nettle/hobble-nettle

#!/bin/sh
set -x

if [ "$1" = "-e" ] ; then
    CMD="cat < /dev/null >"
else
    CMD="rm -f"
fi

# ECC-192, 224
for f in ecc-secp192r1.c ecc-secp224r1.c; do
    eval "$CMD $f"
done

# SM4
for f in gcm-sm4-meta.c gcm-sm4.c sm4-meta.c sm4.c sm4.h testsuite/sm4-test.c; do
    eval "$CMD $f"
done

patch -p1 << '__EOF__'
From 4f46c4f64358d19f73ac9ba2f78c39bbffa04a57 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Sun, 21 Mar 2021 11:09:51 +0100
Subject: [PATCH 1/2] Remove secp192r1 and secp224r1 support

---
 Makefile.in                   | 22 ++----------
 eccdata.c                     | 67 +----------------------------------
 examples/ecc-benchmark.c      |  2 --
 examples/hogweed-benchmark.c  | 17 ---------
 testsuite/ecdh-test.c         | 40 ---------------------
 testsuite/ecdsa-sign-test.c   | 46 ------------------------
 testsuite/ecdsa-verify-test.c | 28 ---------------
 testsuite/testutils.c         | 22 +-----------
 8 files changed, 4 insertions(+), 240 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 2bf7f1e8..8e3df0a0 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -204,7 +204,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
 		  ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \
 		  ecc-curve25519.c ecc-curve448.c \
 		  ecc-gost-gc256b.c ecc-gost-gc512a.c \
-		  ecc-secp192r1.c ecc-secp224r1.c ecc-secp256r1.c \
+		  ecc-secp256r1.c \
 		  ecc-secp384r1.c ecc-secp521r1.c \
 		  ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \
 		  ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c ecc-nonsec-add-jjj.c \
@@ -358,22 +358,6 @@ des.$(OBJEXT): des.c des.h $(des_headers)
 
