diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 00000000000..94f480de94e
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+* text=auto eol=lf
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 6e17e6867a6..145f3c6a51c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
+vcpkg*
+build_*
+cmake-build-*
 *.o
 *.a
 *.dylib
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2de93d3cb84..3eb59e18669 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -51,20 +51,24 @@ option(SECCOMP "Link with seccomp and run seccomp tests" OFF)
 file(GLOB API_HEADERS "api/*.h")
 file(GLOB API_UNSTABLE_HEADERS "api/unstable/*.h")
 
-file(GLOB CRYPTO_HEADERS "crypto/*.h")
-file(GLOB CRYPTO_SRC "crypto/*.c")
+file(GLOB CRYPTO_HEADERS "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/crypto/*.h")
+file(GLOB CRYPTO_SRC "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/crypto/*.c")
 
-file(GLOB ERROR_HEADERS "error/*.h")
-file(GLOB ERROR_SRC "error/*.c")
+file(GLOB ERROR_HEADERS "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/error/*.h")
+file(GLOB ERROR_SRC "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/error/*.c")
 
-file(GLOB STUFFER_HEADERS "stuffer/*.h")
-file(GLOB STUFFER_SRC "stuffer/*.c")
+file(GLOB STUFFER_HEADERS "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/stuffer/*.h")
+file(GLOB STUFFER_SRC "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/stuffer/*.c")
 
-file(GLOB_RECURSE TLS_HEADERS "tls/*.h")
-file(GLOB_RECURSE TLS_SRC "tls/*.c")
+file(GLOB_RECURSE TLS_HEADERS "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/tls/*.h")
+file(GLOB_RECURSE TLS_SRC "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/tls/*.c")
 
-file(GLOB UTILS_HEADERS "utils/*.h")
-file(GLOB UTILS_SRC "utils/*.c")
+file(GLOB UTILS_HEADERS "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/utils/*.h")
+file(GLOB UTILS_SRC "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/utils/*.c")
+if (WINDOWS)
+    list(APPEND UTILS_HEADERS "win_shim/win_shim.h")
+    list(APPEND UTILS_SRC "win_shim/mmap-windows.c")
+endif (WINDOWS)
 
 message(STATUS "Detected CMAKE_SYSTEM_PROCESSOR as ${CMAKE_SYSTEM_PROCESSOR}")
 
@@ -93,6 +97,9 @@ else()
     find_package(Threads REQUIRED)
 endif()
 
+set(gcc_like "$<COMPILE_LANG_AND_ID:C,CXX,ARMClang,AppleClang,Clang,GNU,LCC>")
+set(msvc "$<COMPILE_LANG_AND_ID:C,CXX,MSVC>")
+
 if(APPLE)
     set(OS_LIBS c Threads::Threads)
 elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
@@ -103,6 +110,9 @@ elseif(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
     set(OS_LIBS Threads::Threads kvm)
 elseif(CMAKE_SYSTEM_NAME STREQUAL "Android")
     set(OS_LIBS Threads::Threads dl)
+elseif(CMAKE_SYSTEM_NAME STREQUAL "Windows")
+    set(OS_LIBS bcrypt)
+    # pthreads is stubbed for native MSVC
 else()
     set(OS_LIBS Threads::Threads dl rt)
 endif()
@@ -134,37 +144,45 @@ set_target_properties(${PROJECT_NAME} PROPERTIES SOVERSION ${VERSION_MAJOR})
 
 set(CMAKE_C_FLAGS_DEBUGOPT "")
 
-target_compile_options(${PROJECT_NAME} PRIVATE 
-    -pedantic
-    -std=gnu99
-    -Wall
-    -Wcast-align
-    -Wcast-qual
-    -Wchar-subscripts
-    -Wcomment
-    -Wformat-security
-    -Wimplicit
-    -Wshadow
-    -Wsign-compare
-    -Wuninitialized
-    -Wunused
-    -Wwrite-strings
-    
-    # Assembler Options
-    -Wa,--noexecstack
-
-    # Suppressed Warnings
-    -Wno-deprecated-declarations
-    # GCC 4 fails to parse our macros with a "missing-braces" error
-    -Wno-missing-braces
-    -Wno-strict-prototypes
-    -Wno-unknown-pragmas
-)
+if (NOT MSVC AND NOT CYGWIN AND NOT MSYS AND NOT MINGW)
+    target_compile_options(${PROJECT_NAME} PRIVATE 
+        -pedantic
+        -std=gnu99
+        -Wall
+        -Wcast-align
+        -Wcast-qual
+        -Wchar-subscripts
+        -Wcomment
+        -Wformat-security
+        -Wimplicit
+        -Wshadow
+        -Wsign-compare
+        -Wuninitialized
+        -Wunused
+        -Wwrite-strings
+        
+        # Assembler Options
+        -Wa,--noexecstack
+
+        # Suppressed Warnings
+        -Wno-deprecated-declarations
+        # GCC 4 fails to parse our macros with a "missing-braces" error
+        -Wno-missing-braces
+        -Wno-strict-prototypes
+        -Wno-unknown-pragmas
+    )
+endif ()
 
 if (S2N_WERROR_ALL)
-    target_compile_options(${PROJECT_NAME} PUBLIC -Werror)
+    target_compile_options(${PROJECT_NAME} PUBLIC
+            "$<${gcc_like}:$<BUILD_INTERFACE:-Werror>>"
+            "$<${msvc}:$<BUILD_INTERFACE:-W3;-Zi;-permissive->>"
+    )
 elseif (UNSAFE_TREAT_WARNINGS_AS_ERRORS)
-    target_compile_options(${PROJECT_NAME} PRIVATE -Werror )
+    target_compile_options(${PROJECT_NAME} PRIVATE 
+            "$<${gcc_like}:$<BUILD_INTERFACE:-Werror>>"
+            "$<${msvc}:$<BUILD_INTERFACE:-W3;-Zi;-permissive->>"
+    )
 endif ()
 
 if(BUILD_TESTING AND BUILD_SHARED_LIBS OR S2N_FUZZ_TEST)
@@ -181,7 +199,7 @@ if(S2N_LTO)
     endif()
 endif()
 
-if(NOT APPLE AND NOT CMAKE_SYSTEM_NAME STREQUAL "AIX")
+if(NOT APPLE AND NOT WINDOWS AND NOT CMAKE_SYSTEM_NAME STREQUAL "AIX")
     set(CMAKE_SHARED_LINKER_FLAGS -Wl,-z,noexecstack,-z,relro,-z,now)
 endif()
 
@@ -235,7 +253,8 @@ if(TSAN OR ASAN OR UBSAN)
     target_compile_options(${PROJECT_NAME} PUBLIC -fno-omit-frame-pointer -fno-optimize-sibling-calls)
 endif()
 
-list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules")
+file(TO_CMAKE_PATH "${PROJECT_SOURCE_DIR}/cmake/modules" MODULE_PATH)
+set(CMAKE_MODULE_PATH "${MODULE_PATH}")
 
 if (COVERAGE)
     # https://cmake.org/cmake/help/latest/variable/CMAKE_LANG_COMPILER_ID.html
@@ -269,6 +288,10 @@ endif()
 if (TARGET crypto)
     message(STATUS "S2N found target: crypto")
     set(LINK_LIB "crypto")
+elseif(DEFINED Z_VCPKG_EXECUTABLE)
+    find_package(OpenSSL REQUIRED)
+    message(STATUS "Using libcrypto from vcpkg")
+    set(LINK_LIB "OpenSSL::Crypto")
 else()
     find_package(crypto REQUIRED)
     message(STATUS "Using libcrypto from the cmake path")
@@ -479,17 +502,17 @@ endif()
 
 target_link_libraries(${PROJECT_NAME} PUBLIC ${OS_LIBS} m)
 
-target_include_directories(${PROJECT_NAME} PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>)
+target_include_directories(${PROJECT_NAME} PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../auto-win-msvc/rewritten_src> $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>)
 target_include_directories(${PROJECT_NAME} PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/api> $<INSTALL_INTERFACE:include>)
 
-if (BUILD_TESTING)
+if (BUILD_TESTING AND NOT MSVC)
     enable_testing()
 
     ############################################################################
     ################### build testlib (utility library) ########################
     ############################################################################
 
-    file(GLOB TESTLIB_SRC "tests/testlib/*.c")
+    file(GLOB TESTLIB_SRC "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/tests/testlib/*.c")
     file(GLOB EXAMPLES_SRC "docs/examples/*.c")
 
     add_library(testss2n STATIC ${TESTLIB_SRC} ${EXAMPLES_SRC})
@@ -576,7 +599,7 @@ if (BUILD_TESTING)
     ############################ build unit tests ##############################
     ############################################################################
 
-    file(GLOB UNITTESTS_SRC "tests/unit/*.c")
+    file(GLOB UNITTESTS_SRC "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/tests/unit/*.c")
     foreach(test_case ${UNITTESTS_SRC})
         # NAME_WE: name without extension
         get_filename_component(test_case_name ${test_case} NAME_WE)
@@ -591,13 +614,18 @@ if (BUILD_TESTING)
                   find . -name '${test_case_name}.c.o' -exec objcopy --redefine-syms libcrypto.symbols {} \\\;
             )
         endif()
-        target_compile_options(${test_case_name} PRIVATE 
-            -Wall -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized 
-            -Wshadow  -Wcast-align -Wwrite-strings -Wformat-security
-            -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated -std=gnu99 -Wno-missing-braces
-        )
+        if (NOT MSVC AND NOT CYGWIN AND NOT MSYS AND NOT MINGW)
+            target_compile_options(${test_case_name} PRIVATE 
+                -Wall -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized 
+                -Wshadow  -Wcast-align -Wwrite-strings -Wformat-security
+                -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-deprecated -std=gnu99 -Wno-missing-braces
+            )
+        endif()
         if (UNSAFE_TREAT_WARNINGS_AS_ERRORS)
-            target_compile_options(${test_case_name} PRIVATE -Werror)
+            target_compile_options(${test_case_name} PRIVATE 
+                "$<${gcc_like}:$<BUILD_INTERFACE:-Werror>>"
+                "$<${msvc}:$<BUILD_INTERFACE:-W3;-Zi;-permissive->>"
+            )
         endif()
         if (S2N_LTO)
             target_compile_options(${test_case_name} PRIVATE -flto)
@@ -617,15 +645,16 @@ if (BUILD_TESTING)
     ######################### build utility binaries ###########################
     ############################################################################
 
-    add_executable(s2nc "bin/s2nc.c" "bin/echo.c" "bin/https.c" "bin/common.c")
+if (NOT MSVC)
+    add_executable(s2nc "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/bin/s2nc.c" "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/bin/echo.c" "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/bin/https.c" "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/bin/common.c")
     target_link_libraries(s2nc ${PROJECT_NAME})
     target_compile_options(s2nc PRIVATE -std=gnu99)
 
-    add_executable(s2nd "bin/s2nd.c" "bin/echo.c" "bin/https.c" "bin/common.c")
+    add_executable(s2nd "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/bin/s2nd.c" "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/bin/echo.c" "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/bin/https.c" "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/bin/common.c")
     target_link_libraries(s2nd ${PROJECT_NAME})
     target_compile_options(s2nd PRIVATE -std=gnu99)
 
-    add_executable(policy "bin/policy.c")
+    add_executable(policy "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/bin/policy.c")
     target_link_libraries(policy ${PROJECT_NAME})
     target_compile_options(policy PRIVATE -std=gnu99)
 
@@ -633,6 +662,7 @@ if (BUILD_TESTING)
         target_compile_options(s2nc PRIVATE -flto)
         target_compile_options(s2nd PRIVATE -flto)
     endif()
+    endif()
 
     if (S2N_INTEG_TESTS)
         find_package (Python3 COMPONENTS Interpreter Development)
@@ -689,8 +719,8 @@ if (BUILD_TESTING)
         set(SCRIPT_PATH "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh")
         file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
 
-        file(GLOB TESTLIB_SRC "tests/testlib/*.c")
-        file(GLOB TESTLIB_HEADERS "tests/testlib/*.h" "tests/s2n_test.h")
+        file(GLOB TESTLIB_SRC "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/tests/testlib/*.c")
+        file(GLOB TESTLIB_HEADERS "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/tests/testlib/*.h" "${CMAKE_CURRENT_LIST_DIR}/../auto-win-msvc/rewritten_src/tests/s2n_test.h")
 
         # This must be a shared object so that symbols can be overridden by the
         # fuzz test specific LD_PRELOAD libraries.
diff --git a/api/s2n.h b/api/s2n.h
index 2fe631caee9..9dc67848da6 100644
--- a/api/s2n.h
+++ b/api/s2n.h
@@ -37,14 +37,10 @@ extern "C" {
 #include <stdint.h>
 #include <stdio.h>
 #include <sys/types.h>
-#ifndef _WIN32
-    #include <sys/uio.h>
+#if defined(_MSC_VER) || defined(__MINGW32__)
+#include <win_shim/win_shim.h>
 #else
-/* struct iovec equivalent for Windows */
-struct iovec {
-    void *iov_base;
-    size_t iov_len;
-};
+#include <sys/uio.h>
 #endif
 
 /**
@@ -123,7 +119,7 @@ struct iovec {
  *
  * @warning To avoid possible confusion, s2n_errno should be cleared after processing an error: `s2n_errno = S2N_ERR_T_OK`
  */
-S2N_API extern __thread int s2n_errno;
+extern __thread int s2n_errno;
 
 /**
  * This function can be used instead of trying to resolve `s2n_errno` directly
@@ -2281,7 +2277,6 @@ S2N_API extern int s2n_negotiate(struct s2n_connection *conn, s2n_blocked_status
  */
 S2N_API extern ssize_t s2n_send(struct s2n_connection *conn, const void *buf, ssize_t size, s2n_blocked_status *blocked);
 
-#ifndef _WIN32
 /**
  * Works in the same way as s2n_sendv_with_offset() but with the `offs` parameter implicitly assumed to be 0.
  * Therefore in the partial write case, the caller would have to make sure that the `bufs` and `count` fields are modified in a way that takes
@@ -2313,7 +2308,6 @@ S2N_API extern ssize_t s2n_sendv(struct s2n_connection *conn, const struct iovec
  * @returns The number of bytes written on success, which may indicate a partial write. S2N_FAILURE on failure.
  */
 S2N_API extern ssize_t s2n_sendv_with_offset(struct s2n_connection *conn, const struct iovec *bufs, ssize_t count, ssize_t offs, s2n_blocked_status *blocked);
-#endif
 
 /**
  * Decrypts and reads **size* to `buf` data from the associated
diff --git a/bin/common.c b/bin/common.c
index 66c3459f245..2eb00fd33e9 100644
--- a/bin/common.c
+++ b/bin/common.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
@@ -21,10 +22,16 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#if !defined(_MSC_VER)
 #include <strings.h>
+#endif
+#if !defined(_MSC_VER)
 #include <sys/mman.h>
+#endif
 #include <sys/stat.h>
+#if !defined(_MSC_VER)
 #include <unistd.h>
+#endif
 
 #include "api/s2n.h"
 #include "error/s2n_errno.h"
diff --git a/bin/echo.c b/bin/echo.c
index 75b4fc28a22..39fc84b4e1f 100644
--- a/bin/echo.c
+++ b/bin/echo.c
@@ -22,7 +22,9 @@
 #include <sys/ioctl.h>
 #include <sys/param.h>
 #include <sys/select.h>
+#if !defined(_MSC_VER)
 #include <unistd.h>
+#endif
 
 #include "api/s2n.h"
 #include "api/unstable/fingerprint.h"
diff --git a/bin/policy.c b/bin/policy.c
index 1252360a20f..9ea8ec77bf9 100644
--- a/bin/policy.c
+++ b/bin/policy.c
@@ -15,7 +15,9 @@
 
 #include <stdint.h>
 #include <stdlib.h>
+#if !defined(_MSC_VER)
 #include <unistd.h>
+#endif
 
 #include "api/s2n.h"
 #include "tls/policy/s2n_policy_feature.h"
diff --git a/bin/s2nc.c b/bin/s2nc.c
index 552109eba6f..78bc9641ed7 100644
--- a/bin/s2nc.c
+++ b/bin/s2nc.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
@@ -21,8 +22,12 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include <sys/param.h>
+#if !defined(_MSC_VER)
 #include <sys/socket.h>
+#endif
+#if !defined(_MSC_VER)
 #include <unistd.h>
+#endif
 
 #ifndef S2N_INTERN_LIBCRYPTO
     #include <openssl/crypto.h>
diff --git a/bin/s2nd.c b/bin/s2nd.c
index cc1ba1ed460..c43654d3481 100644
--- a/bin/s2nd.c
+++ b/bin/s2nd.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
@@ -21,10 +22,16 @@
 #include <signal.h>
 #include <stdint.h>
 #include <stdlib.h>
+#if !defined(_MSC_VER)
 #include <sys/mman.h>
+#endif
+#if !defined(_MSC_VER)
 #include <sys/socket.h>
+#endif
 #include <sys/stat.h>
+#if !defined(_MSC_VER)
 #include <unistd.h>
+#endif
 
 #ifndef S2N_INTERN_LIBCRYPTO
     #include <openssl/crypto.h>
diff --git a/bindings/rust/aws-kms-tls-auth/fuzz/fuzz_targets/psk_client_hello.rs b/bindings/rust/aws-kms-tls-auth/fuzz/fuzz_targets/psk_client_hello.rs
deleted file mode 100644
index 1757b767266..00000000000
--- a/bindings/rust/aws-kms-tls-auth/fuzz/fuzz_targets/psk_client_hello.rs
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-#![no_main]
-
-use aws_kms_tls_auth::DecodeValue;
-use aws_kms_tls_auth::PresharedKeyClientHello;
-use libfuzzer_sys::fuzz_target;
-
-fuzz_target!(|data: &[u8]| {
-    let _ = PresharedKeyClientHello::decode_from(data);
-});
diff --git a/bindings/rust/standard/s2n-tls-metrics-subscriber/fuzz/fuzz_targets/fuzz_cert_parse.rs b/bindings/rust/standard/s2n-tls-metrics-subscriber/fuzz/fuzz_targets/fuzz_cert_parse.rs
deleted file mode 100644
index cf1b5ba77e9..00000000000
--- a/bindings/rust/standard/s2n-tls-metrics-subscriber/fuzz/fuzz_targets/fuzz_cert_parse.rs
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-#![no_main]
-use libfuzzer_sys::fuzz_target;
-
-fuzz_target!(|data: &[u8]| {
-    // parse must never panic, regardless of input
-    let _ = s2n_tls_metrics_subscriber::parsing::cert::parse(data);
-});
diff --git a/cmake/modules/Findcrypto.cmake b/cmake/modules/Findcrypto.cmake
index 1ac4d9a619b..1bdc7efca08 100644
--- a/cmake/modules/Findcrypto.cmake
+++ b/cmake/modules/Findcrypto.cmake
@@ -15,9 +15,6 @@
 #  crypto_SHARED_LIBRARY    The path to libcrypto.so
 #  crypto_STATIC_LIBRARY    The path to libcrypto.a
 
-# the next branch exists purely for cmake compatibility with versions older than 3.15. Please do not remove it before
-# we baseline on a newer version. It does not like duplicate target declarations. Work around that by checking it isn't
-# defined first.
 if (TARGET crypto OR TARGET AWS::crypto)
     if (TARGET crypto)
         set(TARGET_NAME "crypto")
@@ -31,42 +28,61 @@ if (TARGET crypto OR TARGET AWS::crypto)
     set(CRYPTO_FOUND true)
     set(crypto_FOUND true)
 else()
-    find_path(crypto_INCLUDE_DIR
-        NAMES openssl/crypto.h
-        HINTS
-        "${CMAKE_PREFIX_PATH}"
-        "${CMAKE_INSTALL_PREFIX}"
-        PATH_SUFFIXES include
-    )
+    find_package(OpenSSL MODULE REQUIRED)
+    if(OPENSSL_FOUND)
+        if (TARGET OpenSSL::Crypto)
+            set(crypto_LIBRARY OpenSSL::Crypto)
+            get_target_property(crypto_INCLUDE_DIR OpenSSL::Crypto INTERFACE_INCLUDE_DIRECTORIES)
+            # If property wasn't set, fallback to the variable
+            if(NOT crypto_INCLUDE_DIR)
+                set(crypto_INCLUDE_DIR ${OPENSSL_INCLUDE_DIR})
+            endif()
+        else()
+            set(crypto_LIBRARY ${OPENSSL_CRYPTO_LIBRARY})
+            set(crypto_INCLUDE_DIR ${OPENSSL_INCLUDE_DIR})
+        endif()
+        set(crypto_FOUND true)
+        set(CRYPTO_FOUND true)
+    endif()
 
-    find_library(crypto_SHARED_LIBRARY
-        NAMES libcrypto.so libcrypto.dylib
-        HINTS
-        "${CMAKE_PREFIX_PATH}"
-        "${CMAKE_INSTALL_PREFIX}"
-        PATH_SUFFIXES build/crypto build lib64 lib
-    )
+    if(NOT crypto_FOUND)
+        find_path(crypto_INCLUDE_DIR
+            NAMES openssl/crypto.h
+            HINTS
+            "${CMAKE_PREFIX_PATH}"
+            "${CMAKE_INSTALL_PREFIX}"
+            PATH_SUFFIXES include
+        )
 
-    find_library(crypto_STATIC_LIBRARY
-        NAMES libcrypto.a
-        HINTS
-        "${CMAKE_PREFIX_PATH}"
-        "${CMAKE_INSTALL_PREFIX}"
-        PATH_SUFFIXES build/crypto build lib64 lib
-    )
+        find_library(crypto_SHARED_LIBRARY
+            NAMES libcrypto.so libcrypto.dylib libcrypto.dll.a crypto.lib libcrypto.lib
+            HINTS
+            "${CMAKE_PREFIX_PATH}"
+            "${CMAKE_INSTALL_PREFIX}"
+            PATH_SUFFIXES build/crypto build lib64 lib
+        )
 
-    if (NOT crypto_LIBRARY)
-        if (BUILD_SHARED_LIBS OR S2N_USE_CRYPTO_SHARED_LIBS)
-            if (crypto_SHARED_LIBRARY)
-                set(crypto_LIBRARY ${crypto_SHARED_LIBRARY})
-            else()
-                set(crypto_LIBRARY ${crypto_STATIC_LIBRARY})
-            endif()
-        else()
-            if (crypto_STATIC_LIBRARY)
-               set(crypto_LIBRARY ${crypto_STATIC_LIBRARY})
+        find_library(crypto_STATIC_LIBRARY
+            NAMES libcrypto.a libcrypto.lib crypto.lib
+            HINTS
+            "${CMAKE_PREFIX_PATH}"
+            "${CMAKE_INSTALL_PREFIX}"
+            PATH_SUFFIXES build/crypto build lib64 lib
+        )
+
+        if (NOT crypto_LIBRARY)
+            if (BUILD_SHARED_LIBS OR S2N_USE_CRYPTO_SHARED_LIBS)
+                if (crypto_SHARED_LIBRARY)
+                    set(crypto_LIBRARY ${crypto_SHARED_LIBRARY})
+                else()
+                    set(crypto_LIBRARY ${crypto_STATIC_LIBRARY})
+                endif()
             else()
-               set(crypto_LIBRARY ${crypto_SHARED_LIBRARY})
+                if (crypto_STATIC_LIBRARY)
+                   set(crypto_LIBRARY ${crypto_STATIC_LIBRARY})
+                else()
+                   set(crypto_LIBRARY ${crypto_SHARED_LIBRARY})
+                endif()
             endif()
         endif()
     endif()
@@ -85,9 +101,6 @@ else()
         crypto_STATIC_LIBRARY
     )
 
-    # some versions of cmake have a super esoteric bug around capitalization differences between
-    # find dependency and find package, just avoid that here by checking and
-    # setting both.
     if(CRYPTO_FOUND OR crypto_FOUND)
         set(CRYPTO_FOUND true)
         set(crypto_FOUND true)
@@ -95,18 +108,21 @@ else()
         message(STATUS "LibCrypto Include Dir: ${crypto_INCLUDE_DIR}")
         message(STATUS "LibCrypto Shared Lib:  ${crypto_SHARED_LIBRARY}")
         message(STATUS "LibCrypto Static Lib:  ${crypto_STATIC_LIBRARY}")
-        if (NOT TARGET crypto AND
-            (EXISTS "${crypto_LIBRARY}")
-        )
+        
+        if (NOT TARGET crypto AND NOT TARGET AWS::crypto)
             set(THREADS_PREFER_PTHREAD_FLAG ON)
             find_package(Threads REQUIRED)
-            add_library(AWS::crypto UNKNOWN IMPORTED)
-            set_target_properties(AWS::crypto PROPERTIES
-                    INTERFACE_INCLUDE_DIRECTORIES "${crypto_INCLUDE_DIR}")
-            set_target_properties(AWS::crypto PROPERTIES
-                    IMPORTED_LINK_INTERFACE_LANGUAGES "C"
-                    IMPORTED_LOCATION "${crypto_LIBRARY}")
-            add_dependencies(AWS::crypto Threads::Threads)
+            if (TARGET OpenSSL::Crypto)
+                add_library(AWS::crypto ALIAS OpenSSL::Crypto)
+            elseif(EXISTS "${crypto_LIBRARY}")
+                add_library(AWS::crypto UNKNOWN IMPORTED)
+                set_target_properties(AWS::crypto PROPERTIES
+                        INTERFACE_INCLUDE_DIRECTORIES "${crypto_INCLUDE_DIR}")
+                set_target_properties(AWS::crypto PROPERTIES
+                        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+                        IMPORTED_LOCATION "${crypto_LIBRARY}")
+                add_dependencies(AWS::crypto Threads::Threads)
+            endif()
         endif()
     endif()
 
