diff options
author | simon <simon@FreeBSD.org> | 2010-04-01 15:19:51 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2010-04-01 15:19:51 +0000 |
commit | 2176e0cd52d68263d3d2ff39461442b734360fe1 (patch) | |
tree | 9b9ed316e70ff8c7ea71526ab69ab131960e8b72 /crypto/openssl/engines | |
parent | 348853b7ae1be0b9abbde8c1b0ad8dcb786a2cb7 (diff) | |
download | FreeBSD-src-2176e0cd52d68263d3d2ff39461442b734360fe1.zip FreeBSD-src-2176e0cd52d68263d3d2ff39461442b734360fe1.tar.gz |
Merge OpenSSL 0.9.8n into head.
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m)
but not -STABLE branches.
I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD.
This will be investigated further.
Security: CVE-2010-0433, CVE-2010-0740
Security: http://www.openssl.org/news/secadv_20100324.txt
Diffstat (limited to 'crypto/openssl/engines')
-rw-r--r-- | crypto/openssl/engines/e_capi.c | 4 | ||||
-rw-r--r-- | crypto/openssl/engines/e_chil.c | 11 |
2 files changed, 13 insertions, 2 deletions
diff --git a/crypto/openssl/engines/e_capi.c b/crypto/openssl/engines/e_capi.c index fd7f13c..59b2ab7 100644 --- a/crypto/openssl/engines/e_capi.c +++ b/crypto/openssl/engines/e_capi.c @@ -83,6 +83,10 @@ #define CERT_STORE_CREATE_NEW_FLAG 0x00002000 #endif +#ifndef CERT_SYSTEM_STORE_CURRENT_USER +#define CERT_SYSTEM_STORE_CURRENT_USER 0x00010000 +#endif + #include <openssl/engine.h> #include <openssl/pem.h> #include <openssl/x509v3.h> diff --git a/crypto/openssl/engines/e_chil.c b/crypto/openssl/engines/e_chil.c index e184762..3a07076 100644 --- a/crypto/openssl/engines/e_chil.c +++ b/crypto/openssl/engines/e_chil.c @@ -1204,6 +1204,11 @@ static int hwcrhk_get_pass(const char *prompt_info, pem_password_cb *callback = NULL; void *callback_data = NULL; UI_METHOD *ui_method = NULL; + /* Despite what the documentation says prompt_info can be + * an empty string. + */ + if (prompt_info && !*prompt_info) + prompt_info = NULL; if (cactx) { @@ -1305,8 +1310,10 @@ static int hwcrhk_insert_card(const char *prompt_info, { char answer; char buf[BUFSIZ]; - - if (wrong_info) + /* Despite what the documentation says wrong_info can be + * an empty string. + */ + if (wrong_info && *wrong_info) BIO_snprintf(buf, sizeof(buf)-1, "Current card: \"%s\"\n", wrong_info); ok = UI_dup_info_string(ui, buf); |