pq_crypto 0.6.1 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 78b11d409c22bfd37c2afcf11cfdeb8bc7e825a1e4ebf8b0a94c655afbd59f78
-  data.tar.gz: 0206a99c5b364c812176c3d31629e5eb1490dcf694a2c8902b9537fd1ab16ebc
+  metadata.gz: 94d0fc254c0169b1e49ce177e0bf9830c9a1140dc425be9e917e8b2acfb870ed
+  data.tar.gz: 148381930753a4d6eb850522619ddf43b602cf9ae9966190c91f276c56f0d426
 SHA512:
-  metadata.gz: d79069163427ae03428e5ff8d01af39315cef796d498f59ca8e021c92f6a987b6a1a6d04c8e6826529a85df1af428f80086dc1f56cda74b0866e16aca27b8901
-  data.tar.gz: 552eb1abce00c25fc1313690c5df3a4a341b158caa3aa3ec2e37b604499c43c514fd2e0b82b245961acc4e73895dcbc1b7637112958660a91e0a32b8e3e91134
+  metadata.gz: bb8d4c4683429e99d0147ece542dabdb2276ec3933482d03e3dae81a8bd55b3ed2e617c89221dcdec4dbc34c134027dc406ab7d5e814af2ceef91aa1fb1a0240
+  data.tar.gz: 1e911b991634858610ceea12d5cb3a7efbb3a2f480f7ccb531e9afd1e4d01befe673ebec0f1935500dafed37b595d9c9a11a5b9a12adf1ff0720a0a76bf95c96

data/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## [0.6.2] - 2026-05-24
+
+### Changed
+- update native mldsa `v1.0.0-beta` → `v1.0.0-beta2`
+
 ## [0.6.1] - 2026-05-14
 
 ### Security

data/SECURITY.md

@@ -23,6 +23,13 @@ PKCS#8 encodings where the linked OpenSSL exposes the corresponding ML-KEM /
 ML-DSA EVP support. These tests improve compatibility coverage but are not a
 substitute for a security audit.
 
+The test surface also includes libFuzzer targets for PKCS#8 DER/PEM decoding
+and pq_crypto-local container decoding, built with AddressSanitizer and
+UndefinedBehaviorSanitizer. A representative clang-17 run executed
+approximately 253 million inputs across these targets and produced no crash
+artifacts. This improves malformed-input parser coverage but is not a proof of
+memory safety and is not a substitute for a security audit.
+
 ## Algorithm notes
 
 ### ML-KEM / ML-DSA

data/ext/pqcrypto/pqcrypto_version.h

@@ -2,6 +2,6 @@
 #ifndef PQCRYPTO_VERSION_H
 #define PQCRYPTO_VERSION_H
 
-#define PQCRYPTO_VERSION "0.6.1"
+#define PQCRYPTO_VERSION "0.6.2"
 
 #endif

data/ext/pqcrypto/vendor/.vendored

@@ -6,7 +6,7 @@ mlkem_native_ref=v1.1.0
 mlkem_native_commit=d2cae2be522a67bfae26100fdb520576f1b2ef90
 mlkem_native_tree_sha256=c225de87a69e6d6360cddc4b5839b03e65fa9d5a1112a5f19700c905b7e74512
 mldsa_native_repo=https://github.com/pq-code-package/mldsa-native.git
-mldsa_native_ref=v1.0.0-beta
-mldsa_native_commit=db65535319d9750d75d34c6d170677415f9d2c46
-mldsa_native_tree_sha256=3b2cb648dade4540191f08d606b422042bf781fb37b434934ab02b58a0121f5c
-manifest_sha256=aeb28860537e30f4da0d28dc2961ba6bb06e700195a56f1648e5caddf1b6e1be
+mldsa_native_ref=v1.0.0-beta2
+mldsa_native_commit=9b0ee84f4cf399043eca59eca4e5f8531ca1d61b
+mldsa_native_tree_sha256=2887f59926c18a877e8c5a5e30727e84497c357032093d00d7135aedf53f011e
+manifest_sha256=cfcf998232945760d5fd66cc3ec0af54925e13844e1758f559eeb1c7ecf16ffc

data/ext/pqcrypto/vendor/mldsa-native/README.md

@@ -59,19 +59,14 @@ mldsa-native is used in
 
 We use the [C Bounded Model Checker (CBMC)](https://github.com/diffblue/cbmc) to prove absence of various classes of undefined behaviour in C, including out of bounds memory accesses and integer overflows. The proofs cover all C code in [mldsa/src/*](mldsa) and [mldsa/src/fips202/*](mldsa/src/fips202) involved in running mldsa-native with its C backend. See [proofs/cbmc](proofs/cbmc) for details.
 
