add gmssl command

2026-05-06 16:36:16 +08:00 · 2022-04-16 22:18:45 +08:00
parent 7e4dd76839
commit 22639fce28
33 changed files with 786 additions and 216 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -12,8 +12,6 @@ include_directories(include)
 add_library(
 	gmssl
 	SHARED
 	src/aes.c
 	src/aes_modes.c
 	src/asn1.c
@@ -78,49 +76,36 @@ SET_TARGET_PROPERTIES(gmssl PROPERTIES VERSION 3.0 SOVERSION 3)
 # tools
-add_executable (sm2keygen tools/sm2keygen.c)
+add_executable(
-add_executable (sm2sign tools/sm2sign.c)
+	gmssl-bin
-add_executable (sm2verify tools/sm2verify.c)
+	tools/gmssl.c
-add_executable (sm2encrypt tools/sm2encrypt.c)
+	tools/rand.c
-add_executable (sm2decrypt tools/sm2decrypt.c)
+	tools/sm2keygen.c
-add_executable (sm3 tools/sm3.c)
+	tools/sm2sign.c
-add_executable (sm3hmac tools/sm3hmac.c)
+	tools/sm2verify.c
-add_executable (sm4 tools/sm4.c)
+	tools/sm2encrypt.c
-add_executable (certgen tools/certgen.c)
+	tools/sm2decrypt.c
-add_executable (certparse tools/certparse.c)
+	tools/sm3.c
-add_executable (certverify tools/certverify.c)
+	tools/sm3hmac.c
-add_executable (crlparse tools/crlparse.c)
+	tools/sm4.c
-add_executable (reqgen tools/reqgen.c)
+	tools/certgen.c
-add_executable (reqparse tools/reqparse.c)
+	tools/certparse.c
-add_executable (reqsign tools/reqsign.c)
+	tools/certverify.c
-add_executable (tlcp_client tools/tlcp_client.c)
+	tools/crlparse.c
-add_executable (tlcp_server tools/tlcp_server.c)
+	tools/pbkdf2.c
-add_executable (tls12_client tools/tls12_client.c)
+	tools/reqgen.c
-add_executable (tls12_server tools/tls12_server.c)
+	tools/reqparse.c
-add_executable (tls13_client tools/tls13_client.c)
+	tools/reqsign.c
-add_executable (tls13_server tools/tls13_server.c)
+	tools/tlcp_client.c
 	tools/tlcp_server.c
 	tools/tls12_client.c
 	tools/tls12_server.c
 	tools/tls13_client.c
 	tools/tls13_server.c
 )
 target_link_libraries (gmssl-bin LINK_PUBLIC gmssl)
 set_target_properties (gmssl-bin PROPERTIES RUNTIME_OUTPUT_NAME gmssl)
 target_link_libraries (sm2keygen LINK_PUBLIC gmssl)
 target_link_libraries (sm2sign LINK_PUBLIC gmssl)
 target_link_libraries (sm2verify LINK_PUBLIC gmssl)
 target_link_libraries (sm2encrypt LINK_PUBLIC gmssl)
 target_link_libraries (sm2decrypt LINK_PUBLIC gmssl)
 target_link_libraries (sm3 LINK_PUBLIC gmssl)
 target_link_libraries (sm3hmac LINK_PUBLIC gmssl)
 target_link_libraries (sm4 LINK_PUBLIC gmssl)
 target_link_libraries (reqgen LINK_PUBLIC gmssl)
 target_link_libraries (reqparse LINK_PUBLIC gmssl)
 target_link_libraries (reqsign LINK_PUBLIC gmssl)
 target_link_libraries (certgen LINK_PUBLIC gmssl)
 target_link_libraries (certparse LINK_PUBLIC gmssl)
 target_link_libraries (certverify LINK_PUBLIC gmssl)
 target_link_libraries (crlparse LINK_PUBLIC gmssl)
 target_link_libraries (tlcp_client LINK_PUBLIC gmssl)
 target_link_libraries (tlcp_server LINK_PUBLIC gmssl)
 target_link_libraries (tls12_client LINK_PUBLIC gmssl)
 target_link_libraries (tls12_server LINK_PUBLIC gmssl)
 target_link_libraries (tls13_client LINK_PUBLIC gmssl)
 target_link_libraries (tls13_server LINK_PUBLIC gmssl)
 # tests
 enable_testing()
@@ -231,7 +216,6 @@ add_executable(tlstest tests/tlstest.c)
 target_link_libraries (tlstest LINK_PUBLIC gmssl)
 enable_testing()
 add_test(NAME aes		COMMAND aestest)
 add_test(NAME asn1		COMMAND asn1test)
@@ -272,9 +256,7 @@ add_test(NAME x509_ext		COMMAND x509_exttest)
 add_test(NAME zuc		COMMAND zuctest)
 INSTALL(TARGETS sm3 sm3hmac sm4 sm2keygen sm2sign sm2verify sm2encrypt sm2decrypt RUNTIME DESTINATION bin)
 INSTALL(TARGETS certparse certgen certverify reqgen reqparse reqsign RUNTIME DESTINATION bin)
 INSTALL(TARGETS tlcp_client tlcp_server tls12_client tls12_server RUNTIME DESTINATION bin)
 INSTALL(TARGETS gmssl LIBRARY DESTINATION lib)
