diff --git a/Configure b/Configure
index beab5dea..e26231e8 100755
--- a/Configure
+++ b/Configure
@@ -444,6 +444,12 @@ our %disabled = ( # "what"         => "comment"
 		  "weak-ssl-ciphers"    => "default",
 		  "zlib"                => "default",
 		  "zlib-dynamic"        => "default",
+		  "zuc"                 => "default",
+		  "sm9"                 => "default",
+                  "bfibe"               => "default",
+                  "bb1ibe"              => "default",
+		  "saf"                 => "default",
+		  "sof"                 => "default",
 		);
 
 # Note: => pair form used for aesthetics, not to truly make a hash table
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index 97c3dec9..fee67563 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -95,6 +95,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
     {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
     {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
     {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
+    {ERR_FUNC(ASN1_F_I2D_PAILLIER_PUBKEY), "i2d_PAILLIER_PUBKEY"},
     {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
     {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
     {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 639ad522..a7ab3483 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -68,6 +68,7 @@ static ERR_STRING_DATA EVP_str_functs[] = {
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET0_PAILLIER), "EVP_PKEY_get0_PAILLIER"},
     {ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"},
     {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
     {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
@@ -118,6 +119,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
     {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},
     {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
+    {ERR_REASON(EVP_R_EXPECTING_A_PAILLIER), "expecting a paillier"},
     {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
     {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
      "illegal scrypt parameters"},
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 98286205..9b5d2947 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -17,6 +17,7 @@
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 #include <openssl/dh.h>
+#include <openssl/paillier.h>
 #include <openssl/engine.h>
 
 #include "internal/asn1_int.h"
@@ -331,6 +332,34 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
 }
 #endif
 
+#ifndef OPENSSL_NO_PAILLIER
+
+int EVP_PKEY_set1_PAILLIER(EVP_PKEY *pkey, PAILLIER *key)
+{
+    int ret = EVP_PKEY_assign_PAILLIER(pkey, key);
+    if (ret)
+        PAILLIER_up_ref(key);
+    return ret;
+}
+
+PAILLIER *EVP_PKEY_get0_PAILLIER(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_PAILLIER) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_PAILLIER, EVP_R_EXPECTING_A_PAILLIER);
+        return NULL;
+    }
+    return pkey->pkey.paillier;
+}
+
+PAILLIER *EVP_PKEY_get1_PAILLIER(EVP_PKEY *pkey)
+{
+    PAILLIER *ret = EVP_PKEY_get0_PAILLIER(pkey);
+    if (ret != NULL)
+        PAILLIER_up_ref(ret);
+    return ret;
+}
+#endif
+
 #ifndef OPENSSL_NO_DH
 
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
index c9ef5827..fd4c2695 100644
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@@ -369,6 +369,9 @@ struct evp_pkey_st {
 # endif
 # ifndef OPENSSL_NO_EC
         struct ec_key_st *ec;   /* ECC */
+# endif
+# ifndef OPENSSL_NO_PAILLIER
+        struct paillier_st *paillier;
 # endif
     } pkey;
     int save_parameters;
diff --git a/crypto/paillier/pai_asn1.c b/crypto/paillier/pai_asn1.c
index 3e5bcc6f..650ee866 100644
--- a/crypto/paillier/pai_asn1.c
+++ b/crypto/paillier/pai_asn1.c
@@ -70,15 +70,15 @@ static int paillier_cb(int operation, ASN1_VALUE **pval,
 	return 1;
 }
 
-ASN1_SEQUENCE_cb(PAILLIER_PRIVATE_KEY, paillier_cb) = {
+ASN1_SEQUENCE_cb(PaillierPrivateKey, paillier_cb) = {
 	ASN1_SIMPLE(PAILLIER, n, BIGNUM),
 	ASN1_SIMPLE(PAILLIER, lambda, BIGNUM),
 	ASN1_SIMPLE(PAILLIER, x, BIGNUM)
-} ASN1_SEQUENCE_END_cb(PAILLIER, PAILLIER_PRIVATE_KEY)
+} ASN1_SEQUENCE_END_cb(PAILLIER, PaillierPrivateKey)
 
-ASN1_SEQUENCE_cb(PAILLIER_PUBLIC_KEY, paillier_cb) = {
+ASN1_SEQUENCE_cb(PaillierPublicKey, paillier_cb) = {
 	ASN1_SIMPLE(PAILLIER, n, BIGNUM)
-} ASN1_SEQUENCE_END_cb(PAILLIER, PAILLIER_PUBLIC_KEY)
+} ASN1_SEQUENCE_END_cb(PAILLIER, PaillierPublicKey)
 