diff --git a/codebuild/README.md b/codebuild/README.md
deleted file mode 100644
index 313cfdaa4d8..00000000000
--- a/codebuild/README.md
+++ /dev/null
@@ -1,41 +0,0 @@
-# Docker Image Structure
-The codebuild specifications are run on a custom docker images that have the test dependencies installed. The docker image structure is described below.
-
-### libcrypto
-Various libcryptos are installed to `/usr/local/$LIBCRYPTO` directories. For example
-```
-# non-exhaustive list
-/usr/local/openssl-1.0.2/lib/libcrypto.a
-/usr/local/openssl-1.0.2/lib/libcrypto.so
-/usr/local/openssl-1.0.2/lib/libcrypto.so.1.0.0
-/usr/local/openssl-1.0.2/lib/pkgconfig/libcrypto.pc
-/usr/local/openssl-3.0/lib64/libcrypto.a
-/usr/local/openssl-3.0/lib64/libcrypto.so.3
-/usr/local/openssl-3.0/lib64/libcrypto.so
-/usr/local/openssl-3.0/lib64/pkgconfig/libcrypto.pc
-/usr/local/boringssl/lib/libcrypto.so
-/usr/local/awslc/lib/libcrypto.a
-/usr/local/awslc/lib/libcrypto.so
-```
-
-Packages installed from the `apt` package manager can generally be found in `/usr/lib`. For example, our 32 bit build uses the 32 bit `i386` libcrypto, and it's artifacts are located at
-```
-/usr/lib/i386-linux-gnu/libcrypto.a
-/usr/lib/i386-linux-gnu/libcrypto.so.3
-/usr/lib/i386-linux-gnu/libcrypto.so
-/usr/lib/i386-linux-gnu/pkgconfig/libcrypto.pc
-```
-
-When the docker image is available locally, the structure can be easily examined by attaching an interactive terminal to the container with the following command
-```
-docker run --entrypoint /bin/bash -it --privileged <image id>
-```
-
-Then the `find` command can be used to look at the various artifacts that are available.
-```
-sudo find / -name libcrypto* # list all libcrypto artifacts
-```
-or
-```
-sudo find / -name clang* # find all clang binaries
-```
\ No newline at end of file
diff --git a/codebuild/bin/KWStyle.xml b/codebuild/bin/KWStyle.xml
deleted file mode 100644
index d4fc9c75874..00000000000
--- a/codebuild/bin/KWStyle.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-
-<!-- For list of supported features see: https://kitware.github.io/KWStyle/resources/features.html -->
-
-
-<Description>
-    <LineLength>256</LineLength>
-    <!--
-         When KWStyle parses the line "const struct s2n_ecc_named_curve s2n_ecc_curve_secp256r1 = {", it thinks "=" is
-         a function name. Add "=" and "+" characters to allowed function name regex to work around parser bug in KWStyle.
-    -->
-    <Functions>
-        <regex>[A-Za-z=_+]</regex>
-        <length>512</length>
-    </Functions>
-</Description>
diff --git a/codebuild/bin/apache2/apache2.conf b/codebuild/bin/apache2/apache2.conf
deleted file mode 100644
index 09ff4d6240d..00000000000
--- a/codebuild/bin/apache2/apache2.conf
+++ /dev/null
@@ -1,218 +0,0 @@
-# This is the main Apache server configuration file.  It contains the
-# configuration directives that give the server its instructions.
-# See http://httpd.apache.org/docs/2.4/ for detailed information about
-# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
-# hints.
-#
-#
-# Summary of how the Apache 2 configuration works in Debian:
-# The Apache 2 web server configuration in Debian is quite different to
-# upstream's suggested way to configure the web server. This is because Debian's
-# default Apache2 installation attempts to make adding and removing modules,
-# virtual hosts, and extra configuration directives as flexible as possible, in
-# order to make automating the changes and administering the server as easy as
-# possible.
-
-# It is split into several files forming the configuration hierarchy outlined
-# below, all located in the /etc/apache2/ directory:
-#
-#	/etc/apache2/
-#	|-- apache2.conf
-#	|	`--  ports.conf
-#	|-- mods-enabled
-#	|	|-- *.load
-#	|	`-- *.conf
-#	|-- conf-enabled
-#	|	`-- *.conf
-# 	`-- sites-enabled
-#	 	`-- *.conf
-#
-#
-# * apache2.conf is the main configuration file (this file). It puts the pieces
-#   together by including all remaining configuration files when starting up the
-#   web server.
-#
-# * ports.conf is always included from the main configuration file. It is
-#   supposed to determine listening ports for incoming connections which can be
-#   customized anytime.
-#
-# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
-#   directories contain particular configuration snippets which manage modules,
-#   global configuration fragments, or virtual host configurations,
-#   respectively.
-#
-#   They are activated by symlinking available configuration files from their
-#   respective *-available/ counterparts. These should be managed by using our
-#   helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
-#   their respective man pages for detailed information.
-#
-# * The binary is called apache2. Due to the use of environment variables, in
-#   the default configuration, apache2 needs to be started/stopped with
-#   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
-#   work with the default configuration.
-
-
-# Global configuration
-#
-
-#
-# ServerRoot: The top of the directory tree under which the server's
-# configuration, error, and log files are kept.
-#
-# NOTE!  If you intend to place this on an NFS (or otherwise network)
-# mounted filesystem then please read the Mutex documentation (available
-# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
-# you will save yourself a lot of trouble.
-#
-# Do NOT add a slash at the end of the directory path.
-#
-ServerRoot ${APACHE_SERVER_ROOT}
-
-#
-# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
-#
-#Mutex file:${APACHE_LOCK_DIR} default
-
-#
-# The directory where shm and other runtime files will be stored.
-#
-DefaultRuntimeDir ${APACHE_RUN_DIR}
-
-#
-# PidFile: The file in which the server should record its process
-# identification number when it starts.
-# This needs to be set in /etc/apache2/envvars
-#
-PidFile ${APACHE_PID_FILE}
-
-#
-# Timeout: The number of seconds before receives and sends time out.
-#
-Timeout 60
-
-#
-# KeepAlive: Whether or not to allow persistent connections (more than
-# one request per connection). Set to "Off" to deactivate.
-#
-KeepAlive On
-
-#
-# MaxKeepAliveRequests: The maximum number of requests to allow
-# during a persistent connection. Set to 0 to allow an unlimited amount.
-# We recommend you leave this number high, for maximum performance.
-#
-MaxKeepAliveRequests 100
-
-#
-# KeepAliveTimeout: Number of seconds to wait for the next request from the
-# same client on the same connection.
-#
-KeepAliveTimeout 5
-
-
-# These need to be set in /etc/apache2/envvars
-User ${APACHE_RUN_USER}
-Group ${APACHE_RUN_GROUP}
-
-#
-# HostnameLookups: Log the names of clients or just their IP addresses
-# e.g., www.apache.org (on) or 204.62.129.132 (off).
-# The default is off because it'd be overall better for the net if people
-# had to knowingly turn this feature on, since enabling it means that
-# each client request will result in AT LEAST one lookup request to the
-# nameserver.
-#
-HostnameLookups Off
-
-# ErrorLog: The location of the error log file.
-# If you do not specify an ErrorLog directive within a <VirtualHost>
-# container, error messages relating to that virtual host will be
-# logged here.  If you *do* define an error logfile for a <VirtualHost>
-# container, that host's errors will be logged there and not here.
-#
-ErrorLog ${APACHE_LOG_DIR}/error.log
-
-#
-# LogLevel: Control the severity of messages logged to the error_log.
-# Available values: trace8, ..., trace1, debug, info, notice, warn,
-# error, crit, alert, emerg.
-# It is also possible to configure the log level for particular modules, e.g.
-# "LogLevel info ssl:warn"
-#
-LogLevel warn
-
-# Include module configuration:
-IncludeOptional mods-enabled/*.load
-IncludeOptional mods-enabled/*.conf
-
-# Include list of ports to listen on
-Include ports.conf
-
-
-# Sets the default security model of the Apache2 HTTPD server. It does
-# not allow access to the root filesystem outside of /usr/share and /var/www.
-# The former is used by web applications packaged in Debian,
-# the latter may be used for local directories served by the web server. If
-# your system is serving content from a sub-directory in /srv you must allow
-# access here, or in any related virtual host.
-<Directory />
-	Options FollowSymLinks
-	AllowOverride None
-	Require all denied
-</Directory>
-
-<Directory /usr/share>
-	AllowOverride None
-	Require all granted
-</Directory>
-
-<Directory ${APACHE_SERVER_ROOT}/www/>
-	Options Indexes FollowSymLinks
-	AllowOverride None
-	Require all granted
-</Directory>
-
-
-# AccessFileName: The name of the file to look for in each directory
-# for additional configuration directives.  See also the AllowOverride
-# directive.
-#
-AccessFileName .htaccess
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-<FilesMatch "^\.ht">
-	Require all denied
-</FilesMatch>
-
-
-#
-# The following directives define some format nicknames for use with
-# a CustomLog directive.
-#
-# These deviate from the Common Log Format definitions in that they use %O
-# (the actual bytes sent including headers) instead of %b (the size of the
-# requested file), because the latter makes it impossible to detect partial
-# requests.
-#
-# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
-# Use mod_remoteip instead.
-#
-LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %O" common
-LogFormat "%{Referer}i -> %U" referer
-LogFormat "%{User-agent}i" agent
-
-# Include of directories ignores editors' and dpkg's backup files,
-# see README.Debian for details.
-
-# Include generic snippets of statements
-IncludeOptional conf-enabled/*.conf
-
-# Include the virtual host configurations:
-IncludeOptional sites-enabled/*.conf
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/codebuild/bin/apache2/ports.conf b/codebuild/bin/apache2/ports.conf
deleted file mode 100644
index 10231882d77..00000000000
--- a/codebuild/bin/apache2/ports.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# Server ports should not conflict with the range of ports used for
-# integration tests (8000 to 30000)
-
-Define RENEGOTIATE_SERVER_PORT 7777
-Listen ${RENEGOTIATE_SERVER_PORT}
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/codebuild/bin/apache2/sites-enabled/renegotiate.conf b/codebuild/bin/apache2/sites-enabled/renegotiate.conf
deleted file mode 100644
index 4cf0373792a..00000000000
--- a/codebuild/bin/apache2/sites-enabled/renegotiate.conf
+++ /dev/null
@@ -1,54 +0,0 @@
-<VirtualHost *:${RENEGOTIATE_SERVER_PORT}>
-	# The ServerName directive sets the request scheme, hostname and port that
-	# the server uses to identify itself. This is used when creating
-	# redirection URLs. In the context of virtual hosts, the ServerName
-	# specifies what hostname must appear in the request's Host: header to
-	# match this virtual host. For the default virtual host (this file) this
-	# value is not decisive as it is used as a last resort host regardless.
-	# However, you must set it for any further virtual host explicitly.
-	ServerName localhost
-
-	ServerAdmin webmaster@localhost
-	DocumentRoot ${APACHE_SERVER_ROOT}/www/html
-
-	ErrorLog ${APACHE_LOG_DIR}/error.log
-	CustomLog ${APACHE_LOG_DIR}/access.log combined
-
-	#   SSL Engine Switch:
-	#   Enable/Disable SSL for this virtual host.
-	SSLEngine on
-
-	SSLCertificateFile ${APACHE_CERT_DIR}/apache_server_cert.pem
-	SSLCertificateKeyFile ${APACHE_CERT_DIR}/apache_server_key.pem
-
-	#   Certificate Authority (CA):
-	#   Set the CA certificate verification path where to find CA
-	#   certificates for client authentication or alternatively one
-	#   huge file containing all of them (file must be PEM encoded)
-	#   Note: Inside SSLCACertificatePath you need hash symlinks
-	#		 to point to the certificate files. Use the provided
-	#		 Makefile to update the hash symlinks after changes.
-	SSLCACertificateFile ${APACHE_CERT_DIR}/apache_client_cert.pem
-
-	SSLProtocol -ALL +TLSv1.2
-	SSLHonorCipherOrder On
-	SSLCipherSuite HIGH:!aNULL:!MD5
-	SSLCompression Off
-	SSLInsecureRenegotiation Off
-
-	Alias /change_cipher_suite ${APACHE_SERVER_ROOT}/www/change_cipher_suite
-	<Directory ${APACHE_SERVER_ROOT}/www/change_cipher_suite>
-		Require all granted
-		SSLCipherSuite AES128-SHA
-	</Directory>
-
-	Alias /mutual_auth ${APACHE_SERVER_ROOT}/www/mutual_auth
-	<Directory ${APACHE_SERVER_ROOT}/www/mutual_auth>
-		Require all granted
-		SSLVerifyClient require
-		SSLVerifyDepth  10
-	</Directory>
-
-</VirtualHost>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/codebuild/bin/apache2/www/change_cipher_suite/index.html b/codebuild/bin/apache2/www/change_cipher_suite/index.html
deleted file mode 100644
index 96ccd69650c..00000000000
--- a/codebuild/bin/apache2/www/change_cipher_suite/index.html
+++ /dev/null
@@ -1,8 +0,0 @@
-<html>
-<head>
-    <title>Change Cipher Suite</title>
-</head>
-<body>
-    <p>Success.</p>
-</body>
-</html>
diff --git a/codebuild/bin/apache2/www/html/index.html b/codebuild/bin/apache2/www/html/index.html
deleted file mode 100755
index 69f57f0b4a1..00000000000
--- a/codebuild/bin/apache2/www/html/index.html
+++ /dev/null
@@ -1,18 +0,0 @@
-<html>
-<head>
-    <title>Renegotiation Testing Server</title>
-</head>
-<body>
-<p>Welcome to the s2n renegotiation testing server! See the following endpoints:</p>
-
-<ul>
-    <li>
-        <a href="/change_cipher_suite">/change_cipher_suite</a> forces a renegotiation by changing the negotiated
-        cipher suite to AES-128-SHA.
-    </li>
-    <li>
-        <a href="/mutual_auth">/mutual_auth</a> forces a renegotiation by enforcing mutual authentication.
-    </li>
-</ul>
-</body>
-</html>
diff --git a/codebuild/bin/apache2/www/mutual_auth/index.html b/codebuild/bin/apache2/www/mutual_auth/index.html
deleted file mode 100644
index aff1ad6f7af..00000000000
--- a/codebuild/bin/apache2/www/mutual_auth/index.html
+++ /dev/null
@@ -1,8 +0,0 @@
-<html>
-<head>
-    <title>Mutual Auth</title>
-</head>
-<body>
-    <p>Success.</p>
-</body>
-</html>
diff --git a/codebuild/bin/build_aws_crt_cpp.sh b/codebuild/bin/build_aws_crt_cpp.sh
deleted file mode 100755
index 1e873fe7f07..00000000000
--- a/codebuild/bin/build_aws_crt_cpp.sh
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -ex
-pushd "$(pwd)"
-
-usage() {
-    echo "build_aws_crt_cpp.sh build_dir install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "2" ]; then
-    usage
-fi
-
-source codebuild/bin/s2n_setup_env.sh
-
-BUILD_DIR=$1
-INSTALL_DIR=$2
-
-# Make sure there isn't another source tree hanging around.
-rm -rf /opt/s2n-tls || true
-mkdir -p "$BUILD_DIR/s2n"
-# In case $BUILD_DIR is a subdirectory of current directory
-for file in *;do test "$file" != "$BUILD_DIR" && cp -r "$file" "$BUILD_DIR/s2n";done
-cd "$BUILD_DIR"
-git clone --depth 1 --shallow-submodules --recurse-submodules https://github.com/awslabs/aws-crt-cpp.git
-# Replace S2N
-rm -r aws-crt-cpp/crt/s2n
-mv s2n aws-crt-cpp/crt/
-
-cmake ./aws-crt-cpp \
-    -Bbuild \
-    -GNinja \
-    -DENFORCE_SUBMODULE_VERSIONS=off \
-    -DBUILD_DEPS=ON \
-    -DCMAKE_BUILD_TYPE=Release \
-    -DCMAKE_INSTALL_PREFIX="${INSTALL_DIR}"
-ninja -C ./build install
-CTEST_OUTPUT_ON_FAILURE=1 CTEST_PARALLEL_LEVEL=$(nproc) ninja -C ./build test
-
-popd
-
-exit 0
diff --git a/codebuild/bin/clang_format_changed_files.sh b/codebuild/bin/clang_format_changed_files.sh
deleted file mode 100755
index 6dd5674132f..00000000000
--- a/codebuild/bin/clang_format_changed_files.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-
-# Get a list of changed files
-REMOTE="${1:-origin}"
-BRANCH="${2:-main}"
-changed_files=$(git diff "$REMOTE"/"$BRANCH" --name-only )
-
-# Run clang-format on each changed file
-for file in $changed_files
-do
-    if [[ $file == *.c || $file == *.h ]]; then # Only run on .c and .h files
-        echo "clang formatting ${file}"
-        clang-format -i $file
-    fi
-done
diff --git a/codebuild/bin/coverage_report.sh b/codebuild/bin/coverage_report.sh
deleted file mode 100755
index b5f5a753583..00000000000
--- a/codebuild/bin/coverage_report.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-
-set -e
-
-# merge profiling data
-llvm-profdata merge -failure-mode=all -sparse tests/unit/ut_*.profraw -o merged.profdata
-
-# generate file-level summary
-llvm-cov report build/lib/libs2n.so \
-    -instr-profile=merged.profdata \
-    > coverage_summary.txt
-
-# convert llvm information to lcov format for genhtml
-llvm-cov export build/lib/libs2n.so \
-    -instr-profile=merged.profdata \
-    -format=lcov \
-    > unit_test_coverage.info
-
-# generate html report with annotated source files
-genhtml unit_test_coverage.info \
-    --branch-coverage \
-    -o coverage_report
diff --git a/codebuild/bin/cpp_style_comment_linter.sh b/codebuild/bin/cpp_style_comment_linter.sh
deleted file mode 100755
index b82bb1563b2..00000000000
--- a/codebuild/bin/cpp_style_comment_linter.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-S2N_FILES=$(find "$PWD" -type f -name "s2n*.[ch]")
-
-FAILED=0
-
-for file in $S2N_FILES; do
-    # There should be no c++ style comments: //
-    RESULT=`grep -rnv '\*' $file | grep '\B\/\/.*$' | grep -v '\".*\"'`;
-    if [ "${#RESULT}" != "0" ];
-    then
-        FAILED=1;
-        printf "\e[1;34mC++ Comments Check Failed in $file:\e[0m\n$RESULT\n\n";
-    fi
-done
-
-if [ $FAILED == 1 ];
-then
-    printf "\\033[31;1mFAILED C++ Comments Check\\033[0m\\n"
-    exit -1
-else
-    printf "\\033[32;1mPASSED C++ Comments Check\\033[0m\\n"
-fi
\ No newline at end of file
diff --git a/codebuild/bin/cppcheck_suppressions.txt b/codebuild/bin/cppcheck_suppressions.txt
deleted file mode 100644
index c85c4bd9514..00000000000
--- a/codebuild/bin/cppcheck_suppressions.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-// Message: (style:variableScope) The scope of the variable 'text' can be reduced.
-// Reason: Don't error for being able to reduce scope of variables in tests
-variableScope:tests/unit/*
-
-// cppcheck Message: (information:ConfigurationNotChecked) Skipping configuration 'SO_RCVLOWAT' since the value of 'SO_RCVLOWAT' is unknown. Use -D if you want to check it. You can use -U to skip it explicitly.
-// Reason: There are many Config options that aren't checked by Cppcheck, and it warns for each. Ignore these so that they don't clutter the output.
-ConfigurationNotChecked:bin/s2nd.c
-ConfigurationNotChecked:tls/s2n_x509_validator.c
-ConfigurationNotChecked:utils/s2n_socket.c
-
-// cppcheck Message: (style:redundantAssignment) Variable 'mock_time' is reassigned a value before the old one has been used.
-// Reason: s2n_config_set_monotonic_clock() takes a reference to mock_time so that whenever it's modified locally, the timer sees the update when it dereferences the pointer.
-redundantAssignment:tests/unit/s2n_timer_test.c
-
-// cppcheck Message: (style:knownConditionTrueFalse) Condition 's2n_libcrypto_awslc_api_version()<17' is always true
-// Reason: s2n_libcrypto_awslc_api_version() are implemented using macro's and for certain libcrypto's the preprocessor will produce a trivial function returning e.g. 1 always.
-knownConditionTrueFalse:crypto/s2n_libcrypto.c
\ No newline at end of file
diff --git a/codebuild/bin/format.sh b/codebuild/bin/format.sh
deleted file mode 100755
index 14be59435de..00000000000
--- a/codebuild/bin/format.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-
-set -e
-CLANG_NINE=$(which clang-format-9)
-CLANG_VER=${CLANG_NINE:-clang-format}
-for i in $(find . -not -path "./test-deps/*" -name '*.h' -or -name '*.c' -or -name '*.cpp'); do
-        $CLANG_VER --verbose -i "$i" ;
-done
-
-if [[ `git status --porcelain` ]]; then
-        echo "clang-format updated files, throwing an error"
-        exit 255
-else
-        echo "No files touched"
-fi
diff --git a/codebuild/bin/fuzz_corpus_download.sh b/codebuild/bin/fuzz_corpus_download.sh
deleted file mode 100755
index 0da91abcbf6..00000000000
--- a/codebuild/bin/fuzz_corpus_download.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-for FUZZ_TEST in tests/fuzz/*.c; do
-    # extract file name without extension
-    TEST_NAME=$(basename "$FUZZ_TEST")
-    TEST_NAME="${TEST_NAME%.*}"
-    
-    # temp corpus folder to store downloaded corpus files
-    TEMP_CORPUS_DIR="./tests/fuzz/temp_corpus_${TEST_NAME}"
-
-    # Check if corpus.zip exists in the specified S3 location.
-    # `> /dev/null 2>&1` redirects output to /dev/null.
-    # If the file is not found, `aws s3 ls` returns a non-zero exit code.
-    if aws s3 ls "s3://s2n-tls-fuzz-corpus/${TEST_NAME}/corpus.zip" > /dev/null 2>&1; then
-        aws s3 cp "s3://s2n-tls-fuzz-corpus/${TEST_NAME}/corpus.zip" "${TEMP_CORPUS_DIR}/corpus.zip"
-        unzip -o "${TEMP_CORPUS_DIR}/corpus.zip" -d "${TEMP_CORPUS_DIR}" > /dev/null 2>&1
-    else
-        printf "corpus.zip not found for ${TEST_NAME}"
-    fi
-done
diff --git a/codebuild/bin/fuzz_corpus_upload.sh b/codebuild/bin/fuzz_corpus_upload.sh
deleted file mode 100755
index 8100e074166..00000000000
--- a/codebuild/bin/fuzz_corpus_upload.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-for FUZZ_TEST in tests/fuzz/*.c; do
-    # extract file name without extension
-    TEST_NAME=$(basename "$FUZZ_TEST")
-    TEST_NAME="${TEST_NAME%.*}"
-    
-    # Upload generated corpus files to the S3 bucket.
-    zip -r ./tests/fuzz/corpus/${TEST_NAME}.zip ./tests/fuzz/corpus/${TEST_NAME}/ > /dev/null 2>&1
-    aws s3 cp ./tests/fuzz/corpus/${TEST_NAME}.zip s3://s2n-tls-fuzz-corpus/${TEST_NAME}/corpus.zip
-done
-
diff --git a/codebuild/bin/fuzz_coverage_report.sh b/codebuild/bin/fuzz_coverage_report.sh
deleted file mode 100755
index a35e4e77d4e..00000000000
--- a/codebuild/bin/fuzz_coverage_report.sh
+++ /dev/null
@@ -1,75 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-usage() {
-    echo "Usage: fuzz_coverage_report.sh"
-    exit 1
-}
-
-if [ "$#" -ne "0" ]; then
-    usage
-fi
-
-FUZZ_TEST_DIR="tests/fuzz"
-FUZZCOV_SOURCES="api bin crypto error stuffer tls utils"
-
-# generate coverage report for each fuzz test
-printf "Generating coverage reports... \n"
-
-mkdir -p coverage/fuzz
-for FUZZ_TEST in "$FUZZ_TEST_DIR"/*.c; do
-    # extract file name without extension
-    TEST_NAME=$(basename "$FUZZ_TEST")
-    TEST_NAME="${TEST_NAME%.*}"
-
-    # merge multiple .profraw files into a single .profdata file
-    llvm-profdata merge \
-        -sparse tests/fuzz/profiles/${TEST_NAME}/*.profraw \
-        -o tests/fuzz/profiles/${TEST_NAME}/${TEST_NAME}.profdata
-
-    # generate a coverage report in text format
-    llvm-cov report \
-        -instr-profile=tests/fuzz/profiles/${TEST_NAME}/${TEST_NAME}.profdata build/lib/libs2n.so ${FUZZCOV_SOURCES} \
-        -show-functions \
-        > coverage/fuzz/${TEST_NAME}_cov.txt
-
-    # exports coverage data in LCOV format
-    llvm-cov export \
-        -instr-profile=tests/fuzz/profiles/${TEST_NAME}/${TEST_NAME}.profdata build/lib/libs2n.so ${FUZZCOV_SOURCES} \
-        -format=lcov \
-        > coverage/fuzz/${TEST_NAME}_cov.info
-
-    # convert to HTML format
-    genhtml -q -o coverage/html/${TEST_NAME} coverage/fuzz/${TEST_NAME}_cov.info > /dev/null 2>&1
-done
-
-# merge all coverage reports into a single report that shows total s2n coverage
-printf "Calculating total s2n coverage... \n"
-llvm-profdata merge \
-    -sparse tests/fuzz/profiles/*/*.profdata \
-    -o tests/fuzz/profiles/merged_fuzz.profdata
-
-llvm-cov report \
-    -instr-profile=tests/fuzz/profiles/merged_fuzz.profdata build/lib/libs2n.so ${FUZZCOV_SOURCES} \
-    > s2n_fuzz_coverage.txt
-
-llvm-cov export \
-    -instr-profile=tests/fuzz/profiles/merged_fuzz.profdata build/lib/libs2n.so ${FUZZCOV_SOURCES} \
-    -format=lcov \
-    > s2n_fuzz_cov.info
-    
-genhtml s2n_fuzz_cov.info --branch-coverage -q -o coverage/fuzz/total_fuzz_coverage
diff --git a/codebuild/bin/grep_simple_mistakes.sh b/codebuild/bin/grep_simple_mistakes.sh
deleted file mode 100755
index 6d177f628b0..00000000000
--- a/codebuild/bin/grep_simple_mistakes.sh
+++ /dev/null
@@ -1,302 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-
-FAILED=0
-
-#############################################
-# Grep for command line defines without values
-#############################################
-EMPTY_DEFINES=$(grep -Eon "\-D[^=]+=?" CMakeLists.txt | grep -v =)
-if [ ! -z "${EMPTY_DEFINES}" ]; then
-    FAILED=1
-    printf "\e[1;34mCommand line define is missing value:\e[0m "
-    printf "Compilers SHOULD set a default value of 1 when no default is given, "
-    printf "but that behavior is not required by any official spec. Set a value just in case. "
-    printf "For example: -DS2N_FOO=1 instead of -DS2N_FOO.\n"
-    printf "Found: \n"
-    echo "$EMPTY_DEFINES"
-fi
-
-#############################################
-# Grep for bindings methods without C documentation links.
-#############################################
-BINDINGS="bindings/rust/extended/s2n-tls/src"
-C_APIS=$(grep -rEo "S2N_API( extern)? [^ ]+ [^(]+\(" api | sed -E "s/^.*? \*?(.*?)\(/\1/")
-# Sanity checks
-echo $C_APIS | grep -q "s2n_error_get_type" || { echo "Not detecting APIs" ; exit 1; }
-echo $C_APIS | grep -q "s2n_connection_new" || { echo "Not detecting pointer APIs" ; exit 1; }
-echo $C_APIS | grep -q "s2n_config_set_npn" || { echo "Not detecting unstable APIs" ; exit 1; }
-KNOWN_MISSES=(
-    "s2n_errno_location"
-    "s2n_cert_chain_and_key_get_private_key"
-    "s2n_config_set_ctx"
-    "s2n_client_hello_has_extension"
-    "s2n_async_pkey_op_perform"
-    "s2n_config_get_client_auth_type"
-)
-C_DOCS_FAILED=0
-for api in $C_APIS; do
-    if [[ "${KNOWN_MISSES[*]}" =~ "$api" ]]; then continue; fi
-    CALLS=`grep -ro "$api(" $BINDINGS | wc -l`
-    if [ "$CALLS" == 0 ]; then continue; fi
-    DOCS=$(grep -ro "///.* \[\`$api\`\]" $BINDINGS | wc -l)
-    if [ "$DOCS" == 0 ]; then
-      if [ $C_DOCS_FAILED == 0 ]; then
-        C_DOCS_FAILED=1
-        FAILED=1
-        printf "\e[1;34mRust bindings are missing documentation links:\e[0m "
-        printf "Where possible, the Rust bindings should link to existing documentation. "
-        printf "Links can be written like \"[\`s2n_connection_new\`]\".\n"
-      fi
-      echo "- $api"
-    fi
-done
-
-#############################################
-# Grep for any instances of raw memcpy() function. s2n code should instead be
-# using one of the *_ENSURE_MEMCPY macros.
-#############################################
-S2N_FILES_ASSERT_NOT_USING_MEMCPY=$(find "$PWD" -type f -name "s2n*.[ch]" -not -path "*/tests/*")
-for file in $S2N_FILES_ASSERT_NOT_USING_MEMCPY; do
-  RESULT_NUM_LINES=`grep 'memcpy(' $file | wc -l`
-  if [ "${RESULT_NUM_LINES}" != 0 ]; then
-    echo "Found ${RESULT_NUM_LINES} raw 'memcpy' calls in $file"
-    FAILED=1
-  fi
-done
-
-#############################################
-# Grep for any instances of raw memcmp() function. s2n code should instead be
-# using s2n_constant_time_equals()
-#
-# KNOWN_MEMCMP_USAGE is used to capture all known uses of memcmp and acts as a
-# safeguard against any new uses of memcmp.
-#############################################
-S2N_FILES_ASSERT_NOT_USING_MEMCMP=$(find "$PWD" -type f -name "s2n*.[ch]" -not -path "*/tests/*" -not -path "*/bindings/*")
-declare -A KNOWN_MEMCMP_USAGE
-KNOWN_MEMCMP_USAGE["$PWD/stuffer/s2n_stuffer_text.c"]=1
-KNOWN_MEMCMP_USAGE["$PWD/tls/s2n_psk.c"]=1
-KNOWN_MEMCMP_USAGE["$PWD/tls/s2n_protocol_preferences.c"]=1
-KNOWN_MEMCMP_USAGE["$PWD/tls/s2n_cipher_suites.c"]=1
-KNOWN_MEMCMP_USAGE["$PWD/utils/s2n_map.c"]=3
-
-for file in $S2N_FILES_ASSERT_NOT_USING_MEMCMP; do
-  # NOTE: this matches on 'memcmp', which will also match comments. However, there
-  # are no uses of 'memcmp' in comments so we opt for this stricter check.
-  RESULT_NUM_LINES=`grep -n 'memcmp' $file | wc -l`
-
-  # set default KNOWN_MEMCMP_USAGE value
-  [ -z "${KNOWN_MEMCMP_USAGE["$file"]}" ] && KNOWN_MEMCMP_USAGE["$file"]="0"
-
-  # check if memcmp usage is 0 or a known value
-  if [ "${RESULT_NUM_LINES}" != "${KNOWN_MEMCMP_USAGE["$file"]}" ]; then
-    echo "Expected: ${KNOWN_MEMCMP_USAGE["$file"]} Found: ${RESULT_NUM_LINES} usage of 'memcmp' in $file"
-    FAILED=1
-  fi
-done
-
-#############################################
-# Assert that functions do not return -1 or S2N_ERR* codes directly.
-# To indicate failure, functions should use the S2N_ERROR* macros defined
-# in s2n_errno.h.
-#############################################
-S2N_FILES_ASSERT_RETURN=$(find "$PWD" -type f -name "s2n*.c" -not -path "*/tests/*" -not -path "*/docs/examples/*")
-for file in $S2N_FILES_ASSERT_RETURN; do
-  RESULT_NEGATIVE_ONE=`grep -rn 'return -1;' $file`
-  RESULT_S2N_ERR=`grep -rn 'return S2N_ERR*' $file`
-  RESULT_S2N_FAIL=`grep -rn 'return S2N_FAIL*' $file`
-  RESULT_S2N_RESULT_ERR=`grep -rn 'return S2N_RESULT_ERR*' $file`
-
-  if [ "${#RESULT_NEGATIVE_ONE}" != "0" ]; then
-    FAILED=1
-    printf "\e[1;34mGrep for 'return -1;' check failed in $file:\e[0m\n$RESULT_NEGATIVE_ONE\n\n"
-  fi
-  if [ "${#RESULT_S2N_ERR}" != "0" ]; then
-    FAILED=1
-    printf "\e[1;34mGrep for 'return S2N_ERR*' check failed in $file:\e[0m\n$RESULT_S2N_ERR\n\n"
-  fi
-  if [ "${#RESULT_S2N_FAIL}" != "0" ]; then
-    FAILED=1
-    printf "\e[1;34mGrep for 'return S2N_FAIL*' check failed in $file:\e[0m\n$RESULT_S2N_FAIL\n\n"
-  fi
-  if [ "${#RESULT_S2N_RESULT_ERR}" != "0" ]; then
-    FAILED=1
-    printf "\e[1;34mGrep for 'return S2N_RESULT_ERR*' check failed in $file:\e[0m\n$RESULT_S2N_RESULT_ERR\n\n"
-  fi
-done
-
-#############################################
-# Detect any array size calculations that are not using the s2n_array_len() function.
-#############################################
-S2N_FILES_ARRAY_SIZING_RETURN=$(find "$PWD" -type f -name "s2n*.c" -path "*")
-for file in $S2N_FILES_ARRAY_SIZING_RETURN; do
-  RESULT_ARR_DIV=`grep -Ern 'sizeof\(.*?\) / sizeof\(' $file`
-  if [ "${#RESULT_ARR_DIV}" != "0" ]; then
-    FAILED=1
-    printf "\e[1;34mUsage of 'sizeof(array) / sizeof(T)' check failed. Use s2n_array_len instead in $file:\e[0m\n$RESULT_ARR_DIV\n\n"
-  fi
-done
-
-#############################################
-# Detect any suspicious loops not using s2n_array_len().
-# This is not necessarily a problem, but it's been a common source of errors,
-# so we should just enforce stricter conventions.
-#############################################
-S2N_FILES_WITH_SIZEOF_LOOP=$(find "$PWD" -type f -name "s2n*.c" -path "*")
-for file in $S2N_FILES_WITH_SIZEOF_LOOP; do
-  WITH_QUESTIONABLE_SIZEOF_LOOP=`grep -Ern 'for \(.+; .+ <=? sizeof\(.+\); .+\)' $file | \
-    grep -vE '<=? sizeof\(.*bytes\);' |
-    grep -vE '<=? sizeof\(.*data\);' |
-    grep -vE '<=? sizeof\(.*u8\);'`
-  if [ "${#WITH_QUESTIONABLE_SIZEOF_LOOP}" != "0" ]; then
-    FAILED=1
-    printf "\e[1;34mWarning: sizeof is only valid for arrays of chars or uint8_ts. "
-    printf "Use s2n_array_len for other types, "
-    printf "or append \"bytes\", \"data\", or \"u8\" to your variable name for clarity.\n"
-    printf "File: $file:\e[0m\n$WITH_QUESTIONABLE_SIZEOF_LOOP\n\n"
-  fi
-done
-
-#############################################
-# Assert that all assignments from s2n_stuffer_raw_read() have a
-# notnull_check (or similar manual null check) on the same, or next, line.
-# The assertion is shallow; this doesn't guarantee that we're doing the
-# *correct* null check, just that we are doing *some* null check.
-#############################################
-S2N_FILES_ASSERT_NOTNULL_CHECK=$(find "$PWD" -type f -name "s2n*.[ch]" -not -path "*/tests/*")
-for file in $S2N_FILES_ASSERT_NOTNULL_CHECK; do
-  while read -r line_one; do
-    # When called with the -A option, grep uses lines of "--" as delimiters. We ignore them.
-    if [[ $line_one == "--" ]]; then
-      continue
-    fi
-
-    read -r line_two
-
-    # $line_one definitely contains an assignment from s2n_stuffer_raw_read(),
-    # because that's what we grepped for. So verify that either $line_one or
-    # $line_two contains a null check.
-    null_check_regex="(.*(if|ENSURE).*=\ NULL)|(ENSURE_REF)"
-    if [[ $line_one =~ $null_check_regex ]] || [[ $line_two =~ $null_check_regex ]]; then
-      # Found a notnull_check
-      continue
-    else
-      FAILED=1
-      printf "\e[1;34mFound a call to s2n_stuffer_raw_read without an ENSURE_REF in $file:\e[0m\n$line_one\n\n"
-    fi
-  done < <(grep -rnE -A 1 "=\ss2n_stuffer_raw_read\(.*\)" $file)
-done
-
-#############################################
-# Assert that "index" is not a variable name. An "index" function exists in strings.h, and older compilers (<GCC 4.8) 
-# warn if any local variables called "index" are used because they are considered to shadow that declaration. 
-#############################################
-S2N_FILES_ASSERT_VARIABLE_NAME_INDEX=$(find "$PWD" -type f -name "s2n*.[ch]")
-for file in $S2N_FILES_ASSERT_VARIABLE_NAME_INDEX; do
-  RESULT_VARIABLE_NAME_INDEX=`gcc -fpreprocessed -dD -E -w $file | grep -v '"' | grep '[\*|,|;|[:space:]]index[;|,|\)|[:space:]]'`
-  if [ "${#RESULT_VARIABLE_NAME_INDEX}" != "0" ]; then
-    FAILED=1
-    printf "\e[1;34mGrep for variable name 'index' check failed in $file:\e[0m\n$RESULT_VARIABLE_NAME_INDEX\n\n"
-  fi
-done
-
-#############################################
-# Assert that we didn't accidentally add an extra semicolon when ending a line.
-# This also errors when there is whitespace in-between semicolons, as that is an empty
-# statement and usually not purposeful.
-#############################################
-S2N_FILES_ASSERT_DOUBLE_SEMICOLON=$(find "$PWD" -type f -name "s2n*.[ch]" -not -path "*/bindings/*")
-for file in $S2N_FILES_ASSERT_DOUBLE_SEMICOLON; do
-  RESULT_DOUBLE_SEMICOLON=`grep -Ern ';[[:space:]]*;' $file`
-  if [ "${#RESULT_DOUBLE_SEMICOLON}" != "0" ]; then
-    FAILED=1
-    printf "\e[1;34mFound a double semicolon in $file:\e[0m\n$RESULT_DOUBLE_SEMICOLON\n\n"
-  fi
-done
-
-#############################################
-# Assert that we don't call malloc directly outside of utils/s2n_mem.c or tests.
-# All other allocations must use s2n_alloc or s2n_realloc.
-#############################################
-S2N_FILES_ASSERT_MALLOC=$(find "$PWD" -type f -name "s2n*.c" \
-    -not -path "*/utils/s2n_mem.c" \
-    -not -path "*/tests/*" \
-    -not -path "*/bin/*")
-for file in $S2N_FILES_ASSERT_MALLOC; do
-  RESULT_MALLOC=`grep -n "= malloc(" $file`
-  if [ "${#RESULT_MALLOC}" != "0" ]; then
-    FAILED=1
-    printf "\e[1;34mFound malloc in $file:\e[0m\n$RESULT_MALLOC\n\n"
-  fi
-done
-
-#############################################
-## Assert that there are no new uses of S2N_ERROR_IF
-# TODO add crypto, tls (see https://github.com/aws/s2n-tls/issues/2635)
-#############################################
-S2N_ERROR_IF_FREE="bin error scram stuffer utils tests"
-for dir in $S2N_ERROR_IF_FREE; do
-  files=$(find "$dir" -type f -name "*.c" -path "*")
-  for file in $files; do
-    result=`grep -Ern 'S2N_ERROR_IF' $file`
-    if [ "${#result}" != "0" ]; then
-      FAILED=1
-      printf "\e[1;34mUsage of 'S2N_ERROR_IF' check failed. Use 'POSIX_ENSURE' instead in $file:\e[0m\n$result\n\n"
-    fi
-  done
-done
-
-#############################################
-## Assert all ".[c|h]" source files have the correct file mode.
-#############################################
-S2N_FILES_WITH_WRONG_MODE=$(find "$PWD" \( -name '*.c' -o -name '*.h' \) -a \! -perm 644)
-if [[ -n $S2N_FILES_WITH_WRONG_MODE ]]; then
-  for file in $S2N_FILES_WITH_WRONG_MODE; do
-    FAILED=1
-    printf "\\033[31;1mFile mode of %s is not 644.\\033[0m\\n" "$file"
-  done
-  printf "\\033[31;1mPlease run \`find s2n-tls/ -name '*.c' -o -name '*.h' -exec chmod 644 {} \\;\` to fix all file modes.\\033[0m\\n"
-fi
-
-#############################################
-## Assert "extern" is not added to function declarations unnecessarily.
-#############################################
-S2N_UNNECESSARY_EXTERNS=$(find "$PWD" -type f -name "s2n*.[h]" \! -path "*/api/*" \! -path "*/bindings/*" \
-  -exec grep -RE "extern (.*?) (.*?)\(" {} +)
-if [[ -n $S2N_UNNECESSARY_EXTERNS ]]; then
-  FAILED=1
-  printf "\e[1;34mFound unnecessary 'extern' in function declaration:\e[0m\n"
-  printf "$S2N_UNNECESSARY_EXTERNS\n\n"
-fi
-
-#############################################
-# Assert ENSURE/GUARD have a valid error code
-#############################################
-S2N_ENSURE_WITH_INVALID_ERROR_CODE=$(find "$PWD" -type f -name "s2n*.c" -path "*" \! -path "*/tests/*" \
-    -exec grep -RE "(ENSURE|GUARD_OSSL)\(.*?, .*?);" {} + | grep -v "S2N_ERR_")
-if [[ -n $S2N_ENSURE_WITH_INVALID_ERROR_CODE ]]; then
-  FAILED=1
-  printf "\e[1;34mENSURE and GUARD_OSSL require a valid error code from errors/s2n_errno.h:\e[0m\n"
-  printf "$S2N_ENSURE_WITH_INVALID_ERROR_CODE\n\n"
-fi
-
-#############################################
-# REPORT FINAL RESULTS
-#############################################
-if [ $FAILED == 1 ]; then
-  printf "\\033[31;1mFAILED Grep For Simple Mistakes check\\033[0m\\n"
-  exit -1
-else
-  printf "\\033[32;1mPASSED Grep For Simple Mistakes check\\033[0m\\n"
-fi
diff --git a/codebuild/bin/header_mistake_scanner.sh b/codebuild/bin/header_mistake_scanner.sh
deleted file mode 100755
index 20e984cd61d..00000000000
--- a/codebuild/bin/header_mistake_scanner.sh
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-S2N_FILES=$(find "$PWD" -type f -name "s2n_*.[ch]")
-S2N_FILES+=" "
-S2N_FILES+=$(find "$PWD"/codebuild/ -type f -name "*.sh")
-S2N_FILES+=" "
-S2N_FILES+=$(find "$PWD"/codebuild/ -type f -name "*.yml")
-S2N_FILES+=" "
-S2N_FILES+=$(find "$PWD"/tests/ -type f -name "*.sh")
-S2N_FILES+=" "
-S2N_FILES+=$(find "$PWD"/tests/integrationv2 -type f -name "*.py")
-S2N_FILES+=" "
-S2N_FILES+=$(find "$PWD" -type f -name "*.rs" | grep -v target)
-
-FAILED=0
-
-for file in $S2N_FILES; do
-    # The phrase "Copyright (20xx) Amazon.com, Inc. or its affiliates" should appear at least once in the first 4 lines of every file
-    COUNT=`head -4 $file | grep -i "Copyright" | grep -i "Amazon.com, Inc. or its affiliates" | wc -l`;
-    if [ "$COUNT" == "0" ];
-    then
-        FAILED=1;
-        echo "Copyright Check Failed: $file";
-    fi
-done
-
-for file in $S2N_FILES; do
-    # The Apache 2.0 License should appear in every file
-    COUNT=`head -5 $file | grep -E "Apache License, Version 2.0|Apache-2.0" | wc -l`;
-    if [ "$COUNT" == "0" ];
-    then
-        FAILED=1;
-        echo "License Check Failed: $file";
-    fi
-done
-
-if [ $FAILED == 1 ];
-then
-    printf "\\033[31;1mFAILED Copyright Check\\033[0m\\n"
-    exit -1
-else
-    printf "\\033[32;1mPASSED Copyright Check\\033[0m\\n"
-fi
diff --git a/codebuild/bin/install_al_dependencies.sh b/codebuild/bin/install_al_dependencies.sh
deleted file mode 100755
index 6127d878f3d..00000000000
--- a/codebuild/bin/install_al_dependencies.sh
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -eu
-source ./codebuild/bin/s2n_setup_env.sh
-
-al2023_main(){
-    case "$S2N_LIBCRYPTO" in
-    "default") echo "Using default system libcrypto";;
-    *) echo "${S2N_LIBCRYPTO} is not installed on this platform."; exit 1;;
-    esac
-    common_packages
-    al2023_packages
-    versions
-}
-
-al2_main() {
-    echo "Installing AL2 packages"
-    common_packages
-    al2_packages
-    symlink_all_the_things
-
-    case "$S2N_LIBCRYPTO" in
-    "openssl-1.1.1")
-        yum erase -y openssl-devel || true
-        yum install -y openssl11-static openssl11-libs openssl11-devel
-        ;;
-    "default") echo "Using default system libcrypto";;
-    *) echo "Unknown libcrypto: ${S2N_LIBCRYPTO}"; exit 1;;
-    esac
-    versions
-}
-
-common_packages(){
-    # Borrowed from https://github.com/aws/aws-codebuild-docker-images/blob/master/al2/x86_64/standard/5.0/Dockerfile#L24
-    mono
-    yum groupinstall -y "Development tools"
-    yum install -y clang git cmake3 iproute net-tools nettle-devel nettle which sudo psmisc
-    yum install -y python3-pip tcpdump unzip zlib-devel libtool ninja-build valgrind wget
-    rm /etc/yum.repos.d/mono-centos7-stable.repo
-}
-
-al2023_packages(){
-    # Openssl 3.0 headers and go
-    yum install -y openssl-devel golang
-    # TODO: cmake isn't finding awslc https://github.com/aws/s2n-tls/issues/4633
-    #./codebuild/bin/install_awslc.sh $(mktemp -d) /usr/local/awsc 0
-}
-
-al2_packages() {
-    # Latest AL2 image had dependency issues related to NodeJS.
-    # We don't use NodeJS, so just remove it.
-    yum erase -y nodejs || true
-    yum update -y
-    yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm || true
-    yum install amazon-linux-extras
-
-    # Who owns this package? It needs updating to not install modules under python2.7
-    PYTHON=$(which python2) amazon-linux-extras install -y ruby2.6 rust1 python3.8
-    PYTHON=$(which python2) amazon-linux-extras enable epel
-    PYTHON=$(which python2) amazon-linux-extras enable corretto8
-    yum install -y openssh-clients
-}
-
-mono() {
-    rpm --import https://download.mono-project.com/repo/xamarin.gpg
-    curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo
-}
-
-symlink_all_the_things() {
-    # Package owners should be doing this.
-    # Note the version number at the end allows for upgrades to supersede these.
-    update-alternatives --install /usr/bin/pip pip3 /usr/bin/pip3 300
-    update-alternatives --install /usr/bin/ninja ninja /usr/bin/ninja-build 170
-    update-alternatives --install /usr/bin/cmake cmake /usr/bin/cmake3 313
-    update-alternatives --install /usr/bin/gcc-7 gcc /usr/bin/gcc 700
-    update-alternatives --install /usr/bin/g++-7 g++ /usr/bin/g++ 700
-    update-alternatives --install /usr/bin/g++-7 g++ /usr/bin/g++ 700
-}
-
-versions(){
-    gcc --version
-    cmake --version
-    python3 --version
-}
-
-if [[ ${DISTRO} != "amazon linux" ]]; then
-    echo "Target Amazon Linux, but running on $DISTRO: Nothing to do."
-    exit 0;
-else
-    if [[ ${VERSION_ID} == '2' ]]; then
-        al2_main;
-    elif [[ ${VERSION_ID} == '2023' ]]; then
-        al2023_main;
-    fi
-fi
diff --git a/codebuild/bin/install_apache2.sh b/codebuild/bin/install_apache2.sh
deleted file mode 100755
index 7b637913b2d..00000000000
--- a/codebuild/bin/install_apache2.sh
+++ /dev/null
@@ -1,82 +0,0 @@
-#!/bin/bash
-#
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -eu
-source codebuild/bin/s2n_setup_env.sh
-
-usage() {
-    echo "install_apache2.sh config_dir install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "2" ]; then
-    usage
-fi
-
-APACHE2_CONFIG_DIR="$1"
-APACHE2_INSTALL_DIR="$2"
-
-apache_enable() {
-    item_type="$1"
-    item="$2"
-    required="$3"
-
-    source_path="/etc/apache2/${item_type}-available/${item}"
-    dest_path="${APACHE2_INSTALL_DIR}/${item_type}-enabled/${item}"
-
-    if [ ! -f "${source_path}" ]; then
-        if [ "$required" = true ]; then
-            echo "apache item not found: ${source_path}"
-            exit 1
-        fi
-
-        return
-    fi
-
-    ln -s "$source_path" "$dest_path"
-}
-
-mod_enable() {
-    mod="$1"
-    apache_enable "mods" "${mod}.load" true
-    apache_enable "mods" "${mod}.conf" false
-}
-
-conf_enable() {
-    conf="$1"
-    apache_enable "conf" "${conf}.conf" true
-}
-
-cp -r "${APACHE2_CONFIG_DIR}" "${APACHE2_INSTALL_DIR}"
-mkdir "${APACHE2_INSTALL_DIR}/mods-enabled"
-mkdir "${APACHE2_INSTALL_DIR}/conf-enabled"
-mkdir "${APACHE2_INSTALL_DIR}/run"
-mkdir "${APACHE2_INSTALL_DIR}/lock"
-mkdir "${APACHE2_INSTALL_DIR}/log"
-
-# Enable default mods
-DEFAULT_MODS=("access_compat" "alias" "auth_basic" "authn_core" "authn_file" "authz_core" "authz_host" "authz_user"
-              "autoindex" "deflate" "dir" "env" "filter" "mime" "mpm_event" "negotiation" "reqtimeout" "setenvif"
-              "socache_shmcb" "status" "ssl")
-for mod in "${DEFAULT_MODS[@]}"; do
-    mod_enable "$mod"
-done
-
-# Enable default configuration
-DEFAULT_CONF=("charset" "localized-error-pages" "other-vhosts-access-log" "security" "serve-cgi-bin")
-for conf in "${DEFAULT_CONF[@]}"; do
-    conf_enable "$conf"
-done
diff --git a/codebuild/bin/install_awslc.sh b/codebuild/bin/install_awslc.sh
deleted file mode 100755
index 534ec81a1ff..00000000000
--- a/codebuild/bin/install_awslc.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-
-set -eu
-pushd "$(pwd)"
-
-usage() {
-    echo -e "\ninstall_awslc.sh build_dir install_dir"
-    echo -e "\tIf you need FIPS, use the FIPS specific install script.\n"
-    exit 1
-}
-
-if [ "$#" -ne "2" ]; then
-    usage
-fi
-
-BUILD_DIR=$1
-INSTALL_DIR=$2
-GH_RELEASE_URL="https://api.github.com/repos/aws/aws-lc/releases"
-
-if [[ ! -f "$(which clang)" ]]; then
-  echo "Could not find clang"
-  exit 1
-fi
-
-# Ask GitHub for the latest v1.x release.
-AWSLC_VERSION=$(curl --silent "$GH_RELEASE_URL" | \
-        grep -Po '"tag_name": "\Kv1\..*?(?=")' |head -1)
-
-mkdir -p "$BUILD_DIR"||true
-cd "$BUILD_DIR"
-echo "Checking out tag=$AWSLC_VERSION"
-# --branch can also take tags and detaches the HEAD at that commit in the resulting repository
-# --depth 1 Create a shallow clone with a history truncated to 1 commit
-# If the curl above is throttled, fall back to a known version.
-git clone https://github.com/awslabs/aws-lc.git --branch "${AWSLC_VERSION:-main}" --depth 1
-
-install_awslc() {
-    echo "Building with shared library=$1"
-    cmake ./aws-lc \
-      -Bbuild \
-      -GNinja \
-      -DBUILD_SHARED_LIBS=$1 \
-      -DCMAKE_BUILD_TYPE=relwithdebinfo \
-      -DCMAKE_INSTALL_PREFIX="${INSTALL_DIR}" \
-      -DCMAKE_C_COMPILER=$(which clang) \
-      -DCMAKE_CXX_COMPILER=$(which clang++) \
-      -DDISABLE_GO=ON
-    ninja -j "$(nproc)" -C build install
-    ninja -C build clean
-}
-
-install_awslc 0
-install_awslc 1
-
-exit 0
diff --git a/codebuild/bin/install_awslc_fips.sh b/codebuild/bin/install_awslc_fips.sh
deleted file mode 100755
index c4cc33ec4b7..00000000000
--- a/codebuild/bin/install_awslc_fips.sh
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0
-set -eu
-
-usage() {
-    echo -e "\ninstall_awslc_fips.sh build_dir install_dir version"
-    echo -e "\tversion: 2022|2024|next\n"
-    exit 1
-}
-
-check_dep(){
-    if [[ ! -f "$(which $1)" ]]; then
-        echo "Could not find $1"
-        exit 1
-    fi
-}
-
-clone(){
-    git clone https://github.com/awslabs/aws-lc.git --branch "$AWSLC_BRANCH" --depth 1 $BUILD_DIR
-    cd "$BUILD_DIR"
-}
-
-build() {
-    echo "Building with shared library=$1"
-    cmake $BUILD_DIR \
-      -Bbuild \
-      -GNinja \
-      -DBUILD_SHARED_LIBS=$1 \
-      -DCMAKE_BUILD_TYPE=relwithdebinfo \
-      -DCMAKE_INSTALL_PREFIX="${INSTALL_DIR}" \
-      -DCMAKE_C_COMPILER=$(which clang) \
-      -DCMAKE_CXX_COMPILER=$(which clang++) \
-      -DFIPS="true"
-    ninja -j "$(nproc)" -C build install
-    ninja -C build clean
-}
-
-# main
-if [ "$#" -ne "3" ]; then
-    usage
-fi
-
-# Ensure tooling is available
-check_dep clang
-check_dep ninja
-check_dep go
-
-BUILD_DIR=$1
-INSTALL_DIR=$2
-VERSION=$3
-# This url only returns the latest 30 releases (configurable via `per_page`). AWS-LC-FIPS-3.x is the current major version.
-GH_RELEASE_URL="https://api.github.com/repos/aws/aws-lc/releases"
-# Latest release of AWS-LC-FIPS-2.x
-FIPS2_RELEASE_URL="https://api.github.com/repos/aws/aws-lc/releases/tags/AWS-LC-FIPS-2.0.17"
-
-# Map version to the latest release of the certificate year.
-# Note: since the next FIPS validation will be split off from main
-# building main with FIPS enabled is the next candidate FIPS branch.
-case $VERSION in
-  "2022")
-    AWSLC_BRANCH=$(curl --silent $FIPS2_RELEASE_URL \
-      |grep -Po '"tag_name": "\KAWS-LC-FIPS-2.*?(?=")' |head -1)
-    ;;
-  "2024")
-    AWSLC_BRANCH=$(curl --silent $GH_RELEASE_URL \
-      |grep -Po '"tag_name": "\KAWS-LC-FIPS-3.*?(?=")' |head -1)
-    ;;
-  "next")
-    AWSLC_BRANCH=main
-    ;;
-  *)
-    echo "Unknown version: $VERSION"
-    usage
-    ;;
-esac
-
-clone
-# Static lib
-build false
-# Shared lib
-build true
-
-rm -rf $BUILD_DIR
-
diff --git a/codebuild/bin/install_awslc_fips_2022.sh b/codebuild/bin/install_awslc_fips_2022.sh
deleted file mode 100755
index 34cdefa2311..00000000000
--- a/codebuild/bin/install_awslc_fips_2022.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0
-set -eu
-
-usage() {
-    echo "install_awslc_fips_2022.sh build_dir install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "2" ]; then
-    usage
-fi
-
-CBPATH=$(dirname $0)
-BUILD_DIR=$1
-INSTALL_DIR=$2
-
-$CBPATH/install_awslc_fips.sh $@ 2022
-
diff --git a/codebuild/bin/install_awslc_fips_2024.sh b/codebuild/bin/install_awslc_fips_2024.sh
deleted file mode 100755
index cf4a951bf0d..00000000000
--- a/codebuild/bin/install_awslc_fips_2024.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0
-set -eu
-
-usage() {
-    echo "install_awslc_fips_2024.sh build_dir install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "2" ]; then
-    usage
-fi
-
-CBPATH=$(dirname $0)
-
-$CBPATH/install_awslc_fips.sh $@ 2024
-
diff --git a/codebuild/bin/install_boringssl.sh b/codebuild/bin/install_boringssl.sh
deleted file mode 100755
index 96ae396c4f6..00000000000
--- a/codebuild/bin/install_boringssl.sh
+++ /dev/null
@@ -1,63 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-
-set -ex
-pushd "$(pwd)"
-
-usage() {
-    echo "install_boringssl.sh build_dir install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "2" ]; then
-    usage
-fi
-
-BUILD_DIR=$1
-INSTALL_DIR=$2
-source codebuild/bin/jobs.sh
-cd "$BUILD_DIR"
-
-# Disable go proxy.  see https://github.com/golang/go/issues/33985
-go env GOPRIVATE=*
-
-# BoringSSL doesn't have tags or versions in the Github repo.
-# This commit represents the latest version that S2N is compatible
-# with. It prevents our build system from breaking when BoringSSL
-# is updated, last done on 2022-12-30.
-BSSL_VERSION=31bad2514d21f6207f3925ba56754611c462a873
-mkdir boringssl
-cd boringssl
-git init
-git remote add origin https://github.com/google/boringssl.git
-git fetch origin --depth=1 $BSSL_VERSION
-git reset --hard FETCH_HEAD
-
-git checkout $BSSL_VERSION
-mkdir ../build
-cd ../build
-
-cmake ../boringssl -DBUILD_SHARED_LIBS=1 -DCMAKE_BUILD_TYPE=Release
-make -j $JOBS
-
-# BoringSSL does not define any install configuration in their CMake config, copy the stuff we know we need
-mkdir -p "${INSTALL_DIR}/lib"
-mkdir -p "${INSTALL_DIR}/bin"
-cp crypto/libcrypto.so "${INSTALL_DIR}/lib/libcrypto.so"
-cp tool/bssl "${INSTALL_DIR}/bin/bssl"
-cp -r ../boringssl/include "$INSTALL_DIR"
-
-popd
-
-exit 0
diff --git a/codebuild/bin/install_clang.sh b/codebuild/bin/install_clang.sh
deleted file mode 100755
index 73f2a878a5d..00000000000
--- a/codebuild/bin/install_clang.sh
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-usage() {
-	echo "install_clang.sh download_dir install_dir os_name"
-	exit 1
-}
-
-if [ "$#" -ne "3" ]; then
-	usage
-fi
-
-CLANG_DOWNLOAD_DIR=$1
-CLANG_INSTALL_DIR=$2
-PLATFORM=$3
-
-mkdir -p "$CLANG_DOWNLOAD_DIR"
-cd "$CLANG_DOWNLOAD_DIR"
-
-if [ "$PLATFORM" == "linux" ]; then
-	# The Certificate used by chromium.googlesource.com is not in the default CA
-	# list supported by git/curl on Ubuntu, but the certificate is in the
-	# ca-certificates.crt file in Ubuntu, so set this env variable so that it is
-	# picked up by git.
-	export SSL_CERT_FILE=/usr/lib/ssl/certs/ca-certificates.crt
-fi
-
-export GIT_CURL_VERBOSE=1
-echo "Downloading Clang..."
-git clone https://chromium.googlesource.com/chromium/src/tools/clang
-
-echo "Updating Clang..."
-python3 "$CLANG_DOWNLOAD_DIR"/clang/scripts/update.py
-
-# "third_party" directory is created above $CLANG_DOWNLOAD_DIR after running
-# update, move it into $CLANG_DOWNLOAD_DIR once update is complete.
-mv ../third_party "$CLANG_DOWNLOAD_DIR"
-
-echo "Installed Clang Version: "
-"$CLANG_DOWNLOAD_DIR"/third_party/llvm-build/Release+Asserts/bin/clang --version
-
-# Install matching LLVM if FUZZ_COVERAGE is enabled
-if [[ "$FUZZ_COVERAGE" == "true" ]]; then
-	LLVM_INSTALL_DIR="$CLANG_INSTALL_DIR"/../llvm
-	mkdir -p "$LLVM_INSTALL_DIR"
-	python3 "$CLANG_DOWNLOAD_DIR"/clang/scripts/update.py --package="coverage_tools" --output-dir="$LLVM_INSTALL_DIR"
-	ln -sf $LLVM_INSTALL_DIR/bin/llvm-cov /usr/bin/llvm-cov
-	ln -sf $LLVM_INSTALL_DIR/bin/llvm-profdata /usr/bin/llvm-profdata
-fi
-
-mkdir -p "$CLANG_INSTALL_DIR" && cp -rf "$CLANG_DOWNLOAD_DIR"/third_party/llvm-build/Release+Asserts/* "$CLANG_INSTALL_DIR"
-
diff --git a/codebuild/bin/install_cppcheck.sh b/codebuild/bin/install_cppcheck.sh
deleted file mode 100755
index 96945bf475a..00000000000
--- a/codebuild/bin/install_cppcheck.sh
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-usage() {
-    echo "install_cppcheck.sh install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "1" ]; then
-    usage
-fi
-
-INSTALL_DIR=$1
-source codebuild/bin/jobs.sh
-
-mkdir -p $INSTALL_DIR||true
-cd "$INSTALL_DIR"
-git clone --branch 2.3 --depth 1 https://github.com/danmar/cppcheck.git cppcheck-src
-cd cppcheck-src
-
-# The cppcheck 2.3 build fails without this import. This should be removed after cppcheck is
-# updated: https://github.com/aws/s2n-tls/issues/5239
-sed -i '1s/^/#include <limits>\n/' ./lib/programmemory.cpp
-
-# -DNO_UNIX_SIGNAL_HANDLING is added to support the cppcheck 2.3 build, and should also be removed
-# after cppcheck is updated: https://github.com/aws/s2n-tls/issues/5239
-# These build instructions are based on https://github.com/danmar/cppcheck#gnu-make.
-make -j $JOBS MATCHCOMPILER=yes CXXFLAGS="-O2 -DNDEBUG -DNO_UNIX_SIGNAL_HANDLING"
-
-mv cppcheck ..
-mv cfg ..
-cd ..
-rm -rf cppcheck-src
diff --git a/codebuild/bin/install_ctverif.sh b/codebuild/bin/install_ctverif.sh
deleted file mode 100755
index 831a5d33ace..00000000000
--- a/codebuild/bin/install_ctverif.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-usage() {
-    echo "install_ctverif.sh install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "1" ]; then
-    usage
-fi
-
-INSTALL_DIR=$1
-
-cd "$INSTALL_DIR"
-
-#install smack
-git clone https://github.com/smackers/smack.git -b develop
-cd smack/bin
-git checkout 45e1fc5
-./build.sh
-
-# Disabling ShellCheck using https://github.com/koalaman/shellcheck/wiki/Directive
-# Turn of Warning in one line as https://github.com/koalaman/shellcheck/wiki/SC1090
-# shellcheck disable=SC1090
-source "$INSTALL_DIR"/smack.environment
-
-#install ctverif
-cd "$INSTALL_DIR"
-git clone --depth 1 https://github.com/imdea-software/verifying-constant-time.git -b test-automation
-
diff --git a/codebuild/bin/install_default_dependencies.sh b/codebuild/bin/install_default_dependencies.sh
deleted file mode 100755
index ff0f02bed61..00000000000
--- a/codebuild/bin/install_default_dependencies.sh
+++ /dev/null
@@ -1,146 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -ex
-source codebuild/bin/s2n_setup_env.sh
-
-
- # Install latest version of clang, clang++, and llvm-symbolizer. Needed for fuzzing.
-if [[ "$TESTS" == "fuzz" || "$TESTS" == "ALL" || "$LATEST_CLANG" == "true" ]]; then
-    mkdir -p "$LATEST_CLANG_INSTALL_DIR"||true
-    codebuild/bin/install_clang.sh "$(mktemp -d)" "$LATEST_CLANG_INSTALL_DIR" "$OS_NAME" > /dev/null ;
-fi
-
-# Download and Install Openssl 1.1.1
-if [[ ("$S2N_LIBCRYPTO" == "openssl-1.1.1") || ( "$TESTS" == "integrationv2" || "$TESTS" == "ALL" ) ]]; then
-    if [[ ! -x "$OPENSSL_1_1_1_INSTALL_DIR/bin/openssl" ]]; then
-      mkdir -p "$OPENSSL_1_1_1_INSTALL_DIR"||true
-      codebuild/bin/install_openssl_1_1_1.sh "$(mktemp -d)" "$OPENSSL_1_1_1_INSTALL_DIR" "$OS_NAME" > /dev/null ;
-    fi
-fi
-
-# Download and Install Openssl 3.0
-if [[ "$S2N_LIBCRYPTO" == "openssl-3.0" && ! -d "$OPENSSL_3_0_INSTALL_DIR" ]]; then
-    mkdir -p "$OPENSSL_3_0_INSTALL_DIR"
-    codebuild/bin/install_openssl_3_0.sh "$(mktemp -d)" "$OPENSSL_3_0_INSTALL_DIR" "$OS_NAME" > /dev/null ;
-fi
-
-# Download and Install Openssl 3.0 FIPS
-if [[ "$S2N_LIBCRYPTO" == "openssl-3.0-fips" && ! -d "$OPENSSL_3_FIPS_INSTALL_DIR" ]]; then
-    mkdir -p "$OPENSSL_3_FIPS_INSTALL_DIR"
-    codebuild/bin/install_openssl_3_0.sh "$(mktemp -d)" "$OPENSSL_3_FIPS_INSTALL_DIR" "$OS_NAME" fips > /dev/null ;
-fi
-
-# Download and Install Openssl 1.0.2
-if [[ "$S2N_LIBCRYPTO" == "openssl-1.0.2" && ! -d "$OPENSSL_1_0_2_INSTALL_DIR" ]]; then
-    mkdir -p "$OPENSSL_1_0_2_INSTALL_DIR"||true
-    codebuild/bin/install_openssl_1_0_2.sh "$(mktemp -d)" "$OPENSSL_1_0_2_INSTALL_DIR" "$OS_NAME" > /dev/null ;
-fi
-
-# Download and Install the Openssl FIPS module and Openssl 1.0.2-fips
-if [[ "$S2N_LIBCRYPTO" == "openssl-1.0.2-fips" ]] && [[ ! -d "$OPENSSL_1_0_2_FIPS_INSTALL_DIR" ]]; then
-    codebuild/bin/install_openssl_1_0_2_fips.sh "$(mktemp -d)" "$OPENSSL_1_0_2_FIPS_INSTALL_DIR" "$OS_NAME" ; fi
-
-# Download and Install LibreSSL
-if [[ "$S2N_LIBCRYPTO" == "libressl" && ! -d "$LIBRESSL_INSTALL_DIR" ]]; then
-    mkdir -p "$LIBRESSL_INSTALL_DIR"||true
-    codebuild/bin/install_libressl.sh "$(mktemp -d)" "$LIBRESSL_INSTALL_DIR" > /dev/null ;
-fi
-
-# Download and Install BoringSSL
-if [[ "$S2N_LIBCRYPTO" == "boringssl" && ! -d "$BORINGSSL_INSTALL_DIR" ]]; then
-    codebuild/bin/install_boringssl.sh "$(mktemp -d)" "$BORINGSSL_INSTALL_DIR" > /dev/null ;
-fi
-
-# Download and Install AWS-LC
-if [[ "$S2N_LIBCRYPTO" == "awslc" && ! -d "$AWSLC_INSTALL_DIR" ]]; then
-    codebuild/bin/install_awslc.sh "$(mktemp -d)" "$AWSLC_INSTALL_DIR" > /dev/null ;
-fi
-
-if [[ "$S2N_LIBCRYPTO" == "awslc-fips-2022" && ! -d "$AWSLC_FIPS_2022_INSTALL_DIR" ]]; then
-    codebuild/bin/install_awslc.sh "$(mktemp -d)" "$AWSLC_FIPS_2022_INSTALL_DIR" "2022" > /dev/null ;
-fi
-if [[ "$S2N_LIBCRYPTO" == "awslc-fips-2024" && ! -d "$AWSLC_FIPS_2024_INSTALL_DIR" ]]; then
-    codebuild/bin/install_awslc_fips_2024.sh "$(mktemp -d)" "$AWSLC_FIPS_2024_INSTALL_DIR" "2024" > /dev/null ;
-fi
-
-if [[ "$TESTS" == "integrationv2" || "$TESTS" == "ALL" ]]; then
-    # Install tox
-    if [[ "$DISTRO" == "ubuntu" ]]; then
-        if [[ ! -x `python3.9 -m tox --version` ]]; then
-            python3.9 -m pip install tox
-        fi
-    else
-        if [[ ! -x `which tox` ]]; then
-            case "$DISTRO" in
-            "amazon linux")
-                yum install -y python3-pip
-                python3 -m pip install --user tox ;;
-            "apple")
-                brew install python@3
-                python3 -m pip install --user tox ;;
-            *)
-                echo "Unknown platform $DISTRO trying to install tox on $OS_NAME $ARCH"
-                exit 1
-                ;;
-            esac
-        fi
-    fi
-
-    if [[ ! -x "$GNUTLS37_INSTALL_DIR/bin/gnutls-cli" ]]; then
-      # Download and Install GnuTLS for integration tests
-      mkdir -p "$GNUTLS37_INSTALL_DIR"||true
-      codebuild/bin/install_gnutls37.sh "$(mktemp -d)" "$GNUTLS37_INSTALL_DIR" > /dev/null ;
-    fi
-
-    if [[ "$DISTRO" == "ubuntu" ]]; then
-        # Install SSLyze for all Integration Tests on Ubuntu.
-        # There is a nassl dependency issue preventing this from working on on AL2 ARM (others?).
-        if [[ "$S2N_NO_SSLYZE" != "true" ]]; then
-            codebuild/bin/install_sslyze.sh
-        fi
-
-        if [[ ! -x "$APACHE2_INSTALL_DIR/apache2.conf" ]]; then
-            codebuild/bin/install_apache2.sh codebuild/bin/apache2 "$APACHE2_INSTALL_DIR"
-        fi
-    fi
-fi
-
-# Install SAW, Z3, and Yices for formal verification
-if [[ "$SAW" == "true" || "$TESTS" == "ALL" ]]; then
-    mkdir -p "$SAW_INSTALL_DIR"||true
-    codebuild/bin/install_saw.sh "$(mktemp -d)" "$SAW_INSTALL_DIR" > /dev/null ;
-
-    mkdir -p "$Z3_INSTALL_DIR"||true
-    codebuild/bin/install_z3_yices.sh "$(mktemp -d)" "$Z3_INSTALL_DIR" > /dev/null ;
-fi
-
-if [[ ! -x `which cmake` ]]; then
-    case "$DISTRO" in
-    "ubuntu")
-        apt-get -y install cmake
-        ;;
-    "amazon linux")
-        yum install -y cmake3
-        update-alternatives --install /usr/bin/cmake cmake /usr/bin/cmake3 30
-        ;;
-    "apple")
-        brew install cmake
-        ;;
-    *)
-        echo "Unknown platform for cmake."
-        ;;
-    esac
-fi
diff --git a/codebuild/bin/install_gnutls37.sh b/codebuild/bin/install_gnutls37.sh
deleted file mode 100755
index 7be4aa84149..00000000000
--- a/codebuild/bin/install_gnutls37.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/bash
-#
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-source codebuild/bin/s2n_setup_env.sh
-
-usage() {
-    echo "install_gnutls37.sh build_dir install_dir os_name"
-    exit 1
-}
-
-if [ "$#" -ne "2" ]; then
-    usage
-fi
-
-GNUTLS_BUILD_DIR=$1
-GNUTLS_INSTALL_DIR=$2
-
-source codebuild/bin/jobs.sh
-
-# libgmp is needed for libnettle
-case "$DISTRO" in
-  "ubuntu")
-    sudo apt-get -qq install libgmp3-dev -y
-    ;;
-  "amazon linux")
-    sudo yum install -y gmp-devel
-    ;;
-"darwin" )
-    # Installing an existing package is a "failure" in brew
-    brew install gmp || true
-    ;;
-*)
-    echo "Invalid platform! $OS_NAME"
-    usage
-    ;;
-esac
-
-cd "$GNUTLS_BUILD_DIR"
-
-# Originally from: https://ftp.gnu.org/gnu/nettle/
-curl --retry 3 https://s3-us-west-2.amazonaws.com/s2n-public-test-dependencies/2021-01-04_nettle-3.7.tar.gz --output nettle-3.7.tar.gz
-tar -xzf nettle-3.7.tar.gz
-cd nettle-3.7
-./configure --prefix="$GNUTLS_INSTALL_DIR"/nettle \
-            --disable-openssl \
-            --enable-shared
-make -j $JOBS
-make -j $JOBS install
-cd ..
-
-# Install GnuTLS
-# Originally from: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/
-curl --retry 3 https://s3-us-west-2.amazonaws.com/s2n-public-test-dependencies/2022-01-18_gnutls-3.7.3.tar.xz --output gnutls-3.7.3.tar.xz
-tar -xJf gnutls-3.7.3.tar.xz
-cd gnutls-3.7.3
-PKG_CONFIG_PATH="$GNUTLS_INSTALL_DIR"/nettle/lib/pkgconfig:$PKG_CONFIG_PATH \
-  ./configure --prefix="$GNUTLS_INSTALL_DIR" \
-              --without-p11-kit \
-              --with-included-libtasn1 \
-              --with-included-unistring
-make -j $JOBS
-make -j $JOBS install
diff --git a/codebuild/bin/install_libressl.sh b/codebuild/bin/install_libressl.sh
deleted file mode 100755
index 4a34c9468a8..00000000000
--- a/codebuild/bin/install_libressl.sh
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-usage() {
-    echo "install_libressl.sh build_dir install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "2" ]; then
-    usage
-fi
-
-BUILD_DIR=$1
-INSTALL_DIR=$2
-source codebuild/bin/jobs.sh
-
-cd "$BUILD_DIR"
-# Originally from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3.tar.gz
-curl https://s3-us-west-2.amazonaws.com/s2n-public-test-dependencies/2022-12-01_libressl-3.6.1.tar.gz > libressl-3.6.1.tar.gz
-tar -xzvf libressl-3.6.1.tar.gz
-cd libressl-3.6.1
-./configure --prefix="$INSTALL_DIR"
-make -j $JOBS CFLAGS=-fPIC install
diff --git a/codebuild/bin/install_openssl_1_0_2.sh b/codebuild/bin/install_openssl_1_0_2.sh
deleted file mode 100755
index d6f6793ecd4..00000000000
--- a/codebuild/bin/install_openssl_1_0_2.sh
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -ex
-pushd "$(pwd)"
-
-usage() {
-    echo "install_openssl_1_0_2.sh build_dir install_dir os_name"
-    exit 1
-}
-
-if [ "$#" -ne "3" ]; then
-    usage
-fi
-
-BUILD_DIR=$1
-INSTALL_DIR=$2
-OS_NAME=$3
-source codebuild/bin/jobs.sh
-
-mkdir -p $BUILD_DIR
-cd "$BUILD_DIR"
-curl --retry 3 -L https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable.zip --output openssl-OpenSSL_1_0_2-stable.zip
-unzip openssl-OpenSSL_1_0_2-stable.zip
-cd openssl-OpenSSL_1_0_2-stable
-
-if [ "$OS_NAME" == "linux" ]; then
-    CONFIGURE="./config -d"
-elif [ "$OS_NAME" == "osx" ]; then
-    CONFIGURE="./Configure darwin64-x86_64-cc"
-else
-    echo "Invalid platform! $OS_NAME"
-    usage
-fi
-
-mkdir -p $INSTALL_DIR
-$CONFIGURE shared -g3 -fPIC no-libunbound no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-ssl-trace \
-         no-store no-zlib no-hw no-mdc2 no-seed no-idea enable-ec_nistp_64_gcc_128 no-camellia no-bf no-ripemd \
-         no-dsa no-ssl2 no-capieng -DSSL_FORBID_ENULL -DOPENSSL_NO_DTLS1 -DOPENSSL_NO_HEARTBEATS \
-         --prefix="$INSTALL_DIR"
-
-make -j $JOBS depend
-make -j $JOBS
-make -j $JOBS install_sw
-
-popd
-
-exit 0
-
diff --git a/codebuild/bin/install_openssl_1_0_2_fips.sh b/codebuild/bin/install_openssl_1_0_2_fips.sh
deleted file mode 100755
index fd7521e5d2a..00000000000
--- a/codebuild/bin/install_openssl_1_0_2_fips.sh
+++ /dev/null
@@ -1,82 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -ex
-pushd "$(pwd)"
-
-usage() {
-    echo "install_openssl_1_0_2_fips.sh build_dir install_dir os_name"
-    exit 1
-}
-
-if [ "$#" -ne "3" ]; then
-    usage
-fi
-
-BUILD_DIR=$1
-INSTALL_DIR=$2
-OS_NAME=$3
-
-if [ "$OS_NAME" == "linux" ]; then
-    CONFIGURE="./config -d"
-elif [ "$OS_NAME" == "osx" ]; then
-    echo "WARNING: FIPS and MacOS is not officially supported. This build should only be used for local debugging."
-    echo "See: http://openssl.6102.n7.nabble.com/Openssl-Fips-build-for-Mac-OSX-64-bit-td44716.html"
-    CONFIGURE="./Configure darwin64-x86_64-cc"
-else
-    echo "Invalid platform! $OS_NAME"
-    usage
-fi
-
-# Install the FIPS object module in accordance with OpenSSL FIPS 140-2 Security Policy Annex A.