 INSTALL(DIRECTORY ${CMAKE_SOURCE_DIR}/include/gmssl DESTINATION include)
 INSTALL(TARGETS gmssl RUNTIME DESTINATION bin)
--- a/include/gmssl/gf128.h
+++ b/include/gmssl/gf128.h
@@ -55,6 +55,9 @@
 #define GMSSL_GF128_H
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdint.h>
@@ -62,28 +65,24 @@
 extern "C" {
 #endif
-#define GMSSL_HAVE_UINT128
+//typedef unsigned __int128 gf128_t;
-#ifdef GMSSL_HAVE_UINT128
+
 typedef unsigned __int128 gf128_t;
 #else
 typedef struct {
 	uint64_t hi;
 	uint64_t lo;
 } gf128_t;
 #endif
 // Note: send by value is comptabile with uint128_t and sse2
 gf128_t gf128_from_hex(const char *s);
 int gf128_equ_hex(gf128_t a, const char *s);
 gf128_t gf128_zero(void);
 gf128_t gf128_add(gf128_t a, gf128_t b);
 gf128_t gf128_mul(gf128_t a, gf128_t b);
 gf128_t gf128_mul2(gf128_t a);
 gf128_t gf128_from_bytes(const uint8_t p[16]);
 void gf128_to_bytes(gf128_t a, uint8_t p[16]);
-
+int gf128_print(FILE *fp, int fmt ,int ind, const char *label, gf128_t a);
 void gf128_print(const char *s, gf128_t a);
 #ifdef __cplusplus
--- a/include/gmssl/pbkdf2.h
+++ b/include/gmssl/pbkdf2.h
@@ -1,4 +1,4 @@
-/*
+/*
 * Copyright (c) 2014 - 2021 The GmSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
@@ -53,6 +53,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdint.h>
 #include <limits.h>
 #include <gmssl/hmac.h>
 #ifdef __cplusplus
@@ -61,7 +62,8 @@ extern "C" {
 #define PBKDF2_MIN_ITER			10000
-#define PBKDF2_MIN_SALT_SIZE		64
+#define PBKDF2_MAX_ITER			(INT_MAX)
 #define PBKDF2_MAX_SALT_SIZE		64
 #define PBKDF2_DEFAULT_SALT_SIZE	8
--- a/include/gmssl/sm4.h
+++ b/include/gmssl/sm4.h
@@ -124,6 +124,22 @@ int sm4_cbc_decrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, ui
 int sm4_cbc_decrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
 typedef struct {
 	SM4_KEY sm4_key;
 	uint8_t ctr[SM4_BLOCK_SIZE];
 	uint8_t block[SM4_BLOCK_SIZE];
 	size_t block_nbytes;
 } SM4_CTR_CTX;
 int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_BLOCK_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]);
 int sm4_ctr_encrypt_update(SM4_CTR_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 int sm4_ctr_encrypt_finish(SM4_CTR_CTX *ctx, uint8_t *out, size_t *outlen);
 #define sm4_ctr_decrypt_init(ctx,key,ctr) sm4_ctr_encrypt_init(ctx,key,ctr)
 #define sm4_ctr_decrypt_update(ctx,in,inlen,out,outlen) sm4_ctr_encrypt_update(ctx,in,inlen,out,outlen)
 #define sm4_ctr_decrypt_finish(ctx,out,outlen) sm4_ctr_encrypt_finish(ctx,out,outlen)
 #ifdef __cplusplus
 }
 #endif
--- a/src/gf128.c
+++ b/src/gf128.c
@@ -59,6 +59,7 @@
 #include <gmssl/gf128.h>
 #include "endian.h"
 gf128_t gf128_zero(void)
 {
 	uint8_t zero[16] = {0};
@@ -87,92 +88,31 @@ int gf128_equ_hex(gf128_t a, const char *s)
 void gf128_print_bits(gf128_t a)
 {
 	int i;
-	for (i = 0; i < 128; i++) {
+	for (i = 0; i < 64; i++) {
-		printf("%d", (int)(a % 2)); //FIXME
+		printf("%d", (int)(a.hi % 2));
-		a >>= 1;
+		a.hi >>= 1;
 	}
 	for (i = 0; i < 64; i++) {
 		printf("%d", (int)(a.lo % 2));
 		a.lo >>= 1;
 	}
 	printf("\n");
 }
-void gf128_print(const char *s, gf128_t a)
+int gf128_print(FILE *fp, int fmt, int ind, const char *label, gf128_t a)
 {
 	uint8_t be[16];
 	int i;
-	printf("%s", s);
+	printf("%s", label);
 	gf128_to_bytes(a, be);
 	for (i = 0; i < 16; i++) {
 		printf("%02X", be[i]);
 	}
 	printf("\n");
 	return 1;
 }
 #ifdef GMSSL_HAVE_UINT128
 gf128_t gf128_mul(gf128_t a, gf128_t b)
 {
 	const gf128_t mask = (gf128_t)1 << 127;
 	gf128_t r = 0;
 	int i;
 	for (i = 0; i < 128; i++) {
 		// r = r * 2
 		if (r & mask)
 			r = (r << 1) ^ 0x87;
 		else	r <<= 1;
 		// if b[127-i] == 1, r = r + a
 		if (b & mask)
 			r ^= a;
 		b <<= 1;
 	}
 	return r;
 }
 gf128_t gf128_add(gf128_t a, gf128_t b)
 {
 	return a ^ b;
 }
 gf128_t gf128_mul2(gf128_t a)
