From 60d14da0cc05e79934e11cb8fc23007108403c0d Mon Sep 17 00:00:00 2001
From: Zhi Guan <guan@pku.edu.cn>
Date: Sun, 15 May 2016 20:21:51 +0200
Subject: [PATCH] add CBC-MAC and GM OTP, not tested

---
 Makefile                   |   6 +-
 Makefile.bak               |   6 +-
 Makefile.org               |   2 +-
 apps/ciphers.c             |   7 +
 apps/cpkparam.c            |  76 +---
 apps/pkeyutl.c             |  21 --
 crypto/asn1/ameth_lib.c    |   3 -
 crypto/cbcmac/Makefile     |   4 +-
 crypto/cbcmac/cbcm_ameth.c | 142 ++++++++
 crypto/cbcmac/cbcm_pmeth.c | 264 ++++++++++++++
 crypto/cbcmac/cbcmac.c     |  93 ++++-
 crypto/cpk/cpk_asn1.c      |   4 +-
 crypto/ec/ec.h             |  46 +++
 crypto/ec/ec_ameth.c       | 175 +---------
 crypto/ec/ec_pmeth.c       | 688 ++++++++++++++++---------------------
 crypto/ecies/ecies.h       |  48 ++-
 crypto/ecies/ecies_lib.c   |  44 ++-
 crypto/evp/c_allc.c        |   5 +-
 crypto/evp/c_alld.c        |   2 +-
 crypto/evp/e_sms4.c        |   2 +-
 crypto/evp/e_zuc.c         |   2 +-
 crypto/evp/evp.h           |  29 +-
 crypto/evp/evp_pkey.c      |  11 -
 crypto/evp/m_sm3.c         |  28 +-
 crypto/evp/p_enc.c         |  50 +--
 crypto/evp/p_lib.c         |  33 --
 crypto/evp/pmeth_lib.c     |  25 +-
 crypto/objects/obj_dat.h   | 272 ++++++++-------
 crypto/objects/obj_mac.h   | 110 +++---
 crypto/objects/obj_mac.num |   6 +
 crypto/objects/objects.txt | 102 +++---
 crypto/otp/Makefile        |  81 +++++
 crypto/otp/otp.c           | 123 +++++++
 crypto/otp/otp.h           |  85 +++++
 crypto/sm2/sm2.h           |  35 +-
 crypto/sm2/sm2_asn1.c      |  19 +-
 crypto/sm2/sm2_enc.c       | 135 +++++---
 crypto/sm2/sm2_kap.c       |   8 +
 crypto/sm3/hmac_sm3.c      |  80 +++++
 crypto/sm3/hmac_sm3.h      |  29 ++
 crypto/sm3/hmac_sm3_test.c |  68 ++++
 crypto/sm3/sm3dgst.c       |  46 +++
 crypto/sm3/sm3test2.c      |  94 +++++
 crypto/sm9/sm9.h           | 102 ++++++
 crypto/sm9/sm9_lcl.h       | 103 ++++++
 crypto/sms4/Makefile       |   6 +-
 crypto/sms4/sms4.h         |  20 ++
 crypto/sms4/sms4_ede.h     |  30 --
 crypto/sms4/sms4_enc.c     |   3 +-
 crypto/sms4/sms4_setkey.c  |  67 ++++
 crypto/x509/x509type.c     |   5 -
 demos/gmssl/ec_key.pem     |   8 -
 demos/gmssl/eckey.pem      |  10 -
 demos/gmssl/ecparam.pem    |   7 -
 demos/gmssl/ecpubkey.pem   |   9 -
 demos/gmssl/gmssl.sh       |  26 +-
 demos/gmssl/server.c       |  50 +++
 demos/gmssl/sm2-gencert.sh |  11 -
 demos/gmssl/sm2-initca.sh  |  19 -
 demos/gmssl/sm2enc.c       | 109 ++++++
 engines/e_skf.c            |   8 +-
 include/openssl/gmssl.h    |   1 -
 include/openssl/gmssl1.h   |   1 +
 include/openssl/otp.h      |   1 +
 ssl/Makefile               |  12 +-
 ssl/gm_clnt.c              |  16 +-
 ssl/gm_enc.c               |   4 +-
 ssl/gm_lib.c               | 176 ++++++++--
 ssl/gm_meth.c              |  16 +-
 ssl/gm_srvr.c              |  54 +--
 ssl/{gmssl.h => gmssl1.h}  |  66 ++--
 ssl/s3_clnt.c              |   2 +
 ssl/ssl.h                  |  13 +-
 ssl/ssl_ciph.c             |  42 ++-
 ssl/ssl_lib.c              |  12 +
 ssl/ssl_locl.h             |  65 +++-
 ssl/ssl_sess.c             |   4 +-
 ssl/ssl_txt.c              |   2 +-
 test/otptest.c             |   1 +
 test/p.zuc.cipher          | Bin 1036 -> 1036 bytes
 test/p.zuc.clear           | Bin 1016 -> 1016 bytes
 81 files changed, 2789 insertions(+), 1401 deletions(-)
 create mode 100644 crypto/cbcmac/cbcm_ameth.c
 create mode 100644 crypto/cbcmac/cbcm_pmeth.c
 create mode 100644 crypto/otp/Makefile
 create mode 100644 crypto/otp/otp.c
 create mode 100644 crypto/otp/otp.h
 create mode 100644 crypto/sm3/hmac_sm3.c
 create mode 100644 crypto/sm3/hmac_sm3.h
 create mode 100644 crypto/sm3/hmac_sm3_test.c
 create mode 100644 crypto/sm3/sm3dgst.c
 create mode 100644 crypto/sm3/sm3test2.c
 create mode 100644 crypto/sm9/sm9.h
 create mode 100644 crypto/sm9/sm9_lcl.h
 delete mode 100644 crypto/sms4/sms4_ede.h
 create mode 100644 crypto/sms4/sms4_setkey.c
 delete mode 100644 demos/gmssl/ec_key.pem
 delete mode 100644 demos/gmssl/eckey.pem
 delete mode 100644 demos/gmssl/ecparam.pem
 delete mode 100644 demos/gmssl/ecpubkey.pem
 create mode 100644 demos/gmssl/server.c
 delete mode 100755 demos/gmssl/sm2-gencert.sh
 delete mode 100755 demos/gmssl/sm2-initca.sh
 create mode 100644 demos/gmssl/sm2enc.c
 delete mode 120000 include/openssl/gmssl.h
 create mode 120000 include/openssl/gmssl1.h
 create mode 120000 include/openssl/otp.h
 rename ssl/{gmssl.h => gmssl1.h} (71%)
 create mode 120000 test/otptest.c

diff --git a/Makefile b/Makefile
index 77f8725f..ba331f45 100644
--- a/Makefile
+++ b/Makefile
@@ -13,8 +13,8 @@ SHLIB_MAJOR=1
 SHLIB_MINOR=0.0
 SHLIB_EXT=.$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
 PLATFORM=darwin64-x86_64-cc
-OPTIONS=--prefix=/usr/local --openssldir=/usr/local/openssl no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine
-CONFIGURE_ARGS=darwin64-x86_64-cc --prefix=/usr/local --openssldir=/usr/local/openssl
+OPTIONS=--prefix=/usr/local/ --openssldir=/usr/local/openssl/ no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine
+CONFIGURE_ARGS=darwin64-x86_64-cc --prefix=/usr/local/ --openssldir=/usr/local/openssl/
 SHLIB_TARGET=darwin-shared
 
 # HERE indicates where this Makefile lives.  This can be used to indicate
@@ -151,7 +151,7 @@ SDIRS=  \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
 	cms pqueue ts srp cmac \
-	sm2 sm3 sms4 ecies zuc
+	sm2 sm3 sms4 ecies cpk zuc cbcmac otp
 
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
diff --git a/Makefile.bak b/Makefile.bak
index 77f8725f..ed514496 100644
--- a/Makefile.bak
+++ b/Makefile.bak
@@ -13,8 +13,8 @@ SHLIB_MAJOR=1
 SHLIB_MINOR=0.0
 SHLIB_EXT=.$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
 PLATFORM=darwin64-x86_64-cc
-OPTIONS=--prefix=/usr/local --openssldir=/usr/local/openssl no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine
-CONFIGURE_ARGS=darwin64-x86_64-cc --prefix=/usr/local --openssldir=/usr/local/openssl
+OPTIONS=--prefix=/usr/local/ --openssldir=/usr/local/openssl/ no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine
+CONFIGURE_ARGS=darwin64-x86_64-cc --prefix=/usr/local/ --openssldir=/usr/local/openssl/
 SHLIB_TARGET=darwin-shared
 
 # HERE indicates where this Makefile lives.  This can be used to indicate
@@ -151,7 +151,7 @@ SDIRS=  \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
 	cms pqueue ts srp cmac \
-	sm2 sm3 sms4 ecies zuc
+	sm2 sm3 sms4 ecies cpk zuc cbcmac
 
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
diff --git a/Makefile.org b/Makefile.org
index 5521bf4c..a47bc222 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -149,7 +149,7 @@ SDIRS=  \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
 	cms pqueue ts jpake srp store cmac \
-	sm2 sm3 sms4 ecies zuc
+	sm2 sm3 sms4 ecies cpk zuc cbcmac otp
 
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 66636d2d..3b9d978a 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -76,6 +76,9 @@ static const char *ciphers_usage[] = {
     " -ssl2       - SSL2 mode\n",
     " -ssl3       - SSL3 mode\n",
     " -tls1       - TLS1 mode\n",
+#ifndef OPENSSL_NO_GMSSL
+	" -gmssl      - GMSSL mode\n",
+#endif
     NULL
 };
 
@@ -137,6 +140,10 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_TLS1
         else if (strcmp(*argv, "-tls1") == 0)
             meth = TLSv1_client_method();
+#endif
+#ifndef OPENSSL_NO_GMSSL
+		else if (strcmp(*argv, "-gmssl") == 0)
+			meth = GMSSLv1_client_method();
 #endif
         else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
             badops = 1;
diff --git a/apps/cpkparam.c b/apps/cpkparam.c
index dce0f045..275394a0 100644
--- a/apps/cpkparam.c
+++ b/apps/cpkparam.c
@@ -178,39 +178,25 @@
 # undef PROG
 # define PROG    cpkparam_main
 
-# define DEFBITS 2048
+
 
 /*-
- * -inform arg  - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg      - input file - default stdin
+ * -id          - domain identifier 
+ * -algorithm   - public key algorithm
+ * -pkeyopt     - public key options
+ * -paramfile   - public key parameters
  * -out arg     - output file - default stdout
  * -dsaparam  - read or generate DSA parameters, convert to DH
- * -check       - check the parameters are ok
- * -noout
- * -text
- * -C
  */
 
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
-
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
-    DH *dh = NULL;
-    int i, badops = 0, text = 0;
-# ifndef OPENSSL_NO_DSA
-    int dsaparam = 0;
-# endif
     BIO *in = NULL, *out = NULL;
-    int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
     char *infile, *outfile, *prog;
     char *inrand = NULL;
-# ifndef OPENSSL_NO_ENGINE
-    char *engine = NULL;
-# endif
-    int num = 0, g = 0;
+    char *id = NULL;
 
     apps_startup();
 
@@ -221,10 +207,7 @@ int MAIN(int argc, char **argv)
     if (!load_config(bio_err, NULL))
         goto end;
 
-    infile = NULL;
     outfile = NULL;
-    informat = FORMAT_PEM;
-    outformat = FORMAT_PEM;
 
     prog = argv[0];
     argc--;
@@ -247,21 +230,12 @@ int MAIN(int argc, char **argv)
                 goto bad;
             outfile = *(++argv);
         }
-# ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
-            engine = *(++argv);
-        }
-# endif
         else if (strcmp(*argv, "-check") == 0)
             check = 1;
         else if (strcmp(*argv, "-text") == 0)
             text = 1;
-# ifndef OPENSSL_NO_DSA
         else if (strcmp(*argv, "-dsaparam") == 0)
             dsaparam = 1;
-# endif
         else if (strcmp(*argv, "-C") == 0)
             C = 1;
         else if (strcmp(*argv, "-noout") == 0)
@@ -289,10 +263,8 @@ int MAIN(int argc, char **argv)
                    " -outform arg  output format - one of DER PEM\n");
         BIO_printf(bio_err, " -in arg       input file\n");
         BIO_printf(bio_err, " -out arg      output file\n");
-# ifndef OPENSSL_NO_DSA
         BIO_printf(bio_err,
                    " -dsaparam     read or generate DSA parameters, convert to DH\n");
-# endif
         BIO_printf(bio_err, " -check        check the DH parameters\n");
         BIO_printf(bio_err,
                    " -text         print a text form of the DH parameters\n");
@@ -303,10 +275,6 @@ int MAIN(int argc, char **argv)
                    " -5            generate parameters using  5 as the generator value\n");
         BIO_printf(bio_err,
                    " numbits       number of bits in to generate (default 2048)\n");
-# ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e     use engine e, possibly a hardware device.\n");
-# endif
         BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
                    LIST_SEPARATOR_CHAR);
         BIO_printf(bio_err,
@@ -318,14 +286,9 @@ int MAIN(int argc, char **argv)
 
     ERR_load_crypto_strings();
 
-# ifndef OPENSSL_NO_ENGINE
-    setup_engine(bio_err, engine, 0);
-# endif
-
     if (g && !num)
         num = DEFBITS;
 
-# ifndef OPENSSL_NO_DSA
     if (dsaparam) {
         if (g) {
             BIO_printf(bio_err,
@@ -333,7 +296,6 @@ int MAIN(int argc, char **argv)
             goto end;
         }
     } else
-# endif
     {
         /* DH parameters */
         if (num && !g)
@@ -454,12 +416,6 @@ int MAIN(int argc, char **argv)
     }
     if (outfile == NULL) {
         BIO_set_fp(out, stdout, BIO_NOCLOSE);
-# ifdef OPENSSL_SYS_VMS
-        {
-            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-            out = BIO_push(tmpbio, out);
-        }
-# endif
     } else {
         if (BIO_write_filename(out, outfile) <= 0) {
             perror(outfile);
@@ -564,26 +520,6 @@ int MAIN(int argc, char **argv)
     OPENSSL_EXIT(ret);
 }
 
-/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
-{
-    char c = '*';
-
-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
-    BIO_write(cb->arg, &c, 1);
-    (void)BIO_flush(cb->arg);
-# ifdef LINT
-    p = n;
-# endif
-    return 1;
-}
 
 #else                           /* !OPENSSL_NO_GMSSL */
 
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index d066f103..e8da83ae 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -72,9 +72,6 @@ static void usage(void);
 
 #define PROG pkeyutl_main
 
-#ifndef OPENSSL_NO_GMSSL
-int is_sm2 = 0;
-#endif
 
 static EVP_PKEY_CTX *init_ctx(int *pkeysize,
                               char *keyfile, int keyform, int key_type,
@@ -210,14 +207,6 @@ int MAIN(int argc, char **argv)
                 ERR_print_errors(bio_err);
                 goto end;
             }
-#ifndef OPENSSL_NO_GMSSL
-        } else if (strcmp(*argv, "-algorithm") == 0) {
-            if (!argv[1])
-                goto end;
-            if (strcmp(*(++argv), "SM2"))
-                goto end;
-            is_sm2 = 1;
-#endif
         } else
             badarg = 1;
         if (badarg) {
@@ -431,16 +420,6 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
     if (!pkey)
         goto end;
 
-#ifndef OPENSSL_NO_GMSSL
-    if (is_sm2) {
-        if (!EVP_PKEY_set_type(pkey, EVP_PKEY_SM2)) {
-            fprintf(stderr, "GmSSL: %s %d\n", __FILE__, __LINE__);
-            ERR_print_errors_fp(stderr);
-            goto end;
-        }
-    }
-#endif
-
     ctx = EVP_PKEY_CTX_new(pkey, e);
 
     EVP_PKEY_free(pkey);
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index b6c1f2c8..669a949b 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -100,9 +100,6 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_DH
     &dhx_asn1_meth,
 #endif
-#ifndef OPENSSL_NO_SM2
-    &sm2_asn1_meth,
-#endif
 };
 
 typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
diff --git a/crypto/cbcmac/Makefile b/crypto/cbcmac/Makefile
index 03c42310..f550139a 100644
--- a/crypto/cbcmac/Makefile
+++ b/crypto/cbcmac/Makefile
@@ -17,8 +17,8 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=cbcmac.c cbcmac_ameth.c cbcmac_pmeth.c
-LIBOBJ=cbcmac.o cbcmac_ameth.o cbcmac_pmeth.o
+LIBSRC=cbcmac.c cbcm_ameth.c cbcm_pmeth.c
+LIBOBJ=cbcmac.o cbcm_ameth.o cbcm_pmeth.o
 
 SRC= $(LIBSRC)
 
diff --git a/crypto/cbcmac/cbcm_ameth.c b/crypto/cbcmac/cbcm_ameth.c
new file mode 100644
index 00000000..d5f9cb9a
--- /dev/null
+++ b/crypto/cbcmac/cbcm_ameth.c
@@ -0,0 +1,142 @@
+/* crypto/cbcmac/cbcm_ameth.c */
+/* ====================================================================
+ * Copyright (c) 2015-2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2010.
+ */
+/* ====================================================================
+ * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/cbcmac.h>
+#include "asn1_locl.h"
+
+
+static int cbcmac_size(const EVP_PKEY *pkey)
+{
+    return EVP_MAX_BLOCK_LENGTH;
+}
+
+static void cbcmac_key_free(EVP_PKEY *pkey)
+{
+    CBCMAC_CTX *cmctx = (CBCMAC_CTX *)pkey->pkey.ptr;
+    if (cmctx)
+        CBCMAC_CTX_free(cmctx);
+}
+
+const EVP_PKEY_ASN1_METHOD cbcmac_asn1_meth = {
+    EVP_PKEY_CBCMAC,
+    EVP_PKEY_CBCMAC,
+    0,
+
+    "CBCMAC",
+    "GmSSL CBCMAC method",
+
+    0, 0, 0, 0,
+
+    0, 0, 0,
+
+    cbcmac_size,
+    0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    cbcmac_key_free,
+    0,
+    0, 0
+};
diff --git a/crypto/cbcmac/cbcm_pmeth.c b/crypto/cbcmac/cbcm_pmeth.c
new file mode 100644
index 00000000..f5326b5b
--- /dev/null
+++ b/crypto/cbcmac/cbcm_pmeth.c
@@ -0,0 +1,264 @@
+/* crypto/cbcmac/cbcm_pmeth.c */
+/* ====================================================================
+ * Copyright (c) 2015-2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2010.
+ */
+/* ====================================================================
+ * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/cbcmac.h>
+#include "evp_locl.h"
+
+static int pkey_cbcmac_init(EVP_PKEY_CTX *ctx)
+{
+    ctx->data = CBCMAC_CTX_new();
+    if (!ctx->data)
+        return 0;
+    ctx->keygen_info_count = 0;
+    return 1;
+}
+
+static int pkey_cbcmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    if (!pkey_cbcmac_init(dst))
+        return 0;
+    if (!CBCMAC_CTX_copy(dst->data, src->data))
+        return 0;
+    return 1;
+}
+
+static void pkey_cbcmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    CBCMAC_CTX_free(ctx->data);
+}
+
+static int pkey_cbcmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    CBCMAC_CTX *cmkey = CBCMAC_CTX_new();
+    CBCMAC_CTX *cmctx = ctx->data;
+    if (!cmkey)
+        return 0;
+    if (!CBCMAC_CTX_copy(cmkey, cmctx)) {
+        CBCMAC_CTX_free(cmkey);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, EVP_PKEY_CBCMAC, cmkey);
+
+    return 1;
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    if (!CBCMAC_Update(ctx->pctx->data, data, count))
+        return 0;
+    return 1;
+}
+
+static int cbcmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    mctx->update = int_update;
+    return 1;
+}
+
+static int cbcmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        EVP_MD_CTX *mctx)
+{
+    return CBCMAC_Final(ctx->data, sig, siglen);
+}
+
+static int pkey_cbcmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    CBCMAC_CTX *cmctx = ctx->data;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if (!p2 || p1 < 0)
+            return 0;
+        if (!CMAC_Init(cmctx, p2, p1, NULL, NULL))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_CIPHER:
+        if (!CBCMAC_Init(cmctx, NULL, 0, p2, ctx->engine))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        if (ctx->pkey && !CBCMAC_CTX_copy(ctx->data,
+                                        (CBCMAC_CTX *)ctx->pkey->pkey.ptr))
+            return 0;
+        if (!CBCMAC_Init(cmctx, NULL, 0, NULL, NULL))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_cbcmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (!strcmp(type, "key")) {
+        void *p = (void *)value;
+        return pkey_cbcmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, strlen(p), p);
+    }
+    if (!strcmp(type, "cipher")) {
+        const EVP_CIPHER *c;
+        c = EVP_get_cipherbyname(value);
+        if (!c)
+            return 0;
+        return pkey_cbcmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c);
+    }
+    if (!strcmp(type, "hexkey")) {
+        unsigned char *key;
+        int r;
+        long keylen;
+        key = string_to_hex(value, &keylen);
+        if (!key)
+            return 0;
+        r = pkey_cbcmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
+        OPENSSL_free(key);
+        return r;
+    }
+    return -2;
+}
+
+const EVP_PKEY_METHOD cbcmac_pkey_meth = {
+    EVP_PKEY_CBCMAC,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    pkey_cbcmac_init,
+    pkey_cbcmac_copy,
+    pkey_cbcmac_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_cbcmac_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    cbcmac_signctx_init,
+    cbcmac_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_cbcmac_ctrl,
+    pkey_cbcmac_ctrl_str
+};
diff --git a/crypto/cbcmac/cbcmac.c b/crypto/cbcmac/cbcmac.c
index 8921e09e..a57ba2e3 100644
--- a/crypto/cbcmac/cbcmac.c
+++ b/crypto/cbcmac/cbcmac.c
@@ -1,19 +1,22 @@
 #include <stdio.h>
-
-
+#include <stdlib.h>
+#include <strings.h>
+#include <openssl/evp.h>
+#include <openssl/cbcmac.h>
 
 struct CBCMAC_CTX_st {
 	EVP_CIPHER_CTX cipher_ctx;
-	unsigned char block[EVP_MAX_BLOCK_LENGTH];
-	unsigned char tmp_block[EVP_MAX_BLOCK_LENGTH];	
+	unsigned char cbcstate[EVP_MAX_BLOCK_LENGTH];
+	unsigned char workspace[EVP_MAX_BLOCK_LENGTH];
+	int worklen;
 };
 
 
-CBCMAC *CBCMAC_CTX_new(void)
+CBCMAC_CTX *CBCMAC_CTX_new(void)
 {
 	CBCMAC_CTX *ret;
 
-	if (!(ret = OPENSSL_malloc(*ret))) {
+	if (!(ret = OPENSSL_malloc(sizeof(*ret)))) {
 		return NULL;
 	}
 
@@ -25,8 +28,8 @@ CBCMAC *CBCMAC_CTX_new(void)
 void CBCMAC_CTX_cleanup(CBCMAC_CTX *ctx)
 {
 	EVP_CIPHER_CTX_cleanup(&ctx->cipher_ctx);
-	OPENSSL_cleanse(ctx->block, EVP_MAX_BLOCK_LENGTH);
-	OPENSSL_cleanse(ctx->tmp_block, EVP_MAX_BLOCK_LENGTH);
+	OPENSSL_cleanse(ctx->cbcstate, EVP_MAX_BLOCK_LENGTH);
+	OPENSSL_cleanse(ctx->workspace, EVP_MAX_BLOCK_LENGTH);
 }
 
 EVP_CIPHER_CTX *CBCMAC_CTX_get0_cipher_ctx(CBCMAC_CTX *ctx)
@@ -48,18 +51,90 @@ int CBCMAC_CTX_copy(CBCMAC_CTX *to, const CBCMAC_CTX *from)
 }
 
 int CBCMAC_Init(CBCMAC_CTX *ctx, const void *key, size_t keylen,
-	const EVP_CIPHER *cipher, ENGINE *impl)
+	const EVP_CIPHER *cipher, ENGINE *eng)
 {
+	int i, block_size;
+	
+	if (!EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, key, NULL, eng)) {
+		return 0;
+	}
+	if (EVP_CIPHER_CTX_mode(&ctx->cipher_ctx) != EVP_CIPH_ECB_MODE) {
+		return 0;
+	}
+	ctx->worklen = 0;
+	block_size = EVP_CIPHER_CTX_block_size(&ctx->cipher_ctx);
+	bzero(ctx->cbcstate, block_size);
 	return 0;
 }
 
 int CBCMAC_Update(CBCMAC_CTX *ctx, const void *data, size_t datalen)
 {
+	int block_size;
+	int i, n, len;
+	const unsigned char *in = (const unsigned char *)data;
+
+	block_size = EVP_CIPHER_CTX_block_size(&ctx->cipher_ctx);
+
+	
+	if (ctx->worklen) {
+		n = block_size - ctx->worklen;
+		if (datalen < n) {
+			for (i = 0; i < datalen; i++) {
+				ctx->workspace[ctx->worklen + i] = in[i];
+			}
+			ctx->worklen += datalen;
+			return 0;
+		} else {
+			for (i = 0; i < n; i++) {
+				ctx->workspace[ctx->worklen + i] = in[i] ^ ctx->cbcstate[i];
+			}
+			if (!EVP_EncryptUpdate(&ctx->cipher_ctx, ctx->cbcstate, &len,
+				ctx->workspace, block_size)) {
+				return 0;
+			}
+		}
+
+		while (n < datalen) {
+			for (i = 0; i < block_size; i++) {
+				ctx->workspace[i] = in[n + i] ^ ctx->cbcstate[i];
+			}
+			n += block_size;
+		
+			if (!EVP_EncryptUpdate(&ctx->cipher_ctx, ctx->cbcstate, &len,
+				ctx->workspace, block_size)) {
+				return 0;
+			}
+		}
+
+		ctx->worklen = datalen - n;
+		
+		for (i = 0; i < ctx->worklen; i++) {
+			ctx->workspace[i] = in[n + i];
+		}
+
+	}
+
+
 	return 0;
 }
 
 int CBCMAC_Final(CBCMAC_CTX *ctx, unsigned char *out, size_t *outlen)
 {
+	int i;
+	int block_size = EVP_CIPHER_CTX_block_size(&(ctx->cipher_ctx));
+
+	if (ctx->worklen) {
+		for (i = ctx->worklen; i < block_size; i++) {
+			ctx->workspace[i] = ctx->cbcstate[i];
+		}
+		EVP_EncryptUpdate(&(ctx->cipher_ctx), out, outlen, ctx->workspace, block_size);
+
+	} else {
+		for (i = 0; i < block_size; i++) {
+			out[i] = ctx->cbcstate[i];
+		}
+	}
+
 	return 0;
 }
 
diff --git a/crypto/cpk/cpk_asn1.c b/crypto/cpk/cpk_asn1.c
index 62dd860d..b745e5d3 100644
--- a/crypto/cpk/cpk_asn1.c
+++ b/crypto/cpk/cpk_asn1.c
@@ -89,7 +89,7 @@ int i2d_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS *params) {
 	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CPK_PUBLIC_PARAMS), bp, params);
 }
 
