Prepare for 1.1.1a release

Reviewed-by: Richard Levitte <levitte@openssl.org>
Update copyright year
2026-01-15 21:49:45 +00:00 · 2018-11-20 13:35:35 +00:00 · 2018-11-20 13:27:36 +00:00 · 2018-11-20 11:54:46 +00:00 · 2018-11-19 17:26:03 +00:00 · 2018-11-19 10:56:38 +01:00
20622 changed files with 439609 additions and 1055830 deletions
--- a/.ctags.d/add-dir.ctags
+++ b/.ctags.d/add-dir.ctags
@@ -1,11 +0,0 @@
-#
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-#
-
-# Allow ctags to load configuration file under the sub directories.
--optlib-dir=+./.ctags.d
--- a/.ctags.d/exclude.ctags
+++ b/.ctags.d/exclude.ctags
@@ -1,13 +0,0 @@
-#
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-#
-
-# List file names or patterns you want ctags to ignore.
--exclude=.ctags.d
--exclude=test
--exclude=check-format-test-positives.c
--- a/.ctags.d/openssl-stage1/10extrac-macrodefs.ctags
+++ b/.ctags.d/openssl-stage1/10extrac-macrodefs.ctags
@@ -1,18 +0,0 @@
-#
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-#
-
-# This file is only for extracting macro definitions.
--langmap=C:+.h
-o -
--sort=no
--languages=C
-R
-
--fields-C=+{macrodef}
--fields=+{signature}
--- a/.ctags.d/openssl-stage2/.gitignore
+++ b/.ctags.d/openssl-stage2/.gitignore
@@ -1 +0,0 @@
-*macro-definitons.ctags
--- a/.ctags.d/openssl-stage2/10expand-macros.ctags
+++ b/.ctags.d/openssl-stage2/10expand-macros.ctags
@@ -1,9 +0,0 @@
-#
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-#
--param-CPreProcessor._expand=1
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -1,2 +0,0 @@
-# Run util/openssl-format-source -v -c .
-0f113f3ee4d629ef9a4a30911b22b224772085e5
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,17 +1,3 @@
-*.bin binary
 *.der binary
 /fuzz/corpora/** binary
 *.pfx binary
-
-# For git archive
-fuzz/corpora/**                         export-ignore
-Configurations/*.norelease.conf         export-ignore
-# We generally avoid anything with a name starting with a period.
-# However, .ctags.d is precious, so we don't ignore that.
-.*                                      export-ignore
-.ctags.d                                !export-ignore
-util/mktar.sh                           export-ignore
-krb5                                    export-ignore
-pyca-cryptography                       export-ignore
-dev                                     export-ignore
-gost-engine                             export-ignore
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1 +0,0 @@
-github: openssl
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,27 +0,0 @@
-<!--
-NOTE:
-
-    If you're asking about how to use OpenSSL, this isn't the right
-    forum.  Please see our User Support resources:
-    https://github.com/openssl/openssl/blob/master/SUPPORT.md
-
-If relevant, please remember to tell us in what OpenSSL version you
-found the issue.
-
-Please remember to put ``` lines before and after any commands plus
-output and code, like this:
-
-    ```
-    $ echo output output output
-    output output output
-    ```
-
-    ```
-    #include <stdio.h>
-
-    int main() {
-        int foo = 1;
-        printf("%d\n", foo);
-    }
-    ```
-->
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,53 +0,0 @@
---
-name: Bug report
-labels: 'issue: bug report'
-about: Report a defect in the software
-
---
-
-<!--
-Thank you for your bug report. If this is your first one,
-please take the time to read the following lines before posting it.
-
-NOTE:
-
-    If you're asking about how to use OpenSSL, this isn't the right
-    forum.  Please see our User Support resources:
-    https://github.com/openssl/openssl/blob/master/SUPPORT.md
-
-Please remember to tell us in what OpenSSL version you found the issue.
-
-For build issues:
-
-    If this is a build issue, please include the configuration output
-    as well as a log of all errors.  Don't forget to include the exact
-    commands you typed.
-
-    With OpenSSL before 1.1.1, the configuration output comes from the
-    configuration command.  With OpenSSL 1.1.1 and on, it's the output
-    of `perl configdata.pm --dump`
-
-For other issues:
-
-    If it isn't a build issue, example code or commands to reproduce
-    the issue is highly appreciated.
-    Also, please remember to tell us if you worked with your own
-    OpenSSL build or if it is system provided.
-
-Please remember to put ``` lines before and after any commands plus
-output and code, like this:
-
-    ```
-    $ echo output output output
-    output output output
-    ```
-
-    ```
-    #include <stdio.h>
-
-    int main() {
-        int foo = 1;
-        printf("%d\n", foo);
-    }
-    ```
-->
--- a/.github/ISSUE_TEMPLATE/documentation.md
+++ b/.github/ISSUE_TEMPLATE/documentation.md
@@ -1,14 +0,0 @@
---
-name: Documentation
-labels: 'issue: documentation'
-about: Report an error in (or missing) documentation
---
-
-<!--
-Thank you for taking the time to report a documentation issue.
-
-Please remember to tell us which OpenSSL version you are using and then
-briefly describe the documentation error and where you encountered it
-(e.g., in which manual page). If you are missing the documentation for a
-certain command or API function, please tell us its name.
-->
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,34 +0,0 @@
---
-name: Feature request
-labels: 'issue: feature request'
-about: Propose a feature you would like to see added in the software
-
---
-
-<!--
-Thank you for your feature request. If this is your first one,
-please take the time to read the following lines before posting it.
-
-NOTE:
-
-    If you're asking about how to use OpenSSL, this isn't the right
-    forum.  Please see our User Support resources:
-    https://github.com/openssl/openssl/blob/master/SUPPORT.md
-
-Please remember to put ``` lines before and after any commands plus
-output and code, like this:
-
-    ```
-    $ echo output output output
-    output output output
-    ```
-
-    ```
-    #include <stdio.h>
-
-    int main() {
-        int foo = 1;
-        printf("%d\n", foo);
-    }
-    ```
-->
--- a/.github/ISSUE_TEMPLATE/question.md
+++ b/.github/ISSUE_TEMPLATE/question.md
@@ -1,10 +0,0 @@
---
-name: Question
-labels: 'issue: question'
-about: Please use Q&A in Discussions instead
---
-
-Please do NOT use issues to ask questions about OpenSSL.
-
-Instead, please use the [Q&A category in Discussions](<https://github.com/openssl/openssl/discussions/new?category=q-a>)
-to ask your question.
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,11 +1,11 @@
 <!--
 Thank you for your pull request. Please review these requirements:

-Contributors guide: https://github.com/openssl/openssl/blob/master/CONTRIBUTING.md
+Contributors guide: https://github.com/openssl/openssl/blob/master/CONTRIBUTING

 Other than that, provide a description above this comment if there isn't one already

-If this fixes a GitHub issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message.
+If this fixes a github issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message.
 -->