 {
 	if (a & ((gf128_t)1 << 127))
 		return (a << 1) ^ 0x87;
 	else	return (a << 1);
 }
 gf128_t gf128_reverse(gf128_t a)
 {
 	gf128_t r = 0;
 	int i;
 	for (i = 0; i < 128; i++) {
 		r = (r << 1) | (a & 1);
 		a >>= 1;
 	}
 	return r;
 }
 gf128_t gf128_from_bytes(const uint8_t p[16])
 {
 	uint64_t hi = GETU64(p);
 	uint64_t lo = GETU64(p + 8);
 	gf128_t r = (gf128_t)hi << 64 | lo;
 	r = gf128_reverse(r);
 	return r;
 }
 void gf128_to_bytes(gf128_t a, uint8_t p[16])
 {
 	a = gf128_reverse(a);
 	uint64_t hi = a >> 64;
 	uint64_t lo = a;
 	PUTU64(p, hi);
 	PUTU64(p + 8, lo);
 }
 #else
 gf128_t gf128_from_bytes(const uint8_t p[16])
 {
 	gf128_t r;
@@ -253,4 +193,68 @@ gf128_t gf128_mul2(gf128_t a)
 	return r;
 }
-#endif
+
 /*
 gf128_t gf128_mul(gf128_t a, gf128_t b)
 {
 	const gf128_t mask = (gf128_t)1 << 127;
 	gf128_t r = 0;
 	int i;
 	for (i = 0; i < 128; i++) {
 		// r = r * 2
 		if (r & mask)
 			r = (r << 1) ^ 0x87;
 		else	r <<= 1;
 		// if b[127-i] == 1, r = r + a
 		if (b & mask)
 			r ^= a;
 		b <<= 1;
 	}
 	return r;
 }
 gf128_t gf128_add(gf128_t a, gf128_t b)
 {
 	return a ^ b;
 }
 gf128_t gf128_mul2(gf128_t a)
 {
 	if (a & ((gf128_t)1 << 127))
 		return (a << 1) ^ 0x87;
 	else	return (a << 1);
 }
 gf128_t gf128_reverse(gf128_t a)
 {
 	gf128_t r = 0;
 	int i;
 	for (i = 0; i < 128; i++) {
 		r = (r << 1) | (a & 1);
 		a >>= 1;
 	}
 	return r;
 }
 gf128_t gf128_from_bytes(const uint8_t p[16])
 {
 	uint64_t hi = GETU64(p);
 	uint64_t lo = GETU64(p + 8);
 	gf128_t r = (gf128_t)hi << 64 | lo;
 	r = gf128_reverse(r);
 	return r;
 }
 void gf128_to_bytes(gf128_t a, uint8_t p[16])
 {
 	a = gf128_reverse(a);
 	uint64_t hi = a >> 64;
 	uint64_t lo = a;
 	PUTU64(p, hi);
 	PUTU64(p + 8, lo);
 }
 */
--- a/src/sm4_modes.c
+++ b/src/sm4_modes.c
@@ -239,7 +239,6 @@ int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
 	return 1;
 }
 int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx,
 	const uint8_t key[SM4_BLOCK_SIZE], const uint8_t iv[SM4_BLOCK_SIZE])
 {
@@ -303,9 +302,6 @@ int sm4_cbc_encrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen)
 		error_print();
 		return -1;
 	}
 	format_bytes(stderr, 0, 0, "encrypt_finish", ctx->block, ctx->block_nbytes);
 	if (sm4_cbc_padding_encrypt(&ctx->sm4_key, ctx->iv, ctx->block, ctx->block_nbytes, out, outlen) != 1) {
 		error_print();
 		return -1;
@@ -370,13 +366,74 @@ int sm4_cbc_decrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen)
 		error_print();
 		return -1;
 	}
 	format_bytes(stderr, 0, 0, "block", ctx->block, ctx->block_nbytes);
 	format_bytes(stderr, 0, 0, "iv", ctx->iv, 16);
 	if (sm4_cbc_padding_decrypt(&ctx->sm4_key, ctx->iv, ctx->block, SM4_BLOCK_SIZE, out, outlen) != 1) {
 		error_print();
 		return -1;
 	}
 	return 1;
 }
 int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx,
 	const uint8_t key[SM4_BLOCK_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE])
 {
 	sm4_set_encrypt_key(&ctx->sm4_key, key);
 	memcpy(ctx->ctr, ctr, SM4_BLOCK_SIZE);
 	memset(ctx->block, 0, SM4_BLOCK_SIZE);
 	ctx->block_nbytes = 0;
 	return 1;
 }
 int sm4_ctr_encrypt_update(SM4_CTR_CTX *ctx,
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
 {
 	size_t left;
 	size_t nblocks;
 	size_t len;
 	if (ctx->block_nbytes >= SM4_BLOCK_SIZE) {
 		error_print();
 		return -1;
 	}
 	*outlen = 0;
 	if (ctx->block_nbytes) {
 		left = SM4_BLOCK_SIZE - ctx->block_nbytes;
 		if (inlen < left) {
 			memcpy(ctx->block + ctx->block_nbytes, in, inlen);
 			ctx->block_nbytes += inlen;
 			return 1;
 		}
 		memcpy(ctx->block + ctx->block_nbytes, in, left);
 		sm4_ctr_encrypt(&ctx->sm4_key, ctx->ctr, ctx->block, SM4_BLOCK_SIZE, out);
 		in += left;
 		inlen -= left;
 		out += SM4_BLOCK_SIZE;
 		*outlen += SM4_BLOCK_SIZE;
 	}
 	if (inlen >= SM4_BLOCK_SIZE) {
