grpc 1.7.3 → 1.8.0

data/src/core/tsi/fake_transport_security.h

@@ -33,16 +33,16 @@ extern "C" {
    No cryptography is performed in these objects. They just simulate handshake
    messages going back and forth for the handshaker and do some framing on
    cleartext data for the protector.  */
-tsi_handshaker *tsi_create_fake_handshaker(int is_client);
+tsi_handshaker* tsi_create_fake_handshaker(int is_client);
 
 /* Creates a protector directly without going through the handshake phase. */
-tsi_frame_protector *tsi_create_fake_frame_protector(
-    size_t *max_protected_frame_size);
+tsi_frame_protector* tsi_create_fake_frame_protector(
+    size_t* max_protected_frame_size);
 
 /* Creates a zero-copy protector directly without going through the handshake
  * phase. */
-tsi_zero_copy_grpc_protector *tsi_create_fake_zero_copy_grpc_protector(
-    size_t *max_protected_frame_size);
+tsi_zero_copy_grpc_protector* tsi_create_fake_zero_copy_grpc_protector(
+    size_t* max_protected_frame_size);
 
 #ifdef __cplusplus
 }

data/src/core/tsi/{gts_transport_security.c → gts_transport_security.cc}

@@ -22,16 +22,16 @@
 
 static gts_shared_resource g_gts_resource;
 
-gts_shared_resource *gts_get_shared_resource(void) { return &g_gts_resource; }
+gts_shared_resource* gts_get_shared_resource(void) { return &g_gts_resource; }
 
-void grpc_tsi_gts_init() {
+extern "C" void grpc_tsi_gts_init() {
   memset(&g_gts_resource, 0, sizeof(gts_shared_resource));
   gpr_mu_init(&g_gts_resource.mu);
 }
 
-void grpc_tsi_gts_shutdown() {
+extern "C" void grpc_tsi_gts_shutdown() {
   gpr_mu_destroy(&g_gts_resource.mu);
-  if (g_gts_resource.cq == NULL) {
+  if (g_gts_resource.cq == nullptr) {
     return;
   }
   grpc_completion_queue_destroy(g_gts_resource.cq);

data/src/core/tsi/gts_transport_security.h

@@ -23,15 +23,23 @@
 #include <grpc/support/sync.h>
 #include <grpc/support/thd.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 typedef struct gts_shared_resource {
   gpr_thd_id thread_id;
-  grpc_channel *channel;
-  grpc_completion_queue *cq;
+  grpc_channel* channel;
+  grpc_completion_queue* cq;
   gpr_mu mu;
 } gts_shared_resource;
 
 /* This method returns the address of gts_shared_resource object shared by all
  *    TSI handshakes. */
-gts_shared_resource *gts_get_shared_resource(void);
+gts_shared_resource* gts_get_shared_resource(void);
+
+#ifdef __cplusplus
+}
+#endif
 
 #endif /* GRPC_CORE_TSI_GTS_TRANSPORT_SECURITY_H */

data/src/core/tsi/{ssl_transport_security.c → ssl_transport_security.cc}

@@ -39,12 +39,14 @@
 #include <grpc/support/thd.h>
 #include <grpc/support/useful.h>
 
+extern "C" {
 #include <openssl/bio.h>
 #include <openssl/crypto.h> /* For OPENSSL_free */
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+}
 
 #include "src/core/tsi/ssl_types.h"
 #include "src/core/tsi/transport_security.h"
@@ -68,14 +70,14 @@
 /* --- Structure definitions. ---*/
 
 struct tsi_ssl_handshaker_factory {
-  const tsi_ssl_handshaker_factory_vtable *vtable;
+  const tsi_ssl_handshaker_factory_vtable* vtable;
   gpr_refcount refcount;
 };
 
 struct tsi_ssl_client_handshaker_factory {
   tsi_ssl_handshaker_factory base;
-  SSL_CTX *ssl_context;
-  unsigned char *alpn_protocol_list;
+  SSL_CTX* ssl_context;
+  unsigned char* alpn_protocol_list;
   size_t alpn_protocol_list_length;
 };
 
@@ -84,28 +86,28 @@ struct tsi_ssl_server_handshaker_factory {
      The tsi_peer array contains the subject names of the server certificates
      associated with the contexts at the same index.  */
   tsi_ssl_handshaker_factory base;
-  SSL_CTX **ssl_contexts;
-  tsi_peer *ssl_context_x509_subject_names;
+  SSL_CTX** ssl_contexts;
+  tsi_peer* ssl_context_x509_subject_names;
   size_t ssl_context_count;
-  unsigned char *alpn_protocol_list;
+  unsigned char* alpn_protocol_list;
   size_t alpn_protocol_list_length;
 };
 
 typedef struct {
   tsi_handshaker base;
-  SSL *ssl;
-  BIO *into_ssl;
-  BIO *from_ssl;
+  SSL* ssl;
+  BIO* into_ssl;
+  BIO* from_ssl;
   tsi_result result;
-  tsi_ssl_handshaker_factory *factory_ref;
+  tsi_ssl_handshaker_factory* factory_ref;
 } tsi_ssl_handshaker;
 
 typedef struct {
   tsi_frame_protector base;
-  SSL *ssl;
-  BIO *into_ssl;
-  BIO *from_ssl;
-  unsigned char *buffer;
+  SSL* ssl;
+  BIO* into_ssl;
+  BIO* from_ssl;
+  unsigned char* buffer;
   size_t buffer_size;
   size_t buffer_offset;
 } tsi_ssl_frame_protector;
@@ -113,9 +115,9 @@ typedef struct {
 /* --- Library Initialization. ---*/
 
 static gpr_once init_openssl_once = GPR_ONCE_INIT;
-static gpr_mu *openssl_mutexes = NULL;
+static gpr_mu* openssl_mutexes = nullptr;
 
-static void openssl_locking_cb(int mode, int type, const char *file, int line) {
+static void openssl_locking_cb(int mode, int type, const char* file, int line) {
   if (mode & CRYPTO_LOCK) {
     gpr_mu_lock(&openssl_mutexes[type]);
   } else {
@@ -135,7 +137,7 @@ static void init_openssl(void) {
   OpenSSL_add_all_algorithms();
   num_locks = CRYPTO_num_locks();
   GPR_ASSERT(num_locks > 0);
-  openssl_mutexes = gpr_malloc((size_t)num_locks * sizeof(gpr_mu));
+  openssl_mutexes = (gpr_mu*)gpr_malloc((size_t)num_locks * sizeof(gpr_mu));
   for (i = 0; i < CRYPTO_num_locks(); i++) {
     gpr_mu_init(&openssl_mutexes[i]);
   }
@@ -145,7 +147,7 @@ static void init_openssl(void) {
 
 /* --- Ssl utils. ---*/
 
-static const char *ssl_error_string(int error) {
+static const char* ssl_error_string(int error) {
   switch (error) {
     case SSL_ERROR_NONE:
       return "SSL_ERROR_NONE";
@@ -171,16 +173,16 @@ static const char *ssl_error_string(int error) {
 }
 
 /* TODO(jboeuf): Remove when we are past the debugging phase with this code. */
-static void ssl_log_where_info(const SSL *ssl, int where, int flag,
-                               const char *msg) {
-  if ((where & flag) && GRPC_TRACER_ON(tsi_tracing_enabled)) {
+static void ssl_log_where_info(const SSL* ssl, int where, int flag,
+                               const char* msg) {
+  if ((where & flag) && tsi_tracing_enabled.enabled()) {
     gpr_log(GPR_INFO, "%20.20s - %30.30s  - %5.10s", msg,
             SSL_state_string_long(ssl), SSL_state_string(ssl));
   }
 }
 
 /* Used for debugging. TODO(jboeuf): Remove when code is mature enough. */
-static void ssl_info_callback(const SSL *ssl, int where, int ret) {
+static void ssl_info_callback(const SSL* ssl, int where, int ret) {
   if (ret == 0) {
     gpr_log(GPR_ERROR, "ssl_info_callback: error occured.\n");
     return;
@@ -193,7 +195,7 @@ static void ssl_info_callback(const SSL *ssl, int where, int ret) {
 
 /* Returns 1 if name looks like an IP address, 0 otherwise.
    This is a very rough heuristic, and only handles IPv6 in hexadecimal form. */
-static int looks_like_ip_address(const char *name) {
+static int looks_like_ip_address(const char* name) {
   size_t i;
   size_t dot_count = 0;
   size_t num_size = 0;
@@ -218,14 +220,14 @@ static int looks_like_ip_address(const char *name) {
 }
 
