diff --git a/include/gmssl/sm3.h b/include/gmssl/sm3.h
index 7a0fd06b..e056f24b 100644
--- a/include/gmssl/sm3.h
+++ b/include/gmssl/sm3.h
@@ -13,6 +13,7 @@
 
 #include <string.h>
 #include <stdint.h>
+#include <gmssl/api.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -70,11 +71,24 @@ void sm3_kdf(const uint8_t *in, size_t inlen, size_t outlen, uint8_t *out);
 #define SM3_PBKDF2_MAX_SALT_SIZE	64
 #define SM3_PBKDF2_DEFAULT_SALT_SIZE	8
 
-int sm3_pbkdf2(const char *pass, size_t passlen,
+_gmssl_export int sm3_pbkdf2(const char *pass, size_t passlen,
 	const uint8_t *salt, size_t saltlen, size_t count,
 	size_t outlen, uint8_t *out);
 
 
+typedef struct {
+	union {
+		SM3_CTX sm3_ctx;
+		SM3_HMAC_CTX hmac_ctx;
+		void *handle;
+	};
+	int state;
+} SM3_DIGEST_CTX;
+
+_gmssl_export int sm3_digest_init(SM3_DIGEST_CTX *ctx, const uint8_t *key, size_t keylen);
+_gmssl_export int sm3_digest_update(SM3_DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
+_gmssl_export int sm3_digest_finish(SM3_DIGEST_CTX *ctx, uint8_t dgst[SM3_DIGEST_SIZE]);
+
 
 #ifdef __cplusplus
 }
diff --git a/include/gmssl/sm4.h b/include/gmssl/sm4.h
index eefe5160..5b38f144 100644
--- a/include/gmssl/sm4.h
+++ b/include/gmssl/sm4.h
@@ -13,6 +13,8 @@
 
 #include <stdint.h>
 #include <string.h>
+#include <gmssl/ghash.h>
+#include <gmssl/api.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -31,56 +33,18 @@ typedef struct {
 void sm4_set_encrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]);
 void sm4_set_decrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]);
 void sm4_encrypt(const SM4_KEY *key, const uint8_t in[SM4_BLOCK_SIZE], uint8_t out[SM4_BLOCK_SIZE]);
-#define sm4_decrypt(key,in,out) sm4_encrypt(key,in,out)
 
 
 void sm4_cbc_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
 	const uint8_t *in, size_t nblocks, uint8_t *out);
 void sm4_cbc_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
 	const uint8_t *in, size_t nblocks, uint8_t *out);
+
 int sm4_cbc_padding_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 int sm4_cbc_padding_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 
-
-void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[SM4_BLOCK_SIZE],
-	const uint8_t *in, size_t inlen, uint8_t *out);
-#define sm4_ctr_decrypt(key,ctr,in,inlen,out) sm4_ctr_encrypt(key,ctr,in,inlen,out)
-
-
-#define SM4_GCM_IV_MIN_SIZE		1
-#define SM4_GCM_IV_MAX_SIZE		(((uint64_t)1 << (64-3)) - 1) // 2305843009213693951
-
-#define SM4_GCM_IV_DEFAULT_BITS		96
-#define SM4_GCM_IV_DEFAULT_SIZE		12
-
-//#define NIST_SP800_GCM_MAX_IV_SIZE	(((uint64_t)1 << (64-3)) - 1) // 2305843009213693951
-
-#define SM4_GCM_MAX_IV_SIZE		64
-#define SM4_GCM_MIN_IV_SIZE		1
-#define SM4_GCM_DEFAULT_IV_SIZE		12
-
-#define SM4_GCM_MIN_AAD_SIZE		0
-#define SM4_GCM_MAX_AAD_SIZE		(((uint64_t)1 << (64-3)) - 1) // 2305843009213693951
-
-#define SM4_GCM_MIN_PLAINTEXT_SIZE	0
-#define SM4_GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3) // 68719476704
-
-#define SM4_GCM_MAX_TAG_SIZE		16
-#define SM4_GCM_MIN_TAG_SIZE		12
-// For certain applications (voice or video), tag may be 64 or 32 bits
-// see NIST Special Publication 800-38D, Appendix C for more details
-
-
-int sm4_gcm_encrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
-	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
-	uint8_t *out, size_t taglen, uint8_t *tag);
-int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
-	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
-	const uint8_t *tag, size_t taglen, uint8_t *out);
-
-
 typedef struct {
 	union {
 		SM4_KEY sm4_key;
@@ -91,14 +55,16 @@ typedef struct {
 	size_t block_nbytes;
 } SM4_CBC_CTX;
 
