Prepare for 1.1.0c release

Reviewed-by: Richard Levitte <levitte@openssl.org>
Update CHANGES and NEWS
2026-01-15 21:49:45 +00:00 · 2016-11-10 14:03:42 +00:00 · 2016-11-10 13:04:05 +00:00 · 2016-11-10 13:04:05 +00:00 · 2016-11-10 13:04:05 +00:00 · 2016-11-10 13:04:05 +00:00
10621 changed files with 281471 additions and 1363519 deletions
--- a/.ctags.d/add-dir.ctags
+++ b/.ctags.d/add-dir.ctags
@@ -1,11 +0,0 @@
-#
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-#
-
-# Allow ctags to load configuration file under the sub directories.
--optlib-dir=+./.ctags.d
--- a/.ctags.d/exclude.ctags
+++ b/.ctags.d/exclude.ctags
@@ -1,13 +0,0 @@
-#
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-#
-
-# List file names or patterns you want ctags to ignore.
--exclude=.ctags.d
--exclude=test
--exclude=check-format-test-positives.c
--- a/.ctags.d/openssl-stage1/10extrac-macrodefs.ctags
+++ b/.ctags.d/openssl-stage1/10extrac-macrodefs.ctags
@@ -1,18 +0,0 @@
-#
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-#
-
-# This file is only for extracting macro definitions.
--langmap=C:+.h
-o -
--sort=no
--languages=C
-R
-
--fields-C=+{macrodef}
--fields=+{signature}
--- a/.ctags.d/openssl-stage2/.gitignore
+++ b/.ctags.d/openssl-stage2/.gitignore
@@ -1 +0,0 @@
-*macro-definitons.ctags
--- a/.ctags.d/openssl-stage2/10expand-macros.ctags
+++ b/.ctags.d/openssl-stage2/10expand-macros.ctags
@@ -1,9 +0,0 @@
-#
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-#
--param-CPreProcessor._expand=1
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -1,2 +0,0 @@
-# Run util/openssl-format-source -v -c .
-0f113f3ee4d629ef9a4a30911b22b224772085e5
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,19 +1,3 @@
-*.bin binary
 *.der binary
 /fuzz/corpora/** binary
 *.pfx binary
-test/recipes/15-test_ml_dsa_codecs_data/*.dat   binary
-test/recipes/15-test_ml_kem_codecs_data/*.dat binary
-
-# For git archive
-fuzz/corpora/**                         export-ignore
-Configurations/*.norelease.conf         export-ignore
-# We generally avoid anything with a name starting with a period.
-# However, .ctags.d is precious, so we don't ignore that.
-.*                                      export-ignore
-.ctags.d                                !export-ignore
-util/mktar.sh                           export-ignore
-krb5                                    export-ignore
-pyca-cryptography                       export-ignore
-dev                                     export-ignore
-gost-engine                             export-ignore
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1 +0,0 @@
-github: openssl
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,27 +0,0 @@
-<!--
-NOTE:
-
-    If you're asking about how to use OpenSSL, this isn't the right
-    forum.  Please see our User Support resources:
-    https://github.com/openssl/openssl/blob/master/SUPPORT.md
-
-If relevant, please remember to tell us in what OpenSSL version you
-found the issue.
-
-Please remember to put ``` lines before and after any commands plus
-output and code, like this:
-
-    ```
-    $ echo output output output
-    output output output
-    ```
-
-    ```
-    #include <stdio.h>
-
-    int main() {
-        int foo = 1;
-        printf("%d\n", foo);
-    }
-    ```
-->
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,53 +0,0 @@
---
-name: Bug report
-labels: 'issue: bug report'
-about: Report a defect in the software
-
---
-
-<!--
-Thank you for your bug report. If this is your first one,
-please take the time to read the following lines before posting it.
-
-NOTE:
-
-    If you're asking about how to use OpenSSL, this isn't the right
-    forum.  Please see our User Support resources:
-    https://github.com/openssl/openssl/blob/master/SUPPORT.md
-
-Please remember to tell us in what OpenSSL version you found the issue.
-
-For build issues:
-
-    If this is a build issue, please include the configuration output
-    as well as a log of all errors.  Don't forget to include the exact
-    commands you typed.
-
-    With OpenSSL before 1.1.1, the configuration output comes from the
-    configuration command.  With OpenSSL 1.1.1 and on, it's the output
-    of `perl configdata.pm --dump`
-
-For other issues:
-
-    If it isn't a build issue, example code or commands to reproduce
-    the issue is highly appreciated.
-    Also, please remember to tell us if you worked with your own
-    OpenSSL build or if it is system provided.
-
-Please remember to put ``` lines before and after any commands plus
-output and code, like this:
-
-    ```
-    $ echo output output output
-    output output output
-    ```
-
-    ```
-    #include <stdio.h>
-
-    int main() {
-        int foo = 1;
-        printf("%d\n", foo);
-    }
-    ```
-->
--- a/.github/ISSUE_TEMPLATE/documentation.md
+++ b/.github/ISSUE_TEMPLATE/documentation.md
@@ -1,14 +0,0 @@
---
-name: Documentation
-labels: 'issue: documentation'
-about: Report an error in (or missing) documentation
---
-
-<!--
-Thank you for taking the time to report a documentation issue.
-
-Please remember to tell us which OpenSSL version you are using and then
-briefly describe the documentation error and where you encountered it
-(e.g., in which manual page). If you are missing the documentation for a
-certain command or API function, please tell us its name.
-->
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,34 +0,0 @@
---
-name: Feature request
-labels: 'issue: feature request'
-about: Propose a feature you would like to see added in the software
-
---
-
-<!--
-Thank you for your feature request. If this is your first one,
-please take the time to read the following lines before posting it.
-
-NOTE:
-
-    If you're asking about how to use OpenSSL, this isn't the right
-    forum.  Please see our User Support resources:
-    https://github.com/openssl/openssl/blob/master/SUPPORT.md
-
-Please remember to put ``` lines before and after any commands plus
-output and code, like this:
-
-    ```
-    $ echo output output output
-    output output output
-    ```
-
-    ```
-    #include <stdio.h>
-
-    int main() {
-        int foo = 1;
-        printf("%d\n", foo);
-    }
-    ```
-->
--- a/.github/ISSUE_TEMPLATE/question.md
+++ b/.github/ISSUE_TEMPLATE/question.md
@@ -1,10 +0,0 @@
---
-name: Question
-labels: 'issue: question'
-about: Please use Q&A in Discussions instead
---
-
-Please do NOT use issues to ask questions about OpenSSL.
-
-Instead, please use the [Q&A category in Discussions](<https://github.com/openssl/openssl/discussions/new?category=q-a>)
-to ask your question.
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,14 +0,0 @@
-<!--
-Thank you for your pull request. Please review these requirements:
-
-Contributors guide: https://github.com/openssl/openssl/blob/master/CONTRIBUTING.md
-
-Other than that, provide a description above this comment if there isn't one already
-
-If this fixes a GitHub issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message.
-->
-
-##### Checklist
-<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
- [ ] documentation is added or updated
- [ ] tests are added or updated
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,15 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    commit-message:
-      prefix: "Dependabot update\n\nCLA: trivial\n\n"
-      include: "scope"
-    labels:
-      - "dependencies"
-      - "cla: trivial"
-      - "approval: review pending"
-    reviewers:
-      - "openssl/committers"
--- a/.github/workflows/build_quic_interop_container.yml
+++ b/.github/workflows/build_quic_interop_container.yml
@@ -1,26 +0,0 @@
-name: "Build openssl interop container from master"
-
-on:
-  schedule:
-    - cron:  '40 02 * * *'
-  workflow_dispatch:
-
-jobs:
-  update_quay_container:
-    if: github.repository == 'openssl/openssl'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-         fetch-depth: 0
-      - name: "log in to quay.io"
-        run: |
-          docker login -u openssl-ci+machine -p ${{ secrets.QUAY_IO_PASSWORD }} quay.io
-      - name: "Build container"
-        run: |
-          cd test/quic-openssl-docker/
-          docker build -t quay.io/openssl-ci/openssl-quic-interop:latest .
-      - name: "Push to quay"
-        run: |
-          docker push quay.io/openssl-ci/openssl-quic-interop:latest
-
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,715 +0,0 @@
-# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: GitHub CI
-
-on: [pull_request, push]
-
-# for some reason, this does not work:
-# variables:
-#   BUILDOPTS: "-j4"
-#   HARNESS_JOBS: "${HARNESS_JOBS:-4}"
-
-# for some reason, this does not work:
-# before_script:
-#     - make="make -s"
-
-permissions:
-  contents: read
-
-env:
-  OSSL_RUN_CI_TESTS: 1
-
-jobs:
-  check_update:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install unifdef
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-    - name: config
-      run: ./config --strict-warnings --banner=Configured enable-fips && perl configdata.pm --dump
-    - name: make build_generated
-      run: make -s build_generated
-    - name: make update
-      run: make update
-    - name: git diff
-      run: git diff --exit-code
-
-  check_docs:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: ./config --strict-warnings --banner=Configured enable-fips && perl configdata.pm --dump
-    - name: make build_generated
-      run: make -s build_generated
-    - name: make doc-nits
-      run: make doc-nits
-    - name: make help
-      run: make help
-    - name: make md-nits
-      run: |
-          sudo gem install mdl
-          make md-nits
-
-  # This checks that we use ANSI C language syntax and semantics.
-  # We are not as strict with libraries, but rather adapt to what's
-  # expected to be available in a certain version of each platform.
-  check-ansi:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: CPPFLAGS='-ansi -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L' ./config --strict-warnings --banner=Configured enable-sslkeylog no-asm no-secure-memory no-makedepend enable-buildtest-c++ enable-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-
-  basic_gcc:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: localegen
-      run: sudo locale-gen tr_TR.UTF-8
-    - name: fipsvendor
-      # Make one fips build use a customized FIPS vendor
-      run: echo "FIPS_VENDOR=CI" >> VERSION.dat
-    - name: config
-      # enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
-      run: CC=gcc ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-sslkeylog enable-fips enable-quic && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: check fipsvendor
-      run: |
-        util/wrap.pl -fips apps/openssl list -providers | grep 'name: CI FIPS Provider for OpenSSL$'
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@basic-gcc"
-        path: artifacts.tar.gz
-
-  basic_clang:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: CC=clang ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@basic-clang"
-        path: artifacts.tar.gz
-
-  linux-arm64:
-    runs-on: ${{ github.repository == 'openssl/openssl' && 'linux-arm64' || 'ubuntu-24.04-arm' }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: ./config --strict-warnings enable-demos enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@linux-arm64"
-        path: artifacts.tar.gz
-
-  freebsd-x86_64:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: |
-          sudo pkg install -y gcc perl5
-          ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: ./configdata.pm --dump
-    - name: make
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: make -j4
-    - name: make test
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        run: |
-          ./util/opensslwrap.sh version -c
-          .github/workflows/make-test
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@BSD-x86_64"
-        path: artifacts.tar.gz
-
-  minimal:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
-    - name: make
-      run: make -j4 # verbose, so no -s here
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@minimal"
-        path: artifacts.tar.gz
-
-  no-deprecated:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-deprecated enable-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@no-deprecated"
-        path: artifacts.tar.gz
-
-  no-shared-ubuntu:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@no-shared-ubuntu"
-        path: artifacts.tar.gz
-
-  no-shared-macos:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [macos-13, macos-14]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        sysctl machdep.cpu
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@no-shared-${{ matrix.os }}"
-        path: artifacts.tar.gz
-
-  non-caching:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@non-caching"
-        path: artifacts.tar.gz
-
-  address_ub_sanitizer:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@address_ub_sanitizer"
-        path: artifacts.tar.gz
-
-  fuzz_tests:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: ./config --strict-warnings --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*"
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@fuzz_tests"
-        path: artifacts.tar.gz
-        if-no-files-found: ignore
-
-  memory_sanitizer:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
-      run: CC=clang ./config --strict-warnings --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips no-slh-dsa && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@memory_sanitizer"
-        path: artifacts.tar.gz
-
-  threads_sanitizer:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: CC=clang ./config --strict-warnings --banner=Configured no-shared no-fips -g -fsanitize=thread && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@threads_sanitizer"
-        path: artifacts.tar.gz
-
-  enable_non-default_options:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: modprobe tls
-      run: sudo modprobe tls
-    - name: config
-      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@enable_non-default_options"
-        path: artifacts.tar.gz
-
-  full_featured:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: modprobe tls
-      run: sudo modprobe tls
-    - name: Enable sctp
-      run: sudo modprobe sctp
-    - name: Enable auth in sctp
-      run: sudo sysctl -w net.sctp.auth_enable=1
-    - name: install extra config support
-      run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
-    - name: config
-      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@full_featured"
-        path: artifacts.tar.gz
-
-  no-legacy:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-legacy enable-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@no-legacy"
-        path: artifacts.tar.gz
-
-  legacy:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --strict-warnings --banner=Configured --debug no-afalgeng enable-demos enable-h3demo no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@legacy"
-        path: artifacts.tar.gz
-
-  # out-of-source-and-install checks multiple things at the same time:
-  # - That building, testing and installing works from an out-of-source
-  #   build tree
-  # - That building, testing and installing works with a read-only source
-  #   tree
-  out-of-readonly-source-and-install-ubuntu:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        path: ./source
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-      working-directory: ./source
-    - name: make source read-only
-      run: chmod -R a-w ./source
-    - name: create build and install directories
-      run: |
-        mkdir ./build
-        mkdir ./install
-    - name: config
-      run: |
-        ../source/config --banner=Configured enable-demos enable-h3demo enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
-        perl configdata.pm --dump
-      working-directory: ./build
-    - name: make
-      run: make -s -j4
-      working-directory: ./build
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-      working-directory: ./build
-    - name: make test
-      run: ../source/.github/workflows/make-test
-      working-directory: ./build
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@out-of-readonly-source-and-install-ubuntu"
-        path: build/artifacts.tar.gz
-    - name: make install
-      run: make install
-      working-directory: ./build
-
-  out-of-readonly-source-and-install-macos:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [macos-13, macos-14]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        path: ./source
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-      working-directory: ./source
-    - name: make source read-only
-      run: chmod -R a-w ./source
-    - name: create build and install directories
-      run: |
-        mkdir ./build
-        mkdir ./install
-    - name: config
-      run: |
-        ../source/config --banner=Configured enable-fips enable-demos enable-h3demo enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
-        perl configdata.pm --dump
-      working-directory: ./build
-    - name: make
-      run: make -s -j4
-      working-directory: ./build
-    - name: get cpu info
-      run: |
-        sysctl machdep.cpu
-        ./util/opensslwrap.sh version -c
-      working-directory: ./build
-    - name: make test
-      run: ../source/.github/workflows/make-test
-      working-directory: ./build
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@out-of-readonly-source-and-install-${{ matrix.os }}"
-        path: build/artifacts.tar.gz
-    - name: make install
-      run: make install
-      working-directory: ./build
-
-  external-tests-misc:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: recursive
-    - name: package installs
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy gdb
-    - name: install cpanm and Test2::V0 for gost_engine testing
-      uses: perl-actions/install-with-cpanm@stable
-      with:
-        install: Test2::V0
-    - name: setup hostname workaround
-      run: sudo hostname localhost
-    - name: config
-      run: ./config --strict-warnings --banner=Configured --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - uses: dtolnay/rust-toolchain@stable
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: test external gost-engine
-      run: make test TESTS="test_external_gost_engine"
-    - name: test external krb5
-      run: make test TESTS="test_external_krb5"
-    - name: test external tlsfuzzer
-      run: make test TESTS="test_external_tlsfuzzer"
-    - name: test external Cloudflare quiche
-      run: make test TESTS="test_external_cf_quiche" VERBOSE=1
-    - name: test ability to produce debuginfo files
-      run: |
-        make debuginfo
-        gdb < <(echo -e "file ./libcrypto.so.3\nquit") > ./results
-        grep -q "Reading symbols from.*libcrypto\.so\.3\.debug" results
-
-  external-tests-providers:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: recursive
-    - name: package installs
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq install meson pkg-config gnutls-bin libnss3-tools libnss3-dev libsofthsm2 opensc expect
-    - name: config
-      run: ./config --strict-warnings --banner=Configured --debug enable-external-tests && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: test external oqs-provider
-      run: make test TESTS="test_external_oqsprovider"
-    # Disabled temporarily: https://github.com/latchset/pkcs11-provider/pull/525#discussion_r1982805969
-    # - name: test external pkcs11-provider
-    #   run: make test TESTS="test_external_pkcs11_provider" VERBOSE=1
-
-  external-tests-pyca:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        PYTHON:
-          - 3.9
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: recursive
-    - name: package installs
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq install pkgconf libssl-dev
-    - name: Configure OpenSSL
-      run: ./config --strict-warnings --banner=Configured --debug enable-external-tests && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: Setup Python
-      uses: actions/setup-python@v5.3.0
-      with:
-        python-version: ${{ matrix.PYTHON }}
-    - uses: dtolnay/rust-toolchain@stable
-      with:
-        toolchain: stable 
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: test external pyca
-      run: make test TESTS="test_external_pyca" VERBOSE=1
--- a/.github/workflows/compiler-zoo.yml
+++ b/.github/workflows/compiler-zoo.yml
@@ -1,118 +0,0 @@
-# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Compiler Zoo CI
-
-on: [push]
-
-permissions:
-  contents: read
-
-jobs:
-  compiler:
-    strategy:
-      fail-fast: false
-      matrix:
-        zoo: [
-          {
-            cc: gcc-9,
-            distro: ubuntu-22.04
-          }, {
-            cc: gcc-10,
-            distro: ubuntu-22.04
-          }, {
-            cc: gcc-11,
-            distro: ubuntu-22.04
-          }, {
-            cc: gcc-12,
-            distro: ubuntu-22.04
-          }, {
-            cc: gcc-13,
-            distro: ubuntu-22.04,
-            gcc-ppa-name: ubuntu-toolchain-r/test
-          }, {
-            cc: clang-11,
-            distro: ubuntu-22.04
-          }, {
-            cc: clang-12,
-            distro: ubuntu-22.04
-          }, {
-            cc: clang-13,
-            distro: ubuntu-22.04
-          }, {
-            cc: clang-14,
-            distro: ubuntu-22.04
-          }, {
-            cc: clang-15,
-            distro: ubuntu-22.04,
-            llvm-ppa-name: jammy
-          }, {
-            cc: clang-16,
-            distro: ubuntu-22.04,
-            llvm-ppa-name: jammy
-          }, {
-            cc: clang-17,
-            distro: ubuntu-22.04,
-            llvm-ppa-name: jammy
-          }
-        ]
-    # We set per-compiler now to allow testing with both older and newer sets
-    # Often, the full range of oldest->newest compilers we want aren't available
-    # in a single version of Ubuntu.
-    runs-on: ${{ matrix.zoo.distro }}
-    steps:
-    - name: install packages
-      run: |
-        gcc_ppa_name="${{ matrix.zoo.gcc-ppa-name }}"
-        llvm_ppa_name="${{ matrix.zoo.llvm-ppa-name }}"
-
-        # In the Matrix above:
-        # - we set gcc-ppc-name if the GCC version isn't part of the Ubuntu version we're using (see https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test).
-        # - we set llvm-ppa-name if an LLVM version isn't part of the Ubuntu version we're using (see https://apt.llvm.org/).
-        # This is especially needed because even new Ubuntu LTSes aren't available
-        # until a while after release on Github Actions.
-        if [[ -n ${gcc_ppa_name} ]] ; then
-          sudo add-apt-repository ppa:ubuntu-toolchain-r/test
-          sudo apt-get update
-        elif [[ -n ${llvm_ppa_name} ]] ; then
-            wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key |\
-                gpg --dearmor |\
-                sudo tee /usr/share/keyrings/llvm-snapshot.gpg.key > /dev/null
-
-            clang_version="${{ matrix.zoo.cc }}"
-            clang_version="${clang_version/clang-}"
-
-            echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/${{ matrix.zoo.llvm-ppa-name }}/ llvm-toolchain-${{ matrix.zoo.llvm-ppa-name }}-${clang_version} main" \
-                | sudo tee /etc/apt/sources.list.d/llvm.list
-            echo "deb-src [signed-by=/usr/share/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/${{ matrix.zoo.llvm-ppa-name }}/ llvm-toolchain-${{ matrix.zoo.llvm-ppa-name }}-${clang_version} main" \
-                | sudo tee -a /etc/apt/sources.list.d/llvm.list
-
-            cat /etc/apt/sources.list.d/llvm.list
-        fi
-
-        sudo apt-get update
-        sudo apt-get -y install ${{ matrix.zoo.cc }}
-
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-
-    - name: config
-      run: |
-        CC=${{ matrix.zoo.cc }} ./config --strict-warnings --banner=Configured \
-            no-shared enable-fips
-
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
--- a/.github/workflows/coveralls.yml
+++ b/.github/workflows/coveralls.yml
@@ -1,126 +0,0 @@
-# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Coverage
-
-on:
-  schedule:
-    - cron: '15 02 * * *'
-  workflow_dispatch:
-    inputs:
-      branch:
-        description: Branch to measure coverage
-        required: true
-        default: master
-      extra_config:
-        description: Extra options for configuration script
-        default: ""
-
-permissions:
-  contents: read
-
-jobs:
-  define-matrix:
-    runs-on: ubuntu-latest
-    outputs:
-      branches: ${{ steps.branches.outputs.branches }}
-    steps:
-      - name: Define branches
-        id: branches
-        run: |
-          if [ "${{ github.event_name}}" = "workflow_dispatch" ]; then
-          MATRIX=$(cat << EOF
-          [{
-            "branch": "${{ github.event.inputs.branch }}",
-            "extra_config": "${{ github.event.inputs.extra_config }}"
-          }]
-          EOF
-          )
-          else
-          MATRIX=$(cat << EOF
-          [{
-              "branch": "openssl-3.5",
-              "extra_config": "no-afalgeng enable-fips enable-tfo"
-            },{
-              "branch": "openssl-3.4",
-              "extra_config": "no-afalgeng enable-fips enable-tfo"
-            }, {
-              "branch": "openssl-3.3",
-              "extra_config": "no-afalgeng enable-fips enable-tfo"
-            }, {
-              "branch": "openssl-3.2",
-              "extra_config": "no-afalgeng enable-fips enable-tfo"
-            }, {
-              "branch": "openssl-3.1",
-              "extra_config": "no-afalgeng enable-fips"
-            }, {
-              "branch": "openssl-3.0",
-              "extra_config": "no-afalgeng enable-fips"
-            }, {
-              "branch": "master",
-              "extra_config": "no-afalgeng enable-fips enable-tfo"
-          }]
-          EOF
-          )
-          fi
-          echo "branches<<EOF"$'\n'"$MATRIX"$'\n'EOF >> "$GITHUB_OUTPUT"
-
-  coverage:
-    needs: define-matrix
-    permissions:
-      checks: write     # for coverallsapp/github-action to create new checks
-      contents: read    # for actions/checkout to fetch code
-    strategy:
-      fail-fast: false
-      matrix:
-        branches: ${{ fromJSON(needs.define-matrix.outputs.branches) }}
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: recursive
-        ref: ${{ matrix.branches.branch }}
-    - name: cache commit id
-      run: |
-        echo "githubid=`/usr/bin/git log -1 --format='%H'`" >>$GITHUB_ENV
-    - name: package installs
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq install lcov
-        sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
-    - name: install Test2::V0 for gost_engine testing
-      uses: perl-actions/install-with-cpanm@stable
-      with:
-        install: Test2::V0
-    - name: setup hostname workaround
-      run: sudo hostname localhost
-    - name: config
-      run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test TESTS='-test_external_krb5' EVP_TEST_EXTENDED=1
-    - name: generate coverage info
-      run: lcov -d . -c
-             --exclude "${PWD}/test/*"
-             --exclude "${PWD}/fuzz/*"
-             --exclude "/usr/include/*"
-             --ignore-errors mismatch
-              -o ./lcov.info
-    - name: Coveralls upload
-      uses: coverallsapp/github-action@v2.3.2
-      with:
-        github-token: ${{ secrets.github_token }}
-        git-branch: ${{ matrix.branches.branch }}
-        git-commit: ${{ env.githubid }}
-        path-to-lcov: ./lcov.info
--- a/.github/workflows/cross-compiles.yml
+++ b/.github/workflows/cross-compiles.yml
@@ -1,233 +0,0 @@
-# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Cross Compile
-
-on: [pull_request, push]
-
-permissions:
-  contents: read
-
-jobs:
-  cross-compilation:
-    strategy:
-      fail-fast: false
-      matrix:
-        # The platform matrix specifies:
-        #   arch: the architecture to build for, this defines the tool-chain
-        #         prefix {arch}- and the Debian compiler package gcc-{arch}
-        #         name.
-        #   libs: the Debian package for the necessary link/runtime libraries.
-        #   target: the OpenSSL configuration target to use, this is passed
-        #           directly to the config command line.
-        #   fips:   set to "no" to disable building FIPS, leave unset to
-        #           build the FIPS provider.
-        #   tests: omit this to run all the tests using QEMU, set it to "none"
-        #          to never run the tests, otherwise its value is passed to
-        #          the "make test" command to allow selective disabling of
-        #          tests.
-        #   qemucpu: optional; string that describes CPU properties.
-        #            The string will be used to set the QEMU_CPU variable.
-        #   opensslcapsname: optional; string that describes the postfix of the
-        #                    OpenSSL environment variable that defines CPU
-        #                    capabilities. E.g. "foo" will result in an
-        #                    environment variable with the name OPENSSL_foo.
-        #   opensslcaps: optional; if opensslcapsname (see above) is set, then
-        #                this string will be used as content for the OpenSSL
-        #                capabilities variable.
-        #   ppa:   Launchpad PPA repository to download packages from.
-        platform: [
-          {
-            arch: i386-pc-msdosdjgpp,
-            libs: libc-djgpp-dev libwatt-djgpp-dev djgpp-utils,
-            target: no-threads 386 DJGPP,
-            tests: none,
-            ppa: jwt27/djgpp-toolchain
-          }, {
-            arch: aarch64-linux-gnu,
-            libs: libc6-dev-arm64-cross,
-            target: linux-aarch64,
-            fips: no
-          }, {
-            arch: alpha-linux-gnu,
-            libs: libc6.1-dev-alpha-cross,
-            target: linux-alpha-gcc,
-            fips: no
-          }, {
-            arch: arm-linux-gnueabi,
-            libs: libc6-dev-armel-cross,
-            target: linux-armv4,
-            fips: no,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            arch: arm-linux-gnueabihf,
-            libs: libc6-dev-armhf-cross,
-            target: linux-armv4,
-            fips: no,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            # gcc hppa seems to have some potential compiler issues
-            # with -O2 on this platform, reduce optimization to -01
-            arch: hppa-linux-gnu,
-            libs: libc6-dev-hppa-cross,
-            target: -static -O1 linux-generic32,
-            fips: no,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            arch: m68k-linux-gnu,
-            libs: libc6-dev-m68k-cross,
-            target: -static -m68040 linux-latomic -Wno-stringop-overflow,
-            fips: no,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            arch: mips-linux-gnu,
-            libs: libc6-dev-mips-cross,
-            target: -static linux-mips32,
-            fips: no,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            arch: mips64-linux-gnuabi64,
-            libs: libc6-dev-mips64-cross,
-            target: -static linux64-mips64,
-            fips: no
-          }, {
-            arch: mipsel-linux-gnu,
-            libs: libc6-dev-mipsel-cross,
-            target: linux-mips32,
-            fips: no,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            arch: powerpc64le-linux-gnu,
-            libs: libc6-dev-ppc64el-cross,
-            target: linux-ppc64le,
-            fips: no
-          }, {
-            arch: riscv64-linux-gnu,
-            libs: libc6-dev-riscv64-cross,
-            target: linux64-riscv64,
-            fips: no
-          }, {
-            arch: s390x-linux-gnu,
-            libs: libc6-dev-s390x-cross,
-            target: linux64-s390x -Wno-stringop-overflow,
-            fips: no
-          }, {
-            arch: sh4-linux-gnu,
-            libs: libc6-dev-sh4-cross,
-            target: no-async linux-latomic,
-            fips: no,
-            tests: -test_includes -test_store -test_x509_store
-          },
-
-          # These build with shared libraries but they crash when run
-          # They mirror static builds above in order to cover more of the
-          # code base.
-          {
-            arch: hppa-linux-gnu,
-            libs: libc6-dev-hppa-cross,
-            target: linux-generic32,
-            tests: none
-          }, {
-            arch: m68k-linux-gnu,
-            libs: libc6-dev-m68k-cross,
-            target: -mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic,
-            tests: none
-          }, {
-            arch: mips-linux-gnu,
-            libs: libc6-dev-mips-cross,
-            target: linux-mips32,
-            tests: none
-          }, {
-            arch: mips64-linux-gnuabi64,
-            libs: libc6-dev-mips64-cross,
-            target: linux64-mips64,
-            tests: none
-          },
-
-          # This build doesn't execute either with or without shared libraries.
-          {
-            arch: sparc64-linux-gnu,
-            libs: libc6-dev-sparc64-cross,
-            target: linux64-sparcv9,
-            tests: none
-          }
-        ]
-    runs-on: ubuntu-latest
-    steps:
-    - name: install package repository
-      if: matrix.platform.ppa != ''
-      run: |
-        sudo add-apt-repository ppa:${{ matrix.platform.ppa }}
-    - name: install packages
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --force-yes install \
-            gcc-${{ matrix.platform.arch }} \
-            ${{ matrix.platform.libs }}
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-
-    - name: config with FIPS
-      if: matrix.platform.fips != 'no'
-      run: |
-        ./config --banner=Configured --strict-warnings enable-fips \
-                 --cross-compile-prefix=${{ matrix.platform.arch }}- \
-                 ${{ matrix.platform.target }}
-    - name: config without FIPS
-      if: matrix.platform.fips == 'no'
-      run: |
-        ./config --banner=Configured --strict-warnings \
-                 --cross-compile-prefix=${{ matrix.platform.arch }}- \
-                 ${{ matrix.platform.target }}
-    - name: config dump
-      run: ./configdata.pm --dump
-
-    - name: make
-      run: make -s -j4
-
-    - name: install qemu
-      if: matrix.platform.tests != 'none'
-      run: sudo apt-get -yq --force-yes install qemu-user
-
-    - name: Set QEMU environment
-      if: matrix.platform.qemucpu != ''
-      run: echo "QEMU_CPU=${{ matrix.platform.qemucpu }}" >> $GITHUB_ENV
-
-    - name: Set OpenSSL caps environment
-      if: matrix.platform.opensslcapsname != ''
-      run: echo "OPENSSL_${{ matrix.platform.opensslcapsname }}=\
-                 ${{ matrix.platform.opensslcaps }}" >> $GITHUB_ENV
-
-    - name: get cpu info
-      run: cat /proc/cpuinfo
-
-    - name: make all tests
-      if: github.event_name == 'push' && matrix.platform.tests == ''
-      run: |
-        .github/workflows/make-test \
-                  TESTS="-test_afalg" \
-                  QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
-    - name: make some tests
-      if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != ''
-      run: |
-        .github/workflows/make-test \
-                  TESTS="${{ matrix.platform.tests }} -test_afalg" \
-                  QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
-    - name: make evp tests
-      if: github.event_name == 'pull_request' && matrix.platform.tests != 'none'
-      run: |
-        .github/workflows/make-test \
-                  TESTS="test_evp*" \
-                  QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
-    - name: save artifacts
-      if: success() || failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: "cross-compiles@${{ matrix.platform.arch }}"
-        path: artifacts.tar.gz
-        if-no-files-found: ignore
--- a/.github/workflows/deploy-docs-openssl-org.yml
+++ b/.github/workflows/deploy-docs-openssl-org.yml
@@ -1,24 +0,0 @@
-name: "Trigger docs.openssl.org deployment"
-
-on:
-  push:
-    branches:
-      - "openssl-3.[0-9]+"
-      - "master"
-    paths:
-      - "doc/man*/**"
-
-jobs:
-  trigger:
-    if: github.repository == 'openssl/openssl'
-    runs-on: ubuntu-latest
-    steps:
-      - name: "Trigger deployment workflow"
-        run: |
-          gh workflow run -f branch=${{ github.ref_name }} deploy-site.yaml
-          sleep 3
-          RUN_ID=$(gh run list -w deploy-site.yaml -L 1 --json databaseId -q ".[0].databaseId")
-          gh run watch ${RUN_ID} --exit-status
-        env:
-          GH_REPO: "openssl/openssl-docs"
-          GH_TOKEN: ${{ secrets.OPENSSL_MACHINE_TOKEN }}
--- a/.github/workflows/fips-checksums.yml
+++ b/.github/workflows/fips-checksums.yml
@@ -1,119 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: FIPS Check and ABIDIFF
-on: [pull_request]
-
-permissions:
-  contents: read
-
-jobs:
-  compute-checksums:
-    runs-on: ubuntu-latest
-    steps:
-      - name: install unifdef
-        run: |
-            sudo apt-get update
-            sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
-      - name: create build dirs
-        run: |
-          mkdir ./build-pristine
-          mkdir ./source-pristine
-          mkdir ./build
-          mkdir ./source
-          mkdir ./artifact
-      - uses: actions/checkout@v4
-        with:
-          repository: ${{ github.event.pull_request.base.repo.full_name }}
-          ref: ${{ github.event.pull_request.base.ref }}
-          path: source-pristine
-      - name: config pristine
-        run: ../source-pristine/config enable-fips
-        working-directory: ./build-pristine
-      - name: config pristine dump
-        run: ./configdata.pm --dump
-        working-directory: ./build-pristine
-      - name: make build_generated pristine
-        run: make -s build_generated
-        working-directory: ./build-pristine
-      - name: make fips-checksums pristine
-        run: make fips-checksums
-        working-directory: ./build-pristine
-      - uses: actions/checkout@v4
-        with:
-          path: source
-      - name: config
-        run: ../source/config enable-fips
-        working-directory: ./build
-      - name: config dump
-        run: ./configdata.pm --dump
-        working-directory: ./build
-      - name: make build_generated
-        run: make -s build_generated
-        working-directory: ./build
-      - name: make fips-checksums
-        run: make fips-checksums
-        working-directory: ./build
-      - name: update checksums
-        run: |
-          cp -a build-pristine/providers/fips.module.sources.new source/providers/fips.module.sources
-          cp -a build-pristine/providers/fips-sources.checksums.new source/providers/fips-sources.checksums
-          cp -a build-pristine/providers/fips.checksum.new source/providers/fips.checksum
-      - name: make diff-fips-checksums
-        run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED )
-        working-directory: ./build
-      - name: save PR number
-        run: echo ${{ github.event.number }} > ./artifact/pr_num
-      - name: save artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: fips_checksum
-          path: artifact/
-
-  compute-abidiff:
-    runs-on: ubuntu-latest
-    env:
-      BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd
-    steps:
-      - name: create build dirs
-        run: |
-          mkdir ./build-pristine
-          mkdir ./source-pristine
-          mkdir ./build
-          mkdir ./source
-          mkdir ./artifact
-      - name: install extra config support
-        run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
-      - uses: actions/checkout@v4
-        with:
-          repository: ${{ github.event.pull_request.base.repo.full_name }}
-          ref: ${{ github.event.pull_request.base.ref }}
-          path: source-pristine
-      - name: config pristine
-        run: ../source-pristine/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
-        working-directory: ./build-pristine
-      - name: make pristine
-        run: make -s -j4
-        working-directory: ./build-pristine
-      - uses: actions/checkout@v4
-        with:
-          path: source
-      - name: config
-        run: ../source/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
-        working-directory: ./build
-      - name: make
-        run: make -s -j4
-        working-directory: ./build
-      - name: abidiff
-        run: abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libcrypto.so ./build/libcrypto.so && abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libssl.so ./build/libssl.so && touch ./artifact/abi_unchanged || ( touch ./artifact/abi_changed ; echo ABI CHANGED )
-      - name: save PR number
-        run: echo ${{ github.event.number }} > ./artifact/pr_num
-      - name: save artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: abidiff
-          path: artifact/
--- a/.github/workflows/fips-label.yml
+++ b/.github/workflows/fips-label.yml
@@ -1,141 +0,0 @@
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: FIPS and ABI Changed Label
-on:
-  workflow_run:
-    workflows: ["FIPS Check and ABIDIFF"]
-    types:
-      - completed
-
-permissions:
-  contents: read
-
-jobs:
-  apply-label:
-    permissions:
-      actions: read
-      pull-requests: write
-    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.event == 'pull_request' }}
-    steps:
-      - name: 'Download fipscheck artifact'
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-        uses: actions/github-script@v7
-        with:
-          script: |
-            var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: ${{github.event.workflow_run.id }},
-            });
-            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "fips_checksum"
-            })[0];
-            var download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
-            });
-            var fs = require('fs');
-            fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
-      - run: unzip artifact.zip
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-      - name: 'Check artifact and apply'
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            var fs = require('fs');
-            var pr_num = Number(fs.readFileSync('./pr_num'));
-            if ( fs.existsSync('./fips_changed') ) {
-              github.rest.issues.addLabels({
-                issue_number: pr_num,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                labels: ['severity: fips change']
-              });
-            } else if ( fs.existsSync('./fips_unchanged') ) {
-              var labels = await github.rest.issues.listLabelsOnIssue({
-                issue_number: pr_num,
-                owner: context.repo.owner,
-                repo: context.repo.repo
-              });
-
-              for ( var label in labels.data ) {
-                if (labels.data[label].name == 'severity: fips change') {
-                  github.rest.issues.removeLabel({
-                    issue_number: pr_num,
-                    owner: context.repo.owner,
-                    repo: context.repo.repo,
-                    name: 'severity: fips change'
-                  });
-                }
-              }
-            }
-      - name: 'Cleanup artifact'
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-        run: rm artifact.zip pr_num
-
-      - name: 'Download abidiff artifact'
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-        uses: actions/github-script@v7
-        with:
-          script: |
-            var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: ${{github.event.workflow_run.id }},
-            });
-            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "abidiff"
-            })[0];
-            var download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
-            });
-            var fs = require('fs');
-            fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
-      - run: unzip artifact.zip
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-      - name: 'Check artifact and apply'
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            var fs = require('fs');
-            var pr_num = Number(fs.readFileSync('./pr_num'));
-            if ( fs.existsSync('./abi_changed') ) {
-              github.rest.issues.addLabels({
-                issue_number: pr_num,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                labels: ['severity: ABI change']
-              });
-            } else if ( fs.existsSync('./abi_unchanged') ) {
-              var labels = await github.rest.issues.listLabelsOnIssue({
-                issue_number: pr_num,
-                owner: context.repo.owner,
-                repo: context.repo.repo
-              });
-
-              for ( var label in labels.data ) {
-                if (labels.data[label].name == 'severity: ABI change') {
-                  github.rest.issues.removeLabel({
-                    issue_number: pr_num,
-                    owner: context.repo.owner,
-                    repo: context.repo.repo,
-                    name: 'severity: ABI change'
-                  });
-                }
-              }
-            }
--- a/.github/workflows/fuzz-checker.yml
+++ b/.github/workflows/fuzz-checker.yml
@@ -1,79 +0,0 @@
-# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Fuzz-checker CI
-
-on: [push]
-
-permissions:
-  contents: read
-
-jobs:
-  fuzz-checker:
-    strategy:
-      fail-fast: false
-      matrix:
-        fuzzy: [
-          {
-            name: AFL,
-            config: enable-fuzz-afl no-module,
-            install: afl++,
-            cc: afl-clang-fast
-          }, {
-            name: libFuzzer,
-            config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function,
-            libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
-            install: libfuzzer-18-dev,
-            cc: clang-18,
-            linker: clang++-18,
-            tests: -test_memleak
-          }, {
-            name: libFuzzer+,
-            config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
-            libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
-            extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
-            install: libfuzzer-18-dev,
-            cc: clang-18,
-            linker: clang++-18,
-            tests: -test_memleak
-          }
-        ]
-    runs-on: ubuntu-24.04
-    steps:
-    - name: install packages
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - uses: actions/checkout@v4
-
-    - name: config
-      run: |
-        CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
-            ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
-
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make with explicit linker
-      if: matrix.fuzzy.linker != ''
-      run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
-    - name: make sans explicit linker
-      if: matrix.fuzzy.linker == ''
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test restricted
-      if: matrix.fuzzy.tests != ''
-      run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
-    - name: make test all
-      if: matrix.fuzzy.tests == ''
-      run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4}
--- a/.github/workflows/interop-tests.yml
+++ b/.github/workflows/interop-tests.yml
@@ -1,55 +0,0 @@
-# Notes:
-# /__w/openssl is the path that github bind-mounts into the container so the ci
-# filesystem for this job can be reached.  Please note that any changes made to
-# this job involving file system paths should be made prefixed with, or relative
-# to that directory
-name: Interoperability tests with GnuTLS and NSS
-on:
-  schedule:
-    - cron: '55 02 * * *'
-  workflow_dispatch:
-
-jobs:
-  test:
-    runs-on: ubuntu-22.04
-    container:
-      image: docker.io/fedora:40
-      options: --sysctl net.ipv6.conf.lo.disable_ipv6=0
-    timeout-minutes: 90
-    strategy:
-      fail-fast: false
-      matrix:
-        COMPONENT: [gnutls, nss]
-    env:
-      COMPONENT: ${{ matrix.COMPONENT }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Display environment
-        run: export
-      - name : Install needed tools
-        run: |
-          dnf -y install perl gcc rpmdevtools dnf-utils make tmt-all beakerlib \
-                 fips-mode-setup crypto-policies-scripts
-      - name: install interop tests
-        run: |
-          cd ${GITHUB_WORKSPACE}
-          git clone --branch=openssl-v0.1 --depth=1 https://gitlab.com/redhat-crypto/tests/interop.git
-      - name: build openssl as an rpm
-        run: |
-          mkdir -p /build/SPECS && cd /build && echo -e "%_topdir /build\n%_lto_cflags %{nil}" >~/.rpmmacros && rpmdev-setuptree
-          cd /build && cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.spec SPECS/ && \
-          cd SPECS/ && source ${GITHUB_WORKSPACE}/VERSION.dat && \
-          sed -i "s/^Version: .*\$/Version: $MAJOR.$MINOR.$PATCH/" openssl.spec && \
-          sed -i 's/^Release: .*$/Release: dev/' openssl.spec
-          yum-builddep -y /build/SPECS/openssl.spec # just for sure nothing is missing
-          mkdir -p /build/SOURCES
-          tar --transform "s/^__w\/openssl\/openssl/openssl-$MAJOR.$MINOR.$PATCH/" -czf /build/SOURCES/openssl-$MAJOR.$MINOR.$PATCH.tar.gz /__w/openssl/openssl/
-          rpmbuild -bb /build/SPECS/openssl.spec
-          dnf install -y /build/RPMS/x86_64/openssl-*
-          cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.cnf /etc/pki/tls/openssl.cnf
-      - name: Run interop tests
-        run: |
-          cd interop
-          tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local --feeling-safe execute -h tmt --interactive
-          openssl version
-          echo "Finished - important to prevent unwanted output truncating"
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,33 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: CIFuzz
-on: [pull_request, push]
-permissions:
-  contents: read
-
-jobs:
-  Fuzzing:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Build Fuzzers
-      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
-      with:
-        oss-fuzz-project-name: 'openssl'
-        dry-run: false
-    - name: Run Fuzzers
-      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
-      with:
-        oss-fuzz-project-name: 'openssl'
-        fuzz-seconds: 600
-        dry-run: false
-    - name: Upload Crash
-      uses: actions/upload-artifact@v4
-      if: failure()
-      with:
-        name: artifacts
-        path: ./out/artifacts
--- a/.github/workflows/make-release.yml
+++ b/.github/workflows/make-release.yml
@@ -1,42 +0,0 @@
-# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: "Make release"
-
-on:
-  push:
-    tags:
-      - "openssl-*"
-
-jobs:
-  release:
-    runs-on: "releaser"
-    steps:
-    - name: "Checkout"
-      uses: "actions/checkout@v4"
-      with:
-        fetch-depth: 1
-        ref: ${{ github.ref_name }}
-        github-server-url: "https://github.openssl.org/"
-        repository: "openssl/openssl"
-        token: ${{ secrets.GHE_TOKEN }}
-        path: ${{ github.ref_name }}
-    - name: "Prepare assets"
-      run: |
-        cd ${{ github.ref_name }}
-        ./util/mktar.sh
-        mkdir assets && mv ${{ github.ref_name }}.tar.gz assets/ && cd assets
-        openssl sha1 -r ${{ github.ref_name }}.tar.gz > ${{ github.ref_name }}.tar.gz.sha1
-        openssl sha256 -r ${{ github.ref_name }}.tar.gz > ${{ github.ref_name }}.tar.gz.sha256
-        gpg -u ${{ vars.signing_key_uid }} -o ${{ github.ref_name }}.tar.gz.asc -sba ${{ github.ref_name }}.tar.gz
-    - name: "Create release"
-      env:
-        GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
-      run: |
-        VERSION=$(echo ${{ github.ref_name }} | cut -d "-" -f 2-)
-        PRE_RELEASE=$([[ ${{ github.ref_name }} =~ alpha|beta ]] && echo "-p" || echo "")
-        gh release create ${{ github.ref_name }} $PRE_RELEASE -t "OpenSSL $VERSION" -d --notes " " -R ${{ github.repository }} ${{ github.ref_name }}/assets/*
--- a/.github/workflows/make-test
+++ b/.github/workflows/make-test
@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-set -eo pipefail
-
-cleanup() {
-    # Remove if nothing was generated.
-    [ -d artifacts ] && find artifacts -type d -empty -delete
-}
-trap cleanup EXIT
-
-# Make a central directory to store all output artifacts of our test run to
-# avoid having to configure multiple upload-artifacts steps in the workflow
-# file.
-OSSL_CI_ARTIFACTS_PATH="artifacts/"
-if [ -n "${GITHUB_RUN_NUMBER}" ]; then
-    OSSL_CI_ARTIFACTS_PATH="artifacts/github-${GITHUB_JOB}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ID}/"
-fi
-mkdir -p "$OSSL_CI_ARTIFACTS_PATH"
-export OSSL_CI_ARTIFACTS_PATH="$(cd "$OSSL_CI_ARTIFACTS_PATH"; pwd)"
-
-# Run the tests. This might fail, but we need to capture artifacts anyway.
-set +e
-make test HARNESS_JOBS=${HARNESS_JOBS:-4} "$@"
-RESULT=$?
-set -e
-
-# Move an interesting subset of the test-runs data we want into the artifacts
-# staging directory.
-for test_name in quic_multistream; do
-    if [ -d "test-runs/test_${test_name}" ]; then
-        mv "test-runs/test_${test_name}" "$OSSL_CI_ARTIFACTS_PATH/"
-    fi
-done
-
-# Log the artifact tree.
-echo "::group::List of artifact files generated"
-echo "Test suite exited with $RESULT, artifacts path is $OSSL_CI_ARTIFACTS_PATH"
-(cd "$OSSL_CI_ARTIFACTS_PATH"; find . -type f | sort)
-echo "::endgroup::"
-
-echo "Archive artifacts"
-tar -czf artifacts.tar.gz $OSSL_CI_ARTIFACTS_PATH
-
-exit $RESULT
--- a/.github/workflows/os-zoo.yml
+++ b/.github/workflows/os-zoo.yml
@@ -1,265 +0,0 @@
-# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: OS Zoo CI
-
-on:
-  schedule:
-    - cron: '50 02 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  alpine:
-    strategy:
-      fail-fast: false
-      matrix:
-        tag: [edge, latest]
-        cc: [gcc, clang]
-    runs-on: ubuntu-latest
-    container:
-      image: docker.io/library/alpine:${{ matrix.tag }}
-    env:
-      # See https://www.openwall.com/lists/musl/2022/02/16/14
-      # for the reason why -Wno-sign-compare is needed with clang
-      # -Wno-stringop-overflow is needed to silence a bogus
-      # warning on new fortify-headers with gcc
-      EXTRA_CFLAGS: ${{ matrix.cc == 'clang' && '-Wno-sign-compare' || matrix.tag == 'edge' && '-Wno-stringop-overflow' || '' }}
-      CC: ${{ matrix.cc }}
-    steps:
-    - name: install packages
-      run: apk --no-cache add build-base perl linux-headers ${{ matrix.cc }}
-    - uses: actions/checkout@v4
-    - name: config
-      run: |
-        ./config --strict-warnings --banner=Configured no-shared enable-fips \
-                 ${EXTRA_CFLAGS}
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  linux:
-    strategy:
-      fail-fast: false
-      matrix:
-        zoo:
-          - image: docker.io/library/debian:10
-            install: apt-get update && apt-get install -y gcc make perl
-          - image: docker.io/library/debian:11
-            install: apt-get update && apt-get install -y gcc make perl
-          - image: docker.io/library/debian:12
-            install: apt-get update && apt-get install -y gcc make perl
-          - image: docker.io/library/ubuntu:20.04
-            install: apt-get update && apt-get install -y gcc make perl
-          - image: docker.io/library/ubuntu:22.04
-            install: apt-get update && apt-get install -y gcc make perl
-          - image: docker.io/library/fedora:38
-            install: dnf install -y gcc make perl-core
-          - image: docker.io/library/fedora:39
-            install: dnf install -y gcc make perl-core
-          - image: docker.io/library/centos:8
-            install: |
-              sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && \
-              sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* && \
-              dnf install -y gcc make perl-core
-          - image: docker.io/library/rockylinux:8
-            install: dnf install -y gcc make perl-core
-          - image: docker.io/library/rockylinux:9
-            install: dnf install -y gcc make perl-core
-    runs-on: ubuntu-latest
-    container: ${{ matrix.zoo.image }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: install packages
-      run: ${{ matrix.zoo.install }}
-    - name: config
-      run: ./config
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  macos:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [macos-13, macos-14, macos-15]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --strict-warnings --banner=Configured enable-fips
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        sysctl machdep.cpu
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  windows:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [windows-2019, windows-2022]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-    - name: install nasm
-      run: |
-        choco install nasm
-        "C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: config
-      working-directory: _build
-      run: perl ..\Configure --banner=Configured no-makedepend enable-fips
-    - name: config dump
-      working-directory: _build
-      run: ./configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake /S
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: get cpu info
-      working-directory: _build
-      run: |
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        apps/openssl.exe version -c
-    - name: test
-      working-directory: _build
-      run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4
-
-  linux-arm64:
-    runs-on: linux-arm64
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -j4
-    - name: get cpu info
-      run: ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  linux-ppc64le:
-    runs-on: linux-ppc64le
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  linux-s390x:
-    runs-on: linux-s390x
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: ./config --strict-warnings -Wno-stringop-overflow enable-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  linux-riscv64:
-    runs-on: linux-riscv64
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -j8
-    - name: get cpu info
-      run: ./util/opensslwrap.sh version -c
-    - name: make test
-      env:
-        OPENSSL_riscvcap: ZBA_ZBB_ZBC_ZBS_ZKT
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  freebsd-x86_64:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: |
-          sudo pkg install -y gcc perl5
-          ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: ./configdata.pm --dump
-    - name: make
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: make -j4
-    - name: make test
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        run: |
-          ./util/opensslwrap.sh version -c
-          .github/workflows/make-test
--- a/.github/workflows/prov-compat-label.yml
+++ b/.github/workflows/prov-compat-label.yml
@@ -1,272 +0,0 @@
-# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# This verifies that FIPS and legacy providers built against some earlier
-# released versions continue to run against the current branch.
-
-name: Provider compatibility for PRs
-
-on: [pull_request]
-
-permissions:
-  contents: read
-
-env:
-  opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
-
-jobs:
-  fips-releases:
-    if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
-    strategy:
-      matrix:
-        release: [
-          # Formally released versions should be added here.
-          #     `dir' it the directory inside the tarball.
-          #     `tgz' is the name of the tarball.
-          #     `url' is the download URL.
-          {
-            dir: openssl-3.0.0,
-            tgz: openssl-3.0.0.tar.gz,
-            url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
-          },
-          {
-            dir: openssl-3.0.8,
-            tgz: openssl-3.0.8.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
-          },
-          {
-            dir: openssl-3.0.9,
-            tgz: openssl-3.0.9.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
-          },
-          {
-            dir: openssl-3.1.2,
-            tgz: openssl-3.1.2.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
-          },
-        ]
-
-    runs-on: ubuntu-latest
-    steps:
-      - name: create download directory
-        run: mkdir downloads
-      - name: download release source
-        run: wget --no-verbose ${{ matrix.release.url }}
-        working-directory: downloads
-      - name: unpack release source
-        run: tar xzf downloads/${{ matrix.release.tgz }}
-
-      - name: localegen
-        run: sudo locale-gen tr_TR.UTF-8
-
-      - name: config release
-        run: |
-          ./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
-        working-directory: ${{ matrix.release.dir }}
-      - name: config dump release
-        run: ./configdata.pm --dump
-        working-directory: ${{ matrix.release.dir }}
-
-      - name: make release
-        run: make -s -j4
-        working-directory: ${{ matrix.release.dir }}
-
-      - name: create release artifacts
-        run: |
-          tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
-
-      - name: show module versions from release
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.release.dir }}
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.release.tgz }}
-          path: ${{ matrix.release.tgz }}
-          retention-days: 7
-
-  development-branches:
-    if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
-    strategy:
-      matrix:
-        branch: [
-          # Currently supported FIPS capable branches should be added here.
-          #     `name' is the branch name used to checkout out.
-          #     `dir' directory that will be used to build and test in.
-          #     `tgz' is the name of the tarball use to keep the artifacts of
-          #         the build.
-          {
-            name: '',
-            dir: PR,
-            tgz: PR.tar.gz,
-          }, {
-            name: openssl-3.0,
-            dir: branch-3.0,
-            tgz: branch-3.0.tar.gz,
-          }, {
-            name: openssl-3.2,
-            dir: branch-3.2,
-            tgz: branch-3.2.tar.gz,
-          }, {
-            name: openssl-3.3,
-            dir: branch-3.3,
-            tgz: branch-3.3.tar.gz,
-          }, {
-            name: openssl-3.4,
-            dir: branch-3.4,
-            tgz: branch-3.4.tar.gz,
-          }, {
-            name: openssl-3.5,
-            dir: branch-3.5,
-            tgz: branch-3.5.tar.gz,
-          }, {
-            name: master,
-            dir: branch-master,
-            tgz: branch-master.tar.gz,
-          },
-        ]
-
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          path: ${{ matrix.branch.dir }}
-          repository: openssl/openssl
-          ref: ${{ matrix.branch.name }}
-      - name: localegen
-        run: sudo locale-gen tr_TR.UTF-8
-
-      - name: config branch
-        run: |
-          ./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
-        working-directory: ${{ matrix.branch.dir }}
-      - name: config dump current
-        run: ./configdata.pm --dump
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: make branch
-        run: make -s -j4
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: create branch artifacts
-        run: |
-          tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
-
-      - name: show module versions from branch
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: get cpu info
-        run: |
-          cat /proc/cpuinfo
-          ./util/opensslwrap.sh version -c
-        working-directory: ${{ matrix.branch.dir }}
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.branch.tgz }}
-          path: ${{ matrix.branch.tgz }}
-          retention-days: 7
-
-  cross-testing:
-    if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
-    needs: [fips-releases, development-branches]
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        # These can't be figured out earlier and included here as a variable
-        # substitution.
-        #
-        # Note that releases are not used as a test environment for
-        # later providers.  Problems in these situations ought to be
-        # caught by cross branch testing before the release.
-        tree_a: [ branch-3.5, branch-3.4, branch-3.3, branch-3.2, branch-3.0,
-                  openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
-        tree_b: [ PR ]
-        include:
-          - tree_a: PR
-            tree_b: branch-master
-          - tree_a: PR
-            tree_b: branch-3.5
-          - tree_a: PR
-            tree_b: branch-3.4
-          - tree_a: PR
-            tree_b: branch-3.3
-          - tree_a: PR
-            tree_b: branch-3.2
-          - tree_a: PR
-            tree_b: branch-3.0
-    steps:
-      - name: early exit checks
-        id: early_exit
-        run: |
-          if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ];           \
-          then                                                              \
-            echo "Skipping because both are the same version";              \
-            exit 1;                                                         \
-          fi
-        continue-on-error: true
-
-      - uses: actions/download-artifact@v4.1.8
-        if: steps.early_exit.outcome == 'success'
-        with:
-          name: ${{ matrix.tree_a }}.tar.gz
-      - name: unpack first build
-        if: steps.early_exit.outcome == 'success'
-        run: tar xzf "${{ matrix.tree_a }}.tar.gz"
-
-      - uses: actions/download-artifact@v4.1.8
-        if: steps.early_exit.outcome == 'success'
-        with:
-          name: ${{ matrix.tree_b }}.tar.gz
-      - name: unpack second build
-        if: steps.early_exit.outcome == 'success'
-        run: tar xzf "${{ matrix.tree_b }}.tar.gz"
-
-      - name: set up cross validation of FIPS from A with tree from B
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          cp providers/fips.so ../${{ matrix.tree_b }}/providers/
-          cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
-        working-directory: ${{ matrix.tree_a }}
-
-      - name: show module versions from cross validation
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.tree_b }}
-
-      - name: get cpu info
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          cat /proc/cpuinfo
-          ./util/opensslwrap.sh version -c
-        working-directory: ${{ matrix.tree_b }}
-
-      - name: run cross validation tests of FIPS from A with tree from B
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-        working-directory: ${{ matrix.tree_b }}
--- a/.github/workflows/provider-compatibility.yml
+++ b/.github/workflows/provider-compatibility.yml
@@ -1,266 +0,0 @@
-# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# This verifies that FIPS and legacy providers built against some earlier
-# released versions continue to run against the current branch.
-
-name: Provider compatibility across versions
-
-# Please note there is no point in running this job on PR as the tests
-# will always run against the tips of the branches in the main repository
-# and not the branch from the PR.
-# Use the `extended tests` label to run provider compatibility checks
-# on PRs.
-on:
-  schedule:
-    - cron: '10 02 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-env:
-  opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
-
-jobs:
-  fips-releases:
-    strategy:
-      matrix:
-        release: [
-          # Formally released versions should be added here.
-          #     `dir' it the directory inside the tarball.
-          #     `tgz' is the name of the tarball.
-          #     `url' is the download URL.
-          {
-            dir: openssl-3.0.0,
-            tgz: openssl-3.0.0.tar.gz,
-            url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
-          },
-          {
-            dir: openssl-3.0.8,
-            tgz: openssl-3.0.8.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
-          },
-          {
-            dir: openssl-3.0.9,
-            tgz: openssl-3.0.9.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
-          },
-          {
-            dir: openssl-3.1.2,
-            tgz: openssl-3.1.2.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
-          },
-        ]
-
-    runs-on: ubuntu-latest
-    steps:
-      - name: create download directory
-        run: mkdir downloads
-      - name: download release source
-        run: wget --no-verbose ${{ matrix.release.url }}
-        working-directory: downloads
-      - name: unpack release source
-        run: tar xzf downloads/${{ matrix.release.tgz }}
-
-      - name: localegen
-        run: sudo locale-gen tr_TR.UTF-8
-
-      - name: config release
-        run: |
-          ./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
-        working-directory: ${{ matrix.release.dir }}
-      - name: config dump release
-        run: ./configdata.pm --dump
-        working-directory: ${{ matrix.release.dir }}
-
-      - name: make release
-        run: make -s -j4
-        working-directory: ${{ matrix.release.dir }}
-
-      - name: create release artifacts
-        run: |
-          tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
-
-      - name: show module versions from release
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.release.dir }}
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.release.tgz }}
-          path: ${{ matrix.release.tgz }}
-          retention-days: 7
-
-  development-branches:
-    strategy:
-      matrix:
-        branch: [
-          # Currently supported FIPS capable branches should be added here.
-          #     `name' is the branch name used to checkout out.
-          #     `dir' directory that will be used to build and test in.
-          #     `tgz' is the name of the tarball use to keep the artifacts of
-          #         the build.
-          {
-            name: openssl-3.0,
-            dir: branch-3.0,
-            tgz: branch-3.0.tar.gz,
-          }, {
-            name: openssl-3.2,
-            dir: branch-3.2,
-            tgz: branch-3.2.tar.gz,
-          }, {
-            name: openssl-3.3,
-            dir: branch-3.3,
-            tgz: branch-3.3.tar.gz,
-          }, {
-            name: openssl-3.4,
-            dir: branch-3.4,
-            tgz: branch-3.4.tar.gz,
-          }, {
-            name: openssl-3.5,
-            dir: branch-3.5,
-            tgz: branch-3.5.tar.gz,
-          }, {
-            name: master,
-            dir: branch-master,
-            tgz: branch-master.tar.gz,
-          },
-        ]
-
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          path: ${{ matrix.branch.dir }}
-          repository: openssl/openssl
-          ref: ${{ matrix.branch.name }}
-      - name: localegen
-        run: sudo locale-gen tr_TR.UTF-8
-
-      - name: config branch
-        run: |
-          ./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
-        working-directory: ${{ matrix.branch.dir }}
-      - name: config dump current
-        run: ./configdata.pm --dump
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: make branch
-        run: make -s -j4
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: create branch artifacts
-        run: |
-          tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
-
-      - name: show module versions from branch
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: get cpu info
-        run: |
-          cat /proc/cpuinfo
-          ./util/opensslwrap.sh version -c
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: make test
-        run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-        working-directory: ${{ matrix.branch.dir }}
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.branch.tgz }}
-          path: ${{ matrix.branch.tgz }}
-          retention-days: 7
-
-  cross-testing:
-    needs: [fips-releases, development-branches]
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        # These can't be figured out earlier and included here as a variable
-        # substitution.
-        #
-        # Note that releases are not used as a test environment for
-        # later providers.  Problems in these situations ought to be
-        # caught by cross branch testing before the release.
-        tree_a: [ branch-master, branch-3.5, branch-3.4, branch-3.3,
-                  branch-3.2, branch-3.0,
-                  openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
-        tree_b: [ branch-master, branch-3.5, branch-3.4, branch-3.3,
-                  branch-3.2, branch-3.0  ]
-    steps:
-      - name: early exit checks
-        id: early_exit
-        run: |
-          if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ];           \
-          then                                                              \
-            echo "Skipping because both are the same version";              \
-            exit 1;                                                         \
-          fi
-        continue-on-error: true
-
-      - uses: actions/download-artifact@v4.1.8
-        if: steps.early_exit.outcome == 'success'
-        with:
-          name: ${{ matrix.tree_a }}.tar.gz
-      - name: unpack first build
-        if: steps.early_exit.outcome == 'success'
-        run: tar xzf "${{ matrix.tree_a }}.tar.gz"
-
-      - uses: actions/download-artifact@v4.1.8
-        if: steps.early_exit.outcome == 'success'
-        with:
-          name: ${{ matrix.tree_b }}.tar.gz
-      - name: unpack second build
-        if: steps.early_exit.outcome == 'success'
-        run: tar xzf "${{ matrix.tree_b }}.tar.gz"
-
-      - name: set up cross validation of FIPS from A with tree from B
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          cp providers/fips.so ../${{ matrix.tree_b }}/providers/
-          cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
-        working-directory: ${{ matrix.tree_a }}
-
-      - name: show module versions from cross validation
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.tree_b }}
-
-      - name: get cpu info
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          cat /proc/cpuinfo
-          ./util/opensslwrap.sh version -c
-        working-directory: ${{ matrix.tree_b }}
-
-      - name: run cross validation tests of FIPS from A with tree from B
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-        working-directory: ${{ matrix.tree_b }}
--- a/.github/workflows/run-checker-ci.yml
+++ b/.github/workflows/run-checker-ci.yml
@@ -1,65 +0,0 @@
-# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# Jobs run per pull request submission
-name: Run-checker CI
-on: [pull_request, push]
-permissions:
-  contents: read
-
-env:
-  OSSL_RUN_CI_TESTS: 1
-
-jobs:
-  run-checker:
-    strategy:
-      fail-fast: false
-      matrix:
-        opt: [
-          no-cmp,
-          no-cms,
-          no-dgram,
-          no-dh,
-          no-dtls,
-          no-ec,
-          no-ecx,
-          no-ml-dsa,
-          no-ml-kem,
-          no-http,
-          no-legacy,
-          no-sock,
-          no-ssl-trace,
-          no-stdio,
-          no-threads,
-          no-thread-pool,
-          no-default-thread-pool,
-          no-tls,
-          no-tls1_2,
-          no-tls1_3,
-          enable-trace enable-fips,
-          no-ui,
-          no-quic
-        ]
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
-    - name: Check platform symbol usage
-      run: ./util/checkplatformsyms.pl ./util/platform_symbols/unix-symbols.txt ./libcrypto.so ./libssl.so
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
--- a/.github/workflows/run-checker-daily.yml
+++ b/.github/workflows/run-checker-daily.yml
@@ -1,367 +0,0 @@
-# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Run-checker daily
-# Jobs run daily
-
-on:
-  schedule:
-    - cron: '30 02 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  run-checker:
-    strategy:
-      fail-fast: false
-      matrix:
-        opt: [
-          386,
-          no-afalgeng,
-          no-apps,
-          no-aria,
-          no-asan,
-          no-asm,
-          no-async,
-          no-atexit,
-          no-autoalginit,
-          no-autoerrinit,
-          no-autoload-config,
-          no-bf,
-          no-blake2,
-          no-buildtest-c++,
-          no-bulk,
-          no-cached-fetch,
-          no-camellia,
-          no-capieng,
-          no-cast,
-          no-chacha,
-          no-cmac,
-          no-comp,
-          enable-crypto-mdebug,
-          enable-crypto-mdebug-backtrace,
-          no-ct,
-          enable-demos,
-          no-deprecated,
-          no-des,
-#          enable-devcryptoeng,  # Cannot work on Linux
-          no-docs,
-          no-dsa,
-          no-dtls1,
-          no-dtls1_2,
-          no-dtls1_2-method,
-          no-dtls1-method,
-          no-ecdh,
-          no-ecdsa,
-          enable-ec_nistp_64_gcc_128,
-          enable-egd,
-          no-engine,
-#          enable-external-tests,  # Requires extra setup
-          enable-fips,
-          enable-fips enable-acvp-tests,
-          enable-fips no-tls1_3,
-          enable-fips no-des no-dsa no-ec2m,
-#          enable-fuzz-afl,        # Requires extra setup
-#          enable-fuzz-libfuzzer,  # Requires extra setup
-          no-gost,
-          enable-h3demo,
-          enable-heartbeats,
-          enable-hqinterop,
-          no-hw,
-          no-hw-padlock,
-          no-idea,
-          no-makedepend,
-          enable-md2,
-          no-md4,
-          no-mdc2,
-          no-msan,
-          no-multiblock,
-          no-nextprotoneg,
-          no-ocb,
-          no-padlockeng,
-          no-pic,
-          no-poly1305,
-          no-posix-io,
-          no-psk,
-          no-rc2,
-          enable-rc5,
-          no-rdrand,
-          no-rfc3779,
-          no-ripemd,
-          no-rmd160,
-          no-scrypt,
-          no-secure-memory,
-          no-seed,
-          no-shared,
-          no-siphash,
-          no-siv,
-          no-sm2,
-          no-sm2-precomp,
-          no-sm3,
-          no-sm4,
-          no-sock,
-          no-sse2,
-          no-ssl,
-          enable-ssl3,
-          enable-ssl3-method,
-          enable-sslkeylog,
-          no-static-engine no-shared,
-          no-tests,
-          enable-tfo,
-          no-tls1,
-          no-tls1_1,
-          no-tls1_1-method,
-          no-tls1_2-method,
-          no-tls1-method,
-          enable-trace,
-          no-ubsan,
-          no-ui-console,
-          enable-unit-test,
-          no-uplink,
-          no-weak-ssl-ciphers,
-          no-whirlpool,
-          enable-zlib-dynamic,
-          -DOPENSSL_PEDANTIC_ZEROIZATION,
-          -DOPENSSL_PEDANTIC_ZEROIZATION enable-fips,
-          -DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING,
-          -DSSL3_ALIGN_PAYLOAD=4,
-          -DOPENSSL_TLS_SECURITY_LEVEL=0
-        ]
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: CC=clang ./config --strict-warnings  --banner=Configured --strict-warnings ${{ matrix.opt }}
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  run-checker-sctp:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Install Dependencies for sctp option
-      run:  |
-        sudo apt-get update
-        sudo apt-get -yq install lksctp-tools libsctp-dev
-
-    - name: Check SCTP and enable auth
-      id: sctp_auth
-      continue-on-error: true
-      run:  |
-        checksctp
-        sudo sysctl -w net.sctp.auth_enable=1
-
-    - name: config
-      if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
-      run: CC=clang ./config --strict-warnings --banner=Configured enable-sctp
-
-    - name: config dump
-      if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
-      run: ./configdata.pm --dump
-
-    - name: make
-      if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
-      run: make -s -j4
-
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-
-    - name: make test
-      if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  enable_brotli_dynamic:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install brotli
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --strict-warnings enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  enable_zstd_dynamic:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install zstd
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --strict-warnings enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  enable_brotli_and_zstd_dynamic:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install brotli and zstd
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --strict-warnings enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  enable_brotli_and_asan_ubsan:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install brotli
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: ./config --strict-warnings --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
-
-  enable_zstd_and_asan_ubsan:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install zstd
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: ./config --strict-warnings --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
-
-  enable_tfo:
-    strategy:
-      matrix:
-        os: [ ubuntu-latest, macos-13, macos-14 ]
-    runs-on: ${{matrix.os}}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: CC=gcc ./config --strict-warnings --banner=Configured enable-tfo && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  enable_buildtest:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --strict-warnings --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips -D_DEFAULT_SOURCE && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  memory_sanitizer_slh_dsa:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
-      run: CC=clang ./config --strict-warnings --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
--- a/.github/workflows/run-checker-merge.yml
+++ b/.github/workflows/run-checker-merge.yml
@@ -1,107 +0,0 @@
-# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Run-checker merge
-# Jobs run per merge to master
-
-on: [push]
-permissions:
-  contents: read
-
-jobs:
-  run-checker:
-    strategy:
-      fail-fast: false
-      matrix:
-        opt: [
-          enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
-          no-dso,
-          no-dynamic-engine,
-          no-ec2m enable-fips,
-          no-engine no-shared,
-          no-err,
-          no-filenames,
-          enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
-          no-module,
-          no-ocsp,
-          no-pinshared,
-          no-srp,
-          no-srtp,
-          no-ts,
-          no-integrity-only-ciphers,
-          enable-weak-ssl-ciphers,
-          enable-zlib,
-          enable-pie,
-        ]
-    runs-on: ubuntu-latest
-    steps:
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: CC=clang ./config --strict-warnings --banner=Configured ${{ matrix.opt }}
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  jitter:
-    runs-on: ubuntu-latest
-    steps:
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout jitter
-      uses: actions/checkout@v4
-      with:
-        repository: smuellerDD/jitterentropy-library
-        ref: v3.5.0
-        path: jitter
-    - name: build jitter
-      run: make -C jitter/
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --with-rand-seed=none enable-jitter enable-fips-jitter --with-jitter-include=jitter/ --with-jitter-lib=jitter/ -DOPENSSL_DEFAULT_SEED_SRC=JITTER && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  threads_sanitizer_atomic_fallback:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: CC=clang ./config --strict-warnings --banner=Configured no-shared no-fips -g -fsanitize=thread -DBROKEN_CLANG_ATOMICS && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"
--- a/.github/workflows/run_quic_interop.yml
+++ b/.github/workflows/run_quic_interop.yml
@@ -1,71 +0,0 @@
-name: "Run openssl quic interop testing"
-
-on:
-  workflow_run:
-    workflows: ["Build openssl interop container from master"]
-    types: [completed]
-  workflow_dispatch:
-
-jobs:
-  run_quic_interop_openssl_client:
-    strategy:
-      matrix:
-        tests: [http3, transfer, handshake, retry, chacha20, resumption, multiplexing, ipv6]
-        servers: [quic-go, ngtcp2, mvfst, quiche, nginx, msquic, haproxy]
-        exclude:
-          - servers: msquic
-            tests: retry
-      fail-fast: false
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-         repository: 'quic-interop/quic-interop-runner'
-         fetch-depth: 0
-      - name: Install dependencies
-        run: |
-          pip install -r requirements.txt
-          sudo add-apt-repository ppa:wireshark-dev/stable
-          sudo apt-get update
-          sudo apt-get install -y tshark
-      - name: Patch implementations file
-        run: |
-          jq '.openssl = { image: "quay.io/openssl-ci/openssl-quic-interop"
-                         , url: "https://github.com/openssl/openssl"
-                         , role: "both"
-                         }' ./implementations.json > ./implementations.tmp
-          mv ./implementations.tmp implementations.json
-      - name: "run interop with openssl client"
-        run: |
-          python3 ./run.py -c openssl -t ${{ matrix.tests }} -s ${{ matrix.servers }} --log-dir ./logs-client -d
-  run_quic_interop_openssl_server:
-    strategy:
-      matrix:
-        tests: [http3, transfer, handshake, retry, chacha20, resumption, amplificationlimit, ipv6]
-        clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl, chrome]
-        exclude:
-          - clients: mvfst
-            tests: amplificationlimit
-      fail-fast: false
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-         repository: 'quic-interop/quic-interop-runner'
-         fetch-depth: 0
-      - name: Install dependencies
-        run: |
-          pip install -r requirements.txt
-          sudo add-apt-repository ppa:wireshark-dev/stable
-          sudo apt-get update
-          sudo apt-get install -y tshark
-      - name: Patch implementations file
-        run: |
-          jq '.openssl = { image: "quay.io/openssl-ci/openssl-quic-interop"
-                         , url: "https://github.com/openssl/openssl"
-                         , role: "both"
-                         }' ./implementations.json > ./implementations.tmp
-          mv ./implementations.tmp implementations.json
-      - name: "run interop with openssl server"
-        run: |
-          python3 ./run.py -s openssl -t ${{ matrix.tests }} -c ${{ matrix.clients }} --log-dir ./logs-server -d
--- a/.github/workflows/static-analysis-on-prem.yml
+++ b/.github/workflows/static-analysis-on-prem.yml
@@ -1,40 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Static Analysis On Prem
-
-on:
-  schedule:
-    - cron:  '25 02 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  coverity-analysis:
-    if: github.repository == 'openssl/openssl'
-    runs-on: ubuntu-latest
-    container: quay.io/openssl-ci/coverity-analysis:2024.3.1
-    steps:
-    - name: Put license
-      run: echo ${{ secrets.COVERITY_LICENSE }} | base64 -d > /opt/coverity-analysis/bin/license.dat
-    - name: Put auth key file
-      run: |
-        echo ${{ secrets.COVERITY_AUTH_KEY }} | base64 -d > /auth_key_file.txt
-        chmod 0600 /auth_key_file.txt
-    - uses: actions/checkout@v4
-    - name: Config
-      run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
-    - name: Config dump
-      run: ./configdata.pm --dump
-    - name: Make
-      run: cov-build --dir cov-int make -s -j4
-    - name: Analyze
-      run: cov-analyze --dir cov-int --strip-path $(pwd)
-    - name: Commit defects
-      run: cov-commit-defects --url https://coverity.openssl.org:443 --stream OpenSSL --dir cov-int --auth-key-file /auth_key_file.txt
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -1,47 +0,0 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Static Analysis
-
-#Run once a day
-on:
-  schedule:
-    - cron:  '20 02 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  coverity:
-    if: github.repository == 'openssl/openssl'
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: tool download
-      run: |
-        wget https://scan.coverity.com/download/linux64 \
-             --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
-             --progress=dot:giga -O coverity_tool.tgz
-    - name: config
-      run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: tool install
-      run: tar xzf coverity_tool.tgz
-    - name: make
-      run: ./cov-analysis*/bin/cov-build --dir cov-int make -s -j4
-    - name: archive
-      run: tar czvf openssl.tgz cov-int
-    - name: Coverity upload
-      run: |
-        curl --form token="${{ secrets.COVERITY_TOKEN }}" \
-             --form email=openssl-commits@openssl.org \
-             --form file=@openssl.tgz \
-             --form version="`date -u -I` `git rev-parse --short HEAD`" \
-             --form description="analysis of `git branch --show-current`" \
-             https://scan.coverity.com/builds?project=openssl%2Fopenssl
--- a/.github/workflows/style-checks.yml
+++ b/.github/workflows/style-checks.yml
@@ -1,52 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Coding style validation 
-
-on: [pull_request]
-
-env:
-  PR_NUMBER: ${{ github.event.number }}
-  GH_TOKEN: ${{ github.token }}
-
-permissions:
-  contents: read
-
-jobs:
-  check-style:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-        path: openssl
-    - name: check style for each commit 
-      working-directory: openssl
-      shell: bash
-      run: |
-        ERRORS_FOUND=0
-        git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF
-        REFSTART=$(git rev-parse $GITHUB_BASE_REF)
-        REFEND=$(git rev-parse HEAD)
-        echo "Checking from $REFSTART to $REFEND"
-        echo "::group::Style report for commits $REFSTART..$REFEND"
-        set +e
-        ./util/check-format-commit.sh $REFSTART..$REFEND
-        if [ $? -ne 0 ]
-        then
-          ERRORS_FOUND=1
-        fi
-        set -e
-        echo "::endgroup::"
-        SKIP_TEST=$(gh pr view $PR_NUMBER --json labels --jq '.labels[] | select(.name == "style: waived") | .name')
-        if [ -z "$SKIP_TEST" ]
-        then
-          exit $ERRORS_FOUND
-        else
-          echo "PR $PR_NUMBER is marked with style: waived, waiving style check errors"
-          exit 0
-        fi
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -1,203 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Windows GitHub CI
-
-on: [pull_request, push]
-
-permissions:
-  contents: read
-
-jobs:
-  shared:
-    # Run a job for each of the specified target architectures:
-    strategy:
-      matrix:
-        platform:
-          - arch: win64
-            os: windows-2019
-            config: enable-fips
-          - arch: win64
-            os: windows-2022
-            config: enable-fips no-thread-pool no-quic
-          - arch: win32
-            os: windows-2022
-            config: --strict-warnings no-fips
-    runs-on: ${{ matrix.platform.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-      with:
-        arch: ${{ matrix.platform.arch }}
-    - name: install nasm
-      run: |
-        choco install nasm ${{ matrix.platform.arch == 'win32' && '--x86' || '' }}
-        "C:\Program Files${{ matrix.platform.arch == 'win32' && ' (x86)' || '' }}\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: config
-      working-directory: _build
-      run: |
-        perl ..\Configure --banner=Configured no-makedepend -DOSSL_WINCTX=openssl ${{ matrix.platform.config }}
-        perl configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake /S
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: Gather openssl version info
-      working-directory: _build
-      run: |
-        apps/openssl.exe version -v
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
-        echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-    - name: Set registry keys
-      working-directory: _build
-      run: |
-        echo ${Env:OSSL_VERSION}
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
-    - name: get cpu info
-      working-directory: _build
-      continue-on-error: true
-      run: |
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        ./apps/openssl.exe version -c
-    - name: Check platform symbol usage
-      working-directory: _build
-      run: perl ../util/checkplatformsyms.pl ../util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
-    - name: test
-      working-directory: _build
-      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
-    - name: install
-      # Run on 64 bit only as 32 bit is slow enough already
-      if: ${{ matrix.platform.arch == 'win64' }}
-      run: |
-        mkdir _dest
-        nmake install DESTDIR=_dest
-      working-directory: _build
-  plain:
-    strategy:
-      matrix:
-        os:
-# Reducing CI footprint  - windows-2019
-          - windows-2022
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: config
-      working-directory: _build
-      run: |
-        perl ..\Configure --banner=Configured enable-demos no-makedepend no-shared no-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-crypto-mdebug -DOSSL_WINCTX=openssl VC-WIN64A-masm
-        perl configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake /S
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: get cpu info
-      working-directory: _build
-      continue-on-error: true
-      run: |
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        ./apps/openssl.exe version -c
-    - name: test
-      working-directory: _build
-      run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4
-  minimal:
-    strategy:
-      matrix:
-        os:
-          - windows-2019
-# Reducing CI footprint  - windows-2022
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: config
-      working-directory: _build
-      run: |
-        perl ..\Configure --banner=Configured enable-demos no-makedepend no-bulk no-deprecated no-fips no-asm no-threads -DOPENSSL_SMALL_FOOTPRINT -DOSSL_WINCTX=openssl
-        perl configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake # verbose, so no /S here
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: get cpu info
-      working-directory: _build
-      continue-on-error: true
-      run: |
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        ./apps/openssl.exe version -c
-    - name: test
-      working-directory: _build
-      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
-  cygwin:
-    # Run a job for each of the specified target architectures:
-    strategy:
-      matrix:
-        os:
-          - windows-2019
-# really worth while running, too? cygwin should mask this
-#          - windows-2022
-        platform:
-          - arch: win64
-            config: -DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips
-# are we really learning sth new from win32? So let's save some CO2 for now disabling this
-#          - arch: win32
-#            config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips
-    runs-on: ${{ matrix.os }}
-    env:
-      CYGWIN_NOWINPATH: 1
-      SHELLOPTS: igncr
-# Don't overwhelm github CI VMs:
-      MAKE_PARAMS: -j 4
-    steps:
-# Checkout before cygwin can mess with PATH...
-    - uses: actions/checkout@v4
-    - uses: cygwin/cygwin-install-action@master
-      with:
-         packages: perl git make gcc-core
-    - name: Check repo
-      run: cygcheck -V
-    - name: Full cygcheck status
-      run: cygcheck -s -v -r -h
-# Activate this if checkout action fails:
-#    - name: Clone repo
-#      run: bash -c "pwd && git clone --branch ${{ github.ref_name }} --depth 1 https://github.com/${{ github.repository }}.git"
-    - name: Full build
-      run: bash -c "gcc --version && ./config ${{ matrix.platform.config }} && make $MAKE_PARAMS"
-# Disable testing for now. TBD: Need local cygwin installation to debug .
-#    - name: Run openssl tests
-#      run: bash -c "cd openssl && make V=1 test"
--- a/.github/workflows/windows_comp.yml
+++ b/.github/workflows/windows_comp.yml
@@ -1,143 +0,0 @@
-# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Windows Compression GitHub CI
-
-on:
-  pull_request:
-    paths:
-      - 'crypto/comp/*.c'
-      - '.github/workflows/windows_comp.yml'
-  push:
-    paths:
-      - '**.c'
-
-permissions:
-  contents: read
-
-jobs:
-  zstd:
-    runs-on: windows-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-    - name: install nasm
-      run: |
-        choco install nasm
-        "C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: Get zstd
-      working-directory: _build
-      run: |
-        vcpkg install zstd:x64-windows
-    - name: config
-      working-directory: _build
-      run: |
-        perl ..\Configure enable-comp enable-zstd --with-zstd-include=C:\vcpkg\packages\zstd_x64-windows\include --with-zstd-lib=C:\vcpkg\packages\zstd_x64-windows\lib\zstd.lib no-makedepend -DOSSL_WINCTX=openssl VC-WIN64A
-        perl configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake
-    - name: Gather openssl version info
-      working-directory: _build
-      run: |
-        $env:Path+=";C:\vcpkg\packages\zstd_x64-windows\bin"
-        apps/openssl.exe version -v
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
-        echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-    - name: Set registry keys
-      working-directory: _build
-      run: |
-        echo ${Env:OSSL_VERSION}
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: get cpu info
-      working-directory: _build
-      continue-on-error: true
-      run: |
-        $env:Path+=";C:\vcpkg\packages\zstd_x64-windows\bin"
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        ./apps/openssl.exe version -c
-    - name: Check platform symbol usage
-      run: |
-        perl ./util/checkplatformsyms.pl ./util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
-    - name: test
-      working-directory: _build
-      run: |
-        $env:Path+=";C:\vcpkg\packages\zstd_x64-windows\bin"
-        nmake test VERBOSE_FAILURE=yes TESTS="-test_fuzz* -test_fipsload" HARNESS_JOBS=4
-  brotli:
-    runs-on: windows-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-    - name: install nasm
-      run: |
-        choco install nasm
-        "C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: Get brotli
-      working-directory: _build
-      run: |
-        vcpkg install brotli:x64-windows
-    - name: config
-      working-directory: _build
-      run: |
-        perl ..\Configure enable-comp enable-brotli --with-brotli-include=C:\vcpkg\packages\brotli_x64-windows\include --with-brotli-lib=C:\vcpkg\packages\brotli_x64-windows\lib no-makedepend -DOSSL_WINCTX=openssl VC-WIN64A
-        perl configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake
-    - name: Gather openssl version info
-      working-directory: _build
-      run: |
-        $env:Path+=";C:\vcpkg\packages\brotli_x64-windows\bin"
-        apps/openssl.exe version -v
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
-        echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-    - name: Set registry keys
-      working-directory: _build
-      run: |
-        echo ${Env:OSSL_VERSION}
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: get cpu info
-      working-directory: _build
-      continue-on-error: true
-      run: |
-        $env:Path+=";C:\vcpkg\packages\brotli_x64-windows\bin"
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        ./apps/openssl.exe version -c
-    - name: test
-      working-directory: _build
-      run: |
-        $env:Path+=";C:\vcpkg\packages\brotli_x64-windows\bin"
-        nmake test VERBOSE_FAILURE=yes TESTS="-test_fuzz* -test_fipsload" HARNESS_JOBS=4
--- a/.gitignore
+++ b/.gitignore
@@ -2,24 +2,22 @@
 /.dir-locals.el

