[openssl-commits] [openssl] master update

kaduk at mit.edu kaduk at mit.edu
Fri Sep 8 19:09:03 UTC 2017


The branch master has been updated
       via  f1b97da1fd90cf3935eafedc8df0d0165cb75f2f (commit)
       via  f90486f4def6c20e3021405068b69533d164244f (commit)
       via  a9c0d8beeae98355a2ef6ae1f0a9ba624be8bd54 (commit)
      from  4e049e2c3658ee2bc6e63e696a3779d2f9eed377 (commit)


- Log -----------------------------------------------------------------
commit f1b97da1fd90cf3935eafedc8df0d0165cb75f2f
Author: David Benjamin <davidben at google.com>
Date:   Thu Sep 7 18:53:05 2017 -0400

    Introduce named constants for the ClientHello callback.
    
    It is otherwise unclear what all the magic numbers mean.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/4349)

commit f90486f4def6c20e3021405068b69533d164244f
Author: David Benjamin <davidben at google.com>
Date:   Thu Sep 7 18:41:52 2017 -0400

    Fix test documentation.
    
    The instructions don't work.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/4349)

commit a9c0d8beeae98355a2ef6ae1f0a9ba624be8bd54
Author: David Benjamin <davidben at google.com>
Date:   Thu Sep 7 18:39:40 2017 -0400

    Rename SSL_CTX_set_early_cb to SSL_CTX_set_client_hello_cb.
    
    "Early callback" is a little ambiguous now that early data exists.
    Perhaps "ClientHello callback"?
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/4349)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CIPHER_get_name.pod                   |   5 +-
 doc/man3/SSL_CTX_set_client_hello_cb.pod           | 130 +++++++++++++++++++++
 doc/man3/SSL_CTX_set_early_cb.pod                  | 123 -------------------
 .../SSL_CTX_set_tlsext_servername_callback.pod     |  10 +-
 doc/man3/SSL_get_error.pod                         |   6 +-
 doc/man3/SSL_want.pod                              |  18 +--
 include/openssl/ssl.h                              |  49 ++++----
 ssl/ssl_lib.c                                      |  27 ++---
 ssl/ssl_locl.h                                     |  11 +-
 ssl/statem/statem_srvr.c                           |  20 ++--
 test/README                                        |   4 +-
 test/README.ssltest.md                             |   4 +-
 test/handshake_helper.c                            |  60 +++++-----
 test/ssl-tests/05-sni.conf                         |  90 +++++++-------
 test/ssl-tests/05-sni.conf.in                      |  12 +-
 test/ssl_test_ctx.c                                |   8 +-
 test/ssl_test_ctx.h                                |   6 +-
 test/sslapitest.c                                  |  32 ++---
 util/libssl.num                                    |  18 +--
 util/private.num                                   |   4 +-
 20 files changed, 333 insertions(+), 304 deletions(-)
 create mode 100644 doc/man3/SSL_CTX_set_client_hello_cb.pod
 delete mode 100644 doc/man3/SSL_CTX_set_early_cb.pod

diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod
index c82be8e..b23a38b 100644
--- a/doc/man3/SSL_CIPHER_get_name.pod
+++ b/doc/man3/SSL_CIPHER_get_name.pod
@@ -97,8 +97,9 @@ ChaCha20/Poly1305), and 0 if it is not AEAD.
 SSL_CIPHER_find() returns a B<SSL_CIPHER> structure which has the cipher ID stored
 in B<ptr>. The B<ptr> parameter is a two element array of B<char>, which stores the
 two-byte TLS cipher ID (as allocated by IANA) in network byte order. This parameter
-is usually retrieved from a TLS packet by using functions like L<SSL_early_get0_ciphers(3)>.
-SSL_CIPHER_find() returns NULL if an error occurs or the indicated cipher is not found.
+is usually retrieved from a TLS packet by using functions like
+L<SSL_client_hello_get0_ciphers(3)>.  SSL_CIPHER_find() returns NULL if an
+error occurs or the indicated cipher is not found.
 
