add CBC-MAC and GM OTP, not tested

2026-06-26 15:13:41 +08:00 · 2016-05-15 20:21:51 +02:00
parent 8c0439e7d6
commit 60d14da0cc
81 changed files with 2789 additions and 1401 deletions
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -100,9 +100,6 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_DH
    &dhx_asn1_meth,
 #endif
-#ifndef OPENSSL_NO_SM2
-    &sm2_asn1_meth,
-#endif
 };

 typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
--- a/crypto/cbcmac/Makefile
+++ b/crypto/cbcmac/Makefile
@@ -17,8 +17,8 @@ TEST=
 APPS=

 LIB=$(TOP)/libcrypto.a
-LIBSRC=cbcmac.c cbcmac_ameth.c cbcmac_pmeth.c
-LIBOBJ=cbcmac.o cbcmac_ameth.o cbcmac_pmeth.o
+LIBSRC=cbcmac.c cbcm_ameth.c cbcm_pmeth.c
+LIBOBJ=cbcmac.o cbcm_ameth.o cbcm_pmeth.o

 SRC= $(LIBSRC)

--- a/crypto/cbcmac/cbcm_ameth.c
+++ b/crypto/cbcmac/cbcm_ameth.c
@@ -0,0 +1,142 @@
+/* crypto/cbcmac/cbcm_ameth.c */
+/* ====================================================================
+ * Copyright (c) 2015-2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2010.
+ */
+/* ====================================================================
+ * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/cbcmac.h>
+#include "asn1_locl.h"
+
+
+static int cbcmac_size(const EVP_PKEY *pkey)
+{
+    return EVP_MAX_BLOCK_LENGTH;
+}
+
+static void cbcmac_key_free(EVP_PKEY *pkey)
+{
+    CBCMAC_CTX *cmctx = (CBCMAC_CTX *)pkey->pkey.ptr;
+    if (cmctx)
+        CBCMAC_CTX_free(cmctx);
+}
+
+const EVP_PKEY_ASN1_METHOD cbcmac_asn1_meth = {
+    EVP_PKEY_CBCMAC,
+    EVP_PKEY_CBCMAC,
+    0,
+
+    "CBCMAC",
+    "GmSSL CBCMAC method",
+
+    0, 0, 0, 0,
+
+    0, 0, 0,
+
+    cbcmac_size,
+    0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    cbcmac_key_free,
+    0,
+    0, 0
+};
--- a/crypto/cbcmac/cbcm_pmeth.c
+++ b/crypto/cbcmac/cbcm_pmeth.c
@@ -0,0 +1,264 @@
+/* crypto/cbcmac/cbcm_pmeth.c */
+/* ====================================================================
+ * Copyright (c) 2015-2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2010.
+ */
+/* ====================================================================
+ * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/cbcmac.h>
+#include "evp_locl.h"
+
+static int pkey_cbcmac_init(EVP_PKEY_CTX *ctx)
+{
+    ctx->data = CBCMAC_CTX_new();
+    if (!ctx->data)
+        return 0;
+    ctx->keygen_info_count = 0;
+    return 1;
+}
+
+static int pkey_cbcmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    if (!pkey_cbcmac_init(dst))
+        return 0;
+    if (!CBCMAC_CTX_copy(dst->data, src->data))
+        return 0;
+    return 1;
+}
+
+static void pkey_cbcmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    CBCMAC_CTX_free(ctx->data);
+}
+
+static int pkey_cbcmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    CBCMAC_CTX *cmkey = CBCMAC_CTX_new();
+    CBCMAC_CTX *cmctx = ctx->data;
+    if (!cmkey)
+        return 0;
+    if (!CBCMAC_CTX_copy(cmkey, cmctx)) {
+        CBCMAC_CTX_free(cmkey);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, EVP_PKEY_CBCMAC, cmkey);
+
+    return 1;
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    if (!CBCMAC_Update(ctx->pctx->data, data, count))
+        return 0;
+    return 1;
+}
+
+static int cbcmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    mctx->update = int_update;
+    return 1;
+}
+
+static int cbcmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        EVP_MD_CTX *mctx)
+{
+    return CBCMAC_Final(ctx->data, sig, siglen);
+}
+
+static int pkey_cbcmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    CBCMAC_CTX *cmctx = ctx->data;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if (!p2 || p1 < 0)
+            return 0;
+        if (!CMAC_Init(cmctx, p2, p1, NULL, NULL))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_CIPHER:
+        if (!CBCMAC_Init(cmctx, NULL, 0, p2, ctx->engine))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        if (ctx->pkey && !CBCMAC_CTX_copy(ctx->data,
+                                        (CBCMAC_CTX *)ctx->pkey->pkey.ptr))
+            return 0;
+        if (!CBCMAC_Init(cmctx, NULL, 0, NULL, NULL))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_cbcmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (!strcmp(type, "key")) {
+        void *p = (void *)value;
+        return pkey_cbcmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, strlen(p), p);
+    }
+    if (!strcmp(type, "cipher")) {
+        const EVP_CIPHER *c;
+        c = EVP_get_cipherbyname(value);
+        if (!c)
+            return 0;
+        return pkey_cbcmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c);
+    }
+    if (!strcmp(type, "hexkey")) {
+        unsigned char *key;
+        int r;
+        long keylen;
+        key = string_to_hex(value, &keylen);
+        if (!key)
+            return 0;
+        r = pkey_cbcmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
+        OPENSSL_free(key);
+        return r;
+    }
+    return -2;
+}
+
+const EVP_PKEY_METHOD cbcmac_pkey_meth = {
+    EVP_PKEY_CBCMAC,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    pkey_cbcmac_init,
+    pkey_cbcmac_copy,
+    pkey_cbcmac_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_cbcmac_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    cbcmac_signctx_init,
+    cbcmac_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_cbcmac_ctrl,
+    pkey_cbcmac_ctrl_str
+};
--- a/crypto/cbcmac/cbcmac.c
+++ b/crypto/cbcmac/cbcmac.c
@@ -1,19 +1,22 @@
 #include <stdio.h>
-
-
+#include <stdlib.h>
+#include <strings.h>
+#include <openssl/evp.h>
+#include <openssl/cbcmac.h>

 struct CBCMAC_CTX_st {
 	EVP_CIPHER_CTX cipher_ctx;
-	unsigned char block[EVP_MAX_BLOCK_LENGTH];
-	unsigned char tmp_block[EVP_MAX_BLOCK_LENGTH];	
+	unsigned char cbcstate[EVP_MAX_BLOCK_LENGTH];
+	unsigned char workspace[EVP_MAX_BLOCK_LENGTH];
+	int worklen;
 };


-CBCMAC *CBCMAC_CTX_new(void)
+CBCMAC_CTX *CBCMAC_CTX_new(void)
 {
 	CBCMAC_CTX *ret;

-	if (!(ret = OPENSSL_malloc(*ret))) {
+	if (!(ret = OPENSSL_malloc(sizeof(*ret)))) {
 		return NULL;
 	}

@@ -25,8 +28,8 @@ CBCMAC *CBCMAC_CTX_new(void)
 void CBCMAC_CTX_cleanup(CBCMAC_CTX *ctx)
 {
 	EVP_CIPHER_CTX_cleanup(&ctx->cipher_ctx);
-	OPENSSL_cleanse(ctx->block, EVP_MAX_BLOCK_LENGTH);
-	OPENSSL_cleanse(ctx->tmp_block, EVP_MAX_BLOCK_LENGTH);
+	OPENSSL_cleanse(ctx->cbcstate, EVP_MAX_BLOCK_LENGTH);
+	OPENSSL_cleanse(ctx->workspace, EVP_MAX_BLOCK_LENGTH);
 }

 EVP_CIPHER_CTX *CBCMAC_CTX_get0_cipher_ctx(CBCMAC_CTX *ctx)
@@ -48,18 +51,90 @@ int CBCMAC_CTX_copy(CBCMAC_CTX *to, const CBCMAC_CTX *from)
 }

 int CBCMAC_Init(CBCMAC_CTX *ctx, const void *key, size_t keylen,
-	const EVP_CIPHER *cipher, ENGINE *impl)
+	const EVP_CIPHER *cipher, ENGINE *eng)
 {
+	int i, block_size;
+	
+	if (!EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, key, NULL, eng)) {
+		return 0;
+	}
+	if (EVP_CIPHER_CTX_mode(&ctx->cipher_ctx) != EVP_CIPH_ECB_MODE) {
+		return 0;
+	}
+	ctx->worklen = 0;
+	block_size = EVP_CIPHER_CTX_block_size(&ctx->cipher_ctx);
+	bzero(ctx->cbcstate, block_size);
 	return 0;
 }

 int CBCMAC_Update(CBCMAC_CTX *ctx, const void *data, size_t datalen)
 {
+	int block_size;
+	int i, n, len;
+	const unsigned char *in = (const unsigned char *)data;
+
+	block_size = EVP_CIPHER_CTX_block_size(&ctx->cipher_ctx);
+
+	
+	if (ctx->worklen) {
+		n = block_size - ctx->worklen;
+		if (datalen < n) {
+			for (i = 0; i < datalen; i++) {
+				ctx->workspace[ctx->worklen + i] = in[i];
+			}
+			ctx->worklen += datalen;
+			return 0;
+		} else {
+			for (i = 0; i < n; i++) {
+				ctx->workspace[ctx->worklen + i] = in[i] ^ ctx->cbcstate[i];
+			}
+			if (!EVP_EncryptUpdate(&ctx->cipher_ctx, ctx->cbcstate, &len,
+				ctx->workspace, block_size)) {
+				return 0;
+			}
+		}
+
+		while (n < datalen) {
+			for (i = 0; i < block_size; i++) {
+				ctx->workspace[i] = in[n + i] ^ ctx->cbcstate[i];
+			}
+			n += block_size;
+		
+			if (!EVP_EncryptUpdate(&ctx->cipher_ctx, ctx->cbcstate, &len,
+				ctx->workspace, block_size)) {
+				return 0;
+			}
+		}
+
+		ctx->worklen = datalen - n;
+		
+		for (i = 0; i < ctx->worklen; i++) {
+			ctx->workspace[i] = in[n + i];
+		}
+
+	}
+
+
 	return 0;
 }

 int CBCMAC_Final(CBCMAC_CTX *ctx, unsigned char *out, size_t *outlen)
 {
+	int i;
+	int block_size = EVP_CIPHER_CTX_block_size(&(ctx->cipher_ctx));
+
+	if (ctx->worklen) {
+		for (i = ctx->worklen; i < block_size; i++) {
+			ctx->workspace[i] = ctx->cbcstate[i];
+		}
+		EVP_EncryptUpdate(&(ctx->cipher_ctx), out, outlen, ctx->workspace, block_size);
+
+	} else {
+		for (i = 0; i < block_size; i++) {
+			out[i] = ctx->cbcstate[i];
+		}
+	}
+
 	return 0;
 }

--- a/crypto/cpk/cpk_asn1.c
+++ b/crypto/cpk/cpk_asn1.c
@@ -89,7 +89,7 @@ int i2d_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS *params) {
 	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CPK_PUBLIC_PARAMS), bp, params);
 }

-
+#if 0

 /* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
 ASN1_ADB_TEMPLATE(cpkcmsdefault) = ASN1_EXP_OPT(CPK_CMS, d.other, ASN1_ANY, 0);
@@ -172,4 +172,4 @@ ASN1_NDEF_SEQUENCE(CPK_SIGN_ENVELOPE) = {
 	ASN1_SET_OF(CPK_SIGN_ENVELOPE, signer_infos, CPK_SIGNER_INFO)
 } ASN1_NDEF_SEQUENCE_END(CPK_SIGN_ENVELOPE)
 IMPLEMENT_ASN1_FUNCTIONS(CPK_SIGN_ENVELOPE)
-
+#endif
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -1004,6 +1004,42 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
                                EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
                                EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL)

+# ifndef OPENSSL_NO_GMSSL
+# define EVP_PKEY_CTX_set_ec_sign_type(ctx, type) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_SIGN|EVP_PKEY_OP_SIGNCTX| \
+				EVP_PKEY_OP_VERIFY|EVP_PKEY_OP_VERIFYCTX, \
+                                EVP_PKEY_CTRL_EC_SIGN_TYPE, type, NULL)
+
+# define EVP_PKEY_CTX_get_ec_sign_type(ctx) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_SIGN|EVP_PKEY_OP_SIGNCTX| \
+				EVP_PKEY_OP_VERIFY|EVP_PKEY_OP_VERIFYCTX, \
+                                EVP_PKEY_CTRL_EC_SIGN_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set_ec_enc_type(ctx, type) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_ENCRYPT|EVP_PKEY_OP_DECRYPT, \
+                                EVP_PKEY_CTRL_EC_ENC_TYPE, type, NULL)
+
+# define EVP_PKEY_CTX_get_ec_enc_type(ctx) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_ENCRYPT|EVP_PKEY_OP_DECRYPT, \
+				EVP_PKEY_CTRL_EC_ENC_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set_ec_dh_type(ctx, type) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_EC_DH_TYPE, type, NULL)
+
+# define EVP_PKEY_CTX_get_ec_dh_type(ctx) \
+	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+				EVP_PKEY_OP_DERIVE, \
+				EVP_PKEY_CTRL_EC_DH_TYPE, -2, NULL);
+# endif /* OPENSSL_NO_GMSSL */
+
+
+
 # define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
                                EVP_PKEY_OP_DERIVE, \
@@ -1064,6 +1100,16 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
 # define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN                 (EVP_PKEY_ALG_CTRL + 8)
 # define EVP_PKEY_CTRL_EC_KDF_UKM                        (EVP_PKEY_ALG_CTRL + 9)
 # define EVP_PKEY_CTRL_GET_EC_KDF_UKM                    (EVP_PKEY_ALG_CTRL + 10)
+
+# ifndef OPENSSL_NO_GMSSL
+# define EVP_PKEY_CTRL_EC_SIGN_TYPE                      (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_EC_SIGN_TYPE                  (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_EC_ENC_TYPE                       (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_GET_EC_ENC_TYPE                   (EVP_PKEY_ALG_CTRL + 14)
+# define EVP_PKEY_CTRL_EC_DH_TYPE                        (EVP_PKEY_ALG_CTRL + 15)
+# define EVP_PKEY_CTRL_GET_EC_DH_TYPE                    (EVP_PKEY_ALG_CTRL + 16)
+# endif
+
 /* KDF types */
 # define EVP_PKEY_ECDH_KDF_NONE                          1
 # define EVP_PKEY_ECDH_KDF_X9_62                         2
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -502,7 +502,6 @@ static int eckey_param_decode(EVP_PKEY *pkey,
                              const unsigned char **pder, int derlen)
 {
    EC_KEY *eckey;
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
    if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) {
        ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
        return 0;
@@ -614,7 +613,11 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
    EVP_PKEY_EC,
    0,
    "EC",
+#ifndef OPENSSL_NO_GMSSL
+    "GmSSL EC/SM2 algorithm",
+#else
    "OpenSSL EC algorithm",
+#endif

    eckey_pub_decode,
    eckey_pub_encode,
@@ -967,173 +970,3 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)

 #endif

-
-#ifndef OPENSSL_NO_GMSSL
-static int sm2_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
-{
-    const unsigned char *p = NULL;
-    void *pval;
-    int ptype, pklen;
-    EC_KEY *eckey = NULL;
-    X509_ALGOR *palg;
-
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-
-    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
-        return 0;
-    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-    eckey = eckey_type2param(ptype, pval);
-
-    if (!eckey) {
-        ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
-        return 0;
-    }
-
-    /* We have parameters now set public key */
-    if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
-        ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
-        goto ecerr;
-    }
-
-    EVP_PKEY_assign_EC_KEY(pkey, eckey);
-    return 1;
-
- ecerr:
-    if (eckey)
-        EC_KEY_free(eckey);
-    return 0;
-}
-
-static int sm2_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
-{
-    const unsigned char *p = NULL;
-    void *pval;
-    int ptype, pklen;
-    EC_KEY *eckey = NULL;
-    X509_ALGOR *palg;
-
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
-        return 0;
-    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-    eckey = eckey_type2param(ptype, pval);
-
-    if (!eckey)
-        goto ecliberr;
-
-    /* We have parameters now set private key */
-    if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {
-        ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
-        goto ecerr;
-    }
-
-    /* calculate public key (if necessary) */
-    if (EC_KEY_get0_public_key(eckey) == NULL) {
-        const BIGNUM *priv_key;
-        const EC_GROUP *group;
-        EC_POINT *pub_key;
-        /*
-         * the public key was not included in the SEC1 private key =>
-         * calculate the public key
-         */
-        group = EC_KEY_get0_group(eckey);
-        pub_key = EC_POINT_new(group);
-        if (pub_key == NULL) {
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
-            EC_POINT_free(pub_key);
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        priv_key = EC_KEY_get0_private_key(eckey);
-        if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) {
-            EC_POINT_free(pub_key);
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        if (EC_KEY_set_public_key(eckey, pub_key) == 0) {
-            EC_POINT_free(pub_key);
-            ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-            goto ecliberr;
-        }
-        EC_POINT_free(pub_key);
-    }
-
-    EVP_PKEY_assign_SM2(pkey, eckey);
-    return 1;
-
- ecliberr:
-    ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
- ecerr:
-    if (eckey)
-        EC_KEY_free(eckey);
-    return 0;
-}
-
-static int sm2_param_decode(EVP_PKEY *pkey,
-                              const unsigned char **pder, int derlen)
-{
-    EC_KEY *eckey;
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-    if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) {
-        ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
-        return 0;
-    }
-    EVP_PKEY_assign_SM2(pkey, eckey);
-    return 1;
-}
-
-static int old_sm2_priv_decode(EVP_PKEY *pkey,
-                              const unsigned char **pder, int derlen)
-{
-    EC_KEY *ec;
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-    if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) {
-        ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
-        return 0;
-    }
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-    EVP_PKEY_assign_SM2(pkey, ec);
-fprintf(stderr, "GMSSL %s %d: %s\n", __FILE__, __LINE__, __FUNCTION__);
-
-OPENSSL_assert(EC_KEY_get0_group(ec));
-    return 1;
-}
-
-const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {
-    EVP_PKEY_SM2,
-    EVP_PKEY_SM2,
-    0,
-    "SM2",
-    "GmSSL SM2 algorithm",
-
-    sm2_pub_decode,
-    eckey_pub_encode,
-    eckey_pub_cmp,
-    eckey_pub_print,
-
-    sm2_priv_decode,
-    eckey_priv_encode,
-    eckey_priv_print,
-
-    int_ec_size,
-    ec_bits,
-
-    sm2_param_decode,
-    eckey_param_encode,
-    ec_missing_parameters,
-    ec_copy_parameters,
-    ec_cmp_parameters,
-    eckey_param_print,
-    0,
-
-    int_ec_free,
-    ec_pkey_ctrl,
-    old_sm2_priv_decode,
-    old_ec_priv_encode
-};
-#endif
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -88,6 +88,14 @@ typedef struct {
    size_t kdf_ukmlen;
    /* KDF output length */
    size_t kdf_outlen;
+    /* SECG, SM2 or other standards */
+    int sign_type;
+    int enc_type;
+    int dh_type;
+	union {
+		ECIES_PARAMS *ecies;
+		SM2_ENC_PARAMS *sm2;
+	} enc_param;
 } EC_PKEY_CTX;

 static int pkey_ec_init(EVP_PKEY_CTX *ctx)
@@ -106,6 +114,9 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx)
    dctx->kdf_outlen = 0;
    dctx->kdf_ukm = NULL;
    dctx->kdf_ukmlen = 0;
+    dctx->sign_type = NID_secg_scheme;
+	dctx->enc_type = NID_secg_scheme;
+	dctx->dh_type = NID_secg_scheme;

    ctx->data = dctx;