 # Top level excludes
-/Makefile.in
-/Makefile
+/Makefile.orig
 /MINFO
 /TABLE
+/*.a
+/*.pc
 /rehash.time
 /inc.*
 /makefile.*
 /out.*
 /tmp.*
 /configdata.pm
-/builddata.pm
-/installdata.pm

-# Exporters
-/*.pc
-/OpenSSLConfig*.cmake
-/exporters/*.pc
-/exporters/OpenSSLConfig*.cmake
+# *all* Makefiles
+Makefile
+# ... except in demos
+!/demos/*/Makefile

 # Links under apps
 /apps/CA.pl
@@ -29,69 +27,9 @@

 # Auto generated headers
 /crypto/buildinf.h
-/include/crypto/*_conf.h
-/include/openssl/asn1.h
-/include/openssl/asn1t.h
-/include/openssl/bio.h
-/include/openssl/cmp.h
-/include/openssl/cms.h
-/include/openssl/comp.h
-/include/openssl/conf.h
-/include/openssl/configuration.h
-/include/openssl/crmf.h
-/include/openssl/crypto.h
-/include/openssl/ct.h
-/include/openssl/err.h
-/include/openssl/ess.h
-/include/openssl/fipskey.h
-/include/openssl/lhash.h
-/include/openssl/ocsp.h
-/include/openssl/opensslv.h
-/include/openssl/pkcs12.h
-/include/openssl/pkcs7.h
-/include/openssl/safestack.h
-/include/openssl/srp.h
-/include/openssl/ssl.h
-/include/openssl/ui.h
-/include/openssl/x509.h
-/include/openssl/x509v3.h
-/include/openssl/x509_acert.h
-/include/openssl/x509_vfy.h
-/include/openssl/core_names.h
-/include/internal/param_names.h
-
-# Auto generated parameter name files
-/crypto/params_idx.c
-
-# Auto generated doc files
-doc/man1/openssl-*.pod
-
-# Auto generated der files
-providers/common/der/der_slh_dsa_gen.c
-providers/common/der/der_digests_gen.c
-providers/common/der/der_dsa_gen.c
-providers/common/der/der_ec_gen.c
-providers/common/der/der_ecx_gen.c
-providers/common/der/der_rsa_gen.c
-providers/common/der/der_wrap_gen.c
-providers/common/der/der_sm2_gen.c
-providers/common/der/der_ml_dsa_gen.c
-providers/common/include/prov/der_slh_dsa.h
-providers/common/include/prov/der_dsa.h
-providers/common/include/prov/der_ec.h
-providers/common/include/prov/der_ecx.h
-providers/common/include/prov/der_rsa.h
-providers/common/include/prov/der_digests.h
-providers/common/include/prov/der_wrap.h
-providers/common/include/prov/der_sm2.h
-providers/common/include/prov/der_ml_dsa.h
-
-# error code files
-/crypto/err/openssl.txt.old
-/engines/e_afalg.txt.old
-/engines/e_capi.txt.old
-/engines/e_dasync.txt.old
-/engines/e_ossltest.txt.old
+/crypto/include/internal/*_conf.h
+/openssl/include/opensslconf.h
+/util/domd

 # Executables
 /apps/openssl
@@ -112,86 +50,15 @@ providers/common/include/prov/der_ml_dsa.h
 /test/ssltest_old
 /test/x509aux
 /test/v3ext
-/test/versions
-/test/ossl_shim/ossl_shim
-/test/rsa_complex
-/test/confdump
-/test/bio_prefix_text
-/test/evp_extra_test2
-/test/evp_pkey_ctx_new_from_name
-/test/threadstest_fips
-/test/timing_load_creds
-
-# Demo applications
-/demos/bio/client-arg
-/demos/bio/client-conf
-/demos/bio/saccept
-/demos/bio/sconnect
-/demos/bio/server-arg
-/demos/bio/server-cmod
-/demos/bio/server-conf
-/demos/cipher/aesccm
-/demos/cipher/aesgcm
-/demos/cipher/aeskeywrap
-/demos/cipher/ariacbc
-/demos/cms/cms_comp
-/demos/cms/cms_ddec
-/demos/cms/cms_dec
-/demos/cms/cms_denc
-/demos/cms/cms_enc
-/demos/cms/cms_sign
-/demos/cms/cms_sign2
-/demos/cms/cms_uncomp
-/demos/cms/cms_ver
-/demos/digest/BIO_f_md
-/demos/digest/EVP_MD_demo
-/demos/digest/EVP_MD_stdin
-/demos/digest/EVP_MD_xof
-/demos/encode/ec_encode
-/demos/encode/rsa_encode
-/demos/encrypt/rsa_encrypt
-/demos/guide/quic-client-block
-/demos/guide/quic-client-non-block
-/demos/guide/quic-hq-interop
-/demos/guide/quic-multi-stream
-/demos/guide/tls-client-block
-/demos/guide/tls-client-non-block
-/demos/http3/libnghttp3.pc
-/demos/http3/nghttp3/
-/demos/http3/ossl-nghttp3-demo
-/demos/kdf/argon2
-/demos/kdf/hkdf
-/demos/kdf/pbkdf2
-/demos/kdf/scrypt
-/demos/keyexch/x25519
-/demos/mac/cmac-aes256
-/demos/mac/gmac
-/demos/mac/hmac-sha512
-/demos/mac/poly1305
-/demos/pkey/EVP_PKEY_DSA_keygen
-/demos/pkey/EVP_PKEY_DSA_paramfromdata
-/demos/pkey/EVP_PKEY_DSA_paramgen
-/demos/pkey/EVP_PKEY_DSA_paramvalidate
-/demos/pkey/EVP_PKEY_EC_keygen
-/demos/pkey/EVP_PKEY_RSA_keygen
-/demos/signature/EVP_DSA_Signature_demo
-/demos/signature/EVP_EC_Signature_demo
-/demos/signature/EVP_ED_Signature_demo
-/demos/signature/rsa_pss_direct
-/demos/signature/rsa_pss_hash
-/demos/smime/smdec
-/demos/smime/smenc
-/demos/smime/smsign
-/demos/smime/smsign2
-/demos/smime/smver
-/demos/sslecho/sslecho

 # Certain files that get created by tests on the fly
-/test-runs
+/test/*.ss
+/test/*.srl
+/test/.rnd
+/test/test*.pem
+/test/newkey.pem
+/test/*.log
 /test/buildtest_*
-/test/provider_internal_test.cnf
-/test/fipsmodule.cnf
-/providers/fipsmodule.cnf

 # Fuzz stuff.
 # Anything without an extension is an executable on Unix, so we keep files
@@ -204,20 +71,14 @@ providers/common/include/prov/der_ml_dsa.h
 !/fuzz/*.*

 # Misc auto generated files
-/doc/man7/openssl_user_macros.pod
+/include/openssl/opensslconf.h
 /tools/c_rehash
 /tools/c_rehash.pl
 /util/shlib_wrap.sh
-/util/wrap.pl
 /tags
 /TAGS
-*.map
-*.ld
-/apps/progs.c
-/apps/progs.h
-
-# macOS
-.DS_Store
+/crypto.map
+/ssl.map

 # Windows (legacy)
 /tmp32
@@ -230,6 +91,7 @@ providers/common/include/prov/der_ml_dsa.h
 /out32dll.dbg
 /inc32
 /MINFO
+/ms/.rnd
 /ms/bcb.mak
 /ms/libeay32.def
 /ms/nt.mak
@@ -239,6 +101,7 @@ providers/common/include/prov/der_ml_dsa.h

 # Files created on other branches that are not held in git, and are not
 # needed on this branch
+/include/openssl/asn1_mac.h
 /include/openssl/des_old.h
 /include/openssl/fips.h
 /include/openssl/fips_rand.h
@@ -262,10 +125,6 @@ providers/common/include/prov/der_ml_dsa.h
 /test/fips_test_suite.c
 /test/shatest.c

-# Generated docs directories
-/doc/html
-/doc/man
-
 ##### Generic patterns
 # Auto generated assembly language source files
 *.s
@@ -288,8 +147,7 @@ providers/common/include/prov/der_ml_dsa.h
 # Certificate symbolic links
 *.0

-# All kinds of libraries and executables
-*.a
+# All kinds of executables
 *.so
 *.so.*
 *.dylib
@@ -301,7 +159,6 @@ providers/common/include/prov/der_ml_dsa.h
 *.exp
 *.lib
 *.pdb
-*.tds
 *.ilk
 *.def
 *.rc
@@ -315,15 +172,7 @@ Makefile.save
 *.bak
 cscope.*
 *.d
-!.ctags.d
-*.d.tmp
 pod2htmd.tmp
-MAKE0[0-9][0-9][0-9].@@@

