[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Tue Jan 10 03:32:55 UTC 2017


The branch master has been updated
       via  1ed327f7dfe02a062e50cd844a925c970c645c7c (commit)
       via  8cbfcc70bf37886064ef852dda9e1bf40e904756 (commit)
       via  aff8c126fd8db84fa4ef623997a8c4200a14a44f (commit)
      from  18e3ab7bc4fd5711014d60ddf40cda25988e4e18 (commit)


- Log -----------------------------------------------------------------
commit 1ed327f7dfe02a062e50cd844a925c970c645c7c
Author: Rich Salz <rsalz at openssl.org>
Date:   Mon Jan 9 12:42:15 2017 -0500

    Review comments
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2052)

commit 8cbfcc70bf37886064ef852dda9e1bf40e904756
Author: Rich Salz <rsalz at openssl.org>
Date:   Sun Dec 11 15:01:28 2016 -0500

    Use typedefs for PSK, NPN, ALPN callback functions
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2052)

commit aff8c126fd8db84fa4ef623997a8c4200a14a44f
Author: Rich Salz <rsalz at openssl.org>
Date:   Thu Dec 8 14:18:40 2016 -0500

    Move extension data into sub-structs
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2052)

-----------------------------------------------------------------------

Summary of changes:
 include/openssl/ssl.h        | 113 ++++++-----------
 ssl/s3_lib.c                 | 144 ++++++++++-----------
 ssl/ssl_asn1.c               |  20 +--
 ssl/ssl_lib.c                | 213 +++++++++++++------------------
 ssl/ssl_locl.h               | 292 +++++++++++++++++++++----------------------
 ssl/ssl_sess.c               | 119 +++++++++---------
 ssl/ssl_txt.c                |   8 +-
 ssl/statem/extensions.c      |  60 ++++-----
 ssl/statem/extensions_clnt.c | 130 ++++++++++---------
 ssl/statem/extensions_srvr.c |  70 +++++------
 ssl/statem/statem_clnt.c     |  63 +++++-----
 ssl/statem/statem_srvr.c     |  56 ++++-----
 ssl/t1_lib.c                 |  69 +++++-----
 test/handshake_helper.c      |   8 +-
 test/ossl_shim/ossl_shim.cc  |   2 +-
 test/ssltest_old.c           |  10 +-
 16 files changed, 651 insertions(+), 726 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 05bd5ed..9dc4a3f 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -656,21 +656,30 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
                                                                unsigned int
                                                                cookie_len));
 # ifndef OPENSSL_NO_NEXTPROTONEG
+
+typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl,
+                                              const unsigned char **out,
+                                              unsigned int *outlen,
+                                              void *arg);
 void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
-                                           int (*cb) (SSL *ssl,
-                                                      const unsigned char
-                                                      **out,
-                                                      unsigned int *outlen,
-                                                      void *arg), void *arg);
+                                   SSL_CTX_npn_advertised_cb_func cb,
+                                   void *arg);
+#  define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb
+
+typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s,
+                                          unsigned char **out,
+                                          unsigned char *outlen,
+                                          const unsigned char *in,
+                                          unsigned int inlen,
+                                          void *arg);
 void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-                                      int (*cb) (SSL *ssl,
-                                                 unsigned char **out,
-                                                 unsigned char *outlen,
-                                                 const unsigned char *in,
-                                                 unsigned int inlen,
-                                                 void *arg), void *arg);
+                                      SSL_CTX_npn_select_cb_func cb,
+                                      void *arg);
+#  define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb
+
 void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
                                     unsigned *len);
+#  define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated
 # endif
 
 __owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
@@ -686,13 +695,15 @@ __owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
                                    unsigned int protos_len);
 __owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
                                unsigned int protos_len);
-void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
-                                int (*cb) (SSL *ssl,
+typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl,
                                            const unsigned char **out,
                                            unsigned char *outlen,
                                            const unsigned char *in,
                                            unsigned int inlen,
-                                           void *arg), void *arg);
+                                           void *arg);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                SSL_CTX_alpn_select_cb_func cb,
+                                void *arg);
 void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
                             unsigned int *len);
 
@@ -703,64 +714,22 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
  */
 #  define PSK_MAX_IDENTITY_LEN 128
 #  define PSK_MAX_PSK_LEN 256
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
-                                     unsigned int (*psk_client_callback) (SSL
-                                                                          *ssl,
-                                                                          const
-                                                                          char
-                                                                          *hint,
-                                                                          char
-                                                                          *identity,
-                                                                          unsigned
-                                                                          int
-                                                                          max_identity_len,
-                                                                          unsigned
-                                                                          char
-                                                                          *psk,
-                                                                          unsigned
-                                                                          int
-                                                                          max_psk_len));
-void SSL_set_psk_client_callback(SSL *ssl,
-                                 unsigned int (*psk_client_callback) (SSL
-                                                                      *ssl,
-                                                                      const
-                                                                      char
-                                                                      *hint,
-                                                                      char
-                                                                      *identity,
-                                                                      unsigned
-                                                                      int
-                                                                      max_identity_len,
-                                                                      unsigned
-                                                                      char
-                                                                      *psk,
-                                                                      unsigned
-                                                                      int
-                                                                      max_psk_len));
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
-                                     unsigned int (*psk_server_callback) (SSL
-                                                                          *ssl,
-                                                                          const
-                                                                          char
-                                                                          *identity,
-                                                                          unsigned
-                                                                          char
-                                                                          *psk,
-                                                                          unsigned
-                                                                          int
-                                                                          max_psk_len));
-void SSL_set_psk_server_callback(SSL *ssl,
-                                 unsigned int (*psk_server_callback) (SSL
-                                                                      *ssl,
-                                                                      const
-                                                                      char
-                                                                      *identity,
-                                                                      unsigned
-                                                                      char
-                                                                      *psk,
-                                                                      unsigned
-                                                                      int
-                                                                      max_psk_len));
+typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
+                                               const char *hint,
+                                               char *identity,
+                                               unsigned int max_identity_len,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
+void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
+
+typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
+                                               const char *identity,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
+void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
+
 __owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
 __owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
 const char *SSL_get_psk_identity_hint(const SSL *s);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 524f530..4010985 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2882,9 +2882,9 @@ void ssl3_clear(SSL *s)
     s->version = SSL3_VERSION;
 
 #if !defined(OPENSSL_NO_NEXTPROTONEG)
-    OPENSSL_free(s->next_proto_negotiated);
-    s->next_proto_negotiated = NULL;
-    s->next_proto_negotiated_len = 0;
+    OPENSSL_free(s->ext.npn);
+    s->ext.npn = NULL;
+    s->ext.npn_len = 0;
 #endif
 }
 
@@ -2969,8 +2969,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
             nid = EC_GROUP_get_curve_name(group);
             if (nid == NID_undef)
                 return 0;
-            return tls1_set_groups(&s->tlsext_supportedgroupslist,
-                                   &s->tlsext_supportedgroupslist_length,
+            return tls1_set_groups(&s->ext.supportedgroups,
+                                   &s->ext.supportedgroups_len,
                                    &nid, 1);
         }
         break;
@@ -2979,8 +2979,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
         if (larg == TLSEXT_NAMETYPE_host_name) {
             size_t len;
 
-            OPENSSL_free(s->tlsext_hostname);
-            s->tlsext_hostname = NULL;
+            OPENSSL_free(s->ext.hostname);
+            s->ext.hostname = NULL;
 
             ret = 1;
             if (parg == NULL)
@@ -2990,7 +2990,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                 SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
                 return 0;
             }
-            if ((s->tlsext_hostname = OPENSSL_strdup((char *)parg)) == NULL) {
+            if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
                 SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
                 return 0;
             }
@@ -3000,50 +3000,50 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
         }
         break;
     case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
-        s->tlsext_debug_arg = parg;
+        s->ext.debug_arg = parg;
         ret = 1;
         break;
 
     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
-        ret = s->tlsext_status_type;
+        ret = s->ext.status_type;
         break;
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
-        s->tlsext_status_type = larg;
+        s->ext.status_type = larg;
         ret = 1;
         break;
 
     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
-        *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
+        *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
         ret = 1;
         break;
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
-        s->tlsext_ocsp_exts = parg;
+        s->ext.ocsp.exts = parg;
         ret = 1;
         break;
 
     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
-        *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
+        *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
         ret = 1;
         break;
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
-        s->tlsext_ocsp_ids = parg;
+        s->ext.ocsp.ids = parg;
         ret = 1;
         break;
 
     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
-        *(unsigned char **)parg = s->tlsext_ocsp_resp;
-        if (s->tlsext_ocsp_resplen == 0
-                || s->tlsext_ocsp_resplen > LONG_MAX)
+        *(unsigned char **)parg = s->ext.ocsp.resp;
+        if (s->ext.ocsp.resp_len == 0
+                || s->ext.ocsp.resp_len > LONG_MAX)
             return -1;
-        return (long)s->tlsext_ocsp_resplen;
+        return (long)s->ext.ocsp.resp_len;
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
-        OPENSSL_free(s->tlsext_ocsp_resp);
-        s->tlsext_ocsp_resp = parg;
-        s->tlsext_ocsp_resplen = larg;
+        OPENSSL_free(s->ext.ocsp.resp);
+        s->ext.ocsp.resp = parg;
+        s->ext.ocsp.resp_len = larg;
         ret = 1;
         break;
 
@@ -3101,10 +3101,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
         {
             unsigned char *clist;
             size_t clistlen;
+
             if (!s->session)
                 return 0;
-            clist = s->session->tlsext_supportedgroupslist;
-            clistlen = s->session->tlsext_supportedgroupslist_length / 2;
+            clist = s->session->ext.supportedgroups;
+            clistlen = s->session->ext.supportedgroups_len / 2;
             if (parg) {
                 size_t i;
                 int *cptr = parg;
@@ -3123,12 +3124,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
         }
 
     case SSL_CTRL_SET_GROUPS:
-        return tls1_set_groups(&s->tlsext_supportedgroupslist,
-                               &s->tlsext_supportedgroupslist_length, parg, larg);
+        return tls1_set_groups(&s->ext.supportedgroups,
+                               &s->ext.supportedgroups_len, parg, larg);
 
     case SSL_CTRL_SET_GROUPS_LIST:
-        return tls1_set_groups_list(&s->tlsext_supportedgroupslist,
-                                    &s->tlsext_supportedgroupslist_length, parg);
+        return tls1_set_groups_list(&s->ext.supportedgroups,
+                                    &s->ext.supportedgroups_len, parg);
 
     case SSL_CTRL_GET_SHARED_GROUP:
         return tls1_shared_group(s, larg);
@@ -3208,10 +3209,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
         {
             SSL_SESSION *sess = s->session;
             const unsigned char **pformat = parg;
-            if (!sess || !sess->tlsext_ecpointformatlist)
+
+            if (sess == NULL || sess->ext.ecpointformats == NULL)
                 return 0;
-            *pformat = sess->tlsext_ecpointformatlist;
-            return (int)sess->tlsext_ecpointformatlist_length;
+            *pformat = sess->ext.ecpointformats;
+            return (int)sess->ext.ecpointformats_len;
         }
 #endif
 
@@ -3234,8 +3236,8 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
         break;
 #endif
     case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
-        s->tlsext_debug_cb = (void (*)(SSL *, int, int,
-                                       const unsigned char *, int, void *))fp;
+        s->ext.debug_cb = (void (*)(SSL *, int, int,
+                                    const unsigned char *, int, void *))fp;
         break;
 
     case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
@@ -3306,69 +3308,69 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
             nid = EC_GROUP_get_curve_name(group);
             if (nid == NID_undef)
                 return 0;
-            return tls1_set_groups(&ctx->tlsext_supportedgroupslist,
-                                   &ctx->tlsext_supportedgroupslist_length,
+            return tls1_set_groups(&ctx->ext.supportedgroups,
+                                   &ctx->ext.supportedgroups_len,
                                    &nid, 1);
         }
         /* break; */
 #endif                          /* !OPENSSL_NO_EC */
     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
-        ctx->tlsext_servername_arg = parg;
+        ctx->ext.servername_arg = parg;
         break;
     case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
     case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
         {
             unsigned char *keys = parg;
-            long tlsext_tick_keylen = (sizeof(ctx->tlsext_tick_key_name) +
-                                       sizeof(ctx->tlsext_tick_hmac_key) +
-                                       sizeof(ctx->tlsext_tick_aes_key));
+            long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
+                                sizeof(ctx->ext.tick_hmac_key) +
+                                sizeof(ctx->ext.tick_aes_key));
             if (keys == NULL)
-                return tlsext_tick_keylen;
-            if (larg != tlsext_tick_keylen) {
+                return tick_keylen;
+            if (larg != tick_keylen) {
                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
                 return 0;
             }
             if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
-                memcpy(ctx->tlsext_tick_key_name, keys,
-                       sizeof(ctx->tlsext_tick_key_name));
-                memcpy(ctx->tlsext_tick_hmac_key,
-                       keys + sizeof(ctx->tlsext_tick_key_name),
-                       sizeof(ctx->tlsext_tick_hmac_key));
-                memcpy(ctx->tlsext_tick_aes_key,
-                       keys + sizeof(ctx->tlsext_tick_key_name) +
-                       sizeof(ctx->tlsext_tick_hmac_key),
-                       sizeof(ctx->tlsext_tick_aes_key));
+                memcpy(ctx->ext.tick_key_name, keys,
+                       sizeof(ctx->ext.tick_key_name));
+                memcpy(ctx->ext.tick_hmac_key,
+                       keys + sizeof(ctx->ext.tick_key_name),
+                       sizeof(ctx->ext.tick_hmac_key));
+                memcpy(ctx->ext.tick_aes_key,
+                       keys + sizeof(ctx->ext.tick_key_name) +
+                       sizeof(ctx->ext.tick_hmac_key),
+                       sizeof(ctx->ext.tick_aes_key));
             } else {
-                memcpy(keys, ctx->tlsext_tick_key_name,
-                       sizeof(ctx->tlsext_tick_key_name));
-                memcpy(keys + sizeof(ctx->tlsext_tick_key_name),
-                       ctx->tlsext_tick_hmac_key,
-                       sizeof(ctx->tlsext_tick_hmac_key));
-                memcpy(keys + sizeof(ctx->tlsext_tick_key_name) +
-                       sizeof(ctx->tlsext_tick_hmac_key),
-                       ctx->tlsext_tick_aes_key,
-                       sizeof(ctx->tlsext_tick_aes_key));
+                memcpy(keys, ctx->ext.tick_key_name,
+                       sizeof(ctx->ext.tick_key_name));
+                memcpy(keys + sizeof(ctx->ext.tick_key_name),
+                       ctx->ext.tick_hmac_key,
+                       sizeof(ctx->ext.tick_hmac_key));
+                memcpy(keys + sizeof(ctx->ext.tick_key_name) +
+                       sizeof(ctx->ext.tick_hmac_key),
+                       ctx->ext.tick_aes_key,
+                       sizeof(ctx->ext.tick_aes_key));
             }
             return 1;
         }
 