 ##### Checklist
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,15 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    commit-message:
-      prefix: "Dependabot update\n\nCLA: trivial\n\n"
-      include: "scope"
-    labels:
-      - "dependencies"
-      - "cla: trivial"
-      - "approval: review pending"
-    reviewers:
-      - "openssl/committers"
--- a/.github/workflows/build_quic_interop_container.yml
+++ b/.github/workflows/build_quic_interop_container.yml
@@ -1,25 +0,0 @@
-name: "Build openssl interop container from master"
-
-on:
-  schedule:
-    - cron:  '40 02 * * *'
-  workflow_dispatch:
-
-jobs:
-  update_quay_container:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-         fetch-depth: 0
-      - name: "log in to quay.io"
-        run: |
-          docker login -u openssl-ci+machine -p ${{ secrets.QUAY_IO_PASSWORD }} quay.io
-      - name: "Build container"
-        run: |
-          cd test/quic-openssl-docker/
-          docker build -t quay.io/openssl-ci/openssl-quic-interop:latest .
-      - name: "Push to quay"
-        run: |
-          docker push quay.io/openssl-ci/openssl-quic-interop:latest
-
--- a/.github/workflows/build_quic_interop_container_server.yml
+++ b/.github/workflows/build_quic_interop_container_server.yml
@@ -1,26 +0,0 @@
-name: "Build openssl interop container from quic-server"
-
-on:
-  schedule:
-    - cron:  '40 02 * * *'
-  workflow_dispatch:
-
-jobs:
-  update_quay_container:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-         fetch-depth: 0
-         ref: feature/quic-server
-      - name: "log in to quay.io"
-        run: |
-          docker login -u openssl-ci+machine -p ${{ secrets.QUAY_IO_PASSWORD }} quay.io
-      - name: "Build container"
-        run: |
-          cd test/quic-openssl-docker/
-          docker build -t quay.io/openssl-ci/openssl-quic-interop-server:latest --build-arg OPENSSL_URL=https://github.com/openssl/openssl --build-arg OPENSSL_BRANCH=feature/quic-server .
-      - name: "Push to quay"
-        run: |
-          docker push quay.io/openssl-ci/openssl-quic-interop-server:latest
-
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,693 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: GitHub CI
-
-on: [pull_request, push]
-
-# for some reason, this does not work:
-# variables:
-#   BUILDOPTS: "-j4"
-#   HARNESS_JOBS: "${HARNESS_JOBS:-4}"
-
-# for some reason, this does not work:
-# before_script:
-#     - make="make -s"
-
-permissions:
-  contents: read
-
-env:
-  OSSL_RUN_CI_TESTS: 1
-
-jobs:
-  check_update:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install unifdef
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
-    - name: make build_generated
-      run: make -s build_generated
-    - name: make update
-      run: make update
-    - name: git diff
-      run: git diff --exit-code
-
-  check_docs:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
-    - name: make build_generated
-      run: make -s build_generated
-    - name: make doc-nits
-      run: make doc-nits
-    - name: make help
-      run: make help
-    - name: make md-nits
-      run: |
-          sudo gem install mdl
-          make md-nits
-
-  # This checks that we use ANSI C language syntax and semantics.
-  # We are not as strict with libraries, but rather adapt to what's
-  # expected to be available in a certain version of each platform.
-  check-ansi:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: CPPFLAGS='-ansi -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L' ./config --banner=Configured enable-sslkeylog no-asm no-secure-memory no-makedepend enable-buildtest-c++ enable-fips --strict-warnings && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-
-  basic_gcc:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: localegen
-      run: sudo locale-gen tr_TR.UTF-8
-    - name: fipsvendor
-      # Make one fips build use a customized FIPS vendor
-      run: echo "FIPS_VENDOR=CI" >> VERSION.dat
-    - name: config
-      # enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
-      run: CC=gcc ./config --banner=Configured enable-demos enable-h3demo enable-sslkeylog enable-fips enable-quic --strict-warnings && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: check fipsvendor
-      run: |
-        util/wrap.pl -fips apps/openssl list -providers | grep 'name: CI FIPS Provider for OpenSSL$'
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@basic-gcc"
-        path: artifacts.tar.gz
-
-  basic_clang:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: CC=clang ./config --banner=Configured enable-demos enable-h3demo no-fips --strict-warnings && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@basic-clang"
-        path: artifacts.tar.gz
-
-  linux-arm64:
-    runs-on: linux-arm64
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: ./config enable-demos enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@linux-arm64"
-        path: artifacts.tar.gz
-
-  freebsd-x86_64:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: |
-          sudo pkg install -y gcc perl5
-          ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: ./configdata.pm --dump
-    - name: make
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: make -j4
-    - name: make test
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        run: |
-          ./util/opensslwrap.sh version -c
-          .github/workflows/make-test
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@BSD-x86_64"
-        path: artifacts.tar.gz
-
-  minimal:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
-    - name: make
-      run: make -j4 # verbose, so no -s here
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@minimal"
-        path: artifacts.tar.gz
-
-  no-deprecated:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-deprecated enable-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@no-deprecated"
-        path: artifacts.tar.gz
-
-  no-shared-ubuntu:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@no-shared-ubuntu"
-        path: artifacts.tar.gz
-
-  no-shared-macos:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [macos-13, macos-14]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        sysctl machdep.cpu
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@no-shared-${{ matrix.os }}"
-        path: artifacts.tar.gz
-
-  non-caching:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: ./config --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@non-caching"
-        path: artifacts.tar.gz
-
-  address_ub_sanitizer:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: ./config --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@address_ub_sanitizer"
-        path: artifacts.tar.gz
-
-  fuzz_tests:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: ./config --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*"
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@fuzz_tests"
-        path: artifacts.tar.gz
-        if-no-files-found: ignore
-
-  memory_sanitizer:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
-      run: CC=clang ./config --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@memory_sanitizer"
-        path: artifacts.tar.gz
-
-  threads_sanitizer:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@threads_sanitizer"
-        path: artifacts.tar.gz
-
-  enable_non-default_options:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: modprobe tls
-      run: sudo modprobe tls
-    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@enable_non-default_options"
-        path: artifacts.tar.gz
-
-  full_featured:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: modprobe tls
-      run: sudo modprobe tls
-    - name: Enable sctp
-      run: sudo modprobe sctp
-    - name: Enable auth in sctp
-      run: sudo sysctl -w net.sctp.auth_enable=1
-    - name: install extra config support
-      run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
-    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@full_featured"
-        path: artifacts.tar.gz
-
-  no-legacy:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-demos enable-h3demo no-legacy enable-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@no-legacy"
-        path: artifacts.tar.gz
-
-  legacy:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --banner=Configured -Werror --debug no-afalgeng enable-demos enable-h3demo no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: .github/workflows/make-test
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@legacy"
-        path: artifacts.tar.gz
-
-  # out-of-source-and-install checks multiple things at the same time:
-  # - That building, testing and installing works from an out-of-source
-  #   build tree
-  # - That building, testing and installing works with a read-only source
-  #   tree
-  out-of-readonly-source-and-install-ubuntu:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        path: ./source
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-      working-directory: ./source
-    - name: make source read-only
-      run: chmod -R a-w ./source
-    - name: create build and install directories
-      run: |
-        mkdir ./build
-        mkdir ./install
-    - name: config
-      run: |
-        ../source/config --banner=Configured enable-demos enable-h3demo enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
-        perl configdata.pm --dump
-      working-directory: ./build
-    - name: make
-      run: make -s -j4
-      working-directory: ./build
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-      working-directory: ./build
-    - name: make test
-      run: ../source/.github/workflows/make-test
-      working-directory: ./build
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@out-of-readonly-source-and-install-ubuntu"
-        path: build/artifacts.tar.gz
-    - name: make install
-      run: make install
-      working-directory: ./build
-
-  out-of-readonly-source-and-install-macos:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [macos-13, macos-14]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        path: ./source
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-      working-directory: ./source
-    - name: make source read-only
-      run: chmod -R a-w ./source
-    - name: create build and install directories
-      run: |
-        mkdir ./build
-        mkdir ./install
-    - name: config
-      run: |
-        ../source/config --banner=Configured enable-fips enable-demos enable-h3demo enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
-        perl configdata.pm --dump
-      working-directory: ./build
-    - name: make
-      run: make -s -j4
-      working-directory: ./build
-    - name: get cpu info
-      run: |
-        sysctl machdep.cpu
-        ./util/opensslwrap.sh version -c
-      working-directory: ./build
-    - name: make test
-      run: ../source/.github/workflows/make-test
-      working-directory: ./build
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "ci@out-of-readonly-source-and-install-${{ matrix.os }}"
-        path: build/artifacts.tar.gz
-    - name: make install
-      run: make install
-      working-directory: ./build
-
-  external-tests-misc:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: recursive
-    - name: package installs
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy gdb
-    - name: install cpanm and Test2::V0 for gost_engine testing
-      uses: perl-actions/install-with-cpanm@stable
-      with:
-        install: Test2::V0
-    - name: setup hostname workaround
-      run: sudo hostname localhost
-    - name: config
-      run: ./config --banner=Configured --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - uses: dtolnay/rust-toolchain@stable
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: test external gost-engine
-      run: make test TESTS="test_external_gost_engine"
-    - name: test external krb5
-      run: make test TESTS="test_external_krb5"
-    - name: test external tlsfuzzer
-      run: make test TESTS="test_external_tlsfuzzer"
-    - name: test external Cloudflare quiche
-      run: make test TESTS="test_external_cf_quiche" VERBOSE=1
-    - name: test ability to produce debuginfo files
-      run: |
-        make debuginfo
-        gdb < <(echo -e "file ./libcrypto.so.3\nquit") > ./results
-        grep -q "Reading symbols from.*libcrypto\.so\.3\.debug" results
-
-  external-tests-providers:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: recursive
-    - name: package installs
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq install meson pkg-config gnutls-bin libnss3-tools libnss3-dev libsofthsm2 opensc expect
-    - name: config
-      run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: test external oqs-provider
-      run: make test TESTS="test_external_oqsprovider"
-    - name: test external pkcs11-provider
-      run: make test TESTS="test_external_pkcs11_provider" VERBOSE=1
-
-  external-tests-pyca:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        RUST:
-          - 1.51.0
-        PYTHON:
-          - 3.9
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: recursive
-    - name: Configure OpenSSL
-      run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: Setup Python
-      uses: actions/setup-python@v5.3.0
-      with:
-        python-version: ${{ matrix.PYTHON }}
-    - uses: dtolnay/rust-toolchain@master
-      with:
-        toolchain: ${{ matrix.RUST }}
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: test external pyca
-      run: make test TESTS="test_external_pyca" VERBOSE=1
--- a/.github/workflows/compiler-zoo.yml
+++ b/.github/workflows/compiler-zoo.yml
@@ -1,139 +0,0 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Compiler Zoo CI
-
-on: [push]
-
-permissions:
-  contents: read
-
-jobs:
-  compiler:
-    strategy:
-      fail-fast: false
-      matrix:
-        zoo: [
-          {
-            cc: gcc-7,
-            distro: ubuntu-20.04
-          }, {
-            cc: gcc-8,
-            distro: ubuntu-20.04
-          }, {
-            cc: gcc-9,
-            distro: ubuntu-20.04
-          }, {
-            cc: gcc-10,
-            distro: ubuntu-20.04
-          }, {
-            cc: gcc-11,
-            distro: ubuntu-22.04
-          }, {
-            cc: gcc-12,
-            distro: ubuntu-22.04
-          }, {
-            cc: gcc-13,
-            distro: ubuntu-22.04,
-            gcc-ppa-name: ubuntu-toolchain-r/test
-          }, {
-            cc: clang-6.0,
-            distro: ubuntu-20.04
-          }, {
-            cc: clang-7,
-            distro: ubuntu-20.04
-          }, {
-            cc: clang-8,
-            distro: ubuntu-20.04
-          }, {
-            cc: clang-9,
-            distro: ubuntu-20.04
-          }, {
-            cc: clang-10,
-            distro: ubuntu-20.04
-          }, {
-            cc: clang-11,
-            distro: ubuntu-20.04
-          }, {
-            cc: clang-12,
-            distro: ubuntu-20.04
-          }, {
-            cc: clang-13,
-            distro: ubuntu-22.04
-          }, {
-            cc: clang-14,
-            distro: ubuntu-22.04
-          }, {
-            cc: clang-15,
-            distro: ubuntu-22.04,
-            llvm-ppa-name: jammy
-          }, {
-            cc: clang-16,
-            distro: ubuntu-22.04,
-            llvm-ppa-name: jammy
-          }, {
-            cc: clang-17,
-            distro: ubuntu-22.04,
-            llvm-ppa-name: jammy
-          }
-        ]
-    # We set per-compiler now to allow testing with both older and newer sets
-    # Often, the full range of oldest->newest compilers we want aren't available
-    # in a single version of Ubuntu.
-    runs-on: ${{ matrix.zoo.distro }}
-    steps:
-    - name: install packages
-      run: |
-        gcc_ppa_name="${{ matrix.zoo.gcc-ppa-name }}"
-        llvm_ppa_name="${{ matrix.zoo.llvm-ppa-name }}"
-
-        # In the Matrix above:
-        # - we set gcc-ppc-name if the GCC version isn't part of the Ubuntu version we're using (see https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test).
-        # - we set llvm-ppa-name if an LLVM version isn't part of the Ubuntu version we're using (see https://apt.llvm.org/).
-        # This is especially needed because even new Ubuntu LTSes aren't available
-        # until a while after release on Github Actions.
-        if [[ -n ${gcc_ppa_name} ]] ; then
-          sudo add-apt-repository ppa:ubuntu-toolchain-r/test
-          sudo apt-get update
-        elif [[ -n ${llvm_ppa_name} ]] ; then
-            wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key |\
-                gpg --dearmor |\
-                sudo tee /usr/share/keyrings/llvm-snapshot.gpg.key > /dev/null
-
-            clang_version="${{ matrix.zoo.cc }}"
-            clang_version="${clang_version/clang-}"
-
-            echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/${{ matrix.zoo.llvm-ppa-name }}/ llvm-toolchain-${{ matrix.zoo.llvm-ppa-name }}-${clang_version} main" \
-                | sudo tee /etc/apt/sources.list.d/llvm.list
-            echo "deb-src [signed-by=/usr/share/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/${{ matrix.zoo.llvm-ppa-name }}/ llvm-toolchain-${{ matrix.zoo.llvm-ppa-name }}-${clang_version} main" \
-                | sudo tee -a /etc/apt/sources.list.d/llvm.list
-
-            cat /etc/apt/sources.list.d/llvm.list
-        fi
-
-        sudo apt-get update
-        sudo apt-get -y install ${{ matrix.zoo.cc }}
-
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-
-    - name: config
-      run: |
-        CC=${{ matrix.zoo.cc }} ./config --banner=Configured no-shared \
-            -Wall -Werror enable-fips --strict-warnings
-
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
--- a/.github/workflows/coveralls.yml
+++ b/.github/workflows/coveralls.yml
@@ -1,93 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Coverage
-
-# Run once a day
-on:
-  schedule:
-    - cron:  '15 02 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  coverage:
-    permissions:
-      checks: write     # for coverallsapp/github-action to create new checks
-      contents: read    # for actions/checkout to fetch code
-    strategy:
-      fail-fast: false
-      matrix:
-        branches: [
-          {
-            branch: openssl-3.4,
-            extra_config: no-afalgeng enable-fips enable-tfo
-          }, {
-            branch: openssl-3.3,
-            extra_config: no-afalgeng enable-fips enable-tfo
-          }, {
-            branch: openssl-3.2,
-            extra_config: no-afalgeng enable-fips enable-tfo
-          }, {
-            branch: openssl-3.1,
-            extra_config: no-afalgeng enable-fips
-          }, {
-            branch: openssl-3.0,
-            extra_config: no-afalgeng enable-fips
-          }, {
-            branch: master,
-            extra_config: no-afalgeng enable-fips enable-tfo
-          }
-        ]
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        submodules: recursive
-        ref: ${{ matrix.branches.branch }}
-    - name: cache commit id
-      run: |
-        echo "githubid=`/usr/bin/git log -1 --format='%H'`" >>$GITHUB_ENV
-    - name: package installs
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq install lcov
-        sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
-    - name: install Test2::V0 for gost_engine testing
-      uses: perl-actions/install-with-cpanm@stable
-      with:
-        install: Test2::V0
-    - name: setup hostname workaround
-      run: sudo hostname localhost
-    - name: config
-      run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test TESTS='-test_external_krb5'
-    - name: generate coverage info
-      run: lcov -d . -c
-             --exclude "${PWD}/test/*"
-             --exclude "${PWD}/fuzz/*"
-             --exclude "/usr/include/*"
-             --ignore-errors mismatch
-              -o ./lcov.info
-    - name: Coveralls upload
-      uses: coverallsapp/github-action@v2.3.2
-      with:
-        github-token: ${{ secrets.github_token }}
-        git-branch: ${{ matrix.branches.branch }}
-        git-commit: ${{ env.githubid }}
-        path-to-lcov: ./lcov.info
--- a/.github/workflows/cross-compiles.yml
+++ b/.github/workflows/cross-compiles.yml
@@ -1,226 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Cross Compile
-
-on: [pull_request, push]
-
-permissions:
-  contents: read
-
-jobs:
-  cross-compilation:
-    strategy:
-      fail-fast: false
-      matrix:
-        # The platform matrix specifies:
-        #   arch: the architecture to build for, this defines the tool-chain
-        #         prefix {arch}- and the Debian compiler package gcc-{arch}
-        #         name.
-        #   libs: the Debian package for the necessary link/runtime libraries.
-        #   target: the OpenSSL configuration target to use, this is passed
-        #           directly to the config command line.
-        #   fips:   set to "no" to disable building FIPS, leave unset to
-        #           build the FIPS provider.
-        #   tests: omit this to run all the tests using QEMU, set it to "none"
-        #          to never run the tests, otherwise its value is passed to
-        #          the "make test" command to allow selective disabling of
-        #          tests.
-        #   qemucpu: optional; string that describes CPU properties.
-        #            The string will be used to set the QEMU_CPU variable.
-        #   opensslcapsname: optional; string that describes the postfix of the
-        #                    OpenSSL environment variable that defines CPU
-        #                    capabilities. E.g. "foo" will result in an
-        #                    environment variable with the name OPENSSL_foo.
-        #   opensslcaps: optional; if opensslcapsname (see above) is set, then
-        #                this string will be used as content for the OpenSSL
-        #                capabilities variable.
-        #   ppa:   Launchpad PPA repository to download packages from.
-        platform: [
-          {
-            arch: i386-pc-msdosdjgpp,
-            libs: libc-djgpp-dev libwatt-djgpp-dev djgpp-utils,
-            target: no-threads 386 DJGPP,
-            tests: none,
-            ppa: jwt27/djgpp-toolchain
-          }, {
-            arch: aarch64-linux-gnu,
-            libs: libc6-dev-arm64-cross,
-            target: linux-aarch64
-          }, {
-            arch: alpha-linux-gnu,
-            libs: libc6.1-dev-alpha-cross,
-            target: linux-alpha-gcc
-          }, {
-            arch: arm-linux-gnueabi,
-            libs: libc6-dev-armel-cross,
-            target: linux-armv4,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            arch: arm-linux-gnueabihf,
-            libs: libc6-dev-armhf-cross,
-            target: linux-armv4,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            # gcc hppa seems to have some potential compiler issues
-            # with -O2 on this platform, reduce optimization to -01
-            arch: hppa-linux-gnu,
-            libs: libc6-dev-hppa-cross,
-            target: -static -O1 linux-generic32,
-            fips: no,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            arch: m68k-linux-gnu,
-            libs: libc6-dev-m68k-cross,
-            target: -static -m68040 linux-latomic -Wno-stringop-overflow,
-            fips: no,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            arch: mips-linux-gnu,
-            libs: libc6-dev-mips-cross,
-            target: -static linux-mips32,
-            fips: no,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            arch: mips64-linux-gnuabi64,
-            libs: libc6-dev-mips64-cross,
-            target: -static linux64-mips64,
-            fips: no
-          }, {
-            arch: mipsel-linux-gnu,
-            libs: libc6-dev-mipsel-cross,
-            target: linux-mips32,
-            tests: -test_includes -test_store -test_x509_store
-          }, {
-            arch: powerpc64le-linux-gnu,
-            libs: libc6-dev-ppc64el-cross,
-            # The default compiler for this platform on Ubuntu 20.04 seems
-            # buggy and causes test failures. Dropping the optimisation level
-            # resolves it.
-            target: -O2 linux-ppc64le
-          }, {
-            arch: riscv64-linux-gnu,
-            libs: libc6-dev-riscv64-cross,
-            target: linux64-riscv64
-          }, {
-            arch: s390x-linux-gnu,
-            libs: libc6-dev-s390x-cross,
-            target: linux64-s390x -Wno-stringop-overflow
-          }, {
-            arch: sh4-linux-gnu,
-            libs: libc6-dev-sh4-cross,
-            target: no-async linux-latomic,
-            tests: -test_includes -test_store -test_x509_store
-          },
-
-          # These build with shared libraries but they crash when run
-          # They mirror static builds above in order to cover more of the
-          # code base.
-          {
-            arch: hppa-linux-gnu,
-            libs: libc6-dev-hppa-cross,
-            target: linux-generic32,
-            tests: none
-          }, {
-            arch: m68k-linux-gnu,
-            libs: libc6-dev-m68k-cross,
-            target: -mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic,
-            tests: none
-          }, {
-            arch: mips-linux-gnu,
-            libs: libc6-dev-mips-cross,
-            target: linux-mips32,
-            tests: none
-          }, {
-            arch: mips64-linux-gnuabi64,
-            libs: libc6-dev-mips64-cross,
-            target: linux64-mips64,
-            tests: none
-          },
-
-          # This build doesn't execute either with or without shared libraries.
-          {
-            arch: sparc64-linux-gnu,
-            libs: libc6-dev-sparc64-cross,
-            target: linux64-sparcv9,
-            tests: none
-          }
-        ]
-    runs-on: ubuntu-latest
-    steps:
-    - name: install package repository
-      if: matrix.platform.ppa != ''
-      run: |
-        sudo add-apt-repository ppa:${{ matrix.platform.ppa }}
-    - name: install packages
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --force-yes install \
-            gcc-${{ matrix.platform.arch }} \
-            ${{ matrix.platform.libs }}
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-
-    - name: config with FIPS
-      if: matrix.platform.fips != 'no'
-      run: |
-        ./config --banner=Configured --strict-warnings enable-fips \
-                 --cross-compile-prefix=${{ matrix.platform.arch }}- \
-                 ${{ matrix.platform.target }}
-    - name: config without FIPS
-      if: matrix.platform.fips == 'no'
-      run: |
-        ./config --banner=Configured --strict-warnings \
-                 --cross-compile-prefix=${{ matrix.platform.arch }}- \
-                 ${{ matrix.platform.target }}
-    - name: config dump
-      run: ./configdata.pm --dump
-
-    - name: make
-      run: make -s -j4
-
-    - name: install qemu
-      if: matrix.platform.tests != 'none'
-      run: sudo apt-get -yq --force-yes install qemu-user
-
-    - name: Set QEMU environment
-      if: matrix.platform.qemucpu != ''
-      run: echo "QEMU_CPU=${{ matrix.platform.qemucpu }}" >> $GITHUB_ENV
-
-    - name: Set OpenSSL caps environment
-      if: matrix.platform.opensslcapsname != ''
-      run: echo "OPENSSL_${{ matrix.platform.opensslcapsname }}=\
-                 ${{ matrix.platform.opensslcaps }}" >> $GITHUB_ENV
-
-    - name: get cpu info
-      run: cat /proc/cpuinfo
-
-    - name: make all tests
-      if: github.event_name == 'push' && matrix.platform.tests == ''
-      run: |
-        .github/workflows/make-test \
-                  TESTS="-test_afalg" \
-                  QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
-    - name: make some tests
-      if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != ''
-      run: |
-        .github/workflows/make-test \
-                  TESTS="${{ matrix.platform.tests }} -test_afalg" \
-                  QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
-    - name: make evp tests
-      if: github.event_name == 'pull_request' && matrix.platform.tests != 'none'
-      run: |
-        .github/workflows/make-test \
-                  TESTS="test_evp*" \
-                  QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
-    - name: save artifacts
-      uses: actions/upload-artifact@v4
-      with:
-        name: "cross-compiles@${{ matrix.platform.arch }}"
-        path: artifacts.tar.gz
-        if-no-files-found: ignore
--- a/.github/workflows/deploy-docs-openssl-org.yml
+++ b/.github/workflows/deploy-docs-openssl-org.yml
@@ -1,23 +0,0 @@
-name: "Trigger docs.openssl.org deployment"
-
-on:
-  push:
-    branches:
-      - "openssl-3.[0-9]+"
-      - "master"
-    paths:
-      - "doc/man*/**"
-
-jobs:
-  trigger:
-    runs-on: ubuntu-latest
-    steps:
-      - name: "Trigger deployment workflow"
-        run: |
-          gh workflow run -f branch=${{ github.ref_name }} deploy-site.yaml
-          sleep 3
-          RUN_ID=$(gh run list -w deploy-site.yaml -L 1 --json databaseId -q ".[0].databaseId")
-          gh run watch ${RUN_ID} --exit-status
-        env:
-          GH_REPO: "openssl/openssl-docs"
-          GH_TOKEN: ${{ secrets.OPENSSL_MACHINE_TOKEN }}
--- a/.github/workflows/fips-checksums.yml
+++ b/.github/workflows/fips-checksums.yml
@@ -1,119 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: FIPS Check and ABIDIFF
-on: [pull_request]
-
-permissions:
-  contents: read
-
-jobs:
-  compute-checksums:
-    runs-on: ubuntu-latest
-    steps:
-      - name: install unifdef
-        run: |
-            sudo apt-get update
-            sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
-      - name: create build dirs
-        run: |
-          mkdir ./build-pristine
-          mkdir ./source-pristine
-          mkdir ./build
-          mkdir ./source
-          mkdir ./artifact
-      - uses: actions/checkout@v4
-        with:
-          repository: ${{ github.event.pull_request.base.repo.full_name }}
-          ref: ${{ github.event.pull_request.base.ref }}
-          path: source-pristine
-      - name: config pristine
-        run: ../source-pristine/config enable-fips
-        working-directory: ./build-pristine
-      - name: config pristine dump
-        run: ./configdata.pm --dump
-        working-directory: ./build-pristine
-      - name: make build_generated pristine
-        run: make -s build_generated
-        working-directory: ./build-pristine
-      - name: make fips-checksums pristine
-        run: make fips-checksums
-        working-directory: ./build-pristine
-      - uses: actions/checkout@v4
-        with:
-          path: source
-      - name: config
-        run: ../source/config enable-fips
-        working-directory: ./build
-      - name: config dump
-        run: ./configdata.pm --dump
-        working-directory: ./build
-      - name: make build_generated
-        run: make -s build_generated
-        working-directory: ./build
-      - name: make fips-checksums
-        run: make fips-checksums
-        working-directory: ./build
-      - name: update checksums
-        run: |
-          cp -a build-pristine/providers/fips.module.sources.new source/providers/fips.module.sources
-          cp -a build-pristine/providers/fips-sources.checksums.new source/providers/fips-sources.checksums
-          cp -a build-pristine/providers/fips.checksum.new source/providers/fips.checksum
-      - name: make diff-fips-checksums
-        run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED )
-        working-directory: ./build
-      - name: save PR number
-        run: echo ${{ github.event.number }} > ./artifact/pr_num
-      - name: save artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: fips_checksum
-          path: artifact/
-
-  compute-abidiff:
-    runs-on: ubuntu-latest
-    env:
-      BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd
-    steps:
-      - name: create build dirs
-        run: |
-          mkdir ./build-pristine
-          mkdir ./source-pristine
-          mkdir ./build
-          mkdir ./source
-          mkdir ./artifact
-      - name: install extra config support
-        run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
-      - uses: actions/checkout@v4
-        with:
-          repository: ${{ github.event.pull_request.base.repo.full_name }}
-          ref: ${{ github.event.pull_request.base.ref }}
-          path: source-pristine
-      - name: config pristine
-        run: ../source-pristine/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
-        working-directory: ./build-pristine
-      - name: make pristine
-        run: make -s -j4
-        working-directory: ./build-pristine
-      - uses: actions/checkout@v4
-        with:
-          path: source
-      - name: config
-        run: ../source/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
-        working-directory: ./build
-      - name: make
-        run: make -s -j4
-        working-directory: ./build
-      - name: abidiff
-        run: abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libcrypto.so ./build/libcrypto.so && abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libssl.so ./build/libssl.so && touch ./artifact/abi_unchanged || ( touch ./artifact/abi_changed ; echo ABI CHANGED )
-      - name: save PR number
-        run: echo ${{ github.event.number }} > ./artifact/pr_num
-      - name: save artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: abidiff
-          path: artifact/
--- a/.github/workflows/fips-label.yml
+++ b/.github/workflows/fips-label.yml
@@ -1,141 +0,0 @@
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: FIPS and ABI Changed Label
-on:
-  workflow_run:
-    workflows: ["FIPS Check and ABIDIFF"]
-    types:
-      - completed
-
-permissions:
-  contents: read
-
-jobs:
-  apply-label:
-    permissions:
-      actions: read
-      pull-requests: write
-    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.event == 'pull_request' }}
-    steps:
-      - name: 'Download fipscheck artifact'
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-        uses: actions/github-script@v7
-        with:
-          script: |
-            var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: ${{github.event.workflow_run.id }},
-            });
-            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "fips_checksum"
-            })[0];
-            var download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
-            });
-            var fs = require('fs');
-            fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
-      - run: unzip artifact.zip
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-      - name: 'Check artifact and apply'
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            var fs = require('fs');
-            var pr_num = Number(fs.readFileSync('./pr_num'));
-            if ( fs.existsSync('./fips_changed') ) {
-              github.rest.issues.addLabels({
-                issue_number: pr_num,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                labels: ['severity: fips change']
-              });
-            } else if ( fs.existsSync('./fips_unchanged') ) {
-              var labels = await github.rest.issues.listLabelsOnIssue({
-                issue_number: pr_num,
-                owner: context.repo.owner,
-                repo: context.repo.repo
-              });
-
-              for ( var label in labels.data ) {
-                if (labels.data[label].name == 'severity: fips change') {
-                  github.rest.issues.removeLabel({
-                    issue_number: pr_num,
-                    owner: context.repo.owner,
-                    repo: context.repo.repo,
-                    name: 'severity: fips change'
-                  });
-                }
-              }
-            }
-      - name: 'Cleanup artifact'
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-        run: rm artifact.zip pr_num
-
-      - name: 'Download abidiff artifact'
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-        uses: actions/github-script@v7
-        with:
-          script: |
-            var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               run_id: ${{github.event.workflow_run.id }},
-            });
-            var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-              return artifact.name == "abidiff"
-            })[0];
-            var download = await github.rest.actions.downloadArtifact({
-               owner: context.repo.owner,
-               repo: context.repo.repo,
-               artifact_id: matchArtifact.id,
-               archive_format: 'zip',
-            });
-            var fs = require('fs');
-            fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
-      - run: unzip artifact.zip
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-      - name: 'Check artifact and apply'
-        if: ${{ github.event.workflow_run.conclusion == 'success' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            var fs = require('fs');
-            var pr_num = Number(fs.readFileSync('./pr_num'));
-            if ( fs.existsSync('./abi_changed') ) {
-              github.rest.issues.addLabels({
-                issue_number: pr_num,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                labels: ['severity: ABI change']
-              });
-            } else if ( fs.existsSync('./abi_unchanged') ) {
-              var labels = await github.rest.issues.listLabelsOnIssue({
-                issue_number: pr_num,
-                owner: context.repo.owner,
-                repo: context.repo.repo
-              });
-
-              for ( var label in labels.data ) {
-                if (labels.data[label].name == 'severity: ABI change') {
-                  github.rest.issues.removeLabel({
-                    issue_number: pr_num,
-                    owner: context.repo.owner,
-                    repo: context.repo.repo,
-                    name: 'severity: ABI change'
-                  });
-                }
-              }
-            }
--- a/.github/workflows/fuzz-checker.yml
+++ b/.github/workflows/fuzz-checker.yml
@@ -1,79 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Fuzz-checker CI
-
-on: [push]
-
-permissions:
-  contents: read
-
-jobs:
-  fuzz-checker:
-    strategy:
-      fail-fast: false
-      matrix:
-        fuzzy: [
-          {
-            name: AFL,
-            config: enable-fuzz-afl no-module,
-            install: afl++,
-            cc: afl-clang-fast
-          }, {
-            name: libFuzzer,
-            config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function,
-            libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
-            install: libfuzzer-18-dev,
-            cc: clang-18,
-            linker: clang++-18,
-            tests: -test_memleak
-          }, {
-            name: libFuzzer+,
-            config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
-            libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
-            extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
-            install: libfuzzer-18-dev,
-            cc: clang-18,
-            linker: clang++-18,
-            tests: -test_memleak
-          }
-        ]
-    runs-on: ubuntu-24.04
-    steps:
-    - name: install packages
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - uses: actions/checkout@v4
-
-    - name: config
-      run: |
-        CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
-            ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
-
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make with explicit linker
-      if: matrix.fuzzy.linker != ''
-      run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
-    - name: make sans explicit linker
-      if: matrix.fuzzy.linker == ''
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test restricted
-      if: matrix.fuzzy.tests != ''
-      run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
-    - name: make test all
-      if: matrix.fuzzy.tests == ''
-      run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4}
--- a/.github/workflows/interop-tests.yml
+++ b/.github/workflows/interop-tests.yml
@@ -1,55 +0,0 @@
-# Notes:
-# /__w/openssl is the path that github bind-mounts into the container so the ci
-# filesystem for this job can be reached.  Please note that any changes made to
-# this job involving file system paths should be made prefixed with, or relative
-# to that directory
-name: Interoperability tests with GnuTLS and NSS
-on:
-  schedule:
-    - cron: '55 02 * * *'
-  workflow_dispatch:
-
-jobs:
-  test:
-    runs-on: ubuntu-22.04
-    container:
-      image: docker.io/fedora:40
-      options: --sysctl net.ipv6.conf.lo.disable_ipv6=0
-    timeout-minutes: 90
-    strategy:
-      fail-fast: false
-      matrix:
-        COMPONENT: [gnutls, nss]
-    env:
-      COMPONENT: ${{ matrix.COMPONENT }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Display environment
-        run: export
-      - name : Install needed tools
-        run: |
-          dnf -y install perl gcc rpmdevtools dnf-utils make tmt-all beakerlib \
-                 fips-mode-setup crypto-policies-scripts
-      - name: install interop tests
-        run: |
-          cd ${GITHUB_WORKSPACE}
-          git clone --branch=openssl-v0.1 --depth=1 https://gitlab.com/redhat-crypto/tests/interop.git
-      - name: build openssl as an rpm
-        run: |
-          mkdir -p /build/SPECS && cd /build && echo -e "%_topdir /build\n%_lto_cflags %{nil}" >~/.rpmmacros && rpmdev-setuptree
-          cd /build && cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.spec SPECS/ && \
-          cd SPECS/ && source ${GITHUB_WORKSPACE}/VERSION.dat && \
-          sed -i "s/^Version: .*\$/Version: $MAJOR.$MINOR.$PATCH/" openssl.spec && \
-          sed -i 's/^Release: .*$/Release: dev/' openssl.spec
-          yum-builddep -y /build/SPECS/openssl.spec # just for sure nothing is missing
-          mkdir -p /build/SOURCES
-          tar --transform "s/^__w\/openssl\/openssl/openssl-$MAJOR.$MINOR.$PATCH/" -czf /build/SOURCES/openssl-$MAJOR.$MINOR.$PATCH.tar.gz /__w/openssl/openssl/
-          rpmbuild -bb /build/SPECS/openssl.spec
-          dnf install -y /build/RPMS/x86_64/openssl-*
-          cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.cnf /etc/pki/tls/openssl.cnf
-      - name: Run interop tests
-        run: |
-          cd interop
-          tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local --feeling-safe execute -h tmt --interactive
-          openssl version
-          echo "Finished - important to prevent unwanted output truncating"
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,33 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: CIFuzz
-on: [pull_request, push]
-permissions:
-  contents: read
-
-jobs:
-  Fuzzing:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Build Fuzzers
-      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
-      with:
-        oss-fuzz-project-name: 'openssl'
-        dry-run: false
-    - name: Run Fuzzers
-      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
-      with:
-        oss-fuzz-project-name: 'openssl'
-        fuzz-seconds: 600
-        dry-run: false
-    - name: Upload Crash
-      uses: actions/upload-artifact@v4
-      if: failure()
-      with:
-        name: artifacts
-        path: ./out/artifacts
--- a/.github/workflows/make-release.yml
+++ b/.github/workflows/make-release.yml
@@ -1,41 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: "Make release"
-
-on:
-  push:
-    tags:
-      - "openssl-*"
-
-jobs:
-  release:
-    runs-on: "releaser"
-    steps:
-    - name: "Checkout"
-      uses: "actions/checkout@v4"
-      with:
-        fetch-depth: 1
-        ref: ${{ github.ref_name }}
-        github-server-url: "https://github.openssl.org/"
-        repository: "openssl/openssl"
-        token: ${{ secrets.GHE_TOKEN }}
-        path: ${{ github.ref_name }}
-    - name: "Prepare assets"
-      run: |
-        cd ${{ github.ref_name }}
-        ./util/mktar.sh
-        mkdir assets && mv ${{ github.ref_name }}.tar.gz assets/ && cd assets
-        openssl sha1 < ${{ github.ref_name }}.tar.gz | cut -d " " -f 2 > ${{ github.ref_name }}.tar.gz.sha1
-        openssl sha256 < ${{ github.ref_name }}.tar.gz | cut -d " " -f 2 > ${{ github.ref_name }}.tar.gz.sha256
-        gpg -u ${{ vars.signing_key_uid }} -o ${{ github.ref_name }}.tar.gz.asc -sba ${{ github.ref_name }}.tar.gz
-    - name: "Create release"
-      env:
-        GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
-      run: |
-        VERSION=$(echo ${{ github.ref_name }} | cut -d "-" -f 2-)
-        gh release create ${{ github.ref_name }} -t "OpenSSL $VERSION" -d --notes " " -R ${{ github.repository }} ${{ github.ref_name }}/assets/*
--- a/.github/workflows/make-test
+++ b/.github/workflows/make-test
@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-set -eo pipefail
-
-cleanup() {
-    # Remove if nothing was generated.
-    [ -d artifacts ] && find artifacts -type d -empty -delete
-}
-trap cleanup EXIT
-
-# Make a central directory to store all output artifacts of our test run to
-# avoid having to configure multiple upload-artifacts steps in the workflow
-# file.
-OSSL_CI_ARTIFACTS_PATH="artifacts/"
-if [ -n "${GITHUB_RUN_NUMBER}" ]; then
-    OSSL_CI_ARTIFACTS_PATH="artifacts/github-${GITHUB_JOB}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ID}/"
-fi
-mkdir -p "$OSSL_CI_ARTIFACTS_PATH"
-export OSSL_CI_ARTIFACTS_PATH="$(cd "$OSSL_CI_ARTIFACTS_PATH"; pwd)"
-
-# Run the tests. This might fail, but we need to capture artifacts anyway.
-set +e
-make test HARNESS_JOBS=${HARNESS_JOBS:-4} "$@"
-RESULT=$?
-set -e
-
-# Move an interesting subset of the test-runs data we want into the artifacts
-# staging directory.
-for test_name in quic_multistream; do
-    if [ -d "test-runs/test_${test_name}" ]; then
-        mv "test-runs/test_${test_name}" "$OSSL_CI_ARTIFACTS_PATH/"
-    fi
-done
-
-# Log the artifact tree.
-echo "::group::List of artifact files generated"
-echo "Test suite exited with $RESULT, artifacts path is $OSSL_CI_ARTIFACTS_PATH"
-(cd "$OSSL_CI_ARTIFACTS_PATH"; find . -type f | sort)
-echo "::endgroup::"
-
-echo "Archive artifacts"
-tar -czvf artifacts.tar.gz $OSSL_CI_ARTIFACTS_PATH
-
-exit $RESULT
--- a/.github/workflows/os-zoo.yml
+++ b/.github/workflows/os-zoo.yml
@@ -1,245 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: OS Zoo CI
-
-on:
-  schedule:
-    - cron: '50 02 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  alpine:
-    strategy:
-      fail-fast: false
-      matrix:
-        tag: [edge, latest]
-        cc: [gcc, clang]
-    runs-on: ubuntu-latest
-    container:
-      image: docker.io/library/alpine:${{ matrix.tag }}
-    env:
-      # See https://www.openwall.com/lists/musl/2022/02/16/14
-      # for the reason why -Wno-sign-compare is needed with clang
-      # -Wno-stringop-overflow is needed to silence a bogus
-      # warning on new fortify-headers with gcc
-      EXTRA_CFLAGS: ${{ matrix.cc == 'clang' && '-Wno-sign-compare' || matrix.tag == 'edge' && '-Wno-stringop-overflow' || '' }}
-      CC: ${{ matrix.cc }}
-    steps:
-    - name: install packages
-      run: apk --no-cache add build-base perl linux-headers ${{ matrix.cc }}
-    - uses: actions/checkout@v4
-    - name: config
-      run: |
-        ./config --banner=Configured no-shared -Wall -Werror enable-fips --strict-warnings \
-                 ${EXTRA_CFLAGS}
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  linux:
-    strategy:
-      fail-fast: false
-      matrix:
-        zoo:
-          - image: docker.io/library/debian:10
-            install: apt-get update && apt-get install -y gcc make perl
-          - image: docker.io/library/debian:11
-            install: apt-get update && apt-get install -y gcc make perl
-          - image: docker.io/library/debian:12
-            install: apt-get update && apt-get install -y gcc make perl
-          - image: docker.io/library/ubuntu:20.04
-            install: apt-get update && apt-get install -y gcc make perl
-          - image: docker.io/library/ubuntu:22.04
-            install: apt-get update && apt-get install -y gcc make perl
-          - image: docker.io/library/fedora:38
-            install: dnf install -y gcc make perl-core
-          - image: docker.io/library/fedora:39
-            install: dnf install -y gcc make perl-core
-          - image: docker.io/library/centos:8
-            install: |
-              sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && \
-              sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* && \
-              dnf install -y gcc make perl-core
-          - image: docker.io/library/rockylinux:8
-            install: dnf install -y gcc make perl-core
-          - image: docker.io/library/rockylinux:9
-            install: dnf install -y gcc make perl-core
-    runs-on: ubuntu-latest
-    container: ${{ matrix.zoo.image }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: install packages
-      run: ${{ matrix.zoo.install }}
-    - name: config
-      run: ./config
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  macos:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [macos-13, macos-14, macos-15]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --banner=Configured -Wall -Werror --strict-warnings enable-fips
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        sysctl machdep.cpu
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  windows:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [windows-2019, windows-2022]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-    - uses: ilammy/setup-nasm@v1
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: config
-      working-directory: _build
-      run: perl ..\Configure --banner=Configured no-makedepend enable-fips
-    - name: config dump
-      working-directory: _build
-      run: ./configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake /S
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: get cpu info
-      working-directory: _build
-      run: |
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        apps/openssl.exe version -c
-    - name: test
-      working-directory: _build
-      run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4
-
-  linux-arm64:
-    runs-on: linux-arm64
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -j4
-    - name: get cpu info
-      run: ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  linux-ppc64le:
-    runs-on: linux-ppc64le
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  linux-s390x:
-    runs-on: linux-s390x
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      run: ./config enable-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  freebsd-x86_64:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: config
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: |
-          sudo pkg install -y gcc perl5
-          ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
-    - name: config dump
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: ./configdata.pm --dump
-    - name: make
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        shutdown_vm: false
-        run: make -j4
-    - name: make test
-      uses: cross-platform-actions/action@v0.26.0
-      with:
-        operating_system: freebsd
-        version: "13.4"
-        run: |
-          ./util/opensslwrap.sh version -c
-          .github/workflows/make-test
--- a/.github/workflows/prov-compat-label.yml
+++ b/.github/workflows/prov-compat-label.yml
@@ -1,272 +0,0 @@
-# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# This verifies that FIPS and legacy providers built against some earlier
-# released versions continue to run against the current branch.
-
-name: Provider compatibility for PRs
-
-on: [pull_request]
-
-permissions:
-  contents: read
-
-env:
-  opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
-
-jobs:
-  fips-releases:
-    if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
-    strategy:
-      matrix:
-        release: [
-          # Formally released versions should be added here.
-          #     `dir' it the directory inside the tarball.
-          #     `tgz' is the name of the tarball.
-          #     `url' is the download URL.
-          {
-            dir: openssl-3.0.0,
-            tgz: openssl-3.0.0.tar.gz,
-            url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
-          },
-          {
-            dir: openssl-3.0.8,
-            tgz: openssl-3.0.8.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
-          },
-          {
-            dir: openssl-3.0.9,
-            tgz: openssl-3.0.9.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
-          },
-          {
-            dir: openssl-3.1.2,
-            tgz: openssl-3.1.2.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
-          },
-        ]
-
-    runs-on: ubuntu-latest
-    steps:
-      - name: create download directory
-        run: mkdir downloads
-      - name: download release source
-        run: wget --no-verbose ${{ matrix.release.url }}
-        working-directory: downloads
-      - name: unpack release source
-        run: tar xzf downloads/${{ matrix.release.tgz }}
-
-      - name: localegen
-        run: sudo locale-gen tr_TR.UTF-8
-
-      - name: config release
-        run: |
-          ./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
-        working-directory: ${{ matrix.release.dir }}
-      - name: config dump release
-        run: ./configdata.pm --dump
-        working-directory: ${{ matrix.release.dir }}
-
-      - name: make release
-        run: make -s -j4
-        working-directory: ${{ matrix.release.dir }}
-
-      - name: create release artifacts
-        run: |
-          tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
-
-      - name: show module versions from release
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.release.dir }}
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.release.tgz }}
-          path: ${{ matrix.release.tgz }}
-          retention-days: 7
-
-  development-branches:
-    if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
-    strategy:
-      matrix:
-        branch: [
-          # Currently supported FIPS capable branches should be added here.
-          #     `name' is the branch name used to checkout out.
-          #     `dir' directory that will be used to build and test in.
-          #     `tgz' is the name of the tarball use to keep the artifacts of
-          #         the build.
-          {
-            name: '',
-            dir: PR,
-            tgz: PR.tar.gz,
-          }, {
-            name: openssl-3.0,
-            dir: branch-3.0,
-            tgz: branch-3.0.tar.gz,
-          }, {
-            name: openssl-3.1,
-            dir: branch-3.1,
-            tgz: branch-3.1.tar.gz,
-          }, {
-            name: openssl-3.2,
-            dir: branch-3.2,
-            tgz: branch-3.2.tar.gz,
-          }, {
-            name: openssl-3.3,
-            dir: branch-3.3,
-            tgz: branch-3.3.tar.gz,
-          }, {
-            name: openssl-3.4,
-            dir: branch-3.4,
-            tgz: branch-3.4.tar.gz,
-          }, {
-            name: master,
-            dir: branch-master,
-            tgz: branch-master.tar.gz,
-          },
-        ]
-
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          path: ${{ matrix.branch.dir }}
-          repository: openssl/openssl
-          ref: ${{ matrix.branch.name }}
-      - name: localegen
-        run: sudo locale-gen tr_TR.UTF-8
-
-      - name: config branch
-        run: |
-          ./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
-        working-directory: ${{ matrix.branch.dir }}
-      - name: config dump current
-        run: ./configdata.pm --dump
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: make branch
-        run: make -s -j4
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: create branch artifacts
-        run: |
-          tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
-
-      - name: show module versions from branch
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: get cpu info
-        run: |
-          cat /proc/cpuinfo
-          ./util/opensslwrap.sh version -c
-        working-directory: ${{ matrix.branch.dir }}
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.branch.tgz }}
-          path: ${{ matrix.branch.tgz }}
-          retention-days: 7
-
-  cross-testing:
-    if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
-    needs: [fips-releases, development-branches]
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        # These can't be figured out earlier and included here as a variable
-        # substitution.
-        #
-        # Note that releases are not used as a test environment for
-        # later providers.  Problems in these situations ought to be
-        # caught by cross branch testing before the release.
-        tree_a: [ branch-3.4, branch-3.3, branch-3.2, branch-3.1, branch-3.0,
-                  openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
-        tree_b: [ PR ]
-        include:
-          - tree_a: PR
-            tree_b: branch-master
-          - tree_a: PR
-            tree_b: branch-3.4
-          - tree_a: PR
-            tree_b: branch-3.3
-          - tree_a: PR
-            tree_b: branch-3.2
-          - tree_a: PR
-            tree_b: branch-3.1
-          - tree_a: PR
-            tree_b: branch-3.0
-    steps:
-      - name: early exit checks
-        id: early_exit
-        run: |
-          if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ];           \
-          then                                                              \
-            echo "Skipping because both are the same version";              \
-            exit 1;                                                         \
-          fi
-        continue-on-error: true
-
-      - uses: actions/download-artifact@v4.1.8
-        if: steps.early_exit.outcome == 'success'
-        with:
-          name: ${{ matrix.tree_a }}.tar.gz
-      - name: unpack first build
-        if: steps.early_exit.outcome == 'success'
-        run: tar xzf "${{ matrix.tree_a }}.tar.gz"
-
-      - uses: actions/download-artifact@v4.1.8
-        if: steps.early_exit.outcome == 'success'
-        with:
-          name: ${{ matrix.tree_b }}.tar.gz
-      - name: unpack second build
-        if: steps.early_exit.outcome == 'success'
-        run: tar xzf "${{ matrix.tree_b }}.tar.gz"
-
-      - name: set up cross validation of FIPS from A with tree from B
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          cp providers/fips.so ../${{ matrix.tree_b }}/providers/
-          cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
-        working-directory: ${{ matrix.tree_a }}
-
-      - name: show module versions from cross validation
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.tree_b }}
-
-      - name: get cpu info
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          cat /proc/cpuinfo
-          ./util/opensslwrap.sh version -c
-        working-directory: ${{ matrix.tree_b }}
-
-      - name: run cross validation tests of FIPS from A with tree from B
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-        working-directory: ${{ matrix.tree_b }}
--- a/.github/workflows/provider-compatibility.yml
+++ b/.github/workflows/provider-compatibility.yml
@@ -1,266 +0,0 @@
-# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# This verifies that FIPS and legacy providers built against some earlier
-# released versions continue to run against the current branch.
-
-name: Provider compatibility across versions
-
-# Please note there is no point in running this job on PR as the tests
-# will always run against the tips of the branches in the main repository
-# and not the branch from the PR.
-# Use the `extended tests` label to run provider compatibility checks
-# on PRs.
-on:
-  schedule:
-    - cron: '10 02 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-env:
-  opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
-
-jobs:
-  fips-releases:
-    strategy:
-      matrix:
-        release: [
-          # Formally released versions should be added here.
-          #     `dir' it the directory inside the tarball.
-          #     `tgz' is the name of the tarball.
-          #     `url' is the download URL.
-          {
-            dir: openssl-3.0.0,
-            tgz: openssl-3.0.0.tar.gz,
-            url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
-          },
-          {
-            dir: openssl-3.0.8,
-            tgz: openssl-3.0.8.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
-          },
-          {
-            dir: openssl-3.0.9,
-            tgz: openssl-3.0.9.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
-          },
-          {
-            dir: openssl-3.1.2,
-            tgz: openssl-3.1.2.tar.gz,
-            url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
-          },
-        ]
-
-    runs-on: ubuntu-latest
-    steps:
-      - name: create download directory
-        run: mkdir downloads
-      - name: download release source
-        run: wget --no-verbose ${{ matrix.release.url }}
-        working-directory: downloads
-      - name: unpack release source
-        run: tar xzf downloads/${{ matrix.release.tgz }}
-
-      - name: localegen
-        run: sudo locale-gen tr_TR.UTF-8
-
-      - name: config release
-        run: |
-          ./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
-        working-directory: ${{ matrix.release.dir }}
-      - name: config dump release
-        run: ./configdata.pm --dump
-        working-directory: ${{ matrix.release.dir }}
-
-      - name: make release
-        run: make -s -j4
-        working-directory: ${{ matrix.release.dir }}
-
-      - name: create release artifacts
-        run: |
-          tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
-
-      - name: show module versions from release
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.release.dir }}
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.release.tgz }}
-          path: ${{ matrix.release.tgz }}
-          retention-days: 7
-
-  development-branches:
-    strategy:
-      matrix:
-        branch: [
-          # Currently supported FIPS capable branches should be added here.
-          #     `name' is the branch name used to checkout out.
-          #     `dir' directory that will be used to build and test in.
-          #     `tgz' is the name of the tarball use to keep the artifacts of
-          #         the build.
-          {
-            name: openssl-3.0,
-            dir: branch-3.0,
-            tgz: branch-3.0.tar.gz,
-          }, {
-            name: openssl-3.1,
-            dir: branch-3.1,
-            tgz: branch-3.1.tar.gz,
-          }, {
-            name: openssl-3.2,
-            dir: branch-3.2,
-            tgz: branch-3.2.tar.gz,
-          }, {
-            name: openssl-3.3,
-            dir: branch-3.3,
-            tgz: branch-3.3.tar.gz,
-          }, {
-            name: openssl-3.4,
-            dir: branch-3.4,
-            tgz: branch-3.4.tar.gz,
-          }, {
-            name: master,
-            dir: branch-master,
-            tgz: branch-master.tar.gz,
-          },
-        ]
-
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          path: ${{ matrix.branch.dir }}
-          repository: openssl/openssl
-          ref: ${{ matrix.branch.name }}
-      - name: localegen
-        run: sudo locale-gen tr_TR.UTF-8
-
-      - name: config branch
-        run: |
-          ./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
-        working-directory: ${{ matrix.branch.dir }}
-      - name: config dump current
-        run: ./configdata.pm --dump
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: make branch
-        run: make -s -j4
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: create branch artifacts
-        run: |
-          tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
-
-      - name: show module versions from branch
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: get cpu info
-        run: |
-          cat /proc/cpuinfo
-          ./util/opensslwrap.sh version -c
-        working-directory: ${{ matrix.branch.dir }}
-
-      - name: make test
-        run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-        working-directory: ${{ matrix.branch.dir }}
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.branch.tgz }}
-          path: ${{ matrix.branch.tgz }}
-          retention-days: 7
-
-  cross-testing:
-    needs: [fips-releases, development-branches]
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        # These can't be figured out earlier and included here as a variable
-        # substitution.
-        #
-        # Note that releases are not used as a test environment for
-        # later providers.  Problems in these situations ought to be
-        # caught by cross branch testing before the release.
-        tree_a: [ branch-master, branch-3.4, branch-3.3,
-                  branch-3.2, branch-3.1, branch-3.0,
-                  openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
-        tree_b: [ branch-master, branch-3.4, branch-3.3,
-                  branch-3.2, branch-3.1, branch-3.0  ]
-    steps:
-      - name: early exit checks
-        id: early_exit
-        run: |
-          if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ];           \
-          then                                                              \
-            echo "Skipping because both are the same version";              \
-            exit 1;                                                         \
-          fi
-        continue-on-error: true
-
-      - uses: actions/download-artifact@v4.1.8
-        if: steps.early_exit.outcome == 'success'
-        with:
-          name: ${{ matrix.tree_a }}.tar.gz
-      - name: unpack first build
-        if: steps.early_exit.outcome == 'success'
-        run: tar xzf "${{ matrix.tree_a }}.tar.gz"
-
-      - uses: actions/download-artifact@v4.1.8
-        if: steps.early_exit.outcome == 'success'
-        with:
-          name: ${{ matrix.tree_b }}.tar.gz
-      - name: unpack second build
-        if: steps.early_exit.outcome == 'success'
-        run: tar xzf "${{ matrix.tree_b }}.tar.gz"
-
-      - name: set up cross validation of FIPS from A with tree from B
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          cp providers/fips.so ../${{ matrix.tree_b }}/providers/
-          cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
-        working-directory: ${{ matrix.tree_a }}
-
-      - name: show module versions from cross validation
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
-                                                 -provider base             \
-                                                 -provider default          \
-                                                 -provider fips             \
-                                                 -provider legacy           \
-                                                 -providers
-        working-directory: ${{ matrix.tree_b }}
-
-      - name: get cpu info
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          cat /proc/cpuinfo
-          ./util/opensslwrap.sh version -c
-        working-directory: ${{ matrix.tree_b }}
-
-      - name: run cross validation tests of FIPS from A with tree from B
-        if: steps.early_exit.outcome == 'success'
-        run: |
-          make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-        working-directory: ${{ matrix.tree_b }}
--- a/.github/workflows/run-checker-ci.yml
+++ b/.github/workflows/run-checker-ci.yml
@@ -1,63 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# Jobs run per pull request submission
-name: Run-checker CI
-on: [pull_request, push]
-permissions:
-  contents: read
-
-env:
-  OSSL_RUN_CI_TESTS: 1
-
-jobs:
-  run-checker:
-    strategy:
-      fail-fast: false
-      matrix:
-        opt: [
-          no-cmp,
-          no-cms,
-          no-dgram,
-          no-dh,
-          no-dtls,
-          no-ec,
-          no-ecx,
-          no-http,
-          no-legacy,
-          no-sock,
-          enable-ssl-trace,
-          no-stdio,
-          no-threads,
-          no-thread-pool,
-          no-default-thread-pool,
-          no-tls,
-          no-tls1_2,
-          no-tls1_3,
-          enable-trace enable-fips,
-          no-ui,
-          no-quic
-        ]
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
-    - name: Check platform symbol usage
-      run: ./util/checkplatformsyms.pl ./util/platform_symbols/unix-symbols.txt ./libcrypto.so ./libssl.so
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
--- a/.github/workflows/run-checker-daily.yml
+++ b/.github/workflows/run-checker-daily.yml
@@ -1,353 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Run-checker daily
-# Jobs run daily
-
-on:
-  schedule:
-    - cron: '30 02 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  run-checker:
-    strategy:
-      fail-fast: false
-      matrix:
-        opt: [
-          386,
-          no-afalgeng,
-          no-apps,
-          no-aria,
-          no-asan,
-          no-asm,
-          no-async,
-          no-atexit,
-          no-autoalginit,
-          no-autoerrinit,
-          no-autoload-config,
-          no-bf,
-          no-blake2,
-          no-buildtest-c++,
-          no-bulk,
-          no-cached-fetch,
-          no-camellia,
-          no-capieng,
-          no-cast,
-          no-chacha,
-          no-cmac,
-          no-comp,
-          enable-crypto-mdebug,
-          no-crypto-mdebug,
-          enable-crypto-mdebug-backtrace,
-          no-crypto-mdebug-backtrace,
-          no-ct,
-          no-deprecated,
-          no-des,
-          no-devcryptoeng,
-          no-docs,
-          no-dsa,
-          no-dtls1,
-          no-dtls1_2,
-          no-dtls1_2-method,
-          no-dtls1-method,
-          no-ecdh,
-          no-ecdsa,
-          enable-ec_nistp_64_gcc_128,
-          no-ec_nistp_64_gcc_128,
-          enable-egd,
-          no-egd,
-          no-engine,
-          no-external-tests,
-          enable-fips,
-          enable-fips enable-acvp-tests,
-          enable-fips no-tls1_3,
-          enable-fips no-des no-dsa no-ec2m,
-          no-fuzz-afl,
-          no-fuzz-libfuzzer,
-          no-gost,
-          enable-heartbeats,
-          no-heartbeats,
-          no-hw,
-          no-hw-padlock,
-          no-idea,
-          no-makedepend,
-          enable-md2,
-          no-md2,
-          no-md4,
-          no-mdc2,
-          no-msan,
-          no-multiblock,
-          no-nextprotoneg,
-          no-ocb,
-          no-padlockeng,
-          no-pic,
-          no-poly1305,
-          no-posix-io,
-          no-psk,
-          no-rc2,
-          no-rc4,
-          enable-rc5,
-          no-rc5,
-          no-rdrand,
-          no-rfc3779,
-          no-ripemd,
-          no-rmd160,
-          no-scrypt,
-          no-secure-memory,
-          no-seed,
-          no-shared,
-          no-siphash,
-          no-siv,
-          no-sm2,
-          no-sm2-precomp,
-          no-sm3,
-          no-sm4,
-          no-sock,
-          no-sse2,
-          no-ssl,
-          no-ssl3,
-          no-ssl3-method,
-          no-ssl-trace,
-          no-static-engine no-shared,
-          no-tests,
-          enable-tfo,
-          no-tls1,
-          no-tls1_1,
-          no-tls1_1-method,
-          no-tls1_2-method,
-          no-tls1-method,
-          no-trace,
-          no-ubsan,
-          no-ui-console,
-          no-unit-test,
-          enable-unit-test,
-          no-uplink,
-          no-weak-ssl-ciphers,
-          no-whirlpool,
-          no-zlib,
-          enable-zlib-dynamic,
-          no-zlib-dynamic,
-          -DOPENSSL_PEDANTIC_ZEROIZATION,
-          -DOPENSSL_PEDANTIC_ZEROIZATION enable-fips,
-          -DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING,
-          -DSSL3_ALIGN_PAYLOAD=4,
-          -DOPENSSL_TLS_SECURITY_LEVEL=0
-        ]
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  run-checker-sctp:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Install Dependencies for sctp option
-      run:  |
-        sudo apt-get update
-        sudo apt-get -yq install lksctp-tools libsctp-dev
-
-    - name: Check SCTP and enable auth
-      id: sctp_auth
-      continue-on-error: true
-      run:  |
-        checksctp
-        sudo sysctl -w net.sctp.auth_enable=1
-
-    - name: config
-      if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
-      run: CC=clang ./config --banner=Configured --strict-warnings enable-sctp
-
-    - name: config dump
-      if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
-      run: ./configdata.pm --dump
-
-    - name: make
-      if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
-      run: make -s -j4
-
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-
-    - name: make test
-      if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  enable_brotli_dynamic:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install brotli
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  enable_zstd_dynamic:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install zstd
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  enable_brotli_and_zstd_dynamic:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install brotli and zstd
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  enable_brotli_and_asan_ubsan:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install brotli
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
-
-  enable_zstd_and_asan_ubsan:
-    runs-on: ubuntu-latest
-    steps:
-    - name: install zstd
-      run: |
-        sudo apt-get update
-        sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - name: config
-      run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
-
-  enable_tfo:
-    strategy:
-      matrix:
-        os: [ ubuntu-latest, macos-13, macos-14 ]
-    runs-on: ${{matrix.os}}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: CC=gcc ./config --banner=Configured enable-tfo --strict-warnings && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  enable_buildtest:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
--- a/.github/workflows/run-checker-merge.yml
+++ b/.github/workflows/run-checker-merge.yml
@@ -1,86 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Run-checker merge
-# Jobs run per merge to master
-
-on: [push]
-permissions:
-  contents: read
-
-jobs:
-  run-checker:
-    strategy:
-      fail-fast: false
-      matrix:
-        opt: [
-          enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
-          no-dso,
-          no-dynamic-engine,
-          no-ec2m enable-fips,
-          no-engine no-shared,
-          no-err,
-          no-filenames,
-          enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
-          no-module,
-          no-ocsp,
-          no-pinshared,
-          no-srp,
-          no-srtp,
-          no-ts,
-          no-integrity-only-ciphers,
-          enable-weak-ssl-ciphers,
-          enable-zlib,
-          enable-pie,
-        ]
-    runs-on: ubuntu-latest
-    steps:
-    - name: Adjust ASLR for sanitizer
-      run: |
-        sudo cat /proc/sys/vm/mmap_rnd_bits
-        sudo sysctl -w vm.mmap_rnd_bits=28
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
-
-  jitter:
-    runs-on: ubuntu-latest
-    steps:
-    - name: checkout openssl
-      uses: actions/checkout@v4
-    - name: checkout jitter
-      uses: actions/checkout@v4
-      with:
-        repository: smuellerDD/jitterentropy-library
-        ref: v3.5.0
-        path: jitter
-    - name: build jitter
-      run: make -C jitter/
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - name: config
-      run: ./config --with-rand-seed=none enable-jitter enable-fips-jitter --with-jitter-include=jitter/ --with-jitter-lib=jitter/ -DOPENSSL_DEFAULT_SEED_SRC=JITTER && perl configdata.pm --dump
-    - name: make
-      run: make -s -j4
-    - name: get cpu info
-      run: |
-        cat /proc/cpuinfo
-        ./util/opensslwrap.sh version -c
-    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
--- a/.github/workflows/run_quic_interop.yml
+++ b/.github/workflows/run_quic_interop.yml
@@ -1,39 +0,0 @@
-name: "Run openssl quic interop testing"
-
-on:
-  workflow_run:
-    workflows: ["Build openssl interop container from master"]
-    types: [completed]
-  workflow_dispatch:
-
-jobs:
-  run_quic_interop:
-    strategy:
-      matrix:
-        tests: [http3, transfer, handshake, retry, chacha20, resumption]
-        servers: [quic-go, ngtcp2, mvfst, quiche, nginx, msquic, haproxy]
-      fail-fast: false
-    runs-on: ubuntu-latest 
-    steps:
-      - uses: actions/checkout@v4
-        with:
-         repository: 'quic-interop/quic-interop-runner'
-         fetch-depth: 0
-      - name: Install dependencies
-        run: |
-          pip install -r requirements.txt
-          sudo add-apt-repository ppa:wireshark-dev/stable
-          sudo apt-get update
-          sudo apt-get install -y tshark
-      - name: Patch implementations file
-        run: |
-          jq '.openssl = { image: "quay.io/openssl-ci/openssl-quic-interop"
-                         , url: "https://github.com/openssl/openssl"
-                         , role: "client"
-                         }' ./implementations.json > ./implementations.tmp
-          mv ./implementations.tmp implementations.json
-      - name: "run interop"
-        run: |
-          python3 ./run.py -c openssl -t ${{ matrix.tests }} -s ${{ matrix.servers }} --log-dir ./logs -d
-
-
--- a/.github/workflows/run_quic_interop_server.yml
+++ b/.github/workflows/run_quic_interop_server.yml
@@ -1,68 +0,0 @@
-name: "Run openssl quic interop testing"
-
-on:
-  workflow_run:
-    workflows: ["Build openssl interop container from quic-server"]
-    types: [completed]
-  workflow_dispatch:
-
-jobs:
-  run_quic_interop_openssl_client:
-    strategy:
-      matrix:
-        tests: [http3, transfer, handshake, retry, chacha20, resumption, multiplexing]
-        servers: [quic-go, ngtcp2, mvfst, quiche, nginx, msquic, haproxy]
-      fail-fast: false
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-         repository: 'quic-interop/quic-interop-runner'
-         fetch-depth: 0
-      - name: Install dependencies
-        run: |
-          pip install -r requirements.txt
-          sudo add-apt-repository ppa:wireshark-dev/stable
-          sudo apt-get update
-          sudo apt-get install -y tshark
-      - name: Patch implementations file
-        run: |
-          jq '.openssl = { image: "quay.io/openssl-ci/openssl-quic-interop-server"
-                         , url: "https://github.com/openssl/openssl"
-                         , role: "both"
-                         }' ./implementations.json > ./implementations.tmp
-          mv ./implementations.tmp implementations.json
-      - name: "run interop with openssl client"
-        run: |
-          python3 ./run.py -c openssl -t ${{ matrix.tests }} -s ${{ matrix.servers }} --log-dir ./logs-client -d
-  run_quic_interop_openssl_server:
-    strategy:
-      matrix:
-        tests: [http3, transfer, handshake, retry, chacha20, resumption, amplificationlimit]
-        clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl]
-        exclude:
-          - clients: mvfst
-            tests: amplificationlimit
-      fail-fast: false
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-         repository: 'quic-interop/quic-interop-runner'
-         fetch-depth: 0
-      - name: Install dependencies
-        run: |
-          pip install -r requirements.txt
-          sudo add-apt-repository ppa:wireshark-dev/stable
-          sudo apt-get update
-          sudo apt-get install -y tshark
-      - name: Patch implementations file
-        run: |
-          jq '.openssl = { image: "quay.io/openssl-ci/openssl-quic-interop-server"
-                         , url: "https://github.com/openssl/openssl"
-                         , role: "both"
-                         }' ./implementations.json > ./implementations.tmp
-          mv ./implementations.tmp implementations.json
-      - name: "run interop with openssl server"
-        run: |
-          python3 ./run.py -s openssl -t ${{ matrix.tests }} -c ${{ matrix.clients }} --log-dir ./logs-server -d
--- a/.github/workflows/static-analysis-on-prem.yml
+++ b/.github/workflows/static-analysis-on-prem.yml
@@ -1,39 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Static Analysis On Prem
-
-on:
-  schedule:
-    - cron:  '25 02 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  coverity-analysis:
-    runs-on: ubuntu-latest
-    container: quay.io/openssl-ci/coverity-analysis:2024.3.1
-    steps:
-    - name: Put license
-      run: echo ${{ secrets.COVERITY_LICENSE }} | base64 -d > /opt/coverity-analysis/bin/license.dat
-    - name: Put auth key file
-      run: |
-        echo ${{ secrets.COVERITY_AUTH_KEY }} | base64 -d > /auth_key_file.txt
-        chmod 0600 /auth_key_file.txt
-    - uses: actions/checkout@v4
-    - name: Config
-      run: CC=gcc ./config --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
-    - name: Config dump
-      run: ./configdata.pm --dump
-    - name: Make
-      run: cov-build --dir cov-int make -s -j4
-    - name: Analyze
-      run: cov-analyze --dir cov-int --strip-path $(pwd)
-    - name: Commit defects
-      run: cov-commit-defects --url https://coverity.openssl.org:443 --stream OpenSSL --dir cov-int --auth-key-file /auth_key_file.txt
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -1,46 +0,0 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Static Analysis
-
-#Run once a day
-on:
-  schedule:
-    - cron:  '20 02 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  coverity:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: tool download
-      run: |
-        wget https://scan.coverity.com/download/linux64 \
-             --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
-             --progress=dot:giga -O coverity_tool.tgz
-    - name: config
-      run: CC=gcc ./config --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
-    - name: config dump
-      run: ./configdata.pm --dump
-    - name: tool install
-      run: tar xzf coverity_tool.tgz
-    - name: make
-      run: ./cov-analysis*/bin/cov-build --dir cov-int make -s -j4
-    - name: archive
-      run: tar czvf openssl.tgz cov-int
-    - name: Coverity upload
-      run: |
-        curl --form token="${{ secrets.COVERITY_TOKEN }}" \
-             --form email=openssl-commits@openssl.org \
-             --form file=@openssl.tgz \
-             --form version="`date -u -I` `git rev-parse --short HEAD`" \
-             --form description="analysis of `git branch --show-current`" \
-             https://scan.coverity.com/builds?project=openssl%2Fopenssl
--- a/.github/workflows/style-checks.yml
+++ b/.github/workflows/style-checks.yml
@@ -1,52 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Coding style validation 
-
-on: [pull_request]
-
-env:
-  PR_NUMBER: ${{ github.event.number }}
-  GH_TOKEN: ${{ github.token }}
-
-permissions:
-  contents: read
-
-jobs:
-  check-style:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-        path: openssl
-    - name: check style for each commit 
-      working-directory: openssl
-      shell: bash
-      run: |
-        ERRORS_FOUND=0
-        git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF
-        REFSTART=$(git rev-parse $GITHUB_BASE_REF)
-        REFEND=$(git rev-parse HEAD)
-        echo "Checking from $REFSTART to $REFEND"
-        echo "::group::Style report for commits $REFSTART..$REFEND"
-        set +e
-        ./util/check-format-commit.sh $REFSTART..$REFEND
-        if [ $? -ne 0 ]
-        then
-          ERRORS_FOUND=1
-        fi
-        set -e
-        echo "::endgroup::"
-        SKIP_TEST=$(gh pr view $PR_NUMBER --json labels --jq '.labels[] | select(.name == "style: waived") | .name')
-        if [ -z "$SKIP_TEST" ]
-        then
-          exit $ERRORS_FOUND
-        else
-          echo "PR $PR_NUMBER is marked with style: waived, waiving style check errors"
-          exit 0
-        fi
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -1,202 +0,0 @@
-# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Windows GitHub CI
-
-on: [pull_request, push]
-
-permissions:
-  contents: read
-
-jobs:
-  shared:
-    # Run a job for each of the specified target architectures:
-    strategy:
-      matrix:
-        platform:
-          - arch: win64
-            os: windows-2019
-            config: enable-fips
-          - arch: win64
-            os: windows-2022
-            config: enable-fips no-thread-pool no-quic
-          - arch: win32
-            os: windows-2022
-            config: --strict-warnings no-fips
-    runs-on: ${{ matrix.platform.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-      with:
-        arch: ${{ matrix.platform.arch }}
-    - uses: ilammy/setup-nasm@v1
-      with:
-        platform: ${{ matrix.platform.arch }}
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: config
-      working-directory: _build
-      run: |
-        perl ..\Configure --banner=Configured no-makedepend -DOSSL_WINCTX=openssl ${{ matrix.platform.config }}
-        perl configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake /S
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: Gather openssl version info
-      working-directory: _build
-      run: |
-        apps/openssl.exe version -v
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1]} 
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'} 
-        echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-    - name: Set registry keys
-      working-directory: _build
-      run: |
-        echo ${Env:OSSL_VERSION}
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
-    - name: get cpu info
-      working-directory: _build
-      continue-on-error: true
-      run: |
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        ./apps/openssl.exe version -c
-    - name: Check platform symbol usage
-      working-directory: _build
-      run: perl ../util/checkplatformsyms.pl ../util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
-    - name: test
-      working-directory: _build
-      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
-    - name: install
-      # Run on 64 bit only as 32 bit is slow enough already
-      if: ${{ matrix.platform.arch == 'win64' }}
-      run: |
-        mkdir _dest
-        nmake install DESTDIR=_dest
-      working-directory: _build
-  plain:
-    strategy:
-      matrix:
-        os:
-# Reducing CI footprint  - windows-2019
-          - windows-2022
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: config
-      working-directory: _build
-      run: |
-        perl ..\Configure --banner=Configured enable-demos no-makedepend no-shared no-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-crypto-mdebug -DOSSL_WINCTX=openssl VC-WIN64A-masm
-        perl configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake /S
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: get cpu info
-      working-directory: _build
-      continue-on-error: true
-      run: |
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        ./apps/openssl.exe version -c
-    - name: test
-      working-directory: _build
-      run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4
-  minimal:
-    strategy:
-      matrix:
-        os:
-          - windows-2019
-# Reducing CI footprint  - windows-2022
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: config
-      working-directory: _build
-      run: |
-        perl ..\Configure --banner=Configured enable-demos no-makedepend no-bulk no-deprecated no-fips no-asm no-threads -DOPENSSL_SMALL_FOOTPRINT -DOSSL_WINCTX=openssl
-        perl configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake # verbose, so no /S here
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: get cpu info
-      working-directory: _build
-      continue-on-error: true
-      run: |
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        ./apps/openssl.exe version -c
-    - name: test
-      working-directory: _build
-      run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
-  cygwin:
-    # Run a job for each of the specified target architectures:
-    strategy:
-      matrix:
-        os:
-          - windows-2019
-# really worth while running, too? cygwin should mask this
-#          - windows-2022
-        platform:
-          - arch: win64
-            config: -DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips
-# are we really learning sth new from win32? So let's save some CO2 for now disabling this
-#          - arch: win32
-#            config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips
-    runs-on: ${{ matrix.os }}
-    env:
-      CYGWIN_NOWINPATH: 1
-      SHELLOPTS: igncr
-# Don't overwhelm github CI VMs:
-      MAKE_PARAMS: -j 4
-    steps:
-# Checkout before cygwin can mess with PATH...
-    - uses: actions/checkout@v4
-    - uses: cygwin/cygwin-install-action@master
-      with:
-         packages: perl git make gcc-core
-    - name: Check repo
-      run: cygcheck -V
-    - name: Full cygcheck status
-      run: cygcheck -s -v -r -h
-# Activate this if checkout action fails:
-#    - name: Clone repo
-#      run: bash -c "pwd && git clone --branch ${{ github.ref_name }} --depth 1 https://github.com/${{ github.repository }}.git"
-    - name: Full build
-      run: bash -c "gcc --version && ./config ${{ matrix.platform.config }} && make $MAKE_PARAMS"
-# Disable testing for now. TBD: Need local cygwin installation to debug .
-#    - name: Run openssl tests
-#      run: bash -c "cd openssl && make V=1 test"
--- a/.github/workflows/windows_comp.yml
+++ b/.github/workflows/windows_comp.yml
@@ -1,137 +0,0 @@
-# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-name: Windows Compression GitHub CI
-
-on:
-  pull_request:
-    paths:
-      - 'crypto/comp/*.c'
-      - '.github/workflows/windows_comp.yml'
-  push:
-    paths:
-      - '**.c'
-
-permissions:
-  contents: read
-
-jobs:
-  zstd:
-    runs-on: windows-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-    - uses: ilammy/setup-nasm@v1
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: Get zstd
-      working-directory: _build
-      run: |
-        vcpkg install zstd:x64-windows
-    - name: config
-      working-directory: _build
-      run: |
-        perl ..\Configure enable-comp enable-zstd --with-zstd-include=C:\vcpkg\packages\zstd_x64-windows\include --with-zstd-lib=C:\vcpkg\packages\zstd_x64-windows\lib\zstd.lib no-makedepend -DOSSL_WINCTX=openssl VC-WIN64A
-        perl configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake
-    - name: Gather openssl version info
-      working-directory: _build
-      run: |
-        $env:Path+=";C:\vcpkg\packages\zstd_x64-windows\bin"
-        apps/openssl.exe version -v
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
-        echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-    - name: Set registry keys
-      working-directory: _build
-      run: |
-        echo ${Env:OSSL_VERSION}
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: get cpu info
-      working-directory: _build
-      continue-on-error: true
-      run: |
-        $env:Path+=";C:\vcpkg\packages\zstd_x64-windows\bin"
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        ./apps/openssl.exe version -c
-    - name: Check platform symbol usage
-      run: |
-        perl ./util/checkplatformsyms.pl ./util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
-    - name: test
-      working-directory: _build
-      run: |
-        $env:Path+=";C:\vcpkg\packages\zstd_x64-windows\bin"
-        nmake test VERBOSE_FAILURE=yes TESTS="-test_fuzz* -test_fipsload" HARNESS_JOBS=4
-  brotli:
-    runs-on: windows-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: checkout fuzz/corpora submodule
-      run: git submodule update --init --depth 1 fuzz/corpora
-    - uses: ilammy/msvc-dev-cmd@v1
-    - uses: ilammy/setup-nasm@v1
-    - name: prepare the build directory
-      run: mkdir _build
-    - name: Get brotli
-      working-directory: _build
-      run: |
-        vcpkg install brotli:x64-windows
-    - name: config
-      working-directory: _build
-      run: |
-        perl ..\Configure enable-comp enable-brotli --with-brotli-include=C:\vcpkg\packages\brotli_x64-windows\include --with-brotli-lib=C:\vcpkg\packages\brotli_x64-windows\lib no-makedepend -DOSSL_WINCTX=openssl VC-WIN64A
-        perl configdata.pm --dump
-    - name: build
-      working-directory: _build
-      run: nmake
-    - name: Gather openssl version info
-      working-directory: _build
-      run: |
-        $env:Path+=";C:\vcpkg\packages\brotli_x64-windows\bin"
-        apps/openssl.exe version -v
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
-        apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
-        echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
-    - name: Set registry keys
-      working-directory: _build
-      run: |
-        echo ${Env:OSSL_VERSION}
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
-        reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
-    - name: download coreinfo
-      uses: suisei-cn/actions-download-file@v1.6.0
-      with:
-        url: "https://download.sysinternals.com/files/Coreinfo.zip"
-        target: _build/coreinfo/
-    - name: get cpu info
-      working-directory: _build
-      continue-on-error: true
-      run: |
-        $env:Path+=";C:\vcpkg\packages\brotli_x64-windows\bin"
-        7z.exe x coreinfo/Coreinfo.zip
-        ./Coreinfo64.exe -accepteula -f
-        ./apps/openssl.exe version -c
-    - name: test
-      working-directory: _build
-      run: |
-        $env:Path+=";C:\vcpkg\packages\brotli_x64-windows\bin"
-        nmake test VERBOSE_FAILURE=yes TESTS="-test_fuzz* -test_fipsload" HARNESS_JOBS=4
--- a/.gitignore
+++ b/.gitignore
@@ -2,24 +2,21 @@
 /.dir-locals.el