-#     https://www.openssl.org/docs/fips/SecurityPolicy-2.0.pdf
-# This installation is not FIPS compliant as we do not own the build system architecture.
-# It may only be used for testing purposes.
-#
-# There is no 'latest' download URL for the FIPS object modules
-cd "$BUILD_DIR"
-# Originally from: http://www.openssl.org/source/openssl-fips-2.0.13.tar.gz
-curl --retry 3 https://s3-us-west-2.amazonaws.com/s2n-public-test-dependencies/2017-08-31_openssl-fips-2.0.13.tar.gz --output openssl-fips-2.0.13.tar.gz
-gunzip -c openssl-fips-2.0.13.tar.gz | tar xf -
-rm openssl-fips-2.0.13.tar.gz
-cd openssl-fips-2.0.13
-mkdir ../OpensslFipsModule
-FIPSDIR="$(pwd)/../OpensslFipsModule"
-export FIPSDIR
-chmod +x ./Configure
-$CONFIGURE
-make
-make install
-
-cd "$BUILD_DIR"
-curl --retry 3 -L https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable.zip --output openssl-OpenSSL_1_0_2-stable.zip
-unzip openssl-OpenSSL_1_0_2-stable.zip
-cd openssl-OpenSSL_1_0_2-stable
-
-FIPS_OPTIONS="fips --with-fipsdir=$FIPSDIR shared"
-
-$CONFIGURE $FIPS_OPTIONS -g3 -fPIC no-libunbound no-gmp no-jpake no-krb5 no-md2 no-rc5 \
-         no-rfc3779 no-sctp no-ssl-trace no-store no-zlib no-hw no-mdc2 no-seed no-idea \
-         enable-ec_nistp_64_gcc_128 no-camellia no-bf no-ripemd no-dsa no-ssl2 no-capieng -DSSL_FORBID_ENULL \
-         -DOPENSSL_NO_DTLS1 -DOPENSSL_NO_HEARTBEATS --prefix="$INSTALL_DIR"
-
-make depend
-make
-make install_sw
-
-popd
-
-exit 0
-
diff --git a/codebuild/bin/install_openssl_1_1_1.sh b/codebuild/bin/install_openssl_1_1_1.sh
deleted file mode 100755
index 269d017f1cd..00000000000
--- a/codebuild/bin/install_openssl_1_1_1.sh
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -ex
-pushd "$(pwd)"
-
-usage() {
-    echo "install_openssl_1_1_1.sh build_dir install_dir os_name"
-    exit 1
-}
-
-if [ "$#" -ne "3" ]; then
-    usage
-fi
-
-BUILD_DIR=$1
-INSTALL_DIR=$2
-OS_NAME=$3
-source codebuild/bin/jobs.sh
-RELEASE=1_1_1-stable
-
-mkdir -p $BUILD_DIR
-cd "$BUILD_DIR"
-curl --retry 3 -L https://github.com/openssl/openssl/archive/OpenSSL_${RELEASE}.zip --output OpenSSL_${RELEASE}.zip
-unzip OpenSSL_${RELEASE}.zip
-cd openssl-OpenSSL_${RELEASE}
-
-if [ "$OS_NAME" == "linux" ]; then
-    CONFIGURE="./config -d"
-elif [[ "$OS_NAME" == "osx" || "$OS_NAME" == "darwin" ]]; then
-    CONFIGURE="./Configure darwin64-x86_64-cc"
-else
-    echo "Invalid platform! $OS_NAME"
-    usage
-fi
-
-mkdir -p $INSTALL_DIR
-# Use g3 to get debug symbols in libcrypto to chase memory leaks
-$CONFIGURE shared -g3 -fPIC              \
-         no-md2 no-rc5 no-rfc3779 no-sctp no-ssl-trace no-zlib     \
-         no-hw no-mdc2 no-seed no-idea enable-ec_nistp_64_gcc_128 no-camellia\
-         no-bf no-ripemd no-dsa no-ssl2 no-ssl3 no-capieng                  \
-         -DSSL_FORBID_ENULL -DOPENSSL_NO_DTLS1 -DOPENSSL_NO_HEARTBEATS      \
-         --prefix="$INSTALL_DIR"
-
-make -j $JOBS depend
-make -j $JOBS
-make -j $JOBS install_sw
-
-popd
-
-exit 0
diff --git a/codebuild/bin/install_openssl_3_0.sh b/codebuild/bin/install_openssl_3_0.sh
deleted file mode 100755
index 51accc8e8ad..00000000000
--- a/codebuild/bin/install_openssl_3_0.sh
+++ /dev/null
@@ -1,94 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -ex
-pushd "$(pwd)"
-
-usage() {
-    echo "install_openssl_3_0.sh build_dir install_dir os_name [fips]"
-    exit 1
-}
-
-if [ "$#" -eq "3" ]; then
-    FIPS=false
-elif [ "$#" -eq "4" ] && [ "$4" = "fips" ]; then
-    FIPS=true
-else
-    usage
-fi
-
-BUILD_DIR=$1
-INSTALL_DIR=$2
-OS_NAME=$3
-source codebuild/bin/jobs.sh
-config=$(cat codebuild/bin/s2n_fips_openssl.cnf)
-
-# Only some versions of Openssl-3 are FIPS validated.
-# The list can be found at https://openssl-library.org/source/
-# Maintain separate release versions so that we can change the non-FIPS version
-# without worrying about whether or not the new version is FIPS validated.
-if $FIPS; then
-    RELEASE=3.0.9
-else
-    RELEASE=3.0.7
-fi
-
-mkdir -p $BUILD_DIR
-cd "$BUILD_DIR"
-curl --retry 3 -L --output OpenSSL_${RELEASE}.zip \
-    https://github.com/openssl/openssl/archive/refs/tags/openssl-${RELEASE}.zip
-unzip OpenSSL_${RELEASE}.zip
-cd openssl-openssl-${RELEASE}
-
-if $FIPS; then
-    CONFIGURE="./Configure enable-fips"
-else
-    CONFIGURE="./Configure"
-fi
-
-mkdir -p $INSTALL_DIR
-# Use g3 to get debug symbols in libcrypto to chase memory leaks
-$CONFIGURE shared -g3 -fPIC              \
-         no-md2 no-rc5 no-rfc3779 no-sctp no-ssl-trace no-zlib     \
-         no-hw no-mdc2 no-seed no-idea enable-ec_nistp_64_gcc_128 no-camellia\
-         no-bf no-ripemd no-dsa no-ssl2 no-ssl3 no-capieng no-dtls          \
-         -DSSL_FORBID_ENULL -DOPENSSL_NO_DTLS1 -DOPENSSL_NO_HEARTBEATS      \
-         --prefix="$INSTALL_DIR"
-
-make -j $JOBS
-make -j $JOBS test
-make -j $JOBS install
-
-popd
-
-# sym-link lib -> lib64 since codebuild assumes /lib path
-pushd $INSTALL_DIR
-ln -s lib64 lib
-popd
-
-# Openssl3 uses the openssl config file to enable fips
-# See https://docs.openssl.org/master/man7/fips_module/#making-all-applications-use-the-fips-module-by-default
-if $FIPS; then
-    # We assume that the configs are in the /ssl directory of $INSTALL_DIR
-    pushd $INSTALL_DIR
-    config_path=./ssl/openssl.cnf
-    # We need an absolute path for the fips config
-    fips_config_path=$(pwd)/ssl/fipsmodule.cnf
-    config=$(echo "$config" | sed "s,S2N_FIPS_CONFIG_PATH,$fips_config_path,")
-    echo "$config" > $config_path
-    popd
-fi
-
-exit 0
diff --git a/codebuild/bin/install_prlimit.sh b/codebuild/bin/install_prlimit.sh
deleted file mode 100755
index 284749f8469..00000000000
--- a/codebuild/bin/install_prlimit.sh
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-
-set -e
-
-usage() {
-    echo "install_prlimit.sh download_dir install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "2" ]; then
-    usage
-fi
-
-BUILD_DIR=$1
-INSTALL_DIR=$2
-source codebuild/bin/jobs.sh
-
-sudo apt-get install -y libncurses5-dev
-
-cd "$BUILD_DIR"
-# Originally from: https://www.kernel.org/pub/linux/utils/util-linux/v2.25/util-linux-2.25.2.tar.gz
-curl --retry 3 https://s3-us-west-2.amazonaws.com/s2n-public-test-dependencies/2017-08-29_util-linux-2.25.2.tar.gz --output util-linux-2.25.2.tar.gz
-tar -xzvf util-linux-2.25.2.tar.gz
-cd util-linux-2.25.2
-./configure ADJTIME_PATH=/var/lib/hwclock/adjtime \
-    --disable-chfn-chsh \
-    --disable-login \
-    --disable-nologin \
-    --disable-su \
-    --disable-setpriv \
-    --disable-runuser \
-    --disable-pylibmount \
-    --disable-static \
-    --without-python \
-    --without-systemd \
-    --disable-makeinstall-chown \
-    --without-systemdsystemunitdir \
-    --without-ncurses \
-    --prefix="$INSTALL_DIR" || cat config.log
-
-make -j $JOBS > /dev/null
-make -j $JOBS install > /dev/null
diff --git a/codebuild/bin/install_python.sh b/codebuild/bin/install_python.sh
deleted file mode 100755
index 8167b10b184..00000000000
--- a/codebuild/bin/install_python.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-#!/bin/bash
-
-set -e
-
-if [ "$#" -ne 3 ]; then
-    echo "install_python.sh libcrypto_root build_dir install_dir"
-    exit 1
-fi
-
-LIBCRYPTO_ROOT=$1
-BUILD_DIR=$2
-INSTALL_DIR=$3
-source codebuild/bin/jobs.sh
-
-cd "$BUILD_DIR"
-# Originally from: https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tgz
-curl --retry 3 https://s3-us-west-2.amazonaws.com/s2n-public-test-dependencies/2017-08-29_Python-3.6.0.tgz --output Python-3.6.0.tgz
-tar xzf Python-3.6.0.tgz
-cd Python-3.6.0
- CPPFLAGS="-I$LIBCRYPTO_ROOT/include" LDFLAGS="-Wl,-rpath,$LIBCRYPTO_ROOT/lib -L$LIBCRYPTO_ROOT/lib" ./configure --prefix="$INSTALL_DIR"
-make -j $JOBS
-make -j $JOBS install
diff --git a/codebuild/bin/install_s2n_head.sh b/codebuild/bin/install_s2n_head.sh
deleted file mode 100755
index 21505de1bf1..00000000000
--- a/codebuild/bin/install_s2n_head.sh
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-
-set -eux
-
-usage() {
-    echo "install_s2n_head.sh build_dir"
-    exit 1
-}
-
-BUILD_DIR=$1
-SRC_ROOT=${SRC_ROOT:-$(pwd)}
-
-if [ "$#" -ne "1" ]; then
-    usage
-fi
-
-# CMake(nix) and Make are using different directory structures.
-set +u
-if [[ "$IN_NIX_SHELL" ]]; then
-    export DEST_DIR="$SRC_ROOT"/build/bin
-    export EXTRA_BUILD_FLAGS=""
-    # Work around issue cloning inside a nix devshell https://github.com/NixOS/nixpkgs/issues/299949 
-    export CLONE_SRC="."
-    # Make sure main is available in our workspace.
-    # This is a workaround for the merge queue workflow.
-    git fetch origin
-    git checkout main
-    git checkout $CODEBUILD_SOURCE_VERSION
-else
-    export DEST_DIR="$SRC_ROOT"/bin
-    export EXTRA_BUILD_FLAGS="-DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT"
-    # Work around different pathing issues for internal rel.
-    export CLONE_SRC="https://github.com/aws/s2n-tls"
-fi
-set -eu
-
-s2nc_head="$DEST_DIR/s2nc_head"
-if [[ -f "$s2nc_head" ]]; then
-    now=$(date +%s)
-    last_modified=$(stat -c %Y "$s2nc_head")
-    days_old=$(( (now - last_modified) / 86400))
-    if ((days_old <= 1)); then
-        echo "Reusing s2n_head: s2nc_head exists and is $days_old days old."
-        exit 0
-    fi
-fi
-
-git clone --branch "main" --single-branch "$CLONE_SRC" "$BUILD_DIR"
-
-cmake "$BUILD_DIR" -B"$BUILD_DIR"/build "$EXTRA_BUILD_FLAGS" \
-    -DCMAKE_BUILD_TYPE=RelWithDebInfo \
-    -DBUILD_SHARED_LIBS=on \
-    -DBUILD_TESTING=on
-cmake --build "$BUILD_DIR"/build --target s2nc -- -j $(nproc) 
-cmake --build "$BUILD_DIR"/build --target s2nd -- -j $(nproc) 
-
-cp -f "$BUILD_DIR"/build/bin/s2nc "$s2nc_head"
-cp -f "$BUILD_DIR"/build/bin/s2nd "$DEST_DIR"/s2nd_head
-
-if [[ -f "$s2nc_head" ]]; then
-    echo "Successfully installed s2n?_head"
-else
-    echo "$s2nc_head not found, head build failed"
-    exit 255
-fi
-
-exit 0
diff --git a/codebuild/bin/install_saw.sh b/codebuild/bin/install_saw.sh
deleted file mode 100755
index a1cff08e82e..00000000000
--- a/codebuild/bin/install_saw.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-
-set -xe
-
-usage() {
-	echo "install_saw.sh download_dir install_dir"
-	exit 1
-}
-
-if [ "$#" -ne "2" ]; then
-	usage
-fi
-
-DOWNLOAD_DIR=$1
-INSTALL_DIR=$2
-
-if [ -x "$INSTALL_DIR/bin/saw" ]; then
-	echo "Saw already installed at $INSTALL_DIR/bin/saw";
-	exit 0;
-fi
-
-mkdir -p "$DOWNLOAD_DIR"
-cd "$DOWNLOAD_DIR"
-
-#download saw binaries
-curl --retry 3 https://s2n-public-test-dependencies.s3.us-west-2.amazonaws.com/saw-0.9.0.99-Linux-x86_64.tar.gz --output saw.tar.gz
-
-mkdir -p saw && tar -xzf saw.tar.gz --strip-components=1 -C saw
-mkdir -p "$INSTALL_DIR" && mv saw/* "$INSTALL_DIR"
-
-"$INSTALL_DIR"/bin/saw --version
diff --git a/codebuild/bin/install_shellcheck.sh b/codebuild/bin/install_shellcheck.sh
deleted file mode 100755
index 3635896b7e0..00000000000
--- a/codebuild/bin/install_shellcheck.sh
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/bash
-#
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-source codebuild/bin/s2n_setup_env.sh
-
-usage() {
-    echo "install_shellcheck.sh"
-    exit 1
-}
-
-install_shellcheck() {
-   wget "https://github.com/koalaman/shellcheck/releases/download/v0.7.1/shellcheck-v0.7.1.linux.$ARCH.tar.xz" -O /tmp/shellcheck.tar.xz
-   tar -Jxf /tmp/shellcheck.tar.xz -C /tmp
-   mv /tmp/shellcheck-v*/shellcheck /usr/local/bin/
-   chmod 755 /usr/local/bin/shellcheck
-}
-
-if [ "$#" -ne "0" ]; then
-    usage
-fi
-
-case "$OS_NAME" in
-  "amazon linux"|"linux")
-    which shellcheck || install_shellcheck
-    ;;
-  "darwin" )
-    brew install shellcheck || true ;
-    ;;
-  *)
-    echo "Unknown platform"
-    exit 255
-    ;;
-esac
diff --git a/codebuild/bin/install_sidetrail.sh b/codebuild/bin/install_sidetrail.sh
deleted file mode 100755
index 78a5dcfadfa..00000000000
--- a/codebuild/bin/install_sidetrail.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-# Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-set -x
-
-usage() {
-    echo "install_sidetrail.sh install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "1" ]; then
-    usage
-fi
-
-INSTALL_DIR=$1
-
-cd "$INSTALL_DIR"
-
-#install smack
-git clone https://github.com/danielsn/smack.git -b sidewinder-debug
-cd smack/bin
-
-clang --version
-which clang
-
-./build.sh
-
-# Disabling ShellCheck using https://github.com/koalaman/shellcheck/wiki/Directive
-# Turn of Warning in one line as https://github.com/koalaman/shellcheck/wiki/SC1090
-# shellcheck disable=SC1090
-source "$INSTALL_DIR"/smack.environment
-
-#install ctverif
-cd "$INSTALL_DIR"
-git clone --depth 1 https://github.com/imdea-software/verifying-constant-time.git -b test-automation
-
diff --git a/codebuild/bin/install_sidetrail_dependencies.sh b/codebuild/bin/install_sidetrail_dependencies.sh
deleted file mode 100755
index 6d69563ae6a..00000000000
--- a/codebuild/bin/install_sidetrail_dependencies.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/bash
-# Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-set -x
-
-#Figlet is required for ctverif printing
-sudo apt-get install -y figlet
-
-#Install boogieman
-gem install bam-bam-boogieman
-which bam
-
-#Install the apt-get dependencies from the smack build script: this way they will still be there
-#when we get things from cache
-DEPENDENCIES="git cmake python-yaml python-psutil unzip wget python3-yaml"
-DEPENDENCIES+=" mono-complete libz-dev libedit-dev"
-DEPENDENCIES+=" clang-3.9 llvm-3.9 llvm-3.9-dev"
-
-# Adding MONO repository
-sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
-echo "deb http://download.mono-project.com/repo/ubuntu trusty main" | sudo tee /etc/apt/sources.list.d/mono-official.list
-
-sudo apt-get update -o Acquire::CompressionTypes::Order::=gz
-sudo apt-get install -y ${DEPENDENCIES}
-pip install pyyaml
-
-LLVM_SHORT_VERSION=3.9
-
-sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-${LLVM_SHORT_VERSION} 30
-sudo update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-${LLVM_SHORT_VERSION} 30
-sudo update-alternatives --install /usr/bin/llvm-config llvm-config /usr/bin/llvm-config-${LLVM_SHORT_VERSION} 30
-sudo update-alternatives --install /usr/bin/llvm-link llvm-link /usr/bin/llvm-link-${LLVM_SHORT_VERSION} 30
-sudo update-alternatives --install /usr/bin/llvm-dis llvm-dis /usr/bin/llvm-dis-${LLVM_SHORT_VERSION} 30
-
-which clang
-clang --version
-clang-3.9 --version
-
-mkdir -p ~/override_clang
-ln -s /usr/bin/clang          ~/override_clang/clang
-ln -s /usr/bin/clang++        ~/override_clang/clang++
-ln -s /usr/bin/llvm-config   ~/override_clang/llvm-config
-ln -s /usr/bin/llvm-link      ~/override_clang/llvm-link
-ln -s /usr/bin/llvm-dis       ~/override_clang/llvm-dis
-sudo chmod +x ~/override_clang/*
-
-export PATH="$HOME/override_clang/:${PATH}"
-which clang
-clang --version
-clang-3.9 --version
-
-which python
-python --version
-pip install psutil
diff --git a/codebuild/bin/install_sslyze.sh b/codebuild/bin/install_sslyze.sh
deleted file mode 100755
index 5636780641c..00000000000
--- a/codebuild/bin/install_sslyze.sh
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-. codebuild/bin/s2n_setup_env.sh
-
-aarch64_install() {
-        echo "sslyze has a dependency on nassl, which will not build on ARM."
-}
-
-case "$ARCH" in
-  "aarch64")
-        aarch64_install
-        exit 1
-        ;;
-  *)
-        python3 -m pip install --user --upgrade pip setuptools
-        # Version 3.0.0 introduces backwards incompatible changes in the JSON we parse.
-        # TODO: unpin the sslyze version and update the json parsing sslyze output.
-        python3 -m pip install --user "sslyze<3.0.0"
-        sudo ln -s /root/.local/bin/sslyze /usr/bin/sslyze || true
-        which sslyze
-        sslyze --version
-        ;;
-esac
diff --git a/codebuild/bin/install_ubuntu_dependencies.sh b/codebuild/bin/install_ubuntu_dependencies.sh
deleted file mode 100755
index 8321661ce15..00000000000
--- a/codebuild/bin/install_ubuntu_dependencies.sh
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-# Shim code to get local docker/ec2 instances bootstrapped like a CodeBuild instance.
-# Not actually used by CodeBuild.
-
-# This script is now targeting Ubuntu 24 not Ubuntu 18.
-
-source codebuild/bin/s2n_setup_env.sh
-
-set -e
-
-github_apt(){
-  apt update -y
-  apt install -y gh
-}
-get_rust() {
-  curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-  source $HOME/.cargo/env
-  rustup default nightly
-}
-
-base_packages() {
-  echo "Installing repositories and base packages"
-  apt update -y
-  apt install -y software-properties-common
-  add-apt-repository ppa:ubuntu-toolchain-r/test -y
-  add-apt-repository ppa:longsleep/golang-backports -y
-  apt-get update -o Acquire::CompressionTypes::Order::=gz
-
-  DEPENDENCIES="unzip make indent iproute2 kwstyle libssl-dev net-tools tcpdump valgrind lcov m4 nettle-dev nettle-bin pkg-config psmisc gcc g++ zlib1g-dev python3-pip python3-testresources llvm libclang-dev curl shellcheck git tox cmake libtool ninja-build golang-go quilt jq apache2"
-  if [[ -n "${GCC_VERSION:-}" ]] && [[ "${GCC_VERSION:-}" != "NONE" ]]; then
-    DEPENDENCIES+=" gcc-$GCC_VERSION g++-$GCC_VERSION";
-  fi
-
-  apt-get -y install --no-install-recommends ${DEPENDENCIES}
-}
-
-base_packages
-github_apt
-get_rust
-
-# If prlimit is not on our current PATH, download and compile prlimit manually. s2n needs prlimit to memlock pages
-if ! type prlimit > /dev/null && [[ ! -d "$PRLIMIT_INSTALL_DIR" ]]; then
-    mkdir -p "$PRLIMIT_INSTALL_DIR";
-    codebuild/bin/install_prlimit.sh "$(mktemp -d)" "$PRLIMIT_INSTALL_DIR";
-fi
-
-if [[ "$TESTS" == "ctverif" || "$TESTS" == "ALL" ]] && [[ ! -d "$CTVERIF_INSTALL_DIR" ]]; then
-    mkdir -p "$CTVERIF_INSTALL_DIR" && codebuild/bin/install_ctverif.sh "$CTVERIF_INSTALL_DIR" > /dev/null ; fi
-
-if [[ "$TESTS" == "sidetrail" || "$TESTS" == "ALL" ]] ; then
-    codebuild/bin/install_sidetrail_dependencies.sh ; fi
-
-if [[ "$TESTS" == "sidetrail" || "$TESTS" == "ALL" ]] && [[ ! -d "$SIDETRAIL_INSTALL_DIR" ]]; then
-    mkdir -p "$SIDETRAIL_INSTALL_DIR" && codebuild/bin/install_sidetrail.sh "$SIDETRAIL_INSTALL_DIR" > /dev/null ; fi
diff --git a/codebuild/bin/install_z3_yices.sh b/codebuild/bin/install_z3_yices.sh
deleted file mode 100755
index ff0b8c64d3c..00000000000
--- a/codebuild/bin/install_z3_yices.sh
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-usage() {
-	echo "install_z3_yices.sh download_dir install_dir"
-	exit 1
-}
-
-if [ "$#" -ne "2" ]; then
-	usage
-fi
-
-DOWNLOAD_DIR=$1
-INSTALL_DIR=$2
-
-mkdir -p "$DOWNLOAD_DIR"
-cd "$DOWNLOAD_DIR"
-
-#download z3 and yices
-curl --retry 3 https://s3-us-west-2.amazonaws.com/s2n-public-test-dependencies/yices-2.6.1-x86_64-pc-linux-gnu-static-gmp.tar.gz --output yices.tar.gz
-tar -xf yices.tar.gz
-
-curl --retry 3 https://s3-us-west-2.amazonaws.com/s2n-public-test-dependencies/z3-4.8.8-x64-ubuntu-16.04.zip --output z3.zip
-unzip z3.zip
-
-mkdir -p "$INSTALL_DIR"/bin
-mv z3-4.8.8-x64-ubuntu-16.04/bin/* "$INSTALL_DIR"/bin
-mv yices-2.6.1/bin/* "$INSTALL_DIR"/bin
-chmod +x  "$INSTALL_DIR"/bin/*
-
-"$INSTALL_DIR"/bin/yices-smt2 --version
-"$INSTALL_DIR"/bin/yices --version
-"$INSTALL_DIR"/bin/z3 --version
diff --git a/codebuild/bin/jobs.sh b/codebuild/bin/jobs.sh
deleted file mode 100644
index 98e72960eeb..00000000000
--- a/codebuild/bin/jobs.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-# Find if the environment has more than 8 cores
-JOBS=8
-if [[ -x "$(command -v nproc)" ]]; then
-    UNITS=$(nproc);
-    if [[ $UNITS -gt $JOBS ]]; then
-        JOBS=$UNITS;
-    fi
-fi
diff --git a/codebuild/bin/run_cppcheck.sh b/codebuild/bin/run_cppcheck.sh
deleted file mode 100755
index f9bcc0ffdc7..00000000000
--- a/codebuild/bin/run_cppcheck.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-usage() {
-    echo "run_cppcheck.sh install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "1" ]; then
-    usage
-fi
-
-INSTALL_DIR=$1
-
-CPPCHECK_EXECUTABLE=${INSTALL_DIR}/cppcheck
-
-FAILED=0
-$CPPCHECK_EXECUTABLE --version
-$CPPCHECK_EXECUTABLE --std=c99 --error-exitcode=-1 --quiet --force -j 8 --enable=all --template='[{file}:{line}]: ({severity}:{id}) {message}' --inline-suppr --suppressions-list=codebuild/bin/cppcheck_suppressions.txt -I . -I ./tests api bin crypto error stuffer ./tests/unit tls utils || FAILED=1
-if [ $FAILED == 1 ];
-then
-	printf "\\033[31;1mFAILED cppcheck\\033[0m\\n"
-	exit -1
-else
-	printf "\\033[32;1mPASSED cppcheck\\033[0m\\n"
-fi
diff --git a/codebuild/bin/run_ctverif.sh b/codebuild/bin/run_ctverif.sh
deleted file mode 100755
index f421927f2ad..00000000000
--- a/codebuild/bin/run_ctverif.sh
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-usage() {
-    echo "run_ctverif.sh install_dir"
-    exit 1
-}
-
-if [ "$#" -ne "1" ]; then
-    usage
-fi
-
-INSTALL_DIR=$1
-export CTVERIF_DIR="${1}/verifying-constant-time"
-SMACK_DIR="${1}/smack"
-
-#Put the dependencies are on the path
-
-# Disabling ShellCheck using https://github.com/koalaman/shellcheck/wiki/Directive
-# Turn of Warning in one line as https://github.com/koalaman/shellcheck/wiki/SC1090
-# shellcheck disable=SC1090
-source "${INSTALL_DIR}/smack.environment"
-export PATH="${SMACK_DIR}/bin:${SMACK_DIR}/build:${PATH}"
-#Test that they are really there
-which smack || echo "can't find smack"
-which boogie || echo "can't find z3"
-which llvm2bpl || echo "can't find llvm2bpl"
-
-#copy the current version of the file to the test
-cd "${BASE_S2N_DIR}/tests/ctverif"
-cp "${BASE_S2N_DIR}/utils/s2n_safety.c" .
-make clean
-
-#run the test.  We expect both to pass, and none to fail
-FAILED=0
-EXPECTED_PASS=2
-EXPECTED_FAIL=0
-make 2>&1 | ./count_success.pl $EXPECTED_PASS $EXPECTED_FAIL || FAILED=1
-
-if [ $FAILED == 1 ];
-then
-	printf "\\033[31;1mFAILED ctverif\\033[0m\\n"
-	exit -1
-else
-	printf "\\033[32;1mPASSED ctverif\\033[0m\\n"
-fi
diff --git a/codebuild/bin/run_kwstyle.sh b/codebuild/bin/run_kwstyle.sh
deleted file mode 100755
index 6fdd8c6eb98..00000000000
--- a/codebuild/bin/run_kwstyle.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#! /bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -eu
-
-which KWStyle
-
-S2N_FILES=$(find "$PWD" -type f -name "s2n_*.[ch]" | grep -v "test")
-FAILED=0
-
-for file in $S2N_FILES; do
-    set +e
-    ERROR_LIST=$(KWStyle -gcc -v -xml codebuild/bin/KWStyle.xml "$file")
-    set -e
-    if [ "$ERROR_LIST" != "" ] ;
-    then
-        echo "$ERROR_LIST"
-        FAILED=1
-    fi
-done
-
-if [ $FAILED == 1 ];
-then
-    printf "\\033[31;1mFAILED kwstyle\\033[0m\\n"
-    exit -1
-else
-    printf "\\033[32;1mPASSED kwstyle\\033[0m\\n"
-fi
diff --git a/codebuild/bin/run_sidetrail.sh b/codebuild/bin/run_sidetrail.sh
deleted file mode 100755
index 336c23f0711..00000000000
--- a/codebuild/bin/run_sidetrail.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -ex
-
-usage() {
-    echo "run_sidetrail.sh install_dir s2n_dir"
-    exit 1
-}
-
-runSingleTest() {
-    cd "${BASE_S2N_DIR}/tests/sidetrail/working/${1}"
-    ./copy_as_needed.sh
-    make clean
-    make 2>&1 | tee out.txt
-
-    ../../count_success.pl 1 0 out.txt
-}
-
-runNegativeTest() {
-    cd "${BASE_S2N_DIR}/tests/sidetrail/working/${1}"
-    ./copy_as_needed.sh
-    make clean
-    make 2>&1 | tee out.txt
-
-    ../../count_success.pl 0 1 out.txt
-}
-
-if [[ "$#" -ne "2" ]]; then
-    usage
-fi
-
-INSTALL_DIR=$1
-SMACK_DIR="${1}/smack"
-BASE_S2N_DIR=$2
-
-#Put the dependencies on the path
-
-# Disabling ShellCheck using https://github.com/koalaman/shellcheck/wiki/Directive
-# Turn of Warning in one line as https://github.com/koalaman/shellcheck/wiki/SC1090
-# shellcheck disable=SC1090
-source "${INSTALL_DIR}/smack.environment"
-export PATH="${SMACK_DIR}/bin:${SMACK_DIR}/build:${PATH}"
-#Test that they are really there
-which smack || echo "can't find smack"
-which boogie || echo "can't find z3"
-which llvm2bpl || echo "can't find llvm2bpl"
-which clang
-clang --version
-echo $BOOGIE
-echo $CORRAL
-
-runNegativeTest "s2n-record-read-cbc-negative-test"
-runSingleTest "s2n-cbc" # Takes 6m 30s
-runSingleTest "s2n-record-read-aead"
-runSingleTest "s2n-record-read-cbc"
-runSingleTest "s2n-record-read-composite"
-runSingleTest "s2n-record-read-stream"
-
diff --git a/codebuild/bin/s2n_apache2.sh b/codebuild/bin/s2n_apache2.sh
deleted file mode 100644
index 0ad94eb2730..00000000000
--- a/codebuild/bin/s2n_apache2.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -eu
-
-apache2_config() {
-    cert_dir="$1"
-    command="$2"
-    echo "apache2: ${command}"
-
-    APACHE_SERVER_ROOT="$APACHE2_INSTALL_DIR" \
-    APACHE_RUN_USER=www-data \
-    APACHE_RUN_GROUP=www-data \
-    APACHE_PID_FILE="${APACHE2_INSTALL_DIR}/run/apache2.pid" \
-    APACHE_RUN_DIR="${APACHE2_INSTALL_DIR}/run" \
-    APACHE_LOCK_DIR="${APACHE2_INSTALL_DIR}/lock" \
-    APACHE_LOG_DIR="${APACHE2_INSTALL_DIR}/log" \
-    APACHE_CERT_DIR="${cert_dir}" \
-    apache2 -k "${command}" -f "${APACHE2_INSTALL_DIR}/apache2.conf"
-}
-
-apache2_stop() {
-    cert_dir="$1"
-    apache2_config "${cert_dir}" stop
-}
-
-apache2_start() {
-    if [[ ! -f "$APACHE2_INSTALL_DIR/apache2.conf" ]]; then
-        echo "apache2 not installed"
-        exit 1
-    fi
-
-    cert_dir="$1"
-    apache2_config "${cert_dir}" start
-
-    # Stop the apache server after tests finish, even if an error occurs
-    trap 'apache2_stop "${cert_dir}"' ERR EXIT
-}
diff --git a/codebuild/bin/s2n_codebuild.sh b/codebuild/bin/s2n_codebuild.sh
deleted file mode 100755
index 7d5d43b1506..00000000000
--- a/codebuild/bin/s2n_codebuild.sh
+++ /dev/null
@@ -1,113 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-source codebuild/bin/s2n_setup_env.sh
-
-# Use prlimit to set the memlock limit to unlimited for linux. OSX is unlimited by default
-# Codebuild Containers aren't allowing prlimit changes (and aren't being caught with the usual cgroup check)
-if [[ "$OS_NAME" == "linux" && -n "$CODEBUILD_BUILD_ARN" ]]; then
-    PRLIMIT_LOCATION=`which prlimit`
-    sudo -E ${PRLIMIT_LOCATION} --pid "$$" --memlock=unlimited:unlimited;
-fi
-
-# Set the version of GCC as Default if it's required
-if [[ -n "$GCC_VERSION" ]] && [[ "$GCC_VERSION" != "NONE" ]]; then
-    alias gcc=$(which gcc-$GCC_VERSION);
-fi
-
-# Find if the environment has more than 8 cores
-JOBS=8
-if [[ -x "$(command -v nproc)" ]]; then
-    UNITS=$(nproc);
-    if [[ $UNITS -gt $JOBS ]]; then
-        JOBS=$UNITS;
-    fi
-fi
-
-make clean;
-
-echo "Using $JOBS jobs for make..";
-echo "running with libcrypto: ${S2N_LIBCRYPTO}, gcc_version: ${GCC_VERSION}"
-
-test_linked_libcrypto() {
-    s2n_executable="$1"
-    so_path="${LIBCRYPTO_ROOT}/lib/libcrypto.so"
-    echo "Testing for linked libcrypto: ${so_path}"
-    echo "ldd:"
-    ldd "${s2n_executable}"
-    ldd "${s2n_executable}" | grep "${so_path}" || \
-        { echo "Linked libcrypto is incorrect."; exit 1; }
-    echo "Test succeeded!"
-}
-
-setup_apache_server() {
-    # Start the apache server if the list of tests isn't defined, meaning all tests
-    # are to be run, or if the renegotiate test is included in the list of tests.
-    if [[ -z $TOX_TEST_NAME ]] || [[ "${TOX_TEST_NAME}" == *"test_renegotiate_apache"* ]]; then
-        source codebuild/bin/s2n_apache2.sh
-        APACHE_CERT_DIR="$(pwd)/tests/pems"
-
-        apache2_start "${APACHE_CERT_DIR}"
-    fi
-}
-
-run_integration_v2_tests() {
-    setup_apache_server
-    "$CB_BIN_DIR/install_s2n_head.sh" "$(mktemp -d)"
-    cmake . -Bbuild \
-            -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-            -DBUILD_SHARED_LIBS=on \
-            -DS2N_INTEG_TESTS=on \
-            -DPython3_EXECUTABLE=$(which python3)
-    cmake --build ./build --clean-first -- -j $(nproc)
-    test_linked_libcrypto ./build/bin/s2nc
-    test_linked_libcrypto ./build/bin/s2nd
-    cp -f ./build/bin/s2nc "$BASE_S2N_DIR"/bin/s2nc
-    cp -f ./build/bin/s2nd "$BASE_S2N_DIR"/bin/s2nd
-    cd ./build/
-    for test_name in $TOX_TEST_NAME; do
-      test="${test_name//test_/}"
-      echo "Running... ctest --no-tests=error --output-on-failure --verbose -R ^integrationv2_${test}$"
-      ctest --no-tests=error --output-on-failure --verbose -R ^integrationv2_${test}$
-    done
-}
-
-run_unit_tests() {
-    cmake . -Bbuild \
-            -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-            -DBUILD_SHARED_LIBS=on \
-            -DS2N_ENFORCE_PROPER_LIBCRYPTO_FEATURE_PROBE=1
-    cmake --build ./build -- -j $(nproc)
-    test_linked_libcrypto ./build/bin/s2nc
-    cmake --build build/ --target test -- ARGS="-L unit --output-on-failure -j $(nproc)"
-}
-
-# Run Multiple tests on one flag.
-if [[ "$TESTS" == "ALL" || "$TESTS" == "sawHMACPlus" ]] && [[ "$OS_NAME" == "linux" ]]; then make -C tests/saw tmp/verify_HMAC.log tmp/verify_drbg.log failure-tests; fi
-
-# Run Individual tests
-if [[ "$TESTS" == "ALL" || "$TESTS" == "unit" ]]; then run_unit_tests; fi
-if [[ "$TESTS" == "ALL" || "$TESTS" == "interning" ]]; then ./codebuild/bin/test_libcrypto_interning.sh; fi
-if [[ "$TESTS" == "ALL" || "$TESTS" == "exec_leak" ]]; then ./codebuild/bin/test_exec_leak.sh; fi
-if [[ "$TESTS" == "ALL" || "$TESTS" == "integrationv2" ]]; then run_integration_v2_tests; fi
-if [[ "$TESTS" == "ALL" || "$TESTS" == "crt" ]]; then ./codebuild/bin/build_aws_crt_cpp.sh $(mktemp -d) $(mktemp -d); fi
-if [[ "$TESTS" == "ALL" || "$TESTS" == "sharedandstatic" ]]; then ./codebuild/bin/test_install_shared_and_static.sh $(mktemp -d); fi
-if [[ "$TESTS" == "ALL" || "$TESTS" == "dynamicload" ]]; then ./codebuild/bin/test_dynamic_load.sh $(mktemp -d); fi
-if [[ "$TESTS" == "sawHMAC" ]] && [[ "$OS_NAME" == "linux" ]]; then make -C tests/saw/ tmp/verify_HMAC.log ; fi
-if [[ "$TESTS" == "sawDRBG" ]]; then make -C tests/saw tmp/verify_drbg.log ; fi
-if [[ "$TESTS" == "ALL" || "$TESTS" == "tls" ]]; then make -C tests/saw tmp/verify_handshake.log ; fi
-if [[ "$TESTS" == "sawHMACFailure" ]]; then make -C tests/saw failure-tests ; fi
diff --git a/codebuild/bin/s2n_codebuild_al.sh b/codebuild/bin/s2n_codebuild_al.sh
deleted file mode 100755
index 0a7cd2d9b63..00000000000
--- a/codebuild/bin/s2n_codebuild_al.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -eu
-
-source codebuild/bin/s2n_setup_env.sh
-# Used to test if we're running in CodeBuild
-CODEBUILD_BUILD_ARN_="${CODEBUILD_BUILD_ARN:-}"
-
-if [[ ${DISTRO} != "amazon linux" ]]; then
-    echo "Target Amazon Linux, but running on $DISTRO: Nothing to do."
-    exit 1;
-else
-    # AL2023 case
-    BUILD_FLAGS="-DCMAKE_BUILD_TYPE=RelWithDebInfo"
-    # AL2 case; Linker flags are a workaround for system openssl
-    if [[ ${VERSION_ID} == '2' ]]; then
-       BUILD_FLAGS=$(echo -e '-DCMAKE_EXE_LINKER_FLAGS="-lcrypto -lz" \
-         -DCMAKE_EXPORT_COMPILE_COMMANDS=ON')
-    fi
-fi
-
-# Use prlimit to set the memlock limit to unlimited for linux. OSX is unlimited by default
-# Codebuild Containers aren't allowing prlimit changes (and aren't being caught with the usual cgroup check)
-if [[ "$OS_NAME" == "linux" && -z "$CODEBUILD_BUILD_ARN_" ]]; then
-    PRLIMIT_LOCATION=$(which prlimit)
-    sudo -E ${PRLIMIT_LOCATION} --pid "$$" --memlock=unlimited:unlimited;
-fi
-
-case "$TESTS" in
-  "unit")
-    eval cmake . -Bbuild "${BUILD_FLAGS}"
-    cmake --build ./build -j "$(nproc)"
-    CTEST_PARALLEL_LEVEL="$(nproc)" cmake --build ./build --target test -- ARGS="-L unit --output-on-failure"
-    ;;
-  *) echo "Unknown test"; exit 1;;
-esac
diff --git a/codebuild/bin/s2n_dynamic_load_test.c b/codebuild/bin/s2n_dynamic_load_test.c
deleted file mode 100644
index d8bc929982a..00000000000
--- a/codebuild/bin/s2n_dynamic_load_test.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License").
- * You may not use this file except in compliance with the License.
- * A copy of the License is located at
- *
- *  http://aws.amazon.com/apache2.0
- *
- * or in the "license" file accompanying this file. This file is distributed
- * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
- * express or implied. See the License for the specific language governing
- * permissions and limitations under the License.
- */
-
-#include <dlfcn.h>
-#include <pthread.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <limits.h>
-
-static void *s2n_load_dynamic_lib(void *ctx)
-{
-    const char *s2n_so_path = ctx;
-
-    void *s2n_so = dlopen(s2n_so_path, RTLD_NOW);
-    if (!s2n_so) {
-        printf("Error dynamically loading libs2n\n");
-        printf("%s\n", dlerror());
-        exit(1);
-    }
-
-    int (*s2n_init_dl)(void) = NULL;
-    *(void **) (&s2n_init_dl) = dlsym(s2n_so, "s2n_init");
-    if (dlerror()) {
-        printf("Error dynamically loading s2n_init\n");
-        exit(1);
-    }
-
-    int (*s2n_cleanup_final_dl)(void) = NULL;
-    *(void **) (&s2n_cleanup_final_dl) = dlsym(s2n_so, "s2n_cleanup_final");
-    if (dlerror()) {
-        printf("Error dynamically loading s2n_cleanup_final\n");
-        exit(1);
-    }
-
-    int (*s2n_errno_location_dl)(void) = NULL;
-    *(void **) (&s2n_errno_location_dl) = dlsym(s2n_so, "s2n_errno_location");
-    if (dlerror()) {
-        printf("Error dynamically loading s2n_errno_location\n");
-        exit(1);
-    }
-
-    const char *(*s2n_strerror_debug_dl)(int error, const char *lang) = NULL;
-    *(void **) (&s2n_strerror_debug_dl) = dlsym(s2n_so, "s2n_strerror_debug");
-    if (dlerror()) {
-        printf("Error dynamically loading s2n_strerror_debug\n");
-        exit(1);
-    }
-
-    if ((*s2n_init_dl)()) {
-        int s2n_errno = (*s2n_errno_location_dl)();
-        fprintf(stderr, "Error calling s2n_init: '%s'\n", (*s2n_strerror_debug_dl)(s2n_errno, "EN"));
-        exit(1);
-    }
-    if ((*s2n_cleanup_final_dl)()) {
-        int s2n_errno = (*s2n_errno_location_dl)();
-        fprintf(stderr, "Error calling s2n_cleanup_final: '%s'\n", (*s2n_strerror_debug_dl)(s2n_errno, "EN"));
-        exit(1);
-    }
-
-    /* TODO: https://github.com/aws/s2n-tls/issues/4827
-     * This dlclose call invokes the pthread key destructor that
-     * asserts that the s2n-tls library is initialized, which at this point
-     * is not, due to the s2n_cleanup_final call. This is a bug.
-    if (dlclose(s2n_so)) {
-        printf("Error closing libs2n\n");
-        printf("%s\n", dlerror());
-        exit(1);
-    }
-    */
-
-    return NULL;
-}
-
-int main(int argc, char *argv[])
-{
-    if (argc != 2) {
-        printf("Usage: s2n_dynamic_load_test <path to s2n shared object>\n");
-        exit(1);
-    }
-
-    /* s2n-tls library can be dynamically loaded and cleaned up safely 
-     *
-     * We can't use any s2n test macros because this test doesn't get linked to 
-     * s2n during compile-time. This test is in a loop to make sure that we are
-     * cleaning up pthread keys properly.
-     */
-    for (size_t i = 0; i <= PTHREAD_KEYS_MAX + 1; i++) {
-        pthread_t thread_id = { 0 };
-        if (pthread_create(&thread_id, NULL, &s2n_load_dynamic_lib, argv[1])) {
-            printf("Error creating thread at loop index: %li\n", i);
-            exit(1);
-        }
-        if (pthread_join(thread_id, NULL)) {
-            printf("Error joining thread at loop index: %li\n", i);
-            exit(1);
-        }
-    }
-
-    return 0;
-}
diff --git a/codebuild/bin/s2n_fips_openssl.cnf b/codebuild/bin/s2n_fips_openssl.cnf
deleted file mode 100644
index 1017e3792a7..00000000000
--- a/codebuild/bin/s2n_fips_openssl.cnf
+++ /dev/null
@@ -1,383 +0,0 @@
-# A copy of the default OpenSSL config file with the FIPS provider enabled.
-# See the instructions at:
-# https://docs.openssl.org/master/man7/fips_module/#making-all-applications-use-the-fips-module-by-default
-
-#
-# OpenSSL example configuration file.
-# See doc/man5/config.pod for more info.
-#
-# This is mostly being used for generation of certificate requests,
-# but may be used for auto loading of providers
-
-# Note that you can include other files from the main configuration
-# file using the .include directive.
-#.include filename
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME			= .
-
- # Use this in order to automatically load providers.
-openssl_conf = openssl_init
-
-# Comment out the next line to ignore configuration errors
-config_diagnostics = 1
-
-# Extra OBJECT IDENTIFIER info:
-# oid_file       = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions		=
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-# Policies used by the TSA examples.
-tsa_policy1 = 1.2.3.4.1
-tsa_policy2 = 1.2.3.4.5.6
-tsa_policy3 = 1.2.3.4.5.7
-
-# For FIPS
-# Refer to the OpenSSL security policy for more information.
-.include S2N_FIPS_CONFIG_PATH
-
-[openssl_init]
-providers = provider_sect
-alg_section = algorithm_sect
-
-# List of providers to load
-[provider_sect]
-default = default_sect
-fips = fips_sect
-
-[default_sect]
-activate = 1
-
-[algorithm_sect]
-default_properties = fips=yes
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= ./demoCA		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several certs with same subject.
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crlnumber	= $dir/crlnumber	# the current crl number
-					# must be commented out to leave a V1 CRL
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-
-x509_extensions	= usr_cert		# The extensions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt 	= ca_default		# Subject Name options
-cert_opt 	= ca_default		# Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions	= crl_ext
-
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= default		# use public key default MD
-preserve	= no			# keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 2048
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-x509_extensions	= v3_ca	# The extensions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
-# utf8only: only UTF8Strings (PKIX recommendation after 2004).
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
-string_mask = utf8only
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Some-State
-
-localityName			= Locality Name (eg, city)
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= Internet Widgets Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= World Wide Web Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-
-commonName			= Common Name (e.g. server FQDN or YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 64
-
-# SET-ex3			= SET extension number 3
-
-[ req_attributes ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-# This is required for TSA certificates.
-# extendedKeyUsage = critical,timeStamping
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer
-
-basicConstraints = critical,CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
-
-####################################################################
-[ tsa ]
-
-default_tsa = tsa_config1	# the default TSA section
-
-[ tsa_config1 ]
-
-# These are used by the TSA reply generation only.
-dir		= ./demoCA		# TSA root directory
-serial		= $dir/tsaserial	# The current serial number (mandatory)
-crypto_device	= builtin		# OpenSSL engine to use for signing
-signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
-					# (optional)
-certs		= $dir/cacert.pem	# Certificate chain to include in reply
-					# (optional)
-signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
-signer_digest  = sha256			# Signing digest to use. (Optional)
-default_policy	= tsa_policy1		# Policy if request did not specify it
-					# (optional)
-other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
-digests     = sha1, sha256, sha384, sha512  # Acceptable message digests (mandatory)
-accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
-clock_precision_digits  = 0	# number of digits after dot. (optional)
-ordering		= yes	# Is ordering defined for timestamps?
-				# (optional, default: no)
-tsa_name		= yes	# Must the TSA name be included in the reply?
-				# (optional, default: no)
-ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
-				# (optional, default: no)
-ess_cert_id_alg		= sha1	# algorithm to compute certificate
-				# identifier (optional, default: sha1)
-
-[insta] # CMP using Insta Demo CA
-# Message transfer
-server = pki.certificate.fi:8700
-# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080
-# tls_use = 0
-path = pkix/
-
-# Server authentication
-recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer
-ignore_keyusage = 1 # potentially needed quirk
-unprotected_errors = 1 # potentially needed quirk
-extracertsout = insta.extracerts.pem
-
-# Client authentication
-ref = 3078 # user identification
-secret = pass:insta # can be used for both client and server side
-
-# Generic message options
-cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
-
-# Certificate enrollment
-subject = "/CN=openssl-cmp-test"
-newkey = insta.priv.pem
-out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature
-certout = insta.cert.pem
-
-[pbm] # Password-based protection for Insta CA
-# Server and client authentication
-ref = $insta::ref # 3078
-secret = $insta::secret # pass:insta
-
-[signature] # Signature-based protection for Insta CA
-# Server authentication
-trusted = $insta::out_trusted # apps/insta.ca.crt
-
-# Client authentication
-secret = # disable PBM
-key = $insta::newkey # insta.priv.pem
-cert = $insta::certout # insta.cert.pem
-
-[ir]
-cmd = ir
-
-[cr]
-cmd = cr
-
-[kur]
-# Certificate update
-cmd = kur
-oldcert = $insta::certout # insta.cert.pem
-
-[rr]
-# Certificate revocation
-cmd = rr
-oldcert = $insta::certout # insta.cert.pem
diff --git a/codebuild/bin/s2n_install_test_dependencies.sh b/codebuild/bin/s2n_install_test_dependencies.sh
deleted file mode 100755
index f6b95e2d726..00000000000
--- a/codebuild/bin/s2n_install_test_dependencies.sh
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-
-set -ex
-
-source codebuild/bin/s2n_setup_env.sh
-
-# Install missing test dependencies. If the install directory already exists, cached artifacts will be used
-# for that dependency.
-
-if [[ ! -d test-deps ]]; then
-    mkdir test-deps ;
-fi
-
-#Install & Run shell check before installing dependencies
-echo "Installing ShellCheck..."
-codebuild/bin/install_shellcheck.sh
-echo "Running ShellCheck..."
-find ./codebuild -type f -name '*.sh' -exec shellcheck -Cnever -s bash {} \;
-
-if [[ "$OS_NAME" == "linux" ]]; then
-    codebuild/bin/install_ubuntu_dependencies.sh;
-fi
-
-if [[ "$OS_NAME" == "darwin" ]]; then
-    codebuild/bin/install_osx_dependencies.sh;
-fi
-
-codebuild/bin/install_default_dependencies.sh
-
-echo "Success"
diff --git a/codebuild/bin/s2n_open_fds_test.py b/codebuild/bin/s2n_open_fds_test.py
deleted file mode 100644
index 06cf5bffee9..00000000000
--- a/codebuild/bin/s2n_open_fds_test.py
+++ /dev/null
@@ -1,65 +0,0 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0
-
-# This script parses the LastDynamicAnalysis file generated by Valgrind running through CTest memcheck.
-# It identifies any leaking file descriptors and triggers an error when detected.
-# This enhances the capabilities of existing Valgrind checks.
-# Output snippet for open file descriptors:
-#  ==6652== FILE DESCRIPTORS: 6 open (3 std) at exit.
-#  ==6652== Open AF_INET socket 6: 127.0.0.1:36915 <-> unbound
-#  ==6652==    at 0x498B2EB: socket (syscall-template.S:120)
-#  ==6652==    by 0x16CD16: s2n_new_inet_socket_pair (s2n_self_talk_ktls_test.c:69)
-#  ==6652==    by 0x15DBB2: main (s2n_self_talk_ktls_test.c:168)
-#  ==6652==
-import os
-import sys
-
-EXIT_SUCCESS = 0
-# Exit with error code 1 if leaking fds are detected.
-ERROR_EXIT_CODE = 1
-# This test is designed to be informational only, so we only print fifteen lines of error messages when a leak is detected.
-NUM_OF_LINES_TO_PRINT = 15
-
-
-def find_log_file(path):
-    for f in os.listdir(path):
-        if "LastDynamicAnalysis" in f:
-            return os.path.join(path, f)
-
-    raise FileNotFoundError("LastDynamicAnalysis log file is not found!")
-
-
-def detect_leak(file):
-    fd_leak_detected = False
-    lines = file.readlines()
-    for i in range(len(lines)):
-        if "FILE DESCRIPTORS:" in lines[i]:
-            # Example line: `==6096== FILE DESCRIPTORS: 4 open (3 std) at exit.`
-            line_elements = lines[i].split()
-            open_fd_count = line_elements[line_elements.index("DESCRIPTORS:") + 1]
-            std_fd_count = line_elements[line_elements.index("std)") - 1][1:]
-            # CTest memcheck writes to a LastDynamicAnslysis log file.
-            # We allow that fd to remain opened.
-            if int(open_fd_count) > int(std_fd_count) + 1:
-                for j in range(NUM_OF_LINES_TO_PRINT):
-                    print(lines[i + j], end="")
-                print()
-                fd_leak_detected = True
-    return fd_leak_detected
-
-
-def main():
-    # Print banner of the test
-    print("############################################################################")
-    print("################# Test for Leaking File Descriptors ########################")
-    print("############################################################################")
-
-    with open(find_log_file(sys.argv[1]), 'r') as file:
-        if detect_leak(file):
-            sys.exit(ERROR_EXIT_CODE)
-
-    return EXIT_SUCCESS
-
-
-if __name__ == '__main__':
-    main()
diff --git a/codebuild/bin/s2n_override_paths.sh b/codebuild/bin/s2n_override_paths.sh
deleted file mode 100755
index 7939dfa6c53..00000000000
--- a/codebuild/bin/s2n_override_paths.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-set -ex
-
-# Add all of our test dependencies to the PATH. Use Openssl 1.1.1 so the latest openssl is used for s_client
-# integration tests.
-export PATH=$PYTHON_INSTALL_DIR/bin:$OPENSSL_1_1_1_INSTALL_DIR/bin:$SAW_INSTALL_DIR/bin:$Z3_INSTALL_DIR/bin:$SCAN_BUILD_INSTALL_DIR/bin:$PRLIMIT_INSTALL_DIR/bin:$LATEST_CLANG_INSTALL_DIR/bin:`pwd`/codebuild/bin:~/.local/bin:$PATH
-export LD_LIBRARY_PATH=$OPENSSL_1_1_1_INSTALL_DIR/lib:$LD_LIBRARY_PATH; 
-export DYLD_LIBRARY_PATH=$OPENSSL_1_1_1_INSTALL_DIR/lib:$LD_LIBRARY_PATH;
diff --git a/codebuild/bin/s2n_set_build_preset.sh b/codebuild/bin/s2n_set_build_preset.sh
deleted file mode 100755
index e3b2bb27c1f..00000000000
--- a/codebuild/bin/s2n_set_build_preset.sh
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-
-case "${S2N_BUILD_PRESET-default}" in
-    "awslc_gcc4-8")
-        : "${S2N_LIBCRYPTO:=awslc}"
-        : "${GCC_VERSION:=4.8}"
-        ;;
-    "awslc_gcc9")
-        : "${S2N_LIBCRYPTO:=awslc}"
-        : "${GCC_VERSION:=9}"
-        ;;
-    "awslc-fips-2022_gcc4-8")
-        : "${S2N_LIBCRYPTO:=awslc-fips-2022}"
-        : "${GCC_VERSION:=4.8}"
-        ;;
-    "awslc-fips-2022_gcc9")
-        : "${S2N_LIBCRYPTO:=awslc-fips-2022}"
-        : "${GCC_VERSION:=9}"
-        ;;
-    "awslc-fips-2022_gcc6")
-        : "${S2N_LIBCRYPTO:=awslc-fips-2022}"
-        : "${GCC_VERSION:=6}"
-        ;;
-    "libressl_gcc6")
-        : "${S2N_LIBCRYPTO:=libressl}"
-        : "${GCC_VERSION:=6}"
-        ;;
-    "libressl_gcc9")
-        : "${S2N_LIBCRYPTO:=libressl}"
-        : "${GCC_VERSION:=9}"
-        ;;
-    "boringssl")
-        : "${S2N_LIBCRYPTO:=boringssl}"
-        : "${GCC_VERSION:=9}"
-        ;;
-    "openssl-1.0.2")
-        : "${S2N_LIBCRYPTO:=openssl-1.0.2}"
-        : "${GCC_VERSION:=6}"
-        ;;
-    "openssl-1.0.2-fips")
-        : "${S2N_LIBCRYPTO:=openssl-1.0.2-fips}"
-        : "${GCC_VERSION:=4.8}"
-        ;;
-    "openssl-1.1.1_gcc4-8")
-        : "${S2N_LIBCRYPTO:=openssl-1.1.1}"
-        : "${GCC_VERSION:=4.8}"
-        ;;
-    "openssl-1.1.1_gcc6")
-        : "${S2N_LIBCRYPTO:=openssl-1.1.1}"
-        : "${GCC_VERSION:=6}"
-        : "${S2N_CORKED_IO:=true}"
-        ;;
-    "openssl-1.1.1_gcc6_softcrypto")
-        : "${S2N_LIBCRYPTO:=openssl-1.1.1}"
-        : "${GCC_VERSION:=6}"
-        : "${OPENSSL_ia32cap:=~0x200000200000000}"
-        ;;
-    "openssl-1.1.1_gcc9")
-        : "${S2N_LIBCRYPTO:=openssl-1.1.1}"
-        : "${GCC_VERSION:=9}"
-        ;;
-    "openssl-3.0")
-        : "${S2N_LIBCRYPTO:=openssl-3.0}"
-        : "${GCC_VERSION:=9}"
-        ;;
-    "openssl-3.0-fips")
-        : "${S2N_LIBCRYPTO:=openssl-3.0-fips}"
-        : "${GCC_VERSION:=9}"
-        ;;
-esac
-
diff --git a/codebuild/bin/s2n_setup_env.sh b/codebuild/bin/s2n_setup_env.sh
deleted file mode 100755
index 602862258a7..00000000000
--- a/codebuild/bin/s2n_setup_env.sh
+++ /dev/null
@@ -1,223 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-# TODO: Flag user if they didn't source this, values won't stick.
-
-source codebuild/bin/s2n_set_build_preset.sh
-
-# Setup Default Build Config
-: "${S2N_LIBCRYPTO:=openssl-1.1.1}"
-: "${BUILD_S2N:=false}"
-: "${GCC_VERSION:=NONE}"
-: "${LATEST_CLANG:=false}"
-: "${TESTS:=unit}"
-: "${S2N_COVERAGE:=false}"
-: "${LD_LIBRARY_PATH:=NONE}"
-
-# Setup the cache directory paths.
-# Set Env Variables with defaults if they aren't already set
-: "${BASE_S2N_DIR:=$(pwd)}"
-: "${TEST_DEPS_DIR:=$BASE_S2N_DIR/test-deps}"
-: "${PYTHON_INSTALL_DIR:=$TEST_DEPS_DIR/python}"
-: "${GNUTLS37_INSTALL_DIR:=$TEST_DEPS_DIR/gnutls37}"
-: "${PRLIMIT_INSTALL_DIR:=$TEST_DEPS_DIR/prlimit}"
-: "${SAW_INSTALL_DIR:=$TEST_DEPS_DIR/saw}"
-: "${Z3_INSTALL_DIR:=$TEST_DEPS_DIR/z3}"
-: "${LIBFUZZER_INSTALL_DIR:=$TEST_DEPS_DIR/libfuzzer}"
-: "${LATEST_CLANG_INSTALL_DIR:=$TEST_DEPS_DIR/clang}"
-: "${SCAN_BUILD_INSTALL_DIR:=$TEST_DEPS_DIR/scan-build}"
-: "${OPENSSL_1_1_1_INSTALL_DIR:=$TEST_DEPS_DIR/openssl-1.1.1}"
-: "${OPENSSL_3_0_INSTALL_DIR:=$TEST_DEPS_DIR/openssl-3.0}"
-: "${OPENSSL_3_FIPS_INSTALL_DIR:=$TEST_DEPS_DIR/openssl-3.0-fips}"
-: "${OPENSSL_1_0_2_INSTALL_DIR:=$TEST_DEPS_DIR/openssl-1.0.2}"
-: "${OPENSSL_1_0_2_FIPS_INSTALL_DIR:=$TEST_DEPS_DIR/openssl-1.0.2-fips}"
-: "${BORINGSSL_INSTALL_DIR:=$TEST_DEPS_DIR/boringssl}"
-: "${AWSLC_INSTALL_DIR:=$TEST_DEPS_DIR/awslc}"
-: "${AWSLC_FIPS_2022_INSTALL_DIR:=$TEST_DEPS_DIR/awslc-fips-2022}"
-: "${AWSLC_FIPS_2024_INSTALL_DIR:=$TEST_DEPS_DIR/awslc-fips-2024}"
-: "${AWSLC_FIPS_NEXT_INSTALL_DIR:=$TEST_DEPS_DIR/awslc-fips-next}"
-: "${LIBRESSL_INSTALL_DIR:=$TEST_DEPS_DIR/libressl}"
-: "${CPPCHECK_INSTALL_DIR:=$TEST_DEPS_DIR/cppcheck}"
-: "${CTVERIF_INSTALL_DIR:=$TEST_DEPS_DIR/ctverif}"
-: "${SIDETRAIL_INSTALL_DIR:=$TEST_DEPS_DIR/sidetrail}"
-: "${GB_INSTALL_DIR:=$TEST_DEPS_DIR/gb}"
-: "${APACHE2_INSTALL_DIR:=$TEST_DEPS_DIR/apache2}"
-: "${FUZZ_TIMEOUT_SEC:=10}"
-
-# Set some environment vars for OS, Distro and architecture.
-# Standardized as part of systemd http://0pointer.de/blog/projects/os-release
-# Samples:
-#  OS_NAME = "linux"
-#  DISTRO="ubuntu"
-#  VERSION_ID = "18.04"
-#  VERSION_CODENAME = "bionic"
-if [[ -f "/etc/os-release" ]]; then
-  # AL2 doesn't provide a codename.
-  . /etc/os-release
-  export DISTRO=$(echo "$NAME"|tr "[:upper:]" "[:lower:]")
-  export VERSION_ID=${VERSION_ID:-"unknown"}
-  export VERSION_CODENAME=${VERSION_CODENAME:-"unknown"}
-elif [[ -x "/usr/bin/sw_vers" ]]; then
-  export DISTRO="apple"
-  export VERSION_ID=$(sw_vers -productVersion|sed 's/:[[:space:]]*/=/g')
-  export VERSION_CODENAME="unknown"  # not queryable via CLI
-else
-  export DISTRO="unknown"
-  export VERSION_ID="unknown"
-  export VERSION_CODENAME="unknown"
-fi
-export OS_NAME=$(uname -s|tr "[:upper:]" "[:lower:]")
-export ARCH=$(uname -m)
-
-# Export all Env Variables
-export S2N_LIBCRYPTO
-export BUILD_S2N
-export GCC_VERSION
-export LATEST_CLANG
-export TESTS
-export BASE_S2N_DIR
-export TEST_DEPS_DIR
-export PYTHON_INSTALL_DIR
-export GNUTLS37_INSTALL_DIR
-export PRLIMIT_INSTALL_DIR
-export SAW_INSTALL_DIR
-export Z3_INSTALL_DIR
-export LIBFUZZER_INSTALL_DIR
-export LATEST_CLANG_INSTALL_DIR
-export SCAN_BUILD_INSTALL_DIR
-export OPENSSL_1_1_1_INSTALL_DIR
-export OPENSSL_3_0_INSTALL_DIR
-export OPENSSL_3_FIPS_INSTALL_DIR
-export OPENSSL_1_0_2_INSTALL_DIR
-export OPENSSL_1_0_2_FIPS_INSTALL_DIR
-export BORINGSSL_INSTALL_DIR
-export AWSLC_INSTALL_DIR
-export AWSLC_FIPS_INSTALL_DIR
-export AWSLC_FIPS_2022_INSTALL_DIR
-export LIBRESSL_INSTALL_DIR
-export CPPCHECK_INSTALL_DIR
-export CTVERIF_INSTALL_DIR
-export SIDETRAIL_INSTALL_DIR
-export OPENSSL_1_1_X_MASTER_INSTALL_DIR
-export FUZZ_TIMEOUT_SEC
-export GB_INSTALL_DIR
-export OS_NAME
-export S2N_CORKED_IO
-# For use by criterion/ci run reports
-export AWS_S3_URL="s3://s2n-tls-logs/release/"
-
-# S2N_COVERAGE should not be used with fuzz tests, use FUZZ_COVERAGE instead
-if [[ "$S2N_COVERAGE" == "true" && "$TESTS" == "fuzz" ]]; then
-    export S2N_COVERAGE="false"
-    export FUZZ_COVERAGE="true"
-fi
-
-# Select the libcrypto to build s2n against. If this is unset, default to the latest stable version(Openssl 1.1.1)
-if [[ -z $S2N_LIBCRYPTO ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_1_1_INSTALL_DIR ; fi
-if [[ "$S2N_LIBCRYPTO" == "openssl-1.1.1" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_1_1_INSTALL_DIR ; fi
-if [[ "$S2N_LIBCRYPTO" == "openssl-3.0" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_3_0_INSTALL_DIR ; fi
-if [[ "$S2N_LIBCRYPTO" == "openssl-3.0-fips" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_3_FIPS_INSTALL_DIR ; fi
-if [[ "$S2N_LIBCRYPTO" == "openssl-1.0.2" ]]; then export LIBCRYPTO_ROOT=$OPENSSL_1_0_2_INSTALL_DIR ; fi
-if [[ "$S2N_LIBCRYPTO" == "openssl-1.0.2-fips" ]]; then
-    export LIBCRYPTO_ROOT=$OPENSSL_1_0_2_FIPS_INSTALL_DIR ;
-    export S2N_TEST_IN_FIPS_MODE=1 ;
-fi
-if [[ "$S2N_LIBCRYPTO" == "boringssl" ]]; then export LIBCRYPTO_ROOT=$BORINGSSL_INSTALL_DIR ; fi
-if [[ "$S2N_LIBCRYPTO" == "awslc" ]]; then export LIBCRYPTO_ROOT=$AWSLC_INSTALL_DIR ; fi
-if [[ "$S2N_LIBCRYPTO" == "awslc-fips" ]]; then export LIBCRYPTO_ROOT=$AWSLC_FIPS_INSTALL_DIR ; fi
-if [[ "$S2N_LIBCRYPTO" == "awslc-fips-2022" ]]; then export LIBCRYPTO_ROOT=$AWSLC_FIPS_2022_INSTALL_DIR ; fi
-if [[ "$S2N_LIBCRYPTO" == "awslc-fips-2024" ]]; then export LIBCRYPTO_ROOT=$AWSLC_FIPS_2024_INSTALL_DIR ; fi
-if [[ "$S2N_LIBCRYPTO" == "awslc-fips-next" ]]; then export LIBCRYPTO_ROOT=$AWSLC_FIPS_NEXT_INSTALL_DIR ; fi
-if [[ "$S2N_LIBCRYPTO" == "libressl" ]]; then export LIBCRYPTO_ROOT=$LIBRESSL_INSTALL_DIR ; fi
-
-if [[ -n "${LIBCRYPTO_ROOT:-}" ]]; then
-  # Create a link to the selected libcrypto. This shouldn't be needed when LIBCRYPTO_ROOT is set, but some tests
-  # have the "libcrypto-root" directory path hardcoded.
-  rm -rf libcrypto-root && ln -s "$LIBCRYPTO_ROOT" libcrypto-root
-fi
-
-# Set the libfuzzer to use for fuzz tests
-export LIBFUZZER_ROOT=$LIBFUZZER_INSTALL_DIR
-
-#check if the path contains test dep X, if not and X exists, add to path
-# The AWSLC binary(bssl) is only used for the PQ test, with the integration BoringSSL provider, and does not need to match the libcrypto used to build s2n.
-# The OpenSSL 1.1.1 binary is used by the integ tests, and does not need to match the libcrypto used to build s2n.
-path_overrides="$AWSLC_INSTALL_DIR/bin
-$PYTHON_INSTALL_DIR/bin
-$OPENSSL_1_1_1_INSTALL_DIR/bin
-$SAW_INSTALL_DIR/bin
-$Z3_INSTALL_DIR/bin
-$SCAN_BUILD_INSTALL_DIR/bin
-$PRLIMIT_INSTALL_DIR/bin
-$LATEST_CLANG_INSTALL_DIR/bin
-`pwd`/codebuild/bin
-~/.local/bin"
-
-testdeps_path(){
-    echo -ne "checking $1 is in the path..."
-    if [[ ! "$PATH" =~ "$1" ]]; then
-        if [[ -d "$1" ]]; then
-            export PATH="$1:$PATH"
-            echo -e "added"
-        else
-            echo -e "doesn't exist"
-        fi
-    else
-        echo -e "already in path"
-    fi
-}
-
-for i in $path_overrides; do testdeps_path "$i" ;done
-
-# Just recording in the output for debugging.
-if [ -f "/etc/lsb-release" ]; then
-  cat /etc/lsb-release
-fi
-
-# Translate our custom variables into full paths to the compiler.
-set_cc(){
-  if [ -z ${GCC_VERSION:-} -o ${GCC_VERSION} = "NONE" ]; then
-    echo "No GCC_VERSION set"
-    if [ ${LATEST_CLANG:-} = "true" ]; then
-      echo "LATEST_CLANG is ${LATEST_CLANG}"
-      if [ -d ${LATEST_CLANG_INSTALL_DIR:-} ]; then
-        export CC=${LATEST_CLANG_INSTALL_DIR}/bin/clang
-        export CXX=${LATEST_CLANG_INSTALL_DIR}/bin/clang++
-        echo "CC set to ${CC}"
-        echo "CXX set to ${CXX}"
-      else
-        echo "Could not find a clang installation $LATEST_CLANG_INSTALL_DIR"
-      fi
-    fi
-  else
-    echo "GCC_VERSION is ${GCC_VERSION}"
-    export CC=$(which gcc-${GCC_VERSION})
-    export CXX=$(which g++-${GCC_VERSION})
-    echo "CC set to ${CC}"
-    echo "CXX set to ${CXX}"
-  fi
-}
-set_cc
-
-echo "UID=$UID"
-echo "OS_NAME=$OS_NAME"
-echo "S2N_LIBCRYPTO=$S2N_LIBCRYPTO"
-echo "LIBCRYPTO_ROOT=${LIBCRYPTO_ROOT:-}"
-echo "BUILD_S2N=$BUILD_S2N"
-echo "GCC_VERSION=$GCC_VERSION"
-echo "LATEST_CLANG=$LATEST_CLANG"
-echo "TESTS=$TESTS"
-echo "PATH=$PATH"
-echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
diff --git a/codebuild/bin/setup_ec2.sh b/codebuild/bin/setup_ec2.sh
deleted file mode 100755
index 0ca216b1a3d..00000000000
--- a/codebuild/bin/setup_ec2.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0
-set -euo pipefail
-
-display_usage() {
-    cat <<EOF
-Usage: $0 [OPTIONS]
-
-Sets up an AWS EC2 instance for CodeBuild fleets by:
-  1) Installing Nix package manager on a bare EC2 instance
-  2) Configuring Nix to be usable by the root user for CodeBuild compatibility
-     (Note: This is not officially supported by Nix)
-
-Options:
-  -h, --help    Display this help message and exit
-EOF
-}
-
-setup_nix() {
-    echo "=== Setting up nix user, groups and permissions ==="
-    sudo groupadd nixbld
-    sudo useradd -m -g nixbld -G nixbld nix
-    # Give everyone on the system read access to the nix user homedir.
-    sudo chmod 755 /home/nix
-    echo "Both $HOME and $USER need to be set for the nix installer to work."
-    echo "=== Installing Nix ==="
-    sudo -u nix bash -c "sh <(curl --proto '=https' --tlsv1.2 -L https://nixos.org/nix/install) --no-daemon"
-    echo "=== Enabling Nix flakes ==="
-    sudo -u nix bash -c 'mkdir -p ~/.config/nix; echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf'
-    # This sidesteps the need to update PATH for every user.
-    sudo ln -s /home/nix/.nix-profile/bin/nix /usr/local/bin
-    echo "=== Setting up Nix configs for the root user ==="
-    sudo -u root bash -c "ln -s /home/nix/.nix-profile ~/"
-    sudo -u root bash -c "ln -s /home/nix/.config ~/"
-}
-
-setup_sudo() {
-    echo "=== Setting up sudo for the nix user, needed for installation ==="
-    # The nix installer refuses to install as root, so we need to set up sudo for the nix user.
-    sudo bash -c "echo 'nix ALL=NOPASSWD: ALL' > /etc/sudoers.d/nix"
-}
-
-check_gnutls_config() {
-    if [[ -f "/etc/gnutls/config" ]]; then
-        echo "Turning off gnuTLS overrides"
-        sudo rm -f /etc/gnutls/config
-    fi
-}
-
-update_ubuntu_packages() {
-    sudo apt update
-    sudo apt upgrade -y
-}
-# main
-for arg in "$@"; do
-    case $arg in
-        -h|--help)
-            display_usage
-            exit 0
-            ;;
-    esac
-done
-check_gnutls_config
-update_ubuntu_packages
-setup_sudo
-setup_nix
diff --git a/codebuild/bin/start_codebuild.sh b/codebuild/bin/start_codebuild.sh
deleted file mode 100755
index 17e20361876..00000000000
--- a/codebuild/bin/start_codebuild.sh
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-
-# Codebuild does not run in the Github CI if certain files are modified.
-# Launching each individual build from the Codebuild UI is slow and tedious.
-# Instead, this script will launch all the Codebuild builds at once.
-# You will need to setup the AWS CLI with the proper authentication.
-
-set -e
-
-BUILDS=(
-    "AddressSanitizer"
-    "S2nIntegrationV2SmallBatch"
-    "Valgrind"
-    "s2nFuzzBatch"
-    "s2nGeneralBatch"
-    "s2nUnitNix"
-    "IntegRustNixBatch"
-    "Integv2NixBatch"
-    "kTLS us-west-2 no-batch"
-    "kTLSKeyUpdate us-west-2 no-batch"
-)
-
-usage() {
-    echo "start_codebuild.sh <source_version> <repo>"
-    echo "    example: start_codebuild.sh pr/1111"
-    echo "    example: start_codebuild.sh 1234abcd"
-    echo "    example: start_codebuild.sh test_branch lrstewart/s2n"
-}
-
-if [ "$#" -lt "1" ]; then
-    usage
-    exit 1
-fi
-SOURCE_VERSION=$1
-REPO=${2:-aws/s2n-tls}
-
-start_build() {
-    NAME=$1
-    REGION=${2:-"us-west-2"}
-    BATCH=${3:-"batch"}
-    
-    START_COMMAND="start-build-batch"
-    if [ "$BATCH" = "no-batch" ]; then
-        START_COMMAND="start-build"
-    fi
-    aws --region $REGION codebuild $START_COMMAND \
-        --project-name $NAME \
-        --source-location-override https://github.com/$REPO \
-        --source-version $SOURCE_VERSION | jq -re "(.buildBatch.id // .build.id)"
-}
-
-for args in "${BUILDS[@]}"; do
-    start_build $args
-done
-echo "All builds successfully started."
diff --git a/codebuild/bin/test_dynamic_load.sh b/codebuild/bin/test_dynamic_load.sh
deleted file mode 100755
index e75554ab668..00000000000
--- a/codebuild/bin/test_dynamic_load.sh
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-# This script compiles s2n-tls as a shared library and compiles a test 
-# without linking to the library. This enables us to test behavior when 
-# s2n-tls is dynamically loaded.
-
-WORK_DIR=$1
-
-if [ ! -z "$NIX_STORE" ]; then
-    OPENSSL=$(which openssl)
-    LIBCRYPTO_ROOT=$(nix-store --query $OPENSSL)
-else
-    source codebuild/bin/s2n_setup_env.sh
-fi
-
-S2N_BUILD_ARGS=(-H. -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT -DBUILD_TESTING=OFF)
-
-# create installation dir with libs2n.so
-if [ ! -d $WORK_DIR/s2n-install-shared ]; then
-    (set -x; cmake -B$WORK_DIR/s2n-build-shared -DCMAKE_INSTALL_PREFIX=$WORK_DIR/s2n-install-shared -DBUILD_SHARED_LIBS=ON ${S2N_BUILD_ARGS[@]})
-    (set -x; cmake --build $WORK_DIR/s2n-build-shared --target install -- -j $(nproc))
-fi
-
-# Compile the test file
-$CC -Wl,-rpath $LIBCRYPTO_ROOT -o s2n_dynamic_load_test codebuild/bin/s2n_dynamic_load_test.c -ldl -lpthread
-
-LDD_OUTPUT=$(ldd s2n_dynamic_load_test)
-
-# Confirm executable doesn't have libs2n.so loaded
-if echo "$LDD_OUTPUT" | grep -q libs2n; then
-    echo "test failure: libs2n should not appear in ldd output"
-    exit 1
-fi
-
-# Run the test with the path to libs2n
-echo "Running s2n_dynamic_load_test"
-LD_LIBRARY_PATH=$LIBCRYPTO_ROOT/lib ./s2n_dynamic_load_test $WORK_DIR/s2n-install-shared/lib/libs2n.so
-returncode=$?
-if [ $returncode -ne 0 ]; then
-    echo "test failure: s2n_dynamic_load_test did not succeed"
-    exit 1
-fi
-echo "Passed s2n_dynamic_load_test"
diff --git a/codebuild/bin/test_exec_leak.sh b/codebuild/bin/test_exec_leak.sh
deleted file mode 100755
index 367652546a8..00000000000
--- a/codebuild/bin/test_exec_leak.sh
+++ /dev/null
@@ -1,99 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-# Test that all file descriptors are properly cleaned up when `exec`ing from
-# from an initialized s2n-tls process.
-
-source codebuild/bin/s2n_setup_env.sh
-source codebuild/bin/jobs.sh
-
-function build() {
-  echo "=== BUILDING $1 ==="
-  cmake . -B$1 -DCMAKE_PREFIX_PATH=$TARGET_LIBCRYPTO_PATH ${@:2}
-  cmake --build $1 -- -j $JOBS
-}
-
-function fail() {
-    echo "test failure: $1"
-    exit 1
-}
-
-function write_exec_app() {
-cat <<EOF > build/detect_exec_leak.c
-#include <s2n.h>
-#include "unistd.h"
-
-int main() {
-    s2n_init();
-    execl("build/bin/detect_exec_leak_finish", "", NULL);
-    return 0;
-}
-EOF
-}
-
-function write_exec_finish_app() {
-cat <<EOF > build/detect_exec_leak_finish.c
-#include <s2n.h>
-
-int main() {
-    s2n_init();
-    s2n_cleanup_final();
-
-    /* close std* file descriptors so valgrind output is less noisy */
-    fclose(stdin);
-    fclose(stdout);
-    fclose(stderr);
-    return 0;
-}
-EOF
-}
-
-# download libcrypto if its not available
-TARGET_LIBCRYPTO="${S2N_LIBCRYPTO//[-.]/_}"
-TARGET_LIBCRYPTO_PATH="${TEST_DEPS_DIR}/${S2N_LIBCRYPTO}"
-if [ ! -f $TARGET_LIBCRYPTO_PATH/lib/libcrypto.a ]; then
-    ./codebuild/bin/install_${TARGET_LIBCRYPTO}.sh $TARGET_LIBCRYPTO_PATH/src $TARGET_LIBCRYPTO_PATH linux
-fi
-
-# build s2n-tls
-build build -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=on
-
-# compile the test app for exec leak test
-mkdir -p build/valgrind_log_dir
-write_exec_app
-write_exec_finish_app
-cc -Iapi build/detect_exec_leak.c build/lib/libs2n.so -o build/bin/detect_exec_leak
-cc -Iapi build/detect_exec_leak_finish.c build/lib/libs2n.so -o build/bin/detect_exec_leak_finish
-
-# run valgrind with track-fds enabled
-valgrind_log_dir=valgrind_log_dir
-for test_file in detect_exec_leak detect_exec_leak_finish; do
-    LD_LIBRARY_PATH="build/lib:$TARGET_LIBCRYPTO_PATH/lib:$LD_LIBRARY_PATH" S2N_VALGRIND=1 \
-        valgrind --leak-check=full --show-leak-kinds=all --errors-for-leak-kinds=all \
-        --run-libc-freeres=yes -q --gen-suppressions=all --track-fds=yes \
-        --leak-resolution=high --undef-value-errors=no --trace-children=yes \
-        --suppressions=tests/unit/valgrind.suppressions --log-file="build/$valgrind_log_dir/$test_file" \
-    	  build/bin/$test_file
-
-    # search for all leaked file descriptors, excluding the valgrind_log_dir file
-    cat build/$valgrind_log_dir/$test_file | \
-        grep "Open file descriptor" | \
-        grep --invert-match $valgrind_log_dir \
