(cluster_name)) {}
|
77
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider)
|
78
|
+
: xds_certificate_provider_(std::move(xds_certificate_provider)) {}
|
81
79
|
|
82
80
|
bool XdsCertificateVerifier::Verify(
|
83
81
|
grpc_tls_custom_verification_check_request* request,
|
@@ -86,15 +84,15 @@ bool XdsCertificateVerifier::Verify(
|
|
86
84
|
if (!XdsVerifySubjectAlternativeNames(
|
87
85
|
request->peer_info.san_names.uri_names,
|
88
86
|
request->peer_info.san_names.uri_names_size,
|
89
|
-
xds_certificate_provider_->
|
87
|
+
xds_certificate_provider_->san_matchers()) &&
|
90
88
|
!XdsVerifySubjectAlternativeNames(
|
91
89
|
request->peer_info.san_names.ip_names,
|
92
90
|
request->peer_info.san_names.ip_names_size,
|
93
|
-
xds_certificate_provider_->
|
91
|
+
xds_certificate_provider_->san_matchers()) &&
|
94
92
|
!XdsVerifySubjectAlternativeNames(
|
95
93
|
request->peer_info.san_names.dns_names,
|
96
94
|
request->peer_info.san_names.dns_names_size,
|
97
|
-
xds_certificate_provider_->
|
95
|
+
xds_certificate_provider_->san_matchers())) {
|
98
96
|
*sync_status = absl::Status(
|
99
97
|
absl::StatusCode::kUnauthenticated,
|
100
98
|
"SANs from certificate did not match SANs from xDS control plane");
|
@@ -108,9 +106,12 @@ void XdsCertificateVerifier::Cancel(
|
|
108
106
|
int XdsCertificateVerifier::CompareImpl(
|
109
107
|
const grpc_tls_certificate_verifier* other) const {
|
110
108
|
auto* o = static_cast<const XdsCertificateVerifier*>(other);
|
111
|
-
|
112
|
-
|
113
|
-
|
109
|
+
if (xds_certificate_provider_ == nullptr ||
|
110
|
+
o->xds_certificate_provider_ == nullptr) {
|
111
|
+
return QsortCompare(xds_certificate_provider_,
|
112
|
+
o->xds_certificate_provider_);
|
113
|
+
}
|
114
|
+
return xds_certificate_provider_->Compare(o->xds_certificate_provider_.get());
|
114
115
|
}
|
115
116
|
|
116
117
|
UniqueTypeName XdsCertificateVerifier::type() const {
|
@@ -140,12 +141,9 @@ XdsCredentials::create_security_connector(
|
|
140
141
|
RefCountedPtr<grpc_channel_security_connector> security_connector;
|
141
142
|
auto xds_certificate_provider = args->GetObjectRef<XdsCertificateProvider>();
|
142
143
|
if (xds_certificate_provider != nullptr) {
|
143
|
-
|
144
|
-
args->GetString(GRPC_ARG_XDS_CLUSTER_NAME).value());
|
145
|
-
const bool watch_root =
|
146
|
-
xds_certificate_provider->ProvidesRootCerts(cluster_name);
|
144
|
+
const bool watch_root = xds_certificate_provider->ProvidesRootCerts();
|
147
145
|
const bool watch_identity =
|
148
|
-
xds_certificate_provider->ProvidesIdentityCerts(
|
146
|
+
xds_certificate_provider->ProvidesIdentityCerts();
|
149
147
|
if (watch_root || watch_identity) {
|
150
148
|
auto tls_credentials_options =
|
151
149
|
MakeRefCounted<grpc_tls_credentials_options>();
|
@@ -153,16 +151,14 @@ XdsCredentials::create_security_connector(
|
|
153
151
|
xds_certificate_provider);
|
154
152
|
if (watch_root) {
|
155
153
|
tls_credentials_options->set_watch_root_cert(true);
|
156
|
-
tls_credentials_options->set_root_cert_name(cluster_name);
|
157
154
|
}
|
158
155
|
if (watch_identity) {
|
159
156
|
tls_credentials_options->set_watch_identity_pair(true);
|
160
|
-
tls_credentials_options->set_identity_cert_name(cluster_name);
|
161
157
|
}
|
162
158
|
tls_credentials_options->set_verify_server_cert(true);
|
163
159
|
tls_credentials_options->set_certificate_verifier(
|
164
|
-
MakeRefCounted<XdsCertificateVerifier>(
|
165
|
-
|
160
|
+
MakeRefCounted<XdsCertificateVerifier>(
|
161
|
+
std::move(xds_certificate_provider)));
|
166
162
|
tls_credentials_options->set_check_call_host(false);
|
167
163
|
auto tls_credentials =
|
168
164
|
MakeRefCounted<TlsCredentials>(std::move(tls_credentials_options));
|
@@ -189,20 +185,17 @@ XdsServerCredentials::create_security_connector(const ChannelArgs& args) {
|
|
189
185
|
auto xds_certificate_provider = args.GetObjectRef<XdsCertificateProvider>();
|
190
186
|
// Identity certs are a must for TLS.
