Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms

and SafeDllSearchMode in Windows.

Submitted by: Richard Levitte

Makefile.org

@@ -402,20 +402,9 @@ dclean:
 
 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \
+	@(OPENSSL="`pwd`/util/opensslwrap.sh"; \
+	  OPENSSL_DEBUG_MEMORY=on; \
 	  export OPENSSL OPENSSL_DEBUG_MEMORY; \
-	  if [ -n "$(SHARED_LIBS)" ]; then \
-	    LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
-	    DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
-	    SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
-	    LIBPATH="`pwd`:$$LIBPATH"; \
-	    if [ "$(PLATFORM)" = "Cygwin" ]; then \
-	      PATH="`pwd`:$$PATH"; \
-	    fi; \
-	    LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
-	    export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
-	    export LD_PRELOAD; \
-	  fi; \
 	  $(PERL) tools/c_rehash certs)
 	touch rehash.time
 
@@ -423,18 +412,8 @@ test:   tests
 
 tests: rehash
 	@(cd test && echo "testing..." && \
-	$(MAKE) $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
-	@if [ -n "$(SHARED_LIBS)" ]; then \
-	  LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
-	  DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
-	  SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
-	  LIBPATH="`pwd`:$$LIBPATH"; \
-	  if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
-	  LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
-	  export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
-	  export LD_PRELOAD; \
-	fi; \
-	apps/openssl version -a
+	$(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+	util/opensslwrap.sh version -a
 
 report:
 	@$(PERL) util/selftest.pl

apps/CA.pl.in

@@ -36,14 +36,22 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
+my $openssl;
+if(defined $ENV{OPENSSL}) {
+	$openssl = $ENV{OPENSSL};
+} else {
+	$openssl = "openssl";
+	$ENV{OPENSSL} = $openssl;
+}
+
 $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";	# 1 year
 $CADAYS="-days 1095";	# 3 years
-$REQ="openssl req $SSLEAY_CONFIG";
-$CA="openssl ca $SSLEAY_CONFIG";
-$VERIFY="openssl verify";
-$X509="openssl x509";
-$PKCS12="openssl pkcs12";
+$REQ="$openssl req $SSLEAY_CONFIG";
+$CA="$openssl ca $SSLEAY_CONFIG";
+$VERIFY="$openssl verify";
+$X509="$openssl x509";
+$PKCS12="$openssl pkcs12";
 
 $CATOP="./demoCA";
 $CAKEY="cakey.pem";

apps/CA.sh

@@ -30,12 +30,14 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
+if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
+
 DAYS="-days 365"	# 1 year
 CADAYS="-days 1095"	# 3 years
-REQ="openssl req $SSLEAY_CONFIG"
-CA="openssl ca $SSLEAY_CONFIG"
-VERIFY="openssl verify"
-X509="openssl x509"
+REQ="$OPENSSL req $SSLEAY_CONFIG"
+CA="$OPENSSL ca $SSLEAY_CONFIG"
+VERIFY="$OPENSSL verify"
+X509="$OPENSSL x509"
 
 CATOP=./demoCA
 CAKEY=./cakey.pem

apps/Makefile.ssl

@@ -171,20 +171,9 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
 		LIBRPATH=$(INSTALLTOP)/lib \
 		link_app.$${shlib_target}
+	@for i in `ls ../*.dll 2>/dev/null`; do cp -p $$i .; done; exit 0
 	-(cd ..; \
-	  OPENSSL="`pwd`/apps/$(EXE)"; export OPENSSL; \
-	  if [ -n "$(SHARED_LIBS)" ]; then \
-	    LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
-	    DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
-	    SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
-	    LIBPATH="`pwd`:$$LIBPATH"; \
-	    if [ "$(PLATFORM)" = "Cygwin" ]; then \
-	      PATH="`pwd`:$$PATH"; \
-	    fi; \
-	    LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
-	    export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
-	    export LD_PRELOAD; \
-	  fi; \
+	  OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
 	  $(PERL) tools/c_rehash certs)
 
