Zeroize memory in SHA3 implementation (#2171 )

* Add OQS_MEM_aligned_secure_free convenience fn Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com> * Rewrite SHA3 aligned frees to zeroize Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com> --------- Signed-off-by: Aiden Fox Ivey <aiden@aidenfoxivey.com>
Add AVX512VL-Optimized SHA3/SHAKE Implementations (#2167 )
2025-06-23 00:01:22 -04:00 · 2025-06-20 14:12:12 -04:00 · 2025-06-20 13:37:32 -04:00 · 2025-06-19 14:45:44 -04:00 · 2025-06-18 11:38:44 -04:00 · 2025-06-16 10:50:07 -04:00
4941 changed files with 888220 additions and 39420 deletions
--- a/.CMake/alg_support.cmake
+++ b/.CMake/alg_support.cmake
--- a/.CMake/cmake_uninstall.cmake.in
+++ b/.CMake/cmake_uninstall.cmake.in
@ -0,0 +1,24 @@
 # As per https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#can-i-do-make-uninstall-with-cmake
 if(NOT EXISTS "@CMAKE_BINARY_DIR@/install_manifest.txt")
  message(FATAL_ERROR "Cannot find install manifest: @CMAKE_BINARY_DIR@/install_manifest.txt")
 endif()
 file(READ "@CMAKE_BINARY_DIR@/install_manifest.txt" files)
 string(REGEX REPLACE "\n" ";" files "${files}")
 foreach(file ${files})
  message(STATUS "Uninstalling $ENV{DESTDIR}${file}")
  if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
    exec_program(
      "@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\""
      OUTPUT_VARIABLE rm_out
      RETURN_VALUE rm_retval
      )
    if(NOT "${rm_retval}" STREQUAL 0)
      message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}")
    endif()
  else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
    message(STATUS "File $ENV{DESTDIR}${file} does not exist.")
  endif()
 endforeach()
--- a/.CMake/compiler_opts.cmake
+++ b/.CMake/compiler_opts.cmake
@ -85,7 +85,7 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang|GNU")
    add_compile_options(${OQS_OPT_FLAG})
    # If this is not a dist build we also need to set the OQS_USE_[EXTENSION] flags
-    if(NOT ${OQS_DIST_BUILD})
+    if(NOT ${OQS_DIST_BUILD} AND NOT CMAKE_CROSSCOMPILING)
        include(${CMAKE_CURRENT_LIST_DIR}/gcc_clang_intrinsics.cmake)
    endif()
 endif()
@ -104,22 +104,26 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang")
        add_link_options("-Wl,-z,noexecstack")
    endif()
    if(NOT ${OQS_BUILD_ONLY_LIB})
    set(THREADS_PREFER_PTHREAD_FLAG ON)
-        find_package(Threads REQUIRED)
+    find_package(Threads)
-        set(OQS_USE_PTHREADS_IN_TESTS 1)
+    if (CMAKE_USE_PTHREADS_INIT AND NOT OQS_EMBEDDED_BUILD)
        set(OQS_USE_PTHREADS ON)
    endif()
    if(${OQS_DEBUG_BUILD})
        add_compile_options(-g3)
        add_compile_options(-fno-omit-frame-pointer)
 	if(${USE_COVERAGE})
            add_compile_options(-coverage)
            add_link_options(-coverage)
 	endif()
        if(USE_SANITIZER STREQUAL "Address")
            add_compile_options(-fno-optimize-sibling-calls)
            add_compile_options(-fsanitize-address-use-after-scope)
            add_compile_options(-fsanitize=address)
            set(SANITIZER_LD_FLAGS "-fsanitize=address")
        elseif(USE_SANITIZER STREQUAL "Memory")
-            add_compile_options(-fsanitize=address)
+            add_compile_options(-fsanitize=memory)
            set(SANITIZER_LD_FLAGS "-fsanitize=memory")
        elseif(USE_SANITIZER STREQUAL "MemoryWithOrigins")
            add_compile_options(-fsanitize=memory)
@ -166,15 +170,19 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
        endif()
    endif()
    if(NOT ${OQS_BUILD_ONLY_LIB})
    set(THREADS_PREFER_PTHREAD_FLAG ON)
-        find_package(Threads REQUIRED)
+    find_package(Threads)
-        set(OQS_USE_PTHREADS_IN_TESTS 1)
+    if (CMAKE_USE_PTHREADS_INIT AND NOT OQS_EMBEDDED_BUILD)
        set(OQS_USE_PTHREADS ON)
    endif()
    if(${OQS_DEBUG_BUILD})
        add_compile_options (-Wstrict-overflow)
        add_compile_options(-ggdb3)
 	if(${USE_COVERAGE})
            add_compile_options(-coverage)
            add_link_options(-coverage)
 	endif()
    else()
        add_compile_options(-O3)
        add_compile_options(-fomit-frame-pointer)
@ -206,11 +214,15 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "MSVC")
 endif()
 if(MINGW OR MSYS OR CYGWIN)
    set(OQS_USE_PTHREADS OFF)
    # Apply -Wno-maybe-uninitialized only for GCC
    if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
        add_compile_options(-Wno-maybe-uninitialized)
    endif()
    if(CMAKE_VERSION VERSION_GREATER_EQUAL "3.13.0")
        add_link_options(-Wl,--stack,16777216)
    else()
-        set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--stack,1677216")
+        set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--stack,16777216")
    endif()
 endif()
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -1,399 +0,0 @@
 version: 2.1
 require_stylecheck: &require_stylecheck
  requires:
    - stylecheck
 require_buildcheck: &require_buildcheck
  requires:
    - stylecheck
    - buildcheck
 require_testapproval: &require_testapproval
  requires:
    - stylecheck
    - buildcheck
    - testapproval
 # CircleCI doesn't handle large file sets properly for local builds
 # https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051
 localCheckout: &localCheckout
  run: |-
    PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd)
    mkdir -p ${PROJECT_PATH}
    git config --global --add safe.directory /tmp/_circleci_local_build_repo
    cd /tmp/_circleci_local_build_repo
    git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH}
    cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH}
 jobs:
  stylecheck:
    description: Validate formatting of code and documentation
    docker:
      - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest
 # Re-enable iff docker enforces rate limitations without auth:
 #        auth:
 #          username: $DOCKER_LOGIN
 #          password: $DOCKER_PASSWORD
    steps:
      - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
      - run:
          name: Ensure code conventions are upheld
          command: python3 -m pytest --verbose tests/test_code_conventions.py
      - run:
          name: Check that doxygen can parse the documentation
          command: mkdir -p build/docs && ./scripts/run_doxygen.sh doxygen docs/.Doxyfile build/docs
  buildcheck:
    description: Test that we can build a single KEM/Signature pair as part of a minimal build.
    parameters:
      CONTAINER:
        description: "The docker container to use."
        type: string
      CMAKE_ARGS:
        description: "Arguments to pass to CMake."
        type: string
        default: ''
      KEM_NAME:
        description: "The KEM to build."
        type: string
      SIG_NAME:
        description: "The signature scheme to build."
        type: string
    docker:
      - image: << parameters.CONTAINER >>
    steps:
      - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
      - run:
          name: Configure
          command: |2
            mkdir build && cd build && source ~/.bashrc && \
            cmake .. --warn-uninitialized \
                     -GNinja << parameters.CMAKE_ARGS >> \
                     -DOQS_MINIMAL_BUILD="KEM_<< parameters.KEM_NAME >>;SIG_<< parameters.SIG_NAME >>" \
                     > config.log 2>&1 && \
            cat config.log && \
            cmake -LA .. && ! (grep "uninitialized variable" config.log)
      - run:
          name: Build
          command: ninja
          working_directory: build
  linux_oqs:
    description: A template for running liboqs tests on Linux Docker VMs
    parameters:
      CONTAINER:
        description: "The docker container to use."
        type: string
      CMAKE_ARGS:
        description: "Arguments to pass to CMake."
        type: string
        default: ''
      PYTEST_ARGS:
        description: "Arguments to pass to pytest."
        type: string
        # Not every executor handles --numprocesses=auto being passed to pytest well
        # See https://github.com/open-quantum-safe/liboqs/issues/738#issuecomment-621394744
        default: --numprocesses=auto
      SKIP_ALGS:
        description: "Algorithms not to test in test_constant_time."
        type: string
        default: ''
    docker:
      - image: << parameters.CONTAINER >>
 # Re-enable iff docker enforces rate limitations without auth:
 #        auth:
 #          username: $DOCKER_LOGIN
 #          password: $DOCKER_PASSWORD
    steps:
      - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
      - run:
          name: Configure
          command: mkdir build && cd build && source ~/.bashrc && cmake -GNinja << parameters.CMAKE_ARGS >> .. && cmake -LA ..
      - run:
          name: Build
          command: ninja
          working_directory: build
      - run:
          name: Run tests
          no_output_timeout: 1h
          command: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_speed.py --ignore=tests/test_code_conventions.py --junitxml=build/test-results/pytest/test-results.xml << parameters.PYTEST_ARGS >>
          environment:
             SKIP_ALGS: << parameters.SKIP_ALGS >>
      - store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour
          path: build/test-results
      - store_artifacts:
          path: build/test-results
  scan_build:
    description: Executing scan-build test
    parameters:
      CONTAINER:
        description: "The docker container to use."
        type: string
    docker:
      - image: << parameters.CONTAINER >>
    steps:
      - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
      - run:
          name: Configure
          command: mkdir build && cd build && pwd && source ~/.bashrc && scan-build-15 cmake -GNinja ..
      - run:
          name: Build
          command: scan-build-15 --status-bugs ninja
          working_directory: build
  arm_machine:
    description: A template for running liboqs tests on ARM(presently only 64) machines
    parameters:
      CMAKE_ARGS:
        description: "Arguments to pass to CMake."
        type: string
        default: ''
      PYTEST_ARGS:
        description: "Arguments to pass to pytest."
        type: string
        # Not every executor handles --numprocesses=auto being passed to pytest well
        # See https://github.com/open-quantum-safe/liboqs/issues/738#issuecomment-621394744
        default: --numprocesses=auto
    machine:
      image: ubuntu-2004:202101-01
    resource_class: arm.medium
    steps:
      - checkout
      # It seems the machine doesn't contain all preprequisites, and we don't have permission to add them explicitly, 
      # so we can only run in a prepared ARM64 CI image
      - run:
          name: Build and run tests in docker 
          no_output_timeout: 1h
          command: |2
            docker run -it -e CMAKE_ARGS="<< parameters.CMAKE_ARGS >>" \
                           -e PYTEST_ARGS="<< parameters.PYTEST_ARGS >>" \
                           -v `pwd`:/root/project \
                           openquantumsafe/ci-ubuntu-focal-arm64:latest bash \
                           -c "cd /root/project && \
                               uname -a && \
                               mkdir build && cd build && source ~/.bashrc && \
                               cmake -GNinja -DOQS_STRICT_WARNINGS=ON $CMAKE_ARGS .. && cmake -LA .. && ninja && \
                               cd .. && mkdir -p tmp && \
                               python3 -m pytest --verbose \
                                                 --ignore=tests/test_code_conventions.py \
                                                 --junitxml=build/test-results/pytest/test-results.xml $PYTEST_ARGS"
      - store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour
          path: build/test-results
      - store_artifacts:
          path: build/test-results
  macOS:
    description: A template for running liboqs tests on macOS
    parameters:
      CMAKE_ARGS:
        description: "Arguments to pass to CMake."
        type: string
      PYTEST_ARGS:
        description: "Arguments to pass to pytest."
        type: string
        default: ""
    macos:
      xcode: "14.3.1"
    steps:
      - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
      - run:
          name: Install dependencies
          command: env HOMEBREW_NO_AUTO_UPDATE=1 brew install openssl cmake ninja gcc@11 && pip3 install pytest pytest-xdist pyyaml
      - run:
          name: Get system information
          command: sysctl -a | grep machdep.cpu
      - run:
          name: Configure
          command: mkdir build && cd build && source ~/.bashrc && cmake -GNinja << parameters.CMAKE_ARGS >> .. && cmake -LA ..
      - run:
          name: Build
          command: ninja
          working_directory: build
      - run:
          name: Run tests
          command: mkdir tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --junitxml=build/test-results/pytest/test-results.xml << parameters.PYTEST_ARGS >>
      - store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour
          path: build/test-results
      - store_artifacts:
          path: build/test-results
  trigger-downstream-ci:
    docker:
      - image: cimg/base:2020.01
 # Re-enable iff docker enforces rate limitations without auth:
 #        auth:
 #          username: $DOCKER_LOGIN
 #          password: $DOCKER_PASSWORD
    steps:
      - run:
          name: Trigger OQS-OpenSSL CI
          command: |2
            curl --silent \
                 --write-out "\n%{response_code}\n" \
                 --user ${BUILD_TRIGGER_TOKEN}: \
                 --request POST \
                 --header "Content-Type: application/json" \
                 --data '{ "branch": "OQS-OpenSSL_1_1_1-stable", "parameters": { "run_downstream_tests": true } }' \
                 https://circleci.com/api/v2/project/gh/open-quantum-safe/openssl/pipeline | tee curl_out \
            && grep -q "201" curl_out
      - run:
          name: Trigger OQS-BoringSSL CI
          command: |2
            curl --silent \
                 --write-out "\n%{response_code}\n" \
                 --user ${BUILD_TRIGGER_TOKEN}: \
                 --request POST \
                 --header "Content-Type: application/json" \
                 --data '{ "branch": "master", "parameters": { "run_downstream_tests": true } }' \
                 https://circleci.com/api/v2/project/gh/open-quantum-safe/boringssl/pipeline | tee curl_out \
            && grep -q "201" curl_out
      - run:
          name: Trigger OQS-OpenSSH CI
          command: |2
            curl --silent \
                 --write-out "\n%{response_code}\n" \
                 --user ${BUILD_TRIGGER_TOKEN}: \
                 --request POST \
                 --header "Content-Type: application/json" \
                 --data '{ "branch": "OQS-v8", "parameters": { "run_downstream_tests": true } }' \
                 https://circleci.com/api/v2/project/gh/open-quantum-safe/openssh/pipeline | tee curl_out \
            && grep -q "201" curl_out
      - run:
          name: Trigger oqs-provider CI
          command: |2
            curl --silent \
                 --write-out "\n%{response_code}\n" \
                 --user ${BUILD_TRIGGER_TOKEN}: \
                 --request POST \
                 --header "Content-Type: application/json" \
                 --data '{ "branch": "main" }' \
                 https://circleci.com/api/v2/project/gh/open-quantum-safe/oqs-provider/pipeline | tee curl_out \
            && grep -q "201" curl_out
      - run:
          name: Trigger liboqs-dotnet CI
          command: |2
            curl --silent \
                 --write-out "\n%{response_code}\n" \
                 --user ${BUILD_TRIGGER_TOKEN}: \
                 --request POST \
                 --header "Content-Type: application/json" \
                 --data '{ "branch": "master" }' \
                 https://circleci.com/api/v2/project/gh/open-quantum-safe/liboqs-dotnet/pipeline | tee curl_out \
            && grep -q "201" curl_out
      - run:
          name: Trigger liboqs-java CI
          command: |2
            curl --silent \
                 --write-out "\n%{response_code}\n" \
                 --user ${BUILD_TRIGGER_TOKEN}: \
                 --request POST \
                 --header "Content-Type: application/json" \
                 --data '{ "branch": "master" }' \
                 https://circleci.com/api/v2/project/gh/open-quantum-safe/liboqs-java/pipeline | tee curl_out \
            && grep -q "201" curl_out
      - run:
          name: Trigger liboqs-python CI
          command: |2
            curl --silent \
                 --write-out "\n%{response_code}\n" \
                 --request POST \
                 --header "Accept: application/vnd.github+json" \
                 --header "Authorization: Bearer $OQSBOT_GITHUB_ACTIONS" \
                 --header "X-GitHub-Api-Version: 2022-11-28" \
                 --data '{"event_type":"liboqs-upstream-trigger"}' \
                 https://api.github.com/repos/open-quantum-safe/liboqs-python/dispatches | tee curl_out \
            && grep -q "204" curl_out
 workflows:
  version: 2.1
  build:
    when:
      and:
        - not:
            equal: [ main, << pipeline.git.branch >> ]
        - not:
            matches: { pattern: "^ghactionsonly-.*", value: << pipeline.git.branch >> }
    jobs:
      - stylecheck
      - buildcheck:
          <<: *require_stylecheck
          context: openquantumsafe
          CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
          KEM_NAME: kyber_768
          SIG_NAME: dilithium_3
      # Disabling testapproval as no jobs currently need it.
      #- testapproval:
      #    <<: *require_buildcheck
      #    type: approval
      # Disabling centos-8 and debian-buster.
      # Re-enable if specific configurations (package versions etc) that need to be tested are identified.
      #- linux_oqs:
      #    <<: *require_buildcheck
      #    name: centos-8
      #    context: openquantumsafe
      #    CONTAINER: openquantumsafe/ci-centos-8-amd64:latest
      #    CMAKE_ARGS: -DCMAKE_C_COMPILER=clang
      #- linux_oqs:
      #    <<: *require_buildcheck
      #    name: debian-buster
      #    context: openquantumsafe
      #    CONTAINER: openquantumsafe/ci-debian-buster-amd64:latest
      - scan_build:
          <<: *require_buildcheck
          name: scan_build
          context: openquantumsafe
          CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
      - linux_oqs:
          <<: *require_buildcheck
          name: ubuntu-focal-noopenssl
          context: openquantumsafe
          CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
          CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF
          PYTEST_ARGS: --ignore=tests/test_leaks.py
      - linux_oqs:
          <<: *require_buildcheck
          name: ubuntu-focal-shared-noopenssl
          context: openquantumsafe
          CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
          CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-7 -DOQS_DIST_BUILD=OFF -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON
          PYTEST_ARGS: --ignore=tests/test_namespace.py --ignore=tests/test_leaks.py --numprocesses=auto
      - linux_oqs:
          <<: *require_buildcheck
          name: ubuntu-focal-clang15
          context: openquantumsafe
          CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
          CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang-15 -DOQS_OPT_TARGET=skylake
      - linux_oqs:
          <<: *require_buildcheck
          name: ubuntu-bionic-i386
          context: openquantumsafe
          CONTAINER: openquantumsafe/ci-ubuntu-bionic-i386:latest
          CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_x86.cmake
          PYTEST_ARGS: --ignore=tests/test_leaks.py
      - arm_machine:
          <<: *require_buildcheck
          name: arm64
          PYTEST_ARGS: --numprocesses=auto --maxprocesses=10
      - macOS:
          <<: *require_buildcheck
          name: macOS-gcc11
          CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-11
      - macOS:
          <<: *require_buildcheck
          name: macOS-noopenssl
          CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF
      - macOS:
          <<: *require_buildcheck
          name: macOS-shared
          CMAKE_ARGS: -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=OFF -DOQS_ENABLE_KEM_CLASSIC_MCELIECE=OFF
  commit-to-main:
    when:
      equal: [ main, << pipeline.git.branch >> ]
    jobs:
      - trigger-downstream-ci:
          context: openquantumsafe
--- a/.dsci.yml
+++ b/.dsci.yml
@ -1,10 +0,0 @@
 jobs:
  - name: Building and minimal testing on M1
    env:
      PYTEST_ARGS: tests/test_code_conventions.py tests/test_kat.py
    cmds:
      - uname -a && mkdir build && cd build && cmake -GNinja .. && ninja && cd .. && python3 -m pytest --numprocesses=auto --verbose $PYTEST_ARGS ; rm -rf build
  - name: Building and testing using gcc-11 on M1
    cmds:
      - uname -a && mkdir build && cd build && cmake -DCMAKE_C_COMPILER=gcc-11 -GNinja .. && ninja && ninja run_tests ; cd .. && rm -rf build
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1,10 +1,24 @@
 # https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
-* @dstebila
+* @dstebila @baentsch
-/.circleci @baentsch
+/.github/workflows @SWilson4
-/scripts/copy_from_upstream @baentsch @bhess
+/docs/cbom.json @bhess
 /scripts/copy_from_upstream @baentsch @bhess @alexrow @praveksharma
 /src/common @dstebila
-/src/kem/bike @crockeea
+/src/common/*/*arm* @Martyrshot
 /src/common/libjade_shims @praveksharma
 /src/kem/bike @brian-jarvis-aws
 /src/kem/frodokem @dstebila
-/src/kem/kyber @jschanck @bhess
+/src/kem/kyber @bhess
 /src/kem/kyber/libjade* @praveksharma
 /src/kem/ml_kem @bhess
 /src/sig/cross @alexrow
 /src/sig/dilithium @bhess
 /src/sig/mayo @bhess
 /src/sig/ml_dsa @bhess
 /src/sig_stfl/lms @ashman-p
 /src/sig_stfl/xmss @cothan
 /tests/ACVP_Vectors @bhess
 /tests/PQC_Intermediate_Values @bhess
 /tests/test_acvp_vectors.py @bhess
 /tests/test_sig_stfl.c @ashman-p @cothan
--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@ -0,0 +1,7 @@
 # Configuration variables in array of strings defined in your repository or organization
 # From https://github.com/rhysd/actionlint/blob/v1.7.7/docs/config.md:
 # "When an array is set, actionlint will check vars properties strictly. An empty array means no variable is allowed."
 config-variables:
  # - DEFAULT_RUNNER
  # - JOB_NAME
  # - ENVIRONMENT_STAGE
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -2,9 +2,12 @@
 <!-- Does this PR resolve any issue?  If so, please reference it using automatic-closing keywords like "Fixes #123." -->
 <!-- Any PR adding a new feature is expected to contain a test; the test should be part of CI testing, preferably within the ".github/workflows" directory tree. Please add an explanation to the PR if/when (why) this cannot be done. -->
 <!-- Please answer the following questions to help manage version and changes across projects. -->
 * [ ] Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)?  (If so, a version bump will be required from *x.y.z* to *x.(y+1).0*.)
-* [ ] Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in [oqs-provider](https://github.com/open-quantum-safe/oqs-provider), [OQS-OpenSSL](https://github.com/open-quantum-safe/openssl), [OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl), and [OQS-OpenSSH](https://github.com/open-quantum-safe/openssh) will also need to be ready for review and merge by the time this is merged.)
+* [ ] Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in fully supported downstream projects dependent on these, i.e., [oqs-provider](https://github.com/open-quantum-safe/oqs-provider) will also need to be ready for review and merge by the time this is merged.)
 <!-- Once your pull request is ready for review and passing continuous integration tests, please convert from a draft PR to a normal PR, and request a review from one of the OQS core team members. -->
--- a/.github/workflows/android.yml
+++ b/.github/workflows/android.yml
@ -1,6 +1,9 @@
 name: android build
-on: [push, pull_request]
+permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 jobs:
@ -10,8 +13,10 @@ jobs:
      fail-fast: false
      matrix:
        abi: [armeabi-v7a, arm64-v8a, x86, x86_64]
        stfl_opt: [ON, OFF]
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
      - name: Build project
-        run: ./scripts/build-android.sh $ANDROID_NDK_HOME -a ${{ matrix.abi }}
+        run: ./scripts/build-android.sh $ANDROID_NDK_HOME -a ${{ matrix.abi }} -f "-DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }}"
--- a/.github/workflows/apple.yml
+++ b/.github/workflows/apple.yml
@ -1,6 +1,9 @@
 name: apple build
-on: [push, pull_request]
+permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 jobs:
@ -10,10 +13,13 @@ jobs:
      fail-fast: false
      matrix:
        platform: [OS64, TVOS]
        stfl_opt: [OFF, ON]
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
      - name: Generate project
-        run: cmake -B build --toolchain .CMake/apple.cmake -DOQS_USE_OPENSSL=OFF -DPLATFORM=${{ matrix.platform }} .
+        run: |
          cmake -B build --toolchain .CMake/apple.cmake -DOQS_USE_OPENSSL=OFF -DPLATFORM=${{ matrix.platform }} \
            -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
      - name: Build project
        run: cmake --build build
--- a/.github/workflows/basic.yml
+++ b/.github/workflows/basic.yml
@ -0,0 +1,173 @@
 name: Basic checks
 permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 jobs:
  workflowcheck:
    name: Check validity of GitHub workflows
    runs-on: ubuntu-latest
    container: openquantumsafe/ci-ubuntu-latest:latest
    steps:
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Ensure GitHub actions are valid
        run: actionlint -shellcheck "" # run *without* shellcheck
  stylecheck:
    name: Check code formatting
    needs: [workflowcheck]
    runs-on: ubuntu-latest
    container: openquantumsafe/ci-ubuntu-latest:latest
    steps:
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Ensure code conventions are upheld
        run: python3 -m pytest --verbose tests/test_code_conventions.py
      - name: Check that doxygen can parse the documentation
        run: mkdir build && ./scripts/run_doxygen.sh $(which doxygen) ./docs/.Doxyfile ./build
      - name: Validate CBOM
        run: scripts/validate_cbom.sh
  upstreamcheck:
    name: Check upstream code is properly integrated
    needs: [workflowcheck]
    runs-on: ubuntu-latest
    container: openquantumsafe/ci-ubuntu-latest:latest
    steps:
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Configure
        run: |
          git config --global user.name "ciuser" && \
          git config --global user.email "ci@openquantumsafe.org" && \
          git config --global --add safe.directory "$PWD" && \
          echo "LIBOQS_DIR=$PWD" >> "$GITHUB_ENV"
      - name: Verify copy_from_upstream state after copy
        working-directory: "scripts/copy_from_upstream"
        run: |
          python3 copy_from_upstream.py -d copy && \
          git status --porcelain && \
          test -z "$(git status --porcelain)"
      - name: Verify copy_from_upstream state after libjade
        working-directory: "scripts/copy_from_upstream"
        run: |
          python3 copy_from_upstream.py -d libjade && \
          git status --porcelain && \
          test -z "$(git status --porcelain)"
  buildcheck:
    name: Check that code passes a basic build
    needs: [workflowcheck, stylecheck, upstreamcheck]
    runs-on: ubuntu-latest
    container: openquantumsafe/ci-ubuntu-latest:latest
    env:
      KEM_NAME: ml_kem_768
      SIG_NAME: ml_dsa_65
    steps:
      - name: Create random build folder
        run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Configure
        run: |
          cmake \
            -B ${{ env.RANDOM_BUILD_DIR }} \
            -GNinja \
            -DOQS_STRICT_WARNINGS=ON \
            -DOQS_MINIMAL_BUILD="KEM_$KEM_NAME;SIG_$SIG_NAME" \
            --warn-uninitialized . > config.log 2>&1 && \
          cat config.log && \
          cmake -LA -N . && \
          ! (grep -i "uninitialized variable" config.log)
      - name: Build code
        run: ninja
        working-directory: ${{ env.RANDOM_BUILD_DIR }}
      - name: Build documentation
        run: ninja gen_docs
        working-directory: ${{ env.RANDOM_BUILD_DIR }}
  cppcheck:
    name: Check C++ linking with example program
    runs-on: ubuntu-latest
    container: openquantumsafe/ci-ubuntu-latest:latest
    env:
      SIG_NAME: dilithium_2
    steps:
      - name: Create random build folder
        run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Configure
        run: |
          cmake \
            -B ${{ env.RANDOM_BUILD_DIR }} \
            -GNinja \
            -DOQS_STRICT_WARNINGS=ON \
            -DOQS_MINIMAL_BUILD="SIG_$SIG_NAME" \
            --warn-uninitialized . > config.log 2>&1 && \
          cat config.log && \
          cmake -LA -N . && \
          ! (grep -i "uninitialized variable" config.log)
      - name: Build liboqs
        run: ninja
        working-directory: ${{ env.RANDOM_BUILD_DIR }}
      - name: Link with C++ program
        run: |
          g++ "$GITHUB_WORKSPACE"/cpp/sig_linking_test.cpp -g \
          -I./include -L./lib -loqs -lcrypto -std=c++11 -o example_sig && \
          ./example_sig
        working-directory: ${{ env.RANDOM_BUILD_DIR }}
  fuzzbuildcheck:
    name: Check that code passes a basic fuzzing build
    needs: [workflowcheck, stylecheck, upstreamcheck]
    runs-on: ubuntu-latest
    container: openquantumsafe/ci-ubuntu-latest:latest
    env:
      SIG_NAME: dilithium_2
      CC: clang
      CXX: clang++
      CFLAGS: -fsanitize=fuzzer-no-link,address
      LDFLAGS: -fsanitize=address
    steps:
      - name: Create random build folder
        run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Configure
        run: |
          cmake \
            -B ${{ env.RANDOM_BUILD_DIR }} \
            -GNinja \
            -DOQS_STRICT_WARNINGS=ON \
            -DOQS_BUILD_FUZZ_TESTS=ON \
            -DOQS_MINIMAL_BUILD="SIG_$SIG_NAME" \
            --warn-uninitialized . > config.log 2>&1 && \
          cat config.log && \
          cmake -LA -N . && \
          ! (grep -i "uninitialized variable" config.log)
      - name: Build code
        run: ninja fuzz_test_sig
        working-directory: ${{ env.RANDOM_BUILD_DIR }}
      - name: Short fuzz check (30s)
        run: ./tests/fuzz_test_sig -max_total_time=30
        working-directory: ${{ env.RANDOM_BUILD_DIR }}
  nixflakecheck:
    name: Check that Nix flake has correct syntax and can build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Install Nix
        uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72
      - name: Check devShell
        run: nix develop --command echo 
      - name: Check flake syntax
        run: nix flake check --no-build # check for accurate syntax
      - name: Check that the flake builds
        run: nix build # check that the build runs
--- a/.github/workflows/code-coverage.yml
+++ b/.github/workflows/code-coverage.yml
@ -0,0 +1,60 @@
 name: Code coverage tests
 permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 jobs:
  coverage:
    name: Run code coverage testing
    strategy:
      matrix:
        # The 'id' value for each job should be added to the 'carry-forward' string in the 'finish' job.
        include:
          - id: x64-generic
            runner: ubuntu-latest
            CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
          - id: x64-distbuild
            runner: ubuntu-latest
            CMAKE_ARGS: -DOQS_DIST_BUILD=ON
          - id: arm64-distbuild
            runner: ubuntu-24.04-arm
            CMAKE_ARGS: -DOQS_DIST_BUILD=ON
    runs-on: ${{ matrix.runner }}
    container: openquantumsafe/ci-ubuntu-latest:latest
    steps:
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Configure
        run: |
          mkdir build && cd build && \
          cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DUSE_COVERAGE=ON ${{ matrix.CMAKE_ARGS }} .. && \
          cmake -LA -N ..
      - name: Build
        run: ninja
        working-directory: build
      - name: Run tests
        run: |
          python3 -m pytest --verbose --numprocesses=auto \
          tests/test_acvp_vectors.py \
          tests/test_cmdline.py \
          tests/test_kat.py
      - name: Run lcov
        run: lcov -d . -c -o lcov.info --exclude /usr/lib,/usr/include --ignore-errors unused
      - name: Upload to coveralls.io
        uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # pin@v2.3.6
        with:
          flag-name: ${{ matrix.id }}
          parallel: true
  finish:
    needs: coverage
    if: ${{ always() }}
    runs-on: ubuntu-latest
    steps:
      - name: Finish coveralls.io
        uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # pin@v2.3.6
        with:
          parallel-finished: true
          carry-forward: "x64-generic,x64-distbuild,arm64-distbuild"
--- a/.github/workflows/commit-to-main.yml
+++ b/.github/workflows/commit-to-main.yml
@ -0,0 +1,38 @@
 name: Main branch tests
 permissions:
  contents: read
 on:
  push:
    branches: ['main']
 jobs:
  platform-tests:
    uses: ./.github/workflows/platforms.yml
  code-coverage:
    uses: ./.github/workflows/code-coverage.yml
    secrets: inherit
  scorecard:
    uses: ./.github/workflows/scorecard.yml
    secrets: inherit
    permissions:
      id-token: write
      security-events: write
  basic-downstream:
    uses: ./.github/workflows/downstream-basic.yml
    secrets: inherit
  call-kem-benchmarking:
    uses: ./.github/workflows/kem-bench.yml
    permissions:
      contents: write
  call-sig-benchmarking:
    uses: ./.github/workflows/sig-bench.yml
    permissions:
      contents: write
--- a/.github/workflows/downstream-basic.yml
+++ b/.github/workflows/downstream-basic.yml
@ -0,0 +1,107 @@
 name: Trigger basic downstream CI
 permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 jobs:
  trigger-downstream-ci:
    runs-on: ubuntu-latest
    steps:
      - name: Trigger OQS-BoringSSL CI
        if: ${{ !cancelled() }} # run all steps independent of failures
        run: |
          curl --silent \
               --write-out "\n%{response_code}\n" \
               --request POST \
               --header "Accept: application/vnd.github+json" \
               --header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
               --header "X-GitHub-Api-Version: 2022-11-28" \
               --data '{"event_type":"liboqs-upstream-trigger"}' \
               https://api.github.com/repos/open-quantum-safe/boringssl/dispatches | tee curl_out \
          && grep -q "204" curl_out
      - name: Trigger OQS-OpenSSH CI
        if: ${{ !cancelled() }} # run all steps independent of failures
        run: |
          curl --silent \
               --write-out "\n%{response_code}\n" \
               --request POST \
               --header "Accept: application/vnd.github+json" \
               --header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
               --header "X-GitHub-Api-Version: 2022-11-28" \
               --data '{"ref":"OQS-v9"}' \
               https://api.github.com/repos/open-quantum-safe/openssh/actions/workflows/ubuntu.yaml/dispatches | tee curl_out \
          && grep -q "204" curl_out
      - name: Trigger oqs-provider CI
        if: ${{ !cancelled() }} # run all steps independent of failures
        run: |
          curl --silent \
               --write-out "\n%{response_code}\n" \
               --user ${{ secrets.BUILD_TRIGGER_TOKEN }}: \
               --request POST \
               --header "Content-Type: application/json" \
               --data '{ "branch": "main" }' \
               https://circleci.com/api/v2/project/gh/open-quantum-safe/oqs-provider/pipeline | tee curl_out \
          && grep -q "201" curl_out
      - name: Trigger liboqs-cpp CI
        if: ${{ !cancelled() }} # run all steps independent of failures
        run: |
          curl --silent \
               --write-out "\n%{response_code}\n" \
               --request POST \
               --header "Accept: application/vnd.github+json" \
               --header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
               --header "X-GitHub-Api-Version: 2022-11-28" \
               --data '{"event_type":"liboqs-upstream-trigger"}' \
               https://api.github.com/repos/open-quantum-safe/liboqs-cpp/dispatches | tee curl_out \
          && grep -q "204" curl_out
      - name: Trigger liboqs-go CI
        if: ${{ !cancelled() }} # run all steps independent of failures
        run: |
          curl --silent \
               --write-out "\n%{response_code}\n" \
               --request POST \
               --header "Accept: application/vnd.github+json" \
               --header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
               --header "X-GitHub-Api-Version: 2022-11-28" \
               --data '{"event_type":"liboqs-upstream-trigger"}' \
               https://api.github.com/repos/open-quantum-safe/liboqs-go/dispatches | tee curl_out \
          && grep -q "204" curl_out
      - name: Trigger liboqs-python CI
        if: ${{ !cancelled() }} # run all steps independent of failures
        run: |
          curl --silent \
               --write-out "\n%{response_code}\n" \
               --request POST \
               --header "Accept: application/vnd.github+json" \
               --header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
               --header "X-GitHub-Api-Version: 2022-11-28" \
               --data '{"event_type":"liboqs-upstream-trigger"}' \
               https://api.github.com/repos/open-quantum-safe/liboqs-python/dispatches | tee curl_out \
          && grep -q "204" curl_out
      - name: Trigger liboqs-java CI
        if: ${{ !cancelled() }} # run all steps independent of failures
        run: |
          curl --silent \
               --write-out "\n%{response_code}\n" \
               --request POST \
               --header "Accept: application/vnd.github+json" \
               --header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
               --header "X-GitHub-Api-Version: 2022-11-28" \
               --data '{"event_type":"liboqs-upstream-trigger"}' \
               https://api.github.com/repos/open-quantum-safe/liboqs-java/dispatches | tee curl_out \
          && grep -q "204" curl_out
      - name: Trigger liboqs-rust CI
        if: ${{ !cancelled() }} # run all steps independent of failures
        run: |
          curl --silent \
               --write-out "\n%{response_code}\n" \
               --request POST \
               --header "Accept: application/vnd.github+json" \
               --header "Authorization: Bearer ${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
               --header "X-GitHub-Api-Version: 2022-11-28" \
               --data '{"event_type":"liboqs-upstream-trigger"}' \
               https://api.github.com/repos/open-quantum-safe/liboqs-rust/dispatches | tee curl_out \
          && grep -q "204" curl_out
--- a/.github/workflows/downstream-release.yml
+++ b/.github/workflows/downstream-release.yml
@ -0,0 +1,30 @@
 name: Downstream release tests
 permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 # Trigger oqs-provider release tests.
 # When triggered by a release (see release.yml), the liboqs release tag and the provider "<release tag>-tracker" branch are used.
 # When triggered by a commit message (see filter.yml), the triggering liboqs branch and the provider "<liboqs branch>-tracker" branch are used.
 # If the tracker branch does not exist, the downstream pipeline should detect it and run on the main branch instead.
 jobs:
  oqs-provider-release-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout release tests script
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4
        with:
          sparse-checkout: |
            scripts/provider-test-trigger.sh
          sparse-checkout-cone-mode: false
      - name: Trigger oqs-provider release tests
        run: |
          CURL_FLAGS="--silent --write-out \n%{response_code}\n" \
          ACCESS_TOKEN="${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
          LIBOQS_REF="${{ github.ref_name }}" \
          PROVIDER_REF="${{ github.ref_name }}-tracker" \
          ./scripts/provider-test-trigger.sh | tee curl_out \
          && grep -q "204" curl_out
--- a/.github/workflows/extended.yml
+++ b/.github/workflows/extended.yml
@ -0,0 +1,74 @@
 name: Extended tests
 permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 jobs:
  constant-time-x64:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          - name: generic
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
            PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
            SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*'
          - name: extensions
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
            PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
            SKIP_ALGS: 'SPHINCS\+-SHA(.)*s-simple,SPHINCS\+-SHAKE-(.)*'
    container:
      image: ${{ matrix.container }}
    steps:
      - name: Checkout code
        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # pin@v2
      - name: Configure
        run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
      - name: Build
        run: ninja
        working-directory: build
      - name: Run tests
        timeout-minutes: 360
        run: mkdir -p tmp && SKIP_ALGS='${{ matrix.SKIP_ALGS }}' python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}
  nistkat-x64:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          - name: generic
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
            PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
          - name: generic-libjade
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
            PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
          - name: extensions
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto
            PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
          - name: extensions-libjade
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=auto -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST}}"
            PYTEST_ARGS: --numprocesses=auto -k 'test_kat_all'
    container:
      image: ${{ matrix.container }}
    steps:
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Configure
        run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
      - name: Build
        run: ninja
        working-directory: build
      - name: Run tests
        timeout-minutes: 360
        run: mkdir -p tmp && python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}
--- a/.github/workflows/kem-bench.yml
+++ b/.github/workflows/kem-bench.yml
@ -0,0 +1,121 @@
 name: kem benchmark
 on:
  workflow_dispatch:
  workflow_call:
 permissions:
  contents: read
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      # Checkout repository
      - name: Checkout repository
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
        with:
          fetch-depth: 0
      # Set up dependencies
      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y cmake ninja-build gcc g++ python3 python3-pip
          sudo apt-get install -y python3-cpuinfo
      # Build the speed_kem binary only
      - name: Build speed_kem binary
        run: |
          mkdir -p build
          cd build
          cmake -GNinja .. -DBUILD_SHARED_LIBS=OFF
          ninja speed_kem
      # Copy the parse_liboqs_speed.py script
      - name: Copy parse_liboqs_speed.py
        run: |
          cp scripts/parse_liboqs_speed.py build/tests/
      # Upload the built binary and script as an artifact
      - name: Upload artifacts
        uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
        with:
          name: built-binary
          path: build/tests/
  benchmark:
    needs: build
    runs-on: ubuntu-latest
    permissions:
      contents: write
    strategy:
      matrix: 
        algorithm: [ # List of available KEMs to perform the benchmarking on
          "BIKE-L1",
          "BIKE-L3", 
          "BIKE-L5",
          "Classic-McEliece-348864", 
          "Classic-McEliece-348864f",
          "Classic-McEliece-460896", 
          "Classic-McEliece-460896f",
          "Classic-McEliece-6688128", 
          "Classic-McEliece-6688128f",
          "Classic-McEliece-6960119", 
          "Classic-McEliece-6960119f",
          "Classic-McEliece-8192128", 
          "Classic-McEliece-8192128f",
          "Kyber512",
          "Kyber768",
          "Kyber1024",
          "ML-KEM-512",
          "ML-KEM-768",
          "ML-KEM-1024",
          "sntrup761",
          "FrodoKEM-640-AES", 
          "FrodoKEM-640-SHAKE",
          "FrodoKEM-976-AES", 
          "FrodoKEM-976-SHAKE",
          "FrodoKEM-1344-AES", 
          "FrodoKEM-1344-SHAKE"
        ]
      max-parallel: 1 # No parallel jobs to not compromise the pull-push operations of the benchmarking actions below
    steps:
      # Ensure the repository is checked out
      - name: Checkout repository
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
        with:
          fetch-depth: 0
      # Download the built binary and script
      - name: Download artifacts
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # pin@v4
        with:
          name: built-binary
          path: build/tests/
      # Set execute permissions for the binary
      - name: Set execute permissions
        run: chmod +x build/tests/speed_kem
      # Run speed_kem tests for each algorithm
      - name: Run speed_kem tests
        run: |
          cd build/tests
          ./speed_kem "${{matrix.algorithm}}" > ${{matrix.algorithm}}_output.txt
          python3 parse_liboqs_speed.py ${{matrix.algorithm}}_output.txt --algorithm ${{matrix.algorithm}}
      # Push to GitHub pages using continuous-benchmark
      - name: Store benchmark result
        uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7
        with:
          name: ${{matrix.algorithm}}
          tool: "customSmallerIsBetter"
          output-file-path: build/tests/${{matrix.algorithm}}_formatted.json
          github-token: ${{ secrets.GITHUB_TOKEN }}
          auto-push: true
          comment-on-alert: true
          summary-always: true
          alert-threshold: 105%
          comment-always: false
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@ -1,123 +1,158 @@
 name: Linux tests
-on: [push, pull_request]
+permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 jobs:
-  stylecheck:
+  linux:
    name: Check code formatting
    container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Ensure code conventions are upheld
        run: python3 -m pytest --verbose tests/test_code_conventions.py
      - name: Check that doxygen can parse the documentation
        run: mkdir -p build/docs && doxygen docs/.Doxyfile
      - name: Validate CBOM
        run: scripts/validate_cbom.sh
  upstreamcheck:
    name: Check upstream code is properly integrated
    container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Verify copy_from_upstream state
        run: |
          git config --global user.name "ciuser" && \
          git config --global user.email "ci@openquantumsafe.org" && \
          export LIBOQS_DIR=`pwd` && \
          cd scripts/copy_from_upstream && \
          ! pip3 install -r requirements.txt 2>&1 | grep ERROR && \
          python3 copy_from_upstream.py copy && \
          ! git status | grep modified
  buildcheck:
    name: Check that code passes a basic build before starting heavier tests
    container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
    needs: stylecheck
    runs-on: ubuntu-latest
    env:
      KEM_NAME: kyber_768
      SIG_NAME: dilithium_3
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Configure
        run: |
          mkdir build && \
          cd build && \
          cmake .. --warn-uninitialized \
                   -GNinja \
                   -DOQS_MINIMAL_BUILD="KEM_$KEM_NAME;SIG_$SIG_NAME" \
                   > config.log 2>&1 && \
          cat config.log && \
          cmake -LA .. && \
          ! (grep "uninitialized variable" config.log)
      - name: Build
        run: ninja
        working-directory: build
  linux_intel:
    needs: [stylecheck, upstreamcheck, buildcheck]
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          - name: arm64
            runner: ubuntu-24.04-arm
            container: openquantumsafe/ci-ubuntu-latest:latest
            PYTEST_ARGS: --maxprocesses=10 --ignore=tests/test_kat_all.py
            CMAKE_ARGS: -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON
          - name: alpine
            runner: ubuntu-latest
            container: openquantumsafe/ci-alpine-amd64:latest
-            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON
+            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
-            PYTEST_ARGS: --ignore=tests/test_alg_info.py
+            PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
          - name: alpine-libjade
            runner: ubuntu-latest
            container: openquantumsafe/ci-alpine-amd64:latest
            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
            PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
          - name: alpine-no-stfl-key-sig-gen
            runner: ubuntu-latest
            container: openquantumsafe/ci-alpine-amd64:latest
            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
            PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
          - name: alpine-openssl-all
            runner: ubuntu-latest
            container: openquantumsafe/ci-alpine-amd64:latest
-            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON
+            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
-            PYTEST_ARGS: --ignore=tests/test_alg_info.py
+            PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
          - name: alpine-noopenssl
            runner: ubuntu-latest
            container: openquantumsafe/ci-alpine-amd64:latest
-            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF
+            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
-            PYTEST_ARGS: --ignore=tests/test_alg_info.py
+            PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
-          - name: focal-nistr4-openssl
+          - name: noble-nistr4-openssl
-            container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
+            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_R4
-            PYTEST_ARGS: --ignore=tests/test_leaks.py
+            PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
          - name: noble-nistonramp-openssl
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_SIG_ONRAMP
            PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
          - name: noble-noopenssl
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF
            PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
          - name: noble-noopenssl-libjade
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
            PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
          - name: noble-shared-noopenssl
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON
            PYTEST_ARGS: --ignore=tests/test_namespace.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
          - name: jammy-clang
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-jammy:latest
            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang
            PYTEST_ARGS: --ignore=tests/test_kat_all.py
          - name: noble-clang
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang
            PYTEST_ARGS: --ignore=tests/test_kat_all.py -k 'not (leaks and (Dilithium or ML-DSA))'
          - name: jammy-std-openssl3
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-jammy:latest
            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON
-            PYTEST_ARGS: --ignore=tests/test_leaks.py
+            PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
          - name: jammy-std-openssl3-libjade
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-jammy:latest
            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
            PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
          - name: jammy-std-openssl3-dlopen
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-jammy:latest
            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON
            PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
          - name: jammy-std-openssl3-dlopen-libjade
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-jammy:latest
            CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
            PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
          - name: address-sanitizer
-            container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
+            runner: ubuntu-latest
-            CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address
+            container: openquantumsafe/ci-ubuntu-latest:latest
-            PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --numprocesses=auto --maxprocesses=10
+            CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
            PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
          - name: address-sanitizer-no-stfl-key-sig-gen
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
            PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
          - name: address-sanitizer-libjade
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
            PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10
          - name: noble-no-sha3-avx512vl
            runner: ubuntu-latest
            container: openquantumsafe/ci-ubuntu-latest:latest
            CMAKE_ARGS: -DOQS_USE_SHA3_AVX512VL=OFF
            PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
    runs-on: ${{ matrix.runner }}
    container:
      image: ${{ matrix.container }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Configure
-        run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA ..
+        run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
      - name: Build
        run: ninja
        working-directory: build
      - name: Check the library artifacts
        if: matrix.name == 'jammy-std-openssl3-dlopen'
        run: |
          nm -gu lib/liboqs.so | sed -n 's/^[[:space:]]*[Uw] \([^_].*\)/\1/p' > undefined-syms.txt &&
          ! (grep '^\(CRYPTO\|ERR\|EVP\|OPENSSL\|RAND\)_' undefined-syms.txt)
        working-directory: build
      - name: Run tests
        timeout-minutes: 60
-        run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py ${{ matrix.PYTEST_ARGS }}
+        run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --numprocesses=auto ${{ matrix.PYTEST_ARGS }}
      - name: Package .deb
-        if: ${{ matrix.name }} == 'jammy-std-openssl3'
+        if: matrix.name == 'jammy-std-openssl3'
        run: cpack
        working-directory: build
      - name: Retain .deb file
-        if: ${{ matrix.name }} == 'jammy-std-openssl3'
+        if: matrix.name == 'jammy-std-openssl3'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # pin@v4
        with:
          name: liboqs-openssl3-shared-x64
          path: build/*.deb
      - name: Check STD algorithm and alias
        if: matrix.name == 'jammy-std-openssl3'
        run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n    isnull: false" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n    isnull: false"'
        working-directory: build
  linux_arm_emulated:
    needs: [stylecheck, buildcheck]
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
@ -125,15 +160,19 @@ jobs:
        include:
          - name: armhf
            ARCH: armhf
-            CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_OPT_TARGET=generic
+            CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
-            PYTEST_ARGS: --ignore=tests/test_alg_info.py
+            PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
          - name: armhf-no-stfl-key-sig-gen
            ARCH: armhf
            CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
            PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py
          # no longer supporting armel
          # - name: armel
          #   ARCH: armel
-          #   CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_OPT_TARGET=generic
+          #   CMAKE_ARGS: -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_USE_OPENSSL=OFF -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=generic
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Install the emulation handlers
        run: docker run --rm --privileged multiarch/qemu-user-static:register --reset
      - name: Build in an x86_64 container
@ -146,7 +185,7 @@ jobs:
                         (cd build && \
                          cmake .. -GNinja ${{ matrix.CMAKE_ARGS }} \
                                   -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_${{ matrix.ARCH }}.cmake && \
-                          cmake -LA .. && \
+                          cmake -LA -N .. && \
                          ninja)"
      - name: Run the tests in an ${{ matrix.ARCH }} container
        timeout-minutes: 60
@ -159,3 +198,114 @@ jobs:
                              python3 -m pytest --verbose \
                                                --numprocesses=auto \
                                                --ignore=tests/test_code_conventions.py ${{ matrix.PYTEST_ARGS }}"
  linux_cross_compile:
    runs-on: ubuntu-latest
    container: openquantumsafe/ci-ubuntu-latest:latest
    strategy:
      fail-fast: false
      matrix:
        include:
          - name: windows-binaries
            CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake
          - name: windows-dll
            CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake -DBUILD_SHARED_LIBS=ON
    steps:
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Configure
        run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
      - name: Build
        run: ninja
        working-directory: build
  linux_openssl330-dev:
    runs-on: ubuntu-latest
    container:
      image: openquantumsafe/ci-ubuntu-jammy:latest
    steps:
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Retrieve OpenSSL330 from cache
        id: cache-openssl330
        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # pin@v4
        with:
          path: .localopenssl330
          key: ${{ runner.os }}-openssl330
      - name: Checkout the OpenSSL v3.3.0 commit
        if: steps.cache-openssl330.outputs.cache-hit != 'true'
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
        with:
          repository: 'openssl/openssl'
          ref: 'openssl-3.3.0-beta1'
          path: openssl
      - name: Prepare the OpenSSL build directory
        if: steps.cache-openssl330.outputs.cache-hit != 'true'
        run: mkdir .localopenssl330
        working-directory: openssl
      - name: Build openssl3 if not cached
        if: steps.cache-openssl330.outputs.cache-hit != 'true'
        run: |
          ./config --prefix=`pwd`/../.localopenssl330 && make -j 4 && make install_sw install_ssldirs
        working-directory: openssl
      - name: Save OpenSSL
        id: cache-openssl-save
        if: steps.cache-openssl330.outputs.cache-hit != 'true'
        uses: actions/cache/save@d4323d4df104b026a6aa633fdb11d772146be0bf # pin@v4
        with:
          path: |
            .localopenssl330
          key: ${{ runner.os }}-openssl330
      - name: Configure
        run: mkdir build && cd build && cmake -GNinja -DOQS_STRICT_WARNINGS=ON -DOPENSSL_ROOT_DIR=../.localopenssl330 -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON .. && cmake -LA -N ..
