From 2a84424a35e6c7d39174ce876e913f931240e556 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Mon, 24 Jun 2013 13:01:53 +0200
Subject: [PATCH] Disabled the HAVEGE random generator by default

Rationale: The HAVEGE random generator has too many caveats to be a
standard generator that people rely on. The HAVEGE random generator is not
suitable for virtualized environments. In addition the HAVEGE random
generator is dependent on timing and specific processor traits that
cannot be guaranteed by default on compile time.

Our advice: only use HAVEGE as an additional random source for your
entropy pool, never as your primary source.
(cherry picked from commit 08f06cf49f3e71258bc1a9350de1c297f22e4ec9)
---
 include/polarssl/config.h | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 65be2bd00..386965432 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -774,14 +774,23 @@
  *
  * Enable the HAVEGE random generator.
  *
+ * Warning: the HAVEGE random generator is not suitable for virtualized
+ *          environments
+ *
+ * Warning: the HAVEGE random generator is dependent on timing and specific
+ *          processor traits. It is therefore not advised to use HAVEGE as
+ *          your applications primary random generator or primary entropy pool
+ *          input. As a secondary input to your entropy pool, it IS able add
+ *          the (limited) extra entropy it provides.
+ *
  * Module:  library/havege.c
  * Caller:
  *
  * Requires: POLARSSL_TIMING_C
  *
- * This module enables the HAVEGE random number generator.
- */
+ * Uncomment to enable the HAVEGE random generator.
 #define POLARSSL_HAVEGE_C
+ */
 
 /**
  * \def POLARSSL_MD_C