@@ -141,6 +152,9 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
    } else
        dctx->kdf_ukm = NULL;
    dctx->kdf_ukmlen = sctx->kdf_ukmlen;
+    dctx->sign_type = sctx->sign_type;
+    dctx->enc_type = sctx->enc_type;
+    dctx->dh_type = sctx->dh_type;
    return 1;
 }

@@ -159,50 +173,213 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
 }

 static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-                        const unsigned char *tbs, size_t tbslen)
+                        const unsigned char *dgst, size_t dgstlen)
 {
-    int ret, type;
-    unsigned int sltmp;
-    EC_PKEY_CTX *dctx = ctx->data;
-    EC_KEY *ec = ctx->pkey->pkey.ec;
+	int ret;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	int type;
+	unsigned int len;

-    if (!sig) {
-        *siglen = ECDSA_size(ec);
-        return 1;
-    } else if (*siglen < (size_t)ECDSA_size(ec)) {
-        ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
-        return 0;
-    }
+	if (!sig) {
+		*siglen = ECDSA_size(ec_key);
+		return 1;
+	} else if (*siglen < (size_t)ECDSA_size(ec_key)) {
+		ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
+		return 0;
+	}

-    if (dctx->md)
-        type = EVP_MD_type(dctx->md);
-    else
-        type = NID_sha1;
+	if (dctx->sign_type != NID_secg_scheme &&
+		dctx->sign_type != NID_sm_scheme) {
+		return 0;
+	}
+		
+	if (dctx->md)
+		type = EVP_MD_type(dctx->md);
+	else if (dctx->sign_type == NID_secg_scheme)
+		type = NID_sha1;
+	else if (dctx->sign_type == NID_sm_scheme)
+		type = NID_sm3;

-    ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+	if (dctx->sign_type == NID_secg_scheme) {
+		ret = ECDSA_sign(type, dgst, dgstlen, sig, &len, ec_key);
+	} else if (dctx->sign_type == NID_sm_scheme) {
+		ret = SM2_sign(type, dgst, dgstlen, sig, &len, ec_key);
+	}

-    if (ret <= 0)
-        return ret;
-    *siglen = (size_t)sltmp;
-    return 1;
+	if (ret <= 0)
+		return ret;
+
+	*siglen = len;
+	return 1;
 }

 static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
-                          const unsigned char *sig, size_t siglen,
-                          const unsigned char *tbs, size_t tbslen)
+	const unsigned char *sig, size_t siglen,
+	const unsigned char *dgst, size_t dgstlen)
 {
-    int ret, type;
-    EC_PKEY_CTX *dctx = ctx->data;
-    EC_KEY *ec = ctx->pkey->pkey.ec;
+	int ret, type;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;

-    if (dctx->md)
-        type = EVP_MD_type(dctx->md);
-    else
-        type = NID_sha1;
+	if (dctx->md)
+		type = EVP_MD_type(dctx->md);
+	else
+		type = NID_sha1;

-    ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+	if (dctx->sign_type == NID_sm2sign)
+		ret = SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key);
+	else
+		ret = ECDSA_verify(type, dgst, dgstlen, sig, siglen, ec_key);

-    return ret;
+	return ret;
+}
+
+static int pkey_ec_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	const EVP_MD *md = EVP_sm3();
+	unsigned char zid[EVP_MAX_MD_SIZE];
+	unsigned int zidlen = sizeof(zid);
+
+	if (dctx->sign_type == NID_sm2sign) {
+
+		if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
+       		 	ECerr(EC_F_PKEY_SM2_SIGNCTX_INIT, ERR_R_SM2_LIB);
+			return 0;
+		}
+		if (!mctx->update(mctx, zid, zidlen)) {
+	        	ECerr(EC_F_PKEY_SM2_SIGNCTX_INIT, ERR_R_EVP_LIB);
+			return 0;
+		}
+	}
+
+	return 1;
+}
+
+static int pkey_ec_signctx(EVP_PKEY_CTX *ctx,
+	unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)
+{
+	int ret;
+	unsigned int len;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen;
+	int type = NID_undef;
+
+	if (!sig) {
+		*siglen = SM2_signature_size(ec_key);
+		return 1;
+	} else if (*siglen < (size_t)SM2_signature_size(ec_key)) {
+		ECerr(EC_F_PKEY_SM2_SIGNCTX, EC_R_BUFFER_TOO_SMALL);
+		return 0;
+	}
+
+	if (!EVP_DigestFinal_ex(mctx, dgst, &dgstlen)) {
+		ECerr(EC_F_PKEY_SM2_SIGNCTX, ERR_R_EVP_LIB);
+		return 0;
+	}
+
+	if (dctx->sign_type == NID_sm2sign)
+		ret = SM2_sign(type, dgst, dgstlen, sig, &len, ec_key);
+	else
+		ret = ECDSA_sign(type, dgst, dgstlen, sig, &len, ec_key);
+
+	*siglen = (size_t)len;
+	return ret;
+}
+
+static int pkey_ec_verifyctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+	int ret = 0;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	const EVP_MD *md = EVP_sm3(); // FIXME: we need to get md from somewhere
+	unsigned char zid[EVP_MAX_MD_SIZE];
+	unsigned int zidlen;
+
+
+	if (dctx->sign_type == NID_sm2sign) {
+	
+		zidlen = sizeof(zid);
+		if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
+			goto end;
+		}
+		if (!mctx->update(mctx, zid, zidlen)) {
+			goto end;
+		}
+	}
+
+	ret = 1;
+end:
+	return ret;
+}
+
+static int pkey_ec_verifyctx(EVP_PKEY_CTX *ctx,
+	const unsigned char *sig, int siglen, EVP_MD_CTX *mctx)
+{
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen;
+	EC_PKEY_CTX *ec_ctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	int type = ec_ctx->md ? EVP_MD_type(ec_ctx->md) : NID_sm3;
+
+	dgstlen = sizeof(dgst);
+	if (!EVP_DigestFinal_ex(mctx, dgst, &dgstlen)) {
+		return -1;
+	}
+	
+	return SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key);
+}
+
+static int pkey_ec_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen)
+{
+	int ret;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+	ECIES_PARAMS *params = NULL;
+
+	if (dctx->enc_type == NID_sm2encrypt) {
+		ret = SM2_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
+	} else if (dctx->enc_type == NID_ecies_recommendedParameters) {
+		ret = ECIES_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
+	}
+
+	switch (dctx->enc_type) {
+	case NID_sm2encrypt:
+		ret = SM2_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
+		break;
+	case NID_ecies_recommendedParameters:
+		ret = ECIES_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
+		break;
+	case NID_ecies_specifiedParameters:
+		//we need to get ECIES_PARAMS from context
+		ret = ECIES_encrypt(params, out, outlen, in, inlen, ec_key);
+		break;
+	default:
+		ret = 0;
+	}
+
+	return ret;
+}
+
+static int pkey_ec_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen)
+{
+	int ret;
+	EC_PKEY_CTX *dctx = ctx->data;
+	EC_KEY *ec_key = ctx->pkey->pkey.ec;
+
+	if (dctx->enc_type == NID_sm2encrypt) {
+		ret = SM2_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
+	} else {
+		ret = ECIES_decrypt_with_recommended(out, outlen, in, inlen, ec_key);
+	}
+
+	return ret;
 }

 #ifndef OPENSSL_NO_ECDH
@@ -348,6 +525,44 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
        dctx->kdf_type = p1;
        return 1;

+#ifndef OPENSSL_NO_GMSSL
+	case EVP_PKEY_CTRL_EC_SIGN_TYPE:
+		if (p1 == -2)
+			return dctx->sign_type;
+		if (p1 != NID_secg_scheme && p1 != NID_sm_scheme)
+			return -2;
+		dctx->sign_type = p1;
+		return 1;
+
+	case EVP_PKEY_CTRL_GET_EC_SIGN_TYPE:
+		*(int *)p2 = dctx->sign_type;
+		return 1;
+
+	case EVP_PKEY_CTRL_EC_ENC_TYPE:
+		if (p1 == -2)
+			return dctx->enc_type;
+		if (p1 != NID_secg_scheme && p1 != NID_sm_scheme)
+			return -2;
+		dctx->enc_type = p1;
+		return 1;
+
+	case EVP_PKEY_CTRL_GET_EC_ENC_TYPE:
+		*(int *)p2 = dctx->enc_type;
+		return 1;
+
+	case EVP_PKEY_CTRL_EC_DH_TYPE:
+		if (p1 == -2)
+			return dctx->dh_type;
+		if (p1 != NID_secg_scheme && p1 != NID_sm_scheme)
+			return -2;
+		dctx->dh_type = p1;
+		return 1;
+
+	case EVP_PKEY_CTRL_GET_EC_DH_TYPE:
+		*(int *)p2 = dctx->dh_type;
+		return 1;
+#endif
+
    case EVP_PKEY_CTRL_EC_KDF_MD:
        dctx->kdf_md = p2;
        return 1;
@@ -427,6 +642,7 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
            ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
            return 0;
        }
+	printf("curve = %s\n", value);
        return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
    } else if (!strcmp(type, "ec_param_enc")) {
        int param_enc;
@@ -437,6 +653,35 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
        else
            return -2;
        return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
+#ifndef OPENSSL_NO_GMSSL
+	} else if (!strcmp(type, "ec_sign_algor")) {
+		int sign_type;
+		if (!strcmp(value, "ecdsa"))
+			sign_type = NID_secg_scheme;
+		else if (!strcmp(value, "sm2"))
+			sign_type = NID_sm_scheme;
+		else
+			return -2;
+		return EVP_PKEY_CTX_set_ec_sign_type(ctx, sign_type);
+	} else if (!strcmp(type, "ec_encrypt_algor")) {
+		int enc_type;
+		if (!strcmp(value, "ecies"))
+			enc_type = NID_secg_scheme;
+		else if (!strcmp(value, "sm2"))
+			enc_type = NID_sm_scheme;
+		else
+			return -2;
+		return EVP_PKEY_CTX_set_ec_enc_type(ctx, enc_type);
+	} else if (!strcmp(type, "ec_derive_algor")) {
+		int dh_type;
+		if (!strcmp(value, "ecdh"))
+			dh_type = NID_secg_scheme;
+		else if (!strcmp(value, "sm2"))
+			dh_type = NID_sm_scheme;
+		else
+			return -2;
+		return EVP_PKEY_CTX_set_ec_dh_type(ctx, dh_type);
+#endif
    } else if (!strcmp(type, "ecdh_kdf_md")) {
        const EVP_MD *md;
        if (!(md = EVP_get_digestbyname(value))) {
@@ -496,382 +741,37 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
    return EC_KEY_generate_key(pkey->pkey.ec);
 }

-#ifndef OPENSSL_NO_ECIES
-static int pkey_ec_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-	const unsigned char *in, size_t inlen)
-{
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	ECIES_PARAMS *param = ECIES_get_parameters(ec_key);
-	OPENSSL_assert(param);
-	return ECIES_encrypt(out, outlen, param, in, inlen, ec_key);
-}
-
-static int pkey_ec_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-	const unsigned char *in, size_t inlen)
-{
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	ECIES_PARAMS *param = ECIES_get_parameters(ec_key);
-	OPENSSL_assert(param);
-	return ECIES_decrypt(out, outlen, param, in, inlen, ec_key);
-}
-#endif
-
 const EVP_PKEY_METHOD ec_pkey_meth = {
-    EVP_PKEY_EC,
-    0,
-    pkey_ec_init,
-    pkey_ec_copy,
-    pkey_ec_cleanup,
-
-    0,
-    pkey_ec_paramgen,
-
-    0,
-    pkey_ec_keygen,
-
-    0,
-    pkey_ec_sign,
-
-    0,
-    pkey_ec_verify,
-
-    0, 0,
-
-    0, 0, 0, 0,
-
-    0,
-#ifndef OPENSSL_NO_ECIES
-    pkey_ec_encrypt,
-#else
-    0,
-#endif
-
-    0,
-#ifndef OPENSSL_NO_ECIES
-    pkey_ec_decrypt,
-#else
-    0,
-#endif
-
-    0,
-#ifndef OPENSSL_NO_ECDH
-    pkey_ec_kdf_derive,
-#else
-    0,
-#endif
-
-    pkey_ec_ctrl,
-    pkey_ec_ctrl_str
-};
-
-#ifndef OPENSSL_NO_SM2
-
-static int pkey_sm2_init(EVP_PKEY_CTX *ctx)
-{
-    EC_PKEY_CTX *dctx;
-    dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX));
-    if (!dctx)
-        return 0;
-    dctx->gen_group = EC_GROUP_new_by_curve_name(NID_sm2p256v1);
-    if (dctx->gen_group == NULL) {
-        return 0;
-    }
-    dctx->md = NULL; //FIXME: sm3
-
-    dctx->cofactor_mode = -1;
-    dctx->co_key = NULL;
-    dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE;
-    dctx->kdf_md = NULL;
-    dctx->kdf_outlen = 0;
-    dctx->kdf_ukm = NULL;
-    dctx->kdf_ukmlen = 0;
-
-    ctx->data = dctx;
-
-    return 1;
-}
-
-static int pkey_sm2_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-    EC_KEY *ec = NULL;
-    EC_PKEY_CTX *dctx = ctx->data;
-   
-     if (ctx->pkey == NULL && dctx->gen_group == NULL) {
-        ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
-        return 0;
-    }
-    ec = EC_KEY_new();
-    if (!ec)
-        return 0;
-    EVP_PKEY_assign_SM2(pkey, ec);
-    if (ctx->pkey) {
-        /* Note: if error return, pkey is freed by parent routine */
-        if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
-            return 0;
-    } else {
-        if (!EC_KEY_set_group(ec, dctx->gen_group))
-            return 0;
-    }
-    return EC_KEY_generate_key(pkey->pkey.ec);
-}
-
-
-static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-	const unsigned char *dgst, size_t dgstlen)
-{
-	int ret;
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	int type = NID_sm3;
-	size_t len;
-
-	if (!sig) {
-		*siglen = SM2_signature_size(ec_key);
-		return 1;
-	}
-	if (*siglen < (size_t)SM2_signature_size(ec_key)) {
-		ECerr(EC_F_PKEY_SM2_SIGN, EC_R_BUFFER_TOO_SMALL);
-		return 0;
-	}
-
-	if ((ret = SM2_sign(type, dgst, dgstlen, sig, &len, ec_key)) <= 0) {
-		return ret;
-	}
-
-	*siglen = len;
-	return 1;
-}
-
-static int pkey_sm2_verify(EVP_PKEY_CTX *ctx,
-	const unsigned char *sig, size_t siglen,
-	const unsigned char *dgst, size_t dgstlen)
-{
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	int type = ec_ctx->md ? EVP_MD_type(ec_ctx->md) : NID_sm3;
-
-	return SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key);
-}
-
-static int pkey_sm2_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
-{
-	int ret = 0;
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	const EVP_MD *md = EVP_sm3();
-	unsigned char zid[EVP_MAX_MD_SIZE];
-	unsigned int zidlen = sizeof(zid);
-
-	if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
-        	ECerr(EC_F_PKEY_SM2_SIGNCTX_INIT, ERR_R_SM2_LIB);
-		return 0;
-	}
-	if (!mctx->update(mctx, zid, zidlen)) {
-        	ECerr(EC_F_PKEY_SM2_SIGNCTX_INIT, ERR_R_EVP_LIB);
-		return 0;
-	}
-
-	return 1;
-}
-
-static int pkey_sm2_signctx(EVP_PKEY_CTX *ctx,
-	unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)
-{
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	unsigned char dgst[EVP_MAX_MD_SIZE];
-	unsigned int dgstlen;
-	int type = NID_undef;
-
-	if (!sig) {
-		*siglen = SM2_signature_size(ec_key);
-		return 1;
-	}
-
-	if (*siglen < (size_t)SM2_signature_size(ec_key)) {
-		ECerr(EC_F_PKEY_SM2_SIGNCTX, EC_R_BUFFER_TOO_SMALL);
-		return 0;
-	}
-
-	if (!EVP_DigestFinal_ex(mctx, dgst, &dgstlen)) {
-		ECerr(EC_F_PKEY_SM2_SIGNCTX, ERR_R_EVP_LIB);
-		return 0;
-	}
-
-	return SM2_sign(type, dgst, dgstlen, sig, &siglen, ec_key);
-}
-
-static int pkey_sm2_verifyctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
-{
-	int ret = 0;
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	const EVP_MD *md = EVP_sm3(); // FIXME: we need to get md from somewhere
-	unsigned char zid[EVP_MAX_MD_SIZE];
-	unsigned int zidlen;
-
-	zidlen = sizeof(zid);
-	if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
-		goto end;
-	}
-	if (!mctx->update(mctx, zid, zidlen)) {
-		goto end;
-	}
-
-	ret = 1;
-end:
-	return ret;
-}
-
-static int pkey_sm2_verifyctx(EVP_PKEY_CTX *ctx,
-	const unsigned char *sig, int siglen, EVP_MD_CTX *mctx)
-{
-	unsigned char dgst[EVP_MAX_MD_SIZE];
-	size_t dgstlen;
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	int type = ec_ctx->md ? EVP_MD_type(ec_ctx->md) : NID_sm3;
-
-	dgstlen = sizeof(dgst);
-	if (!EVP_DigestFinal_ex(mctx, dgst, &dgstlen)) {
-		return -1;
-	}
-
-	return SM2_verify(type, dgst, dgstlen, sig, siglen, ec_key);
-}
-
-static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
-	unsigned char *out, size_t *outlen,
-	const unsigned char *in, size_t inlen)
-{
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	const EVP_MD *kdf_md = ec_ctx->kdf_md;
-	const EVP_MD *mac_md = ec_ctx->md;
-	point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
-
-	//FIXME: the ec_ctx is not work, no one init it
-	kdf_md = EVP_sm3();
-	mac_md = EVP_sm3();
-	
-
-	//FIXME: where to put the parameters?
-	return SM2_encrypt(in, inlen, out, outlen, ec_key);
-}
-
-static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
-	unsigned char *out, size_t *outlen,
-	const unsigned char *in, size_t inlen)
-{
-	EC_PKEY_CTX *ec_ctx = ctx->data;
-	EC_KEY *ec_key = ctx->pkey->pkey.ec;
-	const EVP_MD *kdf_md = ec_ctx->kdf_md;
-	const EVP_MD *mac_md = ec_ctx->md;
-	point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
-
-
-	return SM2_decrypt(in, inlen, out, outlen, ec_key);
-}
-
-static int pkey_sm2_ctrl_digestinit(EVP_PKEY_CTX *pk_ctx, EVP_MD_CTX *md_ctx)
-{
-	int ret = 0;
-	EC_KEY *ec_key = pk_ctx->pkey->pkey.ec;
-	const EVP_MD *md = EVP_MD_CTX_md(md_ctx);
-	char *id;
-	unsigned char zid[EVP_MAX_MD_SIZE];
-	unsigned int zidlen = sizeof(zid);
-
-	EVP_PKEY_CTX *pctx;
-
-	fprintf(stderr, "%s() called\n", __FUNCTION__);
-
-	/*
-	if (!(id = SM2_get_id(ec_key))) {
-		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
-		id = "alice@pku.edu.cn";
-		//return 0;
-	}
-	*/
-
-	//FIXME: check this function
-	if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
-		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
-		return 0;
-	}
-
-	pctx = md_ctx->pctx;
-	md_ctx->pctx = NULL;
-	
-	if (!EVP_DigestInit_ex(md_ctx, md, NULL)) {
-		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
-		goto end;
-	}
-
-	md_ctx->pctx = pctx;
-		
-	if (!EVP_DigestUpdate(md_ctx, zid, zidlen)) {
-		fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
-		goto end;
-	}
-
-	EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NO_INIT);
-
-	ret = 1;
-end:
-	return ret;
-}
-
-static int pkey_sm2_derive_init(EVP_PKEY_CTX *ctx)
-{
-	return 0;
-}
-
-static int pkey_sm2_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
-{
-	return 0;
-}
-
-static int pkey_sm2_ctrl(EVP_PKEY_CTX *pk_ctx, int type, int p1, void *p2)
-{
-	switch (type) {
-	case EVP_PKEY_CTRL_DIGESTINIT:
-		return pkey_sm2_ctrl_digestinit(pk_ctx, (EVP_MD_CTX *)p2);
-	case EVP_PKEY_CTRL_MD:
-		return 1;
-        }
-
-	return pkey_ec_ctrl(pk_ctx, type, p1, p2);
-}
-
-const EVP_PKEY_METHOD sm2_pkey_meth = {
-	EVP_PKEY_SM2,
+	EVP_PKEY_EC,
 	0,
-	pkey_sm2_init,
+	pkey_ec_init,
 	pkey_ec_copy,
 	pkey_ec_cleanup,
 	0,
 	pkey_ec_paramgen,
 	0,
-	pkey_sm2_keygen,
+	pkey_ec_keygen,
 	0,
-	pkey_sm2_sign,
+	pkey_ec_sign,
 	0,
-	pkey_sm2_verify,
+	pkey_ec_verify,
 	0,
 	0,
-	pkey_sm2_signctx_init,
-	pkey_sm2_signctx,
-	pkey_sm2_verifyctx_init,
-	pkey_sm2_verifyctx,
+	pkey_ec_signctx_init,
+	pkey_ec_signctx,
+	pkey_ec_verifyctx_init,
+	pkey_ec_verifyctx,
 	0,
-	pkey_sm2_encrypt,
+	pkey_ec_encrypt,
 	0,
-	pkey_sm2_decrypt,
-	pkey_sm2_derive_init,
-	pkey_sm2_derive,
+	pkey_ec_decrypt,
+	0,
+	#ifndef OPENSSL_NO_ECDH
+	pkey_ec_kdf_derive,
+	#else
+	0,
+	#endif
 	pkey_ec_ctrl,
 	pkey_ec_ctrl_str
 };
-#endif