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(PAILLIER, PAILLIER_PRIVATE_KEY, PAILLIER_PRIVATE_KEY)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(PAILLIER, PAILLIER_PUBLIC_KEY, PAILLIER_PUBLIC_KEY)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(PAILLIER, PaillierPrivateKey, PaillierPrivateKey)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(PAILLIER, PaillierPublicKey, PaillierPublicKey)
diff --git a/crypto/paillier/pai_lcl.h b/crypto/paillier/pai_lcl.h
index 4fe78f1d..1f62827a 100644
--- a/crypto/paillier/pai_lcl.h
+++ b/crypto/paillier/pai_lcl.h
@@ -50,6 +50,8 @@
 #ifndef HEADER_PAI_LCL_H
 #define HEADER_PAI_LCL_H
 
+#include "e_os.h"
+
 struct paillier_st {
 	int bits;
 	BIGNUM *n;		/* public key */
@@ -57,6 +59,11 @@ struct paillier_st {
 	BIGNUM *n_squared;	/* online */
 	BIGNUM *n_plusone;	/* online */
 	BIGNUM *x;		/* online */
+
+	int references;
+	int flags;
+	CRYPTO_EX_DATA ex_data;
+	CRYPTO_RWLOCK *lock;
 };
 
 #endif
diff --git a/crypto/paillier/pai_lib.c b/crypto/paillier/pai_lib.c
index 6b6b68be..df44844d 100644
--- a/crypto/paillier/pai_lib.c
+++ b/crypto/paillier/pai_lib.c
@@ -145,6 +145,8 @@ int PAILLIER_generate_key(PAILLIER *key, int bits)
 
 	} while (0);
 
+	ret = 1;
+
 end:
 	BN_clear_free(p);
 	BN_clear_free(q);
@@ -345,3 +347,14 @@ end:
 	return 0;
 }
 
+int PAILLIER_up_ref(PAILLIER *r)
+{
+	int i;
+
+	if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
+		return 0;
+
+	REF_PRINT_COUNT("PAILLIER", r);
+	REF_ASSERT_ISNT(i < 2);
+	return ((i > 1) ? 1 : 0);
+}
diff --git a/crypto/pem/build.info b/crypto/pem/build.info
index 357b3283..bd79026e 100644
--- a/crypto/pem/build.info
+++ b/crypto/pem/build.info
@@ -1,4 +1,5 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=\
         pem_sign.c pem_info.c pem_lib.c pem_all.c pem_err.c \
-        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c
+        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c \
+	pem3.c
diff --git a/crypto/pem/pem3.c b/crypto/pem/pem3.c
new file mode 100644
index 00000000..0fecbc5d
--- /dev/null
+++ b/crypto/pem/pem3.c
@@ -0,0 +1,108 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2017 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/pem3.h>
+#include <openssl/paillier.h>
+
+/*
+extern PAILLIER *EVP_PKEY_get1_PAILLIER(EVP_PKEY *key);
+extern int i2d_PAILLIER_PUBKEY(PAILLIER *a, unsigned char **p);
+extern PAILLIER *d2i_PAILLIER_PUBKEY(PAILLIER **a, const unsigned char **p, long len);
+*/
+
+#ifndef OPENSSL_NO_PAILLIER
+static PAILLIER *pkey_get_paillier(EVP_PKEY *key, PAILLIER **paillier)
+{
+	PAILLIER *rtmp;
+	if (!key)
+		return NULL;
+	rtmp = EVP_PKEY_get1_PAILLIER(key);
+	EVP_PKEY_free(key);
+	if (!rtmp)
+		return NULL;
+	if (paillier) {
+		PAILLIER_free(*paillier);
+		*paillier = rtmp;
+	}
+	return rtmp;
+}
+
+PAILLIER *PEM_read_bio_PaillierPrivateKey(BIO *bp, PAILLIER **paillier,
+	pem_password_cb *cb, void *u)
+{
+	EVP_PKEY *pktmp;
+	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+	return pkey_get_paillier(pktmp, paillier);
+}
+
+# ifndef OPENSSL_NO_STDIO
+PAILLIER *PEM_read_PaillierPrivateKey(FILE *fp, PAILLIER **paillier,
+	pem_password_cb *cb, void *u)
+{
+	EVP_PKEY *pktmp;
+	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+	return pkey_get_paillier(pktmp, paillier);
+}
+
+# endif
+
+IMPLEMENT_PEM_write_cb_const(PaillierPrivateKey, PAILLIER, PEM_STRING_PAILLIER,
+	PaillierPrivateKey)
+IMPLEMENT_PEM_rw_const(PaillierPublicKey, PAILLIER, PEM_STRING_PAILLIER_PUBLIC,
+	PaillierPublicKey)
+IMPLEMENT_PEM_rw(PAILLIER_PUBKEY, PAILLIER, PEM_STRING_PUBLIC, PAILLIER_PUBKEY)
+
+#endif
diff --git a/crypto/saf/saf_ec.c b/crypto/saf/saf_ec.c
index bfff7992..fe8b4f5e 100644
--- a/crypto/saf/saf_ec.c
+++ b/crypto/saf/saf_ec.c
@@ -622,5 +622,3 @@ int SAF_EccVerifySignFile(
 {
 	return SAR_OK;
 }
-
-
diff --git a/crypto/sm2/sm2_enc.c b/crypto/sm2/sm2_enc.c
index b1584ed6..0c74c830 100644
--- a/crypto/sm2/sm2_enc.c
+++ b/crypto/sm2/sm2_enc.c
@@ -238,7 +238,7 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(
 		goto end;
 	}
 