 SSL_CIPHER_get_id() returns the OpenSSL-specific ID of the given cipher B<c>. That ID is
 not the same as the IANA-specific ID.
diff --git a/doc/man3/SSL_CTX_set_client_hello_cb.pod b/doc/man3/SSL_CTX_set_client_hello_cb.pod
new file mode 100644
index 0000000..6824b5b
--- /dev/null
+++ b/doc/man3/SSL_CTX_set_client_hello_cb.pod
@@ -0,0 +1,130 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext - callback functions for early server-side ClientHello processing
+
+=head1 SYNOPSIS
+
+ typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg);
+ void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f,
+                                  void *arg);
+ int SSL_client_hello_isv2(SSL *s);
+ unsigned int SSL_client_hello_get0_legacy_version(SSL *s);
+ size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out);
+ size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out);
+ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
+ size_t SSL_client_hello_get0_compression_methods(SSL *s,
+                                                  const unsigned char **out);
+ int SSL_client_hello_get1_extensions_present(SSL *s, int **out,
+                                              size_t *outlen);
+ int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out,
+                               size_t *outlen);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_client_hello_cb() sets the callback function, which is automatically
+called during the early stages of ClientHello processing on the server.
+The argument supplied when setting the callback is passed back to the
+callback at runtime.  A callback that returns failure (0) will cause the
+connection to terminate, and callbacks returning failure should indicate
+what alert value is to be sent in the B<al> parameter.  A callback may
+also return a negative value to suspend the handshake, and the handshake
+function will return immediately.  L<SSL_get_error(3)> will return
+SSL_ERROR_WANT_CLIENT_HELLO_CB to indicate that the handshake was suspended.
+It is the job of the ClientHello callback to store information about the state
+of the last call if needed to continue.  On the next call into the handshake
+function, the ClientHello callback will be called again, and, if it returns
+success, normal handshake processing will continue from that point.
+
+SSL_client_hello_isv2() indicates whether the ClientHello was carried in a
+SSLv2 record and is in the SSLv2 format.  The SSLv2 format has substantial
+differences from the normal SSLv3 format, including using three bytes per
+cipher suite, and not allowing extensions.  Additionally, the SSLv2 format
+'challenge' field is exposed via SSL_client_hello_get0_random(), padded to
+SSL3_RANDOM_SIZE bytes with zeros if needed.  For SSLv2 format ClientHellos,
+SSL_client_hello_get0_compression_methods() returns a dummy list that only includes
+the null compression method, since the SSLv2 format does not include a
+mechanism by which to negotiate compression.
+
+SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(),
+SSL_client_hello_get0_ciphers(), and
+SSL_client_hello_get0_compression_methods() provide access to the corresponding
+ClientHello fields, returning the field length and optionally setting an out
+pointer to the octets of that field.
+
+Similarly, SSL_client_hello_get0_ext() provides access to individual extensions
+from the ClientHello on a per-extension basis.  For the provided wire
+protocol extension type value, the extension value and length are returned
+in the output parameters (if present).
+
+SSL_client_hello_get1_extensions_present() can be used prior to
+SSL_client_hello_get0_ext(), to determine which extensions are present in the
+ClientHello before querying for them.  The B<out> and B<outlen> parameters are
+both required, and on success the caller must release the storage allocated for
+B<*out> using OPENSSL_free().  The contents of B<*out> is an array of integers
+holding the numerical value of the TLS extension types in the order they appear
+in the ClientHello.  B<*outlen> contains the number of elements in the array.
+
+=head1 NOTES
+
+The ClientHello callback provides a vast window of possibilities for application
+code to affect the TLS handshake.  A primary use of the callback is to
+allow the server to examine the server name indication extension provided
+by the client in order to select an appropriate certificate to present,
+and make other configuration adjustments relevant to that server name
+and its configuration.  Such configuration changes can include swapping out
+the associated SSL_CTX pointer, modifying the server's list of permitted TLS
+versions, changing the server's cipher list in response to the client's
+cipher list, etc.
+
+It is also recommended that applications utilize a ClientHello callback and
+not use a servername callback, in order to avoid unexpected behavior that
+occurs due to the relative order of processing between things like session
+resumption and the historical servername callback.
+
+The SSL_client_hello_* family of functions may only be called from code executing
+within a ClientHello callback.
+
+=head1 RETURN VALUES
+
+The application's supplied ClientHello callback returns
+SSL_CLIENT_HELLO_SUCCESS on success, SSL_CLIENT_HELLO_ERROR on failure, and
+SSL_CLIENT_HELLO_RETRY to suspend processing.
+
+SSL_client_hello_isv2() returns 1 for SSLv2-format ClientHellos and 0 otherwise.
+
+SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(),
+SSL_client_hello_get0_ciphers(), and
+SSL_client_hello_get0_compression_methods() return the length of the
+corresponding ClientHello fields.  If zero is returned, the output pointer
+should not be assumed to be valid.
+
+SSL_client_hello_get0_ext() returns 1 if the extension of type 'type' is present, and
+0 otherwise.
+
+SSL_client_hello_get1_extensions_present() returns 1 on success and 0 on failure.
+
+=head1 SEE ALSO
+
+L<ssl(7)>, L<SSL_CTX_set_tlsext_servername_callback(3)>,
+L<SSL_bytes_to_cipher_list>
+
+=head1 HISTORY
+
+The SSL ClientHello callback, SSL_client_hello_isv2(),
+SSL_client_hello_get0_random(), SSL_client_hello_get0_session_id(),
+SSL_client_hello_get0_ciphers(), SSL_client_hello_get0_compression_methods(),
+SSL_client_hello_get0_ext(), and SSL_client_hello_get1_extensions_present()
+were added in OpenSSL 1.1.1.
+
+=head1 COPYRIGHT
+
+Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/SSL_CTX_set_early_cb.pod b/doc/man3/SSL_CTX_set_early_cb.pod
deleted file mode 100644
index c2b4650..0000000
--- a/doc/man3/SSL_CTX_set_early_cb.pod
+++ /dev/null
@@ -1,123 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_early_cb, SSL_early_cb_fn, SSL_early_isv2, SSL_early_get0_legacy_version, SSL_early_get0_random, SSL_early_get0_session_id, SSL_early_get0_ciphers, SSL_early_get0_compression_methods, SSL_early_get1_extensions_present, SSL_early_get0_ext - callback functions for early server-side ClientHello processing
-
-=head1 SYNOPSIS
-
- typedef int (*SSL_early_cb_fn)(SSL *s, int *al, void *arg);
- void SSL_CTX_set_early_cb(SSL_CTX *c, SSL_early_cb_fn *f, void *arg);
- int SSL_early_isv2(SSL *s);
- unsigned int SSL_early_get0_legacy_version(SSL *s);
- size_t SSL_early_get0_random(SSL *s, const unsigned char **out);
- size_t SSL_early_get0_session_id(SSL *s, const unsigned char **out);
- size_t SSL_early_get0_ciphers(SSL *s, const unsigned char **out);
- size_t SSL_early_get0_compression_methods(SSL *s, const unsigned char **out);
- int SSL_early_get1_extensions_present(SSL *s, int **out, size_t *outlen);
- int SSL_early_get0_ext(SSL *s, int type, const unsigned char **out,
-                        size_t *outlen);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_early_cb() sets the callback function, which is automatically
-called during the early stages of ClientHello processing on the server.
-The argument supplied when setting the callback is passed back to the
-callback at runtime.  A callback that returns failure (0) will cause the
-connection to terminate, and callbacks returning failure should indicate
-what alert value is to be sent in the B<al> parameter.  A callback may
-also return a negative value to suspend the handshake, and the handshake
-function will return immediately.  L<SSL_get_error(3)> will return
-SSL_ERROR_WANT_EARLY to indicate that the handshake was suspended.
-It is the job of the early callback to store information about the state
-of the last call if needed to continue.  On the next call into the handshake
-function, the early callback will be called again, and, if it returns
-success, normal handshake processing will continue from that point.
-
-SSL_early_isv2() indicates whether the ClientHello was carried in a
-SSLv2 record and is in the SSLv2 format.  The SSLv2 format has substantial
-differences from the normal SSLv3 format, including using three bytes per
-cipher suite, and not allowing extensions.  Additionally, the SSLv2 format
-'challenge' field is exposed via SSL_early_get0_random(), padded to
-SSL3_RANDOM_SIZE bytes with zeros if needed.  For SSLv2 format ClientHellos,
-SSL_early_get0_compression_methods() returns a dummy list that only includes
-the null compression method, since the SSLv2 format does not include a
-mechanism by which to negotiate compression.
-
-SSL_early_get0_random(), SSL_early_get0_session_id(), SSL_early_get0_ciphers(),
-and SSL_early_get0_compression_methods() provide access to the corresponding
-ClientHello fields, returning the field length and optionally setting an
-out pointer to the octets of that field.
-
-Similarly, SSL_early_get0_ext() provides access to individual extensions
-from the ClientHello on a per-extension basis.  For the provided wire
-protocol extension type value, the extension value and length are returned
-in the output parameters (if present).
-
-SSL_early_get1_extensions_present() can be used prior to SSL_early_get0_ext(),
-to determine which extensions are present in the ClientHello before querying
-for them.  The B<out> and B<outlen> parameters are both required, and on
-success the caller must release the storage allocated for B<*out> using
-OPENSSL_free().  The contents of B<*out> is an array of integers holding the
-numerical value of the TLS extension types in the order they appear in the
-ClientHello.  B<*outlen> contains the number of elements in the array.
-
-=head1 NOTES
-
-The early callback provides a vast window of possibilities for application
-code to affect the TLS handshake.  A primary use of the callback is to
-allow the server to examine the server name indication extension provided
-by the client in order to select an appropriate certificate to present,
-and make other configuration adjustments relevant to that server name
-and its configuration.  Such configuration changes can include swapping out
-the associated SSL_CTX pointer, modifying the server's list of permitted TLS
-versions, changing the server's cipher list in response to the client's
-cipher list, etc.
-
-It is also recommended that applications utilize an early callback and
-not use a servername callback, in order to avoid unexpected behavior that
-occurs due to the relative order of processing between things like session
-resumption and the historical servername callback.
-
-The SSL_early_* family of functions may only be called from code executing
-within an early callback.
-
-=head1 RETURN VALUES
-
-The application's supplied early callback returns 1 on success, 0 on failure,
-and a negative value to suspend processing.
-
-SSL_early_isv2() returns 1 for SSLv2-format ClientHellos and 0 otherwise.
-
-SSL_early_get0_random(), SSL_early_get0_session_id(), SSL_early_get0_ciphers(),
-and SSL_early_get0_compression_methods() return the length of the corresponding
-ClientHello fields.  If zero is returned, the output pointer should not be
-assumed to be valid.
-
-SSL_early_get0_ext() returns 1 if the extension of type 'type' is present, and
-0 otherwise.
-
-SSL_early_get1_extensions_present() returns 1 on success and 0 on failure.
-
-=head1 SEE ALSO
-
-L<ssl(7)>, L<SSL_CTX_set_tlsext_servername_callback(3)>,
-L<SSL_bytes_to_cipher_list>
-
-=head1 HISTORY
-
-The SSL early callback, SSL_early_isv2(), SSL_early_get0_random(),
-SSL_early_get0_session_id(), SSL_early_get0_ciphers(),
-SSL_early_get0_compression_methods(), SSL_early_get0_ext(), and
-SSL_early_get1_extensions_present() were added in OpenSSL 1.1.1.
-
-=head1 COPYRIGHT
-
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the OpenSSL license (the "License").  You may not use
-this file except in compliance with the License.  You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
diff --git a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
index 151de16..b1fb5ab 100644
--- a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
@@ -21,8 +21,8 @@ SSL_set_tlsext_host_name - handle server name indication (SNI)
 
