Skip to content

Commit

Permalink
deps: update comment about PURIFY define
Browse files Browse the repository at this point in the history 
PURIFY makes OpenSSL zero out some buffers.  It also stops RAND_bytes()
from using the existing contents of the destination buffer as a source
of entropy, which according to some papers, is a possible attack vector
for reducing the overall entropy.

PR-URL: #6582
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
@bnoordhuis @evanlucas
bnoordhuis authored and evanlucas committed May 17, 2016
1 parent 477e61d commit 62690aa
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions deps/openssl/openssl.gypi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1244,10 +1244,14 @@
'openssl/include',
],
'openssl_default_defines_all': [
# No clue what these are for.
'PURIFY',
'_REENTRANT',

# PURIFY makes OpenSSL zero out some buffers. It also stops RAND_bytes()
# from using the existing contents of the destination buffer as a source
# of entropy, which according to some papers, is a possible attack vector
# for reducing the overall entropy.
'PURIFY',

# Compression is not used and considered insecure (CRIME.)
'OPENSSL_NO_COMP',

Expand Down

0 comments on commit 62690aa

Please sign in to comment.