On 4/30/2013 6:14 PM, bwhughe wrote:
I am needing to add PCI/DSS compliance to an existing OS/2 program.
I saw the OpenSSL project and thought it meet the requirements but I am unable
to get it to work.
My current code base is based on 'C' using VACPP 3.6.5 compiler.
I used both IMPLIB and ILIB /gi to generate library files I could link against
( I tried linking libraries created by both IMPLIB and ILIB but it
made no difference in program execution).
IMPLIB CRYPTSSL.LIB CRYPTSSL.DLL
ILIB /gi CRYPTSSL.DLL CRYPTSSL.LIB
Using OpenSSL 0.9.8y I was able to compile a sample program but when running
it in the debugger the call PEM_read_RSA_PUBKEY() would trap in EMXLIBCM.DLL
(I believe I have the latest version 193603 bytes). I then tried linking
against OpenSSL 1.0.0k which does not use EMX (at least according to CHKDLL32)
and it fails when linking because it cannot find 12 function references one of
which is PEM_read_RSS_PUBKEY() even though the .DEF files show entries for that
function.
error LNK2029: "PEM_read_RSA_PUBKEY" : unresolved external.
error LNK2029: "ERR_print_errors_fp" : unresolved external
error LNK2029: "EVP_CIPHER_iv_length" : unresolved external
error LNK2029: "EVP_CIPHER_CTX_init" : unresolved external
error LNK2029: "EVP_SealInit" : unresolved external
error LNK2029: "EVP_PKEY_new" : unresolved external
error LNK2029: "EVP_SealFinal" : unresolved external
error LNK2029: "EVP_PKEY_free" : unresolved external
error LNK2029: "EVP_PKEY_SIZE" : unresolved external
error LNK2029: "EVP_aes_128_cbc" : unresolved external
error LNK2029: "EVP_PKEY_assign" : unresolved external
error LNK2029: "EVP_EncryptUpdate" : unresolved external
For OpenSSL 0.9.8y I linked with CRYPTSSL.LIB and/or OPEN_SSL.LIB.
The program linked and compiled but trapped in EMXLIBCM.DLL.
I used ILIB /gd: to create .DEF files in order to create a list of functions
to determine what is in the DLL's.
For OpenSSL 1.0.0k I tried linking with KCRYPT10.LIB, KCRPT410.LIB,
KSSL10.LIB and KSSL410.LIB.
I was never clear on whether EMX DLL's or .a (obj's) files could be used
with programs outside of the EMX environment (i.e. not compiled using gcc).
I was encouraged to see that OpenSSL 1.0.0k did not use EMX DLL'S but again,
I cannot get the program to link due to unresolved externals.
Any help or direction would be greatly appreciated.
1. Make sure you don't confuse 16 and 32 bit DLLs, since I am not sure
if the OpenSSL libraries contain the extra "magic" to handle pointer
type mixing (I have not looked at OS/2 for a long time, so I am not sure
how much is needed to make address mapping between 16 and 32 bit DLLs
work on OS/2).
2. For PCI/DSS compliance, you absolutely need the latest OpenSSL
version from OpenSSL.org, even if you have to compile it yourself, I
see that the DLL versions you mention are up to date, good.
3. You must compile your application with OpenSSL headers that exactly
match the DLL version.
4. Make sure the DLLs and your application are both compiled to export
undecorated function names.
5. Make sure the DLLs and your application are both compiled with the
same calling convention.
6. On most platforms, OpenSSL is compiled to TWO DLLS, one with a name
that includes the letters CRYPT and one with a name that includes the
letters SSL
7. If you pass FILE* "handles" or emulated POSIX handles between your
application and OpenSSL, make sure they are both compiled against the
same C runtime library in DLL form, because those types refer to
internal tables in the C runtime on OS/2, PC-DOS and Windows.
8. If your application and the OpenSSL DLL are compiled against
different C runtime libraries and/or linked statically to their own
copies of the C runtime, make sure anything allocated by OpenSSL
is freed by OpenSSL and anything not allocated by OpenSSL is not
freed by OpenSSL.
9. Rules 7 and 8 go away if you link statically to static OpenSSL
libraries, so the OpenSSL code goes inside your own application
EXE or Application DLL.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
