Google Git
Sign in
boringssl / boringssl.git / 731058ec8eec747d681dda8dbe4fcfba571c7194^! / . / ssl
commit731058ec8eec747d681dda8dbe4fcfba571c7194[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sat Dec 03 23:15:13 2016 -0500
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Wed Dec 07 19:52:11 2016 +0000
tree3b77620833c046317a9d5300eb04d3738e308a12
parent91e9b0de0242c47e29026a6423073650d0f71f8c [diff]
Typedef ssl_early_callback_ctx to SSL_CLIENT_HELLO.

It's our ClientHello representation. May as well name it accordingly.
Also switch away from calling the variable name ctx as that conflicts
with SSL_CTX.

Change-Id: Iec0e597af37137270339e9754c6e08116198899e
Reviewed-on: https://boringssl-review.googlesource.com/12581
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index 99b821e..14c3a55 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c

@@ -524,8 +524,8 @@
   return ret;
 }
 
-int ssl_client_cipher_list_contains_cipher(
-    const struct ssl_early_callback_ctx *client_hello, uint16_t id) {
+int ssl_client_cipher_list_contains_cipher(const SSL_CLIENT_HELLO *client_hello,
+                                           uint16_t id) {
   CBS cipher_suites;
   CBS_init(&cipher_suites, client_hello->cipher_suites,
            client_hello->cipher_suites_len);
@@ -544,9 +544,8 @@
   return 0;
 }
 
-static int negotiate_version(
-    SSL *ssl, uint8_t *out_alert,
-    const struct ssl_early_callback_ctx *client_hello) {
+static int negotiate_version(SSL *ssl, uint8_t *out_alert,
+                             const SSL_CLIENT_HELLO *client_hello) {
   uint16_t min_version, max_version;
   if (!ssl_get_version_range(ssl, &min_version, &max_version)) {
     *out_alert = SSL_AD_PROTOCOL_VERSION;
@@ -556,8 +555,8 @@
   uint16_t version = 0;
   /* Check supported_versions extension if it is present. */
   CBS supported_versions;
-  if (ssl_early_callback_get_extension(client_hello, &supported_versions,
-                                       TLSEXT_TYPE_supported_versions)) {
+  if (ssl_client_hello_get_extension(client_hello, &supported_versions,
+                                     TLSEXT_TYPE_supported_versions)) {
     CBS versions;
     if (!CBS_get_u8_length_prefixed(&supported_versions, &versions) ||
         CBS_len(&supported_versions) != 0 ||
@@ -670,9 +669,9 @@
     ssl->state = SSL3_ST_SR_CLNT_HELLO_B;
   }
 
-  struct ssl_early_callback_ctx client_hello;
-  if (!ssl_early_callback_init(ssl, &client_hello, ssl->init_msg,
-                               ssl->init_num)) {
+  SSL_CLIENT_HELLO client_hello;
+  if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
+                             ssl->init_num)) {
     al = SSL_AD_DECODE_ERROR;
     OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
     goto f_err;

diff --git a/ssl/internal.h b/ssl/internal.h
index fe3d610..9fd416d 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1100,7 +1100,7 @@
  * one on successful negotiation or if nothing was negotiated. It returns zero
  * and sets |*out_alert| to an alert on error. */
 int ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
-                       const struct ssl_early_callback_ctx *client_hello);
+                       const SSL_CLIENT_HELLO *client_hello);
 
 typedef struct {
   uint16_t type;
@@ -1137,17 +1137,17 @@
 
 /* ClientHello functions. */
 
-int ssl_early_callback_init(SSL *ssl, struct ssl_early_callback_ctx *ctx,
-                            const uint8_t *in, size_t in_len);
+int ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out, const uint8_t *in,
+                          size_t in_len);
 
-int ssl_early_callback_get_extension(const struct ssl_early_callback_ctx *ctx,
-                                     CBS *out, uint16_t extension_type);
+int ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
+                                   CBS *out, uint16_t extension_type);
 
 STACK_OF(SSL_CIPHER) *
-    ssl_parse_client_cipher_list(const struct ssl_early_callback_ctx *ctx);
+    ssl_parse_client_cipher_list(const SSL_CLIENT_HELLO *client_hello);
 
-int ssl_client_cipher_list_contains_cipher(
-    const struct ssl_early_callback_ctx *client_hello, uint16_t id);
+int ssl_client_cipher_list_contains_cipher(const SSL_CLIENT_HELLO *client_hello,
+                                           uint16_t id);
 
