From 4846f81a98232e6c90f08578e8f122146550be8d Mon Sep 17 00:00:00 2001
From: Spencer Wilson <spencer.wilson@uwaterloo.ca>
Date: Wed, 18 Oct 2023 11:12:38 -0400
Subject: [PATCH] Update Sphincs+ PQClean patch

---
 .../patches/pqclean-sphincs.patch             | 1845 +----------------
 1 file changed, 83 insertions(+), 1762 deletions(-)

diff --git a/scripts/copy_from_upstream/patches/pqclean-sphincs.patch b/scripts/copy_from_upstream/patches/pqclean-sphincs.patch
index 16a245731c..fedefc678a 100644
--- a/scripts/copy_from_upstream/patches/pqclean-sphincs.patch
+++ b/scripts/copy_from_upstream/patches/pqclean-sphincs.patch
@@ -1,16 +1,6 @@
-diff --git a/crypto_sign/sphincs-sha2-128f-robust/META.yml b/crypto_sign/sphincs-sha2-128f-robust/META.yml
-index 6dfc899..f991e5b 100644
---- a/crypto_sign/sphincs-sha2-128f-robust/META.yml
-+++ b/crypto_sign/sphincs-sha2-128f-robust/META.yml
-@@ -34,3 +34,6 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
+9bca57f7bf93bff4ddcfbf392cf8fb57977d2231
 diff --git a/crypto_sign/sphincs-sha2-128f-simple/META.yml b/crypto_sign/sphincs-sha2-128f-simple/META.yml
-index 08b3fcc..7752a6f 100644
+index 7ee7508..5bf3613 100644
 --- a/crypto_sign/sphincs-sha2-128f-simple/META.yml
 +++ b/crypto_sign/sphincs-sha2-128f-simple/META.yml
 @@ -34,3 +34,6 @@ implementations:
@@ -18,21 +8,10 @@ index 08b3fcc..7752a6f 100644
        - architecture: x86_64
          required_flags: ['avx2']
 +        operating_systems:
-+          - Linux
-+          - Darwin
-diff --git a/crypto_sign/sphincs-sha2-128s-robust/META.yml b/crypto_sign/sphincs-sha2-128s-robust/META.yml
-index dbe2ffd..70ac219 100644
---- a/crypto_sign/sphincs-sha2-128s-robust/META.yml
-+++ b/crypto_sign/sphincs-sha2-128s-robust/META.yml
-@@ -34,3 +34,6 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
++          - 'Linux'
++          - 'Darwin'
 diff --git a/crypto_sign/sphincs-sha2-128s-simple/META.yml b/crypto_sign/sphincs-sha2-128s-simple/META.yml
-index c1d355a..d7c5b40 100644
+index 2db71af..36938ad 100644
 --- a/crypto_sign/sphincs-sha2-128s-simple/META.yml
 +++ b/crypto_sign/sphincs-sha2-128s-simple/META.yml
 @@ -34,3 +34,6 @@ implementations:
@@ -40,21 +19,10 @@ index c1d355a..d7c5b40 100644
        - architecture: x86_64
          required_flags: ['avx2']
 +        operating_systems:
-+          - Linux
-+          - Darwin
-diff --git a/crypto_sign/sphincs-sha2-192f-robust/META.yml b/crypto_sign/sphincs-sha2-192f-robust/META.yml
-index 0d6f9fe..6b7167d 100644
---- a/crypto_sign/sphincs-sha2-192f-robust/META.yml
-+++ b/crypto_sign/sphincs-sha2-192f-robust/META.yml
-@@ -34,3 +34,6 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
++          - 'Linux'
++          - 'Darwin'
 diff --git a/crypto_sign/sphincs-sha2-192f-simple/META.yml b/crypto_sign/sphincs-sha2-192f-simple/META.yml
-index e3de597..4865aac 100644
+index f0c007f..f3885d2 100644
 --- a/crypto_sign/sphincs-sha2-192f-simple/META.yml
 +++ b/crypto_sign/sphincs-sha2-192f-simple/META.yml
 @@ -34,3 +34,6 @@ implementations:
@@ -62,21 +30,10 @@ index e3de597..4865aac 100644
        - architecture: x86_64
          required_flags: ['avx2']
 +        operating_systems:
-+          - Linux
-+          - Darwin
-diff --git a/crypto_sign/sphincs-sha2-192s-robust/META.yml b/crypto_sign/sphincs-sha2-192s-robust/META.yml
-index 0593604..7a0d6d8 100644
---- a/crypto_sign/sphincs-sha2-192s-robust/META.yml
-+++ b/crypto_sign/sphincs-sha2-192s-robust/META.yml
-@@ -34,3 +34,6 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
++          - 'Linux'
++          - 'Darwin'
 diff --git a/crypto_sign/sphincs-sha2-192s-simple/META.yml b/crypto_sign/sphincs-sha2-192s-simple/META.yml
-index eea6ef5..1ca9aa8 100644
+index 0e51697..7645aa2 100644
 --- a/crypto_sign/sphincs-sha2-192s-simple/META.yml
 +++ b/crypto_sign/sphincs-sha2-192s-simple/META.yml
 @@ -34,3 +34,6 @@ implementations:
@@ -84,21 +41,10 @@ index eea6ef5..1ca9aa8 100644
        - architecture: x86_64
          required_flags: ['avx2']
 +        operating_systems:
-+          - Linux
-+          - Darwin
-diff --git a/crypto_sign/sphincs-sha2-256f-robust/META.yml b/crypto_sign/sphincs-sha2-256f-robust/META.yml
-index 1069de9..921056e 100644
---- a/crypto_sign/sphincs-sha2-256f-robust/META.yml
-+++ b/crypto_sign/sphincs-sha2-256f-robust/META.yml
-@@ -34,3 +34,6 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
++          - 'Linux'
++          - 'Darwin'
 diff --git a/crypto_sign/sphincs-sha2-256f-simple/META.yml b/crypto_sign/sphincs-sha2-256f-simple/META.yml
-index 9dc3b5e..add1fa8 100644
+index e0f57c7..7627901 100644
 --- a/crypto_sign/sphincs-sha2-256f-simple/META.yml
 +++ b/crypto_sign/sphincs-sha2-256f-simple/META.yml
 @@ -34,3 +34,6 @@ implementations:
@@ -106,21 +52,10 @@ index 9dc3b5e..add1fa8 100644
        - architecture: x86_64
          required_flags: ['avx2']
 +        operating_systems:
-+          - Linux
-+          - Darwin
-diff --git a/crypto_sign/sphincs-sha2-256s-robust/META.yml b/crypto_sign/sphincs-sha2-256s-robust/META.yml
-index 1930288..344d761 100644
---- a/crypto_sign/sphincs-sha2-256s-robust/META.yml
-+++ b/crypto_sign/sphincs-sha2-256s-robust/META.yml
-@@ -34,3 +34,6 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
++          - 'Linux'
++          - 'Darwin'
 diff --git a/crypto_sign/sphincs-sha2-256s-simple/META.yml b/crypto_sign/sphincs-sha2-256s-simple/META.yml
-index a92feb7..0ffd034 100644
+index c06a39e..01d4efe 100644
 --- a/crypto_sign/sphincs-sha2-256s-simple/META.yml
 +++ b/crypto_sign/sphincs-sha2-256s-simple/META.yml
 @@ -34,3 +34,6 @@ implementations:
@@ -128,12 +63,12 @@ index a92feb7..0ffd034 100644
        - architecture: x86_64
          required_flags: ['avx2']
 +        operating_systems:
-+          - Linux
-+          - Darwin
-diff --git a/crypto_sign/sphincs-shake-128f-robust/META.yml b/crypto_sign/sphincs-shake-128f-robust/META.yml
-index 5fe71d5..abe113e 100644
---- a/crypto_sign/sphincs-shake-128f-robust/META.yml
-+++ b/crypto_sign/sphincs-shake-128f-robust/META.yml
++          - 'Linux'
++          - 'Darwin'
+diff --git a/crypto_sign/sphincs-shake-128f-simple/META.yml b/crypto_sign/sphincs-shake-128f-simple/META.yml
+index 6eb6f96..4a934ae 100644
+--- a/crypto_sign/sphincs-shake-128f-simple/META.yml
++++ b/crypto_sign/sphincs-shake-128f-simple/META.yml
 @@ -34,6 +34,9 @@ implementations:
      supported_platforms:
        - architecture: x86_64
@@ -142,14 +77,14 @@ index 5fe71d5..abe113e 100644
 +          - Linux
 +          - Darwin
    - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
+     version: https://github.com/sphincs/sphincsplus/commit/f38d4fdaff9c5889a086955a027f6bd71d8a4a96
      supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-128f-robust/avx2/fips202x4.c b/crypto_sign/sphincs-shake-128f-robust/avx2/fips202x4.c
+diff --git a/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.c
 deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-128f-robust/avx2/fips202x4.c
+index 7481b81..0000000
+--- a/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.c
 +++ /dev/null
-@@ -1,210 +0,0 @@
+@@ -1,205 +0,0 @@
 -#include <assert.h>
 -#include <immintrin.h>
 -#include <stdint.h>
@@ -198,7 +133,6 @@ index 1e06fef..0000000
 -
 -    unsigned long long *ss = (unsigned long long *)s;
 -
--
 -    while (mlen >= r) {
 -        for (i = 0; i < r / 8; ++i) {
 -            ss[4 * i + 0] ^= load64(m0 + 8 * i);
