Update CMake to support a smallest build

CMakeLists.txt

@@ -45,33 +45,38 @@ option(ENABLE_SM4_CL "Enable SM4 OpenCL" OFF)
 option(ENABLE_INTEL_RDRAND "Enable Intel RDRAND instructions" OFF)
 option(ENABLE_INTEL_RDSEED "Enable Intel RDSEED instructions" OFF)
 
-option(ENABLE_SM4_ECB "Enable SM4 ECB mode" ON)
+option(ENABLE_SM4_ECB "Enable SM4 ECB mode" OFF)
-option(ENABLE_SM4_OFB "Enable SM4 OFB mode" ON)
+option(ENABLE_SM4_OFB "Enable SM4 OFB mode" OFF)
-option(ENABLE_SM4_CFB "Enable SM4 CFB mode" ON)
+option(ENABLE_SM4_CFB "Enable SM4 CFB mode" OFF)
-option(ENABLE_SM4_CCM "Enable SM4 CCM mode" ON)
+option(ENABLE_SM4_CCM "Enable SM4 CCM mode" OFF)
-option(ENABLE_SM4_XTS "Enable SM4 XTS mode" ON)
+option(ENABLE_SM4_XTS "Enable SM4 XTS mode" OFF)
-option(ENABLE_SM4_CBC_MAC "Enable SM4-CBC-MAC" ON)
+option(ENABLE_SM4_CBC_MAC "Enable SM4-CBC-MAC" OFF)
 
 option(ENABLE_SM2_EXTS "Enable SM2 Extensions" OFF)
+option(ENABLE_SM9 "Enable SM9" OFF)
+option(ENABLE_CMS "Enable CMS" OFF)
 
-option(ENABLE_SECP256R1 "Enable ECDH/ECDSA on curve secp256r1" ON)
+option(ENABLE_SECP256R1 "Enable ECDH/ECDSA on curve secp256r1" OFF)
 
-option(ENABLE_LMS "Enable LMS/HSS signature" ON)
+option(ENABLE_LMS "Enable LMS/HSS signature" OFF)
-option(ENABLE_XMSS "Enable XMSS/XMSS^MT signature" ON)
+option(ENABLE_XMSS "Enable XMSS/XMSS^MT signature" OFF)
-option(ENABLE_SPHINCS "Enable SPHINCS+ signature" ON)
+option(ENABLE_SPHINCS "Enable SPHINCS+ signature" OFF)
-option(ENABLE_KYBER "Enable Kyber" ON)
+option(ENABLE_KYBER "Enable Kyber" OFF)
 
-option(ENABLE_SHA1 "Enable SHA1" ON)
+option(ENABLE_SHA1 "Enable SHA1" OFF)
-option(ENABLE_SHA2 "Enable SHA2" ON)
+option(ENABLE_SHA2 "Enable SHA2" OFF)
-option(ENABLE_AES "Enable AES" ON)
+option(ENABLE_AES "Enable AES" OFF)
-option(ENABLE_CHACHA20 "Enable Chacha20" ON)
+option(ENABLE_CHACHA20 "Enable Chacha20" OFF)
+option(ENABLE_ZUC "Enable ZUC" OFF)
+option(ENABLE_GHASH "Enable standalone GHASH command and test" OFF)
 
 option(ENABLE_SKF "Enable SKF module" OFF)
-option(ENABLE_SDF "Enable SDF module" ON)
+option(ENABLE_SDF "Enable SDF module" OFF)
 
 option(ENABLE_ASM_UNDERSCORE_PREFIX "Add prefix `_` to assembly symbols" ON)
 
-option(ENABLE_TLS_DEBUG "Enable TLS and TLCP print debug message" ON)
+option(ENABLE_TLS "Enable TLS and TLCP protocol support" OFF)
+option(ENABLE_TLS_DEBUG "Enable TLS and TLCP print debug message" OFF)
 
 option (ENABLE_SM2_ENC_PRE_COMPUTE "Enable SM2 encryption precomputing" ON)
 
