diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6b4f22cd..5f24964e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -72,83 +72,6 @@ set(src
 	src/file.c
 )
 
-option(ENABLE_TLS_DEBUG "Enable TLS and TLCP print debug message" OFF)
-if (ENABLE_TLS_DEBUG)
-	add_definitions(-DTLS_DEBUG)
-endif()
-
-
-option(ENABLE_SM3_AVX_BMI2 "Enable SM3 AVX+BMI2 assembly implementation" OFF)
-if (ENABLE_SM3_AVX_BMI2)
-	add_definitions(-DSM3_AVX_BMI2)
-	enable_language(ASM)
-	list(APPEND src src/sm3_avx_bmi2.s)
-endif()
-
-
-option(ENABLE_SM4_AESNI_AVX "Enable SM4 AESNI+AVX assembly implementation" OFF)
-if (ENABLE_SM4_AESNI_AVX)
-	list(APPEND src src/sm4_aesni_avx.c)
-	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=native")
-endif()
-
-
-option(ENABLE_BROKEN_CRYPTO "Enable broken crypto algorithms" OFF)
-set(broken_crypto_src
-	src/des.c
-	src/sha1.c
-	src/md5.c
-	src/rc4.c
-)
-if (ENABLE_BROKEN_CRYPTO)
-	list(APPEND src ${broken_crypto_src})
-endif()
-
-option(ENABLE_RDRND "Enable Intel RDRND instructions" OFF)
-if (${CMAKE_SYSTEM_PROCESSOR} MATCHES x86_64)
-	set(ENABLE_RDRND ON)
-endif()
-if (ENABLE_RDRND)
-	list(APPEND src src/rdrand.c)
-	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mrdrnd -mrdseed")
-endif()
-
-
-if (WIN32)
-	list(APPEND src src/rand_win.c)
-elseif (APPLE)
-	list(APPEND src src/rand_apple.c)
-elseif (ANDROID)
-	list(APPEND src src/rand.c)
-else()
-	list(APPEND src src/rand_unix.c)
-endif()
-
-
-
-option(BUILD_SHARED_LIBS "Build using shared libraries" ON)
-
-if (CMAKE_C_COMPILER_ID MATCHES "MSVC")
-	set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS ON) # set before add_library
-endif()
-
-add_library(gmssl ${src})
-
-
-if (WIN32)
-elseif (APPLE)
-	target_link_libraries(gmssl dl)
-	target_link_libraries(gmssl "-framework Security")
-	#target_link_libraries(gmssl "-framework CoreFoundation") # rand_apple.c CFRelease()
-elseif (MINGW)
-	target_link_libraries(gmssl PRIVATE wsock32)
-else()
-	target_link_libraries(gmssl dl)
-endif()
-
-
-SET_TARGET_PROPERTIES(gmssl PROPERTIES VERSION 3.0 SOVERSION 3)
-
 set(tools
 	tools/gmssl.c
 	tools/version.c
@@ -230,17 +153,83 @@ set(tests
 	tls13
 )
 
-set(broken_crypto_tests
-	des
-	sha1
-	md5
-	rc4
-)
 
-if (ENABLE_BROKEN_CRYPTO)
-	list(APPEND tests ${broken_crypto_tests})
+option(ENABLE_TLS_DEBUG "Enable TLS and TLCP print debug message" OFF)
+if (ENABLE_TLS_DEBUG)
+	add_definitions(-DTLS_DEBUG)
 endif()
 
