eCos Customization

The eCos port of OpenSSL contains a number of customizations to adapt OpenSSL to the eCos environment.

Random Number Support

To function correctly, OpenSSL requires a source of cryptographically strong random numbers. These are usually sourced either from operating system level entropy gathering or from a hardware random number generator. At present eCos does not have any entropy gathering mechanism so the only viable source is a hardware RNG. Without entropy gathering or hardware RNG use, some forms of encrypted data may be more vulnerable to attack. Contact eCosCentric if a solution is required for this.

OpenSSL gathers random numbers by calling RAND_poll() when necessary. This function is responsible for calling RAND_add() to mix new random data into OpenSSL's PRNG state. Application code can also call RAND_add() directly to add entropy from any source.

The source file src/ecos/rand_ecos.c contains an implementation of RAND_poll() that adds data from a static table whenever called. This is clearly not cryptographically strong, since the same random data will be added each time an application starts. This implementation is adequate for testing the library only and should not be used for real applications. The eCos port of OpenSSL does not automatically use a hardware RNG if present, and so application code is responsible for calling RAND_add() to incorporate random entropy from a hardware RNG into OpenSSL's PRNG.

BIO_diag

OpenSSL implements a general purpose data source/sink/filter object called a BIO. These may be attached to various sources and sinks such as C library FILEs, file descriptors and sockets. Many functions that need to output messages take a pointer to a BIO as an argument, which is typically attached to stdout or stderr. In certain eCos configurations these streams are not present, but we still want to use these functions and supply a BIO for output.

eCos implements a new BIO type, BIO_diag which outputs any data on the eCos diagnostic channel. It can be created using the new function BIO *BIO_new_diag(void), and can subsequently be used in place of any other output-only BIO. It may be freed in the usual way with BIO_free().

2017-02-09
Documentation license for this page: eCosPro License