-**Note:** The `MLD_CONFIG_REDUCE_RAM` configuration option is not currently covered by CBMC proofs.
-
-HOL-Light functional correctness proofs can be found in [proofs/hol_light](proofs/hol_light). So far, the following functions have been proven correct:
-
-- AArch64 poly_caddq [poly_caddq_asm.S](mldsa/src/native/aarch64/src/poly_caddq_asm.S)
-- x86_64 NTT [ntt.S](mldsa/src/native/x86_64/src/ntt.S)
-
-These proofs utilize the verification infrastructure in [s2n-bignum](https://github.com/awslabs/s2n-bignum).
+HOL-Light functional correctness proofs can be found in [proofs/hol_light](proofs/hol_light). See the [HOL-Light README](proofs/hol_light/README.md) for the list of functions that have been proven correct. These proofs utilize the verification infrastructure in [s2n-bignum](https://github.com/awslabs/s2n-bignum).
 
 Finally, [proofs/isabelle](proofs/isabelle/compress) contains proofs in [Isabelle/HOL](https://isabelle.in.tum.de/) of the correctness of
 different approaches for computing the scalar decomposition routines used in ML-DSA. Those are still experimental and do not yet operate
 on the source level.
 
+**NOTE:** Formal Verification is never absolute. See [SOUNDNESS.md](SOUNDNESS.md) for an analysis of the scope, assumptions and risks of the formal verification efforts around mldsa-native.
+
 ## Security
 
 All assembly in mldsa-native is constant-time in the sense that it is free of secret-dependent control flow, memory access,
@@ -81,6 +76,8 @@ timing side channels through suitable barriers and constant-time patterns.
 Absence of secret-dependent branches, memory-access patterns and variable-latency instructions is also tested using `valgrind`
 with various combinations of compilers and compilation options.
 
+**Other attacks.** mldsa-native targets resistance against timing side-channels only. Other attack classes, such as power and electromagnetic side-channels, microarchitectural side-channels (e.g. speculative execution), or fault-injection attacks, are currently out of scope.
+
 ## Design
 
 mldsa-native is split into a _frontend_ and two _backends_ for arithmetic and FIPS202 / SHA3. The frontend is
@@ -98,9 +95,12 @@ mldsa-native currently offers the following backends:
 
 If you'd like contribute new backends, please reach out!
 
-## ACVP Testing
+## Test Vectors
+
+mldsa-native is tested against all official ACVP ML-DSA test vectors[^ACVP] and the
+Wycheproof[^wycheproof] ML-DSA test vectors.
 
-mldsa-native is tested against all official ACVP ML-DSA test vectors[^ACVP].
+### ACVP
 
 You can run ACVP tests using the [`tests`](./scripts/tests) script or the [ACVP client](./test/acvp/acvp_client.py) directly:
 
