diff --git a/CMakeLists.txt b/CMakeLists.txt
index 086358d3..8c258066 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -622,7 +622,7 @@ add_library(gmssl ${src})
 
 
 if (WIN32)
-	target_link_libraries(gmssl -lws2_32)
+	target_link_libraries(gmssl PRIVATE Ws2_32)
 elseif (APPLE)
 	if (ENABLE_SDF)
 		target_link_libraries(gmssl dl)
@@ -664,7 +664,7 @@ if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "iOS")
 	add_executable(gmssl-bin ${tools})
 	target_link_libraries(gmssl-bin LINK_PUBLIC gmssl)
 	set_target_properties(gmssl-bin PROPERTIES RUNTIME_OUTPUT_NAME gmssl)
-	if (MINGW)
+	if (WIN32)
 		target_link_libraries(gmssl-bin PRIVATE Ws2_32)
 	endif()
 
diff --git a/src/sm2_enc.c b/src/sm2_enc.c
index 98b2a309..c4a4e344 100644
--- a/src/sm2_enc.c
+++ b/src/sm2_enc.c
@@ -570,7 +570,9 @@ int sm2_encrypt_update(SM2_ENC_CTX *ctx, const uint8_t *in, size_t inlen)
 
 int sm2_encrypt_finish(SM2_ENC_CTX *ctx, const SM2_KEY *public_key, uint8_t *out, size_t *outlen)
 {
+#if ENABLE_SM2_ENC_PRE_COMPUTE
 	SM2_CIPHERTEXT ciphertext;
+#endif
 
 	if (!ctx || !public_key || !outlen) {
 		error_print();
diff --git a/tools/rand.c b/tools/rand.c
index 0a94d2c4..7b1e02a3 100644
--- a/tools/rand.c
+++ b/tools/rand.c
@@ -110,7 +110,7 @@ bad:
 		}
 
 		if (hex) {
-			int i;
+			size_t i;
 			for (i = 0; i < len; i++) {
 				fprintf(outfp, "%02X", buf[i]);
 			}
diff --git a/tools/sdfdecrypt.c b/tools/sdfdecrypt.c
index 10860641..93007a4c 100755
--- a/tools/sdfdecrypt.c
+++ b/tools/sdfdecrypt.c
@@ -61,7 +61,6 @@ int sdfdecrypt_main(int argc, char **argv)
 	SDF_CBC_CTX ctx;
 	const uint8_t *p;
 	SM2_CIPHERTEXT ciphertext;
-	uint8_t *wrappedkey;
 	size_t wrappedkey_len;
 
 	memset(&dev, 0, sizeof(dev));
diff --git a/tools/sdftest.c b/tools/sdftest.c
index 694f700c..6447f6bf 100644
--- a/tools/sdftest.c
+++ b/tools/sdftest.c
@@ -2033,8 +2033,6 @@ static int speed_SDF_InternalEncrypt_ECC(int key)
 	unsigned char ucData[32] = {1}; // same as sm2_enctest.c
 	unsigned int uiDataLength = (unsigned int)sizeof(ucData);
 	ECCCipher eccCipher;
-	unsigned char ucDecData[256];
-	unsigned int uiDecDataLength;
 	clock_t begin, end;
 	double seconds;
 	int i, ret;
diff --git a/tools/tls13_client.c b/tools/tls13_client.c
index 3a2dd962..b2cfa49b 100644
--- a/tools/tls13_client.c
+++ b/tools/tls13_client.c
@@ -597,7 +597,11 @@ bad:
 	}
 
 	if (!(hp = gethostbyname(host))) {
+#ifdef WIN32
+		fprintf(stderr, "%s: parse -host value error: %d\n", prog, WSAGetLastError());
+#else
 		fprintf(stderr, "%s: parse -host value error: %s\n", prog, hstrerror(h_errno));
+#endif
 		goto end;
 	}
 	server.sin_addr = *((struct in_addr *)hp->h_addr_list[0]);
diff --git a/tools/tls13_server.c b/tools/tls13_server.c
index d9a78f96..037bf9dd 100644
--- a/tools/tls13_server.c
+++ b/tools/tls13_server.c
@@ -456,9 +456,6 @@ bad:
 	puts("start listen ...\n");
 	tls_socket_listen(sock, 1);
 
-
-restart:
-
 	//client_addrlen = sizeof(client_addr);
 	if (tls_socket_accept(sock, &client_addr, &conn_sock) != 1) {
 		fprintf(stderr, "%s: socket accept error\n", prog);