89 files changed, 492 insertions, 490 deletions
diff --git a/configure.py b/configure.py
index 5716931a0..ce829b666 100755
--- a/configure.py
+++ b/configure.py
@@ -5,7 +5,7 @@ Configuration program for botan (http://botan.randombit.net/)
   (C) 2009,2010,2011,2012,2013,2014 Jack Lloyd
   Distributed under the terms of the Botan license
 
-Tested with CPython 2.6, 2.7, 3.2 and PyPy 1.5
+Tested with CPython 2.6, 2.7, 3.2, 3.3 and PyPy 1.5
 
 Python 2.5 works if you change the exception catching syntax:
    perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py
@@ -138,7 +138,8 @@ class BuildConfigurationInformation(object):
 
         self.public_headers = sorted(flatten([m.public_headers() for m in modules]))
 
-        self.apps_dir = os.path.join(options.base_dir, 'src')
+        self.doc_dir = os.path.join(options.base_dir, 'doc')
+        self.src_dir = os.path.join(options.base_dir, 'src')
 
         def find_sources_in(basedir, srcdir):
             for (dirpath, dirnames, filenames) in os.walk(os.path.join(basedir, srcdir)):
@@ -147,23 +148,36 @@ class BuildConfigurationInformation(object):
                         yield os.path.join(dirpath, filename)
 
 
-        self.app_sources = list(find_sources_in(self.apps_dir, 'cmd'))
-        self.test_sources = list(find_sources_in(self.apps_dir, 'tests'))
-        self.python_sources = list(find_sources_in(self.apps_dir, 'python'))
+        self.app_sources = list(find_sources_in(self.src_dir, 'cmd'))
+        self.test_sources = list(find_sources_in(self.src_dir, 'tests'))
+        self.python_sources = list(find_sources_in(self.src_dir, 'python'))
 
         self.boost_python = options.boost_python
         self.python_dir = os.path.join(options.src_dir, 'python')
         self.pyobject_dir = os.path.join(self.build_dir, 'python')
 
-        self.manual_dir = os.path.join(self. doc_output_dir, 'manual')
-
         def build_doc_commands():
-            if options.with_sphinx:
-                sphinx_config_dir = os.path.join(options.build_data, 'sphinx')
-                yield 'sphinx-build -c %s $(SPHINX_OPTS) -b html doc %s' % (
-                    sphinx_config_dir, self.manual_dir)
-            else:
-                yield '$(COPY) doc/*.rst %s' % (self.manual_dir)
+
+            def get_doc_cmd():
+                if options.with_sphinx:
+                    sphinx = 'sphinx-build -c $(SPHINX_CONFIG) $(SPHINX_OPTS) '
+                    if options.quiet:
+                        sphinx += '-q '
+                    sphinx += '%s %s'
+                    return sphinx
+                else:
+                    return '$(COPY) %s/*.rst %s'
+
+            doc_cmd = get_doc_cmd()
+
+            def cmd_for(src):
+                return doc_cmd % (os.path.join(self.doc_dir, src),
+                                  os.path.join(self.doc_output_dir, src))
+
+            yield cmd_for('manual')
+
+            if options.build_relnotes:
+                yield cmd_for('relnotes')
 
             if options.with_doxygen:
                 yield 'doxygen %s/botan.doxy' % (self.build_dir)
@@ -177,6 +191,10 @@ class BuildConfigurationInformation(object):
             yield self.botan_include_dir
             yield self.internal_include_dir
             yield os.path.join(self.doc_output_dir, 'manual')
+
+            if options.build_relnotes:
+                yield os.path.join(self.doc_output_dir, 'relnotes')
+
             if options.with_doxygen:
                 yield os.path.join(self.doc_output_dir, 'doxygen')
 
@@ -316,6 +334,9 @@ def process_command_line(args):
                            default=None,
                            help='Use Sphinx to generate HTML manual')
 
+    build_group.add_option('--build-relnotes', action='store_true', default=False,
+                           help='Use Sphinx to produce HTML release notes')
+
     build_group.add_option('--without-sphinx', action='store_false',
                            dest='with_sphinx', help=optparse.SUPPRESS_HELP)
 
@@ -997,6 +1018,8 @@ def process_template(template_file, variables):
         return template.substitute(variables)
     except KeyError as e:
         raise Exception('Unbound var %s in template %s' % (e, template_file))
+    except Exception as e:
+        raise Exception('Exception %s in template %s' % (e, template_file))
 
 """
 Create the template variables needed to process the makefile, build.h, etc
@@ -1026,7 +1049,7 @@ def create_template_vars(build_config, options, modules, cc, arch, osinfo):
         for src in sources:
             (dir,file) = os.path.split(os.path.normpath(src))
 
-            parts = dir.split(os.sep)[1:]
+            parts = dir.split(os.sep)[2:]
             if parts != []:
 
                 # Handle src/X/X.cpp -> X.o
@@ -1141,6 +1164,9 @@ def create_template_vars(build_config, options, modules, cc, arch, osinfo):
 
         'version_datestamp': build_config.version_datestamp,
 
+        'src_dir': build_config.src_dir,
+        'doc_dir': build_config.doc_dir,
+
         'timestamp': build_config.timestamp(),
         'user':      build_config.username(),
         'hostname':  build_config.hostname(),
@@ -1161,6 +1187,7 @@ def create_template_vars(build_config, options, modules, cc, arch, osinfo):
         'build_doc_commands': build_config.build_doc_commands,
 
         'python_dir': build_config.python_dir,
+        'sphinx_config_dir': os.path.join(options.build_data, 'sphinx'),
 
         'os': options.os,
         'arch': options.arch,
@@ -1257,15 +1284,18 @@ def create_template_vars(build_config, options, modules, cc, arch, osinfo):
         'python_version': options.python_version
         }
 
+    vars["header_in"] = process_template('src/build-data/makefile/header.in', vars)
+    vars["commands_in"] = process_template('src/build-data/makefile/commands.in', vars)
+
     if options.build_shared_lib:
-        vars["shared_makefile"] = process_template('src/build-data/makefile/shared.in', vars)
+        vars["dso_in"] = process_template('src/build-data/makefile/dso.in', vars)
     else:
-        vars["shared_makefile"] = ""
+        vars["dso_in"] = ""
 
     if options.boost_python:
-        vars["python_makefile"] = process_template('src/build-data/makefile/python.in', vars)
+        vars["python_in"] = process_template('src/build-data/makefile/python.in', vars)
     else:
-        vars["python_makefile"] = ""
+        vars["python_in"] = ""
 
     return vars
 
diff --git a/doc/algos.rst b/doc/algos.rst
deleted file mode 100644
index d7e3f2498..000000000
--- a/doc/algos.rst
+++ /dev/null
@@ -1,109 +0,0 @@
-
-.. _algo_list:
-
-Algorithms
-========================================
-
-Supported Algorithms
-----------------------------------------
-
-Botan provides a number of different cryptographic algorithms and
-primitives, including:
-
-TLS/Public Key Infrastructure
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-  * SSL/TLS (from SSL v3 to TLS v1.2), including using preshared
-    keys (TLS-PSK) or passwords (TLS-SRP)
-  * X.509 certificates (including generating new self-signed and CA
-    certs) and CRLs
-  * Certificate path validation
-  * PKCS #10 certificate requests (creation and certificate issue)
-
-Public Key Cryptography
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-  * Encryption algorithms RSA, ElGamal, DLIES (padding schemes OAEP,
-    PKCS #1 v1.5)
-  * Signature algorithms RSA, DSA, ECDSA, GOST 34.10-2001,
-    Nyberg-Rueppel, Rabin-Williams (padding schemes PSS, PKCS #1 v1.5,
-    X9.31)
-  * Key agreement techniques Diffie-Hellman and ECDH
-
-Hash functions
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-  * NIST hashes: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512
-  * SHA-3 (Keccak) and SHA-3 candidates Skein-512 and Blue Midnight Wish-512
-  * RIPE hashes: RIPEMD-160 and RIPEMD-128
-  * Hash function combiners (Parallel and Comb4P)
-  * Other common hash functions Whirlpool and Tiger
-  * National standard hashes HAS-160 and GOST 34.11
-  * Obsolete or insecure hashes MD5, MD4, MD2
-  * Non-cryptographic checksums Adler32, CRC24, CRC32
-
-Block ciphers
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-  * Authenticated cipher modes EAX, OCB, GCM, and CCM
-  * Unauthenticated cipher modes CTR, CBC, XTS, CFB, OFB, and ECB
-  * AES (Rijndael) and AES candidates Serpent, Twofish, MARS, CAST-256, RC6
-  * DES, and variants 3DES and DESX
-  * National/telecom block ciphers SEED, KASUMI, MISTY1, GOST 28147
-  * Other block ciphers including Blowfish, CAST-128, IDEA, Noekeon,
-    Skipjack, TEA, XTEA, RC2, RC5, SAFER-SK, and Square
-  * Block cipher constructions Luby-Rackoff and Lion
-
-Stream Ciphers
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
- * RC4
- * Salsa20/XSalsa20
- * CTR and OFB modes also present a stream cipher interface
-
-Authentication Codes
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
- * HMAC, CMAC (aka OMAC1)
- * Obsolete designs CBC-MAC, ANSI X9.19 DES-MAC, and the
-   protocol-specific SSLv3 authentication code
-
-Other Useful Things
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-  * Key derivation functions for passwords, including PBKDF2
-  * Password hashing functions, including bcrypt
-  * General key derivation functions KDF1 and KDF2 from IEEE 1363
-  * PRFs from ANSI X9.42, SSL v3.0, TLS v1.0
-
-Recommended Algorithms
----------------------------------
-
-This section is by no means the last word on selecting which
-algorithms to use.  However, botan includes a sometimes bewildering
-array of possible algorithms, and unless you're familiar with the
-latest developments in the field, it can be hard to know what is
-secure and what is not. The following attributes of the algorithms
-were evaluated when making this list: security, standardization,
-patent status, support by other implementations, and efficiency (in
-roughly that order).
-
-If your data is in motion, strongly consider using :doc:`tls` as a
-pre built, already standard and well studied protocol.
-
-Otherwise, if you simply *must* do something custom, use:
-
-* Block ciphers: AES or Serpent in EAX mode, or in CBC, CTR, or XTS
-  mode with a message authentication code.
-
-* General hash functions: SHA-256, SHA-512, SHA-3
-
-* Message authentication: HMAC with SHA-256
-
-* Public Key Encryption: RSA, 2048+ bit keys, with OAEP and SHA-256
-  ("EME1(SHA-256)")
-
-* Public Key Signatures: RSA, 2048+ bit keys with PSS and SHA-512
-  ("EMSA4(SHA-512)")
-
-* Key Agreement: Diffie-Hellman or ECDH, with "KDF2(SHA-256)"
diff --git a/doc/contents.rst b/doc/contents.rst
deleted file mode 100644
index 27a96de35..000000000
--- a/doc/contents.rst
+++ /dev/null
@@ -1,51 +0,0 @@
-
-Contents
-=================================
-
-.. toctree::
-   :maxdepth: 2
-
-   index
-   reading
-   faq
-   download
-   building
-   firststep
-   filters
-   pubkey
-   x509
-   ocsp
-   tls
-   credentials_manager
-   aead
-   bigint
-   lowlevel
-   secmem
-   kdf
-   pbkdf
-   passhash
-   cryptobox
-   srp
-   rng
-   fpe
-   versions
-   python
-   relnotes/index
-
-.. toctree::
-   :hidden:
-
-   license
-   credits
-   users
-   pgpkey
-   algos
-   vcs
-   release_process
-   build_log
-
-Indices and tables
-==================
-
-* :ref:`genindex`
-* :ref:`search`
diff --git a/doc/build_log.rst b/doc/dev/build_log.rst
index dd2fd7180..dd2fd7180 100644
--- a/doc/build_log.rst
+++ b/doc/dev/build_log.rst
diff --git a/doc/release_process.rst b/doc/dev/release_process.rst
index 953b7dda2..cf7ba44fc 100644
--- a/doc/release_process.rst
+++ b/doc/dev/release_process.rst
@@ -23,11 +23,11 @@ prefix).
 Build The Release
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-The release script is ``src/build-data/scripts/dist.py`` and runs from
+The release script is ``src/scripts/dist.py`` and runs from
 a monotone repository by pulling the revision matching the tag set
 previously. For instance::
 
