Update CMake

CMakeLists.txt

@@ -20,7 +20,7 @@ else()
 endif()
 
 option(ENABLE_TEST_SPEED "Enable test speed" OFF)
-option(ENABLE_LONG_TEST "Enable long-running tests" OFF)
+option(ENABLE_SLOW_TEST "Enable slow tests" OFF)
 
 
 
@@ -46,38 +46,37 @@ option(ENABLE_SM4_CL "Enable SM4 OpenCL" OFF)
 option(ENABLE_INTEL_RDRAND "Enable Intel RDRAND instructions" OFF)
 option(ENABLE_INTEL_RDSEED "Enable Intel RDSEED instructions" OFF)
 
-option(ENABLE_SM4_ECB "Enable SM4 ECB mode" OFF)
-option(ENABLE_SM4_OFB "Enable SM4 OFB mode" OFF)
-option(ENABLE_SM4_CFB "Enable SM4 CFB mode" OFF)
-option(ENABLE_SM4_CCM "Enable SM4 CCM mode" OFF)
-option(ENABLE_SM4_XTS "Enable SM4 XTS mode" OFF)
-option(ENABLE_SM4_CBC_MAC "Enable SM4-CBC-MAC" OFF)
+option(ENABLE_SM4_ECB "Enable SM4 ECB mode" ON)
+option(ENABLE_SM4_OFB "Enable SM4 OFB mode" ON)
+option(ENABLE_SM4_CFB "Enable SM4 CFB mode" ON)
+option(ENABLE_SM4_CCM "Enable SM4 CCM mode" ON)
+option(ENABLE_SM4_XTS "Enable SM4 XTS mode" ON)
+option(ENABLE_SM4_CBC_MAC "Enable SM4-CBC-MAC" ON)
 
-option(ENABLE_SM2_EXTS "Enable SM2 Extensions" OFF)
 option(ENABLE_SM9 "Enable SM9" ON)
 option(ENABLE_CMS "Enable CMS" ON)
 
 option(ENABLE_SECP256R1 "Enable ECDH/ECDSA on curve secp256r1" ON)
 
-option(ENABLE_LMS "Enable LMS/HSS signature" OFF)
-option(ENABLE_XMSS "Enable XMSS/XMSS^MT signature" OFF)
-option(ENABLE_SPHINCS "Enable SPHINCS+ signature" OFF)
-option(ENABLE_KYBER "Enable Kyber" OFF)
+option(ENABLE_LMS "Enable LMS/HSS signature" ON)
+option(ENABLE_XMSS "Enable XMSS/XMSS^MT signature" ON)
+option(ENABLE_SPHINCS "Enable SPHINCS+ signature" ON)
+option(ENABLE_KYBER "Enable Kyber" ON)
 
-option(ENABLE_SHA1 "Enable SHA1" OFF)
+option(ENABLE_SHA1 "Enable SHA1" ON)
 option(ENABLE_SHA2 "Enable SHA2" ON)
 option(ENABLE_AES "Enable AES" ON)
-option(ENABLE_AES_CCM "Enable AES CCM mode" OFF)
-option(ENABLE_CHACHA20 "Enable Chacha20" OFF)
+option(ENABLE_AES_CCM "Enable AES CCM mode" ON)
+option(ENABLE_CHACHA20 "Enable Chacha20" ON)
 option(ENABLE_ZUC "Enable ZUC" ON)
-option(ENABLE_GHASH "Enable standalone GHASH command and test" OFF)
+option(ENABLE_GHASH "Enable standalone GHASH command and test" ON)
 
-option(ENABLE_SKF "Enable SKF module" OFF)
-option(ENABLE_SDF "Enable SDF module" OFF)
+option(ENABLE_SKF "Enable SKF module" ON)
+option(ENABLE_SDF "Enable SDF module" ON)
 
 option(ENABLE_ASM_UNDERSCORE_PREFIX "Add prefix `_` to assembly symbols" ON)
 
-option(ENABLE_TLS "Enable TLS and TLCP protocol support" OFF)
+option(ENABLE_TLS "Enable TLS and TLCP protocol support" ON)
 option(ENABLE_TLS_DEBUG "Enable TLS and TLCP print debug message" OFF)
 
 option (ENABLE_SM2_ENC_PRE_COMPUTE "Enable SM2 encryption precomputing" ON)
@@ -219,9 +218,9 @@ if (ENABLE_TEST_SPEED)
 	add_definitions(-DENABLE_TEST_SPEED)
 endif()
 