 # Top level excludes
-/Makefile.in
-/Makefile
+/Makefile.orig
 /MINFO
 /TABLE
+/*.pc
 /rehash.time
 /inc.*
 /makefile.*
 /out.*
 /tmp.*
 /configdata.pm
-/builddata.pm
-/installdata.pm

-# Exporters
-/*.pc
-/OpenSSLConfig*.cmake
-/exporters/*.pc
-/exporters/OpenSSLConfig*.cmake
+# *all* Makefiles
+Makefile
+# ... except in demos
+!/demos/*/Makefile

 # Links under apps
 /apps/CA.pl
@@ -29,58 +26,10 @@

 # Auto generated headers
 /crypto/buildinf.h
-/include/crypto/*_conf.h
-/include/openssl/asn1.h
-/include/openssl/asn1t.h
-/include/openssl/bio.h
-/include/openssl/cmp.h
-/include/openssl/cms.h
-/include/openssl/comp.h
-/include/openssl/conf.h
-/include/openssl/configuration.h
-/include/openssl/crmf.h
-/include/openssl/crypto.h
-/include/openssl/ct.h
-/include/openssl/err.h
-/include/openssl/ess.h
-/include/openssl/fipskey.h
-/include/openssl/lhash.h
-/include/openssl/ocsp.h
-/include/openssl/opensslv.h
-/include/openssl/pkcs12.h
-/include/openssl/pkcs7.h
-/include/openssl/safestack.h
-/include/openssl/srp.h
-/include/openssl/ssl.h
-/include/openssl/ui.h
-/include/openssl/x509.h
-/include/openssl/x509v3.h
-/include/openssl/x509_acert.h
-/include/openssl/x509_vfy.h
-/include/openssl/core_names.h
-/include/internal/param_names.h
-
-# Auto generated parameter name files
-/crypto/params_idx.c
-
-# Auto generated doc files
-doc/man1/openssl-*.pod
-
-# Auto generated der files
-providers/common/der/der_digests_gen.c
-providers/common/der/der_dsa_gen.c
-providers/common/der/der_ec_gen.c
-providers/common/der/der_ecx_gen.c
-providers/common/der/der_rsa_gen.c
-providers/common/der/der_wrap_gen.c
-providers/common/der/der_sm2_gen.c
-providers/common/include/prov/der_dsa.h
-providers/common/include/prov/der_ec.h
-providers/common/include/prov/der_ecx.h
-providers/common/include/prov/der_rsa.h
-providers/common/include/prov/der_digests.h
-providers/common/include/prov/der_wrap.h
-providers/common/include/prov/der_sm2.h
+/apps/progs.h
+/crypto/include/internal/*_conf.h
+/openssl/include/opensslconf.h
+/util/domd

 # error code files
 /crypto/err/openssl.txt.old
@@ -111,83 +60,10 @@ providers/common/include/prov/der_sm2.h
 /test/versions
 /test/ossl_shim/ossl_shim
 /test/rsa_complex
-/test/confdump
-/test/bio_prefix_text
-/test/evp_extra_test2
-/test/evp_pkey_ctx_new_from_name
-/test/threadstest_fips
-/test/timing_load_creds
-
-# Demo applications
-/demos/bio/client-arg
-/demos/bio/client-conf
-/demos/bio/saccept
-/demos/bio/sconnect
-/demos/bio/server-arg
-/demos/bio/server-cmod
-/demos/bio/server-conf
-/demos/cipher/aesccm
-/demos/cipher/aesgcm
-/demos/cipher/aeskeywrap
-/demos/cipher/ariacbc
-/demos/cms/cms_comp
-/demos/cms/cms_ddec
-/demos/cms/cms_dec
-/demos/cms/cms_denc
-/demos/cms/cms_enc
-/demos/cms/cms_sign
-/demos/cms/cms_sign2
-/demos/cms/cms_uncomp
-/demos/cms/cms_ver
-/demos/digest/BIO_f_md
-/demos/digest/EVP_MD_demo
-/demos/digest/EVP_MD_stdin
-/demos/digest/EVP_MD_xof
-/demos/encode/ec_encode
-/demos/encode/rsa_encode
-/demos/encrypt/rsa_encrypt
-/demos/guide/quic-client-block
-/demos/guide/quic-client-non-block
-/demos/guide/quic-hq-interop
-/demos/guide/quic-multi-stream
-/demos/guide/tls-client-block
-/demos/guide/tls-client-non-block
-/demos/http3/libnghttp3.pc
-/demos/http3/nghttp3/
-/demos/http3/ossl-nghttp3-demo
-/demos/kdf/argon2
-/demos/kdf/hkdf
-/demos/kdf/pbkdf2
-/demos/kdf/scrypt
-/demos/keyexch/x25519
-/demos/mac/cmac-aes256
-/demos/mac/gmac
-/demos/mac/hmac-sha512
-/demos/mac/poly1305
-/demos/pkey/EVP_PKEY_DSA_keygen
-/demos/pkey/EVP_PKEY_DSA_paramfromdata
-/demos/pkey/EVP_PKEY_DSA_paramgen
-/demos/pkey/EVP_PKEY_DSA_paramvalidate
-/demos/pkey/EVP_PKEY_EC_keygen
-/demos/pkey/EVP_PKEY_RSA_keygen
-/demos/signature/EVP_DSA_Signature_demo
-/demos/signature/EVP_EC_Signature_demo
-/demos/signature/EVP_ED_Signature_demo
-/demos/signature/rsa_pss_direct
-/demos/signature/rsa_pss_hash
-/demos/smime/smdec
-/demos/smime/smenc
-/demos/smime/smsign
-/demos/smime/smsign2
-/demos/smime/smver
-/demos/sslecho/sslecho

 # Certain files that get created by tests on the fly
-/test-runs
+/test/test-runs
 /test/buildtest_*
-/test/provider_internal_test.cnf
-/test/fipsmodule.cnf
-/providers/fipsmodule.cnf

 # Fuzz stuff.
 # Anything without an extension is an executable on Unix, so we keep files
@@ -200,21 +76,14 @@ providers/common/include/prov/der_sm2.h
 !/fuzz/*.*

 # Misc auto generated files
-/doc/man7/openssl_user_macros.pod
+/include/openssl/opensslconf.h
 /tools/c_rehash
 /tools/c_rehash.pl
 /util/shlib_wrap.sh
-/util/wrap.pl
-/util/quicserver
 /tags
 /TAGS
-*.map
-*.ld
-/apps/progs.c
-/apps/progs.h
-
-# macOS
-.DS_Store
+/libcrypto.map
+/libssl.map

 # Windows (legacy)
 /tmp32
@@ -227,6 +96,7 @@ providers/common/include/prov/der_sm2.h
 /out32dll.dbg
 /inc32
 /MINFO
+/ms/.rnd
 /ms/bcb.mak
 /ms/libeay32.def
 /ms/nt.mak
@@ -260,10 +130,6 @@ providers/common/include/prov/der_sm2.h
 /test/fips_test_suite.c
 /test/shatest.c

-# Generated docs directories
-/doc/html
-/doc/man
-
 ##### Generic patterns
 # Auto generated assembly language source files
 *.s
@@ -299,7 +165,6 @@ providers/common/include/prov/der_sm2.h
 *.exp
 *.lib
 *.pdb
-*.tds
 *.ilk
 *.def
 *.rc
@@ -313,15 +178,8 @@ Makefile.save
 *.bak
 cscope.*
 *.d
-!.ctags.d
-*.d.tmp
 pod2htmd.tmp
-MAKE0[0-9][0-9][0-9].@@@

 # Windows manifest files
 *.manifest
 doc-nits
-
-# LSP (Language Server Protocol) support
-.cache/
-compile_commands.json
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,7 @@
+[submodule "boringssl"]
+	path = boringssl
+	url = https://boringssl.googlesource.com/boringssl
+
 [submodule "pyca.cryptography"]
 	path = pyca-cryptography
 	url = https://github.com/pyca/cryptography.git
@@ -5,33 +9,3 @@
 [submodule "krb5"]
 	path = krb5
 	url = https://github.com/krb5/krb5
-
-[submodule "gost-engine"]
-	path = gost-engine
-	url = https://github.com/gost-engine/engine
-	update = rebase
-[submodule "wycheproof"]
-	path = wycheproof
-	url = https://github.com/google/wycheproof
-[submodule "tlsfuzzer"]
-	path = tlsfuzzer
-	url = https://github.com/tlsfuzzer/tlsfuzzer
-[submodule "python-ecdsa"]
-	path = python-ecdsa
-	url = https://github.com/tlsfuzzer/python-ecdsa
-[submodule "tlslite-ng"]
-	path = tlslite-ng
-	url = https://github.com/tlsfuzzer/tlslite-ng
-[submodule "oqs-provider"]
-	path = oqs-provider
-	url = https://github.com/open-quantum-safe/oqs-provider.git
-[submodule "cloudflare-quiche"]
-	path = cloudflare-quiche
-	url = https://github.com/cloudflare/quiche
-[submodule "fuzz/corpora"]
-	path = fuzz/corpora
-	url = https://github.com/openssl/fuzz-corpora
-	branch = main
-[submodule "pkcs11-provider"]
-	path = pkcs11-provider
-	url = https://github.com/latchset/pkcs11-provider.git
--- a/.travis-apt-pin.preferences
+++ b/.travis-apt-pin.preferences
@@ -0,0 +1,15 @@
+Package: clang-3.9
+Pin: release o=Ubuntu
+Pin-Priority: -1
+
+Package: libclang-common-3.9-dev
+Pin: release o=Ubuntu
+Pin-Priority: -1
+
+Package: libclang1-3.9
+Pin: release o=Ubuntu
+Pin-Priority: -1
+
+Package: libllvm3.9v4
+Pin: release o=Ubuntu
+Pin-Priority: -1
--- a/.travis-create-release.sh
+++ b/.travis-create-release.sh
@@ -0,0 +1,11 @@
+#! /bin/sh
+
+# $1 is expected to be $TRAVIS_OS_NAME
+
+./Configure dist
+if [ "$1" == osx ]; then
+    make NAME='_srcdist' TARFILE='_srcdist.tar' \
+         TAR_COMMAND='$(TAR) $(TARFLAGS) -cf -' tar
+else
+    make TARFILE='_srcdist.tar' NAME='_srcdist' dist
+fi
--- a/.travis.yml
+++ b/.travis.yml
@@ -0,0 +1,254 @@
+dist: trusty
+sudo: required
+
+osx_image: xcode9.3
+
+language: c
+cache: ccache
+git:
+    submodules: false
+    quiet: true
+
+before_install:
+    - if [ -n "$COVERALLS" ]; then
+          pip install --user cpp-coveralls;
+      fi;
+    - if expr "$CONFIG_OPTS" ":" ".*enable-external-tests" > /dev/null; then
+          git submodule update --init --recursive;
+      fi;
+
+os:
+    - linux
+    - osx
+
+compiler:
+    - clang
+    - gcc
+
+env:
+    - CONFIG_OPTS="" DESTDIR="_install"
+    - CONFIG_OPTS="no-asm -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2"
+    - CONFIG_OPTS="no-asm no-makedepend --strict-warnings -std=c89 -D_DEFAULT_SOURCE" BUILDONLY="yes" CHECKDOCS="yes" GENERATE="yes"
+
+matrix:
+    include:
+        - os: linux-ppc64le
+          sudo: false
+          compiler: clang
+          env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES"
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - gcc-5
+                      - g++-5
+                  sources:
+                      - ubuntu-toolchain-r-test
+          compiler: gcc-5
+          env: CONFIG_OPTS="--strict-warnings" COMMENT="Move to the BORINGTEST build when interoperable"
+        - os: linux
+          compiler: clang
+          env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES no-deprecated" BUILDONLY="yes"
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - binutils-mingw-w64
+                      - gcc-mingw-w64
+          compiler: i686-w64-mingw32-gcc
+          env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
+        # Uncomment if there is reason to believe that PPC-specific problem
+        # can be diagnosed with this possibly >30 mins sanitizer build...
+        #- os: linux-ppc64le
+        #  sudo: false
+        #  compiler: gcc
+        #  env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-ubsan no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES"
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - gcc-5
+                      - g++-5
+                      - golang-1.6
+                  sources:
+                      - ubuntu-toolchain-r-test
+          compiler: gcc-5
+          env:  EXTENDED_TEST="yes" CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers no-shared -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" COVERALLS="yes" BORINGSSL_TESTS="yes" CXX="g++-5"
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - gcc-5
+                      - g++-5
+                      - golang-1.6
+                  sources:
+                      - ubuntu-toolchain-r-test
+          compiler: gcc-5
+          env:  EXTENDED_TEST="yes" CONFIG_OPTS="--debug enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-external-tests" BORINGSSL_TESTS="yes" CXX="g++-5" TESTS=95
+        - os: linux
+          compiler: clang
+          env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan -D__NO_STRING_INLINES -Wno-unused-command-line-argument"
+        - os: linux
+          compiler: clang
+          env:  EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument"
+        - os: linux
+          compiler: clang
+          env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2 no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument"
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - gcc-5
+                      - g++-5
+                  sources:
+                      - ubuntu-toolchain-r-test
+          compiler: gcc-5
+          env: UBUNTU_GCC_HACK="yes" EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - binutils-mingw-w64
+                      - gcc-mingw-w64
+          compiler: i686-w64-mingw32-gcc
+          env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic"
+        - os: linux
+          addons:
+              apt:
+                  packages:
+                      - binutils-mingw-w64
+                      - gcc-mingw-w64
+          compiler: x86_64-w64-mingw32-gcc
+          env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic"
+    exclude:
+        - os: linux
+          compiler: clang
+        - os: osx
+          compiler: gcc
+
+before_script:
+    - env
+    - if [ "$TRAVIS_PULL_REQUEST" != "false" -a -n "$EXTENDED_TEST" ]; then
+          (git log -1 $TRAVIS_COMMIT_RANGE | grep '\[extended tests\]' > /dev/null) || exit 0;
+      fi
+    - if [ -n "$DESTDIR" ]; then
+          sh .travis-create-release.sh $TRAVIS_OS_NAME;
+          tar -xzf _srcdist.tar.gz;
+          mkdir _build;
+          cd _build;
+          srcdir=../_srcdist;
+          top=..;
+      else
+          srcdir=.;
+          top=.;
+      fi
+    - if [ -n "$UBUNTU_GCC_HACK" ]; then
+          $CC -dumpspecs | sed "s/--push-state//g; s/--pop-state/--as-needed/g" > gcc-specs.txt;
+          CC="$CC -specs=gcc-specs.txt";
+      fi
+    - if [ "$CC" = i686-w64-mingw32-gcc ]; then
+          export CROSS_COMPILE=${CC%%gcc}; unset CC;
+          $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
+      elif [ "$CC" = x86_64-w64-mingw32-gcc ]; then
+          export CROSS_COMPILE=${CC%%gcc}; unset CC;
+          $srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
+      else
+          if [ "$CC" = clang-3.9 ]; then
+              sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang;
+              curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -;
+              echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null;
+              sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test";
+              sudo -E apt-get -yq update;
+              sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9;
+          elif which ccache >/dev/null; then
+              CC="ccache $CC";
+          fi;
+          $srcdir/config -v $CONFIG_OPTS;
+      fi
+    - ./configdata.pm --dump
+    - cd $top
+
+script:
+    - if [ -z "$BUILDONLY" ]; then
+          make="make -s";
+      else
+          make="make";
+      fi
+    - if [ -n "$GENERATE" ]; then
+          make2="$make PERL=no-perl";
+      else
+          make2="$make";
+      fi
+    - top=${PWD}
+    - if [ -n "$DESTDIR" ]; then
+          cd _build;
+      fi
+    - if $make update; then
+          echo -e '+\057 MAKE UPDATE OK';
+      else
+          echo -e '+\057 MAKE UPDATE FAILED'; false;
+      fi
+    - git diff --exit-code
+    - if [ -n "$CHECKDOCS" ]; then
+          if $make doc-nits; then
+              echo -e '+\057\057 MAKE DOC-NITS OK';
+          else
+              echo -e '+\057\057 MAKE DOC-NITS FAILED'; false;
+          fi;
+      fi
+    - if [ -n "$GENERATE" ]; then
+          if $make build_all_generated; then
+              echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED OK';
+          else
+              echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED FAILED'; false;
+          fi;
+      fi
+    - if $make2; then
+          echo -e '+\057\057\057\057 MAKE OK';
+      else
+          echo -e '+\057\057\057\057 MAKE FAILED'; false;
+      fi;
+    - if [ -z "$BUILDONLY" ]; then
+          if [ -n "$CROSS_COMPILE" ]; then
+              sudo dpkg --add-architecture i386;
+              sudo apt-get update;
+              sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install wine;
+              export EXE_SHELL="wine" WINEPREFIX=`pwd`;
+          fi;
+          if [ -e krb5/src ]; then
+              sudo apt-get -yq install bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python-cjson python-paste python-pyrad slapd tcl-dev tcsh;
+          fi;
+          if HARNESS_VERBOSE=yes BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test; then
+              echo -e '+\057\057\057\057\057 MAKE TEST OK';
+          else
+              echo -e '+\057\057\057\057\057 MAKE TEST FAILED'; false;
+          fi;
+      else
+          if $make build_tests >~/build.log 2>&1; then
+              echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS OK';
+          else
+              echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS FAILED';
+              cat ~/build.log
+              false;
+          fi;
+      fi
+    - if [ -n "$DESTDIR" ]; then
+          mkdir "$top/$DESTDIR";
+          if $make install DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then
+              echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL OK';
+          else
+              echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL FAILED';
+              cat ~/install.log;
+              false;
+          fi;
+      fi
+    - cd $top
+
+after_success:
+    - if [ -n "$COVERALLS" ]; then
+          coveralls -b . --gcov gcov-5 --gcov-options '\-lpbc';
+      fi;
+
+notifications:
+    email:
+        secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="
--- a/2
+++ b/2
@@ -0,0 +1,2 @@
+Please https://www.openssl.org/community/thanks.html for the current
+acknowledgements.
--- a/ACKNOWLEDGEMENTS.md
+++ b/ACKNOWLEDGEMENTS.md
@@ -1,6 +0,0 @@
-Acknowledgements
-================
-
-Please see our [Thanks!][] page for the current acknowledgements.
-
-[Thanks!]: https://www.openssl.org/community/thanks.html
--- a/35
+++ b/35
@@ -0,0 +1,35 @@
+# This is the list of OpenSSL authors for copyright purposes.
+#
+# This does not necessarily list everyone who has contributed code, since in
+# some cases, their employer may be the copyright holder.  To see the full list
+# of contributors, see the revision history in source control.
+OpenSSL Software Services, Inc.
+OpenSSL Software Foundation, Inc.
+
+# Individuals
+Andy Polyakov
+Ben Laurie
+Ben Kaduk
+Bernd Edlinger
+Bodo Möller
+David Benjamin
+Emilia Käsper
+Eric Young
+Geoff Thorpe
+Holger Reif
+Kurt Roeckx
+Lutz Jänicke
+Mark J. Cox
+Matt Caswell
+Matthias St. Pierre
+Nils Larsch
+Paul Dale
+Paul C. Sutton
+Ralf S. Engelschall
+Rich Salz
+Richard Levitte
+Stephen Henson
+Steve Marquess
+Tim Hudson
+Ulf Möller
+Viktor Dukhovni
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -1,51 +0,0 @@
-Authors
-=======
-
-This is the list of OpenSSL authors for copyright purposes.
-It does not necessarily list everyone who has contributed code,
-since in some cases, their employer may be the copyright holder.
-To see the full list of contributors, see the revision history in
-source control.
-
-Groups
------
-
- * OpenSSL Software Services, Inc.
- * OpenSSL Software Foundation, Inc.
-
-Individuals
-----------
-
- * Andy Polyakov
- * Ben Laurie
- * Ben Kaduk
- * Bernd Edlinger
- * Bodo Möller
- * David Benjamin
- * David von Oheimb
- * Dmitry Belyavskiy (Дмитрий Белявский)
- * Emilia Käsper
- * Eric Young
- * Geoff Thorpe
- * Holger Reif
- * Kurt Roeckx
- * Lutz Jänicke
- * Mark J. Cox
- * Matt Caswell
- * Matthias St. Pierre
- * Nicola Tuveri
- * Nils Larsch
- * Patrick Steuer
- * Paul Dale
- * Paul C. Sutton
- * Paul Yang
- * Ralf S. Engelschall
- * Rich Salz
- * Richard Levitte
- * Shane Lontis
- * Stephen Henson
- * Steve Marquess
- * Tim Hudson
- * Tomáš Mráz
- * Ulf Möller
- * Viktor Dukhovni
--- a/13141
+++ b/13141
--- a/CHANGES.md
+++ b/CHANGES.md
--- a/CODE-OF-CONDUCT.md
+++ b/CODE-OF-CONDUCT.md
@@ -1,6 +0,0 @@
-Code of Conduct
-===============
-
-The OpenSSL [Code of Conduct] is published on the project's website.
-
-[Code of Conduct]: https://www.openssl.org/community/conduct.html
--- a/72
+++ b/72
@@ -0,0 +1,72 @@
+HOW TO CONTRIBUTE TO OpenSSL
+----------------------------
+
+(Please visit https://www.openssl.org/community/getting-started.html for
+other ideas about how to contribute.)
+
+Development is done on GitHub, https://github.com/openssl/openssl.
+
+To request new features or report bugs, please open an issue on GitHub
+
+To submit a patch, please open a pull request on GitHub.  If you are thinking
+of making a large contribution, open an issue for it before starting work,
+to get comments from the community.  Someone may be already working on
+the same thing or there may be reasons why that feature isn't implemented.
+
+To make it easier to review and accept your pull request, please follow these
+guidelines:
+
+    1. Anything other than a trivial contribution requires a Contributor
+    License Agreement (CLA), giving us permission to use your code. See
+    https://www.openssl.org/policies/cla.html for details.  If your
+    contribution is too small to require a CLA, put "CLA: trivial" on a
+    line by itself in your commit message body.
+
+    2.  All source files should start with the following text (with
+    appropriate comment characters at the start of each line and the
+    year(s) updated):
+
+        Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
+
+        Licensed under the OpenSSL license (the "License").  You may not use
+        this file except in compliance with the License.  You can obtain a copy
+        in the file LICENSE in the source distribution or at
+        https://www.openssl.org/source/license.html
+
+    3.  Patches should be as current as possible; expect to have to rebase
+    often. We do not accept merge commits, you will have to remove them
+    (usually by rebasing) before it will be acceptable.
+
+    4.  Patches should follow our coding style (see
+    https://www.openssl.org/policies/codingstyle.html) and compile
+    without warnings. Where gcc or clang is available you should use the
+    --strict-warnings Configure option.  OpenSSL compiles on many varied
+    platforms: try to ensure you only use portable features.  Clean builds
+    via Travis and AppVeyor are required, and they are started automatically
+    whenever a PR is created or updated.
+
+    5.  When at all possible, patches should include tests. These can
+    either be added to an existing test, or completely new.  Please see
+    test/README for information on the test framework.
+
+    6.  New features or changed functionality must include
+    documentation. Please look at the "pod" files in doc/man[1357] for
+    examples of our style. Run "make doc-nits" to make sure that your
+    documentation changes are clean.
+
+    7.  For user visible changes (API changes, behaviour changes, ...),
+    consider adding a note in CHANGES.  This could be a summarising
+    description of the change, and could explain the grander details.
+    Have a look through existing entries for inspiration. 
+    Please note that this is NOT simply a copy of git-log oneliners.
+    Also note that security fixes get an entry in CHANGES.
+    This file helps users get more in depth information of what comes
+    with a specific release without having to sift through the higher
+    noise ratio in git-log.
+
+    8.  For larger or more important user visible changes, as well as
+    security fixes, please add a line in NEWS.  On exception, it might be
+    worth adding a multi-line entry (such as the entry that announces all
+    the types that became opaque with OpenSSL 1.1.0).
+    This file helps users get a very quick summary of what comes with a
+    specific release, to see if an upgrade is worth the effort.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,104 +0,0 @@
-HOW TO CONTRIBUTE TO OpenSSL
-============================
-
-Please visit our [Getting Started] page for other ideas about how to contribute.
-
-  [Getting Started]: <https://openssl-library.org/community/getting-started>
-
-Development is done on GitHub in the [openssl/openssl] repository.
-
-  [openssl/openssl]: <https://github.com/openssl/openssl>
-
-To request a new feature, ask a question, or report a bug,
-please open an [issue on GitHub](https://github.com/openssl/openssl/issues).
-
-To submit a patch or implement a new feature, please open a
-[pull request on GitHub](https://github.com/openssl/openssl/pulls).
-If you are thinking of making a large contribution,
-open an issue for it before starting work, to get comments from the community.
-Someone may be already working on the same thing,
-or there may be special reasons why a feature is not implemented.
-
-To make it easier to review and accept your pull request, please follow these
-guidelines:
-
- 1. Anything other than a trivial contribution requires a [Contributor
-    License Agreement] (CLA), giving us permission to use your code.
-    If your contribution is too small to require a CLA (e.g., fixing a spelling
-    mistake), then place the text "`CLA: trivial`" on a line by itself below
-    the rest of your commit message separated by an empty line, like this:
-
-    ```
-        One-line summary of trivial change
-
-        Optional main body of commit message. It might contain a sentence
-        or two explaining the trivial change.
-
-        CLA: trivial
-    ```
-
-    It is not sufficient to only place the text "`CLA: trivial`" in the GitHub
-    pull request description.
-
-    [Contributor License Agreement]: <https://www.openssl.org/policies/cla.html>
-
-    To amend a missing "`CLA: trivial`" line after submission, do the following:
-
-    ```
-        git commit --amend
-        # add the line, save and quit the editor
-        git push -f [<repository> [<branch>]]
-    ```
-
- 2. All source files should start with the following text (with
-    appropriate comment characters at the start of each line and the
-    year(s) updated):
-
-    ```
-        Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
-
-        Licensed under the Apache License 2.0 (the "License").  You may not use
-        this file except in compliance with the License.  You can obtain a copy
-        in the file LICENSE in the source distribution or at
-        https://www.openssl.org/source/license.html
-    ```
-
- 3. Patches should be as current as possible; expect to have to rebase
-    often. We do not accept merge commits, you will have to remove them
-    (usually by rebasing) before it will be acceptable.
-
- 4. Code provided should follow our [coding style] and [documentation policy]
-    and compile without warnings.
-    There is a [Perl tool](util/check-format.pl) that helps
-    finding code formatting mistakes and other coding style nits.
-    Where `gcc` or `clang` is available, you should use the
-    `--strict-warnings` `Configure` option.  OpenSSL compiles on many varied
-    platforms: try to ensure you only use portable features.
-    Clean builds via GitHub Actions are required. They are started automatically
-    whenever a PR is created or updated by committers.
-
-    [coding style]: https://openssl-library.org/policies/technical/coding-style/
-    [documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/
-
- 5. When at all possible, code contributions should include tests. These can
-    either be added to an existing test, or completely new.  Please see
-    [test/README.md](test/README.md) for information on the test framework.
-
- 6. New features or changed functionality must include
-    documentation. Please look at the `.pod` files in `doc/man[1357]` for
-    examples of our style. Run `make doc-nits` to make sure that your
-    documentation changes are clean.
-
- 7. For user visible changes (API changes, behaviour changes, ...),
-    consider adding a note in [CHANGES.md](CHANGES.md).
-    This could be a summarising description of the change, and could
-    explain the grander details.
-    Have a look through existing entries for inspiration.
-    Please note that this is NOT simply a copy of git-log one-liners.
-    Also note that security fixes get an entry in [CHANGES.md](CHANGES.md).
-    This file helps users get more in-depth information of what comes
-    with a specific release without having to sift through the higher
-    noise ratio in git-log.
-
- 8. Guidelines on how to integrate error output of new crypto library modules
-    can be found in [crypto/err/README.md](crypto/err/README.md).
--- a/Configurations/00-base-templates.conf
+++ b/Configurations/00-base-templates.conf
@@ -14,12 +14,35 @@ my %targets=(
 	thread_scheme	=> "(unknown)", # Assume we don't know
 	thread_defines	=> [],

+	apps_aux_src	=> "",
+	apps_init_src	=> "",
+	cpuid_asm_src	=> "mem_clr.c",
+	uplink_aux_src	=> "",
+	bn_asm_src	=> "bn_asm.c",
+	ec_asm_src	=> "",
+	des_asm_src	=> "des_enc.c fcrypt_b.c",
+	aes_asm_src	=> "aes_core.c aes_cbc.c",
+	bf_asm_src	=> "bf_enc.c",
+	md5_asm_src	=> "",
+	cast_asm_src	=> "c_enc.c",
+	rc4_asm_src	=> "rc4_enc.c rc4_skey.c",
+	rmd160_asm_src	=> "",
+	rc5_asm_src	=> "rc5_enc.c",
+	wp_asm_src	=> "wp_block.c",
+	cmll_asm_src	=> "camellia.c cmll_misc.c cmll_cbc.c",
+	modes_asm_src	=> "",
+	padlock_asm_src	=> "",
+	chacha_asm_src	=> "chacha_enc.c",
+	poly1305_asm_src	=> "",
+	keccak1600_asm_src	=> "keccak1600.c",
+
 	unistd		=> "<unistd.h>",
 	shared_target	=> "",
 	shared_cflag	=> "",
 	shared_defines	=> [],
 	shared_ldflag	=> "",
 	shared_rcflag	=> "",
+	shared_extension	=> "",

 	#### Defaults for the benefit of the config targets who don't inherit
 	#### a BASE and assume Unix defaults
@@ -27,8 +50,8 @@ my %targets=(
 	build_scheme	=> [ "unified", "unix" ],
 	build_file	=> "Makefile",

-	AR		=> "(unused)",
-	ARFLAGS		=> "(unused)",
+	AR		=> "ar",
+	ARFLAGS		=> "r",
 	CC		=> "cc",
 	HASHBANGPERL	=> "/usr/bin/env perl",
 	RANLIB		=> sub { which("$config{cross_compile_prefix}ranlib")
@@ -47,26 +70,16 @@ my %targets=(

 	defines		=>
 	    sub {
-                my @defs = ( 'OPENSSL_BUILDING_OPENSSL' );
-                push @defs, "BROTLI" unless $disabled{brotli};
-                push @defs, "BROTLI_SHARED" unless $disabled{"brotli-dynamic"};
+                my @defs = ();
                push @defs, "ZLIB" unless $disabled{zlib};
                push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
-                push @defs, "ZSTD" unless $disabled{zstd};
-                push @defs, "ZSTD_SHARED" unless $disabled{"zstd-dynamic"};
                return [ @defs ];
            },
        includes        =>
            sub {
                my @incs = ();
-                push @incs, $withargs{jitter_include}
-                    if !$disabled{jitter} && $withargs{jitter_include};
-                push @incs, $withargs{brotli_include}
-                    if !$disabled{brotli} && $withargs{brotli_include};
                push @incs, $withargs{zlib_include}
                    if !$disabled{zlib} && $withargs{zlib_include};
-                push @incs, $withargs{zstd_include}
-                    if !$disabled{zstd} && $withargs{zstd_include};
                return [ @incs ];
            },
    },
@@ -76,57 +89,23 @@ my %targets=(
        template        => 1,

