grpc 1.34.0 → 1.35.0.pre1

data/src/core/lib/uri/uri_parser.h

@@ -21,31 +21,67 @@
 
 #include <grpc/support/port_platform.h>
 
+#include <stddef.h>
+
+#include <map>
+#include <string>
+#include <vector>
+
+#include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
 
-#include <stddef.h>
+namespace grpc_core {
 
-struct grpc_uri {
-  char* scheme;
-  char* authority;
-  char* path;
-  char* query;
-  /** Query substrings separated by '&' */
-  char** query_parts;
-  /** Number of elements in \a query_parts and \a query_parts_values */
-  size_t num_query_parts;
-  /** Split each query part by '='. NULL if not present. */
-  char** query_parts_values;
-  char* fragment;
-};
-/** parse a uri, return NULL on failure */
-grpc_uri* grpc_uri_parse(absl::string_view uri_text, bool suppress_errors);
+class URI {
+ public:
+  struct QueryParam {
+    std::string key;
+    std::string value;
+    bool operator==(const QueryParam& other) const {
+      return key == other.key && value == other.value;
+    }
+  };
+
+  // Creates an instance of GrpcURI by parsing an rfc3986 URI string. Returns
+  // an IllegalArgumentError on failure.
+  static absl::StatusOr<URI> Parse(absl::string_view uri_text);
+  // Explicit construction by individual URI components
+  URI(std::string scheme, std::string authority, std::string path,
+      std::vector<QueryParam> query_parameter_pairs, std::string fragment_);
+  URI() = default;
+  // Copy construction and assignment
+  URI(const URI& other);
+  URI& operator=(const URI& other);
+  // Move construction and assignment
+  URI(URI&&) = default;
+  URI& operator=(URI&&) = default;
 
-/** return the part of a query string after the '=' in "?key=xxx&...", or NULL
- * if key is not present */
-const char* grpc_uri_get_query_arg(const grpc_uri* uri, const char* key);
+  const std::string& scheme() const { return scheme_; }
+  const std::string& authority() const { return authority_; }
+  const std::string& path() const { return path_; }
+  // Stores the *last* value appearing for each repeated key in the query
+  // string. If you need to capture repeated query parameters, use
+  // `query_parameter_pairs`.
+  const std::map<absl::string_view, absl::string_view>& query_parameter_map()
+      const {
+    return query_parameter_map_;
+  }
+  // A vector of key:value query parameter pairs, kept in order of appearance
+  // within the URI search string. Repeated keys are represented as separate
+  // key:value elements.
+  const std::vector<QueryParam>& query_parameter_pairs() const {
+    return query_parameter_pairs_;
+  }
+  const std::string& fragment() const { return fragment_; }
 
-/** destroy a uri */
-void grpc_uri_destroy(grpc_uri* uri);
+ private:
+  std::string scheme_;
+  std::string authority_;
+  std::string path_;
+  std::map<absl::string_view, absl::string_view> query_parameter_map_;
+  std::vector<QueryParam> query_parameter_pairs_;
+  std::string fragment_;
+};
+}  // namespace grpc_core
 