 
 /* GREASE. */
@@ -1672,14 +1672,14 @@
   ssl_session_retry,
 };
 
-/* ssl_get_prev_session looks up the previous session based on |ctx|. On
- * success, it sets |*out_session| to the session or NULL if none was found. If
- * the session could not be looked up synchronously, it returns
+/* ssl_get_prev_session looks up the previous session based on |client_hello|.
+ * On success, it sets |*out_session| to the session or NULL if none was found.
+ * If the session could not be looked up synchronously, it returns
  * |ssl_session_retry| and should be called again. Otherwise, it returns
  * |ssl_session_error|.  */
 enum ssl_session_result_t ssl_get_prev_session(
     SSL *ssl, SSL_SESSION **out_session, int *out_tickets_supported,
-    int *out_renew_ticket, const struct ssl_early_callback_ctx *ctx);
+    int *out_renew_ticket, const SSL_CLIENT_HELLO *client_hello);
 
 /* The following flags determine which parts of the session are duplicated. */
 #define SSL_SESSION_DUP_AUTH_ONLY 0x0
@@ -1754,7 +1754,7 @@
 int ssl3_output_cert_chain(SSL *ssl);
 
 const SSL_CIPHER *ssl3_choose_cipher(
-    SSL_HANDSHAKE *hs, const struct ssl_early_callback_ctx *client_hello,
+    SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello,
     const struct ssl_cipher_preference_list_st *srvr);
 
 int ssl3_new(SSL *ssl);
@@ -1876,8 +1876,8 @@
 int ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, size_t header_len);
 
 int ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out);
-int ssl_parse_clienthello_tlsext(
-    SSL_HANDSHAKE *hs, const struct ssl_early_callback_ctx *client_hello);
+int ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
+                                 const SSL_CLIENT_HELLO *client_hello);
 int ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs);
 
 #define tlsext_tick_md EVP_sha256

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index d905ffe..505a7c6 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c

@@ -241,7 +241,7 @@
 }
 
 const SSL_CIPHER *ssl3_choose_cipher(
-    SSL_HANDSHAKE *hs, const struct ssl_early_callback_ctx *client_hello,
+    SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello,
     const struct ssl_cipher_preference_list_st *server_pref) {
   SSL *const ssl = hs->ssl;
   const SSL_CIPHER *c, *ret = NULL;

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 8c1a300..7ac4016 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -1693,9 +1693,10 @@
 }
 
 STACK_OF(SSL_CIPHER) *
-    ssl_parse_client_cipher_list(const struct ssl_early_callback_ctx *ctx) {
+    ssl_parse_client_cipher_list(const SSL_CLIENT_HELLO *client_hello) {
   CBS cipher_suites;
-  CBS_init(&cipher_suites, ctx->cipher_suites, ctx->cipher_suites_len);
+  CBS_init(&cipher_suites, client_hello->cipher_suites,
+           client_hello->cipher_suites_len);
 
   STACK_OF(SSL_CIPHER) *sk = sk_SSL_CIPHER_new_null();
   if (sk == NULL) {
@@ -2843,13 +2844,13 @@
 
 int SSL_is_dtls(const SSL *ssl) { return ssl->method->is_dtls; }
 
-void SSL_CTX_set_select_certificate_cb(
-    SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)) {
+void SSL_CTX_set_select_certificate_cb(SSL_CTX *ctx,
+                                       int (*cb)(const SSL_CLIENT_HELLO *)) {
   ctx->select_certificate_cb = cb;
 }
 
-void SSL_CTX_set_dos_protection_cb(
-    SSL_CTX *ctx, int (*cb)(const struct ssl_early_callback_ctx *)) {
+void SSL_CTX_set_dos_protection_cb(SSL_CTX *ctx,
+                                   int (*cb)(const SSL_CLIENT_HELLO *)) {
   ctx->dos_protection_cb = cb;
 }
 

diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index ad75d22..8ff8ee1 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c