|
191
187
|
if (xds_certificate_provider != nullptr &&
|
192
|
-
xds_certificate_provider->ProvidesIdentityCerts(
|
188
|
+
xds_certificate_provider->ProvidesIdentityCerts()) {
|
193
189
|
auto tls_credentials_options =
|
194
190
|
MakeRefCounted<grpc_tls_credentials_options>();
|
195
191
|
tls_credentials_options->set_watch_identity_pair(true);
|
196
192
|
tls_credentials_options->set_certificate_provider(xds_certificate_provider);
|
197
|
-
if (xds_certificate_provider->ProvidesRootCerts(
|
193
|
+
if (xds_certificate_provider->ProvidesRootCerts()) {
|
198
194
|
tls_credentials_options->set_watch_root_cert(true);
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
tls_credentials_options->set_cert_request_type(
|
204
|
-
GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
|
205
|
-
}
|
195
|
+
tls_credentials_options->set_cert_request_type(
|
196
|
+
xds_certificate_provider->require_client_certificate()
|
197
|
+
? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
|
198
|
+
: GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
|
206
199
|
} else {
|
207
200
|
// Do not request client certificate if there is no way to verify.
|
208
201
|
tls_credentials_options->set_cert_request_type(
|
@@ -46,9 +46,8 @@ namespace grpc_core {
|
|
46
46
|
|
47
47
|
class XdsCertificateVerifier : public grpc_tls_certificate_verifier {
|
48
48
|
public:
|
49
|
-
XdsCertificateVerifier(
|
50
|
-
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider
|
51
|
-
std::string cluster_name);
|
49
|
+
explicit XdsCertificateVerifier(
|
50
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider);
|
52
51
|
|
53
52
|
bool Verify(grpc_tls_custom_verification_check_request* request,
|
54
53
|
std::function<void(absl::Status)>,
|
@@ -61,7 +60,6 @@ class XdsCertificateVerifier : public grpc_tls_certificate_verifier {
|
|
61
60
|
int CompareImpl(const grpc_tls_certificate_verifier* other) const override;
|
62
61
|
|
63
62
|
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider_;
|
64
|
-
std::string cluster_name_;
|
65
63
|
};
|
66
64
|
|
67
65
|
class XdsCredentials final : public grpc_channel_credentials {
|
@@ -38,7 +38,6 @@
|
|
38
38
|
#include <grpc/support/log.h>
|
39
39
|
#include <grpc/support/string_util.h>
|
40
40
|
|
41
|
-
#include "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h"
|
42
41
|
#include "src/core/lib/channel/channel_args.h"
|
43
42
|
#include "src/core/lib/gpr/string.h"
|
44
43
|
#include "src/core/lib/gpr/useful.h"
|
@@ -58,6 +57,7 @@
|
|
58
57
|
#include "src/core/lib/security/credentials/fake/fake_credentials.h"
|
59
58
|
#include "src/core/lib/security/transport/security_handshaker.h"
|
60
59
|
#include "src/core/lib/transport/handshaker.h"
|
60
|
+
#include "src/core/load_balancing/grpclb/grpclb.h"
|
61
61
|
#include "src/core/tsi/fake_transport_security.h"
|
62
62
|
#include "src/core/tsi/transport_security_interface.h"
|
63
63
|
|
@@ -37,8 +37,8 @@
|
|
37
37
|
|
38
38
|
#include "src/core/lib/config/config_vars.h"
|
39
39
|
#include "src/core/lib/gpr/useful.h"
|
40
|
+
#include "src/core/lib/gprpp/load_file.h"
|
40
41
|
#include "src/core/lib/iomgr/error.h"
|
41
|
-
#include "src/core/lib/iomgr/load_file.h"