      - name: Build
        run: ninja
        working-directory: build
      - name: Run tests
        timeout-minutes: 60
        run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
  scan_build:
    runs-on: ubuntu-latest
    container: openquantumsafe/ci-ubuntu-latest:latest
    steps:
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Configure
        run: mkdir build && cd build && scan-build --status-bugs cmake -GNinja ..
      - name: Build
        run: scan-build --status-bugs ninja
        working-directory: build
  linux_x86_emulated:
    runs-on: ubuntu-latest
    container:
      image: openquantumsafe/ci-ubuntu-latest:latest
    strategy:
      fail-fast: false
      matrix:
        include:
          - name: avx512-ml-kem_ml-dsa
            SDE_ARCH: -skx
            CMAKE_ARGS: -DOQS_MINIMAL_BUILD="KEM_ml_kem_512;KEM_ml_kem_768;KEM_ml_kem_1024;SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87"
            PYTEST_ARGS: tests/test_hash.py::test_sha3 tests/test_kat.py tests/test_acvp_vectors.py
    env:
      SDE_URL: https://downloadmirror.intel.com/850782/sde-external-9.53.0-2025-03-16-lin.tar.xz
    steps:
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Setup Intel SDE
        run: |
          wget -O sde.tar.xz "$SDE_URL" && \
            mkdir sde && tar -xf sde.tar.xz -C sde --strip-components=1 && \
            echo "$(pwd)/sde" >> $GITHUB_PATH
      - name: Configure
        run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N ..
      - name: Build
        run: ninja
        working-directory: build
      - name: Run tests
        timeout-minutes: 60
        run: |
          mkdir -p tmp && sde64 ${{ matrix.SDE_ARCH }} -- \
            python3 -m pytest --verbose --numprocesses=auto ${{ matrix.PYTEST_ARGS }}
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@ -0,0 +1,63 @@
 name: MacOS tests
 permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 jobs:
  macos:
    strategy:
      fail-fast: false
      matrix:
        os:
          # macos-13 runs on x64; the others run on aarch64
          - macos-13
          - macos-14
          - macos-15
        CMAKE_ARGS:
          - -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
          - -DCMAKE_C_COMPILER=gcc-14
          - -DOQS_USE_OPENSSL=OFF
          - -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=OFF
        libjade-build:
          - -DOQS_LIBJADE_BUILD=OFF
          # Restrict -DOQS_LIBJADE_BUILD=ON build to algs provided by
          # libjade to minimise repeated tests
          - -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
        exclude:
          # macos-14 and macos-15 run on aarch64, libjade targets x86
          # Skip testing libjade on macos-14
          - os: macos-14
            libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
          - os: macos-15
            libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
          # No point in testing stateful sigs with minimal libjade build
          - libjade-build: -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}"
            CMAKE_ARGS: -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON
          # Failing configuration on Github actions; see https://github.com/open-quantum-safe/liboqs/pull/2148
          - os: macos-15
            CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-14
            libjade-build: -DOQS_LIBJADE_BUILD=OFF
    runs-on: ${{ matrix.os }}
    steps:
      - name: Install Python
        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5
        with:
          python-version: '3.12'
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
      - name: Install dependencies
        run: env HOMEBREW_NO_AUTO_UPDATE=1 brew install ninja && pip3 install --require-hashes --break-system-packages -r .github/workflows/requirements.txt
      - name: Get system information
        run: sysctl -a | grep machdep.cpu
      - name: Configure
        run: mkdir -p build && cd build && source ~/.bashrc && cmake -GNinja -DOQS_STRICT_WARNINGS=ON ${{ matrix.CMAKE_ARGS }} ${{ matrix.libjade-build }} .. && cmake -LA -N ..
      - name: Build
        run: ninja
        working-directory: build
      - name: Run tests
        run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_kat_all.py
        timeout-minutes: 60
--- a/.github/workflows/platforms.yml
+++ b/.github/workflows/platforms.yml
@ -0,0 +1,26 @@
 name: Tests for all supported platforms
 permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 jobs:
  android-tests:
    uses: ./.github/workflows/android.yml
  ios-tests:
    uses: ./.github/workflows/apple.yml
  linux-tests:
    uses: ./.github/workflows/linux.yml
  macos-tests:
    uses: ./.github/workflows/macos.yml
  windows-tests:
    uses: ./.github/workflows/windows.yml
  zephyr-tests:
    uses: ./.github/workflows/zephyr.yml
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@ -0,0 +1,32 @@
 name: Pull request tests
 permissions:
  contents: read
 on: pull_request
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 jobs:
  basic-checks:
    uses: ./.github/workflows/basic.yml
  platform-tests:
    needs: basic-checks
    uses: ./.github/workflows/platforms.yml
  code-coverage:
    needs: basic-checks
    uses: ./.github/workflows/code-coverage.yml
    secrets: inherit
  scorecard:
    needs: basic-checks
    uses: ./.github/workflows/scorecard.yml
    secrets: inherit
    permissions:
      id-token: write
      security-events: write
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@ -0,0 +1,33 @@
 name: Push tests
 permissions:
  contents: read
 on:
  push:
    branches-ignore: 'main'
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 jobs:
  basic-checks:
    uses: ./.github/workflows/basic.yml
  full-tests:
    needs: basic-checks
    if: contains( github.event.head_commit.message, '[full tests]' )
    uses: ./.github/workflows/platforms.yml
  extended-tests:
    needs: basic-checks
    if: contains( github.event.head_commit.message, '[extended tests]' )
    uses: ./.github/workflows/extended.yml
  downstream-release-tests:
    needs: basic-checks
    if: contains( github.event.head_commit.message, '[trigger downstream]' )
    uses: ./.github/workflows/downstream-release.yml
    secrets: inherit
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -0,0 +1,17 @@
 name: Release tests
 permissions:
  contents: read
 on:
  release:
    types: [ published ]
 jobs:
  extended-tests:
    uses: ./.github/workflows/extended.yml
  downstream-release-tests:
    uses: ./.github/workflows/downstream-release.yml
    secrets: inherit
--- a/.github/workflows/requirements.in
+++ b/.github/workflows/requirements.in
@ -0,0 +1,8 @@
 colorama==0.4.6
 execnet==2.1.1
 iniconfig==2.0.0
 packaging==24.0
 pluggy==1.4.0
 pytest==8.1.1
 pytest-xdist==3.5.0
 pyyaml==6.0.1
--- a/.github/workflows/requirements.txt
+++ b/.github/workflows/requirements.txt
@ -0,0 +1,97 @@
 #
 # This file is autogenerated by pip-compile with Python 3.12
 # by the following command:
 #
 #    pip-compile --generate-hashes --output-file=requirements_new.txt requirements.txt
 #
 colorama==0.4.6 \
    --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
    --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
    # via -r requirements.txt
 execnet==2.1.1 \
    --hash=sha256:26dee51f1b80cebd6d0ca8e74dd8745419761d3bef34163928cbebbdc4749fdc \
    --hash=sha256:5189b52c6121c24feae288166ab41b32549c7e2348652736540b9e6e7d4e72e3
    # via
    #   -r requirements.txt
    #   pytest-xdist
 iniconfig==2.0.0 \
    --hash=sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3 \
    --hash=sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374
    # via
    #   -r requirements.txt
    #   pytest
 packaging==24.0 \
    --hash=sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5 \
    --hash=sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9
    # via
    #   -r requirements.txt
    #   pytest
 pluggy==1.4.0 \
    --hash=sha256:7db9f7b503d67d1c5b95f59773ebb58a8c1c288129a88665838012cfb07b8981 \
    --hash=sha256:8c85c2876142a764e5b7548e7d9a0e0ddb46f5185161049a79b7e974454223be
    # via
    #   -r requirements.txt
    #   pytest
 pytest==8.1.1 \
    --hash=sha256:2a8386cfc11fa9d2c50ee7b2a57e7d898ef90470a7a34c4b949ff59662bb78b7 \
    --hash=sha256:ac978141a75948948817d360297b7aae0fcb9d6ff6bc9ec6d514b85d5a65c044
    # via
    #   -r requirements.txt
    #   pytest-xdist
 pytest-xdist==3.5.0 \
    --hash=sha256:cbb36f3d67e0c478baa57fa4edc8843887e0f6cfc42d677530a36d7472b32d8a \
    --hash=sha256:d075629c7e00b611df89f490a5063944bee7a4362a5ff11c7cc7824a03dfce24
    # via -r requirements.txt
 pyyaml==6.0.1 \
    --hash=sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5 \
    --hash=sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc \
    --hash=sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df \
    --hash=sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741 \
    --hash=sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206 \
    --hash=sha256:18aeb1bf9a78867dc38b259769503436b7c72f7a1f1f4c93ff9a17de54319b27 \
    --hash=sha256:1d4c7e777c441b20e32f52bd377e0c409713e8bb1386e1099c2415f26e479595 \
    --hash=sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62 \
    --hash=sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98 \
    --hash=sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696 \
    --hash=sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290 \
    --hash=sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9 \
    --hash=sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d \
    --hash=sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6 \
    --hash=sha256:4fb147e7a67ef577a588a0e2c17b6db51dda102c71de36f8549b6816a96e1867 \
    --hash=sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47 \
    --hash=sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486 \
    --hash=sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6 \
    --hash=sha256:596106435fa6ad000c2991a98fa58eeb8656ef2325d7e158344fb33864ed87e3 \
    --hash=sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007 \
    --hash=sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938 \
    --hash=sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0 \
    --hash=sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c \
    --hash=sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735 \
    --hash=sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d \
    --hash=sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28 \
    --hash=sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4 \
    --hash=sha256:9046c58c4395dff28dd494285c82ba00b546adfc7ef001486fbf0324bc174fba \
    --hash=sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8 \
    --hash=sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef \
    --hash=sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5 \
    --hash=sha256:afd7e57eddb1a54f0f1a974bc4391af8bcce0b444685d936840f125cf046d5bd \
    --hash=sha256:b1275ad35a5d18c62a7220633c913e1b42d44b46ee12554e5fd39c70a243d6a3 \
    --hash=sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0 \
    --hash=sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515 \
    --hash=sha256:baa90d3f661d43131ca170712d903e6295d1f7a0f595074f151c0aed377c9b9c \
    --hash=sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c \
    --hash=sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924 \
    --hash=sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34 \
    --hash=sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43 \
    --hash=sha256:c8098ddcc2a85b61647b2590f825f3db38891662cfc2fc776415143f599bb859 \
    --hash=sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673 \
    --hash=sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54 \
    --hash=sha256:d858aa552c999bc8a8d57426ed01e40bef403cd8ccdd0fc5f6f04a00414cac2a \
    --hash=sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b \
    --hash=sha256:f003ed9ad21d6a4713f0a9b5a7a0a79e08dd0f221aff4525a2be4c346ee60aab \
    --hash=sha256:f22ac1c3cac4dbc50079e965eba2c1058622631e526bd9afd45fedd49ba781fa \
    --hash=sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c \
    --hash=sha256:fca0e3a251908a499833aa292323f32437106001d436eca0e6e7833256674585 \
    --hash=sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d \
    --hash=sha256:fd66fc5d0da6d9815ba2cebeb4205f95818ff4b79c3ebe268e75d961704af52f
    # via -r requirements.txt
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -0,0 +1,64 @@
 name: Scorecard supply-chain security
 permissions: {}
 on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:
  workflow_call:
  workflow_dispatch:
 jobs:
  analysis:
    name: Scorecard analysis
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write
      # Needed to publish results and get a badge (see publish_results below).
      id-token: write
      # Uncomment the permissions below if installing in a private repository.
      # contents: read
      # actions: read
    steps:
      - name: "Checkout code"
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
        with:
          persist-credentials: false
      - name: "Run analysis"
        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # pin@v2.4.0
        with:
          results_file: results.sarif
          results_format: sarif
          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
          # - you want to enable the Branch-Protection check on a *public* repository, or
          # - you are installing Scorecard on a *private* repository
          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
          # Public repositories:
          #   - Publish results to OpenSSF REST API for easy access by consumers
          #   - Allows the repository to include the Scorecard badge.
          #   - See https://github.com/ossf/scorecard-action#publishing-results.
          # For private repositories:
          #   - `publish_results` will always be set to `false`, regardless
          #     of the value entered here.
          publish_results: true
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # pin@v4
        with:
          name: SARIF file
          path: results.sarif
          retention-days: 28
      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
        uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # pin@v3
        with:
          sarif_file: results.sarif
--- a/.github/workflows/sig-bench.yml
+++ b/.github/workflows/sig-bench.yml
@ -0,0 +1,151 @@
 name: sig benchmark
 on:
  workflow_dispatch:
  workflow_call:
 permissions:
  contents: read
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      # Checkout repository
      - name: Checkout repository
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
        with:
          fetch-depth: 0
      # Set up dependencies
      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y cmake ninja-build gcc g++ python3 python3-pip
          sudo apt-get install -y python3-cpuinfo
      # Build the speed_sig binary only
      - name: Build speed_sig binary
        run: |
          mkdir -p build
          cd build
          cmake -GNinja .. -DBUILD_SHARED_LIBS=OFF
          ninja speed_sig
      # Copy the parse_liboqs_speed.py script
      - name: Copy parse_liboqs_speed.py
        run: |
          cp scripts/parse_liboqs_speed.py build/tests/
      # Upload the built binary and script as an artifact
      - name: Upload artifacts
        uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47
        with:
          name: built-sig-binary
          path: build/tests/
  benchmark:
    needs: build
    runs-on: ubuntu-latest
    permissions:
      contents: write
    strategy:
      matrix:
        algorithm: [ # List of available signatures to perform the benchmarking on
          "Dilithium2",
          "Dilithium3",
          "Dilithium5",
          "ML-DSA-44",
          "ML-DSA-65",
          "ML-DSA-87",
          "Falcon-512",
          "Falcon-1024",
          "Falcon-padded-512",
          "Falcon-padded-1024",
          "SPHINCS+-SHA2-128f-simple",
          "SPHINCS+-SHA2-128s-simple",
          "SPHINCS+-SHA2-192f-simple",
          "SPHINCS+-SHA2-192s-simple",
          "SPHINCS+-SHA2-256f-simple",
          "SPHINCS+-SHA2-256s-simple",
          "SPHINCS+-SHAKE-128f-simple",
          "SPHINCS+-SHAKE-128s-simple",
          "SPHINCS+-SHAKE-192f-simple",
          "SPHINCS+-SHAKE-192s-simple",
          "SPHINCS+-SHAKE-256f-simple",
          "SPHINCS+-SHAKE-256s-simple",
          "MAYO-1",
          "MAYO-2",
          "MAYO-3",
          "MAYO-5",
          "cross-rsdp-128-balanced",
          "cross-rsdp-128-fast",
          "cross-rsdp-128-small",
          "cross-rsdp-192-balanced",
          "cross-rsdp-192-fast",
          "cross-rsdp-192-small",
          "cross-rsdp-256-balanced",
          "cross-rsdp-256-fast",
          "cross-rsdp-256-small",
          "cross-rsdpg-128-balanced",
          "cross-rsdpg-128-fast",
          "cross-rsdpg-128-small",
          "cross-rsdpg-192-balanced",
          "cross-rsdpg-192-fast",
          "cross-rsdpg-192-small",
          "cross-rsdpg-256-balanced",
          "cross-rsdpg-256-fast",
          "cross-rsdpg-256-small",
          "OV-Is",
          "OV-Ip",
          "OV-III",
          "OV-V",
          "OV-Is-pkc",
          "OV-Ip-pkc",
          "OV-III-pkc",
          "OV-V-pkc",
          "OV-Is-pkc-skc",
          "OV-Ip-pkc-skc",
          "OV-III-pkc-skc",
          "OV-V-pkc-skc"
        ]
      max-parallel: 1 # No parallel jobs to not compromise the pull-push operations of the benchmarking actions below
    steps:
      # Ensure the repository is checked out
      - name: Checkout repository
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
        with:
          fetch-depth: 0
      # Download the built binary and script
      - name: Download artifacts
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # pin@v4
        with:
          name: built-sig-binary
          path: build/tests/
      # Set execute permissions for the binary
      - name: Set execute permissions
        run: chmod +x build/tests/speed_sig
      # Run speed_sig tests for each algorithm
      - name: Run speed_sig tests
        run: |
          cd build/tests
          ./speed_sig "${{matrix.algorithm}}" > ${{matrix.algorithm}}_output.txt
          python3 parse_liboqs_speed.py ${{matrix.algorithm}}_output.txt --algorithm ${{matrix.algorithm}}
      # Push to GitHub pages using continuous-benchmark
      - name: Store benchmark result
        uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7
        with:
          name: ${{matrix.algorithm}}
          tool: "customSmallerIsBetter"
          output-file-path: build/tests/${{matrix.algorithm}}_formatted.json
          github-token: ${{ secrets.GITHUB_TOKEN }}
          auto-push: true
          comment-on-alert: true
          summary-always: true
          alert-threshold: 105%
          comment-always: false
--- a/.github/workflows/weekly.yml
+++ b/.github/workflows/weekly.yml
@ -1,4 +1,7 @@
-name: Weekly constant time tests
+name: Weekly tests
 permissions:
  contents: read
 on:
  schedule:
@ -6,33 +9,14 @@ on:
 jobs:
-  constant-time-x64:
+  # To guarantee Maintained check is occasionally updated. See
-    runs-on: ubuntu-latest
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
-    strategy:
+  scorecard:
-      fail-fast: false
+    uses: ./.github/workflows/scorecard.yml
-      matrix:
+    secrets: inherit
-        include:
+    permissions:
-          - name: generic
+      id-token: write
-            container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
+      security-events: write
            CMAKE_ARGS: -DOQS_OPT_TARGET=generic -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
            PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
            SKIP_ALGS: 'SPHINCS\+-SHA*,Classic-McEliece-(.)*'
          - name: extensions
            container: openquantumsafe/ci-ubuntu-focal-x86_64:latest
            CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_OPT_TARGET=haswell -DCMAKE_BUILD_TYPE=Debug -DOQS_ENABLE_TEST_CONSTANT_TIME=ON
            PYTEST_ARGS: --numprocesses=auto -k 'test_constant_time'
            SKIP_ALGS: 'SPHINCS\+-SHA*,Classic-McEliece-(.)*'
    container:
      image: ${{ matrix.container }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Configure
        run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA ..
      - name: Build
        run: ninja
        working-directory: build
      - name: Run tests
        timeout-minutes: 360
        run: mkdir -p tmp && SKIP_ALGS='${{ matrix.SKIP_ALGS }}' python3 -m pytest --verbose ${{ matrix.PYTEST_ARGS }}
  extended-tests:
    uses: ./.github/workflows/extended.yml
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@ -1,32 +1,45 @@
 name: Windows tests
-on: [push, pull_request]
+permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 jobs:
  windows-arm64:
-    runs-on: windows-2022
+    strategy:
      matrix:
        runner: [windows-2022, windows-2025]
        stfl_opt: [ON, OFF]
    runs-on: ${{ matrix.runner }}
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
      - name: Generate Project
-        run: cmake -B build --toolchain .CMake/toolchain_windows_arm64.cmake .
+        run: cmake -B build --toolchain .CMake/toolchain_windows_arm64.cmake -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
      - name: Build Project
        run: cmake --build build
  windows-x86:
    runs-on: windows-2022
    strategy:
      fail-fast: false
      matrix:
        runner: [windows-2022, windows-2025]
        toolchain: [.CMake/toolchain_windows_x86.cmake, .CMake/toolchain_windows_amd64.cmake]
        stfl_opt: [ON, OFF]
    runs-on: ${{ matrix.runner }}
    steps:
-      - uses: actions/checkout@v3
+      - name: Install Python
        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5
        with:
          python-version: '3.12'
      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
      - name: Generate Project
-        run: cmake -B build --toolchain ${{ matrix.toolchain }} .
+        run: cmake -B build --toolchain ${{ matrix.toolchain }} -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=${{ matrix.stfl_opt }} .
      - name: Build Project
        run: cmake --build build
      - name: Test dependencies
-        run: pip.exe install pytest pytest-xdist pyyaml
+        run: pip.exe install --require-hashes -r .github\workflows\requirements.txt
      - name: Run tests
        run: |
-          python -m pytest --numprocesses=auto -vv --maxfail=10 --ignore=tests/test_code_conventions.py --junitxml=build\test-results\pytest\test-results.xml
+          python -m pytest --numprocesses=auto -vv --maxfail=10 --ignore=tests/test_code_conventions.py --ignore=tests/test_kat_all.py --junitxml=build\test-results\pytest\test-results.xml
--- a/.github/workflows/zephyr.yml
+++ b/.github/workflows/zephyr.yml
@ -0,0 +1,61 @@
 name: Zephyr tests
 permissions:
  contents: read
 on: [workflow_call, workflow_dispatch]
 jobs:
  zephyr_test:
    runs-on: ubuntu-22.04
    container: ghcr.io/zephyrproject-rtos/ci:v0.27.4
    env:
        CMAKE_PREFIX_PATH: /opt/toolchains
    strategy:
        fail-fast: false
        matrix:
          config:
            - zephyr-ref: v3.4.0
            - zephyr-ref: v3.7.0
    steps:
        - name: Init Zephyr workspace
          run: |
            mkdir zephyr && cd zephyr
            mkdir manifest && cd manifest
            echo "manifest:" > west.yml
            echo "  remotes:" >> west.yml
            echo "    - name: zephyr" >> west.yml
            echo "      url-base: https://github.com/zephyrproject-rtos" >> west.yml
            echo "    - name: liboqs" >> west.yml
            echo "      url-base: https://github.com/${{ github.repository_owner }}" >> west.yml
            echo "  projects:" >> west.yml
            echo "    - name: zephyr" >> west.yml
            echo "      remote: zephyr" >> west.yml
            echo "      repo-path: zephyr" >> west.yml
            echo "      revision: ${{ matrix.config.zephyr-ref }}" >> west.yml
            echo "      import:" >> west.yml
            echo "        name-allowlist:" >> west.yml
            echo "          - picolibc" >> west.yml
            echo "    - name: liboqs" >> west.yml
            echo "      remote: liboqs" >> west.yml
            echo "      revision: $(echo '${{ github.ref }}' | sed -e 's/refs\/heads\///')" >> west.yml
            echo "      path: modules/crypto/liboqs" >> west.yml
            west init -l --mf west.yml .
        - name: Update west workspace
          working-directory: zephyr
          run: |
            west update -n -o=--depth=1
            west zephyr-export
        - name: Run Signature test
          working-directory: zephyr
          run: |
            west twister --integration -T modules/crypto/liboqs/zephyr -s samples/Signatures/sample.crypto.liboqs_signature_example -vvv
        - name: Run KEM test
          working-directory: zephyr
          run: |
            west twister --integration -T modules/crypto/liboqs/zephyr -s samples/KEMs/sample.crypto.liboqs_kem_example -vvv
--- a/.gitignore
+++ b/.gitignore
@ -35,4 +35,8 @@ __pycache__
 .pytest_cache
 .cache
 .CMake/a.out
 compile_commands.json
 # Generated by Nix flake
 result/
--- a/.travis.yml
+++ b/.travis.yml
@ -1,6 +1,6 @@
 language: c
 before_script:
-  - sudo apt -y install astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz valgrind
+  - sudo apt update && sudo apt -y install astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz valgrind
 jobs:
  include:
    - arch: ppc64le         # The IBM Power LXD container based build for OSS only
@ -9,7 +9,7 @@ jobs:
      compiler: gcc
      if: NOT branch =~ /^ghactionsonly-/
      script:
-        - mkdir build && cd build && cmake -GNinja .. && cmake -LA .. && ninja
+        - mkdir build && cd build && cmake -GNinja -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_STFL_SIG_KEY_SIG_GEN=ON .. && cmake -LA -N .. && ninja
        - cd build & ninja run_tests
    - arch: s390x
      os: linux
@ -17,5 +17,5 @@ jobs:
      compiler: gcc
      if: NOT branch =~ /^ghactionsonly-/
      script:
-        - mkdir build && cd build && cmake -GNinja .. && cmake -LA .. && ninja
+        - mkdir build && cd build && cmake -GNinja -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_STFL_SIG_KEY_SIG_GEN=ON .. && cmake -LA -N .. && ninja
        - cd build & ninja run_tests
--- a/CI.md
+++ b/CI.md
@ -0,0 +1,111 @@
 # Continuous Integration (CI)
 This document aims to provide a accessible yet comprehensive overview of the liboqs CI setup.
 ## GitHub Actions
 liboqs relies on GitHub Actions for almost all of its CI and makes extensive use of [reusable workflows](https://docs.github.com/en/actions/sharing-automations/reusing-workflows).
 All workflow files are located in the `.github/workflows` subdirectory.
 ### Caller workflows
 These workflows are triggered by GitHub events (for example, a pull request or a release).
 They implement the logic dictating which tests should run on which events.
 #### <a name="push.yml"></a> Push workflow (`push.yml`)
 This workflow is triggered by pushes to non-`main` branches.
 It calls only [basic checks](#basic.yml) unless one of the following strings is included in the commit message:
 - "[full tests]": calls [all platform tests](#platforms.yml).
 - "[extended tests]": calls the [extended tests](#extended.yml).
 - "[trigger downstream]": calls the [downstream release tests](#downstream-release.yml).
 To trigger multiple test suites, include multiple trigger strings in the commit message.
 For example, "[full tests] [trigger downstream]" will trigger both the platform tests and the downstream release tests.
 #### <a name="pr.yml"></a> Pull request workflow (`pr.yml`)
 This workflow runs on pull requests.
 It calls [basic checks](#basic.yml), [code coverage tests](#code-coverage.yml), [platform tests](#platforms.yml) and [scorecard analysis](#scorecard.yml).
 #### <a name="commit-to-main.yml"></a> Commit-to-main workflow (`commit-to-main.yml`)
 This workflow runs on pushes to the `main` branch (typically done automatically when a pull request is merged).
 It calls [platform tests](#platforms.yml), [code coverage tests](#code-coverage.yml), [scorecard analysis](#scorecard.yml), and [basic downstream tests](#downstream-basic.yml).
 #### <a name="weekly.yml"></a> Weekly workflow (`weekly.yml`)
 This workflow is triggered by a weekly schedule.
 It calls [extended tests](#extended.yml) and [scorecard analysis](#scorecard.yml).
 #### <a name="release.yml"></a> Release workflow (`release.yml`)
 This workflow is triggered when a release (including a pre-release) is published on GitHub.
 It calls [extended tests](#extended) and [downstream release tests](#downstream-release.yml).
 ### Callable workflows
 These workflows are not triggered directly by any GitHub event.
 They are instead called by one of the [caller workflows](#caller-workflows).
 Users with "write" permissions can also trigger them manually via the GitHub web UI or REST API.
 #### <a name="basic.yml"></a> Basic checks (`basic.yml`)
 This workflow runs a minimal set of tests that should pass before heavier tests are triggered.
 #### <a name="code-coverage.yml"></a> Code coverage tests (`code-coverage.yml`)
 This workflow runs code coverage tests and uploads the results to [Coveralls.io](https://coveralls.io/github/open-quantum-safe/liboqs).
 #### <a name="<platform>.yml"></a> Individual platform tests (`<platform>.yml`)
 These workflows contain tests for the individual [platforms supported by liboqs](PLATFORMS.md).
 Currently, these include
 - `android.yml`,
 - `apple.yml`,
 - `macos.yml`,
 - `linux.yml`,
 - `windows.yml`, and
 - `zephyr.yml`.
 All of these these are wrapped by [`platforms.yml`](#platforms.yml).
 #### <a name="platforms.yml"></a> All platform tests (`platforms.yml`)
 This workflow calls all of the [platform-specific tests](#<platform>.yml).
 #### <a name="extended.yml"></a> Extended tests (`extended.yml`)
 This workflow calls tests which are either resource intensive or rarely need to be triggered.
 Currently, this includes constant-time testing with valgrind and the full suite of NIST Known Answer Tests.
 #### <a name="downstream-basic.yml"></a> Basic downstream trigger (`downstream-basic.yml`)
 This workflow triggers basic CI for a selection of projects that depend on `liboqs`.
 Currently, these include
 - [`OQS OpenSSL3 provider`](https://github.com/open-quantum-safe/oqs-provider)
 - [`OQS-BoringSSL`](https://github.com/open-quantum-safe/boringssl)
 - [`OQS-OpenSSH`](https://github.com/open-quantum-safe/openssh)
 - [`OQS Demos`](https://github.com/open-quantum-safe/oqs-demos)
 - [`liboqs-cpp`](https://github.com/open-quantum-safe/liboqs-cpp)
 - [`liboqs-go`](https://github.com/open-quantum-safe/liboqs-go)
 - [`liboqs-python`](https://github.com/open-quantum-safe/liboqs-python)
 Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
 #### <a name="downstream-release.yml"></a> Downstream release trigger (`downstream-release.yml`)
 This workflow triggers release tests for a selection of projects that depend on `liboqs`.
 Currently, this is only the [`OQS OpenSSL3 provider`](https://github.com/open-quantum-safe/oqs-provider).
 Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
 #### <a name="scorecard.yml"></a> OpenSSF scorecard analysis (`scorecard.yml`)
 This workflow runs the [OpenSSF scorecard](https://github.com/ossf/scorecard) tool.
 It is additionally triggered automatically when branch protection rules are changed.
 Callers must include `secrets: inherit` in order for the appropriate access tokens to be passed to this workflow.
 ## Travis CI
 In the past, we used Travis CI to test on [some IBM platforms](PLATFORMS.md#tier-3-1) that are not supported by GitHub Actions.
 Our Travis builds are currently disabled pending resolution of [issue #1888](https://github.com/open-quantum-safe/liboqs/issues/1888).
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1,6 +1,6 @@
 # SPDX-License-Identifier: MIT
-cmake_minimum_required (VERSION 3.5)
+cmake_minimum_required (VERSION 3.15)
 # option() honors normal variables.
 # see: https://cmake.org/cmake/help/git-stage/policy/CMP0077.html
 if(POLICY CMP0077)
@ -18,14 +18,22 @@ if(POLICY CMP0067)
    cmake_policy(SET CMP0067 NEW)
 endif()
 project(liboqs C ASM)
 option(OQS_DIST_BUILD "Build distributable library with optimized code for several CPU microarchitectures. Enables run-time CPU feature detection." ON)
 option(OQS_BUILD_ONLY_LIB "Build only liboqs and do not expose build targets for tests, documentation, and pretty-printing available." OFF)
 set(OQS_MINIMAL_BUILD "" CACHE STRING "Only build specifically listed algorithms.")
 option(OQS_LIBJADE_BUILD "Enable formally verified implementation of supported algorithms from libjade." OFF)
 option(OQS_PERMIT_UNSUPPORTED_ARCHITECTURE "Permit compilation on an an unsupported architecture." OFF)
 option(OQS_STRICT_WARNINGS "Enable all compiler warnings." OFF)
 option(OQS_EMBEDDED_BUILD "Compile liboqs for an Embedded environment without a full standard library." OFF)
 option(OQS_USE_CUPQC "Utilize cuPQC as the backend for supported PQC algorithms." OFF)
 # Libfuzzer isn't supported on gcc
 if('${CMAKE_C_COMPILER_ID}' STREQUAL 'Clang')
    option(OQS_BUILD_FUZZ_TESTS "Build fuzz test suite" OFF)
 endif()
 set(OQS_OPT_TARGET auto CACHE STRING "The target microarchitecture for optimization.")
@ -33,11 +41,25 @@ set(CMAKE_C_STANDARD 11)
 set(CMAKE_C_STANDARD_REQUIRED ON)
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 set(CMAKE_C_VISIBILITY_PRESET hidden)
-set(OQS_VERSION_TEXT "0.9.0")
+set(OQS_VERSION_MAJOR 0)
 set(OQS_VERSION_MINOR 13)
 set(OQS_VERSION_PATCH 1)
 set(OQS_VERSION_PRE_RELEASE "-dev")
 set(OQS_VERSION_TEXT "${OQS_VERSION_MAJOR}.${OQS_VERSION_MINOR}.${OQS_VERSION_PATCH}${OQS_VERSION_PRE_RELEASE}")
 set(OQS_COMPILE_BUILD_TARGET "${CMAKE_SYSTEM_PROCESSOR}-${CMAKE_HOST_SYSTEM}")
 set(OQS_MINIMAL_GCC_VERSION "7.1.0")
 set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
 # Determine the flags for fuzzing. Use OSS-Fuzz's configuration if available, otherwise fall back to defaults.
 if(DEFINED ENV{LIB_FUZZING_ENGINE})
    set(FUZZING_ENGINE $ENV{LIB_FUZZING_ENGINE})
    set(FUZZING_COMPILE_FLAGS "")
    set(FUZZING_LINK_FLAGS "${FUZZING_ENGINE}")
 else()
    set(FUZZING_COMPILE_FLAGS "-fsanitize=fuzzer,address")
    set(FUZZING_LINK_FLAGS "-fsanitize=fuzzer,address")
 endif()
 # heuristic check to see whether we're running on a RaspberryPi
 if(EXISTS "/opt/vc/include/bcm_host.h")
 	add_definitions( -DOQS_USE_RASPBERRY_PI )
@ -80,12 +102,38 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc64|powerpc64)")
    if(${OQS_DIST_BUILD})
        set(OQS_DIST_PPC64_BUILD ON)
    endif()
 elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc|powerpc)")
    message(WARNING "There is currently no CI for: " ${CMAKE_SYSTEM_PROCESSOR})
    # CMake uses uname to derive CMAKE_SYSTEM_PROCESSOR value, so on Darwin
    # the value is identical for ppc and ppc64. To have the right build arch
    # in 64-bit case, we use CMAKE_OSX_ARCHITECTURES.
    if(APPLE AND CMAKE_OSX_ARCHITECTURES STREQUAL "ppc64")
        set(ARCH "ppc64")
        set(ARCH_PPC64 ON)
        if(${OQS_DIST_BUILD})
            set(OQS_DIST_PPC64_BUILD ON)
        endif()
    else()
        set(ARCH "ppc")
        set(ARCH_PPC ON)
        if(${OQS_DIST_BUILD})
            set(OQS_DIST_PPC_BUILD ON)
        endif()
    endif()
 elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x")
    set(ARCH "s390x")
    set(ARCH_S390X ON)
    if(${OQS_DIST_BUILD})
        set(OQS_DIST_S390X_BUILD ON)
    endif()
 elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "riscv")
    set(ARCH "riscv")
 elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "loongarch64")
    set(ARCH "loongarch64")
    set(ARCH_LOONGARCH64 ON)
    if(${OQS_DIST_BUILD})
        set(OQS_DIST_LOONGARCH64_BUILD ON)
    endif()
 elseif(OQS_PERMIT_UNSUPPORTED_ARCHITECTURE)
    message(WARNING "Unknown or unsupported processor: " ${CMAKE_SYSTEM_PROCESSOR})
    message(WARNING "Compilation on an unsupported processor should only be used for testing, as it may result an insecure configuration, for example due to variable-time instructions leaking secret information.")
@ -93,6 +141,20 @@ else()
    message(FATAL_ERROR "Unknown or unsupported processor: " ${CMAKE_SYSTEM_PROCESSOR} ". Override by setting OQS_PERMIT_UNSUPPORTED_ARCHITECTURE=ON")
 endif()
 if(${OQS_USE_CUPQC})
    # CMAKE's CUDA language requires CMAKE 3.18
    cmake_minimum_required (VERSION 3.18)
    enable_language(CUDA)
    if(NOT DEFINED CMAKE_CUDA_ARCHITECTURES)
      set(CMAKE_CUDA_ARCHITECTURES 80 90)
    endif()
    find_package(cuPQC 0.2.0 REQUIRED)
 endif()
 if (NOT ((CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin") AND (ARCH_X86_64 STREQUAL "ON")) AND (OQS_LIBJADE_BUILD STREQUAL "ON"))
    message(FATAL_ERROR "Building liboqs with libjade implementations from libjade is only supported on Linux and Darwin on x86_64.")
 endif()
 # intentionally don't switch to variables to avoid --warn-uninitialized report
 if(OQS_USE_CPU_EXTENSIONS)
    message(FATAL_ERROR "OQS_USE_CPU_EXTENSIONS is deprecated")
@ -111,7 +173,7 @@ endif()
 option(OQS_SPEED_USE_ARM_PMU "Use ARM Performance Monitor Unit during benchmarking" OFF)
-if(WIN32)
+if(WIN32 AND NOT (MINGW OR MSYS OR CYGWIN))
    set(CMAKE_GENERATOR_CC cl)
 endif()
@ -126,22 +188,41 @@ if(${OQS_USE_OPENSSL})
            elseif(EXISTS "/opt/homebrew/opt/openssl@1.1")
                set(OPENSSL_ROOT_DIR "/opt/homebrew/opt/openssl@1.1")
            endif()
        elseif(${CMAKE_HOST_SYSTEM_NAME} STREQUAL "Linux")
            set(OPENSSL_ROOT_DIR "/usr")
        endif()
    endif()
    find_package(OpenSSL 1.1.1 REQUIRED)
    if(OQS_DLOPEN_OPENSSL)
      find_program(OBJDUMP objdump)
      if(NOT OBJDUMP)
 	message(FATAL_ERROR "objdump not found. Please install it from binutils.")
      endif()
      execute_process(
 	COMMAND ${OBJDUMP} -p ${OPENSSL_CRYPTO_LIBRARY}
 	COMMAND sed -n "s/[ 	]\\{1,\\}SONAME[ 	]\\{1,\\}//p"
 	OUTPUT_VARIABLE OQS_OPENSSL_CRYPTO_SONAME
 	OUTPUT_STRIP_TRAILING_WHITESPACE
 	COMMAND_ERROR_IS_FATAL ANY)
      message(STATUS "OpenSSL dlopen SONAME: " ${OQS_OPENSSL_CRYPTO_SONAME})
    endif()
 endif()
 set(PUBLIC_HEADERS ${PROJECT_SOURCE_DIR}/src/oqs.h
                   ${PROJECT_SOURCE_DIR}/src/common/aes/aes_ops.h
                   ${PROJECT_SOURCE_DIR}/src/common/common.h
                   ${PROJECT_SOURCE_DIR}/src/common/rand/rand.h
-                   ${PROJECT_SOURCE_DIR}/src/common/aes/aes.h
+                   ${PROJECT_SOURCE_DIR}/src/common/sha2/sha2_ops.h
                   ${PROJECT_SOURCE_DIR}/src/common/sha3/sha3_ops.h
                   ${PROJECT_SOURCE_DIR}/src/common/sha3/sha3x4_ops.h
                   ${PROJECT_SOURCE_DIR}/src/kem/kem.h
                   ${PROJECT_SOURCE_DIR}/src/sig/sig.h
                   ${PROJECT_SOURCE_DIR}/src/sig_stfl/sig_stfl.h)
 set(INTERNAL_HEADERS ${PROJECT_SOURCE_DIR}/src/common/aes/aes.h
                     ${PROJECT_SOURCE_DIR}/src/common/rand/rand_nist.h
                     ${PROJECT_SOURCE_DIR}/src/common/sha2/sha2.h
                     ${PROJECT_SOURCE_DIR}/src/common/sha3/sha3.h
-                   ${PROJECT_SOURCE_DIR}/src/common/sha3/sha3x4.h
+                     ${PROJECT_SOURCE_DIR}/src/common/sha3/sha3x4.h)
                   ${PROJECT_SOURCE_DIR}/src/kem/kem.h
                   ${PROJECT_SOURCE_DIR}/src/sig/sig.h)
 if(${OQS_ENABLE_KEM_BIKE})
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/bike/kem_bike.h)
@ -162,18 +243,43 @@ endif()
 if(OQS_ENABLE_KEM_KYBER)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/kyber/kem_kyber.h)
 endif()
 if(OQS_ENABLE_KEM_ML_KEM)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/kem/ml_kem/kem_ml_kem.h)
 endif()
 if(OQS_ENABLE_SIG_DILITHIUM)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/dilithium/sig_dilithium.h)
 endif()
 if(OQS_ENABLE_SIG_ML_DSA)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/ml_dsa/sig_ml_dsa.h)
 endif()
 if(OQS_ENABLE_SIG_FALCON)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/falcon/sig_falcon.h)
 endif()
 if(OQS_ENABLE_SIG_SPHINCS)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/sphincs/sig_sphincs.h)
 endif()
 if(OQS_ENABLE_SIG_MAYO)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/mayo/sig_mayo.h)
 endif()
 if(OQS_ENABLE_SIG_CROSS)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/cross/sig_cross.h)
 endif()
 if(OQS_ENABLE_SIG_UOV)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/uov/sig_uov.h)
 endif()
 if(OQS_ENABLE_SIG_SNOVA)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig/snova/sig_snova.h)
 endif()
 ##### OQS_COPY_FROM_UPSTREAM_FRAGMENT_INCLUDE_HEADERS_END
 if(OQS_ENABLE_SIG_STFL_XMSS)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/xmss/sig_stfl_xmss.h)
 endif()
 if(OQS_ENABLE_SIG_STFL_LMS)
    set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_SOURCE_DIR}/src/sig_stfl/lms/sig_stfl_lms.h)
 endif()
 execute_process(COMMAND ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/include/oqs)
 execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${PUBLIC_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)
 execute_process(COMMAND ${CMAKE_COMMAND} -E copy ${INTERNAL_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs)
 configure_file(src/oqsconfig.h.cmake ${PROJECT_BINARY_DIR}/include/oqs/oqsconfig.h)
 set(PUBLIC_HEADERS ${PUBLIC_HEADERS} ${PROJECT_BINARY_DIR}/include/oqs/oqsconfig.h)
@ -215,3 +321,15 @@ endif()
 set(CPACK_DEBIAN_PACKAGE_MAINTAINER "www.openquantumsafe.org")
 include(CPack)
 # uninstall target
 if(NOT TARGET uninstall)
  configure_file(
    "${CMAKE_CURRENT_SOURCE_DIR}/.CMake/cmake_uninstall.cmake.in"
    "${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
    IMMEDIATE @ONLY)
  add_custom_target(uninstall
    COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)
 endif()
--- a/CONFIGURE.md
+++ b/CONFIGURE.md
@ -8,16 +8,22 @@ The following options can be passed to CMake before the build file generation pr
 - [CMAKE_INSTALL_PREFIX](#CMAKE_INSTALL_PREFIX)
 - [OQS_ALGS_ENABLED](#OQS_ALGS_ENABLED)
 - [OQS_BUILD_ONLY_LIB](#OQS_BUILD_ONLY_LIB)
- [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG)
+- [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG)
 - [OQS_MINIMAL_BUILD](#OQS_MINIMAL_BUILD)
 - [OQS_DIST_BUILD](#OQS_DIST_BUILD)
- [OQS_USE_CPUFEATURE_INSTRUCTIONS](OQS_USE_CPUFEATURE_INSTRUCTIONS)
+- [OQS_USE_CPUFEATURE_INSTRUCTIONS](#OQS_USE_CPUFEATURE_INSTRUCTIONS)
 - [OQS_USE_OPENSSL](#OQS_USE_OPENSSL)
 - [OQS_USE_CUPQC](#OQS_USE_CUPQC)
 - [OQS_OPT_TARGET](#OQS_OPT_TARGET)
 - [OQS_SPEED_USE_ARM_PMU](#OQS_SPEED_USE_ARM_PMU)
 - [USE_COVERAGE](#USE_COVERAGE)
 - [USE_SANITIZER](#USE_SANITIZER)
 - [OQS_ENABLE_TEST_CONSTANT_TIME](#OQS_ENABLE_TEST_CONSTANT_TIME)
 - [OQS_STRICT_WARNINGS](#OQS_STRICT_WARNINGS)
 - [OQS_EMBEDDED_BUILD](#OQS_EMBEDDED_BUILD)
 - [OQS_LIBJADE_BUILD](#OQS_LIBJADE_BUILD)
 - [OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG](#OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG)
 - [OQS_BUILD_FUZZ_TESTS](#OQS_BUILD_FUZZ_TESTS)
 ## BUILD_SHARED_LIBS
@ -31,7 +37,9 @@ This means liboqs is built as a static library by default.
 Can be set to the following values:
- `Debug`: This turns off all compiler optimizations and produces debugging information. When the compiler is Clang, the [USE_SANITIZER](#USE_SANITIZER) option can also be specified to enable a Clang sanitizer. **This value only has effect when the compiler is GCC or Clang**
+- `Debug`: This turns off all compiler optimizations and produces debugging information. **This value only has effect when the compiler is GCC or Clang**
  - The [USE_COVERAGE](#USE_COVERAGE) option can also be specified to enable code coverage testing.
  - When the compiler is Clang, the [USE_SANITIZER](#USE_SANITIZER) option can also be specified to enable a Clang sanitizer.
 - `Release`: This compiles code at the `O3` optimization level, and sets other compiler flags that reduce the size of the binary.
@ -41,13 +49,15 @@ Can be set to the following values:
 See the [CMake documentation](https://cmake.org/cmake/help/latest/variable/CMAKE_INSTALL_PREFIX.html).
-## OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG
+## OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG
-Note: `ALG` in `OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG` should be replaced with the specific algorithm name as demonstrated below.
+Note: `ALG` in `OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG` should be replaced with the specific algorithm name as demonstrated below.
 This can be set to `ON` or `OFF`, and is `ON` by default. When `OFF`, `ALG` and its code are excluded from the build process. When `ON`, made available are additional options whereby individual variants of `ALG` can be excluded from the build process. 
-For example: if `OQS_ENABLE_KEM_BIKE` is set to `ON`, the options `OQS_ENABLE_KEM_bike1_l1_cpa`, `OQS_ENABLE_KEM_bike1_l1_fo`, `OQS_ENABLE_KEM_bike1_l3_cpa`, `OQS_ENABLE_KEM_bike1_l3_fo` are made available (and are set to be `ON` by default). 
+For example: if `OQS_ENABLE_KEM_BIKE` is set to `ON`, the options `OQS_ENABLE_KEM_bike_l1`, `OQS_ENABLE_KEM_bike_l3`, and `OQS_ENABLE_KEM_bike_l5` are made available (and are set to be `ON` by default).
 To enable `XMSS` stateful signature, set `OQS_ENABLE_SIG_STFL_XMSS` to `ON`, the options `OQS_ENABLE_SIG_STFL_xmss_sha256_h10` and its variants are also set to be `ON` by default. Similarly, `LMS` stateful signature family can also be enabled by setting `OQS_ENABLE_SIG_STFL_LMS` to `ON`.
 For a full list of such options and their default values, consult [.CMake/alg_support.cmake](https://github.com/open-quantum-safe/liboqs/blob/master/.CMake/alg_support.cmake).
@ -55,7 +65,9 @@ For a full list of such options and their default values, consult [.CMake/alg_su
 ## OQS_ALGS_ENABLED
-Selects algorithm set enabled. Possible values are "STD" selecting all algorithms standardized by NIST; "NIST_R4" selecting all algorithms evaluated in round 4 of the NIST PQC competition; "All" (or any other value) selecting all algorithms integrated into liboqs. Parameter setting "STD" minimizes library size but may require re-running code generator scripts in projects integrating `liboqs`, e.g., [oqs-openssl111](https://github.com/open-quantum-safe/openssl) or [oqs-openssh](https://github.com/open-quantum-safe/openssh).
+A selected algorithm set is enabled. Possible values are "STD" selecting all algorithms standardized by NIST; "NIST_R4" selecting all algorithms evaluated in round 4 of the NIST PQC competition; "NIST_SIG_ONRAMP" selecting algorithms evaluated in the NIST PQC "onramp" standardization for additional signature schemes; "All" (or any other value) selecting all algorithms integrated into liboqs. Parameter setting "STD" minimizes library size but may require re-running code generator scripts in projects integrating `liboqs`; e.g., [oqs-provider](https://github.com/open-quantum-safe/oqs-provider) and [oqs-boringssl](https://github.com/open-quantum-safe/boringssl).
 **Attention**: If you use any predefined value (`STD` or `NIST_R4` or `NIST_SIG_ONRAMP` as of now) for this variable, the values added via [OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG](#OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG/OQS_ENABLE_SIG_STFL_ALG) variables will be ignored.
 **Default**: `All`.
@ -67,9 +79,9 @@ Can be `ON` or `OFF`. When `ON`, only liboqs is built, and all the targets: `run
 ## OQS_MINIMAL_BUILD
-If set, this defines a semicolon deliminated list of algorithms to be contained in a minimal build of `liboqs`: Only algorithms explicitly set here are included in a build: For example running `cmake -DOQS_MINIMAL_BUILD="KEM_kyber_768;SIG_dilithium_3" ..` will build a minimum-size `liboqs` library only containing support for Kyber768 and Dilithium3.
+If set, this defines a semicolon-delimited list of algorithms to be contained in a minimal build of `liboqs`: Only algorithms explicitly set here are included in a build: For example running `cmake -DOQS_MINIMAL_BUILD="KEM_kyber_768;SIG_dilithium_3" ..` will build a minimum-size `liboqs` library only containing support for Kyber768 and Dilithium3.
-The full list of identifiers that can set are listed [here for KEM algorithms](https://github.com/open-quantum-safe/liboqs/blob/main/src/kem/kem.h#L34) and [here for Signature algorithms](https://github.com/open-quantum-safe/liboqs/blob/f3caccff9e6225e7c50ca27f5ee6e58b7bc74188/src/sig/sig.h#L34). Default setting is empty, thus including all [supported algorithms](https://github.com/open-quantum-safe/liboqs#supported-algorithms) in the build.
+The full list of identifiers that can be set is listed [here for KEM algorithms](https://github.com/open-quantum-safe/liboqs/blob/main/src/kem/kem.h#L34) and [here for Signature algorithms](https://github.com/open-quantum-safe/liboqs/blob/f3caccff9e6225e7c50ca27f5ee6e58b7bc74188/src/sig/sig.h#L34). The default setting is empty, thus including all [supported algorithms](https://github.com/open-quantum-safe/liboqs#supported-algorithms) in the build.