     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
-        return ctx->tlsext_status_type;
+        return ctx->ext.status_type;
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
-        ctx->tlsext_status_type = larg;
+        ctx->ext.status_type = larg;
         break;
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
-        ctx->tlsext_status_arg = parg;
+        ctx->ext.status_arg = parg;
         return 1;
 
     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
-        *(void**)parg = ctx->tlsext_status_arg;
+        *(void**)parg = ctx->ext.status_arg;
         break;
 
     case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
-        *(int (**)(SSL*, void*))parg = ctx->tlsext_status_cb;
+        *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
         break;
 
 #ifndef OPENSSL_NO_SRP
@@ -3404,13 +3406,13 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 
 #ifndef OPENSSL_NO_EC
     case SSL_CTRL_SET_GROUPS:
-        return tls1_set_groups(&ctx->tlsext_supportedgroupslist,
-                               &ctx->tlsext_supportedgroupslist_length,
+        return tls1_set_groups(&ctx->ext.supportedgroups,
+                               &ctx->ext.supportedgroups_len,
                                parg, larg);
 
     case SSL_CTRL_SET_GROUPS_LIST:
-        return tls1_set_groups_list(&ctx->tlsext_supportedgroupslist,
-                                    &ctx->tlsext_supportedgroupslist_length,
+        return tls1_set_groups_list(&ctx->ext.supportedgroups,
+                                    &ctx->ext.supportedgroups_len,
                                     parg);
 #endif
     case SSL_CTRL_SET_SIGALGS:
@@ -3502,15 +3504,15 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
         break;
 #endif
     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
-        ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
+        ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
         break;
 
     case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
-        ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
+        ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
         break;
 
     case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
-        ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
+        ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
                                              unsigned char *,
                                              EVP_CIPHER_CTX *,
                                              HMAC_CTX *, int))fp;
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index fd13f90..401aeb5 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -183,13 +183,13 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
     as.peer = in->peer;
 
     ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname,
-                      in->tlsext_hostname);
-    if (in->tlsext_tick) {
+                      in->ext.hostname);
+    if (in->ext.tick) {
         ssl_session_oinit(&as.tlsext_tick, &tlsext_tick,
-                          in->tlsext_tick, in->tlsext_ticklen);
+                          in->ext.tick, in->ext.ticklen);
     }
-    if (in->tlsext_tick_lifetime_hint > 0)
-        as.tlsext_tick_lifetime_hint = in->tlsext_tick_lifetime_hint;
+    if (in->ext.tick_lifetime_hint > 0)
+        as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint;
 #ifndef OPENSSL_NO_PSK
     ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint,
                       in->psk_identity_hint);
@@ -315,7 +315,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
     /* NB: this defaults to zero which is X509_V_OK */
     ret->verify_result = as->verify_result;
 
-    if (!ssl_session_strndup(&ret->tlsext_hostname, as->tlsext_hostname))
+    if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname))
         goto err;
 
 #ifndef OPENSSL_NO_PSK
@@ -325,13 +325,13 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
         goto err;
 #endif
 
-    ret->tlsext_tick_lifetime_hint = as->tlsext_tick_lifetime_hint;
+    ret->ext.tick_lifetime_hint = as->tlsext_tick_lifetime_hint;
     if (as->tlsext_tick) {
-        ret->tlsext_tick = as->tlsext_tick->data;
-        ret->tlsext_ticklen = as->tlsext_tick->length;
+        ret->ext.tick = as->tlsext_tick->data;
+        ret->ext.ticklen = as->tlsext_tick->length;
         as->tlsext_tick->data = NULL;
     } else {
-        ret->tlsext_tick = NULL;
+        ret->ext.tick = NULL;
     }
 #ifndef OPENSSL_NO_COMP
     if (as->comp_id) {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 65e3ba1..5887345 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -589,49 +589,46 @@ SSL *SSL_new(SSL_CTX *ctx)
 
     SSL_CTX_up_ref(ctx);
     s->ctx = ctx;
-    s->tlsext_debug_cb = 0;
-    s->tlsext_debug_arg = NULL;
-    s->tlsext_ticket_expected = 0;
-    s->tlsext_status_type = ctx->tlsext_status_type;
-    s->tlsext_status_expected = 0;
-    s->tlsext_ocsp_ids = NULL;
-    s->tlsext_ocsp_exts = NULL;
-    s->tlsext_ocsp_resp = NULL;
-    s->tlsext_ocsp_resplen = 0;
+    s->ext.debug_cb = 0;
+    s->ext.debug_arg = NULL;
+    s->ext.ticket_expected = 0;
+    s->ext.status_type = ctx->ext.status_type;
+    s->ext.status_expected = 0;
+    s->ext.ocsp.ids = NULL;
+    s->ext.ocsp.exts = NULL;
+    s->ext.ocsp.resp = NULL;
+    s->ext.ocsp.resp_len = 0;
     SSL_CTX_up_ref(ctx);
     s->initial_ctx = ctx;
 #ifndef OPENSSL_NO_EC
-    if (ctx->tlsext_ecpointformatlist) {
-        s->tlsext_ecpointformatlist =
-            OPENSSL_memdup(ctx->tlsext_ecpointformatlist,
-                           ctx->tlsext_ecpointformatlist_length);
-        if (!s->tlsext_ecpointformatlist)
+    if (ctx->ext.ecpointformats) {
+        s->ext.ecpointformats =
+            OPENSSL_memdup(ctx->ext.ecpointformats,
+                           ctx->ext.ecpointformats_len);
+        if (!s->ext.ecpointformats)
             goto err;
-        s->tlsext_ecpointformatlist_length =
-            ctx->tlsext_ecpointformatlist_length;
-    }
-    if (ctx->tlsext_supportedgroupslist) {
-        s->tlsext_supportedgroupslist =
-            OPENSSL_memdup(ctx->tlsext_supportedgroupslist,
-                           ctx->tlsext_supportedgroupslist_length);
-        if (!s->tlsext_supportedgroupslist)
+        s->ext.ecpointformats_len =
+            ctx->ext.ecpointformats_len;
+    }
+    if (ctx->ext.supportedgroups) {
+        s->ext.supportedgroups =
+            OPENSSL_memdup(ctx->ext.supportedgroups,
+                           ctx->ext.supportedgroups_len);
+        if (!s->ext.supportedgroups)
             goto err;
-        s->tlsext_supportedgroupslist_length =
-            ctx->tlsext_supportedgroupslist_length;
+        s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
     }
 #endif
 #ifndef OPENSSL_NO_NEXTPROTONEG
-    s->next_proto_negotiated = NULL;
+    s->ext.npn = NULL;
 #endif
 
-    if (s->ctx->alpn_client_proto_list) {
-        s->alpn_client_proto_list =
-            OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
-        if (s->alpn_client_proto_list == NULL)
+    if (s->ctx->ext.alpn) {
+        s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
+        if (s->ext.alpn == NULL)
             goto err;
-        memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
-               s->ctx->alpn_client_proto_list_len);
-        s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
+        memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
+        s->ext.alpn_len = s->ctx->ext.alpn_len;
     }
 
     s->verified_chain = NULL;
@@ -838,7 +835,7 @@ int SSL_dane_enable(SSL *s, const char *basedomain)
      * accepts them and disables host name checks.  To avoid side-effects with
      * invalid input, set the SNI name first.
      */
-    if (s->tlsext_hostname == NULL) {
+    if (s->ext.hostname == NULL) {
         if (!SSL_set_tlsext_host_name(s, basedomain)) {
             SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
             return -1;
@@ -997,22 +994,22 @@ void SSL_free(SSL *s)
     ssl_cert_free(s->cert);
     /* Free up if allocated */
 
-    OPENSSL_free(s->tlsext_hostname);
+    OPENSSL_free(s->ext.hostname);
     SSL_CTX_free(s->initial_ctx);
 #ifndef OPENSSL_NO_EC
-    OPENSSL_free(s->tlsext_ecpointformatlist);
-    OPENSSL_free(s->tlsext_supportedgroupslist);
+    OPENSSL_free(s->ext.ecpointformats);
+    OPENSSL_free(s->ext.supportedgroups);
 #endif                          /* OPENSSL_NO_EC */
-    sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
+    sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
 #ifndef OPENSSL_NO_OCSP
-    sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
+    sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
 #endif
 #ifndef OPENSSL_NO_CT
     SCT_LIST_free(s->scts);
-    OPENSSL_free(s->tlsext_scts);
+    OPENSSL_free(s->ext.scts);
 #endif
-    OPENSSL_free(s->tlsext_ocsp_resp);
-    OPENSSL_free(s->alpn_client_proto_list);
+    OPENSSL_free(s->ext.ocsp.resp);
+    OPENSSL_free(s->ext.alpn);
 
     sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
 
@@ -1028,7 +1025,7 @@ void SSL_free(SSL *s)
     ASYNC_WAIT_CTX_free(s->waitctx);
 
 #if !defined(OPENSSL_NO_NEXTPROTONEG)
-    OPENSSL_free(s->next_proto_negotiated);
+    OPENSSL_free(s->ext.npn);
 #endif
 
 #ifndef OPENSSL_NO_SRTP
@@ -2168,15 +2165,15 @@ const char *SSL_get_servername(const SSL *s, const int type)
     if (type != TLSEXT_NAMETYPE_host_name)
         return NULL;
 
-    return s->session && !s->tlsext_hostname ?
-        s->session->tlsext_hostname : s->tlsext_hostname;
+    return s->session && !s->ext.hostname ?
+        s->session->ext.hostname : s->ext.hostname;
 }
 
 int SSL_get_servername_type(const SSL *s)
 {
     if (s->session
-        && (!s->tlsext_hostname ? s->session->
-            tlsext_hostname : s->tlsext_hostname))
+        && (!s->ext.hostname ? s->session->
+            ext.hostname : s->ext.hostname))
         return TLSEXT_NAMETYPE_host_name;
     return -1;
 }
@@ -2251,16 +2248,16 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
 void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
                                     unsigned *len)
 {
-    *data = s->next_proto_negotiated;
+    *data = s->ext.npn;
     if (!*data) {
         *len = 0;
     } else {
-        *len = (unsigned int)s->next_proto_negotiated_len;
+        *len = (unsigned int)s->ext.npn_len;
     }
 }
 
 /*
- * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when
+ * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
  * a TLS server needs a list of supported protocols for Next Protocol
  * Negotiation. The returned list must be in wire format.  The list is
  * returned by setting |out| to point to it and |outlen| to its length. This
@@ -2269,15 +2266,12 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
  * wishes to advertise. Otherwise, no such extension will be included in the
  * ServerHello.
  */
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
-                                           int (*cb) (SSL *ssl,
-                                                      const unsigned char
-                                                      **out,
-                                                      unsigned int *outlen,
-                                                      void *arg), void *arg)
+void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
+                                   SSL_CTX_npn_advertised_cb_func cb,
+                                   void *arg)
 {
-    ctx->next_protos_advertised_cb = cb;
-    ctx->next_protos_advertised_cb_arg = arg;
+    ctx->ext.npn_advertised_cb = cb;
+    ctx->ext.npn_advertised_cb_arg = arg;
 }
 