 progs.h: progs.pl

ms/testss.bat

@@ -4,7 +4,7 @@ rem set ssleay=..\out\ssleay
 set ssleay=%1
 
 set reqcmd=%ssleay% req
-set x509cmd=%ssleay% x509
+set x509cmd=%ssleay% x509 -sha1
 set verifycmd=%ssleay% verify
 
 set CAkey=keyCA.ss

test/Makefile.ssl

@@ -131,21 +131,6 @@ tests:	exe apps $(TESTS)
 apps:
 	@(cd ..; $(MAKE) DIRS=apps all)
 
-SET_SO_PATHS=\
-	if [ -n "$(SHARED_LIBS)" ]; then \
-	  OSSL_LIBPATH="`cd ..; pwd`"; \
-	  LD_LIBRARY_PATH="$$OSSL_LIBPATH:$$LD_LIBRARY_PATH"; \
-	  DYLD_LIBRARY_PATH="$$OSSL_LIBPATH:$$DYLD_LIBRARY_PATH"; \
-	  SHLIB_PATH="$$OSSL_LIBPATH:$$SHLIB_PATH"; \
-	  LIBPATH="$$OSSL_LIBPATH:$$LIBPATH"; \
-	  if [ "$(PLATFORM)" = "Cygwin" ]; then \
-	    PATH="$${LIBPATH}:$$PATH"; \
-	  fi; \
-	  LD_PRELOAD="$$OSSL_LIBPATH/libssl.so $$OSSL_LIBPATH/libcrypto.so"; \
-	  export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
-	  export LD_PRELOAD; \
-	fi
-
 alltests: \
 	test_des test_idea test_sha test_md4 test_md5 test_hmac \
 	test_md2 test_mdc2 \
@@ -156,144 +141,144 @@ alltests: \
 	test_ss test_ca test_engine test_evp test_ssl
 
 test_evp:
-	$(SET_SO_PATHS); ./$(EVPTEST) evptests.txt
+	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
 
 test_des:
-	$(SET_SO_PATHS); ./$(DESTEST)
+	../util/shlib_wrap.sh ./$(DESTEST)
 
 test_idea:
-	$(SET_SO_PATHS); ./$(IDEATEST)
+	../util/shlib_wrap.sh ./$(IDEATEST)
 
 test_sha:
-	$(SET_SO_PATHS); ./$(SHATEST)
-	$(SET_SO_PATHS); ./$(SHA1TEST)
-	$(SET_SO_PATHS); ./$(SHA256TEST)
-	$(SET_SO_PATHS); ./$(SHA512TEST)
+	../util/shlib_wrap.sh ./$(SHATEST)
+	../util/shlib_wrap.sh ./$(SHA1TEST)
+	../util/shlib_wrap.sh ./$(SHA256TEST)
+	../util/shlib_wrap.sh ./$(SHA512TEST)
 
 test_mdc2:
-	$(SET_SO_PATHS); ./$(MDC2TEST)
+	../util/shlib_wrap.sh ./$(MDC2TEST)
 
 test_md5:
-	$(SET_SO_PATHS); ./$(MD5TEST)
+	../util/shlib_wrap.sh ./$(MD5TEST)
 
 test_md4:
-	$(SET_SO_PATHS); ./$(MD4TEST)
+	../util/shlib_wrap.sh ./$(MD4TEST)
 
 test_hmac:
-	$(SET_SO_PATHS); ./$(HMACTEST)
+	../util/shlib_wrap.sh ./$(HMACTEST)
 
 test_md2:
-	$(SET_SO_PATHS); ./$(MD2TEST)
+	../util/shlib_wrap.sh ./$(MD2TEST)
 
 test_rmd:
-	$(SET_SO_PATHS); ./$(RMDTEST)
+	../util/shlib_wrap.sh ./$(RMDTEST)
 