@@ -93,14 +98,6 @@ set(src
 	src/sm2_sign.c
 	src/sm2_enc.c
 	src/sm2_exch.c
-	src/sm9_z256.c
-	src/sm9_z256_table.c
-	src/sm9_key.c
-	src/sm9_sign.c
-	src/sm9_enc.c
-	src/sm9_exch.c
-	src/zuc.c
-	src/zuc_modes.c
 	src/block_cipher.c
 	src/digest.c
 	src/hmac.c
@@ -110,9 +107,7 @@ set(src
 	src/sm4_cbc_sm3_hmac.c
 	src/sm4_ctr_sm3_hmac.c
 	src/pkcs8.c
-	src/bn.c
 	src/ec.c
-	src/rsa.c
 	src/asn1.c
 	src/hex.c
 	src/base64.c
@@ -124,19 +119,7 @@ set(src
 	src/x509_crl.c
 	src/x509_new.c
 	src/x509_key.c
-	src/cms.c
+	src/rsa.c
-	src/socket.c
-	src/tls.c
-	src/tls_ext.c
-	src/tls_psk.c
-	src/tls_sni.c
-	src/tls_sct.c
-	src/tls_ocsp.c
-	src/tls_cookie.c
-	src/tls_trace.c
-	src/tlcp.c
-	src/tls12.c
-	src/tls13.c
 	src/file.c
 )
 
@@ -157,15 +140,7 @@ set(tools
 	tools/sm2verify.c
 	tools/sm2encrypt.c
 	tools/sm2decrypt.c
-	tools/sm9setup.c
-	tools/sm9keygen.c
-	tools/sm9sign.c
-	tools/sm9verify.c
-	tools/sm9encrypt.c
-	tools/sm9decrypt.c
-	tools/zuc.c
 	tools/rand.c
-	tools/ghash.c
 	tools/certgen.c
 	tools/certparse.c
 	tools/certverify.c
@@ -177,17 +152,6 @@ set(tools
 	tools/crlget.c
 	tools/crlparse.c
 	tools/crlverify.c
-	tools/cmssign.c
-	tools/cmsverify.c
-	tools/cmsencrypt.c
-	tools/cmsdecrypt.c
-	tools/cmsparse.c
-	tools/tlcp_client.c
-	tools/tlcp_server.c
-	tools/tls12_client.c
-	tools/tls12_server.c
-	tools/tls13_client.c
-	tools/tls13_server.c
 )
 
 set(tests
@@ -201,16 +165,11 @@ set(tests
 	sm2_key
 	sm2_sign
 	sm2_enc
-	sm9
-	zuc
 	block_cipher
 	digest
-	hmac
 	hkdf
 	gf128
-	ghash
 	pkcs8
-	bn
 	ec
 	asn1
 	hex
@@ -224,10 +183,6 @@ set(tests
 	x509_req
 	x509_crl
 	x509_key
-	cms
-	tls
-	tls13
-	tls_ocsp
 )
 
 
@@ -291,6 +246,9 @@ if (ENABLE_SM2_NEON)
 endif()
 
 if (ENABLE_SM9_ARM64)
+	if (NOT ENABLE_SM9)
+		message(FATAL_ERROR "ENABLE_SM9_ARM64 requires ENABLE_SM9")
+	endif()
 	message(STATUS "ENABLE_SM9_ARM64 is ON")
 	add_definitions(-DENABLE_SM9_ARM64)
 	enable_language(ASM)
@@ -429,12 +387,47 @@ if (ENABLE_SM2_EXTS)
 endif()
 
 
+if (ENABLE_SM9)
+	message(STATUS "ENABLE_SM9 is ON")
+	add_definitions(-DENABLE_SM9)
+	list(APPEND src
+		src/sm9_z256.c
+		src/sm9_z256_table.c
+		src/sm9_key.c
+		src/sm9_sign.c
+		src/sm9_enc.c
+		src/sm9_exch.c)
+	list(APPEND tools
+		tools/sm9setup.c
+		tools/sm9keygen.c
+		tools/sm9sign.c
+		tools/sm9verify.c
+		tools/sm9encrypt.c
+		tools/sm9decrypt.c)
+	list(APPEND tests sm9)
+endif()
+
+
+if (ENABLE_CMS)
+	message(STATUS "ENABLE_CMS is ON")
+	add_definitions(-DENABLE_CMS)
+	list(APPEND src src/cms.c)
+	list(APPEND tools
+		tools/cmssign.c
+		tools/cmsverify.c
+		tools/cmsencrypt.c
+		tools/cmsdecrypt.c
+		tools/cmsparse.c)
+	list(APPEND tests cms)
+endif()
+
+
 if (ENABLE_SECP256R1)
 	message(STATUS "ENABLE_SECP256R1 is ON")
 	add_definitions(-DENABLE_SECP256R1)
-	list(APPEND src src/secp256r1.c src/secp256r1_key.c src/ecdsa.c src/ecdh.c)
+	list(APPEND src src/bn.c src/secp256r1.c src/secp256r1_key.c src/ecdsa.c src/ecdh.c)
 	list(APPEND tools tools/p256keygen.c)
-	list(APPEND tests secp256r1 secp256r1_key ecdsa)
+	list(APPEND tests bn secp256r1 secp256r1_key ecdsa)
 endif()
 
