diff options
author | Rod Vagg <rod@vagg.org> | 2016-09-27 15:33:58 +0300 |
---|---|---|
committer | Rod Vagg <rod@vagg.org> | 2016-09-27 16:38:24 +0300 |
commit | 03f4920d6a8b4ac1d990f7659f2815075c8c896b (patch) | |
tree | f7a3600ada5171d6dcf6e475f78394ec2e78c1f7 | |
parent | fc259c7dc489b82b166e58053fba86ed7707e0ae (diff) |
crypto: don't build hardware engines
Compile out hardware engines.
`ENGINE_load_builtin_engines()` is not called in v0.10 so this does
not represent a known security vulnerability.
Backport of
https://github.com/nodejs/node-private/pull/58
PR-URL: https://github.com/nodejs/node-private/pull/68
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
-rw-r--r-- | deps/openssl/openssl.gyp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/deps/openssl/openssl.gyp b/deps/openssl/openssl.gyp index 58feb474453..462111d5322 100644 --- a/deps/openssl/openssl.gyp +++ b/deps/openssl/openssl.gyp @@ -1099,6 +1099,11 @@ # Microsoft's IIS, which seems to be ignoring whole ClientHello after # seeing this extension. 'OPENSSL_NO_HEARTBEATS', + + # Compile out hardware engines. Most are stubs that dynamically load + # the real driver but that poses a security liability when an attacker + # is able to create a malicious DLL in one of the default search paths. + 'OPENSSL_NO_HW', ], 'direct_dependent_settings': { 'defines': [ |