22 files changed, 153 insertions, 200 deletions

diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index 8334ae6..de9d8d3 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -35,6 +35,13 @@ jobs:
           - os: "ubuntu-24.04" # loong64
             arch: "loong64"
             compiler: "gcc"
+          - os: "ubuntu-24.04-arm"
+            arch: "native"
+            compiler: "gcc"
+          - os: "ubuntu-24.04-arm"
+            arch: "native"
+            compiler: "clang"
+
     steps:
       - name: "Checkout repository"
         uses: actions/checkout@v4
@@ -47,8 +54,8 @@ jobs:
 
   # Test ASAN with and without ASM enabled.
   test-asan:
-    name: "ASAN (${{ matrix.asm == 'ON' && 'asm' || 'no-asm' }})"
-    runs-on: "ubuntu-24.04"
+    name: "${{ matrix.os }} - ASAN (${{ matrix.asm == 'ON' && 'asm' || 'no-asm' }})"
+    runs-on: "${{ matrix.os }}"
     if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }}
     permissions:
       contents: read
@@ -56,6 +63,7 @@ jobs:
       fail-fast: false
       matrix:
         asm: [ON, OFF]
+        os: ["ubuntu-24.04", "ubuntu-24.04-arm"]
     steps:
       - name: "Checkout repository"
         uses: actions/checkout@v4
diff --git a/.gitignore b/.gitignore
index c83a56d..03f44eb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -108,6 +108,7 @@ tests/constraints*
 tests/crypto_test*
 tests/ctlog.conf
 tests/*.crt
+tests/ec_arithmetic*
 tests/ec_point_conversion*
 tests/ecc_cdh*
 tests/evp_pkey_cleanup*
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
index 047c228..f67d2bd 100644
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -33,11 +33,21 @@ if(HOST_ASM_ELF_X86_64)
                 bn/arch/amd64/bignum_add.S
                 bn/arch/amd64/bignum_cmadd.S
                 bn/arch/amd64/bignum_cmul.S
+                bn/arch/amd64/bignum_modadd.S
+                bn/arch/amd64/bignum_modsub.S
                 bn/arch/amd64/bignum_mul.S
+                bn/arch/amd64/bignum_mul_4_8.S
                 bn/arch/amd64/bignum_mul_4_8_alt.S
+                bn/arch/amd64/bignum_mul_6_12.S
+                bn/arch/amd64/bignum_mul_6_12_alt.S
+                bn/arch/amd64/bignum_mul_8_16.S
                 bn/arch/amd64/bignum_mul_8_16_alt.S
                 bn/arch/amd64/bignum_sqr.S
+                bn/arch/amd64/bignum_sqr_4_8.S
                 bn/arch/amd64/bignum_sqr_4_8_alt.S
+                bn/arch/amd64/bignum_sqr_6_12.S
+                bn/arch/amd64/bignum_sqr_6_12_alt.S
+                bn/arch/amd64/bignum_sqr_8_16.S
                 bn/arch/amd64/bignum_sqr_8_16_alt.S
                 bn/arch/amd64/bignum_sub.S
                 bn/arch/amd64/word_clz.S
@@ -71,11 +81,21 @@ if(HOST_ASM_MACOSX_X86_64)
                 bn/arch/amd64/bignum_add.S
                 bn/arch/amd64/bignum_cmadd.S
                 bn/arch/amd64/bignum_cmul.S
+                bn/arch/amd64/bignum_modadd.S
+                bn/arch/amd64/bignum_modsub.S
                 bn/arch/amd64/bignum_mul.S
+                bn/arch/amd64/bignum_mul_4_8.S
                 bn/arch/amd64/bignum_mul_4_8_alt.S
+                bn/arch/amd64/bignum_mul_6_12.S
+                bn/arch/amd64/bignum_mul_6_12_alt.S
+                bn/arch/amd64/bignum_mul_8_16.S
                 bn/arch/amd64/bignum_mul_8_16_alt.S
                 bn/arch/amd64/bignum_sqr.S
+                bn/arch/amd64/bignum_sqr_4_8.S
                 bn/arch/amd64/bignum_sqr_4_8_alt.S
+                bn/arch/amd64/bignum_sqr_6_12.S
+                bn/arch/amd64/bignum_sqr_6_12_alt.S
+                bn/arch/amd64/bignum_sqr_8_16.S
                 bn/arch/amd64/bignum_sqr_8_16_alt.S
                 bn/arch/amd64/bignum_sub.S
                 bn/arch/amd64/word_clz.S
@@ -416,8 +436,10 @@ set(
         lhash/lhash.c
         md4/md4.c
         md5/md5.c
-        mlkem/mlkem768.c
+        mlkem/mlkem.c
         mlkem/mlkem1024.c
+        mlkem/mlkem768.c
+        mlkem/mlkem_key.c
         modes/cbc128.c
         modes/ccm128.c
         modes/cfb128.c
diff --git a/crypto/Makefile.am b/crypto/Makefile.am
index ad241ab..610341a 100644
--- a/crypto/Makefile.am
+++ b/crypto/Makefile.am
@@ -738,9 +738,10 @@ libcrypto_la_SOURCES += md4/md4.c
 libcrypto_la_SOURCES += md5/md5.c
 