 =head1 DESCRIPTION
 
-The functionality provided by the servername callback is superseded by
-the early callback, which can be set using SSL_CTX_set_early_cb().
+The functionality provided by the servername callback is superseded by the
+ClientHello callback, which can be set using SSL_CTX_set_client_hello_cb().
 The servername callback is retained for historical compatibility.
 
 SSL_CTX_set_tlsext_servername_callback() sets the application callback B<cb>
@@ -48,8 +48,8 @@ to B<TLSEXT_NAMETYPE_host_name> (defined in RFC3546).
 =head1 NOTES
 
 Several callbacks are executed during ClientHello processing, including
-the early, ALPN, and servername callbacks.  The early callback is executed
-first, then the servername callback, followed by the ALPN callback.
+the ClientHello, ALPN, and servername callbacks.  The ClientHello callback is
+executed first, then the servername callback, followed by the ALPN callback.
 
 The SSL_set_tlsext_host_name() function should only be called on SSL objects
 that will act as clients; otherwise the configured B<name> will be ignored.
@@ -63,7 +63,7 @@ SSL_set_tlsext_host_name() returns 1 on success, 0 in case of error.
 =head1 SEE ALSO
 
 L<ssl(7)>, L<SSL_CTX_set_alpn_select_cb(3)>,
-L<SSL_get0_alpn_selected(3)>, L<SSL_CTX_set_early_cb(3)>
+L<SSL_get0_alpn_selected(3)>, L<SSL_CTX_set_client_hello_cb(3)>
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod
index efa78ef..4e26514 100644
--- a/doc/man3/SSL_get_error.pod
+++ b/doc/man3/SSL_get_error.pod
@@ -110,10 +110,10 @@ through a call to L<ASYNC_init_thread(3)>. The application should retry the
 operation after a currently executing asynchronous operation for the current
 thread has completed.
 
-=item SSL_ERROR_WANT_EARLY
+=item SSL_ERROR_WANT_CLIENT_HELLO_CB
 
 The operation did not complete because an application callback set by
-SSL_CTX_set_early_cb() has asked to be called again.
+SSL_CTX_set_client_hello_cb() has asked to be called again.
 The TLS/SSL I/O function should be called again later.
 Details depend on the application.
 
@@ -137,7 +137,7 @@ L<ssl(7)>
 =head1 HISTORY
 
 SSL_ERROR_WANT_ASYNC was added in OpenSSL 1.1.0.
-SSL_ERROR_WANT_EARLY was added in OpenSSL 1.1.1.
+SSL_ERROR_WANT_CLIENT_HELLO_CB was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/SSL_want.pod b/doc/man3/SSL_want.pod
index ce21f47..ef4b218 100644
--- a/doc/man3/SSL_want.pod
+++ b/doc/man3/SSL_want.pod
@@ -3,8 +3,8 @@
 =head1 NAME
 
 SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup,
-SSL_want_async, SSL_want_async_job, SSL_want_early - obtain state information
-TLS/SSL I/O operation
+SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb - obtain state
+information TLS/SSL I/O operation
 
 =head1 SYNOPSIS
 
@@ -17,7 +17,7 @@ TLS/SSL I/O operation
  int SSL_want_x509_lookup(const SSL *ssl);
  int SSL_want_async(const SSL *ssl);
  int SSL_want_async_job(const SSL *ssl);
- int SSL_want_early(const SSL *ssl);
+ int SSL_want_client_hello_cb(const SSL *ssl);
 
 =head1 DESCRIPTION
 
@@ -82,18 +82,18 @@ The asynchronous job could not be started because there were no async jobs
 available in the pool (see ASYNC_init_thread(3)). A call to L<SSL_get_error(3)>
 should return SSL_ERROR_WANT_ASYNC_JOB.
 
-=item SSL_EARLY_WORK
+=item SSL_CLIENT_HELLO_CB
 
 The operation did not complete because an application callback set by
-SSL_CTX_set_early_cb() has asked to be called again.
+SSL_CTX_set_client_hello_cb() has asked to be called again.
 A call to L<SSL_get_error(3)> should return
-SSL_ERROR_WANT_EARLY.
+SSL_ERROR_WANT_CLIENT_HELLO_CB.
 