 /*
@@ -2290,15 +2284,12 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
  * select a protocol. It is fatal to the connection if this callback returns
  * a value other than SSL_TLSEXT_ERR_OK.
  */
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
-                                      int (*cb) (SSL *s, unsigned char **out,
-                                                 unsigned char *outlen,
-                                                 const unsigned char *in,
-                                                 unsigned int inlen,
-                                                 void *arg), void *arg)
+void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
+                               SSL_CTX_npn_select_cb_func cb,
+                               void *arg)
 {
-    ctx->next_proto_select_cb = cb;
-    ctx->next_proto_select_cb_arg = arg;
+    ctx->ext.npn_select_cb = cb;
+    ctx->ext.npn_select_cb_arg = arg;
 }
 #endif
 
@@ -2310,13 +2301,13 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
                             unsigned int protos_len)
 {
-    OPENSSL_free(ctx->alpn_client_proto_list);
-    ctx->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len);
-    if (ctx->alpn_client_proto_list == NULL) {
+    OPENSSL_free(ctx->ext.alpn);
+    ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
+    if (ctx->ext.alpn == NULL) {
         SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
         return 1;
     }
-    ctx->alpn_client_proto_list_len = protos_len;
+    ctx->ext.alpn_len = protos_len;
 
     return 0;
 }
@@ -2329,13 +2320,13 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
 int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
                         unsigned int protos_len)
 {
-    OPENSSL_free(ssl->alpn_client_proto_list);
-    ssl->alpn_client_proto_list = OPENSSL_memdup(protos, protos_len);
-    if (ssl->alpn_client_proto_list == NULL) {
+    OPENSSL_free(ssl->ext.alpn);
+    ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
+    if (ssl->ext.alpn == NULL) {
         SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
         return 1;
     }
-    ssl->alpn_client_proto_list_len = protos_len;
+    ssl->ext.alpn_len = protos_len;
 
     return 0;
 }
@@ -2346,15 +2337,11 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
  * from the client's list of offered protocols.
  */
 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
-                                int (*cb) (SSL *ssl,
-                                           const unsigned char **out,
-                                           unsigned char *outlen,
-                                           const unsigned char *in,
-                                           unsigned int inlen,
-                                           void *arg), void *arg)
+                                SSL_CTX_alpn_select_cb_func cb,
+                                void *arg)
 {
-    ctx->alpn_select_cb = cb;
-    ctx->alpn_select_cb_arg = arg;
+    ctx->ext.alpn_select_cb = cb;
+    ctx->ext.alpn_select_cb_arg = arg;
 }
 
 /*
@@ -2513,12 +2500,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
     ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
 
     /* Setup RFC5077 ticket keys */
-    if ((RAND_bytes(ret->tlsext_tick_key_name,
-                    sizeof(ret->tlsext_tick_key_name)) <= 0)
-        || (RAND_bytes(ret->tlsext_tick_hmac_key,
-                       sizeof(ret->tlsext_tick_hmac_key)) <= 0)
-        || (RAND_bytes(ret->tlsext_tick_aes_key,
-                       sizeof(ret->tlsext_tick_aes_key)) <= 0))
+    if ((RAND_bytes(ret->ext.tick_key_name,
+                    sizeof(ret->ext.tick_key_name)) <= 0)
+        || (RAND_bytes(ret->ext.tick_hmac_key,
+                       sizeof(ret->ext.tick_hmac_key)) <= 0)
+        || (RAND_bytes(ret->ext.tick_aes_key,
+                       sizeof(ret->ext.tick_aes_key)) <= 0))
         ret->options |= SSL_OP_NO_TICKET;
 
 #ifndef OPENSSL_NO_SRP
@@ -2556,7 +2543,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
      */
     ret->options |= SSL_OP_NO_COMPRESSION;
 
-    ret->tlsext_status_type = TLSEXT_STATUSTYPE_nothing;
+    ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
 
     return ret;
  err:
@@ -2629,10 +2616,10 @@ void SSL_CTX_free(SSL_CTX *a)
 #endif
 
 #ifndef OPENSSL_NO_EC
-    OPENSSL_free(a->tlsext_ecpointformatlist);
-    OPENSSL_free(a->tlsext_supportedgroupslist);
+    OPENSSL_free(a->ext.ecpointformats);
+    OPENSSL_free(a->ext.supportedgroups);
 #endif
-    OPENSSL_free(a->alpn_client_proto_list);
+    OPENSSL_free(a->ext.alpn);
 
     CRYPTO_THREAD_lock_free(a->lock);
 
@@ -3728,46 +3715,22 @@ const char *SSL_get_psk_identity(const SSL *s)
     return (s->session->psk_identity);
 }
 
-void SSL_set_psk_client_callback(SSL *s,
-                                 unsigned int (*cb) (SSL *ssl,
-                                                     const char *hint,
-                                                     char *identity,
-                                                     unsigned int
-                                                     max_identity_len,
-                                                     unsigned char *psk,
-                                                     unsigned int max_psk_len))
+void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
 {
     s->psk_client_callback = cb;
 }
 
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
-                                     unsigned int (*cb) (SSL *ssl,
-                                                         const char *hint,
-                                                         char *identity,
-                                                         unsigned int
-                                                         max_identity_len,
-                                                         unsigned char *psk,
-                                                         unsigned int
-                                                         max_psk_len))
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
 {
     ctx->psk_client_callback = cb;
 }
 
-void SSL_set_psk_server_callback(SSL *s,
-                                 unsigned int (*cb) (SSL *ssl,
-                                                     const char *identity,
-                                                     unsigned char *psk,
-                                                     unsigned int max_psk_len))
+void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
 {
     s->psk_server_callback = cb;
 }
 
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
-                                     unsigned int (*cb) (SSL *ssl,
-                                                         const char *identity,
-                                                         unsigned char *psk,
-                                                         unsigned int
-                                                         max_psk_len))
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
 {
     ctx->psk_server_callback = cb;
 }
@@ -4040,9 +4003,9 @@ static int ct_extract_tls_extension_scts(SSL *s)
 {
     int scts_extracted = 0;
 
-    if (s->tlsext_scts != NULL) {
-        const unsigned char *p = s->tlsext_scts;
-        STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->tlsext_scts_len);
+    if (s->ext.scts != NULL) {
+        const unsigned char *p = s->ext.scts;
+        STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
 
         scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
 
@@ -4070,11 +4033,11 @@ static int ct_extract_ocsp_response_scts(SSL *s)
     STACK_OF(SCT) *scts = NULL;
     int i;
 
-    if (s->tlsext_ocsp_resp == NULL || s->tlsext_ocsp_resplen == 0)
+    if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
         goto err;
 
-    p = s->tlsext_ocsp_resp;
-    rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->tlsext_ocsp_resplen);
+    p = s->ext.ocsp.resp;
+    rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
     if (rsp == NULL)
         goto err;
 
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c1b331a..641438d 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -553,18 +553,21 @@ struct ssl_session_st {
      * implement a maximum cache size.
      */
     struct ssl_session_st *prev, *next;
-    char *tlsext_hostname;
+
+    struct {
+        char *hostname;
 # ifndef OPENSSL_NO_EC
-    size_t tlsext_ecpointformatlist_length;
-    unsigned char *tlsext_ecpointformatlist; /* peer's list */
-    size_t tlsext_supportedgroupslist_length;
-    unsigned char *tlsext_supportedgroupslist; /* peer's list */
+        size_t ecpointformats_len;
+        unsigned char *ecpointformats; /* peer's list */
+        size_t supportedgroups_len;
+        unsigned char *supportedgroups; /* peer's list */
 # endif                         /* OPENSSL_NO_EC */
     /* RFC4507 info */
-    unsigned char *tlsext_tick; /* Session ticket */
-    size_t tlsext_ticklen;      /* Session ticket length */
-    unsigned long tlsext_tick_lifetime_hint; /* Session lifetime hint in
-                                              * seconds */
+        unsigned char *tick; /* Session ticket */
+        size_t ticklen;      /* Session ticket length */
+        /* Session lifetime hint in seconds */
+        unsigned long tick_lifetime_hint;
+    } ext;
 # ifndef OPENSSL_NO_SRP
     char *srp_username;
 # endif
@@ -775,63 +778,40 @@ struct ssl_ctx_st {
     ENGINE *client_cert_engine;
 # endif
 
-    /* TLS extensions servername callback */
-    int (*tlsext_servername_callback) (SSL *, int *, void *);
-    void *tlsext_servername_arg;
-    /* RFC 4507 session ticket keys */
-    unsigned char tlsext_tick_key_name[TLSEXT_KEYNAME_LENGTH];
-    unsigned char tlsext_tick_hmac_key[32];
-    unsigned char tlsext_tick_aes_key[32];
-    /* Callback to support customisation of ticket key setting */
-    int (*tlsext_ticket_key_cb) (SSL *ssl,
-                                 unsigned char *name, unsigned char *iv,
-                                 EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
-
-    /* certificate status request info */
-    /* Callback for status request */
-    int (*tlsext_status_cb) (SSL *ssl, void *arg);
-    void *tlsext_status_arg;
-
-# ifndef OPENSSL_NO_PSK
-    unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
-                                         char *identity,
-                                         unsigned int max_identity_len,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
-    unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
-# endif
+    /* TLS extensions. */
+    struct {
+        /* TLS extensions servername callback */
+        int (*servername_cb) (SSL *, int *, void *);
+        void *servername_arg;
+        /* RFC 4507 session ticket keys */
+        unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH];
+        unsigned char tick_hmac_key[32];
+        unsigned char tick_aes_key[32];
+        /* Callback to support customisation of ticket key setting */
+        int (*ticket_key_cb) (SSL *ssl,
+                              unsigned char *name, unsigned char *iv,
+                              EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
+
+        /* certificate status request info */
+        /* Callback for status request */
+        int (*status_cb) (SSL *ssl, void *arg);
+        void *status_arg;
+        /* ext status type used for CSR extension (OCSP Stapling) */
+        int status_type;
 
-# ifndef OPENSSL_NO_SRP
-    SRP_CTX srp_ctx;            /* ctx for SRP authentication */
-# endif
+# ifndef OPENSSL_NO_EC
+        /* EC extension values inherited by SSL structure */
+        size_t ecpointformats_len;
+        unsigned char *ecpointformats;
+        size_t supportedgroups_len;
+        unsigned char *supportedgroups;
+# endif                         /* OPENSSL_NO_EC */
 
 # ifndef OPENSSL_NO_NEXTPROTONEG
-    /* Next protocol negotiation information */
-
-    /*
-     * For a server, this contains a callback function by which the set of
-     * advertised protocols can be provided.
-     */
-    int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf,
-                                      unsigned int *len, void *arg);
-    void *next_protos_advertised_cb_arg;
-    /*
-     * For a client, this contains a callback function that selects the next
-     * protocol from the list provided by the server.
-     */
-    int (*next_proto_select_cb) (SSL *s, unsigned char **out,
-                                 unsigned char *outlen,
-                                 const unsigned char *in,
-                                 unsigned int inlen, void *arg);
-    void *next_proto_select_cb_arg;
-# endif
-
-    /*
-     * ALPN information (we are in the process of transitioning from NPN to
-     * ALPN.)
-     */
+        /*
+         * ALPN information (we are in the process of transitioning from NPN to
+         * ALPN.)
+         */
 
         /*-
          * For a server, this contains a callback function that allows the
@@ -843,19 +823,45 @@ struct ssl_ctx_st {
          *       wire-format.
          *   inlen: the length of |in|.
          */
-    int (*alpn_select_cb) (SSL *s,
-                           const unsigned char **out,
-                           unsigned char *outlen,
-                           const unsigned char *in,
-                           unsigned int inlen, void *arg);
-    void *alpn_select_cb_arg;
+        int (*alpn_select_cb) (SSL *s,
+                               const unsigned char **out,
+                               unsigned char *outlen,
+                               const unsigned char *in,
+                               unsigned int inlen, void *arg);
+        void *alpn_select_cb_arg;
 
-    /*
-     * For a client, this contains the list of supported protocols in wire
-     * format.
-     */
-    unsigned char *alpn_client_proto_list;
-    size_t alpn_client_proto_list_len;
+        /*
+         * For a client, this contains the list of supported protocols in wire
+         * format.
+         */
+        unsigned char *alpn;
+        size_t alpn_len;
+
+        /* Next protocol negotiation information */
+
+        /*
+         * For a server, this contains a callback function by which the set of
+         * advertised protocols can be provided.
+         */
+        SSL_CTX_npn_advertised_cb_func npn_advertised_cb;
+        void *npn_advertised_cb_arg;
+        /*
+         * For a client, this contains a callback function that selects the next
+         * protocol from the list provided by the server.
+         */
+        SSL_CTX_npn_select_cb_func npn_select_cb;
+        void *npn_select_cb_arg;
+# endif
+    } ext;
+
+# ifndef OPENSSL_NO_PSK
+    SSL_psk_client_cb_func psk_client_callback;
+    SSL_psk_server_cb_func psk_server_callback;
+# endif
+
+# ifndef OPENSSL_NO_SRP
+    SRP_CTX srp_ctx;            /* ctx for SRP authentication */
+# endif
 