-
+#if 0
 
 /* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
 ASN1_ADB_TEMPLATE(cpkcmsdefault) = ASN1_EXP_OPT(CPK_CMS, d.other, ASN1_ANY, 0);
@@ -172,4 +172,4 @@ ASN1_NDEF_SEQUENCE(CPK_SIGN_ENVELOPE) = {
 	ASN1_SET_OF(CPK_SIGN_ENVELOPE, signer_infos, CPK_SIGNER_INFO)
 } ASN1_NDEF_SEQUENCE_END(CPK_SIGN_ENVELOPE)
 IMPLEMENT_ASN1_FUNCTIONS(CPK_SIGN_ENVELOPE)
-
+#endif
diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index b5ec786b..a7333a89 100644
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -1004,6 +1004,42 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
                                 EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
                                 EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL)
 
+# ifndef OPENSSL_NO_GMSSL
+# define EVP_PKEY_CTX_set_ec_sign_type(ctx, type) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_SIGN|EVP_PKEY_OP_SIGNCTX| \
+				EVP_PKEY_OP_VERIFY|EVP_PKEY_OP_VERIFYCTX, \
+                                EVP_PKEY_CTRL_EC_SIGN_TYPE, type, NULL)
+
+# define EVP_PKEY_CTX_get_ec_sign_type(ctx) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_SIGN|EVP_PKEY_OP_SIGNCTX| \
+				EVP_PKEY_OP_VERIFY|EVP_PKEY_OP_VERIFYCTX, \
+                                EVP_PKEY_CTRL_EC_SIGN_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set_ec_enc_type(ctx, type) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_ENCRYPT|EVP_PKEY_OP_DECRYPT, \
+                                EVP_PKEY_CTRL_EC_ENC_TYPE, type, NULL)
+
+# define EVP_PKEY_CTX_get_ec_enc_type(ctx) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_ENCRYPT|EVP_PKEY_OP_DECRYPT, \
+				EVP_PKEY_CTRL_EC_ENC_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set_ec_dh_type(ctx, type) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_EC_DH_TYPE, type, NULL)
+
+# define EVP_PKEY_CTX_get_ec_dh_type(ctx) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_EC_DH_TYPE, -2, NULL);
+# endif /* OPENSSL_NO_GMSSL */
+
+
+
 # define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
                                 EVP_PKEY_OP_DERIVE, \
@@ -1064,6 +1100,16 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
 # define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN                 (EVP_PKEY_ALG_CTRL + 8)
 # define EVP_PKEY_CTRL_EC_KDF_UKM                        (EVP_PKEY_ALG_CTRL + 9)
 # define EVP_PKEY_CTRL_GET_EC_KDF_UKM                    (EVP_PKEY_ALG_CTRL + 10)
+
+# ifndef OPENSSL_NO_GMSSL
+# define EVP_PKEY_CTRL_EC_SIGN_TYPE                      (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_EC_SIGN_TYPE                  (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_EC_ENC_TYPE                       (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_GET_EC_ENC_TYPE                   (EVP_PKEY_ALG_CTRL + 14)
+# define EVP_PKEY_CTRL_EC_DH_TYPE                        (EVP_PKEY_ALG_CTRL + 15)
+# define EVP_PKEY_CTRL_GET_EC_DH_TYPE                    (EVP_PKEY_ALG_CTRL + 16)
+# endif
+
 /* KDF types */
 # define EVP_PKEY_ECDH_KDF_NONE                          1
 # define EVP_PKEY_ECDH_KDF_X9_62                         2
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index ab2c8d7c..3989e5c6 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -502,7 +502,6 @@ static int eckey_param_decode(EVP_PKEY *pkey,
                               const unsigned char **pder, int derlen)
 {
     EC_KEY *eckey;
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
     if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) {
         ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
         return 0;
@@ -614,7 +613,11 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
     EVP_PKEY_EC,
     0,
     "EC",
+#ifndef OPENSSL_NO_GMSSL
+    "GmSSL EC/SM2 algorithm",
+#else
     "OpenSSL EC algorithm",
+#endif
 
     eckey_pub_decode,
     eckey_pub_encode,
@@ -967,173 +970,3 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
 
 #endif
 
-
-#ifndef OPENSSL_NO_GMSSL
-static int sm2_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
-{
-    const unsigned char *p = NULL;
-    void *pval;
-    int ptype, pklen;
-    EC_KEY *eckey = NULL;
-    X509_ALGOR *palg;
-
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-
-    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
-        return 0;
-    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-    eckey = eckey_type2param(ptype, pval);
-
-    if (!eckey) {
-        ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
-        return 0;
-    }
-
-    /* We have parameters now set public key */
-    if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
-        ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
-        goto ecerr;
-    }
-
-    EVP_PKEY_assign_EC_KEY(pkey, eckey);
-    return 1;
-
- ecerr:
-    if (eckey)
-        EC_KEY_free(eckey);
-    return 0;
-}
-
-static int sm2_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
-{
-    const unsigned char *p = NULL;
-    void *pval;
-    int ptype, pklen;
-    EC_KEY *eckey = NULL;
-    X509_ALGOR *palg;
-
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
-        return 0;
-    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-    eckey = eckey_type2param(ptype, pval);
-
-    if (!eckey)
-        goto ecliberr;
-
-    /* We have parameters now set private key */
-    if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {
-        ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
-        goto ecerr;
-    }
-
-    /* calculate public key (if necessary) */
-    if (EC_KEY_get0_public_key(eckey) == NULL) {
-        const BIGNUM *priv_key;
-        const EC_GROUP *group;
-        EC_POINT *pub_key;
-        /*
-         * the public key was not included in the SEC1 private key =>
-         * calculate the public key
-         */
-        group = EC_KEY_get0_group(eckey);
-        pub_key = EC_POINT_new(group);
-        if (pub_key == NULL) {
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
-            EC_POINT_free(pub_key);
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        priv_key = EC_KEY_get0_private_key(eckey);
-        if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) {
-            EC_POINT_free(pub_key);
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        if (EC_KEY_set_public_key(eckey, pub_key) == 0) {
-            EC_POINT_free(pub_key);
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        EC_POINT_free(pub_key);
-    }
-
-    EVP_PKEY_assign_SM2(pkey, eckey);
-    return 1;
-
- ecliberr:
-    ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
- ecerr:
-    if (eckey)
-        EC_KEY_free(eckey);
-    return 0;
-}
-
-static int sm2_param_decode(EVP_PKEY *pkey,
-                              const unsigned char **pder, int derlen)
-{
-    EC_KEY *eckey;
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-    if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) {
-        ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
-        return 0;
-    }
-    EVP_PKEY_assign_SM2(pkey, eckey);
-    return 1;
-}
-
-static int old_sm2_priv_decode(EVP_PKEY *pkey,
-                              const unsigned char **pder, int derlen)
-{
-    EC_KEY *ec;
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-    if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) {
-        ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
-        return 0;
-    }
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-    EVP_PKEY_assign_SM2(pkey, ec);
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-
-OPENSSL_assert(EC_KEY_get0_group(ec));
-    return 1;
-}
-
-const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {
-    EVP_PKEY_SM2,
-    EVP_PKEY_SM2,
-    0,
-    "SM2",
-    "GmSSL SM2 algorithm",
-
-    sm2_pub_decode,
-    eckey_pub_encode,
-    eckey_pub_cmp,
-    eckey_pub_print,
-
-    sm2_priv_decode,
-    eckey_priv_encode,
-    eckey_priv_print,
-
-    int_ec_size,
-    ec_bits,
-
-    sm2_param_decode,
-    eckey_param_encode,
-    ec_missing_parameters,
-    ec_copy_parameters,
-    ec_cmp_parameters,
-    eckey_param_print,
-    0,
-
-    int_ec_free,
-    ec_pkey_ctrl,
-    old_sm2_priv_decode,
-    old_ec_priv_encode
-};
-#endif
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 2d6ddda7..a6cdebe2 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -88,6 +88,14 @@ typedef struct {
     size_t kdf_ukmlen;
     /* KDF output length */
     size_t kdf_outlen;
+    /* SECG, SM2 or other standards */
+    int sign_type;
+    int enc_type;
+    int dh_type;
+	union {
+		ECIES_PARAMS *ecies;
+		SM2_ENC_PARAMS *sm2;
+	} enc_param;
 } EC_PKEY_CTX;
 
 static int pkey_ec_init(EVP_PKEY_CTX *ctx)
@@ -106,6 +114,9 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx)
     dctx->kdf_outlen = 0;
     dctx->kdf_ukm = NULL;
     dctx->kdf_ukmlen = 0;
+    dctx->sign_type = NID_secg_scheme;
+	dctx->enc_type = NID_secg_scheme;
+	dctx->dh_type = NID_secg_scheme;
 
     ctx->data = dctx;
 
@@ -141,6 +152,9 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
     } else
         dctx->kdf_ukm = NULL;
     dctx->kdf_ukmlen = sctx->kdf_ukmlen;
+    dctx->sign_type = sctx->sign_type;
+    dctx->enc_type = sctx->enc_type;
+    dctx->dh_type = sctx->dh_type;
     return 1;
 }
 
@@ -159,50 +173,213 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
 }
 
 static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-                        const unsigned char *tbs, size_t tbslen)
+                        const unsigned char *dgst, size_t dgstlen)
 {
-    int ret, type;
-    unsigned int sltmp;
-    EC_PKEY_CTX *dctx = ctx->data;
-    EC_KEY *ec = ctx->pkey->pkey.ec;
+	int ret;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	int type;
+	unsigned int len;
 
-    if (!sig) {
-        *siglen = ECDSA_size(ec);
-        return 1;
-    } else if (*siglen < (size_t)ECDSA_size(ec)) {
-        ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
-        return 0;
-    }
+	if (!sig) {
+		*siglen = ECDSA_size(ec_key);
+		return 1;
+	} else if (*siglen < (size_t)ECDSA_size(ec_key)) {
+		ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
+		return 0;
+	}
 
-    if (dctx->md)
-        type = EVP_MD_type(dctx->md);
-    else
-        type = NID_sha1;
+	if (dctx->sign_type != NID_secg_scheme &&
+		dctx->sign_type != NID_sm_scheme) {
+		return 0;
+	}
+		
+	if (dctx->md)
+		type = EVP_MD_type(dctx->md);
+	else if (dctx->sign_type == NID_secg_scheme)
+		type = NID_sha1;
+	else if (dctx->sign_type == NID_sm_scheme)
+		type = NID_sm3;
 
-    ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+	if (dctx->sign_type == NID_secg_scheme) {
+		ret = ECDSA_sign(type, dgst, dgstlen, sig, &len, ec_key);
+	} else if (dctx->sign_type == NID_sm_scheme) {
+		ret = SM2_sign(type, dgst, dgstlen, sig, &len, ec_key);
+	}
 
-    if (ret <= 0)
-        return ret;
-    *siglen = (size_t)sltmp;
-    return 1;
+	if (ret <= 0)
+		return ret;
+
+	*siglen = len;
+	return 1;
 }
 
 static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
-                          const unsigned char *sig, size_t siglen,
-                          const unsigned char *tbs, size_t tbslen)
+	const unsigned char *sig, size_t siglen,
+	const unsigned char *dgst, size_t dgstlen)
 {
-    int ret, type;
-    EC_PKEY_CTX *dctx = ctx->data;
-    EC_KEY *ec = ctx->pkey->pkey.ec;
+	int ret, type;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
 
-    if (dctx->md)
-        type = EVP_MD_type(dctx->md);
-    else
-        type = NID_sha1;
+	if (dctx->md)
+		type = EVP_MD_type(dctx->md);
+	else
+		type = NID_sha1;
 
-    ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+	if (dctx->sign_type == NID_sm2sign)
+		ret = SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key);
+	else
+		ret = ECDSA_verify(type, dgst, dgstlen, sig, siglen, ec_key);
 
-    return ret;
+	return ret;
+}
+
+static int pkey_ec_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	const EVP_MD *md = EVP_sm3();
+	unsigned char zid[EVP_MAX_MD_SIZE];
+	unsigned int zidlen = sizeof(zid);
+
+	if (dctx->sign_type == NID_sm2sign) {
+
+		if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
+       		 	ECerr(EC_F_PKEY_SM2_SIGNCTX_INIT, ERR_R_SM2_LIB);
+			return 0;
+		}
+		if (!mctx->update(mctx, zid, zidlen)) {
+	        	ECerr(EC_F_PKEY_SM2_SIGNCTX_INIT, ERR_R_EVP_LIB);
+			return 0;
+		}
+	}
+
+	return 1;
+}
+
+static int pkey_ec_signctx(EVP_PKEY_CTX *ctx,
+	unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)
+{
+	int ret;
+	unsigned int len;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen;
+	int type = NID_undef;
+
+	if (!sig) {
+		*siglen = SM2_signature_size(ec_key);
+		return 1;
+	} else if (*siglen < (size_t)SM2_signature_size(ec_key)) {
+		ECerr(EC_F_PKEY_SM2_SIGNCTX, EC_R_BUFFER_TOO_SMALL);
+		return 0;
+	}
+
+	if (!EVP_DigestFinal_ex(mctx, dgst, &dgstlen)) {
+		ECerr(EC_F_PKEY_SM2_SIGNCTX, ERR_R_EVP_LIB);
+		return 0;
+	}
+
+	if (dctx->sign_type == NID_sm2sign)
+		ret = SM2_sign(type, dgst, dgstlen, sig, &len, ec_key);
+	else
+		ret = ECDSA_sign(type, dgst, dgstlen, sig, &len, ec_key);
+
+	*siglen = (size_t)len;
+	return ret;
+}
+
+static int pkey_ec_verifyctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+	int ret = 0;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	const EVP_MD *md = EVP_sm3(); // FIXME: we need to get md from somewhere
+	unsigned char zid[EVP_MAX_MD_SIZE];
+	unsigned int zidlen;
+
+
+	if (dctx->sign_type == NID_sm2sign) {
+	
+		zidlen = sizeof(zid);
+		if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
+			goto end;
+		}
+		if (!mctx->update(mctx, zid, zidlen)) {
+			goto end;
+		}
+	}
+
+	ret = 1;
+end:
+	return ret;
+}
+
+static int pkey_ec_verifyctx(EVP_PKEY_CTX *ctx,
+	const unsigned char *sig, int siglen, EVP_MD_CTX *mctx)
+{
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen;
+	EC_PKEY_CTX *ec_ctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	int type = ec_ctx->md ? EVP_MD_type(ec_ctx->md) : NID_sm3;
+
+	dgstlen = sizeof(dgst);
+	if (!EVP_DigestFinal_ex(mctx, dgst, &dgstlen)) {
+		return -1;
+	}
+	
+	return SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key);
+}
+
+static int pkey_ec_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen)
+{
+	int ret;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	ECIES_PARAMS *params = NULL;
+
+	if (dctx->enc_type == NID_sm2encrypt) {
+		ret = SM2_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
+	} else if (dctx->enc_type == NID_ecies_recommendedParameters) {
+		ret = ECIES_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
+	}
+
+	switch (dctx->enc_type) {
+	case NID_sm2encrypt:
+		ret = SM2_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
+		break;
+	case NID_ecies_recommendedParameters:
+		ret = ECIES_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
+		break;
+	case NID_ecies_specifiedParameters:
+		//we need to get ECIES_PARAMS from context
+		ret = ECIES_encrypt(params, out, outlen, in, inlen, ec_key);
+		break;
+	default:
+		ret = 0;
+	}
+
+	return ret;
+}
+
+static int pkey_ec_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen)
+{
+	int ret;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+
+	if (dctx->enc_type == NID_sm2encrypt) {
+		ret = SM2_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
+	} else {
+		ret = ECIES_decrypt_with_recommended(out, outlen, in, inlen, ec_key);
+	}
+
+	return ret;
 }
 
 #ifndef OPENSSL_NO_ECDH
@@ -348,6 +525,44 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         dctx->kdf_type = p1;
         return 1;
 
+#ifndef OPENSSL_NO_GMSSL
+	case EVP_PKEY_CTRL_EC_SIGN_TYPE:
+		if (p1 == -2)
+			return dctx->sign_type;
+		if (p1 != NID_secg_scheme && p1 != NID_sm_scheme)
+			return -2;
+		dctx->sign_type = p1;
+		return 1;
+
+	case EVP_PKEY_CTRL_GET_EC_SIGN_TYPE:
+		*(int *)p2 = dctx->sign_type;
+		return 1;
+
+	case EVP_PKEY_CTRL_EC_ENC_TYPE:
+		if (p1 == -2)
+			return dctx->enc_type;
+		if (p1 != NID_secg_scheme && p1 != NID_sm_scheme)
+			return -2;
+		dctx->enc_type = p1;
+		return 1;
+
+	case EVP_PKEY_CTRL_GET_EC_ENC_TYPE:
+		*(int *)p2 = dctx->enc_type;
+		return 1;
+
+	case EVP_PKEY_CTRL_EC_DH_TYPE:
+		if (p1 == -2)
+			return dctx->dh_type;
+		if (p1 != NID_secg_scheme && p1 != NID_sm_scheme)
+			return -2;
+		dctx->dh_type = p1;
+		return 1;
+
+	case EVP_PKEY_CTRL_GET_EC_DH_TYPE:
+		*(int *)p2 = dctx->dh_type;
+		return 1;
+#endif
+
     case EVP_PKEY_CTRL_EC_KDF_MD:
         dctx->kdf_md = p2;
         return 1;
@@ -427,6 +642,7 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
             ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
             return 0;
         }
+	printf("curve = %s\n", value);
         return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
     } else if (!strcmp(type, "ec_param_enc")) {
         int param_enc;
@@ -437,6 +653,35 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
         else
             return -2;
         return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
+#ifndef OPENSSL_NO_GMSSL
+	} else if (!strcmp(type, "ec_sign_algor")) {
+		int sign_type;
+		if (!strcmp(value, "ecdsa"))
+			sign_type = NID_secg_scheme;
+		else if (!strcmp(value, "sm2"))
+			sign_type = NID_sm_scheme;
+		else
+			return -2;
+		return EVP_PKEY_CTX_set_ec_sign_type(ctx, sign_type);
+	} else if (!strcmp(type, "ec_encrypt_algor")) {
+		int enc_type;
+		if (!strcmp(value, "ecies"))
+			enc_type = NID_secg_scheme;
+		else if (!strcmp(value, "sm2"))
+			enc_type = NID_sm_scheme;
+		else
+			return -2;
+		return EVP_PKEY_CTX_set_ec_enc_type(ctx, enc_type);
+	} else if (!strcmp(type, "ec_derive_algor")) {
+		int dh_type;
+		if (!strcmp(value, "ecdh"))
+			dh_type = NID_secg_scheme;
+		else if (!strcmp(value, "sm2"))
+			dh_type = NID_sm_scheme;
+		else
+			return -2;
+		return EVP_PKEY_CTX_set_ec_dh_type(ctx, dh_type);
+#endif
     } else if (!strcmp(type, "ecdh_kdf_md")) {
         const EVP_MD *md;
         if (!(md = EVP_get_digestbyname(value))) {
@@ -496,382 +741,37 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
     return EC_KEY_generate_key(pkey->pkey.ec);
 }
 
-#ifndef OPENSSL_NO_ECIES
-static int pkey_ec_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-	const unsigned char *in, size_t inlen)
-{
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	ECIES_PARAMS *param = ECIES_get_parameters(ec_key);
-	OPENSSL_assert(param);
-	return ECIES_encrypt(out, outlen, param, in, inlen, ec_key);
-}
-
-static int pkey_ec_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-	const unsigned char *in, size_t inlen)
-{
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	ECIES_PARAMS *param = ECIES_get_parameters(ec_key);
-	OPENSSL_assert(param);
-	return ECIES_decrypt(out, outlen, param, in, inlen, ec_key);
-}
-#endif
-
 const EVP_PKEY_METHOD ec_pkey_meth = {
-    EVP_PKEY_EC,
-    0,
-    pkey_ec_init,
-    pkey_ec_copy,
-    pkey_ec_cleanup,
-
-    0,
-    pkey_ec_paramgen,
-
-    0,
-    pkey_ec_keygen,
-
-    0,
-    pkey_ec_sign,
-
-    0,
-    pkey_ec_verify,
-
-    0, 0,
-
-    0, 0, 0, 0,
-
-    0,
-#ifndef OPENSSL_NO_ECIES
-    pkey_ec_encrypt,
-#else
-    0,
-#endif
-
-    0,
-#ifndef OPENSSL_NO_ECIES
-    pkey_ec_decrypt,
-#else
-    0,
-#endif
-
-    0,
-#ifndef OPENSSL_NO_ECDH
-    pkey_ec_kdf_derive,
-#else
-    0,
-#endif
-
-    pkey_ec_ctrl,
-    pkey_ec_ctrl_str
-};
-
-#ifndef OPENSSL_NO_SM2
-
-static int pkey_sm2_init(EVP_PKEY_CTX *ctx)
-{
-    EC_PKEY_CTX *dctx;
-    dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX));
-    if (!dctx)
-        return 0;
-    dctx->gen_group = EC_GROUP_new_by_curve_name(NID_sm2p256v1);
-    if (dctx->gen_group == NULL) {
-        return 0;
-    }
-    dctx->md = NULL; //FIXME: sm3
-
-    dctx->cofactor_mode = -1;
-    dctx->co_key = NULL;
-    dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE;
-    dctx->kdf_md = NULL;
-    dctx->kdf_outlen = 0;
-    dctx->kdf_ukm = NULL;
-    dctx->kdf_ukmlen = 0;
-
-    ctx->data = dctx;
-
-    return 1;
-}
-
-static int pkey_sm2_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-    EC_KEY *ec = NULL;
-    EC_PKEY_CTX *dctx = ctx->data;
-   
-     if (ctx->pkey == NULL && dctx->gen_group == NULL) {
-        ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
-        return 0;
-    }
-    ec = EC_KEY_new();
-    if (!ec)
-        return 0;
-    EVP_PKEY_assign_SM2(pkey, ec);
-    if (ctx->pkey) {
-        /* Note: if error return, pkey is freed by parent routine */
-        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
-            return 0;
-    } else {
-        if (!EC_KEY_set_group(ec, dctx->gen_group))
-            return 0;
-    }
-    return EC_KEY_generate_key(pkey->pkey.ec);
-}
-
-
-static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-	const unsigned char *dgst, size_t dgstlen)
-{
-	int ret;
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	int type = NID_sm3;
-	size_t len;
-
-	if (!sig) {
-		*siglen = SM2_signature_size(ec_key);
-		return 1;
-	}
-	if (*siglen < (size_t)SM2_signature_size(ec_key)) {
-		ECerr(EC_F_PKEY_SM2_SIGN, EC_R_BUFFER_TOO_SMALL);
-		return 0;
-	}
-
-	if ((ret = SM2_sign(type, dgst, dgstlen, sig, &len, ec_key)) <= 0) {
-		return ret;
-	}
-
-	*siglen = len;
-	return 1;
-}
-
-static int pkey_sm2_verify(EVP_PKEY_CTX *ctx,
-	const unsigned char *sig, size_t siglen,
-	const unsigned char *dgst, size_t dgstlen)
-{
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	int type = ec_ctx->md ? EVP_MD_type(ec_ctx->md) : NID_sm3;
-
-	return SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key);
-}
-
-static int pkey_sm2_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
-{
-	int ret = 0;
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	const EVP_MD *md = EVP_sm3();
-	unsigned char zid[EVP_MAX_MD_SIZE];
-	unsigned int zidlen = sizeof(zid);
-
-	if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
-        	ECerr(EC_F_PKEY_SM2_SIGNCTX_INIT, ERR_R_SM2_LIB);
-		return 0;
-	}
-	if (!mctx->update(mctx, zid, zidlen)) {
-        	ECerr(EC_F_PKEY_SM2_SIGNCTX_INIT, ERR_R_EVP_LIB);
-		return 0;
-	}
-
-	return 1;
-}
-
-static int pkey_sm2_signctx(EVP_PKEY_CTX *ctx,
-	unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)
-{
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	unsigned char dgst[EVP_MAX_MD_SIZE];
-	unsigned int dgstlen;
-	int type = NID_undef;
-
-	if (!sig) {
-		*siglen = SM2_signature_size(ec_key);
-		return 1;
-	}
-
-	if (*siglen < (size_t)SM2_signature_size(ec_key)) {
-		ECerr(EC_F_PKEY_SM2_SIGNCTX, EC_R_BUFFER_TOO_SMALL);
-		return 0;
-	}
-
-	if (!EVP_DigestFinal_ex(mctx, dgst, &dgstlen)) {
-		ECerr(EC_F_PKEY_SM2_SIGNCTX, ERR_R_EVP_LIB);
-		return 0;
-	}
-
-	return SM2_sign(type, dgst, dgstlen, sig, &siglen, ec_key);
-}
-
-static int pkey_sm2_verifyctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
-{
-	int ret = 0;
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	const EVP_MD *md = EVP_sm3(); // FIXME: we need to get md from somewhere
-	unsigned char zid[EVP_MAX_MD_SIZE];
-	unsigned int zidlen;
-
-	zidlen = sizeof(zid);
-	if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
-		goto end;
-	}
-	if (!mctx->update(mctx, zid, zidlen)) {
-		goto end;
-	}
-
-	ret = 1;
-end:
-	return ret;
-}
-
-static int pkey_sm2_verifyctx(EVP_PKEY_CTX *ctx,
-	const unsigned char *sig, int siglen, EVP_MD_CTX *mctx)
-{
-	unsigned char dgst[EVP_MAX_MD_SIZE];
-	size_t dgstlen;
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	int type = ec_ctx->md ? EVP_MD_type(ec_ctx->md) : NID_sm3;
-
-	dgstlen = sizeof(dgst);
-	if (!EVP_DigestFinal_ex(mctx, dgst, &dgstlen)) {
-		return -1;
-	}
-
-	return SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key);
-}
-
-static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
-	unsigned char *out, size_t *outlen,
-	const unsigned char *in, size_t inlen)
-{
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	const EVP_MD *kdf_md = ec_ctx->kdf_md;
-	const EVP_MD *mac_md = ec_ctx->md;
-	point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
-
-	//FIXME: the ec_ctx is not work, no one init it
-	kdf_md = EVP_sm3();
-	mac_md = EVP_sm3();
-	
-
-	//FIXME: where to put the parameters?
-	return SM2_encrypt(in, inlen, out, outlen, ec_key);
-}
-
-static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
-	unsigned char *out, size_t *outlen,
-	const unsigned char *in, size_t inlen)
-{
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	const EVP_MD *kdf_md = ec_ctx->kdf_md;
-	const EVP_MD *mac_md = ec_ctx->md;
-	point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
-
-
-	return SM2_decrypt(in, inlen, out, outlen, ec_key);
-}
-
-static int pkey_sm2_ctrl_digestinit(EVP_PKEY_CTX *pk_ctx, EVP_MD_CTX *md_ctx)
-{
-	int ret = 0;
-	EC_KEY *ec_key = pk_ctx->pkey->pkey.ec;
-	const EVP_MD *md = EVP_MD_CTX_md(md_ctx);
-	char *id;
-	unsigned char zid[EVP_MAX_MD_SIZE];
-	unsigned int zidlen = sizeof(zid);
-
-	EVP_PKEY_CTX *pctx;
-
-	fprintf(stderr, "%s() called\n", __FUNCTION__);
-
-	/*
-	if (!(id = SM2_get_id(ec_key))) {
-		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
-		id = "alice@pku.edu.cn";
-		//return 0;
-	}
-	*/
-
-	//FIXME: check this function
-	if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
-		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
-		return 0;
-	}
-
-	pctx = md_ctx->pctx;
-	md_ctx->pctx = NULL;
-	
-	if (!EVP_DigestInit_ex(md_ctx, md, NULL)) {
-		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
-		goto end;
-	}
-
-	md_ctx->pctx = pctx;
-		
-	if (!EVP_DigestUpdate(md_ctx, zid, zidlen)) {
-		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
-		goto end;
-	}
-
-	EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NO_INIT);
-
-	ret = 1;
-end:
-	return ret;
-}
-
-static int pkey_sm2_derive_init(EVP_PKEY_CTX *ctx)
-{
-	return 0;
-}
-
-static int pkey_sm2_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
-{
-	return 0;
-}
-
-static int pkey_sm2_ctrl(EVP_PKEY_CTX *pk_ctx, int type, int p1, void *p2)
-{
-	switch (type) {
-	case EVP_PKEY_CTRL_DIGESTINIT:
-		return pkey_sm2_ctrl_digestinit(pk_ctx, (EVP_MD_CTX *)p2);
-	case EVP_PKEY_CTRL_MD:
-		return 1;
-        }
-
-	return pkey_ec_ctrl(pk_ctx, type, p1, p2);
-}
-
-const EVP_PKEY_METHOD sm2_pkey_meth = {
-	EVP_PKEY_SM2,
+	EVP_PKEY_EC,
 	0,
-	pkey_sm2_init,
+	pkey_ec_init,
 	pkey_ec_copy,
 	pkey_ec_cleanup,
 	0,
 	pkey_ec_paramgen,
 	0,
-	pkey_sm2_keygen,
+	pkey_ec_keygen,
 	0,
-	pkey_sm2_sign,
+	pkey_ec_sign,
 	0,
-	pkey_sm2_verify,
+	pkey_ec_verify,
 	0,
 	0,
-	pkey_sm2_signctx_init,
-	pkey_sm2_signctx,
-	pkey_sm2_verifyctx_init,
-	pkey_sm2_verifyctx,
+	pkey_ec_signctx_init,
+	pkey_ec_signctx,
+	pkey_ec_verifyctx_init,
+	pkey_ec_verifyctx,
 	0,
-	pkey_sm2_encrypt,
+	pkey_ec_encrypt,
 	0,
-	pkey_sm2_decrypt,
-	pkey_sm2_derive_init,
-	pkey_sm2_derive,
+	pkey_ec_decrypt,
+	0,
+	#ifndef OPENSSL_NO_ECDH
+	pkey_ec_kdf_derive,
+	#else
+	0,
+	#endif
 	pkey_ec_ctrl,
 	pkey_ec_ctrl_str
 };
-#endif
 