 #endif /* GRPC_CORE_LIB_URI_URI_PARSER_H */

data/src/core/plugin_registry/grpc_plugin_registry.cc

@@ -68,12 +68,16 @@ void XdsClientGlobalShutdown();
 }  // namespace grpc_core
 void grpc_certificate_provider_registry_init(void);
 void grpc_certificate_provider_registry_shutdown(void);
+namespace grpc_core {
+void FileWatcherCertificateProviderInit();
+void FileWatcherCertificateProviderShutdown();
+}  // namespace grpc_core
 void grpc_lb_policy_cds_init(void);
 void grpc_lb_policy_cds_shutdown(void);
-void grpc_lb_policy_eds_init(void);
-void grpc_lb_policy_eds_shutdown(void);
 void grpc_lb_policy_xds_cluster_impl_init(void);
 void grpc_lb_policy_xds_cluster_impl_shutdown(void);
+void grpc_lb_policy_xds_cluster_resolver_init(void);
+void grpc_lb_policy_xds_cluster_resolver_shutdown(void);
 void grpc_lb_policy_xds_cluster_manager_init(void);
 void grpc_lb_policy_xds_cluster_manager_shutdown(void);
 void grpc_resolver_xds_init(void);
@@ -126,12 +130,14 @@ void grpc_register_built_in_plugins(void) {
                        grpc_core::XdsClientGlobalShutdown);
   grpc_register_plugin(grpc_certificate_provider_registry_init,
                        grpc_certificate_provider_registry_shutdown);
+  grpc_register_plugin(grpc_core::FileWatcherCertificateProviderInit,
+                       grpc_core::FileWatcherCertificateProviderShutdown);
   grpc_register_plugin(grpc_lb_policy_cds_init,
                        grpc_lb_policy_cds_shutdown);
-  grpc_register_plugin(grpc_lb_policy_eds_init,
-                       grpc_lb_policy_eds_shutdown);
   grpc_register_plugin(grpc_lb_policy_xds_cluster_impl_init,
                        grpc_lb_policy_xds_cluster_impl_shutdown);
+  grpc_register_plugin(grpc_lb_policy_xds_cluster_resolver_init,
+                       grpc_lb_policy_xds_cluster_resolver_shutdown);
   grpc_register_plugin(grpc_lb_policy_xds_cluster_manager_init,
                        grpc_lb_policy_xds_cluster_manager_shutdown);
   grpc_register_plugin(grpc_resolver_xds_init,

data/src/core/tsi/alts/crypt/gsec.cc

@@ -43,8 +43,9 @@ grpc_status_code gsec_aead_crypter_encrypt(
     char** error_details) {
   if (crypter != nullptr && crypter->vtable != nullptr &&
       crypter->vtable->encrypt_iovec != nullptr) {
-    struct iovec aad_vec = {(void*)aad, aad_length};
-    struct iovec plaintext_vec = {(void*)plaintext, plaintext_length};
+    struct iovec aad_vec = {const_cast<uint8_t*>(aad), aad_length};
+    struct iovec plaintext_vec = {const_cast<uint8_t*>(plaintext),
+                                  plaintext_length};
     struct iovec ciphertext_vec = {ciphertext_and_tag,
                                    ciphertext_and_tag_length};
     return crypter->vtable->encrypt_iovec(
@@ -81,8 +82,8 @@ grpc_status_code gsec_aead_crypter_decrypt(
     size_t plaintext_length, size_t* bytes_written, char** error_details) {
   if (crypter != nullptr && crypter->vtable != nullptr &&
       crypter->vtable->decrypt_iovec != nullptr) {
-    struct iovec aad_vec = {(void*)aad, aad_length};
-    struct iovec ciphertext_vec = {(void*)ciphertext_and_tag,
+    struct iovec aad_vec = {const_cast<uint8_t*>(aad), aad_length};
+    struct iovec ciphertext_vec = {const_cast<uint8_t*>(ciphertext_and_tag),
                                    ciphertext_and_tag_length};
     struct iovec plaintext_vec = {plaintext, plaintext_length};
     return crypter->vtable->decrypt_iovec(

data/src/core/tsi/alts/frame_protector/frame_handler.cc

@@ -31,16 +31,18 @@
 
 /* Use little endian to interpret a string of bytes as uint32_t. */
 static uint32_t load_32_le(const unsigned char* buffer) {
-  return (((uint32_t)buffer[3]) << 24) | (((uint32_t)buffer[2]) << 16) |
-         (((uint32_t)buffer[1]) << 8) | ((uint32_t)buffer[0]);
+  return (static_cast<uint32_t>(buffer[3]) << 24) |
+         (static_cast<uint32_t>(buffer[2]) << 16) |
+         (static_cast<uint32_t>(buffer[1]) << 8) |
+         static_cast<uint32_t>(buffer[0]);
 }
 
 /* Store uint32_t as a string of little endian bytes. */
 static void store_32_le(uint32_t value, unsigned char* buffer) {
-  buffer[3] = (unsigned char)(value >> 24) & 0xFF;
-  buffer[2] = (unsigned char)(value >> 16) & 0xFF;
-  buffer[1] = (unsigned char)(value >> 8) & 0xFF;
-  buffer[0] = (unsigned char)(value)&0xFF;
+  buffer[3] = static_cast<unsigned char>(value >> 24) & 0xFF;
+  buffer[2] = static_cast<unsigned char>(value >> 16) & 0xFF;
+  buffer[1] = static_cast<unsigned char>(value >> 8) & 0xFF;
+  buffer[0] = static_cast<unsigned char>(value) & 0xFF;
 }
 
