bearssl: Enable getentropy seeder and disable rdrand

Currently, getentropy is only autodetected on glibc. However, even when enabled, bearssl prefers rdrand if available. Since the kernel uses a variety of sources for its entropy pool (including rdrand if enabled) and rdrand is buggy on some CPUs, prefer getentropy in bearssl.
author: Michael Forney <mforney@mforney.org> 2020-09-21 14:30:49 -0700
committer: Michael Forney <mforney@mforney.org> 2020-09-22 15:00:18 -0700
commit: b061035e66c8d0888220c05cd5333abd107cc243 (patch)
tree: 2caa82c994caba700974d3340864134f6a8a2969 /pkg/bearssl/gen.lua
parent: 530cd49c73ecdec161269b62e85b3d60e301b301 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/pkg/bearssl/gen.lua b/pkg/bearssl/gen.lua
index c49ffefb..8de1f722 100644
--- a/pkg/bearssl/gen.lua
+++ b/pkg/bearssl/gen.lua
@@ -2,6 +2,8 @@ cflags{
 	'-Wall',
 	'-I $srcdir/src',
 	'-I $srcdir/inc',
+	'-D BR_RDRAND=0',
+	'-D BR_USE_GETENTROPY',
 }
 
 pkg.hdrs = copy('$outdir/include', '$srcdir/inc', {
author	Michael Forney <mforney@mforney.org>	2020-09-21 14:30:49 -0700
committer	Michael Forney <mforney@mforney.org>	2020-09-22 15:00:18 -0700
commit	b061035e66c8d0888220c05cd5333abd107cc243 (patch)
tree	2caa82c994caba700974d3340864134f6a8a2969 /pkg/bearssl/gen.lua
parent	530cd49c73ecdec161269b62e85b3d60e301b301 (diff)