 /* Gets the subject CN from an X509 cert. */
-static tsi_result ssl_get_x509_common_name(X509 *cert, unsigned char **utf8,
-                                           size_t *utf8_size) {
+static tsi_result ssl_get_x509_common_name(X509* cert, unsigned char** utf8,
+                                           size_t* utf8_size) {
   int common_name_index = -1;
-  X509_NAME_ENTRY *common_name_entry = NULL;
-  ASN1_STRING *common_name_asn1 = NULL;
-  X509_NAME *subject_name = X509_get_subject_name(cert);
+  X509_NAME_ENTRY* common_name_entry = nullptr;
+  ASN1_STRING* common_name_asn1 = nullptr;
+  X509_NAME* subject_name = X509_get_subject_name(cert);
   int utf8_returned_size = 0;
-  if (subject_name == NULL) {
+  if (subject_name == nullptr) {
     gpr_log(GPR_ERROR, "Could not get subject name from certificate.");
     return TSI_NOT_FOUND;
   }
@@ -237,12 +239,12 @@ static tsi_result ssl_get_x509_common_name(X509 *cert, unsigned char **utf8,
     return TSI_NOT_FOUND;
   }
   common_name_entry = X509_NAME_get_entry(subject_name, common_name_index);
-  if (common_name_entry == NULL) {
+  if (common_name_entry == nullptr) {
     gpr_log(GPR_ERROR, "Could not get common name entry from certificate.");
     return TSI_INTERNAL_ERROR;
   }
   common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
-  if (common_name_asn1 == NULL) {
+  if (common_name_asn1 == nullptr) {
     gpr_log(GPR_ERROR,
             "Could not get common name entry asn1 from certificate.");
     return TSI_INTERNAL_ERROR;
@@ -258,14 +260,14 @@ static tsi_result ssl_get_x509_common_name(X509 *cert, unsigned char **utf8,
 
 /* Gets the subject CN of an X509 cert as a tsi_peer_property. */
 static tsi_result peer_property_from_x509_common_name(
-    X509 *cert, tsi_peer_property *property) {
-  unsigned char *common_name;
+    X509* cert, tsi_peer_property* property) {
+  unsigned char* common_name;
   size_t common_name_size;
   tsi_result result =
       ssl_get_x509_common_name(cert, &common_name, &common_name_size);
   if (result != TSI_OK) {
     if (result == TSI_NOT_FOUND) {
-      common_name = NULL;
+      common_name = nullptr;
       common_name_size = 0;
     } else {
       return result;
@@ -273,35 +275,34 @@ static tsi_result peer_property_from_x509_common_name(
   }
   result = tsi_construct_string_peer_property(
       TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY,
-      common_name == NULL ? "" : (const char *)common_name, common_name_size,
+      common_name == nullptr ? "" : (const char*)common_name, common_name_size,
       property);
   OPENSSL_free(common_name);
   return result;
 }
 
 /* Gets the X509 cert in PEM format as a tsi_peer_property. */
-static tsi_result add_pem_certificate(X509 *cert, tsi_peer_property *property) {
-  BIO *bio = BIO_new(BIO_s_mem());
+static tsi_result add_pem_certificate(X509* cert, tsi_peer_property* property) {
+  BIO* bio = BIO_new(BIO_s_mem());
   if (!PEM_write_bio_X509(bio, cert)) {
     BIO_free(bio);
     return TSI_INTERNAL_ERROR;
   }
-  char *contents;
+  char* contents;
   long len = BIO_get_mem_data(bio, &contents);
   if (len <= 0) {
     BIO_free(bio);
     return TSI_INTERNAL_ERROR;
   }
   tsi_result result = tsi_construct_string_peer_property(
-      TSI_X509_PEM_CERT_PROPERTY, (const char *)contents, (size_t)len,
-      property);
+      TSI_X509_PEM_CERT_PROPERTY, (const char*)contents, (size_t)len, property);
   BIO_free(bio);
   return result;
 }
 
 /* Gets the subject SANs from an X509 cert as a tsi_peer_property. */
 static tsi_result add_subject_alt_names_properties_to_peer(
-    tsi_peer *peer, GENERAL_NAMES *subject_alt_names,
+    tsi_peer* peer, GENERAL_NAMES* subject_alt_names,
     size_t subject_alt_name_count) {
   size_t i;
   tsi_result result = TSI_OK;
@@ -310,11 +311,11 @@ static tsi_result add_subject_alt_names_properties_to_peer(
   peer->property_count -= subject_alt_name_count;
 
   for (i = 0; i < subject_alt_name_count; i++) {
-    GENERAL_NAME *subject_alt_name =
+    GENERAL_NAME* subject_alt_name =
         sk_GENERAL_NAME_value(subject_alt_names, TSI_SIZE_AS_SIZE(i));
     /* Filter out the non-dns entries names. */
     if (subject_alt_name->type == GEN_DNS) {
-      unsigned char *name = NULL;
+      unsigned char* name = nullptr;
       int name_size;
       name_size = ASN1_STRING_to_UTF8(&name, subject_alt_name->d.dNSName);
       if (name_size < 0) {
@@ -323,7 +324,7 @@ static tsi_result add_subject_alt_names_properties_to_peer(
         break;
       }
       result = tsi_construct_string_peer_property(
-          TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, (const char *)name,
+          TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, (const char*)name,
           (size_t)name_size, &peer->properties[peer->property_count++]);
       OPENSSL_free(name);
     } else if (subject_alt_name->type == GEN_IPADD) {
@@ -339,9 +340,9 @@ static tsi_result add_subject_alt_names_properties_to_peer(
         result = TSI_INTERNAL_ERROR;
         break;
       }
-      const char *name = inet_ntop(af, subject_alt_name->d.iPAddress->data,
+      const char* name = inet_ntop(af, subject_alt_name->d.iPAddress->data,
                                    ntop_buf, INET6_ADDRSTRLEN);
-      if (name == NULL) {
+      if (name == nullptr) {
         gpr_log(GPR_ERROR, "Could not get IP string from asn1 octet.");
         result = TSI_INTERNAL_ERROR;
         break;
@@ -357,12 +358,12 @@ static tsi_result add_subject_alt_names_properties_to_peer(
 }
 
 /* Gets information about the peer's X509 cert as a tsi_peer object. */
-static tsi_result peer_from_x509(X509 *cert, int include_certificate_type,
-                                 tsi_peer *peer) {
+static tsi_result peer_from_x509(X509* cert, int include_certificate_type,
+                                 tsi_peer* peer) {
   /* TODO(jboeuf): Maybe add more properties. */
-  GENERAL_NAMES *subject_alt_names =
-      X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0);
-  int subject_alt_name_count = (subject_alt_names != NULL)
+  GENERAL_NAMES* subject_alt_names = (GENERAL_NAMES*)X509_get_ext_d2i(
+      cert, NID_subject_alt_name, nullptr, nullptr);
+  int subject_alt_name_count = (subject_alt_names != nullptr)
                                    ? (int)sk_GENERAL_NAME_num(subject_alt_names)
                                    : 0;
   size_t property_count;
@@ -395,7 +396,7 @@ static tsi_result peer_from_x509(X509 *cert, int include_certificate_type,
     }
   } while (0);
 
-  if (subject_alt_names != NULL) {
+  if (subject_alt_names != nullptr) {
     sk_GENERAL_NAME_pop_free(subject_alt_names, GENERAL_NAME_free);
   }
   if (result != TSI_OK) tsi_peer_destruct(peer);
@@ -413,8 +414,8 @@ static void log_ssl_error_stack(void) {
 }
 
 /* Performs an SSL_read and handle errors. */
-static tsi_result do_ssl_read(SSL *ssl, unsigned char *unprotected_bytes,
-                              size_t *unprotected_bytes_size) {
+static tsi_result do_ssl_read(SSL* ssl, unsigned char* unprotected_bytes,
+                              size_t* unprotected_bytes_size) {
   int read_from_ssl;
   GPR_ASSERT(*unprotected_bytes_size <= INT_MAX);
   read_from_ssl =
@@ -446,7 +447,7 @@ static tsi_result do_ssl_read(SSL *ssl, unsigned char *unprotected_bytes,
 }
 
 /* Performs an SSL_write and handle errors. */
-static tsi_result do_ssl_write(SSL *ssl, unsigned char *unprotected_bytes,
+static tsi_result do_ssl_write(SSL* ssl, unsigned char* unprotected_bytes,
                                size_t unprotected_bytes_size) {
   int ssl_write_result;
   GPR_ASSERT(unprotected_bytes_size <= INT_MAX);
@@ -468,19 +469,19 @@ static tsi_result do_ssl_write(SSL *ssl, unsigned char *unprotected_bytes,
 }
 
