diff --git a/demos/certs/ca/Ant Financial Certification Authority S1.pem b/demos/certs/ca/Ant Financial Certification Authority S1.pem
deleted file mode 100644
index 5c7326b4..00000000
--- a/demos/certs/ca/Ant Financial Certification Authority S1.pem	
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICzjCCAnKgAwIBAgIQZMsSZdRKbxEiVT+tvsQxfzAMBggqgRzPVQGDdQUAMC4x
-CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEPMA0GA1UEAwwGUk9PVENBMB4X
-DTE4MDMwNTA3MDEwOFoXDTM4MDIyODA3MDEwOFowejELMAkGA1UEBhMCQ04xFjAU
-BgNVBAoMDUFudCBGaW5hbmNpYWwxIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MTEwLwYDVQQDDChBbnQgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5IFMxMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEGmfMCs2ZerI5lvrO
-bxfY8HJyIcTwfMtXb3R1KgqJmUTmsdlb3g13lkvkp2GwqGOpptUOxE09hZAeF4tY
-QzSkSaOCASIwggEeMB8GA1UdIwQYMBaAFEwysZfZMxvEpgXBxuWLYlvwl3ZYMA8G
-A1UdEwEB/wQFMAMBAf8wgboGA1UdHwSBsjCBrzBBoD+gPaQ7MDkxCzAJBgNVBAYT
-AkNOMQ4wDAYDVQQKDAVOUkNBQzEMMAoGA1UECwwDQVJMMQwwCgYDVQQDDANhcmww
-KqAooCaGJGh0dHA6Ly93d3cucm9vdGNhLmdvdi5jbi9hcmwvYXJsLmNybDA+oDyg
-OoY4bGRhcDovL2xkYXAucm9vdGNhLmdvdi5jbjozODkvQ049YXJsLE9VPUFSTCxP
-PU5SQ0FDLEM9Q04wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQ3NFyrGaAF5BAy
-72g+BP4NTGdGEzAMBggqgRzPVQGDdQUAA0gAMEUCIQCXq5uO1PaKFI764ak1Ah5R
-5vc7E6WGBsO7Jv8+GM8xFgIgbCi8GfqKKiAAhJ3grv5vbQy5kPeC5I/8X3igW4k5
-1Tc=
------END CERTIFICATE-----
diff --git a/demos/certs/ca/TJCA.pem b/demos/certs/ca/TJCA.pem
deleted file mode 100644
index cdf512a5..00000000
--- a/demos/certs/ca/TJCA.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC7jCCApKgAwIBAgIQS66cxft/wk8MdWCL2qSImjAMBggqgRzPVQGDdQUAMDox
-CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEbMBkGA1UEAwwSQ2l2aWwgU2Vy
-dmFudCBST09UMB4XDTE3MTIwNjAyNTczMFoXDTM3MTIwMTAyNTczMFowVjELMAkG
-A1UEBhMCQ04xEjAQBgNVBAgMCeWkqea0peW4gjEkMCIGA1UECgwb5aSp5rSl5biC
-55S15a2Q6K6k6K+B5Lit5b+DMQ0wCwYDVQQDDARUSkNBMFkwEwYHKoZIzj0CAQYI
-KoEcz1UBgi0DQgAE2GJUeLtgaq271GSkgvmvBHJVxrg6K8Nx6AogQxNB/qoQjup4
-YDw9odBrYiqdTbOgYL5I+iiPCXJg+6xKL3VA6aOCAVowggFWMB8GA1UdIwQYMBaA
-FJ/cX1elCW5m8PJ1du0BYnAE/PpUMA8GA1UdEwEB/wQFMAMBAf8wgfIGA1UdHwSB
-6jCB5zBPoE2gS6RJMEcxCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEMMAoG
-A1UECwwDQVJMMRowGAYDVQQDDBFDaXZpbF9TZXJ2YW50X0FSTDBGoESgQoZAaHR0
-cDovL3d3dy5yb290Y2EuZ292LmNuL0NpdmlsX1NlcnZhbnRfYXJsL0NpdmlsX1Nl
-cnZhbnRfQVJMLmNybDBMoEqgSIZGbGRhcDovL2xkYXAucm9vdGNhLmdvdi5jbjoz
-OTAvQ049Q2l2aWxfU2VydmFudF9BUkwsT1U9QVJMLE89TlJDQUMsQz1DTjAOBgNV
-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFE6BR1+l7EDGRDMxpkHLpByil04oMAwGCCqB
-HM9VAYN1BQADSAAwRQIgC79X9bYZNHi88AOzS1mcL8iMOTnuOhISxkw6Hbou9bIC
-IQCGFTlCuEYGX3Qc+HlufzqyKjyYyUCTb0FkfhOfhcEU+g==
------END CERTIFICATE-----
diff --git a/demos/certs/ca/Taier CA.pem b/demos/certs/ca/Taier CA.pem
deleted file mode 100644
index 40ed0965..00000000
--- a/demos/certs/ca/Taier CA.pem	
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIChDCCAiigAwIBAgIQLXrZ9QK+bZE4WSoVyuo7GzAMBggqgRzPVQGDdQUAMC4x
-CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEPMA0GA1UEAwwGUk9PVENBMB4X
-DTE2MDcxMzA4MjQ1NFoXDTM2MDcwODA4MjQ1NFowMDELMAkGA1UEBhMCQ04xDjAM
-BgNVBAoMBUNBSUNUMREwDwYDVQQDDAhUYWllciBDQTBZMBMGByqGSM49AgEGCCqB
-HM9VAYItA0IABAxbfsHfqwv8GmfhJYnj0R+fFFqkegyvdZgzRtnnnEDmoy4GNwQa
-kVNElUTsMFIJDOEbXTfYazvOghVNsR1UFRujggEiMIIBHjAfBgNVHSMEGDAWgBRM
-MrGX2TMbxKYFwcbli2Jb8Jd2WDAPBgNVHRMBAf8EBTADAQH/MIG6BgNVHR8EgbIw
-ga8wQaA/oD2kOzA5MQswCQYDVQQGEwJDTjEOMAwGA1UECgwFTlJDQUMxDDAKBgNV
-BAsMA0FSTDEMMAoGA1UEAwwDYXJsMCqgKKAmhiRodHRwOi8vd3d3LnJvb3RjYS5n
-b3YuY24vYXJsL2FybC5jcmwwPqA8oDqGOGxkYXA6Ly9sZGFwLnJvb3RjYS5nb3Yu
-Y246Mzg5L0NOPWFybCxPVT1BUkwsTz1OUkNBQyxDPUNOMA4GA1UdDwEB/wQEAwIB
-BjAdBgNVHQ4EFgQUi2kQa6VC3y6m96DZs4ykCLs9UDkwDAYIKoEcz1UBg3UFAANI
-ADBFAiAnOTxqRKjk7+RlMuu6dRIoncmZPPkmVytXeGkvxmN8zAIhAI4zYqRtqy4e
-754IdYX8fZDRQi9Mf2ZIkEEgIy9o1+Gf
------END CERTIFICATE-----
diff --git a/demos/certs/crl/Civil Servant ROOT.crl b/demos/certs/crl/Civil Servant ROOT.crl
deleted file mode 100644
index a713b437..00000000
Binary files a/demos/certs/crl/Civil Servant ROOT.crl and /dev/null differ
diff --git a/demos/certs/crl/Device ROOT.crl b/demos/certs/crl/Device ROOT.crl
deleted file mode 100644
index 0384dfd7..00000000
Binary files a/demos/certs/crl/Device ROOT.crl and /dev/null differ
diff --git a/demos/certs/crl/ROOTCA.crl b/demos/certs/crl/ROOTCA.crl
deleted file mode 100644
index 8200bc0e..00000000
Binary files a/demos/certs/crl/ROOTCA.crl and /dev/null differ
diff --git a/demos/certs/rootca/Civil Servant ROOT.pem b/demos/certs/rootca/Civil Servant ROOT.pem
deleted file mode 100644
index eff2c5ed..00000000
--- a/demos/certs/rootca/Civil Servant ROOT.pem	
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB0jCCAXegAwIBAgIQEdZMMEt/UB6aBlClCPrHdDAMBggqgRzPVQGDdQUAMDox
-CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEbMBkGA1UEAwwSQ2l2aWwgU2Vy
-dmFudCBST09UMB4XDTE0MDcxNTA2NDg1NloXDTQ0MDcwNzA2NDg1NlowOjELMAkG
-A1UEBhMCQ04xDjAMBgNVBAoMBU5SQ0FDMRswGQYDVQQDDBJDaXZpbCBTZXJ2YW50
-IFJPT1QwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAR1whSysIMDakj11nL+KgJ1
-J+HtXJU2D/EhV+QC1b+/yDXWdcZay7X79wC/g4vJdUIAdyZfLVy3lYYFc3aJ2smr
-o10wWzAfBgNVHSMEGDAWgBSf3F9XpQluZvDydXbtAWJwBPz6VDAMBgNVHRMEBTAD
-AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUn9xfV6UJbmbw8nV27QFicAT8+lQw
-DAYIKoEcz1UBg3UFAANHADBEAiAkrV4rtXx+4fdJBIVSxHFKh2znz2vnSgk/eBIl
-gNQK7AIgNVusahBBOxafSdIB1cX8zJCnq+OcCNLRezYSbXQ45Jg=
------END CERTIFICATE-----
diff --git a/demos/certs/rootca/Device ROOT.pem b/demos/certs/rootca/Device ROOT.pem
deleted file mode 100644
index 101e4acc..00000000
--- a/demos/certs/rootca/Device ROOT.pem	
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBxjCCAWmgAwIBAgIQVWEAYiD7bkTypcG5eLcUIzAMBggqgRzPVQGDdQUAMDMx
-CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEUMBIGA1UEAwwLRGV2aWNlIFJP
-T1QwHhcNMTQwNzE1MDY0OTE0WhcNNDQwNzA3MDY0OTE0WjAzMQswCQYDVQQGEwJD
-TjEOMAwGA1UECgwFTlJDQUMxFDASBgNVBAMMC0RldmljZSBST09UMFkwEwYHKoZI
-zj0CAQYIKoEcz1UBgi0DQgAErrT3rKewd5fIH38K5dUcB6dxxYcFCqHlklxWnwiU
-n39eP3O8D3h7gncGBJoxX5XToyqwy4saICZq3MEIBf6XKqNdMFswHwYDVR0jBBgw
-FoAUodkX9LXKzt+c9s0ZP86nFwz5gPUwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC
-AQYwHQYDVR0OBBYEFKHZF/S1ys7fnPbNGT/OpxcM+YD1MAwGCCqBHM9VAYN1BQAD
-SQAwRgIhAO6XHWXfSyMUt/fn6yB5vPH9bHofYkylecmwqbN7jNlBAiEA2b8vR1TR
-u1rh597JnGgp8tdjAiBbPWYjHcJDRBGcljA=
------END CERTIFICATE-----
diff --git a/demos/certs/rootca/ROOTCA.pem b/demos/certs/rootca/ROOTCA.pem
deleted file mode 100644
index ae04bf53..00000000
--- a/demos/certs/rootca/ROOTCA.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBszCCAVegAwIBAgIIaeL+wBcKxnswDAYIKoEcz1UBg3UFADAuMQswCQYDVQQG
-EwJDTjEOMAwGA1UECgwFTlJDQUMxDzANBgNVBAMMBlJPT1RDQTAeFw0xMjA3MTQw
-MzExNTlaFw00MjA3MDcwMzExNTlaMC4xCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVO
-UkNBQzEPMA0GA1UEAwwGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE
-MPCca6pmgcchsTf2UnBeL9rtp4nw+itk1Kzrmbnqo05lUwkwlWK+4OIrtFdAqnRT
-V7Q9v1htkv42TsIutzd126NdMFswHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti
-W/CXdlgwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFEwysZfZ
-MxvEpgXBxuWLYlvwl3ZYMAwGCCqBHM9VAYN1BQADSAAwRQIgG1bSLeOXp3oB8H7b
-53W+CKOPl2PknmWEq/lMhtn25HkCIQDaHDgWxWFtnCrBjH16/W3Ezn7/U/Vjo5xI
-pDoiVhsLwg==
------END CERTIFICATE-----
diff --git a/demos/scripts/cademo.sh b/demos/scripts/cademo.sh
deleted file mode 100755
index 73796510..00000000
--- a/demos/scripts/cademo.sh
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/bash -x
-
-set -e
-
-gmssl sm2keygen -pass 1234 -out rootcakey.pem
-gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
-gmssl certparse -in rootcacert.pem
-
-gmssl sm2keygen -pass 1234 -out cakey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
-gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
-gmssl certparse -in cacert.pem
-
-gmssl sm2keygen -pass 1234 -out signkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
-gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
-gmssl certparse -in signcert.pem
-
-gmssl sm2keygen -pass 1234 -out enckey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
-gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
-gmssl certparse -in enccert.pem
-
-rm -fr revoked_certs.der
-gmssl certrevoke -in signcert.pem -reason keyCompromise -out revoked_certs.der
-gmssl certrevoke -in enccert.pem -reason keyCompromise -out revoked_certs.der
-gmssl crlgen -in revoked_certs.der -cacert cacert.pem -key cakey.pem -pass 1234 -next_update 20240101000000Z -gen_authority_key_id -crl_num 1 -out crl.der
-gmssl crlparse -in crl.der
-
-rm -fr rootcakey.pem
-rm -fr rootcacert.pem
-rm -fr cakey.pem
-rm -fr careq.pem
-rm -fr cacert.pem
-rm -fr signkey.pem
-rm -fr signreq.pem
-rm -fr signcert.pem
-rm -fr enckey.pem
-rm -fr encreq.pem
-rm -fr enccert.pem
-rm -fr revoked_certs.der
-rm -fr crl.der
-
-echo "all ok"
diff --git a/demos/scripts/certdemo.sh b/demos/scripts/certdemo.sh
deleted file mode 100755
index 8d9957f9..00000000
--- a/demos/scripts/certdemo.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/bash -x
-
-set -e
-
-gmssl sm2keygen -pass 1234 -out rootcakey.pem
-gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 \
-	-key rootcakey.pem -pass 1234 \
-	-out rootcacert.pem \
-	-ca -path_len_constraint 6 \
-	-key_usage keyCertSign -key_usage cRLSign \
-	-crl_http_uri http://pku.edu.cn/ca.crl -ca_issuers_uri http://pku.edu.cn/ca.crt -ocsp_uri http://ocsp.pku.edu.cn
-
-gmssl certparse -in rootcacert.pem
-
-gmssl sm2keygen -pass 1234 -out cakey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
-gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem \
-	-crl_http_uri http://pku.edu.cn/ca.crl -ca_issuers_uri http://pku.edu.cn/ca.crt -ocsp_uri http://ocsp.pku.edu.cn
-gmssl certparse -in cacert.pem
-
-gmssl sm2keygen -pass 1234 -out signkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
-gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem \
-	-crl_http_uri http://github.com/guanzhi/GmSSL/raw/master/demos/certs/SubCA-1.crl
-gmssl certparse -in signcert.pem
-
-gmssl sm2keygen -pass 1234 -out enckey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
-gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem \
-	-crl_http_uri http://github.com/guanzhi/GmSSL/raw/master/demos/certs/SubCA-1.crl
-gmssl certparse -in enccert.pem
-
-cat signcert.pem > certs.pem
-cat cacert.pem >> certs.pem
-gmssl certverify -in certs.pem -cacert rootcacert.pem #-check_crl
-
-cat signcert.pem > dbl_certs.pem
-cat enccert.pem >> dbl_certs.pem
-cat cacert.pem >> dbl_certs.pem
-gmssl certverify -double_certs -in dbl_certs.pem -cacert rootcacert.pem #-check_crl
-
-echo ok
-
diff --git a/demos/scripts/certs.sh b/demos/scripts/certs.sh
deleted file mode 100755
index 5e902d10..00000000
--- a/demos/scripts/certs.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash -x
-
-set -e
-
-cd ../certs
-
-gmssl certparse -in "rootca/Civil Servant ROOT.pem"
-gmssl certverify -in "rootca/Civil Servant ROOT.pem" -cacert "rootca/Civil Servant ROOT.pem"
-gmssl crlparse -in "crl/Civil Servant ROOT.crl"
-gmssl crlverify -in "crl/Civil Servant ROOT.crl" -cacert "rootca/Civil Servant ROOT.pem"
-
-gmssl certparse -in "rootca/Device ROOT.pem"
-gmssl certverify -in "rootca/Device ROOT.pem" -cacert "rootca/Device ROOT.pem"
-gmssl crlparse -in "crl/Device ROOT.crl"
-gmssl crlverify -in "crl/Device ROOT.crl" -cacert "rootca/Device ROOT.pem"
-
-gmssl certparse -in "rootca/ROOTCA.pem"
-gmssl certverify -in "rootca/ROOTCA.pem" -cacert "rootca/ROOTCA.pem"
-gmssl crlparse -in "crl/ROOTCA.crl"
-gmssl crlverify -in "crl/ROOTCA.crl" -cacert "rootca/ROOTCA.pem" # now > next_update
-
-# The CRL URI of ROOTCA.pem is in Base64 format, not DER
-gmssl certverify -in "ca/TJCA.pem" -cacert "rootca/Civil Servant ROOT.pem" #-check_crl
-gmssl certverify -in "ca/Taier CA.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
-gmssl certverify -in "ca/Ant Financial Certification Authority S1.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
-
-echo ok
diff --git a/demos/scripts/certverify.sh b/demos/scripts/certverify.sh
deleted file mode 100755
index b6f7804d..00000000
--- a/demos/scripts/certverify.sh
+++ /dev/null
@@ -1,129 +0,0 @@
-#!/bin/bash -x
-
-set -e
-
-signcert=ebssec.boc.cn-sign.pem
-enccert=ebssec.boc.cn-enc.pem
-crl=CFCA_SM2_OCA1.crl
-cacert=CFCA_SM2_OCA1.pem
-rootcacert=CFCA_CS_SM2_CA.pem
-
-
-cat << EOF > $signcert
------BEGIN CERTIFICATE-----
-MIICzzCCAnKgAwIBAgIFEzY5M3AwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD
-TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2
-MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD
-VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF
-rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN
-ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABPsNUnoZQM9C
-SnvC57TbvdfyOTCuPOSlZmPAyxBKFj+Y1QH/xlubHdVf5XqHrO1jCDRi7aN5IKGX
-QF1492c803OjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB
-ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF
-BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f
-BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j
-cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCBsAwHQYD
-VR0OBBYEFJ6oFo/OrKgDhHFORpaq04kX7T1KMB0GA1UdJQQWMBQGCCsGAQUFBwMC
-BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0kAMEYCIQCvhSvbv5h6ERl1YcCLg+fz
-9UleQbaPfBYwUjUD2dAHVQIhAMRC4k9S/mSC0UpUvCqh/DQC2Ui8Tccd5G2IgYSs
-cnUN
------END CERTIFICATE-----
-EOF
-
-cat << EOF > $enccert
------BEGIN CERTIFICATE-----
-MIICzjCCAnKgAwIBAgIFEzY5M3EwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD
-TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2
-MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD
-VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF
-rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN
-ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABMn1q+hbV0i1
-qnKAy7QeZ3ZfAD+gqHX4F5MqIhsarODlWsavf/dcprC0F277zc44aYBB/3ucy4PF
-qXaRHQp8PEyjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB
-ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF
-BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f
-BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j
-cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCAzgwHQYD
-VR0OBBYEFF/a1JHvzLzbpFbBljX7hNxRpj/2MB0GA1UdJQQWMBQGCCsGAQUFBwMC
-BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0gAMEUCIQDCOFi1eZcgiN6t+h6lxLwS
