8 files changed, 187 insertions, 6 deletions

diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index b4105c20f2..eefe2d0cd5 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -17,7 +17,7 @@
 #include "internal/evp_int.h"
 
 #if !defined(OPENSSL_NO_SM2)
-# include <openssl/sm2.h>
+# include "internal/sm2.h"
 #endif
 
 /* EC pkey context structure */
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index f45e230749..7fc5788434 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -32,7 +32,7 @@ L CMS           include/openssl/cms.h           crypto/cms/cms_err.c
 L CT            include/openssl/ct.h            crypto/ct/ct_err.c
 L ASYNC         include/openssl/async.h         crypto/async/async_err.c
 L KDF           include/openssl/kdf.h           crypto/kdf/kdf_err.c
-L SM2           include/openssl/sm2.h           crypto/sm2/sm2_err.c
+L SM2           crypto/include/internal/sm2.h   crypto/sm2/sm2_err.c
 L OSSL_STORE    include/openssl/store.h         crypto/store/store_err.c
 
 # additional header files to be scanned for function names
diff --git a/crypto/include/internal/sm2.h b/crypto/include/internal/sm2.h
new file mode 100644
index 0000000000..af24c0146b
--- /dev/null
+++ b/crypto/include/internal/sm2.h
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2_H
+# define HEADER_SM2_H
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+#  ifdef __cplusplus
+extern "C" {
+#  endif
+
+#  include <openssl/ec.h>
+
+/* The default user id as specified in GM/T 0009-2012 */
+#  define SM2_DEFAULT_USERID "1234567812345678"
+
+int SM2_compute_userid_digest(uint8_t *out,
+                              const EVP_MD *digest,
+                              const char *user_id, const EC_KEY *key);
+
+/*
+ * SM2 signature operation. Computes ZA (user id digest) and then signs
+ * H(ZA || msg) using SM2
+ */
+ECDSA_SIG *SM2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const char *user_id, const uint8_t *msg, size_t msg_len);
+
+int SM2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *signature,
+                  const char *user_id, const uint8_t *msg, size_t msg_len);
+
+/*
+ * SM2 signature generation. Assumes input is an SM3 digest
+ */
+int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/*
+ * SM2 signature verification. Assumes input is an SM3 digest
+ */
+int SM2_verify(int type, const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+
+/*
+ * SM2 encryption
+ */
+size_t SM2_ciphertext_size(const EC_KEY *key,
+                           const EVP_MD *digest,
+                           size_t msg_len);
+
+size_t SM2_plaintext_size(const EC_KEY *key,
+                          const EVP_MD *digest,
+                          size_t msg_len);
+
+int SM2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len,
+                uint8_t *ciphertext_buf, size_t *ciphertext_len);
+
+int SM2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len);
+
+int ERR_load_SM2_strings(void);
+
+#  ifdef __cplusplus
+}
+#  endif
+
+# endif /* OPENSSL_NO_SM2 */
+#endif
diff --git a/crypto/include/internal/sm2err.h b/crypto/include/internal/sm2err.h
new file mode 100644
index 0000000000..3416c3df8f
--- /dev/null
+++ b/crypto/include/internal/sm2err.h
@@ -0,0 +1,95 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2ERR_H
+# define HEADER_SM2ERR_H
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+int ERR_load_SM2_strings(void);
+# ifdef  __cplusplus
+}
+# endif
+
+/*
+ * SM2 function codes.
+ */
+# define SM2_F_PKEY_SM2_CTRL                              274
+# define SM2_F_PKEY_SM2_CTRL_STR                          275
+# define SM2_F_PKEY_SM2_KEYGEN                            276
+# define SM2_F_PKEY_SM2_PARAMGEN                          277
+# define SM2_F_PKEY_SM2_SIGN                              278
+
+/*
+ * SM2 reason codes.
+ */
+# define SM2_R_ASN1_ERROR                                 115
+# define SM2_R_ASN5_ERROR                                 1150
+# define SM2_R_BAD_SIGNATURE                              156
+# define SM2_R_BIGNUM_OUT_OF_RANGE                        144
+# define SM2_R_BUFFER_TOO_SMALL                           100
+# define SM2_R_COORDINATES_OUT_OF_RANGE                   146
+# define SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH                160
+# define SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING             159
+# define SM2_R_D2I_ECPKPARAMETERS_FAILURE                 117