|
42
42
|
#include "src/core/lib/security/security_connector/load_system_roots.h"
|
43
43
|
#include "src/core/lib/security/security_connector/load_system_roots_supported.h"
|
44
44
|
|
@@ -63,14 +63,10 @@ const char* kCertDirectories[] = {""};
|
|
63
63
|
#endif // GPR_APPLE
|
64
64
|
|
65
65
|
grpc_slice GetSystemRootCerts() {
|
66
|
-
grpc_slice valid_bundle_slice = grpc_empty_slice();
|
67
66
|
size_t num_cert_files_ = GPR_ARRAY_SIZE(kCertFiles);
|
68
67
|
for (size_t i = 0; i < num_cert_files_; i++) {
|
69
|
-
|
70
|
-
|
71
|
-
if (error.ok()) {
|
72
|
-
return valid_bundle_slice;
|
73
|
-
}
|
68
|
+
auto slice = LoadFile(kCertFiles[i], /*add_null_terminator=*/true);
|
69
|
+
if (slice.ok()) return slice->TakeCSlice();
|
74
70
|
}
|
75
71
|
return grpc_empty_slice();
|
76
72
|
}
|
@@ -37,7 +37,7 @@
|
|
37
37
|
#include <grpc/support/log.h>
|
38
38
|
#include <grpc/support/string_util.h>
|
39
39
|
|
40
|
-
#include "src/core/
|
40
|
+
#include "src/core/client_channel/client_channel_filter.h"
|
41
41
|
#include "src/core/lib/address_utils/parse_address.h"
|
42
42
|
#include "src/core/lib/address_utils/sockaddr_utils.h"
|
43
43
|
#include "src/core/lib/channel/channel_args.h"
|
@@ -44,8 +44,8 @@
|
|
44
44
|
#include "src/core/lib/config/config_vars.h"
|
45
45
|
#include "src/core/lib/gpr/useful.h"
|
46
46
|
#include "src/core/lib/gprpp/host_port.h"
|
47
|
+
#include "src/core/lib/gprpp/load_file.h"
|
47
48
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
48
|
-
#include "src/core/lib/iomgr/load_file.h"
|
49
49
|
#include "src/core/lib/security/context/security_context.h"
|
50
50
|
#include "src/core/lib/security/security_connector/load_system_roots.h"
|
51
51
|
#include "src/core/tsi/ssl_transport_security.h"
|
@@ -566,40 +566,49 @@ const char* DefaultSslRootStore::GetPemRootCerts() {
|
|
566
566
|
}
|
567
567
|
|
568
568
|
grpc_slice DefaultSslRootStore::ComputePemRootCerts() {
|
569
|
-
|
569
|
+
Slice result;
|
570
570
|
// First try to load the roots from the configuration.
|
571
|
-
|
571
|
+
std::string default_root_certs_path =
|
572
|
+
ConfigVars::Get().DefaultSslRootsFilePath();
|
572
573
|
if (!default_root_certs_path.empty()) {
|
573
|
-
|
574
|
-
|
575
|
-
|
576
|
-
|
574
|
+
auto slice =
|
575
|
+
LoadFile(default_root_certs_path, /*add_null_terminator=*/true);
|
576
|
+
if (!slice.ok()) {
|
577
|
+
gpr_log(GPR_ERROR, "error loading file %s: %s",
|
578
|
+
default_root_certs_path.c_str(),
|
579
|
+
slice.status().ToString().c_str());
|
580
|
+
} else {
|
581
|
+
result = std::move(*slice);
|
582
|
+
}
|
577
583
|
}
|
578
584
|
// Try overridden roots if needed.
|
579
585
|
grpc_ssl_roots_override_result ovrd_res = GRPC_SSL_ROOTS_OVERRIDE_FAIL;
|
580
|
-
if (
|
586
|
+
if (result.empty() && ssl_roots_override_cb != nullptr) {
|
581
587
|
char* pem_root_certs = nullptr;
|
582
588
|
ovrd_res = ssl_roots_override_cb(&pem_root_certs);
|
583
589
|
if (ovrd_res == GRPC_SSL_ROOTS_OVERRIDE_OK) {
|
584
590
|
GPR_ASSERT(pem_root_certs != nullptr);
|
585
|
-
result =
|
591
|
+
result = Slice::FromCopiedBuffer(
|
586
592
|
pem_root_certs,
|
587
593
|
strlen(pem_root_certs) + 1); // nullptr terminator.