@@ -246,7 +180,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
 -static void keccak_squeezeblocks4x(unsigned char *h0,
 -                                   unsigned char *h1,
 -                                   unsigned char *h2,
@@ -274,8 +207,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
--
 -void shake128x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,
@@ -318,7 +249,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
 -void shake256x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,
@@ -360,10 +290,10 @@ index 1e06fef..0000000
 -        }
 -    }
 -}
-diff --git a/crypto_sign/sphincs-shake-128f-robust/avx2/fips202x4.h b/crypto_sign/sphincs-shake-128f-robust/avx2/fips202x4.h
+diff --git a/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.h b/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.h
 deleted file mode 100644
 index 2b93c9c..0000000
---- a/crypto_sign/sphincs-shake-128f-robust/avx2/fips202x4.h
+--- a/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.h
 +++ /dev/null
 @@ -1,28 +0,0 @@
 -#ifndef SPX_FIPS202X4_H
@@ -394,10 +324,10 @@ index 2b93c9c..0000000
 -                unsigned char *in3, unsigned long long inlen);
 -
 -#endif
-diff --git a/crypto_sign/sphincs-shake-128f-simple/META.yml b/crypto_sign/sphincs-shake-128f-simple/META.yml
-index ae8083d..c8497dc 100644
---- a/crypto_sign/sphincs-shake-128f-simple/META.yml
-+++ b/crypto_sign/sphincs-shake-128f-simple/META.yml
+diff --git a/crypto_sign/sphincs-shake-128s-simple/META.yml b/crypto_sign/sphincs-shake-128s-simple/META.yml
+index 3b8c5f3..b40d0f1 100644
+--- a/crypto_sign/sphincs-shake-128s-simple/META.yml
++++ b/crypto_sign/sphincs-shake-128s-simple/META.yml
 @@ -34,6 +34,9 @@ implementations:
      supported_platforms:
        - architecture: x86_64
@@ -406,14 +336,14 @@ index ae8083d..c8497dc 100644
 +          - Linux
 +          - Darwin
    - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
+     version: https://github.com/sphincs/sphincsplus/commit/f38d4fdaff9c5889a086955a027f6bd71d8a4a96
      supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.c
+diff --git a/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.c
 deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.c
+index 7481b81..0000000
+--- a/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.c
 +++ /dev/null
-@@ -1,210 +0,0 @@
+@@ -1,205 +0,0 @@
 -#include <assert.h>
 -#include <immintrin.h>
 -#include <stdint.h>
@@ -462,7 +392,6 @@ index 1e06fef..0000000
 -
 -    unsigned long long *ss = (unsigned long long *)s;
 -
--
 -    while (mlen >= r) {
 -        for (i = 0; i < r / 8; ++i) {
 -            ss[4 * i + 0] ^= load64(m0 + 8 * i);
@@ -510,7 +439,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
 -static void keccak_squeezeblocks4x(unsigned char *h0,
 -                                   unsigned char *h1,
 -                                   unsigned char *h2,
@@ -538,8 +466,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
--
 -void shake128x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,
@@ -582,7 +508,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
 -void shake256x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,
@@ -624,10 +549,10 @@ index 1e06fef..0000000
 -        }
 -    }
 -}
-diff --git a/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.h b/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.h
+diff --git a/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.h b/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.h
 deleted file mode 100644
 index 2b93c9c..0000000
---- a/crypto_sign/sphincs-shake-128f-simple/avx2/fips202x4.h
+--- a/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.h
 +++ /dev/null
 @@ -1,28 +0,0 @@
 -#ifndef SPX_FIPS202X4_H
@@ -658,10 +583,10 @@ index 2b93c9c..0000000
 -                unsigned char *in3, unsigned long long inlen);
 -
 -#endif
-diff --git a/crypto_sign/sphincs-shake-128s-robust/META.yml b/crypto_sign/sphincs-shake-128s-robust/META.yml
-index bff72cb..f7dc076 100644
---- a/crypto_sign/sphincs-shake-128s-robust/META.yml
-+++ b/crypto_sign/sphincs-shake-128s-robust/META.yml
+diff --git a/crypto_sign/sphincs-shake-192f-simple/META.yml b/crypto_sign/sphincs-shake-192f-simple/META.yml
+index f14a505..a6bbcd8 100644
+--- a/crypto_sign/sphincs-shake-192f-simple/META.yml
++++ b/crypto_sign/sphincs-shake-192f-simple/META.yml
 @@ -34,6 +34,9 @@ implementations:
      supported_platforms:
        - architecture: x86_64
@@ -670,14 +595,14 @@ index bff72cb..f7dc076 100644
 +          - Linux
 +          - Darwin
    - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
+     version: https://github.com/sphincs/sphincsplus/commit/f38d4fdaff9c5889a086955a027f6bd71d8a4a96
      supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-128s-robust/avx2/fips202x4.c b/crypto_sign/sphincs-shake-128s-robust/avx2/fips202x4.c
+diff --git a/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.c
 deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-128s-robust/avx2/fips202x4.c
+index 7481b81..0000000
+--- a/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.c
 +++ /dev/null
-@@ -1,210 +0,0 @@
+@@ -1,205 +0,0 @@
 -#include <assert.h>
 -#include <immintrin.h>
 -#include <stdint.h>
@@ -726,7 +651,6 @@ index 1e06fef..0000000
 -
 -    unsigned long long *ss = (unsigned long long *)s;
 -
--
 -    while (mlen >= r) {
 -        for (i = 0; i < r / 8; ++i) {
 -            ss[4 * i + 0] ^= load64(m0 + 8 * i);
@@ -774,7 +698,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
 -static void keccak_squeezeblocks4x(unsigned char *h0,
 -                                   unsigned char *h1,
 -                                   unsigned char *h2,
@@ -802,8 +725,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
--
 -void shake128x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,
@@ -846,7 +767,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
 -void shake256x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,
@@ -888,10 +808,10 @@ index 1e06fef..0000000
 -        }
 -    }
 -}
-diff --git a/crypto_sign/sphincs-shake-128s-robust/avx2/fips202x4.h b/crypto_sign/sphincs-shake-128s-robust/avx2/fips202x4.h
+diff --git a/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.h b/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.h
 deleted file mode 100644
 index 2b93c9c..0000000
---- a/crypto_sign/sphincs-shake-128s-robust/avx2/fips202x4.h
+--- a/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.h
 +++ /dev/null
 @@ -1,28 +0,0 @@
 -#ifndef SPX_FIPS202X4_H
@@ -922,10 +842,10 @@ index 2b93c9c..0000000
 -                unsigned char *in3, unsigned long long inlen);
 -
 -#endif
-diff --git a/crypto_sign/sphincs-shake-128s-simple/META.yml b/crypto_sign/sphincs-shake-128s-simple/META.yml
-index 4effd0a..eb436b2 100644
---- a/crypto_sign/sphincs-shake-128s-simple/META.yml
-+++ b/crypto_sign/sphincs-shake-128s-simple/META.yml
+diff --git a/crypto_sign/sphincs-shake-192s-simple/META.yml b/crypto_sign/sphincs-shake-192s-simple/META.yml
+index adc9279..0aad230 100644
+--- a/crypto_sign/sphincs-shake-192s-simple/META.yml
++++ b/crypto_sign/sphincs-shake-192s-simple/META.yml
 @@ -34,6 +34,9 @@ implementations:
      supported_platforms:
        - architecture: x86_64
@@ -934,14 +854,14 @@ index 4effd0a..eb436b2 100644
 +          - Linux
 +          - Darwin
    - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
+     version: https://github.com/sphincs/sphincsplus/commit/f38d4fdaff9c5889a086955a027f6bd71d8a4a96
      supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.c
+diff --git a/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.c
 deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.c
+index 7481b81..0000000
+--- a/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.c
 +++ /dev/null
-@@ -1,210 +0,0 @@
+@@ -1,205 +0,0 @@
 -#include <assert.h>
 -#include <immintrin.h>
 -#include <stdint.h>
@@ -990,7 +910,6 @@ index 1e06fef..0000000
 -
 -    unsigned long long *ss = (unsigned long long *)s;
 -
--
 -    while (mlen >= r) {
 -        for (i = 0; i < r / 8; ++i) {
 -            ss[4 * i + 0] ^= load64(m0 + 8 * i);
@@ -1038,7 +957,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
 -static void keccak_squeezeblocks4x(unsigned char *h0,
 -                                   unsigned char *h1,
 -                                   unsigned char *h2,
@@ -1066,8 +984,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
--
 -void shake128x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,
@@ -1110,7 +1026,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
 -void shake256x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,
@@ -1152,10 +1067,10 @@ index 1e06fef..0000000
 -        }
 -    }
 -}
-diff --git a/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.h b/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.h
+diff --git a/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.h b/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.h
 deleted file mode 100644
 index 2b93c9c..0000000
---- a/crypto_sign/sphincs-shake-128s-simple/avx2/fips202x4.h
+--- a/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.h
 +++ /dev/null
 @@ -1,28 +0,0 @@
 -#ifndef SPX_FIPS202X4_H
@@ -1186,10 +1101,10 @@ index 2b93c9c..0000000
 -                unsigned char *in3, unsigned long long inlen);
 -
 -#endif
-diff --git a/crypto_sign/sphincs-shake-192f-robust/META.yml b/crypto_sign/sphincs-shake-192f-robust/META.yml
-index 2ec5f1b..370481e 100644
---- a/crypto_sign/sphincs-shake-192f-robust/META.yml
-+++ b/crypto_sign/sphincs-shake-192f-robust/META.yml
+diff --git a/crypto_sign/sphincs-shake-256f-simple/META.yml b/crypto_sign/sphincs-shake-256f-simple/META.yml
+index fe03dea..03a32c3 100644
+--- a/crypto_sign/sphincs-shake-256f-simple/META.yml
++++ b/crypto_sign/sphincs-shake-256f-simple/META.yml
 @@ -34,6 +34,9 @@ implementations:
      supported_platforms:
        - architecture: x86_64
@@ -1198,14 +1113,14 @@ index 2ec5f1b..370481e 100644
 +          - Linux
 +          - Darwin
    - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
+     version: https://github.com/sphincs/sphincsplus/commit/f38d4fdaff9c5889a086955a027f6bd71d8a4a96
      supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-192f-robust/avx2/fips202x4.c b/crypto_sign/sphincs-shake-192f-robust/avx2/fips202x4.c
+diff --git a/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.c
 deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-192f-robust/avx2/fips202x4.c
+index 7481b81..0000000
+--- a/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.c
 +++ /dev/null
-@@ -1,210 +0,0 @@
+@@ -1,205 +0,0 @@
 -#include <assert.h>
 -#include <immintrin.h>
 -#include <stdint.h>
@@ -1254,7 +1169,6 @@ index 1e06fef..0000000
 -
 -    unsigned long long *ss = (unsigned long long *)s;
 -
--
 -    while (mlen >= r) {
 -        for (i = 0; i < r / 8; ++i) {
 -            ss[4 * i + 0] ^= load64(m0 + 8 * i);
@@ -1302,7 +1216,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
 -static void keccak_squeezeblocks4x(unsigned char *h0,
 -                                   unsigned char *h1,
 -                                   unsigned char *h2,
@@ -1330,8 +1243,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
--
 -void shake128x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,
@@ -1374,7 +1285,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
 -void shake256x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,
@@ -1416,10 +1326,10 @@ index 1e06fef..0000000
 -        }
 -    }
 -}
-diff --git a/crypto_sign/sphincs-shake-192f-robust/avx2/fips202x4.h b/crypto_sign/sphincs-shake-192f-robust/avx2/fips202x4.h
+diff --git a/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.h b/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.h
 deleted file mode 100644
 index 2b93c9c..0000000
---- a/crypto_sign/sphincs-shake-192f-robust/avx2/fips202x4.h
+--- a/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.h
 +++ /dev/null
 @@ -1,28 +0,0 @@
 -#ifndef SPX_FIPS202X4_H
@@ -1450,10 +1360,10 @@ index 2b93c9c..0000000
 -                unsigned char *in3, unsigned long long inlen);
 -
 -#endif
-diff --git a/crypto_sign/sphincs-shake-192f-simple/META.yml b/crypto_sign/sphincs-shake-192f-simple/META.yml
-index ad7e420..cb8385a 100644
---- a/crypto_sign/sphincs-shake-192f-simple/META.yml
-+++ b/crypto_sign/sphincs-shake-192f-simple/META.yml
+diff --git a/crypto_sign/sphincs-shake-256s-simple/META.yml b/crypto_sign/sphincs-shake-256s-simple/META.yml
+index 0709bb4..2457d36 100644
+--- a/crypto_sign/sphincs-shake-256s-simple/META.yml
++++ b/crypto_sign/sphincs-shake-256s-simple/META.yml
 @@ -34,6 +34,9 @@ implementations:
      supported_platforms:
        - architecture: x86_64
@@ -1462,14 +1372,14 @@ index ad7e420..cb8385a 100644
 +          - Linux
 +          - Darwin
    - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
+     version: https://github.com/sphincs/sphincsplus/commit/f38d4fdaff9c5889a086955a027f6bd71d8a4a96
      supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.c
+diff --git a/crypto_sign/sphincs-shake-256s-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-256s-simple/avx2/fips202x4.c
 deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.c
+index 7481b81..0000000
+--- a/crypto_sign/sphincs-shake-256s-simple/avx2/fips202x4.c
 +++ /dev/null
-@@ -1,210 +0,0 @@
+@@ -1,205 +0,0 @@
 -#include <assert.h>
 -#include <immintrin.h>
 -#include <stdint.h>
@@ -1518,7 +1428,6 @@ index 1e06fef..0000000
 -
 -    unsigned long long *ss = (unsigned long long *)s;
 -
--
 -    while (mlen >= r) {
 -        for (i = 0; i < r / 8; ++i) {
 -            ss[4 * i + 0] ^= load64(m0 + 8 * i);
@@ -1566,7 +1475,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
 -static void keccak_squeezeblocks4x(unsigned char *h0,
 -                                   unsigned char *h1,
 -                                   unsigned char *h2,
@@ -1594,8 +1502,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
--
 -void shake128x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,
@@ -1638,1591 +1544,6 @@ index 1e06fef..0000000
 -    }
 -}
 -
--
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE256_RATE];
--    unsigned char t1[SHAKE256_RATE];
--    unsigned char t2[SHAKE256_RATE];
--    unsigned char t3[SHAKE256_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE256_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE256_RATE, s, SHAKE256_RATE);
--
--    out0 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out1 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out2 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out3 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--
--    if (outlen % SHAKE256_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE256_RATE);
--        for (i = 0; i < outlen % SHAKE256_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