-        && fail "file leak detected while running $test_file"
-done
-
-echo pass
diff --git a/codebuild/bin/test_install_shared_and_static.sh b/codebuild/bin/test_install_shared_and_static.sh
deleted file mode 100755
index b506185e606..00000000000
--- a/codebuild/bin/test_install_shared_and_static.sh
+++ /dev/null
@@ -1,133 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-set -eo pipefail
-
-usage() {
-    echo "test_install_shared_and_static.sh build_dir"
-    echo "Checks that installed s2n-config.cmake chooses appropriately between shared and static."
-    echo "Note that you MUST build against the version of libcrypto that's actually installed on the system,"
-    echo "because installing libs2n.so forces it to use the system's libcrypto.so."
-    exit 1
-}
-
-if [ "$#" -ne 1 ]; then
-    usage
-fi
-
-WORK_DIR=$1
-
-source codebuild/bin/s2n_setup_env.sh
-source codebuild/bin/jobs.sh
-
-COMMON_S2N_BUILD_ARGS=(-H. -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT -DBUILD_TESTING=OFF)
-
-# create installation dir with libs2n.so
-if [ ! -d $WORK_DIR/s2n-install-shared ]; then
-    (set -x; cmake -B$WORK_DIR/s2n-build-shared -DCMAKE_INSTALL_PREFIX=$WORK_DIR/s2n-install-shared -DBUILD_SHARED_LIBS=ON ${COMMON_S2N_BUILD_ARGS[@]})
-    (set -x; cmake --build $WORK_DIR/s2n-build-shared --target install -- -j $JOBS)
-fi
-
-# create installation dir with libs2n.a
-if [ ! -d $WORK_DIR/s2n-install-static ]; then
-    (set -x; cmake -B$WORK_DIR/s2n-build-static -DCMAKE_INSTALL_PREFIX=$WORK_DIR/s2n-install-static -DBUILD_SHARED_LIBS=OFF ${COMMON_S2N_BUILD_ARGS[@]})
-    (set -x; cmake --build $WORK_DIR/s2n-build-static --target install -- -j $JOBS)
-fi
-
-# create installation dir with both libs2n.so and libs2n.a
-if [ ! -d $WORK_DIR/s2n-install-both ]; then
-    (set -x; cmake -B$WORK_DIR/s2n-build-shared-both -DCMAKE_INSTALL_PREFIX=$WORK_DIR/s2n-install-both -DBUILD_SHARED_LIBS=ON ${COMMON_S2N_BUILD_ARGS[@]})
-    (set -x; cmake --build $WORK_DIR/s2n-build-shared-both --target install -- -j $JOBS)
-
-    (set -x; cmake -B$WORK_DIR/s2n-build-static-both -DCMAKE_INSTALL_PREFIX=$WORK_DIR/s2n-install-both -DBUILD_SHARED_LIBS=OFF  ${COMMON_S2N_BUILD_ARGS[@]})
-    (set -x; cmake --build $WORK_DIR/s2n-build-static-both --target install -- -j $JOBS)
-fi
-
-# write out source of a small cmake project, containing:
-# - mylib: a library that uses s2n
-# - myapp: executable that uses mylib
-rm -rf $WORK_DIR/myapp-src
-mkdir -p $WORK_DIR/myapp-src
-
-cat <<EOF > $WORK_DIR/myapp-src/mylib.c
-extern int s2n_init(void);
-
-void mylib_init(void) {
-    s2n_init();
-}
-EOF
-
-cat <<EOF > $WORK_DIR/myapp-src/myapp.c
-extern void mylib_init(void);
-
-int main() {
-    mylib_init();
-}
-EOF
-
-cat <<EOF > $WORK_DIR/myapp-src/CMakeLists.txt
-cmake_minimum_required (VERSION 3.0)
-project (myapp C)
-
-add_library(mylib mylib.c)
-find_package(s2n REQUIRED)
-target_link_libraries(mylib PRIVATE AWS::s2n)
-
-add_executable(myapp myapp.c)
-target_link_libraries(myapp PRIVATE mylib)
-EOF
-
-# build myapp and mylib, confirm that expected type of libs2n is used
-build_myapp() {
-    local BUILD_SHARED_LIBS=$1 # ("BUILD_SHARED_LIBS=ON" or "BUILD_SHARED_LIBS=OFF")
-    local S2N_INSTALL_DIR=$2 # which s2n-install dir should be used
-    local LIBS2N_EXPECTED=$3 # ("libs2n.so" or "libs2n.a") which type of libs2n is expected to be used
-
-    echo "---------------------------------------------------------------------"
-    echo "building myapp with $BUILD_SHARED_LIBS looking-in:$S2N_INSTALL_DIR should-use:$LIBS2N_EXPECTED"
-
-    local MYAPP_BUILD_DIR=$WORK_DIR/myapp-build
-    rm -rf $MYAPP_BUILD_DIR/
-
-    local S2N_INSTALL_PATH=$(realpath $WORK_DIR/$S2N_INSTALL_DIR)
-
-    (set -x; cmake -H$WORK_DIR/myapp-src -B$MYAPP_BUILD_DIR -D$BUILD_SHARED_LIBS "-DCMAKE_PREFIX_PATH=$S2N_INSTALL_PATH;$LIBCRYPTO_ROOT")
-    (set -x; cmake --build $MYAPP_BUILD_DIR)
-
-    LDD_OUTPUT=$(ldd $MYAPP_BUILD_DIR/myapp)
-    echo "$LDD_OUTPUT"
-
-    if echo "$LDD_OUTPUT" | grep -q libs2n.so; then
-        local LIBS2N_ACTUAL=libs2n.so
-    else
-        local LIBS2N_ACTUAL=libs2n.a
-    fi
-
-    if [ $LIBS2N_ACTUAL != $LIBS2N_EXPECTED ]; then
-        echo "test failure: used $LIBS2N_ACTUAL, but expected to use $LIBS2N_EXPECTED"
-        exit 1
-    fi
-}
-
-# if only shared libs2n.so is available, that's what should get used
-build_myapp BUILD_SHARED_LIBS=ON s2n-install-shared libs2n.so
-build_myapp BUILD_SHARED_LIBS=OFF s2n-install-shared libs2n.so
-
-# if only static libs2n.a is available, that's what should get used
-build_myapp BUILD_SHARED_LIBS=ON s2n-install-static libs2n.a
-build_myapp BUILD_SHARED_LIBS=OFF s2n-install-static libs2n.a
-
-# if both libs2n.so and libs2n.a are available...
-build_myapp BUILD_SHARED_LIBS=ON s2n-install-both libs2n.so # should choose libs2n.so
-build_myapp BUILD_SHARED_LIBS=OFF s2n-install-both libs2n.a # should choose libs2n.a
diff --git a/codebuild/bin/test_libcrypto_interning.sh b/codebuild/bin/test_libcrypto_interning.sh
deleted file mode 100755
index 256e538a2fb..00000000000
--- a/codebuild/bin/test_libcrypto_interning.sh
+++ /dev/null
@@ -1,176 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-
-set -e
-
-source codebuild/bin/s2n_setup_env.sh
-source codebuild/bin/jobs.sh
-
-# build 2 different version of libcrypto to make it easy to break the application if
-# interning doesn't work as expected
-WHICH_LIBCRYPTO=$(echo "${S2N_LIBCRYPTO:-"openssl-1.1.1"}")
-TARGET_LIBCRYPTO="${WHICH_LIBCRYPTO//[-.]/_}"
-TARGET_LIBCRYPTO_PATH="${TEST_DEPS_DIR}/${WHICH_LIBCRYPTO}"
-OPENSSL_1_0="$OPENSSL_1_0_2_INSTALL_DIR"
-if [ ! -f $OPENSSL_1_0/lib/libcrypto.a ]; then
-  ./codebuild/bin/install_openssl_1_0_2.sh $OPENSSL_1_0/src $OPENSSL_1_0 linux
-fi
-if [ ! -f $TARGET_LIBCRYPTO_PATH/lib/libcrypto.a ]; then
-  if [ "$TARGET_LIBCRYPTO" == "awslc" ]; then
-    ./codebuild/bin/install_${TARGET_LIBCRYPTO}.sh $TARGET_LIBCRYPTO_PATH/src $TARGET_LIBCRYPTO_PATH 0
-  else
-    ./codebuild/bin/install_${TARGET_LIBCRYPTO}.sh $TARGET_LIBCRYPTO_PATH/src $TARGET_LIBCRYPTO_PATH linux
-  fi
-fi
-
-COMMON_FLAGS="-DCMAKE_PREFIX_PATH=$TARGET_LIBCRYPTO_PATH -DCMAKE_BUILD_TYPE=RelWithDebInfo"
-LTO_FLAGS="-DS2N_LTO=on"
-
-# use LTO-aware commands if possible
-if [ -x "$(command -v gcc-ar)" ]; then
-  LTO_FLAGS+=" -DCMAKE_AR=$(which gcc-ar) -DCMAKE_NM=$(which gcc-nm) -DCMAKE_RANLIB=$(which gcc-ranlib)"
-fi
-
-function fail() {
-    echo "test failure: $1"
-    exit 1
-}
-
-function write_app() {
-cat <<EOF > $1
-#include <s2n.h>
-#include <openssl/bn.h>
-
-int main() {
-    s2n_init();
-    BN_CTX_new();
-    return 0;
-}
-EOF
-}
-
-function build() {
-  echo "=== BUILDING $1 ==="
-  cmake . -B$1 $COMMON_FLAGS ${@:2}
-  cmake --build $1 -- -j $JOBS
-}
-
-function tests() {
-  echo "=== TESTING $1 ==="
-  make -C $1 test ARGS="-j $JOBS -L unit"
-}
-
-##################
-# Dynamic builds #
-##################
-
-# build a default version to test what happens without interning
-build build/shared-default -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=on
-ldd ./build/shared-default/lib/libs2n.so | grep -q libcrypto || fail "shared-default: libcrypto was not linked"
-
-# ensure libcrypto interning works with shared libs and no testing
-build build/shared -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=off -DS2N_INTERN_LIBCRYPTO=on
-# s2n should not publicly depend on libcrypto
-ldd ./build/shared/lib/libs2n.so | grep -q libcrypto && fail "shared: libcrypto was not interned"
-
-# ensure libcrypto interning works with shared libs, LTO and no testing
-# NOTE: interning+LTO+testing doesn't currently work
-build build/shared-lto -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=off -DS2N_INTERN_LIBCRYPTO=on $LTO_FLAGS
-# s2n should not publicly depend on libcrypto
-ldd ./build/shared-lto/lib/libs2n.so | grep -q libcrypto && fail "shared-lto: libcrypto was not interned"
-
-# ensure libcrypto interning works with shared libs and testing
-build build/shared-testing -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=on -DS2N_INTERN_LIBCRYPTO=on
-# s2n should not publicly depend on libcrypto
-ldd ./build/shared-testing/lib/libs2n.so | grep -q libcrypto && fail "shared-testing: libcrypto was not interned"
-# run the tests and make sure they all pass with the prefixed version
-tests build/shared-testing
-# load the wrong version of libcrypto and the tests should still pass
-LD_PRELOAD=$OPENSSL_1_0/lib/libcrypto.so tests build/shared-testing
-
-# ensure the small app will compile with both versions of openssl without any linking issues
-for build in shared shared-lto; do
-  # create a small app that links against both s2n and libcrypto
-  write_app build/$build/app.c
-
-  for target in $OPENSSL_1_0 $TARGET_LIBCRYPTO_PATH; do
-    echo "testing $build linking with $target"
-    mkdir -p $target/bin
-    cc -fPIE -Iapi -I$target/include build/$build/app.c build/$build/lib/libs2n.so $target/lib/libcrypto.a -lpthread -ldl -o $target/bin/test-app
-    # make sure the app doesn't crash
-    LD_LIBRARY_PATH="build/$build/lib:$target/lib:$LD_LIBRARY_PATH" $target/bin/test-app
-  done
-done
-
-##################
-# Static builds  #
-##################
-
-# ensure libcrypto interning works with static libs
-# NOTE: static builds don't vary based on testing being enabled
-build build/static -DBUILD_SHARED_LIBS=off -DBUILD_TESTING=on -DS2N_INTERN_LIBCRYPTO=on
-tests build/static
-
-# TODO figure out how to get static-lto+interning builds working
-
-# ensure the small app will compile with both versions of openssl without any linking issues
-for build in static; do
-  # create a small app that links against both s2n and libcrypto
-  write_app build/$build/app.c
-
-  for target in $OPENSSL_1_0 $TARGET_LIBCRYPTO_PATH; do
-    echo "testing $build linking with $target"
-    mkdir -p $target/bin
-    cc -fPIE -Iapi -I$target/include build/$build/app.c build/$build/lib/libs2n.a $target/lib/libcrypto.a -lpthread -ldl -o $target/bin/test-app
-    nm $target/bin/test-app | grep -q 'T s2n$BN_CTX_new' || fail "$target: libcrypto symbols were not prefixed"
-    nm $target/bin/test-app | grep -q 'T BN_CTX_new' || fail "$target: libcrypto was not linked in application"
-    # make sure the app doesn't crash
-    $target/bin/test-app
-  done
-done
-
-##################
-# Runtime tests  #
-##################
-
-run_connection_test() {
-    local TARGET="$1"
-    
-    LD_PRELOAD=$OPENSSL_1_0/lib/libcrypto.so ./build/$TARGET/bin/s2nd -c default_tls13 localhost 4433 &> /dev/null &
-    local SERVER_PID=$!
-    
-    # Wait for the server to start up before connecting
-    sleep 5s
-    
-    LD_PRELOAD=$OPENSSL_1_0/lib/libcrypto.so ./build/$TARGET/bin/s2nc -i -c default_tls13 localhost 4433 | tee build/client.log
-    kill $SERVER_PID &> /dev/null || true
-
-    # ensure a TLS 1.3 session was negotiated
-    echo "checking for TLS 1.3"
-    grep -q "Actual protocol version: 34" build/client.log
-}
-
-# without interning, the connection should fail when linking the wrong version of libcrypto
-echo "Running test: attempt TLS1.3 handshake without interning"
-run_connection_test shared-default && fail "TLS 1.3 handshake was expected to fail"
-echo "TLS1.3 handshake failed as expected"
-echo ""
-
-# with interning, the connection should succeed even though we've linked the wrong version of libcrypto
-echo "Running test: attempt TLS1.3 handshake with interning"
-run_connection_test shared-testing || fail "TLS 1.3 handshake was expected to succeed"
-echo "TLS1.3 handshake succeeded as expected"
-
-echo "SUCCESS!"
diff --git a/codebuild/bin/utils.sh b/codebuild/bin/utils.sh
deleted file mode 100755
index fa165a09d54..00000000000
--- a/codebuild/bin/utils.sh
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/usr/bin/env bash
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-#
-set -e
-
-# Utility functions
-get_latest_release(){
-    local LATEST_RELEASE_URL=$(gh api /repos/aws/s2n-tls/releases/latest|jq -r '.tarball_url')
-    local LATEST_RELEASE_VER=$(echo "${LATEST_RELEASE_URL}" | sed 's|.*/||')
-    echo "${LATEST_RELEASE_VER}"
-}
-
-gh_login(){
-    # Takes secrets manager key as an argument
-    # This GH personal access token must have 'repo' permissions to work.
-    gh auth status || aws secretsmanager get-secret-value --secret-id "$1" --query 'SecretString' --output text |jq -r '.secret_key'| gh auth login --with-token
-
-    #gh auth status
-}
-
-criterion_install_deps(){
-    make install
-    source "$HOME"/.cargo/env
-    make -C bindings/rust
-}
-
-
-usage(){
-    echo -e "Usage:\n\tget_latest_release: returns just the latest v.N.N.N version"
-    echo -e "\tgh_login <Secret Name> : retrieves a GitHub PAT from secrets manager and logs into GitHub.\n"
-}
-
-if [[ "${BASH_SOURCE[0]}" == "${0}"  ]]; then
-    case "${1:-}" in
-        "gh_login")
-            gh_login "${2:-}";;
-        "get_latest_release")
-            get_latest_release
-            echo "$LATEST_RELEASE_VER";;
-        *)  usage;
-    esac
-fi
diff --git a/codebuild/spec/buildspec_32bit_cross_compile.yml b/codebuild/spec/buildspec_32bit_cross_compile.yml
deleted file mode 100644
index 67eb9450fac..00000000000
--- a/codebuild/spec/buildspec_32bit_cross_compile.yml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-phases:
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-        fi
-  build:
-    on-failure: ABORT
-    commands:
-      - cmake . -Bbuild -DCMAKE_TOOLCHAIN_FILE=cmake/toolchains/32-bit.toolchain
-      - cmake --build ./build -j $(nproc)
-  post_build:
-    on-failure: ABORT
-    commands:
-      - CTEST_OUTPUT_ON_FAILURE=1 CTEST_PARALLEL_LEVEL=$(nproc) make -C build test
diff --git a/codebuild/spec/buildspec_amazonlinux.yml b/codebuild/spec/buildspec_amazonlinux.yml
deleted file mode 100644
index 53d0907012e..00000000000
--- a/codebuild/spec/buildspec_amazonlinux.yml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-env:
-  variables:
-    # CODEBUILD_ is a reserved namespace.
-    CB_BIN_DIR: "./codebuild/bin"
-
-phases:
-  install:
-    runtime-versions:
-      python: 3.x
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-        fi
-      - ./codebuild/bin/install_al_dependencies.sh
-  build:
-    commands:
-      - printenv
-      - $CB_BIN_DIR/s2n_codebuild_al.sh
diff --git a/codebuild/spec/buildspec_disable_rand_override.yml b/codebuild/spec/buildspec_disable_rand_override.yml
deleted file mode 100644
index e9871549a11..00000000000
--- a/codebuild/spec/buildspec_disable_rand_override.yml
+++ /dev/null
@@ -1,57 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-env:
-  shell: bash
-  variables:
-    # Select a libcrypto to test the backwards-compatible RAND engine override flag.
-    # The flag is now a no-op (the custom RAND engine was removed), but we verify
-    # that builds with the flag set to 0 still pass all tests.
-    S2N_LIBCRYPTO: "openssl-1.0.2"
-    CTEST_OUTPUT_ON_FAILURE: 1
-
-phases:
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-        fi
-  build:
-    on-failure: ABORT
-    commands:
-      - |
-        cmake . -Brand_override_enabled \
-          -DCMAKE_PREFIX_PATH=/usr/local/"${S2N_LIBCRYPTO}" \
-          -DCMAKE_BUILD_TYPE=RelWithDebInfo
-      - cmake --build ./rand_override_enabled -- -j $(nproc)
-      - |
-        cmake . -Brand_override_disabled \
-          -DCMAKE_PREFIX_PATH=/usr/local/"${S2N_LIBCRYPTO}" \
-          -DCMAKE_BUILD_TYPE=RelWithDebInfo \
-          -DS2N_OVERRIDE_LIBCRYPTO_RAND_ENGINE=0
-      - cmake --build ./rand_override_disabled -- -j $(nproc)
-  post_build:
-    on-failure: ABORT
-    commands:
-      # CTEST_PARALLEL_LEVEL is set outside of env/variables to ensure that `nproc` is evaluated.
-      - export CTEST_PARALLEL_LEVEL=$(nproc)
-      # Verify that s2n-tls tests pass with the RAND engine override disabled.
-      # The S2N_OVERRIDE_LIBCRYPTO_RAND_ENGINE flag is kept for backwards
-      # compatibility, but the custom RAND engine was removed as part of the
-      # DRBG removal. The flag is now a no-op.
-      - make -C rand_override_disabled test
-      # Verify that s2n-tls tests also pass with the default (override enabled) build.
-      - make -C rand_override_enabled test -- ARGS="-R 's2n_random_test'"
diff --git a/codebuild/spec/buildspec_fuzz.yml b/codebuild/spec/buildspec_fuzz.yml
deleted file mode 100644
index 55faa40afdc..00000000000
--- a/codebuild/spec/buildspec_fuzz.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-phases:
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-        fi
-      - /usr/bin/$COMPILER --version
-  build:
-    on-failure: ABORT
-    commands:
-      - |
-        cmake . -Bbuild \
-        -DCMAKE_PREFIX_PATH=/usr/local/$S2N_LIBCRYPTO \
-        -DS2N_FUZZ_TEST=on
-      - cmake --build ./build -- -j $(nproc)
-  post_build:
-    on-failure: ABORT
-    commands:
-      # -L: Restrict tests to names matching the pattern 'fuzz'
-      - cmake --build build/ --target test -- ARGS="-L fuzz --output-on-failure -j $(nproc)"
diff --git a/codebuild/spec/buildspec_fuzz_batch.yml b/codebuild/spec/buildspec_fuzz_batch.yml
deleted file mode 100644
index 5b77a0fbe7b..00000000000
--- a/codebuild/spec/buildspec_fuzz_batch.yml
+++ /dev/null
@@ -1,81 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-# This buildspec runs on an Ubuntu22 image. That configuration is a property of
-# the codebuild job itself.
-
-# Codebuild's matrix jobs have non-differentiated names so use batch-list
-# instead.
-
-# Parameter motivation
-
-# LIBCRYPTOS
-# awslc:         happy path libcrypto for s2n-tls
-# openssl 1.0.2: old version of libcrypto that is still supported by s2n-tls
-# openssl 1.1.1: old version of libcrypto that is still supported by s2n-tls
-# openssl 3:     libcrypto that is widely used
-
-batch:
-  build-list:
-    - identifier: clang_awslc
-      buildspec: codebuild/spec/buildspec_fuzz.yml
-      debug-session: true
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        privileged-mode: true
-        variables:
-          S2N_LIBCRYPTO: awslc
-          COMPILER: clang
-    - identifier: clang_openssl_1_0_2
-      buildspec: codebuild/spec/buildspec_fuzz.yml
-      debug-session: true
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        privileged-mode: true
-        variables:
-          S2N_LIBCRYPTO: openssl-1.0.2
-          COMPILER: clang
-    - identifier: clang_openssl_1_1_1
-      buildspec: codebuild/spec/buildspec_fuzz.yml
-      debug-session: true
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        privileged-mode: true
-        variables:
-          S2N_LIBCRYPTO: openssl-1.1.1
-          COMPILER: clang
-    - identifier: clang_openssl_3_0
-      buildspec: codebuild/spec/buildspec_fuzz.yml
-      debug-session: true
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        privileged-mode: true
-        variables:
-          S2N_LIBCRYPTO: openssl-3.0
-          COMPILER: clang
-    - identifier: clang_openssl_1_0_2_fips
-      buildspec: codebuild/spec/buildspec_fuzz.yml
-      debug-session: true
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        privileged-mode: true
-        variables:
-          S2N_LIBCRYPTO: openssl-1.0.2-fips
-          COMPILER: clang          
diff --git a/codebuild/spec/buildspec_fuzz_scheduled.yml b/codebuild/spec/buildspec_fuzz_scheduled.yml
deleted file mode 100644
index 29c9c8b354e..00000000000
--- a/codebuild/spec/buildspec_fuzz_scheduled.yml
+++ /dev/null
@@ -1,53 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-env:
-  variables:
-    S2N_LIBCRYPTO: "awslc"
-    COMPILER: clang
-
-phases:
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-        fi
-  build:
-    on-failure: ABORT
-    commands:
-      - |
-        cmake . -Bbuild \
-        -DCMAKE_PREFIX_PATH=/usr/local/$S2N_LIBCRYPTO \
-        -DCMAKE_C_COMPILER=/usr/bin/$COMPILER \
-        -DS2N_FUZZ_TEST=on \
-        -DCOVERAGE=on \
-        -DBUILD_SHARED_LIBS=on
-      - cmake --build ./build -- -j $(nproc)
-  post_build:
-    on-failure: ABORT
-    commands:
-      - ./codebuild/bin/fuzz_corpus_download.sh
-      # -L: Restrict tests to labels matching the pattern 'fuzz'
-      # --timeout: override ctest's default timeout of 1500
-      - cmake --build build/ --target test -- ARGS="-L fuzz --output-on-failure -j $(nproc) --timeout 28800"
-      - ./codebuild/bin/fuzz_corpus_upload.sh
-      - ./codebuild/bin/fuzz_coverage_report.sh
-
-artifacts:
-  # upload all files in the fuzz_coverage_report directory
-  files:
-    - '**/*'
-  base-directory: coverage/fuzz/total_fuzz_coverage
diff --git a/codebuild/spec/buildspec_generalbatch.yml b/codebuild/spec/buildspec_generalbatch.yml
deleted file mode 100644
index 42697566032..00000000000
--- a/codebuild/spec/buildspec_generalbatch.yml
+++ /dev/null
@@ -1,316 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-
-version: 0.2
-
-batch:
-  build-list:
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          GCC_VERSION: NONE
-          SAW: true
-          TESTS: tls
-      identifier: s2nSawTls
-    - buildspec: codebuild/spec/buildspec_sidetrail.yml
-      env:
-        compute-type: BUILD_GENERAL1_2XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu14codebuild
-        privileged-mode: true
-        variables:
-          TESTS: sidetrail
-      identifier: s2nSidetrail
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: 'true'
-          TESTS: exec_leak
-      identifier: s2nExecLeak
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: 'true'
-          GCC_VERSION: '9'
-          S2N_LIBCRYPTO: 'openssl-1.1.1'
-          TESTS: unit
-      identifier: s2nUnitOpenssl111Gcc9
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: true
-          GCC_VERSION: 9
-          S2N_COVERAGE: true
-          S2N_LIBCRYPTO: openssl-3.0
-          TESTS: unit
-      identifier: s2nUnitOpenssl3Gcc9
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: true
-          GCC_VERSION: 9
-          S2N_COVERAGE: true
-          S2N_LIBCRYPTO: openssl-3.0-fips
-          TESTS: unit
-      identifier: s2nUnitOpenssl3FIPSGcc9
-    ### Ubuntu24 ###
-    # Openssl-1.1.1 + gcc-13: Prefer more widely used Openssl on the default
-    #   Ubuntu24 compiler.
-    # Aws-lc + clang-18: aws-lc is being built with clang; keep parity while building
-    #   s2n-tls on a newer compiler.
-    - buildspec: codebuild/spec/buildspec_ubuntu_cmake.yml
-      env:
-        compute-type: BUILD_GENERAL1_MEDIUM
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24
-        privileged-mode: true
-        variables:
-          COMPILER: 'gcc-13'
-          S2N_LIBCRYPTO: 'openssl-1.1.1'
-      identifier: s2nUnitOpenssl111Gcc13
-    - buildspec: codebuild/spec/buildspec_ubuntu_cmake.yml
-      env:
-        compute-type: BUILD_GENERAL1_MEDIUM
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24
-        privileged-mode: true
-        variables:
-          COMPILER: 'clang-18'
-          S2N_LIBCRYPTO: 'awslc'
-      identifier: s2nUnitAwslcClang18
-    - buildspec: codebuild/spec/buildspec_amazonlinux.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: aws/codebuild/amazonlinux2-aarch64-standard:2.0
-        privileged-mode: true
-        type: ARM_CONTAINER
-        variables:
-          TESTS: unit
-      identifier: s2nUnitAl2Arm
-    - buildspec: codebuild/spec/buildspec_amazonlinux.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
-        privileged-mode: true
-        variables:
-          TESTS: unit
-          S2N_LIBCRYPTO: default
-      identifier: s2nUnitAL2
-    - buildspec: codebuild/spec/buildspec_amazonlinux.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
-        privileged-mode: true
-        variables:
-          TESTS: unit
-          S2N_LIBCRYPTO: openssl-1.1.1
-      identifier: s2nUnitAl2Openssl111
-    - buildspec: codebuild/spec/buildspec_amazonlinux.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
-        privileged-mode: true
-        variables:
-          TESTS: unit
-          S2N_LIBCRYPTO: default
-      identifier: UnitAl2023x86
-    - buildspec: codebuild/spec/buildspec_amazonlinux.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: aws/codebuild/amazonlinux2-aarch64-standard:3.0
-        privileged-mode: true
-        type: ARM_CONTAINER
-        variables:
-          TESTS: unit
-          S2N_LIBCRYPTO: default
-      identifier: UnitAl2023arm
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: 'true'
-          TESTS: interning
-      identifier: s2nLibcryptoInterningOpenSSL
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: 'true'
-          S2N_LIBCRYPTO: awslc
-          TESTS: interning
-      identifier: s2nLibcryptoInterningAwslc
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: 'true'
-          S2N_LIBCRYPTO: awslc-fips-2022
-          TESTS: interning
-      identifier: s2nLibcryptoInterningAwslcFips2022
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24
-        privileged-mode: true
-        variables:
-          GCC_VERSION: '13'
-          TESTS: crt
-      identifier: s2nUnitCRT
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          S2N_LIBCRYPTO: openssl-1.1.1
-          TESTS: sharedandstatic
-      identifier: s2nInstallSharedAndStatic
-    - identifier: s2nDynamicLoad
-      buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          TESTS: dynamicload
-          S2N_LIBCRYPTO: openssl-1.1.1
-          GCC_VERSION: '9'
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: true
-          GCC_VERSION: 6
-          S2N_COVERAGE: true
-          S2N_LIBCRYPTO: openssl-1.1.1
-          TESTS: unit
-      identifier: s2nUnitOpenSSL111Gcc6Coverage
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: 'true'
-          GCC_VERSION: '6'
-          S2N_LIBCRYPTO: 'libressl'
-          TESTS: unit
-      identifier: s2nUnitLibressl
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: 'true'
-          GCC_VERSION: '4.8'
-          S2N_LIBCRYPTO: 'openssl-1.0.2-fips'
-          TESTS: unit
-      identifier: s2nUnitOpenssl102FipsGcc48
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: 'true'
-          GCC_VERSION: '9'
-          S2N_LIBCRYPTO: 'boringssl'
-          TESTS: unit
-      identifier: s2nUnitBoringssl
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: 'true'
-          GCC_VERSION: '9'
-          S2N_LIBCRYPTO: 'awslc-fips-2022'
-          TESTS: unit
-      identifier: s2nUnitAwslcFips2022
-    - buildspec: codebuild/spec/buildspec_ubuntu.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        privileged-mode: true
-        variables:
-          BUILD_S2N: 'true'
-          CC: '/usr/bin/clang'
-          CXX: '/usr/bin/clang++'
-          S2N_LIBCRYPTO: 'awslc'
-          TESTS: unit
-      identifier: s2nUnitClang15
-    - identifier: 32BitBuildAndUnit
-      buildspec: codebuild/spec/buildspec_32bit_cross_compile.yml
-      env:
-        privileged-mode: true
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-    - identifier: ThreadSanitizer
-      buildspec: codebuild/spec/buildspec_tsan.yml
-      env:
-        privileged-mode: true
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-    - identifier: musl
-      buildspec: codebuild/spec/buildspec_musl.yml
-      env:
-        privileged-mode: true
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-    - identifier: DisableRandOverride
-      buildspec: codebuild/spec/buildspec_disable_rand_override.yml
-      env:
-        privileged-mode: true
-        compute-type: BUILD_GENERAL1_LARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-    - identifier: s2nMemUsageTest_awslc
-      buildspec: codebuild/spec/buildspec_mem.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24
-        privileged-mode: true
-        variables:
-          S2N_LIBCRYPTO: 'awslc'
-          S2N_EXPECTED_CONNECTION_MEMORY_KB: 47
-    - identifier: s2nMemUsageTest_awslcfips
-      buildspec: codebuild/spec/buildspec_mem.yml
-      env:
-        compute-type: BUILD_GENERAL1_SMALL
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24
-        privileged-mode: true
-        variables:
-          S2N_LIBCRYPTO: 'awslc-fips-2022'
-          S2N_EXPECTED_CONNECTION_MEMORY_KB: 46
diff --git a/codebuild/spec/buildspec_integ_rust.yml b/codebuild/spec/buildspec_integ_rust.yml
deleted file mode 100644
index 413586b1678..00000000000
--- a/codebuild/spec/buildspec_integ_rust.yml
+++ /dev/null
@@ -1,168 +0,0 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0
-
-# Because the Ec2 reserved instance disks persist between runs,
-# we need to do periodic clean up; The `nix store gc` command runs on Sunday to
-# prevent the disk from filling up.
----
-version: 0.2
-env:
-  shell: bash
-
-batch:
-  build-graph:
-    # Cache job for x86
-    - identifier: nixCache_x86_64
-      env:
-        fleet: ubuntu24_x86_64_nix
-        variables:
-          NIXDEV_ARGS: --max-jobs auto
-          NIXDEV_LIBCRYPTO: .#default
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # Cache Job for aarch64
-    - identifier: nixCache_aarch64
-      env:
-        fleet: ubuntu24_aarch64_nix
-        variables:
-          NIXDEV_ARGS: --max-jobs auto
-          NIXDEV_LIBCRYPTO: .#default
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # OpenSSL 1.0.2 x86
-    - identifier: Rust_openssl102_x86_0
-      depend-on:
-        - nixCache_x86_64
-      env:
-        fleet: ubuntu24_x86_64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#rust_openssl102
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # OpenSSL 1.0.2 aarch64
-    - identifier: Rust_openssl102_aarch64_0
-      depend-on:
-        - nixCache_aarch64
-      env:
-        fleet: ubuntu24_aarch64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#rust_openssl102
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # OpenSSL 1.1.1 x86
-    - identifier: Rust_openssl111_x86_0
-      depend-on:
-        - nixCache_x86_64
-      env:
-        fleet: ubuntu24_x86_64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#rust_openssl111
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # OpenSSL 1.1.1 aarch64
-    - identifier: Rust_openssl111_aarch64_0
-      depend-on:
-        - nixCache_aarch64
-      env:
-        fleet: ubuntu24_aarch64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#rust_openssl111
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # OpenSSL 3.0 x86
-    - identifier: Rust_openssl30_x86_0
-      depend-on:
-        - nixCache_x86_64
-      env:
-        fleet: ubuntu24_x86_64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#rust_openssl30
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # OpenSSL 3.0 aarch64
-    - identifier: Rust_openssl30_aarch64_0
-      depend-on:
-        - nixCache_aarch64
-      env:
-        fleet: ubuntu24_aarch64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#rust_openssl30
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # AWS-LC x86
-    - identifier: Rust_awslc_x86_0
-      depend-on:
-        - nixCache_x86_64
-      env:
-        fleet: ubuntu24_x86_64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#rust_awslc
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # AWS-LC aarch64
-    - identifier: Rust_awslc_aarch64_0
-      depend-on:
-        - nixCache_aarch64
-      env:
-        fleet: ubuntu24_aarch64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#rust_awslc
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # AWS-LC FIPS 2024 x86
-    - identifier: Rust_awslcfips2024_x86_0
-      depend-on:
-        - nixCache_x86_64
-      env:
-        fleet: ubuntu24_x86_64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#rust_awslcfips2024
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # AWS-LC FIPS 2024 aarch64
-    - identifier: Rust_awslcfips2024_aarch64_0
-      depend-on:
-        - nixCache_aarch64
-      env:
-        fleet: ubuntu24_aarch64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#rust_awslcfips2024
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-phases:
-  install:
-    commands:
-      - if [[ $(date +%u) -eq 0 ]]; then nix store gc; fi
-      - |
-        if [[ $CODEBUILD_BATCH_BUILD_IDENTIFIER =~ .*"nixCache".* ]]; then
-          echo "Refreshing nix cache..."
-          nix copy --from $NIX_CACHE_BUCKET --all --no-check-sigs
-          nix build .#devShell
-          nix copy --to $NIX_CACHE_BUCKET .#devShell
-        else
-          echo "Downloading cache"
-          nix copy --from $NIX_CACHE_BUCKET --all --no-check-sigs
-        fi
-  pre_build:
-    commands:
-      - |
-        set -e
-        if [[ ! $CODEBUILD_BATCH_BUILD_IDENTIFIER =~ .*"nixCache".* ]]; then
-          nix copy --from $NIX_CACHE_BUCKET --all --no-check-sigs
-          nix develop $NIXDEV_ARGS $NIXDEV_LIBCRYPTO --command bash -c "source ./nix/shell.sh; rust_configure"
-        fi
-  build:
-    commands:
-      - |
-        set -e
-        if [[ ! $CODEBUILD_BATCH_BUILD_IDENTIFIER =~ .*"nixCache".* ]]; then
-          nix develop $NIXDEV_ARGS $NIXDEV_LIBCRYPTO --command bash -c "source ./nix/shell.sh; rust_build"
-        fi
-  post_build:
-    commands:
-      - |
-        set -e
-        if [[ ! $CODEBUILD_BATCH_BUILD_IDENTIFIER =~ .*"nixCache".* ]]; then
-          echo "Running Rust integration tests with $NIXDEV_LIBCRYPTO"
-          nix develop $NIXDEV_ARGS $NIXDEV_LIBCRYPTO --command bash -c "source ./nix/shell.sh; rust_test"
-        fi
diff --git a/codebuild/spec/buildspec_integv2_nix.yml b/codebuild/spec/buildspec_integv2_nix.yml
deleted file mode 100644
index d24c7d012af..00000000000
--- a/codebuild/spec/buildspec_integv2_nix.yml
+++ /dev/null
@@ -1,139 +0,0 @@
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0
-
-# Because the Ec2 reserved instance disks persist between runs,
-# we need to do periodic clean up; The `nix store gc` command runs on Sunday to
-# prevent the disk from filling up.
----
-version: 0.2
-env:
-  shell: bash
-
-batch:
-  build-graph:
-    # Cache job for x86
-    - identifier: nixCache_x86_64
-      env:
-        fleet: ubuntu24_x86_64_nix
-        variables:
-          # max-jobs tell nix to use all available cores for building derivations.
-          NIXDEV_ARGS: --max-jobs auto
-          NIXDEV_LIBCRYPTO: .#default
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # Cache Job for aarch64
-    - identifier: nixCache_aarch64
-      env:
-        fleet: ubuntu24_aarch64_nix
-        variables:
-          # max-jobs tell nix to use all available cores for building derivations.
-          NIXDEV_ARGS: --max-jobs auto
-          NIXDEV_LIBCRYPTO: .#default
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # AWSLC  x86
-    - identifier: Integ_awslc_x86_0
-      depend-on:
-        - nixCache_x86_64
-      env:
-        fleet: ubuntu24_x86_64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#awslc
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # AWSLC aarch64
-    - identifier: Integ_awslc_aarch64_0
-      depend-on:
-        - nixCache_aarch64
-      env:
-        fleet: ubuntu24_aarch64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#awslc
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # AWSLC-FIPS-2022
-    - identifier: Integ_awslcfips2022_x86_64_0
-      depend-on:
-        - nixCache_x86_64
-      env:
-        fleet: ubuntu24_x86_64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#awslcfips2022
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # AWSLC-FIPS-2024
-    - identifier: Integ_awslcfips2024_aarch64_0
-      depend-on:
-        - nixCache_aarch64
-      env:
-        fleet: ubuntu24_aarch64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#awslcfips2024
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # Openssl30 x86
-    - identifier: Integ_openssl30_x86_0
-      depend-on:
-        - nixCache_x86_64
-      env:
-        fleet: ubuntu24_x86_64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#default
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # Openssl30 aarch64
-    - identifier: Integ_openssl30_aarch64_0
-      depend-on:
-        - nixCache_aarch64
-      env:
-        fleet: ubuntu24_aarch64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#default
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # Openssl111 aarch64 only
-    - identifier: Integ_openssl111_aarch64_0
-      depend-on:
-        - nixCache_aarch64
-      env:
-        fleet: ubuntu24_aarch64_nix
-        variables:
-          NIXDEV_LIBCRYPTO: .#openssl111
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-phases:
-  install:
-    commands:
-      - if [[ $(date +%u) -eq 0 ]]; then nix store gc; fi
-      - |
-        if [[ $CODEBUILD_BATCH_BUILD_IDENTIFIER =~ .*"nixCache".* ]]; then
-          echo "Refreshing nix cache..."
-          nix copy --from $NIX_CACHE_BUCKET --all --no-check-sigs
-          nix build .#devShell
-          nix copy --to $NIX_CACHE_BUCKET .#devShell
-        else
-          echo "Downloading cache"
-          nix copy --from $NIX_CACHE_BUCKET --all --no-check-sigs
-        fi
-  pre_build:
-    commands:
-      - |
-        set -e
-        if [[ ! $CODEBUILD_BATCH_BUILD_IDENTIFIER =~ .*"nixCache".* ]]; then
-          nix copy --from  $NIX_CACHE_BUCKET --all  --no-check-sigs
-          nix develop $NIXDEV_ARGS $NIXDEV_LIBCRYPTO --command bash -c "source ./nix/shell.sh; configure"
-        fi
-  build:
-    commands:
-      - |
-        set -e
-        if [[ ! $CODEBUILD_BATCH_BUILD_IDENTIFIER =~ .*"nixCache".* ]]; then
-          nix develop $NIXDEV_ARGS $NIXDEV_LIBCRYPTO --command bash -c "source ./nix/shell.sh; build"
-        fi
-  post_build:
-    commands:
-      - |
-        set -e
-        if [[ ! $CODEBUILD_BATCH_BUILD_IDENTIFIER =~ .*"nixCache".* ]]; then
-          nix develop $NIXDEV_ARGS $NIXDEV_LIBCRYPTO --command bash -c "source ./nix/shell.sh;uvinteg"
-        fi
diff --git a/codebuild/spec/buildspec_ktls.yml b/codebuild/spec/buildspec_ktls.yml
deleted file mode 100644
index dc4d094be0a..00000000000
--- a/codebuild/spec/buildspec_ktls.yml
+++ /dev/null
@@ -1,55 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-
-version: 0.2
-# This is designed to work with CodeBuild's reserved instances fleet and
-# curated Ec2 AMI for AL2023.
-#
-# Because the Ec2 reserved instance disks persist between runs,
-# we need to do periodic clean up; The `nix store gc` command runs on Sunday to 
-# prevent the disk from filling up.
-env:
-  shell: bash
-  variables:
-    NIX_CACHE_BUCKET: "s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2"
-    NIX_INSTALLER: "https://nixos.org/nix/install"
-    S2N_KTLS_TESTING_EXPECTED: 1
-phases:
-  install:
-    commands:
-      - yum update -y; yum upgrade -y
-  pre_build:
-    commands:
-      - id; groupadd nixbld||true
-      - useradd -m -g nixbld -G nixbld nix || true
-      - |
-        echo "Working around the faulty yaml parser..."
-        echo 'nix ALL=NOPASSWD: ALL' > /etc/sudoers.d/nix
-      # (Re)Install nix
-      - sh <(curl -L "$NIX_INSTALLER") --no-daemon
-      # Make sure nix exists in the PATH
-      - export PATH=$HOME/.nix-profile/bin:$PATH
-      # Turn on flakes
-      - mkdir -p ~/.config/nix; echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
-      - if [[ $(date +%u) -eq 0 ]]; then nix store gc;fi
-      # Populate the store from the nix cache
-      - nix copy --from $NIX_CACHE_BUCKET --all  --no-check-sigs
-      # Load the TLS kernel module
-      - sudo modprobe tls
-      - echo "Checking that the TLS kernel mod loaded..."; test $(sudo lsmod|grep -c tls) = 1
-  build:
-    commands:
-      - nix develop .#awslc --command bash -c  'source ./nix/shell.sh && clean && configure && unit'
-      - S2N_CMAKE_OPTIONS="-DASAN=ON" nix develop .#awslc --command bash -c  'source ./nix/shell.sh && clean && configure && unit'
-
diff --git a/codebuild/spec/buildspec_ktls_keyupdate.yml b/codebuild/spec/buildspec_ktls_keyupdate.yml
deleted file mode 100644
index 34bde0c0a70..00000000000
--- a/codebuild/spec/buildspec_ktls_keyupdate.yml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-
-version: 0.2
-# This is designed to work with CodeBuild's reserved instances fleet and
-# curated Ec2 AMI for Ubuntu25.
-#
-# Because the Ec2 reserved instance disks persist between runs,
-# we need to do periodic clean up; The `nix store gc` command runs on Sunday to 
-# prevent the disk from filling up.
-env:
-  shell: bash
-  variables:
-    NIX_CACHE_BUCKET: "s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2"
-    NIX_INSTALLER: "https://nixos.org/nix/install"
-    S2N_KTLS_TESTING_EXPECTED: 1
-    S2N_KTLS_KEYUPDATE_TESTING_EXPECTED: 1
-phases:
-  pre_build:
-    commands:
-      - if [[ $(date +%u) -eq 0 ]]; then nix store gc;fi
-      # Populate the store from the nix cache
-      - nix copy --from $NIX_CACHE_BUCKET --all  --no-check-sigs
-      # Load the TLS kernel module
-      - sudo modprobe tls
-      - echo "Checking that the TLS kernel mod loaded..."; test $(sudo lsmod|grep -c tls) = 1
-  build:
-    commands:
-      - nix develop .#awslc --command bash -c  'source ./nix/shell.sh && clean && configure && unit'
-      - S2N_CMAKE_OPTIONS="-DASAN=ON" nix develop .#awslc --command bash -c  'source ./nix/shell.sh && clean && configure && unit'
-
diff --git a/codebuild/spec/buildspec_mem.yml b/codebuild/spec/buildspec_mem.yml
deleted file mode 100644
index 4326cb89019..00000000000
--- a/codebuild/spec/buildspec_mem.yml
+++ /dev/null
@@ -1,46 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-env:
-  shell: bash
-  variables:
-    CTEST_OUTPUT_ON_FAILURE: 1
-    S2N_TEST_NAME: s2n_mem_usage_test
-
-phases:
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-        fi
-  build:
-    on-failure: ABORT
-    commands:
-      - export CTEST_PARALLEL_LEVEL=$(nproc)
-      # Test for expected memory
-      - |
-        cmake . -Bbuild \
-          -DCMAKE_PREFIX_PATH=/usr/local/$S2N_LIBCRYPTO
-      - cmake --build build -j $(nproc) --target $S2N_TEST_NAME
-      - echo ">>>> POSITIVE TEST - EXPECTED TO SUCCEED <<<<"
-      - make -C build test -- ARGS="-R $S2N_TEST_NAME"
-      # Test for unexpected memory to confirm failure possible
-      # Use an unrealistically high number
-      - cmake --build build -j $(nproc) --target $S2N_TEST_NAME
-      - echo ">>>> NEGATIVE TESTS - EXPECTED TO FAIL <<<<"
-      - |
-        ! S2N_EXPECTED_CONNECTION_MEMORY_KB=3 make -C build test -- ARGS="-R $S2N_TEST_NAME"
-        ! S2N_EXPECTED_CONNECTION_MEMORY_KB=500 make -C build test -- ARGS="-R $S2N_TEST_NAME"
diff --git a/codebuild/spec/buildspec_musl.yml b/codebuild/spec/buildspec_musl.yml
deleted file mode 100644
index f9220cf44ad..00000000000
--- a/codebuild/spec/buildspec_musl.yml
+++ /dev/null
@@ -1,46 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-env:
-  variables:
-    MUSL_DIR: "test-deps/musl"
-    LIBCRYPTO_DIR: "test-deps/musl-awslc"
-    
-phases:
-  pre_build:
-    on-failure: ABORT
-    commands:
-      # Install musl libc
-      - git clone --depth=1 https://git.musl-libc.org/git/musl $MUSL_DIR
-      - echo "Installing musl to $CODEBUILD_SRC_DIR/$MUSL_DIR"
-      - cd $MUSL_DIR
-      - ./configure --prefix=$CODEBUILD_SRC_DIR/$MUSL_DIR
-      - make install
-      - cd $CODEBUILD_SRC_DIR
-      # Install libcrypto.
-      # We need to modify the usual install so that the library can link to musl.
-      # If this becomes a problem, we can switch to more official cross compilation.
-      - CFLAGS="-U_FORTIFY_SOURCE -D_FILE_OFFSET_BITS=32"
-      - ./codebuild/bin/install_awslc.sh $(mktemp -d) $CODEBUILD_SRC_DIR/$LIBCRYPTO_DIR
-  build:
-    on-failure: ABORT
-    commands:
-      - CC="$CODEBUILD_SRC_DIR/$MUSL_DIR/bin/musl-gcc"
-      - cmake . -Bbuild -DCMAKE_PREFIX_PATH=$CODEBUILD_SRC_DIR/$LIBCRYPTO_DIR
-      - cmake --build ./build
-  post_build:
-    on-failure: ABORT
-    commands:
-      - CTEST_OUTPUT_ON_FAILURE=1 CTEST_PARALLEL_LEVEL=$(nproc) make -C build test
diff --git a/codebuild/spec/buildspec_s2n_tls_bench.yml b/codebuild/spec/buildspec_s2n_tls_bench.yml
deleted file mode 100644
index b7edaf41430..00000000000
--- a/codebuild/spec/buildspec_s2n_tls_bench.yml
+++ /dev/null
@@ -1,53 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-env:
-  shell: bash
-
-phases:
-  install:
-    commands:
-      # Install Rust dependencies
-      - ./codebuild/bin/install_ubuntu_dependencies.sh
-      - source $HOME/.cargo/env
-      - rustup toolchain install stable
-      - rustup override set stable
-      - cargo install cargo-criterion
-      
-      # Install Python dependencies
-      - sudo apt install -y python3.12-venv
-      - python3 -m venv .venv
-      - source .venv/bin/activate
-      - pip3 install "boto3[crt]"
-
-  pre_build:
-    commands:
-      - cd bindings/rust/extended
-      - ./generate.sh --skip-tests
-      - cd $CODEBUILD_SRC_DIR
-
-  build:
-    commands:
-      - cd bindings/rust/standard/benchmarks
-      - cargo criterion --message-format json > criterion_output.log
-      - cd $CODEBUILD_SRC_DIR
-
-  post_build:
-    commands:
-      - |
-        python3 .github/bin/criterion_to_cloudwatch.py \
-          --criterion_output_path bindings/rust/standard/benchmarks/criterion_output.log \
-          --namespace s2n-tls-bench \
-          --platform Linux-X64
diff --git a/codebuild/spec/buildspec_sanitizer.yml b/codebuild/spec/buildspec_sanitizer.yml
deleted file mode 100644
index 0be909263b9..00000000000
--- a/codebuild/spec/buildspec_sanitizer.yml
+++ /dev/null
@@ -1,150 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-# This buildspec runs on an Ubuntu22 image. That configuration is a property of
-# the codebuild job itself.
-
-# Codebuild's matrix jobs have non-differentiated names so use batch-list
-# instead.
-
-# Parameter motivation
-
-# COMPILERS
-# We run asan on both gcc and clang because of different features sets for their
-# address sanitizers. Specifically there was a case where GCC was able to detect
-# a memcpy-param-overlap that Clang did not.
-
-# LIBCRYPTOS
-# awslc: happy path libcrypto for s2n-tls
-# openssl 3: s2n-tls takes different code paths for ossl3, so make sure we run 
-#            asan on it. See pr 4033 for a historical motivating example.
-# openssl 1.1.1: a widely deployed version of openssl.
-# openssl 1.0.2: the default libcrypto on AL2, and AL2 is still widely deployed.
-
-# CMAKE_BUILD_TYPE
-# RelWithDebInfo: This instructs CMake to do all optimizations (Rel -> Release)
-# along with debug info (DebInfo). Debug info is necessary to get line numbers 
-# in the stack traces that ASAN reports.
-batch:
-  build-list:
-    - identifier: clang_awslc
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: awslc
-          COMPILER: clang
-    - identifier: clang_openssl_3_0
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: openssl-3.0
-          COMPILER: clang
-    - identifier: clang_openssl_3_fips
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: openssl-3.0-fips
-          COMPILER: clang
-    - identifier: clang_openssl_1_1_1
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: openssl-1.1.1
-          COMPILER: clang
-    - identifier: clang_openssl_1_0_2
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: openssl-1.0.2
-          COMPILER: clang
-    - identifier: gcc_awslc
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: awslc
-          COMPILER: gcc
-    - identifier: gcc_awslc_fips_2024
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: awslc-fips-2024
-          COMPILER: gcc
-    - identifier: gcc_awslc_fips_next
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: awslc-fips-next
-          COMPILER: gcc
-    - identifier: gcc_openssl_3_0
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: openssl-3.0
-          COMPILER: gcc
-    - identifier: gcc_openssl_3_fips
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: openssl-3.0-fips
-          COMPILER: gcc
-    - identifier: gcc_openssl_1_1_1
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: openssl-1.1.1
-          COMPILER: gcc
-    - identifier: gcc_openssl_1_0_2
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: openssl-1.0.2
-          COMPILER: gcc
-    - identifier: clang_openssl_1_0_2_fips
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: openssl-1.0.2-fips
-          COMPILER: clang
-    - identifier: gcc_openssl_1_0_2_fips
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        variables:
-          S2N_LIBCRYPTO: openssl-1.0.2-fips
-          COMPILER: gcc
-
-phases:
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-          ln -s /usr/local $CODEBUILD_SRC_DIR/third-party-src/test-deps;
-        fi
-      - /usr/bin/$COMPILER --version
-  build:
-    on-failure: ABORT
-    commands:
-      - |
-        cmake . -Bbuild \
-          -DCMAKE_C_COMPILER=/usr/bin/$COMPILER \
-          -DCMAKE_PREFIX_PATH=/usr/local/$S2N_LIBCRYPTO \
-          -DCMAKE_BUILD_TYPE=RelWithDebInfo \
-          -DASAN=ON \
-          -DUBSAN=ON
-      - cmake --build ./build -- -j $(nproc)
-  post_build:
-    on-failure: ABORT
-    commands:
-      - CTEST_OUTPUT_ON_FAILURE=1 CTEST_PARALLEL_LEVEL=$(nproc) make -C build test
diff --git a/codebuild/spec/buildspec_sidetrail.yml b/codebuild/spec/buildspec_sidetrail.yml
deleted file mode 100644
index 5e7176697fa..00000000000
--- a/codebuild/spec/buildspec_sidetrail.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-env:
-  variables:
-    # CODEBUILD_ is a reserved namespace.
-    CB_BIN_DIR: "./codebuild/bin"
-
-phases:
-  build:
-    commands:
-      - printenv
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src
-          $CB_BIN_DIR/run_sidetrail.sh /sidetrail-install-dir ${CODEBUILD_SRC_DIR}/third-party-src;
-        else
-         $CB_BIN_DIR/run_sidetrail.sh /sidetrail-install-dir ${CODEBUILD_SRC_DIR};
-        fi
-  post_build:
-    commands:
-      - echo Build completed on `date`
diff --git a/codebuild/spec/buildspec_timing.yml b/codebuild/spec/buildspec_timing.yml
deleted file mode 100644
index 71bf6669752..00000000000
--- a/codebuild/spec/buildspec_timing.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0
-version: 0.2
-env:
-  shell: bash
-  variables:
-    # This assumes you have a Rust toolchain installed
-    CARGO: "cargo +nightly"
-    OPENSSL_DIR: "/usr/local/openssl-3.0"
-    RUST_TOOLCHAIN: "1.72.0-x86_64-unknown-linux-gnu"
-phases:
-  install:
-    commands:
-      - echo "Installing Rust ..."
-      - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-      - . $HOME/.cargo/env
-      - rustup toolchain install $RUST_TOOLCHAIN
-  pre_build:
-    commands:
-      - |
-        cd bindings/rust/extended
-        ./generate.sh
-        cargo clean
-  build:
-    commands:
-      - cargo build --timings
-  post_build:
-    commands:
-      - cargo test --timings
-
-artifacts:
-  # upload timing reports
-  files:
-    - "**/*"
-  base-directory: bindings/rust/extended/target/cargo-timings
diff --git a/codebuild/spec/buildspec_tsan.yml b/codebuild/spec/buildspec_tsan.yml
deleted file mode 100644
index 460d9cbc4c0..00000000000
--- a/codebuild/spec/buildspec_tsan.yml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-phases:
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-        fi
-  build:
-    on-failure: ABORT
-    commands:
-      - cmake . -Bbuild -DTSAN=on
-      - cmake --build ./build -j $(nproc)
-  post_build:
-    on-failure: ABORT
-    commands:
-      - CTEST_OUTPUT_ON_FAILURE=1 CTEST_PARALLEL_LEVEL=$(nproc) make -C build test
diff --git a/codebuild/spec/buildspec_ubuntu.yml b/codebuild/spec/buildspec_ubuntu.yml
deleted file mode 100644
index 956de1a3693..00000000000
--- a/codebuild/spec/buildspec_ubuntu.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-env:
-  variables:
-    # CODEBUILD_ is a reserved namespace.
-    CB_BIN_DIR: "./codebuild/bin"
-
-phases:
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-          ln -s /usr/local $CODEBUILD_SRC_DIR/third-party-src/test-deps;
-        fi
-  build:
-    commands:
-      - printenv
-      - ln -s /usr/local $CODEBUILD_SRC_DIR/test-deps
-      - $CB_BIN_DIR/s2n_codebuild.sh
diff --git a/codebuild/spec/buildspec_ubuntu_cmake.yml b/codebuild/spec/buildspec_ubuntu_cmake.yml
deleted file mode 100644
index 0ce71aa558e..00000000000
--- a/codebuild/spec/buildspec_ubuntu_cmake.yml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-phases:
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-        fi
-  build:
-    on-failure: ABORT
-    commands:
-      - |
-        cmake . -Bbuild \
-          -DCMAKE_C_COMPILER=/usr/bin/$COMPILER \
-          -DCMAKE_PREFIX_PATH=/usr/local/$S2N_LIBCRYPTO \
-          -DCMAKE_BUILD_TYPE=RelWithDebInfo
-      - cmake --build ./build -- -j $(nproc)
-  post_build:
-    on-failure: ABORT
-    commands:
-      - CTEST_OUTPUT_ON_FAILURE=1 CTEST_PARALLEL_LEVEL=$(nproc) make -C build test
diff --git a/codebuild/spec/buildspec_ubuntu_integrationv2.yml b/codebuild/spec/buildspec_ubuntu_integrationv2.yml
deleted file mode 100644
index a88528f7015..00000000000
--- a/codebuild/spec/buildspec_ubuntu_integrationv2.yml
+++ /dev/null
@@ -1,68 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-# This codebuild job just runs the integration test which aren't already
-# running under nix.
-batch:
-  build-matrix:
-    static:
-      env:
-        privileged-mode: true
-    dynamic:
-      env:
-        compute-type:
-          - BUILD_GENERAL1_XLARGE
-        image:
-          - 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu18codebuild
-        variables:
-          S2N_BUILD_PRESET:
-            - openssl-1.0.2
-            - openssl-1.0.2-fips
-            - openssl-3.0-fips
-          # Group 1 and Group 2 (test_happy_path and test_buffered_send) each take approximately 1300 seconds to run.
-          # Group 3 is kept under 1000 seconds (bottlenecked by the slowest testcase which is 1300)
-          # Group 4 contains the remaining faster test cases.
-          INTEGV2_TEST:
-            - "test_happy_path"
-            - "test_buffered_send"
-            - "test_signature_algorithms test_session_resumption test_early_data test_external_psk"
-            - "test_version_negotiation test_ocsp test_renegotiate test_serialization test_record_padding
-               test_npn test_cross_compatibility test_renegotiate_apache test_hello_retry_requests
-               test_sni_match test_fragmentation test_key_update
-               test_client_authentication test_sslyze test_sslv2_client_hello"
-
-env:
-  variables:
-    # CODEBUILD_ is a reserved namespace.
-    CB_BIN_DIR: "./codebuild/bin"
-
-phases:
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-          ln -s /usr/local $CODEBUILD_SRC_DIR/third-party-src/test-deps;
-        fi
-  build:
-    commands:
-      # e.g. awslc-fips-2022_gcc6
-      - echo "CI Configuration - s2n build preset is $S2N_BUILD_PRESET"
-      # e.g. "test_cross_compatibility test_client_authentication"
-      - echo "CI Configuration - the integ tests are $INTEGV2_TEST"
-      # For jdk integration test
-      - javac tests/integrationv2/bin/SSLSocketClient.java
-      - ln -s /usr/local $CODEBUILD_SRC_DIR/test-deps
-      - TOX_TEST_NAME=$INTEGV2_TEST TESTS=integrationv2 $CB_BIN_DIR/s2n_codebuild.sh
diff --git a/codebuild/spec/buildspec_unit_coverage.yml b/codebuild/spec/buildspec_unit_coverage.yml
deleted file mode 100644
index 633e491abf0..00000000000
--- a/codebuild/spec/buildspec_unit_coverage.yml
+++ /dev/null
@@ -1,45 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-env:
-  variables:
-    # CODEBUILD_ is a reserved namespace.
-    CB_BIN_DIR: "./codebuild/bin"
-    CC: "/usr/bin/clang"
-    CXX: "/usr/bin/clang++"
-
-phases:
-  build:
-    on-failure: ABORT
-    commands:
-    # LLVM complains about corrupt coverage information
-    # for static targets, so compile to a shared lib
-    # instead.
-      - |
-        cmake . -Bbuild \
-          -DCOVERAGE=ON \
-          -DCMAKE_PREFIX_PATH=$LIBCRYPTO_ROOT \
-          -DBUILD_SHARED_LIBS=ON
-      - cmake --build ./build -- -j $(nproc)
-  post_build:
-    on-failure: ABORT
-    commands:
-      - LLVM_PROFILE_FILE="ut_%8m.profraw" CTEST_PARALLEL_LEVEL=$(nproc) cmake --build ./build --target test ARGS="--output-on-failure -L unit"
-      - $CB_BIN_DIR/coverage_report.sh
-artifacts:
-  # upload all files in the coverage_report directory
-  files:
-    - '**/*'
-  base-directory: coverage_report
diff --git a/codebuild/spec/buildspec_unit_nix.yml b/codebuild/spec/buildspec_unit_nix.yml
deleted file mode 100644
index 8f1c479f6cc..00000000000
--- a/codebuild/spec/buildspec_unit_nix.yml
+++ /dev/null
@@ -1,181 +0,0 @@
-#
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-# SPDX-License-Identifier: Apache-2.0
-#
----
-version: 0.2
-env:
-  shell: bash
-  variables:
-    NIXDEV_ARGS: --max-jobs auto
-    S2N_NO_HEADBUILD: "1"
-
-batch:
-  build-graph:
-    # Cache job for x86
-    - identifier: nixCache_x86_64
-      comment: identifiers can not contain dashes
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: public.ecr.aws/l1b2r3y5/nix-aws-codebuild:latest
-        variables:
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # Cache job for aarch64
-    - identifier: nixCache_aarch64
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: public.ecr.aws/l1b2r3y5/nix-aws-codebuild-aarch64:next
-        type: ARM_CONTAINER
-        variables:
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # Openssl30 x86
-    - identifier: UnitOpenssl30_x86_64
-      depend-on:
-        - nixCache_x86_64
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: public.ecr.aws/l1b2r3y5/nix-aws-codebuild:latest
-        privileged-mode: true
-        variables:
-          NIXDEV_LIBCRYPTO: .#default
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # Openssl30 aarch64
-    - identifier: UnitOpenssl30_aarch64
-      depend-on:
-        - nixCache_aarch64
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: public.ecr.aws/l1b2r3y5/nix-aws-codebuild-aarch64:next
-        privileged-mode: true
-        type: ARM_CONTAINER
-        variables:
-          NIXDEV_LIBCRYPTO: .#default
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # Openssl111 aarch64
-    - identifier: UnitOpenssl111_aarch64
-      depend-on:
-        - nixCache_aarch64
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: public.ecr.aws/l1b2r3y5/nix-aws-codebuild-aarch64:next
-        privileged-mode: true
-        type: ARM_CONTAINER
-        variables:
-          NIXDEV_LIBCRYPTO: .#openssl111
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # Openssl102 aarch64
-    - identifier: UnitOpenssl102_aarch64
-      depend-on:
-        - nixCache_aarch64
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: public.ecr.aws/l1b2r3y5/nix-aws-codebuild-aarch64:next
-        privileged-mode: true
-        type: ARM_CONTAINER
-        variables:
-          NIXDEV_LIBCRYPTO: .#openssl102
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # libressl x86
-    - identifier: UnitLibressl_x86_64
-      depend-on:
-        - nixCache_x86_64
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: public.ecr.aws/l1b2r3y5/nix-aws-codebuild:latest
-        privileged-mode: true
-        variables:
-          NIXDEV_LIBCRYPTO: .#libressl
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # awslc x86
-    - identifier: UnitAwslc_x86_64
-      depend-on:
-        - nixCache_x86_64
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: public.ecr.aws/l1b2r3y5/nix-aws-codebuild:latest
-        privileged-mode: true
-        variables:
-          NIXDEV_LIBCRYPTO: .#awslc
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2
-
-    # awslc aarch64
-    - identifier: UnitAwslc_aarch64
-      depend-on:
-        - nixCache_aarch64
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: public.ecr.aws/l1b2r3y5/nix-aws-codebuild-aarch64:next
-        privileged-mode: true
-        type: ARM_CONTAINER
-        variables:
-          NIXDEV_LIBCRYPTO: .#awslc
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # awslcfips 2022 aarch64
-    - identifier: UnitAwslcFips2022_aarch64
-      depend-on:
-        - nixCache_aarch64
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: public.ecr.aws/l1b2r3y5/nix-aws-codebuild-aarch64:next
-        privileged-mode: true
-        type: ARM_CONTAINER
-        variables:
-          NIXDEV_LIBCRYPTO: .#awslcfips2022
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-    # awslcfips 2024 aarch64
-    - identifier: UnitAwslcFips2024_aarch64
-      depend-on:
-        - nixCache_aarch64
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: public.ecr.aws/l1b2r3y5/nix-aws-codebuild-aarch64:next
-        privileged-mode: true
-        type: ARM_CONTAINER
-        variables:
-          NIXDEV_LIBCRYPTO: .#awslcfips2024
-          NIX_CACHE_BUCKET: s3://s2n-tls-nixcachebucket-aarch64?region=us-west-2
-
-phases:
-  install:
-    commands:
-      - |
-        if [[ "$CODEBUILD_BATCH_BUILD_IDENTIFIER" =~ .*"nixCache".* ]]; then
-          echo "Refreshing nix cache..."
-          nix copy --from $NIX_CACHE_BUCKET --all --no-check-sigs
-          nix build $NIXDEV_ARGS .#devShell
-          nix copy --to $NIX_CACHE_BUCKET .#devShell;
-        else
-          echo "Downloading cache"
-          nix copy --from $NIX_CACHE_BUCKET --all --no-check-sigs
-        fi
-  pre_build:
-    commands:
-      - |
-        set -e
-        if [[ ! $CODEBUILD_BATCH_BUILD_IDENTIFIER =~ .*"nixCache".* ]]; then
-          nix copy --from  $NIX_CACHE_BUCKET --all  --no-check-sigs
-          nix develop $NIXDEV_ARGS $NIXDEV_LIBCRYPTO --command bash -c "source ./nix/shell.sh; configure";
-        fi
-  build:
-    commands:
-      - |
-        set -e
-        if [[ ! $CODEBUILD_BATCH_BUILD_IDENTIFIER =~ .*"nixCache".* ]]; then
-          nix develop $NIXDEV_ARGS $NIXDEV_LIBCRYPTO --command bash -c "source ./nix/shell.sh; build";
-        fi
-  post_build:
-    commands:
-      - |
-        set -e
-        if [[ ! $CODEBUILD_BATCH_BUILD_IDENTIFIER =~ .*"nixCache".* ]]; then
-          nix develop $NIXDEV_ARGS $NIXDEV_LIBCRYPTO --command bash -c "source ./nix/shell.sh; unit"
-        fi
diff --git a/codebuild/spec/buildspec_valgrind.yml b/codebuild/spec/buildspec_valgrind.yml
deleted file mode 100644
index 5f1ba1d62ac..00000000000
--- a/codebuild/spec/buildspec_valgrind.yml
+++ /dev/null
@@ -1,95 +0,0 @@
----
-# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You may not use
-# this file except in compliance with the License. A copy of the License is
-# located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied. See the License for the specific language governing permissions and
-# limitations under the License.
-version: 0.2
-
-batch:
-  build-list:
-    - identifier: gcc_awslc
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24
-        variables:
-          S2N_LIBCRYPTO: awslc
-          COMPILER: gcc
-    - identifier: gcc_awslc_fips
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24
-        variables:
-          S2N_LIBCRYPTO: awslc-fips-2022
-          COMPILER: gcc
-    - identifier: gcc_openssl_3_0
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        variables:
-          S2N_LIBCRYPTO: openssl-3.0
-          COMPILER: gcc
-    - identifier: gcc_openssl_3_fips
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        variables:
-          S2N_LIBCRYPTO: openssl-3.0-fips
-          COMPILER: gcc
-    - identifier: gcc_openssl_1_1_1
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu24
-        variables:
-          S2N_LIBCRYPTO: openssl-1.1.1
-          COMPILER: gcc
-    - identifier: gcc_openssl_1_0_2
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        variables:
-          S2N_LIBCRYPTO: openssl-1.0.2
-          COMPILER: gcc
-    - identifier: gcc_openssl_1_0_2_fips
-      env:
-        compute-type: BUILD_GENERAL1_XLARGE
-        image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-        variables:
-          S2N_LIBCRYPTO: openssl-1.0.2-fips
-          COMPILER: gcc
-
-phases:
-  pre_build:
-    commands:
-      - |
-        if [ -d "third-party-src" ]; then
-          cd third-party-src;
-        fi
-      - /usr/bin/$COMPILER --version
-  build:
-    on-failure: ABORT
-    commands:
-      - |
-        cmake . -Bbuild \
-          -DCMAKE_C_COMPILER=/usr/bin/$COMPILER \
-          -DCMAKE_PREFIX_PATH=/usr/local/$S2N_LIBCRYPTO \
-          -DCMAKE_BUILD_TYPE=RelWithDebInfo
-      - cmake --build ./build -- -j $(nproc)
-  post_build:
-    on-failure: ABORT
-    commands:
-      - |
-        S2N_VALGRIND=1 \
-        CTEST_PARALLEL_LEVEL=$(nproc) \
-        CTEST_OUTPUT_ON_FAILURE=1 \
-        cmake --build build/ --target test \
-          -- ARGS="--test-action memcheck"
-      - cd codebuild/bin
-      - python3 s2n_open_fds_test.py $CODEBUILD_SRC_DIR/build/Testing/Temporary
diff --git a/crypto/s2n_certificate.c b/crypto/s2n_certificate.c
index b10375f0b5c..311cba71903 100644
--- a/crypto/s2n_certificate.c
+++ b/crypto/s2n_certificate.c
@@ -22,7 +22,9 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <string.h>
+#if !defined(_MSC_VER)
 #include <strings.h>
+#endif
 
