8 files changed, 37 insertions, 29 deletions

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index c998e61616..2c8572ba64 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1080,6 +1080,7 @@ RSA_F_RSA_VERIFY:119:RSA_verify
 RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING
 RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1
 RSA_F_SETUP_TBUF:167:setup_tbuf
+SM2_F_PKEY_SM2_COPY:115:pkey_sm2_copy
 SM2_F_PKEY_SM2_CTRL:109:pkey_sm2_ctrl
 SM2_F_PKEY_SM2_CTRL_STR:110:pkey_sm2_ctrl_str
 SM2_F_PKEY_SM2_DIGEST_CUSTOM:114:pkey_sm2_digest_custom
diff --git a/crypto/include/internal/sm2err.h b/crypto/include/internal/sm2err.h
index 62f2aa2a10..a4db1b73d7 100644
--- a/crypto/include/internal/sm2err.h
+++ b/crypto/include/internal/sm2err.h
@@ -23,6 +23,7 @@ int ERR_load_SM2_strings(void);
 /*
  * SM2 function codes.
  */
+#  define SM2_F_PKEY_SM2_COPY                              115
 #  define SM2_F_PKEY_SM2_CTRL                              109
 #  define SM2_F_PKEY_SM2_CTRL_STR                          110
 #  define SM2_F_PKEY_SM2_DIGEST_CUSTOM                     114
diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c
index c2a96c15d9..653c6797f8 100644
--- a/crypto/sm2/sm2_err.c
+++ b/crypto/sm2/sm2_err.c
@@ -14,6 +14,7 @@
 #ifndef OPENSSL_NO_ERR
 
 static const ERR_STRING_DATA SM2_str_functs[] = {
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_COPY, 0), "pkey_sm2_copy"},
     {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"},
     {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"},
     {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_DIGEST_CUSTOM, 0),
diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c
index 4b61e243aa..3e420658d2 100644
--- a/crypto/sm2/sm2_pmeth.c
+++ b/crypto/sm2/sm2_pmeth.c
@@ -72,6 +72,7 @@ static int pkey_sm2_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
     if (sctx->id != NULL) {
         dctx->id = OPENSSL_malloc(sctx->id_len);
         if (dctx->id == NULL) {
+            SM2err(SM2_F_PKEY_SM2_COPY, ERR_R_MALLOC_FAILURE);
             pkey_sm2_cleanup(dst);
             return 0;
         }
@@ -195,8 +196,10 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     case EVP_PKEY_CTRL_SET1_ID:
         if (p1 > 0) {
             tmp_id = OPENSSL_malloc(p1);
-            if (tmp_id == NULL)
+            if (tmp_id == NULL) {
+                SM2err(SM2_F_PKEY_SM2_CTRL, ERR_R_MALLOC_FAILURE);
                 return 0;
+            }
             memcpy(tmp_id, p2, p1);
             OPENSSL_free(smctx->id);
             smctx->id = tmp_id;
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index 9b74e41d39..0fedd17ce6 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -187,7 +187,7 @@ B<ASN1_OBJECT> structure respectively.
 Assigns an B<EVP_PKEY_CTX> to B<EVP_MD_CTX>. This is usually used to provide
 a customzied B<EVP_PKEY_CTX> to L<EVP_DigestSignInit(3)> or
 L<EVP_DigestVerifyInit(3)>. The B<pctx> passed to this function should be freed
-by the caller. A null B<pctx> pointer is also allowed to clear the B<EVP_PKEY_CTX>
+by the caller. A NULL B<pctx> pointer is also allowed to clear the B<EVP_PKEY_CTX>
 assigned to B<ctx>. In such case, freeing the cleared B<EVP_PKEY_CTX> or not
 depends on how the B<EVP_PKEY_CTX> is created.
 
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
index d70dbb9cf2..e1a107c06e 100644
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -167,15 +167,15 @@ B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0; previous
 versions should use 0 instead.
 
 The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len()
-are used to manipulate special identifier field for specific signature algorithm
-such as SM2. The EVP_PKEY_set1_id() sets an ID pointed by B<id> with the length
-B<id_len> to the library. The library maintains the memory management stuffs so
-the caller can safely free the original memory pointed by B<id>. The
-EVP_PKEY_CTX_get1_id_len() returns the length of the ID set via a previous call
-to EVP_PKEY_set1_id(). The length is usually used to allocate adequate memory for
-further calls to EVP_PKEY_CTX_get1_id(). The EVP_PKEY_CTX_get1_id() returns the
-previously set ID value to caller into B<id>, caller should allocate adequate
-memory space to B<id> before calling EVP_PKEY_CTX_get1_id().
+macros are used to manipulate the special identifier field for specific signature
+algorithms such as SM2. The EVP_PKEY_CTX_set1_id() sets an ID pointed by B<id> with
+the length B<id_len> to the library. The library takes a copy of the id so that
+the caller can safely free the original memory pointed to by B<id>. The
+EVP_PKEY_CTX_get1_id_len() macro returns the length of the ID set via a previous
+call to EVP_PKEY_CTX_set1_id(). The length is usually used to allocate adequate
+memory for further calls to EVP_PKEY_CTX_get1_id(). The EVP_PKEY_CTX_get1_id()
+macro returns the previously set ID value to caller in B<id>. The caller should
+allocate adequate memory space for the B<id> before calling EVP_PKEY_CTX_get1_id().
 