 **Default**: Unset.
@ -89,13 +101,13 @@ When built for use on a single machine, the library will only include the best a
 Note: `CPUFEATURE` in `OQS_USE_CPUFEATURE_INSTRUCTIONS` should be replaced with the specific CPU feature as noted below.
-These can be set to `ON` or `OFF` and take an effect if liboqs is built for use on a single machine. By default, the CPU features are automatically determined and set to `ON` or `OFF` based on the CPU features available on the build system. The default values can be overridden by providing CMake build options. The available options on x86-64 are: `OQS_USE_ADX_INSTRUCTIONS`, `OQS_USE_AES_INSTRUCTIONS`, `OQS_USE_AVX_INSTRUCTIONS`, `OQS_USE_AVX2_INSTRUCTIONS`, `OQS_USE_AVX512_INSTRUCTIONS`, `OQS_USE_BMI1_INSTRUCTIONS`, `OQS_USE_BMI2_INSTRUCTIONS`, `OQS_USE_PCLMULQDQ_INSTRUCTIONS`, `OQS_USE_VPCLMULQDQ_INSTRUCTIONS`, `OQS_USE_POPCNT_INSTRUCTIONS`, `OQS_USE_SSE_INSTRUCTIONS`, `OQS_USE_SSE2_INSTRUCTIONS` and `OQS_USE_SSE3_INSTRUCTIONS`. The available options on ARM64v8 are `OQS_USE_ARM_AES_INSTRUCTIONS`, `OQS_USE_ARM_SHA2_INSTRUCTIONS`, `OQS_USE_ARM_SHA3_INSTRUCTIONS` and `OQS_USE_ARM_NEON_INSTRUCTIONS`.
+These can be set to `ON` or `OFF` and take effect if liboqs is built for use on a single machine. By default, the CPU features are automatically determined and set to `ON` or `OFF` based on the CPU features available on the build system. The default values can be overridden by providing CMake build options. The available options on x86-64 are: `OQS_USE_ADX_INSTRUCTIONS`, `OQS_USE_AES_INSTRUCTIONS`, `OQS_USE_AVX_INSTRUCTIONS`, `OQS_USE_AVX2_INSTRUCTIONS`, `OQS_USE_AVX512_INSTRUCTIONS`, `OQS_USE_BMI1_INSTRUCTIONS`, `OQS_USE_BMI2_INSTRUCTIONS`, `OQS_USE_PCLMULQDQ_INSTRUCTIONS`, `OQS_USE_VPCLMULQDQ_INSTRUCTIONS`, `OQS_USE_POPCNT_INSTRUCTIONS`, `OQS_USE_SSE_INSTRUCTIONS`, `OQS_USE_SSE2_INSTRUCTIONS` and `OQS_USE_SSE3_INSTRUCTIONS`. The available options on ARM64v8 are `OQS_USE_ARM_AES_INSTRUCTIONS`, `OQS_USE_ARM_SHA2_INSTRUCTIONS`, `OQS_USE_ARM_SHA3_INSTRUCTIONS` and `OQS_USE_ARM_NEON_INSTRUCTIONS`.
 **Default**: Options valid on the build machine.
 ## OQS_USE_OPENSSL
-In order to save size and limit the mount of different cryptographic code bases, it is possible to use OpenSSL as a crypto code provider by setting this configuration option.
+To save size and limit the amount of different cryptographic code bases, it is possible to use OpenSSL as a crypto code provider by setting this configuration option.
 This can be set to `ON` or `OFF`. When `ON`, the additional options `OQS_USE_AES_OPENSSL`, `OQS_USE_SHA2_OPENSSL`, and `OQS_USE_SHA3_OPENSSL` are made available to control whether liboqs uses OpenSSL's AES, SHA-2, and SHA-3 implementations.
@ -104,12 +116,48 @@ By default,
 - `OQS_USE_SHA2_OPENSSL` is `ON`
 - `OQS_USE_SHA3_OPENSSL` is `OFF`.
-These default choices have been made in order to optimize the default performance of all algorithms. Changing them implies performance penalties.
+These default choices have been made to optimize the default performance of all algorithms. Changing them implies performance penalties.
-When `OQS_USE_OPENSSL` is `ON`, CMake also scans the filesystem to find the minimum version of OpenSSL required by liboqs (which happens to be 1.1.1). The `OPENSSL_ROOT_DIR` option can be set to aid CMake in its search.
+When `OQS_USE_OPENSSL` is `ON`, CMake also scans the filesystem to find the minimum version of OpenSSL required by liboqs (which happens to be 1.1.1). The [OPENSSL_ROOT_DIR](https://cmake.org/cmake/help/latest/module/FindOpenSSL.html) option can be set to aid CMake in its search.
 **Default**: `ON`.
 ### OQS_DLOPEN_OPENSSL
 Dynamically load OpenSSL through `dlopen`. When using liboqs from other cryptographic libraries, hard dependency on OpenSSL is sometimes undesirable. If this option is `ON`, loading of OpenSSL will be deferred until any of the OpenSSL functions is used.
 Only has an effect if the system supports `dlopen` and ELF binary format, such as Linux or BSD family.
 ### OQS_USE_CUPQC
 Can be `ON` or `OFF`.  When `ON`, use NVIDIA's cuPQC library where able (currently just ML-KEM).  When this option is enabled, liboqs may not run correctly on machines that lack supported GPUs. To download cuPQC follow the instructions at (https://developer.nvidia.com/cupqc-download/). Detailed descriptions of the API, requirements, and installation guide are in the cuPQC documentation (https://docs.nvidia.com/cuda/cupqc/index.html). While the code shipped by liboqs required to use cuPQC is licensed under Apache 2.0 the cuPQC SDK comes with its own license agreement (https://docs.nvidia.com/cuda/cupqc/license.html). 
 **Default**: `OFF`
 ## Stateful Hash Based Signatures 
 XMSS and LMS are the two supported Hash-Based Signatures schemes.
 `OQS_ENABLE_SIG_STFL_XMSS` and `OQS_ENABLE_SIG_STFL_LMS` control these algorithms, which are disabled by default.
 A third variable, `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN`, also controls the ability to generate keys and signatures. This is also disabled by default.
 Each of these variables can be set to `ON` or `OFF`.
 When all three are `ON`, stateful signatures are fully functional and can generate key pairs, sign data, and verify signatures.
 If `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN` is `OFF` signature verification is the only functional operation.
 Standards bodies, such as NIST, recommend that key and signature generation only by done in hardware in order to best enforce the one-time use of secret keys.
 Keys stored in a file system are extremely susceptible to simultaneous use.
 When enabled in this library a warning message will be generated by the config process.
 The name of the configuration variable has been chosen to make every user of this feature aware of its security risks.
 The OQS team explicitly discourages enabling this variable and reserves the right to remove this feature in future releases if its use causes actual harm.
 It remains present as long as it is responsibly used as per the stated warnings.
 By default,
 - `OQS_ENABLE_SIG_STFL_XMSS` is `OFF` 
 - `OQS_ENABLE_SIG_STFL_LMS` is `OFF`
 - `OQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN` is `OFF`.
 **Default**: `OFF`.
 ## OQS_OPT_TARGET
 An optimization target. Only has an effect if the compiler is GCC or Clang and `OQS_DIST_BUILD=OFF`. Can take any valid input to the `-march` (on x86-64) or `-mcpu` (on ARM32v7 or ARM64v8) option for `CMAKE_C_COMPILER`. Can also be set to one of the following special values.
@ -122,15 +170,21 @@ An optimization target. Only has an effect if the compiler is GCC or Clang and `
 Can be `ON` or `OFF`. When `ON`, the benchmarking script will try to use the ARMv8 Performance Monitoring Unit (PMU). This will make cycle counts on ARMv8 platforms significantly more accurate.
-In order to use this option, user mode access to the PMU must be enabled via a kernel module. If user mode access is not enabled via kernel module, benchmarking will throw an `Illegal Instruction` error. A kernel module that has been found to work on several platforms can be found [here for linux](https://github.com/mupq/pqax#enable-access-to-performance-counters). Follow the instructions there (i.e., clone the repository, `cd enable_ccr` and `make install`) to load the kernel module, after which benchmarking should work. Superuser permissions are required. Linux header files must also be installed on your platform, which may not be present by default.
+In order to use this option, user mode access to the PMU must be enabled via a kernel module. If user mode access is not enabled via the kernel module, benchmarking will throw an `Illegal Instruction` error. A kernel module that has been found to work on several platforms can be found [here for Linux](https://github.com/mupq/pqax#enable-access-to-performance-counters). Follow the instructions there (i.e., clone the repository, `cd enable_ccr` and `make install`) to load the kernel module, after which benchmarking should work. Superuser permissions are required. Linux header files must also be installed on your platform, which may not be present by default.
 Note that this option is not known to work on Apple M1 chips.
 **Default**: `OFF`.
 ## USE_COVERAGE
 This has an effect when the compiler is GCC or Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) is `Debug`. Can be `ON` or `OFF`. When `ON`, code coverage testing will be enabled.
 **Default**: Unset.
 ## USE_SANITIZER
-This has effect when the compiler is Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) is `Debug`. Then, it can be set to:
+This has an effect when the compiler is Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) is `Debug`. Then, it can be set to:
 - `Address`: This enables Clang's `AddressSanitizer`
 - `Memory`: This enables Clang's `MemorySanitizer`
@ -145,14 +199,44 @@ This has effect when the compiler is Clang and when [CMAKE_BUILD_TYPE](#CMAKE_BU
 This is used in conjunction with `tests/test_constant_time.py` to use Valgrind to look for instances of secret-dependent control flow.  liboqs must also be compiled with [CMAKE_BUILD_TYPE](#CMAKE_BUILD_TYPE) set to `Debug`.  
-See the documentation in [`tests/test_constant_time.py`](https://github.com/open-quantum-safe/liboqs/blob/main/tests/test_constant_time.py) for more information on usage.
+See the documentation in [`tests/test_constant_time.py`](https://github.com/open-quantum-safe/liboqs/blob/main/tests/test_constant_time.py) for more usage information.
 **Default**: `OFF`.
 ## OQS_STRICT_WARNINGS
-Can be `ON` or `OFF`. When `ON`, all compiler warnings are enabled and treated as errors. This setting is recommended to be enabled prior to submission of a Pull Request as CI runs with this setting active. When `OFF`, significantly fewer compiler warnings are enabled such as to avoid undue build errors triggered by (future) compiler warning features/unknown at development time of this library.
+Can be `ON` or `OFF`. When `ON`, all compiler warnings are enabled and treated as errors. This setting is recommended to be enabled prior to submission of a Pull Request as CI runs with this setting active. When `OFF`, significantly fewer compiler warnings are enabled such as to avoid undue build errors triggered by (future) compiler warning features/unknown at the development time of this library.
 **Default**: `OFF`.
 ## OQS_EMBEDDED_BUILD
 Can be `ON` or `OFF`. When `ON`, calls to standard library functions typically not present in a bare-metal embedded environment are excluded from compilation. 
 At the moment, this is **only** considered for random number generation, as both `getentropy()` and a file based `/dev/urandom` are not available on embedded targets (e.g. the Zephyr port).
 **Attention**: When this option is enabled, you have to supply a custom callback for obtaining random numbers using the `OQS_randombytes_custom_algorithm()` API before accessing the cryptographic API. Otherwise, all key generation and signing operations will fail. 
 **Default**: `OFF`.
 ## OQS_LIBJADE_BUILD
 Can be `ON` or `OFF`. When `ON` liboqs is built to use high assurance implementations of cryptographic algorithms from [Libjade](https://github.com/formosa-crypto/libjade). The cryptographic primitives in Libjade are written using [Jasmin](https://github.com/jasmin-lang/jasmin) and built using the Jasmin compiler. The Jasmin compiler is proven (in Coq) to preserve semantic correctness of a program, maintain secret-independence of control flow, and maintain secret independence of locations of memory access through compilation. Additionally, the Jasmin compiler guarantees thread safety because Jasmin doesn't support global variables. 
 At the moment, Libjade only provides Kyber512 and Kyber768 KEMs. 
 At the moment, libjade only supports Linux and Darwin based operating systems on x86_64 platforms.
 **Default** `OFF`.
 ## OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG
 Note: `ALG` in `OQS_ENABLE_LIBJADE_KEM_ALG/OQS_ENABLE_LIBJADE_SIG_ALG` should be replaced with the specific algorithm name as demonstrated in OQS_ENABLE_KEM_ALG/OQS_ENABLE_SIG_ALG.
 **Default**: `OFF` if OQS_LIBJADE_BUILD is `OFF` else unset.
 ## OQS_BUILD_FUZZ_TESTS
 Can be `ON` or `OFF`. When `ON` liboqs the fuzz test-suite will be enabled. This option is only available if the c compiler is set to clang i.e. `-DCMAKE_C_COMPILER=clang`.
 Note: It is strongly recommended that this configuration be enabled with `CFLAGS=-fsanitize=address,fuzzer-no-link LDFLAGS=-fsanitize=address`. While fuzzing will run without these flags, enabling this instrumentation will make fuzzing performance much faster and catch [potential memory related bugs](https://clang.llvm.org/docs/AddressSanitizer.html). 
 **Default** `OFF`.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -5,6 +5,14 @@ the form of [a discussion](https://github.com/open-quantum-safe/liboqs/discussio
 for input or feedback, possible bug reports or feature requests via [issues](https://github.com/open-quantum-safe/liboqs/issues)
 as well as new code and documentation via a [pull request (PR)](https://github.com/open-quantum-safe/liboqs/pulls).
 ## Baseline design goal
 OQS is a collection of many different PQC algorithms, maintained by a small team of people who are not guaranteed to be versed in the intricate details of each algorithm.
 Therefore, all contributions to the general logic of the project should be as independent of any single algorithm such as to ease long-term maintainability. If changes are contributed catering to the properties of a specific algorithm, it is expected that consideration is given at least how the other algorithms of the same type (KEM or SIG) should cater to the proposed changes, e.g., by way of a new, generally satisfiable API.
 All contributions to a specific algorithm ideally come with the willingness to provide long-term support, or at least a contact person that can help the OQS team pinpoint potential problems with the algorithm.
 ## Review and Feedback
 We aim to provide timely feedback to any input. If you are uncertain as to whether
@ -26,38 +34,54 @@ them before the final "Review" stage.
 This project has adopted a slightly modified [Google code formatting style](https://astyle.sourceforge.net/astyle.html#_style=google) for the core components
 of the library as documented in the [style template](.astylerc).
 The `astyle` tool is used to check formatting in CI.
 Due to variations in behaviour across version and platforms, it is possible to encounter CI failures even if code has been locally formatted with `astyle`.
 To assist with this inconvenience, we provide a convenience script which runs `astyle` in the same Docker image that we use for the CI checks:
 ```bash
 LIBOQS_DIR=<liboqs directory> ./scripts/format_code.sh
 ```
 This script has been tested on x86\_64 Ubuntu and arm64 macOS. Contributions for other platforms are welcome and appreciated!
-To check adherence of any new code to this, it therefore is highly recommended to
+### Continuous Integration (CI)
 run the following command in the project main directory prior to finishing a PR:
-    find src tests -name '*.[ch]' | grep -v '/external/' | grep -v 'kem/.*/.*/.*' | grep -v 'sig/.*/.*/.*' | xargs astyle --dry-run --options=.astylerc | grep Format
+`liboqs` uses GitHub Actions for CI.
 For a comprehensive overview of our CI setup, see [CI.md](CI.md).
-### Running CI locally
+#### Running CI on your branch
-#### CircleCI
+OQS attempts to be responsible with resource usage and only runs a minimal set of tests automatically on push.
 A more thorough test suite runs automatically on pull requests.
 To trigger these tests before creating a PR, include the string "[full tests]" in a commit message.
 Other trigger strings are documented in [CI.md](CI.md#push.yml).
-If encountering CI errors in CircleCI, it may be helpful to execute the test jobs
+#### Running CI locally
 locally to debug. This can be facilitated by executing the command
   circleci local execute --job some-test-job
 assuming "some-test-job" is the name of the test to be executed and the CircleCI
 [command line tools have been installed](https://circleci.com/docs/local-cli).
 #### Github CI
 [Act](https://github.com/nektos/act) is a tool facilitating local execution of
-github CI jobs. When executed in the main `oqsprovider` directory, 
+GitHub CI jobs. When executed in the main `liboqs` directory, 
-    act -l Displays all github CI jobs
+    act -l Displays all GitHub CI jobs
    act -j some-job Executes "some-job"
-When installing `act` as a github extension, prefix the commands with `gh `.
+When installing `act` as a GitHub extension, prefix the commands with `gh `.
 ## Modifications to CI
 Modifications to GitHub Actions workflows are checked with [actionlint](https://github.com/rhysd/actionlint) during the [basic.yml](.github/workflows/basic.yml) job, protecting the CI chain and against wrong approval decisions based on improper CI runs.  Changes to these workflows can be validated locally with `actionlint`:
 ```bash
 actionlint .github/workflows/*.yml
 ```
 or running the CI locally (as above):
 ```bash
 act workflow_call -W '.github/workflows/basic.yml'
 ```
 ### New features
 Any PR introducing a new feature is expected to contain a test of this feature
-and this test should be part of the CI pipeline, preferably using Github CI.
+and this test should be part of the CI pipeline.
 ## Failsafe
@ -68,6 +92,3 @@ add a tag to one or more of our [most active contributors](https://github.com/op
 If you feel like contributing but don't know what specific topic to work on,
 please check the [open issues tagged "good first issue" or "help wanted"](https://github.com/open-quantum-safe/liboqs/issues).
--- a/6
+++ b/6
@ -10,7 +10,7 @@ Ben Davies (University of Waterloo)
 Javad Doliskani (University of Waterloo)
 Ted Eaton (University of Waterloo)
 Nicholas Fulton (Arizona State University)
-Vlad Gheorghiu (evolutionQ, University of Waterloo)
+Vlad Gheorghiu (softwareQ Inc., University of Waterloo)
 Jason Goertzen (University of Waterloo)
 Shay Gueron (Amazon Web Services)
 Torben Hansen (Royal Holloway University of London)
@ -34,5 +34,9 @@ Karolin Varner
 Sebastian Verschoor (University of Waterloo)
 Thom Wiggers (Radboud University)
 Dindyal Jeevesh Rishi (University of Mauritius / cyberstorm.mu)
 Duc Tri Nguyen
 Marco Gianvecchio (Politecnico di Milano)
 Alessandro Barenghi (Politecnico di Milano)
 Gerardo Pelosi (Politecnico di Milano)
 See additional contributors at https://github.com/open-quantum-safe/liboqs/graphs/contributors
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@ -0,0 +1,124 @@
 # Governance
 ## Basic principles
 The Open Quantum Safe project aims to operate by the following principles:
 - **Openness**: The project will be open in its operation, open to contributions, and produce open source software.
 - **Respect**: The project will foster respectful interactions with all participants.
 - **Scientific integrity**: The project will follow advancements in cryptographic research and will be guided by standards and best practices.
 Decision making in the project will follow the principles above, and be governed first and foremost by reason and mutually respectful interaction between all participants.
 The project will aim to build consensus for decisions, and will where possible operate by the approach of [lazy consensus](https://community.apache.org/committers/decisionMaking.html).
 If decisions cannot be reached using lazy consensus, voting will be used to come to a resolution.
 ## Community and Roles
 The OQS community is open to all who would like to participate in the project following its principles, including academic, industry, public sector, and individual contributors.
 The following roles exist in the project:
 ### Users
 A **User** is a person or organization using software produced by the project.
 Responsibilities:
 - Abide by the [license](LICENSE.txt)
 - Consider participating in the project!
 ### Community Members
 A **Community Member** is a User who interacts with the project, for example by participating in discussions on Github or mailing lists, or in project meetings.
 Responsibilities:
 - Follow the [code of conduct](CODE_OF_CONDUCT.md)
 ### Contributors
 A **Contributor** is a Community Member who contributes directly to the project by submitting code or documentation, or actively participating in issues or pull requests on Github.
 ### Committers
 A **Committer** is a Contributor with increased experience in the project who helps review pull requests and actively participates in discussions about the project. Committers will be members of the open-quantum-safe GitHub organization and will have "write" permissions in GitHub.
 Responsibilities:
 - Further the goals of the project.
 - Monitor and respond to GitHub issues.
 - Review and merge pull requests.
 - Assist with security releases when required.
 - Participate in discussions and project meetings.
 ### Maintainers
 A **Maintainer** is a Committer who makes significant and sustained contributions to the project, and is committed to guiding the direction of the project. Maintainers will have "administrative" permissions in GitHub.
 Responsibilities:
 - Oversee the overall project health and growth.
 - Lead communication for the project.
 - Define general and technical guidelines for the project.
 - Identify priorities and manage the release cycle.
 ### Change of role
 Any Community Member may become a Contributor by creating a pull request (PR) and getting it successfully reviewed and merged by Committers.
 Any Contributor can become a Committer by contributing sufficient code and displaying deep subject matter knowledge in discussions such that a majority of Committers vote for this change of role. A Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of Committers.
 As such a voting decision may be considered subjective, Contributors striving to become Committers are encouraged to ask for advice from Committers/Maintainers as to what they can do to obtain this role. Baseline requirements for contributions are documented in [CONTRIBUTING.md](CONTRIBUTING.md). Any Contributor can create a discussion item to request a vote to become Committer.
 Any Committer can become a Maintainer by majority vote of voting Committers. A current Maintainer can veto such a vote. Such a veto can be overruled by a 2/3 majority of all Committers.
 A Maintainer is not permitted to remove another Maintainer's GitHub privileges.
 A Committer may be automatically moved to Contributor status if not actively contributing by discussion or PR review during the last 90 days or by voluntarily suspending this status (e.g., by taking a ["Leave of absence"](#leave-of-absence)). If a Maintainer loses or relinquishes the Committer status and, hence, the Maintainer status, the Committers have to determine whether a new Maintainer needs to be elected.
 Any person violating the [code of conduct](CODE_OF_CONDUCT.md), consistently not fulfilling the role responsibilities, or for other reasons can lose the role held if a simple majority of Committers votes for such removal and no Maintainer vetoes that decision. If a Maintainer is to be removed from that role a 2/3 majority of Committers must agree.
 Depending on the reason for removal, a Maintainer may be converted to Emeritus status. Emeritus Maintainers may still be consulted on some project matters, and can be returned to Maintainer status if their availability changes and a simple majority of Committers agrees.
 ### Leave of absence
 Any Committer may voluntarily step down from the role for a documented period of time, losing voting rights for that time period. The period is documented in this file next to the person's name below.  At the end of this time period, the Committer automatically regains their voting rights.
 A leave of absence may not be longer than a year. If the Committer needs to be away for longer than that, they must step down from that role unconditionally, and regaining that role becomes subject of normal procedures to become Committer, as described in ["Change of role"](#change-of-role) above.
 ## Voting
 Change of role or changes to this document is subject to voting.
 Votes are to be executed by way of open GitHub discussions. No quorum is needed for votes open for 4 weeks. Urgent matters may be decided by majority vote among Maintainers or 2/3 majority by all Committers within an arbitrary voting period.
 ## Current Maintainers and Committers
 ### Maintainers
@baentsch (on leave of absence as of March 11, 2025)
@dstebila
@SWilson4
 ### Committers
@baentsch (on leave of absence as of March 11, 2025)
@bhess
@christianpaquin
@dstebila
@Martyrshot
@praveksharma
@SWilson4
@vsoftco
 ## Former Maintainers and Committers
 OQS is grateful to the following individuals who have previously served as Maintainers or Committers for liboqs.
 ### Former Committers
@jschanck
 ## Afterword
 *This governance document was based in part of the [Falco Project governance document](https://github.com/falcosecurity/evolution/blob/main/GOVERNANCE.md).
--- a/LICENSE.txt
+++ b/LICENSE.txt
@ -4,7 +4,7 @@ differently; the corresponding subfolder contains the license that applies in
 that case.
-Copyright (c) 2016-2021 Open Quantum Safe project
+Copyright (c) 2016-2024 The Open Quantum Safe project authors
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/PLATFORMS.md
+++ b/PLATFORMS.md
@ -0,0 +1,68 @@
 # Supported platforms
 This file documents the different platforms supported by `liboqs` and therefore defines three different support tiers:
 ## Support tiers
 This classification is roughly based on the [rust platform support tier classification](https://doc.rust-lang.org/beta/rustc/platform-support.html):
 ### Tier 1
 Tier 1 targets can be thought of as "guaranteed to work". The CI system builds and tests binary versions for each tier 1 target to make sure any change does not negatively affect those platforms. Platform-specific build documentation must exist. Tier 1 targets marked with a dagger (†) are additionally tested for constant-time behaviour. The CI system contains automated constant-time testing for each of these starred targets, and all failures are documented in the `tests/constant_time` directory. IMPORTANT: This does not mean that constant-time behaviour is guaranteed on these targets, or that non-constant-time behaviour is limited to documented exceptions. It does, however, mean that `liboqs` developers should track constant-time issues on these platforms.
 Tier 1 platforms are also prioritized for security support, as per the [OQS security response process](https://github.com/open-quantum-safe/tsc/blob/main/security/response-process.md).
 ### Tier 2
 Tier 2 targets can be thought of as "guaranteed to build". The `liboqs` CI system contains builds for each tier 2 target; testing may or may not be available (typically depending on CI system platform availability). Therefore, tier 2 targets often work to quite a good degree and patches are always welcome! Tier 2 targets may also have known deficiencies caused by a lack of expertise to fix those on a given platform. Again, help and PRs to move platforms from tier 2 to tier 1 are always welcome.
 ### Tier 3
 Tier 3 targets are those which the `liboqs` codebase has support for, but which the CI system does not build or test automatically, so they may or may not work. Platform-specific build documentation should exist.
 ## Platform tier policy
 Tier 2 and tier 1 targets place work on `liboqs` core project developers as a whole, to avoid breaking the target. The broader `liboqs` community may also feel more inclined to support higher-tier targets in their work. Thus, these tiers require commensurate and ongoing efforts from the maintainers of the target, to demonstrate value and to minimize any disruptions to ongoing `liboqs` development.
 This policy defines the requirements for accepting a proposed target at a given level of support.
 Each tier builds on all the requirements from the previous tier, unless overridden by a stronger requirement.
 Change of tier is subject to approval by the `liboqs` technical governance team.  This team is responsible for reviewing and evaluating the target, based on these requirements and their own judgment. The tea may apply additional requirements, including subjective requirements, such as to deal with issues not foreseen by this policy. (Such requirements may subsequently motivate additions to this policy.)
 While these criteria attempt to document the policy, that policy still involves human judgment. Targets must fulfill the spirit of the requirements as well, as determined by the judgment of the approving team. Reviewers and team members evaluating targets and target-specific patches should always use their own best judgment regarding the quality of work, and the suitability of a target for the `liboqs` project. Neither this policy nor any decisions made regarding targets shall create any binding agreement or estoppel by any party.
 Before filing an issue or pull request (PR) to introduce or promote a target, the target should already meet the corresponding tier requirements. This does not preclude an existing target's maintainers using issues (on the `liboqs` repository or otherwise) to track requirements that have not yet been met, as appropriate; however, before officially proposing the introduction or promotion of a target, it should meet all of the necessary requirements. A target proposal must quote the corresponding requirements verbatim and respond to them as part of explaining how the target meets those requirements. (For the requirements that simply state that the target or the target developers must not do something, it suffices to acknowledge the requirement.)
 Several parts of this policy require providing target-specific documentation. Such documentation should typically appear in a subdirectory of the platform-support section of the `liboqs` manual, with a link from the target's entry in platform support.
 Note that a target must have already received approval for the next lower tier, and spent a reasonable amount of time at that tier, before making a proposal for promotion to the next higher tier; this is true even if a target meets the requirements for several tiers at once. This policy leaves the precise interpretation of "reasonable amount of time" up to the approving team; the team may scale the amount of time required based on their confidence in the target and its demonstrated track record at its current tier. At a minimum, multiple stable releases of `liboqs` should typically occur between promotions of a target.
 The availability or tier of a target in stable `liboqs` is not a hard stability guarantee about the future availability or tier of that target. Higher-level target tiers are an increasing commitment to the support of a target, and we will take that commitment and potential disruptions into account when evaluating the potential demotion or removal of a target that has been part of a stable release. The promotion or demotion of a target will not generally affect existing stable releases, only current development and future releases.
 In this policy, the words "must" and "must not" specify absolute requirements that a target must meet to qualify for a tier. The words "should" and "should not" specify requirements that apply in almost all cases, but for which the approving teams may grant an exception for good reason. The word "may" indicates something entirely optional, and does not indicate guidance or recommendations. This language is based on [IETF RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
 ## Platforms supported
 ### Tier 1
 - x86_64/amd64/x64 for Ubuntu Linux (Noble)†
 - x86_64/amd64/x64 for MacOS (XCode 15)
 - aarch64 for Ubuntu (Noble)
 - aarch64 for MacOS (XCode 15 and 16)
 - armhf/ARM7 and aarch64 emulation on Ubuntu
 ### Tier 2
 - x86_64/amd64/x64 for Windows (Visual Studio Toolchain) 2022 and 2025
 - armeabi-v7a, arm64-v8a, x86, x86_64 for Android
 - aarch64 for Apple iOS and tvOS (CMake `-DPLATFORM=OS64` and `TVOS`)
 - arm64, arm (32 bit), x86, x86_64, riscv32, riscv64 for Zephyr
 ### Tier 3
 - x86 for Windows (Visual Studio Toolchain)
 - ppc641e for Ubuntu (Focal)
 - s390x for Ubuntu (Focal)
 - loongarch64 for Debian Linux (trixie)
 - NVIDIA GPU architectures 70, 75, 80, 86, 89, and 90 with a x86_64 CPU for Linux
--- a/README.md
+++ b/README.md
@ -1,22 +1,29 @@
 [AppVeyor](https://ci.appveyor.com/project/dstebila/liboqs): ![Build status image](https://ci.appveyor.com/api/projects/status/9d2ts78x88r8wnii/branch/main?svg=true), [CircleCI](https://circleci.com/gh/open-quantum-safe/liboqs/tree/main): ![Build status image](https://circleci.com/gh/open-quantum-safe/liboqs/tree/main.svg?style=svg), [TravisCI](https://travis-ci.com/github/open-quantum-safe/liboqs): [![Build Status](https://travis-ci.com/open-quantum-safe/liboqs.svg?branch=main)](https://travis-ci.com/open-quantum-safe/liboqs)
 liboqs
 ======================
 [![Main Branch Tests](https://github.com/open-quantum-safe/liboqs/actions/workflows/commit-to-main.yml/badge.svg)](https://github.com/open-quantum-safe/liboqs/actions/workflows/commit-to-main.yml)
 [![Weekly Tests](https://github.com/open-quantum-safe/liboqs/actions/workflows/weekly.yml/badge.svg)](https://github.com/open-quantum-safe/liboqs/actions/workflows/weekly.yml)
 ![Travis Build Status](https://img.shields.io/travis/com/open-quantum-safe/liboqs?logo=travis&label=Travis%20CI&labelColor=%23343B42&color=%232EBB4E)
 [![Coverage Status](https://coveralls.io/repos/github/open-quantum-safe/liboqs/badge.svg?branch=main)](https://coveralls.io/github/open-quantum-safe/liboqs?branch=main)
 liboqs is an open source C library for quantum-safe cryptographic algorithms.
- [Overview](#overview)
+- [liboqs](#liboqs)
- [Status](#status)
+	- [Overview](#overview)
-  * [Supported algorithms](#supported-algorithms)
+	- [Status](#status)
-  * [Limitations and Security](#limitations-and-security)
+		- [Supported Algorithms](#supported-algorithms)
- [Quickstart](#quickstart)
+			- [Key encapsulation mechanisms](#key-encapsulation-mechanisms)
-  * [Linux / macOS](#linuxmacOS)
+			- [Signature schemes](#signature-schemes)
-  * [Windows](#windows)
+		- [Limitations and Security](#limitations-and-security)
-  * [Cross compilation](#cross-compilation)
+			- [Platform limitations](#platform-limitations)
- [Documentation](#documentation)
+	- [Quickstart](#quickstart)
- [Contributing](#contributing)
+		- [Linux and Mac](#linux-and-mac)
- [License](#license)
+		- [Windows](#windows)
- [Acknowledgements](#acknowledgements)
+		- [Cross compilation](#cross-compilation)
 	- [Documentation](#documentation)
 	- [Contributing](#contributing)
 	- [License](#license)
 	- [Acknowledgements](#acknowledgements)
 ## Overview
@ -26,9 +33,11 @@ liboqs provides:
 - a common API for these algorithms
 - a test harness and benchmarking routines
-liboqs is part of the **Open Quantum Safe (OQS)** project led by [Douglas Stebila](https://www.douglas.stebila.ca/research/) and [Michele Mosca](http://faculty.iqc.uwaterloo.ca/mmosca/), which aims to develop and integrate into applications quantum-safe cryptography to facilitate deployment and testing in real world contexts. In particular, OQS provides prototype integrations of liboqs into TLS and SSH, through [OpenSSL](https://github.com/open-quantum-safe/openssl) and [OpenSSH](https://github.com/open-quantum-safe/openssh-portable).
+liboqs is part of the **Open Quantum Safe (OQS)** project, which aims to develop and integrate into applications quantum-safe cryptography to facilitate deployment and testing in real world contexts. In particular, OQS provides prototype integrations of liboqs into protocols like TLS, X.509, and S/MIME, through our [OpenSSL 3 Provider](https://github.com/open-quantum-safe/oqs-provider) and we provide a variety of other [post-quantum-enabled demos](https://github.com/open-quantum-safe/oqs-demos).
-More information on OQS can be found [here](https://openquantumsafe.org/) and in the [associated](https://openquantumsafe.org/papers/SAC-SteMos16.pdf) [whitepapers](https://openquantumsafe.org/papers/NISTPQC-CroPaqSte19.pdf).
+The OQS project is supported by the [Post-Quantum Cryptography Alliance](https://pqca.org/) as part of the [Linux Foundation](https://linuxfoundation.org/). More information about the Open Quantum Safe project can be found at [openquantumsafe.org](https://openquantumsafe.org/).
 OQS is running a survey to better understand our community. We would like to hear from organizations and individuals about their interest in and use of the Open Quantum Safe project. Please take a few minutes to fill out the survey: https://linuxfoundation.surveymonkey.com/r/oqssurvey
 ## Status
@ -36,7 +45,13 @@ More information on OQS can be found [here](https://openquantumsafe.org/) and in
 Details on each supported algorithm can be found in the [docs/algorithms](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) folder.
-The list below indicates all algorithms supported by liboqs, but not all those algorithms have been selected for standardization by NIST, specifically Kyber (excluding the "-90s" variants), Dilithium (excluding the "-AES" variants), Falcon, and SPHINCS+ (excluding the "robust" variants). Activating only those standardized algorithms for use in `liboqs` can be facilitated by setting the [OQS_ALGS_ENABLED](CONFIGURE.md#oqs_algs_enabled) build configuration variable to `STD`. By default `liboqs` is built supporting all, incl. experimental, PQ algorithms listed below.
+The list below indicates all algorithms currently supported by liboqs, including experimental algorithms and already excluding algorithm variants pruned during the NIST competition, such as Kyber-90s or Dilithium-AES.
 The only algorithms in `liboqs` that implement NIST standards are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/final) (final standard) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/final) (final standard) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes.
 Falcon and SPHINCS+ have also been [selected for standardization](https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022), but the `liboqs` implementations of these algorithms are currently tracking Round 3 submissions and not NIST standards drafts.
 All names other than `ML-KEM` and `ML-DSA` are subject to change. `liboqs` makes available a [selection mechanism for algorithms on the NIST standards track, continued NIST competition, or purely experimental nature by way of the configuration variable OQS_ALGS_ENABLED](CONFIGURE.md#oQS_ALGS_ENABLED). By default `liboqs` is built supporting all, incl. experimental, PQ algorithms listed below.
 #### Key encapsulation mechanisms
@ -44,19 +59,27 @@ The list below indicates all algorithms supported by liboqs, but not all those a
 - **BIKE**: BIKE-L1, BIKE-L3, BIKE-L5
 - **Classic McEliece**: Classic-McEliece-348864†, Classic-McEliece-348864f†, Classic-McEliece-460896†, Classic-McEliece-460896f†, Classic-McEliece-6688128†, Classic-McEliece-6688128f†, Classic-McEliece-6960119†, Classic-McEliece-6960119f†, Classic-McEliece-8192128†, Classic-McEliece-8192128f†
 - **FrodoKEM**: FrodoKEM-640-AES, FrodoKEM-640-SHAKE, FrodoKEM-976-AES, FrodoKEM-976-SHAKE, FrodoKEM-1344-AES, FrodoKEM-1344-SHAKE
- **HQC**: HQC-128, HQC-192, HQC-256†
+- **HQC**: HQC-128, HQC-192, HQC-256
 - **Kyber**: Kyber512, Kyber768, Kyber1024
 - **ML-KEM**: ML-KEM-512, ML-KEM-768, ML-KEM-1024
 - **NTRU-Prime**: sntrup761
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_KEXS_END -->
 #### Signature schemes
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_START -->
 - **CROSS**: cross-rsdp-128-balanced, cross-rsdp-128-fast, cross-rsdp-128-small†, cross-rsdp-192-balanced, cross-rsdp-192-fast, cross-rsdp-192-small†, cross-rsdp-256-balanced†, cross-rsdp-256-fast, cross-rsdp-256-small†, cross-rsdpg-128-balanced, cross-rsdpg-128-fast, cross-rsdpg-128-small, cross-rsdpg-192-balanced, cross-rsdpg-192-fast, cross-rsdpg-192-small†, cross-rsdpg-256-balanced, cross-rsdpg-256-fast, cross-rsdpg-256-small†
 - **CRYSTALS-Dilithium**: Dilithium2, Dilithium3, Dilithium5
- **Falcon**: Falcon-512, Falcon-1024
+- **Falcon**: Falcon-512, Falcon-1024, Falcon-padded-512, Falcon-padded-1024
 - **MAYO**: MAYO-1, MAYO-2, MAYO-3, MAYO-5†
 - **ML-DSA**: ML-DSA-44, ML-DSA-65, ML-DSA-87
 - **SNOVA**: SNOVA\_24\_5\_4, SNOVA\_24\_5\_4\_SHAKE, SNOVA\_24\_5\_4\_esk, SNOVA\_24\_5\_4\_SHAKE\_esk, SNOVA\_37\_17\_2†, SNOVA\_25\_8\_3, SNOVA\_56\_25\_2†, SNOVA\_49\_11\_3†, SNOVA\_37\_8\_4†, SNOVA\_24\_5\_5†, SNOVA\_60\_10\_4†, SNOVA\_29\_6\_5†
 - **SPHINCS+-SHA2**: SPHINCS+-SHA2-128f-simple, SPHINCS+-SHA2-128s-simple, SPHINCS+-SHA2-192f-simple, SPHINCS+-SHA2-192s-simple, SPHINCS+-SHA2-256f-simple, SPHINCS+-SHA2-256s-simple
 - **SPHINCS+-SHAKE**: SPHINCS+-SHAKE-128f-simple, SPHINCS+-SHAKE-128s-simple, SPHINCS+-SHAKE-192f-simple, SPHINCS+-SHAKE-192s-simple, SPHINCS+-SHAKE-256f-simple, SPHINCS+-SHAKE-256s-simple
 - **UOV**: OV-Is, OV-Ip, OV-III, OV-V, OV-Is-pkc, OV-Ip-pkc, OV-III-pkc, OV-V-pkc, OV-Is-pkc-skc, OV-Ip-pkc-skc, OV-III-pkc-skc, OV-V-pkc-skc
 <!--- OQS_TEMPLATE_FRAGMENT_LIST_SIGS_END -->
 - **XMSS**: XMSS-SHA2_10_256, XMSS-SHA2_16_256, XMSS-SHA2_20_256, XMSS-SHAKE_10_256, XMSS-SHAKE_16_256, XMSS-SHAKE_20_256, XMSS-SHA2_10_512, XMSS-SHA2_16_512, XMSS-SHA2_20_512, XMSS-SHAKE_10_512, XMSS-SHAKE_16_512, XMSS-SHAKE_20_512, XMSS-SHA2_10_192, XMSS-SHA2_16_192, XMSS-SHA2_20_192, XMSS-SHAKE256_10_192, XMSS-SHAKE256_16_192, XMSS-SHAKE256_20_192, SHAKE256_10_256, SHAKE256_16_256, SHAKE256_20_256, XMSSMT-SHA2_20/2_256, XMSSMT-SHA2_20/4_256, XMSSMT-SHA2_40/2_256, XMSSMT-SHA2_40/4_256, XMSSMT-SHA2_40/8_256, XMSSMT-SHA2_60/3_256, XMSSMT-SHA2_60/6_256, XMSSMT-SHA2_60/12_256, XMSSMT-SHAKE_20/2_256, XMSSMT-SHAKE_20/4_256, XMSSMT-SHAKE_40/2_256, XMSSMT-SHAKE_40/4_256, XMSSMT-SHAKE_40/8_256, XMSSMT-SHAKE_60/3_256, XMSSMT-SHAKE_60/6_256, XMSSMT-SHAKE_60/12_256 
 - **LMS**: LMS_SHA256_H5_W1, LMS_SHA256_H5_W2, LMS_SHA256_H5_W4, LMS_SHA256_H5_W8, LMS_SHA256_H10_W1, LMS_SHA256_H10_W2, LMS_SHA256_H10_W4, LMS_SHA256_H10_W8, LMS_SHA256_H15_W1, LMS_SHA256_H15_W2, LMS_SHA256_H15_W4, LMS_SHA256_H15_W8, LMS_SHA256_H20_W1, LMS_SHA256_H20_W2, LMS_SHA256_H20_W4, LMS_SHA256_H20_W8, LMS_SHA256_H25_W1, LMS_SHA256_H25_W2, LMS_SHA256_H25_W4, LMS_SHA256_H25_W8, LMS_SHA256_H5_W8_H5_W8, LMS_SHA256_H10_W4_H5_W8, LMS_SHA256_H10_W8_H5_W8, LMS_SHA256_H10_W2_H10_W2, LMS_SHA256_H10_W4_H10_W4, LMS_SHA256_H10_W8_H10_W8, LMS_SHA256_H15_W8_H5_W8, LMS_SHA256_H15_W8_H10_W8, LMS_SHA256_H15_W8_H15_W8, LMS_SHA256_H20_W8_H5_W8, LMS_SHA256_H20_W8_H10_W8, LMS_SHA256_H20_W8_H15_W8, LMS_SHA256_H20_W8_H20_W8
 Note that for algorithms marked with a dagger (†), liboqs contains at least one implementation that uses a large amount of stack space; this may cause failures when run in threads or in constrained environments. For more information, consult the algorithm information sheets in the [docs/algorithms](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) folder.
@ -70,15 +93,22 @@ We realize some parties may want to deploy quantum-safe cryptography prior to th
 **WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS LIBRARY IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA.** This library is meant to help with research and prototyping.  While we make a best-effort approach to avoid security bugs, this library has not received the level of auditing and analysis that would be necessary to rely on it for high security use.
 Please see [SECURITY.md](SECURITY.md#security-policy) for details on how to report a vulnerability and the OQS vulnerability response process.
 #### Platform limitations
 In order to optimize support effort,
 - not all algorithms are equally well supported on all platforms. In case of questions, it is first advised to review the [documentation files for each algorithm](docs/algorithms).
 - not all compilers are equally well supported. For example, at least v7.1.0 of the GNU compiler is required.
 #### Support limitations
 This project is not commercially supported. All guidelines and goals for liboqs are reflections of current practices, executed by a community of academic, part-time, and/or voluntary contributors on a best-effort basis and may change at any time. Any entity seeking more reliable commitments is strongly encouraged to join the OQS community and thus enhance the code and support that the community can provide.
 ## Quickstart
-### Linux/macOS
+### Linux and Mac
 1. Install dependencies:
@ -88,10 +118,14 @@ In order to optimize support effort,
 	On macOS, using a package manager of your choice (we've picked Homebrew):
-		brew install cmake ninja openssl@1.1 wget doxygen graphviz astyle valgrind
+		brew install cmake ninja openssl@3 wget doxygen graphviz astyle valgrind
 		pip3 install pytest pytest-xdist pyyaml
-	Note that, if you want liboqs to use OpenSSL for various symmetric crypto algorithms (AES, SHA-2, etc.) then you must have OpenSSL version 1.1.1 or higher.
+	Using Nix:
 	    nix develop
 	Note that, if you want liboqs to use OpenSSL for various symmetric crypto algorithms (AES, SHA-2, etc.) then you must have OpenSSL installed (version 3.x recommended; EOL version 1.1.1 also still possible).
 2. Get the source:
@ -104,22 +138,26 @@ In order to optimize support effort,
 		cmake -GNinja ..
 		ninja
-Various `cmake` build options to customize the resultant artifacts are available and are [documented in CONFIGURE.md](CONFIGURE.md). All supported options are also listed in the `.CMake/alg-support.cmake` file, and can be viewed by running `cmake -LAH ..` in the `build` directory.
+Various `cmake` build options to customize the resultant artifacts are available and are [documented in CONFIGURE.md](CONFIGURE.md#options-for-configuring-liboqs-builds). All supported options are also listed in the `.CMake/alg-support.cmake` file, and can be viewed by running `cmake -LAH -N ..` in the `build` directory.
 The following instructions assume we are in `build`.
-3. By default the main build result is `lib/liboqs.a`, a static library. If you want to build a shared/dynamic library, append [`-DBUILD_SHARED_LIBS=ON`](CONFIGURE.md#build_shared_libs) to the `cmake -GNinja ..` command above and the result will be `lib/liboqs.so|dylib|dll`. The public headers are located in the `include` directory. There are also a variety of programs built under the `tests` directory:
+3. By default the main build result is `lib/liboqs.a`, a static library. If you want to build a shared/dynamic library, append [`-DBUILD_SHARED_LIBS=ON`](CONFIGURE.md#bUILD_SHARED_LIBS) to the `cmake -GNinja ..` command above and the result will be `lib/liboqs.so|dylib|dll`. The public headers are located in the `include` directory. There are also a variety of programs built under the `tests` directory:
 	- `test_kem`: Simple test harness for key encapsulation mechanisms
-	- `test_sig`: Simple test harness for key signature schemes
+	- `test_sig`: Simple test harness for signature schemes
 	- `test_sig_stfl`: Simple test harness for stateful signature schemes
 	- `test_kem_mem`: Simple test harness for checking memory consumption of key encapsulation mechanisms
-	- `test_sig_mem`: Simple test harness for checking memory consumption of key signature schemes
+	- `test_sig_mem`: Simple test harness for checking memory consumption of signature schemes
 	- `kat_kem`: Program that generates known answer test (KAT) values for key encapsulation mechanisms using the same procedure as the NIST submission requirements, for checking against submitted KAT values using `tests/test_kat.py`
 	- `kat_sig`: Program that generates known answer test (KAT) values for signature schemes using the same procedure as the NIST submission requirements, for checking against submitted KAT values using `tests/test_kat.py`
 	- `kat_sig_stfl`: Program for checking results against submitted KAT values using `tests/test_kat.py`
 	- `speed_kem`: Benchmarking program for key encapsulation mechanisms; see `./speed_kem --help` for usage instructions
 	- `speed_sig`: Benchmarking program for signature mechanisms; see `./speed_sig --help` for usage instructions
 	- `speed_sig_stfl`: Benchmarking program for stateful signature mechanisms; see `./speed_sig_stfl --help` for usage instructions
 	- `example_kem`: Minimal runnable example showing the usage of the KEM API
 	- `example_sig`: Minimal runnable example showing the usage of the signature API
 	- `example_sig_stfl`: Minimal runnable example showing the usage of the stateful signature API
 	- `test_aes`, `test_sha3`: Simple test harnesses for crypto sub-components
 	- `test_portability`: Simple test harnesses for checking cross-CPU code portability; requires presence of `qemu`; proper operation validated only on Ubuntu
@ -135,6 +173,8 @@ The following instructions assume we are in `build`.
 4. `ninja install` can be run to install the built library and `include` files to a location of choice, which can be specified by passing the `-DCMAKE_INSTALL_PREFIX=<dir>` option to `cmake` at configure time. Alternatively, `ninja package` can be run to create an install package.
 5. `ninja uninstall` can be run to remove all installation files.
 ### Windows
@ -174,14 +214,21 @@ liboqs includes some third party libraries or modules that are licensed differen
 - `src/kem/classic_mceliece/pqclean_*`: public domain
 - `src/kem/kyber/pqcrystals-*`: public domain (CC0) or Apache License v2.0
 - `src/kem/kyber/pqclean_*`: public domain (CC0), and public domain (CC0) or Apache License v2.0, and public domain (CC0) or MIT, and MIT
 - `src/kem/kyber/libjade_*` public domain (CC0) or Apache License v2.
 - `src/kem/ml_kem/mlkem-native_*`: Apache License v2.0
 - `src/sig/dilithium/pqcrystals-*`: public domain (CC0) or Apache License v2.0
 - `src/sig/dilithium/pqclean_*`: public domain (CC0), and public domain (CC0) or Apache License v2.0, and public domain (CC0) or MIT, and MIT
 -  src/sig/falcon/pqclean_\*\_aarch64 : Apache License v2.0
 - `src/sig/mayo/*`: Apache License v2.0
 - `src/sig/ml_dsa/pqcrystals-*`: public domain (CC0) or Apache License v2.0
 - `src/sig/sphincs/pqclean_*`: CC0 (public domain)
 ## Acknowledgements
-Various companies, including Amazon Web Services, Cisco Systems, evolutionQ, IBM Research, and Microsoft Research have dedicated programmer time to contribute source code to OQS. [Various people](https://github.com/open-quantum-safe/liboqs/blob/main/CONTRIBUTORS) have contributed source code to liboqs.
+The OQS project is supported by the [Post-Quantum Cryptography Alliance](https://pqca.org/) as part of the [Linux Foundation](https://linuxfoundation.org/).
-Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services, the Canadian Centre for Cyber Security, the Unitary Fund, the NGI Assure Fund, and VeriSign Inc.
+The OQS project was founded by Douglas Stebila and Michele Mosca at the University of Waterloo.  [Contributors to liboqs](https://github.com/open-quantum-safe/liboqs/blob/main/CONTRIBUTORS) include individual contributors, academics and researchers, and various companies, including Amazon Web Services, Cisco Systems, evolutionQ, IBM Research, Microsoft Research, SandboxAQ, and softwareQ.
 Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services, the Canadian Centre for Cyber Security, Cisco, the Unitary Fund, the NGI Assure Fund, and VeriSign Inc.
