[cratermoon]

LibreSSL does that because the FAIL_INSTEAD_OF_TRYING_FALLBACK is off by default, but the source clearly says it's not a good thing: "This code path exists to bring light to the issue that Linux does not provide a failsafe API for entropy collection.".

Incidentally, OSX has nearly the same issue, as does Solaris.

For maximum security, define FAIL_INSTEAD_OF_TRYING_FALLBACK and if there's no reliable entropy source, LibreSSL won't try to use a bad one from the OS.