 		nblocks = inlen / SM4_BLOCK_SIZE;
 		len = nblocks * SM4_BLOCK_SIZE;
 		sm4_ctr_encrypt(&ctx->sm4_key, ctx->ctr, in, len, out);
 		in += len;
 		inlen -= len;
 		out += len;
 		*outlen += len;
 	}
 	if (inlen) {
 		memcpy(ctx->block, in, inlen);
 	}
 	ctx->block_nbytes = inlen;
 	return 1;
 }
 int sm4_ctr_encrypt_finish(SM4_CTR_CTX *ctx, uint8_t *out, size_t *outlen)
 {
 	size_t left;
 	size_t i;
 	if (ctx->block_nbytes >= SM4_BLOCK_SIZE) {
 		error_print();
 		return -1;
 	}
 	sm4_ctr_encrypt(&ctx->sm4_key, ctx->ctr, ctx->block, ctx->block_nbytes, out);
 	return 1;
 }
--- a/tests/gf128test.c
+++ b/tests/gf128test.c
@@ -87,9 +87,9 @@ int main(void)
 	gf128_t T = gf128_mul(C, H);
-	gf128_print("C = ", C);
+	gf128_print(stderr, 0, 0, "C", C);
-	gf128_print("H = ", H);
+	gf128_print(stderr, 0, 0, "H", H);
-	gf128_print("C * H = ", T);
+	gf128_print(stderr, 0, 0, "C * H", T);
 	return 0;
 }
--- a/tests/sm4test.c
+++ b/tests/sm4test.c
@@ -166,43 +166,6 @@ static int test_ctr32(int avx)
 	return 0;
 }
 /*
 static int test_ede(void)
 {
 	SM4_KEY key;
 	sm4_ede_key_t ede_key;
 	unsigned char user_key[48];
 	unsigned char in[16];
 	unsigned char out1[16];
 	unsigned char out2[16];
 	RAND_bytes(in, sizeof(in));
 	RAND_bytes(user_key, 16);
 	memcpy(user_key + 16, user_key, 16);
 	memcpy(user_key + 32, user_key, 16);
 	sm4_set_encrypt_key(&key, user_key);
 	sm4_encrypt(in, out1, &key);
 	sm4_ede_set_encrypt_key(&ede_key, user_key);
 	sm4_ede_encrypt(in, out2, &ede_key);
 	if (memcmp(out1, out2, 16) != 0) {
 		return 0;
 	}
 	RAND_bytes(user_key, sizeof(user_key));
 	sm4_ede_set_encrypt_key(&ede_key, user_key);
 	sm4_ede_encrypt(in, out1, &ede_key);
 	sm4_ede_set_decrypt_key(&ede_key, user_key);
 	sm4_ede_decrypt(out1, out2, &ede_key);
 	if (memcmp(in, out2, 16) != 0) {
 		return 0;
 	}
 	return 1;
 }
 */
 int test_sm4(void)
 {
 	int err = 0;
@@ -281,16 +244,6 @@ int test_sm4(void)
 	} else
 		printf("sm4 ctr32 pass!\n");
 	/* test ede */
 /*
 	if (!test_ede()) {
 		printf("sm4 ede not pass!\n");
 		err++;
 	} else
 		printf("sm4 ede pass!\n");
 */
 # ifdef SM4_AVX2
 	/* test ecb in avx2 */
 	if (!test_ecb(2)) {
--- a/tools/README.md
+++ b/tools/README.md
@@ -1,5 +1,10 @@
 # 命令行工具
 注意：
 * 命令行工具接口在v3版本正式发布前还会有较大调整
 * SM2, SM3, SM4等算法的命令相对比较底层，是对C语言接口的简单封装，命令行的应用开发者需要组合使用这些指令
 命令行工具：
 * `sm3` 计算SM3杂凑值，支持带公钥和ID的Z值计算
@@ -14,3 +19,23 @@
 * `certparse` 解析打印证书
 * `certverify` 验证证书链
 TLS功能
 * `tlcp_client`
 * `tlcp_server`
 * `tls12_client`
 * `tls12_server`
 * `tls13_client`
 * `tls13_server`
 私钥总是默认以口令加密的方式存储
 SM3/HMAC-SM3 以二进制的格式输出
 签名和SM2Ciphertext以DER编码输出
 应该提供一个口令导出密钥的算法，由口令导出密钥
 SM4加密需要外部提供key, iv
 HMAC-SM3可以用命令行的方式拼合
 因此没必要提供一个单独的SM4-CBC-HMAC-SM3
--- a/tools/certgen.c
+++ b/tools/certgen.c
@@ -79,7 +79,7 @@ static const char *options =
 	"[-key_usage str]*";
-int main(int argc, char **argv)
+int certgen_main(int argc, char **argv)
 {
 	int ret = 1;
 	char *prog = argv[0];
--- a/tools/certparse.c
+++ b/tools/certparse.c
@@ -55,7 +55,7 @@
 static const char *options = "[-in file]";
-int main(int argc, char **argv)
+int certparse_main(int argc, char **argv)
 {
 	char *prog = argv[0];
 	char *infile = NULL;
--- a/tools/certverify.c
+++ b/tools/certverify.c
@@ -59,7 +59,7 @@
 // 比如最基本的是证书中的签名、有效期、各个扩展等
 // 外部相关的：证书链、CRL等
-int main(int argc, char **argv)
+int certverify_main(int argc, char **argv)
 {
 	int ret = 0;
 	char *prog = argv[0];
--- a/tools/crlparse.c
+++ b/tools/crlparse.c
@@ -56,7 +56,7 @@
 static const char *options = "[-in file]";
-int main(int argc, char **argv)
+int crlparse_main(int argc, char **argv)
 {
 	char *prog = argv[0];
 	char *infile = NULL;
--- a/tools/gmssl.c
+++ b/tools/gmssl.c
@@ -0,0 +1,190 @@
 /*
 * Copyright (c) 2021 - 2021 The GmSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the GmSSL Project.