diff --git a/crypto/ecies/ecies.h b/crypto/ecies/ecies.h
index 42dafb5b..d2528bf2 100644
--- a/crypto/ecies/ecies.h
+++ b/crypto/ecies/ecies.h
@@ -74,12 +74,36 @@ extern "C" {
 */
 
 typedef struct ecies_params_st {
-	int                  kdf_nid;
+	/* supported kdf algors:
+	 *   x9-63-kdf
+	 *   nist-concatenation-kdf
+         *   tls-kdf
+         *   ikev2-kdf
+	 */
+	int kdf_nid;
 	const EVP_MD        *kdf_md;
+
+	/* supported enc algors:
+	 *   xor-in-ecies
+         *   aes128-cbc-in-ecies
+	 *   aes192-cbc-in-ecies
+	 *   aes256-cbc-in-ecies
+	 *   aes128-ctr-in-ecies
+	 *   aes192-ctr-in-ecies
+	 *   aes256-ctr-in-ecies
+         */
 	const EVP_CIPHER    *sym_cipher;
-	int                  mac_nid;
-	const EVP_MD        *mac_md;
-	const EVP_CIPHER    *mac_cipher;
+
+	/*
+	 * supported mac algors:
+	 *   hmac-full-ecies
+	 *   hmac-half-ecies
+	 *   cmac-aes128-ecies
+	 *   cmac-aes192-ecies
+	 */
+	int mac_nid;
+	const EVP_MD *mac_md;
+	const EVP_CIPHER *mac_cipher;
 } ECIES_PARAMS;
 
 typedef struct ecies_ciphertext_value_st {
@@ -100,11 +124,19 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param,
 int ECIES_do_decrypt(const ECIES_CIPHERTEXT_VALUE *cv,
 	const ECIES_PARAMS *param, unsigned char *out, size_t *outlen, 
 	EC_KEY *ec_key);
-int ECIES_encrypt(unsigned char *out, size_t *outlen,
-	const ECIES_PARAMS *param, const unsigned char *in, size_t inlen,
+int ECIES_encrypt(const ECIES_PARAMS *param,
+	unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
 	EC_KEY *ec_key);
-int ECIES_decrypt(unsigned char *out, size_t *outlen,
-	const ECIES_PARAMS *param, const unsigned char *in, size_t inlen,
+int ECIES_decrypt(const ECIES_PARAMS *param,
+	unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
+	EC_KEY *ec_key);
+int ECIES_encrypt_with_recommended(unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
+	EC_KEY *ec_key);
+int ECIES_decrypt_with_recommended(unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
 	EC_KEY *ec_key);
 
 
diff --git a/crypto/ecies/ecies_lib.c b/crypto/ecies/ecies_lib.c
index a2d475d9..77dfa505 100644
--- a/crypto/ecies/ecies_lib.c
+++ b/crypto/ecies/ecies_lib.c
@@ -448,8 +448,9 @@ err:
 	return r;
 }
 
-int ECIES_encrypt(unsigned char *out, size_t *outlen,
-	const ECIES_PARAMS *param, const unsigned char *in, size_t inlen,
+int ECIES_encrypt(const ECIES_PARAMS *param,
+	unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
 	EC_KEY *ec_key)
 {
 	int ret = 0;
@@ -496,8 +497,9 @@ end:
 	return ret;
 }
 
-int ECIES_decrypt(unsigned char *out, size_t *outlen,
-	const ECIES_PARAMS *param, const unsigned char *in, size_t inlen,
+int ECIES_decrypt(const ECIES_PARAMS *param,
+	unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
 	EC_KEY *ec_key)
 {
 	int ret = 0;
@@ -520,3 +522,37 @@ end:
 	return ret;
 }
 
+int ECIES_PARAMS_init_with_recommended(ECIES_PARAMS *param)
+{
+	if (!param) {
+		return 0;
+	}
+	param->kdf_nid = NID_undef;
+	param->kdf_md = EVP_sha256();
+	param->sym_cipher = EVP_aes_128_cbc();
+	param->mac_nid = NID_undef;
+	param->mac_md = EVP_sha256();
+	param->mac_cipher = NULL;
+	return 1;
+}
+
+int ECIES_encrypt_with_recommended(unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
+	EC_KEY *ec_key)
+{
+	ECIES_PARAMS param;
+	ECIES_PARAMS_init_with_recommended(&param);
+	return ECIES_encrypt(&param, out, outlen, in, inlen, ec_key);
+}
+
+int ECIES_decrypt_with_recommended(unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
+	EC_KEY *ec_key)
+{
+	ECIES_PARAMS param;
+	ECIES_PARAMS_init_with_recommended(&param);
+	return ECIES_decrypt(&param, out, outlen, in, inlen, ec_key);
+}
+
+
+
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 4f8b0e9a..59545528 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -163,7 +163,7 @@ void OpenSSL_add_all_ciphers(void)
     EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
 #endif
 
-#ifndef OPENSSL_NO_SMS4
+#ifndef OPENSSL_NO_GMSSL
     EVP_add_cipher(EVP_sms4_ecb());
     EVP_add_cipher(EVP_sms4_cbc());
     EVP_add_cipher(EVP_sms4_cfb());
@@ -174,9 +174,6 @@ void OpenSSL_add_all_ciphers(void)
     EVP_add_cipher(EVP_sms4_wrap());
     EVP_add_cipher_alias(SN_sms4_cbc,"SMS4");
     EVP_add_cipher_alias(SN_sms4_cbc,"sms4");
-#endif
-
-#ifndef OPENSSL_NO_ZUC
     EVP_add_cipher(EVP_zuc());
 #endif
 
diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
index b92e9115..0fa216f2 100644
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -67,7 +67,7 @@ void OpenSSL_add_all_digests(void)
 #ifndef OPENSSL_NO_MD4
     EVP_add_digest(EVP_md4());
 #endif
-#ifndef OPENSSL_NO_SM3
+#ifndef OPENSSL_NO_GMSSL
 	EVP_add_digest(EVP_sm3());
 #endif
 #ifndef OPENSSL_NO_MD5
diff --git a/crypto/evp/e_sms4.c b/crypto/evp/e_sms4.c
index 4e967c69..3c94a185 100644
--- a/crypto/evp/e_sms4.c
+++ b/crypto/evp/e_sms4.c
@@ -53,7 +53,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 
-#ifndef OPENSSL_NO_SMS4
+#ifndef OPENSSL_NO_GMSSL
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/crypto.h>
diff --git a/crypto/evp/e_zuc.c b/crypto/evp/e_zuc.c
index 3f9ac879..fe380931 100644
--- a/crypto/evp/e_zuc.c
+++ b/crypto/evp/e_zuc.c
@@ -1,7 +1,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 
-#ifndef OPENSSL_NO_ZUC
+#ifndef OPENSSL_NO_GMSSL
 
 #include <openssl/evp.h>
 #include "evp_locl.h"
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 8306a2c1..09606412 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -117,10 +117,7 @@
 # define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
 # define EVP_PKEY_HMAC   NID_hmac
 # define EVP_PKEY_CMAC   NID_cmac
-
-# ifndef OPENSSL_NO_SM2
-#  define EVP_PKEY_SM2    NID_sm2p256v1 /* FIXME: NID_sm2 */
-# endif
+# define EVP_PKEY_CBCMAC NID_cbc_mac
 
 #ifdef  __cplusplus
 extern "C" {
@@ -254,14 +251,6 @@ typedef int evp_verify_method(int type, const unsigned char *m,
 #   define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method
 #  endif
 
-#  ifndef OPENSSL_NO_SM2
-#   define EVP_PKEY_SM2_method   (evp_sign_method *)SM2_sign, \
-                                (evp_verify_method *)SM2_verify, \
-                                 {EVP_PKEY_SM2,0,0,0}
-#  else
-#   define EVP_PKEY_SM2_method   EVP_PKEY_NULL_method
-#  endif
-
 #  ifndef OPENSSL_NO_RSA
 #   define EVP_PKEY_RSA_method     (evp_sign_method *)RSA_sign, \
                                 (evp_verify_method *)RSA_verify, \
@@ -519,10 +508,6 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
                                         (char *)(eckey))
 # endif
 
-# ifndef OPENSSL_NO_SM2
-#  define EVP_PKEY_assign_SM2(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_SM2,\
-                                        (char *)(eckey))
-# endif
 
 /* Add some extra combinations */
 # define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
@@ -756,7 +741,7 @@ const EVP_MD *EVP_ripemd160(void);
 # ifndef OPENSSL_NO_WHIRLPOOL
 const EVP_MD *EVP_whirlpool(void);
 # endif
-# ifndef OPENSSL_NO_SM3
+# ifndef OPENSSL_NO_GMSSL
 const EVP_MD *EVP_sm3(void);
 # endif
 const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
@@ -845,7 +830,7 @@ const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
 #  define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
 const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
 # endif
-#ifndef OPENSSL_NO_SMS4
+#ifndef OPENSSL_NO_GMSSL
 const EVP_CIPHER *EVP_sms4_ecb(void);
 const EVP_CIPHER *EVP_sms4_cbc(void);
 const EVP_CIPHER *EVP_sms4_cfb1(void);
@@ -862,8 +847,6 @@ const EVP_CIPHER *EVP_sms4_wrap(void);
 #define EVP_sm4_cbc EVP_sms4_cbc
 #define EVP_sm4_cfb EVP_sms4_cfb
 #define EVP_sm4_ofb EVP_sms4_ofb
-#endif
-#ifndef OPENSSL_NO_ZUC
 const EVP_CIPHER *EVP_zuc(void);
 #endif
 # ifndef OPENSSL_NO_AES
@@ -1016,10 +999,6 @@ struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
 struct ec_key_st;
 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
 struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-# ifndef OPENSSL_NO_SM2
-int EVP_PKEY_set1_SM2(EVP_PKEY *pkey, struct ec_key_st *key);
-struct ec_key_st *EVP_PKEY_get1_SM2(EVP_PKEY *pkey);
-# endif
 # endif
 
 EVP_PKEY *EVP_PKEY_new(void);
@@ -1238,6 +1217,8 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
 
 # define EVP_PKEY_CTRL_GET_MD            13
 
+
+
 # define EVP_PKEY_ALG_CTRL               0x1000
 
 # define EVP_PKEY_FLAG_AUTOARGLEN        2
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index ef07f6c7..82c7833a 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -228,14 +228,3 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
     return 0;
 }
 
-#ifndef OPENSSL_NO_GMSSL
-int EVP_PKEY_ec_to_sm2(EVP_PKEY *pkey, int only_sm2_curve)
-{
-	return 0;
-}
-
-int EVP_PKEY_sm2_to_ec(EVP_PKEY *pkey)
-{
-	return 0;
-}
-#endif
diff --git a/crypto/evp/m_sm3.c b/crypto/evp/m_sm3.c
index 1240ad63..99d50efb 100644
--- a/crypto/evp/m_sm3.c
+++ b/crypto/evp/m_sm3.c
@@ -52,7 +52,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 
-#ifndef OPENSSL_NO_SM3
+#ifndef OPENSSL_NO_GMSSL
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -76,18 +76,20 @@ static int final(EVP_MD_CTX *ctx, unsigned char *md)
 }
 
 static const EVP_MD sm3_md = {
-        NID_sm3,
-        NID_sm2sign_with_sm3,
-        SM3_DIGEST_LENGTH,
-        0,
-        init,
-        update,
-        final,
-        NULL,
-        NULL,
-        EVP_PKEY_SM2_method,
-        SM3_BLOCK_SIZE,
-        sizeof(EVP_MD *) + sizeof(sm3_ctx_t),
+	NID_sm3,
+	NID_sm2sign_with_sm3,
+	SM3_DIGEST_LENGTH,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
+	(evp_sign_method *)SM2_sign,
+	(evp_verify_method *)SM2_verify,
+	{EVP_PKEY_EC, 0, 0, 0},
+	SM3_BLOCK_SIZE,
+	sizeof(EVP_MD *) + sizeof(sm3_ctx_t),
 };
 
 const EVP_MD *EVP_sm3(void)
diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c
index 6f2cc552..a9f09f3a 100644
--- a/crypto/evp/p_enc.c
+++ b/crypto/evp/p_enc.c
@@ -66,49 +66,29 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-static int ossl_EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key,
-                         int key_len, EVP_PKEY *pubk)
-{
-    int ret = 0;
-
-    if (pubk->type != EVP_PKEY_RSA) {
-        EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
-        goto err;
-    }
-    ret =
-        RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa,
-                           RSA_PKCS1_PADDING);
- err:
-    return (ret);
-}
-
-// OPENSSL_NO_GMSSL
-// here is to mark changes
-
+/* GMSSL: EVP_PKEY_encrypt_old() is modified */
 int EVP_PKEY_encrypt_old(unsigned char *out, const unsigned char *in,
 	int inlen, EVP_PKEY *pkey)
 {
 	int ret = 0;
 	EVP_PKEY_CTX *ctx = NULL;
-	size_t outlen;
+	size_t size;
 
 	if (pkey->type == EVP_PKEY_RSA) {
-		return ossl_EVP_PKEY_encrypt_old(out, in, inlen, pkey);
+		ret = RSA_public_encrypt(inlen, in, out, pkey->pkey.rsa,
+			RSA_PKCS1_PADDING);
+	} else {
+		if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) {
+			return 0;
+		}
+		if (1 != EVP_PKEY_encrypt_init(ctx)) {
+			return 0;
+		}
+		if (1 != EVP_PKEY_encrypt(ctx, out, &size, in, inlen)) {
+			goto end;
+		}
+		ret = (int)size;
 	}
-
-	if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) {
-		return 0;
-	}
-	if (EVP_PKEY_encrypt_init(ctx) <= 0) {
-		goto end;
-	}
-	/* ctrl operations can be added here */
-	if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) {
-		goto end;
-	}
-
-	ret = (int)outlen;
-
 end:
 	EVP_PKEY_CTX_free(ctx);
 	return ret;
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index c2c6d746..749e6b71 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -80,9 +80,6 @@
 
 #include "asn1_locl.h"
 
-#ifndef OPENSSL_NO_GMSSL
-#include "../ec/ec_lcl.h"
-#endif
 
 static void EVP_PKEY_free_it(EVP_PKEY *x);
 
@@ -120,15 +117,6 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
         return (ret);
     }
 #endif
-#ifndef OPENSSL_NO_SM2
-    if (pkey->type == EVP_PKEY_SM2) {
-        int ret = pkey->save_parameters;
-
-        if (mode >= 0)
-            pkey->save_parameters = mode;
-        return (ret);
-    }
-#endif
     return (0);
 }
 
@@ -338,27 +326,6 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
 }
 #endif
 
-#ifndef OPENSSL_NO_SM2
-int EVP_PKEY_set1_SM2(EVP_PKEY *pkey, EC_KEY *key)
-{
-    int ret = EVP_PKEY_assign_SM2(pkey, key);
-    if (ret)
-        EC_KEY_up_ref(key);
-    return ret;
-}
-
-EC_KEY *EVP_PKEY_get1_SM2(EVP_PKEY *pkey)
-{
-    /* FIXME: reconsider the SM2 and EC_KEY relationship */
-    if (pkey->type != EVP_PKEY_SM2) {
-        EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);//FIXME:errno
-        return NULL;
-    }
-    EC_KEY_up_ref(pkey->pkey.ec);
-    return pkey->pkey.ec;
-}
-#endif
-
 #ifndef OPENSSL_NO_DH
 
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index d11a46c4..bb7dfaef 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -75,7 +75,7 @@ STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
 
 extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
 extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
-extern const EVP_PKEY_METHOD dhx_pkey_meth, sm2_pkey_meth;
+extern const EVP_PKEY_METHOD dhx_pkey_meth, cbcmac_pkey_meth;
 
 static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_RSA
@@ -89,14 +89,14 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
 #endif
 #ifndef OPENSSL_NO_EC
     &ec_pkey_meth,
-#endif
-#ifndef OPENSSL_NO_SM2
-    &sm2_pkey_meth,
 #endif
     &hmac_pkey_meth,
     &cmac_pkey_meth,
 #ifndef OPENSSL_NO_DH
-    &dhx_pkey_meth
+    &dhx_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_GMSSL
+    &cbcmac_pkey_meth,
 #endif
 };
 
@@ -119,28 +119,14 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
     tmp.pkey_id = type;
     if (app_pkey_methods) {
         int idx;
-
-	//fprintf(stderr, "check %s %d\n", __FILE__, __LINE__);
         idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp);
         if (idx >= 0)
             return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
-	//fprintf(stderr, "check %s %d\n", __FILE__, __LINE__);
     }
-    //fprintf(stderr, "%s %d: t->pkey_id = %d\n", __FILE__, __LINE__, t->pkey_id);
-	int i;
-	for (i = 0; i < sizeof(standard_methods) / sizeof(EVP_PKEY_METHOD *); i++) {
-		if (type == standard_methods[i]->pkey_id) {
-			return standard_methods[i];
-		}
-	}
-/*
     ret = OBJ_bsearch_pmeth(&t, standard_methods,
                             sizeof(standard_methods) /
                             sizeof(EVP_PKEY_METHOD *));
-
-*/
     if (!ret || !*ret) {
-	//fprintf(stderr, "check %s %d\n", __FILE__, __LINE__);
         return NULL;
     }
     return *ret;
@@ -152,7 +138,6 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
     const EVP_PKEY_METHOD *pmeth;
     if (id == -1) {
         if (!pkey || !pkey->ameth) {
-            fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
             return NULL;
         }
         id = pkey->ameth->pkey_id;
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index b7326dda..3ee61086 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 1034
-#define NUM_SN 1012
-#define NUM_LN 1012
-#define NUM_OBJ 950
+#define NUM_NID 1040
+#define NUM_SN 1016
+#define NUM_LN 1016
+#define NUM_OBJ 954
 