 # Windows manifest files
 *.manifest
-doc-nits
-
-# LSP (Language Server Protocol) support
-.cache/
-compile_commands.json
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,37 +0,0 @@
-[submodule "pyca.cryptography"]
-	path = pyca-cryptography
-	url = https://github.com/pyca/cryptography.git
-
-[submodule "krb5"]
-	path = krb5
-	url = https://github.com/krb5/krb5
-
-[submodule "gost-engine"]
-	path = gost-engine
-	url = https://github.com/gost-engine/engine
-	update = rebase
-[submodule "wycheproof"]
-	path = wycheproof
-	url = https://github.com/google/wycheproof
-[submodule "tlsfuzzer"]
-	path = tlsfuzzer
-	url = https://github.com/tlsfuzzer/tlsfuzzer
-[submodule "python-ecdsa"]
-	path = python-ecdsa
-	url = https://github.com/tlsfuzzer/python-ecdsa
-[submodule "tlslite-ng"]
-	path = tlslite-ng
-	url = https://github.com/tlsfuzzer/tlslite-ng
-[submodule "oqs-provider"]
-	path = oqs-provider
-	url = https://github.com/open-quantum-safe/oqs-provider.git
-[submodule "cloudflare-quiche"]
-	path = cloudflare-quiche
-	url = https://github.com/cloudflare/quiche
-[submodule "fuzz/corpora"]
-	path = fuzz/corpora
-	url = https://github.com/openssl/fuzz-corpora
-	branch = main
-[submodule "pkcs11-provider"]
-	path = pkcs11-provider
-	url = https://github.com/latchset/pkcs11-provider.git
--- a/.travis-create-release.sh
+++ b/.travis-create-release.sh
@@ -0,0 +1,11 @@
+#! /bin/sh
+
+# $1 is expected to be $TRAVIS_OS_NAME
+
+./Configure dist
+if [ "$1" == osx ]; then
+    make NAME='_srcdist' TARFILE='_srcdist.tar' \
+         TAR_COMMAND='$(TAR) $(TARFLAGS) -cvf -' tar
+else
+    make TARFILE='_srcdist.tar' NAME='_srcdist' dist
+fi
--- a/.travis.yml
+++ b/.travis.yml
@@ -0,0 +1,140 @@
+language: c
+cache: ccache
+
+before_install:
+    - pip install --user cpp-coveralls
+
+addons:
+    apt:
+        packages:
+            - ccache
+            - clang-3.6
+            - gcc-5
+            - binutils-mingw-w64
+            - gcc-mingw-w64
+            - wine
+        sources:
+            - llvm-toolchain-precise-3.6
+            - ubuntu-toolchain-r-test
+
+os:
+    - linux
+    - osx
+
+compiler:
+    - clang
+    - gcc
+
+env:
+    - CONFIG_OPTS="" DESTDIR="_install"
+    - CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 enable-md2"
+    - CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
+    - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
+    - CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes"
+
+matrix:
+    include:
+        - os: linux
+          compiler: clang-3.6
+          env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
+        - os: linux
+          compiler: gcc
+          env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes"
+        - os: linux
+          compiler: clang-3.6
+          env: CONFIG_OPTS="enable-asan"
+        - os: linux
+          compiler: clang-3.6
+          env: CONFIG_OPTS="enable-msan"
+        - os: linux
+          compiler: clang-3.6
+          env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
+        - os: linux
+          compiler: clang-3.6
+          env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
+        - os: linux
+          compiler: clang-3.6
+          env: CONFIG_OPTS="no-stdio"
+        - os: linux
+          compiler: gcc-5
+          env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
+        - os: linux
+          compiler: i686-w64-mingw32-gcc
+          env: CONFIG_OPTS="no-pic"
+        - os: linux
+          compiler: i686-w64-mingw32-gcc
+          env: CONFIG_OPTS="no-stdio"
+        - os: linux
+          compiler: x86_64-w64-mingw32-gcc
+          env: CONFIG_OPTS="no-pic"
+        - os: linux
+          compiler: x86_64-w64-mingw32-gcc
+          env: CONFIG_OPTS="no-stdio"
+    exclude:
+        - os: linux
+          compiler: clang
+        - os: osx
+          compiler: gcc
+
+before_script:
+    - if [ -n "$DESTDIR" ]; then
+          sh .travis-create-release.sh $TRAVIS_OS_NAME;
+          tar -xvzf _srcdist.tar.gz;
+          mkdir _build;
+          cd _build;
+          srcdir=../_srcdist;
+          top=..;
+      else
+          srcdir=.;
+          top=.;
+      fi
+    - if [ "$CC" == i686-w64-mingw32-gcc ]; then
+          export CROSS_COMPILE=${CC%%gcc}; unset CC;
+          $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
+      elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
+          export CROSS_COMPILE=${CC%%gcc}; unset CC;
+          $srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
+      else
+          if which ccache >/dev/null && [ "$CC" != clang-3.6 ]; then
+              CC="ccache $CC";
+          fi;
+          $srcdir/config -v $CONFIG_OPTS;
+      fi
+    - cd $top
+
+script:
+    - if [ -z "$BUILDONLY" ]; then
+          make="make -s";
+      else
+          make="make";
+      fi
+    - if [ -n "$DESTDIR" ]; then
+          cd _build;
+          top=..;
+      else
+          top=.;
+      fi
+    - $make update
+    - $make
+    - if [ -z "$BUILDONLY" ]; then
+          if [ -n "$CROSS_COMPILE" ]; then
+              export EXE_SHELL="wine" WINEPREFIX=`pwd`;
+          fi;
+          HARNESS_VERBOSE=yes make test;
+      else
+          $make build_tests;
+      fi
+    - if [ -n "$DESTDIR" ]; then
+          mkdir "../$DESTDIR";
+          $make install install_docs DESTDIR="../$DESTDIR";
+      fi
+    - cd $top
+
+after_success:
+    - if [ -n "$COVERALLS" ]; then
+          coveralls -b . --gcov-options '\-lp';
+      fi;
+
+notifications:
+    email:
+        secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="
--- a/2
+++ b/2
@@ -0,0 +1,2 @@
+Please https://www.openssl.org/community/thanks.html for the current
+acknowledgements.
--- a/ACKNOWLEDGEMENTS.md
+++ b/ACKNOWLEDGEMENTS.md
@@ -1,6 +0,0 @@
-Acknowledgements
-================
-
-Please see our [Thanks!][] page for the current acknowledgements.
-
-[Thanks!]: https://www.openssl.org/community/thanks.html
--- a/21
+++ b/21
@@ -0,0 +1,21 @@
+    Andy Polyakov
+    Ben Laurie
+    Bodo Möller
+    Emilia Käsper
+    Eric Young
+    Geoff Thorpe
+    Holger Reif
+    Kurt Roeckx
+    Lutz Jänicke
+    Mark J. Cox
+    Matt Caswell
+    Nils Larsch
+    Paul C. Sutton
+    Ralf S. Engelschall
+    Rich Salz
+    Richard Levitte
+    Stephen Henson
+    Steve Marquess
+    Tim Hudson
+    Ulf Möller
+    Viktor Dukhovni
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -1,53 +0,0 @@
-Authors
-=======
-
-This is the list of OpenSSL authors for copyright purposes.
-It does not necessarily list everyone who has contributed code,
-since in some cases, their employer may be the copyright holder.
-To see the full list of contributors, see the revision history in
-source control.
-
-Groups
------
-
- * OpenSSL Software Services, Inc.
- * OpenSSL Software Foundation, Inc.
- * Google LLC
-
-Individuals
-----------
-
- * Andy Polyakov
- * Ben Laurie
- * Ben Kaduk
- * Bernd Edlinger
- * Bodo Möller
- * David Benjamin
- * David von Oheimb
- * Dmitry Belyavskiy (Дмитрий Белявский)
- * Emilia Käsper
- * Eric Young
- * Geoff Thorpe
- * Holger Reif
- * Kurt Roeckx
- * Lutz Jänicke
- * Mark J. Cox
- * Matt Caswell
- * Matthias St. Pierre
- * Nicola Tuveri
- * Nils Larsch
- * Patrick Steuer
- * Paul Dale
- * Paul C. Sutton
- * Paul Yang
- * Ralf S. Engelschall
- * Rich Salz
- * Richard Levitte
- * Shane Lontis
- * Stephen Henson
- * Steve Marquess
- * Tim Hudson
- * Tomáš Mráz
- * Ulf Möller
- * Valerii Krygin
- * Viktor Dukhovni
--- a/12398
+++ b/12398
--- a/CHANGES.md
+++ b/CHANGES.md
--- a/CODE-OF-CONDUCT.md
+++ b/CODE-OF-CONDUCT.md
@@ -1,6 +0,0 @@
-Code of Conduct
-===============
-
-The OpenSSL [Code of Conduct] is published on the project's website.
-
-[Code of Conduct]: https://www.openssl.org/community/conduct.html
--- a/54
+++ b/54
@@ -0,0 +1,54 @@
+HOW TO CONTRIBUTE PATCHES TO OpenSSL
+------------------------------------
+
+(Please visit https://www.openssl.org/community/getting-started.html for
+other ideas about how to contribute.)
+
+Development is coordinated on the openssl-dev mailing list (see the
+above link or https://mta.openssl.org for information on subscribing).
+If you are unsure as to whether a feature will be useful for the general
+OpenSSL community you might want to discuss it on the openssl-dev mailing
+list first.  Someone may be already working on the same thing or there
+may be a good reason as to why that feature isn't implemented.
+
+To submit a patch, make a pull request on GitHub.  If you think the patch
+could use feedback from the community, please start a thread on openssl-dev
+to discuss it.
+
+Having addressed the following items before the PR will help make the
+acceptance and review process faster:
+
+    1. Anything other than trivial contributions will require a contributor
+    licensing agreement, giving us permission to use your code. See
+    https://www.openssl.org/policies/cla.html for details.
+
+    2.  All source files should start with the following text (with
+    appropriate comment characters at the start of each line and the
+    year(s) updated):
+
+        Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
+
+        Licensed under the OpenSSL license (the "License").  You may not use
+        this file except in compliance with the License.  You can obtain a copy
+        in the file LICENSE in the source distribution or at
+        https://www.openssl.org/source/license.html
+
+    3.  Patches should be as current as possible; expect to have to rebase
+    often. We do not accept merge commits; You will be asked to remove
+    them before a patch is considered acceptable.
+
+    4.  Patches should follow our coding style (see
+    https://www.openssl.org/policies/codingstyle.html) and compile without
+    warnings. Where gcc or clang is available you should use the
+    --strict-warnings Configure option.  OpenSSL compiles on many varied
+    platforms: try to ensure you only use portable features.
+    Clean builds via Travis and AppVeyor are expected, and done whenever
+    a PR is created or updated.
+
+    5.  When at all possible, patches should include tests. These can
+    either be added to an existing test, or completely new.  Please see
+    test/README for information on the test framework.
+
+    6.  New features or changed functionality must include
+    documentation. Please look at the "pod" files in doc/apps, doc/crypto
+    and doc/ssl for examples of our style.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,104 +0,0 @@
-HOW TO CONTRIBUTE TO OpenSSL
-============================
-
-Please visit our [Getting Started] page for other ideas about how to contribute.
-
-  [Getting Started]: <https://openssl-library.org/community/getting-started>
-
-Development is done on GitHub in the [openssl/openssl] repository.
-
-  [openssl/openssl]: <https://github.com/openssl/openssl>
-
-To request a new feature, ask a question, or report a bug,
-please open an [issue on GitHub](https://github.com/openssl/openssl/issues).
-
-To submit a patch or implement a new feature, please open a
-[pull request on GitHub](https://github.com/openssl/openssl/pulls).
-If you are thinking of making a large contribution,
-open an issue for it before starting work, to get comments from the community.
-Someone may be already working on the same thing,
-or there may be special reasons why a feature is not implemented.
-
-To make it easier to review and accept your pull request, please follow these
-guidelines:
-
- 1. Anything other than a trivial contribution requires a [Contributor
-    License Agreement] (CLA), giving us permission to use your code.
-    If your contribution is too small to require a CLA (e.g., fixing a spelling
-    mistake), then place the text "`CLA: trivial`" on a line by itself below
-    the rest of your commit message separated by an empty line, like this:
-
-    ```
-        One-line summary of trivial change
-
-        Optional main body of commit message. It might contain a sentence
-        or two explaining the trivial change.
-
-        CLA: trivial
-    ```
-
-    It is not sufficient to only place the text "`CLA: trivial`" in the GitHub
-    pull request description.
-
-    [Contributor License Agreement]: <https://www.openssl.org/policies/cla.html>
-
-    To amend a missing "`CLA: trivial`" line after submission, do the following:
-
-    ```
-        git commit --amend
-        # add the line, save and quit the editor
-        git push -f [<repository> [<branch>]]
-    ```
-
- 2. All source files should start with the following text (with
-    appropriate comment characters at the start of each line and the
-    year(s) updated):
-
-    ```
-        Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
-
-        Licensed under the Apache License 2.0 (the "License").  You may not use
-        this file except in compliance with the License.  You can obtain a copy
-        in the file LICENSE in the source distribution or at
-        https://www.openssl.org/source/license.html
-    ```
-
- 3. Patches should be as current as possible; expect to have to rebase
-    often. We do not accept merge commits, you will have to remove them
-    (usually by rebasing) before it will be acceptable.
-
- 4. Code provided should follow our [coding style] and [documentation policy]
-    and compile without warnings.
-    There is a [Perl tool](util/check-format.pl) that helps
-    finding code formatting mistakes and other coding style nits.
-    Where `gcc` or `clang` is available, you should use the
-    `--strict-warnings` `Configure` option.  OpenSSL compiles on many varied
-    platforms: try to ensure you only use portable features.
-    Clean builds via GitHub Actions are required. They are started automatically
-    whenever a PR is created or updated by committers.
-
-    [coding style]: https://openssl-library.org/policies/technical/coding-style/
-    [documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/
-
- 5. When at all possible, code contributions should include tests. These can
-    either be added to an existing test, or completely new.  Please see
-    [test/README.md](test/README.md) for information on the test framework.
-
- 6. New features or changed functionality must include
-    documentation. Please look at the `.pod` files in `doc/man[1357]` for
-    examples of our style. Run `make doc-nits` to make sure that your
-    documentation changes are clean.
-
- 7. For user visible changes (API changes, behaviour changes, ...),
-    consider adding a note in [CHANGES.md](CHANGES.md).
-    This could be a summarising description of the change, and could
-    explain the grander details.
-    Have a look through existing entries for inspiration.
-    Please note that this is NOT simply a copy of git-log one-liners.
-    Also note that security fixes get an entry in [CHANGES.md](CHANGES.md).
-    This file helps users get more in-depth information of what comes
-    with a specific release without having to sift through the higher
-    noise ratio in git-log.
-
- 8. Guidelines on how to integrate error output of new crypto library modules
-    can be found in [crypto/err/README.md](crypto/err/README.md).
--- a/Configurations/00-base-templates.conf
+++ b/Configurations/00-base-templates.conf
@@ -1,202 +1,293 @@
 # -*- Mode: perl -*-
-my %targets=(
+%targets=(
    DEFAULTS => {
 	template	=> 1,

 	cflags		=> "",
-	cppflags	=> "",
-	lflags		=> "",
 	defines		=> [],
-	includes	=> [],
-	lib_cflags	=> "",
-	lib_cppflags	=> "",
-	lib_defines	=> [],
 	thread_scheme	=> "(unknown)", # Assume we don't know
 	thread_defines	=> [],

+	apps_aux_src	=> "",
+	cpuid_asm_src	=> "mem_clr.c",
+	uplink_aux_src	=> "",
+	bn_asm_src	=> "bn_asm.c",
+	ec_asm_src	=> "",
+	des_asm_src	=> "des_enc.c fcrypt_b.c",
+	aes_asm_src	=> "aes_core.c aes_cbc.c",
+	bf_asm_src	=> "bf_enc.c",
+	md5_asm_src	=> "",
+	cast_asm_src	=> "c_enc.c",
+	rc4_asm_src	=> "rc4_enc.c rc4_skey.c",
+	rmd160_asm_src	=> "",
+	rc5_asm_src	=> "rc5_enc.c",
+	wp_asm_src	=> "wp_block.c",
+	cmll_asm_src	=> "camellia.c cmll_misc.c cmll_cbc.c",
+	modes_asm_src	=> "",
+	padlock_asm_src	=> "",
+	chacha_asm_src	=> "chacha_enc.c",
+	poly1305_asm_src	=> "",
+
 	unistd		=> "<unistd.h>",
 	shared_target	=> "",
 	shared_cflag	=> "",
 	shared_defines	=> [],
 	shared_ldflag	=> "",
 	shared_rcflag	=> "",
+	shared_extension	=> "",

-	#### Defaults for the benefit of the config targets who don't inherit
-	#### a BASE and assume Unix defaults
-	#### THESE WILL DISAPPEAR IN OpenSSL 1.2
-	build_scheme	=> [ "unified", "unix" ],
-	build_file	=> "Makefile",
-
-	AR		=> "(unused)",
-	ARFLAGS		=> "(unused)",
-	CC		=> "cc",
-	HASHBANGPERL	=> "/usr/bin/env perl",
-	RANLIB		=> sub { which("$config{cross_compile_prefix}ranlib")
-                                     ? "ranlib" : "" },
-	RC		=> "windres",
-
-	#### THESE WILL BE ENABLED IN OpenSSL 1.2
-	#HASHBANGPERL	=> "PERL", # Only Unix actually cares
+        build_scheme    => [ "unified", "unix" ],
+        build_file      => "Makefile",
    },

    BASE_common => {
 	template	=> 1,
-
-	enable		=> [],
-	disable		=> [],
-
 	defines		=>
 	    sub {
-                my @defs = ( 'OPENSSL_BUILDING_OPENSSL' );
-                push @defs, "BROTLI" unless $disabled{brotli};
-                push @defs, "BROTLI_SHARED" unless $disabled{"brotli-dynamic"};
+                my @defs = ();
                push @defs, "ZLIB" unless $disabled{zlib};
                push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
-                push @defs, "ZSTD" unless $disabled{zstd};
-                push @defs, "ZSTD_SHARED" unless $disabled{"zstd-dynamic"};
                return [ @defs ];
            },
-        includes        =>
-            sub {
-                my @incs = ();
-                push @incs, $withargs{jitter_include}
-                    if !$disabled{jitter} && $withargs{jitter_include};
-                push @incs, $withargs{brotli_include}
-                    if !$disabled{brotli} && $withargs{brotli_include};
-                push @incs, $withargs{zlib_include}
-                    if !$disabled{zlib} && $withargs{zlib_include};
-                push @incs, $withargs{zstd_include}
-                    if !$disabled{zstd} && $withargs{zstd_include};
-                return [ @incs ];
-            },
    },

    BASE_unix => {
        inherit_from    => [ "BASE_common" ],
        template        => 1,

-        AR              => "ar",
-        ARFLAGS         => "qc",
-        CC              => "cc",
-        OBJCOPY         => "objcopy",
-        bin_cflags      =>
-            sub {
-                my @flags = ();
-                if (!defined($disabled{pie})) {
-                    push(@flags, "-fPIE");
-                }
-                return join(" ", @flags);
-            },
-        bin_lflags      =>
-            sub {
-                my @flags = ();
-                if (!defined($disabled{pie})) {
-                    push(@flags, "-pie");
-                }
-                return join(" ", @flags);
-            },
-        lflags          =>
-            sub {
-                my @libs = ();
-                push(@libs, "-L".$withargs{jitter_lib}) if $withargs{jitter_lib};
-                push(@libs, "-L".$withargs{zlib_lib}) if $withargs{zlib_lib};
-                push(@libs, "-L".$withargs{brotli_lib}) if $withargs{brotli_lib};
-                push(@libs, "-L".$withargs{zstd_lib}) if $withargs{zstd_lib};
-                return join(" ", @libs);
-            },
        ex_libs         =>
            sub {
-                my @libs = ();
-                push(@libs, "-l:libjitterentropy.a") if !defined($disabled{jitter});
-                push(@libs, "-lz") if !defined($disabled{zlib}) && defined($disabled{"zlib-dynamic"});
-                if (!defined($disabled{brotli}) && defined($disabled{"brotli-dynamic"})) {
-                    push(@libs, "-lbrotlienc");
-                    push(@libs, "-lbrotlidec");
-                    push(@libs, "-lbrotlicommon");
-                    push(@libs, "-lm");
+                unless ($disabled{zlib}) {
+                    if (defined($disabled{"zlib-dynamic"})) {
+                        if (defined($withargs{zlib_lib})) {
+                            return "-L".$withargs{zlib_lib}." -lz";
+                        } else {
+                            return "-lz";
+                        }
+                    }
                }
-                push(@libs, "-lzstd") if !defined($disabled{zstd}) && defined($disabled{"zstd-dynamic"});
-                return join(" ", @libs);
-            },
-        HASHBANGPERL    => "/usr/bin/env perl", # Only Unix actually cares
-        RANLIB          => sub { which("$config{cross_compile_prefix}ranlib")
-                                     ? "ranlib" : "" },
-        RC              => "windres",
+                return (); },

        build_scheme    => [ "unified", "unix" ],
        build_file      => "Makefile",
-
-        perl_platform   => 'Unix',
    },

    BASE_Windows => {
        inherit_from    => [ "BASE_common" ],
        template        => 1,

-        lib_defines      =>
-            sub {
-                my @defs = ();
-                unless ($disabled{"zlib-dynamic"}) {
-                    my $zlib = $withargs{zlib_lib} // "ZLIB1";
-                    push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0];
-                }
-                return [ @defs ];
-            },
        ex_libs         =>
            sub {
-                my @libs = ();
                unless ($disabled{zlib}) {
                    if (defined($disabled{"zlib-dynamic"})) {
-                        push(@libs, $withargs{zlib_lib} // "ZLIB1");
+                        return $withargs{zlib_lib} // "ZLIB1";
                    }
                }
-                unless ($disabled{zstd}) {
-                    if (defined($disabled{"zstd-dynamic"})) {
-                        push(@libs, $withargs{zstd_lib} // "libzstd");
-                    }
-                }
-                unless ($disabled{brotli}) {
-                    if (defined($disabled{"brotli-dynamic"})) {
-                        my $path = "";
-                        if (defined($withargs{brotli_lib})) {
-                            $path = $withargs{brotli_lib} . "\\";
-                        }
-                        push(@libs, $path . "brotlicommon.lib");
-                        push(@libs, $path . "brotlidec.lib");
-                        push(@libs, $path . "brotlienc.lib");
-                    }
-                }
-                return join(" ", @libs);
+                return ();
            },

-        MT              => "mt",
-        MTFLAGS         => "-nologo",
+        ld              => "link",
+        lflags          => "/nologo",
+        loutflag        => "/out:",
+        ar              => "lib",
+        arflags         => "/nologo",
+        aroutflag       => "/out:",
+        rc               => "rc",
+        rcoutflag        => "/fo",
+        mt              => "mt",
+        mtflags         => "-nologo",
        mtinflag        => "-manifest ",
        mtoutflag       => "-outputresource:",

        build_file      => "makefile",
        build_scheme    => [ "unified", "windows" ],
-
-        perl_platform   => 'Windows',
    },

    BASE_VMS => {
        inherit_from    => [ "BASE_common" ],
        template        => 1,

-        includes        =>
-            add(sub {
-                    my @incs = ();
-                    # GNV$ZLIB_INCLUDE is the standard logical name for later
-                    # zlib incarnations.
-                    push @incs, 'GNV$ZLIB_INCLUDE:'
-                        if !$disabled{zlib} && !$withargs{zlib_include};
-                    return [ @incs ];
-                }),
-
        build_file       => "descrip.mms",
        build_scheme     => [ "unified", "VMS" ],
+    },

-        perl_platform    => 'VMS',
+    uplink_common => {
+	template	=> 1,
+	apps_aux_src	=> add("../ms/applink.c"),
+	uplink_aux_src	=> add("../ms/uplink.c"),
+	defines		=> add("OPENSSL_USE_APPLINK"),
+    },
+    x86_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-x86.s"),
+    },
+    x86_64_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-x86_64.s"),
+    },
+    ia64_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-ia64.s"),
+    },
+
+    x86_asm => {
+	template	=> 1,
+	cpuid_asm_src	=> "x86cpuid.s",
+	bn_asm_src	=> "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
+	ec_asm_src	=> "ecp_nistz256.c ecp_nistz256-x86.s",
+	des_asm_src	=> "des-586.s crypt586.s",
+	aes_asm_src	=> "aes-586.s vpaes-x86.s aesni-x86.s",
+	bf_asm_src	=> "bf-586.s",
+	md5_asm_src	=> "md5-586.s",
+	cast_asm_src	=> "cast-586.s",
+	sha1_asm_src	=> "sha1-586.s sha256-586.s sha512-586.s",
+	rc4_asm_src	=> "rc4-586.s",
+	rmd160_asm_src	=> "rmd-586.s",
+	rc5_asm_src	=> "rc5-586.s",
+	wp_asm_src	=> "wp_block.c wp-mmx.s",
+	cmll_asm_src	=> "cmll-x86.s",
+	modes_asm_src	=> "ghash-x86.s",
+	padlock_asm_src	=> "e_padlock-x86.s",
+	chacha_asm_src	=> "chacha-x86.s",
+	poly1305_asm_src=> "poly1305-x86.s",
+    },
+    x86_elf_asm => {
+	template	=> 1,
+	inherit_from	=> [ "x86_asm" ],
+	perlasm_scheme	=> "elf"
+    },
+    x86_64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "x86_64cpuid.s",
+	bn_asm_src      => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-x86_64.s",
+	aes_asm_src     => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
+	md5_asm_src     => "md5-x86_64.s",
+	sha1_asm_src    => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
+	rc4_asm_src     => "rc4-x86_64.s rc4-md5-x86_64.s",
+	wp_asm_src      => "wp-x86_64.s",
+	cmll_asm_src    => "cmll-x86_64.s cmll_misc.c",
+	modes_asm_src   => "ghash-x86_64.s aesni-gcm-x86_64.s",
+	padlock_asm_src => "e_padlock-x86_64.s",
+	chacha_asm_src	=> "chacha-x86_64.s",
+	poly1305_asm_src=> "poly1305-x86_64.s",
+    },
+    ia64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "ia64cpuid.s",
+	bn_asm_src      => "bn-ia64.s ia64-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-ia64.s",
+	md5_asm_src     => "md5-ia64.s",
+	sha1_asm_src    => "sha1-ia64.s sha256-ia64.s sha512-ia64.s",
+	rc4_asm_src     => "rc4-ia64.s rc4_skey.c",
+	modes_asm_src   => "ghash-ia64.s",
+	perlasm_scheme	=> "void"
+    },
+    sparcv9_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "sparcv9cap.c sparccpuid.S",
+	bn_asm_src      => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-sparcv9.S",
+	des_asm_src     => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S aesfx-sparcv9.S",
+	md5_asm_src     => "md5-sparcv9.S",
+	sha1_asm_src    => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S",
+	cmll_asm_src    => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S",
+	modes_asm_src   => "ghash-sparcv9.S",
+	poly1305_asm_src=> "poly1305-sparcv9.S",
+	perlasm_scheme	=> "void"
+    },
+    sparcv8_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "",
+	bn_asm_src      => "asm/sparcv8.S",
+	des_asm_src     => "des_enc-sparc.S fcrypt_b.c",
+	perlasm_scheme	=> "void"
+    },
+    alpha_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "alphacpuid.s",
+	bn_asm_src      => "bn_asm.c alpha-mont.S",
+	sha1_asm_src    => "sha1-alpha.S",
+	modes_asm_src   => "ghash-alpha.S",
+	perlasm_scheme	=> "void"
+    },
+    mips32_asm => {
+	template	=> 1,
+	bn_asm_src      => "bn-mips.s mips-mont.s",
+	aes_asm_src     => "aes_cbc.c aes-mips.S",
+	sha1_asm_src    => "sha1-mips.S sha256-mips.S",
+    },
+    mips64_asm => {
+	inherit_from	=> [ "mips32_asm" ],
+	template	=> 1,
+	sha1_asm_src    => add("sha512-mips.S"),
+	poly1305_asm_src=> "poly1305-mips.S",
+    },
+    s390x_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "s390xcap.c s390xcpuid.S",
+	bn_asm_src      => "asm/s390x.S s390x-mont.S s390x-gf2m.s",
+	aes_asm_src     => "aes-s390x.S aes-ctr.fake aes-xts.fake",
+	sha1_asm_src    => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
+	rc4_asm_src     => "rc4-s390x.s",
+	modes_asm_src   => "ghash-s390x.S",
+	chacha_asm_src  => "chacha-s390x.S",
+	poly1305_asm_src=> "poly1305-s390x.S",
+    },
+    armv4_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "armcap.c armv4cpuid.S",
+	bn_asm_src      => "bn_asm.c armv4-mont.S armv4-gf2m.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-armv4.S",
+	aes_asm_src     => "aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S",
+	sha1_asm_src    => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
+	modes_asm_src   => "ghash-armv4.S ghashv8-armx.S",
+	chacha_asm_src  => "chacha-armv4.S",
+	poly1305_asm_src=> "poly1305-armv4.S", 
+	perlasm_scheme	=> "void"
+    },
+    aarch64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "armcap.c arm64cpuid.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-armv8.S",
+	bn_asm_src      => "bn_asm.c armv8-mont.S",
+	aes_asm_src     => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
+	sha1_asm_src    => "sha1-armv8.S sha256-armv8.S sha512-armv8.S",
+	modes_asm_src   => "ghashv8-armx.S",
+	chacha_asm_src  => "chacha-armv8.S",
+	poly1305_asm_src=> "poly1305-armv8.S",
+    },
+    parisc11_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "pariscid.s",
+	bn_asm_src      => "bn_asm.c parisc-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-parisc.s",
+	sha1_asm_src    => "sha1-parisc.s sha256-parisc.s sha512-parisc.s",
+	rc4_asm_src     => "rc4-parisc.s",
+	modes_asm_src   => "ghash-parisc.s",
+	perlasm_scheme	=> "32"
+    },
+    parisc20_64_asm => {
+	template	=> 1,
+	inherit_from	=> [ "parisc11_asm" ],
+	perlasm_scheme	=> "64",
+    },
+    ppc64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "ppccpuid.s ppccap.c",
+	bn_asm_src      => "bn-ppc.s ppc-mont.s ppc64-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s",
+	sha1_asm_src    => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s",
+	modes_asm_src   => "ghashp8-ppc.s",
+	chacha_asm_src	=> "chacha-ppc.s",
+	poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s",
+    },
+    ppc32_asm => {
+	inherit_from	=> [ "ppc64_asm" ],
+	template	=> 1
    },
 );
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
--- a/Configurations/15-android.conf
+++ b/Configurations/15-android.conf
@@ -1,298 +0,0 @@
-#### Android...
-#
-# See NOTES-Android.md for details, and don't miss platform-specific
-# comments below...
-
-{
-    use File::Spec::Functions;
-
-    my $android_ndk = {};
-    my %triplet = (
-        arm    => "arm-linux-androideabi",
-        arm64  => "aarch64-linux-android",
-        mips   => "mipsel-linux-android",
-        mips64 => "mips64el-linux-android",
-        riscv64 => "riscv64-linux-android",
-        x86    => "i686-linux-android",
-        x86_64 => "x86_64-linux-android",
-    );
-
-    sub android_ndk {
-        unless (%$android_ndk) {
-            if ($now_printing =~ m|^android|) {
-                return $android_ndk = { bn_ops => "BN_AUTO" };
-            }
-
-            my $ndk_var;
-            my $ndk;
-            foreach (qw(ANDROID_NDK_ROOT ANDROID_NDK)) {
-                $ndk_var = $_;
-                $ndk = $ENV{$ndk_var};
-                last if defined $ndk;
-            }
-            die "\$ANDROID_NDK_ROOT is not defined"  if (!$ndk);
-            my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
-            my $ndk_src_props = "$ndk/source.properties";
-            my $is_ndk = -f $ndk_src_props;
-            if ($is_ndk == $is_standalone_toolchain) {
-                die "\$ANDROID_NDK_ROOT=$ndk is invalid";
-            }
-            $ndk = canonpath($ndk);
-
-            my $ndkver = undef;
-
-            if (open my $fh, "<$ndk_src_props") {
-                local $_;
-                while(<$fh>) {
-                    if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
-                        $ndkver = $1;
-                        last;
-                    }
-                }
-                close $fh;
-            }
-
-            my ($sysroot, $api, $arch);
-
-            $config{target} =~ m|[^-]+-([^-]+)$|;	# split on dash
-            $arch = $1;
-
-            if ($sysroot = $ENV{CROSS_SYSROOT}) {
-                $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
-                ($api, $arch) = ($1, $2);
-            } elsif ($is_standalone_toolchain) {
-                $sysroot = "$ndk/sysroot";
-            } else {
-                $api = "*";
-
-                # see if user passed -D__ANDROID_API__=N
-                foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
-                    if (m|__ANDROID_API__=([0-9]+)|) {
-                        $api = $1;
-                        last;
-                    }
-                }
-
-                if (-d "$ndk/platforms") {
-                    # list available platforms (numerically)
-                    my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
-                                           $b =~ m/-([0-9]+)$/; $aa <=> $1;
-                                         } glob("$ndk/platforms/android-$api");
-                    die "no $ndk/platforms/android-$api" if ($#platforms < 0);
-
-                    $sysroot = "@platforms[$#platforms]/arch-$arch";
-                    $sysroot =~ m|/android-([0-9]+)/arch-$arch|;
-                    $api = $1;
-                } elsif ($api eq "*") {
-                    # r22 Removed platforms dir, use this JSON file
-                    my $path = "$ndk/meta/platforms.json";
-                    open my $fh, $path or die "Could not open '$path' $!";
-                    while (<$fh>) {
-                        if (/"max": (\d+),/) {
-                            $api = $1;
-                            last;
-                        }
-                    }
-                    close $fh;
-                }
-                die "Could not get default API Level" if ($api eq "*");
-            }
-            die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);
-
-            my $triarch = $triplet{$arch};
-            my $cflags;
-            my $cppflags;
-
-            # see if there is NDK clang on $PATH, "universal" or "standalone"
-            if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
-                my $host=$1;
-                # harmonize with gcc default
-                my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
-                (my $tridefault = $triarch) =~ s/^arm-/$arm-/;
-                (my $tritools   = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
-                if (length $sysroot) {
-                    $cflags .= " -target $tridefault "
-                            .  "-gcc-toolchain \$($ndk_var)/toolchains"
-                            .  "/$tritools-4.9/prebuilt/$host";
-                    $user{CC} = "clang" if ($user{CC} !~ m|clang|);
-                } else {
-                    $user{CC} = "$tridefault$api-clang";
-                }
-                $user{CROSS_COMPILE} = undef;
-                if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
-                    $user{AR} = "llvm-ar";
-                    $user{ARFLAGS} = [ "rs" ];
-                    $user{RANLIB} = ":";
-                }
-            } elsif ($is_standalone_toolchain) {
-                my $cc = $user{CC} // "clang";
-                # One can probably argue that both clang and gcc should be
-                # probed, but support for "standalone toolchain" was added
-                # *after* announcement that gcc is being phased out, so
-                # favouring clang is considered adequate. Those who insist
-                # have option to enforce test for gcc with CC=gcc.
-                if (which("$triarch-$cc") !~ m|^$ndk|) {
-                    die "no NDK $triarch-$cc on \$PATH";
-                }
-                $user{CC} = $cc;
-                $user{CROSS_COMPILE} = "$triarch-";
-            } elsif ($user{CC} eq "clang") {
-                die "no NDK clang on \$PATH";
-            } else {
-                if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
-                    die "no NDK $triarch-gcc on \$PATH";
-                }
-                $cflags .= " -mandroid";
-                $user{CROSS_COMPILE} = "$triarch-";
-            }
-
-            if (length $sysroot) {
-                if (!-d "$sysroot/usr/include") {
-                    my $incroot = "$ndk/sysroot/usr/include";
-                    die "no $incroot"          if (!-d $incroot);
-                    die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
-                    $incroot =~ s|^$ndk/||;
-                    $cppflags  = "-D__ANDROID_API__=$api";
-                    $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
-                    $cppflags .= " -isystem \$($ndk_var)/$incroot";
-                }
-                $sysroot =~ s|^$ndk/||;
-                $sysroot = " --sysroot=\$($ndk_var)/$sysroot";
-            }
-            $android_ndk = {
-                cflags   => $cflags . $sysroot,
-                cppflags => $cppflags,
-                bn_ops   => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
-                                            : "BN_LLONG",
-            };
-        }
-
-        return $android_ndk;
-    }
-}
-
-my %targets = (
-    "android" => {
-        inherit_from     => [ "linux-generic32" ],
-        template         => 1,
-        ################################################################
-        # Special note about -pie. The underlying reason is that
-        # Lollipop refuses to run non-PIE. But what about older systems
-        # and NDKs? -fPIC was never problem, so the only concern is -pie.
-        # Older toolchains, e.g. r4, appear to handle it and binaries
-        # turn out mostly functional. "Mostly" means that oldest
-        # Androids, such as Froyo, fail to handle executable, but newer
-        # systems are perfectly capable of executing binaries targeting
-        # Froyo. Keep in mind that in the nutshell Android builds are
-        # about JNI, i.e. shared libraries, not applications.
-        cflags           => add(sub { android_ndk()->{cflags} }),
-        cppflags         => add(sub { android_ndk()->{cppflags} }),
-        cxxflags         => add(sub { android_ndk()->{cflags} }),
-        bn_ops           => sub { android_ndk()->{bn_ops} },
-        bin_cflags       => "-fPIE",
-        bin_lflags       => "-pie",
-        enable           => [ ],
-        shared_extension => ".so",
-    },
-    "android-arm" => {
-        ################################################################
-        # Contemporary Android applications can provide multiple JNI
-        # providers in .apk, targeting multiple architectures. Among
-        # them there is "place" for two ARM flavours: generic eabi and
-        # armv7-a/hard-float. However, it should be noted that OpenSSL's
-        # ability to engage NEON is not constrained by ABI choice, nor
-        # is your ability to call OpenSSL from your application code
-        # compiled with floating-point ABI other than default 'soft'.
-        # (Latter thanks to __attribute__((pcs("aapcs"))) declaration.)
-        # This means that choice of ARM libraries you provide in .apk
-        # is driven by application needs. For example if application
-        # itself benefits from NEON or is floating-point intensive, then
-        # it might be appropriate to provide both libraries. Otherwise
-        # just generic eabi would do. But in latter case it would be
-        # appropriate to
-        #
-        #   ./Configure android-arm -D__ARM_MAX_ARCH__=8
-        #
-        # in order to build "universal" binary and allow OpenSSL take
-        # advantage of NEON when it's available.
-        #
-        # Keep in mind that (just like with linux-armv4) we rely on
-        # compiler defaults, which is not necessarily what you had
-        # in mind, in which case you would have to pass additional
-        # -march and/or -mfloat-abi flags. NDK defaults to armv5te.
-        # Newer NDK versions reportedly require additional -latomic.
-        #
-        inherit_from     => [ "android" ],
-        bn_ops           => add("RC4_CHAR"),
-        asm_arch         => 'armv4',
-        perlasm_scheme   => "void",
-    },
-    "android-arm64" => {
-        inherit_from     => [ "android" ],
-        bn_ops           => add("RC4_CHAR"),
-        asm_arch         => 'aarch64',
-        perlasm_scheme   => "linux64",
-    },
-
-    "android-mips" => {
-        inherit_from     => [ "android" ],
-        bn_ops           => add("RC4_CHAR"),
-        asm_arch         => 'mips32',
-        perlasm_scheme   => "o32",
-    },
-    "android-mips64" => {
-        ################################################################
-        # You are more than likely have to specify target processor
-        # on ./Configure command line. Trouble is that toolchain's
-        # default is MIPS64r6 (at least in r10d), but there are no
-        # such processors around (or they are too rare to spot one).
-        # Actual problem is that MIPS64r6 is binary incompatible
-        # with previous MIPS ISA versions, in sense that unlike
-        # prior versions original MIPS binary code will fail.
-        #
-        inherit_from     => [ "android" ],
-        bn_ops           => add("RC4_CHAR"),
-        asm_arch         => 'mips64',
-        perlasm_scheme   => "64",
-    },
-
-    "android-x86" => {
-        inherit_from     => [ "android" ],
-        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
-        bn_ops           => add("RC4_INT"),
-        asm_arch         => 'x86',
-        perlasm_scheme   => "android",
-        ex_libs          => add(threads("-latomic")),
-    },
-    "android-x86_64" => {
-        inherit_from     => [ "android" ],
-        bn_ops           => add("RC4_INT"),
-        asm_arch         => 'x86_64',
-        perlasm_scheme   => "elf",
-    },
-
-    "android-riscv64" => {
-        inherit_from     => [ "android" ],
-        asm_arch         => 'riscv64',
-        perlasm_scheme   => "linux64",
-    },
-
-    ####################################################################
-    # Backward compatible targets, (might) require $CROSS_SYSROOT
-    #
-    "android-armeabi" => {
-        inherit_from     => [ "android-arm" ],
-    },
-    "android64" => {
-        inherit_from     => [ "android" ],
-    },
-    "android64-aarch64" => {
-        inherit_from     => [ "android-arm64" ],
-    },
-    "android64-x86_64" => {
-        inherit_from     => [ "android-x86_64" ],
-    },
-    "android64-mips64" => {
-        inherit_from     => [ "android-mips64" ],
-    },
-);
--- a/Configurations/15-ios.conf
+++ b/Configurations/15-ios.conf
@@ -1,89 +0,0 @@
-#### iPhoneOS/iOS
-#
-# `xcrun` targets require an Xcode that can determine the correct C compiler via
-# `xcrun -sdk iphoneos`. This has been standard in Xcode for a while now - any recent
-# Xcode should do.  If the Xcode on the build machine doesn't support this then use
-# the legacy targets at the end of this file. These require manual definition of
-# environment variables.
-#
-my %targets = (
-    "ios-common" => {
-        template         => 1,
-        inherit_from     => [ "darwin-common" ],
-        sys_id           => "iOS",
-        disable          => [ "async" ],
-    },
-    "ios-xcrun" => {
-        inherit_from     => [ "ios-common" ],
-        # It should be possible to go below iOS 6 and even add -arch armv6,
-        # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
-        # at this point.
-        CC               => "xcrun -sdk iphoneos cc",
-        cflags           => add("-arch armv7 -fno-common"),
-        asm_arch         => 'armv4',
-        perlasm_scheme   => "ios32",
-    },
-    "ios64-xcrun" => {
-        inherit_from     => [ "ios-common" ],
-        CC               => "xcrun -sdk iphoneos cc",
-        cflags           => add("-arch arm64 -fno-common"),
-        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
-        asm_arch         => 'aarch64',
-        perlasm_scheme   => "ios64",
-    },
-    "iossimulator-xcrun" => {
-        inherit_from     => [ "ios-common" ],
-        CC               => "xcrun -sdk iphonesimulator cc",
-    },
-    "iossimulator-arm64-xcrun" => {
-        inherit_from     => [ "ios-common" ],
-        CC               => "xcrun -sdk iphonesimulator cc",
-        cflags           => add("-arch arm64 -fno-common"),
-        bn_ops           => "SIXTY_FOUR_BIT_LONG",
-        asm_arch         => 'aarch64',
-        perlasm_scheme   => "ios64",
-    },
-    "iossimulator-i386-xcrun" => {
-        inherit_from     => [ "ios-common" ],
-        CC               => "xcrun -sdk iphonesimulator cc",
-        cflags           => add("-arch i386 -fno-common"),
-        bn_ops           => "BN_LLONG",
-        asm_arch         => 'x86',
-        perlasm_scheme   => "macosx",
-    },
-    "iossimulator-x86_64-xcrun" => {
-        inherit_from     => [ "ios-common" ],
-        CC               => "xcrun -sdk iphonesimulator cc",
-        cflags           => add("-arch x86_64 -fno-common"),
-        bn_ops           => "SIXTY_FOUR_BIT_LONG",
-        asm_arch         => 'x86_64',
-        perlasm_scheme   => "macosx",
-    },
-# It takes three prior-set environment variables to make it work:
-#
-# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
-# CROSS_TOP=/where/SDKs/are
-# CROSS_SDK=iPhoneOSx.y.sdk
-#
-# Exact paths vary with Xcode releases, but for couple of last ones
-# they would look like this:
-#
-# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
-# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
-# CROSS_SDK=iPhoneOS.sdk
-#
-    "iphoneos-cross" => {
-        inherit_from     => [ "ios-common" ],
-        cflags           => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\" -fno-common"),
-    },
-    "ios-cross" => {
-        inherit_from     => [ "ios-xcrun" ],
-        CC               => "cc",
-        cflags           => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
-    },
-    "ios64-cross" => {
-        inherit_from     => [ "ios64-xcrun" ],
-        CC               => "cc",
-        cflags           => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
-    },
-);
--- a/Configurations/50-cppbuilder.conf
+++ b/Configurations/50-cppbuilder.conf
@@ -1,121 +0,0 @@
-my %targets = (
-    "BC-32" => {
-        inherit_from     => [ "BASE_Windows" ],
-        sys_id           => "WIN32",
-        bn_ops           => "BN_LLONG",
-        thread_scheme    => "winthreads",
-        cc               => "bcc32c",
-        CPP              => "cpp32 -oCON -Sc -Sr",
-        defines          => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN32",
-                                "L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
-                                "_strnicmp=strnicmp", "_malloca=malloc",
-                                "_freea=free", "_setmode=setmode"),
-        cflags           => picker(default => add("-q -c",
-                                                  threads("-tM"),
-                                                  shared("-tR")),
-                                   debug   => "-Od -v -vi- -D_DEBUG",
-                                   release => "-O2"),
-        bin_cflags       => "-tWC",
-        lib_cflags       => shared("-tWD -D_WINDLL -D_DLL"),
-        coutflag         => "-o",
-
-        # -Sx isn't documented, but 'cpp32 -H -S' explains it:
-        #
-        # -Sx     Omit preprocessed text in output
-        makedepcmd       => "cpp32 -oCON -Sx -Hp",
-        makedep_scheme   => "embarcadero",
-
-        LD               => "ilink32",
-        LDFLAGS          => picker(default => "-x -Gn -q -w-dup",
-                                   debug   => '-j"$(BDS)\lib\win32c\debug" ' .
-                                              '-L"$(BDS)\lib\win32c\debug" -v',
-                                   release => '-j"$(BDS)\lib\win32c\release" ' .
-                                              '-L"$(BDS)\lib\win32c\release"'),
-        bin_lflags       => "-ap -Tpe c0x32.obj wildargs.obj",
-        ldoutflag        => ",",
-        ldpostoutflag    => ",,",
-        ld_resp_delim    => " +\n",
-        ex_libs          => add(sub {
-            my @ex_libs = ("import32.lib",
-                           ($disabled{shared}
-                            ? ($disabled{threads} ? "cw32.lib" : "cw32mt.lib")
-                            : ($disabled{threads} ? "cw32i.lib" : "cw32mti.lib")));
-            push @ex_libs, "ws2_32.lib" unless $disabled{sock};
-            return join(" ", @ex_libs);
-        }),
-        AR               => "tlib",
-        ARFLAGS          => "/P256 /N /u",
-        ar_resp_delim    => " &\n",
-        RC               => "brcc32",
-        RCFLAGS          => '-i"$(BDS)\include\windows\sdk"',
-        rcoutflag        => "-fo",
-        shared_target    => "win-shared",
-        shared_ldflag    => "-aa -Tpd c0d32.obj",
-        lddefflag        => ",",
-        ldresflag        => ",",
-        ld_implib_rule   => 'implib -a $< $**',
-        dso_scheme       => "win32",
-        shared_defflag   => '',
-        perl_platform    => 'Windows::cppbuilder',
-        uplink_arch      => 'common',
-    },
-    "BC-64" => {
-        inherit_from     => [ "BASE_Windows" ],
-        sys_id           => "WIN64",
-        bn_ops           => "BN_LLONG",
-        thread_scheme    => "winthreads",
-        cc               => "bcc64",
-        CPP              => "cpp64 -oCON -Sc -Sr",
-        defines          => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN64",
-                                "L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
-                                "_strnicmp=strnicmp", "_setmode=setmode"),
-        cflags           => picker(default => add("-q -c",
-                                                  threads("-tM"),
-                                                  shared("-tR")),
-                                   debug   => "-Od -v -vi- -D_DEBUG",
-                                   release => "-O2"),
-        bin_cflags       => "-tWC",
-        lib_cflags       => shared("-tWD -D_WINDLL -D_DLL"),
-        coutflag         => "-o",
-
-        # -Sx isn't documented, but 'cpp64 -H -S' explains it:
-        #
-        # -Sx     Omit preprocessed text in output
-        makedepcmd       => "cpp64 -oCON -Sx -Hp",
-        makedep_scheme   => "embarcadero",
-
-        LD               => "ilink64",
-        LDFLAGS          => picker(default => "-x -Gn -q -w-dup",
-                                   debug   => '-j"$(BDS)\lib\win64\debug" ' .
-                                              '-L"$(BDS)\lib\win64\debug" -v',
-                                   release => '-j"$(BDS)\lib\win64\release" ' .
-                                              '-L"$(BDS)\lib\win64\release"'),
-        bin_lflags       => "-ap -Tpe c0x64.o wildargs.o",
-        ldoutflag        => ",",
-        ldpostoutflag    => ",,",
-        ld_resp_delim    => " +\n",
-        ex_libs          => add(sub {
-            my @ex_libs = ("import64.a",
-                           ($disabled{shared}
-                            ? ($disabled{threads} ? "cw64.a" : "cw64mt.a")
-                            : ($disabled{threads} ? "cw64i.a" : "cw64mti.a")));
-            push @ex_libs, "ws2_32.a" unless $disabled{sock};
-            return join(" ", @ex_libs);
-        }),
-        AR               => "tlib",
-        ARFLAGS          => "/P256 /N /u",
-        ar_resp_delim    => " &\n",
-        RC               => "brcc32",
-        RCFLAGS          => '-i"$(BDS)\include\windows\sdk"',
-        rcoutflag        => "-fo",
-        shared_target    => "win-shared",
-        shared_ldflag    => "-aa -Tpd c0d64.o",
-        lddefflag        => ",",
-        ldresflag        => ",",
-        ld_implib_rule   => 'implib -a $< $**',
-        dso_scheme       => "win64",
-        shared_defflag   => '',
-        perl_platform    => 'Windows::cppbuilder',
-        uplink_arch      => 'common',
-    }
-);
--- a/Configurations/50-djgpp.conf
+++ b/Configurations/50-djgpp.conf
@@ -2,17 +2,14 @@
 # and rely entirely on the OpenSSL community to help is fine
 # tune and test.

-my %targets = (
+%targets = (
    "DJGPP" => {
-        inherit_from     => [ "BASE_unix" ],
-        CC               => "gcc",
-        CFLAGS           => "-fomit-frame-pointer -O2 -Wall",
-        cflags           => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",
+        inherit_from     => [ asm("x86_asm") ],
+        cc               => "gcc",
+        cflags           => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall",
        sys_id           => "MSDOS",
-        lflags           => add("-L/dev/env/WATT_ROOT/lib"),
-        ex_libs          => add("-lwatt"),
+        ex_libs          => add("-L/dev/env/WATT_ROOT/lib -lwatt"),
        bn_ops           => "BN_LLONG",
-        asm_arch         => 'x86',
        perlasm_scheme   => "a.out",
    },
 );
--- a/Configurations/50-haiku.conf
+++ b/Configurations/50-haiku.conf
@@ -1,15 +1,11 @@
-my %targets = (
+%targets = (
    "haiku-common" => {
        template         => 1,
-        CC               => "cc",
-        CFLAGS           => add_before(picker(default => "-Wall",
+        cc               => "cc",
+        cflags           => add_before(picker(default => "-DL_ENDIAN -Wall -include \$(SRCDIR)/os-dep/haiku.h",
                                              debug   => "-g -O0",
-                                              release => "-O2")),
-        cflags           => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h",
+                                              release => "-O2"),
                                       threads("-D_REENTRANT")),
-        AR              => "ar",
-        ARFLAGS         => "qc",
-        HASHBANGPERL    => "/bin/env perl",
        sys_id           => "HAIKU",
        ex_libs          => "-lnetwork",
        perlasm_scheme   => "elf",
@@ -18,14 +14,12 @@ my %targets = (
        shared_target    => "gnu-shared",
        shared_cflag     => "-fPIC",
        shared_ldflag    => "-shared",
-        perl_platform    => 'Unix',
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
    },
    "haiku-x86" => {
-        inherit_from     => [ "haiku-common" ],
-        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
+        inherit_from     => [ "haiku-common", asm("x86_elf_asm") ],
+        cflags           => add(picker(release => "-fomit-frame-pointer")),
        bn_ops           => "BN_LLONG",
-        asm_arch         => 'x86',
-        perlasm_scheme   => 'elf',
    },
    "haiku-x86_64" => {
        inherit_from     => [ "haiku-common" ],
--- a/Configurations/50-masm.conf
+++ b/Configurations/50-masm.conf
@@ -7,16 +7,11 @@
 # proven to be daunting task. This is experimental target, for
 # production builds stick with [up-to-date version of] nasm.