-int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
-int sm4_cbc_encrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_cbc_encrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
+_gmssl_export int sm4_cbc_encrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_cbc_encrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
+_gmssl_export int sm4_cbc_decrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_cbc_decrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
 
-int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
-int sm4_cbc_decrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_cbc_decrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
 
+void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[SM4_BLOCK_SIZE],
+	const uint8_t *in, size_t inlen, uint8_t *out);
 
 typedef struct {
 	union {
@@ -110,17 +76,36 @@ typedef struct {
 	size_t block_nbytes;
 } SM4_CTR_CTX;
 
-int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]);
-int sm4_ctr_encrypt_update(SM4_CTR_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_ctr_encrypt_finish(SM4_CTR_CTX *ctx, uint8_t *out, size_t *outlen);
-
-#define sm4_ctr_decrypt_init(ctx,key,ctr) sm4_ctr_encrypt_init(ctx,key,ctr)
-#define sm4_ctr_decrypt_update(ctx,in,inlen,out,outlen) sm4_ctr_encrypt_update(ctx,in,inlen,out,outlen)
-#define sm4_ctr_decrypt_finish(ctx,out,outlen) sm4_ctr_encrypt_finish(ctx,out,outlen)
+_gmssl_export int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]);
+_gmssl_export int sm4_ctr_encrypt_update(SM4_CTR_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_ctr_encrypt_finish(SM4_CTR_CTX *ctx, uint8_t *out, size_t *outlen);
 
 
-#include <gmssl/ghash.h>
-#include <gmssl/api.h>
+#define NIST_SP800_GCM_MAX_IV_SIZE	(((uint64_t)1 << (64-3)) - 1) // 2305843009213693951
+#define SM4_GCM_MAX_IV_SIZE		64
+#define SM4_GCM_MIN_IV_SIZE		1
+#define SM4_GCM_DEFAULT_IV_SIZE		12
+
+#define NIST_SP800_GCM_MAX_AAD_SIZE	(((uint64_t)1 << (64-3)) - 1) // 2305843009213693951
+#define SM4_GCM_MIN_AAD_SIZE		0
+#define SM4_GCM_MAX_AAD_SIZE		(1<<24) // 16MiB
+
+#define SM4_GCM_MIN_PLAINTEXT_SIZE	0
+#define SM4_GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3) // 68719476704
+
+#define SM4_GCM_MAX_TAG_SIZE		16
+#define SM4_GCM_MIN_TAG_SIZE		12
+#define SM4_GCM_DEFAULT_TAG_SIZE	16
+// For certain applications (voice or video), tag may be 64 or 32 bits
+// see NIST Special Publication 800-38D, Appendix C for more details
+
+int sm4_gcm_encrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t taglen, uint8_t *tag);
+int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	const uint8_t *tag, size_t taglen, uint8_t *out);
+
 
 typedef struct {
 	SM4_CTR_CTX enc_ctx;
@@ -131,9 +116,6 @@ typedef struct {
 	size_t maclen;
 } SM4_GCM_CTX;
 
-#define SM4_GCM_KEY_SIZE 16
-#define SM4_GCM_DEFAULT_TAG_SIZE 16
-
 _gmssl_export int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx,
 	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
 	const uint8_t *aad, size_t aadlen, size_t taglen);
@@ -150,8 +132,6 @@ _gmssl_export int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx,
 	uint8_t *out, size_t *outlen);
 