     /* Shared DANE context */
     struct dane_ctx_st dane;
@@ -867,16 +873,6 @@ struct ssl_ctx_st {
      * basis, depending on the chosen cipher.
      */
     int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
-# ifndef OPENSSL_NO_EC
-    /* EC extension values inherited by SSL structure */
-    size_t tlsext_ecpointformatlist_length;
-    unsigned char *tlsext_ecpointformatlist;
-    size_t tlsext_supportedgroupslist_length;
-    unsigned char *tlsext_supportedgroupslist;
-# endif                         /* OPENSSL_NO_EC */
-
-    /* ext status type used for CSR extension (OCSP Stapling) */
-    int tlsext_status_type;
 
     CRYPTO_RWLOCK *lock;
 };
@@ -996,14 +992,8 @@ struct ssl_st {
     /* actual code */
     int error_code;
 # ifndef OPENSSL_NO_PSK
-    unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
-                                         char *identity,
-                                         unsigned int max_identity_len,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
-    unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
+    SSL_psk_client_cb_func psk_client_callback;
+    SSL_psk_server_cb_func psk_server_callback;
 # endif
     SSL_CTX *ctx;
     /* Verified chain of peer */
@@ -1039,11 +1029,67 @@ struct ssl_st {
     size_t max_send_fragment;
     /* Up to how many pipelines should we use? If 0 then 1 is assumed */
     size_t max_pipelines;
-    /* TLS extension debug callback */
-    void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
-                             const unsigned char *data, int len, void *arg);
-    void *tlsext_debug_arg;
-    char *tlsext_hostname;
+
+    struct {
+        /* TLS extension debug callback */
+        void (*debug_cb)(SSL *s, int client_server, int type,
+                         const unsigned char *data, int len, void *arg);
+        void *debug_arg;
+        char *hostname;
+        /* certificate status request info */
+        /* Status type or -1 if no status type */
+        int status_type;
+        /* Raw extension data, if seen */
+        unsigned char *scts;
+        /* Length of raw extension data, if seen */
+        uint16_t scts_len;
+        /* Expect OCSP CertificateStatus message */
+        int status_expected;
+
+        struct {
+            /* OCSP status request only */
+            STACK_OF(OCSP_RESPID) *ids;
+            X509_EXTENSIONS *exts;
+            /* OCSP response received or to be sent */
+            unsigned char *resp;
+            size_t resp_len;
+        } ocsp;
+
+        /* RFC4507 session ticket expected to be received or sent */
+        int ticket_expected;
+# ifndef OPENSSL_NO_EC
+        size_t ecpointformats_len;
+        /* our list */
+        unsigned char *ecpointformats;
+        size_t supportedgroups_len;
+        /* our list */
+        unsigned char *supportedgroups;
+# endif                         /* OPENSSL_NO_EC */
+        /* TLS Session Ticket extension override */
+        TLS_SESSION_TICKET_EXT *session_ticket;
+        /* TLS Session Ticket extension callback */
+        tls_session_ticket_ext_cb_fn session_ticket_cb;
+        void *session_ticket_cb_arg;
+        /* TLS pre-shared secret session resumption */
+        tls_session_secret_cb_fn session_secret_cb;
+        void *session_secret_cb_arg;
+        /*
+         * For a client, this contains the list of supported protocols in wire
+         * format.
+         */
+        unsigned char *alpn;
+        size_t alpn_len;
+        /*
+         * Next protocol negotiation. For the client, this is the protocol that
+         * we sent in NextProtocol and is set when handling ServerHello
+         * extensions. For a server, this is the client's selected_protocol from
+         * NextProtocol and is set when handling the NextProtocol message, before
+         * the Finished message.
+         */
+        unsigned char *npn;
+        size_t npn_len;
+    } ext;
+
     /*-
      * no further mod of servername
      * 0 : call the servername extension callback.
@@ -1051,9 +1097,6 @@ struct ssl_st {
      * 2 : don't call servername callback, no ack in server hello
      */
     int servername_done;
-    /* certificate status request info */
-    /* Status type or -1 if no status type */
-    int tlsext_status_type;
 # ifndef OPENSSL_NO_CT
     /*
      * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
@@ -1067,62 +1110,17 @@ struct ssl_st {
      * Lazily populated by CT_get_peer_scts(SSL*)
      */
     STACK_OF(SCT) *scts;
-    /* Raw extension data, if seen */
-    unsigned char *tlsext_scts;
-    /* Length of raw extension data, if seen */
-    uint16_t tlsext_scts_len;
     /* Have we attempted to find/parse SCTs yet? */
     int scts_parsed;
 # endif
-    /* Expect OCSP CertificateStatus message */
-    int tlsext_status_expected;
-    /* OCSP status request only */
-    STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
-    X509_EXTENSIONS *tlsext_ocsp_exts;
-    /* OCSP response received or to be sent */
-    unsigned char *tlsext_ocsp_resp;
-    size_t tlsext_ocsp_resplen;
-    /* RFC4507 session ticket expected to be received or sent */
-    int tlsext_ticket_expected;
-# ifndef OPENSSL_NO_EC
-    size_t tlsext_ecpointformatlist_length;
-    /* our list */
-    unsigned char *tlsext_ecpointformatlist;
-    size_t tlsext_supportedgroupslist_length;
-    /* our list */
-    unsigned char *tlsext_supportedgroupslist;
-# endif                         /* OPENSSL_NO_EC */
-    /* TLS Session Ticket extension override */
-    TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
-    /* TLS Session Ticket extension callback */
-    tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
-    void *tls_session_ticket_ext_cb_arg;
-    /* TLS pre-shared secret session resumption */
-    tls_session_secret_cb_fn tls_session_secret_cb;
-    void *tls_session_secret_cb_arg;
     SSL_CTX *initial_ctx;       /* initial ctx, used to store sessions */
 # ifndef OPENSSL_NO_NEXTPROTONEG
-    /*
-     * Next protocol negotiation. For the client, this is the protocol that
-     * we sent in NextProtocol and is set when handling ServerHello
-     * extensions. For a server, this is the client's selected_protocol from
-     * NextProtocol and is set when handling the NextProtocol message, before
-     * the Finished message.
-     */
-    unsigned char *next_proto_negotiated;
-    size_t next_proto_negotiated_len;
 # endif
 # define session_ctx initial_ctx
     /* What we'll do */
     STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
     /* What's been chosen */
     SRTP_PROTECTION_PROFILE *srtp_profile;
-    /*
-     * For a client, this contains the list of supported protocols in wire
-     * format.
-     */
-    unsigned char *alpn_client_proto_list;
-    size_t alpn_client_proto_list_len;
     /*-
      * 1 if we are renegotiating.
      * 2 if we are a server and are inside a handshake
@@ -1277,7 +1275,7 @@ typedef struct ssl3_state_st {
     /*
      * Set if we saw the Next Protocol Negotiation extension from our peer.
      */
-    int next_proto_neg_seen;
+    int npn_seen;
 # endif
 
     /*
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index c9a9e23..0ea7438 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -129,12 +129,12 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
     dest->psk_identity = NULL;
 #endif
     dest->ciphers = NULL;
-    dest->tlsext_hostname = NULL;
+    dest->ext.hostname = NULL;
 #ifndef OPENSSL_NO_EC
-    dest->tlsext_ecpointformatlist = NULL;
-    dest->tlsext_supportedgroupslist = NULL;
+    dest->ext.ecpointformats = NULL;
+    dest->ext.supportedgroups = NULL;
 #endif
-    dest->tlsext_tick = NULL;
+    dest->ext.tick = NULL;
 #ifndef OPENSSL_NO_SRP
     dest->srp_username = NULL;
 #endif
@@ -184,37 +184,37 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
         goto err;
     }
 
-    if (src->tlsext_hostname) {
-        dest->tlsext_hostname = OPENSSL_strdup(src->tlsext_hostname);
-        if (dest->tlsext_hostname == NULL) {
+    if (src->ext.hostname) {
+        dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
+        if (dest->ext.hostname == NULL) {
             goto err;
         }
     }
 #ifndef OPENSSL_NO_EC
-    if (src->tlsext_ecpointformatlist) {
-        dest->tlsext_ecpointformatlist =
-            OPENSSL_memdup(src->tlsext_ecpointformatlist,
-                           src->tlsext_ecpointformatlist_length);
-        if (dest->tlsext_ecpointformatlist == NULL)
+    if (src->ext.ecpointformats) {
+        dest->ext.ecpointformats =
+            OPENSSL_memdup(src->ext.ecpointformats,
+                           src->ext.ecpointformats_len);
+        if (dest->ext.ecpointformats == NULL)
             goto err;
     }
-    if (src->tlsext_supportedgroupslist) {
-        dest->tlsext_supportedgroupslist =
-            OPENSSL_memdup(src->tlsext_supportedgroupslist,
-                           src->tlsext_supportedgroupslist_length);
-        if (dest->tlsext_supportedgroupslist == NULL)
+    if (src->ext.supportedgroups) {
+        dest->ext.supportedgroups =
+            OPENSSL_memdup(src->ext.supportedgroups,
+                           src->ext.supportedgroups_len);
+        if (dest->ext.supportedgroups == NULL)
             goto err;
     }
 #endif
 
     if (ticket != 0) {
-        dest->tlsext_tick =
-            OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen);
-        if (dest->tlsext_tick == NULL)
+        dest->ext.tick =
+            OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
+        if (dest->ext.tick == NULL)
             goto err;
     } else {
-        dest->tlsext_tick_lifetime_hint = 0;
-        dest->tlsext_ticklen = 0;
+        dest->ext.tick_lifetime_hint = 0;
+        dest->ext.ticklen = 0;
     }
 
 #ifndef OPENSSL_NO_SRP
@@ -353,7 +353,7 @@ int ssl_get_new_session(SSL *s, int session)
          *     ServerHello extensions, and before recording the session
          *     ID received from the server, so this block is a noop.
          */
-        if (s->tlsext_ticket_expected) {
+        if (s->ext.ticket_expected) {
             ss->session_id_length = 0;
             goto sess_id_done;
         }
@@ -398,9 +398,9 @@ int ssl_get_new_session(SSL *s, int session)
         }
 
  sess_id_done:
-        if (s->tlsext_hostname) {
-            ss->tlsext_hostname = OPENSSL_strdup(s->tlsext_hostname);
-            if (ss->tlsext_hostname == NULL) {
+        if (s->ext.hostname) {
+            ss->ext.hostname = OPENSSL_strdup(s->ext.hostname);
+            if (ss->ext.hostname == NULL) {
                 SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
                 SSL_SESSION_free(ss);
                 return 0;
@@ -441,7 +441,7 @@ int ssl_get_new_session(SSL *s, int session)
  * Side effects:
  *   - If a session is found then s->session is pointed at it (after freeing an
  *     existing session if need be) and s->verify_result is set from the session.
- *   - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1
+ *   - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
  *     if the server should issue a new session ticket (to 0 otherwise).
  */
 int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
@@ -456,7 +456,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
     if (hello->session_id_len == 0)
         try_session_cache = 0;
 
-    /* sets s->tlsext_ticket_expected */
+    /* sets s->ext.ticket_expected */
     r = tls_get_ticket_from_client(s, hello, &ret);
     switch (r) {
     case -1:                   /* Error during processing */
@@ -635,7 +635,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
              * The session was from a ticket, so we should issue a ticket for
              * the new session
              */
-            s->tlsext_ticket_expected = 1;
+            s->ext.ticket_expected = 1;
         }
     }
     if (fatal)
@@ -765,13 +765,15 @@ void SSL_SESSION_free(SSL_SESSION *ss)
     X509_free(ss->peer);
     sk_X509_pop_free(ss->peer_chain, X509_free);
     sk_SSL_CIPHER_free(ss->ciphers);
-    OPENSSL_free(ss->tlsext_hostname);
-    OPENSSL_free(ss->tlsext_tick);
+    OPENSSL_free(ss->ext.hostname);
+    OPENSSL_free(ss->ext.tick);
 #ifndef OPENSSL_NO_EC
-    ss->tlsext_ecpointformatlist_length = 0;
-    OPENSSL_free(ss->tlsext_ecpointformatlist);
-    ss->tlsext_supportedgroupslist_length = 0;
-    OPENSSL_free(ss->tlsext_supportedgroupslist);
+    OPENSSL_free(ss->ext.ecpointformats);
+    ss->ext.ecpointformats = NULL;
+    ss->ext.ecpointformats_len = 0;
+    OPENSSL_free(ss->ext.supportedgroups);
+    ss->ext.supportedgroups = NULL;
+    ss->ext.supportedgroups_len = 0;
 #endif                          /* OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_PSK
     OPENSSL_free(ss->psk_identity_hint);
@@ -869,25 +871,25 @@ const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
 
 const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
 {
-    return s->tlsext_hostname;
+    return s->ext.hostname;
 }
 
 int SSL_SESSION_has_ticket(const SSL_SESSION *s)
 {
-    return (s->tlsext_ticklen > 0) ? 1 : 0;
+    return (s->ext.ticklen > 0) ? 1 : 0;
 }
 
 unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
 {
-    return s->tlsext_tick_lifetime_hint;
+    return s->ext.tick_lifetime_hint;
 }
 
 void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
                              size_t *len)
 {
-    *len = s->tlsext_ticklen;
+    *len = s->ext.ticklen;
     if (tick != NULL)
-        *tick = s->tlsext_tick;
+        *tick = s->ext.tick;
 }
 
