Pass explicit parameters elsewhere. The remaining direct accesses are in functions which expect to be called in and out of the handshake. Accordingly, they are NULL-checked. Change-Id: I07a7de6bdca7b6f8d09e22da11b8863ebf41389a Reviewed-on: https://boringssl-review.googlesource.com/12343 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index a452d32..ad75d22 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c

@@ -449,7 +449,8 @@
   return CRYPTO_get_ex_data(&session->ex_data, idx);
 }
 
-int ssl_get_new_session(SSL *ssl, int is_server) {
+int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
+  SSL *const ssl = hs->ssl;
   if (ssl->mode & SSL_MODE_NO_SESSION_CREATION) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_SESSION_MAY_NOT_BE_CREATED);
     return 0;
@@ -470,7 +471,7 @@
   session->ssl_version = ssl->version;
 
   if (is_server) {
-    if (ssl->s3->hs->ticket_expected) {
+    if (hs->ticket_expected) {
       /* Don't set session IDs for sessions resumed with tickets. This will keep
        * them out of the session cache. */
       session->session_id_length = 0;