 
-
-
 #ifdef ENABLE_SM4_ECB
 // call `sm4_set_decrypt_key` before decrypt
 void sm4_ecb_encrypt(const SM4_KEY *key, const uint8_t *in, size_t nblocks, uint8_t *out);
@@ -171,7 +151,7 @@ int sm4_ecb_decrypt_init(SM4_ECB_CTX *ctx, const uint8_t key[SM4_BLOCK_SIZE]);
 int sm4_ecb_decrypt_update(SM4_ECB_CTX *ctx,
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 int sm4_ecb_decrypt_finish(SM4_ECB_CTX *ctx, uint8_t *out, size_t *outlen);
-#endif
+#endif // ENABLE_SM4_ECB
 
 
 #ifdef ENABLE_SM4_OFB
@@ -186,12 +166,12 @@ typedef struct {
 	size_t block_nbytes;
 } SM4_OFB_CTX;
 
-int sm4_ofb_encrypt_init(SM4_OFB_CTX *ctx,
+_gmssl_export int sm4_ofb_encrypt_init(SM4_OFB_CTX *ctx,
 	const uint8_t key[SM4_BLOCK_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
-int sm4_ofb_encrypt_update(SM4_OFB_CTX *ctx,
+_gmssl_export int sm4_ofb_encrypt_update(SM4_OFB_CTX *ctx,
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_ofb_encrypt_finish(SM4_OFB_CTX *ctx, uint8_t *out, size_t *outlen);
-#endif
+_gmssl_export int sm4_ofb_encrypt_finish(SM4_OFB_CTX *ctx, uint8_t *out, size_t *outlen);
+#endif // ENABLE_SM4_OFB
 
 
 #ifdef ENABLE_SM4_CFB
@@ -213,18 +193,18 @@ typedef struct {
 	size_t sbytes;
 } SM4_CFB_CTX;
 
-int sm4_cfb_encrypt_init(SM4_CFB_CTX *ctx, size_t sbytes,
+_gmssl_export int sm4_cfb_encrypt_init(SM4_CFB_CTX *ctx, size_t sbytes,
 	const uint8_t key[SM4_BLOCK_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
-int sm4_cfb_encrypt_update(SM4_CFB_CTX *ctx,
+_gmssl_export int sm4_cfb_encrypt_update(SM4_CFB_CTX *ctx,
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_cfb_encrypt_finish(SM4_CFB_CTX *ctx, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_cfb_encrypt_finish(SM4_CFB_CTX *ctx, uint8_t *out, size_t *outlen);
 
-int sm4_cfb_decrypt_init(SM4_CFB_CTX *ctx, size_t sbytes,
+_gmssl_export int sm4_cfb_decrypt_init(SM4_CFB_CTX *ctx, size_t sbytes,
 	const uint8_t key[SM4_BLOCK_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
-int sm4_cfb_decrypt_update(SM4_CFB_CTX *ctx,
+_gmssl_export int sm4_cfb_decrypt_update(SM4_CFB_CTX *ctx,
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_cfb_decrypt_finish(SM4_CFB_CTX *ctx, uint8_t *out, size_t *outlen);
-#endif
+_gmssl_export int sm4_cfb_decrypt_finish(SM4_CFB_CTX *ctx, uint8_t *out, size_t *outlen);
+#endif // ENABLE_SM4_CFB
 
 
 #ifdef ENABLE_SM4_CCM
@@ -234,21 +214,21 @@ int sm4_cfb_decrypt_finish(SM4_CFB_CTX *ctx, uint8_t *out, size_t *outlen);
 #define SM4_CCM_MAX_MAC_SIZE 16
 
 // make sure inlen < 2^((15 - ivlen) * 8)
-int sm4_ccm_encrypt(const SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,
+_gmssl_export int sm4_ccm_encrypt(const SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,
 	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
 	uint8_t *out, size_t taglen, uint8_t *tag);
-int sm4_ccm_decrypt(const SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,
+_gmssl_export int sm4_ccm_decrypt(const SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,
 	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
 	const uint8_t *tag, size_t taglen, uint8_t *out);
-#endif
+#endif // ENABLE_SM4_CCM
 