-my %targets = (
+%targets = (
    "VC-WIN64A-masm" => {
-        inherit_from    => [ "VC-WIN64-common" ],
-        AS              => "ml64",
-        ASFLAGS         => "/nologo /Zi",
+        inherit_from    => [ "VC-WIN64A" ],
+        as              => "ml64",
+        asflags         => "/c /Cp /Cx /Zi",
        asoutflag       => "/Fo",
-        asflags         => "/c /Cp /Cx",
-        sys_id          => "WIN64A",
-        uplink_arch      => 'x86_64',
-        asm_arch         => 'x86_64',
-        perlasm_scheme   => "masm",
    },
 );
--- a/Configurations/50-nonstop.conf
+++ b/Configurations/50-nonstop.conf
@@ -1,283 +0,0 @@
-#### Nonstop configurations
-    # Common for all
-    'nonstop-common' => {
-        inherit_from     => [ 'BASE_unix' ],
-        template         => 1,
-        cc               => 'c99',
-        cflags           => add_before(picker(debug   => '-g -O0',
-                                              release => '-g -O2'),
-                                       '-Wextensions',
-                                       '-Wnowarn=203,220,272,734,770,1506',
-                                       '-Wbuild_neutral_library',
-                                       '-Wverbose'),
-        defines          => add('OPENSSL_VPROC=$(OPENSSL_VPROC)',
-                                '_XOPEN_SOURCE',
-                                '_XOPEN_SOURCE_EXTENDED=1',
-                                '_TANDEM_SOURCE',
-                                '__NSK_OPTIONAL_TYPES__',
-                                'B_ENDIAN'),
-        perl             => '/usr/bin/perl',
-        shared_target    => 'nonstop-shared',
-        shared_extension => ".so",
-        ex_libs          => add('-lrld'),
-        enable           => ['egd'],
-	# Not currently inherited
-        disable          => ['atexit'],
-        dso_scheme       => 'DLFCN',
-        sys_id           => 'TANDEM',
-    },
-
-    ######################################################################
-    # Additional variant settings, to be combined with nonstop-common
-    # Note that these do not inherit anything.  However, the diverse values
-    # are merged with other entries in an 'inherit_from'.
-    #
-    # These combine:
-    # - System architecture (MIPS, Itanium, or x86)
-    # - Execution environment (oss [default] or guardian)
-    #
-    # Unfortunately, they can't be separated into independent templates, because
-    # a number of the above are encoded as different linkers, and by consequence,
-    # different c99 linker flags (-Wld, -Weld, and -Wxld)
-    #
-    # In addition, the are modifiers for:
-    # - Size of long + pointer (ilp32 [default] and lp64)
-    # - Float type (neutral and tandem)
-    #
-    # Unfortunately, because the float types affect the linker settings, those
-    # are divided per system architecture
-    #
-    # MIPS + guardian (unused but present for convenience):
-    'nonstop-archenv-mips-guardian' => {
-        template         => 1,
-        defines          => ['NO_GETPID'],
-        cflags           => '-Wtarget=tns/r -Wsystype=guardian',
-        lflags           => '-Wld="-set systype guardian"',
-        shared_ldflag    => '-Wshared -Wld="-soname $(@:lib%.so=%)"',
-        shared_defflag   => '-Wld_obey=',
-        shared_argfileflag => '-Wld_obey=',
-    },
-
-    # Itanium + guardian:
-    'nonstop-archenv-itanium-guardian' => {
-        template         => 1,
-        defines          => ['NO_GETPID'],
-        cflags           => '-Wtarget=tns/e -Wsystype=guardian',
-        lflags           => '-Weld="-set systype guardian"',
-        shared_ldflag    => '-Wshared -Weld="-soname $(@:lib%.so=%)"',
-        shared_defflag   => '-Weld_obey=',
-        shared_argfileflag => '-Weld_obey=',
-    },
-
-    # x86 + guardian:
-    'nonstop-archenv-x86_64-guardian' => {
-        template         => 1,
-        defines          => ['NO_GETPID'],
-        cflags           => '-Wtarget=tns/x -Wsystype=guardian',
-        lflags           => '-Wxld="-set systype guardian"',
-        shared_ldflag    => '-Wshared -Wxld="-soname $(@:lib%.so=%)"',
-        shared_defflag   => '-Wxld_obey=',
-        shared_argfileflag => '-Wxld_obey=',
-    },
-
-    # MIPS + oss (unused but present for convenience):
-    'nonstop-archenv-mips-oss' => {
-        template         => 1,
-        cflags           => '-Wtarget=tns/r -Wsystype=oss',
-        lflags           => '-Wld="-set systype oss"',
-        shared_ldflag    => '-Wshared',
-        shared_defflag   => '-Wld_obey=',
-        shared_argfileflag => '-Wld_obey=',
-    },
-    # Itanium + oss:
-    'nonstop-archenv-itanium-oss' => {
-        template         => 1,
-        cflags           => '-Wtarget=tns/e -Wsystype=oss',
-        lflags           => '-Weld="-set systype oss"',
-        shared_ldflag    => '-Wshared',
-        shared_defflag   => '-Weld_obey=',
-        shared_argfileflag => '-Weld_obey=',
-    },
-    # x86_64 + oss:
-    'nonstop-archenv-x86_64-oss' => {
-        template         => 1,
-        cflags           => '-Wtarget=tns/x -Wsystype=oss',
-        lflags           => '-Wxld="-set systype oss"',
-        shared_ldflag    => '-Wshared',
-        shared_defflag   => '-Wxld_obey=',
-        shared_argfileflag => '-Wxld_obey=',
-    },
-
-    # Size variants
-    'nonstop-ilp32' => {
-        template         => 1,
-        cflags           => '-Wilp32',
-        bn_ops           => 'THIRTY_TWO_BIT',
-    },
-    'nonstop-lp64-itanium' => {
-        template         => 1,
-        cflags           => '-Wlp64',
-        bn_ops           => 'SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR',
-    },
-    'nonstop-lp64-x86_64' => {
-        template         => 1,
-        cflags           => '-Wlp64',
-        lflags           => '-Wxld="-set data_model lp64"',
-        bn_ops           => 'SIXTY_FOUR_BIT',
-    },
-
-    # Float variants
-    'nonstop-nfloat-mips' => {
-        template         => 1,
-        lflags           => '-Wld="-set floattype neutral_float"',
-    },
-    'nonstop-tfloat-mips' => {
-        template         => 1,
-        lflags           => '-Wld="-set floattype tandem_float"',
-    },
-    'nonstop-efloat-itanium' => {
-        template         => 1,
-        cflags           => '-WIEEE_float',
-        lflags           => '-Weld="-set floattype ieee_float"',
-    },
-    'nonstop-nfloat-itanium' => {
-        template         => 1,
-        lflags           => '-Weld="-set floattype neutral_float"',
-    },
-    'nonstop-tfloat-itanium' => {
-        template         => 1,
-        cflags           => '-WTandem_float',
-        lflags           => '-Weld="-set floattype tandem_float"',
-    },
-    'nonstop-efloat-x86_64' => {
-        template         => 1,
-        cflags           => '-WIEEE_float',
-        lflags           => '-Wxld="-set floattype ieee_float"',
-    },
-    'nonstop-nfloat-x86_64' => {
-        template         => 1,
-        lflags           => '-Wxld="-set floattype neutral_float"',
-    },
-    'nonstop-tfloat-x86_64' => {
-        template         => 1,
-        cflags           => '-WTandem_float',
-        lflags           => '-Wxld="-set floattype tandem_float"',
-    },
-
-    ######################################################################
-    # Build models
-    'nonstop-model-put' => {
-        template         => 1,
-        defines          => ['_PUT_MODEL_',
-                             '_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
-        ex_libs          => '-lput',
-    },
-
-    ######################################################################
-    # Build models
-    'nonstop-model-klt' => {
-        template         => 1,
-        defines          => ['_KLT_MODEL_',
-                             '_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
-        ex_libs          => '-lklt',
-    },
-
-    ######################################################################
-    # Now for the entries themselves, let's combine things!
-    'nonstop-nsx' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-x86_64' ],
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nsx_put' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-x86_64',
-                              'nonstop-model-put' ],
-        multilib         => '-put',
-        multibin         => '-put',
-        disable          => ['atexit'],
-    },
-    'nonstop-nsx_64' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-lp64-x86_64',
-                              'nonstop-efloat-x86_64' ],
-        multilib         => '64',
-        multibin         => '64',
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nsx_64_put' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-lp64-x86_64',
-                              'nonstop-efloat-x86_64',
-                              'nonstop-model-put' ],
-        multilib         => '64-put',
-        multibin         => '64-put',
-        disable          => ['atexit'],
-    },
-    'nonstop-nsx_64_klt' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-lp64-x86_64',
-                              'nonstop-efloat-x86_64',
-                              'nonstop-model-klt' ],
-        multilib         => '64-klt',
-        multibin         => '64-klt',
-        disable          => ['atexit'],
-    },
-    'nonstop-nsx_g' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-guardian',
-                              'nonstop-ilp32', 'nonstop-nfloat-x86_64' ],
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nsx_g_tandem' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-guardian',
-                              'nonstop-ilp32', 'nonstop-tfloat-x86_64' ],
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nsv' => {
-        inherit_from     => [ 'nonstop-nsx' ],
-    },
-    'nonstop-nse' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-itanium-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-itanium' ],
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nse_put' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-itanium-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-itanium',
-                              'nonstop-model-put' ],
-        multilib         => '-put',
-        multibin         => '-put',
-        disable          => ['atexit'],
-    },
-    'nonstop-nse_64' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-itanium-oss',
-                              'nonstop-lp64-itanium',
-                              'nonstop-efloat-itanium' ],
-        multilib         => '64',
-        multibin         => '64',
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nse_64_put' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-itanium-oss',
-                              'nonstop-lp64-itanium',
-                              'nonstop-efloat-itanium',
-                              'nonstop-model-put' ],
-        multilib         => '64-put',
-        multibin         => '64-put',
-        disable          => ['atexit'],
-    },
--- a/Configurations/50-os390.conf
+++ b/Configurations/50-os390.conf
@@ -1,11 +0,0 @@
-## -*- mode: perl; -*-
-(
-# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
-    "OS390-Unix" => {
-        inherit_from     => [ "BASE_unix" ],
-        cc               => "cc",
-        cflags           => "-O -DB_ENDIAN -DCHARSET_EBCDIC",
-        bn_ops           => "THIRTY_TWO_BIT RC4_CHAR",
-        thread_scheme    => "(unknown)",
-    }
-);
--- a/Configurations/50-vms-x86_64.conf
+++ b/Configurations/50-vms-x86_64.conf
@@ -1,14 +0,0 @@
-## -*- mode: perl; -*-
-
-# OpenVMS cross compilation of x86_64 binaries on Itanium.  This doesn't
-# fit the usual cross compilation parameters that are used on Unixly machines
-
-(
- 'vms-x86_64-cross-ia64' => {
-     inherit_from   => [ 'vms-generic' ],
-     CC             => 'XCC',
-     bn_ops         => 'SIXTY_FOUR_BIT',
-     pointer_size   => '',
-     setup_commands => [ '@SYS$MANAGER:X86_XTOOLS$SYLOGIN.COM' ],
- }
-);
--- a/Configurations/50-win-clang-cl.conf
+++ b/Configurations/50-win-clang-cl.conf
@@ -1,36 +0,0 @@
-## -*- mode: perl; -*-
-# Windows on Arm clang-cl targets.
-#
-
-my %targets = (
-    "VC-WIN64-CLANGASM-ARM" => {
-        inherit_from    => [ "VC-noCE-common" ],
-        defines         => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
-                               "OPENSSL_SYS_WIN_CORE"),
-        bn_ops          => "SIXTY_FOUR_BIT RC4_CHAR",
-        multilib        => "-arm64",
-        asm_arch        => "aarch64",
-        AS        => "clang-cl.exe",
-        ASFLAGS   => "/nologo /Zi --target=arm64-pc-windows-msvc",
-        asflags   => "/c",
-        asoutflag => "/Fo",
-        perlasm_scheme => "win64",
-        uplink_arch      => 'armv8',
-    },
-    "VC-CLANG-WIN64-CLANGASM-ARM" => {
-        CC => "clang-cl",
-        inherit_from    => [ "VC-noCE-common" ],
-        defines         => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
-                               "OPENSSL_SYS_WIN_CORE"),
-        bn_ops          => "SIXTY_FOUR_BIT RC4_CHAR",
-        multilib        => "-arm64",
-        asm_arch        => "aarch64",
-        CFLAGS        => add("--target=arm64-pc-windows-msvc"),
-        AS        => "clang-cl.exe",
-        ASFLAGS   => "/nologo /Zi --target=arm64-pc-windows-msvc",
-        asflags   => "/c",
-        asoutflag => "/Fo",
-        perlasm_scheme => "win64",
-        uplink_arch      => 'armv8',
-    },
-);
--- a/Configurations/50-win-hybridcrt.conf
+++ b/Configurations/50-win-hybridcrt.conf
@@ -1,37 +0,0 @@
-## -*- mode: perl; -*-
-# Windows HybridCRT targets.
-# 
-# https://github.com/microsoft/WindowsAppSDK/blob/77761e244289fda6b3d5f14c7bded189fed4fb89/docs/Coding-Guidelines/HybridCRT.md
-# Link statically against the runtime and STL, but link dynamically against the CRT by ignoring the static CRT
-# lib and instead linking against the Universal CRT DLL import library. This "Hybrid" linking mechanism is
-# supported according to the CRT maintainer. Dynamic linking against the CRT makes the binaries a bit smaller
-# than they would otherwise be if the CRT, runtime, and STL were all statically linked in.
-
-
-sub remove_from_flags {
-    my ($toRemove, $flags) = @_;
-    
-    $flags =~ s/$toRemove//;
-    return $flags;
-}
-
-my %targets = (
-    "VC-WIN32-HYBRIDCRT" => {
-        inherit_from    => [ "VC-WIN32" ],
-        cflags          => sub {
-            remove_from_flags(qr/\/MDd?\s/, add(picker(debug   => "/MTd",
-                                                       release => "/MT"))->(@_))
-        },
-        lflags          => add(picker(debug   => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
-                                      release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
-    },
-    "VC-WIN64A-HYBRIDCRT" => {
-        inherit_from    => [ "VC-WIN64A" ],
-        cflags          => sub {
-            remove_from_flags(qr/\/MDd?\s/, add(picker(debug   => "/MTd",
-                                                       release => "/MT"))->(@_))
-        },
-        lflags          => add(picker(debug   => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
-                                      release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
-    },
-);
--- a/Configurations/50-win-onecore.conf
+++ b/Configurations/50-win-onecore.conf
@@ -1,137 +0,0 @@
-## -*- mode: perl; -*-
-# Windows OneCore targets.
-#
-# OneCore is new API stability "contract" that transcends Desktop, IoT and
-# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
-# export subset of Win32 API that are common to all Windows 10 devices.
-#
-# OneCore Configuration temporarily dedicated for console applications
-# due to disabled event logging, which is incompatible with one core.
-# Error messages are provided via standard error only.
-# TODO: extend error handling to use ETW based eventing
-# (Or rework whole error messaging)
-
-my $UWP_info = {};
-sub UWP_info {
-    unless (%$UWP_info) {
-        my $SDKver = `powershell -Command  \"& {\$(Get-Item \\\"hklm:\\SOFTWARE\\WOW6432Node\\Microsoft\\Microsoft SDKs\\Windows\\\").GetValue(\\\"CurrentVersion\\\")}\"`;
-        $SDKver =~ s|\R$||;
-        my @SDKver_split = split(/\./, $SDKver);
-        # SDK version older than 10.0.17763 don't support our ASM builds
-        if ($SDKver_split[0] < 10
-            || ($SDKver_split[0] == 10
-                && $SDKver_split[1] == 0
-                && $SDKver_split[2] < 17763)) {
-            $UWP_info->{disable} = [ 'asm' ];
-        } else {
-            $UWP_info->{disable} = [ ];
-        }
-    }
-    return $UWP_info;
-}
-
-my %targets = (
-    "VC-WIN32-ONECORE" => {
-        inherit_from    => [ "VC-WIN32" ],
-        # /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has
-        # hidden reference to kernel32.lib, but we don't actually want
-        # it in "onecore" build.
-        lflags          => add("/NODEFAULTLIB:kernel32.lib"),
-        defines         => add("OPENSSL_SYS_WIN_CORE"),
-        ex_libs         => "onecore.lib",
-    },
-    "VC-WIN64A-ONECORE" => {
-        inherit_from    => [ "VC-WIN64A" ],
-        lflags          => add("/NODEFAULTLIB:kernel32.lib"),
-        defines         => add("OPENSSL_SYS_WIN_CORE"),
-        ex_libs         => "onecore.lib",
-    },
-
-    # Windows on ARM targets. ARM compilers are additional components in
-    # VS2017, i.e. they are not installed by default. And when installed,
-    # there are no "ARM Tool Command Prompt"s on Start menu, you have
-    # to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has
-    # received limited testing with evp_test.exe on Windows 10 IoT Core,
-    # but not VC-WIN64-ARM, no hardware... In other words they are not
-    # actually supported...
-    #
-    # Another thing to keep in mind [in cross-compilation scenario such
-    # as this one] is that target's file system has nothing to do with
-    # compilation system's one. This means that you're are likely to use
-    # --prefix and --openssldir with target-specific values. 'nmake install'
-    # step is effectively meaningless in cross-compilation case, though
-    # it might be useful to 'nmake install DESTDIR=S:\ome\where' where you
-    # can point Visual Studio to when compiling custom application code.
-
-    "VC-WIN32-ARM" => {
-        inherit_from    => [ "VC-noCE-common" ],
-        defines         => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
-                               "OPENSSL_SYS_WIN_CORE"),
-        bn_ops          => "BN_LLONG RC4_CHAR",
-        lflags          => add("/NODEFAULTLIB:kernel32.lib"),
-        ex_libs         => "onecore.lib",
-        multilib        => "-arm",
-    },
-    "VC-WIN64-ARM" => {
-        inherit_from    => [ "VC-noCE-common" ],
-        defines         => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
-                               "OPENSSL_SYS_WIN_CORE"),
-        bn_ops          => "SIXTY_FOUR_BIT RC4_CHAR",
-        lflags          => add("/NODEFAULTLIB:kernel32.lib"),
-        ex_libs         => "onecore.lib",
-        multilib        => "-arm64",
-    },
-
-    # Universal Windows Platform (UWP) App Support
-
-    # TODO
-    #
-    # The 'disable' attribute should have 'uplink'.
-    # however, these are checked in some 'inherit_from', which is processed
-    # very early, before the 'disable' attributes are seen.
-    # This is a problem that needs to be resolved in Configure first.
-    #
-    # But if you want to build library with Windows 10 Version 1809 SDK or
-    # earlier, the 'disable' attribute should also have 'asm'.
-
-    "VC-WIN32-UWP" => {
-        inherit_from    => [ "VC-WIN32-ONECORE" ],
-        lflags          => add("/APPCONTAINER"),
-        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
-                               "_WIN32_WINNT=0x0A00"),
-        dso_scheme      => "",
-        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
-                                   @{ UWP_info()->{disable} } ] },
-        ex_libs         => "WindowsApp.lib",
-    },
-     "VC-WIN64A-UWP" => {
-        inherit_from    => [ "VC-WIN64A-ONECORE" ],
-        lflags          => add("/APPCONTAINER"),
-        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
-                               "_WIN32_WINNT=0x0A00"),
-        dso_scheme      => "",
-        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
-                                   @{ UWP_info()->{disable} } ] },
-        ex_libs         => "WindowsApp.lib",
-    },
-    "VC-WIN32-ARM-UWP" => {
-        inherit_from    => [ "VC-WIN32-ARM" ],
-        lflags          => add("/APPCONTAINER"),
-        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
-                               "_WIN32_WINNT=0x0A00"),
-        dso_scheme      => "",
-        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
-                                   @{ UWP_info()->{disable} } ] },
-        ex_libs         => "WindowsApp.lib",
-    },
-     "VC-WIN64-ARM-UWP" => {
-        inherit_from    => [ "VC-WIN64-ARM" ],
-        lflags          => add("/APPCONTAINER"),
-        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
-                               "_WIN32_WINNT=0x0A00"),
-        dso_scheme      => "",
-        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
-                                   @{ UWP_info()->{disable} } ] },
-        ex_libs         => "WindowsApp.lib",
-    },
-);
--- a/Configurations/90-team.conf
+++ b/Configurations/90-team.conf
@@ -0,0 +1,112 @@
+## -*- mode: perl; -*-
+## Build configuration targets for openssl-team members
+
+%targets = (
+    "purify" => {
+        cc               => "purify gcc",
+        cflags           => "-g -Wall",
+        thread_scheme    => "(unknown)",
+        ex_libs          => add(" ","-lsocket -lnsl"),
+    },
+    "debug" => {
+        cc               => "gcc",
+        cflags           => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
+        thread_scheme    => "(unknown)",
+    },
+    "debug-erbridge" => {
+        inherit_from     => [ "x86_64_asm" ],
+        cc               => "gcc",
+        cflags           => combine("$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-m64",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+        multilib         => "64",
+    },
+    "debug-linux-pentium" => {
+        inherit_from     => [ "x86_elf_asm" ],
+        cc               => "gcc",
+        cflags           => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+    },
+    "debug-linux-ppro" => {
+        inherit_from     => [ "x86_elf_asm" ],
+        cc               => "gcc",
+        cflags           => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+    },
+    "debug-linux-ia32-aes" => {
+        cc               => "gcc",
+        cflags           => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        cpuid_asm_src    => "x86cpuid.s",
+        bn_asm_src       => "bn-586.s co-586.s x86-mont.s",
+        des_asm_src      => "des-586.s crypt586.s",
+        aes_asm_src      => "aes_x86core.s aes_cbc.s aesni-x86.s",
+        bf_asm_src       => "bf-586.s",
+        md5_asm_src      => "md5-586.s",
+        sha1_asm_src     => "sha1-586.s sha256-586.s sha512-586.s",
+        cast_asm_src     => "cast-586.s",
+        rc4_asm_src      => "rc4-586.s",
+        rmd160_asm_src   => "rmd-586.s",
+        rc5_asm_src      => "rc5-586.s",
+        wp_asm_src       => "wp_block.s wp-mmx.s",
+        modes_asm_src    => "ghash-x86.s",
+        padlock_asm_src  => "e_padlock-x86.s",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "dist" => {
+        cc               => "cc",
+        cflags           => "-O",
+        thread_scheme    => "(unknown)",
+    },
+    "debug-test-64-clang" => {
+        inherit_from     => [ "x86_64_asm" ],
+        cc               => "clang",
+        cflags           => combine("$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
+                                    threads("${BSDthreads}")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "bsd-gcc-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+    },
+    "darwin64-debug-test-64-clang" => {
+        inherit_from     => [ "x86_64_asm" ],
+        cc               => "clang",
+        cflags           => combine("-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
+                                    threads("${BSDthreads}")),
+        sys_id           => "MACOSX",
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "macosx",
+        dso_scheme       => "dlfcn",
+        shared_target    => "darwin-shared",
+        shared_cflag     => "-fPIC -fno-common",
+        shared_ldflag    => "-arch x86_64 -dynamiclib",
+        shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+    },
+);
--- a/Configurations/README
+++ b/Configurations/README
@@ -0,0 +1,655 @@
+Configurations of OpenSSL target platforms
+==========================================
+
+Target configurations are a collection of facts that we know about
+different platforms and their capabilities.  We organise them in a
+hash table, where each entry represent a specific target.
+
+In each table entry, the following keys are significant:
+
+        inherit_from    => Other targets to inherit values from.
+                           Explained further below. [1]
+        template        => Set to 1 if this isn't really a platform
+                           target.  Instead, this target is a template
+                           upon which other targets can be built.
+                           Explained further below.  [1]
+
+        sys_id          => System identity for systems where that
+                           is difficult to determine automatically.
+
+        cc              => The compiler command, usually one of "cc",
+                           "gcc" or "clang".  This command is normally
+                           also used to link object files and
+                           libraries into the final program.
+        cflags          => Flags that are used at all times when
+                           compiling.
+        defines         => As an alternative, macro definitions may be
+                           present here instead of in `cflags'.  If
+                           given here, they MUST be as an array of the
+                           string such as "MACRO=value", or just
+                           "MACRO" for definitions without value.
+        shared_cflag    => Extra compilation flags used when
+                           compiling for shared libraries, typically
+                           something like "-fPIC".
+
+        (linking is a complex thing, see [3] below)
+        ld              => Linker command, usually not defined
+                           (meaning the compiler command is used
+                           instead).
+                           (NOTE: this is here for future use, it's
+                           not implemented yet)
+        lflags          => Flags that are used when linking apps.
+        shared_ldflag   => Flags that are used when linking shared
+                           or dynamic libraries.
+        plib_lflags     => Extra linking flags to appear just before
+                           the libraries on the command line.
+        ex_libs         => Extra libraries that are needed when
+                           linking.
+
+        ar              => The library archive command, the default is
+                           "ar".
+                           (NOTE: this is here for future use, it's
+                           not implemented yet)
+        arflags         => Flags to be used with the library archive
+                           command.
+
+        ranlib          => The library archive indexing command, the
+                           default is 'ranlib' it it exists.
+
+        unistd          => An alternative header to the typical
+                           '<unistd.h>'.  This is very rarely needed.
+
+        shared_extension => File name extension used for shared
+                            libraries. 
+        obj_extension   => File name extension used for object files.
+                           On unix, this defaults to ".o" (NOTE: this
+                           is here for future use, it's not
+                           implemented yet)
+        exe_extension   => File name extension used for executable
+                           files.  On unix, this defaults to "" (NOTE:
+                           this is here for future use, it's not
+                           implemented yet)
+
+        thread_scheme   => The type of threads is used on the
+                           configured platform.  Currently known
+                           values are "(unknown)", "pthreads",
+                           "uithreads" (a.k.a solaris threads) and
+                           "winthreads".  Except for "(unknown)", the
+                           actual value is currently ignored but may
+                           be used in the future.  See further notes
+                           below [2].
+        dso_scheme      => The type of dynamic shared objects to build
+                           for.  This mostly comes into play with
+                           engines, but can be used for other purposes
+                           as well.  Valid values are "DLFCN"
+                           (dlopen() et al), "DLFCN_NO_H" (for systems
+                           that use dlopen() et al but do not have
+                           fcntl.h), "DL" (shl_load() et al), "WIN32"
+                           and "VMS".
+        perlasm_scheme  => The perlasm method used to created the
+                           assembler files used when compiling with
+                           assembler implementations.
+        shared_target   => The shared library building method used.
+                           This is a target found in Makefile.shared.
+        build_scheme    => The scheme used to build up a Makefile.
+                           In its simplest form, the value is a string
+                           with the name of the build scheme.
+                           The value may also take the form of a list
+                           of strings, if the build_scheme is to have
+                           some options.  In this case, the first
+                           string in the list is the name of the build
+                           scheme.
+                           Currently recognised build scheme is "unified".
+                           For the "unified" build scheme, this item
+                           *must* be an array with the first being the
+                           word "unified" and the second being a word
+                           to identify the platform family.
+
+        multilib        => On systems that support having multiple
+                           implementations of a library (typically a
+                           32-bit and a 64-bit variant), this is used
+                           to have the different variants in different
+                           directories.
+
+        bn_ops          => Building options (was just bignum options
+                           in the earlier history of this option,
+                           hence the name).  This a string of words
+                           that describe properties on the designated
+                           target platform, such as the type of
+                           integers used to build up the bitnum,
+                           different ways to implement certain ciphers
+                           and so on.  To fully comprehend the
+                           meaning, the best is to read the affected
+                           source.
+                           The valid words are:
+
+                           BN_LLONG     use 'unsigned long long' in
+                                        some bignum calculations.
+                                        This has no value when
+                                        SIXTY_FOUR_BIT or
+                                        SIXTY_FOUR_BIT_LONG is given.
+                           RC4_CHAR     makes the basic RC4 unit of
+                                        calculation an unsigned char.
+                           SIXTY_FOUR_BIT       processor registers
+                                                are 64 bits, long is
+                                                32 bits, long long is
+                                                64 bits.
+                           SIXTY_FOUR_BIT_LONG  processor registers
+                                                are 64 bits, long is
+                                                64 bits.
+                           THIRTY_TWO_BIT       processor registers
+                                                are 32 bits.
+                           EXPORT_VAR_AS_FN     for shared libraries,
+                                                export vars as
+                                                accessor functions.
+
+        apps_extra_src  => Extra source to build apps/openssl, as
+                           needed by the target.
+        cpuid_asm_src   => assembler implementation of cpuid code as
+                           well as OPENSSL_cleanse().
+                           Default to mem_clr.c
+        bn_asm_src      => Assembler implementation of core bignum
+                           functions.
+                           Defaults to bn_asm.c
+        ec_asm_src      => Assembler implementation of core EC
+                           functions.
+        des_asm_src     => Assembler implementation of core DES
+                           encryption functions.
+                           Defaults to 'des_enc.c fcrypt_b.c'
+        aes_asm_src     => Assembler implementation of core AES
+                           functions.
+                           Defaults to 'aes_core.c aes_cbc.c'
+        bf_asm_src      => Assembler implementation of core BlowFish
+                           functions.
+                           Defaults to 'bf_enc.c'
+        md5_asm_src     => Assembler implementation of core MD5
+                           functions.
+        sha1_asm_src    => Assembler implementation of core SHA1,
+                           functions, and also possibly SHA256 and
+                           SHA512 ones.
+        cast_asm_src    => Assembler implementation of core CAST
+                           functions.
+                           Defaults to 'c_enc.c'
+        rc4_asm_src     => Assembler implementation of core RC4
+                           functions.
+                           Defaults to 'rc4_enc.c rc4_skey.c'
+        rmd160_asm_src  => Assembler implementation of core RMD160
+                           functions.
+        rc5_asm_src     => Assembler implementation of core RC5
+                           functions.
+                           Defaults to 'rc5_enc.c'
+        wp_asm_src      => Assembler implementation of core WHIRLPOOL
+                           functions.
+        cmll_asm_src    => Assembler implementation of core CAMELLIA
+                           functions.
+                           Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
+        modes_asm_src   => Assembler implementation of cipher modes,
+                           currently the functions gcm_gmult_4bit and
+                           gcm_ghash_4bit.
+        padlock_asm_src => Assembler implementation of core parts of
+                           the padlock engine.  This is mandatory on
+                           any platform where the padlock engine might
+                           actually be built.
+
+
+[1] as part of the target configuration, one can have a key called
+    'inherit_from' that indicate what other configurations to inherit
+    data from.  These are resolved recursively.
+
+    Inheritance works as a set of default values that can be overridden
+    by corresponding key values in the inheriting configuration.
+
+    Note 1: any configuration table can be used as a template.
+    Note 2: pure templates have the attribute 'template => 1' and
+            cannot be used as build targets.
+
+    If several configurations are given in the 'inherit_from' array,
+    the values of same attribute are concatenated with space
+    separation.  With this, it's possible to have several smaller
+    templates for different configuration aspects that can be combined
+    into a complete configuration.
+
+    instead of a scalar value or an array, a value can be a code block
+    of the form 'sub { /* your code here */ }'.  This code block will
+    be called with the list of inherited values for that key as
+    arguments.  In fact, the concatenation of strings is really done
+    by using 'sub { join(" ",@_) }' on the list of inherited values.
+
+    An example:
+
+        "foo" => {
+                template => 1,
+                haha => "ha ha",
+                hoho => "ho",
+                ignored => "This should not appear in the end result",
+        },
+        "bar" => {
+                template => 1,
+                haha => "ah",
+                hoho => "haho",
+                hehe => "hehe"
+        },
+        "laughter" => {
+                inherit_from => [ "foo", "bar" ],
+                hehe => sub { join(" ",(@_,"!!!")) },
+                ignored => "",
+        }
+
+        The entry for "laughter" will become as follows after processing:
+
+        "laughter" => {
+                haha => "ha ha ah",
+                hoho => "ho haho",
+                hehe => "hehe !!!",
+                ignored => ""
+        }
+
+[2] OpenSSL is built with threading capabilities unless the user
+    specifies 'no-threads'.  The value of the key 'thread_scheme' may
+    be "(unknown)", in which case the user MUST give some compilation
+    flags to Configure.
+
+[3] OpenSSL has three types of things to link from object files or
+    static libraries:
+
+    - shared libraries; that would be libcrypto and libssl.
+    - shared objects (sometimes called dynamic libraries);  that would
+      be the engines.
+    - applications; those are apps/openssl and all the test apps.
+
+    Very roughly speaking, linking is done like this (words in braces
+    represent the configuration settings documented at the beginning
+    of this file):
+
+    shared libraries:
+        {ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \
+            -Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \
+            {plib_lflags} -lcrypto {ex_libs}
+
+    shared objects:
+        {ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \
+            blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs}
+
+    applications:
+        {ld} $(CFLAGS) {lflags} -o app \
+            app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs}
+
+
+Historically, the target configurations came in form of a string with
+values separated by colons.  This use is deprecated.  The string form
+looked like this:
+
+   "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
+
+
+Build info files
+================
+
+The build.info files that are spread over the source tree contain the
+minimum information needed to build and distribute OpenSSL.  It uses a
+simple and yet fairly powerful language to determine what needs to be
+built, from what sources, and other relationships between files.
+
+For every build.info file, all file references are relative to the
+directory of the build.info file for source files, and the
+corresponding build directory for built files if the build tree
+differs from the source tree.
+
+When processed, every line is processed with the perl module
+Text::Template, using the delimiters "{-" and "-}".  The hashes
+%config and %target are passed to the perl fragments, along with
+$sourcedir and $builddir, which are the locations of the source
+directory for the current build.info file and the corresponding build
+directory, all relative to the top of the build tree.
+
+To begin with, things to be built are declared by setting specific
+variables:
+
+    PROGRAMS=foo bar
+    LIBS=libsomething
+    ENGINES=libeng
+    SCRIPTS=myhack
+    EXTRA=file1 file2
+
+Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
+without extensions.  The build file templates will figure them out.
+
+For each thing to be built, it is then possible to say what sources
+they are built from:
+
+    PROGRAMS=foo bar
+    SOURCE[foo]=foo.c common.c
+    SOURCE[bar]=bar.c extra.c common.c
+
+It's also possible to tell some other dependencies:
+
+    DEPEND[foo]=libsomething
+    DEPEND[libbar]=libsomethingelse
+
+(it could be argued that 'libsomething' and 'libsomethingelse' are
+source as well.  However, the files given through SOURCE are expected
+to be located in the source tree while files given through DEPEND are
+expected to be located in the build tree)
+
+For some libraries, we maintain files with public symbols and their
+slot in a transfer vector (important on some platforms).  It can be
+declared like this:
+
+    ORDINALS[libcrypto]=crypto
+
+The value is not the name of the file in question, but rather the
+argument to util/mkdef.pl that indicates which file to use.
+
+One some platforms, shared libraries come with a name that's different
+from their static counterpart.  That's declared as follows:
+
+    SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
+
+The example is from Cygwin, which has a required naming convention.
+
+Sometimes, it makes sense to rename an output file, for example a
+library:
+
+    RENAME[libfoo]=libbar
+
+That lines has "libfoo" get renamed to "libbar".  While it makes no
+sense at all to just have a rename like that (why not just use
+"libbar" everywhere?), it does make sense when it can be used
+conditionally.  See a little further below for an example.
+
+In some cases, it's desirable to include some source files in the
+shared form of a library only:
+
+    SHARED_SOURCE[libfoo]=dllmain.c
+
+For any file to be built, it's also possible to tell what extra
+include paths the build of their source files should use:
+
+    INCLUDE[foo]=include
+
+In some cases, one might want to generate some source files from
+others, that's done as follows:
+
+    GENERATE[foo.s]=asm/something.pl $(CFLAGS)
+    GENERATE[bar.s]=asm/bar.S
+
+The value of each GENERATE line is a command line or part of it.
+Configure places no rules on the command line, except the the first
+item muct be the generator file.  It is, however, entirely up to the
+build file template to define exactly how those command lines should
+be handled, how the output is captured and so on.
+
+Sometimes, the generator file itself depends on other files, for
+example if it is a perl script that depends on other perl modules.
+This can be expressed using DEPEND like this:
+
+    DEPEND[asm/something.pl]=../perlasm/Foo.pm
+
+There may also be cases where the exact file isn't easily specified,
+but an inclusion directory still needs to be specified.  INCLUDE can
+be used in that case:
+
+    INCLUDE[asm/something.pl]=../perlasm
+
+NOTE: GENERATE lines are limited to one command only per GENERATE.
+
+As a last resort, it's possible to have raw build file lines, between
+BEGINRAW and ENDRAW lines as follows:
+
+    BEGINRAW[Makefile(unix)]
+    haha.h: {- $builddir -}/Makefile
+        echo "/* haha */" > haha.h
+    ENDRAW[Makefile(unix)]
+
+The word within square brackets is the build_file configuration item
+or the build_file configuration item followed by the second word in the
+build_scheme configuration item for the configured target within
+parenthesis as shown above.  For example, with the following relevant
+configuration items:
+
+   build_file   => "build.ninja"
+   build_scheme => [ "unified", "unix" ]
+
+... these lines will be considered:
+
+   BEGINRAW[build.ninja]
+   build haha.h: echo "/* haha */" > haha.h
+   ENDRAW[build.ninja]
+
+   BEGINRAW[build.ninja(unix)]
+   build hoho.h: echo "/* hoho */" > hoho.h
+   ENDRAW[build.ninja(unix)]
+
+Should it be needed because the recipes within a RAW section might
+clash with those generated by Configure, it's possible to tell it
+not to generate them with the use of OVERRIDES, for example:
+
+    SOURCE[libfoo]=foo.c bar.c
+    
+    OVERRIDES=bar.o
+    BEGINRAW[Makefile(unix)]
+    bar.o: bar.c
+    	$(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
+    ENDRAW[Makefile(unix)]
+
+See the documentation further up for more information on configuration
+items.
+
+Finally, you can have some simple conditional use of the build.info
+information, looking like this:
+
+    IF[1]
+     something
+    ELSIF[2]
+     something other
+    ELSE
+     something else
+    ENDIF
+
+The expression in square brackets is interpreted as a string in perl,
+and will be seen as true if perl thinks it is, otherwise false.  For
+example, the above would have "something" used, since 1 is true.
+
+Together with the use of Text::Template, this can be used as
+conditions based on something in the passed variables, for example:
+
+    IF[{- $disabled{shared} -}]
+      LIBS=libcrypto
+      SOURCE[libcrypto]=...
+    ELSE
+      LIBS=libfoo
+      SOURCE[libfoo]=...
+    ENDIF
+
+or:
+
+    # VMS has a cultural standard where all libraries are prefixed.
+    # For OpenSSL, the choice is 'ossl_'
+    IF[{- $config{target} =~ /^vms/ -}]
+     RENAME[libcrypto]=ossl_libcrypto
+     RENAME[libssl]=ossl_libssl
+    ENDIF
+
+
+Build-file programming with the "unified" build system
+======================================================
+
+"Build files" are called "Makefile" on Unix-like operating systems,
+"descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
+
+To use the "unified" build system, the target configuration needs to
+set the three items 'build_scheme', 'build_file' and 'build_command'.
+In the rest of this section, we will assume that 'build_scheme' is set
+to "unified" (see the configurations documentation above for the
+details).
+
+For any name given by 'build_file', the "unified" system expects a
+template file in Configurations/ named like the build file, with
+".tmpl" appended, or in case of possible ambiguity, a combination of
+the second 'build_scheme' list item and the 'build_file' name.  For
+example, if 'build_file' is set to "Makefile", the template could be
+Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
+In case both Configurations/unix-Makefile.tmpl and
+Configurations/Makefile.tmpl are present, the former takes
+precedence.
+
+The build-file template is processed with the perl module
+Text::Template, using "{-" and "-}" as delimiters that enclose the
+perl code fragments that generate configuration-dependent content.
+Those perl fragments have access to all the hash variables from
+configdata.pem.
+
+The build-file template is expected to define at least the following
+perl functions in a perl code fragment enclosed with "{-" and "-}".
+They are all expected to return a string with the lines they produce.
+
+    generatesrc - function that produces build file lines to generate
+                  a source file from some input.
+
+                  It's called like this:
+
+                        generatesrc(src => "PATH/TO/tobegenerated",
+                                    generator => [ "generatingfile", ... ]
+                                    generator_incs => [ "INCL/PATH", ... ]
+                                    generator_deps => [ "dep1", ... ]
+                                    generator => [ "generatingfile", ... ]
+                                    incs => [ "INCL/PATH", ... ],
+                                    deps => [ "dep1", ... ],
+                                    intent => one of "libs", "dso", "bin" );
+
+                  'src' has the name of the file to be generated.
+                  'generator' is the command or part of command to
+                  generate the file, of which the first item is
+                  expected to be the file to generate from.
+                  generatesrc() is expected to analyse and figure out
+                  exactly how to apply that file and how to capture
+                  the result.  'generator_incs' and 'generator_deps'
+                  are include directories and files that the generator
+                  file itself depends on.  'incs' and 'deps' are
+                  include directories and files that are used if $(CC)
+                  is used as an intermediary step when generating the
+                  end product (the file indicated by 'src').  'intent'
+                  indicates what the generated file is going to be
+                  used for.
+
+    src2obj     - function that produces build file lines to build an
+                  object file from source files and associated data.
+
+                  It's called like this:
+
+                        src2obj(obj => "PATH/TO/objectfile",
+                                srcs => [ "PATH/TO/sourcefile", ... ],
+                                deps => [ "dep1", ... ],
+                                incs => [ "INCL/PATH", ... ]
+                                intent => one of "lib", "dso", "bin" );
+
+                  'obj' has the intended object file *without*
+                  extension, src2obj() is expected to add that.
+                  'srcs' has the list of source files to build the
+                  object file, with the first item being the source
+                  file that directly corresponds to the object file.
+                  'deps' is a list of explicit dependencies.  'incs'
+                  is a list of include file directories.  Finally,
+                  'intent' indicates what this object file is going
+                  to be used for.
+
+    obj2lib     - function that produces build file lines to build a
+                  static library file ("libfoo.a" in Unix terms) from
+                  object files.
+
+                  called like this:
+
+                        obj2lib(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, obj2lib is expected to add that.  'objs'
+                  has the list of object files (also *without*
+                  extension) to build this library.
+
+    libobj2shlib - function that produces build file lines to build a
+                  shareable object library file ("libfoo.so" in Unix
+                  terms) from the corresponding static library file
+                  or object files.
+
+                  called like this:
+
+                        libobj2shlib(shlib => "PATH/TO/shlibfile",
+                                     lib => "PATH/TO/libfile",
+                                     objs => [ "PATH/TO/objectfile", ... ],
+                                     deps => [ "PATH/TO/otherlibfile", ... ],
+                                     ordinals => [ "word", "/PATH/TO/ordfile" ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, libobj2shlib is expected to add that.
+                  'shlib' has the corresponding shared library name
+                  *without* extension.  'deps' has the list of other
+                  libraries (also *without* extension) this library
+                  needs to be linked with.  'objs' has the list of
+                  object files (also *without* extension) to build
+                  this library.  'ordinals' MAY be present, and when
+                  it is, its value is an array where the word is
+                  "crypto" or "ssl" and the file is one of the ordinal
+                  files util/libeay.num or util/ssleay.num in the
+                  source directory.
+
+                  This function has a choice; it can use the
+                  corresponding static library as input to make the
+                  shared library, or the list of object files.
+
+    obj2dso     - function that produces build file lines to build a
+                  dynamic shared object file from object files.
+
+                  called like this:
+
+                        obj2dso(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/otherlibfile",
+                                ... ]);
+
+                  This is almost the same as libobj2shlib, but the
+                  intent is to build a shareable library that can be
+                  loaded in runtime (a "plugin"...).  The differences
+                  are subtle, one of the most visible ones is that the
+                  resulting shareable library is produced from object
+                  files only.
+
+    obj2bin     - function that produces build file lines to build an
+                  executable file from object files.
+
+                  called like this:
+
+                        obj2bin(bin => "PATH/TO/binfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/libfile", ... ]);
+
+                  'bin' has the intended executable file name
+                  *without* extension, obj2bin is expected to add
+                  that.  'objs' has the list of object files (also
+                  *without* extension) to build this library.  'deps'
+                  has the list of library files (also *without*
+                  extension) that the programs needs to be linked
+                  with.
+
+    in2script   - function that produces build file lines to build a
+                  script file from some input.
+
+                  called like this:
+
+                        in2script(script => "PATH/TO/scriptfile",
+                                  sources => [ "PATH/TO/infile", ... ]);
+
+                  'script' has the intended script file name.
+                  'sources' has the list of source files to build the
+                  resulting script from.
+
+In all cases, file file paths are relative to the build tree top, and
+the build file actions run with the build tree top as current working
+directory.
+
+Make sure to end the section with these functions with a string that
+you thing is appropriate for the resulting build file.  If nothing
+else, end it like this:
+
+      "";       # Make sure no lingering values end up in the Makefile
+    -}
--- a/Configurations/README-design.md
+++ b/Configurations/README-design.md
@@ -1,604 +0,0 @@
-Design document for the unified scheme data
-===========================================
-
-How are things connected?
-------------------------
-
-The unified scheme takes all its data from the `build.info` files seen
-throughout the source tree.  These files hold the minimum information
-needed to build end product files from diverse sources.  See the
-section on `build.info` files below.
-
-From the information in `build.info` files, `Configure` builds up an
-information database as a hash table called `%unified_info`, which is
-stored in configdata.pm, found at the top of the build tree (which may
-or may not be the same as the source tree).
-
-[`Configurations/common.tmpl`](common.tmpl) uses the data from `%unified_info` to
-generate the rules for building end product files as well as
-intermediary files with the help of a few functions found in the
-build-file templates.  See the section on build-file templates further
-down for more information.
-
-build.info files
----------------
-
-As mentioned earlier, `build.info` files are meant to hold the minimum
-information needed to build output files, and therefore only (with a
-few possible exceptions [1]) have information about end products (such
-as scripts, library files and programs) and source files (such as C
-files, C header files, assembler files, etc).  Intermediate files such
-as object files are rarely directly referred to in `build.info` files (and
-when they are, it's always with the file name extension `.o`), they are
-inferred by `Configure`.  By the same rule of minimalism, end product
-file name extensions (such as `.so`, `.a`, `.exe`, etc) are never mentioned
-in `build.info`.  Their file name extensions will be inferred by the
-build-file templates, adapted for the platform they are meant for (see
-sections on `%unified_info` and build-file templates further down).
-
-The variables `PROGRAMS`, `LIBS`, `MODULES` and `SCRIPTS` are used to declare
-end products.  There are variants for them with `_NO_INST` as suffix
-(`PROGRAM_NO_INST` etc) to specify end products that shouldn't get installed.
-
-The variables `SOURCE`, `DEPEND`, `INCLUDE` and `DEFINE` are indexed by a
-produced file, and their values are the source used to produce that
-particular produced file, extra dependencies, include directories
-needed, or C macros to be defined.
-
-All their values in all the `build.info` throughout the source tree are
-collected together and form a set of programs, libraries, modules and
-scripts to be produced, source files, dependencies, etc etc etc.
-
-Let's have a pretend example, a very limited contraption of OpenSSL,
-composed of the program `apps/openssl`, the libraries `libssl` and
-`libcrypto`, an module `engines/ossltest` and their sources and
-dependencies.
-
-    # build.info
-    LIBS=libcrypto libssl
-    INCLUDE[libcrypto]=include
-    INCLUDE[libssl]=include
-    DEPEND[libssl]=libcrypto
-
-This is the top directory `build.info` file, and it tells us that two
-libraries are to be built, the include directory `include/` shall be
-used throughout when building anything that will end up in each
-library, and that the library `libssl` depend on the library
-`libcrypto` to function properly.
-
-    # apps/build.info
-    PROGRAMS=openssl
-    SOURCE[openssl]=openssl.c
-    INCLUDE[openssl]=.. ../include
-    DEPEND[openssl]=../libssl
-
-This is the `build.info` file in `apps/`, one may notice that all file