 /* Frame writer implementation. */

data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc

@@ -279,7 +279,7 @@ void alts_handshaker_client_handle_response(alts_handshaker_client* c,
   if (code != GRPC_STATUS_OK) {
     upb_strview details = grpc_gcp_HandshakerStatus_details(resp_status);
     if (details.size > 0) {
-      char* error_details = (char*)gpr_zalloc(details.size + 1);
+      char* error_details = static_cast<char*>(gpr_zalloc(details.size + 1));
       memcpy(error_details, details.data, details.size);
       gpr_log(GPR_ERROR, "Error from handshaker service:%s", error_details);
       gpr_free(error_details);

data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc

@@ -253,8 +253,8 @@ static const tsi_handshaker_result_vtable result_vtable = {
 
 tsi_result alts_tsi_handshaker_result_create(grpc_gcp_HandshakerResp* resp,
                                              bool is_client,
-                                             tsi_handshaker_result** self) {
-  if (self == nullptr || resp == nullptr) {
+                                             tsi_handshaker_result** result) {
+  if (result == nullptr || resp == nullptr) {
     gpr_log(GPR_ERROR, "Invalid arguments to create_handshaker_result()");
     return TSI_INVALID_ARGUMENT;
   }
@@ -305,19 +305,19 @@ tsi_result alts_tsi_handshaker_result_create(grpc_gcp_HandshakerResp* resp,
       grpc_gcp_Identity_service_account(local_identity);
   // We don't check if local service account is empty here
   // because local identity could be empty in certain situations.
-  alts_tsi_handshaker_result* result =
-      static_cast<alts_tsi_handshaker_result*>(gpr_zalloc(sizeof(*result)));
-  result->key_data =
+  alts_tsi_handshaker_result* sresult =
+      static_cast<alts_tsi_handshaker_result*>(gpr_zalloc(sizeof(*sresult)));
+  sresult->key_data =
       static_cast<char*>(gpr_zalloc(kAltsAes128GcmRekeyKeyLength));
-  memcpy(result->key_data, key_data.data, kAltsAes128GcmRekeyKeyLength);
-  result->peer_identity =
+  memcpy(sresult->key_data, key_data.data, kAltsAes128GcmRekeyKeyLength);
+  sresult->peer_identity =
       static_cast<char*>(gpr_zalloc(peer_service_account.size + 1));
-  memcpy(result->peer_identity, peer_service_account.data,
+  memcpy(sresult->peer_identity, peer_service_account.data,
          peer_service_account.size);
-  result->max_frame_size = grpc_gcp_HandshakerResult_max_frame_size(hresult);
+  sresult->max_frame_size = grpc_gcp_HandshakerResult_max_frame_size(hresult);
   upb::Arena rpc_versions_arena;
   bool serialized = grpc_gcp_rpc_protocol_versions_encode(
-      peer_rpc_version, rpc_versions_arena.ptr(), &result->rpc_versions);
+      peer_rpc_version, rpc_versions_arena.ptr(), &sresult->rpc_versions);
   if (!serialized) {
     gpr_log(GPR_ERROR, "Failed to serialize peer's RPC protocol versions.");
     return TSI_FAILED_PRECONDITION;
@@ -363,11 +363,11 @@ tsi_result alts_tsi_handshaker_result_create(grpc_gcp_HandshakerResp* resp,
     gpr_log(GPR_ERROR, "Failed to serialize peer's ALTS context.");
     return TSI_FAILED_PRECONDITION;
   }
-  result->serialized_context =
+  sresult->serialized_context =
       grpc_slice_from_copied_buffer(serialized_ctx, serialized_ctx_length);
-  result->is_client = is_client;
-  result->base.vtable = &result_vtable;
-  *self = &result->base;
+  sresult->is_client = is_client;
+  sresult->base.vtable = &result_vtable;
+  *result = &sresult->base;
   return TSI_OK;
 }
 