-if (ENABLE_LONG_TEST)
-	message(STATUS "ENABLE_LONG_TEST is ON")
-	add_definitions(-DENABLE_LONG_TEST)
+if (ENABLE_SLOW_TEST)
+	message(STATUS "ENABLE_SLOW_TEST is ON")
+	add_definitions(-DENABLE_SLOW_TEST)
 endif()
 
 
@@ -822,7 +821,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1109")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1110")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)

include/gmssl/version.h

@@ -18,7 +18,7 @@ extern "C" {
 
 
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1109"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1110"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);

src/tls12.c

@@ -52,7 +52,7 @@ const int tls12_cipher_suites[] = {
 	TLS_cipher_ecdhe_ecdsa_with_aes_128_cbc_sha256,
 	TLS_cipher_ecdhe_ecdsa_with_aes_128_gcm_sha256,
 #ifdef ENABLE_AES_CCM
-	TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm_sha256,
+	TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm,
 #endif
 #endif
 };
@@ -3168,7 +3168,7 @@ int tls12_send(TLS_CONNECT *conn, const uint8_t *in, size_t inlen, size_t *sentl
 			break;
 
 #ifdef ENABLE_AES_CCM
-		case TLS_cipher_ecdhe_ecdsa_aes_128_ccm_sha256:
+		case TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm:
 			if (tls_ccm_encrypt(enc_key, fixed_iv, seq_num, conn->databuf,
 				conn->databuf + 5, tls_record_data_length(conn->databuf),
 				conn->record + 5, &recordlen) != 1) {

tests/lmstest.c

@@ -10,11 +10,18 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <time.h>
 #include <gmssl/hex.h>
 #include <gmssl/rand.h>
 #include <gmssl/error.h>
 #include <gmssl/lms.h>
 
+static void test_print_elapsed(const char *func, clock_t start)
+{
+	printf("    %s() elapsed: %.3f seconds\n",
+		func, (double)(clock() - start)/CLOCKS_PER_SEC);
+}
+
 
 static int lms_types[] = {
 	LMS_HASH256_M32_H5,
@@ -305,6 +312,7 @@ static int test_lms_key_generate(void)
 {
 	LMS_KEY lms_key;
 	int lms_type = lms_types[0];
+	clock_t start = clock();
 
 	if (lms_key_generate(&lms_key, lms_type) != 1) {
 		error_print();
@@ -312,6 +320,7 @@ static int test_lms_key_generate(void)
 	}
 	lms_private_key_print(stdout, 0, 0, "lms_private_key", &lms_key);
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -456,6 +465,7 @@ static int test_lms_sign(void)
 	uint8_t sig[LMS_SIGNATURE_MAX_SIZE];
 	size_t siglen;
 	int ret;
+	clock_t start = clock();
 
 	if (lms_key_generate(&key, lms_type) != 1) {
 		error_print();
@@ -517,6 +527,7 @@ static int test_lms_sign(void)
 		return -1;
 	}
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -548,6 +559,7 @@ static int test_lms_max_sigs(void)
 static int test_hss_key_generate(void)
 {
 	HSS_KEY key;
+	clock_t start = clock();
 
 	if (hss_key_generate(&key, lms_types, sizeof(lms_types)/sizeof(lms_types[0])) != 1) {
 		error_print();
@@ -557,6 +569,7 @@ static int test_hss_key_generate(void)
 	hss_public_key_print(stdout, 0, 4, "hss_public_key", &key);
 	hss_private_key_print(stdout, 0, 4, "hss_key", &key);
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -834,6 +847,7 @@ static int test_hss_sign_level1(void)
 	uint8_t msg[200];
 	uint8_t buf[sizeof(HSS_SIGNATURE)];
 	size_t len;
+	clock_t start = clock();
 