 /* Loads an in-memory PEM certificate chain into the SSL context. */
-static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX *context,
-                                                const char *pem_cert_chain,
+static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX* context,
+                                                const char* pem_cert_chain,
                                                 size_t pem_cert_chain_size) {
   tsi_result result = TSI_OK;
-  X509 *certificate = NULL;
-  BIO *pem;
+  X509* certificate = nullptr;
+  BIO* pem;
   GPR_ASSERT(pem_cert_chain_size <= INT_MAX);
-  pem = BIO_new_mem_buf((void *)pem_cert_chain, (int)pem_cert_chain_size);
-  if (pem == NULL) return TSI_OUT_OF_RESOURCES;
+  pem = BIO_new_mem_buf((void*)pem_cert_chain, (int)pem_cert_chain_size);
+  if (pem == nullptr) return TSI_OUT_OF_RESOURCES;
 
   do {
-    certificate = PEM_read_bio_X509_AUX(pem, NULL, NULL, "");
-    if (certificate == NULL) {
+    certificate = PEM_read_bio_X509_AUX(pem, nullptr, nullptr, (void*)"");
+    if (certificate == nullptr) {
       result = TSI_INVALID_ARGUMENT;
       break;
     }
@@ -489,8 +490,9 @@ static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX *context,
       break;
     }
     while (1) {
-      X509 *certificate_authority = PEM_read_bio_X509(pem, NULL, NULL, "");
-      if (certificate_authority == NULL) {
+      X509* certificate_authority =
+          PEM_read_bio_X509(pem, nullptr, nullptr, (void*)"");
+      if (certificate_authority == nullptr) {
         ERR_clear_error();
         break; /* Done reading. */
       }
@@ -505,23 +507,23 @@ static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX *context,
     }
   } while (0);
 
-  if (certificate != NULL) X509_free(certificate);
+  if (certificate != nullptr) X509_free(certificate);
   BIO_free(pem);
   return result;
 }
 
 /* Loads an in-memory PEM private key into the SSL context. */
-static tsi_result ssl_ctx_use_private_key(SSL_CTX *context, const char *pem_key,
+static tsi_result ssl_ctx_use_private_key(SSL_CTX* context, const char* pem_key,
                                           size_t pem_key_size) {
   tsi_result result = TSI_OK;
-  EVP_PKEY *private_key = NULL;
-  BIO *pem;
+  EVP_PKEY* private_key = nullptr;
+  BIO* pem;
   GPR_ASSERT(pem_key_size <= INT_MAX);
-  pem = BIO_new_mem_buf((void *)pem_key, (int)pem_key_size);
-  if (pem == NULL) return TSI_OUT_OF_RESOURCES;
+  pem = BIO_new_mem_buf((void*)pem_key, (int)pem_key_size);
+  if (pem == nullptr) return TSI_OUT_OF_RESOURCES;
   do {
-    private_key = PEM_read_bio_PrivateKey(pem, NULL, NULL, "");
-    if (private_key == NULL) {
+    private_key = PEM_read_bio_PrivateKey(pem, nullptr, nullptr, (void*)"");
+    if (private_key == nullptr) {
       result = TSI_INVALID_ARGUMENT;
       break;
     }
@@ -530,54 +532,54 @@ static tsi_result ssl_ctx_use_private_key(SSL_CTX *context, const char *pem_key,
       break;
     }
   } while (0);
-  if (private_key != NULL) EVP_PKEY_free(private_key);
+  if (private_key != nullptr) EVP_PKEY_free(private_key);
   BIO_free(pem);
   return result;
 }
 
 /* Loads in-memory PEM verification certs into the SSL context and optionally
    returns the verification cert names (root_names can be NULL). */
-static tsi_result ssl_ctx_load_verification_certs(SSL_CTX *context,
-                                                  const char *pem_roots,
+static tsi_result ssl_ctx_load_verification_certs(SSL_CTX* context,
+                                                  const char* pem_roots,
                                                   size_t pem_roots_size,
                                                   STACK_OF(X509_NAME) *
                                                       *root_names) {
   tsi_result result = TSI_OK;
   size_t num_roots = 0;
-  X509 *root = NULL;
-  X509_NAME *root_name = NULL;
-  BIO *pem;
-  X509_STORE *root_store;
+  X509* root = nullptr;
+  X509_NAME* root_name = nullptr;
+  BIO* pem;
+  X509_STORE* root_store;
   GPR_ASSERT(pem_roots_size <= INT_MAX);
-  pem = BIO_new_mem_buf((void *)pem_roots, (int)pem_roots_size);
+  pem = BIO_new_mem_buf((void*)pem_roots, (int)pem_roots_size);
   root_store = SSL_CTX_get_cert_store(context);
-  if (root_store == NULL) return TSI_INVALID_ARGUMENT;
-  if (pem == NULL) return TSI_OUT_OF_RESOURCES;
-  if (root_names != NULL) {
+  if (root_store == nullptr) return TSI_INVALID_ARGUMENT;
+  if (pem == nullptr) return TSI_OUT_OF_RESOURCES;
+  if (root_names != nullptr) {
     *root_names = sk_X509_NAME_new_null();
-    if (*root_names == NULL) return TSI_OUT_OF_RESOURCES;
+    if (*root_names == nullptr) return TSI_OUT_OF_RESOURCES;
   }
 
   while (1) {
-    root = PEM_read_bio_X509_AUX(pem, NULL, NULL, "");
-    if (root == NULL) {
+    root = PEM_read_bio_X509_AUX(pem, nullptr, nullptr, (void*)"");
+    if (root == nullptr) {
       ERR_clear_error();
       break; /* We're at the end of stream. */
     }
-    if (root_names != NULL) {
+    if (root_names != nullptr) {
       root_name = X509_get_subject_name(root);
-      if (root_name == NULL) {
+      if (root_name == nullptr) {
         gpr_log(GPR_ERROR, "Could not get name from root certificate.");
         result = TSI_INVALID_ARGUMENT;
         break;
       }
       root_name = X509_NAME_dup(root_name);
-      if (root_name == NULL) {
+      if (root_name == nullptr) {
         result = TSI_OUT_OF_RESOURCES;
         break;
       }
       sk_X509_NAME_push(*root_names, root_name);
-      root_name = NULL;
+      root_name = nullptr;
     }
     if (!X509_STORE_add_cert(root_store, root)) {
       gpr_log(GPR_ERROR, "Could not add root certificate to ssl context.");
@@ -594,11 +596,11 @@ static tsi_result ssl_ctx_load_verification_certs(SSL_CTX *context,
   }
 
   if (result != TSI_OK) {
-    if (root != NULL) X509_free(root);
-    if (root_names != NULL) {
+    if (root != nullptr) X509_free(root);
+    if (root_names != nullptr) {
       sk_X509_NAME_pop_free(*root_names, X509_NAME_free);
-      *root_names = NULL;
-      if (root_name != NULL) X509_NAME_free(root_name);
+      *root_names = nullptr;
+      if (root_name != nullptr) X509_NAME_free(root_name);
     }
   }
   BIO_free(pem);
@@ -608,11 +610,11 @@ static tsi_result ssl_ctx_load_verification_certs(SSL_CTX *context,
 /* Populates the SSL context with a private key and a cert chain, and sets the
    cipher list and the ephemeral ECDH key. */
 static tsi_result populate_ssl_context(
-    SSL_CTX *context, const tsi_ssl_pem_key_cert_pair *key_cert_pair,
-    const char *cipher_list) {
+    SSL_CTX* context, const tsi_ssl_pem_key_cert_pair* key_cert_pair,
+    const char* cipher_list) {
   tsi_result result = TSI_OK;
-  if (key_cert_pair != NULL) {
-    if (key_cert_pair->cert_chain != NULL) {
+  if (key_cert_pair != nullptr) {
+    if (key_cert_pair->cert_chain != nullptr) {
       result = ssl_ctx_use_certificate_chain(context, key_cert_pair->cert_chain,
                                              strlen(key_cert_pair->cert_chain));
       if (result != TSI_OK) {
@@ -620,7 +622,7 @@ static tsi_result populate_ssl_context(
         return result;
       }
     }
-    if (key_cert_pair->private_key != NULL) {
+    if (key_cert_pair->private_key != nullptr) {
       result = ssl_ctx_use_private_key(context, key_cert_pair->private_key,
                                        strlen(key_cert_pair->private_key));
       if (result != TSI_OK || !SSL_CTX_check_private_key(context)) {
@@ -629,12 +631,13 @@ static tsi_result populate_ssl_context(
       }
     }
   }
-  if ((cipher_list != NULL) && !SSL_CTX_set_cipher_list(context, cipher_list)) {
+  if ((cipher_list != nullptr) &&
+      !SSL_CTX_set_cipher_list(context, cipher_list)) {
     gpr_log(GPR_ERROR, "Invalid cipher list: %s.", cipher_list);
     return TSI_INVALID_ARGUMENT;
   }
   {
-    EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+    EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
     if (!SSL_CTX_set_tmp_ecdh(context, ecdh)) {
       gpr_log(GPR_ERROR, "Could not set ephemeral ECDH key.");
       EC_KEY_free(ecdh);
@@ -647,45 +650,46 @@ static tsi_result populate_ssl_context(
 }
 