        AR              => "ar",
-        ARFLAGS         => "qc",
+        ARFLAGS         => "r",
        CC              => "cc",
-        OBJCOPY         => "objcopy",
-        bin_cflags      =>
-            sub {
-                my @flags = ();
-                if (!defined($disabled{pie})) {
-                    push(@flags, "-fPIE");
-                }
-                return join(" ", @flags);
-            },
-        bin_lflags      =>
-            sub {
-                my @flags = ();
-                if (!defined($disabled{pie})) {
-                    push(@flags, "-pie");
-                }
-                return join(" ", @flags);
-            },
        lflags          =>
-            sub {
-                my @libs = ();
-                push(@libs, "-L".$withargs{jitter_lib}) if $withargs{jitter_lib};
-                push(@libs, "-L".$withargs{zlib_lib}) if $withargs{zlib_lib};
-                push(@libs, "-L".$withargs{brotli_lib}) if $withargs{brotli_lib};
-                push(@libs, "-L".$withargs{zstd_lib}) if $withargs{zstd_lib};
-                return join(" ", @libs);
-            },
+            sub { $withargs{zlib_lib} ? "-L".$withargs{zlib_lib} : () },
        ex_libs         =>
-            sub {
-                my @libs = ();
-                push(@libs, "-l:libjitterentropy.a") if !defined($disabled{jitter});
-                push(@libs, "-lz") if !defined($disabled{zlib}) && defined($disabled{"zlib-dynamic"});
-                if (!defined($disabled{brotli}) && defined($disabled{"brotli-dynamic"})) {
-                    push(@libs, "-lbrotlienc");
-                    push(@libs, "-lbrotlidec");
-                    push(@libs, "-lbrotlicommon");
-                    push(@libs, "-lm");
-                }
-                push(@libs, "-lzstd") if !defined($disabled{zstd}) && defined($disabled{"zstd-dynamic"});
-                return join(" ", @libs);
-            },
+            sub { !defined($disabled{zlib})
+                  && defined($disabled{"zlib-dynamic"})
+                  ? "-lz" : () },
        HASHBANGPERL    => "/usr/bin/env perl", # Only Unix actually cares
        RANLIB          => sub { which("$config{cross_compile_prefix}ranlib")
                                     ? "ranlib" : "" },
        RC              => "windres",

+        shared_extension => ".so",
+
        build_scheme    => [ "unified", "unix" ],
        build_file      => "Makefile",
-
-        perl_platform   => 'Unix',
    },

    BASE_Windows => {
@@ -144,40 +123,31 @@ my %targets=(
            },
        ex_libs         =>
            sub {
-                my @libs = ();
                unless ($disabled{zlib}) {
                    if (defined($disabled{"zlib-dynamic"})) {
-                        push(@libs, $withargs{zlib_lib} // "ZLIB1");
+                        return $withargs{zlib_lib} // "ZLIB1";
                    }
                }
-                unless ($disabled{zstd}) {
-                    if (defined($disabled{"zstd-dynamic"})) {
-                        push(@libs, $withargs{zstd_lib} // "libzstd");
-                    }
-                }
-                unless ($disabled{brotli}) {
-                    if (defined($disabled{"brotli-dynamic"})) {
-                        my $path = "";
-                        if (defined($withargs{brotli_lib})) {
-                            $path = $withargs{brotli_lib} . "\\";
-                        }
-                        push(@libs, $path . "brotlicommon.lib");
-                        push(@libs, $path . "brotlidec.lib");
-                        push(@libs, $path . "brotlienc.lib");
-                    }
-                }
-                return join(" ", @libs);
+                return ();
            },

+        LD              => "link",
+        LDFLAGS         => "/nologo",
+        ldoutflag       => "/out:",
+        AR              => "lib",
+        ARFLAGS         => "/nologo",
+        aroutflag       => "/out:",
+        RC               => "rc",
+        rcoutflag        => "/fo",
        MT              => "mt",
        MTFLAGS         => "-nologo",
        mtinflag        => "-manifest ",
        mtoutflag       => "-outputresource:",

+        shared_extension => ".dll",
+
        build_file      => "makefile",
        build_scheme    => [ "unified", "windows" ],
-
-        perl_platform   => 'Windows',
    },

    BASE_VMS => {
@@ -194,9 +164,193 @@ my %targets=(
                    return [ @incs ];
                }),

+        shared_extension => ".exe",
+
        build_file       => "descrip.mms",
        build_scheme     => [ "unified", "VMS" ],
+    },

-        perl_platform    => 'VMS',
+    uplink_common => {
+	template	=> 1,
+	apps_init_src	=> add("../ms/applink.c"),
+	uplink_aux_src	=> add("../ms/uplink.c"),
+	defines		=> add("OPENSSL_USE_APPLINK"),
+    },
+    x86_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-x86.s"),
+    },
+    x86_64_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-x86_64.s"),
+    },
+    ia64_uplink => {
+	inherit_from	=> [ "uplink_common" ],
+	template	=> 1,
+	uplink_aux_src	=> add("uplink-ia64.s"),
+    },
+
+    x86_asm => {
+	template	=> 1,
+	cpuid_asm_src	=> "x86cpuid.s",
+	bn_asm_src	=> "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
+	ec_asm_src	=> "ecp_nistz256.c ecp_nistz256-x86.s",
+	des_asm_src	=> "des-586.s crypt586.s",
+	aes_asm_src	=> "aes-586.s vpaes-x86.s aesni-x86.s",
+	bf_asm_src	=> "bf-586.s",
+	md5_asm_src	=> "md5-586.s",
+	cast_asm_src	=> "cast-586.s",
+	sha1_asm_src	=> "sha1-586.s sha256-586.s sha512-586.s",
+	rc4_asm_src	=> "rc4-586.s",
+	rmd160_asm_src	=> "rmd-586.s",
+	rc5_asm_src	=> "rc5-586.s",
+	wp_asm_src	=> "wp_block.c wp-mmx.s",
+	cmll_asm_src	=> "cmll-x86.s",
+	modes_asm_src	=> "ghash-x86.s",
+	padlock_asm_src	=> "e_padlock-x86.s",
+	chacha_asm_src	=> "chacha-x86.s",
+	poly1305_asm_src=> "poly1305-x86.s",
+    },
+    x86_elf_asm => {
+	template	=> 1,
+	inherit_from	=> [ "x86_asm" ],
+	perlasm_scheme	=> "elf"
+    },
+    x86_64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "x86_64cpuid.s",
+	bn_asm_src      => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s",
+	aes_asm_src     => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
+	md5_asm_src     => "md5-x86_64.s",
+	sha1_asm_src    => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
+	rc4_asm_src     => "rc4-x86_64.s rc4-md5-x86_64.s",
+	wp_asm_src      => "wp-x86_64.s",
+	cmll_asm_src    => "cmll-x86_64.s cmll_misc.c",
+	modes_asm_src   => "ghash-x86_64.s aesni-gcm-x86_64.s",
+	padlock_asm_src => "e_padlock-x86_64.s",
+	chacha_asm_src	=> "chacha-x86_64.s",
+	poly1305_asm_src=> "poly1305-x86_64.s",
+	keccak1600_asm_src	=> "keccak1600-x86_64.s",
+    },
+    ia64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "ia64cpuid.s",
+	bn_asm_src      => "bn-ia64.s ia64-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-ia64.s",
+	sha1_asm_src    => "sha1-ia64.s sha256-ia64.s sha512-ia64.s",
+	modes_asm_src   => "ghash-ia64.s",
+	perlasm_scheme	=> "void"
+    },
+    sparcv9_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "sparcv9cap.c sparccpuid.S",
+	bn_asm_src      => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-sparcv9.S",
+	des_asm_src     => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S aesfx-sparcv9.S",
+	md5_asm_src     => "md5-sparcv9.S",
+	sha1_asm_src    => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S",
+	cmll_asm_src    => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S",
+	modes_asm_src   => "ghash-sparcv9.S",
+	poly1305_asm_src=> "poly1305-sparcv9.S",
+	perlasm_scheme	=> "void"
+    },
+    sparcv8_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "",
+	bn_asm_src      => "asm/sparcv8.S",
+	des_asm_src     => "des_enc-sparc.S fcrypt_b.c",
+	perlasm_scheme	=> "void"
+    },
+    alpha_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "alphacpuid.s",
+	bn_asm_src      => "bn_asm.c alpha-mont.S",
+	sha1_asm_src    => "sha1-alpha.S",
+	modes_asm_src   => "ghash-alpha.S",
+	perlasm_scheme	=> "void"
+    },
+    mips32_asm => {
+	template	=> 1,
+	bn_asm_src      => "bn-mips.S mips-mont.S",
+	aes_asm_src     => "aes_cbc.c aes-mips.S",
+	sha1_asm_src    => "sha1-mips.S sha256-mips.S",
+    },
+    mips64_asm => {
+	inherit_from	=> [ "mips32_asm" ],
+	template	=> 1,
+	sha1_asm_src    => add("sha512-mips.S"),
+	poly1305_asm_src=> "poly1305-mips.S",
+    },
+    s390x_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "s390xcap.c s390xcpuid.S",
+	bn_asm_src      => "asm/s390x.S s390x-mont.S s390x-gf2m.s",
+	aes_asm_src     => "aes-s390x.S aes-ctr.fake aes-xts.fake",
+	sha1_asm_src    => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
+	rc4_asm_src     => "rc4-s390x.s",
+	modes_asm_src   => "ghash-s390x.S",
+	chacha_asm_src  => "chacha-s390x.S",
+	poly1305_asm_src=> "poly1305-s390x.S",
+	keccak1600_asm_src	=> "keccak1600-s390x.S",
+    },
+    armv4_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "armcap.c armv4cpuid.S",
+	bn_asm_src      => "bn_asm.c armv4-mont.S armv4-gf2m.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-armv4.S",
+	aes_asm_src     => "aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S",
+	sha1_asm_src    => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
+	modes_asm_src   => "ghash-armv4.S ghashv8-armx.S",
+	chacha_asm_src  => "chacha-armv4.S",
+	poly1305_asm_src=> "poly1305-armv4.S", 
+	keccak1600_asm_src	=> "keccak1600-armv4.S",
+	perlasm_scheme	=> "void"
+    },
+    aarch64_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "armcap.c arm64cpuid.S",
+	ec_asm_src      => "ecp_nistz256.c ecp_nistz256-armv8.S",
+	bn_asm_src      => "bn_asm.c armv8-mont.S",
+	aes_asm_src     => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
+	sha1_asm_src    => "sha1-armv8.S sha256-armv8.S sha512-armv8.S",
+	modes_asm_src   => "ghashv8-armx.S",
+	chacha_asm_src  => "chacha-armv8.S",
+	poly1305_asm_src=> "poly1305-armv8.S",
+	keccak1600_asm_src	=> "keccak1600-armv8.S",
+    },
+    parisc11_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "pariscid.s",
+	bn_asm_src      => "bn_asm.c parisc-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-parisc.s",
+	sha1_asm_src    => "sha1-parisc.s sha256-parisc.s sha512-parisc.s",
+	rc4_asm_src     => "rc4-parisc.s",
+	modes_asm_src   => "ghash-parisc.s",
+	perlasm_scheme	=> "32"
+    },
+    parisc20_64_asm => {
+	template	=> 1,
+	inherit_from	=> [ "parisc11_asm" ],
+	perlasm_scheme	=> "64",
+    },
+    ppc32_asm => {
+	template	=> 1,
+	cpuid_asm_src   => "ppccpuid.s ppccap.c",
+	bn_asm_src      => "bn-ppc.s ppc-mont.s",
+	aes_asm_src     => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s",
+	sha1_asm_src    => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s",
+	modes_asm_src   => "ghashp8-ppc.s",
+	chacha_asm_src	=> "chacha-ppc.s",
+	poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s",
+    },
+    ppc64_asm => {
+	inherit_from	=> [ "ppc32_asm" ],
+	template	=> 1,
+	ec_asm_src	=> "ecp_nistz256.c ecp_nistz256-ppc64.s x25519-ppc64.s",
+	keccak1600_asm_src	=> "keccak1600-ppc64.s",
    },
 );
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
--- a/Configurations/15-android.conf
+++ b/Configurations/15-android.conf
@@ -1,6 +1,6 @@
 #### Android...
 #
-# See NOTES-Android.md for details, and don't miss platform-specific
+# See NOTES.ANDROID for details, and don't miss platform-specific
 # comments below...

 {
@@ -12,7 +12,6 @@
        arm64  => "aarch64-linux-android",
        mips   => "mipsel-linux-android",
        mips64 => "mips64el-linux-android",
-        riscv64 => "riscv64-linux-android",
        x86    => "i686-linux-android",
        x86_64 => "x86_64-linux-android",
    );
@@ -23,25 +22,19 @@
                return $android_ndk = { bn_ops => "BN_AUTO" };
            }

-            my $ndk_var;
-            my $ndk;
-            foreach (qw(ANDROID_NDK_ROOT ANDROID_NDK)) {
-                $ndk_var = $_;
-                $ndk = $ENV{$ndk_var};
-                last if defined $ndk;
-            }
-            die "\$ANDROID_NDK_ROOT is not defined"  if (!$ndk);
-            my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
-            my $ndk_src_props = "$ndk/source.properties";
-            my $is_ndk = -f $ndk_src_props;
-            if ($is_ndk == $is_standalone_toolchain) {
-                die "\$ANDROID_NDK_ROOT=$ndk is invalid";
+            my $ndk = $ENV{ANDROID_NDK};
+            die "\$ANDROID_NDK is not defined"  if (!$ndk);
+            if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
+                # $ndk/platforms is traditional "all-inclusive" NDK, while
+                # $ndk/AndroidVersion.txt is so-called standalone toolchain
+                # tailored for specific target down to API level.
+                die "\$ANDROID_NDK=$ndk is invalid";
            }
            $ndk = canonpath($ndk);

            my $ndkver = undef;

-            if (open my $fh, "<$ndk_src_props") {
+            if (open my $fh, "<$ndk/source.properties") {
                local $_;
                while(<$fh>) {
                    if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
@@ -60,7 +53,7 @@
            if ($sysroot = $ENV{CROSS_SYSROOT}) {
                $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
                ($api, $arch) = ($1, $2);
-            } elsif ($is_standalone_toolchain) {
+            } elsif (-f "$ndk/AndroidVersion.txt") {
                $sysroot = "$ndk/sysroot";
            } else {
                $api = "*";
@@ -73,31 +66,17 @@
                    }
                }

-                if (-d "$ndk/platforms") {
-                    # list available platforms (numerically)
-                    my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
-                                           $b =~ m/-([0-9]+)$/; $aa <=> $1;
-                                         } glob("$ndk/platforms/android-$api");
-                    die "no $ndk/platforms/android-$api" if ($#platforms < 0);
+                # list available platforms (numerically)
+                my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
+                                       $b =~ m/-([0-9]+)$/; $aa <=> $1;
+                                     } glob("$ndk/platforms/android-$api");
+                die "no $ndk/platforms/android-$api" if ($#platforms < 0);

-                    $sysroot = "@platforms[$#platforms]/arch-$arch";
-                    $sysroot =~ m|/android-([0-9]+)/arch-$arch|;
-                    $api = $1;
-                } elsif ($api eq "*") {
-                    # r22 Removed platforms dir, use this JSON file
-                    my $path = "$ndk/meta/platforms.json";
-                    open my $fh, $path or die "Could not open '$path' $!";
-                    while (<$fh>) {
-                        if (/"max": (\d+),/) {
-                            $api = $1;
-                            last;
-                        }
-                    }
-                    close $fh;
-                }
-                die "Could not get default API Level" if ($api eq "*");
+                $sysroot = "@platforms[$#platforms]/arch-$arch";
+                $sysroot =~ m|/android-([0-9]+)/arch-$arch|;
+                $api = $1;
            }
-            die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);
+            die "no sysroot=$sysroot"   if (!-d $sysroot);

            my $triarch = $triplet{$arch};
            my $cflags;
@@ -110,21 +89,17 @@
                my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
                (my $tridefault = $triarch) =~ s/^arm-/$arm-/;
                (my $tritools   = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
-                if (length $sysroot) {
-                    $cflags .= " -target $tridefault "
-                            .  "-gcc-toolchain \$($ndk_var)/toolchains"
-                            .  "/$tritools-4.9/prebuilt/$host";
-                    $user{CC} = "clang" if ($user{CC} !~ m|clang|);
-                } else {
-                    $user{CC} = "$tridefault$api-clang";
-                }
+                $cflags .= " -target $tridefault "
+                        .  "-gcc-toolchain \$(ANDROID_NDK)/toolchains"
+                        .  "/$tritools-4.9/prebuilt/$host";
+                $user{CC} = "clang" if ($user{CC} !~ m|clang|);
                $user{CROSS_COMPILE} = undef;
                if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
                    $user{AR} = "llvm-ar";
                    $user{ARFLAGS} = [ "rs" ];
                    $user{RANLIB} = ":";
                }
-            } elsif ($is_standalone_toolchain) {
+            } elsif (-f "$ndk/AndroidVersion.txt") {    #"standalone toolchain"
                my $cc = $user{CC} // "clang";
                # One can probably argue that both clang and gcc should be
                # probed, but support for "standalone toolchain" was added
@@ -146,21 +121,19 @@
                $user{CROSS_COMPILE} = "$triarch-";
            }

-            if (length $sysroot) {
-                if (!-d "$sysroot/usr/include") {
-                    my $incroot = "$ndk/sysroot/usr/include";
-                    die "no $incroot"          if (!-d $incroot);
-                    die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
-                    $incroot =~ s|^$ndk/||;
-                    $cppflags  = "-D__ANDROID_API__=$api";
-                    $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
-                    $cppflags .= " -isystem \$($ndk_var)/$incroot";
-                }
-                $sysroot =~ s|^$ndk/||;
-                $sysroot = " --sysroot=\$($ndk_var)/$sysroot";
+            if (!-d "$sysroot/usr/include") {
+                my $incroot = "$ndk/sysroot/usr/include";
+                die "no $incroot"          if (!-d $incroot);
+                die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
+                $incroot =~ s|^$ndk/||;
+                $cppflags  = "-D__ANDROID_API__=$api";
+                $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot/$triarch";
+                $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot";
            }
+
+            $sysroot =~ s|^$ndk/||;
            $android_ndk = {
-                cflags   => $cflags . $sysroot,
+                cflags   => "$cflags --sysroot=\$(ANDROID_NDK)/$sysroot",
                cppflags => $cppflags,
                bn_ops   => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
                                            : "BN_LLONG",
@@ -189,10 +162,8 @@ my %targets = (
        cppflags         => add(sub { android_ndk()->{cppflags} }),
        cxxflags         => add(sub { android_ndk()->{cflags} }),
        bn_ops           => sub { android_ndk()->{bn_ops} },
-        bin_cflags       => "-fPIE",
-        bin_lflags       => "-pie",
+        bin_cflags       => "-pie",
        enable           => [ ],
-        shared_extension => ".so",
    },
    "android-arm" => {
        ################################################################
@@ -222,22 +193,18 @@ my %targets = (
        # -march and/or -mfloat-abi flags. NDK defaults to armv5te.
        # Newer NDK versions reportedly require additional -latomic.
        #
-        inherit_from     => [ "android" ],
+        inherit_from     => [ "android", asm("armv4_asm") ],
        bn_ops           => add("RC4_CHAR"),
-        asm_arch         => 'armv4',
-        perlasm_scheme   => "void",
    },
    "android-arm64" => {
-        inherit_from     => [ "android" ],
+        inherit_from     => [ "android", asm("aarch64_asm") ],
        bn_ops           => add("RC4_CHAR"),
-        asm_arch         => 'aarch64',
        perlasm_scheme   => "linux64",
    },

    "android-mips" => {
-        inherit_from     => [ "android" ],
+        inherit_from     => [ "android", asm("mips32_asm") ],
        bn_ops           => add("RC4_CHAR"),
-        asm_arch         => 'mips32',
        perlasm_scheme   => "o32",
    },
    "android-mips64" => {
@@ -250,35 +217,25 @@ my %targets = (
        # with previous MIPS ISA versions, in sense that unlike
        # prior versions original MIPS binary code will fail.
        #
-        inherit_from     => [ "android" ],
+        inherit_from     => [ "android", asm("mips64_asm") ],
        bn_ops           => add("RC4_CHAR"),
-        asm_arch         => 'mips64',
        perlasm_scheme   => "64",
    },

    "android-x86" => {
-        inherit_from     => [ "android" ],
+        inherit_from     => [ "android", asm("x86_asm") ],
        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
        bn_ops           => add("RC4_INT"),
-        asm_arch         => 'x86',
        perlasm_scheme   => "android",
-        ex_libs          => add(threads("-latomic")),
    },
    "android-x86_64" => {
-        inherit_from     => [ "android" ],
+        inherit_from     => [ "android", asm("x86_64_asm") ],
        bn_ops           => add("RC4_INT"),
-        asm_arch         => 'x86_64',
        perlasm_scheme   => "elf",
    },

-    "android-riscv64" => {
-        inherit_from     => [ "android" ],
-        asm_arch         => 'riscv64',
-        perlasm_scheme   => "linux64",
-    },
-
    ####################################################################
-    # Backward compatible targets, (might) require $CROSS_SYSROOT
+    # Backward compatible targets, (might) requre $CROSS_SYSROOT
    #
    "android-armeabi" => {
        inherit_from     => [ "android-arm" ],
--- a/Configurations/15-ios.conf
+++ b/Configurations/15-ios.conf
@@ -1,64 +1,37 @@
 #### iPhoneOS/iOS
 #
-# `xcrun` targets require an Xcode that can determine the correct C compiler via
-# `xcrun -sdk iphoneos`. This has been standard in Xcode for a while now - any recent
-# Xcode should do.  If the Xcode on the build machine doesn't support this then use
-# the legacy targets at the end of this file. These require manual definition of
-# environment variables.
+# It takes recent enough XCode to use following two targets. It shouldn't
+# be a problem by now, but if they don't work, original targets below
+# that depend on manual definition of environment variables should still
+# work...
 #
 my %targets = (
    "ios-common" => {
        template         => 1,
        inherit_from     => [ "darwin-common" ],
        sys_id           => "iOS",
-        disable          => [ "async" ],
+        disable          => [ "engine", "async" ],
    },
    "ios-xcrun" => {
-        inherit_from     => [ "ios-common" ],
+        inherit_from     => [ "ios-common", asm("armv4_asm") ],
        # It should be possible to go below iOS 6 and even add -arch armv6,
        # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
        # at this point.
        CC               => "xcrun -sdk iphoneos cc",
-        cflags           => add("-arch armv7 -fno-common"),
-        asm_arch         => 'armv4',
+        cflags           => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"),
        perlasm_scheme   => "ios32",
    },
    "ios64-xcrun" => {
-        inherit_from     => [ "ios-common" ],
+        inherit_from     => [ "ios-common", asm("aarch64_asm") ],
        CC               => "xcrun -sdk iphoneos cc",
-        cflags           => add("-arch arm64 -fno-common"),
+        cflags           => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"),
        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
-        asm_arch         => 'aarch64',
        perlasm_scheme   => "ios64",
    },
    "iossimulator-xcrun" => {
        inherit_from     => [ "ios-common" ],
        CC               => "xcrun -sdk iphonesimulator cc",
    },
-    "iossimulator-arm64-xcrun" => {
-        inherit_from     => [ "ios-common" ],
-        CC               => "xcrun -sdk iphonesimulator cc",
-        cflags           => add("-arch arm64 -fno-common"),
-        bn_ops           => "SIXTY_FOUR_BIT_LONG",
-        asm_arch         => 'aarch64',
-        perlasm_scheme   => "ios64",
-    },
-    "iossimulator-i386-xcrun" => {
-        inherit_from     => [ "ios-common" ],
-        CC               => "xcrun -sdk iphonesimulator cc",
-        cflags           => add("-arch i386 -fno-common"),
-        bn_ops           => "BN_LLONG",
-        asm_arch         => 'x86',
-        perlasm_scheme   => "macosx",
-    },
-    "iossimulator-x86_64-xcrun" => {
-        inherit_from     => [ "ios-common" ],
-        CC               => "xcrun -sdk iphonesimulator cc",
-        cflags           => add("-arch x86_64 -fno-common"),
-        bn_ops           => "SIXTY_FOUR_BIT_LONG",
-        asm_arch         => 'x86_64',
-        perlasm_scheme   => "macosx",
-    },
 # It takes three prior-set environment variables to make it work:
 #
 # CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
@@ -74,16 +47,16 @@ my %targets = (
 #
    "iphoneos-cross" => {
        inherit_from     => [ "ios-common" ],
-        cflags           => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\" -fno-common"),
+        cflags           => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
    },
    "ios-cross" => {
        inherit_from     => [ "ios-xcrun" ],
        CC               => "cc",
-        cflags           => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
+        cflags           => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
    },
    "ios64-cross" => {
        inherit_from     => [ "ios64-xcrun" ],
        CC               => "cc",
-        cflags           => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
+        cflags           => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
    },
 );
--- a/Configurations/50-cppbuilder.conf
+++ b/Configurations/50-cppbuilder.conf
@@ -1,121 +0,0 @@
-my %targets = (
-    "BC-32" => {
-        inherit_from     => [ "BASE_Windows" ],
-        sys_id           => "WIN32",
-        bn_ops           => "BN_LLONG",
-        thread_scheme    => "winthreads",
-        cc               => "bcc32c",
-        CPP              => "cpp32 -oCON -Sc -Sr",
-        defines          => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN32",
-                                "L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
-                                "_strnicmp=strnicmp", "_malloca=malloc",
-                                "_freea=free", "_setmode=setmode"),
-        cflags           => picker(default => add("-q -c",
-                                                  threads("-tM"),
-                                                  shared("-tR")),
-                                   debug   => "-Od -v -vi- -D_DEBUG",
-                                   release => "-O2"),
-        bin_cflags       => "-tWC",
-        lib_cflags       => shared("-tWD -D_WINDLL -D_DLL"),
-        coutflag         => "-o",
-
-        # -Sx isn't documented, but 'cpp32 -H -S' explains it:
-        #
-        # -Sx     Omit preprocessed text in output
-        makedepcmd       => "cpp32 -oCON -Sx -Hp",
-        makedep_scheme   => "embarcadero",
-
-        LD               => "ilink32",
-        LDFLAGS          => picker(default => "-x -Gn -q -w-dup",
-                                   debug   => '-j"$(BDS)\lib\win32c\debug" ' .
-                                              '-L"$(BDS)\lib\win32c\debug" -v',
-                                   release => '-j"$(BDS)\lib\win32c\release" ' .
-                                              '-L"$(BDS)\lib\win32c\release"'),
-        bin_lflags       => "-ap -Tpe c0x32.obj wildargs.obj",
-        ldoutflag        => ",",
-        ldpostoutflag    => ",,",
-        ld_resp_delim    => " +\n",
-        ex_libs          => add(sub {
-            my @ex_libs = ("import32.lib",
-                           ($disabled{shared}
-                            ? ($disabled{threads} ? "cw32.lib" : "cw32mt.lib")
-                            : ($disabled{threads} ? "cw32i.lib" : "cw32mti.lib")));
-            push @ex_libs, "ws2_32.lib" unless $disabled{sock};
-            return join(" ", @ex_libs);
-        }),
-        AR               => "tlib",
-        ARFLAGS          => "/P256 /N /u",
-        ar_resp_delim    => " &\n",
-        RC               => "brcc32",
-        RCFLAGS          => '-i"$(BDS)\include\windows\sdk"',
-        rcoutflag        => "-fo",
-        shared_target    => "win-shared",
-        shared_ldflag    => "-aa -Tpd c0d32.obj",
-        lddefflag        => ",",
-        ldresflag        => ",",
-        ld_implib_rule   => 'implib -a $< $**',
-        dso_scheme       => "win32",
-        shared_defflag   => '',
-        perl_platform    => 'Windows::cppbuilder',
-        uplink_arch      => 'common',
-    },
-    "BC-64" => {
-        inherit_from     => [ "BASE_Windows" ],
-        sys_id           => "WIN64",
-        bn_ops           => "BN_LLONG",
-        thread_scheme    => "winthreads",
-        cc               => "bcc64",
-        CPP              => "cpp64 -oCON -Sc -Sr",
-        defines          => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN64",
-                                "L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
-                                "_strnicmp=strnicmp", "_setmode=setmode"),
-        cflags           => picker(default => add("-q -c",
-                                                  threads("-tM"),
-                                                  shared("-tR")),
-                                   debug   => "-Od -v -vi- -D_DEBUG",
-                                   release => "-O2"),
-        bin_cflags       => "-tWC",
-        lib_cflags       => shared("-tWD -D_WINDLL -D_DLL"),
-        coutflag         => "-o",
-
-        # -Sx isn't documented, but 'cpp64 -H -S' explains it:
-        #
-        # -Sx     Omit preprocessed text in output
-        makedepcmd       => "cpp64 -oCON -Sx -Hp",
-        makedep_scheme   => "embarcadero",
-
-        LD               => "ilink64",
-        LDFLAGS          => picker(default => "-x -Gn -q -w-dup",
-                                   debug   => '-j"$(BDS)\lib\win64\debug" ' .
-                                              '-L"$(BDS)\lib\win64\debug" -v',
-                                   release => '-j"$(BDS)\lib\win64\release" ' .
-                                              '-L"$(BDS)\lib\win64\release"'),
-        bin_lflags       => "-ap -Tpe c0x64.o wildargs.o",
-        ldoutflag        => ",",
-        ldpostoutflag    => ",,",
-        ld_resp_delim    => " +\n",
-        ex_libs          => add(sub {
-            my @ex_libs = ("import64.a",
-                           ($disabled{shared}
-                            ? ($disabled{threads} ? "cw64.a" : "cw64mt.a")
-                            : ($disabled{threads} ? "cw64i.a" : "cw64mti.a")));
-            push @ex_libs, "ws2_32.a" unless $disabled{sock};
-            return join(" ", @ex_libs);
-        }),
-        AR               => "tlib",
-        ARFLAGS          => "/P256 /N /u",
-        ar_resp_delim    => " &\n",
-        RC               => "brcc32",
-        RCFLAGS          => '-i"$(BDS)\include\windows\sdk"',
-        rcoutflag        => "-fo",
-        shared_target    => "win-shared",
-        shared_ldflag    => "-aa -Tpd c0d64.o",
-        lddefflag        => ",",
-        ldresflag        => ",",
-        ld_implib_rule   => 'implib -a $< $**',
-        dso_scheme       => "win64",
-        shared_defflag   => '',
-        perl_platform    => 'Windows::cppbuilder',
-        uplink_arch      => 'common',
-    }
-);
--- a/Configurations/50-djgpp.conf
+++ b/Configurations/50-djgpp.conf
@@ -4,7 +4,7 @@

 my %targets = (
    "DJGPP" => {
-        inherit_from     => [ "BASE_unix" ],
+        inherit_from     => [ asm("x86_asm") ],
        CC               => "gcc",
        CFLAGS           => "-fomit-frame-pointer -O2 -Wall",
        cflags           => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",
@@ -12,7 +12,6 @@ my %targets = (
        lflags           => add("-L/dev/env/WATT_ROOT/lib"),
        ex_libs          => add("-lwatt"),
        bn_ops           => "BN_LLONG",
-        asm_arch         => 'x86',
        perlasm_scheme   => "a.out",
    },
 );
--- a/Configurations/50-haiku.conf
+++ b/Configurations/50-haiku.conf
@@ -7,9 +7,6 @@ my %targets = (
                                              release => "-O2")),
        cflags           => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h",
                                       threads("-D_REENTRANT")),
-        AR              => "ar",
-        ARFLAGS         => "qc",
-        HASHBANGPERL    => "/bin/env perl",
        sys_id           => "HAIKU",
        ex_libs          => "-lnetwork",
        perlasm_scheme   => "elf",
@@ -18,14 +15,12 @@ my %targets = (
        shared_target    => "gnu-shared",
        shared_cflag     => "-fPIC",
        shared_ldflag    => "-shared",
-        perl_platform    => 'Unix',
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
    },
    "haiku-x86" => {
-        inherit_from     => [ "haiku-common" ],
+        inherit_from     => [ "haiku-common", asm("x86_elf_asm") ],
        CFLAGS           => add(picker(release => "-fomit-frame-pointer")),
        bn_ops           => "BN_LLONG",
-        asm_arch         => 'x86',
-        perlasm_scheme   => 'elf',
    },
    "haiku-x86_64" => {
        inherit_from     => [ "haiku-common" ],
--- a/Configurations/50-masm.conf
+++ b/Configurations/50-masm.conf
@@ -9,14 +9,15 @@

