grpc 1.75.0 → 1.78.1

data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc

@@ -22,13 +22,13 @@
 #include <grpc/support/port_platform.h>
 #include <string.h>
 
-#include "absl/log/check.h"
-#include "absl/log/log.h"
 #include "src/core/lib/slice/slice.h"
 #include "src/core/lib/slice/slice_internal.h"
 #include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h"
 #include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
 #include "src/core/util/crash.h"
+#include "src/core/util/grpc_check.h"
+#include "absl/log/log.h"
 
 // Main struct for alts_grpc_integrity_only_record_protocol.
 typedef struct alts_grpc_integrity_only_record_protocol {
@@ -141,14 +141,14 @@ static tsi_result alts_grpc_integrity_only_unprotect(
   grpc_slice_buffer_reset_and_unref(&rp->header_sb);
   grpc_slice_buffer_move_first(protected_slices, rp->header_length,
                                &rp->header_sb);
-  CHECK(rp->header_sb.length == rp->header_length);
+  GRPC_CHECK(rp->header_sb.length == rp->header_length);
   iovec_t header_iovec = alts_grpc_record_protocol_get_header_iovec(rp);
   // Moves protected slices data to data_sb and leaves the remaining tag.
   grpc_slice_buffer_reset_and_unref(&integrity_only_record_protocol->data_sb);
   grpc_slice_buffer_move_first(protected_slices,
                                protected_slices->length - rp->tag_length,
                                &integrity_only_record_protocol->data_sb);
-  CHECK(protected_slices->length == rp->tag_length);
+  GRPC_CHECK(protected_slices->length == rp->tag_length);
   iovec_t tag_iovec = {nullptr, rp->tag_length};
   if (protected_slices->count == 1) {
     tag_iovec.iov_base = GRPC_SLICE_START_PTR(protected_slices->slices[0]);

data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc

@@ -21,18 +21,26 @@
 #include <grpc/support/alloc.h>
 #include <grpc/support/port_platform.h>
 
-#include "absl/log/log.h"
 #include "src/core/lib/slice/slice.h"
 #include "src/core/lib/slice/slice_internal.h"
 #include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h"
 #include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
 #include "src/core/util/crash.h"
+#include "absl/log/log.h"
 
 // Privacy-integrity alts_grpc_record_protocol object uses the same struct
 // defined in alts_grpc_record_protocol_common.h.
 
 // --- alts_grpc_record_protocol methods implementation. ---
 
+static grpc_slice allocate_slice(alts_grpc_record_protocol* rp, size_t size) {
+  if (rp->alloc_cb != nullptr) {
+    return rp->alloc_cb(size, rp->alloc_user_data);
+  } else {
+    return GRPC_SLICE_MALLOC(size);
+  }
+}
+
 static tsi_result alts_grpc_privacy_integrity_protect(
     alts_grpc_record_protocol* rp, grpc_slice_buffer* unprotected_slices,
     grpc_slice_buffer* protected_slices) {
@@ -48,7 +56,7 @@ static tsi_result alts_grpc_privacy_integrity_protect(
   size_t protected_frame_size =
       unprotected_slices->length + rp->header_length +
       alts_iovec_record_protocol_get_tag_length(rp->iovec_rp);
-  grpc_slice protected_slice = GRPC_SLICE_MALLOC(protected_frame_size);
+  grpc_slice protected_slice = allocate_slice(rp, protected_frame_size);
   iovec_t protected_iovec = {GRPC_SLICE_START_PTR(protected_slice),
                              GRPC_SLICE_LENGTH(protected_slice)};
   // Calls alts_iovec_record_protocol protect.
@@ -88,7 +96,7 @@ static tsi_result alts_grpc_privacy_integrity_unprotect(
   }
   size_t unprotected_frame_size =
       protected_slices->length - rp->header_length - rp->tag_length;
-  grpc_slice unprotected_slice = GRPC_SLICE_MALLOC(unprotected_frame_size);
+  grpc_slice unprotected_slice = allocate_slice(rp, unprotected_frame_size);
   iovec_t unprotected_iovec = {GRPC_SLICE_START_PTR(unprotected_slice),
                                GRPC_SLICE_LENGTH(unprotected_slice)};
   // Strips frame header from protected slices.