@@ -122,6 +122,18 @@ python3 ./test/acvp/acvp_client.py \
   -e ./test/acvp/.acvp-data/v1.1.0.41/files/ML-DSA-sigVer-FIPS204/expectedResults.json
 ```
 
+### Wycheproof
+
+You can run Wycheproof[^wycheproof] tests using the [`tests`](./scripts/tests) script or the [Wycheproof client](./test/wycheproof/wycheproof_client.py) directly:
+
+```bash
+# Using the tests script
+./scripts/tests wycheproof
+
+# Using the Wycheproof client directly
+python3 ./test/wycheproof/wycheproof_client.py
+```
+
 ## Benchmarking
 
 You can measure performance, memory usage, and binary size using the [`tests`](./scripts/tests) script:
@@ -219,3 +231,4 @@ through the [PQCA Discord](https://discord.com/invite/xyVnwzfg5R). See also [CON
 [^NIST_FIPS204_SEC6]: National Institute of Standards and Technology: FIPS 204 Section 6 Guidance, [https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/faq/fips204-sec6-03192025.pdf](https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/faq/fips204-sec6-03192025.pdf)
 [^REF]: Bai, Ducas, Kiltz, Lepoint, Lyubashevsky, Schwabe, Seiler, Stehlé: CRYSTALS-Dilithium reference implementation, [https://github.com/pq-crystals/dilithium/tree/master/ref](https://github.com/pq-crystals/dilithium/tree/master/ref)
 [^tiny_sha3]: Markku-Juhani O. Saarinen: tiny_sha3, [https://github.com/mjosaarinen/tiny_sha3](https://github.com/mjosaarinen/tiny_sha3)
+[^wycheproof]: Community Cryptography Specification Project: Project Wycheproof, [https://github.com/C2SP/wycheproof](https://github.com/C2SP/wycheproof)

data/ext/pqcrypto/vendor/mldsa-native/mldsa/README.md

@@ -0,0 +1,23 @@
+[//]: # (SPDX-License-Identifier: CC-BY-4.0)
+
+# mldsa-native source tree
+
+This is the main source tree of mldsa-native.
+
+## Building
+
+To build mldsa-native for a fixed parameter set (ML-DSA-44/65/87), build the compilation units in `src/*` separately, and link to an RNG and your application. See [examples/basic](../examples/basic) for a simple example.
+
+Alternatively, you can use the auto-generated helper files [mldsa_native.c](mldsa_native.c) and [mldsa_native_asm.S](mldsa_native_asm.S), which bundle all *.c and *.S files together. See [examples/monolithic_build](../examples/monolithic_build) and [examples/monolithic_build_native](../examples/monolithic_build_native) for examples with and without native code.
+
+## Configuration
+
+The build is configured by [mldsa_native_config.h](mldsa_native_config.h), or by the file pointed to by `MLD_CONFIG_FILE`. Note in particular `MLD_CONFIG_PARAMETER_SET` and `MLD_CONFIG_NAMESPACE_PREFIX`, which set the parameter set and namespace prefix, respectively.
+
+## API
+
+The public API is defined in [mldsa_native.h](mldsa_native.h).
+
+## Supporting multiple parameter sets
+
