Skip to content

src/OpenSSL/crypto.py: support SM2 sign with OpenSSL 1.1.1x#1172

Closed
hustliyilin wants to merge 1 commit intopyca:mainfrom
hustliyilin:main
Closed

src/OpenSSL/crypto.py: support SM2 sign with OpenSSL 1.1.1x#1172
hustliyilin wants to merge 1 commit intopyca:mainfrom
hustliyilin:main

Conversation

@hustliyilin
Copy link

@hustliyilin hustliyilin commented Dec 28, 2022
edited
Loading

In openssl 1.1.1 docs/man3/EVP_PKEY_set1_RSA.pod
(https://github.com/openssl/openssl/blob/OpenSSL_1_1_1/doc/man3/EVP_PKEY_set1_RSA.pod) The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API is possible to convert it to using SM2 algorithms After loading an ECC key.

Besides, pyca/cryptography support to export The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API in pyca/cryptography@c28bfb3 .

So in pyopenssl, we can support SM2 sign with OpenSSL 1.1.1x and pyca/cryptography.

Fixes: #1171
Signed-off-by: YiLin.Li YiLin.Li@linux.alibaba.com

@hustliyilin
Copy link
Author

hustliyilin commented Feb 28, 2023

Hi, CI/CD still has a failing check. I don't know what caused it and how to fix it. Can you give me some help or tips?

@alex
Copy link
Member

alex commented Feb 28, 2023

It's caused by the reduction in coverage since there are no tests for this code.

@hustliyilin
Copy link
Author

hustliyilin commented Feb 28, 2023

It's caused by the reduction in coverage since there are no tests for this code.

OK, thanks @alex , I will add the tests for this codes as soon as possible.

@hustliyilin hustliyilin force-pushed the main branch 10 times, most recently from c4aa1ec to 31d316d Compare March 2, 2023 11:38
@hustliyilin
Copy link
Author

hustliyilin commented Mar 2, 2023
edited
Loading

Hello @alex ,

I added the tests and rebased the latest codes already. Besides, I downloaded the corresponding CI/CD (py36-ubuntu20.04) docker image (ghcr.io/pyca/cryptography-runner-ubuntu-bionic:latest) on my machine. I used pip3 install pyopenssl and coverage run --parallel -m pytest -v to test in the CI/CD image locally. The results showed that my new tests were OK. This is a screenshot of my test results

image

However, the CI/CD still has the failing checks. I don't quite know why. Could you help me? Thanks a lot.

image

@reaperhulk
Copy link
Member

reaperhulk commented Mar 2, 2023
edited
Loading

Many of the jobs in our CI run against versions of cryptography compiled against other OpenSSL versions. These do not have SM2 support, so the test suite needs to properly detect support and skip if it isn’t available.

@hustliyilin
src/OpenSSL/crypto.py: support SM2 sign with OpenSSL 1.1.1x
03b6207 
In openssl 1.1.1 docs/man3/EVP_PKEY_set1_RSA.pod
(https://github.com/openssl/openssl/blob/OpenSSL_1_1_1/doc/man3/EVP_PKEY_set1_RSA.pod)
The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API is possible to convert it to using
SM2 algorithms After loading an ECC key.

Besides, pyca/cryptography support to export `The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API`
in pyca/cryptography@c28bfb3 .

So in pyopenssl, we can support SM2 sign with OpenSSL 1.1.1x and pyca/cryptography.

Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com>
@hustliyilin
Copy link
Author

hustliyilin commented Apr 23, 2023

@alex

Now all CI/CDs passed. Could you review it again? Thanks a lot.

@mr-m0nst3r
Copy link

mr-m0nst3r commented Aug 3, 2023

Still waiting for this pr to work, mates.

@alex
Copy link
Member

alex commented Jan 12, 2025

Signing support has been removed from pyOpenSSL.

@alex alex closed this Jan 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

src/OpenSSL/crypto.py: support SM2 sign with OpenSSL 1.1.1x

4 participants

@hustliyilin @alex @reaperhulk @mr-m0nst3r