Disabled the HAVEGE random generator by default

Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.

Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
This commit is contained in:
Paul Bakker 2013-06-06 14:05:26 +02:00
parent e0225e4d7f
commit 08f06cf49f
2 changed files with 14 additions and 2 deletions

View file

@ -1,6 +1,9 @@
PolarSSL ChangeLog
= Branch 1.2
Change
* HAVEGE random generator disabled by default
Bugfix
* Secure renegotiation extension should only be sent in case client
supports secure renegotiation

View file

@ -583,14 +583,23 @@
*
* Enable the HAVEGE random generator.
*
* Warning: the HAVEGE random generator is not suitable for virtualized
* environments
*
* Warning: the HAVEGE random generator is dependent on timing and specific
* processor traits. It is therefore not advised to use HAVEGE as
* your applications primary random generator or primary entropy pool
* input. As a secondary input to your entropy pool, it IS able add
* the (limited) extra entropy it provides.
*
* Module: library/havege.c
* Caller:
*
* Requires: POLARSSL_TIMING_C
*
* This module enables the HAVEGE random number generator.
*/
* Uncomment to enable the HAVEGE random generator.
#define POLARSSL_HAVEGE_C
*/
/**
* \def POLARSSL_MD_C