crypto: don't build hardware engines

rvagg · rvagg · commit 71e4285e27ad · 2016-09-28T00:11:08.000+10:00
Compile out hardware engines. Most are stubs that dynamically load the real driver but that poses a security liability when an attacker is able to create a malicious DLL in one of the default search paths. Backport of nodejs-private/node-private#58 PR-URL: nodejs-private/node-private#69 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
diff --git a/deps/openssl/openssl.gyp b/deps/openssl/openssl.gyp
@@ -1099,6 +1099,11 @@
       # Microsoft's IIS, which seems to be ignoring whole ClientHello after
       # seeing this extension.
       'OPENSSL_NO_HEARTBEATS',
+
+      # Compile out hardware engines.  Most are stubs that dynamically load
+      # the real driver but that poses a security liability when an attacker
+      # is able to create a malicious DLL in one of the default search paths.
+      'OPENSSL_NO_HW',
     ],
     'direct_dependent_settings': {
       'defines': [