+If you want to support multiple parameter sets, build the library once per parameter set you want to support. Set `MLD_CONFIG_MULTILEVEL_WITH_SHARED` for one of the builds, and `MLD_CONFIG_MULTILEVEL_NO_SHARED` for the others, to avoid duplicating shared functionality. Finally, link with RNG and your application as before. This is demonstrated in the examples [examples/multilevel_build](../examples/multilevel_build), [examples/multilevel_build_native](../examples/multilevel_build_native), [examples/monolithic_build_multilevel](../examples/monolithic_build_multilevel) and [examples/monolithic_build_multilevel_native](../examples/monolithic_build_multilevel_native).

data/ext/pqcrypto/vendor/mldsa-native/mldsa/mldsa_native.c

@@ -65,6 +65,7 @@
 #include "src/poly.c"
 #include "src/poly_kl.c"
 #include "src/polyvec.c"
+#include "src/polyvec_lazy.c"
 #include "src/sign.c"
 
 #if !defined(MLD_CONFIG_FIPS202_CUSTOM_HEADER)
@@ -82,7 +83,6 @@
 #endif /* MLD_SYS_AARCH64 */
 #if defined(MLD_SYS_X86_64)
 #include "src/native/x86_64/src/consts.c"
-#include "src/native/x86_64/src/poly_caddq_avx2.c"
 #include "src/native/x86_64/src/poly_chknorm_avx2.c"
 #include "src/native/x86_64/src/poly_decompose_32_avx2.c"
 #include "src/native/x86_64/src/poly_decompose_88_avx2.c"
@@ -102,7 +102,7 @@
 #include "src/fips202/native/aarch64/src/keccakf1600_round_constants.c"
 #endif
 #if defined(MLD_SYS_X86_64)
-#include "src/fips202/native/x86_64/src/KeccakP_1600_times4_SIMD256.c"
+#include "src/fips202/native/x86_64/src/keccakf1600_constants.c"
 #endif
 #if defined(MLD_SYS_ARMV81M_MVE)
 #include "src/fips202/native/armv81m/src/keccak_f1600_x4_mve.c"
@@ -175,8 +175,10 @@
 #undef MLD_ERR_FAIL
 #undef MLD_ERR_OUT_OF_MEMORY
 #undef MLD_ERR_RNG_FAIL
+#undef MLD_ERR_SIGN_ATTEMPTS_EXHAUSTED
 #undef MLD_H
 #undef MLD_MAX3_
+#undef MLD_MAX4_
 #undef MLD_PREHASH_NONE
 #undef MLD_PREHASH_SHA2_224
 #undef MLD_PREHASH_SHA2_256
@@ -194,18 +196,21 @@
 #undef MLD_TOTAL_ALLOC_44_KEYPAIR
 #undef MLD_TOTAL_ALLOC_44_KEYPAIR_NO_PCT
 #undef MLD_TOTAL_ALLOC_44_KEYPAIR_PCT
+#undef MLD_TOTAL_ALLOC_44_PK_FROM_SK
 #undef MLD_TOTAL_ALLOC_44_SIGN
 #undef MLD_TOTAL_ALLOC_44_VERIFY
 #undef MLD_TOTAL_ALLOC_65
 #undef MLD_TOTAL_ALLOC_65_KEYPAIR
 #undef MLD_TOTAL_ALLOC_65_KEYPAIR_NO_PCT
 #undef MLD_TOTAL_ALLOC_65_KEYPAIR_PCT
+#undef MLD_TOTAL_ALLOC_65_PK_FROM_SK
 #undef MLD_TOTAL_ALLOC_65_SIGN
 #undef MLD_TOTAL_ALLOC_65_VERIFY
 #undef MLD_TOTAL_ALLOC_87
 #undef MLD_TOTAL_ALLOC_87_KEYPAIR
 #undef MLD_TOTAL_ALLOC_87_KEYPAIR_NO_PCT
 #undef MLD_TOTAL_ALLOC_87_KEYPAIR_PCT
+#undef MLD_TOTAL_ALLOC_87_PK_FROM_SK
 #undef MLD_TOTAL_ALLOC_87_SIGN
 #undef MLD_TOTAL_ALLOC_87_VERIFY
 #undef crypto_sign
@@ -216,6 +221,7 @@
 /* mldsa/src/common.h */
 #undef MLD_ADD_PARAM_SET
 #undef MLD_ALLOC
+#undef MLD_ANY_ERROR
 #undef MLD_APPLY
 #undef MLD_ASM_FN_SIZE
 #undef MLD_ASM_FN_SYMBOL
@@ -238,27 +244,30 @@
 #undef MLD_ERR_FAIL
 #undef MLD_ERR_OUT_OF_MEMORY
 #undef MLD_ERR_RNG_FAIL
+#undef MLD_ERR_SIGN_ATTEMPTS_EXHAUSTED
 #undef MLD_EXTERNAL_API