-grAh3Jall+ZyA2ePw6xcjwIgNyDvo761dpwJhcyWfyVCAnaTf0Vf4DLWI1K+S7po
-Ur8=
------END CERTIFICATE-----
-EOF
-
-
-cat << EOF > $cacert
------BEGIN CERTIFICATE-----
-MIICNTCCAdmgAwIBAgIFEAAAAAgwDAYIKoEcz1UBg3UFADBYMQswCQYDVQQGEwJD
-TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MRcwFQYDVQQDDA5DRkNBIENTIFNNMiBDQTAeFw0xMzAxMjQwODQ2NDBaFw0z
-MzAxMTkwODQ2NDBaMCUxCzAJBgNVBAYTAkNOMRYwFAYDVQQKDA1DRkNBIFNNMiBP
-Q0ExMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEfJqQoo0+JoyCRy0msS2Ym076
-8nV1pSLuK9utS1ij38obWDymq0oMRRwUzDMEQI19Cajo3JUoGFxOvsA+YWu3XKOB
-wDCBvTAfBgNVHSMEGDAWgBTkjt3Uo+e2D+4dJ5bNddwlJXJp3TAMBgNVHRMEBTAD
-AQH/MGAGA1UdHwRZMFcwVaBToFGkTzBNMQswCQYDVQQGEwJDTjETMBEGA1UECgwK
-Q0ZDQSBDUyBDQTEMMAoGA1UECwwDQ1JMMQwwCgYDVQQLDANTTTIxDTALBgNVBAMM
-BGNybDEwCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBRck1ggWiRzVhAbZFAQ7OmnygdB
-ETAMBggqgRzPVQGDdQUAA0gAMEUCIBVscoZJhUy4eToK4C//LjvhjKK2qpBFac/h
-Pr6yYTLzAiEAiyqrqsGUU5vGkDo5bEpmF1EbnY8xovsM9vCx98yBrVM=
------END CERTIFICATE-----
-EOF
-
-
-cat << EOF > $rootcacert
------BEGIN CERTIFICATE-----
-MIICAzCCAaegAwIBAgIEFy9CWTAMBggqgRzPVQGDdQUAMFgxCzAJBgNVBAYTAkNO
-MTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkxFzAVBgNVBAMMDkNGQ0EgQ1MgU00yIENBMB4XDTEyMDgzMTAyMDY1OVoXDTQy
-MDgyNDAyMDY1OVowWDELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0NoaW5hIEZpbmFu
-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEXMBUGA1UEAwwOQ0ZDQSBDUyBT
-TTIgQ0EwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAATuRh26wmtyKNMz+Pmneo3a
-Sme+BCjRon8SvAxZBgLSuIxNUewq4kNujeb1I4A0yg7xNcjuOgXglAoQv+Tc+P0V
-o10wWzAfBgNVHSMEGDAWgBTkjt3Uo+e2D+4dJ5bNddwlJXJp3TAMBgNVHRMEBTAD
-AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU5I7d1KPntg/uHSeWzXXcJSVyad0w
-DAYIKoEcz1UBg3UFAANIADBFAiBhP/rmIvles3RK1FfcmmEeS9RZdu+5lCzxF0nk
-cof2QAIhAPVRpqOuceEQHsR77FBe/DgVPqF6lOyoZs0TzTDHrN8c
------END CERTIFICATE-----
-EOF
-
-gmssl certverify -in $signcert -cacert $cacert
-gmssl certverify -in $enccert -cacert $cacert
-gmssl certverify -in $cacert -cacert $rootcacert
-
-chain=chain.pem
-cat $signcert > $chain
-cat $cacert >> $chain
-gmssl certverify -in $chain -cacert $rootcacert
-
-chain_with_root=chain_with_root.pem
-cp $chain $chain_with_root
-cat $rootcacert >> $chain_with_root
-gmssl certverify -in $chain_with_root -cacert $rootcacert
-
-double_certs=double_certs.pem
-cat $signcert > $double_certs
-cat $enccert >> $double_certs
-gmssl certverify -in $double_certs -cacert $cacert -double_certs
-
-double_chain=double_chain.pem
-cat $double_certs > $double_chain
-cat $cacert >> $double_chain
-gmssl certverify -in $double_chain -cacert $rootcacert -double_certs
-
-gmssl certparse -in $double_chain
-gmssl certverify -in $double_chain -cacert $rootcacert -double_certs -check_crl
-gmssl crlget -cert $signcert -out $crl
-gmssl crlparse -in $crl
-
-rm -fr $signcert
-rm -fr $enccert
-rm -fr $crl
-rm -fr $cacert
-rm -fr $rootcacert
-rm -fr $chain
-rm -fr $chain_with_root
-rm -fr $double_certs
-rm -fr $double_chain
-
-echo ok
-
diff --git a/demos/scripts/cmsdemo.sh b/demos/scripts/cmsdemo.sh
deleted file mode 100755
index e37c9340..00000000
--- a/demos/scripts/cmsdemo.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-
-gmssl sm2keygen -pass 1234 -out key.pem -pubout keypub.pem
-gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key_usage dataEncipherment -days 365 -key key.pem -pass 1234 -out cert.pem
-
-echo "<html>The plaintext message.</html>" > plain.txt
-
-gmssl cmsencrypt -in plain.txt -rcptcert cert.pem -out enveloped_data.pem
-gmssl cmsparse -in enveloped_data.pem
-gmssl cmsdecrypt -key key.pem -pass 1234 -cert cert.pem -in enveloped_data.pem
-
-gmssl cmssign -key key.pem -pass 1234 -cert cert.pem -in plain.txt -out signed_data.pem
-gmssl cmsparse -in signed_data.pem
-gmssl cmsverify -in signed_data.pem -out signed_data.txt
-cat signed_data.txt
-
diff --git a/demos/scripts/reqdemo.sh b/demos/scripts/reqdemo.sh
deleted file mode 100755
index e7bc89dd..00000000
--- a/demos/scripts/reqdemo.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash -x
-
-set -e
-
-# generate self-signed CA certificate
-gmssl sm2keygen -pass 1234 -out cakey.pem -pubout pubkey.pem
-gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN CA -days 365 -key cakey.pem -pass 1234 -out cacert.pem
-gmssl certparse -in cacert.pem
-
-# generate a req and sign by CA certificate
-gmssl sm2keygen -pass 1234 -out signkey.pem -pubout pubkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key signkey.pem -pass 1234 -out signreq.pem
-gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
-gmssl certparse -in signcert.pem
-
-# sign a encryption certificate with the same DN, different KeyUsage extension
-gmssl sm2keygen -pass 1234 -out enckey.pem -pubout pubkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key enckey.pem -pass 1234 -out encreq.pem
-gmssl reqsign -in encreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
-gmssl certparse -in enccert.pem
-
-# 中文
-gmssl sm2keygen -pass 1234 -out alicekey.pem -pubout alicepubkey.pem
-gmssl reqgen -O "北京大学" -CN "爱丽丝" -key alicekey.pem -pass 1234 -out alicereq.pem
-gmssl reqsign -in alicereq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out alicecert.pem
-gmssl certparse -in alicecert.pem
-
-
-rm -fr pubkey.pem
-rm -fr cacert.pem
-rm -fr signkey.pem
-rm -fr signreq.pem
-rm -fr signcert.pem
-rm -fr enckey.pem
-rm -fr encreq.pem
-rm -fr enccert.pem
-rm -fr alicekey.pem
-rm -fr alicepubkey.pem
-rm -fr alicereq.pem
-rm -fr alicecert.pem
-
-echo ok
diff --git a/demos/scripts/tlcp_client.sh b/demos/scripts/tlcp_client.sh
deleted file mode 100755
index 226c037d..00000000
--- a/demos/scripts/tlcp_client.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash -x
-
-
-# https://ebssec.boc.cn
-gmssl tlcp_client -host 123.124.191.183
-
-# https://zffw.jxzwfww.gov.cn
-gmssl tlcp_client -host 218.87.21.62
diff --git a/demos/scripts/tlcp_server.sh b/demos/scripts/tlcp_server.sh
deleted file mode 100755
index 6b636b21..00000000
--- a/demos/scripts/tlcp_server.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash -x
-
-
-gmssl sm2keygen -pass 1234 -out rootcakey.pem
-gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
-gmssl certparse -in rootcacert.pem
-
-gmssl sm2keygen -pass 1234 -out cakey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
-gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem -ca
-gmssl certparse -in cacert.pem
-
-gmssl sm2keygen -pass 1234 -out signkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
-gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
-gmssl certparse -in signcert.pem
-
-gmssl sm2keygen -pass 1234 -out enckey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
-gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
-gmssl certparse -in enccert.pem
-
-cat signcert.pem > double_certs.pem
-cat enccert.pem >> double_certs.pem
-cat cacert.pem >> double_certs.pem
-
-sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem  1>/dev/null  2>/dev/null &
-#sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234  1>/dev/null  2>/dev/null &
-sleep 3
-
-gmssl sm2keygen -pass 1234 -out clientkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
-gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
-gmssl certparse -in clientcert.pem
-
-# build and install BabaSSL 8.3.2
-# Download
-# ./config enable-ntls; make; sudo make install
-
-# current /demos/scripts
-#  /build/bin
-
-openssl version
-
-../../build/bin/demo_sm2_key_export clientkey.pem 1234 > clientpkey.pem
-
-#openssl s_client -enable_ntls -ntls -connect localhost:443 -no_ticket -CAfile rootcacert.pem -sign_cert clientcert.pem -sign_key clientpkey.pem -pass pass:1234
-
-
diff --git a/demos/scripts/tls12demo.sh b/demos/scripts/tls12demo.sh
deleted file mode 100755
index 21418b45..00000000
--- a/demos/scripts/tls12demo.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash -x
-
-
-gmssl sm2keygen -pass 1234 -out rootcakey.pem
-gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
-gmssl certparse -in rootcacert.pem
-
-gmssl sm2keygen -pass 1234 -out cakey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
-gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem -ca -path_len_constraint 0
-gmssl certparse -in cacert.pem
-
-gmssl sm2keygen -pass 1234 -out signkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
-gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
-gmssl certparse -in signcert.pem
-
-cat signcert.pem > certs.pem
-cat cacert.pem >> certs.pem
-
-# If port is already in use, `gmssl` will fail, use `ps aux | grep gmssl` and `sudo kill -9` to kill existing proc
-# TODO: check if `gmssl` is failed
-which sudo
-if [ $? -eq 0 ]; then
-	SUDO=sudo
-fi
-$SUDO gmssl tls12_server -port 4430 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem & #1>/dev/null  2>/dev/null &
-sleep 3
-
-gmssl sm2keygen -pass 1234 -out clientkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
-gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
-gmssl certparse -in clientcert.pem
-
-gmssl tls12_client -host 127.0.0.1 -port 4430 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
-
diff --git a/demos/scripts/tls13demo.sh b/demos/scripts/tls13demo.sh
deleted file mode 100755
index 0c555270..00000000
--- a/demos/scripts/tls13demo.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash -x
-
-
-gmssl sm2keygen -pass 1234 -out rootcakey.pem
-gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
-gmssl certparse -in rootcacert.pem
-
-gmssl sm2keygen -pass 1234 -out cakey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
-gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
-gmssl certparse -in cacert.pem
-
-gmssl sm2keygen -pass 1234 -out signkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
-gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
-gmssl certparse -in signcert.pem
-
-cat signcert.pem > certs.pem
-cat cacert.pem >> certs.pem
-
-# If port is already in use, `gmssl` will fail, use `ps aux | grep gmssl` and `sudo kill -9` to kill existing proc
-# TODO: check if `gmssl` is failed
-which sudo
-if [ $? -eq 0 ]; then
-	SUDO=sudo
-fi
-$SUDO gmssl tls13_server -port 4433 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem & # 1>/dev/null  2>/dev/null &
-sleep 3
-
-gmssl sm2keygen -pass 1234 -out clientkey.pem
-gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
-gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
-gmssl certparse -in clientcert.pem
-
-gmssl tls13_client -host 127.0.0.1 -port 4433 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
-
diff --git a/demos/src/asn1_oid_from_der_demo.c b/demos/src/asn1_oid_from_der_demo.c
deleted file mode 100644
index c93cea2d..00000000
--- a/demos/src/asn1_oid_from_der_demo.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/oid.h>
-#include <gmssl/asn1.h>
-
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	uint8_t der[] = { 0x06,0x06,0x2a,0x81,0x1c,0xcf,0x55,0x01 };
-	uint32_t oid[32];
-	size_t oid_num;
-	const uint8_t *cp;
-	size_t len;
-	size_t i;
-
-	cp = der;
-	len = sizeof(der);
-	if (asn1_object_identifier_from_der(oid, &oid_num, &cp, &len) != 1) {
-		fprintf(stderr, "asn1_object_identifier_from_der() error\n");
-		goto err;
-	}
-
-	printf("oid: ");
-	for (i = 0; i < oid_num; i++) {
-		printf("%u ", oid[i]);
-	}
-	printf("\n");
-
-	ret = 0;
-err:
-	return ret;
-}
diff --git a/demos/src/asn1_oid_to_der_demo.c b/demos/src/asn1_oid_to_der_demo.c
deleted file mode 100644
index 7700bfea..00000000
--- a/demos/src/asn1_oid_to_der_demo.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/oid.h>
-#include <gmssl/asn1.h>
-
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	uint32_t oid[] = {1,2,156,10197,1};
-	uint8_t buf[64];
-	uint8_t *p;
-	size_t len;
-	size_t i;
-
-	p = buf;
-	len = 0;
-	if (asn1_object_identifier_to_der(oid, sizeof(oid)/sizeof(oid[0]), &p, &len) != 1) {
-		fprintf(stderr, "asn1_object_identifier_to_der() error\n");
-		goto err;
-	}
-
-	printf("oid: ");
-	for (i = 0; i < sizeof(oid)/sizeof(oid[0]); i++) {
-		printf("%u ", oid[i]);
-	}
-	printf("\n");
-
-	printf("der: ");
-	for (i = 0; i < len; i++) {
-		printf("%02x ", buf[i]);
-	}
-	printf("\n");
-
-	ret = 0;
-err:
-	return ret;
-}
diff --git a/demos/src/base64_demo.c b/demos/src/base64_demo.c
deleted file mode 100644
index fbe68c17..00000000
--- a/demos/src/base64_demo.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/base64.h>
-#include <gmssl/error.h>
-#include <gmssl/rand.h>
-
-int main(void)
-{
-	BASE64_CTX ctx;
-
-	uint8_t buf[200];
-	char base64[400] = {0};
-	uint8_t *in = buf;
-	uint8_t *out = (uint8_t *)base64;
-	int len;
-	int i;
-	int inlen = 47;
-
-	rand_bytes(buf, sizeof(buf));
-
-	base64_encode_init(&ctx);
-
-	base64_encode_update(&ctx, in, inlen, out, &len);
-	out += len;
-	in += inlen;
-	printf("1 %s\n", base64);
-
-	base64_encode_update(&ctx, in, inlen, out, &len);
-	out += len;
-	in += inlen;
-	printf("2 %s\n", base64);
-
-	base64_encode_update(&ctx, in, 30, out, &len);
-	out += len;
-	in += 48;
-	printf("3 %s\n", base64);
-
-	base64_encode_update(&ctx, in, 30, out, &len);
-	out += len;
-	in += 48;
-	printf("4 %s\n", base64);
-
-	return 0;
-
-}
diff --git a/demos/src/http_get_demo.c b/demos/src/http_get_demo.c
deleted file mode 100644
index e51e7cf4..00000000
--- a/demos/src/http_get_demo.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/http.h>
-#include <gmssl/error.h>
-
-char *http_uri = "http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl";
-char *file_name = "Microsoft RSA TLS CA 02.crl";
-
-int main(int argc, char **argv)
-{
-	uint8_t *buf = NULL;
-	size_t buflen;
-	size_t len;
-	FILE *fp = NULL;
-
-	printf("http_get %s\n", http_uri);
-
-	if (http_get(http_uri, NULL, &buflen, 0) != 1) {
-		fprintf(stderr, "http_get() error\n");
-		goto err;
-	}
-
-	if (!(buf = malloc(len))) {
-		fprintf(stderr, "malloc() error\n");
-		goto err;
-	}
-
-	if (http_get(http_uri, buf, &len, buflen) != 1) {
-		fprintf(stderr, "http_get() error\n");
-		goto err;
-	}
-
-	if (!(fp = fopen(file_name, "wb"))) {
-		fprintf(stderr, "fopen() error\n");
-		goto err;
-	}
-
-	fwrite(buf, 1, len, fp);
-
-	printf("save to %s\n", file_name);
-
-err:
-	if (buf) free(buf);
-	if (fp) fclose(fp);
-	return 0;
-}
diff --git a/demos/src/list.c b/demos/src/list.c
deleted file mode 100644
index 430f35a6..00000000
--- a/demos/src/list.c
+++ /dev/null
@@ -1,77 +0,0 @@
-	asn1_oid_from_der_demo.c
-	asn1_oid_to_der_demo.c
