diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2016-05-04 21:27:18 +0200 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2016-05-05 00:28:52 +0200 |
commit | a4f94b427170bdef44a4c4ba45ff36664fab6597 (patch) | |
tree | 8438ba53e2326216dca32efbf6888cddd8c9b96f /deps/openssl/openssl.gypi | |
parent | f6940dfa4627301bbd1a24530ac3f4fe3fe8494c (diff) | |
download | android-node-v8-a4f94b427170bdef44a4c4ba45ff36664fab6597.tar.gz android-node-v8-a4f94b427170bdef44a4c4ba45ff36664fab6597.tar.bz2 android-node-v8-a4f94b427170bdef44a4c4ba45ff36664fab6597.zip |
deps: update comment about PURIFY define
PURIFY makes OpenSSL zero out some buffers. It also stops RAND_bytes()
from using the existing contents of the destination buffer as a source
of entropy, which according to some papers, is a possible attack vector
for reducing the overall entropy.
PR-URL: https://github.com/nodejs/node/pull/6582
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'deps/openssl/openssl.gypi')
-rw-r--r-- | deps/openssl/openssl.gypi | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/deps/openssl/openssl.gypi b/deps/openssl/openssl.gypi index 73aff917d7..3620e45c41 100644 --- a/deps/openssl/openssl.gypi +++ b/deps/openssl/openssl.gypi @@ -1244,10 +1244,14 @@ 'openssl/include', ], 'openssl_default_defines_all': [ - # No clue what these are for. - 'PURIFY', '_REENTRANT', + # PURIFY makes OpenSSL zero out some buffers. It also stops RAND_bytes() + # from using the existing contents of the destination buffer as a source + # of entropy, which according to some papers, is a possible attack vector + # for reducing the overall entropy. + 'PURIFY', + # Compression is not used and considered insecure (CRIME.) 'OPENSSL_NO_COMP', |