- $ src/build-data/scripts/dist.py --mtn-db ~/var/mtn/botan.mtn 1.11.8
+ $ src/scripts/dist.py --mtn-db ~/var/mtn/botan.mtn 1.11.8
 
 The ``--mtn-db`` 'option' is mandatory, unless the environmental
 variable ``BOTAN_MTN_DB`` is set, in which case that value is used if
@@ -49,12 +49,7 @@ Build The Windows Installer
 
 On Windows, run ``configure.py`` to setup a build::
 
- $ python ./configure.py --cc=msvc --cpu=$ARCH --enable-ssse3 --distribution-info=unmodified
-
-The ``--enable-ssse3`` looks unsafe, but in fact under Visual C++ we
-do not compile with any special CPU specific flags, so this merely has
-the effect of enabling support for SSE2/SSSE3 optimizations which will
-only be used if ``cpuid`` indicates they are supported.
+ $ python ./configure.py --cc=msvc --cpu=$ARCH --distribution-info=unmodified
 
 After completing the build (and running the tests), use `InnoSetup
 <http://www.jrsoftware.org/isinfo.php>`_ to create the installer.  A
@@ -86,7 +81,7 @@ Post Release Process
 
 Immediately after the new release is created, increment the version
 number in ``botan_version.py`` and add a new release notes file for
-the next release, including a new entry in ``relnotes/index.rst``.
+the next release, including a new entry in ``doc/relnotes/index.rst``.
 
 Use "Not Yet Released" as the placeholder for the release date. Use
 checkin message "Bump for X.Y.Z".
diff --git a/doc/index.rst b/doc/index.rst
deleted file mode 100644
index 318812077..000000000
--- a/doc/index.rst
+++ /dev/null
@@ -1,70 +0,0 @@
-
-Welcome
-========================================
-
-Botan is a crypto library for C++ released under the permissive
-:doc:`BSD-2 (or FreeBSD) license <license>`.
-
-It provides most any :doc:`cryptographic algorithm <algos>` you might
-be looking for, along with :doc:`tls`, :doc:`X.509 certs, CRLs, and
-path validation <x509>`, a :doc:`pipeline-style message processing
-system <filters>`, :doc:`bcrypt password hashing <passhash>`, and
-other useful things. A third party open source implementation of
-`SSHv2 <http://www.netsieben.com/products/ssh/>`_ that uses botan is
-also available. In addition to C++ you can use botan from :doc:`Python
-<python>` or Perl (both included in tree), or with `Node.js
-<https://github.com/justinfreitag/node-botan>`_.
-
-See the :doc:`faq` for a list of common questions and answers.
-
-.. only:: html and website
-
-   See :doc:`download` for information about getting the latest version.
-
-The core of botan is written in C++11 (or C++98 for versions up to and
-including 1.10) with no dependencies besides the STL and the rest of
-the ISO standard library, but the library also includes optional
-modules which make further assumptions about their environment,
-providing features such as compression (using zlib or bzip2), entropy
-gathering, and secure memory allocation. Assembly implementations of
-key algorithms like SHA-1 and multiple precision integer routines for
-x86 and x86-64 processors are also included.
-
-It runs on most common operating systems and can be used with a number
-of different commercial and open source compilers. The :doc:`build log
-<build_log>` contains information about recently tested targets. It
-has more than a few :doc:`known users <users>` and is already included
-in most major package distributions, including
-\
-`Fedora <https://admin.fedoraproject.org/pkgdb/acls/name/botan>`_,
-`EPEL <http://dl.fedoraproject.org/pub/epel/6/SRPMS/repoview/botan.html>`_ (for RHEL/CentOS),
-`Debian <http://packages.debian.org/search?keywords=libbotan>`_,
-`Ubuntu <http://packages.ubuntu.com/search?keywords=botan>`_,
-`Gentoo <http://packages.gentoo.org/package/botan>`_,
-`Arch Linux <http://www.archlinux.org/packages/extra/x86_64/botan/>`_,
-`Slackbuild <http://slackbuilds.org/result/?search=Botan>`_,
-`FreeBSD <http://www.freshports.org/security/botan>`_,
-`NetBSD <ftp://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/security/botan/README.html>`_,
-`Cygwin <http://cygwin.com/packages/botan/>`_,
-`MacPorts <http://www.macports.org/ports.php?by=name&substr=botan>`_,
-`OpenPKG <http://www.openpkg.org/product/packages/?package=botan>`_, and
-`T2 SDE <http://www.t2-project.org/packages/botan.html>`_
-
-It was started as a personal project by `Jack Lloyd
-<http://www.randombit.net>`_,who continues to be the maintainer and
-release manager. Since the first release in 2001, a number of
-individuals and organizations have :doc:`contributed <credits>`.
-Check out the :doc:`release notes <relnotes/index>` for more project
-history.
-
-If you need help or have questions, send a mail to the `development
-mailing list
-<http://lists.randombit.net/mailman/listinfo/botan-devel/>`_.
-Patches, "philosophical" bug reports, announcements of programs using
-the library, and related topics are also welcome. If you find what you
-believe to be a bug, please file a ticket in `Bugzilla
-<http://bugs.randombit.net/>`_.
-
-A useful reference while reading this manual is the `Doxygen
-documentation <http://botan.randombit.net/doxygen>`_.
-
diff --git a/doc/aead.rst b/doc/manual/aead.rst
index dbd06bbe1..dbd06bbe1 100644
--- a/doc/aead.rst
+++ b/doc/manual/aead.rst
diff --git a/doc/bigint.rst b/doc/manual/bigint.rst
index 66a055eb7..66a055eb7 100644
--- a/doc/bigint.rst
+++ b/doc/manual/bigint.rst
diff --git a/doc/building.rst b/doc/manual/building.rst
index 0df1b5a7e..6c9cfba3c 100644
--- a/doc/building.rst
+++ b/doc/manual/building.rst
@@ -11,7 +11,7 @@ the build system, primarily due to lack of access. Please contact the
 maintainer if you would like to build Botan on such a system.
 
 Botan's build is controlled by configure.py, which is a `Python
-<http://www.python.org>`_ script. Python 2.5 or later is required.
+<http://www.python.org>`_ script. Python 2.6 or later is required.
 
 For the impatient, this works for most systems::
 
diff --git a/doc/manual/contents.rst b/doc/manual/contents.rst
new file mode 100644
index 000000000..598510578
--- /dev/null
+++ b/doc/manual/contents.rst
@@ -0,0 +1,28 @@
+
+Contents
+========================================
+
+.. toctree::
+
+   index
+   building
+   firststep
+   secmem
+   rng
+   filters
+   pubkey
+   x509
+   ocsp
+   tls
+   credentials_manager
+   aead
+   bigint
+   lowlevel
+   kdf
+   pbkdf
+   passhash
+   cryptobox
+   srp
+   fpe
+   versions
+   python
diff --git a/doc/credentials_manager.rst b/doc/manual/credentials_manager.rst
index 04e9e3f2e..04e9e3f2e 100644
--- a/doc/credentials_manager.rst
+++ b/doc/manual/credentials_manager.rst
diff --git a/doc/cryptobox.rst b/doc/manual/cryptobox.rst
index ea77eee5a..ea77eee5a 100644
--- a/doc/cryptobox.rst
+++ b/doc/manual/cryptobox.rst
diff --git a/doc/filters.rst b/doc/manual/filters.rst
index cb8f010b6..cb8f010b6 100644
--- a/doc/filters.rst
+++ b/doc/manual/filters.rst
diff --git a/doc/firststep.rst b/doc/manual/firststep.rst
index 8010789d6..8010789d6 100644
--- a/doc/firststep.rst
+++ b/doc/manual/firststep.rst
diff --git a/doc/fpe.rst b/doc/manual/fpe.rst
index a2005e158..9fbb27f7c 100644
--- a/doc/fpe.rst
+++ b/doc/manual/fpe.rst
@@ -54,4 +54,4 @@ This example encrypts a credit card number with a valid
 `Luhn checksum <http://en.wikipedia.org/wiki/Luhn_algorithm>`_ to
 another number with the same format, including a correct checksum.
 