--- a/crypto/ecies/ecies.h
+++ b/crypto/ecies/ecies.h
@@ -74,12 +74,36 @@ extern "C" {
 */

 typedef struct ecies_params_st {
-	int                  kdf_nid;
+	/* supported kdf algors:
+	 *   x9-63-kdf
+	 *   nist-concatenation-kdf
+         *   tls-kdf
+         *   ikev2-kdf
+	 */
+	int kdf_nid;
 	const EVP_MD        *kdf_md;
+
+	/* supported enc algors:
+	 *   xor-in-ecies
+         *   aes128-cbc-in-ecies
+	 *   aes192-cbc-in-ecies
+	 *   aes256-cbc-in-ecies
+	 *   aes128-ctr-in-ecies
+	 *   aes192-ctr-in-ecies
+	 *   aes256-ctr-in-ecies
+         */
 	const EVP_CIPHER    *sym_cipher;
-	int                  mac_nid;
-	const EVP_MD        *mac_md;
-	const EVP_CIPHER    *mac_cipher;
+
+	/*
+	 * supported mac algors:
+	 *   hmac-full-ecies
+	 *   hmac-half-ecies
+	 *   cmac-aes128-ecies
+	 *   cmac-aes192-ecies
+	 */
+	int mac_nid;
+	const EVP_MD *mac_md;
+	const EVP_CIPHER *mac_cipher;
 } ECIES_PARAMS;

 typedef struct ecies_ciphertext_value_st {
@@ -100,11 +124,19 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param,
 int ECIES_do_decrypt(const ECIES_CIPHERTEXT_VALUE *cv,
 	const ECIES_PARAMS *param, unsigned char *out, size_t *outlen, 
 	EC_KEY *ec_key);
-int ECIES_encrypt(unsigned char *out, size_t *outlen,
-	const ECIES_PARAMS *param, const unsigned char *in, size_t inlen,
+int ECIES_encrypt(const ECIES_PARAMS *param,
+	unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
 	EC_KEY *ec_key);
-int ECIES_decrypt(unsigned char *out, size_t *outlen,
-	const ECIES_PARAMS *param, const unsigned char *in, size_t inlen,
+int ECIES_decrypt(const ECIES_PARAMS *param,
+	unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
+	EC_KEY *ec_key);
+int ECIES_encrypt_with_recommended(unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
+	EC_KEY *ec_key);
+int ECIES_decrypt_with_recommended(unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
 	EC_KEY *ec_key);


--- a/crypto/ecies/ecies_lib.c
+++ b/crypto/ecies/ecies_lib.c
@@ -448,8 +448,9 @@ err:
 	return r;
 }

-int ECIES_encrypt(unsigned char *out, size_t *outlen,
-	const ECIES_PARAMS *param, const unsigned char *in, size_t inlen,
+int ECIES_encrypt(const ECIES_PARAMS *param,
+	unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
 	EC_KEY *ec_key)
 {
 	int ret = 0;
@@ -496,8 +497,9 @@ end:
 	return ret;
 }

-int ECIES_decrypt(unsigned char *out, size_t *outlen,
-	const ECIES_PARAMS *param, const unsigned char *in, size_t inlen,
+int ECIES_decrypt(const ECIES_PARAMS *param,
+	unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
 	EC_KEY *ec_key)
 {
 	int ret = 0;
@@ -520,3 +522,37 @@ end:
 	return ret;
 }

+int ECIES_PARAMS_init_with_recommended(ECIES_PARAMS *param)
+{
+	if (!param) {
+		return 0;
+	}
+	param->kdf_nid = NID_undef;
+	param->kdf_md = EVP_sha256();
+	param->sym_cipher = EVP_aes_128_cbc();
+	param->mac_nid = NID_undef;
+	param->mac_md = EVP_sha256();
+	param->mac_cipher = NULL;
+	return 1;
+}
+
+int ECIES_encrypt_with_recommended(unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
+	EC_KEY *ec_key)
+{
+	ECIES_PARAMS param;
+	ECIES_PARAMS_init_with_recommended(&param);
+	return ECIES_encrypt(&param, out, outlen, in, inlen, ec_key);
+}
+
+int ECIES_decrypt_with_recommended(unsigned char *out, size_t *outlen,
+	const unsigned char *in, size_t inlen,
+	EC_KEY *ec_key)
+{
+	ECIES_PARAMS param;
+	ECIES_PARAMS_init_with_recommended(&param);
+	return ECIES_decrypt(&param, out, outlen, in, inlen, ec_key);
+}
+
+
+
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -163,7 +163,7 @@ void OpenSSL_add_all_ciphers(void)
    EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
 #endif

-#ifndef OPENSSL_NO_SMS4
+#ifndef OPENSSL_NO_GMSSL
    EVP_add_cipher(EVP_sms4_ecb());
    EVP_add_cipher(EVP_sms4_cbc());
    EVP_add_cipher(EVP_sms4_cfb());
@@ -174,9 +174,6 @@ void OpenSSL_add_all_ciphers(void)
    EVP_add_cipher(EVP_sms4_wrap());
    EVP_add_cipher_alias(SN_sms4_cbc,"SMS4");
    EVP_add_cipher_alias(SN_sms4_cbc,"sms4");
-#endif
-
-#ifndef OPENSSL_NO_ZUC
    EVP_add_cipher(EVP_zuc());
 #endif

--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -67,7 +67,7 @@ void OpenSSL_add_all_digests(void)
 #ifndef OPENSSL_NO_MD4
    EVP_add_digest(EVP_md4());
 #endif
-#ifndef OPENSSL_NO_SM3
+#ifndef OPENSSL_NO_GMSSL
 	EVP_add_digest(EVP_sm3());
 #endif
 #ifndef OPENSSL_NO_MD5
--- a/crypto/evp/e_sms4.c
+++ b/crypto/evp/e_sms4.c
@@ -53,7 +53,7 @@
 #include <stdio.h>
 #include "cryptlib.h"

-#ifndef OPENSSL_NO_SMS4
+#ifndef OPENSSL_NO_GMSSL
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/crypto.h>
--- a/crypto/evp/e_zuc.c
+++ b/crypto/evp/e_zuc.c
@@ -1,7 +1,7 @@
 #include <stdio.h>
 #include "cryptlib.h"

-#ifndef OPENSSL_NO_ZUC
+#ifndef OPENSSL_NO_GMSSL

 #include <openssl/evp.h>
 #include "evp_locl.h"
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -117,10 +117,7 @@
 # define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
 # define EVP_PKEY_HMAC   NID_hmac
 # define EVP_PKEY_CMAC   NID_cmac
-
-# ifndef OPENSSL_NO_SM2
-#  define EVP_PKEY_SM2    NID_sm2p256v1 /* FIXME: NID_sm2 */
-# endif
+# define EVP_PKEY_CBCMAC NID_cbc_mac

 #ifdef  __cplusplus
 extern "C" {
@@ -254,14 +251,6 @@ typedef int evp_verify_method(int type, const unsigned char *m,
 #   define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method
 #  endif

-#  ifndef OPENSSL_NO_SM2
-#   define EVP_PKEY_SM2_method   (evp_sign_method *)SM2_sign, \
-                                (evp_verify_method *)SM2_verify, \
-                                 {EVP_PKEY_SM2,0,0,0}
-#  else
-#   define EVP_PKEY_SM2_method   EVP_PKEY_NULL_method
-#  endif
-
 #  ifndef OPENSSL_NO_RSA
 #   define EVP_PKEY_RSA_method     (evp_sign_method *)RSA_sign, \
                                (evp_verify_method *)RSA_verify, \
@@ -519,10 +508,6 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
                                        (char *)(eckey))
 # endif

-# ifndef OPENSSL_NO_SM2
-#  define EVP_PKEY_assign_SM2(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_SM2,\
-                                        (char *)(eckey))
-# endif

 /* Add some extra combinations */
 # define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
@@ -756,7 +741,7 @@ const EVP_MD *EVP_ripemd160(void);
 # ifndef OPENSSL_NO_WHIRLPOOL
 const EVP_MD *EVP_whirlpool(void);
 # endif
-# ifndef OPENSSL_NO_SM3
+# ifndef OPENSSL_NO_GMSSL
 const EVP_MD *EVP_sm3(void);
 # endif
 const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
@@ -845,7 +830,7 @@ const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
 #  define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
 const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
 # endif
-#ifndef OPENSSL_NO_SMS4
+#ifndef OPENSSL_NO_GMSSL
 const EVP_CIPHER *EVP_sms4_ecb(void);
 const EVP_CIPHER *EVP_sms4_cbc(void);
 const EVP_CIPHER *EVP_sms4_cfb1(void);
@@ -862,8 +847,6 @@ const EVP_CIPHER *EVP_sms4_wrap(void);
 #define EVP_sm4_cbc EVP_sms4_cbc
 #define EVP_sm4_cfb EVP_sms4_cfb
 #define EVP_sm4_ofb EVP_sms4_ofb
-#endif
-#ifndef OPENSSL_NO_ZUC
 const EVP_CIPHER *EVP_zuc(void);
 #endif
 # ifndef OPENSSL_NO_AES
@@ -1016,10 +999,6 @@ struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
 struct ec_key_st;
 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
 struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-# ifndef OPENSSL_NO_SM2
-int EVP_PKEY_set1_SM2(EVP_PKEY *pkey, struct ec_key_st *key);
-struct ec_key_st *EVP_PKEY_get1_SM2(EVP_PKEY *pkey);
-# endif
 # endif

 EVP_PKEY *EVP_PKEY_new(void);
@@ -1238,6 +1217,8 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,

 # define EVP_PKEY_CTRL_GET_MD            13

+
+
 # define EVP_PKEY_ALG_CTRL               0x1000

 # define EVP_PKEY_FLAG_AUTOARGLEN        2
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -228,14 +228,3 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
    return 0;
 }

-#ifndef OPENSSL_NO_GMSSL
-int EVP_PKEY_ec_to_sm2(EVP_PKEY *pkey, int only_sm2_curve)
-{
-	return 0;
-}
-
-int EVP_PKEY_sm2_to_ec(EVP_PKEY *pkey)
-{
-	return 0;
-}
-#endif
--- a/crypto/evp/m_sm3.c
+++ b/crypto/evp/m_sm3.c
@@ -52,7 +52,7 @@
 #include <stdio.h>
 #include "cryptlib.h"

-#ifndef OPENSSL_NO_SM3
+#ifndef OPENSSL_NO_GMSSL

 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -76,18 +76,20 @@ static int final(EVP_MD_CTX *ctx, unsigned char *md)
 }

 static const EVP_MD sm3_md = {
-        NID_sm3,
-        NID_sm2sign_with_sm3,
-        SM3_DIGEST_LENGTH,
-        0,
-        init,
-        update,
-        final,
-        NULL,
-        NULL,
-        EVP_PKEY_SM2_method,
-        SM3_BLOCK_SIZE,
-        sizeof(EVP_MD *) + sizeof(sm3_ctx_t),
+	NID_sm3,
+	NID_sm2sign_with_sm3,
+	SM3_DIGEST_LENGTH,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
+	(evp_sign_method *)SM2_sign,
+	(evp_verify_method *)SM2_verify,
+	{EVP_PKEY_EC, 0, 0, 0},
+	SM3_BLOCK_SIZE,
+	sizeof(EVP_MD *) + sizeof(sm3_ctx_t),
 };

 const EVP_MD *EVP_sm3(void)
--- a/crypto/evp/p_enc.c
+++ b/crypto/evp/p_enc.c
@@ -66,49 +66,29 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-static int ossl_EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key,
-                         int key_len, EVP_PKEY *pubk)
-{
-    int ret = 0;
-
-    if (pubk->type != EVP_PKEY_RSA) {
-        EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
-        goto err;
-    }
-    ret =
-        RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa,
-                           RSA_PKCS1_PADDING);
- err:
-    return (ret);
-}
-
-// OPENSSL_NO_GMSSL
-// here is to mark changes
-
+/* GMSSL: EVP_PKEY_encrypt_old() is modified */
 int EVP_PKEY_encrypt_old(unsigned char *out, const unsigned char *in,
 	int inlen, EVP_PKEY *pkey)
 {
 	int ret = 0;
 	EVP_PKEY_CTX *ctx = NULL;
-	size_t outlen;
+	size_t size;

 	if (pkey->type == EVP_PKEY_RSA) {
-		return ossl_EVP_PKEY_encrypt_old(out, in, inlen, pkey);
+		ret = RSA_public_encrypt(inlen, in, out, pkey->pkey.rsa,
+			RSA_PKCS1_PADDING);
+	} else {
+		if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) {
+			return 0;
+		}
+		if (1 != EVP_PKEY_encrypt_init(ctx)) {
+			return 0;
+		}
+		if (1 != EVP_PKEY_encrypt(ctx, out, &size, in, inlen)) {
+			goto end;
+		}
+		ret = (int)size;
 	}
-
-	if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) {
-		return 0;
-	}
-	if (EVP_PKEY_encrypt_init(ctx) <= 0) {
-		goto end;
-	}
-	/* ctrl operations can be added here */
-	if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) {
-		goto end;
-	}
-
-	ret = (int)outlen;
-
 end:
 	EVP_PKEY_CTX_free(ctx);
 	return ret;
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -80,9 +80,6 @@

 #include "asn1_locl.h"

-#ifndef OPENSSL_NO_GMSSL
-#include "../ec/ec_lcl.h"
-#endif

 static void EVP_PKEY_free_it(EVP_PKEY *x);

@@ -120,15 +117,6 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
        return (ret);
    }
 #endif
-#ifndef OPENSSL_NO_SM2
-    if (pkey->type == EVP_PKEY_SM2) {
-        int ret = pkey->save_parameters;
-
-        if (mode >= 0)
-            pkey->save_parameters = mode;
-        return (ret);
-    }
-#endif
    return (0);
 }

@@ -338,27 +326,6 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
 }
 #endif

-#ifndef OPENSSL_NO_SM2
-int EVP_PKEY_set1_SM2(EVP_PKEY *pkey, EC_KEY *key)
-{
-    int ret = EVP_PKEY_assign_SM2(pkey, key);
-    if (ret)
-        EC_KEY_up_ref(key);
-    return ret;
-}
-
-EC_KEY *EVP_PKEY_get1_SM2(EVP_PKEY *pkey)
-{
-    /* FIXME: reconsider the SM2 and EC_KEY relationship */
-    if (pkey->type != EVP_PKEY_SM2) {
-        EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);//FIXME:errno
-        return NULL;
-    }
-    EC_KEY_up_ref(pkey->pkey.ec);
-    return pkey->pkey.ec;
-}
-#endif
-
 #ifndef OPENSSL_NO_DH

 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -75,7 +75,7 @@ STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;

 extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
 extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
-extern const EVP_PKEY_METHOD dhx_pkey_meth, sm2_pkey_meth;
+extern const EVP_PKEY_METHOD dhx_pkey_meth, cbcmac_pkey_meth;

 static const EVP_PKEY_METHOD *standard_methods[] = {
 #ifndef OPENSSL_NO_RSA
@@ -89,14 +89,14 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
 #endif
 #ifndef OPENSSL_NO_EC
    &ec_pkey_meth,
-#endif
-#ifndef OPENSSL_NO_SM2
-    &sm2_pkey_meth,
 #endif
    &hmac_pkey_meth,
    &cmac_pkey_meth,
 #ifndef OPENSSL_NO_DH
-    &dhx_pkey_meth
+    &dhx_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_GMSSL
+    &cbcmac_pkey_meth,
 #endif
 };

