From b061035e66c8d0888220c05cd5333abd107cc243 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Mon, 21 Sep 2020 14:30:49 -0700
Subject: bearssl: Enable getentropy seeder and disable rdrand

Currently, getentropy is only autodetected on glibc. However, even
when enabled, bearssl prefers rdrand if available.

Since the kernel uses a variety of sources for its entropy pool
(including rdrand if enabled) and rdrand is buggy on some CPUs,
prefer getentropy in bearssl.
---
 pkg/bearssl/gen.lua | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'pkg/bearssl/gen.lua')

diff --git a/pkg/bearssl/gen.lua b/pkg/bearssl/gen.lua
index c49ffefb..8de1f722 100644
--- a/pkg/bearssl/gen.lua
+++ b/pkg/bearssl/gen.lua
@@ -2,6 +2,8 @@ cflags{
 	'-Wall',
 	'-I $srcdir/src',
 	'-I $srcdir/inc',
+	'-D BR_RDRAND=0',
+	'-D BR_USE_GETENTROPY',
 }
 
 pkg.hdrs = copy('$outdir/include', '$srcdir/inc', {
-- 
cgit v1.2.3