diff --git a/include/openssl/bytestring.h b/include/openssl/bytestring.h
index a09b49c1..66f62046 100644
--- a/include/openssl/bytestring.h
+++ b/include/openssl/bytestring.h
@@ -17,6 +17,8 @@
 
 #include <openssl/base.h>
 
+#include <openssl/span.h>
+
 #if defined(__cplusplus)
 extern "C" {
 #endif
@@ -37,6 +39,13 @@ extern "C" {
 struct cbs_st {
   const uint8_t *data;
   size_t len;
+
+#if !defined(BORINGSSL_NO_CXX)
+  // Allow implicit conversions to bssl::Span<const uint8_t>.
+  operator bssl::Span<const uint8_t>() const {
+    return bssl::MakeConstSpan(data, len);
+  }
+#endif
 };
 
 // CBS_init sets |cbs| to point to |data|. It does not take ownership of
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index 722b8359..002e5bb2 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -1180,9 +1180,7 @@ static enum ssl_hs_wait_t do_read_client_key_exchange(SSL_HANDSHAKE *hs) {
 
     // Compute the premaster.
     uint8_t alert = SSL_AD_DECODE_ERROR;
-    if (!hs->key_share->Finish(
-            &premaster_secret, &alert,
-            MakeConstSpan(CBS_data(&peer_key), CBS_len(&peer_key)))) {
+    if (!hs->key_share->Finish(&premaster_secret, &alert, peer_key)) {
       ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
       return ssl_hs_error;
     }
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 32311ff6..63015054 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -2174,9 +2174,7 @@ int ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
     return 0;
   }
 
-  if (!hs->key_share->Finish(
-          out_secret, out_alert,
-          MakeConstSpan(CBS_data(&peer_key), CBS_len(&peer_key)))) {
+  if (!hs->key_share->Finish(out_secret, out_alert, peer_key)) {
     *out_alert = SSL_AD_INTERNAL_ERROR;
     return 0;
   }
@@ -2238,10 +2236,9 @@ int ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
   Array<uint8_t> secret;
   ScopedCBB public_key;
   UniquePtr<SSLKeyShare> key_share = SSLKeyShare::Create(group_id);
-  if (!key_share || !CBB_init(public_key.get(), 32) ||
-      !key_share->Accept(
-          public_key.get(), &secret, out_alert,
-          MakeConstSpan(CBS_data(&peer_key), CBS_len(&peer_key))) ||
+  if (!key_share ||
+      !CBB_init(public_key.get(), 32) ||
+      !key_share->Accept(public_key.get(), &secret, out_alert, peer_key) ||
       !CBB_finish(public_key.get(), &hs->ecdh_public_key,
                   &hs->ecdh_public_key_len)) {
     *out_alert = SSL_AD_ILLEGAL_PARAMETER;