 	if (hss_key_generate(&key, lms_types, levels) != 1) {
 		error_print();
@@ -866,6 +880,7 @@ static int test_hss_sign_level1(void)
 		return -1;
 	}
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -879,6 +894,7 @@ static int test_hss_sign_level2(void)
 	uint8_t msg[200];
 	uint8_t buf[sizeof(HSS_SIGNATURE)];
 	size_t len;
+	clock_t start = clock();
 
 	if (hss_key_generate(&key, lms_types, levels) != 1) {
 		error_print();
@@ -915,6 +931,7 @@ static int test_hss_sign_level2(void)
 		return -1;
 	}
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -927,6 +944,7 @@ static int test_hss_sign(void)
 	uint8_t msg[200];
 	uint8_t buf[sizeof(HSS_SIGNATURE)];
 	size_t len;
+	clock_t start = clock();
 
 	if (hss_key_generate(&key, lms_types, sizeof(lms_types)/sizeof(lms_types[0])) != 1) {
 		error_print();
@@ -963,6 +981,7 @@ static int test_hss_sign(void)
 		return -1;
 	}
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }

tests/pbkdf2test.c

@@ -20,7 +20,7 @@
 #define TEST_PBKDF2_MAX_SALT_SIZE 36
 #define TEST_PBKDF2_MAX_DK_SIZE 65
 
-#ifndef ENABLE_LONG_TEST
+#ifndef ENABLE_SLOW_TEST
 #define TEST_PBKDF2_MAX_ITERATION_COUNT 1000000
 #endif
 
@@ -70,7 +70,7 @@ static int test_pbkdf2_hmac_wycheproof(const char *name, const DIGEST *digest,
 		size_t expected_len;
 		int ret;
 
-#ifndef ENABLE_LONG_TEST
+#ifndef ENABLE_SLOW_TEST
 		if (tv->iteration_count > TEST_PBKDF2_MAX_ITERATION_COUNT) {
 			fprintf(stderr, "%s tcId %d skipped: iteration_count = %zu\n",
 				name, tv->tc_id, tv->iteration_count);

tests/sphincstest.c

@@ -10,12 +10,19 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <time.h>
 #include <gmssl/hex.h>
 #include <gmssl/rand.h>
 #include <gmssl/error.h>
 #include <gmssl/endian.h>
 #include <gmssl/sphincs.h>
 
+static void test_print_elapsed(const char *func, clock_t start)
+{
+	printf("    %s() elapsed: %.3f seconds\n",
+		func, (double)(clock() - start)/CLOCKS_PER_SEC);
+}
+
 
 typedef struct {
 	char *name;
@@ -157,9 +164,11 @@ static int test_sphincs_wots_sign(void)
 	sphincs_adrs_t adrs;
 	sphincs_hash128_t dgst;
 	sphincs_wots_sig_t wots_sig;
+	clock_t start = clock();
 
 	sphincs_wots_sign(wots_sk, seed, adrs, dgst, wots_sig);
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -191,6 +200,7 @@ static int test_sphincs_wots_sign_verify(void)
 	sphincs_wots_key_t wots_pk2;
 	sphincs_hash128_t wots_root;
 	int i;
+	clock_t start = clock();
 
 	sphincs_adrs_set_layer_address(adrs, 0);
 	sphincs_adrs_set_tree_address(adrs, 0);
@@ -241,6 +251,7 @@ static int test_sphincs_wots_sign_verify(void)
 
 
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -329,6 +340,7 @@ static int test_sphincs_xmss_sign(void)
 	SPHINCS_XMSS_SIGNATURE sig;
 	sphincs_hash128_t xmss_root;
 	sphincs_hash128_t auth_path[SPHINCS_XMSS_HEIGHT];
+	clock_t start = clock();
 
 
 	sphincs_xmss_build_tree(secret, seed, adrs, xmss_tree);
@@ -351,6 +363,7 @@ static int test_sphincs_xmss_sign(void)
 		return -1;
 	}
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -440,6 +453,7 @@ static int test_sphincs_hypertree_sign(void)
 
 	sphincs_hash128_t ht_root;
 	SPHINCS_XMSS_SIGNATURE ht_sig[SPHINCS_HYPERTREE_LAYERS];
+	clock_t start = clock();
 
 	sphincs_hypertree_derive_root(secret, seed, ht_root);
 	format_bytes(stderr, 0, 4, "hypertree_root", ht_root, 16);
@@ -453,6 +467,7 @@ static int test_sphincs_hypertree_sign(void)
 		return -1;
 	}
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 
@@ -468,6 +483,7 @@ static int test_sphincs_fors_sign(void)
 	sphincs_hash128_t root;
 	sphincs_hash128_t sig_to_root;
 	SPHINCS_FORS_SIGNATURE sig;
+	clock_t start = clock();
 