data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h

@@ -22,6 +22,7 @@
 #include <grpc/slice_buffer.h>
 #include <grpc/support/port_platform.h>
 
+#include "src/core/tsi/transport_security_grpc.h"
 #include "src/core/tsi/transport_security_interface.h"
 
 ///
@@ -86,4 +87,13 @@ size_t alts_grpc_record_protocol_max_unprotected_data_size(
 ///
 void alts_grpc_record_protocol_destroy(alts_grpc_record_protocol* self);
 
+///
+/// This method sets the allocation callback for the alts_grpc_record_protocol
+/// instance.
+///
+void alts_grpc_record_protocol_set_allocation_callback(
+    alts_grpc_record_protocol* self,
+    tsi_zero_copy_grpc_protector_allocator_cb allocator_cb,
+    void* allocator_user_data);
+
 #endif  // GRPC_SRC_CORE_TSI_ALTS_ZERO_COPY_FRAME_PROTECTOR_ALTS_GRPC_RECORD_PROTOCOL_H

data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc

@@ -22,20 +22,20 @@
 #include <grpc/support/port_platform.h>
 #include <string.h>
 
-#include "absl/log/check.h"
-#include "absl/log/log.h"
 #include "src/core/lib/iomgr/exec_ctx.h"
 #include "src/core/lib/slice/slice_internal.h"
 #include "src/core/util/crash.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/useful.h"
+#include "absl/log/log.h"
 
 const size_t kInitialIovecBufferSize = 8;
 
 // Makes sure iovec_buf in alts_grpc_record_protocol is large enough.
 static void ensure_iovec_buf_size(alts_grpc_record_protocol* rp,
                                   const grpc_slice_buffer* sb) {
-  CHECK(rp != nullptr);
-  CHECK_NE(sb, nullptr);
+  GRPC_CHECK(rp != nullptr);
+  GRPC_CHECK_NE(sb, nullptr);
   if (sb->count <= rp->iovec_buf_length) {
     return;
   }
@@ -50,8 +50,8 @@ static void ensure_iovec_buf_size(alts_grpc_record_protocol* rp,
 
 void alts_grpc_record_protocol_convert_slice_buffer_to_iovec(
     alts_grpc_record_protocol* rp, const grpc_slice_buffer* sb) {
-  CHECK(rp != nullptr);
-  CHECK_NE(sb, nullptr);
+  GRPC_CHECK(rp != nullptr);
+  GRPC_CHECK_NE(sb, nullptr);
   ensure_iovec_buf_size(rp, sb);
   for (size_t i = 0; i < sb->count; i++) {
     rp->iovec_buf[i].iov_base = GRPC_SLICE_START_PTR(sb->slices[i]);
@@ -61,8 +61,8 @@ void alts_grpc_record_protocol_convert_slice_buffer_to_iovec(
 
 void alts_grpc_record_protocol_copy_slice_buffer(const grpc_slice_buffer* src,
                                                  unsigned char* dst) {
-  CHECK(src != nullptr);
-  CHECK_NE(dst, nullptr);
+  GRPC_CHECK(src != nullptr);
+  GRPC_CHECK_NE(dst, nullptr);
   for (size_t i = 0; i < src->count; i++) {
     size_t slice_length = GRPC_SLICE_LENGTH(src->slices[i]);
     memcpy(dst, GRPC_SLICE_START_PTR(src->slices[i]), slice_length);
@@ -173,3 +173,11 @@ size_t alts_grpc_record_protocol_max_unprotected_data_size(
   return alts_iovec_record_protocol_max_unprotected_data_size(
       self->iovec_rp, max_protected_frame_size);
 }
+
+void alts_grpc_record_protocol_set_allocation_callback(
+    alts_grpc_record_protocol* self,
+    tsi_zero_copy_grpc_protector_allocator_cb allocator_cb, void* user_data) {
+  if (self == nullptr) return;
+  self->alloc_cb = allocator_cb;
+  self->alloc_user_data = user_data;
+}

data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h

@@ -29,6 +29,7 @@
 
 #include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h"
 #include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
+#include "src/core/tsi/transport_security_grpc.h"
 