 /* Extracts the CN and the SANs from an X509 cert as a peer object. */
-static tsi_result extract_x509_subject_names_from_pem_cert(const char *pem_cert,
-                                                           tsi_peer *peer) {
+static tsi_result extract_x509_subject_names_from_pem_cert(const char* pem_cert,
+                                                           tsi_peer* peer) {
   tsi_result result = TSI_OK;
-  X509 *cert = NULL;
-  BIO *pem;
-  pem = BIO_new_mem_buf((void *)pem_cert, (int)strlen(pem_cert));
-  if (pem == NULL) return TSI_OUT_OF_RESOURCES;
+  X509* cert = nullptr;
+  BIO* pem;
+  pem = BIO_new_mem_buf((void*)pem_cert, (int)strlen(pem_cert));
+  if (pem == nullptr) return TSI_OUT_OF_RESOURCES;
 
-  cert = PEM_read_bio_X509(pem, NULL, NULL, "");
-  if (cert == NULL) {
+  cert = PEM_read_bio_X509(pem, nullptr, nullptr, (void*)"");
+  if (cert == nullptr) {
     gpr_log(GPR_ERROR, "Invalid certificate");
     result = TSI_INVALID_ARGUMENT;
   } else {
     result = peer_from_x509(cert, 0, peer);
   }
-  if (cert != NULL) X509_free(cert);
+  if (cert != nullptr) X509_free(cert);
   BIO_free(pem);
   return result;
 }
 
 /* Builds the alpn protocol name list according to rfc 7301. */
 static tsi_result build_alpn_protocol_name_list(
-    const char **alpn_protocols, uint16_t num_alpn_protocols,
-    unsigned char **protocol_name_list, size_t *protocol_name_list_length) {
+    const char** alpn_protocols, uint16_t num_alpn_protocols,
+    unsigned char** protocol_name_list, size_t* protocol_name_list_length) {
   uint16_t i;
-  unsigned char *current;
-  *protocol_name_list = NULL;
+  unsigned char* current;
+  *protocol_name_list = nullptr;
   *protocol_name_list_length = 0;
   if (num_alpn_protocols == 0) return TSI_INVALID_ARGUMENT;
   for (i = 0; i < num_alpn_protocols; i++) {
-    size_t length = alpn_protocols[i] == NULL ? 0 : strlen(alpn_protocols[i]);
+    size_t length =
+        alpn_protocols[i] == nullptr ? 0 : strlen(alpn_protocols[i]);
     if (length == 0 || length > 255) {
       gpr_log(GPR_ERROR, "Invalid protocol name length: %d.", (int)length);
       return TSI_INVALID_ARGUMENT;
     }
     *protocol_name_list_length += length + 1;
   }
-  *protocol_name_list = gpr_malloc(*protocol_name_list_length);
-  if (*protocol_name_list == NULL) return TSI_OUT_OF_RESOURCES;
+  *protocol_name_list = (unsigned char*)gpr_malloc(*protocol_name_list_length);
+  if (*protocol_name_list == nullptr) return TSI_OUT_OF_RESOURCES;
   current = *protocol_name_list;
   for (i = 0; i < num_alpn_protocols; i++) {
     size_t length = strlen(alpn_protocols[i]);
@@ -706,18 +710,18 @@ static tsi_result build_alpn_protocol_name_list(
 // the server's certificate, but we need to pull it anyway, in case a higher
 // layer wants to look at it. In this case the verification may fail, but
 // we don't really care.
-static int NullVerifyCallback(int preverify_ok, X509_STORE_CTX *ctx) {
+static int NullVerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) {
   return 1;
 }
 
 /* --- tsi_frame_protector methods implementation. ---*/
 
-static tsi_result ssl_protector_protect(tsi_frame_protector *self,
-                                        const unsigned char *unprotected_bytes,
-                                        size_t *unprotected_bytes_size,
-                                        unsigned char *protected_output_frames,
-                                        size_t *protected_output_frames_size) {
-  tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self;
+static tsi_result ssl_protector_protect(tsi_frame_protector* self,
+                                        const unsigned char* unprotected_bytes,
+                                        size_t* unprotected_bytes_size,
+                                        unsigned char* protected_output_frames,
+                                        size_t* protected_output_frames_size) {
+  tsi_ssl_frame_protector* impl = (tsi_ssl_frame_protector*)self;
   int read_from_ssl;
   size_t available;
   tsi_result result = TSI_OK;
@@ -768,10 +772,10 @@ static tsi_result ssl_protector_protect(tsi_frame_protector *self,
 }
 
 static tsi_result ssl_protector_protect_flush(
-    tsi_frame_protector *self, unsigned char *protected_output_frames,
-    size_t *protected_output_frames_size, size_t *still_pending_size) {
+    tsi_frame_protector* self, unsigned char* protected_output_frames,
+    size_t* protected_output_frames_size, size_t* still_pending_size) {
   tsi_result result = TSI_OK;
-  tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self;
+  tsi_ssl_frame_protector* impl = (tsi_ssl_frame_protector*)self;
   int read_from_ssl = 0;
   int pending;
 
@@ -801,14 +805,14 @@ static tsi_result ssl_protector_protect_flush(
 }
 
 static tsi_result ssl_protector_unprotect(
-    tsi_frame_protector *self, const unsigned char *protected_frames_bytes,
-    size_t *protected_frames_bytes_size, unsigned char *unprotected_bytes,
-    size_t *unprotected_bytes_size) {
+    tsi_frame_protector* self, const unsigned char* protected_frames_bytes,
+    size_t* protected_frames_bytes_size, unsigned char* unprotected_bytes,
+    size_t* unprotected_bytes_size) {
   tsi_result result = TSI_OK;
   int written_into_ssl = 0;
   size_t output_bytes_size = *unprotected_bytes_size;
   size_t output_bytes_offset = 0;
-  tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self;
+  tsi_ssl_frame_protector* impl = (tsi_ssl_frame_protector*)self;
 
   /* First, try to read remaining data from ssl. */
   result = do_ssl_read(impl->ssl, unprotected_bytes, unprotected_bytes_size);
@@ -842,25 +846,27 @@ static tsi_result ssl_protector_unprotect(
   return result;
 }
 
-static void ssl_protector_destroy(tsi_frame_protector *self) {
-  tsi_ssl_frame_protector *impl = (tsi_ssl_frame_protector *)self;
-  if (impl->buffer != NULL) gpr_free(impl->buffer);
-  if (impl->ssl != NULL) SSL_free(impl->ssl);
+static void ssl_protector_destroy(tsi_frame_protector* self) {
+  tsi_ssl_frame_protector* impl = (tsi_ssl_frame_protector*)self;
+  if (impl->buffer != nullptr) gpr_free(impl->buffer);
+  if (impl->ssl != nullptr) SSL_free(impl->ssl);
   gpr_free(self);
 }
 
 static const tsi_frame_protector_vtable frame_protector_vtable = {
-    ssl_protector_protect, ssl_protector_protect_flush, ssl_protector_unprotect,
+    ssl_protector_protect,
+    ssl_protector_protect_flush,
+    ssl_protector_unprotect,
     ssl_protector_destroy,
 };
 
 /* --- tsi_server_handshaker_factory methods implementation. --- */
 
 static void tsi_ssl_handshaker_factory_destroy(
-    tsi_ssl_handshaker_factory *self) {
-  if (self == NULL) return;
+    tsi_ssl_handshaker_factory* self) {
+  if (self == nullptr) return;
 
-  if (self->vtable != NULL && self->vtable->destroy != NULL) {
+  if (self->vtable != nullptr && self->vtable->destroy != nullptr) {
     self->vtable->destroy(self);
   }
   /* Note, we don't free(self) here because this object is always directly
@@ -868,28 +874,28 @@ static void tsi_ssl_handshaker_factory_destroy(
    * any memory, it should be free'd here. */
 }
 