-diff --git a/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.h b/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.h
-deleted file mode 100644
-index 2b93c9c..0000000
---- a/crypto_sign/sphincs-shake-192f-simple/avx2/fips202x4.h
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#ifndef SPX_FIPS202X4_H
--#define SPX_FIPS202X4_H
--
--#include <immintrin.h>
--
--#include "params.h"
--
--#define shake128x4 SPX_NAMESPACE(shake128x4)
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#define shake256x4 SPX_NAMESPACE(shake256x4)
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#endif
-diff --git a/crypto_sign/sphincs-shake-192s-robust/META.yml b/crypto_sign/sphincs-shake-192s-robust/META.yml
-index 3003eac..6a4c03c 100644
---- a/crypto_sign/sphincs-shake-192s-robust/META.yml
-+++ b/crypto_sign/sphincs-shake-192s-robust/META.yml
-@@ -34,6 +34,9 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
-   - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
-     supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-192s-robust/avx2/fips202x4.c b/crypto_sign/sphincs-shake-192s-robust/avx2/fips202x4.c
-deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-192s-robust/avx2/fips202x4.c
-+++ /dev/null
-@@ -1,210 +0,0 @@
--#include <assert.h>
--#include <immintrin.h>
--#include <stdint.h>
--
--#include "fips202.h"
--#include "fips202x4.h"
--
--#define NROUNDS 24
--#define ROL(a, offset) (((a) << (offset)) ^ ((a) >> (64-(offset))))
--
--static uint64_t load64(const unsigned char *x) {
--    unsigned long long r = 0, i;
--
--    for (i = 0; i < 8; ++i) {
--        r |= (unsigned long long)x[i] << 8 * i;
--    }
--    return r;
--}
--
--static void store64(uint8_t *x, uint64_t u) {
--    unsigned int i;
--
--    for (i = 0; i < 8; ++i) {
--        x[i] = (uint8_t)u;
--        u >>= 8;
--    }
--}
--
--/* Use implementation from the Keccak Code Package */
--extern void KeccakP1600times4_PermuteAll_24rounds(__m256i *s);
--#define KeccakF1600_StatePermute4x KeccakP1600times4_PermuteAll_24rounds
--
--static void keccak_absorb4x(__m256i *s,
--                            unsigned int r,
--                            const unsigned char *m0,
--                            const unsigned char *m1,
--                            const unsigned char *m2,
--                            const unsigned char *m3,
--                            unsigned long long int mlen,
--                            unsigned char p) {
--    unsigned long long i;
--    unsigned char t0[200];
--    unsigned char t1[200];
--    unsigned char t2[200];
--    unsigned char t3[200];
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--
--    while (mlen >= r) {
--        for (i = 0; i < r / 8; ++i) {
--            ss[4 * i + 0] ^= load64(m0 + 8 * i);
--            ss[4 * i + 1] ^= load64(m1 + 8 * i);
--            ss[4 * i + 2] ^= load64(m2 + 8 * i);
--            ss[4 * i + 3] ^= load64(m3 + 8 * i);
--        }
--
--        KeccakF1600_StatePermute4x(s);
--        mlen -= r;
--        m0 += r;
--        m1 += r;
--        m2 += r;
--        m3 += r;
--    }
--
--    for (i = 0; i < r; ++i) {
--        t0[i] = 0;
--        t1[i] = 0;
--        t2[i] = 0;
--        t3[i] = 0;
--    }
--    for (i = 0; i < mlen; ++i) {
--        t0[i] = m0[i];
--        t1[i] = m1[i];
--        t2[i] = m2[i];
--        t3[i] = m3[i];
--    }
--
--    t0[i] = p;
--    t1[i] = p;
--    t2[i] = p;
--    t3[i] = p;
--
--    t0[r - 1] |= 128;
--    t1[r - 1] |= 128;
--    t2[r - 1] |= 128;
--    t3[r - 1] |= 128;
--
--    for (i = 0; i < r / 8; ++i) {
--        ss[4 * i + 0] ^= load64(t0 + 8 * i);
--        ss[4 * i + 1] ^= load64(t1 + 8 * i);
--        ss[4 * i + 2] ^= load64(t2 + 8 * i);
--        ss[4 * i + 3] ^= load64(t3 + 8 * i);
--    }
--}
--
--
--static void keccak_squeezeblocks4x(unsigned char *h0,
--                                   unsigned char *h1,
--                                   unsigned char *h2,
--                                   unsigned char *h3,
--                                   unsigned long long int nblocks,
--                                   __m256i *s,
--                                   unsigned int r) {
--    unsigned int i;
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--    while (nblocks > 0) {
--        KeccakF1600_StatePermute4x(s);
--        for (i = 0; i < (r >> 3); i++) {
--            store64(h0 + 8 * i, ss[4 * i + 0]);
--            store64(h1 + 8 * i, ss[4 * i + 1]);
--            store64(h2 + 8 * i, ss[4 * i + 2]);
--            store64(h3 + 8 * i, ss[4 * i + 3]);
--        }
--        h0 += r;
--        h1 += r;
--        h2 += r;
--        h3 += r;
--        nblocks--;
--    }
--}
--
--
--
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE128_RATE];
--    unsigned char t1[SHAKE128_RATE];
--    unsigned char t2[SHAKE128_RATE];
--    unsigned char t3[SHAKE128_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE128_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE128_RATE, s, SHAKE128_RATE);
--
--    out0 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out1 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out2 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out3 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--
--    if (outlen % SHAKE128_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE128_RATE);
--        for (i = 0; i < outlen % SHAKE128_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
--
--
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE256_RATE];
--    unsigned char t1[SHAKE256_RATE];
--    unsigned char t2[SHAKE256_RATE];
--    unsigned char t3[SHAKE256_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE256_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE256_RATE, s, SHAKE256_RATE);
--
--    out0 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out1 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out2 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out3 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--
--    if (outlen % SHAKE256_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE256_RATE);
--        for (i = 0; i < outlen % SHAKE256_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
-diff --git a/crypto_sign/sphincs-shake-192s-robust/avx2/fips202x4.h b/crypto_sign/sphincs-shake-192s-robust/avx2/fips202x4.h
-deleted file mode 100644
-index 2b93c9c..0000000
---- a/crypto_sign/sphincs-shake-192s-robust/avx2/fips202x4.h
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#ifndef SPX_FIPS202X4_H
--#define SPX_FIPS202X4_H
--
--#include <immintrin.h>
--
--#include "params.h"
--
--#define shake128x4 SPX_NAMESPACE(shake128x4)
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#define shake256x4 SPX_NAMESPACE(shake256x4)
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#endif
-diff --git a/crypto_sign/sphincs-shake-192s-simple/META.yml b/crypto_sign/sphincs-shake-192s-simple/META.yml
-index 2c10b1e..df28047 100644
---- a/crypto_sign/sphincs-shake-192s-simple/META.yml
-+++ b/crypto_sign/sphincs-shake-192s-simple/META.yml
-@@ -34,6 +34,9 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
-   - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
-     supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.c
-deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.c
-+++ /dev/null
-@@ -1,210 +0,0 @@
--#include <assert.h>
--#include <immintrin.h>
--#include <stdint.h>
--
--#include "fips202.h"
--#include "fips202x4.h"
--
--#define NROUNDS 24