 test_bf:
-	$(SET_SO_PATHS); ./$(BFTEST)
+	../util/shlib_wrap.sh ./$(BFTEST)
 
 test_cast:
-	$(SET_SO_PATHS); ./$(CASTTEST)
+	../util/shlib_wrap.sh ./$(CASTTEST)
 
 test_rc2:
-	$(SET_SO_PATHS); ./$(RC2TEST)
+	../util/shlib_wrap.sh ./$(RC2TEST)
 
 test_rc4:
-	$(SET_SO_PATHS); ./$(RC4TEST)
+	../util/shlib_wrap.sh ./$(RC4TEST)
 
 test_rc5:
-	$(SET_SO_PATHS); ./$(RC5TEST)
+	../util/shlib_wrap.sh ./$(RC5TEST)
 
 test_rand:
-	$(SET_SO_PATHS); ./$(RANDTEST)
+	../util/shlib_wrap.sh ./$(RANDTEST)
 
 test_enc:
-	@$(SET_SO_PATHS); sh ./testenc
+	@sh ./testenc
 
 test_x509:
 	echo test normal x509v1 certificate
-	$(SET_SO_PATHS); sh ./tx509 2>/dev/null
+	sh ./tx509 2>/dev/null
 	echo test first x509v3 certificate
-	$(SET_SO_PATHS); sh ./tx509 v3-cert1.pem 2>/dev/null
+	sh ./tx509 v3-cert1.pem 2>/dev/null
 	echo test second x509v3 certificate
-	$(SET_SO_PATHS); sh ./tx509 v3-cert2.pem 2>/dev/null
+	sh ./tx509 v3-cert2.pem 2>/dev/null
 
 test_rsa:
-	@$(SET_SO_PATHS); sh ./trsa 2>/dev/null
-	$(SET_SO_PATHS); ./$(RSATEST)
+	@sh ./trsa 2>/dev/null
+	../util/shlib_wrap.sh ./$(RSATEST)
 
 test_crl:
-	@$(SET_SO_PATHS); sh ./tcrl 2>/dev/null
+	@sh ./tcrl 2>/dev/null
 
 test_sid:
-	@$(SET_SO_PATHS); sh ./tsid 2>/dev/null
+	@sh ./tsid 2>/dev/null
 
 test_req:
-	@$(SET_SO_PATHS); sh ./treq 2>/dev/null
-	@$(SET_SO_PATHS); sh ./treq testreq2.pem 2>/dev/null
+	@sh ./treq 2>/dev/null
+	@sh ./treq testreq2.pem 2>/dev/null
 
 test_pkcs7:
-	@$(SET_SO_PATHS); sh ./tpkcs7 2>/dev/null
-	@$(SET_SO_PATHS); sh ./tpkcs7d 2>/dev/null
+	@sh ./tpkcs7 2>/dev/null
+	@sh ./tpkcs7d 2>/dev/null
 
 test_bn:
 	@echo starting big number library test, could take a while...
-	@$(SET_SO_PATHS); ./$(BNTEST) >tmp.bntest
+	@../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
 	@echo quit >>tmp.bntest
 	@echo "running bc"
 	@<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
 	@echo 'test a^b%c implementations'
-	$(SET_SO_PATHS); ./$(EXPTEST)
+	../util/shlib_wrap.sh ./$(EXPTEST)
 
 test_ec:
 	@echo 'test elliptic curves'
-	$(SET_SO_PATHS); ./$(ECTEST)
+	../util/shlib_wrap.sh ./$(ECTEST)
 
 test_ecdsa:
 	@echo 'test ecdsa'
-	$(SET_SO_PATHS); ./$(ECDSATEST)
+	../util/shlib_wrap.sh ./$(ECDSATEST)
 