 
 
@@ -483,6 +499,7 @@ static int test_sphincs_fors_sign(void)
 	}
 
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -516,6 +533,7 @@ static int test_sphincs_sign(void)
 	uint32_t i;
 
 	uint8_t tbs[SPHINCS_TBS_SIZE];
+	clock_t start = clock();
 
 	if (sphincs_key_generate(key) != 1) {
 		error_print();
@@ -628,6 +646,7 @@ static int test_sphincs_sign(void)
 	}
 
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -641,6 +660,7 @@ static int test_sphincs_sign_update(void)
 	uint8_t msg[100] = { 1,2,3 };
 	uint8_t sigbuf[SPHINCS_SIGNATURE_SIZE];
 	size_t siglen;
+	clock_t start = clock();
 
 	if (sphincs_key_generate(&key) != 1) {
 		error_print();
@@ -725,6 +745,7 @@ static int test_sphincs_sign_update(void)
 
 
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -748,12 +769,16 @@ int main(void)
 	if (test_sphincs_xmss_sign() != 1) goto err;
 
 	if (test_sphincs_hypertree() != 1) goto err;
+#ifdef ENABLE_SLOW_TEST
 	if (test_sphincs_hypertree_sign() != 1) goto err;
+#endif
 
 	if (test_sphincs_fors_sign() != 1) goto err;
 
+#ifdef ENABLE_SLOW_TEST
 	if (test_sphincs_sign() != 1) goto err;
 	if (test_sphincs_sign_update() != 1) goto err;
+#endif
 
 	printf("%s all tests passed\n", __FILE__);
 	return 0;

tests/tlstest.c

@@ -177,7 +177,7 @@ static int test_tls_ccm(void)
 	enced_record[4] = (uint8_t)enced_recordlen;
 	enced_recordlen += 5;
 
-	if (tls12_record_decrypt(TLS_cipher_aes_128_ccm_sha256, NULL, &aes_key, fixed_iv, seq_num,
+	if (tls_record_decrypt(TLS_cipher_ecdhe_ecdsa_with_aes_128_ccm, NULL, &aes_key, fixed_iv, seq_num,
 		enced_record, enced_recordlen, buf, &buflen) != 1
 		|| buflen != recordlen
 		|| memcmp(buf, record, recordlen) != 0) {

tests/xmsstest.c

@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <time.h>
 #include <gmssl/hex.h>
 #include <gmssl/rand.h>
 #include <gmssl/error.h>
@@ -17,6 +18,12 @@
 #include <gmssl/xmss.h>
 
 
+static void test_print_elapsed(const char *func, clock_t start)
+{
+	printf("    %s() elapsed: %.3f seconds\n",
+		func, (double)(clock() - start)/CLOCKS_PER_SEC);
+}
+
 
 static int test_xmss_adrs(void)
 {
@@ -132,6 +139,7 @@ static int test_wots_sign(void)
 	xmss_wots_key_t sig_pk;
 	size_t len;
 	int i;
+	clock_t start = clock();
 
 	memset(secret, 0x12, sizeof(secret));
 	memset(seed, 0xab, sizeof(seed));
@@ -165,6 +173,7 @@ static int test_wots_sign(void)
 		return -1;
 	}
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -342,6 +351,7 @@ static int test_xmss_key_generate(void)
 	XMSS_KEY key;
 	size_t count;
 	size_t i;
+	clock_t start = clock();
 
 	if (xmss_key_generate(&key, xmss_type) != 1) {
 		error_print();
@@ -368,6 +378,7 @@ static int test_xmss_key_generate(void)
 		return -1;
 	}
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -464,6 +475,7 @@ static int test_xmss_sign(void)
 	XMSS_HASH256_CTX ctx;
 	xmss_hash256_t dgst;
 	size_t h;
+	clock_t start = clock();
 