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
@@ -927,20 +929,13 @@ long SSL_CTX_get_timeout(const SSL_CTX *s)
 }
 
 int SSL_set_session_secret_cb(SSL *s,
-                              int (*tls_session_secret_cb) (SSL *s,
-                                                            void *secret,
-                                                            int *secret_len,
-                                                            STACK_OF(SSL_CIPHER)
-                                                            *peer_ciphers,
-                                                            const SSL_CIPHER
-                                                            **cipher,
-                                                            void *arg),
+                              tls_session_secret_cb_fn tls_session_secret_cb,
                               void *arg)
 {
     if (s == NULL)
         return (0);
-    s->tls_session_secret_cb = tls_session_secret_cb;
-    s->tls_session_secret_cb_arg = arg;
+    s->ext.session_secret_cb = tls_session_secret_cb;
+    s->ext.session_secret_cb_arg = arg;
     return (1);
 }
 
@@ -949,30 +944,30 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
 {
     if (s == NULL)
         return (0);
-    s->tls_session_ticket_ext_cb = cb;
-    s->tls_session_ticket_ext_cb_arg = arg;
+    s->ext.session_ticket_cb = cb;
+    s->ext.session_ticket_cb_arg = arg;
     return (1);
 }
 
 int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
 {
     if (s->version >= TLS1_VERSION) {
-        OPENSSL_free(s->tlsext_session_ticket);
-        s->tlsext_session_ticket = NULL;
-        s->tlsext_session_ticket =
+        OPENSSL_free(s->ext.session_ticket);
+        s->ext.session_ticket = NULL;
+        s->ext.session_ticket =
             OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
-        if (s->tlsext_session_ticket == NULL) {
+        if (s->ext.session_ticket == NULL) {
             SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
             return 0;
         }
 
-        if (ext_data) {
-            s->tlsext_session_ticket->length = ext_len;
-            s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
-            memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
+        if (ext_data != NULL) {
+            s->ext.session_ticket->length = ext_len;
+            s->ext.session_ticket->data = s->ext.session_ticket + 1;
+            memcpy(s->ext.session_ticket->data, ext_data, ext_len);
         } else {
-            s->tlsext_session_ticket->length = 0;
-            s->tlsext_session_ticket->data = NULL;
+            s->ext.session_ticket->length = 0;
+            s->ext.session_ticket->data = NULL;
         }
 
         return 1;
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index 06ea646..7d4a4fd 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -119,18 +119,18 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
     if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0)
         goto err;
 #endif
-    if (x->tlsext_tick_lifetime_hint) {
+    if (x->ext.tick_lifetime_hint) {
         if (BIO_printf(bp,
                        "\n    TLS session ticket lifetime hint: %ld (seconds)",
-                       x->tlsext_tick_lifetime_hint) <= 0)
+                       x->ext.tick_lifetime_hint) <= 0)
             goto err;
     }
-    if (x->tlsext_tick) {
+    if (x->ext.tick) {
         if (BIO_puts(bp, "\n    TLS session ticket:\n") <= 0)
             goto err;
         /* TODO(size_t): Convert this call */
         if (BIO_dump_indent
-            (bp, (const char *)x->tlsext_tick, (int)x->tlsext_ticklen, 4)
+            (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4)
             <= 0)
             goto err;
     }
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 0c65525..a68dd48 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -457,11 +457,11 @@ int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
     if (!currext->present)
         return 1;
 
-    if (s->tlsext_debug_cb)
-        s->tlsext_debug_cb(s, !s->server, currext->type,
-                           PACKET_data(&currext->data),
-                           PACKET_remaining(&currext->data),
-                           s->tlsext_debug_arg);
+    if (s->ext.debug_cb)
+        s->ext.debug_cb(s, !s->server, currext->type,
+                        PACKET_data(&currext->data),
+                        PACKET_remaining(&currext->data),
+                        s->ext.debug_arg);
 
     /* Skip if we've already parsed this extension */
     if (currext->parsed)
@@ -714,13 +714,13 @@ static int final_server_name(SSL *s, unsigned int context, int sent,
     int ret = SSL_TLSEXT_ERR_NOACK;
     int altmp = SSL_AD_UNRECOGNIZED_NAME;
 
-    if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
-        ret = s->ctx->tlsext_servername_callback(s, &altmp,
-                                                 s->ctx->tlsext_servername_arg);
+    if (s->ctx != NULL && s->ctx->ext.servername_cb != 0)
+        ret = s->ctx->ext.servername_cb(s, &altmp,
+                                        s->ctx->ext.servername_arg);
     else if (s->initial_ctx != NULL
-             && s->initial_ctx->tlsext_servername_callback != 0)
-        ret = s->initial_ctx->tlsext_servername_callback(s, &altmp,
-                                       s->initial_ctx->tlsext_servername_arg);
+             && s->initial_ctx->ext.servername_cb != 0)
+        ret = s->initial_ctx->ext.servername_cb(s, &altmp,
+                                       s->initial_ctx->ext.servername_arg);
 
     switch (ret) {
     case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -757,20 +757,20 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent,
      * suite, then if server returns an EC point formats lists extension it
      * must contain uncompressed.
      */
-    if (s->tlsext_ecpointformatlist != NULL
-            && s->tlsext_ecpointformatlist_length > 0
-            && s->session->tlsext_ecpointformatlist != NULL
-            && s->session->tlsext_ecpointformatlist_length > 0
+    if (s->ext.ecpointformats != NULL
+            && s->ext.ecpointformats_len > 0
+            && s->session->ext.ecpointformats != NULL
+            && s->session->ext.ecpointformats_len > 0
             && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
         /* we are using an ECC cipher */
         size_t i;
-        unsigned char *list = s->session->tlsext_ecpointformatlist;
+        unsigned char *list = s->session->ext.ecpointformats;
 
-        for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) {
+        for (i = 0; i < s->session->ext.ecpointformats_len; i++) {
             if (*list++ == TLSEXT_ECPOINTFORMAT_uncompressed)
                 break;
         }
-        if (i == s->session->tlsext_ecpointformatlist_length) {
+        if (i == s->session->ext.ecpointformats_len) {
             SSLerr(SSL_F_FINAL_EC_PT_FORMATS,
                    SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
             return 0;
@@ -784,7 +784,7 @@ static int final_ec_pt_formats(SSL *s, unsigned int context, int sent,
 static int init_session_ticket(SSL *s, unsigned int context)
 {
     if (!s->server)
-        s->tlsext_ticket_expected = 0;
+        s->ext.ticket_expected = 0;
 
     return 1;
 }
@@ -793,15 +793,15 @@ static int init_session_ticket(SSL *s, unsigned int context)
 static int init_status_request(SSL *s, unsigned int context)
 {
     if (s->server) {
-        s->tlsext_status_type = TLSEXT_STATUSTYPE_nothing;
+        s->ext.status_type = TLSEXT_STATUSTYPE_nothing;
     } else {
         /*
          * Ensure we get sensible values passed to tlsext_status_cb in the event
          * that we don't receive a status message
          */
-        OPENSSL_free(s->tlsext_ocsp_resp);
-        s->tlsext_ocsp_resp = NULL;
-        s->tlsext_ocsp_resplen = 0;
+        OPENSSL_free(s->ext.ocsp.resp);
+        s->ext.ocsp.resp = NULL;
+        s->ext.ocsp.resp_len = 0;
     }
 
     return 1;
@@ -811,7 +811,7 @@ static int init_status_request(SSL *s, unsigned int context)
 #ifndef OPENSSL_NO_NEXTPROTONEG
 static int init_npn(SSL *s, unsigned int context)
 {
-    s->s3->next_proto_neg_seen = 0;
+    s->s3->npn_seen = 0;
 
     return 1;
 }
@@ -838,11 +838,11 @@ static int final_alpn(SSL *s, unsigned int context, int sent, int *al)
     if (!s->server)
         return 1;
 
-    if (s->ctx->alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {
-        int r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
-                                       s->s3->alpn_proposed,
-                                       (unsigned int)s->s3->alpn_proposed_len,
-                                       s->ctx->alpn_select_cb_arg);
+    if (s->ctx->ext.alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {
+        int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len,
+                                           s->s3->alpn_proposed,
+                                           (unsigned int)s->s3->alpn_proposed_len,
+                                           s->ctx->ext.alpn_select_cb_arg);
 
         if (r == SSL_TLSEXT_ERR_OK) {
             OPENSSL_free(s->s3->alpn_selected);
@@ -854,7 +854,7 @@ static int final_alpn(SSL *s, unsigned int context, int sent, int *al)
             s->s3->alpn_selected_len = selected_len;
 #ifndef OPENSSL_NO_NEXTPROTONEG
             /* ALPN takes precedence over NPN. */
-            s->s3->next_proto_neg_seen = 0;
+            s->s3->npn_seen = 0;
 #endif
         } else {
             *al = SSL_AD_NO_APPLICATION_PROTOCOL;
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 277e062..be0c979 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -34,7 +34,7 @@ int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, X509 *x,
 int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x,
                                    size_t chainidx, int *al)
 {
-    if (s->tlsext_hostname == NULL)
+    if (s->ext.hostname == NULL)
         return 1;
 
     /* Add TLS extension servername to the Client Hello message */
@@ -44,8 +44,8 @@ int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x,
                /* Sub-packet for servername list (always 1 hostname)*/
             || !WPACKET_start_sub_packet_u16(pkt)
             || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name)
-            || !WPACKET_sub_memcpy_u16(pkt, s->tlsext_hostname,
-                                       strlen(s->tlsext_hostname))
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname,
+                                       strlen(s->ext.hostname))
             || !WPACKET_close(pkt)
             || !WPACKET_close(pkt)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME, ERR_R_INTERNAL_ERROR);
@@ -145,7 +145,7 @@ int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, X509 *x,
      * Add TLS extension supported_groups to the ClientHello message
      */
     /* TODO(TLS1.3): Add support for DHE groups */
-    pcurves = s->tlsext_supportedgroupslist;
+    pcurves = s->ext.supportedgroups;
     if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
                ERR_R_INTERNAL_ERROR);
@@ -191,30 +191,30 @@ int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
         return 1;
 
     if (!s->new_session && s->session != NULL
-            && s->session->tlsext_tick != NULL) {
-        ticklen = s->session->tlsext_ticklen;
-    } else if (s->session && s->tlsext_session_ticket != NULL
-               && s->tlsext_session_ticket->data != NULL) {
-        ticklen = s->tlsext_session_ticket->length;
-        s->session->tlsext_tick = OPENSSL_malloc(ticklen);
-        if (s->session->tlsext_tick == NULL) {
+            && s->session->ext.tick != NULL) {
+        ticklen = s->session->ext.ticklen;
+    } else if (s->session && s->ext.session_ticket != NULL
+               && s->ext.session_ticket->data != NULL) {
+        ticklen = s->ext.session_ticket->length;
+        s->session->ext.tick = OPENSSL_malloc(ticklen);
+        if (s->session->ext.tick == NULL) {
             SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET,
                    ERR_R_INTERNAL_ERROR);
             return 0;
         }
-        memcpy(s->session->tlsext_tick,
-               s->tlsext_session_ticket->data, ticklen);
-        s->session->tlsext_ticklen = ticklen;
+        memcpy(s->session->ext.tick,
+               s->ext.session_ticket->data, ticklen);
+        s->session->ext.ticklen = ticklen;
     } else {
         ticklen = 0;
     }
 
-    if (ticklen == 0 && s->tlsext_session_ticket != NULL &&
-            s->tlsext_session_ticket->data == NULL)
+    if (ticklen == 0 && s->ext.session_ticket != NULL &&
+            s->ext.session_ticket->data == NULL)
         return 1;
 
     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
-            || !WPACKET_sub_memcpy_u16(pkt, s->session->tlsext_tick, ticklen)) {
+            || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
         return 0;
     }
@@ -257,7 +257,7 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x,
     if (x != NULL)
         return 1;
 
-    if (s->tlsext_status_type != TLSEXT_STATUSTYPE_ocsp)
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp)
         return 1;
 
     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
@@ -269,9 +269,9 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x,
         SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
         return 0;
     }
-    for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
+    for (i = 0; i < sk_OCSP_RESPID_num(s->ext.ocsp.ids); i++) {
         unsigned char *idbytes;
-        OCSP_RESPID *id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
+        OCSP_RESPID *id = sk_OCSP_RESPID_value(s->ext.ocsp.ids, i);
         int idlen = i2d_OCSP_RESPID(id, NULL);
 
         if (idlen <= 0
@@ -288,9 +288,9 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x,
         SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
         return 0;
     }
-    if (s->tlsext_ocsp_exts) {
+    if (s->ext.ocsp.exts) {
         unsigned char *extbytes;
-        int extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
+        int extlen = i2d_X509_EXTENSIONS(s->ext.ocsp.exts, NULL);
 
         if (extlen < 0) {
             SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
@@ -298,7 +298,7 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x,
             return 0;
         }
         if (!WPACKET_allocate_bytes(pkt, extlen, &extbytes)
-                || i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &extbytes)
+                || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes)
                    != extlen) {
             SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
                    ERR_R_INTERNAL_ERROR);
@@ -318,7 +318,7 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x,
 int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
                            int *al)
 {
-    if (s->ctx->next_proto_select_cb == NULL || s->s3->tmp.finish_md_len != 0)
+    if (s->ctx->ext.npn_select_cb == NULL || s->s3->tmp.finish_md_len != 0)
         return 1;
 