 // V-table for alts_grpc_record_protocol implementations.
 struct alts_grpc_record_protocol_vtable {
@@ -53,6 +54,8 @@ struct alts_grpc_record_protocol {
   size_t tag_length;
   iovec_t* iovec_buf;
   size_t iovec_buf_length;
+  tsi_zero_copy_grpc_protector_allocator_cb alloc_cb;
+  void* alloc_user_data;
 };
 
 ///

data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc

@@ -25,14 +25,14 @@
 #include <memory>
 #include <utility>
 
-#include "absl/log/check.h"
-#include "absl/log/log.h"
 #include "src/core/tsi/alts/crypt/gsec.h"
 #include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h"
 #include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h"
 #include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h"
 #include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
 #include "src/core/tsi/transport_security_grpc.h"
+#include "src/core/util/grpc_check.h"
+#include "absl/log/log.h"
 
 constexpr size_t kMinFrameLength = 1024;
 constexpr size_t kDefaultFrameLength = 16 * 1024;
@@ -84,7 +84,7 @@ static bool read_frame_size(const grpc_slice_buffer* sb,
       remaining -= slice_length;
     }
   }
-  CHECK_EQ(remaining, 0u);
+  GRPC_CHECK_EQ(remaining, 0u);
   // Gets little-endian frame size.
   uint32_t frame_size = (static_cast<uint32_t>(frame_size_buffer[3]) << 24) |
                         (static_cast<uint32_t>(frame_size_buffer[2]) << 16) |
@@ -256,13 +256,26 @@ static bool alts_zero_copy_grpc_protector_read_frame_size(
   return read_frame_size(protected_slices, frame_size);
 }
 
+static void alts_zero_copy_grpc_protector_set_allocator(
+    tsi_zero_copy_grpc_protector* self,
+    tsi_zero_copy_grpc_protector_allocator_cb alloc_cb, void* user_data) {
+  alts_zero_copy_grpc_protector* impl =
+      reinterpret_cast<alts_zero_copy_grpc_protector*>(self);
+  // Set on both protect and unprotect protocols
+  alts_grpc_record_protocol_set_allocation_callback(impl->record_protocol,
+                                                    alloc_cb, user_data);
+  alts_grpc_record_protocol_set_allocation_callback(impl->unrecord_protocol,
+                                                    alloc_cb, user_data);
+}
+
 static const tsi_zero_copy_grpc_protector_vtable
     alts_zero_copy_grpc_protector_vtable = {
         alts_zero_copy_grpc_protector_protect,
         alts_zero_copy_grpc_protector_unprotect,
         alts_zero_copy_grpc_protector_destroy,
         alts_zero_copy_grpc_protector_max_frame_size,
-        alts_zero_copy_grpc_protector_read_frame_size};
+        alts_zero_copy_grpc_protector_read_frame_size,
+        alts_zero_copy_grpc_protector_set_allocator};
 
 tsi_result alts_zero_copy_grpc_protector_create(
     const grpc_core::GsecKeyFactoryInterface& key_factory, bool is_client,
@@ -300,7 +313,7 @@ tsi_result alts_zero_copy_grpc_protector_create(
       impl->max_unprotected_data_size =
           alts_grpc_record_protocol_max_unprotected_data_size(
               impl->record_protocol, max_protected_frame_size_to_set);
-      CHECK_GT(impl->max_unprotected_data_size, 0u);
+      GRPC_CHECK_GT(impl->max_unprotected_data_size, 0u);
       // Allocates internal slice buffers.
       grpc_slice_buffer_init(&impl->unprotected_staging_sb);
       grpc_slice_buffer_init(&impl->protected_sb);

data/src/core/tsi/fake_transport_security.cc

@@ -23,13 +23,13 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "absl/log/check.h"
-#include "absl/log/log.h"
 #include "src/core/lib/slice/slice_internal.h"
 #include "src/core/tsi/transport_security_grpc.h"
 #include "src/core/tsi/transport_security_interface.h"
 #include "src/core/util/crash.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/memory.h"
+#include "absl/log/log.h"
 