-	if (buflen <= fixlen) {
+	if (buflen <= (size_t)fixlen) {
 		ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_BUFFER_TOO_SMALL);
 		goto end;
 	}
@@ -260,7 +260,7 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(
 	//FIXME
 	ptlen = fixlen - SM2_ENC_PARAMS_mactag_size(params);
 #endif
-	ptlen = fixlen; //FIXME
+	ptlen = (int)fixlen; //FIXME
 	if (!EC_POINT_oct2point(ec_group, ret->ephem_point, buf, ptlen, bn_ctx)) {
 		ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_OCT2POINT_FAILED);
 		goto end;
@@ -290,7 +290,7 @@ int SM2_CIPHERTEXT_VALUE_print(BIO *out, const EC_GROUP *ec_group,
 	int ret = 0;
 	char *hex = NULL;
 	BN_CTX *ctx = BN_CTX_new();
-	int i;
+	size_t i;
 
 	if (!ctx) {
 		goto end;
@@ -382,7 +382,7 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
 	unsigned int dgstlen;
 	int mactag_size;
 	size_t len;
-	int i;
+	size_t i;
 
 	if (!ec_group || !pub_key) {
 		ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_INVALID_EC_KEY);
@@ -513,7 +513,7 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
 		}
 
 		/* GmSSL specific: reduce mactag size */
-		if (mactag_size > dgstlen) {
+		if (mactag_size > dgstlen) {                    
 			ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
 			goto end;
 		}
@@ -554,7 +554,7 @@ int SM2_decrypt(const SM2_ENC_PARAMS *params,
 		ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR);
 		goto end;
 	}
-	if (inlen <= len) {
+	if (inlen <= len) {                
 		ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR);
 		goto end;
 	}
@@ -673,7 +673,7 @@ int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
 
 
 	/* B5: compute M = C2 xor t */
-	for (i = 0; i < cv->ciphertext_size; i++) {
+	for (i = 0; i < cv->ciphertext_size; i++) {              
 		out[i] ^= cv->ciphertext[i];
 	}
 	*outlen = cv->ciphertext_size;
@@ -704,7 +704,7 @@ int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
 		}
 
 		/* GmSSL specific */
-		if (mactag_size > maclen) {
+		if (mactag_size > (int)maclen) {             
 			ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
 			goto end;
 		}
@@ -742,4 +742,3 @@ int SM2_decrypt_with_recommended(const unsigned char *in, size_t inlen,
 	SM2_ENC_PARAMS_init_with_recommended(&params);
 	return SM2_decrypt(&params, in, inlen, out, outlen, ec_key);
 }
-
diff --git a/crypto/sm2/sm2_kap.c b/crypto/sm2/sm2_kap.c
index 0e9dedf9..03a00a5e 100644
--- a/crypto/sm2/sm2_kap.c
+++ b/crypto/sm2/sm2_kap.c
@@ -60,6 +60,7 @@ int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx,
 {
 	int ret = 0;
 	int w;
+	size_t len;
 
 	if (!ctx || !ec_key || !remote_pubkey) {
 		ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_PASSED_NULL_PARAMETER);
@@ -87,22 +88,26 @@ int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx,
 		goto end;
 	}
 
+	len = ctx->id_dgstlen;
 	if (!SM2_compute_id_digest(ctx->id_dgst_md, id, idlen,
-		ctx->id_dgst, &ctx->id_dgstlen, ec_key)) {
+		ctx->id_dgst, &len, ec_key)) {
 		ECerr(EC_F_SM2_KAP_CTX_INIT, 0);
 		goto end;
 	}
+	ctx->id_dgstlen = len;
 
 	if (!(ctx->ec_key = EC_KEY_dup(ec_key))) {
 		ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB);
 		goto end;
 	}
 