 Research projects which developed specific components of OQS have been supported by various research grants, including funding from the Natural Sciences and Engineering Research Council of Canada (NSERC); see the source papers for funding acknowledgments.
--- a/RELEASE.md
+++ b/RELEASE.md
@ -1,5 +1,5 @@
-liboqs version 0.9.0
+liboqs version 0.13.0
-====================
+=====================
 About
 -----
@ -14,92 +14,104 @@ liboqs can be used with the following Open Quantum Safe application integrations
 - **OQS-BoringSSL**: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
 - **OQS-OpenSSH**: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.
-Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.  Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.
+Several [demos](https://github.com/open-quantum-safe/oqs-demos) are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark.
 liboqs can also be used in the following programming languages via language-specific wrappers:
 - C++, via https://github.com/open-quantum-safe/liboqs-cpp
 - Go, via https://github.com/open-quantum-safe/liboqs-go
 - Java, via https://github.com/open-quantum-safe/liboqs-java
 - .NET, via https://github.com/open-quantum-safe/liboqs-dotnet
 - Python 3, via https://github.com/open-quantum-safe/liboqs-python
 - Rust, via https://github.com/open-quantum-safe/liboqs-rust
 Release notes
 =============
-This is version 0.9.0 of liboqs. It was released on October 12, 2023.
+This is version 0.13.0 of liboqs. It was released on April 16, 2025.
-This release features an update to the Classic McEliece KEM, bringing it in line with NIST Round 4. It also adds or updates ARM implementations for Kyber, Dilithium, and Falcon.
+This release improves support for NIST Additional Signatures Round 2 candidates: CROSS and MAYO implementations are updated and support is added for UOV. This release also adds a new KEM API for deterministic key generation (only supported by ML-KEM at the moment). Finally, this release adds support for ML-KEM implementations from 2 new sources: formally verified portable C, AVX2, and AArch64 implementations from [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native) and a GPU accelerated CUDA implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc). 
 OQS is running a survey to better understand our community. We would like to hear from organizations and individuals about their interest in and use of the Open Quantum Safe project. Please take a few minutes to fill out the survey: https://linuxfoundation.surveymonkey.com/r/oqssurvey
 What's New
 ----------
-This release continues from the 0.8.0 release of liboqs.
+This release continues from the 0.12.0 release of liboqs.
 ### Key encapsulation mechanisms
- Classic McEliece: updated to Round 4 version.
+- New API: Added a deterministic key generation and API for KEMs (only ML-KEM supported at the moment).
- Kyber: aarch64 implementation updated.
+- ML-KEM: Changed the default ML-KEM implementation to [PQCP's mlkem-native](https://github.com/pq-code-package/mlkem-native). There are three variants: Portable C, AVX2, and AArch64. Large parts of these implementations are formally verified: all of the C code is verified for memory and type safety using [CBMC](https://github.com/diffblue/cbmc) and the functional correctness of the core AArch64 assembly routines is verified using [HOL-Light](https://github.com/jrh13/hol-light). 
 - ML-KEM: Added support for the ML-KEM implementation from [Nvidia cuPQC](https://developer.nvidia.com/cupqc), a GPU accelerated cryptography library.
 - ML-KEM: Implementation from mlkem-native upstream updated to add Pair-wise Consistency Test (PCT) and Intel CET support.
 - ML-KEM: Improved testing of ML-KEM keys.
 - HQC: Disabled HQC by default until [a new security flaw](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/Wiu4ZQo3fP8) is fixed.
 ### Digital signature schemes
- Dilithium: aarch64 implementation updated.
+- ML-DSA: Improved testing for ML-DSA.
- Falcon: aarch64 implementation added.
+- CROSS: Updated to NIST Additional Signatures Round 2 version.
 - MAYO: Updated to NIST Additional Signatures Round 2 version.
 - UOV: Added support for UOV algorithm from NIST Additional Signatures Round 2.
 ### Other changes
- Update algorithm documentation
+- Added support for loongarch64 architecture.
 - Support compilation for Windows on ARM64, Apple mobile, and Android platforms
 - Improve resilience of randombytes on Apple systems
 Release call
 ============
 Users of liboqs are invited to join a webinar on Thursday, November 2, 2023, from 12-1pm US Eastern time for information on this release, plans for the next release cycle, and to provide feedback on OQS usage and features.  
 The Zoom link for the webinar is: https://uwaterloo.zoom.us/j/98288698086
 ---
 Detailed changelog
 ------------------
-* Fix libdir value in liboqs.pc by @vt-alt in https://github.com/open-quantum-safe/liboqs/pull/1496
+## What's Changed
-* update version and remove CCI triggers by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1498
+* Bump version to 0.12.1-dev by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2015
-* create deb package and retain as artifact by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1501
+* Add loongarch64 support by @zhaixiaojuan in https://github.com/open-quantum-safe/liboqs/pull/2010
-* README correction to docs path & additional gitignore to macos + vscode by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1503
+* Minor changes to ML_DSA ACVP tests by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2007
-* Trigger liboqs-python CI via GitHub API by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1507
+* Update upload-artifact action to v4 by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2017
-* Update Classic McEliece by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1470
+* Remove hardcoded build paths & modify basic workflow to build in random path by @iyanmv in https://github.com/open-quantum-safe/liboqs/pull/2019
-* update BIKE documentation by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1509
+* Trigger liboqs-java and liboqs-rust downstream CI by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2021
-* kyber/dilithium aarch64 pull from pqclean + patches by @bhess in https://github.com/open-quantum-safe/liboqs/pull/1512
+* #1830 update scorecard to v5 (gh action 2.4.0) by @planetf1 in https://github.com/open-quantum-safe/liboqs/pull/1890
-* Pull Falcon updates from PQClean by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/1523
+* Update PQClean commit and delete patch for HQC by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2026
-* Bump XCode by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1526
+* Bump jinja2 from 3.1.4 to 3.1.5 in /scripts/copy_from_upstream in the pip group by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/2036
-* Update Classic McEliece supression files by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1527
+* Avoid unresolved symbols from libcrypto when compiled with OQS_DLOPEN_OPENSSL by @ueno in https://github.com/open-quantum-safe/liboqs/pull/2043
-* Bump gitpython from 3.1.30 to 3.1.32 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1524
+* Update to public Ubuntu 24.04 ARM runner by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2050
-* ci: add CI for android by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1531
+* NVIDIA: Adding cuPQC as a backend for ML-KEM. by @stevenireeves in https://github.com/open-quantum-safe/liboqs/pull/2044
-* re-enable armhf speed testing by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1535
+* Update ACVP vectors for KEM and DSA by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2051
-* Bump gitpython from 3.1.32 to 3.1.34 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1538
+* CI: Check unresolved symbols when compiled with OQS_DLOPEN_OPENSSL by @ueno in https://github.com/open-quantum-safe/liboqs/pull/2058
-* Prefer arc4random on Apple platforms by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1544
+* Fix failing zephyr CI workflows, pinning v0.27.4 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2063
-* Bump gitpython from 3.1.34 to 3.1.35 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1551
+* Update sig_stfl Doxygen documentation by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2059
-* Update Classic McEliece suppression files by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1541
+* Import ML-KEM from mlkem-native/PQ code package by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2041
-* Pull Neon implementation of Falcon from PQClean by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1547
+* Update example files by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2071
-* ci: add CI for apple mobile platforms by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1546
+* GitHub runner updates by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2069
-* Add Windows ARM64 support by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1545
+* Disable cupqc-buildcheck by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/2075
-* Document Falcon constant time errors by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1552
+* Add threat model by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2033
-* ci: github actions CI for Windows x86 and x64 by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1554
+* Update CROSS to version 2.0 by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/2078
-* build: Align VS test folder with all other Generators by @res0nance in https://github.com/open-quantum-safe/liboqs/pull/1557
+* improving CONTRIBUTING.md for maintainability [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/2081
-* Fix weekly.yml to skip McEliece by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1562
+* Ensure that building against liboqs build directory works by @levitte in https://github.com/open-quantum-safe/liboqs/pull/2086
-* Enable extensions in constant-time tests by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1567
+* Added alg_version details to test output by @pablo-gf in https://github.com/open-quantum-safe/liboqs/pull/2080
-* Update Classic McEliece supression files by @praveksharma in https://github.com/open-quantum-safe/liboqs/pull/1568
+* Add checks for ML-KEM keys by @abhinav-thales in https://github.com/open-quantum-safe/liboqs/pull/2009
-* liboqs 0.9.0 release candidate 1 by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/1570
+* Update actions/cache to v4.2.2 by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2093
-* add community standard documentation [skip ci] by @baentsch in https://github.com/open-quantum-safe/liboqs/pull/1565
+* Add Nix flake by @aidenfoxivey in https://github.com/open-quantum-safe/liboqs/pull/1970
-* Bump gitpython from 3.1.35 to 3.1.37 in /scripts/copy_from_upstream by @dependabot in https://github.com/open-quantum-safe/liboqs/pull/1575
+* Update MAYO to NIST round 2 by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2095
 * Update mlkem-native to v1.0.0-beta by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2092
 * Add references to security response process by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2077
 * Bump version to 0.13.0-dev [skip ci] by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2099
 * Add UOV  by @mkannwischer in https://github.com/open-quantum-safe/liboqs/pull/2094
 * Add bitflip test for trivial SUF-CMA forgeries by @rtjk in https://github.com/open-quantum-safe/liboqs/pull/2090
 * Update MAYO version in algorithm datasheet by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2103
 * Add DeriveKeyPair API by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2070
 * Update nist-round in UOV and MAYO data sheet by @bhess in https://github.com/open-quantum-safe/liboqs/pull/2105
 * build: search unistd.h separately from sys/random.h for getentropy by @mkroening in https://github.com/open-quantum-safe/liboqs/pull/2104
 * Add support caveat by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2114
 * Temporarily disable HQC by @dstebila in https://github.com/open-quantum-safe/liboqs/pull/2122
 * Fix PR workflow runs by @SWilson4 in https://github.com/open-quantum-safe/liboqs/pull/2123
 ## New Contributors
-* @planetf1 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1503
+* @zhaixiaojuan made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2010
-* @SWilson4 made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1507
+* @stevenireeves made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2044
-* @praveksharma made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1470
+* @pablo-gf made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2059
-* @res0nance made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/1531
+* @levitte made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2086
 * @mkannwischer made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2093
 * @mkroening made their first contribution in https://github.com/open-quantum-safe/liboqs/pull/2104
-**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.8.0...0.9.0
+**Full Changelog**: https://github.com/open-quantum-safe/liboqs/compare/0.12.0...0.13.0
--- a/SECURITY.md
+++ b/SECURITY.md
@ -4,12 +4,32 @@
 We only support the most recent release.
 Using any code prior to 0.12.0 is strongly discouraged due to a [known security vulnerability in HQC](https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-gpf4-vrrw-r8v7).
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.8.0   | :white_check_mark: |
+| 0.13.0  | :white_check_mark: |
-| < 0.8   | :x:                |
+| < 0.13  | :x:                |
 ## Reporting a Vulnerability
 Please follow [this information to report a vulnerability](https://openquantumsafe.org/liboqs/security.html#reporting-security-bugs).
 ## Threat Model
 Some timing-based side-channel attacks are within the scope of our threat model. OQS tests for secret-dependent branches and memory accesses on Linux on x86\_64. All test failures are documented as either "passes," which we have assessed to be false positives, or "issues," which may constitute non–constant-time behaviour. The [algorithm datasheets](https://github.com/open-quantum-safe/liboqs/tree/main/docs/algorithms) indicate whether or not an implementation passes our constant-time tests, as well as whether or not it is expected to pass. Details about passes and issues are available in the [tests/constant_time directory](https://github.com/open-quantum-safe/liboqs/tree/main/tests/constant_time). These tests do not encompass all classes of non–constant-time behaviour; for example, they do not detect possible variable-time instructions, such as `DIV`. Reports of non–constant-time behaviour that fall outside this scope will be considered on a case-by-case basis, with a priority on [Tier 1 platforms](https://github.com/open-quantum-safe/liboqs/blob/main/PLATFORMS.md#tier-1).
 The following types of attacks are outside the scope of our threat model:
 - same physical system side channel
 - CPU / hardware flaws
 - physical fault injection attacks (including Rowhammer-style attacks)
 - physical observation side channels (such as power consumption, electromagnetic emissions)
 Mitigations for security issues outside the stated threat model may still be applied depending on the nature of the issue and the mitigation.
 (Based in part on https://openssl-library.org/policies/general/security-policy/index.html)
 ## Security Response Process
 Security reports for liboqs will be handled in accordance with the [OQS security response process](https://github.com/open-quantum-safe/tsc/blob/main/security/response-process.md). Please also see the general [support disclaimer](README.md#support-limitations) for liboqs.
--- a/appveyor.yml
+++ b/appveyor.yml
@ -1,66 +0,0 @@
 version: 1.0.{build}
 # TODO: Support Visual Studio 2017
 image: Visual Studio 2019
 platform: x64
 branches:
  except:
    - /main-new-.*/
    - /ghactionsonly-.*/
 environment:
  matrix:
    - BUILD_SHARED: ON
      COMPILER: cygwin
      OQS_ALGS_ENABLED: All
    - BUILD_SHARED: OFF
      COMPILER: cygwin
      OQS_ALGS_ENABLED: STD
    - BUILD_SHARED: ON
      OQS_USE_OPENSSL: ON
      COMPILER: cygwin
      OQS_ALGS_ENABLED: NIST_R4
    - BUILD_SHARED: OFF
      COMPILER: msvc2019
      OQS_ALGS_ENABLED: NIST_R4
    - BUILD_SHARED: OFF
      COMPILER: msvc2019
      OQS_USE_OPENSSL: ON
      OQS_ALGS_ENABLED: All
    - BUILD_SHARED: ON
      COMPILER: msvc2019
    - BUILD_SHARED: OFF
      COMPILER: msys2
    - BUILD_SHARED: ON
      COMPILER: msys2
 for:
  - matrix:
      only:
        - OQS_USE_OPENSSL: ON
    before_build:
      - cmd: |-
             choco install openssl
             SET "OPENSSL_ROOT_DIR=C:\OpenSSL-Win64"
 build_script:
  - cmd: '%APPVEYOR_BUILD_FOLDER%\appveyor_build.bat'
 before_test:
  - cmd: |-
         SET "PATH=C:\Python37-x64;C:\Python37-x64\Scripts;%PATH%"
         pip.exe install pytest pytest-xdist pyyaml
 test_script:
  - cmd: |-
         cd %APPVEYOR_BUILD_FOLDER%
         set PATH=%APPVEYOR_BUILD_FOLDER%\build\bin;c:\cygwin64\bin;%PATH%
         if not exist tmp (mkdir tmp) 
         python -m pytest --numprocesses=auto -vv --maxfail=10 --ignore=tests/test_code_conventions.py --junitxml=build\test-results\pytest\test-results.xml
 after_test:
  - ps: |-
        $wc = New-Object 'System.Net.WebClient'
        $wc.UploadFile("https://ci.appveyor.com/api/testresults/xunit/$($env:APPVEYOR_JOB_ID)", (Resolve-Path .\build\test-results\pytest\test-results.xml))
--- a/appveyor_build.bat
+++ b/appveyor_build.bat
@ -1,19 +0,0 @@
@echo off
 IF %COMPILER%==cygwin (
    @echo on
    SET "PATH=C:\cywin64\bin;c:\cygwin64;%PATH%"
    c:\cygwin64\bin\bash.exe -lc "setup-x86_64.exe -qnNdO -R C:/cygwin64 -l C:/cygwin/var/cache/setup -P openssl -P libssl-devel -P ninja -P cmake -P gcc && cd ${APPVEYOR_BUILD_FOLDER} && openssl version && cygcheck -c && pwd && mkdir build && cd build && cmake .. -GNinja -DCMAKE_C_COMPILER=gcc -DOQS_DIST_BUILD=ON -DBUILD_SHARED_LIBS=%BUILD_SHARED% -DOQS_USE_OPENSSL=%OQS_USE_OPENSSL% -DOQS_ALGS_ENABLED=%OQS_ALGS_ENABLED% && ninja "
 )
 IF %COMPILER%==msys2 (
    @echo on
    SET "PATH=C:\msys64\mingw64\bin;%PATH%"
    bash -lc "cd ${APPVEYOR_BUILD_FOLDER} && mkdir build && cd build && cmake .. -GNinja -DOQS_DIST_BUILD=ON -DBUILD_SHARED_LIBS=%BUILD_SHARED% -DOQS_USE_OPENSSL=%OQS_USE_OPENSSL% -DOQS_ALGS_ENABLED=%OQS_ALGS_ENABLED% && ninja"
 )
 IF %COMPILER%==msvc2019 (
    @echo on
    CALL "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"
    mkdir build
    cd build
    cmake .. -GNinja -DOQS_DIST_BUILD=ON -DBUILD_SHARED_LIBS=%BUILD_SHARED% -DOQS_USE_OPENSSL=%OQS_USE_OPENSSL% -DOQS_ALGS_ENABLED=%OQS_ALGS_ENABLED%
    ninja
 )
--- a/cpp/sig_linking_test.cpp
+++ b/cpp/sig_linking_test.cpp
@ -0,0 +1,182 @@
 /*
 * example_sig.cpp
 *
 * Minimal C++ example of using a post-quantum signature implemented in liboqs.
 *
 * SPDX-License-Identifier: MIT
 */
 #include <cstdint>
 #include <cstdlib>
 #include <cstring>
 #include <iostream>
 #include <memory>
 #include <oqs/oqs.h>
 constexpr size_t MESSAGE_LEN = 50;
 /* Cleaning up memory etc */
 void cleanup_stack(uint8_t *secret_key, size_t secret_key_len);
 struct OQSSecureDeleter {
    size_t length;
    explicit OQSSecureDeleter(size_t len) : length(len) {}
    void operator()(uint8_t* ptr) const {
        if (ptr) {
            OQS_MEM_secure_free(ptr, length);
        }
    }
 };
 struct OQSInsecureDeleter {
 	void operator()(uint8_t* ptr) {
 		if (ptr) {
 			OQS_MEM_insecure_free(ptr);
 		}
 	}
 };
 struct OQSSigDeleter {
    void operator()(OQS_SIG* sig) {
        if (sig) {
            OQS_SIG_free(sig);
        }
    }
 };
 /* This function gives an example of the signing operations
 * using only compile-time macros and allocating variables
 * statically on the stack, calling a specific algorithm's functions
 * directly.
 *
 * The macros OQS_SIG_dilithium_2_length_* and the functions OQS_SIG_dilithium_2_*
 * are only defined if the algorithm dilithium_2 was enabled at compile-time
 * which must be checked using the OQS_ENABLE_SIG_dilithium_2 macro.
 *
 * <oqs/oqsconfig.h>, which is included in <oqs/oqs.h>, contains macros
 * indicating which algorithms were enabled when this instance of liboqs
 * was compiled.
 */
 static OQS_STATUS example_stack(void) {
 #ifdef OQS_ENABLE_SIG_dilithium_2
 	OQS_STATUS rc;
 	uint8_t public_key[OQS_SIG_dilithium_2_length_public_key];
 	uint8_t secret_key[OQS_SIG_dilithium_2_length_secret_key];
 	uint8_t message[MESSAGE_LEN];
 	uint8_t signature[OQS_SIG_dilithium_2_length_signature];
 	size_t message_len = MESSAGE_LEN;
 	size_t signature_len;
 	// let's create a random test message to sign
 	OQS_randombytes(message, message_len);
 	rc = OQS_SIG_dilithium_2_keypair(public_key, secret_key);
 	if (rc != OQS_SUCCESS) {
 		std::cerr << "ERROR: OQS_SIG_dilithium_2_keypair failed!" << std::endl;
 		cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
 		return OQS_ERROR;
 	}
 	rc = OQS_SIG_dilithium_2_sign(signature, &signature_len, message, message_len, secret_key);
 	if (rc != OQS_SUCCESS) {
 		std::cerr << "ERROR: OQS_SIG_dilithium_2_sign failed!" << std::endl;
 		cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
 		return OQS_ERROR;
 	}
 	rc = OQS_SIG_dilithium_2_verify(message, message_len, signature, signature_len, public_key);
 	if (rc != OQS_SUCCESS) {
 		std::cerr << "ERROR: OQS_SIG_dilithium_2_verify failed!" << std::endl;
 		cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
 		return OQS_ERROR;
 	}
 	std::cout << "[example_stack] OQS_SIG_dilithium_2 operations completed" << std::endl;
 	cleanup_stack(secret_key, OQS_SIG_dilithium_2_length_secret_key);
 	return OQS_SUCCESS; // success!
 #else
 	std::cout << "[example_stack] OQS_SIG_dilithium_2 was not enabled at compile-time" << std::endl;
 	return OQS_SUCCESS;
 #endif
 }
 /* This function gives an example of the signing operations,
 * allocating variables dynamically on the heap and calling the generic
 * OQS_SIG object.
 *
 * This does not require the use of compile-time macros to check if the
 * algorithm in question was enabled at compile-time; instead, the caller
 * must check that the OQS_SIG object returned is not nullptr.
 */
 static OQS_STATUS example_heap(void) {
 #ifdef OQS_ENABLE_SIG_dilithium_2
 	size_t message_len = MESSAGE_LEN;
 	size_t signature_len;
 	OQS_STATUS rc;
 	std::unique_ptr<OQS_SIG, OQSSigDeleter> sig(OQS_SIG_new((OQS_SIG_alg_dilithium_2)));
 	if (sig == nullptr) {
 		throw std::runtime_error("[example_heap]  OQS_SIG_alg_dilithium_2 was not enabled at compile-time.");
 	}
 	std::unique_ptr<uint8_t[], OQSInsecureDeleter> public_key(static_cast<uint8_t*>(malloc(sig->length_public_key)));
 	std::unique_ptr<uint8_t[], OQSSecureDeleter> secret_key(static_cast<uint8_t*>(malloc(sig->length_secret_key)), OQSSecureDeleter(sig->length_secret_key));
 	std::unique_ptr<uint8_t[], OQSInsecureDeleter> message(static_cast<uint8_t*>(malloc(message_len)));
 	std::unique_ptr<uint8_t[], OQSInsecureDeleter> signature(static_cast<uint8_t*>(malloc(sig->length_signature)));
 	if ((public_key == nullptr) || (secret_key == nullptr) || (message == nullptr) || (signature == nullptr)) {
 		throw std::runtime_error("ERROR: malloc failed!");
 	}
 	// let's create a random test message to sign
 	OQS_randombytes(message.get(), message_len);
 	rc = OQS_SIG_keypair(sig.get(), public_key.get(), secret_key.get());
 	if (rc != OQS_SUCCESS) {
 		throw std::runtime_error("ERROR: OQS_SIG_keypair failed!");
 	}
 	rc = OQS_SIG_sign(sig.get(), signature.get(), &signature_len, message.get(), message_len, secret_key.get());
 	if (rc != OQS_SUCCESS) {
 		throw std::runtime_error("ERROR: OQS_SIG_sign failed!");
 	}
 	rc = OQS_SIG_verify(sig.get(), message.get(), message_len, signature.get(), signature_len, public_key.get());
 	if (rc != OQS_SUCCESS) {
 		throw std::runtime_error("ERROR: OQS_SIG_verify failed!");
 	}
 	std::cout << "[example_heap]  OQS_SIG_dilithium_2 operations completed." << std::endl;
 	return OQS_SUCCESS; // success
 #else
 	std::cout << "[example_heap] OQS_SIG_dilithium_2 was not enabled at compile-time." << std::endl;
 	return OQS_SUCCESS;
 #endif
 }
 int main() {
 	OQS_init();
 	try {
 		example_stack();
 		example_heap();
 	}
 	catch (std::exception e) {
 		std::cerr << e.what() << std::endl;
 		OQS_destroy();
 		return EXIT_FAILURE;
 	}
 	OQS_destroy();
 	return EXIT_SUCCESS;
 }
 void cleanup_stack(uint8_t *secret_key, size_t secret_key_len) {
 	OQS_MEM_cleanse(secret_key, secret_key_len);
 }
--- a/docs/.Doxyfile
+++ b/docs/.Doxyfile
@ -1,4 +1,4 @@
-# Doxyfile 1.9.3
+# Doxyfile 1.10.0
 # This file describes the settings to be used by the documentation system
 # doxygen (www.doxygen.org) for a project.
@ -12,6 +12,16 @@
 # For lists, items can also be appended using:
 # TAG += value [value, ...]
 # Values that contain spaces should be placed between quotes (\" \").
 #
 # Note:
 #
 # Use doxygen to compare the used configuration file with the template
 # configuration file:
 # doxygen -x [configFile]
 # Use doxygen to compare the used configuration file with the template
 # configuration file without replacing the environment variables or CMake type
 # replacement variables:
 # doxygen -x_noenv [configFile]
 #---------------------------------------------------------------------------
 # Project related configuration options
@ -53,6 +63,12 @@ PROJECT_BRIEF          =
 PROJECT_LOGO           =
 # With the PROJECT_ICON tag one can specify an icon that is included in the tabs
 # when the HTML document is shown. Doxygen will copy the logo to the output
 # directory.
 PROJECT_ICON           =
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
 # into which the generated documentation will be written. If a relative path is
 # entered, it will be relative to the location where doxygen was started. If
@ -60,16 +76,28 @@ PROJECT_LOGO           =
 OUTPUT_DIRECTORY       = $(DOXYGEN_DESTIONATION_DIR)
-# If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub-
+# If the CREATE_SUBDIRS tag is set to YES then doxygen will create up to 4096
-# directories (in 2 levels) under the output directory of each output format and
+# sub-directories (in 2 levels) under the output directory of each output format
-# will distribute the generated files over these directories. Enabling this
+# and will distribute the generated files over these directories. Enabling this
 # option can be useful when feeding doxygen a huge amount of source files, where
 # putting all generated files in the same directory would otherwise causes
-# performance problems for the file system.
+# performance problems for the file system. Adapt CREATE_SUBDIRS_LEVEL to
 # control the number of sub-directories.
 # The default value is: NO.
 CREATE_SUBDIRS         = NO
 # Controls the number of sub-directories that will be created when
 # CREATE_SUBDIRS tag is set to YES. Level 0 represents 16 directories, and every
 # level increment doubles the number of directories, resulting in 4096
 # directories at level 8 which is the default and also the maximum value. The
 # sub-directories are organized in 2 levels, the first level always has a fixed
 # number of 16 directories.
 # Minimum value: 0, maximum value: 8, default value: 8.
 # This tag requires that the tag CREATE_SUBDIRS is set to YES.
 CREATE_SUBDIRS_LEVEL   = 8
 # If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII
 # characters to appear in the names of generated files. If set to NO, non-ASCII
 # characters will be escaped, for example _xE3_x81_x84 will be used for Unicode
@ -81,14 +109,14 @@ ALLOW_UNICODE_NAMES    = NO
 # The OUTPUT_LANGUAGE tag is used to specify the language in which all
 # documentation generated by doxygen is written. Doxygen will use this
 # information to generate all constant output in the proper language.
-# Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese,
+# Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Bulgarian,
-# Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States),
+# Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, Dutch, English
-# Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian,
+# (United States), Esperanto, Farsi (Persian), Finnish, French, German, Greek,
-# Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages),
+# Hindi, Hungarian, Indonesian, Italian, Japanese, Japanese-en (Japanese with
-# Korean, Korean-en (Korean with English messages), Latvian, Lithuanian,
+# English messages), Korean, Korean-en (Korean with English messages), Latvian,
-# Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian,
+# Lithuanian, Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese,
-# Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish,
+# Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish,
-# Ukrainian and Vietnamese.
+# Swedish, Turkish, Ukrainian and Vietnamese.
 # The default value is: English.
 OUTPUT_LANGUAGE        = English
@ -341,6 +369,17 @@ MARKDOWN_SUPPORT       = YES
 TOC_INCLUDE_HEADINGS   = 0
 # The MARKDOWN_ID_STYLE tag can be used to specify the algorithm used to
 # generate identifiers for the Markdown headings. Note: Every identifier is
 # unique.
 # Possible values are: DOXYGEN use a fixed 'autotoc_md' string followed by a
 # sequence number starting at 0 and GITHUB use the lower case version of title
 # with any whitespace replaced by '-' and punctuation characters removed.
 # The default value is: DOXYGEN.
 # This tag requires that the tag MARKDOWN_SUPPORT is set to YES.
 MARKDOWN_ID_STYLE      = GITHUB
 # When enabled doxygen tries to link words that correspond to documented
 # classes, or namespaces to their corresponding documentation. Such a link can
 # be prevented in individual cases by putting a % sign in front of the word or
@ -452,7 +491,7 @@ TYPEDEF_HIDES_STRUCT   = NO
 LOOKUP_CACHE_SIZE      = 0
-# The NUM_PROC_THREADS specifies the number threads doxygen is allowed to use
+# The NUM_PROC_THREADS specifies the number of threads doxygen is allowed to use
 # during processing. When set to 0 doxygen will based this on the number of
 # cores available in the system. You can set it explicitly to a value larger
 # than 0 to get more control over the balance between CPU load and processing
@ -465,6 +504,14 @@ LOOKUP_CACHE_SIZE      = 0
 NUM_PROC_THREADS       = 1
 # If the TIMESTAMP tag is set different from NO then each generated page will
 # contain the date or date and time when the page was generated. Setting this to
 # NO can help when comparing the output of multiple runs.
 # Possible values are: YES, NO, DATETIME and DATE.
 # The default value is: NO.
 TIMESTAMP              = NO
 #---------------------------------------------------------------------------
 # Build related configuration options
 #---------------------------------------------------------------------------
@ -546,7 +593,8 @@ HIDE_UNDOC_MEMBERS     = NO
 # If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all
 # undocumented classes that are normally visible in the class hierarchy. If set
 # to NO, these classes will be included in the various overviews. This option
-# has no effect if EXTRACT_ALL is enabled.
+# will also hide undocumented C++ concepts if enabled. This option has no effect
 # if EXTRACT_ALL is enabled.
 # The default value is: NO.
 HIDE_UNDOC_CLASSES     = NO
@ -577,14 +625,15 @@ INTERNAL_DOCS          = NO
 # filesystem is case sensitive (i.e. it supports files in the same directory
 # whose names only differ in casing), the option must be set to YES to properly
 # deal with such files in case they appear in the input. For filesystems that
-# are not case sensitive the option should be be set to NO to properly deal with
+# are not case sensitive the option should be set to NO to properly deal with
 # output files written for symbols that only differ in casing, such as for two
 # classes, one named CLASS and the other named Class, and to also support
 # references to files without having to specify the exact matching casing. On
 # Windows (including Cygwin) and MacOS, users should typically set this option
 # to NO, whereas on Linux or other Unix flavors it should typically be set to
 # YES.
-# The default value is: system dependent.
+# Possible values are: SYSTEM, NO and YES.
 # The default value is: SYSTEM.
 CASE_SENSE_NAMES       = NO
@ -836,11 +885,26 @@ WARN_IF_INCOMPLETE_DOC = YES
 WARN_NO_PARAMDOC       = NO
 # If WARN_IF_UNDOC_ENUM_VAL option is set to YES, doxygen will warn about
 # undocumented enumeration values. If set to NO, doxygen will accept
 # undocumented enumeration values. If EXTRACT_ALL is set to YES then this flag
 # will automatically be disabled.
 # The default value is: NO.
 WARN_IF_UNDOC_ENUM_VAL = NO
 # If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when
 # a warning is encountered. If the WARN_AS_ERROR tag is set to FAIL_ON_WARNINGS
 # then doxygen will continue running as if WARN_AS_ERROR tag is set to NO, but
 # at the end of the doxygen process doxygen will return with a non-zero status.
-# Possible values are: NO, YES and FAIL_ON_WARNINGS.
+# If the WARN_AS_ERROR tag is set to FAIL_ON_WARNINGS_PRINT then doxygen behaves
 # like FAIL_ON_WARNINGS but in case no WARN_LOGFILE is defined doxygen will not
 # write the warning messages in between other messages but write them at the end
 # of a run, in case a WARN_LOGFILE is defined the warning messages will be
 # besides being in the defined file also be shown at the end of a run, unless
 # the WARN_LOGFILE is defined as - i.e. standard output (stdout) in that case
 # the behavior will remain as with the setting FAIL_ON_WARNINGS.
 # Possible values are: NO, YES, FAIL_ON_WARNINGS and FAIL_ON_WARNINGS_PRINT.
 # The default value is: NO.
 WARN_AS_ERROR          = FAIL_ON_WARNINGS
@ -851,10 +915,21 @@ WARN_AS_ERROR          = FAIL_ON_WARNINGS
 # and the warning text. Optionally the format may contain $version, which will
 # be replaced by the version of the file (if it could be obtained via
 # FILE_VERSION_FILTER)
 # See also: WARN_LINE_FORMAT
 # The default value is: $file:$line: $text.
 WARN_FORMAT            = "$file:$line: $text"
 # In the $text part of the WARN_FORMAT command it is possible that a reference
 # to a more specific place is given. To make it easier to jump to this place
 # (outside of doxygen) the user can define a custom "cut" / "paste" string.
 # Example:
 # WARN_LINE_FORMAT = "'vi $file +$line'"
 # See also: WARN_FORMAT
 # The default value is: at line $line of file $file.
 WARN_LINE_FORMAT       = "at line $line of file $file"
 # The WARN_LOGFILE tag can be used to specify a file to which warning and error
 # messages should be written. If left blank the output is written to standard
 # error (stderr). In case the file specified cannot be opened for writing the
@ -874,15 +949,18 @@ WARN_LOGFILE           =
 # spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
 # Note: If this tag is empty the current directory is searched.
-INPUT                  = src/common/common.h \
+INPUT                  = src/common/aes/aes_ops.h \
                         src/common/common.h \
                         src/common/rand/rand.h \
-                         src/common/aes/aes.h \
+                         src/common/sha2/sha2_ops.h \
-                         src/common/sha2/sha2.h \
+                         src/common/sha3/sha3_ops.h \
-                         src/common/sha3/sha3.h \
+                         src/common/sha3/sha3x4_ops.h \
                         src/kem/kem.h \
                         src/sig/sig.h \
                         src/sig_stfl/sig_stfl.h \
                         README.md \
                         CONFIGURE.md \
                         SECURITY.md \
                         CONTRIBUTORS
 # This tag can be used to specify the character encoding of the source files
@ -890,10 +968,21 @@ INPUT                  = src/common/common.h \
 # libiconv (or the iconv built into libc) for the transcoding. See the libiconv
 # documentation (see:
 # https://www.gnu.org/software/libiconv/) for the list of possible encodings.
 # See also: INPUT_FILE_ENCODING
 # The default value is: UTF-8.
 INPUT_ENCODING         = UTF-8
 # This tag can be used to specify the character encoding of the source files
 # that doxygen parses The INPUT_FILE_ENCODING tag can be used to specify
 # character encoding on a per file pattern basis. Doxygen will compare the file
 # name with each pattern and apply the encoding instead of the default
 # INPUT_ENCODING) if there is a match. The character encodings are a list of the
 # form: pattern=encoding (like *.php=ISO-8859-1). See cfg_input_encoding
 # "INPUT_ENCODING" for further information on supported encodings.
 INPUT_FILE_ENCODING    =
 # If the value of the INPUT tag contains directories, you can use the
 # FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and
 # *.h) to filter out the source-files in the directories.
@ -905,12 +994,12 @@ INPUT_ENCODING         = UTF-8
 # Note the list of default checked file patterns might differ from the list of
 # default file extension mappings.
 #
-# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp,
+# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cxxm,
-# *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h,
+# *.cpp, *.cppm, *.ccm, *.c++, *.c++m, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl,
-# *.hh, *.hxx, *.hpp, *.h++, *.l, *.cs, *.d, *.php, *.php4, *.php5, *.phtml,
+# *.idl, *.ddl, *.odl, *.h, *.hh, *.hxx, *.hpp, *.h++, *.ixx, *.l, *.cs, *.d,
-# *.inc, *.m, *.markdown, *.md, *.mm, *.dox (to be provided as doxygen C
+# *.php, *.php4, *.php5, *.phtml, *.inc, *.m, *.markdown, *.md, *.mm, *.dox (to
-# comment), *.py, *.pyw, *.f90, *.f95, *.f03, *.f08, *.f18, *.f, *.for, *.vhd,
+# be provided as doxygen C comment), *.py, *.pyw, *.f90, *.f95, *.f03, *.f08,
-# *.vhdl, *.ucf, *.qsf and *.ice.
+# *.f18, *.f, *.for, *.vhd, *.vhdl, *.ucf, *.qsf and *.ice.
 FILE_PATTERNS          = *.c \
                         *.cc \
@ -993,9 +1082,6 @@ EXCLUDE_PATTERNS       =
 # output. The symbol name can be a fully qualified name, a word, or if the
 # wildcard * is used, a substring. Examples: ANamespace, AClass,
 # ANamespace::AClass, ANamespace::*Test
 #
 # Note that the wildcards are matched against the file with absolute path, so to
 # exclude all test directories use the pattern */test/*
 EXCLUDE_SYMBOLS        =
@ -1040,6 +1126,11 @@ IMAGE_PATH             =
 # code is scanned, but not when the output code is generated. If lines are added
 # or removed, the anchors will not be placed correctly.
 #
 # Note that doxygen will use the data processed and written to standard output
 # for further processing, therefore nothing else, like debug statements or used
 # commands (so in case of a Windows batch file always use @echo OFF), should be
 # written to standard output.
 #
 # Note that for custom extensions or not directly supported extensions you also
 # need to set EXTENSION_MAPPING for the extension otherwise the files are not
 # properly processed by doxygen.
@ -1081,6 +1172,15 @@ FILTER_SOURCE_PATTERNS =
 USE_MDFILE_AS_MAINPAGE = README.md
 # The Fortran standard specifies that for fixed formatted Fortran code all
 # characters from position 72 are to be considered as comment. A common
 # extension is to allow longer lines before the automatic comment starts. The
 # setting FORTRAN_COMMENT_AFTER will also make it possible that longer lines can
 # be processed before the automatic comment starts.
 # Minimum value: 7, maximum value: 10000, default value: 72.
 FORTRAN_COMMENT_AFTER  = 72
 #---------------------------------------------------------------------------
 # Configuration options related to source browsing
 #---------------------------------------------------------------------------
@ -1095,7 +1195,8 @@ USE_MDFILE_AS_MAINPAGE = README.md
 SOURCE_BROWSER         = NO
 # Setting the INLINE_SOURCES tag to YES will include the body of functions,
-# classes and enums directly into the documentation.
+# multi-line macros, enums or list initialized variables directly into the
 # documentation.
 # The default value is: NO.
 INLINE_SOURCES         = NO
@ -1178,10 +1279,11 @@ VERBATIM_HEADERS       = YES
 ALPHABETICAL_INDEX     = YES
-# In case all classes in a project start with a common prefix, all classes will
+# The IGNORE_PREFIX tag can be used to specify a prefix (or a list of prefixes)
-# be put under the same header in the alphabetical index. The IGNORE_PREFIX tag
+# that should be ignored while generating the index headers. The IGNORE_PREFIX
-# can be used to specify a prefix (or a list of prefixes) that should be ignored
+# tag works for classes, function and member names. The entity will be placed in
-# while generating the index headers.
+# the alphabetical list under the first letter of the entity name that remains
 # after removing the prefix.
 # This tag requires that the tag ALPHABETICAL_INDEX is set to YES.
 IGNORE_PREFIX          =
@ -1260,7 +1362,12 @@ HTML_STYLESHEET        =
 # Doxygen will copy the style sheet files to the output directory.
 # Note: The order of the extra style sheet files is of importance (e.g. the last
 # style sheet in the list overrules the setting of the previous ones in the
-# list). For an example see the documentation.
+# list).
 # Note: Since the styling of scrollbars can currently not be overruled in
 # Webkit/Chromium, the styling will be left out of the default doxygen.css if
 # one or more extra stylesheets have been specified. So if scrollbar
 # customization is desired it has to be added explicitly. For an example see the
 # documentation.
 # This tag requires that the tag GENERATE_HTML is set to YES.
 HTML_EXTRA_STYLESHEET  =
@ -1275,6 +1382,19 @@ HTML_EXTRA_STYLESHEET  =
 HTML_EXTRA_FILES       =
 # The HTML_COLORSTYLE tag can be used to specify if the generated HTML output
 # should be rendered with a dark or light theme.
 # Possible values are: LIGHT always generate light mode output, DARK always
 # generate dark mode output, AUTO_LIGHT automatically set the mode according to
 # the user preference, use light mode if no preference is set (the default),
 # AUTO_DARK automatically set the mode according to the user preference, use
 # dark mode if no preference is set and TOGGLE allow to user to switch between
 # light and dark mode via a button.
 # The default value is: AUTO_LIGHT.
 # This tag requires that the tag GENERATE_HTML is set to YES.
 HTML_COLORSTYLE        = AUTO_LIGHT
 # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen
 # will adjust the colors in the style sheet and background images according to
 # this color. Hue is specified as an angle on a color-wheel, see
@ -1305,15 +1425,6 @@ HTML_COLORSTYLE_SAT    = 100
 HTML_COLORSTYLE_GAMMA  = 80
 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML
 # page will contain the date and time when the page was generated. Setting this
 # to YES can help to show when doxygen was last run and thus if the
 # documentation is up to date.
 # The default value is: NO.
 # This tag requires that the tag GENERATE_HTML is set to YES.
 HTML_TIMESTAMP         = NO
 # If the HTML_DYNAMIC_MENUS tag is set to YES then the generated HTML
 # documentation will contain a main index with vertical navigation menus that
 # are dynamically created via JavaScript. If disabled, the navigation index will
@ -1333,6 +1444,33 @@ HTML_DYNAMIC_MENUS     = YES
 HTML_DYNAMIC_SECTIONS  = NO
 # If the HTML_CODE_FOLDING tag is set to YES then classes and functions can be
 # dynamically folded and expanded in the generated HTML source code.
 # The default value is: YES.
 # This tag requires that the tag GENERATE_HTML is set to YES.
 HTML_CODE_FOLDING      = YES
 # If the HTML_COPY_CLIPBOARD tag is set to YES then doxygen will show an icon in
 # the top right corner of code and text fragments that allows the user to copy
 # its content to the clipboard. Note this only works if supported by the browser
 # and the web page is served via a secure context (see:
 # https://www.w3.org/TR/secure-contexts/), i.e. using the https: or file:
 # protocol.
 # The default value is: YES.
 # This tag requires that the tag GENERATE_HTML is set to YES.
 HTML_COPY_CLIPBOARD    = YES
 # Doxygen stores a couple of settings persistently in the browser (via e.g.
 # cookies). By default these settings apply to all HTML pages generated by
 # doxygen across all projects. The HTML_PROJECT_COOKIE tag can be used to store
 # the settings under a project specific key, such that the user preferences will
 # be stored separately.
 # This tag requires that the tag GENERATE_HTML is set to YES.
 HTML_PROJECT_COOKIE    =
 # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries
 # shown in the various tree structured indices initially; the user can expand
 # and collapse entries dynamically later on. Doxygen will expand the tree to
@ -1463,6 +1601,16 @@ BINARY_TOC             = NO
 TOC_EXPAND             = NO
 # The SITEMAP_URL tag is used to specify the full URL of the place where the
 # generated documentation will be placed on the server by the user during the
 # deployment of the documentation. The generated sitemap is called sitemap.xml
 # and placed on the directory specified by HTML_OUTPUT. In case no SITEMAP_URL
 # is specified no sitemap is generated. For information about the sitemap
 # protocol see https://www.sitemaps.org
 # This tag requires that the tag GENERATE_HTML is set to YES.
 SITEMAP_URL            =
 # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and
 # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that
 # can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help
@ -1638,17 +1786,6 @@ HTML_FORMULA_FORMAT    = png
 FORMULA_FONTSIZE       = 10
 # Use the FORMULA_TRANSPARENT tag to determine whether or not the images
 # generated for formulas are transparent PNGs. Transparent PNGs are not
 # supported properly for IE 6.0, but are supported on all modern browsers.
 #
 # Note that when changing this option you need to delete any form_*.png files in
 # the HTML output directory before the changes have effect.
 # The default value is: YES.
 # This tag requires that the tag GENERATE_HTML is set to YES.
 FORMULA_TRANSPARENT    = YES
 # The FORMULA_MACROFILE can contain LaTeX \newcommand and \renewcommand commands
 # to create new LaTeX commands to be used in formulas as building blocks. See
 # the section "Including formulas" for details.
@ -1962,9 +2099,16 @@ PDF_HYPERLINKS         = YES
 USE_PDFLATEX           = YES
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \batchmode
+# The LATEX_BATCHMODE tag signals the behavior of LaTeX in case of an error.
-# command to the generated LaTeX files. This will instruct LaTeX to keep running
+# Possible values are: NO same as ERROR_STOP, YES same as BATCH, BATCH In batch
-# if errors occur, instead of asking the user for help.
+# mode nothing is printed on the terminal, errors are scrolled as if <return> is
 # hit at every error; missing files that TeX tries to input or request from
 # keyboard input (\read on a not open input stream) cause the job to abort,
 # NON_STOP In nonstop mode the diagnostic message will appear on the terminal,
 # but there is no possibility of user interaction just like in batch mode,
 # SCROLL In scroll mode, TeX will stop only for missing files to input or if
 # keyboard input is necessary and ERROR_STOP In errorstop mode, TeX will stop at
 # each error, asking for user intervention.
 # The default value is: NO.
 # This tag requires that the tag GENERATE_LATEX is set to YES.
@ -1985,14 +2129,6 @@ LATEX_HIDE_INDICES     = NO
 LATEX_BIB_STYLE        = plain
 # If the LATEX_TIMESTAMP tag is set to YES then the footer of each generated
 # page will contain the date and time when the page was generated. Setting this
 # to NO can help when comparing the output of multiple runs.
 # The default value is: NO.
 # This tag requires that the tag GENERATE_LATEX is set to YES.
 LATEX_TIMESTAMP        = NO
 # The LATEX_EMOJI_DIRECTORY tag is used to specify the (relative or absolute)
 # path from which the emoji images will be read. If a relative path is entered,
 # it will be relative to the LATEX_OUTPUT directory. If left blank the
@ -2158,13 +2294,39 @@ DOCBOOK_OUTPUT         = docbook
 #---------------------------------------------------------------------------
 # If the GENERATE_AUTOGEN_DEF tag is set to YES, doxygen will generate an
-# AutoGen Definitions (see http://autogen.sourceforge.net/) file that captures
+# AutoGen Definitions (see https://autogen.sourceforge.net/) file that captures
 # the structure of the code including all documentation. Note that this feature
 # is still experimental and incomplete at the moment.
 # The default value is: NO.
 GENERATE_AUTOGEN_DEF   = NO
 #---------------------------------------------------------------------------
 # Configuration options related to Sqlite3 output
 #---------------------------------------------------------------------------
 # If the GENERATE_SQLITE3 tag is set to YES doxygen will generate a Sqlite3
 # database with symbols found by doxygen stored in tables.
 # The default value is: NO.
 GENERATE_SQLITE3       = NO
 # The SQLITE3_OUTPUT tag is used to specify where the Sqlite3 database will be
 # put. If a relative path is entered the value of OUTPUT_DIRECTORY will be put
 # in front of it.
 # The default directory is: sqlite3.
 # This tag requires that the tag GENERATE_SQLITE3 is set to YES.
 SQLITE3_OUTPUT         = sqlite3
 # The SQLITE3_RECREATE_DB tag is set to YES, the existing doxygen_sqlite3.db
 # database file will be recreated with each doxygen run. If set to NO, doxygen
 # will warn if a database file is already found and not modify it.
 # The default value is: YES.
 # This tag requires that the tag GENERATE_SQLITE3 is set to YES.
 SQLITE3_RECREATE_DB    = YES
 #---------------------------------------------------------------------------
 # Configuration options related to the Perl module output
 #---------------------------------------------------------------------------
@ -2239,7 +2401,8 @@ SEARCH_INCLUDES        = YES
 # The INCLUDE_PATH tag can be used to specify one or more directories that
 # contain include files that are not input files but should be processed by the
-# preprocessor.
+# preprocessor. Note that the INCLUDE_PATH is not recursive, so the setting of
 # RECURSIVE has no effect here.
 # This tag requires that the tag SEARCH_INCLUDES is set to YES.
 INCLUDE_PATH           =
@ -2306,15 +2469,15 @@ TAGFILES               =
 GENERATE_TAGFILE       =
-# If the ALLEXTERNALS tag is set to YES, all external class will be listed in
+# If the ALLEXTERNALS tag is set to YES, all external classes and namespaces
-# the class index. If set to NO, only the inherited external classes will be
+# will be listed in the class and namespace index. If set to NO, only the
-# listed.
+# inherited external classes will be listed.
 # The default value is: NO.
 ALLEXTERNALS           = NO
 # If the EXTERNAL_GROUPS tag is set to YES, all external groups will be listed
-# in the modules index. If set to NO, only the current project's groups will be
+# in the topic index. If set to NO, only the current project's groups will be
 # listed.
 # The default value is: YES.
@ -2328,16 +2491,9 @@ EXTERNAL_GROUPS        = YES
 EXTERNAL_PAGES         = YES
 #---------------------------------------------------------------------------
-# Configuration options related to the dot tool
+# Configuration options related to diagram generator tools
 #---------------------------------------------------------------------------
 # You can include diagrams made with dia in doxygen documentation. Doxygen will
 # then run dia to produce the diagram and insert it in the documentation. The
 # DIA_PATH tag allows you to specify the directory where the dia binary resides.
 # If left empty dia is assumed to be found in the default search path.
 DIA_PATH               =
 # If set to YES the inheritance and collaboration graphs will hide inheritance
 # and usage relations if the target is undocumented or is not a class.
 # The default value is: YES.
@ -2346,7 +2502,7 @@ HIDE_UNDOC_RELATIONS   = YES
 # If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
 # available from the path. This tool is part of Graphviz (see:
-# http://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent
+# https://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent
 # Bell Labs. The other options in this section have no effect if this option is
 # set to NO
 # The default value is: NO.
@ -2363,37 +2519,55 @@ HAVE_DOT               = NO
 DOT_NUM_THREADS        = 0
-# When you want a differently looking font in the dot files that doxygen
+# DOT_COMMON_ATTR is common attributes for nodes, edges and labels of
-# generates you can specify the font name using DOT_FONTNAME. You need to make
+# subgraphs. When you want a differently looking font in the dot files that
-# sure dot is able to find the font, which can be done by putting it in a
+# doxygen generates you can specify fontname, fontcolor and fontsize attributes.
-# standard location or by setting the DOTFONTPATH environment variable or by
+# For details please see <a href=https://graphviz.org/doc/info/attrs.html>Node,
-# setting DOT_FONTPATH to the directory containing the font.