 =head1 RETURN VALUES
 
@@ -197,7 +197,7 @@ L<EVP_PKEY_keygen(3)>
 =head1 HISTORY
 
 EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len()
-were added in 1.1.1, other functions were first added to OpenSSL 1.0.0.
+macros were added in 1.1.1, other functions were first added to OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/EVP_PKEY_meth_new.pod b/doc/man3/EVP_PKEY_meth_new.pod
index 171d4da744..db803fc2a2 100644
--- a/doc/man3/EVP_PKEY_meth_new.pod
+++ b/doc/man3/EVP_PKEY_meth_new.pod
@@ -348,8 +348,8 @@ The digest_custom() method is used to generate customized digest content before
 the real message is passed to functions like L<EVP_DigestSignUpdate(3)> or
 L<EVP_DigestVerifyInit(3)>. This is usually required by some public key
 signature algorithms like SM2 which requires a hashed prefix to the message to
-be signed. The digest_custom() will be called by L<EVP_DigestSignInit(3)> and
-L<EVP_DigestVerifyInit(3)>.
+be signed. The digest_custom() function will be called by L<EVP_DigestSignInit(3)>
+and L<EVP_DigestVerifyInit(3)>.
 
 =head2 Functions
 
diff --git a/doc/man7/SM2.pod b/doc/man7/SM2.pod
index 40dc317dcf..029dc736cb 100644
--- a/doc/man7/SM2.pod
+++ b/doc/man7/SM2.pod
@@ -6,23 +6,25 @@ SM2 - Chinese SM2 signature and encryption algorithm support
 
 =head1 DESCRIPTION
 
-B<SM2> algorithm is first defined by the Chinese national standard GM/T 0003-2012
-and is standardized by ISO as ISO/IEC 14888. B<SM2> is actually an elliptic curve
-based algorithm. Currnet implementation in OpenSSL supports both signature and
-encryption schemes via EVP interface.
+The B<SM2> algorithm was first defined by the Chinese national standard GM/T
+0003-2012 and was later standardized by ISO as ISO/IEC 14888. B<SM2> is actually
+an elliptic curve based algorithm. The current implementation in OpenSSL supports
+both signature and encryption schemes via the EVP interface.
 
 When doing the B<SM2> signature algorithm, it requires a distinguishing identifier
 to form the message prefix which is hashed before the real message is hashed.
 
 =head1 NOTES
 
-B<SM2> signature can be generated by using the 'DigestSign' series APIs, for instance,
-EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). Ditto
-for the verification process by calling the 'DigestVerify' series APIs.
+B<SM2> signatures can be generated by using the 'DigestSign' series of APIs, for
+instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal().
+Ditto for the verification process by calling the 'DigestVerify' series of APIs.
 
-There are several special steps need to be done before computing an B<SM2> signature.
+There are several special steps that need to be done before computing an B<SM2>
+signature.
 
-The B<EVP_PKEY> structure should be set to B<EVP_PKEY_SM2> by calling:
+The B<EVP_PKEY> structure will default to using ECDSA for signatures when it is
+created. It should be set to B<EVP_PKEY_SM2> by calling:
 
  EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
 
@@ -30,23 +32,23 @@ Then an ID should be set by calling:
 
  EVP_PKEY_CTX_set1_id(pctx, id, id_len);
 
-When calling the EVP_DeigestSignInit() or EVP_DigestVerifyInit() function, a
+When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a
 pre-allocated B<EVP_PKEY_CTX> should be assigned to the B<EVP_MD_CTX>. This is
 done by calling:
 
  EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
 
-And normally there is no need to pass a B<pctx> parameter to EVP_DeigestSignInit()
-or EVP_DigestVerifyInit() in such scenario.
+And normally there is no need to pass a B<pctx> parameter to EVP_DigestSignInit()
+or EVP_DigestVerifyInit() in such a scenario.
 
 =head1 EXAMPLE
 
-This example demonstrates the calling sequence on how to use an B<EVP_PKEY> to
-sign a message with SM2 signature algorithm and SM3 hash algorithm:
+This example demonstrates the calling sequence for using an B<EVP_PKEY> to verify
+a message with the SM2 signature algorithm and the SM3 hash algorithm:
 
  #include <openssl/evp.h>
 
- /* obtain an EVP_PKEY from whatever methods... */
+ /* obtain an EVP_PKEY using whatever methods... */
  EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
  mctx = EVP_MD_CTX_new();
  pctx = EVP_PKEY_CTX_new(pkey, NULL);