 // --- Constants. ---
 #define TSI_FAKE_FRAME_HEADER_SIZE 4
@@ -124,8 +124,8 @@ static void store32_little_endian(uint32_t value, unsigned char* buf) {
 }
 
 static uint32_t read_frame_size(const grpc_slice_buffer* sb) {
-  CHECK(sb != nullptr);
-  CHECK(sb->length >= TSI_FAKE_FRAME_HEADER_SIZE);
+  GRPC_CHECK(sb != nullptr);
+  GRPC_CHECK(sb->length >= TSI_FAKE_FRAME_HEADER_SIZE);
   uint8_t frame_size_buffer[TSI_FAKE_FRAME_HEADER_SIZE];
   uint8_t* buf = frame_size_buffer;
   // Copies the first 4 bytes to a temporary buffer.
@@ -142,7 +142,7 @@ static uint32_t read_frame_size(const grpc_slice_buffer* sb) {
       remaining -= slice_length;
     }
   }
-  CHECK_EQ(remaining, 0u);
+  GRPC_CHECK_EQ(remaining, 0u);
   return load32_little_endian(frame_size_buffer);
 }
 
@@ -543,6 +543,7 @@ static const tsi_zero_copy_grpc_protector_vtable
         fake_zero_copy_grpc_protector_destroy,
         fake_zero_copy_grpc_protector_max_frame_size,
         fake_zero_copy_grpc_protector_read_frame_size,
+        nullptr /* set_allocator */
 };
 
 // --- tsi_handshaker_result methods implementation. ---

data/src/core/tsi/local_transport_security.cc

@@ -25,10 +25,10 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "absl/log/log.h"
 #include "src/core/lib/iomgr/exec_ctx.h"
 #include "src/core/tsi/transport_security_grpc.h"
 #include "src/core/util/crash.h"
+#include "absl/log/log.h"
 
 namespace {
 

data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc

@@ -18,12 +18,12 @@
 
 #include <map>
 
-#include "absl/log/check.h"
-#include "absl/log/log.h"
 #include "src/core/lib/iomgr/error.h"
 #include "src/core/lib/slice/slice_internal.h"
 #include "src/core/util/crash.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/sync.h"
+#include "absl/log/log.h"
 
 using TlsSessionKeyLogger = tsi::TlsSessionKeyLoggerCache::TlsSessionKeyLogger;
 
@@ -48,8 +48,8 @@ TlsSessionKeyLoggerCache::TlsSessionKeyLogger::TlsSessionKeyLogger(
     grpc_core::RefCountedPtr<TlsSessionKeyLoggerCache> cache)
     : tls_session_key_log_file_path_(std::move(tls_session_key_log_file_path)),
       cache_(std::move(cache)) {
-  CHECK(!tls_session_key_log_file_path_.empty());
-  CHECK(cache_ != nullptr);
+  GRPC_CHECK(!tls_session_key_log_file_path_.empty());
+  GRPC_CHECK(cache_ != nullptr);
   fd_ = fopen(tls_session_key_log_file_path_.c_str(), "a");
   if (fd_ == nullptr) {
     grpc_error_handle error = GRPC_OS_ERROR(errno, "fopen");
@@ -108,7 +108,7 @@ TlsSessionKeyLoggerCache::~TlsSessionKeyLoggerCache() {
 grpc_core::RefCountedPtr<TlsSessionKeyLogger> TlsSessionKeyLoggerCache::Get(
     std::string tls_session_key_log_file_path) {
   gpr_once_init(&g_cache_mutex_init, do_cache_mutex_init);
-  DCHECK_NE(g_tls_session_key_log_cache_mu, nullptr);
+  GRPC_DCHECK_NE(g_tls_session_key_log_cache_mu, nullptr);
   if (tls_session_key_log_file_path.empty()) {
     return nullptr;
   }

data/src/core/tsi/ssl/key_logging/ssl_key_logging.h

@@ -24,10 +24,10 @@
 #include <iostream>
 #include <map>
 
-#include "absl/base/thread_annotations.h"
 #include "src/core/util/memory.h"
 #include "src/core/util/ref_counted.h"
 #include "src/core/util/sync.h"
+#include "absl/base/thread_annotations.h"
 
 namespace tsi {
 

data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc

@@ -21,12 +21,12 @@
 #include <grpc/support/port_platform.h>
 #include <grpc/support/string_util.h>
 
