diff options
| -rw-r--r-- | deps/openssl/openssl.gypi | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/deps/openssl/openssl.gypi b/deps/openssl/openssl.gypi index 73aff917d7..3620e45c41 100644 --- a/deps/openssl/openssl.gypi +++ b/deps/openssl/openssl.gypi @@ -1244,10 +1244,14 @@ 'openssl/include', ], 'openssl_default_defines_all': [ - # No clue what these are for. - 'PURIFY', '_REENTRANT', + # PURIFY makes OpenSSL zero out some buffers. It also stops RAND_bytes() + # from using the existing contents of the destination buffer as a source + # of entropy, which according to some papers, is a possible attack vector + # for reducing the overall entropy. + 'PURIFY', + # Compression is not used and considered insecure (CRIME.) 'OPENSSL_NO_COMP', |