@@ -652,21 +652,21 @@ tsi_result alts_tsi_handshaker_create(
   return TSI_OK;
 }
 
-void alts_tsi_handshaker_result_set_unused_bytes(tsi_handshaker_result* self,
+void alts_tsi_handshaker_result_set_unused_bytes(tsi_handshaker_result* result,
                                                  grpc_slice* recv_bytes,
                                                  size_t bytes_consumed) {
-  GPR_ASSERT(recv_bytes != nullptr && self != nullptr);
+  GPR_ASSERT(recv_bytes != nullptr && result != nullptr);
   if (GRPC_SLICE_LENGTH(*recv_bytes) == bytes_consumed) {
     return;
   }
-  alts_tsi_handshaker_result* result =
-      reinterpret_cast<alts_tsi_handshaker_result*>(self);
-  result->unused_bytes_size = GRPC_SLICE_LENGTH(*recv_bytes) - bytes_consumed;
-  result->unused_bytes =
-      static_cast<unsigned char*>(gpr_zalloc(result->unused_bytes_size));
-  memcpy(result->unused_bytes,
+  alts_tsi_handshaker_result* sresult =
+      reinterpret_cast<alts_tsi_handshaker_result*>(result);
+  sresult->unused_bytes_size = GRPC_SLICE_LENGTH(*recv_bytes) - bytes_consumed;
+  sresult->unused_bytes =
+      static_cast<unsigned char*>(gpr_zalloc(sresult->unused_bytes_size));
+  memcpy(sresult->unused_bytes,
          GRPC_SLICE_START_PTR(*recv_bytes) + bytes_consumed,
-         result->unused_bytes_size);
+         sresult->unused_bytes_size);
 }
 
 namespace grpc_core {

data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc

@@ -56,16 +56,18 @@ static void maybe_append_error_msg(const char* appendix, char** dst) {
 
 /* Use little endian to interpret a string of bytes as uint32_t.  */
 static uint32_t load_32_le(const unsigned char* buffer) {
-  return (((uint32_t)buffer[3]) << 24) | (((uint32_t)buffer[2]) << 16) |
-         (((uint32_t)buffer[1]) << 8) | ((uint32_t)buffer[0]);
+  return (static_cast<uint32_t>(buffer[3]) << 24) |
+         (static_cast<uint32_t>(buffer[2]) << 16) |
+         (static_cast<uint32_t>(buffer[1]) << 8) |
+         static_cast<uint32_t>(buffer[0]);
 }
 
 /* Store uint32_t as a string of little endian bytes.  */
 static void store_32_le(uint32_t value, unsigned char* buffer) {
-  buffer[3] = (unsigned char)(value >> 24) & 0xFF;
-  buffer[2] = (unsigned char)(value >> 16) & 0xFF;
-  buffer[1] = (unsigned char)(value >> 8) & 0xFF;
-  buffer[0] = (unsigned char)(value)&0xFF;
+  buffer[3] = static_cast<unsigned char>(value >> 24) & 0xFF;
+  buffer[2] = static_cast<unsigned char>(value >> 16) & 0xFF;
+  buffer[1] = static_cast<unsigned char>(value >> 8) & 0xFF;
+  buffer[0] = static_cast<unsigned char>(value) & 0xFF;
 }
 
 /* Ensures header and tag iovec have sufficient length.  */

data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc

@@ -87,10 +87,10 @@ static bool read_frame_size(const grpc_slice_buffer* sb,
   }
   GPR_ASSERT(remaining == 0);
   /* Gets little-endian frame size.  */
-  uint32_t frame_size = (((uint32_t)frame_size_buffer[3]) << 24) |
-                        (((uint32_t)frame_size_buffer[2]) << 16) |
-                        (((uint32_t)frame_size_buffer[1]) << 8) |
-                        ((uint32_t)frame_size_buffer[0]);
+  uint32_t frame_size = (static_cast<uint32_t>(frame_size_buffer[3]) << 24) |
+                        (static_cast<uint32_t>(frame_size_buffer[2]) << 16) |
+                        (static_cast<uint32_t>(frame_size_buffer[1]) << 8) |
+                        static_cast<uint32_t>(frame_size_buffer[0]);
   if (frame_size > kMaxFrameLength) {
     gpr_log(GPR_ERROR, "Frame size is larger than maximum frame size");
     return false;