+
+option(ENABLE_SM3_AVX_BMI2 "Enable SM3 AVX+BMI2 assembly implementation" OFF)
+if (ENABLE_SM3_AVX_BMI2)
+	add_definitions(-DSM3_AVX_BMI2)
+	enable_language(ASM)
+	list(APPEND src src/sm3_avx_bmi2.s)
+endif()
+
+
+option(ENABLE_SM4_AESNI_AVX "Enable SM4 AESNI+AVX assembly implementation" OFF)
+if (ENABLE_SM4_AESNI_AVX)
+	add_definitions(-DENABLE_SM4_AESNI_AVX)
+	list(APPEND src src/sm4_aesni_avx.c)
+	list(APPEND tests sm4_aesni_avx)
+	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=native")
+endif()
+
+
+option(ENABLE_BROKEN_CRYPTO "Enable broken crypto algorithms" OFF)
+if (ENABLE_BROKEN_CRYPTO)
+	list(APPEND src src/des.c src/sha1.c src/md5.c src/rc4.c)
+	list(APPEND tests des sha1 md5 rc4)
+endif()
+
+
+option(ENABLE_RDRND "Enable Intel RDRND instructions" OFF)
+if (${CMAKE_SYSTEM_PROCESSOR} MATCHES x86_64)
+	set(ENABLE_RDRND ON)
+endif()
+if (ENABLE_RDRND)
+	list(APPEND src src/rdrand.c)
+	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mrdrnd -mrdseed")
+endif()
+
+
+if (WIN32)
+	list(APPEND src src/rand_win.c)
+elseif (APPLE)
+	list(APPEND src src/rand_apple.c)
+elseif (ANDROID)
+	list(APPEND src src/rand.c)
+else()
+	list(APPEND src src/rand_unix.c)
+endif()
+
+
+
+option(BUILD_SHARED_LIBS "Build using shared libraries" ON)
+
+if (CMAKE_C_COMPILER_ID MATCHES "MSVC")
+	set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS ON) # set before add_library
+endif()
+
+add_library(gmssl ${src})
+
+
+if (WIN32)
+elseif (APPLE)
+	target_link_libraries(gmssl dl)
+	target_link_libraries(gmssl "-framework Security")
+	#target_link_libraries(gmssl "-framework CoreFoundation") # rand_apple.c CFRelease()
+elseif (MINGW)
+	target_link_libraries(gmssl PRIVATE wsock32)
+else()
+	target_link_libraries(gmssl dl)
+endif()
+
+
+SET_TARGET_PROPERTIES(gmssl PROPERTIES VERSION 3.0 SOVERSION 3)
+
+
 install(TARGETS gmssl ARCHIVE DESTINATION lib LIBRARY DESTINATION lib RUNTIME DESTINATION bin)
 install(DIRECTORY ${CMAKE_SOURCE_DIR}/include/gmssl DESTINATION include)
 
diff --git a/src/sm4_aesni_avx.c b/src/sm4_aesni_avx.c
index 6fb03f60..ee75142b 100644
--- a/src/sm4_aesni_avx.c
+++ b/src/sm4_aesni_avx.c
@@ -164,16 +164,23 @@ void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[16], const uint8_t *in, siz
 	uint8_t blocks[64];
 	size_t len, i;
 
-	while (inlen) {
-		len = inlen < 64 ? inlen : 64;
+	while (inlen >= 64) {
 		memcpy(blocks, ctr, 16); ctr_incr(ctr);
 		memcpy(blocks + 16, ctr, 16); ctr_incr(ctr);
 		memcpy(blocks + 32, ctr, 16); ctr_incr(ctr);
 		memcpy(blocks + 48, ctr, 16); ctr_incr(ctr);
 		sm4_aesni_avx_encrypt(key->rk, blocks, blocks);
-		for (i = 0; i < len; i++) {
-			out[i] = in[i] ^ blocks[i];
-		}
+		gmssl_memxor(out, in, blocks, 64);
+		in += 64;
+		out += 64;
+		inlen -= 64;
+	}
+
+	while (inlen) {
+		len = inlen < 16 ? inlen : 16;
+		sm4_encrypt(key, ctr, blocks);
+		gmssl_memxor(out, in, blocks, len);
+		ctr_incr(ctr);
 		in += len;
 		out += len;
 		inlen -= len;
@@ -181,79 +188,3 @@ void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[16], const uint8_t *in, siz
 