--#define ROL(a, offset) (((a) << (offset)) ^ ((a) >> (64-(offset))))
--
--static uint64_t load64(const unsigned char *x) {
--    unsigned long long r = 0, i;
--
--    for (i = 0; i < 8; ++i) {
--        r |= (unsigned long long)x[i] << 8 * i;
--    }
--    return r;
--}
--
--static void store64(uint8_t *x, uint64_t u) {
--    unsigned int i;
--
--    for (i = 0; i < 8; ++i) {
--        x[i] = (uint8_t)u;
--        u >>= 8;
--    }
--}
--
--/* Use implementation from the Keccak Code Package */
--extern void KeccakP1600times4_PermuteAll_24rounds(__m256i *s);
--#define KeccakF1600_StatePermute4x KeccakP1600times4_PermuteAll_24rounds
--
--static void keccak_absorb4x(__m256i *s,
--                            unsigned int r,
--                            const unsigned char *m0,
--                            const unsigned char *m1,
--                            const unsigned char *m2,
--                            const unsigned char *m3,
--                            unsigned long long int mlen,
--                            unsigned char p) {
--    unsigned long long i;
--    unsigned char t0[200];
--    unsigned char t1[200];
--    unsigned char t2[200];
--    unsigned char t3[200];
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--
--    while (mlen >= r) {
--        for (i = 0; i < r / 8; ++i) {
--            ss[4 * i + 0] ^= load64(m0 + 8 * i);
--            ss[4 * i + 1] ^= load64(m1 + 8 * i);
--            ss[4 * i + 2] ^= load64(m2 + 8 * i);
--            ss[4 * i + 3] ^= load64(m3 + 8 * i);
--        }
--
--        KeccakF1600_StatePermute4x(s);
--        mlen -= r;
--        m0 += r;
--        m1 += r;
--        m2 += r;
--        m3 += r;
--    }
--
--    for (i = 0; i < r; ++i) {
--        t0[i] = 0;
--        t1[i] = 0;
--        t2[i] = 0;
--        t3[i] = 0;
--    }
--    for (i = 0; i < mlen; ++i) {
--        t0[i] = m0[i];
--        t1[i] = m1[i];
--        t2[i] = m2[i];
--        t3[i] = m3[i];
--    }
--
--    t0[i] = p;
--    t1[i] = p;
--    t2[i] = p;
--    t3[i] = p;
--
--    t0[r - 1] |= 128;
--    t1[r - 1] |= 128;
--    t2[r - 1] |= 128;
--    t3[r - 1] |= 128;
--
--    for (i = 0; i < r / 8; ++i) {
--        ss[4 * i + 0] ^= load64(t0 + 8 * i);
--        ss[4 * i + 1] ^= load64(t1 + 8 * i);
--        ss[4 * i + 2] ^= load64(t2 + 8 * i);
--        ss[4 * i + 3] ^= load64(t3 + 8 * i);
--    }
--}
--
--
--static void keccak_squeezeblocks4x(unsigned char *h0,
--                                   unsigned char *h1,
--                                   unsigned char *h2,
--                                   unsigned char *h3,
--                                   unsigned long long int nblocks,
--                                   __m256i *s,
--                                   unsigned int r) {
--    unsigned int i;
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--    while (nblocks > 0) {
--        KeccakF1600_StatePermute4x(s);
--        for (i = 0; i < (r >> 3); i++) {
--            store64(h0 + 8 * i, ss[4 * i + 0]);
--            store64(h1 + 8 * i, ss[4 * i + 1]);
--            store64(h2 + 8 * i, ss[4 * i + 2]);
--            store64(h3 + 8 * i, ss[4 * i + 3]);
--        }
--        h0 += r;
--        h1 += r;
--        h2 += r;
--        h3 += r;
--        nblocks--;
--    }
--}
--
--
--
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE128_RATE];
--    unsigned char t1[SHAKE128_RATE];
--    unsigned char t2[SHAKE128_RATE];
--    unsigned char t3[SHAKE128_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE128_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE128_RATE, s, SHAKE128_RATE);
--
--    out0 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out1 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out2 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out3 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--
--    if (outlen % SHAKE128_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE128_RATE);
--        for (i = 0; i < outlen % SHAKE128_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
--
--
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE256_RATE];
--    unsigned char t1[SHAKE256_RATE];
--    unsigned char t2[SHAKE256_RATE];
--    unsigned char t3[SHAKE256_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE256_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE256_RATE, s, SHAKE256_RATE);
--
--    out0 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out1 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out2 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out3 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--
--    if (outlen % SHAKE256_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE256_RATE);
--        for (i = 0; i < outlen % SHAKE256_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
-diff --git a/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.h b/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.h
-deleted file mode 100644
-index 2b93c9c..0000000
---- a/crypto_sign/sphincs-shake-192s-simple/avx2/fips202x4.h
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#ifndef SPX_FIPS202X4_H
--#define SPX_FIPS202X4_H
--
--#include <immintrin.h>
--
--#include "params.h"
--
--#define shake128x4 SPX_NAMESPACE(shake128x4)
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#define shake256x4 SPX_NAMESPACE(shake256x4)
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#endif
-diff --git a/crypto_sign/sphincs-shake-256f-robust/META.yml b/crypto_sign/sphincs-shake-256f-robust/META.yml
-index 92601fe..51da213 100644
---- a/crypto_sign/sphincs-shake-256f-robust/META.yml
-+++ b/crypto_sign/sphincs-shake-256f-robust/META.yml
-@@ -34,6 +34,9 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
-   - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
-     supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-256f-robust/avx2/fips202x4.c b/crypto_sign/sphincs-shake-256f-robust/avx2/fips202x4.c
-deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-256f-robust/avx2/fips202x4.c
-+++ /dev/null
-@@ -1,210 +0,0 @@
--#include <assert.h>
--#include <immintrin.h>
--#include <stdint.h>
--
--#include "fips202.h"
--#include "fips202x4.h"
--
--#define NROUNDS 24
--#define ROL(a, offset) (((a) << (offset)) ^ ((a) >> (64-(offset))))
--
--static uint64_t load64(const unsigned char *x) {
--    unsigned long long r = 0, i;
--
--    for (i = 0; i < 8; ++i) {
--        r |= (unsigned long long)x[i] << 8 * i;
--    }
--    return r;
--}
--
--static void store64(uint8_t *x, uint64_t u) {
--    unsigned int i;
--
--    for (i = 0; i < 8; ++i) {
--        x[i] = (uint8_t)u;
--        u >>= 8;
--    }
--}
--
--/* Use implementation from the Keccak Code Package */
--extern void KeccakP1600times4_PermuteAll_24rounds(__m256i *s);
--#define KeccakF1600_StatePermute4x KeccakP1600times4_PermuteAll_24rounds
--
--static void keccak_absorb4x(__m256i *s,
--                            unsigned int r,
--                            const unsigned char *m0,
--                            const unsigned char *m1,
--                            const unsigned char *m2,
--                            const unsigned char *m3,
--                            unsigned long long int mlen,
--                            unsigned char p) {
--    unsigned long long i;
--    unsigned char t0[200];
--    unsigned char t1[200];
--    unsigned char t2[200];
--    unsigned char t3[200];
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--