+	len = ctx->remote_id_dgstlen;
 	if (!SM2_compute_id_digest(ctx->id_dgst_md, rid, ridlen,
-		ctx->remote_id_dgst, &ctx->remote_id_dgstlen, remote_pubkey)) {
+		ctx->remote_id_dgst, &len, remote_pubkey)) {
 		ECerr(EC_F_SM2_KAP_CTX_INIT, 0);
 		goto end;
 	}
+	ctx->remote_id_dgstlen = len;
 
 	if (!(ctx->remote_pubkey = EC_KEY_dup(remote_pubkey))) {
 		ECerr(EC_F_SM2_KAP_CTX_INIT, 0);
diff --git a/crypto/sm9/sm9_enc.c b/crypto/sm9/sm9_enc.c
index 94c51aeb..bd7c7178 100644
--- a/crypto/sm9/sm9_enc.c
+++ b/crypto/sm9/sm9_enc.c
@@ -431,7 +431,7 @@ int SM9_unwrap_key(SM9PublicParameters *mpk, size_t keylen,
 	}
 
 	/* is outkey is all zero, return failed */
-	for (i = 0; (i < keylen) && (outkey[i] == 0); i++) {
+	for (i = 0; (i < keylen) && (outkey[i] == 0); i++) {           
 	}
 	if (i == keylen) {
 		SM9err(SM9_F_SM9_UNWRAP_KEY, ERR_R_EC_LIB);
@@ -630,7 +630,7 @@ static int SM9EncParameters_decrypt(const SM9EncParameters *encparams,
 		/* output iv */
 		iv = in;
 		ivlen = EVP_CIPHER_iv_length(encparams->enc_cipher);
-		if (inlen <= ivlen) {
+		if (inlen <= (size_t)ivlen) {
 			SM9err(SM9_F_SM9ENCPARAMETERS_DECRYPT, SM9_R_INVALID_CIPHERTEXT);
 			goto end;
 		}
@@ -948,7 +948,7 @@ int SM9_do_decrypt(SM9PublicParameters *mpk, const SM9EncParameters *encparams,
 		*outlen = in->c2->length;
 		return 1;
 	}
-	if (*outlen < in->c2->length) {
+	if (*outlen < in->c2->length) {             
 		SM9err(SM9_F_SM9_DO_DECRYPT, SM9_R_BUFFER_TOO_SMALL);
 		return 0;
 	}
@@ -1065,7 +1065,7 @@ int SM9_decrypt(SM9PublicParameters *mpk, const SM9EncParameters *encparams,
 		return 0;
 	}
 
-	p = &in;
+	p = in;
 	if (!(c = d2i_SM9Ciphertext(NULL, &p, inlen))) {
 		SM9err(SM9_F_SM9_DECRYPT, ERR_R_SM9_LIB);
 		goto end;
diff --git a/crypto/sm9/sm9_sign.c b/crypto/sm9/sm9_sign.c
index 0c48cc4d..039186a3 100644
--- a/crypto/sm9/sm9_sign.c
+++ b/crypto/sm9/sm9_sign.c
@@ -457,7 +457,7 @@ int SM9_sign(SM9PublicParameters *mpk, const unsigned char *dgst,
 		return 0;
 	}
 
-	p = &sig;
+	p = sig;
 	if (i2d_SM9Signature(sigobj, &p) < 0) {
 		SM9err(SM9_F_SM9_SIGN, ERR_R_SM9_LIB);
 		goto end;
@@ -493,10 +493,10 @@ int SM9_verify(SM9PublicParameters *mpk, const unsigned char *dgst,
 		return 0;
 	}
 
-	p = &sig;
+	p = sig;
 	if (!(sigobj = d2i_SM9Signature(NULL, &p, siglen))) {
 		SM9err(SM9_F_SM9_VERIFY, ERR_R_SM9_LIB);
-		return 0;
+		goto end;
 	}
 
 	ret = SM9_do_verify(mpk, dgst, dgstlen, sigobj, id, idlen);
@@ -504,6 +504,5 @@ int SM9_verify(SM9PublicParameters *mpk, const unsigned char *dgst,
 
 end:
 	SM9Signature_free(sigobj);
-	return 0;
+	return ret;
 }
-
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index cc692834..16ed7f8e 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -16,6 +16,7 @@
 #include "internal/x509_int.h"
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
+#include <openssl/paillier.h>
 
 struct X509_pubkey_st {
     X509_ALGOR *algor;
@@ -255,6 +256,46 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 }
 #endif
 