+# Edge and Graph Attributes specification</a> You need to make sure dot is able
-# The default value is: Helvetica.
+# to find the font, which can be done by putting it in a standard location or by
 # setting the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the
 # directory containing the font. Default graphviz fontsize is 14.
 # The default value is: fontname=Helvetica,fontsize=10.
 # This tag requires that the tag HAVE_DOT is set to YES.
-DOT_FONTNAME           = Helvetica
+DOT_COMMON_ATTR        = "fontname=Helvetica,fontsize=10"
-# The DOT_FONTSIZE tag can be used to set the size (in points) of the font of
+# DOT_EDGE_ATTR is concatenated with DOT_COMMON_ATTR. For elegant style you can
-# dot graphs.
+# add 'arrowhead=open, arrowtail=open, arrowsize=0.5'. <a
-# Minimum value: 4, maximum value: 24, default value: 10.
+# href=https://graphviz.org/doc/info/arrows.html>Complete documentation about
 # arrows shapes.</a>
 # The default value is: labelfontname=Helvetica,labelfontsize=10.
 # This tag requires that the tag HAVE_DOT is set to YES.
-DOT_FONTSIZE           = 10
+DOT_EDGE_ATTR          = "labelfontname=Helvetica,labelfontsize=10"
-# By default doxygen will tell dot to use the default font as specified with
+# DOT_NODE_ATTR is concatenated with DOT_COMMON_ATTR. For view without boxes
-# DOT_FONTNAME. If you specify a different font using DOT_FONTNAME you can set
+# around nodes set 'shape=plain' or 'shape=plaintext' <a
-# the path where dot can find it using this tag.
+# href=https://www.graphviz.org/doc/info/shapes.html>Shapes specification</a>
 # The default value is: shape=box,height=0.2,width=0.4.
 # This tag requires that the tag HAVE_DOT is set to YES.
 DOT_NODE_ATTR          = "shape=box,height=0.2,width=0.4"
 # You can set the path where dot can find font specified with fontname in
 # DOT_COMMON_ATTR and others dot attributes.
 # This tag requires that the tag HAVE_DOT is set to YES.
 DOT_FONTPATH           =
-# If the CLASS_GRAPH tag is set to YES (or GRAPH) then doxygen will generate a
+# If the CLASS_GRAPH tag is set to YES or GRAPH or BUILTIN then doxygen will
-# graph for each documented class showing the direct and indirect inheritance
+# generate a graph for each documented class showing the direct and indirect
-# relations. In case HAVE_DOT is set as well dot will be used to draw the graph,
+# inheritance relations. In case the CLASS_GRAPH tag is set to YES or GRAPH and
-# otherwise the built-in generator will be used. If the CLASS_GRAPH tag is set
+# HAVE_DOT is enabled as well, then dot will be used to draw the graph. In case
-# to TEXT the direct and indirect inheritance relations will be shown as texts /
+# the CLASS_GRAPH tag is set to YES and HAVE_DOT is disabled or if the
-# links.
+# CLASS_GRAPH tag is set to BUILTIN, then the built-in generator will be used.
-# Possible values are: NO, YES, TEXT and GRAPH.
+# If the CLASS_GRAPH tag is set to TEXT the direct and indirect inheritance
 # relations will be shown as texts / links. Explicit enabling an inheritance
 # graph or choosing a different representation for an inheritance graph of a
 # specific class, can be accomplished by means of the command \inheritancegraph.
 # Disabling an inheritance graph can be accomplished by means of the command
 # \hideinheritancegraph.
 # Possible values are: NO, YES, TEXT, GRAPH and BUILTIN.
 # The default value is: YES.
 CLASS_GRAPH            = YES
@ -2401,14 +2575,21 @@ CLASS_GRAPH            = YES
 # If the COLLABORATION_GRAPH tag is set to YES then doxygen will generate a
 # graph for each documented class showing the direct and indirect implementation
 # dependencies (inheritance, containment, and class references variables) of the
-# class with other documented classes.
+# class with other documented classes. Explicit enabling a collaboration graph,
 # when COLLABORATION_GRAPH is set to NO, can be accomplished by means of the
 # command \collaborationgraph. Disabling a collaboration graph can be
 # accomplished by means of the command \hidecollaborationgraph.
 # The default value is: YES.
 # This tag requires that the tag HAVE_DOT is set to YES.
 COLLABORATION_GRAPH    = YES
 # If the GROUP_GRAPHS tag is set to YES then doxygen will generate a graph for
-# groups, showing the direct groups dependencies.
+# groups, showing the direct groups dependencies. Explicit enabling a group
 # dependency graph, when GROUP_GRAPHS is set to NO, can be accomplished by means
 # of the command \groupgraph. Disabling a directory graph can be accomplished by
 # means of the command \hidegroupgraph. See also the chapter Grouping in the
 # manual.
 # The default value is: YES.
 # This tag requires that the tag HAVE_DOT is set to YES.
@ -2450,8 +2631,8 @@ DOT_UML_DETAILS        = NO
 # The DOT_WRAP_THRESHOLD tag can be used to set the maximum number of characters
 # to display on a single line. If the actual line length exceeds this threshold
-# significantly it will wrapped across multiple lines. Some heuristics are apply
+# significantly it will be wrapped across multiple lines. Some heuristics are
-# to avoid ugly line breaks.
+# applied to avoid ugly line breaks.
 # Minimum value: 0, maximum value: 1000, default value: 17.
 # This tag requires that the tag HAVE_DOT is set to YES.
@ -2468,7 +2649,9 @@ TEMPLATE_RELATIONS     = NO
 # If the INCLUDE_GRAPH, ENABLE_PREPROCESSING and SEARCH_INCLUDES tags are set to
 # YES then doxygen will generate a graph for each documented file showing the
 # direct and indirect include dependencies of the file with other documented
-# files.
+# files. Explicit enabling an include graph, when INCLUDE_GRAPH is is set to NO,
 # can be accomplished by means of the command \includegraph. Disabling an
 # include graph can be accomplished by means of the command \hideincludegraph.
 # The default value is: YES.
 # This tag requires that the tag HAVE_DOT is set to YES.
@ -2477,7 +2660,10 @@ INCLUDE_GRAPH          = NO
 # If the INCLUDED_BY_GRAPH, ENABLE_PREPROCESSING and SEARCH_INCLUDES tags are
 # set to YES then doxygen will generate a graph for each documented file showing
 # the direct and indirect include dependencies of the file with other documented
-# files.
+# files. Explicit enabling an included by graph, when INCLUDED_BY_GRAPH is set
 # to NO, can be accomplished by means of the command \includedbygraph. Disabling
 # an included by graph can be accomplished by means of the command
 # \hideincludedbygraph.
 # The default value is: YES.
 # This tag requires that the tag HAVE_DOT is set to YES.
@ -2517,7 +2703,10 @@ GRAPHICAL_HIERARCHY    = YES
 # If the DIRECTORY_GRAPH tag is set to YES then doxygen will show the
 # dependencies a directory has on other directories in a graphical way. The
 # dependency relations are determined by the #include relations between the
-# files in the directories.
+# files in the directories. Explicit enabling a directory graph, when
 # DIRECTORY_GRAPH is set to NO, can be accomplished by means of the command
 # \directorygraph. Disabling a directory graph can be accomplished by means of
 # the command \hidedirectorygraph.
 # The default value is: YES.
 # This tag requires that the tag HAVE_DOT is set to YES.
@ -2533,7 +2722,7 @@ DIR_GRAPH_MAX_DEPTH    = 1
 # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
 # generated by dot. For an explanation of the image formats see the section
 # output formats in the documentation of the dot tool (Graphviz (see:
-# http://www.graphviz.org/)).
+# https://www.graphviz.org/)).
 # Note: If you choose svg you need to set HTML_FILE_EXTENSION to xhtml in order
 # to make the SVG files visible in IE 9+ (other browsers do not have this
 # requirement).
@ -2570,11 +2759,12 @@ DOT_PATH               =
 DOTFILE_DIRS           =
-# The MSCFILE_DIRS tag can be used to specify one or more directories that
+# You can include diagrams made with dia in doxygen documentation. Doxygen will
-# contain msc files that are included in the documentation (see the \mscfile
+# then run dia to produce the diagram and insert it in the documentation. The
-# command).
+# DIA_PATH tag allows you to specify the directory where the dia binary resides.
 # If left empty dia is assumed to be found in the default search path.
-MSCFILE_DIRS           =
+DIA_PATH               =
 # The DIAFILE_DIRS tag can be used to specify one or more directories that
 # contain dia files that are included in the documentation (see the \diafile
@ -2624,18 +2814,6 @@ DOT_GRAPH_MAX_NODES    = 50
 MAX_DOT_GRAPH_DEPTH    = 0
 # Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
 # background. This is disabled by default, because dot on Windows does not seem
 # to support this out of the box.
 #
 # Warning: Depending on the platform used, enabling this option may lead to
 # badly anti-aliased labels on the edges of a graph (i.e. they become hard to
 # read).
 # The default value is: NO.
 # This tag requires that the tag HAVE_DOT is set to YES.
 DOT_TRANSPARENT        = NO
 # Set the DOT_MULTI_TARGETS tag to YES to allow dot to generate multiple output
 # files in one run (i.e. multiple -o and -T options on the command line). This
 # makes dot run faster, but since only newer versions of dot (>1.8.10) support
@ -2663,3 +2841,19 @@ GENERATE_LEGEND        = YES
 # The default value is: YES.
 DOT_CLEANUP            = YES
 # You can define message sequence charts within doxygen comments using the \msc
 # command. If the MSCGEN_TOOL tag is left empty (the default), then doxygen will
 # use a built-in version of mscgen tool to produce the charts. Alternatively,
 # the MSCGEN_TOOL tag can also specify the name an external tool. For instance,
 # specifying prog as the value, doxygen will call the tool as prog -T
 # <outfile_format> -o <outputfile> <inputfile>. The external tool should support
 # output file formats "png", "eps", "svg", and "ismap".
 MSCGEN_TOOL            =
 # The MSCFILE_DIRS tag can be used to specify one or more directories that
 # contain msc files that are included in the documentation (see the \mscfile
 # command).
 MSCFILE_DIRS           =
--- a/docs/FUZZING.md
+++ b/docs/FUZZING.md
@ -0,0 +1,77 @@
 # Fuzzing
 Fuzz testing is an automated software testing method that injects invalid, 
 malformed, or unexpected inputs to reveal defects and vulnerabilities. A fuzzing 
 tool monitors the system for exceptions like crashes, information leakage, or 
 errors, helping developers identify and fix bugs and security loopholes.
 ## Current state of fuzzing in liboqs
 - [ ] kem 
  - [ ] bike
  - [ ] classic_mceliece
  - [ ] frodokem
  - [ ] hqc
  - [ ] kyber
  - [ ] ml_kem
  - [ ] ntruprime
 - [ ] sig
  - [x] dilithium
  - [x] falcon
  - [x] mayo
  - [x] ml_dsa
  - [x] sphincs
 - [ ] sig_stfl
  - [ ] lms
  - [ ] sig_stfl
  - [ ] xmss
 ## Building and running fuzz tests
 Building fuzz tests is very similar to building normally with some optional
 steps to target different types of bugs. The most basic ways to build the
 fuzz tests is as follows;
 ```bash
 mkdir build && cd build
 cmake -GNinja ..  -DOQS_BUILD_FUZZ_TESTS=ON
 ninja -j$(nproc)
 ```
 You'll now be able to run a fuzz test e.g.
 ```bash
 ./tests/fuzz_test_dilithium2
 #9764	NEW    cov: 4 ft: 708 corp: 100/318b lim: 43 exec/s: 9764 rss: 362Mb L: 41/41 MS: 4 EraseBytes-InsertRepeatedBytes-CMP-ChangeBit- DE: "\0004m\372"-
 ...
 ```
 The fuzzer will run indefinetely or;
 - until it finds a bug and crashes,
 - you manually stop the fuzzer i.e. CTRL-C
 - you set a timeout using the command line.
 For more details on the available command line args please consult the [libfuzzer docs](https://llvm.org/docs/LibFuzzer.html).
 ## Sanitizers
 It is a common pattern to combine fuzzing with various sanitizers to catch different bugs.
 One of the simpler sanitizers is the fuzzing sanitizer, which will instrument the code
 for coverage driven fuzzing. To enable this simply add this to your environment variables
 before configuring cmake;
 ```
 export CFLAGS=-fsanitize=fuzzer-no-link
 ```
 It is common to combine the fuzzer sanitizer with either the [address](https://clang.llvm.org/docs/AddressSanitizer.html)
 or the [undefined behaviour sanitizer](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html). To
 add these simply add the relevant flags to BOTH the CFLAGS and LDFLAGS e.g.
 ```
 export CFLAGS=-fsanitize=fuzzer-no-link,address
 export LDFLAGS=-fsanitize=address
 ```
 Then rerun cmake as normal i.e.
 ```bash
 mkdir build && cd build
 cmake -GNinja ..  -DOQS_BUILD_FUZZ_TESTS=ON
 ninja -j$(nproc)
 ```
--- a/docs/PROCEDURES.md
+++ b/docs/PROCEDURES.md
@ -0,0 +1,69 @@
 # Additional procedures for code maintenance 
 ## Managing pinned dependencies
 The OpenSSF, via the [scorecard](https://securityscorecards.dev/) project recommends that projects pin any
 dependencies they use:
 * to ensure reproducibility
 * to reduce the risk for rogue dependency updates to compromise software
 It's important to note that this requires any changes to dependencies are properly reviewed, and
 these changes, by design, should not be automatic in themselves, though automated tools may provide recommendations.
 ### Python dependencies
 Python dependencies used in the build process such as within `.github/workflows` should be pinned to a specific version to ensure reproducibility.
 This is achieved by:
 * Ensuring the required hash is in the `requirements.txt`.
 * Using the `--require-hashes` option on any `pip install` command line which causes pip to require hashes for all dependencies.
 To add a new, or changed dependency:
 * Ensure the `pip-compile` tool is installed via the [pip-tools](https://pypi.org/project/pip-tools/) package.
 * Update `requirements.in` with added, modified, or deleted dependencies. 
 * Update requirements.txt using `pip-compile --generate-hashes --output-file=requirements.txt requirements.in`.
 * Verify correct functionality.
 * Check in both `requirements.txt` and `requirements.in`.
 Note: `requirements.in` acts purely as a template in this process. It is not used during the installation of a dependency.
 ### Github Actions
 All actions used in `.github/worfklows` should pin the exact version of the action they are using, for
 example a step such as:
 ```yaml
 - name: Checkout code
  uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
 ```
 The exact hash specified after `@` is the git commit hash within the repo where the action is found.
 The [pin github action](https://github.com/mheap/pin-github-action) tool can be used to maintain these
 by, for example, running:
 ```shell
 pin-github-action unix.yml
 ```
 This will add the appropriate hash if not present, along with a comment, and also update each hash in accordance with any existing comment.
 For major updates, update the comment ie `pin@v4` to `pin@v5` and the tool will attempt to find the new hash.
 The comment should not be removed, and should exclusively be used for updating the version.
 A full explanation of how the tool operates can be found in the [documentation](https://github.com/mheap/pin-github-action).
 To help in explanation here's an example of a similar code fragment between tool executions:
 * Original entry is `uses: actions/checkout@v3`
 * run `pin-github-action unix.yml`
 * We now see `uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3`
 * later we want to go to v4, so update the text to `uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v4`
 * Now run `pin-github-action unix.yml` to correct the sha
 * File now shows `uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4`
 When changes have been made, correct functionality of the Github actions should be verified by reviewing the Github action logs and outputs. The SHA inserted by the tool can be searched for in Github to check it is associated with the expected version.
--- a/docs/algorithms/kem/bike.md
+++ b/docs/algorithms/kem/bike.md
@ -13,17 +13,17 @@
 ## Parameter set summary
-|  Parameter set  | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) |
+|  Parameter set  | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) | Keypair seed size (bytes)   |
-|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
+|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
-|     BIKE-L1     | IND-CPA          |                    1 |                      1541 |                      5223 |                      1573 |                           32 |
+|     BIKE-L1     | NA                    | IND-CPA          |                    1 |                      1541 |                      5223 |                      1573 |                           32 | NA                          |
-|     BIKE-L3     | IND-CPA          |                    3 |                      3083 |                     10105 |                      3115 |                           32 |
+|     BIKE-L3     | NA                    | IND-CPA          |                    3 |                      3083 |                     10105 |                      3115 |                           32 | NA                          |
-|     BIKE-L5     | IND-CPA          |                    5 |                      5122 |                     16494 |                      5154 |                           32 |
+|     BIKE-L5     | NA                    | IND-CPA          |                    5 |                      5122 |                     16494 |                      5154 |                           32 | NA                          |
 ## BIKE-L1 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
-| [Primary Source](#primary-source) | master                   | little endian               | Linux,Darwin                    | None                    | True                               | True                                           | False                 |
+| [Primary Source](#primary-source) | master                   | 64-bit little-endian        | Linux,Darwin                    | None                    | True                               | True                                           | False                 |
 | [Primary Source](#primary-source) | master                   | x86\_64                     | Linux,Darwin                    | AVX2,AVX512,PCLMUL,SSE2 | True                               | True                                           | False                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -34,7 +34,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | master                   | little endian               | Linux,Darwin                    | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | master                   | 64-bit little-endian        | Linux,Darwin                    | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | master                   | x86\_64                     | Linux,Darwin                    | AVX2,AVX512,PCLMUL,SSE2 | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -43,7 +43,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | master                   | little endian               | Linux,Darwin                    | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | master                   | 64-bit little-endian        | Linux,Darwin                    | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | master                   | x86\_64                     | Linux,Darwin                    | AVX2,AVX512,PCLMUL,SSE2 | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
--- a/docs/algorithms/kem/bike.yml
+++ b/docs/algorithms/kem/bike.yml
@ -40,7 +40,7 @@ parameter-sets:
  - upstream: primary-upstream
    upstream-id: master
    supported-platforms:
-    - architecture: little endian
+    - architecture: 64-bit little-endian
      operating_systems:
      - Linux
      - Darwin
@ -76,7 +76,7 @@ parameter-sets:
  - upstream: primary-upstream
    upstream-id: master
    supported-platforms:
-    - architecture: little endian
+    - architecture: 64-bit little-endian
      operating_systems:
      - Linux
      - Darwin
@ -112,7 +112,7 @@ parameter-sets:
  - upstream: primary-upstream
    upstream-id: master
    supported-platforms:
-    - architecture: little endian
+    - architecture: 64-bit little-endian
      operating_systems:
      - Linux
      - Darwin
--- a/docs/algorithms/kem/classic_mceliece.md
+++ b/docs/algorithms/kem/classic_mceliece.md
@ -6,7 +6,7 @@
 - **Authors' website**: https://classic.mceliece.org
 - **Specification version**: SUPERCOP-20221025.
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  - **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
  - **Implementation license (SPDX-Identifier)**: Public domain
 - **Ancestors of primary source**:
  - SUPERCOP-20221025 "clean" and "avx2" implementations
@ -18,25 +18,25 @@
 ## Parameter set summary
-|       Parameter set       | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) |
+|       Parameter set       | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) | Keypair seed size (bytes)   |
-|:-------------------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
+|:-------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
-|  Classic-McEliece-348864  | IND-CCA2         |                    1 |                    261120 |                      6492 |                        96 |                           32 |
+|  Classic-McEliece-348864  | NA                    | IND-CCA2         |                    1 |                    261120 |                      6492 |                        96 |                           32 | NA                          |
-| Classic-McEliece-348864f  | IND-CCA2         |                    1 |                    261120 |                      6492 |                        96 |                           32 |
+| Classic-McEliece-348864f  | NA                    | IND-CCA2         |                    1 |                    261120 |                      6492 |                        96 |                           32 | NA                          |
-|  Classic-McEliece-460896  | IND-CCA2         |                    3 |                    524160 |                     13608 |                       156 |                           32 |
+|  Classic-McEliece-460896  | NA                    | IND-CCA2         |                    3 |                    524160 |                     13608 |                       156 |                           32 | NA                          |
-| Classic-McEliece-460896f  | IND-CCA2         |                    3 |                    524160 |                     13608 |                       156 |                           32 |
+| Classic-McEliece-460896f  | NA                    | IND-CCA2         |                    3 |                    524160 |                     13608 |                       156 |                           32 | NA                          |
-| Classic-McEliece-6688128  | IND-CCA2         |                    5 |                   1044992 |                     13932 |                       208 |                           32 |
+| Classic-McEliece-6688128  | NA                    | IND-CCA2         |                    5 |                   1044992 |                     13932 |                       208 |                           32 | NA                          |
-| Classic-McEliece-6688128f | IND-CCA2         |                    5 |                   1044992 |                     13932 |                       208 |                           32 |
+| Classic-McEliece-6688128f | NA                    | IND-CCA2         |                    5 |                   1044992 |                     13932 |                       208 |                           32 | NA                          |
-| Classic-McEliece-6960119  | IND-CCA2         |                    5 |                   1047319 |                     13948 |                       194 |                           32 |
+| Classic-McEliece-6960119  | NA                    | IND-CCA2         |                    5 |                   1047319 |                     13948 |                       194 |                           32 | NA                          |
-| Classic-McEliece-6960119f | IND-CCA2         |                    5 |                   1047319 |                     13948 |                       194 |                           32 |
+| Classic-McEliece-6960119f | NA                    | IND-CCA2         |                    5 |                   1047319 |                     13948 |                       194 |                           32 | NA                          |
-| Classic-McEliece-8192128  | IND-CCA2         |                    5 |                   1357824 |                     14120 |                       208 |                           32 |
+| Classic-McEliece-8192128  | NA                    | IND-CCA2         |                    5 |                   1357824 |                     14120 |                       208 |                           32 | NA                          |
-| Classic-McEliece-8192128f | IND-CCA2         |                    5 |                   1357824 |                     14120 |                       208 |                           32 |
+| Classic-McEliece-8192128f | NA                    | IND-CCA2         |                    5 |                   1357824 |                     14120 |                       208 |                           32 | NA                          |
 ## Classic-McEliece-348864 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                  |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | True                  |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT             | False                              | True                                           | True                  |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT             | False                              | False                                          | True                  |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -46,8 +46,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | True                 |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT,BMI1        | False                              | True                                           | True                 |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT,BMI1        | False                              | False                                          | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -55,8 +55,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | True                 |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT             | False                              | True                                           | True                 |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT             | False                              | False                                          | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -64,8 +64,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | True                 |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT,BMI1        | False                              | True                                           | True                 |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT,BMI1        | False                              | False                                          | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -73,8 +73,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | True                 |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT             | False                              | True                                           | True                 |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT             | False                              | False                                          | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -82,8 +82,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | True                 |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT,BMI1        | False                              | True                                           | True                 |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT,BMI1        | False                              | False                                          | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -91,8 +91,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | True                 |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT             | False                              | True                                           | True                 |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT             | False                              | False                                          | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -100,8 +100,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | True                 |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT,BMI1        | False                              | True                                           | True                 |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT,BMI1        | False                              | False                                          | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -109,8 +109,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | True                 |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT             | False                              | True                                           | True                 |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT             | False                              | False                                          | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -118,8 +118,8 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | True                 |
-| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT,BMI1        | False                              | True                                           | True                 |
+| [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,POPCNT,BMI1        | False                              | False                                          | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
--- a/docs/algorithms/kem/classic_mceliece.yml
+++ b/docs/algorithms/kem/classic_mceliece.yml
@ -26,7 +26,9 @@ advisories:
  building with ``clang`` using optimization level ``-O2`` and ``-O3``. Care is advised
  when using the algorithm at higher optimization levels, and any other compiler and
  architecture.
- Current implementation of the algorithm may not be constant-time. Additionally, environment specific constant-time leaks may not be documented; please report potential constant-time leaks when found. 
+- Current implementation of the algorithm may not be constant-time. Additionally,
  environment specific constant-time leaks may not be documented; please report potential
  constant-time leaks when found.
 parameter-sets:
 - name: Classic-McEliece-348864
  claimed-nist-level: 1
@ -376,4 +378,4 @@ parameter-sets:
 auxiliary-submitters: []
 primary-upstream:
  spdx-license-identifier: Public domain
-  source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
--- a/docs/algorithms/kem/frodokem.md
+++ b/docs/algorithms/kem/frodokem.md
@ -12,14 +12,14 @@
 ## Parameter set summary
-|    Parameter set    | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) |
+|    Parameter set    | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) | Keypair seed size (bytes)   |
-|:-------------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
+|:-------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
-|  FrodoKEM-640-AES   | IND-CCA2         |                    1 |                      9616 |                     19888 |                      9720 |                           16 |
+|  FrodoKEM-640-AES   | NA                    | IND-CCA2         |                    1 |                      9616 |                     19888 |                      9720 |                           16 | NA                          |
-| FrodoKEM-640-SHAKE  | IND-CCA2         |                    1 |                      9616 |                     19888 |                      9720 |                           16 |
+| FrodoKEM-640-SHAKE  | NA                    | IND-CCA2         |                    1 |                      9616 |                     19888 |                      9720 |                           16 | NA                          |
-|  FrodoKEM-976-AES   | IND-CCA2         |                    3 |                     15632 |                     31296 |                     15744 |                           24 |
+|  FrodoKEM-976-AES   | NA                    | IND-CCA2         |                    3 |                     15632 |                     31296 |                     15744 |                           24 | NA                          |
-| FrodoKEM-976-SHAKE  | IND-CCA2         |                    3 |                     15632 |                     31296 |                     15744 |                           24 |
+| FrodoKEM-976-SHAKE  | NA                    | IND-CCA2         |                    3 |                     15632 |                     31296 |                     15744 |                           24 | NA                          |
-|  FrodoKEM-1344-AES  | IND-CCA2         |                    5 |                     21520 |                     43088 |                     21632 |                           32 |
+|  FrodoKEM-1344-AES  | NA                    | IND-CCA2         |                    5 |                     21520 |                     43088 |                     21632 |                           32 | NA                          |
-| FrodoKEM-1344-SHAKE | IND-CCA2         |                    5 |                     21520 |                     43088 |                     21632 |                           32 |
+| FrodoKEM-1344-SHAKE | NA                    | IND-CCA2         |                    5 |                     21520 |                     43088 |                     21632 |                           32 | NA                          |
 ## FrodoKEM-640-AES implementation characteristics
--- a/docs/algorithms/kem/hqc.md
+++ b/docs/algorithms/kem/hqc.md
@ -2,34 +2,29 @@
 - **Algorithm type**: Key encapsulation mechanism.
 - **Main cryptographic assumption**: Syndrome decoding of structure codes (Hamming Quasi-Cyclic).
- **Principal submitters**: Carlos Aguilar Melchor, Nicolas Aragon, Slim Bettaieb, Olivier Blazy, Jurjen Bos, Jean-Christophe Deneuville, Philippe Gaborit, Edoardo Persichetti, Jean-Marc Robert, Pascal Véron, Gilles Zémor, Loïc Bidoux.
+- **Principal submitters**: Carlos Aguilar Melchor, Nicolas Aragon, Slim Bettaieb, Loïc Bidoux, Olivier Blazy, Jurjen Bos, Jean-Christophe Deneuville, Arnaud Dion, Philippe Gaborit, Jérôme Lacan, Edoardo Persichetti, Jean-Marc Robert, Pascal Véron, Gilles Zémor.
 - **Authors' website**: https://pqc-hqc.org/
- **Specification version**: NIST Round 3 submission.
+- **Specification version**: 2023-04-30.
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  - **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
  - **Implementation license (SPDX-Identifier)**: Public domain
 - **Ancestors of primary source**:
-  - https://github.com/jschanck/package-pqclean/tree/29f79e72/hqc, which takes it from:
+  - https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc, which takes it from:
-  - submission 2020-10-01 at https://pqc-hqc.org/implementation.html
+  - submission 2023-04-30 at https://pqc-hqc.org/implementation.html
 ## Advisories
 - The implementations for all parameter sets DO NOT provide constant time execution properties. See: https://github.com/open-quantum-safe/liboqs/issues/995.
 ## Parameter set summary
-|  Parameter set  | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) |
+|  Parameter set  | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) | Keypair seed size (bytes)   |
-|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
+|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
-|     HQC-128     | IND-CCA2         |                    1 |                      2249 |                      2289 |                      4481 |                           64 |
+|     HQC-128     | NA                    | IND-CCA2         |                    1 |                      2249 |                      2305 |                      4433 |                           64 | NA                          |
-|     HQC-192     | IND-CCA2         |                    3 |                      4522 |                      4562 |                      9026 |                           64 |
+|     HQC-192     | NA                    | IND-CCA2         |                    3 |                      4522 |                      4586 |                      8978 |                           64 | NA                          |
-|     HQC-256     | IND-CCA2         |                    5 |                      7245 |                      7285 |                     14469 |                           64 |
+|     HQC-256     | NA                    | IND-CCA2         |                    5 |                      7245 |                      7317 |                     14421 |                           64 | NA                          |
 ## HQC-128 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,BMI1,PCLMULQDQ     | False                              | True                                           | False                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -40,7 +35,6 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,BMI1,PCLMULQDQ     | False                              | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -49,7 +43,6 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,BMI1,PCLMULQDQ     | False                              | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
--- a/docs/algorithms/kem/hqc.yml
+++ b/docs/algorithms/kem/hqc.yml
@ -4,32 +4,31 @@ principal-submitters:
 - Carlos Aguilar Melchor
 - Nicolas Aragon
 - Slim Bettaieb
 - Loïc Bidoux
 - Olivier Blazy
 - Jurjen Bos
 - Jean-Christophe Deneuville
 - Arnaud Dion
 - Philippe Gaborit
 - Jérôme Lacan
 - Edoardo Persichetti
 - Jean-Marc Robert
 - Pascal Véron
 - Gilles Zémor
 - Loïc Bidoux
 crypto-assumption: Syndrome decoding of structure codes (Hamming Quasi-Cyclic)
 website: https://pqc-hqc.org/
-nist-round: 3
+nist-round: 4
-spec-version: NIST Round 3 submission
+spec-version: 2023-04-30
 upstream-ancestors:
- https://github.com/jschanck/package-pqclean/tree/29f79e72/hqc
+- https://github.com/SWilson4/package-pqclean/tree/8db1b24b/hqc
- submission 2020-10-01 at https://pqc-hqc.org/implementation.html
+- submission 2023-04-30 at https://pqc-hqc.org/implementation.html
 advisories:
 - 'The implementations for all parameter sets DO NOT provide constant time execution
  properties. See: https://github.com/open-quantum-safe/liboqs/issues/995.'
 parameter-sets:
 - name: HQC-128
  claimed-nist-level: 1
  claimed-security: IND-CCA2
  length-public-key: 2249
-  length-ciphertext: 4481
+  length-ciphertext: 4433
-  length-secret-key: 2289
+  length-secret-key: 2305
  length-shared-secret: 64
  implementations-switch-on-runtime-cpu-features: true
  implementations:
@ -41,28 +40,12 @@ parameter-sets:
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
    upstream: primary-upstream
  - upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
      - bmi1
      - pclmulqdq
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
    upstream: primary-upstream
 - name: HQC-192
  claimed-nist-level: 3
  claimed-security: IND-CCA2
-  length-ciphertext: 9026
+  length-ciphertext: 8978
  length-public-key: 4522
-  length-secret-key: 4562
+  length-secret-key: 4586
  length-shared-secret: 64
  implementations-switch-on-runtime-cpu-features: true
  implementations:
@ -74,28 +57,12 @@ parameter-sets:
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
    upstream: primary-upstream
  - upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
      - bmi1
      - pclmulqdq
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
    upstream: primary-upstream
 - name: HQC-256
  claimed-nist-level: 5
  claimed-security: IND-CCA2
-  length-ciphertext: 14469
+  length-ciphertext: 14421
  length-public-key: 7245
-  length-secret-key: 7285
+  length-secret-key: 7317
  length-shared-secret: 64
  implementations-switch-on-runtime-cpu-features: true
  implementations:
@ -107,22 +74,6 @@ parameter-sets:
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
    upstream: primary-upstream
  - upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
      - bmi1
      - pclmulqdq
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
    upstream: primary-upstream
 primary-upstream:
  spdx-license-identifier: Public domain
-  source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
--- a/docs/algorithms/kem/kyber.md
+++ b/docs/algorithms/kem/kyber.md
@ -7,29 +7,35 @@
 - **Authors' website**: https://pq-crystals.org/
 - **Specification version**: NIST Round 3 submission.
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/pq-crystals/kyber/commit/518de2414a85052bb91349bcbcc347f391292d5b with copy_from_upstream patches
+  - **Source**: https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc with copy_from_upstream patches
  - **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
- **Optimized Implementation sources**: https://github.com/pq-crystals/kyber/commit/518de2414a85052bb91349bcbcc347f391292d5b with copy_from_upstream patches
+- **Optimized Implementation sources**: https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc with copy_from_upstream patches
-  - **pqclean-aarch64**:<a name="pqclean-aarch64"></a>
+  - **oldpqclean-aarch64**:<a name="oldpqclean-aarch64"></a>
      - **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a with copy_from_upstream patches
      - **Implementation license (SPDX-Identifier)**: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT) and MIT
 - **Formally-verified Implementation sources**: 
  - **libjade**:<a name="libjade"></a>
      - **Source**: https://github.com/formosa-crypto/libjade/tree/release/2023.05-2 with copy_from_upstream patches
      - **Implementation license (SPDX-Identifier)**: CC0-1.0 OR Apache-2.0
 ## Parameter set summary
-|  Parameter set  | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) |
+|  Parameter set  | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) | Keypair seed size (bytes)   |
-|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
+|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
-|    Kyber512     | IND-CCA2         |                    1 |                       800 |                      1632 |                       768 |                           32 |
+|    Kyber512     | NA                    | IND-CCA2         |                    1 |                       800 |                      1632 |                       768 |                           32 | NA                          |
-|    Kyber768     | IND-CCA2         |                    3 |                      1184 |                      2400 |                      1088 |                           32 |
+|    Kyber768     | NA                    | IND-CCA2         |                    3 |                      1184 |                      2400 |                      1088 |                           32 | NA                          |
-|    Kyber1024    | IND-CCA2         |                    5 |                      1568 |                      3168 |                      1568 |                           32 |
+|    Kyber1024    | NA                    | IND-CCA2         |                    5 |                      1568 |                      3168 |                      1568 |                           32 | NA                          |
 ## Kyber512 implementation characteristics
 |           Implementation source           | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
-|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
+|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
 |     [Primary Source](#primary-source)     | ref                      | All                         | All                             | None                    | True                               | True                                           | False                 |
 |     [Primary Source](#primary-source)     | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,BMI2,POPCNT        | True                               | True                                           | False                 |
-| [pqclean-aarch64](#pqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                 |
+| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                 |
 |            [libjade](#libjade)            | ref                      | x86\_64                     | Linux,Darwin                    | None                    | True                               | False                                          | False                 |
 |            [libjade](#libjade)            | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,BMI2,POPCNT        | True                               | False                                          | False                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -38,20 +44,22 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Kyber768 implementation characteristics
 |           Implementation source           | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
-|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
+|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 |     [Primary Source](#primary-source)     | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 |     [Primary Source](#primary-source)     | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,BMI2,POPCNT        | True                               | True                                           | False                |
-| [pqclean-aarch64](#pqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
+| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 |            [libjade](#libjade)            | ref                      | x86\_64                     | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 |            [libjade](#libjade)            | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,BMI2,POPCNT        | True                               | False                                          | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Kyber1024 implementation characteristics
 |           Implementation source           | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
-|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
+|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 |     [Primary Source](#primary-source)     | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 |     [Primary Source](#primary-source)     | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2,BMI2,POPCNT        | True                               | True                                           | False                |
-| [pqclean-aarch64](#pqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
+| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
--- a/docs/algorithms/kem/kyber.yml
+++ b/docs/algorithms/kem/kyber.yml
@ -17,15 +17,20 @@ website: https://pq-crystals.org/
 nist-round: 3
 spec-version: NIST Round 3 submission
 primary-upstream:
-  source: https://github.com/pq-crystals/kyber/commit/518de2414a85052bb91349bcbcc347f391292d5b
+  source: https://github.com/pq-crystals/kyber/commit/441c0519a07e8b86c8d079954a6b10bd31d29efc
    with copy_from_upstream patches
  spdx-license-identifier: CC0-1.0 or Apache-2.0
 optimized-upstreams:
-  pqclean-aarch64:
+  oldpqclean-aarch64:
    source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
      with copy_from_upstream patches
    spdx-license-identifier: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT)
      and MIT
 formally-verified-upstreams:
  libjade:
    source: https://github.com/formosa-crypto/libjade/tree/release/2023.05-2 with
      copy_from_upstream patches
    spdx-license-identifier: CC0-1.0 OR Apache-2.0
 parameter-sets:
 - name: Kyber512
  claimed-nist-level: 1
@ -60,7 +65,7 @@ parameter-sets:
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
-  - upstream: pqclean-aarch64
+  - upstream: oldpqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
@ -72,6 +77,30 @@ parameter-sets:
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: libjade
    upstream-id: ref
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: libjade
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
      - bmi2
      - popcnt
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
 - name: Kyber768
  claimed-nist-level: 3
  claimed-security: IND-CCA2
@ -105,7 +134,7 @@ parameter-sets:
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
-  - upstream: pqclean-aarch64
+  - upstream: oldpqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
@ -117,6 +146,30 @@ parameter-sets:
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: libjade
    upstream-id: ref
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: libjade
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
      - bmi2
      - popcnt
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
 - name: Kyber1024
  claimed-nist-level: 5
  claimed-security: IND-CCA2
@ -150,7 +203,7 @@ parameter-sets:
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
-  - upstream: pqclean-aarch64
+  - upstream: oldpqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
--- a/docs/algorithms/kem/ml_kem.md
+++ b/docs/algorithms/kem/ml_kem.md
@ -0,0 +1,63 @@
 # ML-KEM
 - **Algorithm type**: Key encapsulation mechanism.
 - **Main cryptographic assumption**: Module LWE+R with base ring Z[x]/(3329, x^256+1).
 - **Principal submitters**: Peter Schwabe.
 - **Auxiliary submitters**: Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé.
 - **Authors' website**: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
 - **Specification version**: ML-KEM.
 - **Primary Source**<a name="primary-source"></a>:
  - **Source**: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
  - **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
 - **Optimized Implementation sources**: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
  - **cupqc-cuda**:<a name="cupqc-cuda"></a>
      - **Source**: https://github.com/open-quantum-safe/liboqs-cupqc-meta/commit/b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
      - **Implementation license (SPDX-Identifier)**: Apache-2.0
 ## Parameter set summary
 |  Parameter set  | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) |   Keypair seed size (bytes) |
 |:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|----------------------------:|
 |   ML-KEM-512    | NA                    | IND-CCA2         |                    1 |                       800 |                      1632 |                       768 |                           32 |                          64 |
 |   ML-KEM-768    | NA                    | IND-CCA2         |                    3 |                      1184 |                      2400 |                      1088 |                           32 |                          64 |
 |   ML-KEM-1024   | NA                    | IND-CCA2         |                    5 |                      1568 |                      3168 |                      1568 |                           32 |                          64 |
 ## ML-KEM-512 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                 |
 | [Primary Source](#primary-source) | x86\_64                  | x86\_64                     | Linux,Darwin                    | AVX2,BMI2,POPCNT        | True                               | True                                           | False                 |
 | [Primary Source](#primary-source) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                 |
 |     [cupqc-cuda](#cupqc-cuda)     | cuda                     | CUDA                        | Linux,Darwin                    | None                    | False                              | False                                          | False                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
 ## ML-KEM-768 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | x86\_64                  | x86\_64                     | Linux,Darwin                    | AVX2,BMI2,POPCNT        | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 |     [cupqc-cuda](#cupqc-cuda)     | cuda                     | CUDA                        | Linux,Darwin                    | None                    | False                              | False                                          | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## ML-KEM-1024 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | x86\_64                  | x86\_64                     | Linux,Darwin                    | AVX2,BMI2,POPCNT        | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 |     [cupqc-cuda](#cupqc-cuda)     | cuda                     | CUDA                        | Linux,Darwin                    | None                    | False                              | False                                          | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Explanation of Terms
 - **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
--- a/docs/algorithms/kem/ml_kem.yml
+++ b/docs/algorithms/kem/ml_kem.yml
@ -0,0 +1,194 @@
 name: ML-KEM
 type: kem
 principal-submitters:
 - Peter Schwabe
 auxiliary-submitters:
 - Roberto Avanzi
 - Joppe Bos
 - Léo Ducas
 - Eike Kiltz
 - Tancrède Lepoint
 - Vadim Lyubashevsky
 - John M. Schanck
 - Gregor Seiler
 - Damien Stehlé
 crypto-assumption: Module LWE+R with base ring Z[x]/(3329, x^256+1)
 website: https://pq-crystals.org/kyber/ and https://csrc.nist.gov/pubs/fips/203
 nist-round: FIPS203
 spec-version: ML-KEM
 primary-upstream:
  source: https://github.com/pq-code-package/mlkem-native/commit/048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
  spdx-license-identifier: CC0-1.0 or Apache-2.0
 optimized-upstreams:
  cupqc-cuda:
    source: https://github.com/open-quantum-safe/liboqs-cupqc-meta/commit/b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
    spdx-license-identifier: Apache-2.0
 parameter-sets:
 - name: ML-KEM-512
  claimed-nist-level: 1
  claimed-security: IND-CCA2
  length-public-key: 800
  length-ciphertext: 768
  length-secret-key: 1632
  length-shared-secret: 32
  length-keypair-seed: 64
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: x86_64
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
      - bmi2
      - popcnt
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: cupqc-cuda
    upstream-id: cuda
    supported-platforms:
    - architecture: CUDA
      operating_systems:
      - Linux
      - Darwin
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
 - name: ML-KEM-768
  claimed-nist-level: 3
  claimed-security: IND-CCA2
  length-public-key: 1184
  length-ciphertext: 1088
  length-secret-key: 2400
  length-shared-secret: 32
  length-keypair-seed: 64
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: x86_64
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
      - bmi2
      - popcnt
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: cupqc-cuda
    upstream-id: cuda
    supported-platforms:
    - architecture: CUDA
      operating_systems:
      - Linux
      - Darwin
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
 - name: ML-KEM-1024
  claimed-nist-level: 5
  claimed-security: IND-CCA2
  length-public-key: 1568
  length-ciphertext: 1568
  length-secret-key: 3168
  length-shared-secret: 32
  length-keypair-seed: 64
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: x86_64
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
      - bmi2
      - popcnt
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: cupqc-cuda
    upstream-id: cuda
    supported-platforms:
    - architecture: CUDA
      operating_systems:
      - Linux
      - Darwin
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
--- a/docs/algorithms/kem/ntruprime.md
+++ b/docs/algorithms/kem/ntruprime.md
@ -14,9 +14,9 @@
 ## Parameter set summary
-|  Parameter set  | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) |
+|  Parameter set  | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Ciphertext size (bytes) |   Shared secret size (bytes) | Keypair seed size (bytes)   |
-|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|
+|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|--------------------------:|-----------------------------:|:----------------------------|
-|    sntrup761    | IND-CCA2         |                    2 |                      1158 |                      1763 |                      1039 |                           32 |
+|    sntrup761    | NA                    | IND-CCA2         |                    2 |                      1158 |                      1763 |                      1039 |                           32 | NA                          |
 ## sntrup761 implementation characteristics
--- a/docs/algorithms/sig/cross.md
+++ b/docs/algorithms/sig/cross.md
@ -0,0 +1,203 @@
 # CROSS
 - **Algorithm type**: Digital signature scheme.
 - **Main cryptographic assumption**: hardness of the restricted syndrome decoding problem for random linear codes on a finite field.
 - **Principal submitters**: Marco Baldi, Alessandro Barenghi, Michele Battagliola, Sebastian Bitzer, Patrick Karl, Felice Manganiello, Alessio Pavoni, Gerardo Pelosi, Paolo Santini, Jonas Schupp, Edoardo Signorini, Freeman Slaughter, Antonia Wachter-Zeh, Violetta Weger.
 - **Auxiliary submitters**: Marco Gianvecchio.
 - **Authors' website**: https://www.cross-crypto.com/
 - **Specification version**: 2.0 + PQClean and OQS patches.
 - **Primary Source**<a name="primary-source"></a>:
  - **Source**: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/efd17279e75308b000bda7c7f58866620d652bc1
  - **Implementation license (SPDX-Identifier)**: CC0-1.0
 ## Parameter set summary
 |      Parameter set       | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
 |:------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
 | cross-rsdp-128-balanced  | NA                    | EUF-CMA          |                    1 |                        77 |                        32 |                    13152 |
 |   cross-rsdp-128-fast    | NA                    | EUF-CMA          |                    1 |                        77 |                        32 |                    18432 |
 |   cross-rsdp-128-small   | NA                    | EUF-CMA          |                    1 |                        77 |                        32 |                    12432 |
 | cross-rsdp-192-balanced  | NA                    | EUF-CMA          |                    3 |                       115 |                        48 |                    29853 |
 |   cross-rsdp-192-fast    | NA                    | EUF-CMA          |                    3 |                       115 |                        48 |                    41406 |
 |   cross-rsdp-192-small   | NA                    | EUF-CMA          |                    3 |                       115 |                        48 |                    28391 |
 | cross-rsdp-256-balanced  | NA                    | EUF-CMA          |                    5 |                       153 |                        64 |                    53527 |
 |   cross-rsdp-256-fast    | NA                    | EUF-CMA          |                    5 |                       153 |                        64 |                    74590 |
 |   cross-rsdp-256-small   | NA                    | EUF-CMA          |                    5 |                       153 |                        64 |                    50818 |
 | cross-rsdpg-128-balanced | NA                    | EUF-CMA          |                    1 |                        54 |                        32 |                     9120 |
 |   cross-rsdpg-128-fast   | NA                    | EUF-CMA          |                    1 |                        54 |                        32 |                    11980 |
 |  cross-rsdpg-128-small   | NA                    | EUF-CMA          |                    1 |                        54 |                        32 |                     8960 |
 | cross-rsdpg-192-balanced | NA                    | EUF-CMA          |                    3 |                        83 |                        48 |                    22464 |
 |   cross-rsdpg-192-fast   | NA                    | EUF-CMA          |                    3 |                        83 |                        48 |                    26772 |
 |  cross-rsdpg-192-small   | NA                    | EUF-CMA          |                    3 |                        83 |                        48 |                    20452 |
 | cross-rsdpg-256-balanced | NA                    | EUF-CMA          |                    5 |                       106 |                        64 |                    40100 |
 |   cross-rsdpg-256-fast   | NA                    | EUF-CMA          |                    5 |                       106 |                        64 |                    48102 |
 |  cross-rsdpg-256-small   | NA                    | EUF-CMA          |                    5 |                       106 |                        64 |                    36454 |
 ## cross-rsdp-128-balanced implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                 |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
 ## cross-rsdp-128-fast implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdp-128-small implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdp-192-balanced implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdp-192-fast implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdp-192-small implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdp-256-balanced implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdp-256-fast implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdp-256-small implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdpg-128-balanced implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdpg-128-fast implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdpg-128-small implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdpg-192-balanced implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdpg-192-fast implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdpg-192-small implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdpg-256-balanced implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdpg-256-fast implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## cross-rsdpg-256-small implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | All                             | AVX2                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **No**.