 
 #ifdef ENABLE_SM4_XTS
 // call `sm4_set_encrypt_key` to set both `key1` and `key2`
-int sm4_xts_encrypt(const SM4_KEY *key1, const SM4_KEY *key2, const uint8_t tweak[16],
+_gmssl_export int sm4_xts_encrypt(const SM4_KEY *key1, const SM4_KEY *key2, const uint8_t tweak[16],
 	const uint8_t *in, size_t inlen, uint8_t *out);
 // call `sm4_set_decrypt_key(key1)` and `sm4_set_encrypt_key(key2)`
-int sm4_xts_decrypt(const SM4_KEY *key1, const SM4_KEY *key2, const uint8_t tweak[16],
+_gmssl_export int sm4_xts_decrypt(const SM4_KEY *key1, const SM4_KEY *key2, const uint8_t tweak[16],
 	const uint8_t *in, size_t inlen, uint8_t *out);
 
 typedef struct {
@@ -260,13 +240,13 @@ typedef struct {
 	size_t block_nbytes;
 } SM4_XTS_CTX;
 
-int sm4_xts_encrypt_init(SM4_XTS_CTX *ctx, const uint8_t key[32], const uint8_t iv[16], size_t data_unit_size);
-int sm4_xts_encrypt_update(SM4_XTS_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_xts_encrypt_finish(SM4_XTS_CTX *ctx, uint8_t *out, size_t *outlen);
-int sm4_xts_decrypt_init(SM4_XTS_CTX *ctx, const uint8_t key[32], const uint8_t iv[16], size_t data_unit_size);
-int sm4_xts_decrypt_update(SM4_XTS_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_xts_decrypt_finish(SM4_XTS_CTX *ctx, uint8_t *out, size_t *outlen);
-#endif
+_gmssl_export int sm4_xts_encrypt_init(SM4_XTS_CTX *ctx, const uint8_t key[32], const uint8_t iv[16], size_t data_unit_size);
+_gmssl_export int sm4_xts_encrypt_update(SM4_XTS_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_xts_encrypt_finish(SM4_XTS_CTX *ctx, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_xts_decrypt_init(SM4_XTS_CTX *ctx, const uint8_t key[32], const uint8_t iv[16], size_t data_unit_size);
+_gmssl_export int sm4_xts_decrypt_update(SM4_XTS_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_xts_decrypt_finish(SM4_XTS_CTX *ctx, uint8_t *out, size_t *outlen);
+#endif // ENABLE_SM4_XTS
 
 
 #ifdef __cplusplus
diff --git a/src/digest.c b/src/digest.c
index 5f73b99c..87f147ed 100644
--- a/src/digest.c
+++ b/src/digest.c
@@ -118,7 +118,7 @@ const DIGEST *digest_from_name(const char *name)
 	return NULL;
 }
 
-static int sm3_digest_init(DIGEST_CTX *ctx)
+static int _sm3_digest_init(DIGEST_CTX *ctx)
 {
 	if (!ctx) {
 		error_print();
@@ -128,7 +128,7 @@ static int sm3_digest_init(DIGEST_CTX *ctx)
 	return 1;
 }
 
-static int sm3_digest_update(DIGEST_CTX *ctx, const uint8_t *in, size_t inlen)
+static int _sm3_digest_update(DIGEST_CTX *ctx, const uint8_t *in, size_t inlen)
 {
 	if (!ctx || (!in && inlen != 0)) {
 		error_print();
@@ -138,7 +138,7 @@ static int sm3_digest_update(DIGEST_CTX *ctx, const uint8_t *in, size_t inlen)
 	return 1;
 }
 
-static int sm3_digest_finish(DIGEST_CTX *ctx, uint8_t *dgst)
+static int _sm3_digest_finish(DIGEST_CTX *ctx, uint8_t *dgst)
 {
 	if (!ctx || !dgst) {
 		error_print();
@@ -153,9 +153,9 @@ static const DIGEST sm3_digest_object = {
 	SM3_DIGEST_SIZE,
 	SM3_BLOCK_SIZE,
 	sizeof(SM3_CTX),
-	sm3_digest_init,
-	sm3_digest_update,
-	sm3_digest_finish,
+	_sm3_digest_init,
+	_sm3_digest_update,
+	_sm3_digest_finish,
 };
 