-#include "absl/log/check.h"
-#include "absl/log/log.h"
 #include "src/core/lib/slice/slice_internal.h"
 #include "src/core/tsi/ssl/session_cache/ssl_session.h"
 #include "src/core/util/crash.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/sync.h"
+#include "absl/log/log.h"
 
 namespace tsi {
 
@@ -112,7 +112,7 @@ void SslSessionLRUCache::Put(const char* key, SslSessionPtr session) {
   entry_by_key_.emplace(key, node);
   AssertInvariants();
   if (use_order_list_size_ > capacity_) {
-    CHECK(use_order_list_tail_);
+    GRPC_CHECK(use_order_list_tail_);
     node = use_order_list_tail_;
     Remove(node);
     // Order matters, key is destroyed after deleting node.
@@ -143,7 +143,7 @@ void SslSessionLRUCache::Remove(SslSessionLRUCache::Node* node) {
   } else {
     node->next_->prev_ = node->prev_;
   }
-  CHECK_GE(use_order_list_size_, 1u);
+  GRPC_CHECK_GE(use_order_list_size_, 1u);
   use_order_list_size_--;
 }
 
@@ -169,16 +169,16 @@ void SslSessionLRUCache::AssertInvariants() {
   Node* current = use_order_list_head_;
   while (current != nullptr) {
     size++;
-    CHECK(current->prev_ == prev);
+    GRPC_CHECK(current->prev_ == prev);
     auto it = entry_by_key_.find(current->key());
-    CHECK(it != entry_by_key_.end());
-    CHECK(it->second == current);
+    GRPC_CHECK(it != entry_by_key_.end());
+    GRPC_CHECK(it->second == current);
     prev = current;
     current = current->next_;
   }
-  CHECK(prev == use_order_list_tail_);
-  CHECK(size == use_order_list_size_);
-  CHECK(entry_by_key_.size() == use_order_list_size_);
+  GRPC_CHECK(prev == use_order_list_tail_);
+  GRPC_CHECK(size == use_order_list_size_);
+  GRPC_CHECK(entry_by_key_.size() == use_order_list_size_);
 }
 #else
 void SslSessionLRUCache::AssertInvariants() {}

data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc

@@ -17,14 +17,14 @@
 //
 #include <grpc/support/port_platform.h>
 
-#include "absl/log/check.h"
 #include "src/core/tsi/ssl/session_cache/ssl_session.h"
 #include "src/core/util/crash.h"
+#include "src/core/util/grpc_check.h"
 
 #ifndef OPENSSL_IS_BORINGSSL
 
-#include "absl/memory/memory.h"
 #include "src/core/lib/slice/slice.h"
+#include "absl/memory/memory.h"
 
 // OpenSSL invalidates SSL_SESSION on SSL destruction making it pointless
 // to cache sessions. The workaround is to serialize (relatively expensive)
@@ -41,11 +41,11 @@ class OpenSslCachedSession : public SslCachedSession {
  public:
   OpenSslCachedSession(SslSessionPtr session) {
     int size = i2d_SSL_SESSION(session.get(), nullptr);
-    CHECK_GT(size, 0);
+    GRPC_CHECK_GT(size, 0);
     grpc_slice slice = grpc_slice_malloc(size_t(size));
     unsigned char* start = GRPC_SLICE_START_PTR(slice);
     int second_size = i2d_SSL_SESSION(session.get(), &start);
-    CHECK(size == second_size);
+    GRPC_CHECK(size == second_size);
     serialized_session_ = slice;
   }
 

data/src/core/tsi/ssl_transport_security.cc

@@ -53,13 +53,6 @@
 #include <optional>
 #include <string>
 
-#include "absl/log/check.h"
-#include "absl/log/log.h"
-#include "absl/strings/match.h"
-#include "absl/strings/numbers.h"
-#include "absl/strings/str_cat.h"
-#include "absl/strings/str_split.h"
-#include "absl/strings/string_view.h"
 #include "src/core/credentials/transport/tls/grpc_tls_crl_provider.h"
 #include "src/core/credentials/transport/tls/ssl_utils.h"
 #include "src/core/lib/surface/init.h"
@@ -71,9 +64,16 @@
 #include "src/core/tsi/transport_security_interface.h"
 #include "src/core/util/crash.h"
 #include "src/core/util/env.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/match.h"
 #include "src/core/util/sync.h"
 #include "src/core/util/useful.h"
+#include "absl/log/log.h"
+#include "absl/strings/match.h"
+#include "absl/strings/numbers.h"
+#include "absl/strings/str_cat.h"
+#include "absl/strings/str_split.h"
+#include "absl/strings/string_view.h"
 