 
@@ -507,7 +500,7 @@ if (ENABLE_SHA2)
 	add_definitions(-DENABLE_SHA2)
 	list(APPEND src src/sha256.c src/sha512.c)
 	list(APPEND src src/sha256_hmac.c)
-	list(APPEND tests sha224 sha256 sha384 sha512)
+	list(APPEND tests sha224 sha256 sha384 sha512 hmac)
 endif()
 
 
@@ -525,6 +518,47 @@ if (ENABLE_CHACHA20)
 	list(APPEND tests chacha20)
 endif()
 
+if (ENABLE_ZUC)
+	message(STATUS "ENABLE_ZUC is ON")
+	add_definitions(-DENABLE_ZUC)
+	list(APPEND src src/zuc.c src/zuc_modes.c)
+	list(APPEND tools tools/zuc.c)
+	list(APPEND tests zuc)
+endif()
+
+if (ENABLE_GHASH)
+	message(STATUS "ENABLE_GHASH is ON")
+	add_definitions(-DENABLE_GHASH)
+	list(APPEND tools tools/ghash.c)
+	list(APPEND tests ghash)
+endif()
+
+if (ENABLE_TLS)
+	message(STATUS "ENABLE_TLS is ON")
+	add_definitions(-DENABLE_TLS)
+	list(APPEND src
+		src/socket.c
+		src/tls.c
+		src/tls_ext.c
+		src/tls_psk.c
+		src/tls_sni.c
+		src/tls_sct.c
+		src/tls_ocsp.c
+		src/tls_cookie.c
+		src/tls_trace.c
+		src/tlcp.c
+		src/tls12.c
+		src/tls13.c)
+	list(APPEND tools
+		tools/tlcp_client.c
+		tools/tlcp_server.c
+		tools/tls12_client.c
+		tools/tls12_server.c
+		tools/tls13_client.c
+		tools/tls13_server.c)
+	list(APPEND tests tls tls13 tls_ocsp)
+endif()
+
 
 if (ENABLE_INTEL_RDRAND)
 	include(CheckSourceCompiles)
@@ -695,7 +729,7 @@ endif()
 add_test(NAME sm3_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/sm3_commands.cmake")
 add_test(NAME sm2_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/sm2_commands.cmake")
 add_test(NAME cert_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/cert_commands.cmake")
-if(NOT WIN32)
+if(ENABLE_TLS AND NOT WIN32)
 	add_test(NAME tlcp_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/tlcp_commands.cmake")
 	add_test(NAME tls12_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake")
 	add_test(NAME tls13_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")

include/gmssl/x509_key.h

@@ -19,13 +19,25 @@
 #include <gmssl/oid.h>
 #include <gmssl/asn1.h>
 #include <gmssl/sm2.h>
+#ifdef ENABLE_SM9
 #include <gmssl/sm9.h>
+#endif
+#ifdef ENABLE_SECP256R1
 #include <gmssl/secp256r1_key.h>
 #include <gmssl/ecdsa.h>
+#endif
+#ifdef ENABLE_LMS
 #include <gmssl/lms.h>
+#endif
+#ifdef ENABLE_XMSS
 #include <gmssl/xmss.h>
+#endif
+#ifdef ENABLE_SPHINCS
 #include <gmssl/sphincs.h>
+#endif
+#ifdef ENABLE_KYBER
 #include <gmssl/kyber.h>
+#endif
 