-static const unsigned char lvalues[6691]={
+static const unsigned char lvalues[6721]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
@@ -957,61 +957,65 @@ static const unsigned char lvalues[6691]={
 0x2A,0x81,0x1C,0xCF,0x55,                    /* [6265] OBJ_oscca */
 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,     /* [6270] OBJ_sm3 */
 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,0x02,/* [6278] OBJ_hmac_sm3 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,               /* [6287] OBJ_sm */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x01,/* [6293] OBJ_sm2sign */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x02,/* [6302] OBJ_sm2keyagreement */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,/* [6311] OBJ_sm2encrypt */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75,     /* [6320] OBJ_sm2sign_with_sm3 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x76,     /* [6328] OBJ_sm2sign_with_sha1 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x77,     /* [6336] OBJ_sm2sign_with_sha256 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01,     /* [6344] OBJ_sms4_ecb */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02,     /* [6352] OBJ_sms4_cbc */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03,     /* [6360] OBJ_sms4_ofb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04,     /* [6368] OBJ_sms4_cfb128 */
-0x2B,0x81,0x04,0x01,0x07,                    /* [6376] OBJ_ecies_recommendedParameters */
-0x2B,0x81,0x04,0x01,0x08,                    /* [6381] OBJ_ecies_specifiedParameters */
-0x2B,0x81,0x04,0x01,0x11,0x00,               /* [6386] OBJ_x9_63_kdf */
-0x2B,0x81,0x04,0x01,0x11,0x01,               /* [6392] OBJ_nist_concatenation_kdf */
-0x2B,0x81,0x04,0x01,0x11,0x02,               /* [6398] OBJ_tls_kdf */
-0x2B,0x81,0x04,0x01,0x11,0x03,               /* [6404] OBJ_ikev2_kdf */
-0x2B,0x81,0x04,0x01,0x12,                    /* [6410] OBJ_xor_in_ecies */
-0x2B,0x81,0x04,0x01,0x14,0x00,               /* [6415] OBJ_aes128_cbc_in_ecies */
-0x2B,0x81,0x04,0x01,0x14,0x01,               /* [6421] OBJ_aes192_cbc_in_ecies */
-0x2B,0x81,0x04,0x01,0x14,0x02,               /* [6427] OBJ_aes256_cbc_in_ecies */
-0x2B,0x81,0x04,0x01,0x15,0x00,               /* [6433] OBJ_aes128_ctr_in_ecies */
-0x2B,0x81,0x04,0x01,0x15,0x01,               /* [6439] OBJ_aes192_ctr_in_ecies */
-0x2B,0x81,0x04,0x01,0x15,0x02,               /* [6445] OBJ_aes256_ctr_in_ecies */
-0x2B,0x81,0x04,0x01,0x16,                    /* [6451] OBJ_hmac_full_ecies */
-0x2B,0x81,0x04,0x01,0x17,                    /* [6456] OBJ_hmac_half_ecies */
-0x2B,0x81,0x04,0x01,0x18,0x00,               /* [6461] OBJ_cmac_aes128_ecies */
-0x2B,0x81,0x04,0x01,0x18,0x01,               /* [6467] OBJ_cmac_aes192_ecies */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x86,0x20,     /* [6473] OBJ_zuc */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x69,          /* [6481] OBJ_sm7 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x6A,          /* [6488] OBJ_sm8 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x81,0x49,     /* [6495] OBJ_sm5 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x01,/* [6503] OBJ_sm9sign */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x02,/* [6512] OBJ_sm9keyagreement */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x03,/* [6521] OBJ_sm9encrypt */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x01,     /* [6530] OBJ_sm6_ecb */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x02,     /* [6538] OBJ_sm6_cbc */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x03,     /* [6546] OBJ_sm6_ofb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x04,     /* [6554] OBJ_sm6_cfb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x01,     /* [6562] OBJ_sm1_ecb */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x02,     /* [6570] OBJ_sm1_cbc */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x03,     /* [6578] OBJ_sm1_ofb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x04,     /* [6586] OBJ_sm1_cfb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x01,     /* [6594] OBJ_ssf33_ecb */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x02,     /* [6602] OBJ_ssf33_cbc */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x03,     /* [6610] OBJ_ssf33_ofb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x04,     /* [6618] OBJ_ssf33_cfb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,     /* [6626] OBJ_id_sm9PublicKey */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x07,     /* [6634] OBJ_sms4_ctr */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x08,     /* [6642] OBJ_sms4_gcm */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x09,     /* [6650] OBJ_sms4_ccm */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x0A,     /* [6658] OBJ_sms4_xts */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x05,     /* [6666] OBJ_sms4_cfb1 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x06,     /* [6674] OBJ_sms4_cfb8 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x0B,     /* [6682] OBJ_sms4_wrap */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x01,/* [6287] OBJ_sm2sign */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x02,/* [6296] OBJ_sm2keyagreement */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,/* [6305] OBJ_sm2encrypt */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75,     /* [6314] OBJ_sm2sign_with_sm3 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x76,     /* [6322] OBJ_sm2sign_with_sha1 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x77,     /* [6330] OBJ_sm2sign_with_sha256 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01,     /* [6338] OBJ_sms4_ecb */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02,     /* [6346] OBJ_sms4_cbc */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03,     /* [6354] OBJ_sms4_ofb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04,     /* [6362] OBJ_sms4_cfb128 */
+0x2B,0x81,0x04,0x01,0x07,                    /* [6370] OBJ_ecies_recommendedParameters */
+0x2B,0x81,0x04,0x01,0x08,                    /* [6375] OBJ_ecies_specifiedParameters */
+0x2B,0x81,0x04,0x01,0x11,0x00,               /* [6380] OBJ_x9_63_kdf */
+0x2B,0x81,0x04,0x01,0x11,0x01,               /* [6386] OBJ_nist_concatenation_kdf */
+0x2B,0x81,0x04,0x01,0x11,0x02,               /* [6392] OBJ_tls_kdf */
+0x2B,0x81,0x04,0x01,0x11,0x03,               /* [6398] OBJ_ikev2_kdf */
+0x2B,0x81,0x04,0x01,0x12,                    /* [6404] OBJ_xor_in_ecies */
+0x2B,0x81,0x04,0x01,0x14,0x00,               /* [6409] OBJ_aes128_cbc_in_ecies */
+0x2B,0x81,0x04,0x01,0x14,0x01,               /* [6415] OBJ_aes192_cbc_in_ecies */
+0x2B,0x81,0x04,0x01,0x14,0x02,               /* [6421] OBJ_aes256_cbc_in_ecies */
+0x2B,0x81,0x04,0x01,0x15,0x00,               /* [6427] OBJ_aes128_ctr_in_ecies */
+0x2B,0x81,0x04,0x01,0x15,0x01,               /* [6433] OBJ_aes192_ctr_in_ecies */
+0x2B,0x81,0x04,0x01,0x15,0x02,               /* [6439] OBJ_aes256_ctr_in_ecies */
+0x2B,0x81,0x04,0x01,0x16,                    /* [6445] OBJ_hmac_full_ecies */
+0x2B,0x81,0x04,0x01,0x17,                    /* [6450] OBJ_hmac_half_ecies */
+0x2B,0x81,0x04,0x01,0x18,0x00,               /* [6455] OBJ_cmac_aes128_ecies */
+0x2B,0x81,0x04,0x01,0x18,0x01,               /* [6461] OBJ_cmac_aes192_ecies */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x86,0x20,     /* [6467] OBJ_zuc */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x69,          /* [6475] OBJ_sm7 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x6A,          /* [6482] OBJ_sm8 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x81,0x49,     /* [6489] OBJ_sm5 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x01,/* [6497] OBJ_sm9sign */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x02,/* [6506] OBJ_sm9keyagreement */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x03,/* [6515] OBJ_sm9encrypt */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x01,     /* [6524] OBJ_sm6_ecb */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x02,     /* [6532] OBJ_sm6_cbc */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x03,     /* [6540] OBJ_sm6_ofb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x04,     /* [6548] OBJ_sm6_cfb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x01,     /* [6556] OBJ_sm1_ecb */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x02,     /* [6564] OBJ_sm1_cbc */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x03,     /* [6572] OBJ_sm1_ofb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x04,     /* [6580] OBJ_sm1_cfb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x01,     /* [6588] OBJ_ssf33_ecb */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x02,     /* [6596] OBJ_ssf33_cbc */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x03,     /* [6604] OBJ_ssf33_ofb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x04,     /* [6612] OBJ_ssf33_cfb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,     /* [6620] OBJ_id_sm9PublicKey */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x07,     /* [6628] OBJ_sms4_ctr */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x08,     /* [6636] OBJ_sms4_gcm */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x09,     /* [6644] OBJ_sms4_ccm */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x0A,     /* [6652] OBJ_sms4_xts */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x05,     /* [6660] OBJ_sms4_cfb1 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x06,     /* [6668] OBJ_sms4_cfb8 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x0B,     /* [6676] OBJ_sms4_wrap */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,               /* [6684] OBJ_X9_62_id_ecSigType */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x01,/* [6690] OBJ_sm2encrypt_recommendedParameters */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,/* [6700] OBJ_sm2encrypt_specifiedParameters */
+0x2B,0x81,0x04,0x01,                         /* [6710] OBJ_secg_scheme */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,               /* [6714] OBJ_sm_scheme */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2584,91 +2588,101 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"sm","sm",NID_sm,6,&(lvalues[6287]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"sm2sign","sm2sign",NID_sm2sign,9,&(lvalues[6293]),0},
+{NULL,NULL,NID_undef,0,NULL,0},
+{"sm2sign","sm2sign",NID_sm2sign,9,&(lvalues[6287]),0},
 {"sm2keyagreement","sm2keyagreement",NID_sm2keyagreement,9,
-	&(lvalues[6302]),0},
-{"sm2encrypt","sm2encrypt",NID_sm2encrypt,9,&(lvalues[6311]),0},
+	&(lvalues[6296]),0},
+{"sm2encrypt","sm2encrypt",NID_sm2encrypt,9,&(lvalues[6305]),0},
 {"SM2Sign-with-SM3","sm2sign-with-sm3",NID_sm2sign_with_sm3,8,
-	&(lvalues[6320]),0},
+	&(lvalues[6314]),0},
 {"SM2Sign-with-SHA1","sm2sign-with-sha1",NID_sm2sign_with_sha1,8,
-	&(lvalues[6328]),0},
+	&(lvalues[6322]),0},
 {"SM2Sign-with-SHA256","sm2sign-with-sha256",NID_sm2sign_with_sha256,
-	8,&(lvalues[6336]),0},
+	8,&(lvalues[6330]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"SMS4-ECB","sms4-ecb",NID_sms4_ecb,8,&(lvalues[6344]),0},
-{"SMS4-CBC","sms4-cbc",NID_sms4_cbc,8,&(lvalues[6352]),0},
+{"SMS4-ECB","sms4-ecb",NID_sms4_ecb,8,&(lvalues[6338]),0},
+{"SMS4-CBC","sms4-cbc",NID_sms4_cbc,8,&(lvalues[6346]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"SMS4-OFB","sms4-ofb",NID_sms4_ofb128,8,&(lvalues[6360]),0},
-{"SMS4-CFB","sms4-cfb",NID_sms4_cfb128,8,&(lvalues[6368]),0},
+{"SMS4-OFB","sms4-ofb",NID_sms4_ofb128,8,&(lvalues[6354]),0},
+{"SMS4-CFB","sms4-cfb",NID_sms4_cfb128,8,&(lvalues[6362]),0},
 {"ecies-recommendedParameters","ecies-recommendedParameters",
-	NID_ecies_recommendedParameters,5,&(lvalues[6376]),0},
+	NID_ecies_recommendedParameters,5,&(lvalues[6370]),0},
 {"ecies-specifiedParameters","ecies-specifiedParameters",
-	NID_ecies_specifiedParameters,5,&(lvalues[6381]),0},
-{"x9-63-kdf","x9-63-kdf",NID_x9_63_kdf,6,&(lvalues[6386]),0},
+	NID_ecies_specifiedParameters,5,&(lvalues[6375]),0},
+{"x9-63-kdf","x9-63-kdf",NID_x9_63_kdf,6,&(lvalues[6380]),0},
 {"nist-concatenation-kdf","nist-concatenation-kdf",
-	NID_nist_concatenation_kdf,6,&(lvalues[6392]),0},
-{"tls-kdf","tls-kdf",NID_tls_kdf,6,&(lvalues[6398]),0},
-{"ikev2-kdf","ikev2-kdf",NID_ikev2_kdf,6,&(lvalues[6404]),0},
-{"xor-in-ecies","xor-in-ecies",NID_xor_in_ecies,5,&(lvalues[6410]),0},
+	NID_nist_concatenation_kdf,6,&(lvalues[6386]),0},
+{"tls-kdf","tls-kdf",NID_tls_kdf,6,&(lvalues[6392]),0},
+{"ikev2-kdf","ikev2-kdf",NID_ikev2_kdf,6,&(lvalues[6398]),0},
+{"xor-in-ecies","xor-in-ecies",NID_xor_in_ecies,5,&(lvalues[6404]),0},
 {"aes128-cbc-in-ecies","aes128-cbc-in-ecies",NID_aes128_cbc_in_ecies,
-	6,&(lvalues[6415]),0},
+	6,&(lvalues[6409]),0},
 {"aes192-cbc-in-ecies","aes192-cbc-in-ecies",NID_aes192_cbc_in_ecies,
-	6,&(lvalues[6421]),0},
+	6,&(lvalues[6415]),0},
 {"aes256-cbc-in-ecies","aes256-cbc-in-ecies",NID_aes256_cbc_in_ecies,
-	6,&(lvalues[6427]),0},
+	6,&(lvalues[6421]),0},
 {"aes128-ctr-in-ecies","aes128-ctr-in-ecies",NID_aes128_ctr_in_ecies,
-	6,&(lvalues[6433]),0},
+	6,&(lvalues[6427]),0},
 {"aes192-ctr-in-ecies","aes192-ctr-in-ecies",NID_aes192_ctr_in_ecies,
-	6,&(lvalues[6439]),0},
+	6,&(lvalues[6433]),0},
 {"aes256-ctr-in-ecies","aes256-ctr-in-ecies",NID_aes256_ctr_in_ecies,
-	6,&(lvalues[6445]),0},
+	6,&(lvalues[6439]),0},
 {"hmac-full-ecies","hmac-full-ecies",NID_hmac_full_ecies,5,
-	&(lvalues[6451]),0},
+	&(lvalues[6445]),0},
 {"hmac-half-ecies","hmac-half-ecies",NID_hmac_half_ecies,5,
-	&(lvalues[6456]),0},
+	&(lvalues[6450]),0},
 {"cmac-aes128-ecies","cmac-aes128-ecies",NID_cmac_aes128_ecies,6,
-	&(lvalues[6461]),0},
+	&(lvalues[6455]),0},
 {"cmac-aes192-ecies","cmac-aes192-ecies",NID_cmac_aes192_ecies,6,
-	&(lvalues[6467]),0},
-{"ZUC","zuc",NID_zuc,8,&(lvalues[6473]),0},
+	&(lvalues[6461]),0},
+{"ZUC","zuc",NID_zuc,8,&(lvalues[6467]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"NULL","NULL",NID_sm7,7,&(lvalues[6481]),0},
-{"NULL","NULL",NID_sm8,7,&(lvalues[6488]),0},
-{"SM5","sm5",NID_sm5,8,&(lvalues[6495]),0},
+{"NULL","NULL",NID_sm7,7,&(lvalues[6475]),0},
+{"NULL","NULL",NID_sm8,7,&(lvalues[6482]),0},
+{"SM5","sm5",NID_sm5,8,&(lvalues[6489]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"sm9sign","sm9sign",NID_sm9sign,9,&(lvalues[6503]),0},
+{"sm9sign","sm9sign",NID_sm9sign,9,&(lvalues[6497]),0},
 {"sm9keyagreement","sm9keyagreement",NID_sm9keyagreement,9,
-	&(lvalues[6512]),0},
-{"sm9encrypt","sm9encrypt",NID_sm9encrypt,9,&(lvalues[6521]),0},
+	&(lvalues[6506]),0},
+{"sm9encrypt","sm9encrypt",NID_sm9encrypt,9,&(lvalues[6515]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"SM6-ECB","sm6-ecb",NID_sm6_ecb,8,&(lvalues[6530]),0},
-{"SM6-CBC","sm6-cbc",NID_sm6_cbc,8,&(lvalues[6538]),0},
-{"SM6-OFB","sm6-ofb",NID_sm6_ofb128,8,&(lvalues[6546]),0},
-{"SM6-CFB","sm6-cfb",NID_sm6_cfb128,8,&(lvalues[6554]),0},
-{"SM1-ECB","sm1-ecb",NID_sm1_ecb,8,&(lvalues[6562]),0},
-{"SM1-CBC","sm1-cbc",NID_sm1_cbc,8,&(lvalues[6570]),0},
-{"SM1-OFB","sm1-ofb",NID_sm1_ofb128,8,&(lvalues[6578]),0},
-{"NULL","NULL",NID_sm1_cfb128,8,&(lvalues[6586]),0},
-{"SSF33-ECB","ssf33-ecb",NID_ssf33_ecb,8,&(lvalues[6594]),0},
-{"SSF33-CBC","ssf33-cbc",NID_ssf33_cbc,8,&(lvalues[6602]),0},
-{"SSF33-OFB","ssf33-ofb",NID_ssf33_ofb128,8,&(lvalues[6610]),0},
-{"SSF33-CFB","ssf33-cfb",NID_ssf33_cfb128,8,&(lvalues[6618]),0},
+{"SM6-ECB","sm6-ecb",NID_sm6_ecb,8,&(lvalues[6524]),0},
+{"SM6-CBC","sm6-cbc",NID_sm6_cbc,8,&(lvalues[6532]),0},
+{"SM6-OFB","sm6-ofb",NID_sm6_ofb128,8,&(lvalues[6540]),0},
+{"SM6-CFB","sm6-cfb",NID_sm6_cfb128,8,&(lvalues[6548]),0},
+{"SM1-ECB","sm1-ecb",NID_sm1_ecb,8,&(lvalues[6556]),0},
+{"SM1-CBC","sm1-cbc",NID_sm1_cbc,8,&(lvalues[6564]),0},
+{"SM1-OFB","sm1-ofb",NID_sm1_ofb128,8,&(lvalues[6572]),0},
+{"SM1-CFB","sm1-cfb",NID_sm1_cfb128,8,&(lvalues[6580]),0},
+{"SSF33-ECB","ssf33-ecb",NID_ssf33_ecb,8,&(lvalues[6588]),0},
+{"SSF33-CBC","ssf33-cbc",NID_ssf33_cbc,8,&(lvalues[6596]),0},
+{"SSF33-OFB","ssf33-ofb",NID_ssf33_ofb128,8,&(lvalues[6604]),0},
+{"SSF33-CFB","ssf33-cfb",NID_ssf33_cfb128,8,&(lvalues[6612]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {"id-sm9PublicKey","id-sm9PublicKey",NID_id_sm9PublicKey,8,
-	&(lvalues[6626]),0},
-{"SMS4-CTR","sms4-ctr",NID_sms4_ctr,8,&(lvalues[6634]),0},
-{"SMS4-GCM","sms4-gcm",NID_sms4_gcm,8,&(lvalues[6642]),0},
-{"SMS4-CCM","sms4-ccm",NID_sms4_ccm,8,&(lvalues[6650]),0},
-{"SMS4-XTS","sms4-xts",NID_sms4_xts,8,&(lvalues[6658]),0},
-{"SM1-CFB","sm1-cfb",NID_sm1_cfb,0,NULL,0},
-{"SMS4-CFB1","sms4-cfb1",NID_sms4_cfb1,8,&(lvalues[6666]),0},
-{"SMS4-CFB8","sms4-cfb8",NID_sms4_cfb8,8,&(lvalues[6674]),0},
-{"SMS4-WRAP","sms4-wrap",NID_sms4_wrap,8,&(lvalues[6682]),0},
+	&(lvalues[6620]),0},
+{"SMS4-CTR","sms4-ctr",NID_sms4_ctr,8,&(lvalues[6628]),0},
+{"SMS4-GCM","sms4-gcm",NID_sms4_gcm,8,&(lvalues[6636]),0},
+{"SMS4-CCM","sms4-ccm",NID_sms4_ccm,8,&(lvalues[6644]),0},
+{"SMS4-XTS","sms4-xts",NID_sms4_xts,8,&(lvalues[6652]),0},
+{NULL,NULL,NID_undef,0,NULL,0},
+{"SMS4-CFB1","sms4-cfb1",NID_sms4_cfb1,8,&(lvalues[6660]),0},
+{"SMS4-CFB8","sms4-cfb8",NID_sms4_cfb8,8,&(lvalues[6668]),0},
+{"SMS4-WRAP","sms4-wrap",NID_sms4_wrap,8,&(lvalues[6676]),0},
+{"id-ecSigType","id-ecSigType",NID_X9_62_id_ecSigType,6,
+	&(lvalues[6684]),0},
+{"sm2encrypt-recommendedParameters",
+	"sm2encrypt-recommendedParameters",
+	NID_sm2encrypt_recommendedParameters,10,&(lvalues[6690]),0},
+{"sm2encrypt-specifiedParameters","sm2encrypt-specifiedParameters",
+	NID_sm2encrypt_specifiedParameters,10,&(lvalues[6700]),0},
+{"secg-scheme","secg-scheme",NID_secg_scheme,4,&(lvalues[6710]),0},
+{"sm-scheme","sm-scheme",NID_sm_scheme,6,&(lvalues[6714]),0},
+{"CBC-MAC","cbc-mac",NID_cbc_mac,0,NULL,0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
@@ -2729,6 +2743,7 @@ static const unsigned int sn_objs[NUM_SN]={
 110,	/* "CAST5-CFB" */
 109,	/* "CAST5-ECB" */
 111,	/* "CAST5-OFB" */
+1039,	/* "CBC-MAC" */
 894,	/* "CMAC" */
 13,	/* "CN" */
 141,	/* "CRLReason" */
@@ -2789,7 +2804,6 @@ static const unsigned int sn_objs[NUM_SN]={
 404,	/* "NULL" */
 1004,	/* "NULL" */
 1005,	/* "NULL" */
-1019,	/* "NULL" */
 57,	/* "Netscape" */
 366,	/* "Nonce" */
 17,	/* "O" */
@@ -2858,7 +2872,7 @@ static const unsigned int sn_objs[NUM_SN]={
 673,	/* "SHA384" */
 674,	/* "SHA512" */
 1017,	/* "SM1-CBC" */
-1030,	/* "SM1-CFB" */
+1019,	/* "SM1-CFB" */
 1016,	/* "SM1-ECB" */
 1018,	/* "SM1-OFB" */
 974,	/* "SM2Sign-with-SHA1" */
@@ -3179,6 +3193,7 @@ static const unsigned int sn_objs[NUM_SN]={
 331,	/* "id-cmc-transactionId" */
 787,	/* "id-ct-asciiTextWithCRLF" */
 408,	/* "id-ecPublicKey" */
+1034,	/* "id-ecSigType" */
 508,	/* "id-hex-multipart-message" */
 507,	/* "id-hex-partial-message" */
 260,	/* "id-it" */
@@ -3455,6 +3470,7 @@ static const unsigned int sn_objs[NUM_SN]={
 292,	/* "sbgp-routerIdentifier" */
 159,	/* "sdsiCertificate" */
 859,	/* "searchGuide" */
+1037,	/* "secg-scheme" */
 704,	/* "secp112r1" */
 705,	/* "secp112r2" */
 706,	/* "secp128r1" */
@@ -3627,8 +3643,10 @@ static const unsigned int sn_objs[NUM_SN]={
 52,	/* "signingTime" */
 454,	/* "simpleSecurityObject" */
 496,	/* "singleLevelQuality" */
-968,	/* "sm" */
+1038,	/* "sm-scheme" */
 972,	/* "sm2encrypt" */
+1035,	/* "sm2encrypt-recommendedParameters" */
+1036,	/* "sm2encrypt-specifiedParameters" */
 971,	/* "sm2keyagreement" */
 958,	/* "sm2p256v1" */
 970,	/* "sm2sign" */
@@ -3759,7 +3777,6 @@ static const unsigned int ln_objs[NUM_LN]={
 404,	/* "NULL" */
 1004,	/* "NULL" */
 1005,	/* "NULL" */
-1019,	/* "NULL" */
 72,	/* "Netscape Base Url" */
 76,	/* "Netscape CA Policy Url" */
 74,	/* "Netscape CA Revocation Url" */
@@ -3950,6 +3967,7 @@ static const unsigned int ln_objs[NUM_LN]={
 110,	/* "cast5-cfb" */
 109,	/* "cast5-ecb" */
 111,	/* "cast5-ofb" */
+1039,	/* "cbc-mac" */
 152,	/* "certBag" */
 677,	/* "certicom-arc" */
 517,	/* "certificate extensions" */
@@ -4156,6 +4174,7 @@ static const unsigned int ln_objs[NUM_LN]={
 331,	/* "id-cmc-transactionId" */
 787,	/* "id-ct-asciiTextWithCRLF" */
 408,	/* "id-ecPublicKey" */
+1034,	/* "id-ecSigType" */
 508,	/* "id-hex-multipart-message" */
 507,	/* "id-hex-partial-message" */
 260,	/* "id-it" */
@@ -4443,6 +4462,7 @@ static const unsigned int ln_objs[NUM_LN]={
 292,	/* "sbgp-routerIdentifier" */
 159,	/* "sdsiCertificate" */
 859,	/* "searchGuide" */
+1037,	/* "secg-scheme" */
 704,	/* "secp112r1" */
 705,	/* "secp112r2" */
 706,	/* "secp128r1" */
@@ -4616,12 +4636,14 @@ static const unsigned int ln_objs[NUM_LN]={
 52,	/* "signingTime" */
 454,	/* "simpleSecurityObject" */
 496,	/* "singleLevelQuality" */
-968,	/* "sm" */
+1038,	/* "sm-scheme" */
 1017,	/* "sm1-cbc" */
-1030,	/* "sm1-cfb" */
+1019,	/* "sm1-cfb" */
 1016,	/* "sm1-ecb" */
 1018,	/* "sm1-ofb" */
 972,	/* "sm2encrypt" */
+1035,	/* "sm2encrypt-recommendedParameters" */
+1036,	/* "sm2encrypt-specifiedParameters" */
 971,	/* "sm2keyagreement" */
 958,	/* "sm2p256v1" */
 970,	/* "sm2sign" */
@@ -4820,6 +4842,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 387,	/* OBJ_SNMPv2                       1 3 6 1 6 */
 388,	/* OBJ_Mail                         1 3 6 1 7 */
 376,	/* OBJ_algorithm                    1 3 14 3 2 */
+1037,	/* OBJ_secg_scheme                  1 3 132 1 */
 395,	/* OBJ_clearance                    2 5 1 5 55 */
 19,	/* OBJ_rsa                          2 5 8 1 1 */
 96,	/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
@@ -5017,7 +5040,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 745,	/* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
 804,	/* OBJ_whirlpool                    1 0 10118 3 0 55 */
 124,	/* OBJ_rle_compression              1 1 1 1 666 1 */
-968,	/* OBJ_sm                           1 2 156 10197 1 */
+1038,	/* OBJ_sm_scheme                    1 2 156 10197 1 */
 773,	/* OBJ_kisa                         1 2 410 200004 */
 807,	/* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
 808,	/* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
@@ -5032,6 +5055,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 818,	/* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
  1,	/* OBJ_rsadsi                       1 2 840 113549 */
 185,	/* OBJ_X9cm                         1 2 840 10040 4 */
+1034,	/* OBJ_X9_62_id_ecSigType           1 2 840 10045 4 */
 127,	/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
 505,	/* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
 506,	/* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
@@ -5543,6 +5567,8 @@ static const unsigned int obj_objs[NUM_OBJ]={
 455,	/* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
 456,	/* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
 457,	/* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
+1035,	/* OBJ_sm2encrypt_recommendedParameters 1 2 156 10197 1 301 3 1 */
+1036,	/* OBJ_sm2encrypt_specifiedParameters 1 2 156 10197 1 301 3 2 */
 189,	/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
 190,	/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
 191,	/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
index 2f22861f..f3700aed 100644
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -309,6 +309,8 @@
 #define NID_X9_62_prime256v1            415
 #define OBJ_X9_62_prime256v1            OBJ_X9_62_primeCurve,7L
 
+#define SN_X9_62_id_ecSigType           "id-ecSigType"
+#define NID_X9_62_id_ecSigType          1034
 #define OBJ_X9_62_id_ecSigType          OBJ_ansi_X9_62,4L
 
 #define SN_ecdsa_with_SHA1              "ecdsa-with-SHA1"
@@ -4110,6 +4112,8 @@
 
 #define OBJ_x9_63_scheme                1L,3L,133L,16L,840L,63L,0L
 
+#define SN_secg_scheme          "secg-scheme"
+#define NID_secg_scheme         1037
 #define OBJ_secg_scheme         OBJ_certicom_arc,1L
 
 #define SN_dhSinglePass_stdDH_sha1kdf_scheme            "dhSinglePass-stdDH-sha1kdf-scheme"
@@ -4193,8 +4197,6 @@
 #define NID_jurisdictionCountryName             957
 #define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
 
-#define OBJ_secg_scheme         OBJ_certicom_arc,1L
-
 #define SN_ecies_recommendedParameters          "ecies-recommendedParameters"
 #define NID_ecies_recommendedParameters         983
 #define OBJ_ecies_recommendedParameters         OBJ_secg_scheme,7L
@@ -4263,6 +4265,10 @@
 #define NID_cmac_aes192_ecies           999
 #define OBJ_cmac_aes192_ecies           OBJ_secg_scheme,24L,1L
 
+#define SN_cbc_mac              "CBC-MAC"
+#define LN_cbc_mac              "cbc-mac"
+#define NID_cbc_mac             1039
+
 #define SN_ISO_CN               "ISO-CN"
 #define LN_ISO_CN               "ISO CN Member Body"
 #define NID_ISO_CN              960
@@ -4272,196 +4278,202 @@
 #define NID_oscca               961
 #define OBJ_oscca               OBJ_ISO_CN,10197L
 
-#define SN_sm           "sm"
-#define NID_sm          968
-#define OBJ_sm          OBJ_oscca,1L
+#define SN_sm_scheme            "sm-scheme"
+#define NID_sm_scheme           1038
+#define OBJ_sm_scheme           OBJ_oscca,1L
 
 #define SN_sm6_ecb              "SM6-ECB"
 #define LN_sm6_ecb              "sm6-ecb"
 #define NID_sm6_ecb             1012
-#define OBJ_sm6_ecb             OBJ_sm,101L,1L
+#define OBJ_sm6_ecb             OBJ_sm_scheme,101L,1L
 
 #define SN_sm6_cbc              "SM6-CBC"
 #define LN_sm6_cbc              "sm6-cbc"
 #define NID_sm6_cbc             1013
-#define OBJ_sm6_cbc             OBJ_sm,101L,2L
+#define OBJ_sm6_cbc             OBJ_sm_scheme,101L,2L
 
 #define SN_sm6_ofb128           "SM6-OFB"
 #define LN_sm6_ofb128           "sm6-ofb"
 #define NID_sm6_ofb128          1014
-#define OBJ_sm6_ofb128          OBJ_sm,101L,3L
+#define OBJ_sm6_ofb128          OBJ_sm_scheme,101L,3L
 
 #define SN_sm6_cfb128           "SM6-CFB"
 #define LN_sm6_cfb128           "sm6-cfb"
 #define NID_sm6_cfb128          1015
-#define OBJ_sm6_cfb128          OBJ_sm,101L,4L
+#define OBJ_sm6_cfb128          OBJ_sm_scheme,101L,4L
 
 #define SN_sm1_ecb              "SM1-ECB"
 #define LN_sm1_ecb              "sm1-ecb"
 #define NID_sm1_ecb             1016
-#define OBJ_sm1_ecb             OBJ_sm,102L,1L
+#define OBJ_sm1_ecb             OBJ_sm_scheme,102L,1L
 
 #define SN_sm1_cbc              "SM1-CBC"
 #define LN_sm1_cbc              "sm1-cbc"
 #define NID_sm1_cbc             1017
-#define OBJ_sm1_cbc             OBJ_sm,102L,2L
+#define OBJ_sm1_cbc             OBJ_sm_scheme,102L,2L
 
 #define SN_sm1_ofb128           "SM1-OFB"
 #define LN_sm1_ofb128           "sm1-ofb"
 #define NID_sm1_ofb128          1018
-#define OBJ_sm1_ofb128          OBJ_sm,102L,3L
+#define OBJ_sm1_ofb128          OBJ_sm_scheme,102L,3L
 
+#define SN_sm1_cfb128           "SM1-CFB"
+#define LN_sm1_cfb128           "sm1-cfb"
 #define NID_sm1_cfb128          1019
-#define OBJ_sm1_cfb128          OBJ_sm,102L,4L
-
-#define SN_sm1_cfb              "SM1-CFB"
-#define LN_sm1_cfb              "sm1-cfb"
-#define NID_sm1_cfb             1030
+#define OBJ_sm1_cfb128          OBJ_sm_scheme,102L,4L
 
 #define SN_ssf33_ecb            "SSF33-ECB"
 #define LN_ssf33_ecb            "ssf33-ecb"
 #define NID_ssf33_ecb           1020
-#define OBJ_ssf33_ecb           OBJ_sm,103L,1L
+#define OBJ_ssf33_ecb           OBJ_sm_scheme,103L,1L
 
 #define SN_ssf33_cbc            "SSF33-CBC"
 #define LN_ssf33_cbc            "ssf33-cbc"
 #define NID_ssf33_cbc           1021
-#define OBJ_ssf33_cbc           OBJ_sm,103L,2L
+#define OBJ_ssf33_cbc           OBJ_sm_scheme,103L,2L
 
 #define SN_ssf33_ofb128         "SSF33-OFB"
 #define LN_ssf33_ofb128         "ssf33-ofb"
 #define NID_ssf33_ofb128                1022
-#define OBJ_ssf33_ofb128                OBJ_sm,103L,3L
+#define OBJ_ssf33_ofb128                OBJ_sm_scheme,103L,3L
 
