Remove gRPC's custom prefix headers

pull/21194/head
Muxi Yan 5 years ago
parent 0b0627c681
commit 771dd24548
  1. 2
      src/core/lib/security/credentials/jwt/json_token.h
  2. 2
      src/core/lib/security/credentials/jwt/jwt_verifier.cc
  3. 2
      src/core/tsi/alts/crypt/aes_gcm.cc
  4. 3297
      src/core/tsi/grpc_shadow_boringssl.h
  5. 2
      src/core/tsi/ssl/session_cache/ssl_session.h
  6. 2
      src/core/tsi/ssl/session_cache/ssl_session_cache.h
  7. 2
      src/core/tsi/ssl_transport_security.cc
  8. 2
      src/core/tsi/ssl_types.h
  9. 3265
      src/objective-c/grpc_shadow_boringssl_symbol_list
  10. 40
      templates/src/core/tsi/grpc_shadow_boringssl.h.template
  11. 249
      templates/src/objective-c/BoringSSL-GRPC.podspec.template-e
  12. 32
      tools/buildgen/plugins/grpc_shadow_boringssl.py

@ -21,8 +21,6 @@
#include <grpc/support/port_platform.h>
#include "src/core/tsi/grpc_shadow_boringssl.h"
#include <grpc/slice.h>
#include <openssl/rsa.h>

@ -18,8 +18,6 @@
#include <grpc/support/port_platform.h>
#include "src/core/tsi/grpc_shadow_boringssl.h"
#include "src/core/lib/security/credentials/jwt/jwt_verifier.h"
#include <limits.h>

@ -18,8 +18,6 @@
#include <grpc/support/port_platform.h>
#include "src/core/tsi/grpc_shadow_boringssl.h"
#include "src/core/tsi/alts/crypt/gsec.h"
#include <openssl/bio.h>

File diff suppressed because it is too large Load Diff

@ -21,8 +21,6 @@
#include <grpc/support/port_platform.h>
#include "src/core/tsi/grpc_shadow_boringssl.h"
#include <grpc/slice.h>
extern "C" {

@ -21,8 +21,6 @@
#include <grpc/support/port_platform.h>
#include "src/core/tsi/grpc_shadow_boringssl.h"
#include <grpc/slice.h>
#include <grpc/support/sync.h>

@ -18,8 +18,6 @@
#include <grpc/support/port_platform.h>
#include "src/core/tsi/grpc_shadow_boringssl.h"
#include "src/core/tsi/ssl_transport_security.h"
#include <limits.h>

@ -29,8 +29,6 @@
#include <grpc/support/port_platform.h>
#include "src/core/tsi/grpc_shadow_boringssl.h"
#include <openssl/ssl.h>
#ifdef OPENSSL_IS_BORINGSSL

File diff suppressed because it is too large Load Diff

@ -1,40 +0,0 @@
%YAML 1.2
--- |
<%!
def expand_symbol_list(symbol_list):
return '\n'.join('#define %s GRPC_SHADOW_%s' % (symbol, symbol) for symbol in symbol_list)
%>
/*
*
* Copyright 2018 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
// This file is autogenerated from a template file. Please make
// modifications to
// `templates/src/objective-c/tsi/grpc_shadow_boringssl.h.template`
// instead. This file can be regenerated from the template by running
// `tools/buildgen/generate_projects.sh`.
#ifndef GRPC_CORE_TSI_GRPC_SHADOW_BORINGSSL_H
#define GRPC_CORE_TSI_GRPC_SHADOW_BORINGSSL_H
#ifdef GRPC_SHADOW_BORINGSSL_SYMBOLS
${expand_symbol_list(settings.grpc_shadow_boringssl_symbols)}
#endif /* GRPC_SHADOW_BORINGSSL_SYMBOLS */
#endif /* GRPC_CORE_TSI_GRPC_SHADOW_BORINGSSL_H */