-paths mentioned are relative to the directory the `build.info` file is
-located in.  This one tells us that there's a program to be built
-called `apps/openss` (the file name extension will depend on the
-platform and is therefore not mentioned in the `build.info` file).  It's
-built from one source file, `apps/openssl.c`, and building it requires
-the use of `.` and `include/` include directories (both are declared
-from the point of view of the `apps/` directory), and that the program
-depends on the library `libssl` to function properly.
-
-    # crypto/build.info
-    LIBS=../libcrypto
-    SOURCE[../libcrypto]=aes.c evp.c cversion.c
-    DEPEND[cversion.o]=buildinf.h
-
-    GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
-    DEPEND[buildinf.h]=../Makefile
-    DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
-
-This is the `build.info` file in `crypto/`, and it tells us a little more
-about what's needed to produce `libcrypto`.  LIBS is used again to
-declare that `libcrypto` is to be produced.  This declaration is
-really unnecessary as it's already mentioned in the top `build.info`
-file, but can make the info file easier to understand.  This is to
-show that duplicate information isn't an issue.
-
-This `build.info` file informs us that `libcrypto` is built from a few
-source files, `crypto/aes.c`, `crypto/evp.c` and `crypto/cversion.c`.
-It also shows us that building the object file inferred from
-`crypto/cversion.c` depends on `crypto/buildinf.h`.  Finally, it
-also shows the possibility to declare how some files are generated
-using some script, in this case a perl script, and how such scripts
-can be declared to depend on other files, in this case a perl module.
-
-Two things are worth an extra note:
-
-`DEPEND[cversion.o]` mentions an object file.  DEPEND indexes is the
-only location where it's valid to mention them
-
-    # ssl/build.info
-    LIBS=../libssl
-    SOURCE[../libssl]=tls.c
-
-This is the build.info file in `ssl/`, and it tells us that the
-library `libssl` is built from the source file `ssl/tls.c`.
-
-    # engines/build.info
-    MODULES=dasync
-    SOURCE[dasync]=e_dasync.c
-    DEPEND[dasync]=../libcrypto
-    INCLUDE[dasync]=../include
-
-    MODULES_NO_INST=ossltest
-    SOURCE[ossltest]=e_ossltest.c
-    DEPEND[ossltest]=../libcrypto.a
-    INCLUDE[ossltest]=../include
-
-This is the `build.info` file in `engines/`, telling us that two modules
-called `engines/dasync` and `engines/ossltest` shall be built, that
-`dasync`'s source is `engines/e_dasync.c` and `ossltest`'s source is
-`engines/e_ossltest.c` and that the include directory `include/` may
-be used when building anything that will be part of these modules.
-Also, both modules depend on the library `libcrypto` to function
-properly.  `ossltest` is explicitly linked with the static variant of
-the library `libcrypto`.  Finally, only `dasync` is being installed, as
-`ossltest` is only for internal testing.
-
-When `Configure` digests these `build.info` files, the accumulated
-information comes down to this:
-
-    LIBS=libcrypto libssl
-    SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
-    DEPEND[crypto/cversion.o]=crypto/buildinf.h
-    INCLUDE[libcrypto]=include
-    SOURCE[libssl]=ssl/tls.c
-    INCLUDE[libssl]=include
-    DEPEND[libssl]=libcrypto
-
-    PROGRAMS=apps/openssl
-    SOURCE[apps/openssl]=apps/openssl.c
-    INCLUDE[apps/openssl]=. include
-    DEPEND[apps/openssl]=libssl
-
-    MODULES=engines/dasync
-    SOURCE[engines/dasync]=engines/e_dasync.c
-    DEPEND[engines/dasync]=libcrypto
-    INCLUDE[engines/dasync]=include
-
-    MODULES_NO_INST=engines/ossltest
-    SOURCE[engines/ossltest]=engines/e_ossltest.c
-    DEPEND[engines/ossltest]=libcrypto.a
-    INCLUDE[engines/ossltest]=include
-
-    GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
-    DEPEND[crypto/buildinf.h]=Makefile
-    DEPEND[util/mkbuildinf.pl]=util/Foo.pm
-
-A few notes worth mentioning:
-
-`LIBS` may be used to declare routine libraries only.
-
-`PROGRAMS` may be used to declare programs only.
-
-`MODULES` may be used to declare modules only.
-
-The indexes for `SOURCE` must only be end product files, such as
-libraries, programs or modules.  The values of `SOURCE` variables must
-only be source files (possibly generated).
-
-`INCLUDE` and `DEPEND` shows a relationship between different files
-(usually produced files) or between files and directories, such as a
-program depending on a library, or between an object file and some
-extra source file.
-
-When `Configure` processes the `build.info` files, it will take it as
-truth without question, and will therefore perform very few checks.
-If the build tree is separate from the source tree, it will assume
-that all built files and up in the build directory and that all source
-files are to be found in the source tree, if they can be found there.
-`Configure` will assume that source files that can't be found in the
-source tree (such as `crypto/bildinf.h` in the example above) are
-generated and will be found in the build tree.
-
-The `%unified_info` database
----------------------------
-
-The information in all the `build.info` get digested by `Configure` and
-collected into the `%unified_info` database, divided into the following
-indexes:
-
-    depends   => a hash table containing 'file' => [ 'dependency' ... ]
-                 pairs.  These are directly inferred from the DEPEND
-                 variables in build.info files.
-
-    modules   => a list of modules.  These are directly inferred from
-                 the MODULES variable in build.info files.
-
-    generate  => a hash table containing 'file' => [ 'generator' ... ]
-                 pairs.  These are directly inferred from the GENERATE
-                 variables in build.info files.
-
-    includes  => a hash table containing 'file' => [ 'include' ... ]
-                 pairs.  These are directly inferred from the INCLUDE
-                 variables in build.info files.
-
-    install   => a hash table containing 'type' => [ 'file' ... ] pairs.
-                 The types are 'programs', 'libraries', 'modules' and
-                 'scripts', and the array of files list the files of
-                 that type that should be installed.
-
-    libraries => a list of libraries.  These are directly inferred from
-                 the LIBS variable in build.info files.
-
-    programs  => a list of programs.  These are directly inferred from
-                 the PROGRAMS variable in build.info files.
-
-    scripts   => a list of scripts.  There are directly inferred from
-                 the SCRIPTS variable in build.info files.
-
-    sources   => a hash table containing 'file' => [ 'sourcefile' ... ]
-                 pairs.  These are indirectly inferred from the SOURCE
-                 variables in build.info files.  Object files are
-                 mentioned in this hash table, with source files from
-                 SOURCE variables, and AS source files for programs and
-                 libraries.
-
-    shared_sources =>
-                 a hash table just like 'sources', but only as source
-                 files (object files) for building shared libraries.
-
-As an example, here is how the `build.info` files example from the
-section above would be digested into a `%unified_info` table:
-
-    our %unified_info = (
-        "depends" =>
-            {
-                "apps/openssl" =>
-                    [
-                        "libssl",
-                    ],
-                "crypto/buildinf.h" =>
-                    [
-                        "Makefile",
-                    ],
-                "crypto/cversion.o" =>
-                    [
-                        "crypto/buildinf.h",
-                    ],
-                "engines/dasync" =>
-                    [
-                        "libcrypto",
-                    ],
-                "engines/ossltest" =>
-                    [
-                        "libcrypto.a",
-                    ],
-                "libssl" =>
-                    [
-                        "libcrypto",
-                    ],
-                "util/mkbuildinf.pl" =>
-                    [
-                        "util/Foo.pm",
-                    ],
-            },
-        "modules" =>
-            [
-                "engines/dasync",
-                "engines/ossltest",
-            ],
-        "generate" =>
-            {
-                "crypto/buildinf.h" =>
-                    [
-                        "util/mkbuildinf.pl",
-                        "\"\$(CC)",
-                        "\$(CFLAGS)\"",
-                        "\"$(PLATFORM)\"",
-                    ],
-            },
-        "includes" =>
-            {
-                "apps/openssl" =>
-                    [
-                        ".",
-                        "include",
-                    ],
-                "engines/ossltest" =>
-                    [
-                        "include"
-                    ],
-                "libcrypto" =>
-                    [
-                        "include",
-                    ],
-                "libssl" =>
-                    [
-                        "include",
-                    ],
-                "util/mkbuildinf.pl" =>
-                    [
-                        "util",
-                    ],
-            }
-        "install" =>
-            {
-                "modules" =>
-                    [
-                        "engines/dasync",
-                    ],
-                "libraries" =>
-                    [
-                        "libcrypto",
-                        "libssl",
-                    ],
-                "programs" =>
-                    [
-                        "apps/openssl",
-                    ],
-           },
-        "libraries" =>
-            [
-                "libcrypto",
-                "libssl",
-            ],
-        "programs" =>
-            [
-                "apps/openssl",
-            ],
-        "sources" =>
-            {
-                "apps/openssl" =>
-                    [
-                        "apps/openssl.o",
-                    ],
-                "apps/openssl.o" =>
-                    [
-                        "apps/openssl.c",
-                    ],
-                "crypto/aes.o" =>
-                    [
-                        "crypto/aes.c",
-                    ],
-                "crypto/cversion.o" =>
-                    [
-                        "crypto/cversion.c",
-                    ],
-                "crypto/evp.o" =>
-                    [
-                        "crypto/evp.c",
-                    ],
-                "engines/e_dasync.o" =>
-                    [
-                        "engines/e_dasync.c",
-                    ],
-                "engines/dasync" =>
-                    [
-                        "engines/e_dasync.o",
-                    ],
-                "engines/e_ossltest.o" =>
-                    [
-                        "engines/e_ossltest.c",
-                    ],
-                "engines/ossltest" =>
-                    [
-                        "engines/e_ossltest.o",
-                    ],
-                "libcrypto" =>
-                    [
-                        "crypto/aes.c",
-                        "crypto/cversion.c",
-                        "crypto/evp.c",
-                    ],
-                "libssl" =>
-                    [
-                        "ssl/tls.c",
-                    ],
-                "ssl/tls.o" =>
-                    [
-                        "ssl/tls.c",
-                    ],
-            },
-    );
-
-As can be seen, everything in `%unified_info` is fairly simple suggest
-of information.  Still, it tells us that to build all programs, we
-must build `apps/openssl`, and to build the latter, we will need to
-build all its sources (`apps/openssl.o` in this case) and all the
-other things it depends on (such as `libssl`).  All those dependencies
-need to be built as well, using the same logic, so to build `libssl`,
-we need to build `ssl/tls.o` as well as `libcrypto`, and to build the
-latter...
-
-Build-file templates
--------------------
-
-Build-file templates are essentially build-files (such as `Makefile` on
-Unix) with perl code fragments mixed in.  Those perl code fragment
-will generate all the configuration dependent data, including all the
-rules needed to build end product files and intermediary files alike.
-At a minimum, there must be a perl code fragment that defines a set of
-functions that are used to generates specific build-file rules, to
-build static libraries from object files, to build shared libraries
-from static libraries, to programs from object files and libraries,
-etc.
-
-    generatesrc - function that produces build file lines to generate
-                  a source file from some input.
-
-                  It's called like this:
-
-                        generatesrc(src => "PATH/TO/tobegenerated",
-                                    generator => [ "generatingfile", ... ]
-                                    generator_incs => [ "INCL/PATH", ... ]
-                                    generator_deps => [ "dep1", ... ]
-                                    incs => [ "INCL/PATH", ... ],
-                                    deps => [ "dep1", ... ],
-                                    intent => one of "libs", "dso", "bin" );
-
-                  'src' has the name of the file to be generated.
-                  'generator' is the command or part of command to
-                  generate the file, of which the first item is
-                  expected to be the file to generate from.
-                  generatesrc() is expected to analyse and figure out
-                  exactly how to apply that file and how to capture
-                  the result.  'generator_incs' and 'generator_deps'
-                  are include directories and files that the generator
-                  file itself depends on.  'incs' and 'deps' are
-                  include directories and files that are used if $(CC)
-                  is used as an intermediary step when generating the
-                  end product (the file indicated by 'src').  'intent'
-                  indicates what the generated file is going to be
-                  used for.
-
-    src2obj     - function that produces build file lines to build an
-                  object file from source files and associated data.
-
-                  It's called like this:
-
-                        src2obj(obj => "PATH/TO/objectfile",
-                                srcs => [ "PATH/TO/sourcefile", ... ],
-                                deps => [ "dep1", ... ],
-                                incs => [ "INCL/PATH", ... ]
-                                intent => one of "lib", "dso", "bin" );
-
-                  'obj' has the intended object file with `.o`
-                  extension, src2obj() is expected to change it to
-                  something more suitable for the platform.
-                  'srcs' has the list of source files to build the
-                  object file, with the first item being the source
-                  file that directly corresponds to the object file.
-                  'deps' is a list of explicit dependencies.  'incs'
-                  is a list of include file directories.  Finally,
-                  'intent' indicates what this object file is going
-                  to be used for.
-
-    obj2lib     - function that produces build file lines to build a
-                  static library file ("libfoo.a" in Unix terms) from
-                  object files.
-
-                  called like this:
-
-                        obj2lib(lib => "PATH/TO/libfile",
-                                objs => [ "PATH/TO/objectfile", ... ]);
-
-                  'lib' has the intended library file name *without*
-                  extension, obj2lib is expected to add that.  'objs'
-                  has the list of object files to build this library.
-
-    libobj2shlib - backward compatibility function that's used the
-                  same way as obj2shlib (described next), and was
-                  expected to build the shared library from the
-                  corresponding static library when that was suitable.
-                  NOTE: building a shared library from a static
-                  library is now DEPRECATED, as they no longer share
-                  object files.  Attempting to do this will fail.
-
-    obj2shlib   - function that produces build file lines to build a
-                  shareable object library file ("libfoo.so" in Unix
-                  terms) from the corresponding object files.
-
-                  called like this:
-
-                        obj2shlib(shlib => "PATH/TO/shlibfile",
-                                  lib => "PATH/TO/libfile",
-                                  objs => [ "PATH/TO/objectfile", ... ],
-                                  deps => [ "PATH/TO/otherlibfile", ... ]);
-
-                  'lib' has the base (static) library file name
-                  *without* extension.  This is useful in case
-                  supporting files are needed (such as import
-                  libraries on Windows).
-                  'shlib' has the corresponding shared library name
-                  *without* extension.  'deps' has the list of other
-                  libraries (also *without* extension) this library
-                  needs to be linked with.  'objs' has the list of
-                  object files to build this library.
-
-    obj2dso     - function that produces build file lines to build a
-                  dynamic shared object file from object files.
-
-                  called like this:
-
-                        obj2dso(lib => "PATH/TO/libfile",
-                                objs => [ "PATH/TO/objectfile", ... ],
-                                deps => [ "PATH/TO/otherlibfile",
-                                ... ]);
-
-                  This is almost the same as obj2shlib, but the
-                  intent is to build a shareable library that can be
-                  loaded in runtime (a "plugin"...).
-
-    obj2bin     - function that produces build file lines to build an
-                  executable file from object files.
-
-                  called like this:
-
-                        obj2bin(bin => "PATH/TO/binfile",
-                                objs => [ "PATH/TO/objectfile", ... ],
-                                deps => [ "PATH/TO/libfile", ... ]);
-
-                  'bin' has the intended executable file name
-                  *without* extension, obj2bin is expected to add
-                  that.  'objs' has the list of object files to build
-                  this library.  'deps' has the list of library files
-                  (also *without* extension) that the programs needs
-                  to be linked with.
-
-    in2script   - function that produces build file lines to build a
-                  script file from some input.
-
-                  called like this:
-
-                        in2script(script => "PATH/TO/scriptfile",
-                                  sources => [ "PATH/TO/infile", ... ]);
-
-                  'script' has the intended script file name.
-                  'sources' has the list of source files to build the
-                  resulting script from.
-
-Along with the build-file templates is the driving template
-[`Configurations/common.tmpl`](common.tmpl), which looks through all the
-information in `%unified_info` and generates all the rulesets to build libraries,
-programs and all intermediate files, using the rule generating
-functions defined in the build-file template.
-
-As an example with the smaller `build.info` set we've seen as an
-example, producing the rules to build `libcrypto` would result in the
-following calls:
-
-    # Note: obj2shlib will only be called if shared libraries are
-    # to be produced.
-    # Note 2: obj2shlib must convert the '.o' extension to whatever
-    # is suitable on the local platform.
-    obj2shlib(shlib => "libcrypto",
-              objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ],
-              deps => [  ]);
-
-    obj2lib(lib => "libcrypto"
-            objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ]);
-
-    src2obj(obj => "crypto/aes.o"
-            srcs => [ "crypto/aes.c" ],
-            deps => [ ],
-            incs => [ "include" ],
-            intent => "lib");
-
-    src2obj(obj => "crypto/evp.o"
-            srcs => [ "crypto/evp.c" ],
-            deps => [ ],
-            incs => [ "include" ],
-            intent => "lib");
-
-    src2obj(obj => "crypto/cversion.o"
-            srcs => [ "crypto/cversion.c" ],
-            deps => [ "crypto/buildinf.h" ],
-            incs => [ "include" ],
-            intent => "lib");
-
-    generatesrc(src => "crypto/buildinf.h",
-                generator => [ "util/mkbuildinf.pl", "\"$(CC)",
-                               "$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
-                generator_incs => [ "util" ],
-                generator_deps => [ "util/Foo.pm" ],
-                incs => [ ],
-                deps => [ ],
-                intent => "lib");
-
-The returned strings from all those calls are then concatenated
-together and written to the resulting build-file.
--- a/Configurations/README.design
+++ b/Configurations/README.design
@@ -0,0 +1,641 @@
+Design document for the unified scheme data
+===========================================
+
+How are things connected?
+-------------------------
+
+The unified scheme takes all its data from the build.info files seen
+throughout the source tree.  These files hold the minimum information
+needed to build end product files from diverse sources.  See the
+section on build.info files below.
+
+From the information in build.info files, Configure builds up an
+information database as a hash table called %unified_info, which is
+stored in configdata.pm, found at the top of the build tree (which may
+or may not be the same as the source tree).
+
+Configurations/common.tmpl uses the data from %unified_info to
+generate the rules for building end product files as well as
+intermediary files with the help of a few functions found in the
+build-file templates.  See the section on build-file templates further
+down for more information.
+
+build.info files
+----------------
+
+As mentioned earlier, build.info files are meant to hold the minimum
+information needed to build output files, and therefore only (with a
+few possible exceptions [1]) have information about end products (such
+as scripts, library files and programs) and source files (such as C
+files, C header files, assembler files, etc).  Intermediate files such
+as object files are rarely directly referred to in build.info files (and
+when they are, it's always with the file name extension .o), they are
+inferred by Configure.  By the same rule of minimalism, end product
+file name extensions (such as .so, .a, .exe, etc) are never mentioned
+in build.info.  Their file name extensions will be inferred by the
+build-file templates, adapted for the platform they are meant for (see
+sections on %unified_info and build-file templates further down).
+
+The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare
+end products.  There are variants for them with '_NO_INST' as suffix
+(PROGRAM_NO_INST etc) to specify end products that shouldn't get
+installed.
+
+The variables SOURCE, DEPEND, INCLUDE and ORDINALS are indexed by a
+produced file, and their values are the source used to produce that
+particular produced file, extra dependencies, include directories
+needed, and ordinal files (explained further below.
+
+All their values in all the build.info throughout the source tree are
+collected together and form a set of programs, libraries, engines and
+scripts to be produced, source files, dependencies, etc etc etc.
+
+Let's have a pretend example, a very limited contraption of OpenSSL,
+composed of the program 'apps/openssl', the libraries 'libssl' and
+'libcrypto', an engine 'engines/ossltest' and their sources and
+dependencies.
+
+    # build.info
+    LIBS=libcrypto libssl
+    ORDINALS[libcrypto]=crypto
+    ORDINALS[libssl]=ssl
+    INCLUDE[libcrypto]=include
+    INCLUDE[libssl]=include
+    DEPEND[libssl]=libcrypto
+
+This is the top directory build.info file, and it tells us that two
+libraries are to be built, there are some ordinals to be used to
+declare what symbols in those libraries are seen as public, the
+include directory 'include/' shall be used throughout when building
+anything that will end up in each library, and that the library
+'libssl' depend on the library 'libcrypto' to function properly.
+
+    # apps/build.info
+    PROGRAMS=openssl
+    SOURCE[openssl]=openssl.c
+    INCLUDE[openssl]=.. ../include
+    DEPEND[openssl]=../libssl
+
+This is the build.info file in 'apps/', one may notice that all file
+paths mentioned are relative to the directory the build.info file is
+located in.  This one tells us that there's a program to be built
+called 'apps/openssl' (the file name extension will depend on the
+platform and is therefore not mentioned in the build.info file).  It's
+built from one source file, 'apps/openssl.c', and building it requires
+the use of '.' and 'include' include directories (both are declared
+from the point of view of the 'apps/' directory), and that the program
+depends on the library 'libssl' to function properly.
+
+    # crypto/build.info
+    LIBS=../libcrypto
+    SOURCE[../libcrypto]=aes.c evp.c cversion.c
+    DEPEND[cversion.o]=buildinf.h
+    
+    GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
+    DEPEND[buildinf.h]=../Makefile
+    DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
+
+This is the build.info file in 'crypto', and it tells us a little more
+about what's needed to produce 'libcrypto'.  LIBS is used again to
+declare that 'libcrypto' is to be produced.  This declaration is
+really unnecessary as it's already mentioned in the top build.info
+file, but can make the info file easier to understand.  This is to
+show that duplicate information isn't an issue.
+
+This build.info file informs us that 'libcrypto' is built from a few
+source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
+It also shows us that building the object file inferred from
+'crypto/cversion.c' depends on 'crypto/buildinf.h'.  Finally, it 
+also shows the possibility to declare how some files are generated
+using some script, in this case a perl script, and how such scripts
+can be declared to depend on other files, in this case a perl module.
+
+Two things are worth an extra note:
+
+'DEPEND[cversion.o]' mentions an object file.  DEPEND indexes is the
+only location where it's valid to mention them
+
+Lines in 'BEGINRAW'..'ENDRAW' sections must always mention files as
+seen from the top directory, no exception.
+
+    # ssl/build.info
+    LIBS=../libssl
+    SOURCE[../libssl]=tls.c
+
+This is the build.info file in 'ssl/', and it tells us that the
+library 'libssl' is built from the source file 'ssl/tls.c'.
+
+    # engines/build.info
+    ENGINES=dasync
+    SOURCE[dasync]=e_dasync.c
+    DEPEND[dasync]=../libcrypto
+    INCLUDE[dasync]=../include
+
+    ENGINES_NO_INST=ossltest
+    SOURCE[ossltest]=e_ossltest.c
+    DEPEND[ossltest]=../libcrypto
+    INCLUDE[ossltest]=../include
+
+This is the build.info file in 'engines/', telling us that two engines
+called 'engines/dasync' and 'engines/ossltest' shall be built, that
+dasync's source is 'engines/e_dasync.c' and ossltest's source is
+'engines/e_ossltest.c' and that the include directory 'include/' may
+be used when building anything that will be part of these engines.
+Also, both engines depend on the library 'libcrypto' to function
+properly.  Finally, only dasync is being installed, as ossltest is
+only for internal testing.
+
+When Configure digests these build.info files, the accumulated
+information comes down to this:
+
+    LIBS=libcrypto libssl
+    ORDINALS[libcrypto]=crypto
+    SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
+    DEPEND[crypto/cversion.o]=crypto/buildinf.h
+    INCLUDE[libcrypto]=include
+    ORDINALS[libssl]=ssl
+    SOURCE[libssl]=ssl/tls.c
+    INCLUDE[libssl]=include
+    DEPEND[libssl]=libcrypto
+    
+    PROGRAMS=apps/openssl
+    SOURCE[apps/openssl]=apps/openssl.c
+    INCLUDE[apps/openssl]=. include
+    DEPEND[apps/openssl]=libssl
+
+    ENGINES=engines/dasync
+    SOURCE[engines/dasync]=engines/e_dasync.c
+    DEPEND[engines/dasync]=libcrypto
+    INCLUDE[engines/dasync]=include
+
+    ENGINES_NO_INST=engines/ossltest
+    SOURCE[engines/ossltest]=engines/e_ossltest.c
+    DEPEND[engines/ossltest]=libcrypto
+    INCLUDE[engines/ossltest]=include
+    
+    GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
+    DEPEND[crypto/buildinf.h]=Makefile
+    DEPEND[util/mkbuildinf.pl]=util/Foo.pm
+
+
+A few notes worth mentioning:
+
+LIBS may be used to declare routine libraries only.
+
+PROGRAMS may be used to declare programs only.
+
+ENGINES may be used to declare engines only.
+
+The indexes for SOURCE and ORDINALS must only be end product files,
+such as libraries, programs or engines.  The values of SOURCE
+variables must only be source files (possibly generated)
+
+INCLUDE and DEPEND shows a relationship between different files
+(usually produced files) or between files and directories, such as a
+program depending on a library, or between an object file and some
+extra source file.
+
+When Configure processes the build.info files, it will take it as
+truth without question, and will therefore perform very few checks.
+If the build tree is separate from the source tree, it will assume
+that all built files and up in the build directory and that all source
+files are to be found in the source tree, if they can be found there.
+Configure will assume that source files that can't be found in the
+source tree (such as 'crypto/bildinf.h' in the example above) are
+generated and will be found in the build tree.
+
+
+The %unified_info database
+--------------------------
+
+The information in all the build.info get digested by Configure and
+collected into the %unified_info database, divided into the following
+indexes:
+
+  depends   => a hash table containing 'file' => [ 'dependency' ... ]
+               pairs.  These are directly inferred from the DEPEND
+               variables in build.info files.
+
+  engines   => a list of engines.  These are directly inferred from
+               the ENGINES variable in build.info files.
+
+  generate  => a hash table containing 'file' => [ 'generator' ... ]
+               pairs.  These are directly inferred from the GENERATE
+               variables in build.info files.
+
+  includes  => a hash table containing 'file' => [ 'include' ... ]
+               pairs.  These are directly inferred from the INCLUDE
+               variables in build.info files.
+
+  install   => a hash table containing 'type' => [ 'file' ... ] pairs.
+               The types are 'programs', 'libraries', 'engines' and
+               'scripts', and the array of files list the files of
+               that type that should be installed.
+
+  libraries => a list of libraries.  These are directly inferred from
+               the LIBS variable in build.info files.
+
+  ordinals  => a hash table containing 'file' => [ 'word', 'ordfile' ]
+               pairs.  'file' and 'word' are directly inferred from
+               the ORDINALS variables in build.info files, while the
+               file 'ofile' comes from internal knowledge in
+               Configure.
+
+  programs  => a list of programs.  These are directly inferred from
+               the PROGRAMS variable in build.info files.
+
+  rawlines  => a list of build-file lines.  These are a direct copy of
+               the BEGINRAW..ENDRAW lines in build.info files.  Note:
+               only the BEGINRAW..ENDRAW section for the current
+               platform are copied, the rest are ignored.
+
+  scripts   => a list of scripts.  There are directly inferred from
+               the SCRIPTS variable in build.info files.
+
+  sources   => a hash table containing 'file' => [ 'sourcefile' ... ]
+               pairs.  These are indirectly inferred from the SOURCE
+               variables in build.info files.  Object files are
+               mentioned in this hash table, with source files from
+               SOURCE variables, and AS source files for programs and
+               libraries.
+
+  shared_sources =>
+               a hash table just like 'sources', but only as source
+               files (object files) for building shared libraries.
+
+As an example, here is how the build.info files example from the
+section above would be digested into a %unified_info table:
+
+    our %unified_info = (
+        "depends" =>
+            {
+                "apps/openssl" =>
+                    [
+                        "libssl",
+                    ],
+                "crypto/buildinf.h" =>
+                    [
+                        "Makefile",
+                    ],
+                "crypto/cversion.o" =>
+                    [
+                        "crypto/buildinf.h",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "libcrypto",
+                    ],
+                "libssl" =>
+                    [
+                        "libcrypto",
+                    ],
+                "util/mkbuildinf.pl" =>
+                    [
+                        "util/Foo.pm",
+                    ],
+            },
+        "engines" =>
+            [
+                "engines/dasync",
+                "engines/ossltest",
+            ],
+        "generate" =>
+            {
+                "crypto/buildinf.h" =>
+                    [
+                        "util/mkbuildinf.pl",
+                        "\"\$(CC)",
+                        "\$(CFLAGS)\"",
+                        "\"$(PLATFORM)\"",
+                    ],
+            },
+        "includes" =>
+            {
+                "apps/openssl" =>
+                    [
+                        ".",
+                        "include",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "include"
+                    ],
+                "libcrypto" =>
+                    [
+                        "include",
+                    ],
+                "libssl" =>
+                    [
+                        "include",
+                    ],
+                "util/mkbuildinf.pl" =>
+                    [
+                        "util",
+                    ],
+            }
+        "install" =>
+            {
+                "engines" =>
+                    [
+                        "engines/dasync",
+                    ],
+                "libraries" =>
+                    [
+                        "libcrypto",
+                        "libssl",
+                    ],
+                "programs" =>
+                    [
+                        "apps/openssl",
+                    ],
+           },
+        "libraries" =>
+            [
+                "libcrypto",
+                "libssl",
+            ],
+        "ordinals" =>
+            {
+                "libcrypto" =>
+                    [
+                        "crypto",
+                        "util/libcrypto.num",
+                    ],
+                "libssl" =>
+                    [
+                        "ssl",
+                        "util/libssl.num",
+                    ],
+            },
+        "programs" =>
+            [
+                "apps/openssl",
+            ],
+        "rawlines" =>
+            [
+            ],
+        "sources" =>
+            {
+                "apps/openssl" =>
+                    [
+                        "apps/openssl.o",
+                    ],
+                "apps/openssl.o" =>
+                    [
+                        "apps/openssl.c",
+                    ],
+                "crypto/aes.o" =>
+                    [
+                        "crypto/aes.c",
+                    ],
+                "crypto/cversion.o" =>
+                    [
+                        "crypto/cversion.c",
+                    ],
+                "crypto/evp.o" =>
+                    [
+                        "crypto/evp.c",
+                    ],
+                "engines/e_ossltest.o" =>
+                    [
+                        "engines/e_ossltest.c",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "engines/e_ossltest.o",
+                    ],
+                "libcrypto" =>
+                    [
+                        "crypto/aes.c",
+                        "crypto/cversion.c",
+                        "crypto/evp.c",
+                    ],
+                "libssl" =>
+                    [
+                        "ssl/tls.c",
+                    ],
+                "ssl/tls.o" =>
+                    [
+                        "ssl/tls.c",
+                    ],
+            },
+    );
+
+As can be seen, everything in %unified_info is fairly simple suggest
+of information.  Still, it tells us that to build all programs, we
+must build 'apps/openssl', and to build the latter, we will need to
+build all its sources ('apps/openssl.o' in this case) and all the
+other things it depends on (such as 'libssl').  All those dependencies
+need to be built as well, using the same logic, so to build 'libssl',
+we need to build 'ssl/tls.o' as well as 'libcrypto', and to build the
+latter...
+
+
+Build-file templates
+--------------------
+
+Build-file templates are essentially build-files (such as Makefile on
+Unix) with perl code fragments mixed in.  Those perl code fragment
+will generate all the configuration dependent data, including all the
+rules needed to build end product files and intermediary files alike.
+At a minimum, there must be a perl code fragment that defines a set of
+functions that are used to generates specific build-file rules, to
+build static libraries from object files, to build shared libraries
+from static libraries, to programs from object files and libraries,
+etc.
+
+    generatesrc - function that produces build file lines to generate
+                  a source file from some input.
+
+                  It's called like this:
+
+                        generatesrc(src => "PATH/TO/tobegenerated",
+                                    generator => [ "generatingfile", ... ]
+                                    generator_incs => [ "INCL/PATH", ... ]
+                                    generator_deps => [ "dep1", ... ]
+                                    incs => [ "INCL/PATH", ... ],
+                                    deps => [ "dep1", ... ],
+                                    intent => one of "libs", "dso", "bin" );
+
+                  'src' has the name of the file to be generated.
+                  'generator' is the command or part of command to
+                  generate the file, of which the first item is
+                  expected to be the file to generate from.
+                  generatesrc() is expected to analyse and figure out
+                  exactly how to apply that file and how to capture
+                  the result.  'generator_incs' and 'generator_deps'
+                  are include directories and files that the generator
+                  file itself depends on.  'incs' and 'deps' are
+                  include directories and files that are used if $(CC)
+                  is used as an intermediary step when generating the
+                  end product (the file indicated by 'src').  'intent'
+                  indicates what the generated file is going to be
+                  used for.
+
+    src2obj     - function that produces build file lines to build an
+                  object file from source files and associated data.
+
+                  It's called like this:
+
+                        src2obj(obj => "PATH/TO/objectfile",
+                                srcs => [ "PATH/TO/sourcefile", ... ],
+                                deps => [ "dep1", ... ],
+                                incs => [ "INCL/PATH", ... ]
+                                intent => one of "lib", "dso", "bin" );
+
+                  'obj' has the intended object file *without*
+                  extension, src2obj() is expected to add that.
+                  'srcs' has the list of source files to build the
+                  object file, with the first item being the source
+                  file that directly corresponds to the object file.
+                  'deps' is a list of explicit dependencies.  'incs'
+                  is a list of include file directories.  Finally,
+                  'intent' indicates what this object file is going
+                  to be used for.
+
+    obj2lib     - function that produces build file lines to build a
+                  static library file ("libfoo.a" in Unix terms) from
+                  object files.
+
+                  called like this:
+
+                        obj2lib(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, obj2lib is expected to add that.  'objs'
+                  has the list of object files (also *without*
+                  extension) to build this library.
+
+    libobj2shlib - function that produces build file lines to build a
+                  shareable object library file ("libfoo.so" in Unix
+                  terms) from the corresponding static library file
+                  or object files.
+
+                  called like this:
+
+                        libobj2shlib(shlib => "PATH/TO/shlibfile",
+                                     lib => "PATH/TO/libfile",
+                                     objs => [ "PATH/TO/objectfile", ... ],
+                                     deps => [ "PATH/TO/otherlibfile", ... ],
+                                     ordinals => [ "word", "/PATH/TO/ordfile" ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, libobj2shlib is expected to add that.
+                  'shlib' has the corresponding shared library name
+                  *without* extension.  'deps' has the list of other
+                  libraries (also *without* extension) this library
+                  needs to be linked with.  'objs' has the list of
+                  object files (also *without* extension) to build
+                  this library.  'ordinals' MAY be present, and when
+                  it is, its value is an array where the word is
+                  "crypto" or "ssl" and the file is one of the ordinal
+                  files util/libcrypto.num or util/libssl.num in the
+                  source directory.
+
+                  This function has a choice; it can use the
+                  corresponding static library as input to make the
+                  shared library, or the list of object files.
+
+    obj2dynlib  - function that produces build file lines to build a
+                  dynamically loadable library file ("libfoo.so" on
+                  Unix) from object files.
+
+                  called like this:
+
+                        obj2dynlib(lib => "PATH/TO/libfile",
+                                   objs => [ "PATH/TO/objectfile", ... ],
+                                   deps => [ "PATH/TO/otherlibfile",
+                                   ... ]);
+
+                  This is almost the same as libobj2shlib, but the
+                  intent is to build a shareable library that can be
+                  loaded in runtime (a "plugin"...).  The differences
+                  are subtle, one of the most visible ones is that the
+                  resulting shareable library is produced from object
+                  files only.
+
+    obj2bin     - function that produces build file lines to build an
+                  executable file from object files.
+
+                  called like this:
+
+                        obj2bin(bin => "PATH/TO/binfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/libfile", ... ]);
+
+                  'bin' has the intended executable file name
+                  *without* extension, obj2bin is expected to add
+                  that.  'objs' has the list of object files (also
+                  *without* extension) to build this library.  'deps'
+                  has the list of library files (also *without*
+                  extension) that the programs needs to be linked
+                  with.
+
+    in2script   - function that produces build file lines to build a
+                  script file from some input.
+
+                  called like this:
+
+                        in2script(script => "PATH/TO/scriptfile",
+                                  sources => [ "PATH/TO/infile", ... ]);
+
+                  'script' has the intended script file name.
+                  'sources' has the list of source files to build the
+                  resulting script from.
+
+Along with the build-file templates is the driving engine
+Configurations/common.tmpl, which looks through all the information in
+%unified_info and generates all the rulesets to build libraries,
+programs and all intermediate files, using the rule generating
+functions defined in the build-file template.
+
+As an example with the smaller build.info set we've seen as an
+example, producing the rules to build 'libcrypto' would result in the
+following calls:
+
+    # Note: libobj2shlib will only be called if shared libraries are
+    # to be produced.
+    # Note 2: libobj2shlib gets both the name of the static library
+    # and the names of all the object files that go into it.  It's up
+    # to the implementation to decide which to use as input.
+    # Note 3: common.tmpl peals off the ".o" extension from all object
+    # files, as the platform at hand may have a different one.
+    libobj2shlib(shlib => "libcrypto",
+                 lib => "libcrypto",
+                 objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ],
+                 deps => [  ]
+                 ordinals => [ "crypto", "util/libcrypto.num" ]);
+
+    obj2lib(lib => "libcrypto"
+            objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]);
+
+    src2obj(obj => "crypto/aes"
+            srcs => [ "crypto/aes.c" ],
+            deps => [ ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    src2obj(obj => "crypto/evp"
+            srcs => [ "crypto/evp.c" ],
+            deps => [ ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    src2obj(obj => "crypto/cversion"
+            srcs => [ "crypto/cversion.c" ],
+            deps => [ "crypto/buildinf.h" ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    generatesrc(src => "crypto/buildinf.h",
+                generator => [ "util/mkbuildinf.pl", "\"$(CC)",
+                               "$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
+                generator_incs => [ "util" ],
+                generator_deps => [ "util/Foo.pm" ],
+                incs => [ ],
+                deps => [ ],
+                intent => "lib");
+
+The returned strings from all those calls are then concatenated
+together and written to the resulting build-file.
--- a/Configurations/README.md
+++ b/Configurations/README.md
@@ -1,674 +0,0 @@
-Intro
-=====
-
-This directory contains a few sets of files that are used for
-configuration in diverse ways:
-
-    *.conf      Target platform configurations, please read
-                'Configurations of OpenSSL target platforms' for more
-                information.
-    *.tmpl      Build file templates, please read 'Build-file
-                programming with the "unified" build system' as well
-                as 'Build info files' for more information.
-    *.pm        Helper scripts / modules for the main `Configure`
-                script.  See 'Configure helper scripts for more
-                information.
-
-Configurations of OpenSSL target platforms
-==========================================
-
-Configuration targets are a collection of facts that we know about
-different platforms and their capabilities.  We organise them in a
-hash table, where each entry represent a specific target.
-
-Note that configuration target names must be unique across all config
-files.  The Configure script does check that a config file doesn't
-have config targets that shadow config targets from other files.
-
-In each table entry, the following keys are significant:
-
-        inherit_from    => Other targets to inherit values from.
-                           Explained further below. [1]
-        template        => Set to 1 if this isn't really a platform
-                           target.  Instead, this target is a template
-                           upon which other targets can be built.
-                           Explained further below.  [1]
-
-        sys_id          => System identity for systems where that
-                           is difficult to determine automatically.
-
-        enable          => Enable specific configuration features.
-                           This MUST be an array of words.
-        disable         => Disable specific configuration features.
-                           This MUST be an array of words.
-                           Note: if the same feature is both enabled
-                           and disabled, disable wins.
-
-        as              => The assembler command.  This is not always
-                           used (for example on Unix, where the C
-                           compiler is used instead).
-        asflags         => Default assembler command flags [4].
-        cpp             => The C preprocessor command, normally not
-                           given, as the build file defaults are
-                           usually good enough.
-        cppflags        => Default C preprocessor flags [4].
-        defines         => As an alternative, macro definitions may be
-                           given here instead of in 'cppflags' [4].
-                           If given here, they MUST be as an array of
-                           the string such as "MACRO=value", or just
-                           "MACRO" for definitions without value.
-        includes        => As an alternative, inclusion directories
-                           may be given here instead of in 'cppflags'
-                           [4].  If given here, the MUST be an array
-                           of strings, one directory specification
-                           each.
-        cc              => The C compiler command, usually one of "cc",
-                           "gcc" or "clang".  This command is normally
-                           also used to link object files and
-                           libraries into the final program.
-        cxx             => The C++ compiler command, usually one of
-                           "c++", "g++" or "clang++".  This command is
-                           also used when linking a program where at
-                           least one of the object file is made from
-                           C++ source.
-        cflags          => Defaults C compiler flags [4].
-        cxxflags        => Default  C++ compiler flags [4].  If unset,
-                           it gets the same value as cflags.
-
-        (linking is a complex thing, see [3] below)
-        ld              => Linker command, usually not defined
-                           (meaning the compiler command is used
-                           instead).
-                           (NOTE: this is here for future use, it's
-                           not implemented yet)
-        lflags          => Default flags used when linking apps,
-                           shared libraries or DSOs [4].
-        ex_libs         => Extra libraries that are needed when
-                           linking shared libraries, DSOs or programs.
-                           The value is also assigned to Libs.private
-                           in $(libdir)/pkgconfig/libcrypto.pc.
-
-        shared_cppflags => Extra C preprocessor flags used when
-                           processing C files for shared libraries.
-        shared_cflag    => Extra C compiler flags used when compiling
-                           for shared libraries, typically something
-                           like "-fPIC".
-        shared_ldflag   => Extra linking flags used when linking
-                           shared libraries.
-        module_cppflags
-        module_cflags
-        module_ldflags  => Has the same function as the corresponding
-                           'shared_' attributes, but for building DSOs.
-                           When unset, they get the same values as the
-                           corresponding 'shared_' attributes.
-
-        ar              => The library archive command, the default is
-                           "ar".
-                           (NOTE: this is here for future use, it's
-                           not implemented yet)
-        arflags         => Flags to be used with the library archive
-                           command.  On Unix, this includes the
-                           command letter, 'r' by default.
-
-        ranlib          => The library archive indexing command, the
-                           default is 'ranlib' it it exists.
-
-        unistd          => An alternative header to the typical
-                           '<unistd.h>'.  This is very rarely needed.
-
-        shared_extension => File name extension used for shared
-                            libraries.
-        obj_extension   => File name extension used for object files.
-                           On unix, this defaults to ".o" (NOTE: this
-                           is here for future use, it's not
-                           implemented yet)
-        exe_extension   => File name extension used for executable
-                           files.  On unix, this defaults to "" (NOTE:
-                           this is here for future use, it's not
-                           implemented yet)
-        shlib_variant   => A "variant" identifier inserted between the base
-                           shared library name and the extension.  On "unixy"
-                           platforms (BSD, Linux, Solaris, MacOS/X, ...) this
-                           supports installation of custom OpenSSL libraries
-                           that don't conflict with other builds of OpenSSL
-                           installed on the system.  The variant identifier
-                           becomes part of the SONAME of the library and also
-                           any symbol versions (symbol versions are not used or
-                           needed with MacOS/X).  For example, on a system
-                           where a default build would normally create the SSL
-                           shared library as 'libssl.so -> libssl.so.1.1' with
-                           the value of the symlink as the SONAME, a target
-                           definition that sets 'shlib_variant => "-abc"' will
-                           create 'libssl.so -> libssl-abc.so.1.1', again with
-                           an SONAME equal to the value of the symlink.  The
-                           symbol versions associated with the variant library
-                           would then be 'OPENSSL_ABC_<version>' rather than
-                           the default 'OPENSSL_<version>'. The string inserted
-                           into symbol versions is obtained by mapping all
-                           letters in the "variant" identifier to uppercase
-                           and all non-alphanumeric characters to '_'.
-
-        thread_scheme   => The type of threads is used on the
-                           configured platform.  Currently known
-                           values are "(unknown)", "pthreads",
-                           "uithreads" (a.k.a solaris threads) and
-                           "winthreads".  Except for "(unknown)", the
-                           actual value is currently ignored but may
-                           be used in the future.  See further notes
-                           below [2].
-        dso_scheme      => The type of dynamic shared objects to build
-                           for.  This mostly comes into play with
-                           modules, but can be used for other purposes
-                           as well.  Valid values are "DLFCN"
-                           (dlopen() et al), "DLFCN_NO_H" (for systems
-                           that use dlopen() et al but do not have
-                           fcntl.h), "DL" (shl_load() et al), "WIN32"
-                           and "VMS".
-        asm_arch        => The architecture to be used for compiling assembly
-                           source.  This acts as a selector in build.info files.
-        uplink_arch     => The architecture to be used for compiling uplink
-                           source.  This acts as a selector in build.info files.
-                           This is separate from asm_arch because it's compiled
-                           even when 'no-asm' is given, even though it contains
-                           assembler source.
-        perlasm_scheme  => The perlasm method used to create the
-                           assembler files used when compiling with
-                           assembler implementations.
-        shared_target   => The shared library building method used.
-                           This serves multiple purposes:
-                           - as index for targets found in shared_info.pl.
-                           - as linker script generation selector.
-                           To serve both purposes, the index for shared_info.pl
-                           should end with '-shared', and this suffix will be
-                           removed for use as a linker script generation
-                           selector.  Note that the latter is only used if
-                           'shared_defflag' is defined.
-        build_scheme    => The scheme used to build up a Makefile.
-                           In its simplest form, the value is a string
-                           with the name of the build scheme.
-                           The value may also take the form of a list
-                           of strings, if the build_scheme is to have
-                           some options.  In this case, the first
-                           string in the list is the name of the build
-                           scheme.
-                           Currently recognised build scheme is "unified".
-                           For the "unified" build scheme, this item
-                           *must* be an array with the first being the
-                           word "unified" and the second being a word
-                           to identify the platform family.
-
-        multilib        => On systems that support having multiple
-                           implementations of a library (typically a
-                           32-bit and a 64-bit variant), this is used
-                           to have the different variants in different
-                           directories.
-
-        multibin        => On systems that support having multiple
-                           implementations of a library and binaries
-                           (typically a 32-bit and a 64-bit variant),
-                           this is used to have the different variants
-                           in different binary directories. This setting
-                           works in conjunction with multilib.
-
-        bn_ops          => Building options (was just bignum options in
-                           the earlier history of this option, hence the
-                           name). This is a string of words that describe
-                           algorithms' implementation parameters that
-                           are optimal for the designated target platform,
-                           such as the type of integers used to build up
-                           the bignum, different ways to implement certain
-                           ciphers and so on. To fully comprehend the
-                           meaning, the best is to read the affected
-                           source.
-                           The valid words are:
-
-                           THIRTY_TWO_BIT       bignum limbs are 32 bits,
-                                                this is default if no
-                                                option is specified, it
-                                                works on any supported
-                                                system [unless "wider"
-                                                limb size is implied in
-                                                assembly code];
-                           BN_LLONG             bignum limbs are 32 bits,
-                                                but 64-bit 'unsigned long
-                                                long' is used internally
-                                                in calculations;
-                           SIXTY_FOUR_BIT_LONG  bignum limbs are 64 bits
-                                                and sizeof(long) is 8;
-                           SIXTY_FOUR_BIT       bignums limbs are 64 bits,
-                                                but execution environment
-                                                is ILP32;
-                           RC4_CHAR             RC4 key schedule is made
-                                                up of 'unsigned char's;
-                                                Note: should not be used
-                                                for new configuration
-                                                targets
-                           RC4_INT              RC4 key schedule is made
-                                                up of 'unsigned int's;
-                                                Note: should not be used
-                                                for new configuration
-                                                targets
-
-[1] as part of the target configuration, one can have a key called
-  `inherit_from` that indicates what other configurations to inherit
-  data from.  These are resolved recursively.
-
-  Inheritance works as a set of default values that can be overridden
-  by corresponding key values in the inheriting configuration.
-
-  Note 1: any configuration table can be used as a template.
-  Note 2: pure templates have the attribute `template => 1` and
-          cannot be used as build targets.
-
-  If several configurations are given in the `inherit_from` array,
-  the values of same attribute are concatenated with space
-  separation.  With this, it's possible to have several smaller
-  templates for different configuration aspects that can be combined
-  into a complete configuration.
-
-  Instead of a scalar value or an array, a value can be a code block
-  of the form `sub { /* your code here */ }`.  This code block will
-  be called with the list of inherited values for that key as
-  arguments.  In fact, the concatenation of strings is really done
-  by using `sub { join(" ",@_) }` on the list of inherited values.
-
-  An example:
-
-        "foo" => {
-                template => 1,
-                haha => "ha ha",
-                hoho => "ho",
-                ignored => "This should not appear in the end result",
-        },
-        "bar" => {
-                template => 1,
-                haha => "ah",
-                hoho => "haho",
-                hehe => "hehe"
-        },
-        "laughter" => {
-                inherit_from => [ "foo", "bar" ],
-                hehe => sub { join(" ",(@_,"!!!")) },
-                ignored => "",
-        }
-
-        The entry for "laughter" will become as follows after processing:
-
-        "laughter" => {
-                haha => "ha ha ah",
-                hoho => "ho haho",
-                hehe => "hehe !!!",
-                ignored => ""
-        }
-
-[2] OpenSSL is built with threading capabilities unless the user
-  specifies `no-threads`.  The value of the key `thread_scheme` may
-  be `(unknown)`, in which case the user MUST give some compilation
-  flags to `Configure`.
-
-[3] OpenSSL has three types of things to link from object files or
-  static libraries:
-
-  - shared libraries; that would be libcrypto and libssl.
-  - shared objects (sometimes called dynamic libraries);  that would
-    be the modules.
-  - applications; those are apps/openssl and all the test apps.
-
-  Very roughly speaking, linking is done like this (words in braces
-  represent the configuration settings documented at the beginning
-  of this file):
-
-    shared libraries:
-        {ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
-            foo/something.o foo/somethingelse.o {ex_libs}
-
-    shared objects:
-        {ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
-            blah1.o blah2.o -lcrypto {ex_libs}
-
-    applications:
-        {ld} $(CFLAGS) {lflags} -o app \
-            app1.o utils.o -lssl -lcrypto {ex_libs}
-
-[4] There are variants of these attribute, prefixed with `lib_`,
-  `dso_` or `bin_`.  Those variants replace the unprefixed attribute
-  when building library, DSO or program modules specifically.
-
-Historically, the target configurations came in form of a string with
-values separated by colons.  This use is deprecated.  The string form
-looked like this:
-
-    "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:
-                 {bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:
-                 {bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:
-                 {rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:
-                 {padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:
-                 {shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:
-                 {arflags}:{multilib}"
-
-Build info files
-================
-
-The `build.info` files that are spread over the source tree contain the
-minimum information needed to build and distribute OpenSSL.  It uses a
-simple and yet fairly powerful language to determine what needs to be
-built, from what sources, and other relationships between files.
-
-For every `build.info` file, all file references are relative to the
-directory of the `build.info` file for source files, and the
-corresponding build directory for built files if the build tree
-differs from the source tree.
-
-When processed, every line is processed with the perl module
-Text::Template, using the delimiters `{-` and `-}`.  The hashes
-`%config` and `%target` are passed to the perl fragments, along with
-$sourcedir and $builddir, which are the locations of the source
-directory for the current `build.info` file and the corresponding build
-directory, all relative to the top of the build tree.
-
-`Configure` only knows inherently about the top `build.info` file.  For
-any other directory that has one, further directories to look into
-must be indicated like this:
-
-    SUBDIRS=something someelse
-
-On to things to be built; they are declared by setting specific
-variables:
-
-    PROGRAMS=foo bar
-    LIBS=libsomething
-    MODULES=libeng
-    SCRIPTS=myhack
-
-Note that the files mentioned for PROGRAMS, LIBS and MODULES *must* be
-without extensions.  The build file templates will figure them out.
-
-For each thing to be built, it is then possible to say what sources
-they are built from:
-
-    PROGRAMS=foo bar
-    SOURCE[foo]=foo.c common.c
-    SOURCE[bar]=bar.c extra.c common.c
-
-It's also possible to tell some other dependencies:
-
-    DEPEND[foo]=libsomething
-    DEPEND[libbar]=libsomethingelse
-
-(it could be argued that 'libsomething' and 'libsomethingelse' are
-source as well.  However, the files given through SOURCE are expected
-to be located in the source tree while files given through DEPEND are
-expected to be located in the build tree)
-
-It's also possible to depend on static libraries explicitly:
-
-    DEPEND[foo]=libsomething.a
-    DEPEND[libbar]=libsomethingelse.a
-
-This should be rarely used, and care should be taken to make sure it's
-only used when supported.  For example, native Windows build doesn't
-support building static libraries and DLLs at the same time, so using
-static libraries on Windows can only be done when configured
-`no-shared`.
-
-In some cases, it's desirable to include some source files in the
-shared form of a library only:
-
-    SHARED_SOURCE[libfoo]=dllmain.c
-
-For any file to be built, it's also possible to tell what extra
-include paths the build of their source files should use:
-
-    INCLUDE[foo]=include
-
-It's also possible to specify C macros that should be defined:
-
-    DEFINE[foo]=FOO BAR=1
-
-In some cases, one might want to generate some source files from
-others, that's done as follows:
-
-    GENERATE[foo.s]=asm/something.pl $(CFLAGS)
-    GENERATE[bar.s]=asm/bar.S
-
-The value of each GENERATE line is a command line or part of it.
-Configure places no rules on the command line, except that the first
-item must be the generator file.  It is, however, entirely up to the
-build file template to define exactly how those command lines should
-be handled, how the output is captured and so on.
-
-Sometimes, the generator file itself depends on other files, for
-example if it is a perl script that depends on other perl modules.
-This can be expressed using DEPEND like this:
-
-    DEPEND[asm/something.pl]=../perlasm/Foo.pm
-
-There may also be cases where the exact file isn't easily specified,
-but an inclusion directory still needs to be specified.  INCLUDE can
-be used in that case:
-
-    INCLUDE[asm/something.pl]=../perlasm
-
-NOTE: GENERATE lines are limited to one command only per GENERATE.
-
-Finally, you can have some simple conditional use of the `build.info`
-information, looking like this:
-
-    IF[1]
-     something
-    ELSIF[2]
-     something other
-    ELSE
-     something else
-    ENDIF
-
-The expression in square brackets is interpreted as a string in perl,
-and will be seen as true if perl thinks it is, otherwise false.  For
-example, the above would have "something" used, since 1 is true.
-
-Together with the use of Text::Template, this can be used as
-conditions based on something in the passed variables, for example:
-
-    IF[{- $disabled{shared} -}]
-      LIBS=libcrypto
-      SOURCE[libcrypto]=...
-    ELSE
-      LIBS=libfoo
-      SOURCE[libfoo]=...
-    ENDIF
-
-Build-file programming with the "unified" build system
-======================================================
-
-"Build files" are called `Makefile` on Unix-like operating systems,
-`descrip.mms` for MMS on VMS, `makefile` for `nmake` on Windows, etc.
-
-To use the "unified" build system, the target configuration needs to
-set the three items `build_scheme`, `build_file` and `build_command`.
-In the rest of this section, we will assume that `build_scheme` is set
-to "unified" (see the configurations documentation above for the
-details).
-
-For any name given by `build_file`, the "unified" system expects a
-template file in `Configurations/` named like the build file, with
-`.tmpl` appended, or in case of possible ambiguity, a combination of
-the second `build_scheme` list item and the `build_file` name.  For
-example, if `build_file` is set to `Makefile`, the template could be
-`Configurations/Makefile.tmpl` or `Configurations/unix-Makefile.tmpl`.
-In case both `Configurations/unix-Makefile.tmpl` and
-`Configurations/Makefile.tmpl` are present, the former takes precedence.
-
-The build-file template is processed with the perl module
-Text::Template, using `{-` and `-}` as delimiters that enclose the
-perl code fragments that generate configuration-dependent content.
-Those perl fragments have access to all the hash variables from
-configdata.pem.
-
-The build-file template is expected to define at least the following
-perl functions in a perl code fragment enclosed with `{-` and `-}`.
-They are all expected to return a string with the lines they produce.
-
-    generatesrc - function that produces build file lines to generate
-                  a source file from some input.
-
-                  It's called like this:
-
-                        generatesrc(src => "PATH/TO/tobegenerated",
-                                    generator => [ "generatingfile", ... ]
-                                    generator_incs => [ "INCL/PATH", ... ]
-                                    generator_deps => [ "dep1", ... ]
-                                    generator => [ "generatingfile", ... ]
-                                    incs => [ "INCL/PATH", ... ],
-                                    deps => [ "dep1", ... ],
-                                    intent => one of "libs", "dso", "bin" );
-
-                  'src' has the name of the file to be generated.
-                  'generator' is the command or part of command to
-                  generate the file, of which the first item is
-                  expected to be the file to generate from.
-                  generatesrc() is expected to analyse and figure out
-                  exactly how to apply that file and how to capture
-                  the result.  'generator_incs' and 'generator_deps'
-                  are include directories and files that the generator
-                  file itself depends on.  'incs' and 'deps' are
-                  include directories and files that are used if $(CC)
-                  is used as an intermediary step when generating the
-                  end product (the file indicated by 'src').  'intent'
-                  indicates what the generated file is going to be
-                  used for.
-
-    src2obj     - function that produces build file lines to build an
-                  object file from source files and associated data.
-
-                  It's called like this:
-
-                        src2obj(obj => "PATH/TO/objectfile",
-                                srcs => [ "PATH/TO/sourcefile", ... ],
-                                deps => [ "dep1", ... ],
-                                incs => [ "INCL/PATH", ... ]
-                                intent => one of "lib", "dso", "bin" );
-
-                  'obj' has the intended object file with '.o'
-                  extension, src2obj() is expected to change it to
-                  something more suitable for the platform.
-                  'srcs' has the list of source files to build the
-                  object file, with the first item being the source
-                  file that directly corresponds to the object file.
-                  'deps' is a list of explicit dependencies.  'incs'
-                  is a list of include file directories.  Finally,
-                  'intent' indicates what this object file is going
-                  to be used for.
-
-    obj2lib     - function that produces build file lines to build a
-                  static library file ("libfoo.a" in Unix terms) from
-                  object files.
-
-                  called like this:
-
-                        obj2lib(lib => "PATH/TO/libfile",
-                                objs => [ "PATH/TO/objectfile", ... ]);
-
-                  'lib' has the intended library filename *without*
-                  extension, obj2lib is expected to add that.  'objs'
-                  has the list of object files to build this library.
-
-    libobj2shlib - backward compatibility function that's used the
-                  same way as obj2shlib (described next), and was
-                  expected to build the shared library from the
-                  corresponding static library when that was suitable.
-                  NOTE: building a shared library from a static
-                  library is now DEPRECATED, as they no longer share
-                  object files.  Attempting to do this will fail.
-
-    obj2shlib   - function that produces build file lines to build a
-                  shareable object library file ("libfoo.so" in Unix
-                  terms) from the corresponding object files.
-
-                  called like this:
-
-                        obj2shlib(shlib => "PATH/TO/shlibfile",
-                                  lib => "PATH/TO/libfile",
-                                  objs => [ "PATH/TO/objectfile", ... ],
-                                  deps => [ "PATH/TO/otherlibfile", ... ]);
-
-                  'lib' has the base (static) library filename
-                  *without* extension.  This is useful in case
-                  supporting files are needed (such as import
-                  libraries on Windows).
-                  'shlib' has the corresponding shared library name
-                  *without* extension.  'deps' has the list of other
-                  libraries (also *without* extension) this library
-                  needs to be linked with.  'objs' has the list of
-                  object files to build this library.
-
-    obj2dso     - function that produces build file lines to build a
-                  dynamic shared object file from object files.
-
-                  called like this:
-
-                        obj2dso(lib => "PATH/TO/libfile",
-                                objs => [ "PATH/TO/objectfile", ... ],
-                                deps => [ "PATH/TO/otherlibfile",
-                                ... ]);
-
-                  This is almost the same as obj2shlib, but the
-                  intent is to build a shareable library that can be
-                  loaded in runtime (a "plugin"...).
-
-    obj2bin     - function that produces build file lines to build an
-                  executable file from object files.
-
-                  called like this:
-
-                        obj2bin(bin => "PATH/TO/binfile",
-                                objs => [ "PATH/TO/objectfile", ... ],
-                                deps => [ "PATH/TO/libfile", ... ]);
-
-                  'bin' has the intended executable filename
-                  *without* extension, obj2bin is expected to add
-                  that.  'objs' has the list of object files to build
-                  this library.  'deps' has the list of library files
-                  (also *without* extension) that the programs needs
-                  to be linked with.
-
-    in2script   - function that produces build file lines to build a
-                  script file from some input.
-
-                  called like this:
-
-                        in2script(script => "PATH/TO/scriptfile",
-                                  sources => [ "PATH/TO/infile", ... ]);
-
-                  'script' has the intended script filename.
-                  'sources' has the list of source files to build the
-                  resulting script from.
-
-In all cases, file file paths are relative to the build tree top, and
-the build file actions run with the build tree top as current working
-directory.
-
-Make sure to end the section with these functions with a string that
-you thing is appropriate for the resulting build file.  If nothing
-else, end it like this:
-
-      "";       # Make sure no lingering values end up in the Makefile
-    -}
-
-Configure helper scripts
-========================
-
-Configure uses helper scripts in this directory:
-
-Checker scripts
---------------
-
-These scripts are per platform family, to check the integrity of the
-tools used for configuration and building.  The checker script used is
-either `{build_platform}-{build_file}-checker.pm` or
-`{build_platform}-checker.pm`, where `{build_platform}` is the second
-`build_scheme` list element from the configuration target data, and
-`{build_file}` is `build_file` from the same target data.
-
-If the check succeeds, the script is expected to end with a non-zero
-expression.  If the check fails, the script can end with a zero, or
-with a `die`.
--- a/Configurations/common.tmpl
+++ b/Configurations/common.tmpl
@@ -0,0 +1,231 @@
+{- # -*- Mode: perl -*-
+
+ use File::Basename;
+
+ # A cache of objects for which a recipe has already been generated
+ my %cache;
+
+ # resolvedepends and reducedepends work in tandem to make sure
+ # there are no duplicate dependencies and that they are in the
+ # right order.  This is especially used to sort the list of
+ # libraries that a build depends on.
+ sub resolvedepends {
+     my $thing = shift;
+     my @listsofar = @_;    # to check if we're looping
+     my @list = @{$unified_info{depends}->{$thing}};
+     my @newlist = ();
+     if (scalar @list) {
+         foreach my $item (@list) {
+             # It's time to break off when the dependency list starts looping
+             next if grep { $_ eq $item } @listsofar;
+             push @newlist, $item, resolvedepends($item, @listsofar, $item);
+         }
+     }
+     @newlist;
+ }
+ sub reducedepends {
+     my @list = @_;
+     my @newlist = ();
+     while (@list) {
+         my $item = shift @list;
+         push @newlist, $item
+             unless grep { $item eq $_ } @list;
+     }
+     @newlist;
+ }
+
+ # dogenerate is responsible for producing all the recipes that build
+ # generated source files.  It recurses in case a dependency is also a
+ # generated source file.
+ sub dogenerate {
+     my $src = shift;
+     return "" if $cache{$src};
+     my $obj = shift;
+     my $bin = shift;
+     my %opts = @_;
+     if ($unified_info{generate}->{$src}) {
+         die "$src is generated by Configure, should not appear in build file\n"
+             if ref $unified_info{generate}->{$src} eq "";
+         my $script = $unified_info{generate}->{$src}->[0];
+         $OUT .= generatesrc(src => $src,
+                             generator => $unified_info{generate}->{$src},
+                             generator_incs => $unified_info{includes}->{$script},
+                             generator_deps => $unified_info{depends}->{$script},
+                             deps => $unified_info{depends}->{$src},
+                             incs => [ @{$unified_info{includes}->{$bin}},
+                                       @{$unified_info{includes}->{$obj}} ],
+                             %opts);
+         foreach (@{$unified_info{depends}->{$src}}) {
+             dogenerate($_, $obj, $bin, %opts);
+         }
+     }
+     $cache{$src} = 1;
+ }
+
+ # doobj is responsible for producing all the recipes that build
+ # object files as well as dependency files.
+ sub doobj {
+     my $obj = shift;
+     return "" if $cache{$obj};
+     (my $obj_no_o = $obj) =~ s|\.o$||;
+     my $bin = shift;
+     my %opts = @_;
+     if (@{$unified_info{sources}->{$obj}}) {
+         $OUT .= src2obj(obj => $obj_no_o,
+                         srcs => $unified_info{sources}->{$obj},
+                         deps => $unified_info{depends}->{$obj},
+                         incs => [ @{$unified_info{includes}->{$bin}},
+                                   @{$unified_info{includes}->{$obj}} ],
+                         %opts);
+         foreach ((@{$unified_info{sources}->{$obj}},
+                   @{$unified_info{depends}->{$obj}})) {
+             dogenerate($_, $obj, $bin, %opts);
+         }
+     }
+     $cache{$obj} = 1;
+ }
+
+ # dolib is responsible for building libraries.  It will call
+ # libobj2shlib is shared libraries are produced, and obj2lib in all
+ # cases.  It also makes sure all object files for the library are
+ # built.
+ sub dolib {
+     my $lib = shift;
+     return "" if $cache{$lib};
+     unless ($disabled{shared}) {
+         my %ordinals =
+             $unified_info{ordinals}->{$lib}
+             ? (ordinals => $unified_info{ordinals}->{$lib}) : ();
+         $OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib},
+                              lib => $lib,
+                              objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
+                                        (@{$unified_info{sources}->{$lib}},
+                                         @{$unified_info{shared_sources}->{$lib}}) ],
+                              deps => [ reducedepends(resolvedepends($lib)) ],
+                              %ordinals);
+         foreach (@{$unified_info{shared_sources}->{$lib}}) {
+             doobj($_, $lib, intent => "lib");
+         }
+     }
+     $OUT .= obj2lib(lib => $lib,
+                     objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
+                               @{$unified_info{sources}->{$lib}} ]);
+     foreach (@{$unified_info{sources}->{$lib}}) {
+         doobj($_, $lib, intent => "lib");
+     }
+     $cache{$lib} = 1;
+ }
+
+ # doengine is responsible for building engines.  It will call
+ # obj2dso, and also makes sure all object files for the library
+ # are built.
+ sub doengine {
+     my $lib = shift;
+     return "" if $cache{$lib};
+     $OUT .= obj2dso(lib => $lib,
+                     objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
+                               (@{$unified_info{sources}->{$lib}},
+                                @{$unified_info{shared_sources}->{$lib}}) ],
+                     deps => [ resolvedepends($lib) ]);
+     foreach ((@{$unified_info{sources}->{$lib}},
+               @{$unified_info{shared_sources}->{$lib}})) {
+         doobj($_, $lib, intent => "dso");
+     }
+     $cache{$lib} = 1;
+ }
+
+ # dobin is responsible for building programs.  It will call obj2bin,
+ # and also makes sure all object files for the library are built.
+ sub dobin {
+     my $bin = shift;
+     return "" if $cache{$bin};
+     my $deps = [ reducedepends(resolvedepends($bin)) ];
+     $OUT .= obj2bin(bin => $bin,
+                     objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
+                               @{$unified_info{sources}->{$bin}} ],
+                     deps => $deps);
+     foreach (@{$unified_info{sources}->{$bin}}) {
+         doobj($_, $bin, intent => "bin");
+     }
+     $cache{$bin} = 1;
+ }
+
+ # dobin is responsible for building scripts from templates.  It will
+ # call in2script.
+ sub doscript {
+     my $script = shift;
+     return "" if $cache{$script};
+     $OUT .= in2script(script => $script,
+                       sources => $unified_info{sources}->{$script});
+     $cache{$script} = 1;
+ }
+
+ sub dodir {
+     my $dir = shift;
+     return "" if !exists(&generatedir) or $cache{$dir};
+     $OUT .= generatedir(dir => $dir,
+                         deps => $unified_info{dirinfo}->{$dir}->{deps},
+                         %{$unified_info{dirinfo}->{$_}->{products}});
+     $cache{$dir} = 1;
+ }
+
+ # Start with populating the cache with all the overrides
+ %cache = map { $_ => 1 } @{$unified_info{overrides}};
+
+ # For convenience collect information regarding directories where
+ # files are generated, those generated files and the end product
+ # they end up in where applicable.  Then, add build rules for those
+ # directories
+ if (exists &generatedir) {
+     my %loopinfo = ( "dso" => [ @{$unified_info{engines}} ],
+                      "lib" => [ @{$unified_info{libraries}} ],
+                      "bin" => [ @{$unified_info{programs}} ],
+                      "script" => [ @{$unified_info{scripts}} ] );
+     foreach my $type (keys %loopinfo) {
+         foreach my $product (@{$loopinfo{$type}}) {
+             my %dirs = ();
+             my $pd = dirname($product);
+
+             # We already have a "test" target, and the current directory
+             # is just silly to make a target for
+             $dirs{$pd} = 1 unless $pd eq "test" || $pd eq ".";
+
+             foreach (@{$unified_info{sources}->{$product}}) {
+                 my $d = dirname($_);
+
+                 # We don't want to create targets for source directories
+                 # when building out of source
+                 next if ($config{sourcedir} ne $config{builddir}
+                          && $d =~ m|^\Q$config{sourcedir}\E|);
+                 # We already have a "test" target, and the current directory
+                 # is just silly to make a target for
+                 next if $d eq "test" || $d eq ".";
+
+                 $dirs{$d} = 1;
+                 push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
+                     if $d ne $pd;
+             }
+             foreach (keys %dirs) {
+                 push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
+                 $product;
+             }
+         }
+     }
+ }
+
+ # Build mandatory generated headers
+ foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
+
+ # Build all known libraries, engines, programs and scripts.
+ # Everything else will be handled as a consequence.
+ foreach (@{$unified_info{libraries}}) { dolib($_);    }
+ foreach (@{$unified_info{engines}})   { doengine($_); }
+ foreach (@{$unified_info{programs}})  { dobin($_);    }
+ foreach (@{$unified_info{scripts}})   { doscript($_); }
+
+ foreach (sort keys %{$unified_info{dirinfo}})  { dodir($_); }
+
+ # Finally, should there be any applicable BEGINRAW/ENDRAW sections,
+ # they are added here.
+ $OUT .= $_."\n" foreach @{$unified_info{rawlines}};
+-}
--- a/Configurations/common0.tmpl
+++ b/Configurations/common0.tmpl
@@ -1,31 +0,0 @@
-{- # -*- Mode: perl -*-
-
- # Commonly used list of generated files
- # The reason for the complexity is that the build.info files provide
- # GENERATE rules for *all* platforms without discrimination, while the
- # build files only want those for a particular build.  Therefore, we
- # need to extrapolate exactly what we need to generate.  The way to do
- # that is to extract all possible source files from diverse tables and
- # filter out all that are not generated
- my %generatables =
-     map { $_ => 1 }
-     ( # The sources of stuff may be generated
-         ( map { @{$unified_info{sources}->{$_}} }
-               keys %{$unified_info{sources}} ),
-         $disabled{shared}
-             ? ()
-             : ( map { @{$unified_info{shared_sources}->{$_}} }
-                 keys %{$unified_info{shared_sources}} ),
-         # Things we explicitly depend on are usually generated
-         ( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
-               keys %{$unified_info{depends}} ));
- our @generated =
-     sort ( ( grep { defined $unified_info{generate}->{$_} }
-              sort keys %generatables ),
-            # Scripts are assumed to be generated, so add them too
-            ( grep { defined $unified_info{sources}->{$_} }
-              @{$unified_info{scripts}} ) );
-
- # Avoid strange output
- "";
-}
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
--- a/Configurations/gentemplate.pm
+++ b/Configurations/gentemplate.pm
@@ -1,556 +0,0 @@
-package gentemplate;
-
-use strict;
-use warnings;
-use Carp;
-
-use Exporter;
-use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
-@ISA = qw(Exporter);
-@EXPORT = qw(gentemplate);
-
-use File::Basename;
-
-sub gentemplate {
-    my %opts = @_;
-
-    my $generator = OpenSSL::GenTemplate->new(%opts);
-
-    # Build mandatory header file generators
-    foreach (@{$generator->{info}->{depends}->{""}}) { $generator->dogenerate($_); }
-
-    # Build all known targets, libraries, modules, programs and scripts.
-    # Everything else will be handled as a consequence.
-    foreach (@{$generator->{info}->{targets}})   { $generator->dotarget($_); }
-    foreach (@{$generator->{info}->{libraries}}) { $generator->dolib($_);    }
-    foreach (@{$generator->{info}->{modules}})   { $generator->domodule($_); }
-    foreach (@{$generator->{info}->{programs}})  { $generator->dobin($_);    }
-    foreach (@{$generator->{info}->{scripts}})   { $generator->doscript($_); }
-    foreach (sort keys %{$generator->{info}->{htmldocs}}) { $generator->dodocs('html', $_); }
-    foreach (sort keys %{$generator->{info}->{mandocs}})  { $generator->dodocs('man', $_); }
-    foreach (sort keys %{$generator->{info}->{dirinfo}})  { $generator->dodir($_); }
-}
-
-package OpenSSL::GenTemplate;
-
-use OpenSSL::Util;
-
-sub new {
-    my $class = shift;
-    my %opts = @_;
-
-    my $data = {
-        output   => $opts{output},
-        config   => $opts{config} // {},
-        disabled => $opts{disabled} // {},
-        info     => $opts{unified_info} // {},
-    };
-
-    return bless $data, $class;
-};
-
-sub emit {
-    my $self = shift;
-    my $name = shift;
-    my %opts = @_;
-    my $fh = $self->{output};
-
-    die "No name?" unless $name;
-    print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}"
-        unless defined $opts{attrs}->{skip};
-}
-
-my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS};
-my $debug_rules = $ENV{BUILDFILE_DEBUG_RULES};
-
-# A cache of objects for which a recipe has already been generated
-our %cache;
-
-# collectdepends, expanddepends and reducedepends work together to make
-# sure there are no duplicate or weak dependencies and that they are in
-# the right order.  This is used to sort the list of libraries  that a
-# build depends on.
-sub extensionlesslib {
-    my @result = map { $_ =~ /(\.a)?$/; $` } @_;
-    return @result if wantarray;
-    return $result[0];
-}
-
-# collectdepends dives into the tree of dependencies and returns
-# a list of all the non-weak ones.
-sub collectdepends {
-    my $self = shift;
-    return () unless @_;
-
-    my $thing = shift;
-    my $extensionlessthing = extensionlesslib($thing);
-    my @listsofar = @_;    # to check if we're looping
-    my @list = @{ $self->{info}->{depends}->{$thing} //
-                  $self->{info}->{depends}->{$extensionlessthing}
-                  // [] };
-    my @newlist = ();
-
-    print STDERR "DEBUG[collectdepends] $thing > ", join(' ', @listsofar), "\n"
-        if $debug_resolvedepends;
-    foreach my $item (@list) {
-        my $extensionlessitem = extensionlesslib($item);
-        # It's time to break off when the dependency list starts looping
-        next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
-        # Don't add anything here if the dependency is weak
-        next if defined $self->{info}->{attributes}->{depends}->{$thing}->{$item}->{'weak'};
-        my @resolved = $self->collectdepends($item, @listsofar, $item);
-        push @newlist, $item, @resolved;
-    }
-    print STDERR "DEBUG[collectdepends] $thing < ", join(' ', @newlist), "\n"
-        if $debug_resolvedepends;
-    @newlist;
-}
-
-# expanddepends goes through a list of stuff, checks if they have any
-# dependencies, and adds them at the end of the current position if
-# they aren't already present later on.
-sub expanddepends {
-    my $self = shift;
-    my @after = ( @_ );
-    print STDERR "DEBUG[expanddepends]> ", join(' ', @after), "\n"
-        if $debug_resolvedepends;
-    my @before = ();
-    while (@after) {
-        my $item = shift @after;
-        print STDERR "DEBUG[expanddepends]\\  ", join(' ', @before), "\n"
-            if $debug_resolvedepends;
-        print STDERR "DEBUG[expanddepends] - ", $item, "\n"
-            if $debug_resolvedepends;
-        my @middle = (
-            $item,
-            map {
-                my $x = $_;
-                my $extlessx = extensionlesslib($x);
-                if (grep { $extlessx eq extensionlesslib($_) } @before
-                    and
-                    !grep { $extlessx eq extensionlesslib($_) } @after) {
-                    print STDERR "DEBUG[expanddepends] + ", $x, "\n"
-                        if $debug_resolvedepends;
-                    ( $x )
-                } else {
-                    print STDERR "DEBUG[expanddepends] ! ", $x, "\n"
-                        if $debug_resolvedepends;
-                    ()
-                }
-            } @{$self->{info}->{depends}->{$item} // []}
-            );
-        print STDERR "DEBUG[expanddepends] = ", join(' ', @middle), "\n"
-            if $debug_resolvedepends;
-        print STDERR "DEBUG[expanddepends]/  ", join(' ', @after), "\n"
-            if $debug_resolvedepends;
-        push @before, @middle;
-    }
-    print STDERR "DEBUG[expanddepends]< ", join(' ', @before), "\n"
-        if $debug_resolvedepends;
-    @before;
-}
-
-# reducedepends looks through a list, and checks if each item is
-# repeated later on.  If it is, the earlier copy is dropped.
-sub reducedepends {
-    my @list = @_;
-    print STDERR "DEBUG[reducedepends]> ", join(' ', @list), "\n"
-        if $debug_resolvedepends;
-    my @newlist = ();
-    my %replace = ();
-    while (@list) {
-        my $item = shift @list;
-        my $extensionlessitem = extensionlesslib($item);
-        if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
-            if ($item ne $extensionlessitem) {
-                # If this instance of the library is explicitly static, we
-                # prefer that to any shared library name, since it must have
-                # been done on purpose.
-                $replace{$extensionlessitem} = $item;
-            }
-        } else {
-            push @newlist, $item;
-        }
-    }
-    @newlist = map { $replace{$_} // $_; } @newlist;
-    print STDERR "DEBUG[reducedepends]< ", join(' ', @newlist), "\n"
-        if $debug_resolvedepends;
-    @newlist;
-}
-
-# Do it all
-# This takes multiple inputs and combine them into a single list of
-# interdependent things.  The returned value will include all the input.
-# Callers are responsible for taking away the things they are building.
-sub resolvedepends {
-    my $self = shift;
-    print STDERR "DEBUG[resolvedepends] START (", join(', ', @_), ")\n"
-        if $debug_resolvedepends;
-    my @all =
-        reducedepends($self->expanddepends(map { ( $_, $self->collectdepends($_) ) } @_));
-    print STDERR "DEBUG[resolvedepends] END (", join(', ', @_), ") : ",
-        join(',', map { "\n    $_" } @all), "\n"
-        if $debug_resolvedepends;
-    @all;
-}
-
-# dogenerate is responsible for producing all the recipes that build
-# generated source files.  It recurses in case a dependency is also a
-# generated source file.
-sub dogenerate {
-    my $self = shift;
-    my $src = shift;
-    # Safety measure
-    return "" unless defined $self->{info}->{generate}->{$src};
-    return "" if $cache{$src};
-    my $obj = shift;
-    my $bin = shift;
-    my %opts = @_;
-    if ($self->{info}->{generate}->{$src}) {
-        die "$src is generated by Configure, should not appear in build file\n"
-            if ref $self->{info}->{generate}->{$src} eq "";
-        my $script = $self->{info}->{generate}->{$src}->[0];
-        my %attrs = %{$self->{info}->{attributes}->{generate}->{$src} // {}};
-        $self->emit('generatesrc',
-             src => $src,
-             product => $bin,
-             generator => $self->{info}->{generate}->{$src},
-             generator_incs => $self->{info}->{includes}->{$script} // [],
-             generator_deps => $self->{info}->{depends}->{$script} // [],
-             deps => $self->{info}->{depends}->{$src} // [],
-             incs => [ defined $obj ? @{$self->{info}->{includes}->{$obj} // []} : (),
-                       defined $bin ? @{$self->{info}->{includes}->{$bin} // []} : () ],
-             defs => [ defined $obj ? @{$self->{info}->{defines}->{$obj} // []} : (),
-                       defined $bin ? @{$self->{info}->{defines}->{$bin} // []} : () ],
-             attrs => { %attrs },
-             %opts);
-        foreach (@{$self->{info}->{depends}->{$src} // []}) {
-            $self->dogenerate($_, $obj, $bin, %opts);
-        }
-        # The generator itself may be is generated
-        if ($self->{info}->{generate}->{$script}) {
-            $self->dogenerate($script, $obj, $bin, %opts);
-        }
-    }
-    $cache{$src} = 1;
-}
-
-sub dotarget {
-    my $self = shift;
-    my $target = shift;
-    return "" if $cache{$target};
-    $self->emit('generatetarget',
-         target => $target,
-         deps => $self->{info}->{depends}->{$target} // []);
-    foreach (@{$self->{info}->{depends}->{$target} // []}) {
-        $self->dogenerate($_);
-    }
-    $cache{$target} = 1;
-}
-
-# doobj is responsible for producing all the recipes that build
-# object files as well as dependency files.
-sub doobj {
-    my $self = shift;
-    my $obj = shift;
-    return "" if $cache{$obj};
-    my $bin = shift;
-    my %opts = @_;
-    if (@{$self->{info}->{sources}->{$obj} // []}) {
-        my @srcs = @{$self->{info}->{sources}->{$obj}};
-        my @deps = @{$self->{info}->{depends}->{$obj} // []};
-        my @incs = ( @{$self->{info}->{includes}->{$obj} // []},
-                     @{$self->{info}->{includes}->{$bin} // []} );
-        my @defs = ( @{$self->{info}->{defines}->{$obj} // []},
-                     @{$self->{info}->{defines}->{$bin} // []} );
-        print STDERR "DEBUG[doobj] \@srcs for $obj ($bin) : ",
-            join(",", map { "\n    $_" } @srcs), "\n"
-            if $debug_rules;
-        print STDERR "DEBUG[doobj] \@deps for $obj ($bin) : ",
-            join(",", map { "\n    $_" } @deps), "\n"
-            if $debug_rules;
-        print STDERR "DEBUG[doobj] \@incs for $obj ($bin) : ",
-            join(",", map { "\n    $_" } @incs), "\n"
-            if $debug_rules;
-        print STDERR "DEBUG[doobj] \@defs for $obj ($bin) : ",
-            join(",", map { "\n    $_" } @defs), "\n"
-            if $debug_rules;
-        print STDERR "DEBUG[doobj] \%opts for $obj ($bin) : ", ,
-            join(",", map { "\n    $_ = $opts{$_}" } sort keys %opts), "\n"
-            if $debug_rules;
-        $self->emit('src2obj',
-             obj => $obj, product => $bin,
-             srcs => [ @srcs ], deps => [ @deps ],
-             incs => [ @incs ], defs => [ @defs ],
-             %opts);
-        foreach ((@{$self->{info}->{sources}->{$obj}},
-                  @{$self->{info}->{depends}->{$obj} // []})) {
-            $self->dogenerate($_, $obj, $bin, %opts);
-        }
-    }
-    $cache{$obj} = 1;
-}
-
-# Helper functions to grab all applicable intermediary files.
-# This is particularly useful when a library is given as source
-# rather than a dependency.  In that case, we consider it to be a
-# container with object file references, or possibly references
-# to further libraries to pilfer in the same way.
-sub getsrclibs {
-    my $self = shift;
-    my $section = shift;
-
-    # For all input, see if it sources static libraries.  If it does,
-    # return them together with the result of a recursive call.
-    map { ( $_, getsrclibs($section, $_) ) }
-    grep { $_ =~ m|\.a$| }
-    map { @{$self->{info}->{$section}->{$_} // []} }
-    @_;
-}
-
-sub getlibobjs {
-    my $self = shift;
-    my $section = shift;
-
-    # For all input, see if it's an intermediary file (library or object).
-    # If it is, collect the result of a recursive call, or if that returns
-    # an empty list, the element itself.  Return the result.
-    map {
-        my @x = $self->getlibobjs($section, @{$self->{info}->{$section}->{$_}});
-        @x ? @x : ( $_ );
-    }
-    grep { defined $self->{info}->{$section}->{$_} }
-    @_;
-}
-
-# dolib is responsible for building libraries.  It will call
-# obj2shlib if shared libraries are produced, and obj2lib in all
-# cases.  It also makes sure all object files for the library are
-# built.
-sub dolib {
-    my $self = shift;
-    my $lib = shift;
-    return "" if $cache{$lib};
-
-    my %attrs = %{$self->{info}->{attributes}->{libraries}->{$lib} // {}};
-
-    my @deps = ( $self->resolvedepends(getsrclibs('sources', $lib)) );
-
-    # We support two types of objs, those who are specific to this library
-    # (they end up in @objs) and those that we get indirectly, via other
-    # libraries (they end up in @foreign_objs).  We get the latter any time
-    # someone has done something like this in build.info:
-    #     SOURCE[libfoo.a]=libbar.a
-    # The indirect object files must be kept in a separate array so they
-    # don't get rebuilt unnecessarily (and with incorrect auxiliary
-    # information).
-    #
-    # Object files can't be collected commonly for shared and static
-    # libraries, because we contain their respective object files in
-    # {shared_sources} and {sources}, and because the implications are
-    # slightly different for each library form.
-    #
-    # We grab all these "foreign" object files recursively with getlibobjs().
-
-    unless ($self->{disabled}->{shared} || $lib =~ /\.a$/) {
-        # If this library sources other static libraries and those
-        # libraries are marked {noinst}, there's no need to include
-        # all of their object files.  Instead, we treat those static
-        # libraries as dependents alongside any other library this
-        # one depends on, and let symbol resolution do its job.
-        my @sourced_libs = ();
-        my @objs = ();
-        my @foreign_objs = ();
-        my @deps = ();
-        foreach (@{$self->{info}->{shared_sources}->{$lib} // []}) {
-            if ($_ !~ m|\.a$|) {
-                push @objs, $_;
-            } elsif ($self->{info}->{attributes}->{libraries}->{$_}->{noinst}) {
-                push @deps, $_;
-            } else {
-                push @deps, $self->getsrclibs('sources', $_);
-                push @foreign_objs, $self->getlibobjs('sources', $_);
-            }
-        }
-        @deps = ( grep { $_ ne $lib } $self->resolvedepends($lib, @deps) );
-        print STDERR "DEBUG[dolib:shlib] \%attrs for $lib : ", ,
-            join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-            if %attrs && $debug_rules;
-        print STDERR "DEBUG[dolib:shlib] \@deps for $lib : ",
-            join(",", map { "\n    $_" } @deps), "\n"
-            if @deps && $debug_rules;
-        print STDERR "DEBUG[dolib:shlib] \@objs for $lib : ",
-            join(",", map { "\n    $_" } @objs), "\n"
-            if @objs && $debug_rules;
-        print STDERR "DEBUG[dolib:shlib] \@foreign_objs for $lib : ",
-            join(",", map { "\n    $_" } @foreign_objs), "\n"
-            if @foreign_objs && $debug_rules;
-        $self->emit('obj2shlib',
-             lib => $lib,
-             attrs => { %attrs },
-             objs => [ @objs, @foreign_objs ],
-             deps => [ @deps ]);
-        foreach (@objs) {
-            # If this is somehow a compiled object, take care of it that way
-            # Otherwise, it might simply be generated
-            if (defined $self->{info}->{sources}->{$_}) {
-                if($_ =~ /\.a$/) {
-                    $self->dolib($_);
-                } else {
-                    $self->doobj($_, $lib, intent => "shlib", attrs => { %attrs });
-                }
-            } else {
-                $self->dogenerate($_, undef, undef, intent => "lib");
-            }
-        }
-    }
-    {
-        # When putting static libraries together, we cannot rely on any
-        # symbol resolution, so for all static libraries used as source for
-        # this one, as well as other libraries they depend on, we simply
-        # grab all their object files unconditionally,
-        # Symbol resolution will happen when any program, module or shared
-        # library is linked with this one.
-        my @objs = ();
-        my @sourcedeps = ();
-        my @foreign_objs = ();
-        foreach (@{$self->{info}->{sources}->{$lib}}) {
-            if ($_ !~ m|\.a$|) {
-                push @objs, $_;
-            } else {
-                push @sourcedeps, $_;
-            }
-        }
-        @sourcedeps = ( grep { $_ ne $lib } $self->resolvedepends(@sourcedeps) );
-        print STDERR "DEBUG[dolib:lib] : \@sourcedeps for $_ : ",
-            join(",", map { "\n    $_" } @sourcedeps), "\n"
-            if @sourcedeps && $debug_rules;
-        @foreign_objs = $self->getlibobjs('sources', @sourcedeps);
-        print STDERR "DEBUG[dolib:lib] \%attrs for $lib : ", ,
-            join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-            if %attrs && $debug_rules;
-        print STDERR "DEBUG[dolib:lib] \@objs for $lib : ",
-            join(",", map { "\n    $_" } @objs), "\n"
-            if @objs && $debug_rules;
-        print STDERR "DEBUG[dolib:lib] \@foreign_objs for $lib : ",
-            join(",", map { "\n    $_" } @foreign_objs), "\n"
-            if @foreign_objs && $debug_rules;
-        $self->emit('obj2lib',
-             lib => $lib, attrs => { %attrs },
-             objs => [ @objs, @foreign_objs ]);
-        foreach (@objs) {
-            $self->doobj($_, $lib, intent => "lib", attrs => { %attrs });
-        }
-    }
-    $cache{$lib} = 1;
-}
-
-# domodule is responsible for building modules.  It will call
-# obj2dso, and also makes sure all object files for the library
-# are built.
-sub domodule {
-    my $self = shift;
-    my $module = shift;
-    return "" if $cache{$module};
-    my %attrs = %{$self->{info}->{attributes}->{modules}->{$module} // {}};
-    my @objs = @{$self->{info}->{sources}->{$module}};
-    my @deps = ( grep { $_ ne $module }
-                 $self->resolvedepends($module) );
-    print STDERR "DEBUG[domodule] \%attrs for $module :",
-        join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-        if $debug_rules;
-    print STDERR "DEBUG[domodule] \@objs for $module : ",
-        join(",", map { "\n    $_" } @objs), "\n"
-        if $debug_rules;
-    print STDERR "DEBUG[domodule] \@deps for $module : ",
-        join(",", map { "\n    $_" } @deps), "\n"
-        if $debug_rules;
-    $self->emit('obj2dso',
-         module => $module,
-         attrs => { %attrs },
-         objs => [ @objs ],
-         deps => [ @deps ]);
-    foreach (@{$self->{info}->{sources}->{$module}}) {
-        # If this is somehow a compiled object, take care of it that way
-        # Otherwise, it might simply be generated
-        if (defined $self->{info}->{sources}->{$_}) {
-            $self->doobj($_, $module, intent => "dso", attrs => { %attrs });
-        } else {
-            $self->dogenerate($_, undef, $module, intent => "dso");
-        }
-    }
-    $cache{$module} = 1;
-}
-
-# dobin is responsible for building programs.  It will call obj2bin,
-# and also makes sure all object files for the library are built.
-sub dobin {
-    my $self = shift;
-    my $bin = shift;
-    return "" if $cache{$bin};
-    my %attrs = %{$self->{info}->{attributes}->{programs}->{$bin} // {}};
-    my @objs = @{$self->{info}->{sources}->{$bin}};
-    my @deps = ( grep { $_ ne $bin } $self->resolvedepends($bin) );
-    print STDERR "DEBUG[dobin] \%attrs for $bin : ",
-        join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-        if %attrs && $debug_rules;
-    print STDERR "DEBUG[dobin] \@objs for $bin : ",
-        join(",", map { "\n    $_" } @objs), "\n"
-        if @objs && $debug_rules;
-    print STDERR "DEBUG[dobin] \@deps for $bin : ",
-        join(",", map { "\n    $_" } @deps), "\n"
-        if @deps && $debug_rules;
-    $self->emit('obj2bin',
-         bin => $bin,
-         attrs => { %attrs },
-         objs => [ @objs ],
-         deps => [ @deps ]);
-    foreach (@objs) {
-        $self->doobj($_, $bin, intent => "bin", attrs => { %attrs });
-    }
-    $cache{$bin} = 1;
-}
-
-# doscript is responsible for building scripts from templates.  It will
-# call in2script.
-sub doscript {
-    my $self = shift;
-    my $script = shift;
-    return "" if $cache{$script};
-    $self->emit('in2script',
-         script => $script,
-         attrs => $self->{info}->{attributes}->{scripts}->{$script} // {},
-         sources => $self->{info}->{sources}->{$script});
-    $cache{$script} = 1;
-}
-
-sub dodir {
-    my $self = shift;
-    my $dir = shift;
-    return "" if !exists(&generatedir) or $cache{$dir};
-    $self->emit('generatedir',
-         dir => $dir,
-         deps => $self->{info}->{dirinfo}->{$dir}->{deps} // [],
-         %{$self->{info}->{dirinfo}->{$_}->{products}});
-    $cache{$dir} = 1;
-}
-
-# dodocs is responsible for building documentation from .pods.
-# It will call generatesrc.
-sub dodocs {
-    my $self = shift;
-    my $type = shift;
-    my $section = shift;
-    foreach my $doc (@{$self->{info}->{"${type}docs"}->{$section}}) {
-        next if $cache{$doc};
-        $self->emit('generatesrc',
-             src => $doc,
-             generator => $self->{info}->{generate}->{$doc});
-        foreach ((@{$self->{info}->{depends}->{$doc} // []})) {
-            $self->dogenerate($_, undef, undef);
-        }
-        $cache{$doc} = 1;
-    }
-}
-
-1;
--- a/Configurations/platform.pm
+++ b/Configurations/platform.pm
@@ -1,18 +0,0 @@
-package platform;
-
-use strict;
-use warnings;
-use vars qw(@ISA);
-
-# Callers must make sure @INC has the build directory
-use configdata;
-
-my $module = $target{perl_platform} || 'Unix';
-(my $module_path = $module) =~ s|::|/|g;
-
-require "platform/$module_path.pm";
-@ISA = ("platform::$module");
-
-1;
-
-__END__
--- a/Configurations/platform/AIX.pm
+++ b/Configurations/platform/AIX.pm
@@ -1,47 +0,0 @@
-package platform::AIX;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::Unix;
-@ISA = qw(platform::Unix);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub dsoext              { '.so' }
-sub shlibextsimple      { return '.so' if $target{shared_target} eq "aix-solib";
-			  '.a'}
-
-# In shared mode, the default static library names clashes with the final
-# "simple" full shared library name, so we add '_a' to the basename of the
-# static libraries in that case, unless in solib mode (using only .so
-# files for shared libraries, and not packaging them inside archives)
-sub staticname {
-    return platform::Unix->staticname($_[1]) if $target{shared_target} eq "aix-solib";
-
-    # Non-installed libraries are *always* static, and their names remain
-    # the same, except for the mandatory extension
-    my $in_libname = platform::BASE->staticname($_[1]);
-    return $in_libname
-        if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
-
-    return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a');
-}
-
-# In solib mode, we do not install the simple symlink (we install the import
-# library).  In regular mode, we install the symlink.
-sub sharedlib_simple {
-    return undef if $target{shared_target} eq "aix-solib";
-    return platform::Unix->sharedlib_simple($_[1], $_[0]->shlibextsimple());
-}
-
-# In solib mode, we install the import library.  In regular mode, we have
-# no import library.
-sub sharedlib_import {
-    return platform::Unix->sharedlib_simple($_[1]) if $target{shared_target} eq "aix-solib";
-    return undef;
-}
--- a/Configurations/platform/BASE.pm
+++ b/Configurations/platform/BASE.pm
@@ -1,99 +0,0 @@
-package platform::BASE;
-
-use strict;
-use warnings;
-use Carp;
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-# Globally defined "platform specific" extensions, available for uniformity
-sub depext      { '.d' }
-
-# Functions to convert internal file representations to platform specific
-# ones.  Note that these all depend on extension functions that MUST be
-# defined per platform.
-#
-# Currently known internal or semi-internal extensions are:
-#
-# .a            For libraries that are made static only.