 const DIGEST *DIGEST_sm3(void)
diff --git a/src/sm2_key.c b/src/sm2_key.c
index 179c0750..730d0e9b 100644
--- a/src/sm2_key.c
+++ b/src/sm2_key.c
@@ -525,8 +525,15 @@ int sm2_public_key_equ(const SM2_KEY *sm2_key, const SM2_KEY *pub_key)
 int sm2_public_key_digest(const SM2_KEY *sm2_key, uint8_t dgst[32])
 {
 	uint8_t bits[65];
-	sm2_z256_point_to_uncompressed_octets(&sm2_key->public_key, bits);
-	sm3_digest(bits, sizeof(bits), dgst);
+	SM3_CTX sm3_ctx;
+
+	if (sm2_z256_point_to_uncompressed_octets(&sm2_key->public_key, bits) != 1) {
+		error_print();
+		return -1;
+	}
+	sm3_init(&sm3_ctx);
+	sm3_update(&sm3_ctx, bits, sizeof(bits));
+	sm3_finish(&sm3_ctx, dgst);
 	return 1;
 }
 
diff --git a/src/sm2_z256.c b/src/sm2_z256.c
index bc2587de..3924e817 100644
--- a/src/sm2_z256.c
+++ b/src/sm2_z256.c
@@ -1693,7 +1693,10 @@ int sm2_z256_point_from_hash(SM2_Z256_POINT *R, const uint8_t *data, size_t data
 
 	do {
 		// x = sm3(data) mod p
-		sm3_digest(data, datalen, dgst);
+		SM3_CTX sm3_ctx;
+		sm3_init(&sm3_ctx);
+		sm3_update(&sm3_ctx, data, datalen);
+		sm3_finish(&sm3_ctx, dgst);
 
 		sm2_z256_from_bytes(x, dgst);
 		if (sm2_z256_cmp(x, SM2_Z256_P) >= 0) {
diff --git a/src/sm3.c b/src/sm3.c
index 80c73b7f..5c53fe65 100644
--- a/src/sm3.c
+++ b/src/sm3.c
@@ -203,6 +203,7 @@ void sm3_finish(SM3_CTX *ctx, uint8_t *digest)
 	}
 }
 
+/*
 void sm3_digest(const uint8_t *msg, size_t msglen,
 	uint8_t dgst[SM3_DIGEST_SIZE])
 {
@@ -212,3 +213,4 @@ void sm3_digest(const uint8_t *msg, size_t msglen,
 	sm3_finish(&ctx, dgst);
 	memset(&ctx, 0, sizeof(ctx));
 }
+*/
diff --git a/src/sm3_digest.c b/src/sm3_digest.c
index e1faf06a..828600d0 100644
--- a/src/sm3_digest.c
+++ b/src/sm3_digest.c
@@ -9,7 +9,7 @@
 
 
 #include <string.h>
-#include <gmssl/sm3_digest.h>
+#include <gmssl/sm3.h>
 #include <gmssl/error.h>
 