 test_ecdh:
 	@echo 'test ecdh'
-	$(SET_SO_PATHS); ./$(ECDHTEST)
+	../util/shlib_wrap.sh ./$(ECDHTEST)
 
 test_verify:
 	@echo "The following command should have some OK's and some failures"
 	@echo "There are definitly a few expired certificates"
-	$(SET_SO_PATHS); ../apps/openssl verify -CApath ../certs ../certs/*.pem
+	../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem
 
 test_dh:
 	@echo "Generate a set of DH parameters"
-	$(SET_SO_PATHS); ./$(DHTEST)
+	../util/shlib_wrap.sh ./$(DHTEST)
 
 test_dsa:
 	@echo "Generate a set of DSA parameters"
-	$(SET_SO_PATHS); ./$(DSATEST)
-	$(SET_SO_PATHS); ./$(DSATEST) -app2_1
+	../util/shlib_wrap.sh ./$(DSATEST)
+	../util/shlib_wrap.sh ./$(DSATEST) -app2_1
 
 test_gen:
 	@echo "Generate and verify a certificate request"
-	@$(SET_SO_PATHS); sh ./testgen
+	@sh ./testgen
 
 test_ss keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
 		intP1.ss intP2.ss: testss
 	@echo "Generate and certify a test certificate"
-	@$(SET_SO_PATHS); sh ./testss
+	@sh ./testss
 	@cat certCA.ss certU.ss > intP1.ss
 	@cat certCA.ss certU.ss certP1.ss > intP2.ss
 
 test_engine: 
 	@echo "Manipulate the ENGINE structures"
-	$(SET_SO_PATHS); ./$(ENGINETEST)
+	../util/shlib_wrap.sh ./$(ENGINETEST)
 
 test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
 		intP1.ss intP2.ss
 	@echo "test SSL protocol"
-	@$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss
-	@$(SET_SO_PATHS); sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
-	@$(SET_SO_PATHS); sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
+	@sh ./testssl keyU.ss certU.ss certCA.ss
+	@sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
+	@sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
 
 test_ca:
-	@$(SET_SO_PATHS); if ../apps/openssl no-rsa; then \
+	@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
 	  echo "skipping CA.sh test -- requires RSA"; \
 	else \
 	  echo "Generate and certify a test certificate via the 'ca' program"; \
@@ -302,7 +287,7 @@ test_ca:
 
 test_aes: #$(AESTEST)
 #	@echo "test Rijndael"
-#	$(SET_SO_PATHS); ./$(AESTEST)
+#	../util/shlib_wrap.sh ./$(AESTEST)
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -859,6 +844,7 @@ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
 		LIBRPATH=$(INSTALLTOP)/lib \
 		link_app.$${shlib_target}
+	@for i in `ls ../*.dll 2>/dev/null`; do cp -p $$i .; done; exit 0
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 

test/tcrl

@@ -1,13 +1,6 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../apps/openssl crl'
+cmd='../util/shlib_wrap.sh ../apps/openssl crl'
 
 if [ "$1"x != "x" ]; then
 	t=$1

test/testca

@@ -2,15 +2,18 @@
 
 SH="/bin/sh"
 if test "$OSTYPE" = msdosdjgpp; then
-    PATH=./apps\;../apps\;$PATH
+    PATH="../apps\;$PATH"
 else
-    PATH=../apps:$PATH
+    PATH="../apps:$PATH"
 fi
 export SH PATH
 
 SSLEAY_CONFIG="-config CAss.cnf"
 export SSLEAY_CONFIG
 
+OPENSSL="`pwd`/../util/opensslwrap.sh"
+export OPENSSL
+
 /bin/rm -fr demoCA
 $SH ../apps/CA.sh -newca <<EOF
 EOF

test/testenc

@@ -2,7 +2,7 @@
 
 testsrc=Makefile.ssl
 test=./p
-cmd=../apps/openssl
+cmd="../util/shlib_wrap.sh ../apps/openssl"
 
 cat $testsrc >$test;
 

test/testgen

@@ -17,7 +17,7 @@ echo "generating certificate request"
 
 echo "string to make the random number generator think it has entropy" >> ./.rnd
 
-if ../apps/openssl no-rsa; then
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
   req_new='-newkey dsa:../apps/dsa512.pem'
 else
   req_new='-new'
@@ -29,13 +29,13 @@ echo "This could take some time."
 
