src/OpenSSL/crypto.py: support SM2 sign with OpenSSL 1.1.1x

[hustliyilin]

In openssl 1.1.1 docs/man3/EVP_PKEY_set1_RSA.pod
(https://github.com/openssl/openssl/blob/OpenSSL_1_1_1/doc/man3/EVP_PKEY_set1_RSA.pod) The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API is possible to convert it to using SM2 algorithms After loading an ECC key.

Besides, pyca/cryptography support to export The EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) API in pyca/cryptography@c28bfb3 .

So in pyopenssl, we can support SM2 sign with OpenSSL 1.1.1x and pyca/cryptography.

Fixes: #1171
Signed-off-by: YiLin.Li YiLin.Li@linux.alibaba.com

[hustliyilin]

Hi, CI/CD still has a failing check. I don't know what caused it and how to fix it. Can you give me some help or tips?

[alex]

It's caused by the reduction in coverage since there are no tests for this code.

[hustliyilin]

It's caused by the reduction in coverage since there are no tests for this code.

OK, thanks @alex , I will add the tests for this codes as soon as possible.

[hustliyilin]

Hello @alex ,

I added the tests and rebased the latest codes already. Besides, I downloaded the corresponding CI/CD (py36-ubuntu20.04) docker image (ghcr.io/pyca/cryptography-runner-ubuntu-bionic:latest) on my machine. I used pip3 install pyopenssl and coverage run --parallel -m pytest -v to test in the CI/CD image locally. The results showed that my new tests were OK. This is a screenshot of my test results

However, the CI/CD still has the failing checks. I don't quite know why. Could you help me? Thanks a lot.

[reaperhulk]

Many of the jobs in our CI run against versions of cryptography compiled against other OpenSSL versions. These do not have SM2 support, so the test suite needs to properly detect support and skip if it isn’t available.

[hustliyilin]

@alex ，

Now all CI/CDs passed. Could you review it again? Thanks a lot.

[mr-m0nst3r]

Still waiting for this pr to work, mates.