-
Notifications
You must be signed in to change notification settings - Fork 419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src/OpenSSL/crypto.py: support SM2 sign with OpenSSL 1.1.1x #1172
base: main
Are you sure you want to change the base?
Conversation
Hi, CI/CD still has a failing check. I don't know what caused it and how to fix it. Can you give me some help or tips? |
It's caused by the reduction in coverage since there are no tests for this code. |
OK, thanks @alex , I will add the tests for this codes as soon as possible. |
c4aa1ec
to
31d316d
Compare
Hello @alex , I added the tests and rebased the latest codes already. Besides, I downloaded the corresponding CI/CD ( However, the CI/CD still has the failing checks. I don't quite know why. Could you help me? Thanks a lot. |
Many of the jobs in our CI run against versions of cryptography compiled against other OpenSSL versions. These do not have SM2 support, so the test suite needs to properly detect support and skip if it isn’t available. |
In openssl 1.1.1 docs/man3/EVP_PKEY_set1_RSA.pod (https://github.com/openssl/openssl/blob/OpenSSL_1_1_1/doc/man3/EVP_PKEY_set1_RSA.pod) The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API is possible to convert it to using SM2 algorithms After loading an ECC key. Besides, pyca/cryptography support to export `The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API` in pyca/cryptography@c28bfb3 . So in pyopenssl, we can support SM2 sign with OpenSSL 1.1.1x and pyca/cryptography. Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com>
@alex , Now all CI/CDs passed. Could you review it again? Thanks a lot. |
Still waiting for this pr to work, mates. |
In openssl 1.1.1 docs/man3/EVP_PKEY_set1_RSA.pod
(https://github.com/openssl/openssl/blob/OpenSSL_1_1_1/doc/man3/EVP_PKEY_set1_RSA.pod) The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API is possible to convert it to using SM2 algorithms After loading an ECC key.
Besides, pyca/cryptography support to export
The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API
in pyca/cryptography@c28bfb3 .So in pyopenssl, we can support SM2 sign with OpenSSL 1.1.1x and pyca/cryptography.
Fixes: #1171
Signed-off-by: YiLin.Li YiLin.Li@linux.alibaba.com