 # Generate ECC files, with roughly 16 KB of tables per curve.
 
-# Some reasonable choices for 192:
-# k =  8, c =  6, S = 256, T =  40 ( 32 A +  8 D) 12 KB
-# k = 14, c =  7, S = 256, T =  42 ( 28 A + 14 D) 12 KB
-# k = 11, c =  6, S = 192, T =  44 ( 33 A + 11 D)  9 KB
-# k = 16, c =  6, S = 128, T =  48 ( 32 A + 16 D)  6 KB
-ecc-secp192r1.h: eccdata.stamp
-	./eccdata$(EXEEXT_FOR_BUILD) secp192r1 8 6 $(NUMB_BITS) > $@T && mv $@T $@
-
-# Some reasonable choices for 224:
-# k = 16, c =  7, S = 256, T =  48 ( 32 A + 16 D) ~16 KB
-# k = 10, c =  6, S = 256, T =  50 ( 40 A + 10 D) ~16 KB
-# k = 13, c =  6, S = 192, T =  52 ( 39 A + 13 D) ~12 KB
-# k =  9, c =  5, S = 160, T =  54 ( 45 A +  9 D) ~10 KB
-ecc-secp224r1.h: eccdata.stamp
-	./eccdata$(EXEEXT_FOR_BUILD) secp224r1 16 7 $(NUMB_BITS) > $@T && mv $@T $@
-
 # Some reasonable choices for 256:
 # k =  9, c =  6, S = 320, T =  54 ( 45 A +  9 D) 20 KB
 # k = 11, c =  6, S = 256, T =  55 ( 44 A + 11 D) 16 KB
@@ -433,8 +417,6 @@ ecc-curve25519.$(OBJEXT): ecc-curve25519.h
 ecc-curve448.$(OBJEXT): ecc-curve448.h
 ecc-gost-gc256b.$(OBJEXT): ecc-gost-gc256b.h
 ecc-gost-gc512a.$(OBJEXT): ecc-gost-gc512a.h
-ecc-secp192r1.$(OBJEXT): ecc-secp192r1.h
-ecc-secp224r1.$(OBJEXT): ecc-secp224r1.h
 ecc-secp256r1.$(OBJEXT): ecc-secp256r1.h
 ecc-secp384r1.$(OBJEXT): ecc-secp384r1.h
 ecc-secp521r1.$(OBJEXT): ecc-secp521r1.h
@@ -681,7 +663,7 @@ clean-here:
 	-rm -f $(TARGETS) *.$(OBJEXT) *.$(OBJEXT).d *.s *.so *.dll *.a \
 		ecc-curve25519.h ecc-curve448.h \
 		ecc-gost-gc256b.h ecc-gost-gc512a.h \
-		ecc-secp192r1.h ecc-secp224r1.h ecc-secp256r1.h \
+		ecc-secp256r1.h \
 		ecc-secp384r1.h ecc-secp521r1.h \
 		aesdata$(EXEEXT_FOR_BUILD) \
 		desdata$(EXEEXT_FOR_BUILD) \
diff --git a/eccdata.c b/eccdata.c
index 3f8e3f13..06afb200 100644
--- a/eccdata.c
+++ b/eccdata.c
@@ -435,72 +435,7 @@ ecc_curve_init_str (struct ecc_curve *ecc, enum ecc_type type,
 static void
 ecc_curve_init (struct ecc_curve *ecc, const char *curve)
 {
-  if (!strcmp (curve, "secp192r1"))
-    {
-      ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
-			  /* p = 2^{192} - 2^{64} - 1 */
-			  "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
-			  "FFFFFFFFFFFFFFFF",
-
-			  "64210519e59c80e70fa7e9ab72243049"
-			  "feb8deecc146b9b1", 
-
-			  "ffffffffffffffffffffffff99def836"
-			  "146bc9b1b4d22831",
-
-			  "188da80eb03090f67cbf20eb43a18800"
-			  "f4ff0afd82ff1012",
-
-			  "07192b95ffc8da78631011ed6b24cdd5"
-			  "73f977a11e794811");
-      ecc->ref = ecc_alloc (3);
-      ecc_set_str (&ecc->ref[0], /* 2 g */
-		   "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
-		   "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab");
-      
-      ecc_set_str (&ecc->ref[1], /* 3 g */
-		   "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
-		   "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd");
-
-      ecc_set_str (&ecc->ref[2], /* 4 g */
-		   "35433907297cc378b0015703374729d7a4fe46647084e4ba",
-		   "a2649984f2135c301ea3acb0776cd4f125389b311db3be32");
-
-    }
-  else if (!strcmp (curve, "secp224r1"))
-    {
-      ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
-			  /* p = 2^{224} - 2^{96} + 1 */
-			  "ffffffffffffffffffffffffffffffff"
-			  "000000000000000000000001",
-
-			  "b4050a850c04b3abf54132565044b0b7"
-			  "d7bfd8ba270b39432355ffb4",
-
-			  "ffffffffffffffffffffffffffff16a2"
-			  "e0b8f03e13dd29455c5c2a3d",
-
-			  "b70e0cbd6bb4bf7f321390b94a03c1d3"
-			  "56c21122343280d6115c1d21",
-
-			  "bd376388b5f723fb4c22dfe6cd4375a0"
-			  "5a07476444d5819985007e34");
-
-      ecc->ref = ecc_alloc (3);
-      ecc_set_str (&ecc->ref[0], /* 2 g */
-		   "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
-		   "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb");
-      
-      ecc_set_str (&ecc->ref[1], /* 3 g */
-		   "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
-		   "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925");
-
-      ecc_set_str (&ecc->ref[2], /* 4 g */
-		   "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
-		   "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9");
-
-    }
-  else if (!strcmp (curve, "secp256r1"))
+  if (!strcmp (curve, "secp256r1"))
     {
       ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
 			  /* p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 */
diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c
index 7e857f80..0bffe7a9 100644
--- a/examples/ecc-benchmark.c
+++ b/examples/ecc-benchmark.c
@@ -314,8 +314,6 @@ bench_curve (const struct ecc_curve *ecc)
 }
 
 const struct ecc_curve * const curves[] = {
-  &_nettle_secp_192r1,
-  &_nettle_secp_224r1,
   &_nettle_curve25519,
   &_nettle_secp_256r1,
   &_nettle_secp_384r1,
diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c
index 3f858833..44c9cea5 100644
--- a/examples/hogweed-benchmark.c
+++ b/examples/hogweed-benchmark.c
@@ -410,23 +410,6 @@ bench_ecdsa_init (unsigned size)
 