     /*
@@ -344,15 +344,14 @@ int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
      * finish_md_len is non-zero during a renegotiation, so
      * this avoids sending ALPN during the renegotiation
      */
-    if (s->alpn_client_proto_list == NULL || s->s3->tmp.finish_md_len != 0)
+    if (s->ext.alpn == NULL || s->s3->tmp.finish_md_len != 0)
         return 1;
 
     if (!WPACKET_put_bytes_u16(pkt,
                 TLSEXT_TYPE_application_layer_protocol_negotiation)
                /* Sub-packet ALPN extension */
             || !WPACKET_start_sub_packet_u16(pkt)
-            || !WPACKET_sub_memcpy_u16(pkt, s->alpn_client_proto_list,
-                                       s->alpn_client_proto_list_len)
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len)
             || !WPACKET_close(pkt)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_ALPN, ERR_R_INTERNAL_ERROR);
         return 0;
@@ -516,7 +515,7 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
         return 0;
     }
 
-    pcurves = s->tlsext_supportedgroupslist;
+    pcurves = s->ext.supportedgroups;
     if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
         return 0;
@@ -698,18 +697,18 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
 int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
                                int *al)
 {
-    if (s->tlsext_hostname == NULL || PACKET_remaining(pkt) > 0) {
+    if (s->ext.hostname == NULL || PACKET_remaining(pkt) > 0) {
         *al = SSL_AD_UNRECOGNIZED_NAME;
         return 0;
     }
 
     if (!s->hit) {
-        if (s->session->tlsext_hostname != NULL) {
+        if (s->session->ext.hostname != NULL) {
             *al = SSL_AD_INTERNAL_ERROR;
             return 0;
         }
-        s->session->tlsext_hostname = OPENSSL_strdup(s->tlsext_hostname);
-        if (s->session->tlsext_hostname == NULL) {
+        s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
+        if (s->session->ext.hostname == NULL) {
             *al = SSL_AD_INTERNAL_ERROR;
             return 0;
         }
@@ -722,7 +721,7 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
 int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
                                  int *al)
 {
-    unsigned int ecpointformatlist_length;
+    unsigned int ecpointformats_len;
     PACKET ecptformatlist;
 
     if (!PACKET_as_length_prefixed_1(pkt, &ecptformatlist)) {
@@ -730,22 +729,21 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
         return 0;
     }
     if (!s->hit) {
-        ecpointformatlist_length = PACKET_remaining(&ecptformatlist);
-        s->session->tlsext_ecpointformatlist_length = 0;
+        ecpointformats_len = PACKET_remaining(&ecptformatlist);
+        s->session->ext.ecpointformats_len = 0;
 
-        OPENSSL_free(s->session->tlsext_ecpointformatlist);
-        s->session->tlsext_ecpointformatlist =
-             OPENSSL_malloc(ecpointformatlist_length);
-        if (s->session->tlsext_ecpointformatlist == NULL) {
+        OPENSSL_free(s->session->ext.ecpointformats);
+        s->session->ext.ecpointformats = OPENSSL_malloc(ecpointformats_len);
+        if (s->session->ext.ecpointformats == NULL) {
             *al = SSL_AD_INTERNAL_ERROR;
             return 0;
         }
 
-        s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
+        s->session->ext.ecpointformats_len = ecpointformats_len;
 
         if (!PACKET_copy_bytes(&ecptformatlist,
-                               s->session->tlsext_ecpointformatlist,
-                               ecpointformatlist_length)) {
+                               s->session->ext.ecpointformats,
+                               ecpointformats_len)) {
             *al = SSL_AD_INTERNAL_ERROR;
             return 0;
         }
@@ -758,10 +756,10 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
 int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
                                   int *al)
 {
-    if (s->tls_session_ticket_ext_cb != NULL &&
-        !s->tls_session_ticket_ext_cb(s, PACKET_data(pkt),
-                                      PACKET_remaining(pkt),
-                                      s->tls_session_ticket_ext_cb_arg)) {
+    if (s->ext.session_ticket_cb != NULL &&
+        !s->ext.session_ticket_cb(s, PACKET_data(pkt),
+                              PACKET_remaining(pkt),
+                              s->ext.session_ticket_cb_arg)) {
         *al = SSL_AD_INTERNAL_ERROR;
         return 0;
     }
@@ -771,7 +769,7 @@ int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
         return 0;
     }
 
-    s->tlsext_ticket_expected = 1;
+    s->ext.ticket_expected = 1;
 
     return 1;
 }
@@ -784,7 +782,7 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
      * MUST only be sent if we've requested a status
      * request message. In TLS <= 1.2 it must also be empty.
      */
-    if (s->tlsext_status_type == TLSEXT_STATUSTYPE_nothing
+    if (s->ext.status_type == TLSEXT_STATUSTYPE_nothing
             || (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0)) {
         *al = SSL_AD_UNSUPPORTED_EXTENSION;
         return 0;
@@ -800,7 +798,7 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
     }
 
     /* Set flag to expect CertificateStatus message */
-    s->tlsext_status_expected = 1;
+    s->ext.status_expected = 1;
 
     return 1;
 }
@@ -819,14 +817,14 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
         size_t size = PACKET_remaining(pkt);
 
         /* Simply copy it off for later processing */
-        OPENSSL_free(s->tlsext_scts);
-        s->tlsext_scts = NULL;
+        OPENSSL_free(s->ext.scts);
+        s->ext.scts = NULL;
 
-        s->tlsext_scts_len = size;
+        s->ext.scts_len = size;
         if (size > 0) {
-            s->tlsext_scts = OPENSSL_malloc(size);
-            if (s->tlsext_scts == NULL
-                    || !PACKET_copy_bytes(pkt, s->tlsext_scts, size)) {
+            s->ext.scts = OPENSSL_malloc(size);
+            if (s->ext.scts == NULL
+                    || !PACKET_copy_bytes(pkt, s->ext.scts, size)) {
                 *al = SSL_AD_INTERNAL_ERROR;
                 return 0;
             }
@@ -872,7 +870,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
         return 1;
 
     /* We must have requested it. */
-    if (s->ctx->next_proto_select_cb == NULL) {
+    if (s->ctx->ext.npn_select_cb == NULL) {
         *al = SSL_AD_UNSUPPORTED_EXTENSION;
         return 0;
     }
@@ -883,10 +881,10 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
         *al = SSL_AD_DECODE_ERROR;
         return 0;
     }
-    if (s->ctx->next_proto_select_cb(s, &selected, &selected_len,
-                                     PACKET_data(pkt),
-                                     PACKET_remaining(pkt),
-                                     s->ctx->next_proto_select_cb_arg) !=
+    if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len,
+                                  PACKET_data(pkt),
+                                  PACKET_remaining(pkt),
+                                  s->ctx->ext.npn_select_cb_arg) !=
              SSL_TLSEXT_ERR_OK) {
         *al = SSL_AD_INTERNAL_ERROR;
         return 0;
@@ -896,16 +894,16 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
      * Could be non-NULL if server has sent multiple NPN extensions in
      * a single Serverhello
      */
-    OPENSSL_free(s->next_proto_negotiated);
-    s->next_proto_negotiated = OPENSSL_malloc(selected_len);
-    if (s->next_proto_negotiated == NULL) {
+    OPENSSL_free(s->ext.npn);
+    s->ext.npn = OPENSSL_malloc(selected_len);
+    if (s->ext.npn == NULL) {
         *al = SSL_AD_INTERNAL_ERROR;
         return 0;
     }
 
-    memcpy(s->next_proto_negotiated, selected, selected_len);
-    s->next_proto_negotiated_len = selected_len;
-    s->s3->next_proto_neg_seen = 1;
+    memcpy(s->ext.npn, selected, selected_len);
+    s->ext.npn_len = selected_len;
+    s->s3->npn_seen = 1;
 
     return 1;
 }
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index dfe5fc5..c868bb9 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -116,7 +116,7 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
             return 0;
         }
 
-        if (!PACKET_strndup(&hostname, &s->session->tlsext_hostname)) {
+        if (!PACKET_strndup(&hostname, &s->session->ext.hostname)) {
             *al = TLS1_AD_INTERNAL_ERROR;
             return 0;
         }
@@ -127,9 +127,9 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
          * TODO(openssl-team): if the SNI doesn't match, we MUST
          * fall back to a full handshake.
          */
-        s->servername_done = s->session->tlsext_hostname
-            && PACKET_equal(&hostname, s->session->tlsext_hostname,
-                            strlen(s->session->tlsext_hostname));
+        s->servername_done = s->session->ext.hostname
+            && PACKET_equal(&hostname, s->session->ext.hostname,
+                            strlen(s->session->ext.hostname));
     }
 
     return 1;
@@ -173,8 +173,8 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
 
     if (!s->hit) {
         if (!PACKET_memdup(&ec_point_format_list,
-                           &s->session->tlsext_ecpointformatlist,
-                           &s->session->tlsext_ecpointformatlist_length)) {
+                           &s->session->ext.ecpointformats,
+                           &s->session->ext.ecpointformats_len)) {
             *al = TLS1_AD_INTERNAL_ERROR;
             return 0;
         }
@@ -187,10 +187,10 @@ int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
 int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
                                   int *al)
 {
-    if (s->tls_session_ticket_ext_cb &&
-            !s->tls_session_ticket_ext_cb(s, PACKET_data(pkt),
-                                          PACKET_remaining(pkt),
-                                          s->tls_session_ticket_ext_cb_arg)) {
+    if (s->ext.session_ticket_cb &&
+            !s->ext.session_ticket_cb(s, PACKET_data(pkt),
+                                  PACKET_remaining(pkt),
+                                  s->ext.session_ticket_cb_arg)) {
         *al = TLS1_AD_INTERNAL_ERROR;
         return 0;
     }
@@ -229,16 +229,16 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
     if (x != NULL)
         return 1;
 
-    if (!PACKET_get_1(pkt, (unsigned int *)&s->tlsext_status_type)) {
+    if (!PACKET_get_1(pkt, (unsigned int *)&s->ext.status_type)) {
         *al = SSL_AD_DECODE_ERROR;
         return 0;
     }
 
-    if (s->tlsext_status_type != TLSEXT_STATUSTYPE_ocsp) {
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) {
         /*
          * We don't know what to do with any other type so ignore it.
          */
-        s->tlsext_status_type = TLSEXT_STATUSTYPE_nothing;
+        s->ext.status_type = TLSEXT_STATUSTYPE_nothing;
         return 1;
     }
 
@@ -251,15 +251,15 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
      * We remove any OCSP_RESPIDs from a previous handshake
      * to prevent unbounded memory growth - CVE-2016-6304
      */
-    sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
+    sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
     if (PACKET_remaining(&responder_id_list) > 0) {
-        s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
-        if (s->tlsext_ocsp_ids == NULL) {
+        s->ext.ocsp.ids = sk_OCSP_RESPID_new_null();
+        if (s->ext.ocsp.ids == NULL) {
             *al = SSL_AD_INTERNAL_ERROR;
             return 0;
         }
     } else {
-        s->tlsext_ocsp_ids = NULL;
+        s->ext.ocsp.ids = NULL;
     }
 
     while (PACKET_remaining(&responder_id_list) > 0) {
@@ -288,7 +288,7 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
             return 0;
         }
 
-        if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
+        if (!sk_OCSP_RESPID_push(s->ext.ocsp.ids, id)) {
             OCSP_RESPID_free(id);
             *al = SSL_AD_INTERNAL_ERROR;
             return 0;
@@ -304,11 +304,11 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,
     if (PACKET_remaining(&exts) > 0) {
         const unsigned char *ext_data = PACKET_data(&exts);
 
-        sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
+        sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts,
                                    X509_EXTENSION_free);
-        s->tlsext_ocsp_exts =
+        s->ext.ocsp.exts =
             d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts));
-        if (s->tlsext_ocsp_exts == NULL || ext_data != PACKET_end(&exts)) {
+        if (s->ext.ocsp.exts == NULL || ext_data != PACKET_end(&exts)) {
             *al = SSL_AD_DECODE_ERROR;
             return 0;
         }
@@ -339,7 +339,7 @@ int tls_parse_ctos_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)
      * Finished message could have been computed.)
      */
     if (s->s3->tmp.finish_md_len == 0)
-        s->s3->next_proto_neg_seen = 1;
+        s->s3->npn_seen = 1;
 
     return 1;
 }
@@ -643,8 +643,8 @@ int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, X509 *x,
 
     if (!s->hit
             && !PACKET_memdup(&supported_groups_list,
-                              &s->session->tlsext_supportedgroupslist,
-                              &s->session->tlsext_supportedgroupslist_length)) {
+                              &s->session->ext.supportedgroups,
+                              &s->session->ext.supportedgroups_len)) {
         *al = SSL_AD_DECODE_ERROR;
         return 0;
     }
@@ -695,7 +695,7 @@ int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, X509 *x,
                                    size_t chainidx, int *al)
 {
     if (s->hit || s->servername_done != 1
-            || s->session->tlsext_hostname == NULL)
+            || s->session->ext.hostname == NULL)
         return 1;
 