-#               Internal libraries only.
-# .o            For object files.
-# .s, .S        Assembler files.  This is an actual extension on Unix
-# .res          Resource file.  This is an actual extension on Windows
-
-sub binname     { return $_[1] } # Name of executable binary
-sub dsoname     { return $_[1] } # Name of dynamic shared object (DSO)
-sub sharedname  { return __isshared($_[1]) ? $_[1] : undef } # Name of shared lib
-sub staticname  { return __base($_[1], '.a') } # Name of static lib
-
-# Convenience function to convert the shlib version to an acceptable part
-# of a file or directory name.  By default, we consider it acceptable as is.
-sub shlib_version_as_filename { return $config{shlib_version} }
-
-# Convenience functions to convert the possible extension of an input file name
-sub bin         { return $_[0]->binname($_[1]) . $_[0]->binext() }
-sub dso         { return $_[0]->dsoname($_[1]) . $_[0]->dsoext() }
-sub sharedlib   { return __concat($_[0]->sharedname($_[1]), $_[0]->shlibext()) }
-sub staticlib   { return $_[0]->staticname($_[1]) . $_[0]->libext() }
-
-# More convenience functions for intermediary files
-sub def         { return __base($_[1], '.ld') . $_[0]->defext() }
-sub obj         { return __base($_[1], '.o') . $_[0]->objext() }
-sub res         { return __base($_[1], '.res') . $_[0]->resext() }
-sub dep         { return __base($_[1], '.o') . $_[0]->depext() } # <- objname
-sub asm         { return __base($_[1], '.s') . $_[0]->asmext() }
-
-# Another set of convenience functions for standard checks of certain
-# internal extensions and conversion from internal to platform specific
-# extension.  Note that the latter doesn't deal with libraries because
-# of ambivalence
-sub isdef       { return $_[1] =~ m|\.ld$|;   }
-sub isobj       { return $_[1] =~ m|\.o$|;    }
-sub isres       { return $_[1] =~ m|\.res$|;  }
-sub isasm       { return $_[1] =~ m|\.s$|;    }
-sub iscppasm    { return $_[1] =~ m|\.S$|;    }
-sub isstaticlib { return $_[1] =~ m|\.a$|;    }
-sub convertext {
-    if ($_[0]->isdef($_[1]))        { return $_[0]->def($_[1]); }
-    if ($_[0]->isobj($_[1]))        { return $_[0]->obj($_[1]); }
-    if ($_[0]->isres($_[1]))        { return $_[0]->res($_[1]); }
-    if ($_[0]->isasm($_[1]))        { return $_[0]->asm($_[1]); }
-    if ($_[0]->isstaticlib($_[1]))  { return $_[0]->staticlib($_[1]); }
-    return $_[1];
-}
-
-# Helpers ############################################################
-
-# __base EXPR, LIST
-# This returns the given path (EXPR) with the matching suffix from LIST stripped
-sub __base {
-    my $path = shift;
-    foreach (@_) {
-        if ($path =~ m|\Q${_}\E$|) {
-            return $`;
-        }
-    }
-    return $path;
-}
-
-# __isshared EXPR
-# EXPR is supposed to be a library name.  This will return true if that library
-# can be assumed to be a shared library, otherwise false
-sub __isshared {
-    return !($disabled{shared} || $_[0] =~ /\.a$/);
-}
-
-# __concat LIST
-# Returns the concatenation of all elements of LIST if none of them is
-# undefined.  If one of them is undefined, returns undef instead.
-sub __concat {
-    my $result = '';
-    foreach (@_) {
-        return undef unless defined $_;
-        $result .= $_;
-    }
-    return $result;
-}
-
-1;
--- a/Configurations/platform/Cygwin.pm
+++ b/Configurations/platform/Cygwin.pm
@@ -1,22 +0,0 @@
-package platform::Cygwin;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::mingw;
-@ISA = qw(platform::mingw);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub sharedname {
-    my $class = shift;
-    my $lib = platform::mingw->sharedname(@_);
-    $lib =~ s|^lib|cyg| if defined $lib;
-    return $lib;
-}
-
-1;
--- a/Configurations/platform/Unix.pm
+++ b/Configurations/platform/Unix.pm
@@ -1,89 +0,0 @@
-package platform::Unix;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::BASE;
-@ISA = qw(platform::BASE);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub binext              { $target{exe_extension} || '' }
-sub dsoext              { $target{dso_extension} || platform->shlibextsimple()
-                              || '.so' }
-# Because these are also used in scripts and not just Makefile, we must
-# convert $(SHLIB_VERSION_NUMBER) to the actual number.
-sub shlibext            { (my $x = $target{shared_extension}
-                               || '.so.$(SHLIB_VERSION_NUMBER)')
-                              =~ s|\.\$\(SHLIB_VERSION_NUMBER\)
-                                  |.$config{shlib_version}|x;
-                          $x; }
-sub libext              { $target{lib_extension} || '.a' }
-sub defext              { $target{def_extension} || '.ld' }
-sub objext              { $target{obj_extension} || '.o' }
-sub depext              { $target{obj_extension} || '.d' }
-
-# Other extra that aren't defined in platform::BASE
-sub shlibextsimple      { (my $x = $target{shared_extension} || '.so')
-                              =~ s|\.\$\(SHLIB_VERSION_NUMBER\)||;
-                          $x; }
-sub shlibvariant        { $target{shlib_variant} || "" }
-sub makedepcmd          { $disabled{makedepend} ? undef : $config{makedepcmd} }
-
-# No conversion of assembler extension on Unix
-sub asm {
-    return $_[1];
-}
-
-# At some point, we might decide that static libraries are called something
-# other than the default...
-sub staticname {
-    # Non-installed libraries are *always* static, and their names remain
-    # the same, except for the mandatory extension
-    my $in_libname = platform::BASE->staticname($_[1]);
-    return $in_libname
-        if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
-
-    # We currently return the same name anyway...  but we might choose to
-    # append '_static' or '_a' some time in the future.
-    return platform::BASE->staticname($_[1]);
-}
-
-sub sharedname {
-    return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
-                                    ($_[0]->shlibvariant() // ''));
-}
-
-sub sharedname_simple {
-    return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
-}
-
-sub sharedlib_simple {
-    # This function returns the simplified shared library name (no version
-    # or variant in the shared library file name) if the simple variants of
-    # the base name or the suffix differ from the full variants of the same.
-
-    # Note: if $_[1] isn't a shared library name, then $_[0]->sharedname()
-    # and $_[0]->sharedname_simple() will return undef.  This needs being
-    # accounted for.
-    my $name = $_[0]->sharedname($_[1]);
-    my $simplename = $_[0]->sharedname_simple($_[1]);
-    my $ext = $_[0]->shlibext();
-    # Allow override of the extension passed in as parameter
-    my $simpleext = $_[2];
-    $simpleext = $_[0]->shlibextsimple() unless defined $simpleext;
-
-    return undef unless defined $simplename && defined $name;
-    return undef if ($name eq $simplename && $ext eq $simpleext);
-    return platform::BASE::__concat($simplename, $simpleext);
-}
-
-sub sharedlib_import {
-    return undef;
-}
-
-1;
--- a/Configurations/platform/VMS.pm
+++ b/Configurations/platform/VMS.pm
@@ -1,65 +0,0 @@
-package platform::VMS;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::BASE;
-@ISA = qw(platform::BASE);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-# VMS has a cultural standard where all installed libraries are prefixed.
-# For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a
-# conversation with VSI, Tuesday January 26 2016)
-sub osslprefix          { 'OSSL$' }
-
-sub binext              { '.EXE' }
-sub dsoext              { '.EXE' }
-sub shlibext            { '.EXE' }
-sub libext              { '.OLB' }
-sub defext              { '.OPT' }
-sub objext              { '.OBJ' }
-sub depext              { '.D' }
-sub asmext              { '.ASM' }
-
-# Other extra that aren't defined in platform::BASE
-sub shlibvariant        { $target{shlib_variant} || '' }
-
-sub optext              { '.OPT' }
-sub optname             { return $_[1] }
-sub opt                 { return $_[0]->optname($_[1]) . $_[0]->optext() }
-
-# Other projects include the pointer size in the name of installed libraries,
-# so we do too.
-sub staticname {
-    # Non-installed libraries are *always* static, and their names remain
-    # the same, except for the mandatory extension
-    my $in_libname = platform::BASE->staticname($_[1]);
-    return $in_libname
-        if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
-
-    return platform::BASE::__concat($_[0]->osslprefix(),
-                                    platform::BASE->staticname($_[1]),
-                                    $target{pointer_size});
-}
-
-# To enable installation of multiple major OpenSSL releases, we include the
-# version number in installed shared library names.
-my $sover_filename =
-    join('', map { sprintf "%02d", $_ } split(m|\.|, $config{shlib_version}));
-sub shlib_version_as_filename {
-    return $sover_filename;
-}
-sub sharedname {
-    return platform::BASE::__concat($_[0]->osslprefix(),
-                                    platform::BASE->sharedname($_[1]),
-                                    $_[0]->shlib_version_as_filename(),
-                                    ($_[0]->shlibvariant() // ''),
-                                    "_shr$target{pointer_size}");
-}
-
-1;
--- a/Configurations/platform/Windows.pm
+++ b/Configurations/platform/Windows.pm
@@ -1,64 +0,0 @@
-package platform::Windows;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::BASE;
-@ISA = qw(platform::BASE);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub binext              { '.exe' }
-sub dsoext              { '.dll' }
-sub shlibext            { '.dll' }
-sub libext              { '.lib' }
-sub defext              { '.def' }
-sub objext              { '.obj' }
-sub depext              { '.d' }
-sub asmext              { '.asm' }
-
-# Other extra that aren't defined in platform::BASE
-sub resext              { '.res' }
-sub shlibextimport      { '.lib' }
-sub shlibvariant        { $target{shlib_variant} || '' }
-
-sub staticname {
-    # Non-installed libraries are *always* static, and their names remain
-    # the same, except for the mandatory extension
-    my $in_libname = platform::BASE->staticname($_[1]);
-    return $in_libname
-        if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
-
-    # To make sure not to clash with an import library, we make the static
-    # variant of our installed libraries get '_static' added to their names.
-    return platform::BASE->staticname($_[1])
-        . ($disabled{shared} ? '' : '_static');
-}
-
-# To mark forward compatibility, we include the OpenSSL major release version
-# number in the installed shared library names.
-(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
-sub shlib_version_as_filename {
-    return $sover_filename
-}
-sub sharedname {
-    return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
-                                    "-",
-                                    $_[0]->shlib_version_as_filename(),
-                                    ($_[0]->shlibvariant() // ''));
-}
-
-sub sharedname_import {
-    return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
-}
-
-sub sharedlib_import {
-    return platform::BASE::__concat($_[0]->sharedname_import($_[1]),
-                                    $_[0]->shlibextimport());
-}
-
-1;
--- a/Configurations/platform/Windows/MSVC.pm
+++ b/Configurations/platform/Windows/MSVC.pm
@@ -1,44 +0,0 @@
-package platform::Windows::MSVC;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::Windows;
-@ISA = qw(platform::Windows);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub pdbext              { '.pdb' }
-
-# It's possible that this variant of |sharedname| should be in Windows.pm.
-# However, this variant was VC only in 1.1.1, so we maintain that here until
-# further notice.
-sub sharedname {
-    return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
-                                    "-",
-                                    $_[0]->shlib_version_as_filename(),
-                                    ($target{multilib} // '' ),
-                                    ($_[0]->shlibvariant() // ''));
-}
-
-sub staticlibpdb {
-    return platform::BASE::__concat($_[0]->staticname($_[1]), $_[0]->pdbext());
-}
-
-sub sharedlibpdb {
-    return platform::BASE::__concat($_[0]->sharedname($_[1]), $_[0]->pdbext());
-}
-
-sub dsopdb {
-    return platform::BASE::__concat($_[0]->dsoname($_[1]), $_[0]->pdbext());
-}
-
-sub binpdb {
-    return platform::BASE::__concat($_[0]->binname($_[1]), $_[0]->pdbext());
-}
-
-1;
--- a/Configurations/platform/Windows/cppbuilder.pm
+++ b/Configurations/platform/Windows/cppbuilder.pm
@@ -1,16 +0,0 @@
-package platform::Windows::cppbuilder;
-
-use vars qw(@ISA);
-
-require platform::Windows::MSVC;
-@ISA = qw(platform::Windows::MSVC);
-
-sub pdbext              { '.tds' }
-
-# C++Builder's Clang-based compilers prepend an underscore to __cdecl-convention
-# C functions, and the linker needs those as the InternalName in the .def file.
-sub export2internal {
-    return "_$_[1]";
-}
-
-1;
--- a/Configurations/platform/mingw.pm
+++ b/Configurations/platform/mingw.pm
@@ -1,51 +0,0 @@
-package platform::mingw;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::Unix;
-@ISA = qw(platform::Unix);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub binext              { '.exe' }
-sub objext              { '.obj' }
-sub libext              { '.a' }
-sub dsoext              { '.dll' }
-sub defext              { '.def' }
-
-# Other extra that aren't defined in platform::BASE
-sub resext              { '.res.obj' }
-sub shlibext            { '.dll' }
-sub shlibextimport      { $target{shared_import_extension} || '.dll.a' }
-sub shlibextsimple      { undef }
-sub makedepcmd          { $disabled{makedepend} ? undef : $config{makedepcmd} }
-
-(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
-sub shlib_version_as_filename {
-    return $sover_filename;
-}
-sub sharedname {
-    return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
-                                    "-",
-                                    $_[0]->shlib_version_as_filename(),
-                                    ($config{target} eq "mingw64"
-                                         ? "-x64" : ""));
-}
-
-# With Mingw and other DLL producers, there isn't any "simpler" shared
-# library name.  However, there is a static import library.
-sub sharedlib_simple {
-    return undef;
-}
-
-sub sharedlib_import {
-    return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
-                                    $_[0]->shlibextimport());
-}
-
-1;
--- a/Configurations/shared-info.pl
+++ b/Configurations/shared-info.pl
@@ -1,100 +0,0 @@
-#! /usr/bin/env perl
-# -*- mode: perl; -*-
-# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# This is a collection of extra attributes to be used as input for creating
-# shared libraries, currently on any Unix variant, including Unix like
-# environments on Windows.
-
-sub detect_gnu_ld {
-    my @lines =
-        `$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`;
-    return grep /^GNU ld/, @lines;
-}
-sub detect_gnu_cc {
-    my @lines =
-        `$config{CROSS_COMPILE}$config{CC} -v 2>&1`;
-    return grep /gcc/, @lines;
-}
-
-my %shared_info;
-%shared_info = (
-    'gnu-shared' => {
-        shared_ldflag         => '-shared -Wl,-Bsymbolic',
-        shared_sonameflag     => '-Wl,-soname=',
-    },
-    'linux-shared' => sub {
-        return {
-            %{$shared_info{'gnu-shared'}},
-            shared_defflag    => '-Wl,--version-script=',
-            dso_ldflags       =>
-                (grep /(?:^|\s)-fsanitize/,
-                 @{$config{CFLAGS}}, @{$config{cflags}})
-                ? ''
-                : '-Wl,-z,defs',
-        };
-    },
-    'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; },
-    'bsd-gcc-nodef-shared' => sub { 
-        return {
-            %{$shared_info{'gnu-shared'}},
-            shared_defflags     => '-Wl,--version-script=',
-        };
-    },
-    'darwin-shared' => {
-        module_ldflags        => '-bundle',
-        shared_ldflag         => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
-        shared_sonameflag     => '-install_name $(libdir)/',
-    },
-    'cygwin-shared' => {
-        shared_ldflag         => '-shared -Wl,--enable-auto-image-base',
-        shared_impflag        => '-Wl,--out-implib=',
-    },
-    'mingw-shared' => sub {
-        return {
-            %{$shared_info{'cygwin-shared'}},
-            # def_flag made to empty string so it still generates
-            # something
-            shared_defflag    => '',
-            shared_argfileflag => '@',
-        };
-    },
-    'alpha-osf1-shared' => sub {
-        return $shared_info{'gnu-shared'} if detect_gnu_ld();
-        return {
-            module_ldflags    => '-shared -Wl,-Bsymbolic',
-            shared_ldflag     => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)',
-        };
-    },
-    'svr3-shared' => sub {
-        return $shared_info{'gnu-shared'} if detect_gnu_ld();
-        return {
-            shared_ldflag     => '-G',
-            shared_sonameflag => '-h ',
-        };
-    },
-    'svr5-shared' => sub {
-        return $shared_info{'gnu-shared'} if detect_gnu_ld();
-        return {
-            shared_ldflag     => detect_gnu_cc() ? '-shared' : '-G',
-            shared_sonameflag => '-h ',
-        };
-    },
-    'solaris-gcc-shared' => sub {
-        return $shared_info{'linux-shared'} if detect_gnu_ld();
-        return {
-            # Note: we should also have -shared here, but because some
-            # config targets define it with an added -static-libgcc
-            # following it, we don't want to change the order.  This
-            # forces all solaris gcc config targets to define shared_ldflag
-            shared_ldflag     => '-Wl,-Bsymbolic',
-            shared_defflag    => "-Wl,-M,",
-            shared_sonameflag => "-Wl,-h,",
-        };
-    },
-);
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
--- a/Configurations/unix-checker.pm
+++ b/Configurations/unix-checker.pm
@@ -1,22 +0,0 @@
-#! /usr/bin/env perl
-
-use Config;
-
-# Check that the perl implementation file modules generate paths that
-# we expect for the platform
-use File::Spec::Functions qw(:DEFAULT rel2abs);
-
-if (rel2abs('.') !~ m|/|) {
-    die <<EOF;
-
-******************************************************************************
-This perl implementation doesn't produce Unix like paths (with forward slash
-directory separators).  Please use an implementation that matches your
-building platform.
-
-This Perl version: $Config{version} for $Config{archname}
-******************************************************************************
-EOF
-}
-
-1;
--- a/Configurations/windows-checker.pm
+++ b/Configurations/windows-checker.pm
@@ -1,22 +0,0 @@
-#! /usr/bin/env perl
-
-use Config;
-
-# Check that the perl implementation file modules generate paths that
-# we expect for the platform
-use File::Spec::Functions qw(:DEFAULT rel2abs);
-
-if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
-    die <<EOF;
-
-******************************************************************************
-This perl implementation doesn't produce Windows like paths (with backward
-slash directory separators).  Please use an implementation that matches your
-building platform.
-
-This Perl version: $Config{version} for $Config{archname}
-******************************************************************************
-EOF
-}
-
-1;
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
--- a/4034
+++ b/4034
--- a/2
+++ b/2
@@ -0,0 +1,2 @@
+The FAQ is now maintained on the web:
+        https://www.openssl.org/docs/faq.html
--- a/HACKING.md
+++ b/HACKING.md
@@ -1,33 +0,0 @@
-MODIFYING OPENSSL SOURCE
-========================
-
-This document describes the way to add custom modifications to OpenSSL sources.
-
- If you are adding new public functions to the custom library build, you need to
- either add a prototype in one of the existing OpenSSL header files;
- or provide a new header file and edit
- [Configurations/unix-Makefile.tmpl](Configurations/unix-Makefile.tmpl)
- to pick up that file.
-
- After that, perform the following steps:
-
-    ./Configure -Werror --strict-warnings [your-options]
-    make update
-    make
-    make test
-
- `make update` ensures that your functions declarations are added to
- `util/libcrypto.num` or `util/libssl.num`.
- If you plan to submit the changes you made to OpenSSL
- (see [CONTRIBUTING.md](CONTRIBUTING.md)), it's worth running:
-
-    make doc-nits
-
- after running `make update` to ensure that documentation has correct format.
-
- `make update` also generates files related to OIDs (in the `crypto/objects/`
- folder) and errors.
- If a merge error occurs in one of these generated files, then the
- generated files need to be removed and regenerated using `make update`.
- To aid in this process, the generated files can be committed separately
- so they can be removed easily.
--- a/945
+++ b/945
@@ -0,0 +1,945 @@
+
+ OPENSSL INSTALLATION
+ --------------------
+
+ This document describes installation on all supported operating
+ systems (the Linux/Unix family, OpenVMS and Windows)
+
+ To install OpenSSL, you will need:
+
+  * A make implementation
+  * Perl 5 with core modules (please read NOTES.PERL)
+  * The perl module Text::Template (please read NOTES.PERL)
+  * an ANSI C compiler
+  * a development environment in the form of development libraries and C
+    header files
+  * a supported operating system
+
+ For additional platform specific requirements, solutions to specific
+ issues and other details, please read one of these:
+
+  * NOTES.VMS (OpenVMS)
+  * NOTES.WIN (any supported Windows)
+  * NOTES.DJGPP (DOS platform with DJGPP)
+
+ Notational conventions in this document
+ ---------------------------------------
+
+ Throughout this document, we use the following conventions in command
+ examples:
+
+ $ command                      Any line starting with a dollar sign
+                                ($) is a command line.
+
+ { word1 | word2 | word3 }      This denotes a mandatory choice, to be
+                                replaced with one of the given words.
+                                A simple example would be this:
+
+                                $ echo { FOO | BAR | COOKIE }
+
+                                which is to be understood as one of
+                                these:
+
+                                $ echo FOO
+                                - or -
+                                $ echo BAR
+                                - or -
+                                $ echo COOKIE
+
+ [ word1 | word2 | word3 ]      Similar to { word1 | word2 | word3 }
+                                except it's optional to give any of
+                                those.  In addition to the examples
+                                above, this would also be valid:
+
+                                $ echo
+
+ {{ target }}                   This denotes a mandatory word or
+                                sequence of words of some sort.  A
+                                simple example would be this:
+
+                                $ type {{ filename }}
+
+                                which is to be understood to use the
+                                command 'type' on some file name
+                                determined by the user.
+
+ [[ options ]]                  Similar to {{ target }}, but is
+                                optional.
+
+ Note that the notation assumes spaces around {, }, [, ], {{, }} and
+ [[, ]].  This is to differentiate from OpenVMS directory
+ specifications, which also use [ and ], but without spaces.
+
+ Quick Start
+ -----------
+
+ If you want to just get on with it, do:
+
+  on Unix:
+
+    $ ./config
+    $ make
+    $ make test
+    $ make install
+
+  on OpenVMS:
+
+    $ @config
+    $ mms
+    $ mms test
+    $ mms install
+
+  on Windows (only pick one of the targets for configuration):
+
+    $ perl Configure { VC-WIN32 | VC-WIN64A | VC-WIN64I | VC-CE }
+    $ nmake
+    $ nmake test
+    $ nmake install
+
+ If any of these steps fails, see section Installation in Detail below.
+
+ This will build and install OpenSSL in the default location, which is:
+
+  Unix:    normal installation directories under /usr/local
+  OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the
+           OpenSSL version number with underscores instead of periods.
+  Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
+
+ If you want to install it anywhere else, run config like this:
+
+  On Unix:
+
+    $ ./config --prefix=/opt/openssl --openssldir=/usr/local/ssl
+
+  On OpenVMS:
+
+    $ @config --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL]
+
+
+ Configuration Options
+ ---------------------
+
+ There are several options to ./config (or ./Configure) to customize
+ the build (note that for Windows, the defaults for --prefix and
+ --openssldir depend in what configuration is used and what Windows
+ implementation OpenSSL is built on.  More notes on this in NOTES.WIN):
+
+  --api=x.y.z
+                   Don't build with support for deprecated APIs below the
+                   specified version number. For example "--api=1.1.0" will
+                   remove support for all APIS that were deprecated in OpenSSL
+                   version 1.1.0 or below.
+
+  --cross-compile-prefix=PREFIX
+                   The PREFIX to include in front of commands for your
+                   toolchain. It's likely to have to end with dash, e.g.
+                   a-b-c- would invoke GNU compiler as a-b-c-gcc, etc.
+                   Unfortunately cross-compiling is too case-specific to
+                   put together one-size-fits-all instructions. You might
+                   have to pass more flags or set up environment variables
+                   to actually make it work. Android and iOS cases are
+                   discussed in corresponding Configurations/10-main.cf
+                   sections. But there are cases when this option alone is
+                   sufficient. For example to build the mingw64 target on
+                   Linux "--cross-compile-prefix=x86_64-w64-mingw32-"
+                   works. Naturally provided that mingw packages are
+                   installed. Today Debian and Ubuntu users have option to
+                   install a number of prepackaged cross-compilers along
+                   with corresponding run-time and development packages for
+                   "alien" hardware. To give another example
+                   "--cross-compile-prefix=mipsel-linux-gnu-" suffices
+                   in such case. Needless to mention that you have to
+                   invoke ./Configure, not ./config, and pass your target
+                   name explicitly.
+
+  --debug
+                   Build OpenSSL with debugging symbols.
+
+  --libdir=DIR
+                   The name of the directory under the top of the installation
+                   directory tree (see the --prefix option) where libraries will
+                   be installed. By default this is "lib". Note that on Windows
+                   only ".lib" files will be stored in this location. dll files
+                   will always be installed to the "bin" directory.
+
+  --openssldir=DIR
+                   Directory for OpenSSL configuration files, and also the
+                   default certificate and key store.  Defaults are:
+
+                   Unix:           /usr/local/ssl
+                   Windows:        C:\Program Files\Common Files\SSL
+                                or C:\Program Files (x86)\Common Files\SSL
+                   OpenVMS:        SYS$COMMON:[OPENSSL-COMMON]
+
+  --prefix=DIR
+                   The top of the installation directory tree.  Defaults are:
+
+                   Unix:           /usr/local
+                   Windows:        C:\Program Files\OpenSSL
+                                or C:\Program Files (x86)\OpenSSL
+                   OpenVMS:        SYS$COMMON:[OPENSSL-'version']
+
+  --release
+                   Build OpenSSL without debugging symbols. This is the default.
+
+  --strict-warnings
+                   This is a developer flag that switches on various compiler
+                   options recommended for OpenSSL development. It only works
+                   when using gcc or clang as the compiler. If you are
+                   developing a patch for OpenSSL then it is recommended that
+                   you use this option where possible.
+
+  --with-zlib-include=DIR
+                   The directory for the location of the zlib include file. This
+                   option is only necessary if enable-zlib (see below) is used
+                   and the include file is not already on the system include
+                   path.
+
+  --with-zlib-lib=LIB
+                   On Unix: this is the directory containing the zlib library.
+                   If not provided the system library path will be used.
+                   On Windows: this is the filename of the zlib library (with or
+                   without a path). This flag must be provided if the
+                   zlib-dynamic option is not also used. If zlib-dynamic is used
+                   then this flag is optional and a default value ("ZLIB1") is
+                   used if not provided. 
+                   On VMS: this is the filename of the zlib library (with or
+                   without a path). This flag is optional and if not provided
+                   then "GNV$LIBZSHR", "GNV$LIBZSHR32" or "GNV$LIBZSHR64" is
+                   used by default depending on the pointer size chosen.
+
+  no-afalgeng
+                   Don't build the AFALG engine. This option will be forced if
+                   on a platform that does not support AFALG.
+
+  enable-asan
+                   Build with the Address sanitiser. This is a developer option
+                   only. It may not work on all platforms and should never be
+                   used in production environments. It will only work when used
+                   with gcc or clang and should be used in conjunction with the
+                   no-shared option.
+
+  no-asm
+                   Do not use assembler code. On some platforms a small amount
+                   of assembler code may still be used.
+
+  no-async
+                   Do not build support for async operations.
+
+  no-autoalginit
+                   Don't automatically load all supported ciphers and digests.
+                   Typically OpenSSL will make available all of its supported
+                   ciphers and digests. For a statically linked application this
+                   may be undesirable if small executable size is an objective.
+                   This only affects libcrypto. Ciphers and digests will have to
+                   be loaded manually using EVP_add_cipher() and
+                   EVP_add_digest() if this option is used. This option will
+                   force a non-shared build.
+
+  no-autoerrinit
+                   Don't automatically load all libcrypto/libssl error strings.
+                   Typically OpenSSL will automatically load human readable
+                   error strings. For a statically linked application this may
+                   be undesirable if small executable size is an objective.
+
+
+  no-capieng
+                   Don't build the CAPI engine. This option will be forced if
+                   on a platform that does not support CAPI.
+
+  no-cms
+                   Don't build support for CMS features
+
+  no-comp
+                   Don't build support for SSL/TLS compression. If this option
+                   is left enabled (the default), then compression will only
+                   work if the zlib or zlib-dynamic options are also chosen.
+
+  enable-crypto-mdebug
+                   Build support for debugging memory allocated via
+                   OPENSSL_malloc() or OPENSSL_zalloc().
+
+  enable-crypto-mdebug-backtrace
+                   As for crypto-mdebug, but additionally provide backtrace
+                   information for allocated memory.
+                   TO BE USED WITH CARE: this uses GNU C functionality, and
+                   is therefore not usable for non-GNU config targets.  If
+                   your build complains about the use of '-rdynamic' or the
+                   lack of header file execinfo.h, this option is not for you.
+                   ALSO NOTE that even though execinfo.h is available on your
+                   system (through Gnulib), the functions might just be stubs
+                   that do nothing.
+
+  no-ct
+                   Don't build support for Certificate Transparency.
+
+  no-deprecated
+                   Don't build with support for any deprecated APIs. This is the
+                   same as using "--api" and supplying the latest version
+                   number.
+
+  no-dgram
+                   Don't build support for datagram based BIOs. Selecting this
+                   option will also force the disabling of DTLS.
+
+  no-dso
+                   Don't build support for loading Dynamic Shared Objects.
+
+  no-dynamic-engine
+                   Don't build the dynamically loaded engines. This only has an
+                   effect in a "shared" build
+
+  no-ec
+                   Don't build support for Elliptic Curves.
+
+  no-ec2m
+                   Don't build support for binary Elliptic Curves
+
+  enable-ec_nistp_64_gcc_128
+                   Enable support for optimised implementations of some commonly
+                   used NIST elliptic curves. This is only supported on some
+                   platforms.
+
+  enable-egd
+                   Build support for gathering entropy from EGD (Entropy
+                   Gathering Daemon).
+
+  no-engine
+                   Don't build support for loading engines.
+
+  no-err
+                   Don't compile in any error strings.
+
+  no-filenames
+                   Don't compile in filename and line number information (e.g.
+                   for errors and memory allocation).
+
+  enable-fuzz-libfuzzer, enable-fuzz-afl
+                   Build with support for fuzzing using either libfuzzer or AFL.
+                   These are developer options only. They may not work on all
+                   platforms and should never be used in production environments.
+                   See the file fuzz/README.md for further details.
+
+  no-gost
+                   Don't build support for GOST based ciphersuites. Note that
+                   if this feature is enabled then GOST ciphersuites are only
+                   available if the GOST algorithms are also available through
+                   loading an externally supplied engine.
+
+  enable-heartbeats
+                   Build support for DTLS heartbeats.
+
+  no-hw-padlock
+                   Don't build the padlock engine.
+
+  no-makedepend
+                   Don't generate dependencies.
+
+  no-multiblock
+                   Don't build support for writing multiple records in one
+                   go in libssl (Note: this is a different capability to the
+                   pipelining functionality).
+
+  no-nextprotoneg
+                   Don't build support for the NPN TLS extension.
+
+  no-ocsp
+                   Don't build support for OCSP.
+
+  no-pic
+                   Don't build with support for Position Independent Code.
+
+  no-posix-io
+                   Don't use POSIX IO capabilities.
+
+  no-psk
+                   Don't build support for Pre-Shared Key based ciphersuites.
+
+  no-rdrand
+                   Don't use hardware RDRAND capabilities.
+
+  no-rfc3779
+                   Don't build support for RFC3779 ("X.509 Extensions for IP
+                   Addresses and AS Identifiers")
+
+  sctp
+                   Build support for SCTP
+
+  no-shared
+                   Do not create shared libraries, only static ones.  See "Note
+                   on shared libraries" below.
+
+  no-sock
+                   Don't build support for socket BIOs
+
+  no-srp
+                   Don't build support for SRP or SRP based ciphersuites.
+
+  no-srtp
+                   Don't build SRTP support
+
+  no-sse2
+                   Exclude SSE2 code paths. Normally SSE2 extension is
+                   detected at run-time, but the decision whether or not the
+                   machine code will be executed is taken solely on CPU
+                   capability vector. This means that if you happen to run OS
+                   kernel which does not support SSE2 extension on Intel P4
+                   processor, then your application might be exposed to
+                   "illegal instruction" exception. There might be a way
+                   to enable support in kernel, e.g. FreeBSD kernel can be
+                   compiled with CPU_ENABLE_SSE, and there is a way to
+                   disengage SSE2 code paths upon application start-up,
+                   but if you aim for wider "audience" running such kernel,
+                   consider no-sse2. Both the 386 and no-asm options imply
+                   no-sse2.
+
+  enable-ssl-trace
+                   Build with the SSL Trace capabilities (adds the "-trace"
+                   option to s_client and s_server).
+
+  no-static-engine
+                   Don't build the statically linked engines. This only
+                   has an impact when not built "shared".
+
+  no-stdio
+                   Don't use any C "stdio" features. Only libcrypto and libssl
+                   can be built in this way. Using this option will suppress
+                   building the command line applications. Additionally since
+                   the OpenSSL tests also use the command line applications the
+                   tests will also be skipped.
+
+  no-threads
+                   Don't try to build with support for multi-threaded
+                   applications.
+
+  threads
+                   Build with support for multi-threaded applications. Most
+                   platforms will enable this by default. However if on a
+                   platform where this is not the case then this will usually
+                   require additional system-dependent options! See "Note on
+                   multi-threading" below.
+
+  no-ts
+                   Don't build Time Stamping Authority support.
+
+  enable-ubsan
+                   Build with the Undefined Behaviour sanitiser. This is a
+                   developer option only. It may not work on all platforms and
+                   should never be used in production environments. It will only
+                   work when used with gcc or clang and should be used in
+                   conjunction with the "-DPEDANTIC" option (or the
+                   --strict-warnings option).
+
+  no-ui
+                   Don't build with the "UI" capability (i.e. the set of
+                   features enabling text based prompts).
+
+  enable-unit-test
+                   Enable additional unit test APIs. This should not typically
+                   be used in production deployments.
+
+  enable-weak-ssl-ciphers
+                   Build support for SSL/TLS ciphers that are considered "weak"
+                   (e.g. RC4 based ciphersuites).
+
+  zlib
+                   Build with support for zlib compression/decompression.
+
+  zlib-dynamic
+                   Like "zlib", but has OpenSSL load the zlib library
+                   dynamically when needed.  This is only supported on systems
+                   where loading of shared libraries is supported.
+
+  386
+                   On Intel hardware, use the 80386 instruction set only
+                   (the default x86 code is more efficient, but requires at
+                   least a 486). Note: Use compiler flags for any other CPU
+                   specific configuration, e.g. "-m32" to build x86 code on
+                   an x64 system.
+
+  no-<prot>
+                   Don't build support for negotiating the specified SSL/TLS
+                   protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,
+                   dtls1 or dtls1_2). If "no-tls" is selected then all of tls1,
+                   tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will
+                   disable dtls1 and dtls1_2. The "no-ssl" option is synonymous
+                   with "no-ssl3". Note this only affects version negotiation.
+                   OpenSSL will still provide the methods for applications to
+                   explicitly select the individual protocol versions.
+
+  no-<prot>-method
+                   As for no-<prot> but in addition do not build the methods for
+                   applications to explicitly select individual protocol
+                   versions.
+
+  enable-<alg>
+                   Build with support for the specified algorithm, where <alg>
+                   is one of: md2 or rc5.
+
+  no-<alg>
+                   Build without support for the specified algorithm, where
+                   <alg> is one of: bf, blake2, camellia, cast, chacha, cmac,
+                   des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305,
+                   rc2, rc4, rmd160, scrypt, seed or whirlpool. The "ripemd"
+                   algorithm is deprecated and if used is synonymous with rmd160.
+
+  -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx
+                   These system specific options will be passed through to the
+                   compiler to allow you to define preprocessor symbols, specify
+                   additional libraries, library directories or other compiler
+                   options.
+
+
+ Installation in Detail
+ ----------------------
+
+ 1a. Configure OpenSSL for your operation system automatically:
+
+     NOTE: This is not available on Windows.
+
+       $ ./config [[ options ]]                         # Unix
+
+       or
+
+       $ @config [[ options ]]                          ! OpenVMS
+
+     For the remainder of this text, the Unix form will be used in all
+     examples, please use the appropriate form for your platform.
+
+     This guesses at your operating system (and compiler, if necessary) and
+     configures OpenSSL based on this guess. Run ./config -t to see
+     if it guessed correctly. If you want to use a different compiler, you
+     are cross-compiling for another platform, or the ./config guess was
+     wrong for other reasons, go to step 1b. Otherwise go to step 2.
+
+     On some systems, you can include debugging information as follows:
+
+       $ ./config -d [[ options ]]
+
+ 1b. Configure OpenSSL for your operating system manually
+
+     OpenSSL knows about a range of different operating system, hardware and
+     compiler combinations. To see the ones it knows about, run
+
+       $ ./Configure                                    # Unix
+
+       or
+
+       $ perl Configure                                 # All other platforms
+
+     For the remainder of this text, the Unix form will be used in all
+     examples, please use the appropriate form for your platform.
+
+     Pick a suitable name from the list that matches your system. For most
+     operating systems there is a choice between using "cc" or "gcc".  When
+     you have identified your system (and if necessary compiler) use this name
+     as the argument to Configure. For example, a "linux-elf" user would
+     run:
+
+       $ ./Configure linux-elf [[ options ]]
+
+     If your system isn't listed, you will have to create a configuration
+     file named Configurations/{{ something }}.conf and add the correct
+     configuration for your system. See the available configs as examples
+     and read Configurations/README and Configurations/README.design for
+     more information.
+
+     The generic configurations "cc" or "gcc" should usually work on 32 bit
+     Unix-like systems.
+
+     Configure creates a build file ("Makefile" on Unix, "makefile" on Windows
+     and "descrip.mms" on OpenVMS) from a suitable template in Configurations,
+     and defines various macros in include/openssl/opensslconf.h (generated from
+     include/openssl/opensslconf.h.in).
+
+ 1c. Configure OpenSSL for building outside of the source tree.
+
+     OpenSSL can be configured to build in a build directory separate from
+     the directory with the source code.  It's done by placing yourself in
+     some other directory and invoking the configuration commands from
+     there.
+
+     Unix example:
+
+       $ mkdir /var/tmp/openssl-build
+       $ cd /var/tmp/openssl-build
+       $ /PATH/TO/OPENSSL/SOURCE/config [[ options ]]
+
+       or
+
+       $ /PATH/TO/OPENSSL/SOURCE/Configure {{ target }} [[ options ]]
+
+     OpenVMS example:
+
+       $ set default sys$login:
+       $ create/dir [.tmp.openssl-build]
+       $ set default [.tmp.openssl-build]
+       $ @[PATH.TO.OPENSSL.SOURCE]config [[ options ]]
+
+       or
+
+       $ @[PATH.TO.OPENSSL.SOURCE]Configure {{ target }} [[ options ]]
+
+     Windows example:
+
+       $ C:
+       $ mkdir \temp-openssl
+       $ cd \temp-openssl
+       $ perl d:\PATH\TO\OPENSSL\SOURCE\Configure {{ target }} [[ options ]]
+
+     Paths can be relative just as well as absolute.  Configure will
+     do its best to translate them to relative paths whenever possible.
+
+  2. Build OpenSSL by running:
+
+       $ make                                           # Unix
+       $ mms                                            ! (or mmk) OpenVMS
+       $ nmake                                          # Windows
+
+     This will build the OpenSSL libraries (libcrypto.a and libssl.a on
+     Unix, corresponding on other platforms) and the OpenSSL binary
+     ("openssl"). The libraries will be built in the top-level directory,
+     and the binary will be in the "apps" subdirectory.
+
+     If the build fails, look at the output.  There may be reasons
+     for the failure that aren't problems in OpenSSL itself (like
+     missing standard headers).  If you are having problems you can
+     get help by sending an email to the openssl-users email list (see
+     https://www.openssl.org/community/mailinglists.html for details). If
+     it is a bug with OpenSSL itself, please open an issue on GitHub, at
+     https://github.com/openssl/openssl/issues. Please review the existing
+     ones first; maybe the bug was already reported or has already been
+     fixed.
+
+     (If you encounter assembler error messages, try the "no-asm"
+     configuration option as an immediate fix.)
+
+     Compiling parts of OpenSSL with gcc and others with the system
+     compiler will result in unresolved symbols on some systems.
+
+  3. After a successful build, the libraries should be tested. Run:
+
+       $ make test                                      # Unix
+       $ mms test                                       ! OpenVMS
+       $ nmake test                                     # Windows
+
+     NOTE: you MUST run the tests from an unprivileged account (or
+     disable your privileges temporarily if your platform allows it).
+
+     If some tests fail, look at the output.  There may be reasons for
+     the failure that isn't a problem in OpenSSL itself (like a
+     malfunction with Perl).  You may want increased verbosity, that
+     can be accomplished like this:
+
+       $ make VERBOSE=1 test                            # Unix
+
+       $ mms /macro=(VERBOSE=1) test                    ! OpenVMS
+
+       $ nmake VERBOSE=1 test                           # Windows
+
+     If you want to run just one or a few specific tests, you can use
+     the make variable TESTS to specify them, like this:
+
+       $ make TESTS='test_rsa test_dsa' test            # Unix
+       $ mms/macro="TESTS=test_rsa test_dsa" test       ! OpenVMS
+       $ nmake TESTS='test_rsa test_dsa' test           # Windows
+
+     And of course, you can combine (Unix example shown):
+       
+       $ make VERBOSE=1 TESTS='test_rsa test_dsa' test
+
+     You can find the list of available tests like this:
+
+       $ make list-tests                                # Unix
+       $ mms list-tests                                 ! OpenVMS
+       $ nmake list-tests                               # Windows
+
+     Have a look at the manual for the perl module Test::Harness to
+     see what other HARNESS_* variables there are.
+
+     If you find a problem with OpenSSL itself, try removing any
+     compiler optimization flags from the CFLAGS line in Makefile and
+     run "make clean; make" or corresponding.
+
+     Please send bug reports to <rt@openssl.org>.
+
+  4. If everything tests ok, install OpenSSL with
+
+       $ make install                                   # Unix
+       $ mms install                                    ! OpenVMS
+       $ nmake install                                  # Windows
+
+     This will install all the software components in this directory
+     tree under PREFIX (the directory given with --prefix or its
+     default):
+
+       Unix:
+
+         bin/           Contains the openssl binary and a few other
+                        utility scripts.
+         include/openssl
+                        Contains the header files needed if you want
+                        to build your own programs that use libcrypto
+                        or libssl.
+         lib            Contains the OpenSSL library files.
+         lib/engines    Contains the OpenSSL dynamically loadable engines.
+
+         share/man/man1 Contains the OpenSSL command line man-pages.
+         share/man/man3 Contains the OpenSSL library calls man-pages.
+         share/man/man5 Contains the OpenSSL configuration format man-pages.
+         share/man/man7 Contains the OpenSSL other misc man-pages.
+
+         share/doc/openssl/html/man1
+         share/doc/openssl/html/man3
+         share/doc/openssl/html/man5
+         share/doc/openssl/html/man7
+                        Contains the HTML rendition of the man-pages.
+
+       OpenVMS ('arch' is replaced with the architecture name, "Alpha"
+       or "ia64", 'sover' is replaced with the shared library version
+       (0101 for 1.1), and 'pz' is replaced with the pointer size
+       OpenSSL was built with):
+
+         [.EXE.'arch']  Contains the openssl binary.
+         [.EXE]         Contains a few utility scripts.
+         [.include.openssl]
+                        Contains the header files needed if you want
+                        to build your own programs that use libcrypto
+                        or libssl.
+         [.LIB.'arch']  Contains the OpenSSL library files.
+         [.ENGINES'sover''pz'.'arch']
+                        Contains the OpenSSL dynamically loadable engines.
+         [.SYS$STARTUP] Contains startup, login and shutdown scripts.
+                        These define appropriate logical names and
+                        command symbols.
+         [.SYSTEST]     Contains the installation verification procedure.
+         [.HTML]        Contains the HTML rendition of the manual pages.
+                        
+
+     Additionally, install will add the following directories under
+     OPENSSLDIR (the directory given with --openssldir or its default)
+     for you convenience:
+
+         certs          Initially empty, this is the default location
+                        for certificate files.
+         private        Initially empty, this is the default location
+                        for private key files.
+         misc           Various scripts.
+
+     Package builders who want to configure the library for standard
+     locations, but have the package installed somewhere else so that
+     it can easily be packaged, can use
+
+       $ make DESTDIR=/tmp/package-root install         # Unix
+       $ mms/macro="DESTDIR=TMP:[PACKAGE-ROOT]" install ! OpenVMS
+
+     The specified destination directory will be prepended to all
+     installation target paths.
+
+  Compatibility issues with previous OpenSSL versions:
+
+  *  COMPILING existing applications
+
+     OpenSSL 1.1.0 hides a number of structures that were previously
+     open.  This includes all internal libssl structures and a number
+     of EVP types.  Accessor functions have been added to allow
+     controlled access to the structures' data.
+
+     This means that some software needs to be rewritten to adapt to
+     the new ways of doing things.  This often amounts to allocating
+     an instance of a structure explicitly where you could previously
+     allocate them on the stack as automatic variables, and using the
+     provided accessor functions where you would previously access a
+     structure's field directly.
+
+     Some APIs have changed as well.  However, older APIs have been
+     preserved when possible.
+
+ Environment Variables
+ ---------------------
+
+ A number of environment variables can be used to provide additional control
+ over the build process. Typically these should be defined prior to running
+ config or Configure. Not all environment variables are relevant to all
+ platforms.
+
+ AR
+                The name of the ar executable to use.
+
+ BUILDFILE
+                Use a different build file name than the platform default
+                ("Makefile" on Unixly platforms, "makefile" on native Windows,
+                "descrip.mms" on OpenVMS).  This requires that there is a
+                corresponding build file template.  See Configurations/README
+                for further information.
+
+ CC
+                The compiler to use. Configure will attempt to pick a default
+                compiler for your platform but this choice can be overridden
+                using this variable. Set it to the compiler executable you wish
+                to use, e.g. "gcc" or "clang".
+
+ CROSS_COMPILE
+                This environment variable has the same meaning as for the
+                "--cross-compile-prefix" Configure flag described above. If both
+                are set then the Configure flag takes precedence.
+
+ NM
+                The name of the nm executable to use.
+
+ OPENSSL_LOCAL_CONFIG_DIR
+                OpenSSL comes with a database of information about how it
+                should be built on different platforms as well as build file
+                templates for those platforms. The database is comprised of
+                ".conf" files in the Configurations directory.  The build
+                file templates reside there as well as ".tmpl" files. See the
+                file Configurations/README for further information about the
+                format of ".conf" files as well as information on the ".tmpl"
+                files.
+                In addition to the standard ".conf" and ".tmpl" files, it is
+                possible to create your own ".conf" and ".tmpl" files and store
+                them locally, outside the OpenSSL source tree. This environment
+                variable can be set to the directory where these files are held
+                and will have Configure to consider them in addition to the
+                standard ones.
+
+ PERL
+                The name of the Perl executable to use when building OpenSSL.
+
+ HASHBANGPERL
+                The command string for the Perl executable to insert in the
+                #! line of perl scripts that will be publically installed.
+                Default: /usr/bin/env perl
+                Note: the value of this variable is added to the same scripts
+                on all platforms, but it's only relevant on Unix-like platforms.
+
+ RC
+                The name of the rc executable to use. The default will be as
+                defined for the target platform in the ".conf" file. If not
+                defined then "windres" will be used. The WINDRES environment
+                variable is synonymous to this. If both are defined then RC
+                takes precedence.
+
+ RANLIB
+                The name of the ranlib executable to use.
+
+ WINDRES
+                See RC.
+
+ Makefile targets
+ ----------------
+
+ The Configure script generates a Makefile in a format relevant to the specific
+ platform. The Makefiles provide a number of targets that can be used. Not all
+ targets may be available on all platforms. Only the most common targets are
+ described here. Examine the Makefiles themselves for the full list.
+
+ all
+                The default target to build all the software components.
+
+ clean
+                Remove all build artefacts and return the directory to a "clean"
+                state.
+
+ depend
+                Rebuild the dependencies in the Makefiles. This is a legacy
+                option that no longer needs to be used in OpenSSL 1.1.0.
+
+ install
+                Install all OpenSSL components.
+
+ install_sw
+                Only install the OpenSSL software components.
+
+ install_docs
+                Only install the OpenSSL documentation components.
+
+ install_man_docs
+                Only install the OpenSSL man pages (Unix only).
+
+ install_html_docs
+                Only install the OpenSSL html documentation.
+
+ list-tests
+                Prints a list of all the self test names.
+
+ test
+                Build and run the OpenSSL self tests.
+
+ uninstall
+                Uninstall all OpenSSL components.
+
+ update
+                This is a developer option. If you are developing a patch for