 *    (http://gmssl.org/)"
 *
 * 4. The name "GmSSL Project" must not be used to endorse or promote
 *    products derived from this software without prior written
 *    permission. For written permission, please contact
 *    guanzhi1980@gmail.com.
 *
 * 5. Products derived from this software may not be called "GmSSL"
 *    nor may "GmSSL" appear in their names without prior written
 *    permission of the GmSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the GmSSL Project
 *    (http://gmssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include <gmssl/pem.h>
 #include <gmssl/x509.h>
 #include <gmssl/x509_ext.h>
 #include <gmssl/pkcs8.h>
 #include <gmssl/rand.h>
 #include <gmssl/version.h>
 #include <gmssl/error.h>
 extern int rand_main(int argc, char **argv);
 extern int certgen_main(int argc, char **argv);
 extern int certparse_main(int argc, char **argv);
 extern int certverify_main(int argc, char **argv);
 extern int crlparse_main(int argc, char **argv);
 extern int pbkdf2_main(int argc, char **argv);
 extern int reqgen_main(int argc, char **argv);
 extern int reqparse_main(int argc, char **argv);
 extern int reqsign_main(int argc, char **argv);
 extern int sm2decrypt_main(int argc, char **argv);
 extern int sm2encrypt_main(int argc, char **argv);
 extern int sm2keygen_main(int argc, char **argv);
 extern int sm2sign_main(int argc, char **argv);
 extern int sm2verify_main(int argc, char **argv);
 extern int sm3_main(int argc, char **argv);
 extern int sm3hmac_main(int argc, char **argv);
 extern int sm4_main(int argc, char **argv);
 extern int tlcp_client_main(int argc, char **argv);
 extern int tlcp_server_main(int argc, char **argv);
 extern int tls12_client_main(int argc, char **argv);
 extern int tls12_server_main(int argc, char **argv);
 extern int tls13_client_main(int argc, char **argv);
 extern int tls13_server_main(int argc, char **argv);
 static const char *options =
 	"  commands:\n"
 	"	help\n"
 	"	version\n"
 	"	rand\n"
 	"	sm2keygen\n"
 	"	sm2sign\n"
 	"	sm2verify\n"
 	"	sm2encrypt\n"
 	"	sm2decrypt\n"
 	"	pbkdf2\n"
 	"	reqgen\n"
 	"	reqsign\n"
 	"	reqparse\n"
 	"	crlparse\n"
 	"	certgen\n"
 	"	certparse\n"
 	"	certverify\n"
 	"	tlcp_client\n"
 	"	tlcp_server\n"
 	"	tls12_client\n"
 	"	tls12_server\n"
 	"	tls13_client\n"
 	"	tls13_server\n";
 int version_main(int argc, char **argv)
 {
 	printf("%s\n", gmssl_version_str());
 	return 0;
 }
 int main(int argc, char **argv)
 {
 	int ret = 1;
 	char *prog = argv[0];
 	if (argc < 2) {
 		printf("usage: %s\n %s\n", prog, options);
 		return 0;
 	}
 	argc--;
 	argv++;
 	while (argc > 0) {
 		if (!strcmp(*argv, "help")) {
 help:
 			printf("usage: %s\n %s\n", prog, options);
 			return 0;
 		} else if (!strcmp(*argv, "version")) {
 			return version_main(argc, argv);
 		} else if (!strcmp(*argv, "rand")) {
 			return rand_main(argc, argv);
 		} else if (!strcmp(*argv, "certgen")) {
 			return certgen_main(argc, argv);
 		} else if (!strcmp(*argv, "certparse")) {
 			return certparse_main(argc, argv);
 		} else if (!strcmp(*argv, "certverify")) {
 			return certverify_main(argc, argv);
 		} else if (!strcmp(*argv, "reqgen")) {
 			return reqgen_main(argc, argv);
 		} else if (!strcmp(*argv, "reqparse")) {
 			return reqparse_main(argc, argv);
 		} else if (!strcmp(*argv, "reqsign")) {
 			return reqsign_main(argc, argv);
 		} else if (!strcmp(*argv, "pbkdf2")) {
 			return pbkdf2_main(argc, argv);
 		} else if (!strcmp(*argv, "sm2sign")) {
 			return sm2sign_main(argc, argv);
 		} else if (!strcmp(*argv, "sm2verify")) {
 			return sm2verify_main(argc, argv);
 		} else if (!strcmp(*argv, "sm2encrypt")) {
 			return sm2encrypt_main(argc, argv);
 		} else if (!strcmp(*argv, "sm2decrypt")) {
 			return sm2decrypt_main(argc, argv);
 		} else if (!strcmp(*argv, "sm2keygen")) {
 			return sm2keygen_main(argc, argv);
 		} else if (!strcmp(*argv, "tlcp_client")) {
 			return tlcp_client_main(argc, argv);
 		} else if (!strcmp(*argv, "tlcp_server")) {
 			return tlcp_server_main(argc, argv);
 		} else if (!strcmp(*argv, "tls12_client")) {
 			return tls12_client_main(argc, argv);
 		} else if (!strcmp(*argv, "tls12_server")) {
 			return tls12_server_main(argc, argv);
 		} else if (!strcmp(*argv, "tls13_client")) {
 			return tls13_client_main(argc, argv);
 		} else if (!strcmp(*argv, "tls13_server")) {
 			return tls13_server_main(argc, argv);
 		} else {
 bad:
 			fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
 			fprintf(stderr, "usage: %s %s\n", prog, options);
 			return 1;
 		}
 		argc--;
 		argv++;
 	}
 	return ret;
 }
--- a/tools/pbkdf2.c
+++ b/tools/pbkdf2.c
@@ -0,0 +1,155 @@
 /*
 * Copyright (c) 2020 - 2021 The GmSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the GmSSL Project.