 #define SN_ssf33_cfb128         "SSF33-CFB"
 #define LN_ssf33_cfb128         "ssf33-cfb"
 #define NID_ssf33_cfb128                1023
-#define OBJ_ssf33_cfb128                OBJ_sm,103L,4L
+#define OBJ_ssf33_cfb128                OBJ_sm_scheme,103L,4L
 
 #define SN_sms4_ecb             "SMS4-ECB"
 #define LN_sms4_ecb             "sms4-ecb"
 #define NID_sms4_ecb            977
-#define OBJ_sms4_ecb            OBJ_sm,104L,1L
+#define OBJ_sms4_ecb            OBJ_sm_scheme,104L,1L
 
 #define SN_sms4_cbc             "SMS4-CBC"
 #define LN_sms4_cbc             "sms4-cbc"
 #define NID_sms4_cbc            978
-#define OBJ_sms4_cbc            OBJ_sm,104L,2L
+#define OBJ_sms4_cbc            OBJ_sm_scheme,104L,2L
 
 #define SN_sms4_ofb128          "SMS4-OFB"
 #define LN_sms4_ofb128          "sms4-ofb"
 #define NID_sms4_ofb128         981
-#define OBJ_sms4_ofb128         OBJ_sm,104L,3L
+#define OBJ_sms4_ofb128         OBJ_sm_scheme,104L,3L
 
 #define SN_sms4_cfb128          "SMS4-CFB"
 #define LN_sms4_cfb128          "sms4-cfb"
 #define NID_sms4_cfb128         982
-#define OBJ_sms4_cfb128         OBJ_sm,104L,4L
+#define OBJ_sms4_cfb128         OBJ_sm_scheme,104L,4L
 
 #define SN_sms4_cfb1            "SMS4-CFB1"
 #define LN_sms4_cfb1            "sms4-cfb1"
 #define NID_sms4_cfb1           1031
-#define OBJ_sms4_cfb1           OBJ_sm,104L,5L
+#define OBJ_sms4_cfb1           OBJ_sm_scheme,104L,5L
 
 #define SN_sms4_cfb8            "SMS4-CFB8"
 #define LN_sms4_cfb8            "sms4-cfb8"
 #define NID_sms4_cfb8           1032
-#define OBJ_sms4_cfb8           OBJ_sm,104L,6L
+#define OBJ_sms4_cfb8           OBJ_sm_scheme,104L,6L
 
 #define SN_sms4_ctr             "SMS4-CTR"
 #define LN_sms4_ctr             "sms4-ctr"
 #define NID_sms4_ctr            1026
-#define OBJ_sms4_ctr            OBJ_sm,104L,7L
+#define OBJ_sms4_ctr            OBJ_sm_scheme,104L,7L
 
 #define SN_sms4_gcm             "SMS4-GCM"
 #define LN_sms4_gcm             "sms4-gcm"
 #define NID_sms4_gcm            1027
-#define OBJ_sms4_gcm            OBJ_sm,104L,8L
+#define OBJ_sms4_gcm            OBJ_sm_scheme,104L,8L
 
 #define SN_sms4_ccm             "SMS4-CCM"
 #define LN_sms4_ccm             "sms4-ccm"
 #define NID_sms4_ccm            1028
-#define OBJ_sms4_ccm            OBJ_sm,104L,9L
+#define OBJ_sms4_ccm            OBJ_sm_scheme,104L,9L
 
 #define SN_sms4_xts             "SMS4-XTS"
 #define LN_sms4_xts             "sms4-xts"
 #define NID_sms4_xts            1029
-#define OBJ_sms4_xts            OBJ_sm,104L,10L
+#define OBJ_sms4_xts            OBJ_sm_scheme,104L,10L
 
 #define SN_sms4_wrap            "SMS4-WRAP"
 #define LN_sms4_wrap            "sms4-wrap"
 #define NID_sms4_wrap           1033
-#define OBJ_sms4_wrap           OBJ_sm,104L,11L
+#define OBJ_sms4_wrap           OBJ_sm_scheme,104L,11L
 
 #define NID_sm7         1004
-#define OBJ_sm7         OBJ_sm,105L
+#define OBJ_sm7         OBJ_sm_scheme,105L
 
 #define NID_sm8         1005
-#define OBJ_sm8         OBJ_sm,106L
+#define OBJ_sm8         OBJ_sm_scheme,106L
 
 #define SN_sm5          "SM5"
 #define LN_sm5          "sm5"
 #define NID_sm5         1006
-#define OBJ_sm5         OBJ_sm,201L
+#define OBJ_sm5         OBJ_sm_scheme,201L
 
 #define SN_sm2p256v1            "sm2p256v1"
 #define NID_sm2p256v1           958
-#define OBJ_sm2p256v1           OBJ_sm,301L
+#define OBJ_sm2p256v1           OBJ_sm_scheme,301L
 
 #define SN_sm2sign              "sm2sign"
 #define NID_sm2sign             970
-#define OBJ_sm2sign             OBJ_sm,301L,1L
+#define OBJ_sm2sign             OBJ_sm_scheme,301L,1L
 
 #define SN_sm2keyagreement              "sm2keyagreement"
 #define NID_sm2keyagreement             971
-#define OBJ_sm2keyagreement             OBJ_sm,301L,2L
+#define OBJ_sm2keyagreement             OBJ_sm_scheme,301L,2L
 
 #define SN_sm2encrypt           "sm2encrypt"
 #define NID_sm2encrypt          972
-#define OBJ_sm2encrypt          OBJ_sm,301L,3L
+#define OBJ_sm2encrypt          OBJ_sm_scheme,301L,3L
+
+#define SN_sm2encrypt_recommendedParameters             "sm2encrypt-recommendedParameters"
+#define NID_sm2encrypt_recommendedParameters            1035
+#define OBJ_sm2encrypt_recommendedParameters            OBJ_sm2encrypt,1L
+
+#define SN_sm2encrypt_specifiedParameters               "sm2encrypt-specifiedParameters"
+#define NID_sm2encrypt_specifiedParameters              1036
+#define OBJ_sm2encrypt_specifiedParameters              OBJ_sm2encrypt,2L
 
 #define SN_id_sm9PublicKey              "id-sm9PublicKey"
 #define NID_id_sm9PublicKey             1025
-#define OBJ_id_sm9PublicKey             OBJ_sm,302L
+#define OBJ_id_sm9PublicKey             OBJ_sm_scheme,302L
 
 #define SN_sm9sign              "sm9sign"
 #define NID_sm9sign             1008
-#define OBJ_sm9sign             OBJ_sm,302L,1L
+#define OBJ_sm9sign             OBJ_sm_scheme,302L,1L
 
 #define SN_sm9keyagreement              "sm9keyagreement"
 #define NID_sm9keyagreement             1009
-#define OBJ_sm9keyagreement             OBJ_sm,302L,2L
+#define OBJ_sm9keyagreement             OBJ_sm_scheme,302L,2L
 
 #define SN_sm9encrypt           "sm9encrypt"
 #define NID_sm9encrypt          1010
-#define OBJ_sm9encrypt          OBJ_sm,302L,3L
+#define OBJ_sm9encrypt          OBJ_sm_scheme,302L,3L
 
 #define SN_sm3          "SM3"
 #define LN_sm3          "sm3"
 #define NID_sm3         962
-#define OBJ_sm3         OBJ_sm,401L
+#define OBJ_sm3         OBJ_sm_scheme,401L
 
 #define SN_hmac_sm3             "HMAC-SM3"
 #define LN_hmac_sm3             "hmac-sm3"
 #define NID_hmac_sm3            963
-#define OBJ_hmac_sm3            OBJ_sm,401L,2L
+#define OBJ_hmac_sm3            OBJ_sm_scheme,401L,2L
 
 #define SN_sm2sign_with_sm3             "SM2Sign-with-SM3"
 #define LN_sm2sign_with_sm3             "sm2sign-with-sm3"
 #define NID_sm2sign_with_sm3            973
-#define OBJ_sm2sign_with_sm3            OBJ_sm,501L
+#define OBJ_sm2sign_with_sm3            OBJ_sm_scheme,501L
 
 #define SN_sm2sign_with_sha1            "SM2Sign-with-SHA1"
 #define LN_sm2sign_with_sha1            "sm2sign-with-sha1"
 #define NID_sm2sign_with_sha1           974
-#define OBJ_sm2sign_with_sha1           OBJ_sm,502L
+#define OBJ_sm2sign_with_sha1           OBJ_sm_scheme,502L
 
 #define SN_sm2sign_with_sha256          "SM2Sign-with-SHA256"
 #define LN_sm2sign_with_sha256          "sm2sign-with-sha256"
 #define NID_sm2sign_with_sha256         975
-#define OBJ_sm2sign_with_sha256         OBJ_sm,503L
+#define OBJ_sm2sign_with_sha256         OBJ_sm_scheme,503L
 
 #define SN_zuc          "ZUC"
 #define LN_zuc          "zuc"
 #define NID_zuc         1000
-#define OBJ_zuc         OBJ_sm,800L
+#define OBJ_zuc         OBJ_sm_scheme,800L
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index f8e5ecb6..30860e1c 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1031,3 +1031,9 @@ sm1_cfb		1030
 sms4_cfb1		1031
 sms4_cfb8		1032
 sms4_wrap		1033
+X9_62_id_ecSigType		1034
+sm2encrypt_recommendedParameters		1035
+sm2encrypt_specifiedParameters		1036
+secg_scheme		1037
+sm_scheme		1038
+cbc_mac		1039
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index eb31a10e..c42cf64d 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -76,7 +76,9 @@ X9-62_primeCurve 4	 	: prime239v1
 X9-62_primeCurve 5	 	: prime239v2
 X9-62_primeCurve 6	 	: prime239v3
 X9-62_primeCurve 7	 	: prime256v1
-!Alias id-ecSigType ansi-X9-62 4
+# GMSSL export ecdsa type
+#!Alias id-ecSigType ansi-X9-62 4
+ansi-X9-62 4			: id-ecSigType
 !global
 X9-62_id-ecSigType 1		: ecdsa-with-SHA1
 X9-62_id-ecSigType 2		: ecdsa-with-Recommended
@@ -1319,8 +1321,8 @@ ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
 
 # ECDH schemes from RFC5753
 !Alias x9-63-scheme 1 3 133 16 840 63 0
-!Alias secg-scheme certicom-arc 1
-
+#!Alias secg-scheme certicom-arc 1
+certicom-arc 1   : secg-scheme
 x9-63-scheme 2   : dhSinglePass-stdDH-sha1kdf-scheme
 secg-scheme 11 0 : dhSinglePass-stdDH-sha224kdf-scheme
 secg-scheme 11 1 : dhSinglePass-stdDH-sha256kdf-scheme
@@ -1351,7 +1353,6 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
 
 
 # GmSSL SECG ECIES OID
-!Alias secg_scheme certicom-arc 1
 secg-scheme 7		: ecies-recommendedParameters
 secg-scheme 8		: ecies-specifiedParameters
 secg-scheme 17 0	: x9-63-kdf
@@ -1369,72 +1370,77 @@ secg-scheme 22		: hmac-full-ecies
 secg-scheme 23		: hmac-half-ecies
 secg-scheme 24 0	: cmac-aes128-ecies
 secg-scheme 24 1	: cmac-aes192-ecies
- 
+
+# No NID for CBC-MAC 
+			: CBC-MAC		: cbc-mac
+
 # GmSSL SM OID 
 member-body 156		: ISO-CN	: ISO CN Member Body
 ISO-CN 10197		: oscca
-oscca 1		: sm
+oscca 1			: sm-scheme
 
-sm 101 1		: SM6-ECB		: sm6-ecb
-sm 101 2		: SM6-CBC		: sm6-cbc
+sm-scheme 101 1		: SM6-ECB		: sm6-ecb
+sm-scheme 101 2		: SM6-CBC		: sm6-cbc
 !Cname sm6-ofb128
-sm 101 3		: SM6-OFB		: sm6-ofb
+sm-scheme 101 3		: SM6-OFB		: sm6-ofb
 !Cname sm6-cfb128
-sm 101 4		: SM6-CFB		: sm6-cfb
+sm-scheme 101 4		: SM6-CFB		: sm6-cfb
 
-sm 102 1		: SM1-ECB		: sm1-ecb
-sm 102 2		: SM1-CBC		: sm1-cbc
+sm-scheme 102 1		: SM1-ECB		: sm1-ecb
+sm-scheme 102 2		: SM1-CBC		: sm1-cbc
 !Cname sm1-ofb128
-sm 102 3		: SM1-OFB		: sm1-ofb
+sm-scheme 102 3		: SM1-OFB		: sm1-ofb
 !Cname sm1-cfb128
-sm 102 4
-	: SM1-CFB		: sm1-cfb
+sm-scheme 102 4		: SM1-CFB		: sm1-cfb
 
-sm 103 1	: SSF33-ECB		: ssf33-ecb
-sm 103 2	: SSF33-CBC		: ssf33-cbc
+sm-scheme 103 1		: SSF33-ECB		: ssf33-ecb
+sm-scheme 103 2		: SSF33-CBC		: ssf33-cbc
 !Cname ssf33-ofb128
-sm 103 3	: SSF33-OFB		: ssf33-ofb
+sm-scheme 103 3		: SSF33-OFB		: ssf33-ofb
 !Cname ssf33-cfb128
-sm 103 4	: SSF33-CFB		: ssf33-cfb
+sm-scheme 103 4		: SSF33-CFB		: ssf33-cfb
 
-sm 104 1	: SMS4-ECB		: sms4-ecb
-sm 104 2	: SMS4-CBC		: sms4-cbc
+sm-scheme 104 1		: SMS4-ECB		: sms4-ecb
+sm-scheme 104 2		: SMS4-CBC		: sms4-cbc
 !Cname sms4-ofb128
-sm 104 3	: SMS4-OFB		: sms4-ofb
+sm-scheme 104 3		: SMS4-OFB		: sms4-ofb
 !Cname sms4-cfb128
-sm 104 4	: SMS4-CFB		: sms4-cfb
-sm 104 5	: SMS4-CFB1		: sms4-cfb1
-sm 104 6	: SMS4-CFB8		: sms4-cfb8
-sm 104 7	: SMS4-CTR		: sms4-ctr
-sm 104 8	: SMS4-GCM		: sms4-gcm
-sm 104 9	: SMS4-CCM		: sms4-ccm
-sm 104 10	: SMS4-XTS		: sms4-xts
-sm 104 11	: SMS4-WRAP		: sms4-wrap
+sm-scheme 104 4		: SMS4-CFB		: sms4-cfb
+sm-scheme 104 5		: SMS4-CFB1		: sms4-cfb1
+sm-scheme 104 6		: SMS4-CFB8		: sms4-cfb8
+sm-scheme 104 7		: SMS4-CTR		: sms4-ctr
+sm-scheme 104 8		: SMS4-GCM		: sms4-gcm
+sm-scheme 104 9		: SMS4-CCM		: sms4-ccm
+sm-scheme 104 10	: SMS4-XTS		: sms4-xts
+sm-scheme 104 11	: SMS4-WRAP		: sms4-wrap
 
-!Alias sm7 sm 105
 
-!Alias sm8 sm 106
 
-sm 201		: SM5			: sm5
+!Alias sm7 sm-scheme 105
 
-# sm 301	: id-sm2PublicKey
-sm 301		: sm2p256v1
-sm 301 1	: sm2sign
-sm 301 2	: sm2keyagreement
-sm 301 3	: sm2encrypt
+!Alias sm8 sm-scheme 106
 
-sm 302		: id-sm9PublicKey
-sm 302 1	: sm9sign
-sm 302 2	: sm9keyagreement
-sm 302 3	: sm9encrypt
+sm-scheme 201		: SM5			: sm5
 
-sm 401		: SM3			: sm3
-sm 401 2	: HMAC-SM3		: hmac-sm3
-sm 501		: SM2Sign-with-SM3	: sm2sign-with-sm3
-sm 502		: SM2Sign-with-SHA1 	: sm2sign-with-sha1 
-sm 503		: SM2Sign-with-SHA256	: sm2sign-with-sha256
+sm-scheme 301		: sm2p256v1
+sm-scheme 301 1		: sm2sign
+sm-scheme 301 2		: sm2keyagreement
+sm-scheme 301 3		: sm2encrypt
+sm2encrypt 1		: sm2encrypt-recommendedParameters
+sm2encrypt 2		: sm2encrypt-specifiedParameters
+
+sm-scheme 302		: id-sm9PublicKey
+sm-scheme 302 1		: sm9sign
+sm-scheme 302 2		: sm9keyagreement
+sm-scheme 302 3		: sm9encrypt
+
+sm-scheme 401		: SM3			: sm3
+sm-scheme 401 2		: HMAC-SM3		: hmac-sm3
+sm-scheme 501		: SM2Sign-with-SM3	: sm2sign-with-sm3
+sm-scheme 502		: SM2Sign-with-SHA1 	: sm2sign-with-sha1 
+sm-scheme 503		: SM2Sign-with-SHA256	: sm2sign-with-sha256
 
 # GmSSL ZUC OID
-sm 800		: ZUC			: zuc
+sm-scheme 800		: ZUC			: zuc
 
 
diff --git a/crypto/otp/Makefile b/crypto/otp/Makefile
new file mode 100644
index 00000000..f32ba41b
--- /dev/null
+++ b/crypto/otp/Makefile
@@ -0,0 +1,81 @@
+#
+# OpenSSL/crypto/sm3/Makefile
+#
+
+DIR=    otp
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=-I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+SM3_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=otptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=otp.c
+LIBOBJ=otp.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= otp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
diff --git a/crypto/otp/otp.c b/crypto/otp/otp.c
new file mode 100644
index 00000000..9d9f05f4
--- /dev/null
+++ b/crypto/otp/otp.c
@@ -0,0 +1,123 @@
+#include <time.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <strings.h>
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+#include <openssl/cbcmac.h>
+#include "../modes/modes_lcl.h"
+#include <openssl/otp.h>
+
+static int pow_table[] = {
+	1,
+	10,
+	100,
+	1000,
+	10000,
+	100000,
+	1000000,
+	10000000,
+	100000000,
+};
+
+static int check_params(const OTP_PARAMS *params)
+{
+	if ((params->te < 1 || params->te > 60) ||
+		(params->type != NID_sm3 && params->type != NID_sms4_ecb) || /* about to change */
+		(params->otp_digits >= sizeof(pow_table) || params->otp_digits < 4)) {
+		return 0;
+	}
+	return 1;
+}
+
+int OTP_generate(const OTP_PARAMS *params, const void *event, size_t eventlen,
+	unsigned int *otp, const unsigned char *key, size_t keylen)
+{
+	int ret = 0;
+	time_t t = 0;
+	unsigned char *id = NULL;
+	size_t idlen;
+	const EVP_MD *md;
+	const EVP_CIPHER *cipher;
+	EVP_MD_CTX *mdctx = NULL;
+	CBCMAC_CTX *cmctx = NULL;
+	unsigned char s[EVP_MAX_MD_SIZE];
+	size_t slen;
+	uint32_t od;
+	int i;
+
+	OPENSSL_assert(sizeof(time_t) == 8);
+
+	if (!check_params(params)) {
+		return 0;
+	}
+
+	idlen = sizeof(uint64_t) + eventlen + params->option_size;
+	if (idlen < 16) {
+		idlen = 16;
+	}
+	if (!(id = OPENSSL_malloc(idlen))) {
+		goto end;
+	}
+	bzero(id, idlen);
+
+	t = time(NULL);
+	t /= params->te;
+
+	memcpy(id, &t, sizeof(t));
+	memcpy(id + sizeof(t), event, eventlen);
+	memcpy(id + sizeof(t) + eventlen, params->option, params->option_size);
+
+
+	/* FIXME: try to get md and cipher, and check if cipher is ECB */
+	if (params->type == NID_sm3) {
+		md = EVP_get_digestbynid(params->type);
+		if (!(mdctx = EVP_MD_CTX_create())) {
+			goto end;
+		}
+		if (!EVP_DigestInit_ex(mdctx, md, NULL)) {
+			goto end;
+		}
+		if (!EVP_DigestUpdate(mdctx, key, keylen)) {
+			goto end;
+		}
+		if (!EVP_DigestUpdate(mdctx, id, idlen)) {
+			goto end;
+		}
+		if (!EVP_DigestFinal_ex(mdctx, s, (unsigned int *)&slen)) {
+			goto end;
+		}
+	} else if (params->type == NID_sms4_ecb) {
+		cipher = EVP_get_cipherbynid(params->type);
+		if (!(cmctx = CBCMAC_CTX_new())) {
+			goto end;
+		}
+		if (!CBCMAC_Init(cmctx, key, keylen, cipher, NULL)) {
+			goto end;
+		}
+		if (!CBCMAC_Update(cmctx, id, idlen)) {
+			goto end;
+		}
+		if (!CBCMAC_Final(cmctx, s, &slen)) {
+			goto end;
+		}
+	} else {
+		goto end;
+	}
+	OPENSSL_assert(slen % 4 == 0);
+
+	od = 0;
+	for (i = 0; i < slen/4; i++) {
+		od += GETU32(&s[i * 4]);
+	}
+
+	*otp = od % pow_table[params->otp_digits];
+	ret = 1;
+end:
+	OPENSSL_free(id);
+	EVP_MD_CTX_destroy(mdctx);
+	CBCMAC_CTX_free(cmctx);
+	return ret;
+}
+
diff --git a/crypto/otp/otp.h b/crypto/otp/otp.h
new file mode 100644
index 00000000..0df443b1
--- /dev/null
+++ b/crypto/otp/otp.h
@@ -0,0 +1,85 @@
+/* crypto/otp/otp.h */
+/* ====================================================================
+ * Copyright (c) 2015 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_OTP_H
+#define HEADER_OTP_H
+
+#include <stdlib.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct OTP_PARAMS_st {
+	int type;
+	int te;
+	void *option;
+	size_t option_size;
+	int otp_digits;
+} OTP_PARAMS;
+
+/* OTP reference to the GM/T OTP specification
+ * type should be a valid md nid or a ECB cipher nid
+ * te is the time period in the range [1, 60]
+ * event is the C in ID = {T|C|O}
+ * opt is the O in ID = {T|C|O}
+ * otp_digits is the number of digits of otp, choose in the range [4, 8]
+ * otp the output otp value, convert to digits with snprintf()
+ */
+int OTP_generate(const OTP_PARAMS *params, const void *event, size_t eventlen,
+	unsigned int *otp, const unsigned char *key, size_t keylen);
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#endif
+
diff --git a/crypto/sm2/sm2.h b/crypto/sm2/sm2.h
index dadea245..d24ceb8b 100644
--- a/crypto/sm2/sm2.h
+++ b/crypto/sm2/sm2.h
@@ -60,6 +60,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/ecdsa.h>
+#include <openssl/sm3.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -68,7 +69,9 @@ extern "C" {
 
 #define SM2_MAX_ID_BITS				65535
 #define SM2_MAX_ID_LENGTH			(SM2_MAX_ID_BITS/8)
-#define SM2_DEFAULT_ID				"1234567812345678" 
+#define SM2_DEFAULT_ID_GMT09			"1234567812345678"			
+#define SM2_DEFAULT_ID_GMSSL			"anonym@gmssl.org" 
+#define SM2_DEFAULT_ID				SM2_DEFAULT_ID_GMSSL
 #define SM2_DEFAULT_POINT_CONVERSION_FORM	POINT_CONVERSION_UNCOMPRESSED
 
 
@@ -78,6 +81,14 @@ int SM2_compute_id_digest(const EVP_MD *md, unsigned char *dgst,
 	unsigned int *dgstlen, EC_KEY *ec_key);
 
 
+
+typedef struct sm2_enc_params_st {
+	EVP_MD *kdf_md;
+	EVP_MD *mac_md;
+	int mactag_size;
+	point_conversion_form_t point_form;
+} SM2_ENC_PARAMS;
+
 typedef struct sm2_ciphertext_value_st {
 	EC_POINT *ephem_point;
 	unsigned char *ciphertext;
@@ -103,26 +114,25 @@ int SM2_CIPHERTEXT_VALUE_print(BIO *out, const EC_GROUP *ec_group,
 	const SM2_CIPHERTEXT_VALUE *cv, int indent, unsigned long flags);
 
 /* FIXME: we should provide optional return value */
-SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen, EC_KEY *ec_key);
-int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
 	const SM2_CIPHERTEXT_VALUE *cv, unsigned char *out, size_t *outlen,
 	EC_KEY *ec_key);
-
-int SM2_encrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
-	point_conversion_form_t point_form,
+int SM2_encrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
-int SM2_decrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
-	point_conversion_form_t point_form,
+int SM2_decrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
-
-int SM2_encrypt(const unsigned char *in, size_t inlen,
+int SM2_encrypt_with_recommended(const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
-int SM2_decrypt(const unsigned char *in, size_t inlen,
+int SM2_decrypt_with_recommended(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
+int SM2_encrypt_elgamal(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
+int SM2_decrypt_elgamal(const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
-
 
 int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md,
 	const void *msg, size_t msglen, unsigned char *dgst,
@@ -130,7 +140,6 @@ int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md,
 int SM2_digest(const void *msg, size_t msglen, unsigned char *dgst,
 	unsigned int *dgstlen, EC_KEY *ec_key);
 
-
 #define SM2_signature_size(ec_key)	ECDSA_size(ec_key)
 int SM2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx, BIGNUM **a, BIGNUM **b);
 ECDSA_SIG *SM2_do_sign_ex(const unsigned char *dgst, int dgstlen,
diff --git a/crypto/sm2/sm2_asn1.c b/crypto/sm2/sm2_asn1.c
index 62c43aef..f90a0c83 100644
--- a/crypto/sm2/sm2_asn1.c
+++ b/crypto/sm2/sm2_asn1.c
@@ -91,6 +91,7 @@ Default ID = "1234567812345678"
 
 */
 
+#if 0
 typedef struct SM2CiphertextValue_st {
 	ASN1_INTEGER *xCoordinate;
 	ASN1_INTEGER *yCoordinate;
@@ -107,6 +108,22 @@ ASN1_SEQUENCE(SM2CiphertextValue) = {
 IMPLEMENT_ASN1_FUNCTIONS(SM2CiphertextValue)
 IMPLEMENT_ASN1_DUP_FUNCTION(SM2CiphertextValue)
 
+typedef struct SM2EnvelopedKey_st {
+	ASN1_ALGOR *symAlgID;
+	SM2CiphertextValue *symEncryptedKey;
+	ASN1_OCTET_STRING *sm2PublicKey;
+	ASN1_BIT_STRING *sm2EncryptedPrivateKey;
+} SM2EnvelopedKey;
+
+/* GmSSL specific */
+ASN1_SEQUENCE(SM2_CIPHERTEXT_VALUE_ASN1) = {
+	ASN1_SIMPLE(SM2_CIPHERTEXT_VALUE_ASN1, ephem_point, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(SM2_CIPHERTEXT_VALUE_ASN1, ciphertext, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(SM2_CIPHERTEXT_VALUE_ASN1, mactag, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(SM2_CIPHERTEXT_VALUE)
+IMPLEMENT_ASN1_FUNCTIONS(SM2_CIPHERTEXT_VALUE_ASN1)
+IMPLEMENT_ASN1_DUP_FUNCTION(SM2_CIPHERTEXT_VALUE_ASN1)
+
 
 int i2d_SM2_CIPHERTEXT_VALUE(const SM2_CIPHERTEXT_VALUE *c, unsigned char **out)
 {
@@ -145,4 +162,4 @@ SM2_CIPHERTEXT_VALUE *d2i_SM2_CIPHERTEXT_VALUE(SM2_CIPHERTEXT_VALUE **c,
 
 	return NULL;
 }
-
+#endif
diff --git a/crypto/sm2/sm2_enc.c b/crypto/sm2/sm2_enc.c
index 29cbedb7..bf89e3ac 100644
--- a/crypto/sm2/sm2_enc.c
+++ b/crypto/sm2/sm2_enc.c
@@ -239,8 +239,7 @@ end:
 	return 0;
 }
 