--    while (mlen >= r) {
--        for (i = 0; i < r / 8; ++i) {
--            ss[4 * i + 0] ^= load64(m0 + 8 * i);
--            ss[4 * i + 1] ^= load64(m1 + 8 * i);
--            ss[4 * i + 2] ^= load64(m2 + 8 * i);
--            ss[4 * i + 3] ^= load64(m3 + 8 * i);
--        }
--
--        KeccakF1600_StatePermute4x(s);
--        mlen -= r;
--        m0 += r;
--        m1 += r;
--        m2 += r;
--        m3 += r;
--    }
--
--    for (i = 0; i < r; ++i) {
--        t0[i] = 0;
--        t1[i] = 0;
--        t2[i] = 0;
--        t3[i] = 0;
--    }
--    for (i = 0; i < mlen; ++i) {
--        t0[i] = m0[i];
--        t1[i] = m1[i];
--        t2[i] = m2[i];
--        t3[i] = m3[i];
--    }
--
--    t0[i] = p;
--    t1[i] = p;
--    t2[i] = p;
--    t3[i] = p;
--
--    t0[r - 1] |= 128;
--    t1[r - 1] |= 128;
--    t2[r - 1] |= 128;
--    t3[r - 1] |= 128;
--
--    for (i = 0; i < r / 8; ++i) {
--        ss[4 * i + 0] ^= load64(t0 + 8 * i);
--        ss[4 * i + 1] ^= load64(t1 + 8 * i);
--        ss[4 * i + 2] ^= load64(t2 + 8 * i);
--        ss[4 * i + 3] ^= load64(t3 + 8 * i);
--    }
--}
--
--
--static void keccak_squeezeblocks4x(unsigned char *h0,
--                                   unsigned char *h1,
--                                   unsigned char *h2,
--                                   unsigned char *h3,
--                                   unsigned long long int nblocks,
--                                   __m256i *s,
--                                   unsigned int r) {
--    unsigned int i;
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--    while (nblocks > 0) {
--        KeccakF1600_StatePermute4x(s);
--        for (i = 0; i < (r >> 3); i++) {
--            store64(h0 + 8 * i, ss[4 * i + 0]);
--            store64(h1 + 8 * i, ss[4 * i + 1]);
--            store64(h2 + 8 * i, ss[4 * i + 2]);
--            store64(h3 + 8 * i, ss[4 * i + 3]);
--        }
--        h0 += r;
--        h1 += r;
--        h2 += r;
--        h3 += r;
--        nblocks--;
--    }
--}
--
--
--
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE128_RATE];
--    unsigned char t1[SHAKE128_RATE];
--    unsigned char t2[SHAKE128_RATE];
--    unsigned char t3[SHAKE128_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE128_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE128_RATE, s, SHAKE128_RATE);
--
--    out0 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out1 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out2 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out3 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--
--    if (outlen % SHAKE128_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE128_RATE);
--        for (i = 0; i < outlen % SHAKE128_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
--
--
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE256_RATE];
--    unsigned char t1[SHAKE256_RATE];
--    unsigned char t2[SHAKE256_RATE];
--    unsigned char t3[SHAKE256_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE256_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE256_RATE, s, SHAKE256_RATE);
--
--    out0 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out1 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out2 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out3 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--
--    if (outlen % SHAKE256_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE256_RATE);
--        for (i = 0; i < outlen % SHAKE256_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
-diff --git a/crypto_sign/sphincs-shake-256f-robust/avx2/fips202x4.h b/crypto_sign/sphincs-shake-256f-robust/avx2/fips202x4.h
-deleted file mode 100644
-index 2b93c9c..0000000
---- a/crypto_sign/sphincs-shake-256f-robust/avx2/fips202x4.h
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#ifndef SPX_FIPS202X4_H
--#define SPX_FIPS202X4_H
--
--#include <immintrin.h>
--
--#include "params.h"
--
--#define shake128x4 SPX_NAMESPACE(shake128x4)
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#define shake256x4 SPX_NAMESPACE(shake256x4)
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#endif
-diff --git a/crypto_sign/sphincs-shake-256f-simple/META.yml b/crypto_sign/sphincs-shake-256f-simple/META.yml
-index 315495a..845b9ea 100644
---- a/crypto_sign/sphincs-shake-256f-simple/META.yml
-+++ b/crypto_sign/sphincs-shake-256f-simple/META.yml
-@@ -34,6 +34,9 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
-   - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
-     supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.c
-deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.c
-+++ /dev/null
-@@ -1,210 +0,0 @@
--#include <assert.h>
--#include <immintrin.h>
--#include <stdint.h>
--
--#include "fips202.h"
--#include "fips202x4.h"
--
--#define NROUNDS 24
--#define ROL(a, offset) (((a) << (offset)) ^ ((a) >> (64-(offset))))
--
--static uint64_t load64(const unsigned char *x) {
--    unsigned long long r = 0, i;
--
--    for (i = 0; i < 8; ++i) {
--        r |= (unsigned long long)x[i] << 8 * i;
--    }
--    return r;
--}
--
--static void store64(uint8_t *x, uint64_t u) {
--    unsigned int i;
--
--    for (i = 0; i < 8; ++i) {
--        x[i] = (uint8_t)u;
--        u >>= 8;
--    }
--}
--
--/* Use implementation from the Keccak Code Package */
--extern void KeccakP1600times4_PermuteAll_24rounds(__m256i *s);
--#define KeccakF1600_StatePermute4x KeccakP1600times4_PermuteAll_24rounds
--
--static void keccak_absorb4x(__m256i *s,
--                            unsigned int r,
--                            const unsigned char *m0,
--                            const unsigned char *m1,
--                            const unsigned char *m2,
--                            const unsigned char *m3,
--                            unsigned long long int mlen,
--                            unsigned char p) {
--    unsigned long long i;
--    unsigned char t0[200];
--    unsigned char t1[200];
--    unsigned char t2[200];
--    unsigned char t3[200];
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--
--    while (mlen >= r) {
--        for (i = 0; i < r / 8; ++i) {
--            ss[4 * i + 0] ^= load64(m0 + 8 * i);
--            ss[4 * i + 1] ^= load64(m1 + 8 * i);
--            ss[4 * i + 2] ^= load64(m2 + 8 * i);
--            ss[4 * i + 3] ^= load64(m3 + 8 * i);
--        }
--
--        KeccakF1600_StatePermute4x(s);
--        mlen -= r;
--        m0 += r;
--        m1 += r;
--        m2 += r;
--        m3 += r;
--    }
--
--    for (i = 0; i < r; ++i) {
--        t0[i] = 0;
--        t1[i] = 0;
--        t2[i] = 0;
--        t3[i] = 0;
--    }
--    for (i = 0; i < mlen; ++i) {
--        t0[i] = m0[i];
--        t1[i] = m1[i];
--        t2[i] = m2[i];
--        t3[i] = m3[i];
--    }
--
--    t0[i] = p;
--    t1[i] = p;
--    t2[i] = p;
--    t3[i] = p;
--
--    t0[r - 1] |= 128;
--    t1[r - 1] |= 128;
--    t2[r - 1] |= 128;
--    t3[r - 1] |= 128;
--
--    for (i = 0; i < r / 8; ++i) {
--        ss[4 * i + 0] ^= load64(t0 + 8 * i);
--        ss[4 * i + 1] ^= load64(t1 + 8 * i);
--        ss[4 * i + 2] ^= load64(t2 + 8 * i);
--        ss[4 * i + 3] ^= load64(t3 + 8 * i);
--    }
--}
--
--
--static void keccak_squeezeblocks4x(unsigned char *h0,
--                                   unsigned char *h1,
--                                   unsigned char *h2,
--                                   unsigned char *h3,