 
 	if (xmss_key_generate(&key, xmss_type) != 1) {
@@ -544,6 +556,7 @@ static int test_xmss_sign(void)
 		return -1;
 	}
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -559,6 +572,7 @@ static int test_xmss_sign_update(void)
 	size_t siglen;
 	uint8_t msg[100] = {0};
 	int i;
+	clock_t start = clock();
 
 	if (xmss_key_generate(&key, xmss_type) != 1) {
 		error_print();
@@ -594,6 +608,7 @@ static int test_xmss_sign_update(void)
 	}
 	xmss_key_cleanup(&key);
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -641,6 +656,7 @@ static int test_xmssmt_key_generate(void)
 {
 	uint32_t xmssmt_index = XMSSMT_HASH256_20_4_256;
 	XMSSMT_KEY key;
+	clock_t start = clock();
 
 	if (xmssmt_key_generate(&key, xmssmt_index) != 1) {
 		error_print();
@@ -650,6 +666,7 @@ static int test_xmssmt_key_generate(void)
 	xmssmt_public_key_print(stderr, 0, 4, "xmssmt_public_key", &key);
 	xmssmt_private_key_print(stderr, 0, 4, "xmssmt_private_key", &key);
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -927,6 +944,7 @@ static int test_xmssmt_sign(void)
 	uint64_t tree_address;
 	uint32_t tree_index;
 	uint32_t layer;
+	clock_t start = clock();
 
 
 	if (xmssmt_type_to_height_and_layers(xmssmt_type, &height, &layers) != 1) {
@@ -1048,6 +1066,7 @@ static int test_xmssmt_sign(void)
 		return -1;
 	}
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -1061,6 +1080,7 @@ static int test_xmssmt_sign_update(void)
 	uint8_t msg[100] = {0};
 	uint8_t sigbuf[sizeof(XMSSMT_SIGNATURE) *2 ];
 	size_t siglen;
+	clock_t start = clock();
 
 	if (xmssmt_key_generate(&key, xmssmt_type) != 1) {
 		error_print();
@@ -1133,6 +1153,7 @@ static int test_xmssmt_sign_update(void)
 
 
 
+	test_print_elapsed(__FUNCTION__, start);
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
@@ -1149,13 +1170,17 @@ int main(void)
 	if (test_xmss_adrs() != 1) goto err;
 	if (test_xmss_build_tree() != 1) goto err;
 	if (test_xmss_build_root() != 1) goto err;
+#ifdef ENABLE_SLOW_TEST
 	if (test_xmss_key_generate() != 1) goto err;
+#endif
 	if (test_xmss_public_key_to_bytes() != 1) goto err;
 	if (test_xmss_private_key_size() != 1) goto err;
 	//if (test_xmss_private_key_to_bytes() != 1) goto err;
 	if (test_xmss_signature_size() != 1) goto err;
+#ifdef ENABLE_SLOW_TEST
 	if (test_xmss_sign() != 1) goto err;
 	if (test_xmss_sign_update() != 1) goto err;
+#endif
 	if (test_xmssmt_key_generate() != 1) goto err;
 	if (test_xmssmt_index_to_bytes() != 1) goto err;
 	if (test_xmssmt_signature_to_bytes() != 1) goto err;