-int SM2_encrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
-	point_conversion_form_t point_form,
+int SM2_encrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
 {
@@ -249,7 +248,8 @@ int SM2_encrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	SM2_CIPHERTEXT_VALUE *cv = NULL;
 	int len;
 
-	if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, point_form, inlen, mac_md))) {
+	if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group,
+		params->point_form, inlen, params->mac_md))) {
 		goto end;
 	}
 
@@ -261,10 +261,11 @@ int SM2_encrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 		return 0;
 	}
 
-	if (!(cv = SM2_do_encrypt(kdf_md, mac_md, in, inlen, ec_key))) {
+	if (!(cv = SM2_do_encrypt(params, in, inlen, ec_key))) {
 		goto end;
 	}
-	if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group, point_form, out, outlen)) {
+	if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group,
+		params->point_form, out, outlen)) {
 		goto end;
 	}
 	
@@ -274,14 +275,14 @@ end:
 	return ret;
 }
 
-SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen, EC_KEY *ec_key)
 {
 	int ok = 0;
 	SM2_CIPHERTEXT_VALUE *cv = NULL;
 	const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
 	const EC_POINT *pub_key = EC_KEY_get0_public_key(ec_key);
-	KDF_FUNC kdf = KDF_get_x9_63(kdf_md);
+	KDF_FUNC kdf = KDF_get_x9_63(params->kdf_md);
 	EC_POINT *point = NULL;
 	BIGNUM *n = NULL;
 	BIGNUM *h = NULL;
@@ -290,6 +291,8 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	EVP_MD_CTX *md_ctx = NULL;
 	unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1];
 	int nbytes;
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen;
 	size_t len;
 	int i;
 
@@ -331,16 +334,6 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	}
 	nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8;
 
-
-	//OPENSSL_assert(nbytes == BN_num_bytes(n));
-
-#if 0
-	/* check sm2 curve and md is 256 bits */
-	OPENSSL_assert(nbytes == 32);
-	OPENSSL_assert(EVP_MD_size(kdf_md) == 32);
-	OPENSSL_assert(EVP_MD_size(mac_md) == 32);
-#endif
-
 	do
 	{
 		/* A1: rand k in [1, n-1] */
@@ -395,7 +388,7 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	}
 	
 	/* A7: C3 = Hash(x2 || M || y2) */
-	if (!EVP_DigestInit_ex(md_ctx, mac_md, NULL)) {
+	if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) {
 		goto end;
 	}
 	if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) {
@@ -407,10 +400,16 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) {
 		goto end;
 	}
-	if (!EVP_DigestFinal_ex(md_ctx, cv->mactag, &cv->mactag_size)) {
+	if (!EVP_DigestFinal_ex(md_ctx, dgst, &dgstlen)) {
 		goto end;
 	}
 
+	/* GmSSL specific: reduce mactag size */
+	if (params->mactag_size > dgstlen) {
+		goto end;
+	}
+	cv->mactag_size = params->mactag_size;
+	memcpy(cv->mactag, dgst, cv->mactag_size);
 
 	ok = 1;
 
@@ -430,8 +429,7 @@ end:
 	return cv;
 }
 
-int SM2_decrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
-	point_conversion_form_t point_form,
+int SM2_decrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
 {
@@ -440,7 +438,7 @@ int SM2_decrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	SM2_CIPHERTEXT_VALUE *cv = NULL;
 	int len;
 
-	if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, point_form, 0, mac_md))) {
+	if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, params->point_form, 0, params->mac_md))) {
 		fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
 		goto end;
 	}
@@ -457,11 +455,11 @@ int SM2_decrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 		return 0;
 	}
 
-	if (!(cv = SM2_CIPHERTEXT_VALUE_decode(ec_group, point_form, mac_md, in, inlen))) {
+	if (!(cv = SM2_CIPHERTEXT_VALUE_decode(ec_group, params->point_form, params->mac_md, in, inlen))) {
 		fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
 		goto end;
 	}
-	if (!SM2_do_decrypt(kdf_md, mac_md, cv, out, outlen, ec_key)) {
+	if (!SM2_do_decrypt(params, cv, out, outlen, ec_key)) {
 		fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
 		goto end;
 	}
@@ -472,14 +470,14 @@ end:
 	return ret;
 }
 
-int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
 	const SM2_CIPHERTEXT_VALUE *cv, unsigned char *out, size_t *outlen,
 	EC_KEY *ec_key)
 {
 	int ret = 0;
 	const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
 	const BIGNUM *pri_key = EC_KEY_get0_private_key(ec_key);
-	KDF_FUNC kdf = KDF_get_x9_63(kdf_md);
+	KDF_FUNC kdf = KDF_get_x9_63(params->kdf_md);
 	EC_POINT *point = NULL;
 	BIGNUM *n = NULL;
 	BIGNUM *h = NULL;
@@ -488,13 +486,12 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1];
 	unsigned char mac[EVP_MAX_MD_SIZE];
 	unsigned int maclen;
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen;
 	int nbytes;
 	size_t size;
 	int i;
 
-	OPENSSL_assert(kdf_md && mac_md && cv && ec_key);
-	OPENSSL_assert(cv->ephem_point && cv->ciphertext);
-
 	if (!ec_group || !pri_key) {
 		goto end;
 	}
@@ -528,14 +525,6 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 		goto end;
 	}
 	nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8;
-	//OPENSSL_assert(nbytes == BN_num_bytes(n));
-
-#if 0
-	/* check sm2 curve and md is 256 bits */
-	OPENSSL_assert(nbytes == 32);
-	OPENSSL_assert(EVP_MD_size(kdf_md) == 32);
-	OPENSSL_assert(EVP_MD_size(mac_md) == 32);
-#endif
 
 	/* B2: check [h]C1 != O */
 	if (!EC_POINT_mul(ec_group, point, NULL, cv->ephem_point, h, bn_ctx)) {
@@ -568,7 +557,7 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	*outlen = cv->ciphertext_size;
 
 	/* B6: check Hash(x2 || M || y2) == C3 */
-	if (!EVP_DigestInit_ex(md_ctx, mac_md, NULL)) {
+	if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) {
 		goto end;
 	}
 	if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) {
@@ -583,8 +572,13 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	if (!EVP_DigestFinal_ex(md_ctx, mac, &maclen)) {
 		goto end;
 	}
-	if (cv->mactag_size != maclen ||
-		memcmp(cv->mactag, mac, maclen)) {
+
+	/* GmSSL specific */
+	if (params->mactag_size > maclen) {
+		goto end;
+	}
+	if (cv->mactag_size != params->mactag_size ||
+		memcmp(mac, cv->mactag, cv->mactag_size)) {
 		goto end;
 	}
 
@@ -599,26 +593,55 @@ end:
 	return ret;
 }
 
-
-int SM2_encrypt(const unsigned char *in, size_t inlen,
-	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
+int SM2_ENC_PARAMS_init_with_recommended(SM2_ENC_PARAMS *params)
 {
-	const EVP_MD *kdf_md = EVP_sm3();
-	const EVP_MD *mac_md = EVP_sm3();
-	point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
-	
-	return SM2_encrypt_ex(kdf_md, mac_md, point_form,
-		in, inlen, out, outlen, ec_key);
+	if (!params) {
+		return 0;
+	}
+	params->kdf_md = EVP_sm3();
+	params->mac_md = EVP_sm3();
+	params->mactag_size = -1;
+	params->point_form = POINT_CONVERSION_UNCOMPRESSED;
+	return 1; 
 }
 
-int SM2_decrypt(const unsigned char *in, size_t inlen,
+int SM2_encrypt_with_recommended(const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
 {
-	const EVP_MD *kdf_md = EVP_sm3();
-	const EVP_MD *mac_md = EVP_sm3();
-	point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
-
-	return SM2_decrypt_ex(kdf_md, mac_md, point_form,
-		in, inlen, out, outlen, ec_key);	
+	SM2_ENC_PARAMS params;
+	SM2_ENC_PARAMS_init_with_recommended(&params);
+	return SM2_encrypt(&params, in, inlen, out, outlen, ec_key);
 }
 
+int SM2_decrypt_with_recommended(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
+{
+	SM2_ENC_PARAMS params;
+	SM2_ENC_PARAMS_init_with_recommended(&params);
+	return SM2_decrypt(&params, in, inlen, out, outlen, ec_key);	
+}
+
+int SM2_encrypt_elgamal(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
+{
+	SM2_ENC_PARAMS params;
+	params.kdf_md = EVP_sm3();
+	params.mac_md = EVP_sm3();
+	params.mactag_size = 0;
+	params.point_form = POINT_CONVERSION_COMPRESSED;
+	return SM2_encrypt(&params, in, inlen, out, outlen, ec_key);
+}
+
+int SM2_decrypt_elgamal(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
+{
+	SM2_ENC_PARAMS params;
+	params.kdf_md = EVP_sm3();
+	params.mac_md = EVP_sm3();
+	params.mactag_size = 0;
+	params.point_form = POINT_CONVERSION_COMPRESSED;
+	return SM2_decrypt(&params, in, inlen, out, outlen, ec_key);
+}
+
+
+
diff --git a/crypto/sm2/sm2_kap.c b/crypto/sm2/sm2_kap.c
index e98aa7b9..420b54da 100644
--- a/crypto/sm2/sm2_kap.c
+++ b/crypto/sm2/sm2_kap.c
@@ -662,3 +662,11 @@ int SM2_KAP_final_check(SM2_KAP_CTX *ctx, const unsigned char *checksum,
 	return 1;
 }
 
+int SM2_compute_key(void *out, size_t outlen,
+	const EC_POINT *pub_key, EC_KEY *ecdh,
+	const EC_POINT *pub_key2, EC_KEY *ec_key2,
+	const char *id1, const char *id2, int is_ini)
+{
+	return 0;
+}
+
diff --git a/crypto/sm3/hmac_sm3.c b/crypto/sm3/hmac_sm3.c
new file mode 100644
index 00000000..370fe84a
--- /dev/null
+++ b/crypto/sm3/hmac_sm3.c
@@ -0,0 +1,80 @@
+#include <string.h>
+#include <assert.h>
+#include "hmac_sm3.h"
+
+/**
+ * HMAC_k(m) = H((k ^ opad), H((k ^ ipad), m))
+ * pseudo-code:
+ * function hmac(key, message)
+ *	opad = [0x5c * blocksize]
+ *	ipad = [0x36 * blocksize]
+ *	if (length(key) > blocksize) then
+ *		key = hash(key)
+ *	end if
+ *	for i from 0 to length(key) - 1 step 1
+ *		ipad[i] = ipad[i] XOR key[i]
+ *		opad[i] = opad[i] XOR key[i]
+ *	end for
+ *	return hash(opad || hash(ipad || message))
+ * end function
+ */
+
+
+#define IPAD	0x36
+#define OPAD	0x5C
+
+
+
+void hmac_sm3_init(hmac_sm3_ctx_t *ctx, const unsigned char *key, size_t key_len)
+{
+	int i;
+	unsigned char ipad[SM3_DIGEST_LENGTH];
+
+	if (key_len <= SM3_BLOCK_SIZE) {
+		memcpy(ctx->key, key, key_len);
+		memset(ctx->key + key_len, 0, SM3_BLOCK_SIZE - key_len);
+	} else {
+		sm3_init(&ctx->sm3_ctx);
+		sm3_update(&ctx->sm3_ctx, key, key_len);
+		sm3_final(&ctx->sm3_ctx, ctx->key);
+		memset(ctx->key + SM3_DIGEST_LENGTH, 0,
+			SM3_BLOCK_SIZE - SM3_DIGEST_LENGTH);
+	}
+	for (i = 0; i < SM3_BLOCK_SIZE; i++) {
+		ctx->key[i] ^= IPAD;
+	}
+	
+	sm3_init(&ctx->sm3_ctx);
+	sm3_update(&ctx->sm3_ctx, ctx->key, SM3_BLOCK_SIZE);		
+}
+
+void hmac_sm3_update(hmac_sm3_ctx_t *ctx, const unsigned char *data, size_t data_len)
+{
+	sm3_update(&ctx->sm3_ctx, data, data_len);
+}
+
+void hmac_sm3_final(hmac_sm3_ctx_t *ctx, unsigned char mac[HMAC_SM3_MAC_SIZE])
+{
+	int i;
+	for (i = 0; i < SM3_BLOCK_SIZE; i++) {
+		ctx->key[i] ^= (IPAD ^ OPAD);
+	}	
+	sm3_final(&ctx->sm3_ctx, mac);
+	sm3_init(&ctx->sm3_ctx);
+	sm3_update(&ctx->sm3_ctx, ctx->key, SM3_BLOCK_SIZE);
+	sm3_update(&ctx->sm3_ctx, mac, SM3_DIGEST_LENGTH);
+	sm3_final(&ctx->sm3_ctx, mac);
+}
+
+void hmac_sm3(const unsigned char *data, size_t data_len,
+	const unsigned char *key, size_t key_len, unsigned char mac[HMAC_SM3_MAC_SIZE])
+{
+	hmac_sm3_ctx_t ctx;
+	
+	hmac_sm3_init(&ctx, key, key_len);
+	hmac_sm3_update(&ctx, data, data_len);
+	hmac_sm3_final(&ctx, mac);
+
+	memset(&ctx, 0, sizeof(hmac_sm3_ctx_t));
+}
+
diff --git a/crypto/sm3/hmac_sm3.h b/crypto/sm3/hmac_sm3.h
new file mode 100644
index 00000000..00b91c69
--- /dev/null
+++ b/crypto/sm3/hmac_sm3.h
@@ -0,0 +1,29 @@
+#ifndef LIBSM3_HMAC_SM3_H
+#define LIBSM3_HMAC_SM3_H
+
+#include "sm3.h"
+
+#define HMAC_SM3_MAC_SIZE  SM3_DIGEST_LENGTH
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct {
+	sm3_ctx_t sm3_ctx;
+	unsigned char key[SM3_DIGEST_LENGTH];
+} hmac_sm3_ctx_t;
+
+
+void hmac_sm3_init(hmac_sm3_ctx_t *ctx, const unsigned char *key, size_t key_len);
+void hmac_sm3_update(hmac_sm3_ctx_t *ctx, const unsigned char *data, size_t data_len);
+void hmac_sm3_final(hmac_sm3_ctx_t *ctx, unsigned char mac[HMAC_SM3_MAC_SIZE]);
+void hmac_sm3(const unsigned char *data, size_t data_len,
+	const unsigned char *key, size_t key_len, unsigned char mac[HMAC_SM3_MAC_SIZE]);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/sm3/hmac_sm3_test.c b/crypto/sm3/hmac_sm3_test.c
new file mode 100644
index 00000000..9a819f59
--- /dev/null
+++ b/crypto/sm3/hmac_sm3_test.c
@@ -0,0 +1,68 @@
+#include "hmac_sm3.h"
+#include <stdio.h>
+#include <string.h>
+
+int hmac_sm3_test()
+{
+	int ret = 0;
+	int i, j;
+	unsigned char mac[HMAC_SM3_MAC_SIZE];
+	hmac_sm3_ctx_t ctx;
+	
+	char *testarray[4] = {
+		"abc",
+		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+		"a",
+		"01234567012345670123456701234567"
+	};
+	int repeatcount[4] = { 1, 1, 1000000, 20 };
+	unsigned char key[4] = {
+		"hello",
+		"world",
+		"23492304982304982340923480",
+		"a"
+	};
+	unsigned char result[4][32] = {
+		{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0},
+		{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0},
+		{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0},
+		{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0},
+	};
+
+	for (i = 0; i < sizeof(testarray)/sizeof(testarray[0]); i++) {
+		hmac_sm3_init(&ctx, key[i], key_length[i]);
+		for (j = 0; j < repeatcount[i]; j++) {
+			hmac_sm3_update(&ctx, (const unsigned char *)testarray[i], 
+				strlen(testarray[i]));
+		}
+		hmac_sm3_final(&ctx, mac);
+		if (memcmp(mac, &result[i][0], sizeof(mac)) != 0) {
+			fprintf(stderr, "hmac-sm3 test-%d failed\n", i);
+			ret = 1;
+		}
+	}
+	
+	if (ret == 0) {
+		printf("hmac-sm3 test success!\n");
+	}
+	
+	return ret;
+}
+
+int main()
+{
+	return hmac_sm3_test();
+}
+
diff --git a/crypto/sm3/sm3dgst.c b/crypto/sm3/sm3dgst.c
new file mode 100644
index 00000000..a1f3063d
--- /dev/null
+++ b/crypto/sm3/sm3dgst.c
@@ -0,0 +1,46 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <libgen.h>
+#include "sm3.h"
+
+/*
+ * usage of sm3dgst:
+ * ./sm3dgst <file>
+ * 324234234234235234234234234234
+ *
+ * echo "hello world" | sm3dgst
+ * lksjdlfksdjlfkjsdlfkjsdlfkjsdljkfffffffldjfk=
+ *
+ */
+
+int main(int argc, char **argv)
+{
+	sm3_ctx_t ctx;
+	unsigned char dgst[SM3_DIGEST_LENGTH];
+	unsigned char buf[4096];
+	ssize_t len;
+	int i;
+
+	if (argc > 1) {
+		printf("usage: %s < file\n", basename(argv[0]));
+		return 0;
+	}
+
+	sm3_init(&ctx);
+	
+	while ((len = read(STDIN_FILENO, buf, sizeof(buf))) > 0) {
+		sm3_update(&ctx, buf, len);
+	}
+	memset(dgst, 0, sizeof(dgst));
+	sm3_final(&ctx, dgst);
+
+	for (i = 0; i < sizeof(dgst); i++) {
+		printf("%02x", dgst[i]);
+	}
+	printf("\n");
+
+	return 0;	 
+}
+
diff --git a/crypto/sm3/sm3test2.c b/crypto/sm3/sm3test2.c
new file mode 100644
index 00000000..9350a70c
--- /dev/null
+++ b/crypto/sm3/sm3test2.c
@@ -0,0 +1,94 @@
+#include <stdio.h>
+#include <string.h>
+#include "sm3.h"
+
+int sm3_test1()
+{
+	char *msg = "abc";
+	unsigned char dgst[SM3_DIGEST_LENGTH];
+	unsigned char result[] = {
+		0x66,0xc7,0xf0,0xf4,0x62,0xee,0xed,0xd9, 
+		0xd1,0xf2,0xd4,0x6b,0xdc,0x10,0xe4,0xe2, 
+		0x41,0x67,0xc4,0x87,0x5c,0xf2,0xf7,0xa2, 
+		0x29,0x7d,0xa0,0x2b,0x8f,0x4b,0xa8,0xe0
+	};
+	int i;
+
+	printf("sm3 test 1\n");
+	memset(dgst, 0, sizeof(dgst));
+	sm3((unsigned char *)msg, strlen(msg), dgst);
+
+	printf(" message : %s\n", msg);
+	printf("  digest : 0x");
+	for(i = 0; i < sizeof(dgst); i++) {
+		printf("%02x", dgst[i]);
+	}
+	printf("\n");
+
+	printf("  result : ");
+	if (memcmp(dgst, result, sizeof(result))) {
+		printf("failed\n");
+		return -1;
+	} else {
+		printf("passed\n");
+	}
+	return 0;
+}
+
+int sm3_test2()
+{
+	unsigned char msg[] = {
+		0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+	};
+
+	unsigned char dgst[SM3_DIGEST_LENGTH];
+	unsigned char result[] = {
+		0xde,0xbe,0x9f,0xf9,0x22,0x75,0xb8,0xa1,
+		0x38,0x60,0x48,0x89,0xc1,0x8e,0x5a,0x4d,
+		0x6f,0xdb,0x70,0xe5,0x38,0x7e,0x57,0x65, 
+		0x29,0x3d,0xcb,0xa3,0x9c,0x0c,0x57,0x32,
+	};
+	int i;
+
+	printf("sm3 test 2\n");
+	memset(dgst, 0, sizeof(dgst));
+	sm3(msg, sizeof(msg), dgst);
+
+	printf(" message : 0x");
+	for (i = 0; i < sizeof(msg); i++) {
+		printf("%02x", msg[i]);
+	}
+	printf("\n");
+	printf("   digest: 0x");
+	for (i = 0; i < sizeof(dgst); i++) {
+		printf("%02x", dgst[i]);
+	}
+	printf("\n");
+
+	printf("  result : ");
+	if (memcmp(dgst, result, sizeof(result))) {
+		printf("failed\n");
+		return -1;
+	} else {
+		printf("passed\n");
+	}
+	return 0;
+}
+
+int main(int argc, char *argv[])
+{
+	if (sm3_test1())
+		return -1;
+
+	if (sm3_test2())
+		return -2;
+
+	return 0;
+}
diff --git a/crypto/sm9/sm9.h b/crypto/sm9/sm9.h
new file mode 100644
index 00000000..91b0d96d
--- /dev/null
+++ b/crypto/sm9/sm9.h
@@ -0,0 +1,102 @@
+/* crypto/sm9/sm9.h */
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+
+#ifndef HEADER_SM9_H
+#define HEADER_SM9_H
+
+#include <openssl/evp.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct sm9_public_params_st SM9_PUBLIC_PARAMS;
+typedef struct sm9_master_secret_st SM9_MASTER_SECRET;
+
+#define SM9_VERIFY_SUCCESS	 1
+#define SM9_VERIFY_FAILED	 0
+#define SM9_VERIFY_INNER_ERROR	-1
+
+int SM9_setup(SM9_PUBLIC_PARAMS **params, SM9_MASTER_SECRET **master);
+void SM9_PUBLIC_PARAMS_free(SM9_PUBLIC_PARAMS *a);
+void SM9_MASTER_SECRET_free(SM9_MASTER_SECRET *a);
+int i2d_SM9_PUBLIC_PARAMS(SM9_PUBLIC_PARAMS *a, unsigned char *out);
+int i2d_SM9_MASTER_SECRET(SM9_MASTER_SECRET *a, unsigned char *out);
+SM9_PUBLIC_PARAMS *d2i_SM9_PUBLIC_PARAMS(SM9_PUBLIC_PARAMS **a, const unsigned char **in, long len);
+SM9_MASTER_SECRET *d2i_SM9_MASTER_SECRET(SM9_MASTER_SECRET **a, const unsigned char **in, long len);
+
+EVP_PKEY *SM9_extract_private_key(SM9_MASTER_SECRET *master,
+	const char *id, size_t idlen, EVP_PKEY **pkey);
+
+int SM9_encrypt(SM9_PUBLIC_PARAMS *params,
+	const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen,
+	const char *id, size_t idlen);
+int SM9_decrypt(SM9_PUBLIC_PARAMS *params,
+	const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen,
+	EVP_PKEY *pkey);
+
+int SM9_sign(SM9_PUBLIC_PARAMS *params,
+	const unsigned char *dgst, int dgstlen,
+	unsigned char *sig, unsigned int *siglen,
+	EVP_PKEY *pkey);
+int SM2_verify(SM9_PUBLIC_PARAMS *params,
+	const unsigned char *dgst, int dgstlen,
+	const unsigned char *sig, int siglen,
+	const char *id, size_t idlen);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/sm9/sm9_lcl.h b/crypto/sm9/sm9_lcl.h
new file mode 100644
index 00000000..f30153a0
--- /dev/null
+++ b/crypto/sm9/sm9_lcl.h
@@ -0,0 +1,103 @@
+/* crypto/sm9/sm9.h */
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+
+#include "sm9.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct sm9_public_params_st {
+	char *id;
+	void *data;
+};
+
+struct sm9_master_secret_st {
+	char *id;
+	void *data;
+};
+
+struct sm9_method_st {
+	int type;
+	char *name;
+	int (*setup)(SM9_PUBLIC_PARAMS **params, SM9_MASTER_SECRET **master);
+	void (*public_params_free)(SM9_PUBLIC_PARAMS *a);
+	void (*master_secret_free)(SM9_MASTER_SECRET *a);
+	int (*public_params_encode)(SM9_PUBLIC_PARAMS *a, unsigned char *out);
+	int (*master_secret_encode)(SM9_MASTER_SECRET *a, unsigned char *out);
+	SM9_PUBLIC_PARAMS *(*public_params_decode)(SM9_PUBLIC_PARAMS **a, const unsigned char **in, long len);
+	SM9_MASTER_SECRET *(*master_secret_decode)(SM9_MASTER_SECRET **a, const unsigned char **in, long len);
+	EVP_PKEY *(*extract_private_key)(SM9_MASTER_SECRET *master,
+		const char *id, size_t idlen, EVP_PKEY **pkey);
+	int (*encrypt)(SM9_PUBLIC_PARAMS *params,
+		const unsigned char *in, size_t inlen,
+		unsigned char *out, size_t *outlen,
+		const char *id, size_t idlen);
+	int (*decrypt)(SM9_PUBLIC_PARAMS *params,
+		const unsigned char *in, size_t inlen,
+		unsigned char *out, size_t *outlen,
+		EVP_PKEY *pkey);
+	int (*sign)(SM9_PUBLIC_PARAMS *params,
+		const unsigned char *dgst, int dgstlen,
+		unsigned char *sig, unsigned int *siglen,
+		EVP_PKEY *pkey);
+	int (*verify)(SM9_PUBLIC_PARAMS *params,
+		const unsigned char *dgst, int dgstlen,
+		const unsigned char *sig, int siglen,
+		const char *id, size_t idlen);
+};
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/sms4/Makefile b/crypto/sms4/Makefile
index c1312beb..eb89cd32 100644
--- a/crypto/sms4/Makefile
+++ b/crypto/sms4/Makefile
@@ -17,13 +17,13 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=sms4_cbc.c sms4_cfb.c sms4_ecb.c sms4_ofb.c sms4_ctr.c sms4_wrap.c sms4.c
-LIBOBJ=sms4_cbc.o sms4_cfb.o sms4_ecb.o sms4_ofb.o sms4_ctr.o sms4_wrap.o sms4.o
+LIBSRC=sms4_cbc.c sms4_cfb.c sms4_ecb.c sms4_ofb.c sms4_ctr.c sms4_wrap.c sms4_common.c sms4_setkey.c sms4_enc.c
+LIBOBJ=sms4_cbc.o sms4_cfb.o sms4_ecb.o sms4_ofb.o sms4_ctr.o sms4_wrap.o sms4_common.o sms4_setkey.o sms4_enc.o
 
 SRC= $(LIBSRC)
 