@@ -119,28 +119,14 @@ const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
    tmp.pkey_id = type;
    if (app_pkey_methods) {
        int idx;
-
-	//fprintf(stderr, "check %s %d\n", __FILE__, __LINE__);
        idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp);
        if (idx >= 0)
            return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
-	//fprintf(stderr, "check %s %d\n", __FILE__, __LINE__);
    }
-    //fprintf(stderr, "%s %d: t->pkey_id = %d\n", __FILE__, __LINE__, t->pkey_id);
-	int i;
-	for (i = 0; i < sizeof(standard_methods) / sizeof(EVP_PKEY_METHOD *); i++) {
-		if (type == standard_methods[i]->pkey_id) {
-			return standard_methods[i];
-		}
-	}
-/*
    ret = OBJ_bsearch_pmeth(&t, standard_methods,
                            sizeof(standard_methods) /
                            sizeof(EVP_PKEY_METHOD *));
-
-*/
    if (!ret || !*ret) {
-	//fprintf(stderr, "check %s %d\n", __FILE__, __LINE__);
        return NULL;
    }
    return *ret;
@@ -152,7 +138,6 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
    const EVP_PKEY_METHOD *pmeth;
    if (id == -1) {
        if (!pkey || !pkey->ameth) {
-            fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
            return NULL;
        }
        id = pkey->ameth->pkey_id;
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
 * [including the GNU Public Licence.]
 */

-#define NUM_NID 1034
-#define NUM_SN 1012
-#define NUM_LN 1012
-#define NUM_OBJ 950
+#define NUM_NID 1040
+#define NUM_SN 1016
+#define NUM_LN 1016
+#define NUM_OBJ 954

-static const unsigned char lvalues[6691]={
+static const unsigned char lvalues[6721]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
@@ -957,61 +957,65 @@ static const unsigned char lvalues[6691]={
 0x2A,0x81,0x1C,0xCF,0x55,                    /* [6265] OBJ_oscca */
 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,     /* [6270] OBJ_sm3 */
 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,0x02,/* [6278] OBJ_hmac_sm3 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,               /* [6287] OBJ_sm */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x01,/* [6293] OBJ_sm2sign */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x02,/* [6302] OBJ_sm2keyagreement */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,/* [6311] OBJ_sm2encrypt */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75,     /* [6320] OBJ_sm2sign_with_sm3 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x76,     /* [6328] OBJ_sm2sign_with_sha1 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x77,     /* [6336] OBJ_sm2sign_with_sha256 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01,     /* [6344] OBJ_sms4_ecb */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02,     /* [6352] OBJ_sms4_cbc */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03,     /* [6360] OBJ_sms4_ofb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04,     /* [6368] OBJ_sms4_cfb128 */
-0x2B,0x81,0x04,0x01,0x07,                    /* [6376] OBJ_ecies_recommendedParameters */
-0x2B,0x81,0x04,0x01,0x08,                    /* [6381] OBJ_ecies_specifiedParameters */
-0x2B,0x81,0x04,0x01,0x11,0x00,               /* [6386] OBJ_x9_63_kdf */
-0x2B,0x81,0x04,0x01,0x11,0x01,               /* [6392] OBJ_nist_concatenation_kdf */
-0x2B,0x81,0x04,0x01,0x11,0x02,               /* [6398] OBJ_tls_kdf */
-0x2B,0x81,0x04,0x01,0x11,0x03,               /* [6404] OBJ_ikev2_kdf */
-0x2B,0x81,0x04,0x01,0x12,                    /* [6410] OBJ_xor_in_ecies */
-0x2B,0x81,0x04,0x01,0x14,0x00,               /* [6415] OBJ_aes128_cbc_in_ecies */
-0x2B,0x81,0x04,0x01,0x14,0x01,               /* [6421] OBJ_aes192_cbc_in_ecies */
-0x2B,0x81,0x04,0x01,0x14,0x02,               /* [6427] OBJ_aes256_cbc_in_ecies */
-0x2B,0x81,0x04,0x01,0x15,0x00,               /* [6433] OBJ_aes128_ctr_in_ecies */
-0x2B,0x81,0x04,0x01,0x15,0x01,               /* [6439] OBJ_aes192_ctr_in_ecies */
-0x2B,0x81,0x04,0x01,0x15,0x02,               /* [6445] OBJ_aes256_ctr_in_ecies */
-0x2B,0x81,0x04,0x01,0x16,                    /* [6451] OBJ_hmac_full_ecies */
-0x2B,0x81,0x04,0x01,0x17,                    /* [6456] OBJ_hmac_half_ecies */
-0x2B,0x81,0x04,0x01,0x18,0x00,               /* [6461] OBJ_cmac_aes128_ecies */
-0x2B,0x81,0x04,0x01,0x18,0x01,               /* [6467] OBJ_cmac_aes192_ecies */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x86,0x20,     /* [6473] OBJ_zuc */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x69,          /* [6481] OBJ_sm7 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x6A,          /* [6488] OBJ_sm8 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x81,0x49,     /* [6495] OBJ_sm5 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x01,/* [6503] OBJ_sm9sign */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x02,/* [6512] OBJ_sm9keyagreement */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x03,/* [6521] OBJ_sm9encrypt */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x01,     /* [6530] OBJ_sm6_ecb */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x02,     /* [6538] OBJ_sm6_cbc */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x03,     /* [6546] OBJ_sm6_ofb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x04,     /* [6554] OBJ_sm6_cfb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x01,     /* [6562] OBJ_sm1_ecb */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x02,     /* [6570] OBJ_sm1_cbc */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x03,     /* [6578] OBJ_sm1_ofb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x04,     /* [6586] OBJ_sm1_cfb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x01,     /* [6594] OBJ_ssf33_ecb */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x02,     /* [6602] OBJ_ssf33_cbc */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x03,     /* [6610] OBJ_ssf33_ofb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x04,     /* [6618] OBJ_ssf33_cfb128 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,     /* [6626] OBJ_id_sm9PublicKey */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x07,     /* [6634] OBJ_sms4_ctr */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x08,     /* [6642] OBJ_sms4_gcm */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x09,     /* [6650] OBJ_sms4_ccm */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x0A,     /* [6658] OBJ_sms4_xts */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x05,     /* [6666] OBJ_sms4_cfb1 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x06,     /* [6674] OBJ_sms4_cfb8 */
-0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x0B,     /* [6682] OBJ_sms4_wrap */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x01,/* [6287] OBJ_sm2sign */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x02,/* [6296] OBJ_sm2keyagreement */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,/* [6305] OBJ_sm2encrypt */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75,     /* [6314] OBJ_sm2sign_with_sm3 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x76,     /* [6322] OBJ_sm2sign_with_sha1 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x77,     /* [6330] OBJ_sm2sign_with_sha256 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01,     /* [6338] OBJ_sms4_ecb */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02,     /* [6346] OBJ_sms4_cbc */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03,     /* [6354] OBJ_sms4_ofb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04,     /* [6362] OBJ_sms4_cfb128 */
+0x2B,0x81,0x04,0x01,0x07,                    /* [6370] OBJ_ecies_recommendedParameters */
+0x2B,0x81,0x04,0x01,0x08,                    /* [6375] OBJ_ecies_specifiedParameters */
+0x2B,0x81,0x04,0x01,0x11,0x00,               /* [6380] OBJ_x9_63_kdf */
+0x2B,0x81,0x04,0x01,0x11,0x01,               /* [6386] OBJ_nist_concatenation_kdf */
+0x2B,0x81,0x04,0x01,0x11,0x02,               /* [6392] OBJ_tls_kdf */
+0x2B,0x81,0x04,0x01,0x11,0x03,               /* [6398] OBJ_ikev2_kdf */
+0x2B,0x81,0x04,0x01,0x12,                    /* [6404] OBJ_xor_in_ecies */
+0x2B,0x81,0x04,0x01,0x14,0x00,               /* [6409] OBJ_aes128_cbc_in_ecies */
+0x2B,0x81,0x04,0x01,0x14,0x01,               /* [6415] OBJ_aes192_cbc_in_ecies */
+0x2B,0x81,0x04,0x01,0x14,0x02,               /* [6421] OBJ_aes256_cbc_in_ecies */
+0x2B,0x81,0x04,0x01,0x15,0x00,               /* [6427] OBJ_aes128_ctr_in_ecies */
+0x2B,0x81,0x04,0x01,0x15,0x01,               /* [6433] OBJ_aes192_ctr_in_ecies */
+0x2B,0x81,0x04,0x01,0x15,0x02,               /* [6439] OBJ_aes256_ctr_in_ecies */
+0x2B,0x81,0x04,0x01,0x16,                    /* [6445] OBJ_hmac_full_ecies */
+0x2B,0x81,0x04,0x01,0x17,                    /* [6450] OBJ_hmac_half_ecies */
+0x2B,0x81,0x04,0x01,0x18,0x00,               /* [6455] OBJ_cmac_aes128_ecies */
+0x2B,0x81,0x04,0x01,0x18,0x01,               /* [6461] OBJ_cmac_aes192_ecies */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x86,0x20,     /* [6467] OBJ_zuc */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x69,          /* [6475] OBJ_sm7 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x6A,          /* [6482] OBJ_sm8 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x81,0x49,     /* [6489] OBJ_sm5 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x01,/* [6497] OBJ_sm9sign */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x02,/* [6506] OBJ_sm9keyagreement */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x03,/* [6515] OBJ_sm9encrypt */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x01,     /* [6524] OBJ_sm6_ecb */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x02,     /* [6532] OBJ_sm6_cbc */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x03,     /* [6540] OBJ_sm6_ofb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65,0x04,     /* [6548] OBJ_sm6_cfb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x01,     /* [6556] OBJ_sm1_ecb */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x02,     /* [6564] OBJ_sm1_cbc */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x03,     /* [6572] OBJ_sm1_ofb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x04,     /* [6580] OBJ_sm1_cfb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x01,     /* [6588] OBJ_ssf33_ecb */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x02,     /* [6596] OBJ_ssf33_cbc */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x03,     /* [6604] OBJ_ssf33_ofb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x04,     /* [6612] OBJ_ssf33_cfb128 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,     /* [6620] OBJ_id_sm9PublicKey */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x07,     /* [6628] OBJ_sms4_ctr */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x08,     /* [6636] OBJ_sms4_gcm */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x09,     /* [6644] OBJ_sms4_ccm */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x0A,     /* [6652] OBJ_sms4_xts */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x05,     /* [6660] OBJ_sms4_cfb1 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x06,     /* [6668] OBJ_sms4_cfb8 */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x0B,     /* [6676] OBJ_sms4_wrap */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,               /* [6684] OBJ_X9_62_id_ecSigType */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x01,/* [6690] OBJ_sm2encrypt_recommendedParameters */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,/* [6700] OBJ_sm2encrypt_specifiedParameters */
+0x2B,0x81,0x04,0x01,                         /* [6710] OBJ_secg_scheme */
+0x2A,0x81,0x1C,0xCF,0x55,0x01,               /* [6714] OBJ_sm_scheme */
 };

 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2584,91 +2588,101 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"sm","sm",NID_sm,6,&(lvalues[6287]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"sm2sign","sm2sign",NID_sm2sign,9,&(lvalues[6293]),0},
+{NULL,NULL,NID_undef,0,NULL,0},
+{"sm2sign","sm2sign",NID_sm2sign,9,&(lvalues[6287]),0},
 {"sm2keyagreement","sm2keyagreement",NID_sm2keyagreement,9,
-	&(lvalues[6302]),0},
-{"sm2encrypt","sm2encrypt",NID_sm2encrypt,9,&(lvalues[6311]),0},
+	&(lvalues[6296]),0},
+{"sm2encrypt","sm2encrypt",NID_sm2encrypt,9,&(lvalues[6305]),0},
 {"SM2Sign-with-SM3","sm2sign-with-sm3",NID_sm2sign_with_sm3,8,
-	&(lvalues[6320]),0},
+	&(lvalues[6314]),0},
 {"SM2Sign-with-SHA1","sm2sign-with-sha1",NID_sm2sign_with_sha1,8,
-	&(lvalues[6328]),0},
+	&(lvalues[6322]),0},
 {"SM2Sign-with-SHA256","sm2sign-with-sha256",NID_sm2sign_with_sha256,
-	8,&(lvalues[6336]),0},
+	8,&(lvalues[6330]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"SMS4-ECB","sms4-ecb",NID_sms4_ecb,8,&(lvalues[6344]),0},
-{"SMS4-CBC","sms4-cbc",NID_sms4_cbc,8,&(lvalues[6352]),0},
+{"SMS4-ECB","sms4-ecb",NID_sms4_ecb,8,&(lvalues[6338]),0},
+{"SMS4-CBC","sms4-cbc",NID_sms4_cbc,8,&(lvalues[6346]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"SMS4-OFB","sms4-ofb",NID_sms4_ofb128,8,&(lvalues[6360]),0},
-{"SMS4-CFB","sms4-cfb",NID_sms4_cfb128,8,&(lvalues[6368]),0},
+{"SMS4-OFB","sms4-ofb",NID_sms4_ofb128,8,&(lvalues[6354]),0},
+{"SMS4-CFB","sms4-cfb",NID_sms4_cfb128,8,&(lvalues[6362]),0},
 {"ecies-recommendedParameters","ecies-recommendedParameters",
-	NID_ecies_recommendedParameters,5,&(lvalues[6376]),0},
+	NID_ecies_recommendedParameters,5,&(lvalues[6370]),0},
 {"ecies-specifiedParameters","ecies-specifiedParameters",
-	NID_ecies_specifiedParameters,5,&(lvalues[6381]),0},
-{"x9-63-kdf","x9-63-kdf",NID_x9_63_kdf,6,&(lvalues[6386]),0},
+	NID_ecies_specifiedParameters,5,&(lvalues[6375]),0},
+{"x9-63-kdf","x9-63-kdf",NID_x9_63_kdf,6,&(lvalues[6380]),0},
 {"nist-concatenation-kdf","nist-concatenation-kdf",
-	NID_nist_concatenation_kdf,6,&(lvalues[6392]),0},
-{"tls-kdf","tls-kdf",NID_tls_kdf,6,&(lvalues[6398]),0},
-{"ikev2-kdf","ikev2-kdf",NID_ikev2_kdf,6,&(lvalues[6404]),0},
-{"xor-in-ecies","xor-in-ecies",NID_xor_in_ecies,5,&(lvalues[6410]),0},
+	NID_nist_concatenation_kdf,6,&(lvalues[6386]),0},
+{"tls-kdf","tls-kdf",NID_tls_kdf,6,&(lvalues[6392]),0},
+{"ikev2-kdf","ikev2-kdf",NID_ikev2_kdf,6,&(lvalues[6398]),0},
+{"xor-in-ecies","xor-in-ecies",NID_xor_in_ecies,5,&(lvalues[6404]),0},
 {"aes128-cbc-in-ecies","aes128-cbc-in-ecies",NID_aes128_cbc_in_ecies,
-	6,&(lvalues[6415]),0},
+	6,&(lvalues[6409]),0},
 {"aes192-cbc-in-ecies","aes192-cbc-in-ecies",NID_aes192_cbc_in_ecies,
-	6,&(lvalues[6421]),0},
+	6,&(lvalues[6415]),0},
 {"aes256-cbc-in-ecies","aes256-cbc-in-ecies",NID_aes256_cbc_in_ecies,
-	6,&(lvalues[6427]),0},
+	6,&(lvalues[6421]),0},
 {"aes128-ctr-in-ecies","aes128-ctr-in-ecies",NID_aes128_ctr_in_ecies,
-	6,&(lvalues[6433]),0},
+	6,&(lvalues[6427]),0},
 {"aes192-ctr-in-ecies","aes192-ctr-in-ecies",NID_aes192_ctr_in_ecies,
-	6,&(lvalues[6439]),0},
+	6,&(lvalues[6433]),0},
 {"aes256-ctr-in-ecies","aes256-ctr-in-ecies",NID_aes256_ctr_in_ecies,
-	6,&(lvalues[6445]),0},
+	6,&(lvalues[6439]),0},
 {"hmac-full-ecies","hmac-full-ecies",NID_hmac_full_ecies,5,
-	&(lvalues[6451]),0},
+	&(lvalues[6445]),0},
 {"hmac-half-ecies","hmac-half-ecies",NID_hmac_half_ecies,5,
-	&(lvalues[6456]),0},
+	&(lvalues[6450]),0},
 {"cmac-aes128-ecies","cmac-aes128-ecies",NID_cmac_aes128_ecies,6,
-	&(lvalues[6461]),0},
+	&(lvalues[6455]),0},
 {"cmac-aes192-ecies","cmac-aes192-ecies",NID_cmac_aes192_ecies,6,
-	&(lvalues[6467]),0},
-{"ZUC","zuc",NID_zuc,8,&(lvalues[6473]),0},
+	&(lvalues[6461]),0},
+{"ZUC","zuc",NID_zuc,8,&(lvalues[6467]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"NULL","NULL",NID_sm7,7,&(lvalues[6481]),0},
-{"NULL","NULL",NID_sm8,7,&(lvalues[6488]),0},
-{"SM5","sm5",NID_sm5,8,&(lvalues[6495]),0},
+{"NULL","NULL",NID_sm7,7,&(lvalues[6475]),0},
+{"NULL","NULL",NID_sm8,7,&(lvalues[6482]),0},
+{"SM5","sm5",NID_sm5,8,&(lvalues[6489]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"sm9sign","sm9sign",NID_sm9sign,9,&(lvalues[6503]),0},
+{"sm9sign","sm9sign",NID_sm9sign,9,&(lvalues[6497]),0},
 {"sm9keyagreement","sm9keyagreement",NID_sm9keyagreement,9,
-	&(lvalues[6512]),0},
-{"sm9encrypt","sm9encrypt",NID_sm9encrypt,9,&(lvalues[6521]),0},
+	&(lvalues[6506]),0},
+{"sm9encrypt","sm9encrypt",NID_sm9encrypt,9,&(lvalues[6515]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
-{"SM6-ECB","sm6-ecb",NID_sm6_ecb,8,&(lvalues[6530]),0},
-{"SM6-CBC","sm6-cbc",NID_sm6_cbc,8,&(lvalues[6538]),0},
-{"SM6-OFB","sm6-ofb",NID_sm6_ofb128,8,&(lvalues[6546]),0},
-{"SM6-CFB","sm6-cfb",NID_sm6_cfb128,8,&(lvalues[6554]),0},
-{"SM1-ECB","sm1-ecb",NID_sm1_ecb,8,&(lvalues[6562]),0},
-{"SM1-CBC","sm1-cbc",NID_sm1_cbc,8,&(lvalues[6570]),0},
-{"SM1-OFB","sm1-ofb",NID_sm1_ofb128,8,&(lvalues[6578]),0},
-{"NULL","NULL",NID_sm1_cfb128,8,&(lvalues[6586]),0},
-{"SSF33-ECB","ssf33-ecb",NID_ssf33_ecb,8,&(lvalues[6594]),0},
-{"SSF33-CBC","ssf33-cbc",NID_ssf33_cbc,8,&(lvalues[6602]),0},
-{"SSF33-OFB","ssf33-ofb",NID_ssf33_ofb128,8,&(lvalues[6610]),0},
-{"SSF33-CFB","ssf33-cfb",NID_ssf33_cfb128,8,&(lvalues[6618]),0},
+{"SM6-ECB","sm6-ecb",NID_sm6_ecb,8,&(lvalues[6524]),0},
+{"SM6-CBC","sm6-cbc",NID_sm6_cbc,8,&(lvalues[6532]),0},
+{"SM6-OFB","sm6-ofb",NID_sm6_ofb128,8,&(lvalues[6540]),0},
+{"SM6-CFB","sm6-cfb",NID_sm6_cfb128,8,&(lvalues[6548]),0},
+{"SM1-ECB","sm1-ecb",NID_sm1_ecb,8,&(lvalues[6556]),0},
+{"SM1-CBC","sm1-cbc",NID_sm1_cbc,8,&(lvalues[6564]),0},
+{"SM1-OFB","sm1-ofb",NID_sm1_ofb128,8,&(lvalues[6572]),0},
+{"SM1-CFB","sm1-cfb",NID_sm1_cfb128,8,&(lvalues[6580]),0},
+{"SSF33-ECB","ssf33-ecb",NID_ssf33_ecb,8,&(lvalues[6588]),0},
+{"SSF33-CBC","ssf33-cbc",NID_ssf33_cbc,8,&(lvalues[6596]),0},
+{"SSF33-OFB","ssf33-ofb",NID_ssf33_ofb128,8,&(lvalues[6604]),0},
+{"SSF33-CFB","ssf33-cfb",NID_ssf33_cfb128,8,&(lvalues[6612]),0},
 {NULL,NULL,NID_undef,0,NULL,0},
 {"id-sm9PublicKey","id-sm9PublicKey",NID_id_sm9PublicKey,8,
-	&(lvalues[6626]),0},
-{"SMS4-CTR","sms4-ctr",NID_sms4_ctr,8,&(lvalues[6634]),0},
-{"SMS4-GCM","sms4-gcm",NID_sms4_gcm,8,&(lvalues[6642]),0},
-{"SMS4-CCM","sms4-ccm",NID_sms4_ccm,8,&(lvalues[6650]),0},
-{"SMS4-XTS","sms4-xts",NID_sms4_xts,8,&(lvalues[6658]),0},
-{"SM1-CFB","sm1-cfb",NID_sm1_cfb,0,NULL,0},
-{"SMS4-CFB1","sms4-cfb1",NID_sms4_cfb1,8,&(lvalues[6666]),0},
-{"SMS4-CFB8","sms4-cfb8",NID_sms4_cfb8,8,&(lvalues[6674]),0},
-{"SMS4-WRAP","sms4-wrap",NID_sms4_wrap,8,&(lvalues[6682]),0},
+	&(lvalues[6620]),0},
+{"SMS4-CTR","sms4-ctr",NID_sms4_ctr,8,&(lvalues[6628]),0},
+{"SMS4-GCM","sms4-gcm",NID_sms4_gcm,8,&(lvalues[6636]),0},
+{"SMS4-CCM","sms4-ccm",NID_sms4_ccm,8,&(lvalues[6644]),0},
+{"SMS4-XTS","sms4-xts",NID_sms4_xts,8,&(lvalues[6652]),0},
+{NULL,NULL,NID_undef,0,NULL,0},
+{"SMS4-CFB1","sms4-cfb1",NID_sms4_cfb1,8,&(lvalues[6660]),0},
+{"SMS4-CFB8","sms4-cfb8",NID_sms4_cfb8,8,&(lvalues[6668]),0},
+{"SMS4-WRAP","sms4-wrap",NID_sms4_wrap,8,&(lvalues[6676]),0},
+{"id-ecSigType","id-ecSigType",NID_X9_62_id_ecSigType,6,
+	&(lvalues[6684]),0},
+{"sm2encrypt-recommendedParameters",
+	"sm2encrypt-recommendedParameters",
+	NID_sm2encrypt_recommendedParameters,10,&(lvalues[6690]),0},
+{"sm2encrypt-specifiedParameters","sm2encrypt-specifiedParameters",
+	NID_sm2encrypt_specifiedParameters,10,&(lvalues[6700]),0},
+{"secg-scheme","secg-scheme",NID_secg_scheme,4,&(lvalues[6710]),0},
+{"sm-scheme","sm-scheme",NID_sm_scheme,6,&(lvalues[6714]),0},
+{"CBC-MAC","cbc-mac",NID_cbc_mac,0,NULL,0},
 };