@ -0,0 +1,249 @@
%YAML 1.2
--- |
<%!
def expand_symbol_list(symbol_list):
return ',\n '.join("'#define %s GRPC_SHADOW_%s'" % (symbol, symbol) for symbol in symbol_list)
import subprocess
boringssl_commit = subprocess.check_output(['git', 'rev-parse', 'HEAD'], cwd='third_party/boringssl').decode().strip()
%>
# This file has been automatically generated from a template file.
# Please make modifications to
# `templates/src/objective-c/BoringSSL-GRPC.podspec.template` instead. This
# file can be regenerated from the template by running
# `tools/buildgen/generate_projects.sh`. Because of some limitations of this
# template, you might actually need to run the same script twice in a row.
# (see err_data.c section)
# BoringSSL CocoaPods podspec
# Copyright 2015, Google Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Google Inc. nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Pod::Spec.new do |s|
s.name = 'BoringSSL-GRPC'
version = '0.0.5'
s.version = version
s.summary = 'BoringSSL is a fork of OpenSSL that is designed to meet Google\'s needs.'
# Adapted from the homepage:
s.description = <<-DESC
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is.
We don't recommend that third parties depend upon it. Doing so is likely to be frustrating
because there are no guarantees of API stability. Only the latest version of this pod is
supported, and every new version is a new major version.
We update Google libraries and programs that use BoringSSL as needed when deciding to make API
changes. This allows us to mostly avoid compromises in the name of compatibility. It works for
us, but it may not work for you.
As a Cocoapods pod, it has the advantage over OpenSSL's pods that the library doesn't need to
be precompiled. This eliminates the 10 - 20 minutes of wait the first time a user does "pod
install", lets it be used as a dynamic framework (pending solution of Cocoapods' issue #4605),
and works with bitcode automatically. It's also thought to be smaller than OpenSSL (which takes
1MB - 2MB per ARM architecture), but we don't have specific numbers yet.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built
up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's
product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved
in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the
NDK) and a number of other apps/programs.
DESC
s.homepage = 'https://github.com/google/boringssl'
s.license = { :type => 'Mixed', :file => 'LICENSE' }
# "The name and email addresses of the library maintainers, not the Podspec maintainer."
s.authors = 'Adam Langley', 'David Benjamin', 'Matt Braithwaite'
s.source = {
:git => 'https://github.com/google/boringssl.git',
:commit => "${boringssl_commit}",
}
s.ios.deployment_target = '7.0'
s.osx.deployment_target = '10.7'
s.tvos.deployment_target = '10.0'
s.watchos.deployment_target = '4.0'
name = 'openssl_grpc'
# When creating a dynamic framework, name it openssl.framework instead of BoringSSL.framework.
# This lets users write their includes like `#include <openssl/ssl.h>` as opposed to `#include
# <BoringSSL/ssl.h>`.
s.module_name = name
# When creating a dynamic framework, copy the headers under `include/openssl/` into the root of
# the `Headers/` directory of the framework (i.e., not under `Headers/include/openssl`).
#
# TODO(jcanizales): Debug why this doesn't work on macOS.
s.header_mappings_dir = 'include/openssl'
# The above has an undesired effect when creating a static library: It forces users to write
# includes like `#include <BoringSSL/ssl.h>`. `s.header_dir` adds a path prefix to that, and
# because Cocoapods lets omit the pod name when including headers of static libraries, the
# following lets users write `#include <openssl/ssl.h>`.
s.header_dir = name
# The module map and umbrella header created automatically by Cocoapods don't work for C libraries
# like this one. The following file, and a correct umbrella header, are created on the fly by the
# `prepare_command` of this pod.
s.module_map = 'include/openssl/BoringSSL.modulemap'
# We don't need to inhibit all warnings; only -Wno-shorten-64-to-32. But Cocoapods' linter doesn't
# want that for some reason.
s.compiler_flags = '-DOPENSSL_NO_ASM', '-GCC_WARN_INHIBIT_ALL_WARNINGS', '-w'
s.requires_arc = false
# Like many other C libraries, BoringSSL has its public headers under `include/<libname>/` and its
# sources and private headers in other directories outside `include/`. Cocoapods' linter doesn't
# allow any header to be listed outside the `header_mappings_dir` (even though doing so works in
# practice). Because we need our `header_mappings_dir` to be `include/openssl/` for the reason
# mentioned above, we work around the linter limitation by dividing the pod into two subspecs, one
# for public headers and the other for implementation. Each gets its own `header_mappings_dir`,
# making the linter happy.
s.subspec 'Interface' do |ss|