 my %targets = (
    "VC-WIN64A-masm" => {
-        inherit_from    => [ "VC-WIN64-common" ],
+        inherit_from    => [ "VC-WIN64-common", asm("x86_64_asm"),
+                             sub { $disabled{shared} ? () : "x86_64_uplink" } ],
        AS              => "ml64",
        ASFLAGS         => "/nologo /Zi",
        asoutflag       => "/Fo",
        asflags         => "/c /Cp /Cx",
        sys_id          => "WIN64A",
-        uplink_arch      => 'x86_64',
-        asm_arch         => 'x86_64',
+        bn_asm_src      => sub { return undef unless @_;
+                                 my $r=join(" ",@_); $r=~s|asm/x86_64-gcc|bn_asm|; $r; },
        perlasm_scheme   => "masm",
    },
 );
--- a/Configurations/50-nonstop.conf
+++ b/Configurations/50-nonstop.conf
@@ -1,283 +0,0 @@
-#### Nonstop configurations
-    # Common for all
-    'nonstop-common' => {
-        inherit_from     => [ 'BASE_unix' ],
-        template         => 1,
-        cc               => 'c99',
-        cflags           => add_before(picker(debug   => '-g -O0',
-                                              release => '-g -O2'),
-                                       '-Wextensions',
-                                       '-Wnowarn=203,220,272,734,770,1506',
-                                       '-Wbuild_neutral_library',
-                                       '-Wverbose'),
-        defines          => add('OPENSSL_VPROC=$(OPENSSL_VPROC)',
-                                '_XOPEN_SOURCE',
-                                '_XOPEN_SOURCE_EXTENDED=1',
-                                '_TANDEM_SOURCE',
-                                '__NSK_OPTIONAL_TYPES__',
-                                'B_ENDIAN'),
-        perl             => '/usr/bin/perl',
-        shared_target    => 'nonstop-shared',
-        shared_extension => ".so",
-        ex_libs          => add('-lrld'),
-        enable           => ['egd'],
-	# Not currently inherited
-        disable          => ['atexit'],
-        dso_scheme       => 'DLFCN',
-        sys_id           => 'TANDEM',
-    },
-
-    ######################################################################
-    # Additional variant settings, to be combined with nonstop-common
-    # Note that these do not inherit anything.  However, the diverse values
-    # are merged with other entries in an 'inherit_from'.
-    #
-    # These combine:
-    # - System architecture (MIPS, Itanium, or x86)
-    # - Execution environment (oss [default] or guardian)
-    #
-    # Unfortunately, they can't be separated into independent templates, because
-    # a number of the above are encoded as different linkers, and by consequence,
-    # different c99 linker flags (-Wld, -Weld, and -Wxld)
-    #
-    # In addition, the are modifiers for:
-    # - Size of long + pointer (ilp32 [default] and lp64)
-    # - Float type (neutral and tandem)
-    #
-    # Unfortunately, because the float types affect the linker settings, those
-    # are divided per system architecture
-    #
-    # MIPS + guardian (unused but present for convenience):
-    'nonstop-archenv-mips-guardian' => {
-        template         => 1,
-        defines          => ['NO_GETPID'],
-        cflags           => '-Wtarget=tns/r -Wsystype=guardian',
-        lflags           => '-Wld="-set systype guardian"',
-        shared_ldflag    => '-Wshared -Wld="-soname $(@:lib%.so=%)"',
-        shared_defflag   => '-Wld_obey=',
-        shared_argfileflag => '-Wld_obey=',
-    },
-
-    # Itanium + guardian:
-    'nonstop-archenv-itanium-guardian' => {
-        template         => 1,
-        defines          => ['NO_GETPID'],
-        cflags           => '-Wtarget=tns/e -Wsystype=guardian',
-        lflags           => '-Weld="-set systype guardian"',
-        shared_ldflag    => '-Wshared -Weld="-soname $(@:lib%.so=%)"',
-        shared_defflag   => '-Weld_obey=',
-        shared_argfileflag => '-Weld_obey=',
-    },
-
-    # x86 + guardian:
-    'nonstop-archenv-x86_64-guardian' => {
-        template         => 1,
-        defines          => ['NO_GETPID'],
-        cflags           => '-Wtarget=tns/x -Wsystype=guardian',
-        lflags           => '-Wxld="-set systype guardian"',
-        shared_ldflag    => '-Wshared -Wxld="-soname $(@:lib%.so=%)"',
-        shared_defflag   => '-Wxld_obey=',
-        shared_argfileflag => '-Wxld_obey=',
-    },
-
-    # MIPS + oss (unused but present for convenience):
-    'nonstop-archenv-mips-oss' => {
-        template         => 1,
-        cflags           => '-Wtarget=tns/r -Wsystype=oss',
-        lflags           => '-Wld="-set systype oss"',
-        shared_ldflag    => '-Wshared',
-        shared_defflag   => '-Wld_obey=',
-        shared_argfileflag => '-Wld_obey=',
-    },
-    # Itanium + oss:
-    'nonstop-archenv-itanium-oss' => {
-        template         => 1,
-        cflags           => '-Wtarget=tns/e -Wsystype=oss',
-        lflags           => '-Weld="-set systype oss"',
-        shared_ldflag    => '-Wshared',
-        shared_defflag   => '-Weld_obey=',
-        shared_argfileflag => '-Weld_obey=',
-    },
-    # x86_64 + oss:
-    'nonstop-archenv-x86_64-oss' => {
-        template         => 1,
-        cflags           => '-Wtarget=tns/x -Wsystype=oss',
-        lflags           => '-Wxld="-set systype oss"',
-        shared_ldflag    => '-Wshared',
-        shared_defflag   => '-Wxld_obey=',
-        shared_argfileflag => '-Wxld_obey=',
-    },
-
-    # Size variants
-    'nonstop-ilp32' => {
-        template         => 1,
-        cflags           => '-Wilp32',
-        bn_ops           => 'THIRTY_TWO_BIT',
-    },
-    'nonstop-lp64-itanium' => {
-        template         => 1,
-        cflags           => '-Wlp64',
-        bn_ops           => 'SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR',
-    },
-    'nonstop-lp64-x86_64' => {
-        template         => 1,
-        cflags           => '-Wlp64',
-        lflags           => '-Wxld="-set data_model lp64"',
-        bn_ops           => 'SIXTY_FOUR_BIT',
-    },
-
-    # Float variants
-    'nonstop-nfloat-mips' => {
-        template         => 1,
-        lflags           => '-Wld="-set floattype neutral_float"',
-    },
-    'nonstop-tfloat-mips' => {
-        template         => 1,
-        lflags           => '-Wld="-set floattype tandem_float"',
-    },
-    'nonstop-efloat-itanium' => {
-        template         => 1,
-        cflags           => '-WIEEE_float',
-        lflags           => '-Weld="-set floattype ieee_float"',
-    },
-    'nonstop-nfloat-itanium' => {
-        template         => 1,
-        lflags           => '-Weld="-set floattype neutral_float"',
-    },
-    'nonstop-tfloat-itanium' => {
-        template         => 1,
-        cflags           => '-WTandem_float',
-        lflags           => '-Weld="-set floattype tandem_float"',
-    },
-    'nonstop-efloat-x86_64' => {
-        template         => 1,
-        cflags           => '-WIEEE_float',
-        lflags           => '-Wxld="-set floattype ieee_float"',
-    },
-    'nonstop-nfloat-x86_64' => {
-        template         => 1,
-        lflags           => '-Wxld="-set floattype neutral_float"',
-    },
-    'nonstop-tfloat-x86_64' => {
-        template         => 1,
-        cflags           => '-WTandem_float',
-        lflags           => '-Wxld="-set floattype tandem_float"',
-    },
-
-    ######################################################################
-    # Build models
-    'nonstop-model-put' => {
-        template         => 1,
-        defines          => ['_PUT_MODEL_',
-                             '_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
-        ex_libs          => '-lput',
-    },
-
-    ######################################################################
-    # Build models
-    'nonstop-model-klt' => {
-        template         => 1,
-        defines          => ['_KLT_MODEL_',
-                             '_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
-        ex_libs          => '-lklt',
-    },
-
-    ######################################################################
-    # Now for the entries themselves, let's combine things!
-    'nonstop-nsx' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-x86_64' ],
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nsx_put' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-x86_64',
-                              'nonstop-model-put' ],
-        multilib         => '-put',
-        multibin         => '-put',
-        disable          => ['atexit'],
-    },
-    'nonstop-nsx_64' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-lp64-x86_64',
-                              'nonstop-efloat-x86_64' ],
-        multilib         => '64',
-        multibin         => '64',
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nsx_64_put' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-lp64-x86_64',
-                              'nonstop-efloat-x86_64',
-                              'nonstop-model-put' ],
-        multilib         => '64-put',
-        multibin         => '64-put',
-        disable          => ['atexit'],
-    },
-    'nonstop-nsx_64_klt' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-oss',
-                              'nonstop-lp64-x86_64',
-                              'nonstop-efloat-x86_64',
-                              'nonstop-model-klt' ],
-        multilib         => '64-klt',
-        multibin         => '64-klt',
-        disable          => ['atexit'],
-    },
-    'nonstop-nsx_g' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-guardian',
-                              'nonstop-ilp32', 'nonstop-nfloat-x86_64' ],
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nsx_g_tandem' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-x86_64-guardian',
-                              'nonstop-ilp32', 'nonstop-tfloat-x86_64' ],
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nsv' => {
-        inherit_from     => [ 'nonstop-nsx' ],
-    },
-    'nonstop-nse' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-itanium-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-itanium' ],
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nse_put' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-itanium-oss',
-                              'nonstop-ilp32',
-                              'nonstop-efloat-itanium',
-                              'nonstop-model-put' ],
-        multilib         => '-put',
-        multibin         => '-put',
-        disable          => ['atexit'],
-    },
-    'nonstop-nse_64' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-itanium-oss',
-                              'nonstop-lp64-itanium',
-                              'nonstop-efloat-itanium' ],
-        multilib         => '64',
-        multibin         => '64',
-        disable          => ['threads','atexit'],
-    },
-    'nonstop-nse_64_put' => {
-        inherit_from     => [ 'nonstop-common',
-                              'nonstop-archenv-itanium-oss',
-                              'nonstop-lp64-itanium',
-                              'nonstop-efloat-itanium',
-                              'nonstop-model-put' ],
-        multilib         => '64-put',
-        multibin         => '64-put',
-        disable          => ['atexit'],
-    },
--- a/Configurations/50-os390.conf
+++ b/Configurations/50-os390.conf
@@ -1,11 +0,0 @@
-## -*- mode: perl; -*-
-(
-# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
-    "OS390-Unix" => {
-        inherit_from     => [ "BASE_unix" ],
-        cc               => "cc",
-        cflags           => "-O -DB_ENDIAN -DCHARSET_EBCDIC",
-        bn_ops           => "THIRTY_TWO_BIT RC4_CHAR",
-        thread_scheme    => "(unknown)",
-    }
-);
--- a/Configurations/50-vms-x86_64.conf
+++ b/Configurations/50-vms-x86_64.conf
@@ -1,14 +0,0 @@
-## -*- mode: perl; -*-
-
-# OpenVMS cross compilation of x86_64 binaries on Itanium.  This doesn't
-# fit the usual cross compilation parameters that are used on Unixly machines
-
-(
- 'vms-x86_64-cross-ia64' => {
-     inherit_from   => [ 'vms-generic' ],
-     CC             => 'XCC',
-     bn_ops         => 'SIXTY_FOUR_BIT',
-     pointer_size   => '',
-     setup_commands => [ '@SYS$MANAGER:X86_XTOOLS$SYLOGIN.COM' ],
- }
-);
--- a/Configurations/50-win-clang-cl.conf
+++ b/Configurations/50-win-clang-cl.conf
@@ -1,36 +0,0 @@
-## -*- mode: perl; -*-
-# Windows on Arm clang-cl targets.
-#
-
-my %targets = (
-    "VC-WIN64-CLANGASM-ARM" => {
-        inherit_from    => [ "VC-noCE-common" ],
-        defines         => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
-                               "OPENSSL_SYS_WIN_CORE"),
-        bn_ops          => "SIXTY_FOUR_BIT RC4_CHAR",
-        multilib        => "-arm64",
-        asm_arch        => "aarch64",
-        AS        => "clang-cl.exe",
-        ASFLAGS   => "/nologo /Zi",
-        asflags   => "/c",
-        asoutflag => "/Fo",
-        perlasm_scheme => "win64",
-        uplink_arch      => 'armv8',
-    },
-    "VC-CLANG-WIN64-CLANGASM-ARM" => {
-        CC => "clang-cl",
-        inherit_from    => [ "VC-noCE-common" ],
-        defines         => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
-                               "OPENSSL_SYS_WIN_CORE"),
-        bn_ops          => "SIXTY_FOUR_BIT RC4_CHAR",
-        multilib        => "-arm64",
-        asm_arch        => "aarch64",
-        CFLAGS        => add("--target=arm64-pc-windows-msvc"),
-        AS        => "clang-cl.exe",
-        ASFLAGS   => "/nologo /Zi --target=arm64-pc-windows-msvc",
-        asflags   => "/c",
-        asoutflag => "/Fo",
-        perlasm_scheme => "win64",
-        uplink_arch      => 'armv8',
-    },
-);
--- a/Configurations/50-win-hybridcrt.conf
+++ b/Configurations/50-win-hybridcrt.conf
@@ -1,37 +0,0 @@
-## -*- mode: perl; -*-
-# Windows HybridCRT targets.
-# 
-# https://github.com/microsoft/WindowsAppSDK/blob/77761e244289fda6b3d5f14c7bded189fed4fb89/docs/Coding-Guidelines/HybridCRT.md
-# Link statically against the runtime and STL, but link dynamically against the CRT by ignoring the static CRT
-# lib and instead linking against the Universal CRT DLL import library. This "Hybrid" linking mechanism is
-# supported according to the CRT maintainer. Dynamic linking against the CRT makes the binaries a bit smaller
-# than they would otherwise be if the CRT, runtime, and STL were all statically linked in.
-
-
-sub remove_from_flags {
-    my ($toRemove, $flags) = @_;
-    
-    $flags =~ s/$toRemove//;
-    return $flags;
-}
-
-my %targets = (
-    "VC-WIN32-HYBRIDCRT" => {
-        inherit_from    => [ "VC-WIN32" ],
-        cflags          => sub {
-            remove_from_flags(qr/\/MDd?\s/, add(picker(debug   => "/MTd",
-                                                       release => "/MT"))->(@_))
-        },
-        lflags          => add(picker(debug   => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
-                                      release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
-    },
-    "VC-WIN64A-HYBRIDCRT" => {
-        inherit_from    => [ "VC-WIN64A" ],
-        cflags          => sub {
-            remove_from_flags(qr/\/MDd?\s/, add(picker(debug   => "/MTd",
-                                                       release => "/MT"))->(@_))
-        },
-        lflags          => add(picker(debug   => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
-                                      release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
-    },
-);
--- a/Configurations/50-win-onecore.conf
+++ b/Configurations/50-win-onecore.conf
@@ -1,35 +1,15 @@
-## -*- mode: perl; -*-
 # Windows OneCore targets.
 #
-# OneCore is new API stability "contract" that transcends Desktop, IoT and
+# OneCore is new API stability "contract" that transends Desktop, IoT and
 # Mobile[?] Windows editions. It's a set up "umbrella" libraries that
 # export subset of Win32 API that are common to all Windows 10 devices.
 #
-# OneCore Configuration temporarily dedicated for console applications
+# OneCore Configuration temporarly dedicated for console applications 
 # due to disabled event logging, which is incompatible with one core.
 # Error messages are provided via standard error only.
 # TODO: extend error handling to use ETW based eventing
 # (Or rework whole error messaging)