 *    (http://gmssl.org/)"
 *
 * 4. The name "GmSSL Project" must not be used to endorse or promote
 *    products derived from this software without prior written
 *    permission. For written permission, please contact
 *    guanzhi1980@gmail.com.
 *
 * 5. Products derived from this software may not be called "GmSSL"
 *    nor may "GmSSL" appear in their names without prior written
 *    permission of the GmSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the GmSSL Project
 *    (http://gmssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <gmssl/pbkdf2.h>
 #include <gmssl/hex.h>
 #include <gmssl/error.h>
 static const char *options = "-salt hex -iter num [-pass str] -outlen num";
 int pbkdf2_main(int argc, char **argv)
 {
 	int ret = -1;
 	char *prog = argv[0];
 	char *salthex = NULL;
 	uint8_t salt[PBKDF2_MAX_SALT_SIZE];
 	size_t saltlen;
 	int iter = 0;
 	char *pass = NULL;
 	int outlen = 0;
 	uint8_t outbuf[64];
 	int i;
 	argc--;
 	argv++;
 	if (argc < 1) {
 		fprintf(stderr, "usage: %s %s\n", prog, options);
 		return 1;
 	}
 	while (argc > 0) {
 		if (!strcmp(*argv, "-help")) {
 			fprintf(stderr, "usage: %s %s\n", prog, options);
 			return 1;
 		} else if (!strcmp(*argv, "-salt")) {
 			if (--argc < 1) goto bad;
 			salthex = *(++argv);
 		} else if (!strcmp(*argv, "-iter")) {
 			if (--argc < 1) goto bad;
 			iter = atoi(*(++argv));
 			if (iter < PBKDF2_MIN_ITER || iter > INT_MAX) {
 				error_print();
 				return 1;
 			}
 		} else if (!strcmp(*argv, "-pass")) {
 			if (--argc < 1) goto bad;
 			pass = *(++argv);
 		} else if (!strcmp(*argv, "-outlen")) {
 			if (--argc < 1) goto bad;
 			outlen = atoi(*(++argv));
 			if (outlen < 1 || outlen > sizeof(outbuf)) {
 				error_print();
 				return 1;
 			}
 		} else {
 			fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
 			return 1;
 bad:
 			fprintf(stderr, "%s: invalid option argument\n", prog);
 			return 1;
 		}
 		argc--;
 		argv++;
 	}
 	if (!salthex) {
 		error_print();
 		return 1;
 	}
 	if (strlen(salthex) > sizeof(salt) * 2) {
 		error_print();
 		return 1;
 	}
 	if (hex_to_bytes(salthex, strlen(salthex), salt, &saltlen) != 1) {
 		error_print();
 		return 1;
 	}
 	if (!iter) {
 		error_print();
 		return 1;
 	}
 	if (!outlen) {
 		error_print();
 		return 1;
 	}
 	if (!pass) {
 		error_print();
 		return -1;
 	}
 	if (pbkdf2_hmac_sm3_genkey(pass, strlen(pass), salt, saltlen, iter, outlen, outbuf) != 1) {
 		error_print();
 		return -1;
 	}
 	for (i = 0; i < outlen; i++) {
 		printf("%02X", outbuf[i]);
 	}
 	printf("\n");
 	return 0;
 }
--- a/tools/rand.c
+++ b/tools/rand.c
@@ -0,0 +1,143 @@
 /*
 * Copyright (c) 2020 - 2021 The GmSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the GmSSL Project.
 *    (http://gmssl.org/)"
 *
 * 4. The name "GmSSL Project" must not be used to endorse or promote
 *    products derived from this software without prior written
 *    permission. For written permission, please contact
 *    guanzhi1980@gmail.com.