 =back
 
 SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup(),
-SSL_want_async(), SSL_want_async_job(), and SSL_want_early() return 1, when
-the corresponding condition is true or 0 otherwise.
+SSL_want_async(), SSL_want_async_job(), and SSL_want_client_hello_cb() return
+1, when the corresponding condition is true or 0 otherwise.
 
 =head1 SEE ALSO
 
@@ -101,7 +101,7 @@ L<ssl(7)>, L<SSL_get_error(3)>
 
 =head1 HISTORY
 
-SSL_want_early() and SSL_EARLY_WORK were added in OpenSSL 1.1.1.
+SSL_want_client_hello_cb() and SSL_CLIENT_HELLO_CB were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index da1fa0f..9aac454 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -844,16 +844,16 @@ __owur int SSL_extension_supported(unsigned int ext_type);
 # define SSL_X509_LOOKUP        4
 # define SSL_ASYNC_PAUSED       5
 # define SSL_ASYNC_NO_JOBS      6
-# define SSL_EARLY_WORK         7
+# define SSL_CLIENT_HELLO_CB    7
 
 /* These will only be used when doing non-blocking IO */
-# define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
-# define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
-# define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
-# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
-# define SSL_want_async(s)       (SSL_want(s) == SSL_ASYNC_PAUSED)
-# define SSL_want_async_job(s)   (SSL_want(s) == SSL_ASYNC_NO_JOBS)
-# define SSL_want_early(s)       (SSL_want(s) == SSL_EARLY_WORK)
+# define SSL_want_nothing(s)         (SSL_want(s) == SSL_NOTHING)
+# define SSL_want_read(s)            (SSL_want(s) == SSL_READING)
+# define SSL_want_write(s)           (SSL_want(s) == SSL_WRITING)
+# define SSL_want_x509_lookup(s)     (SSL_want(s) == SSL_X509_LOOKUP)
+# define SSL_want_async(s)           (SSL_want(s) == SSL_ASYNC_PAUSED)
+# define SSL_want_async_job(s)       (SSL_want(s) == SSL_ASYNC_NO_JOBS)
+# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB)
 
 # define SSL_MAC_FLAG_READ_MAC_STREAM 1
 # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
@@ -1135,7 +1135,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_ERROR_WANT_ACCEPT           8
 # define SSL_ERROR_WANT_ASYNC            9
 # define SSL_ERROR_WANT_ASYNC_JOB       10
-# define SSL_ERROR_WANT_EARLY           11
+# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11
 # define SSL_CTRL_SET_TMP_DH                     3
 # define SSL_CTRL_SET_TMP_ECDH                   4
 # define SSL_CTRL_SET_TMP_DH_CB                  6
@@ -1697,19 +1697,26 @@ __owur char *SSL_get_srp_userinfo(SSL *s);
 # endif
 
 /*
- * Early callback and helpers.
+ * ClientHello callback and helpers.
  */
-typedef int (*SSL_early_cb_fn) (SSL *s, int *al, void *arg);
-void SSL_CTX_set_early_cb(SSL_CTX *c, SSL_early_cb_fn cb, void *arg);
-int SSL_early_isv2(SSL *s);
-unsigned int SSL_early_get0_legacy_version(SSL *s);
-size_t SSL_early_get0_random(SSL *s, const unsigned char **out);
-size_t SSL_early_get0_session_id(SSL *s, const unsigned char **out);
-size_t SSL_early_get0_ciphers(SSL *s, const unsigned char **out);
-size_t SSL_early_get0_compression_methods(SSL *s, const unsigned char **out);
-int SSL_early_get1_extensions_present(SSL *s, int **out, size_t *outlen);
-int SSL_early_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
-                       size_t *outlen);
+
+# define SSL_CLIENT_HELLO_SUCCESS 1
+# define SSL_CLIENT_HELLO_ERROR   0
+# define SSL_CLIENT_HELLO_RETRY   (-1)
+
+typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg);
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
+                                 void *arg);
+int SSL_client_hello_isv2(SSL *s);
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s);
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_compression_methods(SSL *s,
+                                                 const unsigned char **out);
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
+                              const unsigned char **out, size_t *outlen);
 
 void SSL_certs_clear(SSL *s);
 void SSL_free(SSL *ssl);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 70f4acf..a909a57 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3301,8 +3301,8 @@ int SSL_get_error(const SSL *s, int i)
         return SSL_ERROR_WANT_ASYNC;
     if (SSL_want_async_job(s))
         return SSL_ERROR_WANT_ASYNC_JOB;
-    if (SSL_want_early(s))
-        return SSL_ERROR_WANT_EARLY;
+    if (SSL_want_client_hello_cb(s))
+        return SSL_ERROR_WANT_CLIENT_HELLO_CB;
 
     if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
         (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
@@ -4700,27 +4700,28 @@ const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
 
 #endif  /* OPENSSL_NO_CT */
 
-void SSL_CTX_set_early_cb(SSL_CTX *c, SSL_early_cb_fn cb, void *arg)
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
+                                 void *arg)
 {
-    c->early_cb = cb;
-    c->early_cb_arg = arg;
+    c->client_hello_cb = cb;
+    c->client_hello_cb_arg = arg;
 }
 
-int SSL_early_isv2(SSL *s)
+int SSL_client_hello_isv2(SSL *s)
 {
     if (s->clienthello == NULL)
         return 0;
     return s->clienthello->isv2;
 }
 
-unsigned int SSL_early_get0_legacy_version(SSL *s)
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
 {
     if (s->clienthello == NULL)
         return 0;
     return s->clienthello->legacy_version;
 }
 
-size_t SSL_early_get0_random(SSL *s, const unsigned char **out)
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
 {
     if (s->clienthello == NULL)
         return 0;
@@ -4729,7 +4730,7 @@ size_t SSL_early_get0_random(SSL *s, const unsigned char **out)
     return SSL3_RANDOM_SIZE;
 }
 
-size_t SSL_early_get0_session_id(SSL *s, const unsigned char **out)
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
 {
     if (s->clienthello == NULL)
         return 0;
@@ -4738,7 +4739,7 @@ size_t SSL_early_get0_session_id(SSL *s, const unsigned char **out)
     return s->clienthello->session_id_len;
 }
 
-size_t SSL_early_get0_ciphers(SSL *s, const unsigned char **out)
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
 {
     if (s->clienthello == NULL)
         return 0;
@@ -4747,7 +4748,7 @@ size_t SSL_early_get0_ciphers(SSL *s, const unsigned char **out)
     return PACKET_remaining(&s->clienthello->ciphersuites);
 }
 
-size_t SSL_early_get0_compression_methods(SSL *s, const unsigned char **out)
+size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
 {
     if (s->clienthello == NULL)
         return 0;
@@ -4756,7 +4757,7 @@ size_t SSL_early_get0_compression_methods(SSL *s, const unsigned char **out)
     return s->clienthello->compressions_len;
 }
 