--                                   unsigned long long int nblocks,
--                                   __m256i *s,
--                                   unsigned int r) {
--    unsigned int i;
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--    while (nblocks > 0) {
--        KeccakF1600_StatePermute4x(s);
--        for (i = 0; i < (r >> 3); i++) {
--            store64(h0 + 8 * i, ss[4 * i + 0]);
--            store64(h1 + 8 * i, ss[4 * i + 1]);
--            store64(h2 + 8 * i, ss[4 * i + 2]);
--            store64(h3 + 8 * i, ss[4 * i + 3]);
--        }
--        h0 += r;
--        h1 += r;
--        h2 += r;
--        h3 += r;
--        nblocks--;
--    }
--}
--
--
--
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE128_RATE];
--    unsigned char t1[SHAKE128_RATE];
--    unsigned char t2[SHAKE128_RATE];
--    unsigned char t3[SHAKE128_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE128_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE128_RATE, s, SHAKE128_RATE);
--
--    out0 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out1 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out2 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out3 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--
--    if (outlen % SHAKE128_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE128_RATE);
--        for (i = 0; i < outlen % SHAKE128_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
--
--
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE256_RATE];
--    unsigned char t1[SHAKE256_RATE];
--    unsigned char t2[SHAKE256_RATE];
--    unsigned char t3[SHAKE256_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE256_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE256_RATE, s, SHAKE256_RATE);
--
--    out0 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out1 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out2 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out3 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--
--    if (outlen % SHAKE256_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE256_RATE);
--        for (i = 0; i < outlen % SHAKE256_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
-diff --git a/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.h b/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.h
-deleted file mode 100644
-index 2b93c9c..0000000
---- a/crypto_sign/sphincs-shake-256f-simple/avx2/fips202x4.h
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#ifndef SPX_FIPS202X4_H
--#define SPX_FIPS202X4_H
--
--#include <immintrin.h>
--
--#include "params.h"
--
--#define shake128x4 SPX_NAMESPACE(shake128x4)
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#define shake256x4 SPX_NAMESPACE(shake256x4)
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#endif
-diff --git a/crypto_sign/sphincs-shake-256s-robust/META.yml b/crypto_sign/sphincs-shake-256s-robust/META.yml
-index 2bcff18..e332501 100644
---- a/crypto_sign/sphincs-shake-256s-robust/META.yml
-+++ b/crypto_sign/sphincs-shake-256s-robust/META.yml
-@@ -34,6 +34,9 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
-   - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
-     supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-256s-robust/avx2/fips202x4.c b/crypto_sign/sphincs-shake-256s-robust/avx2/fips202x4.c
-deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-256s-robust/avx2/fips202x4.c
-+++ /dev/null
-@@ -1,210 +0,0 @@
--#include <assert.h>
--#include <immintrin.h>
--#include <stdint.h>
--
--#include "fips202.h"
--#include "fips202x4.h"
--
--#define NROUNDS 24
--#define ROL(a, offset) (((a) << (offset)) ^ ((a) >> (64-(offset))))
--
--static uint64_t load64(const unsigned char *x) {
--    unsigned long long r = 0, i;
--
--    for (i = 0; i < 8; ++i) {
--        r |= (unsigned long long)x[i] << 8 * i;
--    }
--    return r;
--}
--
--static void store64(uint8_t *x, uint64_t u) {
--    unsigned int i;
--
--    for (i = 0; i < 8; ++i) {
--        x[i] = (uint8_t)u;
--        u >>= 8;
--    }
--}
--
--/* Use implementation from the Keccak Code Package */
--extern void KeccakP1600times4_PermuteAll_24rounds(__m256i *s);
--#define KeccakF1600_StatePermute4x KeccakP1600times4_PermuteAll_24rounds
--
--static void keccak_absorb4x(__m256i *s,
--                            unsigned int r,
--                            const unsigned char *m0,
--                            const unsigned char *m1,
--                            const unsigned char *m2,
--                            const unsigned char *m3,
--                            unsigned long long int mlen,
--                            unsigned char p) {
--    unsigned long long i;
--    unsigned char t0[200];
--    unsigned char t1[200];
--    unsigned char t2[200];
--    unsigned char t3[200];
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--
--    while (mlen >= r) {
--        for (i = 0; i < r / 8; ++i) {
--            ss[4 * i + 0] ^= load64(m0 + 8 * i);
--            ss[4 * i + 1] ^= load64(m1 + 8 * i);
--            ss[4 * i + 2] ^= load64(m2 + 8 * i);
--            ss[4 * i + 3] ^= load64(m3 + 8 * i);
--        }
--
--        KeccakF1600_StatePermute4x(s);
--        mlen -= r;
--        m0 += r;
--        m1 += r;
--        m2 += r;
--        m3 += r;
--    }
--
--    for (i = 0; i < r; ++i) {
--        t0[i] = 0;
--        t1[i] = 0;
--        t2[i] = 0;
--        t3[i] = 0;
--    }
--    for (i = 0; i < mlen; ++i) {
--        t0[i] = m0[i];
--        t1[i] = m1[i];
--        t2[i] = m2[i];
--        t3[i] = m3[i];
--    }
--
--    t0[i] = p;
--    t1[i] = p;
--    t2[i] = p;
--    t3[i] = p;
--
--    t0[r - 1] |= 128;
--    t1[r - 1] |= 128;
--    t2[r - 1] |= 128;
--    t3[r - 1] |= 128;
--
--    for (i = 0; i < r / 8; ++i) {
--        ss[4 * i + 0] ^= load64(t0 + 8 * i);
--        ss[4 * i + 1] ^= load64(t1 + 8 * i);
--        ss[4 * i + 2] ^= load64(t2 + 8 * i);
--        ss[4 * i + 3] ^= load64(t3 + 8 * i);
--    }
--}
--
--
--static void keccak_squeezeblocks4x(unsigned char *h0,
--                                   unsigned char *h1,
--                                   unsigned char *h2,
--                                   unsigned char *h3,
--                                   unsigned long long int nblocks,
--                                   __m256i *s,
--                                   unsigned int r) {
--    unsigned int i;
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--    while (nblocks > 0) {
--        KeccakF1600_StatePermute4x(s);
--        for (i = 0; i < (r >> 3); i++) {
--            store64(h0 + 8 * i, ss[4 * i + 0]);
--            store64(h1 + 8 * i, ss[4 * i + 1]);
--            store64(h2 + 8 * i, ss[4 * i + 2]);
--            store64(h3 + 8 * i, ss[4 * i + 3]);
--        }
--        h0 += r;
--        h1 += r;
--        h2 += r;
--        h3 += r;
--        nblocks--;
--    }
--}
--
--
--
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE128_RATE];
--    unsigned char t1[SHAKE128_RATE];
--    unsigned char t2[SHAKE128_RATE];
--    unsigned char t3[SHAKE128_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE128_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE128_RATE, s, SHAKE128_RATE);
--
--    out0 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out1 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out2 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out3 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--