 
diff --git a/src/sm3_kdf.c b/src/sm3_kdf.c
index fd9a459e..7bcb1636 100644
--- a/src/sm3_kdf.c
+++ b/src/sm3_kdf.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -56,15 +56,3 @@ void sm3_kdf_finish(SM3_KDF_CTX *ctx, uint8_t *out)
 	memset(&sm3_ctx, 0, sizeof(SM3_CTX));
 	memset(dgst, 0, sizeof(dgst));
 }
-
-#if 0
-// add until v3.2.0
-void sm3_kdf(const uint8_t *in, size_t inlen, size_t outlen, uint8_t *out)
-{
-	SM3_KDF_CTX ctx;
-	sm3_kdf_init(&ctx, outlen);
-	sm3_kdf_update(&ctx, in, inlen);
-	sm3_kdf_finish(&ctx, out);
-	memset(&ctx, 0, sizeof(ctx));
-}
-#endif
diff --git a/src/sm4_ctr_sm3_hmac.c b/src/sm4_ctr_sm3_hmac.c
index ea83b61d..c785ca23 100644
--- a/src/sm4_ctr_sm3_hmac.c
+++ b/src/sm4_ctr_sm3_hmac.c
@@ -83,7 +83,7 @@ int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
 		return -1;
 	}
 	memset(ctx, 0, sizeof(*ctx));
-	if (sm4_ctr_decrypt_init(&ctx->enc_ctx, key, iv) != 1) {
+	if (sm4_ctr_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
 		error_print();
 		return -1;
 	}
@@ -124,7 +124,7 @@ int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in
 	if (inlen <= SM3_HMAC_SIZE) {
 		uint8_t tmp[SM3_HMAC_SIZE];
 		sm3_hmac_update(&ctx->mac_ctx, ctx->mac, inlen);
-		if (sm4_ctr_decrypt_update(&ctx->enc_ctx, ctx->mac, inlen, out, outlen) != 1) {
+		if (sm4_ctr_encrypt_update(&ctx->enc_ctx, ctx->mac, inlen, out, outlen) != 1) {
 			error_print();
 			return -1;
 		}
@@ -134,7 +134,7 @@ int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in
 		memcpy(ctx->mac, tmp, SM3_HMAC_SIZE);
 	} else {
 		sm3_hmac_update(&ctx->mac_ctx, ctx->mac, SM3_HMAC_SIZE);
-		if (sm4_ctr_decrypt_update(&ctx->enc_ctx, ctx->mac, SM3_HMAC_SIZE, out, outlen) != 1) {
+		if (sm4_ctr_encrypt_update(&ctx->enc_ctx, ctx->mac, SM3_HMAC_SIZE, out, outlen) != 1) {
 			error_print();
 			return -1;
 		}
@@ -142,7 +142,7 @@ int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in
 
 		inlen -= SM3_HMAC_SIZE;
 		sm3_hmac_update(&ctx->mac_ctx, in, inlen);
-		if (sm4_ctr_decrypt_update(&ctx->enc_ctx, in, inlen, out, &len) != 1) {
+		if (sm4_ctr_encrypt_update(&ctx->enc_ctx, in, inlen, out, &len) != 1) {
 			error_print();
 			return -1;
 		}
@@ -165,7 +165,7 @@ int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, siz
 		return -1;
 	}
 	sm3_hmac_finish(&ctx->mac_ctx, mac);
-	if (sm4_ctr_decrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
+	if (sm4_ctr_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
 		error_print();
 		return -1;
 	}
diff --git a/src/sm4_gcm.c b/src/sm4_gcm.c
index 880d2dc4..6cdd40c1 100644
--- a/src/sm4_gcm.c
+++ b/src/sm4_gcm.c
@@ -217,7 +217,7 @@ int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, ui
 	if (inlen <= ctx->taglen) {
 		uint8_t tmp[GHASH_SIZE];
 		ghash_update(&ctx->mac_ctx, ctx->mac, inlen);
-		if (sm4_ctr_decrypt_update(&ctx->enc_ctx, ctx->mac, inlen, out, outlen) != 1) {
+		if (sm4_ctr_encrypt_update(&ctx->enc_ctx, ctx->mac, inlen, out, outlen) != 1) {
 			error_print();
 			return -1;
 		}
@@ -227,7 +227,7 @@ int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, ui
 		memcpy(ctx->mac, tmp, GHASH_SIZE);
 	} else {
 		ghash_update(&ctx->mac_ctx, ctx->mac, ctx->taglen);
-		if (sm4_ctr_decrypt_update(&ctx->enc_ctx, ctx->mac, ctx->taglen, out, outlen) != 1) {
+		if (sm4_ctr_encrypt_update(&ctx->enc_ctx, ctx->mac, ctx->taglen, out, outlen) != 1) {
 			error_print();
 			return -1;
 		}
@@ -235,7 +235,7 @@ int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, ui
 
 		inlen -= ctx->taglen;
 		ghash_update(&ctx->mac_ctx, in, inlen);
-		if (sm4_ctr_decrypt_update(&ctx->enc_ctx, in, inlen, out, &len) != 1) {
+		if (sm4_ctr_encrypt_update(&ctx->enc_ctx, in, inlen, out, &len) != 1) {
 			error_print();
 			return -1;
 		}
@@ -258,7 +258,7 @@ int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen)
 		return -1;
 	}
 	ghash_finish(&ctx->mac_ctx, mac);
-	if (sm4_ctr_decrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
+	if (sm4_ctr_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
 		error_print();
 		return -1;
 	}
diff --git a/src/x509_ext.c b/src/x509_ext.c
index 19d3f039..15191237 100644
--- a/src/x509_ext.c
+++ b/src/x509_ext.c
@@ -350,16 +350,17 @@ int x509_exts_add_authority_key_identifier(uint8_t *exts, size_t *extslen, size_
 int x509_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen,
 	const SM2_KEY *public_key)
 {
-	uint8_t buf[65];
 	uint8_t id[32];
 	int critical = -1;
 