 
 #ifdef __cplusplus
@@ -38,28 +50,52 @@ typedef struct {
 	int algor_param;
 	union {
 		SM2_KEY sm2_key;
+#ifdef ENABLE_SECP256R1
 		SECP256R1_KEY secp256r1_key;
+#endif
+#ifdef ENABLE_LMS
 		LMS_KEY lms_key;
 		HSS_KEY hss_key;
+#endif
+#ifdef ENABLE_XMSS
 		XMSS_KEY xmss_key;
 		XMSSMT_KEY xmssmt_key;
+#endif
+#ifdef ENABLE_SPHINCS
 		SPHINCS_KEY sphincs_key;
+#endif
+#ifdef ENABLE_KYBER
 		KYBER_KEY kyber_key;
+#endif
+#ifdef ENABLE_SM9
 		SM9_SIGN_MASTER_KEY sm9_sign_master_key; // OID_sm9,OID_sm9sign
 		SM9_SIGN_KEY sm9_sign_key; // OID_sm9sign,OID_undef
+#endif
 	} u;
 } X509_KEY;
 
 int x509_key_set_sm2_key(X509_KEY *x509_key, const SM2_KEY *sm2_key);
+#ifdef ENABLE_SECP256R1
 int x509_key_set_secp256r1_key(X509_KEY *x509_key, const SECP256R1_KEY *secp256r1_key);
+#endif
+#ifdef ENABLE_LMS
 int x509_key_set_lms_key(X509_KEY *x509_key, const LMS_KEY *lms_key);
 int x509_key_set_hss_key(X509_KEY *x509_key, const HSS_KEY *hss_key);
+#endif
+#ifdef ENABLE_XMSS
 int x509_key_set_xmss_key(X509_KEY *x509_key, const XMSS_KEY *xmss_key);
 int x509_key_set_xmssmt_key(X509_KEY *x509_key, const XMSSMT_KEY *xmssmt_key);
+#endif
+#ifdef ENABLE_SPHINCS
 int x509_key_set_sphincs_key(X509_KEY *x509_key, const SPHINCS_KEY *sphincs_key);
+#endif
+#ifdef ENABLE_KYBER
 int x509_key_set_kyber_key(X509_KEY *x509_key, const KYBER_KEY *kyber_key);
+#endif
+#ifdef ENABLE_SM9
 int x509_key_set_sm9_sign_key(X509_KEY *x509_key, const SM9_SIGN_KEY *sm9_sign_key);
 int x509_key_set_sm9_sign_master_key(X509_KEY *x509_key, const SM9_SIGN_MASTER_KEY *sm9_sign_master_key);
+#endif
 
 /*
    algor:			param				paramlen
@@ -153,12 +189,20 @@ int x509_private_keys_from_file(X509_KEY *keys, size_t *keys_cnt, size_t max_cnt
 
 typedef union {
 	uint8_t sm2_sig[SM2_MAX_SIGNATURE_SIZE];
+#ifdef ENABLE_LMS
 	LMS_SIGNATURE lms_sig;
 	HSS_SIGNATURE hss_sig;
+#endif
+#ifdef ENABLE_XMSS
 	XMSS_SIGNATURE xmss_sig;
 	XMSSMT_SIGNATURE xmssmt_sig;
+#endif
+#ifdef ENABLE_SPHINCS
 	SPHINCS_SIGNATURE sphincs_sig;
+#endif
+#ifdef ENABLE_SECP256R1
 	uint8_t ecdsa_sig[SM2_MAX_SIGNATURE_SIZE];
+#endif
 } X509_SIGNATURE;
 
 // FIXME: give sizeof to a number
@@ -168,13 +212,23 @@ typedef struct {
 	union {
 		SM2_SIGN_CTX sm2_sign_ctx;
 		SM2_VERIFY_CTX sm2_verify_ctx;
+#ifdef ENABLE_SECP256R1
 		ECDSA_SIGN_CTX ecdsa_sign_ctx;
+#endif
+#ifdef ENABLE_SM9
 		SM9_SIGN_CTX sm9_sign_ctx;
+#endif
+#ifdef ENABLE_LMS
 		LMS_SIGN_CTX lms_sign_ctx;
 		HSS_SIGN_CTX hss_sign_ctx;
+#endif
+#ifdef ENABLE_XMSS
 		XMSS_SIGN_CTX xmss_sign_ctx;
 		XMSSMT_SIGN_CTX xmssmt_sign_ctx;
+#endif
+#ifdef ENABLE_SPHINCS
 		SPHINCS_SIGN_CTX sphincs_sign_ctx;
+#endif
 	} u;
 	X509_KEY key;
 	const void *args;