 // Name of the environment variable controlling OpenSSL cleanup timeout.
 // This variable allows users to specify the timeout (in seconds) for OpenSSL
@@ -324,7 +324,7 @@ static void init_openssl(void) {
 #if OPENSSL_VERSION_NUMBER < 0x10100000
   if (!CRYPTO_get_locking_callback()) {
     int num_locks = CRYPTO_num_locks();
-    CHECK_GT(num_locks, 0);
+    GRPC_CHECK_GT(num_locks, 0);
     g_openssl_mutexes = static_cast<gpr_mu*>(
         gpr_malloc(static_cast<size_t>(num_locks) * sizeof(gpr_mu)));
     for (int i = 0; i < num_locks; i++) {
@@ -338,19 +338,19 @@ static void init_openssl(void) {
 #endif
   g_ssl_ctx_ex_factory_index =
       SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
-  CHECK_NE(g_ssl_ctx_ex_factory_index, -1);
+  GRPC_CHECK_NE(g_ssl_ctx_ex_factory_index, -1);
 
   g_ssl_ctx_ex_crl_provider_index =
       SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
-  CHECK_NE(g_ssl_ctx_ex_crl_provider_index, -1);
+  GRPC_CHECK_NE(g_ssl_ctx_ex_crl_provider_index, -1);
 
   g_ssl_ctx_ex_spiffe_bundle_map_index =
       SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
-  CHECK_NE(g_ssl_ctx_ex_spiffe_bundle_map_index, -1);
+  GRPC_CHECK_NE(g_ssl_ctx_ex_spiffe_bundle_map_index, -1);
 
   g_ssl_ex_verified_root_cert_index = SSL_get_ex_new_index(
       0, nullptr, nullptr, nullptr, verified_root_cert_free);
-  CHECK_NE(g_ssl_ex_verified_root_cert_index, -1);
+  GRPC_CHECK_NE(g_ssl_ex_verified_root_cert_index, -1);
 }
 
 // --- Ssl utils. ---
@@ -608,7 +608,7 @@ static tsi_result peer_from_x509(X509* cert, int include_certificate_type,
           : 0;
   size_t property_count;
   tsi_result result;
-  CHECK_GE(subject_alt_name_count, 0);
+  GRPC_CHECK_GE(subject_alt_name_count, 0);
   property_count = (include_certificate_type ? size_t{1} : 0) +
                    3 /* subject, common name, certificate */ +
                    static_cast<size_t>(subject_alt_name_count);
@@ -663,7 +663,7 @@ static tsi_result peer_from_x509(X509* cert, int include_certificate_type,
   }
   if (result != TSI_OK) tsi_peer_destruct(peer);
 
-  CHECK((int)peer->property_count == current_insert_index);
+  GRPC_CHECK((int)peer->property_count == current_insert_index);
   return result;
 }
 
@@ -674,7 +674,7 @@ static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX* context,
   tsi_result result = TSI_OK;
   X509* certificate = nullptr;
   BIO* pem;
-  CHECK_LE(pem_cert_chain_size, static_cast<size_t>(INT_MAX));
+  GRPC_CHECK_LE(pem_cert_chain_size, static_cast<size_t>(INT_MAX));
   pem = BIO_new_mem_buf(pem_cert_chain, static_cast<int>(pem_cert_chain_size));
   if (pem == nullptr) return TSI_OUT_OF_RESOURCES;
 