|
588
594
|
}
|
589
595
|
gpr_free(pem_root_certs);
|
590
596
|
}
|
591
597
|
// Try loading roots from OS trust store if flag is enabled.
|
592
|
-
if (
|
593
|
-
|
594
|
-
result = LoadSystemRootCerts();
|
598
|
+
if (result.empty() && !ConfigVars::Get().NotUseSystemSslRoots()) {
|
599
|
+
result = Slice(LoadSystemRootCerts());
|
595
600
|
}
|
596
601
|
// Fallback to roots manually shipped with gRPC.
|
597
|
-
if (
|
598
|
-
|
599
|
-
|
600
|
-
|
602
|
+
if (result.empty() && ovrd_res != GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY) {
|
603
|
+
auto slice = LoadFile(installed_roots_path, /*add_null_terminator=*/true);
|
604
|
+
if (!slice.ok()) {
|
605
|
+
gpr_log(GPR_ERROR, "error loading file %s: %s", installed_roots_path,
|
606
|
+
slice.status().ToString().c_str());
|
607
|
+
} else {
|
608
|
+
result = std::move(*slice);
|
609
|
+
}
|
601
610
|
}
|
602
|
-
return result;
|
611
|
+
return result.TakeCSlice();
|
603
612
|
}
|
604
613
|
|
605
614
|
void DefaultSslRootStore::InitRootStore() {
|
@@ -379,7 +379,8 @@ void TlsChannelSecurityConnector::check_peer(
|
|
379
379
|
grpc_ssl_peer_to_auth_context(&peer, GRPC_TLS_TRANSPORT_SECURITY_TYPE);
|
380
380
|
GPR_ASSERT(options_->certificate_verifier() != nullptr);
|
381
381
|
auto* pending_request = new ChannelPendingVerifierRequest(
|
382
|
-
|
382
|
+
RefAsSubclass<TlsChannelSecurityConnector>(), on_peer_checked, peer,
|
383
|
+
target_name);
|
383
384
|
{
|
384
385
|
MutexLock lock(&verifier_request_map_mu_);
|
385
386
|
pending_verifier_requests_.emplace(on_peer_checked, pending_request);
|
@@ -653,8 +654,8 @@ void TlsServerSecurityConnector::check_peer(
|
|
653
654
|
*auth_context =
|
654
655
|
grpc_ssl_peer_to_auth_context(&peer, GRPC_TLS_TRANSPORT_SECURITY_TYPE);
|
655
656
|
if (options_->certificate_verifier() != nullptr) {
|
656
|
-
auto* pending_request =
|
657
|
-
|
657
|
+
auto* pending_request = new ServerPendingVerifierRequest(
|
658
|
+
RefAsSubclass<TlsServerSecurityConnector>(), on_peer_checked, peer);
|
658
659
|
{
|
659
660
|
MutexLock lock(&verifier_request_map_mu_);
|
660
661
|
pending_verifier_requests_.emplace(on_peer_checked, pending_request);
|
@@ -62,23 +62,90 @@ class ClientAuthFilter final : public ChannelFilter {
|
|
62
62
|
grpc_call_credentials::GetRequestMetadataArgs args_;
|
63
63
|
};
|
64
64
|
|
65
|
-
class
|
65
|
+
class LegacyServerAuthFilter final : public ChannelFilter {
|
66
66
|
public:
|
67
67
|
static const grpc_channel_filter kFilter;
|
68
68
|
|
69
|
-
static absl::StatusOr<
|
70
|
-
|
69
|
+
static absl::StatusOr<LegacyServerAuthFilter> Create(const ChannelArgs& args,
|
70
|
+
ChannelFilter::Args);
|
71
71
|
|
72
72
|
// Construct a promise for one call.