 *
 * 5. Products derived from this software may not be called "GmSSL"
 *    nor may "GmSSL" appear in their names without prior written
 *    permission of the GmSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the GmSSL Project
 *    (http://gmssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <limits.h>
 #include <gmssl/rand.h>
 #include <gmssl/error.h>
 static const char *options = "[-hex] [-rdrand] -outlen num";
 int rand_main(int argc, char **argv)
 {
 	int ret = -1;
 	char *prog = argv[0];
 	int hex = 0;
 	int rdrand = 0;
 	int outlen = 0;
 	uint8_t buf[2048];
 	int i;
 	argc--;
 	argv++;
 	if (argc < 1) {
 		fprintf(stderr, "usage: %s %s\n", prog, options);
 		return 1;
 	}
 	while (argc > 0) {
 		if (!strcmp(*argv, "-help")) {
 			fprintf(stderr, "usage: %s %s\n", prog, options);
 			return 1;
 		} else if (!strcmp(*argv, "-hex")) {
 			hex = 1;
 		} else if (!strcmp(*argv, "-rdrand")) {
 			// rdrand = 1; // FIXME: CMakeList.txt should be updated to support this option
 		} else if (!strcmp(*argv, "-outlen")) {
 			if (--argc < 1) goto bad;
 			outlen = atoi(*(++argv));
 			if (outlen < 1 || outlen > INT_MAX) {
 				error_print();
 				return 1;
 			}
 		} else {
 			fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
 			return 1;
 bad:
 			fprintf(stderr, "%s: invalid option argument\n", prog);
 			return 1;
 		}
 		argc--;
 		argv++;
 	}
 	if (!outlen) {
 		error_print();
 		return 1;
 	}
 	while (outlen) {
 		size_t len = outlen < sizeof(buf) ? outlen : sizeof(buf);
 		if (rdrand) {
 /*
 			if (rdrand_bytes(buf, len) != 1) {
 				error_print();
 				return 1;
 			}
 */
 		} else {
 			if (rand_bytes(buf, len) != 1) {
 				error_print();
 				return -1;
 			}
 		}
 		if (hex) {
 			int i;
 			for (i = 0; i < len; i++) {
 				fprintf(stdout, "%02X", buf[i]);
 			}
 		} else {
 			fwrite(buf, 1, len, stdout);
 		}
 		outlen -= len;
 	}
 	if (hex) {
 		fprintf(stdout, "\n");
 	}
 	return 0;
 }
--- a/tools/reqgen.c
+++ b/tools/reqgen.c
@@ -66,7 +66,7 @@ static const char *options =
 	"[-C str] [-ST str] [-L str] [-O str] [-OU str] -CN str -days num"
 	" -key file [-pass pass] [-out file]";
-int main(int argc, char **argv)
+int reqgen_main(int argc, char **argv)
 {
 	int ret = -1;
 	char *prog = argv[0];
--- a/tools/reqparse.c
+++ b/tools/reqparse.c
@@ -55,7 +55,7 @@
 #include <gmssl/error.h>
-int main(int argc, char **argv)
+int reqparse_main(int argc, char **argv)
 {
 	char *prog = argv[0];
 	char *infile = NULL;
--- a/tools/reqsign.c
+++ b/tools/reqsign.c
@@ -75,7 +75,7 @@ static int ext_key_usage_set(int *usages, const char *usage_name)
 static const char *usage = "usage: %s [-in file] -days num -cacert file -key file [-pass str] [-out file]\n";
-int main(int argc, char **argv)
+int reqsign_main(int argc, char **argv)
 {
 	char *prog = argv[0];
 	char *file;
--- a/tools/sm2decrypt.c
+++ b/tools/sm2decrypt.c
@@ -62,7 +62,7 @@
 #endif
-int main(int argc, char **argv)
+int sm2decrypt_main(int argc, char **argv)
 {
 	char *prog = argv[0];
 	char *keyfile = NULL;
--- a/tools/sm2encrypt.c
+++ b/tools/sm2encrypt.c
@@ -58,7 +58,7 @@
 #include <gmssl/error.h>
-int main(int argc, char **argv)
+int sm2encrypt_main(int argc, char **argv)
 {
 	int ret;
 	char *prog = argv[0];
--- a/tools/sm2keygen.c
+++ b/tools/sm2keygen.c
@@ -59,7 +59,7 @@
 #include <unistd.h>
 #endif
-int main(int argc, char **argv)
+int sm2keygen_main(int argc, char **argv)
 {
 	char *prog = argv[0];
 	char *pass = NULL;
--- a/tools/sm2sign.c
+++ b/tools/sm2sign.c
@@ -64,7 +64,7 @@
 // echo data | sm2sign -id "Alice" -keyfile sm2.pem
 // echo data | sm2verify -id "Alice" -keyfile sm2pub.pem -certfile a -cacertfile b
-int main(int argc, char **argv)
+int sm2sign_main(int argc, char **argv)
 {
 	char *prog = argv[0];
 	char *keyfile = NULL;
--- a/tools/sm2verify.c
+++ b/tools/sm2verify.c
@@ -60,7 +60,7 @@
 // sm2verify [-in file] {-pubkey pem | -cert pem} [-id str] -sig file
-int main(int argc, char **argv)
+int sm2verify_main(int argc, char **argv)
 {
 	int ret;
 	char *prog = argv[0];
--- a/tools/sm3.c
+++ b/tools/sm3.c
@@ -54,7 +54,7 @@
 #include <gmssl/error.h>
-int main(int argc, char **argv)
+int sm3_main(int argc, char **argv)
 {
 	char *prog = argv[0];
 	char *pubkeyfile = NULL;
--- a/tools/sm3hmac.c
+++ b/tools/sm3hmac.c
@@ -54,7 +54,7 @@
 #include <gmssl/error.h>
-int main(int argc, char **argv)
+int sm3hmac_main(int argc, char **argv)
 {
 	int ret = -1;
 	char *prog = argv[0];
--- a/tools/sm4.c
+++ b/tools/sm4.c