-.. literalinclude:: ../src/apps/fpe.cpp
+.. literalinclude:: ../../src/cmd/fpe.cpp
diff --git a/doc/reading.rst b/doc/manual/index.rst
index 3b3545e28..988d7732f 100644
--- a/doc/reading.rst
+++ b/doc/manual/index.rst
@@ -1,7 +1,12 @@
 
-Recommended Reading
+Introduction
 ========================================
 
+If you need to build the library first, start with :doc:`building`.
+
+Books and other resources
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
 It's a very good idea if you have some knowledge of cryptography
 *before* trying to use the library. This is an area where it is very
 easy to make mistakes, and where things are often subtle and/or
@@ -21,3 +26,15 @@ Especially recommended are:
 - *Handbook of Applied Cryptography*
   by Alfred J. Menezes, Paul C. Van Oorschot, and Scott A. Vanstone
   (`available online <http://www.cacr.math.uwaterloo.ca/hac/>`_)
+
+If you're doing something non-trivial or unique, you might want to at
+the very least ask for review/input on a mailing list such as the
+`metzdowd <http://www.metzdowd.com/mailman/listinfo/cryptography>`_ or
+`randombit <http://lists.randombit.net/mailman/listinfo/cryptography>`_
+crypto lists. And (if possible) pay a professional cryptographer or
+security company to review your design and code.
+
+References
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The :ref:`genindex` and :ref:`search` may be useful.
diff --git a/doc/kdf.rst b/doc/manual/kdf.rst
index 4ab2fd5dc..4ab2fd5dc 100644
--- a/doc/kdf.rst
+++ b/doc/manual/kdf.rst
diff --git a/doc/lowlevel.rst b/doc/manual/lowlevel.rst
index 398d52d85..398d52d85 100644
--- a/doc/lowlevel.rst
+++ b/doc/manual/lowlevel.rst
diff --git a/doc/ocsp.rst b/doc/manual/ocsp.rst
index 6c52cbe50..6c52cbe50 100644
--- a/doc/ocsp.rst
+++ b/doc/manual/ocsp.rst
diff --git a/doc/passhash.rst b/doc/manual/passhash.rst
index a398369b5..0d6721ddf 100644
--- a/doc/passhash.rst
+++ b/doc/manual/passhash.rst
@@ -97,7 +97,7 @@ outputs that look like this::
 
 Here is an example of using bcrypt:
 
-.. literalinclude:: ../src/apps/bcrypt.cpp
+.. literalinclude:: ../../src/cmd/bcrypt.cpp
 
 .. _passhash9:
 
diff --git a/doc/pbkdf.rst b/doc/manual/pbkdf.rst
index 14434f63e..14434f63e 100644
--- a/doc/pbkdf.rst
+++ b/doc/manual/pbkdf.rst
diff --git a/doc/pubkey.rst b/doc/manual/pubkey.rst
index 5fdcafc8d..efeea692c 100644
--- a/doc/pubkey.rst
+++ b/doc/manual/pubkey.rst
@@ -93,7 +93,7 @@ into a pair of key files. One is the public key in X.509 format (PEM encoded),
 the private key is in PKCS #8 format (also PEM encoded), either encrypted or
 unencrypted depending on if a password was given.
 
-.. literalinclude:: ../src/apps/keygen.cpp
+.. literalinclude:: ../../src/cmd/keygen.cpp
 
 .. _serializing_private_keys:
 
@@ -481,11 +481,11 @@ Signatures are verified using
 
 Here is an example of DSA signature generation
 
-.. literalinclude:: ../src/apps/dsa_sign.cpp
+.. literalinclude:: ../../src/cmd/dsa_sign.cpp
 
 Here is an example that verifies DSA signatures
 
-.. literalinclude:: ../src/apps/dsa_ver.cpp
+.. literalinclude:: ../../src/cmd/dsa_ver.cpp
 
 Key Agreement
 ---------------------------------
diff --git a/doc/python.rst b/doc/manual/python.rst
index 734d2c6f4..b8fd59b9a 100644
--- a/doc/python.rst
+++ b/doc/manual/python.rst
@@ -14,8 +14,8 @@ Botan includes a binding for Python, implemented using Boost.Python.
 As you can see, it is not currently documented, though there are a few
 examples under `src/scripts/examples`, such as RSA:
 
-.. literalinclude:: ../src/scripts/examples/rsa.py
+.. literalinclude:: ../../src/scripts/examples/rsa.py
 
 and EAX encryption using a passphrase:
 
-.. literalinclude:: ../src/scripts/examples/cipher.py
+.. literalinclude:: ../../src/scripts/examples/cipher.py
diff --git a/doc/rng.rst b/doc/manual/rng.rst
index 66679271d..66679271d 100644
--- a/doc/rng.rst
+++ b/doc/manual/rng.rst
diff --git a/doc/secmem.rst b/doc/manual/secmem.rst
index 76751bb40..76751bb40 100644
--- a/doc/secmem.rst
+++ b/doc/manual/secmem.rst
diff --git a/doc/srp.rst b/doc/manual/srp.rst
index e3aace5ff..e3aace5ff 100644
--- a/doc/srp.rst
+++ b/doc/manual/srp.rst
diff --git a/doc/tls.rst b/doc/manual/tls.rst
index f0de4320b..805bca823 100644
--- a/doc/tls.rst
+++ b/doc/manual/tls.rst
@@ -259,7 +259,7 @@ TLS Clients
 
 A simple TLS client example:
 
-.. literalinclude:: ../src/apps/tls_client.cpp
+.. literalinclude:: ../../src/cmd/tls_client.cpp
 
 TLS Servers
 ----------------------------------------
@@ -294,7 +294,7 @@ protocols the server is willing to advertise it supports.
 
 A TLS server that can handle concurrent connections using asio:
 
-.. literalinclude:: ../src/apps/tls_server_asio.cpp
+.. literalinclude:: ../../src/cmd/tls_server_asio.cpp
 
 .. _tls_sessions:
 
diff --git a/doc/versions.rst b/doc/manual/versions.rst
index 9562fdce5..9562fdce5 100644
--- a/doc/versions.rst
+++ b/doc/manual/versions.rst
diff --git a/doc/x509.rst b/doc/manual/x509.rst
index 422912db3..8504126a5 100644
--- a/doc/x509.rst
+++ b/doc/manual/x509.rst
@@ -277,7 +277,7 @@ new certificate:
 
 Here's an example:
 
-.. literalinclude ../src/apps/ca.cpp
+.. literalinclude ../../src/cmd/ca.cpp
 
 Generating CRLs
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -344,7 +344,7 @@ protocols. The library provides a utility function for this:
 
 An example:
 
-.. literalinclude:: ../src/apps/self_sig.cpp
+.. literalinclude:: ../../src/cmd/self_sig.cpp
 
 Creating PKCS #10 Requests
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -363,7 +363,7 @@ certificate.
 
 An example:
 
-.. literalinclude:: ../src/apps/pkcs10.cpp
+.. literalinclude:: ../../src/cmd/pkcs10.cpp
 
 Certificate Options
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/doc/relnotes/1_11_0.rst b/doc/relnotes/1_11_0.rst
index bfcdc213a..9662afca9 100644
--- a/doc/relnotes/1_11_0.rst
+++ b/doc/relnotes/1_11_0.rst
@@ -11,19 +11,18 @@ Version 1.11.0, 2012-07-19
 TLS and PKI Changes
 """"""""""""""""""""""""""""""""""""""""
 
-There have been many changes and improvements to :doc:`TLS
-<../tls>`. The interface is now purely event driven and does not
-directly interact with sockets.  New TLS features include TLS v1.2
-support, client certificate authentication, renegotiation, session
-tickets, and session resumption. Session information can be saved in
-memory or to an encrypted SQLite3 database. Newly supported TLS
-ciphersuite algorithms include using SHA-2 for message authentication,
-pre shared keys and SRP for authentication and key exchange, ECC
-algorithms for key exchange and signatures, and anonymous DH/ECDH key
-exchange.
+There have been many changes and improvements to TLS.  The interface
+is now purely event driven and does not directly interact with
+sockets.  New TLS features include TLS v1.2 support, client
+certificate authentication, renegotiation, session tickets, and
+session resumption. Session information can be saved in memory or to
+an encrypted SQLite3 database. Newly supported TLS ciphersuite
+algorithms include using SHA-2 for message authentication, pre shared
+keys and SRP for authentication and key exchange, ECC algorithms for
+key exchange and signatures, and anonymous DH/ECDH key exchange.
 
-Support for :doc:`OCSP <../ocsp>` has been added. Currently only
-client-side support exists.
+Support for OCSP has been added. Currently only client-side support
+exists.
 
 The API for X.509 path validation has changed, with
 ``x509_path_validate`` in x509path.h now handles path validation and
diff --git a/doc/relnotes/1_11_7.rst b/doc/relnotes/1_11_7.rst
index 5c8415fd8..4c29d0480 100644
--- a/doc/relnotes/1_11_7.rst
+++ b/doc/relnotes/1_11_7.rst
@@ -3,19 +3,20 @@ Version 1.11.7, Not Yet Released
 
 * Botan's basic numeric types are now defined in terms of the
   C99/C++11 standard integer types. For instance `u32bit` is now a
-  typedef for `uint32_t`, and both names are included in the
-  namespace.
+  typedef for `uint32_t`, and both names are included in the library
+  namespace. This should not result in any application-visible
+  changes.
 
 * There are now two executable outputs of the build, `botan-test`,
-  which runs some or all of the tests, and `botan` which is used as a
-  driver to call into various subcommands which can also act as
-  examples of library use, much in the manner of the `openssl`
-  command. It understands the commands `base64`, `asn1`, `x509`,
-  `tls_client`, `tls_server`, `bcrypt`, `keygen`, `speed`, and various
-  others. As part of this change many obsolete, duplicated, or one-off
-  examples were removed, while others were extended with new
-  functionality. Contributions of new subcommands, new bling for
-  exising ones, or documentation in any form is welcome.
+  which runs the tests, and `botan` which is used as a driver to call
+  into various subcommands which can also act as examples of library
+  use, much in the manner of the `openssl` command. It understands the
+  commands `base64`, `asn1`, `x509`, `tls_client`, `tls_server`,
+  `bcrypt`, `keygen`, `speed`, and various others. As part of this
+  change many obsolete, duplicated, or one-off examples were removed,
+  while others were extended with new functionality. Contributions of
+  new subcommands, new bling for exising ones, or documentation in any
+  form is welcome.
 
