Merge OpenSSL 0.9.8n into head.

This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m)
but not -STABLE branches.

I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD.
This will be investigated further.

Security:	CVE-2010-0433, CVE-2010-0740
Security:	http://www.openssl.org/news/secadv_20100324.txt

2 files changed, 13 insertions, 2 deletions

diff --git a/crypto/openssl/engines/e_capi.c b/crypto/openssl/engines/e_capi.c
index fd7f13c..59b2ab7 100644
--- a/crypto/openssl/engines/e_capi.c
+++ b/crypto/openssl/engines/e_capi.c
@@ -83,6 +83,10 @@
 #define CERT_STORE_CREATE_NEW_FLAG                      0x00002000
 #endif
 
+#ifndef CERT_SYSTEM_STORE_CURRENT_USER
+#define CERT_SYSTEM_STORE_CURRENT_USER			0x00010000
+#endif 
+
 #include <openssl/engine.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
diff --git a/crypto/openssl/engines/e_chil.c b/crypto/openssl/engines/e_chil.c
index e184762..3a07076 100644
--- a/crypto/openssl/engines/e_chil.c
+++ b/crypto/openssl/engines/e_chil.c
@@ -1204,6 +1204,11 @@ static int hwcrhk_get_pass(const char *prompt_info,
 	pem_password_cb *callback = NULL;
 	void *callback_data = NULL;
         UI_METHOD *ui_method = NULL;
+	/* Despite what the documentation says prompt_info can be
+	 * an empty string.
+	 */
+	if (prompt_info && !*prompt_info)
+		prompt_info = NULL;
 
         if (cactx)
                 {
@@ -1305,8 +1310,10 @@ static int hwcrhk_insert_card(const char *prompt_info,
 		{
 		char answer;
 		char buf[BUFSIZ];
-
-		if (wrong_info)
+		/* Despite what the documentation says wrong_info can be
+	 	 * an empty string.
+		 */
+		if (wrong_info && *wrong_info)
 			BIO_snprintf(buf, sizeof(buf)-1,
 				"Current card: \"%s\"\n", wrong_info);
 		ok = UI_dup_info_string(ui, buf);