 	if (!public_key) {
 		return 0;
 	}
-	sm2_z256_point_to_uncompressed_octets(&public_key->public_key, buf);
-	sm3_digest(buf, sizeof(buf), id);
 
+	if (sm2_public_key_digest(public_key, id) != 1) {
+		error_print();
+		return -1;
+	}
 	if (x509_exts_add_authority_key_identifier(exts, extslen, maxlen, critical,
 		id, sizeof(id), NULL, 0, NULL, 0) != 1) {
 		error_print();
@@ -400,15 +401,16 @@ int x509_exts_add_subject_key_identifier(uint8_t *exts, size_t *extslen, size_t
 int x509_exts_add_subject_key_identifier_ex(uint8_t *exts, size_t *extslen, size_t maxlen,
 	int critical, const SM2_KEY *subject_key)
 {
-	uint8_t buf[65];
 	uint8_t id[32];
 
 	if (!subject_key) {
 		return 0;
 	}
-	sm2_z256_point_to_uncompressed_octets(&subject_key->public_key, buf);
-	sm3_digest(buf, sizeof(buf), id);
 
+	if (sm2_public_key_digest(subject_key, id) != 1) {
+		error_print();
+		return -1;
+	}
 	if (x509_exts_add_subject_key_identifier(exts, extslen, maxlen, critical, id, 32) != 1) {
 		error_print();
 		return -1;
diff --git a/tests/sm2_z256test.c b/tests/sm2_z256test.c
index 43eca63a..418f8c7a 100644
--- a/tests/sm2_z256test.c
+++ b/tests/sm2_z256test.c
@@ -12,10 +12,8 @@
 #include <string.h>
 #include <stdlib.h>
 #include <stdint.h>
-#include <gmssl/sm2.h>
 #include <gmssl/sm2_z256.h>
 #include <gmssl/sm3.h>
-#include <gmssl/sm3_digest.h>
 #include <gmssl/hex.h>
 #include <gmssl/rand.h>
 #include <gmssl/error.h>
diff --git a/tests/sm3test.c b/tests/sm3test.c
index 48143359..7770c642 100644
--- a/tests/sm3test.c
+++ b/tests/sm3test.c
@@ -144,14 +144,18 @@ static int test_sm3(void)
 	uint8_t testbuf[sizeof(testhex)/2 + 1000];
 	uint8_t dgstbuf[32];
 	size_t testbuflen, dgstbuflen;
+	SM3_CTX sm3_ctx;
 	uint8_t dgst[32];
 	size_t i;
 
 	for (i = 0; i < sizeof(testhex)/sizeof(testhex[0]); i++) {
+
 		hex_to_bytes(testhex[i], strlen(testhex[i]), testbuf, &testbuflen);
 		hex_to_bytes(dgsthex[i], strlen(dgsthex[i]), dgstbuf, &dgstbuflen);
 
-		sm3_digest(testbuf, testbuflen, dgst);
+		sm3_init(&sm3_ctx);
+		sm3_update(&sm3_ctx, testbuf, testbuflen);
+		sm3_finish(&sm3_ctx, dgst);
 
 		if (memcmp(dgstbuf, dgst, sizeof(dgst)) != 0) {
 			int n;
diff --git a/tests/sm4test.c b/tests/sm4test.c
index 0f83476d..fb455d11 100644
--- a/tests/sm4test.c
+++ b/tests/sm4test.c
@@ -80,7 +80,7 @@ static int test_sm4(void)
 	memset(&key, 0, sizeof(key));
 	memset(buf, 0, sizeof(buf));
 	sm4_set_decrypt_key(&key, user_key);
-	sm4_decrypt(&key, ciphertext, buf);
+	sm4_encrypt(&key, ciphertext, buf);
 	if (memcmp(buf, plaintext, sizeof(plaintext)) != 0) {
 		fprintf(stderr, "sm4 decrypt not pass!\n");
 		return -1;
@@ -185,7 +185,7 @@ static int test_sm4_ctr(void)
 	sm4_ctr_encrypt(&sm4_key, ctr, buf1, sizeof(buf1), buf2);
 