 * Fix a bug in Lion, which was broken by a change in 1.11.0. The
   problem was not noticed before as Lion was also missing a test vector
diff --git a/doc/relnotes/1_9_14.rst b/doc/relnotes/1_9_14.rst
index c60de26d1..318d7b53d 100644
--- a/doc/relnotes/1_9_14.rst
+++ b/doc/relnotes/1_9_14.rst
@@ -1,8 +1,7 @@
 Version 1.9.14, 2011-03-01
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* Add support for bcrypt, OpenBSD's password hashing scheme. It is
-  described in :ref:`bcrypt`.
+* Add support for bcrypt, OpenBSD's password hashing scheme.
 
 * Add support for NIST's AES key wrapping algorithm, as described in
   :rfc:`3394`. It is available by including ``rfc3394.h``.
diff --git a/doc/relnotes/1_9_16.rst b/doc/relnotes/1_9_16.rst
index 549e243f3..fe7441be8 100644
--- a/doc/relnotes/1_9_16.rst
+++ b/doc/relnotes/1_9_16.rst
@@ -28,7 +28,7 @@ Version 1.9.16, 2011-04-11
 * The overload of ``generate_passhash9`` that takes an explicit
   algorithm identifier has been merged with the one that does not.
   The algorithm identifier code has been moved from the second
-  parameter to the fourth. See :ref:`passhash9` for details.
+  parameter to the fourth.
 
 * Change shared library versioning to match the normal Unix
   conventions. Instead of ``libbotan-X.Y.Z.so``, the shared lib is
diff --git a/doc/relnotes/1_9_17.rst b/doc/relnotes/1_9_17.rst
index fbf9b3dee..794120be3 100644
--- a/doc/relnotes/1_9_17.rst
+++ b/doc/relnotes/1_9_17.rst
@@ -8,7 +8,7 @@ Version 1.9.17, 2011-04-29
   and ``fpe_decrypt``. These were renamed as it is likely that other
   FPE schemes will be included in the future. The header is now
   ``fpe_fe1.h``, and the functions are named ``fe1_encrypt`` and
-  ``fe1_decrypt``. See :doc:`../fpe` for more information.
+  ``fe1_decrypt``.
 
 * New options to ``configure.py`` control what tools are used for
   documentation generation. The ``--with-sphinx`` option enables using
diff --git a/doc/relnotes/contents.rst b/doc/relnotes/contents.rst
new file mode 100644
index 000000000..15f3ff948
--- /dev/null
+++ b/doc/relnotes/contents.rst
@@ -0,0 +1,7 @@
+
+Contents
+========================================
+
+.. toctree::
+
+   index
diff --git a/doc/website/contents.rst b/doc/website/contents.rst
new file mode 100644
index 000000000..55c302d01
--- /dev/null
+++ b/doc/website/contents.rst
@@ -0,0 +1,15 @@
+
+Contents
+========================================
+
+.. toctree::
+
+   index
+   license
+   faq
+   download
+   pgpkey
+   credits
+   users
+   vcs
+   relnotes/index
diff --git a/doc/download.rst b/doc/website/download.rst
index dcb1b4174..c537dec82 100644
--- a/doc/download.rst
+++ b/doc/website/download.rst
@@ -6,26 +6,18 @@ All releases are signed with a :doc:`PGP key <pgpkey>`.
 
 Unsure which release you want? Check the :ref:`FAQ <devel_vs_stable>`.
 
-.. only:: not website
-
-   .. note::
+.. note::
 
-      If you are viewing this documentation offline, a more recent
-      release `may be available <https://botan.randombit.net/download.html>`_.
+   If you are planning on developing an application using TLS, using
+   the latest 1.11 release instead of 1.10 is highly recommended.
 
 Current Stable Series (1.10)
 ----------------------------------------
 
-The latest version of the current stable series, from branch
-``net.randombit.botan.1_10``, is :doc:`relnotes/1_10_7`:
+The latest stable branch release is :doc:`relnotes/1_10_7`:
 :tgz:`1.10.7` (:tgz_sig:`sig <1.10.7>`),
 :tbz:`1.10.7` (:tbz_sig:`sig <1.10.7>`)
 
-.. note::
-
-   If you are planning on developing an application using TLS, using
-   the latest 1.11 release instead of 1.10 is highly recommended.
-
 Windows Installer
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -38,8 +30,7 @@ are also available.
 Current Development Series (1.11)
 ----------------------------------------
 
-The latest version of the current development series, from branch
-``net.randombit.botan``, is :doc:`relnotes/1_11_6`:
+The latest development release is :doc:`relnotes/1_11_6`:
 :tgz:`1.11.6` (:tgz_sig:`sig <1.11.6>`),
 :tbz:`1.11.6` (:tbz_sig:`sig <1.11.6>`)
 
diff --git a/doc/faq.rst b/doc/website/faq.rst
index 0b7170e4c..5cd66cabe 100644
--- a/doc/faq.rst
+++ b/doc/website/faq.rst
@@ -12,6 +12,14 @@ standards and de-facto standards like X.509v3 certificates, and
 various useful constructs like format-preserving encryption, all or
 nothing transforms, and secret splitting.
 
+Who wrote it?
+----------------------------------------
+
+It was started as a personal project by `Jack Lloyd
+<http://www.randombit.net>`_,who continues to be the maintainer and
+release manager. Since the first release in 2001, a number of
+individuals and organizations have :doc:`contributed <credits>`.
+
 .. _devel_vs_stable:
 
 Which release should I use?
@@ -200,29 +208,47 @@ You can do any combination of:
 Does botan support SSL/TLS, SSH, S/MIME, OpenPGP...
 ------------------------------------------------------------
 
-Support for SSL/TLS is included in version 1.9.4 and later. Currently
-SSLv3 and TLS 1.0 and 1.1 are supported. The latest development
-versions also support TLS 1.2.
+The latest development (1.11) releases support TLS up to TLS v1.2.
+The 1.10 releases support up to TLS v1.1 using a different design
+and API; new applications intending to use TLS should use 1.11.
 
 `NetSieben SSH <http://netsieben.com/products/ssh/>`_ is an open
-source SSHv2 implementation that uses botan.
+source SSHv2 client implementation that uses botan.
 
-A preliminary and very incomplete implementation of CMS (the crypto
-layer underlying S/MIME) is included in ``src/cms``, but it needs a
-lot of love and attention before being truly useful.
-
-There is currently no support for OpenPGP.
+There is currently no support for OpenPGP, CMS, OTR, or SSHv2 servers.
 
 Will it work on my platform XYZ??
 ----------------------------------------
 
+It runs on most common operating systems and can be used with a number
+of different commercial and open source compilers, and is already
+included in most major package distributions, including
+\
+`Fedora <https://admin.fedoraproject.org/pkgdb/acls/name/botan>`_,
+`EPEL <http://dl.fedoraproject.org/pub/epel/6/SRPMS/repoview/botan.html>`_ (for RHEL/CentOS),
+`Debian <http://packages.debian.org/search?keywords=libbotan>`_,
+`Ubuntu <http://packages.ubuntu.com/search?keywords=botan>`_,
+`Gentoo <http://packages.gentoo.org/package/botan>`_,
+`Arch Linux <http://www.archlinux.org/packages/extra/x86_64/botan/>`_,
+`Slackbuild <http://slackbuilds.org/result/?search=Botan>`_,
+`FreeBSD <http://www.freshports.org/security/botan>`_,
+`NetBSD <ftp://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/security/botan/README.html>`_,
+`Cygwin <http://cygwin.com/packages/botan/>`_,
+`MacPorts <http://www.macports.org/ports.php?by=name&substr=botan>`_,
+`OpenPKG <http://www.openpkg.org/product/packages/?package=botan>`_, and
+`T2 SDE <http://www.t2-project.org/packages/botan.html>`_
+
 The most common stumbling block is a compiler that is buggy or can't
-handle modern C++ (specifically, C++98). Check out the :doc:`build log
-<build_log>` for a sense of which platforms are actively being tested.
+handle modern C++ (specifically, C++98). Most any recent release of
+GCC, Clang, Intel C++, Visual C++, etc are all fine. It is tested most
+heavily on Linux but especially the stable versions are built and
+tested across a range of Unices as well as OS X and Windows.
 
-Versions 1.11.0 and higher require a C++11 compiler as well as various
-Boost libraries (especially filesystem but also asio and regex). GCC
-4.7.0 and Clang 3.1 are known to work well.
+Versions 1.11.0 and higher require a C++11 compiler as well as Boost
+filesystem (plus optional use of Boost asio). GCC 4.7.0 and Clang 3.1
+or higher should work. Visual C++ 2013 seems to support all the
+required features, but probably needs a bit of work, as Windows has
+not seen much attention.
 
 I'm not feeling this, what can I use instead?
 ------------------------------------------------------------
@@ -237,8 +263,8 @@ I'm not feeling this, what can I use instead?
 
 * `OpenSSL <http://www.openssl.org>`_ is written in C and mostly
   targeted to being an SSL/TLS implementation but there is a lot of
-  other stuff in there as well.
+  other stuff in there as well. BSD plus wonky advertising clause.
 