 	memset(blocks, 0, sizeof(blocks));
 }
-
-/*
-static int test_sm4_aesni_avx(void)
-{
-	const uint32_t rk[32] = {
-		0xf12186f9, 0x41662b61, 0x5a6ab19a, 0x7ba92077,
-		0x367360f4, 0x776a0c61, 0xb6bb89b3, 0x24763151,
-		0xa520307c, 0xb7584dbd, 0xc30753ed, 0x7ee55b57,
-		0x6988608c, 0x30d895b7, 0x44ba14af, 0x104495a1,
-		0xd120b428, 0x73b55fa3, 0xcc874966, 0x92244439,
-		0xe89e641f, 0x98ca015a, 0xc7159060, 0x99e1fd2e,
-		0xb79bd80c, 0x1d2115b0, 0x0e228aeb, 0xf1780c81,
-		0x428d3654, 0x62293496, 0x01cf72e5, 0x9124a012,
-	};
-	const uint8_t plaintext[16 * 4] = {
-		0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-		0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-		0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-		0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-	};
-	const uint8_t ciphertext[16 * 4] = {
-		0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e,
-		0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46,
-		0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e,
-		0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46,
-		0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e,
-		0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46,
-		0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e,
-		0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46,
-	};
-	const uint8_t ciphertext1m[16 * 4] = {
-		0x59, 0x52, 0x98, 0xc7, 0xc6, 0xfd, 0x27, 0x1f,
-		0x04, 0x02, 0xf8, 0x04, 0xc3, 0x3d, 0x3f, 0x66,
-		0x59, 0x52, 0x98, 0xc7, 0xc6, 0xfd, 0x27, 0x1f,
-		0x04, 0x02, 0xf8, 0x04, 0xc3, 0x3d, 0x3f, 0x66,
-		0x59, 0x52, 0x98, 0xc7, 0xc6, 0xfd, 0x27, 0x1f,
-		0x04, 0x02, 0xf8, 0x04, 0xc3, 0x3d, 0x3f, 0x66,
-		0x59, 0x52, 0x98, 0xc7, 0xc6, 0xfd, 0x27, 0x1f,
-		0x04, 0x02, 0xf8, 0x04, 0xc3, 0x3d, 0x3f, 0x66,
-	};
-
-	uint8_t buf[16 * 4];
-	int i;
-
-	// test encrypt once
-	sm4_aesni_avx_encrypt(rk, plaintext, buf);
-
-	if (memcmp(buf, ciphertext, sizeof(ciphertext)) != 0) {
-		fprintf(stderr, "%s %d: %s error\n", __FILE__, __LINE__, __FUNCTION__);
-		return -1;
-	}
-
-	// test encrypt 1000000 times
-	memcpy(buf, plaintext, sizeof(plaintext));
-	for (i = 0; i < 1000000; i++) {
-		sm4_aesni_avx_encrypt(rk, buf, buf);
-	}
-	if (memcmp(buf, ciphertext1m, sizeof(ciphertext1m)) != 0) {
-		fprintf(stderr, "%s %d: %s 1 million times error\n", __FILE__, __LINE__, __FUNCTION__);
-		return -1;
-	}
-
-	printf("%s() ok\n", __FUNCTION__);
-	return 1;
-}
-
-int main(void)
-{
-	test_sm4_aesni_avx();
-	return 0;
-}
-*/
diff --git a/tests/sm4_aesni_avxtest.c b/tests/sm4_aesni_avxtest.c
new file mode 100644
index 00000000..a4256cce
--- /dev/null
+++ b/tests/sm4_aesni_avxtest.c
@@ -0,0 +1,98 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/hex.h>
+#include <gmssl/sm4.h>
+#include <gmssl/error.h>
+#include <gmssl/rand.h>
+
+
+extern void sm4_aesni_avx_encrypt(const uint32_t rk[32], const uint8_t in[16 * 4], uint8_t out[16 * 4]);
+
+static int test_sm4_aesni_avx(void)
+{
+	const uint32_t rk[32] = {