 #include "api/s2n.h"
 #include "crypto/s2n_openssl_x509.h"
diff --git a/crypto/s2n_dhe.c b/crypto/s2n_dhe.c
index af365f8510f..1395e8e5bb6 100644
--- a/crypto/s2n_dhe.c
+++ b/crypto/s2n_dhe.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/crypto/s2n_hkdf.c b/crypto/s2n_hkdf.c
index b70a9826b57..d96a129897a 100644
--- a/crypto/s2n_hkdf.c
+++ b/crypto/s2n_hkdf.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/crypto/s2n_locking.c b/crypto/s2n_locking.c
index 3f48b4dc376..1130cdfc093 100644
--- a/crypto/s2n_locking.c
+++ b/crypto/s2n_locking.c
@@ -16,7 +16,9 @@
 #include "crypto/s2n_locking.h"
 
 #include <openssl/crypto.h>
+#if !defined(_MSC_VER)
 #include <pthread.h>
+#endif
 
 #include "crypto/s2n_openssl.h"
 #include "utils/s2n_mem.h"
diff --git a/crypto/s2n_openssl_x509.c b/crypto/s2n_openssl_x509.c
index caf5205ec1c..3e4ba1edd3f 100644
--- a/crypto/s2n_openssl_x509.c
+++ b/crypto/s2n_openssl_x509.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/crypto/s2n_pkey_evp.c b/crypto/s2n_pkey_evp.c
index 7775f87659b..9f865d30b65 100644
--- a/crypto/s2n_pkey_evp.c
+++ b/crypto/s2n_pkey_evp.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/error/s2n_errno.c b/error/s2n_errno.c
index a442e7b4b61..0dfc6b04dca 100644
--- a/error/s2n_errno.c
+++ b/error/s2n_errno.c
@@ -19,7 +19,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#if !defined(_MSC_VER)
 #include <strings.h>
+#endif
 