tests/x509_keytest.c

@@ -19,24 +19,36 @@
 #include <gmssl/x509_key.h>
 
 
-int lms_types[] = {
+#ifdef ENABLE_LMS
+static int lms_types[] = {
 	LMS_HASH256_M32_H5,
 	LMS_HASH256_M32_H5,
 	LMS_HASH256_M32_H5,
 };
+#endif
 
 struct {
 	int algor;
 	int algor_param;
 } tests[] = {
 	{ OID_ec_public_key, OID_sm2 },
+#ifdef ENABLE_SECP256R1
 	{ OID_ec_public_key, OID_secp256r1 },
+#endif
+#ifdef ENABLE_LMS
 	{ OID_lms_hashsig, LMS_HASH256_M32_H5 },
 	{ OID_hss_lms_hashsig, OID_undef }, // use lms_types[]
+#endif
+#ifdef ENABLE_XMSS
 	{ OID_xmss_hashsig, XMSS_HASH256_10_256 },
 	{ OID_xmssmt_hashsig, XMSSMT_HASH256_20_4_256 },
+#endif
+#ifdef ENABLE_SPHINCS
 	{ OID_sphincs_hashsig, OID_undef },
+#endif
+#ifdef ENABLE_KYBER
 	{ OID_kyber_kem, OID_undef },
+#endif
 };
 
 X509_KEY x509_keys[sizeof(tests)/sizeof(tests[0])];
@@ -51,15 +63,23 @@ static int test_x509_key_generate(void)
 		size_t paramlen = 0;
 
 		switch (tests[i].algor) {
+#ifdef ENABLE_LMS
 		case OID_hss_lms_hashsig:
 			param = lms_types;
 			paramlen = sizeof(lms_types);
 			break;
+#endif
+#ifdef ENABLE_SPHINCS
 		case OID_sphincs_hashsig:
+#endif
+#ifdef ENABLE_KYBER
 		case OID_kyber_kem:
+#endif
+#if defined(ENABLE_SPHINCS) || defined(ENABLE_KYBER)
 			param = NULL;
 			paramlen = 0;
 			break;
+#endif
 		default:
 			param = &tests[i].algor_param;
 			paramlen = sizeof(tests[i].algor_param);
@@ -432,6 +452,7 @@ static int test_x509_sign(void)
 	return 1;
 }
 
+#ifdef ENABLE_SM9
 static int test_x509_sign_sm9(void)
 {
 	SM9_SIGN_MASTER_KEY sm9_sign_master_key;
@@ -490,6 +511,7 @@ static int test_x509_sign_sm9(void)
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
+#endif
 
 static int test_x509_key_exchange(void)
 {
@@ -566,6 +588,7 @@ static int test_x509_key_exchange(void)
 	return 1;
 }
 
+#ifdef ENABLE_KYBER
 static int test_x509_kem(void)
 {
 	uint8_t ciphertext[sizeof(KYBER_CIPHERTEXT)];
@@ -600,6 +623,7 @@ static int test_x509_kem(void)
 	printf("%s() ok\n", __FUNCTION__);
 	return 1;
 }
+#endif
 
 int main(void)
 {
@@ -612,9 +636,13 @@ int main(void)
 	if (test_x509_private_key_info_encrypt_to_pem() != 1) goto err;
 	if (test_x509_private_key_info_decrypt_from_pem() != 1) goto err;
 	if (test_x509_sign() != 1) goto err;
+#ifdef ENABLE_SM9
 	if (test_x509_sign_sm9() != 1) goto err;
+#endif
 	if (test_x509_key_exchange() != 1) goto err;
+#ifdef ENABLE_KYBER
 	if (test_x509_kem() != 1) goto err;
+#endif
 
 	printf("%s all tests passed!\n", __FILE__);
 	return 0;