+#ifndef OPENSSL_NO_PAILLIER
+PAILLIER *d2i_PAILLIER_PUBKEY(PAILLIER **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    PAILLIER *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return NULL;
+    key = EVP_PKEY_get1_PAILLIER(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return NULL;
+    *pp = q;
+    if (a) {
+        PAILLIER_free(*a);
+        *a = key;
+    }
+    return key;
+}
+
+int i2d_PAILLIER_PUBKEY(PAILLIER *a, unsigned char **pp)
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return 0;
+    pktmp = EVP_PKEY_new();
+    if (pktmp == NULL) {
+        ASN1err(ASN1_F_I2D_PAILLIER_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    EVP_PKEY_set1_PAILLIER(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return ret;
+}
+#endif
+
 #ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
 {
diff --git a/engines/e_avx2.c b/engines/e_avx2.c
index b227241c..6d5403c4 100644
--- a/engines/e_avx2.c
+++ b/engines/e_avx2.c
@@ -53,6 +53,8 @@
 #include <openssl/evp.h>
 #include <openssl/engine.h>
 
+#if (defined(__x86_64) || defined(__x86_64__)) && defined(OPENSSL_CPUID_OBJ)
+#endif
 
 static const char *avx2_id = "avx2";
 static const char *avx2_name = "ENGINE with Intel AVX2 Intructions";
@@ -81,8 +83,6 @@ static int avx2_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
 	return 1;
 }
 
-/****************************************************************************/
-
 static int avx2_cipher_nids[] = {NID_sms4_ecb, NID_sms4_ctr, 0};
 static int avx2_num_ciphers = OSSL_NELEM(avx2_cipher_nids) - 1;
 
@@ -282,12 +282,18 @@ static ENGINE *engine_avx2(void)
 
 void engine_load_avx2_int(void)
 {
-	ENGINE *eng = NULL;
-	if (!(eng = engine_avx2())) {
-		return;
+	extern unsigned int OPENSSL_ia32cap_P[];
+
+	if (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) {
+	        ENGINE *toadd = ENGINE_rdrand();
+		ENGINE *eng = NULL;
+		if (!(eng = engine_avx2())) {
+			return;
+		}
+		ENGINE_add(eng);
+		ENGINE_free(eng);
+		ERR_clear_error();
 	}
-	ENGINE_add(eng);
-	ENGINE_free(eng);
-	ERR_clear_error();
 }
+
 #endif /* OPENSSL_NO_DYNAMIC_ENGINE */
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 7cf61161..9e850a37 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -956,6 +956,7 @@ int ERR_load_ASN1_strings(void);
 # define ASN1_F_I2D_ASN1_BIO_STREAM                       211
 # define ASN1_F_I2D_DSA_PUBKEY                            161
 # define ASN1_F_I2D_EC_PUBKEY                             181
+# define ASN1_F_I2D_PAILLIER_PUBKEY                       101
 # define ASN1_F_I2D_PRIVATEKEY                            163
 # define ASN1_F_I2D_PUBLICKEY                             164
 # define ASN1_F_I2D_RSA_PUBKEY                            165
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 3d7e4f53..a73f0076 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -100,6 +100,7 @@
 # define EVP_PKEY_CMAC   NID_cmac
 # define EVP_PKEY_TLS1_PRF NID_tls1_prf
 # define EVP_PKEY_HKDF   NID_hkdf
+# define EVP_PKEY_PAILLIER NID_paillier
 
 #ifdef  __cplusplus
 extern "C" {
@@ -445,6 +446,11 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
                                         (char *)(eckey))
 # endif
 
+# ifndef OPENSSL_NO_PAILLIER
+#  define EVP_PKEY_assign_PAILLIER(pkey,paillier) EVP_PKEY_assign((pkey),EVP_PKEY_PAILLIER,\
+                                        (char *)(paillier))
+# endif
+
 /* Add some extra combinations */
 # define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
 # define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
@@ -1000,6 +1006,12 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
 struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
 struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
 # endif
+# ifndef OPENSSL_NO_PAILLIER
+struct paillier_st;
+int EVP_PKEY_set1_PAILLIER(EVP_PKEY *pkey, struct paillier_st *key);
+struct paillier_st *EVP_PKEY_get0_PAILLIER(EVP_PKEY *pkey);
+struct paillier_st *EVP_PKEY_get1_PAILLIER(EVP_PKEY *pkey);
+# endif
 