-	base64_demo.c
-	http_get_demo.c
-	list.txt
-	password_to_key_demo.c
-	pem_from_der_demo.c
-	pem_to_der_demo.c
-	rand_demo.c
-	rdrand_demo.c
-	sdf_info_demo.c
-	sdf_rand_demo.c
-	sdf_sign_demo.c
-	sha1_digest_demo.c
-	sha256_digest_demo.c
-	sha512_256_digest_demo.c
-	sha512_digest_demo.c
-	sm2_ciphertext_to_der_demo.c
-	sm2_ecdh_demo.c
-	sm2_encrypt_demo.c
-	sm2_encrypt_fixlen_demo.c
-	sm2_id_demo.c
-	sm2_key_export_demo.c
-	sm2_keygen_demo.c
-	sm2_keyparse_demo.c
-	sm2_point_demo.c
-	sm2_point_from_bin_demo.c
-	sm2_point_from_hash_demo.c
-	sm2_point_from_octets_demo.c
-	sm2_point_to_bin_demo.c
-	sm2_point_to_octets_demo.c
-	sm2_private_key_demo.c
-	sm2_private_key_parse_demo.c
-	sm2_public_key_demo.c
-	sm2_sig_from_bin_demo.c
-	sm2_sig_from_der_demo.c
-	sm2_sig_to_der_demo.c
-	sm2_sign_ctx_demo.c
-	sm2_sign_ctx_fixlen_demo.c
-	sm2_sign_demo.c
-	sm2_sign_digest_demo.c
-	sm3_ctx_demo.c
-	sm3_ctx_stdin_demo.c
-	sm3_demo.c
-	sm3_hmac_ctx_demo.c
-	sm3_hmac_demo.c
-	sm4_cbc_ctx_decrypt_stdin_demo.c
-	sm4_cbc_ctx_encrypt_stdin_demo.c
-	sm4_cbc_demo.c
-	sm4_cbc_mac_demo.c
-	sm4_cbc_padding_demo.c
-	sm4_cbc_sm3_hmac_demo.c
-	sm4_consts_demo.c
-	sm4_ctr_demo.c
-	sm4_ctr_encrypt_update_demo.c
-	sm4_ctr_sm3_hmac_demo.c
-	sm4_demo.c
-	sm4_ecb_demo.c
-	sm4_gcm_ctx_demo.c
-	sm4_gcm_demo.c
-	sm4_key_demo.c
-	sm9_encrypt_demo.c
-	sm9_keygen_demo.c
-	sm9_sign_demo.c
-	tlcp_get_demo.c
-	tlcp_post_demo.c
-	version_demo.c
-	x509_cert_check_demo.c
-	x509_cert_parse_demo.c
-	x509_cert_print_demo.c
-	x509_cert_verify_demo.c
-	x509_crl_download_demo.c
-	x509_crl_find_revoked_cert_demo.c
-	x509_crl_print_demo.c
-	x509_crl_verify_demo.c
-	zuc_demo.c
-	zuc_encrypt_stdin_demo.c
diff --git a/demos/src/password_to_key_demo.c b/demos/src/password_to_key_demo.c
deleted file mode 100644
index 09de06cf..00000000
--- a/demos/src/password_to_key_demo.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/rand.h>
-#include <gmssl/pbkdf2.h>
-
-
-int main(int argc, char **argv)
-{
-	char *pass = "P@ssw0rd";
-	uint8_t salt[8];
-	size_t iter = 8000;
-	uint8_t key[16];
-	size_t i;
-
-	if (rand_bytes(salt, sizeof(salt)) != 1) {
-		fprintf(stderr, "rand_bytes() error\n");
-		return -1;
-	}
-
-	if (pbkdf2_hmac_sm3_genkey(pass, strlen(pass), salt, sizeof(salt), iter, sizeof(key), key) != 1) {
-		fprintf(stderr, "pbkdf2 error\n");
-		return -1;
-	}
-
-	printf("pbkdf2('%s') = ", pass);
-	for (i = 0; i < sizeof(key); i++) {
-		printf("%02x", key[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/pem_from_der_demo.c b/demos/src/pem_from_der_demo.c
deleted file mode 100644
index 07ee51be..00000000
--- a/demos/src/pem_from_der_demo.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/pem.h>
-
-
-uint8_t crl_der[] = {
-0x30,0x82,0x04,0x09,0x30,0x82,0x03,0xb0,0x02,0x01,0x01,0x30,0x0a,0x06,0x08,0x2a,
-0x81,0x1c,0xcf,0x55,0x01,0x83,0x75,0x30,0x2e,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,
-0x04,0x06,0x13,0x02,0x43,0x4e,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x0a,0x0c,
-0x05,0x4e,0x52,0x43,0x41,0x43,0x31,0x0f,0x30,0x0d,0x06,0x03,0x55,0x04,0x03,0x0c,
-0x06,0x52,0x4f,0x4f,0x54,0x43,0x41,0x17,0x0d,0x32,0x32,0x30,0x35,0x30,0x35,0x30,
-0x36,0x32,0x30,0x35,0x34,0x5a,0x17,0x0d,0x32,0x32,0x30,0x36,0x30,0x34,0x30,0x36,
-0x32,0x30,0x35,0x34,0x5a,0x30,0x82,0x03,0x1e,0x30,0x21,0x02,0x10,0x12,0xf2,0xd0,
-0x93,0x24,0xb0,0xa3,0xeb,0x71,0x32,0xaa,0x7f,0x24,0xa8,0x14,0x9a,0x17,0x0d,0x31,
-0x34,0x30,0x36,0x32,0x36,0x30,0x36,0x35,0x38,0x34,0x38,0x5a,0x30,0x2f,0x02,0x10,
-0x17,0x59,0x1f,0x6e,0x22,0x4b,0x3e,0xb6,0x0a,0x35,0xdc,0x48,0x27,0x8c,0x37,0x74,
-0x17,0x0d,0x32,0x32,0x30,0x33,0x31,0x30,0x30,0x37,0x32,0x36,0x34,0x36,0x5a,0x30,
-0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x05,0x30,0x2f,0x02,
-0x10,0x21,0x6b,0xbe,0xb7,0x4c,0x02,0xb6,0x80,0x24,0xa0,0xed,0x70,0xe8,0xa9,0x25,
-0x8c,0x17,0x0d,0x31,0x34,0x30,0x33,0x31,0x31,0x30,0x32,0x31,0x38,0x34,0x37,0x5a,
-0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x2f,
-0x02,0x10,0x2c,0xa3,0x5f,0xa2,0xf0,0x60,0x79,0x1b,0xb1,0xf3,0x7d,0xb6,0x5c,0x1c,
-0x77,0x1f,0x17,0x0d,0x31,0x38,0x30,0x35,0x32,0x38,0x30,0x36,0x35,0x30,0x34,0x38,
-0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,
-0x21,0x02,0x10,0x2e,0x7f,0x89,0x45,0x69,0xce,0x6d,0xf5,0x2d,0x7e,0xe2,0x84,0x67,
-0xd2,0xe4,0xdf,0x17,0x0d,0x31,0x35,0x30,0x37,0x31,0x30,0x30,0x36,0x31,0x36,0x34,
-0x33,0x5a,0x30,0x2f,0x02,0x10,0x31,0xbc,0x81,0x40,0x9c,0x89,0x35,0x13,0x14,0x22,
-0x94,0xb6,0xbb,0x97,0x2e,0xdf,0x17,0x0d,0x32,0x32,0x30,0x31,0x32,0x30,0x30,0x32,
-0x30,0x39,0x30,0x37,0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,
-0x0a,0x01,0x04,0x30,0x21,0x02,0x10,0x42,0xaa,0xc5,0x23,0x6b,0x62,0xf6,0x02,0x6f,
-0x47,0xef,0xd4,0x89,0x14,0x75,0x27,0x17,0x0d,0x31,0x32,0x31,0x30,0x31,0x33,0x30,
-0x37,0x32,0x34,0x30,0x31,0x5a,0x30,0x2f,0x02,0x10,0x4a,0xa5,0x3f,0x14,0x67,0x70,
-0xca,0x9f,0x98,0x9c,0x85,0x55,0x33,0x2c,0x79,0x92,0x17,0x0d,0x32,0x32,0x30,0x34,
-0x31,0x32,0x30,0x37,0x32,0x32,0x30,0x30,0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,
-0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x21,0x02,0x10,0x4c,0x0f,0x16,0xed,0xaa,
-0x13,0x37,0xb4,0x88,0xb2,0xf6,0x0e,0x43,0x4a,0x68,0x17,0x17,0x0d,0x31,0x33,0x30,
-0x36,0x30,0x34,0x30,0x32,0x34,0x35,0x31,0x39,0x5a,0x30,0x2f,0x02,0x10,0x52,0xe1,
-0xbb,0x7d,0x5f,0x1f,0x20,0x39,0x03,0xc1,0x5c,0xca,0x1a,0x4c,0x83,0x76,0x17,0x0d,
-0x31,0x38,0x30,0x36,0x30,0x35,0x30,0x32,0x32,0x37,0x35,0x39,0x5a,0x30,0x0c,0x30,
-0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x2f,0x02,0x10,0x5c,
-0x15,0x8a,0x4c,0xbf,0x15,0xd7,0xee,0x15,0x40,0xad,0xce,0x01,0x08,0x79,0x32,0x17,
-0x0d,0x31,0x38,0x31,0x31,0x30,0x39,0x30,0x32,0x30,0x38,0x32,0x32,0x5a,0x30,0x0c,
-0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x2f,0x02,0x10,
-0x66,0x5f,0x88,0xb8,0xdd,0x4b,0x55,0xfa,0x7d,0x04,0x51,0x1c,0xf0,0x1a,0xba,0x17,
-0x17,0x0d,0x32,0x32,0x30,0x34,0x32,0x31,0x30,0x38,0x30,0x31,0x34,0x34,0x5a,0x30,
-0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x2f,0x02,
-0x10,0x69,0x70,0x58,0x15,0xa8,0x93,0x5e,0x56,0x18,0x76,0xdd,0xe1,0x5d,0x71,0x98,
-0x29,0x17,0x0d,0x32,0x30,0x31,0x30,0x32,0x39,0x30,0x30,0x31,0x36,0x31,0x30,0x5a,
-0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x2f,
-0x02,0x10,0x6d,0x62,0x99,0x0b,0x63,0x49,0xe7,0x85,0xe6,0xb2,0x5b,0xf6,0x51,0x2e,
-0x89,0xcd,0x17,0x0d,0x32,0x32,0x30,0x32,0x32,0x38,0x30,0x37,0x31,0x36,0x34,0x35,
-0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,
-0x21,0x02,0x10,0x6e,0x5d,0x72,0xce,0x80,0xdc,0x72,0x56,0x45,0xb7,0x4c,0xea,0xa7,
-0xc8,0x85,0xc1,0x17,0x0d,0x31,0x32,0x31,0x30,0x31,0x33,0x30,0x38,0x34,0x38,0x32,
-0x33,0x5a,0x30,0x2f,0x02,0x10,0x76,0x59,0x40,0x26,0x0b,0xb4,0xd6,0xf5,0xdb,0x3f,
-0xe8,0xad,0x95,0x58,0x6b,0x1f,0x17,0x0d,0x32,0x31,0x31,0x32,0x30,0x38,0x31,0x30,
-0x32,0x34,0x35,0x35,0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,
-0x0a,0x01,0x05,0x30,0x2f,0x02,0x10,0x79,0x1c,0x2d,0x38,0x15,0x8d,0x88,0xab,0x00,
-0x4b,0x00,0x91,0xda,0x2e,0x90,0x7e,0x17,0x0d,0x32,0x32,0x30,0x34,0x32,0x30,0x30,
-0x38,0x32,0x36,0x34,0x35,0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,
-0x03,0x0a,0x01,0x04,0x30,0x21,0x02,0x10,0x7e,0x15,0xe7,0xdf,0x22,0x39,0x96,0xf2,
-0x2d,0xd4,0x66,0x05,0xa7,0x68,0xad,0xf7,0x17,0x0d,0x31,0x32,0x31,0x30,0x31,0x33,
-0x30,0x38,0x34,0x37,0x34,0x38,0x5a,0xa0,0x2f,0x30,0x2d,0x30,0x1f,0x06,0x03,0x55,
-0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x4c,0x32,0xb1,0x97,0xd9,0x33,0x1b,0xc4,
-0xa6,0x05,0xc1,0xc6,0xe5,0x8b,0x62,0x5b,0xf0,0x97,0x76,0x58,0x30,0x0a,0x06,0x03,
-0x55,0x1d,0x14,0x04,0x03,0x02,0x01,0x00,0x30,0x0a,0x06,0x08,0x2a,0x81,0x1c,0xcf,
-0x55,0x01,0x83,0x75,0x03,0x47,0x00,0x30,0x44,0x02,0x20,0x3c,0x84,0xcf,0x42,0x86,
-0x30,0xdb,0xc4,0xd4,0x27,0xb9,0x9c,0xdb,0xdf,0x3d,0xa8,0x39,0xa1,0x25,0xf1,0x89,
-0xf6,0xe7,0x75,0x23,0xf4,0x5f,0xaf,0x31,0x8d,0x36,0x66,0x02,0x20,0x3a,0x22,0x79,
-0xd2,0x7f,0x6d,0x6e,0x96,0x10,0x86,0xbc,0xe1,0x78,0x93,0x33,0xdd,0xef,0x6b,0xfc,
-0x08,0xe6,0x0f,0x16,0x4b,0xc9,0xab,0x4e,0x90,0xc0,0xf7,0xd4,0xc2,};
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	FILE *fp = NULL;
-
-	if (!(fp = fopen("crl.pem", "wb"))) {
-		fprintf(stderr, "open crl.pem error\n");
-		goto err;
-	}
-
-	if (pem_write(fp, "X509 CRL", crl_der, sizeof(crl_der)) != 1) {
-		fprintf(stderr, "pem_write() error\n");
-		goto err;
-	}
-
-	ret = 0;
-err:
-	fclose(fp);
-	return ret;
-}
diff --git a/demos/src/pem_to_der_demo.c b/demos/src/pem_to_der_demo.c
deleted file mode 100644
index f608f4fd..00000000
--- a/demos/src/pem_to_der_demo.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/pem.h>
-
-
-char *pem =
-"-----BEGIN X509 CRL-----\n"
-"MIIECTCCA7ACAQEwCgYIKoEcz1UBg3UwLjELMAkGA1UEBhMCQ04xDjAMBgNVBAoM\n"
-"BU5SQ0FDMQ8wDQYDVQQDDAZST09UQ0EXDTIyMDUwNTA2MjA1NFoXDTIyMDYwNDA2\n"
-"MjA1NFowggMeMCECEBLy0JMksKPrcTKqfySoFJoXDTE0MDYyNjA2NTg0OFowLwIQ\n"
-"F1kfbiJLPrYKNdxIJ4w3dBcNMjIwMzEwMDcyNjQ2WjAMMAoGA1UdFQQDCgEFMC8C\n"
-"ECFrvrdMAraAJKDtcOipJYwXDTE0MDMxMTAyMTg0N1owDDAKBgNVHRUEAwoBBDAv\n"
-"AhAso1+i8GB5G7HzfbZcHHcfFw0xODA1MjgwNjUwNDhaMAwwCgYDVR0VBAMKAQQw\n"
-"IQIQLn+JRWnObfUtfuKEZ9Lk3xcNMTUwNzEwMDYxNjQzWjAvAhAxvIFAnIk1ExQi\n"
-"lLa7ly7fFw0yMjAxMjAwMjA5MDdaMAwwCgYDVR0VBAMKAQQwIQIQQqrFI2ti9gJv\n"
-"R+/UiRR1JxcNMTIxMDEzMDcyNDAxWjAvAhBKpT8UZ3DKn5ichVUzLHmSFw0yMjA0\n"
-"MTIwNzIyMDBaMAwwCgYDVR0VBAMKAQQwIQIQTA8W7aoTN7SIsvYOQ0poFxcNMTMw\n"
-"NjA0MDI0NTE5WjAvAhBS4bt9Xx8gOQPBXMoaTIN2Fw0xODA2MDUwMjI3NTlaMAww\n"
-"CgYDVR0VBAMKAQQwLwIQXBWKTL8V1+4VQK3OAQh5MhcNMTgxMTA5MDIwODIyWjAM\n"
-"MAoGA1UdFQQDCgEEMC8CEGZfiLjdS1X6fQRRHPAauhcXDTIyMDQyMTA4MDE0NFow\n"
-"DDAKBgNVHRUEAwoBBDAvAhBpcFgVqJNeVhh23eFdcZgpFw0yMDEwMjkwMDE2MTBa\n"
-"MAwwCgYDVR0VBAMKAQQwLwIQbWKZC2NJ54Xmslv2US6JzRcNMjIwMjI4MDcxNjQ1\n"
-"WjAMMAoGA1UdFQQDCgEEMCECEG5dcs6A3HJWRbdM6qfIhcEXDTEyMTAxMzA4NDgy\n"
-"M1owLwIQdllAJgu01vXbP+itlVhrHxcNMjExMjA4MTAyNDU1WjAMMAoGA1UdFQQD\n"
-"CgEFMC8CEHkcLTgVjYirAEsAkdoukH4XDTIyMDQyMDA4MjY0NVowDDAKBgNVHRUE\n"
-"AwoBBDAhAhB+FeffIjmW8i3UZgWnaK33Fw0xMjEwMTMwODQ3NDhaoC8wLTAfBgNV\n"
-"HSMEGDAWgBRMMrGX2TMbxKYFwcbli2Jb8Jd2WDAKBgNVHRQEAwIBADAKBggqgRzP\n"
-"VQGDdQNHADBEAiA8hM9ChjDbxNQnuZzb3z2oOaEl8Yn253Uj9F+vMY02ZgIgOiJ5\n"
-"0n9tbpYQhrzheJMz3e9r/AjmDxZLyatOkMD31MI=\n"
-"-----END X509 CRL-----\n";
-
-static int prepare_pem_file(void)
-{
-	FILE *fp;
-
-	if (!(fp = fopen("crl.pem", "wb"))) {
-		fprintf(stderr, "fopen() error\n");
-		return -1;
-	}
-
-	if (fwrite(pem, 1, strlen(pem), fp) != strlen(pem)) {
-		fprintf(stderr, "fwrite() error\n");
-		return -1;
-	}
-
-	fclose(fp);
-	return 1;
-}
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	FILE *fp = NULL;
-	uint8_t buf[4096];
-	size_t len;
-	size_t i;
-
-	(void)prepare_pem_file();
-
-	if (!(fp = fopen("crl.pem", "rb"))) {
-		fprintf(stderr, "open crl.pem error\n");
-		goto err;
-	}
-
-	if (pem_read(fp, "X509 CRL", buf, &len, sizeof(buf)) != 1) {
-		fprintf(stderr, "pem_read() error\n");
-		goto err;
-	}
-
-	printf("uint8_t crl_der[] = {");
-	for (i = 0; i < len; i++) {
-		if (i % 16 == 0) printf("\n");
-		printf("0x%02x,", buf[i]);
-	}
-	printf("};\n");
-
-	ret = 0;
-err:
-	fclose(fp);
-	return ret;
-}
diff --git a/demos/src/rand_demo.c b/demos/src/rand_demo.c
deleted file mode 100644
index 07a03878..00000000
--- a/demos/src/rand_demo.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/rand.h>
-
-
-int main(int argc, char **argv)
-{
-	uint8_t buf[1024];
-	size_t i;
-
-	if (rand_bytes(buf, 32) != 1) {
-		fprintf(stderr, "rand_bytes() failure\n");
-		return 1;
-	}
-	printf("rand_bytes() output: ");
-	for (i = 0; i < 32; i++) {
-		printf("%02x", buf[i]);
-	}
-	printf("\n");
-
-	if (rand_bytes(buf, sizeof(buf)) != 1) {
-		fprintf(stderr, "rand_bytes() failure, maybe %zu is too long\n", sizeof(buf));
-		return 1;
-	}
-
-	return 0;
-}
diff --git a/demos/src/rdrand_demo.c b/demos/src/rdrand_demo.c
deleted file mode 100644
index 8d1b21d4..00000000
--- a/demos/src/rdrand_demo.c
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/rdrand.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	uint8_t buf[32];
-
-	if (rdrand_bytes(buf, sizeof(buf)) != 1) {
-		error_print();
-		return -1;
-	}
-
-	format_bytes(stdout, 0, 0, "rdrand output", buf, sizeof(buf));
-
-	return 0;
-}
diff --git a/demos/src/sdf_info_demo.c b/demos/src/sdf_info_demo.c
deleted file mode 100644
index 8c7b0d09..00000000
--- a/demos/src/sdf_info_demo.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sdf.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	int ret = -1;
-	char *so_path = "libsdf_dummy.so";
-	SDF_DEVICE dev;
-
-	if (sdf_load_library(so_path, NULL) != 1) {
-		error_print();
-		return -1;
-	}
-
-	if (sdf_open_device(&dev) != 1) {
-		error_print();
-		goto err;
-	}
-
-	sdf_print_device_info(stdout, 0, 0, "SDF Device Info", &dev);
-
-	ret = 0;
-err:
-	sdf_close_device(&dev);
-	sdf_unload_library();
-	return ret;
-}
diff --git a/demos/src/sdf_rand_demo.c b/demos/src/sdf_rand_demo.c
deleted file mode 100644
index aaa1d550..00000000
--- a/demos/src/sdf_rand_demo.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sdf.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	int ret = -1;
-	char *so_path = "libsdf_dummy.so";
-	SDF_DEVICE dev;
-	uint8_t buf[32];
-
-	if (sdf_load_library(so_path, NULL) != 1) {
-		error_print();
-		return -1;
-	}
-
-	if (sdf_open_device(&dev) != 1) {
-		error_print();
-		goto err;
-	}
-
-	if (sdf_rand_bytes(&dev, buf, sizeof(buf)) != 1) {
-		error_print();
-		goto err;
-	}
-
-	format_bytes(stdout, 0, 0, "sdf_rand_bytes", buf, sizeof(buf));
-
-	ret = 0;
-err:
-	sdf_close_device(&dev);
-	sdf_unload_library();
-	return ret;
-}
diff --git a/demos/src/sdf_sign_demo.c b/demos/src/sdf_sign_demo.c
deleted file mode 100644
index 28fec255..00000000
--- a/demos/src/sdf_sign_demo.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sdf.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	int ret = -1;
-	char *so_path = "libsdf_dummy.so";
-	SDF_DEVICE dev;
-
-	SDF_KEY sign_key;
-	int key_index = 0;
-	char *key_pass = "P@ssw0rd";
-
-	uint8_t dgst[32];
-	uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
-	size_t siglen;
-
-	if (sdf_load_library(so_path, NULL) != 1) {
-		error_print();
-		return -1;
-	}
-
-	if (sdf_open_device(&dev) != 1) {
-		error_print();
-		goto err;
-	}
-
-	if (sdf_load_sign_key(&dev, &sign_key, key_index, key_pass) != 1) {
-		error_print();
-		goto err;
-	}
-
-	if (sdf_sign(&sign_key, dgst, sig, &siglen) != 1) {
-		error_print();
-		goto err;
-	}
-
-#if 0
-	// TODO: verify_key ...