tools/gmssl.c

@@ -34,36 +34,58 @@ extern int sm2decrypt_main(int argc, char **argv);
 extern int sm3_main(int argc, char **argv);
 extern int sm3hmac_main(int argc, char **argv);
 extern int sm3_pbkdf2_main(int argc, char **argv);
+#ifdef ENABLE_SM4_ECB
 extern int sm4_ecb_main(int argc, char **argv);
+#endif
 extern int sm4_cbc_main(int argc, char **argv);
 extern int sm4_ctr_main(int argc, char **argv);
+#ifdef ENABLE_SM4_CFB
 extern int sm4_cfb_main(int argc, char **argv);
+#endif
+#ifdef ENABLE_SM4_OFB
 extern int sm4_ofb_main(int argc, char **argv);
+#endif
+#ifdef ENABLE_SM4_CCM
 extern int sm4_ccm_main(int argc, char **argv);
+#endif
 extern int sm4_gcm_main(int argc, char **argv);
+#ifdef ENABLE_SM4_XTS
 extern int sm4_xts_main(int argc, char **argv);
+#endif
 extern int sm4_cbc_sm3_hmac_main(int argc, char **argv);
 extern int sm4_ctr_sm3_hmac_main(int argc, char **argv);
+#ifdef ENABLE_SM4_CBC_MAC
 extern int sm4_cbc_mac_main(int argc, char **argv);
+#endif
+#ifdef ENABLE_ZUC
 extern int zuc_main(int argc, char **argv);
+#endif
+#ifdef ENABLE_GHASH
 extern int ghash_main(int argc, char **argv);
+#endif
+#ifdef ENABLE_SM9
 extern int sm9setup_main(int argc, char **argv);
 extern int sm9keygen_main(int argc, char **argv);
 extern int sm9sign_main(int argc, char **argv);
 extern int sm9verify_main(int argc, char **argv);
 extern int sm9encrypt_main(int argc, char **argv);
 extern int sm9decrypt_main(int argc, char **argv);
+#endif
+#ifdef ENABLE_CMS
 extern int cmsparse_main(int argc, char **argv);
 extern int cmsencrypt_main(int argc, char **argv);
 extern int cmsdecrypt_main(int argc, char **argv);
 extern int cmssign_main(int argc, char **argv);
 extern int cmsverify_main(int argc, char **argv);
+#endif
+#ifdef ENABLE_TLS
 extern int tlcp_client_main(int argc, char **argv);
 extern int tlcp_server_main(int argc, char **argv);
 extern int tls12_client_main(int argc, char **argv);
 extern int tls12_server_main(int argc, char **argv);
 extern int tls13_client_main(int argc, char **argv);
 extern int tls13_server_main(int argc, char **argv);
+#endif
 #ifdef ENABLE_SECP256R1
 extern int p256keygen_main(int argc, char **argv);
 #endif
@@ -122,25 +144,43 @@ static const char *options =
 	"  sm3               Generate SM3 hash\n"
 	"  sm3hmac           Generate SM3 HMAC tag\n"
 	"  sm3_pbkdf2        Hash password into key using PBKDF2 algoritm\n"
+#ifdef ENABLE_SM4_ECB
 	"  sm4_ecb           Encrypt or decrypt with SM4 ECB\n"
+#endif
 	"  sm4_cbc           Encrypt or decrypt with SM4 CBC\n"
 	"  sm4_ctr           Encrypt or decrypt with SM4 CTR\n"
+#ifdef ENABLE_SM4_CFB
 	"  sm4_cfb           Encrypt or decrypt with SM4 CFB\n"
+#endif
+#ifdef ENABLE_SM4_OFB
 	"  sm4_ofb           Encrypt or decrypt with SM4 OFB\n"
+#endif
+#ifdef ENABLE_SM4_CCM
 	"  sm4_ccm           Encrypt or decrypt with SM4 CCM\n"
+#endif
 	"  sm4_gcm           Encrypt or decrypt with SM4 GCM\n"
+#ifdef ENABLE_SM4_XTS
 	"  sm4_xts           Encrypt or decrypt with SM4 XTS\n"
+#endif
 	"  sm4_cbc_sm3_hmac  Encrypt or decrypt with SM4 CBC with SM3-HMAC\n"
 	"  sm4_ctr_sm3_hmac  Encrypt or decrypt with SM4 CTR with SM3-HMAC\n"
+#ifdef ENABLE_SM4_CBC_MAC
 	"  sm4_cbc_mac       Generate SM4 CBC-MAC\n"
+#endif
+#ifdef ENABLE_GHASH
 	"  ghash             Generate GHASH\n"
+#endif
+#ifdef ENABLE_ZUC