 #undef MLD_FIPS202X4_HEADER_FILE
 #undef MLD_FIPS202_HEADER_FILE
 #undef MLD_FREE
 #undef MLD_INTERNAL_API
+#undef MLD_INTERNAL_DATA_DECLARATION
+#undef MLD_INTERNAL_DATA_DEFINITION
 #undef MLD_MULTILEVEL_BUILD
 #undef MLD_NAMESPACE
 #undef MLD_NAMESPACE_KL
 #undef MLD_NAMESPACE_PREFIX
 #undef MLD_NAMESPACE_PREFIX_KL
-#undef MLD_UNION_OR_STRUCT
 #undef mld_memcpy
 #undef mld_memset
 /* mldsa/src/packing.h */
 #undef MLD_PACKING_H
-#undef mld_pack_pk
-#undef mld_pack_sig_c_h
+#undef mld_pack_sig_c
+#undef mld_pack_sig_h
 #undef mld_pack_sig_z
-#undef mld_pack_sk
-#undef mld_unpack_pk
-#undef mld_unpack_sig
+#undef mld_pack_sk_rho_key_tr_s2
+#undef mld_pack_sk_s1
+#undef mld_sig_unpack_hints
+#undef mld_unpack_pk_t1
 #undef mld_unpack_sk
 /* mldsa/src/params.h */
 #undef MLDSA_BETA
@@ -293,7 +302,6 @@
 #undef MLD_POLY_KL_H
 #undef mld_poly_challenge
 #undef mld_poly_decompose
-#undef mld_poly_make_hint
 #undef mld_poly_uniform_eta
 #undef mld_poly_uniform_eta_4x
 #undef mld_poly_uniform_gamma1
@@ -306,29 +314,16 @@
 #undef mld_polyz_unpack
 /* mldsa/src/polyvec.h */
 #undef MLD_POLYVEC_H
-#undef mld_polymat
-#undef mld_polymat_get_row
-#undef mld_polyvec_matrix_expand
-#undef mld_polyvec_matrix_pointwise_montgomery
 #undef mld_polyveck
-#undef mld_polyveck_add
 #undef mld_polyveck_caddq
 #undef mld_polyveck_chknorm
 #undef mld_polyveck_decompose
 #undef mld_polyveck_invntt_tomont
-#undef mld_polyveck_make_hint
 #undef mld_polyveck_ntt
 #undef mld_polyveck_pack_eta
-#undef mld_polyveck_pack_t0
 #undef mld_polyveck_pack_w1
-#undef mld_polyveck_pointwise_poly_montgomery
-#undef mld_polyveck_power2round
 #undef mld_polyveck_reduce
-#undef mld_polyveck_shiftl
-#undef mld_polyveck_sub
 #undef mld_polyveck_unpack_eta
-#undef mld_polyveck_unpack_t0
-#undef mld_polyveck_use_hint
 #undef mld_polyvecl
 #undef mld_polyvecl_chknorm
 #undef mld_polyvecl_ntt
@@ -337,6 +332,58 @@
 #undef mld_polyvecl_uniform_gamma1
 #undef mld_polyvecl_unpack_eta
 #undef mld_polyvecl_unpack_z
+/* mldsa/src/polyvec_lazy.h */
+#undef MLD_POLYVEC_LAZY_H
+#undef mld_poly_permute_bitrev_to_custom_optional
+#undef mld_polymat
+#undef mld_polymat_eager
+#undef mld_polymat_lazy
+#undef mld_polyvec_matrix_expand
+#undef mld_polyvec_matrix_expand_eager
+#undef mld_polyvec_matrix_expand_lazy
+#undef mld_polyvec_matrix_pointwise_montgomery
+#undef mld_polyvec_matrix_pointwise_montgomery_row
+#undef mld_polyvec_matrix_pointwise_montgomery_row_eager
+#undef mld_polyvec_matrix_pointwise_montgomery_row_lazy
+#undef mld_polyvec_matrix_pointwise_montgomery_yvec
+#undef mld_polyvec_matrix_pointwise_montgomery_yvec_eager
+#undef mld_polyvec_matrix_pointwise_montgomery_yvec_lazy
+#undef mld_sk_s1hat
+#undef mld_sk_s1hat_eager
+#undef mld_sk_s1hat_get_poly
+#undef mld_sk_s1hat_get_poly_eager
+#undef mld_sk_s1hat_get_poly_lazy
+#undef mld_sk_s1hat_lazy
+#undef mld_sk_s2hat