-* `Crypto++ <http://www.cryptopp.com/>`_ is a C++ crypto library. Its
-  API is quite different from botans, and it offers a number of
-  algorithms botan does not (such as MQV).
+* `Crypto++ <http://www.cryptopp.com/>`_ is a C++ crypto library which
+  is roughly feature comparable to botan but with a very different
+  approach to the API. Boost license.
diff --git a/doc/website/index.rst b/doc/website/index.rst
new file mode 100644
index 000000000..c6b6c1b0b
--- /dev/null
+++ b/doc/website/index.rst
@@ -0,0 +1,30 @@
+
+Welcome
+========================================
+
+Botan is a crypto library for C++ released under the permissive
+:doc:`BSD-2 license <license>`.
+
+It provides useful things like SSL/TLS, X.509 certificates, ECDSA,
+AES, GCM, and bcrypt, plus a kitchen sink of crypto algorithms of
+various utility. A third party open source implementation of `SSHv2
+<http://www.netsieben.com/products/ssh/>`_ that uses botan is also
+available. In addition to C++ you can use botan from Python or Perl
+(both included in tree), or with `Node.js
+<https://github.com/justinfreitag/node-botan>`_.
+
+See the :doc:`faq` for a list of common questions and answers and
+:doc:`download` for information about getting the latest release.
+
+If you need help or have questions, send a mail to the `development
+mailing list
+<http://lists.randombit.net/mailman/listinfo/botan-devel/>`_.
+Patches, "philosophical" bug reports, announcements of programs using
+the library, and related topics are also welcome. If you find what you
+believe to be a bug, please file a ticket in `Bugzilla
+<http://bugs.randombit.net/>`_.
+
+The `manual <http://botan.randombt.net>`_ and
+`Doxygen reference <http://botan.randombit.net/doxygen>`_ for
+the most recent revision is available online.
+
diff --git a/doc/pgpkey.rst b/doc/website/pgpkey.rst
index ef8827835..ef8827835 100644
--- a/doc/pgpkey.rst
+++ b/doc/website/pgpkey.rst
diff --git a/doc/users.rst b/doc/website/users.rst
index 1580dc1e5..7cb0d924a 100644
--- a/doc/users.rst
+++ b/doc/website/users.rst
@@ -1,9 +1,12 @@
 
-Known Users
+Users
 ========================================
 
-This is a list of some of the known users of botan. If you'd like to
-be added to the list, email the development list.
+This is a list of some of the known users of botan. The open source
+projects might be helpful as an additional reference for library
+usage.
+
+If you'd like to be added to the list, email the development list.
 
 Open Source Software
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/doc/vcs.rst b/doc/website/vcs.rst
index e2353ee53..e2353ee53 100644
--- a/doc/vcs.rst
+++ b/doc/website/vcs.rst
diff --git a/readme.rst b/readme.rst
new file mode 100644
index 000000000..ecfca494c
--- /dev/null
+++ b/readme.rst
@@ -0,0 +1,12 @@
+Botan Crypto Library
+========================================
+
+Botan is a C++ library for crypto and TLS released under the permissive
+2-clause BSD license (see ``doc/license.rst`` for the specifics).
+
+You can file bugs in `Bugzilla <http://bugs.randombit.net/>`_ or by sending a
+report to the `botan-devel mailing list
+<http://lists.randombit.net/mailman/listinfo/botan-devel/>`_
+
+For instructions on building the library, read ``doc/manual/building.rst``.
+
diff --git a/src/build-data/botan.doxy.in b/src/build-data/botan.doxy.in
index 63eaa7e15..49d18fe7c 100644
--- a/src/build-data/botan.doxy.in
+++ b/src/build-data/botan.doxy.in
@@ -78,7 +78,7 @@ WARN_LOGFILE           =
 #---------------------------------------------------------------------------
 # configuration options related to the input files
 #---------------------------------------------------------------------------
-INPUT                  = lib
+INPUT                  = src/lib
 INPUT_ENCODING         = UTF-8
 FILE_PATTERNS          =
 RECURSIVE              = YES
diff --git a/src/build-data/makefile/commands.in b/src/build-data/makefile/commands.in
new file mode 100644
index 000000000..33c6634c3
--- /dev/null
+++ b/src/build-data/makefile/commands.in
@@ -0,0 +1,14 @@
+# Program aliases
+AR               = %{ar_command}
+COPY             = cp
+COPY_R           = cp -r
+CD               = @cd
+ECHO             = @echo
+INSTALL_CMD_EXEC = %{install_cmd_exec}
+INSTALL_CMD_DATA = %{install_cmd_data}
+LN               = ln -fs
+MKDIR            = @mkdir
+MKDIR_INSTALL    = @umask 022; mkdir -p -m 755
+RANLIB           = %{ranlib_command}
+RM               = @rm -f
+RM_R             = @rm -rf
diff --git a/src/build-data/makefile/shared.in b/src/build-data/makefile/dso.in
index f4116cce4..7e9829fff 100644
--- a/src/build-data/makefile/shared.in
+++ b/src/build-data/makefile/dso.in
@@ -3,7 +3,7 @@ SHARED_LIB    = $(SONAME).%{version_patch}
 SYMLINK       = $(LIBNAME)-$(BRANCH).%{so_suffix}
 
 $(SHARED_LIB): $(LIBOBJS)
-	%{so_link} $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) -o $(SHARED_LIB)
+	$(LIB_LINK_CMD) $(LDFLAGS) $(LIBOBJS) $(LIB_LINKS_TO) -o $(SHARED_LIB)
 	$(LN) $(SHARED_LIB) $(SONAME)
 	$(LN) $(SHARED_LIB) $(SYMLINK)
 
diff --git a/src/build-data/makefile/gmake.in b/src/build-data/makefile/gmake.in
index 2bdf34e4a..60520cd5f 100644
--- a/src/build-data/makefile/gmake.in
+++ b/src/build-data/makefile/gmake.in
@@ -1,48 +1,6 @@
-# Compiler Options
-CXX           = %{cc}
-LIB_OPT       = %{lib_opt}
-APP_OPT       = %{app_opt}
-LANG_FLAGS    = %{lang_flags}
-WARN_FLAGS    = %{warn_flags}
-SO_OBJ_FLAGS  = %{shared_flags}
-LIB_LINKS_TO  = %{link_to}
-APP_LINKS_TO  = $(LIB_LINKS_TO) -lboost_thread
-TEST_LINKS_TO  = $(LIB_LINKS_TO) -lboost_filesystem
-
-LIB_FLAGS    = $(SO_OBJ_FLAGS) $(LANG_FLAGS) $(LIB_OPT) $(WARN_FLAGS)
-APP_FLAGS    = $(LANG_FLAGS) $(APP_OPT) $(WARN_FLAGS)
-TEST_FLAGS   = $(LANG_FLAGS) $(APP_OPT) $(WARN_FLAGS)
-
-# Version Numbers
-VERSION       = %{version}
-BRANCH        = %{version_major}.%{version_minor}
-
-# Installation Settings
-DESTDIR       = %{prefix}
-
-BINDIR        = $(DESTDIR)/bin
-LIBDIR        = $(DESTDIR)/%{libdir}
-HEADERDIR     = $(DESTDIR)/%{includedir}/botan-$(BRANCH)/botan
-DOCDIR        = $(DESTDIR)/%{docdir}/botan-$(VERSION)
-PKGCONF_DIR   = $(LIBDIR)/pkgconfig
-
-CONFIG_SCRIPT = %{botan_config}
-PKGCONFIG     = %{botan_pkgconfig}
-
-# Aliases for Common Programs
-AR               = %{ar_command}
-COPY             = cp
-COPY_R           = cp -r
-CD               = @cd
-ECHO             = @echo
-INSTALL_CMD_EXEC = %{install_cmd_exec}
-INSTALL_CMD_DATA = %{install_cmd_data}
-LN               = ln -fs
-MKDIR            = @mkdir
-MKDIR_INSTALL    = @umask 022; mkdir -p -m 755
-RANLIB           = %{ranlib_command}
-RM               = @rm -f
-RM_R             = @rm -rf
+%{header_in}
+
+%{commands_in}
 
 # Targets
 APP           = %{app_prefix}botan
@@ -57,13 +15,13 @@ LIBPATH       = botan-$(BRANCH)
 all: $(APP) $(TEST)
 
 # File Lists
-INCLUDE_DIR = %{botan_include_dir}
+INCLUDE_DIR   = %{botan_include_dir}
 
 LIBOBJS       = %{lib_objs}
 
-APPOBJS     = %{app_objs}
+APPOBJS       = %{app_objs}
 
-TESTOBJS     = %{test_objs}
+TESTOBJS      = %{test_objs}
 
 # Build Commands
 %{lib_build_cmds}
@@ -73,7 +31,7 @@ TESTOBJS     = %{test_objs}
 %{test_build_cmds}
 
 # Link Commands
-%{shared_makefile}
+%{dso_in}
 
 $(APP): $(LIBRARIES) $(APPOBJS)
 	$(CXX) $(LDFLAGS) $(APPOBJS) -L. -l$(LIBPATH) $(APP_LINKS_TO) -o $(APP)
@@ -86,16 +44,19 @@ $(STATIC_LIB): $(LIBOBJS)
 	$(AR) $(STATIC_LIB) $(LIBOBJS)
 	$(RANLIB) $(STATIC_LIB)
 
-%{python_makefile}
+%{python_in}
 
 # Fake Targets
-.PHONY = docs clean distclean install
+.PHONY = clean distclean docs website install
 
-docs:
-%{build_doc_commands}
+SPHINX_CONFIG = %{sphinx_config_dir}
+SPHINX_OPTS = -b html
+
+WEBSITE_DIR=%{doc_output_dir}/website
+WEBSITE_SRC_DIR=%{doc_output_dir}/website-src
 
 clean:
-	$(RM_R) %{build_dir}/lib/* %{build_dir}/tests/*
+	$(RM_R) %{build_dir}/obj
 	$(RM) $(LIBRARIES) $(SYMLINK) $(SONAME) $(APP) $(TEST)
 
 distclean: clean
@@ -103,6 +64,9 @@ distclean: clean
 	$(RM) Makefile* $(CONFIG_SCRIPT) $(PKGCONFIG)
 	$(RM) botan_all.cpp botan_all.h
 
+docs:
+%{build_doc_commands}
+
 install: $(LIBRARIES) docs
 	$(MKDIR_INSTALL) $(DOCDIR)
 	$(COPY_R) %{doc_output_dir}/* $(DOCDIR)
@@ -115,14 +79,27 @@ install: $(LIBRARIES) docs
 	$(MKDIR_INSTALL) $(LIBDIR)
 	$(INSTALL_CMD_DATA) $(STATIC_LIB) $(LIBDIR)
 
-        ifdef $(SHARED_LIB)
+ifneq ($(SHARED_LIB),)
 	$(INSTALL_CMD_EXEC) $(SHARED_LIB) $(LIBDIR)
 	$(CD) $(LIBDIR); $(LN) $(SHARED_LIB) $(SYMLINK)
 	$(CD) $(LIBDIR); $(LN) $(SHARED_LIB) $(SONAME)
-        endif
+endif
 