 	"  zuc               Encrypt or decrypt with ZUC\n"
+#endif
+#ifdef ENABLE_SM9
 	"  sm9setup          Generate SM9 master secret\n"
 	"  sm9keygen         Generate SM9 private key\n"
 	"  sm9sign           Generate SM9 signature\n"
 	"  sm9verify         Verify SM9 signature\n"
 	"  sm9encrypt        SM9 public key encryption\n"
 	"  sm9decrypt        SM9 decryption\n"
+#endif
 	"  reqgen            Generate certificate signing request (CSR)\n"
 	"  reqsign           Generate certificate from CSR\n"
 	"  reqparse          Parse and print a CSR\n"
@@ -152,11 +192,13 @@ static const char *options =
 	"  certparse         Parse and print certificates\n"
 	"  certverify        Verify certificate chain\n"
 	"  certrevoke        Revoke certificate and output RevokedCertificate record\n"
+#ifdef ENABLE_CMS
 	"  cmsparse          Parse CMS (cryptographic message syntax) file\n"
 	"  cmsencrypt        Generate CMS EnvelopedData\n"
 	"  cmsdecrypt        Decrypt CMS EnvelopedData\n"
 	"  cmssign           Generate CMS SignedData\n"
 	"  cmsverify         Verify CMS SignedData\n"
+#endif
 #ifdef ENABLE_SECP256R1
 	"  p256keygen        Generate P-256 (secp256r1, prime256v1) keypair\n"
 #endif
@@ -198,12 +240,14 @@ static const char *options =
 #ifdef ENABLE_SKF
 	"  skfutil           SKF crypto device utility\n"
 #endif
+#ifdef ENABLE_TLS
 	"  tlcp_client       TLCP client\n"
 	"  tlcp_server       TLCP server\n"
 	"  tls12_client      TLS 1.2 client\n"
 	"  tls12_server      TLS 1.2 server\n"
 	"  tls13_client      TLS 1.3 client\n"
 	"  tls13_server      TLS 1.3 server\n"
+#endif
 	"\n"
 	"run `gmssl <command> -help` to print help of the given command\n"
 	"\n";
@@ -298,14 +342,19 @@ int main(int argc, char **argv)
 			return sm4_cbc_sm3_hmac_main(argc, argv);
 		} else if (!strcmp(*argv, "sm4_ctr_sm3_hmac")) {
 			return sm4_ctr_sm3_hmac_main(argc, argv);
+#ifdef ENABLE_GHASH
 		} else if (!strcmp(*argv, "ghash")) {
 			return ghash_main(argc, argv);
+#endif
 #if ENABLE_SM4_CBC_MAC
 		} else if (!strcmp(*argv, "sm4_cbc_mac")) {
 			return sm4_cbc_mac_main(argc, argv);
 #endif
+#ifdef ENABLE_ZUC
 		} else if (!strcmp(*argv, "zuc")) {
 			return zuc_main(argc, argv);
+#endif
+#ifdef ENABLE_SM9
 		} else if (!strcmp(*argv, "sm9setup")) {
 			return sm9setup_main(argc, argv);
 		} else if (!strcmp(*argv, "sm9keygen")) {
@@ -318,6 +367,8 @@ int main(int argc, char **argv)
 			return sm9encrypt_main(argc, argv);
 		} else if (!strcmp(*argv, "sm9decrypt")) {
 			return sm9decrypt_main(argc, argv);
+#endif
+#ifdef ENABLE_CMS
 		} else if (!strcmp(*argv, "cmsparse")) {
 			return cmsparse_main(argc, argv);
 		} else if (!strcmp(*argv, "cmsencrypt")) {
@@ -328,6 +379,8 @@ int main(int argc, char **argv)
 			return cmssign_main(argc, argv);
 		} else if (!strcmp(*argv, "cmsverify")) {
 			return cmsverify_main(argc, argv);
+#endif
+#ifdef ENABLE_TLS
 		} else if (!strcmp(*argv, "tlcp_client")) {
 			return tlcp_client_main(argc, argv);
 		} else if (!strcmp(*argv, "tlcp_server")) {
@@ -340,6 +393,7 @@ int main(int argc, char **argv)
 			return tls13_client_main(argc, argv);
 		} else if (!strcmp(*argv, "tls13_server")) {
 			return tls13_server_main(argc, argv);
+#endif
 #ifdef ENABLE_SECP256R1
 		} else if (!strcmp(*argv, "p256keygen")) {
 			return p256keygen_main(argc, argv);