--    if (outlen % SHAKE128_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE128_RATE);
--        for (i = 0; i < outlen % SHAKE128_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
--
--
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE256_RATE];
--    unsigned char t1[SHAKE256_RATE];
--    unsigned char t2[SHAKE256_RATE];
--    unsigned char t3[SHAKE256_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE256_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE256_RATE, s, SHAKE256_RATE);
--
--    out0 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out1 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out2 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--    out3 += (outlen / SHAKE256_RATE) * SHAKE256_RATE;
--
--    if (outlen % SHAKE256_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE256_RATE);
--        for (i = 0; i < outlen % SHAKE256_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
-diff --git a/crypto_sign/sphincs-shake-256s-robust/avx2/fips202x4.h b/crypto_sign/sphincs-shake-256s-robust/avx2/fips202x4.h
-deleted file mode 100644
-index 2b93c9c..0000000
---- a/crypto_sign/sphincs-shake-256s-robust/avx2/fips202x4.h
-+++ /dev/null
-@@ -1,28 +0,0 @@
--#ifndef SPX_FIPS202X4_H
--#define SPX_FIPS202X4_H
--
--#include <immintrin.h>
--
--#include "params.h"
--
--#define shake128x4 SPX_NAMESPACE(shake128x4)
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#define shake256x4 SPX_NAMESPACE(shake256x4)
--void shake256x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen);
--
--#endif
-diff --git a/crypto_sign/sphincs-shake-256s-simple/META.yml b/crypto_sign/sphincs-shake-256s-simple/META.yml
-index 84898ac..544022e 100644
---- a/crypto_sign/sphincs-shake-256s-simple/META.yml
-+++ b/crypto_sign/sphincs-shake-256s-simple/META.yml
-@@ -34,6 +34,9 @@ implementations:
-     supported_platforms:
-       - architecture: x86_64
-         required_flags: ['avx2']
-+        operating_systems:
-+          - Linux
-+          - Darwin
-   - name: aarch64
-     version: https://github.com/sphincs/sphincsplus/commit/ed15dd78658f63288c7492c00260d86154b84637
-     supported_platforms:
-diff --git a/crypto_sign/sphincs-shake-256s-simple/avx2/fips202x4.c b/crypto_sign/sphincs-shake-256s-simple/avx2/fips202x4.c
-deleted file mode 100644
-index 1e06fef..0000000
---- a/crypto_sign/sphincs-shake-256s-simple/avx2/fips202x4.c
-+++ /dev/null
-@@ -1,210 +0,0 @@
--#include <assert.h>
--#include <immintrin.h>
--#include <stdint.h>
--
--#include "fips202.h"
--#include "fips202x4.h"
--
--#define NROUNDS 24
--#define ROL(a, offset) (((a) << (offset)) ^ ((a) >> (64-(offset))))
--
--static uint64_t load64(const unsigned char *x) {
--    unsigned long long r = 0, i;
--
--    for (i = 0; i < 8; ++i) {
--        r |= (unsigned long long)x[i] << 8 * i;
--    }
--    return r;
--}
--
--static void store64(uint8_t *x, uint64_t u) {
--    unsigned int i;
--
--    for (i = 0; i < 8; ++i) {
--        x[i] = (uint8_t)u;
--        u >>= 8;
--    }
--}
--
--/* Use implementation from the Keccak Code Package */
--extern void KeccakP1600times4_PermuteAll_24rounds(__m256i *s);
--#define KeccakF1600_StatePermute4x KeccakP1600times4_PermuteAll_24rounds
--
--static void keccak_absorb4x(__m256i *s,
--                            unsigned int r,
--                            const unsigned char *m0,
--                            const unsigned char *m1,
--                            const unsigned char *m2,
--                            const unsigned char *m3,
--                            unsigned long long int mlen,
--                            unsigned char p) {
--    unsigned long long i;
--    unsigned char t0[200];
--    unsigned char t1[200];
--    unsigned char t2[200];
--    unsigned char t3[200];
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--
--    while (mlen >= r) {
--        for (i = 0; i < r / 8; ++i) {
--            ss[4 * i + 0] ^= load64(m0 + 8 * i);
--            ss[4 * i + 1] ^= load64(m1 + 8 * i);
--            ss[4 * i + 2] ^= load64(m2 + 8 * i);
--            ss[4 * i + 3] ^= load64(m3 + 8 * i);
--        }
--
--        KeccakF1600_StatePermute4x(s);
--        mlen -= r;
--        m0 += r;
--        m1 += r;
--        m2 += r;
--        m3 += r;
--    }
--
--    for (i = 0; i < r; ++i) {
--        t0[i] = 0;
--        t1[i] = 0;
--        t2[i] = 0;
--        t3[i] = 0;
--    }
--    for (i = 0; i < mlen; ++i) {
--        t0[i] = m0[i];
--        t1[i] = m1[i];
--        t2[i] = m2[i];
--        t3[i] = m3[i];
--    }
--
--    t0[i] = p;
--    t1[i] = p;
--    t2[i] = p;
--    t3[i] = p;
--
--    t0[r - 1] |= 128;
--    t1[r - 1] |= 128;
--    t2[r - 1] |= 128;
--    t3[r - 1] |= 128;
--
--    for (i = 0; i < r / 8; ++i) {
--        ss[4 * i + 0] ^= load64(t0 + 8 * i);
--        ss[4 * i + 1] ^= load64(t1 + 8 * i);
--        ss[4 * i + 2] ^= load64(t2 + 8 * i);
--        ss[4 * i + 3] ^= load64(t3 + 8 * i);
--    }
--}
--
--
--static void keccak_squeezeblocks4x(unsigned char *h0,
--                                   unsigned char *h1,
--                                   unsigned char *h2,
--                                   unsigned char *h3,
--                                   unsigned long long int nblocks,
--                                   __m256i *s,
--                                   unsigned int r) {
--    unsigned int i;
--
--    unsigned long long *ss = (unsigned long long *)s;
--
--    while (nblocks > 0) {
--        KeccakF1600_StatePermute4x(s);
--        for (i = 0; i < (r >> 3); i++) {
--            store64(h0 + 8 * i, ss[4 * i + 0]);
--            store64(h1 + 8 * i, ss[4 * i + 1]);
--            store64(h2 + 8 * i, ss[4 * i + 2]);
--            store64(h3 + 8 * i, ss[4 * i + 3]);
--        }
--        h0 += r;
--        h1 += r;
--        h2 += r;
--        h3 += r;
--        nblocks--;
--    }
--}
--
--
--
--void shake128x4(unsigned char *out0,
--                unsigned char *out1,
--                unsigned char *out2,
--                unsigned char *out3, unsigned long long outlen,
--                unsigned char *in0,
--                unsigned char *in1,
--                unsigned char *in2,
--                unsigned char *in3, unsigned long long inlen) {
--    __m256i s[25];
--    unsigned char t0[SHAKE128_RATE];
--    unsigned char t1[SHAKE128_RATE];
--    unsigned char t2[SHAKE128_RATE];
--    unsigned char t3[SHAKE128_RATE];
--    unsigned int i;
--
--    /* zero state */
--    for (i = 0; i < 25; i++) {
--        s[i] = _mm256_xor_si256(s[i], s[i]);
--    }
--
--    /* absorb 4 message of identical length in parallel */
--    keccak_absorb4x(s, SHAKE128_RATE, in0, in1, in2, in3, inlen, 0x1F);
--
--    /* Squeeze output */
--    keccak_squeezeblocks4x(out0, out1, out2, out3, outlen / SHAKE128_RATE, s, SHAKE128_RATE);
--
--    out0 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out1 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out2 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--    out3 += (outlen / SHAKE128_RATE) * SHAKE128_RATE;
--
--    if (outlen % SHAKE128_RATE) {
--        keccak_squeezeblocks4x(t0, t1, t2, t3, 1, s, SHAKE128_RATE);
--        for (i = 0; i < outlen % SHAKE128_RATE; i++) {
--            out0[i] = t0[i];
--            out1[i] = t1[i];
--            out2[i] = t2[i];
--            out3[i] = t3[i];
--        }
--    }
--}
--
--
 -void shake256x4(unsigned char *out0,
 -                unsigned char *out1,
 -                unsigned char *out2,