 	$(MKDIR_INSTALL) $(BINDIR)
 	$(INSTALL_CMD_EXEC) $(CONFIG_SCRIPT) $(BINDIR)
 
 	$(MKDIR_INSTALL) $(PKGCONF_DIR)
 	$(INSTALL_CMD_DATA) $(PKGCONFIG) $(PKGCONF_DIR)
+
+website:
+	rm -rf $(WEBSITE_SRC_DIR)
+	mkdir -p $(WEBSITE_SRC_DIR)
+	cp -r %{doc_dir}/*.rst %{doc_dir}/relnotes %{doc_dir}/website/*.rst $(WEBSITE_SRC_DIR)
+	sphinx-build -q -c $(SPHINX_CONFIG) -b html $(WEBSITE_SRC_DIR) $(WEBSITE_DIR)
+	sphinx-build -q -c $(SPHINX_CONFIG) -b html %{doc_dir}/manual $(WEBSITE_DIR)/manual
+	rm -rf $(WEBSITE_DIR)/.doctrees
+	rm -rf $(WEBSITE_DIR)/manual/.doctrees
+	rm -f $(WEBSITE_DIR)/.buildinfo
+	rm -f $(WEBSITE_DIR)/manual/.buildinfo
+	doxygen %{build_dir}/botan.doxy
+	mv %{doc_output_dir}/doxygen $(WEBSITE_DIR)/doxygen
diff --git a/src/build-data/makefile/header.in b/src/build-data/makefile/header.in
new file mode 100644
index 000000000..dfd02aa35
--- /dev/null
+++ b/src/build-data/makefile/header.in
@@ -0,0 +1,32 @@
+# Compiler Options
+CXX            = %{cc}
+LIB_OPT        = %{lib_opt}
+APP_OPT        = %{app_opt}
+LANG_FLAGS     = %{lang_flags}
+WARN_FLAGS     = %{warn_flags}
+SO_OBJ_FLAGS   = %{shared_flags}
+
+LIB_LINK_CMD   = %{so_link}
+
+LIB_LINKS_TO   = %{link_to}
+APP_LINKS_TO   = $(LIB_LINKS_TO)
+TEST_LINKS_TO  = $(LIB_LINKS_TO) -lboost_filesystem
+
+LIB_FLAGS      = $(SO_OBJ_FLAGS) $(LANG_FLAGS) $(LIB_OPT) $(WARN_FLAGS)
+APP_FLAGS      = $(LANG_FLAGS) $(APP_OPT) $(WARN_FLAGS)
+TEST_FLAGS     = $(LANG_FLAGS) $(APP_OPT) $(WARN_FLAGS)
+
+# Version Numbers
+VERSION        = %{version}
+BRANCH         = %{version_major}.%{version_minor}
+
+# Installation Settings
+DESTDIR        = %{prefix}
+BINDIR        = $(DESTDIR)/bin
+LIBDIR        = $(DESTDIR)/%{libdir}
+HEADERIR      = $(DESTDIR)/%{includedir}/botan-$(BRANCH)/botan
+DOCDIR        = $(DESTDIR)/%{docdir}/botan-$(VERSION)
+PKGCONF_DIR   = $(LIBDIR)/pkgconfig
+
+CONFIG_SCRIPT = %{botan_config}
+PKGCONFIG     = %{botan_pkgconfig}
diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in
index 1ebba3c9f..9a248117b 100644
--- a/src/build-data/makefile/nmake.in
+++ b/src/build-data/makefile/nmake.in
@@ -1,23 +1,4 @@
-### Compiler Options
-CXX           = %{cc}
-LIB_OPT       = %{lib_opt}
-APP_OPT       = %{app_opt}
-LANG_FLAGS    = %{lang_flags}
-WARN_FLAGS    = %{warn_flags}
-SO_OBJ_FLAGS  = %{shared_flags}
-LIB_LINK_CMD  = %{so_link}
-APP_LINKS_TO  = $(LIB_LINKS_TO) -lboost_thread
-TEST_LINKS_TO  = $(LIB_LINKS_TO) -lboost_filesystem
-
-LIB_FLAGS     = $(LIB_OPT) $(LANG_FLAGS) $(WARN_FLAGS) $(SO_OBJ_FLAGS)
-APP_FLAGS     = $(APP_OPT) $(LANG_FLAGS) $(WARN_FLAGS)
-TEST_FLAGS    = $(APP_OPT) $(LANG_FLAGS) $(WARN_FLAGS)
-
-### Version Numbers
-VERSION       = %{version}
-
-### Installation Settings
-DESTDIR       = %{prefix}
+%{header_in}
 
 ### Aliases for Common Programs
 AR            = %{ar_command}
@@ -33,8 +14,8 @@ RM_R          = $(RM) /S
 RMDIR         = @rmdir
 
 ### File Lists
-APP          = botan
-TEST         = botan-test
+APP          = %{app_prefix}botan
+TEST         = %{app_prefix}botan-test
 
 LIBOBJS       = %{lib_objs}
 
@@ -51,14 +32,14 @@ BOTAN_LIB     = $(LIBNAME).%{static_suffix}
 
 all: $(APP) $(TEST)
 
-### Build Commands
+# Build Commands
 %{lib_build_cmds}
 
 %{app_build_cmds}
 
 %{test_build_cmds}
 
-### Link Commands
+# Link Commands
 $(APP): $(LIBRARIES) $(APPOBJS)
 	$(CXX) /Fe$@ $(APPOBJS) $(BOTAN_LIB) $(LINK_TO)
 
@@ -72,7 +53,13 @@ $(BOTAN_LIB): $(LIBOBJS)
 	$(LIB_LINK_CMD) /Fe$(LIBNAME) $(LIBOBJS) $(LINK_TO)
 !Endif
 
-### Fake Targets
+%{python_in}
+
+# Fake Targets
+
+SPHINX_CONFIG = %{sphinx_config_dir}
+SPHINX_OPTS = -b html
+
 docs:
 %{build_doc_commands}
 
@@ -90,8 +77,7 @@ distclean: clean
 	$(RMDIR) %{build_dir}
 	$(RM) Makefile $(LIBNAME).* $(APP).*
 
-### Install Commands
-install: $(LIBRARIES)
+install: $(LIBRARIES) docs
 	-$(MKDIR) $(DESTDIR)\include\botan
 	$(INSTALL_CMD) botan.* $(DESTDIR)
 	$(INSTALL_CMD) build\include\botan\*.h $(DESTDIR)\include\botan
diff --git a/src/cmd/apps.cpp b/src/cmd/apps.cpp
deleted file mode 100644
index 120457cb1..000000000
--- a/src/cmd/apps.cpp
+++ /dev/null
@@ -1,27 +0,0 @@
-#include "apps.h"
-
-int apps_main(const std::string& cmd, int argc, char* argv[])
-   {
-#define CALL_APP(cmdsym)                           \
-   do { if(cmd == #cmdsym) { return cmdsym ##_main (argc - 1, argv + 1); } } while(0)
-
-   CALL_APP(asn1);
-   CALL_APP(base64);
-   CALL_APP(bcrypt);
-   CALL_APP(bzip);
-   CALL_APP(ca);
-   CALL_APP(factor);
-   CALL_APP(fpe);
-   CALL_APP(hash);
-   CALL_APP(keygen);
-   CALL_APP(dsa_sign);
-   CALL_APP(dsa_verify);
-   CALL_APP(pkcs10);
-   CALL_APP(read_ssh);
-   CALL_APP(self_sig);
-   CALL_APP(tls_client);
-   CALL_APP(tls_server);
-   CALL_APP(x509);
-
-   return -1;
-   }
diff --git a/src/cmd/apps.h b/src/cmd/apps.h
index 39665a720..280ee46a0 100644
--- a/src/cmd/apps.h
+++ b/src/cmd/apps.h
@@ -7,7 +7,10 @@
 
 using namespace Botan;
 
-int apps_main(const std::string& cmd, int argc, char* argv[]);
+int unimplemented(int argc, char* argv[], const char* what);
+
+#define UNIMPLEMENTED(main, prob) \
+   int main(int argc, char* argv[]) { return unimplemented(argc, argv, prob); }
 
 #define DEFINE_APP(cmd) int cmd ## _main(int argc, char* argv[]);
 
diff --git a/src/cmd/bcrypt.cpp b/src/cmd/bcrypt.cpp
index 2b0bfa132..2b4b4e61d 100644
--- a/src/cmd/bcrypt.cpp
+++ b/src/cmd/bcrypt.cpp
@@ -1,4 +1,6 @@
 #include "apps.h"
+
+#if defined(BOTAN_HAS_BCRYPT)
 #include <botan/bcrypt.h>
 
 int bcrypt_main(int argc, char* argv[])
@@ -30,3 +32,6 @@ int bcrypt_main(int argc, char* argv[])
              << "       " << argv[0] << " password passhash\n";
    return 1;
    }
+#else
+UNIMPLEMENTED(bcrypt_main, "bcrypt");
+#endif
diff --git a/src/cmd/dsa_sign.cpp b/src/cmd/dsa_sign.cpp
index 308e68814..365e91a37 100644
--- a/src/cmd/dsa_sign.cpp
+++ b/src/cmd/dsa_sign.cpp
@@ -5,9 +5,13 @@
 #include <string>
 #include <memory>
 
+#include <botan/base64.h>
 #include <botan/pubkey.h>
+
+#if defined(BOTAN_HAS_DSA)
+
 #include <botan/dsa.h>
-#include <botan/base64.h>
+
 using namespace Botan;
 
 const std::string SUFFIX = ".sig";
@@ -69,3 +73,6 @@ int dsa_sign_main(int argc, char* argv[])
       }
    return 0;
    }
+#else
+UNIMPLEMENTED(dsa_sign_main, "DSA");
+#endif
diff --git a/src/cmd/fpe.cpp b/src/cmd/fpe.cpp
index e40db8a32..d1e748b4c 100644
--- a/src/cmd/fpe.cpp
+++ b/src/cmd/fpe.cpp
@@ -1,4 +1,6 @@
 #include "apps.h"
+
+#if defined(BOTAN_HAS_FPE_FE1)
 #include <botan/fpe_fe1.h>
 #include <botan/sha160.h>
 