 # mlkem
-libcrypto_la_SOURCES += mlkem/mlkem768.c
+libcrypto_la_SOURCES += mlkem/mlkem.c
 libcrypto_la_SOURCES += mlkem/mlkem1024.c
-noinst_HEADERS += mlkem/mlkem.h
+libcrypto_la_SOURCES += mlkem/mlkem768.c
+libcrypto_la_SOURCES += mlkem/mlkem_key.c
 noinst_HEADERS += mlkem/mlkem_internal.h
 
 # modes
diff --git a/crypto/Makefile.am.elf-x86_64 b/crypto/Makefile.am.elf-x86_64
index ad49787..df67ad2 100644
--- a/crypto/Makefile.am.elf-x86_64
+++ b/crypto/Makefile.am.elf-x86_64
@@ -10,11 +10,21 @@ ASM_X86_64_ELF += rc4/rc4-elf-x86_64.S
 ASM_X86_64_ELF += bn/arch/amd64/bignum_add.S
 ASM_X86_64_ELF += bn/arch/amd64/bignum_cmadd.S
 ASM_X86_64_ELF += bn/arch/amd64/bignum_cmul.S
+ASM_X86_64_ELF += bn/arch/amd64/bignum_modadd.S
+ASM_X86_64_ELF += bn/arch/amd64/bignum_modsub.S
 ASM_X86_64_ELF += bn/arch/amd64/bignum_mul.S
+ASM_X86_64_ELF += bn/arch/amd64/bignum_mul_4_8.S
 ASM_X86_64_ELF += bn/arch/amd64/bignum_mul_4_8_alt.S
+ASM_X86_64_ELF += bn/arch/amd64/bignum_mul_6_12.S
+ASM_X86_64_ELF += bn/arch/amd64/bignum_mul_6_12_alt.S
+ASM_X86_64_ELF += bn/arch/amd64/bignum_mul_8_16.S
 ASM_X86_64_ELF += bn/arch/amd64/bignum_mul_8_16_alt.S
 ASM_X86_64_ELF += bn/arch/amd64/bignum_sqr.S
+ASM_X86_64_ELF += bn/arch/amd64/bignum_sqr_4_8.S
 ASM_X86_64_ELF += bn/arch/amd64/bignum_sqr_4_8_alt.S
+ASM_X86_64_ELF += bn/arch/amd64/bignum_sqr_6_12.S
+ASM_X86_64_ELF += bn/arch/amd64/bignum_sqr_6_12_alt.S
+ASM_X86_64_ELF += bn/arch/amd64/bignum_sqr_8_16.S
 ASM_X86_64_ELF += bn/arch/amd64/bignum_sqr_8_16_alt.S
 ASM_X86_64_ELF += bn/arch/amd64/bignum_sub.S
 ASM_X86_64_ELF += bn/arch/amd64/word_clz.S
diff --git a/crypto/Makefile.am.macosx-x86_64 b/crypto/Makefile.am.macosx-x86_64
index bbccfd6..23e27e6 100644
--- a/crypto/Makefile.am.macosx-x86_64
+++ b/crypto/Makefile.am.macosx-x86_64
@@ -10,11 +10,21 @@ ASM_X86_64_MACOSX += rc4/rc4-macosx-x86_64.S
 ASM_X86_64_MACOSX += bn/arch/amd64/bignum_add.S
 ASM_X86_64_MACOSX += bn/arch/amd64/bignum_cmadd.S
 ASM_X86_64_MACOSX += bn/arch/amd64/bignum_cmul.S
+ASM_X86_64_MACOSX += bn/arch/amd64/bignum_modadd.S
+ASM_X86_64_MACOSX += bn/arch/amd64/bignum_modsub.S
 ASM_X86_64_MACOSX += bn/arch/amd64/bignum_mul.S
+ASM_X86_64_MACOSX += bn/arch/amd64/bignum_mul_4_8.S
 ASM_X86_64_MACOSX += bn/arch/amd64/bignum_mul_4_8_alt.S
+ASM_X86_64_MACOSX += bn/arch/amd64/bignum_mul_6_12.S
+ASM_X86_64_MACOSX += bn/arch/amd64/bignum_mul_6_12_alt.S
+ASM_X86_64_MACOSX += bn/arch/amd64/bignum_mul_8_16.S
 ASM_X86_64_MACOSX += bn/arch/amd64/bignum_mul_8_16_alt.S
 ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sqr.S
+ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sqr_4_8.S
 ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sqr_4_8_alt.S
+ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sqr_6_12.S
+ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sqr_6_12_alt.S
+ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sqr_8_16.S
 ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sqr_8_16_alt.S
 ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sub.S
 ASM_X86_64_MACOSX += bn/arch/amd64/word_clz.S
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index 04160af..4802d13 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -19,10 +19,7 @@ if(ENABLE_LIBRESSL_INSTALL)
                 PATTERN "CMakeLists.txt" EXCLUDE
                 PATTERN "compat" EXCLUDE
                 PATTERN "pqueue.h" EXCLUDE
-                PATTERN "Makefile*" EXCLUDE
-                PATTERN "arch" EXCLUDE)
-        install(FILES ${CMAKE_BINARY_DIR}/include/openssl/opensslconf.h
-                DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/openssl")
+                PATTERN "Makefile*" EXCLUDE)
 endif(ENABLE_LIBRESSL_INSTALL)
 
 file(COPY .
@@ -32,30 +29,3 @@ file(COPY .
         PATTERN "pqueue.h" EXCLUDE
         PATTERN "Makefile*" EXCLUDE
         PATTERN "arch" EXCLUDE)
-
-if(HOST_AARCH64)
-        file(READ arch/aarch64/opensslconf.h OPENSSLCONF)
-elseif(HOST_ARM)
-        file(READ arch/arm/opensslconf.h OPENSSLCONF)
-elseif(HOST_I386)
-        file(READ arch/i386/opensslconf.h OPENSSLCONF)
-elseif(HOST_LOONGARCH64)
-        file(READ arch/loongarch64/opensslconf.h OPENSSLCONF)
-elseif(HOST_MIPS)
-        file(READ arch/mips/opensslconf.h OPENSSLCONF)
-elseif(HOST_MIPS64)
-        file(READ arch/mips64/opensslconf.h OPENSSLCONF)
-elseif(HOST_POWERPC)
-        file(READ arch/powerpc/opensslconf.h OPENSSLCONF)
-elseif(HOST_POWERPC64)
-        file(READ arch/powerpc64/opensslconf.h OPENSSLCONF)
-elseif(HOST_RISCV64)
-        file(READ arch/riscv64/opensslconf.h OPENSSLCONF)
-elseif(HOST_SPARC64)
-        file(READ arch/sparc64/opensslconf.h OPENSSLCONF)
-elseif(HOST_X86_64)
-        file(READ arch/amd64/opensslconf.h OPENSSLCONF)
-else()
-        message(FATAL_ERROR "Architecture not supported")
-endif()
-file(WRITE ${CMAKE_BINARY_DIR}/include/openssl/opensslconf.h "${OPENSSLCONF}")
diff --git a/include/Makefile.am b/include/Makefile.am
index a3e1c19..04c9ea2 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -61,20 +61,4 @@ noinst_HEADERS += compat/sys/time.h
 noinst_HEADERS += compat/sys/types.h
 noinst_HEADERS += compat/sys/uio.h
 