   switch (size)
     {
-    case 192:
-      ecc = &_nettle_secp_192r1;
-      xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
-      ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
-      zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
-      ctx->digest = hash_string (&nettle_sha1, "abc");
-      ctx->digest_size = 20;
-      break;
-    case 224:
-      ecc = &_nettle_secp_224r1;
-      xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
-      ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
-      zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
-      ctx->digest = hash_string (&nettle_sha224, "abc");
-      ctx->digest_size = 28;
-      break;
-
       /* From RFC 4754 */
     case 256:
       ecc = &_nettle_secp_256r1;
diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c
index ff4f7233..2be26b19 100644
--- a/testsuite/ecdh-test.c
+++ b/testsuite/ecdh-test.c
@@ -159,46 +159,6 @@ test_public_key (const char *label, const struct ecc_curve *ecc,
 void
 test_main(void)
 {
-  test_public_key ("(0,0) with secp-192r1", &_nettle_secp_192r1, "0", "0", 0);
-  test_public_key (
-    "(P,0) with secp-192r1", &_nettle_secp_192r1,
-    "6277101735386680763835789423207666416083908700390324961279",
-    "0", 0);
-  test_public_key (
-    "(0,P) with secp-192r1", &_nettle_secp_192r1, "0",
-    "6277101735386680763835789423207666416083908700390324961279",
-    0);
-  test_public_key (
-    "(P,P) with secp-192r1", &_nettle_secp_192r1,
-    "6277101735386680763835789423207666416083908700390324961279",
-    "6277101735386680763835789423207666416083908700390324961279",
-    0);
-  test_public_key ("(1,2) with secp-192r1", &_nettle_secp_192r1, "1", "2", 0);
-  test_public_key ("(X,Y) with secp-192r1", &_nettle_secp_192r1,
-    "1050363442265225480786760666329560655512990381040021438562",
-    "5298249600854377235107392014200406283816103564916230704184",
-    1);
-
-  test_dh ("secp-192r1", &_nettle_secp_192r1,
-	   "3406157206141798348095184987208239421004566462391397236532",
-	   "1050363442265225480786760666329560655512990381040021438562",
-	   "5298249600854377235107392014200406283816103564916230704184",
-	   "738368960171459956677260317271477822683777845013274506165",
-	   "2585840779771604687467445319428618542927556223024046979917",
-	   "293088185788565313717816218507714888251468410990708684573",
-	   "149293809021051532782730990145509724807636529827149481690",
-	   "2891131861147398318714693938158856874319184314120776776192");
-
-  test_dh ("secp-224r1", &_nettle_secp_224r1,
-	   "1321072106881784386340709783538698930880431939595776773514895067682",
-	   "6768311794185371282972144247871764855860666277647541840973645586477",
-	   "2880077809069104378181313860274147139049600284805670362929579614547",
-	   "13934723037778859565852601874354272638301919827851286722006496784914",
-	   "373124771833407982305885866158843810218322878380632071540538232035",
-	   "24223309755162432227459925493224336241652868856405241018762887667883",
-	   "8330362698029245839097779050425944245826040430538860338085968752913",
-	   "24167244512472228715617822000878192535267113543393576038737592837010");	   
-
   test_dh ("secp-256r1", &_nettle_secp_256r1,
 	   "94731533361265297353914491124013058635674217345912524033267198103710636378786",
 	   "22441589863306126152768848344973918725077248391248404659242620344938484650846",
diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c
index 46fc2738..4816de82 100644
--- a/testsuite/ecdsa-sign-test.c
+++ b/testsuite/ecdsa-sign-test.c
@@ -74,18 +74,6 @@ test_main (void)
   if (test_side_channel)
     SKIP();
 #endif
-  /* Producing the signature for corresponding test in
-     ecdsa-verify-test.c, with special u1 and u2. */
-  test_ecdsa (&_nettle_secp_224r1,
-	      "99b5b787484def12894ca507058b3bf5"
-	      "43d72d82fa7721d2e805e5e6",
-	      "2",
-	      SHEX("cdb887ac805a3b42e22d224c85482053"
-		   "16c755d4a736bb2032c92553"),
-	      "706a46dc76dcb76798e60e6d89474788"
-	      "d16dc18032d268fd1a704fa6", /* r */
-	      "3a41e1423b1853e8aa89747b1f987364"
-	      "44705d6d6d8371ea1f578f2e"); /* s */
 