-int SSL_early_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
 {
     RAW_EXTENSION *ext;
     int *present;
@@ -4788,7 +4789,7 @@ int SSL_early_get1_extensions_present(SSL *s, int **out, size_t *outlen)
     return 0;
 }
 
-int SSL_early_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
+int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
                        size_t *outlen)
 {
     size_t i;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 59fba61..64d5e72 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -877,9 +877,9 @@ struct ssl_ctx_st {
     ENGINE *client_cert_engine;
 # endif
 
-    /* Early callback.  Mostly for extensions, but not entirely. */
-    SSL_early_cb_fn early_cb;
-    void *early_cb_arg;
+    /* ClientHello callback.  Mostly for extensions, but not entirely. */
+    SSL_client_hello_cb_fn client_hello_cb;
+    void *client_hello_cb_arg;
 
     /* TLS extensions. */
     struct {
@@ -1252,7 +1252,10 @@ struct ssl_st {
         size_t tls13_cookie_len;
     } ext;
 
-    /* Parsed form of the ClientHello, kept around across early_cb calls. */
+    /*
+     * Parsed form of the ClientHello, kept around across client_hello_cb
+     * calls.
+     */
     CLIENTHELLO_MSG *clienthello;
 
     /*-
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index d2f8f90..81c8ee4 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1430,16 +1430,18 @@ static int tls_early_post_process_client_hello(SSL *s, int *pal)
     DOWNGRADE dgrd = DOWNGRADE_NONE;
 
     /* Finished parsing the ClientHello, now we can start processing it */
-    /* Give the early callback a crack at things */
-    if (s->ctx->early_cb != NULL) {
-        int code;
-        /* A failure in the early callback terminates the connection. */
-        code = s->ctx->early_cb(s, &al, s->ctx->early_cb_arg);
-        if (code == 0)
+    /* Give the ClientHello callback a crack at things */
+    if (s->ctx->client_hello_cb != NULL) {
+        /* A failure in the ClientHello callback terminates the connection. */
+        switch (s->ctx->client_hello_cb(s, &al, s->ctx->client_hello_cb_arg)) {
+        case SSL_CLIENT_HELLO_SUCCESS:
+            break;
+        case SSL_CLIENT_HELLO_RETRY:
+            s->rwstate = SSL_CLIENT_HELLO_CB;
+            return -1;
+        case SSL_CLIENT_HELLO_ERROR:
+        default:
             goto err;
-        if (code < 0) {
-            s->rwstate = SSL_EARLY_WORK;
-            return code;
         }
     }
 
diff --git a/test/README b/test/README
index d852680..37722e7 100644
--- a/test/README
+++ b/test/README
@@ -50,7 +50,7 @@ The second argument to `simple_test' is the test executable, and `simple_test'
 expects it to be located in test/
 
 For documentation on OpenSSL::Test::Simple, do
-`perldoc test/testlib/OpenSSL/Test/Simple.pm'.
+`perldoc util/perl/OpenSSL/Test/Simple.pm'.
 
 
 A recipe that runs a more complex test
@@ -58,7 +58,7 @@ A recipe that runs a more complex test
 
 For more complex tests, you will need to read up on Test::More and
 OpenSSL::Test.  Test::More is normally preinstalled, do `man Test::More' for
-documentation.  For OpenSSL::Test, do `perldoc test/testlib/OpenSSL/Test.pm'.
+documentation.  For OpenSSL::Test, do `perldoc util/perl/OpenSSL/Test.pm'.
 
 A script to start from could be this:
 
diff --git a/test/README.ssltest.md b/test/README.ssltest.md
index 288dffa..c4540b4 100644
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -222,7 +222,7 @@ client => {
 ```
 $ ./config
 $ cd test
-$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/my.conf.in \
+$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.conf.in \
   > ssl-tests/my.conf
 ```
 
@@ -231,7 +231,7 @@ where `my.conf.in` is your test input file.
 For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do
 
 ```
-$ TOP=.. perl -I testlib/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf
+$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf
 ```
 
 Alternatively (hackish but simple), you can comment out
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index dc020d9..3d59abc 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -137,7 +137,7 @@ static int select_server_ctx(SSL *s, void *arg, int ignore)
     }
 }
 
-static int early_select_server_ctx(SSL *s, void *arg, int ignore)
+static int client_hello_select_server_ctx(SSL *s, void *arg, int ignore)
 {
     const char *servername;
     const unsigned char *p;
@@ -149,7 +149,8 @@ static int early_select_server_ctx(SSL *s, void *arg, int ignore)
      * The server_name extension was given too much extensibility when it
      * was written, so parsing the normal case is a bit complex.
      */
-    if (!SSL_early_get0_ext(s, TLSEXT_TYPE_server_name, &p, &remaining) ||
+    if (!SSL_client_hello_get0_ext(s, TLSEXT_TYPE_server_name, &p,
+                                   &remaining) ||
         remaining <= 2)
         return 0;
     /* Extract the length of the supplied list of names. */
@@ -219,48 +220,50 @@ static int servername_reject_cb(SSL *s, int *ad, void *arg)
     return select_server_ctx(s, arg, 0);
 }
 
-static int early_ignore_cb(SSL *s, int *al, void *arg)
+static int client_hello_ignore_cb(SSL *s, int *al, void *arg)
 {
-    if (!early_select_server_ctx(s, arg, 1)) {
+    if (!client_hello_select_server_ctx(s, arg, 1)) {
         *al = SSL_AD_UNRECOGNIZED_NAME;
-        return 0;
+        return SSL_CLIENT_HELLO_ERROR;
     }
-    return 1;
+    return SSL_CLIENT_HELLO_SUCCESS;
 }
 
-static int early_reject_cb(SSL *s, int *al, void *arg)
+static int client_hello_reject_cb(SSL *s, int *al, void *arg)
 {
-    if (!early_select_server_ctx(s, arg, 0)) {
+    if (!client_hello_select_server_ctx(s, arg, 0)) {
         *al = SSL_AD_UNRECOGNIZED_NAME;
-        return 0;
+        return SSL_CLIENT_HELLO_ERROR;
     }
-    return 1;
+    return SSL_CLIENT_HELLO_SUCCESS;
 }
 
-static int early_nov12_cb(SSL *s, int *al, void *arg)
+static int client_hello_nov12_cb(SSL *s, int *al, void *arg)
 {
     int ret;
     unsigned int v;
     const unsigned char *p;
 