-my $UWP_info = {};
-sub UWP_info {
-    unless (%$UWP_info) {
-        my $SDKver = `powershell -Command  \"& {\$(Get-Item \\\"hklm:\\SOFTWARE\\WOW6432Node\\Microsoft\\Microsoft SDKs\\Windows\\\").GetValue(\\\"CurrentVersion\\\")}\"`;
-        $SDKver =~ s|\R$||;
-        my @SDKver_split = split(/\./, $SDKver);
-        # SDK version older than 10.0.17763 don't support our ASM builds
-        if ($SDKver_split[0] < 10
-            || ($SDKver_split[0] == 10
-                && $SDKver_split[1] == 0
-                && $SDKver_split[2] < 17763)) {
-            $UWP_info->{disable} = [ 'asm' ];
-        } else {
-            $UWP_info->{disable} = [ ];
-        }
-    }
-    return $UWP_info;
-}
-
 my %targets = (
    "VC-WIN32-ONECORE" => {
        inherit_from    => [ "VC-WIN32" ],
@@ -67,7 +47,7 @@ my %targets = (
        inherit_from    => [ "VC-noCE-common" ],
        defines         => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
                               "OPENSSL_SYS_WIN_CORE"),
-        bn_ops          => "BN_LLONG RC4_CHAR",
+        bn_ops          => "BN_LLONG RC4_CHAR EXPORT_VAR_AS_FN",
        lflags          => add("/NODEFAULTLIB:kernel32.lib"),
        ex_libs         => "onecore.lib",
        multilib        => "-arm",
@@ -76,62 +56,9 @@ my %targets = (
        inherit_from    => [ "VC-noCE-common" ],
        defines         => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
                               "OPENSSL_SYS_WIN_CORE"),
-        bn_ops          => "SIXTY_FOUR_BIT RC4_CHAR",
+        bn_ops          => "SIXTY_FOUR_BIT RC4_CHAR EXPORT_VAR_AS_FN",
        lflags          => add("/NODEFAULTLIB:kernel32.lib"),
        ex_libs         => "onecore.lib",
        multilib        => "-arm64",
    },
-
-    # Universal Windows Platform (UWP) App Support
-
-    # TODO
-    #
-    # The 'disable' attribute should have 'uplink'.
-    # however, these are checked in some 'inherit_from', which is processed
-    # very early, before the 'disable' attributes are seen.
-    # This is a problem that needs to be resolved in Configure first.
-    #
-    # But if you want to build library with Windows 10 Version 1809 SDK or
-    # earlier, the 'disable' attribute should also have 'asm'.
-
-    "VC-WIN32-UWP" => {
-        inherit_from    => [ "VC-WIN32-ONECORE" ],
-        lflags          => add("/APPCONTAINER"),
-        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
-                               "_WIN32_WINNT=0x0A00"),
-        dso_scheme      => "",
-        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
-                                   @{ UWP_info()->{disable} } ] },
-        ex_libs         => "WindowsApp.lib",
-    },
-     "VC-WIN64A-UWP" => {
-        inherit_from    => [ "VC-WIN64A-ONECORE" ],
-        lflags          => add("/APPCONTAINER"),
-        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
-                               "_WIN32_WINNT=0x0A00"),
-        dso_scheme      => "",
-        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
-                                   @{ UWP_info()->{disable} } ] },
-        ex_libs         => "WindowsApp.lib",
-    },
-    "VC-WIN32-ARM-UWP" => {
-        inherit_from    => [ "VC-WIN32-ARM" ],
-        lflags          => add("/APPCONTAINER"),
-        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
-                               "_WIN32_WINNT=0x0A00"),
-        dso_scheme      => "",
-        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
-                                   @{ UWP_info()->{disable} } ] },
-        ex_libs         => "WindowsApp.lib",
-    },
-     "VC-WIN64-ARM-UWP" => {
-        inherit_from    => [ "VC-WIN64-ARM" ],
-        lflags          => add("/APPCONTAINER"),
-        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
-                               "_WIN32_WINNT=0x0A00"),
-        dso_scheme      => "",
-        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
-                                   @{ UWP_info()->{disable} } ] },
-        ex_libs         => "WindowsApp.lib",
-    },
 );
--- a/Configurations/90-team.norelease.conf
+++ b/Configurations/90-team.norelease.conf
@@ -0,0 +1,110 @@
+## -*- mode: perl; -*-
+## Build configuration targets for openssl-team members
+
+my %targets = (
+    "purify" => {
+        inherit_from     => [ 'BASE_unix' ],
+        cc               => "purify gcc",
+        CFLAGS           => "-g -Wall",
+        thread_scheme    => "(unknown)",
+        ex_libs          => add(" ","-lsocket -lnsl"),
+    },
+    "debug" => {
+        inherit_from     => [ 'BASE_unix' ],
+        cc               => "gcc",
+        cflags           => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
+        thread_scheme    => "(unknown)",
+    },
+    "debug-erbridge" => {
+        inherit_from     => [ 'BASE_unix', "x86_64_asm" ],
+        cc               => "gcc",
+        cflags           => combine("$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-m64",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        multilib         => "64",
+    },
+    "debug-linux-pentium" => {
+        inherit_from     => [ 'BASE_unix', "x86_elf_asm" ],
+        cc               => "gcc",
+        cflags           => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+    },
+    "debug-linux-ppro" => {
+        inherit_from     => [ 'BASE_unix', "x86_elf_asm" ],
+        cc               => "gcc",
+        cflags           => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+    },
+    "debug-linux-ia32-aes" => {
+        inherit_from     => [ 'BASE_unix' ],
+        cc               => "gcc",
+        cflags           => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        cpuid_asm_src    => "x86cpuid.s",
+        bn_asm_src       => "bn-586.s co-586.s x86-mont.s",
+        des_asm_src      => "des-586.s crypt586.s",
+        aes_asm_src      => "aes_x86core.s aes_cbc.s aesni-x86.s",
+        bf_asm_src       => "bf-586.s",
+        md5_asm_src      => "md5-586.s",
+        sha1_asm_src     => "sha1-586.s sha256-586.s sha512-586.s",
+        cast_asm_src     => "cast-586.s",
+        rc4_asm_src      => "rc4-586.s",
+        rmd160_asm_src   => "rmd-586.s",
+        rc5_asm_src      => "rc5-586.s",
+        wp_asm_src       => "wp_block.s wp-mmx.s",
+        modes_asm_src    => "ghash-x86.s",
+        padlock_asm_src  => "e_padlock-x86.s",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+    "debug-test-64-clang" => {
+        inherit_from     => [ 'BASE_unix', "x86_64_asm" ],
+        cc               => "clang",
+        cflags           => combine("$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
+                                    threads("${BSDthreads}")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "bsd-gcc-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+    "darwin64-debug-test-64-clang" => {
+        inherit_from     => [ 'BASE_unix', "x86_64_asm" ],
+        cc               => "clang",
+        cflags           => combine("-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
+                                    threads("${BSDthreads}")),
+        sys_id           => "MACOSX",
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "macosx",
+        dso_scheme       => "dlfcn",
+        shared_target    => "darwin-shared",
+        shared_cflag     => "-fPIC -fno-common",
+        shared_ldflag    => "-arch x86_64 -dynamiclib",
+        shared_extension => ".\$(SHLIB_VERSION_NUMBER).dylib",
+    },
+);
--- a/Configurations/README
+++ b/Configurations/README
@@ -0,0 +1,763 @@
+Intro
+=====
+
+This directory contains a few sets of files that are used for
+configuration in diverse ways:
+
+    *.conf      Target platform configurations, please read
+                'Configurations of OpenSSL target platforms' for more
+                information.
+    *.tmpl      Build file templates, please read 'Build-file
+                programming with the "unified" build system' as well
+                as 'Build info files' for more information.
+    *.pm        Helper scripts / modules for the main `Configure`
+                script.  See 'Configure helper scripts for more
+                information.
+
+
+Configurations of OpenSSL target platforms
+==========================================
+
+Configuration targets are a collection of facts that we know about
+different platforms and their capabilities.  We organise them in a
+hash table, where each entry represent a specific target.
+
+Note that configuration target names must be unique across all config
+files.  The Configure script does check that a config file doesn't
+have config targets that shadow config targets from other files.
+
+In each table entry, the following keys are significant:
+
+        inherit_from    => Other targets to inherit values from.
+                           Explained further below. [1]
+        template        => Set to 1 if this isn't really a platform
+                           target.  Instead, this target is a template
+                           upon which other targets can be built.
+                           Explained further below.  [1]
+
+        sys_id          => System identity for systems where that
+                           is difficult to determine automatically.
+
+        enable          => Enable specific configuration features.
+                           This MUST be an array of words.
+        disable         => Disable specific configuration features.
+                           This MUST be an array of words.
+                           Note: if the same feature is both enabled
+                           and disabled, disable wins.
+
+        as              => The assembler command.  This is not always
+                           used (for example on Unix, where the C
+                           compiler is used instead).
+        asflags         => Default assembler command flags [4].
+        cpp             => The C preprocessor command, normally not
+                           given, as the build file defaults are
+                           usually good enough.
+        cppflags        => Default C preprocessor flags [4].
+        defines         => As an alternative, macro definitions may be
+                           given here instead of in `cppflags' [4].
+                           If given here, they MUST be as an array of
+                           the string such as "MACRO=value", or just
+                           "MACRO" for definitions without value.
+        includes        => As an alternative, inclusion directories
+                           may be given here instead of in `cppflags'
+                           [4].  If given here, the MUST be an array
+                           of strings, one directory specification
+                           each.
+        cc              => The C compiler command, usually one of "cc",
+                           "gcc" or "clang".  This command is normally
+                           also used to link object files and
+                           libraries into the final program.
+        cxx             => The C++ compiler command, usually one of
+                           "c++", "g++" or "clang++".  This command is
+                           also used when linking a program where at
+                           least one of the object file is made from
+                           C++ source.
+        cflags          => Defaults C compiler flags [4].
+        cxxflags        => Default  C++ compiler flags [4].  If unset,
+                           it gets the same value as cflags.
+
+        (linking is a complex thing, see [3] below)
+        ld              => Linker command, usually not defined
+                           (meaning the compiler command is used
+                           instead).
+                           (NOTE: this is here for future use, it's
+                           not implemented yet)
+        lflags          => Default flags used when linking apps,
+                           shared libraries or DSOs [4].
+        ex_libs         => Extra libraries that are needed when
+                           linking shared libraries, DSOs or programs.
+                           The value is also assigned to Libs.private
+                           in $(libdir)/pkgconfig/libcrypto.pc.
+
+        shared_cppflags => Extra C preprocessor flags used when
+                           processing C files for shared libraries.
+        shared_cflag    => Extra C compiler flags used when compiling
+                           for shared libraries, typically something
+                           like "-fPIC".
+        shared_ldflag   => Extra linking flags used when linking
+                           shared libraries.
+        module_cppflags
+        module_cflags
+        module_ldflags  => Has the same function as the corresponding
+                           `shared_' attributes, but for building DSOs.
+                           When unset, they get the same values as the
+                           corresponding `shared_' attributes.
+
+        ar              => The library archive command, the default is
+                           "ar".
+                           (NOTE: this is here for future use, it's
+                           not implemented yet)
+        arflags         => Flags to be used with the library archive
+                           command.  On Unix, this includes the
+                           command letter, 'r' by default.
+
+        ranlib          => The library archive indexing command, the
+                           default is 'ranlib' it it exists.
+
+        unistd          => An alternative header to the typical
+                           '<unistd.h>'.  This is very rarely needed.
+
+        shared_extension => File name extension used for shared
+                            libraries. 
+        obj_extension   => File name extension used for object files.
+                           On unix, this defaults to ".o" (NOTE: this
+                           is here for future use, it's not
+                           implemented yet)
+        exe_extension   => File name extension used for executable
+                           files.  On unix, this defaults to "" (NOTE:
+                           this is here for future use, it's not
+                           implemented yet)
+        shlib_variant   => A "variant" identifier inserted between the base
+                           shared library name and the extension.  On "unixy"
+                           platforms (BSD, Linux, Solaris, MacOS/X, ...) this
+                           supports installation of custom OpenSSL libraries
+                           that don't conflict with other builds of OpenSSL
+                           installed on the system.  The variant identifier
+                           becomes part of the SONAME of the library and also
+                           any symbol versions (symbol versions are not used or
+                           needed with MacOS/X).  For example, on a system
+                           where a default build would normally create the SSL
+                           shared library as 'libssl.so -> libssl.so.1.1' with
+                           the value of the symlink as the SONAME, a target
+                           definition that sets 'shlib_variant => "-abc"' will
+                           create 'libssl.so -> libssl-abc.so.1.1', again with
+                           an SONAME equal to the value of the symlink.  The
+                           symbol versions associated with the variant library
+                           would then be 'OPENSSL_ABC_<version>' rather than
+                           the default 'OPENSSL_<version>'. The string inserted
+                           into symbol versions is obtained by mapping all
+                           letters in the "variant" identifier to upper case
+                           and all non-alphanumeric characters to '_'.
+
+        thread_scheme   => The type of threads is used on the
+                           configured platform.  Currently known
+                           values are "(unknown)", "pthreads",
+                           "uithreads" (a.k.a solaris threads) and
+                           "winthreads".  Except for "(unknown)", the
+                           actual value is currently ignored but may
+                           be used in the future.  See further notes
+                           below [2].
+        dso_scheme      => The type of dynamic shared objects to build
+                           for.  This mostly comes into play with
+                           engines, but can be used for other purposes
+                           as well.  Valid values are "DLFCN"
+                           (dlopen() et al), "DLFCN_NO_H" (for systems
+                           that use dlopen() et al but do not have
+                           fcntl.h), "DL" (shl_load() et al), "WIN32"
+                           and "VMS".
+        perlasm_scheme  => The perlasm method used to create the
+                           assembler files used when compiling with
+                           assembler implementations.
+        shared_target   => The shared library building method used.
+                           This is a target found in Makefile.shared.
+        build_scheme    => The scheme used to build up a Makefile.
+                           In its simplest form, the value is a string
+                           with the name of the build scheme.
+                           The value may also take the form of a list
+                           of strings, if the build_scheme is to have
+                           some options.  In this case, the first
+                           string in the list is the name of the build
+                           scheme.
+                           Currently recognised build scheme is "unified".
+                           For the "unified" build scheme, this item
+                           *must* be an array with the first being the
+                           word "unified" and the second being a word
+                           to identify the platform family.
+
+        multilib        => On systems that support having multiple
+                           implementations of a library (typically a
+                           32-bit and a 64-bit variant), this is used
+                           to have the different variants in different
+                           directories.
+
+        bn_ops          => Building options (was just bignum options in
+                           the earlier history of this option, hence the
+                           name). This is a string of words that describe
+                           algorithms' implementation parameters that
+                           are optimal for the designated target platform,
+                           such as the type of integers used to build up
+                           the bignum, different ways to implement certain
+                           ciphers and so on. To fully comprehend the
+                           meaning, the best is to read the affected
+                           source.
+                           The valid words are:
+
+                           THIRTY_TWO_BIT       bignum limbs are 32 bits,
+                                                this is default if no
+                                                option is specified, it
+                                                works on any supported
+                                                system [unless "wider"
+                                                limb size is implied in
+                                                assembly code];
+                           BN_LLONG             bignum limbs are 32 bits,
+                                                but 64-bit 'unsigned long
+                                                long' is used internally
+                                                in calculations;
+                           SIXTY_FOUR_BIT_LONG  bignum limbs are 64 bits
+                                                and sizeof(long) is 8;
+                           SIXTY_FOUR_BIT       bignums limbs are 64 bits,
+                                                but execution environment
+                                                is ILP32;
+                           RC4_CHAR             RC4 key schedule is made
+                                                up of 'unsigned char's;
+                           RC4_INT              RC4 key schedule is made
+                                                up of 'unsigned int's;
+                           EXPORT_VAR_AS_FN     for shared libraries,
+                                                export vars as
+                                                accessor functions.
+
+        apps_aux_src    => Extra source to build apps/openssl and other
+                           apps, as needed by the target and that can be
+                           collected in a library.
+        apps_init_src   => Init source to build apps/openssl and other
+                           apps, as needed by the target.  This code
+                           cannot be placed in a library, as the rest
+                           of the code isn't expected to link to it
+                           explicitly.
+        cpuid_asm_src   => assembler implementation of cpuid code as
+                           well as OPENSSL_cleanse().
+                           Default to mem_clr.c
+        bn_asm_src      => Assembler implementation of core bignum
+                           functions.
+                           Defaults to bn_asm.c
+        ec_asm_src      => Assembler implementation of core EC
+                           functions.
+        des_asm_src     => Assembler implementation of core DES
+                           encryption functions.
+                           Defaults to 'des_enc.c fcrypt_b.c'
+        aes_asm_src     => Assembler implementation of core AES
+                           functions.
+                           Defaults to 'aes_core.c aes_cbc.c'
+        bf_asm_src      => Assembler implementation of core BlowFish
+                           functions.
+                           Defaults to 'bf_enc.c'
+        md5_asm_src     => Assembler implementation of core MD5
+                           functions.
+        sha1_asm_src    => Assembler implementation of core SHA1,
+                           functions, and also possibly SHA256 and
+                           SHA512 ones.
+        cast_asm_src    => Assembler implementation of core CAST
+                           functions.
+                           Defaults to 'c_enc.c'
+        rc4_asm_src     => Assembler implementation of core RC4
+                           functions.
+                           Defaults to 'rc4_enc.c rc4_skey.c'
+        rmd160_asm_src  => Assembler implementation of core RMD160
+                           functions.
+        rc5_asm_src     => Assembler implementation of core RC5
+                           functions.
+                           Defaults to 'rc5_enc.c'
+        wp_asm_src      => Assembler implementation of core WHIRLPOOL
+                           functions.
+        cmll_asm_src    => Assembler implementation of core CAMELLIA
+                           functions.
+                           Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
+        modes_asm_src   => Assembler implementation of cipher modes,
+                           currently the functions gcm_gmult_4bit and
+                           gcm_ghash_4bit.
+        padlock_asm_src => Assembler implementation of core parts of
+                           the padlock engine.  This is mandatory on
+                           any platform where the padlock engine might
+                           actually be built.
+
+
+[1] as part of the target configuration, one can have a key called
+    'inherit_from' that indicate what other configurations to inherit
+    data from.  These are resolved recursively.
+
+    Inheritance works as a set of default values that can be overridden
+    by corresponding key values in the inheriting configuration.
+
+    Note 1: any configuration table can be used as a template.
+    Note 2: pure templates have the attribute 'template => 1' and
+            cannot be used as build targets.
+
+    If several configurations are given in the 'inherit_from' array,
+    the values of same attribute are concatenated with space
+    separation.  With this, it's possible to have several smaller
+    templates for different configuration aspects that can be combined
+    into a complete configuration.
+
+    instead of a scalar value or an array, a value can be a code block
+    of the form 'sub { /* your code here */ }'.  This code block will
+    be called with the list of inherited values for that key as
+    arguments.  In fact, the concatenation of strings is really done
+    by using 'sub { join(" ",@_) }' on the list of inherited values.
+
+    An example:
+
+        "foo" => {
+                template => 1,
+                haha => "ha ha",
+                hoho => "ho",
+                ignored => "This should not appear in the end result",
+        },
+        "bar" => {
+                template => 1,
+                haha => "ah",
+                hoho => "haho",
+                hehe => "hehe"
+        },
+        "laughter" => {
+                inherit_from => [ "foo", "bar" ],
+                hehe => sub { join(" ",(@_,"!!!")) },
+                ignored => "",
+        }
+
+        The entry for "laughter" will become as follows after processing:
+
+        "laughter" => {
+                haha => "ha ha ah",
+                hoho => "ho haho",
+                hehe => "hehe !!!",
+                ignored => ""
+        }
+
+[2] OpenSSL is built with threading capabilities unless the user
+    specifies 'no-threads'.  The value of the key 'thread_scheme' may
+    be "(unknown)", in which case the user MUST give some compilation
+    flags to Configure.
+
+[3] OpenSSL has three types of things to link from object files or
+    static libraries:
+
+    - shared libraries; that would be libcrypto and libssl.
+    - shared objects (sometimes called dynamic libraries);  that would
+      be the engines.
+    - applications; those are apps/openssl and all the test apps.
+
+    Very roughly speaking, linking is done like this (words in braces
+    represent the configuration settings documented at the beginning
+    of this file):
+
+    shared libraries:
+        {ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
+            foo/something.o foo/somethingelse.o {ex_libs}
+
+    shared objects:
+        {ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
+            blah1.o blah2.o -lcrypto {ex_libs}
+
+    applications:
+        {ld} $(CFLAGS) {lflags} -o app \
+            app1.o utils.o -lssl -lcrypto {ex_libs}
+
+[4] There are variants of these attribute, prefixed with `lib_',
+    `dso_' or `bin_'.  Those variants replace the unprefixed attribute
+    when building library, DSO or program modules specifically.
+
+Historically, the target configurations came in form of a string with
+values separated by colons.  This use is deprecated.  The string form
+looked like this:
+
+   "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
+
+
+Build info files
+================
+
+The build.info files that are spread over the source tree contain the
+minimum information needed to build and distribute OpenSSL.  It uses a
+simple and yet fairly powerful language to determine what needs to be
+built, from what sources, and other relationships between files.
+
+For every build.info file, all file references are relative to the
+directory of the build.info file for source files, and the
+corresponding build directory for built files if the build tree
+differs from the source tree.
+
+When processed, every line is processed with the perl module
+Text::Template, using the delimiters "{-" and "-}".  The hashes
+%config and %target are passed to the perl fragments, along with
+$sourcedir and $builddir, which are the locations of the source
+directory for the current build.info file and the corresponding build
+directory, all relative to the top of the build tree.
+
+To begin with, things to be built are declared by setting specific
+variables:
+
+    PROGRAMS=foo bar
+    LIBS=libsomething
+    ENGINES=libeng
+    SCRIPTS=myhack
+    EXTRA=file1 file2
+
+Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
+without extensions.  The build file templates will figure them out.
+
+For each thing to be built, it is then possible to say what sources
+they are built from:
+
+    PROGRAMS=foo bar
+    SOURCE[foo]=foo.c common.c
+    SOURCE[bar]=bar.c extra.c common.c
+
+It's also possible to tell some other dependencies:
+
+    DEPEND[foo]=libsomething
+    DEPEND[libbar]=libsomethingelse
+
+(it could be argued that 'libsomething' and 'libsomethingelse' are
+source as well.  However, the files given through SOURCE are expected
+to be located in the source tree while files given through DEPEND are
+expected to be located in the build tree)
+
+It's also possible to depend on static libraries explicitly:
+
+    DEPEND[foo]=libsomething.a
+    DEPEND[libbar]=libsomethingelse.a
+
+This should be rarely used, and care should be taken to make sure it's
+only used when supported.  For example, native Windows build doesn't
+support building static libraries and DLLs at the same time, so using
+static libraries on Windows can only be done when configured
+'no-shared'.
+
+One some platforms, shared libraries come with a name that's different
+from their static counterpart.  That's declared as follows:
+
+    SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
+
+The example is from Cygwin, which has a required naming convention.
+
+Sometimes, it makes sense to rename an output file, for example a
+library:
+
+    RENAME[libfoo]=libbar
+
+That line has "libfoo" renamed to "libbar".  While it makes no
+sense at all to just have a rename like that (why not just use
+"libbar" everywhere?), it does make sense when it can be used
+conditionally.  See a little further below for an example.
+
+In some cases, it's desirable to include some source files in the
+shared form of a library only:
+
+    SHARED_SOURCE[libfoo]=dllmain.c
+
+For any file to be built, it's also possible to tell what extra
+include paths the build of their source files should use:
+
+    INCLUDE[foo]=include
+
+In some cases, one might want to generate some source files from
+others, that's done as follows:
+
+    GENERATE[foo.s]=asm/something.pl $(CFLAGS)
+    GENERATE[bar.s]=asm/bar.S
+
+The value of each GENERATE line is a command line or part of it.
+Configure places no rules on the command line, except that the first
+item must be the generator file.  It is, however, entirely up to the
+build file template to define exactly how those command lines should
+be handled, how the output is captured and so on.
+
+Sometimes, the generator file itself depends on other files, for
+example if it is a perl script that depends on other perl modules.
+This can be expressed using DEPEND like this:
+
+    DEPEND[asm/something.pl]=../perlasm/Foo.pm
+
+There may also be cases where the exact file isn't easily specified,
+but an inclusion directory still needs to be specified.  INCLUDE can
+be used in that case:
+
+    INCLUDE[asm/something.pl]=../perlasm
+
+NOTE: GENERATE lines are limited to one command only per GENERATE.
+
+As a last resort, it's possible to have raw build file lines, between
+BEGINRAW and ENDRAW lines as follows:
+
+    BEGINRAW[Makefile(unix)]
+    haha.h: {- $builddir -}/Makefile
+        echo "/* haha */" > haha.h
+    ENDRAW[Makefile(unix)]
+
+The word within square brackets is the build_file configuration item
+or the build_file configuration item followed by the second word in the
+build_scheme configuration item for the configured target within
+parenthesis as shown above.  For example, with the following relevant
+configuration items:
+
+   build_file   => "build.ninja"
+   build_scheme => [ "unified", "unix" ]
+
+... these lines will be considered:
+
+   BEGINRAW[build.ninja]
+   build haha.h: echo "/* haha */" > haha.h
+   ENDRAW[build.ninja]
+
+   BEGINRAW[build.ninja(unix)]
+   build hoho.h: echo "/* hoho */" > hoho.h
+   ENDRAW[build.ninja(unix)]
+
+Should it be needed because the recipes within a RAW section might
+clash with those generated by Configure, it's possible to tell it
+not to generate them with the use of OVERRIDES, for example:
+
+    SOURCE[libfoo]=foo.c bar.c
+    
+    OVERRIDES=bar.o
+    BEGINRAW[Makefile(unix)]
+    bar.o: bar.c
+    	$(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
+    ENDRAW[Makefile(unix)]
+
+See the documentation further up for more information on configuration
+items.
+
+Finally, you can have some simple conditional use of the build.info
+information, looking like this:
+
+    IF[1]
+     something
+    ELSIF[2]
+     something other
+    ELSE
+     something else
+    ENDIF
+
+The expression in square brackets is interpreted as a string in perl,
+and will be seen as true if perl thinks it is, otherwise false.  For
+example, the above would have "something" used, since 1 is true.
+
+Together with the use of Text::Template, this can be used as
+conditions based on something in the passed variables, for example:
+
+    IF[{- $disabled{shared} -}]
+      LIBS=libcrypto
+      SOURCE[libcrypto]=...
+    ELSE
+      LIBS=libfoo
+      SOURCE[libfoo]=...
+    ENDIF
+
+or:
+
+    # VMS has a cultural standard where all libraries are prefixed.
+    # For OpenSSL, the choice is 'ossl_'
+    IF[{- $config{target} =~ /^vms/ -}]
+     RENAME[libcrypto]=ossl_libcrypto
+     RENAME[libssl]=ossl_libssl
+    ENDIF
+
+
+Build-file programming with the "unified" build system
+======================================================
+
+"Build files" are called "Makefile" on Unix-like operating systems,
+"descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
+
+To use the "unified" build system, the target configuration needs to
+set the three items 'build_scheme', 'build_file' and 'build_command'.
+In the rest of this section, we will assume that 'build_scheme' is set
+to "unified" (see the configurations documentation above for the
+details).
+
+For any name given by 'build_file', the "unified" system expects a
+template file in Configurations/ named like the build file, with
+".tmpl" appended, or in case of possible ambiguity, a combination of
+the second 'build_scheme' list item and the 'build_file' name.  For
+example, if 'build_file' is set to "Makefile", the template could be
+Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
+In case both Configurations/unix-Makefile.tmpl and
+Configurations/Makefile.tmpl are present, the former takes
+precedence.
+
+The build-file template is processed with the perl module
+Text::Template, using "{-" and "-}" as delimiters that enclose the
+perl code fragments that generate configuration-dependent content.
+Those perl fragments have access to all the hash variables from
+configdata.pem.
+
+The build-file template is expected to define at least the following
+perl functions in a perl code fragment enclosed with "{-" and "-}".
+They are all expected to return a string with the lines they produce.
+
+    generatesrc - function that produces build file lines to generate
+                  a source file from some input.
+
+                  It's called like this:
+
+                        generatesrc(src => "PATH/TO/tobegenerated",
+                                    generator => [ "generatingfile", ... ]
+                                    generator_incs => [ "INCL/PATH", ... ]
+                                    generator_deps => [ "dep1", ... ]
+                                    generator => [ "generatingfile", ... ]
+                                    incs => [ "INCL/PATH", ... ],
+                                    deps => [ "dep1", ... ],
+                                    intent => one of "libs", "dso", "bin" );
+
+                  'src' has the name of the file to be generated.
+                  'generator' is the command or part of command to
+                  generate the file, of which the first item is
+                  expected to be the file to generate from.
+                  generatesrc() is expected to analyse and figure out
+                  exactly how to apply that file and how to capture
+                  the result.  'generator_incs' and 'generator_deps'
+                  are include directories and files that the generator
+                  file itself depends on.  'incs' and 'deps' are
+                  include directories and files that are used if $(CC)
+                  is used as an intermediary step when generating the
+                  end product (the file indicated by 'src').  'intent'
+                  indicates what the generated file is going to be
+                  used for.
+
+    src2obj     - function that produces build file lines to build an
+                  object file from source files and associated data.
+
+                  It's called like this:
+
+                        src2obj(obj => "PATH/TO/objectfile",
+                                srcs => [ "PATH/TO/sourcefile", ... ],
+                                deps => [ "dep1", ... ],
+                                incs => [ "INCL/PATH", ... ]
+                                intent => one of "lib", "dso", "bin" );
+
+                  'obj' has the intended object file *without*
+                  extension, src2obj() is expected to add that.
+                  'srcs' has the list of source files to build the
+                  object file, with the first item being the source
+                  file that directly corresponds to the object file.
+                  'deps' is a list of explicit dependencies.  'incs'
+                  is a list of include file directories.  Finally,
+                  'intent' indicates what this object file is going
+                  to be used for.
+
+    obj2lib     - function that produces build file lines to build a
+                  static library file ("libfoo.a" in Unix terms) from
+                  object files.
+
+                  called like this:
+
+                        obj2lib(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, obj2lib is expected to add that.  'objs'
+                  has the list of object files (also *without*
+                  extension) to build this library.
+
+    libobj2shlib - function that produces build file lines to build a
+                  shareable object library file ("libfoo.so" in Unix
+                  terms) from the corresponding static library file
+                  or object files.
+
+                  called like this:
+
+                        libobj2shlib(shlib => "PATH/TO/shlibfile",
+                                     lib => "PATH/TO/libfile",
+                                     objs => [ "PATH/TO/objectfile", ... ],
+                                     deps => [ "PATH/TO/otherlibfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, libobj2shlib is expected to add that.
+                  'shlib' has the corresponding shared library name
+                  *without* extension.  'deps' has the list of other
+                  libraries (also *without* extension) this library
+                  needs to be linked with.  'objs' has the list of
+                  object files (also *without* extension) to build
+                  this library.
+
+                  This function has a choice; it can use the
+                  corresponding static library as input to make the
+                  shared library, or the list of object files.
+
+    obj2dso     - function that produces build file lines to build a
+                  dynamic shared object file from object files.
+
+                  called like this:
+
+                        obj2dso(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/otherlibfile",
+                                ... ]);
+
+                  This is almost the same as libobj2shlib, but the
+                  intent is to build a shareable library that can be
+                  loaded in runtime (a "plugin"...).  The differences
+                  are subtle, one of the most visible ones is that the
+                  resulting shareable library is produced from object
+                  files only.
+
+    obj2bin     - function that produces build file lines to build an
+                  executable file from object files.
+
+                  called like this:
+
+                        obj2bin(bin => "PATH/TO/binfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/libfile", ... ]);
+
+                  'bin' has the intended executable file name
+                  *without* extension, obj2bin is expected to add
+                  that.  'objs' has the list of object files (also
+                  *without* extension) to build this library.  'deps'
+                  has the list of library files (also *without*
+                  extension) that the programs needs to be linked
+                  with.
+
+    in2script   - function that produces build file lines to build a
+                  script file from some input.
+
+                  called like this:
+
+                        in2script(script => "PATH/TO/scriptfile",
+                                  sources => [ "PATH/TO/infile", ... ]);
+
+                  'script' has the intended script file name.
+                  'sources' has the list of source files to build the
+                  resulting script from.
+
+In all cases, file file paths are relative to the build tree top, and
+the build file actions run with the build tree top as current working
+directory.
+
+Make sure to end the section with these functions with a string that
+you thing is appropriate for the resulting build file.  If nothing
+else, end it like this:
+
+      "";       # Make sure no lingering values end up in the Makefile
+    -}
+
+
+Configure helper scripts
+========================
+
+Configure uses helper scripts in this directory:
+
+Checker scripts
+---------------
+
+These scripts are per platform family, to check the integrity of the
+tools used for configuration and building.  The checker script used is
+either {build_platform}-{build_file}-checker.pm or
+{build_platform}-checker.pm, where {build_platform} is the second
+'build_scheme' list element from the configuration target data, and
+{build_file} is 'build_file' from the same target data.
+
+If the check succeeds, the script is expected to end with a non-zero
+expression.  If the check fails, the script can end with a zero, or
+with a `die`.
--- a/Configurations/README-design.md
+++ b/Configurations/README-design.md
@@ -1,604 +0,0 @@
-Design document for the unified scheme data
-===========================================
-
-How are things connected?
-------------------------
-
-The unified scheme takes all its data from the `build.info` files seen
-throughout the source tree.  These files hold the minimum information
-needed to build end product files from diverse sources.  See the
-section on `build.info` files below.
-
-From the information in `build.info` files, `Configure` builds up an
-information database as a hash table called `%unified_info`, which is
-stored in configdata.pm, found at the top of the build tree (which may
-or may not be the same as the source tree).
-
-[`Configurations/common.tmpl`](common.tmpl) uses the data from `%unified_info` to
-generate the rules for building end product files as well as
-intermediary files with the help of a few functions found in the
-build-file templates.  See the section on build-file templates further
-down for more information.
-
-build.info files
----------------
-
-As mentioned earlier, `build.info` files are meant to hold the minimum
-information needed to build output files, and therefore only (with a
-few possible exceptions [1]) have information about end products (such
-as scripts, library files and programs) and source files (such as C
-files, C header files, assembler files, etc).  Intermediate files such
-as object files are rarely directly referred to in `build.info` files (and
-when they are, it's always with the file name extension `.o`), they are
-inferred by `Configure`.  By the same rule of minimalism, end product
-file name extensions (such as `.so`, `.a`, `.exe`, etc) are never mentioned
-in `build.info`.  Their file name extensions will be inferred by the
-build-file templates, adapted for the platform they are meant for (see
-sections on `%unified_info` and build-file templates further down).
-
-The variables `PROGRAMS`, `LIBS`, `MODULES` and `SCRIPTS` are used to declare
-end products.  There are variants for them with `_NO_INST` as suffix
-(`PROGRAM_NO_INST` etc) to specify end products that shouldn't get installed.
-
-The variables `SOURCE`, `DEPEND`, `INCLUDE` and `DEFINE` are indexed by a
-produced file, and their values are the source used to produce that
-particular produced file, extra dependencies, include directories
-needed, or C macros to be defined.
-
-All their values in all the `build.info` throughout the source tree are
-collected together and form a set of programs, libraries, modules and
-scripts to be produced, source files, dependencies, etc etc etc.
-
-Let's have a pretend example, a very limited contraption of OpenSSL,
-composed of the program `apps/openssl`, the libraries `libssl` and
-`libcrypto`, an module `engines/ossltest` and their sources and
-dependencies.
-
-    # build.info
-    LIBS=libcrypto libssl
-    INCLUDE[libcrypto]=include
-    INCLUDE[libssl]=include
-    DEPEND[libssl]=libcrypto
-
-This is the top directory `build.info` file, and it tells us that two
-libraries are to be built, the include directory `include/` shall be
-used throughout when building anything that will end up in each
-library, and that the library `libssl` depend on the library
-`libcrypto` to function properly.
-
-    # apps/build.info
-    PROGRAMS=openssl
-    SOURCE[openssl]=openssl.c
-    INCLUDE[openssl]=.. ../include
-    DEPEND[openssl]=../libssl
-
-This is the `build.info` file in `apps/`, one may notice that all file
-paths mentioned are relative to the directory the `build.info` file is
-located in.  This one tells us that there's a program to be built
-called `apps/openss` (the file name extension will depend on the
-platform and is therefore not mentioned in the `build.info` file).  It's
-built from one source file, `apps/openssl.c`, and building it requires
-the use of `.` and `include/` include directories (both are declared
-from the point of view of the `apps/` directory), and that the program
-depends on the library `libssl` to function properly.
-
-    # crypto/build.info
-    LIBS=../libcrypto
-    SOURCE[../libcrypto]=aes.c evp.c cversion.c
-    DEPEND[cversion.o]=buildinf.h
-
-    GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
-    DEPEND[buildinf.h]=../Makefile
-    DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
-
-This is the `build.info` file in `crypto/`, and it tells us a little more
-about what's needed to produce `libcrypto`.  LIBS is used again to
-declare that `libcrypto` is to be produced.  This declaration is
-really unnecessary as it's already mentioned in the top `build.info`
-file, but can make the info file easier to understand.  This is to
-show that duplicate information isn't an issue.
-
-This `build.info` file informs us that `libcrypto` is built from a few
-source files, `crypto/aes.c`, `crypto/evp.c` and `crypto/cversion.c`.
-It also shows us that building the object file inferred from
-`crypto/cversion.c` depends on `crypto/buildinf.h`.  Finally, it
-also shows the possibility to declare how some files are generated
-using some script, in this case a perl script, and how such scripts
-can be declared to depend on other files, in this case a perl module.
-
-Two things are worth an extra note:
-
-`DEPEND[cversion.o]` mentions an object file.  DEPEND indexes is the
-only location where it's valid to mention them
-
-    # ssl/build.info
-    LIBS=../libssl
-    SOURCE[../libssl]=tls.c
-
-This is the build.info file in `ssl/`, and it tells us that the
-library `libssl` is built from the source file `ssl/tls.c`.
-
-    # engines/build.info
-    MODULES=dasync
-    SOURCE[dasync]=e_dasync.c
-    DEPEND[dasync]=../libcrypto
-    INCLUDE[dasync]=../include
-
-    MODULES_NO_INST=ossltest
-    SOURCE[ossltest]=e_ossltest.c
-    DEPEND[ossltest]=../libcrypto.a
-    INCLUDE[ossltest]=../include
-
-This is the `build.info` file in `engines/`, telling us that two modules
-called `engines/dasync` and `engines/ossltest` shall be built, that
-`dasync`'s source is `engines/e_dasync.c` and `ossltest`'s source is
-`engines/e_ossltest.c` and that the include directory `include/` may
-be used when building anything that will be part of these modules.
-Also, both modules depend on the library `libcrypto` to function
-properly.  `ossltest` is explicitly linked with the static variant of
-the library `libcrypto`.  Finally, only `dasync` is being installed, as
-`ossltest` is only for internal testing.
-
-When `Configure` digests these `build.info` files, the accumulated
-information comes down to this:
-
-    LIBS=libcrypto libssl
-    SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
-    DEPEND[crypto/cversion.o]=crypto/buildinf.h
-    INCLUDE[libcrypto]=include
-    SOURCE[libssl]=ssl/tls.c
-    INCLUDE[libssl]=include
-    DEPEND[libssl]=libcrypto
-
-    PROGRAMS=apps/openssl
-    SOURCE[apps/openssl]=apps/openssl.c
-    INCLUDE[apps/openssl]=. include
-    DEPEND[apps/openssl]=libssl
-
-    MODULES=engines/dasync
-    SOURCE[engines/dasync]=engines/e_dasync.c
-    DEPEND[engines/dasync]=libcrypto
-    INCLUDE[engines/dasync]=include
-
-    MODULES_NO_INST=engines/ossltest
-    SOURCE[engines/ossltest]=engines/e_ossltest.c
-    DEPEND[engines/ossltest]=libcrypto.a
-    INCLUDE[engines/ossltest]=include
-
-    GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
-    DEPEND[crypto/buildinf.h]=Makefile
-    DEPEND[util/mkbuildinf.pl]=util/Foo.pm
-
-A few notes worth mentioning:
-
-`LIBS` may be used to declare routine libraries only.
-
-`PROGRAMS` may be used to declare programs only.
-
-`MODULES` may be used to declare modules only.
-
-The indexes for `SOURCE` must only be end product files, such as
-libraries, programs or modules.  The values of `SOURCE` variables must
-only be source files (possibly generated).
-
-`INCLUDE` and `DEPEND` shows a relationship between different files
-(usually produced files) or between files and directories, such as a
-program depending on a library, or between an object file and some
-extra source file.
-
-When `Configure` processes the `build.info` files, it will take it as
-truth without question, and will therefore perform very few checks.
-If the build tree is separate from the source tree, it will assume
-that all built files and up in the build directory and that all source
-files are to be found in the source tree, if they can be found there.
-`Configure` will assume that source files that can't be found in the
-source tree (such as `crypto/bildinf.h` in the example above) are
-generated and will be found in the build tree.
-
-The `%unified_info` database
----------------------------
-
-The information in all the `build.info` get digested by `Configure` and
-collected into the `%unified_info` database, divided into the following
-indexes:
-
-    depends   => a hash table containing 'file' => [ 'dependency' ... ]
-                 pairs.  These are directly inferred from the DEPEND
-                 variables in build.info files.
-
-    modules   => a list of modules.  These are directly inferred from
-                 the MODULES variable in build.info files.
-
-    generate  => a hash table containing 'file' => [ 'generator' ... ]
-                 pairs.  These are directly inferred from the GENERATE
-                 variables in build.info files.
-
-    includes  => a hash table containing 'file' => [ 'include' ... ]
-                 pairs.  These are directly inferred from the INCLUDE
-                 variables in build.info files.
-
-    install   => a hash table containing 'type' => [ 'file' ... ] pairs.
-                 The types are 'programs', 'libraries', 'modules' and
-                 'scripts', and the array of files list the files of
-                 that type that should be installed.
-
-    libraries => a list of libraries.  These are directly inferred from
-                 the LIBS variable in build.info files.
-
-    programs  => a list of programs.  These are directly inferred from
-                 the PROGRAMS variable in build.info files.
-
-    scripts   => a list of scripts.  There are directly inferred from
-                 the SCRIPTS variable in build.info files.
-
-    sources   => a hash table containing 'file' => [ 'sourcefile' ... ]
-                 pairs.  These are indirectly inferred from the SOURCE
-                 variables in build.info files.  Object files are
-                 mentioned in this hash table, with source files from
-                 SOURCE variables, and AS source files for programs and
-                 libraries.
-
-    shared_sources =>
-                 a hash table just like 'sources', but only as source
-                 files (object files) for building shared libraries.
-
-As an example, here is how the `build.info` files example from the
-section above would be digested into a `%unified_info` table:
-
-    our %unified_info = (
-        "depends" =>
-            {
-                "apps/openssl" =>
-                    [
-                        "libssl",
-                    ],
-                "crypto/buildinf.h" =>
-                    [
-                        "Makefile",
-                    ],
-                "crypto/cversion.o" =>
-                    [
-                        "crypto/buildinf.h",
-                    ],
-                "engines/dasync" =>
-                    [
-                        "libcrypto",
-                    ],
-                "engines/ossltest" =>
-                    [
-                        "libcrypto.a",
-                    ],
-                "libssl" =>
-                    [
-                        "libcrypto",
-                    ],
-                "util/mkbuildinf.pl" =>
-                    [
-                        "util/Foo.pm",
-                    ],
-            },
-        "modules" =>
-            [
-                "engines/dasync",
-                "engines/ossltest",
-            ],
-        "generate" =>
-            {
-                "crypto/buildinf.h" =>
-                    [
-                        "util/mkbuildinf.pl",
-                        "\"\$(CC)",
-                        "\$(CFLAGS)\"",
-                        "\"$(PLATFORM)\"",
-                    ],
-            },
-        "includes" =>
-            {
-                "apps/openssl" =>
-                    [
-                        ".",
-                        "include",
-                    ],
-                "engines/ossltest" =>
-                    [
-                        "include"
-                    ],
-                "libcrypto" =>
-                    [
-                        "include",
-                    ],
-                "libssl" =>
-                    [
-                        "include",
-                    ],
-                "util/mkbuildinf.pl" =>
-                    [
-                        "util",
-                    ],
-            }
-        "install" =>
-            {
-                "modules" =>
-                    [
-                        "engines/dasync",
-                    ],
-                "libraries" =>
-                    [
-                        "libcrypto",
-                        "libssl",
-                    ],
-                "programs" =>
-                    [
-                        "apps/openssl",
-                    ],
-           },
-        "libraries" =>
-            [
-                "libcrypto",
-                "libssl",
-            ],
-        "programs" =>
-            [
-                "apps/openssl",
-            ],
-        "sources" =>
-            {
-                "apps/openssl" =>
-                    [
-                        "apps/openssl.o",
-                    ],
-                "apps/openssl.o" =>
-                    [
-                        "apps/openssl.c",
-                    ],
-                "crypto/aes.o" =>
-                    [
-                        "crypto/aes.c",
-                    ],
-                "crypto/cversion.o" =>
-                    [
-                        "crypto/cversion.c",
-                    ],
-                "crypto/evp.o" =>
-                    [
-                        "crypto/evp.c",
-                    ],
-                "engines/e_dasync.o" =>
-                    [
-                        "engines/e_dasync.c",
-                    ],
-                "engines/dasync" =>
-                    [
-                        "engines/e_dasync.o",
-                    ],
-                "engines/e_ossltest.o" =>
-                    [
-                        "engines/e_ossltest.c",
-                    ],
-                "engines/ossltest" =>
-                    [
-                        "engines/e_ossltest.o",
-                    ],
-                "libcrypto" =>
-                    [
-                        "crypto/aes.c",
-                        "crypto/cversion.c",
-                        "crypto/evp.c",
-                    ],
-                "libssl" =>
-                    [
-                        "ssl/tls.c",
-                    ],
-                "ssl/tls.o" =>
-                    [
-                        "ssl/tls.c",
-                    ],
-            },
-    );
-
-As can be seen, everything in `%unified_info` is fairly simple suggest
-of information.  Still, it tells us that to build all programs, we
-must build `apps/openssl`, and to build the latter, we will need to
-build all its sources (`apps/openssl.o` in this case) and all the
-other things it depends on (such as `libssl`).  All those dependencies
-need to be built as well, using the same logic, so to build `libssl`,
-we need to build `ssl/tls.o` as well as `libcrypto`, and to build the
-latter...
-
-Build-file templates
--------------------
-
-Build-file templates are essentially build-files (such as `Makefile` on
-Unix) with perl code fragments mixed in.  Those perl code fragment
-will generate all the configuration dependent data, including all the
-rules needed to build end product files and intermediary files alike.
-At a minimum, there must be a perl code fragment that defines a set of
-functions that are used to generates specific build-file rules, to
-build static libraries from object files, to build shared libraries
-from static libraries, to programs from object files and libraries,
-etc.
-
-    generatesrc - function that produces build file lines to generate
-                  a source file from some input.
-
-                  It's called like this:
-
-                        generatesrc(src => "PATH/TO/tobegenerated",
-                                    generator => [ "generatingfile", ... ]
-                                    generator_incs => [ "INCL/PATH", ... ]
-                                    generator_deps => [ "dep1", ... ]
-                                    incs => [ "INCL/PATH", ... ],
-                                    deps => [ "dep1", ... ],
-                                    intent => one of "libs", "dso", "bin" );
-
-                  'src' has the name of the file to be generated.
-                  'generator' is the command or part of command to
-                  generate the file, of which the first item is
-                  expected to be the file to generate from.
-                  generatesrc() is expected to analyse and figure out
-                  exactly how to apply that file and how to capture
-                  the result.  'generator_incs' and 'generator_deps'
-                  are include directories and files that the generator
-                  file itself depends on.  'incs' and 'deps' are
-                  include directories and files that are used if $(CC)
-                  is used as an intermediary step when generating the
-                  end product (the file indicated by 'src').  'intent'
-                  indicates what the generated file is going to be
-                  used for.
-
-    src2obj     - function that produces build file lines to build an
-                  object file from source files and associated data.
-
-                  It's called like this:
-
-                        src2obj(obj => "PATH/TO/objectfile",
-                                srcs => [ "PATH/TO/sourcefile", ... ],
-                                deps => [ "dep1", ... ],
-                                incs => [ "INCL/PATH", ... ]
-                                intent => one of "lib", "dso", "bin" );
-
-                  'obj' has the intended object file with `.o`
-                  extension, src2obj() is expected to change it to
-                  something more suitable for the platform.
-                  'srcs' has the list of source files to build the
-                  object file, with the first item being the source
-                  file that directly corresponds to the object file.
-                  'deps' is a list of explicit dependencies.  'incs'
-                  is a list of include file directories.  Finally,
-                  'intent' indicates what this object file is going
-                  to be used for.
-
-    obj2lib     - function that produces build file lines to build a
-                  static library file ("libfoo.a" in Unix terms) from
-                  object files.
-
-                  called like this:
-
-                        obj2lib(lib => "PATH/TO/libfile",
-                                objs => [ "PATH/TO/objectfile", ... ]);
-
-                  'lib' has the intended library file name *without*
-                  extension, obj2lib is expected to add that.  'objs'
-                  has the list of object files to build this library.
-
-    libobj2shlib - backward compatibility function that's used the
-                  same way as obj2shlib (described next), and was
-                  expected to build the shared library from the
-                  corresponding static library when that was suitable.
-                  NOTE: building a shared library from a static
-                  library is now DEPRECATED, as they no longer share
-                  object files.  Attempting to do this will fail.
-
-    obj2shlib   - function that produces build file lines to build a
-                  shareable object library file ("libfoo.so" in Unix
-                  terms) from the corresponding object files.
-
-                  called like this:
-
-                        obj2shlib(shlib => "PATH/TO/shlibfile",
-                                  lib => "PATH/TO/libfile",
-                                  objs => [ "PATH/TO/objectfile", ... ],
-                                  deps => [ "PATH/TO/otherlibfile", ... ]);
-
-                  'lib' has the base (static) library file name
-                  *without* extension.  This is useful in case
-                  supporting files are needed (such as import
-                  libraries on Windows).
-                  'shlib' has the corresponding shared library name
-                  *without* extension.  'deps' has the list of other
-                  libraries (also *without* extension) this library
-                  needs to be linked with.  'objs' has the list of
-                  object files to build this library.
-
-    obj2dso     - function that produces build file lines to build a
-                  dynamic shared object file from object files.
-
-                  called like this:
-
-                        obj2dso(lib => "PATH/TO/libfile",
-                                objs => [ "PATH/TO/objectfile", ... ],
-                                deps => [ "PATH/TO/otherlibfile",
-                                ... ]);
-
-                  This is almost the same as obj2shlib, but the
-                  intent is to build a shareable library that can be
-                  loaded in runtime (a "plugin"...).
-
-    obj2bin     - function that produces build file lines to build an
-                  executable file from object files.
-
-                  called like this:
-
-                        obj2bin(bin => "PATH/TO/binfile",
-                                objs => [ "PATH/TO/objectfile", ... ],
-                                deps => [ "PATH/TO/libfile", ... ]);
-
-                  'bin' has the intended executable file name
-                  *without* extension, obj2bin is expected to add
-                  that.  'objs' has the list of object files to build
-                  this library.  'deps' has the list of library files
-                  (also *without* extension) that the programs needs
-                  to be linked with.
-
-    in2script   - function that produces build file lines to build a
-                  script file from some input.
-
-                  called like this:
-
-                        in2script(script => "PATH/TO/scriptfile",
-                                  sources => [ "PATH/TO/infile", ... ]);
-
-                  'script' has the intended script file name.
-                  'sources' has the list of source files to build the
-                  resulting script from.
-
-Along with the build-file templates is the driving template
-[`Configurations/common.tmpl`](common.tmpl), which looks through all the
-information in `%unified_info` and generates all the rulesets to build libraries,
-programs and all intermediate files, using the rule generating
-functions defined in the build-file template.
-
-As an example with the smaller `build.info` set we've seen as an
-example, producing the rules to build `libcrypto` would result in the
-following calls:
-
-    # Note: obj2shlib will only be called if shared libraries are
-    # to be produced.
-    # Note 2: obj2shlib must convert the '.o' extension to whatever
-    # is suitable on the local platform.
-    obj2shlib(shlib => "libcrypto",
-              objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ],
-              deps => [  ]);
-
-    obj2lib(lib => "libcrypto"
-            objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ]);
-
-    src2obj(obj => "crypto/aes.o"
-            srcs => [ "crypto/aes.c" ],
-            deps => [ ],
-            incs => [ "include" ],
-            intent => "lib");
-
-    src2obj(obj => "crypto/evp.o"
-            srcs => [ "crypto/evp.c" ],
-            deps => [ ],
-            incs => [ "include" ],
-            intent => "lib");
-
-    src2obj(obj => "crypto/cversion.o"
-            srcs => [ "crypto/cversion.c" ],
-            deps => [ "crypto/buildinf.h" ],
-            incs => [ "include" ],
-            intent => "lib");
-
-    generatesrc(src => "crypto/buildinf.h",
-                generator => [ "util/mkbuildinf.pl", "\"$(CC)",
-                               "$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
-                generator_incs => [ "util" ],
-                generator_deps => [ "util/Foo.pm" ],
-                incs => [ ],
-                deps => [ ],
-                intent => "lib");
-
-The returned strings from all those calls are then concatenated
-together and written to the resulting build-file.
--- a/Configurations/README.design
+++ b/Configurations/README.design
@@ -0,0 +1,623 @@
+Design document for the unified scheme data
+===========================================
+
+How are things connected?
+-------------------------
+
+The unified scheme takes all its data from the build.info files seen
+throughout the source tree.  These files hold the minimum information
+needed to build end product files from diverse sources.  See the
+section on build.info files below.
+
+From the information in build.info files, Configure builds up an
+information database as a hash table called %unified_info, which is
+stored in configdata.pm, found at the top of the build tree (which may
+or may not be the same as the source tree).
+
+Configurations/common.tmpl uses the data from %unified_info to
+generate the rules for building end product files as well as
+intermediary files with the help of a few functions found in the
+build-file templates.  See the section on build-file templates further
+down for more information.
+
+build.info files
+----------------
+
+As mentioned earlier, build.info files are meant to hold the minimum
+information needed to build output files, and therefore only (with a
+few possible exceptions [1]) have information about end products (such
+as scripts, library files and programs) and source files (such as C
+files, C header files, assembler files, etc).  Intermediate files such
+as object files are rarely directly referred to in build.info files (and
+when they are, it's always with the file name extension .o), they are
+inferred by Configure.  By the same rule of minimalism, end product
+file name extensions (such as .so, .a, .exe, etc) are never mentioned
+in build.info.  Their file name extensions will be inferred by the
+build-file templates, adapted for the platform they are meant for (see
+sections on %unified_info and build-file templates further down).
+
+The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare
+end products.  There are variants for them with '_NO_INST' as suffix
+(PROGRAM_NO_INST etc) to specify end products that shouldn't get
+installed.
+
+The variables SOURCE, DEPEND and INCLUDE are indexed by a produced
+file, and their values are the source used to produce that particular
+produced file, extra dependencies, and include directories needed.
+
+All their values in all the build.info throughout the source tree are
+collected together and form a set of programs, libraries, engines and
+scripts to be produced, source files, dependencies, etc etc etc.
+
+Let's have a pretend example, a very limited contraption of OpenSSL,
+composed of the program 'apps/openssl', the libraries 'libssl' and
+'libcrypto', an engine 'engines/ossltest' and their sources and
+dependencies.
+
+    # build.info
+    LIBS=libcrypto libssl
+    INCLUDE[libcrypto]=include
+    INCLUDE[libssl]=include
+    DEPEND[libssl]=libcrypto
+
+This is the top directory build.info file, and it tells us that two
+libraries are to be built, the include directory 'include/' shall be
+used throughout when building anything that will end up in each
+library, and that the library 'libssl' depend on the library
+'libcrypto' to function properly.
+
+    # apps/build.info
+    PROGRAMS=openssl
+    SOURCE[openssl]=openssl.c
+    INCLUDE[openssl]=.. ../include
+    DEPEND[openssl]=../libssl
+
+This is the build.info file in 'apps/', one may notice that all file
+paths mentioned are relative to the directory the build.info file is
+located in.  This one tells us that there's a program to be built
+called 'apps/openssl' (the file name extension will depend on the
+platform and is therefore not mentioned in the build.info file).  It's
+built from one source file, 'apps/openssl.c', and building it requires
+the use of '.' and 'include' include directories (both are declared
+from the point of view of the 'apps/' directory), and that the program
+depends on the library 'libssl' to function properly.
+
+    # crypto/build.info
+    LIBS=../libcrypto
+    SOURCE[../libcrypto]=aes.c evp.c cversion.c
+    DEPEND[cversion.o]=buildinf.h
+    
+    GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
+    DEPEND[buildinf.h]=../Makefile
+    DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
+
+This is the build.info file in 'crypto', and it tells us a little more
+about what's needed to produce 'libcrypto'.  LIBS is used again to
+declare that 'libcrypto' is to be produced.  This declaration is
+really unnecessary as it's already mentioned in the top build.info
+file, but can make the info file easier to understand.  This is to
+show that duplicate information isn't an issue.
+
+This build.info file informs us that 'libcrypto' is built from a few
+source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
+It also shows us that building the object file inferred from
+'crypto/cversion.c' depends on 'crypto/buildinf.h'.  Finally, it 
+also shows the possibility to declare how some files are generated
+using some script, in this case a perl script, and how such scripts
+can be declared to depend on other files, in this case a perl module.
+
+Two things are worth an extra note:
+
+'DEPEND[cversion.o]' mentions an object file.  DEPEND indexes is the
+only location where it's valid to mention them
+
+Lines in 'BEGINRAW'..'ENDRAW' sections must always mention files as
+seen from the top directory, no exception.
+
+    # ssl/build.info
+    LIBS=../libssl
+    SOURCE[../libssl]=tls.c
+
+This is the build.info file in 'ssl/', and it tells us that the
+library 'libssl' is built from the source file 'ssl/tls.c'.
+
+    # engines/build.info
+    ENGINES=dasync
+    SOURCE[dasync]=e_dasync.c
+    DEPEND[dasync]=../libcrypto
+    INCLUDE[dasync]=../include
+
+    ENGINES_NO_INST=ossltest
+    SOURCE[ossltest]=e_ossltest.c
+    DEPEND[ossltest]=../libcrypto.a
+    INCLUDE[ossltest]=../include
+
+This is the build.info file in 'engines/', telling us that two engines
+called 'engines/dasync' and 'engines/ossltest' shall be built, that
+dasync's source is 'engines/e_dasync.c' and ossltest's source is
+'engines/e_ossltest.c' and that the include directory 'include/' may
+be used when building anything that will be part of these engines.
+Also, both engines depend on the library 'libcrypto' to function
+properly.  ossltest is explicitly linked with the static variant of
+the library 'libcrypto'.  Finally, only dasync is being installed, as
+ossltest is only for internal testing.
+
+When Configure digests these build.info files, the accumulated
+information comes down to this:
+
+    LIBS=libcrypto libssl
+    SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
+    DEPEND[crypto/cversion.o]=crypto/buildinf.h
+    INCLUDE[libcrypto]=include
+    SOURCE[libssl]=ssl/tls.c
+    INCLUDE[libssl]=include
+    DEPEND[libssl]=libcrypto
+    
+    PROGRAMS=apps/openssl
+    SOURCE[apps/openssl]=apps/openssl.c
+    INCLUDE[apps/openssl]=. include
+    DEPEND[apps/openssl]=libssl
+
+    ENGINES=engines/dasync
+    SOURCE[engines/dasync]=engines/e_dasync.c
+    DEPEND[engines/dasync]=libcrypto
+    INCLUDE[engines/dasync]=include
+
+    ENGINES_NO_INST=engines/ossltest
+    SOURCE[engines/ossltest]=engines/e_ossltest.c
+    DEPEND[engines/ossltest]=libcrypto.a
+    INCLUDE[engines/ossltest]=include
+    
+    GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
+    DEPEND[crypto/buildinf.h]=Makefile
+    DEPEND[util/mkbuildinf.pl]=util/Foo.pm
+
+
+A few notes worth mentioning:
+
+LIBS may be used to declare routine libraries only.
+
+PROGRAMS may be used to declare programs only.
+
+ENGINES may be used to declare engines only.
+
+The indexes for SOURCE must only be end product files, such as
+libraries, programs or engines.  The values of SOURCE variables must
+only be source files (possibly generated).
+
+INCLUDE and DEPEND shows a relationship between different files
+(usually produced files) or between files and directories, such as a
+program depending on a library, or between an object file and some
+extra source file.
+
+When Configure processes the build.info files, it will take it as
+truth without question, and will therefore perform very few checks.
+If the build tree is separate from the source tree, it will assume
+that all built files and up in the build directory and that all source
+files are to be found in the source tree, if they can be found there.
+Configure will assume that source files that can't be found in the
+source tree (such as 'crypto/bildinf.h' in the example above) are
+generated and will be found in the build tree.
+
+
+The %unified_info database
+--------------------------
+
+The information in all the build.info get digested by Configure and
+collected into the %unified_info database, divided into the following
+indexes:
+
+  depends   => a hash table containing 'file' => [ 'dependency' ... ]
+               pairs.  These are directly inferred from the DEPEND
+               variables in build.info files.
+
+  engines   => a list of engines.  These are directly inferred from
+               the ENGINES variable in build.info files.
+
+  generate  => a hash table containing 'file' => [ 'generator' ... ]
+               pairs.  These are directly inferred from the GENERATE
+               variables in build.info files.
+
+  includes  => a hash table containing 'file' => [ 'include' ... ]
+               pairs.  These are directly inferred from the INCLUDE
+               variables in build.info files.
+
+  install   => a hash table containing 'type' => [ 'file' ... ] pairs.
+               The types are 'programs', 'libraries', 'engines' and
+               'scripts', and the array of files list the files of
+               that type that should be installed.
+
+  libraries => a list of libraries.  These are directly inferred from
+               the LIBS variable in build.info files.
+
+  programs  => a list of programs.  These are directly inferred from
+               the PROGRAMS variable in build.info files.
+
+  rawlines  => a list of build-file lines.  These are a direct copy of
+               the BEGINRAW..ENDRAW lines in build.info files.  Note:
+               only the BEGINRAW..ENDRAW section for the current
+               platform are copied, the rest are ignored.
+
+  scripts   => a list of scripts.  There are directly inferred from
+               the SCRIPTS variable in build.info files.
+
+  sources   => a hash table containing 'file' => [ 'sourcefile' ... ]
+               pairs.  These are indirectly inferred from the SOURCE
+               variables in build.info files.  Object files are
+               mentioned in this hash table, with source files from
+               SOURCE variables, and AS source files for programs and
+               libraries.
+
+  shared_sources =>
+               a hash table just like 'sources', but only as source
+               files (object files) for building shared libraries.
+
+As an example, here is how the build.info files example from the
+section above would be digested into a %unified_info table:
+
+    our %unified_info = (
+        "depends" =>
+            {
+                "apps/openssl" =>
+                    [
+                        "libssl",
+                    ],
+                "crypto/buildinf.h" =>
+                    [
+                        "Makefile",
+                    ],
+                "crypto/cversion.o" =>
+                    [
+                        "crypto/buildinf.h",
+                    ],
+                "engines/dasync" =>
+                    [
+                        "libcrypto",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "libcrypto.a",
+                    ],
+                "libssl" =>
+                    [
+                        "libcrypto",
+                    ],
+                "util/mkbuildinf.pl" =>
+                    [
+                        "util/Foo.pm",
+                    ],
+            },
+        "engines" =>
+            [
+                "engines/dasync",
+                "engines/ossltest",
+            ],
+        "generate" =>
+            {
+                "crypto/buildinf.h" =>
+                    [
+                        "util/mkbuildinf.pl",
+                        "\"\$(CC)",
+                        "\$(CFLAGS)\"",
+                        "\"$(PLATFORM)\"",
+                    ],
+            },
+        "includes" =>
+            {
+                "apps/openssl" =>
+                    [
+                        ".",
+                        "include",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "include"
+                    ],
+                "libcrypto" =>
+                    [
+                        "include",
+                    ],
+                "libssl" =>
+                    [
+                        "include",
+                    ],
+                "util/mkbuildinf.pl" =>
+                    [
+                        "util",
+                    ],
+            }
+        "install" =>
+            {
+                "engines" =>
+                    [
+                        "engines/dasync",
+                    ],
+                "libraries" =>
+                    [
+                        "libcrypto",
+                        "libssl",
+                    ],
+                "programs" =>
+                    [
+                        "apps/openssl",
+                    ],
+           },
+        "libraries" =>
+            [
+                "libcrypto",
+                "libssl",
+            ],
+        "programs" =>
+            [
+                "apps/openssl",
+            ],
+        "rawlines" =>
+            [
+            ],
+        "sources" =>
+            {
+                "apps/openssl" =>
+                    [
+                        "apps/openssl.o",
+                    ],
+                "apps/openssl.o" =>
+                    [
+                        "apps/openssl.c",
+                    ],
+                "crypto/aes.o" =>
+                    [
+                        "crypto/aes.c",
+                    ],
+                "crypto/cversion.o" =>
+                    [
+                        "crypto/cversion.c",
+                    ],
+                "crypto/evp.o" =>
+                    [
+                        "crypto/evp.c",
+                    ],
+                "engines/e_dasync.o" =>
+                    [
+                        "engines/e_dasync.c",
+                    ],
+                "engines/dasync" =>
+                    [
+                        "engines/e_dasync.o",
+                    ],
+                "engines/e_ossltest.o" =>
+                    [
+                        "engines/e_ossltest.c",
+                    ],
+                "engines/ossltest" =>
+                    [
+                        "engines/e_ossltest.o",
+                    ],
+                "libcrypto" =>
+                    [
+                        "crypto/aes.c",
+                        "crypto/cversion.c",
+                        "crypto/evp.c",
+                    ],
+                "libssl" =>
+                    [
+                        "ssl/tls.c",
+                    ],
+                "ssl/tls.o" =>
+                    [
+                        "ssl/tls.c",
+                    ],
+            },
+    );
+
+As can be seen, everything in %unified_info is fairly simple suggest
+of information.  Still, it tells us that to build all programs, we
+must build 'apps/openssl', and to build the latter, we will need to
+build all its sources ('apps/openssl.o' in this case) and all the
+other things it depends on (such as 'libssl').  All those dependencies
+need to be built as well, using the same logic, so to build 'libssl',
+we need to build 'ssl/tls.o' as well as 'libcrypto', and to build the
+latter...
+
+
+Build-file templates
+--------------------
+
+Build-file templates are essentially build-files (such as Makefile on
+Unix) with perl code fragments mixed in.  Those perl code fragment
+will generate all the configuration dependent data, including all the
+rules needed to build end product files and intermediary files alike.
+At a minimum, there must be a perl code fragment that defines a set of
+functions that are used to generates specific build-file rules, to
+build static libraries from object files, to build shared libraries
+from static libraries, to programs from object files and libraries,
+etc.
+
+    generatesrc - function that produces build file lines to generate
+                  a source file from some input.
+
+                  It's called like this:
+
+                        generatesrc(src => "PATH/TO/tobegenerated",
+                                    generator => [ "generatingfile", ... ]
+                                    generator_incs => [ "INCL/PATH", ... ]
+                                    generator_deps => [ "dep1", ... ]
+                                    incs => [ "INCL/PATH", ... ],
+                                    deps => [ "dep1", ... ],
+                                    intent => one of "libs", "dso", "bin" );
+
+                  'src' has the name of the file to be generated.
+                  'generator' is the command or part of command to
+                  generate the file, of which the first item is
+                  expected to be the file to generate from.
+                  generatesrc() is expected to analyse and figure out
+                  exactly how to apply that file and how to capture
+                  the result.  'generator_incs' and 'generator_deps'
+                  are include directories and files that the generator
+                  file itself depends on.  'incs' and 'deps' are
+                  include directories and files that are used if $(CC)
+                  is used as an intermediary step when generating the
+                  end product (the file indicated by 'src').  'intent'
+                  indicates what the generated file is going to be
+                  used for.
+
+    src2obj     - function that produces build file lines to build an
+                  object file from source files and associated data.
+
+                  It's called like this:
+
+                        src2obj(obj => "PATH/TO/objectfile",
+                                srcs => [ "PATH/TO/sourcefile", ... ],
+                                deps => [ "dep1", ... ],
+                                incs => [ "INCL/PATH", ... ]
+                                intent => one of "lib", "dso", "bin" );
+
+                  'obj' has the intended object file *without*
+                  extension, src2obj() is expected to add that.
+                  'srcs' has the list of source files to build the
+                  object file, with the first item being the source
+                  file that directly corresponds to the object file.
+                  'deps' is a list of explicit dependencies.  'incs'
+                  is a list of include file directories.  Finally,
+                  'intent' indicates what this object file is going
+                  to be used for.
+
+    obj2lib     - function that produces build file lines to build a
+                  static library file ("libfoo.a" in Unix terms) from
+                  object files.
+
+                  called like this:
+
+                        obj2lib(lib => "PATH/TO/libfile",
+                                objs => [ "PATH/TO/objectfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, obj2lib is expected to add that.  'objs'
+                  has the list of object files (also *without*
+                  extension) to build this library.
+
+    libobj2shlib - function that produces build file lines to build a
+                  shareable object library file ("libfoo.so" in Unix
+                  terms) from the corresponding static library file
+                  or object files.
+
+                  called like this:
+
+                        libobj2shlib(shlib => "PATH/TO/shlibfile",
+                                     lib => "PATH/TO/libfile",
+                                     objs => [ "PATH/TO/objectfile", ... ],
+                                     deps => [ "PATH/TO/otherlibfile", ... ]);
+
+                  'lib' has the intended library file name *without*
+                  extension, libobj2shlib is expected to add that.
+                  'shlib' has the corresponding shared library name
+                  *without* extension.  'deps' has the list of other
+                  libraries (also *without* extension) this library
+                  needs to be linked with.  'objs' has the list of
+                  object files (also *without* extension) to build
+                  this library.
+
+                  This function has a choice; it can use the
+                  corresponding static library as input to make the
+                  shared library, or the list of object files.
+
+    obj2dynlib  - function that produces build file lines to build a
+                  dynamically loadable library file ("libfoo.so" on
+                  Unix) from object files.
+
+                  called like this:
+
+                        obj2dynlib(lib => "PATH/TO/libfile",
+                                   objs => [ "PATH/TO/objectfile", ... ],
+                                   deps => [ "PATH/TO/otherlibfile",
+                                   ... ]);
+
+                  This is almost the same as libobj2shlib, but the
+                  intent is to build a shareable library that can be
+                  loaded in runtime (a "plugin"...).  The differences
+                  are subtle, one of the most visible ones is that the
+                  resulting shareable library is produced from object
+                  files only.
+
+    obj2bin     - function that produces build file lines to build an
+                  executable file from object files.
+
+                  called like this:
+
+                        obj2bin(bin => "PATH/TO/binfile",
+                                objs => [ "PATH/TO/objectfile", ... ],
+                                deps => [ "PATH/TO/libfile", ... ]);
+
+                  'bin' has the intended executable file name
+                  *without* extension, obj2bin is expected to add
+                  that.  'objs' has the list of object files (also
+                  *without* extension) to build this library.  'deps'
+                  has the list of library files (also *without*
+                  extension) that the programs needs to be linked
+                  with.
+
+    in2script   - function that produces build file lines to build a
+                  script file from some input.
+
+                  called like this:
+
+                        in2script(script => "PATH/TO/scriptfile",
+                                  sources => [ "PATH/TO/infile", ... ]);
+
+                  'script' has the intended script file name.
+                  'sources' has the list of source files to build the
+                  resulting script from.
+
+Along with the build-file templates is the driving engine
+Configurations/common.tmpl, which looks through all the information in
+%unified_info and generates all the rulesets to build libraries,
+programs and all intermediate files, using the rule generating
+functions defined in the build-file template.
+
+As an example with the smaller build.info set we've seen as an
+example, producing the rules to build 'libcrypto' would result in the
+following calls:
+
+    # Note: libobj2shlib will only be called if shared libraries are
+    # to be produced.
+    # Note 2: libobj2shlib gets both the name of the static library
+    # and the names of all the object files that go into it.  It's up
+    # to the implementation to decide which to use as input.
+    # Note 3: common.tmpl peals off the ".o" extension from all object
+    # files, as the platform at hand may have a different one.
+    libobj2shlib(shlib => "libcrypto",
+                 lib => "libcrypto",
+                 objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ],
+                 deps => [  ]);
+
+    obj2lib(lib => "libcrypto"
+            objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]);
+
+    src2obj(obj => "crypto/aes"
+            srcs => [ "crypto/aes.c" ],
+            deps => [ ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    src2obj(obj => "crypto/evp"
+            srcs => [ "crypto/evp.c" ],
+            deps => [ ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    src2obj(obj => "crypto/cversion"
+            srcs => [ "crypto/cversion.c" ],
+            deps => [ "crypto/buildinf.h" ],
+            incs => [ "include" ],
+            intent => "lib");
+
+    generatesrc(src => "crypto/buildinf.h",
+                generator => [ "util/mkbuildinf.pl", "\"$(CC)",
+                               "$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
+                generator_incs => [ "util" ],
+                generator_deps => [ "util/Foo.pm" ],
+                incs => [ ],
+                deps => [ ],
+                intent => "lib");
+
+The returned strings from all those calls are then concatenated
+together and written to the resulting build-file.
--- a/Configurations/README.md
+++ b/Configurations/README.md
@@ -1,674 +0,0 @@
-Intro
-=====
-
-This directory contains a few sets of files that are used for
-configuration in diverse ways:
-
-    *.conf      Target platform configurations, please read
-                'Configurations of OpenSSL target platforms' for more
-                information.
-    *.tmpl      Build file templates, please read 'Build-file
-                programming with the "unified" build system' as well
-                as 'Build info files' for more information.
-    *.pm        Helper scripts / modules for the main `Configure`
-                script.  See 'Configure helper scripts for more
-                information.
-
-Configurations of OpenSSL target platforms
-==========================================
-
-Configuration targets are a collection of facts that we know about
-different platforms and their capabilities.  We organise them in a
-hash table, where each entry represent a specific target.
-
-Note that configuration target names must be unique across all config
-files.  The Configure script does check that a config file doesn't
-have config targets that shadow config targets from other files.
-
-In each table entry, the following keys are significant:
-
-        inherit_from    => Other targets to inherit values from.
-                           Explained further below. [1]
-        template        => Set to 1 if this isn't really a platform
-                           target.  Instead, this target is a template
-                           upon which other targets can be built.
-                           Explained further below.  [1]
-
-        sys_id          => System identity for systems where that
-                           is difficult to determine automatically.
-
-        enable          => Enable specific configuration features.
-                           This MUST be an array of words.
-        disable         => Disable specific configuration features.
-                           This MUST be an array of words.
-                           Note: if the same feature is both enabled
-                           and disabled, disable wins.
-
-        as              => The assembler command.  This is not always
-                           used (for example on Unix, where the C
-                           compiler is used instead).
-        asflags         => Default assembler command flags [4].
-        cpp             => The C preprocessor command, normally not
-                           given, as the build file defaults are
-                           usually good enough.
-        cppflags        => Default C preprocessor flags [4].
-        defines         => As an alternative, macro definitions may be
-                           given here instead of in 'cppflags' [4].
-                           If given here, they MUST be as an array of
-                           the string such as "MACRO=value", or just
-                           "MACRO" for definitions without value.
-        includes        => As an alternative, inclusion directories
-                           may be given here instead of in 'cppflags'
-                           [4].  If given here, the MUST be an array
-                           of strings, one directory specification
-                           each.
-        cc              => The C compiler command, usually one of "cc",
-                           "gcc" or "clang".  This command is normally
-                           also used to link object files and
-                           libraries into the final program.
-        cxx             => The C++ compiler command, usually one of
-                           "c++", "g++" or "clang++".  This command is
-                           also used when linking a program where at
-                           least one of the object file is made from
-                           C++ source.
-        cflags          => Defaults C compiler flags [4].
-        cxxflags        => Default  C++ compiler flags [4].  If unset,
-                           it gets the same value as cflags.
-
-        (linking is a complex thing, see [3] below)
-        ld              => Linker command, usually not defined
-                           (meaning the compiler command is used
-                           instead).
-                           (NOTE: this is here for future use, it's
-                           not implemented yet)
-        lflags          => Default flags used when linking apps,
-                           shared libraries or DSOs [4].
-        ex_libs         => Extra libraries that are needed when
-                           linking shared libraries, DSOs or programs.
-                           The value is also assigned to Libs.private
-                           in $(libdir)/pkgconfig/libcrypto.pc.
-
-        shared_cppflags => Extra C preprocessor flags used when
-                           processing C files for shared libraries.
-        shared_cflag    => Extra C compiler flags used when compiling
-                           for shared libraries, typically something
-                           like "-fPIC".
-        shared_ldflag   => Extra linking flags used when linking
-                           shared libraries.
-        module_cppflags
-        module_cflags
-        module_ldflags  => Has the same function as the corresponding
-                           'shared_' attributes, but for building DSOs.
-                           When unset, they get the same values as the
-                           corresponding 'shared_' attributes.
-
-        ar              => The library archive command, the default is
-                           "ar".
-                           (NOTE: this is here for future use, it's
-                           not implemented yet)
-        arflags         => Flags to be used with the library archive
-                           command.  On Unix, this includes the
-                           command letter, 'r' by default.
-
-        ranlib          => The library archive indexing command, the
-                           default is 'ranlib' it it exists.
-
-        unistd          => An alternative header to the typical
-                           '<unistd.h>'.  This is very rarely needed.
-
-        shared_extension => File name extension used for shared
-                            libraries.
-        obj_extension   => File name extension used for object files.
-                           On unix, this defaults to ".o" (NOTE: this
-                           is here for future use, it's not
-                           implemented yet)
-        exe_extension   => File name extension used for executable
-                           files.  On unix, this defaults to "" (NOTE:
-                           this is here for future use, it's not
-                           implemented yet)
-        shlib_variant   => A "variant" identifier inserted between the base
-                           shared library name and the extension.  On "unixy"
-                           platforms (BSD, Linux, Solaris, MacOS/X, ...) this
-                           supports installation of custom OpenSSL libraries
-                           that don't conflict with other builds of OpenSSL
-                           installed on the system.  The variant identifier
-                           becomes part of the SONAME of the library and also
-                           any symbol versions (symbol versions are not used or
-                           needed with MacOS/X).  For example, on a system
-                           where a default build would normally create the SSL
-                           shared library as 'libssl.so -> libssl.so.1.1' with
-                           the value of the symlink as the SONAME, a target
-                           definition that sets 'shlib_variant => "-abc"' will
-                           create 'libssl.so -> libssl-abc.so.1.1', again with
-                           an SONAME equal to the value of the symlink.  The
-                           symbol versions associated with the variant library
-                           would then be 'OPENSSL_ABC_<version>' rather than
-                           the default 'OPENSSL_<version>'. The string inserted
-                           into symbol versions is obtained by mapping all
-                           letters in the "variant" identifier to uppercase
-                           and all non-alphanumeric characters to '_'.
-
-        thread_scheme   => The type of threads is used on the
-                           configured platform.  Currently known
-                           values are "(unknown)", "pthreads",
-                           "uithreads" (a.k.a solaris threads) and
-                           "winthreads".  Except for "(unknown)", the
-                           actual value is currently ignored but may
-                           be used in the future.  See further notes
-                           below [2].
-        dso_scheme      => The type of dynamic shared objects to build
-                           for.  This mostly comes into play with
-                           modules, but can be used for other purposes
-                           as well.  Valid values are "DLFCN"
-                           (dlopen() et al), "DLFCN_NO_H" (for systems
-                           that use dlopen() et al but do not have
-                           fcntl.h), "DL" (shl_load() et al), "WIN32"
-                           and "VMS".
-        asm_arch        => The architecture to be used for compiling assembly
-                           source.  This acts as a selector in build.info files.
-        uplink_arch     => The architecture to be used for compiling uplink
-                           source.  This acts as a selector in build.info files.
-                           This is separate from asm_arch because it's compiled
-                           even when 'no-asm' is given, even though it contains
-                           assembler source.
-        perlasm_scheme  => The perlasm method used to create the
-                           assembler files used when compiling with
-                           assembler implementations.
-        shared_target   => The shared library building method used.
-                           This serves multiple purposes:
-                           - as index for targets found in shared_info.pl.
-                           - as linker script generation selector.
-                           To serve both purposes, the index for shared_info.pl
-                           should end with '-shared', and this suffix will be
-                           removed for use as a linker script generation
-                           selector.  Note that the latter is only used if
-                           'shared_defflag' is defined.
-        build_scheme    => The scheme used to build up a Makefile.
-                           In its simplest form, the value is a string
-                           with the name of the build scheme.
-                           The value may also take the form of a list
-                           of strings, if the build_scheme is to have
-                           some options.  In this case, the first
-                           string in the list is the name of the build
-                           scheme.
-                           Currently recognised build scheme is "unified".
-                           For the "unified" build scheme, this item
-                           *must* be an array with the first being the
-                           word "unified" and the second being a word
-                           to identify the platform family.
-
-        multilib        => On systems that support having multiple
-                           implementations of a library (typically a
-                           32-bit and a 64-bit variant), this is used
-                           to have the different variants in different
-                           directories.
-
-        multibin        => On systems that support having multiple
-                           implementations of a library and binaries
-                           (typically a 32-bit and a 64-bit variant),
-                           this is used to have the different variants
-                           in different binary directories. This setting
-                           works in conjunction with multilib.
-
-        bn_ops          => Building options (was just bignum options in
-                           the earlier history of this option, hence the
-                           name). This is a string of words that describe
-                           algorithms' implementation parameters that
-                           are optimal for the designated target platform,
-                           such as the type of integers used to build up
-                           the bignum, different ways to implement certain
-                           ciphers and so on. To fully comprehend the
-                           meaning, the best is to read the affected
-                           source.
-                           The valid words are:
-
-                           THIRTY_TWO_BIT       bignum limbs are 32 bits,
-                                                this is default if no
-                                                option is specified, it
-                                                works on any supported
-                                                system [unless "wider"
-                                                limb size is implied in
-                                                assembly code];
-                           BN_LLONG             bignum limbs are 32 bits,
-                                                but 64-bit 'unsigned long
-                                                long' is used internally
-                                                in calculations;
-                           SIXTY_FOUR_BIT_LONG  bignum limbs are 64 bits
-                                                and sizeof(long) is 8;
-                           SIXTY_FOUR_BIT       bignums limbs are 64 bits,
-                                                but execution environment
-                                                is ILP32;
-                           RC4_CHAR             RC4 key schedule is made
-                                                up of 'unsigned char's;
-                                                Note: should not be used
-                                                for new configuration
-                                                targets
-                           RC4_INT              RC4 key schedule is made
-                                                up of 'unsigned int's;
-                                                Note: should not be used
-                                                for new configuration
-                                                targets
-
-[1] as part of the target configuration, one can have a key called
-  `inherit_from` that indicates what other configurations to inherit
-  data from.  These are resolved recursively.
-
-  Inheritance works as a set of default values that can be overridden
-  by corresponding key values in the inheriting configuration.
-
-  Note 1: any configuration table can be used as a template.
-  Note 2: pure templates have the attribute `template => 1` and
-          cannot be used as build targets.
-
-  If several configurations are given in the `inherit_from` array,
-  the values of same attribute are concatenated with space
-  separation.  With this, it's possible to have several smaller
-  templates for different configuration aspects that can be combined
-  into a complete configuration.
-
-  Instead of a scalar value or an array, a value can be a code block
-  of the form `sub { /* your code here */ }`.  This code block will
-  be called with the list of inherited values for that key as
-  arguments.  In fact, the concatenation of strings is really done
-  by using `sub { join(" ",@_) }` on the list of inherited values.
-
-  An example:
-
-        "foo" => {
-                template => 1,
-                haha => "ha ha",
-                hoho => "ho",
-                ignored => "This should not appear in the end result",
-        },
-        "bar" => {
-                template => 1,
-                haha => "ah",
-                hoho => "haho",
-                hehe => "hehe"
-        },
-        "laughter" => {
-                inherit_from => [ "foo", "bar" ],
-                hehe => sub { join(" ",(@_,"!!!")) },
-                ignored => "",
-        }
-
-        The entry for "laughter" will become as follows after processing:
-
-        "laughter" => {
-                haha => "ha ha ah",
-                hoho => "ho haho",
-                hehe => "hehe !!!",
-                ignored => ""
-        }
-
-[2] OpenSSL is built with threading capabilities unless the user
-  specifies `no-threads`.  The value of the key `thread_scheme` may
-  be `(unknown)`, in which case the user MUST give some compilation
-  flags to `Configure`.
-
-[3] OpenSSL has three types of things to link from object files or
-  static libraries:
-
-  - shared libraries; that would be libcrypto and libssl.
-  - shared objects (sometimes called dynamic libraries);  that would
-    be the modules.
-  - applications; those are apps/openssl and all the test apps.
-
-  Very roughly speaking, linking is done like this (words in braces
-  represent the configuration settings documented at the beginning
-  of this file):
-
-    shared libraries:
-        {ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
-            foo/something.o foo/somethingelse.o {ex_libs}
-
-    shared objects:
-        {ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
-            blah1.o blah2.o -lcrypto {ex_libs}
-
-    applications:
-        {ld} $(CFLAGS) {lflags} -o app \
-            app1.o utils.o -lssl -lcrypto {ex_libs}
-
-[4] There are variants of these attribute, prefixed with `lib_`,
-  `dso_` or `bin_`.  Those variants replace the unprefixed attribute
-  when building library, DSO or program modules specifically.
-
-Historically, the target configurations came in form of a string with
-values separated by colons.  This use is deprecated.  The string form
-looked like this:
-
-    "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:
-                 {bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:
-                 {bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:
-                 {rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:
-                 {padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:
-                 {shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:
-                 {arflags}:{multilib}"
-
-Build info files
-================
-
-The `build.info` files that are spread over the source tree contain the
-minimum information needed to build and distribute OpenSSL.  It uses a
-simple and yet fairly powerful language to determine what needs to be
-built, from what sources, and other relationships between files.
-
-For every `build.info` file, all file references are relative to the
-directory of the `build.info` file for source files, and the
-corresponding build directory for built files if the build tree
-differs from the source tree.
-
-When processed, every line is processed with the perl module
-Text::Template, using the delimiters `{-` and `-}`.  The hashes
-`%config` and `%target` are passed to the perl fragments, along with
-$sourcedir and $builddir, which are the locations of the source
-directory for the current `build.info` file and the corresponding build
-directory, all relative to the top of the build tree.
-
-`Configure` only knows inherently about the top `build.info` file.  For
-any other directory that has one, further directories to look into
-must be indicated like this:
-
-    SUBDIRS=something someelse
-
-On to things to be built; they are declared by setting specific
-variables:
-
-    PROGRAMS=foo bar
-    LIBS=libsomething
-    MODULES=libeng
-    SCRIPTS=myhack
-
-Note that the files mentioned for PROGRAMS, LIBS and MODULES *must* be
-without extensions.  The build file templates will figure them out.
-
-For each thing to be built, it is then possible to say what sources
-they are built from:
-
-    PROGRAMS=foo bar
-    SOURCE[foo]=foo.c common.c
-    SOURCE[bar]=bar.c extra.c common.c
-
-It's also possible to tell some other dependencies:
-
-    DEPEND[foo]=libsomething
-    DEPEND[libbar]=libsomethingelse
-
-(it could be argued that 'libsomething' and 'libsomethingelse' are
-source as well.  However, the files given through SOURCE are expected
-to be located in the source tree while files given through DEPEND are
-expected to be located in the build tree)
-
-It's also possible to depend on static libraries explicitly:
-
-    DEPEND[foo]=libsomething.a
-    DEPEND[libbar]=libsomethingelse.a
-
-This should be rarely used, and care should be taken to make sure it's
-only used when supported.  For example, native Windows build doesn't
-support building static libraries and DLLs at the same time, so using
-static libraries on Windows can only be done when configured
-`no-shared`.
-
-In some cases, it's desirable to include some source files in the
-shared form of a library only:
-
-    SHARED_SOURCE[libfoo]=dllmain.c
-
-For any file to be built, it's also possible to tell what extra
-include paths the build of their source files should use:
-
-    INCLUDE[foo]=include
-
-It's also possible to specify C macros that should be defined:
-
-    DEFINE[foo]=FOO BAR=1
-
-In some cases, one might want to generate some source files from
-others, that's done as follows:
-
-    GENERATE[foo.s]=asm/something.pl $(CFLAGS)
-    GENERATE[bar.s]=asm/bar.S
-
-The value of each GENERATE line is a command line or part of it.
-Configure places no rules on the command line, except that the first
-item must be the generator file.  It is, however, entirely up to the
-build file template to define exactly how those command lines should
-be handled, how the output is captured and so on.
-
-Sometimes, the generator file itself depends on other files, for
-example if it is a perl script that depends on other perl modules.
-This can be expressed using DEPEND like this:
-
-    DEPEND[asm/something.pl]=../perlasm/Foo.pm
-
-There may also be cases where the exact file isn't easily specified,
-but an inclusion directory still needs to be specified.  INCLUDE can
-be used in that case:
-
-    INCLUDE[asm/something.pl]=../perlasm
-
-NOTE: GENERATE lines are limited to one command only per GENERATE.
-
-Finally, you can have some simple conditional use of the `build.info`
-information, looking like this:
-
-    IF[1]
-     something
-    ELSIF[2]
-     something other
-    ELSE
-     something else
-    ENDIF
-
-The expression in square brackets is interpreted as a string in perl,
-and will be seen as true if perl thinks it is, otherwise false.  For
-example, the above would have "something" used, since 1 is true.
-
-Together with the use of Text::Template, this can be used as
-conditions based on something in the passed variables, for example:
-
-    IF[{- $disabled{shared} -}]
-      LIBS=libcrypto
-      SOURCE[libcrypto]=...
-    ELSE
-      LIBS=libfoo
-      SOURCE[libfoo]=...
-    ENDIF
-
-Build-file programming with the "unified" build system
-======================================================
-
-"Build files" are called `Makefile` on Unix-like operating systems,
-`descrip.mms` for MMS on VMS, `makefile` for `nmake` on Windows, etc.
-
-To use the "unified" build system, the target configuration needs to
-set the three items `build_scheme`, `build_file` and `build_command`.
-In the rest of this section, we will assume that `build_scheme` is set
-to "unified" (see the configurations documentation above for the
-details).
-
-For any name given by `build_file`, the "unified" system expects a
-template file in `Configurations/` named like the build file, with
-`.tmpl` appended, or in case of possible ambiguity, a combination of
-the second `build_scheme` list item and the `build_file` name.  For
-example, if `build_file` is set to `Makefile`, the template could be
-`Configurations/Makefile.tmpl` or `Configurations/unix-Makefile.tmpl`.
-In case both `Configurations/unix-Makefile.tmpl` and
-`Configurations/Makefile.tmpl` are present, the former takes precedence.
-
-The build-file template is processed with the perl module
-Text::Template, using `{-` and `-}` as delimiters that enclose the
-perl code fragments that generate configuration-dependent content.
-Those perl fragments have access to all the hash variables from
-configdata.pem.
-
-The build-file template is expected to define at least the following
-perl functions in a perl code fragment enclosed with `{-` and `-}`.
-They are all expected to return a string with the lines they produce.
-
-    generatesrc - function that produces build file lines to generate
-                  a source file from some input.
-
-                  It's called like this:
-
-                        generatesrc(src => "PATH/TO/tobegenerated",
-                                    generator => [ "generatingfile", ... ]
-                                    generator_incs => [ "INCL/PATH", ... ]
-                                    generator_deps => [ "dep1", ... ]
-                                    generator => [ "generatingfile", ... ]
-                                    incs => [ "INCL/PATH", ... ],
-                                    deps => [ "dep1", ... ],
-                                    intent => one of "libs", "dso", "bin" );
-
-                  'src' has the name of the file to be generated.
-                  'generator' is the command or part of command to
-                  generate the file, of which the first item is
-                  expected to be the file to generate from.
-                  generatesrc() is expected to analyse and figure out
-                  exactly how to apply that file and how to capture
-                  the result.  'generator_incs' and 'generator_deps'
-                  are include directories and files that the generator
-                  file itself depends on.  'incs' and 'deps' are
-                  include directories and files that are used if $(CC)
-                  is used as an intermediary step when generating the
-                  end product (the file indicated by 'src').  'intent'
-                  indicates what the generated file is going to be
-                  used for.
-
-    src2obj     - function that produces build file lines to build an
-                  object file from source files and associated data.
-
-                  It's called like this:
-
-                        src2obj(obj => "PATH/TO/objectfile",
-                                srcs => [ "PATH/TO/sourcefile", ... ],
-                                deps => [ "dep1", ... ],
-                                incs => [ "INCL/PATH", ... ]
-                                intent => one of "lib", "dso", "bin" );
-
-                  'obj' has the intended object file with '.o'
-                  extension, src2obj() is expected to change it to
-                  something more suitable for the platform.
-                  'srcs' has the list of source files to build the
-                  object file, with the first item being the source
-                  file that directly corresponds to the object file.
-                  'deps' is a list of explicit dependencies.  'incs'
-                  is a list of include file directories.  Finally,
-                  'intent' indicates what this object file is going
-                  to be used for.
-
-    obj2lib     - function that produces build file lines to build a
-                  static library file ("libfoo.a" in Unix terms) from
-                  object files.
-
-                  called like this:
-
-                        obj2lib(lib => "PATH/TO/libfile",
-                                objs => [ "PATH/TO/objectfile", ... ]);
-
-                  'lib' has the intended library filename *without*
-                  extension, obj2lib is expected to add that.  'objs'
-                  has the list of object files to build this library.
-
-    libobj2shlib - backward compatibility function that's used the
-                  same way as obj2shlib (described next), and was
-                  expected to build the shared library from the
-                  corresponding static library when that was suitable.
-                  NOTE: building a shared library from a static
-                  library is now DEPRECATED, as they no longer share
-                  object files.  Attempting to do this will fail.
-
-    obj2shlib   - function that produces build file lines to build a
-                  shareable object library file ("libfoo.so" in Unix
-                  terms) from the corresponding object files.
-
-                  called like this:
-
-                        obj2shlib(shlib => "PATH/TO/shlibfile",
-                                  lib => "PATH/TO/libfile",
-                                  objs => [ "PATH/TO/objectfile", ... ],
-                                  deps => [ "PATH/TO/otherlibfile", ... ]);
-
-                  'lib' has the base (static) library filename
-                  *without* extension.  This is useful in case
-                  supporting files are needed (such as import
-                  libraries on Windows).
-                  'shlib' has the corresponding shared library name
-                  *without* extension.  'deps' has the list of other
-                  libraries (also *without* extension) this library
-                  needs to be linked with.  'objs' has the list of
-                  object files to build this library.
-
-    obj2dso     - function that produces build file lines to build a
-                  dynamic shared object file from object files.
-
-                  called like this:
-
-                        obj2dso(lib => "PATH/TO/libfile",
-                                objs => [ "PATH/TO/objectfile", ... ],
-                                deps => [ "PATH/TO/otherlibfile",
-                                ... ]);
-
-                  This is almost the same as obj2shlib, but the
-                  intent is to build a shareable library that can be
-                  loaded in runtime (a "plugin"...).
-
-    obj2bin     - function that produces build file lines to build an
-                  executable file from object files.
-
-                  called like this:
-
-                        obj2bin(bin => "PATH/TO/binfile",
-                                objs => [ "PATH/TO/objectfile", ... ],
-                                deps => [ "PATH/TO/libfile", ... ]);
-
-                  'bin' has the intended executable filename
-                  *without* extension, obj2bin is expected to add
-                  that.  'objs' has the list of object files to build
-                  this library.  'deps' has the list of library files
-                  (also *without* extension) that the programs needs
-                  to be linked with.
-
-    in2script   - function that produces build file lines to build a
-                  script file from some input.
-
-                  called like this:
-
-                        in2script(script => "PATH/TO/scriptfile",
-                                  sources => [ "PATH/TO/infile", ... ]);
-
-                  'script' has the intended script filename.
-                  'sources' has the list of source files to build the
-                  resulting script from.
-
-In all cases, file file paths are relative to the build tree top, and
-the build file actions run with the build tree top as current working
-directory.
-
-Make sure to end the section with these functions with a string that
-you thing is appropriate for the resulting build file.  If nothing
-else, end it like this:
-
-      "";       # Make sure no lingering values end up in the Makefile
-    -}
-
-Configure helper scripts
-========================
-
-Configure uses helper scripts in this directory:
-
-Checker scripts
---------------
-
-These scripts are per platform family, to check the integrity of the
-tools used for configuration and building.  The checker script used is
-either `{build_platform}-{build_file}-checker.pm` or
-`{build_platform}-checker.pm`, where `{build_platform}` is the second
-`build_scheme` list element from the configuration target data, and
-`{build_file}` is `build_file` from the same target data.
-
-If the check succeeds, the script is expected to end with a non-zero
-expression.  If the check fails, the script can end with a zero, or
-with a `die`.
--- a/Configurations/common.tmpl
+++ b/Configurations/common.tmpl
@@ -0,0 +1,221 @@
+{- # -*- Mode: perl -*-
+
+ use File::Basename;
+
+ # A cache of objects for which a recipe has already been generated
+ my %cache;
+
+ # resolvedepends and reducedepends work in tandem to make sure
+ # there are no duplicate dependencies and that they are in the
+ # right order.  This is especially used to sort the list of
+ # libraries that a build depends on.
+ sub extensionlesslib {
+     my @result = map { $_ =~ /(\.a)?$/; $` } @_;
+     return @result if wantarray;
+     return $result[0];
+ }
+ sub resolvedepends {
+     my $thing = shift;
+     my $extensionlessthing = extensionlesslib($thing);
+     my @listsofar = @_;    # to check if we're looping
+     my @list = @{$unified_info{depends}->{$thing} //
+                      $unified_info{depends}->{$extensionlessthing}};
+     my @newlist = ();
+     if (scalar @list) {
+         foreach my $item (@list) {
+             my $extensionlessitem = extensionlesslib($item);
+             # It's time to break off when the dependency list starts looping
+             next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
+             push @newlist, $item, resolvedepends($item, @listsofar, $item);
+         }
+     }
+     @newlist;
+ }
+ sub reducedepends {
+     my @list = @_;
+     my @newlist = ();
+     my %replace = ();
+     while (@list) {
+         my $item = shift @list;
+         my $extensionlessitem = extensionlesslib($item);
+         if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
+             if ($item ne $extensionlessitem) {
+                 # If this instance of the library is explicitly static, we
+                 # prefer that to any shared library name, since it must have
+                 # been done on purpose.
+                 $replace{$extensionlessitem} = $item;
+             }
+         } else {
+             push @newlist, $item;
+         }
+     }
+     map { $replace{$_} // $_; } @newlist;
+ }
+
+ # is_installed checks if a given file will be installed (i.e. they are
+ # not defined _NO_INST in build.info)
+ sub is_installed {
+     my $product = shift;
+     if (grep { $product eq $_ }
+         map { (@{$unified_info{install}->{$_}}) }
+         keys %{$unified_info{install}}) {
+         return 1;
+     }
+     return 0;
+ }
+
+ # dogenerate is responsible for producing all the recipes that build
+ # generated source files.  It recurses in case a dependency is also a
+ # generated source file.
+ sub dogenerate {
+     my $src = shift;
+     return "" if $cache{$src};
+     my $obj = shift;
+     my $bin = shift;
+     my %opts = @_;
+     if ($unified_info{generate}->{$src}) {
+         die "$src is generated by Configure, should not appear in build file\n"
+             if ref $unified_info{generate}->{$src} eq "";
+         my $script = $unified_info{generate}->{$src}->[0];
+         $OUT .= generatesrc(src => $src,
+                             generator => $unified_info{generate}->{$src},
+                             generator_incs => $unified_info{includes}->{$script},
+                             generator_deps => $unified_info{depends}->{$script},
+                             deps => $unified_info{depends}->{$src},
+                             incs => $unified_info{includes}->{$obj},
+                             %opts);
+         foreach (@{$unified_info{depends}->{$src}}) {
+             dogenerate($_, $obj, $bin, %opts);
+         }
+     }
+     $cache{$src} = 1;
+ }
+
+ # doobj is responsible for producing all the recipes that build
+ # object files as well as dependency files.
+ sub doobj {
+     my $obj = shift;
+     return "" if $cache{$obj};
+     my $bin = shift;
+     my %opts = @_;
+     if (@{$unified_info{sources}->{$obj}}) {
+         $OUT .= src2obj(obj => $obj,
+                         product => $bin,
+                         srcs => $unified_info{sources}->{$obj},
+                         deps => $unified_info{depends}->{$obj},
+                         incs => $unified_info{includes}->{$obj},
+                         %opts);
+         foreach ((@{$unified_info{sources}->{$obj}},
+                   @{$unified_info{depends}->{$obj}})) {
+             dogenerate($_, $obj, $bin, %opts);
+         }
+     }
+     $cache{$obj} = 1;
+ }
+
+ # dolib is responsible for building libraries.  It will call
+ # libobj2shlib is shared libraries are produced, and obj2lib in all
+ # cases.  It also makes sure all object files for the library are
+ # built.
+ sub dolib {
+     my $lib = shift;
+     return "" if $cache{$lib};
+     unless ($disabled{shared} || $lib =~ /\.a$/) {
+         $OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib},
+                              lib => $lib,
+                              objs => [ @{$unified_info{shared_sources}->{$lib}},
+                                        @{$unified_info{sources}->{$lib}} ],
+                              deps => [ reducedepends(resolvedepends($lib)) ],
+                              installed => is_installed($lib));
+         foreach ((@{$unified_info{shared_sources}->{$lib}},
+                   @{$unified_info{sources}->{$lib}})) {
+             # If this is somehow a compiled object, take care of it that way
+             # Otherwise, it might simply be generated
+             if (defined $unified_info{sources}->{$_}) {
+                 doobj($_, $lib, intent => "lib", installed => is_installed($lib));
+             } else {
+                 dogenerate($_, undef, undef, intent => "lib");
+             }
+         }
+     }
+     $OUT .= obj2lib(lib => $lib,
+                     objs => [ @{$unified_info{sources}->{$lib}} ]);
+     foreach (@{$unified_info{sources}->{$lib}}) {
+         doobj($_, $lib, intent => "lib", installed => is_installed($lib));
+     }
+     $cache{$lib} = 1;
+ }
+
+ # doengine is responsible for building engines.  It will call
+ # obj2dso, and also makes sure all object files for the library
+ # are built.
+ sub doengine {
+     my $lib = shift;
+     return "" if $cache{$lib};
+     $OUT .= obj2dso(lib => $lib,
+                     objs => [ @{$unified_info{sources}->{$lib}},
+                               @{$unified_info{shared_sources}->{$lib}} ],
+                     deps => [ resolvedepends($lib) ],
+                     installed => is_installed($lib));
+     foreach ((@{$unified_info{sources}->{$lib}},
+               @{$unified_info{shared_sources}->{$lib}})) {
+         doobj($_, $lib, intent => "dso", installed => is_installed($lib));
+     }
+     $cache{$lib} = 1;
+ }
+
+ # dobin is responsible for building programs.  It will call obj2bin,
+ # and also makes sure all object files for the library are built.
+ sub dobin {
+     my $bin = shift;
+     return "" if $cache{$bin};
+     my $deps = [ reducedepends(resolvedepends($bin)) ];
+     $OUT .= obj2bin(bin => $bin,
+                     objs => [ @{$unified_info{sources}->{$bin}} ],
+                     deps => $deps,
+                     installed => is_installed($bin));
+     foreach (@{$unified_info{sources}->{$bin}}) {
+         doobj($_, $bin, intent => "bin", installed => is_installed($bin));
+     }
+     $cache{$bin} = 1;
+ }
+
+ # dobin is responsible for building scripts from templates.  It will
+ # call in2script.
+ sub doscript {
+     my $script = shift;
+     return "" if $cache{$script};
+     $OUT .= in2script(script => $script,
+                       sources => $unified_info{sources}->{$script},
+                       installed => is_installed($script));
+     $cache{$script} = 1;
+ }
+
+ sub dodir {
+     my $dir = shift;
+     return "" if !exists(&generatedir) or $cache{$dir};
+     $OUT .= generatedir(dir => $dir,
+                         deps => $unified_info{dirinfo}->{$dir}->{deps},
+                         %{$unified_info{dirinfo}->{$_}->{products}});
+     $cache{$dir} = 1;
+ }
+
+ # Start with populating the cache with all the overrides
+ %cache = map { $_ => 1 } @{$unified_info{overrides}};
+
+ # Build mandatory generated headers
+ foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
+
+ # Build all known libraries, engines, programs and scripts.
+ # Everything else will be handled as a consequence.
+ foreach (@{$unified_info{libraries}}) { dolib($_);    }
+ foreach (@{$unified_info{engines}})   { doengine($_); }
+ foreach (@{$unified_info{programs}})  { dobin($_);    }
+ foreach (@{$unified_info{scripts}})   { doscript($_); }
+
+ foreach (sort keys %{$unified_info{dirinfo}})  { dodir($_); }
+
+ # Finally, should there be any applicable BEGINRAW/ENDRAW sections,
+ # they are added here.
+ $OUT .= $_."\n" foreach @{$unified_info{rawlines}};
+-}
--- a/Configurations/common0.tmpl
+++ b/Configurations/common0.tmpl
@@ -22,7 +22,7 @@
 our @generated =
     sort ( ( grep { defined $unified_info{generate}->{$_} }
              sort keys %generatables ),
-            # Scripts are assumed to be generated, so add them too
+            # Scripts are assumed to be generated, so add thhem too
            ( grep { defined $unified_info{sources}->{$_} }
              @{$unified_info{scripts}} ) );