   /* Produce a signature where verify operation results in a point duplication. */
   test_ecdsa (&_nettle_secp_256r1,
@@ -99,40 +87,6 @@ test_main (void)
 	      "53f097727a0e0dc284a0daa0da0ab77d"
 	      "5792ae67ed075d1f8d5bda0f853fa093"); /* s */
 
-  /* Test cases for the smaller groups, verified with a
-     proof-of-concept implementation done for Yubico AB. */
-  test_ecdsa (&_nettle_secp_192r1,
-	      "DC51D3866A15BACDE33D96F992FCA99D"
-	      "A7E6EF0934E70975", /* z */
-
-	      "9E56F509196784D963D1C0A401510EE7"
-	      "ADA3DCC5DEE04B15", /* k */
-
-	      SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
-		   "B00361A396177A9C"), /* h */
-
-	      "8c478db6a5c131540cebc739f9c0a9a8"
-	      "c720c2abdd14a891", /* r */
-
-	      "a91fb738f9f175d72f9c98527e881c36"
-	      "8de68cb55ffe589"); /* s */
-
-  test_ecdsa (&_nettle_secp_224r1,
-	      "446df0a771ed58403ca9cb316e617f6b"
-	      "158420465d00a69601e22858",  /* z */
-
-	      "4c13f1905ad7eb201178bc08e0c9267b"
-	      "4751c15d5e1831ca214c33f4",  /* z */
-
-	      SHEX("1b28a611fe62ab3649350525d06703ba"
-		   "4b979a1e543566fd5caa85c6"),  /* h */
-
-	      "2cc280778f3d067df6d3adbe3a6aad63"
-	      "bc75f08f5c5f915411902a99",  /* r */ 
-
-	      "d0f069fd0f108eb07b7bbc54c8d6c88d"
-	      "f2715c38a95c31a2b486995f"); /* s */
-
   /* From RFC 4754 */
   test_ecdsa (&_nettle_secp_256r1,
 	      "DC51D386 6A15BACD E33D96F9 92FCA99D"
diff --git a/testsuite/ecdsa-verify-test.c b/testsuite/ecdsa-verify-test.c
index 8d527000..eb5449da 100644
--- a/testsuite/ecdsa-verify-test.c
+++ b/testsuite/ecdsa-verify-test.c
@@ -81,34 +81,6 @@ test_ecdsa (const struct ecc_curve *ecc,
 void
 test_main (void)
 {
-  /* Corresponds to nonce k = 2 and private key z =
-     0x99b5b787484def12894ca507058b3bf543d72d82fa7721d2e805e5e6. z and
-     hash are chosen so that intermediate scalars in the verify
-     equations are u1 = 0x6b245680e700, u2 =
-     259da6542d4ba7d21ad916c3bd57f811. These values require canonical
-     reduction of the scalars. Bug caused by missing canonical
-     reduction reported by Guido Vranken. */
-  test_ecdsa (&_nettle_secp_224r1,
-	      "9e7e6cc6b1bdfa8ee039b66ad85e5490"
-	      "7be706a900a3cba1c8fdd014", /* x */
-	      "74855db3f7c1b4097ae095745fc915e3"
-	      "8a79d2a1de28f282eafb22ba", /* y */
-
-	      SHEX("cdb887ac805a3b42e22d224c85482053"
-		   "16c755d4a736bb2032c92553"),
-	      "706a46dc76dcb76798e60e6d89474788"
-	      "d16dc18032d268fd1a704fa6", /* r */
-	      "3a41e1423b1853e8aa89747b1f987364"
-	      "44705d6d6d8371ea1f578f2e"); /* s */
-
-  /* Test case provided by Guido Vranken, from oss-fuzz */
-  test_ecdsa (&_nettle_secp_192r1,
-	      "14683086 f1734c6d e68743a6 48181b54 a74d4c5b 383eb6a8", /* x */
-	      "  1e2584 2ab8b2b0 4017f655 1b5e4058 a2aa0612 2dae9344", /* y */
-	      SHEX("00"), /* h == 0 corner case*/
-	      "952800792ed19341fdeeec047f2514f3b0f150d6066151fb", /* r */
-	      "ec5971222014878b50d7a19d8954bc871e7e65b00b860ffb"); /* s */
-
   /* Test case provided by Guido Vranken, from oss-fuzz. Triggers
      point duplication in the verify operation by using private key =
      1 (public key = generator) and hash = r. */
diff --git a/testsuite/testutils.c b/testsuite/testutils.c
index dcd653c1..b35248b9 100644
--- a/testsuite/testutils.c
+++ b/testsuite/testutils.c
@@ -2142,8 +2142,6 @@ test_dsa_key(const struct dsa_params *params,
 }
 