@@ -722,7 +722,7 @@
 
 enum ssl_session_result_t ssl_get_prev_session(
     SSL *ssl, SSL_SESSION **out_session, int *out_tickets_supported,
-    int *out_renew_ticket, const struct ssl_early_callback_ctx *ctx) {
+    int *out_renew_ticket, const SSL_CLIENT_HELLO *client_hello) {
   /* This is used only by servers. */
   assert(ssl->server);
   SSL_SESSION *session = NULL;
@@ -734,17 +734,18 @@
   const int tickets_supported =
       !(SSL_get_options(ssl) & SSL_OP_NO_TICKET) &&
       ssl->version > SSL3_VERSION &&
-      SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_session_ticket,
-                                           &ticket, &ticket_len);
+      SSL_early_callback_ctx_extension_get(
+          client_hello, TLSEXT_TYPE_session_ticket, &ticket, &ticket_len);
   if (tickets_supported && ticket_len > 0) {
     if (!tls_process_ticket(ssl, &session, &renew_ticket, ticket, ticket_len,
-                            ctx->session_id, ctx->session_id_len)) {
+                            client_hello->session_id,
+                            client_hello->session_id_len)) {
       return ssl_session_error;
     }
   } else {
     /* The client didn't send a ticket, so the session ID is a real ID. */
     enum ssl_session_result_t lookup_ret = ssl_lookup_session(
-        ssl, &session, ctx->session_id, ctx->session_id_len);
+        ssl, &session, client_hello->session_id, client_hello->session_id_len);
     if (lookup_ret != ssl_session_success) {
       return lookup_ret;
     }

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 283b737..c2bb990 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc

@@ -2030,11 +2030,11 @@
   return SSL_TLSEXT_ERR_OK;
 }
 
-static int SwitchSessionIDContextEarly(
-    const struct ssl_early_callback_ctx *ctx) {
+static int SwitchSessionIDContextEarly(const SSL_CLIENT_HELLO *client_hello) {
   static const uint8_t kContext[] = {3};
 
-  if (!SSL_set_session_id_context(ctx->ssl, kContext, sizeof(kContext))) {
+  if (!SSL_set_session_id_context(client_hello->ssl, kContext,
+                                  sizeof(kContext))) {
     return -1;
   }
 
@@ -2511,8 +2511,8 @@
   return true;
 }
 
-static int SetMaxVersion(const struct ssl_early_callback_ctx *ctx) {
-  if (!SSL_set_max_proto_version(ctx->ssl, TLS1_2_VERSION)) {
+static int SetMaxVersion(const SSL_CLIENT_HELLO *client_hello) {
+  if (!SSL_set_max_proto_version(client_hello->ssl, TLS1_2_VERSION)) {
     return -1;
   }
 

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 85c2789..0f20314 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -203,29 +203,29 @@
   return ret;
 }
 
-int ssl_early_callback_init(SSL *ssl, struct ssl_early_callback_ctx *ctx,
-                            const uint8_t *in, size_t in_len) {
-  memset(ctx, 0, sizeof(*ctx));
-  ctx->ssl = ssl;
-  ctx->client_hello = in;
-  ctx->client_hello_len = in_len;
+int ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out, const uint8_t *in,
+                          size_t in_len) {
+  memset(out, 0, sizeof(*out));
+  out->ssl = ssl;
+  out->client_hello = in;
+  out->client_hello_len = in_len;
 
   CBS client_hello, random, session_id;
-  CBS_init(&client_hello, ctx->client_hello, ctx->client_hello_len);
-  if (!CBS_get_u16(&client_hello, &ctx->version) ||
+  CBS_init(&client_hello, out->client_hello, out->client_hello_len);
+  if (!CBS_get_u16(&client_hello, &out->version) ||
       !CBS_get_bytes(&client_hello, &random, SSL3_RANDOM_SIZE) ||
       !CBS_get_u8_length_prefixed(&client_hello, &session_id) ||
       CBS_len(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) {
     return 0;
   }
 
-  ctx->random = CBS_data(&random);
-  ctx->random_len = CBS_len(&random);
-  ctx->session_id = CBS_data(&session_id);
-  ctx->session_id_len = CBS_len(&session_id);
+  out->random = CBS_data(&random);
+  out->random_len = CBS_len(&random);
+  out->session_id = CBS_data(&session_id);
+  out->session_id_len = CBS_len(&session_id);
 
   /* Skip past DTLS cookie */
-  if (SSL_is_dtls(ctx->ssl)) {
+  if (SSL_is_dtls(out->ssl)) {
     CBS cookie;
     if (!CBS_get_u8_length_prefixed(&client_hello, &cookie) ||
         CBS_len(&cookie) > DTLS1_COOKIE_LENGTH) {
@@ -241,16 +241,16 @@
     return 0;
   }
 