-    v = SSL_early_get0_legacy_version(s);
+    v = SSL_client_hello_get0_legacy_version(s);
     if (v > TLS1_2_VERSION || v < SSL3_VERSION) {
         *al = SSL_AD_PROTOCOL_VERSION;
-        return 0;
+        return SSL_CLIENT_HELLO_ERROR;
     }
-    (void)SSL_early_get0_session_id(s, &p);
+    (void)SSL_client_hello_get0_session_id(s, &p);
     if (p == NULL ||
-        SSL_early_get0_random(s, &p) == 0 ||
-        SSL_early_get0_ciphers(s, &p) == 0 ||
-        SSL_early_get0_compression_methods(s, &p) == 0) {
+        SSL_client_hello_get0_random(s, &p) == 0 ||
+        SSL_client_hello_get0_ciphers(s, &p) == 0 ||
+        SSL_client_hello_get0_compression_methods(s, &p) == 0) {
         *al = SSL_AD_INTERNAL_ERROR;
-        return 0;
+        return SSL_CLIENT_HELLO_ERROR;
     }
-    ret = early_select_server_ctx(s, arg, 0);
+    ret = client_hello_select_server_ctx(s, arg, 0);
     SSL_set_max_proto_version(s, TLS1_1_VERSION);
-    if (!ret)
+    if (!ret) {
         *al = SSL_AD_UNRECOGNIZED_NAME;
-    return ret;
+        return SSL_CLIENT_HELLO_ERROR;
+    }
+    return SSL_CLIENT_HELLO_SUCCESS;
 }
 
 static unsigned char dummy_ocsp_resp_good_val = 0xff;
@@ -489,7 +492,8 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
 
     /*
      * Link the two contexts for SNI purposes.
-     * Also do early callbacks here, as setting both early and SNI is bad.
+     * Also do ClientHello callbacks here, as setting both ClientHello and SNI
+     * is bad.
      */
     switch (extra->server.servername_callback) {
     case SSL_TEST_SERVERNAME_IGNORE_MISMATCH:
@@ -502,14 +506,14 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
         break;
     case SSL_TEST_SERVERNAME_CB_NONE:
         break;
-    case SSL_TEST_SERVERNAME_EARLY_IGNORE_MISMATCH:
-        SSL_CTX_set_early_cb(server_ctx, early_ignore_cb, server2_ctx);
+    case SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH:
+        SSL_CTX_set_client_hello_cb(server_ctx, client_hello_ignore_cb, server2_ctx);
         break;
-    case SSL_TEST_SERVERNAME_EARLY_REJECT_MISMATCH:
-        SSL_CTX_set_early_cb(server_ctx, early_reject_cb, server2_ctx);
+    case SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH:
+        SSL_CTX_set_client_hello_cb(server_ctx, client_hello_reject_cb, server2_ctx);
         break;
-    case SSL_TEST_SERVERNAME_EARLY_NO_V12:
-        SSL_CTX_set_early_cb(server_ctx, early_nov12_cb, server2_ctx);
+    case SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12:
+        SSL_CTX_set_client_hello_cb(server_ctx, client_hello_nov12_cb, server2_ctx);
     }
 
     if (extra->server.cert_status != SSL_TEST_CERT_STATUS_NONE) {
diff --git a/test/ssl-tests/05-sni.conf b/test/ssl-tests/05-sni.conf
index d5d350e..a6c7f43 100644
--- a/test/ssl-tests/05-sni.conf
+++ b/test/ssl-tests/05-sni.conf
@@ -8,9 +8,9 @@ test-2 = 2-SNI-no-server-support
 test-3 = 3-SNI-no-client-support
 test-4 = 4-SNI-bad-sni-ignore-mismatch
 test-5 = 5-SNI-bad-sni-reject-mismatch
-test-6 = 6-SNI-bad-early-sni-ignore-mismatch
-test-7 = 7-SNI-bad-early-sni-reject-mismatch
-test-8 = 8-SNI-early-disable-v12
+test-6 = 6-SNI-bad-clienthello-sni-ignore-mismatch
+test-7 = 7-SNI-bad-clienthello-sni-reject-mismatch
+test-8 = 8-SNI-clienthello-disable-v12
 # ===========================================================
 
 [0-SNI-switch-context]
@@ -206,20 +206,20 @@ ServerName = invalid
 
 # ===========================================================
 
-[6-SNI-bad-early-sni-ignore-mismatch]
-ssl_conf = 6-SNI-bad-early-sni-ignore-mismatch-ssl
+[6-SNI-bad-clienthello-sni-ignore-mismatch]
+ssl_conf = 6-SNI-bad-clienthello-sni-ignore-mismatch-ssl
 
-[6-SNI-bad-early-sni-ignore-mismatch-ssl]
-server = 6-SNI-bad-early-sni-ignore-mismatch-server
-client = 6-SNI-bad-early-sni-ignore-mismatch-client
-server2 = 6-SNI-bad-early-sni-ignore-mismatch-server
+[6-SNI-bad-clienthello-sni-ignore-mismatch-ssl]
+server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
+client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client
+server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
 
-[6-SNI-bad-early-sni-ignore-mismatch-server]
+[6-SNI-bad-clienthello-sni-ignore-mismatch-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[6-SNI-bad-early-sni-ignore-mismatch-client]
+[6-SNI-bad-clienthello-sni-ignore-mismatch-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
@@ -227,33 +227,33 @@ VerifyMode = Peer
 [test-6]
 ExpectedResult = Success
 ExpectedServerName = server1
-server = 6-SNI-bad-early-sni-ignore-mismatch-server-extra
-server2 = 6-SNI-bad-early-sni-ignore-mismatch-server-extra
-client = 6-SNI-bad-early-sni-ignore-mismatch-client-extra
+server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
+server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
+client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra
 
-[6-SNI-bad-early-sni-ignore-mismatch-server-extra]
-ServerNameCallback = EarlyIgnoreMismatch
+[6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra]
+ServerNameCallback = ClientHelloIgnoreMismatch
 
-[6-SNI-bad-early-sni-ignore-mismatch-client-extra]
+[6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra]
 ServerName = invalid
 
 
 # ===========================================================
 
-[7-SNI-bad-early-sni-reject-mismatch]
-ssl_conf = 7-SNI-bad-early-sni-reject-mismatch-ssl
+[7-SNI-bad-clienthello-sni-reject-mismatch]
+ssl_conf = 7-SNI-bad-clienthello-sni-reject-mismatch-ssl
 
-[7-SNI-bad-early-sni-reject-mismatch-ssl]
-server = 7-SNI-bad-early-sni-reject-mismatch-server
-client = 7-SNI-bad-early-sni-reject-mismatch-client
-server2 = 7-SNI-bad-early-sni-reject-mismatch-server
+[7-SNI-bad-clienthello-sni-reject-mismatch-ssl]
+server = 7-SNI-bad-clienthello-sni-reject-mismatch-server
+client = 7-SNI-bad-clienthello-sni-reject-mismatch-client
+server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server
 