@@ -794,7 +794,7 @@ static tsi_result ssl_ctx_use_pem_private_key(SSL_CTX* context,
   tsi_result result = TSI_OK;
   EVP_PKEY* private_key = nullptr;
   BIO* pem;
-  CHECK_LE(pem_key_size, static_cast<size_t>(INT_MAX));
+  GRPC_CHECK_LE(pem_key_size, static_cast<size_t>(INT_MAX));
   pem = BIO_new_mem_buf(pem_key, static_cast<int>(pem_key_size));
   if (pem == nullptr) return TSI_OUT_OF_RESOURCES;
   do {
@@ -839,7 +839,7 @@ static tsi_result x509_store_load_certs(X509_STORE* cert_store,
   X509* root = nullptr;
   X509_NAME* root_name = nullptr;
   BIO* pem;
-  CHECK_LE(pem_roots_size, static_cast<size_t>(INT_MAX));
+  GRPC_CHECK_LE(pem_roots_size, static_cast<size_t>(INT_MAX));
   pem = BIO_new_mem_buf(pem_roots, static_cast<int>(pem_roots_size));
   if (cert_store == nullptr) return TSI_INVALID_ARGUMENT;
   if (pem == nullptr) return TSI_OUT_OF_RESOURCES;
@@ -1240,7 +1240,7 @@ static int CheckChainRevocation(
 }
 
 static grpc_core::SpiffeBundleMap* GetSpiffeBundleMap(X509_STORE_CTX* ctx) {
-  CHECK(ctx != nullptr);
+  GRPC_CHECK(ctx != nullptr);
   ERR_clear_error();
   int ssl_index = SSL_get_ex_data_X509_STORE_CTX_idx();
   if (ssl_index < 0) {
@@ -1264,7 +1264,7 @@ static grpc_core::SpiffeBundleMap* GetSpiffeBundleMap(X509_STORE_CTX* ctx) {
 }
 
 static absl::StatusOr<std::string> GetSpiffeUriFromCert(X509* cert) {
-  CHECK(cert != nullptr);
+  GRPC_CHECK(cert != nullptr);
   GENERAL_NAMES* subject_alt_names = static_cast<GENERAL_NAMES*>(
       X509_get_ext_d2i(cert, NID_subject_alt_name, nullptr, nullptr));
   int uri_count = 0;
@@ -1301,7 +1301,7 @@ static absl::StatusOr<std::string> GetSpiffeUriFromCert(X509* cert) {
 }
 
 static absl::StatusOr<std::string> SpiffeTrustDomainFromCert(X509* cert) {
-  CHECK(cert != nullptr);
+  GRPC_CHECK(cert != nullptr);
   auto subject_name = GetSpiffeUriFromCert(cert);
   GRPC_RETURN_IF_ERROR(subject_name.status());
   auto spiffe_id = grpc_core::SpiffeId::FromString(*subject_name);
@@ -1315,7 +1315,7 @@ static absl::StatusOr<std::string> SpiffeTrustDomainFromCert(X509* cert) {
 // https://github.com/grpc/proposal/blob/master/A87-mtls-spiffe-support.md
 absl::Status ConfigureSpiffeRoots(
     X509_STORE_CTX* ctx, grpc_core::SpiffeBundleMap* spiffe_bundle_map) {
-  CHECK(ctx != nullptr);
+  GRPC_CHECK(ctx != nullptr);
   if (spiffe_bundle_map == nullptr) {
     return absl::InvalidArgumentError(
         "cannot configure spiffe roots with a nullptr spiffe_bundle_map.");
@@ -1354,7 +1354,7 @@ absl::Status ConfigureSpiffeRoots(
 // returns 1 on success, indicating a trusted chain to a root of trust was
 // found, 0 if a trusted chain could not be built.
 static int CustomVerificationFunction(X509_STORE_CTX* ctx, void* arg) {
-  CHECK(ctx != nullptr);
+  GRPC_CHECK(ctx != nullptr);
   grpc_core::SpiffeBundleMap* spiffe_bundle_map = GetSpiffeBundleMap(ctx);
   if (spiffe_bundle_map != nullptr) {
     // If a SPIFFE Bundle Map is configured, we'll use
@@ -1598,7 +1598,7 @@ static tsi_ssl_handshaker_factory_vtable handshaker_factory_vtable = {nullptr};
 // allocating memory for the factory.
 static void tsi_ssl_handshaker_factory_init(
     tsi_ssl_handshaker_factory* factory) {
-  CHECK_NE(factory, nullptr);
+  GRPC_CHECK_NE(factory, nullptr);
 