|
73
73
|
ArenaPromise<ServerMetadataHandle> MakeCallPromise(
|
74
74
|
CallArgs call_args, NextPromiseFactory next_promise_factory) override;
|
75
75
|
|
76
|
+
private:
|
77
|
+
LegacyServerAuthFilter(
|
78
|
+
RefCountedPtr<grpc_server_credentials> server_credentials,
|
79
|
+
RefCountedPtr<grpc_auth_context> auth_context);
|
80
|
+
|
81
|
+
class RunApplicationCode;
|
82
|
+
|
83
|
+
ArenaPromise<absl::StatusOr<CallArgs>> GetCallCredsMetadata(
|
84
|
+
CallArgs call_args);
|
85
|
+
|
86
|
+
RefCountedPtr<grpc_server_credentials> server_credentials_;
|
87
|
+
RefCountedPtr<grpc_auth_context> auth_context_;
|
88
|
+
};
|
89
|
+
|
90
|
+
class ServerAuthFilter final : public ImplementChannelFilter<ServerAuthFilter> {
|
76
91
|
private:
|
77
92
|
ServerAuthFilter(RefCountedPtr<grpc_server_credentials> server_credentials,
|
78
93
|
RefCountedPtr<grpc_auth_context> auth_context);
|
79
94
|
|
80
|
-
class RunApplicationCode
|
95
|
+
class RunApplicationCode {
|
96
|
+
public:
|
97
|
+
RunApplicationCode(ServerAuthFilter* filter, ClientMetadata& metadata);
|
98
|
+
|
99
|
+
RunApplicationCode(const RunApplicationCode&) = delete;
|
100
|
+
RunApplicationCode& operator=(const RunApplicationCode&) = delete;
|
101
|
+
RunApplicationCode(RunApplicationCode&& other) noexcept
|
102
|
+
: state_(std::exchange(other.state_, nullptr)) {}
|
103
|
+
RunApplicationCode& operator=(RunApplicationCode&& other) noexcept {
|
104
|
+
state_ = std::exchange(other.state_, nullptr);
|
105
|
+
return *this;
|
106
|
+
}
|
107
|
+
|
108
|
+
Poll<absl::Status> operator()();
|
109
|
+
|
110
|
+
private:
|
111
|
+
// Called from application code.
|
112
|
+
static void OnMdProcessingDone(void* user_data,
|
113
|
+
const grpc_metadata* consumed_md,
|
114
|
+
size_t num_consumed_md,
|
115
|
+
const grpc_metadata* response_md,
|
116
|
+
size_t num_response_md,
|
117
|
+
grpc_status_code status,
|
118
|
+
const char* error_details);
|
119
|
+
|
120
|
+
struct State;
|
121
|
+
State* state_;
|
122
|
+
};
|
123
|
+
|
124
|
+
public:
|
125
|
+
static const grpc_channel_filter kFilter;
|
81
126
|
|
127
|
+
static absl::StatusOr<ServerAuthFilter> Create(const ChannelArgs& args,
|
128
|
+
ChannelFilter::Args);
|
129
|
+
|
130
|
+
class Call {
|
131
|
+
public:
|
132
|
+
explicit Call(ServerAuthFilter* filter);
|
133
|
+
auto OnClientInitialMetadata(ClientMetadata& md, ServerAuthFilter* filter) {
|
134
|
+
return If(
|
135
|
+
filter->server_credentials_ == nullptr ||
|
136
|
+
filter->server_credentials_->auth_metadata_processor().process ==
|
137
|
+
nullptr,
|
138
|
+
ImmediateOkStatus(),
|
139
|
+
[filter, md = &md]() { return RunApplicationCode(filter, *md); });
|
140
|
+
}
|
141
|
+
static const NoInterceptor OnServerInitialMetadata;
|
142
|
+
static const NoInterceptor OnClientToServerMessage;
|
143
|
+
static const NoInterceptor OnServerToClientMessage;
|
144
|
+
static const NoInterceptor OnServerTrailingMetadata;
|
145
|
+
static const NoInterceptor OnFinalize;
|
146
|
+
};
|
147
|
+
|
148
|
+
private:
|
82
149
|
ArenaPromise<absl::StatusOr<CallArgs>> GetCallCredsMetadata(
|
83
150
|
CallArgs call_args);
|
84
151
|
|
@@ -216,10 +216,8 @@ absl::StatusOr<ClientAuthFilter> ClientAuthFilter::Create(
|
|
216
216
|
return absl::InvalidArgumentError(
|
217
217
|
"Auth context missing from client auth filter args");
|
218
218
|
}
|
219
|
-
|
220
|
-
|
221
|
-
static_cast<grpc_channel_security_connector*>(sc)->Ref(),
|
222
|
-
auth_context->Ref());
|
219
|
+
return ClientAuthFilter(sc->RefAsSubclass<grpc_channel_security_connector>(),
|
220
|
+
auth_context->Ref());
|
223
221
|
}
|
224
222
|
|
225
223
|
const grpc_channel_filter ClientAuthFilter::kFilter =
|