 ## Explanation of Terms
 - **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
--- a/docs/algorithms/sig/cross.yml
+++ b/docs/algorithms/sig/cross.yml
@ -0,0 +1,532 @@
 name: CROSS
 type: signature
 principal-submitters:
 - Marco Baldi
 - Alessandro Barenghi
 - Michele Battagliola
 - Sebastian Bitzer
 - Patrick Karl
 - Felice Manganiello
 - Alessio Pavoni
 - Gerardo Pelosi
 - Paolo Santini
 - Jonas Schupp
 - Edoardo Signorini
 - Freeman Slaughter
 - Antonia Wachter-Zeh
 - Violetta Weger
 auxiliary-submitters:
 - Marco Gianvecchio
 crypto-assumption: hardness of the restricted syndrome decoding problem for random
  linear codes on a finite field
 website: https://www.cross-crypto.com/
 nist-round: 2
 spec-version: 2.0 + PQClean and OQS patches
 primary-upstream:
  source: https://github.com/CROSS-signature/CROSS-lib-oqs/commit/efd17279e75308b000bda7c7f58866620d652bc1
  spdx-license-identifier: CC0-1.0
 parameter-sets:
 - name: cross-rsdp-128-balanced
  oqs_alg: OQS_SIG_alg_cross_rsdp_128_balanced
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 77
  length-secret-key: 32
  length-signature: 13152
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdp-128-fast
  oqs_alg: OQS_SIG_alg_cross_rsdp_128_fast
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 77
  length-secret-key: 32
  length-signature: 18432
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdp-128-small
  oqs_alg: OQS_SIG_alg_cross_rsdp_128_small
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 77
  length-secret-key: 32
  length-signature: 12432
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
 - name: cross-rsdp-192-balanced
  oqs_alg: OQS_SIG_alg_cross_rsdp_192_balanced
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 115
  length-secret-key: 48
  length-signature: 29853
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdp-192-fast
  oqs_alg: OQS_SIG_alg_cross_rsdp_192_fast
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 115
  length-secret-key: 48
  length-signature: 41406
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdp-192-small
  oqs_alg: OQS_SIG_alg_cross_rsdp_192_small
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 115
  length-secret-key: 48
  length-signature: 28391
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
 - name: cross-rsdp-256-balanced
  oqs_alg: OQS_SIG_alg_cross_rsdp_256_balanced
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 153
  length-secret-key: 64
  length-signature: 53527
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
 - name: cross-rsdp-256-fast
  oqs_alg: OQS_SIG_alg_cross_rsdp_256_fast
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 153
  length-secret-key: 64
  length-signature: 74590
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdp-256-small
  oqs_alg: OQS_SIG_alg_cross_rsdp_256_small
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 153
  length-secret-key: 64
  length-signature: 50818
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
 - name: cross-rsdpg-128-balanced
  oqs_alg: OQS_SIG_alg_cross_rsdpg_128_balanced
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 54
  length-secret-key: 32
  length-signature: 9120
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdpg-128-fast
  oqs_alg: OQS_SIG_alg_cross_rsdpg_128_fast
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 54
  length-secret-key: 32
  length-signature: 11980
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdpg-128-small
  oqs_alg: OQS_SIG_alg_cross_rsdpg_128_small
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 54
  length-secret-key: 32
  length-signature: 8960
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdpg-192-balanced
  oqs_alg: OQS_SIG_alg_cross_rsdpg_192_balanced
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 83
  length-secret-key: 48
  length-signature: 22464
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdpg-192-fast
  oqs_alg: OQS_SIG_alg_cross_rsdpg_192_fast
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 83
  length-secret-key: 48
  length-signature: 26772
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdpg-192-small
  oqs_alg: OQS_SIG_alg_cross_rsdpg_192_small
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 83
  length-secret-key: 48
  length-signature: 20452
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
 - name: cross-rsdpg-256-balanced
  oqs_alg: OQS_SIG_alg_cross_rsdpg_256_balanced
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 106
  length-secret-key: 64
  length-signature: 40100
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdpg-256-fast
  oqs_alg: OQS_SIG_alg_cross_rsdpg_256_fast
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 106
  length-secret-key: 64
  length-signature: 48102
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: cross-rsdpg-256-small
  oqs_alg: OQS_SIG_alg_cross_rsdpg_256_small
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 106
  length-secret-key: 64
  length-signature: 36454
  implementations-switch-on-runtime-cpu-features: false
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
--- a/docs/algorithms/sig/dilithium.md
+++ b/docs/algorithms/sig/dilithium.md
@ -10,26 +10,26 @@
  - **Source**: https://github.com/pq-crystals/dilithium/commit/3e9b9f1412f6c7435dbeb4e10692ea58f181ee51 with copy_from_upstream patches
  - **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
 - **Optimized Implementation sources**: https://github.com/pq-crystals/dilithium/commit/3e9b9f1412f6c7435dbeb4e10692ea58f181ee51 with copy_from_upstream patches
-  - **pqclean-aarch64**:<a name="pqclean-aarch64"></a>
+  - **oldpqclean-aarch64**:<a name="oldpqclean-aarch64"></a>
      - **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a with copy_from_upstream patches
      - **Implementation license (SPDX-Identifier)**: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT) and MIT
 ## Parameter set summary
-|  Parameter set  | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
+|  Parameter set  | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
-|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
+|:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
-|   Dilithium2    | EUF-CMA          |                    2 |                      1312 |                      2528 |                     2420 |
+|   Dilithium2    | NA                    | SUF-CMA          |                    2 |                      1312 |                      2528 |                     2420 |
-|   Dilithium3    | EUF-CMA          |                    3 |                      1952 |                      4000 |                     3293 |
+|   Dilithium3    | NA                    | SUF-CMA          |                    3 |                      1952 |                      4000 |                     3293 |
-|   Dilithium5    | EUF-CMA          |                    5 |                      2592 |                      4864 |                     4595 |
+|   Dilithium5    | NA                    | SUF-CMA          |                    5 |                      2592 |                      4864 |                     4595 |
 ## Dilithium2 implementation characteristics
 |           Implementation source           | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
-|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
+|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
 |     [Primary Source](#primary-source)     | ref                      | All                         | All                             | None                    | True                               | True                                           | False                 |
 |     [Primary Source](#primary-source)     | avx2                     | x86\_64                     | Darwin,Linux                    | AVX2,POPCNT             | True                               | True                                           | False                 |
-| [pqclean-aarch64](#pqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                 |
+| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -38,20 +38,20 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Dilithium3 implementation characteristics
 |           Implementation source           | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
-|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
+|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 |     [Primary Source](#primary-source)     | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 |     [Primary Source](#primary-source)     | avx2                     | x86\_64                     | Darwin,Linux                    | AVX2,POPCNT             | True                               | True                                           | False                |
-| [pqclean-aarch64](#pqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
+| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Dilithium5 implementation characteristics
 |           Implementation source           | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
-|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
+|:-----------------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 |     [Primary Source](#primary-source)     | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 |     [Primary Source](#primary-source)     | avx2                     | x86\_64                     | Darwin,Linux                    | AVX2,POPCNT             | True                               | True                                           | False                |
-| [pqclean-aarch64](#pqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
+| [oldpqclean-aarch64](#oldpqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
--- a/docs/algorithms/sig/dilithium.yml
+++ b/docs/algorithms/sig/dilithium.yml
@ -19,7 +19,7 @@ primary-upstream:
    with copy_from_upstream patches
  spdx-license-identifier: CC0-1.0 or Apache-2.0
 optimized-upstreams:
-  pqclean-aarch64:
+  oldpqclean-aarch64:
    source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
      with copy_from_upstream patches
    spdx-license-identifier: CC0-1.0 and (CC0-1.0 or Apache-2.0) and (CC0-1.0 or MIT)
@ -28,7 +28,7 @@ parameter-sets:
 - name: Dilithium2
  oqs_alg: OQS_SIG_alg_dilithium_2
  claimed-nist-level: 2
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
  length-public-key: 1312
  length-secret-key: 2528
  length-signature: 2420
@ -57,7 +57,7 @@ parameter-sets:
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
-  - upstream: pqclean-aarch64
+  - upstream: oldpqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
@ -72,7 +72,7 @@ parameter-sets:
 - name: Dilithium3
  oqs_alg: OQS_SIG_alg_dilithium_3
  claimed-nist-level: 3
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
  length-public-key: 1952
  length-secret-key: 4000
  length-signature: 3293
@ -101,7 +101,7 @@ parameter-sets:
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
-  - upstream: pqclean-aarch64
+  - upstream: oldpqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
@ -116,7 +116,7 @@ parameter-sets:
 - name: Dilithium5
  oqs_alg: OQS_SIG_alg_dilithium_5
  claimed-nist-level: 5
-  claimed-security: EUF-CMA
+  claimed-security: SUF-CMA
  length-public-key: 2592
  length-secret-key: 4864
  length-signature: 4595
@ -145,7 +145,7 @@ parameter-sets:
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
-  - upstream: pqclean-aarch64
+  - upstream: oldpqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
--- a/docs/algorithms/sig/falcon.md
+++ b/docs/algorithms/sig/falcon.md
@ -7,24 +7,30 @@
 - **Authors' website**: https://falcon-sign.info
 - **Specification version**: 20211101.
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  - **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
  - **Implementation license (SPDX-Identifier)**: MIT
 - **Optimized Implementation sources**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
  - **pqclean-aarch64**:<a name="pqclean-aarch64"></a>
      - **Source**: https://github.com/PQClean/PQClean/commit/7707d1bcc8ae7f9ffd296dd13b1d76d2767d14f8
      - **Implementation license (SPDX-Identifier)**: Apache-2.0
 ## Parameter set summary
-|  Parameter set  | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
+|   Parameter set    | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
-|:---------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
+|:------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
-|   Falcon-512    | EUF-CMA          |                    1 |                       897 |                      1281 |                      666 |
+|     Falcon-512     | NA                    | EUF-CMA          |                    1 |                       897 |                      1281 |                      752 |
-|   Falcon-1024   | EUF-CMA          |                    5 |                      1793 |                      2305 |                     1280 |
+|    Falcon-1024     | NA                    | EUF-CMA          |                    5 |                      1793 |                      2305 |                     1462 |
 | Falcon-padded-512  | NA                    | EUF-CMA          |                    1 |                       897 |                      1281 |                      666 |
 | Falcon-padded-1024 | NA                    | EUF-CMA          |                    5 |                      1793 |                      2305 |                     1280 |
 ## Falcon-512 implementation characteristics
 |        Implementation source        | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
-|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
+|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                 |
+|  [Primary Source](#primary-source)  | clean                    | All                         | All                             | None                    | True                               | True                                           | False                 |
 |  [Primary Source](#primary-source)  | avx2                     | x86\_64                     | All                             | AVX2                    | False                              | False                                          | False                 |
-| [Primary Source](#primary-source) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | False                              | False                                          | False                 |
+| [pqclean-aarch64](#pqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | False                              | False                                          | False                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -33,10 +39,30 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Falcon-1024 implementation characteristics
 |        Implementation source        | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
-|:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
+|:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
+|  [Primary Source](#primary-source)  | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 |  [Primary Source](#primary-source)  | avx2                     | x86\_64                     | All                             | AVX2                    | False                              | False                                          | False                |
-| [Primary Source](#primary-source) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | False                              | False                                          | False                |
+| [pqclean-aarch64](#pqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | False                              | False                                          | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Falcon-padded-512 implementation characteristics
 |        Implementation source        | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 |  [Primary Source](#primary-source)  | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 |  [Primary Source](#primary-source)  | avx2                     | x86\_64                     | All                             | AVX2                    | False                              | False                                          | False                |
 | [pqclean-aarch64](#pqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | False                              | False                                          | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Falcon-padded-1024 implementation characteristics
 |        Implementation source        | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:-----------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 |  [Primary Source](#primary-source)  | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
 |  [Primary Source](#primary-source)  | avx2                     | x86\_64                     | All                             | AVX2                    | False                              | False                                          | False                |
 | [pqclean-aarch64](#pqclean-aarch64) | aarch64                  | ARM64\_V8                   | Linux,Darwin                    | None                    | False                              | False                                          | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
--- a/docs/algorithms/sig/falcon.yml
+++ b/docs/algorithms/sig/falcon.yml
@ -18,12 +18,94 @@ website: https://falcon-sign.info
 nist-round: 3
 spec-version: 20211101
 primary-upstream:
-  source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
  spdx-license-identifier: MIT
  upstream-ancestors:
  - https://www.falcon-sign.info
 optimized-upstreams:
  pqclean-aarch64:
    source: https://github.com/PQClean/PQClean/commit/7707d1bcc8ae7f9ffd296dd13b1d76d2767d14f8
    spdx-license-identifier: Apache-2.0
 parameter-sets:
 - name: Falcon-512
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 897
  length-secret-key: 1281
  length-signature: 752
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: pqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
 - name: Falcon-1024
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 1793
  length-secret-key: 2305
  length-signature: 1462
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: pqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
 - name: Falcon-padded-512
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 897
@ -50,7 +132,7 @@ parameter-sets:
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
-  - upstream: primary-upstream
+  - upstream: pqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
@ -62,7 +144,7 @@ parameter-sets:
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
- name: Falcon-1024
+- name: Falcon-padded-1024
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 1793
@ -89,7 +171,7 @@ parameter-sets:
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
-  - upstream: primary-upstream
+  - upstream: pqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
--- a/docs/algorithms/sig/mayo.md
+++ b/docs/algorithms/sig/mayo.md
@ -0,0 +1,66 @@
 # MAYO
 - **Algorithm type**: Digital signature scheme.
 - **Main cryptographic assumption**: multivariable quadratic equations, oil and vinegar.
 - **Principal submitters**: Ward Beullens, Fabio Campos, Sofía Celi, Basil Hess, Matthias J. Kannwischer.
 - **Authors' website**: https://pqmayo.org
 - **Specification version**: NIST Round 2 (February 2025).
 - **Primary Source**<a name="primary-source"></a>:
  - **Source**: https://github.com/PQCMayo/MAYO-C/commit/4b7cd94c96b9522864efe40c6ad1fa269584a807 with copy_from_upstream patches
  - **Implementation license (SPDX-Identifier)**: Apache-2.0
 ## Parameter set summary
 |  Parameter set  | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
 |:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
 |     MAYO-1      | NA                    | EUF-CMA          |                    1 |                      1420 |                        24 |                      454 |
 |     MAYO-2      | NA                    | EUF-CMA          |                    1 |                      4912 |                        24 |                      186 |
 |     MAYO-3      | NA                    | EUF-CMA          |                    3 |                      2986 |                        32 |                      681 |
 |     MAYO-5      | NA                    | EUF-CMA          |                    5 |                      5554 |                        40 |                      964 |
 ## MAYO-1 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | False                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Darwin,Linux                    | AVX2                    | True                               | True                                           | False                 |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | False                                          | False                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
 ## MAYO-2 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Darwin,Linux                    | AVX2                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | False                                          | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## MAYO-3 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Darwin,Linux                    | AVX2                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | False                                          | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## MAYO-5 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Darwin,Linux                    | AVX2                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | False                                          | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Explanation of Terms
 - **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
--- a/docs/algorithms/sig/mayo.yml
+++ b/docs/algorithms/sig/mayo.yml
@ -0,0 +1,195 @@
 name: MAYO
 type: signature
 principal-submitters:
 - Ward Beullens
 - Fabio Campos
 - Sofía Celi
 - Basil Hess
 - Matthias J. Kannwischer
 crypto-assumption: multivariable quadratic equations, oil and vinegar
 website: https://pqmayo.org
 nist-round: 2
 spec-version: NIST Round 2 (February 2025)
 primary-upstream:
  source: https://github.com/PQCMayo/MAYO-C/commit/4b7cd94c96b9522864efe40c6ad1fa269584a807
    with copy_from_upstream patches
  spdx-license-identifier: Apache-2.0
 parameter-sets:
 - name: MAYO-1
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 1420
  length-secret-key: 24
  length-signature: 454
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Darwin
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
 - name: MAYO-2
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 4912
  length-secret-key: 24
  length-signature: 186
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Darwin
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
 - name: MAYO-3
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 2986
  length-secret-key: 32
  length-signature: 681
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Darwin
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
 - name: MAYO-5
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 5554
  length-secret-key: 40
  length-signature: 964
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Darwin
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: true
--- a/docs/algorithms/sig/ml_dsa.md
+++ b/docs/algorithms/sig/ml_dsa.md
@ -0,0 +1,53 @@
 # ML-DSA
 - **Algorithm type**: Digital signature scheme.
 - **Main cryptographic assumption**: hardness of lattice problems over module lattices.
 - **Principal submitters**: Vadim Lyubashevsky.
 - **Auxiliary submitters**: Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, Damien Stehlé.
 - **Authors' website**: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/final
 - **Specification version**: ML-DSA.
 - **Primary Source**<a name="primary-source"></a>:
  - **Source**: https://github.com/pq-crystals/dilithium/commit/444cdcc84eb36b66fe27b3a2529ee48f6d8150c2 with copy_from_upstream patches
  - **Implementation license (SPDX-Identifier)**: CC0-1.0 or Apache-2.0
 ## Parameter set summary
 |  Parameter set  | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
 |:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
 |    ML-DSA-44    | NA                    | SUF-CMA          |                    2 |                      1312 |                      2560 |                     2420 |
 |    ML-DSA-65    | NA                    | SUF-CMA          |                    3 |                      1952 |                      4032 |                     3309 |
 |    ML-DSA-87    | NA                    | SUF-CMA          |                    5 |                      2592 |                      4896 |                     4627 |
 ## ML-DSA-44 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Darwin,Linux                    | AVX2,POPCNT             | True                               | True                                           | False                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
 ## ML-DSA-65 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Darwin,Linux                    | AVX2,POPCNT             | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## ML-DSA-87 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Darwin,Linux                    | AVX2,POPCNT             | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Explanation of Terms
 - **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
--- a/docs/algorithms/sig/ml_dsa.yml
+++ b/docs/algorithms/sig/ml_dsa.yml
@ -0,0 +1,114 @@
 name: ML-DSA
 type: signature
 principal-submitters:
 - Vadim Lyubashevsky
 auxiliary-submitters:
 - Shi Bai
 - Léo Ducas
 - Eike Kiltz
 - Tancrède Lepoint
 - Peter Schwabe
 - Gregor Seiler
 - Damien Stehlé
 crypto-assumption: hardness of lattice problems over module lattices
 website: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/final
 nist-round: FIPS204
 spec-version: ML-DSA
 primary-upstream:
  source: https://github.com/pq-crystals/dilithium/commit/444cdcc84eb36b66fe27b3a2529ee48f6d8150c2
    with copy_from_upstream patches
  spdx-license-identifier: CC0-1.0 or Apache-2.0
 parameter-sets:
 - name: ML-DSA-44
  claimed-nist-level: 2
  claimed-security: SUF-CMA
  length-public-key: 1312
  length-secret-key: 2560
  length-signature: 2420
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Darwin
      - Linux
      required_flags:
      - avx2
      - popcnt
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: ML-DSA-65
  claimed-nist-level: 3
  claimed-security: SUF-CMA
  length-public-key: 1952
  length-secret-key: 4032
  length-signature: 3309
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Darwin
      - Linux
      required_flags:
      - avx2
      - popcnt
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: ML-DSA-87
  claimed-nist-level: 5
  claimed-security: SUF-CMA
  length-public-key: 2592
  length-secret-key: 4896
  length-signature: 4627
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Darwin
      - Linux
      required_flags:
      - avx2
      - popcnt
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
--- a/docs/algorithms/sig/snova.md
+++ b/docs/algorithms/sig/snova.md
@ -0,0 +1,154 @@
 # SNOVA
 - **Algorithm type**: Digital signature scheme.
 - **Main cryptographic assumption**: multivariable quadratic equations, oil and vinegar.
 - **Principal submitters**: Lih-Chung Wang, Chun-Yen Chou, Jintai Ding, Yen-Liang Kuan, Jan Adriaan Leegwater, Ming-Siou Li, Bo-Shu Tseng, Po-En Tseng, Chia-Chun Wang.
 - **Authors' website**: https://snova.pqclab.org/
 - **Specification version**: Round 2.
 - **Primary Source**<a name="primary-source"></a>:
  - **Source**: https://github.com/vacuas/SNOVA/commit/1c3ca6f4f7286c0bde98d7d6f222cf63b9d52bff
  - **Implementation license (SPDX-Identifier)**: MIT
 ## Parameter set summary
 |        Parameter set        | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
 |:---------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
 |       SNOVA\_24\_5\_4       | NA                    | EUF-CMA          |                    1 |                      1016 |                        48 |                      248 |
 |   SNOVA\_24\_5\_4\_SHAKE    | NA                    | EUF-CMA          |                    1 |                      1016 |                        48 |                      248 |
 |    SNOVA\_24\_5\_4\_esk     | NA                    | EUF-CMA          |                    1 |                      1016 |                     36848 |                      248 |
 | SNOVA\_24\_5\_4\_SHAKE\_esk | NA                    | EUF-CMA          |                    1 |                      1016 |                     36848 |                      248 |
 |      SNOVA\_37\_17\_2       | NA                    | EUF-CMA          |                    1 |                      9842 |                        48 |                      124 |
 |       SNOVA\_25\_8\_3       | NA                    | EUF-CMA          |                    1 |                      2320 |                        48 |                      165 |
 |      SNOVA\_56\_25\_2       | NA                    | EUF-CMA          |                    3 |                     31266 |                        48 |                      178 |
 |      SNOVA\_49\_11\_3       | NA                    | EUF-CMA          |                    3 |                      6006 |                        48 |                      286 |
 |       SNOVA\_37\_8\_4       | NA                    | EUF-CMA          |                    3 |                      4112 |                        48 |                      376 |
 |       SNOVA\_24\_5\_5       | NA                    | EUF-CMA          |                    3 |                      1579 |                        48 |                      379 |
 |      SNOVA\_60\_10\_4       | NA                    | EUF-CMA          |                    5 |                      8016 |                        48 |                      576 |
 |       SNOVA\_29\_6\_5       | NA                    | EUF-CMA          |                    5 |                      2716 |                        48 |                      454 |
 ## SNOVA\_24\_5\_4 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | False                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | False                 |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | False                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
 ## SNOVA\_24\_5\_4\_SHAKE implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## SNOVA\_24\_5\_4\_esk implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## SNOVA\_24\_5\_4\_SHAKE\_esk implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## SNOVA\_37\_17\_2 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## SNOVA\_25\_8\_3 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## SNOVA\_56\_25\_2 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## SNOVA\_49\_11\_3 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## SNOVA\_37\_8\_4 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## SNOVA\_24\_5\_5 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## SNOVA\_60\_10\_4 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## SNOVA\_29\_6\_5 implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | opt                      | All                         | All                             | None                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux                           | AVX2                    | True                               | True                                           | True                 |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Darwin,Linux                    | None                    | True                               | True                                           | True                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Explanation of Terms
 - **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
--- a/docs/algorithms/sig/snova.yml
+++ b/docs/algorithms/sig/snova.yml
@ -0,0 +1,560 @@
 name: SNOVA
 type: signature
 principal-submitters:
 - Lih-Chung Wang
 - Chun-Yen Chou
 - Jintai Ding
 - Yen-Liang Kuan
 - Jan Adriaan Leegwater
 - Ming-Siou Li
 - Bo-Shu Tseng
 - Po-En Tseng
 - Chia-Chun Wang
 crypto-assumption: multivariable quadratic equations, oil and vinegar
 website: https://snova.pqclab.org/
 nist-round: 2
 spec-version: Round 2
 primary-upstream:
  source: https://github.com/vacuas/SNOVA/commit/1c3ca6f4f7286c0bde98d7d6f222cf63b9d52bff
  spdx-license-identifier: MIT
 parameter-sets:
 - name: SNOVA_24_5_4
  oqs_alg: OQS_SIG_alg_snova_24_5_4
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 1016
  length-secret-key: 48
  length-signature: 248
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: SNOVA_24_5_4_SHAKE
  oqs_alg: OQS_SIG_alg_SNOVA_24_5_4_SHAKE
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 1016
  length-secret-key: 48
  length-signature: 248
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: SNOVA_24_5_4_esk
  oqs_alg: OQS_SIG_alg_snova_24_5_4_esk
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 1016
  length-secret-key: 36848
  length-signature: 248
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: SNOVA_24_5_4_SHAKE_esk
  oqs_alg: OQS_SIG_alg_SNOVA_24_5_4_SHAKE_esk
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 1016
  length-secret-key: 36848
  length-signature: 248
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: SNOVA_37_17_2
  oqs_alg: OQS_SIG_alg_SNOVA_37_17_2
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 9842
  length-secret-key: 48
  length-signature: 124
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
 - name: SNOVA_25_8_3
  oqs_alg: OQS_SIG_alg_SNOVA_25_8_3
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 2320
  length-secret-key: 48
  length-signature: 165
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: SNOVA_56_25_2
  oqs_alg: OQS_SIG_alg_snova_56_25_2
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 31266
  length-secret-key: 48
  length-signature: 178
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
 - name: SNOVA_49_11_3
  oqs_alg: OQS_SIG_alg_snova_49_11_3
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 6006
  length-secret-key: 48
  length-signature: 286
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
 - name: SNOVA_37_8_4
  oqs_alg: OQS_SIG_alg_snova_37_8_4
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 4112
  length-secret-key: 48
  length-signature: 376
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
 - name: SNOVA_24_5_5
  oqs_alg: OQS_SIG_alg_SNOVA_24_5_5
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 1579
  length-secret-key: 48
  length-signature: 379
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
 - name: SNOVA_60_10_4
  oqs_alg: OQS_SIG_alg_snova_60_10_4
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 8016
  length-secret-key: 48
  length-signature: 576
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
 - name: SNOVA_29_6_5
  oqs_alg: OQS_SIG_alg_SNOVA_29_6_5
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 2716
  length-secret-key: 48
  length-signature: 454
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: opt
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Darwin
      - Linux
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: true
--- a/docs/algorithms/sig/sphincs.md
+++ b/docs/algorithms/sig/sphincs.md
@ -7,7 +7,7 @@
 - **Authors' website**: https://sphincs.org/
 - **Specification version**: NIST Round 3 submission, v3.1 (June 10, 2022).
 - **Primary Source**<a name="primary-source"></a>:
-  - **Source**: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a with copy_from_upstream patches
+  - **Source**: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181 with copy_from_upstream patches
  - **Implementation license (SPDX-Identifier)**: CC0-1.0
@ -17,26 +17,26 @@
 ## Parameter set summary
-|       Parameter set        | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
+|       Parameter set        | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
-|:--------------------------:|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
+|:--------------------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
-| SPHINCS+-SHA2-128f-simple  | EUF-CMA          |                    1 |                        32 |                        64 |                    17088 |
+| SPHINCS+-SHA2-128f-simple  | NA                    | EUF-CMA          |                    1 |                        32 |                        64 |                    17088 |
-| SPHINCS+-SHA2-128s-simple  | EUF-CMA          |                    1 |                        32 |                        64 |                     7856 |
+| SPHINCS+-SHA2-128s-simple  | NA                    | EUF-CMA          |                    1 |                        32 |                        64 |                     7856 |
-| SPHINCS+-SHA2-192f-simple  | EUF-CMA          |                    3 |                        48 |                        96 |                    35664 |
+| SPHINCS+-SHA2-192f-simple  | NA                    | EUF-CMA          |                    3 |                        48 |                        96 |                    35664 |
-| SPHINCS+-SHA2-192s-simple  | EUF-CMA          |                    3 |                        48 |                        96 |                    16224 |
+| SPHINCS+-SHA2-192s-simple  | NA                    | EUF-CMA          |                    3 |                        48 |                        96 |                    16224 |
-| SPHINCS+-SHA2-256f-simple  | EUF-CMA          |                    5 |                        64 |                       128 |                    49856 |
+| SPHINCS+-SHA2-256f-simple  | NA                    | EUF-CMA          |                    5 |                        64 |                       128 |                    49856 |
-| SPHINCS+-SHA2-256s-simple  | EUF-CMA          |                    5 |                        64 |                       128 |                    29792 |
+| SPHINCS+-SHA2-256s-simple  | NA                    | EUF-CMA          |                    5 |                        64 |                       128 |                    29792 |
-| SPHINCS+-SHAKE-128f-simple | EUF-CMA          |                    1 |                        32 |                        64 |                    17088 |
+| SPHINCS+-SHAKE-128f-simple | NA                    | EUF-CMA          |                    1 |                        32 |                        64 |                    17088 |
-| SPHINCS+-SHAKE-128s-simple | EUF-CMA          |                    1 |                        32 |                        64 |                     7856 |
+| SPHINCS+-SHAKE-128s-simple | NA                    | EUF-CMA          |                    1 |                        32 |                        64 |                     7856 |
-| SPHINCS+-SHAKE-192f-simple | EUF-CMA          |                    3 |                        48 |                        96 |                    35664 |
+| SPHINCS+-SHAKE-192f-simple | NA                    | EUF-CMA          |                    3 |                        48 |                        96 |                    35664 |
-| SPHINCS+-SHAKE-192s-simple | EUF-CMA          |                    3 |                        48 |                        96 |                    16224 |
+| SPHINCS+-SHAKE-192s-simple | NA                    | EUF-CMA          |                    3 |                        48 |                        96 |                    16224 |
-| SPHINCS+-SHAKE-256f-simple | EUF-CMA          |                    5 |                        64 |                       128 |                    49856 |
+| SPHINCS+-SHAKE-256f-simple | NA                    | EUF-CMA          |                    5 |                        64 |                       128 |                    49856 |
-| SPHINCS+-SHAKE-256s-simple | EUF-CMA          |                    5 |                        64 |                       128 |                    29792 |
+| SPHINCS+-SHAKE-256s-simple | NA                    | EUF-CMA          |                    5 |                        64 |                       128 |                    29792 |
 ## SPHINCS+-SHA2-128f-simple implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                 |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -47,7 +47,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -56,7 +56,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -65,7 +65,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -74,7 +74,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -83,7 +83,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -92,7 +92,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -101,7 +101,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -110,7 +110,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -119,7 +119,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -128,7 +128,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
@ -137,7 +137,7 @@ Are implementations chosen based on runtime CPU feature detection? **Yes**.
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
-| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | True                               | True                                           | False                |
+| [Primary Source](#primary-source) | clean                    | All                         | All                             | None                    | False                              | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
--- a/docs/algorithms/sig/sphincs.yml
+++ b/docs/algorithms/sig/sphincs.yml
@ -26,7 +26,7 @@ nist-round: 3
 spec-version: NIST Round 3 submission, v3.1 (June 10, 2022)
 spdx-license-identifier: CC0-1.0
 primary-upstream:
-  source: https://github.com/PQClean/PQClean/commit/8e220a87308154d48fdfac40abbb191ac7fce06a
+  source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
    with copy_from_upstream patches
  spdx-license-identifier: CC0-1.0
  upstream-ancestors:
@ -47,8 +47,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA2: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
@ -77,8 +77,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA2: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
@ -107,8 +107,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA2: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
@ -137,8 +137,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA2: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
@ -167,8 +167,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA2: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
@ -197,8 +197,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA2: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
@ -227,8 +227,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
@ -257,8 +257,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
@ -287,8 +287,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
@ -317,8 +317,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
@ -347,8 +347,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
@ -377,8 +377,8 @@ parameter-sets:
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
-    no-secret-dependent-branching-claimed: true
+    no-secret-dependent-branching-claimed: false
-    no-secret-dependent-branching-checked-by-valgrind: true
+    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
--- a/docs/algorithms/sig/uov.md
+++ b/docs/algorithms/sig/uov.md
@ -0,0 +1,154 @@
 # UOV
 - **Algorithm type**: Digital signature scheme.
 - **Main cryptographic assumption**: multivariable quadratic equations, oil and vinegar.
 - **Principal submitters**: Ward Beullens, Ming-Shing Chen, Jintai Ding, Boru Gong, Matthias J. Kannwischer, Jacques Patarin, Bo-Yuan Peng, Dieter Schmidt, Cheng-Jhih Shih, Chengdong Tao, Bo-Yin Yang.
 - **Authors' website**: https://www.uovsig.org/
 - **Specification version**: NIST Round 2 (February 2025).
 - **Primary Source**<a name="primary-source"></a>:
  - **Source**: https://github.com/pqov/pqov/commit/7e0832b6732a476119742c4acabd11b7c767aefb
  - **Implementation license (SPDX-Identifier)**: CC0 OR Apache-2.0
 ## Parameter set summary
 |  Parameter set  | Parameter set alias   | Security model   |   Claimed NIST Level |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
 |:---------------:|:----------------------|:-----------------|---------------------:|--------------------------:|--------------------------:|-------------------------:|
 |      OV-Is      | NA                    | EUF-CMA          |                    1 |                    412160 |                    348704 |                       96 |
 |      OV-Ip      | NA                    | EUF-CMA          |                    1 |                    278432 |                    237896 |                      128 |
 |     OV-III      | NA                    | EUF-CMA          |                    3 |                   1225440 |                   1044320 |                      200 |
 |      OV-V       | NA                    | EUF-CMA          |                    5 |                   2869440 |                   2436704 |                      260 |
 |    OV-Is-pkc    | NA                    | EUF-CMA          |                    1 |                     66576 |                    348704 |                       96 |
 |    OV-Ip-pkc    | NA                    | EUF-CMA          |                    1 |                     43576 |                    237896 |                      128 |
 |   OV-III-pkc    | NA                    | EUF-CMA          |                    3 |                    189232 |                   1044320 |                      200 |
 |    OV-V-pkc     | NA                    | EUF-CMA          |                    5 |                    446992 |                   2436704 |                      260 |
 |  OV-Is-pkc-skc  | NA                    | EUF-CMA          |                    1 |                     66576 |                        32 |                       96 |
 |  OV-Ip-pkc-skc  | NA                    | EUF-CMA          |                    1 |                     43576 |                        32 |                      128 |
 | OV-III-pkc-skc  | NA                    | EUF-CMA          |                    3 |                    189232 |                        32 |                      200 |
 |  OV-V-pkc-skc   | NA                    | EUF-CMA          |                    5 |                    446992 |                        32 |                      260 |
 ## OV-Is implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?‡   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                 |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                 |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                 |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
 ## OV-Ip implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## OV-III implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## OV-V implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## OV-Is-pkc implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## OV-Ip-pkc implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## OV-III-pkc implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## OV-V-pkc implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## OV-Is-pkc-skc implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## OV-Ip-pkc-skc implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## OV-III-pkc-skc implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## OV-V-pkc-skc implementation characteristics
 |       Implementation source       | Identifier in upstream   | Supported architecture(s)   | Supported operating system(s)   | CPU extension(s) used   | No branching-on-secrets claimed?   | No branching-on-secrets checked by valgrind?   | Large stack usage?   |
 |:---------------------------------:|:-------------------------|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
 | [Primary Source](#primary-source) | ref                      | All                         | All                             | None                    | True                               | True                                           | False                |
 | [Primary Source](#primary-source) | neon                     | ARM64\_V8                   | Linux,Darwin                    | None                    | True                               | False                                          | False                |
 | [Primary Source](#primary-source) | avx2                     | x86\_64                     | Linux,Darwin                    | AVX2                    | True                               | True                                           | False                |
 Are implementations chosen based on runtime CPU feature detection? **Yes**.
 ## Explanation of Terms
 - **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
--- a/docs/algorithms/sig/uov.yml
+++ b/docs/algorithms/sig/uov.yml
@ -0,0 +1,562 @@
 name: UOV
 type: signature
 principal-submitters:
 - Ward Beullens
 - Ming-Shing Chen
 - Jintai Ding
 - Boru Gong
 - Matthias J. Kannwischer
 - Jacques Patarin
 - Bo-Yuan Peng
 - Dieter Schmidt
 - Cheng-Jhih Shih
 - Chengdong Tao
 - Bo-Yin Yang
 crypto-assumption: multivariable quadratic equations, oil and vinegar
 website: https://www.uovsig.org/
 nist-round: 2
 spec-version: NIST Round 2 (February 2025)
 primary-upstream:
  source: https://github.com/pqov/pqov/commit/7e0832b6732a476119742c4acabd11b7c767aefb
  spdx-license-identifier: CC0 OR Apache-2.0
 parameter-sets:
 - name: OV-Is
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 412160
  length-secret-key: 348704
  length-signature: 96
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: OV-Ip
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 278432
  length-secret-key: 237896
  length-signature: 128
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: OV-III
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 1225440
  length-secret-key: 1044320
  length-signature: 200
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: OV-V
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 2869440
  length-secret-key: 2436704
  length-signature: 260
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: OV-Is-pkc
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 66576
  length-secret-key: 348704
  length-signature: 96
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: OV-Ip-pkc
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 43576
  length-secret-key: 237896
  length-signature: 128
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: OV-III-pkc
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 189232
  length-secret-key: 1044320
  length-signature: 200
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: OV-V-pkc
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 446992
  length-secret-key: 2436704
  length-signature: 260
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: OV-Is-pkc-skc
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 66576
  length-secret-key: 32
  length-signature: 96
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: OV-Ip-pkc-skc
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 43576
  length-secret-key: 32
  length-signature: 128
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: OV-III-pkc-skc
  claimed-nist-level: 3
  claimed-security: EUF-CMA
  length-public-key: 189232
  length-secret-key: 32
  length-signature: 200
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
 - name: OV-V-pkc-skc
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 446992
  length-secret-key: 32
  length-signature: 260
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: ref
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: neon
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      operating_systems:
      - Linux
      - Darwin
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    - AES: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
--- a/docs/algorithms/sig_stfl/lms.md
+++ b/docs/algorithms/sig_stfl/lms.md
@ -0,0 +1,50 @@
 # LMS
 - **Algorithm type**: Digital signature scheme.
 - **Main cryptographic assumption**: hash-based signatures.
 - **Principal submitters**: Scott Fluhrer.
 - **Auxiliary submitters**: C Martin, Maurice Hieronymus.
 - **Authors' website**: https://www.rfc-editor.org/info/rfc8554
 - **Specification version**: None.
 - **Primary Source**<a name="primary-source"></a>:
  - **Source**: https://github.com/cisco/hash-sigs
  - **Implementation license (SPDX-Identifier)**: MIT
 ## Parameter set summary
 |      Parameter set       | Security model   | Claimed NIST Level   |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
 |:------------------------:|:-----------------|:---------------------|--------------------------:|--------------------------:|-------------------------:|
 |     LMS_SHA256_H5_W1     |                  |                      |                        60 |                        64 |                     8688 |
 |     LMS_SHA256_H5_W2     |                  |                      |                        60 |                        64 |                     4464 |
 |     LMS_SHA256_H5_W4     |                  |                      |                        60 |                        64 |                     2352 |
 |     LMS_SHA256_H5_W8     |                  |                      |                        60 |                        64 |                     1296 |
 |    LMS_SHA256_H10_W1     |                  |                      |                        60 |                        64 |                     8848 |
 |    LMS_SHA256_H10_W2     |                  |                      |                        60 |                        64 |                     4624 |
 |    LMS_SHA256_H10_W4     |                  |                      |                        60 |                        64 |                     2512 |
 |    LMS_SHA256_H10_W8     |                  |                      |                        60 |                        64 |                     1456 |
 |    LMS_SHA256_H15_W1     |                  |                      |                        60 |                        64 |                     9008 |
 |    LMS_SHA256_H15_W2     |                  |                      |                        60 |                        64 |                     4784 |
 |    LMS_SHA256_H15_W4     |                  |                      |                        60 |                        64 |                     2672 |
 |    LMS_SHA256_H15_W8     |                  |                      |                        60 |                        64 |                     1616 |
 |    LMS_SHA256_H20_W1     |                  |                      |                        60 |                        64 |                     9168 |
 |    LMS_SHA256_H20_W2     |                  |                      |                        60 |                        64 |                     4944 |
 |    LMS_SHA256_H20_W4     |                  |                      |                        60 |                        64 |                     2832 |
 |    LMS_SHA256_H20_W8     |                  |                      |                        60 |                        64 |                     1776 |
 |    LMS_SHA256_H25_W1     |                  |                      |                        60 |                        64 |                     9328 |
 |    LMS_SHA256_H25_W2     |                  |                      |                        60 |                        64 |                     5104 |
 |    LMS_SHA256_H25_W4     |                  |                      |                        60 |                        64 |                     2992 |
 |    LMS_SHA256_H25_W8     |                  |                      |                        60 |                        64 |                     1936 |
 |  LMS_SHA256_H5_W8_H5_W8  |                  |                      |                        60 |                        64 |                     2644 |
 | LMS_SHA256_H10_W4_H5_W8  |                  |                      |                        60 |                        64 |                     2804 |
 | LMS_SHA256_H10_W8_H5_W8  |                  |                      |                        60 |                        64 |                     3860 |
 | LMS_SHA256_H10_W2_H10_W2 |                  |                      |                        60 |                        64 |                     9300 |
 | LMS_SHA256_H10_W4_H10_W4 |                  |                      |                        60 |                        64 |                     5076 |
 | LMS_SHA256_H10_W8_H10_W8 |                  |                      |                        60 |                        64 |                     2964 |
 | LMS_SHA256_H15_W8_H5_W8  |                  |                      |                        60 |                        64 |                     2964 |
 | LMS_SHA256_H15_W8_H10_W8 |                  |                      |                        60 |                        64 |                     3124 |
 | LMS_SHA256_H15_W8_H15_W8 |                  |                      |                        60 |                        64 |                     3284 |
 | LMS_SHA256_H20_W8_H5_W8  |                  |                      |                        60 |                        64 |                     3124 |
 | LMS_SHA256_H20_W8_H10_W8 |                  |                      |                        60 |                        64 |                     3284 |
 | LMS_SHA256_H20_W8_H15_W8 |                  |                      |                        60 |                        64 |                     3444 |
 | LMS_SHA256_H20_W8_H20_W8 |                  |                      |                        60 |                        64 |                     3604 |
--- a/docs/algorithms/sig_stfl/lms.yml
+++ b/docs/algorithms/sig_stfl/lms.yml
@ -0,0 +1,216 @@
 name: LMS
 type: stateful signature
 principal-submitters:
 - Scott Fluhrer
 auxiliary-submitters:
 - C Martin
 - Maurice Hieronymus
 crypto-assumption: hash-based signatures
 website: https://www.rfc-editor.org/info/rfc8554
 nist-round: 
 spec-version: 
 spdx-license-identifier: 
 primary-upstream:
  source: https://github.com/cisco/hash-sigs
  spdx-license-identifier: MIT
  upstream-ancestors:
 parameter-sets:
 - name: LMS_SHA256_H5_W1
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 8688
 - name: LMS_SHA256_H5_W2
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 4464
 - name: LMS_SHA256_H5_W4
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 2352
 - name: LMS_SHA256_H5_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 1296
 - name: LMS_SHA256_H10_W1
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 8848
 - name: LMS_SHA256_H10_W2
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 4624
 - name: LMS_SHA256_H10_W4
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 2512
 - name: LMS_SHA256_H10_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 1456
 - name: LMS_SHA256_H15_W1
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 9008
 - name: LMS_SHA256_H15_W2
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 4784
 - name: LMS_SHA256_H15_W4
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 2672
 - name: LMS_SHA256_H15_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 1616
 - name: LMS_SHA256_H20_W1
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 9168
 - name: LMS_SHA256_H20_W2
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 4944
 - name: LMS_SHA256_H20_W4
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 2832
 - name: LMS_SHA256_H20_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 1776
 - name: LMS_SHA256_H25_W1
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 9328
 - name: LMS_SHA256_H25_W2
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 5104
 - name: LMS_SHA256_H25_W4
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 2992
 - name: LMS_SHA256_H25_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 1936
 - name: LMS_SHA256_H5_W8_H5_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 2644
 - name: LMS_SHA256_H10_W4_H5_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 2804
 - name: LMS_SHA256_H10_W8_H5_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 3860
 - name: LMS_SHA256_H10_W2_H10_W2
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 9300
 - name: LMS_SHA256_H10_W4_H10_W4
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 5076
 - name: LMS_SHA256_H10_W8_H10_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 2964
 - name: LMS_SHA256_H15_W8_H5_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 2964
 - name: LMS_SHA256_H15_W8_H10_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 3124
 - name: LMS_SHA256_H15_W8_H15_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 3284
 - name: LMS_SHA256_H20_W8_H5_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 3124
 - name: LMS_SHA256_H20_W8_H10_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 3284
 - name: LMS_SHA256_H20_W8_H15_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 3444
 - name: LMS_SHA256_H20_W8_H20_W8
  claimed-nist-level: 
  claimed-security: 
  length-public-key: 60
  length-secret-key: 64
  length-signature: 3604
--- a/docs/algorithms/sig_stfl/sig_stfl.md
+++ b/docs/algorithms/sig_stfl/sig_stfl.md
@ -0,0 +1,29 @@
 # **Stateful Hash Based Signatures**
 The security of hash based signatures (HBS) is based on the underlying hash functions on which they are built.
 NIST recommendation is that they are suitable for near term use to mitigate against attacks mounted by quantum computers.
 While not a general purpose solution, they are useful means to authenticate boot or firmware images.
 <ins>**General**</ins>
 This package provides full support for a variety of variants for XMSS and LMS. 
 Key generation, signature generation, and signature verification. 
 Security of HBS also depends on the management of the state of the secret key. Secret keys can only used once to generate a signature.
 Multiple signing with same key can reveal that key to an attacker.
 Because of this, NIST recommends that key and signature generation be done in hardware security modules.
 Having said that, this library is fully functional for research purposes. Secret keys are incremented after each sign operation.
 However, secure storage and lifecycle management of the secret keys are left to applications using this feature.
 Secret key storage is easily done by supplying a callback function to the library. This callback is invoked to store the secret key.
 <ins>**Key State Management**</ins>
 Application writers have to supply callback functions to store and update secret keys.
 After a sign operation the secret key index is advanced and stored. This ensures one-time use of the key.
 Signing operations will fail without this callback set because the private key cannot be advanced (to prevent reuse).
 Stateful keys can generate a finite number of signatures. A counter tracks the limit when the key is created and is decremented after each signature is generated.
 When the counter is down to 0, signature generation fails. Applications can query the remaining count via an API.
--- a/docs/algorithms/sig_stfl/xmss.md
+++ b/docs/algorithms/sig_stfl/xmss.md
@ -0,0 +1,53 @@
 # XMSS
 - **Algorithm type**: Digital signature scheme.
 - **Main cryptographic assumption**: hash-based signatures.
 - **Principal submitters**: Joost Rijneveld, A. Huelsing, David Cooper, Bas Westerbaan.
 - **Authors' website**: https://www.rfc-editor.org/info/rfc8391
 - **Specification version**: None.