-noinst_HEADERS += arch/aarch64/opensslconf.h
-noinst_HEADERS += arch/alpha/opensslconf.h
-noinst_HEADERS += arch/amd64/opensslconf.h
-noinst_HEADERS += arch/arm/opensslconf.h
-noinst_HEADERS += arch/hppa/opensslconf.h
-noinst_HEADERS += arch/i386/opensslconf.h
-noinst_HEADERS += arch/loongarch64/opensslconf.h
-noinst_HEADERS += arch/m88k/opensslconf.h
-noinst_HEADERS += arch/mips/opensslconf.h
-noinst_HEADERS += arch/mips64/opensslconf.h
-noinst_HEADERS += arch/powerpc/opensslconf.h
-noinst_HEADERS += arch/powerpc64/opensslconf.h
-noinst_HEADERS += arch/riscv64/opensslconf.h
-noinst_HEADERS += arch/sh/opensslconf.h
-noinst_HEADERS += arch/sparc64/opensslconf.h
-
 include_HEADERS = tls.h
diff --git a/include/arch/loongarch64/opensslconf.h b/include/arch/loongarch64/opensslconf.h
deleted file mode 100644
index 868066c..0000000
--- a/include/arch/loongarch64/opensslconf.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#include <openssl/opensslfeatures.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#ifndef OPENSSL_FILE
-#ifdef OPENSSL_NO_FILENAMES
-#define OPENSSL_FILE ""
-#define OPENSSL_LINE 0
-#else
-#define OPENSSL_FILE __FILE__
-#define OPENSSL_LINE __LINE__
-#endif
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
diff --git a/include/arch/mips/opensslconf.h b/include/arch/mips/opensslconf.h
deleted file mode 100644
index dcbe113..0000000
--- a/include/arch/mips/opensslconf.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#include <openssl/opensslfeatures.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#ifndef OPENSSL_FILE
-#ifdef OPENSSL_NO_FILENAMES
-#define OPENSSL_FILE ""
-#define OPENSSL_LINE 0
-#else
-#define OPENSSL_FILE __FILE__
-#define OPENSSL_LINE __LINE__
-#endif
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
diff --git a/include/openssl/Makefile.am.tpl b/include/openssl/Makefile.am.tpl
index 4bbbd60..1bea34d 100644
--- a/include/openssl/Makefile.am.tpl
+++ b/include/openssl/Makefile.am.tpl
@@ -3,43 +3,4 @@ include $(top_srcdir)/Makefile.am.common
 if !ENABLE_LIBTLS_ONLY
 opensslincludedir=$(includedir)/openssl
 
