x509_crl: do not crash when signing with Ed25519 or Ed448 (#475) (#480)

* Do not crash when signing with Ed25519 or Ed448.

* Forgot replace.

(cherry picked from commit 297b44f24b)

tests/integration/targets/x509_crl/tasks/impl.yml

@@ -478,3 +478,68 @@
     path: '{{ remote_tmp_dir }}/ca-crl3.crl'
     list_revoked_certificates: true
   register: crl_3_info
+
+- name: Ed25519 and Ed448 tests (for cryptography >= 2.6)
+  block:
+    - name: Generate private keys
+      openssl_privatekey:
+        path: '{{ remote_tmp_dir }}/ca-{{ item }}.key'
+        type: '{{ item }}'
+      loop:
+        - Ed25519
+        - Ed448
+      register: ed25519_ed448_privatekey
+      ignore_errors: yes
+
+    - when: ed25519_ed448_privatekey is not failed
+      block:
+
+        - name: Create CRL
+          x509_crl:
+            path: '{{ remote_tmp_dir }}/ca-crl-{{ item }}.crl'
+            privatekey_path: '{{ remote_tmp_dir }}/ca-{{ item }}.key'
+            issuer:
+              CN: Ansible
+            last_update: 20191013000000Z
+            next_update: 20191113000000Z
+            revoked_certificates:
+              - path: '{{ remote_tmp_dir }}/cert-1.pem'
+                revocation_date: 20191013000000Z
+              - path: '{{ remote_tmp_dir }}/cert-2.pem'
+                revocation_date: 20191013000000Z
+                reason: key_compromise
+                reason_critical: yes
+                invalidity_date: 20191012000000Z
+              - serial_number: 1234
+                revocation_date: 20191001000000Z
+          register: ed25519_ed448_crl
+          loop:
+            - Ed25519
+            - Ed448
+          ignore_errors: yes
+
+        - name: Create CRL (idempotence)
+          x509_crl:
+            path: '{{ remote_tmp_dir }}/ca-crl-{{ item }}.crl'
+            privatekey_path: '{{ remote_tmp_dir }}/ca-{{ item }}.key'
+            issuer:
+              CN: Ansible
+            last_update: 20191013000000Z
+            next_update: 20191113000000Z
+            revoked_certificates:
+              - path: '{{ remote_tmp_dir }}/cert-1.pem'
+                revocation_date: 20191013000000Z
+              - path: '{{ remote_tmp_dir }}/cert-2.pem'
+                revocation_date: 20191013000000Z
+                reason: key_compromise
+                reason_critical: yes
+                invalidity_date: 20191012000000Z
+              - serial_number: 1234
+                revocation_date: 20191001000000Z
+          register: ed25519_ed448_crl_idempotence
+          loop:
+            - Ed25519
+            - Ed448
+          ignore_errors: yes
+
+  when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')

tests/integration/targets/x509_crl/tests/validate.yml

@@ -98,3 +98,23 @@
       - crl_3.revoked_certificates[0].issuer == [
           "DNS:ca.example.org",
         ]
+
+- name: Verify Ed25519 and Ed448 tests (for cryptography >= 2.6, < 2.8)
+  assert:
+    that:
+      - ed25519_ed448_crl.results[0] is failed
+      - ed25519_ed448_crl.results[1] is failed
+      - ed25519_ed448_crl_idempotence.results[0] is failed
+      - ed25519_ed448_crl_idempotence.results[1] is failed
+  when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<') and ed25519_ed448_privatekey is not failed
+
+- name: Verify Ed25519 and Ed448 tests (for cryptography >= 2.8)
+  assert:
+    that:
+      - ed25519_ed448_crl is succeeded
+      - ed25519_ed448_crl.results[0] is changed
+      - ed25519_ed448_crl.results[1] is changed
+      - ed25519_ed448_crl_idempotence is succeeded
+      - ed25519_ed448_crl_idempotence.results[0] is not changed
+      - ed25519_ed448_crl_idempotence.results[1] is not changed
+  when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.8', '>=') and ed25519_ed448_privatekey is not failed