+#undef mld_sk_s2hat_eager
+#undef mld_sk_s2hat_get_poly
+#undef mld_sk_s2hat_get_poly_eager
+#undef mld_sk_s2hat_get_poly_lazy
+#undef mld_sk_s2hat_lazy
+#undef mld_sk_t0hat
+#undef mld_sk_t0hat_eager
+#undef mld_sk_t0hat_get_poly
+#undef mld_sk_t0hat_get_poly_eager
+#undef mld_sk_t0hat_get_poly_lazy
+#undef mld_sk_t0hat_lazy
+#undef mld_unpack_sk_s1hat
+#undef mld_unpack_sk_s1hat_eager
+#undef mld_unpack_sk_s1hat_lazy
+#undef mld_unpack_sk_s2hat
+#undef mld_unpack_sk_s2hat_eager
+#undef mld_unpack_sk_s2hat_lazy
+#undef mld_unpack_sk_t0hat
+#undef mld_unpack_sk_t0hat_eager
+#undef mld_unpack_sk_t0hat_lazy
+#undef mld_yvec
+#undef mld_yvec_eager
+#undef mld_yvec_get_poly
+#undef mld_yvec_get_poly_eager
+#undef mld_yvec_get_poly_lazy
+#undef mld_yvec_init
+#undef mld_yvec_init_eager
+#undef mld_yvec_init_lazy
+#undef mld_yvec_lazy
 /* mldsa/src/rounding.h */
 #undef MLD_2_POW_D
 #undef MLD_ROUNDING_H
@@ -539,11 +586,11 @@
 #undef MLD_FIPS202_NATIVE_AARCH64_AUTO_H
 /* mldsa/src/fips202/native/aarch64/src/fips202_native_aarch64.h */
 #undef MLD_FIPS202_NATIVE_AARCH64_SRC_FIPS202_NATIVE_AARCH64_H
-#undef mld_keccak_f1600_x1_scalar_asm
-#undef mld_keccak_f1600_x1_v84a_asm
-#undef mld_keccak_f1600_x2_v84a_asm
-#undef mld_keccak_f1600_x4_v8a_scalar_hybrid_asm
-#undef mld_keccak_f1600_x4_v8a_v84a_scalar_hybrid_asm
+#undef mld_keccak_f1600_x1_scalar_aarch64_asm
+#undef mld_keccak_f1600_x1_v84a_aarch64_asm
+#undef mld_keccak_f1600_x2_v84a_aarch64_asm
+#undef mld_keccak_f1600_x4_v8a_scalar_hybrid_aarch64_asm
+#undef mld_keccak_f1600_x4_v8a_v84a_scalar_hybrid_aarch64_asm
 #undef mld_keccakf1600_round_constants
 /* mldsa/src/fips202/native/aarch64/x1_scalar.h */
 #undef MLD_FIPS202_AARCH64_NEED_X1_SCALAR
@@ -570,13 +617,16 @@
 /*
  * Undefine macros from native code (FIPS202, x86_64)
  */
-/* mldsa/src/fips202/native/x86_64/src/KeccakP_1600_times4_SIMD256.h */
-#undef MLD_FIPS202_NATIVE_X86_64_SRC_KECCAKP_1600_TIMES4_SIMD256_H
-#undef mld_keccakf1600x4_permute24
-/* mldsa/src/fips202/native/x86_64/xkcp.h */
-#undef MLD_FIPS202_NATIVE_X86_64_XKCP_H
-#undef MLD_FIPS202_X86_64_XKCP
+/* mldsa/src/fips202/native/x86_64/keccak_f1600_x4_avx2.h */
+#undef MLD_FIPS202_NATIVE_X86_64_KECCAK_F1600_X4_AVX2_H
+#undef MLD_FIPS202_X86_64_NEED_X4_AVX2
 #undef MLD_USE_FIPS202_X4_NATIVE
+/* mldsa/src/fips202/native/x86_64/src/fips202_native_x86_64.h */
+#undef MLD_FIPS202_NATIVE_X86_64_SRC_FIPS202_NATIVE_X86_64_H
+#undef mld_keccak_f1600_x4_avx2_asm
+#undef mld_keccak_rho56
+#undef mld_keccak_rho8
+#undef mld_keccakf1600_round_constants
 #endif /* MLD_SYS_X86_64 */
 #if defined(MLD_SYS_ARMV81M_MVE)
 /*
@@ -586,11 +636,17 @@
 #undef MLD_FIPS202_ARMV81M_NEED_X4
 #undef MLD_FIPS202_NATIVE_ARMV81M
 #undef MLD_FIPS202_NATIVE_ARMV81M_MVE_H
+#undef MLD_USE_FIPS202_X4_EXTRACT_BYTES_NATIVE
 #undef MLD_USE_FIPS202_X4_NATIVE
+#undef MLD_USE_FIPS202_X4_XOR_BYTES_NATIVE