-	if (sm2_verify(&verify_key, dgst, sig, siglen) != 1) {
-		error_print();
-		goto err;
-	}
-#endif
-
-	ret = 0;
-
-err:
-	sdf_release_key(&sign_key);
-	sdf_close_device(&dev);
-	sdf_unload_library();
-	return ret;
-}
diff --git a/demos/src/sha1_digest_demo.c b/demos/src/sha1_digest_demo.c
deleted file mode 100644
index 5203c1ec..00000000
--- a/demos/src/sha1_digest_demo.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sha1.h>
-
-
-int main(int argc, char **argv)
-{
-	uint8_t dgst[SHA1_DIGEST_SIZE];
-	size_t i;
-
-	sha1_digest((uint8_t *)"abc", 3, dgst);
-
-	printf("sha1('abc') = ");
-	for (i = 0; i < sizeof(dgst); i++) {
-		printf("%02x", dgst[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sha256_digest_demo.c b/demos/src/sha256_digest_demo.c
deleted file mode 100644
index 346f8f3d..00000000
--- a/demos/src/sha256_digest_demo.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sha2.h>
-
-
-int main(int argc, char **argv)
-{
-	uint8_t dgst[SHA256_DIGEST_SIZE];
-	size_t i;
-
-	sha256_digest((uint8_t *)"abc", 3, dgst);
-
-	printf("sha256('abc') = ");
-	for (i = 0; i < sizeof(dgst); i++) {
-		printf("%02x", dgst[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sha512_256_digest_demo.c b/demos/src/sha512_256_digest_demo.c
deleted file mode 100644
index bf8e9576..00000000
--- a/demos/src/sha512_256_digest_demo.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sha2.h>
-
-
-int main(int argc, char **argv)
-{
-	uint8_t dgst[SHA512_DIGEST_SIZE];
-	size_t i;
-
-	sha512_digest((uint8_t *)"abc", 3, dgst);
-
-	printf("sha512_256('abc') = ");
-	for (i = 0; i < 256/8; i++) {
-		printf("%02x", dgst[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sha512_digest_demo.c b/demos/src/sha512_digest_demo.c
deleted file mode 100644
index e42835f8..00000000
--- a/demos/src/sha512_digest_demo.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sha2.h>
-
-
-int main(int argc, char **argv)
-{
-	uint8_t dgst[SHA512_DIGEST_SIZE];
-	size_t i;
-
-	sha512_digest((uint8_t *)"abc", 3, dgst);
-
-	printf("sha512('abc') = ");
-	for (i = 0; i < sizeof(dgst); i++) {
-		printf("%02x", dgst[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sm2_ciphertext_to_der_demo.c b/demos/src/sm2_ciphertext_to_der_demo.c
deleted file mode 100644
index cae808a6..00000000
--- a/demos/src/sm2_ciphertext_to_der_demo.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/error.h>
-
-void gen_ciphertext(void)
-{
-	SM2_KEY sm2_key;
-	SM2_CIPHERTEXT ciphertext;
-
-	sm2_key_generate(&sm2_key);
-	sm2_do_encrypt(&sm2_key, (uint8_t *)"P@ssw0rd", 8, &ciphertext);
-
-	// 这里我们需要把密文的各个部分输出乘C的数组
-}
-
-
-// 这个例子要把一个来自于其他软件的密文转换为GmSSL的密文
-int main(void)
-{
-	SM2_CIPHERTEXT C;
-	uint8_t ciphertext_der[SM2_MAX_CIPHERTEXT_SIZE];
-
-	if (sm2_ciphertext_to_der(&C, &p, &len) != 1) {
-		fprintf(stderr, "sm2_ciphertext_to_der() error\n");
-		goto err;
-	}
-
-	format_bytes(stdout, 0, 0, "Ciphertext", der, derlen);
-
-	return 0;
-}
diff --git a/demos/src/sm2_ecdh_demo.c b/demos/src/sm2_ecdh_demo.c
deleted file mode 100644
index 682162af..00000000
--- a/demos/src/sm2_ecdh_demo.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-
-
-int main(void)
-{
-//	Alice						Bob
-
-	SM2_KEY alice_ecdhe;				SM2_KEY bob_ecdhe;
-	uint8_t alice_public[65];			uint8_t bob_public[65];
-	SM2_POINT alice_share_point;			SM2_POINT bob_share_point;
-	SM3_KDF_CTX alice_ctx;				SM3_KDF_CTX bob_ctx;
-	uint8_t alice_share_key[32];			uint8_t bob_share_key[32];
-
-
-	sm2_key_generate(&alice_ecdhe);			sm2_key_generate(&bob_ecdhe);
-
-
-	sm2_point_to_uncompressed_octets(
-		&alice_ecdhe.public_key,
-		alice_public);
-//	                              alice_public
-//	                         ====================>
-							sm2_point_to_uncompressed_octets(
-								&bob_ecdhe.public_key,
-								bob_public);
-
-							if (sm2_ecdh(&bob_ecdhe,
-								alice_public, sizeof(alice_public),
-								&bob_share_point) != 1) {
-								fprintf(stderr, "bob error\n");
-								goto err;
-							}
-							sm3_kdf_init(&bob_ctx, 32);
-							sm3_kdf_update(&bob_ctx,
-								(uint8_t *)&bob_share_point, sizeof(SM2_POINT));
-							sm3_kdf_finish(&bob_ctx, bob_share_key);
-//	                               bob_public
-//	                         <====================
-
-	if (sm2_ecdh(&alice_ecdhe,
-		bob_public, sizeof(bob_public),
-		&alice_share_point) != 1) {
-		fprintf(stderr, "Alice failed\n");
-		goto err;
-	}
-
-	sm3_kdf_init(&alice_ctx, 32);
-	sm3_kdf_update(&alice_ctx, (uint8_t *)&alice_share_point, sizeof(SM2_POINT));
-	sm3_kdf_finish(&alice_ctx, alice_share_key);
-
-err:
-	// FIXME: clean all
-	return 0;
-}
diff --git a/demos/src/sm2_encrypt_demo.c b/demos/src/sm2_encrypt_demo.c
deleted file mode 100644
index 11975cb1..00000000
--- a/demos/src/sm2_encrypt_demo.c
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-	SM2_KEY pub_key;
-	unsigned char plaintext[SM2_MAX_PLAINTEXT_SIZE];
-	unsigned char ciphertext[SM2_MAX_CIPHERTEXT_SIZE];
-	size_t len;
-
-	sm2_key_generate(&sm2_key);
-	memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
-
-	sm2_encrypt(&pub_key, (uint8_t *)"hello world", strlen("hello world"), ciphertext, &len);
-	format_bytes(stdout, 0, 0, "ciphertext", ciphertext, len);
-
-	if (sm2_decrypt(&sm2_key, ciphertext, len, plaintext, &len) != 1) {
-		fprintf(stderr, "error\n");
-		return 1;
-	}
-	plaintext[len] = 0;
-	printf("plaintext: %s\n", plaintext);
-
-	return 0;
-}
diff --git a/demos/src/sm2_encrypt_fixlen_demo.c b/demos/src/sm2_encrypt_fixlen_demo.c
deleted file mode 100644
index 15cce50e..00000000
--- a/demos/src/sm2_encrypt_fixlen_demo.c
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-	SM2_KEY pub_key;
-	unsigned char plaintext[SM2_MAX_PLAINTEXT_SIZE];
-	unsigned char ciphertext[SM2_MAX_CIPHERTEXT_SIZE];
-	size_t len;
-
-	sm2_key_generate(&sm2_key);
-	memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
-
-
-
-
-
-
-
-	return 0;
-}
diff --git a/demos/src/sm2_id_demo.c b/demos/src/sm2_id_demo.c
deleted file mode 100644
index 29a62ce6..00000000
--- a/demos/src/sm2_id_demo.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/mem.h>
-#include <gmssl/sm2.h>
-#include <gmssl/error.h>
-
-int main(int argc, char **argv)
-{
-	char *prog = argv[0];
-	char *keyfile;
-	char *pass;
-	FILE *keyfp = NULL;
-	SM2_KEY sm2_key;
-	uint8_t z[32];
-
-	if (argc < 2) {
-		fprintf(stderr, "usage: %s <key.pem> <pass>\n", prog);
-		return -1;
-	}
-	keyfile = argv[1];
-
-	if (!(keyfp = fopen(keyfile, "rb"))) {
-		fprintf(stderr, "%s: open file '%s' failure\n", prog, keyfile);
-		return -1;
-	}
-	if (sm2_public_key_info_from_pem(&sm2_key, keyfp) != 1) {
-		fprintf(stderr, "%s: load key failure\n", prog);
-		fclose(keyfp);
-		return -1;
-	}
-
-	sm2_compute_z(z, &sm2_key.public_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID));
-	format_bytes(stdout, 0, 0, "z", z, sizeof(z));
-
-	fclose(keyfp);
-	return 0;
-}
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/demos/src/sm2_key_export_demo.c b/demos/src/sm2_key_export_demo.c
deleted file mode 100644
index 30fdcb4e..00000000
--- a/demos/src/sm2_key_export_demo.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/mem.h>
-#include <gmssl/sm2.h>
-
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	char *prog = argv[0];
-	char *keyfile;
-	char *pass;
-	FILE *keyfp = NULL;
-	SM2_KEY sm2_key;
-
-	if (argc < 3) {
-		fprintf(stderr, "usage: %s <key.pem> <pass>\n", prog);
-		return -1;
-	}
-	keyfile = argv[1];
-	pass = argv[2];
-
-	if (!(keyfp = fopen(keyfile, "rb"))) {
-		fprintf(stderr, "%s: open file '%s' failure\n", prog, keyfile);
-		return -1;
-	}
-	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
-		fprintf(stderr, "%s: load key failure\n", prog);
-		goto end;
-	}
-	if (sm2_private_key_info_to_pem(&sm2_key, stdout) != 1) {
-		fprintf(stderr, "%s: export failure\n", prog);
-		goto end;
-	}
-	ret = 0;
-
-end:
-	gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
-	if (keyfp) fclose(keyfp);
-	return ret;
-}
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/demos/src/sm2_keygen_demo.c b/demos/src/sm2_keygen_demo.c
deleted file mode 100644
index c4a557ec..00000000
--- a/demos/src/sm2_keygen_demo.c
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-
-	if (sm2_key_generate(&sm2_key) != 1) {
-		fprintf(stderr, "error\n");
-		return 1;
-	}
-
-	sm2_key_print(stdout, 0, 0, "SM2PrivateKey", &sm2_key);
-	sm2_public_key_print(stdout, 0, 0, "SM2PublicKey", &sm2_key);
-
-	return 0;
-}
diff --git a/demos/src/sm2_keyparse_demo.c b/demos/src/sm2_keyparse_demo.c
deleted file mode 100644
index 696d5714..00000000
--- a/demos/src/sm2_keyparse_demo.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/mem.h>
-#include <gmssl/sm2.h>
-
-
-int main(int argc, char **argv)
-{
-	char *prog = argv[0];
-	char *keyfile;
-	char *pass;
-	FILE *keyfp = NULL;
-	SM2_KEY sm2_key;
-
-	if (argc < 3) {
-		fprintf(stderr, "usage: %s <key.pem> <pass>\n", prog);
-		return -1;
-	}
-	keyfile = argv[1];
-	pass = argv[2];
-
-	if (!(keyfp = fopen(keyfile, "rb"))) {
-		fprintf(stderr, "%s: open file '%s' failure\n", prog, keyfile);
-		return -1;
-	}
-	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
-		fprintf(stderr, "%s: load key failure\n", prog);
-		fclose(keyfp);
-		return -1;
-	}
-
-	sm2_key_print(stdout, 0, 0, "SM2_KEY", &sm2_key);
-
-	gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
-	fclose(keyfp);
-	return 0;
-}
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/demos/src/sm2_point_demo.c b/demos/src/sm2_point_demo.c
deleted file mode 100644
index ab230fb4..00000000
--- a/demos/src/sm2_point_demo.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-
-
-int main(void)
-{
-	SM2_POINT A;
-	SM2_POINT B;
-	SM2_POINT C;
-	uint8_t a[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3};
-	uint8_t b[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5};
-	uint8_t c[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4};
-	uint8_t zero[32] = {0};
-
-	sm2_point_mul_generator(&A, a);
-	sm2_point_mul_generator(&B, b);
-	sm2_point_mul_generator(&C, c);
-
-	printf("G is the generator point on SM2 curve\n");
-	sm2_point_print(stdout, 0, 0, "3G", &A);
-	sm2_point_print(stdout, 0, 0, "5G", &B);
-	sm2_point_print(stdout, 0, 0, "4G", &C);
-
-	sm2_point_add(&A, &A, &B);
-	sm2_point_dbl(&C, &C);
-
-	sm2_point_print(stdout, 0, 0, "3G + 5G", &A);
-	sm2_point_print(stdout, 0, 0, "2 * 4G", &C);
-
-	sm2_point_mul_generator(&C, c);
-	sm2_point_add(&C, &C, &C);
-
-	sm2_point_print(stdout, 0, 0, "4G + 4G", &C);
-
-	sm2_point_mul_generator(&C, zero);
-	sm2_point_print(stdout, 0, 0, "0 * G", &C);
-
-	if (sm2_point_is_on_curve(&C) == 1) {
-		printf("0 * G is on SM2 curve\n");
-	}
-
-	return 0;
-}
diff --git a/demos/src/sm2_point_from_bin_demo.c b/demos/src/sm2_point_from_bin_demo.c
deleted file mode 100644
index 134f5f8b..00000000
--- a/demos/src/sm2_point_from_bin_demo.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/rand.h>
-
-/*
-void gen_point(void)
-{
-	SM2_KEY sm2_key;
-	size_t i;
-	uint8_t *p = &sm2_key;
-
-	sm2_key_generate(&sm2_key);
-	for (i = 0; i < 64; i++) {
-		printf("0x%02x,", p[i]);
-	}
-	printf("\n");
-}
-*/
-
-int main(void)
-{
-	SM2_POINT P;
-	uint8_t bin[64] = {
-		0x0e,0x90,0x75,0x97,0x92,0x4f,0x48,0x6d,
-		0x9f,0xa9,0x58,0x63,0xeb,0xb2,0x7b,0xa5,
-		0xd2,0xc7,0x77,0x64,0x2c,0x94,0x8f,0x32,
-		0xda,0x3a,0xd6,0xef,0xef,0xe4,0xda,0xaf,
-		0x41,0x70,0x92,0x65,0x4f,0xf8,0x81,0x57,
-		0x70,0x83,0x00,0xab,0x71,0xae,0xb0,0xaf,
-		0x7b,0x55,0xe1,0x45,0xc7,0x9d,0xfb,0xcc,
-		0xf4,0x10,0xff,0xe3,0x32,0xc4,0xcb,0x07,
-	};
-
-	if (sm2_point_from_xy(&P, bin, bin + 32) != 1) {
-		fprintf(stderr, "sm2_point_from_xy() error\n");
-		goto err;
-	}
-	sm2_point_print(stdout, 0, 0, "SM2_POINT", &P);
-
-	rand_bytes(bin, 64);
-
-	if (sm2_point_from_xy(&P, bin, bin + 32) != 1) {
-		fprintf(stderr, "sm2_point_from_xy() error on random data\n");
-		goto err;
-	}
-
-err:
-	return 0;
-}
diff --git a/demos/src/sm2_point_from_hash_demo.c b/demos/src/sm2_point_from_hash_demo.c
deleted file mode 100644
index fba9364d..00000000
--- a/demos/src/sm2_point_from_hash_demo.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/rand.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM2_POINT P;
-
-	if (sm2_point_from_hash(&P, (uint8_t *)"Alice", strlen("Alice")) != 1) {
-		fprintf(stderr, "sm2_point_from_hash() error\n");
-		goto err;
-	}
-
-	sm2_point_print(stdout, 0, 0, "SM2_POINT = Hash(\"Alice\")", &P);
-
-err:
-	return 0;
-}
diff --git a/demos/src/sm2_point_from_octets_demo.c b/demos/src/sm2_point_from_octets_demo.c
deleted file mode 100644
index af0481e4..00000000
--- a/demos/src/sm2_point_from_octets_demo.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/rand.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM2_POINT P;
-	uint8_t uncompressed[65] = {
-		0x04,
-		0x0e,0x90,0x75,0x97,0x92,0x4f,0x48,0x6d,
-		0x9f,0xa9,0x58,0x63,0xeb,0xb2,0x7b,0xa5,
-		0xd2,0xc7,0x77,0x64,0x2c,0x94,0x8f,0x32,
-		0xda,0x3a,0xd6,0xef,0xef,0xe4,0xda,0xaf,
-		0x41,0x70,0x92,0x65,0x4f,0xf8,0x81,0x57,
-		0x70,0x83,0x00,0xab,0x71,0xae,0xb0,0xaf,
-		0x7b,0x55,0xe1,0x45,0xc7,0x9d,0xfb,0xcc,
-		0xf4,0x10,0xff,0xe3,0x32,0xc4,0xcb,0x07,
-	};
-
-	if (sm2_point_from_octets(&P, uncompressed, 65) != 1) {
-		fprintf(stderr, "sm2_point_from_octets() error\n");
-		goto err;
-	}
-	printf("sm2_point_from_octets() success\n");
-
-	rand_bytes(uncompressed + 1, 64);
-	if (sm2_point_from_octets(&P, uncompressed, 65) != 1) {
-		fprintf(stderr, "sm2_point_from_octets() error\n");
-		goto err;
-	}
-
-err:
-	return 0;
-}
diff --git a/demos/src/sm2_point_to_bin_demo.c b/demos/src/sm2_point_to_bin_demo.c
deleted file mode 100644
index 3170a589..00000000
--- a/demos/src/sm2_point_to_bin_demo.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM2_POINT P = {
-		{0x0e,0x90,0x75,0x97,0x92,0x4f,0x48,0x6d,
-		 0x9f,0xa9,0x58,0x63,0xeb,0xb2,0x7b,0xa5,
-		 0xd2,0xc7,0x77,0x64,0x2c,0x94,0x8f,0x32,
-		 0xda,0x3a,0xd6,0xef,0xef,0xe4,0xda,0xaf,},
-		{0x41,0x70,0x92,0x65,0x4f,0xf8,0x81,0x57,
-		 0x70,0x83,0x00,0xab,0x71,0xae,0xb0,0xaf,
-		 0x7b,0x55,0xe1,0x45,0xc7,0x9d,0xfb,0xcc,
-		 0xf4,0x10,0xff,0xe3,0x32,0xc4,0xcb,0x07,},
-	};
-	uint8_t bin[64];
-
-	memcpy(bin, &P, 64);
-
-	format_bytes(stdout, 0, 0, "SM2_POITN RAW (64-byte)", bin, 64);
-
-	return 0;
-}
diff --git a/demos/src/sm2_point_to_octets_demo.c b/demos/src/sm2_point_to_octets_demo.c
deleted file mode 100644
index 03b8b8c4..00000000
--- a/demos/src/sm2_point_to_octets_demo.c
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-	SM2_POINT P;
-	uint8_t compressed[33] = {0};
-	uint8_t uncompressed[65] = {0};
-
-	sm2_key_generate(&sm2_key);
-	P = sm2_key.public_key;
-
-	sm2_point_to_uncompressed_octets(&P, uncompressed);
-	format_bytes(stdout, 0, 0, "SM2 Point (uncompressed) ", uncompressed, 65);
-
-	sm2_point_to_compressed_octets(&P, compressed);
-	format_bytes(stdout, 0, 0, "SM2 Point (compressed)   ", compressed, 33);
-
-	return 0;
-}
diff --git a/demos/src/sm2_private_key_demo.c b/demos/src/sm2_private_key_demo.c
deleted file mode 100644
index f562fc52..00000000
--- a/demos/src/sm2_private_key_demo.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-	char *password = "123456";
-
-	if (sm2_key_generate(&sm2_key) != 1) {
-		fprintf(stderr, "error\n");
-		return 1;
-	}
-