 rm -f testkey.pem testreq.pem
 
-../apps/openssl req -config test.cnf $req_new -out testreq.pem
+../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
 if [ $? != 0 ]; then
 echo problems creating request
 exit 1
 fi
 
-../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
+../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
 if [ $? != 0 ]; then
 echo signature on req is wrong
 exit 1

test/testss

@@ -1,9 +1,9 @@
 #!/bin/sh
 
-digest='-md5'
-reqcmd="../apps/openssl req"
-x509cmd="../apps/openssl x509 $digest"
-verifycmd="../apps/openssl verify"
+digest='-sha1'
+reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
+x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
+verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
 dummycnf="../apps/openssl.cnf"
 
 CAkey="keyCA.ss"
@@ -34,7 +34,7 @@ echo "make a certificate request using 'req'"
 
 echo "string to make the random number generator think it has entropy" >> ./.rnd
 
-if ../apps/openssl no-rsa; then
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
   req_new='-newkey dsa:../apps/dsa512.pem'
 else
   req_new='-new'

test/testssl

@@ -10,9 +10,9 @@ if [ "$2" = "" ]; then
 else
   cert="$2"
 fi
-ssltest="./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
+ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
 
-if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
+if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
   dsa_cert=YES
 else
   dsa_cert=NO
@@ -121,24 +121,24 @@ $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
 
 #############################################################################
 
-if ../apps/openssl no-dh; then
+if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
   echo skipping anonymous DH tests
 else
   echo test tls1 with 1024bit anonymous DH, multiple handshakes
   $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
 fi
 
-if ../apps/openssl no-rsa; then
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
   echo skipping RSA tests
 else
   echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
-  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
+  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
 
-  if ../apps/openssl no-dh; then
+  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
     echo skipping RSA+DHE tests
   else
     echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
-    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
   fi
 fi
 

test/tpkcs7

@@ -1,13 +1,6 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../apps/openssl pkcs7'
+cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
 
 if [ "$1"x != "x" ]; then
 	t=$1

test/tpkcs7d

@@ -1,13 +1,6 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../apps/openssl pkcs7'
+cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
 
 if [ "$1"x != "x" ]; then
 	t=$1

test/treq

@@ -1,13 +1,6 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../apps/openssl req -config ../apps/openssl.cnf'
+cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
 
 if [ "$1"x != "x" ]; then
 	t=$1

test/trsa

@@ -1,18 +1,11 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-if ../apps/openssl no-rsa; then
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
   echo skipping rsa conversion test
   exit 0
 fi
 
-cmd='../apps/openssl rsa'
+cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
 
 if [ "$1"x != "x" ]; then
 	t=$1

test/tsid

@@ -1,13 +1,6 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../apps/openssl sess_id'
+cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
 
 if [ "$1"x != "x" ]; then
 	t=$1

test/tx509

@@ -1,13 +1,6 @@
 #!/bin/sh
 
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH
-else
-    PATH=../apps:$PATH
-fi
-export PATH
-
-cmd='../apps/openssl x509'
+cmd='../util/shlib_wrap.sh ../apps/openssl x509'
 