data/src/core/tsi/fake_transport_security.cc

@@ -524,7 +524,8 @@ static tsi_result fake_handshaker_result_create_frame_protector(
 static tsi_result fake_handshaker_result_get_unused_bytes(
     const tsi_handshaker_result* self, const unsigned char** bytes,
     size_t* bytes_size) {
-  fake_handshaker_result* result = (fake_handshaker_result*)self;
+  fake_handshaker_result* result = reinterpret_cast<fake_handshaker_result*>(
+      const_cast<tsi_handshaker_result*>(self));
   *bytes_size = result->unused_bytes_size;
   *bytes = result->unused_bytes;
   return TSI_OK;
@@ -581,8 +582,9 @@ static tsi_result fake_handshaker_get_bytes_to_send_to_peer(
         static_cast<tsi_fake_handshake_message>(impl->next_message_to_send + 2);
     const char* msg_string =
         tsi_fake_handshake_message_to_string(impl->next_message_to_send);
-    result = tsi_fake_frame_set_data((unsigned char*)msg_string,
-                                     strlen(msg_string), &impl->outgoing_frame);
+    result = tsi_fake_frame_set_data(
+        reinterpret_cast<unsigned char*>(const_cast<char*>(msg_string)),
+        strlen(msg_string), &impl->outgoing_frame);
     if (result != TSI_OK) return result;
     if (next_message_to_send > TSI_FAKE_HANDSHAKE_MESSAGE_MAX) {
       next_message_to_send = TSI_FAKE_HANDSHAKE_MESSAGE_MAX;

data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc

@@ -32,7 +32,7 @@ namespace {
 
 class BoringSslCachedSession : public SslCachedSession {
  public:
-  BoringSslCachedSession(SslSessionPtr session)
+  explicit BoringSslCachedSession(SslSessionPtr session)
       : session_(std::move(session)) {}
 
   SslSessionPtr CopySession() const override {

data/src/core/tsi/ssl_transport_security.cc

@@ -141,7 +141,7 @@ struct tsi_ssl_frame_protector {
 static gpr_once g_init_openssl_once = GPR_ONCE_INIT;
 static int g_ssl_ctx_ex_factory_index = -1;
 static const unsigned char kSslSessionIdContext[] = {'g', 'r', 'p', 'c'};
-#ifndef OPENSSL_IS_BORINGSSL
+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_NO_ENGINE)
 static const char kSslEnginePrefix[] = "engine:";
 #endif
 
@@ -340,8 +340,7 @@ static tsi_result add_pem_certificate(X509* cert, tsi_peer_property* property) {
     return TSI_INTERNAL_ERROR;
   }
   tsi_result result = tsi_construct_string_peer_property(
-      TSI_X509_PEM_CERT_PROPERTY, (const char*)contents,
-      static_cast<size_t>(len), property);
+      TSI_X509_PEM_CERT_PROPERTY, contents, static_cast<size_t>(len), property);
   BIO_free(bio);
   return result;
 }
@@ -554,12 +553,12 @@ static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX* context,
   X509* certificate = nullptr;
   BIO* pem;
   GPR_ASSERT(pem_cert_chain_size <= INT_MAX);
-  pem = BIO_new_mem_buf((void*)pem_cert_chain,
-                        static_cast<int>(pem_cert_chain_size));
+  pem = BIO_new_mem_buf(pem_cert_chain, static_cast<int>(pem_cert_chain_size));
   if (pem == nullptr) return TSI_OUT_OF_RESOURCES;
 
   do {
-    certificate = PEM_read_bio_X509_AUX(pem, nullptr, nullptr, (void*)"");
+    certificate =
+        PEM_read_bio_X509_AUX(pem, nullptr, nullptr, const_cast<char*>(""));
     if (certificate == nullptr) {
       result = TSI_INVALID_ARGUMENT;
       break;
@@ -570,7 +569,7 @@ static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX* context,
     }
     while (true) {
       X509* certificate_authority =
-          PEM_read_bio_X509(pem, nullptr, nullptr, (void*)"");
+          PEM_read_bio_X509(pem, nullptr, nullptr, const_cast<char*>(""));
       if (certificate_authority == nullptr) {
         ERR_clear_error();
         break; /* Done reading. */
@@ -592,7 +591,7 @@ static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX* context,
   return result;
 }
 