-static tsi_ssl_handshaker_factory *tsi_ssl_handshaker_factory_ref(
-    tsi_ssl_handshaker_factory *self) {
-  if (self == NULL) return NULL;
+static tsi_ssl_handshaker_factory* tsi_ssl_handshaker_factory_ref(
+    tsi_ssl_handshaker_factory* self) {
+  if (self == nullptr) return nullptr;
   gpr_refn(&self->refcount, 1);
   return self;
 }
 
-static void tsi_ssl_handshaker_factory_unref(tsi_ssl_handshaker_factory *self) {
-  if (self == NULL) return;
+static void tsi_ssl_handshaker_factory_unref(tsi_ssl_handshaker_factory* self) {
+  if (self == nullptr) return;
 
   if (gpr_unref(&self->refcount)) {
     tsi_ssl_handshaker_factory_destroy(self);
   }
 }
 
-static tsi_ssl_handshaker_factory_vtable handshaker_factory_vtable = {NULL};
+static tsi_ssl_handshaker_factory_vtable handshaker_factory_vtable = {nullptr};
 
 /* Initializes a tsi_ssl_handshaker_factory object. Caller is responsible for
  * allocating memory for the factory. */
 static void tsi_ssl_handshaker_factory_init(
-    tsi_ssl_handshaker_factory *factory) {
-  GPR_ASSERT(factory != NULL);
+    tsi_ssl_handshaker_factory* factory) {
+  GPR_ASSERT(factory != nullptr);
 
   factory->vtable = &handshaker_factory_vtable;
   gpr_ref_init(&factory->refcount, 1);
@@ -897,12 +903,12 @@ static void tsi_ssl_handshaker_factory_init(
 
 /* --- tsi_handshaker methods implementation. ---*/
 
-static tsi_result ssl_handshaker_get_bytes_to_send_to_peer(tsi_handshaker *self,
-                                                           unsigned char *bytes,
-                                                           size_t *bytes_size) {
-  tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
+static tsi_result ssl_handshaker_get_bytes_to_send_to_peer(tsi_handshaker* self,
+                                                           unsigned char* bytes,
+                                                           size_t* bytes_size) {
+  tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self;
   int bytes_read_from_ssl = 0;
-  if (bytes == NULL || bytes_size == NULL || *bytes_size == 0 ||
+  if (bytes == nullptr || bytes_size == nullptr || *bytes_size == 0 ||
       *bytes_size > INT_MAX) {
     return TSI_INVALID_ARGUMENT;
   }
@@ -921,8 +927,8 @@ static tsi_result ssl_handshaker_get_bytes_to_send_to_peer(tsi_handshaker *self,
   return BIO_pending(impl->from_ssl) == 0 ? TSI_OK : TSI_INCOMPLETE_DATA;
 }
 
-static tsi_result ssl_handshaker_get_result(tsi_handshaker *self) {
-  tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
+static tsi_result ssl_handshaker_get_result(tsi_handshaker* self) {
+  tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self;
   if ((impl->result == TSI_HANDSHAKE_IN_PROGRESS) &&
       SSL_is_init_finished(impl->ssl)) {
     impl->result = TSI_OK;
@@ -931,10 +937,10 @@ static tsi_result ssl_handshaker_get_result(tsi_handshaker *self) {
 }
 
 static tsi_result ssl_handshaker_process_bytes_from_peer(
-    tsi_handshaker *self, const unsigned char *bytes, size_t *bytes_size) {
-  tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
+    tsi_handshaker* self, const unsigned char* bytes, size_t* bytes_size) {
+  tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self;
   int bytes_written_into_ssl_size = 0;
-  if (bytes == NULL || bytes_size == 0 || *bytes_size > INT_MAX) {
+  if (bytes == nullptr || bytes_size == nullptr || *bytes_size > INT_MAX) {
     return TSI_INVALID_ARGUMENT;
   }
   GPR_ASSERT(*bytes_size <= INT_MAX);
@@ -976,14 +982,14 @@ static tsi_result ssl_handshaker_process_bytes_from_peer(
   }
 }
 
-static tsi_result ssl_handshaker_extract_peer(tsi_handshaker *self,
-                                              tsi_peer *peer) {
+static tsi_result ssl_handshaker_extract_peer(tsi_handshaker* self,
+                                              tsi_peer* peer) {
   tsi_result result = TSI_OK;
-  const unsigned char *alpn_selected = NULL;
+  const unsigned char* alpn_selected = nullptr;
   unsigned int alpn_selected_len;
-  tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
-  X509 *peer_cert = SSL_get_peer_certificate(impl->ssl);
-  if (peer_cert != NULL) {
+  tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self;
+  X509* peer_cert = SSL_get_peer_certificate(impl->ssl);
+  if (peer_cert != nullptr) {
     result = peer_from_x509(peer_cert, 1, peer);
     X509_free(peer_cert);
     if (result != TSI_OK) return result;
@@ -991,26 +997,26 @@ static tsi_result ssl_handshaker_extract_peer(tsi_handshaker *self,
 #if TSI_OPENSSL_ALPN_SUPPORT
   SSL_get0_alpn_selected(impl->ssl, &alpn_selected, &alpn_selected_len);
 #endif /* TSI_OPENSSL_ALPN_SUPPORT */
-  if (alpn_selected == NULL) {
+  if (alpn_selected == nullptr) {
     /* Try npn. */
     SSL_get0_next_proto_negotiated(impl->ssl, &alpn_selected,
                                    &alpn_selected_len);
   }
-  if (alpn_selected != NULL) {
+  if (alpn_selected != nullptr) {
     size_t i;
-    tsi_peer_property *new_properties =
-        gpr_zalloc(sizeof(*new_properties) * (peer->property_count + 1));
+    tsi_peer_property* new_properties = (tsi_peer_property*)gpr_zalloc(
+        sizeof(*new_properties) * (peer->property_count + 1));
     for (i = 0; i < peer->property_count; i++) {
       new_properties[i] = peer->properties[i];
     }
     result = tsi_construct_string_peer_property(
-        TSI_SSL_ALPN_SELECTED_PROTOCOL, (const char *)alpn_selected,
+        TSI_SSL_ALPN_SELECTED_PROTOCOL, (const char*)alpn_selected,
         alpn_selected_len, &new_properties[peer->property_count]);
     if (result != TSI_OK) {
       gpr_free(new_properties);
       return result;
     }
-    if (peer->properties != NULL) gpr_free(peer->properties);
+    if (peer->properties != nullptr) gpr_free(peer->properties);
     peer->property_count++;
     peer->properties = new_properties;
   }
@@ -1018,14 +1024,15 @@ static tsi_result ssl_handshaker_extract_peer(tsi_handshaker *self,
 }
 
 static tsi_result ssl_handshaker_create_frame_protector(
-    tsi_handshaker *self, size_t *max_output_protected_frame_size,
-    tsi_frame_protector **protector) {
+    tsi_handshaker* self, size_t* max_output_protected_frame_size,
+    tsi_frame_protector** protector) {
   size_t actual_max_output_protected_frame_size =
       TSI_SSL_MAX_PROTECTED_FRAME_SIZE_UPPER_BOUND;
-  tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
-  tsi_ssl_frame_protector *protector_impl = gpr_zalloc(sizeof(*protector_impl));
+  tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self;
+  tsi_ssl_frame_protector* protector_impl =
+      (tsi_ssl_frame_protector*)gpr_zalloc(sizeof(*protector_impl));
 
-  if (max_output_protected_frame_size != NULL) {
+  if (max_output_protected_frame_size != nullptr) {
     if (*max_output_protected_frame_size >
         TSI_SSL_MAX_PROTECTED_FRAME_SIZE_UPPER_BOUND) {
       *max_output_protected_frame_size =
@@ -1039,8 +1046,9 @@ static tsi_result ssl_handshaker_create_frame_protector(
   }
   protector_impl->buffer_size =
       actual_max_output_protected_frame_size - TSI_SSL_MAX_PROTECTION_OVERHEAD;
-  protector_impl->buffer = gpr_malloc(protector_impl->buffer_size);
-  if (protector_impl->buffer == NULL) {
+  protector_impl->buffer =
+      (unsigned char*)gpr_malloc(protector_impl->buffer_size);
+  if (protector_impl->buffer == nullptr) {
     gpr_log(GPR_ERROR,
             "Could not allocated buffer for tsi_ssl_frame_protector.");
     gpr_free(protector_impl);
@@ -1050,7 +1058,7 @@ static tsi_result ssl_handshaker_create_frame_protector(
   /* Transfer ownership of ssl to the frame protector. It is OK as the caller
    * cannot call anything else but destroy on the handshaker after this call. */
   protector_impl->ssl = impl->ssl;
-  impl->ssl = NULL;
+  impl->ssl = nullptr;
   protector_impl->into_ssl = impl->into_ssl;
   protector_impl->from_ssl = impl->from_ssl;
 