 if [ "$1"x != "x" ]; then
 	t=$1

util/opensslwrap.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+HERE="`echo $0 | sed -e 's|[^/]*$||'`"
+OPENSSL="${HERE}../apps/openssl"
+
+if [ -x "${OPENSSL}.exe" ]; then
+	# The original reason for this script existence is to work around
+	# certain caveats in run-time linker behaviour. On Windows platforms
+	# adjusting $PATH used to be sufficient, but with introduction of
+	# SafeDllSearchMode in XP/2003 the only way to get it right in
+	# *all* possible situations is to copy newly built .DLLs to apps/
+	# and test/, which is now done elsewhere... The $PATH is adjusted
+	# for backward compatibility (and nostagical reasons:-).
+	if [ "$OSTYPE" != msdosdjgpp ]; then
+		PATH="${HERE}..:$PATH"; export PATH
+	fi
+	exec "${OPENSSL}.exe" "$@"
+elif [ -x "${OPENSSL}" -a -x "${HERE}shlib_wrap.sh" ]; then
+	exec "${HERE}shlib_wrap.sh" "${OPENSSL}" "$@"
+else
+	exec "${OPENSSL}" "$@"	# hope for the best...
+fi

util/shlib_wrap.sh

@@ -0,0 +1,66 @@
+#!/bin/sh
+
+[ $# -ne 0 ] || set -x		# debug mode without arguments:-)
+
+THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.."
+[ -d "${THERE}" ] || exec "$@"	# should never happen...
+
+# Alternative to this is to parse ${THERE}/Makefile...
+LIBCRYPTOSO="${THERE}/libcrypto.so"
+if [ -f "$LIBCRYPTOSO" ]; then
+    while [ -h "$LIBCRYPTOSO" ]; do
+	LIBCRYPTOSO="${THERE}/`ls -l "$LIBCRYPTOSO" | sed -e 's|.*\-> ||'`"
+    done
+    SOSUFFIX=`echo ${LIBCRYPTOSO} | sed -e 's|.*\.so||' 2>/dev/null`
+    LIBSSLSO="${THERE}/libssl.so${SOSUFFIX}"
+fi
+
+case "`(uname -s) 2>/dev/null`" in
+SunOS|IRIX*)
+	# SunOS and IRIX run-time linkers evaluate alternative
+	# variables depending on target ABI...
+	rld_var=LD_LIBRARY_PATH
+	case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in
+	*ELF\ 64*SPARC*)
+		[ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64
+		;;
+	*ELF\ N32*MIPS*)
+		[ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH
+		_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST
+		;;
+	*ELF\ 64*MIPS*)
+		[ -n "$LD_LIBRARY64_PATH"  ] && rld_var=LD_LIBRARY64_PATH
+		_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST
+		;;
+	esac
+	eval $rld_var=\"${THERE}:'$'$rld_var\"; export $rld_var
+	unset rld_var
+	;;
+*)	LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH"	# Linux, ELF HP-UX
+	DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH"	# MacOS X
+	SHLIB_PATH="${THERE}:$SHLIB_PATH"		# legacy HP-UX
+	LIBPATH="${THERE}:$LIBPATH"			# AIX, OS/2
+	export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
+	# Even though $PATH is adjusted [for Windows sake], it doesn't
+	# necessarily does the trick. Trouble is that with introduction
+	# of SafeDllSearchMode in XP/2003 it's more appropriate to copy
+	# .DLLs in vicinity of executable, which is done elsewhere...
+	if [ "$OSTYPE" != msdosdjgpp ]; then
+		PATH="${THERE}:$PATH"; export PATH
+	fi
+	;;
+esac
+
+if [ -f "$LIBCRYPTOSO" ]; then
+	# Following three lines are major excuse for isolating them into
+	# this wrapper script. Original reason for setting LD_PRELOAD
+	# was to make it possible to pass 'make test' when user linked
+	# with -rpath pointing to previous version installation. Wrapping
+	# it into a script makes it possible to do so on multi-ABI
+	# platforms.
+	LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO"	    # SunOS, Linux, ELF HP-UX
+	_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"  # Tru64, o32 IRIX
+	export LD_PRELOAD _RLD_LIST
+fi
+
+exec "$@"