According to GMT 0003.5-2012, Z hash calculation is added in the SM2 signature algorithm step to solve the problem of mutual signature verification with other libraries such as openssl
We need more information on the why and when of this change. We don't want to maintain different versions of the same algorithm. The I-D expired more than 6 years ago and thus it should not be used as a reference.
SM2 (GM/T 0003-2012): elliptic curve cryptographic schemes including digital signature scheme, public key.
According to the newest original formal standard "GM/T 0003.2 Public key cryptographic algorithm SM2 based on elliptic curves -- Part 2: Digital signature algorithm" by China National cryptography Bureau, it does have a calculate about Z_a.
Z_A=H_256(ENTL_A || ID_A || a || b || x_G || y_G || x_A || y_A)
The standard do not have any update since 2012. So the I-D seems not expired at all.
And I found a blog seems written by the SM2 implementation author of libgcrybt -- Tianjia Zhang. He/She drew a red circle on a standard picture of the Z_A.
Maybe we could contact with him.
rC6b55246c7708: Add elliptic curve SM2 implementation.
https://blog.csdn.net/openanolis/article/details/109745157 (only Chinese)
Author marked as "OpenAnolis" which is a blog of Alibaba Cloud. Zhang also from Ali.
This article mentioned the experience and commit of adding SM2 to libgcrypt and thanks NIIBE Yutaka's help.
Reading through the report, the spec., and current implementation, I concluded that this is not a bug, thus, I'm closing this.
This was basically from confusion, assuming it's not implemented.
In fact, it is implemented. See libgcrypt/tests/basic.c by the function check_pubkey_sign_ecdsa. There are two test cases with sm2 with sm3 hash.