+# define SM2_R_DECODE_ERROR                               142
+# define SM2_R_DISCRIMINANT_IS_ZERO                       118
+# define SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE               119
+# define SM2_R_FIELD_TOO_LARGE                            143
+# define SM2_R_GF2M_NOT_SUPPORTED                         147
+# define SM2_R_GROUP2PKPARAMETERS_FAILURE                 120
+# define SM2_R_I2D_ECPKPARAMETERS_FAILURE                 121
+# define SM2_R_INCOMPATIBLE_OBJECTS                       101
+# define SM2_R_INVALID_ARGUMENT                           112
+# define SM2_R_INVALID_COMPRESSED_POINT                   110
+# define SM2_R_INVALID_COMPRESSION_BIT                    109
+# define SM2_R_INVALID_CURVE                              141
+# define SM2_R_INVALID_DIGEST                             151
+# define SM2_R_INVALID_DIGEST_TYPE                        138
+# define SM2_R_INVALID_ENCODING                           102
+# define SM2_R_INVALID_FIELD                              103
+# define SM2_R_INVALID_FORM                               104
+# define SM2_R_INVALID_GROUP_ORDER                        122
+# define SM2_R_INVALID_KEY                                116
+# define SM2_R_INVALID_OUTPUT_LENGTH                      161
+# define SM2_R_INVALID_PEER_KEY                           133
+# define SM2_R_INVALID_PENTANOMIAL_BASIS                  132
+# define SM2_R_INVALID_PRIVATE_KEY                        123
+# define SM2_R_INVALID_TRINOMIAL_BASIS                    137
+# define SM2_R_KDF_PARAMETER_ERROR                        148
+# define SM2_R_KEYS_NOT_SET                               140
+# define SM2_R_MISSING_PARAMETERS                         124
+# define SM2_R_MISSING_PRIVATE_KEY                        125
+# define SM2_R_NEED_NEW_SETUP_VALUES                      157
+# define SM2_R_NOT_A_NIST_PRIME                           135
+# define SM2_R_NOT_IMPLEMENTED                            126
+# define SM2_R_NOT_INITIALIZED                            111
+# define SM2_R_NO_PARAMETERS_SET                          139
+# define SM2_R_NO_PRIVATE_VALUE                           154
+# define SM2_R_OPERATION_NOT_SUPPORTED                    152
+# define SM2_R_PASSED_NULL_PARAMETER                      134
+# define SM2_R_PEER_KEY_ERROR                             149
+# define SM2_R_PKPARAMETERS2GROUP_FAILURE                 127
+# define SM2_R_POINT_ARITHMETIC_FAILURE                   155
+# define SM2_R_POINT_AT_INFINITY                          106
+# define SM2_R_POINT_IS_NOT_ON_CURVE                      107
+# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED            158
+# define SM2_R_SHARED_INFO_ERROR                          150
+# define SM2_R_SLOT_FULL                                  108
+# define SM2_R_UNDEFINED_GENERATOR                        113
+# define SM2_R_UNDEFINED_ORDER                            128
+# define SM2_R_UNKNOWN_GROUP                              129
+# define SM2_R_UNKNOWN_ORDER                              114
+# define SM2_R_UNSUPPORTED_FIELD                          131
+# define SM2_R_WRONG_CURVE_PARAMETERS                     145
+# define SM2_R_WRONG_ORDER                                130
+
+#endif
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index a31c40fc7a..c3abd969eb 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -9,7 +9,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/sm2.h>
+#include "internal/sm2.h"
 #include <openssl/evp.h>
 #include <openssl/bn.h>
 #include <openssl/asn1.h>
diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c
index 0c051f68b6..6f244a5eb0 100644
--- a/crypto/sm2/sm2_err.c
+++ b/crypto/sm2/sm2_err.c
@@ -9,7 +9,7 @@
  */
 
 #include <openssl/err.h>
-#include <openssl/sm2err.h>
+#include "internal/sm2err.h"
 
 #ifndef OPENSSL_NO_ERR
 
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index e12eca12fb..ddfd318ed9 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -9,7 +9,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/sm2.h>
+#include "internal/sm2.h"
 #include <openssl/evp.h>
 #include <openssl/bn.h>
 #include <string.h>
diff --git a/crypto/sm2/sm2_za.c b/crypto/sm2/sm2_za.c
index f76fe0fcad..cf355238b2 100644
--- a/crypto/sm2/sm2_za.c
+++ b/crypto/sm2/sm2_za.c
@@ -9,7 +9,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/sm2.h>
+#include "internal/sm2.h"
 #include <openssl/evp.h>
 #include <openssl/bn.h>
 #include <string.h>