 #undef mld_keccak_f1600_x4_native_impl
+#undef mld_keccak_f1600_x4_state_extract_bytes
+#undef mld_keccak_f1600_x4_state_xor_bytes
 /* mldsa/src/fips202/native/armv81m/src/fips202_native_armv81m.h */
 #undef MLD_FIPS202_NATIVE_ARMV81M_SRC_FIPS202_NATIVE_ARMV81M_H
 #undef mld_keccak_f1600_x4_mve_asm
+#undef mld_keccak_f1600_x4_state_extract_bytes_asm
+#undef mld_keccak_f1600_x4_state_xor_bytes_asm
 #undef mld_keccakf1600_round_constants
 #endif /* MLD_SYS_ARMV81M_MVE */
 #endif /* MLD_CONFIG_USE_NATIVE_BACKEND_FIPS202 */
@@ -636,25 +692,25 @@
 #undef mld_aarch64_intt_zetas_layer78
 #undef mld_aarch64_ntt_zetas_layer123456
 #undef mld_aarch64_ntt_zetas_layer78
-#undef mld_intt_asm
-#undef mld_ntt_asm
-#undef mld_poly_caddq_asm
-#undef mld_poly_chknorm_asm
-#undef mld_poly_decompose_32_asm
-#undef mld_poly_decompose_88_asm
-#undef mld_poly_pointwise_montgomery_asm
-#undef mld_poly_use_hint_32_asm
-#undef mld_poly_use_hint_88_asm
-#undef mld_polyvecl_pointwise_acc_montgomery_l4_asm
-#undef mld_polyvecl_pointwise_acc_montgomery_l5_asm
-#undef mld_polyvecl_pointwise_acc_montgomery_l7_asm
-#undef mld_polyz_unpack_17_asm
+#undef mld_intt_aarch64_asm
+#undef mld_ntt_aarch64_asm
+#undef mld_poly_caddq_aarch64_asm
+#undef mld_poly_chknorm_aarch64_asm
+#undef mld_poly_decompose_32_aarch64_asm
+#undef mld_poly_decompose_88_aarch64_asm
+#undef mld_poly_pointwise_montgomery_aarch64_asm
+#undef mld_poly_use_hint_32_aarch64_asm
+#undef mld_poly_use_hint_88_aarch64_asm
+#undef mld_polyvecl_pointwise_acc_montgomery_l4_aarch64_asm
+#undef mld_polyvecl_pointwise_acc_montgomery_l5_aarch64_asm
+#undef mld_polyvecl_pointwise_acc_montgomery_l7_aarch64_asm
+#undef mld_polyz_unpack_17_aarch64_asm
 #undef mld_polyz_unpack_17_indices
-#undef mld_polyz_unpack_19_asm
+#undef mld_polyz_unpack_19_aarch64_asm
 #undef mld_polyz_unpack_19_indices
-#undef mld_rej_uniform_asm
-#undef mld_rej_uniform_eta2_asm
-#undef mld_rej_uniform_eta4_asm
+#undef mld_rej_uniform_aarch64_asm
+#undef mld_rej_uniform_eta2_aarch64_asm
+#undef mld_rej_uniform_eta4_aarch64_asm
 #undef mld_rej_uniform_eta_table
 #undef mld_rej_uniform_table
 #endif /* MLD_SYS_AARCH64 */
@@ -688,14 +744,14 @@
 #undef MLD_AVX2_REJ_UNIFORM_ETA2_BUFLEN
 #undef MLD_AVX2_REJ_UNIFORM_ETA4_BUFLEN
 #undef MLD_NATIVE_X86_64_SRC_ARITH_NATIVE_X86_64_H
-#undef mld_invntt_avx2
-#undef mld_ntt_avx2
-#undef mld_nttunpack_avx2
-#undef mld_pointwise_acc_l4_avx2
-#undef mld_pointwise_acc_l5_avx2
-#undef mld_pointwise_acc_l7_avx2
-#undef mld_pointwise_avx2
-#undef mld_poly_caddq_avx2
+#undef mld_invntt_avx2_asm
+#undef mld_ntt_avx2_asm
+#undef mld_nttunpack_avx2_asm
+#undef mld_pointwise_acc_l4_avx2_asm
+#undef mld_pointwise_acc_l5_avx2_asm
+#undef mld_pointwise_acc_l7_avx2_asm
+#undef mld_pointwise_avx2_asm
+#undef mld_poly_caddq_avx2_asm
 #undef mld_poly_chknorm_avx2
 #undef mld_poly_decompose_32_avx2
 #undef mld_poly_decompose_88_avx2