-BUILT_SOURCES = opensslconf.h
-CLEANFILES = opensslconf.h
-
-opensslconf.h: Makefile
-        -echo "generating opensslconf.h ..."
-if HOST_AARCH64
-        -cp $(top_srcdir)/include/arch/aarch64/opensslconf.h opensslconf.h
-endif
-if HOST_ARM
-        -cp $(top_srcdir)/include/arch/arm/opensslconf.h opensslconf.h
-endif
-if HOST_I386
-        -cp $(top_srcdir)/include/arch/i386/opensslconf.h opensslconf.h
-endif
-if HOST_LOONGARCH64
-        -cp $(top_srcdir)/include/arch/loongarch64/opensslconf.h opensslconf.h
-endif
-if HOST_MIPS
-        -cp $(top_srcdir)/include/arch/mips/opensslconf.h opensslconf.h
-endif
-if HOST_MIPS64
-        -cp $(top_srcdir)/include/arch/mips64/opensslconf.h opensslconf.h
-endif
-if HOST_POWERPC
-        -cp $(top_srcdir)/include/arch/powerpc/opensslconf.h opensslconf.h
-endif
-if HOST_POWERPC64
-        -cp $(top_srcdir)/include/arch/powerpc64/opensslconf.h opensslconf.h
-endif
-if HOST_RISCV64
-        -cp $(top_srcdir)/include/arch/riscv64/opensslconf.h opensslconf.h
-endif
-if HOST_SPARC64
-        -cp $(top_srcdir)/include/arch/sparc64/opensslconf.h opensslconf.h
-endif
-if HOST_X86_64
-        -cp $(top_srcdir)/include/arch/amd64/opensslconf.h opensslconf.h
-endif
-
-opensslinclude_HEADERS = opensslconf.h
+opensslinclude_HEADERS =
diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4
index fd63d77..99f142e 100644
--- a/m4/check-os-options.m4
+++ b/m4/check-os-options.m4
@@ -89,14 +89,14 @@ char buf[1]; getentropy(buf, 1);
                 ;;
         *hpux*)
                 HOST_OS=hpux;
-                if test "echo $host_os | cut -c 1-4" = "ia64" ; then
-                        if test "echo $CC | cut -d ' ' -f 1" = "gcc" ; then
+                if test "`echo $host_os | cut -c 1-4`" = "ia64" ; then
+                        if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then
                                 CFLAGS="$CFLAGS -mlp64"
                         else
                                 CFLAGS="+DD64"
                         fi
                 fi
-                if ! test "echo $CC | cut -d ' ' -f 1" = "gcc" ; then
+                if ! test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then
                         CFLAGS="-g -O2 +Otype_safety=off $CFLAGS $USER_CFLAGS"
                 fi
                 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
diff --git a/patches/amd64_crypto_arch.h.patch b/patches/amd64_crypto_arch.h.patch
index b094100..bf44458 100644
--- a/patches/amd64_crypto_arch.h.patch
+++ b/patches/amd64_crypto_arch.h.patch
@@ -1,6 +1,6 @@
---- crypto/arch/amd64/crypto_arch.h.orig        Wed Jul 23 08:15:02 2025
-+++ crypto/arch/amd64/crypto_arch.h     Wed Jul 23 08:15:20 2025
-@@ -47,6 +47,7 @@ extern uint64_t crypto_cpu_caps_amd64;
+--- crypto/arch/amd64/crypto_arch.h.orig        Sun Aug 17 13:14:19 2025
++++ crypto/arch/amd64/crypto_arch.h     Sun Aug 24 23:47:56 2025
+@@ -48,6 +48,7 @@ extern uint64_t crypto_cpu_caps_amd64;
  #define HAVE_RC4_INTERNAL
  #define HAVE_RC4_SET_KEY_INTERNAL
  
@@ -8,7 +8,7 @@
  #define HAVE_SHA1_BLOCK_DATA_ORDER
  #define HAVE_SHA1_BLOCK_GENERIC
  
-@@ -55,6 +56,7 @@ extern uint64_t crypto_cpu_caps_amd64;
+@@ -56,6 +57,7 @@ extern uint64_t crypto_cpu_caps_amd64;
  
