From 980645e55e4816878aab9353285dc9e39a793fc0 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Sat, 9 Aug 2003 09:35:57 +0000
Subject: [PATCH] Recent changes from 0.9.6-stable.

---
 CHANGES                |   7 +-
 Makefile.org           |   4 +-
 apps/Makefile.ssl      |   8 +-
 crypto/bio/bss_bio.c   |  55 +++++++++++-
 crypto/rand/rand_win.c |  14 ++-
 ssl/s3_srvr.c          |   4 +
 test/Makefile.ssl      | 192 ++++++++++++++++++++++++++++++-----------
 7 files changed, 226 insertions(+), 58 deletions(-)

diff --git a/CHANGES b/CHANGES
index 208ec0831c..c494b9281f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,12 @@
 
  Changes between 0.9.6j and 0.9.6k  [xx XXX 2003]
 
-  *) Change X509_cretificate_type() to mark the key as exported/exportable
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
      when it's 512 *bits* long, not 512 bytes.
      [Richard Levitte]
 
diff --git a/Makefile.org b/Makefile.org
index 7677e0dba0..a549c91406 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -368,7 +368,7 @@ do_svr3-shared:
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
-		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
+		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
 		  done ; \
 		  set -x; ${CC} ${SHARED_LDFLAGS} \
 			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@@ -390,7 +390,7 @@ do_svr5-shared:
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
-		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
+		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
 		  done ; \
 		  set -x; ${CC} ${SHARED_LDFLAGS} \
 			$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl
index 067795e244..0f3a9bcaf9 100644
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -136,8 +136,12 @@ $(DLIBCRYPTO):
 
 $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(PROGRAM)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ] ; then \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; $(PERL) tools/c_rehash certs)
 
 progs.h: progs.pl
diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
index 27970492a3..4a794bfb66 100644
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -1,4 +1,57 @@
 /* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 /* Special method for a BIO where the other endpoint is also a BIO
  * of this kind, handled by the same thread (i.e. the "peer" is actually
@@ -503,7 +556,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 		break;
 		
 	case BIO_C_DESTROY_BIO_PAIR:
-		/* Effects both BIOs in the pair -- call just once!
+		/* Affects both BIOs in the pair -- call just once!
 		 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
 		bio_destroy_pair(bio);
 		ret = 1;
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 3e148ad4d2..9e87f49872 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
 typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
 
 typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
 typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
 typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
 typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
@@ -414,7 +415,7 @@ int RAND_poll(void)
 	 * This seeding method was proposed in Peter Gutmann, Software
 	 * Generation of Practically Strong Random Numbers,
 	 * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
-     * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+	 * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
 	 * (The assignment of entropy estimates below is arbitrary, but based
 	 * on Peter's analysis the full poll appears to be safe. Additional
 	 * interactive seeding is encouraged.)
@@ -423,6 +424,7 @@ int RAND_poll(void)
 	if (kernel)
 		{
 		CREATETOOLHELP32SNAPSHOT snap;
+		CLOSETOOLHELP32SNAPSHOT close_snap;
 		HANDLE handle;
 
 		HEAP32FIRST heap_first;
@@ -440,6 +442,8 @@ int RAND_poll(void)
 
 		snap = (CREATETOOLHELP32SNAPSHOT)
 			GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+		close_snap = (CLOSETOOLHELP32SNAPSHOT)
+			GetProcAddress(kernel, "CloseToolhelp32Snapshot");
 		heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
 		heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
 		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
@@ -455,7 +459,7 @@ int RAND_poll(void)
 			heaplist_next && process_first && process_next &&
 			thread_first && thread_next && module_first &&
 			module_next && (handle = snap(TH32CS_SNAPALL,0))
-			!= NULL)
+			!= INVALID_HANDLE_VALUE)
 			{
 			/* heap list and heap walking */
                         /* HEAPLIST32 contains 3 fields that will change with
@@ -517,8 +521,10 @@ int RAND_poll(void)
 				do
 					RAND_add(&m, m.dwSize, 9);
 				while (module_next(handle, &m));
-
-			CloseHandle(handle);
+			if (close_snap)
+				close_snap(handle);
+			else
+				CloseHandle(handle);
 			}
 
 		FreeLibrary(kernel);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 3f4818e888..bd9f7dc209 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -828,6 +828,9 @@ static int ssl3_get_client_hello(SSL *s)
 		}
 
 	/* TLS does not mind if there is extra stuff */
+#if 0   /* SSL 3.0 does not mind either, so we should disable this test
+         * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
+         * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
 	if (s->version == SSL3_VERSION)
 		{
 		if (p < (d+n))
@@ -839,6 +842,7 @@ static int ssl3_get_client_hello(SSL *s)
 			goto f_err;
 			}
 		}
+#endif
 
 	/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
 	 * pick a cipher */
diff --git a/test/Makefile.ssl b/test/Makefile.ssl
index b6ad59bc79..4fe6d51587 100644
--- a/test/Makefile.ssl
+++ b/test/Makefile.ssl
@@ -258,104 +258,200 @@ $(DLIBCRYPTO):
 	(cd ..; $(MAKE) DIRS=crypto all)
 
 $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 $(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO)
 	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	$(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 dummytest: dummytest.o $(DLIBCRYPTO)
-	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	$(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "" ]; then \
+	  $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	else \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS); \
+	fi
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-- 
2.25.1