 - **Primary Source**<a name="primary-source"></a>:
  - **Source**: https://github.com/XMSS/xmss-reference
  - **Implementation license (SPDX-Identifier)**: (Apache-2.0 OR MIT) AND CC0-1.0
 ## Parameter set summary
 |     Parameter set      | Security model   | Claimed NIST Level   |   Public key size (bytes) |   Secret key size (bytes) |   Signature size (bytes) |
 |:----------------------:|:-----------------|:---------------------|--------------------------:|--------------------------:|-------------------------:|
 |    XMSS-SHA2_10_256    |                  |                      |                        64 |                      1373 |                     2500 |
 |    XMSS-SHA2_16_256    |                  |                      |                        64 |                      2093 |                     2692 |
 |    XMSS-SHA2_20_256    |                  |                      |                        64 |                      2573 |                     2820 |
 |   XMSS-SHAKE_10_256    |                  |                      |                        64 |                      1373 |                     2500 |
 |   XMSS-SHAKE_16_256    |                  |                      |                        64 |                      2093 |                     2692 |
 |   XMSS-SHAKE_20_256    |                  |                      |                        64 |                      2573 |                     2820 |
 |    XMSS-SHA2_10_512    |                  |                      |                       128 |                      2653 |                     9092 |
 |    XMSS-SHA2_16_512    |                  |                      |                       128 |                      4045 |                     9476 |
 |    XMSS-SHA2_20_512    |                  |                      |                       128 |                      2653 |                     9732 |
 |   XMSS-SHAKE_10_512    |                  |                      |                       128 |                      2653 |                     9092 |
 |   XMSS-SHAKE_16_512    |                  |                      |                       128 |                      4045 |                     9476 |
 |   XMSS-SHAKE_20_512    |                  |                      |                       128 |                      4973 |                     9732 |
 |    XMSS-SHA2_10_192    |                  |                      |                        48 |                      1053 |                     1492 |
 |    XMSS-SHA2_16_192    |                  |                      |                        48 |                      1605 |                     1636 |
 |    XMSS-SHA2_20_192    |                  |                      |                        48 |                      1973 |                     1732 |
 |  XMSS-SHAKE256_10_192  |                  |                      |                        48 |                      1053 |                     1492 |
 |  XMSS-SHAKE256_16_192  |                  |                      |                        48 |                      1605 |                     1636 |
 |  XMSS-SHAKE256_20_192  |                  |                      |                        48 |                      1973 |                     1732 |
 |  XMSS-SHAKE256_10_256  |                  |                      |                        64 |                      1373 |                     2500 |
 |  XMSS-SHAKE256_16_256  |                  |                      |                        64 |                      2093 |                     2692 |
 |  XMSS-SHAKE256_20_256  |                  |                      |                        64 |                      2573 |                     2820 |
 |  XMSSMT-SHA2_20/2_256  |                  |                      |                        64 |                      5998 |                     4963 |
 |  XMSSMT-SHA2_20/4_256  |                  |                      |                        64 |                     10938 |                     9251 |
 |  XMSSMT-SHA2_40/2_256  |                  |                      |                        64 |                      9600 |                     5605 |
 |  XMSSMT-SHA2_40/4_256  |                  |                      |                        64 |                     15252 |                     9893 |
 |  XMSSMT-SHA2_40/8_256  |                  |                      |                        64 |                     24516 |                    18469 |
 |  XMSSMT-SHA2_60/3_256  |                  |                      |                        64 |                     16629 |                     8392 |
 |  XMSSMT-SHA2_60/6_256  |                  |                      |                        64 |                     24507 |                    14824 |
 | XMSSMT-SHA2_60/12_256  |                  |                      |                        64 |                     38095 |                    27688 |
 | XMSSMT-SHAKE_20/2_256  |                  |                      |                        64 |                      5998 |                     4963 |
 | XMSSMT-SHAKE_20/4_256  |                  |                      |                        64 |                     10938 |                     9251 |
 | XMSSMT-SHAKE_40/2_256  |                  |                      |                        64 |                      9600 |                     5605 |
 | XMSSMT-SHAKE_40/4_256  |                  |                      |                        64 |                     15252 |                     9893 |
 | XMSSMT-SHAKE_40/8_256  |                  |                      |                        64 |                     24516 |                    18469 |
 | XMSSMT-SHAKE_60/3_256  |                  |                      |                        64 |                     24516 |                     8392 |
 | XMSSMT-SHAKE_60/6_256  |                  |                      |                        64 |                     24507 |                    14824 |
 | XMSSMT-SHAKE_60/12_256 |                  |                      |                        64 |                     38095 |                    27688 |
--- a/docs/algorithms/sig_stfl/xmss.yml
+++ b/docs/algorithms/sig_stfl/xmss.yml
@ -0,0 +1,241 @@
 name: XMSS
 type: stateful signature
 principal-submitters:
 - Joost Rijneveld
 - A. Huelsing
 - David Cooper
 - Bas Westerbaan
 auxiliary-submitters:
 crypto-assumption: hash-based signatures
 website: https://www.rfc-editor.org/info/rfc8391
 nist-round:
 spec-version:
 spdx-license-identifier: (Apache-2.0 OR MIT) AND CC0-1.0
 primary-upstream:
  source: https://github.com/XMSS/xmss-reference
  spdx-license-identifier: (Apache-2.0 OR MIT) AND CC0-1.0
  upstream-ancestors:
 parameter-sets:
 - name: XMSS-SHA2_10_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 1373
  length-signature: 2500
 - name: XMSS-SHA2_16_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 2093
  length-signature: 2692
 - name: XMSS-SHA2_20_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 2573
  length-signature: 2820
 - name: XMSS-SHAKE_10_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 1373
  length-signature: 2500
 - name: XMSS-SHAKE_16_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 2093
  length-signature: 2692
 - name: XMSS-SHAKE_20_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 2573
  length-signature: 2820
 - name: XMSS-SHA2_10_512
  claimed-nist-level:
  claimed-security:
  length-public-key: 128
  length-secret-key: 2653
  length-signature: 9092
 - name: XMSS-SHA2_16_512
  claimed-nist-level:
  claimed-security:
  length-public-key: 128
  length-secret-key: 4045
  length-signature: 9476
 - name: XMSS-SHA2_20_512
  claimed-nist-level:
  claimed-security:
  length-public-key: 128
  length-secret-key: 2653
  length-signature: 9732
 - name: XMSS-SHAKE_10_512
  claimed-nist-level:
  claimed-security:
  length-public-key: 128
  length-secret-key: 2653
  length-signature: 9092
 - name: XMSS-SHAKE_16_512
  claimed-nist-level:
  claimed-security:
  length-public-key: 128
  length-secret-key: 4045
  length-signature: 9476
 - name: XMSS-SHAKE_20_512
  claimed-nist-level:
  claimed-security:
  length-public-key: 128
  length-secret-key: 4973
  length-signature: 9732
 - name: XMSS-SHA2_10_192
  claimed-nist-level:
  claimed-security:
  length-public-key: 48
  length-secret-key: 1053
  length-signature: 1492
 - name: XMSS-SHA2_16_192
  claimed-nist-level:
  claimed-security:
  length-public-key: 48
  length-secret-key: 1605
  length-signature: 1636
 - name: XMSS-SHA2_20_192
  claimed-nist-level:
  claimed-security:
  length-public-key: 48
  length-secret-key: 1973
  length-signature: 1732
 - name: XMSS-SHAKE256_10_192
  claimed-nist-level:
  claimed-security:
  length-public-key: 48
  length-secret-key: 1053
  length-signature: 1492
 - name: XMSS-SHAKE256_16_192
  claimed-nist-level:
  claimed-security:
  length-public-key: 48
  length-secret-key: 1605
  length-signature: 1636
 - name: XMSS-SHAKE256_20_192
  claimed-nist-level:
  claimed-security:
  length-public-key: 48
  length-secret-key: 1973
  length-signature: 1732
 - name: XMSS-SHAKE256_10_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 1373
  length-signature: 2500
 - name: XMSS-SHAKE256_16_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 2093
  length-signature: 2692
 - name: XMSS-SHAKE256_20_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 2573
  length-signature: 2820
 - name: XMSSMT-SHA2_20/2_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 5998
  length-signature: 4963
 - name: XMSSMT-SHA2_20/4_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 10938
  length-signature: 9251
 - name: XMSSMT-SHA2_40/2_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 9600
  length-signature: 5605
 - name: XMSSMT-SHA2_40/4_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 15252
  length-signature: 9893
 - name: XMSSMT-SHA2_40/8_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 24516
  length-signature: 18469
 - name: XMSSMT-SHA2_60/3_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 16629
  length-signature: 8392
 - name: XMSSMT-SHA2_60/6_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 24507
  length-signature: 14824
 - name: XMSSMT-SHA2_60/12_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 38095
  length-signature: 27688
 - name: XMSSMT-SHAKE_20/2_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 5998
  length-signature: 4963
 - name: XMSSMT-SHAKE_20/4_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 10938
  length-signature: 9251
 - name: XMSSMT-SHAKE_40/2_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 9600
  length-signature: 5605
 - name: XMSSMT-SHAKE_40/4_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 15252
  length-signature: 9893
 - name: XMSSMT-SHAKE_40/8_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 24516
  length-signature: 18469
 - name: XMSSMT-SHAKE_60/3_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 24516
  length-signature: 8392
 - name: XMSSMT-SHAKE_60/6_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 24507
  length-signature: 14824
 - name: XMSSMT-SHAKE_60/12_256
  claimed-nist-level:
  claimed-security:
  length-public-key: 64
  length-secret-key: 38095
  length-signature: 27688
--- a/docs/cbom.json
+++ b/docs/cbom.json
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,61 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1735563628,
        "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,94 @@
 {
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
    flake-utils.url = "github:numtide/flake-utils";
  };
  outputs = {
    self,
    nixpkgs,
    flake-utils,
  }:
    flake-utils.lib.eachDefaultSystem (system: let
      name = "liboqs";
      src = ./.;
      pkgs = nixpkgs.legacyPackages.${system};
      # Function to create compiler-specific package sets
      mkPackageSet = compiler: let
        # Override the stdenv to use the specified compiler
        stdenv =
          if compiler == "clang"
          then pkgs.clangStdenv
          else pkgs.stdenv;
        mkLib = shared:
          stdenv.mkDerivation {
            inherit name src;
            # for whatever reason, trying to 'fix' the CMake file causes a failure
            dontFixCmake = true;
            nativeBuildInputs = with pkgs;
              [cmake ninja doxygen pkg-config graphviz]
              ++ (
                if compiler == "clang"
                then [pkgs.clang]
                else [pkgs.gcc]
              );
            buildInputs = with pkgs; [openssl];
            cmakeFlags = [
              "-GNinja"
              "-DOQS_DIST_BUILD=ON"
              "-DOQS_BUILD_ONLY_LIB=ON"
              "-DBUILD_SHARED_LIBS=${
                if shared
                then "ON"
                else "OFF"
              }"
              "-DCMAKE_INSTALL_LIBDIR=lib"
              "-DCMAKE_INSTALL_INCLUDEDIR=include"
              "-DCMAKE_INSTALL_PREFIX=${placeholder "out"}"
              "-DCMAKE_INSTALL_FULL_LIBDIR=${placeholder "out"}/lib"
              "-DCMAKE_INSTALL_FULL_INCLUDEDIR=${placeholder "out"}/include"
            ];
          };
      in {
        shared = mkLib true;
        static = mkLib false;
      };
      # Create development shell for specified compiler
      mkDevShell = compiler: let
        packageSet = mkPackageSet compiler;
      in
        pkgs.mkShell {
          inherit (packageSet.shared) nativeBuildInputs buildInputs;
          # astyle formats C source code and alejandra formats nix source code
          packages = with pkgs; [astyle alejandra];
          shellHook = ''
            export CMAKE_EXPORT_COMPILE_COMMANDS=1
            echo "Using ${compiler} toolchain"
          '';
        };
    in {
      formatter = pkgs.alejandra;
      packages = {
        default = (mkPackageSet "gcc").shared; # default is gcc shared
        gcc-shared = (mkPackageSet "gcc").shared;
        clang-shared = (mkPackageSet "clang").shared;
        gcc-static = (mkPackageSet "gcc").static;
        clang-static = (mkPackageSet "clang").static;
      };
      # Development shells
      devShells = {
        default = mkDevShell "gcc";
        gcc = mkDevShell "gcc";
        clang = mkDevShell "clang";
      };
    });
 }
--- a/scripts/build-android.sh
+++ b/scripts/build-android.sh
@ -6,12 +6,13 @@ set -e
 show_help() {
    echo ""
-    echo " Usage: ./build-android <ndk-dir> -a [abi] -b [build-directory] -s [sdk-version]"
+    echo " Usage: ./build-android <ndk-dir> -a [abi] -b [build-directory] -s [sdk-version] -f [extra-cmake-flags]"
    echo "   ndk-dir: the directory of the Android NDK (required)"
    echo "   abi: the Android ABI to target for the build"
    echo "   build-directory: the directory in which to build the project"
    echo "   sdk-version: the minimum Android SDK version to target"
    echo "   extra-cmake-flags: extra flags to use for CMake configuration"
    echo ""
    exit 0
 }
@ -52,12 +53,13 @@ MINSDKVERSION=21
 BUILDDIR="build"
 OPTIND=2
-while getopts "a:s:b:" flag
+while getopts "a:s:b:f:" flag
 do
    case $flag in
        a) ABI=$OPTARG;;
        s) MINSDKVERSION=$OPTARG;;
        b) BUILDDIR=$OPTARG;;
        f) EXTRAFLAGS="$OPTARG";;
        *) exit 1
    esac
 done
@ -107,7 +109,8 @@ cmake .. -DOQS_USE_OPENSSL=OFF \
         -DBUILD_SHARED_LIBS=ON  \
         -DCMAKE_TOOLCHAIN_FILE="$NDK"/build/cmake/android.toolchain.cmake \
         -DANDROID_ABI="$ABI" \
-         -DANDROID_NATIVE_API_LEVEL="$MINSDKVERSION"
+         -DANDROID_NATIVE_API_LEVEL="$MINSDKVERSION" \
         $EXTRAFLAGS
 cmake --build ./
 # Provide rudimentary information following build
--- a/scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg.fragment
+++ b/scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg.fragment
@ -1,62 +1,28 @@
 {% for family in instructions['kems'] %}
 {%- if 'disable_by_default' in family and family['disable_by_default'] %}
 option(OQS_ENABLE_KEM_{{ family['name']|upper }} "Enable {{ family['name'] }} algorithm family" OFF)
 {%- else %}
 option(OQS_ENABLE_KEM_{{ family['name']|upper }} "Enable {{ family['name'] }} algorithm family" ON)
 {%- endif %}
    {%- for scheme in family['schemes'] %}
 cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }} "" ON "OQS_ENABLE_KEM_{{ family['name']|upper }}" OFF)
-        {%- for impl in scheme['metadata']['implementations'] if impl['name'] != family['default_implementation'] and impl['supported_platforms'] -%}
+{%- if 'alias_scheme' in scheme %}
-            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'x86_64' %}
+cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }} "" ON "OQS_ENABLE_KEM_{{ family['name']|upper }}" OFF)
-{% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
+{%- endif -%}
 {% endif -%}
 if(OQS_DIST_X86_64_BUILD OR ({% for flag in platform['required_flags'] -%} OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- if not loop.last %} AND {% endif -%}{%- endfor -%}))
    cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'ARM64_V8' %}
 {% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
 {% endif -%}
 if((OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS{% for flag in platform['required_flags'] -%} {%- if not loop.last or loop.first %} AND {% endif -%}OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- endfor -%})))
 {% if impl['upstream']['name'] == 'pqclean' -%}
 if(((CMAKE_C_COMPILER_ID STREQUAL "GNU") AND (CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "9.4.0")) OR ((CMAKE_CXX_COMPILER_ID STREQUAL "GNU") AND (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL "9.4.0")) OR ((NOT (CMAKE_C_COMPILER_ID STREQUAL "GNU")) AND (NOT (CMAKE_CXX_COMPILER_ID STREQUAL "GNU"))))
 {%- endif %}
    cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 {% if impl['upstream']['name'] == 'pqclean' -%}
 else()
    message(WARNING "  ARM optimizations are not fully supported on this compiler version.")
 endif()
 {%- endif %}
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
        {%- endfor -%}
    {%- endfor %}
 {% endfor -%}
 {% for family in instructions['sigs'] %}
 {%- if 'disable_by_default' in family and family['disable_by_default'] %}
 option(OQS_ENABLE_SIG_{{ family['name']|upper }} "Enable {{ family['name'] }} algorithm family" OFF)
 {%- else %}
 option(OQS_ENABLE_SIG_{{ family['name']|upper }} "Enable {{ family['name'] }} algorithm family" ON)
 {%- endif %}
    {%- for scheme in family['schemes'] %}
 cmake_dependent_option(OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }} "" ON "OQS_ENABLE_SIG_{{ family['name']|upper }}" OFF)
-        {%- for impl in scheme['metadata']['implementations'] if impl['name'] != family['default_implementation'] and impl['supported_platforms'] -%}
+{%- if 'alias_scheme' in scheme %}
-            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'x86_64' %}
+cmake_dependent_option(OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }} "" ON "OQS_ENABLE_SIG_{{ family['name']|upper }}" OFF)
-{% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
+{%- endif -%}
 {% endif -%}
 if(OQS_DIST_X86_64_BUILD OR ({% for flag in platform['required_flags'] -%} OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- if not loop.last %} AND {% endif -%}{%- endfor -%}))
    cmake_dependent_option(OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'ARM64_V8' %}
 {% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
 {% endif -%}
 if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS{% for flag in platform['required_flags'] -%} {%- if not loop.last or loop.first %} AND {% endif -%}OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- endfor -%}))
    cmake_dependent_option(OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
        {%- endfor -%}
    {%- endfor %}
 {% endfor -%}
--- a/scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg.libjade
+++ b/scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg.libjade
@ -0,0 +1,23 @@
 if ((OQS_LIBJADE_BUILD STREQUAL "ON"))
 {% for family in instructions['kems'] %}
 option(OQS_ENABLE_LIBJADE_KEM_{{ family['name']|upper }} "Enable libjade implementation of {{ family['name'] }} algorithm family" ON)
    {%- for scheme in family['schemes'] %}
 cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name']|upper }}" OFF)
 {%- if 'alias_scheme' in scheme %}
 cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name']|upper }}" OFF)
 {%- endif -%}
    {%- endfor %}
 {% endfor -%}
 {% for family in instructions['sigs'] %}
 option(OQS_ENABLE_LIBJADE_SIG_{{ family['name']|upper }} "Enable libjade implementation of {{ family['name'] }} algorithm family" ON)
    {%- for scheme in family['schemes'] %}
 cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name']|upper }}" OFF)
 {%- if 'alias_scheme' in scheme %}
 cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name']|upper }}" OFF)
 {%- endif -%}
    {%- endfor %}
 {% endfor -%}
 endif()
--- a/scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg_conditional.fragment
+++ b/scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg_conditional.fragment
@ -0,0 +1,82 @@
 {% for family in instructions['kems'] %}
    {%- for scheme in family['schemes'] %}
        {%- for impl in scheme['metadata']['implementations'] if impl['name'] != family['default_implementation'] and impl['supported_platforms'] -%}
            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'x86_64' %}
 {% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
 {% endif -%}
 if(OQS_DIST_X86_64_BUILD OR ({% for flag in platform['required_flags'] -%} OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- if not loop.last %} AND {% endif -%}{%- endfor -%}))
    cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 {%- if 'alias_scheme' in scheme %}
    cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
 {%- endif %}
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'CUDA' %}
 {% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
 {% endif -%}
 if(OQS_USE_CUPQC)
    cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 {%- if 'alias_scheme' in scheme %}
    cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
 {%- endif %}
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'ARM64_V8' %}
 {% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
 {% endif -%}
 if((OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS{% for flag in platform['required_flags'] -%} {%- if not loop.last or loop.first %} AND {% endif -%}OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- endfor -%})))
 {% if impl['upstream']['name'].endswith('pqclean') -%}
 if(((CMAKE_C_COMPILER_ID STREQUAL "GNU") AND (CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "9.4.0")) OR ((CMAKE_CXX_COMPILER_ID STREQUAL "GNU") AND (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL "9.4.0")) OR ((NOT (CMAKE_C_COMPILER_ID STREQUAL "GNU")) AND (NOT (CMAKE_CXX_COMPILER_ID STREQUAL "GNU"))))
 {%- endif %}
    cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 {%- if 'alias_scheme' in scheme %}
    cmake_dependent_option(OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
 {%- endif %}
 {% if impl['upstream']['name'].endswith('pqclean') -%}
 else()
    message(WARNING "  ARM optimizations are not fully supported on this compiler version.")
 endif()
 {%- endif %}
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
        {%- endfor -%}
    {%- endfor %}
 {% endfor -%}
 {% for family in instructions['sigs'] %}
    {%- for scheme in family['schemes'] %}
        {%- for impl in scheme['metadata']['implementations'] if impl['name'] != family['default_implementation'] and impl['supported_platforms'] -%}
            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'x86_64' %}
 {% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
 {% endif -%}
 if(OQS_DIST_X86_64_BUILD OR ({% for flag in platform['required_flags'] -%} OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- if not loop.last %} AND {% endif -%}{%- endfor -%}))
    cmake_dependent_option(OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 {%- if 'alias_scheme' in scheme %}
    cmake_dependent_option(OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
 {%- endif %}
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'ARM64_V8' %}
 {% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
 {% endif -%}
 if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS{% for flag in platform['required_flags'] -%} {%- if not loop.last or loop.first %} AND {% endif -%}OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- endfor -%}))
    cmake_dependent_option(OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 {%- if 'alias_scheme' in scheme %}
    cmake_dependent_option(OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
 {%- endif %}
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
        {%- endfor -%}
    {%- endfor %}
 {% endfor -%}
--- a/scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg_conditional.libjade
+++ b/scripts/copy_from_upstream/.CMake/alg_support.cmake/add_enable_by_alg_conditional.libjade
@ -0,0 +1,73 @@
 if ((OQS_LIBJADE_BUILD STREQUAL "ON"))
 {% for family in instructions['kems'] %}
    {%- for scheme in family['schemes'] %}
        {%- for impl in scheme['metadata']['implementations'] if impl['name'] != family['default_implementation'] and impl['supported_platforms'] -%}
            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'x86_64' %}
 {% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
 {% endif -%}
 if(OQS_DIST_X86_64_BUILD OR ({% for flag in platform['required_flags'] -%} OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- if not loop.last %} AND {% endif -%}{%- endfor -%}))
    cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 {%- if 'alias_scheme' in scheme %}
    cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
 {%- endif %}
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'ARM64_V8' %}
 {% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
 {% endif -%}
 if((OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS{% for flag in platform['required_flags'] -%} {%- if not loop.last or loop.first %} AND {% endif -%}OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- endfor -%})))
 {% if impl['upstream']['name'].endswith('pqclean') -%}
 if(((CMAKE_C_COMPILER_ID STREQUAL "GNU") AND (CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "9.4.0")) OR ((CMAKE_CXX_COMPILER_ID STREQUAL "GNU") AND (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL "9.4.0")) OR ((NOT (CMAKE_C_COMPILER_ID STREQUAL "GNU")) AND (NOT (CMAKE_CXX_COMPILER_ID STREQUAL "GNU"))))
 {%- endif %}
    cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 {%- if 'alias_scheme' in scheme %}
    cmake_dependent_option(OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_LIBJADE_KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
 {%- endif %}
 {% if impl['upstream']['name'].endswith('pqclean') -%}
 else()
    message(WARNING "  ARM optimizations are not fully supported on this compiler version.")
 endif()
 {%- endif %}
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
        {%- endfor -%}
    {%- endfor %}
 {% endfor -%}
 {% for family in instructions['sigs'] %}
    {%- for scheme in family['schemes'] %}
        {%- for impl in scheme['metadata']['implementations'] if impl['name'] != family['default_implementation'] and impl['supported_platforms'] -%}
            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'x86_64' %}
 {% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
 {% endif -%}
 if(OQS_DIST_X86_64_BUILD OR ({% for flag in platform['required_flags'] -%} OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- if not loop.last %} AND {% endif -%}{%- endfor -%}))
    cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 {%- if 'alias_scheme' in scheme %}
    cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
 {%- endif %}
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
            {%- for platform in impl['supported_platforms'] if platform['architecture'] == 'ARM64_V8' %}
 {% if platform['operating_systems'] %}if(CMAKE_SYSTEM_NAME MATCHES "{{ platform['operating_systems']|join('|') }}")
 {% endif -%}
 if(OQS_DIST_ARM64_V8_BUILD OR (OQS_USE_ARM_NEON_INSTRUCTIONS{% for flag in platform['required_flags'] -%} {%- if not loop.last or loop.first %} AND {% endif -%}OQS_USE_{{ flag|upper }}_INSTRUCTIONS {%- endfor -%}))
    cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['scheme'] }}" OFF)
 {%- if 'alias_scheme' in scheme %}
    cmake_dependent_option(OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}_{{ impl['name']  }} "" ON "OQS_ENABLE_LIBJADE_SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}" OFF)
 {%- endif %}
 endif()
 {% if platform['operating_systems'] %}endif()
 {% endif -%}
            {%- endfor -%}
        {%- endfor -%}
    {%- endfor %}
 {% endfor -%}
 endif()
--- a/scripts/copy_from_upstream/.CMake/alg_support.cmake/list_standardized_algs.fragment
+++ b/scripts/copy_from_upstream/.CMake/alg_support.cmake/list_standardized_algs.fragment
@ -1,14 +1,14 @@
 	filter_algs("
-{%- for family in instructions['kems'] if family['name'] == 'kyber' -%}
+{%- for family in instructions['kems'] if family['name'] in ['ml_kem'] -%}
    {%- for scheme in family['schemes'] -%}
-        KEM_{{ family['name'] }}_{{ scheme['scheme'] }};
+        {%- if 'alias_scheme' in scheme -%}KEM_{{ family['name'] }}_{{ scheme['alias_scheme'] }}{%- else -%}KEM_{{ family['name'] }}_{{ scheme['scheme'] }}{%- endif -%};
    {%- endfor -%}
 {%- endfor -%}
-{%- for family in instructions['sigs'] -%}
+{%- for family in instructions['sigs'] if family['name'] in ['ml_dsa', 'falcon', 'sphincs'] -%}
    {%- set outer_loop = loop -%}
    {%- for scheme in family['schemes'] -%}
-        SIG_{{ family['name'] }}_{{ scheme['scheme'] }}{%- if not (outer_loop.last and loop.last) -%};{%- endif -%}
+        {%- if 'alias_scheme' in scheme -%}SIG_{{ family['name'] }}_{{ scheme['alias_scheme'] }}{%- else -%}SIG_{{ family['name'] }}_{{ scheme['scheme'] }}{%- endif -%}{%- if not (outer_loop.last and loop.last) -%};{%- endif -%}
    {%- endfor -%}
 {%- endfor -%}
 ")
--- a/scripts/copy_from_upstream/copy_from_libjade.yml
+++ b/scripts/copy_from_upstream/copy_from_libjade.yml
@ -0,0 +1,30 @@
 # When adding an algorithm to copy_from_libjade.yml, the boolean 
 # 'libjade_implementation' and list of implementation 'libjade_implementations' 
 # must updated for the relevant algorithm in copy_from_upstream.yml
 # Additionaly, the algorithm name must be appended to the GitHub repository
 # environment variable LIBJADE_ALG_LIST.
 jasmin_version: '2023.06.3'
 upstreams:
  -
    name: libjade
    git_url: https://github.com/formosa-crypto/libjade.git
    git_branch: release/2023.05-2
    git_commit: 4e15c1d221d025deca40edef2c762be9e3d346b7
    kem_meta_path: 'src/crypto_kem/{family}/{pqclean_scheme}/META.yml'
    kem_scheme_path: 'src/crypto_kem/{family}/{pqclean_scheme}'
    patches: ['libjade-kyber-api.patch', 'libjade-kyber-meta.patch']
 kems:
  -
    name: kyber
    default_implementation: ref
    upstream_location: libjade
    schemes:
      -
        scheme: "512"
        pqclean_scheme: kyber512
        pretty_name_full: Kyber512
      -
        scheme: "768"
        pqclean_scheme: kyber768
        pretty_name_full: Kyber768
 sigs: []
--- a/scripts/copy_from_upstream/copy_from_upstream.py
+++ b/scripts/copy_from_upstream/copy_from_upstream.py
@ -23,8 +23,9 @@ non_upstream_kems = 0
 parser = argparse.ArgumentParser()
 parser.add_argument("-v", "--verbosity", type=int)
-parser.add_argument("-k", "--keep_data", action='store_true')
+parser.add_argument("-k", "--keep_data", action='store_true', help='Keep upstream code in the "repos" folder')
-parser.add_argument("operation", choices=["copy", "verify"])
+parser.add_argument("-d", "--delete", action='store_true', help='Delete untracked files from implementation directories')
 parser.add_argument("operation", choices=["copy", "verify", "libjade"])
 args = parser.parse_args()
 if args.verbosity:
@ -34,6 +35,8 @@ else:
 keepdata = True if args.keep_data else False
 delete = True if args.delete else False
 if 'LIBOQS_DIR' not in os.environ:
    print("Must set environment variable LIBOQS_DIR")
    exit(1)
@ -65,15 +68,27 @@ def shell(command, expect=0):
    if ret.returncode != expect:
        raise Exception("'{}' failed with error {}. Expected {}.".format(" ".join(command), ret, expect))
-def generator(destination_file_path, template_filename, family, scheme_desired):
+# Generate template from specified scheme to replace old file in 'copy' mode
 # but preserves additions made to file in prior runs of 'libjade' mode 
 def generator(destination_file_path, template_filename, delimiter, family, scheme_desired):
    template = file_get_contents(
        os.path.join(os.environ['LIBOQS_DIR'], 'scripts', 'copy_from_upstream', template_filename))
    f = copy.deepcopy(family)
    contents = file_get_contents(os.path.join(os.environ['LIBOQS_DIR'], destination_file_path))
    if scheme_desired != None:
        f['schemes'] = [x for x in f['schemes'] if x == scheme_desired]
-        assert (len(f['schemes']) == 1)
+    identifier = '{} OQS_COPY_FROM_{}_FRAGMENT_{}'.format(delimiter, 'LIBJADE', os.path.splitext(os.path.basename(template_filename))[0].upper())
-    # if scheme['implementation'] is not set, run over all implementations!
+    if identifier in contents:
-    file_put_contents(destination_file_path, jinja2.Template(template).render(f))
+        identifier_start, identifier_end = identifier + '_START', identifier + '_END'
        contents = contents.split('\n')
        libjade_contents = '\n'.join(contents[contents.index(identifier_start) + 1: contents.index(identifier_end)])
        contents = jinja2.Template(template).render(f)
        preamble = contents[:contents.find(identifier_start)]
        postamble = contents[contents.find(identifier_end):]
        contents = preamble + identifier_start + '\n' + libjade_contents + '\n' + postamble
    else:
        contents = jinja2.Template(template).render(f)
    file_put_contents(destination_file_path, contents)
 def generator_all(filename, instructions):
@ -82,29 +97,42 @@ def generator_all(filename, instructions):
    file_put_contents(filename, contents)
-def replacer(filename, instructions, delimiter):
+def replacer(filename, instructions, delimiter, libjade=False):
    fragments = glob.glob(
-        os.path.join(os.environ['LIBOQS_DIR'], 'scripts', 'copy_from_upstream', filename, '*.fragment'))
+        os.path.join(os.environ['LIBOQS_DIR'], 'scripts', 'copy_from_upstream', filename, '*.{}'.format('libjade' if libjade else 'fragment')))
    contents = file_get_contents(os.path.join(os.environ['LIBOQS_DIR'], filename))
    for fragment in fragments:
        template = file_get_contents(fragment)
        identifier = os.path.splitext(os.path.basename(fragment))[0]
-        identifier_start = '{} OQS_COPY_FROM_UPSTREAM_FRAGMENT_{}_START'.format(delimiter, identifier.upper())
+        identifier_start = '{} OQS_COPY_FROM_{}_FRAGMENT_{}_START'.format(delimiter, 'LIBJADE' if libjade else 'UPSTREAM', identifier.upper())
-        identifier_end = '{} OQS_COPY_FROM_UPSTREAM_FRAGMENT_{}_END'.format(delimiter, identifier.upper())
+        identifier_end = '{} OQS_COPY_FROM_{}_FRAGMENT_{}_END'.format(delimiter, 'LIBJADE' if libjade else 'UPSTREAM', identifier.upper())
        preamble = contents[:contents.find(identifier_start)]
        postamble = contents[contents.find(identifier_end):]
        contents = preamble + identifier_start + jinja2.Template(template).render(
            {'instructions': instructions, 'non_upstream_kems': non_upstream_kems}) + postamble
    file_put_contents(os.path.join(os.environ['LIBOQS_DIR'], filename), contents)
-def load_instructions():
+def replacer_contextual(destination_file_path, template_file_path, delimiter, family, scheme_desired, libjade=False):
    contents = file_get_contents(destination_file_path)
    template = file_get_contents(template_file_path)
    identifier = os.path.basename(template_file_path).split(os.extsep)[0]
    identifier_start = '{} OQS_COPY_FROM_{}_FRAGMENT_{}_START'.format(delimiter, 'LIBJADE' if libjade else 'UPSTREAM', identifier.upper())
    identifier_end = '{} OQS_COPY_FROM_{}_FRAGMENT_{}_END'.format(delimiter, 'LIBJADE' if libjade else 'UPSTREAM', identifier.upper())
    f = copy.deepcopy(family)
    if scheme_desired != None:
        f['schemes'] = [x for x in f['schemes'] if x == scheme_desired]
    preamble = contents[:contents.find(identifier_start)]
    postamble = contents[contents.find(identifier_end):]
    contents = preamble + identifier_start + jinja2.Template(template).render(f) + postamble
    file_put_contents(destination_file_path, contents)
 def load_instructions(file='copy_from_upstream.yml'):
    instructions = file_get_contents(
-        os.path.join(os.environ['LIBOQS_DIR'], 'scripts', 'copy_from_upstream', 'copy_from_upstream.yml'),
+        os.path.join(os.environ['LIBOQS_DIR'], 'scripts', 'copy_from_upstream', file),
        encoding='utf-8')
    instructions = yaml.safe_load(instructions)
    upstreams = {}
    for upstream in instructions['upstreams']:
        os.makedirs('repos', exist_ok=True)
        upstream_name = upstream['name']
        upstream_git_url = upstream['git_url']
        upstream_git_commit = upstream['git_commit']
@ -113,12 +141,29 @@ def load_instructions():
        work_dir = os.path.join('repos', upstream_name)
        work_dotgit = os.path.join(work_dir, '.git')
        if not os.path.exists(work_dir):
          os.makedirs(work_dir)
          if not os.path.exists(work_dotgit):
            shell(['git', 'init', work_dir])
            shell(['git', '--git-dir', work_dotgit, 'remote', 'add', 'origin', upstream_git_url])
        shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'remote', 'set-url', 'origin', upstream_git_url])
        if file == 'copy_from_libjade.yml':
            shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'fetch', '--depth=1', 'origin', upstream_git_branch])
        else:
            shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'fetch', '--depth=1', 'origin', upstream_git_commit])
        shell(['git', '--git-dir', work_dotgit, '--work-tree', work_dir, 'reset', '--hard', upstream_git_commit])
        if file == 'copy_from_libjade.yml':
            try:
                version = subprocess.run(['jasminc', '-version'], capture_output=True).stdout.decode('utf-8').strip().split(' ')[-1]
                if version != instructions['jasmin_version']:
                    print('Expected Jasmin compiler version {}; got version {}.'.format(instructions['jasmin_version'], version))
                    print('Must use Jasmin complier version {} or update copy_from_libjade.yml.'.format(instructions['jasmin_version']))
                    exit(1)
            except FileNotFoundError:
                print('Jasmin compiler not found; must add `jasminc` to PATH.')
                exit(1)
            shell(['make', '-C', os.path.join(work_dir, 'src')])
        if 'patches' in upstream:
            for patch in upstream['patches']:
                patch_file = os.path.join('patches', patch)
@ -142,16 +187,6 @@ def load_instructions():
                        common_dep['required_flags'] = req['required_flags']
            upstream['commons'] = dict(map(lambda x: (x['name'], x), common_deps['commons'] ))
    # drop instructions selectively if not ready
    if ("NOT_READY" in os.environ):
        not_ready = os.environ['NOT_READY'].split(" ")
        for family in instructions['kems']:
            if family['name'] in not_ready:
                instructions["kems"].remove(family)
        for family in instructions['sigs']:
            if family['name'] in not_ready:
                instructions["sigs"].remove(family)
    for family in instructions['kems']:
        family['type'] = 'kem'
        family['pqclean_type'] = 'kem'
@ -160,10 +195,13 @@ def load_instructions():
        family['common_deps_usedby'] = {}
        family['all_required_flags'] = set()
        for scheme in family['schemes']:
            scheme['family'] = family['name']
            if not 'upstream_location' in scheme:
                scheme['upstream_location'] = family['upstream_location']
            if (not 'arch_specific_upstream_locations' in scheme) and 'arch_specific_upstream_locations' in family:
                scheme['arch_specific_upstream_locations'] = family['arch_specific_upstream_locations']
            if (not 'derandomized_keypair' in scheme) and 'derandomized_keypair' in family:
                scheme['derandomized_keypair'] = family['derandomized_keypair']
            if not 'git_commit' in scheme:
                scheme['git_commit'] = upstreams[scheme['upstream_location']]['git_commit']
            if not 'git_branch' in scheme:
@ -332,7 +370,12 @@ def load_instructions():
                            raise RuntimeError("Found duplicate arch {} in scheme {}".format(arch, scheme))
                        scheme['scheme_paths'][arch] = (os.path.join('repos', location,
                                                                    upstreams[location]['sig_scheme_path'].format_map(scheme)))
            # assume EUF-CMA for schemes that don't specify a security classification
            scheme['metadata']['euf_cma'] = 'true'
            scheme['metadata']['suf_cma'] = 'false'
            if 'claimed-security' in metadata:
                if metadata['claimed-security'] == "SUF-CMA":
                    scheme['metadata']['suf_cma'] = 'true'
            scheme['pqclean_scheme_c'] = scheme['pqclean_scheme'].replace('-', '')
            scheme['scheme_c'] = scheme['scheme'].replace('-', '')
            scheme['default_implementation'] = family['default_implementation']
@ -355,6 +398,7 @@ def load_instructions():
    return instructions
 # Copy over all files for a given impl in a family using scheme
 # Returns list of all relative source files
 def handle_common_deps(common_dep, family, dst_basedir):
@ -432,24 +476,48 @@ def handle_implementation(impl, family, scheme, dst_basedir):
            of = impl
        origfolder = os.path.join(scheme['scheme_paths'][impl], of)
        upstream_location = i['upstream']['name']
        shutil.rmtree(os.path.join(dst_basedir, 'src', family['type'], family['name'],
                               '{}_{}_{}'.format(upstream_location, scheme['pqclean_scheme'], impl)),
                  ignore_errors=True)
        srcfolder = os.path.join(dst_basedir, 'src', family['type'], family['name'],
                             '{}_{}_{}'.format(upstream_location, scheme['pqclean_scheme'], impl))
        shutil.rmtree(srcfolder, ignore_errors=True)
        # Don't copy from PQClean straight but check for origfile list
        try:
            os.mkdir(srcfolder)
        except FileExistsError as fee:
            print(fee)
            pass
        if upstream_location == 'libjade':
            # Flatten directory structure while copying relevant files from libjade repo
            for root, _, files in os.walk(origfolder):
                for file in files:
                    if os.path.splitext(file)[1] in ['.c', '.h']:
                        source_path = os.path.join(root, file)
                        dest_path = os.path.join(srcfolder, file)
                        subprocess.run(['cp', source_path, dest_path])
                    if os.path.splitext(file)[1] in ['.s']:
                        file_name, file_ext = os.path.splitext(file)
                        new_file = ''.join([file_name, file_ext.upper()])
                        source_path = os.path.join(root, file)
                        dest_path = os.path.join(srcfolder, new_file)
                        subprocess.run(['cp', source_path, dest_path])
        else:
            # determine list of files to copy:
            if 'sources' in i:
                if i['sources']:
                    preserve_folder_structure = ('preserve_folder_structure' in i['upstream']) and i['upstream']['preserve_folder_structure'] == True
                    srcs = i['sources'].split(" ")
                    for s in srcs:
                        # Copy recursively only in case of directories not with plain files to avoid copying over symbolic links
                        if os.path.isfile(os.path.join(origfolder, s)):
                            if preserve_folder_structure:
                                subprocess.run(['mkdir', '-p', os.path.join(srcfolder, os.path.dirname(s))])
                                subprocess.run(['cp', os.path.join(origfolder, s), os.path.join(srcfolder, s)])
                            else:
                                subprocess.run(['cp', os.path.join(origfolder, s), os.path.join(srcfolder, os.path.basename(s))])
                        else:
                            if preserve_folder_structure:
                                subprocess.run(
                                    ['cp', '-r', os.path.join(origfolder, s), os.path.join(srcfolder, os.path.dirname(s))])                    
                            else:
                                subprocess.run(
                                    ['cp', '-r', os.path.join(origfolder, s), os.path.join(srcfolder, os.path.basename(s))])
@ -491,11 +559,25 @@ def handle_implementation(impl, family, scheme, dst_basedir):
    return [x[len(srcfolder) + 1:] for x in ffs]
-def process_families(instructions, basedir, with_kat, with_generator):
+def process_families(instructions, basedir, with_kat, with_generator, with_libjade=False):
    for family in instructions['kems'] + instructions['sigs']:
        try:
            os.makedirs(os.path.join(basedir, 'src', family['type'], family['name']))
        except:
            if delete:
                # clear out all subdirectories
                with os.scandir(os.path.join(basedir, 'src', family['type'], family['name'])) as ls:
                    for entry in ls:
                        if entry.is_dir(follow_symlinks=False):
                            if with_libjade:
                                if not entry.name.startswith('libjade'):
                                    continue
                            elif entry.name.startswith('libjade'):
                                continue
                            to_rm = os.path.join(basedir, 'src', family['type'], family['name'], entry.name)
                            if DEBUG > 3:
                                print("removing %s" % to_rm)
                            shutil.rmtree(to_rm)
            pass
        if 'common_deps' in family:
            for common_dep in family['common_deps']:
@ -534,6 +616,7 @@ def process_families(instructions, basedir, with_kat, with_generator):
                            # when provided to the compiler; OQS uses the term ARM_NEON
                            if req['architecture'] == 'arm_8':
                                req['architecture'] = 'ARM64_V8'
                            if 'required_flags' in req:
                                if req['architecture'] == 'ARM64_V8' and 'asimd' in req['required_flags']:
                                    req['required_flags'].remove('asimd')
                                    req['required_flags'].append('arm_neon')
@ -552,32 +635,44 @@ def process_families(instructions, basedir, with_kat, with_generator):
            if with_kat:
                if family in instructions['kems']:
                    try:
-                        if kats['kem'][scheme['pretty_name_full']] != scheme['metadata']['nistkat-sha256']:
+                        if kats['kem'][scheme['pretty_name_full']]['single'] != scheme['metadata']['nistkat-sha256']:
                            print("Info: Updating KAT for %s" % (scheme['pretty_name_full']))
                    except KeyError:  # new key
                        print("Adding new KAT for %s" % (scheme['pretty_name_full']))
                        # either a new scheme or a new KAT
                        if scheme['pretty_name_full'] not in kats['kem']:
                            kats['kem'][scheme['pretty_name_full']] = {}
                        pass
-                    kats['kem'][scheme['pretty_name_full']] = scheme['metadata']['nistkat-sha256']
+                    kats['kem'][scheme['pretty_name_full']]['single'] = scheme['metadata']['nistkat-sha256']
                    if 'alias_pretty_name_full' in scheme:
                        kats['kem'][scheme['alias_pretty_name_full']]['single'] = scheme['metadata']['nistkat-sha256']
                else:
                    try:
-                        if kats['sig'][scheme['pretty_name_full']] != scheme['metadata']['nistkat-sha256']:
+                        if kats['sig'][scheme['pretty_name_full']]['single'] != scheme['metadata']['nistkat-sha256']:
                            print("Info: Updating KAT for %s" % (scheme['pretty_name_full']))
                    except KeyError:  # new key
                        print("Adding new KAT for %s" % (scheme['pretty_name_full']))
                        # either a new scheme or a new KAT
                        if scheme['pretty_name_full'] not in kats['sig']:
                            kats['sig'][scheme['pretty_name_full']] = {}
                        pass
-                    kats['sig'][scheme['pretty_name_full']] = scheme['metadata']['nistkat-sha256']
+                    kats['sig'][scheme['pretty_name_full']]['single'] = scheme['metadata']['nistkat-sha256']
                    if 'alias_pretty_name_full' in scheme:
                        kats['sig'][scheme['alias_pretty_name_full']]['single'] = scheme['metadata']['nistkat-sha256']
        if with_generator:
            generator(
                os.path.join(os.environ['LIBOQS_DIR'], 'src', family['type'], family['name'],
                             family['type'] + '_{}.h'.format(family['name'])),
                os.path.join('src', family['type'], 'family', family['type'] + '_family.h'),
                '/////',
                family,
                None,
            )
            generator(
                os.path.join(os.environ['LIBOQS_DIR'], 'src', family['type'], family['name'], 'CMakeLists.txt'),
                os.path.join('src', family['type'], 'family', 'CMakeLists.txt'),
                '#####',
                family,
                None,
            )
@ -587,16 +682,28 @@ def process_families(instructions, basedir, with_kat, with_generator):
                    os.path.join(os.environ['LIBOQS_DIR'], 'src', family['type'], family['name'],
                                 family['type'] + '_{}_{}.c'.format(family['name'], scheme['scheme_c'])),
                    os.path.join('src', family['type'], 'family', family['type'] + '_scheme.c'),
                    '/////',
                    family,
                    scheme,
                )
        if with_libjade:
            replacer_contextual(
                os.path.join(os.environ['LIBOQS_DIR'], 'src', family['type'], family['name'], 'CMakeLists.txt'),
                os.path.join('src', family['type'], 'family', 'CMakeLists.txt.libjade'),
                '#####',
                family,
                None,
                libjade=True
            )
 def copy_from_upstream():
    for t in ["kem", "sig"]:
        with open(os.path.join(os.environ['LIBOQS_DIR'], 'tests', 'KATs', t, 'kats.json'), 'r') as fp:
            kats[t] = json.load(fp)
-    instructions = load_instructions()
+    instructions = load_instructions('copy_from_upstream.yml')
    process_families(instructions, os.environ['LIBOQS_DIR'], True, True)
    replacer('.CMake/alg_support.cmake', instructions, '#####')
    replacer('CMakeLists.txt', instructions, '#####')
@ -611,8 +718,6 @@ def copy_from_upstream():
    for t in ["kem", "sig"]:
        with open(os.path.join(os.environ['LIBOQS_DIR'], 'tests', 'KATs', t, 'kats.json'), "w") as f:
            json.dump(kats[t], f, indent=2, sort_keys=True)
    if not keepdata:
        shutil.rmtree('repos')
    update_upstream_alg_docs.do_it(os.environ['LIBOQS_DIR'])
@ -621,6 +726,38 @@ def copy_from_upstream():
    import update_cbom
    update_docs_from_yaml.do_it(os.environ['LIBOQS_DIR'])
    update_cbom.update_cbom_if_algs_not_changed(os.environ['LIBOQS_DIR'], "git")
    if not keepdata:
        shutil.rmtree('repos')
 # Copy algorithms from libjade specified in copy_from_libjade.yml, apply 
 # patches and generate select templates
 # Can be run independant of 'copy' mode.
 # When adding an algorithm to copy_from_libjade.yml, the boolean 
 # 'libjade_implementation' and list of implementation 'libjade_implementations' 
 # must updated for the relevant algorithm in copy_from_upstream.yml
 def copy_from_libjade():
    for t in ["kem", "sig"]:
        with open(os.path.join(os.environ['LIBOQS_DIR'], 'tests', 'KATs', t, 'kats.json'), 'r') as fp:
            kats[t] = json.load(fp)
    instructions = load_instructions('copy_from_libjade.yml')
    process_families(instructions, os.environ['LIBOQS_DIR'], True, False, True)
    replacer('.CMake/alg_support.cmake', instructions, '#####', libjade=True)
    replacer('src/oqsconfig.h.cmake', instructions, '/////', libjade=True)
    for t in ["kem", "sig"]:
        with open(os.path.join(os.environ['LIBOQS_DIR'], 'tests', 'KATs', t, 'kats.json'), "w") as f:
            json.dump(kats[t], f, indent=2, sort_keys=True)
    update_upstream_alg_docs.do_it(os.environ['LIBOQS_DIR'], upstream_location='libjade')
    sys.path.insert(1, os.path.join(os.environ['LIBOQS_DIR'], 'scripts'))
    import update_docs_from_yaml
    import update_cbom
    update_docs_from_yaml.do_it(os.environ['LIBOQS_DIR'])
    update_cbom.update_cbom_if_algs_not_changed(os.environ['LIBOQS_DIR'], "git")
    if not keepdata:
        shutil.rmtree('repos')
 def verify_from_upstream():
    instructions = load_instructions()
@ -640,7 +777,7 @@ def verify_from_upstream():
                                      '{}_{}_{}'.format(impl['upstream']['name'], scheme['pqclean_scheme'], impl))
                verifydir = os.path.join(basedir, 'src', family['type'], family['name'],
                                         '{}_{}_{}'.format(impl['upstream']['name'], scheme['pqclean_scheme'], impl))
-                if not os.path.isdir(oqsdir) and os.path.isdir(erifydir):
+                if not os.path.isdir(oqsdir) and os.path.isdir(verifydir):
                    print('Available implementation in upstream that isn\'t integrated into LIBOQS: {}_{}_{}'.format(impl['upstream']['name'],
                                                                                                                scheme['pqclean_scheme'], impl))
                else:
@ -699,5 +836,7 @@ non_upstream_kems = count_non_upstream_kems(['bike', 'frodokem', 'ntruprime'])
 if args.operation == "copy":
    copy_from_upstream()
 elif args.operation == "libjade":
    copy_from_libjade()
 elif args.operation == "verify":
    verify_from_upstream()
--- a/scripts/copy_from_upstream/copy_from_upstream.yml
+++ b/scripts/copy_from_upstream/copy_from_upstream.yml
@ -1,6 +1,6 @@
 upstreams:
  -
-    name: pqclean
+    name: oldpqclean
    git_url: https://github.com/PQClean/PQClean.git
    git_branch: master
    git_commit: 8e220a87308154d48fdfac40abbb191ac7fce06a
@ -8,16 +8,44 @@ upstreams:
    sig_meta_path: 'crypto_sign/{pqclean_scheme}/META.yml'
    kem_scheme_path: 'crypto_kem/{pqclean_scheme}'
    sig_scheme_path: 'crypto_sign/{pqclean_scheme}'
-    patches: [pqclean-sphincs.patch, pqclean-dilithium-arm-randomized-signing.patch, pqclean-kyber-armneon-shake-fixes.patch, pqclean-kyber-armneon-768-1024-fixes.patch]
+    patches: [pqclean-dilithium-arm-randomized-signing.patch, pqclean-kyber-armneon-shake-fixes.patch, pqclean-kyber-armneon-768-1024-fixes.patch, pqclean-kyber-armneon-variable-timing-fix.patch,
    pqclean-kyber-armneon-asan.patch]
    ignore: pqclean_sphincs-shake-256s-simple_aarch64, pqclean_sphincs-shake-256s-simple_aarch64, pqclean_sphincs-shake-256f-simple_aarch64, pqclean_sphincs-shake-192s-simple_aarch64, pqclean_sphincs-shake-192f-simple_aarch64, pqclean_sphincs-shake-128s-simple_aarch64, pqclean_sphincs-shake-128f-simple_aarch64
  -
    name: pqclean
    git_url: https://github.com/PQClean/PQClean.git
    git_branch: master
    git_commit: 1eacfdafc15ddc5d5759d0b85b4cef26627df181
    kem_meta_path: 'crypto_kem/{pqclean_scheme}/META.yml'
    sig_meta_path: 'crypto_sign/{pqclean_scheme}/META.yml'
    kem_scheme_path: 'crypto_kem/{pqclean_scheme}'
    sig_scheme_path: 'crypto_sign/{pqclean_scheme}'
    patches: [pqclean-sphincs.patch]
    ignore: pqclean_sphincs-shake-256s-simple_aarch64, pqclean_sphincs-shake-256s-simple_aarch64, pqclean_sphincs-shake-256f-simple_aarch64, pqclean_sphincs-shake-192s-simple_aarch64, pqclean_sphincs-shake-192f-simple_aarch64, pqclean_sphincs-shake-128s-simple_aarch64, pqclean_sphincs-shake-128f-simple_aarch64, pqclean_kyber512_aarch64, pqclean_kyber1024_aarch64, pqclean_kyber768_aarch64, pqclean_dilithium2_aarch64, pqclean_dilithium3_aarch64, pqclean_dilithium5_aarch64
  -
    name: pqcrystals-kyber
    git_url: https://github.com/pq-crystals/kyber.git
    git_branch: master
-    git_commit: 518de2414a85052bb91349bcbcc347f391292d5b
+    git_commit: 441c0519a07e8b86c8d079954a6b10bd31d29efc
    kem_meta_path: '{pretty_name_full}_META.yml'
    kem_scheme_path: '.'
    patches: [pqcrystals-kyber-yml.patch, pqcrystals-kyber-ref-shake-aes.patch, pqcrystals-kyber-avx2-shake-aes.patch]
  -
    name: mlkem-native
    git_url: https://github.com/pq-code-package/mlkem-native.git
    git_branch: v1.0.0
    git_commit: 048fc2a7a7b4ba0ad4c989c1ac82491aa94d5bfa
    kem_meta_path: 'integration/liboqs/{pretty_name_full}_META.yml'
    kem_scheme_path: '.'
    preserve_folder_structure: True
  -
    name: cupqc
    git_url: https://github.com/open-quantum-safe/liboqs-cupqc-meta.git
    git_branch: main
    git_commit: b026f4e5475cd9c20c2082c7d9bad80e5b0ba89e
    kem_meta_path: '{pretty_name_full}_META.yml'
    kem_scheme_path: '.'
    patches: []
  -
    name: pqcrystals-dilithium
    git_url: https://github.com/pq-crystals/dilithium.git
@ -25,7 +53,44 @@ upstreams:
    git_commit: 3e9b9f1412f6c7435dbeb4e10692ea58f181ee51
    sig_meta_path: '{pretty_name_full}_META.yml'
    sig_scheme_path: '.'
