Chapter 179. eCos port
The goal for the
CYGPKG_MBEDTLS package is to avoid
where possible having to have any core Mbed TLS source file changes
made specifically for eCos. This is to ensure that re-imports of newer
versions of the Mbed TLS world involve minimal effort. The files are
as provided in the official Mbed TLS release package as imported, with
the following exceptions:
- Files have been moved, unmodified, to create a standard eCos package tree structure to integrate with the eCosPro build environment
include/config.hhave changes to allow compilation as an eCos package
src/ecos_net_sockets.cprovides the internal Mbed TLS network API (as originally provided by
src/net_sockets.c) to support the eCos network stacks (e.g.
tests/selftest.chas been modified with some eCos specific code to allow use in the eCos automated test farm. The core of the selftest functionality is unchanged however
The current Mbed TLS version provided by the eCos package is
2.28 being a Long
Term Support (LTS) release supported until at least 2024Q4). Please
read the package
ChangeLog file for the original
Mbed TLS release notes which are interleaved with the commments
covering eCosCentric changes.
Cryptographic security is dependent on the use of strong keys. Strong keys are dependent on the quality of entropy used in their generation.
The eCosPro port of Mbed TLS provides both a default portable weak entropy mechanism, and the ability to implement a target platform specific mechanism to gather high-quality entropy.
We strongly recommend that you use as high a quality source of entropy
as possible when using Mbed TLS on your target platform. The use of the
generic weak entropy mechanism (provided by
NOT recommended for anything other
than simplifying initial bring-up and testing.
For eCos we define
the configuration (in
since the default Mbed TLS platform entropy implementation is Un*x/Windows
only. The use of
for a link-time entropy source to be provided by the platform support.
Other entropy sources are dynamically added at runtime via the
In the following weak refers to the linker preference when linking an application and not to a weak entropy source.
The Mbed TLS package
src/platform.c source file
provides a weak function definition
mbedtls_hardware_poll() implementation that
we expect the platform support or application code to provide a
cryptographically strong implementation. Ideally such an implementation
will use TRNG (True Random Number Generator) hardware support by the
HAL, variant, architecture, etc. as appropriate.
The function prototype:
int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len, size_t *olen
mbedtls_entropy_add_source()API (in fact the Mbed TLS run-time will add
mbedtls_hardware_poll()automatically via that mechanism).
The callback specific (context data pointer) parameter
data will normally be
NULL for the Mbed TLS registered
references a buffer of at least
bytes to receive random data. The
pointer is filled by the function to report the number of
valid bytes actually written,
and may be 0 (zero) if the function is not able to satisfy the
request for true random data. The function should return 0 to
indicate no errors occurred, or
MBEDTLS_ERR_ENTROPY_SOURCE_FAILED on error.
As an example of a platform specific implementation, the STM32 port of
eCos provides an Mbed TLS entropy source based on the STM32's
|2022-03-29||Apache 2.0 License|