From f4cd8b779dae03fec89a5f63c53dbae8d9f3af24 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 4 Sep 2024 17:19:20 -0400
Subject: [PATCH] Handle older versions of openssl

On Ubuntu openssl's genpkey does not have -outpubkey as a genpkey
option. So avoid using it for now and just get the pubkey out in a
second step.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 tests/timported | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/tests/timported b/tests/timported
index 97e8536c..f26491bf 100755
--- a/tests/timported
+++ b/tests/timported
@@ -8,10 +8,16 @@ source "${TESTSSRCDIR}/helpers.sh"
 title PARA "Test imported key in token session"
 
 title LINE "Generate keypair in files"
+# older versions of openssl don't support -outpubkey ...
+#ossl 'genpkey -algorithm EC -out ${TMPPDIR}/file.ec.key.pem
+#              -pkeyopt ec_paramgen_curve:P-256
+#              -pkeyopt ec_param_enc:named_curve
+#              -outpubkey ${TMPPDIR}/file.ec.pub.key.pem'
+# .. so we'll use two steps
 ossl 'genpkey -algorithm EC -out ${TMPPDIR}/file.ec.key.pem
-              -pkeyopt ec_paramgen_curve:P-256
-              -pkeyopt ec_param_enc:named_curve
-              -outpubkey ${TMPPDIR}/file.ec.pub.key.pem'
+              -pkeyopt ec_paramgen_curve:P-256'
+ossl 'pkey -in ${TMPPDIR}/file.ec.key.pem
+           -pubout -out ${TMPPDIR}/file.ec.pub.key.pem'
 
 #After key generation force all operations to happen on the token
 ORIG_OPENSSL_CONF=${OPENSSL_CONF}