@@ -141,3 +143,6 @@ int fpe_main(int argc, char* argv[])
 
    return 0;
    }
+#else
+UNIMPLEMENTED(fpe_main, "FPE");
+#endif
diff --git a/src/cmd/main.cpp b/src/cmd/main.cpp
index 2d675d546..5f6a0042f 100644
--- a/src/cmd/main.cpp
+++ b/src/cmd/main.cpp
@@ -37,24 +37,21 @@ int help(int , char* argv[])
    return 1;
    }
 
+int config_main(int argc, char* argv[])
+   {
+   return 1;
+   }
+
 }
 
-int main(int argc, char* argv[])
+int unimplemented(int , char* argv[], const char* what)
    {
-   if(BOTAN_VERSION_MAJOR != version_major() ||
-      BOTAN_VERSION_MINOR != version_minor() ||
-      BOTAN_VERSION_PATCH != version_patch())
-      {
-      std::cout << "Warning: linked version ("
-                << version_major() << '.'
-                << version_minor() << '.'
-                << version_patch()
-                << ") does not match version built against ("
-                << BOTAN_VERSION_MAJOR << '.'
-                << BOTAN_VERSION_MINOR << '.'
-                << BOTAN_VERSION_PATCH << ")\n";
-      }
+   std::cout << argv[0] << " command not implemented - library missing " << what << "\n";
+   return 1;
+   }
 
+int main(int argc, char* argv[])
+   {
    try
       {
       Botan::LibraryInitializer init;
@@ -67,9 +64,29 @@ int main(int argc, char* argv[])
       if(cmd == "help")
          return help(argc, argv);
 
+      if(cmd == "config")
+         {
+         return config_main(argc - 1, argv + 1);
+         }
+
       if(cmd == "version")
          {
          std::cout << Botan::version_string() << "\n";
+
+         if(BOTAN_VERSION_MAJOR != version_major() ||
+            BOTAN_VERSION_MINOR != version_minor() ||
+            BOTAN_VERSION_PATCH != version_patch())
+            {
+            std::cout << "Warning: linked version ("
+                      << version_major() << '.'
+                      << version_minor() << '.'
+                      << version_patch()
+                      << ") does not match version built against ("
+                      << BOTAN_VERSION_MAJOR << '.'
+                      << BOTAN_VERSION_MINOR << '.'
+                      << BOTAN_VERSION_PATCH << ")\n";
+            }
+
          return 0;
          }
 
@@ -79,24 +96,37 @@ int main(int argc, char* argv[])
          return 0;
          }
 
-      if(cmd == "speed")
-         return speed_main(argc - 1, argv + 1);
-
       if(cmd == "http_get")
          {
          auto resp = HTTP::GET_sync(argv[2]);
          std::cout << resp << "\n";
          }
 
-      int e = apps_main(cmd, argc - 1, argv + 1);
-
-      if(e == -1)
-         {
-         std::cout << "Unknown command " << cmd << "\n";
-         return help(argc, argv);
-         }
-
-      return e;
+#define CALL_APP(cmdsym)                           \
+   do { if(cmd == #cmdsym) { return cmdsym ##_main (argc - 1, argv + 1); } } while(0)
+
+      CALL_APP(asn1);
+      CALL_APP(base64);
+      CALL_APP(bcrypt);
+      CALL_APP(bzip);
+      CALL_APP(ca);
+      CALL_APP(factor);
+      CALL_APP(fpe);
+      CALL_APP(hash);
+      CALL_APP(keygen);
+      CALL_APP(dsa_sign);
+      CALL_APP(dsa_verify);
+      CALL_APP(pkcs10);
+      CALL_APP(read_ssh);
+      CALL_APP(self_sig);
+      CALL_APP(tls_client);
+      CALL_APP(tls_server);
+      CALL_APP(tls_server_asio);
+      CALL_APP(x509);
+      CALL_APP(speed);
+
+      std::cout << "Unknown command " << cmd << "\n";
+      return help(argc, argv);
       }
    catch(std::exception& e)
       {
diff --git a/src/cmd/tls_server_asio.cpp b/src/cmd/tls_server_asio.cpp
index b49206136..524181510 100644
--- a/src/cmd/tls_server_asio.cpp
+++ b/src/cmd/tls_server_asio.cpp
@@ -2,10 +2,11 @@
 #include <iostream>
 #include <string>
 #include <vector>
+#include <thread>
 #define _GLIBCXX_HAVE_GTHR_DEFAULT
 #include <boost/asio.hpp>
 #include <boost/bind.hpp>
-#include <boost/thread.hpp>
+//#include <boost/thread.hpp>
 #include <boost/shared_ptr.hpp>
 #include <boost/enable_shared_from_this.hpp>
 
@@ -265,7 +266,7 @@ class asio_tls_server
 
 size_t choose_thread_count()
    {
-   size_t result = boost::thread::hardware_concurrency();
+   size_t result = std::thread::hardware_concurrency();
 
    if(result)
       return result;
@@ -291,12 +292,12 @@ int tls_server_asio_main(int argc, char* argv[])
 
       std::cout << "Using " << num_threads << " threads\n";
 
-      std::vector<boost::shared_ptr<boost::thread> > threads;
+      std::vector<boost::shared_ptr<std::thread> > threads;
 
       for(size_t i = 0; i != num_threads; ++i)
          {
-         boost::shared_ptr<boost::thread> thread(
-            new boost::thread(
+         boost::shared_ptr<std::thread> thread(
+            new std::thread(
                boost::bind(&boost::asio::io_service::run, &io_service)));
          threads.push_back(thread);
          }
diff --git a/src/lib/cert/x509/info.txt b/src/lib/cert/x509/info.txt
index 83512857f..a74fd6631 100644
--- a/src/lib/cert/x509/info.txt
+++ b/src/lib/cert/x509/info.txt
@@ -3,6 +3,7 @@ define OCSP 20131128
 
 <requires>
 datastor
+http_util
 </requires>
 
 <libs>
diff --git a/src/lib/engine/core_engine/core_modes.cpp b/src/lib/engine/core_engine/core_modes.cpp
index 6524d9c16..fa8c9babf 100644
--- a/src/lib/engine/core_engine/core_modes.cpp
+++ b/src/lib/engine/core_engine/core_modes.cpp
@@ -10,6 +10,7 @@
 #include <botan/filters.h>
 #include <botan/algo_factory.h>
 #include <botan/mode_pad.h>
+#include <botan/transform_filter.h>
 #include <memory>
 
 #if defined(BOTAN_HAS_MODE_CFB)
@@ -170,11 +171,11 @@ Keyed_Filter* get_cipher_mode(const BlockCipher* block_cipher,
          }
 #endif
 
-#if defined(BOTAN_HAS_AEAD_FILTER)
-
       if(bits % 8 != 0)
          throw std::invalid_argument("AEAD interface does not support non-octet length tags");
 
+#if defined(BOTAN_HAS_AEAD_FILTER)
+
       const size_t tag_size = bits / 8;
 
 #if defined(BOTAN_HAS_AEAD_CCM)
diff --git a/src/lib/pk_pad/get_pk_pad.cpp b/src/lib/pk_pad/get_pk_pad.cpp
index 8c27b1fa1..2809f1714 100644
--- a/src/lib/pk_pad/get_pk_pad.cpp
+++ b/src/lib/pk_pad/get_pk_pad.cpp
@@ -112,8 +112,6 @@ EME* get_eme(const std::string& algo_spec)
    {
    SCAN_Name request(algo_spec);
 
-   Algorithm_Factory& af = global_state().algorithm_factory();
-
    if(request.algo_name() == "Raw")
       return nullptr; // No padding
 
@@ -123,6 +121,8 @@ EME* get_eme(const std::string& algo_spec)
 #endif
 
 #if defined(BOTAN_HAS_EME1)
+   Algorithm_Factory& af = global_state().algorithm_factory();
+
    if(request.algo_name() == "EME1" && request.arg_count_between(1, 2))
       {
       if(request.arg_count() == 1 ||
diff --git a/src/lib/rng/info.txt b/src/lib/rng/info.txt
index 4c88ba382..ba7aa8e6a 100644
--- a/src/lib/rng/info.txt
+++ b/src/lib/rng/info.txt
@@ -1,3 +1,5 @@
 <requires>
 entropy
+auto_rng
+hmac_rng
 </requires>
diff --git a/src/lib/tls/info.txt b/src/lib/tls/info.txt
index adae12cb2..5a5601df5 100644
--- a/src/lib/tls/info.txt
+++ b/src/lib/tls/info.txt
@@ -73,8 +73,10 @@ credentials
 cryptobox_psk
 dh
 ecdh
+ecdsa
 eme_pkcs
 emsa3
+gcm
 hmac
 kdf2
 md5
diff --git a/src/tests/kat_aead.cpp b/src/tests/test_aead.cpp
index 8b46e9177..8b46e9177 100644
--- a/src/tests/kat_aead.cpp
+++ b/src/tests/test_aead.cpp
diff --git a/src/tests/kat_bigint.cpp b/src/tests/test_bigint.cpp
index b71e0af2d..b71e0af2d 100644
--- a/src/tests/kat_bigint.cpp
+++ b/src/tests/test_bigint.cpp
diff --git a/src/tests/kat_block.cpp b/src/tests/test_block.cpp
index 2ef5f8979..2ef5f8979 100644
--- a/src/tests/kat_block.cpp
+++ b/src/tests/test_block.cpp
diff --git a/src/tests/kat_cryptobox.cpp b/src/tests/test_cryptobox.cpp
index 9a53da74c..9a53da74c 100644
--- a/src/tests/kat_cryptobox.cpp
+++ b/src/tests/test_cryptobox.cpp
diff --git a/src/tests/kat_cvc.cpp b/src/tests/test_cvc.cpp
index 9519f0926..9519f0926 100644
--- a/src/tests/kat_cvc.cpp
+++ b/src/tests/test_cvc.cpp
diff --git a/src/tests/kat_dh.cpp b/src/tests/test_dh.cpp
index 890bae632..890bae632 100644
--- a/src/tests/kat_dh.cpp
+++ b/src/tests/test_dh.cpp
diff --git a/src/tests/kat_dlies.cpp b/src/tests/test_dlies.cpp
index 05fdb863f..05fdb863f 100644
--- a/src/tests/kat_dlies.cpp
+++ b/src/tests/test_dlies.cpp
diff --git a/src/tests/kat_dsa.cpp b/src/tests/test_dsa.cpp
index 19c557823..19c557823 100644
--- a/src/tests/kat_dsa.cpp
+++ b/src/tests/test_dsa.cpp
diff --git a/src/tests/kat_ecdsa.cpp b/src/tests/test_ecdsa.cpp
index 32747c7b0..32747c7b0 100644
--- a/src/tests/kat_ecdsa.cpp
+++ b/src/tests/test_ecdsa.cpp
diff --git a/src/tests/kat_elg.cpp b/src/tests/test_elg.cpp
index d94d2813e..332e5ae0e 100644
--- a/src/tests/kat_elg.cpp
+++ b/src/tests/test_elg.cpp
@@ -3,11 +3,15 @@
 