  #define HAVE_SHA512_BLOCK_DATA_ORDER
  #define HAVE_SHA512_BLOCK_GENERIC
diff --git a/patches/crypto_namespace.h.patch b/patches/crypto_namespace.h.patch
deleted file mode 100644
index 400030f..0000000
--- a/patches/crypto_namespace.h.patch
+++ /dev/null
@@ -1,22 +0,0 @@
---- crypto/hidden/crypto_namespace.h.orig       Fri Aug  2 23:52:55 2024
-+++ crypto/hidden/crypto_namespace.h    Fri Aug  2 23:53:17 2024
-@@ -24,6 +24,12 @@
-  * external calls use the latter name.
-  */
- 
-+#ifdef _MSC_VER
-+# define LCRYPTO_UNUSED(x)
-+# define LCRYPTO_USED(x)
-+# define LCRYPTO_ALIAS1(pre, x)
-+# define LCRYPTO_ALIAS(x)
-+#else
- #ifdef LIBRESSL_NAMESPACE
- #ifdef LIBRESSL_CRYPTO_NAMESPACE
- #  define LCRYPTO_UNUSED(x)    __attribute__((deprecated))             \
-@@ -47,5 +53,6 @@
- # define LCRYPTO_ALIAS1(pre,x)
- # define LCRYPTO_ALIAS(x)      asm("")
- #endif
-+#endif /* _MSC_VER */
- 
- #endif /* _LIBCRYPTO_CRYPTO_NAMESPACE_H_ */
diff --git a/patches/mlkem_internal.h.patch b/patches/mlkem_internal.h.patch
new file mode 100644
index 0000000..b7cbdcf
--- /dev/null
+++ b/patches/mlkem_internal.h.patch
@@ -0,0 +1,11 @@
+--- crypto/mlkem/mlkem_internal.h.orig  Sun Aug 17 13:20:18 2025
++++ crypto/mlkem/mlkem_internal.h       Sun Aug 17 13:20:37 2025
+@@ -19,7 +19,7 @@
+ #define OPENSSL_HEADER_CRYPTO_MLKEM_INTERNAL_H
+ 
+ #include "bytestring.h"
+-#include "mlkem.h"
++#include <openssl/mlkem.h>
+ 
+ #if defined(__cplusplus)
+ extern "C" {
diff --git a/patches/ssl_namespace.h.patch b/patches/ssl_namespace.h.patch
deleted file mode 100644
index eb9c7a2..0000000
--- a/patches/ssl_namespace.h.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- ssl/hidden/ssl_namespace.h.orig     Fri Aug  2 23:52:55 2024
-+++ ssl/hidden/ssl_namespace.h  Fri Aug  2 23:53:17 2024
-@@ -23,6 +23,11 @@
-  * and we alias that to the normal name.
-  */
- 
-+#ifdef _MSC_VER
-+#define LSSL_UNUSED(x)
-+#define LSSL_USED(x)
-+#define LSSL_ALIAS(x)
-+#else
- #ifdef LIBRESSL_NAMESPACE
- #define LSSL_UNUSED(x)         typeof(x) x __attribute__((deprecated))
- #define LSSL_USED(x)           __attribute__((visibility("hidden")))   \
-@@ -37,5 +42,6 @@
- #define LSSL_USED(x)
- #define LSSL_ALIAS(x)          asm("")
- #endif
-+#endif /* _MSC_VER */
- 
- #endif /* _LIBSSL_SSL_NAMESPACE_H_ */
diff --git a/patches/win32_amd64_bn_arch.h.patch b/patches/win32_amd64_bn_arch.h.patch
index b7926e3..baa82f8 100644
--- a/patches/win32_amd64_bn_arch.h.patch
+++ b/patches/win32_amd64_bn_arch.h.patch
@@ -1,8 +1,8 @@
 We should consider a OPENSSL_NO_BN_ASM if we can't figure
 out how to fix BIGNUM on this OS
 
---- crypto/bn/arch/amd64/bn_arch.h.orig Wed Mar 27 22:17:03 2024
-+++ crypto/bn/arch/amd64/bn_arch.h      Wed Mar 27 22:17:31 2024
+--- crypto/bn/arch/amd64/bn_arch.h.orig Sun Aug 17 13:14:19 2025
++++ crypto/bn/arch/amd64/bn_arch.h      Sun Aug 24 23:47:56 2025
 @@ -20,8 +20,14 @@
  #ifndef HEADER_BN_ARCH_H
  #define HEADER_BN_ARCH_H
@@ -18,7 +18,7 @@ out how to fix BIGNUM on this OS
  #define HAVE_BN_ADD
  #define HAVE_BN_ADD_WORDS
  