 static const unsigned int sn_objs[NUM_SN]={
@@ -2729,6 +2743,7 @@ static const unsigned int sn_objs[NUM_SN]={
 110,	/* "CAST5-CFB" */
 109,	/* "CAST5-ECB" */
 111,	/* "CAST5-OFB" */
+1039,	/* "CBC-MAC" */
 894,	/* "CMAC" */
 13,	/* "CN" */
 141,	/* "CRLReason" */
@@ -2789,7 +2804,6 @@ static const unsigned int sn_objs[NUM_SN]={
 404,	/* "NULL" */
 1004,	/* "NULL" */
 1005,	/* "NULL" */
-1019,	/* "NULL" */
 57,	/* "Netscape" */
 366,	/* "Nonce" */
 17,	/* "O" */
@@ -2858,7 +2872,7 @@ static const unsigned int sn_objs[NUM_SN]={
 673,	/* "SHA384" */
 674,	/* "SHA512" */
 1017,	/* "SM1-CBC" */
-1030,	/* "SM1-CFB" */
+1019,	/* "SM1-CFB" */
 1016,	/* "SM1-ECB" */
 1018,	/* "SM1-OFB" */
 974,	/* "SM2Sign-with-SHA1" */
@@ -3179,6 +3193,7 @@ static const unsigned int sn_objs[NUM_SN]={
 331,	/* "id-cmc-transactionId" */
 787,	/* "id-ct-asciiTextWithCRLF" */
 408,	/* "id-ecPublicKey" */
+1034,	/* "id-ecSigType" */
 508,	/* "id-hex-multipart-message" */
 507,	/* "id-hex-partial-message" */
 260,	/* "id-it" */
@@ -3455,6 +3470,7 @@ static const unsigned int sn_objs[NUM_SN]={
 292,	/* "sbgp-routerIdentifier" */
 159,	/* "sdsiCertificate" */
 859,	/* "searchGuide" */
+1037,	/* "secg-scheme" */
 704,	/* "secp112r1" */
 705,	/* "secp112r2" */
 706,	/* "secp128r1" */
@@ -3627,8 +3643,10 @@ static const unsigned int sn_objs[NUM_SN]={
 52,	/* "signingTime" */
 454,	/* "simpleSecurityObject" */
 496,	/* "singleLevelQuality" */
-968,	/* "sm" */
+1038,	/* "sm-scheme" */
 972,	/* "sm2encrypt" */
+1035,	/* "sm2encrypt-recommendedParameters" */
+1036,	/* "sm2encrypt-specifiedParameters" */
 971,	/* "sm2keyagreement" */
 958,	/* "sm2p256v1" */
 970,	/* "sm2sign" */
@@ -3759,7 +3777,6 @@ static const unsigned int ln_objs[NUM_LN]={
 404,	/* "NULL" */
 1004,	/* "NULL" */
 1005,	/* "NULL" */
-1019,	/* "NULL" */
 72,	/* "Netscape Base Url" */
 76,	/* "Netscape CA Policy Url" */
 74,	/* "Netscape CA Revocation Url" */
@@ -3950,6 +3967,7 @@ static const unsigned int ln_objs[NUM_LN]={
 110,	/* "cast5-cfb" */
 109,	/* "cast5-ecb" */
 111,	/* "cast5-ofb" */
+1039,	/* "cbc-mac" */
 152,	/* "certBag" */
 677,	/* "certicom-arc" */
 517,	/* "certificate extensions" */
@@ -4156,6 +4174,7 @@ static const unsigned int ln_objs[NUM_LN]={
 331,	/* "id-cmc-transactionId" */
 787,	/* "id-ct-asciiTextWithCRLF" */
 408,	/* "id-ecPublicKey" */
+1034,	/* "id-ecSigType" */
 508,	/* "id-hex-multipart-message" */
 507,	/* "id-hex-partial-message" */
 260,	/* "id-it" */
@@ -4443,6 +4462,7 @@ static const unsigned int ln_objs[NUM_LN]={
 292,	/* "sbgp-routerIdentifier" */
 159,	/* "sdsiCertificate" */
 859,	/* "searchGuide" */
+1037,	/* "secg-scheme" */
 704,	/* "secp112r1" */
 705,	/* "secp112r2" */
 706,	/* "secp128r1" */
@@ -4616,12 +4636,14 @@ static const unsigned int ln_objs[NUM_LN]={
 52,	/* "signingTime" */
 454,	/* "simpleSecurityObject" */
 496,	/* "singleLevelQuality" */
-968,	/* "sm" */
+1038,	/* "sm-scheme" */
 1017,	/* "sm1-cbc" */
-1030,	/* "sm1-cfb" */
+1019,	/* "sm1-cfb" */
 1016,	/* "sm1-ecb" */
 1018,	/* "sm1-ofb" */
 972,	/* "sm2encrypt" */
+1035,	/* "sm2encrypt-recommendedParameters" */
+1036,	/* "sm2encrypt-specifiedParameters" */
 971,	/* "sm2keyagreement" */
 958,	/* "sm2p256v1" */
 970,	/* "sm2sign" */
@@ -4820,6 +4842,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 387,	/* OBJ_SNMPv2                       1 3 6 1 6 */
 388,	/* OBJ_Mail                         1 3 6 1 7 */
 376,	/* OBJ_algorithm                    1 3 14 3 2 */
+1037,	/* OBJ_secg_scheme                  1 3 132 1 */
 395,	/* OBJ_clearance                    2 5 1 5 55 */
 19,	/* OBJ_rsa                          2 5 8 1 1 */
 96,	/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
@@ -5017,7 +5040,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 745,	/* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
 804,	/* OBJ_whirlpool                    1 0 10118 3 0 55 */
 124,	/* OBJ_rle_compression              1 1 1 1 666 1 */
-968,	/* OBJ_sm                           1 2 156 10197 1 */
+1038,	/* OBJ_sm_scheme                    1 2 156 10197 1 */
 773,	/* OBJ_kisa                         1 2 410 200004 */
 807,	/* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
 808,	/* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
@@ -5032,6 +5055,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 818,	/* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
 1,	/* OBJ_rsadsi                       1 2 840 113549 */
 185,	/* OBJ_X9cm                         1 2 840 10040 4 */
+1034,	/* OBJ_X9_62_id_ecSigType           1 2 840 10045 4 */
 127,	/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
 505,	/* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
 506,	/* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
@@ -5543,6 +5567,8 @@ static const unsigned int obj_objs[NUM_OBJ]={
 455,	/* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
 456,	/* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
 457,	/* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
+1035,	/* OBJ_sm2encrypt_recommendedParameters 1 2 156 10197 1 301 3 1 */
+1036,	/* OBJ_sm2encrypt_specifiedParameters 1 2 156 10197 1 301 3 2 */
 189,	/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
 190,	/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
 191,	/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -309,6 +309,8 @@
 #define NID_X9_62_prime256v1            415
 #define OBJ_X9_62_prime256v1            OBJ_X9_62_primeCurve,7L

+#define SN_X9_62_id_ecSigType           "id-ecSigType"
+#define NID_X9_62_id_ecSigType          1034
 #define OBJ_X9_62_id_ecSigType          OBJ_ansi_X9_62,4L

 #define SN_ecdsa_with_SHA1              "ecdsa-with-SHA1"
@@ -4110,6 +4112,8 @@

 #define OBJ_x9_63_scheme                1L,3L,133L,16L,840L,63L,0L

+#define SN_secg_scheme          "secg-scheme"
+#define NID_secg_scheme         1037
 #define OBJ_secg_scheme         OBJ_certicom_arc,1L

 #define SN_dhSinglePass_stdDH_sha1kdf_scheme            "dhSinglePass-stdDH-sha1kdf-scheme"
@@ -4193,8 +4197,6 @@
 #define NID_jurisdictionCountryName             957
 #define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L

-#define OBJ_secg_scheme         OBJ_certicom_arc,1L
-
 #define SN_ecies_recommendedParameters          "ecies-recommendedParameters"
 #define NID_ecies_recommendedParameters         983
 #define OBJ_ecies_recommendedParameters         OBJ_secg_scheme,7L
@@ -4263,6 +4265,10 @@
 #define NID_cmac_aes192_ecies           999
 #define OBJ_cmac_aes192_ecies           OBJ_secg_scheme,24L,1L

+#define SN_cbc_mac              "CBC-MAC"
+#define LN_cbc_mac              "cbc-mac"
+#define NID_cbc_mac             1039
+
 #define SN_ISO_CN               "ISO-CN"
 #define LN_ISO_CN               "ISO CN Member Body"
 #define NID_ISO_CN              960
@@ -4272,196 +4278,202 @@
 #define NID_oscca               961
 #define OBJ_oscca               OBJ_ISO_CN,10197L

-#define SN_sm           "sm"
-#define NID_sm          968
-#define OBJ_sm          OBJ_oscca,1L
+#define SN_sm_scheme            "sm-scheme"
+#define NID_sm_scheme           1038
+#define OBJ_sm_scheme           OBJ_oscca,1L

 #define SN_sm6_ecb              "SM6-ECB"
 #define LN_sm6_ecb              "sm6-ecb"
 #define NID_sm6_ecb             1012
-#define OBJ_sm6_ecb             OBJ_sm,101L,1L
+#define OBJ_sm6_ecb             OBJ_sm_scheme,101L,1L

 #define SN_sm6_cbc              "SM6-CBC"
 #define LN_sm6_cbc              "sm6-cbc"
 #define NID_sm6_cbc             1013
-#define OBJ_sm6_cbc             OBJ_sm,101L,2L
+#define OBJ_sm6_cbc             OBJ_sm_scheme,101L,2L

 #define SN_sm6_ofb128           "SM6-OFB"
 #define LN_sm6_ofb128           "sm6-ofb"
 #define NID_sm6_ofb128          1014
-#define OBJ_sm6_ofb128          OBJ_sm,101L,3L
+#define OBJ_sm6_ofb128          OBJ_sm_scheme,101L,3L

 #define SN_sm6_cfb128           "SM6-CFB"
 #define LN_sm6_cfb128           "sm6-cfb"
 #define NID_sm6_cfb128          1015
-#define OBJ_sm6_cfb128          OBJ_sm,101L,4L
+#define OBJ_sm6_cfb128          OBJ_sm_scheme,101L,4L

 #define SN_sm1_ecb              "SM1-ECB"
 #define LN_sm1_ecb              "sm1-ecb"
 #define NID_sm1_ecb             1016
-#define OBJ_sm1_ecb             OBJ_sm,102L,1L
+#define OBJ_sm1_ecb             OBJ_sm_scheme,102L,1L

 #define SN_sm1_cbc              "SM1-CBC"
 #define LN_sm1_cbc              "sm1-cbc"
 #define NID_sm1_cbc             1017
-#define OBJ_sm1_cbc             OBJ_sm,102L,2L
+#define OBJ_sm1_cbc             OBJ_sm_scheme,102L,2L

 #define SN_sm1_ofb128           "SM1-OFB"
 #define LN_sm1_ofb128           "sm1-ofb"
 #define NID_sm1_ofb128          1018
-#define OBJ_sm1_ofb128          OBJ_sm,102L,3L
+#define OBJ_sm1_ofb128          OBJ_sm_scheme,102L,3L

+#define SN_sm1_cfb128           "SM1-CFB"
+#define LN_sm1_cfb128           "sm1-cfb"
 #define NID_sm1_cfb128          1019
-#define OBJ_sm1_cfb128          OBJ_sm,102L,4L
-
-#define SN_sm1_cfb              "SM1-CFB"
-#define LN_sm1_cfb              "sm1-cfb"
-#define NID_sm1_cfb             1030
+#define OBJ_sm1_cfb128          OBJ_sm_scheme,102L,4L

 #define SN_ssf33_ecb            "SSF33-ECB"
 #define LN_ssf33_ecb            "ssf33-ecb"
 #define NID_ssf33_ecb           1020
-#define OBJ_ssf33_ecb           OBJ_sm,103L,1L
+#define OBJ_ssf33_ecb           OBJ_sm_scheme,103L,1L

 #define SN_ssf33_cbc            "SSF33-CBC"
 #define LN_ssf33_cbc            "ssf33-cbc"
 #define NID_ssf33_cbc           1021
-#define OBJ_ssf33_cbc           OBJ_sm,103L,2L
+#define OBJ_ssf33_cbc           OBJ_sm_scheme,103L,2L

 #define SN_ssf33_ofb128         "SSF33-OFB"
 #define LN_ssf33_ofb128         "ssf33-ofb"
 #define NID_ssf33_ofb128                1022
-#define OBJ_ssf33_ofb128                OBJ_sm,103L,3L
+#define OBJ_ssf33_ofb128                OBJ_sm_scheme,103L,3L

 #define SN_ssf33_cfb128         "SSF33-CFB"
 #define LN_ssf33_cfb128         "ssf33-cfb"
 #define NID_ssf33_cfb128                1023
-#define OBJ_ssf33_cfb128                OBJ_sm,103L,4L
+#define OBJ_ssf33_cfb128                OBJ_sm_scheme,103L,4L

 #define SN_sms4_ecb             "SMS4-ECB"
 #define LN_sms4_ecb             "sms4-ecb"
 #define NID_sms4_ecb            977
-#define OBJ_sms4_ecb            OBJ_sm,104L,1L
+#define OBJ_sms4_ecb            OBJ_sm_scheme,104L,1L

 #define SN_sms4_cbc             "SMS4-CBC"
 #define LN_sms4_cbc             "sms4-cbc"
 #define NID_sms4_cbc            978
-#define OBJ_sms4_cbc            OBJ_sm,104L,2L
+#define OBJ_sms4_cbc            OBJ_sm_scheme,104L,2L

 #define SN_sms4_ofb128          "SMS4-OFB"
 #define LN_sms4_ofb128          "sms4-ofb"
 #define NID_sms4_ofb128         981
-#define OBJ_sms4_ofb128         OBJ_sm,104L,3L
+#define OBJ_sms4_ofb128         OBJ_sm_scheme,104L,3L

 #define SN_sms4_cfb128          "SMS4-CFB"
 #define LN_sms4_cfb128          "sms4-cfb"
 #define NID_sms4_cfb128         982
-#define OBJ_sms4_cfb128         OBJ_sm,104L,4L
+#define OBJ_sms4_cfb128         OBJ_sm_scheme,104L,4L