ss.header_mappings_dir = 'include/openssl'
ss.source_files = 'include/openssl/*.h'
end
s.subspec 'Implementation' do |ss|
ss.header_mappings_dir = '.'
ss.source_files = 'ssl/*.{h,c,cc}',
'ssl/**/*.{h,c,cc}',
'crypto/*.{h,c,cc}',
'crypto/**/*.{h,c,cc}',
# We have to include fiat because spake25519 depends on it
'third_party/fiat/*.{h,c,cc}',
# Include the err_data.c generated in prepare_command below
'err_data.c'
ss.private_header_files = 'ssl/*.h',
'ssl/**/*.h',
'crypto/*.h',
'crypto/**/*.h',
'third_party/fiat/*.h'
# bcm.c includes other source files, creating duplicated symbols. Since it is not used, we
# explicitly exclude it from the pod.
# TODO (mxyan): Work with BoringSSL team to remove this hack.
ss.exclude_files = 'crypto/fipsmodule/bcm.c',
'**/*_test.*',
'**/test_*.*',
'**/test/*.*'
ss.dependency "#{s.name}/Interface", version
end
s.prepare_command = <<-END_OF_COMMAND
# Add a module map and an umbrella header
cat > include/openssl/umbrella.h <<EOF
#include "ssl.h"
#include "crypto.h"
#include "aes.h"
/* The following macros are defined by base.h. The latter is the first file included by the
other headers. */
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
# include "arm_arch.h"
#endif
#include "asn1.h"
#include "asn1_mac.h"
#include "asn1t.h"
#include "blowfish.h"
#include "cast.h"
#include "chacha.h"
#include "cmac.h"
#include "conf.h"
#include "cpu.h"
#include "curve25519.h"
#include "des.h"
#include "dtls1.h"
#include "hkdf.h"
#include "md4.h"
#include "md5.h"
#include "obj_mac.h"
#include "objects.h"
#include "opensslv.h"
#include "ossl_typ.h"
#include "pkcs12.h"
#include "pkcs7.h"
#include "pkcs8.h"
#include "poly1305.h"
#include "rand.h"
#include "rc4.h"
#include "ripemd.h"
#include "safestack.h"
#include "srtp.h"
#include "x509.h"
#include "x509v3.h"
EOF
cat > include/openssl/BoringSSL.modulemap <<EOF
framework module openssl {
umbrella header "umbrella.h"
textual header "arm_arch.h"
export *
module * { export * }
}
EOF
# To build boringssl, we need the generated file err_data.c, which is normally generated
# by boringssl's err_data_generate.go, but we already have a copy of err_data.c checked into the
# grpc/grpc repository that gets regenerated whenever we update the third_party/boringssl submodule.
# To make the podspec independent of the grpc repository, the .podspec.template just copies
# the contents of err_data.c directly into the .podspec.
# TODO(jtattermusch): avoid needing to run tools/buildgen/generate_projects.sh twice on update
# TODO(jtattermusch): another pre-generated copy of err_data.c is under third_party/boringssl-with-bazel
# investigate if we could use it.
cat > err_data.c <<EOF
% for err_data in open("src/boringssl/err_data.c", "r").readlines():
${err_data.replace('\\0', '\\\\0')}\
% endfor
EOF
# The symbol prefixing mechanism is performed by redefining BoringSSL symbols with "#define
# SOME_BORINGSSL_SYMBOL GRPC_SHADOW_SOME_BORINGSSL_SYMBOL". Unfortunately, some symbols are
# already redefined as macros in BoringSSL headers in the form "#define SOME_BORINGSSL_SYMBOL
# SOME_BORINGSSL_SYMBOL" Such type of redefinition will cause "SOME_BORINGSSL_SYMBOL redefined"
# error when using together with our prefix header. So the workaround in the below lines removes
# all such type of #define directives.
sed -i'.back' '/^#define \\([A-Za-z0-9_]*\\) \\1/d' include/openssl/*.h
# Remove lines of the format below for the same reason above
# #define SOME_BORINGSSL_SYMBOL ${"\\"}
# SOME_BORINGSSL_SYMBOL
sed -i'.back' '/^#define.*\\\\$/{N;/^#define \\([A-Za-z0-9_]*\\) *\\\\\\n *\\1/d;}' include/openssl/*.h
# We are renaming openssl to openssl_grpc so that there is no conflict with openssl if it exists
find . -type f \\( -path '*.h' -or -path '*.cc' -or -path '*.c' \\) -print0 | xargs -0 -L1 sed -E -i'.grpc_back' 's;#include <openssl/;#include <openssl_grpc/;g'
END_OF_COMMAND
# Redefine symbols to avoid conflict when the same app also depends on OpenSSL. The list of
# symbols are src/objective-c/grpc_shadow_boringssl_symbol_list.
# This is the last part of this file.
s.prefix_header_contents =
${expand_symbol_list(settings.grpc_shadow_boringssl_symbols)}
end

@ -1,32 +0,0 @@
# Copyright 2018 gRPC authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Buildgen generate grpc_shadow_boringssl headers
This script takes the list of symbols from
src/objective-c/grpc_shadow_boringssl_symbols and populate them in
settings.grpc_shadow_boringssl_symbols
"""
def mako_plugin(dictionary):
with open('src/objective-c/grpc_shadow_boringssl_symbol_list') as f:
symbols = f.readlines()
# Remove trailing '\n'
symbols = [s.strip() for s in symbols]
# Remove comments
symbols = [s for s in symbols if len(s) > 0 and s[0] != '#']
# Remove the commit number
del symbols[0]
settings = dictionary['settings']
settings['grpc_shadow_boringssl_symbols'] = symbols
Loading…
Cancel
Save