 EVP_PKEY *EVP_PKEY_new(void);
 int EVP_PKEY_up_ref(EVP_PKEY *pkey);
@@ -1572,6 +1584,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_EVP_PKEY_GET0_DSA                          120
 # define EVP_F_EVP_PKEY_GET0_EC_KEY                       131
 # define EVP_F_EVP_PKEY_GET0_HMAC                         183
+# define EVP_F_EVP_PKEY_GET0_PAILLIER                     172
 # define EVP_F_EVP_PKEY_GET0_RSA                          121
 # define EVP_F_EVP_PKEY_KEYGEN                            146
 # define EVP_F_EVP_PKEY_KEYGEN_INIT                       147
@@ -1616,6 +1629,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_EXPECTING_A_DH_KEY                         128
 # define EVP_R_EXPECTING_A_DSA_KEY                        129
 # define EVP_R_EXPECTING_A_EC_KEY                         142
+# define EVP_R_EXPECTING_A_PAILLIER                       176
 # define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
 # define EVP_R_ILLEGAL_SCRYPT_PARAMETERS                  171
 # define EVP_R_INITIALIZATION_ERROR                       134
diff --git a/include/openssl/paillier.h b/include/openssl/paillier.h
index d25a09b7..5edb975b 100644
--- a/include/openssl/paillier.h
+++ b/include/openssl/paillier.h
@@ -74,8 +74,10 @@ int PAILLIER_decrypt(BIGNUM *out, const BIGNUM *in, PAILLIER *key);
 int PAILLIER_ciphertext_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, PAILLIER *key);
 int PAILLIER_ciphertext_scalar_mul(BIGNUM *r, const BIGNUM *scalar, const BIGNUM *a, PAILLIER *key);
 
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(PAILLIER, PAILLIER_PUBLIC_KEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(PAILLIER, PAILLIER_PRIVATE_KEY)
+int PAILLIER_up_ref(PAILLIER *key);
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(PAILLIER, PaillierPrivateKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(PAILLIER, PaillierPublicKey)
 
 /* BEGIN ERROR CODES */
 /*
diff --git a/include/openssl/pem3.h b/include/openssl/pem3.h
index baa137d6..6b951681 100644
--- a/include/openssl/pem3.h
+++ b/include/openssl/pem3.h
@@ -79,12 +79,12 @@ extern "C" {
 #define PEM_STRING_BB1IBE_MASTER	"BB1IBE MASTER SECRET"
 #define PEM_STRING_BB1IBE_PRIVATE	"BB1IBE PRIVATE KEY"
 
-/*
-DECLARE_PEM_rw_cb(PaillierPrivateKey, PAILLIER)
-DECLARE_PEM_rw(PaillierPrivateKey, PAILLIER)
-DECLARE_PEM_rw_cb(CPK_PUBLIC_PARAM, CPK)
-DECLARE_PEM_rw_cb(CPK_PUBLIC_PARAMS, CPK)
-*/
+
+# ifndef OPENSSL_NO_PAILLIER
+DECLARE_PEM_rw_cb(PAILLIERPrivateKey, PAILLIER)
+DECLARE_PEM_rw_const(PAILLIERPublicKey, PAILLIER)
+DECLARE_PEM_rw(PAILLIER_PUBKEY, PAILLIER)
+# endif
 
 
 #ifdef __cplusplus
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index c8996f35..343a5a40 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -26,6 +26,7 @@
 # include <openssl/asn1.h>
 # include <openssl/safestack.h>
 # include <openssl/ec.h>
+# include <openssl/paillier.h>
 
 # if OPENSSL_API_COMPAT < 0x10100000L
 #  include <openssl/rsa.h>
@@ -393,6 +394,14 @@ int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
 int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
 #  endif
+#  ifndef OPENSSL_NO_PAILLIER
+PAILLIER *d2i_PaillierPrivateKey_fp(FILE *fp, PAILLIER **paillier);
+int i2d_PaillierPrivateKey_fp(FILE *fp, PAILLIER *paillier);
+PAILLIER *d2i_PaillierPublicKey_fp(FILE *fp, PAILLIER **paillier);
+int i2d_PaillierPublicKey_fp(FILE *fp, PAILLIER *paillier);
+PAILLIER *d2i_PAILLIER_PUBKEY_fp(FILE *fp, PAILLIER **paillier);
+int i2d_PAILLIER_PUBKEY_fp(FILE *fp, PAILLIER *paillier);
+#  endif
 #  ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
 int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
@@ -431,6 +440,14 @@ int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
 int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
 #  endif
+#  ifndef OPENSSL_NO_PAILLIER
+PAILLIER *d2i_PaillierPrivateKey_bio(BIO *bp, PAILLIER **paillier);
+int i2d_PaillierPrivateKey_bio(BIO *bp, PAILLIER *paillier);
+PAILLIER *d2i_PaillierPublicKey_bio(BIO *bp, PAILLIER **paillier);
+int i2d_PaillierPublicKey_bio(BIO *bp, PAILLIER *paillier);
+PAILLIER *d2i_PAILLIER_PUBKEY_bio(BIO *bp, PAILLIER **paillier);
+int i2d_PAILLIER_PUBKEY_bio(BIO *bp, PAILLIER *paillier);
+#  endif
 #  ifndef OPENSSL_NO_DSA
 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
 int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
@@ -513,6 +530,11 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
 int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
 EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
 # endif
+# ifndef OPENSSL_NO_PAILLIER
+int i2d_PAILLIER_PUBKEY(PAILLIER *a, unsigned char **pp);
+PAILLIER *d2i_PAILLIER_PUBKEY(PAILLIER **a, const unsigned char **pp, long length);
+# endif
+
 
