The eCos port of OpenSSL contains a number of customizations to adapt OpenSSL to the eCos environment.
To function correctly, OpenSSL requires a source of cryptographically strong random numbers. These are usually sourced either from operating system level entropy gathering or from a hardware random number generator. At present eCos does not have any entropy gathering mechanism so the only viable source is a hardware RNG. Without entropy gathering or hardware RNG use, some forms of encrypted data may be more vulnerable to attack. Contact eCosCentric if a solution is required for this.
OpenSSL gathers random numbers by calling
RAND_poll() when necessary. This function is
to mix new random data into OpenSSL's PRNG state. Application code can also
RAND_add() directly to add entropy from any
The source file src/ecos/rand_ecos.c contains
an implementation of
RAND_poll() that adds
data from a static table whenever called. This is clearly not
cryptographically strong, since the same random data will be added
each time an application starts. This implementation is adequate
for testing the library only and should not be used for real
applications. The eCos port of OpenSSL does not automatically
use a hardware RNG if present, and so application code is
responsible for calling
to incorporate random entropy from a hardware RNG into OpenSSL's PRNG.
OpenSSL implements a general purpose data source/sink/filter object called a BIO. These may be attached to various sources and sinks such as C library FILEs, file descriptors and sockets. Many functions that need to output messages take a pointer to a BIO as an argument, which is typically attached to stdout or stderr. In certain eCos configurations these streams are not present, but we still want to use these functions and supply a BIO for output.
eCos implements a new BIO type,
BIO_diag which outputs any data on the eCos
diagnostic channel. It can be created using the new function
BIO *BIO_new_diag(void), and can subsequently
be used in place of any other output-only
BIO. It may be freed in the usual way with