 #define SN_sms4_cfb1            "SMS4-CFB1"
 #define LN_sms4_cfb1            "sms4-cfb1"
 #define NID_sms4_cfb1           1031
-#define OBJ_sms4_cfb1           OBJ_sm,104L,5L
+#define OBJ_sms4_cfb1           OBJ_sm_scheme,104L,5L

 #define SN_sms4_cfb8            "SMS4-CFB8"
 #define LN_sms4_cfb8            "sms4-cfb8"
 #define NID_sms4_cfb8           1032
-#define OBJ_sms4_cfb8           OBJ_sm,104L,6L
+#define OBJ_sms4_cfb8           OBJ_sm_scheme,104L,6L

 #define SN_sms4_ctr             "SMS4-CTR"
 #define LN_sms4_ctr             "sms4-ctr"
 #define NID_sms4_ctr            1026
-#define OBJ_sms4_ctr            OBJ_sm,104L,7L
+#define OBJ_sms4_ctr            OBJ_sm_scheme,104L,7L

 #define SN_sms4_gcm             "SMS4-GCM"
 #define LN_sms4_gcm             "sms4-gcm"
 #define NID_sms4_gcm            1027
-#define OBJ_sms4_gcm            OBJ_sm,104L,8L
+#define OBJ_sms4_gcm            OBJ_sm_scheme,104L,8L

 #define SN_sms4_ccm             "SMS4-CCM"
 #define LN_sms4_ccm             "sms4-ccm"
 #define NID_sms4_ccm            1028
-#define OBJ_sms4_ccm            OBJ_sm,104L,9L
+#define OBJ_sms4_ccm            OBJ_sm_scheme,104L,9L

 #define SN_sms4_xts             "SMS4-XTS"
 #define LN_sms4_xts             "sms4-xts"
 #define NID_sms4_xts            1029
-#define OBJ_sms4_xts            OBJ_sm,104L,10L
+#define OBJ_sms4_xts            OBJ_sm_scheme,104L,10L

 #define SN_sms4_wrap            "SMS4-WRAP"
 #define LN_sms4_wrap            "sms4-wrap"
 #define NID_sms4_wrap           1033
-#define OBJ_sms4_wrap           OBJ_sm,104L,11L
+#define OBJ_sms4_wrap           OBJ_sm_scheme,104L,11L

 #define NID_sm7         1004
-#define OBJ_sm7         OBJ_sm,105L
+#define OBJ_sm7         OBJ_sm_scheme,105L

 #define NID_sm8         1005
-#define OBJ_sm8         OBJ_sm,106L
+#define OBJ_sm8         OBJ_sm_scheme,106L

 #define SN_sm5          "SM5"
 #define LN_sm5          "sm5"
 #define NID_sm5         1006
-#define OBJ_sm5         OBJ_sm,201L
+#define OBJ_sm5         OBJ_sm_scheme,201L

 #define SN_sm2p256v1            "sm2p256v1"
 #define NID_sm2p256v1           958
-#define OBJ_sm2p256v1           OBJ_sm,301L
+#define OBJ_sm2p256v1           OBJ_sm_scheme,301L

 #define SN_sm2sign              "sm2sign"
 #define NID_sm2sign             970
-#define OBJ_sm2sign             OBJ_sm,301L,1L
+#define OBJ_sm2sign             OBJ_sm_scheme,301L,1L

 #define SN_sm2keyagreement              "sm2keyagreement"
 #define NID_sm2keyagreement             971
-#define OBJ_sm2keyagreement             OBJ_sm,301L,2L
+#define OBJ_sm2keyagreement             OBJ_sm_scheme,301L,2L

 #define SN_sm2encrypt           "sm2encrypt"
 #define NID_sm2encrypt          972
-#define OBJ_sm2encrypt          OBJ_sm,301L,3L
+#define OBJ_sm2encrypt          OBJ_sm_scheme,301L,3L
+
+#define SN_sm2encrypt_recommendedParameters             "sm2encrypt-recommendedParameters"
+#define NID_sm2encrypt_recommendedParameters            1035
+#define OBJ_sm2encrypt_recommendedParameters            OBJ_sm2encrypt,1L
+
+#define SN_sm2encrypt_specifiedParameters               "sm2encrypt-specifiedParameters"
+#define NID_sm2encrypt_specifiedParameters              1036
+#define OBJ_sm2encrypt_specifiedParameters              OBJ_sm2encrypt,2L

 #define SN_id_sm9PublicKey              "id-sm9PublicKey"
 #define NID_id_sm9PublicKey             1025
-#define OBJ_id_sm9PublicKey             OBJ_sm,302L
+#define OBJ_id_sm9PublicKey             OBJ_sm_scheme,302L

 #define SN_sm9sign              "sm9sign"
 #define NID_sm9sign             1008
-#define OBJ_sm9sign             OBJ_sm,302L,1L
+#define OBJ_sm9sign             OBJ_sm_scheme,302L,1L

 #define SN_sm9keyagreement              "sm9keyagreement"
 #define NID_sm9keyagreement             1009
-#define OBJ_sm9keyagreement             OBJ_sm,302L,2L
+#define OBJ_sm9keyagreement             OBJ_sm_scheme,302L,2L

 #define SN_sm9encrypt           "sm9encrypt"
 #define NID_sm9encrypt          1010
-#define OBJ_sm9encrypt          OBJ_sm,302L,3L
+#define OBJ_sm9encrypt          OBJ_sm_scheme,302L,3L

 #define SN_sm3          "SM3"
 #define LN_sm3          "sm3"
 #define NID_sm3         962
-#define OBJ_sm3         OBJ_sm,401L
+#define OBJ_sm3         OBJ_sm_scheme,401L

 #define SN_hmac_sm3             "HMAC-SM3"
 #define LN_hmac_sm3             "hmac-sm3"
 #define NID_hmac_sm3            963
-#define OBJ_hmac_sm3            OBJ_sm,401L,2L
+#define OBJ_hmac_sm3            OBJ_sm_scheme,401L,2L

 #define SN_sm2sign_with_sm3             "SM2Sign-with-SM3"
 #define LN_sm2sign_with_sm3             "sm2sign-with-sm3"
 #define NID_sm2sign_with_sm3            973
-#define OBJ_sm2sign_with_sm3            OBJ_sm,501L
+#define OBJ_sm2sign_with_sm3            OBJ_sm_scheme,501L

 #define SN_sm2sign_with_sha1            "SM2Sign-with-SHA1"
 #define LN_sm2sign_with_sha1            "sm2sign-with-sha1"
 #define NID_sm2sign_with_sha1           974
-#define OBJ_sm2sign_with_sha1           OBJ_sm,502L
+#define OBJ_sm2sign_with_sha1           OBJ_sm_scheme,502L

 #define SN_sm2sign_with_sha256          "SM2Sign-with-SHA256"
 #define LN_sm2sign_with_sha256          "sm2sign-with-sha256"
 #define NID_sm2sign_with_sha256         975
-#define OBJ_sm2sign_with_sha256         OBJ_sm,503L
+#define OBJ_sm2sign_with_sha256         OBJ_sm_scheme,503L

 #define SN_zuc          "ZUC"
 #define LN_zuc          "zuc"
 #define NID_zuc         1000
-#define OBJ_zuc         OBJ_sm,800L
+#define OBJ_zuc         OBJ_sm_scheme,800L
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1031,3 +1031,9 @@ sm1_cfb		1030
 sms4_cfb1		1031
 sms4_cfb8		1032
 sms4_wrap		1033
+X9_62_id_ecSigType		1034
+sm2encrypt_recommendedParameters		1035
+sm2encrypt_specifiedParameters		1036
+secg_scheme		1037
+sm_scheme		1038
+cbc_mac		1039
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -76,7 +76,9 @@ X9-62_primeCurve 4	 	: prime239v1
 X9-62_primeCurve 5	 	: prime239v2
 X9-62_primeCurve 6	 	: prime239v3
 X9-62_primeCurve 7	 	: prime256v1
-!Alias id-ecSigType ansi-X9-62 4
+# GMSSL export ecdsa type
+#!Alias id-ecSigType ansi-X9-62 4
+ansi-X9-62 4			: id-ecSigType
 !global
 X9-62_id-ecSigType 1		: ecdsa-with-SHA1
 X9-62_id-ecSigType 2		: ecdsa-with-Recommended
@@ -1319,8 +1321,8 @@ ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH

 # ECDH schemes from RFC5753
 !Alias x9-63-scheme 1 3 133 16 840 63 0
-!Alias secg-scheme certicom-arc 1
-
+#!Alias secg-scheme certicom-arc 1
+certicom-arc 1   : secg-scheme
 x9-63-scheme 2   : dhSinglePass-stdDH-sha1kdf-scheme
 secg-scheme 11 0 : dhSinglePass-stdDH-sha224kdf-scheme
 secg-scheme 11 1 : dhSinglePass-stdDH-sha256kdf-scheme
@@ -1351,7 +1353,6 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme


 # GmSSL SECG ECIES OID
-!Alias secg_scheme certicom-arc 1
 secg-scheme 7		: ecies-recommendedParameters
 secg-scheme 8		: ecies-specifiedParameters
 secg-scheme 17 0	: x9-63-kdf
@@ -1369,72 +1370,77 @@ secg-scheme 22		: hmac-full-ecies
 secg-scheme 23		: hmac-half-ecies
 secg-scheme 24 0	: cmac-aes128-ecies
 secg-scheme 24 1	: cmac-aes192-ecies
- 
+
+# No NID for CBC-MAC 
+			: CBC-MAC		: cbc-mac
+
 # GmSSL SM OID 
 member-body 156		: ISO-CN	: ISO CN Member Body
 ISO-CN 10197		: oscca
-oscca 1		: sm
+oscca 1			: sm-scheme

-sm 101 1		: SM6-ECB		: sm6-ecb
-sm 101 2		: SM6-CBC		: sm6-cbc
+sm-scheme 101 1		: SM6-ECB		: sm6-ecb
+sm-scheme 101 2		: SM6-CBC		: sm6-cbc
 !Cname sm6-ofb128
-sm 101 3		: SM6-OFB		: sm6-ofb
+sm-scheme 101 3		: SM6-OFB		: sm6-ofb
 !Cname sm6-cfb128
-sm 101 4		: SM6-CFB		: sm6-cfb
+sm-scheme 101 4		: SM6-CFB		: sm6-cfb

-sm 102 1		: SM1-ECB		: sm1-ecb
-sm 102 2		: SM1-CBC		: sm1-cbc
+sm-scheme 102 1		: SM1-ECB		: sm1-ecb
+sm-scheme 102 2		: SM1-CBC		: sm1-cbc
 !Cname sm1-ofb128
-sm 102 3		: SM1-OFB		: sm1-ofb
+sm-scheme 102 3		: SM1-OFB		: sm1-ofb
 !Cname sm1-cfb128
-sm 102 4
-	: SM1-CFB		: sm1-cfb
+sm-scheme 102 4		: SM1-CFB		: sm1-cfb

-sm 103 1	: SSF33-ECB		: ssf33-ecb
-sm 103 2	: SSF33-CBC		: ssf33-cbc
+sm-scheme 103 1		: SSF33-ECB		: ssf33-ecb
+sm-scheme 103 2		: SSF33-CBC		: ssf33-cbc
 !Cname ssf33-ofb128
-sm 103 3	: SSF33-OFB		: ssf33-ofb
+sm-scheme 103 3		: SSF33-OFB		: ssf33-ofb
 !Cname ssf33-cfb128
-sm 103 4	: SSF33-CFB		: ssf33-cfb
+sm-scheme 103 4		: SSF33-CFB		: ssf33-cfb

-sm 104 1	: SMS4-ECB		: sms4-ecb
-sm 104 2	: SMS4-CBC		: sms4-cbc
+sm-scheme 104 1		: SMS4-ECB		: sms4-ecb
+sm-scheme 104 2		: SMS4-CBC		: sms4-cbc
 !Cname sms4-ofb128
-sm 104 3	: SMS4-OFB		: sms4-ofb
+sm-scheme 104 3		: SMS4-OFB		: sms4-ofb
 !Cname sms4-cfb128
-sm 104 4	: SMS4-CFB		: sms4-cfb
-sm 104 5	: SMS4-CFB1		: sms4-cfb1
-sm 104 6	: SMS4-CFB8		: sms4-cfb8
-sm 104 7	: SMS4-CTR		: sms4-ctr
-sm 104 8	: SMS4-GCM		: sms4-gcm
-sm 104 9	: SMS4-CCM		: sms4-ccm
-sm 104 10	: SMS4-XTS		: sms4-xts
-sm 104 11	: SMS4-WRAP		: sms4-wrap
+sm-scheme 104 4		: SMS4-CFB		: sms4-cfb
+sm-scheme 104 5		: SMS4-CFB1		: sms4-cfb1
+sm-scheme 104 6		: SMS4-CFB8		: sms4-cfb8
+sm-scheme 104 7		: SMS4-CTR		: sms4-ctr
+sm-scheme 104 8		: SMS4-GCM		: sms4-gcm
+sm-scheme 104 9		: SMS4-CCM		: sms4-ccm
+sm-scheme 104 10	: SMS4-XTS		: sms4-xts
+sm-scheme 104 11	: SMS4-WRAP		: sms4-wrap

-!Alias sm7 sm 105

-!Alias sm8 sm 106

-sm 201		: SM5			: sm5
+!Alias sm7 sm-scheme 105

-# sm 301	: id-sm2PublicKey
-sm 301		: sm2p256v1
-sm 301 1	: sm2sign
-sm 301 2	: sm2keyagreement
-sm 301 3	: sm2encrypt
+!Alias sm8 sm-scheme 106

-sm 302		: id-sm9PublicKey
-sm 302 1	: sm9sign
-sm 302 2	: sm9keyagreement
-sm 302 3	: sm9encrypt
+sm-scheme 201		: SM5			: sm5

-sm 401		: SM3			: sm3
-sm 401 2	: HMAC-SM3		: hmac-sm3
-sm 501		: SM2Sign-with-SM3	: sm2sign-with-sm3
-sm 502		: SM2Sign-with-SHA1 	: sm2sign-with-sha1 
-sm 503		: SM2Sign-with-SHA256	: sm2sign-with-sha256
+sm-scheme 301		: sm2p256v1
+sm-scheme 301 1		: sm2sign
+sm-scheme 301 2		: sm2keyagreement
+sm-scheme 301 3		: sm2encrypt
+sm2encrypt 1		: sm2encrypt-recommendedParameters
+sm2encrypt 2		: sm2encrypt-specifiedParameters
+
+sm-scheme 302		: id-sm9PublicKey
+sm-scheme 302 1		: sm9sign
+sm-scheme 302 2		: sm9keyagreement
+sm-scheme 302 3		: sm9encrypt
+
+sm-scheme 401		: SM3			: sm3
+sm-scheme 401 2		: HMAC-SM3		: hmac-sm3
+sm-scheme 501		: SM2Sign-with-SM3	: sm2sign-with-sm3
+sm-scheme 502		: SM2Sign-with-SHA1 	: sm2sign-with-sha1 
+sm-scheme 503		: SM2Sign-with-SHA256	: sm2sign-with-sha256

 # GmSSL ZUC OID
-sm 800		: ZUC			: zuc
+sm-scheme 800		: ZUC			: zuc


--- a/crypto/otp/Makefile
+++ b/crypto/otp/Makefile
@@ -0,0 +1,81 @@
+#
+# OpenSSL/crypto/sm3/Makefile
+#
+
+DIR=    otp
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=-I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+SM3_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=otptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=otp.c
+LIBOBJ=otp.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= otp.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
--- a/crypto/otp/otp.c
+++ b/crypto/otp/otp.c
@@ -0,0 +1,123 @@
+#include <time.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <strings.h>
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+#include <openssl/cbcmac.h>
+#include "../modes/modes_lcl.h"
+#include <openssl/otp.h>
+
+static int pow_table[] = {
+	1,
+	10,
+	100,
+	1000,
+	10000,
+	100000,
+	1000000,
+	10000000,
+	100000000,
+};
+
+static int check_params(const OTP_PARAMS *params)
+{
+	if ((params->te < 1 || params->te > 60) ||
+		(params->type != NID_sm3 && params->type != NID_sms4_ecb) || /* about to change */
+		(params->otp_digits >= sizeof(pow_table) || params->otp_digits < 4)) {
+		return 0;
+	}
+	return 1;
+}
+
+int OTP_generate(const OTP_PARAMS *params, const void *event, size_t eventlen,
+	unsigned int *otp, const unsigned char *key, size_t keylen)
+{
+	int ret = 0;
+	time_t t = 0;
+	unsigned char *id = NULL;
+	size_t idlen;
+	const EVP_MD *md;
+	const EVP_CIPHER *cipher;
+	EVP_MD_CTX *mdctx = NULL;
+	CBCMAC_CTX *cmctx = NULL;
+	unsigned char s[EVP_MAX_MD_SIZE];
+	size_t slen;
+	uint32_t od;
+	int i;
+
+	OPENSSL_assert(sizeof(time_t) == 8);
+
+	if (!check_params(params)) {
+		return 0;
+	}
+
+	idlen = sizeof(uint64_t) + eventlen + params->option_size;
+	if (idlen < 16) {
+		idlen = 16;
+	}
+	if (!(id = OPENSSL_malloc(idlen))) {
+		goto end;
+	}
+	bzero(id, idlen);
+
+	t = time(NULL);
+	t /= params->te;
+
+	memcpy(id, &t, sizeof(t));
+	memcpy(id + sizeof(t), event, eventlen);
+	memcpy(id + sizeof(t) + eventlen, params->option, params->option_size);
+
+
+	/* FIXME: try to get md and cipher, and check if cipher is ECB */
+	if (params->type == NID_sm3) {
+		md = EVP_get_digestbynid(params->type);
+		if (!(mdctx = EVP_MD_CTX_create())) {
+			goto end;
+		}
+		if (!EVP_DigestInit_ex(mdctx, md, NULL)) {
+			goto end;
+		}
+		if (!EVP_DigestUpdate(mdctx, key, keylen)) {
+			goto end;
+		}
+		if (!EVP_DigestUpdate(mdctx, id, idlen)) {
+			goto end;
+		}
+		if (!EVP_DigestFinal_ex(mdctx, s, (unsigned int *)&slen)) {
+			goto end;
+		}
+	} else if (params->type == NID_sms4_ecb) {
+		cipher = EVP_get_cipherbynid(params->type);
+		if (!(cmctx = CBCMAC_CTX_new())) {
+			goto end;
+		}
+		if (!CBCMAC_Init(cmctx, key, keylen, cipher, NULL)) {
+			goto end;
+		}
+		if (!CBCMAC_Update(cmctx, id, idlen)) {
+			goto end;
+		}
+		if (!CBCMAC_Final(cmctx, s, &slen)) {
+			goto end;
+		}
+	} else {
+		goto end;
+	}
+	OPENSSL_assert(slen % 4 == 0);
+
+	od = 0;
+	for (i = 0; i < slen/4; i++) {
+		od += GETU32(&s[i * 4]);
+	}
+
+	*otp = od % pow_table[params->otp_digits];
+	ret = 1;
+end:
+	OPENSSL_free(id);
+	EVP_MD_CTX_destroy(mdctx);
+	CBCMAC_CTX_free(cmctx);
+	return ret;
+}
+
--- a/crypto/otp/otp.h
+++ b/crypto/otp/otp.h
@@ -0,0 +1,85 @@
+/* crypto/otp/otp.h */
+/* ====================================================================
+ * Copyright (c) 2015 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_OTP_H
+#define HEADER_OTP_H
+
+#include <stdlib.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct OTP_PARAMS_st {
+	int type;
+	int te;
+	void *option;
+	size_t option_size;
+	int otp_digits;
+} OTP_PARAMS;
+
+/* OTP reference to the GM/T OTP specification
+ * type should be a valid md nid or a ECB cipher nid
+ * te is the time period in the range [1, 60]
+ * event is the C in ID = {T|C|O}
+ * opt is the O in ID = {T|C|O}
+ * otp_digits is the number of digits of otp, choose in the range [4, 8]
+ * otp the output otp value, convert to digits with snprintf()
+ */
+int OTP_generate(const OTP_PARAMS *params, const void *event, size_t eventlen,
+	unsigned int *otp, const unsigned char *key, size_t keylen);
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#endif
+
--- a/crypto/sm2/sm2.h
+++ b/crypto/sm2/sm2.h
@@ -60,6 +60,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/ecdsa.h>
+#include <openssl/sm3.h>

