commit: b061035e66c8d0888220c05cd5333abd107cc243
parent 530cd49c73ecdec161269b62e85b3d60e301b301
Author: Michael Forney <mforney@mforney.org>
Date: Mon, 21 Sep 2020 14:30:49 -0700
bearssl: Enable getentropy seeder and disable rdrand
Currently, getentropy is only autodetected on glibc. However, even
when enabled, bearssl prefers rdrand if available.
Since the kernel uses a variety of sources for its entropy pool
(including rdrand if enabled) and rdrand is buggy on some CPUs,
prefer getentropy in bearssl.
Diffstat:
1 file changed, 2 insertions(+), 0 deletions(-)
diff --git a/pkg/bearssl/gen.lua b/pkg/bearssl/gen.lua
@@ -2,6 +2,8 @@ cflags{
'-Wall',
'-I $srcdir/src',
'-I $srcdir/inc',
+ '-D BR_RDRAND=0',
+ '-D BR_USE_GETENTROPY',
}
pkg.hdrs = copy('$outdir/include', '$srcdir/inc', {