@@ -53,10 +53,14 @@
 #include <gmssl/hex.h>
 #include <gmssl/error.h>
-static const char *options = "-key hex -iv hex [-in file] [-out file]";
+
 #define SM4_MODE_CBC 1
 #define SM4_MODE_CTR 2
 static const char *options = "{-cbc|-ctr} {-encrypt|-decrypt} -key hex -iv hex [-in file] [-out file]";
-int main(int argc, char **argv)
+int sm4_main(int argc, char **argv)
 {
 	char *prog = argv[0];
 	char *keystr = NULL;
@@ -69,8 +73,10 @@ int main(int argc, char **argv)
 	size_t ivlen = sizeof(iv);
 	FILE *infp = stdin;
 	FILE *outfp = stdout;
 	int mode = 0;
 	int enc = -1;
 	SM4_CBC_CTX cbc_ctx;
 	SM4_CTR_CTX ctr_ctx;
 	uint8_t inbuf[4096];
 	size_t inlen;
 	uint8_t outbuf[4196];
@@ -98,6 +104,12 @@ int main(int argc, char **argv)
 			enc = 1;
 		} else if (!strcmp(*argv, "-decrypt")) {
 			enc = 0;
 		} else if (!strcmp(*argv, "-cbc")) {
 			if (mode) goto bad;
 			mode = SM4_MODE_CBC;
 		} else if (!strcmp(*argv, "-ctr")) {
 			if (mode) goto bad;
 			mode = SM4_MODE_CTR;
 		} else if (!strcmp(*argv, "-in")) {
 			if (--argc < 1) goto bad;
 			infile = *(++argv);
@@ -116,6 +128,10 @@ bad:
 		argv++;
 	}
 	if (!mode) {
 		fprintf(stderr, "%s: mode not assigned, -cbc or -ctr option required\n", prog);
 		return 1;
 	}
 	if (!keystr) {
 		error_print();
@@ -157,6 +173,36 @@ bad:
 		}
 	}
 	if (mode == SM4_MODE_CTR) {
 		if (sm4_ctr_encrypt_init(&ctr_ctx, key, iv) != 1) {
 			error_print();
 			return -1;
 		}
 		while ((inlen = fread(inbuf, 1, sizeof(inbuf), infp)) > 0) {
 			if (sm4_ctr_encrypt_update(&ctr_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
 				error_print();
 				return -1;
 			}
 			if (fwrite(outbuf, 1, outlen, outfp) != outlen) {
 				error_print();
 				return -1;
 			}
 		}
 		if (sm4_ctr_encrypt_finish(&ctr_ctx, outbuf, &outlen) != 1) {
 			error_print();
 			return -1;
 		}
 		if (fwrite(outbuf, 1, outlen, outfp) != outlen) {
 			error_print();
 			return -1;
 		}
 		return 0;
 	}
 	if (enc < 0) {
 		error_print();
 		return -1;
@@ -186,8 +232,6 @@ bad:
 			return -1;
 		}
 	} else {
 		if (sm4_cbc_decrypt_init(&cbc_ctx, key, iv) != 1) {
 			error_print();
--- a/tools/tlcp_client.c
+++ b/tools/tlcp_client.c
@@ -54,7 +54,7 @@
 #include <gmssl/error.h>
-const char *http_get =
+static const char *http_get =
 	"GET / HTTP/1.1\r\n"
 	"Hostname: aaa\r\n"
 	"\r\n\r\n";
@@ -63,7 +63,7 @@ const char *http_get =
 // 虽然服务器可以用双证书，但是客户端只能使用一个证书，也就是签名证书
 static const char *options = "-host str [-port num] [-cacert file] [-cert file -key file [-pass str]]";
-int main(int argc, char *argv[])
+int tlcp_client_main(int argc, char *argv[])
 {
 	int ret = -1;
 	char *prog = argv[0];
--- a/tools/tlcp_server.c
+++ b/tools/tlcp_server.c
@@ -58,7 +58,7 @@
 static const char *options = "[-port num] -cert file -key file [-pass str] -ex_key file [-ex_pass str] [-cacert file]";
-int main(int argc , char **argv)
+int tlcp_server_main(int argc , char **argv)
 {
 	int ret = -1;
 	char *prog = argv[0];
--- a/tools/tls12_client.c
+++ b/tools/tls12_client.c
@@ -62,7 +62,7 @@ const char *http_get =
 static const char *options = "-host str [-port num] [-cacert file] [-cert file -key file [-pass str]]";
-int main(int argc , char *argv[])
+int tls12_client_main(int argc , char *argv[])
 {
 	char *prog = argv[0];
 	char *host = NULL;
--- a/tools/tls12_server.c
+++ b/tools/tls12_server.c
@@ -58,7 +58,7 @@
 // 因此如果提供了CA证书，那么等同于要求客户端验证
 static const char *options = " [-port num] -cert file -key file [-pass str] [-cacert file]";
-int main(int argc , char *argv[])
+int tls12_server_main(int argc , char *argv[])
 {
 	int ret = -1;
 	char *prog = argv[0];
--- a/tools/tls13_client.c
+++ b/tools/tls13_client.c
@@ -54,7 +54,7 @@
 #include <gmssl/error.h>
-const char *http_get =
+static const char *http_get =
 	"GET / HTTP/1.1\r\n"
 	"Hostname: aaa\r\n"
 	"\r\n\r\n";
@@ -69,7 +69,7 @@ void print_usage(const char *prog)
 	printf("  -key <file>\n");
 }
-int main(int argc , char *argv[])
+int tls13_client_main(int argc , char *argv[])
 {
 	int ret = -1;
 	char *prog = argv[0];
--- a/tools/tls13_server.c
+++ b/tools/tls13_server.c
@@ -55,7 +55,7 @@
 #include <gmssl/error.h>
-void print_usage(const char *prog)
+static void print_usage(const char *prog)
 {
 	printf("Usage: %s [options]\n", prog);
 	printf("  -port <num>\n");
@@ -63,7 +63,7 @@ void print_usage(const char *prog)
 	printf("  -signkey <file>\n");
 }
-int main(int argc , char *argv[])
+int tls13_server_main(int argc , char *argv[])
 {
 	int ret = -1;
 	char *prog = argv[0];