-  ctx->cipher_suites = CBS_data(&cipher_suites);
-  ctx->cipher_suites_len = CBS_len(&cipher_suites);
-  ctx->compression_methods = CBS_data(&compression_methods);
-  ctx->compression_methods_len = CBS_len(&compression_methods);
+  out->cipher_suites = CBS_data(&cipher_suites);
+  out->cipher_suites_len = CBS_len(&cipher_suites);
+  out->compression_methods = CBS_data(&compression_methods);
+  out->compression_methods_len = CBS_len(&compression_methods);
 
   /* If the ClientHello ends here then it's valid, but doesn't have any
    * extensions. (E.g. SSLv3.) */
   if (CBS_len(&client_hello) == 0) {
-    ctx->extensions = NULL;
-    ctx->extensions_len = 0;
+    out->extensions = NULL;
+    out->extensions_len = 0;
     return 1;
   }
 
@@ -262,16 +262,16 @@
     return 0;
   }
 
-  ctx->extensions = CBS_data(&extensions);
-  ctx->extensions_len = CBS_len(&extensions);
+  out->extensions = CBS_data(&extensions);
+  out->extensions_len = CBS_len(&extensions);
 
   return 1;
 }
 
-int ssl_early_callback_get_extension(const struct ssl_early_callback_ctx *ctx,
-                                     CBS *out, uint16_t extension_type) {
+int ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
+                                   CBS *out, uint16_t extension_type) {
   CBS extensions;
-  CBS_init(&extensions, ctx->extensions, ctx->extensions_len);
+  CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
   while (CBS_len(&extensions) != 0) {
     /* Decode the next extension. */
     uint16_t type;
@@ -290,11 +290,12 @@
   return 0;
 }
 
-int SSL_early_callback_ctx_extension_get(
-    const struct ssl_early_callback_ctx *ctx, uint16_t extension_type,
-    const uint8_t **out_data, size_t *out_len) {
+int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello,
+                                         uint16_t extension_type,
+                                         const uint8_t **out_data,
+                                         size_t *out_len) {
   CBS cbs;
-  if (!ssl_early_callback_get_extension(ctx, &cbs, extension_type)) {
+  if (!ssl_client_hello_get_extension(client_hello, &cbs, extension_type)) {
     return 0;
   }
 
@@ -1533,11 +1534,11 @@
 }
 
 int ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
-                       const struct ssl_early_callback_ctx *client_hello) {
+                       const SSL_CLIENT_HELLO *client_hello) {
   SSL *const ssl = hs->ssl;
   CBS contents;
   if (ssl->ctx->alpn_select_cb == NULL ||
-      !ssl_early_callback_get_extension(
+      !ssl_client_hello_get_extension(
           client_hello, &contents,
           TLSEXT_TYPE_application_layer_protocol_negotiation)) {
     /* Ignore ALPN if not configured or no extension was supplied. */
@@ -2882,9 +2883,9 @@
   return 0;
 }
 
-static int ssl_scan_clienthello_tlsext(
-    SSL_HANDSHAKE *hs, const struct ssl_early_callback_ctx *client_hello,
-    int *out_alert) {
+static int ssl_scan_clienthello_tlsext(SSL_HANDSHAKE *hs,
+                                       const SSL_CLIENT_HELLO *client_hello,
+                                       int *out_alert) {
   SSL *const ssl = hs->ssl;
   for (size_t i = 0; i < kNumExtensions; i++) {
     if (kExtensions[i].init != NULL) {
@@ -2968,8 +2969,8 @@
   return 1;
 }
 
-int ssl_parse_clienthello_tlsext(
-    SSL_HANDSHAKE *hs, const struct ssl_early_callback_ctx *client_hello) {
+int ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
+                                 const SSL_CLIENT_HELLO *client_hello) {
   SSL *const ssl = hs->ssl;
   int alert = -1;
   if (ssl_scan_clienthello_tlsext(hs, client_hello, &alert) <= 0) {

diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 97860c4..179f04b 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc

@@ -438,9 +438,9 @@
   return true;
 }
 
-static int SelectCertificateCallback(const struct ssl_early_callback_ctx *ctx) {
-  const TestConfig *config = GetTestConfig(ctx->ssl);
-  GetTestState(ctx->ssl)->early_callback_called = true;
+static int SelectCertificateCallback(const SSL_CLIENT_HELLO *client_hello) {
+  const TestConfig *config = GetTestConfig(client_hello->ssl);
+  GetTestState(client_hello->ssl)->early_callback_called = true;
 
   if (!config->expected_server_name.empty()) {
     const uint8_t *extension_data;
@@ -448,9 +448,9 @@
     CBS extension, server_name_list, host_name;
     uint8_t name_type;
 