-    patches: [pqcrystals-dilithium-yml.patch, pqcrystals-dilithium-ref-shake-aes.patch, pqcrystals-dilithium-avx2-shake-aes.patch]
+    patches: [pqcrystals-dilithium-yml.patch, pqcrystals-dilithium-ref-shake-aes.patch, pqcrystals-dilithium-avx2-shake-aes.patch, pqcrystals-dilithium-SUF-CMA.patch]
  -
    name: pqcrystals-dilithium-standard
    git_url: https://github.com/pq-crystals/dilithium.git
    git_branch: master
    git_commit: 444cdcc84eb36b66fe27b3a2529ee48f6d8150c2
    sig_meta_path: '{pretty_name_full}_META.yml'
    sig_scheme_path: '.'
    patches: [pqcrystals-ml_dsa.patch, pqcrystals-ml_dsa-SUF-CMA.patch]
  -
    name: pqmayo
    git_url: https://github.com/PQCMayo/MAYO-C.git
    git_branch: main
    git_commit: 4b7cd94c96b9522864efe40c6ad1fa269584a807
    sig_meta_path: 'META/{pretty_name_full}_META.yml'
    sig_scheme_path: '.'
    patches: [pqmayo-aes.patch, pqmayo-mem.patch]
  -
    name: upcross
    git_url: https://github.com/CROSS-signature/CROSS-lib-oqs.git
    git_branch: master
    git_commit: efd17279e75308b000bda7c7f58866620d652bc1
    sig_meta_path: 'generate/crypto_sign/{pqclean_scheme}/META.yml'
    sig_scheme_path: 'generate/crypto_sign/{pqclean_scheme}'
  -
    name: pqov
    git_url: https://github.com/pqov/pqov.git
    git_branch: main
    git_commit: 7e0832b6732a476119742c4acabd11b7c767aefb
    sig_scheme_path: '.'
    sig_meta_path: 'integration/liboqs/{pretty_name_full}_META.yml'
  -
    name: snova
    git_url: https://github.com/vacuas/SNOVA-OQS
    git_branch: main
    git_commit: 1c3ca6f4f7286c0bde98d7d6f222cf63b9d52bff
    sig_scheme_path: '.'
    sig_meta_path: 'liboqs/META/{pretty_name_full}_META.yml'
 kems:
  -
    name: classic_mceliece
@ -76,40 +141,73 @@ kems:
    name: hqc
    default_implementation: clean
    upstream_location: pqclean
    disable_by_default: True
    schemes:
      -
        scheme: "128"
-        pqclean_scheme: hqc-rmrs-128
+        pqclean_scheme: hqc-128
        pretty_name_full: HQC-128
      -
        scheme: "192"
-        pqclean_scheme: hqc-rmrs-192
+        pqclean_scheme: hqc-192
        pretty_name_full: HQC-192
      -
        scheme: "256"
-        pqclean_scheme: hqc-rmrs-256
+        pqclean_scheme: hqc-256
        pretty_name_full: HQC-256
  -
    name: kyber
    default_implementation: ref
    libjade_implementation: True
    arch_specific_implementations:
                                      aarch64: aarch64
    upstream_location: pqcrystals-kyber
    arch_specific_upstream_locations:
-                                      aarch64: pqclean
+                                      aarch64: oldpqclean
    schemes:
      -
        scheme: "512"
        pqclean_scheme: kyber512
        pretty_name_full: Kyber512
        libjade_implementation: True
        libjade_implementations:
          - ref
          - avx2
      -
        scheme: "768"
        pqclean_scheme: kyber768
        pretty_name_full: Kyber768
        libjade_implementation: True
        libjade_implementations:
          - ref
          - avx2
      -
        scheme: "1024"
        pqclean_scheme: kyber1024
        pretty_name_full: Kyber1024
        libjade_implementation: False
  -
    name: ml_kem
    default_implementation: ref
    arch_specific_implementations:
                                      cuda: cuda
    arch_specific_upstream_locations:
                                      cuda: cupqc
    upstream_location: mlkem-native
    derandomized_keypair: true
    schemes:
      -
        scheme: "512"
        pqclean_scheme: ml-kem-512
        pretty_name_full: ML-KEM-512
      -
        scheme: "768"
        pqclean_scheme: ml-kem-768
        pretty_name_full: ML-KEM-768
      -
        scheme: "1024"
        pqclean_scheme: ml-kem-1024
        pretty_name_full: ML-KEM-1024
 sigs:
  -
    name: dilithium
@ -118,7 +216,7 @@ sigs:
    arch_specific_implementations:
                                      aarch64: aarch64
    arch_specific_upstream_locations:
-                                      aarch64: pqclean
+                                      aarch64: oldpqclean
    schemes:
      -
        scheme: "2"
@ -135,6 +233,26 @@ sigs:
        pqclean_scheme: dilithium5
        pretty_name_full: Dilithium5
        signed_msg_order: sig_then_msg
  -
    name: ml_dsa
    default_implementation: ref
    upstream_location: pqcrystals-dilithium-standard
    schemes:
      -
        scheme: "44"
        pqclean_scheme: ml-dsa-44
        pretty_name_full: ML-DSA-44
        signed_msg_order: sig_then_msg
      -
        scheme: "65"
        pqclean_scheme: ml-dsa-65
        pretty_name_full: ML-DSA-65
        signed_msg_order: sig_then_msg
      -
        scheme: "87"
        pqclean_scheme: ml-dsa-87
        pretty_name_full: ML-DSA-87
        signed_msg_order: sig_then_msg
  -
    name: falcon
    default_implementation: clean
@ -150,6 +268,16 @@ sigs:
        pqclean_scheme: falcon-1024
        pretty_name_full: Falcon-1024
        signed_msg_order: falcon
      -
        scheme: "padded_512"
        pqclean_scheme: falcon-padded-512
        pretty_name_full: Falcon-padded-512
        signed_msg_order: sig_then_msg
      -
        scheme: "padded_1024"
        pqclean_scheme: falcon-padded-1024
        pretty_name_full: Falcon-padded-1024
        signed_msg_order: sig_then_msg
  -
    name: sphincs
    default_implementation: clean
@ -215,3 +343,253 @@ sigs:
        pqclean_scheme: sphincs-shake-256s-simple
        pretty_name_full: SPHINCS+-SHAKE-256s-simple
        signed_msg_order: sig_then_msg
  -
    name: mayo
    default_implementation: opt
    upstream_location: pqmayo
    schemes:
      -
        scheme: "1"
        pqclean_scheme: mayo-1
        pretty_name_full: MAYO-1
        signed_msg_order: sig_then_msg
      -
        scheme: "2"
        pqclean_scheme: mayo-2
        pretty_name_full: MAYO-2
        signed_msg_order: sig_then_msg
      -
        scheme: "3"
        pqclean_scheme: mayo-3
        pretty_name_full: MAYO-3
        signed_msg_order: sig_then_msg
      -
        scheme: "5"
        pqclean_scheme: mayo-5
        pretty_name_full: MAYO-5
        signed_msg_order: sig_then_msg
  -
    name: cross
    default_implementation: clean
    upstream_location: upcross
    schemes:
      -
        scheme: "rsdp_128_balanced"
        pqclean_scheme: cross-rsdp-128-balanced
        pretty_name_full: cross-rsdp-128-balanced
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdp_128_fast"
        pqclean_scheme: cross-rsdp-128-fast
        pretty_name_full: cross-rsdp-128-fast
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdp_128_small"
        pqclean_scheme: cross-rsdp-128-small
        pretty_name_full: cross-rsdp-128-small
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdp_192_balanced"
        pqclean_scheme: cross-rsdp-192-balanced
        pretty_name_full: cross-rsdp-192-balanced
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdp_192_fast"
        pqclean_scheme: cross-rsdp-192-fast
        pretty_name_full: cross-rsdp-192-fast
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdp_192_small"
        pqclean_scheme: cross-rsdp-192-small
        pretty_name_full: cross-rsdp-192-small
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdp_256_balanced"
        pqclean_scheme: cross-rsdp-256-balanced
        pretty_name_full: cross-rsdp-256-balanced
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdp_256_fast"
        pqclean_scheme: cross-rsdp-256-fast
        pretty_name_full: cross-rsdp-256-fast
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdp_256_small"
        pqclean_scheme: cross-rsdp-256-small
        pretty_name_full: cross-rsdp-256-small
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdpg_128_balanced"
        pqclean_scheme: cross-rsdpg-128-balanced
        pretty_name_full: cross-rsdpg-128-balanced
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdpg_128_fast"
        pqclean_scheme: cross-rsdpg-128-fast
        pretty_name_full: cross-rsdpg-128-fast
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdpg_128_small"
        pqclean_scheme: cross-rsdpg-128-small
        pretty_name_full: cross-rsdpg-128-small
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdpg_192_balanced"
        pqclean_scheme: cross-rsdpg-192-balanced
        pretty_name_full: cross-rsdpg-192-balanced
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdpg_192_fast"
        pqclean_scheme: cross-rsdpg-192-fast
        pretty_name_full: cross-rsdpg-192-fast
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdpg_192_small"
        pqclean_scheme: cross-rsdpg-192-small
        pretty_name_full: cross-rsdpg-192-small
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdpg_256_balanced"
        pqclean_scheme: cross-rsdpg-256-balanced
        pretty_name_full: cross-rsdpg-256-balanced
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdpg_256_fast"
        pqclean_scheme: cross-rsdpg-256-fast
        pretty_name_full: cross-rsdpg-256-fast
        signed_msg_order: msg_then_sig
      -
        scheme: "rsdpg_256_small"
        pqclean_scheme: cross-rsdpg-256-small
        pretty_name_full: cross-rsdpg-256-small
        signed_msg_order: msg_then_sig
  -
    name: uov
    default_implementation: ref
    upstream_location: pqov
    schemes:
      -
        scheme: "ov_Is"
        pqclean_scheme: ov_Is
        pretty_name_full: OV-Is
        signed_msg_order: msg_then_sig
      -
        scheme: "ov_Ip"
        pqclean_scheme: ov_Ip
        pretty_name_full: OV-Ip
        signed_msg_order: msg_then_sig
      -
        scheme: "ov_III"
        pqclean_scheme: ov_III
        pretty_name_full: OV-III
        signed_msg_order: msg_then_sig
      -
        scheme: "ov_V"
        pqclean_scheme: ov_V
        pretty_name_full: OV-V
        signed_msg_order: msg_then_sig
      -
        scheme: "ov_Is_pkc"
        pqclean_scheme: ov_Is_pkc
        pretty_name_full: OV-Is-pkc
        signed_msg_order: msg_then_sig
      -
        scheme: "ov_Ip_pkc"
        pqclean_scheme: ov_Ip_pkc
        pretty_name_full: OV-Ip-pkc
        signed_msg_order: msg_then_sig
      -
        scheme: "ov_III_pkc"
        pqclean_scheme: ov_III_pkc
        pretty_name_full: OV-III-pkc
        signed_msg_order: msg_then_sig
      -
        scheme: "ov_V_pkc"
        pqclean_scheme: ov_V_pkc
        pretty_name_full: OV-V-pkc
        signed_msg_order: msg_then_sig
      -
        scheme: "ov_Is_pkc_skc"
        pqclean_scheme: ov_Is_pkc_skc
        pretty_name_full: OV-Is-pkc-skc
        signed_msg_order: msg_then_sig
      -
        scheme: "ov_Ip_pkc_skc"
        pqclean_scheme: ov_Ip_pkc_skc
        pretty_name_full: OV-Ip-pkc-skc
        signed_msg_order: msg_then_sig
      -
        scheme: "ov_III_pkc_skc"
        pqclean_scheme: ov_III_pkc_skc
        pretty_name_full: OV-III-pkc-skc
        signed_msg_order: msg_then_sig
      -
        scheme: "ov_V_pkc_skc"
        pqclean_scheme: ov_V_pkc_skc
        pretty_name_full: OV-V-pkc-skc
        signed_msg_order: msg_then_sig
  -
    name: snova
    default_implementation: opt
    upstream_location: snova
    schemes:
      -
        scheme: "SNOVA_24_5_4"
        pqclean_scheme: SNOVA_24_5_4
        pretty_name_full: SNOVA_24_5_4
        signed_msg_order: sig_then_msg
      -
        scheme: "SNOVA_24_5_4_SHAKE"
        pqclean_scheme: SNOVA_24_5_4_SHAKE
        pretty_name_full: SNOVA_24_5_4_SHAKE
        signed_msg_order: sig_then_msg
      -
        scheme: "SNOVA_24_5_4_esk"
        pqclean_scheme: SNOVA_24_5_4_esk
        pretty_name_full: SNOVA_24_5_4_esk
        signed_msg_order: sig_then_msg
      -
        scheme: "SNOVA_24_5_4_SHAKE_esk"
        pqclean_scheme: SNOVA_24_5_4_SHAKE_esk
        pretty_name_full: SNOVA_24_5_4_SHAKE_esk
        signed_msg_order: sig_then_msg
      -
        scheme: "SNOVA_37_17_2"
        pqclean_scheme: SNOVA_37_17_2
        pretty_name_full: SNOVA_37_17_2
        signed_msg_order: sig_then_msg
      -
        scheme: "SNOVA_25_8_3"
        pqclean_scheme: SNOVA_25_8_3
        pretty_name_full: SNOVA_25_8_3
        signed_msg_order: sig_then_msg
      -
        scheme: "SNOVA_56_25_2"
        pqclean_scheme: SNOVA_56_25_2
        pretty_name_full: SNOVA_56_25_2
        signed_msg_order: sig_then_msg
      -
        scheme: "SNOVA_49_11_3"
        pqclean_scheme: SNOVA_49_11_3
        pretty_name_full: SNOVA_49_11_3
        signed_msg_order: sig_then_msg
      -
        scheme: "SNOVA_37_8_4"
        pqclean_scheme: SNOVA_37_8_4
        pretty_name_full: SNOVA_37_8_4
        signed_msg_order: sig_then_msg
      -
        scheme: "SNOVA_24_5_5"
        pqclean_scheme: SNOVA_24_5_5
        pretty_name_full: SNOVA_24_5_5
        signed_msg_order: sig_then_msg
      -
        scheme: "SNOVA_60_10_4"
        pqclean_scheme: SNOVA_60_10_4
        pretty_name_full: SNOVA_60_10_4
        signed_msg_order: sig_then_msg
      -
        scheme: "SNOVA_29_6_5"
        pqclean_scheme: SNOVA_29_6_5
        pretty_name_full: SNOVA_29_6_5
        signed_msg_order: sig_then_msg
--- a/scripts/copy_from_upstream/patches/libjade-kyber-api.patch
+++ b/scripts/copy_from_upstream/patches/libjade-kyber-api.patch
@ -0,0 +1,305 @@
 diff --git a/src/crypto_kem/kyber/kyber512/amd64/avx2/api.c b/src/crypto_kem/kyber/kyber512/amd64/avx2/api.c
 new file mode 100644
 index 0000000..78436e7
 --- /dev/null
 +++ b/src/crypto_kem/kyber/kyber512/amd64/avx2/api.c
@@ -0,0 +1,20 @@
 +#include <oqs/rand.h>
 +#include "api.h"
 +
 +int libjade_kyber512_avx2_keypair(uint8_t *public_key, uint8_t *secret_key) {
 +    uint8_t keypair_coins[JADE_KEM_kyber_kyber512_amd64_avx2_KEYPAIRCOINBYTES];
 +    OQS_randombytes(keypair_coins, JADE_KEM_kyber_kyber512_amd64_avx2_KEYPAIRCOINBYTES/2);
 +    OQS_randombytes((uint8_t *)(keypair_coins + (JADE_KEM_kyber_kyber512_amd64_avx2_KEYPAIRCOINBYTES/2)), JADE_KEM_kyber_kyber512_amd64_avx2_KEYPAIRCOINBYTES/2);
 +    return jade_kem_kyber_kyber512_amd64_avx2_keypair_derand(public_key, secret_key, keypair_coins);
 +}
 +
 +int libjade_kyber512_avx2_enc(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
 +    uint8_t enc_coins[JADE_KEM_kyber_kyber512_amd64_avx2_ENCCOINBYTES];
 +    OQS_randombytes(enc_coins, JADE_KEM_kyber_kyber512_amd64_avx2_ENCCOINBYTES);
 +    return jade_kem_kyber_kyber512_amd64_avx2_enc_derand(ciphertext, shared_secret, public_key, enc_coins);
 +}
 +
 +int libjade_kyber512_avx2_dec(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
 +    return jade_kem_kyber_kyber512_amd64_avx2_dec( shared_secret, ciphertext, secret_key);
 +}
 +
 diff --git a/src/crypto_kem/kyber/kyber512/amd64/avx2/include/api.h b/src/crypto_kem/kyber/kyber512/amd64/avx2/include/api.h
 index 5148fd5..419112e 100644
 --- a/src/crypto_kem/kyber/kyber512/amd64/avx2/include/api.h
 +++ b/src/crypto_kem/kyber/kyber512/amd64/avx2/include/api.h
@@ -3,16 +3,8 @@
 #include <stdint.h>
 -#define JADE_KEM_kyber_kyber512_amd64_avx2_SECRETKEYBYTES   1632
 -#define JADE_KEM_kyber_kyber512_amd64_avx2_PUBLICKEYBYTES   800
 -#define JADE_KEM_kyber_kyber512_amd64_avx2_CIPHERTEXTBYTES  768
 #define JADE_KEM_kyber_kyber512_amd64_avx2_KEYPAIRCOINBYTES 64
 #define JADE_KEM_kyber_kyber512_amd64_avx2_ENCCOINBYTES     32
 -#define JADE_KEM_kyber_kyber512_amd64_avx2_BYTES            32
 -
 -#define JADE_KEM_kyber_kyber512_amd64_avx2_ALGNAME         "Kyber512"
 -#define JADE_KEM_kyber_kyber512_amd64_avx2_ARCH            "amd64"
 -#define JADE_KEM_kyber_kyber512_amd64_avx2_IMPL            "avx2"
 int jade_kem_kyber_kyber512_amd64_avx2_keypair_derand(
   uint8_t *public_key,
@@ -20,7 +12,7 @@ int jade_kem_kyber_kyber512_amd64_avx2_keypair_derand(
   const uint8_t *coins
 );
 -int jade_kem_kyber_kyber512_amd64_avx2_keypair(
 +int libjade_kyber512_avx2_keypair(
   uint8_t *public_key,
   uint8_t *secret_key
 );
@@ -32,7 +24,7 @@ int jade_kem_kyber_kyber512_amd64_avx2_enc_derand(
   const uint8_t *coins
 );
 -int jade_kem_kyber_kyber512_amd64_avx2_enc(
 +int libjade_kyber512_avx2_enc(
   uint8_t *ciphertext,
   uint8_t *shared_secret,
   const uint8_t *public_key
@@ -44,4 +36,10 @@ int jade_kem_kyber_kyber512_amd64_avx2_dec(
   const uint8_t *secret_key
 );
 +int libjade_kyber512_avx2_dec(
 +  uint8_t *shared_secret,
 +  const uint8_t *ciphertext,
 +  const uint8_t *secret_key
 +);
 +
 #endif
 diff --git a/src/crypto_kem/kyber/kyber512/amd64/ref/api.c b/src/crypto_kem/kyber/kyber512/amd64/ref/api.c
 new file mode 100644
 index 0000000..e06e406
 --- /dev/null
 +++ b/src/crypto_kem/kyber/kyber512/amd64/ref/api.c
@@ -0,0 +1,20 @@
 +#include <oqs/rand.h>
 +#include "api.h"
 +
 +int libjade_kyber512_ref_keypair(uint8_t *public_key, uint8_t *secret_key) {
 +    uint8_t keypair_coins[JADE_KEM_kyber_kyber512_amd64_ref_KEYPAIRCOINBYTES];
 +    OQS_randombytes(keypair_coins, JADE_KEM_kyber_kyber512_amd64_ref_KEYPAIRCOINBYTES/2);
 +    OQS_randombytes((uint8_t *)(keypair_coins + (JADE_KEM_kyber_kyber512_amd64_ref_KEYPAIRCOINBYTES/2)), JADE_KEM_kyber_kyber512_amd64_ref_KEYPAIRCOINBYTES/2);
 +    return jade_kem_kyber_kyber512_amd64_ref_keypair_derand(public_key, secret_key, keypair_coins);
 +}
 +
 +int libjade_kyber512_ref_enc(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
 +    uint8_t enc_coins[JADE_KEM_kyber_kyber512_amd64_ref_ENCCOINBYTES];
 +    OQS_randombytes(enc_coins, JADE_KEM_kyber_kyber512_amd64_ref_ENCCOINBYTES);
 +    return jade_kem_kyber_kyber512_amd64_ref_enc_derand(ciphertext, shared_secret, public_key, enc_coins);
 +}
 +
 +int libjade_kyber512_ref_dec(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
 +    return jade_kem_kyber_kyber512_amd64_ref_dec(shared_secret, ciphertext, secret_key);
 +}
 +
 diff --git a/src/crypto_kem/kyber/kyber512/amd64/ref/include/api.h b/src/crypto_kem/kyber/kyber512/amd64/ref/include/api.h
 index 38127cf..fcce52b 100644
 --- a/src/crypto_kem/kyber/kyber512/amd64/ref/include/api.h
 +++ b/src/crypto_kem/kyber/kyber512/amd64/ref/include/api.h
@@ -3,17 +3,8 @@
 #include <stdint.h>
 -#define JADE_KEM_kyber_kyber512_amd64_ref_SECRETKEYBYTES   1632
 -#define JADE_KEM_kyber_kyber512_amd64_ref_PUBLICKEYBYTES   800
 -#define JADE_KEM_kyber_kyber512_amd64_ref_CIPHERTEXTBYTES  768
 #define JADE_KEM_kyber_kyber512_amd64_ref_KEYPAIRCOINBYTES 64
 #define JADE_KEM_kyber_kyber512_amd64_ref_ENCCOINBYTES     32
 -#define JADE_KEM_kyber_kyber512_amd64_ref_BYTES            32
 -
 -#define JADE_KEM_kyber_kyber512_amd64_ref_ALGNAME         "Kyber512"
 -#define JADE_KEM_kyber_kyber512_amd64_ref_ARCH            "amd64"
 -#define JADE_KEM_kyber_kyber512_amd64_ref_IMPL            "ref"
 -
 int jade_kem_kyber_kyber512_amd64_ref_keypair_derand(
   uint8_t *public_key,
@@ -21,7 +12,7 @@ int jade_kem_kyber_kyber512_amd64_ref_keypair_derand(
   const uint8_t *coins
 );
 -int jade_kem_kyber_kyber512_amd64_ref_keypair(
 +int libjade_kyber512_ref_keypair(
   uint8_t *public_key,
   uint8_t *secret_key
 );
@@ -33,7 +24,7 @@ int jade_kem_kyber_kyber512_amd64_ref_enc_derand(
   const uint8_t *coins
 );
 -int jade_kem_kyber_kyber512_amd64_ref_enc(
 +int libjade_kyber512_ref_enc(
   uint8_t *ciphertext,
   uint8_t *shared_secret,
   const uint8_t *public_key
@@ -45,4 +36,10 @@ int jade_kem_kyber_kyber512_amd64_ref_dec(
   const uint8_t *secret_key
 );
 +int libjade_kyber512_ref_dec(
 +  uint8_t *shared_secret,
 +  const uint8_t *ciphertext,
 +  const uint8_t *secret_key
 +);
 +
 #endif
 diff --git a/src/crypto_kem/kyber/kyber768/amd64/avx2/api.c b/src/crypto_kem/kyber/kyber768/amd64/avx2/api.c
 new file mode 100644
 index 0000000..9eeab1d
 --- /dev/null
 +++ b/src/crypto_kem/kyber/kyber768/amd64/avx2/api.c
@@ -0,0 +1,20 @@
 +#include <oqs/rand.h>
 +#include "api.h"
 +
 +int libjade_kyber768_avx2_keypair(uint8_t *public_key, uint8_t *secret_key) {
 +    uint8_t keypair_coins[JADE_KEM_kyber_kyber768_amd64_avx2_KEYPAIRCOINBYTES];
 +    OQS_randombytes(keypair_coins, JADE_KEM_kyber_kyber768_amd64_avx2_KEYPAIRCOINBYTES/2);
 +    OQS_randombytes((uint8_t *)(keypair_coins + (JADE_KEM_kyber_kyber768_amd64_avx2_KEYPAIRCOINBYTES/2)), JADE_KEM_kyber_kyber768_amd64_avx2_KEYPAIRCOINBYTES/2);
 +    return jade_kem_kyber_kyber768_amd64_avx2_keypair_derand(public_key, secret_key, keypair_coins);
 +}
 +
 +int libjade_kyber768_avx2_enc(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
 +    uint8_t enc_coins[JADE_KEM_kyber_kyber768_amd64_avx2_ENCCOINBYTES];
 +    OQS_randombytes(enc_coins, JADE_KEM_kyber_kyber768_amd64_avx2_ENCCOINBYTES);
 +    return jade_kem_kyber_kyber768_amd64_avx2_enc_derand(ciphertext, shared_secret, public_key, enc_coins);
 +}
 +
 +int libjade_kyber768_avx2_dec(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
 +    return jade_kem_kyber_kyber768_amd64_avx2_dec(shared_secret, ciphertext, secret_key);
 +}
 +
 diff --git a/src/crypto_kem/kyber/kyber768/amd64/avx2/include/api.h b/src/crypto_kem/kyber/kyber768/amd64/avx2/include/api.h
 index d3b3500..ac36577 100644
 --- a/src/crypto_kem/kyber/kyber768/amd64/avx2/include/api.h
 +++ b/src/crypto_kem/kyber/kyber768/amd64/avx2/include/api.h
@@ -3,16 +3,8 @@
 #include <stdint.h>
 -#define JADE_KEM_kyber_kyber768_amd64_avx2_SECRETKEYBYTES    2400
 -#define JADE_KEM_kyber_kyber768_amd64_avx2_PUBLICKEYBYTES    1184
 -#define JADE_KEM_kyber_kyber768_amd64_avx2_CIPHERTEXTBYTES   1088
 #define JADE_KEM_kyber_kyber768_amd64_avx2_KEYPAIRCOINBYTES  64
 #define JADE_KEM_kyber_kyber768_amd64_avx2_ENCCOINBYTES      32
 -#define JADE_KEM_kyber_kyber768_amd64_avx2_BYTES             32
 -
 -#define JADE_KEM_kyber_kyber768_amd64_avx2_ALGNAME           "Kyber768"
 -#define JADE_KEM_kyber_kyber768_amd64_avx2_ARCH              "amd64"
 -#define JADE_KEM_kyber_kyber768_amd64_avx2_IMPL              "avx2"
 int jade_kem_kyber_kyber768_amd64_avx2_keypair_derand(
   uint8_t *public_key,
@@ -20,7 +12,7 @@ int jade_kem_kyber_kyber768_amd64_avx2_keypair_derand(
   const uint8_t *coins
 );
 -int jade_kem_kyber_kyber768_amd64_avx2_keypair(
 +int libjade_kyber768_avx2_keypair(
   uint8_t *public_key,
   uint8_t *secret_key
 );
@@ -32,7 +24,7 @@ int jade_kem_kyber_kyber768_amd64_avx2_enc_derand(
   const uint8_t *coins
 );
 -int jade_kem_kyber_kyber768_amd64_avx2_enc(
 +int libjade_kyber768_avx2_enc(
   uint8_t *ciphertext,
   uint8_t *shared_secret,
   const uint8_t *public_key
@@ -44,4 +36,10 @@ int jade_kem_kyber_kyber768_amd64_avx2_dec(
   const uint8_t *secret_key
 );
 +int libjade_kyber768_avx2_dec(
 +  uint8_t *shared_secret,
 +  const uint8_t *ciphertext,
 +  const uint8_t *secret_key
 +);
 +
 #endif
 diff --git a/src/crypto_kem/kyber/kyber768/amd64/ref/api.c b/src/crypto_kem/kyber/kyber768/amd64/ref/api.c
 new file mode 100644
 index 0000000..b9a29b6
 --- /dev/null
 +++ b/src/crypto_kem/kyber/kyber768/amd64/ref/api.c
@@ -0,0 +1,20 @@
 +#include <oqs/rand.h>
 +#include "api.h"
 +
 +int libjade_kyber768_ref_keypair(uint8_t *public_key, uint8_t *secret_key) {
 +    uint8_t keypair_coins[JADE_KEM_kyber_kyber768_amd64_ref_KEYPAIRCOINBYTES];
 +    OQS_randombytes(keypair_coins, JADE_KEM_kyber_kyber768_amd64_ref_KEYPAIRCOINBYTES/2);
 +    OQS_randombytes((uint8_t *)(keypair_coins + (JADE_KEM_kyber_kyber768_amd64_ref_KEYPAIRCOINBYTES/2)), JADE_KEM_kyber_kyber768_amd64_ref_KEYPAIRCOINBYTES/2);
 +    return jade_kem_kyber_kyber768_amd64_ref_keypair_derand(public_key, secret_key, keypair_coins);
 +}
 +
 +int libjade_kyber768_ref_enc(uint8_t *ciphertext, uint8_t *shared_secret, const uint8_t *public_key) {
 +    uint8_t enc_coins[JADE_KEM_kyber_kyber768_amd64_ref_ENCCOINBYTES];
 +    OQS_randombytes(enc_coins, JADE_KEM_kyber_kyber768_amd64_ref_ENCCOINBYTES);
 +    return jade_kem_kyber_kyber768_amd64_ref_enc_derand(ciphertext, shared_secret, public_key, enc_coins);
 +}
 +
 +int libjade_kyber768_ref_dec(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key) {
 +    return jade_kem_kyber_kyber768_amd64_ref_dec(shared_secret, ciphertext, secret_key);
 +}
 +
 diff --git a/src/crypto_kem/kyber/kyber768/amd64/ref/include/api.h b/src/crypto_kem/kyber/kyber768/amd64/ref/include/api.h
 index e23e1bf..0c453e0 100644
 --- a/src/crypto_kem/kyber/kyber768/amd64/ref/include/api.h
 +++ b/src/crypto_kem/kyber/kyber768/amd64/ref/include/api.h
@@ -3,16 +3,8 @@
 #include <stdint.h>
 -#define JADE_KEM_kyber_kyber768_amd64_ref_SECRETKEYBYTES   2400
 -#define JADE_KEM_kyber_kyber768_amd64_ref_PUBLICKEYBYTES   1184
 -#define JADE_KEM_kyber_kyber768_amd64_ref_CIPHERTEXTBYTES  1088
 #define JADE_KEM_kyber_kyber768_amd64_ref_KEYPAIRCOINBYTES 64
 #define JADE_KEM_kyber_kyber768_amd64_ref_ENCCOINBYTES     32
 -#define JADE_KEM_kyber_kyber768_amd64_ref_BYTES            32
 -
 -#define JADE_KEM_kyber_kyber768_amd64_ref_ALGNAME         "Kyber768"
 -#define JADE_KEM_kyber_kyber768_amd64_ref_ARCH            "amd64"
 -#define JADE_KEM_kyber_kyber768_amd64_ref_IMPL            "ref"
 int jade_kem_kyber_kyber768_amd64_ref_keypair_derand(
   uint8_t *public_key,
@@ -20,7 +12,7 @@ int jade_kem_kyber_kyber768_amd64_ref_keypair_derand(
   const uint8_t *coins
 );
 -int jade_kem_kyber_kyber768_amd64_ref_keypair(
 +int libjade_kyber768_ref_keypair(
   uint8_t *public_key,
   uint8_t *secret_key
 );
@@ -32,7 +24,7 @@ int jade_kem_kyber_kyber768_amd64_ref_enc_derand(
   const uint8_t *coins
 );
 -int jade_kem_kyber_kyber768_amd64_ref_enc(
 +int libjade_kyber768_ref_enc(
   uint8_t *ciphertext,
   uint8_t *shared_secret,
   const uint8_t *public_key
@@ -44,4 +36,10 @@ int jade_kem_kyber_kyber768_amd64_ref_dec(
   const uint8_t *secret_key
 );
 +int libjade_kyber768_ref_dec(
 +  uint8_t *shared_secret,
 +  const uint8_t *ciphertext,
 +  const uint8_t *secret_key
 +);
 +
 #endif
--- a/scripts/copy_from_upstream/patches/libjade-kyber-meta.patch
+++ b/scripts/copy_from_upstream/patches/libjade-kyber-meta.patch
@ -0,0 +1,120 @@
 diff --git a/src/crypto_kem/kyber/kyber512/META.yml b/src/crypto_kem/kyber/kyber512/META.yml
 index 000ec75..8282075 100644
 --- a/src/crypto_kem/kyber/kyber512/META.yml
 +++ b/src/crypto_kem/kyber/kyber512/META.yml
@@ -1,7 +1,6 @@
 name: Kyber512
 type: kem
 -checksumsmall: 9c1a84c0573d21b5fb50ff68f015c19206cebbda4aa3caa6f9ba4b167eea9514
 -checksumbig: 4596232083e3da10d341576afbc59b24a520073e985a9b9df2d587e67e926a7b
 +nistkat-sha256: bb0481d3325d828817900b709d23917cefbc10026fc857f098979451f67bb0ca
 claimed-nist-level: 1
 claimed-security: IND-CCA2
 length-public-key: 800
@@ -9,23 +8,36 @@ length-ciphertext: 768
 length-secret-key: 1632
 length-shared-secret: 32
 principal-submitters:
 -  - TODO
 +  - Peter Schwabe
 auxiliary-submitters:
 -  - TODO
 +  - Roberto Avanzi
 +  - Joppe Bos
 +  - Léo Ducas
 +  - Eike Kiltz
 +  - Tancrède Lepoint
 +  - Vadim Lyubashevsky
 +  - John M. Schanck
 +  - Gregor Seiler
 +  - Damien Stehlé
 implementations:
 -    - name: amd64/ref
 -      version: TODO
 +    - name: ref
 +      version: NIST Round 3 submission
 +      folder_name: amd64/ref
 +      signature_keypair: libjade_kyber512_ref_keypair
 +      signature_enc: libjade_kyber512_ref_enc
 +      signature_dec: libjade_kyber512_ref_dec
       supported_platforms:
         - architecture: x86_64
           operating_systems:
               - Linux
               - Darwin
 -          required_flags: # FIXME
 -              - avx2
 -              - bmi2
 -              - popcnt
 -    - name: amd64/avx2
 -      version: TODO
 +          required_flags: []
 +    - name: avx2
 +      version: NIST Round 3 submission
 +      folder_name: amd64/avx2
 +      signature_keypair: libjade_kyber512_avx2_keypair
 +      signature_enc: libjade_kyber512_avx2_enc
 +      signature_dec: libjade_kyber512_avx2_dec
       supported_platforms:
         - architecture: x86_64
           operating_systems:
 diff --git a/src/crypto_kem/kyber/kyber768/META.yml b/src/crypto_kem/kyber/kyber768/META.yml
 index d744938..57cb0c7 100644
 --- a/src/crypto_kem/kyber/kyber768/META.yml
 +++ b/src/crypto_kem/kyber/kyber768/META.yml
@@ -1,7 +1,6 @@
 name: Kyber768
 type: kem
 -checksumsmall: 456bb24a767160dcca466adde267b87f359de6e827d31b5b23512d227d8bbfaa
 -checksumbig: 8004a42f34a4125acb4f88628139576882cdf9502a77937003e34f52d217a730
 +nistkat-sha256: 89e82a5bf2d4ddb2c6444e10409e6d9ca65dafbca67d1a0db2c9b54920a29172
 claimed-nist-level: 3
 claimed-security: IND-CCA2
 length-public-key: 1184
@@ -9,23 +8,36 @@ length-ciphertext: 1088
 length-secret-key: 2400
 length-shared-secret: 32
 principal-submitters:
 -  - TODO
 +  - Peter Schwabe
 auxiliary-submitters:
 -  - TODO
 +  - Roberto Avanzi
 +  - Joppe Bos
 +  - Léo Ducas
 +  - Eike Kiltz
 +  - Tancrède Lepoint
 +  - Vadim Lyubashevsky
 +  - John M. Schanck
 +  - Gregor Seiler
 +  - Damien Stehlé
 implementations:
 -    - name: amd64/ref
 -      version: TODO
 +    - name: ref
 +      version: NIST Round 3 submission
 +      folder_name: amd64/ref
 +      signature_keypair: libjade_kyber768_ref_keypair
 +      signature_enc: libjade_kyber768_ref_enc
 +      signature_dec: libjade_kyber768_ref_dec
       supported_platforms:
         - architecture: x86_64
           operating_systems:
               - Linux
               - Darwin
 -          required_flags: # FIXME
 -              - avx2
 -              - bmi2
 -              - popcnt
 -    - name: amd64/avx2
 -      version: TODO
 +          required_flags: []
 +    - name: avx2
 +      version: NIST Round 3 submission
 +      folder_name: amd64/avx2
 +      signature_keypair: libjade_kyber768_avx2_keypair
 +      signature_enc: libjade_kyber768_avx2_enc
 +      signature_dec: libjade_kyber768_avx2_dec
       supported_platforms:
         - architecture: x86_64
           operating_systems:
--- a/scripts/copy_from_upstream/patches/pqclean-kyber-armneon-asan.patch
+++ b/scripts/copy_from_upstream/patches/pqclean-kyber-armneon-asan.patch
@ -0,0 +1,72 @@
 diff --git a/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c b/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c
 index 8aced5e4..364d9fdd 100644
 --- a/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c
 +++ b/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c
@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
                                 uint8_t y1, uint8_t y2)
 {
   unsigned int i;
 -  uint8_t extseed1[KYBER_SYMBYTES+2];
 -  uint8_t extseed2[KYBER_SYMBYTES+2];
 +  uint8_t extseed1[KYBER_SYMBYTES+2+6];
 +  uint8_t extseed2[KYBER_SYMBYTES+2+6];
   for(i=0;i<KYBER_SYMBYTES;i++){
     extseed1[i] = seed[i];
@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
   extseed2[KYBER_SYMBYTES  ] = x2;
   extseed2[KYBER_SYMBYTES+1] = y2;
 -  shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
 +  shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
 }
 /*************************************************
 diff --git a/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c b/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c
 index 8aced5e4..364d9fdd 100644
 --- a/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c
 +++ b/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c
@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
                                 uint8_t y1, uint8_t y2)
 {
   unsigned int i;
 -  uint8_t extseed1[KYBER_SYMBYTES+2];
 -  uint8_t extseed2[KYBER_SYMBYTES+2];
 +  uint8_t extseed1[KYBER_SYMBYTES+2+6];
 +  uint8_t extseed2[KYBER_SYMBYTES+2+6];
   for(i=0;i<KYBER_SYMBYTES;i++){
     extseed1[i] = seed[i];
@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
   extseed2[KYBER_SYMBYTES  ] = x2;
   extseed2[KYBER_SYMBYTES+1] = y2;
 -  shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
 +  shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
 }
 /*************************************************
 diff --git a/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c b/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c
 index 8aced5e4..364d9fdd 100644
 --- a/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c
 +++ b/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c
@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
                                 uint8_t y1, uint8_t y2)
 {
   unsigned int i;
 -  uint8_t extseed1[KYBER_SYMBYTES+2];
 -  uint8_t extseed2[KYBER_SYMBYTES+2];
 +  uint8_t extseed1[KYBER_SYMBYTES+2+6];
 +  uint8_t extseed2[KYBER_SYMBYTES+2+6];
   for(i=0;i<KYBER_SYMBYTES;i++){
     extseed1[i] = seed[i];
@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
   extseed2[KYBER_SYMBYTES  ] = x2;
   extseed2[KYBER_SYMBYTES+1] = y2;
 -  shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
 +  shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
 }
 /*************************************************
--- a/scripts/copy_from_upstream/patches/pqclean-kyber-armneon-variable-timing-fix.patch
+++ b/scripts/copy_from_upstream/patches/pqclean-kyber-armneon-variable-timing-fix.patch
@ -0,0 +1,274 @@
 8f8d63fd708e00cc941ade03f405de21fdf17410
 diff --git a/crypto_kem/kyber1024/aarch64/poly.c b/crypto_kem/kyber1024/aarch64/poly.c
 index 1dfa52c..3115d1c 100644
 --- a/crypto_kem/kyber1024/aarch64/poly.c
 +++ b/crypto_kem/kyber1024/aarch64/poly.c
@@ -51,6 +51,7 @@
 void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N]) {
     unsigned int i, j;
     int16_t u;
 +    uint32_t d0;
     uint8_t t[8];
     for (i = 0; i < KYBER_N / 8; i++) {
@@ -58,7 +59,12 @@ void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N
             // map to positive standard representatives
             u  = a[8 * i + j];
             u += (u >> 15) & KYBER_Q;
 -            t[j] = ((((uint32_t)u << 5) + KYBER_Q / 2) / KYBER_Q) & 31;
 +            // t[j] = ((((uint32_t)u << 5) + KYBER_Q / 2) / KYBER_Q) & 31;
 +            d0 = u << 5;
 +            d0 += 1664;
 +            d0 *= 40318;
 +            d0 >>= 27;
 +            t[j] = d0 & 0x1f;
         }
         r[0] = (t[0] >> 0) | (t[1] << 5);
@@ -207,14 +213,19 @@ void poly_frommsg(int16_t r[KYBER_N], const uint8_t msg[KYBER_INDCPA_MSGBYTES])
 **************************************************/
 void poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], const int16_t a[KYBER_N]) {
     unsigned int i, j;
 -    uint16_t t;
 +    uint32_t t;
     for (i = 0; i < KYBER_N / 8; i++) {
         msg[i] = 0;
         for (j = 0; j < 8; j++) {
             t  = a[8 * i + j];
 -            t += ((int16_t)t >> 15) & KYBER_Q;
 -            t  = (((t << 1) + KYBER_Q / 2) / KYBER_Q) & 1;
 +            // t += ((int16_t)t >> 15) & KYBER_Q;
 +            // t  = (((t << 1) + KYBER_Q/2)/KYBER_Q) & 1;
 +            t <<= 1;
 +            t += 1665;
 +            t *= 80635;
 +            t >>= 28;
 +            t &= 1;
             msg[i] |= t << j;
         }
     }
 diff --git a/crypto_kem/kyber1024/aarch64/polyvec.c b/crypto_kem/kyber1024/aarch64/polyvec.c
 index d400348..f9a1ebf 100644
 --- a/crypto_kem/kyber1024/aarch64/polyvec.c
 +++ b/crypto_kem/kyber1024/aarch64/polyvec.c
@@ -21,6 +21,7 @@
 **************************************************/
 void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K][KYBER_N]) {
     unsigned int i, j, k;
 +    uint64_t d0;
     #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352))
     uint16_t t[8];
@@ -29,7 +30,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K
             for (k = 0; k < 8; k++) {
                 t[k]  = a[i][8 * j + k];
                 t[k] += ((int16_t)t[k] >> 15) & KYBER_Q;
 -                t[k]  = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff;
 +                // t[k]  = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff;
 +                d0 = t[k];
 +                d0 <<= 11;
 +                d0 += 1664;
 +                d0 *= 645084;
 +                d0 >>= 31;
 +                t[k] = d0 & 0x7ff;
             }
             r[ 0] = (t[0] >>  0);
@@ -53,7 +60,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K
             for (k = 0; k < 4; k++) {
                 t[k]  = a[i][4 * j + k];
                 t[k] += ((int16_t)t[k] >> 15) & KYBER_Q;
 -                t[k]  = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff;
 +                // t[k]  = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff;
 +                d0 = t[k];
 +                d0 <<= 10;
 +                d0 += 1665;
 +                d0 *= 1290167;
 +                d0 >>= 32;
 +                t[k] = d0 & 0x3ff;
             }
             r[0] = (t[0] >> 0);
 diff --git a/crypto_kem/kyber512/aarch64/poly.c b/crypto_kem/kyber512/aarch64/poly.c
 index dffc655..361ce89 100644
 --- a/crypto_kem/kyber512/aarch64/poly.c
 +++ b/crypto_kem/kyber512/aarch64/poly.c
@@ -51,6 +51,7 @@
 void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N]) {
     unsigned int i, j;
     int16_t u;
 +    uint32_t d0;
     uint8_t t[8];
     for (i = 0; i < KYBER_N / 8; i++) {
@@ -58,7 +59,12 @@ void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N
             // map to positive standard representatives
             u  = a[8 * i + j];
             u += (u >> 15) & KYBER_Q;
 -            t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15;
 +            // t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15;
 +            d0 = u << 4;
 +            d0 += 1665;
 +            d0 *= 80635;
 +            d0 >>= 28;
 +            t[j] = d0 & 0xf;
         }
         r[0] = t[0] | (t[1] << 4);
@@ -194,14 +200,19 @@ void poly_frommsg(int16_t r[KYBER_N], const uint8_t msg[KYBER_INDCPA_MSGBYTES])
 **************************************************/
 void poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], const int16_t a[KYBER_N]) {
     unsigned int i, j;
 -    uint16_t t;
 +    uint32_t t;
     for (i = 0; i < KYBER_N / 8; i++) {
         msg[i] = 0;
         for (j = 0; j < 8; j++) {
             t  = a[8 * i + j];
 -            t += ((int16_t)t >> 15) & KYBER_Q;
 -            t  = (((t << 1) + KYBER_Q / 2) / KYBER_Q) & 1;
 +            // t += ((int16_t)t >> 15) & KYBER_Q;
 +            // t  = (((t << 1) + KYBER_Q/2)/KYBER_Q) & 1;
 +            t <<= 1;
 +            t += 1665;
 +            t *= 80635;
 +            t >>= 28;
 +            t &= 1;
             msg[i] |= t << j;
         }
     }
 diff --git a/crypto_kem/kyber512/aarch64/polyvec.c b/crypto_kem/kyber512/aarch64/polyvec.c
 index d400348..f9a1ebf 100644
 --- a/crypto_kem/kyber512/aarch64/polyvec.c
 +++ b/crypto_kem/kyber512/aarch64/polyvec.c
@@ -21,6 +21,7 @@
 **************************************************/
 void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K][KYBER_N]) {
     unsigned int i, j, k;
 +    uint64_t d0;
     #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352))
     uint16_t t[8];
@@ -29,7 +30,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K
             for (k = 0; k < 8; k++) {
                 t[k]  = a[i][8 * j + k];
                 t[k] += ((int16_t)t[k] >> 15) & KYBER_Q;
 -                t[k]  = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff;
 +                // t[k]  = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff;
 +                d0 = t[k];
 +                d0 <<= 11;
 +                d0 += 1664;
 +                d0 *= 645084;
 +                d0 >>= 31;
 +                t[k] = d0 & 0x7ff;
             }
             r[ 0] = (t[0] >>  0);
@@ -53,7 +60,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K
             for (k = 0; k < 4; k++) {
                 t[k]  = a[i][4 * j + k];
                 t[k] += ((int16_t)t[k] >> 15) & KYBER_Q;
 -                t[k]  = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff;
 +                // t[k]  = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff;
 +                d0 = t[k];
 +                d0 <<= 10;
 +                d0 += 1665;
 +                d0 *= 1290167;
 +                d0 >>= 32;
 +                t[k] = d0 & 0x3ff;
             }
             r[0] = (t[0] >> 0);
 diff --git a/crypto_kem/kyber768/aarch64/poly.c b/crypto_kem/kyber768/aarch64/poly.c
 index dffc655..361ce89 100644
 --- a/crypto_kem/kyber768/aarch64/poly.c
 +++ b/crypto_kem/kyber768/aarch64/poly.c
@@ -51,6 +51,7 @@
 void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N]) {
     unsigned int i, j;
     int16_t u;
 +    uint32_t d0;
     uint8_t t[8];
     for (i = 0; i < KYBER_N / 8; i++) {
@@ -58,7 +59,12 @@ void poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], const int16_t a[KYBER_N
             // map to positive standard representatives
             u  = a[8 * i + j];
             u += (u >> 15) & KYBER_Q;
 -            t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15;
 +            // t[j] = ((((uint16_t)u << 4) + KYBER_Q / 2) / KYBER_Q) & 15;
 +            d0 = u << 4;
 +            d0 += 1665;
 +            d0 *= 80635;
 +            d0 >>= 28;
 +            t[j] = d0 & 0xf;
         }
         r[0] = t[0] | (t[1] << 4);
@@ -194,14 +200,19 @@ void poly_frommsg(int16_t r[KYBER_N], const uint8_t msg[KYBER_INDCPA_MSGBYTES])
 **************************************************/
 void poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], const int16_t a[KYBER_N]) {
     unsigned int i, j;
 -    uint16_t t;
 +    uint32_t t;
     for (i = 0; i < KYBER_N / 8; i++) {
         msg[i] = 0;
         for (j = 0; j < 8; j++) {
             t  = a[8 * i + j];
 -            t += ((int16_t)t >> 15) & KYBER_Q;
 -            t  = (((t << 1) + KYBER_Q / 2) / KYBER_Q) & 1;
 +            // t += ((int16_t)t >> 15) & KYBER_Q;
 +            // t  = (((t << 1) + KYBER_Q/2)/KYBER_Q) & 1;
 +            t <<= 1;
 +            t += 1665;
 +            t *= 80635;
 +            t >>= 28;
 +            t &= 1;
             msg[i] |= t << j;
         }
     }
 diff --git a/crypto_kem/kyber768/aarch64/polyvec.c b/crypto_kem/kyber768/aarch64/polyvec.c
 index d400348..f9a1ebf 100644
 --- a/crypto_kem/kyber768/aarch64/polyvec.c
 +++ b/crypto_kem/kyber768/aarch64/polyvec.c
@@ -21,6 +21,7 @@
 **************************************************/
 void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K][KYBER_N]) {
     unsigned int i, j, k;
 +    uint64_t d0;
     #if (KYBER_POLYVECCOMPRESSEDBYTES == (KYBER_K * 352))
     uint16_t t[8];
@@ -29,7 +30,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K
             for (k = 0; k < 8; k++) {
                 t[k]  = a[i][8 * j + k];
                 t[k] += ((int16_t)t[k] >> 15) & KYBER_Q;
 -                t[k]  = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff;
 +                // t[k]  = ((((uint32_t)t[k] << 11) + KYBER_Q / 2) / KYBER_Q) & 0x7ff;
 +                d0 = t[k];
 +                d0 <<= 11;
 +                d0 += 1664;
 +                d0 *= 645084;
 +                d0 >>= 31;
 +                t[k] = d0 & 0x7ff;
             }
             r[ 0] = (t[0] >>  0);
@@ -53,7 +60,13 @@ void polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], int16_t a[KYBER_K
             for (k = 0; k < 4; k++) {
                 t[k]  = a[i][4 * j + k];
                 t[k] += ((int16_t)t[k] >> 15) & KYBER_Q;
 -                t[k]  = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff;
 +                // t[k]  = ((((uint32_t)t[k] << 10) + KYBER_Q / 2) / KYBER_Q) & 0x3ff;
 +                d0 = t[k];
 +                d0 <<= 10;
 +                d0 += 1665;
 +                d0 *= 1290167;
 +                d0 >>= 32;
 +                t[k] = d0 & 0x3ff;
             }
             r[0] = (t[0] >> 0);
--- a/scripts/copy_from_upstream/patches/pqclean-sphincs.patch
+++ b/scripts/copy_from_upstream/patches/pqclean-sphincs.patch
--- a/scripts/copy_from_upstream/patches/pqcrystals-dilithium-SUF-CMA.patch
+++ b/scripts/copy_from_upstream/patches/pqcrystals-dilithium-SUF-CMA.patch
@ -0,0 +1,73 @@
 ef30acde710cc1fcb0ed9735af3631761ed0358a
 diff --git a/Dilithium2-AES_META.yml b/Dilithium2-AES_META.yml
 index bad46d3..ce6e854 100644
 --- a/Dilithium2-AES_META.yml
 +++ b/Dilithium2-AES_META.yml
@@ -1,6 +1,7 @@
 name: Dilithium2-AES
 type: signature
 claimed-nist-level: 2
 +claimed-security: SUF-CMA
 length-public-key: 1312
 length-secret-key: 2528
 length-signature: 2420
 diff --git a/Dilithium2_META.yml b/Dilithium2_META.yml
 index f4b7e8f..1b23d3e 100644
 --- a/Dilithium2_META.yml
 +++ b/Dilithium2_META.yml
@@ -1,6 +1,7 @@
 name: Dilithium2
 type: signature
 claimed-nist-level: 2
 +claimed-security: SUF-CMA
 length-public-key: 1312
 length-secret-key: 2528
 length-signature: 2420
 diff --git a/Dilithium3-AES_META.yml b/Dilithium3-AES_META.yml
 index 0269442..5153309 100644
 --- a/Dilithium3-AES_META.yml
 +++ b/Dilithium3-AES_META.yml
@@ -1,6 +1,7 @@
 name: Dilithium3-AES
 type: signature
 claimed-nist-level: 3
 +claimed-security: SUF-CMA
 length-public-key: 1952
 length-secret-key: 4000
 length-signature: 3293
 diff --git a/Dilithium3_META.yml b/Dilithium3_META.yml
 index f45c859..e4fbed2 100644
 --- a/Dilithium3_META.yml
 +++ b/Dilithium3_META.yml
@@ -1,6 +1,7 @@
 name: Dilithium3
 type: signature
 claimed-nist-level: 3
 +claimed-security: SUF-CMA
 length-public-key: 1952
 length-secret-key: 4000
 length-signature: 3293
 diff --git a/Dilithium5-AES_META.yml b/Dilithium5-AES_META.yml
 index 0128a32..e53bd7d 100644
 --- a/Dilithium5-AES_META.yml
 +++ b/Dilithium5-AES_META.yml
@@ -1,6 +1,7 @@
 name: Dilithium5-AES
 type: signature
 claimed-nist-level: 5
 +claimed-security: SUF-CMA
 length-public-key: 2592
 length-secret-key: 4864
 length-signature: 4595
 diff --git a/Dilithium5_META.yml b/Dilithium5_META.yml
 index 618b617..8c1aa5f 100644
 --- a/Dilithium5_META.yml
 +++ b/Dilithium5_META.yml
@@ -1,6 +1,7 @@
 name: Dilithium5
 type: signature
 claimed-nist-level: 5
 +claimed-security: SUF-CMA
 length-public-key: 2592
 length-secret-key: 4864
 length-signature: 4595
--- a/Show More
+++ b/Show More