diff --git a/CMakeLists.txt b/CMakeLists.txt
index eade65ad..f27faef9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -819,7 +819,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1078")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1079")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)
diff --git a/include/gmssl/version.h b/include/gmssl/version.h
index 6272c4b9..6288af97 100644
--- a/include/gmssl/version.h
+++ b/include/gmssl/version.h
@@ -18,7 +18,7 @@ extern "C" {
 
 
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1078"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1079"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);
diff --git a/tools/crlget.c b/tools/crlget.c
index 3b703637..c2b91f03 100644
--- a/tools/crlget.c
+++ b/tools/crlget.c
@@ -144,12 +144,15 @@ bad:
 		goto end;
 	}
 
-	fwrite(crl, crl_len, 1, outfp);
-
+	if (fwrite(crl, crl_len, 1, outfp) != 1) {
+		error_print();
+		goto end;
+	}
 
 	ret = 0;
 end:
 	if (cert) free(cert);
+	if (crl) free(crl);
 	if (outfile && outfp) fclose(outfp);
 	return ret;
 }
diff --git a/tools/hsskeygen.c b/tools/hsskeygen.c
index 5b5b9707..e9615f70 100644
--- a/tools/hsskeygen.c
+++ b/tools/hsskeygen.c
@@ -77,6 +77,7 @@ int hsskeygen_main(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			lms_types = *(++argv);
 			strncpy(lms_types_str, lms_types, sizeof(lms_types_str));
+			lms_types_str[sizeof(lms_types_str) - 1] = 0;
 
 			tok = strtok(lms_types_str, ":");
 			while (tok) {
diff --git a/tools/p256keygen.c b/tools/p256keygen.c
index de3def3c..02ad3617 100644
--- a/tools/p256keygen.c
+++ b/tools/p256keygen.c
@@ -103,11 +103,11 @@ bad:
 
 	if (x509_key_generate(&key, OID_ec_public_key, &curve_oid, sizeof(curve_oid)) != 1) {
 		fprintf(stderr, "gmssl %s: inner failure\n", prog);
-		return -1;
+		goto end;
 	}
 	if (x509_private_key_info_encrypt_to_pem(&key, pass, outfp) != 1) {
 		fprintf(stderr, "gmssl %s: inner failure\n", prog);
-		return -1;
+		goto end;
 	}
 	if (x509_public_key_info_to_pem(&key, puboutfp) != 1) {
 		fprintf(stderr, "gmssl %s: inner failure\n", prog);
diff --git a/tools/sdfutil.c b/tools/sdfutil.c
index 117b265d..bed21b23 100644
--- a/tools/sdfutil.c
+++ b/tools/sdfutil.c
@@ -178,6 +178,7 @@ bad:
 
 		if ((ret = sdf_sign(&key, dgst, sig, &siglen)) != 1) {
 			fprintf(stderr, "%s: inner error\n", prog);
+			ret = -1;
 			goto end;
 		}
 		if (fwrite(sig, 1, siglen, outfp) != siglen) {
diff --git a/tools/sm9decrypt.c b/tools/sm9decrypt.c
index e7c35864..c8aa2701 100644
--- a/tools/sm9decrypt.c
+++ b/tools/sm9decrypt.c
@@ -96,7 +96,7 @@ int sm9decrypt_main(int argc, char **argv)
 		} else {
 bad:
 			fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
-			return 1;
+			goto end;
 		}
 
 		argc--;
diff --git a/tools/sm9encrypt.c b/tools/sm9encrypt.c
index 773abdd6..80460f3f 100644
--- a/tools/sm9encrypt.c
+++ b/tools/sm9encrypt.c
@@ -90,7 +90,7 @@ int sm9encrypt_main(int argc, char **argv)
 		} else {
 bad:
 			fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
-			return 1;
+			goto end;
 		}
 
 		argc--;
@@ -103,7 +103,7 @@ bad:
 	}
 	if (sm9_enc_master_public_key_from_pem(&mpk, mpkfp) != 1) {
 		error_print();
-		return -1;
+		goto end;
 	}
 	if ((inlen = fread(inbuf, 1, sizeof(inbuf), infp)) <= 0) {
 		error_print();
diff --git a/tools/sm9keygen.c b/tools/sm9keygen.c
index 3fc701c1..ab90eea5 100644
--- a/tools/sm9keygen.c
+++ b/tools/sm9keygen.c
@@ -101,7 +101,7 @@ int sm9keygen_main(int argc, char **argv)
 		} else {
 bad:
 			fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
-			return 1;
+			goto end;
 		}
 
 
@@ -147,5 +147,5 @@ end:
 	gmssl_secure_clear(&enc_key, sizeof(enc_key));
 	if (infile && infp) fclose(infp);
 	if (outfile && outfp) fclose(outfp);
-	return 1;
+	return ret;
 }
diff --git a/tools/sm9setup.c b/tools/sm9setup.c
index ef134b11..dd3a6195 100644
--- a/tools/sm9setup.c
+++ b/tools/sm9setup.c
@@ -90,7 +90,7 @@ int sm9setup_main(int argc, char **argv)
 		} else {
 bad:
 			fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
-			return 1;
+			goto end;
 		}
 
 		argc--;
@@ -142,7 +142,7 @@ end:
 	gmssl_secure_clear(&enc_msk, sizeof(enc_msk));
 	if (outfile && outfp) fclose(outfp);
 	if (puboutfile && puboutfp) fclose(puboutfp);
-	return 1;
+	return ret;
 }
 
 
diff --git a/tools/sm9sign.c b/tools/sm9sign.c
index df689ffa..0aa026be 100644
--- a/tools/sm9sign.c
+++ b/tools/sm9sign.c
@@ -93,7 +93,7 @@ int sm9sign_main(int argc, char **argv)
 		} else {
 bad:
 			fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
-			return 1;
+			goto end;
 		}
 
 		argc--;
@@ -107,7 +107,7 @@ bad:
 
 	if (sm9_sign_key_info_decrypt_from_pem(&key, pass, keyfp) != 1) {
 		error_print();
-		return -1;
+		goto end;
 	}
 
 	if (sm9_sign_init(&ctx) != 1) {
diff --git a/tools/sm9verify.c b/tools/sm9verify.c
index f375e723..da36e7c0 100644
--- a/tools/sm9verify.c
+++ b/tools/sm9verify.c
@@ -92,7 +92,7 @@ int sm9verify_main(int argc, char **argv)
 		} else {
 bad:
 			fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
-			return 1;
+			goto end;
 		}
 
 		argc--;
diff --git a/tools/xmssmtkeygen.c b/tools/xmssmtkeygen.c
index 18c8869c..c39fe8ef 100644
--- a/tools/xmssmtkeygen.c
+++ b/tools/xmssmtkeygen.c
@@ -151,7 +151,7 @@ bad:
 
 	ret = 0;
 end:
-	//xmss_key_cleanup(&key);
+	xmss_key_cleanup(&key);
 	if (out) {
 		gmssl_secure_clear(out, outlen);
 		free(out);