--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
--- a/Configurations/dist.conf
+++ b/Configurations/dist.conf
@@ -0,0 +1,12 @@
+## -*- mode: perl; -*-
+## Build configuration targets for openssl-team members
+
+# This is to support 'make dist'
+my %targets = (
+    "dist" => {
+        inherit_from     => [ 'BASE_unix' ],
+        CC               => "cc",
+        CFLAGS           => "-O",
+        thread_scheme    => "(unknown)",
+    },
+);
--- a/Configurations/gentemplate.pm
+++ b/Configurations/gentemplate.pm
@@ -1,556 +0,0 @@
-package gentemplate;
-
-use strict;
-use warnings;
-use Carp;
-
-use Exporter;
-use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
-@ISA = qw(Exporter);
-@EXPORT = qw(gentemplate);
-
-use File::Basename;
-
-sub gentemplate {
-    my %opts = @_;
-
-    my $generator = OpenSSL::GenTemplate->new(%opts);
-
-    # Build mandatory header file generators
-    foreach (@{$generator->{info}->{depends}->{""}}) { $generator->dogenerate($_); }
-
-    # Build all known targets, libraries, modules, programs and scripts.
-    # Everything else will be handled as a consequence.
-    foreach (@{$generator->{info}->{targets}})   { $generator->dotarget($_); }
-    foreach (@{$generator->{info}->{libraries}}) { $generator->dolib($_);    }
-    foreach (@{$generator->{info}->{modules}})   { $generator->domodule($_); }
-    foreach (@{$generator->{info}->{programs}})  { $generator->dobin($_);    }
-    foreach (@{$generator->{info}->{scripts}})   { $generator->doscript($_); }
-    foreach (sort keys %{$generator->{info}->{htmldocs}}) { $generator->dodocs('html', $_); }
-    foreach (sort keys %{$generator->{info}->{mandocs}})  { $generator->dodocs('man', $_); }
-    foreach (sort keys %{$generator->{info}->{dirinfo}})  { $generator->dodir($_); }
-}
-
-package OpenSSL::GenTemplate;
-
-use OpenSSL::Util;
-
-sub new {
-    my $class = shift;
-    my %opts = @_;
-
-    my $data = {
-        output   => $opts{output},
-        config   => $opts{config} // {},
-        disabled => $opts{disabled} // {},
-        info     => $opts{unified_info} // {},
-    };
-
-    return bless $data, $class;
-};
-
-sub emit {
-    my $self = shift;
-    my $name = shift;
-    my %opts = @_;
-    my $fh = $self->{output};
-
-    die "No name?" unless $name;
-    print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}"
-        unless defined $opts{attrs}->{skip};
-}
-
-my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS};
-my $debug_rules = $ENV{BUILDFILE_DEBUG_RULES};
-
-# A cache of objects for which a recipe has already been generated
-our %cache;
-
-# collectdepends, expanddepends and reducedepends work together to make
-# sure there are no duplicate or weak dependencies and that they are in
-# the right order.  This is used to sort the list of libraries  that a
-# build depends on.
-sub extensionlesslib {
-    my @result = map { $_ =~ /(\.a)?$/; $` } @_;
-    return @result if wantarray;
-    return $result[0];
-}
-
-# collectdepends dives into the tree of dependencies and returns
-# a list of all the non-weak ones.
-sub collectdepends {
-    my $self = shift;
-    return () unless @_;
-
-    my $thing = shift;
-    my $extensionlessthing = extensionlesslib($thing);
-    my @listsofar = @_;    # to check if we're looping
-    my @list = @{ $self->{info}->{depends}->{$thing} //
-                  $self->{info}->{depends}->{$extensionlessthing}
-                  // [] };
-    my @newlist = ();
-
-    print STDERR "DEBUG[collectdepends] $thing > ", join(' ', @listsofar), "\n"
-        if $debug_resolvedepends;
-    foreach my $item (@list) {
-        my $extensionlessitem = extensionlesslib($item);
-        # It's time to break off when the dependency list starts looping
-        next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
-        # Don't add anything here if the dependency is weak
-        next if defined $self->{info}->{attributes}->{depends}->{$thing}->{$item}->{'weak'};
-        my @resolved = $self->collectdepends($item, @listsofar, $item);
-        push @newlist, $item, @resolved;
-    }
-    print STDERR "DEBUG[collectdepends] $thing < ", join(' ', @newlist), "\n"
-        if $debug_resolvedepends;
-    @newlist;
-}
-
-# expanddepends goes through a list of stuff, checks if they have any
-# dependencies, and adds them at the end of the current position if
-# they aren't already present later on.
-sub expanddepends {
-    my $self = shift;
-    my @after = ( @_ );
-    print STDERR "DEBUG[expanddepends]> ", join(' ', @after), "\n"
-        if $debug_resolvedepends;
-    my @before = ();
-    while (@after) {
-        my $item = shift @after;
-        print STDERR "DEBUG[expanddepends]\\  ", join(' ', @before), "\n"
-            if $debug_resolvedepends;
-        print STDERR "DEBUG[expanddepends] - ", $item, "\n"
-            if $debug_resolvedepends;
-        my @middle = (
-            $item,
-            map {
-                my $x = $_;
-                my $extlessx = extensionlesslib($x);
-                if (grep { $extlessx eq extensionlesslib($_) } @before
-                    and
-                    !grep { $extlessx eq extensionlesslib($_) } @after) {
-                    print STDERR "DEBUG[expanddepends] + ", $x, "\n"
-                        if $debug_resolvedepends;
-                    ( $x )
-                } else {
-                    print STDERR "DEBUG[expanddepends] ! ", $x, "\n"
-                        if $debug_resolvedepends;
-                    ()
-                }
-            } @{$self->{info}->{depends}->{$item} // []}
-            );
-        print STDERR "DEBUG[expanddepends] = ", join(' ', @middle), "\n"
-            if $debug_resolvedepends;
-        print STDERR "DEBUG[expanddepends]/  ", join(' ', @after), "\n"
-            if $debug_resolvedepends;
-        push @before, @middle;
-    }
-    print STDERR "DEBUG[expanddepends]< ", join(' ', @before), "\n"
-        if $debug_resolvedepends;
-    @before;
-}
-
-# reducedepends looks through a list, and checks if each item is
-# repeated later on.  If it is, the earlier copy is dropped.
-sub reducedepends {
-    my @list = @_;
-    print STDERR "DEBUG[reducedepends]> ", join(' ', @list), "\n"
-        if $debug_resolvedepends;
-    my @newlist = ();
-    my %replace = ();
-    while (@list) {
-        my $item = shift @list;
-        my $extensionlessitem = extensionlesslib($item);
-        if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
-            if ($item ne $extensionlessitem) {
-                # If this instance of the library is explicitly static, we
-                # prefer that to any shared library name, since it must have
-                # been done on purpose.
-                $replace{$extensionlessitem} = $item;
-            }
-        } else {
-            push @newlist, $item;
-        }
-    }
-    @newlist = map { $replace{$_} // $_; } @newlist;
-    print STDERR "DEBUG[reducedepends]< ", join(' ', @newlist), "\n"
-        if $debug_resolvedepends;
-    @newlist;
-}
-
-# Do it all
-# This takes multiple inputs and combine them into a single list of
-# interdependent things.  The returned value will include all the input.
-# Callers are responsible for taking away the things they are building.
-sub resolvedepends {
-    my $self = shift;
-    print STDERR "DEBUG[resolvedepends] START (", join(', ', @_), ")\n"
-        if $debug_resolvedepends;
-    my @all =
-        reducedepends($self->expanddepends(map { ( $_, $self->collectdepends($_) ) } @_));
-    print STDERR "DEBUG[resolvedepends] END (", join(', ', @_), ") : ",
-        join(',', map { "\n    $_" } @all), "\n"
-        if $debug_resolvedepends;
-    @all;
-}
-
-# dogenerate is responsible for producing all the recipes that build
-# generated source files.  It recurses in case a dependency is also a
-# generated source file.
-sub dogenerate {
-    my $self = shift;
-    my $src = shift;
-    # Safety measure
-    return "" unless defined $self->{info}->{generate}->{$src};
-    return "" if $cache{$src};
-    my $obj = shift;
-    my $bin = shift;
-    my %opts = @_;
-    if ($self->{info}->{generate}->{$src}) {
-        die "$src is generated by Configure, should not appear in build file\n"
-            if ref $self->{info}->{generate}->{$src} eq "";
-        my $script = $self->{info}->{generate}->{$src}->[0];
-        my %attrs = %{$self->{info}->{attributes}->{generate}->{$src} // {}};
-        $self->emit('generatesrc',
-             src => $src,
-             product => $bin,
-             generator => $self->{info}->{generate}->{$src},
-             generator_incs => $self->{info}->{includes}->{$script} // [],
-             generator_deps => $self->{info}->{depends}->{$script} // [],
-             deps => $self->{info}->{depends}->{$src} // [],
-             incs => [ defined $obj ? @{$self->{info}->{includes}->{$obj} // []} : (),
-                       defined $bin ? @{$self->{info}->{includes}->{$bin} // []} : () ],
-             defs => [ defined $obj ? @{$self->{info}->{defines}->{$obj} // []} : (),
-                       defined $bin ? @{$self->{info}->{defines}->{$bin} // []} : () ],
-             attrs => { %attrs },
-             %opts);
-        foreach (@{$self->{info}->{depends}->{$src} // []}) {
-            $self->dogenerate($_, $obj, $bin, %opts);
-        }
-        # The generator itself may be is generated
-        if ($self->{info}->{generate}->{$script}) {
-            $self->dogenerate($script, $obj, $bin, %opts);
-        }
-    }
-    $cache{$src} = 1;
-}
-
-sub dotarget {
-    my $self = shift;
-    my $target = shift;
-    return "" if $cache{$target};
-    $self->emit('generatetarget',
-         target => $target,
-         deps => $self->{info}->{depends}->{$target} // []);
-    foreach (@{$self->{info}->{depends}->{$target} // []}) {
-        $self->dogenerate($_);
-    }
-    $cache{$target} = 1;
-}
-
-# doobj is responsible for producing all the recipes that build
-# object files as well as dependency files.
-sub doobj {
-    my $self = shift;
-    my $obj = shift;
-    return "" if $cache{$obj};
-    my $bin = shift;
-    my %opts = @_;
-    if (@{$self->{info}->{sources}->{$obj} // []}) {
-        my @srcs = @{$self->{info}->{sources}->{$obj}};
-        my @deps = @{$self->{info}->{depends}->{$obj} // []};
-        my @incs = ( @{$self->{info}->{includes}->{$obj} // []},
-                     @{$self->{info}->{includes}->{$bin} // []} );
-        my @defs = ( @{$self->{info}->{defines}->{$obj} // []},
-                     @{$self->{info}->{defines}->{$bin} // []} );
-        print STDERR "DEBUG[doobj] \@srcs for $obj ($bin) : ",
-            join(",", map { "\n    $_" } @srcs), "\n"
-            if $debug_rules;
-        print STDERR "DEBUG[doobj] \@deps for $obj ($bin) : ",
-            join(",", map { "\n    $_" } @deps), "\n"
-            if $debug_rules;
-        print STDERR "DEBUG[doobj] \@incs for $obj ($bin) : ",
-            join(",", map { "\n    $_" } @incs), "\n"
-            if $debug_rules;
-        print STDERR "DEBUG[doobj] \@defs for $obj ($bin) : ",
-            join(",", map { "\n    $_" } @defs), "\n"
-            if $debug_rules;
-        print STDERR "DEBUG[doobj] \%opts for $obj ($bin) : ", ,
-            join(",", map { "\n    $_ = $opts{$_}" } sort keys %opts), "\n"
-            if $debug_rules;
-        $self->emit('src2obj',
-             obj => $obj, product => $bin,
-             srcs => [ @srcs ], deps => [ @deps ],
-             incs => [ @incs ], defs => [ @defs ],
-             %opts);
-        foreach ((@{$self->{info}->{sources}->{$obj}},
-                  @{$self->{info}->{depends}->{$obj} // []})) {
-            $self->dogenerate($_, $obj, $bin, %opts);
-        }
-    }
-    $cache{$obj} = 1;
-}
-
-# Helper functions to grab all applicable intermediary files.
-# This is particularly useful when a library is given as source
-# rather than a dependency.  In that case, we consider it to be a
-# container with object file references, or possibly references
-# to further libraries to pilfer in the same way.
-sub getsrclibs {
-    my $self = shift;
-    my $section = shift;
-
-    # For all input, see if it sources static libraries.  If it does,
-    # return them together with the result of a recursive call.
-    map { ( $_, getsrclibs($section, $_) ) }
-    grep { $_ =~ m|\.a$| }
-    map { @{$self->{info}->{$section}->{$_} // []} }
-    @_;
-}
-
-sub getlibobjs {
-    my $self = shift;
-    my $section = shift;
-
-    # For all input, see if it's an intermediary file (library or object).
-    # If it is, collect the result of a recursive call, or if that returns
-    # an empty list, the element itself.  Return the result.
-    map {
-        my @x = $self->getlibobjs($section, @{$self->{info}->{$section}->{$_}});
-        @x ? @x : ( $_ );
-    }
-    grep { defined $self->{info}->{$section}->{$_} }
-    @_;
-}
-
-# dolib is responsible for building libraries.  It will call
-# obj2shlib if shared libraries are produced, and obj2lib in all
-# cases.  It also makes sure all object files for the library are
-# built.
-sub dolib {
-    my $self = shift;
-    my $lib = shift;
-    return "" if $cache{$lib};
-
-    my %attrs = %{$self->{info}->{attributes}->{libraries}->{$lib} // {}};
-
-    my @deps = ( $self->resolvedepends(getsrclibs('sources', $lib)) );
-
-    # We support two types of objs, those who are specific to this library
-    # (they end up in @objs) and those that we get indirectly, via other
-    # libraries (they end up in @foreign_objs).  We get the latter any time
-    # someone has done something like this in build.info:
-    #     SOURCE[libfoo.a]=libbar.a
-    # The indirect object files must be kept in a separate array so they
-    # don't get rebuilt unnecessarily (and with incorrect auxiliary
-    # information).
-    #
-    # Object files can't be collected commonly for shared and static
-    # libraries, because we contain their respective object files in
-    # {shared_sources} and {sources}, and because the implications are
-    # slightly different for each library form.
-    #
-    # We grab all these "foreign" object files recursively with getlibobjs().
-
-    unless ($self->{disabled}->{shared} || $lib =~ /\.a$/) {
-        # If this library sources other static libraries and those
-        # libraries are marked {noinst}, there's no need to include
-        # all of their object files.  Instead, we treat those static
-        # libraries as dependents alongside any other library this
-        # one depends on, and let symbol resolution do its job.
-        my @sourced_libs = ();
-        my @objs = ();
-        my @foreign_objs = ();
-        my @deps = ();
-        foreach (@{$self->{info}->{shared_sources}->{$lib} // []}) {
-            if ($_ !~ m|\.a$|) {
-                push @objs, $_;
-            } elsif ($self->{info}->{attributes}->{libraries}->{$_}->{noinst}) {
-                push @deps, $_;
-            } else {
-                push @deps, $self->getsrclibs('sources', $_);
-                push @foreign_objs, $self->getlibobjs('sources', $_);
-            }
-        }
-        @deps = ( grep { $_ ne $lib } $self->resolvedepends($lib, @deps) );
-        print STDERR "DEBUG[dolib:shlib] \%attrs for $lib : ", ,
-            join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-            if %attrs && $debug_rules;
-        print STDERR "DEBUG[dolib:shlib] \@deps for $lib : ",
-            join(",", map { "\n    $_" } @deps), "\n"
-            if @deps && $debug_rules;
-        print STDERR "DEBUG[dolib:shlib] \@objs for $lib : ",
-            join(",", map { "\n    $_" } @objs), "\n"
-            if @objs && $debug_rules;
-        print STDERR "DEBUG[dolib:shlib] \@foreign_objs for $lib : ",
-            join(",", map { "\n    $_" } @foreign_objs), "\n"
-            if @foreign_objs && $debug_rules;
-        $self->emit('obj2shlib',
-             lib => $lib,
-             attrs => { %attrs },
-             objs => [ @objs, @foreign_objs ],
-             deps => [ @deps ]);
-        foreach (@objs) {
-            # If this is somehow a compiled object, take care of it that way
-            # Otherwise, it might simply be generated
-            if (defined $self->{info}->{sources}->{$_}) {
-                if($_ =~ /\.a$/) {
-                    $self->dolib($_);
-                } else {
-                    $self->doobj($_, $lib, intent => "shlib", attrs => { %attrs });
-                }
-            } else {
-                $self->dogenerate($_, undef, undef, intent => "lib");
-            }
-        }
-    }
-    {
-        # When putting static libraries together, we cannot rely on any
-        # symbol resolution, so for all static libraries used as source for
-        # this one, as well as other libraries they depend on, we simply
-        # grab all their object files unconditionally,
-        # Symbol resolution will happen when any program, module or shared
-        # library is linked with this one.
-        my @objs = ();
-        my @sourcedeps = ();
-        my @foreign_objs = ();
-        foreach (@{$self->{info}->{sources}->{$lib}}) {
-            if ($_ !~ m|\.a$|) {
-                push @objs, $_;
-            } else {
-                push @sourcedeps, $_;
-            }
-        }
-        @sourcedeps = ( grep { $_ ne $lib } $self->resolvedepends(@sourcedeps) );
-        print STDERR "DEBUG[dolib:lib] : \@sourcedeps for $_ : ",
-            join(",", map { "\n    $_" } @sourcedeps), "\n"
-            if @sourcedeps && $debug_rules;
-        @foreign_objs = $self->getlibobjs('sources', @sourcedeps);
-        print STDERR "DEBUG[dolib:lib] \%attrs for $lib : ", ,
-            join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-            if %attrs && $debug_rules;
-        print STDERR "DEBUG[dolib:lib] \@objs for $lib : ",
-            join(",", map { "\n    $_" } @objs), "\n"
-            if @objs && $debug_rules;
-        print STDERR "DEBUG[dolib:lib] \@foreign_objs for $lib : ",
-            join(",", map { "\n    $_" } @foreign_objs), "\n"
-            if @foreign_objs && $debug_rules;
-        $self->emit('obj2lib',
-             lib => $lib, attrs => { %attrs },
-             objs => [ @objs, @foreign_objs ]);
-        foreach (@objs) {
-            $self->doobj($_, $lib, intent => "lib", attrs => { %attrs });
-        }
-    }
-    $cache{$lib} = 1;
-}
-
-# domodule is responsible for building modules.  It will call
-# obj2dso, and also makes sure all object files for the library
-# are built.
-sub domodule {
-    my $self = shift;
-    my $module = shift;
-    return "" if $cache{$module};
-    my %attrs = %{$self->{info}->{attributes}->{modules}->{$module} // {}};
-    my @objs = @{$self->{info}->{sources}->{$module}};
-    my @deps = ( grep { $_ ne $module }
-                 $self->resolvedepends($module) );
-    print STDERR "DEBUG[domodule] \%attrs for $module :",
-        join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-        if $debug_rules;
-    print STDERR "DEBUG[domodule] \@objs for $module : ",
-        join(",", map { "\n    $_" } @objs), "\n"
-        if $debug_rules;
-    print STDERR "DEBUG[domodule] \@deps for $module : ",
-        join(",", map { "\n    $_" } @deps), "\n"
-        if $debug_rules;
-    $self->emit('obj2dso',
-         module => $module,
-         attrs => { %attrs },
-         objs => [ @objs ],
-         deps => [ @deps ]);
-    foreach (@{$self->{info}->{sources}->{$module}}) {
-        # If this is somehow a compiled object, take care of it that way
-        # Otherwise, it might simply be generated
-        if (defined $self->{info}->{sources}->{$_}) {
-            $self->doobj($_, $module, intent => "dso", attrs => { %attrs });
-        } else {
-            $self->dogenerate($_, undef, $module, intent => "dso");
-        }
-    }
-    $cache{$module} = 1;
-}
-
-# dobin is responsible for building programs.  It will call obj2bin,
-# and also makes sure all object files for the library are built.
-sub dobin {
-    my $self = shift;
-    my $bin = shift;
-    return "" if $cache{$bin};
-    my %attrs = %{$self->{info}->{attributes}->{programs}->{$bin} // {}};
-    my @objs = @{$self->{info}->{sources}->{$bin}};
-    my @deps = ( grep { $_ ne $bin } $self->resolvedepends($bin) );
-    print STDERR "DEBUG[dobin] \%attrs for $bin : ",
-        join(",", map { "\n    $_ = $attrs{$_}" } sort keys %attrs), "\n"
-        if %attrs && $debug_rules;
-    print STDERR "DEBUG[dobin] \@objs for $bin : ",
-        join(",", map { "\n    $_" } @objs), "\n"
-        if @objs && $debug_rules;
-    print STDERR "DEBUG[dobin] \@deps for $bin : ",
-        join(",", map { "\n    $_" } @deps), "\n"
-        if @deps && $debug_rules;
-    $self->emit('obj2bin',
-         bin => $bin,
-         attrs => { %attrs },
-         objs => [ @objs ],
-         deps => [ @deps ]);
-    foreach (@objs) {
-        $self->doobj($_, $bin, intent => "bin", attrs => { %attrs });
-    }
-    $cache{$bin} = 1;
-}
-
-# doscript is responsible for building scripts from templates.  It will
-# call in2script.
-sub doscript {
-    my $self = shift;
-    my $script = shift;
-    return "" if $cache{$script};
-    $self->emit('in2script',
-         script => $script,
-         attrs => $self->{info}->{attributes}->{scripts}->{$script} // {},
-         sources => $self->{info}->{sources}->{$script});
-    $cache{$script} = 1;
-}
-
-sub dodir {
-    my $self = shift;
-    my $dir = shift;
-    return "" if !exists(&generatedir) or $cache{$dir};
-    $self->emit('generatedir',
-         dir => $dir,
-         deps => $self->{info}->{dirinfo}->{$dir}->{deps} // [],
-         %{$self->{info}->{dirinfo}->{$_}->{products}});
-    $cache{$dir} = 1;
-}
-
-# dodocs is responsible for building documentation from .pods.
-# It will call generatesrc.
-sub dodocs {
-    my $self = shift;
-    my $type = shift;
-    my $section = shift;
-    foreach my $doc (@{$self->{info}->{"${type}docs"}->{$section}}) {
-        next if $cache{$doc};
-        $self->emit('generatesrc',
-             src => $doc,
-             generator => $self->{info}->{generate}->{$doc});
-        foreach ((@{$self->{info}->{depends}->{$doc} // []})) {
-            $self->dogenerate($_, undef, undef);
-        }
-        $cache{$doc} = 1;
-    }
-}
-
-1;
--- a/Configurations/platform.pm
+++ b/Configurations/platform.pm
@@ -1,18 +0,0 @@
-package platform;
-
-use strict;
-use warnings;
-use vars qw(@ISA);
-
-# Callers must make sure @INC has the build directory
-use configdata;
-
-my $module = $target{perl_platform} || 'Unix';
-(my $module_path = $module) =~ s|::|/|g;
-
-require "platform/$module_path.pm";
-@ISA = ("platform::$module");
-
-1;
-
-__END__
--- a/Configurations/platform/AIX.pm
+++ b/Configurations/platform/AIX.pm
@@ -1,47 +0,0 @@
-package platform::AIX;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::Unix;
-@ISA = qw(platform::Unix);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub dsoext              { '.so' }
-sub shlibextsimple      { return '.so' if $target{shared_target} eq "aix-solib";
-			  '.a'}
-
-# In shared mode, the default static library names clashes with the final
-# "simple" full shared library name, so we add '_a' to the basename of the
-# static libraries in that case, unless in solib mode (using only .so
-# files for shared libraries, and not packaging them inside archives)
-sub staticname {
-    return platform::Unix->staticname($_[1]) if $target{shared_target} eq "aix-solib";
-
-    # Non-installed libraries are *always* static, and their names remain
-    # the same, except for the mandatory extension
-    my $in_libname = platform::BASE->staticname($_[1]);
-    return $in_libname
-        if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
-
-    return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a');
-}
-
-# In solib mode, we do not install the simple symlink (we install the import
-# library).  In regular mode, we install the symlink.
-sub sharedlib_simple {
-    return undef if $target{shared_target} eq "aix-solib";
-    return platform::Unix->sharedlib_simple($_[1], $_[0]->shlibextsimple());
-}
-
-# In solib mode, we install the import library.  In regular mode, we have
-# no import library.
-sub sharedlib_import {
-    return platform::Unix->sharedlib_simple($_[1]) if $target{shared_target} eq "aix-solib";
-    return undef;
-}
--- a/Configurations/platform/BASE.pm
+++ b/Configurations/platform/BASE.pm
@@ -1,99 +0,0 @@
-package platform::BASE;
-
-use strict;
-use warnings;
-use Carp;
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-# Globally defined "platform specific" extensions, available for uniformity
-sub depext      { '.d' }
-
-# Functions to convert internal file representations to platform specific
-# ones.  Note that these all depend on extension functions that MUST be
-# defined per platform.
-#
-# Currently known internal or semi-internal extensions are:
-#
-# .a            For libraries that are made static only.
-#               Internal libraries only.
-# .o            For object files.
-# .s, .S        Assembler files.  This is an actual extension on Unix
-# .res          Resource file.  This is an actual extension on Windows
-
-sub binname     { return $_[1] } # Name of executable binary
-sub dsoname     { return $_[1] } # Name of dynamic shared object (DSO)
-sub sharedname  { return __isshared($_[1]) ? $_[1] : undef } # Name of shared lib
-sub staticname  { return __base($_[1], '.a') } # Name of static lib
-
-# Convenience function to convert the shlib version to an acceptable part
-# of a file or directory name.  By default, we consider it acceptable as is.
-sub shlib_version_as_filename { return $config{shlib_version} }
-
-# Convenience functions to convert the possible extension of an input file name
-sub bin         { return $_[0]->binname($_[1]) . $_[0]->binext() }
-sub dso         { return $_[0]->dsoname($_[1]) . $_[0]->dsoext() }
-sub sharedlib   { return __concat($_[0]->sharedname($_[1]), $_[0]->shlibext()) }
-sub staticlib   { return $_[0]->staticname($_[1]) . $_[0]->libext() }
-
-# More convenience functions for intermediary files
-sub def         { return __base($_[1], '.ld') . $_[0]->defext() }
-sub obj         { return __base($_[1], '.o') . $_[0]->objext() }
-sub res         { return __base($_[1], '.res') . $_[0]->resext() }
-sub dep         { return __base($_[1], '.o') . $_[0]->depext() } # <- objname
-sub asm         { return __base($_[1], '.s') . $_[0]->asmext() }
-
-# Another set of convenience functions for standard checks of certain
-# internal extensions and conversion from internal to platform specific
-# extension.  Note that the latter doesn't deal with libraries because
-# of ambivalence
-sub isdef       { return $_[1] =~ m|\.ld$|;   }
-sub isobj       { return $_[1] =~ m|\.o$|;    }
-sub isres       { return $_[1] =~ m|\.res$|;  }
-sub isasm       { return $_[1] =~ m|\.s$|;    }
-sub iscppasm    { return $_[1] =~ m|\.S$|;    }
-sub isstaticlib { return $_[1] =~ m|\.a$|;    }
-sub convertext {
-    if ($_[0]->isdef($_[1]))        { return $_[0]->def($_[1]); }
-    if ($_[0]->isobj($_[1]))        { return $_[0]->obj($_[1]); }
-    if ($_[0]->isres($_[1]))        { return $_[0]->res($_[1]); }
-    if ($_[0]->isasm($_[1]))        { return $_[0]->asm($_[1]); }
-    if ($_[0]->isstaticlib($_[1]))  { return $_[0]->staticlib($_[1]); }
-    return $_[1];
-}
-
-# Helpers ############################################################
-
-# __base EXPR, LIST
-# This returns the given path (EXPR) with the matching suffix from LIST stripped
-sub __base {
-    my $path = shift;
-    foreach (@_) {
-        if ($path =~ m|\Q${_}\E$|) {
-            return $`;
-        }
-    }
-    return $path;
-}
-
-# __isshared EXPR
-# EXPR is supposed to be a library name.  This will return true if that library
-# can be assumed to be a shared library, otherwise false
-sub __isshared {
-    return !($disabled{shared} || $_[0] =~ /\.a$/);
-}
-
-# __concat LIST
-# Returns the concatenation of all elements of LIST if none of them is
-# undefined.  If one of them is undefined, returns undef instead.
-sub __concat {
-    my $result = '';
-    foreach (@_) {
-        return undef unless defined $_;
-        $result .= $_;
-    }
-    return $result;
-}
-
-1;
--- a/Configurations/platform/Cygwin.pm
+++ b/Configurations/platform/Cygwin.pm
@@ -1,22 +0,0 @@
-package platform::Cygwin;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::mingw;
-@ISA = qw(platform::mingw);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub sharedname {
-    my $class = shift;
-    my $lib = platform::mingw->sharedname(@_);
-    $lib =~ s|^lib|cyg| if defined $lib;
-    return $lib;
-}
-
-1;
--- a/Configurations/platform/Unix.pm
+++ b/Configurations/platform/Unix.pm
@@ -1,89 +0,0 @@
-package platform::Unix;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::BASE;
-@ISA = qw(platform::BASE);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub binext              { $target{exe_extension} || '' }
-sub dsoext              { $target{dso_extension} || platform->shlibextsimple()
-                              || '.so' }
-# Because these are also used in scripts and not just Makefile, we must
-# convert $(SHLIB_VERSION_NUMBER) to the actual number.
-sub shlibext            { (my $x = $target{shared_extension}
-                               || '.so.$(SHLIB_VERSION_NUMBER)')
-                              =~ s|\.\$\(SHLIB_VERSION_NUMBER\)
-                                  |.$config{shlib_version}|x;
-                          $x; }
-sub libext              { $target{lib_extension} || '.a' }
-sub defext              { $target{def_extension} || '.ld' }
-sub objext              { $target{obj_extension} || '.o' }
-sub depext              { $target{obj_extension} || '.d' }
-
-# Other extra that aren't defined in platform::BASE
-sub shlibextsimple      { (my $x = $target{shared_extension} || '.so')
-                              =~ s|\.\$\(SHLIB_VERSION_NUMBER\)||;
-                          $x; }
-sub shlibvariant        { $target{shlib_variant} || "" }
-sub makedepcmd          { $disabled{makedepend} ? undef : $config{makedepcmd} }
-
-# No conversion of assembler extension on Unix
-sub asm {
-    return $_[1];
-}
-
-# At some point, we might decide that static libraries are called something
-# other than the default...
-sub staticname {
-    # Non-installed libraries are *always* static, and their names remain
-    # the same, except for the mandatory extension
-    my $in_libname = platform::BASE->staticname($_[1]);
-    return $in_libname
-        if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
-
-    # We currently return the same name anyway...  but we might choose to
-    # append '_static' or '_a' some time in the future.
-    return platform::BASE->staticname($_[1]);
-}
-
-sub sharedname {
-    return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
-                                    ($_[0]->shlibvariant() // ''));
-}
-
-sub sharedname_simple {
-    return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
-}
-
-sub sharedlib_simple {
-    # This function returns the simplified shared library name (no version
-    # or variant in the shared library file name) if the simple variants of
-    # the base name or the suffix differ from the full variants of the same.
-
-    # Note: if $_[1] isn't a shared library name, then $_[0]->sharedname()
-    # and $_[0]->sharedname_simple() will return undef.  This needs being
-    # accounted for.
-    my $name = $_[0]->sharedname($_[1]);
-    my $simplename = $_[0]->sharedname_simple($_[1]);
-    my $ext = $_[0]->shlibext();
-    # Allow override of the extension passed in as parameter
-    my $simpleext = $_[2];
-    $simpleext = $_[0]->shlibextsimple() unless defined $simpleext;
-
-    return undef unless defined $simplename && defined $name;
-    return undef if ($name eq $simplename && $ext eq $simpleext);
-    return platform::BASE::__concat($simplename, $simpleext);
-}
-
-sub sharedlib_import {
-    return undef;
-}
-
-1;
--- a/Configurations/platform/VMS.pm
+++ b/Configurations/platform/VMS.pm
@@ -1,65 +0,0 @@
-package platform::VMS;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::BASE;
-@ISA = qw(platform::BASE);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-# VMS has a cultural standard where all installed libraries are prefixed.
-# For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a
-# conversation with VSI, Tuesday January 26 2016)
-sub osslprefix          { 'OSSL$' }
-
-sub binext              { '.EXE' }
-sub dsoext              { '.EXE' }
-sub shlibext            { '.EXE' }
-sub libext              { '.OLB' }
-sub defext              { '.OPT' }
-sub objext              { '.OBJ' }
-sub depext              { '.D' }
-sub asmext              { '.ASM' }
-
-# Other extra that aren't defined in platform::BASE
-sub shlibvariant        { $target{shlib_variant} || '' }
-
-sub optext              { '.OPT' }
-sub optname             { return $_[1] }
-sub opt                 { return $_[0]->optname($_[1]) . $_[0]->optext() }
-
-# Other projects include the pointer size in the name of installed libraries,
-# so we do too.
-sub staticname {
-    # Non-installed libraries are *always* static, and their names remain
-    # the same, except for the mandatory extension
-    my $in_libname = platform::BASE->staticname($_[1]);
-    return $in_libname
-        if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
-
-    return platform::BASE::__concat($_[0]->osslprefix(),
-                                    platform::BASE->staticname($_[1]),
-                                    $target{pointer_size});
-}
-
-# To enable installation of multiple major OpenSSL releases, we include the
-# version number in installed shared library names.
-my $sover_filename =
-    join('', map { sprintf "%02d", $_ } split(m|\.|, $config{shlib_version}));
-sub shlib_version_as_filename {
-    return $sover_filename;
-}
-sub sharedname {
-    return platform::BASE::__concat($_[0]->osslprefix(),
-                                    platform::BASE->sharedname($_[1]),
-                                    $_[0]->shlib_version_as_filename(),
-                                    ($_[0]->shlibvariant() // ''),
-                                    "_shr$target{pointer_size}");
-}
-
-1;
--- a/Configurations/platform/Windows.pm
+++ b/Configurations/platform/Windows.pm
@@ -1,64 +0,0 @@
-package platform::Windows;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::BASE;
-@ISA = qw(platform::BASE);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub binext              { '.exe' }
-sub dsoext              { '.dll' }
-sub shlibext            { '.dll' }
-sub libext              { '.lib' }
-sub defext              { '.def' }
-sub objext              { '.obj' }
-sub depext              { '.d' }
-sub asmext              { '.asm' }
-
-# Other extra that aren't defined in platform::BASE
-sub resext              { '.res' }
-sub shlibextimport      { '.lib' }
-sub shlibvariant        { $target{shlib_variant} || '' }
-
-sub staticname {
-    # Non-installed libraries are *always* static, and their names remain
-    # the same, except for the mandatory extension
-    my $in_libname = platform::BASE->staticname($_[1]);
-    return $in_libname
-        if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
-
-    # To make sure not to clash with an import library, we make the static
-    # variant of our installed libraries get '_static' added to their names.
-    return platform::BASE->staticname($_[1])
-        . ($disabled{shared} ? '' : '_static');
-}
-
-# To mark forward compatibility, we include the OpenSSL major release version
-# number in the installed shared library names.
-(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
-sub shlib_version_as_filename {
-    return $sover_filename
-}
-sub sharedname {
-    return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
-                                    "-",
-                                    $_[0]->shlib_version_as_filename(),
-                                    ($_[0]->shlibvariant() // ''));
-}
-
-sub sharedname_import {
-    return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
-}
-
-sub sharedlib_import {
-    return platform::BASE::__concat($_[0]->sharedname_import($_[1]),
-                                    $_[0]->shlibextimport());
-}
-
-1;
--- a/Configurations/platform/Windows/MSVC.pm
+++ b/Configurations/platform/Windows/MSVC.pm
@@ -1,44 +0,0 @@
-package platform::Windows::MSVC;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::Windows;
-@ISA = qw(platform::Windows);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub pdbext              { '.pdb' }
-
-# It's possible that this variant of |sharedname| should be in Windows.pm.
-# However, this variant was VC only in 1.1.1, so we maintain that here until
-# further notice.
-sub sharedname {
-    return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
-                                    "-",
-                                    $_[0]->shlib_version_as_filename(),
-                                    ($target{multilib} // '' ),
-                                    ($_[0]->shlibvariant() // ''));
-}
-
-sub staticlibpdb {
-    return platform::BASE::__concat($_[0]->staticname($_[1]), $_[0]->pdbext());
-}
-
-sub sharedlibpdb {
-    return platform::BASE::__concat($_[0]->sharedname($_[1]), $_[0]->pdbext());
-}
-
-sub dsopdb {
-    return platform::BASE::__concat($_[0]->dsoname($_[1]), $_[0]->pdbext());
-}
-
-sub binpdb {
-    return platform::BASE::__concat($_[0]->binname($_[1]), $_[0]->pdbext());
-}
-
-1;
--- a/Configurations/platform/Windows/cppbuilder.pm
+++ b/Configurations/platform/Windows/cppbuilder.pm
@@ -1,16 +0,0 @@
-package platform::Windows::cppbuilder;
-
-use vars qw(@ISA);
-
-require platform::Windows::MSVC;
-@ISA = qw(platform::Windows::MSVC);
-
-sub pdbext              { '.tds' }
-
-# C++Builder's Clang-based compilers prepend an underscore to __cdecl-convention
-# C functions, and the linker needs those as the InternalName in the .def file.
-sub export2internal {
-    return "_$_[1]";
-}
-
-1;
--- a/Configurations/platform/mingw.pm
+++ b/Configurations/platform/mingw.pm
@@ -1,51 +0,0 @@
-package platform::mingw;
-
-use strict;
-use warnings;
-use Carp;
-
-use vars qw(@ISA);
-
-require platform::Unix;
-@ISA = qw(platform::Unix);
-
-# Assume someone set @INC right before loading this module
-use configdata;
-
-sub binext              { '.exe' }
-sub objext              { '.obj' }
-sub libext              { '.a' }
-sub dsoext              { '.dll' }
-sub defext              { '.def' }
-
-# Other extra that aren't defined in platform::BASE
-sub resext              { '.res.obj' }
-sub shlibext            { '.dll' }
-sub shlibextimport      { $target{shared_import_extension} || '.dll.a' }
-sub shlibextsimple      { undef }
-sub makedepcmd          { $disabled{makedepend} ? undef : $config{makedepcmd} }
-
-(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
-sub shlib_version_as_filename {
-    return $sover_filename;
-}
-sub sharedname {
-    return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
-                                    "-",
-                                    $_[0]->shlib_version_as_filename(),
-                                    ($config{target} eq "mingw64"
-                                         ? "-x64" : ""));
-}
-
-# With Mingw and other DLL producers, there isn't any "simpler" shared
-# library name.  However, there is a static import library.
-sub sharedlib_simple {
-    return undef;
-}
-
-sub sharedlib_import {
-    return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
-                                    $_[0]->shlibextimport());
-}
-
-1;
--- a/Configurations/shared-info.pl
+++ b/Configurations/shared-info.pl
@@ -1,8 +1,8 @@
 #! /usr/bin/env perl
 # -*- mode: perl; -*-
-# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
 #
-# Licensed under the Apache License 2.0 (the "License").  You may not use
+# Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
@@ -32,24 +32,19 @@ my %shared_info;
        return {
            %{$shared_info{'gnu-shared'}},
            shared_defflag    => '-Wl,--version-script=',
-            dso_ldflags       =>
-                (grep /(?:^|\s)-fsanitize/,
-                 @{$config{CFLAGS}}, @{$config{cflags}})
-                ? ''
-                : '-Wl,-z,defs',
        };
    },
    'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; },
-    'bsd-gcc-nodef-shared' => sub { 
+    'bsd-shared' => sub {
+        return $shared_info{'gnu-shared'} if detect_gnu_ld();
        return {
-            %{$shared_info{'gnu-shared'}},
-            shared_defflags     => '-Wl,--version-script=',
+            shared_ldflag     => '-shared -nostdlib',
        };
    },
    'darwin-shared' => {
        module_ldflags        => '-bundle',
        shared_ldflag         => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
-        shared_sonameflag     => '-install_name $(libdir)/',
+        shared_sonameflag     => '-install_name $(INSTALLTOP)/$(LIBDIR)/',
    },
    'cygwin-shared' => {
        shared_ldflag         => '-shared -Wl,--enable-auto-image-base',
@@ -58,10 +53,9 @@ my %shared_info;
    'mingw-shared' => sub {
        return {
            %{$shared_info{'cygwin-shared'}},
-            # def_flag made to empty string so it still generates
+            # def_flag made to empty string so  it still generates
            # something
            shared_defflag    => '',
-            shared_argfileflag => '@',
        };
    },
    'alpha-osf1-shared' => sub {
@@ -85,16 +79,4 @@ my %shared_info;
            shared_sonameflag => '-h ',
        };
    },
-    'solaris-gcc-shared' => sub {
-        return $shared_info{'linux-shared'} if detect_gnu_ld();
-        return {
-            # Note: we should also have -shared here, but because some
-            # config targets define it with an added -static-libgcc
-            # following it, we don't want to change the order.  This
-            # forces all solaris gcc config targets to define shared_ldflag
-            shared_ldflag     => '-Wl,-Bsymbolic',
-            shared_defflag    => "-Wl,-M,",
-            shared_sonameflag => "-Wl,-h,",
-        };
-    },
 );
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
--- a/Configurations/unix-checker.pm
+++ b/Configurations/unix-checker.pm
@@ -1,4 +1,4 @@
-#! /usr/bin/env perl
+#! /usr/bin/perl

