Use ssl_get_new_session() in the TLSv1.3 server.

This correctly handles session being non-NULL and sets up a few more
things, including ssl_version. Also stop setting the ssl_version to the
server_version, as this is only used on the client side.

ok tb@

1 files changed, 3 insertions, 4 deletions

diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index 9616f392e1a..1c286f573e2 100644
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.43 2020/05/10 17:13:30 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.44 2020/05/11 17:23:35 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -34,10 +34,10 @@ tls13_server_init(struct tls13_ctx *ctx)
 	}
 	s->version = ctx->hs->max_version;
 
-	if (!tls1_transcript_init(s))
+	if (!ssl_get_new_session(s, 0)) /* XXX */
 		return 0;
 
-	if ((s->session = SSL_SESSION_new()) == NULL)
+	if (!tls1_transcript_init(s))
 		return 0;
 
 	arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
@@ -262,7 +262,6 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx)
 		goto err;
 
 	s->session->cipher = S3I(s)->hs.new_cipher;
-	s->session->ssl_version = ctx->hs->server_version;
 
 	if ((ctx->aead = tls13_cipher_aead(S3I(s)->hs.new_cipher)) == NULL)
 		goto err;