     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
@@ -714,7 +714,7 @@ int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
     unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
     unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
     int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
-                    && (s->session->tlsext_ecpointformatlist != NULL);
+                    && (s->session->ext.ecpointformats != NULL);
     const unsigned char *plist;
     size_t plistlen;
 
@@ -737,8 +737,8 @@ int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
 int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
                                       size_t chainidx, int *al)
 {
-    if (!s->tlsext_ticket_expected || !tls_use_ticket(s)) {
-        s->tlsext_ticket_expected = 0;
+    if (!s->ext.ticket_expected || !tls_use_ticket(s)) {
+        s->ext.ticket_expected = 0;
         return 1;
     }
 
@@ -755,7 +755,7 @@ int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
 int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, X509 *x,
                                      size_t chainidx, int *al)
 {
-    if (!s->tlsext_status_expected)
+    if (!s->ext.status_expected)
         return 1;
 
     if (SSL_IS_TLS13(s) && chainidx != 0)
@@ -789,14 +789,14 @@ int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, X509 *x,
     const unsigned char *npa;
     unsigned int npalen;
     int ret;
-    int next_proto_neg_seen = s->s3->next_proto_neg_seen;
+    int npn_seen = s->s3->npn_seen;
 
-    s->s3->next_proto_neg_seen = 0;
-    if (!next_proto_neg_seen || s->ctx->next_protos_advertised_cb == NULL)
+    s->s3->npn_seen = 0;
+    if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL)
         return 1;
 
-    ret = s->ctx->next_protos_advertised_cb(s, &npa, &npalen,
-                                      s->ctx->next_protos_advertised_cb_arg);
+    ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen,
+                                        s->ctx->ext.npn_advertised_cb_arg);
     if (ret == SSL_TLSEXT_ERR_OK) {
         if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
                 || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) {
@@ -804,7 +804,7 @@ int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, X509 *x,
                    ERR_R_INTERNAL_ERROR);
             return 0;
         }
-        s->s3->next_proto_neg_seen = 1;
+        s->s3->npn_seen = 1;
     }
 
     return 1;
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a3133ad..9fa16b1 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -225,7 +225,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
 
     case TLS_ST_CR_SRVR_HELLO:
         if (s->hit) {
-            if (s->tlsext_ticket_expected) {
+            if (s->ext.ticket_expected) {
                 if (mt == SSL3_MT_NEWSESSION_TICKET) {
                     st->hand_state = TLS_ST_CR_SESSION_TICKET;
                     return 1;
@@ -239,8 +239,8 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
                 st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
                 return 1;
             } else if (s->version >= TLS1_VERSION
-                       && s->tls_session_secret_cb != NULL
-                       && s->session->tlsext_tick != NULL
+                       && s->ext.session_secret_cb != NULL
+                       && s->session->ext.tick != NULL
                        && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
                 /*
                  * Normally, we can tell if the server is resuming the session
@@ -282,9 +282,9 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
     case TLS_ST_CR_CERT:
         /*
          * The CertificateStatus message is optional even if
-         * |tlsext_status_expected| is set
+         * |ext.status_expected| is set
          */
-        if (s->tlsext_status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) {
+        if (s->ext.status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) {
             st->hand_state = TLS_ST_CR_CERT_STATUS;
             return 1;
         }
@@ -321,7 +321,7 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
         break;
 
     case TLS_ST_CW_FINISHED:
-        if (s->tlsext_ticket_expected) {
+        if (s->ext.ticket_expected) {
             if (mt == SSL3_MT_NEWSESSION_TICKET) {
                 st->hand_state = TLS_ST_CR_SESSION_TICKET;
                 return 1;
@@ -478,7 +478,7 @@ WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
 #if defined(OPENSSL_NO_NEXTPROTONEG)
         st->hand_state = TLS_ST_CW_FINISHED;
 #else
-        if (!SSL_IS_DTLS(s) && s->s3->next_proto_neg_seen)
+        if (!SSL_IS_DTLS(s) && s->s3->npn_seen)
             st->hand_state = TLS_ST_CW_NEXT_PROTO;
         else
             st->hand_state = TLS_ST_CW_FINISHED;
@@ -872,7 +872,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
          * In the case of EAP-FAST, we can have a pre-shared
          * "ticket" without a session ID.
          */
-        (!sess->session_id_length && !sess->tlsext_tick) ||
+        (!sess->session_id_length && !sess->ext.tick) ||
         (sess->not_resumable)) {
         if (!ssl_get_new_session(s, 0))
             return 0;
@@ -1122,7 +1122,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
      * server wants to resume.
      */
     if (s->version >= TLS1_VERSION && !SSL_IS_TLS13(s)
-            && s->tls_session_secret_cb != NULL && s->session->tlsext_tick) {
+            && s->ext.session_secret_cb != NULL && s->session->ext.tick) {
         const SSL_CIPHER *pref_cipher = NULL;
         /*
          * s->session->master_key_length is a size_t, but this is an int for
@@ -1130,10 +1130,10 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
          */
         int master_key_length;
         master_key_length = sizeof(s->session->master_key);
-        if (s->tls_session_secret_cb(s, s->session->master_key,
+        if (s->ext.session_secret_cb(s, s->session->master_key,
                                      &master_key_length,
                                      NULL, &pref_cipher,
-                                     s->tls_session_secret_cb_arg)
+                                     s->ext.session_secret_cb_arg)
                  && master_key_length > 0) {
             s->session->master_key_length = master_key_length;
             s->session->cipher = pref_cipher ?
@@ -2134,22 +2134,23 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
         s->session = new_sess;
     }
 
-    OPENSSL_free(s->session->tlsext_tick);
-    s->session->tlsext_ticklen = 0;
+    OPENSSL_free(s->session->ext.tick);
+    s->session->ext.tick = NULL;
+    s->session->ext.ticklen = 0;
 
-    s->session->tlsext_tick = OPENSSL_malloc(ticklen);
-    if (s->session->tlsext_tick == NULL) {
+    s->session->ext.tick = OPENSSL_malloc(ticklen);
+    if (s->session->ext.tick == NULL) {
         SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    if (!PACKET_copy_bytes(pkt, s->session->tlsext_tick, ticklen)) {
+    if (!PACKET_copy_bytes(pkt, s->session->ext.tick, ticklen)) {
         al = SSL_AD_DECODE_ERROR;
         SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
         goto f_err;
     }
 
-    s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
-    s->session->tlsext_ticklen = ticklen;
+    s->session->ext.tick_lifetime_hint = ticket_lifetime_hint;
+    s->session->ext.ticklen = ticklen;
     /*
      * There are two ways to detect a resumed ticket session. One is to set
      * an appropriate session ID and then the server must return a match in
@@ -2165,7 +2166,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
      * TODO(size_t): we use sess_len here because EVP_Digest expects an int
      * but s->session->session_id_length is a size_t
      */
-    if (!EVP_Digest(s->session->tlsext_tick, ticklen,
+    if (!EVP_Digest(s->session->ext.tick, ticklen,
                     s->session->session_id, &sess_len,
                     EVP_sha256(), NULL)) {
         SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_EVP_LIB);
@@ -2203,18 +2204,18 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt, int *al)
         SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS_BODY, SSL_R_LENGTH_MISMATCH);
         return 0;
     }
-    s->tlsext_ocsp_resp = OPENSSL_malloc(resplen);
-    if (s->tlsext_ocsp_resp == NULL) {
+    s->ext.ocsp.resp = OPENSSL_malloc(resplen);
+    if (s->ext.ocsp.resp == NULL) {
         *al = SSL_AD_INTERNAL_ERROR;
         SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS_BODY, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    if (!PACKET_copy_bytes(pkt, s->tlsext_ocsp_resp, resplen)) {
+    if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {
         *al = SSL_AD_DECODE_ERROR;
         SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS_BODY, SSL_R_LENGTH_MISMATCH);
         return 0;
     }
-    s->tlsext_ocsp_resplen = resplen;
+    s->ext.ocsp.resp_len = resplen;
 
     return 1;
 }
@@ -2251,14 +2252,14 @@ int tls_process_initial_server_flight(SSL *s, int *al)
     }
 
     /*
-     * Call the ocsp status callback if needed. The |tlsext_ocsp_resp| and
-     * |tlsext_ocsp_resplen| values will be set if we actually received a status
+     * Call the ocsp status callback if needed. The |ext.ocsp.resp| and
+     * |ext.ocsp.resp_len| values will be set if we actually received a status
      * message, or NULL and -1 otherwise
      */
-    if (s->tlsext_status_type != TLSEXT_STATUSTYPE_nothing
-            && s->ctx->tlsext_status_cb != NULL) {
-        int ret;
-        ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing
+            && s->ctx->ext.status_cb != NULL) {
+        int ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);
+
         if (ret == 0) {
             *al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
             SSLerr(SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
@@ -3112,10 +3113,10 @@ int tls_construct_next_proto(SSL *s, WPACKET *pkt)
     size_t len, padding_len;
     unsigned char *padding = NULL;
 
-    len = s->next_proto_negotiated_len;
+    len = s->ext.npn_len;
     padding_len = 32 - ((len + 2) % 32);
 
-    if (!WPACKET_sub_memcpy_u8(pkt, s->next_proto_negotiated, len)
+    if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len)
             || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_NEXT_PROTO, ERR_R_INTERNAL_ERROR);
         goto err;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b3d6419..224b158 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -255,7 +255,7 @@ int ossl_statem_server_read_transition(SSL *s, int mt)
 
     case TLS_ST_SR_CHANGE:
 #ifndef OPENSSL_NO_NEXTPROTONEG
-        if (s->s3->next_proto_neg_seen) {
+        if (s->s3->npn_seen) {
             if (mt == SSL3_MT_NEXT_PROTO) {
                 st->hand_state = TLS_ST_SR_NEXT_PROTO;
                 return 1;
@@ -488,7 +488,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
 
     case TLS_ST_SW_SRVR_HELLO:
         if (s->hit) {
-            if (s->tlsext_ticket_expected)
+            if (s->ext.ticket_expected)
                 st->hand_state = TLS_ST_SW_SESSION_TICKET;
             else
                 st->hand_state = TLS_ST_SW_CHANGE;
@@ -509,7 +509,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
         return WRITE_TRAN_CONTINUE;
 
     case TLS_ST_SW_CERT:
-        if (s->tlsext_status_expected) {
+        if (s->ext.status_expected) {
             st->hand_state = TLS_ST_SW_CERT_STATUS;
             return WRITE_TRAN_CONTINUE;
         }
@@ -541,7 +541,7 @@ WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
             st->hand_state = TLS_ST_OK;
             ossl_statem_set_in_init(s, 0);
             return WRITE_TRAN_CONTINUE;
-        } else if (s->tlsext_ticket_expected) {
+        } else if (s->ext.ticket_expected) {
             st->hand_state = TLS_ST_SW_SESSION_TICKET;
         } else {
             st->hand_state = TLS_ST_SW_CHANGE;
@@ -1527,7 +1527,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
         }
     }
 
-    if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
+    if (!s->hit && s->version >= TLS1_VERSION && s->ext.session_secret_cb) {
         const SSL_CIPHER *pref_cipher = NULL;
         /*
          * s->session->master_key_length is a size_t, but this is an int for
@@ -1536,10 +1536,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
         int master_key_length;
 
         master_key_length = sizeof(s->session->master_key);
-        if (s->tls_session_secret_cb(s, s->session->master_key,
+        if (s->ext.session_secret_cb(s, s->session->master_key,
                                      &master_key_length, ciphers,
                                      &pref_cipher,
-                                     s->tls_session_secret_cb_arg)
+                                     s->ext.session_secret_cb_arg)
                 && master_key_length > 0) {
             s->session->master_key_length = master_key_length;
             s->hit = 1;
@@ -1691,7 +1691,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
  */
 static int tls_handle_status_request(SSL *s, int *al)
 {
-    s->tlsext_status_expected = 0;
+    s->ext.status_expected = 0;
 
     /*
      * If status request then ask callback what to do. Note: this must be
@@ -1699,8 +1699,8 @@ static int tls_handle_status_request(SSL *s, int *al)
      * and must be called after the cipher has been chosen because this may
      * influence which certificate is sent
      */
-    if (s->tlsext_status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL
-            && s->ctx->tlsext_status_cb != NULL) {
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL
+            && s->ctx->ext.status_cb != NULL) {
         int ret;
         CERT_PKEY *certpkey = ssl_get_server_send_pkey(s);
 