-#ifndef OPENSSL_IS_BORINGSSL
+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_NO_ENGINE)
 static tsi_result ssl_ctx_use_engine_private_key(SSL_CTX* context,
                                                  const char* pem_key,
                                                  size_t pem_key_size) {
@@ -665,7 +664,7 @@ static tsi_result ssl_ctx_use_engine_private_key(SSL_CTX* context,
   if (engine_name != nullptr) gpr_free(engine_name);
   return result;
 }
-#endif /* OPENSSL_IS_BORINGSSL */
+#endif /* !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_NO_ENGINE) */
 
 static tsi_result ssl_ctx_use_pem_private_key(SSL_CTX* context,
                                               const char* pem_key,
@@ -674,10 +673,11 @@ static tsi_result ssl_ctx_use_pem_private_key(SSL_CTX* context,
   EVP_PKEY* private_key = nullptr;
   BIO* pem;
   GPR_ASSERT(pem_key_size <= INT_MAX);
-  pem = BIO_new_mem_buf((void*)pem_key, static_cast<int>(pem_key_size));
+  pem = BIO_new_mem_buf(pem_key, static_cast<int>(pem_key_size));
   if (pem == nullptr) return TSI_OUT_OF_RESOURCES;
   do {
-    private_key = PEM_read_bio_PrivateKey(pem, nullptr, nullptr, (void*)"");
+    private_key =
+        PEM_read_bio_PrivateKey(pem, nullptr, nullptr, const_cast<char*>(""));
     if (private_key == nullptr) {
       result = TSI_INVALID_ARGUMENT;
       break;
@@ -696,11 +696,11 @@ static tsi_result ssl_ctx_use_pem_private_key(SSL_CTX* context,
 static tsi_result ssl_ctx_use_private_key(SSL_CTX* context, const char* pem_key,
                                           size_t pem_key_size) {
 // BoringSSL does not have ENGINE support
-#ifndef OPENSSL_IS_BORINGSSL
+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_NO_ENGINE)
   if (strncmp(pem_key, kSslEnginePrefix, strlen(kSslEnginePrefix)) == 0) {
     return ssl_ctx_use_engine_private_key(context, pem_key, pem_key_size);
   } else
-#endif /* OPENSSL_IS_BORINGSSL */
+#endif /* !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_NO_ENGINE) */
   {
     return ssl_ctx_use_pem_private_key(context, pem_key, pem_key_size);
   }
@@ -718,7 +718,7 @@ static tsi_result x509_store_load_certs(X509_STORE* cert_store,
   X509_NAME* root_name = nullptr;
   BIO* pem;
   GPR_ASSERT(pem_roots_size <= INT_MAX);
-  pem = BIO_new_mem_buf((void*)pem_roots, static_cast<int>(pem_roots_size));
+  pem = BIO_new_mem_buf(pem_roots, static_cast<int>(pem_roots_size));
   if (cert_store == nullptr) return TSI_INVALID_ARGUMENT;
   if (pem == nullptr) return TSI_OUT_OF_RESOURCES;
   if (root_names != nullptr) {
@@ -727,7 +727,7 @@ static tsi_result x509_store_load_certs(X509_STORE* cert_store,
   }
 
   while (true) {
-    root = PEM_read_bio_X509_AUX(pem, nullptr, nullptr, (void*)"");
+    root = PEM_read_bio_X509_AUX(pem, nullptr, nullptr, const_cast<char*>(""));
     if (root == nullptr) {
       ERR_clear_error();
       break; /* We're at the end of stream. */
@@ -837,10 +837,10 @@ tsi_result tsi_ssl_extract_x509_subject_names_from_pem_cert(
   tsi_result result = TSI_OK;
   X509* cert = nullptr;
   BIO* pem;
-  pem = BIO_new_mem_buf((void*)pem_cert, static_cast<int>(strlen(pem_cert)));
+  pem = BIO_new_mem_buf(pem_cert, static_cast<int>(strlen(pem_cert)));
   if (pem == nullptr) return TSI_OUT_OF_RESOURCES;
 
