[master] native PKCS#11 support

3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]

bin/tests/system/rsabigexponent/Makefile.in

@@ -24,7 +24,7 @@ top_srcdir =	@top_srcdir@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =	@USE_OPENSSL@
+CDEFINES =	@CRYPTO@
 CWARNINGS =
 
 DNSLIBS =	../../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@

bin/tests/system/rsabigexponent/bigkey.c

@@ -16,7 +16,7 @@
 
 /* $Id$ */
 
-#ifdef OPENSSL
+#if defined(OPENSSL) || defined(PKCS11CRYPTO)
 #include <config.h>
 
 #include <stdio.h>
@@ -44,8 +44,16 @@
 #include <dst/dst.h>
 #include <dst/result.h>
 
+#ifdef OPENSSL
 #include <openssl/opensslv.h>
 #if OPENSSL_VERSION_NUMBER <= 0x00908000L
+#define USE_FIX_KEY_FILES
+#endif
+#else
+#define USE_FIX_KEY_FILES
+#endif
+
+#ifdef USE_FIX_KEY_FILES
 
 /*
  * Use a fixed key file pair if OpenSSL doesn't support > 32 bit exponents.
@@ -235,16 +243,16 @@ main(int argc, char **argv) {
 }
 #endif
 
-#else /* OPENSSL */
+#else /* OPENSSL || PKCS11CRYPTO */
 
 #include <stdio.h>
 #include <stdlib.h>
 
 int
-main(int argc, char **argv) {
-	fprintf(stderr, "Compiled without OpenSSL\n");
+main() {
+	fprintf(stderr, "Compiled without Crypto\n");
 	exit(1);
 }
 
-#endif /* OPENSSL */
+#endif /* OPENSSL || PKCS11CRYPTO */
 /*! \file */

bin/tests/system/rsabigexponent/prereq.sh

@@ -22,6 +22,7 @@ if ./bigkey > /dev/null 2>&1
 then
     rm -f Kexample.*
 else
-    echo "I:This test requires that --with-openssl was used." >&2
+    echo "I:This test requires cryptography" >&2
+    echo "I:--with-openssl, or --with-pkcs11 and --enable-native-pkcs11" >&2
     exit 1
 fi