 const struct ecc_curve * const ecc_curves[] = {
-  &_nettle_secp_192r1,
-  &_nettle_secp_224r1,
   &_nettle_secp_256r1,
   &_nettle_secp_384r1,
   &_nettle_secp_521r1,
@@ -2267,25 +2265,7 @@ test_ecc_point (const struct ecc_curve *ecc,
 }
 
 /* For each curve, the points g, 2 g, 3 g and 4 g */
-static const struct ecc_ref_point ecc_ref[9][4] = {
-  { { "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
-      "07192b95ffc8da78631011ed6b24cdd573f977a11e794811" },
-    { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
-	"dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
-    { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
-	"782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },
-    { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
-	"a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
-  },
-  { { "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
-	"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34" },
-    { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
-	"1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },
-    { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
-	"a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },
-    { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
-	"482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
-  },
+static const struct ecc_ref_point ecc_ref[7][4] = {
   { { "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
 	"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" },
     { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
-- 
2.45.1


From fda2e8fb058076715763346ae0b5cb4bb3eea5dd Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 1 Nov 2023 09:21:16 +0900
Subject: [PATCH 2/2] Remove SM4 cipher support

---
 Makefile.in                  |  4 +---
 examples/nettle-benchmark.c  |  2 --
 gcm.h                        | 23 -----------------------
 nettle-meta-aeads.c          |  1 -
 nettle-meta-ciphers.c        |  1 -
 nettle-meta.h                |  3 ---
 testsuite/Makefile.in        |  2 +-
 testsuite/gcm-test.c         | 18 ------------------
 testsuite/meta-aead-test.c   |  1 -
 testsuite/meta-cipher-test.c |  1 -
 10 files changed, 2 insertions(+), 54 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 8e3df0a0..6a762008 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -117,7 +117,6 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
 		 gcm-aes256.c gcm-aes256-meta.c \
 		 gcm-camellia128.c gcm-camellia128-meta.c \
 		 gcm-camellia256.c gcm-camellia256-meta.c \
-		 gcm-sm4.c gcm-sm4-meta.c \
 		 cmac.c cmac64.c cmac-aes128.c cmac-aes256.c cmac-des3.c \
 		 cmac-aes128-meta.c cmac-aes256-meta.c cmac-des3-meta.c \
 		 gost28147.c gosthash94.c gosthash94-meta.c \
@@ -157,7 +156,6 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
 		 serpent-meta.c \
 		 streebog.c streebog-meta.c \
 		 twofish.c twofish-meta.c \
-		 sm4.c sm4-meta.c \
 		 umac-nh.c umac-nh-n.c umac-l2.c umac-l3.c \
 		 umac-poly64.c umac-poly128.c umac-set-key.c \
 		 umac32.c umac64.c umac96.c umac128.c \
@@ -245,7 +243,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h balloon.h \
 	  ocb.h pbkdf2.h \
 	  pgp.h pkcs1.h pss.h pss-mgf1.h realloc.h ripemd160.h rsa.h \
 	  salsa20.h sexp.h serpent.h \
-	  sha.h sha1.h sha2.h sha3.h sm3.h sm4.h streebog.h twofish.h \
+	  sha.h sha1.h sha2.h sha3.h sm3.h streebog.h twofish.h \
 	  umac.h yarrow.h xts.h poly1305.h nist-keywrap.h \
 	  drbg-ctr.h
 
diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
index 2a11a694..991d5bee 100644
--- a/examples/nettle-benchmark.c
+++ b/examples/nettle-benchmark.c
@@ -64,7 +64,6 @@
 #include "sha1.h"
 #include "sha2.h"
 #include "sha3.h"
-#include "sm4.h"
 #include "twofish.h"
 #include "umac.h"
 #include "cmac.h"
@@ -937,7 +936,6 @@ main(int argc, char **argv)
       &nettle_des3,
       &nettle_serpent256,
       &nettle_twofish128, &nettle_twofish192, &nettle_twofish256,
-      &nettle_sm4,
       NULL
     };
 
diff --git a/gcm.h b/gcm.h
index 39af5ab0..68c6c1ba 100644
--- a/gcm.h
+++ b/gcm.h
@@ -40,7 +40,6 @@
 
 #include "aes.h"
 #include "camellia.h"
-#include "sm4.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -96,13 +95,6 @@ extern "C" {
 #define gcm_camellia256_decrypt nettle_gcm_camellia256_decrypt
 #define gcm_camellia256_digest nettle_gcm_camellia256_digest
 
-#define gcm_sm4_set_key nettle_gcm_sm4_set_key
-#define gcm_sm4_set_iv nettle_gcm_sm4_set_iv
-#define gcm_sm4_update nettle_gcm_sm4_update
-#define gcm_sm4_encrypt nettle_gcm_sm4_encrypt
-#define gcm_sm4_decrypt nettle_gcm_sm4_decrypt
-#define gcm_sm4_digest nettle_gcm_sm4_digest
-
 #define GCM_BLOCK_SIZE 16
 #define GCM_IV_SIZE (GCM_BLOCK_SIZE - 4)
 #define GCM_DIGEST_SIZE 16
@@ -331,21 +323,6 @@ void gcm_camellia256_digest(struct gcm_camellia256_ctx *ctx,
 			    size_t length, uint8_t *digest);
 
 
-struct gcm_sm4_ctx GCM_CTX(struct sm4_ctx);
-
-void gcm_sm4_set_key(struct gcm_sm4_ctx *ctx, const uint8_t *key);
-void gcm_sm4_set_iv(struct gcm_sm4_ctx *ctx,
-		    size_t length, const uint8_t *iv);
-void gcm_sm4_update(struct gcm_sm4_ctx *ctx,
-		    size_t length, const uint8_t *data);
-void gcm_sm4_encrypt(struct gcm_sm4_ctx *ctx,
-		     size_t length, uint8_t *dst, const uint8_t *src);
-void gcm_sm4_decrypt(struct gcm_sm4_ctx *ctx,
-		     size_t length, uint8_t *dst, const uint8_t *src);
-void gcm_sm4_digest(struct gcm_sm4_ctx *ctx,
-		    size_t length, uint8_t *digest);
-
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/nettle-meta-aeads.c b/nettle-meta-aeads.c
index 78f38a3c..c99cc465 100644
--- a/nettle-meta-aeads.c
+++ b/nettle-meta-aeads.c
@@ -43,7 +43,6 @@ const struct nettle_aead * const _nettle_aeads[] = {
   &nettle_gcm_aes256,
   &nettle_gcm_camellia128,
   &nettle_gcm_camellia256,
-  &nettle_gcm_sm4,
   &nettle_eax_aes128,
   &nettle_chacha_poly1305,
   NULL
diff --git a/nettle-meta-ciphers.c b/nettle-meta-ciphers.c
index f8d691cf..49cb47a7 100644
--- a/nettle-meta-ciphers.c
+++ b/nettle-meta-ciphers.c
@@ -54,7 +54,6 @@ const struct nettle_cipher * const _nettle_ciphers[] = {
   &nettle_arctwo64,
   &nettle_arctwo128,
   &nettle_arctwo_gutmann128,
-  &nettle_sm4,
   NULL
 };
 
diff --git a/nettle-meta.h b/nettle-meta.h
index 19dc96c5..d684947e 100644
--- a/nettle-meta.h
+++ b/nettle-meta.h
@@ -89,8 +89,6 @@ extern const struct nettle_cipher nettle_arctwo64;
 extern const struct nettle_cipher nettle_arctwo128;
 extern const struct nettle_cipher nettle_arctwo_gutmann128;
 