 #include <botan/auto_rng.h>
 #include <botan/pubkey.h>
-#include <botan/elgamal.h>
+#include <botan/dl_group.h>
 #include <botan/hex.h>
 #include <iostream>
 #include <fstream>
 
+#if defined(BOTAN_HAS_ELGAMAL)
+  #include <botan/elgamal.h>
+#endif
+
 using namespace Botan;
 
 namespace {
@@ -27,6 +31,7 @@ size_t elgamal_kat(const std::string& p,
    const BigInt x_bn = BigInt(x);
 
    DL_Group group(p_bn, g_bn);
+#if defined(BOTAN_HAS_ELGAMAL)
    ElGamal_PrivateKey privkey(rng, group, x_bn);
 
    ElGamal_PublicKey pubkey = privkey;
@@ -38,6 +43,9 @@ size_t elgamal_kat(const std::string& p,
    PK_Decryptor_EME dec(privkey, padding);
 
    return validate_encryption(enc, dec, "ElGamal/" + padding, msg, nonce, ciphertext);
+#else
+   return 1;
+#endif
    }
 
 }
@@ -57,4 +65,3 @@ size_t test_elgamal()
 
    return fails;
    }
-
diff --git a/src/tests/kat_gost.cpp b/src/tests/test_gost_3410.cpp
index 4cd43a027..4cd43a027 100644
--- a/src/tests/kat_gost.cpp
+++ b/src/tests/test_gost_3410.cpp
diff --git a/src/tests/kat_hash.cpp b/src/tests/test_hash.cpp
index eaa3ff3b5..eaa3ff3b5 100644
--- a/src/tests/kat_hash.cpp
+++ b/src/tests/test_hash.cpp
diff --git a/src/tests/kat_hkdf.cpp b/src/tests/test_hkdf.cpp
index 25ad4567f..842123968 100644
--- a/src/tests/kat_hkdf.cpp
+++ b/src/tests/test_hkdf.cpp
@@ -1,7 +1,9 @@
 #include "tests.h"
 
 #include <botan/libstate.h>
-#include <botan/hkdf.h>
+#if defined(BOTAN_HAS_HKDF)
+  #include <botan/hkdf.h>
+#endif
 #include <botan/hex.h>
 #include <iostream>
 #include <fstream>
@@ -25,6 +27,7 @@ secure_vector<byte> hkdf(const std::string& hkdf_algo,
    if(!mac_proto)
       throw std::invalid_argument("Bad HKDF hash '" + algo + "'");
 
+#if defined(BOTAN_HAS_HKDF)
    HKDF hkdf(mac_proto->clone(), mac_proto->clone());
 
    hkdf.start_extract(&salt[0], salt.size());
@@ -34,6 +37,9 @@ secure_vector<byte> hkdf(const std::string& hkdf_algo,
    secure_vector<byte> key(L);
    hkdf.expand(&key[0], key.size(), &info[0], info.size());
    return key;
+#else
+   return "";
+#endif
    }
 
 size_t hkdf_test(const std::string& algo,
diff --git a/src/tests/kat_kdf.cpp b/src/tests/test_kdf.cpp
index 0fc627673..0fc627673 100644
--- a/src/tests/kat_kdf.cpp
+++ b/src/tests/test_kdf.cpp
diff --git a/src/tests/kat_keywrap.cpp b/src/tests/test_keywrap.cpp
index a7dcbfe75..a7dcbfe75 100644
--- a/src/tests/kat_keywrap.cpp
+++ b/src/tests/test_keywrap.cpp
diff --git a/src/tests/kat_mac.cpp b/src/tests/test_mac.cpp
index 2b07497aa..2b07497aa 100644
--- a/src/tests/kat_mac.cpp
+++ b/src/tests/test_mac.cpp
diff --git a/src/tests/kat_modes.cpp b/src/tests/test_modes.cpp
index 1c3dad934..1c3dad934 100644
--- a/src/tests/kat_modes.cpp
+++ b/src/tests/test_modes.cpp
diff --git a/src/tests/kat_nr.cpp b/src/tests/test_nr.cpp
index 7946ed324..982e38bc2 100644
--- a/src/tests/kat_nr.cpp
+++ b/src/tests/test_nr.cpp
@@ -3,7 +3,12 @@
 
 #include <botan/auto_rng.h>
 #include <botan/pubkey.h>
-#include <botan/nr.h>
+#include <botan/dl_group.h>
+
+#if defined(BOTAN_HAS_NYBERG_RUEPPEL)
+  #include <botan/nr.h>
+#endif
+
 #include <botan/hex.h>
 #include <iostream>
 #include <fstream>
@@ -26,6 +31,8 @@ size_t nr_sig_kat(const std::string& p,
    BigInt p_bn(p), q_bn(q), g_bn(g), x_bn(x);
 
    DL_Group group(p_bn, q_bn, g_bn);
+
+#if defined(BOTAN_HAS_NYBERG_RUEPPEL)
    NR_PrivateKey privkey(rng, group, x_bn);
 
    NR_PublicKey pubkey = privkey;
@@ -36,6 +43,9 @@ size_t nr_sig_kat(const std::string& p,
    PK_Signer sign(privkey, padding);
 
    return validate_signature(verify, sign, "nr/" + hash, msg, rng, nonce, signature);
+#else
+   return 1;
+#endif
    }
 
 }
diff --git a/src/tests/kat_ocb.cpp b/src/tests/test_ocb.cpp
index b2bd296e0..b76e26189 100644
--- a/src/tests/kat_ocb.cpp
+++ b/src/tests/test_ocb.cpp
@@ -1,12 +1,12 @@
 
 #include "tests.h"
+#include <iostream>
 
+#if defined(BOTAN_HAS_OCB)
 #include <botan/ocb.h>
 #include <botan/hex.h>
 #include <botan/sha2_32.h>
 #include <botan/aes.h>
-#include <iostream>
-//#include <botan/selftest.h>
 
 using namespace Botan;
 
@@ -139,4 +139,12 @@ size_t test_ocb()
    return fails;
    }
 
+#else
+
+size_t test_ocb()
+   {
+   std::cout << "OCB disabled in build\n";
+   return 0;
+   }
 
+#endif
diff --git a/src/tests/kat_passhash.cpp b/src/tests/test_passhash.cpp
index 6f66743c5..6f66743c5 100644
--- a/src/tests/kat_passhash.cpp
+++ b/src/tests/test_passhash.cpp
diff --git a/src/tests/kat_pbkdf.cpp b/src/tests/test_pbkdf.cpp
index 5d97bf0e9..5d97bf0e9 100644
--- a/src/tests/kat_pbkdf.cpp
+++ b/src/tests/test_pbkdf.cpp
diff --git a/src/tests/pubkey.cpp b/src/tests/test_pubkey.cpp
index 85e2924be..85e2924be 100644
--- a/src/tests/pubkey.cpp
+++ b/src/tests/test_pubkey.cpp
diff --git a/src/tests/kat_rng.cpp b/src/tests/test_rng.cpp
index 88e21f62c..88e21f62c 100644
--- a/src/tests/kat_rng.cpp
+++ b/src/tests/test_rng.cpp
diff --git a/src/tests/kat_rsa.cpp b/src/tests/test_rsa.cpp
index 28320ddb0..28320ddb0 100644
--- a/src/tests/kat_rsa.cpp
+++ b/src/tests/test_rsa.cpp
diff --git a/src/tests/kat_rw.cpp b/src/tests/test_rw.cpp
index 4d3bc2d5b..4d3bc2d5b 100644
--- a/src/tests/kat_rw.cpp
+++ b/src/tests/test_rw.cpp
diff --git a/src/tests/kat_stream.cpp b/src/tests/test_stream.cpp
index 707f5d62d..707f5d62d 100644
--- a/src/tests/kat_stream.cpp
+++ b/src/tests/test_stream.cpp
diff --git a/src/tests/kat_transform.cpp b/src/tests/test_transform.cpp
index e53b5b800..5d3c4dc3f 100644
--- a/src/tests/kat_transform.cpp
+++ b/src/tests/test_transform.cpp
@@ -2,7 +2,6 @@
 
 #include <botan/botan.h>
 #include <botan/transform.h>
-#include <botan/threefish.h>
 #include <botan/benchmark.h>
 #include <botan/hex.h>
 #include <iostream>
diff --git a/src/tests/kat_tss.cpp b/src/tests/test_tss.cpp
index f9caddb6f..38d9dfbfa 100644
--- a/src/tests/kat_tss.cpp
+++ b/src/tests/test_tss.cpp
@@ -7,10 +7,13 @@
 #include "tests.h"
 #include <botan/auto_rng.h>
 #include <botan/hex.h>
-#include <botan/tss.h>
 #include <iostream>
 #include <stdio.h>
 
+#if defined(BOTAN_HAS_THRESHOLD_SECRET_SHARING)
+
+#include <botan/tss.h>
+
 namespace {
 
 void print(const Botan::secure_vector<Botan::byte>& r)
@@ -59,3 +62,10 @@ size_t test_tss()
 
    return fails;
    }
+#else
+size_t test_tss()
+   {
+   std::cout << "Skipping TSS tests\n";
+   return 1;
+   }
+#endif