-  cert = PEM_read_bio_X509(pem, nullptr, nullptr, (void*)"");
+  cert = PEM_read_bio_X509(pem, nullptr, nullptr, const_cast<char*>(""));
   if (cert == nullptr) {
     gpr_log(GPR_ERROR, "Invalid certificate");
     result = TSI_INVALID_ARGUMENT;
@@ -910,12 +910,18 @@ static tsi_result tsi_set_min_and_max_tls_versions(
     return TSI_INVALID_ARGUMENT;
   }
 #if OPENSSL_VERSION_NUMBER >= 0x10100000
-  // Set the min TLS version of the SSL context.
+  // Set the min TLS version of the SSL context if using OpenSSL version
+  // >= 1.1.0. This OpenSSL version is required because the
+  // |SSL_CTX_set_min_proto_version| and |SSL_CTX_set_max_proto_version| APIs
+  // only exist in this version range.
   switch (min_tls_version) {
     case tsi_tls_version::TSI_TLS1_2:
       SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION);
       break;
 #if defined(TLS1_3_VERSION)
+    // If the library does not support TLS 1.3 and the caller requests a minimum
+    // of TLS 1.3, then return an error because the caller's request cannot be
+    // satisfied.
     case tsi_tls_version::TSI_TLS1_3:
       SSL_CTX_set_min_proto_version(ssl_context, TLS1_3_VERSION);
       break;
@@ -924,16 +930,21 @@ static tsi_result tsi_set_min_and_max_tls_versions(
       gpr_log(GPR_INFO, "TLS version is not supported.");
       return TSI_FAILED_PRECONDITION;
   }
+
   // Set the max TLS version of the SSL context.
   switch (max_tls_version) {
     case tsi_tls_version::TSI_TLS1_2:
       SSL_CTX_set_max_proto_version(ssl_context, TLS1_2_VERSION);
       break;
-#if defined(TLS1_3_VERSION)
     case tsi_tls_version::TSI_TLS1_3:
+#if defined(TLS1_3_VERSION)
       SSL_CTX_set_max_proto_version(ssl_context, TLS1_3_VERSION);
-      break;
+#else
+      // If the library does not support TLS 1.3, then set the max TLS version
+      // to TLS 1.2 instead.
+      SSL_CTX_set_max_proto_version(ssl_context, TLS1_2_VERSION);
 #endif
+      break;
     default:
       gpr_log(GPR_INFO, "TLS version is not supported.");
       return TSI_FAILED_PRECONDITION;
@@ -1150,11 +1161,11 @@ static const tsi_frame_protector_vtable frame_protector_vtable = {
 /* --- tsi_server_handshaker_factory methods implementation. --- */
 
 static void tsi_ssl_handshaker_factory_destroy(
-    tsi_ssl_handshaker_factory* self) {
-  if (self == nullptr) return;
+    tsi_ssl_handshaker_factory* factory) {
+  if (factory == nullptr) return;
 
-  if (self->vtable != nullptr && self->vtable->destroy != nullptr) {
-    self->vtable->destroy(self);
+  if (factory->vtable != nullptr && factory->vtable->destroy != nullptr) {
+    factory->vtable->destroy(factory);
   }
   /* Note, we don't free(self) here because this object is always directly
    * embedded in another object. If tsi_ssl_handshaker_factory_init allocates
@@ -1162,17 +1173,18 @@ static void tsi_ssl_handshaker_factory_destroy(
 }
 
 static tsi_ssl_handshaker_factory* tsi_ssl_handshaker_factory_ref(
-    tsi_ssl_handshaker_factory* self) {
-  if (self == nullptr) return nullptr;
-  gpr_refn(&self->refcount, 1);
-  return self;
+    tsi_ssl_handshaker_factory* factory) {
+  if (factory == nullptr) return nullptr;
+  gpr_refn(&factory->refcount, 1);
+  return factory;
 }
 
-static void tsi_ssl_handshaker_factory_unref(tsi_ssl_handshaker_factory* self) {
-  if (self == nullptr) return;
+static void tsi_ssl_handshaker_factory_unref(
+    tsi_ssl_handshaker_factory* factory) {
+  if (factory == nullptr) return;
 