 #include "api/s2n.h"
 #include "utils/s2n_map.h"
diff --git a/fix_defer_cleanup.py b/fix_defer_cleanup.py
new file mode 100644
index 00000000000..00a6c613757
--- /dev/null
+++ b/fix_defer_cleanup.py
@@ -0,0 +1,139 @@
+import os
+import shutil
+import re
+
+def process_content(path, content):
+    if "s2n_cert_authorities.c" in path:
+        content = content.replace('#if S2N_LIBCRYPTO_SUPPORTS_X509_STORE_LIST\n    DEFER_CLEANUP', '#if S2N_LIBCRYPTO_SUPPORTS_X509_STORE_LIST\n{\n    DEFER_CLEANUP')
+        content = content.replace('return S2N_RESULT_OK;\n#else', 'return S2N_RESULT_OK;\n}\n#else')
+
+    # Remove #else for EVP_APIS_SUPPORTED since MSVC build is OpenSSL 3.0
+    if "s2n_ecc_evp.c" in path:
+        lines = content.split('\n')
+        out_lines = []
+        in_evp = False
+        in_else_evp = False
+        for line in lines:
+            if line.startswith("#if EVP_APIS_SUPPORTED"):
+                in_evp = True
+                out_lines.append(line)
+            elif line.startswith("#else") and in_evp:
+                in_else_evp = True
+            elif line.startswith("#endif") and in_evp:
+                in_else_evp = False
+                in_evp = False
+                out_lines.append(line)
+            else:
+                if not in_else_evp:
+                    out_lines.append(line)
+        content = '\n'.join(out_lines)
+
+    while True:
+        match = re.search(r'DEFER_CLEANUP\s*\(', content)
+        if not match:
+            break
+        
+        start_idx = match.start()
+        
+        p_count = 0
+        arg_start = match.end()
+        end_idx = -1
+        for i in range(arg_start, len(content)):
+            if content[i] == '(':
+                p_count += 1
+            elif content[i] == ')':
+                if p_count == 0:
+                    end_idx = i
+                    break
+                p_count -= 1
+                
+        if end_idx == -1:
+            break
+            
+        args_str = content[arg_start:end_idx]
+        
+        last_comma = args_str.rfind(',')
+        if last_comma == -1:
+            break
+            
+        arg1 = args_str[:last_comma].strip()
+        arg2 = args_str[last_comma+1:].strip()
+        
+        var_decl_part = arg1.split('=')[0].strip()
+        var_name_match = re.search(r'([a-zA-Z_][a-zA-Z0-9_]*)\s*$', var_decl_part.replace('*', ' '))
+        if not var_name_match:
+            break
+        var_name = var_name_match.group(1)
+        
+        semi_idx = content.find(';', end_idx)
+        if semi_idx == -1:
+            break
+            
+        b_count = 0
+        block_end_idx = -1
+        for i in range(semi_idx + 1, len(content)):
+            if content[i] == '{':
+                b_count += 1
+            elif content[i] == '}':
+                if b_count == 0:
+                    block_end_idx = i
+                    break
+                b_count -= 1
+                
+        if block_end_idx == -1:
+            break
+            
+        new_content = content[:start_idx] + arg1 + ";\n__try {" + content[semi_idx+1:block_end_idx] + f"}} __finally {{ {arg2}(&{var_name}); }}\n" + content[block_end_idx:]
+        content = new_content
+        
+    return content
+
+def main():
+    src_dirs = ["crypto", "error", "stuffer", "tls", "utils", "bin", "tests"]
+    out_base = "../auto-win-msvc/rewritten_src"
+    
+    if not os.path.exists(out_base):
+        os.makedirs(out_base)
+
+    for src_dir in src_dirs:
+        if not os.path.exists(src_dir):
+            continue
+        out_dir = os.path.join(out_base, src_dir)
+        if os.path.exists(out_dir):
+            shutil.rmtree(out_dir)
+        shutil.copytree(src_dir, out_dir)
+        
+        for root, dirs, files in os.walk(out_dir):
+            for file in files:
+                if file.endswith(".c") or file.endswith(".h"):
+                    path = os.path.join(root, file)
+                    with open(path, "r", encoding="utf-8") as f:
+                        content = f.read()
+                    
+                    # Pre-process content, whether it has DEFER_CLEANUP or not, to fix braces
+                    new_content = process_content(path, content)
+                    if new_content != content:
+                        with open(path, "w", encoding="utf-8") as f:
+                            f.write(new_content)
+
+    with open("CMakeLists.txt", "r", encoding="utf-8") as f:
+        cmake_content = f.read()
+        
+    for src_dir in src_dirs:
+        cmake_content = re.sub(
+            fr'(?<!rewritten_src/)"{src_dir}/([^"]+)"', 
+            fr'"${{CMAKE_CURRENT_LIST_DIR}}/../auto-win-msvc/rewritten_src/{src_dir}/\1"', 
+            cmake_content
+        )
+        
+    if "../auto-win-msvc/rewritten_src" not in cmake_content:
+        cmake_content = cmake_content.replace(
+            'target_include_directories(${PROJECT_NAME} PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>)',
+            'target_include_directories(${PROJECT_NAME} PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../auto-win-msvc/rewritten_src> $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>)'
+        )
+
+    with open("CMakeLists.txt", "w", encoding="utf-8") as f:
+        f.write(cmake_content)
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/libcrypto-build/README.md b/libcrypto-build/README.md
deleted file mode 100644
index 554873b1612..00000000000
--- a/libcrypto-build/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-This directory is used to store build artifacts (tarballs and source) for a locally
-built copy of libcrypto, either from OpenSSL, LibreSSL or BoringSSL.
-
-See the s2n [Build Guide](../docs/BUILD.md#building-with-a-specific-libcrypto) for more details.
diff --git a/stuffer/s2n_stuffer.c b/stuffer/s2n_stuffer.c
index f4ac02bbb8d..0cf0fdf60cf 100644
--- a/stuffer/s2n_stuffer.c
+++ b/stuffer/s2n_stuffer.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/stuffer/s2n_stuffer.h b/stuffer/s2n_stuffer.h
index ffc2de12b7b..b03888e3fee 100644
--- a/stuffer/s2n_stuffer.h
+++ b/stuffer/s2n_stuffer.h
@@ -19,8 +19,10 @@
 #include <stdarg.h>
 #include <stdint.h>
 #include <stdlib.h>
-#ifndef _WIN32
-    #include <sys/uio.h>
+#if defined(_MSC_VER) || defined(__MINGW32__)
+#include <win_shim/win_shim.h>
+#else
+#include <sys/uio.h>
 #endif
 
 #include "utils/s2n_blob.h"
diff --git a/stuffer/s2n_stuffer_file.c b/stuffer/s2n_stuffer_file.c
index 48e84f7359a..90853110168 100644
--- a/stuffer/s2n_stuffer_file.c
+++ b/stuffer/s2n_stuffer_file.c
@@ -15,7 +15,18 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#if defined(_MSC_VER) || defined(__MINGW32__)
+#include <win_shim/win_shim.h>
+#else
 #include <unistd.h>
+#endif
+
+
+#if defined(_MSC_VER)
+#include <io.h>
+#define read _read
+#define write _write
+#endif
 
