[master] native PKCS#11 support

3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]

bin/tests/system/inline/tests.sh

@@ -862,11 +862,17 @@ do
    fi
    if test $alg = 12 
    then
-	sh ../gost/prereq.sh 2>/dev/null || continue;
+	fail=0
+	$KEYGEN -q -r ../$RANDFILE -a eccgost test > /dev/null 2>&1 || fail=1
+	rm -f Ktest*
+	[ $fail != 0 ] && continue
    fi
    if test $alg = 13 
    then
-	sh ../ecdsa/prereq.sh 2>/dev/null || continue;
+	fail=0
+	$KEYGEN -q -r ../$RANDFILE -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1
+	rm -f Ktest*
+	[ $fail != 0 ] && continue
 	# dsa and ecdsa both require a source of randomness when
 	# generating signatures
 	sh checkdsa.sh 2>/dev/null || continue;