-  if (gpr_unref(&self->refcount)) {
-    tsi_ssl_handshaker_factory_destroy(self);
+  if (gpr_unref(&factory->refcount)) {
+    tsi_ssl_handshaker_factory_destroy(factory);
   }
 }
 
@@ -1206,8 +1218,8 @@ tsi_result tsi_ssl_get_cert_chain_contents(STACK_OF(X509) * peer_chain,
     return TSI_INTERNAL_ERROR;
   }
   tsi_result result = tsi_construct_string_peer_property(
-      TSI_X509_PEM_CERT_CHAIN_PROPERTY, (const char*)contents,
-      static_cast<size_t>(len), property);
+      TSI_X509_PEM_CERT_CHAIN_PROPERTY, contents, static_cast<size_t>(len),
+      property);
   BIO_free(bio);
   return result;
 }
@@ -1682,16 +1694,17 @@ static int select_protocol_list(const unsigned char** out,
 /* --- tsi_ssl_client_handshaker_factory methods implementation. --- */
 
 tsi_result tsi_ssl_client_handshaker_factory_create_handshaker(
-    tsi_ssl_client_handshaker_factory* self, const char* server_name_indication,
-    tsi_handshaker** handshaker) {
-  return create_tsi_ssl_handshaker(self->ssl_context, 1, server_name_indication,
-                                   &self->base, handshaker);
+    tsi_ssl_client_handshaker_factory* factory,
+    const char* server_name_indication, tsi_handshaker** handshaker) {
+  return create_tsi_ssl_handshaker(factory->ssl_context, 1,
+                                   server_name_indication, &factory->base,
+                                   handshaker);
 }
 
 void tsi_ssl_client_handshaker_factory_unref(
-    tsi_ssl_client_handshaker_factory* self) {
-  if (self == nullptr) return;
-  tsi_ssl_handshaker_factory_unref(&self->base);
+    tsi_ssl_client_handshaker_factory* factory) {
+  if (factory == nullptr) return;
+  tsi_ssl_handshaker_factory_unref(&factory->base);
 }
 
 static void tsi_ssl_client_handshaker_factory_destroy(
@@ -1710,7 +1723,7 @@ static int client_handshaker_factory_npn_callback(
     const unsigned char* in, unsigned int inlen, void* arg) {
   tsi_ssl_client_handshaker_factory* factory =
       static_cast<tsi_ssl_client_handshaker_factory*>(arg);
-  return select_protocol_list((const unsigned char**)out, outlen,
+  return select_protocol_list(const_cast<const unsigned char**>(out), outlen,
                               factory->alpn_protocol_list,
                               factory->alpn_protocol_list_length, in, inlen);
 }
@@ -1718,18 +1731,18 @@ static int client_handshaker_factory_npn_callback(
 /* --- tsi_ssl_server_handshaker_factory methods implementation. --- */
 
 tsi_result tsi_ssl_server_handshaker_factory_create_handshaker(
-    tsi_ssl_server_handshaker_factory* self, tsi_handshaker** handshaker) {
-  if (self->ssl_context_count == 0) return TSI_INVALID_ARGUMENT;
+    tsi_ssl_server_handshaker_factory* factory, tsi_handshaker** handshaker) {
+  if (factory->ssl_context_count == 0) return TSI_INVALID_ARGUMENT;
   /* Create the handshaker with the first context. We will switch if needed
      because of SNI in ssl_server_handshaker_factory_servername_callback.  */
-  return create_tsi_ssl_handshaker(self->ssl_contexts[0], 0, nullptr,
-                                   &self->base, handshaker);
+  return create_tsi_ssl_handshaker(factory->ssl_contexts[0], 0, nullptr,
+                                   &factory->base, handshaker);
 }
 
 void tsi_ssl_server_handshaker_factory_unref(
-    tsi_ssl_server_handshaker_factory* self) {
-  if (self == nullptr) return;
-  tsi_ssl_handshaker_factory_unref(&self->base);
+    tsi_ssl_server_handshaker_factory* factory) {
+  if (factory == nullptr) return;
+  tsi_ssl_handshaker_factory_unref(&factory->base);
 }
 
 static void tsi_ssl_server_handshaker_factory_destroy(