Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src/OpenSSL/crypto.py: support SM2 sign with OpenSSL 1.1.1x #1172

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

hustliyilin
Copy link

@hustliyilin hustliyilin commented Dec 28, 2022

In openssl 1.1.1 docs/man3/EVP_PKEY_set1_RSA.pod
(https://github.com/openssl/openssl/blob/OpenSSL_1_1_1/doc/man3/EVP_PKEY_set1_RSA.pod) The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API is possible to convert it to using SM2 algorithms After loading an ECC key.

Besides, pyca/cryptography support to export The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API in pyca/cryptography@c28bfb3 .

So in pyopenssl, we can support SM2 sign with OpenSSL 1.1.1x and pyca/cryptography.

Fixes: #1171
Signed-off-by: YiLin.Li YiLin.Li@linux.alibaba.com

@hustliyilin
Copy link
Author

Hi, CI/CD still has a failing check. I don't know what caused it and how to fix it. Can you give me some help or tips?

@alex
Copy link
Member

alex commented Feb 28, 2023

It's caused by the reduction in coverage since there are no tests for this code.

@hustliyilin
Copy link
Author

It's caused by the reduction in coverage since there are no tests for this code.

OK, thanks @alex , I will add the tests for this codes as soon as possible.

@hustliyilin
Copy link
Author

hustliyilin commented Mar 2, 2023

Hello @alex ,

I added the tests and rebased the latest codes already. Besides, I downloaded the corresponding CI/CD (py36-ubuntu20.04) docker image (ghcr.io/pyca/cryptography-runner-ubuntu-bionic:latest) on my machine. I used pip3 install pyopenssl and coverage run --parallel -m pytest -v to test in the CI/CD image locally. The results showed that my new tests were OK. This is a screenshot of my test results

image

However, the CI/CD still has the failing checks. I don't quite know why. Could you help me? Thanks a lot.

image

@reaperhulk
Copy link
Member

reaperhulk commented Mar 2, 2023

Many of the jobs in our CI run against versions of cryptography compiled against other OpenSSL versions. These do not have SM2 support, so the test suite needs to properly detect support and skip if it isn’t available.

In openssl 1.1.1 docs/man3/EVP_PKEY_set1_RSA.pod
(https://github.com/openssl/openssl/blob/OpenSSL_1_1_1/doc/man3/EVP_PKEY_set1_RSA.pod)
The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API is possible to convert it to using
SM2 algorithms After loading an ECC key.

Besides, pyca/cryptography support to export `The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API`
in pyca/cryptography@c28bfb3 .

So in pyopenssl, we can support SM2 sign with OpenSSL 1.1.1x and pyca/cryptography.

Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com>
@hustliyilin
Copy link
Author

@alex

Now all CI/CDs passed. Could you review it again? Thanks a lot.

@mr-m0nst3r
Copy link

Still waiting for this pr to work, mates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

src/OpenSSL/crypto.py: support SM2 sign with OpenSSL 1.1.1x
4 participants