 EXHEADER= sms4.h
-HEADER=	../../include/openssl/modes.h $(EXHEADER)
+HEADER=	../../include/openssl/modes.h sms4_lcl.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
diff --git a/crypto/sms4/sms4.h b/crypto/sms4/sms4.h
index 5c76e4ec..0ee691a7 100644
--- a/crypto/sms4/sms4.h
+++ b/crypto/sms4/sms4.h
@@ -91,6 +91,26 @@ int sms4_wrap_key(sms4_key_t *key, const unsigned char *iv,
 int sms4_unwrap_key(sms4_key_t *key, const unsigned char *iv,
 	unsigned char *out, const unsigned char *in, unsigned int inlen);
 
+
+
+#define SMS4_EDE_KEY_LENGTH	32
+
+typedef struct {
+	sms4_key_t k1;
+	sms4_key_t k2;	
+} sms4_ede_key_t;
+
+void sms4_ede_set_encrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);
+void sms4_ede_set_decrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);
+void sms4_ede_encrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_encrypt_8blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_encrypt_16blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_decrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_decrypt_8blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_decrypt_16blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+
+
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/crypto/sms4/sms4_ede.h b/crypto/sms4/sms4_ede.h
deleted file mode 100644
index 1f1e3b9a..00000000
--- a/crypto/sms4/sms4_ede.h
+++ /dev/null
@@ -1,30 +0,0 @@
-#ifndef LIBSM_SMS4_EDE_H
-#define LIBSM_SMS4_EDE_H
-
-#define SMS4_EDE_KEY_LENGTH	32
-
-#include "sms4.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct {
-	sms4_key_t k1;
-	sms4_key_t k2;	
-} sms4_ede_key_t;
-
-void sms4_ede_set_encrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);
-void sms4_ede_set_decrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);
-void sms4_ede_encrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-void sms4_ede_encrypt_8blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-void sms4_ede_encrypt_16blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-void sms4_ede_decrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-void sms4_ede_decrypt_8blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-void sms4_ede_decrypt_16blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/sms4/sms4_enc.c b/crypto/sms4/sms4_enc.c
index 949a04b1..12796440 100644
--- a/crypto/sms4/sms4_enc.c
+++ b/crypto/sms4/sms4_enc.c
@@ -64,8 +64,7 @@
 	x4 = S32(x4);					\
 	x4 = x0 ^ L32(x4)
 
-
-void sms4_encrypt(sms4_key_t *key, const unsigned char *in, unsigned char *out)
+void sms4_encrypt(const unsigned char *in, unsigned char *out, const sms4_key_t *key)
 {
 	uint32_t *rk = key->rk;
 	uint32_t x0, x1, x2, x3, x4;
diff --git a/crypto/sms4/sms4_setkey.c b/crypto/sms4/sms4_setkey.c
new file mode 100644
index 00000000..8ae4ec0b
--- /dev/null
+++ b/crypto/sms4/sms4_setkey.c
@@ -0,0 +1,67 @@
+#include "sms4.h"
+#include "sms4_lcl.h"
+
+static uint32_t FK[4] = {
+	0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc,
+};
+
+static uint32_t CK[32] = {
+	0x00070e15, 0x1c232a31, 0x383f464d, 0x545b6269,
+	0x70777e85, 0x8c939aa1, 0xa8afb6bd, 0xc4cbd2d9,
+	0xe0e7eef5, 0xfc030a11, 0x181f262d, 0x343b4249,
+	0x50575e65, 0x6c737a81, 0x888f969d, 0xa4abb2b9,
+	0xc0c7ced5, 0xdce3eaf1, 0xf8ff060d, 0x141b2229, 
+	0x30373e45, 0x4c535a61, 0x686f767d, 0x848b9299,
+	0xa0a7aeb5, 0xbcc3cad1, 0xd8dfe6ed, 0xf4fb0209,
+	0x10171e25, 0x2c333a41, 0x484f565d, 0x646b7279,
+};
+
+#define L32_(x)					\
+	((x) ^ 					\
+	ROT32((x), 13) ^			\
+	ROT32((x), 23))
+
+#define ENC_ROUND(x0, x1, x2, x3, x4, i)	\
+	x4 = x1 ^ x2 ^ x3 ^ *(CK + i);		\
+	x4 = S32(x4);				\
+	x4 = x0 ^ L32_(x4);			\
+	*(rk + i) = x4
+
+#define DEC_ROUND(x0, x1, x2, x3, x4, i)	\
+	x4 = x1 ^ x2 ^ x3 ^ *(CK + i);		\
+	x4 = S32(x4);				\
+	x4 = x0 ^ L32_(x4);			\
+	*(rk + 31 - i) = x4
+
+void sms4_set_encrypt_key(sms4_key_t *key, const unsigned char *user_key)
+{
+	uint32_t *rk = key->rk;
+	uint32_t x0, x1, x2, x3, x4;
+
+	x0 = GET32(user_key     ) ^ FK[0];
+	x1 = GET32(user_key  + 4) ^ FK[1];
+	x2 = GET32(user_key  + 8) ^ FK[2];
+	x3 = GET32(user_key + 12) ^ FK[3];
+
+#define ROUND ENC_ROUND
+	ROUNDS(x0, x1, x2, x3, x4);
+
+	x0 = x1 = x2 = x3 = x4 = 0;
+}
+
+void sms4_set_decrypt_key(sms4_key_t *key, const unsigned char *user_key)
+{
+	uint32_t *rk = key->rk;
+	uint32_t x0, x1, x2, x3, x4;	
+
+	x0 = GET32(user_key     ) ^ FK[0];
+	x1 = GET32(user_key  + 4) ^ FK[1];
+	x2 = GET32(user_key  + 8) ^ FK[2];
+	x3 = GET32(user_key + 12) ^ FK[3];
+
+#undef ROUND
+#define ROUND DEC_ROUND
+	ROUNDS(x0, x1, x2, x3, x4);
+	
+	x0 = x1 = x2 = x3 = x4 = 0;
+}
diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
index ba2fafc3..84e1f68f 100644
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -90,11 +90,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
     case EVP_PKEY_EC:
         ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
         break;
-#ifndef OPENSSL_NO_SM2
-    case EVP_PKEY_SM2:
-        ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
-        break;
-#endif
     case EVP_PKEY_DH:
         ret = EVP_PK_DH | EVP_PKT_EXCH;
         break;
diff --git a/demos/gmssl/ec_key.pem b/demos/gmssl/ec_key.pem
deleted file mode 100644
index 66a49c29..00000000
--- a/demos/gmssl/ec_key.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN EC PARAMETERS-----
-BggqhkjOPQMBAQ==
------END EC PARAMETERS-----
------BEGIN EC PRIVATE KEY-----
-MF8CAQEEGFKLikRIH3/XDuvS4Ih6SFr+bWVAnAAv1aAKBggqhkjOPQMBAaE0AzIA
-BP2x9MuZ06z72j1BMoUe6zYbmenKt3RgZZufuTMbAoz2XIeFwlmDk2pX6XS2+uiU
-gA==
------END EC PRIVATE KEY-----
diff --git a/demos/gmssl/eckey.pem b/demos/gmssl/eckey.pem
deleted file mode 100644
index c935b625..00000000
--- a/demos/gmssl/eckey.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIBYQIBADCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////v//////
-//////////////8AAAAA//////////8wRAQg/////v////////////////////8A
-AAAA//////////wEICjp+p6dn140TVqeS89lCafzl4n1FauPkt28vUFNlA6TBEEE
-MsSuLB8ZgRlfmQRGajnJlI/jC7/yZgvhcVpFiTNMdMe8Nzai9PZ3nFm9zuNraSFT
-0KmHfMYqR0AC3zLlITnwoAIhAP////7///////////////9yA99rIcYFK1O79Ak5
-1UEjAgEBBG0wawIBAQQgPiMJOFBUJIqDZgYNyIei38Yknx9O9PpMAcmLGVx4PQqh
-RANCAARZKqeiImjJ27a/49Cquf0Zz8U0429NlCFxY6YmS1Lu9i9ApqUH7UfY7tb0
-9w8CpoqgJk4TjDz9ZQxNJPA2kZlq
------END PRIVATE KEY-----
diff --git a/demos/gmssl/ecparam.pem b/demos/gmssl/ecparam.pem
deleted file mode 100644
index 9ff67218..00000000
--- a/demos/gmssl/ecparam.pem
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN EC PARAMETERS-----
-MIHgAgEBMCwGByqGSM49AQECIQD////+/////////////////////wAAAAD/////
-/////zBEBCD////+/////////////////////wAAAAD//////////AQgKOn6np2f
-XjRNWp5Lz2UJp/OXifUVq4+S3by9QU2UDpMEQQQyxK4sHxmBGV+ZBEZqOcmUj+ML
-v/JmC+FxWkWJM0x0x7w3NqL09necWb3O42tpIVPQqYd8xipHQALfMuUhOfCgAiEA
-/////v///////////////3ID32shxgUrU7v0CTnVQSMCAQE=
------END EC PARAMETERS-----
diff --git a/demos/gmssl/ecpubkey.pem b/demos/gmssl/ecpubkey.pem
deleted file mode 100644
index ff0adbc2..00000000
--- a/demos/gmssl/ecpubkey.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////v//////////
-//////////8AAAAA//////////8wRAQg/////v////////////////////8AAAAA
-//////////wEICjp+p6dn140TVqeS89lCafzl4n1FauPkt28vUFNlA6TBEEEMsSu
-LB8ZgRlfmQRGajnJlI/jC7/yZgvhcVpFiTNMdMe8Nzai9PZ3nFm9zuNraSFT0KmH
-fMYqR0AC3zLlITnwoAIhAP////7///////////////9yA99rIcYFK1O79Ak51UEj
-AgEBA0IABFkqp6IiaMnbtr/j0Kq5/RnPxTTjb02UIXFjpiZLUu72L0CmpQftR9ju
-1vT3DwKmiqAmThOMPP1lDE0k8DaRmWo=
------END PUBLIC KEY-----
diff --git a/demos/gmssl/gmssl.sh b/demos/gmssl/gmssl.sh
index 6290aa52..9eafa7bf 100755
--- a/demos/gmssl/gmssl.sh
+++ b/demos/gmssl/gmssl.sh
@@ -17,11 +17,25 @@ $gmssl version
 $gmssl ecparam -list_curves | grep sm2
 $gmssl ecparam -text -noout -name sm2p256v1 -param_enc explicit
 
-$gmssl genpkey -genparam -algorithm SM2 $ecpkeyopt -out $paramfile
-$gmssl genpkey -algorithm SM2 $ecpkeyopt -out $keyfile
-$gmssl pkey -text -noout -in $keyfile
+gmssl genpkey -genparam -algorithm EC -out sm2p256v1.pem \
+	-pkeyopt ec_paramgen_curve:sm2p256v1 \
+	-pkeyopt ec_param_enc:named_curve
 
-$gmssl pkey -in $keyfile -pubout -out $pubkeyfile
-$gmssl pkey -text -noout -pubin -in $pubkeyfile
+gmssl genpkey -algorithm EC -out sm2key.pem \
+	-pkeyopt ec_paramgen_curve:sm2p256v1 \
+	-pkeyopt ec_param_enc:named_curve
 
-echo hello | $gmssl pkeyutl -sign -inkey $keyfile -hexdump
+# print private key
+#gmssl pkey -text -noout -in sm2key.pem
+
+# export public key
+gmssl pkey -in sm2key.pem -pubout -out sm2pubkey.pem
+#gmssl pkey -text -noout -pubin -in $pubkeyfile
+
+echo hello | gmssl pkeyutl -sign -inkey sm2key.pem -pkeyopt ec_sign_algor:sm2 > sm2sig.der
+
+
+echo hello | \
+gmssl pkeyutl -verify -inkey sm2key.pem \
+	-sigfile sm2sig.der -pkeyopt ec_sign_algor:sm2
+		
diff --git a/demos/gmssl/server.c b/demos/gmssl/server.c
new file mode 100644
index 00000000..6f884403
--- /dev/null
+++ b/demos/gmssl/server.c
@@ -0,0 +1,50 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/ssl.h>
+#include <openssl/x509v3.h>
+
+char *cert_file = "server.pem";
+
+int main(int argc, char **argv)
+{
+
+	SSL_CTX *ctx = NULL;
+	SSL *ssl = NULL;
+
+	SSL_library_init();
+	SSL_load_error_strings();
+
+
+
+	if (!(ctx = SSL_CTX_new(GMSSLv1_method()))) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	if (!SSL_CTX_use_certificate_chain_file(ctx, cert_file)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	if (!SSL_CTX_use_PrivateKey_file(ctx, cert_file, SSL_FILETYPE_PEM)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	if (!(ssl = SSL_new(ctx))) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	if (SSL_accept(ssl) <= 0) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+	
+
+end:
+	return 0;
+}
+
diff --git a/demos/gmssl/sm2-gencert.sh b/demos/gmssl/sm2-gencert.sh
deleted file mode 100755
index 7b7c2d73..00000000
--- a/demos/gmssl/sm2-gencert.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash -x
-
-KEY_FILE=user.key
-REQ_FILE=user.req
-CERT_FILE=user.pem
-
-gmssl ecparam -genkey -name sm2p256v1 -text -out $KEY_FILE
-gmssl req -new -key $KEY_FILE -out $REQ_FILE
-gmssl ca -out $CERT_FILE  -outdir . -infiles $REQ_FILE
-gmssl pkcs12 -export -out user.pfx -in $CERT_FILE -inkey $KEY_FILE -certfile ./demoCA/cacert.pem
-
diff --git a/demos/gmssl/sm2-initca.sh b/demos/gmssl/sm2-initca.sh
deleted file mode 100755
index 117f91a2..00000000
--- a/demos/gmssl/sm2-initca.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-DIR=demoCA
-
-rm -fr $DIR
-mkdir $DIR
-mkdir $DIR/certs
-mkdir $DIR/crl
-mkdir $DIR/newcerts
-mkdir $DIR/private/
-touch $DIR/index.txt
-touch $DIR/crlnumber
-touch $DIR/private/.rand
-echo 01 > $DIR/serial
-
-gmssl ecparam -genkey -name sm2p256v1 -text -out $DIR/private/cakey.pem
-gmssl req -new -x509 -days 3650 -key $DIR/private/cakey.pem -out $DIR/cacert.pem
-gmssl x509 -text -noout -in $DIR/cacert.pem
-
diff --git a/demos/gmssl/sm2enc.c b/demos/gmssl/sm2enc.c
new file mode 100644
index 00000000..116ee430
--- /dev/null
+++ b/demos/gmssl/sm2enc.c
@@ -0,0 +1,109 @@
+/* demo/gmssl/sm3.c */
+/* ====================================================================
+ * Copyright (c) 2014 - 2015 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+
+int main(int argc, char **argv)
+{
+	int ret = -1;
+	FILE *fp = stdin;
+	unsigned char buf[1024];
+	size_t len;
+	const EVP_MD *md;
+	EVP_MD_CTX mdctx;
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen, i;
+
+	if (argc == 2) {
+		if (!(fp = fopen(argv[1], "r"))) {
+			fprintf(stderr, "open file %s failed\n", argv[1]);
+			return -1;
+		}
+	}
+
+	OpenSSL_add_all_digests();
+	if (!(md = EVP_get_digestbyname("sm3"))) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	if (!EVP_DigestInit(&mdctx, md)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	while ((len = fread(buf, 1, sizeof(buf), fp))) {
+		if (!EVP_DigestUpdate(&mdctx, buf, len)) {
+			ERR_print_errors_fp(stderr);
+			goto end;
+		}
+	}
+
+	if (!EVP_DigestFinal(&mdctx, dgst, &dgstlen)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	for (i = 0; i < dgstlen; i++) {
+		printf("%02x", dgst[i]);
+	}
+	printf("\n");
+	ret = 0;
+
+end:
+	fclose(fp);
+	EVP_cleanup();
+	return ret;
+}
+
diff --git a/engines/e_skf.c b/engines/e_skf.c
index be28525a..a217b34b 100644
--- a/engines/e_skf.c
+++ b/engines/e_skf.c
@@ -366,7 +366,7 @@ int skf_rand_bytes(unsigned char *buf, int num)
 {
 	ULONG rv;
 
-	if ((rv = SKF_GenRandom(skf_dev_handle, buf, (ULONG)num)) != SAR_OK) {
+	if ((rv = SKF_GenRandom(hDev, buf, (ULONG)num)) != SAR_OK) {
 		SKFerr(SKF_F_SKF_RAND_BYTES, skf_err2openssl(rv));
 		return 0;
 	}
@@ -387,11 +387,10 @@ static RAND_METHOD skf_rand = {
 static int skf_sm3_init(EVP_MD_CTX *ctx)
 {
 	ULONG rv;
-	DEVHANDLE hDev = skf_dev_handle;
+	DEVHANDLE hDev;
 	HANDLE hHash;
 
-	if ((rv = SKF_DigestInit(hDev, SGD_SM3, NULL, NULL, 0,
-		(HANDLE *)&ctx->md_data)) != SAR_OK) {
+	if ((rv = SKF_DigestInit(hDev, SGD_SM3, NULL, NULL, 0, &hHash)) != SAR_OK) {
 		SKFerr(SKF_F_SM3_INIT, skf_err2openssl(rv));
 		return 0;
 	}
@@ -547,4 +546,3 @@ static int bind(ENGINE *e, const char *id)
 
 IMPLEMENT_DYNAMIC_BIND_FN(bind);
 IMPLEMENT_DYNAMIC_CHECK_FN();
-
diff --git a/include/openssl/gmssl.h b/include/openssl/gmssl.h
deleted file mode 120000
index 0987238c..00000000
--- a/include/openssl/gmssl.h
+++ /dev/null
@@ -1 +0,0 @@
-../../ssl/gmssl.h
\ No newline at end of file
diff --git a/include/openssl/gmssl1.h b/include/openssl/gmssl1.h
new file mode 120000
index 00000000..bbda71dd
--- /dev/null
+++ b/include/openssl/gmssl1.h
@@ -0,0 +1 @@
+../../ssl/gmssl1.h
\ No newline at end of file
diff --git a/include/openssl/otp.h b/include/openssl/otp.h
new file mode 120000
index 00000000..b4711901
--- /dev/null
+++ b/include/openssl/otp.h
@@ -0,0 +1 @@
+../../crypto/otp/otp.h
\ No newline at end of file
diff --git a/ssl/Makefile b/ssl/Makefile
index 42f1af5c..5de3dbba 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -26,7 +26,8 @@ LIBSRC=	\
 	s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
 	t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c t1_ext.c \
 	d1_meth.c   d1_srvr.c d1_clnt.c  d1_lib.c  d1_pkt.c \
-	d1_both.c d1_srtp.c \
+	d1_both.c   d1_srtp.c \
+	gm_meth.c   gm_srvr.c gm_clnt.c  gm_lib.c  gm_enc.c \
 	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
 	ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \
@@ -35,9 +36,10 @@ LIBOBJ= \
 	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
 	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
 	s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
-	t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o t1_ext.o \
-	d1_meth.o   d1_srvr.o d1_clnt.o  d1_lib.o  d1_pkt.o \
-	d1_both.o d1_srtp.o\
+	t1_meth.o  t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o t1_ext.o \
+	d1_meth.o  d1_srvr.o d1_clnt.o  d1_lib.o  d1_pkt.o \
+	d1_both.o  d1_srtp.o\
+	gm_meth.o  gm_srvr.o gm_clnt.o  gm_lib.o  gm_enc.o \
 	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
 	ssl_ciph.o ssl_stat.o ssl_rsa.o \
 	ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \
@@ -45,7 +47,7 @@ LIBOBJ= \
 
 SRC= $(LIBSRC)
 
-EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h kssl.h srtp.h
+EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h gmssl1.h kssl.h srtp.h
 HEADER=	$(EXHEADER) ssl_locl.h kssl_lcl.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
diff --git a/ssl/gm_clnt.c b/ssl/gm_clnt.c
index 5b7d4fa9..7fc361f2 100644
--- a/ssl/gm_clnt.c
+++ b/ssl/gm_clnt.c
@@ -55,19 +55,17 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include <openssl/gmssl.h>
+#include <openssl/gmssl1.h>
 
-static const SSL_METHOD *gmssl_get_client_method(int ver)
+static const SSL_METHOD *gm1_get_client_method(int ver)
 {
-	if (ver == GMSSL1_1_VERSION) {
-		return GMSSLv1_1_client_method();
+	if (ver == GM1_VERSION) {
+		return GMSSLv1_client_method();
 	}
 	return NULL;
 }
 
-IMPLEMENT_gmssl_meth_func(GMSSL1_1_VERSION, GMSSLv1_1_client_method,
-                        ssl_undefined_function,
-                        ssl3_connect,
-                        gmssl_get_client_method, GMSSLv1_1_enc_data)
-
+IMPLEMENT_gm1_meth_func(GMSSLv1_client_method,
+			ssl_undefined_function,ssl3_connect,
+			gm1_get_client_method)
 
diff --git a/ssl/gm_enc.c b/ssl/gm_enc.c
index 6360a2b5..021a9462 100644
--- a/ssl/gm_enc.c
+++ b/ssl/gm_enc.c
@@ -57,9 +57,9 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include <openssl/gmssl.h>
-
+#include <openssl/gmssl1.h>
 
+/* convert error code to some byte can be encode */
 int gmssl_alert_code(int code)
 {
 	return tls1_alert_code(code);
diff --git a/ssl/gm_lib.c b/ssl/gm_lib.c
index 563d9da8..88527511 100644
--- a/ssl/gm_lib.c
+++ b/ssl/gm_lib.c
@@ -57,32 +57,103 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include <openssl/gmssl.h>
+#include <openssl/gmssl1.h>
 
-const char gmssl1_version_str[] - "GMSSLv1" OPENSSL_VERSION_PTEXT;
+const char gm1_version_str[] = "GMSSLv1" OPENSSL_VERSION_PTEXT;
 
 #define GM1_NUM_CIPHERS		(sizeof(gm1_ciphers)/sizeof(SSL_CIPHER))
 
 
-SSL3_ENC_METHOD GMSSLv1_1_enc_data = {
-	gmssl_enc,
-	gmssl_mac,
-	gmssl_setup_key_block,
-	gmssl_generate_master_secret,
-	gmssl_change_cipher_state,
-	gmssl_final_finish_mac,
-	GMSSL_FINISH_MAC_LENGTH,
-	gmssl_cert_verify_mac,
+SSL3_ENC_METHOD GMSSLv1_enc_data = {
+	tls1_enc,
+	tls1_mac,
+	tls1_setup_key_block,
+	tls1_generate_master_secret,
+	tls1_change_cipher_state,
+	tls1_final_finish_mac,
+	TLS1_FINISH_MAC_LENGTH,
+	tls1_cert_verify_mac,
 	TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
 	TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
-	tls1_alert_code,
+	tls1_alert_code, //FIXME: GMSSL has some extra code
 	tls1_export_keying_material,
-	0,
+	SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS /* | SSL_ENC_FLAG_SM3_PRF */
+		/* | SSL_ENC_FLAGS_GM1_CIPHERS */,
 	SSL3_HM_HEADER_LENGTH,
 	ssl3_set_handshake_header,
 	ssl3_handshake_write
 };
 
+/*
+struct {
+	ECParameters curve_params;
+	ECPoint pubkey;
+} ServerECDHEParams;
+
+IBCEncryptionKey: derived from server ID
+
+struct {
+	switch (KeyExchangeAlgorithm):
+	case ECDHE:
+		ServerECDHEParams params;
+		signed struct {
+			uint8 client_random[32];
+			uint8 server_random[32];
+			ServerECDHEParams params;
+		} signed_params;
+	case ECC:
+		signed struct {
+			uint8 client_random[32];
+			uint8 server_random[32];
+			uint8 server_enc_cert[];
+		} signed_params;
+	case IBSDH:
+		ServerIBSDHParams params;
+		signed struct {
+			uint8 client_random[32];
+			uint8 server_random[32];
+			ServerIBSDHParams params;
+		} signed_params;
+	case IBC:
+		ServerIBCParams params;
+		signed struct {
+			uint8 client_random[32];
+			uint8 server_random[32];
+			ServerIBCParams params;
+			uint8 IBCEncryptionKey[1024];
+		} signed_params;
+	case RSA:
+		signed struct {
+			uint8 client_random[32];
+			uint8 server_random[32];
+			uint8 server_enc_cert[];
+		} signed_params;
+	}
+} ServerKeyExchange;
+
+struct {
+	switch (KeyExchangeAlgorithm):
+	case ECDHE:
+		uint8 ClientECDHEParams[];
+	case IBSDH:
+		uint8 ClientIBSDHParams[];
+	case ECC:
+		uint8 ECCEncryptedPreMasterSecret[];
+	case IBE:
+		uint8 IBCEncryptedPreMasterSecret[];
+	case RSA:
+		uint8 RSAEncryptedPreMasterSecret[];
+	} exchangeKeys;
+} ClientKeyExchange;
+*/
+
+
+	
+
+
+
+
+
 
 /*
  * ECDHE_XXX is the same as ECDHE_ECDSA_XXX in TLS
@@ -90,13 +161,13 @@ SSL3_ENC_METHOD GMSSLv1_1_enc_data = {
  *	except that the ServerKeyExchange format is not null.
  */
 OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
-
+#if 1
 	/* Cipher 1 */
 	{
 		1,
 		GM1_TXT_ECDHE_SM1_SM3,
 		GM1_CK_ECDHE_SM1_SM3,
-		SSL_kEECDH,
+		SSL_kECDHE2,
 		SSL_aSM2,
 		SSL_SM1,
 		SSL_SM3,
@@ -112,8 +183,8 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
 		1,
 		GM1_TXT_ECC_SM1_SM3,
 		GM1_CK_ECC_SM1_SM3,
-		SSL_kECDHs,
-		SSL_aECDH,
+		SSL_kSM2,
+		SSL_aSM2,
 		SSL_SM1,
 		SSL_SM3,
 		SSL_GMV1,
@@ -129,7 +200,7 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
 		GM1_TXT_IBSDH_SM1_SM3,
 		GM1_CK_IBSDH_SM1_SM3,
 		SSL_kEECDH,
-		SSL_aSM9,
+		SSL_aSM2,
 		SSL_SM1,
 		SSL_SM3,
 		SSL_GMV1,
@@ -142,8 +213,8 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
 	/* Cipher 4 */
 	{
 		1,
-		GM1_TXT_IBC_SM1_SHA1,
-		GM1_CK_IBC_SM1_SHA1,
+		GM1_TXT_IBC_SM1_SM3,
+		GM1_CK_IBC_SM1_SM3,
 		SSL_kECDHe,
 		SSL_aSM2,
 		SSL_SM1,
@@ -186,7 +257,7 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
 		128,
 		128,
 	},
-
+#endif
 
 	/* Cipher 7 */
 	{
@@ -220,14 +291,14 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
 		128,
 	},
 