 	memset(ctr, 0, sizeof(ctr));
-	sm4_ctr_decrypt(&sm4_key, ctr, buf2, sizeof(buf2), buf3);
+	sm4_ctr_encrypt(&sm4_key, ctr, buf2, sizeof(buf2), buf3);
 
 	if (memcmp(buf1, buf3, sizeof(buf3)) != 0) {
 		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
@@ -229,7 +229,7 @@ static int test_sm4_ctr_with_carray(void)
 	}
 
 	hex_to_bytes(hex_ctr, strlen(hex_ctr), ctr, &ctrlen);
-	sm4_ctr_decrypt(&sm4_key, ctr, buf3, sizeof(buf3), buf2);
+	sm4_ctr_encrypt(&sm4_key, ctr, buf3, sizeof(buf3), buf2);
 
 	if (memcmp(buf2, buf1, sizeof(buf1)) != 0) {
 		error_print();
@@ -690,7 +690,7 @@ static int test_sm4_ctr_update_multi_times(void)
 	in = cbuf;
 	out = pbuf;
 	for (i = 0; i < sizeof(lens)/sizeof(lens[0]); i++) {
-		if (sm4_ctr_decrypt_update(&dec_ctx, in, lens[i], out, &len) != 1) {
+		if (sm4_ctr_encrypt_update(&dec_ctx, in, lens[i], out, &len) != 1) {
 			error_print();
 			return -1;
 		}
diff --git a/tests/x509_exttest.c b/tests/x509_exttest.c
index 1b2ca6c9..c45c926a 100644
--- a/tests/x509_exttest.c
+++ b/tests/x509_exttest.c
@@ -204,7 +204,11 @@ static int test_x509_authority_key_identifier(void)
 	const uint8_t *serialp;
 	size_t seriallen;
 
-	sm3_digest((uint8_t *)"abc", 3, keyid);
+	SM3_CTX sm3_ctx;
+	sm3_init(&sm3_ctx);
+	sm3_update(&sm3_ctx, (uint8_t *)"abc", 3);
+	sm3_finish(&sm3_ctx, keyid);
+
 	rand_bytes(serial, sizeof(serial));
 
 	if (x509_authority_key_identifier_to_der(
@@ -796,7 +800,8 @@ static int test_x509_cert_with_exts(void)
 	time(&not_before);
 	x509_validity_add_days(&not_after, not_before, 365);
 	sm2_key_generate(&sm2_key);
-	sm3_digest((uint8_t *)&(sm2_key.public_key), sizeof(SM2_POINT), uniq_id);
+
+	sm2_public_key_digest(&sm2_key, uniq_id);
 
 	if (x509_exts_add_authority_key_identifier(exts, &extslen, sizeof(exts), 1,
 			keyid, sizeof(keyid),
diff --git a/tools/sm3.c b/tools/sm3.c
index 1beaab3d..a3b2677f 100644
--- a/tools/sm3.c
+++ b/tools/sm3.c
@@ -13,7 +13,6 @@
 #include <string.h>
 #include <stdlib.h>
 #include <gmssl/sm2.h>
-#include <gmssl/sm3_digest.h>
 #include <gmssl/hex.h>
 #include <gmssl/error.h>
 
diff --git a/tools/sm3hmac.c b/tools/sm3hmac.c
index 90d57e23..bcf431aa 100644
--- a/tools/sm3hmac.c
+++ b/tools/sm3hmac.c
@@ -14,7 +14,7 @@
 #include <string.h>
 #include <gmssl/mem.h>
 #include <gmssl/hex.h>
-#include <gmssl/sm3_digest.h>
+#include <gmssl/sm3.h>
 
 
 static const char *usage = "-key hex [-in file | -in_str str] [-bin|-hex] [-out file]";