-@@ -104,6 +110,7 @@ bn_subw(BN_ULONG a, BN_ULONG b, BN_ULONG *out_borrow, 
+@@ -109,6 +115,7 @@ bn_subw(BN_ULONG a, BN_ULONG b, BN_ULONG *out_borrow, 
  }
  
  #endif /* __GNUC__ */
diff --git a/scripts/test b/scripts/test
index a93fe90..a7ce1ea 100755
--- a/scripts/test
+++ b/scripts/test
@@ -191,7 +191,7 @@ elif [ "$ARCH" = "android" ]; then
 
                 (
                  build_dir=build-$NAL_$ABI
-                 rm -fr $build_dir include/openssl/opensslconf.h
+                 rm -fr $build_dir
                  mkdir $build_dir
                  cd $build_dir
                  echo "##### cmake -GNinja -DCMAKE_MAKE_PROGRAM=ninja -DANDROID_NDK=$ANDROID_NDK_HOME -DCMAKE_TOOLCHAIN_FILE=$TC_FILE -DANDROID_ABI=$ABI -DANDROID_NATIVE_API_LEVEL=$NAL .."
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index c497b77..55529cd 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -563,14 +563,16 @@ if(NOT WIN32)
 endif()
 
 # mlkem_tests
-add_executable(mlkem_tests mlkem_tests.c mlkem_tests_util.c parse_test_file.c)
+add_executable(mlkem_tests mlkem_tests.c parse_test_file.c)
 target_link_libraries(mlkem_tests ${OPENSSL_TEST_LIBS})
 prepare_emscripten_test_target(mlkem_tests)
-if(NOT WIN32)
+if(NOT MSVC)
         add_test(NAME mlkem_tests COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/mlkem_tests.sh)
         set_tests_properties(mlkem_tests PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}")
+else()
+        add_test(NAME mlkem_tests COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/mlkem_tests.bat $<TARGET_FILE:mlkem_tests>)
 endif()
-# XXX - add tests for Windows
+set_tests_properties(mlkem_tests PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}")
 
 # mlkem_iteration_tests
 add_executable(mlkem_iteration_tests mlkem_iteration_tests.c mlkem_tests_util.c)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 914b1e5..066e020 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -577,8 +577,8 @@ noinst_HEADERS += parse_test_file.h
 # mlkem_tests
 TESTS += mlkem_tests.sh
 check_PROGRAMS += mlkem_tests
-mlkem_tests_SOURCES = mlkem_tests.c mlkem_tests_util.c parse_test_file.c
-EXTRA_DIST += mlkem_tests.sh
+mlkem_tests_SOURCES = mlkem_tests.c parse_test_file.c
+EXTRA_DIST += mlkem_tests.sh mlkem_tests.bat
 EXTRA_DIST += mlkem768_decap_tests.txt
 EXTRA_DIST += mlkem768_encap_tests.txt
 EXTRA_DIST += mlkem768_keygen_tests.txt
diff --git a/tests/mlkem_tests.bat b/tests/mlkem_tests.bat
new file mode 100644
index 0000000..618c9e0
--- /dev/null
+++ b/tests/mlkem_tests.bat
@@ -0,0 +1,63 @@
+@echo off

+setlocal enabledelayedexpansion

+

+:: Copyright (c) 2025 Theo Beuhler

+::

+:: Permission to use, copy, modify, and distribute this software for any

+:: purpose with or without fee is hereby granted, provided that the above

+:: copyright notice and this permission notice appear in all copies.