 #ifdef __cplusplus
 extern "C" {
@@ -68,7 +69,9 @@ extern "C" {

 #define SM2_MAX_ID_BITS				65535
 #define SM2_MAX_ID_LENGTH			(SM2_MAX_ID_BITS/8)
-#define SM2_DEFAULT_ID				"1234567812345678" 
+#define SM2_DEFAULT_ID_GMT09			"1234567812345678"			
+#define SM2_DEFAULT_ID_GMSSL			"anonym@gmssl.org" 
+#define SM2_DEFAULT_ID				SM2_DEFAULT_ID_GMSSL
 #define SM2_DEFAULT_POINT_CONVERSION_FORM	POINT_CONVERSION_UNCOMPRESSED


@@ -78,6 +81,14 @@ int SM2_compute_id_digest(const EVP_MD *md, unsigned char *dgst,
 	unsigned int *dgstlen, EC_KEY *ec_key);


+
+typedef struct sm2_enc_params_st {
+	EVP_MD *kdf_md;
+	EVP_MD *mac_md;
+	int mactag_size;
+	point_conversion_form_t point_form;
+} SM2_ENC_PARAMS;
+
 typedef struct sm2_ciphertext_value_st {
 	EC_POINT *ephem_point;
 	unsigned char *ciphertext;
@@ -103,26 +114,25 @@ int SM2_CIPHERTEXT_VALUE_print(BIO *out, const EC_GROUP *ec_group,
 	const SM2_CIPHERTEXT_VALUE *cv, int indent, unsigned long flags);

 /* FIXME: we should provide optional return value */
-SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen, EC_KEY *ec_key);
-int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
 	const SM2_CIPHERTEXT_VALUE *cv, unsigned char *out, size_t *outlen,
 	EC_KEY *ec_key);
-
-int SM2_encrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
-	point_conversion_form_t point_form,
+int SM2_encrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
-int SM2_decrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
-	point_conversion_form_t point_form,
+int SM2_decrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
-
-int SM2_encrypt(const unsigned char *in, size_t inlen,
+int SM2_encrypt_with_recommended(const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
-int SM2_decrypt(const unsigned char *in, size_t inlen,
+int SM2_decrypt_with_recommended(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
+int SM2_encrypt_elgamal(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
+int SM2_decrypt_elgamal(const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key);
-

 int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md,
 	const void *msg, size_t msglen, unsigned char *dgst,
@@ -130,7 +140,6 @@ int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md,
 int SM2_digest(const void *msg, size_t msglen, unsigned char *dgst,
 	unsigned int *dgstlen, EC_KEY *ec_key);

-
 #define SM2_signature_size(ec_key)	ECDSA_size(ec_key)
 int SM2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx, BIGNUM **a, BIGNUM **b);
 ECDSA_SIG *SM2_do_sign_ex(const unsigned char *dgst, int dgstlen,
--- a/crypto/sm2/sm2_asn1.c
+++ b/crypto/sm2/sm2_asn1.c
@@ -91,6 +91,7 @@ Default ID = "1234567812345678"

 */

+#if 0
 typedef struct SM2CiphertextValue_st {
 	ASN1_INTEGER *xCoordinate;
 	ASN1_INTEGER *yCoordinate;
@@ -107,6 +108,22 @@ ASN1_SEQUENCE(SM2CiphertextValue) = {
 IMPLEMENT_ASN1_FUNCTIONS(SM2CiphertextValue)
 IMPLEMENT_ASN1_DUP_FUNCTION(SM2CiphertextValue)

+typedef struct SM2EnvelopedKey_st {
+	ASN1_ALGOR *symAlgID;
+	SM2CiphertextValue *symEncryptedKey;
+	ASN1_OCTET_STRING *sm2PublicKey;
+	ASN1_BIT_STRING *sm2EncryptedPrivateKey;
+} SM2EnvelopedKey;
+
+/* GmSSL specific */
+ASN1_SEQUENCE(SM2_CIPHERTEXT_VALUE_ASN1) = {
+	ASN1_SIMPLE(SM2_CIPHERTEXT_VALUE_ASN1, ephem_point, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(SM2_CIPHERTEXT_VALUE_ASN1, ciphertext, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(SM2_CIPHERTEXT_VALUE_ASN1, mactag, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(SM2_CIPHERTEXT_VALUE)
+IMPLEMENT_ASN1_FUNCTIONS(SM2_CIPHERTEXT_VALUE_ASN1)
+IMPLEMENT_ASN1_DUP_FUNCTION(SM2_CIPHERTEXT_VALUE_ASN1)
+

 int i2d_SM2_CIPHERTEXT_VALUE(const SM2_CIPHERTEXT_VALUE *c, unsigned char **out)
 {
@@ -145,4 +162,4 @@ SM2_CIPHERTEXT_VALUE *d2i_SM2_CIPHERTEXT_VALUE(SM2_CIPHERTEXT_VALUE **c,

 	return NULL;
 }
-
+#endif
--- a/crypto/sm2/sm2_enc.c
+++ b/crypto/sm2/sm2_enc.c
@@ -239,8 +239,7 @@ end:
 	return 0;
 }

-int SM2_encrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
-	point_conversion_form_t point_form,
+int SM2_encrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
 {
@@ -249,7 +248,8 @@ int SM2_encrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	SM2_CIPHERTEXT_VALUE *cv = NULL;
 	int len;

-	if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, point_form, inlen, mac_md))) {
+	if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group,
+		params->point_form, inlen, params->mac_md))) {
 		goto end;
 	}

@@ -261,10 +261,11 @@ int SM2_encrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 		return 0;
 	}

-	if (!(cv = SM2_do_encrypt(kdf_md, mac_md, in, inlen, ec_key))) {
+	if (!(cv = SM2_do_encrypt(params, in, inlen, ec_key))) {
 		goto end;
 	}
-	if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group, point_form, out, outlen)) {
+	if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group,
+		params->point_form, out, outlen)) {
 		goto end;
 	}
 	
@@ -274,14 +275,14 @@ end:
 	return ret;
 }

-SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen, EC_KEY *ec_key)
 {
 	int ok = 0;
 	SM2_CIPHERTEXT_VALUE *cv = NULL;
 	const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
 	const EC_POINT *pub_key = EC_KEY_get0_public_key(ec_key);
-	KDF_FUNC kdf = KDF_get_x9_63(kdf_md);
+	KDF_FUNC kdf = KDF_get_x9_63(params->kdf_md);
 	EC_POINT *point = NULL;
 	BIGNUM *n = NULL;
 	BIGNUM *h = NULL;
@@ -290,6 +291,8 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	EVP_MD_CTX *md_ctx = NULL;
 	unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1];
 	int nbytes;
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen;
 	size_t len;
 	int i;

@@ -331,16 +334,6 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	}
 	nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8;

-
-	//OPENSSL_assert(nbytes == BN_num_bytes(n));
-
-#if 0
-	/* check sm2 curve and md is 256 bits */
-	OPENSSL_assert(nbytes == 32);
-	OPENSSL_assert(EVP_MD_size(kdf_md) == 32);
-	OPENSSL_assert(EVP_MD_size(mac_md) == 32);
-#endif
-
 	do
 	{
 		/* A1: rand k in [1, n-1] */
@@ -395,7 +388,7 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	}
 	
 	/* A7: C3 = Hash(x2 || M || y2) */
-	if (!EVP_DigestInit_ex(md_ctx, mac_md, NULL)) {
+	if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) {
 		goto end;
 	}
 	if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) {
@@ -407,10 +400,16 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) {
 		goto end;
 	}
-	if (!EVP_DigestFinal_ex(md_ctx, cv->mactag, &cv->mactag_size)) {
+	if (!EVP_DigestFinal_ex(md_ctx, dgst, &dgstlen)) {
 		goto end;
 	}

+	/* GmSSL specific: reduce mactag size */
+	if (params->mactag_size > dgstlen) {
+		goto end;
+	}
+	cv->mactag_size = params->mactag_size;
+	memcpy(cv->mactag, dgst, cv->mactag_size);

 	ok = 1;

@@ -430,8 +429,7 @@ end:
 	return cv;
 }

-int SM2_decrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
-	point_conversion_form_t point_form,
+int SM2_decrypt(const SM2_ENC_PARAMS *params,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
 {
@@ -440,7 +438,7 @@ int SM2_decrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	SM2_CIPHERTEXT_VALUE *cv = NULL;
 	int len;

-	if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, point_form, 0, mac_md))) {
+	if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, params->point_form, 0, params->mac_md))) {
 		fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
 		goto end;
 	}
@@ -457,11 +455,11 @@ int SM2_decrypt_ex(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 		return 0;
 	}

-	if (!(cv = SM2_CIPHERTEXT_VALUE_decode(ec_group, point_form, mac_md, in, inlen))) {
+	if (!(cv = SM2_CIPHERTEXT_VALUE_decode(ec_group, params->point_form, params->mac_md, in, inlen))) {
 		fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
 		goto end;
 	}
-	if (!SM2_do_decrypt(kdf_md, mac_md, cv, out, outlen, ec_key)) {
+	if (!SM2_do_decrypt(params, cv, out, outlen, ec_key)) {
 		fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
 		goto end;
 	}
@@ -472,14 +470,14 @@ end:
 	return ret;
 }

-int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
+int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
 	const SM2_CIPHERTEXT_VALUE *cv, unsigned char *out, size_t *outlen,
 	EC_KEY *ec_key)
 {
 	int ret = 0;
 	const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
 	const BIGNUM *pri_key = EC_KEY_get0_private_key(ec_key);
-	KDF_FUNC kdf = KDF_get_x9_63(kdf_md);
+	KDF_FUNC kdf = KDF_get_x9_63(params->kdf_md);
 	EC_POINT *point = NULL;
 	BIGNUM *n = NULL;
 	BIGNUM *h = NULL;
@@ -488,13 +486,12 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1];
 	unsigned char mac[EVP_MAX_MD_SIZE];
 	unsigned int maclen;
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen;
 	int nbytes;
 	size_t size;
 	int i;

-	OPENSSL_assert(kdf_md && mac_md && cv && ec_key);
-	OPENSSL_assert(cv->ephem_point && cv->ciphertext);
-
 	if (!ec_group || !pri_key) {
 		goto end;
 	}
@@ -528,14 +525,6 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 		goto end;
 	}
 	nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8;
-	//OPENSSL_assert(nbytes == BN_num_bytes(n));
-
-#if 0
-	/* check sm2 curve and md is 256 bits */
-	OPENSSL_assert(nbytes == 32);
-	OPENSSL_assert(EVP_MD_size(kdf_md) == 32);
-	OPENSSL_assert(EVP_MD_size(mac_md) == 32);
-#endif

 	/* B2: check [h]C1 != O */
 	if (!EC_POINT_mul(ec_group, point, NULL, cv->ephem_point, h, bn_ctx)) {
@@ -568,7 +557,7 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	*outlen = cv->ciphertext_size;

 	/* B6: check Hash(x2 || M || y2) == C3 */
-	if (!EVP_DigestInit_ex(md_ctx, mac_md, NULL)) {
+	if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) {
 		goto end;
 	}
 	if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) {
@@ -583,8 +572,13 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md,
 	if (!EVP_DigestFinal_ex(md_ctx, mac, &maclen)) {
 		goto end;
 	}
-	if (cv->mactag_size != maclen ||
-		memcmp(cv->mactag, mac, maclen)) {
+
+	/* GmSSL specific */
+	if (params->mactag_size > maclen) {
+		goto end;
+	}
+	if (cv->mactag_size != params->mactag_size ||
+		memcmp(mac, cv->mactag, cv->mactag_size)) {
 		goto end;
 	}

@@ -599,26 +593,55 @@ end:
 	return ret;
 }

-
-int SM2_encrypt(const unsigned char *in, size_t inlen,
-	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
+int SM2_ENC_PARAMS_init_with_recommended(SM2_ENC_PARAMS *params)
 {
-	const EVP_MD *kdf_md = EVP_sm3();
-	const EVP_MD *mac_md = EVP_sm3();
-	point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
-	
-	return SM2_encrypt_ex(kdf_md, mac_md, point_form,
-		in, inlen, out, outlen, ec_key);
+	if (!params) {
+		return 0;
+	}
+	params->kdf_md = EVP_sm3();
+	params->mac_md = EVP_sm3();
+	params->mactag_size = -1;
+	params->point_form = POINT_CONVERSION_UNCOMPRESSED;
+	return 1; 
 }

-int SM2_decrypt(const unsigned char *in, size_t inlen,
+int SM2_encrypt_with_recommended(const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
 {
-	const EVP_MD *kdf_md = EVP_sm3();
-	const EVP_MD *mac_md = EVP_sm3();
-	point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
-
-	return SM2_decrypt_ex(kdf_md, mac_md, point_form,
-		in, inlen, out, outlen, ec_key);	
+	SM2_ENC_PARAMS params;
+	SM2_ENC_PARAMS_init_with_recommended(&params);
+	return SM2_encrypt(&params, in, inlen, out, outlen, ec_key);
 }

+int SM2_decrypt_with_recommended(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
+{
+	SM2_ENC_PARAMS params;
+	SM2_ENC_PARAMS_init_with_recommended(&params);
+	return SM2_decrypt(&params, in, inlen, out, outlen, ec_key);	
+}
+
+int SM2_encrypt_elgamal(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
+{
+	SM2_ENC_PARAMS params;
+	params.kdf_md = EVP_sm3();
+	params.mac_md = EVP_sm3();
+	params.mactag_size = 0;
+	params.point_form = POINT_CONVERSION_COMPRESSED;
+	return SM2_encrypt(&params, in, inlen, out, outlen, ec_key);
+}
+
+int SM2_decrypt_elgamal(const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen, EC_KEY *ec_key)
+{
+	SM2_ENC_PARAMS params;
+	params.kdf_md = EVP_sm3();
+	params.mac_md = EVP_sm3();
+	params.mactag_size = 0;
+	params.point_form = POINT_CONVERSION_COMPRESSED;
+	return SM2_decrypt(&params, in, inlen, out, outlen, ec_key);
+}
+
+
+
--- a/crypto/sm2/sm2_kap.c
+++ b/crypto/sm2/sm2_kap.c
@@ -662,3 +662,11 @@ int SM2_KAP_final_check(SM2_KAP_CTX *ctx, const unsigned char *checksum,
 	return 1;
 }

