Fix from 0.9.7-stable.

[oweals/openssl.git] / ssl / ssl_sess.c

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 6ca808331f7708afd612f9e456032fbf8338b85e..2f26593c70087ed1afd9afd41f391c54a40cf4c8 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -118,7 +118,7 @@ SSL_SESSION *SSL_SESSION_new(void)
        ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
        ss->references=1;
        ss->timeout=60*5+4; /* 5 minute timeout by default */
-       ss->time=time(NULL);
+       ss->time=(unsigned long)time(NULL);
        ss->prev=NULL;
        ss->next=NULL;
        ss->compress_meth=0;
@@ -148,7 +148,8 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
 {
        unsigned int retry = 0;
        do
-               RAND_pseudo_bytes(id, *id_len);
+               if (RAND_pseudo_bytes(id, *id_len) <= 0)
+                       return 0;
        while(SSL_has_matching_session_id(ssl, id, *id_len) &&
                (++retry < MAX_SESS_ID_ATTEMPTS));
        if(retry < MAX_SESS_ID_ATTEMPTS)
@@ -388,7 +389,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
        CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
 #endif
 
-       if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
+       if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
                {
                s->ctx->stats.sess_timeout++;
                /* remove it from the cache */