+::

+:: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

+:: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

+:: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

+:: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

+:: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

+:: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

+:: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

+

+set mlkem_tests_bin=%1

+set mlkem_tests_bin=%mlkem_tests_bin:/=\%

+if not exist %mlkem_tests_bin% exit /b 1

+

+%mlkem_tests_bin% mlkem768_decap_tests          %srcdir%\mlkem768_decap_tests.txt

+if !errorlevel! neq 0 (

+        exit /b 1

+)

+%mlkem_tests_bin% mlkem768_encap_tests          %srcdir%\mlkem768_encap_tests.txt

+if !errorlevel! neq 0 (

+        exit /b 1

+)

+%mlkem_tests_bin% mlkem768_keygen_tests         %srcdir%\mlkem768_keygen_tests.txt

+if !errorlevel! neq 0 (

+        exit /b 1

+)

+%mlkem_tests_bin% mlkem768_nist_decap_tests     %srcdir%\mlkem768_nist_decap_tests.txt

+if !errorlevel! neq 0 (

+        exit /b 1

+)

+%mlkem_tests_bin% mlkem768_nist_keygen_tests    %srcdir%\mlkem768_nist_keygen_tests.txt

+if !errorlevel! neq 0 (

+        exit /b 1

+)

+%mlkem_tests_bin% mlkem1024_decap_tests         %srcdir%\mlkem1024_decap_tests.txt

+if !errorlevel! neq 0 (

+        exit /b 1

+)

+%mlkem_tests_bin% mlkem1024_encap_tests         %srcdir%\mlkem1024_encap_tests.txt

+if !errorlevel! neq 0 (

+        exit /b 1

+)

+%mlkem_tests_bin% mlkem1024_keygen_tests        %srcdir%\mlkem1024_keygen_tests.txt

+if !errorlevel! neq 0 (

+        exit /b 1

+)

+%mlkem_tests_bin% mlkem1024_nist_decap_tests    %srcdir%\mlkem1024_nist_decap_tests.txt

+if !errorlevel! neq 0 (

+        exit /b 1

+)

+%mlkem_tests_bin% mlkem1024_nist_keygen_tests   %srcdir%\mlkem1024_nist_keygen_tests.txt

+if !errorlevel! neq 0 (

+        exit /b 1

+)

+

+endlocal

diff --git a/update.sh b/update.sh
index e8b0566..f2b46b7 100755
--- a/update.sh
+++ b/update.sh
@@ -98,6 +98,7 @@ if [ -x /opt/csw/bin/ggrep ]; then
         GREP='/opt/csw/bin/ggrep'
 fi
 
+$CP $libcrypto_src/opensslconf.h include/openssl
 $CP $libcrypto_src/opensslfeatures.h include/openssl
 $CP $libssl_src/pqueue.h include
 
@@ -142,7 +143,7 @@ copy_hdrs $libcrypto_src "stack/stack.h lhash/lhash.h stack/safestack.h
         ossl_typ.h err/err.h crypto.h comp/comp.h x509/x509.h buffer/buffer.h
         objects/objects.h asn1/asn1.h asn1/posix_time.h bn/bn.h ec/ec.h ecdsa/ecdsa.h
         ecdh/ecdh.h rsa/rsa.h sha/sha.h x509/x509_vfy.h pkcs7/pkcs7.h pem/pem.h
-        hkdf/hkdf.h hmac/hmac.h rand/rand.h md5/md5.h
+        hkdf/hkdf.h hmac/hmac.h rand/rand.h md5/md5.h mlkem/mlkem.h
         x509/x509v3.h conf/conf.h ocsp/ocsp.h
         aes/aes.h modes/modes.h asn1/asn1t.h bf/blowfish.h
         bio/bio.h cast/cast.h cmac/cmac.h cms/cms.h des/des.h dh/dh.h
@@ -186,8 +187,6 @@ done
 
 for i in $libcrypto_src/arch/*; do
         arch=`basename $i`
-        mkdir -p include/arch/$arch
-        $CP $libcrypto_src/arch/$arch/opensslconf.h include/arch/$arch/
         mkdir -p crypto/arch/$arch
         $CP $libcrypto_src/arch/$arch/crypto_arch.h crypto/arch/$arch/
         crypto_cpu_caps=$libcrypto_src/arch/$arch/crypto_cpu_caps.c