-[7-SNI-bad-early-sni-reject-mismatch-server]
+[7-SNI-bad-clienthello-sni-reject-mismatch-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[7-SNI-bad-early-sni-reject-mismatch-client]
+[7-SNI-bad-clienthello-sni-reject-mismatch-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
@@ -261,33 +261,33 @@ VerifyMode = Peer
 [test-7]
 ExpectedResult = ServerFail
 ExpectedServerAlert = UnrecognizedName
-server = 7-SNI-bad-early-sni-reject-mismatch-server-extra
-server2 = 7-SNI-bad-early-sni-reject-mismatch-server-extra
-client = 7-SNI-bad-early-sni-reject-mismatch-client-extra
+server = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
+server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
+client = 7-SNI-bad-clienthello-sni-reject-mismatch-client-extra
 
-[7-SNI-bad-early-sni-reject-mismatch-server-extra]
-ServerNameCallback = EarlyRejectMismatch
+[7-SNI-bad-clienthello-sni-reject-mismatch-server-extra]
+ServerNameCallback = ClientHelloRejectMismatch
 
-[7-SNI-bad-early-sni-reject-mismatch-client-extra]
+[7-SNI-bad-clienthello-sni-reject-mismatch-client-extra]
 ServerName = invalid
 
 
 # ===========================================================
 
-[8-SNI-early-disable-v12]
-ssl_conf = 8-SNI-early-disable-v12-ssl
+[8-SNI-clienthello-disable-v12]
+ssl_conf = 8-SNI-clienthello-disable-v12-ssl
 
-[8-SNI-early-disable-v12-ssl]
-server = 8-SNI-early-disable-v12-server
-client = 8-SNI-early-disable-v12-client
-server2 = 8-SNI-early-disable-v12-server
+[8-SNI-clienthello-disable-v12-ssl]
+server = 8-SNI-clienthello-disable-v12-server
+client = 8-SNI-clienthello-disable-v12-client
+server2 = 8-SNI-clienthello-disable-v12-server
 
-[8-SNI-early-disable-v12-server]
+[8-SNI-clienthello-disable-v12-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[8-SNI-early-disable-v12-client]
+[8-SNI-clienthello-disable-v12-client]
 CipherString = DEFAULT
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
@@ -295,14 +295,14 @@ VerifyMode = Peer
 [test-8]
 ExpectedProtocol = TLSv1.1
 ExpectedServerName = server2
-server = 8-SNI-early-disable-v12-server-extra
-server2 = 8-SNI-early-disable-v12-server-extra
-client = 8-SNI-early-disable-v12-client-extra
+server = 8-SNI-clienthello-disable-v12-server-extra
+server2 = 8-SNI-clienthello-disable-v12-server-extra
+client = 8-SNI-clienthello-disable-v12-client-extra
 
-[8-SNI-early-disable-v12-server-extra]
-ServerNameCallback = EarlyNoV12
+[8-SNI-clienthello-disable-v12-server-extra]
+ServerNameCallback = ClientHelloNoV12
 
-[8-SNI-early-disable-v12-client-extra]
+[8-SNI-clienthello-disable-v12-client-extra]
 ServerName = server2
 
 
diff --git a/test/ssl-tests/05-sni.conf.in b/test/ssl-tests/05-sni.conf.in
index 63b295d..a993a34 100644
--- a/test/ssl-tests/05-sni.conf.in
+++ b/test/ssl-tests/05-sni.conf.in
@@ -111,10 +111,10 @@ our @tests = (
         },
     },
     {
-        name => "SNI-bad-early-sni-ignore-mismatch",
+        name => "SNI-bad-clienthello-sni-ignore-mismatch",
         server => {
             extra => {
-                "ServerNameCallback" => "EarlyIgnoreMismatch",
+                "ServerNameCallback" => "ClientHelloIgnoreMismatch",
             },
         },
         client => {
@@ -128,10 +128,10 @@ our @tests = (
         },
     },
     {
-        name => "SNI-bad-early-sni-reject-mismatch",
+        name => "SNI-bad-clienthello-sni-reject-mismatch",
         server => {
             extra => {
-                "ServerNameCallback" => "EarlyRejectMismatch",
+                "ServerNameCallback" => "ClientHelloRejectMismatch",
             },
         },
         client => {
@@ -148,10 +148,10 @@ our @tests = (
 
 our @tests_tls_1_1 = (
     {
-        name => "SNI-early-disable-v12",
+        name => "SNI-clienthello-disable-v12",
         server => {
             extra => {
-                "ServerNameCallback" => "EarlyNoV12",
+                "ServerNameCallback" => "ClientHelloNoV12",
             },
         },
         client => {
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
index 0be68c7..d669d0d 100644
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -238,9 +238,11 @@ static const test_enum ssl_servername_callbacks[] = {
     {"None", SSL_TEST_SERVERNAME_CB_NONE},
     {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH},
     {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH},
-    {"EarlyIgnoreMismatch", SSL_TEST_SERVERNAME_EARLY_IGNORE_MISMATCH},
-    {"EarlyRejectMismatch", SSL_TEST_SERVERNAME_EARLY_REJECT_MISMATCH},
-    {"EarlyNoV12", SSL_TEST_SERVERNAME_EARLY_NO_V12},
+    {"ClientHelloIgnoreMismatch",
+     SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH},
+    {"ClientHelloRejectMismatch",
+     SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH},
+    {"ClientHelloNoV12", SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12},
 };
 
 __owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf,
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h
index ebeddde..5eff75c 100644
--- a/test/ssl_test_ctx.h
+++ b/test/ssl_test_ctx.h
@@ -39,9 +39,9 @@ typedef enum {
     SSL_TEST_SERVERNAME_CB_NONE = 0,  /* Default */
     SSL_TEST_SERVERNAME_IGNORE_MISMATCH,
     SSL_TEST_SERVERNAME_REJECT_MISMATCH,
-    SSL_TEST_SERVERNAME_EARLY_IGNORE_MISMATCH,
-    SSL_TEST_SERVERNAME_EARLY_REJECT_MISMATCH,
-    SSL_TEST_SERVERNAME_EARLY_NO_V12
+    SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH,
+    SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH,
+    SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12
 } ssl_servername_callback_t;
 
 typedef enum {
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 858f28b..5299d57 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -401,7 +401,7 @@ end:
 #endif
 
 #ifndef OPENSSL_NO_TLS1_2
-static int full_early_callback(SSL *s, int *al, void *arg)
+static int full_client_hello_callback(SSL *s, int *al, void *arg)
 {
     int *ctr = arg;
     const unsigned char *p;
@@ -422,26 +422,27 @@ static int full_early_callback(SSL *s, int *al, void *arg)
 