-	if (sm2_private_key_info_encrypt_to_pem(&sm2_key, password, stdout) != 1) {
-		fprintf(stderr, "error\n");
-		return 1;
-	}
-
-	return 0;
-}
diff --git a/demos/src/sm2_private_key_parse_demo.c b/demos/src/sm2_private_key_parse_demo.c
deleted file mode 100644
index 0479c2c5..00000000
--- a/demos/src/sm2_private_key_parse_demo.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/mem.h>
-#include <gmssl/sm2.h>
-
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-	char *password = "123456";
-	unsigned char buf[512];
-	unsigned char *p;
-	size_t len;
-
-	printf("Read SM2 private key file (PEM) from stdin ...\n");
-	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, password, stdin) != 1) {
-		fprintf(stderr, "error\n");
-		return 1;
-	}
-
-	p = buf;
-	len = 0;
-	if (sm2_private_key_to_der(&sm2_key, &p, &len) != 1) {
-		fprintf(stderr, "error\n");
-		return 1;
-	}
-	fwrite(buf, 1, len, stdout);
-
-	gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
-	return 0;
-}
diff --git a/demos/src/sm2_public_key_demo.c b/demos/src/sm2_public_key_demo.c
deleted file mode 100644
index 65a2981a..00000000
--- a/demos/src/sm2_public_key_demo.c
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/mem.h>
-#include <gmssl/sm2.h>
-
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-	char *password = "123456";
-
-	printf("Read SM2 private key file (PEM) from stdin ...\n");
-	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, password, stdin) != 1) {
-		fprintf(stderr, "error\n");
-		return 1;
-	}
-
-	// openssl ec -pubin -in sm2pub.pem -text
-	sm2_public_key_info_to_pem(&sm2_key, stdout);
-
-	gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
-	return 0;
-}
diff --git a/demos/src/sm2_sig_from_bin_demo.c b/demos/src/sm2_sig_from_bin_demo.c
deleted file mode 100644
index 2c66d3be..00000000
--- a/demos/src/sm2_sig_from_bin_demo.c
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-
-
-int main(void)
-{
-	SM2_SIGNATURE sig;
-
-	// the signatue binary data might be invalid, and will not pass verification
-	uint8_t r[32] = { 1, 2, 3, };
-	uint8_t s[32] = { 4, 5, 6, };
-
-	memcpy(sig.r, r, 32);
-	memcpy(sig.s, s, 32);
-
-	return 0;
-}
diff --git a/demos/src/sm2_sig_from_der_demo.c b/demos/src/sm2_sig_from_der_demo.c
deleted file mode 100644
index 939b5a18..00000000
--- a/demos/src/sm2_sig_from_der_demo.c
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/hex.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM2_SIGNATURE sig;
-	uint8_t der[SM2_MAX_SIGNATURE_SIZE];
-	size_t derlen;
-
-	if (sm2_signature_from_der(&sig, &cp, &derlen) != 1) {
-		fprintf(stderr, "sm2_signature_from_der() error\n");
-		goto err;
-	}
-
-	if (dlen > 0) {
-		fprintf(stderr, "signature followed by other data\n");
-		goto err;
-	}
-
-err:
-	return 0;
-}
diff --git a/demos/src/sm2_sig_to_der_demo.c b/demos/src/sm2_sig_to_der_demo.c
deleted file mode 100644
index 88b3b661..00000000
--- a/demos/src/sm2_sig_to_der_demo.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-	uint8_t dgst[32] = {0};
-
-	SM2_SIGNATURE sig;
-	uint8_t der[SM2_MAX_SIGNATURE_SIZE];
-	uint8_t *p = der;
-	size_t derlen = 0;
-
-	sm2_key_generate(&sm2_key);
-	sm2_do_sign(&sm2_key, dgst, &sig);
-
-	if (sm2_signature_to_der(&sig, &p, &derlen) != 1) {
-		fprintf(stderr, "sm2_signature_to_der() error\n");
-		return -1;
-	}
-
-	format_bytes(stdout, 0, 0, "signature", der, derlen);
-	printf("signature length = %zu bytes\n", derlen);
-
-	return 0;
-}
diff --git a/demos/src/sm2_sign_ctx_demo.c b/demos/src/sm2_sign_ctx_demo.c
deleted file mode 100644
index bda32a7c..00000000
--- a/demos/src/sm2_sign_ctx_demo.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-	SM2_KEY pub_key;
-	SM2_SIGN_CTX sign_ctx;
-	unsigned char dgst[32];
-	unsigned char sig[SM2_MAX_SIGNATURE_SIZE];
-	size_t siglen;
-	int ret;
-
-	sm2_key_generate(&sm2_key);
-
-	memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
-
-	// sign without signer ID (and Z value)
-	sm2_sign_init(&sign_ctx, &sm2_key, NULL, 0);
-	sm2_sign_update(&sign_ctx, (unsigned char *)"hello ", strlen("hello "));
-	sm2_sign_update(&sign_ctx, (unsigned char *)"world", strlen("world"));
-	sm2_sign_finish(&sign_ctx, sig, &siglen);
-	format_bytes(stdout, 0, 0, "signature", sig, siglen);
-
-	// digest and verify
-	sm3_digest((unsigned char *)"hello world", strlen("hello world"), dgst);
-	ret = sm2_verify(&pub_key, dgst, sig, siglen);
-	printf("verify result: %s\n", ret == 1 ? "success" : "failure");
-
-	// use verify update API
-	sm2_verify_init(&sign_ctx, &pub_key, NULL, 0);
-	sm2_verify_update(&sign_ctx, (unsigned char *)"hello world", strlen("hello world"));
-	ret = sm2_verify_finish(&sign_ctx, sig, siglen);
-	printf("verify result: %s\n", ret == 1 ? "success" : "failure");
-
-	// sign use default signer ID
-	sm2_sign_init(&sign_ctx, &sm2_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
-	sm2_sign_update(&sign_ctx, (unsigned char *)"hello ", strlen("hello "));
-	sm2_sign_update(&sign_ctx, (unsigned char *)"world", strlen("world"));
-	sm2_sign_finish(&sign_ctx, sig, &siglen);
-	format_bytes(stdout, 0, 0, "signature", sig, siglen);
-
-	sm2_verify_init(&sign_ctx, &pub_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
-	sm2_verify_update(&sign_ctx, (unsigned char *)"hello world", strlen("hello world"));
-	ret = sm2_verify_finish(&sign_ctx, sig, siglen);
-	printf("verify result: %s\n", ret == 1 ? "success" : "failure");
-
-	return 0;
-}
diff --git a/demos/src/sm2_sign_ctx_fixlen_demo.c b/demos/src/sm2_sign_ctx_fixlen_demo.c
deleted file mode 100644
index 263bf835..00000000
--- a/demos/src/sm2_sign_ctx_fixlen_demo.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-	SM2_SIGN_CTX sign_ctx;
-	unsigned char sig[SM2_MAX_SIGNATURE_SIZE];
-	size_t siglen;
-
-
-	sm2_key_generate(&sm2_key);
-
-
-	siglen = SM2_signature_compact_size;
-	memset(sig, 0, sizeof(sig));
-	if (sm2_sign_init(&sign_ctx, &sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1
-		|| sm2_sign_update(&sign_ctx, (uint8_t *)"hello ", strlen("hello ")) != 1
-		|| sm2_sign_update(&sign_ctx, (uint8_t *)"world", strlen("world")) != 1
-		|| sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) {
-		fprintf(stderr, "error\n");
-		goto err;
-	}
-	format_bytes(stdout, 0, 0, "sig", sig, sizeof(sig));
-
-
-	siglen = SM2_signature_typical_size;
-	memset(sig, 0, sizeof(sig));
-	if (sm2_sign_init(&sign_ctx, &sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1
-		|| sm2_sign_update(&sign_ctx, (uint8_t *)"hello ", strlen("hello ")) != 1
-		|| sm2_sign_update(&sign_ctx, (uint8_t *)"world", strlen("world")) != 1
-		|| sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) {
-		fprintf(stderr, "error\n");
-		goto err;
-	}
-	format_bytes(stdout, 0, 0, "sig", sig, sizeof(sig));
-
-
-	siglen = SM2_signature_max_size;
-	memset(sig, 0, sizeof(sig));
-	if (sm2_sign_init(&sign_ctx, &sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1
-		|| sm2_sign_update(&sign_ctx, (uint8_t *)"hello ", strlen("hello ")) != 1
-		|| sm2_sign_update(&sign_ctx, (uint8_t *)"world", strlen("world")) != 1
-		|| sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) {
-		fprintf(stderr, "error\n");
-		goto err;
-	}
-	format_bytes(stdout, 0, 0, "sig", sig, sizeof(sig));
-
-err:
-	return 0;
-}
diff --git a/demos/src/sm2_sign_demo.c b/demos/src/sm2_sign_demo.c
deleted file mode 100644
index 2ab75a63..00000000
--- a/demos/src/sm2_sign_demo.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-	SM2_KEY pub_key;
-	unsigned char dgst[32];
-	unsigned char sig[SM2_MAX_SIGNATURE_SIZE];
-	size_t siglen;
-	int ret;
-
-	sm3_digest((unsigned char *)"hello world", strlen("hello world"), dgst);
-	format_bytes(stdout, 0, 0, "to be signed digest", dgst, sizeof(dgst));
-
-	sm2_key_generate(&sm2_key);
-
-	sm2_sign(&sm2_key, dgst, sig, &siglen);
-	format_bytes(stdout, 0, 0, "signature", sig, siglen);
-
-	memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
-
-	if ((ret = sm2_verify(&pub_key, dgst, sig, siglen)) != 1) {
-		fprintf(stderr, "verify failed\n");
-	} else {
-		printf("verify success\n");
-	}
-
-	return 0;
-}
diff --git a/demos/src/sm2_sign_digest_demo.c b/demos/src/sm2_sign_digest_demo.c
deleted file mode 100644
index a90953f3..00000000
--- a/demos/src/sm2_sign_digest_demo.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-
-
-int main(void)
-{
-	SM2_KEY sm2_key;
-	uint8_t dgst[32];
-	uint8_t sig[SM2_MAX_SIGNATURE_SIZE] = {0};
-	size_t siglen;
-
-	sm2_key_generate(&sm2_key);
-	sm3_digest((uint8_t *)"abc", 3, dgst);
-
-	if (sm2_sign(&key, 
-
-
-	return 0;
-}
diff --git a/demos/src/sm3_ctx_demo.c b/demos/src/sm3_ctx_demo.c
deleted file mode 100644
index 0d1289af..00000000
--- a/demos/src/sm3_ctx_demo.c
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm3.h>
-
-
-int main(void)
-{
-	SM3_CTX sm3_ctx;
-	uint8_t dgst[SM3_DIGEST_SIZE];
-	size_t i;
-
-	sm3_init(&sm3_ctx);
-	sm3_update(&sm3_ctx, (uint8_t *)"a", 1);
-	sm3_update(&sm3_ctx, (uint8_t *)"bc", 2);
-	sm3_finish(&sm3_ctx, dgst);
-
-	printf("sm3('abc') = ");
-	for (i = 0; i < sizeof(dgst); i++) {
-		printf("%02x", dgst[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sm3_ctx_stdin_demo.c b/demos/src/sm3_ctx_stdin_demo.c
deleted file mode 100644
index 8f9e6547..00000000
--- a/demos/src/sm3_ctx_stdin_demo.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm3.h>
-
-
-int main(int argc, char **argv)
-{
-	SM3_CTX sm3_ctx;
-	uint8_t buf[4096];
-	size_t len;
-	uint8_t dgst[32];
-	int i;
-
-	printf("read from stdin ...\n");
-
-	sm3_init(&sm3_ctx);
-	while ((len = fread(buf, 1, sizeof(buf), stdin)) > 0) {
-		sm3_update(&sm3_ctx, buf, len);
-	}
-	sm3_finish(&sm3_ctx, dgst);
-
-	for (i = 0; i < sizeof(dgst); i++) {
-		printf("%02x", dgst[i]);
-	}
-	printf("\n");
-	return 0;
-}
diff --git a/demos/src/sm3_demo.c b/demos/src/sm3_demo.c
deleted file mode 100644
index b5b8196a..00000000
--- a/demos/src/sm3_demo.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm3.h>
-
-
-int main(void)
-{
-	uint8_t dgst[SM3_DIGEST_SIZE];
-	size_t i;
-
-	sm3_digest((uint8_t *)"abc", 3, dgst);
-
-	printf("sm3('abc') = ");
-	for (i = 0; i < sizeof(dgst); i++) {
-		printf("%02x", dgst[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sm3_hmac_ctx_demo.c b/demos/src/sm3_hmac_ctx_demo.c
deleted file mode 100644
index de5b7cb2..00000000
--- a/demos/src/sm3_hmac_ctx_demo.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm3.h>
-#include <gmssl/mem.h>
-
-
-int main(void)
-{
-	SM3_HMAC_CTX hmac_ctx;
-	unsigned char key[16] = {
-		0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-		0x01,0xf2,0x03,0x04,0x05,0x06,0x07,0x08,
-	};
-	unsigned char data[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char hmac[32] = {0};
-	int i;
-
-
-	sm3_hmac_init(&hmac_ctx, key, sizeof(key));
-	sm3_hmac_update(&hmac_ctx, data, 8);
-	sm3_hmac_update(&hmac_ctx, data + 8, sizeof(data) - 8);
-	sm3_hmac_finish(&hmac_ctx, hmac);
-
-	printf("hmac: ");
-	for (i = 0; i < sizeof(hmac); i++) {
-		printf("%02X", hmac[i]);
-	}
-	printf("\n");
-
-	gmssl_secure_clear(&hmac_ctx, sizeof(hmac_ctx));
-
-	return 0;
-}
diff --git a/demos/src/sm3_hmac_demo.c b/demos/src/sm3_hmac_demo.c
deleted file mode 100644
index 4a1538a7..00000000
--- a/demos/src/sm3_hmac_demo.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm3.h>
-
-
-int main(void)
-{
-	unsigned char key[16] = {
-		0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-		0x01,0xf2,0x03,0x04,0x05,0x06,0x07,0x08,
-	};
-	unsigned char data[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char hmac[32] = {0};
-	int i;
-
-	sm3_hmac(key, sizeof(key), data, sizeof(data), hmac);
-
-	printf("hmac: ");
-	for (i = 0; i < sizeof(hmac); i++) {
-		printf("%02x", hmac[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sm4_cbc_ctx_decrypt_stdin_demo.c b/demos/src/sm4_cbc_ctx_decrypt_stdin_demo.c
deleted file mode 100644
index 0ae9941a..00000000
--- a/demos/src/sm4_cbc_ctx_decrypt_stdin_demo.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4.h>
-#include <gmssl/mem.h>
-#include <gmssl/rand.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	unsigned char key[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char iv[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-
-	SM4_CBC_CTX cbc_ctx;
-	unsigned char inbuf[1024];
-	unsigned char outbuf[1024 + 32];
-	size_t inlen;
-	size_t outlen;
-
-	if (sm4_cbc_decrypt_init(&cbc_ctx, key, iv) != 1) {
-		error_print();
-		goto err;
-	}
-
-	fprintf(stderr, "read from stdin ...\n");
-	while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
-		if (sm4_cbc_decrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
-			error_print();
-			goto err;
-		}
-		fwrite(outbuf, 1, outlen, stdout);
-	}
-
-	if (sm4_cbc_decrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
-		error_print();
-		goto err;
-	}
-	fwrite(outbuf, 1, outlen, stdout);
-
-err:
-	gmssl_secure_clear(&cbc_ctx, sizeof(cbc_ctx));
-	return 0;
-}
diff --git a/demos/src/sm4_cbc_ctx_encrypt_stdin_demo.c b/demos/src/sm4_cbc_ctx_encrypt_stdin_demo.c
deleted file mode 100644
index 6ac1ae47..00000000
--- a/demos/src/sm4_cbc_ctx_encrypt_stdin_demo.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4.h>
-#include <gmssl/mem.h>
-#include <gmssl/rand.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	unsigned char key[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char iv[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-
-	SM4_CBC_CTX cbc_ctx;
-	unsigned char inbuf[1024];
-	unsigned char outbuf[1024 + 32];
-	size_t inlen;
-	size_t outlen;
-
-	if (sm4_cbc_encrypt_init(&cbc_ctx, key, iv) != 1) {
-		error_print();
-		goto err;
-	}
-
-	fprintf(stderr, "read from stdin ...\n");
-	while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
-		if (sm4_cbc_encrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
-			error_print();
-			goto err;
-		}
-		fwrite(outbuf, 1, outlen, stdout);
-	}
-
-	if (sm4_cbc_encrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
-		error_print();
-		goto err;
-	}
-	fwrite(outbuf, 1, outlen, stdout);
-
-err:
-	gmssl_secure_clear(&cbc_ctx, sizeof(cbc_ctx));
-	return 0;
-}
diff --git a/demos/src/sm4_cbc_demo.c b/demos/src/sm4_cbc_demo.c
deleted file mode 100644
index 910a88e5..00000000
--- a/demos/src/sm4_cbc_demo.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4.h>
-#include <gmssl/rand.h>
-
-
-int main(void)
-{
-	SM4_KEY sm4_key;
-	unsigned char key[16];
-	unsigned char iv[16];
-	unsigned char mbuf[32] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char cbuf[32] = {0};
-	unsigned char pbuf[32] = {0};
-	int i;
-
-	rand_bytes(key, sizeof(key));
-	rand_bytes(iv, sizeof(iv));
-
-	printf("key: ");
-	for (i = 0; i < sizeof(key); i++) {
-		printf("%02X", key[i]);
-	}
-	printf("\n");
-
-	printf("iv: ");
-	for (i = 0; i < sizeof(iv); i++) {
-		printf("%02X", iv[i]);
-	}
-	printf("\n");
-
-	printf("plaintext: ");
-	for (i = 0; i < sizeof(mbuf); i++) {
-		printf("%02X", mbuf[i]);
-	}
-	printf("\n");
-
-	sm4_set_encrypt_key(&sm4_key, key);
-	sm4_cbc_encrypt(&sm4_key, iv, mbuf, sizeof(mbuf)/SM4_BLOCK_SIZE, cbuf);
-
-	printf("ciphertext: ");
-	for (i = 0; i < sizeof(cbuf); i++) {
-		printf("%02X", cbuf[i]);
-	}
-	printf("\n");
-
-	sm4_set_decrypt_key(&sm4_key, key);
-	sm4_cbc_decrypt(&sm4_key, iv, cbuf, sizeof(cbuf)/SM4_BLOCK_SIZE, pbuf);
-
-	printf("decrypted: ");