 use Config;

--- a/Configurations/windows-checker.pm
+++ b/Configurations/windows-checker.pm
@@ -1,4 +1,4 @@
-#! /usr/bin/env perl
+#! /usr/bin/perl

 use Config;

--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
--- a/3748
+++ b/3748
--- a/2
+++ b/2
@@ -0,0 +1,2 @@
+The FAQ is now maintained on the web:
+        https://www.openssl.org/docs/faq.html
--- a/HACKING.md
+++ b/HACKING.md
@@ -1,33 +0,0 @@
-MODIFYING OPENSSL SOURCE
-========================
-
-This document describes the way to add custom modifications to OpenSSL sources.
-
- If you are adding new public functions to the custom library build, you need to
- either add a prototype in one of the existing OpenSSL header files;
- or provide a new header file and edit
- [Configurations/unix-Makefile.tmpl](Configurations/unix-Makefile.tmpl)
- to pick up that file.
-
- After that, perform the following steps:
-
-    ./Configure -Werror --strict-warnings [your-options]
-    make update
-    make
-    make test
-
- `make update` ensures that your functions declarations are added to
- `util/libcrypto.num` or `util/libssl.num`.
- If you plan to submit the changes you made to OpenSSL
- (see [CONTRIBUTING.md](CONTRIBUTING.md)), it's worth running:
-
-    make doc-nits
-
- after running `make update` to ensure that documentation has correct format.
-
- `make update` also generates files related to OIDs (in the `crypto/objects/`
- folder) and errors.
- If a merge error occurs in one of these generated files, then the
- generated files need to be removed and regenerated using `make update`.
- To aid in this process, the generated files can be committed separately
- so they can be removed easily.
--- a/1217
+++ b/1217
--- a/INSTALL.md
+++ b/INSTALL.md
--- a/Show More
+++ b/Show More