   factory->vtable = &handshaker_factory_vtable;
   gpr_ref_init(&factory->refcount, 1);
@@ -1825,7 +1825,7 @@ static tsi_result ssl_handshaker_get_bytes_to_send_to_peer(
     if (error != nullptr) *error = "invalid argument";
     return TSI_INVALID_ARGUMENT;
   }
-  CHECK_LE(*bytes_size, static_cast<size_t>(INT_MAX));
+  GRPC_CHECK_LE(*bytes_size, static_cast<size_t>(INT_MAX));
   bytes_read_from_ssl =
       BIO_read(impl->network_io, bytes, static_cast<int>(*bytes_size));
   if (bytes_read_from_ssl < 0) {
@@ -1903,7 +1903,7 @@ static tsi_result ssl_handshaker_process_bytes_from_peer(
     if (error != nullptr) *error = "invalid argument";
     return TSI_INVALID_ARGUMENT;
   }
-  CHECK_LE(*bytes_size, static_cast<size_t>(INT_MAX));
+  GRPC_CHECK_LE(*bytes_size, static_cast<size_t>(INT_MAX));
   bytes_written_into_ssl_size =
       BIO_write(impl->network_io, bytes, static_cast<int>(*bytes_size));
   if (bytes_written_into_ssl_size < 0) {
@@ -2402,7 +2402,7 @@ static int server_handshaker_factory_npn_advertised_callback(
   tsi_ssl_server_handshaker_factory* factory =
       static_cast<tsi_ssl_server_handshaker_factory*>(arg);
   *out = factory->alpn_protocol_list;
-  CHECK(factory->alpn_protocol_list_length <= UINT_MAX);
+  GRPC_CHECK(factory->alpn_protocol_list_length <= UINT_MAX);
   *outlen = static_cast<unsigned int>(factory->alpn_protocol_list_length);
   return SSL_TLSEXT_ERR_OK;
 }
@@ -2437,7 +2437,7 @@ static int server_handshaker_factory_new_session_callback(
 template <typename T>
 static void ssl_keylogging_callback(const SSL* ssl, const char* info) {
   SSL_CTX* ssl_context = SSL_get_SSL_CTX(ssl);
-  CHECK_NE(ssl_context, nullptr);
+  GRPC_CHECK_NE(ssl_context, nullptr);
   void* arg = SSL_CTX_get_ex_data(ssl_context, g_ssl_ctx_ex_factory_index);
   T* factory = static_cast<T*>(arg);
   factory->key_logger->LogSessionKeys(ssl_context, info);
@@ -2588,7 +2588,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
         break;
       }
 #if TSI_OPENSSL_ALPN_SUPPORT
-      CHECK(impl->alpn_protocol_list_length < UINT_MAX);
+      GRPC_CHECK(impl->alpn_protocol_list_length < UINT_MAX);
       if (SSL_CTX_set_alpn_protos(
               ssl_context, impl->alpn_protocol_list,
               static_cast<unsigned int>(impl->alpn_protocol_list_length))) {
@@ -2945,8 +2945,8 @@ bool IsRootCertInfoEmpty(const RootCertInfo* root_cert_info) {
 const tsi_ssl_handshaker_factory_vtable* tsi_ssl_handshaker_factory_swap_vtable(
     tsi_ssl_handshaker_factory* factory,
     tsi_ssl_handshaker_factory_vtable* new_vtable) {
-  CHECK_NE(factory, nullptr);
-  CHECK_NE(factory->vtable, nullptr);
+  GRPC_CHECK_NE(factory, nullptr);
+  GRPC_CHECK_NE(factory->vtable, nullptr);
 
   const tsi_ssl_handshaker_factory_vtable* orig_vtable = factory->vtable;
   factory->vtable = new_vtable;

data/src/core/tsi/ssl_transport_security.h

@@ -26,11 +26,11 @@
 
 #include <memory>
 
-#include "absl/strings/string_view.h"
 #include "src/core/credentials/transport/tls/spiffe_utils.h"
 #include "src/core/tsi/ssl/key_logging/ssl_key_logging.h"
 #include "src/core/tsi/ssl_transport_security_utils.h"
 #include "src/core/tsi/transport_security_interface.h"
+#include "absl/strings/string_view.h"
 
 // Value for the TSI_CERTIFICATE_TYPE_PEER_PROPERTY property for X509 certs.
 #define TSI_X509_CERTIFICATE_TYPE "X509"