@@ -1711,16 +1711,16 @@ static int tls_handle_status_request(SSL *s, int *al)
              * et al can pick it up.
              */
             s->cert->key = certpkey;
-            ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+            ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);
             switch (ret) {
                 /* We don't want to send a status request response */
             case SSL_TLSEXT_ERR_NOACK:
-                s->tlsext_status_expected = 0;
+                s->ext.status_expected = 0;
                 break;
                 /* status request response should be sent */
             case SSL_TLSEXT_ERR_OK:
-                if (s->tlsext_ocsp_resp)
-                    s->tlsext_status_expected = 1;
+                if (s->ext.ocsp.resp)
+                    s->ext.status_expected = 1;
                 break;
                 /* something bad happened */
             case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -1773,7 +1773,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
                                                    != 0));
             if (s->session->not_resumable)
                 /* do not send a session ticket */
-                s->tlsext_ticket_expected = 0;
+                s->ext.ticket_expected = 0;
         } else {
             /* Session-id reuse */
             s->s3->tmp.new_cipher = s->session->cipher;
@@ -3371,9 +3371,9 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
      * Initialize HMAC and cipher contexts. If callback present it does
      * all the work otherwise use generated values from parent ctx.
      */
-    if (tctx->tlsext_ticket_key_cb) {
+    if (tctx->ext.ticket_key_cb) {
         /* if 0 is returned, write an empty ticket */
-        int ret = tctx->tlsext_ticket_key_cb(s, key_name, iv, ctx,
+        int ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx,
                                              hctx, 1);
 
         if (ret == 0) {
@@ -3400,14 +3400,14 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
         if (RAND_bytes(iv, iv_len) <= 0)
             goto err;
         if (!EVP_EncryptInit_ex(ctx, cipher, NULL,
-                                tctx->tlsext_tick_aes_key, iv))
+                                tctx->ext.tick_aes_key, iv))
             goto err;
-        if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
-                          sizeof(tctx->tlsext_tick_hmac_key),
+        if (!HMAC_Init_ex(hctx, tctx->ext.tick_hmac_key,
+                          sizeof(tctx->ext.tick_hmac_key),
                           EVP_sha256(), NULL))
             goto err;
-        memcpy(key_name, tctx->tlsext_tick_key_name,
-               sizeof(tctx->tlsext_tick_key_name));
+        memcpy(key_name, tctx->ext.tick_key_name,
+               sizeof(tctx->ext.tick_key_name));
     }
 
     /*
@@ -3465,9 +3465,9 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
  */
 int tls_construct_cert_status_body(SSL *s, WPACKET *pkt)
 {
-    if (!WPACKET_put_bytes_u8(pkt, s->tlsext_status_type)
-            || !WPACKET_sub_memcpy_u24(pkt, s->tlsext_ocsp_resp,
-                                       s->tlsext_ocsp_resplen)) {
+    if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type)
+            || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp,
+                                       s->ext.ocsp.resp_len)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY, ERR_R_INTERNAL_ERROR);
         return 0;
     }
@@ -3509,12 +3509,12 @@ MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt)
         goto err;
     }
 
-    if (!PACKET_memdup(&next_proto, &s->next_proto_negotiated, &next_proto_len)) {
-        s->next_proto_negotiated_len = 0;
+    if (!PACKET_memdup(&next_proto, &s->ext.npn, &next_proto_len)) {
+        s->ext.npn_len = 0;
         goto err;
     }
 
-    s->next_proto_negotiated_len = (unsigned char)next_proto_len;
+    s->ext.npn_len = (unsigned char)next_proto_len;
 
     return MSG_PROCESS_CONTINUE_READING;
  err:
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index f45ffcb..ec8b968 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -112,7 +112,7 @@ int tls1_new(SSL *s)
 
 void tls1_free(SSL *s)
 {
-    OPENSSL_free(s->tlsext_session_ticket);
+    OPENSSL_free(s->ext.session_ticket);
     ssl3_free(s);
 }
 
@@ -265,8 +265,8 @@ int tls1_get_curvelist(SSL *s, int sess, const unsigned char **pcurves,
 {
     size_t pcurveslen = 0;
     if (sess) {
-        *pcurves = s->session->tlsext_supportedgroupslist;
-        pcurveslen = s->session->tlsext_supportedgroupslist_length;
+        *pcurves = s->session->ext.supportedgroups;
+        pcurveslen = s->session->ext.supportedgroups_len;
     } else {
         /* For Suite B mode only include P-256, P-384 */
         switch (tls1_suiteb(s)) {
@@ -285,8 +285,8 @@ int tls1_get_curvelist(SSL *s, int sess, const unsigned char **pcurves,
             pcurveslen = 2;
             break;
         default:
-            *pcurves = s->tlsext_supportedgroupslist;
-            pcurveslen = s->tlsext_supportedgroupslist_length;
+            *pcurves = s->ext.supportedgroups;
+            pcurveslen = s->ext.supportedgroups_len;
         }
         if (!*pcurves) {
             *pcurves = eccurves_default;
@@ -556,9 +556,9 @@ static int tls1_check_ec_key(SSL *s,
      * If point formats extension present check it, otherwise everything is
      * supported (see RFC4492).
      */
-    if (comp_id && s->session->tlsext_ecpointformatlist) {
-        pformats = s->session->tlsext_ecpointformatlist;
-        num_formats = s->session->tlsext_ecpointformatlist_length;
+    if (comp_id && s->session->ext.ecpointformats) {
+        pformats = s->session->ext.ecpointformats;
+        num_formats = s->session->ext.ecpointformats_len;
         for (i = 0; i < num_formats; i++, pformats++) {
             if (*comp_id == *pformats)
                 break;
@@ -601,9 +601,9 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
     /*
      * If we have a custom point format list use it otherwise use default
      */
-    if (s->tlsext_ecpointformatlist) {
-        *pformats = s->tlsext_ecpointformatlist;
-        *num_formats = s->tlsext_ecpointformatlist_length;
+    if (s->ext.ecpointformats) {
+        *pformats = s->ext.ecpointformats;
+        *num_formats = s->ext.ecpointformats_len;
     } else {
         *pformats = ecformats_default;
         /* For Suite B we don't support char2 fields */
@@ -749,12 +749,12 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
 
 static const unsigned char tls12_sigalgs[] = {
     tlsext_sigalg(TLSEXT_hash_sha512)
-        tlsext_sigalg(TLSEXT_hash_sha384)
-        tlsext_sigalg(TLSEXT_hash_sha256)
-        tlsext_sigalg(TLSEXT_hash_sha224)
-        tlsext_sigalg(TLSEXT_hash_sha1)
+    tlsext_sigalg(TLSEXT_hash_sha384)
+    tlsext_sigalg(TLSEXT_hash_sha256)
+    tlsext_sigalg(TLSEXT_hash_sha224)
+    tlsext_sigalg(TLSEXT_hash_sha1)
 #ifndef OPENSSL_NO_GOST
-        TLSEXT_hash_gostr3411, TLSEXT_signature_gostr34102001,
+    TLSEXT_hash_gostr3411, TLSEXT_signature_gostr34102001,
     TLSEXT_hash_gostr34112012_256, TLSEXT_signature_gostr34102012_256,
     TLSEXT_hash_gostr34112012_512, TLSEXT_signature_gostr34102012_512
 #endif
@@ -763,9 +763,10 @@ static const unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_EC
 static const unsigned char suiteb_sigalgs[] = {
     tlsext_sigalg_ecdsa(TLSEXT_hash_sha256)
-        tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
+    tlsext_sigalg_ecdsa(TLSEXT_hash_sha384)
 };
 #endif
+
 size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs)
 {
     /*
@@ -1039,7 +1040,7 @@ RAW_EXTENSION *tls_get_extension_by_type(RAW_EXTENSION *exts, size_t numexts,
  *
  * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
  * ciphersuite, in which case we have no use for session tickets and one will
- * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
+ * never be decrypted, nor will s->ext.ticket_expected be set to 1.
  *
  * Returns:
  *   -1: fatal error, either from parsing or decrypting the ticket.
@@ -1051,12 +1052,12 @@ RAW_EXTENSION *tls_get_extension_by_type(RAW_EXTENSION *exts, size_t numexts,
  *    3: a ticket was successfully decrypted and *ret was set.
  *
  * Side effects:
- *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
+ *   Sets s->ext.ticket_expected to 1 if the server will have to issue
  *   a new session ticket to the client because the client indicated support
  *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
  *   a session ticket or we couldn't use the one it gave us, or if
- *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
- *   Otherwise, s->tlsext_ticket_expected is set to 0.
+ *   s->ctx->ext.ticket_key_cb asked to renew the client's ticket.
+ *   Otherwise, s->ext.ticket_expected is set to 0.
  */
 int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
                                SSL_SESSION **ret)
@@ -1066,7 +1067,7 @@ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
     RAW_EXTENSION *ticketext;
 
     *ret = NULL;
-    s->tlsext_ticket_expected = 0;
+    s->ext.ticket_expected = 0;
 
     /*
      * If tickets disabled or not supported by the protocol version
@@ -1086,10 +1087,10 @@ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
          * The client will accept a ticket but doesn't currently have
          * one.
          */
-        s->tlsext_ticket_expected = 1;
+        s->ext.ticket_expected = 1;
         return 1;
     }
-    if (s->tls_session_secret_cb) {
+    if (s->ext.session_secret_cb) {
         /*
          * Indicate that the ticket couldn't be decrypted rather than
          * generating the session from ticket now, trigger
@@ -1103,14 +1104,14 @@ int tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
                               hello->session_id, hello->session_id_len, ret);
     switch (retv) {
     case 2:            /* ticket couldn't be decrypted */
-        s->tlsext_ticket_expected = 1;
+        s->ext.ticket_expected = 1;
         return 2;
 
     case 3:            /* ticket was decrypted */
         return 3;
 
     case 4:            /* ticket decrypted but need to renew */
-        s->tlsext_ticket_expected = 1;
+        s->ext.ticket_expected = 1;
         return 3;
 
     default:           /* fatal error */
@@ -1158,9 +1159,9 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
         ret = -2;
         goto err;
     }
-    if (tctx->tlsext_ticket_key_cb) {
+    if (tctx->ext.ticket_key_cb) {
         unsigned char *nctick = (unsigned char *)etick;
-        int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
+        int rv = tctx->ext.ticket_key_cb(s, nctick, nctick + 16,
                                             ctx, hctx, 0);
         if (rv < 0)
             goto err;
@@ -1172,17 +1173,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
             renew_ticket = 1;
     } else {
         /* Check key name matches */
-        if (memcmp(etick, tctx->tlsext_tick_key_name,
-                   sizeof(tctx->tlsext_tick_key_name)) != 0) {
+        if (memcmp(etick, tctx->ext.tick_key_name,
+                   sizeof(tctx->ext.tick_key_name)) != 0) {
             ret = 2;
             goto err;
         }
-        if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
-                         sizeof(tctx->tlsext_tick_hmac_key),
+        if (HMAC_Init_ex(hctx, tctx->ext.tick_hmac_key,
+                         sizeof(tctx->ext.tick_hmac_key),
                          EVP_sha256(), NULL) <= 0
             || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
-                                  tctx->tlsext_tick_aes_key,
-                                  etick + sizeof(tctx->tlsext_tick_key_name)) <=
+                                  tctx->ext.tick_aes_key,
+                                  etick + sizeof(tctx->ext.tick_key_name)) <=
             0) {
             goto err;
         }
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index bf647f1..9ffd0bf 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -378,16 +378,16 @@ static void configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
         parse_protos(extra->server.npn_protocols,
                      &server_ctx_data->npn_protocols,
                      &server_ctx_data->npn_protocols_len);
-        SSL_CTX_set_next_protos_advertised_cb(server_ctx, server_npn_cb,
-                                              server_ctx_data);
+        SSL_CTX_set_npn_advertised_cb(server_ctx, server_npn_cb,
+                                      server_ctx_data);
     }
     if (extra->server2.npn_protocols != NULL) {
         parse_protos(extra->server2.npn_protocols,
                      &server2_ctx_data->npn_protocols,
                      &server2_ctx_data->npn_protocols_len);
         TEST_check(server2_ctx != NULL);
-        SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb,
-                                              server2_ctx_data);
+        SSL_CTX_set_npn_advertised_cb(server2_ctx, server_npn_cb,
+                                      server2_ctx_data);
     }
     if (extra->client.npn_protocols != NULL) {
         parse_protos(extra->client.npn_protocols,
diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
index 4da340b..79edadd 100644
--- a/test/ossl_shim/ossl_shim.cc
+++ b/test/ossl_shim/ossl_shim.cc
@@ -589,7 +589,7 @@ static bssl::UniquePtr<SSL_CTX> SetupCtx(const TestConfig *config) {
     SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback);
   }
 
-  SSL_CTX_set_next_protos_advertised_cb(
+  SSL_CTX_set_npn_advertised_cb(
       ssl_ctx.get(), NextProtosAdvertisedCallback, NULL);
   if (!config->select_next_proto.empty()) {
     SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback,
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index c19ab98..1bfa983 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -1662,14 +1662,12 @@ int main(int argc, char *argv[])
                        "Can't have both -npn_server and -npn_server_reject\n");
             goto end;
         }
-        SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
-        SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_npn, NULL);
+        SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
+        SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
     }
     if (npn_server_reject) {
-        SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn,
-                                              NULL);
-        SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_rejects_npn,
-                                              NULL);
+        SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
+        SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
     }
 #endif
 


More information about the openssl-commits mailing list