+                OpenSSL you may need to use this if you want to update
+                automatically generated files; add new error codes or add new
+                (or change the visibility of) public API functions. (Unix only).
+
+ Note on multi-threading
+ -----------------------
+
+ For some systems, the OpenSSL Configure script knows what compiler options
+ are needed to generate a library that is suitable for multi-threaded
+ applications.  On these systems, support for multi-threading is enabled
+ by default; use the "no-threads" option to disable (this should never be
+ necessary).
+
+ On other systems, to enable support for multi-threading, you will have
+ to specify at least two options: "threads", and a system-dependent option.
+ (The latter is "-D_REENTRANT" on various systems.)  The default in this
+ case, obviously, is not to include support for multi-threading (but
+ you can still use "no-threads" to suppress an annoying warning message
+ from the Configure script.)
+
+ OpenSSL provides built-in support for two threading models: pthreads (found on
+ most UNIX/Linux systems), and Windows threads. No other threading models are
+ supported. If your platform does not provide pthreads or Windows threads then
+ you should Configure with the "no-threads" option.
+
+ Notes on shared libraries
+ -------------------------
+
+ For most systems the OpenSSL Configure script knows what is needed to
+ build shared libraries for libcrypto and libssl. On these systems
+ the shared libraries will be created by default. This can be suppressed and
+ only static libraries created by using the "no-shared" option. On systems
+ where OpenSSL does not know how to build shared libraries the "no-shared"
+ option will be forced and only static libraries will be created.
+
+ Shared libraries are named a little differently on different platforms.
+ One way or another, they all have the major OpenSSL version number as
+ part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of
+ the name.
+
+ On most POSIXly platforms, shared libraries are named libcrypto.so.1.1
+ and libssl.so.1.1.
+
+ on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
+ with import libraries libcrypto.dll.a and libssl.dll.a.
+
+ On Windows build with MSVC or using MingW, shared libraries are named
+ libcrypto-1_1.dll and libssl-1_1.dll for 32-bit Windows, libcrypto-1_1-x64.dll
+ and libssl-1_1-x64.dll for 64-bit x86_64 Windows, and libcrypto-1_1-ia64.dll
+ and libssl-1_1-ia64.dll for IA64 Windows.  With MSVC, the import libraries
+ are named libcrypto.lib and libssl.lib, while with MingW, they are named
+ libcrypto.dll.a and libssl.dll.a.
+
+ On VMS, shareable images (VMS speak for shared libraries) are named
+ ossl$libcrypto0101_shr.exe and ossl$libssl0101_shr.exe.  However, when
+ OpenSSL is specifically built for 32-bit pointers, the shareable images
+ are named ossl$libcrypto0101_shr32.exe and ossl$libssl0101_shr32.exe
+ instead, and when built for 64-bit pointers, they are named
+ ossl$libcrypto0101_shr64.exe and ossl$libssl0101_shr64.exe.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain a random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
+
--- a/INSTALL.md
+++ b/INSTALL.md
--- a/125
+++ b/125
@@ -0,0 +1,125 @@
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,177 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        https://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -0,0 +1,622 @@
+#
+# Helper makefile to link shared libraries in a portable way.
+# This is much simpler than libtool, and hopefully not too error-prone.
+#
+# The following variables need to be set on the command line to build
+# properly
+
+# CC contains the current compiler.  This one MUST be defined
+CC=cc
+CFLAGS=$(CFLAG)
+# LDFLAGS contains flags to be used when temporary object files (when building
+# shared libraries) are created, or when an application is linked.
+# SHARED_LDFLAGS contains flags to be used when the shared library is created.
+LDFLAGS=$(LDFLAG)
+SHARED_LDFLAGS=$(SHARED_LDFLAG)
+
+RC=windres
+# SHARED_RCFLAGS are flags used with windres, i.e. when build for Cygwin
+# or Mingw.
+SHARED_RCFLAGS=$(SHARED_RCFLAG)
+
+NM=nm
+
+# LIBNAME contains just the name of the library, without prefix ("lib"
+# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
+# .dll, ...).  This one MUST have a value when using this makefile to
+# build shared libraries.
+# For example, to build libfoo.so, you need to do the following:
+#LIBNAME=foo
+LIBNAME=
+
+# APPNAME contains just the name of the application, without suffix (""
+# on Unix, ".exe" on Windows, ...).  This one MUST have a value when using
+# this makefile to build applications.
+# For example, to build foo, you need to do the following:
+#APPNAME=foo
+APPNAME=
+
+# DSTDIR is the directory where the built file should end up in.
+DSTDIR=.
+
+# SRCDIR is the top directory of the source tree.
+SRCDIR=.
+
+# OBJECTS contains all the object files to link together into the application.
+# This must contain at least one object file.
+#OBJECTS=foo.o
+OBJECTS=
+
+# LIBEXTRAS contains extra modules to link together with the library.
+# For example, if a second library, say libbar.a needs to be linked into
+# libfoo.so, you need to do the following:
+#LIBEXTRAS=libbar.a
+# Note that this MUST be used when using the link_dso targets, to hold the
+# names of all object files that go into the target shared object.
+LIBEXTRAS=
+
+# LIBVERSION contains the current version of the library.
+# For example, to build libfoo.so.1.2, you need to do the following:
+#LIBVERSION=1.2
+LIBVERSION=
+
+# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
+# the library.  They MUST be in decreasing order.
+# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
+# and libfoo.so.1, you need to do the following:
+#LIBCOMPATVERSIONS=1.2 1
+# Note that on systems that use sonames, the last number will appear as
+# part of it.
+# It's also possible, for systems that support it (Tru64, for example),
+# to add extra compatibility info with more precision, by adding a second
+# list of versions, separated from the first with a semicolon, like this:
+#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
+LIBCOMPATVERSIONS=
+
+# LIBDEPS contains all the flags necessary to cover all necessary
+# dependencies to other libraries.
+LIBDEPS=
+
+#------------------------------------------------------------------------------
+# The rest is private to this makefile.
+
+SET_X=:
+#SET_X=set -x
+
+top:
+	echo "Trying to use this makefile interactively?  Don't."
+
+CALC_VERSIONS=	\
+	SHLIB_COMPAT=; SHLIB_SOVER=; \
+	if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
+		prev=""; \
+		for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
+			SHLIB_SOVER_NODOT=$$v; \
+			SHLIB_SOVER=.$$v; \
+			if [ -n "$$prev" ]; then \
+				SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
+			fi; \
+			prev=$$v; \
+		done; \
+	fi
+
+LINK_APP=	\
+  ( $(SET_X);   \
+    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS) $(LDFLAGS)}"; \
+    LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+    echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+        $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS}; \
+    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+    $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
+
+LINK_SO=	\
+  ( $(SET_X);   \
+    LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+    SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+    LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+    LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+    echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+         $${SHAREDCMD} $${SHAREDFLAGS} \
+	     -o $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+	     $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \
+    LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+    $${SHAREDCMD} $${SHAREDFLAGS} \
+	-o $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
+  ) && $(SYMLINK_SO)
+
+SYMLINK_SO=	\
+	if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
+		prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
+		if [ -n "$$SHLIB_COMPAT" ]; then \
+			for x in $$SHLIB_COMPAT; do \
+				( $(SET_X); rm -f $(DSTDIR)/$$SHLIB$$x$$SHLIB_SUFFIX; \
+				  ln -s $$prev $(DSTDIR)/$$SHLIB$$x$$SHLIB_SUFFIX ); \
+				prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
+			done; \
+		fi; \
+		if [ -n "$$SHLIB_SOVER" ]; then \
+			( $(SET_X); rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX; \
+			  ln -s $$prev $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX ); \
+		fi; \
+	fi
+
+LINK_SO_SHLIB=	SHOBJECTS="$(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
+LINK_SO_DSO=	INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
+
+LINK_SO_SHLIB_VIA_O=	\
+  SHOBJECTS=$(DSTDIR)/lib$(LIBNAME).o; \
+  ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
+  ( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL lib$(LIBNAME).a $(LIBEXTRAS); \
+    ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS) ); \
+  $(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS )
+
+LINK_SO_SHLIB_UNPACKED=	\
+  UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
+  (cd $$UNPACKDIR; ar x ../$(DSTDIR)/lib$(LIBNAME).a) && \
+  ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
+  SHOBJECTS=$$UNPACKDIR/*.o; \
+  $(LINK_SO) && rm -rf $$UNPACKDIR
+
+DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+
+DO_GNU_SO_COMMON=\
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+DO_GNU_DSO=\
+	SHLIB=$(LIBNAME).so; \
+	SHLIB_SOVER=; \
+	SHLIB_SUFFIX=; \
+	$(DO_GNU_SO_COMMON)
+DO_GNU_SO=\
+	$(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).so; \
+	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+	$(DO_GNU_SO_COMMON)
+DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)"
+
+#This is rather special.  It's a special target with which one can link
+#applications without bothering with any features that have anything to
+#do with shared libraries, for example when linking against static
+#libraries.  It's mostly here to avoid a lot of conditionals everywhere
+#else...
+link_app.:
+	$(LINK_APP)
+
+link_dso.gnu:
+	@ $(DO_GNU_DSO); $(LINK_SO_DSO)
+link_shlib.gnu:
+	@ $(DO_GNU_SO); $(LINK_SO_SHLIB)
+link_app.gnu:
+	@ $(DO_GNU_APP); $(LINK_APP)
+
+link_shlib.linux-shared:
+	@$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
+	$(DO_GNU_SO); \
+	ALLSYMSFLAGS='-Wl,--whole-archive,--version-script=$(LIBNAME).map'; \
+	$(LINK_SO_SHLIB)
+
+link_dso.bsd:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
+	SHLIB=$(LIBNAME).so; \
+	SHLIB_SUFFIX=; \
+	LIBDEPS=" "; \
+	ALLSYMSFLAGS=; \
+	NOALLSYMSFLAGS=; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
+	fi; $(LINK_SO_DSO)
+link_shlib.bsd:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
+	$(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).so; \
+	SHLIB_SUFFIX=; \
+	LIBDEPS=" "; \
+	ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
+	NOALLSYMSFLAGS=; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
+	fi; $(LINK_SO_SHLIB)
+link_app.bsd:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
+	LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
+	fi; $(LINK_APP)
+
+# For Darwin AKA Mac OS/X (dyld)
+# Originally link_dso.darwin produced .so, because it was hard-coded
+# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib
+# extension in order to allow for run-time linking with vendor-
+# supplied shared libraries such as libz, so that link_dso.darwin had
+# to be harmonized with it. This caused minor controversy, because
+# it was believed that dlopen can't be used to dynamically load
+# .dylib-s, only so called bundle modules (ones linked with -bundle
+# flag). The belief seems to be originating from pre-10.4 release,
+# where dlfcn functionality was emulated by dlcompat add-on. In
+# 10.4 dlopen was rewritten as native part of dyld and is documented
+# to be capable of loading both dynamic libraries and bundles. In
+# order to provide compatibility with pre-10.4 dlopen, modules are
+# linked with -bundle flag, which makes .dylib extension misleading.
+# It works, because dlopen is [and always was] extension-agnostic.
+# Alternative to this heuristic approach is to develop specific
+# MacOS X dso module relying on whichever "native" dyld interface.
+link_dso.darwin:
+	@ SHLIB=$(LIBNAME); \
+	SHLIB_SUFFIX=.dylib; \
+	ALLSYMSFLAGS=''; \
+	NOALLSYMSFLAGS=''; \
+	SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
+	$(LINK_SO_DSO)
+link_shlib.darwin:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME); \
+	SHLIB_SUFFIX=.dylib; \
+	ALLSYMSFLAGS='-all_load'; \
+	NOALLSYMSFLAGS=''; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
+	if [ -n "$(LIBVERSION)" ]; then \
+		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
+	fi; \
+	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
+		SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
+	fi; \
+	SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/$(LIBDIR)/$$SHLIB$(SHLIB_EXT)"; \
+	$(LINK_SO_SHLIB)
+link_app.darwin:	# is there run-path on darwin?
+	$(LINK_APP)
+
+link_dso.cygwin:
+	@SHLIB=$(LIBNAME); \
+	SHLIB_SUFFIX=.dll; \
+	ALLSYMSFLAGS=''; \
+	NOALLSYMSFLAGS=''; \
+	base=-Wl,--enable-auto-image-base; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \
+	$(LINK_SO_DSO)
+link_shlib.cygwin:
+	@ $(CALC_VERSIONS); \
+	INHIBIT_SYMLINKS=yes; \
+	SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \
+	dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
+	echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
+		     "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
+	$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \
+		$(RC) $(SHARED_RCFLAGS) -o rc.o; \
+	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a rc.o"; \
+	$(LINK_SO_SHLIB) || exit 1; \
+	rm rc.o
+link_app.cygwin:
+	$(LINK_APP)
+
+# link_dso.mingw-shared and link_app.mingw-shared are mapped to the
+# corresponding cygwin targets, as they do the exact same thing.
+link_shlib.mingw:
+	@ $(CALC_VERSIONS); \
+	INHIBIT_SYMLINKS=yes; \
+	arch=; \
+	if expr $(PLATFORM) : mingw64 > /dev/null; then arch=-x64; fi; \
+	sover=`echo $(LIBVERSION) | sed -e 's/\./_/g'` ; \
+	SHLIB=lib$(LIBNAME); \
+	SHLIB_SOVER=-$$sover$$arch; \
+	SHLIB_SUFFIX=.dll; \
+	dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
+	base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
+	$(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \
+		| sed -e 's|^\(LIBRARY  *\)$(LIBNAME)32|\1'"$$dll_name"'|' \
+		> $(LIBNAME).def; \
+	echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \
+		"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
+	$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \
+		$(RC) $(SHARED_RCFLAGS) -o rc.o; \
+	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $(LIBNAME).def rc.o"; \
+	$(LINK_SO_SHLIB) || exit 1; \
+	rm $(LIBNAME).def rc.o
+
+link_dso.alpha-osf1:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_DSO); \
+	else \
+		SHLIB=$(LIBNAME).so; \
+		SHLIB_SUFFIX=; \
+		ALLSYMSFLAGS=''; \
+		NOALLSYMSFLAGS=''; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
+	fi; \
+	$(LINK_SO_DSO)
+link_shlib.alpha-osf1:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_SO); \
+	else \
+		SHLIB=lib$(LIBNAME).so; \
+		SHLIB_SUFFIX=; \
+		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
+		else \
+			SHLIB_HIST="$(LIBVERSION)"; \
+		fi; \
+		SHLIB_SOVER=; \
+		ALLSYMSFLAGS='-all'; \
+		NOALLSYMSFLAGS='-none'; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
+		fi; \
+	fi; \
+	$(LINK_SO_SHLIB)
+link_app.alpha-osf1:
+	@if $(DETECT_GNU_LD); then \
+		$(DO_GNU_APP); \
+	else \
+		LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
+	fi; \
+	$(LINK_APP)
+
+link_dso.solaris:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_DSO); \
+	else \
+		$(CALC_VERSIONS); \
+		SHLIB=$(LIBNAME).so; \
+		SHLIB_SUFFIX=; \
+		ALLSYMSFLAGS=""; \
+		NOALLSYMSFLAGS=""; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
+	fi; \
+	$(LINK_SO_DSO)
+link_shlib.solaris:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_SO); \
+	else \
+		$(CALC_VERSIONS); \
+		SHLIB=lib$(LIBNAME).so; \
+		SHLIB_SUFFIX=;\
+		$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
+		ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \
+		NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
+	fi; \
+	$(LINK_SO_SHLIB)
+link_app.solaris:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_APP); \
+	else \
+		LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
+	fi; \
+	$(LINK_APP)
+
+# OpenServer 5 native compilers used
+link_dso.svr3:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_DSO); \
+	else \
+		$(CALC_VERSIONS); \
+		SHLIB=$(LIBNAME).so; \
+		SHLIB_SUFFIX=; \
+		ALLSYMSFLAGS=''; \
+		NOALLSYMSFLAGS=''; \
+		SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SUFFIX"; \
+	fi; \
+	$(LINK_SO_DSO)
+link_shlib.svr3:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_SO); \
+	else \
+		$(CALC_VERSIONS); \
+		SHLIB=lib$(LIBNAME).so; \
+		SHLIB_SUFFIX=; \
+		ALLSYMSFLAGS=''; \
+		NOALLSYMSFLAGS=''; \
+		SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+	fi; \
+	$(LINK_SO_SHLIB_UNPACKED)
+link_app.svr3:
+	@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
+	$(LINK_APP)
+
+# UnixWare 7 and OpenUNIX 8 native compilers used
+link_dso.svr5:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_DSO); \
+	else \
+		SHARE_FLAG='-G'; \
+		($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+		SHLIB=$(LIBNAME).so; \
+		SHLIB_SUFFIX=; \
+		ALLSYMSFLAGS=''; \
+		NOALLSYMSFLAGS=''; \
+		SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SUFFIX"; \
+	fi; \
+	$(LINK_SO_DSO)
+link_shlib.svr5:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_SO); \
+	else \
+		$(CALC_VERSIONS); \
+		SHARE_FLAG='-G'; \
+		($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
+		SHLIB=lib$(LIBNAME).so; \
+		SHLIB_SUFFIX=; \
+		ALLSYMSFLAGS=''; \
+		NOALLSYMSFLAGS=''; \
+		SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+	fi; \
+	$(LINK_SO_SHLIB_UNPACKED)
+link_app.svr5:
+	@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
+	$(LINK_APP)
+
+link_dso.irix:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_DSO); \
+	else \
+		SHLIB=$(LIBNAME).so; \
+		SHLIB_SUFFIX=; \
+		ALLSYMSFLAGS=""; \
+		NOALLSYMSFLAGS=""; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SUFFIX,-B,symbolic"; \
+	fi; \
+	$(LINK_SO_DSO)
+link_shlib.irix:
+	@ if $(DETECT_GNU_LD); then \
+		$(DO_GNU_SO); \
+	else \
+		$(CALC_VERSIONS); \
+		SHLIB=lib$(LIBNAME).so; \
+		SHLIB_SUFFIX=; \
+		MINUSWL=""; \
+		($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
+		ALLSYMSFLAGS="$${MINUSWL}-all"; \
+		NOALLSYMSFLAGS="$${MINUSWL}-none"; \
+		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
+	fi; \
+	$(LINK_SO_SHLIB)
+link_app.irix:
+	@LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
+	$(LINK_APP)
+
+# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
+# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
+# rules imply that we can only link one level down in catalog structure,
+# but that's what takes place for the moment of this writing. +cdp option
+# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
+# editor context only [it's simply ignored in other cases, which are all
+# ELFs by the way].
+#
+link_dso.hpux:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
+	SHLIB=$(LIBNAME).sl; \
+	expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=$(LIBNAME).so; \
+	SHLIB_SUFFIX=; \
+	ALLSYMSFLAGS=''; \
+	NOALLSYMSFLAGS=''; \
+	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
+	fi; \
+	rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX || :; \
+	$(LINK_SO_DSO) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX
+link_shlib.hpux:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
+	$(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).sl; \
+	expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
+	SHLIB_SUFFIX=; \
+	ALLSYMSFLAGS='-Wl,-Fl'; \
+	NOALLSYMSFLAGS=''; \
+	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
+	fi; \
+	rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
+	$(LINK_SO_SHLIB) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
+link_app.hpux:
+	@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
+	LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \
+	fi; \
+	$(LINK_APP)
+
+link_dso.aix:
+	@OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
+	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
+	SHLIB=$(LIBNAME).so; \
+	SHLIB_SUFFIX=; \
+	ALLSYMSFLAGS=''; \
+	NOALLSYMSFLAGS=''; \
+	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
+	rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \
+	$(LINK_SO_DSO);
+link_shlib.aix:
+	@ $(CALC_VERSIONS); \
+	OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
+	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
+	SHLIB=lib$(LIBNAME).so; \
+	SHLIB_SUFFIX=; \
+	ALLSYMSFLAGS='-bnogc'; \
+	NOALLSYMSFLAGS=''; \
+	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
+	rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \
+	$(LINK_SO_SHLIB_VIA_O)
+link_app.aix:
+	LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \
+	$(LINK_APP)
+
+
+# Targets to build symbolic links when needed
+symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
+symlink.aix:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).so; \
+	$(SYMLINK_SO)
+symlink.darwin:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME); \
+	SHLIB_SUFFIX=.dylib; \
+	$(SYMLINK_SO)
+symlink.hpux:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).sl; \
+	expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
+	$(SYMLINK_SO)
+# The following lines means those specific architectures do no symlinks
+symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
+
+# Compatibility targets
+link_dso.bsd-gcc-shared link_dso.linux-shared link_dso.gnu-shared: link_dso.gnu
+link_shlib.bsd-gcc-shared: link_shlib.linux-shared
+link_shlib.gnu-shared: link_shlib.gnu
+link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
+symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
+link_dso.bsd-shared: link_dso.bsd
+link_shlib.bsd-shared: link_shlib.bsd
+link_app.bsd-shared: link_app.bsd
+link_dso.darwin-shared: link_dso.darwin
+link_shlib.darwin-shared: link_shlib.darwin
+link_app.darwin-shared: link_app.darwin
+symlink.darwin-shared: symlink.darwin
+link_dso.cygwin-shared: link_dso.cygwin
+link_shlib.cygwin-shared: link_shlib.cygwin
+link_app.cygwin-shared: link_app.cygwin
+symlink.cygwin-shared: symlink.cygwin
+link_dso.mingw-shared: link_dso.cygwin
+link_shlib.mingw-shared: link_shlib.mingw
+link_app.mingw-shared: link_app.cygwin
+symlink.mingw-shared: symlink.cygwin
+link_dso.alpha-osf1-shared: link_dso.alpha-osf1
+link_shlib.alpha-osf1-shared: link_shlib.alpha-osf1
+link_app.alpha-osf1-shared: link_app.alpha-osf1
+symlink.alpha-osf1-shared: symlink.alpha-osf1
+link_dso.tru64-shared: link_dso.tru64
+link_shlib.tru64-shared: link_shlib.tru64
+link_app.tru64-shared: link_app.tru64
+symlink.tru64-shared: symlink.tru64
+link_dso.tru64-shared-rpath: link_dso.tru64-rpath
+link_shlib.tru64-shared-rpath: link_shlib.tru64-rpath
+link_app.tru64-shared-rpath: link_app.tru64-rpath
+symlink.tru64-shared-rpath: symlink.tru64-rpath
+link_dso.solaris-shared: link_dso.solaris
+link_shlib.solaris-shared: link_shlib.solaris
+link_app.solaris-shared: link_app.solaris
+symlink.solaris-shared: symlink.solaris
+link_dso.svr3-shared: link_dso.svr3
+link_shlib.svr3-shared: link_shlib.svr3
+link_app.svr3-shared: link_app.svr3
+symlink.svr3-shared: symlink.svr3
+link_dso.svr5-shared: link_dso.svr5
+link_shlib.svr5-shared: link_shlib.svr5
+link_app.svr5-shared: link_app.svr5
+symlink.svr5-shared: symlink.svr5
+link_dso.irix-shared: link_dso.irix
+link_shlib.irix-shared: link_shlib.irix
+link_app.irix-shared: link_app.irix
+symlink.irix-shared: symlink.irix
+link_dso.hpux-shared: link_dso.hpux
+link_shlib.hpux-shared: link_shlib.hpux
+link_app.hpux-shared: link_app.hpux
+symlink.hpux-shared: symlink.hpux
+link_dso.aix-shared: link_dso.aix
+link_shlib.aix-shared: link_shlib.aix
+link_app.aix-shared: link_app.aix
+symlink.aix-shared: symlink.aix
--- a/842
+++ b/842
@@ -0,0 +1,842 @@
+
+  NEWS
+  ====
+
+  This file gives a brief overview of the major changes between each OpenSSL
+  release. For more details please read the CHANGES file.
+
+  Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
+
+      o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
+      o CMS Null dereference (CVE-2016-7053)
+      o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
+  Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
+
+      o Fix Use After Free for large message sizes (CVE-2016-6309)
+
+  Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
+
+      o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+      o SSL_peek() hang on empty record (CVE-2016-6305)
+      o Excessive allocation of memory in tls_get_message_header()
+       (CVE-2016-6307)
+      o Excessive allocation of memory in dtls1_preprocess_fragment()
+       (CVE-2016-6308)
+
+  Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
+
+      o Copyright text was shrunk to a boilerplate that points to the license
+      o "shared" builds are now the default when possible
+      o Added support for "pipelining"
+      o Added the AFALG engine
+      o New threading API implemented
+      o Support for ChaCha20 and Poly1305 added to libcrypto and libssl
+      o Support for extended master secret
+      o CCM ciphersuites
+      o Reworked test suite, now based on perl, Test::Harness and Test::More
+      o *Most* libcrypto and libssl public structures were made opaque,
+        including:
+        BIGNUM and associated types, EC_KEY and EC_KEY_METHOD,
+        DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD,
+        BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX,
+        EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX,
+        X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE,
+        X509_LOOKUP, X509_LOOKUP_METHOD
+      o libssl internal structures made opaque
+      o SSLv2 support removed
+      o Kerberos ciphersuite support removed
+      o RC4 removed from DEFAULT ciphersuites in libssl
+      o 40 and 56 bit cipher support removed from libssl
+      o All public header files moved to include/openssl, no more symlinking
+      o SSL/TLS state machine, version negotiation and record layer rewritten
+      o EC revision: now operations use new EC_KEY_METHOD.
+      o Support for OCB mode added to libcrypto
+      o Support for asynchronous crypto operations added to libcrypto and libssl
+      o Deprecated interfaces can now be disabled at build time either
+        relative to the latest release via the "no-deprecated" Configure
+        argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
+      o Application software can be compiled with -DOPENSSL_API_COMPAT=version
+        to ensure that features deprecated in that version are not exposed.
+      o Support for RFC6698/RFC7671 DANE TLSA peer authentication
+      o Change of Configure to use --prefix as the main installation
+        directory location rather than --openssldir.  The latter becomes
+        the directory for certs, private key and openssl.cnf exclusively.
+      o Reworked BIO networking library, with full support for IPv6.
+      o New "unified" build system
+      o New security levels
+      o Support for scrypt algorithm
+      o Support for X25519
+      o Extended SSL_CONF support using configuration files
+      o KDF algorithm support. Implement TLS PRF as a KDF.
+      o Support for Certificate Transparency
+      o HKDF support.
+
+  Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
+
+      o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
+      o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
+      o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
+      o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
+      o EBCDIC overread (CVE-2016-2176)
+      o Modify behavior of ALPN to invoke callback after SNI/servername
+        callback, such that updates to the SSL_CTX affect ALPN.
+      o Remove LOW from the DEFAULT cipher list.  This removes singles DES from
+        the default.
+      o Only remove the SSLv2 methods with the no-ssl2-method option.
+
+  Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
+
+      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+      o Disable SSLv2 default build, default negotiation and weak ciphers
+        (CVE-2016-0800)
+      o Fix a double-free in DSA code (CVE-2016-0705)
+      o Disable SRP fake user seed to address a server memory leak
+        (CVE-2016-0798)
+      o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+        (CVE-2016-0797)
+      o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
+      o Fix side channel attack on modular exponentiation (CVE-2016-0702)
+
+  Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
+
+      o DH small subgroups (CVE-2016-0701)
+      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
+
+  Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
+
+      o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
+      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
+      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
+      o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
+      o In DSA_generate_parameters_ex, if the provided seed is too short,
+        return an error
+
+  Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
+
+      o Alternate chains certificate forgery (CVE-2015-1793)
+      o Race condition handling PSK identify hint (CVE-2015-3196)
+
+  Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
+
+      o Fix HMAC ABI incompatibility
+
+  Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
+
+      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+      o Race condition handling NewSessionTicket (CVE-2015-1791)
+
+  Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
+
+      o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
+      o Multiblock corrupted pointer fix (CVE-2015-0290)
+      o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207)
+      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+      o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208)
+      o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
+      o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
+      o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
+      o Empty CKE with client auth and DHE fix (CVE-2015-1787)
+      o Handshake with unseeded PRNG fix (CVE-2015-0285)
+      o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
+      o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
+      o Removed the export ciphers from the DEFAULT ciphers
+
+  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:
+
+      o Suite B support for TLS 1.2 and DTLS 1.2
+      o Support for DTLS 1.2
+      o TLS automatic EC curve selection.
+      o API to set TLS supported signature algorithms and curves
+      o SSL_CONF configuration API.
+      o TLS Brainpool support.
+      o ALPN support.
+      o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
+
+  Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+
+      o Build fixes for the Windows and OpenVMS platforms
+
+  Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
+
+      o Fix for CVE-2014-3571
+      o Fix for CVE-2015-0206
+      o Fix for CVE-2014-3569
+      o Fix for CVE-2014-3572
+      o Fix for CVE-2015-0204
+      o Fix for CVE-2015-0205
+      o Fix for CVE-2014-8275
+      o Fix for CVE-2014-3570
+
+  Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
+
+      o Fix for CVE-2014-3513
+      o Fix for CVE-2014-3567
+      o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+      o Fix for CVE-2014-3568
+
+  Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
+
+      o Fix for CVE-2014-3512
+      o Fix for CVE-2014-3511
+      o Fix for CVE-2014-3510
+      o Fix for CVE-2014-3507
+      o Fix for CVE-2014-3506
+      o Fix for CVE-2014-3505
+      o Fix for CVE-2014-3509
+      o Fix for CVE-2014-5139
+      o Fix for CVE-2014-3508
+
+  Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
+
+      o Fix for CVE-2014-0224
+      o Fix for CVE-2014-0221
+      o Fix for CVE-2014-0198
+      o Fix for CVE-2014-0195
+      o Fix for CVE-2014-3470
+      o Fix for CVE-2010-5298
+
+  Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+
+      o Fix for CVE-2014-0160
+      o Add TLS padding extension workaround for broken servers.
+      o Fix for CVE-2014-0076
+
+  Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
+
+      o Don't include gmt_unix_time in TLS server and client random values
+      o Fix for TLS record tampering bug CVE-2013-4353
+      o Fix for TLS version checking bug CVE-2013-6449
+      o Fix for DTLS retransmission bug CVE-2013-6450
+
+  Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
+
+      o Corrected fix for CVE-2013-0169
+
+  Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
+
+      o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
+      o Include the fips configuration module.
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix for TLS AESNI record handling flaw CVE-2012-2686
+
+  Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
+
+      o Fix TLS/DTLS record length checking bug CVE-2012-2333
+      o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
+
+  Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
+
+      o Fix compilation error on non-x86 platforms.
+      o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
+      o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
+
+  Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+      o Workarounds for some servers that hang on long client hellos.
+      o Fix SEGV in AES code.
+
+  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
+
+      o TLS/DTLS heartbeat support.
+      o SCTP support.
+      o RFC 5705 TLS key material exporter.
+      o RFC 5764 DTLS-SRTP negotiation.
+      o Next Protocol Negotiation.
+      o PSS signatures in certificates, requests and CRLs.
+      o Support for password based recipient info for CMS.
+      o Support TLS v1.2 and TLS v1.1.
+      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
+      o SRP support.
+
+  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
+
+      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+      o Corrected fix for CVE-2011-4619
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
+
+      o Fix for DTLS DoS issue CVE-2012-0050
+
+  Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
+
+      o Fix for DTLS plaintext recovery attack CVE-2011-4108
+      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+      o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
+      o Check for malformed RFC3779 data CVE-2011-4577
+
+  Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
+
+      o Fix for CRL vulnerability issue CVE-2011-3207
+      o Fix for ECDH crashes CVE-2011-3210
+      o Protection against EC timing attacks.
+      o Support ECDH ciphersuites for certificates using SHA2 algorithms.
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
+
+      o Fix for security issue CVE-2011-0014
+
+  Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
+
+      o Fix for security issue CVE-2010-4180
+      o Fix for CVE-2010-4252
+      o Fix mishandling of absent EC point format extension.
+      o Fix various platform compilation issues.
+      o Corrected fix for security issue CVE-2010-3864.
+
+  Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
+
+      o Fix for security issue CVE-2010-3864.
+      o Fix for CVE-2010-2939
+      o Fix WIN32 build system for GOST ENGINE.
+
+  Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
+
+      o Fix for security issue CVE-2010-1633.
+      o GOST MAC and CFB fixes.
+
+  Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
+
+      o RFC3280 path validation: sufficient to process PKITS tests.
+      o Integrated support for PVK files and keyblobs.
+      o Change default private key format to PKCS#8.
+      o CMS support: able to process all examples in RFC4134
+      o Streaming ASN1 encode support for PKCS#7 and CMS.
+      o Multiple signer and signer add support for PKCS#7 and CMS.
+      o ASN1 printing support.
+      o Whirlpool hash algorithm added.
+      o RFC3161 time stamp support.
+      o New generalised public key API supporting ENGINE based algorithms.
+      o New generalised public key API utilities.
+      o New ENGINE supporting GOST algorithms.
+      o SSL/TLS GOST ciphersuite support.
+      o PKCS#7 and CMS GOST support.
+      o RFC4279 PSK ciphersuite support.
+      o Supported points format extension for ECC ciphersuites.
+      o ecdsa-with-SHA224/256/384/512 signature types.
+      o dsa-with-SHA224 and dsa-with-SHA256 signature types.
+      o Opaque PRF Input TLS extension support.
+      o Updated time routines to avoid OS limitations.
+
+  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
+
+      o CFB cipher definition fixes.
+      o Fix security issues CVE-2010-0740 and CVE-2010-0433.
+
+  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
+
+      o Cipher definition fixes.
+      o Workaround for slow RAND_poll() on some WIN32 versions.
+      o Remove MD2 from algorithm tables.
+      o SPKAC handling fixes.
+      o Support for RFC5746 TLS renegotiation extension.
+      o Compression memory leak fixed.
+      o Compression session resumption fixed.
+      o Ticket and SNI coexistence fixes.
+      o Many fixes to DTLS handling. 
+
+  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
+
+      o Temporary work around for CVE-2009-3555: disable renegotiation.
+
+  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
+
+      o Fix various build issues.
+      o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
+
+  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
+
+      o Fix security issue (CVE-2008-5077)
+      o Merge FIPS 140-2 branch code.
+
+  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
+
+      o CryptoAPI ENGINE support.
+      o Various precautionary measures.
+      o Fix for bugs affecting certificate request creation.
+      o Support for local machine keyset attribute in PKCS#12 files.
+
+  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
+
+      o Backport of CMS functionality to 0.9.8.
+      o Fixes for bugs introduced with 0.9.8f.
+
+  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
+
+      o Add gcc 4.2 support.
+      o Add support for AES and SSE2 assembly language optimization
+        for VC++ build.
+      o Support for RFC4507bis and server name extensions if explicitly 
+        selected at compile time.
+      o DTLS improvements.
+      o RFC4507bis support.
+      o TLS Extensions support.
+
+  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
+
+      o Various ciphersuite selection fixes.
+      o RFC3779 support.
+
+  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+      o Changes to ciphersuite selection algorithm
+
+  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+      o New cipher Camellia
+
+  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
+
+      o Cipher string fixes.
+      o Fixes for VC++ 2005.
+      o Updated ECC cipher suite support.
+      o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
+      o Zlib compression usage fixes.
+      o Built in dynamic engine compilation support on Win32.
+      o Fixes auto dynamic engine loading in Win32.
+
+  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
+
+      o Fix potential SSL 2.0 rollback, CVE-2005-2969
+      o Extended Windows CE support
+
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
+
+      o Major work on the BIGNUM library for higher efficiency and to
+        make operations more streamlined and less contradictory.  This
+        is the result of a major audit of the BIGNUM library.
+      o Addition of BIGNUM functions for fields GF(2^m) and NIST
+        curves, to support the Elliptic Crypto functions.
+      o Major work on Elliptic Crypto; ECDH and ECDSA added, including
+        the use through EVP, X509 and ENGINE.
+      o New ASN.1 mini-compiler that's usable through the OpenSSL
+        configuration file.
+      o Added support for ASN.1 indefinite length constructed encoding.
+      o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
+      o Complete rework of shared library construction and linking
+        programs with shared or static libraries, through a separate
+        Makefile.shared.
+      o Rework of the passing of parameters from one Makefile to another.
+      o Changed ENGINE framework to load dynamic engine modules
+        automatically from specifically given directories.
+      o New structure and ASN.1 functions for CertificatePair.
+      o Changed the ZLIB compression method to be stateful.
+      o Changed the key-generation and primality testing "progress"
+        mechanism to take a structure that contains the ticker
+        function and an argument.
+      o New engine module: GMP (performs private key exponentiation).
+      o New engine module: VIA PadLOck ACE extension in VIA C3
+        Nehemiah processors.
+      o Added support for IPv6 addresses in certificate extensions.
+        See RFC 1884, section 2.2.
+      o Added support for certificate policy mappings, policy
+        constraints and name constraints.
+      o Added support for multi-valued AVAs in the OpenSSL
+        configuration file.
+      o Added support for multiple certificates with the same subject
+        in the 'openssl ca' index file.
+      o Make it possible to create self-signed certificates using
+        'openssl ca -selfsign'.
+      o Make it possible to generate a serial number file with
+        'openssl ca -create_serial'.
+      o New binary search functions with extended functionality.
+      o New BUF functions.
+      o New STORE structure and library to provide an interface to all
+        sorts of data repositories.  Supports storage of public and
+        private keys, certificates, CRLs, numbers and arbitrary blobs.
+        This library is unfortunately unfinished and unused within
+        OpenSSL.
+      o New control functions for the error stack.
+      o Changed the PKCS#7 library to support one-pass S/MIME
+        processing.
+      o Added the possibility to compile without old deprecated
+        functionality with the OPENSSL_NO_DEPRECATED macro or the
+        'no-deprecated' argument to the config and Configure scripts.
+      o Constification of all ASN.1 conversion functions, and other
+        affected functions.
+      o Improved platform support for PowerPC.
+      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
+      o New X509_VERIFY_PARAM structure to support parametrisation
+        of X.509 path validation.
+      o Major overhaul of RC4 performance on Intel P4, IA-64 and
+        AMD64.
+      o Changed the Configure script to have some algorithms disabled
+        by default.  Those can be explicitly enabled with the new
+        argument form 'enable-xxx'.
+      o Change the default digest in 'openssl' commands from MD5 to
+        SHA-1.
+      o Added support for DTLS.
+      o New BIGNUM blinding.
+      o Added support for the RSA-PSS encryption scheme
+      o Added support for the RSA X.931 padding.
+      o Added support for BSD sockets on NetWare.
+      o Added support for files larger than 2GB.
+      o Added initial support for Win64.
+      o Added alternate pkg-config files.
+
+  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
+
+      o FIPS 1.1.1 module linking.
+      o Various ciphersuite selection fixes.
+
+  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+
+  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+
+  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
+
+      o Visual C++ 2005 fixes.
+      o Update Windows build system for FIPS.
+
+  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
+
+      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
+
+      o Fix SSL 2.0 Rollback, CVE-2005-2969
+      o Allow use of fixed-length exponent on DSA signing
+      o Default fixed-window RSA, DSA, DH private-key operations
+
+  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
+
+      o More compilation issues fixed.
+      o Adaptation to more modern Kerberos API.
+      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
+      o Enhanced x86_64 assembler BIGNUM module.
+      o More constification.
+      o Added processing of proxy certificates (RFC 3820).
+
+  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
+
+      o Several compilation issues fixed.
+      o Many memory allocation failure checks added.
+      o Improved comparison of X509 Name type.
+      o Mandatory basic checks on certificates.
+      o Performance improvements.
+
+  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
+
+      o Fix race condition in CRL checking code.
+      o Fixes to PKCS#7 (S/MIME) code.
+
+  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
+
+      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
+      o Security: Fix null-pointer assignment in do_change_cipher_spec()
+      o Allow multiple active certificates with same subject in CA index
+      o Multiple X509 verification fixes
+      o Speed up HMAC and other operations
+
+  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
+
+      o Security: fix various ASN1 parsing bugs.
+      o New -ignore_err option to OCSP utility.
+      o Various interop and bug fixes in S/MIME code.
+      o SSL/TLS protocol fix for unrequested client certificates.
+
+  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
+
+      o Security: counter the Klima-Pokorny-Rosa extension of
+        Bleichbacher's attack 
+      o Security: make RSA blinding default.
+      o Configuration: Irix fixes, AIX fixes, better mingw support.
+      o Support for new platforms: linux-ia64-ecc.
+      o Build: shared library support fixes.
+      o ASN.1: treat domainComponent correctly.
+      o Documentation: fixes and additions.
+
+  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
+
+      o Security: Important security related bugfixes.
+      o Enhanced compatibility with MIT Kerberos.
+      o Can be built without the ENGINE framework.
+      o IA32 assembler enhancements.
+      o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
+      o Configuration: the no-err option now works properly.
+      o SSL/TLS: now handles manual certificate chain building.
+      o SSL/TLS: certain session ID malfunctions corrected.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
+
+      o New library section OCSP.
+      o Complete rewrite of ASN1 code.
+      o CRL checking in verify code and openssl utility.
+      o Extension copying in 'ca' utility.
+      o Flexible display options in 'ca' utility.
+      o Provisional support for international characters with UTF8.
+      o Support for external crypto devices ('engine') is no longer
+        a separate distribution.
+      o New elliptic curve library section.
+      o New AES (Rijndael) library section.
+      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
+        Linux x86_64, Linux 64-bit on Sparc v9
+      o Extended support for some platforms: VxWorks
+      o Enhanced support for shared libraries.
+      o Now only builds PIC code when shared library support is requested.
+      o Support for pkg-config.
+      o Lots of new manuals.
+      o Makes symbolic links to or copies of manuals to cover all described
+        functions.
+      o Change DES API to clean up the namespace (some applications link also
+        against libdes providing similar functions having the same name).
+        Provide macros for backward compatibility (will be removed in the
+        future).
+      o Unify handling of cryptographic algorithms (software and engine)
+        to be available via EVP routines for asymmetric and symmetric ciphers.
+      o NCONF: new configuration handling routines.
+      o Change API to use more 'const' modifiers to improve error checking
+        and help optimizers.
+      o Finally remove references to RSAref.
+      o Reworked parts of the BIGNUM code.
+      o Support for new engines: Broadcom ubsec, Accelerated Encryption
+        Processing, IBM 4758.
+      o A few new engines added in the demos area.
+      o Extended and corrected OID (object identifier) table.
+      o PRNG: query at more locations for a random device, automatic query for
+        EGD style random sources at several locations.
+      o SSL/TLS: allow optional cipher choice according to server's preference.
+      o SSL/TLS: allow server to explicitly set new session ids.
+      o SSL/TLS: support Kerberos cipher suites (RFC2712).
+	Only supports MIT Kerberos for now.
+      o SSL/TLS: allow more precise control of renegotiations and sessions.
+      o SSL/TLS: add callback to retrieve SSL/TLS messages.
+      o SSL/TLS: support AES cipher suites (RFC3268).
+
+  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
+
+      o Security: fix various ASN1 parsing bugs.
+      o SSL/TLS protocol fix for unrequested client certificates.
+
+  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
+
+      o Security: counter the Klima-Pokorny-Rosa extension of
+        Bleichbacher's attack 
+      o Security: make RSA blinding default.
+      o Build: shared library support fixes.
+
+  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
+
+      o Important security related bugfixes.
+
+  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
+
+      o New configuration targets for Tandem OSS and A/UX.
+      o New OIDs for Microsoft attributes.
+      o Better handling of SSL session caching.
+      o Better comparison of distinguished names.
+      o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+      o Support assembler code with Borland C.
+      o Fixes for length problems.
+      o Fixes for uninitialised variables.
+      o Fixes for memory leaks, some unusual crashes and some race conditions.
+      o Fixes for smaller building problems.
+      o Updates of manuals, FAQ and other instructive documents.
+
+  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
+
+      o Important building fixes on Unix.
+
+  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
+
+      o Various important bugfixes.
+
+  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
+
+      o Important security related bugfixes.
+      o Various SSL/TLS library bugfixes.
+
+  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
+
+      o Various SSL/TLS library bugfixes.
+      o Fix DH parameter generation for 'non-standard' generators.
+
+  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
+
+      o Various SSL/TLS library bugfixes.
+      o BIGNUM library fixes.
+      o RSA OAEP and random number generation fixes.
+      o Object identifiers corrected and added.
+      o Add assembler BN routines for IA64.
+      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
+        MIPS Linux; shared library support for Irix, HP-UX.
+      o Add crypto accelerator support for AEP, Baltimore SureWare,
+        Broadcom and Cryptographic Appliance's keyserver
+        [in 0.9.6c-engine release].
+
+  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
+
+      o Security fix: PRNG improvements.
+      o Security fix: RSA OAEP check.
+      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
+        attack.
+      o MIPS bug fix in BIGNUM.
+      o Bug fix in "openssl enc".
+      o Bug fix in X.509 printing routine.
+      o Bug fix in DSA verification routine and DSA S/MIME verification.
+      o Bug fix to make PRNG thread-safe.
+      o Bug fix in RAND_file_name().
+      o Bug fix in compatibility mode trust settings.
+      o Bug fix in blowfish EVP.
+      o Increase default size for BIO buffering filter.
+      o Compatibility fixes in some scripts.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded environments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.
+
+  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
+
+      o Some documentation for BIO and SSL libraries.
+      o Enhanced chain verification using key identifiers.
+      o New sign and verify options to 'dgst' application.
+      o Support for DER and PEM encoded messages in 'smime' application.
+      o New 'rsautl' application, low level RSA utility.
+      o MD4 now included.
+      o Bugfix for SSL rollback padding check.
+      o Support for external crypto devices [1].
+      o Enhanced EVP interface.
+
+    [1] The support for external crypto devices is currently a separate
+        distribution.  See the file README.ENGINE.
+
+  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
+
+      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
+      o Shared library support for HPUX and Solaris-gcc
+      o Support of Linux/IA64
+      o Assembler support for Mingw32
+      o New 'rand' application
+      o New way to check for existence of algorithms from scripts
+
+  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
+
+      o S/MIME support in new 'smime' command
+      o Documentation for the OpenSSL command line application
+      o Automation of 'req' application
+      o Fixes to make s_client, s_server work under Windows
+      o Support for multiple fieldnames in SPKACs
+      o New SPKAC command line utilty and associated library functions
+      o Options to allow passwords to be obtained from various sources
+      o New public key PEM format and options to handle it
+      o Many other fixes and enhancements to command line utilities
+      o Usable certificate chain verification
+      o Certificate purpose checking
+      o Certificate trust settings
+      o Support of authority information access extension
+      o Extensions in certificate requests
+      o Simplified X509 name and attribute routines
+      o Initial (incomplete) support for international character sets
+      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
+      o Read only memory BIOs and simplified creation function
+      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
+        record; allow fragmentation and interleaving of handshake and other
+        data
+      o TLS/SSL code now "tolerates" MS SGC
+      o Work around for Netscape client certificate hang bug
+      o RSA_NULL option that removes RSA patent code but keeps other
+        RSA functionality
+      o Memory leak detection now allows applications to add extra information
+        via a per-thread stack
+      o PRNG robustness improved
+      o EGD support
+      o BIGNUM library bug fixes
+      o Faster DSA parameter generation
+      o Enhanced support for Alpha Linux
+      o Experimental MacOS support
+
+  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
+
+      o Transparent support for PKCS#8 format private keys: these are used
+        by several software packages and are more secure than the standard
+        form
+      o PKCS#5 v2.0 implementation
+      o Password callbacks have a new void * argument for application data
+      o Avoid various memory leaks
+      o New pipe-like BIO that allows using the SSL library when actual I/O
+        must be handled by the application (BIO pair)
+
+  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
+      o Lots of enhancements and cleanups to the Configuration mechanism
+      o RSA OEAP related fixes
+      o Added `openssl ca -revoke' option for revoking a certificate
+      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+      o Source tree cleanups: removed lots of obsolete files
+      o Thawte SXNet, certificate policies and CRL distribution points
+        extension support
+      o Preliminary (experimental) S/MIME support
+      o Support for ASN.1 UTF8String and VisibleString
+      o Full integration of PKCS#12 code
+      o Sparc assembler bignum implementation, optimized hash functions
+      o Option to disable selected ciphers
+
+  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
+      o Fixed a security hole related to session resumption
+      o Fixed RSA encryption routines for the p < q case
+      o "ALL" in cipher lists now means "everything except NULL ciphers"
+      o Support for Triple-DES CBCM cipher
+      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+      o First support for new TLSv1 ciphers
+      o Added a few new BIOs (syslog BIO, reliable BIO)
+      o Extended support for DSA certificate/keys.
+      o Extended support for Certificate Signing Requests (CSR)
+      o Initial support for X.509v3 extensions
+      o Extended support for compression inside the SSL record layer
+      o Overhauled Win32 builds
+      o Cleanups and fixes to the Big Number (BN) library
+      o Support for ASN.1 GeneralizedTime
+      o Splitted ASN.1 SETs from SEQUENCEs
+      o ASN1 and PEM support for Netscape Certificate Sequences
+      o Overhauled Perl interface
+      o Lots of source tree cleanups.
+      o Lots of memory leak fixes.
+      o Lots of bug fixes.
+
+  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
+      o Integration of the popular NO_RSA/NO_DSA patches
+      o Initial support for compression inside the SSL record layer
+      o Added BIO proxy and filtering functionality
+      o Extended Big Number (BN) library
+      o Added RIPE MD160 message digest
+      o Addeed support for RC2/64bit cipher
+      o Extended ASN.1 parser routines
+      o Adjustations of the source tree for CVS
+      o Support for various new platforms
+
--- a/Show More
+++ b/Show More