     /* Make sure we can defer processing and get called back. */
     if ((*ctr)++ == 0)
-        return -1;
+        return SSL_CLIENT_HELLO_RETRY;
 
-    len = SSL_early_get0_ciphers(s, &p);
+    len = SSL_client_hello_get0_ciphers(s, &p);
     if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers))
-            || !TEST_size_t_eq(SSL_early_get0_compression_methods(s, &p), 1)
+            || !TEST_size_t_eq(
+                       SSL_client_hello_get0_compression_methods(s, &p), 1)
             || !TEST_int_eq(*p, 0))
-        return 0;
-    if (!SSL_early_get1_extensions_present(s, &exts, &len))
-        return 0;
+        return SSL_CLIENT_HELLO_ERROR;
+    if (!SSL_client_hello_get1_extensions_present(s, &exts, &len))
+        return SSL_CLIENT_HELLO_ERROR;
     if (len != OSSL_NELEM(expected_extensions) ||
         memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
-        printf("Early callback expected ClientHello extensions mismatch\n");
+        printf("ClientHello callback expected extensions mismatch\n");
         OPENSSL_free(exts);
-        return 0;
+        return SSL_CLIENT_HELLO_ERROR;
     }
     OPENSSL_free(exts);
-    return 1;
+    return SSL_CLIENT_HELLO_SUCCESS;
 }
 
-static int test_early_cb(void)
+static int test_client_hello_cb(void)
 {
     SSL_CTX *cctx = NULL, *sctx = NULL;
     SSL *clientssl = NULL, *serverssl = NULL;
@@ -451,7 +452,7 @@ static int test_early_cb(void)
                                        TLS_client_method(), &sctx,
                                        &cctx, cert, privkey)))
         goto end;
-    SSL_CTX_set_early_cb(sctx, full_early_callback, &testctr);
+    SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr);
 
     /* The gimpy cipher list we configure can't do TLS 1.3. */
     SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
@@ -461,12 +462,13 @@ static int test_early_cb(void)
             || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
                                              &clientssl, NULL, NULL))
             || !TEST_false(create_ssl_connection(serverssl, clientssl,
-                                                 SSL_ERROR_WANT_EARLY))
+                        SSL_ERROR_WANT_CLIENT_HELLO_CB))
                 /*
                  * Passing a -1 literal is a hack since
                  * the real value was lost.
                  * */
-            || !TEST_int_eq(SSL_get_error(serverssl, -1), SSL_ERROR_WANT_EARLY)
+            || !TEST_int_eq(SSL_get_error(serverssl, -1),
+                            SSL_ERROR_WANT_CLIENT_HELLO_CB)
             || !TEST_true(create_ssl_connection(serverssl, clientssl,
                                                 SSL_ERROR_NONE)))
         goto end;
@@ -3123,7 +3125,7 @@ int setup_tests(void)
     ADD_TEST(test_keylog_no_master_key);
 #endif
 #ifndef OPENSSL_NO_TLS1_2
-    ADD_TEST(test_early_cb);
+    ADD_TEST(test_client_hello_cb);
 #endif
 #ifndef OPENSSL_NO_TLS1_3
     ADD_ALL_TESTS(test_early_data_read_write, 3);
diff --git a/util/libssl.num b/util/libssl.num
index efbd079..1d8f8ab 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -416,14 +416,14 @@ SSL_get_peer_signature_type_nid         416	1_1_1	EXIST::FUNCTION:
 SSL_key_update                          417	1_1_1	EXIST::FUNCTION:
 SSL_get_key_update_type                 418	1_1_1	EXIST::FUNCTION:
 SSL_bytes_to_cipher_list                419	1_1_1	EXIST::FUNCTION:
-SSL_early_get0_compression_methods      420	1_1_1	EXIST::FUNCTION:
-SSL_early_get0_ciphers                  421	1_1_1	EXIST::FUNCTION:
-SSL_early_get0_ext                      422	1_1_1	EXIST::FUNCTION:
-SSL_early_get0_session_id               423	1_1_1	EXIST::FUNCTION:
-SSL_early_get0_random                   424	1_1_1	EXIST::FUNCTION:
-SSL_CTX_set_early_cb                    425	1_1_1	EXIST::FUNCTION:
-SSL_early_get0_legacy_version           426	1_1_1	EXIST::FUNCTION:
-SSL_early_isv2                          427	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_compression_methods 420	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_ciphers           421	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_ext               422	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_session_id        423	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_random            424	1_1_1	EXIST::FUNCTION:
+SSL_CTX_set_client_hello_cb             425	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get0_legacy_version    426	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_isv2                   427	1_1_1	EXIST::FUNCTION:
 SSL_set_max_early_data                  428	1_1_1	EXIST::FUNCTION:
 SSL_CTX_set_max_early_data              429	1_1_1	EXIST::FUNCTION:
 SSL_get_max_early_data                  430	1_1_1	EXIST::FUNCTION:
@@ -450,7 +450,7 @@ SSL_set_block_padding                   450	1_1_1	EXIST::FUNCTION:
 SSL_set_record_padding_callback_arg     451	1_1_1	EXIST::FUNCTION:
 SSL_CTX_set_record_padding_callback_arg 452	1_1_1	EXIST::FUNCTION:
 SSL_CTX_use_serverinfo_ex               453	1_1_1	EXIST::FUNCTION:
-SSL_early_get1_extensions_present       454	1_1_1	EXIST::FUNCTION:
+SSL_client_hello_get1_extensions_present 454	1_1_1	EXIST::FUNCTION:
 SSL_set_psk_find_session_callback       455	1_1_1	EXIST::FUNCTION:
 SSL_set_psk_use_session_callback        456	1_1_1	EXIST::FUNCTION:
 SSL_CTX_set_psk_use_session_callback    457	1_1_1	EXIST::FUNCTION:
diff --git a/util/private.num b/util/private.num
index 242de12..d705613 100644
--- a/util/private.num
+++ b/util/private.num
@@ -36,7 +36,7 @@ OSSL_STORE_open_fn                      datatype
 OSSL_STORE_post_process_info_fn         datatype
 RAND_poll_cb                            datatype
 SSL_CTX_keylog_cb_func                  datatype
-SSL_early_cb_fn                         datatype
+SSL_client_hello_cb_fn                  datatype
 SSL_psk_client_cb_func                  datatype
 SSL_psk_find_session_cb_func            datatype
 SSL_psk_server_cb_func                  datatype
@@ -349,7 +349,7 @@ SSL_set_tlsext_status_type              define
 SSL_set_tmp_dh                          define
 SSL_want_async                          define
 SSL_want_async_job                      define
-SSL_want_early                          define
+SSL_want_client_hello_cb                define
 SSL_want_nothing                        define
 SSL_want_read                           define
 SSL_want_write                          define


More information about the openssl-commits mailing list