-	for (i = 0; i < sizeof(pbuf); i++) {
-		printf("%02X", pbuf[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sm4_cbc_mac_demo.c b/demos/src/sm4_cbc_mac_demo.c
deleted file mode 100644
index c3dac8c6..00000000
--- a/demos/src/sm4_cbc_mac_demo.c
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4_cbc_mac.h>
-
-
-int main(int argc, char **argv)
-{
-	SM4_CBC_MAC_CTX ctx;
-	uint8_t key[16] = {0};
-	uint8_t data[16 * 3] = {0};
-	uint8_t mac[16] = {0};
-	size_t i;
-
-	if (sizeof(data) % SM4_BLOCK_SIZE != 0) {
-		fprintf(stderr, "CBC_MAC data length error\n");
-		goto err;
-	}
-
-	sm4_cbc_mac_init(&ctx, key);
-	sm4_cbc_mac_update(&ctx, data, sizeof(data));
-	sm4_cbc_mac_finish(&ctx, mac);
-
-	printf("cbc_mac = ");
-	for (i = 0; i < sizeof(mac); i++) {
-		printf("%02x", mac[i]);
-	}
-	printf("\n");
-
-err:
-	return 0;
-}
diff --git a/demos/src/sm4_cbc_padding_demo.c b/demos/src/sm4_cbc_padding_demo.c
deleted file mode 100644
index 00b5966a..00000000
--- a/demos/src/sm4_cbc_padding_demo.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4.h>
-#include <gmssl/rand.h>
-
-
-int main(void)
-{
-	SM4_KEY sm4_key;
-	unsigned char key[16];
-	unsigned char iv[16];
-	unsigned char mbuf[32] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char cbuf[32] = {0};
-	unsigned char pbuf[32] = {0};
-	size_t mlen1 = 20, mlen2 = 16;
-	size_t clen1, clen2;
-	size_t plen1, plen2;
-	int i;
-
-	rand_bytes(key, sizeof(key));
-	rand_bytes(iv, sizeof(iv));
-
-	printf("key: ");
-	for (i = 0; i < sizeof(key); i++) {
-		printf("%02X", key[i]);
-	}
-	printf("\n");
-
-	printf("iv: ");
-	for (i = 0; i < sizeof(iv); i++) {
-		printf("%02X", iv[i]);
-	}
-	printf("\n");
-
-
-	printf("sm4_cbc_pading encrypt %zu bytes\n", mlen1);
-
-	printf("plaintext: ");
-	for (i = 0; i < mlen1; i++) {
-		printf("%02X", mbuf[i]);
-	}
-	printf("\n");
-
-	sm4_set_encrypt_key(&sm4_key, key);
-	sm4_cbc_padding_encrypt(&sm4_key, iv, mbuf, mlen1, cbuf, &clen1);
-
-	printf("ciphertext: ");
-	for (i = 0; i < clen1; i++) {
-		printf("%02X", cbuf[i]);
-	}
-	printf("\n");
-
-	sm4_set_decrypt_key(&sm4_key, key);
-	sm4_cbc_padding_decrypt(&sm4_key, iv, cbuf, clen1, pbuf, &plen1);
-
-	printf("decrypted: ");
-	for (i = 0; i < plen1; i++) {
-		printf("%02X", pbuf[i]);
-	}
-	printf("\n");
-
-	printf("sm4_cbc_pading encrypt %zu bytes\n", mlen2);
-
-	printf("plaintext: ");
-	for (i = 0; i < mlen2; i++) {
-		printf("%02X", mbuf[i]);
-	}
-	printf("\n");
-
-	sm4_set_encrypt_key(&sm4_key, key);
-	sm4_cbc_padding_encrypt(&sm4_key, iv, mbuf, mlen2, cbuf, &clen2);
-
-	printf("ciphertext: ");
-	for (i = 0; i < clen2; i++) {
-		printf("%02X", cbuf[i]);
-	}
-	printf("\n");
-
-	sm4_set_decrypt_key(&sm4_key, key);
-	sm4_cbc_padding_decrypt(&sm4_key, iv, cbuf, clen2, pbuf, &plen2);
-
-	printf("decrypted: ");
-	for (i = 0; i < plen2; i++) {
-		printf("%02X", pbuf[i]);
-	}
-	printf("\n");
-
-
-	return 0;
-}
diff --git a/demos/src/sm4_cbc_sm3_hmac_demo.c b/demos/src/sm4_cbc_sm3_hmac_demo.c
deleted file mode 100644
index c2892f2e..00000000
--- a/demos/src/sm4_cbc_sm3_hmac_demo.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/mem.h>
-#include <gmssl/rand.h>
-#include <gmssl/aead.h>
-
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	uint8_t key[SM4_CBC_SM3_HMAC_KEY_SIZE];
-	uint8_t iv[SM4_CBC_SM3_HMAC_IV_SIZE];
-	SM4_CBC_SM3_HMAC_CTX ctx;
-	uint8_t aad[] = "Additianal Authenticated Data, authenticated only, not encrypted";
-	uint8_t m1[] = "Plaintext part 1, to be encrypted and authenticated.";
-	uint8_t m2[] = "Plaintext part 2, to be encrypted and authenticated.";
-	uint8_t c[256];
-	uint8_t d[256];
-	uint8_t *p;
-	size_t clen, dlen, len;
-
-	if (rand_bytes(key, sizeof(key)) != 1
-		|| rand_bytes(iv, sizeof(iv)) != 1) {
-		fprintf(stderr, "rand_bytes() error\n");
-		goto end;
-	}
-
-	// encrypt
-
-	if (sm4_cbc_sm3_hmac_encrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
-		fprintf(stderr, "sm4_cbc_sm3_hmac_encrypt_init() error\n");
-		goto end;
-	}
-
-	p = c;
-	clen = 0;
-
-	if (sm4_cbc_sm3_hmac_encrypt_update(&ctx, m1, sizeof(m1)-1, p, &len) != 1) {
-		fprintf(stderr, "sm4_cbc_sm3_hmac_encrypt_update() error\n");
-		goto end;
-	}
-	p += len;
-	clen += len;
-
-	if (sm4_cbc_sm3_hmac_encrypt_update(&ctx, m2, sizeof(m2), p, &len) != 1) {
-		fprintf(stderr, "sm4_cbc_sm3_hmac_encrypt_update() error\n");
-		goto end;
-	}
-	p += len;
-	clen += len;
-
-	if (sm4_cbc_sm3_hmac_encrypt_finish(&ctx, p, &len) != 1) {
-		fprintf(stderr, "sm4_cbc_sm3_hmac_encrypt_finish() error\n");
-		goto end;
-	}
-	clen += len;
-
-	// decrypt
-
-	if (sm4_cbc_sm3_hmac_decrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
-		fprintf(stderr, "sm4_cbc_sm3_hmac_decrypt_init() error\n");
-		goto end;
-	}
-
-	p = d;
-	dlen = 0;
-
-	if (sm4_cbc_sm3_hmac_decrypt_update(&ctx, c, clen, p, &len) != 1) {
-		fprintf(stderr, "sm4_cbc_sm3_hmac_decrypt_update() error\n");
-		goto end;
-	}
-	p += len;
-	dlen += len;
-
-	if (sm4_cbc_sm3_hmac_decrypt_finish(&ctx, p, &len) != 1) {
-		fprintf(stderr, "sm4_cbc_sm3_hmac_decrypt_finish() error\n");
-		goto end;
-	}
-	dlen += len;
-
-	printf("Decrypted: %s\n", (char *)d);
-
-	ret = 0;
-
-end:
-	gmssl_secure_clear(key, sizeof(key));
-	gmssl_secure_clear(&ctx, sizeof(ctx));
-	return ret;
-}
diff --git a/demos/src/sm4_consts_demo.c b/demos/src/sm4_consts_demo.c
deleted file mode 100644
index 036246ef..00000000
--- a/demos/src/sm4_consts_demo.c
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4.h>
-
-int main(void)
-{
-	printf("%lld\n", SM4_GCM_IV_MAX_SIZE);
-	printf("%lld\n", SM4_GCM_MAX_AAD_SIZE);
-	printf("%lld\n", SM4_GCM_MAX_PLAINTEXT_SIZE);
-	return 0;
-}
diff --git a/demos/src/sm4_ctr_demo.c b/demos/src/sm4_ctr_demo.c
deleted file mode 100644
index fa80d3e0..00000000
--- a/demos/src/sm4_ctr_demo.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4.h>
-#include <gmssl/rand.h>
-
-
-int main(void)
-{
-	SM4_KEY sm4_key;
-	unsigned char key[16];
-	unsigned char iv[16];
-	unsigned char ctr[16];
-	unsigned char mbuf[20] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,
-	};
-	unsigned char cbuf[20] = {0};
-	unsigned char pbuf[20] = {0};
-	int i;
-
-	rand_bytes(key, sizeof(key));
-	rand_bytes(iv, sizeof(iv));
-
-	printf("key: ");
-	for (i = 0; i < sizeof(key); i++) {
-		printf("%02X", key[i]);
-	}
-	printf("\n");
-
-	printf("ctr: ");
-	for (i = 0; i < sizeof(iv); i++) {
-		printf("%02X", iv[i]);
-	}
-	printf("\n");
-
-	sm4_set_encrypt_key(&sm4_key, key);
-
-	printf("sm4 ctr encrypt %zu bytes\n", sizeof(mbuf));
-
-	printf("plaintext: ");
-	for (i = 0; i < sizeof(mbuf); i++) {
-		printf("%02X", mbuf[i]);
-	}
-	printf("\n");
-
-	memcpy(ctr, iv, 16);
-	sm4_ctr_encrypt(&sm4_key, ctr, mbuf, sizeof(mbuf), cbuf);
-
-	printf("ciphertext: ");
-	for (i = 0; i < sizeof(cbuf); i++) {
-		printf("%02X", cbuf[i]);
-	}
-	printf("\n");
-
-	memcpy(ctr, iv, 16);
-	sm4_ctr_decrypt(&sm4_key, ctr, cbuf, sizeof(cbuf), pbuf);
-
-	printf("decrypted: ");
-	for (i = 0; i < sizeof(pbuf); i++) {
-		printf("%02X", pbuf[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sm4_ctr_encrypt_update_demo.c b/demos/src/sm4_ctr_encrypt_update_demo.c
deleted file mode 100644
index cfeb5125..00000000
--- a/demos/src/sm4_ctr_encrypt_update_demo.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4.h>
-#include <gmssl/rand.h>
-
-
-int main(void)
-{
-	SM4_CTR_CTX cbc_ctx;
-	unsigned char key[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char ctr[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char inbuf[1024];
-	unsigned char outbuf[1024 + 32];
-	size_t inlen;
-	size_t outlen;
-
-	if (sm4_ctr_encrypt_init(&cbc_ctx, key, ctr) != 1) {
-		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
-		return 1;
-	}
-	while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
-		if (sm4_ctr_encrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
-			fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
-			return 1;
-		}
-		fwrite(outbuf, 1, outlen, stdout);
-	}
-	if (sm4_ctr_encrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
-		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
-		return 1;
-	}
-	fwrite(outbuf, 1, outlen, stdout);
-
-	return 0;
-}
diff --git a/demos/src/sm4_ctr_sm3_hmac_demo.c b/demos/src/sm4_ctr_sm3_hmac_demo.c
deleted file mode 100644
index 46b57e54..00000000
--- a/demos/src/sm4_ctr_sm3_hmac_demo.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/mem.h>
-#include <gmssl/rand.h>
-#include <gmssl/aead.h>
-
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	uint8_t key[SM4_CTR_SM3_HMAC_KEY_SIZE];
-	uint8_t iv[SM4_CTR_SM3_HMAC_IV_SIZE];
-	SM4_CTR_SM3_HMAC_CTX ctx;
-	uint8_t aad[] = "Additianal Authenticated Data, authenticated only, not encrypted";
-	uint8_t m1[] = "Plaintext part 1, to be encrypted and authenticated.";
-	size_t m1len = sizeof(m1) - 1;
-	uint8_t m2[] = "Plaintext part 2, to be encrypted and authenticated.";
-
-	uint8_t c[256];
-	uint8_t d[256];
-	uint8_t *p;
-	size_t clen, dlen, len;
-
-	if (rand_bytes(key, sizeof(key)) != 1
-		|| rand_bytes(iv, sizeof(iv)) != 1) {
-		fprintf(stderr, "rand_bytes() error\n");
-		goto end;
-	}
-
-	// encrypt
-
-	if (sm4_ctr_sm3_hmac_encrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
-		fprintf(stderr, "sm4_ctr_sm3_hmac_encrypt_init() error\n");
-		goto end;
-	}
-
-	p = c;
-	clen = 0;
-
-	if (sm4_ctr_sm3_hmac_encrypt_update(&ctx, m1, sizeof(m1)-1, p, &len) != 1) {
-		fprintf(stderr, "sm4_ctr_sm3_hmac_encrypt_update() error\n");
-		goto end;
-	}
-	p += len;
-	clen += len;
-
-	if (sm4_ctr_sm3_hmac_encrypt_update(&ctx, m2, sizeof(m2), p, &len) != 1) {
-		fprintf(stderr, "sm4_ctr_sm3_hmac_encrypt_update() error\n");
-		goto end;
-	}
-	p += len;
-	clen += len;
-
-	if (sm4_ctr_sm3_hmac_encrypt_finish(&ctx, p, &len) != 1) {
-		fprintf(stderr, "sm4_ctr_sm3_hmac_encrypt_finish() error\n");
-		goto end;
-	}
-	clen += len;
-
-	// decrypt
-
-	if (sm4_ctr_sm3_hmac_decrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
-		fprintf(stderr, "sm4_ctr_sm3_hmac_decrypt_init() error\n");
-		goto end;
-	}
-
-	p = d;
-	dlen = 0;
-
-	if (sm4_ctr_sm3_hmac_decrypt_update(&ctx, c, clen, p, &len) != 1) {
-		fprintf(stderr, "sm4_ctr_sm3_hmac_decrypt_update() error\n");
-		goto end;
-	}
-	p += len;
-	dlen += len;
-
-	if (sm4_ctr_sm3_hmac_decrypt_finish(&ctx, p, &len) != 1) {
-		fprintf(stderr, "sm4_ctr_sm3_hmac_decrypt_finish() error\n");
-		goto end;
-	}
-	dlen += len;
-
-	printf("Decrypted: %s\n", (char *)d);
-
-	ret = 0;
-
-end:
-	gmssl_secure_clear(key, sizeof(key));
-	gmssl_secure_clear(&ctx, sizeof(ctx));
-	return ret;
-}
diff --git a/demos/src/sm4_demo.c b/demos/src/sm4_demo.c
deleted file mode 100644
index 67e4b9ff..00000000
--- a/demos/src/sm4_demo.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-// sm4 demo1: encrypt and decrypt a block of message (16 bytes)
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4.h>
-
-
-int main(void)
-{
-	SM4_KEY sm4_key;
-	unsigned char key[16] = {
-		0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-		0x01,0xf2,0x03,0x04,0x05,0x06,0x07,0x08,
-	};
-	unsigned char mbuf[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char cbuf[16];
-	unsigned char pbuf[16];
-	int i;
-
-	printf("key: ");
-	for (i = 0; i < sizeof(key); i++) {
-		printf("%02X", key[i]);
-	}
-	printf("\n");
-
-	printf("plaintext : ");
-	for (i = 0; i < sizeof(mbuf); i++) {
-		printf("%02X", mbuf[i]);
-	}
-	printf("\n");
-
-	// SM4 encrypt a block
-	sm4_set_encrypt_key(&sm4_key, key);
-	sm4_encrypt(&sm4_key, mbuf, cbuf);
-
-	printf("ciphertext: ");
-	for (i = 0; i < sizeof(cbuf); i++) {
-		printf("%02X", cbuf[i]);
-	}
-	printf("\n");
-
-	// SM4 decrypt a block
-	sm4_set_decrypt_key(&sm4_key, key);
-	sm4_decrypt(&sm4_key, cbuf, pbuf);
-
-	printf("decrypted : ");
-	for (i = 0; i < sizeof(pbuf); i++) {
-		printf("%02X", pbuf[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sm4_ecb_demo.c b/demos/src/sm4_ecb_demo.c
deleted file mode 100644
index b9269870..00000000
--- a/demos/src/sm4_ecb_demo.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4.h>
-#include <gmssl/rand.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM4_KEY sm4_key;
-	unsigned char key[SM4_KEY_SIZE];
-	uint8_t data[SM4_BLOCK_SIZE * 3];
-	uint8_t *p;
-	size_t i;
-
-	rand_bytes(key, sizeof(key));
-
-	// Plaintext block #1 and #3 are the same
-	rand_bytes(data, SM4_BLOCK_SIZE * 2);
-	memcpy(data + SM4_BLOCK_SIZE * 2, data, SM4_BLOCK_SIZE);
-
-	format_bytes(stdout, 0, 0, "key", key, sizeof(key));
-	format_bytes(stdout, 0, 0, "ECB Plaintext ", data, sizeof(data));
-
-	// SM4-ECB encrypt
-	sm4_set_encrypt_key(&sm4_key, key);
-
-	p = data;
-	for (i = 0; i < sizeof(data)/SM4_BLOCK_SIZE; i++) {
-		sm4_encrypt(&sm4_key, p, p);
-		p += SM4_BLOCK_SIZE;
-	}
-	format_bytes(stdout, 0, 0, "ECB Ciphertext", data, sizeof(data));
-
-	// SM4-ECB decrypt
-	sm4_set_decrypt_key(&sm4_key, key);
-
-	p = data;
-	for (i = 0; i < sizeof(data)/SM4_BLOCK_SIZE; i++) {
-		sm4_decrypt(&sm4_key, p, p);
-		p += SM4_BLOCK_SIZE;
-	}
-	format_bytes(stdout, 0, 0, "ECB Plaintext ", data, sizeof(data));
-
-	return 0;
-}
diff --git a/demos/src/sm4_gcm_ctx_demo.c b/demos/src/sm4_gcm_ctx_demo.c
deleted file mode 100644
index b10f616d..00000000
--- a/demos/src/sm4_gcm_ctx_demo.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/mem.h>
-#include <gmssl/rand.h>
-#include <gmssl/aead.h>
-
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	uint8_t key[SM4_GCM_KEY_SIZE];
-	uint8_t iv[SM4_GCM_DEFAULT_IV_SIZE];
-	SM4_GCM_CTX ctx;
-	uint8_t aad[] = "Additianal Authenticated Data, authenticated only, not encrypted";
-	uint8_t m1[] = "Plaintext part 1, to be encrypted and authenticated.";
-	uint8_t m2[] = "Plaintext part 2, to be encrypted and authenticated.";
-	uint8_t c[256];
-	uint8_t d[256];
-	uint8_t *p;
-	size_t clen, dlen, len;
-
-	if (rand_bytes(key, sizeof(key)) != 1
-		|| rand_bytes(iv, sizeof(iv)) != 1) {
-		fprintf(stderr, "rand_bytes() error\n");
-		goto end;
-	}
-
-	// encrypt
-
-	if (sm4_gcm_encrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad), SM4_GCM_DEFAULT_TAG_SIZE) != 1) {
-		fprintf(stderr, "sm4_gcm_encrypt_init() error\n");
-		goto end;
-	}
-
-	p = c;
-	clen = 0;
-
-	if (sm4_gcm_encrypt_update(&ctx, m1, sizeof(m1)-1, p, &len) != 1) {
-		fprintf(stderr, "sm4_gcm_encrypt_update() error\n");
-		goto end;
-	}
-	p += len;
-	clen += len;
-
-	if (sm4_gcm_encrypt_update(&ctx, m2, sizeof(m2), p, &len) != 1) {
-		fprintf(stderr, "sm4_gcm_encrypt_update() error\n");
-		goto end;
-	}
-	p += len;
-	clen += len;
-
-	if (sm4_gcm_encrypt_finish(&ctx, p, &len) != 1) {
-		fprintf(stderr, "sm4_gcm_encrypt_finish() error\n");
-		goto end;
-	}
-	clen += len;
-
-	// decrypt
-
-	if (sm4_gcm_decrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad), SM4_GCM_DEFAULT_TAG_SIZE) != 1) {
-		fprintf(stderr, "sm4_gcm_decrypt_init() error\n");
-		goto end;
-	}
-
-	p = d;
-	dlen = 0;
-
-	if (sm4_gcm_decrypt_update(&ctx, c, clen, p, &len) != 1) {
-		fprintf(stderr, "sm4_gcm_decrypt_update() error\n");
-		goto end;
-	}
-	p += len;
-	dlen += len;
-
-	if (sm4_gcm_decrypt_finish(&ctx, p, &len) != 1) {
-		fprintf(stderr, "sm4_gcm_decrypt_finish() error\n");
-		goto end;
-	}
-	dlen += len;
-
-	printf("Decrypted: %s\n", (char *)d);
-
-	ret = 0;
-
-end:
-	gmssl_secure_clear(key, sizeof(key));
-	gmssl_secure_clear(&ctx, sizeof(ctx));
-	return ret;
-}