@@ -1059,8 +1067,8 @@ static tsi_result ssl_handshaker_create_frame_protector(
   return TSI_OK;
 }
 
-static void ssl_handshaker_destroy(tsi_handshaker *self) {
-  tsi_ssl_handshaker *impl = (tsi_ssl_handshaker *)self;
+static void ssl_handshaker_destroy(tsi_handshaker* self) {
+  tsi_ssl_handshaker* impl = (tsi_ssl_handshaker*)self;
   SSL_free(impl->ssl); /* The BIO objects are owned by ssl */
   tsi_ssl_handshaker_factory_unref(impl->factory_ref);
   gpr_free(impl);
@@ -1073,43 +1081,43 @@ static const tsi_handshaker_vtable handshaker_vtable = {
     ssl_handshaker_extract_peer,
     ssl_handshaker_create_frame_protector,
     ssl_handshaker_destroy,
-    NULL,
+    nullptr,
 };
 
 /* --- tsi_ssl_handshaker_factory common methods. --- */
 
-static tsi_result create_tsi_ssl_handshaker(SSL_CTX *ctx, int is_client,
-                                            const char *server_name_indication,
-                                            tsi_ssl_handshaker_factory *factory,
-                                            tsi_handshaker **handshaker) {
-  SSL *ssl = SSL_new(ctx);
-  BIO *into_ssl = NULL;
-  BIO *from_ssl = NULL;
-  tsi_ssl_handshaker *impl = NULL;
-  *handshaker = NULL;
-  if (ctx == NULL) {
+static tsi_result create_tsi_ssl_handshaker(SSL_CTX* ctx, int is_client,
+                                            const char* server_name_indication,
+                                            tsi_ssl_handshaker_factory* factory,
+                                            tsi_handshaker** handshaker) {
+  SSL* ssl = SSL_new(ctx);
+  BIO* into_ssl = nullptr;
+  BIO* from_ssl = nullptr;
+  tsi_ssl_handshaker* impl = nullptr;
+  *handshaker = nullptr;
+  if (ctx == nullptr) {
     gpr_log(GPR_ERROR, "SSL Context is null. Should never happen.");
     return TSI_INTERNAL_ERROR;
   }
-  if (ssl == NULL) {
+  if (ssl == nullptr) {
     return TSI_OUT_OF_RESOURCES;
   }
   SSL_set_info_callback(ssl, ssl_info_callback);
 
   into_ssl = BIO_new(BIO_s_mem());
   from_ssl = BIO_new(BIO_s_mem());
-  if (into_ssl == NULL || from_ssl == NULL) {
+  if (into_ssl == nullptr || from_ssl == nullptr) {
     gpr_log(GPR_ERROR, "BIO_new failed.");
     SSL_free(ssl);
-    if (into_ssl != NULL) BIO_free(into_ssl);
-    if (from_ssl != NULL) BIO_free(into_ssl);
+    if (into_ssl != nullptr) BIO_free(into_ssl);
+    if (from_ssl != nullptr) BIO_free(into_ssl);
     return TSI_OUT_OF_RESOURCES;
   }
   SSL_set_bio(ssl, into_ssl, from_ssl);
   if (is_client) {
     int ssl_result;
     SSL_set_connect_state(ssl);
-    if (server_name_indication != NULL) {
+    if (server_name_indication != nullptr) {
       if (!SSL_set_tlsext_host_name(ssl, server_name_indication)) {
         gpr_log(GPR_ERROR, "Invalid server name indication %s.",
                 server_name_indication);
@@ -1130,7 +1138,7 @@ static tsi_result create_tsi_ssl_handshaker(SSL_CTX *ctx, int is_client,
     SSL_set_accept_state(ssl);
   }
 
-  impl = gpr_zalloc(sizeof(*impl));
+  impl = (tsi_ssl_handshaker*)gpr_zalloc(sizeof(*impl));
   impl->ssl = ssl;
   impl->into_ssl = into_ssl;
   impl->from_ssl = from_ssl;
@@ -1142,16 +1150,16 @@ static tsi_result create_tsi_ssl_handshaker(SSL_CTX *ctx, int is_client,
   return TSI_OK;
 }
 
-static int select_protocol_list(const unsigned char **out,
-                                unsigned char *outlen,
-                                const unsigned char *client_list,
+static int select_protocol_list(const unsigned char** out,
+                                unsigned char* outlen,
+                                const unsigned char* client_list,
                                 size_t client_list_len,
-                                const unsigned char *server_list,
+                                const unsigned char* server_list,
                                 size_t server_list_len) {
-  const unsigned char *client_current = client_list;
+  const unsigned char* client_current = client_list;
   while ((unsigned int)(client_current - client_list) < client_list_len) {
     unsigned char client_current_len = *(client_current++);
-    const unsigned char *server_current = server_list;
+    const unsigned char* server_current = server_list;
     while ((server_current >= server_list) &&
            (uintptr_t)(server_current - server_list) < server_list_len) {
       unsigned char server_current_len = *(server_current++);
@@ -1171,36 +1179,36 @@ static int select_protocol_list(const unsigned char **out,
 /* --- tsi_ssl_client_handshaker_factory methods implementation. --- */
 
 tsi_result tsi_ssl_client_handshaker_factory_create_handshaker(
-    tsi_ssl_client_handshaker_factory *self, const char *server_name_indication,
-    tsi_handshaker **handshaker) {
+    tsi_ssl_client_handshaker_factory* self, const char* server_name_indication,
+    tsi_handshaker** handshaker) {
   return create_tsi_ssl_handshaker(self->ssl_context, 1, server_name_indication,
                                    &self->base, handshaker);
 }
 
 void tsi_ssl_client_handshaker_factory_unref(
-    tsi_ssl_client_handshaker_factory *self) {
-  if (self == NULL) return;
+    tsi_ssl_client_handshaker_factory* self) {
+  if (self == nullptr) return;
   tsi_ssl_handshaker_factory_unref(&self->base);
 }
 
 static void tsi_ssl_client_handshaker_factory_destroy(
-    tsi_ssl_handshaker_factory *factory) {
-  if (factory == NULL) return;
-  tsi_ssl_client_handshaker_factory *self =
-      (tsi_ssl_client_handshaker_factory *)factory;
-  if (self->ssl_context != NULL) SSL_CTX_free(self->ssl_context);
-  if (self->alpn_protocol_list != NULL) gpr_free(self->alpn_protocol_list);
+    tsi_ssl_handshaker_factory* factory) {
+  if (factory == nullptr) return;
+  tsi_ssl_client_handshaker_factory* self =
+      (tsi_ssl_client_handshaker_factory*)factory;
+  if (self->ssl_context != nullptr) SSL_CTX_free(self->ssl_context);
+  if (self->alpn_protocol_list != nullptr) gpr_free(self->alpn_protocol_list);
   gpr_free(self);
 }
 
-static int client_handshaker_factory_npn_callback(SSL *ssl, unsigned char **out,
-                                                  unsigned char *outlen,
-                                                  const unsigned char *in,
+static int client_handshaker_factory_npn_callback(SSL* ssl, unsigned char** out,
+                                                  unsigned char* outlen,
+                                                  const unsigned char* in,
                                                   unsigned int inlen,
-                                                  void *arg) {
-  tsi_ssl_client_handshaker_factory *factory =
-      (tsi_ssl_client_handshaker_factory *)arg;
-  return select_protocol_list((const unsigned char **)out, outlen,
+                                                  void* arg) {
+  tsi_ssl_client_handshaker_factory* factory =
+      (tsi_ssl_client_handshaker_factory*)arg;
+  return select_protocol_list((const unsigned char**)out, outlen,
                               factory->alpn_protocol_list,
                               factory->alpn_protocol_list_length, in, inlen);
 }
@@ -1208,44 +1216,44 @@ static int client_handshaker_factory_npn_callback(SSL *ssl, unsigned char **out,
 /* --- tsi_ssl_server_handshaker_factory methods implementation. --- */
 
 tsi_result tsi_ssl_server_handshaker_factory_create_handshaker(
-    tsi_ssl_server_handshaker_factory *self, tsi_handshaker **handshaker) {
+    tsi_ssl_server_handshaker_factory* self, tsi_handshaker** handshaker) {
   if (self->ssl_context_count == 0) return TSI_INVALID_ARGUMENT;
   /* Create the handshaker with the first context. We will switch if needed
      because of SNI in ssl_server_handshaker_factory_servername_callback.  */
-  return create_tsi_ssl_handshaker(self->ssl_contexts[0], 0, NULL, &self->base,
-                                   handshaker);
+  return create_tsi_ssl_handshaker(self->ssl_contexts[0], 0, nullptr,
+                                   &self->base, handshaker);
 }
 