+int SM2_compute_key(void *out, size_t outlen,
+	const EC_POINT *pub_key, EC_KEY *ecdh,
+	const EC_POINT *pub_key2, EC_KEY *ec_key2,
+	const char *id1, const char *id2, int is_ini)
+{
+	return 0;
+}
+
--- a/crypto/sm3/hmac_sm3.c
+++ b/crypto/sm3/hmac_sm3.c
@@ -0,0 +1,80 @@
+#include <string.h>
+#include <assert.h>
+#include "hmac_sm3.h"
+
+/**
+ * HMAC_k(m) = H((k ^ opad), H((k ^ ipad), m))
+ * pseudo-code:
+ * function hmac(key, message)
+ *	opad = [0x5c * blocksize]
+ *	ipad = [0x36 * blocksize]
+ *	if (length(key) > blocksize) then
+ *		key = hash(key)
+ *	end if
+ *	for i from 0 to length(key) - 1 step 1
+ *		ipad[i] = ipad[i] XOR key[i]
+ *		opad[i] = opad[i] XOR key[i]
+ *	end for
+ *	return hash(opad || hash(ipad || message))
+ * end function
+ */
+
+
+#define IPAD	0x36
+#define OPAD	0x5C
+
+
+
+void hmac_sm3_init(hmac_sm3_ctx_t *ctx, const unsigned char *key, size_t key_len)
+{
+	int i;
+	unsigned char ipad[SM3_DIGEST_LENGTH];
+
+	if (key_len <= SM3_BLOCK_SIZE) {
+		memcpy(ctx->key, key, key_len);
+		memset(ctx->key + key_len, 0, SM3_BLOCK_SIZE - key_len);
+	} else {
+		sm3_init(&ctx->sm3_ctx);
+		sm3_update(&ctx->sm3_ctx, key, key_len);
+		sm3_final(&ctx->sm3_ctx, ctx->key);
+		memset(ctx->key + SM3_DIGEST_LENGTH, 0,
+			SM3_BLOCK_SIZE - SM3_DIGEST_LENGTH);
+	}
+	for (i = 0; i < SM3_BLOCK_SIZE; i++) {
+		ctx->key[i] ^= IPAD;
+	}
+	
+	sm3_init(&ctx->sm3_ctx);
+	sm3_update(&ctx->sm3_ctx, ctx->key, SM3_BLOCK_SIZE);		
+}
+
+void hmac_sm3_update(hmac_sm3_ctx_t *ctx, const unsigned char *data, size_t data_len)
+{
+	sm3_update(&ctx->sm3_ctx, data, data_len);
+}
+
+void hmac_sm3_final(hmac_sm3_ctx_t *ctx, unsigned char mac[HMAC_SM3_MAC_SIZE])
+{
+	int i;
+	for (i = 0; i < SM3_BLOCK_SIZE; i++) {
+		ctx->key[i] ^= (IPAD ^ OPAD);
+	}	
+	sm3_final(&ctx->sm3_ctx, mac);
+	sm3_init(&ctx->sm3_ctx);
+	sm3_update(&ctx->sm3_ctx, ctx->key, SM3_BLOCK_SIZE);
+	sm3_update(&ctx->sm3_ctx, mac, SM3_DIGEST_LENGTH);
+	sm3_final(&ctx->sm3_ctx, mac);
+}
+
+void hmac_sm3(const unsigned char *data, size_t data_len,
+	const unsigned char *key, size_t key_len, unsigned char mac[HMAC_SM3_MAC_SIZE])
+{
+	hmac_sm3_ctx_t ctx;
+	
+	hmac_sm3_init(&ctx, key, key_len);
+	hmac_sm3_update(&ctx, data, data_len);
+	hmac_sm3_final(&ctx, mac);
+
+	memset(&ctx, 0, sizeof(hmac_sm3_ctx_t));
+}
+
--- a/crypto/sm3/hmac_sm3.h
+++ b/crypto/sm3/hmac_sm3.h
@@ -0,0 +1,29 @@
+#ifndef LIBSM3_HMAC_SM3_H
+#define LIBSM3_HMAC_SM3_H
+
+#include "sm3.h"
+
+#define HMAC_SM3_MAC_SIZE  SM3_DIGEST_LENGTH
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct {
+	sm3_ctx_t sm3_ctx;
+	unsigned char key[SM3_DIGEST_LENGTH];
+} hmac_sm3_ctx_t;
+
+
+void hmac_sm3_init(hmac_sm3_ctx_t *ctx, const unsigned char *key, size_t key_len);
+void hmac_sm3_update(hmac_sm3_ctx_t *ctx, const unsigned char *data, size_t data_len);
+void hmac_sm3_final(hmac_sm3_ctx_t *ctx, unsigned char mac[HMAC_SM3_MAC_SIZE]);
+void hmac_sm3(const unsigned char *data, size_t data_len,
+	const unsigned char *key, size_t key_len, unsigned char mac[HMAC_SM3_MAC_SIZE]);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
--- a/crypto/sm3/hmac_sm3_test.c
+++ b/crypto/sm3/hmac_sm3_test.c
@@ -0,0 +1,68 @@
+#include "hmac_sm3.h"
+#include <stdio.h>
+#include <string.h>
+
+int hmac_sm3_test()
+{
+	int ret = 0;
+	int i, j;
+	unsigned char mac[HMAC_SM3_MAC_SIZE];
+	hmac_sm3_ctx_t ctx;
+	
+	char *testarray[4] = {
+		"abc",
+		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+		"a",
+		"01234567012345670123456701234567"
+	};
+	int repeatcount[4] = { 1, 1, 1000000, 20 };
+	unsigned char key[4] = {
+		"hello",
+		"world",
+		"23492304982304982340923480",
+		"a"
+	};
+	unsigned char result[4][32] = {
+		{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0},
+		{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0},
+		{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0},
+		{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 
+		 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0},
+	};
+
+	for (i = 0; i < sizeof(testarray)/sizeof(testarray[0]); i++) {
+		hmac_sm3_init(&ctx, key[i], key_length[i]);
+		for (j = 0; j < repeatcount[i]; j++) {
+			hmac_sm3_update(&ctx, (const unsigned char *)testarray[i], 
+				strlen(testarray[i]));
+		}
+		hmac_sm3_final(&ctx, mac);
+		if (memcmp(mac, &result[i][0], sizeof(mac)) != 0) {
+			fprintf(stderr, "hmac-sm3 test-%d failed\n", i);
+			ret = 1;
+		}
+	}
+	
+	if (ret == 0) {
+		printf("hmac-sm3 test success!\n");
+	}
+	
+	return ret;
+}
+
+int main()
+{
+	return hmac_sm3_test();
+}
+
--- a/crypto/sm3/sm3dgst.c
+++ b/crypto/sm3/sm3dgst.c
@@ -0,0 +1,46 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <libgen.h>
+#include "sm3.h"
+
+/*
+ * usage of sm3dgst:
+ * ./sm3dgst <file>
+ * 324234234234235234234234234234
+ *
+ * echo "hello world" | sm3dgst
+ * lksjdlfksdjlfkjsdlfkjsdlfkjsdljkfffffffldjfk=
+ *
+ */
+
+int main(int argc, char **argv)
+{
+	sm3_ctx_t ctx;
+	unsigned char dgst[SM3_DIGEST_LENGTH];
+	unsigned char buf[4096];
+	ssize_t len;
+	int i;
+
+	if (argc > 1) {
+		printf("usage: %s < file\n", basename(argv[0]));
+		return 0;
+	}
+
+	sm3_init(&ctx);
+	
+	while ((len = read(STDIN_FILENO, buf, sizeof(buf))) > 0) {
+		sm3_update(&ctx, buf, len);
+	}
+	memset(dgst, 0, sizeof(dgst));
+	sm3_final(&ctx, dgst);
+
+	for (i = 0; i < sizeof(dgst); i++) {
+		printf("%02x", dgst[i]);
+	}
+	printf("\n");
+
+	return 0;	 
+}
+
--- a/crypto/sm3/sm3test2.c
+++ b/crypto/sm3/sm3test2.c
@@ -0,0 +1,94 @@
+#include <stdio.h>
+#include <string.h>
+#include "sm3.h"
+
+int sm3_test1()
+{
+	char *msg = "abc";
+	unsigned char dgst[SM3_DIGEST_LENGTH];
+	unsigned char result[] = {
+		0x66,0xc7,0xf0,0xf4,0x62,0xee,0xed,0xd9, 
+		0xd1,0xf2,0xd4,0x6b,0xdc,0x10,0xe4,0xe2, 
+		0x41,0x67,0xc4,0x87,0x5c,0xf2,0xf7,0xa2, 
+		0x29,0x7d,0xa0,0x2b,0x8f,0x4b,0xa8,0xe0
+	};
+	int i;
+
+	printf("sm3 test 1\n");
+	memset(dgst, 0, sizeof(dgst));
+	sm3((unsigned char *)msg, strlen(msg), dgst);
+
+	printf(" message : %s\n", msg);
+	printf("  digest : 0x");
+	for(i = 0; i < sizeof(dgst); i++) {
+		printf("%02x", dgst[i]);
+	}
+	printf("\n");
+
+	printf("  result : ");
+	if (memcmp(dgst, result, sizeof(result))) {
+		printf("failed\n");
+		return -1;
+	} else {
+		printf("passed\n");
+	}
+	return 0;
+}
+
+int sm3_test2()
+{
+	unsigned char msg[] = {
+		0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+                0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
+	};
+
+	unsigned char dgst[SM3_DIGEST_LENGTH];
+	unsigned char result[] = {
+		0xde,0xbe,0x9f,0xf9,0x22,0x75,0xb8,0xa1,
+		0x38,0x60,0x48,0x89,0xc1,0x8e,0x5a,0x4d,
+		0x6f,0xdb,0x70,0xe5,0x38,0x7e,0x57,0x65, 
+		0x29,0x3d,0xcb,0xa3,0x9c,0x0c,0x57,0x32,
+	};
+	int i;
+
+	printf("sm3 test 2\n");
+	memset(dgst, 0, sizeof(dgst));
+	sm3(msg, sizeof(msg), dgst);
+
+	printf(" message : 0x");
+	for (i = 0; i < sizeof(msg); i++) {
+		printf("%02x", msg[i]);
+	}
+	printf("\n");
+	printf("   digest: 0x");
+	for (i = 0; i < sizeof(dgst); i++) {
+		printf("%02x", dgst[i]);
+	}
+	printf("\n");
+
+	printf("  result : ");
+	if (memcmp(dgst, result, sizeof(result))) {
+		printf("failed\n");
+		return -1;
+	} else {
+		printf("passed\n");
+	}
+	return 0;
+}
+
+int main(int argc, char *argv[])
+{
+	if (sm3_test1())
+		return -1;
+
+	if (sm3_test2())
+		return -2;
+
+	return 0;
+}
--- a/crypto/sm9/sm9.h
+++ b/crypto/sm9/sm9.h
@@ -0,0 +1,102 @@
+/* crypto/sm9/sm9.h */
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+
+#ifndef HEADER_SM9_H
+#define HEADER_SM9_H
+
+#include <openssl/evp.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct sm9_public_params_st SM9_PUBLIC_PARAMS;
+typedef struct sm9_master_secret_st SM9_MASTER_SECRET;
+
+#define SM9_VERIFY_SUCCESS	 1
+#define SM9_VERIFY_FAILED	 0
+#define SM9_VERIFY_INNER_ERROR	-1
+
+int SM9_setup(SM9_PUBLIC_PARAMS **params, SM9_MASTER_SECRET **master);
+void SM9_PUBLIC_PARAMS_free(SM9_PUBLIC_PARAMS *a);
+void SM9_MASTER_SECRET_free(SM9_MASTER_SECRET *a);
+int i2d_SM9_PUBLIC_PARAMS(SM9_PUBLIC_PARAMS *a, unsigned char *out);
+int i2d_SM9_MASTER_SECRET(SM9_MASTER_SECRET *a, unsigned char *out);
+SM9_PUBLIC_PARAMS *d2i_SM9_PUBLIC_PARAMS(SM9_PUBLIC_PARAMS **a, const unsigned char **in, long len);
+SM9_MASTER_SECRET *d2i_SM9_MASTER_SECRET(SM9_MASTER_SECRET **a, const unsigned char **in, long len);
+
+EVP_PKEY *SM9_extract_private_key(SM9_MASTER_SECRET *master,
+	const char *id, size_t idlen, EVP_PKEY **pkey);
+
+int SM9_encrypt(SM9_PUBLIC_PARAMS *params,
+	const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen,
+	const char *id, size_t idlen);
+int SM9_decrypt(SM9_PUBLIC_PARAMS *params,
+	const unsigned char *in, size_t inlen,
+	unsigned char *out, size_t *outlen,
+	EVP_PKEY *pkey);
+
+int SM9_sign(SM9_PUBLIC_PARAMS *params,
+	const unsigned char *dgst, int dgstlen,
+	unsigned char *sig, unsigned int *siglen,
+	EVP_PKEY *pkey);
+int SM2_verify(SM9_PUBLIC_PARAMS *params,
+	const unsigned char *dgst, int dgstlen,
+	const unsigned char *sig, int siglen,
+	const char *id, size_t idlen);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
--- a/crypto/sm9/sm9_lcl.h
+++ b/crypto/sm9/sm9_lcl.h
@@ -0,0 +1,103 @@
+/* crypto/sm9/sm9.h */
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+
+#include "sm9.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct sm9_public_params_st {
+	char *id;
+	void *data;
+};
+
+struct sm9_master_secret_st {
+	char *id;
+	void *data;
+};
+
+struct sm9_method_st {
+	int type;
+	char *name;
+	int (*setup)(SM9_PUBLIC_PARAMS **params, SM9_MASTER_SECRET **master);
+	void (*public_params_free)(SM9_PUBLIC_PARAMS *a);
+	void (*master_secret_free)(SM9_MASTER_SECRET *a);
+	int (*public_params_encode)(SM9_PUBLIC_PARAMS *a, unsigned char *out);
+	int (*master_secret_encode)(SM9_MASTER_SECRET *a, unsigned char *out);
+	SM9_PUBLIC_PARAMS *(*public_params_decode)(SM9_PUBLIC_PARAMS **a, const unsigned char **in, long len);
+	SM9_MASTER_SECRET *(*master_secret_decode)(SM9_MASTER_SECRET **a, const unsigned char **in, long len);
+	EVP_PKEY *(*extract_private_key)(SM9_MASTER_SECRET *master,
+		const char *id, size_t idlen, EVP_PKEY **pkey);
+	int (*encrypt)(SM9_PUBLIC_PARAMS *params,
+		const unsigned char *in, size_t inlen,
+		unsigned char *out, size_t *outlen,
+		const char *id, size_t idlen);
+	int (*decrypt)(SM9_PUBLIC_PARAMS *params,
+		const unsigned char *in, size_t inlen,
+		unsigned char *out, size_t *outlen,
+		EVP_PKEY *pkey);
+	int (*sign)(SM9_PUBLIC_PARAMS *params,
+		const unsigned char *dgst, int dgstlen,
+		unsigned char *sig, unsigned int *siglen,
+		EVP_PKEY *pkey);
+	int (*verify)(SM9_PUBLIC_PARAMS *params,
+		const unsigned char *dgst, int dgstlen,
+		const unsigned char *sig, int siglen,
+		const char *id, size_t idlen);
+};
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
--- a/crypto/sms4/Makefile
+++ b/crypto/sms4/Makefile
@@ -17,13 +17,13 @@ TEST=
 APPS=

 LIB=$(TOP)/libcrypto.a
-LIBSRC=sms4_cbc.c sms4_cfb.c sms4_ecb.c sms4_ofb.c sms4_ctr.c sms4_wrap.c sms4.c
-LIBOBJ=sms4_cbc.o sms4_cfb.o sms4_ecb.o sms4_ofb.o sms4_ctr.o sms4_wrap.o sms4.o
+LIBSRC=sms4_cbc.c sms4_cfb.c sms4_ecb.c sms4_ofb.c sms4_ctr.c sms4_wrap.c sms4_common.c sms4_setkey.c sms4_enc.c
+LIBOBJ=sms4_cbc.o sms4_cfb.o sms4_ecb.o sms4_ofb.o sms4_ctr.o sms4_wrap.o sms4_common.o sms4_setkey.o sms4_enc.o

 SRC= $(LIBSRC)

 EXHEADER= sms4.h
-HEADER=	../../include/openssl/modes.h $(EXHEADER)
+HEADER=	../../include/openssl/modes.h sms4_lcl.h $(EXHEADER)

 ALL=    $(GENERAL) $(SRC) $(HEADER)

--- a/crypto/sms4/sms4.h
+++ b/crypto/sms4/sms4.h
@@ -91,6 +91,26 @@ int sms4_wrap_key(sms4_key_t *key, const unsigned char *iv,
 int sms4_unwrap_key(sms4_key_t *key, const unsigned char *iv,
 	unsigned char *out, const unsigned char *in, unsigned int inlen);

+
+
+#define SMS4_EDE_KEY_LENGTH	32
+
+typedef struct {
+	sms4_key_t k1;
+	sms4_key_t k2;	
+} sms4_ede_key_t;
+
+void sms4_ede_set_encrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);
+void sms4_ede_set_decrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);
+void sms4_ede_encrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_encrypt_8blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_encrypt_16blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_decrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_decrypt_8blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+void sms4_ede_decrypt_16blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
+
+
+
 #ifdef __cplusplus
 }
 #endif
--- a/crypto/sms4/sms4_ede.h
+++ b/crypto/sms4/sms4_ede.h
@@ -1,30 +0,0 @@
-#ifndef LIBSM_SMS4_EDE_H
-#define LIBSM_SMS4_EDE_H
-
-#define SMS4_EDE_KEY_LENGTH	32
-
-#include "sms4.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct {
-	sms4_key_t k1;
-	sms4_key_t k2;	
-} sms4_ede_key_t;
-
-void sms4_ede_set_encrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);
-void sms4_ede_set_decrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);
-void sms4_ede_encrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-void sms4_ede_encrypt_8blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-void sms4_ede_encrypt_16blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-void sms4_ede_decrypt(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-void sms4_ede_decrypt_8blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-void sms4_ede_decrypt_16blocks(sms4_ede_key_t *key, const unsigned char *in, unsigned char *out);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
--- a/crypto/sms4/sms4_enc.c
+++ b/crypto/sms4/sms4_enc.c
@@ -64,8 +64,7 @@
 	x4 = S32(x4);					\
 	x4 = x0 ^ L32(x4)

-
-void sms4_encrypt(sms4_key_t *key, const unsigned char *in, unsigned char *out)
+void sms4_encrypt(const unsigned char *in, unsigned char *out, const sms4_key_t *key)
 {
 	uint32_t *rk = key->rk;
 	uint32_t x0, x1, x2, x3, x4;
--- a/crypto/sms4/sms4_setkey.c
+++ b/crypto/sms4/sms4_setkey.c
@@ -0,0 +1,67 @@
+#include "sms4.h"
+#include "sms4_lcl.h"
+
+static uint32_t FK[4] = {
+	0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc,
+};
+
+static uint32_t CK[32] = {
+	0x00070e15, 0x1c232a31, 0x383f464d, 0x545b6269,
+	0x70777e85, 0x8c939aa1, 0xa8afb6bd, 0xc4cbd2d9,
+	0xe0e7eef5, 0xfc030a11, 0x181f262d, 0x343b4249,
+	0x50575e65, 0x6c737a81, 0x888f969d, 0xa4abb2b9,
+	0xc0c7ced5, 0xdce3eaf1, 0xf8ff060d, 0x141b2229, 
+	0x30373e45, 0x4c535a61, 0x686f767d, 0x848b9299,
+	0xa0a7aeb5, 0xbcc3cad1, 0xd8dfe6ed, 0xf4fb0209,
+	0x10171e25, 0x2c333a41, 0x484f565d, 0x646b7279,
+};
+
+#define L32_(x)					\
+	((x) ^ 					\
+	ROT32((x), 13) ^			\
+	ROT32((x), 23))
+
+#define ENC_ROUND(x0, x1, x2, x3, x4, i)	\
+	x4 = x1 ^ x2 ^ x3 ^ *(CK + i);		\
+	x4 = S32(x4);				\
+	x4 = x0 ^ L32_(x4);			\
+	*(rk + i) = x4
+
+#define DEC_ROUND(x0, x1, x2, x3, x4, i)	\
+	x4 = x1 ^ x2 ^ x3 ^ *(CK + i);		\
+	x4 = S32(x4);				\
+	x4 = x0 ^ L32_(x4);			\
+	*(rk + 31 - i) = x4
+
+void sms4_set_encrypt_key(sms4_key_t *key, const unsigned char *user_key)
+{
+	uint32_t *rk = key->rk;
+	uint32_t x0, x1, x2, x3, x4;
+
+	x0 = GET32(user_key     ) ^ FK[0];
+	x1 = GET32(user_key  + 4) ^ FK[1];
+	x2 = GET32(user_key  + 8) ^ FK[2];
+	x3 = GET32(user_key + 12) ^ FK[3];
+
+#define ROUND ENC_ROUND
+	ROUNDS(x0, x1, x2, x3, x4);
+
+	x0 = x1 = x2 = x3 = x4 = 0;
+}
+
+void sms4_set_decrypt_key(sms4_key_t *key, const unsigned char *user_key)
+{
+	uint32_t *rk = key->rk;
+	uint32_t x0, x1, x2, x3, x4;	
+
+	x0 = GET32(user_key     ) ^ FK[0];
+	x1 = GET32(user_key  + 4) ^ FK[1];
+	x2 = GET32(user_key  + 8) ^ FK[2];
+	x3 = GET32(user_key + 12) ^ FK[3];
+
+#undef ROUND
+#define ROUND DEC_ROUND
+	ROUNDS(x0, x1, x2, x3, x4);
+	
+	x0 = x1 = x2 = x3 = x4 = 0;
+}
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -90,11 +90,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
    case EVP_PKEY_EC:
        ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
        break;
-#ifndef OPENSSL_NO_SM2
-    case EVP_PKEY_SM2:
-        ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
-        break;
-#endif
    case EVP_PKEY_DH:
        ret = EVP_PK_DH | EVP_PKT_EXCH;
        break;