diff --git a/demos/src/sm4_gcm_demo.c b/demos/src/sm4_gcm_demo.c
deleted file mode 100644
index e4183bab..00000000
--- a/demos/src/sm4_gcm_demo.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4.h>
-#include <gmssl/rand.h>
-
-
-int main(void)
-{
-	SM4_KEY sm4_key;
-	unsigned char key[16];
-	unsigned char iv[16];
-	unsigned char aad[20];
-	unsigned char mbuf[64] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,
-	};
-	unsigned char cbuf[64] = {0};
-	unsigned char pbuf[64] = {0};
-	unsigned char tag[16];
-	int i;
-
-	rand_bytes(key, sizeof(key));
-	rand_bytes(iv, sizeof(iv));
-
-	printf("key: ");
-	for (i = 0; i < sizeof(key); i++) {
-		printf("%02X", key[i]);
-	}
-	printf("\n");
-
-	printf("iv: ");
-	for (i = 0; i < sizeof(iv); i++) {
-		printf("%02X", iv[i]);
-	}
-	printf("\n");
-
-	sm4_set_encrypt_key(&sm4_key, key);
-
-	printf("sm4 gcm encrypt\n");
-
-	printf("auth-only data: ");
-	for (i = 0; i < sizeof(aad); i++) {
-		printf("%02X", aad[i]);
-	}
-	printf("\n");
-
-	printf("plaintext: ");
-	for (i = 0; i < sizeof(mbuf); i++) {
-		printf("%02X", mbuf[i]);
-	}
-	printf("\n");
-
-	sm4_gcm_encrypt(&sm4_key, iv, sizeof(iv), aad, sizeof(aad), mbuf, sizeof(mbuf), cbuf, sizeof(tag), tag);
-
-	printf("ciphertext: ");
-	for (i = 0; i < sizeof(cbuf); i++) {
-		printf("%02X", cbuf[i]);
-	}
-	printf("\n");
-
-	printf("mac-tag: ");
-	for (i = 0; i < sizeof(tag); i++) {
-		printf("%02X", tag[i]);
-	}
-	printf("\n");
-
-	if (sm4_gcm_decrypt(&sm4_key, iv, sizeof(iv), aad, sizeof(aad), cbuf, sizeof(mbuf), tag, sizeof(tag), pbuf) != 1) {
-		fprintf(stderr, "sm4 gcm decrypt failed\n");
-		return 1;
-	}
-
-	printf("decrypted: ");
-	for (i = 0; i < sizeof(pbuf); i++) {
-		printf("%02X", pbuf[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sm4_key_demo.c b/demos/src/sm4_key_demo.c
deleted file mode 100644
index aee0e59a..00000000
--- a/demos/src/sm4_key_demo.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm4.h>
-#include <gmssl/rand.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM4_KEY sm4_key;
-	uint8_t key[SM4_KEY_SIZE];
-	int i;
-
-	rand_bytes(key, sizeof(key));
-
-	format_bytes(stdout, 0, 0, "SM4 Raw Key", key, sizeof(key));
-	printf("\n");
-
-	sm4_set_encrypt_key(&sm4_key, key);
-
-	printf("SM4 Round Keys for Encryption\n");
-	for (i = 0; i < SM4_NUM_ROUNDS; i++) {
-		printf("    %08x\n", sm4_key.rk[i]);
-	}
-	printf("\n");
-
-	sm4_set_decrypt_key(&sm4_key, key);
-
-	printf("SM4 Round Keys for Decryption\n");
-	for (i = 0; i < SM4_NUM_ROUNDS; i++) {
-		printf("    %08x\n", sm4_key.rk[i]);
-	}
-	printf("\n");
-
-	return 0;
-}
diff --git a/demos/src/sm9_encrypt_demo.c b/demos/src/sm9_encrypt_demo.c
deleted file mode 100644
index b15b85fb..00000000
--- a/demos/src/sm9_encrypt_demo.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm9.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM9_ENC_MASTER_KEY master;
-	SM9_ENC_MASTER_KEY master_public;
-	SM9_ENC_KEY key;
-	const char *id = "Alice";
-	uint8_t buf[512];
-	uint8_t *p = buf;
-	const uint8_t *cp = buf;
-	size_t len;
-	char mbuf[256];
-	size_t mlen;
-	int ret;
-
-	sm9_enc_master_key_generate(&master);
-	sm9_enc_master_key_extract_key(&master, id, strlen(id), &key);
-
-	sm9_enc_master_public_key_to_der(&master, &p, &len);
-	sm9_enc_master_public_key_from_der(&master_public, &cp, &len);
-
-	sm9_encrypt(&master_public, id, strlen(id), (uint8_t *)"hello", strlen("hello"), buf, &len);
-	ret = sm9_decrypt(&key, id, strlen(id), buf, len, (uint8_t *)mbuf, &mlen);
-	if (ret != 1) {
-		fprintf(stderr, "decrypt failed\n");
-		return 1;
-	}
-	mbuf[mlen] = 0;
-	printf("decrypt result: %s\n", mbuf);
-
-	return 0;
-}
diff --git a/demos/src/sm9_keygen_demo.c b/demos/src/sm9_keygen_demo.c
deleted file mode 100644
index 21030d29..00000000
--- a/demos/src/sm9_keygen_demo.c
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm9.h>
-
-
-int main(void)
-{
-	SM9_SIGN_MASTER_KEY sign_master;
-	SM9_SIGN_KEY sign_key;
-
-	sm9_sign_master_key_generate(&sign_master);
-
-	printf("SM9 Master Secret\n");
-	sm9_sign_master_key_info_encrypt_to_pem(&sign_master, "P@ssw0rd", stdout);
-
-	printf("SM9 Public Parameters\n");
-	sm9_sign_master_public_key_to_pem(&sign_master, stdout);
-
-	sm9_sign_master_key_extract_key(&sign_master, "alice", strlen("alice"), &sign_key);
-
-	printf("SM9 private key for ID '%s'\n", "alice");
-	sm9_sign_key_info_encrypt_to_pem(&sign_key, "123456", stdout);
-
-	return 0;
-}
diff --git a/demos/src/sm9_sign_demo.c b/demos/src/sm9_sign_demo.c
deleted file mode 100644
index c78e81b9..00000000
--- a/demos/src/sm9_sign_demo.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/sm9.h>
-#include <gmssl/error.h>
-
-
-int main(void)
-{
-	SM9_SIGN_MASTER_KEY sign_master;
-	SM9_SIGN_MASTER_KEY sign_master_public;
-	SM9_SIGN_KEY sign_key;
-	SM9_SIGN_CTX sign_ctx;
-	const char *id = "Alice";
-	uint8_t sig[SM9_SIGNATURE_SIZE];
-	size_t siglen;
-	uint8_t buf[512];
-	uint8_t *p = buf;
-	const uint8_t *cp = buf;
-	size_t len;
-	int ret;
-
-	sm9_sign_master_key_generate(&sign_master);
-
-	sm9_sign_master_key_extract_key(&sign_master, id, strlen(id), &sign_key);
-
-	sm9_sign_init(&sign_ctx);
-	sm9_sign_update(&sign_ctx, (uint8_t *)"hello world", strlen("hello world"));
-	sm9_sign_finish(&sign_ctx, &sign_key, sig, &siglen);
-
-	format_bytes(stdout, 0, 0, "signature", sig, siglen);
-
-	sm9_sign_master_public_key_to_der(&sign_master, &p, &len);
-	sm9_sign_master_public_key_from_der(&sign_master_public, &cp, &len);
-
-	sm9_verify_init(&sign_ctx);
-	sm9_verify_update(&sign_ctx, (uint8_t *)"hello world", strlen("hello world"));
-	ret = sm9_verify_finish(&sign_ctx, sig, siglen, &sign_master_public, id, strlen(id));
-	printf("verify %s\n", ret == 1 ? "success" : "failure");
-
-	return 0;
-}
diff --git a/demos/src/tlcp_get_demo.c b/demos/src/tlcp_get_demo.c
deleted file mode 100644
index 53157361..00000000
--- a/demos/src/tlcp_get_demo.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/socket.h>
-#include <gmssl/tls.h>
-#include <gmssl/error.h>
-
-
-int main(int argc, char *argv[])
-{
-	int ret = -1;
-
-
-	const int cipher = TLS_cipher_ecc_sm4_cbc_sm3;
-	struct hostent *hp;
-	int port = 443;
-
-	struct sockaddr_in server;
-	int sock;
-	TLS_CTX ctx;
-	TLS_CONNECT conn;
-
-
-	char request[1024];
-	uint8_t buf[16800];
-	char *p;
-	size_t len;
-
-	if (argc != 2) {
-		fprintf(stderr, "example: tlcp_get https://sm2only.ovssl.cn\n");
-		return 1;
-	}
-
-	if (!(url = parse_url(argv[1]))) {
-		fprintf(stderr, "parse url '%s' failure\n", argv[1]);
-		return 1;
-	}
-	if (!(hp = gethostbyname(url->host))) {
-		herror("tlcp_client: '-host' invalid");
-		goto end;
-	}
-	if (url->port != -1) {
-		port = url->port;
-	}
-
-	server.sin_addr = *((struct in_addr *)hp->h_addr_list[0]);
-	server.sin_family = AF_INET;
-	server.sin_port = htons(port);
-
-	if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-		perror("socket");
-		goto end;
-	}
-	if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) {
-		perror("connect");
-		goto end;
-	}
-
-	memset(&ctx, 0, sizeof(ctx));
-	memset(&conn, 0, sizeof(conn));
-
-	tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_client_mode);
-	tls_ctx_set_cipher_suites(&ctx, &cipher, 1);
-	tls_init(&conn, &ctx);
-	tls_set_socket(&conn, sock);
-
-	if (tls_do_handshake(&conn) != 1) {
-		fprintf(stderr, "%s: error\n", prog);
-		goto end;
-	}
-
-	snprintf(request, sizeof(request)-1, "GET %s HTTP/1.1\r\nHost: %s\r\n\r\n",
-		url->path ? url->path : "/",
-		url->host);
-
-	tls_send(&conn, (uint8_t *)request, strlen(request), &len);
-
-	if (tls_recv(&conn, buf, sizeof(buf), &len) != 1) {
-		fprintf(stderr, "recv failure\n");
-		goto end;
-	}
-	buf[len] = 0;
-
-	p = strstr((char *)buf, "\r\n\r\n");
-	if (p) {
-		printf("%s", p + 4);
-		fflush(stdout);
-	}
-
-end:
-	free_url_components(url);
-	close(sock);
-	tls_ctx_cleanup(&ctx);
-	tls_cleanup(&conn);
-	return 0;
-}
diff --git a/demos/src/tlcp_post_demo.c b/demos/src/tlcp_post_demo.c
deleted file mode 100644
index eebdbee3..00000000
--- a/demos/src/tlcp_post_demo.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <string.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <netdb.h>
-#include <sys/types.h>
-#include <arpa/inet.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <gmssl/tls.h>
-#include <gmssl/error.h>
-
-
-int main(int argc, char *argv[])
-{
-	int ret = -1;
-	char *prog = argv[0];
-	const int cipher = TLS_cipher_ecc_sm4_cbc_sm3;
-	URL_COMPONENTS *url;
-	struct hostent *hp;
-	int port = 443;
-	struct sockaddr_in server;
-	int sock;
-	TLS_CTX ctx;
-	TLS_CONNECT conn;
-	char request[1024];
-	uint8_t buf[16800];
-	char *p;
-	size_t len;
-
-	if (argc != 2) {
-		fprintf(stderr, "example: echo \"key=word\" | tlcp_post https://sm2only.ovssl.cn\n");
-		return 1;
-	}
-
-	if (!(url = parse_url(argv[1]))) {
-		fprintf(stderr, "parse url '%s' failure\n", argv[1]);
-		return 1;
-	}
-	if (!(hp = gethostbyname(url->host))) {
-		herror("tlcp_client: '-host' invalid");
-		goto end;
-	}
-	if (url->port != -1) {
-		port = url->port;
-	}
-
-	server.sin_addr = *((struct in_addr *)hp->h_addr_list[0]);
-	server.sin_family = AF_INET;
-	server.sin_port = htons(port);
-
-	if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-		perror("socket");
-		goto end;
-	}
-	if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) {
-		perror("connect");
-		goto end;
-	}
-
-	memset(&ctx, 0, sizeof(ctx));
-	memset(&conn, 0, sizeof(conn));
-
-	tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_client_mode);
-	tls_ctx_set_cipher_suites(&ctx, &cipher, 1);
-	tls_init(&conn, &ctx);
-	tls_set_socket(&conn, sock);
-
-	if (tls_do_handshake(&conn) != 1) {
-		fprintf(stderr, "%s: error\n", prog);
-		goto end;
-	}
-
-	snprintf(request, sizeof(request)-1, "POST %s HTTP/1.1\r\nHost: %s\r\n\r\n",
-		url->path ? url->path : "/",
-		url->host);
-
-	tls_send(&conn, (uint8_t *)request, strlen(request), &len);
-
-	len = fread(buf, 1, sizeof(buf), stdin);
-	if (len) {
-		tls_send(&conn, buf, len, &len);
-	}
-
-	if (tls_recv(&conn, buf, sizeof(buf), &len) != 1) {
-		fprintf(stderr, "recv failure\n");
-		goto end;
-	}
-	buf[len] = 0;
-
-	p = strstr((char *)buf, "\r\n\r\n");
-	if (p) {
-		printf("%s", p + 4);
-		fflush(stdout);
-	}
-
-end:
-	free_url_components(url);
-	close(sock);
-	tls_ctx_cleanup(&ctx);
-	tls_cleanup(&conn);
-	return 0;
-}
diff --git a/demos/src/version_demo.c b/demos/src/version_demo.c
deleted file mode 100644
index eb1e75bb..00000000
--- a/demos/src/version_demo.c
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/version.h>
-
-
-int main(int argc, char **argv)
-{
-	if (gmssl_version_num() < 30100) {
-		fprintf(stderr, "GmSSL version is lower than 3.0.0\n");
-		return 1;
-	}
-	printf("GmSSL version: %s\n", gmssl_version_str());
-
-	return 0;
-}
diff --git a/demos/src/x509_cert_check_demo.c b/demos/src/x509_cert_check_demo.c
deleted file mode 100644
index 84c984ec..00000000
--- a/demos/src/x509_cert_check_demo.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/x509_cer.h>
-
-char *pem =
-"-----BEGIN CERTIFICATE-----\n"
-"MIIBszCCAVegAwIBAgIIaeL+wBcKxnswDAYIKoEcz1UBg3UFADAuMQswCQYDVQQG\n"
-"EwJDTjEOMAwGA1UECgwFTlJDQUMxDzANBgNVBAMMBlJPT1RDQTAeFw0xMjA3MTQw\n"
-"MzExNTlaFw00MjA3MDcwMzExNTlaMC4xCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVO\n"
-"UkNBQzEPMA0GA1UEAwwGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n"
-"MPCca6pmgcchsTf2UnBeL9rtp4nw+itk1Kzrmbnqo05lUwkwlWK+4OIrtFdAqnRT\n"
-"V7Q9v1htkv42TsIutzd126NdMFswHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti\n"
-"W/CXdlgwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFEwysZfZ\n"
-"MxvEpgXBxuWLYlvwl3ZYMAwGCCqBHM9VAYN1BQADSAAwRQIgG1bSLeOXp3oB8H7b\n"
-"53W+CKOPl2PknmWEq/lMhtn25HkCIQDaHDgWxWFtnCrBjH16/W3Ezn7/U/Vjo5xI\n"
-"pDoiVhsLwg==\n"
-"-----END CERTIFICATE-----\n";
-
-static int prepare_pem_file(void)
-{
-	FILE *fp;
-
-	if (!(fp = fopen("cert.pem", "wb"))) {
-		fprintf(stderr, "fopen() error\n");
-		return -1;
-	}
-
-	if (fwrite(pem, 1, strlen(pem), fp) != strlen(pem)) {
-		fprintf(stderr, "fwrite() error\n");
-		return -1;
-	}
-
-	fclose(fp);
-	return 1;
-}
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	FILE *fp = NULL;
-	uint8_t cert[2048];
-	size_t certlen;
-	int cert_type = X509_cert_root_ca;
-	/*
-	cert_type options:
-		X509_cert_server_auth,
-		X509_cert_client_auth,
-		X509_cert_server_key_encipher,
-		X509_cert_client_key_encipher,
-		X509_cert_ca,
-		X509_cert_root_ca,
-		X509_cert_crl_sign,
-	*/
-	int path_len_constraint;
-
-	(void)prepare_pem_file();
-
-	if (!(fp = fopen("cert.pem", "rb"))) {
-		fprintf(stderr, "fopen() cert.pem error\n");
-		goto err;
-	}
-
-	if (x509_cert_from_pem(cert, &certlen, sizeof(cert), fp) != 1) {
-		fprintf(stderr, "x509_cert_from_pem() error\n");
-		goto err;
-	}
-
-	if (x509_cert_check(cert, certlen, cert_type, &path_len_constraint) != 1) {
-		fprintf(stderr, "invalid cert\n");
-		goto err;
-	}
-
-	ret = 0;
-err:
-	if (fp) fclose(fp);
-	return ret;
-}
diff --git a/demos/src/x509_cert_parse_demo.c b/demos/src/x509_cert_parse_demo.c
deleted file mode 100644
index 33a51ee3..00000000
--- a/demos/src/x509_cert_parse_demo.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/x509_cer.h>
-
-char *pem =
-"-----BEGIN CERTIFICATE-----\n"
-"MIIBszCCAVegAwIBAgIIaeL+wBcKxnswDAYIKoEcz1UBg3UFADAuMQswCQYDVQQG\n"
-"EwJDTjEOMAwGA1UECgwFTlJDQUMxDzANBgNVBAMMBlJPT1RDQTAeFw0xMjA3MTQw\n"
-"MzExNTlaFw00MjA3MDcwMzExNTlaMC4xCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVO\n"
-"UkNBQzEPMA0GA1UEAwwGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n"
-"MPCca6pmgcchsTf2UnBeL9rtp4nw+itk1Kzrmbnqo05lUwkwlWK+4OIrtFdAqnRT\n"
-"V7Q9v1htkv42TsIutzd126NdMFswHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti\n"
-"W/CXdlgwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFEwysZfZ\n"
-"MxvEpgXBxuWLYlvwl3ZYMAwGCCqBHM9VAYN1BQADSAAwRQIgG1bSLeOXp3oB8H7b\n"
-"53W+CKOPl2PknmWEq/lMhtn25HkCIQDaHDgWxWFtnCrBjH16/W3Ezn7/U/Vjo5xI\n"
-"pDoiVhsLwg==\n"
-"-----END CERTIFICATE-----\n";
-
-static int prepare_pem_file(void)
-{
-	FILE *fp;
-
-	if (!(fp = fopen("cert.pem", "wb"))) {
-		fprintf(stderr, "fopen() error\n");
-		return -1;
-	}
-
-	if (fwrite(pem, 1, strlen(pem), fp) != strlen(pem)) {
-		fprintf(stderr, "fwrite() error\n");
-		return -1;
-	}
-
-	fclose(fp);
-	return 1;
-}
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	FILE *fp = NULL;
-	uint8_t cert[2048];
-	size_t certlen;
-	const uint8_t *serial;
-	size_t serial_len;
-	const uint8_t *issuer;
-	size_t issuer_len;
-	const uint8_t *subject;
-	size_t subject_len;
-	SM2_KEY subject_public_key;
-	size_t i;
-
-	(void)prepare_pem_file();
-
-	if (!(fp = fopen("cert.pem", "rb"))) {
-		fprintf(stderr, "fopen() cert.pem error\n");
-		goto err;
-	}
-
-	if (x509_cert_from_pem(cert, &certlen, sizeof(cert), fp) != 1) {
-		fprintf(stderr, "x509_cert_from_pem() error\n");
-		goto err;
-	}
-
-	if (x509_cert_get_issuer_and_serial_number(cert, certlen, &issuer, &issuer_len, &serial, &serial_len) != 1)
-		goto err;
-	if (x509_cert_get_subject(cert, certlen, &subject, &subject_len) != 1)
-		goto err;
-	if (x509_cert_get_subject_public_key(cert, certlen, &subject_public_key) != 1)
-		goto err;
-
-	if (x509_name_equ(subject, subject_len, issuer, issuer_len) == 1) {
-		printf("This is self-signed certificate\n");
-	}
-