-
+#if 1
 	/* Cipher 9 */
 	{
 		1,
 		GM1_TXT_IBSDH_SM4_SM3,
 		GM1_CK_IBSDH_SM4_SM3,
-		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
-		SSL_aSM2,	/* auth algor bits */
+		SSL_kIBSDH,
+		SSL_aSM2,
 		SSL_SM4,
 		SSL_SM3,
 		SSL_GMV1,
@@ -242,8 +313,8 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
 		1,
 		GM1_TXT_IBC_SM4_SM3,
 		GM1_CK_IBC_SM4_SM3,
-		SSL_kECDHe,	/* fixed ECDH key exchange algorithm bits */
-		SSL_aSM2,	/* auth algor bits */
+		SSL_kIBC,
+		SSL_aSM2,
 		SSL_SM4,
 		SSL_SM3,
 		SSL_GMV1,
@@ -252,7 +323,7 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
 		128,
 		128,
 	},
-
+#endif
 	/* Cipher 11 */
 	{
 		1,
@@ -274,8 +345,8 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
 		1,
 		GM1_TXT_RSA_SM4_SHA1,
 		GM1_CK_RSA_SM4_SHA1,
-		SSL_kEECDH,	/* ephemeral ECDH key exchange algorithm bits */
-		SSL_aSM2,	/* auth algor bits */
+		SSL_kEECDH,
+		SSL_aSM2,
 		SSL_SM4,
 		SSL_SM3,
 		SSL_GMV1,
@@ -285,5 +356,52 @@ OPENSSL_GLOBAL SSL_CIPHER gm1_ciphers[] = {
 		128,
 	},
 
+	/* Cipher 13 (GmSSL specific) */
+	{
+		1,
+		GM1_TXT_ECDHE_SM2_SM4_SM3,
+		GM1_CK_ECDHE_SM2_SM4_SM3,
+		SSL_kEECDH,
+		SSL_aSM2,
+		SSL_SM4,
+		SSL_SM3,
+		SSL_GMV1,
+		SSL_NOT_EXP|SSL_HIGH,
+		SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+		128,
+		128,
+	},
+
+	/* Cipher 14, (GmSSL Specific) */
+	{
+		1,
+		GM1_TXT_SM2_SM4_SM3,
+		GM1_CK_SM2_SM4_SM3,
+		SSL_kSM2,
+		SSL_aSM2,
+		SSL_SM4,
+		SSL_SM3,
+		SSL_GMV1,
+		SSL_NOT_EXP|SSL_HIGH,
+		SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+		128,
+		128,
+	}
+
 };
 
+int gm1_num_ciphers(void)
+{
+	return GM1_NUM_CIPHERS;
+}
+
+const SSL_CIPHER *gm1_get_cipher(unsigned int u)
+{
+	if (u < GM1_NUM_CIPHERS)
+		return (&(gm1_ciphers[GM1_NUM_CIPHERS - 1 - u]));
+	else
+		return NULL;
+}
+
+
+
diff --git a/ssl/gm_meth.c b/ssl/gm_meth.c
index df9c47b9..d2f9b5cc 100644
--- a/ssl/gm_meth.c
+++ b/ssl/gm_meth.c
@@ -54,19 +54,17 @@
 #include <stdio.h>
 #include <openssl/objects.h>
 #include "ssl_locl.h"
-#include <openssl/gmssl.h>
+#include <openssl/gmssl1.h>
 
-static const SSL_METHOD *gmssl_get_method(int ver)
+static const SSL_METHOD *gm1_get_method(int ver)
 {
-	if (ver == GMSSL1_1_VERSION) {
-		return GMSSLv1_1_method();
+	if (ver == GM1_VERSION) {
+		return GMSSLv1_method();
 	}
 	return NULL;
 }
 
-IMPLEMENT_gmssl_meth_func(GMSSL1_1_VERSION, GMSSLv1_1_method,
-                        ssl3_accept,
-                        ssl3_connect,
-                        gmssl_get_method, GMSSLv1_1_enc_data)
-
+IMPLEMENT_gm1_meth_func(GMSSLv1_method,
+			ssl3_accept,ssl3_connect,
+			gm1_get_method)
 
diff --git a/ssl/gm_srvr.c b/ssl/gm_srvr.c
index c28ba303..f2a15c23 100644
--- a/ssl/gm_srvr.c
+++ b/ssl/gm_srvr.c
@@ -57,57 +57,17 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include <openssl/gmssl.h>
+#include <openssl/gmssl1.h>
 
-static const SSL_METHOD *gmssl_get_server_method(int ver)
+static const SSL_METHOD *gm1_get_server_method(int ver)
 {
-	if (ver == GMSSL1_1_VERSION) {
-		return GMSSLv1_1_server_method();
+	if (ver == GM1_VERSION) {
+		return GMSSLv1_server_method();
 	}
 	return NULL;
 }
 
-IMPLEMENT_gmssl_meth_func(GMSSL1_1_VERSION, GMSSLv1_1_server_method,
-                        ssl3_accept,
-                        ssl_undefined_function,
-                        gmssl_get_server_method, GMSSLv1_1_enc_data)
+IMPLEMENT_gm1_meth_func(GMSSLv1_server_method,
+			ssl3_accept,ssl_undefined_function,
+			gm1_get_server_method)
 
-int gm1_send_server_certificate(SSL *s)
-{
-
-    CERT_PKEY *cpk;
-
-    if (s->state == SSL3_ST_SW_CERT_A) {
-        cpk = ssl_get_server_send_pkey(s);
-        if (cpk == NULL) {
-            /* VRS: allow null cert if auth == KRB5 */
-            if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
-                (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
-                       ERR_R_INTERNAL_ERROR);
-                s->state = SSL_ST_ERR;
-                return (0);
-            }
-        }
-
-        if (!ssl3_output_cert_chain(s, cpk)) {
-            SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-            s->state = SSL_ST_ERR;
-            return (0);
-        }
-        s->state = SSL3_ST_SW_CERT_B;
-    }
-
-    /* SSL3_ST_SW_CERT_B */
-    return ssl_do_write(s);
-}
-
-/*
-
-s3_srvr.c:s3_send_server_certificate
-	ssl_get_server_send_pkey
-	ssl3_output_cert_chain
-		ssl_add_cert_chain
-		ssl_set_handshake_header
-	ssl_do_write
-*/
diff --git a/ssl/gmssl.h b/ssl/gmssl1.h
similarity index 71%
rename from ssl/gmssl.h
rename to ssl/gmssl1.h
index b57f9ddc..e23de2db 100644
--- a/ssl/gmssl.h
+++ b/ssl/gmssl1.h
@@ -58,13 +58,15 @@
 extern "C" {
 #endif
 
-
+#if 0
 #define GM1_VERSION		0x0101
 #define GM1_VERSION_MAJOR	0x01
 #define GM1_VERSION_MINOR	0x01
-
-#define GMSSL1_1_VERSION	0x0101
-
+#else
+#define GM1_VERSION		0x0401
+#define GM1_VERSION_MAJOR	0x04
+#define GM1_VERSION_MINOR	0x01
+#endif
 
 #define GM1_get_version(s) \
 	((s->version >> 8) == GM1_VERSION_MAJOR ? s->version : 0)
@@ -74,31 +76,39 @@ extern "C" {
 
 
 /* from GM/T 0024-2014 Table 2 */
-#define GM1_CK_ECDHE_SM1_SM3	0x0300E001
-#define GM1_CK_ECC_SM1_SM3	0x0300E003
-#define GM1_CK_IBSDH_SM1_SM3	0x0300E005
-#define GM1_CK_IBC_SM1_SM3	0x0300E007
-#define GM1_CK_RSA_SM1_SM3	0x0300E009
-#define GM1_CK_RSA_SM1_SHA1	0x0300E00A
-#define GM1_CK_ECDHE_SM4_SM3	0x0300E011
-#define GM1_CK_ECC_SM4_SM3	0x0300E013
-#define GM1_CK_IBSDH_SM4_SM3	0x0300E015
-#define GM1_CK_IBC_SM4_SM3	0x0300E017
-#define GM1_CK_RSA_SM4_SM3	0x0300E019
-#define GM1_CK_RSA_SM4_SHA1	0x0300E01A
+#define GM1_CK_ECDHE_SM1_SM3		0x0300E001
+#define GM1_CK_ECC_SM1_SM3		0x0300E003
+#define GM1_CK_IBSDH_SM1_SM3		0x0300E005
+#define GM1_CK_IBC_SM1_SM3		0x0300E007
+#define GM1_CK_RSA_SM1_SM3		0x0300E009
+#define GM1_CK_RSA_SM1_SHA1		0x0300E00A
+#define GM1_CK_ECDHE_SM4_SM3		0x0300E011
+#define GM1_CK_ECC_SM4_SM3		0x0300E013
+#define GM1_CK_IBSDH_SM4_SM3		0x0300E015
+#define GM1_CK_IBC_SM4_SM3		0x0300E017
+#define GM1_CK_RSA_SM4_SM3		0x0300E019
+#define GM1_CK_RSA_SM4_SHA1		0x0300E01A
+/* GmSSL specific */
+#define GM1_CK_ECDHE_SM2_SM4_SM3 	0x0300E031
+#define GM1_CK_SM2_SM4_SM3		0x0300E033
+
+
+#define GM1_TXT_ECDHE_SM1_SM3		"ECDHE-SM1-SM3"
+#define GM1_TXT_ECC_SM1_SM3		"ECC-SM1-SM3"
+#define GM1_TXT_IBSDH_SM1_SM3		"IBSDH-SM1-SM3"
+#define GM1_TXT_IBC_SM1_SM3		"IBC-SM1-SM3"
+#define GM1_TXT_RSA_SM1_SM3		"RSA-SM1-SM3"
+#define GM1_TXT_RSA_SM1_SHA1		"RSA-SM1-SHA1"
+#define GM1_TXT_ECDHE_SM4_SM3		"ECDHE-SM4-SM3"
+#define GM1_TXT_ECC_SM4_SM3		"ECC-SM4-SM3"
+#define GM1_TXT_IBSDH_SM4_SM3		"IBSDH-SM4-SM3"
+#define GM1_TXT_IBC_SM4_SM3		"IBC-SM4-SM3"
+#define GM1_TXT_RSA_SM4_SM3		"RSA-SM4-SM3"
+#define GM1_TXT_RSA_SM4_SHA1		"RSA-SM4-SHA1"
+/* GmSSL specific */
+#define GM1_TXT_ECDHE_SM2_SM4_SM3	"ECDHE-SM2-SM4-SM3"
+#define GM1_TXT_SM2_SM4_SM3		"SM2-SM4-SM3"
 
-#define GM1_TXT_ECDHE_SM1_SM3	"ECDHE-SM1-SM3"
-#define GM1_TXT_ECC_SM1_SM3	"ECC-SM1-SM3"
-#define GM1_TXT_IBSDH_SM1_SM3	"IBSDH-SM1-SM3"
-#define GM1_TXT_IBC_SM1_SM3	"IBC-SM1-SM3"
-#define GM1_TXT_RSA_SM1_SM3	"RSA-SM1-SM3"
-#define GM1_TXT_RSA_SM1_SHA1	"RSA-SM1-SHA1"
-#define GM1_TXT_ECDHE_SM4_SM3	"ECDHE-SM4-SM3"
-#define GM1_TXT_ECC_SM4_SM3	"ECC-SM4-SM3"
-#define GM1_TXT_IBSDH_SM4_SM3	"IBSDH-SM4-SM3"
-#define GM1_TXT_IBC_SM4_SM3	"IBC-SM4-SM3"
-#define GM1_TXT_RSA_SM4_SM3	"RSA-SM4-SM3"
-#define GM1_TXT_RSA_SM4_SHA1	"RSA-SM4-SHA1"
 
 /* from GM/T 0024-2014 Table 1 */
 #define GM1_AD_UNSUPPORTED_SITE2SITE	200 /* fatal */
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 6af145a8..b3977a9a 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1356,6 +1356,7 @@ int ssl3_get_server_certificate(SSL *s)
     return (ret);
 }
 
+//TODO: GMSSL modified server_send_key_exchange, so we need to check client_get_...
 int ssl3_get_key_exchange(SSL *s)
 {
 #ifndef OPENSSL_NO_RSA
@@ -2477,6 +2478,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 
             q = p;
             /* Fix buf for TLS and beyond */
+//TODO: GMSSL version problem?
             if (s->version > SSL3_VERSION)
                 p += 2;
             n = RSA_public_encrypt(sizeof tmp_buf,
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 71940331..c783f763 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1699,10 +1699,9 @@ struct ssl_st {
 # include <openssl/dtls1.h>     /* Datagram TLS */
 # include <openssl/ssl23.h>
 # include <openssl/srtp.h>      /* Support for the use_srtp extension */
-
-#ifndef OPENSSL_NO_GMSSL
-#include <openssl/gmssl.h>
-#endif
+# ifndef OPENSSL_NO_GMSSL
+# include <openssl/gmssl1.h>
+# endif
 
 
 #ifdef  __cplusplus
@@ -2393,6 +2392,12 @@ const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
 const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
 const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
 
+#ifndef OPENSSL_NO_GMSSL
+const SSL_METHOD *GMSSLv1_method(void);
+const SSL_METHOD *GMSSLv1_server_method(void);
+const SSL_METHOD *GMSSLv1_client_method(void);
+#endif
+
 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
 
 int SSL_do_handshake(SSL *s);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index cddc7cf1..5805ab5a 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -232,7 +232,7 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
     SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
     SSL_HANDSHAKE_MAC_SHA384,
 #ifndef OPENSSL_NO_GMSSL
-    SSL_HANDSHAKE_MAC_SM3
+    SSL_HANDSHAKE_MAC_SM3,
 #endif
 };
 
@@ -485,8 +485,7 @@ void ssl_load_ciphers(void)
 #ifndef OPENSSL_NO_GMSSL
     ssl_cipher_methods[SSL_ENC_SM4_IDX] = EVP_get_cipherbyname(SN_sms4_cbc);
     ssl_digest_methods[SSL_MD_SM3_IDX] = EVP_get_digestbyname(SN_sm3);
-    ssl_mac_secret_size[SSL_MD_SM3_IDX] =
-        EVP_MD_size(ssl_digest_methods[SSL_MD_SM3_IDX]);
+    ssl_mac_secret_size[SSL_MD_SM3_IDX] = EVP_MD_size(ssl_digest_methods[SSL_MD_SM3_IDX]);
 #endif
 }
 
@@ -1746,6 +1745,10 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         ver = "SSLv3";
     else if (alg_ssl & SSL_TLSV1_2)
         ver = "TLSv1.2";
+#ifndef OPENSSL_NO_GMSSL
+	else if (alg_ssl & SSL_GMV1)
+		ver = "GMSSLv1.1";
+#endif
     else
         ver = "unknown";
 
@@ -1783,6 +1786,23 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
     case SSL_kGOST:
         kx = "GOST";
         break;
+#ifndef OPENSSL_NO_GMSSL
+    case SSL_kECDHE2:
+        kx = "ECDHE2";
+        break;
+    case SSL_kECC:
+        kx = "ECC";
+        break;
+    case SSL_kIBSDH:
+        kx = "IBSDH";
+        break;
+    case SSL_kIBC:
+        kx = "GOST";
+        break;
+    case SSL_kSM2:
+        kx = "SM2";
+        break;
+#endif
     default:
         kx = "unknown";
     }
@@ -1821,6 +1841,11 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
     case SSL_aGOST01:
         au = "GOST01";
         break;
+#ifndef OPENSSL_NO_GMSSL
+    case SSL_aSM2:
+        au = "SM2";
+        break;
+#endif
     default:
         au = "unknown";
         break;
@@ -1903,9 +1928,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         mac = "GOST94";
         break;
 #ifndef OPENSSL_NO_GMSSL
-	case SSL_SM3:
-		mac = "SM3";
-		break;
+    case SSL_SM3:
+        mac = "SM3";
+        break;
 #endif
     default:
         mac = "unknown";
@@ -1942,8 +1967,8 @@ char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
     else if (i == 2)
         return ("SSLv2");
 #ifndef OPENSSL_NO_GMSSL
-	else if (i == 1)
-		return ("GMSSLv1");
+    else if (i == 1)
+        return ("GMSSLv1");
 #endif
     else
         return ("unknown");
@@ -2085,6 +2110,7 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp)
 }
 #endif
 /* For a cipher return the index corresponding to the certificate type */
+//FIXME: GMSSL: do we need change this?
 int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
 {
     unsigned long alg_k, alg_a;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c0931e78..6db022c1 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -263,6 +263,7 @@ int SSL_clear(SSL *s)
 }
 
 /** Used to change an SSL_CTXs default SSL method type */
+//TODO: GMSSL
 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
 {
     STACK_OF(SSL_CIPHER) *sk;
@@ -874,6 +875,7 @@ int SSL_pending(const SSL *s)
     return (s->method->ssl_pending(s));
 }
 
+//FIXME: GMSSL: do we need more API for GMSSLv1.1?
 X509 *SSL_get_peer_certificate(const SSL *s)
 {
     X509 *r;
@@ -891,6 +893,7 @@ X509 *SSL_get_peer_certificate(const SSL *s)
     return (r);
 }
 
+//FIXME: GMSSL: do we need more API for GMSSLv1.1?
 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
 {
     STACK_OF(X509) *r;
@@ -941,6 +944,7 @@ void SSL_copy_session_id(SSL *t, const SSL *f)
 }
 
 /* Fix this so it checks all the valid key/cert options */
+//FIXME: GMSSL: do we need more API for GMSSLv1.1?
 int SSL_CTX_check_private_key(const SSL_CTX *ctx)
 {
     if ((ctx == NULL) ||
@@ -959,6 +963,7 @@ int SSL_CTX_check_private_key(const SSL_CTX *ctx)
 }
 
 /* Fix this function so that it takes an optional type parameter */
+//FIXME: GMSSL: do we need more API for GMSSLv1.1?
 int SSL_check_private_key(const SSL *ssl)
 {
     if (ssl == NULL) {
@@ -1095,6 +1100,7 @@ int SSL_renegotiate_pending(SSL *s)
     return (s->renegotiate != 0);
 }
 
+//FIXME: GMSSL: add GMSSLv1.1 specific functions here?
 long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
 {
     long l;
@@ -1173,6 +1179,8 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
     return ctx->sessions;
 }
 
+//FIXME: GMSSL: add GMSSLv1.1 specific functions here?
+//The double cert should be added here, we might add the extra cert
 long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 {
     long l;
@@ -2842,6 +2850,10 @@ const char *SSL_get_version(const SSL *s)
         return ("DTLSv1");
     else if (s->version == DTLS1_2_VERSION)
         return ("DTLSv1.2");
+#ifndef OPENSSL_NO_GMSSL
+    else if (s->version == GM1_VERSION)
+        return ("GMSSLv1.1");
+#endif
     else
         return ("unknown");
 }
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 9c694de3..01a6a876 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -311,9 +311,21 @@
 /* PSK */
 # define SSL_kPSK                0x00000100L
 /* GOST key exchange */
-# define SSL_kGOST       0x00000200L
+# define SSL_kGOST               0x00000200L
 /* SRP */
-# define SSL_kSRP        0x00000400L
+# define SSL_kSRP                0x00000400L
+# ifndef OPENSSL_NO_GMSSL
+/* GM/T 0024 ECDHE */
+# define SSL_kECDHE2             0x00000800L
+/* GM/T 0024 ECC */
+# define SSL_kECC                0x00001000L
+/* GM/T 0024 IBSDH */
+# define SSL_kIBSDH              0x00002000L
+/* GM/T 0024 IBC */
+# define SSL_kIBC                0x00004000L
+/* sm2encrypt cert */
+# define SSL_kSM2                0x00008000L
+# endif
 
 /* Bits for algorithm_auth (server authentication) */
 /* RSA auth */
@@ -333,11 +345,16 @@
 /* PSK auth */
 # define SSL_aPSK                0x00000080L
 /* GOST R 34.10-94 signature auth */
-# define SSL_aGOST94                             0x00000100L
+# define SSL_aGOST94             0x00000100L
 /* GOST R 34.10-2001 signature auth */
-# define SSL_aGOST01                     0x00000200L
+# define SSL_aGOST01             0x00000200L
 /* SRP auth */
 # define SSL_aSRP                0x00000400L
+# ifndef OPENSSL_NO_GMSSL
+/* GM/T 0024 ECDHE, ECC, IBSDH, IBC */
+# define SSL_aSM2                0x00000800L
+# endif
+
 
 /* Bits for algorithm_enc (symmetric encryption) */
 # define SSL_DES                 0x00000001L
@@ -355,7 +372,8 @@
 # define SSL_AES128GCM           0x00001000L
 # define SSL_AES256GCM           0x00002000L
 # ifndef OPENSSL_NO_GMSSL
-#  define SSL_SM4                0x00004000L
+# define SSL_SM4                 0x00004000L
+# define SSL_SM1                 0x00008000L
 # endif
 
 # define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
@@ -372,7 +390,7 @@
 /* Not a real MAC, just an indication it is part of cipher */
 # define SSL_AEAD                0x00000040L
 # ifndef OPENSSL_NO_GMSSL
-#  define SSL_SM3                 0x00000080L
+# define SSL_SM3                 0x00000080L
 # endif
 
 /* Bits for algorithm_ssl (protocol version) */
@@ -381,7 +399,7 @@
 # define SSL_TLSV1               SSL_SSLV3/* for now */
 # define SSL_TLSV1_2             0x00000004UL
 # ifndef OPENSSL_NO_GMSSL
-// #define SSL_GMV1              0x00000008UL
+# define SSL_GMV1                0x00000008UL
 # endif
 
 /* Bits for algorithm2 (handshake digests and other extra flags) */
@@ -391,9 +409,9 @@
 # define SSL_HANDSHAKE_MAC_GOST94 0x40
 # define SSL_HANDSHAKE_MAC_SHA256 0x80
 # define SSL_HANDSHAKE_MAC_SHA384 0x100
-#ifndef OPENSSL_NO_GMSSL
+# ifndef OPENSSL_NO_GMSSL
 # define SSL_HANDSHAKE_MAC_SM3 0x200
-#endif
+# endif
 # define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
 
 /*
@@ -516,7 +534,12 @@
 # define SSL_PKEY_ECC            5
 # define SSL_PKEY_GOST94         6
 # define SSL_PKEY_GOST01         7
+# ifndef OPENSSL_NO_GMSSL
+# define SSL_PKEY_SM9            8
+# define SSL_PKEY_NUM            9
+# else
 # define SSL_PKEY_NUM            8
+# endif
 
 /*-
  * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
@@ -863,14 +886,17 @@ extern SSL3_ENC_METHOD TLSv1_2_enc_data;
 extern SSL3_ENC_METHOD SSLv3_enc_data;
 extern SSL3_ENC_METHOD DTLSv1_enc_data;
 extern SSL3_ENC_METHOD DTLSv1_2_enc_data;
+# ifndef OPENSSL_NO_GMSSL
+extern SSL3_ENC_METHOD GMSSLv1_enc_data;
+# endif
 
-#ifndef OPENSSL_NO_GMSSL
-#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
-                                s_get_meth, enc_data) \
+# ifndef OPENSSL_NO_GMSSL
+# define IMPLEMENT_gm1_meth_func(func_name, s_accept, s_connect, \
+                                 s_get_meth) \
 const SSL_METHOD *func_name(void)  \
         { \
         static const SSL_METHOD func_name##_data= { \
-                version, \
+                GM1_VERSION, \
                 tls1_new, \
                 tls1_clear, \
                 tls1_free, \
@@ -891,18 +917,18 @@ const SSL_METHOD *func_name(void)  \
                 ssl3_get_cipher_by_char, \
                 ssl3_put_cipher_by_char, \
                 ssl3_pending, \
-                ssl3_num_ciphers, \
-                ssl3_get_cipher, \
+                gm1_num_ciphers, \
+                gm1_get_cipher, \
                 s_get_meth, \
                 tls1_default_timeout, \
-                &enc_data, \
+                &GMSSLv1_enc_data, \
                 ssl_undefined_void_function, \
                 ssl3_callback_ctrl, \
                 ssl3_ctx_callback_ctrl, \
         }; \
         return &func_name##_data; \
         }
-#endif
+# endif /* GMSSL */
 
 # define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
                                 s_get_meth, enc_data) \
@@ -1359,6 +1385,11 @@ void tls1_clear(SSL *s);
 long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
 long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
 
+# ifndef OPENSSL_NO_GMSSL
+int gm1_num_ciphers(void);
+const SSL_CIPHER *gm1_get_cipher(unsigned int u);
+# endif
+
 int dtls1_new(SSL *s);
 int dtls1_accept(SSL *s);
 int dtls1_connect(SSL *s);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index acdd9957..8d908202 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -448,8 +448,8 @@ int ssl_get_new_session(SSL *s, int session)
             ss->ssl_version = DTLS1_2_VERSION;
             ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
 #ifndef OPENSSL_NO_GMSSL
-        } else if (s->version == GMSSL1_1_VERSION) {
-            ss->ssl_version = GMSSL1_1_VERSION;
+        } else if (s->version == GM1_VERSION) {
+            ss->ssl_version = GM1_VERSION;
             ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
 #endif
         } else {
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index 9a8a93ae..7045e5f4 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -129,7 +129,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
     else if (x->ssl_version == DTLS1_BAD_VER)
         s = "DTLSv1-bad";
 #ifndef OPENSSL_NO_GMSSL
-    else if (x->ssl_version == GMSSL1_1_VERSION)
+    else if (x->ssl_version == GM1_VERSION)
         s = "GMSSLv1.1";
 #endif
     else
diff --git a/test/otptest.c b/test/otptest.c
new file mode 120000
index 00000000..415201b3
--- /dev/null
+++ b/test/otptest.c
@@ -0,0 +1 @@
+../crypto/otp/otptest.c
\ No newline at end of file
diff --git a/test/p.zuc.cipher b/test/p.zuc.cipher
index cbfaede9cb19836d85ae0de1308f560be315479c..492361f2f0952e29f5c7de5ea40488b6abcedfad 100644
GIT binary patch
literal 1036
zcmWGe%qdAtiH{HdwSSR;T3g2b-Wew6`WR~(r|lLz7cpBz>f0sV&Y)9=&-IlnXU5q0
zTTVZB+5Tij!-Rwb3<v8O7%tcx1k(ZcAbf>H2%TUH5q|&`-vAZ=02ME|4^cO2A9cg?
TL&E`v(J-ZMn9@5u2PzH$p2xYW

literal 1036
zcmWGe%qdAtiH|Rz_d+pyy5!kirjz1gXNUP{i|f{8{4}>(etL>S#PxNTV`oSGNPaGp
zsTQ^D1>@PGeG6<HH?FK_U{JW{0H!}AKxhM7i1-Gmcta9I`~Xzk;Xah#0HH_iqi%Qx
T*g0+-4O8ldDZRsUpyCh!&bqj0

diff --git a/test/p.zuc.clear b/test/p.zuc.clear
index 145bd1b68f24afad093b95e0e86b511b81df3d68..fffb0991efee8b2143a2919621d918e2d7594829 100644
GIT binary patch
literal 1016
zcmccLJHzB$A7f49wB3T|B4&$7eY>RF8FcFKxxRAc%orPg%jxGX+n=mxn2_KQaJQa;
z;ew4Lm=3rH;VUFU=mcAc_yef;2B`Q4sCdDBh`J9A5W2w*qMqRagnuCkLJQbK#3um7
a?~l5TVYr1GC=CtP^agU<V0Rz2!VUmQ)0uq$

literal 1016
zcmdmGIw>x8c9@U0xNc3xPjjo~r>8hXTwixNc6QW{<mWP(YEjExFrF>ix4_0RctSk`
zgTg%rF#RC`LL1mZ#5X|28<HU62cY5(_o4g-2pwPtQGWp{9?%F8e*hIvcmU-C#dnRm
Yjp4vB3pY?28m#FJ<hH@?K5B&>0G-c(00000