 void tsi_ssl_server_handshaker_factory_unref(
-    tsi_ssl_server_handshaker_factory *self) {
-  if (self == NULL) return;
+    tsi_ssl_server_handshaker_factory* self) {
+  if (self == nullptr) return;
   tsi_ssl_handshaker_factory_unref(&self->base);
 }
 
 static void tsi_ssl_server_handshaker_factory_destroy(
-    tsi_ssl_handshaker_factory *factory) {
-  if (factory == NULL) return;
-  tsi_ssl_server_handshaker_factory *self =
-      (tsi_ssl_server_handshaker_factory *)factory;
+    tsi_ssl_handshaker_factory* factory) {
+  if (factory == nullptr) return;
+  tsi_ssl_server_handshaker_factory* self =
+      (tsi_ssl_server_handshaker_factory*)factory;
   size_t i;
   for (i = 0; i < self->ssl_context_count; i++) {
-    if (self->ssl_contexts[i] != NULL) {
+    if (self->ssl_contexts[i] != nullptr) {
       SSL_CTX_free(self->ssl_contexts[i]);
       tsi_peer_destruct(&self->ssl_context_x509_subject_names[i]);
     }
   }
-  if (self->ssl_contexts != NULL) gpr_free(self->ssl_contexts);
-  if (self->ssl_context_x509_subject_names != NULL) {
+  if (self->ssl_contexts != nullptr) gpr_free(self->ssl_contexts);
+  if (self->ssl_context_x509_subject_names != nullptr) {
     gpr_free(self->ssl_context_x509_subject_names);
   }
-  if (self->alpn_protocol_list != NULL) gpr_free(self->alpn_protocol_list);
+  if (self->alpn_protocol_list != nullptr) gpr_free(self->alpn_protocol_list);
   gpr_free(self);
 }
 
-static int does_entry_match_name(const char *entry, size_t entry_length,
-                                 const char *name) {
-  const char *dot;
-  const char *name_subdomain = NULL;
+static int does_entry_match_name(const char* entry, size_t entry_length,
+                                 const char* name) {
+  const char* dot;
+  const char* name_subdomain = nullptr;
   size_t name_length = strlen(name);
   size_t name_subdomain_length;
   if (entry_length == 0) return 0;
@@ -1271,7 +1279,7 @@ static int does_entry_match_name(const char *entry, size_t entry_length,
     return 0;
   }
   name_subdomain = strchr(name, '.');
-  if (name_subdomain == NULL) return 0;
+  if (name_subdomain == nullptr) return 0;
   name_subdomain_length = strlen(name_subdomain);
   if (name_subdomain_length < 2) return 0;
   name_subdomain++; /* Starts after the dot. */
@@ -1279,7 +1287,7 @@ static int does_entry_match_name(const char *entry, size_t entry_length,
   entry += 2; /* Remove *. */
   entry_length -= 2;
   dot = strchr(name_subdomain, '.');
-  if ((dot == NULL) || (dot == &name_subdomain[name_subdomain_length - 1])) {
+  if ((dot == nullptr) || (dot == &name_subdomain[name_subdomain_length - 1])) {
     gpr_log(GPR_ERROR, "Invalid toplevel subdomain: %s", name_subdomain);
     return 0;
   }
@@ -1290,13 +1298,13 @@ static int does_entry_match_name(const char *entry, size_t entry_length,
           strncmp(entry, name_subdomain, entry_length) == 0);
 }
 
-static int ssl_server_handshaker_factory_servername_callback(SSL *ssl, int *ap,
-                                                             void *arg) {
-  tsi_ssl_server_handshaker_factory *impl =
-      (tsi_ssl_server_handshaker_factory *)arg;
+static int ssl_server_handshaker_factory_servername_callback(SSL* ssl, int* ap,
+                                                             void* arg) {
+  tsi_ssl_server_handshaker_factory* impl =
+      (tsi_ssl_server_handshaker_factory*)arg;
   size_t i = 0;
-  const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
-  if (servername == NULL || strlen(servername) == 0) {
+  const char* servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+  if (servername == nullptr || strlen(servername) == 0) {
     return SSL_TLSEXT_ERR_NOACK;
   }
 
@@ -1313,10 +1321,10 @@ static int ssl_server_handshaker_factory_servername_callback(SSL *ssl, int *ap,
 
 #if TSI_OPENSSL_ALPN_SUPPORT
 static int server_handshaker_factory_alpn_callback(
-    SSL *ssl, const unsigned char **out, unsigned char *outlen,
-    const unsigned char *in, unsigned int inlen, void *arg) {
-  tsi_ssl_server_handshaker_factory *factory =
-      (tsi_ssl_server_handshaker_factory *)arg;
+    SSL* ssl, const unsigned char** out, unsigned char* outlen,
+    const unsigned char* in, unsigned int inlen, void* arg) {
+  tsi_ssl_server_handshaker_factory* factory =
+      (tsi_ssl_server_handshaker_factory*)arg;
   return select_protocol_list(out, outlen, in, inlen,
                               factory->alpn_protocol_list,
                               factory->alpn_protocol_list_length);
@@ -1324,9 +1332,9 @@ static int server_handshaker_factory_alpn_callback(
 #endif /* TSI_OPENSSL_ALPN_SUPPORT */
 
 static int server_handshaker_factory_npn_advertised_callback(
-    SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg) {
-  tsi_ssl_server_handshaker_factory *factory =
-      (tsi_ssl_server_handshaker_factory *)arg;
+    SSL* ssl, const unsigned char** out, unsigned int* outlen, void* arg) {
+  tsi_ssl_server_handshaker_factory* factory =
+      (tsi_ssl_server_handshaker_factory*)arg;
   *out = factory->alpn_protocol_list;
   GPR_ASSERT(factory->alpn_protocol_list_length <= UINT_MAX);
   *outlen = (unsigned int)factory->alpn_protocol_list_length;
@@ -1339,27 +1347,27 @@ static tsi_ssl_handshaker_factory_vtable client_handshaker_factory_vtable = {
     tsi_ssl_client_handshaker_factory_destroy};
 
 tsi_result tsi_create_ssl_client_handshaker_factory(
-    const tsi_ssl_pem_key_cert_pair *pem_key_cert_pair,
-    const char *pem_root_certs, const char *cipher_suites,
-    const char **alpn_protocols, uint16_t num_alpn_protocols,
-    tsi_ssl_client_handshaker_factory **factory) {
-  SSL_CTX *ssl_context = NULL;
-  tsi_ssl_client_handshaker_factory *impl = NULL;
+    const tsi_ssl_pem_key_cert_pair* pem_key_cert_pair,
+    const char* pem_root_certs, const char* cipher_suites,
+    const char** alpn_protocols, uint16_t num_alpn_protocols,
+    tsi_ssl_client_handshaker_factory** factory) {
+  SSL_CTX* ssl_context = nullptr;
+  tsi_ssl_client_handshaker_factory* impl = nullptr;
   tsi_result result = TSI_OK;
 
   gpr_once_init(&init_openssl_once, init_openssl);
 
-  if (factory == NULL) return TSI_INVALID_ARGUMENT;
-  *factory = NULL;
-  if (pem_root_certs == NULL) return TSI_INVALID_ARGUMENT;
+  if (factory == nullptr) return TSI_INVALID_ARGUMENT;
+  *factory = nullptr;
+  if (pem_root_certs == nullptr) return TSI_INVALID_ARGUMENT;
 
   ssl_context = SSL_CTX_new(TLSv1_2_method());
-  if (ssl_context == NULL) {
+  if (ssl_context == nullptr) {
     gpr_log(GPR_ERROR, "Could not create ssl context.");
     return TSI_INVALID_ARGUMENT;
   }
 
-  impl = gpr_zalloc(sizeof(*impl));
+  impl = (tsi_ssl_client_handshaker_factory*)gpr_zalloc(sizeof(*impl));
   tsi_ssl_handshaker_factory_init(&impl->base);
   impl->base.vtable = &client_handshaker_factory_vtable;
 
