From 5d5a7d6ebe5412094e00657c76e90b8fd81906a4 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Mon, 1 Jul 2019 23:08:54 +0200 Subject: [PATCH] openssl_privatekey: forgot to add secp256r1 (#58605) * Forgot to add secp256r1. This one is the interoperable one. * Add changelog. --- .../fragments/58605-openssl_privatekey-secp256r1.yml | 2 ++ lib/ansible/modules/crypto/openssl_privatekey.py | 10 ++++++---- .../targets/openssl_privatekey/tasks/impl.yml | 3 +++ 3 files changed, 11 insertions(+), 4 deletions(-) create mode 100644 changelogs/fragments/58605-openssl_privatekey-secp256r1.yml diff --git a/changelogs/fragments/58605-openssl_privatekey-secp256r1.yml b/changelogs/fragments/58605-openssl_privatekey-secp256r1.yml new file mode 100644 index 00000000000..7bab6c78a7d --- /dev/null +++ b/changelogs/fragments/58605-openssl_privatekey-secp256r1.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_privatekey - ``secp256r1`` got accidentally forgotten in the curve list." diff --git a/lib/ansible/modules/crypto/openssl_privatekey.py b/lib/ansible/modules/crypto/openssl_privatekey.py index c79c3bdb066..ec51164c7df 100644 --- a/lib/ansible/modules/crypto/openssl_privatekey.py +++ b/lib/ansible/modules/crypto/openssl_privatekey.py @@ -62,7 +62,7 @@ options: curve: description: - Note that not all curves are supported by all versions of C(cryptography). - - For maximal interoperability, C(secp384r1) or C(secp256k1) should be used. + - For maximal interoperability, C(secp384r1) or C(secp256r1) should be used. - We use the curve names as defined in the L(IANA registry for TLS,https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8). type: str @@ -71,6 +71,7 @@ options: - secp521r1 - secp224r1 - secp192r1 + - secp256r1 - secp256k1 - brainpoolP256r1 - brainpoolP384r1 @@ -178,7 +179,7 @@ curve: description: Elliptic curve used to generate the TLS/SSL private key. returned: changed or success, and I(type) is C(ECC) type: str - sample: secp256k1 + sample: secp256r1 filename: description: Path to the generated TLS/SSL private key file. returned: changed or success @@ -454,6 +455,7 @@ class PrivateKeyCryptography(PrivateKeyBase): self._add_curve('secp521r1', 'SECP521R1') self._add_curve('secp224r1', 'SECP224R1') self._add_curve('secp192r1', 'SECP192R1') + self._add_curve('secp256r1', 'SECP256R1') self._add_curve('secp256k1', 'SECP256K1') self._add_curve('brainpoolP256r1', 'BrainpoolP256R1', deprecated=True) self._add_curve('brainpoolP384r1', 'BrainpoolP384R1', deprecated=True) @@ -613,8 +615,8 @@ def main(): 'DSA', 'ECC', 'Ed25519', 'Ed448', 'RSA', 'X25519', 'X448' ]), curve=dict(type='str', choices=[ - 'secp384r1', 'secp521r1', 'secp224r1', 'secp192r1', 'secp256k1', - 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', + 'secp384r1', 'secp521r1', 'secp224r1', 'secp192r1', 'secp256r1', + 'secp256k1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1', 'sect571k1', 'sect409k1', 'sect283k1', 'sect233k1', 'sect163k1', 'sect571r1', 'sect409r1', 'sect283r1', 'sect233r1', 'sect163r2', ]), diff --git a/test/integration/targets/openssl_privatekey/tasks/impl.yml b/test/integration/targets/openssl_privatekey/tasks/impl.yml index 86f444615a1..5de08b79b97 100644 --- a/test/integration/targets/openssl_privatekey/tasks/impl.yml +++ b/test/integration/targets/openssl_privatekey/tasks/impl.yml @@ -67,6 +67,9 @@ - curve: secp192r1 openssl_name: prime192v1 min_cryptography_version: "0.5" + - curve: secp256r1 + openssl_name: secp256r1 + min_cryptography_version: "0.5" - curve: secp256k1 openssl_name: secp256k1 min_cryptography_version: "0.9"