 DECLARE_ASN1_FUNCTIONS(X509_SIG)
 void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
@@ -762,7 +784,7 @@ int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
 int X509_print_fp(FILE *bp, X509 *x);
 int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
 int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
-int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
+int X509_NAMpaillierE_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
                           unsigned long flags);
 # endif
 
diff --git a/test/cpktest.c b/test/cpktest.c
index 8f67eaa9..71b5db7c 100644
--- a/test/cpktest.c
+++ b/test/cpktest.c
@@ -90,7 +90,6 @@ int main(int argc, char **argv)
 {
 	int r, i;
 	KDF_FUNC kdf = NULL;
-	EC_GROUP *ec_group = NULL;
 	EC_KEY *ec_key = NULL;
 	EVP_PKEY *pkey = NULL;
 	EVP_PKEY *pub_key = NULL;
diff --git a/test/p b/test/p
new file mode 100644
index 00000000..9c73fff5
--- /dev/null
+++ b/test/p
@@ -0,0 +1,69 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use strict;
+use warnings;
+
+use File::Spec::Functions qw/catfile/;
+use File::Copy;
+use File::Compare qw/compare_text/;
+use File::Basename;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_enc");
+
+# We do it this way, because setup() may have moved us around,
+# so the directory portion of $0 might not be correct any more.
+# However, the name hasn't changed.
+my $testsrc = srctop_file("test","recipes",basename($0));
+
+my $test = catfile(".", "p");
+
+my $cmd = "gmssl";
+
+my @ciphers =
+    map { s/^\s+//; s/\s+$//; split /\s+/ }
+    run(app([$cmd, "list", "-cipher-commands"]), capture => 1);
+
+plan tests => 1 + (scalar @ciphers)*2;
+
+my $init = ok(copy($testsrc,$test));
+
+if (!$init) {
+    diag("Trying to copy $testsrc to $test : $!");
+}
+
+ SKIP: {
+     skip "Not initialized, skipping...", 11 unless $init;
+
+     foreach my $c (@ciphers) {
+	 my %variant = ("$c" => [],
+			"$c base64" => [ "-a" ]);
+
+	 foreach my $t (sort keys %variant) {
+	     my $cipherfile = "$test.$c.cipher";
+	     my $clearfile = "$test.$c.clear";
+	     my @e = ( "$c", "-bufsize", "113", @{$variant{$t}}, "-e", "-k", "test" );
+	     my @d = ( "$c", "-bufsize", "157", @{$variant{$t}}, "-d", "-k", "test" );
+	     if ($c eq "cat") {
+		 $cipherfile = "$test.cipher";
+		 $clearfile = "$test.clear";
+		 @e = ( "enc", @{$variant{$t}}, "-e" );
+		 @d = ( "enc", @{$variant{$t}}, "-d" );
+	     }
+
+	     ok(run(app([$cmd, @e, "-in", $test, "-out", $cipherfile]))
+		&& run(app([$cmd, @d, "-in", $cipherfile, "-out", $clearfile]))
+		&& compare_text($test,$clearfile) == 0, $t);
+	     unlink $cipherfile, $clearfile;
+	 }
+     }
+}
+
+unlink $test;
diff --git a/test/pailliertest.c b/test/pailliertest.c
index 3c7233e7..ec1b235f 100644
--- a/test/pailliertest.c
+++ b/test/pailliertest.c
@@ -63,7 +63,7 @@ int main(int argc, char **argv)
 # include <openssl/evp.h>
 # include <openssl/paillier.h>
 