-	printf("SerialNumber: ");
-	for (i = 0; i < serial_len; i++) {
-		printf("%02X", serial[i]);
-	}
-	printf("\n");
-
-	x509_name_print(stdout, 0, 0, "Issuer", issuer, issuer_len);
-	x509_name_print(stdout, 0, 0, "Subject", subject, subject_len);
-	sm2_public_key_print(stdout, 0, 0, "SubjectPublicKey", &subject_public_key);
-
-	ret = 0;
-err:
-	if (fp) fclose(fp);
-	return ret;
-}
diff --git a/demos/src/x509_cert_print_demo.c b/demos/src/x509_cert_print_demo.c
deleted file mode 100644
index 0458bcb5..00000000
--- a/demos/src/x509_cert_print_demo.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/x509_cer.h>
-
-char *pem =
-"-----BEGIN CERTIFICATE-----\n"
-"MIIBszCCAVegAwIBAgIIaeL+wBcKxnswDAYIKoEcz1UBg3UFADAuMQswCQYDVQQG\n"
-"EwJDTjEOMAwGA1UECgwFTlJDQUMxDzANBgNVBAMMBlJPT1RDQTAeFw0xMjA3MTQw\n"
-"MzExNTlaFw00MjA3MDcwMzExNTlaMC4xCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVO\n"
-"UkNBQzEPMA0GA1UEAwwGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n"
-"MPCca6pmgcchsTf2UnBeL9rtp4nw+itk1Kzrmbnqo05lUwkwlWK+4OIrtFdAqnRT\n"
-"V7Q9v1htkv42TsIutzd126NdMFswHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti\n"
-"W/CXdlgwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFEwysZfZ\n"
-"MxvEpgXBxuWLYlvwl3ZYMAwGCCqBHM9VAYN1BQADSAAwRQIgG1bSLeOXp3oB8H7b\n"
-"53W+CKOPl2PknmWEq/lMhtn25HkCIQDaHDgWxWFtnCrBjH16/W3Ezn7/U/Vjo5xI\n"
-"pDoiVhsLwg==\n"
-"-----END CERTIFICATE-----\n";
-
-static int prepare_pem_file(void)
-{
-	FILE *fp;
-
-	if (!(fp = fopen("cert.pem", "wb"))) {
-		fprintf(stderr, "fopen() error\n");
-		return -1;
-	}
-
-	if (fwrite(pem, 1, strlen(pem), fp) != strlen(pem)) {
-		fprintf(stderr, "fwrite() error\n");
-		return -1;
-	}
-
-	fclose(fp);
-	return 1;
-}
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	FILE *fp = NULL;
-	uint8_t cert[2048];
-	size_t certlen;
-
-	(void)prepare_pem_file();
-
-	if (!(fp = fopen("cert.pem", "rb"))) {
-		fprintf(stderr, "fopen() cert.pem error\n");
-		goto err;
-	}
-
-	if (x509_cert_from_pem(cert, &certlen, sizeof(cert), fp) != 1) {
-		fprintf(stderr, "x509_cert_from_pem() error\n");
-		goto err;
-	}
-	x509_cert_print(stdout, 0, 0, "Certificate", cert, certlen);
-
-	ret = 0;
-err:
-	if (fp) fclose(fp);
-	return ret;
-}
diff --git a/demos/src/x509_cert_verify_demo.c b/demos/src/x509_cert_verify_demo.c
deleted file mode 100644
index 2afad177..00000000
--- a/demos/src/x509_cert_verify_demo.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/x509_cer.h>
-
-char *signcert_pem =
-"-----BEGIN CERTIFICATE-----\n"
-"MIICzzCCAnKgAwIBAgIFEzY5M3AwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD\n"
-"TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2\n"
-"MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD\n"
-"VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF\n"
-"rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN\n"
-"ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABPsNUnoZQM9C\n"
-"SnvC57TbvdfyOTCuPOSlZmPAyxBKFj+Y1QH/xlubHdVf5XqHrO1jCDRi7aN5IKGX\n"
-"QF1492c803OjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB\n"
-"ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF\n"
-"BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f\n"
-"BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j\n"
-"cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCBsAwHQYD\n"
-"VR0OBBYEFJ6oFo/OrKgDhHFORpaq04kX7T1KMB0GA1UdJQQWMBQGCCsGAQUFBwMC\n"
-"BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0kAMEYCIQCvhSvbv5h6ERl1YcCLg+fz\n"
-"9UleQbaPfBYwUjUD2dAHVQIhAMRC4k9S/mSC0UpUvCqh/DQC2Ui8Tccd5G2IgYSs\n"
-"cnUN\n"
-"-----END CERTIFICATE-----\n";
-
-char *enccert_pem =
-"-----BEGIN CERTIFICATE-----\n"
-"MIICzjCCAnKgAwIBAgIFEzY5M3EwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD\n"
-"TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2\n"
-"MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD\n"
-"VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF\n"
-"rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN\n"
-"ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABMn1q+hbV0i1\n"
-"qnKAy7QeZ3ZfAD+gqHX4F5MqIhsarODlWsavf/dcprC0F277zc44aYBB/3ucy4PF\n"
-"qXaRHQp8PEyjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB\n"
-"ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF\n"
-"BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f\n"
-"BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j\n"
-"cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCAzgwHQYD\n"
-"VR0OBBYEFF/a1JHvzLzbpFbBljX7hNxRpj/2MB0GA1UdJQQWMBQGCCsGAQUFBwMC\n"
-"BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0gAMEUCIQDCOFi1eZcgiN6t+h6lxLwS\n"
-"grAh3Jall+ZyA2ePw6xcjwIgNyDvo761dpwJhcyWfyVCAnaTf0Vf4DLWI1K+S7po\n"
-"Ur8=\n"
-"-----END CERTIFICATE-----\n";
-
-
-char *cacert_pem =
-"-----BEGIN CERTIFICATE-----\n"
-"MIICNTCCAdmgAwIBAgIFEAAAAAgwDAYIKoEcz1UBg3UFADBYMQswCQYDVQQGEwJD\n"
-"TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y\n"
-"aXR5MRcwFQYDVQQDDA5DRkNBIENTIFNNMiBDQTAeFw0xMzAxMjQwODQ2NDBaFw0z\n"
-"MzAxMTkwODQ2NDBaMCUxCzAJBgNVBAYTAkNOMRYwFAYDVQQKDA1DRkNBIFNNMiBP\n"
-"Q0ExMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEfJqQoo0+JoyCRy0msS2Ym076\n"
-"8nV1pSLuK9utS1ij38obWDymq0oMRRwUzDMEQI19Cajo3JUoGFxOvsA+YWu3XKOB\n"
-"wDCBvTAfBgNVHSMEGDAWgBTkjt3Uo+e2D+4dJ5bNddwlJXJp3TAMBgNVHRMEBTAD\n"
-"AQH/MGAGA1UdHwRZMFcwVaBToFGkTzBNMQswCQYDVQQGEwJDTjETMBEGA1UECgwK\n"
-"Q0ZDQSBDUyBDQTEMMAoGA1UECwwDQ1JMMQwwCgYDVQQLDANTTTIxDTALBgNVBAMM\n"
-"BGNybDEwCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBRck1ggWiRzVhAbZFAQ7OmnygdB\n"
-"ETAMBggqgRzPVQGDdQUAA0gAMEUCIBVscoZJhUy4eToK4C//LjvhjKK2qpBFac/h\n"
-"Pr6yYTLzAiEAiyqrqsGUU5vGkDo5bEpmF1EbnY8xovsM9vCx98yBrVM=\n"
-"-----END CERTIFICATE-----\n";
-
-char *rootcacert_pem =
-"-----BEGIN CERTIFICATE-----\n"
-"MIICAzCCAaegAwIBAgIEFy9CWTAMBggqgRzPVQGDdQUAMFgxCzAJBgNVBAYTAkNO\n"
-"MTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp\n"
-"dHkxFzAVBgNVBAMMDkNGQ0EgQ1MgU00yIENBMB4XDTEyMDgzMTAyMDY1OVoXDTQy\n"
-"MDgyNDAyMDY1OVowWDELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0NoaW5hIEZpbmFu\n"
-"Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEXMBUGA1UEAwwOQ0ZDQSBDUyBT\n"
-"TTIgQ0EwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAATuRh26wmtyKNMz+Pmneo3a\n"
-"Sme+BCjRon8SvAxZBgLSuIxNUewq4kNujeb1I4A0yg7xNcjuOgXglAoQv+Tc+P0V\n"
-"o10wWzAfBgNVHSMEGDAWgBTkjt3Uo+e2D+4dJ5bNddwlJXJp3TAMBgNVHRMEBTAD\n"
-"AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU5I7d1KPntg/uHSeWzXXcJSVyad0w\n"
-"DAYIKoEcz1UBg3UFAANIADBFAiBhP/rmIvles3RK1FfcmmEeS9RZdu+5lCzxF0nk\n"
-"cof2QAIhAPVRpqOuceEQHsR77FBe/DgVPqF6lOyoZs0TzTDHrN8c\n"
-"-----END CERTIFICATE-----\n";
-
-static int prepare_pem_file(void)
-{
-	FILE *fp;
-
-	if (!(fp = fopen("double_certs_chain.pem", "wb"))) {
-		fprintf(stderr, "fopen() error\n");
-		return -1;
-	}
-	if (fwrite(signcert_pem, 1, strlen(signcert_pem), fp) != strlen(signcert_pem)
-		|| fwrite(enccert_pem, 1, strlen(enccert_pem), fp) != strlen(enccert_pem)
-		|| fwrite(cacert_pem, 1, strlen(cacert_pem), fp) != strlen(cacert_pem)) {
-		fprintf(stderr, "fwrite() error\n");
-		return -1;
-	}
-	fclose(fp);
-
-	if (!(fp = fopen("rootcacert.pem", "wb"))) {
-		fprintf(stderr, "fopen() error\n");
-		return -1;
-	}
-	if (fwrite(rootcacert_pem, 1, strlen(rootcacert_pem), fp) != strlen(rootcacert_pem)) {
-		fprintf(stderr, "fwrite() error\n");
-		return -1;
-	}
-	fclose(fp);
-
-	return 1;
-}
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	FILE *fp = NULL;
-	uint8_t certs[4096];
-	size_t certslen;
-	uint8_t rootcacert[1024];
-	size_t rootcacertlen;
-
-	(void)prepare_pem_file();
-
-
-	if (!(fp = fopen("double_certs_chain.pem", "rb"))) {
-		fprintf(stderr, "fopen() error\n");
-		goto err;
-	}
-	if (x509_certs_from_pem(certs, &certslen, sizeof(certs), fp) != 1) {
-		fprintf(stderr, "x509_certs_from_pem() error\n");
-		goto err;
-	}
-	fclose(fp);
-
-	if (!(fp = fopen("rootcacert.pem", "rb"))) {
-		fprintf(stderr, "fopen() error\n");
-		goto err;
-	}
-	if (x509_cert_from_pem(rootcacert, &rootcacertlen, sizeof(rootcacert), fp) != 1) {
-		fprintf(stderr, "x509_cert_from_pem() error\n");
-		goto err;
-	}
-
-	int cert_type = X509_cert_chain_client;
-	int verify_result = 0;
-	if (x509_certs_verify_tlcp(certs, certslen, cert_type, rootcacert, rootcacertlen, 6, &verify_result) != 1) {
-		fprintf(stderr, "x509_certs_verify_tlcp() error\n");
-		goto err;
-	}
-
-	ret = 0;
-err:
-	if (fp) fclose(fp);
-	return ret;
-}
diff --git a/demos/src/x509_crl_download_demo.c b/demos/src/x509_crl_download_demo.c
deleted file mode 100644
index eea46091..00000000
--- a/demos/src/x509_crl_download_demo.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/file.h>
-#include <gmssl/x509_crl.h>
-
-
-char *http_uri = "http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl";
-char *file_name = "Microsoft RSA TLS CA 02.crl";
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	uint8_t *crl = NULL;
-	size_t crllen;
-	FILE *fp = NULL;
-
-	printf("Demo - Download CRL from HTTP\n\n");
-
-	printf("    Download from %s\n", http_uri);
-
-	if (x509_crl_new_from_uri(&crl, &crllen, http_uri, strlen(http_uri)) != 1) {
-		fprintf(stderr, "x509_crl_new_from_uri() error\n");
-		goto err;
-	}
-
-	//x509_crl_print(stdout, 0, 0, "CRL", crl, crllen);
-
-	if (!(fp = fopen(file_name, "wb"))) {
-		fprintf(stderr, "fopen() error\n");
-		goto err;
-	}
-	fwrite(crl, 1, crllen, fp);
-
-	printf("    Save to %s\n", file_name);
-	printf("    Run `gmssl crlparse -in \"%s\"` to print the downloaded CRL\n", file_name);
-	printf("\n");
-
-	ret = 0;
-err:
-	if (crl) free(crl);
-	if (fp) fclose(fp);
-	return ret;
-}
diff --git a/demos/src/x509_crl_find_revoked_cert_demo.c b/demos/src/x509_crl_find_revoked_cert_demo.c
deleted file mode 100644
index fcc12d52..00000000
--- a/demos/src/x509_crl_find_revoked_cert_demo.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/file.h>
-#include <gmssl/x509_crl.h>
-
-// 为了这些demo，应该准备好测试的文件，而不是把文件都放在源代码里面
-// 这样会更灵活一些
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-
-	uint8_t *crl;
-	size_t crllen;
-
-	char *cert;
-	size_t certlen;
-
-	const uint8_t *cert_serial;
-	size_t cert_serial_len;
-	time_t cert_revoke_date;
-	const uint8_t *crl_entry_exts;
-	size_t crl_entry_exts_len;
-
-	int revoked;
-
-	printf("Demo - Check if a Certificate has been revoked in a CRL\n");
-
-
-	if (x509_cert_get_issuer_and_serial_number(cert, certlen,
-		NULL, NULL, &cert_serial, &cert_serial_len) != 1) {
-		fprintf(stderr, "x509_cert_get_issuer_and_serial_number() error\n");
-		goto err;
-	}
-
-	if ((revoked = x509_crl_find_revoked_cert_by_serial_number(
-		crl, crllen,
-		cert_serial, cert_serial_len,
-		&cert_revoked_date,
-		&crl_entry_exts, &crl_entry_exts_len)) == -1) {
-
-		fprintf(stderr, "x509_crl_find_revoked_cert_by_serial_number() error\n");
-		goto err;
-	}
-
-	if (revoked) {
-		printf("    The certificate has been revoked\n");
-		format_bytes(stderr, 0, 4, "SerialNumber", cert_serial, cert_serial_len);
-		x509_crl_entry_exts_print(stderr, 0, 4, "CRLEntryExts", crl_entry_exts, crl_entry_exts_len);
-	} else {
-		printf("    The certificate not in the given CRL\n");
-	}
-
-	ret = 0;
-err:
-	if (der) free(der);
-	return ret;
-}
diff --git a/demos/src/x509_crl_print_demo.c b/demos/src/x509_crl_print_demo.c
deleted file mode 100644
index 6ab6fb64..00000000
--- a/demos/src/x509_crl_print_demo.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/file.h>
-#include <gmssl/x509_crl.h>
-
-
-char *crl_file = "../../demos/certs/crl/Civil Servant ROOT.crl";
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-	uint8_t *der = NULL;
-	size_t derlen;
-	const uint8_t *cp;
-	const uint8_t *crl;
-	size_t crllen;
-
-	printf("Demo - Read and print CRL in DER-encoding\n");
-
-	if (file_read_all(crl_file, &der, &derlen) != 1) {
-		fprintf(stderr, "file_read_all() error\n");
-		goto err;
-	}
-
-	cp = der;
-	if (x509_crl_from_der(&crl, &crllen, &cp, &derlen) != 1) {
-		fprintf(stderr, "x509_crl_from_der() error\n");
-		goto err;
-	}
-
-	x509_crl_print(stdout, 0, 0, "CRL", crl, crllen);
-
-	ret = 0;
-err:
-	if (der) free(der);
-	return ret;
-}
diff --git a/demos/src/x509_crl_verify_demo.c b/demos/src/x509_crl_verify_demo.c
deleted file mode 100644
index af17926d..00000000
--- a/demos/src/x509_crl_verify_demo.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/file.h>
-#include <gmssl/x509_crl.h>
-
-// 为了这些demo，应该准备好测试的文件，而不是把文件都放在源代码里面
-// 这样会更灵活一些
-
-int main(int argc, char **argv)
-{
-	int ret = -1;
-
-	uint8_t *crl;
-	size_t crllen;
-	char *cacert;
-	size_t cacertlen;
-
-	printf("Demo - Check if a Certificate has been revoked in a CRL\n");
-
-
-126         if ((rv = x509_crl_verify_by_ca_cert(crl, crl_len, cacert, cacertlen, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID))) < 0) {
-127                 fprintf(stderr, "%s: verification inner error\n", prog);
-128                 goto end;
-129         }
-
-
-
-
-
-
-	ret = 0;
-err:
-	if (crl) free(crl);
-	if (cacert) free(cacert);
-	return ret;
-}
diff --git a/demos/src/zuc_demo.c b/demos/src/zuc_demo.c
deleted file mode 100644
index d0099406..00000000
--- a/demos/src/zuc_demo.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/zuc.h>
-
-
-int main(void)
-{
-	ZUC_CTX zuc_ctx;
-	unsigned char key[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char iv[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char inbuf[1024];
-	unsigned char outbuf[1024 + 32];
-	size_t inlen;
-	size_t outlen;
-
-	if (zuc_encrypt_init(&zuc_ctx, key, iv) != 1) {
-		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
-		return 1;
-	}
-	while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
-		if (zuc_encrypt_update(&zuc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
-			fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
-			return 1;
-		}
-		fwrite(outbuf, 1, outlen, stdout);
-	}
-	if (zuc_encrypt_finish(&zuc_ctx, outbuf, &outlen) != 1) {
-		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
-		return 1;
-	}
-	fwrite(outbuf, 1, outlen, stdout);
-
-	return 0;
-}
diff --git a/demos/src/zuc_encrypt_stdin_demo.c b/demos/src/zuc_encrypt_stdin_demo.c
deleted file mode 100644
index d0099406..00000000
--- a/demos/src/zuc_encrypt_stdin_demo.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
- *
- *  Licensed under the Apache License, Version 2.0 (the License); you may
- *  not use this file except in compliance with the License.
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/zuc.h>
-
-
-int main(void)
-{
-	ZUC_CTX zuc_ctx;
-	unsigned char key[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char iv[16] = {
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
-	};
-	unsigned char inbuf[1024];
-	unsigned char outbuf[1024 + 32];
-	size_t inlen;
-	size_t outlen;
-
-	if (zuc_encrypt_init(&zuc_ctx, key, iv) != 1) {
-		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
-		return 1;
-	}
-	while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
-		if (zuc_encrypt_update(&zuc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
-			fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
-			return 1;
-		}
-		fwrite(outbuf, 1, outlen, stdout);
-	}
-	if (zuc_encrypt_finish(&zuc_ctx, outbuf, &outlen) != 1) {
-		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
-		return 1;
-	}
-	fwrite(outbuf, 1, outlen, stdout);
-
-	return 0;
-}