[master] better error output when initializing pkcs11

3786.	[func]		Provide more detailed error codes when using
			native PKCS#11. "pkcs11-tokens" now fails robustly
			rather than asserting when run against an HSM with
			an incomplete PCKS#11 API implementation. [RT #35479]

bin/tests/pkcs11/benchmarks/verify.c

@@ -57,6 +57,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)	getpass(x)
@@ -132,6 +133,7 @@ main(int argc, char *argv[]) {
 	};
 	CK_MECHANISM mech = { CKM_SHA1_RSA_PKCS, NULL, 0 };
 	pk11_context_t pctx;
+	pk11_optype_t op_type = OP_RSA;
 	char *lib_name = NULL;
 	char *pin = NULL;
 	int error = 0;
@@ -149,6 +151,7 @@ main(int argc, char *argv[]) {
 			break;
 		case 's':
 			slot = atoi(isc_commandline_argument);
+			op_type = OP_ANY;
 			break;
 		case 'p':
 			pin = isc_commandline_argument;
@@ -181,6 +184,8 @@ main(int argc, char *argv[]) {
 		exit(1);
 	}
 
+	pk11_result_register();
+
 	/* Initialize the CRYPTOKI library */
 	if (lib_name != NULL)
 		pk11_set_lib_name(lib_name);
@@ -188,9 +193,12 @@ main(int argc, char *argv[]) {
 	if (pin == NULL)
 		pin = getpassphrase("Enter Pin: ");
 
-	result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-				  (const char *) pin, slot);
-	if (result != ISC_R_SUCCESS) {
+	result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+				  ISC_TRUE, (const char *) pin, slot);
+	if ((result != ISC_R_SUCCESS) &&
+	    (result != PK11_R_NORANDOMSERVICE) &&
+	    (result != PK11_R_NODIGESTSERVICE) &&
+	    (result != PK11_R_NOAESSERVICE)) {
 		fprintf(stderr, "Error initializing PKCS#11: %s\n",
 			isc_result_totext(result));
 		exit(1);
@@ -278,7 +286,7 @@ main(int argc, char *argv[]) {
 	}
 
 	pk11_return_session(&pctx);
-	pk11_shutdown();
+	(void) pk11_finalize();
 
 	exit(error);
 }