tools/gmssl.c

@@ -134,10 +134,10 @@ extern int skfutil_main(int argc, char **argv);
 #endif
 
 static const char *options =
-	"command [options]\n"
-	"command -help\n"
+	"<command> [options]\n"
+	"\n"
+	"command:\n"
 	"\n"
-	"Commands:\n"
 	"  help              Print this help message\n"
 	"  version           Print version\n"
 	"  rand              Generate random bytes\n"
@@ -149,26 +149,26 @@ static const char *options =
 	"  sm3               Generate SM3 hash\n"
 	"  sm3hmac           Generate SM3 HMAC tag\n"
 	"  sm3_pbkdf2        Hash password into key using PBKDF2 algoritm\n"
+	"  sm4_gcm           Encrypt or decrypt with SM4 GCM\n"
+	"  sm4_cbc           Encrypt or decrypt with SM4 CBC\n"
+	"  sm4_ctr           Encrypt or decrypt with SM4 CTR\n"
+	"  sm4_cbc_sm3_hmac  Encrypt or decrypt with SM4 CBC with SM3-HMAC\n"
+	"  sm4_ctr_sm3_hmac  Encrypt or decrypt with SM4 CTR with SM3-HMAC\n"
+#ifdef ENABLE_SM4_CCM
+	"  sm4_ccm           Encrypt or decrypt with SM4 CCM\n"
+#endif
+#ifdef ENABLE_SM4_XTS
+	"  sm4_xts           Encrypt or decrypt with SM4 XTS\n"
+#endif
 #ifdef ENABLE_SM4_ECB
 	"  sm4_ecb           Encrypt or decrypt with SM4 ECB\n"
 #endif
-	"  sm4_cbc           Encrypt or decrypt with SM4 CBC\n"
-	"  sm4_ctr           Encrypt or decrypt with SM4 CTR\n"
 #ifdef ENABLE_SM4_CFB
 	"  sm4_cfb           Encrypt or decrypt with SM4 CFB\n"
 #endif
 #ifdef ENABLE_SM4_OFB
 	"  sm4_ofb           Encrypt or decrypt with SM4 OFB\n"
 #endif
-#ifdef ENABLE_SM4_CCM
-	"  sm4_ccm           Encrypt or decrypt with SM4 CCM\n"
-#endif
-	"  sm4_gcm           Encrypt or decrypt with SM4 GCM\n"
-#ifdef ENABLE_SM4_XTS
-	"  sm4_xts           Encrypt or decrypt with SM4 XTS\n"
-#endif
-	"  sm4_cbc_sm3_hmac  Encrypt or decrypt with SM4 CBC with SM3-HMAC\n"
-	"  sm4_ctr_sm3_hmac  Encrypt or decrypt with SM4 CTR with SM3-HMAC\n"
 #ifdef ENABLE_SM4_CBC_MAC
 	"  sm4_cbc_mac       Generate SM4 CBC-MAC\n"
 #endif
@@ -189,24 +189,24 @@ static const char *options =
 	"  reqgen            Generate certificate signing request (CSR)\n"
 	"  reqsign           Generate certificate from CSR\n"
 	"  reqparse          Parse and print a CSR\n"
+	"  certgen           Generate a self-signed certificate\n"
+	"  certverify        Verify certificate chain\n"
+	"  certrevoke        Revoke certificate and output RevokedCertificate record\n"
+	"  certparse         Parse and print certificates\n"
 	"  crlget            Download the CRL of given certificate\n"
 	"  crlgen            Sign a CRL with CA certificate and private key\n"
 	"  crlverify         Verify a CRL with issuer's certificate\n"
 	"  crlparse          Parse and print CRL\n"
-	"  certgen           Generate a self-signed certificate\n"
-	"  certparse         Parse and print certificates\n"
-	"  certverify        Verify certificate chain\n"
-	"  certrevoke        Revoke certificate and output RevokedCertificate record\n"
 	"  ocspreq           Generate OCSPRequest\n"
 	"  ocspget           Download OCSPResponse from OCSP responder\n"
 	"  ocspsign          Sign OCSPResponse\n"
 	"  ocspverify        Verify OCSPResponse\n"
 #ifdef ENABLE_CMS
-	"  cmsparse          Parse CMS (cryptographic message syntax) file\n"
-	"  cmsencrypt        Generate CMS EnvelopedData\n"
-	"  cmsdecrypt        Decrypt CMS EnvelopedData\n"
 	"  cmssign           Generate CMS SignedData\n"
 	"  cmsverify         Verify CMS SignedData\n"
+	"  cmsencrypt        Generate CMS EnvelopedData\n"
+	"  cmsdecrypt        Decrypt CMS EnvelopedData\n"
+	"  cmsparse          Parse CMS (cryptographic message syntax) file\n"
 #endif
 #ifdef ENABLE_SECP256R1
 	"  p256keygen        Generate P-256 (secp256r1, prime256v1) keypair\n"

tools/xmssmtkeygen.c

@@ -151,7 +151,7 @@ bad:
 
 	ret = 0;
 end:
-	xmss_key_cleanup(&key);
+	xmssmt_key_cleanup(&key);
 	if (out) {
 		gmssl_secure_clear(out, outlen);
 		free(out);