+		0xf12186f9, 0x41662b61, 0x5a6ab19a, 0x7ba92077,
+		0x367360f4, 0x776a0c61, 0xb6bb89b3, 0x24763151,
+		0xa520307c, 0xb7584dbd, 0xc30753ed, 0x7ee55b57,
+		0x6988608c, 0x30d895b7, 0x44ba14af, 0x104495a1,
+		0xd120b428, 0x73b55fa3, 0xcc874966, 0x92244439,
+		0xe89e641f, 0x98ca015a, 0xc7159060, 0x99e1fd2e,
+		0xb79bd80c, 0x1d2115b0, 0x0e228aeb, 0xf1780c81,
+		0x428d3654, 0x62293496, 0x01cf72e5, 0x9124a012,
+	};
+	const uint8_t plaintext[16 * 4] = {
+		0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+		0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+		0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+		0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+	};
+	const uint8_t ciphertext[16 * 4] = {
+		0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e,
+		0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46,
+		0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e,
+		0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46,
+		0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e,
+		0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46,
+		0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e,
+		0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46,
+	};
+	const uint8_t ciphertext1m[16 * 4] = {
+		0x59, 0x52, 0x98, 0xc7, 0xc6, 0xfd, 0x27, 0x1f,
+		0x04, 0x02, 0xf8, 0x04, 0xc3, 0x3d, 0x3f, 0x66,
+		0x59, 0x52, 0x98, 0xc7, 0xc6, 0xfd, 0x27, 0x1f,
+		0x04, 0x02, 0xf8, 0x04, 0xc3, 0x3d, 0x3f, 0x66,
+		0x59, 0x52, 0x98, 0xc7, 0xc6, 0xfd, 0x27, 0x1f,
+		0x04, 0x02, 0xf8, 0x04, 0xc3, 0x3d, 0x3f, 0x66,
+		0x59, 0x52, 0x98, 0xc7, 0xc6, 0xfd, 0x27, 0x1f,
+		0x04, 0x02, 0xf8, 0x04, 0xc3, 0x3d, 0x3f, 0x66,
+	};
+
+	uint8_t buf[16 * 4];
+	int i;
+
+	// test encrypt once
+	sm4_aesni_avx_encrypt(rk, plaintext, buf);
+
+	if (memcmp(buf, ciphertext, sizeof(ciphertext)) != 0) {
+		fprintf(stderr, "%s %d: %s error\n", __FILE__, __LINE__, __FUNCTION__);
+		return -1;
+	}
+
+	// test encrypt 1000000 times
+	memcpy(buf, plaintext, sizeof(plaintext));
+	for (i = 0; i < 1000000; i++) {
+		sm4_aesni_avx_encrypt(rk, buf, buf);
+	}
+	if (memcmp(buf, ciphertext1m, sizeof(ciphertext1m)) != 0) {
+		fprintf(stderr, "%s %d: %s 1 million times error\n", __FILE__, __LINE__, __FUNCTION__);
+		return -1;
+	}
+
+	printf("%s() ok\n", __FUNCTION__);
+	return 1;
+}
+
+int main(void)
+{
+	if (test_sm4_aesni_avx() != 1) goto err;
+	printf("%s all tests passed\n", __FILE__);
+	return 0;
+err:
+	error_print();
+	return 1;
+}
diff --git a/tests/sm4test.c b/tests/sm4test.c
index d101e778..16edb93b 100644
--- a/tests/sm4test.c
+++ b/tests/sm4test.c
@@ -223,9 +223,9 @@ static int test_sm4_ctr_with_carray(void)
 	sm4_ctr_encrypt(&sm4_key, ctr, buf1, sizeof(buf1), buf2);
 
 	if (memcmp(buf2, buf3, sizeof(buf3)) != 0) {
-			error_print();
-			return -1;
-		}
+		error_print();
+		return -1;
+	}
 
 	hex_to_bytes(hex_ctr, strlen(hex_ctr), ctr, &ctrlen);
 	sm4_ctr_decrypt(&sm4_key, ctr, buf3, sizeof(buf3), buf2);