-extern const struct nettle_cipher nettle_sm4;
-
 struct nettle_hash
 {
   const char *name;
@@ -200,7 +198,6 @@ extern const struct nettle_aead nettle_gcm_aes192;
 extern const struct nettle_aead nettle_gcm_aes256;
 extern const struct nettle_aead nettle_gcm_camellia128;
 extern const struct nettle_aead nettle_gcm_camellia256;
-extern const struct nettle_aead nettle_gcm_sm4;
 extern const struct nettle_aead nettle_eax_aes128;
 extern const struct nettle_aead nettle_chacha_poly1305;
 
diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
index 0699fa0d..f5db4bca 100644
--- a/testsuite/Makefile.in
+++ b/testsuite/Makefile.in
@@ -25,7 +25,7 @@ TS_NETTLE_SOURCES = aes-test.c aes-keywrap-test.c arcfour-test.c arctwo-test.c \
 		    sha3-permute-test.c sha3-224-test.c sha3-256-test.c \
 		    sha3-384-test.c sha3-512-test.c \
 		    shake128-test.c shake256-test.c \
-		    streebog-test.c sm3-test.c sm4-test.c \
+		    streebog-test.c sm3-test.c \
 		    serpent-test.c twofish-test.c version-test.c \
 		    knuth-lfib-test.c \
 		    cbc-test.c cfb-test.c ctr-test.c gcm-test.c eax-test.c ccm-test.c \
diff --git a/testsuite/gcm-test.c b/testsuite/gcm-test.c
index e8228ed7..e0501963 100644
--- a/testsuite/gcm-test.c
+++ b/testsuite/gcm-test.c
@@ -825,24 +825,6 @@ test_main(void)
 		 "16aedbf5a0de6a57 a637b39b"),	/* iv */
 	    SHEX("5791883f822013f8bd136fc36fb9946b"));	/* tag */
 
-  /*
-   * GCM-SM4 Test Vectors from
-   * https://datatracker.ietf.org/doc/html/rfc8998
-   */
-  test_aead(&nettle_gcm_sm4, NULL,
-	    SHEX("0123456789ABCDEFFEDCBA9876543210"),
-	    SHEX("FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2"),
-	    SHEX("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB"
-	         "CCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDD"
-	         "EEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFF"
-	         "EEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA"),
-	    SHEX("17F399F08C67D5EE19D0DC9969C4BB7D"
-	         "5FD46FD3756489069157B282BB200735"
-	         "D82710CA5C22F0CCFA7CBF93D496AC15"
-	         "A56834CBCF98C397B4024A2691233B8D"),
-	    SHEX("00001234567800000000ABCD"),
-	    SHEX("83DE3541E4C2B58177E065A9BF7B62EC"));
-
   /* Test gcm_hash, with varying message size, keys and iv all zero.
      Not compared to any other implementation. */
   test_gcm_hash (SDATA("a"),
diff --git a/testsuite/meta-aead-test.c b/testsuite/meta-aead-test.c
index ceeca227..1fcede40 100644
--- a/testsuite/meta-aead-test.c
+++ b/testsuite/meta-aead-test.c
@@ -8,7 +8,6 @@ const char* aeads[] = {
   "gcm_aes256",
   "gcm_camellia128",
   "gcm_camellia256",
-  "gcm_sm4",
   "eax_aes128",
   "chacha_poly1305",
 };
diff --git a/testsuite/meta-cipher-test.c b/testsuite/meta-cipher-test.c
index 912fac5a..046fbdaf 100644
--- a/testsuite/meta-cipher-test.c
+++ b/testsuite/meta-cipher-test.c
@@ -20,7 +20,6 @@ const char* ciphers[] = {
   "twofish128",
   "twofish192",
   "twofish256",
-  "sm4"
 };
 
 void
-- 
2.45.1

__EOF__