-static int PAILLIER_test(int verbose)
+static int test_paillier(int verbose)
 {
 	int ret = 0;
 	int kbits = 2048;
@@ -179,6 +179,7 @@ end:
 int main(int argc, char **argv)
 {
 	int err = 0;
+	if (!test_paillier(2)) err++;
 	return err;
 }
 #endif
diff --git a/util/shlib_wrap.sh b/util/shlib_wrap.sh
deleted file mode 100755
index 811a08d6..00000000
--- a/util/shlib_wrap.sh
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/bin/sh
-
-[ $# -ne 0 ] || set -x		# debug mode without arguments:-)
-
-THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.."
-[ -d "${THERE}" ] || exec "$@"	# should never happen...
-
-# Alternative to this is to parse ${THERE}/Makefile...
-LIBCRYPTOSO="${THERE}/libcrypto.so"
-if [ -f "$LIBCRYPTOSO" ]; then
-    while [ -h "$LIBCRYPTOSO" ]; do
-	LIBCRYPTOSO="${THERE}/`ls -l "$LIBCRYPTOSO" | sed -e 's|.*\-> ||'`"
-    done
-    SOSUFFIX=`echo ${LIBCRYPTOSO} | sed -e 's|.*\.so||' 2>/dev/null`
-    LIBSSLSO="${THERE}/libssl.so${SOSUFFIX}"
-fi
-
-SYSNAME=`(uname -s) 2>/dev/null`;
-case "$SYSNAME" in
-SunOS|IRIX*)
-	# SunOS and IRIX run-time linkers evaluate alternative
-	# variables depending on target ABI...
-	rld_var=LD_LIBRARY_PATH
-	case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in
-	*ELF\ 64*SPARC*|*ELF\ 64*AMD64*)
-		[ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64
-		LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64
-		preload_var=LD_PRELOAD_64
-		;;
-	*ELF\ 32*SPARC*|*ELF\ 32*80386*)
-		# We only need to change LD_PRELOAD_32 and LD_LIBRARY_PATH_32
-		# on a multi-arch system.  Otherwise, trust the fallbacks.
-		if [ -f /lib/64/ld.so.1 ]; then
-		    [ -n "$LD_LIBRARY_PATH_32" ] && rld_var=LD_LIBRARY_PATH_32
-		    LD_PRELOAD_32="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_32
-		    preload_var=LD_PRELOAD_32
-		fi
-		;;
-	# Why are newly built .so's preloaded anyway? Because run-time
-	# .so lookup path embedded into application takes precedence
-	# over LD_LIBRARY_PATH and as result application ends up linking
-	# to previously installed .so's. On IRIX instead of preloading
-	# newly built .so's we trick run-time linker to fail to find
-	# the installed .so by setting _RLD_ROOT variable.
-	*ELF\ 32*MIPS*)
-		#_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD_LIST
-		_RLD_ROOT=/no/such/dir; export _RLD_ROOT
-		eval $rld_var=\"/usr/lib'${'$rld_var':+:$'$rld_var'}'\"
-		preload_var=_RLD_LIST
-		;;
-	*ELF\ N32*MIPS*)
-		[ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH
-		#_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST
-		_RLDN32_ROOT=/no/such/dir; export _RLDN32_ROOT
-		eval $rld_var=\"/usr/lib32'${'$rld_var':+:$'$rld_var'}'\"
-		preload_var=_RLDN32_LIST
-		;;
-	*ELF\ 64*MIPS*)
-		[ -n "$LD_LIBRARY64_PATH"  ] && rld_var=LD_LIBRARY64_PATH
-		#_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST
-		_RLD64_ROOT=/no/such/dir; export _RLD64_ROOT
-		eval $rld_var=\"/usr/lib64'${'$rld_var':+:$'$rld_var'}'\"
-		preload_var=_RLD64_LIST
-		;;
-	esac
-	eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var
-	unset rld_var
-	;;
-*)	LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH"	# Linux, ELF HP-UX
-	DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH"	# MacOS X
-	SHLIB_PATH="${THERE}:$SHLIB_PATH"		# legacy HP-UX
-	LIBPATH="${THERE}:$LIBPATH"			# AIX, OS/2
-	export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
-	# Even though $PATH is adjusted [for Windows sake], it doesn't
-	# necessarily does the trick. Trouble is that with introduction
-	# of SafeDllSearchMode in XP/2003 it's more appropriate to copy
-	# .DLLs in vicinity of executable, which is done elsewhere...
-	if [ "$OSTYPE" != msdosdjgpp ]; then
-		PATH="${THERE}:$PATH"; export PATH
-	fi
-	;;
-esac
-
-
-
-cmd="$1"; [ -x "$cmd" ] || cmd="$cmd${EXE_EXT}"
-shift
-if [ $# -eq 0 ]; then
-	exec "$cmd"	# old sh, such as Tru64 4.x, fails to expand empty "$@"
-else
-	exec "$cmd" "$@"
-fi