@@ -1370,7 +1378,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory(
         populate_ssl_context(ssl_context, pem_key_cert_pair, cipher_suites);
     if (result != TSI_OK) break;
     result = ssl_ctx_load_verification_certs(ssl_context, pem_root_certs,
-                                             strlen(pem_root_certs), NULL);
+                                             strlen(pem_root_certs), nullptr);
     if (result != TSI_OK) {
       gpr_log(GPR_ERROR, "Cannot load server root certificates.");
       break;
@@ -1403,7 +1411,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory(
     tsi_ssl_handshaker_factory_unref(&impl->base);
     return result;
   }
-  SSL_CTX_set_verify(ssl_context, SSL_VERIFY_PEER, NULL);
+  SSL_CTX_set_verify(ssl_context, SSL_VERIFY_PEER, nullptr);
   /* TODO(jboeuf): Add revocation verification. */
 
   *factory = impl;
@@ -1414,11 +1422,11 @@ static tsi_ssl_handshaker_factory_vtable server_handshaker_factory_vtable = {
     tsi_ssl_server_handshaker_factory_destroy};
 
 tsi_result tsi_create_ssl_server_handshaker_factory(
-    const tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs,
-    size_t num_key_cert_pairs, const char *pem_client_root_certs,
-    int force_client_auth, const char *cipher_suites,
-    const char **alpn_protocols, uint16_t num_alpn_protocols,
-    tsi_ssl_server_handshaker_factory **factory) {
+    const tsi_ssl_pem_key_cert_pair* pem_key_cert_pairs,
+    size_t num_key_cert_pairs, const char* pem_client_root_certs,
+    int force_client_auth, const char* cipher_suites,
+    const char** alpn_protocols, uint16_t num_alpn_protocols,
+    tsi_ssl_server_handshaker_factory** factory) {
   return tsi_create_ssl_server_handshaker_factory_ex(
       pem_key_cert_pairs, num_key_cert_pairs, pem_client_root_certs,
       force_client_auth ? TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
@@ -1427,32 +1435,33 @@ tsi_result tsi_create_ssl_server_handshaker_factory(
 }
 
 tsi_result tsi_create_ssl_server_handshaker_factory_ex(
-    const tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs,
-    size_t num_key_cert_pairs, const char *pem_client_root_certs,
+    const tsi_ssl_pem_key_cert_pair* pem_key_cert_pairs,
+    size_t num_key_cert_pairs, const char* pem_client_root_certs,
     tsi_client_certificate_request_type client_certificate_request,
-    const char *cipher_suites, const char **alpn_protocols,
-    uint16_t num_alpn_protocols, tsi_ssl_server_handshaker_factory **factory) {
-  tsi_ssl_server_handshaker_factory *impl = NULL;
+    const char* cipher_suites, const char** alpn_protocols,
+    uint16_t num_alpn_protocols, tsi_ssl_server_handshaker_factory** factory) {
+  tsi_ssl_server_handshaker_factory* impl = nullptr;
   tsi_result result = TSI_OK;
   size_t i = 0;
 
   gpr_once_init(&init_openssl_once, init_openssl);
 
-  if (factory == NULL) return TSI_INVALID_ARGUMENT;
-  *factory = NULL;
-  if (num_key_cert_pairs == 0 || pem_key_cert_pairs == NULL) {
+  if (factory == nullptr) return TSI_INVALID_ARGUMENT;
+  *factory = nullptr;
+  if (num_key_cert_pairs == 0 || pem_key_cert_pairs == nullptr) {
     return TSI_INVALID_ARGUMENT;
   }
 
-  impl = gpr_zalloc(sizeof(*impl));
+  impl = (tsi_ssl_server_handshaker_factory*)gpr_zalloc(sizeof(*impl));
   tsi_ssl_handshaker_factory_init(&impl->base);
   impl->base.vtable = &server_handshaker_factory_vtable;
 
-  impl->ssl_contexts = gpr_zalloc(num_key_cert_pairs * sizeof(SSL_CTX *));
+  impl->ssl_contexts =
+      (SSL_CTX**)gpr_zalloc(num_key_cert_pairs * sizeof(SSL_CTX*));
   impl->ssl_context_x509_subject_names =
-      gpr_zalloc(num_key_cert_pairs * sizeof(tsi_peer));
-  if (impl->ssl_contexts == NULL ||
-      impl->ssl_context_x509_subject_names == NULL) {
+      (tsi_peer*)gpr_zalloc(num_key_cert_pairs * sizeof(tsi_peer));
+  if (impl->ssl_contexts == nullptr ||
+      impl->ssl_context_x509_subject_names == nullptr) {
     tsi_ssl_handshaker_factory_unref(&impl->base);
     return TSI_OUT_OF_RESOURCES;
   }
@@ -1471,7 +1480,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(
   for (i = 0; i < num_key_cert_pairs; i++) {
     do {
       impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
-      if (impl->ssl_contexts[i] == NULL) {
+      if (impl->ssl_contexts[i] == nullptr) {
         gpr_log(GPR_ERROR, "Could not create ssl context.");
         result = TSI_OUT_OF_RESOURCES;
         break;
@@ -1480,8 +1489,8 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(
                                     &pem_key_cert_pairs[i], cipher_suites);
       if (result != TSI_OK) break;
 
-      if (pem_client_root_certs != NULL) {
-        STACK_OF(X509_NAME) *root_names = NULL;
+      if (pem_client_root_certs != nullptr) {
+        STACK_OF(X509_NAME)* root_names = nullptr;
         result = ssl_ctx_load_verification_certs(
             impl->ssl_contexts[i], pem_client_root_certs,
             strlen(pem_client_root_certs), &root_names);
@@ -1492,14 +1501,14 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(
         SSL_CTX_set_client_CA_list(impl->ssl_contexts[i], root_names);
         switch (client_certificate_request) {
           case TSI_DONT_REQUEST_CLIENT_CERTIFICATE:
-            SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_NONE, NULL);
+            SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_NONE, nullptr);
             break;
           case TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
             SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER,
                                NullVerifyCallback);
             break;
           case TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
-            SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, NULL);
+            SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, nullptr);
             break;
           case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
             SSL_CTX_set_verify(
@@ -1510,7 +1519,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(
           case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
             SSL_CTX_set_verify(
                 impl->ssl_contexts[i],
-                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
+                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
             break;
         }
         /* TODO(jboeuf): Add revocation verification. */
@@ -1546,16 +1555,16 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(
 
 /* --- tsi_ssl utils. --- */
 
-int tsi_ssl_peer_matches_name(const tsi_peer *peer, const char *name) {
+int tsi_ssl_peer_matches_name(const tsi_peer* peer, const char* name) {
   size_t i = 0;
   size_t san_count = 0;
-  const tsi_peer_property *cn_property = NULL;
+  const tsi_peer_property* cn_property = nullptr;
   int like_ip = looks_like_ip_address(name);
 
   /* Check the SAN first. */
   for (i = 0; i < peer->property_count; i++) {
-    const tsi_peer_property *property = &peer->properties[i];
-    if (property->name == NULL) continue;
+    const tsi_peer_property* property = &peer->properties[i];
+    if (property->name == nullptr) continue;
     if (strcmp(property->name,
                TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == 0) {
       san_count++;
@@ -1577,7 +1586,7 @@ int tsi_ssl_peer_matches_name(const tsi_peer *peer, const char *name) {
   }
 
   /* If there's no SAN, try the CN, but only if its not like an IP Address */
-  if (san_count == 0 && cn_property != NULL && !like_ip) {
+  if (san_count == 0 && cn_property != nullptr && !like_ip) {
     if (does_entry_match_name(cn_property->value.data,
                               cn_property->value.length, name)) {
       return 1;
@@ -1588,13 +1597,13 @@ int tsi_ssl_peer_matches_name(const tsi_peer *peer, const char *name) {
 }
 
 /* --- Testing support. --- */
-const tsi_ssl_handshaker_factory_vtable *tsi_ssl_handshaker_factory_swap_vtable(
-    tsi_ssl_handshaker_factory *factory,
-    tsi_ssl_handshaker_factory_vtable *new_vtable) {
-  GPR_ASSERT(factory != NULL);
-  GPR_ASSERT(factory->vtable != NULL);
+const tsi_ssl_handshaker_factory_vtable* tsi_ssl_handshaker_factory_swap_vtable(
+    tsi_ssl_handshaker_factory* factory,
+    tsi_ssl_handshaker_factory_vtable* new_vtable) {
+  GPR_ASSERT(factory != nullptr);
+  GPR_ASSERT(factory->vtable != nullptr);
 
-  const tsi_ssl_handshaker_factory_vtable *orig_vtable = factory->vtable;
+  const tsi_ssl_handshaker_factory_vtable* orig_vtable = factory->vtable;
   factory->vtable = new_vtable;
   return orig_vtable;
 }