 #include "error/s2n_errno.h"
 #include "stuffer/s2n_stuffer.h"
diff --git a/tests/cbmc/proofs/s2n_array_insert/s2n_array_insert_harness.c b/tests/cbmc/proofs/s2n_array_insert/s2n_array_insert_harness.c
index 3bd23bddd6d..d44f2639080 100644
--- a/tests/cbmc/proofs/s2n_array_insert/s2n_array_insert_harness.c
+++ b/tests/cbmc/proofs/s2n_array_insert/s2n_array_insert_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_hash_digest_size/s2n_hash_digest_size_harness.c b/tests/cbmc/proofs/s2n_hash_digest_size/s2n_hash_digest_size_harness.c
index d29c3150e54..ab953f6f4c9 100644
--- a/tests/cbmc/proofs/s2n_hash_digest_size/s2n_hash_digest_size_harness.c
+++ b/tests/cbmc/proofs/s2n_hash_digest_size/s2n_hash_digest_size_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_raw_write/s2n_stuffer_raw_write_harness.c b/tests/cbmc/proofs/s2n_stuffer_raw_write/s2n_stuffer_raw_write_harness.c
index ebf1369c0ee..04273386fc1 100644
--- a/tests/cbmc/proofs/s2n_stuffer_raw_write/s2n_stuffer_raw_write_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_raw_write/s2n_stuffer_raw_write_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_reserve/s2n_stuffer_reserve_harness.c b/tests/cbmc/proofs/s2n_stuffer_reserve/s2n_stuffer_reserve_harness.c
index 8e7046f0023..f7035818618 100644
--- a/tests/cbmc/proofs/s2n_stuffer_reserve/s2n_stuffer_reserve_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_reserve/s2n_stuffer_reserve_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_reserve_space/s2n_stuffer_reserve_space_harness.c b/tests/cbmc/proofs/s2n_stuffer_reserve_space/s2n_stuffer_reserve_space_harness.c
index 128de7d5354..814761ae4ed 100644
--- a/tests/cbmc/proofs/s2n_stuffer_reserve_space/s2n_stuffer_reserve_space_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_reserve_space/s2n_stuffer_reserve_space_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_reserve_uint16/s2n_stuffer_reserve_uint16_harness.c b/tests/cbmc/proofs/s2n_stuffer_reserve_uint16/s2n_stuffer_reserve_uint16_harness.c
index f4473ab6eef..0deb4498511 100644
--- a/tests/cbmc/proofs/s2n_stuffer_reserve_uint16/s2n_stuffer_reserve_uint16_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_reserve_uint16/s2n_stuffer_reserve_uint16_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_reserve_uint24/s2n_stuffer_reserve_uint24_harness.c b/tests/cbmc/proofs/s2n_stuffer_reserve_uint24/s2n_stuffer_reserve_uint24_harness.c
index 5538dda5aaf..7a658ee69b0 100644
--- a/tests/cbmc/proofs/s2n_stuffer_reserve_uint24/s2n_stuffer_reserve_uint24_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_reserve_uint24/s2n_stuffer_reserve_uint24_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_skip_write/s2n_stuffer_skip_write_harness.c b/tests/cbmc/proofs/s2n_stuffer_skip_write/s2n_stuffer_skip_write_harness.c
index 3c9f732144e..953437270a5 100644
--- a/tests/cbmc/proofs/s2n_stuffer_skip_write/s2n_stuffer_skip_write_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_skip_write/s2n_stuffer_skip_write_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_wipe_n/s2n_stuffer_wipe_n_harness.c b/tests/cbmc/proofs/s2n_stuffer_wipe_n/s2n_stuffer_wipe_n_harness.c
index ebca6bf697f..7b9e442bec5 100644
--- a/tests/cbmc/proofs/s2n_stuffer_wipe_n/s2n_stuffer_wipe_n_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_wipe_n/s2n_stuffer_wipe_n_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_write/s2n_stuffer_write_harness.c b/tests/cbmc/proofs/s2n_stuffer_write/s2n_stuffer_write_harness.c
index e64daf162c0..740996a1c8d 100644
--- a/tests/cbmc/proofs/s2n_stuffer_write/s2n_stuffer_write_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_write/s2n_stuffer_write_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_write_bytes/s2n_stuffer_write_bytes_harness.c b/tests/cbmc/proofs/s2n_stuffer_write_bytes/s2n_stuffer_write_bytes_harness.c
index d2671bbaf71..9c009cdd31b 100644
--- a/tests/cbmc/proofs/s2n_stuffer_write_bytes/s2n_stuffer_write_bytes_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_write_bytes/s2n_stuffer_write_bytes_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_write_hex/s2n_stuffer_write_hex_harness.c b/tests/cbmc/proofs/s2n_stuffer_write_hex/s2n_stuffer_write_hex_harness.c
index 5c364427b1b..f683442fcb3 100644
--- a/tests/cbmc/proofs/s2n_stuffer_write_hex/s2n_stuffer_write_hex_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_write_hex/s2n_stuffer_write_hex_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_write_uint16_hex/s2n_stuffer_write_uint16_hex_harness.c b/tests/cbmc/proofs/s2n_stuffer_write_uint16_hex/s2n_stuffer_write_uint16_hex_harness.c
index d95c7681bb9..11c759ddadf 100644
--- a/tests/cbmc/proofs/s2n_stuffer_write_uint16_hex/s2n_stuffer_write_uint16_hex_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_write_uint16_hex/s2n_stuffer_write_uint16_hex_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/cbmc/proofs/s2n_stuffer_write_uint8_hex/s2n_stuffer_write_uint8_hex_harness.c b/tests/cbmc/proofs/s2n_stuffer_write_uint8_hex/s2n_stuffer_write_uint8_hex_harness.c
index 7c398714ca3..1eed5becbb6 100644
--- a/tests/cbmc/proofs/s2n_stuffer_write_uint8_hex/s2n_stuffer_write_uint8_hex_harness.c
+++ b/tests/cbmc/proofs/s2n_stuffer_write_uint8_hex/s2n_stuffer_write_uint8_hex_harness.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/fuzz/corpus/s2n_stuffer_pem_fuzz_test/265b600e8ad749d27ba841994c25a73c8b12d33e b/tests/fuzz/corpus/s2n_stuffer_pem_fuzz_test/265b600e8ad749d27ba841994c25a73c8b12d33e
index fa5be6d929c..ac7b02f658b 100644
--- a/tests/fuzz/corpus/s2n_stuffer_pem_fuzz_test/265b600e8ad749d27ba841994c25a73c8b12d33e
+++ b/tests/fuzz/corpus/s2n_stuffer_pem_fuzz_test/265b600e8ad749d27ba841994c25a73c8b12d33e
@@ -1 +1 @@
------------------------------------------------------------------
+-----------------------------------------------------------------
diff --git a/tests/fuzz/corpus/s2n_stuffer_pem_fuzz_test/8c306ddd7ba5001e3000c76750badae346ec258e b/tests/fuzz/corpus/s2n_stuffer_pem_fuzz_test/8c306ddd7ba5001e3000c76750badae346ec258e
index 67a58142a34..68f165c5b86 100644
--- a/tests/fuzz/corpus/s2n_stuffer_pem_fuzz_test/8c306ddd7ba5001e3000c76750badae346ec258e
+++ b/tests/fuzz/corpus/s2n_stuffer_pem_fuzz_test/8c306ddd7ba5001e3000c76750badae346ec258e
@@ -1,2 +1,2 @@
-----------------------------------------------------------------BEGIN CERTIFICATE-----------
-
+----------------------------------------------------------------BEGIN CERTIFICATE-----------
+
diff --git a/tests/fuzz/s2n_cert_req_recv_test.c b/tests/fuzz/s2n_cert_req_recv_test.c
index a4fd27598bb..06faafb52be 100644
--- a/tests/fuzz/s2n_cert_req_recv_test.c
+++ b/tests/fuzz/s2n_cert_req_recv_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/fuzz/s2n_certificate_extensions_parse_test.c b/tests/fuzz/s2n_certificate_extensions_parse_test.c
index c6a8401666b..adc9f990d2c 100644
--- a/tests/fuzz/s2n_certificate_extensions_parse_test.c
+++ b/tests/fuzz/s2n_certificate_extensions_parse_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/fuzz/s2n_client_key_recv_fuzz_test.c b/tests/fuzz/s2n_client_key_recv_fuzz_test.c
index 3176a6a1429..767512e9ba5 100644
--- a/tests/fuzz/s2n_client_key_recv_fuzz_test.c
+++ b/tests/fuzz/s2n_client_key_recv_fuzz_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/fuzz/s2n_select_server_cert_test.c b/tests/fuzz/s2n_select_server_cert_test.c
index 5287201f894..208262c0e5e 100644
--- a/tests/fuzz/s2n_select_server_cert_test.c
+++ b/tests/fuzz/s2n_select_server_cert_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/fuzz/s2n_tls13_cert_req_recv_test.c b/tests/fuzz/s2n_tls13_cert_req_recv_test.c
index dec288ee1d7..b314911efb1 100644
--- a/tests/fuzz/s2n_tls13_cert_req_recv_test.c
+++ b/tests/fuzz/s2n_tls13_cert_req_recv_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/fuzz/s2n_tls13_cert_verify_recv_test.c b/tests/fuzz/s2n_tls13_cert_verify_recv_test.c
index 8231ebd0be5..34f2c5601c8 100644
--- a/tests/fuzz/s2n_tls13_cert_verify_recv_test.c
+++ b/tests/fuzz/s2n_tls13_cert_verify_recv_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/pems/rsa_2048_pkcs1_cert_crlf.pem b/tests/pems/rsa_2048_pkcs1_cert_crlf.pem
index 700c71208a7..60e940e7748 100644
--- a/tests/pems/rsa_2048_pkcs1_cert_crlf.pem
+++ b/tests/pems/rsa_2048_pkcs1_cert_crlf.pem
@@ -1,56 +1,56 @@
------BEGIN CERTIFICATE-----
-MIICrTCCAZUCAn3VMA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNVBAMME3MyblRlc3RJ
-bnRlcm1lZGlhdGUwIBcNMTYwMzMwMTg1NzQzWhgPMjExNjAzMDYxODU3NDNaMBgx
-FjAUBgNVBAMMDXMyblRlc3RTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDRw6AuYXAeRT0YuptCfJjRB/EDJyyGXnv+8TV2H1WJWhMLk8qND27r
-79A6EjbVmJaOV9qrokVqpDmXS712Z3BDprJ+1LFMymm3A+AFuK/skeGy0skik+Tg
-MmFT5XBVvmsw4uB1S9uUqktHauXgjhFPPsfvk4ewL4LulVEN2TEeI1Odj4CaMxAO
-Iuowm8wI2OHVzRHlrRmyJ9hYGuHHQ2TaTGIjr3WpAFuXi9pHGGMYa0uXAVPmgjdE
-XZ8t46u/ZKQ9W1uJkZEVKhcijT7G2VBrsBUq0CDiL+TDaGfthnBzUc9zt4fx/S/3
-qulC2WbKI3xrasQyjrsHTAJ75Md3rK09AgMBAAEwDQYJKoZIhvcNAQEFBQADggEB
-AHHkXNA9BtgAebZC2zriW4hRfeIkJMOwvfKBXHTuY5iCLD1otis6AZljcCKXM6O9
-489eHBC4T6mJwVsXhH+/ccEKqNRD2bUfQgOij32PsteV1eOHfHIFqdJmnBVb8tYa
-jxUvy7UQvXrPqaHbODrHe+7f7r1YCzerujiP5SSHphY3GQq88KemfFczp/4GnYas
-sE50OYe7DQcB4zvnxmAXp51JIN4ooktUU9oKIM5y2cgEWdmJzeqPANYxf0ZIPlTg
-ETknKw1Dzf8wlK5mFbbG4LPQh1mkDVcwQV3ogG6kGMRa7neH+6SFkNpAKuPCoje4
-NAE+WQ5ve1wk7nIRTQwDAF4=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDKTCCAhGgAwIBAgICVxYwDQYJKoZIhvcNAQEFBQAwFjEUMBIGA1UEAwwLczJu
-VGVzdFJvb3QwIBcNMTYwMzMwMTg1NzA5WhgPMjExNjAzMDYxODU3MDlaMB4xHDAa
-BgNVBAMME3MyblRlc3RJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDM/i3eclxYcvedPCEnVe6A/HYsYPeP1qKBZQhbpuuX061jFZKw
-lecb0eau1PORLbcsYK40u3xUzoA5u6Q0ebDuqPbqSJkCazsh66cu9STl8ubbk7oI
-8LJjUJFhhy2Jmm9krXhPyRscU+CXOCZ2G1GhBqTI8cgMYhEVHwb3qy1EHg6G3n4W
-AjV+cKQcbUytq8DRmVe0bNJxDOX8ivzfAp3lUIwub+JfpxrWIUhb3iVGj5CauI98
-bNFHTWwYp7tviIIi21Q+L3nExCyE4yTUP/mebBZ62JnbvsWSs3r3//Am5d8G3WdY
-BXsERoDoLBvHnqlO/oo4ppGCRI7GkDroACi/AgMBAAGjdzB1MAwGA1UdEwQFMAMB
-Af8wHQYDVR0OBBYEFGqUKVWVlL03sHuOggFACdlHckPBMEYGA1UdIwQ/MD2AFE2X
-AbNDryMlBpMNI6Ce927uUFwToRqkGDAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdIIJ
-ANDUkH+UYdz1MA0GCSqGSIb3DQEBBQUAA4IBAQA3O3S9VT0EC1yG4xyNNUZ7+CzF
-uFA6uiO38ygcN5Nz1oNPy2eQer7vYmrHtqN6gS/o1Ag5F8bLRCqeuZTsOG80O29H
-kNhs5xYprdU82AqcaWwEd0kDrhC5rEvs6fj1J0NKmmhbovYxuDboj0a7If7HEqX0
-NizyU3M3JONPZgadchZ+F5DosatF1Bpt/gsQRy383IogQ0/FS+juHCCc4VIUemuk
-YY1J8o5XdrGWrPBBiudTWqCobe+N541b+YLWbajT5UKzvSqJmcqpPTniJGc9eZxc
-z3cCNd3cKa9bK51stEnQSlA7PQXYs3K+TD3EmSn/G2x6Hmfr7lrpbIhEaD+y
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDATCCAemgAwIBAgIJANDUkH+UYdz1MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
-BAMMC3MyblRlc3RSb290MCAXDTE2MDMzMDE4NTYzOVoYDzIxMTYwMzA2MTg1NjM5
-WjAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAMY5532000oaeed7Jmo3ssx1723ZDLpn3WGz6FxpWM0zsKA/YvdD
-7J6qXDvfxU6dZlmsCS+bSNAqpARKmKsBEDPTsdLmrN1V1clOxvKm6GvU1eloRTw6
-xukEUXJ+uxrQMLYvSJBiCBVGI+UYNCK5c6guNMRYBCGdk5/iayjmK0Nxz1918Cx9
-z4va8HPAgYIz0ogOdYB21O9FQGPdH1mYqRzljcSsZ7EFo1P8HJr8oKK76ZeYi2or
-pjzMHGnlufHaul508wQPeFAMa1Tku3HyGZRaieRAck6+QcO2NujXxKNyCBlWON23
-FQTuBjN/CAl74MZtcAM2hVSmpm9t4cWVN5MCAwEAAaNQME4wHQYDVR0OBBYEFE2X
-AbNDryMlBpMNI6Ce927uUFwTMB8GA1UdIwQYMBaAFE2XAbNDryMlBpMNI6Ce927u
-UFwTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAXkVvQdXDmozPix
-uZi1o9cw4Si0syqfJ4sSunrzPbbmw/Qxhth5V7XGrnsQVNxamgnbzpjGhiBF6isM
-ldj33zQYtke+ojOjFlhEvrPo6eW29RkLBEtJadGs2bkMLztJbf+cbH2u6irzr6S4
-3OgVOSuB+zG56ksTnEVmum+C/8tSIAyi3eaoStPcgEU8+3/KMrH7uuenmTOCKdD1
-FvSDHXT9qPgTttVQGXbXzJEr5tGE+Py6yib5uoJ0dJZNtjs7HOQEDk5J0wZaX0DC
-MShYLiN5qLJAk0qwl+js488BJ18M9dg4TxdBYFkwHSzKXSj9TJN77Bb0RZr8LL9T
-r9IyvfU=
------END CERTIFICATE-----
-
+-----BEGIN CERTIFICATE-----
+MIICrTCCAZUCAn3VMA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNVBAMME3MyblRlc3RJ
+bnRlcm1lZGlhdGUwIBcNMTYwMzMwMTg1NzQzWhgPMjExNjAzMDYxODU3NDNaMBgx
+FjAUBgNVBAMMDXMyblRlc3RTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDRw6AuYXAeRT0YuptCfJjRB/EDJyyGXnv+8TV2H1WJWhMLk8qND27r
+79A6EjbVmJaOV9qrokVqpDmXS712Z3BDprJ+1LFMymm3A+AFuK/skeGy0skik+Tg
+MmFT5XBVvmsw4uB1S9uUqktHauXgjhFPPsfvk4ewL4LulVEN2TEeI1Odj4CaMxAO
+Iuowm8wI2OHVzRHlrRmyJ9hYGuHHQ2TaTGIjr3WpAFuXi9pHGGMYa0uXAVPmgjdE
+XZ8t46u/ZKQ9W1uJkZEVKhcijT7G2VBrsBUq0CDiL+TDaGfthnBzUc9zt4fx/S/3
+qulC2WbKI3xrasQyjrsHTAJ75Md3rK09AgMBAAEwDQYJKoZIhvcNAQEFBQADggEB
+AHHkXNA9BtgAebZC2zriW4hRfeIkJMOwvfKBXHTuY5iCLD1otis6AZljcCKXM6O9
+489eHBC4T6mJwVsXhH+/ccEKqNRD2bUfQgOij32PsteV1eOHfHIFqdJmnBVb8tYa
+jxUvy7UQvXrPqaHbODrHe+7f7r1YCzerujiP5SSHphY3GQq88KemfFczp/4GnYas
+sE50OYe7DQcB4zvnxmAXp51JIN4ooktUU9oKIM5y2cgEWdmJzeqPANYxf0ZIPlTg
+ETknKw1Dzf8wlK5mFbbG4LPQh1mkDVcwQV3ogG6kGMRa7neH+6SFkNpAKuPCoje4
+NAE+WQ5ve1wk7nIRTQwDAF4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKTCCAhGgAwIBAgICVxYwDQYJKoZIhvcNAQEFBQAwFjEUMBIGA1UEAwwLczJu
+VGVzdFJvb3QwIBcNMTYwMzMwMTg1NzA5WhgPMjExNjAzMDYxODU3MDlaMB4xHDAa
+BgNVBAMME3MyblRlc3RJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDM/i3eclxYcvedPCEnVe6A/HYsYPeP1qKBZQhbpuuX061jFZKw
+lecb0eau1PORLbcsYK40u3xUzoA5u6Q0ebDuqPbqSJkCazsh66cu9STl8ubbk7oI
+8LJjUJFhhy2Jmm9krXhPyRscU+CXOCZ2G1GhBqTI8cgMYhEVHwb3qy1EHg6G3n4W
+AjV+cKQcbUytq8DRmVe0bNJxDOX8ivzfAp3lUIwub+JfpxrWIUhb3iVGj5CauI98
+bNFHTWwYp7tviIIi21Q+L3nExCyE4yTUP/mebBZ62JnbvsWSs3r3//Am5d8G3WdY
+BXsERoDoLBvHnqlO/oo4ppGCRI7GkDroACi/AgMBAAGjdzB1MAwGA1UdEwQFMAMB
+Af8wHQYDVR0OBBYEFGqUKVWVlL03sHuOggFACdlHckPBMEYGA1UdIwQ/MD2AFE2X
+AbNDryMlBpMNI6Ce927uUFwToRqkGDAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdIIJ
+ANDUkH+UYdz1MA0GCSqGSIb3DQEBBQUAA4IBAQA3O3S9VT0EC1yG4xyNNUZ7+CzF
+uFA6uiO38ygcN5Nz1oNPy2eQer7vYmrHtqN6gS/o1Ag5F8bLRCqeuZTsOG80O29H
+kNhs5xYprdU82AqcaWwEd0kDrhC5rEvs6fj1J0NKmmhbovYxuDboj0a7If7HEqX0
+NizyU3M3JONPZgadchZ+F5DosatF1Bpt/gsQRy383IogQ0/FS+juHCCc4VIUemuk
+YY1J8o5XdrGWrPBBiudTWqCobe+N541b+YLWbajT5UKzvSqJmcqpPTniJGc9eZxc
+z3cCNd3cKa9bK51stEnQSlA7PQXYs3K+TD3EmSn/G2x6Hmfr7lrpbIhEaD+y
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDATCCAemgAwIBAgIJANDUkH+UYdz1MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV
+BAMMC3MyblRlc3RSb290MCAXDTE2MDMzMDE4NTYzOVoYDzIxMTYwMzA2MTg1NjM5
+WjAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMY5532000oaeed7Jmo3ssx1723ZDLpn3WGz6FxpWM0zsKA/YvdD
+7J6qXDvfxU6dZlmsCS+bSNAqpARKmKsBEDPTsdLmrN1V1clOxvKm6GvU1eloRTw6
+xukEUXJ+uxrQMLYvSJBiCBVGI+UYNCK5c6guNMRYBCGdk5/iayjmK0Nxz1918Cx9
+z4va8HPAgYIz0ogOdYB21O9FQGPdH1mYqRzljcSsZ7EFo1P8HJr8oKK76ZeYi2or
+pjzMHGnlufHaul508wQPeFAMa1Tku3HyGZRaieRAck6+QcO2NujXxKNyCBlWON23
+FQTuBjN/CAl74MZtcAM2hVSmpm9t4cWVN5MCAwEAAaNQME4wHQYDVR0OBBYEFE2X
+AbNDryMlBpMNI6Ce927uUFwTMB8GA1UdIwQYMBaAFE2XAbNDryMlBpMNI6Ce927u
+UFwTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAXkVvQdXDmozPix
+uZi1o9cw4Si0syqfJ4sSunrzPbbmw/Qxhth5V7XGrnsQVNxamgnbzpjGhiBF6isM
+ldj33zQYtke+ojOjFlhEvrPo6eW29RkLBEtJadGs2bkMLztJbf+cbH2u6irzr6S4
+3OgVOSuB+zG56ksTnEVmum+C/8tSIAyi3eaoStPcgEU8+3/KMrH7uuenmTOCKdD1
+FvSDHXT9qPgTttVQGXbXzJEr5tGE+Py6yib5uoJ0dJZNtjs7HOQEDk5J0wZaX0DC
+MShYLiN5qLJAk0qwl+js488BJ18M9dg4TxdBYFkwHSzKXSj9TJN77Bb0RZr8LL9T
+r9IyvfU=
+-----END CERTIFICATE-----
+
diff --git a/tests/pems/rsa_2048_pkcs1_key_crlf.pem b/tests/pems/rsa_2048_pkcs1_key_crlf.pem
index 8160dff2441..e07f8e205ba 100644
--- a/tests/pems/rsa_2048_pkcs1_key_crlf.pem
+++ b/tests/pems/rsa_2048_pkcs1_key_crlf.pem
@@ -1,28 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0cOgLmFwHkU9GLqbQnyY0QfxAycshl57/vE1dh9ViVoTC5PK
-jQ9u6+/QOhI21ZiWjlfaq6JFaqQ5l0u9dmdwQ6ayftSxTMpptwPgBbiv7JHhstLJ
-IpPk4DJhU+VwVb5rMOLgdUvblKpLR2rl4I4RTz7H75OHsC+C7pVRDdkxHiNTnY+A
-mjMQDiLqMJvMCNjh1c0R5a0ZsifYWBrhx0Nk2kxiI691qQBbl4vaRxhjGGtLlwFT
-5oI3RF2fLeOrv2SkPVtbiZGRFSoXIo0+xtlQa7AVKtAg4i/kw2hn7YZwc1HPc7eH
-8f0v96rpQtlmyiN8a2rEMo67B0wCe+THd6ytPQIDAQABAoIBAF3evYAD+riRI5Y9
-a92FBJ4Gf8R5c2NuRO8B4nrJ6u1ccclsieg2T90lpHlYTVGoxzdL+X91Trs6Ysti
-CZdDEuozXw2DARTsQAK2qTnmPFQRtH7h9UCUDoiGAygYNP0qCa4G2YukNs+Apc9/
-9v9WlEhyP+bmjoI5wM4j4/HekCx7syHuiqJ74//oTzNamT0aWHwgXAUmEYZ/1+nT
-0KInmtmIOFgsWHcojwQ6sZJ3eVvy66EqHLZKQYZa2tx0YjrEJMQi1drg6VV+lLCR
-rEtsoltgdN2G9v3P6KrHXsrCYaaZKhog9B1OSI2Amv3YWZHXppK12+aSy774lUUz
-qVur5cECgYEA7oCOQoRZo76wztS+yDeq173B2gPHKSIrWvaLDkCAPOQPVzJZ4Qc+
-8OEDU6HB9P0MYDsKBxZY85uzWP+dAlsmcL0C86WibOuYERPKQIcAn3KSzFiIxH3R
-OAbaLtSLN3lDAH50PhP9BguiSfBjI6w4Qsr7jlQgdpzG4h4LjvotbWMCgYEA4SdT
-QQJhHiLtBFo91ItRUzhePvUDfV8XvNfAwZj8cY2+oenkK2+bp35xteBV6Gu1cYnd
-V2yFgzMZ/jDvqfUn/8EVAGvEFrLtsUpXeyHhgmVT490RsPxC9xU9jf5LsvZ4zjsj
-CsFZW0JnhKkF6M5wztWtO3yKCilmXSOIFvorTN8CgYEAoK2LKdTwbxhxFWbOgSS/
-vEji6HXTHysd+lJOrHNX8a3Th/MsCiZPiQiOrTE08k/onown3U547uXelf7fUE8I
-PruX2X2lR6wQ7rBeecp56PHPZEvhGD+LTCuRoise/2h6c0K+HXRp6kC8PQPuRoIo
-BRerEeArXr2QX5XOQ6zYHfECgYEAp0L9mDfaSfcMOMWJVVJCEh639PEzrHluOv3U
-1n1+XCU+zy3gMVxyN9W5R7HmYAlT+4q9geq+rJ7T2oAkKxBSrK6VmYB1ZZ968NAX
-eQPMcYAw+AAM2nwsiz2eQtP9DHAJgrtv5teIOEF2gZjHKRHjv+QBE0YLjkz/HIX+
-3YLvk+UCgYAgpAWk4YW4dAcZ8Y04Ke2pjMvEu44hHphOmk6AZl0Xl9tJwxlV8GVx
-o3L4hbjHqyJo3+DZZYM7udMx9axbX9JHYRaLNJpc8UxQZj7d3TehC9Dw9/DzhIy/
-6sml30j/GHvnW5DOlpsdNKDlxoFX+hncXYIjyVTGRNdsSwa4VVm+Xw==
------END RSA PRIVATE KEY-----
-
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA0cOgLmFwHkU9GLqbQnyY0QfxAycshl57/vE1dh9ViVoTC5PK
+jQ9u6+/QOhI21ZiWjlfaq6JFaqQ5l0u9dmdwQ6ayftSxTMpptwPgBbiv7JHhstLJ
+IpPk4DJhU+VwVb5rMOLgdUvblKpLR2rl4I4RTz7H75OHsC+C7pVRDdkxHiNTnY+A
+mjMQDiLqMJvMCNjh1c0R5a0ZsifYWBrhx0Nk2kxiI691qQBbl4vaRxhjGGtLlwFT
+5oI3RF2fLeOrv2SkPVtbiZGRFSoXIo0+xtlQa7AVKtAg4i/kw2hn7YZwc1HPc7eH
+8f0v96rpQtlmyiN8a2rEMo67B0wCe+THd6ytPQIDAQABAoIBAF3evYAD+riRI5Y9
+a92FBJ4Gf8R5c2NuRO8B4nrJ6u1ccclsieg2T90lpHlYTVGoxzdL+X91Trs6Ysti
+CZdDEuozXw2DARTsQAK2qTnmPFQRtH7h9UCUDoiGAygYNP0qCa4G2YukNs+Apc9/
+9v9WlEhyP+bmjoI5wM4j4/HekCx7syHuiqJ74//oTzNamT0aWHwgXAUmEYZ/1+nT
+0KInmtmIOFgsWHcojwQ6sZJ3eVvy66EqHLZKQYZa2tx0YjrEJMQi1drg6VV+lLCR
+rEtsoltgdN2G9v3P6KrHXsrCYaaZKhog9B1OSI2Amv3YWZHXppK12+aSy774lUUz
+qVur5cECgYEA7oCOQoRZo76wztS+yDeq173B2gPHKSIrWvaLDkCAPOQPVzJZ4Qc+
+8OEDU6HB9P0MYDsKBxZY85uzWP+dAlsmcL0C86WibOuYERPKQIcAn3KSzFiIxH3R
+OAbaLtSLN3lDAH50PhP9BguiSfBjI6w4Qsr7jlQgdpzG4h4LjvotbWMCgYEA4SdT
+QQJhHiLtBFo91ItRUzhePvUDfV8XvNfAwZj8cY2+oenkK2+bp35xteBV6Gu1cYnd
+V2yFgzMZ/jDvqfUn/8EVAGvEFrLtsUpXeyHhgmVT490RsPxC9xU9jf5LsvZ4zjsj
+CsFZW0JnhKkF6M5wztWtO3yKCilmXSOIFvorTN8CgYEAoK2LKdTwbxhxFWbOgSS/
+vEji6HXTHysd+lJOrHNX8a3Th/MsCiZPiQiOrTE08k/onown3U547uXelf7fUE8I
+PruX2X2lR6wQ7rBeecp56PHPZEvhGD+LTCuRoise/2h6c0K+HXRp6kC8PQPuRoIo
+BRerEeArXr2QX5XOQ6zYHfECgYEAp0L9mDfaSfcMOMWJVVJCEh639PEzrHluOv3U
+1n1+XCU+zy3gMVxyN9W5R7HmYAlT+4q9geq+rJ7T2oAkKxBSrK6VmYB1ZZ968NAX
+eQPMcYAw+AAM2nwsiz2eQtP9DHAJgrtv5teIOEF2gZjHKRHjv+QBE0YLjkz/HIX+
+3YLvk+UCgYAgpAWk4YW4dAcZ8Y04Ke2pjMvEu44hHphOmk6AZl0Xl9tJwxlV8GVx
+o3L4hbjHqyJo3+DZZYM7udMx9axbX9JHYRaLNJpc8UxQZj7d3TehC9Dw9/DzhIy/
+6sml30j/GHvnW5DOlpsdNKDlxoFX+hncXYIjyVTGRNdsSwa4VVm+Xw==
+-----END RSA PRIVATE KEY-----
+
diff --git a/tests/testlib/s2n_key_schedule_testlib.c b/tests/testlib/s2n_key_schedule_testlib.c
index 273f8b8b3cc..85c34380a78 100644
--- a/tests/testlib/s2n_key_schedule_testlib.c
+++ b/tests/testlib/s2n_key_schedule_testlib.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/testlib/s2n_ktls_test_utils.c b/tests/testlib/s2n_ktls_test_utils.c
index 18fa9080155..41e407fefcf 100644
--- a/tests/testlib/s2n_ktls_test_utils.c
+++ b/tests/testlib/s2n_ktls_test_utils.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/testlib/s2n_test_certs.c b/tests/testlib/s2n_test_certs.c
index 1d97261968a..f1594321296 100644
--- a/tests/testlib/s2n_test_certs.c
+++ b/tests/testlib/s2n_test_certs.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_async_pkey_test.c b/tests/unit/s2n_async_pkey_test.c
index c2cefd6dc6d..a544e326b39 100644
--- a/tests/unit/s2n_async_pkey_test.c
+++ b/tests/unit/s2n_async_pkey_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_cbc_test.c b/tests/unit/s2n_cbc_test.c
index 31f8a174851..f26dbae2c16 100644
--- a/tests/unit/s2n_cbc_test.c
+++ b/tests/unit/s2n_cbc_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
diff --git a/tests/unit/s2n_cert_chain_and_key_load_test.c b/tests/unit/s2n_cert_chain_and_key_load_test.c
index 271cdc0e085..c283e21712d 100644
--- a/tests/unit/s2n_cert_chain_and_key_load_test.c
+++ b/tests/unit/s2n_cert_chain_and_key_load_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_cert_chain_and_key_test.c b/tests/unit/s2n_cert_chain_and_key_test.c
index f036cf665f1..3c77d775601 100644
--- a/tests/unit/s2n_cert_chain_and_key_test.c
+++ b/tests/unit/s2n_cert_chain_and_key_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_cert_status_extension_test.c b/tests/unit/s2n_cert_status_extension_test.c
index d385c702a49..cd66098717c 100644
--- a/tests/unit/s2n_cert_status_extension_test.c
+++ b/tests/unit/s2n_cert_status_extension_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_cert_validation_callback_test.c b/tests/unit/s2n_cert_validation_callback_test.c
index 69b9c8294ef..cbdfb819cb1 100644
--- a/tests/unit/s2n_cert_validation_callback_test.c
+++ b/tests/unit/s2n_cert_validation_callback_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
diff --git a/tests/unit/s2n_cipher_suite_match_test.c b/tests/unit/s2n_cipher_suite_match_test.c
index f68117ea1d9..52a49b41363 100644
--- a/tests/unit/s2n_cipher_suite_match_test.c
+++ b/tests/unit/s2n_cipher_suite_match_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_client_auth_handshake_test.c b/tests/unit/s2n_client_auth_handshake_test.c
index 168242bf451..e8266aa98a6 100644
--- a/tests/unit/s2n_client_auth_handshake_test.c
+++ b/tests/unit/s2n_client_auth_handshake_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_client_extensions_test.c b/tests/unit/s2n_client_extensions_test.c
index c8d25d93325..4331e499319 100644
--- a/tests/unit/s2n_client_extensions_test.c
+++ b/tests/unit/s2n_client_extensions_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_client_hello_recv_test.c b/tests/unit/s2n_client_hello_recv_test.c
index 07da5496655..efb758ca87e 100644
--- a/tests/unit/s2n_client_hello_recv_test.c
+++ b/tests/unit/s2n_client_hello_recv_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_client_hello_retry_test.c b/tests/unit/s2n_client_hello_retry_test.c
index 97c4a650277..00634be07bf 100644
--- a/tests/unit/s2n_client_hello_retry_test.c
+++ b/tests/unit/s2n_client_hello_retry_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_client_hello_test.c b/tests/unit/s2n_client_hello_test.c
index 681277f7058..f3efe3a2dba 100644
--- a/tests/unit/s2n_client_hello_test.c
+++ b/tests/unit/s2n_client_hello_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_client_record_version_test.c b/tests/unit/s2n_client_record_version_test.c
index a7729345af3..fa875e218ec 100644
--- a/tests/unit/s2n_client_record_version_test.c
+++ b/tests/unit/s2n_client_record_version_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_client_secure_renegotiation_test.c b/tests/unit/s2n_client_secure_renegotiation_test.c
index f54b79af6d6..76427096456 100644
--- a/tests/unit/s2n_client_secure_renegotiation_test.c
+++ b/tests/unit/s2n_client_secure_renegotiation_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_config_test.c b/tests/unit/s2n_config_test.c
index dfb91656445..5af481bf6d9 100644
--- a/tests/unit/s2n_config_test.c
+++ b/tests/unit/s2n_config_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_connection_protocol_versions_test.c b/tests/unit/s2n_connection_protocol_versions_test.c
index dee93409141..9e06822105d 100644
--- a/tests/unit/s2n_connection_protocol_versions_test.c
+++ b/tests/unit/s2n_connection_protocol_versions_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
diff --git a/tests/unit/s2n_cookie_test.c b/tests/unit/s2n_cookie_test.c
index 406cfe8305f..6fb3837ff43 100644
--- a/tests/unit/s2n_cookie_test.c
+++ b/tests/unit/s2n_cookie_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_crl_test.c b/tests/unit/s2n_crl_test.c
index b952ec4ae5d..ac904b41726 100644
--- a/tests/unit/s2n_crl_test.c
+++ b/tests/unit/s2n_crl_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
diff --git a/tests/unit/s2n_drain_alert_test.c b/tests/unit/s2n_drain_alert_test.c
index 6b5ddb8145a..34f231bf80c 100644
--- a/tests/unit/s2n_drain_alert_test.c
+++ b/tests/unit/s2n_drain_alert_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_handshake_invariant_test.c b/tests/unit/s2n_handshake_invariant_test.c
index 15cb346bc43..108dc37a560 100644
--- a/tests/unit/s2n_handshake_invariant_test.c
+++ b/tests/unit/s2n_handshake_invariant_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_handshake_test.c b/tests/unit/s2n_handshake_test.c
index a51ae559aa5..2e8b25da5d7 100644
--- a/tests/unit/s2n_handshake_test.c
+++ b/tests/unit/s2n_handshake_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_handshake_type_test.c b/tests/unit/s2n_handshake_type_test.c
index d555a4a30b4..983b87f3f8f 100644
--- a/tests/unit/s2n_handshake_type_test.c
+++ b/tests/unit/s2n_handshake_type_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_key_update_threads_test.c b/tests/unit/s2n_key_update_threads_test.c
index 42ca56cb5c9..0cb56c01c3b 100644
--- a/tests/unit/s2n_key_update_threads_test.c
+++ b/tests/unit/s2n_key_update_threads_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_mem_allocator_test.c b/tests/unit/s2n_mem_allocator_test.c
index bd4bdf0f294..157a5f5d78a 100644
--- a/tests/unit/s2n_mem_allocator_test.c
+++ b/tests/unit/s2n_mem_allocator_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_mem_usage_test.c b/tests/unit/s2n_mem_usage_test.c
index c8ea3af9464..9679877252a 100644
--- a/tests/unit/s2n_mem_usage_test.c
+++ b/tests/unit/s2n_mem_usage_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_mutual_auth_test.c b/tests/unit/s2n_mutual_auth_test.c
index 07ec723f447..b36b2e384c1 100644
--- a/tests/unit/s2n_mutual_auth_test.c
+++ b/tests/unit/s2n_mutual_auth_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_openssl_x509_test.c b/tests/unit/s2n_openssl_x509_test.c
index 85fa4500fd8..1e43c6bb893 100644
--- a/tests/unit/s2n_openssl_x509_test.c
+++ b/tests/unit/s2n_openssl_x509_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_optional_client_auth_test.c b/tests/unit/s2n_optional_client_auth_test.c
index 953fc264b9e..964d0e96185 100644
--- a/tests/unit/s2n_optional_client_auth_test.c
+++ b/tests/unit/s2n_optional_client_auth_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_pem_rsa_dhe_test.c b/tests/unit/s2n_pem_rsa_dhe_test.c
index a9bf4306d5b..dd3f8c8ed16 100644
--- a/tests/unit/s2n_pem_rsa_dhe_test.c
+++ b/tests/unit/s2n_pem_rsa_dhe_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_pem_test.c b/tests/unit/s2n_pem_test.c
index e1589ca3604..2a29d67f7ba 100644
--- a/tests/unit/s2n_pem_test.c
+++ b/tests/unit/s2n_pem_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_policy_defaults_test.c b/tests/unit/s2n_policy_defaults_test.c
index 0fd65d53d9c..ee21a75f032 100644
--- a/tests/unit/s2n_policy_defaults_test.c
+++ b/tests/unit/s2n_policy_defaults_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_post_handshake_recv_test.c b/tests/unit/s2n_post_handshake_recv_test.c
index 1ea2a50ef67..3eb9eb5643d 100644
--- a/tests/unit/s2n_post_handshake_recv_test.c
+++ b/tests/unit/s2n_post_handshake_recv_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_prf_key_material_test.c b/tests/unit/s2n_prf_key_material_test.c
index 2edbf61d431..057e46b9f5f 100644
--- a/tests/unit/s2n_prf_key_material_test.c
+++ b/tests/unit/s2n_prf_key_material_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_quic_support_io_test.c b/tests/unit/s2n_quic_support_io_test.c
index 74eb2dad2fb..a55eff90584 100644
--- a/tests/unit/s2n_quic_support_io_test.c
+++ b/tests/unit/s2n_quic_support_io_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_record_size_test.c b/tests/unit/s2n_record_size_test.c
index 79fba0ef5cc..5e363a0b081 100644
--- a/tests/unit/s2n_record_size_test.c
+++ b/tests/unit/s2n_record_size_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_recv_test.c b/tests/unit/s2n_recv_test.c
index ef8315f1686..3585355e760 100644
--- a/tests/unit/s2n_recv_test.c
+++ b/tests/unit/s2n_recv_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_release_non_empty_buffers_test.c b/tests/unit/s2n_release_non_empty_buffers_test.c
index 65b8d221d32..d13d0d4b381 100644
--- a/tests/unit/s2n_release_non_empty_buffers_test.c
+++ b/tests/unit/s2n_release_non_empty_buffers_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_renegotiate_test.c b/tests/unit/s2n_renegotiate_test.c
index b85c9599054..1fa07e9168e 100644
--- a/tests/unit/s2n_renegotiate_test.c
+++ b/tests/unit/s2n_renegotiate_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_rsa_pss_test.c b/tests/unit/s2n_rsa_pss_test.c
index 4f6b7be6bcb..0ac86b6c507 100644
--- a/tests/unit/s2n_rsa_pss_test.c
+++ b/tests/unit/s2n_rsa_pss_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_seccomp_handshake_test.c b/tests/unit/s2n_seccomp_handshake_test.c
index 75bf7b93495..cceb6983cb5 100644
--- a/tests/unit/s2n_seccomp_handshake_test.c
+++ b/tests/unit/s2n_seccomp_handshake_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_self_talk_alerts_test.c b/tests/unit/s2n_self_talk_alerts_test.c
index cf596ba5d5c..c49da1c47ff 100644
--- a/tests/unit/s2n_self_talk_alerts_test.c
+++ b/tests/unit/s2n_self_talk_alerts_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_self_talk_broken_pipe_test.c b/tests/unit/s2n_self_talk_broken_pipe_test.c
index 87b237d11d2..2527fffe8a9 100644
--- a/tests/unit/s2n_self_talk_broken_pipe_test.c
+++ b/tests/unit/s2n_self_talk_broken_pipe_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_self_talk_certificates_test.c b/tests/unit/s2n_self_talk_certificates_test.c
index 5c2a1f1769d..02bfd24fccb 100644
--- a/tests/unit/s2n_self_talk_certificates_test.c
+++ b/tests/unit/s2n_self_talk_certificates_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_self_talk_custom_io_test.c b/tests/unit/s2n_self_talk_custom_io_test.c
index e0b02452c4c..fb0fa6e74c7 100644
--- a/tests/unit/s2n_self_talk_custom_io_test.c
+++ b/tests/unit/s2n_self_talk_custom_io_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_self_talk_min_protocol_version_test.c b/tests/unit/s2n_self_talk_min_protocol_version_test.c
index 4e0f2ecfa38..cb14131013c 100644
--- a/tests/unit/s2n_self_talk_min_protocol_version_test.c
+++ b/tests/unit/s2n_self_talk_min_protocol_version_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_self_talk_nonblocking_test.c b/tests/unit/s2n_self_talk_nonblocking_test.c
index 427d03e46eb..e9255f53804 100644
--- a/tests/unit/s2n_self_talk_nonblocking_test.c
+++ b/tests/unit/s2n_self_talk_nonblocking_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_self_talk_session_id_test.c b/tests/unit/s2n_self_talk_session_id_test.c
index dbef1031b01..9cb4fb1e2e4 100644
--- a/tests/unit/s2n_self_talk_session_id_test.c
+++ b/tests/unit/s2n_self_talk_session_id_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_self_talk_tls12_test.c b/tests/unit/s2n_self_talk_tls12_test.c
index e3713e30fad..8f8a7fd9516 100644
--- a/tests/unit/s2n_self_talk_tls12_test.c
+++ b/tests/unit/s2n_self_talk_tls12_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_send_key_update_test.c b/tests/unit/s2n_send_key_update_test.c
index c8ecadb6bac..d632b82712e 100644
--- a/tests/unit/s2n_send_key_update_test.c
+++ b/tests/unit/s2n_send_key_update_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_send_multirecord_test.c b/tests/unit/s2n_send_multirecord_test.c
index 4ff94234ef0..7a3f3d289fd 100644
--- a/tests/unit/s2n_send_multirecord_test.c
+++ b/tests/unit/s2n_send_multirecord_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_send_test.c b/tests/unit/s2n_send_test.c
index 840b9a83c7f..97f2e324dba 100644
--- a/tests/unit/s2n_send_test.c
+++ b/tests/unit/s2n_send_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_server_hello_retry_test.c b/tests/unit/s2n_server_hello_retry_test.c
index 9338e0b0eea..9ca4b53645e 100644
--- a/tests/unit/s2n_server_hello_retry_test.c
+++ b/tests/unit/s2n_server_hello_retry_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_session_ticket_test.c b/tests/unit/s2n_session_ticket_test.c
index 4f3ccab1d23..8efbf762f12 100644
--- a/tests/unit/s2n_session_ticket_test.c
+++ b/tests/unit/s2n_session_ticket_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_sslv3_test.c b/tests/unit/s2n_sslv3_test.c
index d0a5635f2dd..304248475e6 100644
--- a/tests/unit/s2n_sslv3_test.c
+++ b/tests/unit/s2n_sslv3_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
diff --git a/tests/unit/s2n_tls12_handshake_test.c b/tests/unit/s2n_tls12_handshake_test.c
index 7af0ef52824..9c84e194aaa 100644
--- a/tests/unit/s2n_tls12_handshake_test.c
+++ b/tests/unit/s2n_tls12_handshake_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_tls13_cert_verify_test.c b/tests/unit/s2n_tls13_cert_verify_test.c
index 2657e4f8212..1014914a72d 100644
--- a/tests/unit/s2n_tls13_cert_verify_test.c
+++ b/tests/unit/s2n_tls13_cert_verify_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_tls13_handshake_early_data_test.c b/tests/unit/s2n_tls13_handshake_early_data_test.c
index d0f351a3447..8f93aa4b38f 100644
--- a/tests/unit/s2n_tls13_handshake_early_data_test.c
+++ b/tests/unit/s2n_tls13_handshake_early_data_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_tls13_handshake_state_machine_test.c b/tests/unit/s2n_tls13_handshake_state_machine_test.c
index 35dd539fe3b..d7b0d4d7b71 100644
--- a/tests/unit/s2n_tls13_handshake_state_machine_test.c
+++ b/tests/unit/s2n_tls13_handshake_state_machine_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_tls13_handshake_test.c b/tests/unit/s2n_tls13_handshake_test.c
index bef2388e832..792aaa4c1c0 100644
--- a/tests/unit/s2n_tls13_handshake_test.c
+++ b/tests/unit/s2n_tls13_handshake_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_tls13_parse_record_type_test.c b/tests/unit/s2n_tls13_parse_record_type_test.c
index e962d05bbfa..0f896e08a9c 100644
--- a/tests/unit/s2n_tls13_parse_record_type_test.c
+++ b/tests/unit/s2n_tls13_parse_record_type_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_tls13_pq_handshake_test.c b/tests/unit/s2n_tls13_pq_handshake_test.c
index 972a0a1a2da..17819ea6df9 100644
--- a/tests/unit/s2n_tls13_pq_handshake_test.c
+++ b/tests/unit/s2n_tls13_pq_handshake_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_tls13_server_cert_test.c b/tests/unit/s2n_tls13_server_cert_test.c
index c18ab419dfb..58d3692d9ae 100644
--- a/tests/unit/s2n_tls13_server_cert_test.c
+++ b/tests/unit/s2n_tls13_server_cert_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_tls_prf_test.c b/tests/unit/s2n_tls_prf_test.c
index 3587bacc49b..187d2160095 100644
--- a/tests/unit/s2n_tls_prf_test.c
+++ b/tests/unit/s2n_tls_prf_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_wildcard_hostname_test.c b/tests/unit/s2n_wildcard_hostname_test.c
index 011319ae15e..236c0e52fc1 100644
--- a/tests/unit/s2n_wildcard_hostname_test.c
+++ b/tests/unit/s2n_wildcard_hostname_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_x509_intent_verification_test.c b/tests/unit/s2n_x509_intent_verification_test.c
index a37d3c4ca22..df7f0c93b2e 100644
--- a/tests/unit/s2n_x509_intent_verification_test.c
+++ b/tests/unit/s2n_x509_intent_verification_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
diff --git a/tests/unit/s2n_x509_validator_certificate_signatures_test.c b/tests/unit/s2n_x509_validator_certificate_signatures_test.c
index d0b8b8095ee..1554d1240c0 100644
--- a/tests/unit/s2n_x509_validator_certificate_signatures_test.c
+++ b/tests/unit/s2n_x509_validator_certificate_signatures_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_x509_validator_test.c b/tests/unit/s2n_x509_validator_test.c
index 4f698d869b8..a00e7a74bbb 100644
--- a/tests/unit/s2n_x509_validator_test.c
+++ b/tests/unit/s2n_x509_validator_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tests/unit/s2n_x509_validator_time_verification_test.c b/tests/unit/s2n_x509_validator_time_verification_test.c
index 1eb7a35c199..a96b79aaa45 100644
--- a/tests/unit/s2n_x509_validator_time_verification_test.c
+++ b/tests/unit/s2n_x509_validator_time_verification_test.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
diff --git a/tests/viz/s2n_state_machine_viz.c b/tests/viz/s2n_state_machine_viz.c
index b7426475421..e138cc6b081 100644
--- a/tests/viz/s2n_state_machine_viz.c
+++ b/tests/viz/s2n_state_machine_viz.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/extensions/s2n_client_psk.c b/tls/extensions/s2n_client_psk.c
index 4e69e6d8a8b..8e8a29b8917 100644
--- a/tls/extensions/s2n_client_psk.c
+++ b/tls/extensions/s2n_client_psk.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/extensions/s2n_client_server_name.c b/tls/extensions/s2n_client_server_name.c
index a1596e8e98c..999c2384895 100644
--- a/tls/extensions/s2n_client_server_name.c
+++ b/tls/extensions/s2n_client_server_name.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/extensions/s2n_client_supported_versions.c b/tls/extensions/s2n_client_supported_versions.c
index ab892cd509a..157ea5444de 100644
--- a/tls/extensions/s2n_client_supported_versions.c
+++ b/tls/extensions/s2n_client_supported_versions.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/extensions/s2n_extension_type.c b/tls/extensions/s2n_extension_type.c
index 6612b1efc44..ea29c1b6be5 100644
--- a/tls/extensions/s2n_extension_type.c
+++ b/tls/extensions/s2n_extension_type.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/extensions/s2n_supported_versions.c b/tls/extensions/s2n_supported_versions.c
index acf130d6c55..46541676520 100644
--- a/tls/extensions/s2n_supported_versions.c
+++ b/tls/extensions/s2n_supported_versions.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/policy/s2n_policy_defaults.c b/tls/policy/s2n_policy_defaults.c
index 20d6c7d617b..26d98b9b3ba 100644
--- a/tls/policy/s2n_policy_defaults.c
+++ b/tls/policy/s2n_policy_defaults.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/policy/s2n_policy_writer.c b/tls/policy/s2n_policy_writer.c
index 5f7c3800f76..46c06b20ab6 100644
--- a/tls/policy/s2n_policy_writer.c
+++ b/tls/policy/s2n_policy_writer.c
@@ -15,7 +15,9 @@
 
