crypto: don't build hardware engines

Compile out hardware engines. Most are stubs that dynamically load the real driver but that poses a security liability when an attacker is able to create a malicious DLL in one of the default search paths. PR-URL: nodejs-private/node-private#70 Reviewed-By: James Snell <[email protected]> Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Joao Reis <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
nodejs · Sep 27, 2016 · c214e88 · c214e88
1 parent 93b10fb
commit c214e88
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/deps/openssl/openssl.gypi b/deps/openssl/openssl.gypi
@@ -1260,6 +1260,11 @@
       # Microsoft's IIS, which seems to be ignoring whole ClientHello after
       # seeing this extension.
       'OPENSSL_NO_HEARTBEATS',
+
+      # Compile out hardware engines.  Most are stubs that dynamically load
+      # the real driver but that poses a security liability when an attacker
+      # is able to create a malicious DLL in one of the default search paths.
+      'OPENSSL_NO_HW',
     ],
     'openssl_default_defines_win': [
       'MK1MF_BUILD',