From 6023ba114ae2d777452e7a835c57c5b0b0ff1c2c Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Thu, 8 Sep 2016 21:52:20 +0200 Subject: [PATCH] crypto: don't build hardware engines Compile out hardware engines. Most are stubs that dynamically load the real driver but that poses a security liability when an attacker is able to create a malicious DLL in one of the default search paths. PR-URL: https://github.com/nodejs/node-private/pull/73 Reviewed-By: Rod Vagg Reviewed-By: Fedor Indutny --- deps/openssl/openssl.gypi | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deps/openssl/openssl.gypi b/deps/openssl/openssl.gypi index 3620e45c41..871cec0c7e 100644 --- a/deps/openssl/openssl.gypi +++ b/deps/openssl/openssl.gypi @@ -1263,6 +1263,11 @@ # Microsoft's IIS, which seems to be ignoring whole ClientHello after # seeing this extension. 'OPENSSL_NO_HEARTBEATS', + + # Compile out hardware engines. Most are stubs that dynamically load + # the real driver but that poses a security liability when an attacker + # is able to create a malicious DLL in one of the default search paths. + 'OPENSSL_NO_HW', ], 'openssl_default_defines_win': [ 'MK1MF_BUILD',