 #include <stdarg.h>
 #include <stdio.h>
+#if !defined(_MSC_VER)
 #include <unistd.h>
+#endif
 
 #include "stuffer/s2n_stuffer.h"
 #include "tls/policy/s2n_policy_feature.h"
diff --git a/tls/s2n_alerts.c b/tls/s2n_alerts.c
index 2b7264603b5..9342598f09c 100644
--- a/tls/s2n_alerts.c
+++ b/tls/s2n_alerts.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_async_pkey.h b/tls/s2n_async_pkey.h
index 7bea58e8553..bd11490956b 100644
--- a/tls/s2n_async_pkey.h
+++ b/tls/s2n_async_pkey.h
@@ -31,6 +31,24 @@ struct s2n_async_pkey_op;
  * continue. If async operation is invoking or was invoked, but yet to be complete, we error out of the handler to let
  * s2n_handle_retry_state try again. If async operation was complete we clear the state and let s2n_handle_retry_state
  * proceed to the next handler */
+#if defined(_MSC_VER)
+#define S2N_ASYNC_PKEY_GUARD(conn)                                         \
+    do {                                                                   \
+        POSIX_GUARD_PTR((conn));                                       \
+        switch ((conn)->handshake.async_state) {                             \
+            case S2N_ASYNC_NOT_INVOKED:                                    \
+                break;                                                     \
+                                                                           \
+            case S2N_ASYNC_INVOKED:                                        \
+                POSIX_BAIL(S2N_ERR_ASYNC_BLOCKED);                         \
+                                                                           \
+            case S2N_ASYNC_COMPLETE:                                       \
+                /* clean up state and return a success from handler */     \
+                (conn)->handshake.async_state = S2N_ASYNC_NOT_INVOKED; \
+                return S2N_SUCCESS;                                        \
+        }                                                                  \
+    } while (0)
+#else
 #define S2N_ASYNC_PKEY_GUARD(conn)                                         \
     do {                                                                   \
         __typeof(conn) __tmp_conn = (conn);                                \
@@ -48,6 +66,7 @@ struct s2n_async_pkey_op;
                 return S2N_SUCCESS;                                        \
         }                                                                  \
     } while (0)
+#endif
 
 /* Macros for safe exection of async sign/decrypt.
  *
diff --git a/tls/s2n_cbc.c b/tls/s2n_cbc.c
index 3f4754e431e..b2a8bf28d21 100644
--- a/tls/s2n_cbc.c
+++ b/tls/s2n_cbc.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_cipher_preferences.c b/tls/s2n_cipher_preferences.c
index d1d0dcb1572..ba1639ca5a3 100644
--- a/tls/s2n_cipher_preferences.c
+++ b/tls/s2n_cipher_preferences.c
@@ -16,7 +16,9 @@
 #include "tls/s2n_cipher_preferences.h"
 
 #include <stdint.h>
+#if !defined(_MSC_VER)
 #include <strings.h>
+#endif
 
 #include "api/s2n.h"
 #include "error/s2n_errno.h"
diff --git a/tls/s2n_client_hello.c b/tls/s2n_client_hello.c
index c45879b8bc1..2de59981293 100644
--- a/tls/s2n_client_hello.c
+++ b/tls/s2n_client_hello.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_client_key_exchange.c b/tls/s2n_client_key_exchange.c
index d316523db2d..ece19ecb5d0 100644
--- a/tls/s2n_client_key_exchange.c
+++ b/tls/s2n_client_key_exchange.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_config.c b/tls/s2n_config.c
index f9768c44143..2e69cf777ef 100644
--- a/tls/s2n_config.c
+++ b/tls/s2n_config.c
@@ -14,11 +14,15 @@
  */
 
 #ifndef _S2N_PRELUDE_INCLUDED
-    /* make sure s2n_prelude.h is includes as part of the compiler flags, if not then fail the build */
-    #error "Expected s2n_prelude.h to be included as part of the compiler flags"
+    #if !defined(_MSC_VER)
+        /* make sure s2n_prelude.h is includes as part of the compiler flags, if not then fail the build */
+        #error "Expected s2n_prelude.h to be included as part of the compiler flags"
+    #endif
 #endif
 
+#if !defined(_MSC_VER)
 #include <strings.h>
+#endif
 #include <time.h>
 
 #include "api/unstable/custom_x509_extensions.h"
@@ -38,14 +42,17 @@
 #include "utils/s2n_map.h"
 #include "utils/s2n_safety.h"
 
-#if defined(CLOCK_MONOTONIC_RAW)
+#if defined(_MSC_VER)
+    #define S2N_CLOCK_HW 0
+    #define S2N_CLOCK_SYS 0
+#elif defined(CLOCK_MONOTONIC_RAW)
     #define S2N_CLOCK_HW CLOCK_MONOTONIC_RAW
+    #define S2N_CLOCK_SYS CLOCK_REALTIME
 #else
     #define S2N_CLOCK_HW CLOCK_MONOTONIC
+    #define S2N_CLOCK_SYS CLOCK_REALTIME
 #endif
 
-#define S2N_CLOCK_SYS CLOCK_REALTIME
-
 int s2n_default_monotonic_clock(void *unused_data, uint64_t *nanoseconds)
 {
     struct timespec current_time = { 0 };
diff --git a/tls/s2n_connection.c b/tls/s2n_connection.c
index b69d2bbc492..22a64b52db4 100644
--- a/tls/s2n_connection.c
+++ b/tls/s2n_connection.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
@@ -19,9 +20,13 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
+#if !defined(_MSC_VER)
 #include <strings.h>
+#endif
 #include <time.h>
+#if !defined(_MSC_VER)
 #include <unistd.h>
+#endif
 
 #include "api/s2n.h"
 /* Required for s2n_connection_get_key_update_counts */
diff --git a/tls/s2n_early_data.c b/tls/s2n_early_data.c
index d049f56dbab..934e993e333 100644
--- a/tls/s2n_early_data.c
+++ b/tls/s2n_early_data.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_early_data_io.c b/tls/s2n_early_data_io.c
index c6a267a8625..8953a96fb25 100644
--- a/tls/s2n_early_data_io.c
+++ b/tls/s2n_early_data_io.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_ecc_preferences.h b/tls/s2n_ecc_preferences.h
index 6672c7fa2c0..19fb757a02a 100644
--- a/tls/s2n_ecc_preferences.h
+++ b/tls/s2n_ecc_preferences.h
@@ -16,7 +16,9 @@
 #pragma once
 
 #include <stdbool.h>
+#if !defined(_MSC_VER)
 #include <strings.h>
+#endif
 
 #include "api/s2n.h"
 #include "crypto/s2n_ecc_evp.h"
diff --git a/tls/s2n_fingerprint_ja4.c b/tls/s2n_fingerprint_ja4.c
index cc3b21e4c16..c7b5c8f01f2 100644
--- a/tls/s2n_fingerprint_ja4.c
+++ b/tls/s2n_fingerprint_ja4.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_handshake.c b/tls/s2n_handshake.c
index f959044378c..139e65bab88 100644
--- a/tls/s2n_handshake.c
+++ b/tls/s2n_handshake.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_handshake_io.c b/tls/s2n_handshake_io.c
index 1fa89db0df1..c29d7d32620 100644
--- a/tls/s2n_handshake_io.c
+++ b/tls/s2n_handshake_io.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_handshake_transcript.c b/tls/s2n_handshake_transcript.c
index 3a23ff85cef..7b44852aae1 100644
--- a/tls/s2n_handshake_transcript.c
+++ b/tls/s2n_handshake_transcript.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_ktls.h b/tls/s2n_ktls.h
index 2f4ef448747..e4658fa865c 100644
--- a/tls/s2n_ktls.h
+++ b/tls/s2n_ktls.h
@@ -54,7 +54,9 @@ int s2n_connection_ktls_enable_recv(struct s2n_connection *conn);
 
 #ifndef _WIN32
 
+#if !defined(_MSC_VER)
     #include <sys/socket.h>
+#endif
 
 /* These use POSIX socket types not available on Windows */
 S2N_RESULT s2n_ktls_sendmsg(void *io_context, uint8_t record_type, const struct iovec *msg_iov,
diff --git a/tls/s2n_ktls_io.c b/tls/s2n_ktls_io.c
index 2e2703c8eae..b5b45d74391 100644
--- a/tls/s2n_ktls_io.c
+++ b/tls/s2n_ktls_io.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
@@ -26,7 +27,9 @@
      */
         #undef _POSIX_C_SOURCE
     #endif
+#if !defined(_MSC_VER)
     #include <sys/socket.h>
+#endif
 
     #ifdef S2N_LINUX_SENDFILE
         #include <sys/sendfile.h>
diff --git a/tls/s2n_ocsp_stapling.c b/tls/s2n_ocsp_stapling.c
index e9059f5c047..82acf719d08 100644
--- a/tls/s2n_ocsp_stapling.c
+++ b/tls/s2n_ocsp_stapling.c
@@ -13,7 +13,9 @@
  * permissions and limitations under the License.
  */
 
+#if !defined(_MSC_VER)
 #include <strings.h>
+#endif
 
 #include "error/s2n_errno.h"
 #include "tls/extensions/s2n_cert_status.h"
diff --git a/tls/s2n_post_handshake.c b/tls/s2n_post_handshake.c
index 50ed44054dd..f783bddcffe 100644
--- a/tls/s2n_post_handshake.c
+++ b/tls/s2n_post_handshake.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_prf.c b/tls/s2n_prf.c
index 931ea39dbf7..f02b7183dca 100644
--- a/tls/s2n_prf.c
+++ b/tls/s2n_prf.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_psk.c b/tls/s2n_psk.c
index 25b66a2715f..e99d03bf8e1 100644
--- a/tls/s2n_psk.c
+++ b/tls/s2n_psk.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_quic_support.c b/tls/s2n_quic_support.c
index 5a34423b939..120561caf50 100644
--- a/tls/s2n_quic_support.c
+++ b/tls/s2n_quic_support.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_record_read.c b/tls/s2n_record_read.c
index 489ef57d64d..fa838480e31 100644
--- a/tls/s2n_record_read.c
+++ b/tls/s2n_record_read.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_record_read_stream.c b/tls/s2n_record_read_stream.c
index 927ab00fe7a..90a4aec9a3b 100644
--- a/tls/s2n_record_read_stream.c
+++ b/tls/s2n_record_read_stream.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_record_write.c b/tls/s2n_record_write.c
index b073929c2c4..958f144693b 100644
--- a/tls/s2n_record_write.c
+++ b/tls/s2n_record_write.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_recv.c b/tls/s2n_recv.c
index 55988ebf3ba..8b1940ac3d0 100644
--- a/tls/s2n_recv.c
+++ b/tls/s2n_recv.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
@@ -16,7 +17,9 @@
 /* Use usleep */
 #define _XOPEN_SOURCE 500
 #include <errno.h>
+#if !defined(_MSC_VER)
 #include <unistd.h>
+#endif
 
 #include "api/s2n.h"
 #include "error/s2n_errno.h"
diff --git a/tls/s2n_resume.c b/tls/s2n_resume.c
index f59527fd28d..c1be4c7fba6 100644
--- a/tls/s2n_resume.c
+++ b/tls/s2n_resume.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_send.c b/tls/s2n_send.c
index 27d1afc6a20..bfbdf5b5824 100644
--- a/tls/s2n_send.c
+++ b/tls/s2n_send.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_server_hello.c b/tls/s2n_server_hello.c
index 9b8bb8a2208..be45994cd82 100644
--- a/tls/s2n_server_hello.c
+++ b/tls/s2n_server_hello.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_server_new_session_ticket.c b/tls/s2n_server_new_session_ticket.c
index d61df50cb9a..e52a3b71c53 100644
--- a/tls/s2n_server_new_session_ticket.c
+++ b/tls/s2n_server_new_session_ticket.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_signature_scheme.h b/tls/s2n_signature_scheme.h
index fbeb7c00145..b6799e5010d 100644
--- a/tls/s2n_signature_scheme.h
+++ b/tls/s2n_signature_scheme.h
@@ -15,7 +15,9 @@
 
 #pragma once
 
+#if !defined(_MSC_VER)
 #include <strings.h>
+#endif
 
 #include "api/s2n.h"
 #include "crypto/s2n_ecc_evp.h"
diff --git a/tls/s2n_tls13.h b/tls/s2n_tls13.h
index d13fe3a355a..4d04445d268 100644
--- a/tls/s2n_tls13.h
+++ b/tls/s2n_tls13.h
@@ -23,12 +23,16 @@
 extern "C" {
 #endif
 
-#if S2N_GCC_VERSION_AT_LEAST(4, 5, 0)
+
+#if defined(_MSC_VER)
+S2N_API __declspec(deprecated) int s2n_enable_tls13();
+#elif S2N_GCC_VERSION_AT_LEAST(4, 5, 0)
 S2N_API __attribute__((deprecated("The use of TLS1.3 is configured through security policies"))) int s2n_enable_tls13();
 #else
 S2N_API __attribute__((deprecated)) int s2n_enable_tls13();
 #endif
 
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/tls/s2n_tls13_certificate_verify.c b/tls/s2n_tls13_certificate_verify.c
index 03fdb4daf0a..3d2a39c9113 100644
--- a/tls/s2n_tls13_certificate_verify.c
+++ b/tls/s2n_tls13_certificate_verify.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_tls13_handshake.c b/tls/s2n_tls13_handshake.c
index 91bb90a7253..351a7e0edb1 100644
--- a/tls/s2n_tls13_handshake.c
+++ b/tls/s2n_tls13_handshake.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_tls13_secrets.c b/tls/s2n_tls13_secrets.c
index f3272977ba7..3b11b1cbb47 100644
--- a/tls/s2n_tls13_secrets.c
+++ b/tls/s2n_tls13_secrets.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/tls/s2n_x509_validator.c b/tls/s2n_x509_validator.c
index 771ca31979d..e68c441b810 100644
--- a/tls/s2n_x509_validator.c
+++ b/tls/s2n_x509_validator.c
@@ -13,12 +13,21 @@
  * permissions and limitations under the License.
  */
 
+#if !defined(_MSC_VER)
 #include <arpa/inet.h>
+#else
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#endif
+#if !defined(_MSC_VER)
 #include <netinet/in.h>
+#endif
 #include <openssl/asn1.h>
 #include <openssl/err.h>
 #include <openssl/x509.h>
+#if !defined(_MSC_VER)
 #include <sys/socket.h>
+#endif
 
 #include "crypto/s2n_libcrypto.h"
 #include "crypto/s2n_openssl_x509.h"
diff --git a/utils/s2n_array.c b/utils/s2n_array.c
index dd2d9e94613..57dc38e2637 100644
--- a/utils/s2n_array.c
+++ b/utils/s2n_array.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/utils/s2n_blob.c b/utils/s2n_blob.c
index 79704c6f846..6b5e9b8e433 100644
--- a/utils/s2n_blob.c
+++ b/utils/s2n_blob.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
diff --git a/utils/s2n_compiler.h b/utils/s2n_compiler.h
index 1b5a1309971..ac3314889dd 100644
--- a/utils/s2n_compiler.h
+++ b/utils/s2n_compiler.h
@@ -15,7 +15,20 @@
 
 #pragma once
 
+
+#if defined(_MSC_VER)
+#define S2N_GCC_VERSION 0
+#define S2N_GCC_VERSION_AT_LEAST(major, minor, patch_level) 0
+#else
 #define S2N_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
 
 #define S2N_GCC_VERSION_AT_LEAST(major, minor, patch_level) \
     ((S2N_GCC_VERSION) >= ((major) * 10000 + (minor) * 100 + (patch_level)))
+#endif
+
+
+#if defined(_MSC_VER)
+#ifndef __builtin_expect
+#define __builtin_expect(x, y) (x)
+#endif
+#endif
diff --git a/utils/s2n_ensure.h b/utils/s2n_ensure.h
index b7247eadf78..9595e71dfe1 100644
--- a/utils/s2n_ensure.h
+++ b/utils/s2n_ensure.h
@@ -60,6 +60,24 @@
     #define __S2N_ENSURE_POSTCONDITION(result) (s2n_likely(s2n_result_is_ok(result)) ? S2N_RESULT_OK : S2N_RESULT_ERROR)
 #endif
 
+#if defined(_MSC_VER)
+#define __S2N_ENSURE_SAFE_MEMMOVE(d, s, n, guard)                    \
+    do {                                                             \
+        if (s2n_likely((n))) {                                   \
+            void *r = s2n_ensure_memmove_trace((d), (s), (n));       \
+            guard(r);                                                \
+        }                                                            \
+    } while (0)
+#else
+#if defined(_MSC_VER)
+#define __S2N_ENSURE_SAFE_MEMMOVE(d, s, n, guard)                    \
+    do {                                                             \
+        if (s2n_likely((n))) {                                   \
+            void *r = s2n_ensure_memmove_trace((d), (s), (n));       \
+            guard(r);                                                \
+        }                                                            \
+    } while (0)
+#else
 #define __S2N_ENSURE_SAFE_MEMMOVE(d, s, n, guard)                    \
     do {                                                             \
         __typeof(n) __tmp_n = (n);                                   \
@@ -68,7 +86,27 @@
             guard(r);                                                \
         }                                                            \
     } while (0)
+#endif
+#endif
 
+#if defined(_MSC_VER)
+#define __S2N_ENSURE_SAFE_MEMSET(d, c, n, guard) \
+    do {                                         \
+        if (s2n_likely((n))) {                   \
+            guard((d));                          \
+            memset((d), (c), (n));               \
+        }                                        \
+    } while (0)
+#else
+#if defined(_MSC_VER)
+#define __S2N_ENSURE_SAFE_MEMSET(d, c, n, guard) \
+    do {                                         \
+        if (s2n_likely((n))) {                   \
+            guard((d));                          \
+            memset((d), (c), (n));               \
+        }                                        \
+    } while (0)
+#else
 #define __S2N_ENSURE_SAFE_MEMSET(d, c, n, guard) \
     do {                                         \
         __typeof(n) __tmp_n = (n);               \
@@ -78,6 +116,8 @@
             memset(__tmp_d, (c), __tmp_n);       \
         }                                        \
     } while (0)
+#endif
+#endif
 
 #if defined(S2N_DIAGNOSTICS_PUSH_SUPPORTED) && defined(S2N_DIAGNOSTICS_POP_SUPPORTED)
     #define __S2N_ENSURE_CHECKED_RETURN(v)                                     \
diff --git a/utils/s2n_init.c b/utils/s2n_init.c
index d805d5eeb6d..504fd04f2a2 100644
--- a/utils/s2n_init.c
+++ b/utils/s2n_init.c
@@ -15,7 +15,11 @@
 
 #include "utils/s2n_init.h"
 
+#if !defined(_MSC_VER)
 #include <pthread.h>
+#else
+#include <windows.h>
+#endif
 
 #include "api/unstable/cleanup.h"
 #include "crypto/s2n_fips.h"
@@ -35,7 +39,11 @@
 
 static void s2n_cleanup_atexit(void);
 
+#if !defined(_MSC_VER)
 static pthread_t main_thread = 0;
+#else
+static DWORD main_thread_id = 0;
+#endif
 static bool initialized = false;
 static bool atexit_cleanup = false;
 int s2n_disable_atexit(void)
@@ -59,7 +67,11 @@ int s2n_init(void)
      */
     POSIX_ENSURE(!initialized, S2N_ERR_INITIALIZED);
 
+    #if !defined(_MSC_VER)
     main_thread = pthread_self();
+#else
+    main_thread_id = GetCurrentThreadId();
+#endif
 
     if (getenv("S2N_INTEG_TEST")) {
         POSIX_GUARD(s2n_in_integ_test_set(true));
diff --git a/utils/s2n_mem.c b/utils/s2n_mem.c
index 8ac175b0964..e092bf092bf 100644
--- a/utils/s2n_mem.c
+++ b/utils/s2n_mem.c
@@ -1,3 +1,4 @@
+#include "utils/s2n_prelude.h"
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
@@ -24,8 +25,10 @@
 #ifndef _WIN32
     #include <sys/mman.h>
     #include <sys/param.h>
+#if !defined(_MSC_VER)
     #include <unistd.h>
 #endif
+#endif
 
 #include "error/s2n_errno.h"
 #include "utils/s2n_blob.h"
diff --git a/utils/s2n_prelude.h b/utils/s2n_prelude.h
index b508beb5d86..1a7d53bc44a 100644
--- a/utils/s2n_prelude.h
+++ b/utils/s2n_prelude.h
@@ -35,13 +35,18 @@
     #define _FORTIFY_SOURCE 2
 #endif
 
+#ifndef S2N_API
 #if ((__GNUC__ >= 4) || defined(__clang__)) && defined(S2N_EXPORTS)
-    /**
-     * Marks a function as belonging to the public s2n API.
-     *
-     * See: https://gcc.gnu.org/wiki/Visibility
-     */
     #define S2N_API __attribute__((visibility("default")))
+#elif defined(_MSC_VER)
+    #if defined(S2N_EXPORTS)
+        #define S2N_API __declspec(dllexport)
+    #else
+        #define S2N_API __declspec(dllimport)
+    #endif
+#else
+    #define S2N_API
+#endif
 #endif
 
 /* These replace the use of MIN/MAX from <sys/param.h>, which is not available on Windows. */
diff --git a/utils/s2n_random.c b/utils/s2n_random.c
index 4679e63040a..e9192403573 100644
--- a/utils/s2n_random.c
+++ b/utils/s2n_random.c
@@ -1,3 +1,25 @@
+#include "utils/s2n_prelude.h"
+#if defined(_MSC_VER)
+#pragma comment(lib, "bcrypt.lib")
+#include <windows.h>
+#include <bcrypt.h>
+#include "error/s2n_errno.h"
+#include "utils/s2n_random.h"
+#include "utils/s2n_safety.h"
+
+static int s2n_rand_get_entropy_from_urandom(void *ptr, uint32_t size)
+{
+    POSIX_ENSURE_REF(ptr);
+    if (!BCRYPT_SUCCESS(BCryptGenRandom(NULL, (PUCHAR)ptr, size, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
+        POSIX_BAIL(S2N_ERR_RANDOM_UNINITIALIZED);
+    }
+    return S2N_SUCCESS;
+}
+
+static int s2n_rand_init_cb_impl(void) { return S2N_SUCCESS; }
+static int s2n_rand_cleanup_cb_impl(void) { return S2N_SUCCESS; }
+
+#else
 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  *
@@ -56,7 +78,9 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <time.h>
+#if !defined(_MSC_VER)
 #include <unistd.h>
+#endif
 
 #include "api/s2n.h"
 #include "crypto/s2n_fips.h"
@@ -388,3 +412,5 @@ int s2n_rand_set_callbacks(s2n_rand_init_callback rand_init_callback,
     (void) rand_mix_callback;
     return S2N_SUCCESS;
 }
+
+#endif
\ No newline at end of file
diff --git a/utils/s2n_random.h b/utils/s2n_random.h
index 2efa741249d..eece58b40a2 100644
--- a/utils/s2n_random.h
+++ b/utils/s2n_random.h
@@ -18,6 +18,7 @@
 #include "utils/s2n_blob.h"
 #include "utils/s2n_result.h"
 
+#if !defined(_MSC_VER)
 struct s2n_rand_device {
     const char *source;
     int fd;
@@ -26,6 +27,7 @@ struct s2n_rand_device {
     mode_t mode;
     dev_t rdev;
 };
+#endif
 
 S2N_RESULT s2n_rand_init(void);
 S2N_RESULT s2n_rand_cleanup(void);
diff --git a/utils/s2n_rfc5952.c b/utils/s2n_rfc5952.c
index 5ed078a51dc..6a5fad9bcbe 100644
--- a/utils/s2n_rfc5952.c
+++ b/utils/s2n_rfc5952.c
@@ -15,8 +15,16 @@
 
 #include "utils/s2n_rfc5952.h"
 
+#if defined(_MSC_VER)
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#endif
+
+
 #include <stdio.h>
+#if !defined(_MSC_VER)
 #include <sys/socket.h>
+#endif
 #include <sys/types.h>
 
 #include "error/s2n_errno.h"
diff --git a/utils/s2n_safety.h b/utils/s2n_safety.h
index 7a6c3af0e27..6ae5e8b1e29 100644
--- a/utils/s2n_safety.h
+++ b/utils/s2n_safety.h
@@ -58,8 +58,12 @@ int s2n_constant_time_pkcs1_unpad_or_dont(uint8_t* dst, const uint8_t* src, uint
 /**
  * Runs _thecleanup function on _thealloc once _thealloc went out of scope
  */
+#if defined(_MSC_VER)
+#define DEFER_CLEANUP(_thealloc, _thecleanup) _thealloc
+#else
 #define DEFER_CLEANUP(_thealloc, _thecleanup) \
     __attribute__((cleanup(_thecleanup))) _thealloc
+#endif
 /**
  * Often we want to free memory on an error, but not on a success.
  * We do this by declaring a variable with DEFER_CLEANUP, then zeroing
diff --git a/utils/s2n_safety_macros.h b/utils/s2n_safety_macros.h
index e3896e8c360..d628dd6714a 100644
--- a/utils/s2n_safety_macros.h
+++ b/utils/s2n_safety_macros.h
@@ -95,6 +95,13 @@
 /**
  * Ensures `min <= n <= max`, otherwise the function will `RESULT_BAIL` with `S2N_ERR_SAFETY`
  */
+#if defined(_MSC_VER)
+#define RESULT_ENSURE_INCLUSIVE_RANGE(min, n, max)              \
+        do { \
+            RESULT_ENSURE_GTE((n), (min)); \
+            RESULT_ENSURE_LTE((n), (max)); \
+        } while(0)
+#else
 #define RESULT_ENSURE_INCLUSIVE_RANGE(min, n, max)              \
         do { \
             __typeof(n) __tmp_n = ( n ); \
@@ -103,10 +110,18 @@
             RESULT_ENSURE_GTE(__tmp_n, __tmp_min); \
             RESULT_ENSURE_LTE(__tmp_n, __tmp_max); \
         } while(0)
+#endif
 
 /**
  * Ensures `min < n < max`, otherwise the function will `RESULT_BAIL` with `S2N_ERR_SAFETY`
  */
+#if defined(_MSC_VER)
+#define RESULT_ENSURE_EXCLUSIVE_RANGE(min, n, max)              \
+        do { \
+            RESULT_ENSURE_GT((n), (min)); \
+            RESULT_ENSURE_LT((n), (max)); \
+        } while(0)
+#else
 #define RESULT_ENSURE_EXCLUSIVE_RANGE(min, n, max)              \
         do { \
             __typeof(n) __tmp_n = ( n ); \
@@ -115,6 +130,7 @@
             RESULT_ENSURE_GT(__tmp_n, __tmp_min); \
             RESULT_ENSURE_LT(__tmp_n, __tmp_max); \
         } while(0)
+#endif
 
 /**
  * Ensures `x` is a readable reference, otherwise the function will `RESULT_BAIL` with `S2N_ERR_NULL`
@@ -279,6 +295,13 @@
  *
  * Ensures `min <= n <= max`, otherwise the function will `POSIX_BAIL` with `S2N_ERR_SAFETY`
  */
+#if defined(_MSC_VER)
+#define POSIX_ENSURE_INCLUSIVE_RANGE(min, n, max)              \
+        do { \
+            POSIX_ENSURE_GTE((n), (min)); \
+            POSIX_ENSURE_LTE((n), (max)); \
+        } while(0)
+#else
 #define POSIX_ENSURE_INCLUSIVE_RANGE(min, n, max)              \
         do { \
             __typeof(n) __tmp_n = ( n ); \
@@ -287,12 +310,20 @@
             POSIX_ENSURE_GTE(__tmp_n, __tmp_min); \
             POSIX_ENSURE_LTE(__tmp_n, __tmp_max); \
         } while(0)
+#endif
 
 /**
  * DEPRECATED: all methods (except those in s2n.h) should return s2n_result.
  *
  * Ensures `min < n < max`, otherwise the function will `POSIX_BAIL` with `S2N_ERR_SAFETY`
  */
+#if defined(_MSC_VER)
+#define POSIX_ENSURE_EXCLUSIVE_RANGE(min, n, max)              \
+        do { \
+            POSIX_ENSURE_GT((n), (min)); \
+            POSIX_ENSURE_LT((n), (max)); \
+        } while(0)
+#else
 #define POSIX_ENSURE_EXCLUSIVE_RANGE(min, n, max)              \
         do { \
             __typeof(n) __tmp_n = ( n ); \
@@ -301,6 +332,7 @@
             POSIX_ENSURE_GT(__tmp_n, __tmp_min); \
             POSIX_ENSURE_LT(__tmp_n, __tmp_max); \
         } while(0)
+#endif
 
 /**
  * DEPRECATED: all methods (except those in s2n.h) should return s2n_result.
@@ -485,6 +517,13 @@
  *
  * Ensures `min <= n <= max`, otherwise the function will `PTR_BAIL` with `S2N_ERR_SAFETY`
  */
+#if defined(_MSC_VER)
+#define PTR_ENSURE_INCLUSIVE_RANGE(min, n, max)                \
+        do { \
+            PTR_ENSURE_GTE((n), (min)); \
+            PTR_ENSURE_LTE((n), (max)); \
+        } while(0)
+#else
 #define PTR_ENSURE_INCLUSIVE_RANGE(min, n, max)                \
         do { \
             __typeof(n) __tmp_n = ( n ); \
@@ -493,12 +532,20 @@
             PTR_ENSURE_GTE(__tmp_n, __tmp_min); \
             PTR_ENSURE_LTE(__tmp_n, __tmp_max); \
         } while(0)
+#endif
 
 /**
  * DEPRECATED: all methods (except those in s2n.h) should return s2n_result.
  *
  * Ensures `min < n < max`, otherwise the function will `PTR_BAIL` with `S2N_ERR_SAFETY`
  */
+#if defined(_MSC_VER)
+#define PTR_ENSURE_EXCLUSIVE_RANGE(min, n, max)                \
+        do { \
+            PTR_ENSURE_GT((n), (min)); \
+            PTR_ENSURE_LT((n), (max)); \
+        } while(0)
+#else
 #define PTR_ENSURE_EXCLUSIVE_RANGE(min, n, max)                \
         do { \
             __typeof(n) __tmp_n = ( n ); \
@@ -507,6 +554,7 @@
             PTR_ENSURE_GT(__tmp_n, __tmp_min); \
             PTR_ENSURE_LT(__tmp_n, __tmp_max); \
         } while(0)
+#endif
 
 /**
  * DEPRECATED: all methods (except those in s2n.h) should return s2n_result.
diff --git a/utils/s2n_socket.c b/utils/s2n_socket.c
index bef336e3b4c..b6f942d76ce 100644
--- a/utils/s2n_socket.c
+++ b/utils/s2n_socket.c
@@ -15,10 +15,24 @@
 
 #include "utils/s2n_socket.h"
 
+#if defined(_MSC_VER)
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#endif
+
+
+#if !defined(_MSC_VER)
 #include <netinet/in.h>
+#endif
+#if !defined(_MSC_VER)
 #include <netinet/tcp.h>
+#endif
+#if !defined(_MSC_VER)
 #include <sys/socket.h>
+#endif
+#if !defined(_MSC_VER)
 #include <unistd.h>
+#endif
 
 #include "tls/s2n_connection.h"
 #include "utils/s2n_safety.h"
@@ -188,7 +202,18 @@ int s2n_socket_read(void *io_context, uint8_t *buf, uint32_t len)
 
     /* On success, the number of bytes read is returned. On failure, -1 is
      * returned and errno is set appropriately. */
+    #if defined(_MSC_VER)
+    ssize_t result = recv(rfd, (char *)buf, (int)len, 0);
+    if (result < 0) {
+        int wsa_err = WSAGetLastError();
+        if (wsa_err == WSAEWOULDBLOCK) { errno = EWOULDBLOCK; }
+        else if (wsa_err == WSAECONNRESET) { errno = ECONNRESET; }
+        else if (wsa_err == WSAEINTR) { errno = EINTR; }
+        else { errno = EIO; }
+    }
+#else
     ssize_t result = read(rfd, buf, len);
+#endif
     POSIX_ENSURE_INCLUSIVE_RANGE(INT_MIN, result, INT_MAX);
     return result;
 }
@@ -205,7 +230,18 @@ int s2n_socket_write(void *io_context, const uint8_t *buf, uint32_t len)
 
     /* On success, the number of bytes written is returned. On failure, -1 is
      * returned and errno is set appropriately. */
+    #if defined(_MSC_VER)
+    ssize_t result = send(wfd, (const char *)buf, (int)len, 0);
+    if (result < 0) {
+        int wsa_err = WSAGetLastError();
+        if (wsa_err == WSAEWOULDBLOCK) { errno = EWOULDBLOCK; }
+        else if (wsa_err == WSAECONNRESET) { errno = ECONNRESET; }
+        else if (wsa_err == WSAEINTR) { errno = EINTR; }
+        else { errno = EIO; }
+    }
+#else
     ssize_t result = write(wfd, buf, len);
+#endif
     POSIX_ENSURE_INCLUSIVE_RANGE(INT_MIN, result, INT_MAX);
     return result;
 }
diff --git a/vcpkg.json b/vcpkg.json
new file mode 100644
index 00000000000..b936450c0e5
--- /dev/null
+++ b/vcpkg.json
@@ -0,0 +1,9 @@
+{
+  "name": "s2n-tls",
+  "version-string": "0.11.7",
+  "dependencies": [
+    "openssl",
+    "pthreads"
+  ],
+  "builtin-baseline": "9b965a116838c6cdcd36bca60d1b81b030c8ab8d"
+}
diff --git a/win_shim/mmap-windows.c b/win_shim/mmap-windows.c
new file mode 100644
index 00000000000..a1684a1388b
--- /dev/null
+++ b/win_shim/mmap-windows.c
@@ -0,0 +1,78 @@
+/* mmap() replacement for Windows
+ *
+ * Author: Mike Frysinger <vapier@gentoo.org>
+ * Placed into the public domain
+ */
+
+/* References:
+ * CreateFileMapping: http://msdn.microsoft.com/en-us/library/aa366537(VS.85).aspx
+ * CloseHandle:       http://msdn.microsoft.com/en-us/library/ms724211(VS.85).aspx
+ * MapViewOfFile:     http://msdn.microsoft.com/en-us/library/aa366761(VS.85).aspx
+ * UnmapViewOfFile:   http://msdn.microsoft.com/en-us/library/aa366882(VS.85).aspx
+ */
+
+#include <io.h>
+#include <windows.h>
+#include <sys/types.h>
+
+#include "win_shim.h"
+
+void *mmap(void *start, size_t length, int prot, int flags, int fd, size_t offset)
+{
+	if (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC))
+		return MAP_FAILED;
+	if (fd == -1) {
+		if (!(flags & MAP_ANON) || offset)
+			return MAP_FAILED;
+	} else if (flags & MAP_ANON)
+		return MAP_FAILED;
+
+	DWORD flProtect;
+	if (prot & PROT_WRITE) {
+		if (prot & PROT_EXEC)
+			flProtect = PAGE_EXECUTE_READWRITE;
+		else
+			flProtect = PAGE_READWRITE;
+	} else if (prot & PROT_EXEC) {
+		if (prot & PROT_READ)
+			flProtect = PAGE_EXECUTE_READ;
+		else if (prot & PROT_EXEC)
+			flProtect = PAGE_EXECUTE;
+	} else
+		flProtect = PAGE_READONLY;
+
+	off_t end = (off_t)length + offset;
+	HANDLE mmap_fd, h;
+	if (fd == -1)
+		mmap_fd = INVALID_HANDLE_VALUE;
+	else
+		mmap_fd = (HANDLE)_get_osfhandle(fd);
+	h = CreateFileMapping(mmap_fd, NULL, flProtect, DWORD_HI(end), DWORD_LO(end), NULL);
+	if (h == NULL)
+		return MAP_FAILED;
+
+	DWORD dwDesiredAccess;
+	if (prot & PROT_WRITE)
+		dwDesiredAccess = FILE_MAP_WRITE;
+	else
+		dwDesiredAccess = FILE_MAP_READ;
+	if (prot & PROT_EXEC)
+		dwDesiredAccess |= FILE_MAP_EXECUTE;
+	if (flags & MAP_PRIVATE)
+		dwDesiredAccess |= FILE_MAP_COPY;
+	void *ret = MapViewOfFile(h, dwDesiredAccess, DWORD_HI(offset), DWORD_LO(offset), length);
+	if (ret == NULL) {
+		CloseHandle(h);
+		ret = MAP_FAILED;
+	}
+	return ret;
+}
+
+void munmap(void *addr, size_t length)
+{
+	UnmapViewOfFile(addr);
+	/* ruh-ro, we leaked handle from CreateFileMapping() ... */
+}
+
+#undef DWORD_HI
+#undef DWORD_LO
diff --git a/win_shim/win_shim.h b/win_shim/win_shim.h
new file mode 100644
index 00000000000..bac42a28261
--- /dev/null
+++ b/win_shim/win_shim.h
@@ -0,0 +1,87 @@
+#ifndef S2N_WIN_SHIM_H
+#define S2N_WIN_SHIM_H
+
+#ifdef WIN32
+
+#include <CRTDEFS.H>
+
+#include <BaseTsd.h>
+#include <sys/types.h>
+typedef SSIZE_T ssize_t;
+
+#ifndef SSIZE_MAX
+#ifdef _WIN64
+#define SSIZE_MAX _I64_MAX
+#else
+#define SSIZE_MAX LONG_MAX
+#endif
+#endif
+
+
+#ifndef __thread
+#define __thread __declspec(thread)
+#endif
+
+
+struct iovec {
+    size_t iov_len;
+    void *iov_base;
+};
+
+#ifndef MIN
+#define MIN(a, b)  (((a) < (b)) ? (a) : (b))
+#endif /* !MIN */
+
+#ifndef MAX
+#define MAX(a, b)  (((a) > (b)) ? (a) : (b))
+#endif /* !MAX */
+
+/* <mmap-windows> */
+
+#define PROT_READ     0x1
+#define PROT_WRITE    0x2
+/* This flag is only available in WinXP+ */
+#ifdef FILE_MAP_EXECUTE
+    #define PROT_EXEC     0x4
+#else
+    #define PROT_EXEC        0x0
+    #define FILE_MAP_EXECUTE 0
+#endif
+
+#define MAP_SHARED    0x01
+#define MAP_PRIVATE   0x02
+#define MAP_ANONYMOUS 0x20
+#define MAP_ANON      MAP_ANONYMOUS
+#define MAP_FAILED    ((void *) -1)
+
+#ifdef __USE_FILE_OFFSET64
+    # define DWORD_HI(x) (x >> 32)
+    # define DWORD_LO(x) ((x) & 0xffffffff)
+#else
+    # define DWORD_HI(x) (0)
+    # define DWORD_LO(x) (x)
+#endif
+
+void *mmap(void *, size_t, int, int, int, size_t);
+void munmap(void *, size_t);
+
+/* </mmap-windows> */
+
+
+
+#ifndef strncasecmp
+#define strncasecmp _strnicmp
+#endif
+
+#ifndef __builtin_expect
+#define __builtin_expect(x, y) (x)
+#endif
+
+#ifndef strcasecmp
+#define strcasecmp _stricmp
+#endif
+
+#endif /* WIN32 */
+
+#endif  /* !S2N_WIN_SHIM_H */
+