Use ssl_get_new_session() in the TLSv1.3 server.

This correctly handles session being non-NULL and sets up a few more
things, including ssl_version. Also stop setting the ssl_version to the
server_version, as this is only used on the client side.

ok tb@

1 files changed, 3 insertions, 4 deletions

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 9616f392e1..1c286f573e 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.43 2020/05/10 17:13:30 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.44 2020/05/11 17:23:35 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -34,10 +34,10 @@ tls13_server_init(struct tls13_ctx *ctx)
         }
         s->version = ctx->hs->max_version;
 
-        if (!tls1_transcript_init(s))
+        if (!ssl_get_new_session(s, 0)) /* XXX */
                 return 0;
 
-        if ((s->session = SSL_SESSION_new()) == NULL)
+        if (!tls1_transcript_init(s))
                 return 0;
 
         arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
@@ -262,7 +262,6 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx)
                 goto err;
 
         s->session->cipher = S3I(s)->hs.new_cipher;
-        s->session->ssl_version = ctx->hs->server_version;
 
         if ((ctx->aead = tls13_cipher_aead(S3I(s)->hs.new_cipher)) == NULL)
                 goto err;