-    if (!SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
-                                              &extension_data,
-                                              &extension_len)) {
+    if (!SSL_early_callback_ctx_extension_get(
+            client_hello, TLSEXT_TYPE_server_name, &extension_data,
+            &extension_len)) {
       fprintf(stderr, "Could not find server_name extension.\n");
       return -1;
     }
@@ -483,7 +483,7 @@
       // Install the certificate asynchronously.
       return 0;
     }
-    if (!InstallCertificate(ctx->ssl)) {
+    if (!InstallCertificate(client_hello->ssl)) {
       return -1;
     }
   }
@@ -697,8 +697,8 @@
   }
 }
 
-static int DDoSCallback(const struct ssl_early_callback_ctx *early_context) {
-  const TestConfig *config = GetTestConfig(early_context->ssl);
+static int DDoSCallback(const SSL_CLIENT_HELLO *client_hello) {
+  const TestConfig *config = GetTestConfig(client_hello->ssl);
   static int callback_num = 0;
 
   callback_num++;

diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
index 6bd6764..626d2ee 100644
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c

@@ -54,14 +54,14 @@
 static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
 
 static int resolve_ecdhe_secret(SSL_HANDSHAKE *hs, int *out_need_retry,
-                                struct ssl_early_callback_ctx *early_ctx) {
+                                SSL_CLIENT_HELLO *client_hello) {
   SSL *const ssl = hs->ssl;
   *out_need_retry = 0;
 
   /* We only support connections that include an ECDHE key exchange. */
   CBS key_share;
-  if (!ssl_early_callback_get_extension(early_ctx, &key_share,
-                                        TLSEXT_TYPE_key_share)) {
+  if (!ssl_client_hello_get_extension(client_hello, &key_share,
+                                      TLSEXT_TYPE_key_share)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
     return 0;
@@ -94,9 +94,9 @@
     return ssl_hs_error;
   }
 
-  struct ssl_early_callback_ctx client_hello;
-  if (!ssl_early_callback_init(ssl, &client_hello, ssl->init_msg,
-                               ssl->init_num)) {
+  SSL_CLIENT_HELLO client_hello;
+  if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
+                             ssl->init_num)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
     return ssl_hs_error;
@@ -130,7 +130,7 @@
 }
 
 static const SSL_CIPHER *choose_tls13_cipher(
-    const SSL *ssl, const struct ssl_early_callback_ctx *client_hello) {
+    const SSL *ssl, const SSL_CLIENT_HELLO *client_hello) {
   if (client_hello->cipher_suites_len % 2 != 0) {
     return NULL;
   }
@@ -191,9 +191,9 @@
     }
   }
 
-  struct ssl_early_callback_ctx client_hello;
-  if (!ssl_early_callback_init(ssl, &client_hello, ssl->init_msg,
-                               ssl->init_num)) {
+  SSL_CLIENT_HELLO client_hello;
+  if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
+                             ssl->init_num)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
     return ssl_hs_error;
@@ -212,8 +212,8 @@
   SSL_SESSION *session = NULL;
   CBS pre_shared_key, binders;
   if (hs->accept_psk_mode &&
-      ssl_early_callback_get_extension(&client_hello, &pre_shared_key,
-                                       TLSEXT_TYPE_pre_shared_key)) {
+      ssl_client_hello_get_extension(&client_hello, &pre_shared_key,
+                                     TLSEXT_TYPE_pre_shared_key)) {
     /* Verify that the pre_shared_key extension is the last extension in
      * ClientHello. */
     if (CBS_data(&pre_shared_key) + CBS_len(&pre_shared_key) !=
@@ -352,9 +352,9 @@
     return ssl_hs_error;
   }
 
-  struct ssl_early_callback_ctx client_hello;
-  if (!ssl_early_callback_init(ssl, &client_hello, ssl->init_msg,
-                               ssl->init_num)) {
+  SSL_CLIENT_HELLO client_hello;
+  if (!ssl_client_hello_init(ssl, &client_hello, ssl->init_msg,
+                             ssl->init_num)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
     return ssl_hs_error;